From 7d41e7b4d43d882eb4cc99f0600078e0f34f1774 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Jun 2011 16:23:52 -0400 Subject: ipa-pwd-extop: make encsalt parsing function common It is going to be used by the ipa-kdb module too. --- .../ipa-pwd-extop/ipapwd_common.c | 111 ++++----------------- util/ipa_krb5.c | 73 ++++++++++++++ util/ipa_krb5.h | 6 ++ 3 files changed, 99 insertions(+), 91 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 93461e68d..f36fc774b 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -67,81 +67,6 @@ static const char *ipapwd_def_encsalts[] = { NULL }; -static int new_ipapwd_encsalt(krb5_context krbctx, - const char * const *encsalts, - krb5_key_salt_tuple **es_types, - int *num_es_types) -{ - krb5_key_salt_tuple *es; - int nes, i; - int rc; - - for (i = 0; encsalts[i]; i++) /* count */ ; - es = calloc(i + 1, sizeof(krb5_key_salt_tuple)); - if (!es) { - LOG_OOM(); - rc = LDAP_OPERATIONS_ERROR; - goto fail; - } - - for (i = 0, nes = 0; encsalts[i]; i++) { - char *enc, *salt; - krb5_int32 tmpsalt; - krb5_enctype tmpenc; - krb5_boolean similar; - krb5_error_code krberr; - int j; - - enc = strdup(encsalts[i]); - if (!enc) { - LOG_OOM(); - rc = LDAP_OPERATIONS_ERROR; - goto fail; - } - salt = strchr(enc, ':'); - if (!salt) { - LOG_FATAL("Invalid krb5 enc string\n"); - free(enc); - continue; - } - *salt = '\0'; /* null terminate the enc type */ - salt++; /* skip : */ - - krberr = krb5_string_to_enctype(enc, &tmpenc); - if (krberr) { - LOG_FATAL("Invalid krb5 enctype\n"); - free(enc); - continue; - } - - krberr = krb5_string_to_salttype(salt, &tmpsalt); - for (j = 0; j < nes; j++) { - krb5_c_enctype_compare(krbctx, es[j].ks_enctype, tmpenc, &similar); - if (similar && (es[j].ks_salttype == tmpsalt)) { - break; - } - } - - if (j == nes) { - /* not found */ - es[j].ks_enctype = tmpenc; - es[j].ks_salttype = tmpsalt; - nes++; - } - - free(enc); - } - - *es_types = es; - *num_es_types = nes; - - return LDAP_SUCCESS; - -fail: - free(es); - return rc; -} - static struct ipapwd_krbcfg *ipapwd_getConfig(void) { krb5_error_code krberr; @@ -245,17 +170,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) encsalts = slapi_entry_attr_get_charray(realm_entry, "krbSupportedEncSaltTypes"); if (encsalts) { - ret = new_ipapwd_encsalt(config->krbctx, - (const char * const *)encsalts, - &config->supp_encsalts, - &config->num_supp_encsalts); + for (i = 0; encsalts[i]; i++) /* count */ ; + ret = parse_bval_key_salt_tuples(config->krbctx, + (const char * const *)encsalts, i, + &config->supp_encsalts, + &config->num_supp_encsalts); slapi_ch_array_free(encsalts); } else { LOG("No configured salt types use defaults\n"); - ret = new_ipapwd_encsalt(config->krbctx, - ipapwd_def_encsalts, - &config->supp_encsalts, - &config->num_supp_encsalts); + for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ; + ret = parse_bval_key_salt_tuples(config->krbctx, + ipapwd_def_encsalts, i, + &config->supp_encsalts, + &config->num_supp_encsalts); } if (ret) { LOG_FATAL("Can't get Supported EncSalt Types\n"); @@ -267,17 +194,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) encsalts = slapi_entry_attr_get_charray(realm_entry, "krbDefaultEncSaltTypes"); if (encsalts) { - ret = new_ipapwd_encsalt(config->krbctx, - (const char * const *)encsalts, - &config->pref_encsalts, - &config->num_pref_encsalts); + for (i = 0; encsalts[i]; i++) /* count */ ; + ret = parse_bval_key_salt_tuples(config->krbctx, + (const char * const *)encsalts, i, + &config->pref_encsalts, + &config->num_pref_encsalts); slapi_ch_array_free(encsalts); } else { LOG("No configured salt types use defaults\n"); - ret = new_ipapwd_encsalt(config->krbctx, - ipapwd_def_encsalts, - &config->pref_encsalts, - &config->num_pref_encsalts); + for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ; + ret = parse_bval_key_salt_tuples(config->krbctx, + ipapwd_def_encsalts, i, + &config->pref_encsalts, + &config->num_pref_encsalts); } if (ret) { LOG_FATAL("Can't get Preferred EncSalt Types\n"); diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c index 3cedbedb6..96056c769 100644 --- a/util/ipa_krb5.c +++ b/util/ipa_krb5.c @@ -379,3 +379,76 @@ done: return ret; } +krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext, + const char * const *vals, + int n_vals, + krb5_key_salt_tuple **kst, + int *n_kst) +{ + krb5_error_code kerr; + krb5_key_salt_tuple *ks; + int n_ks; + int i; + + ks = calloc(n_vals + 1, sizeof(krb5_key_salt_tuple)); + if (!ks) { + return ENOMEM; + } + + for (i = 0, n_ks = 0; i < n_vals; i++) { + char *enc, *salt; + krb5_int32 tmpsalt; + krb5_enctype tmpenc; + krb5_boolean similar; + krb5_error_code krberr; + int j; + + enc = strdup(vals[i]); + if (!enc) { + kerr = ENOMEM; + goto fail; + } + + salt = strchr(enc, ':'); + if (!salt) { + free(enc); + continue; + } + *salt = '\0'; /* null terminate the enc type */ + salt++; /* skip : */ + + krberr = krb5_string_to_enctype(enc, &tmpenc); + if (krberr) { + free(enc); + continue; + } + + krberr = krb5_string_to_salttype(salt, &tmpsalt); + for (j = 0; j < n_ks; j++) { + krb5_c_enctype_compare(kcontext, + ks[j].ks_enctype, tmpenc, &similar); + if (similar && (ks[j].ks_salttype == tmpsalt)) { + break; + } + } + + if (j == n_ks) { + /* not found */ + ks[j].ks_enctype = tmpenc; + ks[j].ks_salttype = tmpsalt; + n_ks++; + } + + free(enc); + } + + *kst = ks; + *n_kst = n_ks; + + return 0; + +fail: + free(ks); + return kerr; +} + diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h index ee6078db3..7019e5e63 100644 --- a/util/ipa_krb5.h +++ b/util/ipa_krb5.h @@ -26,4 +26,10 @@ int ber_encode_krb5_key_data(krb5_key_data *data, int numk, int mkvno, struct berval **encoded); +krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext, + const char * const *vals, + int n_vals, + krb5_key_salt_tuple **kst, + int *n_kst); + #endif /* __IPA_KRB5_H_ */ -- cgit