From caaf72893a5be61822763eb471f4d573992479ed Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 6 Apr 2013 01:23:40 -0400 Subject: Simplify principal access within libkrb5 For conciseness, directly use fields of krb5_principal objects instead of using the accessor macros. --- src/lib/krb5/ccache/cc_file.c | 16 ++++++------ src/lib/krb5/ccache/cc_keyring.c | 22 ++++++---------- src/lib/krb5/ccache/ccfns.c | 4 +-- src/lib/krb5/keytab/kt_file.c | 39 +++++++++++++---------------- src/lib/krb5/krb/bld_pr_ext.c | 2 +- src/lib/krb5/krb/bld_princ.c | 3 +-- src/lib/krb5/krb/chk_trans.c | 2 +- src/lib/krb5/krb/conv_princ.c | 12 ++++----- src/lib/krb5/krb/copy_princ.c | 18 ++++++-------- src/lib/krb5/krb/fast.c | 2 +- src/lib/krb5/krb/fwd_tgt.c | 4 +-- src/lib/krb5/krb/gc_via_tkt.c | 9 +++---- src/lib/krb5/krb/get_creds.c | 6 ++--- src/lib/krb5/krb/get_in_tkt.c | 20 ++++++--------- src/lib/krb5/krb/int-proto.h | 5 ++-- src/lib/krb5/krb/kfree.c | 4 +-- src/lib/krb5/krb/pr_to_salt.c | 22 +++++++--------- src/lib/krb5/krb/princ_comp.c | 20 +++++++-------- src/lib/krb5/krb/rd_req_dec.c | 19 +++++++------- src/lib/krb5/krb/recvauth.c | 6 ++--- src/lib/krb5/krb/s4u_creds.c | 54 ++++++++++++++++------------------------ src/lib/krb5/krb/set_realm.c | 6 ++--- src/lib/krb5/krb/t_princ.c | 2 +- src/lib/krb5/krb/tgtname.c | 2 +- src/lib/krb5/krb/unparse.c | 27 +++++++------------- src/lib/krb5/os/changepw.c | 11 ++++---- src/lib/krb5/os/localauth_rule.c | 5 +--- src/lib/krb5/os/sn2princ.c | 2 +- 28 files changed, 144 insertions(+), 200 deletions(-) diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index d39250f89f..24b36b835a 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -509,13 +509,13 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr tmpprinc->length = length; tmpprinc->type = type; - kret = krb5_fcc_read_data(context, id, krb5_princ_realm(context, tmpprinc)); + kret = krb5_fcc_read_data(context, id, &tmpprinc->realm); i = 0; CHECK(kret); for (i=0; i < length; i++) { - kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i)); + kret = krb5_fcc_read_data(context, id, &tmpprinc->data[i]); CHECK(kret); } *princ = tmpprinc; @@ -523,8 +523,8 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr errout: while(--i >= 0) - free(krb5_princ_component(context, tmpprinc, i)->data); - free(krb5_princ_realm(context, tmpprinc)->data); + free(tmpprinc->data[i].data); + free(tmpprinc->realm.data); free(tmpprinc->data); free(tmpprinc); return kret; @@ -949,8 +949,8 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - type = krb5_princ_type(context, princ); - tmp = length = krb5_princ_size(context, princ); + type = princ->type; + tmp = length = princ->length; if (data->version == KRB5_FCC_FVNO_1) { /* @@ -967,11 +967,11 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr ret = krb5_fcc_store_int32(context, id, tmp); CHECK(ret); - ret = krb5_fcc_store_data(context, id, krb5_princ_realm(context, princ)); + ret = krb5_fcc_store_data(context, id, &princ->realm); CHECK(ret); for (i=0; i < length; i++) { - ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i)); + ret = krb5_fcc_store_data(context, id, &princ->data[i]); CHECK(ret); } diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 7f1a641d67..20b275c418 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -1396,15 +1396,12 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, tmpprinc->length = length; tmpprinc->type = type; - kret = krb5_krcc_parse_krb5data(context, id, - krb5_princ_realm(context, tmpprinc), bc); + kret = krb5_krcc_parse_krb5data(context, id, &tmpprinc->realm, bc); i = 0; CHECK(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_parse_krb5data(context, id, - krb5_princ_component(context, tmpprinc, - i), bc); + kret = krb5_krcc_parse_krb5data(context, id, &tmpprinc->data[i], bc); CHECK(kret); } *princ = tmpprinc; @@ -1412,8 +1409,8 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, errout: while (--i >= 0) - free(krb5_princ_component(context, tmpprinc, i)->data); - free(krb5_princ_realm(context, tmpprinc)->data); + free(tmpprinc->data[i].data); + free(tmpprinc->realm.data); free(tmpprinc->data); free(tmpprinc); return kret; @@ -1775,8 +1772,8 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id, krb5_error_code kret; krb5_int32 i, length, tmp, type; - type = krb5_princ_type(context, princ); - tmp = length = krb5_princ_size(context, princ); + type = princ->type; + tmp = length = princ->length; kret = krb5_krcc_unparse_int32(context, id, type, bc); CHECK_OUT(kret); @@ -1784,14 +1781,11 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id, kret = krb5_krcc_unparse_int32(context, id, tmp, bc); CHECK_OUT(kret); - kret = krb5_krcc_unparse_krb5data(context, id, - krb5_princ_realm(context, princ), bc); + kret = krb5_krcc_unparse_krb5data(context, id, &princ->realm, bc); CHECK_OUT(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_krb5data(context, id, - krb5_princ_component(context, princ, - i), bc); + kret = krb5_krcc_unparse_krb5data(context, id, &princ->data[i], bc); CHECK_OUT(kret); } diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index 419150ae76..3154b17c8f 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -252,9 +252,7 @@ krb5_boolean KRB5_CALLCONV krb5_is_config_principal(krb5_context context, krb5_const_principal principal) { - const krb5_data *realm; - - realm = krb5_princ_realm(context, principal); + const krb5_data *realm = &principal->realm; if (realm->length != sizeof(conf_realm) - 1 || memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0) diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index d34e7480e8..8dcf787ede 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1279,7 +1279,7 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke } u_princ_size = princ_size; - krb5_princ_set_realm_length(context, ret_entry->principal, u_princ_size); + ret_entry->principal->realm.length = u_princ_size; tmpdata = malloc(u_princ_size+1); if (!tmpdata) { error = ENOMEM; @@ -1293,10 +1293,10 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke tmpdata[princ_size] = 0; /* Some things might be expecting null */ /* termination... ``Be conservative in */ /* what you send out'' */ - krb5_princ_set_realm_data(context, ret_entry->principal, tmpdata); + ret_entry->principal->realm.data = tmpdata; for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); + princ = &ret_entry->principal->data[i]; if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; @@ -1395,11 +1395,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke return 0; fail: - for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); - if (princ->data) - free(princ->data); - } + for (i = 0; i < ret_entry->principal->length; i++) + free(ret_entry->principal->data[i].data); free(ret_entry->principal->data); ret_entry->principal->data = 0; free(ret_entry->principal); @@ -1444,29 +1441,29 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent } if (KTVERSION(id) == KRB5_KT_VNO_1) { - count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1; + count = (krb5_int16)entry->principal->length + 1; } else { - count = htons((u_short) krb5_princ_size(context, entry->principal)); + count = htons((u_short)entry->principal->length); } if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) { abend: return KRB5_KT_IOERR; } - size = krb5_princ_realm(context, entry->principal)->length; + size = entry->principal->realm.length; if (KTVERSION(id) != KRB5_KT_VNO_1) size = htons(size); if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { goto abend; } - if (!fwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char), - krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { + if (!fwrite(entry->principal->realm.data, sizeof(char), + entry->principal->realm.length, KTFILEP(id))) { goto abend; } - count = (krb5_int16) krb5_princ_size(context, entry->principal); + count = (krb5_int16)entry->principal->length; for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, entry->principal, i); + princ = &entry->principal->data[i]; size = princ->length; if (KTVERSION(id) != KRB5_KT_VNO_1) size = htons(size); @@ -1482,7 +1479,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent * Write out the principal type */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - princ_type = htonl(krb5_princ_type(context, entry->principal)); + princ_type = htonl(entry->principal->type); if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { goto abend; } @@ -1563,15 +1560,13 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i krb5_int32 total_size, i; krb5_error_code retval = 0; - count = (krb5_int16) krb5_princ_size(context, entry->principal); + count = (krb5_int16)entry->principal->length; total_size = sizeof(count); - total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16)); + total_size += entry->principal->realm.length + sizeof(krb5_int16); - for (i = 0; i < count; i++) { - total_size += krb5_princ_component(context, entry->principal,i)->length - + (sizeof(krb5_int16)); - } + for (i = 0; i < count; i++) + total_size += entry->principal->data[i].length + sizeof(krb5_int16); total_size += sizeof(entry->principal->type); total_size += sizeof(entry->timestamp); diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c index 9c6a4dcce9..10268a0ff0 100644 --- a/src/lib/krb5/krb/bld_pr_ext.c +++ b/src/lib/krb5/krb/bld_pr_ext.c @@ -83,7 +83,7 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, } va_end(ap); *princ = princ_ret; - krb5_princ_type(context, princ_ret) = KRB5_NT_UNKNOWN; + princ_ret->type = KRB5_NT_UNKNOWN; return 0; free_out: diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c index ba411a6cd9..3dbe3561d5 100644 --- a/src/lib/krb5/krb/bld_princ.c +++ b/src/lib/krb5/krb/bld_princ.c @@ -70,8 +70,7 @@ build_principal_va(krb5_context context, krb5_principal princ, if (!retval) { princ->type = KRB5_NT_UNKNOWN; princ->magic = KV5M_PRINCIPAL; - krb5_princ_set_realm_data(context, princ, r); - krb5_princ_set_realm_length(context, princ, rlen); + princ->realm = make_data(r, rlen); princ->data = data; princ->length = count; r = NULL; /* take ownership */ diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 0d42c97dcd..2c29e62c61 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -298,7 +298,7 @@ check_realm_in_list (krb5_data *realm, void *data) Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data)); for (i = 0; cdata->tgs[i]; i++) { - if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm)) + if (data_eq (cdata->tgs[i]->realm, *realm)) return 0; } Tprintf (("BAD!\n")); diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c index 17b5ccc18a..04d4b6514a 100644 --- a/src/lib/krb5/krb/conv_princ.c +++ b/src/lib/krb5/krb/conv_princ.c @@ -162,10 +162,10 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, return KRB5_CONFIG_CANTOPEN; *name = *inst = '\0'; - switch (krb5_princ_size(context, princ)) { + switch (princ->length) { case 2: /* Check if this principal is listed in the table */ - compo = krb5_princ_component(context, princ, 0); + compo = &princ->data[0]; p = sconv_list; while (p->v4_str) { if (p->len == compo->length @@ -177,7 +177,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; if (p->flags & DO_REALM_CONVERSION) { - compo = krb5_princ_component(context, princ, 1); + compo = &princ->data[1]; c = strnchr(compo->data, '.', compo->length); if (!c || (c - compo->data) >= INST_SZ - 1) return KRB5_INVALID_PRINCIPAL; @@ -191,7 +191,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, /* If inst isn't set, the service isn't listed in the table, */ /* so just copy it. */ if (*inst == '\0') { - compo = krb5_princ_component(context, princ, 1); + compo = &princ->data[1]; if (compo->length >= INST_SZ - 1) return KRB5_INVALID_PRINCIPAL; memcpy(inst, compo->data, compo->length); @@ -201,7 +201,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, case 1: /* name may have been set above; otherwise, just copy it */ if (*name == '\0') { - compo = krb5_princ_component(context, princ, 0); + compo = &princ->data[0]; if (compo->length >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; memcpy(name, compo->data, compo->length); @@ -212,7 +212,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, return KRB5_INVALID_PRINCIPAL; } - compo = krb5_princ_realm(context, princ); + compo = &princ->realm; tmp_prealm = malloc(compo->length + 1); if (tmp_prealm == NULL) diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 3db027e174..0d0e6a0048 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -33,7 +33,7 @@ krb5_error_code KRB5_CALLCONV krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) { register krb5_principal tempprinc; - register int i, nelems; + krb5_int32 i; tempprinc = (krb5_principal)malloc(sizeof(krb5_principal_data)); @@ -42,20 +42,18 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri *tempprinc = *inprinc; - nelems = (int) krb5_princ_size(context, inprinc); - tempprinc->data = malloc(nelems * sizeof(krb5_data)); + tempprinc->data = malloc(inprinc->length * sizeof(krb5_data)); if (tempprinc->data == 0) { free(tempprinc); return ENOMEM; } - for (i = 0; i < nelems; i++) { - if (krb5int_copy_data_contents(context, - krb5_princ_component(context, inprinc, i), - krb5_princ_component(context, tempprinc, i)) != 0) { + for (i = 0; i < inprinc->length; i++) { + if (krb5int_copy_data_contents(context, &inprinc->data[i], + &tempprinc->data[i]) != 