#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "libcli/auth/libcli_auth.h"
+#include "param/param.h"
enum hdb_ldb_ent_type
{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER,
HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_ANY };
-static const char * const krb5_attrs[] = {
- "objectClass",
- "sAMAccountName",
-
- "userPrincipalName",
- "servicePrincipalName",
-
- "userAccountControl",
-
- "pwdLastSet",
- "accountExpires",
-
- "whenCreated",
- "whenChanged",
-
- "msDS-KeyVersionNumber",
-
- "unicodePwd",
- "supplementalCredentials",
-
- NULL
-};
-
static const char *realm_ref_attrs[] = {
"nCName",
"dnsRoot",
struct supplementalCredentialsBlob scb;
struct supplementalCredentialsPackage *scp = NULL;
struct package_PrimaryKerberosBlob _pkb;
- struct package_PrimaryKerberosBlob *pkb = NULL;
+ struct package_PrimaryKerberosCtr3 *pkb3 = NULL;
uint32_t i;
uint32_t allocated_keys = 0;
status = ndr_pull_struct_blob(&blob, mem_ctx, &_pkb,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NT_STATUS_IS_OK(status)) {
+ krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob");
+ krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob");
+ ret = EINVAL;
+ goto out;
+ }
+
+ if (_pkb.version != 3) {
+ krb5_set_error_string(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
+ krb5_warnx(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
ret = EINVAL;
goto out;
}
- pkb = &_pkb;
+
+ pkb3 = &_pkb.ctr.ctr3;
- allocated_keys += pkb->num_keys1;
+ allocated_keys += pkb3->num_keys;
}
if (allocated_keys == 0) {
entry_ex->entry.keys.len++;
}
- if (pkb) {
- for (i=0; i < pkb->num_keys1; i++) {
+ if (pkb3) {
+ for (i=0; i < pkb3->num_keys; i++) {
bool use = true;
Key key;
- if (!pkb->keys1[i].value) continue;
+ if (!pkb3->keys[i].value) continue;
if (userAccountControl & UF_USE_DES_KEY_ONLY) {
- switch (pkb->keys1[i].keytype) {
+ switch (pkb3->keys[i].keytype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD5:
break;
key.mkvno = 0;
- if (pkb->salt.string) {
+ if (pkb3->salt.string) {
DATA_BLOB salt;
- salt = data_blob_string_const(pkb->salt.string);
+ salt = data_blob_string_const(pkb3->salt.string);
key.salt = calloc(1, sizeof(*key.salt));
if (key.salt == NULL) {
}
ret = krb5_keyblock_init(context,
- pkb->keys1[i].keytype,
- pkb->keys1[i].value->data,
- pkb->keys1[i].value->length,
+ pkb3->keys[i].keytype,
+ pkb3->keys[i].value->data,
+ pkb3->keys[i].value->length,
&key.key);
if (ret) {
if (key.salt) {
out:
if (ret != 0) {
- entry_ex->entry.keys.len = 0;
+ entry_ex->entry.keys.len = 0;
}
if (entry_ex->entry.keys.len == 0 && entry_ex->entry.keys.val) {
free(entry_ex->entry.keys.val);
entry_ex->entry.flags.ok_as_delegate = 1;
}
- if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
+ if (lp_parm_bool(NULL, "kdc", "require spn for service", true)) {
if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
krb5_error_code ret;
int lret;
char *filter = NULL;
- const char * const *princ_attrs = krb5_attrs;
+ const char * const *princ_attrs = user_attrs;
char *short_princ;
char *short_princ_talloc;
}
ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db,
- mem_ctx, user_dn, &msg, krb5_attrs);
+ mem_ctx, user_dn, &msg, user_attrs);
if (ldb_ret != 1) {
return HDB_ERR_NOENTRY;
static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
+ struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
TALLOC_CTX *mem_ctx;
hdb_entry_ex entry_ex;
memset(&entry_ex, '\0', sizeof(entry_ex));
if (ret != 0) {
talloc_free(priv);
- db->hdb_openp = NULL;
+ db->hdb_dbc = NULL;
} else {
talloc_free(mem_ctx);
}
hdb_entry_ex *entry)
{
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
+ struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
char *realm;
struct ldb_dn *realm_dn = NULL;
struct ldb_result *res = NULL;
if (priv) {
talloc_free(priv);
- db->hdb_openp = 0;
+ db->hdb_dbc = NULL;
}
priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq);
lret = ldb_search(ldb_ctx, realm_dn,
LDB_SCOPE_SUBTREE, "(objectClass=user)",
- krb5_attrs, &res);
+ user_attrs, &res);
if (lret != LDB_SUCCESS) {
talloc_free(priv);
priv->msgs = talloc_steal(priv, res->msgs);
talloc_free(res);
- db->hdb_openp = priv;
+ db->hdb_dbc = priv;
ret = LDB_seq(context, db, flags, entry);
-
+
if (ret != 0) {
talloc_free(priv);
- db->hdb_openp = NULL;
+ db->hdb_dbc = NULL;
} else {
talloc_free(mem_ctx);
}
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- (*db)->hdb_openp = 0;
+ (*db)->hdb_dbc = NULL;
(*db)->hdb_open = LDB_open;
(*db)->hdb_close = LDB_close;
(*db)->hdb_fetch = LDB_fetch;