oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Finish up transition from hdb_entry to hdb_entry_ex.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16402 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-12-13 19:44:27 +00:00
parent 83c3fb4698
commit ddddd59d94
3 changed files with 55 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kdc/524.c
View File

@@ -47,7 +47,7 @@ fetch_server (krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t,
char **spn,
hdb_entry **server,
hdb_entry_ex **server,
const char *from)
{
krb5_error_code ret;
@@ -221,7 +221,7 @@ static krb5_error_code
encode_524_response(krb5_context context,
krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et,
const Ticket *t, hdb_entry *server,
const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
@@ -274,7 +274,7 @@ encode_524_response(krb5_context context,
"Failed to encrypt v4 ticket (%s)", spn);
return ret;
}
*kvno = server->kvno;
*kvno = server->entry.kvno;
}
return 0;
@@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context,
{
krb5_error_code ret = 0;
krb5_crypto crypto;
hdb_entry *server = NULL;
hdb_entry_ex *server = NULL;
Key *skey;
krb5_data et_data;
EncTicketPart et;
@@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context,
goto out;
}
ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey);
ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
if(ret){
kdc_log(context, config, 0,
"No suitable key found for server (%s) from %s", spn, from);

45
kdc/kaserver.c
View File

@@ -404,8 +404,8 @@ do_authenticate (krb5_context context,
time_t end_time;
krb5_data request;
int32_t max_seq_len;
hdb_entry *client_entry = NULL;
hdb_entry *server_entry = NULL;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *server_entry = NULL;
Key *ckey = NULL;
Key *skey = NULL;
krb5_storage *reply_sp;
@@ -451,8 +451,8 @@ do_authenticate (krb5_context context,
}
ret = _kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -514,17 +514,17 @@ do_authenticate (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (client_entry->max_life)
max_life = min(max_life, *client_entry->max_life);
if (server_entry->max_life)
max_life = min(max_life, *server_entry->max_life);
if (client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
name, instance, config->v4_realm,
addr, life, server_entry->kvno,
addr, life, server_entry->entry.kvno,
max_seq_len,
"krbtgt", config->v4_realm,
chal + 1, "tgsT",
@@ -616,9 +616,9 @@ do_getticket (krb5_context context,
char *instance = NULL;
krb5_data times;
int32_t max_seq_len;
hdb_entry *server_entry = NULL;
hdb_entry *client_entry = NULL;
hdb_entry *krbtgt_entry = NULL;
hdb_entry_ex *server_entry = NULL;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *krbtgt_entry = NULL;
Key *kkey = NULL;
Key *skey = NULL;
DES_cblock key;
@@ -647,7 +647,8 @@ do_getticket (krb5_context context,
snprintf (server_name, sizeof(server_name),
"%s.%s@%s", name, instance, config->v4_realm);
ret = _kdc_db_fetch4 (context, config, name, instance, config->v4_realm, &server_entry);
ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, &server_entry);
if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
@@ -746,8 +747,8 @@ do_getticket (krb5_context context,
}
ret = _kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -783,21 +784,21 @@ do_getticket (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (krbtgt_entry->max_life)
max_life = min(max_life, *krbtgt_entry->max_life);
if (server_entry->max_life)
max_life = min(max_life, *server_entry->max_life);
if (krbtgt_entry->entry.max_life)
max_life = min(max_life, *krbtgt_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
/* if this is a cross realm request, the client_entry will likely
be NULL */
if (client_entry && client_entry->max_life)
max_life = min(max_life, *client_entry->max_life);
if (client_entry && client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
ad.pname, ad.pinst, ad.prealm,
addr, life, server_entry->kvno,
addr, life, server_entry->entry.kvno,
max_seq_len,
name, instance,
0, "gtkt",

