summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c111
-rw-r--r--util/ipa_krb5.c73
-rw-r--r--util/ipa_krb5.h6
3 files changed, 99 insertions, 91 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 93461e68d..f36fc774b 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -67,81 +67,6 @@ static const char *ipapwd_def_encsalts[] = {
NULL
};
-static int new_ipapwd_encsalt(krb5_context krbctx,
- const char * const *encsalts,
- krb5_key_salt_tuple **es_types,
- int *num_es_types)
-{
- krb5_key_salt_tuple *es;
- int nes, i;
- int rc;
-
- for (i = 0; encsalts[i]; i++) /* count */ ;
- es = calloc(i + 1, sizeof(krb5_key_salt_tuple));
- if (!es) {
- LOG_OOM();
- rc = LDAP_OPERATIONS_ERROR;
- goto fail;
- }
-
- for (i = 0, nes = 0; encsalts[i]; i++) {
- char *enc, *salt;
- krb5_int32 tmpsalt;
- krb5_enctype tmpenc;
- krb5_boolean similar;
- krb5_error_code krberr;
- int j;
-
- enc = strdup(encsalts[i]);
- if (!enc) {
- LOG_OOM();
- rc = LDAP_OPERATIONS_ERROR;
- goto fail;
- }
- salt = strchr(enc, ':');
- if (!salt) {
- LOG_FATAL("Invalid krb5 enc string\n");
- free(enc);
- continue;
- }
- *salt = '\0'; /* null terminate the enc type */
- salt++; /* skip : */
-
- krberr = krb5_string_to_enctype(enc, &tmpenc);
- if (krberr) {
- LOG_FATAL("Invalid krb5 enctype\n");
- free(enc);
- continue;
- }
-
- krberr = krb5_string_to_salttype(salt, &tmpsalt);
- for (j = 0; j < nes; j++) {
- krb5_c_enctype_compare(krbctx, es[j].ks_enctype, tmpenc, &similar);
- if (similar && (es[j].ks_salttype == tmpsalt)) {
- break;
- }
- }
-
- if (j == nes) {
- /* not found */
- es[j].ks_enctype = tmpenc;
- es[j].ks_salttype = tmpsalt;
- nes++;
- }
-
- free(enc);
- }
-
- *es_types = es;
- *num_es_types = nes;
-
- return LDAP_SUCCESS;
-
-fail:
- free(es);
- return rc;
-}
-
static struct ipapwd_krbcfg *ipapwd_getConfig(void)
{
krb5_error_code krberr;
@@ -245,17 +170,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
encsalts = slapi_entry_attr_get_charray(realm_entry,
"krbSupportedEncSaltTypes");
if (encsalts) {
- ret = new_ipapwd_encsalt(config->krbctx,
- (const char * const *)encsalts,
- &config->supp_encsalts,
- &config->num_supp_encsalts);
+ for (i = 0; encsalts[i]; i++) /* count */ ;
+ ret = parse_bval_key_salt_tuples(config->krbctx,
+ (const char * const *)encsalts, i,
+ &config->supp_encsalts,
+ &config->num_supp_encsalts);
slapi_ch_array_free(encsalts);
} else {
LOG("No configured salt types use defaults\n");
- ret = new_ipapwd_encsalt(config->krbctx,
- ipapwd_def_encsalts,
- &config->supp_encsalts,
- &config->num_supp_encsalts);
+ for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ;
+ ret = parse_bval_key_salt_tuples(config->krbctx,
+ ipapwd_def_encsalts, i,
+ &config->supp_encsalts,
+ &config->num_supp_encsalts);
}
if (ret) {
LOG_FATAL("Can't get Supported EncSalt Types\n");
@@ -267,17 +194,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
encsalts = slapi_entry_attr_get_charray(realm_entry,
"krbDefaultEncSaltTypes");
if (encsalts) {
- ret = new_ipapwd_encsalt(config->krbctx,
- (const char * const *)encsalts,
- &config->pref_encsalts,
- &config->num_pref_encsalts);
+ for (i = 0; encsalts[i]; i++) /* count */ ;
+ ret = parse_bval_key_salt_tuples(config->krbctx,
+ (const char * const *)encsalts, i,
+ &config->pref_encsalts,
+ &config->num_pref_encsalts);
slapi_ch_array_free(encsalts);
} else {
LOG("No configured salt types use defaults\n");
- ret = new_ipapwd_encsalt(config->krbctx,
- ipapwd_def_encsalts,
- &config->pref_encsalts,
- &config->num_pref_encsalts);
+ for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ;
+ ret = parse_bval_key_salt_tuples(config->krbctx,
+ ipapwd_def_encsalts, i,
+ &config->pref_encsalts,
+ &config->num_pref_encsalts);
}
if (ret) {
LOG_FATAL("Can't get Preferred EncSalt Types\n");
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index 3cedbedb6..96056c769 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -379,3 +379,76 @@ done:
return ret;
}
+krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext,
+ const char * const *vals,
+ int n_vals,
+ krb5_key_salt_tuple **kst,
+ int *n_kst)
+{
+ krb5_error_code kerr;
+ krb5_key_salt_tuple *ks;
+ int n_ks;
+ int i;
+
+ ks = calloc(n_vals + 1, sizeof(krb5_key_salt_tuple));
+ if (!ks) {
+ return ENOMEM;
+ }
+
+ for (i = 0, n_ks = 0; i < n_vals; i++) {
+ char *enc, *salt;
+ krb5_int32 tmpsalt;
+ krb5_enctype tmpenc;
+ krb5_boolean similar;
+ krb5_error_code krberr;
+ int j;
+
+ enc = strdup(vals[i]);
+ if (!enc) {
+ kerr = ENOMEM;
+ goto fail;
+ }
+
+ salt = strchr(enc, ':');
+ if (!salt) {
+ free(enc);
+ continue;
+ }
+ *salt = '\0'; /* null terminate the enc type */
+ salt++; /* skip : */
+
+ krberr = krb5_string_to_enctype(enc, &tmpenc);
+ if (krberr) {
+ free(enc);
+ continue;
+ }
+
+ krberr = krb5_string_to_salttype(salt, &tmpsalt);
+ for (j = 0; j < n_ks; j++) {
+ krb5_c_enctype_compare(kcontext,
+ ks[j].ks_enctype, tmpenc, &similar);
+ if (similar && (ks[j].ks_salttype == tmpsalt)) {
+ break;
+ }
+ }
+
+ if (j == n_ks) {
+ /* not found */
+ ks[j].ks_enctype = tmpenc;
+ ks[j].ks_salttype = tmpsalt;
+ n_ks++;
+ }
+
+ free(enc);
+ }
+
+ *kst = ks;
+ *n_kst = n_ks;
+
+ return 0;
+
+fail:
+ free(ks);
+ return kerr;
+}
+
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
index ee6078db3..7019e5e63 100644
--- a/util/ipa_krb5.h
+++ b/util/ipa_krb5.h
@@ -26,4 +26,10 @@ int ber_encode_krb5_key_data(krb5_key_data *data,
int numk, int mkvno,
struct berval **encoded);
+krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext,
+ const char * const *vals,
+ int n_vals,
+ krb5_key_salt_tuple **kst,
+ int *n_kst);
+
#endif /* __IPA_KRB5_H_ */
generated by cgit (git 2.34.1) at 2024-05-03 06:48:56 +0000