diff options
32 files changed, 949 insertions, 742 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 497539b2e0..1642975616 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.34 2005/06/30 01:47:35 lha Exp $"); +RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $"); #include <krb5-v4compat.h> @@ -47,7 +47,7 @@ fetch_server (krb5_context context, krb5_kdc_configuration *config, const Ticket *t, char **spn, - hdb_entry **server, + hdb_entry_ex **server, const char *from) { krb5_error_code ret; @@ -221,7 +221,7 @@ static krb5_error_code encode_524_response(krb5_context context, krb5_kdc_configuration *config, const char *spn, const EncTicketPart et, - const Ticket *t, hdb_entry *server, + const Ticket *t, hdb_entry_ex *server, EncryptedData *ticket, int *kvno) { krb5_error_code ret; @@ -274,7 +274,7 @@ encode_524_response(krb5_context context, "Failed to encrypt v4 ticket (%s)", spn); return ret; } - *kvno = server->kvno; + *kvno = server->entry.kvno; } return 0; @@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context, { krb5_error_code ret = 0; krb5_crypto crypto; - hdb_entry *server = NULL; + hdb_entry_ex *server = NULL; Key *skey; krb5_data et_data; EncTicketPart et; @@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context, goto out; } - ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey); + ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey); if(ret){ kdc_log(context, config, 0, "No suitable key found for server (%s) from %s", spn, from); diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 4a9bd87cb6..069af21660 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.30 2005/06/30 01:49:39 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $"); #include <krb5-v4compat.h> #include <rx.h> @@ -404,8 +404,8 @@ do_authenticate (krb5_context context, time_t end_time; krb5_data request; int32_t max_seq_len; - hdb_entry *client_entry = NULL; - hdb_entry *server_entry = NULL; + hdb_entry_ex *client_entry = NULL; + hdb_entry_ex *server_entry = NULL; Key *ckey = NULL; Key *skey = NULL; krb5_storage *reply_sp; @@ -453,8 +453,8 @@ do_authenticate (krb5_context context, } ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, + &client_entry->entry, client_name, + &server_entry->entry, server_name, TRUE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -516,17 +516,17 @@ do_authenticate (krb5_context context, time skew between client and server. Let's make sure it is postive */ if(max_life < 1) max_life = 1; - if (client_entry->max_life) - max_life = min(max_life, *client_entry->max_life); - if (server_entry->max_life) - max_life = min(max_life, *server_entry->max_life); + if (client_entry->entry.max_life) + max_life = min(max_life, *client_entry->entry.max_life); + if (server_entry->entry.max_life) + max_life = min(max_life, *server_entry->entry.max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life); create_reply_ticket (context, hdr, skey, name, instance, config->v4_realm, - addr, life, server_entry->kvno, + addr, life, server_entry->entry.kvno, max_seq_len, "krbtgt", config->v4_realm, chal + 1, "tgsT", @@ -618,9 +618,9 @@ do_getticket (krb5_context context, char *instance = NULL; krb5_data times; int32_t max_seq_len; - hdb_entry *server_entry = NULL; - hdb_entry *client_entry = NULL; - hdb_entry *krbtgt_entry = NULL; + hdb_entry_ex *server_entry = NULL; + hdb_entry_ex *client_entry = NULL; + hdb_entry_ex *krbtgt_entry = NULL; Key *kkey = NULL; Key *skey = NULL; DES_cblock key; @@ -752,8 +752,8 @@ do_getticket (krb5_context context, } ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, + &client_entry->entry, client_name, + &server_entry->entry, server_name, FALSE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -789,21 +789,21 @@ do_getticket (krb5_context context, time skew between client and server. Let's make sure it is postive */ if(max_life < 1) max_life = 1; - if (krbtgt_entry->max_life) - max_life = min(max_life, *krbtgt_entry->max_life); - if (server_entry->max_life) - max_life = min(max_life, *server_entry->max_life); + if (krbtgt_entry->entry.max_life) + max_life = min(max_life, *krbtgt_entry->entry.max_life); + if (server_entry->entry.max_life) + max_life = min(max_life, *server_entry->entry.max_life); /* if this is a cross realm request, the client_entry will likely be NULL */ - if (client_entry && client_entry->max_life) - max_life = min(max_life, *client_entry->max_life); + if (client_entry && client_entry->entry.max_life) + max_life = min(max_life, *client_entry->entry.max_life); life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); create_reply_ticket (context, hdr, skey, ad.pname, ad.pinst, ad.prealm, - addr, life, server_entry->kvno, + addr, life, server_entry->entry.kvno, max_seq_len, name, instance, 0, "gtkt", diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h new file mode 100644 index 0000000000..cfb76fd7b0 --- /dev/null +++ b/source4/heimdal/kdc/kdc-private.h @@ -0,0 +1,151 @@ +/* This is a generated file */ +#ifndef __kdc_private_h__ +#define __kdc_private_h__ + +#include <stdarg.h> + +krb5_error_code +_kdc_as_rep ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + const krb5_data */*req_buffer*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*from_addr*/); + +krb5_error_code +_kdc_check_flags ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry */*client*/, + const char */*client_name*/, + hdb_entry */*server*/, + const char */*server_name*/, + krb5_boolean /*is_as_req*/); + +krb5_error_code +_kdc_db_fetch ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_principal /*principal*/, + enum hdb_ent_type, + hdb_entry_ex **/*h*/); + +krb5_error_code +_kdc_db_fetch4 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + enum hdb_ent_type /*ent_type*/, + hdb_entry_ex **/*ent*/); + +krb5_error_code +_kdc_do_524 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const Ticket */*t*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + +krb5_error_code +_kdc_do_kaserver ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr_in */*addr*/); + +krb5_error_code +_kdc_do_version4 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr_in */*addr*/); + +krb5_error_code +_kdc_encode_v4_ticket ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + void */*buf*/, + size_t /*len*/, + const EncTicketPart */*et*/, + const PrincipalName */*service*/, + size_t */*size*/); + +void +_kdc_free_ent ( + krb5_context /*context*/, + hdb_entry_ex */*ent*/); + +krb5_error_code +_kdc_get_des_key ( + krb5_context /*context*/, + hdb_entry_ex */*principal*/, + krb5_boolean /*is_server*/, + krb5_boolean /*prefer_afs_key*/, + Key **/*ret_key*/); + +int +_kdc_maybe_version4 ( + unsigned char */*buf*/, + int /*len*/); + +krb5_error_code +_kdc_pk_check_client ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_principal /*client_princ*/, + const hdb_entry */*client*/, + pk_client_params */*client_params*/, + char **/*subject_name*/); + +void +_kdc_pk_free_client_param ( + krb5_context /*context*/, + pk_client_params */*client_params*/); + +krb5_error_code +_kdc_pk_initialize ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*user_id*/, + const char */*x509_anchors*/); + +krb5_error_code +_kdc_pk_mk_pa_reply ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + pk_client_params */*client_params*/, + const hdb_entry */*client*/, + const KDC_REQ */*req*/, + const krb5_data */*req_buffer*/, + krb5_keyblock **/*reply_key*/, + METHOD_DATA */*md*/); + +krb5_error_code +_kdc_pk_rd_padata ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + PA_DATA */*pa*/, + pk_client_params **/*ret_params*/); + +krb5_error_code +_kdc_tgs_rep ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + krb5_data */*data*/, + const char */*from*/, + struct sockaddr */*from_addr*/); + +#endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index 8658d33b68..58cf1f4173 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.73 2005/08/15 11:07:25 lha Exp $ + * $Id: kdc_locl.h,v 1.74 2005/12/12 12:23:33 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -41,6 +41,9 @@ #include "headers.h" #include "kdc.h" +typedef struct pk_client_params pk_client_params; +#include <kdc-private.h> + extern sig_atomic_t exit_flag; extern size_t max_request; extern const char *port_str; @@ -68,20 +71,13 @@ krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); krb5_error_code -_kdc_db_fetch(krb5_context, krb5_kdc_configuration *, - krb5_principal, enum hdb_ent_type, hdb_entry **); - -krb5_error_code -_kdc_db_fetch_ex(krb5_context context, - krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry_ex **h); - -void -_kdc_free_ent(krb5_context context, hdb_entry *); +_kdc_db_fetch(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry_ex **h); void -_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent); +_kdc_free_ent(krb5_context context, hdb_entry_ex *ent); void loop(krb5_context context, krb5_kdc_configuration *config); @@ -99,7 +95,7 @@ _kdc_check_flags(krb5_context context, krb5_boolean is_as_req); krb5_error_code -_kdc_get_des_key(krb5_context context, hdb_entry*, +_kdc_get_des_key(krb5_context context, hdb_entry_ex*, krb5_boolean, krb5_boolean, Key**); krb5_error_code @@ -145,7 +141,7 @@ void _kdc_pk_free_client_param(krb5_context, pk_client_params *); krb5_error_code _kdc_db_fetch4 (krb5_context context, krb5_kdc_configuration *config, - const char*, const char*, const char*, enum hdb_ent_type, hdb_entry**); + const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**); krb5_error_code _kdc_do_version4 (krb5_context context, diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index a81fbb7b59..72ea41d9e6 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <krb5-v4compat.h> -RCSID("$Id: kerberos4.c,v 1.54 2005/06/30 01:51:43 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $"); #ifndef swap32 static u_int32_t @@ -70,7 +70,7 @@ valid_princ(krb5_context context, krb5_kdc_configuration *config = funcctx; krb5_error_code ret; char *s; - hdb_entry *ent; + hdb_entry_ex *ent; ret = krb5_unparse_name(context, princ, &s); if (ret) @@ -93,7 +93,7 @@ _kdc_db_fetch4(krb5_context context, krb5_kdc_configuration *config, const char *name, const char *instance, const char *realm, enum hdb_ent_type ent_type, - hdb_entry **ent) + hdb_entry_ex **ent) { krb5_principal p; krb5_error_code ret; @@ -126,7 +126,7 @@ _kdc_do_version4(krb5_context context, { krb5_storage *sp; krb5_error_code ret; - hdb_entry *client = NULL, *server = NULL; + hdb_entry_ex *client = NULL, *server = NULL; Key *ckey, *skey; int8_t pvno; int8_t msg_type; @@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, + &client->entry, client_name, + &server->entry, server_name, TRUE); if (ret) { /* good error code? */ @@ -217,8 +217,8 @@ _kdc_do_version4(krb5_context context, */ if (config->require_preauth - || client->flags.require_preauth - || server->flags.require_preauth) { + || client->entry.flags.require_preauth + || server->entry.flags.require_preauth) { kdc_log(context, config, 0, "Pre-authentication required for v4-request: " "%s for %s", @@ -240,7 +240,7 @@ _kdc_do_version4(krb5_context context, /* this is not necessary with the new code in libkrb */ /* find a properly salted key */ while(ckey->salt == NULL || ckey->salt->salt.length != 0) - ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey); + ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey); if(ret){ kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", name, inst, realm); @@ -260,10 +260,10 @@ _kdc_do_version4(krb5_context context, } max_life = _krb5_krb_life_to_time(0, life); - if(client->max_life) - max_life = min(max_life, *client->max_life); - if(server->max_life) - max_life = min(max_life, *server->max_life); + if(client->entry.max_life) + max_life = min(max_life, *client->entry.max_life); + if(server->entry.max_life) + max_life = min(max_life, *server->entry.max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life); @@ -302,7 +302,7 @@ _kdc_do_version4(krb5_context context, sinst, config->v4_realm, life, - server->kvno % 255, + server->entry.kvno % 255, &ticket, kdc_time, &ckey->key, @@ -321,8 +321,8 @@ _kdc_do_version4(krb5_context context, realm, req_time, 0, - client->pw_end ? *client->pw_end : 0, - client->kvno % 256, + client->entry.pw_end ? *client->entry.pw_end : 0, + client->entry.kvno % 256, &cipher, reply); krb5_data_free(&cipher); @@ -339,7 +339,7 @@ _kdc_do_version4(krb5_context context, int32_t address; size_t pos; krb5_principal tgt_princ = NULL; - hdb_entry *tgt = NULL; + hdb_entry_ex *tgt = NULL; Key *tkey; time_t max_end, actual_end, issue_time; @@ -373,10 +373,10 @@ _kdc_do_version4(krb5_context context, goto out2; } - if(tgt->kvno % 256 != kvno){ + if(tgt->entry.kvno % 256 != kvno){ kdc_log(context, config, 0, "tgs-req (krb4) with old kvno %d (current %d) for " - "krbtgt.