54
kdc/kerberos4.c
View File

@@ -70,7 +70,7 @@ valid_princ(krb5_context context,
krb5_kdc_configuration *config = funcctx;
krb5_error_code ret;
char *s;
hdb_entry *ent;
hdb_entry_ex *ent;
ret = krb5_unparse_name(context, princ, &s);
if (ret)
@@ -125,7 +125,7 @@ _kdc_do_version4(krb5_context context,
{
krb5_storage *sp;
krb5_error_code ret;
hdb_entry *client = NULL, *server = NULL;
hdb_entry_ex *client = NULL, *server = NULL;
Key *ckey, *skey;
int8_t pvno;
int8_t msg_type;
@@ -190,7 +190,7 @@ _kdc_do_version4(krb5_context context,
goto out1;
}
ret = _kdc_db_fetch4(context, config, sname, sinst,
config->v4_realm, &server);
config->v4_realm, &server);
if(ret){
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
@@ -200,8 +200,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
&client->entry, client_name,
&server->entry, server_name,
TRUE);
if (ret) {
/* good error code? */
@@ -216,8 +216,8 @@ _kdc_do_version4(krb5_context context,
*/
if (config->require_preauth
|| client->flags.require_preauth
|| server->flags.require_preauth) {
|| client->entry.flags.require_preauth
|| server->entry.flags.require_preauth) {
kdc_log(context, config, 0,
"Pre-authentication required for v4-request: "
"%s for %s",
@@ -239,7 +239,7 @@ _kdc_do_version4(krb5_context context,
/* this is not necessary with the new code in libkrb */
/* find a properly salted key */
while(ckey->salt == NULL || ckey->salt->salt.length != 0)
ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm);
@@ -259,10 +259,10 @@ _kdc_do_version4(krb5_context context,
}
max_life = _krb5_krb_life_to_time(0, life);
if(client->max_life)
max_life = min(max_life, *client->max_life);
if(server->max_life)
max_life = min(max_life, *server->max_life);
if(client->entry.max_life)
max_life = min(max_life, *client->entry.max_life);
if(server->entry.max_life)
max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
@@ -301,7 +301,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
server->kvno % 255,
server->entry.kvno % 255,
&ticket,
kdc_time,
&ckey->key,
@@ -320,8 +320,8 @@ _kdc_do_version4(krb5_context context,
realm,
req_time,
0,
client->pw_end ? *client->pw_end : 0,
client->kvno % 256,
client->entry.pw_end ? *client->entry.pw_end : 0,
client->entry.kvno % 256,
&cipher,
reply);
krb5_data_free(&cipher);
@@ -338,7 +338,7 @@ _kdc_do_version4(krb5_context context,
int32_t address;
size_t pos;
krb5_principal tgt_princ = NULL;
hdb_entry *tgt = NULL;
hdb_entry_ex *tgt = NULL;
Key *tkey;
time_t max_end, actual_end, issue_time;
@@ -372,10 +372,10 @@ _kdc_do_version4(krb5_context context,
goto out2;
}
if(tgt->kvno % 256 != kvno){
if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->kvno % 256,
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP,
"old krbtgt kvno used");
@@ -487,8 +487,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
&client->entry, client_name,
&server->entry, server_name,
FALSE);
if (ret) {
/* good error code? */
@@ -509,10 +509,10 @@ _kdc_do_version4(krb5_context context,
max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
if(server->max_life)
max_end = min(max_end, kdc_time + *server->max_life);
if(client && client->max_life)
max_end = min(max_end, kdc_time + *client->max_life);
if(server->entry.max_life)
max_end = min(max_end, kdc_time + *server->entry.max_life);
if(client && client->entry.max_life)
max_end = min(max_end, kdc_time + *client->entry.max_life);
life = min(life, krb_time_to_life(kdc_time, max_end));
issue_time = kdc_time;
@@ -569,7 +569,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
server->kvno % 255,
server->entry.kvno % 255,
&ticket,
issue_time,
&ad.session,
@@ -719,7 +719,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_error_code
_kdc_get_des_key(krb5_context context,
hdb_entry *principal, krb5_boolean is_server,
hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key)
{
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
@@ -734,7 +734,7 @@ _kdc_get_des_key(krb5_context context,
afs_key == NULL || server_key == NULL);
++i) {
Key *key = NULL;
while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) {
while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
if(key->salt == NULL) {
if(v5_key == NULL)
v5_key = key;