svn commit: samba r12681 - in branches/SAMBA_4_0/source/kdc: .

abartlet at samba.org abartlet at samba.org
Mon Jan 2 21:56:29 GMT 2006 

Author: abartlet
Date: 2006-01-02 21:56:29 +0000 (Mon, 02 Jan 2006)
New Revision: 12681

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12681

Log:
Allow an entry to have no kerberos keys.  This occours when an entry
is new, and has no password.  It may also occour in the future if we
allow PKINIT.  In any case, it shouldn't segfault :-)

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-01-02 21:41:15 UTC (rev 12680)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-01-02 21:56:29 UTC (rev 12681)
@@ -384,25 +384,33 @@
 
 	ldb_keys = ldb_msg_find_element(msg, "krb5Key");
 
-	/* allocate space to decode into */
-	entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
-	if (entry_ex->entry.keys.val == NULL) {
-		ret = ENOMEM;
-		goto out;
-	}
-	entry_ex->entry.keys.len = ldb_keys->num_values;
-
-	/* Decode Kerberos keys into the hdb structure */
-	for (i=0; i < entry_ex->entry.keys.len; i++) {
-		size_t decode_len;
-		ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, 
-				 &entry_ex->entry.keys.val[i], &decode_len);
-		if (ret) {
-			/* Could be bougus data in the entry, or out of memory */
+	if (!ldb_keys) {
+		/* oh, no password.  Apparently (comment in
+		 * hdb-ldap.c) this violates the ASN.1, but this
+		 * allows an entry with no keys (yet). */
+		entry_ex->entry.keys.val = NULL;
+		entry_ex->entry.keys.len = 0;
+	} else {
+		/* allocate space to decode into */
+		entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
+		if (entry_ex->entry.keys.val == NULL) {
+			ret = ENOMEM;
 			goto out;
 		}
-	}
+		entry_ex->entry.keys.len = ldb_keys->num_values;
 
+		/* Decode Kerberos keys into the hdb structure */
+		for (i=0; i < entry_ex->entry.keys.len; i++) {
+			size_t decode_len;
+			ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, 
+					 &entry_ex->entry.keys.val[i], &decode_len);
+			if (ret) {
+				/* Could be bougus data in the entry, or out of memory */
+				goto out;
+			}
+		}
+	} 
+
 	entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes)));
 	if (entry_ex->entry.etypes == NULL) {
 		krb5_clear_error_string(context);

More information about the samba-cvs mailing list