0) { while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); + free(tempprinc->data[i].data); free (tempprinc->data); free (tempprinc); return ENOMEM; @@ -64,8 +62,8 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri if (krb5int_copy_data_contents_add0(context, &inprinc->realm, &tempprinc->realm) != 0) { - for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); + for (i = 0; i < inprinc->length; i++) + free(tempprinc->data[i].data); free(tempprinc->data); free(tempprinc); return ENOMEM; diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 4555b71be9..84eaca441b 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -180,7 +180,7 @@ krb5int_fast_as_armor(krb5_context context, krb5_data *target_realm; krb5_clear_error_message(context); - target_realm = krb5_princ_realm(context, request->server); + target_realm = &request->server->realm; if (opte->opt_private->fast_ccache_name) { TRACE_FAST_ARMOR_CCACHE(context, opte->opt_private->fast_ccache_name); state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL; diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 250af3ad9b..a217d4c240 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -121,12 +121,12 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, if (tgt.addresses && *tgt.addresses) { if (rhost == NULL) { - if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { + if (server->type != KRB5_NT_SRV_HST) { retval = KRB5_FWD_BAD_PRINCIPAL; goto errout; } - if (krb5_princ_size(context, server) < 2){ + if (server->length < 2){ retval = KRB5_CC_BADNAME; goto errout; } diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 4c7268a7b9..92b53ecd0c 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -126,8 +126,8 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, /* We didn't request canonicalization. */ - if (!IS_TGS_PRINC(context, in_cred->server) || - !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + if (!IS_TGS_PRINC(in_cred->server) || + !IS_TGS_PRINC(dec_rep->ticket->server)) { /* Canonicalization not requested, and not a TGS referral. */ return KRB5_KDCREP_MODIFIED; } @@ -264,7 +264,7 @@ krb5int_process_tgs_reply(krb5_context context, /* make sure the response hasn't been tampered with..... */ retval = 0; - if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + if (s4u2self && !IS_TGS_PRINC(dec_rep->ticket->server)) { /* Final hop, check whether KDC supports S4U2Self */ if (krb5_principal_compare(context, dec_rep->client, in_cred->server)) retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; @@ -374,8 +374,7 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt, send_again: use_master = 0; - retval = krb5_sendto_kdc(context, &request_data, - krb5_princ_realm(context, in_cred->server), + retval = krb5_sendto_kdc(context, &request_data, &in_cred->server->realm, &response_data, &use_master, tcp_only); if (retval == 0) { if (krb5_is_krb_error(&response_data)) { diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index fc74c1617b..23c0a10838 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -563,7 +563,7 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx) /* Old versions of Active Directory can rewrite the server name instead of * returning a referral. Try a non-referral query if we see this. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) { + if (!IS_TGS_PRINC(ctx->reply_creds->server)) { TRACE_TKT_CREDS_NON_TGT(context, ctx->reply_creds->server); return begin_non_referral(context, ctx); } @@ -674,7 +674,7 @@ step_get_tgt_offpath(krb5_context context, krb5_tkt_creds_context ctx) return ctx->reply_code; /* Verify that we got a TGT. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) + if (!IS_TGS_PRINC(ctx->reply_creds->server)) return KRB5_KDCREP_MODIFIED; /* Use this tgt for the next request. */ @@ -879,7 +879,7 @@ step_get_tgt(krb5_context context, krb5_tkt_creds_context ctx) TRACE_TKT_CREDS_CLOSER_REALM(context, ctx->next_realm); } else { /* Verify that we got a TGT. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) + if (!IS_TGS_PRINC(ctx->reply_creds->server)) return KRB5_KDCREP_MODIFIED; /* Use this tgt for the next request regardless of what it is. */ diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index e5fd5542c4..15f7cc6dc6 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -158,12 +158,11 @@ verify_as_reply(krb5_context context, * principal) and we requested (and received) a TGT. */ canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || - (krb5_princ_type(context, request->client) == - KRB5_NT_ENTERPRISE_PRINCIPAL) || + request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL || (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS); if (canon_req) { - canon_ok = IS_TGS_PRINC(context, request->server) && - IS_TGS_PRINC(context, as_reply->enc_part2->server); + canon_ok = IS_TGS_PRINC(request->server) && + IS_TGS_PRINC(as_reply->enc_part2->server); if (!canon_ok && (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS)) { canon_ok = krb5_principal_compare_any_realm(context, as_reply->client, @@ -475,11 +474,8 @@ build_in_tkt_name(krb5_context context, * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ - if (krb5_princ_size(context, server) == 2 && - data_eq_string(*krb5_princ_component(context, server, 0), - KRB5_TGS_NAME)) { - krb5_princ_type(context, server) = KRB5_NT_SRV_INST; - } + if (server->length == 2 && data_eq_string(server->data[0], KRB5_TGS_NAME)) + server->type = KRB5_NT_SRV_INST; *server_out = server; return 0; } @@ -957,7 +953,7 @@ krb5_init_creds_init(krb5_context context, goto cleanup; krb5_free_principal(context, ctx->request->client); ctx->request->client = new_client; - krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; + ctx->request->client->type = KRB5_NT_WELLKNOWN; } } /* We will also handle anonymous if the input principal is the anonymous @@ -965,7 +961,7 @@ krb5_init_creds_init(krb5_context context, if (krb5_principal_compare_any_realm(context, ctx->request->client, krb5_anonymous_principal())) { ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS; - krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; + ctx->request->client->type = KRB5_NT_WELLKNOWN; } code = restart_init_creds_loop(context, ctx, NULL); if (code) @@ -1434,7 +1430,7 @@ init_creds_step_reply(krb5_context context, } else if (canon_flag && ctx->err_reply->error == KDC_ERR_WRONG_REALM) { if (ctx->err_reply->client == NULL || - !krb5_princ_realm(context, ctx->err_reply->client)->length) { + !ctx->err_reply->client->realm.length) { code = KRB5KDC_ERR_WRONG_REALM; goto cleanup; } diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 04535f6cc3..33261543f7 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -164,9 +164,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options, #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) +#define IS_TGS_PRINC(p) ((p)->length == 2 && \ + data_eq_string((p)->data[0], KRB5_TGS_NAME)) typedef krb5_error_code (*k5_pacb_fn)(krb5_context context, krb5_keyblock *subkey, krb5_kdc_req *req, diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 466861f737..32b2151827 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -389,9 +389,9 @@ krb5_free_principal(krb5_context context, krb5_principal val) return; if (val->data) { - i = krb5_princ_size(context, val); + i = val->length; while(--i >= 0) - free(krb5_princ_component(context, val, i)->data); + free(val->data[i].data); free(val->data); } free(val->realm.data); diff --git a/src/lib/krb5/krb/pr_to_salt.c b/src/lib/krb5/krb/pr_to_salt.c index 53fc0ae240..87fe91117f 100644 --- a/src/lib/krb5/krb/pr_to_salt.c +++ b/src/lib/krb5/krb/pr_to_salt.c @@ -39,33 +39,29 @@ principal2salt_internal(krb5_context context, krb5_data *ret, int use_realm) { unsigned int size = 0, offset=0; - krb5_int32 nelem; - register int i; + krb5_int32 i; *ret = empty_data(); if (pr == NULL) return 0; - nelem = krb5_princ_size(context, pr); - if (use_realm) - size += krb5_princ_realm(context, pr)->length; + size += pr->realm.length; - for (i = 0; i < (int) nelem; i++) - size += krb5_princ_component(context, pr, i)->length; + for (i = 0; i < pr->length; i++) + size += pr->data[i].length; if (alloc_data(ret, size)) return ENOMEM; if (use_realm) { - offset = krb5_princ_realm(context, pr)->length; - memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset); + offset = pr->realm.length; + memcpy(ret->data, pr->realm.data, offset); } - for (i = 0; i < (int) nelem; i++) { - memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, - krb5_princ_component(context, pr, i)->length); - offset += krb5_princ_component(context, pr, i)->length; + for (i = 0; i < pr->length; i++) { + memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length); + offset += pr->data[i].length; } return 0; } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index db0d3058c1..994f41d45c 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -33,8 +33,8 @@ realm_compare_flags(krb5_context context, krb5_const_principal