oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hdb: eliminate hdb_entry_ex

Browse Source 
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
This commit is contained in:
Luke Howard
2022-01-07 12:54:40 +11:00
parent c5551775e2
commit 0e8c4ccc6e
50 changed files with 1035 additions and 1032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

348
lib/hdb/hdb-ldap.c
View File

@@ -47,7 +47,7 @@ static krb5_error_code LDAP_close(krb5_context context, HDB *);
static krb5_error_code
LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
int flags, hdb_entry_ex * ent);
int flags, hdb_entry * ent);
static const char *default_structural_object = "account";
static char *structural_object;
@@ -388,14 +388,14 @@ bervalstrcmp(struct berval *v, const char *str)
static krb5_error_code
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
LDAPMessage * msg, LDAPMod *** pmods, krb5_boolean *pis_new_entry)
{
krb5_error_code ret;
krb5_boolean is_new_entry = FALSE;
char *tmp = NULL;
LDAPMod **mods = NULL;
hdb_entry_ex orig;
hdb_entry orig;
unsigned long oflags, nflags;
int i;
@@ -477,12 +477,12 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
if (is_new_entry ||
krb5_principal_compare(context, ent->entry.principal, orig.entry.principal)
krb5_principal_compare(context, ent->principal, orig.principal)
== FALSE)
{
if (is_heimdal_principal || is_heimdal_entry) {
ret = krb5_unparse_name(context, ent->entry.principal, &tmp);
ret = krb5_unparse_name(context, ent->principal, &tmp);
if (ret)
goto out;
@@ -496,7 +496,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
if (is_account || is_samba_account) {
ret = krb5_unparse_name_short(context, ent->entry.principal, &tmp);
ret = krb5_unparse_name_short(context, ent->principal, &tmp);
if (ret)
goto out;
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
@@ -508,15 +508,15 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
}
if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) {
if (is_heimdal_entry && (ent->kvno != orig.kvno || is_new_entry)) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"krb5KeyVersionNumber",
ent->entry.kvno);
ent->kvno);
if (ret)
goto out;
}
if (is_heimdal_entry && ent->entry.extensions) {
if (is_heimdal_entry && ent->extensions) {
if (!is_new_entry) {
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5ExtendedAttributes");
if (vals) {
@@ -527,11 +527,11 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
}
for (i = 0; i < ent->entry.extensions->len; i++) {
for (i = 0; i < ent->extensions->len; i++) {
unsigned char *buf;
size_t size, sz = 0;
ASN1_MALLOC_ENCODE(HDB_extension, buf, size, &ent->entry.extensions->val[i], &sz, ret);
ASN1_MALLOC_ENCODE(HDB_extension, buf, size, &ent->extensions->val[i], &sz, ret);
if (ret)
goto out;
if (size != sz)
@@ -543,42 +543,42 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
}
if (is_heimdal_entry && ent->entry.valid_start) {
if (orig.entry.valid_end == NULL
|| (*(ent->entry.valid_start) != *(orig.entry.valid_start))) {
if (is_heimdal_entry && ent->valid_start) {
if (orig.valid_end == NULL
|| (*(ent->valid_start) != *(orig.valid_start))) {
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
"krb5ValidStart",
ent->entry.valid_start);
ent->valid_start);
if (ret)
goto out;
}
}
if (ent->entry.valid_end) {
if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) {
if (ent->valid_end) {
if (orig.valid_end == NULL || (*(ent->valid_end) != *(orig.valid_end))) {
if (is_heimdal_entry) {
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
"krb5ValidEnd",
ent->entry.valid_end);
ent->valid_end);
if (ret)
goto out;
}
if (is_samba_account) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"sambaKickoffTime",
*(ent->entry.valid_end));
*(ent->valid_end));
if (ret)
goto out;
}
}
}
if (ent->entry.pw_end) {
if (orig.entry.pw_end == NULL || (*(ent->entry.pw_end) != *(orig.entry.pw_end))) {
if (ent->pw_end) {
if (orig.pw_end == NULL || (*(ent->pw_end) != *(orig.pw_end))) {
