hdb-ldb: fix the callers after drsblobs.idl changes

metze (This used to be commit 1223cd17c79d130b46b0e0ccb0f6011c92441173)
author: Stefan Metzmacher <metze@samba.org> 2008-07-24 08:23:15 +0200
committer: Stefan Metzmacher <metze@samba.org> 2008-07-24 08:24:10 +0200
commit: 79657f78e87b76be1579c488249bf253093aa620 (patch)
tree: 06282302b46cb42708f46ee7ea384b9a45af25bb
parent: 0c8fb9361e524639cc35efda2f6a4d48098c76a7 (diff)
download: samba-79657f78e87b76be1579c488249bf253093aa620.tar.gz
samba-79657f78e87b76be1579c488249bf253093aa620.tar.bz2
samba-79657f78e87b76be1579c488249bf253093aa620.zip
1 files changed, 30 insertions, 45 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 9960085b1a..8f8ce3074b 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -191,11 +191,10 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 	const struct ldb_val *sc_val;
 	struct supplementalCredentialsBlob scb;
 	struct supplementalCredentialsPackage *scpk = NULL;
-	struct supplementalCredentialsPackage *scpkn = NULL;
+	bool newer_keys = false;
 	struct package_PrimaryKerberosBlob _pkb;
 	struct package_PrimaryKerberosCtr3 *pkb3 = NULL;
-	struct package_PrimaryKerberosNewerBlob _pknb;
-	struct package_PrimaryKerberosNewerCtr4 *pkb4 = NULL;
+	struct package_PrimaryKerberosCtr4 *pkb4 = NULL;
 	uint32_t i;
 	uint32_t allocated_keys = 0;
 
@@ -232,11 +231,12 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 
 		for (i=0; i < scb.sub.num_packages; i++) {
 			if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) {
-				scpkn = &scb.sub.packages[i];
-				if (!scpkn->data || !scpkn->data[0]) {
-					scpkn = NULL;
+				scpk = &scb.sub.packages[i];
+				if (!scpk->data || !scpk->data[0]) {
+					scpk = NULL;
 					continue;
 				}
+				newer_keys = true;
 				break;
 			} else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) {
 				scpk = &scb.sub.packages[i];
@@ -250,39 +250,11 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 			}
 		}
 	}
-	/* Primary:Kerberos-Newer-Keys element of supplementalCredentials */
-	if (scpkn) {
-		DATA_BLOB blob;
-
-		blob = strhex_to_data_blob(scpkn->data);
-		if (!blob.data) {
-			ret = ENOMEM;
-			goto out;
-		}
-		talloc_steal(mem_ctx, blob.data);
-
-		/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
-		ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pknb,
-					       (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosNewerBlob);
-		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-			krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosNewerBlob");
-			krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosNewerBlob");
-			ret = EINVAL;
-			goto out;
-		}
-
-		if (_pknb.version != 4) {
-			krb5_set_error_string(context, "LDB_message2entry_keys: could not parse PrimaryKerberosNewer not version 4");
-			krb5_warnx(context, "LDB_message2entry_keys: could not parse PrimaryKerberosNewer not version 4");
-			ret = EINVAL;
-			goto out;
-		}
-
-		pkb4 = &_pknb.ctr.ctr4;
-
-		allocated_keys += pkb4->num_keys;
-	} else if (scpk) {
-		/* Fallback to Primary:Kerberos element of supplementalCredentials */
+	/*
+	 * Primary:Kerberos-Newer-Keys or Primary:Kerberos element
+	 * of supplementalCredentials
+	 */
+	if (scpk) {
 		DATA_BLOB blob;
 
 		blob = strhex_to_data_blob(scpk->data);
@@ -302,16 +274,27 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 			goto out;
 		}
 
-		if (_pkb.version != 3) {
-			krb5_set_error_string(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
-			krb5_warnx(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
+		if (newer_keys && _pkb.version != 4) {
+			krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
+			krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
 			ret = EINVAL;
 			goto out;
 		}
-		
-		pkb3 = &_pkb.ctr.ctr3;
 
-		allocated_keys += pkb3->num_keys;
+		if (!newer_keys && _pkb.version != 3) {
+			krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3");
+			krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3");
+			ret = EINVAL;
+			goto out;
+		}
+
+		if (_pkb.version == 4) {
+			pkb4 = &_pkb.ctr.ctr4;
+			allocated_keys += pkb4->num_keys;
+		} else if (_pkb.version == 3) {
+			pkb3 = &_pkb.ctr.ctr3;
+			allocated_keys += pkb3->num_keys;
+		}
 	}
 
 	if (allocated_keys == 0) {
@@ -391,6 +374,8 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 				}
 			}
 
+			/* TODO: maybe pass the iteration_count somehow... */
+
 			ret = krb5_keyblock_init(context,
 						 pkb4->keys[i].keytype,
 						 pkb4->keys[i].value->data,
author	Stefan Metzmacher <metze@samba.org>	2008-07-24 08:23:15 +0200
committer	Stefan Metzmacher <metze@samba.org>	2008-07-24 08:24:10 +0200
commit	79657f78e87b76be1579c488249bf253093aa620 (patch)
tree	06282302b46cb42708f46ee7ea384b9a45af25bb
parent	0c8fb9361e524639cc35efda2f6a4d48098c76a7 (diff)
download	samba-79657f78e87b76be1579c488249bf253093aa620.tar.gz samba-79657f78e87b76be1579c488249bf253093aa620.tar.bz2 samba-79657f78e87b76be1579c488249bf253093aa620.zip