Finish up transition from hdb_entry to hdb_entry_ex.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16402 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
10
kdc/524.c
10
kdc/524.c
@@ -47,7 +47,7 @@ fetch_server (krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const Ticket *t,
|
||||
char **spn,
|
||||
hdb_entry **server,
|
||||
hdb_entry_ex **server,
|
||||
const char *from)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -221,7 +221,7 @@ static krb5_error_code
|
||||
encode_524_response(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *spn, const EncTicketPart et,
|
||||
const Ticket *t, hdb_entry *server,
|
||||
const Ticket *t, hdb_entry_ex *server,
|
||||
EncryptedData *ticket, int *kvno)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -274,7 +274,7 @@ encode_524_response(krb5_context context,
|
||||
"Failed to encrypt v4 ticket (%s)", spn);
|
||||
return ret;
|
||||
}
|
||||
*kvno = server->kvno;
|
||||
*kvno = server->entry.kvno;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context,
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
krb5_crypto crypto;
|
||||
hdb_entry *server = NULL;
|
||||
hdb_entry_ex *server = NULL;
|
||||
Key *skey;
|
||||
krb5_data et_data;
|
||||
EncTicketPart et;
|
||||
@@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey);
|
||||
ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0,
|
||||
"No suitable key found for server (%s) from %s", spn, from);
|
||||
|
@@ -404,8 +404,8 @@ do_authenticate (krb5_context context,
|
||||
time_t end_time;
|
||||
krb5_data request;
|
||||
int32_t max_seq_len;
|
||||
hdb_entry *client_entry = NULL;
|
||||
hdb_entry *server_entry = NULL;
|
||||
hdb_entry_ex *client_entry = NULL;
|
||||
hdb_entry_ex *server_entry = NULL;
|
||||
Key *ckey = NULL;
|
||||
Key *skey = NULL;
|
||||
krb5_storage *reply_sp;
|
||||
@@ -451,8 +451,8 @@ do_authenticate (krb5_context context,
|
||||
}
|
||||
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
&client_entry->entry, client_name,
|
||||
&server_entry->entry, server_name,
|
||||
TRUE);
|
||||
if (ret) {
|
||||
make_error_reply (hdr, KAPWEXPIRED, reply);
|
||||
@@ -514,17 +514,17 @@ do_authenticate (krb5_context context,
|
||||
time skew between client and server. Let's make sure it is postive */
|
||||
if(max_life < 1)
|
||||
max_life = 1;
|
||||
if (client_entry->max_life)
|
||||
max_life = min(max_life, *client_entry->max_life);
|
||||
if (server_entry->max_life)
|
||||
max_life = min(max_life, *server_entry->max_life);
|
||||
if (client_entry->entry.max_life)
|
||||
max_life = min(max_life, *client_entry->entry.max_life);
|
||||
if (server_entry->entry.max_life)
|
||||
max_life = min(max_life, *server_entry->entry.max_life);
|
||||
|
||||
life = krb_time_to_life(kdc_time, kdc_time + max_life);
|
||||
|
||||
create_reply_ticket (context,
|
||||
hdr, skey,
|
||||
name, instance, config->v4_realm,
|
||||
addr, life, server_entry->kvno,
|
||||
addr, life, server_entry->entry.kvno,
|
||||
max_seq_len,
|
||||
"krbtgt", config->v4_realm,
|
||||
chal + 1, "tgsT",
|
||||
@@ -616,9 +616,9 @@ do_getticket (krb5_context context,
|
||||
char *instance = NULL;
|
||||
krb5_data times;
|
||||
int32_t max_seq_len;
|
||||
hdb_entry *server_entry = NULL;
|
||||
hdb_entry *client_entry = NULL;
|
||||
hdb_entry *krbtgt_entry = NULL;
|
||||
hdb_entry_ex *server_entry = NULL;
|
||||
hdb_entry_ex *client_entry = NULL;
|
||||
hdb_entry_ex *krbtgt_entry = NULL;
|
||||
Key *kkey = NULL;
|
||||
Key *skey = NULL;
|
||||
DES_cblock key;
|
||||
@@ -647,7 +647,8 @@ do_getticket (krb5_context context,
|
||||
snprintf (server_name, sizeof(server_name),
|
||||
"%s.%s@%s", name, instance, config->v4_realm);
|
||||
|
||||
ret = _kdc_db_fetch4 (context, config, name, instance, config->v4_realm, &server_entry);
|
||||
ret = _kdc_db_fetch4 (context, config, name, instance,
|
||||