%s@%s", kvno, tgt->kvno % 256, + "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, realm, config->v4_realm); make_err_reply(context, reply, KDC_AUTH_EXP, "old krbtgt kvno used"); @@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, + &client->entry, client_name, + &server->entry, server_name, FALSE); if (ret) { /* good error code? */ @@ -511,10 +511,10 @@ _kdc_do_version4(krb5_context context, max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life); max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life)); - if(server->max_life) - max_end = min(max_end, kdc_time + *server->max_life); - if(client && client->max_life) - max_end = min(max_end, kdc_time + *client->max_life); + if(server->entry.max_life) + max_end = min(max_end, kdc_time + *server->entry.max_life); + if(client && client->entry.max_life) + max_end = min(max_end, kdc_time + *client->entry.max_life); life = min(life, krb_time_to_life(kdc_time, max_end)); issue_time = kdc_time; @@ -571,7 +571,7 @@ _kdc_do_version4(krb5_context context, sinst, config->v4_realm, life, - server->kvno % 255, + server->entry.kvno % 255, &ticket, issue_time, &ad.session, @@ -721,7 +721,7 @@ _kdc_encode_v4_ticket(krb5_context context, krb5_error_code _kdc_get_des_key(krb5_context context, - hdb_entry *principal, krb5_boolean is_server, + hdb_entry_ex *principal, krb5_boolean is_server, krb5_boolean prefer_afs_key, Key **ret_key) { Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; @@ -736,7 +736,7 @@ _kdc_get_des_key(krb5_context context, afs_key == NULL || server_key == NULL); ++i) { Key *key = NULL; - while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { + while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) { if(key->salt == NULL) { if(v5_key == NULL) v5_key = key; diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 6f6203a92c..a0136ba425 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.198 2005/11/28 20:33:57 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -88,7 +88,7 @@ find_padata(KDC_REQ *req, int *start, int type) */ static krb5_error_code -find_etype(krb5_context context, hdb_entry *princ, +find_etype(krb5_context context, const hdb_entry_ex *princ, krb5_enctype *etypes, unsigned len, Key **ret_key, krb5_enctype *ret_etype) { @@ -101,7 +101,7 @@ find_etype(krb5_context context, hdb_entry *princ, if (krb5_enctype_valid(context, etypes[i]) != 0) continue; - while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) { + while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { if (key->key.keyvalue.length == 0) { ret = KRB5KDC_ERR_NULL_KEY; continue; @@ -119,8 +119,8 @@ find_etype(krb5_context context, hdb_entry *princ, static krb5_error_code find_keys(krb5_context context, krb5_kdc_configuration *config, - hdb_entry *client, - hdb_entry *server, + const hdb_entry_ex *client, + const hdb_entry_ex *server, Key **ckey, krb5_enctype *cetype, Key **skey, @@ -136,7 +136,7 @@ find_keys(krb5_context context, /* find client key */ ret = find_etype(context, client, etypes, num_etypes, ckey, cetype); if (ret) { - if (krb5_unparse_name(context, client->principal, &name) != 0) + if (krb5_unparse_name(context, client->entry.principal, &name) != 0) name = unparse_name; kdc_log(context, config, 0, "Client (%s) has no support for etypes", name); @@ -150,7 +150,7 @@ find_keys(krb5_context context, /* find server key */ ret = find_etype(context, server, etypes, num_etypes, skey, setype); if (ret) { - if (krb5_unparse_name(context, server->principal, &name) != 0) + if (krb5_unparse_name(context, server->entry.principal, &name) != 0) name = unparse_name; kdc_log(context, config, 0, "Server (%s) has no support for etypes", name); @@ -805,7 +805,7 @@ _kdc_as_rep(krb5_context context, AS_REP rep; KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL; - hdb_entry *server = NULL; + hdb_entry_ex *server = NULL; krb5_enctype cetype, setype; EncTicketPart et; EncKDCRepPart ek; @@ -851,7 +851,7 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 0, "AS-REQ %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch_ex(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_check_flags(context, config, &client->entry, client_name, - server, server_name, + &server->entry, server_name, TRUE); if(ret) goto out; @@ -920,7 +920,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pk_check_client(context, config, client_princ, - &client->entry, + client, pkp, &client_cert); if (ret) { @@ -969,7 +969,8 @@ _kdc_as_rep(krb5_context context, goto out; } - ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key); + ret = hdb_enctype2key(context, &client->entry, + enc_data.etype, &pa_key); if(ret){ char *estr; e_text = "No key matches pa-data"; @@ -1076,7 +1077,7 @@ _kdc_as_rep(krb5_context context, } }else if (config->require_preauth || client->entry.flags.require_preauth - || server->flags.require_preauth) { + || server->entry.flags.require_preauth) { METHOD_DATA method_data; PA_DATA *pa; unsigned char *buf; @@ -1110,11 +1111,12 @@ _kdc_as_rep(krb5_context context, */ /* XXX check ret */ if (only_older_enctype_p(req)) - ret = get_pa_etype_info(context, config, &method_data, &client->entry, + ret = get_pa_etype_info(context, config, + &method_data, &client->entry, b->etype.val, b->etype.len); /* XXX check ret */ - ret = get_pa_etype_info2(context, config, &method_data, &client->entry, - b->etype.val, b->etype.len); + ret = get_pa_etype_info2(context, config, &method_data, + &client->entry, b->etype.val, b->etype.len); ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); @@ -1141,7 +1143,7 @@ _kdc_as_rep(krb5_context context, } ret = find_keys(context, config, - &client->entry, server, &ckey, &cetype, &skey, &setype, + client, server, &ckey, &cetype, &skey, &setype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server/client has no support for etypes"); @@ -1213,12 +1215,12 @@ _kdc_as_rep(krb5_context context, _krb5_principal2principalname(&rep.cname, client->entry.principal); rep.ticket.tkt_vno = 5; - copy_Realm(&server->principal->realm, &rep.ticket.realm); + copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, - server->principal); + server->entry.principal); et.flags.initial = 1; - if(client->entry.flags.forwardable && server->flags.forwardable) + if(client->entry.flags.forwardable && server->entry.flags.forwardable) et.flags.forwardable = f.forwardable; else if (f.forwardable) { ret = KRB5KDC_ERR_POLICY; @@ -1226,7 +1228,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be forwardable -- %s", client_name); goto out; } - if(client->entry.flags.proxiable && server->flags.proxiable) + if(client->entry.flags.proxiable && server->entry.flags.proxiable) et.flags.proxiable = f.proxiable; else if (f.proxiable) { ret = KRB5KDC_ERR_POLICY; @@ -1234,7 +1236,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be proxiable -- %s", client_name); goto out; } - if(client->entry.flags.postdate && server->flags.postdate) + if(client->entry.flags.postdate && server->entry.flags.postdate) et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ ret = KRB5KDC_ERR_POLICY; @@ -1274,8 +1276,8 @@ _kdc_as_rep(krb5_context context, if(client->entry.max_life) t = start + min(t - start, *client->entry.max_life); - if(server->max_life) - t = start + min(t - start, *server->max_life); + if(server->entry.max_life) + t = start + min(t - start, *server->entry.max_life); #if 0 t = min(t, start + realm->max_life); #endif @@ -1295,8 +1297,8 @@ _kdc_as_rep(krb5_context context, t = MAX_TIME; if(client->entry.max_renew) t = start + min(t - start, *client->entry.max_renew); - if(server->max_renew) - t = start + min(t - start, *server->max_renew); + if(server->entry.max_renew) + t = start + min(t - start, *server->entry.max_renew); #if 0 t = min(t, start + realm->max_renew); #endif @@ -1352,7 +1354,8 @@ _kdc_as_rep(krb5_context context, ALLOC(ek.key_expiration); if (client->entry.valid_end) { if (client->entry.pw_end) - *ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end); + *ek.key_expiration = min(*client->entry.valid_end, + *client->entry.pw_end); else *ek.key_expiration = *client->entry.valid_end; } else @@ -1415,7 +1418,7 @@ _kdc_as_rep(krb5_context context, et.endtime, et.renew_till); ret = encode_reply(context, config, - &rep, &et, &ek, setype, server->kvno, &skey->key, + &rep, &et, &ek, setype, server->entry.kvno, &skey->key, client->entry.kvno, reply_key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); @@ -1445,7 +1448,7 @@ _kdc_as_rep(krb5_context context, krb5_free_principal(context, server_princ); free(server_name); if(client) - _kdc_free_ent_ex(context, client); + _kdc_free_ent(context, client); if(server) _kdc_free_ent(context, server); return ret; @@ -1697,9 +1700,9 @@ tgs_make_reply(krb5_context context, AuthorizationData *auth_data, krb5_ticket *tgs_ticket, hdb_entry_ex *server, - hdb_entry *client, + hdb_entry_ex *client, krb5_principal client_principal, - hdb_entry *krbtgt, + hdb_entry_ex *krbtgt, EncryptionKey *tgtkey, krb5_enctype cetype, const char **e_text, @@ -1717,21 +1720,18 @@ tgs_make_reply(krb5_context context, if(adtkt) { int i; - krb5_keytype kt; ekey = &adtkt->key; - for(i = 0; i < b->etype.len; i++){ - ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt); - if(ret) - continue; - if(adtkt->key.keytype == kt) + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt->key.keytype) break; - } - if(i == b->etype.len) + if(i == b->etype.len) { + krb5_clear_error_string(context); return KRB5KDC_ERR_ETYPE_NOSUPP; + } etype = b->etype.val[i]; }else{ ret = find_keys(context, config, - NULL, &server->entry, NULL, NULL, &skey, &etype, + NULL, server, NULL, NULL, &skey, &etype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server has no support for etypes"); @@ -1786,7 +1786,7 @@ tgs_make_reply(krb5_context context, &tgt->transited, &et, *krb5_princ_realm(context, client_principal), *krb5_princ_realm(context, server->entry.principal), - *krb5_princ_realm(context, krbtgt->principal)); + *krb5_princ_realm(context, krbtgt->entry.principal)); if(ret) goto out; @@ -1807,8 +1807,8 @@ tgs_make_reply(krb5_context context, { time_t life; life = et.endtime - *et.starttime; - if(client && client->max_life) - life = min(life, *client->max_life); + if(client && client->entry.max_life) + life = min(life, *client->entry.max_life); if(server->entry.max_life) life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; @@ -1822,8 +1822,8 @@ tgs_make_reply(krb5_context context, if(et.renew_till){ time_t renew; renew = *et.renew_till - et.authtime; - if(client && client->max_renew) - renew = min(renew, *client->max_renew); + if(client && client->entry.max_renew) + renew = min(renew, *client->entry.max_renew); if(server->entry.max_renew) renew = min(renew, *server->entry.max_renew); *et.renew_till = et.authtime + renew; @@ -1902,8 +1902,8 @@ tgs_make_reply(krb5_context context, etype list, even if we don't want a session key with DES3? */ ret = encode_reply(context, config, - &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, ekey, - 0, &tgt->key, e_text, reply); + &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, + ekey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -2053,7 +2053,7 @@ tgs_rep2(krb5_context context, const char *e_text = NULL; krb5_crypto crypto; - hdb_entry *krbtgt = NULL; + hdb_entry_ex *krbtgt = NULL; EncTicketPart *tgt; Key *tkey; krb5_enctype cetype; @@ -2101,7 +2101,7 @@ tgs_rep2(krb5_context context, } if(ap_req.ticket.enc_part.kvno && - *ap_req.ticket.enc_part.kvno != krbtgt->kvno){ + *ap_req.ticket.enc_part.kvno != krbtgt->entry.kvno){ char *p; ret = krb5_unparse_name (context, princ, &p); @@ -2111,7 +2111,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, - krbtgt->kvno, + krbtgt->entry.kvno, p); if (ret == 0) free (p); @@ -2119,13 +2119,16 @@ tgs_rep2(krb5_context context, goto out2; } - ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey); + ret = hdb_enctype2key(context, &krbtgt->entry, + ap_req.ticket.enc_part.etype, &tkey); if(ret){ - char *str; + char *str, *p; krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); + krb5_unparse_name(context, princ, &p); kdc_log(context, config, 0, - "No server key found for %s", str); + "No server key with enctype %s found for %s", str, p); free(str); + free(p); ret = KRB5KRB_AP_ERR_BADKEYVER; goto out2; } @@ -2252,8 +2255,7 @@ tgs_rep2(krb5_context context, PrincipalName *s; Realm r; char *spn = NULL, *cpn = NULL; - hdb_entry_ex *server = NULL; - hdb_entry *client = NULL; + hdb_entry_ex *server = NULL, *client = NULL; int nloop = 0; EncTicketPart adtkt; char opt_str[128]; @@ -2262,7 +2264,7 @@ tgs_rep2(krb5_context context, r = b->realm; if(b->kdc_options.enc_tkt_in_skey){ Ticket *t; - hdb_entry *uu; + hdb_entry_ex *uu; krb5_principal p; Key *uukey; @@ -2288,13 +2290,15 @@ tgs_rep2(krb5_context context, ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = hdb_enctype2key(context, uu, t->enc_part.etype, &uukey); + ret = hdb_enctype2key(context, &uu->entry, + t->enc_part.etype, &uukey); if(ret){ + _kdc_free_ent(context, uu); ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ goto out; } ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); - + _kdc_free_ent(context, uu); if(ret) goto out; s = &adtkt.cname; @@ -2320,7 +2324,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "TGS-REQ %s from %s for %s", cpn, from, spn); server_lookup: - ret = _kdc_db_fetch_ex(context, config, sp, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server); if(ret){ const char *new_rlm; @@ -2386,9 +2390,9 @@ tgs_rep2(krb5_context context, #endif if(strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) { + krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) { char *tpn; - ret = krb5_unparse_name(context, krbtgt->principal, &tpn); + ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); kdc_log(context, config, 0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : "<unknown>"); @@ -2400,7 +2404,7 @@ tgs_rep2(krb5_context context, } ret = _kdc_check_flags(context, config, - client, cpn, + &client->entry, cpn, &server->entry, spn, FALSE); if(ret) @@ -2408,7 +2412,7 @@ tgs_rep2(krb5_context context, if((b->kdc_options.validate || b->kdc_options.renew) && !krb5_principal_compare(context, - krbtgt->principal, + krbtgt->entry.principal, server->entry.principal)){ kdc_log(context, config, 0, "Inconsistent request."); ret = KRB5KDC_ERR_SERVER_NOMATCH; @@ -2422,7 +2426,8 @@ tgs_rep2(krb5_context context, goto out; } - ret = tgs_make_reply(context, config, + ret = tgs_make_reply(context, + config, b, tgt, b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, @@ -2442,7 +2447,7 @@ tgs_rep2(krb5_context context, free(cpn); if(server) - _kdc_free_ent_ex(context, server); + _kdc_free_ent(context, server); if(client) _kdc_free_ent(context, client); } diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index b14bb50ea5..3027d32cfc 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.25 2005/06/30 01:53:48 lha Exp $"); +RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $"); struct timeval _kdc_now; @@ -41,16 +41,15 @@ krb5_error_code _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry **h) + hdb_entry_ex **h) { - hdb_entry *ent; + hdb_entry_ex *ent; krb5_error_code ret = HDB_ERR_NOENTRY; int i; ent = malloc (sizeof (*ent)); if (ent == NULL) return ENOMEM; - ent->principal = principal; for(i = 0; i < config->num_db; i++) { ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); @@ -76,65 +75,9 @@ _kdc_db_fetch(krb5_context context, } void -_kdc_free_ent(krb5_context context, hdb_entry *ent) +_kdc_free_ent(krb5_context context, hdb_entry_ex *ent) { hdb_free_entry (context, ent); free (ent); } -krb5_error_code -_kdc_db_fetch_ex(krb5_context context, - krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry_ex **h) -{ - hdb_entry_ex *ent; - krb5_error_code ret = HDB_ERR_NOENTRY; - int i; - - ent = malloc (sizeof (*ent)); - if (ent == NULL) - return ENOMEM; - memset(ent, '\0', sizeof(*ent)); - - ent->entry.principal = principal; - - for(i = 0; i < config->num_db; i++) { - ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); - if (ret) { - kdc_log(context, config, 0, "Failed to open database: %s", - krb5_get_err_text(context, ret)); - continue; - } - if (config->db[i]->hdb_fetch_ex) { - ret = config->db[i]->hdb_fetch_ex(context, - config->db[i], - HDB_F_DECRYPT, - principal, - ent_type, - ent); - } else { - ret = config->db[i]->hdb_fetch(context, - config->db[i], - HDB_F_DECRYPT, - principal, - ent_type, - &ent->entry); - } - config->db[i]->hdb_close(context, config->db[i]); - if(ret == 0) { - *h = ent; - return 0; - } - } - free(ent); - return ret; -} - -void -_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent) -{ - hdb_free_entry_ex (context, ent); - free (ent); -} - diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index aee1ee5b3f..921d2ebba6 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.63 2005/08/23 10:49:16 lha Exp $"); +RCSID("$Id: gen.c,v 1.64 2005/12/06 19:59:13 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -567,6 +567,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) i.type = TInteger; i.range = ⦥ i.members = NULL; + i.constraint = NULL; space(level); if(ASN1_TAILQ_EMPTY(t->members)) @@ -640,6 +641,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) i.type = TInteger; i.range = ⦥ i.members = NULL; + i.constraint = NULL; space(level); fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 858a669da1..0bf3cdafdb 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -247,9 +247,10 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); +RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); static Type *new_type (Typetype t); +static struct constraint_spec *new_constraint_spec(enum ctype); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (const char *); static struct objid *new_objid(const char *label, int value); @@ -277,7 +278,7 @@ struct string_list { #endif #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 64 "parse.y" +#line 65 "parse.y" typedef union YYSTYPE { int constant; struct value *value; @@ -290,9 +291,10 @@ typedef union YYSTYPE { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } YYSTYPE; /* Line 190 of yacc.c. */ -#line 296 "parse.c" +#line 298 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -304,7 +306,7 @@ typedef union YYSTYPE { /* Line 213 of yacc.c. */ -#line 308 "parse.c" +#line 310 "parse.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -406,16 +408,16 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 4 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 152 +#define YYLAST 168 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 61 +#define YYNNTS 67 /* YYNRULES -- Number of rules. */ -#define YYNRULES 120 +#define YYNRULES 130 /* YYNRULES -- Number of states. */ -#define YYNSTATES 181 +#define YYNSTATES 201 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -473,15 +475,16 @@ static const unsigned short int yyprhs[] = 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, 53, 55, 57, 61, 63, 67, 69, 71, 73, 75, 77, 79, 81, 83, 85, 87, 89, 91, 93, 95, - 97, 99, 101, 107, 109, 112, 117, 119, 123, 127, - 132, 137, 139, 142, 148, 151, 154, 156, 161, 165, - 169, 174, 178, 182, 187, 189, 191, 193, 195, 197, - 201, 206, 207, 209, 211, 213, 214, 216, 218, 223, - 225, 227, 229, 231, 233, 235, 237, 239, 243, 247, - 250, 252, 255, 259, 261, 265, 270, 272, 273, 277, - 278, 281, 286, 288, 290, 292, 294, 296, 298, 300, - 302, 304, 306, 308, 310, 312, 314, 316, 318, 320, - 322 + 97, 99, 101, 103, 109, 111, 114, 119, 121, 125, + 129, 134, 139, 141, 144, 150, 153, 156, 158, 163, + 167, 171, 176, 180, 184, 189, 191, 193, 195, 197, + 199, 202, 206, 208, 210, 212, 215, 219, 225, 230, + 234, 239, 240, 242, 244, 246, 247, 249, 251, 256, + 258, 260, 262, 264, 266, 268, 270, 272, 276, 280, + 283, 285, 288, 292, 294, 298, 303, 305, 306, 310, + 311, 314, 319, 321, 323, 325, 327, 329, 331, 333, + 335, 337, 339, 341, 343, 345, 347, 349, 351, 353, + 355 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ @@ -491,53 +494,57 @@ static const short int yyrhs[] = 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, -1, -1, 29, 39, -1, -1, 103, 107, -1, -1, 40, 104, 90, -1, -1, 105, -1, -1, 106, -1, - 105, 106, -1, 109, 32, 86, 144, -1, 108, -1, - 108, 107, -1, 110, -1, 136, -1, 86, 91, 109, + 105, 106, -1, 109, 32, 86, 150, -1, 108, -1, + 108, 107, -1, 110, -1, 142, -1, 86, 91, 109, -1, 86, -1, 86, 84, 111, -1, 112, -1, 129, - -1, 120, -1, 113, -1, 137, -1, 128, -1, 118, - -1, 115, -1, 123, -1, 121, -1, 122, -1, 124, - -1, 125, -1, 126, -1, 127, -1, 132, -1, 11, - -1, 92, 148, 83, 148, 93, -1, 43, -1, 43, - 114, -1, 43, 94, 116, 95, -1, 117, -1, 116, - 91, 117, -1, 116, 91, 85, -1, 86, 92, 156, - 93, -1, 25, 94, 119, 95, -1, 116, -1, 9, - 67, -1, 9, 67, 94, 142, 95, -1, 51, 37, - -1, 52, 67, -1, 49, -1, 64, 94, 139, 95, - -1, 64, 94, 95, -1, 64, 53, 111, -1, 65, - 94, 139, 95, -1, 65, 94, 95, -1, 65, 53, - 111, -1, 14, 94, 139, 95, -1, 130, -1, 131, - -1, 86, -1, 34, -1, 77, -1, 133, 135, 111, - -1, 96, 134, 89, 97, -1, -1, 76, -1, 6, - -1, 60, -1, -1, 27, -1, 38, -1, 86, 111, - 84, 148, -1, 138, -1, 33, -1, 78, -1, 61, - -1, 36, -1, 10, -1, 79, -1, 141, -1, 139, - 91, 141, -1, 139, 91, 85, -1, 86, 111, -1, - 140, -1, 140, 54, -1, 140, 20, 148, -1, 143, - -1, 142, 91, 143, -1, 86, 92, 89, 93, -1, - 145, -1, -1, 94, 146, 95, -1, -1, 147, 146, - -1, 86, 92, 89, 93, -1, 86, -1, 89, -1, - 149, -1, 150, -1, 154, -1, 153, -1, 155, -1, - 158, -1, 157, -1, 