if (is_heimdal_entry) {
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
"krb5PasswordEnd",
ent->entry.pw_end);
ent->pw_end);
if (ret)
goto out;
}
@@ -586,7 +586,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
if (is_samba_account) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"sambaPwdMustChange",
*(ent->entry.pw_end));
*(ent->pw_end));
if (ret)
goto out;
}
@@ -595,43 +595,43 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
#if 0 /* we we have last_pw_change */
if (is_samba_account && ent->entry.last_pw_change) {
if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) {
if (is_samba_account && ent->last_pw_change) {
if (orig.last_pw_change == NULL || (*(ent->last_pw_change) != *(orig.last_pw_change))) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"sambaPwdLastSet",
*(ent->entry.last_pw_change));
*(ent->last_pw_change));
if (ret)
goto out;
}
}
#endif
if (is_heimdal_entry && ent->entry.max_life) {
if (orig.entry.max_life == NULL
|| (*(ent->entry.max_life) != *(orig.entry.max_life))) {
if (is_heimdal_entry && ent->max_life) {
if (orig.max_life == NULL
|| (*(ent->max_life) != *(orig.max_life))) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"krb5MaxLife",
*(ent->entry.max_life));
*(ent->max_life));
if (ret)
goto out;
}
}
if (is_heimdal_entry && ent->entry.max_renew) {
if (orig.entry.max_renew == NULL
|| (*(ent->entry.max_renew) != *(orig.entry.max_renew))) {
if (is_heimdal_entry && ent->max_renew) {
if (orig.max_renew == NULL
|| (*(ent->max_renew) != *(orig.max_renew))) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"krb5MaxRenew",
*(ent->entry.max_renew));
*(ent->max_renew));
if (ret)
goto out;
}
}
oflags = HDBFlags2int(orig.entry.flags);
nflags = HDBFlags2int(ent->entry.flags);
oflags = HDBFlags2int(orig.flags);
nflags = HDBFlags2int(ent->flags);
if (is_heimdal_entry && oflags != nflags) {
@@ -643,7 +643,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
/* Remove keys if they exists, and then replace keys. */
if (!is_new_entry && orig.entry.keys.len > 0) {
if (!is_new_entry && orig.keys.len > 0) {
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
if (vals) {
ldap_value_free_len(vals);
@@ -654,21 +654,21 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
}
for (i = 0; i < ent->entry.keys.len; i++) {
for (i = 0; i < ent->keys.len; i++) {
if (is_samba_account
&& ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
&& ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
char *ntHexPassword;
char *nt;
time_t now = time(NULL);
/* the key might have been 'sealed', but samba passwords
are clear in the directory */
ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]);
ret = hdb_unseal_key(context, db, &ent->keys.val[i]);
if (ret)
goto out;
nt = ent->entry.keys.val[i].key.keyvalue.data;
nt = ent->keys.val[i].key.keyvalue.data;
/* store in ntPassword, not krb5key */
ret = hex_encode(nt, 16, &ntHexPassword);
if (ret < 0) {
@@ -701,7 +701,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
unsigned char *buf;
size_t len, buf_size;
ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i], &len, ret);
ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->keys.val[i], &len, ret);
if (ret)
goto out;
if(buf_size != len)
@@ -714,7 +714,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
}
if (ent->entry.etypes) {
if (ent->etypes) {
int add_krb5EncryptionType = 0;
/*
@@ -736,15 +736,15 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
add_krb5EncryptionType = 1;
if (add_krb5EncryptionType) {
for (i = 0; i < ent->entry.etypes->len; i++) {
for (i = 0; i < ent->etypes->len; i++) {
if (is_samba_account &&
ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
{
;
} else if (is_heimdal_entry) {
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD,
"krb5EncryptionType",
ent->entry.etypes->val[i]);
ent->etypes->val[i]);
if (ret)
goto out;
}
@@ -1005,7 +1005,7 @@ LDAP_principal2message(krb5_context context, HDB * db,
