diff options
-rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 13 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/principal.c | 71 | ||||
-rw-r--r-- | source4/kdc/hdb-ldb.c | 26 |
3 files changed, 79 insertions, 31 deletions
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 71d42b43b8..cc619314a3 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2377,6 +2377,12 @@ krb5_parse_name ( const char */*name*/, krb5_principal */*principal*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_norealm ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + const char* KRB5_LIB_FUNCTION krb5_passwd_result_to_string ( krb5_context /*context*/, @@ -3430,6 +3436,13 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); +krb5_error_code +parse_name ( + krb5_context /*context*/, + const char */*name*/, + krb5_boolean /*short_form*/, + krb5_principal */*principal*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 74db080ab7..8540636403 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -91,10 +91,11 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name(krb5_context context, - const char *name, - krb5_principal *principal) +krb5_error_code +parse_name(krb5_context context, + const char *name, + krb5_boolean short_form, + krb5_principal *principal) { krb5_error_code ret; heim_general_string *comp; @@ -184,19 +185,29 @@ krb5_parse_name(krb5_context context, } *q++ = c; } - if(got_realm){ - realm = malloc(q - start + 1); - if (realm == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; + if (got_realm) { + if (short_form) { + krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!"); + ret = KRB5_PARSE_MALFORMED; goto exit; + } else { + realm = malloc(q - start + 1); + if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(realm, start, q - start); + realm[q - start] = 0; } - memcpy(realm, start, q - start); - realm[q - start] = 0; }else{ - ret = krb5_get_default_realm (context, &realm); - if (ret) - goto exit; + if (short_form) { + ret = krb5_get_default_realm (context, &realm); + if (ret) + goto exit; + } else { + realm = NULL; + } comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { @@ -229,6 +240,21 @@ exit: return ret; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, FALSE, principal); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_norealm(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, TRUE, principal); +} static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; @@ -323,12 +349,17 @@ unparse_name(krb5_context context, int i; krb5_error_code ret; /* count length */ - plen = strlen(princ_realm(principal)); - if(strcspn(princ_realm(principal), quotable_chars) == plen) - len += plen; - else - len += 2*plen; - len++; + if (!short_flag) { + plen = strlen(princ_realm(principal)); + if(strcspn(princ_realm(principal), quotable_chars) == plen) + len += plen; + else + len += 2*plen; + len++; + } else { + len = 0; + } + for(i = 0; i < princ_num_comp(principal); i++){ plen = strlen(princ_ncomp(principal, i)); if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen) diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index ccdd64f40b..ecdda16150 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -454,11 +454,11 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con int count; char *filter = NULL; const char * const *princ_attrs = krb5_attrs; - char *p; char *princ_str; char *princ_str_talloc; char *short_princ; + char *short_princ_talloc; char *realm_dn_str; @@ -481,20 +481,24 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con return ret; } + ret = krb5_unparse_name_norealm(context, &princ, &short_princ); + + if (ret != 0) { + free(princ_str); + krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); + krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); + return ret; + } + princ_str_talloc = talloc_strdup(mem_ctx, princ_str); - short_princ = talloc_strdup(mem_ctx, princ_str); + short_princ_talloc = talloc_strdup(mem_ctx, short_princ); free(princ_str); + free(short_princ); if (!short_princ || !princ_str_talloc) { krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); return ENOMEM; } - p = strchr(short_princ, '@'); - if (p) { - p[0] = '\0'; - } - - switch (ent_type) { case HDB_LDB_ENT_TYPE_KRBTGT: filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", @@ -502,15 +506,15 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con break; case HDB_LDB_ENT_TYPE_CLIENT: filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(|(samAccountName=%s)(userPrincipalName=%s)))", - short_princ, princ_str_talloc); + short_princ_talloc, princ_str_talloc); break; case HDB_LDB_ENT_TYPE_SERVER: filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(|(samAccountName=%s)(servicePrincipalName=%s)))", - short_princ, short_princ); + short_princ_talloc, short_princ_talloc); break; case HDB_LDB_ENT_TYPE_ANY: filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(|(|(samAccountName=%s)(servicePrincipalName=%s))(userPrincipalName=%s)))", - short_princ, short_princ, princ_str_talloc); + short_princ_talloc, short_princ_talloc, princ_str_talloc); break; } |