diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-04-06 01:23:40 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-04-08 13:14:36 -0400 |
| commit | caaf72893a5be61822763eb471f4d573992479ed (patch) | |
| tree | 32ac388752173725b92540d9eae0ae2cabc633ac /src/lib/krb5/krb | |
| parent | 2defbe8939c1c11a9f76334443c63603a8b749bf (diff) | |
| download | krb5-caaf72893a5be61822763eb471f4d573992479ed.tar.gz krb5-caaf72893a5be61822763eb471f4d573992479ed.tar.xz krb5-caaf72893a5be61822763eb471f4d573992479ed.zip | |
Simplify principal access within libkrb5
For conciseness, directly use fields of krb5_principal objects instead
of using the accessor macros.
Diffstat (limited to 'src/lib/krb5/krb')
| -rw-r--r-- | src/lib/krb5/krb/bld_pr_ext.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/bld_princ.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/chk_trans.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/conv_princ.c | 12 | ||||
| -rw-r--r-- | src/lib/krb5/krb/copy_princ.c | 18 | ||||
| -rw-r--r-- | src/lib/krb5/krb/fast.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/fwd_tgt.c | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 9 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_creds.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 20 | ||||
| -rw-r--r-- | src/lib/krb5/krb/int-proto.h | 5 | ||||
| -rw-r--r-- | src/lib/krb5/krb/kfree.c | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/pr_to_salt.c | 22 | ||||
| -rw-r--r-- | src/lib/krb5/krb/princ_comp.c | 20 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_req_dec.c | 19 | ||||
| -rw-r--r-- | src/lib/krb5/krb/recvauth.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/s4u_creds.c | 54 | ||||
| -rw-r--r-- | src/lib/krb5/krb/set_realm.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/t_princ.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/tgtname.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/unparse.c | 27 |
21 files changed, 103 insertions, 142 deletions
diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c index 9c6a4dcce9..10268a0ff0 100644 --- a/src/lib/krb5/krb/bld_pr_ext.c +++ b/src/lib/krb5/krb/bld_pr_ext.c @@ -83,7 +83,7 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, } va_end(ap); *princ = princ_ret; - krb5_princ_type(context, princ_ret) = KRB5_NT_UNKNOWN; + princ_ret->type = KRB5_NT_UNKNOWN; return 0; free_out: diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c index ba411a6cd9..3dbe3561d5 100644 --- a/src/lib/krb5/krb/bld_princ.c +++ b/src/lib/krb5/krb/bld_princ.c @@ -70,8 +70,7 @@ build_principal_va(krb5_context context, krb5_principal princ, if (!retval) { princ->type = KRB5_NT_UNKNOWN; princ->magic = KV5M_PRINCIPAL; - krb5_princ_set_realm_data(context, princ, r); - krb5_princ_set_realm_length(context, princ, rlen); + princ->realm = make_data(r, rlen); princ->data = data; princ->length = count; r = NULL; /* take ownership */ diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 0d42c97dcd..2c29e62c61 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -298,7 +298,7 @@ check_realm_in_list (krb5_data *realm, void *data) Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data)); for (i = 0; cdata->tgs[i]; i++) { - if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm)) + if (data_eq (cdata->tgs[i]->realm, *realm)) return 0; } Tprintf (("BAD!\n")); diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c index 17b5ccc18a..04d4b6514a 100644 --- a/src/lib/krb5/krb/conv_princ.c +++ b/src/lib/krb5/krb/conv_princ.c @@ -162,10 +162,10 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, return KRB5_CONFIG_CANTOPEN; *name = *inst = '\0'; - switch (krb5_princ_size(context, princ)) { + switch (princ->length) { case 2: /* Check if this principal is listed in the table */ - compo = krb5_princ_component(context, princ, 0); + compo = &princ->data[0]; p = sconv_list; while (p->v4_str) { if (p->len == compo->length @@ -177,7 +177,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; if (p->flags & DO_REALM_CONVERSION) { - compo = krb5_princ_component(context, princ, 1); + compo = &princ->data[1]; c = strnchr(compo->data, '.', compo->length); if (!c || (c - compo->data) >= INST_SZ - 1) return KRB5_INVALID_PRINCIPAL; @@ -191,7 +191,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, /* If inst isn't set, the service isn't listed in the table, */ /* so just copy it. */ if (*inst == '\0') { - compo = krb5_princ_component(context, princ, 