*/
static krb5_error_code
LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
int flags, hdb_entry_ex * ent)
int flags, hdb_entry * ent)
{
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
char *samba_acct_flags = NULL;
@@ -1015,18 +1015,18 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
int tmp, tmp_time, i, ret, have_arcfour = 0;
memset(ent, 0, sizeof(*ent));
ent->entry.flags = int2HDBFlags(0);
ent->flags = int2HDBFlags(0);
ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name);
if (ret == 0) {
ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
if (ret)
goto out;
} else {
ret = LDAP_get_string_value(db, msg, "uid",
&unparsed_name);
if (ret == 0) {
ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
if (ret)
goto out;
} else {
@@ -1042,25 +1042,25 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
&integer);
if (ret)
ent->entry.kvno = 0;
ent->kvno = 0;
else
ent->entry.kvno = integer;
ent->kvno = integer;
}
keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
if (keys != NULL) {
size_t l;
ent->entry.keys.len = ldap_count_values_len(keys);
ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key));
if (ent->entry.keys.val == NULL) {
ent->keys.len = ldap_count_values_len(keys);
ent->keys.val = (Key *) calloc(ent->keys.len, sizeof(Key));
if (ent->keys.val == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "calloc: out of memory");
goto out;
}
for (i = 0; i < ent->entry.keys.len; i++) {
for (i = 0; i < ent->keys.len; i++) {
decode_Key((unsigned char *) keys[i]->bv_val,
(size_t) keys[i]->bv_len, &ent->entry.keys.val[i], &l);
(size_t) keys[i]->bv_len, &ent->keys.val[i], &l);
}
ber_bvecfree(keys);
} else {
@@ -1070,8 +1070,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
* be related to a general directory entry without creating
* the keys. Hopefully it's OK.
*/
ent->entry.keys.len = 0;
ent->entry.keys.val = NULL;
ent->keys.len = 0;
ent->keys.val = NULL;
#else
ret = HDB_ERR_NOENTRY;
goto out;
@@ -1082,47 +1082,47 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (extensions != NULL) {
size_t l;
ent->entry.extensions = calloc(1, sizeof(*(ent->entry.extensions)));
if (ent->entry.extensions == NULL) {
ent->extensions = calloc(1, sizeof(*(ent->extensions)));
if (ent->extensions == NULL) {
ret = krb5_enomem(context);
goto out;
}
ent->entry.extensions->len = ldap_count_values_len(extensions);
ent->entry.extensions->val = (HDB_extension *) calloc(ent->entry.extensions->len, sizeof(HDB_extension));
if (ent->entry.extensions->val == NULL) {
ent->entry.extensions->len = 0;
ent->extensions->len = ldap_count_values_len(extensions);
ent->extensions->val = (HDB_extension *) calloc(ent->extensions->len, sizeof(HDB_extension));
if (ent->extensions->val == NULL) {
ent->extensions->len = 0;
ret = krb5_enomem(context);
goto out;
}
for (i = 0; i < ent->entry.extensions->len; i++) {
for (i = 0; i < ent->extensions->len; i++) {
ret = decode_HDB_extension((unsigned char *) extensions[i]->bv_val,
(size_t) extensions[i]->bv_len, &ent->entry.extensions->val[i], &l);
(size_t) extensions[i]->bv_len, &ent->extensions->val[i], &l);
if (ret)
krb5_set_error_message(context, ret, "decode_HDB_extension failed");
}
ber_bvecfree(extensions);
} else {
ent->entry.extensions = NULL;
ent->extensions = NULL;
}
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType");
if (vals != NULL) {
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
if (ent->entry.etypes == NULL) {
ent->etypes = malloc(sizeof(*(ent->etypes)));
if (ent->etypes == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret,"malloc: out of memory");
goto out;
}
ent->entry.etypes->len = ldap_count_values_len(vals);
ent->entry.etypes->val = calloc(ent->entry.etypes->len,
sizeof(ent->entry.etypes->val[0]));
if (ent->entry.etypes->val == NULL) {
ent->etypes->len = ldap_count_values_len(vals);
ent->etypes->val = calloc(ent->etypes->len,
sizeof(ent->etypes->val[0]));
