oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Finish up transition from hdb_entry to hdb_entry_ex.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16402 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-12-13 19:44:27 +00:00
parent 83c3fb4698
commit ddddd59d94
3 changed files with 55 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kdc/524.c
View File

@@ -47,7 +47,7 @@ fetch_server (krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
const Ticket *t, const Ticket *t,
char **spn, char **spn,
hdb_entry **server, hdb_entry_ex **server,
const char *from) const char *from)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -221,7 +221,7 @@ static krb5_error_code
encode_524_response(krb5_context context, encode_524_response(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et, const char *spn, const EncTicketPart et,
const Ticket *t, hdb_entry *server, const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno) EncryptedData *ticket, int *kvno)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -274,7 +274,7 @@ encode_524_response(krb5_context context,
"Failed to encrypt v4 ticket (%s)", spn); "Failed to encrypt v4 ticket (%s)", spn);
return ret; return ret;
} }
*kvno = server->kvno; *kvno = server->entry.kvno;
} }
return 0; return 0;
@@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context,
{ {
krb5_error_code ret = 0; krb5_error_code ret = 0;
krb5_crypto crypto; krb5_crypto crypto;
hdb_entry *server = NULL; hdb_entry_ex *server = NULL;
Key *skey; Key *skey;
krb5_data et_data; krb5_data et_data;
EncTicketPart et; EncTicketPart et;
@@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context,
goto out; goto out;
} }
ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey); ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
if(ret){ if(ret){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"No suitable key found for server (%s) from %s", spn, from); "No suitable key found for server (%s) from %s", spn, from);

45
kdc/kaserver.c
View File

@@ -404,8 +404,8 @@ do_authenticate (krb5_context context,
time_t end_time; time_t end_time;
krb5_data request; krb5_data request;
int32_t max_seq_len; int32_t max_seq_len;
hdb_entry *client_entry = NULL; hdb_entry_ex *client_entry = NULL;
hdb_entry *server_entry = NULL; hdb_entry_ex *server_entry = NULL;
Key *ckey = NULL; Key *ckey = NULL;
Key *skey = NULL; Key *skey = NULL;
krb5_storage *reply_sp; krb5_storage *reply_sp;
@@ -451,8 +451,8 @@ do_authenticate (krb5_context context,
} }
ret = _kdc_check_flags (context, config, ret = _kdc_check_flags (context, config,
client_entry, client_name, &client_entry->entry, client_name,
server_entry, server_name, &server_entry->entry, server_name,
TRUE); TRUE);
if (ret) { if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply); make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -514,17 +514,17 @@ do_authenticate (krb5_context context,
time skew between client and server. Let's make sure it is postive */ time skew between client and server. Let's make sure it is postive */
if(max_life < 1) if(max_life < 1)
max_life = 1; max_life = 1;
if (client_entry->max_life) if (client_entry->entry.max_life)
max_life = min(max_life, *client_entry->max_life); max_life = min(max_life, *client_entry->entry.max_life);
if (server_entry->max_life) if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->max_life); max_life = min(max_life, *server_entry->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context, create_reply_ticket (context,
hdr, skey, hdr, skey,
name, instance, config->v4_realm, name, instance, config->v4_realm,
addr, life, server_entry->kvno, addr, life, server_entry->entry.kvno,
max_seq_len, max_seq_len,
"krbtgt", config->v4_realm, "krbtgt", config->v4_realm,
chal + 1, "tgsT", chal + 1, "tgsT",
@@ -616,9 +616,9 @@ do_getticket (krb5_context context,
char *instance = NULL; char *instance = NULL;
krb5_data times; krb5_data times;
int32_t max_seq_len; int32_t max_seq_len;
hdb_entry *server_entry = NULL; hdb_entry_ex *server_entry = NULL;
hdb_entry *client_entry = NULL; hdb_entry_ex *client_entry = NULL;
hdb_entry *krbtgt_entry = NULL; hdb_entry_ex *krbtgt_entry = NULL;
Key *kkey = NULL; Key *kkey = NULL;
Key *skey = NULL; Key *skey = NULL;
DES_cblock key; DES_cblock key;
@@ -647,7 +647,8 @@ do_getticket (krb5_context context,
snprintf (server_name, sizeof(server_name), snprintf (server_name, sizeof(server_name),
"%s.%s@%s", name, instance, config->v4_realm); "%s.%s@%s", name, instance, config->v4_realm);
ret = _kdc_db_fetch4 (context, config, name, instance, config->v4_realm, &server_entry); ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, &server_entry);
if (ret) { if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s", kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret)); server_name, krb5_get_err_text(context, ret));
@@ -746,8 +747,8 @@ do_getticket (krb5_context context,
} }
ret = _kdc_check_flags (context, config, ret = _kdc_check_flags (context, config,
client_entry, client_name, &client_entry->entry, client_name,
server_entry, server_name, &server_entry->entry, server_name,
FALSE); FALSE);
if (ret) { if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply); make_error_reply (hdr, KAPWEXPIRED, reply);
@@ -783,21 +784,21 @@ do_getticket (krb5_context context,
time skew between client and server. Let's make sure it is postive */ time skew between client and server. Let's make sure it is postive */
if(max_life < 1) if(max_life < 1)
max_life = 1; max_life = 1;
if (krbtgt_entry->max_life) if (krbtgt_entry->entry.max_life)
max_life = min(max_life, *krbtgt_entry->max_life); max_life = min(max_life, *krbtgt_entry->entry.max_life);
if (server_entry->max_life) if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->max_life); max_life = min(max_life, *server_entry->entry.max_life);
/* if this is a cross realm request, the client_entry will likely /* if this is a cross realm request, the client_entry will likely
be NULL */ be NULL */
if (client_entry && client_entry->max_life) if (client_entry && client_entry->entry.max_life)
max_life = min(max_life, *client_entry->max_life); max_life = min(max_life, *client_entry->entry.max_life);
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context, create_reply_ticket (context,
hdr, skey, hdr, skey,
ad.pname, ad.pinst, ad.prealm, ad.pname, ad.pinst, ad.prealm,
addr, life, server_entry->kvno, addr, life, server_entry->entry.kvno,
max_seq_len, max_seq_len,
name, instance, name, instance,
0, "gtkt", 0, "gtkt",

