slen-=1;
k-=1;
break;
- } else if ((lendiff < 0) && (strcasecmp((listin[j])+lendiff, listin[k])==0)) {
+ } else if ((lendiff < 0) && (strcasecmp((listin[j])+abs(lendiff), listin[k])==0)) {
if (j != slen) {
free(listin[j]);
listin[j] = listin[slen];
&(entry->last_success), &attr_present)) != 0)
goto cleanup;
if (attr_present == TRUE)
- mask |= KDB_LAST_SUCCESS;
+ mask |= KDB_LAST_SUCCESS_ATTR;
/* KRBLASTFAILEDAUTH */
if ((st=krb5_ldap_get_time(ld, ent, "krbLastFailedAuth",
&(entry->last_failed), &attr_present)) != 0)
goto cleanup;
if (attr_present == TRUE)
- mask |= KDB_LAST_FAILED;
+ mask |= KDB_LAST_FAILED_ATTR;
/* KRBLOGINFAILEDCOUNT */
if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount",
&(entry->fail_auth_count)) == 0)
- mask |= KDB_FAIL_AUTH_COUNT;
+ mask |= KDB_FAIL_AUTH_COUNT_ATTR;
/* KRBMAXTICKETLIFE */
if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
&attr_present)) != 0)
goto cleanup;
if (attr_present == TRUE) {
+ mask |= KDB_POL_REF_ATTR;
/* Ensure that the policy is inside the realm container */
if ((st = krb5_ldap_policydn_to_name (context, policydn, &tktpolname)) != 0)
goto cleanup;
/* KRBSECRETKEY */
if ((bvalues=ldap_get_values_len(ld, ent, "krbprincipalkey")) != NULL) {
- mask |= KDB_SECRET_KEY;
+ mask |= KDB_SECRET_KEY_ATTR;
if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data)) != 0)
goto cleanup;
}
ldap_value_free_len (ber_tl_data);
if (st != 0)
goto cleanup;
- mask |= KDB_EXTRA_DATA;
+ mask |= KDB_EXTRA_DATA_ATTR;
}
}
#define KDB_SERVICE_PRINCIPAL 0x02
#define KDB_STANDALONE_PRINCIPAL_OBJECT 0x01
-/* krb5_db_entry */
-#define KDB_PRINCIPAL 0x000001
-#define KDB_PRINC_EXPIRE_TIME 0x000002
-#define KDB_PW_EXPIRATION 0x000004
-#define KDB_LAST_PWD_CHANGE 0x000008
-#define KDB_ATTRIBUTES 0x000010
-#define KDB_MAX_LIFE 0x000020
-#define KDB_MOD_TIME 0x000040
-#define KDB_MOD_NAME 0x000080
-#define KDB_KVNO 0x000100
-#define KDB_MKVNO 0x000200
-#define KDB_AUX_ATTRIBUTES 0x000400
-#define KDB_POLICY 0x000800
-#define KDB_POLICY_CLR 0x001000
-#define KDB_MAX_RLIFE 0x002000
-#define KDB_LAST_SUCCESS 0x004000
-#define KDB_LAST_FAILED 0x008000
-#define KDB_FAIL_AUTH_COUNT 0x010000
-#define KDB_KEY_DATA 0x020000
-#define KDB_TL_DATA 0x040000
-#define KDB_CPW_FUNCTION 0x080000
-#define KDB_RANDKEY_USED 0x100000
-
/* these will be consumed only by krb5_ldap_delete_principal*/
/* these will be set by krb5_ldap_get_principal and fed into the tl_data */
#define KDB_UP_FLAG_ATTR 0x000020
#define KDB_PWD_POL_REF_ATTR 0x000040
#define KDB_PWD_EXPIRE_TIME_ATTR 0x000080
-#define KDB_SECRET_KEY 0x000100
+#define KDB_SECRET_KEY_ATTR 0x000100
#define KDB_LAST_PWD_CHANGE_ATTR 0x000200
-#define KDB_EXTRA_DATA 0x000400
+#define KDB_EXTRA_DATA_ATTR 0x000400
+#define KDB_LAST_SUCCESS_ATTR 0x000800
+#define KDB_LAST_FAILED_ATTR 0x001000
+#define KDB_FAIL_AUTH_COUNT_ATTR 0x002000
extern struct timeval timeout;
extern char *policyclass[];
dptr = &xargs->tktpolicydn;
} else {
if (strcmp(arg, USERDN_ARG) == 0) {
- if (optype == MODIFY_PRINCIPAL) {
+ if (optype == MODIFY_PRINCIPAL ||
+ xargs->dn != NULL || xargs->containerdn != NULL ||
+ xargs->linkdn != NULL) {