config->v4_realm, &server_entry);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0, "Server not found in database: %s: %s",
|
||||
server_name, krb5_get_err_text(context, ret));
|
||||
@@ -746,8 +747,8 @@ do_getticket (krb5_context context,
|
||||
}
|
||||
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client_entry, client_name,
|
||||
server_entry, server_name,
|
||||
&client_entry->entry, client_name,
|
||||
&server_entry->entry, server_name,
|
||||
FALSE);
|
||||
if (ret) {
|
||||
make_error_reply (hdr, KAPWEXPIRED, reply);
|
||||
@@ -783,21 +784,21 @@ do_getticket (krb5_context context,
|
||||
time skew between client and server. Let's make sure it is postive */
|
||||
if(max_life < 1)
|
||||
max_life = 1;
|
||||
if (krbtgt_entry->max_life)
|
||||
max_life = min(max_life, *krbtgt_entry->max_life);
|
||||
if (server_entry->max_life)
|
||||
max_life = min(max_life, *server_entry->max_life);
|
||||
if (krbtgt_entry->entry.max_life)
|
||||
max_life = min(max_life, *krbtgt_entry->entry.max_life);
|
||||
if (server_entry->entry.max_life)
|
||||
max_life = min(max_life, *server_entry->entry.max_life);
|
||||
/* if this is a cross realm request, the client_entry will likely
|
||||
be NULL */
|
||||
if (client_entry && client_entry->max_life)
|
||||
max_life = min(max_life, *client_entry->max_life);
|
||||
if (client_entry && client_entry->entry.max_life)
|
||||
max_life = min(max_life, *client_entry->entry.max_life);
|
||||
|
||||
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
|
||||
|
||||
create_reply_ticket (context,
|
||||
hdr, skey,
|
||||
ad.pname, ad.pinst, ad.prealm,
|
||||
addr, life, server_entry->kvno,
|
||||
addr, life, server_entry->entry.kvno,
|
||||
max_seq_len,
|
||||
name, instance,
|
||||
0, "gtkt",
|
||||
|
@@ -70,7 +70,7 @@ valid_princ(krb5_context context,
|
||||
krb5_kdc_configuration *config = funcctx;
|
||||
krb5_error_code ret;
|
||||
char *s;
|
||||
hdb_entry *ent;
|
||||
hdb_entry_ex *ent;
|
||||
|
||||
ret = krb5_unparse_name(context, princ, &s);
|
||||
if (ret)
|
||||
@@ -125,7 +125,7 @@ _kdc_do_version4(krb5_context context,
|
||||
{
|
||||
krb5_storage *sp;
|
||||
krb5_error_code ret;
|
||||
hdb_entry *client = NULL, *server = NULL;
|
||||
hdb_entry_ex *client = NULL, *server = NULL;
|
||||
Key *ckey, *skey;
|
||||
int8_t pvno;
|
||||
int8_t msg_type;
|
||||
@@ -190,7 +190,7 @@ _kdc_do_version4(krb5_context context,
|
||||
goto out1;
|
||||
}
|
||||
ret = _kdc_db_fetch4(context, config, sname, sinst,
|
||||
config->v4_realm, &server);
|
||||
config->v4_realm, &server);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "Server not found in database: %s: %s",
|
||||
server_name, krb5_get_err_text(context, ret));
|
||||
@@ -200,8 +200,8 @@ _kdc_do_version4(krb5_context context,
|
||||
}
|
||||
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
&client->entry, client_name,
|
||||
&server->entry, server_name,
|
||||
TRUE);
|
||||
if (ret) {
|
||||
/* good error code? */
|
||||
@@ -216,8 +216,8 @@ _kdc_do_version4(krb5_context context,
|
||||
*/
|
||||
|
||||
if (config->require_preauth
|
||||
|| client->flags.require_preauth
|
||||
|| server->flags.require_preauth) {
|
||||
|| client->entry.flags.require_preauth
|
||||
|| server->entry.flags.require_preauth) {
|
||||
kdc_log(context, config, 0,
|
||||
"Pre-authentication required for v4-request: "
|
||||
"%s for %s",
|
||||
@@ -239,7 +239,7 @@ _kdc_do_version4(krb5_context context,
|
||||
/* this is not necessary with the new code in libkrb */
|
||||
/* find a properly salted key */
|
||||
while(ckey->salt == NULL || ckey->salt->salt.length != 0)
|
||||
ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
|
||||
ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
|
||||
if(ret){
|
||||
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
|
||||
name, inst, realm);
|
||||
@@ -259,10 +259,10 @@ _kdc_do_version4(krb5_context context,