1); + compo = &princ->data[1]; if (compo->length >= INST_SZ - 1) return KRB5_INVALID_PRINCIPAL; memcpy(inst, compo->data, compo->length); @@ -201,7 +201,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, case 1: /* name may have been set above; otherwise, just copy it */ if (*name == '\0') { - compo = krb5_princ_component(context, princ, 0); + compo = &princ->data[0]; if (compo->length >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; memcpy(name, compo->data, compo->length); @@ -212,7 +212,7 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, return KRB5_INVALID_PRINCIPAL; } - compo = krb5_princ_realm(context, princ); + compo = &princ->realm; tmp_prealm = malloc(compo->length + 1); if (tmp_prealm == NULL) diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 3db027e174..0d0e6a0048 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -33,7 +33,7 @@ krb5_error_code KRB5_CALLCONV krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) { register krb5_principal tempprinc; - register int i, nelems; + krb5_int32 i; tempprinc = (krb5_principal)malloc(sizeof(krb5_principal_data)); @@ -42,20 +42,18 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri *tempprinc = *inprinc; - nelems = (int) krb5_princ_size(context, inprinc); - tempprinc->data = malloc(nelems * sizeof(krb5_data)); + tempprinc->data = malloc(inprinc->length * sizeof(krb5_data)); if (tempprinc->data == 0) { free(tempprinc); return ENOMEM; } - for (i = 0; i < nelems; i++) { - if (krb5int_copy_data_contents(context, - krb5_princ_component(context, inprinc, i), - krb5_princ_component(context, tempprinc, i)) != 0) { + for (i = 0; i < inprinc->length; i++) { + if (krb5int_copy_data_contents(context, &inprinc->data[i], + &tempprinc->data[i]) != 0) { while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); + free(tempprinc->data[i].data); free (tempprinc->data); free (tempprinc); return ENOMEM; @@ -64,8 +62,8 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri if (krb5int_copy_data_contents_add0(context, &inprinc->realm, &tempprinc->realm) != 0) { - for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); + for (i = 0; i < inprinc->length; i++) + free(tempprinc->data[i].data); free(tempprinc->data); free(tempprinc); return ENOMEM; diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 4555b71be9..84eaca441b 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -180,7 +180,7 @@ krb5int_fast_as_armor(krb5_context context, krb5_data *target_realm; krb5_clear_error_message(context); - target_realm = krb5_princ_realm(context, request->server); + target_realm = &request->server->realm; if (opte->opt_private->fast_ccache_name) { TRACE_FAST_ARMOR_CCACHE(context, opte->opt_private->fast_ccache_name); state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL; diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 250af3ad9b..a217d4c240 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -121,12 +121,12 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, if (tgt.addresses && *tgt.addresses) { if (rhost == NULL) { - if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { + if (server->type != KRB5_NT_SRV_HST) { retval = KRB5_FWD_BAD_PRINCIPAL; goto errout; } - if (krb5_princ_size(context, server) < 2){ + if (server->length < 2){ retval = KRB5_CC_BADNAME; goto errout; } diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 4c7268a7b9..92b53ecd0c 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -126,8 +126,8 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, /* We didn't request canonicalization. */ - if (!IS_TGS_PRINC(context, in_cred->server) || - !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + if (!IS_TGS_PRINC(in_cred->server) || + !IS_TGS_PRINC(dec_rep->ticket->server)) { /* Canonicalization not requested, and not a TGS referral. */ return KRB5_KDCREP_MODIFIED; } @@ -264,7 +264,7 @@ krb5int_process_tgs_reply(krb5_context context, /* make sure the response hasn't been tampered with..... */ retval = 0; - if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + if (s4u2self && !IS_TGS_PRINC(dec_rep->ticket->server)) { /* Final hop, check whether KDC supports S4U2Self */ if (krb5_principal_compare(context, dec_rep->client, in_cred->server)) retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; @@ -374,8 +374,7 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt, send_again: use_master = 0; - retval = krb5_sendto_kdc(context, &request_data, - krb5_princ_realm(context, in_cred->server), + retval = krb5_sendto_kdc(context, &request_data, &in_cred->server->realm, &response_data, &use_master, tcp_only); if (retval == 0) { if (krb5_is_krb_error(&response_data)) { diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index fc74c1617b..23c0a10838 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -563,7 +563,7 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx) /* Old versions of Active Directory can rewrite the server name instead of * returning a referral. Try a non-referral query if we see this. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) { + if (!IS_TGS_PRINC(ctx->reply_creds->server)) { TRACE_TKT_CREDS_NON_TGT(context, ctx->reply_creds->server); return begin_non_referral(context, ctx); } @@ -674,7 +674,7 @@ step_get_tgt_offpath(krb5_context context, krb5_tkt_creds_context ctx) return ctx->reply_code; /* Verify that we got a TGT. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) + if (!IS_TGS_PRINC(ctx->reply_creds->server)) return KRB5_KDCREP_MODIFIED; /* Use this tgt for the next request. */ @@ -879,7 +879,7 @@ step_get_tgt(krb5_context context, krb5_tkt_creds_context ctx) TRACE_TKT_CREDS_CLOSER_REALM(context, ctx->next_realm); } else { /* Verify that we got a TGT. */ - if (!IS_TGS_PRINC(context, ctx->reply_creds->server)) + if (!IS_TGS_PRINC(ctx->reply_creds->server)) return KRB5_KDCREP_MODIFIED; /* Use this tgt for the next request regardless of what it is. */ diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index e5fd5542c4..15f7cc6dc6 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -158,12 +158,11 @@ verify_as_reply(krb5_context context, * principal) and we requested (and received) a TGT. */ canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || - (krb5_princ_type(context, request->client) == - KRB5_NT_ENTERPRISE_PRINCIPAL) || + request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL || (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS); if (canon_req) { - canon_ok = IS_TGS_PRINC(context, request->server) && - IS_TGS_PRINC(context, as_reply->enc_part2->server); + canon_ok = IS_TGS_PRINC(request->server) && + IS_TGS_PRINC(as_reply->enc_part2->server); if (!canon_ok && (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS)) { canon_ok = krb5_principal_compare_any_realm(context, as_reply->client, @@ -475,11 +474,8 @@ build_in_tkt_name(krb5_context context, * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ - if (krb5_princ_size(context, server) == 2 && - data_eq_string(*krb5_princ_component(context, server, 0), - KRB5_TGS_NAME)) { - krb5_princ_type(context, server) = KRB5_NT_SRV_INST; - } + if (server->length == 2 && data_eq_string(server->data[0], KRB5_TGS_NAME)) + server->type = KRB5_NT_SRV_INST; *server_out = server; return 0; } @@ -957,7 +953,7 @@ krb5_init_creds_init(krb5_context context, goto cleanup; krb5_free_principal(context, ctx->request->client); ctx->request->client = new_client; - krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; + ctx->request->client->type = KRB5_NT_WELLKNOWN; } } /* We will also handle anonymous if the input principal is the anonymous @@ -965,7 +961,7 @@ krb5_init_creds_init(krb5_context context, if (krb5_principal_compare_any_realm(context, ctx->request->client, krb5_anonymous_principal())) { ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS; - krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; + ctx->request->client->type = KRB5_NT_WELLKNOWN; } code = restart_init_creds_loop(context, ctx, NULL); if (code) @@ -1434,7 +1430,7 @@ init_creds_step_reply(krb5_context context, } else if (canon_flag && ctx->err_reply->error == KDC_ERR_WRONG_REALM) { if (ctx->err_reply->client == NULL || - !krb5_princ_realm(context, ctx->err_reply->client)->length) { + !ctx->err_reply->client->realm.length) { code = KRB5KDC_ERR_WRONG_REALM; goto cleanup; } diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 04535f6cc3..33261543f7 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -164,9 +164,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options, #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) +#define IS_TGS_PRINC(p) ((p)->length == 2 && \ + data_eq_string((p)->data[0], KRB5_TGS_NAME)) typedef krb5_error_code (*k5_pacb_fn)(krb5_context context, krb5_keyblock *subkey, krb5_kdc_req *req, diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 466861f737..32b2151827 