svn commit: lorikeet r198 - in trunk/heimdal/lib/hdb: .
abartlet at samba.org
abartlet at samba.org
Fri Jan 21 08:25:06 GMT 2005
Author: abartlet
Date: 2005-01-21 08:25:06 +0000 (Fri, 21 Jan 2005)
New Revision: 198
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=198
Log:
Try to make the behaviour of hdb-ldb a bit easier to follow.
Andrew Bartlett
Modified:
trunk/heimdal/lib/hdb/hdb-ldb.c
Changeset:
Modified: trunk/heimdal/lib/hdb/hdb-ldb.c
===================================================================
--- trunk/heimdal/lib/hdb/hdb-ldb.c 2005-01-21 08:24:13 UTC (rev 197)
+++ trunk/heimdal/lib/hdb/hdb-ldb.c 2005-01-21 08:25:06 UTC (rev 198)
@@ -199,7 +199,8 @@
*/
static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, const char *realm,
struct ldb_message **pmsg,
- hdb_entry *ent, KerberosTime max_pwd_age)
+ hdb_entry *ent, krb5_boolean is_tgs,
+ KerberosTime max_pwd_age)
{
struct ldb_message *msg;
const char *unparsed_name = NULL;
@@ -215,30 +216,34 @@
msg = pmsg[0];
userAccountControl = ldb_msg_find_int(msg, "userAccountControl", 0);
-
- unparsed_name = ldb_msg_find_string(msg, "servicePrincipalName", NULL);
- if (unparsed_name == NULL) {
- krb5_warnx(context, "LDB_message2entry: no servicePrincipalName\n");
- unparsed_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
+
+ unparsed_name = ldb_msg_find_string(msg, "samAccountName", NULL);
+ if (is_tgs) {
+ asprintf(&unparsed_name_with_realm, "%s/%s@%s", KRB5_TGS_NAME, realm, realm);
+ } else {
+
+ unparsed_name = ldb_msg_find_string(msg, "servicePrincipalName", NULL);
if (unparsed_name == NULL) {
- krb5_warnx(context, "LDB_message2entry: no userPrincipalName\n");
- unparsed_name = ldb_msg_find_string(msg, "samAccountName", NULL);
+ krb5_warnx(context, "LDB_message2entry: no servicePrincipalName\n");
+ unparsed_name = ldb_msg_find_string(msg, "userPrincipalName", NULL);
if (unparsed_name == NULL) {
krb5_warnx(context, "LDB_message2entry: no userPrincipalName\n");
- return HDB_ERR_NOENTRY;
+ unparsed_name = ldb_msg_find_string(msg, "samAccountName", NULL);
+ if (unparsed_name == NULL) {
+ krb5_warnx(context, "LDB_message2entry: no userPrincipalName\n");
+ return HDB_ERR_NOENTRY;
+ }
}
}
+ asprintf(&unparsed_name_with_realm, "%s@%s", unparsed_name, realm);
+
}
krb5_warnx(context, "LDB_message2entry: principal: '%s'\n", unparsed_name);
krb5_free_principal(context, ent->principal);
+ ent->principal = NULL;
- if (!strchr(unparsed_name, '@')) {
- asprintf(&unparsed_name_with_realm, "%s@%s", unparsed_name, realm);
- } else {
- unparsed_name_with_realm = strdup(unparsed_name);
- }
if (!unparsed_name_with_realm) {
krb5_set_error_string(context, "asprintf or strdup: out of memory");
ret = ENOMEM;
@@ -255,6 +260,12 @@
ent->flags = uf2HDBFlags(context, userAccountControl);
+ if (is_tgs) {
+ ent->flags.initial = 1;
+ ent->flags.invalid = 0;
+ ent->flags.server = 1;
+ }
+
/* use 'whenCreated' */
ent->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
/* use '???' */
@@ -432,11 +443,11 @@
rc = asprintf(&filter,
"(&(objectClass=user)"
- "(|(userPrincipalName=%s)(userPrincipalName=%s@%s)"
- "(servicePrincipalName=%s)(servicePrincipalName=%s%s)"
+ "(|(|(userPrincipalName=%s)"
+ "(servicePrincipalName=%s))"
"(samAccountName=%s)))",
- account, account, realm,
- account, account, realm,
+ account,
+ account,
account);
if (rc < 0) {
@@ -554,81 +565,42 @@
}
static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
- hdb_entry *entry)
+ hdb_entry *entry)
{
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct ldb_message **msg = NULL;
krb5_error_code ret;
char *princ = NULL;
+ char *p;
