diff options
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb.c')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 129 |
1 files changed, 59 insertions, 70 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index fff35c9c9..3d5e15680 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -317,19 +317,68 @@ ipadb_get_global_config(struct ipadb_context *ipactx) return &ipactx->config; } -int ipadb_get_connection(struct ipadb_context *ipactx) +int ipadb_get_enc_salt_types(struct ipadb_context *ipactx, + LDAPMessage *entry, char *attr, + krb5_key_salt_tuple **enc_salt_types, + int *n_enc_salt_types) { struct berval **vals = NULL; + char **cvals = NULL; + int c = 0; + int i; + int ret = 0; + krb5_key_salt_tuple *kst; + int n_kst; + + vals = ldap_get_values_len(ipactx->lcontext, entry, attr); + if (!vals || !vals[0]) { + goto done; + } + + for (c = 0; vals[c]; c++) /* count */ ; + cvals = calloc(c, sizeof(char *)); + if (!cvals) { + ret = ENOMEM; + goto done; + } + for (i = 0; i < c; i++) { + cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); + if (!cvals[i]) { + ret = ENOMEM; + goto done; + } + } + + ret = parse_bval_key_salt_tuples(ipactx->kcontext, + (const char * const *)cvals, c, + &kst, &n_kst); + if (ret) { + goto done; + } + + if (*enc_salt_types) { + free(*enc_salt_types); + } + + *enc_salt_types = kst; + *n_enc_salt_types = n_kst; + +done: + ldap_value_free_len(vals); + for (i = 0; i < c && cvals[i]; i++) { + free(cvals[i]); + } + free(cvals); + return ret; +} + +int ipadb_get_connection(struct ipadb_context *ipactx) +{ struct timeval tv = { 5, 0 }; LDAPMessage *res = NULL; LDAPMessage *first; - krb5_key_salt_tuple *kst; - int n_kst; int ret; int v3; - int i; - char **cvals = NULL; - int c = 0; if (!ipactx->uri) { return EINVAL; @@ -386,74 +435,20 @@ int ipadb_get_connection(struct ipadb_context *ipactx) /* defaults first, this is used to tell what default enc:salts to use * for kadmin password changes */ - vals = ldap_get_values_len(ipactx->lcontext, first, - "krbDefaultEncSaltTypes"); - if (!vals || !vals[0]) { - goto done; - } - - for (c = 0; vals[c]; c++) /* count */ ; - cvals = calloc(c, sizeof(char *)); - if (!cvals) { - ret = ENOMEM; - goto done; - } - for (i = 0; i < c; i++) { - cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); - if (!cvals[i]) { - ret = ENOMEM; - goto done; - } - } - - ret = parse_bval_key_salt_tuples(ipactx->kcontext, - (const char * const *)cvals, c, - &kst, &n_kst); + ret = ipadb_get_enc_salt_types(ipactx, first, "krbDefaultEncSaltTypes", + &ipactx->def_encs, &ipactx->n_def_encs); if (ret) { goto done; } - if (ipactx->def_encs) { - free(ipactx->def_encs); - } - ipactx->def_encs = kst; - ipactx->n_def_encs = n_kst; - /* supported enc salt types, use to tell kadmin what to accept * but also to detect if kadmin is requesting the default set */ - vals = ldap_get_values_len(ipactx->lcontext, first, - "krbSupportedEncSaltTypes"); - if (!vals || !vals[0]) { - goto done; - } - - for (c = 0; vals[c]; c++) /* count */ ; - cvals = calloc(c, sizeof(char *)); - if (!cvals) { - ret = ENOMEM; - goto done; - } - for (i = 0; i < c; i++) { - cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); - if (!cvals[i]) { - ret = ENOMEM; - goto done; - } - } - - ret = parse_bval_key_salt_tuples(ipactx->kcontext, - (const char * const *)cvals, c, - &kst, &n_kst); + ret = ipadb_get_enc_salt_types(ipactx, first, "krbSupportedEncSaltTypes", + &ipactx->supp_encs, &ipactx->n_supp_encs); if (ret) { goto done; } - if (ipactx->supp_encs) { - free(ipactx->supp_encs); - } - ipactx->supp_encs = kst; - ipactx->n_supp_encs = n_kst; - /* get additional options */ ret = ipadb_load_global_config(ipactx); if (ret) { @@ -471,12 +466,6 @@ int ipadb_get_connection(struct ipadb_context *ipactx) done: ldap_msgfree(res); - ldap_value_free_len(vals); - for (i = 0; i < c && cvals[i]; i++) { - free(cvals[i]); - } - free(cvals); - if (ret) { if (ipactx->lcontext) { ldap_unbind_ext_s(ipactx->lcontext, NULL, NULL); |