54
kdc/kerberos4.c
View File

@@ -70,7 +70,7 @@ valid_princ(krb5_context context,
krb5_kdc_configuration *config = funcctx; krb5_kdc_configuration *config = funcctx;
krb5_error_code ret; krb5_error_code ret;
char *s; char *s;
hdb_entry *ent; hdb_entry_ex *ent;
ret = krb5_unparse_name(context, princ, &s); ret = krb5_unparse_name(context, princ, &s);
if (ret) if (ret)
@@ -125,7 +125,7 @@ _kdc_do_version4(krb5_context context,
{ {
krb5_storage *sp; krb5_storage *sp;
krb5_error_code ret; krb5_error_code ret;
hdb_entry *client = NULL, *server = NULL; hdb_entry_ex *client = NULL, *server = NULL;
Key *ckey, *skey; Key *ckey, *skey;
int8_t pvno; int8_t pvno;
int8_t msg_type; int8_t msg_type;
@@ -190,7 +190,7 @@ _kdc_do_version4(krb5_context context,
goto out1; goto out1;
} }
ret = _kdc_db_fetch4(context, config, sname, sinst, ret = _kdc_db_fetch4(context, config, sname, sinst,
config->v4_realm, &server); config->v4_realm, &server);
if(ret){ if(ret){
kdc_log(context, config, 0, "Server not found in database: %s: %s", kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret)); server_name, krb5_get_err_text(context, ret));
@@ -200,8 +200,8 @@ _kdc_do_version4(krb5_context context,
} }
ret = _kdc_check_flags (context, config, ret = _kdc_check_flags (context, config,
client, client_name, &client->entry, client_name,
server, server_name, &server->entry, server_name,
TRUE); TRUE);
if (ret) { if (ret) {
/* good error code? */ /* good error code? */
@@ -216,8 +216,8 @@ _kdc_do_version4(krb5_context context,
*/ */
if (config->require_preauth if (config->require_preauth
|| client->flags.require_preauth || client->entry.flags.require_preauth
|| server->flags.require_preauth) { || server->entry.flags.require_preauth) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Pre-authentication required for v4-request: " "Pre-authentication required for v4-request: "
"%s for %s", "%s for %s",
@@ -239,7 +239,7 @@ _kdc_do_version4(krb5_context context,
/* this is not necessary with the new code in libkrb */ /* this is not necessary with the new code in libkrb */
/* find a properly salted key */ /* find a properly salted key */
while(ckey->salt == NULL || ckey->salt->salt.length != 0) while(ckey->salt == NULL || ckey->salt->salt.length != 0)
ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey); ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
if(ret){ if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm); name, inst, realm);
@@ -259,10 +259,10 @@ _kdc_do_version4(krb5_context context,
} }
max_life = _krb5_krb_life_to_time(0, life); max_life = _krb5_krb_life_to_time(0, life);
if(client->max_life) if(client->entry.max_life)
max_life = min(max_life, *client->max_life); max_life = min(max_life, *client->entry.max_life);
if(server->max_life) if(server->entry.max_life)
max_life = min(max_life, *server->max_life); max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life);
@@ -301,7 +301,7 @@ _kdc_do_version4(krb5_context context,
sinst, sinst,
config->v4_realm, config->v4_realm,
life, life,
server->kvno % 255, server->entry.kvno % 255,
&ticket, &ticket,
kdc_time, kdc_time,
&ckey->key, &ckey->key,