const char *realm;
- char *krbtgt_princ;
- krb5_principal p_copy;
- int rc;
KerberosTime max_pwd_age = 0;
-
krb5_boolean is_tgs = FALSE;
-
+
krb5_warnx(context, "LDB_fetch: \n");
- ret = krb5_copy_principal(context, entry->principal, &p_copy);
- if (ret != 0) {
- krb5_warnx(context, "LDB_principal2message: krb5_copy_prinicpal failed\n");
- return ret;
- }
-
- realm = krb5_principal_get_realm(context, p_copy);
-
- ret = krb5_unparse_name_short(context, p_copy, &princ);
- if (ret != 0) {
- krb5_warnx(context, "LDB_principal2message: unparse_name failed\n");
- krb5_free_principal(context, p_copy);
- return ret;
- }
-
- rc = asprintf(&krbtgt_princ, "%s/%s@%s", KRB5_TGS_NAME, realm, realm);
-
- if (rc < 0) {
- krb5_set_error_string(context, "asprintf: out of memory");
- krb5_free_principal(context, p_copy);
- return ENOMEM;
- }
-
- if (strcasecmp(krbtgt_princ, princ) == 0) {
- free(princ);
- princ = strdup(KRB5_TGS_NAME);
- if (!princ) {
- krb5_set_error_string(context, "strdup: out of memory");
- krb5_free_principal(context, p_copy);
- return ENOMEM;
- }
+ if (entry->principal->name.name_string.len == 2
+ && strcmp(entry->principal->name.name_string.val[0], KRB5_TGS_NAME) == 0) {
+ princ = KRB5_TGS_NAME;
is_tgs = TRUE;
- }
+ } else {
- free(krbtgt_princ);
- krbtgt_princ = NULL;
-
- rc = asprintf(&krbtgt_princ, "%s/%s", KRB5_TGS_NAME, realm);
-
- if (rc < 0) {
- krb5_set_error_string(context, "asprintf: out of memory");
- krb5_free_principal(context, p_copy);
- return ENOMEM;
- }
-
- if (strcasecmp(krbtgt_princ, princ) == 0) {
- free(princ);
- princ = strdup(KRB5_TGS_NAME);
- if (!princ) {
- krb5_set_error_string(context, "strdup: out of memory");
- krb5_free_principal(context, p_copy);
- return ENOMEM;
+ ret = krb5_unparse_name(context, entry->principal, &princ);
+
+ if (ret != 0) {
+ krb5_set_error_string(context, "LDB_fetch: could not parse principal");
+ krb5_warnx(context, "LDB_fetch: could not parse principal");
+ return ret;
}
- is_tgs = TRUE;
- }
- free(krbtgt_princ);
+ p = strchr(princ, '@');
+ if (p) {
+ p[0] = '\0';
+ }
+ }
+ realm = krb5_principal_get_realm(context, entry->principal);
+
krb5_warnx(context, "LDB_principal2message: principal: '%s' realm: %s\n", princ, realm);
ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db,
@@ -636,31 +608,18 @@
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: no principal found\n");
} else {
- ret = LDB_message2entry(context, db, realm, msg, entry, max_pwd_age);
+ ret = LDB_message2entry(context, db, realm, msg, entry, is_tgs, max_pwd_age);
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: message2entry failed\n");
} else {
- if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
- ret = hdb_unseal_keys(context, db, entry);
+ if (db->hdb_master_key_set && (!(flags & HDB_F_DECRYPT))) {
+ ret = hdb_seal_keys(context, db, entry);
}
- if (is_tgs) {
- entry->flags.initial = 1;
- entry->flags.invalid = 0;
- entry->flags.server = 1;
- }
}
}
free(princ);
- if (ret == 0) {
- /* no matter what the principal in the record, return what was asked for */
- krb5_free_principal(context, entry->principal);
- entry->principal = p_copy;
- } else {
- krb5_free_principal(context, p_copy);
- }
-
if (msg) {
ldb_search_free(ldb_ctx, msg);
}
@@ -710,7 +669,7 @@
}
if (priv->index < priv->count) {
- ret = LDB_message2entry(context, db, priv->realm, &priv->res[priv->index++], entry, priv->max_pwd_age);
+ ret = LDB_message2entry(context, db, priv->realm, &priv->res[priv->index++], entry, FALSE, priv->max_pwd_age);
} else {
ret = HDB_ERR_NOENTRY;
}
More information about the samba-cvs
mailing list