st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
+ snprintf(errbuf, sizeof(errbuf),
+ "%s option not supported", arg);
krb5_set_error_message(context, st, "%s", errbuf);
goto cleanup;
}
dptr = &xargs->dn;
} else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
- if (optype == MODIFY_PRINCIPAL) {
+ if (optype == MODIFY_PRINCIPAL ||
+ xargs->dn != NULL || xargs->containerdn != NULL) {
st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
+ snprintf(errbuf, sizeof(errbuf),
+ "%s option not supported", arg);
krb5_set_error_message(context, st, "%s", errbuf);
goto cleanup;
}
dptr = &xargs->containerdn;
} else if (strcmp(arg, LINKDN_ARG) == 0) {
+ if (xargs->dn != NULL || xargs->linkdn != NULL) {
+ st = EINVAL;
+ snprintf(errbuf, sizeof(errbuf),
+ "%s option not supported", arg);
+ krb5_set_error_message(context, st, "%s", errbuf);
+ goto cleanup;
+ }
dptr = &xargs->linkdn;
} else {
st = EINVAL;
krb5_set_error_message(context, st, "%s", errbuf);
goto cleanup;
}
-
+
xargs->dn_from_kbd = TRUE;
- if (xargs->dn != NULL || xargs->containerdn != NULL || xargs->linkdn != NULL) {
- st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
- krb5_set_error_message(context, st, "%s", errbuf);
- goto cleanup;
- }
if (arg_val == NULL || strlen(arg_val) == 0) {
st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), "%s option value missing", arg);
+ snprintf(errbuf, sizeof(errbuf),
+ "%s option value missing", arg);
krb5_set_error_message(context, st, "%s", errbuf);
goto cleanup;
}
if (arg_val == NULL) {
st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), "%s option value missing", arg);
+ snprintf(errbuf, sizeof(errbuf),
+ "%s option value missing", arg);
krb5_set_error_message(context, st, "%s", errbuf);
goto cleanup;
}
arg_val_len = strlen(arg_val) + 1;
if (strcmp(arg, TKTPOLICY_ARG) == 0) {
- if ((st = krb5_ldap_name_to_policydn (context, arg_val, dptr)) != 0)
+ if ((st = krb5_ldap_name_to_policydn (context,
+ arg_val,
+ dptr)) != 0)
goto cleanup;
} else {
*dptr = calloc (1, arg_val_len);
int currkvno;
int num_versions = 1;
int i, j, last;
+ krb5_error_code err = 0;
if (n_key_data <= 0)
return NULL;
if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
num_versions++;
- ret = (struct berval **) malloc ((num_versions + 1) * sizeof (struct berval *));
+ ret = (struct berval **) calloc (num_versions + 1, sizeof (struct berval *));
+ if (ret == NULL) {
+ err = ENOMEM;
+ goto cleanup;
+ }
for (i = 0, last = 0, j = 0, currkvno = key_data[0].key_data_kvno; i < n_key_data; i++) {
krb5_data *code;
if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
0, /* For now, mkvno == 0*/
&code);
ret[j] = malloc (sizeof (struct berval));
+ if (ret[j] == NULL) {
+ err = ENOMEM;
+ goto cleanup;
+ }
/*CHECK_NULL(ret[j]); */
ret[j]->bv_len = code->length;
ret[j]->bv_val = code->data;
}
ret[num_versions] = NULL;
+cleanup:
+
+ if (err != 0) {
+ if (ret != NULL) {
+ for (i = 0; i <= num_versions; i++)
+ if (ret[i] != NULL)
+ free (ret[i]);
+ free (ret);
+ ret = NULL;
+ }
+ }
+
return ret;
}
* hack if the entries->mask has KRB_PRINCIPAL flag set
* then it is a add operation
*/
- if (entries->mask & KDB_PRINCIPAL)
