return code;
}
- if ((code = krb5_parse_name(ctx, principal, &me))) {
+ if ((code = smb_krb5_parse_name(ctx, principal, &me))) {
krb5_free_context(ctx);
return code;
}
char *unparsed_name = NULL, *salt_princ_s = NULL;
krb5_principal ret_princ = NULL;
- if (krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
+ if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
return (krb5_principal)NULL;
}
if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) {
- krb5_free_unparsed_name(context, unparsed_name);
+ SAFE_FREE(unparsed_name);
return (krb5_principal)NULL;
}
- if (krb5_parse_name(context, salt_princ_s, &ret_princ) != 0) {
- krb5_free_unparsed_name(context, unparsed_name);
+ if (smb_krb5_parse_name(context, salt_princ_s, &ret_princ) != 0) {
+ SAFE_FREE(unparsed_name);
SAFE_FREE(salt_princ_s);
return (krb5_principal)NULL;
}
- krb5_free_unparsed_name(context, unparsed_name);
+ SAFE_FREE(unparsed_name);
SAFE_FREE(salt_princ_s);
return ret_princ;
}
asprintf(&princ_s, "%s@%s", service, lp_realm());
}
- if (krb5_parse_name(context, princ_s, &princ) != 0) {
+ if (smb_krb5_parse_name(context, princ_s, &princ) != 0) {
goto out;
}
- if (krb5_unparse_name(context, princ, &unparsed_name) != 0) {
+ if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) {
goto out;
}
SAFE_FREE(key);
SAFE_FREE(princ_s);
+ SAFE_FREE(unparsed_name);
- if (unparsed_name) {
- krb5_free_unparsed_name(context, unparsed_name);
- }
if (context) {
krb5_free_context(context);
}
asprintf(&service_s, "%s@%s", service_principal, lp_realm());
}
- if ((err = krb5_parse_name(ctx, service_s, &creds.server))) {
- DEBUG(0,("get_service_ticket: krb5_parse_name %s failed: %s\n",
+ if ((err = smb_krb5_parse_name(ctx, service_s, &creds.server))) {
+ DEBUG(0,("get_service_ticket: smb_krb5_parse_name %s failed: %s\n",
service_s, error_message(err)));
goto out;
}
asprintf(&salting_s, "%s@%s", salting_principal, lp_realm());
}
- if ((err = krb5_parse_name(ctx, salting_s, &salting_kprinc))) {
- DEBUG(0,("verify_service_password: krb5_parse_name %s failed: %s\n",
+ if ((err = smb_krb5_parse_name(ctx, salting_s, &salting_kprinc))) {
+ DEBUG(0,("verify_service_password: smb_krb5_parse_name %s failed: %s\n",
salting_s, error_message(err)));
goto out;
}
/* Guess at how the KDC is salting keys for this principal. */
kerberos_derive_salting_principal(princ_s);
- ret = krb5_parse_name(context, princ_s, &princ);
+ ret = smb_krb5_parse_name(context, princ_s, &princ);
if (ret) {
- DEBUG(1,("ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
+ DEBUG(1,("ads_keytab_add_entry: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
goto out;
}
while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
BOOL compare_name_ok = False;
- ret = krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
if (ret) {
- DEBUG(1,("ads_keytab_add_entry: krb5_unparse_name failed (%s)\n", error_message(ret)));
+ DEBUG(1,("ads_keytab_add_entry: smb_krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
goto out;
}
ktprinc, kt_entry.vno));
}
- krb5_free_unparsed_name(context, ktprinc);
- ktprinc = NULL;
+ SAFE_FREE(ktprinc);
if (compare_name_ok) {
if (kt_entry.vno == kvno - 1) {
char *p;
/* This returns a malloc'ed string in ktprinc. */
- ret = krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
if (ret) {
- DEBUG(1,("krb5_unparse_name failed (%s)\n", error_message(ret)));
+ DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret)));
