Imported Debian patch 4.0.5-6~numeezy
This commit is contained in:
Alexandre Ellert
committed by
Mario Fetka
Mario Fetka
parent
c44de33144
commit
10dfc9587b
148
util/ipa_krb5.c
148
util/ipa_krb5.c
@@ -730,10 +730,6 @@ struct berval *create_key_control(struct keys_container *keys,
|
||||
|
||||
if (ksdata[i].salttype == NO_SALT) {
|
||||
ret = ber_printf(be, "}");
|
||||
if (ret == -1) {
|
||||
ber_free(be, 1);
|
||||
return NULL;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -1075,147 +1071,3 @@ int create_keys(krb5_context krbctx,
|
||||
return nkeys;
|
||||
}
|
||||
|
||||
/* in older versions of libkrb5 the krb5_salttype_to_string() function is
|
||||
* faulty and returns strings that do not match the expected format.
|
||||
* Later version of krb5 were fixed to return the proper string.
|
||||
* Do lazy detection the first time the function is invoked to determine
|
||||
* if we can use the library provided function or if we have to use a
|
||||
* fallback map which includes the salt types known up to krb5 1.12 (the
|
||||
* fault is fixed upstream in 1.13). */
|
||||
static int ipa_salttype_to_string(krb5_int32 salttype,
|
||||
char *buffer, size_t buflen)
|
||||
{
|
||||
static int faulty_function = -1;
|
||||
|
||||
static const struct {
|
||||
krb5_int32 salttype;
|
||||
const char *name;
|
||||
} fallback_map[] = {
|
||||
{ KRB5_KDB_SALTTYPE_NORMAL, "normal" },
|
||||
{ KRB5_KDB_SALTTYPE_V4, "v4" },
|
||||
{ KRB5_KDB_SALTTYPE_NOREALM, "norealm" },
|
||||
{ KRB5_KDB_SALTTYPE_ONLYREALM, "onlyrealm" },
|
||||
{ KRB5_KDB_SALTTYPE_SPECIAL, "special" },
|
||||
{ KRB5_KDB_SALTTYPE_AFS3, "afs3" },
|
||||
{ -1, NULL }
|
||||
};
|
||||
|
||||
if (faulty_function == -1) {
|
||||
/* haven't checked yet, let's find out */
|
||||
char testbuf[100];
|
||||
size_t len = 100;
|
||||
int ret;
|
||||
|
||||
ret = krb5_salttype_to_string(KRB5_KDB_SALTTYPE_NORMAL, testbuf, len);
|
||||
if (ret) return ret;
|
||||
|
||||
if (strcmp(buffer, "normal") == 0) {
|
||||
faulty_function = 0;
|
||||
} else {
|
||||
faulty_function = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (faulty_function == 0) {
|
||||
return krb5_salttype_to_string(salttype, buffer, buflen);
|
||||
} else {
|
||||
size_t len;
|
||||
int i;
|
||||
for (i = 0; fallback_map[i].name != NULL; i++) {
|
||||
if (salttype == fallback_map[i].salttype) break;
|
||||
}
|
||||
if (fallback_map[i].name == NULL) return EINVAL;
|
||||
|
||||
len = strlen(fallback_map[i].name);
|
||||
if (len >= buflen) return ENOMEM;
|
||||
|
||||
memcpy(buffer, fallback_map[i].name, len + 1);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
int ipa_kstuples_to_string(krb5_key_salt_tuple *kst, int n_kst, char **str)
|
||||
{
|
||||
char *buf = NULL;
|
||||
char *tmp;
|
||||
int buf_avail;
|
||||
int buf_size;
|
||||
int buf_cur;
|
||||
int len;
|
||||
int ret = 0;
|
||||
int i;
|
||||
|
||||
buf_size = 512; /* should be enough for the default supported enctypes */
|
||||
buf = malloc(buf_size);
|
||||
if (!buf) {
|
||||
ret = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
|
||||
buf_cur = 0;
|
||||
for (i = 0; i < n_kst; i++) {
|
||||
/* grow if too tight */
|
||||
if (ret == ENOMEM) {
|
||||
buf_size *= 2;
|
||||
/* hard limit at 8k, do not eat all memory by mistake */
|
||||
if (buf_size > 8192) goto done;
|
||||
tmp = realloc(buf, buf_size);
|
||||
if (!tmp) {
|
||||
ret = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
buf = tmp;
|
||||
}
|
||||
|
||||
buf_avail = buf_size - buf_cur;
|
||||
len = 0;
|
||||
|
||||
/* append separator if necessary */
|
||||
if (buf_cur > 0) {
|
||||
buf[buf_cur] = ',';
|
||||
len++;
|
||||
}
|
||||
|
||||
ret = krb5_enctype_to_name(kst[i].ks_enctype, 0,
|
||||
&buf[buf_cur + len], buf_avail - len);
|
||||
if (ret == ENOMEM) {
|
||||
i--;
|
||||
continue;
|
||||
} else if (ret != 0) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
len += strlen(&buf[buf_cur + len]);
|
||||
buf[buf_cur + len] = ':';
|
||||
len++;
|
||||
|
||||
ret = ipa_salttype_to_string(kst[i].ks_salttype,
|
||||
&buf[buf_cur + len], buf_avail - len);
|
||||
if (ret == ENOMEM) {
|
||||
i--;
|
||||
continue;
|
||||
} else if (ret != 0) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
len += strlen(&buf[buf_cur + len]);
|
||||
|
||||
if (buf_avail - len < 2) {
|
||||
ret = ENOMEM;
|
||||
i--;
|
||||
continue;
|
||||
}
|
||||
|
||||
buf_cur += len;
|
||||
}
|
||||
|
||||
buf[buf_cur] = '\0';
|
||||
*str = buf;
|
||||
ret = 0;
|
||||
|
||||
done:
|
||||
if (ret) {
|
||||
free(buf);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
#ifndef __IPA_KRB5_H_
|
||||
#define __IPA_KRB5_H_
|
||||
|
||||
#include <lber.h>
|
||||
#include <krb5/krb5.h>
|
||||
#include <kdb.h>
|
||||
|
||||
@@ -30,8 +29,6 @@ struct keys_container {
|
||||
#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
|
||||
#define KEYTAB_GET_OID "2.16.840.1.113730.3.8.10.5"
|
||||
|
||||
int krb5_klog_syslog(int, const char *, ...);
|
||||
|
||||
void
|
||||
ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
|
||||
|
||||
@@ -81,6 +78,4 @@ int create_keys(krb5_context krbctx,
|
||||
const char *enctypes_string,
|
||||
struct keys_container *keys,
|
||||
char **err_msg);
|
||||
|
||||
int ipa_kstuples_to_string(krb5_key_salt_tuple *kst, int n_kst, char **str);
|
||||
#endif /* __IPA_KRB5_H_ */
|
||||
|
||||
@@ -18,14 +18,11 @@
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* This file includes an "OpenSSL license exception", see the
|
||||
* COPYING.openssl file for details.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <iconv.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/md4.h>
|
||||
#include <dirsrv/slapi-plugin.h>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user