princ2, int flags) { - const krb5_data *realm1 = krb5_princ_realm(context, princ1); - const krb5_data *realm2 = krb5_princ_realm(context, princ2); + const krb5_data *realm1 = &princ1->realm; + const krb5_data *realm2 = &princ2->realm; if (realm1->length != realm2->length) return FALSE; @@ -79,8 +79,7 @@ krb5_principal_compare_flags(krb5_context context, krb5_const_principal princ2, int flags) { - register int i; - krb5_int32 nelem; + krb5_int32 i; unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0; unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0; krb5_principal upn1 = NULL; @@ -89,27 +88,26 @@ krb5_principal_compare_flags(krb5_context context, if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { /* Treat UPNs as if they were real principals */ - if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (upn_to_principal(context, princ1, &upn1) == 0) princ1 = upn1; } - if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (princ2->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (upn_to_principal(context, princ2, &upn2) == 0) princ2 = upn2; } } - nelem = krb5_princ_size(context, princ1); - if (nelem != krb5_princ_size(context, princ2)) + if (princ1->length != princ2->length) goto out; if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 && !realm_compare_flags(context, princ1, princ2, flags)) goto out; - for (i = 0; i < (int) nelem; i++) { - const krb5_data *p1 = krb5_princ_component(context, princ1, i); - const krb5_data *p2 = krb5_princ_component(context, princ2, i); + for (i = 0; i < princ1->length; i++) { + const krb5_data *p1 = &princ1->data[i]; + const krb5_data *p2 = &princ2->data[i]; krb5_boolean eq; if (casefold) { diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 6495baebed..bd447f3439 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -312,12 +312,12 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, server = req->ticket->server; } /* Get an rcache if necessary. */ - if (((*auth_context)->rcache == NULL) - && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) - && server) { - if ((retval = krb5_get_server_rcache(context, - krb5_princ_component(context,server,0), - &(*auth_context)->rcache))) + if (((*auth_context)->rcache == NULL) && + ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && + server != NULL && server->length > 0) { + retval = krb5_get_server_rcache(context, &server->data[0], + &(*auth_context)->rcache); + if (retval) goto cleanup; } /* okay, now check cross-realm policy */ @@ -343,7 +343,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_data * realm; krb5_transited * trans; - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + realm = &req->ticket->enc_part2->client->realm; trans = &(req->ticket->enc_part2->transited); /* @@ -366,7 +366,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_data * realm; krb5_transited * trans; - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + realm = &req->ticket->enc_part2->client->realm; trans = &(req->ticket->enc_part2->transited); /* @@ -376,8 +376,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, */ if (trans->tr_contents.length > 0 && trans->tr_contents.data[0]) { retval = krb5_check_transited_list(context, &(trans->tr_contents), - realm, - krb5_princ_realm (context,server)); + realm, &server->realm); } } diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index aa6e3785fb..da83628303 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -132,9 +132,9 @@ recvauth_common(krb5_context context, /* * Setup the replay cache. */ - if (server) { - problem = krb5_get_server_rcache(context, - krb5_princ_component(context, server, 0), &rcache); + if (server != NULL && server->length > 0) { + problem = krb5_get_server_rcache(context, &server->data[0], + &rcache); } else { null_server.length = 7; null_server.data = "default"; diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index 8d5f130a54..b7bb9fe5b0 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -74,8 +74,7 @@ s4u_identify_user(krb5_context context, } if (in_creds->client != NULL && - krb5_princ_type(context, in_creds->client) != - KRB5_NT_ENTERPRISE_PRINCIPAL) { + in_creds->client->type != KRB5_NT_ENTERPRISE_PRINCIPAL) { int anonymous; anonymous = krb5_principal_compare(context, in_creds->client, @@ -142,37 +141,32 @@ make_pa_for_user_checksum(krb5_context context, { krb5_error_code code; int i; - krb5_int32 name_type; char *p; krb5_data data; data.length = 4; - for (i = 0; i < krb5_princ_size(context, req->user); i++) { - data.length += krb5_princ_component(context, req->user, i)->length; - } - data.length += krb5_princ_realm(context, req->user)->length; + for (i = 0; i < req->user->length; i++) + data.length += req->user->data[i].length; + data.length += req->user->realm.length; data.length += req->auth_package.length; p = data.data = malloc(data.length); if (data.data == NULL) return ENOMEM; - name_type = krb5_princ_type(context, req->user); - p[0] = (name_type >> 0 ) & 0xFF; - p[1] = (name_type >> 8 ) & 0xFF; - p[2] = (name_type >> 16) & 0xFF; - p[3] = (name_type >> 24) & 0xFF; + p[0] = (req->user->type >> 0) & 0xFF; + p[1] = (req->user->type >> 8) & 0xFF; + p[2] = (req->user->type >> 16) & 0xFF; + p[3] = (req->user->type >> 24) & 0xFF; p += 4; - for (i = 0; i < krb5_princ_size(context, req->user); i++) { - memcpy(p, krb5_princ_component(context, req->user, i)->data, - krb5_princ_component(context, req->user, i)->length); - p += krb5_princ_component(context, req->user, i)->length; + for (i = 0; i < req->user->length; i++) { + memcpy(p, req->user->data[i].data, req->user->data[i].length); + p += req->user->data[i].length; } - memcpy(p, krb5_princ_realm(context, req->user)->data, - krb5_princ_realm(context, req->user)->length); - p += krb5_princ_realm(context, req->user)->length; + memcpy(p, req->user->realm.data, req->user->realm.length); + p += req->user->realm.length; memcpy(p, req->auth_package.data, req->auth_package.length); @@ -467,11 +461,8 @@ krb5_get_self_cred_from_kdc(krb5_context context, memset(&s4u_user, 0, sizeof(s4u_user)); - if (in_creds->client != NULL && - krb5_princ_size(context, in_creds->client)) { - if (krb5_princ_type(context, in_creds->client) == - KRB5_NT_ENTERPRISE_PRINCIPAL) - { + if (in_creds->client != NULL && in_creds->client->length > 0) { + if (in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { code = krb5_build_principal_ext(context, &s4u_user.user_id.user, user_realm->length, @@ -502,8 +493,8 @@ krb5_get_self_cred_from_kdc(krb5_context context, s4u_user.user_id.options = KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE; /* First, acquire a TGT to the user's realm. */ - code = krb5int_tgtname(context, user_realm, - krb5_princ_realm(context, in_creds->server), &tgs); + code = krb5int_tgtname(context, user_realm, &in_creds->server->realm, + &tgs); if (code != 0) goto cleanup; @@ -547,8 +538,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, krb5_pa_data **enc_padata = NULL; krb5_keyblock *subkey = NULL; - if (s4u_user.user_id.user != NULL && - krb5_princ_size(context, s4u_user.user_id.user)) { + if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) { in_padata = calloc(2, sizeof(krb5_pa_data *)); if (in_padata == NULL) { code = ENOMEM; @@ -606,7 +596,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, (*out_creds)->server)) { code = 0; goto cleanup; - } else if (IS_TGS_PRINC(context, (*out_creds)->server)) { + } else if (IS_TGS_PRINC((*out_creds)->server)) { krb5_data *r1 = &tgtptr->server->data[1]; krb5_data *r2 = &(*out_creds)->server->data[1]; @@ -693,10 +683,8 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options, goto cleanup; } - code = krb5_get_self_cred_from_kdc(context, options, ccache, - in_creds, subject_cert, - krb5_princ_realm(context, realm), - out_creds); + code = krb5_get_self_cred_from_kdc(context, options, ccache, in_creds, + subject_cert, &realm->realm, out_creds); if (code != 0) goto cleanup; diff --git a/src/lib/krb5/krb/set_realm.c b/src/lib/krb5/krb/set_realm.c index 5a7f81a447..9697ff6eed 100644 --- a/src/lib/krb5/krb/set_realm.c +++ b/src/lib/krb5/krb/set_realm.c @@ -41,10 +41,8 @@ krb5_set_principal_realm(krb5_context context, krb5_principal principal, if (!newrealm) return ENOMEM; - (void) free(krb5_princ_realm(context,principal)->data); - - krb5_princ_realm(context, principal)->length = length; - krb5_princ_realm(context, principal)->data = newrealm; + free(principal->realm.data); + principal->realm = make_data(newrealm, length); return 0; } diff --git a/src/lib/krb5/krb/t_princ.c b/src/lib/krb5/krb/t_princ.c index 502c22a4ea..78ca178995 100644 --- a/src/lib/krb5/krb/t_princ.c +++ b/src/lib/krb5/krb/t_princ.c @@ -101,7 +101,7 @@ test_princ(krb5_context context) err(context, 0, "%s != %s", princ_short, princ_unparsed); free(princ_unparsed); - realm = krb5_princ_realm(context, p)->data; + realm = p->realm.data; asprintf(&princ_reformed, "%s@%s", princ_short, realm); diff --git