diff options
Diffstat (limited to 'source4/heimdal/lib/hdb/keytab.c')
-rw-r--r-- | source4/heimdal/lib/hdb/keytab.c | 171 |
1 files changed, 97 insertions, 74 deletions
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 2ec7837ae3..a557de036d 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -43,7 +43,7 @@ struct hdb_data { struct hdb_cursor { HDB *db; hdb_entry_ex hdb_entry; - bool first, next; + int first, next; int key_idx; }; @@ -272,7 +272,10 @@ hdb_start_seq_get(krb5_context context, HDB *db; if (dbname == NULL) { - /* We don't support enumerating without being told what backend to enumerate on */ + /* + * We don't support enumerating without being told what + * backend to enumerate on + */ ret = KRB5_KT_NOTFOUND; return ret; } @@ -301,91 +304,111 @@ hdb_start_seq_get(krb5_context context, } c->db = db; - c->first = true; - c->next = true; + c->first = TRUE; + c->next = TRUE; c->key_idx = 0; cursor->data = c; return ret; } -static int hdb_next_entry(krb5_context context, +static int +hdb_next_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { - struct hdb_cursor *c = cursor->data; - krb5_error_code ret; - - if (c->first) { - c->first = false; - ret = (c->db->hdb_firstkey)(context, c->db, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &c->hdb_entry); - if (ret == HDB_ERR_NOENTRY) { - return KRB5_KT_END; - } else if (ret) { - return ret; - } - - if (c->hdb_entry.entry.keys.len == 0) { - hdb_free_entry(context, &c->hdb_entry); - } else { - c->next = false; - } - } - - while (c->next) { - ret = (c->db->hdb_nextkey)(context, c->db, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &c->hdb_entry); - if (ret == HDB_ERR_NOENTRY) { - return KRB5_KT_END; - } else if (ret) { - return ret; - } - if (c->hdb_entry.entry.keys.len == 0) { - /* If no keys on this entry, try again */ - hdb_free_entry(context, &c->hdb_entry); - } else { - /* We have an entry, set the flag */ - c->next = false; - } - }; - - /* return next enc type (keytabs are one slot per key, while hdb is one record per principal */ - krb5_copy_principal(context, - c->hdb_entry.entry.principal, - &entry->principal); - entry->vno = c->hdb_entry.entry.kvno; - krb5_copy_keyblock_contents(context, - &c->hdb_entry.entry.keys.val[c->key_idx].key, - &entry->keyblock); - c->key_idx++; - - /* Once we get to the end of the list, signal that we want the next entry */ - if (c->key_idx == c->hdb_entry.entry.keys.len) { - hdb_free_entry(context, &c->hdb_entry); - c->next = true; - c->key_idx = 0; - } - return 0; + struct hdb_cursor *c = cursor->data; + krb5_error_code ret; + + memset(entry, 0, sizeof(*entry)); + + if (c->first) { + c->first = FALSE; + ret = (c->db->hdb_firstkey)(context, c->db, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &c->hdb_entry); + if (ret == HDB_ERR_NOENTRY) + return KRB5_KT_END; + else if (ret) + return ret; + + if (c->hdb_entry.entry.keys.len == 0) + hdb_free_entry(context, &c->hdb_entry); + else + c->next = FALSE; + } + + while (c->next) { + ret = (c->db->hdb_nextkey)(context, c->db, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &c->hdb_entry); + if (ret == HDB_ERR_NOENTRY) + return KRB5_KT_END; + else if (ret) + return ret; + + /* If no keys on this entry, try again */ + if (c->hdb_entry.entry.keys.len == 0) + hdb_free_entry(context, &c->hdb_entry); + else + c->next = FALSE; + } + + /* + * Return next enc type (keytabs are one slot per key, while + * hdb is one record per principal. + */ + + ret = krb5_copy_principal(context, + c->hdb_entry.entry.principal, + &entry->principal); + if (ret) + return ret; + + entry->vno = c->hdb_entry.entry.kvno; + ret = krb5_copy_keyblock_contents(context, + &c->hdb_entry.entry.keys.val[c->key_idx].key, + &entry->keyblock); + if (ret) { + krb5_free_principal(context, entry->principal); + memset(entry, 0, sizeof(*entry)); + return ret; + } + c->key_idx++; + + /* + * Once we get to the end of the list, signal that we want the + * next entry + */ + + if (c->key_idx == c->hdb_entry.entry.keys.len) { + hdb_free_entry(context, &c->hdb_entry); + c->next = TRUE; + c->key_idx = 0; + } + + return 0; } -static int hdb_end_seq_get(krb5_context context, - krb5_keytab id, - krb5_kt_cursor *cursor) { - struct hdb_cursor *c = cursor->data; - (c->db->hdb_close)(context, c->db); - (c->db->hdb_destroy)(context, c->db); - if (!c->next) { - hdb_free_entry(context, &c->hdb_entry); - } - free(c); - return 0; +static int +hdb_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + struct hdb_cursor *c = cursor->data; + + (c->db->hdb_close)(context, c->db); + (c->db->hdb_destroy)(context, c->db); + + if (!c->next) + hdb_free_entry(context, &c->hdb_entry); + + free(c); + return 0; } krb5_kt_ops hdb_kt_ops = { |