151, -1, 152, -1, 86, -1, - 88, -1, 71, -1, 31, -1, 156, -1, 89, -1, - 49, -1, 145, -1 + -1, 132, -1, 120, -1, 113, -1, 143, -1, 128, + -1, 118, -1, 115, -1, 123, -1, 121, -1, 122, + -1, 124, -1, 125, -1, 126, -1, 127, -1, 138, + -1, 11, -1, 92, 154, 83, 154, 93, -1, 43, + -1, 43, 114, -1, 43, 94, 116, 95, -1, 117, + -1, 116, 91, 117, -1, 116, 91, 85, -1, 86, + 92, 162, 93, -1, 25, 94, 119, 95, -1, 116, + -1, 9, 67, -1, 9, 67, 94, 148, 95, -1, + 51, 37, -1, 52, 67, -1, 49, -1, 64, 94, + 145, 95, -1, 64, 94, 95, -1, 64, 53, 111, + -1, 65, 94, 145, 95, -1, 65, 94, 95, -1, + 65, 53, 111, -1, 14, 94, 145, 95, -1, 130, + -1, 131, -1, 86, -1, 34, -1, 77, -1, 111, + 133, -1, 92, 134, 93, -1, 135, -1, 136, -1, + 137, -1, 19, 111, -1, 23, 12, 154, -1, 19, + 111, 23, 12, 154, -1, 18, 12, 94, 95, -1, + 139, 141, 111, -1, 96, 140, 89, 97, -1, -1, + 76, -1, 6, -1, 60, -1, -1, 27, -1, 38, + -1, 86, 111, 84, 154, -1, 144, -1, 33, -1, + 78, -1, 61, -1, 36, -1, 10, -1, 79, -1, + 147, -1, 145, 91, 147, -1, 145, 91, 85, -1, + 86, 111, -1, 146, -1, 146, 54, -1, 146, 20, + 154, -1, 149, -1, 148, 91, 149, -1, 86, 92, + 89, 93, -1, 151, -1, -1, 94, 152, 95, -1, + -1, 153, 152, -1, 86, 92, 89, 93, -1, 86, + -1, 89, -1, 155, -1, 156, -1, 160, -1, 159, + -1, 161, -1, 164, -1, 163, -1, 157, -1, 158, + -1, 86, -1, 88, -1, 71, -1, 31, -1, 162, + -1, 89, -1, 49, -1, 151, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const unsigned short int yyrline[] = { - 0, 222, 222, 229, 230, 232, 234, 237, 239, 242, - 243, 246, 247, 250, 251, 254, 255, 258, 269, 270, - 273, 274, 277, 283, 291, 301, 302, 305, 306, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 321, 328, 338, 343, 350, 358, 364, 369, 373, - 386, 394, 397, 404, 412, 418, 425, 432, 438, 446, - 454, 460, 468, 476, 483, 484, 487, 498, 503, 510, - 523, 532, 535, 539, 543, 550, 553, 557, 564, 575, - 578, 583, 588, 593, 598, 603, 611, 617, 622, 633, - 644, 650, 656, 664, 670, 677, 690, 691, 694, 701, - 704, 715, 719, 730, 736, 737, 740, 741, 742, 743, - 744, 747, 750, 753, 764, 772, 778, 786, 794, 797, - 802 + 0, 231, 231, 238, 239, 241, 243, 246, 248, 251, + 252, 255, 256, 259, 260, 263, 264, 267, 278, 279, + 282, 283, 286, 292, 300, 310, 311, 312, 315, 316, + 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 331, 338, 348, 353, 360, 368, 374, 379, + 383, 396, 404, 407, 414, 422, 428, 435, 442, 448, + 456, 464, 470, 478, 486, 493, 494, 497, 508, 513, + 520, 536, 541, 543, 544, 547, 553, 561, 571, 577, + 590, 599, 602, 606, 610, 617, 620, 624, 631, 642, + 645, 650, 655, 660, 665, 670, 678, 684, 689, 700, + 711, 717, 723, 731, 737, 744, 757, 758, 761, 768, + 771, 782, 786, 797, 803, 804, 807, 808, 809, 810, + 811, 814, 817, 820, 831, 839, 845, 853, 861, 864, + 869 }; #endif @@ -575,7 +582,9 @@ static const char *const yytname[] = "Enumerations", "BitStringType", "ObjectIdentifierType", "OctetStringType", "NullType", "SequenceType", "SequenceOfType", "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType", - "UsefulType", "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", + "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec", + "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint", + "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", "CharacterStringType", "RestrictedCharactedStringType", "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList", "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value", @@ -608,17 +617,18 @@ static const unsigned char yyr1[] = { 0, 98, 99, 100, 100, 100, 100, 101, 101, 102, 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, - 108, 108, 109, 109, 110, 111, 111, 112, 112, 112, + 108, 108, 109, 109, 110, 111, 111, 111, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, - 112, 113, 114, 115, 115, 115, 116, 116, 116, 117, - 118, 119, 120, 120, 121, 122, 123, 124, 124, 125, - 126, 126, 127, 128, 129, 129, 130, 131, 131, 132, - 133, 134, 134, 134, 134, 135, 135, 135, 136, 137, - 138, 138, 138, 138, 138, 138, 139, 139, 139, 140, - 141, 141, 141, 142, 142, 143, 144, 144, 145, 146, - 146, 147, 147, 147, 148, 148, 149, 149, 149, 149, - 149, 150, 151, 152, 153, 154, 154, 155, 156, 157, - 158 + 112, 112, 113, 114, 115, 115, 115, 116, 116, 116, + 117, 118, 119, 120, 120, 121, 122, 123, 124, 124, + 125, 126, 126, 127, 128, 129, 129, 130, 131, 131, + 132, 133, 134, 135, 135, 136, 136, 136, 137, 138, + 139, 140, 140, 140, 140, 141, 141, 141, 142, 143, + 144, 144, 144, 144, 144, 144, 145, 145, 145, 146, + 147, 147, 147, 148, 148, 149, 150, 150, 151, 152, + 152, 153, 153, 153, 154, 154, 155, 155, 155, 155, + 155, 156, 157, 158, 159, 160, 160, 161, 162, 163, + 164 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ @@ -628,9 +638,10 @@ static const unsigned char yyr2[] = 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 5, 1, 2, 4, 1, 3, 3, 4, - 4, 1, 2, 5, 2, 2, 1, 4, 3, 3, - 4, 3, 3, 4, 1, 1, 1, 1, 1, 3, + 1, 1, 1, 5, 1, 2, 4, 1, 3, 3, + 4, 4, 1, 2, 5, 2, 2, 1, 4, 3, + 3, 4, 3, 3, 4, 1, 1, 1, 1, 1, + 2, 3, 1, 1, 1, 2, 3, 5, 4, 3, 4, 0, 1, 1, 1, 0, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 2, 1, 2, 3, 1, 3, 4, 1, 0, 3, 0, @@ -647,72 +658,76 @@ static const unsigned char yydefact[] = 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, 23, 0, 13, 15, 0, 2, 0, 9, 18, 20, - 21, 0, 11, 16, 0, 0, 84, 41, 0, 0, - 80, 67, 83, 43, 56, 0, 0, 82, 0, 0, - 68, 81, 85, 0, 66, 71, 0, 25, 28, 32, - 31, 27, 34, 35, 33, 36, 37, 38, 39, 30, - 26, 64, 65, 40, 75, 29, 79, 19, 22, 97, - 52, 0, 0, 0, 0, 44, 54, 55, 0, 0, - 0, 0, 24, 73, 74, 72, 0, 0, 76, 77, - 0, 99, 17, 96, 0, 0, 0, 90, 86, 0, - 51, 46, 0, 116, 119, 115, 113, 114, 118, 120, - 0, 104, 105, 111, 112, 107, 106, 108, 117, 110, - 109, 0, 59, 58, 0, 62, 61, 0, 0, 78, - 69, 102, 103, 0, 99, 0, 0, 93, 89, 0, - 63, 0, 91, 0, 0, 50, 0, 45, 57, 60, - 70, 0, 98, 100, 0, 0, 53, 88, 87, 92, - 0, 48, 47, 0, 0, 0, 94, 49, 42, 101, - 95 + 21, 0, 11, 16, 0, 0, 94, 42, 0, 0, + 90, 68, 93, 44, 57, 0, 0, 92, 0, 0, + 69, 91, 95, 0, 67, 81, 0, 25, 29, 33, + 32, 28, 35, 36, 34, 37, 38, 39, 40, 31, + 26, 65, 66, 27, 41, 85, 30, 89, 19, 22, + 107, 53, 0, 0, 0, 0, 45, 55, 56, 0, + 0, 0, 0, 24, 83, 84, 82, 0, 0, 0, + 70, 86, 87, 0, 109, 17, 106, 0, 0, 0, + 100, 96, 0, 52, 47, 0, 126, 129, 125, 123, + 124, 128, 130, 0, 114, 115, 121, 122, 117, 116, + 118, 127, 120, 119, 0, 60, 59, 0, 63, 62, + 0, 0, 88, 0, 0, 0, 0, 72, 73, 74, + 79, 112, 113, 0, 109, 0, 0, 103, 99, 0, + 64, 0, 101, 0, 0, 51, 0, 46, 58, 61, + 80, 0, 75, 0, 71, 0, 108, 110, 0, 0, + 54, 98, 97, 102, 0, 49, 48, 0, 0, 0, + 76, 0, 0, 104, 50, 43, 78, 0, 111, 105, + 77 }; /* YYDEFGOTO[NTERM-NUM]. */ static const short int yydefgoto[] = { -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, - 28, 24, 29, 56, 57, 58, 85, 59, 110, 111, - 60, 112, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 96, 100, 30, 75, - 76, 106, 107, 108, 146, 147, 102, 119, 143, 144, - 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, - 130 + 28, 24, 29, 56, 57, 58, 86, 59, 113, 114, + 60, 115, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 100, 146, 147, 148, 149, + 74, 75, 97, 103, 30, 76, 77, 109, 110, 111, + 156, 157, 105, 122, 153, 154, 123, 124, 125, 126, + 127, 128, 129, 130, 131, 132, 133 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -94 -static const yysigned_char yypact[] = +#define YYPACT_NINF -99 +static const short int yypact[] = { - -49, 5, 60, 3, -94, -6, 1, 10, 43, -94, - -94, -94, 42, -2, -94, 76, -33, 0, 64, 4, - 7, 9, 0, -94, 61, -94, -9, -94, 4, -94, - -94, 0, -94, -94, 14, 28, -94, -94, 12, 13, - -94, -94, -94, -56, -94, 66, 41, -94, -50, -47, - -94, -94, -94, 40, -94, 2, 25, -94, -94, -94, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -94, -94, -94, -18, -94, -94, -94, -94, 16, - 17, 26, 27, 8, 27, -94, -94, -94, 40, -73, - 40, -72, -94, -94, -94, -94, 34, 8, -94, -94, - 40, -41, -94, -94, 29, 40, -80, -8, -94, 22, - 30, -94, 21, -94, -94, -94, -94, -94, -94, -94, - 44, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -74, -94, -94, -63, -94, -94, -62, 31, -94, - -94, 33, -94, 35, -41, 37, -60, -94, -94, -67, - -94, 8, -94, 45, -19, -94, 8, -94, -94, -94, - -94, 46, -94, -94, 49, 29, -94, -94, -94, -94, - 38, -94, -94, 47, 48, 50, -94, -94, -94, -94, - -94 + -46, 20, 13, 21, -99, 11, 23, 25, 54, -99, + -99, -99, 58, 6, -99, 90, -34, 15, 80, 19, + 16, 18, 15, -99, 74, -99, -7, -99, 19, -99, + -99, 15, -99, -99, 24, 42, -99, -99, 17, 26, + -99, -99, -99, -73, -99, 76, 50, -99, -45, -44, + -99, -99, -99, 51, -99, 4, -67, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -16, -99, -99, -99, -99, + 27, 28, 33, 37, 47, 37, -99, -99, -99, 51, + -72, 51, -71, 22, -99, -99, -99, 35, 47, 12, + -99, -99, -99, 51, 2, -99, -99, 39, 51, -75, + -8, -99, 34, 36, -99, 43, -99, -99, -99, -99, + -99, -99, -99, 48, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -57, 22, -99, -48, 22, -99, + -22, 45, -99, 120, 51, 122, 46, -99, -99, -99, + 22, 52, -99, 53, 2, 57, -9, -99, 22, -53, + -99, 47, -99, 56, -19, -99, 47, -99, -99, -99, + -99, 49, -18, 47, -99, 61, -99, -99, 62, 39, + -99, -99, -99, -99, 59, -99, -99, 60, 63, 128, + -99, 64, 66, -99, -99, -99, -99, 47, -99, -99, + -99 }; /* YYPGOTO[NTERM-NUM]. */ static const yysigned_char yypgoto[] = { - -94, -94, -94, -94, -94, -94, -94, -94, 102, 105, - -94, 108, -94, 32, -94, -94, -94, -94, 58, -10, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -30, -94, -4, -94, -17, -94, 67, 6, -94, - -93, -94, -94, -94, -94, -94, -94, -94, -1, -94, - -94 + -99, -99, -99, -99, -99, -99, -99, -99, 124, 126, + -99, 125, -99, -52, -99, -99, -99, -99, 70, -4, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -37, -99, 3, + -99, -15, -99, 81, 9, -99, -98, -99, -99, -99, + -99, -99, -99, -99, 5, -99, -99 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If @@ -722,42 +737,44 @@ static const yysigned_char yypgoto[] = #define YYTABLE_NINF -13 static const short int yytable[] = { - 35, 36, 37, 88, 139, 38, 90, 17, 93, 98, - 5, 149, 151, 105, 105, 150, 39, 154, 167, 105, - 99, 157, 133, 136, 40, 41, 3, 42, 149, 149, - 6, 165, 158, 159, 43, 166, 83, 1, 84, 113, - 44, 7, 45, 46, 89, 141, 152, 91, 142, 35, - 36, 37, 47, -12, 38, 48, 49, 114, 169, 134, - 4, 137, 94, 173, 9, 39, 171, 109, 50, 51, - 52, 10, 12, 40, 41, 53, 42, 54, 95, 115, - 11, 14, 15, 43, 16, 92, 20, 55, 25, 44, - 26, 45, 46, 34, 116, 80, 117, 118, 31, 32, - 79, 47, 101, 86, 48, 49, 81, 82, 87, 97, - 101, 104, 105, 109, 153, 145, 155, 50, 51, 52, - 132, 154, 135, 138, 33, 161, 54, 156, 160, 164, - 162, 177, 140, 77, 118, 174, 55, 148, 175, 78, - 178, 179, 131, 180, 172, 168, 103, 0, 176, 0, - 163, 0, 170 + 142, 93, 35, 36, 37, 189, 17, 38, 89, 91, + 94, 101, 161, 4, 108, 108, 159, 98, 39, 84, + 160, 85, 102, 136, 139, 99, 40, 41, 5, 42, + 143, 144, 181, 108, 164, 145, 43, 135, 167, 138, + 1, 3, 44, 159, 45, 46, 162, 168, 6, 90, + 92, 150, -12, 137, 47, 140, 158, 48, 49, 7, + 35, 36, 37, 183, 95, 38, 185, 112, 187, 159, + 50, 51, 52, 169, 99, 190, 39, 53, 116, 54, + 96, 9, 179, 12, 40, 41, 180, 42, 151, 55, + 15, 152, 172, 10, 43, 11, 117, 14, 16, 200, + 44, 20, 45, 46, 25, 26, 34, 31, 32, 81, + 80, 82, 47, 87, 99, 48, 49, 88, 118, 108, + 83, 104, 107, 112, 141, 155, 163, 164, 50, 51, + 52, 166, 171, 119, 173, 120, 121, 54, 165, 174, + 197, 104, 170, 188, 175, 121, 33, 55, 176, 178, + 191, 192, 194, 195, 78, 134, 79, 198, 196, 199, + 186, 106, 182, 177, 193, 0, 0, 0, 184 }; static const short int yycheck[] = { - 9, 10, 