a/src/lib/krb5/krb/tgtname.c b/src/lib/krb5/krb/tgtname.c index 1cd113a1d5..0ffeb17df4 100644 --- a/src/lib/krb5/krb/tgtname.c +++ b/src/lib/krb5/krb/tgtname.c @@ -42,7 +42,7 @@ krb5int_tgtname(krb5_context context, const krb5_data *server, const krb5_data * * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ - krb5_princ_type(context, *tgtprinc) = KRB5_NT_SRV_INST; + (*tgtprinc)->type = KRB5_NT_SRV_INST; return ret; } diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index d774b7c12d..779121a860 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -144,8 +144,7 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, int flags, char **name, unsigned int *size) { char *q; - int i; - krb5_int32 nelem; + krb5_int32 i; unsigned int totalsize = 0; char *default_realm = NULL; krb5_error_code ret = 0; @@ -161,26 +160,22 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, if (ret != 0) goto cleanup; - krb5_princ_realm(context, &p)->length = strlen(default_realm); - krb5_princ_realm(context, &p)->data = default_realm; + p.realm = string2data(default_realm); if (krb5_realm_compare(context, &p, principal)) flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; } if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { - totalsize += component_length_quoted(krb5_princ_realm(context, - principal), - flags); + totalsize += component_length_quoted(&principal->realm, flags); totalsize++; /* This is for the separator */ } - nelem = krb5_princ_size(context, principal); - for (i = 0; i < (int) nelem; i++) { - totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags); + for (i = 0; i < principal->length; i++) { + totalsize += component_length_quoted(&principal->data[i], flags); totalsize++; /* This is for the separator */ } - if (nelem == 0) + if (principal->length == 0) totalsize++; /* @@ -208,12 +203,8 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, q = *name; - for (i = 0; i < (int) nelem; i++) { - q += copy_component_quoting(q, - krb5_princ_component(context, - principal, - i), - flags); + for (i = 0; i < principal->length; i++) { + q += copy_component_quoting(q, &principal->data[i], flags); *q++ = COMPONENT_SEP; } @@ -221,7 +212,7 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, q--; /* Back up last component separator */ if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { *q++ = REALM_SEP; - q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags); + q += copy_component_quoting(q, &principal->realm, flags); } *q++ = '\0'; diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 46f4f0e5f3..25b89db49f 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -252,10 +252,9 @@ change_set_password(krb5_context context, do { int socktype = (use_tcp ? SOCK_STREAM : SOCK_DGRAM); - if ((code = locate_kpasswd(callback_ctx.context, - krb5_princ_realm(callback_ctx.context, - creds->server), - &sl, socktype))) + code = locate_kpasswd(callback_ctx.context, &creds->server->realm, &sl, + socktype); + if (code) break; addrlen = sizeof(remote_addr); @@ -404,8 +403,8 @@ krb5_set_password_using_ccache(krb5_context context, code = krb5_cc_get_principal (context, ccache, &creds.client); if (!code) { code = krb5_build_principal(context, &creds.server, - krb5_princ_realm(context, change_password_for)->length, - krb5_princ_realm(context, change_password_for)->data, + change_password_for->realm.length, + change_password_for->realm.data, "kadmin", "changepw", NULL); if (!code) { code = krb5_get_credentials(context, 0, ccache, &creds, &credsp); diff --git a/src/lib/krb5/os/localauth_rule.c b/src/lib/krb5/os/localauth_rule.c index bf4b21dafa..584dcba540 100644 --- a/src/lib/krb5/os/localauth_rule.c +++ b/src/lib/krb5/os/localauth_rule.c @@ -251,10 +251,7 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname, if (errno || ind > num_comps) break; current = end; - datap = ind > 0 ? krb5_princ_component(context, aname, ind - 1) : - krb5_princ_realm(context, aname); - if (!datap) - break; + datap = ind > 0 ? &aname->data[ind - 1] : &aname->realm; k5_buf_add_len(&selstring, datap->data, datap->length); } diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index cc99934d81..b3de66383e 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -177,7 +177,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * realm, sname, remote_host, (char *)0); if (retval == 0) - krb5_princ_type(context, *ret_princ) = type; + (*ret_princ)->type = type; TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ); -- cgit