diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-05-22 17:23:00 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-29 17:15:00 +0200 |
| commit | 4d7b630992da3d0c646b27268a85e6e8c30eebfe (patch) | |
| tree | 320a27df3f29f4227397dcf41ccec31b4f932a5f /daemons | |
| parent | 7f923f922a28aa34eb6ee3b0e94c1cba223d285c (diff) | |
| download | freeipa-4d7b630992da3d0c646b27268a85e6e8c30eebfe.tar.gz freeipa-4d7b630992da3d0c646b27268a85e6e8c30eebfe.tar.xz freeipa-4d7b630992da3d0c646b27268a85e6e8c30eebfe.zip | |
ipa-kdb: common function to get key encodings/salt types
This patch moves duplicate code in `ipadb_get_connection` to get default and
supported key encodings/salt types from Kerberos container to a common
function handling this task.
It is actually a small cosmetic enhancement of the fix of
https://fedorahosted.org/freeipa/ticket/4914
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 129 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 3 |
2 files changed, 62 insertions, 70 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index fff35c9c9..3d5e15680 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -317,19 +317,68 @@ ipadb_get_global_config(struct ipadb_context *ipactx) return &ipactx->config; } -int ipadb_get_connection(struct ipadb_context *ipactx) +int ipadb_get_enc_salt_types(struct ipadb_context *ipactx, + LDAPMessage *entry, char *attr, + krb5_key_salt_tuple **enc_salt_types, + int *n_enc_salt_types) { struct berval **vals = NULL; + char **cvals = NULL; + int c = 0; + int i; + int ret = 0; + krb5_key_salt_tuple *kst; + int n_kst; + + vals = ldap_get_values_len(ipactx->lcontext, entry, attr); + if (!vals || !vals[0]) { + goto done; + } + + for (c = 0; vals[c]; c++) /* count */ ; + cvals = calloc(c, sizeof(char *)); + if (!cvals) { + ret = ENOMEM; + goto done; + } + for (i = 0; i < c; i++) { + cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); + if (!cvals[i]) { + ret = ENOMEM; + goto done; + } + } + + ret = parse_bval_key_salt_tuples(ipactx->kcontext, + (const char * const *)cvals, c, + &kst, &n_kst); + if (ret) { + goto done; + } + + if (*enc_salt_types) { + free(*enc_salt_types); + } + + *enc_salt_types = kst; + *n_enc_salt_types = n_kst; + +done: + ldap_value_free_len(vals); + for (i = 0; i < c && cvals[i]; i++) { + free(cvals[i]); + } + free(cvals); + return ret; +} + +int ipadb_get_connection(struct ipadb_context *ipactx) +{ struct timeval tv = { 5, 0 }; LDAPMessage *res = NULL; LDAPMessage *first; - krb5_key_salt_tuple *kst; - int n_kst; int ret; int v3; - int i; - char **cvals = NULL; - int c = 0; if (!ipactx->uri) { return EINVAL; @@ -386,74 +435,20 @@ int ipadb_get_connection(struct ipadb_context *ipactx) /* defaults first, this is used to tell what default enc:salts to use * for kadmin password changes */ - vals = ldap_get_values_len(ipactx->lcontext, first, - "krbDefaultEncSaltTypes"); - if (!vals || !vals[0]) { - goto done; - } - - for (c = 0; vals[c]; c++) /* count */ ; - cvals = calloc(c, sizeof(char *)); - if (!cvals) { - ret = ENOMEM; - goto done; - } - for (i = 0; i < c; i++) { - cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); - if (!cvals[i]) { - ret = ENOMEM; - goto done; - } - } - - ret = parse_bval_key_salt_tuples(ipactx->kcontext, - (const char * const *)cvals, c, - &kst, &n_kst); + ret = ipadb_get_enc_salt_types(ipactx, first, "krbDefaultEncSaltTypes", + &ipactx->def_encs, &ipactx->n_def_encs); if (ret) { goto done; } - if (ipactx->def_encs) { - free(ipactx->def_encs); - } - ipactx->def_encs = kst; - ipactx->n_def_encs = n_kst; - /* supported enc salt types, use to tell kadmin what to accept * but also to detect if kadmin is requesting the default set */ - vals = ldap_get_values_len(ipactx->lcontext, first, - "krbSupportedEncSaltTypes"); - if (!vals || !vals[0]) { - goto done; - } - - for (c = 0; vals[c]; c++) /* count */ ; - cvals = calloc(c, sizeof(char *)); - if (!cvals) { - ret = ENOMEM; - goto done; - } - for (i = 0; i < c; i++) { - cvals[i] = strndup(vals[i]->bv_val, vals[i]->bv_len); - if (!cvals[i]) { - ret = ENOMEM; - goto done; - } - } - - ret = parse_bval_key_salt_tuples(ipactx->kcontext, - (const char * const *)cvals, c, - &kst, &n_kst); + ret = ipadb_get_enc_salt_types(ipactx, first, "krbSupportedEncSaltTypes", + &ipactx->supp_encs, &ipactx->n_supp_encs); if (ret) { goto done; } - if (ipactx->supp_encs) { - free(ipactx->supp_encs); - } - ipactx->supp_encs = kst; - ipactx->n_supp_encs = n_kst; - /* get additional options */ ret = ipadb_load_global_config(ipactx); if (ret) { @@ -471,12 +466,6 @@ int ipadb_get_connection(struct ipadb_context *ipactx) done: ldap_msgfree(res); - ldap_value_free_len(vals); - for (i = 0; i < c && cvals[i]; i++) { - free(cvals[i]); - } - free(cvals); - if (ret) { if (ipactx->lcontext) { ldap_unbind_ext_s(ipactx->lcontext, NULL, NULL); diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 3c6138599..4abb7335d 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -295,3 +295,6 @@ void ipadb_parse_user_auth(LDAP *lcontext, LDAPMessage *le, enum ipadb_user_auth *user_auth); const struct ipadb_global_config * ipadb_get_global_config(struct ipadb_context *ipactx); +int ipadb_get_enc_salt_types(struct ipadb_context *ipactx, LDAPMessage *entry, + char *attr, krb5_key_salt_tuple **enc_salt_types, + int *n_enc_salt_types); |