11, 53, 97, 14, 53, 40, 6, 27, - 7, 91, 20, 86, 86, 95, 25, 91, 85, 86, - 38, 95, 95, 95, 33, 34, 21, 36, 91, 91, - 27, 91, 95, 95, 43, 95, 92, 86, 94, 31, - 49, 38, 51, 52, 94, 86, 54, 94, 89, 9, - 10, 11, 61, 86, 14, 64, 65, 49, 151, 89, - 0, 91, 60, 156, 70, 25, 85, 86, 77, 78, - 79, 70, 29, 33, 34, 84, 36, 86, 76, 71, - 70, 39, 84, 43, 8, 53, 86, 96, 24, 49, - 86, 51, 52, 32, 86, 67, 88, 89, 91, 90, - 86, 61, 94, 37, 64, 65, 94, 94, 67, 84, - 94, 94, 86, 86, 92, 86, 95, 77, 78, 79, - 88, 91, 90, 89, 22, 92, 86, 83, 97, 92, - 95, 93, 100, 28, 89, 89, 96, 105, 89, 31, - 93, 93, 84, 93, 154, 149, 79, -1, 165, -1, - 144, -1, 153 + 98, 53, 9, 10, 11, 23, 40, 14, 53, 53, + 6, 27, 20, 0, 86, 86, 91, 84, 25, 92, + 95, 94, 38, 95, 95, 92, 33, 34, 7, 36, + 18, 19, 85, 86, 91, 23, 43, 89, 95, 91, + 86, 21, 49, 91, 51, 52, 54, 95, 27, 94, + 94, 103, 86, 90, 61, 92, 108, 64, 65, 38, + 9, 10, 11, 161, 60, 14, 85, 86, 166, 91, + 77, 78, 79, 95, 92, 173, 25, 84, 31, 86, + 76, 70, 91, 29, 33, 34, 95, 36, 86, 96, + 84, 89, 144, 70, 43, 70, 49, 39, 8, 197, + 49, 86, 51, 52, 24, 86, 32, 91, 90, 67, + 86, 94, 61, 37, 92, 64, 65, 67, 71, 86, + 94, 94, 94, 86, 89, 86, 92, 91, 77, 78, + 79, 83, 12, 86, 12, 88, 89, 86, 95, 93, + 12, 94, 97, 94, 92, 89, 22, 96, 95, 92, + 89, 89, 93, 93, 28, 85, 31, 93, 95, 93, + 164, 80, 159, 154, 179, -1, -1, -1, 163 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing @@ -767,22 +784,24 @@ static const unsigned char yystos[] = 0, 86, 99, 21, 0, 7, 27, 38, 100, 70, 70, 70, 29, 101, 39, 84, 8, 40, 102, 103, 86, 104, 105, 106, 109, 24, 86, 107, 108, 110, - 136, 91, 90, 106, 32, 9, 10, 11, 14, 25, + 142, 91, 90, 106, 32, 9, 10, 11, 14, 25, 33, 34, 36, 43, 49, 51, 52, 61, 64, 65, 77, 78, 79, 84, 86, 96, 111, 112, 113, 115, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 130, 131, 132, 133, 137, 138, 107, 109, 86, - 67, 94, 94, 92, 94, 114, 37, 67, 53, 94, - 53, 94, 111, 6, 60, 76, 134, 84, 27, 38, - 135, 94, 144, 145, 94, 86, 139, 140, 141, 86, - 116, 117, 119, 31, 49, 71, 86, 88, 89, 145, - 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, - 158, 116, 111, 95, 139, 111, 95, 139, 89, 148, - 111, 86, 89, 146, 147, 86, 142, 143, 111, 91, + 129, 130, 131, 132, 138, 139, 143, 144, 107, 109, + 86, 67, 94, 94, 92, 94, 114, 37, 67, 53, + 94, 53, 94, 111, 6, 60, 76, 140, 84, 92, + 133, 27, 38, 141, 94, 150, 151, 94, 86, 145, + 146, 147, 86, 116, 117, 119, 31, 49, 71, 86, + 88, 89, 151, 154, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 116, 111, 95, 145, 111, 95, + 145, 89, 154, 18, 19, 23, 134, 135, 136, 137, + 111, 86, 89, 152, 153, 86, 148, 149, 111, 91, 95, 20, 54, 92, 91, 95, 83, 95, 95, 95, - 97, 92, 95, 146, 92, 91, 95, 85, 141, 148, - 156, 85, 117, 148, 89, 89, 143, 93, 93, 93, - 93 + 97, 12, 111, 12, 93, 92, 95, 152, 92, 91, + 95, 85, 147, 154, 162, 85, 117, 154, 94, 23, + 154, 89, 89, 149, 93, 93, 95, 12, 93, 93, + 154 }; #if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) @@ -1423,29 +1442,29 @@ yyreduce: switch (yyn) { case 2: -#line 224 "parse.y" +#line 233 "parse.y" { checkundefined(); } break; case 4: -#line 231 "parse.y" +#line 240 "parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 233 "parse.y" +#line 242 "parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 238 "parse.y" +#line 247 "parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 259 "parse.y" +#line 268 "parse.y" { struct string_list *sl; for(sl = (yyvsp[-3].sl); sl != NULL; sl = sl->next) { @@ -1457,7 +1476,7 @@ yyreduce: break; case 22: -#line 278 "parse.y" +#line 287 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[-2].name); @@ -1466,7 +1485,7 @@ yyreduce: break; case 23: -#line 284 "parse.y" +#line 293 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[0].name); @@ -1475,7 +1494,7 @@ yyreduce: break; case 24: -#line 292 "parse.y" +#line 301 "parse.y" { Symbol *s = addsym ((yyvsp[-2].name)); s->stype = Stype; @@ -1485,16 +1504,16 @@ yyreduce: } break; - case 41: -#line 322 "parse.y" + case 42: +#line 332 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } break; - case 42: -#line 329 "parse.y" + case 43: +#line 339 "parse.y" { if((yyvsp[-3].value)->type != integervalue || (yyvsp[-1].value)->type != integervalue) @@ -1504,16 +1523,16 @@ yyreduce: } break; - case 43: -#line 339 "parse.y" + case 44: +#line 349 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; - case 44: -#line 344 "parse.y" + case 45: +#line 354 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); @@ -1522,8 +1541,8 @@ yyreduce: } break; - case 45: -#line 351 "parse.y" + case 46: +#line 361 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[-1].members); @@ -1531,8 +1550,8 @@ yyreduce: } break; - case 46: -#line 359 "parse.y" + case 47: +#line 369 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1540,21 +1559,21 @@ yyreduce: } break; - case 47: -#line 365 "parse.y" + case 48: +#line 375 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 48: -#line 370 "parse.y" + case 49: +#line 380 "parse.y" { (yyval.members) = (yyvsp[-2].members); } break; - case 49: -#line 374 "parse.y" + case 50: +#line 384 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -1567,8 +1586,8 @@ yyreduce: } break; - case 50: -#line 387 "parse.y" + case 51: +#line 397 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[-1].members); @@ -1576,8 +1595,8 @@ yyreduce: } break; - case 52: -#line 398 "parse.y" + case 53: +#line 408 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1586,8 +1605,8 @@ yyreduce: } break; - case 53: -#line 405 "parse.y" + case 54: +#line 415 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[-1].members); @@ -1595,32 +1614,32 @@ yyreduce: } break; - case 54: -#line 413 "parse.y" + case 55: +#line 423 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; - case 55: -#line 419 "parse.y" + case 56: +#line 429 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, new_type(TOctetString)); } break; - case 56: -#line 426 "parse.y" + case 57: +#line 436 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; - case 57: -#line 433 "parse.y" + case 58: +#line 443 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[-1].members); @@ -1628,8 +1647,8 @@ yyreduce: } break; - case 58: -#line 439 "parse.y" + case 59: +#line 449 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -1637,8 +1656,8 @@ yyreduce: } break; - case 59: -#line 447 "parse.y" + case 60: +#line 457 "parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->subtype = (yyvsp[0].type); @@ -1646,8 +1665,8 @@ yyreduce: } break; - case 60: -#line 455 "parse.y" + case 61: +#line 465 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[-1].members); @@ -1655,8 +1674,8 @@ yyreduce: } break; - case 61: -#line 461 "parse.y" + case 62: +#line 471 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -1664,8 +1683,8 @@ yyreduce: } break; - case 62: -#line 469 "parse.y" + case 63: +#line 479 "parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[0].type); @@ -1673,16 +1692,16 @@ yyreduce: } break; - case 63: -#line 477 "parse.y" + case 64: +#line 487 "parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[-1].members); } break; - case 66: -#line 488 "parse.y" + case 67: +#line 498 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); (yyval.type) = new_type(TType); @@ -1693,24 +1712,85 @@ yyreduce: } break; - case 67: -#line 499 "parse.y" + case 68: +#line 509 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; - case 68: -#line 504 "parse.y" + case 69: +#line 514 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; - case 69: -#line 511 "parse.y" + case 70: +#line 521 "parse.y" + { + /* if (Constraint.type == contentConstrant) { + assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too + if (Constraint.u.constraint.type) { + assert((Constraint.u.constraint.type.length % 8) == 0); + } + } + if (Constraint.u.constraint.encoding) { + type == der-oid|ber-oid + } + */ + } + break; + + case 71: +#line 537 "parse.y" + { + (yyval.constraint_spec) = (yyvsp[-1].constraint_spec); + } + break; + + case 75: +#line 548 "parse.y" + { + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = (yyvsp[0].type); + (yyval.constraint_spec)->u.content.encoding = NULL; + } + break; + + case 76: +#line 554 "parse.y" + { + if ((yyvsp[0].value)->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = NULL; + (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + } + break; + + case 77: +#line 562 "parse.y" + { + if ((yyvsp[0].value)->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = (yyvsp[-3].type); + (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + } + break; + + case 78: +#line 572 "parse.y" + { + (yyval.constraint_spec) = new_constraint_spec(CT_USER); + } + break; + + case 79: +#line 578 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[-2].tag); @@ -1723,8 +1803,8 @@ yyreduce: } break; - case 70: -#line 524 "parse.y" + case 80: +#line 591 "parse.y" { (yyval.tag).tagclass = (yyvsp[-2].constant); (yyval.tag).tagvalue = (yyvsp[-1].constant); @@ -1732,57 +1812,57 @@ yyreduce: } break; - case 71: -#line 532 "parse.y" + case 81: +#line 599 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; - case 72: -#line 536 "parse.y" + case 82: +#line 603 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; - case 73: -#line 540 "parse.y" + case 83: +#line 607 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; - case 74: -#line 544 "parse.y" + case 84: +#line 611 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; - case 75: -#line 550 "parse.y" + case 85: +#line 617 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 76: -#line 554 "parse.y" + case 86: +#line 621 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 77: -#line 558 "parse.y" + case 87: +#line 625 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; - case 78: -#line 565 "parse.y" + case 88: +#line 632 "parse.y" { Symbol *s; s = addsym ((yyvsp[-3].name)); @@ -1793,56 +1873,56 @@ yyreduce: } break; - case 80: -#line 579 "parse.y" + case 90: +#line 646 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; - case 81: -#line 584 "parse.y" + case 91: +#line 651 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } break; - case 82: -#line 589 "parse.y" + case 92: +#line 656 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } break; - case 83: -#line 594 "parse.y" + case 93: +#line 661 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } break; - case 84: -#line 599 "parse.y" + case 94: +#line 666 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } break; - case 85: -#line 604 "parse.y" + case 95: +#line 671 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; - case 86: -#line 612 "parse.y" + case 96: +#line 679 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1850,16 +1930,16 @@ yyreduce: } break; - case 87: -#line 618 "parse.y" + case 97: +#line 685 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 88: -#line 623 "parse.y" + case 98: +#line 690 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -1870,8 +1950,8 @@ yyreduce: } break; - case 89: -#line 634 "parse.y" + case 99: +#line 701 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-1].name); @@ -1882,8 +1962,8 @@ yyreduce: } break; - case 90: -#line 645 "parse.y" + case 100: +#line 712 "parse.