+ if (entries->mask & KADM5_PRINCIPAL)
optype = ADD_PRINCIPAL;
else
optype = MODIFY_PRINCIPAL;
{
char **linkdns=NULL;
int j=0;
-
+
if ((st=krb5_get_linkdn(context, entries, &linkdns)) != 0) {
snprintf(errbuf, sizeof(errbuf),
"Failed getting object references");
goto cleanup;
}
- if (entries->mask & KDB_MAX_LIFE) {
+ if (entries->mask & KADM5_MAX_LIFE) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
goto cleanup;
}
- if (entries->mask & KDB_MAX_RLIFE) {
+ if (entries->mask & KADM5_MAX_RLIFE) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
entries->max_renewable_life)) != 0)
goto cleanup;
}
- if (entries->mask & KDB_ATTRIBUTES) {
+ if (entries->mask & KADM5_ATTRIBUTES) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
entries->attributes)) != 0)
goto cleanup;
}
- if (entries->mask & KDB_PRINCIPAL) {
+ if (entries->mask & KADM5_PRINCIPAL) {
memset(strval, 0, sizeof(strval));
strval[0] = user;
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
goto cleanup;
}
- if (entries->mask & KDB_PRINC_EXPIRE_TIME) {
+ if (entries->mask & KADM5_PRINC_EXPIRE_TIME) {
memset(strval, 0, sizeof(strval));
if ((strval[0]=getstringtime(entries->expiration)) == NULL)
goto cleanup;
free (strval[0]);
}
- if (entries->mask & KDB_PW_EXPIRATION) {
+ if (entries->mask & KADM5_PW_EXPIRATION) {
memset(strval, 0, sizeof(strval));
if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
goto cleanup;
free (strval[0]);
}
- if (entries->mask & KDB_POLICY) {
+ if (entries->mask & KADM5_POLICY) {
memset(&princ_ent, 0, sizeof(princ_ent));
for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
}
}
- if (princ_ent.aux_attributes & KDB_POLICY) {
+ if (princ_ent.aux_attributes & KADM5_POLICY) {
memset(strval, 0, sizeof(strval));
if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
goto cleanup;
goto cleanup;
}
- if (entries->mask & KDB_POLICY_CLR) {
+ if (entries->mask & KADM5_POLICY_CLR) {
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
goto cleanup;
}
- if (entries->mask & KDB_KEY_DATA || entries->mask & KDB_KVNO) {
+ if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
entries->n_key_data);
LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
goto cleanup;
- if (!(entries->mask & KDB_PRINCIPAL)) {
+ if (!(entries->mask & KADM5_PRINCIPAL)) {
memset(strval, 0, sizeof(strval));
if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
goto cleanup;
int j;
ber_tl_data = (struct berval **) calloc (count + 1,
sizeof (struct berval*));
+ if (ber_tl_data == NULL) {
+ st = ENOMEM;
+ goto cleanup;
+ }
for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
/* Ignore tl_data that are stored in separate directory
* attributes */
{
char *user=NULL;
int i=0, j=0, noofkeys=0;
- krb5_key_data *key_data=NULL;
+ krb5_key_data *key_data=NULL, *tmp;
krb5_error_code st=0;
if ((st=krb5_unparse_name(context, entries->princ, &user)) != 0)
goto cleanup;
}
noofkeys += n_kd;
+ tmp = key_data;
key_data = realloc (key_data, noofkeys * sizeof (krb5_key_data));
+ if (key_data == NULL) {
+ key_data = tmp;
+ st = ENOMEM;
+ goto cleanup;
+ }
for (j = 0; j < n_kd; j++)
key_data[noofkeys - n_kd + j] = kd[j];
free (kd);