mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipa-pwd-extop: Use common krb5 structs from kdb.h
This removes custom structures and allows easier sharing of code with ipa-kdb
This commit is contained in:
Simo Sorce
@@ -93,7 +93,7 @@ static int filter_keys(struct ipapwd_krbcfg *krbcfg, struct ipapwd_keyset *kset)
|
|||||||
for (i = 0; i < kset->num_keys; i++) {
|
for (i = 0; i < kset->num_keys; i++) {
|
||||||
for (j = 0; j < krbcfg->num_supp_encsalts; j++) {
|
for (j = 0; j < krbcfg->num_supp_encsalts; j++) {
|
||||||
if (kset->keys[i].ekey->type ==
|
if (kset->keys[i].ekey->type ==
|
||||||
krbcfg->supp_encsalts[j].enc_type) {
|
krbcfg->supp_encsalts[j].ks_enctype) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -97,20 +97,15 @@ struct ipapwd_operation {
|
|||||||
|
|
||||||
|
|
||||||
/* from ipapwd_common.c */
|
/* from ipapwd_common.c */
|
||||||
struct ipapwd_encsalt {
|
|
||||||
krb5_int32 enc_type;
|
|
||||||
krb5_int32 salt_type;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct ipapwd_krbcfg {
|
struct ipapwd_krbcfg {
|
||||||
krb5_context krbctx;
|
krb5_context krbctx;
|
||||||
char *realm;
|
char *realm;
|
||||||
int mkvno;
|
int mkvno;
|
||||||
krb5_keyblock *kmkey;
|
krb5_keyblock *kmkey;
|
||||||
int num_supp_encsalts;
|
int num_supp_encsalts;
|
||||||
struct ipapwd_encsalt *supp_encsalts;
|
krb5_key_salt_tuple *supp_encsalts;
|
||||||
int num_pref_encsalts;
|
int num_pref_encsalts;
|
||||||
struct ipapwd_encsalt *pref_encsalts;
|
krb5_key_salt_tuple *pref_encsalts;
|
||||||
char **passsync_mgrs;
|
char **passsync_mgrs;
|
||||||
int num_passsync_mgrs;
|
int num_passsync_mgrs;
|
||||||
bool allow_lm_hash;
|
bool allow_lm_hash;
|
||||||
|
|||||||
@@ -69,15 +69,15 @@ static const char *ipapwd_def_encsalts[] = {
|
|||||||
|
|
||||||
static int new_ipapwd_encsalt(krb5_context krbctx,
|
static int new_ipapwd_encsalt(krb5_context krbctx,
|
||||||
const char * const *encsalts,
|
const char * const *encsalts,
|
||||||
struct ipapwd_encsalt **es_types,
|
krb5_key_salt_tuple **es_types,
|
||||||
int *num_es_types)
|
int *num_es_types)
|
||||||
{
|
{
|
||||||
struct ipapwd_encsalt *es;
|
krb5_key_salt_tuple *es;
|
||||||
int nes, i;
|
int nes, i;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
for (i = 0; encsalts[i]; i++) /* count */ ;
|
for (i = 0; encsalts[i]; i++) /* count */ ;
|
||||||
es = calloc(i + 1, sizeof(struct ipapwd_encsalt));
|
es = calloc(i + 1, sizeof(krb5_key_salt_tuple));
|
||||||
if (!es) {
|
if (!es) {
|
||||||
LOG_OOM();
|
LOG_OOM();
|
||||||
rc = LDAP_OPERATIONS_ERROR;
|
rc = LDAP_OPERATIONS_ERROR;
|
||||||
@@ -116,16 +116,16 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
|
|||||||
|
|
||||||
krberr = krb5_string_to_salttype(salt, &tmpsalt);
|
krberr = krb5_string_to_salttype(salt, &tmpsalt);
|
||||||
for (j = 0; j < nes; j++) {
|
for (j = 0; j < nes; j++) {
|
||||||
krb5_c_enctype_compare(krbctx, es[j].enc_type, tmpenc, &similar);
|
krb5_c_enctype_compare(krbctx, es[j].ks_enctype, tmpenc, &similar);
|
||||||
if (similar && (es[j].salt_type == tmpsalt)) {
|
if (similar && (es[j].ks_salttype == tmpsalt)) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (j == nes) {
|
if (j == nes) {
|
||||||
/* not found */
|
/* not found */
|
||||||
es[j].enc_type = tmpenc;
|
es[j].ks_enctype = tmpenc;
|
||||||
es[j].salt_type = tmpsalt;
|
es[j].ks_salttype = tmpsalt;
|
||||||
nes++;
|
nes++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -319,7 +319,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
|
|||||||
|
|
||||||
salt.data = NULL;
|
salt.data = NULL;
|
||||||
|
|
||||||
switch (krbcfg->pref_encsalts[i].salt_type) {
|
switch (krbcfg->pref_encsalts[i].ks_salttype) {
|
||||||
|
|
||||||
case KRB5_KDB_SALTTYPE_ONLYREALM:
|
case KRB5_KDB_SALTTYPE_ONLYREALM:
|
||||||
|
|
||||||
@@ -396,14 +396,14 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
LOG_FATAL("Invalid salt type [%d]\n",
|
LOG_FATAL("Invalid salt type [%d]\n",
|
||||||
krbcfg->pref_encsalts[i].salt_type);
|
krbcfg->pref_encsalts[i].ks_salttype);
|
||||||
goto enc_error;
|
goto enc_error;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* need to build the key now to manage the AFS salt.length
|
/* need to build the key now to manage the AFS salt.length
|
||||||
* special case */
|
* special case */
|
||||||
krberr = krb5_c_string_to_key(krbctx,
|
krberr = krb5_c_string_to_key(krbctx,
|
||||||
krbcfg->pref_encsalts[i].enc_type,
|
krbcfg->pref_encsalts[i].ks_enctype,
|
||||||
&pwd, &salt, &key);
|
&pwd, &salt, &key);
|
||||||
if (krberr) {
|
if (krberr) {
|
||||||
LOG_FATAL("krb5_c_string_to_key failed [%s]\n",
|
LOG_FATAL("krb5_c_string_to_key failed [%s]\n",
|
||||||
@@ -461,7 +461,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
|
|||||||
goto enc_error;
|
goto enc_error;
|
||||||
}
|
}
|
||||||
|
|
||||||
kset->keys[i].salt->type = krbcfg->pref_encsalts[i].salt_type;
|
kset->keys[i].salt->type = krbcfg->pref_encsalts[i].ks_salttype;
|
||||||
|
|
||||||
if (salt.length) {
|
if (salt.length) {
|
||||||
kset->keys[i].salt->value.bv_len = salt.length;
|
kset->keys[i].salt->value.bv_len = salt.length;
|
||||||
|
|||||||
Reference in New Issue
Block a user