|
||||
}
|
||||
|
||||
max_life = _krb5_krb_life_to_time(0, life);
|
||||
if(client->max_life)
|
||||
max_life = min(max_life, *client->max_life);
|
||||
if(server->max_life)
|
||||
max_life = min(max_life, *server->max_life);
|
||||
if(client->entry.max_life)
|
||||
max_life = min(max_life, *client->entry.max_life);
|
||||
if(server->entry.max_life)
|
||||
max_life = min(max_life, *server->entry.max_life);
|
||||
|
||||
life = krb_time_to_life(kdc_time, kdc_time + max_life);
|
||||
|
||||
@@ -301,7 +301,7 @@ _kdc_do_version4(krb5_context context,
|
||||
sinst,
|
||||
config->v4_realm,
|
||||
life,
|
||||
server->kvno % 255,
|
||||
server->entry.kvno % 255,
|
||||
&ticket,
|
||||
kdc_time,
|
||||
&ckey->key,
|
||||
@@ -320,8 +320,8 @@ _kdc_do_version4(krb5_context context,
|
||||
realm,
|
||||
req_time,
|
||||
0,
|
||||
client->pw_end ? *client->pw_end : 0,
|
||||
client->kvno % 256,
|
||||
client->entry.pw_end ? *client->entry.pw_end : 0,
|
||||
client->entry.kvno % 256,
|
||||
&cipher,
|
||||
reply);
|
||||
krb5_data_free(&cipher);
|
||||
@@ -338,7 +338,7 @@ _kdc_do_version4(krb5_context context,
|
||||
int32_t address;
|
||||
size_t pos;
|
||||
krb5_principal tgt_princ = NULL;
|
||||
hdb_entry *tgt = NULL;
|
||||
hdb_entry_ex *tgt = NULL;
|
||||
Key *tkey;
|
||||
time_t max_end, actual_end, issue_time;
|
||||
|
||||
@@ -372,10 +372,10 @@ _kdc_do_version4(krb5_context context,
|
||||
goto out2;
|
||||
}
|
||||
|
||||
if(tgt->kvno % 256 != kvno){
|
||||
if(tgt->entry.kvno % 256 != kvno){
|
||||
kdc_log(context, config, 0,
|
||||
"tgs-req (krb4) with old kvno %d (current %d) for "
|
||||
"krbtgt.%s@%s", kvno, tgt->kvno % 256,
|
||||
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
|
||||
realm, config->v4_realm);
|
||||
make_err_reply(context, reply, KDC_AUTH_EXP,
|
||||
"old krbtgt kvno used");
|
||||
@@ -487,8 +487,8 @@ _kdc_do_version4(krb5_context context,
|
||||
}
|
||||
|
||||
ret = _kdc_check_flags (context, config,
|
||||
client, client_name,
|
||||
server, server_name,
|
||||
&client->entry, client_name,
|
||||
&server->entry, server_name,
|
||||
FALSE);
|
||||
if (ret) {
|
||||
/* good error code? */
|
||||
@@ -509,10 +509,10 @@ _kdc_do_version4(krb5_context context,
|
||||
|
||||
max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
|
||||
max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
|
||||
if(server->max_life)
|
||||
max_end = min(max_end, kdc_time + *server->max_life);
|
||||
if(client && client->max_life)
|
||||
max_end = min(max_end, kdc_time + *client->max_life);
|
||||
if(server->entry.max_life)
|
||||
max_end = min(max_end, kdc_time + *server->entry.max_life);
|
||||
if(client && client->entry.max_life)
|
||||
max_end = min(max_end, kdc_time + *client->entry.max_life);
|
||||
life = min(life, krb_time_to_life(kdc_time, max_end));
|
||||
|
||||
issue_time = kdc_time;
|
||||
@@ -569,7 +569,7 @@ _kdc_do_version4(krb5_context context,
|
||||
sinst,
|
||||
config->v4_realm,
|
||||
life,
|
||||
server->kvno % 255,
|
||||
server->entry.kvno % 255,
|
||||
&ticket,
|
||||
issue_time,
|
||||
&ad.session,
|
||||
@@ -719,7 +719,7 @@ _kdc_encode_v4_ticket(krb5_context context,
|
||||
|
||||
krb5_error_code
|
||||
_kdc_get_des_key(krb5_context context,
|
||||
hdb_entry *principal, krb5_boolean is_server,
|
||||
hdb_entry_ex *principal, krb5_boolean is_server,
|
||||
krb5_boolean prefer_afs_key, Key **ret_key)
|
||||
{
|
||||
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
|
||||
@@ -734,7 +734,7 @@ _kdc_get_des_key(krb5_context context,
|
||||
afs_key == NULL || server_key == NULL);
|
||||
++i) {
|
||||
Key *key = NULL;
|
||||
while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) {
|
||||
while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
|
||||
if(key->salt == NULL) {
|
||||
if(v5_key == NULL)
|
||||
v5_key = key;
|
||||
|
Reference in New Issue
Block a user