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -389,9 +389,9 @@ krb5_free_principal(krb5_context context, krb5_principal val) return; if (val->data) { - i = krb5_princ_size(context, val); + i = val->length; while(--i >= 0) - free(krb5_princ_component(context, val, i)->data); + free(val->data[i].data); free(val->data); } free(val->realm.data); diff --git a/src/lib/krb5/krb/pr_to_salt.c b/src/lib/krb5/krb/pr_to_salt.c index 53fc0ae240..87fe91117f 100644 --- a/src/lib/krb5/krb/pr_to_salt.c +++ b/src/lib/krb5/krb/pr_to_salt.c @@ -39,33 +39,29 @@ principal2salt_internal(krb5_context context, krb5_data *ret, int use_realm) { unsigned int size = 0, offset=0; - krb5_int32 nelem; - register int i; + krb5_int32 i; *ret = empty_data(); if (pr == NULL) return 0; - nelem = krb5_princ_size(context, pr); - if (use_realm) - size += krb5_princ_realm(context, pr)->length; + size += pr->realm.length; - for (i = 0; i < (int) nelem; i++) - size += krb5_princ_component(context, pr, i)->length; + for (i = 0; i < pr->length; i++) + size += pr->data[i].length; if (alloc_data(ret, size)) return ENOMEM; if (use_realm) { - offset = krb5_princ_realm(context, pr)->length; - memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset); + offset = pr->realm.length; + memcpy(ret->data, pr->realm.data, offset); } - for (i = 0; i < (int) nelem; i++) { - memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, - krb5_princ_component(context, pr, i)->length); - offset += krb5_princ_component(context, pr, i)->length; + for (i = 0; i < pr->length; i++) { + memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length); + offset += pr->data[i].length; } return 0; } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index db0d3058c1..994f41d45c 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -33,8 +33,8 @@ realm_compare_flags(krb5_context context, krb5_const_principal princ2, int flags) { - const krb5_data *realm1 = krb5_princ_realm(context, princ1); - const krb5_data *realm2 = krb5_princ_realm(context, princ2); + const krb5_data *realm1 = &princ1->realm; + const krb5_data *realm2 = &princ2->realm; if (realm1->length != realm2->length) return FALSE; @@ -79,8 +79,7 @@ krb5_principal_compare_flags(krb5_context context, krb5_const_principal princ2, int flags) { - register int i; - krb5_int32 nelem; + krb5_int32 i; unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0; unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0; krb5_principal upn1 = NULL; @@ -89,27 +88,26 @@ krb5_principal_compare_flags(krb5_context context, if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { /* Treat UPNs as if they were real principals */ - if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (upn_to_principal(context, princ1, &upn1) == 0) princ1 = upn1; } - if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (princ2->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (upn_to_principal(context, princ2, &upn2) == 0) princ2 = upn2; } } - nelem = krb5_princ_size(context, princ1); - if (nelem != krb5_princ_size(context, princ2)) + if (princ1->length != princ2->length) goto out; if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 && !realm_compare_flags(context, princ1, princ2, flags)) goto out; - for (i = 0; i < (int) nelem; i++) { - const krb5_data *p1 = krb5_princ_component(context, princ1, i); - const krb5_data *p2 = krb5_princ_component(context, princ2, i); + for (i = 0; i < princ1->length; i++) { + const krb5_data *p1 = &princ1->data[i]; + const krb5_data *p2 = &princ2->data[i]; krb5_boolean eq; if (casefold) { diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 6495baebed..bd447f3439 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -312,12 +312,12 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, server = req->ticket->server; } /* Get an rcache if necessary. */ - if (((*auth_context)->rcache == NULL) - && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) - && server) { - if ((retval = krb5_get_server_rcache(context, - krb5_princ_component(context,server,0), - &(*auth_context)->rcache))) + if (((*auth_context)->rcache == NULL) && + ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && + server != NULL && server->length > 0) { + retval = krb5_get_server_rcache(context, &server->data[0], + &(*auth_context)->rcache); + if (retval) goto cleanup; } /* okay, now check cross-realm policy */ @@ -343,7 +343,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_data * realm; krb5_transited * trans; - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + realm = &req->ticket->enc_part2->client->realm; trans = &(req->ticket->enc_part2->transited); /* @@ -366,7 +366,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_data * realm; krb5_transited * trans; - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + realm = &req->ticket->enc_part2->client->realm; trans = &(req->ticket->enc_part2->transited); /* @@ -376,8 +376,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, */ if (trans->tr_contents.length > 0 && trans->tr_contents.data[0]) { retval = krb5_check_transited_list(context, &(trans->tr_contents), - realm, - krb5_princ_realm (context,server)); + realm, &server->realm); } } diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index aa6e3785fb..da83628303 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -132,9 +132,9 @@ recvauth_common(krb5_context context, /* * Setup the replay cache. */ - if (server) { - problem = krb5_get_server_rcache(context, - krb5_princ_component(context, server, 0), &rcache); + if (server != NULL && server->length > 0) { + problem = krb5_get_server_rcache(context, &server->data[0], + &rcache); } else { null_server.length = 7; null_server.data = "default"; diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index 8d5f130a54..b7bb9fe5b0 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -74,8 +74,7 @@ s4u_identify_user(krb5_context context, } if (in_creds->client != NULL && - krb5_princ_type(context, in_creds->client) != - KRB5_NT_ENTERPRISE_PRINCIPAL) { + in_creds->client->type != KRB5_NT_ENTERPRISE_PRINCIPAL) { int anonymous; anonymous = krb5_principal_compare(context, in_creds->client, @@ -142,37 +141,32 @@ make_pa_for_user_checksum(krb5_context context, { krb5_error_code code; int i; - krb5_int32 name_type; char *p; krb5_data data; data.length = 4; - for (i = 0; i < krb5_princ_size(context, req->user); i++) { - data.length += krb5_princ_component(context, req->user, i)->length; - } - data.length += krb5_princ_realm(context, req->user)->length; + for (i = 0; i < req->user->length; i++) + data.length += req->user->data[i].length; + data.length += req->user->realm.length; data.length += req->auth_package.length; p = data.data = malloc(data.length); if (data.data == NULL) return ENOMEM; - name_type = krb5_princ_type(context, req->user); - p[0] = (name_type >> 0 ) & 0xFF; - p[1] = (name_type >> 8 ) & 0xFF; - p[2] = (name_type >> 16) & 0xFF; - p[3] = (name_type >> 24) & 0xFF; + p[0] = (req->user->type >> 0) & 0xFF; + p[1] = (req->user->type >> 8) & 0xFF; + p[2] = (req->user->type >> 16) & 0xFF; + p[3] = (req->user->type >> 24) & 0xFF; p += 4; - for (i = 0; i < krb5_princ_size(context, req->user); i++) { - memcpy(p, krb5_princ_component(context, req->user, i)->data, - krb5_princ_component(context, req->user, i)->length); - p += krb5_princ_component(context, req->user, i)->length; + for (i = 0; i < req->user->length; i++) { + memcpy(p, req->user->data[i].data, req->user->data[i].length); + p += req->user->data[i].length; } - memcpy(p, krb5_princ_realm(context, req->user)->data, - krb5_princ_realm(context, req->user)->length); - p += krb5_princ_realm(context, req->user)->length; + memcpy(p, req->user->realm.data, req->user->realm.length); + p += req->user->realm.length; memcpy(p, req->auth_package.data, req->auth_package.length); @@ -467,11 +461,8 @@ krb5_get_self_cred_from_kdc(krb5_context context, memset(&s4u_user, 0, sizeof(s4u_user)); - if (in_creds->client != NULL && - krb5_princ_size(context, in_creds->client)) { - if (krb5_princ_type(context, in_creds->client) == - KRB5_NT_ENTERPRISE_PRINCIPAL) - { + if (in_creds->client != NULL && in_creds->client->length > 0) { + if (in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { code = krb5_build_principal_ext(context, &s4u_user.user_id.user, user_realm->length, @@ -502,8 +493,8 @@ krb5_get_self_cred_from_kdc(krb5_context context, s4u_user.user_id.options = KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE; /* First, acquire a TGT to the user's realm. */ - code = krb5int_tgtname(context, user_realm, - krb5_princ_realm(context, in_creds->server), &tgs); + code = krb5int_tgtname(context, user_realm, &in_creds->server->realm, + &tgs); if (code != 0) goto cleanup; @@ -547,8 +538,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, krb5_pa_data **enc_padata = NULL; krb5_keyblock *subkey = NULL; - if (s4u_user.user_id.user != NULL && - krb5_princ_size(context, s4u_user.user_id.user)) { + if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) { in_padata = calloc(2, sizeof(krb5_pa_data *)); if (in_padata == NULL) { code = ENOMEM; @@ -606,7 +596,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, (*out_creds)->server)) { code = 0; goto cleanup; - } else if (IS_TGS_PRINC(context, (*out_creds)->server)) { + } else if (IS_TGS_PRINC((*out_creds)->server)) { krb5_data *r1 = &tgtptr->server->data[1]; krb5_data *r2 = &(*out_creds)->server->data[1]; @@ -693,10 +683,8 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options, goto cleanup; } - code = krb5_get_self_cred_from_kdc(context, options, ccache, - in_creds, subject_cert, - krb5_princ_realm(context, realm), - out_creds); + code = krb5_get_self_cred_from_kdc(context, options, ccache, in_creds, + subject_cert, &realm->realm, out_creds); if (code != 0) goto cleanup; diff --git a/src/lib/krb5/krb/set_realm.c b/src/lib/krb5/krb/set_realm.c index 5a7f81a447..9697ff6eed 100644 --- a/src/lib/krb5/krb/set_realm.c +++ b/src/lib/krb5/krb/set_realm.c @@ -41,10 +41,8 @@ krb5_set_principal_realm(krb5_context context, krb5_principal principal, if (!newrealm) return ENOMEM; - (void) free(krb5_princ_realm(context,principal)->data); - - krb5_princ_realm(context, principal)->length = length; - krb5_princ_realm(context, principal)->data = newrealm; + free(principal->realm.data); + principal->realm = make_data(newrealm, length); return 0; } diff --git a/src/lib/krb5/krb/t_princ.c b/src/lib/krb5/krb/t_princ.c index 502c22a4ea..78ca178995 100644 --- a/src/lib/krb5/krb/t_princ.c +++ b/src/lib/krb5/krb/t_princ.c @@ -101,7 +101,7 @@ test_princ(krb5_context context) err(context, 0, "%s != %s", princ_short, princ_unparsed); free(princ_unparsed); - realm = krb5_princ_realm(context, p)->data; + realm = p->realm.data; asprintf(&princ_reformed, "%s@%s", princ_short, realm); diff --git a/src/lib/krb5/krb/tgtname.c b/src/lib/krb5/krb/tgtname.c index 1cd113a1d5..0ffeb17df4 100644 --- a/src/lib/krb5/krb/tgtname.c +++ b/src/lib/krb5/krb/tgtname.c @@ -42,7 +42,7 @@ krb5int_tgtname(krb5_context context, const krb5_data *server, const krb5_data * * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ - krb5_princ_type(context, *tgtprinc) = KRB5_NT_SRV_INST; + (*tgtprinc)->type = KRB5_NT_SRV_INST; return ret; } diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index d774b7c12d..779121a860 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -144,8 +144,7 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, int flags, char **name, unsigned int *size) { char *q; - int i; - krb5_int32 nelem; + krb5_int32 i; unsigned int totalsize = 0; char *default_realm = NULL; krb5_error_code ret = 0; @@ -161,26 +160,22 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, if (ret != 0) goto cleanup; - krb5_princ_realm(context, &p)->length = strlen(default_realm); - krb5_princ_realm(context, &p)->data = default_realm; + p.realm = string2data(default_realm); if (krb5_realm_compare(context, &p, principal)) flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; } if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { - totalsize += component_length_quoted(krb5_princ_realm(context, - principal), - flags); + totalsize += component_length_quoted(&principal->realm, flags); totalsize++; /* This is for the separator */ } - nelem = krb5_princ_size(context, principal); - for (i = 0; i < (int) nelem; i++) { - totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags); + for (i = 0; i < principal->length; i++) { + totalsize += component_length_quoted(&principal->data[i], flags); totalsize++; /* This is for the separator */ } - if (nelem == 0) + if (principal->length == 0) totalsize++; /* @@ -208,12 +203,8 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, q = *name; - for (i = 0; i < (int) nelem; i++) { - q += copy_component_quoting(q, - krb5_princ_component(context, - principal, - i), - flags); + for (i = 0; i < principal->length; i++) { + q += copy_component_quoting(q, &principal->data[i], flags); *q++ = COMPONENT_SEP; } @@ -221,7 +212,7 @@ k5_unparse_name(krb5_context context, krb5_const_principal principal, q--; /* Back up last component separator */ if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { *q++ = REALM_SEP; - q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags); + q += copy_component_quoting(q, &principal->realm, flags); } *q++ = '\0'; |