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->optional = 0; @@ -1891,8 +1971,8 @@ yyreduce: } break; - case 91: -#line 651 "parse.y" + case 101: +#line 718 "parse.y" { (yyval.member) = (yyvsp[-1].member); (yyval.member)->optional = 1; @@ -1900,8 +1980,8 @@ yyreduce: } break; - case 92: -#line 657 "parse.y" + case 102: +#line 724 "parse.y" { (yyval.member) = (yyvsp[-2].member); (yyval.member)->optional = 0; @@ -1909,8 +1989,8 @@ yyreduce: } break; - case 93: -#line 665 "parse.y" + case 103: +#line 732 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1918,16 +1998,16 @@ yyreduce: } break; - case 94: -#line 671 "parse.y" + case 104: +#line 738 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 95: -#line 678 "parse.y" + case 105: +#line 745 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -1940,27 +2020,27 @@ yyreduce: } break; - case 97: -#line 691 "parse.y" + case 107: +#line 758 "parse.y" { (yyval.objid) = NULL; } break; - case 98: -#line 695 "parse.y" + case 108: +#line 762 "parse.y" { (yyval.objid) = (yyvsp[-1].objid); } break; - case 99: -#line 701 "parse.y" + case 109: +#line 768 "parse.y" { (yyval.objid) = NULL; } break; - case 100: -#line 705 "parse.y" + case 110: +#line 772 "parse.y" { if ((yyvsp[0].objid)) { (yyval.objid) = (yyvsp[0].objid); @@ -1971,15 +2051,15 @@ yyreduce: } break; - case 101: -#line 716 "parse.y" + case 111: +#line 783 "parse.y" { (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); } break; - case 102: -#line 720 "parse.y" + case 112: +#line 787 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue || @@ -1992,15 +2072,15 @@ yyreduce: } break; - case 103: -#line 731 "parse.y" + case 113: +#line 798 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); } break; - case 113: -#line 754 "parse.y" + case 123: +#line 821 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue) @@ -2011,8 +2091,8 @@ yyreduce: } break; - case 114: -#line 765 "parse.y" + case 124: +#line 832 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2020,8 +2100,8 @@ yyreduce: } break; - case 115: -#line 773 "parse.y" + case 125: +#line 840 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2029,8 +2109,8 @@ yyreduce: } break; - case 116: -#line 779 "parse.y" + case 126: +#line 846 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2038,8 +2118,8 @@ yyreduce: } break; - case 117: -#line 787 "parse.y" + case 127: +#line 854 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2047,14 +2127,14 @@ yyreduce: } break; - case 119: -#line 798 "parse.y" + case 129: +#line 865 "parse.y" { } break; - case 120: -#line 803 "parse.y" + case 130: +#line 870 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2066,7 +2146,7 @@ yyreduce: } /* Line 1037 of yacc.c. */ -#line 2070 "parse.c" +#line 2150 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2294,7 +2374,7 @@ yyreturn: } -#line 810 "parse.y" +#line 877 "parse.y" void @@ -2349,6 +2429,14 @@ new_type (Typetype tt) return t; } +static struct constraint_spec * +new_constraint_spec(enum ctype ct) +{ + struct constraint_spec *c = ecalloc(1, sizeof(*c)); + c->ctype = ct; + return c; +} + static void fix_labels2(Type *t, const char *prefix); static void fix_labels1(struct memhead *members, const char *prefix) { diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 76ff8755c9..5cc1342618 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -210,7 +210,7 @@ #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 64 "parse.y" +#line 65 "parse.y" typedef union YYSTYPE { int constant; struct value *value; @@ -223,9 +223,10 @@ typedef union YYSTYPE { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } YYSTYPE; /* Line 1318 of yacc.c. */ -#line 229 "parse.h" +#line 230 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index 83df57b77f..93a6e019bd 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h,v 1.12 2005/07/12 06:27:40 lha Exp $ */ +/* $Id: symbol.h,v 1.13 2005/12/06 19:59:52 lha Exp $ */ #ifndef _SYMBOL_H #define _SYMBOL_H @@ -111,6 +111,10 @@ struct range { int max; }; +enum ctype { CT_CONTENTS, CT_USER } ; + +struct constraint_spec; + struct type { Typetype type; struct memhead *members; @@ -118,10 +122,21 @@ struct type { struct type *subtype; struct tagtype tag; struct range *range; + struct constraint_spec *constraint; }; typedef struct type Type; +struct constraint_spec { + enum ctype ctype; + union { + struct { + Type *type; + struct value *encoding; + } content; + } u; +}; + struct objid { const char *label; int value; diff --git a/source4/heimdal/lib/gssapi/context_time.c b/source4/heimdal/lib/gssapi/context_time.c index e13480c85e..ee1dc6fe93 100644 --- a/source4/heimdal/lib/gssapi/context_time.c +++ b/source4/heimdal/lib/gssapi/context_time.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: context_time.c,v 1.10 2003/06/03 15:08:00 lha Exp $"); +RCSID("$Id: context_time.c,v 1.11 2005/12/05 09:19:52 lha Exp $"); OM_uint32 gssapi_lifetime_left(OM_uint32 *minor_status, @@ -43,6 +43,11 @@ gssapi_lifetime_left(OM_uint32 *minor_status, krb5_timestamp timeret; krb5_error_code kret; + if (lifetime == 0) { + *lifetime_rec = GSS_C_INDEFINITE; + return GSS_S_COMPLETE; + } + kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { *minor_status = kret; diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 20700dc826..b93ad4e481 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.38 2005/10/26 11:22:13 lha Exp $ */ +/* $Id: gssapi.h,v 1.39 2005/12/05 11:52:45 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 4cc0218a5c..4b4e6e673d 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $"); +RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $"); #if HAVE_DB1 @@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db) static krb5_error_code DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int flag) + unsigned flags, hdb_entry_ex *entry, int flag) { DB *d = (DB*)db->hdb_db; DBT key, value; @@ -106,21 +106,22 @@ DB_seq(krb5_context context, HDB *db, key_data.length = key.size; data.data = value.data; data.length = value.size; - if (hdb_value2entry(context, &data, entry)) + memset(entry, 0, sizeof(*entry)); + if (hdb_value2entry(context, &data, &entry->entry)) return DB_seq(context, db, flags, entry, R_NEXT); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, entry); + code = hdb_unseal_keys (context, db, &entry->entry); if (code) hdb_free_entry (context, entry); } - if (code == 0 && entry->principal == NULL) { - entry->principal = malloc(sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (code == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc(sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; hdb_free_entry (context, entry); } else { - hdb_key2principal(context, &key_data, entry->principal); + hdb_key2principal(context, &key_data, entry->entry.principal); } } return code; @@ -128,14 +129,14 @@ DB_seq(krb5_context context, HDB *db, static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_FIRST); } static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_NEXT); } diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h index 7baa944053..e602f01373 100644 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -11,7 +11,7 @@ _hdb_fetch ( unsigned /*flags*/, krb5_const_principal /*principal*/, enum hdb_ent_type /*ent_type*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); hdb_master_key _hdb_find_master_key ( @@ -43,13 +43,13 @@ krb5_error_code _hdb_remove ( krb5_context /*context*/, HDB */*db*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); krb5_error_code _hdb_store ( krb5_context /*context*/, HDB */*db*/, unsigned /*flags*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); #endif /* __hdb_private_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 4b5b4d3ede..c221175e41 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -428,11 +428,6 @@ hdb_foreach ( void hdb_free_entry ( krb5_context /*context*/, - hdb_entry */*ent*/); - -void -hdb_free_entry_ex ( - krb5_context /*context*/, hdb_entry_ex */*ent*/); void @@ -477,12 +472,25 @@ hdb_key2principal ( krb5_principal /*p*/); krb5_error_code +hdb_ldap_common ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*search_base*/, + const char */*url*/); + +krb5_error_code hdb_ldap_create ( krb5_context /*context*/, HDB ** /*db*/, const char */*arg*/); krb5_error_code +hdb_ldapi_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + +krb5_error_code hdb_list_builtin ( krb5_context /*context*/, char **/*list*/); @@ -515,7 +523,7 @@ krb5_error_code hdb_print_entry ( krb5_context /*context*/, HDB */*db*/, - hdb_entry */*entry*/, + hdb_entry_ex */*entry*/, void */*data*/); krb5_error_code @@ -614,9 +622,6 @@ hdb_write_master_key ( hdb_master_key /*mkey*/); void -initialize_hdb_error_table (void); - -void initialize_hdb_error_table_r (struct et_list **/*list*/); HDBFlags diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index df342ffadf..5631d05332 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.59 2005/11/30 12:22:09 lha Exp $"); +RCSID("$Id: hdb.c,v 1.60 2005/12/12 12:35:36 lha Exp $"); #ifdef HAVE_DLFCN_H #include <dlfcn.h> @@ -133,25 +133,18 @@ hdb_unlock(int fd) } void -hdb_free_entry(krb5_context context, hdb_entry *ent) +hdb_free_entry(krb5_context context, hdb_entry_ex *ent) { int i; - for(i = 0; i < ent->keys.len; ++i) { - Key *k = &ent->keys.val[i]; + if (ent->free_entry) + (*ent->free_entry)(context, ent); - memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); - } - free_hdb_entry(ent); -} + for(i = 0; i < ent->entry.keys.len; ++i) { + Key *k = &ent->entry.keys.val[i]; -void -hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent) -{ - if (ent->free_private) { - ent->free_private(context, ent); + memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); } - free_hdb_entry(&ent->entry); } @@ -163,7 +156,7 @@ hdb_foreach(krb5_context context, void *data) { krb5_error_code ret; - hdb_entry entry; + hdb_entry_ex entry; ret = db->hdb_firstkey(context, db, flags, &entry); while(ret == 0){ ret = (*func)(context, db, &entry, data); diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 45ea5a9f30..463cbf71f2 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h,v 1.35 2005/08/11 13:16:44 lha Exp $ */ +/* $Id: hdb.h,v 1.36 2005/12/12 12:35:36 lha Exp $ */ #ifndef __HDB_H__ #define __HDB_H__ @@ -55,27 +55,30 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; typedef struct hdb_master_key_data *hdb_master_key; typedef struct hdb_entry_ex { - struct hdb_entry entry; - void *private; - - krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); - krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); - krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, - METHOD_DATA* pa_data_seq, - time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *sessionkey, - AuthorizationData **out); - krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, - krb5_principal client, - AuthorizationData *in, - time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *servicekey, - EncryptionKey *sessionkey, - AuthorizationData **out); + void *ctx; + hdb_entry entry; + void (*free_entry)(krb5_context, struct hdb_entry_ex *); + krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, + HostAddresses *); + krb5_error_code (*authz_data_as_req)(krb5_context, + struct hdb_entry_ex *, + METHOD_DATA* pa_data_seq, + time_t authtime, + EncryptionKey *tgtkey, + EncryptionKey *sessionkey, + AuthorizationData **out); + krb5_error_code (*authz_data_tgs_req)(krb5_context, + struct hdb_entry_ex *, + krb5_principal client, + AuthorizationData *in, + time_t authtime, + EncryptionKey *tgtkey, + EncryptionKey *servicekey, + EncryptionKey *sessionkey, + AuthorizationData **out); } hdb_entry_ex; + typedef struct HDB{ void *hdb_db; void *hdb_dbc; @@ -86,16 +89,17 @@ typedef struct HDB{ krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); krb5_error_code (*hdb_close)(krb5_context, struct HDB*); - krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, - enum hdb_ent_type ent_type, hdb_entry*); - krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, + void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*); + krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, + krb5_const_principal principal, enum hdb_ent_type ent_type, hdb_entry_ex*); - krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); - krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); - krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); - krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); + krb5_error_code (*hdb_store)(krb5_context,struct HDB*, + unsigned,hdb_entry_ex*); + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*); + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); @@ -119,7 +123,7 @@ struct hdb_so_method { #define HDB_DB_FORMAT_ENTRY "hdb/db-format" typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, - hdb_entry*, void*); + hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; #include <hdb-protos.h> diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 793d03829d..f4c2497abc 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c,v 1.36 2005/11/28 23:31:36 lha Exp $"); +RCSID("$Id: ndbm.c,v 1.38 2005/12/13 11:54:10 lha Exp $"); #if HAVE_NDBM @@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db) static krb5_error_code NDBM_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int first) + unsigned flags, hdb_entry_ex *entry, int first) { struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; @@ -99,21 +99,22 @@ NDBM_seq(krb5_context context, HDB *db, db->hdb_unlock(context, db); data.data = value.dptr; data.length = value.dsize; - if(hdb_value2entry(context, &data, entry)) + memset(entry, 0, sizeof(*entry)); + if(hdb_value2entry(context, &data, &entry->entry)) return NDBM_seq(context, db, flags, entry, 0); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys (context, db, entry); + ret = hdb_unseal_keys (context, db, &entry->entry); if (ret) hdb_free_entry (context, entry); } - if (entry->principal == NULL) { - entry->principal = malloc (sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (ret == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc (sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { ret = ENOMEM; hdb_free_entry (context, entry); krb5_set_error_string(context, "malloc: out of memory"); } else { - hdb_key2principal (context, &key_data, entry->principal); + hdb_key2principal (context, &key_data, entry->entry.principal); } } return ret; @@ -121,14 +122,14 @@ NDBM_seq(krb5_context context, HDB *db, static krb5_error_code -NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 1); } static krb5_error_code -NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 0); } @@ -339,8 +340,6 @@ hdb_ndbm_create(krb5_context context, HDB **db, return ENOMEM; } - memset(*db, '\0', sizeof(**db)); - (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 0c821cb11d..efb2ad1374 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.76 2005/11/29 09:10:47 lha Exp $"); +RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -358,14 +358,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", "default_cc_name", NULL); - if (e) { - ret = _krb5_expand_default_cc_name(context, e, &p); - if (ret) - return ret; - } + if (e == NULL) + e = KRB5_DEFAULT_CCNAME; + ret = _krb5_expand_default_cc_name(context, e, &p); + if (ret) + return ret; } - if (e == NULL) - asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); } else p = strdup(name); diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index c3cd6d4db9..7907e1ad9c 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $"); +RCSID("$Id: changepw.c,v 1.55 2005/12/12 12:48:57 lha Exp $"); static void str2data (krb5_data *d, @@ -522,7 +522,12 @@ change_password_loop (krb5_context context, int sock; int i; int done = 0; - krb5_realm realm = creds->client->realm; + krb5_realm realm; + + if (targprinc) + realm = targprinc->realm; + else + realm = creds->client->realm; ret = krb5_auth_con_init (context, &auth_context); if (ret) @@ -712,7 +717,7 @@ krb5_set_password(krb5_context context, for (i = 0; procs[i].name != NULL; i++) { *result_code = 0; - ret = change_password_loop(context, creds, targprinc, newpw, + ret = change_password_loop(context, creds, principal, newpw, result_code, result_code_string, result_string, &procs[i]); diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 2e23306c96..de40b059b8 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $"); +RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -3942,6 +3942,8 @@ krb5_derive_key(krb5_context context, struct encryption_type *et; struct key_data d; + *derived_key = NULL; + et = _find_enctype (etype); if (et == NULL) { krb5_set_error_string(context, "encryption type %d not supported", @@ -3949,16 +3951,15 @@ krb5_derive_key(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } - ret = krb5_copy_keyblock(context, key, derived_key); + ret = krb5_copy_keyblock(context, key, &d.key); if (ret) return ret; - d.key = *derived_key; d.schedule = NULL; ret = derive_key(context, et, &d, constant, constant_len); - if (ret) - return ret; - ret = krb5_copy_keyblock(context, d.key, derived_key); + if (ret == 0) + ret = krb5_copy_keyblock(context, d.key, derived_key); + free_key_data(context, &d); return ret; } diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 1039847de9..fa54ff43ce 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.7 2005/12/01 12:40:22 lha Exp $"); +RCSID("$Id: keytab_memory.c,v 1.8 2005/12/05 18:39:46 lha Exp $"); /* memory operations -------------------------------------------- */ @@ -214,15 +214,9 @@ mkt_remove_entry(krb5_context context, krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; } - if (d->num_entries == 0) { - free(d->entries); - d->entries = NULL; - } else { - e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); - if(e != NULL) - d->entries = e; - } - + e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); + if(e != NULL || d->num_entries == 0) + d->entries = e; return 0; } diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 301b8853e4..c08d8058a4 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -21,21 +21,12 @@ extern "C" { #endif void -initialize_heim_error_table (void); - -void initialize_heim_error_table_r (struct et_list **/*list*/); void -initialize_k524_error_table (void); - -void initialize_k524_error_table_r (struct et_list **/*list*/); void -initialize_krb5_error_table (void); - -void initialize_krb5_error_table_r (struct et_list **/*list*/); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 4a02677239..60d72c8f80 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.83 2005/10/07 12:08:02 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -170,6 +170,14 @@ struct _krb5_krb_auth_data; #define KRB5_BUFSIZ 1024 +#ifndef KRB5_DEFAULT_CCNAME +#ifdef __APPLE__ +#define KRB5_DEFAULT_CCNAME "API:" +#else +#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" +#endif +#endif + typedef enum { KRB5_PA_PAC_DONT_CARE = 0, KRB5_PA_PAC_REQ_TRUE, diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index ae5c8c1de8..6cc49945cc 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.91 2005/08/23 08:34:40 lha Exp $"); +RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 965883309c..fd57b6fe67 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -77,8 +77,19 @@ krb5_set_default_realm(krb5_context context, "libdefaults", "default_realm", NULL); - if (realms == NULL) - ret = krb5_get_host_realm(context, NULL, &realms); + if (realms == NULL) { + char hostname[MAXHOSTNAMELEN]; + if (gethostname (hostname, sizeof(hostname))) { + return errno; + } + + if (strchr(hostname, '.') == NULL) { + /* There is no way we can get this mapping, as we can't do DNS */ + return KRB5_CONFIG_NODEFREALM; + } + ret = krb5_get_host_realm(context, hostname, + &realms); + } } else { ret = string_to_list (context, realm, &realms); } diff --git a/source4/heimdal_build/config.h b/source4/heimdal_build/config.h index 660739c73f..d2a72cacfb 100644 --- a/source4/heimdal_build/config.h +++ b/source4/heimdal_build/config.h @@ -62,6 +62,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifndef HAVE_STRNDUP #define HAVE_STRNDUP #endif +#ifndef HAVE_SOCKLEN_T +#define HAVE_SOCKLEN_T +#endif #ifndef HAVE_SSIZE_T #define HAVE_SSIZE_T diff --git a/source4/heimdal_build/config.m4 b/source4/heimdal_build/config.m4 index fb4f27387f..92e38e42c2 100644 --- a/source4/heimdal_build/config.m4 +++ b/source4/heimdal_build/config.m4 @@ -139,6 +139,7 @@ AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>]) AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>]) AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>]) AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>]) +AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>]) AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [ diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 9b1d673764..3862ec7f99 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -198,10 +198,17 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h return flags; } -static krb5_error_code hdb_ldb_free_private(krb5_context context, hdb_entry_ex *entry_ex) +static int hdb_ldb_destrutor(void *ptr) { - talloc_free(entry_ex->private); - return 0; + struct hdb_ldb_private *private = ptr; + hdb_entry_ex *entry_ex = private->entry_ex; + free_hdb_entry(&entry_ex->entry); + return 0; +} + +static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) +{ + talloc_free(entry_ex->ctx); } /* @@ -223,10 +230,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx)); struct hdb_ldb_private *private; - hdb_entry *ent = &entry_ex->entry; NTTIME acct_expiry; - memset(ent, 0, sizeof(*ent)); + memset(entry_ex, 0, sizeof(*entry_ex)); krb5_warnx(context, "LDB_message2entry:\n"); @@ -236,9 +242,22 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, goto out; } + private = talloc(mem_ctx, struct hdb_ldb_private); + if (!private) { + ret = ENOMEM; + goto out; + } + + private->entry_ex = entry_ex; + + talloc_set_destructor(private, hdb_ldb_destrutor); + + entry_ex->ctx = private; + entry_ex->free_entry = hdb_ldb_free_entry; + userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0); - ent->principal = malloc(sizeof(*(ent->principal))); + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) { const char *samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL); if (!samAccountName) { @@ -247,10 +266,10 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, goto out; } samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL); - krb5_make_principal(context, &ent->principal, realm, samAccountName, NULL); + krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); } else { char *strdup_realm; - ret = copy_Principal(principal, ent->principal); + ret = copy_Principal(principal, entry_ex->entry.principal); if (ret) { krb5_clear_error_string(context); goto out; @@ -263,7 +282,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, * we determine from our records */ /* don't leak */ - free(*krb5_princ_realm(context, ent->principal)); + free(*krb5_princ_realm(context, entry_ex->entry.principal)); /* this has to be