Author: metze Date: 2007-02-14 11:47:17 +0000 (Wed, 14 Feb 2007) New Revision: 21330
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21330 Log: move fetching of krb5 keys into its own function metze Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c =================================================================== --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2007-02-14 11:28:20 UTC (rev 21329) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2007-02-14 11:47:17 UTC (rev 21330) @@ -196,6 +196,66 @@ talloc_free(entry_ex->ctx); } +static krb5_error_code LDB_message2entry_keys(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + unsigned int userAccountControl, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret = 0; + struct ldb_message_element *ldb_keys; + int i; + + /* Get krb5Key from the db */ + + ldb_keys = ldb_msg_find_element(msg, "krb5Key"); + + if (!ldb_keys) { + /* oh, no password. Apparently (comment in + * hdb-ldap.c) this violates the ASN.1, but this + * allows an entry with no keys (yet). */ + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; + } else { + /* allocate space to decode into */ + entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; + goto out; + } + + entry_ex->entry.keys.len = 0; + + /* Decode Kerberos keys into the hdb structure */ + for (i=0; i < ldb_keys->num_values; i++) { + size_t decode_len; + Key key; + ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, + &key, &decode_len); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (key.key.keytype) { + case KEYTYPE_DES: + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + default: + /* We must use DES keys only */ + break; + } + } else { + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + } + } + +out: + return ret; +} + /* * Construct an hdb_entry from a directory entry. */ @@ -220,7 +280,6 @@ struct hdb_ldb_private *private; NTTIME acct_expiry; - struct ldb_message_element *ldb_keys; struct ldb_message_element *objectclasses; struct ldb_val computer_val; @@ -365,53 +424,13 @@ entry_ex->entry.generation = NULL; - /* Get krb5Key from the db */ + /* Get keys from the db */ + ret = LDB_message2entry_keys(mem_ctx, msg, userAccountControl, entry_ex); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } - ldb_keys = ldb_msg_find_element(msg, "krb5Key"); - - if (!ldb_keys) { - /* oh, no password. Apparently (comment in - * hdb-ldap.c) this violates the ASN.1, but this - * allows an entry with no keys (yet). */ - entry_ex->entry.keys.val = NULL; - entry_ex->entry.keys.len = 0; - } else { - /* allocate space to decode into */ - entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - - entry_ex->entry.keys.len = 0; - - /* Decode Kerberos keys into the hdb structure */ - for (i=0; i < ldb_keys->num_values; i++) { - size_t decode_len; - Key key; - ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, - &key, &decode_len); - if (ret) { - /* Could be bougus data in the entry, or out of memory */ - goto out; - } - - if (userAccountControl & UF_USE_DES_KEY_ONLY) { - switch (key.key.keytype) { - case KEYTYPE_DES: - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - default: - /* We must use DES keys only */ - break; - } - } else { - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - } - } - entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); if (entry_ex->entry.etypes == NULL) { krb5_clear_error_string(context);