if (ent->etypes->val == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
ent->entry.etypes->len = 0;
ent->etypes->len = 0;
goto out;
}
for (i = 0; i < ent->entry.etypes->len; i++) {
for (i = 0; i < ent->etypes->len; i++) {
char *buf;
buf = malloc(vals[i]->bv_len + 1);
@@ -1133,14 +1133,14 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
}
memcpy(buf, vals[i]->bv_val, vals[i]->bv_len);
buf[vals[i]->bv_len] = '\0';
ent->entry.etypes->val[i] = atoi(buf);
ent->etypes->val[i] = atoi(buf);
free(buf);
}
ldap_value_free_len(vals);
}
for (i = 0; i < ent->entry.keys.len; i++) {
if (ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
for (i = 0; i < ent->keys.len; i++) {
if (ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
have_arcfour = 1;
break;
}
@@ -1152,151 +1152,151 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
unsigned *etypes;
Key *ks;
ks = realloc(ent->entry.keys.val,
(ent->entry.keys.len + 1) *
sizeof(ent->entry.keys.val[0]));
ks = realloc(ent->keys.val,
(ent->keys.len + 1) *
sizeof(ent->keys.val[0]));
if (ks == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ent->entry.keys.val = ks;
memset(&ent->entry.keys.val[ent->entry.keys.len], 0, sizeof(Key));
ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16);
ent->keys.val = ks;
memset(&ent->keys.val[ent->keys.len], 0, sizeof(Key));
ent->keys.val[ent->keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
ret = krb5_data_alloc (&ent->keys.val[ent->keys.len].key.keyvalue, 16);
if (ret) {
krb5_set_error_message(context, ret, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
ret = hex_decode(ntPasswordIN,
ent->entry.keys.val[ent->entry.keys.len].key.keyvalue.data, 16);
ent->entry.keys.len++;
ent->keys.val[ent->keys.len].key.keyvalue.data, 16);
ent->keys.len++;
if (ret == -1) {
krb5_set_error_message(context, ret = EINVAL,
"invalid hex encoding of password");
goto out;
}
if (ent->entry.etypes == NULL) {
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
if (ent->entry.etypes == NULL) {
if (ent->etypes == NULL) {
ent->etypes = malloc(sizeof(*(ent->etypes)));
if (ent->etypes == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ent->entry.etypes->val = NULL;
ent->entry.etypes->len = 0;
ent->etypes->val = NULL;
ent->etypes->len = 0;
}
for (i = 0; i < ent->entry.etypes->len; i++)
if (ent->entry.etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5)
for (i = 0; i < ent->etypes->len; i++)
if (ent->etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5)
break;
/* If there is no ARCFOUR enctype, add one */
if (i == ent->entry.etypes->len) {
etypes = realloc(ent->entry.etypes->val,
(ent->entry.etypes->len + 1) *
sizeof(ent->entry.etypes->val[0]));
if (i == ent->etypes->len) {
etypes = realloc(ent->etypes->val,
(ent->etypes->len + 1) *
sizeof(ent->etypes->val[0]));
if (etypes == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ent->entry.etypes->val = etypes;
ent->entry.etypes->val[ent->entry.etypes->len] =
ent->etypes->val = etypes;
ent->etypes->val[ent->etypes->len] =
ETYPE_ARCFOUR_HMAC_MD5;
ent->entry.etypes->len++;
ent->etypes->len++;
}
}
ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
&ent->entry.created_by.time);
&ent->created_by.time);
if (ret)
ent->entry.created_by.time = time(NULL);
ent->created_by.time = time(NULL);
ent->entry.created_by.principal = NULL;
ent->created_by.principal = NULL;
if (flags & HDB_F_ADMIN_DATA) {
ret = LDAP_get_string_value(db, msg, "creatorsName", &dn);
if (ret == 0) {
LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal);
LDAP_dn2principal(context, db, dn, &ent->created_by.principal);
free(dn);
}
ent->entry.modified_by = calloc(1, sizeof(*ent->entry.modified_by));
if (ent->entry.modified_by == NULL) {
ent->modified_by = calloc(1, sizeof(*ent->modified_by));
if (ent->modified_by == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
&ent->entry.modified_by->time);
&ent->modified_by->time);
if (ret == 0) {
ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