@@ -320,8 +320,8 @@ _kdc_do_version4(krb5_context context,
realm, realm,
req_time, req_time,
0, 0,
client->pw_end ? *client->pw_end : 0, client->entry.pw_end ? *client->entry.pw_end : 0,
client->kvno % 256, client->entry.kvno % 256,
&cipher, &cipher,
reply); reply);
krb5_data_free(&cipher); krb5_data_free(&cipher);
@@ -338,7 +338,7 @@ _kdc_do_version4(krb5_context context,
int32_t address; int32_t address;
size_t pos; size_t pos;
krb5_principal tgt_princ = NULL; krb5_principal tgt_princ = NULL;
hdb_entry *tgt = NULL; hdb_entry_ex *tgt = NULL;
Key *tkey; Key *tkey;
time_t max_end, actual_end, issue_time; time_t max_end, actual_end, issue_time;
@@ -372,10 +372,10 @@ _kdc_do_version4(krb5_context context,
goto out2; goto out2;
} }
if(tgt->kvno % 256 != kvno){ if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for " "tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->kvno % 256, "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm); realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP, make_err_reply(context, reply, KDC_AUTH_EXP,
"old krbtgt kvno used"); "old krbtgt kvno used");
@@ -487,8 +487,8 @@ _kdc_do_version4(krb5_context context,
} }
ret = _kdc_check_flags (context, config, ret = _kdc_check_flags (context, config,
client, client_name, &client->entry, client_name,
server, server_name, &server->entry, server_name,
FALSE); FALSE);
if (ret) { if (ret) {
/* good error code? */ /* good error code? */
@@ -509,10 +509,10 @@ _kdc_do_version4(krb5_context context,
max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life); max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life)); max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
if(server->max_life) if(server->entry.max_life)
max_end = min(max_end, kdc_time + *server->max_life); max_end = min(max_end, kdc_time + *server->entry.max_life);
if(client && client->max_life) if(client && client->entry.max_life)
max_end = min(max_end, kdc_time + *client->max_life); max_end = min(max_end, kdc_time + *client->entry.max_life);
life = min(life, krb_time_to_life(kdc_time, max_end)); life = min(life, krb_time_to_life(kdc_time, max_end));
issue_time = kdc_time; issue_time = kdc_time;
@@ -569,7 +569,7 @@ _kdc_do_version4(krb5_context context,
sinst, sinst,
config->v4_realm, config->v4_realm,
life, life,
server->kvno % 255, server->entry.kvno % 255,
&ticket, &ticket,
issue_time, issue_time,
&ad.session, &ad.session,
@@ -719,7 +719,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_error_code krb5_error_code
_kdc_get_des_key(krb5_context context, _kdc_get_des_key(krb5_context context,
hdb_entry *principal, krb5_boolean is_server, hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key) krb5_boolean prefer_afs_key, Key **ret_key)
{ {
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
@@ -734,7 +734,7 @@ _kdc_get_des_key(krb5_context context,
afs_key == NULL || server_key == NULL); afs_key == NULL || server_key == NULL);
++i) { ++i) {
Key *key = NULL; Key *key = NULL;
while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
if(key->salt == NULL) { if(key->salt == NULL) {
if(v5_key == NULL) if(v5_key == NULL)
v5_key = key; v5_key = key;