IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-pwd-extop: make encsalt parsing function common

Browse Source 
It is going to be used by the ipa-kdb module too.
This commit is contained in:
Simo Sorce 2011-06-22 16:23:52 -04:00
parent eed401306c
commit 7d41e7b4d4
3 changed files with 99 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
View File

@ -67,81 +67,6 @@ static const char *ipapwd_def_encsalts[] = {
NULL
};
static int new_ipapwd_encsalt(krb5_context krbctx,
const char * const *encsalts,
krb5_key_salt_tuple **es_types,
int *num_es_types)
{
krb5_key_salt_tuple *es;
int nes, i;
int rc;
for (i = 0; encsalts[i]; i++) /* count */ ;
es = calloc(i + 1, sizeof(krb5_key_salt_tuple));
if (!es) {
LOG_OOM();
rc = LDAP_OPERATIONS_ERROR;
goto fail;
}
for (i = 0, nes = 0; encsalts[i]; i++) {
char *enc, *salt;
krb5_int32 tmpsalt;
krb5_enctype tmpenc;
krb5_boolean similar;
krb5_error_code krberr;
int j;
enc = strdup(encsalts[i]);
if (!enc) {
LOG_OOM();
rc = LDAP_OPERATIONS_ERROR;
goto fail;
}
salt = strchr(enc, ':');
if (!salt) {
LOG_FATAL("Invalid krb5 enc string\n");
free(enc);
continue;
}
*salt = '\0'; /* null terminate the enc type */
salt++; /* skip : */
krberr = krb5_string_to_enctype(enc, &tmpenc);
if (krberr) {
LOG_FATAL("Invalid krb5 enctype\n");
free(enc);
continue;
}
krberr = krb5_string_to_salttype(salt, &tmpsalt);
for (j = 0; j < nes; j++) {
krb5_c_enctype_compare(krbctx, es[j].ks_enctype, tmpenc, &similar);
if (similar && (es[j].ks_salttype == tmpsalt)) {
break;
}
}
if (j == nes) {
/* not found */
es[j].ks_enctype = tmpenc;
es[j].ks_salttype = tmpsalt;
nes++;
}
free(enc);
}
*es_types = es;
*num_es_types = nes;
return LDAP_SUCCESS;
fail:
free(es);
return rc;
}
static struct ipapwd_krbcfg *ipapwd_getConfig(void)
{
krb5_error_code krberr;
@ -245,17 +170,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
encsalts = slapi_entry_attr_get_charray(realm_entry,
"krbSupportedEncSaltTypes");
if (encsalts) {
ret = new_ipapwd_encsalt(config->krbctx,
(const char * const *)encsalts,
&config->supp_encsalts,
&config->num_supp_encsalts);
for (i = 0; encsalts[i]; i++) /* count */ ;
ret = parse_bval_key_salt_tuples(config->krbctx,
(const char * const *)encsalts, i,
&config->supp_encsalts,
&config->num_supp_encsalts);
slapi_ch_array_free(encsalts);
} else {
LOG("No configured salt types use defaults\n");
ret = new_ipapwd_encsalt(config->krbctx,
ipapwd_def_encsalts,
&config->supp_encsalts,
&config->num_supp_encsalts);
for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ;
ret = parse_bval_key_salt_tuples(config->krbctx,
ipapwd_def_encsalts, i,
&config->supp_encsalts,
&config->num_supp_encsalts);
}
if (ret) {
LOG_FATAL("Can't get Supported EncSalt Types\n");
@ -267,17 +194,19 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
encsalts = slapi_entry_attr_get_charray(realm_entry,
"krbDefaultEncSaltTypes");
if (encsalts) {
ret = new_ipapwd_encsalt(config->krbctx,
(const char * const *)encsalts,
&config->pref_encsalts,
&config->num_pref_encsalts);
for (i = 0; encsalts[i]; i++) /* count */ ;
ret = parse_bval_key_salt_tuples(config->krbctx,
(const char * const *)encsalts, i,
&config->pref_encsalts,
&config->num_pref_encsalts);
slapi_ch_array_free(encsalts);
} else {
LOG("No configured salt types use defaults\n");
ret = new_ipapwd_encsalt(config->krbctx,
ipapwd_def_encsalts,
&config->pref_encsalts,
&config->num_pref_encsalts);
for (i = 0; ipapwd_def_encsalts[i]; i++) /* count */ ;
ret = parse_bval_key_salt_tuples(config->krbctx,
ipapwd_def_encsalts, i,
&config->pref_encsalts,
&config->num_pref_encsalts);
}
if (ret) {
LOG_FATAL("Can't get Preferred EncSalt Types\n");

73
util/ipa_krb5.c
View File

@ -379,3 +379,76 @@ done:
return ret;
}
krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext,
const char * const *vals,
int n_vals,
krb5_key_salt_tuple **kst,
int *n_kst)
{
krb5_error_code kerr;
krb5_key_salt_tuple *ks;
int n_ks;
int i;
ks = calloc(n_vals + 1, sizeof(krb5_key_salt_tuple));
if (!ks) {
return ENOMEM;
}
for (i = 0, n_ks = 0; i < n_vals; i++) {
char *enc, *salt;
krb5_int32 tmpsalt;
krb5_enctype tmpenc;
krb5_boolean similar;
krb5_error_code krberr;
int j;
enc = strdup(vals[i]);
if (!enc) {
kerr = ENOMEM;
goto fail;
}
salt = strchr(enc, ':');
if (!salt) {
free(enc);
continue;
}
*salt = '\0'; /* null terminate the enc type */
salt++; /* skip : */
krberr = krb5_string_to_enctype(enc, &tmpenc);
if (krberr) {
free(enc);
continue;
}
krberr = krb5_string_to_salttype(salt, &tmpsalt);
for (j = 0; j < n_ks; j++) {
krb5_c_enctype_compare(kcontext,
ks[j].ks_enctype, tmpenc, &similar);
if (similar && (ks[j].ks_salttype == tmpsalt)) {
break;
}
}
if (j == n_ks) {
/* not found */
ks[j].ks_enctype = tmpenc;
ks[j].ks_salttype = tmpsalt;
n_ks++;
}
free(enc);
}
*kst = ks;
*n_kst = n_ks;
return 0;
fail:
free(ks);
return kerr;
}

6
util/ipa_krb5.h
View File

@ -26,4 +26,10 @@ int ber_encode_krb5_key_data(krb5_key_data *data,
int numk, int mkvno,
struct berval **encoded);
krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext,
const char * const *vals,
int n_vals,
krb5_key_salt_tuple **kst,
int *n_kst);
#endif /* __IPA_KRB5_H_ */