goto done;
}
/*
break;
}
if (!strcmp(oldEntries[i], ktprinc)) {
- krb5_free_unparsed_name(context, ktprinc);
+ SAFE_FREE(ktprinc);
break;
}
}
if (i == found) {
- krb5_free_unparsed_name(context, ktprinc);
+ SAFE_FREE(ktprinc);
}
}
smb_krb5_kt_free_entry(context, &kt_entry);
ret = 0;
for (i = 0; oldEntries[i]; i++) {
ret |= ads_keytab_add_entry(ads, oldEntries[i]);
- krb5_free_unparsed_name(context, oldEntries[i]);
+ SAFE_FREE(oldEntries[i]);
}
krb5_kt_end_seq_get(context, keytab, &cursor);
}
if (ret != KRB5_KT_END && ret != ENOENT ) {
while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
- ret = krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
+ ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
if (ret) {
- DEBUG(1, ("ads_keytab_verify_ticket: krb5_unparse_name failed (%s)\n", error_message(ret)));
+ DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
goto out;
}
}
/* Free the name we parsed. */
- krb5_free_unparsed_name(context, entry_princ_s);
- entry_princ_s = NULL;
+ SAFE_FREE(entry_princ_s);
/* Free the entry we just read. */
smb_krb5_kt_free_entry(context, &kt_entry);
}
}
- if (entry_princ_s) {
- krb5_free_unparsed_name(context, entry_princ_s);
- }
+ SAFE_FREE(entry_princ_s);
{
krb5_keytab_entry zero_kt_entry;
asprintf(&host_princ_s, "%s$", global_myname());
strlower_m(host_princ_s);
- ret = krb5_parse_name(context, host_princ_s, &host_princ);
+ ret = smb_krb5_parse_name(context, host_princ_s, &host_princ);
if (ret) {
- DEBUG(1,("ads_verify_ticket: krb5_parse_name(%s) failed (%s)\n",
+ DEBUG(1,("ads_verify_ticket: smb_krb5_parse_name(%s) failed (%s)\n",
host_princ_s, error_message(ret)));
goto out;
}
#endif
#endif
- if ((ret = krb5_unparse_name(context, client_principal, principal))) {
- DEBUG(3,("ads_verify_ticket: krb5_unparse_name failed (%s)\n",
+ if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) {
+ DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
sret = NT_STATUS_LOGON_FAILURE;
goto out;
realm++;
asprintf(&princ_name, "kadmin/changepw@%s", realm);
- ret = krb5_parse_name(context, princ_name, &creds.server);
+ ret = smb_krb5_parse_name(context, princ_name, &creds.server);
if (ret) {
krb5_cc_close(context, ccache);
krb5_free_context(context);
free(princ_name);
/* parse the principal we got as a function argument */
- ret = krb5_parse_name(context, princ, &principal);
+ ret = smb_krb5_parse_name(context, princ, &principal);
if (ret) {
krb5_cc_close(context, ccache);
krb5_free_principal(context, creds.server);
return ADS_ERROR_KRB5(ret);
}
- if ((ret = krb5_parse_name(context, principal,
+ if ((ret = smb_krb5_parse_name(context, principal,
&princ))) {
krb5_free_context(context);
DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
if (!ADS_ERR_OK(status)) {
return status;
}
- status = ADS_ERROR_KRB5(krb5_parse_name(ctx, sname, &principal));
+ status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, &principal));
if (!ADS_ERR_OK(status)) {
return status;
}
#define KRB5_KEY_DATA(k) ((k)->contents)
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+/**************************************************************
+ Wrappers around kerberos string functions that convert from
+ utf8 -> unix charset and vica versa.
+**************************************************************/
+
+/**************************************************************
+ krb5_parse_name that takes a UNIX charset.