with malloc() */ strdup_realm = strdup(realm); @@ -272,56 +291,56 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, krb5_clear_error_string(context); goto out; } - krb5_princ_set_realm(context, ent->principal, &strdup_realm); + krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); } - ent->kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0); + entry_ex->entry.kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0); - ent->flags = uf2HDBFlags(context, userAccountControl, ent_type); + entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type); if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) { - ent->flags.invalid = 0; - ent->flags.server = 1; - ent->flags.forwardable = 1; - ent->flags.ok_as_delegate = 1; + entry_ex->entry.flags.invalid = 0; + entry_ex->entry.flags.server = 1; + entry_ex->entry.flags.forwardable = 1; + entry_ex->entry.flags.ok_as_delegate = 1; } if (lp_parm_bool(-1, "kdc", "require spn for service", True)) { if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) { - ent->flags.server = 0; + entry_ex->entry.flags.server = 0; } } /* use 'whenCreated' */ - ent->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); + entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); /* use '???' */ - ent->created_by.principal = NULL; + entry_ex->entry.created_by.principal = NULL; - ent->modified_by = (Event *) malloc(sizeof(Event)); - if (ent->modified_by == NULL) { + entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); + if (entry_ex->entry.modified_by == NULL) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } /* use 'whenChanged' */ - ent->modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); + entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); /* use '???' */ - ent->modified_by->principal = NULL; + entry_ex->entry.modified_by->principal = NULL; - ent->valid_start = NULL; + entry_ex->entry.valid_start = NULL; acct_expiry = samdb_result_nttime(msg, "accountExpires", (NTTIME)-1); if ((acct_expiry == (NTTIME)-1) || (acct_expiry == 0x7FFFFFFFFFFFFFFFULL)) { - ent->valid_end = NULL; + entry_ex->entry.valid_end = NULL; } else { - ent->valid_end = malloc(sizeof(*ent->valid_end)); - if (ent->valid_end == NULL) { + entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); + if (entry_ex->entry.valid_end == NULL) { ret = ENOMEM; goto out; } - *ent->valid_end = nt_time_to_unix(acct_expiry); + *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry); } if ((ent_type != HDB_LDB_ENT_TYPE_KRBTGT) && (!(userAccountControl & UF_DONT_EXPIRE_PASSWD))) { @@ -330,24 +349,24 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, domain_dn, msg, "pwdLastSet"); if (must_change_time != 0) { - ent->pw_end = malloc(sizeof(*ent->pw_end)); - if (ent->pw_end == NULL) { + entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end)); + if (entry_ex->entry.pw_end == NULL) { ret = ENOMEM; goto out; } - *ent->pw_end = nt_time_to_unix(must_change_time); + *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time); } else { - ent->pw_end = NULL; + entry_ex->entry.pw_end = NULL; } } else { - ent->pw_end = NULL; + entry_ex->entry.pw_end = NULL; } - ent->max_life = NULL; + entry_ex->entry.max_life = NULL; - ent->max_renew = NULL; + entry_ex->entry.max_renew = NULL; - ent->generation = NULL; + entry_ex->entry.generation = NULL; /* create the keys and enctypes */ unicodePwd = ldb_msg_find_string(msg, "unicodePwd", NULL); @@ -399,21 +418,21 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, } if (ret == 0) { - size_t num_keys = ent->keys.len; + size_t num_keys = entry_ex->entry.keys.len; /* * create keys from unicodePwd */ ret = hdb_generate_key_set_password(context, salt_principal, unicodePwd, - &ent->keys.val, &num_keys); - ent->keys.len = num_keys; + &entry_ex->entry.keys.val, &num_keys); + entry_ex->entry.keys.len = num_keys; krb5_free_principal(context, salt_principal); } if (ret != 0) { krb5_warnx(context, "could not generate keys from unicodePwd\n"); - ent->keys.val = NULL; - ent->keys.len = 0; + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; goto out; } } else { @@ -423,11 +442,11 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, val = ldb_msg_find_ldb_val(msg, "ntPwdHash"); if (!val) { krb5_warnx(context, "neither type of key available for this account\n"); - ent->keys.val = NULL; - ent->keys.len = 0; + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; } else if (val->length < 16) { - ent->keys.val = NULL; - ent->keys.len = 0; + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; krb5_warnx(context, "ntPwdHash has invalid length: %d\n", (int)val->length); } else { @@ -440,53 +459,45 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, memcpy(keyvalue.data, val->data, 16); - ent->keys.val = malloc(sizeof(ent->keys.val[0])); - if (ent->keys.val == NULL) { + entry_ex->entry.keys.val = malloc(sizeof(entry_ex->entry.keys.val[0])); + if (entry_ex->entry.keys.val == NULL) { krb5_data_free(&keyvalue); krb5_clear_error_string(context); ret = ENOMEM; goto out; } - memset(&ent->keys.val[0], 0, sizeof(Key)); - ent->keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; - ent->keys.val[0].key.keyvalue = keyvalue; + memset(&entry_ex->entry.keys.val[0], 0, sizeof(Key)); + entry_ex->entry.keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; + entry_ex->entry.keys.val[0].key.keyvalue = keyvalue; - ent->keys.len = 1; + entry_ex->entry.keys.len = 1; } } - ent->etypes = malloc(sizeof(*(ent->etypes))); - if (ent->etypes == NULL) { + entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); + if (entry_ex->entry.etypes == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } - ent->etypes->len = ent->keys.len; - ent->etypes->val = calloc(ent->etypes->len, sizeof(int)); - if (ent->etypes->val == NULL) { + entry_ex->entry.etypes->len = entry_ex->entry.keys.len; + entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); + if (entry_ex->entry.etypes->val == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } - for (i=0; i < ent->etypes->len; i++) { - ent->etypes->val[i] = ent->keys.val[i].key.keytype; + for (i=0; i < entry_ex->entry.etypes->len; i++) { + entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; } - private = talloc(db, struct hdb_ldb_private); - if (!private) { - ret = ENOMEM; - goto out; - } - private->msg = talloc_steal(private, msg); private->realm_ref_msg = talloc_steal(private, realm_ref_msg); private->samdb = (struct ldb_context *)db->hdb_db; - entry_ex->private = private; - entry_ex->free_private = hdb_ldb_free_private; entry_ex->check_client_access = hdb_ldb_check_client_access; entry_ex->authz_data_tgs_req = hdb_ldb_authz_data_tgs_req; entry_ex->authz_data_as_req = hdb_ldb_authz_data_as_req; @@ -494,7 +505,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, out: if (ret != 0) { /* This doesn't free ent itself, that is for the eventual caller to do */ - hdb_free_entry(context, &entry_ex->entry); + hdb_free_entry(context, entry_ex); + } else { + talloc_steal(db, entry_ex->ctx); } return ret; @@ -669,10 +682,10 @@ static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new return HDB_ERR_DB_INUSE; } -static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flags, - krb5_const_principal principal, - enum hdb_ent_type ent_type, - hdb_entry_ex *entry_ex) +static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags, + krb5_const_principal principal, + enum hdb_ent_type ent_type, + hdb_entry_ex *entry_ex) { struct ldb_message **msg = NULL; struct ldb_message **realm_ref_msg = NULL; @@ -860,32 +873,12 @@ static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flag return ret; } -static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags, - krb5_const_principal principal, - enum hdb_ent_type ent_type, - hdb_entry *entry) -{ - struct hdb_entry_ex entry_ex; - krb5_error_code ret; - - memset(&entry_ex, '\0', sizeof(entry_ex)); - ret = LDB_fetch_ex(context, db, flags, principal, ent_type, &entry_ex); - - if (ret == 0) { - if (entry_ex.free_private) { - entry_ex.free_private(context, &entry_ex); - } - *entry = entry_ex.entry; - } - return ret; -} - -static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return HDB_ERR_DB_INUSE; } -static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry *entry) +static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry_ex *entry) { return HDB_ERR_DB_INUSE; } @@ -898,7 +891,7 @@ struct hdb_ldb_seq { struct ldb_message **realm_ref_msgs; }; -static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { krb5_error_code ret; struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp; @@ -921,13 +914,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd ret = LDB_message2entry(context, db, mem_ctx, NULL, HDB_LDB_ENT_TYPE_ANY, priv->msgs[priv->index++], - priv->realm_ref_msgs[0], &entry_ex); - if (ret == 0) { - if (entry_ex.free_private) { - entry_ex.free_private(context, &entry_ex); - } - *entry = entry_ex.entry; - } + priv->realm_ref_msgs[0], entry); } else { ret = HDB_ERR_NOENTRY; } @@ -943,7 +930,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd } static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry *entry) + hdb_entry_ex *entry) { struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp; @@ -1028,7 +1015,7 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag } static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry *entry) + hdb_entry_ex *entry) { return LDB_seq(context, db, flags, entry); } @@ -1083,7 +1070,6 @@ NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx, (*db)->hdb_open = LDB_open; (*db)->hdb_close = LDB_close; (*db)->hdb_fetch = LDB_fetch; - (*db)->hdb_fetch_ex = LDB_fetch_ex; (*db)->hdb_store = LDB_store; (*db)->hdb_remove = LDB_remove; (*db)->hdb_firstkey = LDB_firstkey; diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 79e7b3c5a7..a3dec8c46d 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -157,7 +157,7 @@ krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry krb5_boolean pac_wanted = TRUE; unsigned int userAccountControl; struct PA_PAC_REQUEST pac_request; - struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private); + struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private); /* The user account may be set not to want the PAC */ userAccountControl = ldb_msg_find_uint(private->msg, "userAccountControl", 0); @@ -218,7 +218,7 @@ krb5_error_code hdb_ldb_authz_data_tgs_req(krb5_context context, struct hdb_entr unsigned int userAccountControl; - struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private); + struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private); krb5_data k5pac_in, k5pac_out; DATA_BLOB pac_in, pac_out; @@ -321,8 +321,8 @@ krb5_error_code hdb_ldb_check_client_access(krb5_context context, hdb_entry_ex * { krb5_error_code ret; NTSTATUS nt_status; - TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private); - struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private); + TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->ctx); + struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private); char *name, *workstation = NULL; int i; diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h index 953ddae815..e5b1960209 100644 --- a/source4/kdc/pac-glue.h +++ b/source4/kdc/pac-glue.h @@ -25,6 +25,7 @@ struct ldb_context *samdb; struct ldb_message *msg; struct ldb_message *realm_ref_msg; + hdb_entry_ex *entry_ex; }; krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry_ex *entry_ex, |