summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/hdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/hdb')
-rw-r--r--source4/heimdal/lib/hdb/db.c12
-rw-r--r--source4/heimdal/lib/hdb/ext.c36
-rw-r--r--source4/heimdal/lib/hdb/hdb-protos.h10
-rw-r--r--source4/heimdal/lib/hdb/hdb.asn117
-rw-r--r--source4/heimdal/lib/hdb/hdb.c9
-rw-r--r--source4/heimdal/lib/hdb/hdb.h10
-rw-r--r--source4/heimdal/lib/hdb/keys.c5
-rw-r--r--source4/heimdal/lib/hdb/keytab.c38
8 files changed, 93 insertions, 44 deletions
diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c
index 4b4e6e673d..0bbf6f2210 100644
--- a/source4/heimdal/lib/hdb/db.c
+++ b/source4/heimdal/lib/hdb/db.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $");
+RCSID("$Id: db.c,v 1.36 2006/09/12 18:12:37 lha Exp $");
#if HAVE_DB1
@@ -47,7 +47,7 @@ static krb5_error_code
DB_close(krb5_context context, HDB *db)
{
DB *d = (DB*)db->hdb_db;
- d->close(d);
+ (*d->close)(d);
return 0;
}
@@ -95,7 +95,7 @@ DB_seq(krb5_context context, HDB *db,
code = db->hdb_lock(context, db, HDB_RLOCK);
if(code == -1)
return HDB_ERR_DB_INUSE;
- code = d->seq(d, &key, &value, flag);
+ code = (*d->seq)(d, &key, &value, flag);
db->hdb_unlock(context, db); /* XXX check value */
if(code == -1)
return errno;
@@ -172,7 +172,7 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
code = db->hdb_lock(context, db, HDB_RLOCK);
if(code)
return code;
- code = d->get(d, &k, &v, 0);
+ code = (*d->get)(d, &k, &v, 0);
db->hdb_unlock(context, db);
if(code < 0)
return errno;
@@ -198,7 +198,7 @@ DB__put(krb5_context context, HDB *db, int replace,
code = db->hdb_lock(context, db, HDB_WLOCK);
if(code)
return code;
- code = d->put(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
+ code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
db->hdb_unlock(context, db);
if(code < 0)
return errno;
@@ -218,7 +218,7 @@ DB__del(krb5_context context, HDB *db, krb5_data key)
code = db->hdb_lock(context, db, HDB_WLOCK);
if(code)
return code;
- code = d->del(d, &k, 0);
+ code = (*d->del)(d, &k, 0);
db->hdb_unlock(context, db);
if(code == 1)
return HDB_ERR_NOENTRY;
diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c
index a8995e4138..141c63a8ac 100644
--- a/source4/heimdal/lib/hdb/ext.c
+++ b/source4/heimdal/lib/hdb/ext.c
@@ -34,7 +34,7 @@
#include "hdb_locl.h"
#include <der.h>
-RCSID("$Id: ext.c,v 1.2 2006/04/25 10:20:22 lha Exp $");
+RCSID("$Id: ext.c,v 1.6 2006/10/14 10:13:03 lha Exp $");
krb5_error_code
hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
@@ -220,6 +220,20 @@ hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a)
}
krb5_error_code
+hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash);
+ if (ext)
+ *a = &ext->data.u.pkinit_cert_hash;
+ else
+ *a = NULL;
+
+ return 0;
+}
+
+krb5_error_code
hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t)
{
const HDB_extension *ext;
@@ -278,7 +292,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
ext->data.u.password.password.length,
&pw);
} else {
- ret = copy_octet_string(&ext->data.u.password.password, &pw);
+ ret = der_copy_octet_string(&ext->data.u.password.password, &pw);
}
if (ret) {
krb5_clear_error_string(context);
@@ -293,7 +307,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
*p = strdup(str);
- free_octet_string(&pw);
+ der_free_octet_string(&pw);
if (*p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -364,3 +378,19 @@ hdb_entry_clear_password(krb5_context context, hdb_entry *entry)
return hdb_clear_extension(context, entry,
choice_HDB_extension_data_password);
}
+
+krb5_error_code
+hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry,
