summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-02 21:56:29 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:49:37 -0500
commit2d9bd9b3a5b8cd76835e120dcf4442c072f95eda (patch)
tree8dcc09010590045357cc5c09b66469e90a03db9e
parente25e37e0b6a9098065b5fe905f45e43e7560a58e (diff)
downloadsamba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.tar.gz
samba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.tar.bz2
samba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.zip
r12681: Allow an entry to have no kerberos keys. This occours when an entry
is new, and has no password. It may also occour in the future if we allow PKINIT. In any case, it shouldn't segfault :-) Andrew Bartlett (This used to be commit 686fea241b7a8ca286099eadfa2ed177367dafdc)
-rw-r--r--source4/kdc/hdb-ldb.c40
1 files changed, 24 insertions, 16 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index ceffad7ef7..7cb02b8224 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -384,24 +384,32 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
ldb_keys = ldb_msg_find_element(msg, "krb5Key");
- /* allocate space to decode into */
- entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
- if (entry_ex->entry.keys.val == NULL) {
- ret = ENOMEM;
- goto out;
- }
- entry_ex->entry.keys.len = ldb_keys->num_values;
-
- /* Decode Kerberos keys into the hdb structure */
- for (i=0; i < entry_ex->entry.keys.len; i++) {
- size_t decode_len;
- ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length,
- &entry_ex->entry.keys.val[i], &decode_len);
- if (ret) {
- /* Could be bougus data in the entry, or out of memory */
+ if (!ldb_keys) {
+ /* oh, no password. Apparently (comment in
+ * hdb-ldap.c) this violates the ASN.1, but this
+ * allows an entry with no keys (yet). */
+ entry_ex->entry.keys.val = NULL;
+ entry_ex->entry.keys.len = 0;
+ } else {
+ /* allocate space to decode into */
+ entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
+ if (entry_ex->entry.keys.val == NULL) {
+ ret = ENOMEM;
goto out;
}
- }
+ entry_ex->entry.keys.len = ldb_keys->num_values;
+
+ /* Decode Kerberos keys into the hdb structure */
+ for (i=0; i < entry_ex->entry.keys.len; i++) {
+ size_t decode_len;
+ ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length,
+ &entry_ex->entry.keys.val[i], &decode_len);
+ if (ret) {
+ /* Could be bougus data in the entry, or out of memory */
+ goto out;
+ }
+ }
+ }
entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes)));
if (entry_ex->entry.etypes == NULL) {