svn commit: samba r21330 - in branches/SAMBA_4_0/source/kdc: .

metze at samba.org metze at samba.org
Wed Feb 14 11:47:18 GMT 2007


Author: metze
Date: 2007-02-14 11:47:17 +0000 (Wed, 14 Feb 2007)
New Revision: 21330

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21330

Log:
move fetching of krb5 keys into its own function

metze
Modified:
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2007-02-14 11:28:20 UTC (rev 21329)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2007-02-14 11:47:17 UTC (rev 21330)
@@ -196,6 +196,66 @@
 	talloc_free(entry_ex->ctx);
 }
 
+static krb5_error_code LDB_message2entry_keys(TALLOC_CTX *mem_ctx,
+					      struct ldb_message *msg,
+					      unsigned int userAccountControl,
+					      hdb_entry_ex *entry_ex)
+{
+	krb5_error_code ret = 0;
+	struct ldb_message_element *ldb_keys;
+	int i;
+
+	/* Get krb5Key from the db */
+
+	ldb_keys = ldb_msg_find_element(msg, "krb5Key");
+
+	if (!ldb_keys) {
+		/* oh, no password.  Apparently (comment in
+		 * hdb-ldap.c) this violates the ASN.1, but this
+		 * allows an entry with no keys (yet). */
+		entry_ex->entry.keys.val = NULL;
+		entry_ex->entry.keys.len = 0;
+	} else {
+		/* allocate space to decode into */
+		entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
+		if (entry_ex->entry.keys.val == NULL) {
+			ret = ENOMEM;
+			goto out;
+		}
+
+		entry_ex->entry.keys.len = 0;
+
+		/* Decode Kerberos keys into the hdb structure */
+		for (i=0; i < ldb_keys->num_values; i++) {
+			size_t decode_len;
+			Key key;
+			ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, 
+					 &key, &decode_len);
+			if (ret) {
+				/* Could be bougus data in the entry, or out of memory */
+				goto out;
+			}
+
+			if (userAccountControl & UF_USE_DES_KEY_ONLY) {
+				switch (key.key.keytype) {
+				case KEYTYPE_DES:
+					entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+					entry_ex->entry.keys.len++;
+				default:
+					/* We must use DES keys only */
+					break;
+				}
+			} else {
+				entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+				entry_ex->entry.keys.len++;
+			}
+		}
+	} 
+
+out:
+	return ret;
+}
+
 /*
  * Construct an hdb_entry from a directory entry.
  */
@@ -220,7 +280,6 @@
 
 	struct hdb_ldb_private *private;
 	NTTIME acct_expiry;
-	struct ldb_message_element *ldb_keys;
 
 	struct ldb_message_element *objectclasses;
 	struct ldb_val computer_val;
@@ -365,53 +424,13 @@
 
 	entry_ex->entry.generation = NULL;
 
-	/* Get krb5Key from the db */
+	/* Get keys from the db */
+	ret = LDB_message2entry_keys(mem_ctx, msg, userAccountControl, entry_ex);
+	if (ret) {
+		/* Could be bougus data in the entry, or out of memory */
+		goto out;
+	}
 
-	ldb_keys = ldb_msg_find_element(msg, "krb5Key");
-
-	if (!ldb_keys) {
-		/* oh, no password.  Apparently (comment in
-		 * hdb-ldap.c) this violates the ASN.1, but this
-		 * allows an entry with no keys (yet). */
-		entry_ex->entry.keys.val = NULL;
-		entry_ex->entry.keys.len = 0;
-	} else {
-		/* allocate space to decode into */
-		entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key));
-		if (entry_ex->entry.keys.val == NULL) {
-			ret = ENOMEM;
-			goto out;
-		}
-
-		entry_ex->entry.keys.len = 0;
-
-		/* Decode Kerberos keys into the hdb structure */
-		for (i=0; i < ldb_keys->num_values; i++) {
-			size_t decode_len;
-			Key key;
-			ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, 
-					 &key, &decode_len);
-			if (ret) {
-				/* Could be bougus data in the entry, or out of memory */
-				goto out;
-			}
-
-			if (userAccountControl & UF_USE_DES_KEY_ONLY) {
-				switch (key.key.keytype) {
-				case KEYTYPE_DES:
-					entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
-					entry_ex->entry.keys.len++;
-				default:
-					/* We must use DES keys only */
-					break;
-				}
-			} else {
-				entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
-				entry_ex->entry.keys.len++;
-			}
-		}
-	} 
-
 	entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes)));
 	if (entry_ex->entry.etypes == NULL) {
 		krb5_clear_error_string(context);



More information about the samba-cvs mailing list