if (s->initial) {
*k |= KRB5_KDB_DISALLOW_TGT_BASED;
}
- if (!s->forwardable) {
- *k |= KRB5_KDB_DISALLOW_FORWARDABLE;
+ /*
+ * Do not set any disallow rules for forwardable, proxiable,
+ * renewable, postdate and server.
+ *
+ * The KDC will take care setting the flags based on the incoming
+ * ticket.
+ */
+ if (s->forwardable) {
+ ;
}
- if (!s->proxiable) {
- *k |= KRB5_KDB_DISALLOW_PROXIABLE;
+ if (s->proxiable) {
+ ;
}
- if (!s->renewable) {
- *k |= KRB5_KDB_DISALLOW_RENEWABLE;
+ if (s->renewable) {
+ ;
}
- if (!s->postdate) {
- *k |= KRB5_KDB_DISALLOW_POSTDATED;
+ if (s->postdate) {
+ ;
}
- if (!s->server) {
- *k |= KRB5_KDB_DISALLOW_SVR;
+ if (s->server) {
+ ;
}
if (s->client) {
;
/* fail_auth_count */
/* n_tl_data */
- ret = sdb_event_to_kmod(context,
- s->modified_by ? s->modified_by : &s->created_by,
- k);
- if (ret) {
- free_krb5_db_entry(context, k);
- return ret;
+ /*
+ * If we leave early when looking up the realm, we do not have all
+ * information about a principal. We need to construct a db entry
+ * with minimal information, so skip this part.
+ */
+ if (s->created_by.time != 0) {
+ ret = sdb_event_to_kmod(context,
+ s->modified_by ? s->modified_by : &s->created_by,
+ k);
+ if (ret) {
+ free_krb5_db_entry(context, k);
+ return ret;
+ }
}
/* FIXME: TODO HDB Extensions */
-
- k->key_data = malloc(s->keys.len * sizeof(krb5_key_data));
- if (k->key_data == NULL) {
- free_krb5_db_entry(context, k);
- return ret;
- }
-
- for (i=0; i < s->keys.len; i++) {
-
- ret = sdb_key_to_krb5_key_data(&s->keys.val[i],
- s->kvno,
- &k->key_data[i]);
- if (ret) {
+ if (s->keys.len > 0) {
+ k->key_data = malloc(s->keys.len * sizeof(krb5_key_data));
+ if (k->key_data == NULL) {
free_krb5_db_entry(context, k);
return ret;
}
- k->n_key_data++;
+ for (i=0; i < s->keys.len; i++) {
+ ret = sdb_key_to_krb5_key_data(&s->keys.val[i],
+ s->kvno,
+ &k->key_data[i]);
+ if (ret) {
+ free_krb5_db_entry(context, k);
+ return ret;
+ }
+
+ k->n_key_data++;
+ }
}
return 0;
krb5_error_code ret;
krb5_context context;
+ if (entry_ex->e_data != NULL) {
+ struct samba_kdc_entry *skdc_entry;
+
+ skdc_entry = talloc_get_type(entry_ex->e_data,
+ struct samba_kdc_entry);
+ talloc_set_destructor(skdc_entry, NULL);
+ entry_ex->e_data = NULL;
+ }
+
ret = krb5_init_context(&context);
if (ret) {
return ret;
}
- free_krb5_db_entry(context, entry_ex);
+ krb5_db_free_principal(context, entry_ex);
krb5_free_context(context);
return 0;
}
-
int sdb_entry_ex_to_kdb_entry_ex(krb5_context context,
const struct sdb_entry_ex *s,
krb5_db_entry *k)
{
- struct samba_kdc_entry *skdc_entry;
-
ZERO_STRUCTP(k);
- skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry);
+ if (s->ctx != NULL) {
+ struct samba_kdc_entry *skdc_entry;
+
+ skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry);
- k->e_data = (void *)skdc_entry;
+ k->e_data = (void *)skdc_entry;
- talloc_set_destructor(skdc_entry, samba_kdc_kdb_entry_destructor);
+ talloc_set_destructor(skdc_entry,
+ samba_kdc_kdb_entry_destructor);
+ }
return sdb_entry_ex_to_krb5_db_entry(context, &s->entry, k);
}