+**************************************************************/
+
+krb5_error_code smb_krb5_parse_name(krb5_context context,
+ const char *name, /* in unix charset */
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ char *utf8_name;
+
+ if (push_utf8_allocate(&utf8_name, name) == (size_t)-1) {
+ return ENOMEM;
+ }
+
+ ret = krb5_parse_name(context, utf8_name, principal);
+ SAFE_FREE(utf8_name);
+ return ret;
+}
+
+#ifdef HAVE_KRB5_PARSE_NAME_NOREALM
+/**************************************************************
+ krb5_parse_name_norealm that takes a UNIX charset.
+**************************************************************/
+
+static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
+ const char *name, /* in unix charset */
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ char *utf8_name;
+
+ if (push_utf8_allocate(&utf8_name, name) == (size_t)-1) {
+ return ENOMEM;
+ }
+
+ ret = krb5_parse_name_norealm(context, utf8_name, principal);
+ SAFE_FREE(utf8_name);
+ return ret;
+}
+#endif
+
+/**************************************************************
+ krb5_parse_name that returns a UNIX charset name. Must
+ be freed with normal free() call.
+**************************************************************/
+
+krb5_error_code smb_krb5_unparse_name(krb5_context context,
+ krb5_const_principal principal,
+ char **unix_name)
+{
+ krb5_error_code ret;
+ char *utf8_name;
+
+ ret = krb5_unparse_name(context, principal, &utf8_name);
+ if (ret) {
+ return ret;
+ }
+
+ if (pull_utf8_allocate(unix_name, utf8_name)==-1) {
+ krb5_free_unparsed_name(context, utf8_name);
+ return ENOMEM;
+ }
+ krb5_free_unparsed_name(context, utf8_name);
+ return 0;
+}
+
#ifndef HAVE_KRB5_SET_REAL_TIME
/*
* This function is not in the Heimdal mainline.
BOOL creds_ready = False;
int i = 0, maxtries = 3;
- retval = krb5_parse_name(context, principal, &server);
+ retval = smb_krb5_parse_name(context, principal, &server);
if (retval) {
DEBUG(1,("ads_krb5_mk_req: Failed to parse principal %s\n", principal));
return retval;
}
if ( DEBUGLEVEL >= 10 ) {
- krb5_unparse_name(context, server, &name);
- DEBUG(10,("get_key_from_keytab: will look for kvno %d, enctype %d and name: %s\n",
- kvno, enctype, name));
- krb5_free_unparsed_name(context, name);
+ if (smb_krb5_unparse_name(context, server, &name) == 0) {
+ DEBUG(10,("get_key_from_keytab: will look for kvno %d, enctype %d and name: %s\n",
+ kvno, enctype, name));
+ SAFE_FREE(name);
+ }
}
ret = krb5_kt_get_entry(context,
krb5_principal *principal)
{
#ifdef HAVE_KRB5_PARSE_NAME_NOREALM
- return krb5_parse_name_norealm(context, name, principal);
+ return smb_krb5_parse_name_norealm_conv(context, name, principal);
#endif
/* we are cheating here because parse_name will in fact set the realm.
* ignores the realm anyway when calling
* smb_krb5_principal_compare_any_realm later - Guenther */
- return krb5_parse_name(context, name, principal);
+ return smb_krb5_parse_name(context, name, principal);
}
BOOL smb_krb5_principal_compare_any_realm(krb5_context context,
krb5_creds creds;
if (client_string) {
- ret = krb5_parse_name(context, client_string, &client);
+ ret = smb_krb5_parse_name(context, client_string, &client);
if (ret) {
goto done;
}
memset(&creds_in, 0, sizeof(creds_in));
if (client_string) {
- ret = krb5_parse_name(context, client_string, &creds_in.client);
+ ret = smb_krb5_parse_name(context, client_string, &creds_in.client);
if (ret) {
goto done;
}
}
if (service_string) {
- ret = krb5_parse_name(context, service_string, &creds_in.server);
+ ret = smb_krb5_parse_name(context, service_string, &creds_in.server);
if (ret) {
goto done;
}
git.samba.org / samba.git / commitdiff