if (ret == 0) {
LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal);
LDAP_dn2principal(context, db, dn, &ent->modified_by->principal);
free(dn);
} else {
free(ent->entry.modified_by);
ent->entry.modified_by = NULL;
free(ent->modified_by);
ent->modified_by = NULL;
}
}
}
ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start));
if (ent->entry.valid_start == NULL) {
ent->valid_start = malloc(sizeof(*ent->valid_start));
if (ent->valid_start == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
ent->entry.valid_start);
ent->valid_start);
if (ret) {
/* OPTIONAL */
free(ent->entry.valid_start);
ent->entry.valid_start = NULL;
free(ent->valid_start);
ent->valid_start = NULL;
}
ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
if (ent->entry.valid_end == NULL) {
ent->valid_end = malloc(sizeof(*ent->valid_end));
if (ent->valid_end == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
ent->entry.valid_end);
ent->valid_end);
if (ret) {
/* OPTIONAL */
free(ent->entry.valid_end);
ent->entry.valid_end = NULL;
free(ent->valid_end);
ent->valid_end = NULL;
}
ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time);
if (ret == 0) {
if (ent->entry.valid_end == NULL) {
ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
if (ent->entry.valid_end == NULL) {
if (ent->valid_end == NULL) {
ent->valid_end = malloc(sizeof(*ent->valid_end));
if (ent->valid_end == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
}
*ent->entry.valid_end = tmp_time;
*ent->valid_end = tmp_time;
}
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) {
ent->pw_end = malloc(sizeof(*ent->pw_end));
if (ent->pw_end == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
ent->entry.pw_end);
ent->pw_end);
if (ret) {
/* OPTIONAL */
free(ent->entry.pw_end);
ent->entry.pw_end = NULL;
free(ent->pw_end);
ent->pw_end = NULL;
}
ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
@@ -1310,76 +1310,76 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
NULL);
if (delta) {
if (ent->entry.pw_end == NULL) {
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) {
if (ent->pw_end == NULL) {
ent->pw_end = malloc(sizeof(*ent->pw_end));
if (ent->pw_end == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
}
*ent->entry.pw_end = tmp_time + delta;
*ent->pw_end = tmp_time + delta;
}
}
ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time);
if (ret == 0) {
if (ent->entry.pw_end == NULL) {
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) {
if (ent->pw_end == NULL) {
ent->pw_end = malloc(sizeof(*ent->pw_end));
if (ent->pw_end == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
}
*ent->entry.pw_end = tmp_time;
*ent->pw_end = tmp_time;
}
/* OPTIONAL */
ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
if (ret == 0)
hdb_entry_set_pw_change_time(context, &ent->entry, tmp_time);
hdb_entry_set_pw_change_time(context, ent, tmp_time);
{
int max_life;
ent->entry.max_life = malloc(sizeof(*ent->entry.max_life));
if (ent->entry.max_life == NULL) {
ent->max_life = malloc(sizeof(*ent->max_life));
if (ent->max_life == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life);
if (ret) {
free(ent->entry.max_life);
ent->entry.max_life = NULL;
free(ent->max_life);
ent->max_life = NULL;
} else
*ent->entry.max_life = max_life;
*ent->max_life = max_life;
}
{
int max_renew;
ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew));
if (ent->entry.max_renew == NULL) {
ent->max_renew = malloc(sizeof(*ent->max_renew));
if (ent->max_renew == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew);
if (ret) {
free(ent->entry.max_renew);
ent->entry.max_renew = NULL;
free(ent->max_renew);
ent->max_renew = NULL;
} else
*ent->entry.max_renew = max_renew;
*ent->max_renew = max_renew;
}
ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp);
if (ret)
tmp = 0;
ent->entry.flags = int2HDBFlags(tmp);
ent->flags = int2HDBFlags(tmp);
/* Try and find Samba flags to put into the mix */
ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags);
@@ -1411,7 +1411,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
/* Allow forwarding */
if (samba_forwardable)
ent->entry.flags.forwardable = TRUE;
ent->flags.forwardable = TRUE;
for (i=0; i < flags_len; i++) {
switch (samba_acct_flags[i]) {
@@ -1423,36 +1423,36 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
/* how to handle no password in kerberos? */
break;
case 'D':
ent->entry.flags.invalid = TRUE;
ent->flags.invalid = TRUE;
break;
case 'H':
break;
case 'T':
/* temp duplicate */
ent->entry.flags.invalid = TRUE;
ent->flags.invalid = TRUE;
break;
case 'U':
ent->entry.flags.client = TRUE;
ent->flags.client = TRUE;
break;
case 'M':
break;
case 'W':
case 'S':
ent->entry.flags.server = TRUE;
ent->entry.flags.client = TRUE;
ent->flags.server = TRUE;
ent->flags.client = TRUE;
break;
case 'L':
ent->entry.flags.invalid = TRUE;
ent->flags.invalid = TRUE;
break;
case 'X':
if (ent->entry.pw_end) {
free(ent->entry.pw_end);
ent->entry.pw_end = NULL;
if (ent->pw_end) {
free(ent->pw_end);
ent->pw_end = NULL;
}
break;
case 'I':
ent->entry.flags.server = TRUE;
ent->entry.flags.client = TRUE;
ent->flags.server = TRUE;
ent->flags.client = TRUE;
break;
}
}
@@ -1496,7 +1496,7 @@ LDAP_unlock(krb5_context context, HDB * db)
}
static krb5_error_code
LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
{
int msgid, rc, parserc;
krb5_error_code ret;
@@ -1550,7 +1550,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
if (ret == 0) {
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys(context, db, &entry->entry);
ret = hdb_unseal_keys(context, db, entry);
if (ret)
hdb_free_entry(context, db, entry);
}
@@ -1561,7 +1561,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
static krb5_error_code
LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry_ex *entry)
hdb_entry *entry)
{
krb5_error_code ret;
int msgid;
@@ -1589,7 +1589,7 @@ LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
static krb5_error_code
LDAP_nextkey(krb5_context context, HDB * db, unsigned flags,
hdb_entry_ex * entry)
hdb_entry * entry)
{
return LDAP_seq(context, db, flags, entry);
}
@@ -1692,7 +1692,7 @@ LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
static krb5_error_code
LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry)
unsigned flags, krb5_kvno kvno, hdb_entry * entry)
{
LDAPMessage *msg, *e;
krb5_error_code ret;
@@ -1710,7 +1710,7 @@ LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
ret = LDAP_message2entry(context, db, e, flags, entry);
if (ret == 0) {
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys(context, db, &entry->entry);
ret = hdb_unseal_keys(context, db, entry);
if (ret)
hdb_free_entry(context, db, entry);
}
@@ -1725,7 +1725,7 @@ LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
#if 0
static krb5_error_code
LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
unsigned flags, hdb_entry_ex * entry)
unsigned flags, hdb_entry * entry)
{
return LDAP_fetch_kvno(context, db, principal,
flags & (~HDB_F_KVNO_SPECIFIED), 0, entry);
@@ -1734,7 +1734,7 @@ LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
static krb5_error_code
LDAP_store(krb5_context context, HDB * db, unsigned flags,
hdb_entry_ex * entry)
hdb_entry * entry)
{
LDAPMod **mods = NULL;
krb5_error_code ret;
@@ -1747,17 +1747,17 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
if ((flags & HDB_F_PRECHECK))
return 0; /* we can't guarantee whether we'll be able to perform it */
ret = LDAP_principal2message(context, db, entry->entry.principal, &msg);
ret = LDAP_principal2message(context, db, entry->principal, &msg);
if (ret == 0)
e = ldap_first_entry(HDB2LDAP(db), msg);
ret = krb5_unparse_name(context, entry->entry.principal, &name);
ret = krb5_unparse_name(context, entry->principal, &name);
if (ret) {
free(name);
return ret;
}
ret = hdb_seal_keys(context, db, &entry->entry);
ret = hdb_seal_keys(context, db, entry);
if (ret)
goto out;