1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*
Unix SMB/CIFS implementation.
Database Glue between Samba and the KDC
Copyright (C) Guenther Deschner <gd@samba.org> 2014
Copyright (C) Andreas Schneider <asn@samba.org> 2014
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "system/kerberos.h"
#include "sdb.h"
#include "samba_kdc.h"
#include "lib/krb5_wrap/krb5_samba.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_KERBEROS
void sdb_key_free(struct sdb_key *k)
{
if (k == NULL) {
return;
}
/*
* Passing NULL as the Kerberos context is intentional here, as
* both Heimdal and MIT libraries don't use the context when
* clearing the keyblocks.
*/
krb5_free_keyblock_contents(NULL, &k->key);
if (k->salt) {
smb_krb5_free_data_contents(NULL, &k->salt->salt);
SAFE_FREE(k->salt);
}
ZERO_STRUCTP(k);
}
void sdb_keys_free(struct sdb_keys *keys)
{
unsigned int i;
if (keys == NULL) {
return;
}
for (i=0; i < keys->len; i++) {
sdb_key_free(&keys->val[i]);
}
SAFE_FREE(keys->val);
ZERO_STRUCTP(keys);
}
void sdb_entry_free(struct sdb_entry *s)
{
if (s->skdc_entry != NULL) {
s->skdc_entry->db_entry = NULL;
TALLOC_FREE(s->skdc_entry);
}
/*
* Passing NULL as the Kerberos context is intentional here, as both
* Heimdal and MIT libraries don't use the context when clearing the
* principals.
*/
krb5_free_principal(NULL, s->principal);
sdb_keys_free(&s->keys);
sdb_keys_free(&s->old_keys);
sdb_keys_free(&s->older_keys);
krb5_free_principal(NULL, s->created_by.principal);
if (s->modified_by) {
krb5_free_principal(NULL, s->modified_by->principal);
}
SAFE_FREE(s->valid_start);
SAFE_FREE(s->valid_end);
SAFE_FREE(s->pw_end);
ZERO_STRUCTP(s);
}
struct SDBFlags int2SDBFlags(unsigned n)
{
struct SDBFlags flags;
memset(&flags, 0, sizeof(flags));
flags.initial = (n >> 0) & 1;
flags.forwardable = (n >> 1) & 1;
flags.proxiable = (n >> 2) & 1;
flags.renewable = (n >> 3) & 1;
flags.postdate = (n >> 4) & 1;
flags.server = (n >> 5) & 1;
flags.client = (n >> 6) & 1;
flags.invalid = (n >> 7) & 1;
flags.require_preauth = (n >> 8) & 1;
flags.change_pw = (n >> 9) & 1;
flags.require_hwauth = (n >> 10) & 1;
flags.ok_as_delegate = (n >> 11) & 1;
flags.user_to_user = (n >> 12) & 1;
flags.immutable = (n >> 13) & 1;
flags.trusted_for_delegation = (n >> 14) & 1;
flags.allow_kerberos4 = (n >> 15) & 1;
flags.allow_digest = (n >> 16) & 1;
flags.locked_out = (n >> 17) & 1;
flags.do_not_store = (n >> 31) & 1;
return flags;
}
|