+ const HDB_Ext_Constrained_delegation_acl **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry,
+ choice_HDB_extension_data_allowed_to_delegate_to);
+ if (ext)
+ *a = &ext->data.u.allowed_to_delegate_to;
+ else
+ *a = NULL;
+
+ return 0;
+}
diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h
index 3cc7d2131a..de0545a037 100644
--- a/source4/heimdal/lib/hdb/hdb-protos.h
+++ b/source4/heimdal/lib/hdb/hdb-protos.h
@@ -71,6 +71,11 @@ hdb_entry_clear_password (
krb5_context /*context*/,
hdb_entry */*entry*/);
+krb5_error_code
+hdb_entry_get_ConstrainedDelegACL (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_Constrained_delegation_acl **/*a*/);
+
int
hdb_entry_get_password (
krb5_context /*context*/,
@@ -84,6 +89,11 @@ hdb_entry_get_pkinit_acl (
const HDB_Ext_PKINIT_acl **/*a*/);
krb5_error_code
+hdb_entry_get_pkinit_hash (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_PKINIT_hash **/*a*/);
+
+krb5_error_code
hdb_entry_get_pw_change_time (
const hdb_entry */*entry*/,
time_t */*t*/);
diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1
index c8a1a34b4f..c8c276ff6e 100644
--- a/source4/heimdal/lib/hdb/hdb.asn1
+++ b/source4/heimdal/lib/hdb/hdb.asn1
@@ -1,4 +1,4 @@
--- $Id: hdb.asn1,v 1.13 2005/08/11 13:15:44 lha Exp $
+-- $Id: hdb.asn1,v 1.17 2006/08/24 10:45:19 lha Exp $
HDB DEFINITIONS ::=
BEGIN
@@ -41,7 +41,10 @@ HDBFlags ::= BIT STRING {
require-hwauth(10), -- must use hwauth
ok-as-delegate(11), -- as in TicketFlags
user-to-user(12), -- may use user-to-user auth
- immutable(13) -- may not be deleted
+ immutable(13), -- may not be deleted
+ trusted-for-delegation(14), -- Trusted to print forwardabled tickets
+ allow-kerberos4(15), -- Allow Kerberos 4 requests
+ allow-digest(16) -- Allow digest requests
}
GENERATION ::= SEQUENCE {
@@ -52,10 +55,14 @@ GENERATION ::= SEQUENCE {
HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
subject[0] UTF8String,
- issuer[1] UTF8String
+ issuer[1] UTF8String OPTIONAL,
+ anchor[2] UTF8String OPTIONAL
}
-HDB-Ext-PKINIT-certificate ::= SEQUENCE OF OCTET STRING
+HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
+ digest-type[0] OBJECT IDENTIFIER,
+ digest[1] OCTET STRING
+}
HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
@@ -80,7 +87,7 @@ HDB-extension ::= SEQUENCE {
-- be rejected
data[1] CHOICE {
pkinit-acl[0] HDB-Ext-PKINIT-acl,
- pkinit-cert[1] HDB-Ext-PKINIT-certificate,
+ pkinit-cert-hash[1] HDB-Ext-PKINIT-hash,
allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl,
-- referral-info[3] HDB-Ext-Referrals,
lm-owf[4] HDB-Ext-Lan-Manager-OWF,
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 555a0d53f6..d1fa4ffd6a 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: hdb.c,v 1.61 2006/04/24 20:57:58 lha Exp $");
+RCSID("$Id: hdb.c,v 1.62 2006/10/06 16:47:22 lha Exp $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
@@ -58,6 +58,9 @@ static struct hdb_method methods[] = {
#ifdef _SAMBA_BUILD_
{"ldb:", hdb_ldb_create},
#endif
+#ifdef HAVE_LDB /* Used for integrated samba build */
+ {"ldb:", hdb_ldb_create},
+#endif
{NULL, NULL}
};
@@ -262,7 +265,7 @@ find_dynamic_method (krb5_context context,
if (prefix == NULL)
krb5_errx(context, 1, "out of memory");
- if (asprintf(&path, HDBDIR "/hdb_%s.so", prefix) == -1)
+ if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1)
krb5_errx(context, 1, "out of memory");
#ifndef RTLD_NOW
@@ -398,6 +401,6 @@ hdb_create(krb5_context context, HDB **db, const char *filename)
h = find_dynamic_method (context, filename, &residual);
#endif
if (h == NULL)
- krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename);
+ krb5_errx(context, 1, "No database support for %s", filename);
return (*h->create)(context, db, residual);
}
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index d14eea7ddc..69c91d12ad 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -66,17 +66,17 @@ typedef struct hdb_entry_ex {
struct hdb_entry_ex *,
METHOD_DATA* pa_data_seq,
time_t authtime,
- EncryptionKey *tgtkey,
- EncryptionKey *sessionkey,
+ const EncryptionKey *tgtkey,
+ const EncryptionKey *sessionkey,
AuthorizationData **out);
krb5_error_code (*authz_data_tgs_req)(krb5_context,
struct hdb_entry_ex *,
krb5_principal client,
AuthorizationData *in,
time_t authtime,
- EncryptionKey *tgtkey,
- EncryptionKey *servicekey,
- EncryptionKey *sessionkey,
+ const EncryptionKey *tgtkey,
+ const EncryptionKey *servicekey,
+ const EncryptionKey *sessionkey,
AuthorizationData **out);
} hdb_entry_ex;
diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c
index d7c2f2c89b..8d4810f5c9 100644
--- a/source4/heimdal/lib/hdb/keys.c
+++ b/source4/heimdal/lib/hdb/keys.c
@@ -33,7 +33,7 @@
#include "hdb_locl.h"
-RCSID("$Id: keys.c,v 1.5 2006/04/25 08:09:38 lha Exp $");
+RCSID("$Id: keys.c,v 1.6 2006/10/22 09:40:12 lha Exp $");
/*
* free all the memory used by (len, keys)
@@ -334,6 +334,9 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
*ret_key_set = key_set;
out:
+ if (ktypes != default_keytypes)
+ krb5_config_free_strings(ktypes);
+
if (ret) {
krb5_warn(context, ret,
"failed to parse the [kadmin]default_keys values");
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index c87b8eca2c..8f473a68a4 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -35,7 +35,7 @@
/* keytab backend for HDB databases */
-RCSID("$Id: keytab.c,v 1.11 2006/04/27 11:01:30 lha Exp $");
+RCSID("$Id: keytab.c,v 1.16 2006/10/09 12:36:40 lha Exp $");
struct hdb_data {
char *dbname;
@@ -59,7 +59,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
return ENOMEM;
}
db = name;
- mkey = strrchr(name, ':');
+ mkey = strchr(name, ':');
if(mkey == NULL || mkey[1] == '\0') {
if(*name == '\0')
d->dbname = NULL;
@@ -201,6 +201,8 @@ hdb_get_entry(krb5_context context,
const char *dbname = d->dbname;
const char *mkey = d->mkey;
+ memset(&ent, 0, sizeof(ent));
+
if (dbname == NULL)
find_db (context, &dbname, &mkey, principal);
@@ -218,26 +220,21 @@ hdb_get_entry(krb5_context context,
(*db->hdb_destroy)(context, db);
return ret;
}
- ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent);
-
+ ret = (*db->hdb_fetch)(context, db, principal,
+ HDB_F_DECRYPT|
+ HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+ &ent);
- /* Shutdown the hdb on error */
if(ret == HDB_ERR_NOENTRY) {
- (*db->hdb_close)(context, db);
- (*db->hdb_destroy)(context, db);
- return KRB5_KT_NOTFOUND;
- } else if (ret) {
- (*db->hdb_close)(context, db);
- (*db->hdb_destroy)(context, db);
- return ret;
- }
+ ret = KRB5_KT_NOTFOUND;
+ goto out;
+ }else if(ret)
+ goto out;
+
if(kvno && ent.entry.kvno != kvno) {
- /* The order here matters, we must free these in this order
- * due to hdb-ldb and Samba4's talloc */
hdb_free_entry(context, &ent);
- (*db->hdb_close)(context, db);
- (*db->hdb_destroy)(context, db);
- return KRB5_KT_NOTFOUND;
+ ret = KRB5_KT_NOTFOUND;
+ goto out;
}
if(enctype == 0)
if(ent.entry.keys.len > 0)
@@ -254,9 +251,8 @@ hdb_get_entry(krb5_context context,
break;
}
}
- /* The order here matters, we must free these in this order
- * due to hdb-ldb and Samba4's talloc */
hdb_free_entry(context, &ent);
+out:
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
return ret;
generated by cgit (git 2.34.1) at 2024-06-30 14:20:42 +0000