Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/lib/kdb/kdb_convert.c
39566 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/*

3
 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.

4
 * Use is subject to license terms.

5
 */

6


7
/* #pragma ident        "@(#)kdb_convert.c      1.3     05/01/05 SMI" */

8


9
/*

10
 * This file contains api's for conversion of the kdb_incr_update_t

11
 * struct(s) into krb5_db_entry struct(s) and vice-versa.

12
 */

13
#include <k5-int.h>

14
#include <sys/types.h>

15
#include <com_err.h>

16
#include <locale.h>

17
#include <iprop_hdr.h>

18
#include "iprop.h"

19
#include <kdb.h>

20
#include <kdb_log.h>

21


22
/* BEGIN CSTYLED */

23
#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i]

24


25
#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u

26


27
#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j]

28


29
#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j]

30


31
#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j]

32
/* END CSTYLED */

33


34
typedef enum {

35
    REG_PRINC = 0,

36
    MOD_PRINC = 1

37
} princ_type;

38


39


40
/*

41
 * This routine tracks the krb5_db_entry fields that have been modified

42
 * (by comparing it to the db_entry currently present in principal.db)

43
 * in the update.

44
 */

45
static void

46
find_changed_attrs(krb5_db_entry *current, krb5_db_entry *new,

47
                   krb5_boolean exclude_nra,

48
                   kdbe_attr_type_t *attrs, int *nattrs)

49
{

50
    int i = 0, j = 0;

51


52
    krb5_tl_data *first, *second;

53


54
    if (current->attributes != new->attributes)

55
        attrs[i++] = AT_ATTRFLAGS;

56


57
    if (current->max_life != new->max_life)

58
        attrs[i++] = AT_MAX_LIFE;

59


60
    if (current->max_renewable_life != new->max_renewable_life)

61
        attrs[i++] = AT_MAX_RENEW_LIFE;

62


63
    if (current->expiration != new->expiration)

64
        attrs[i++] = AT_EXP;

65


66
    if (current->pw_expiration != new->pw_expiration)

67
        attrs[i++] = AT_PW_EXP;

68


69
    if (!exclude_nra) {

70
        if (current->last_success != new->last_success)

71
            attrs[i++] = AT_LAST_SUCCESS;

72


73
        if (current->last_failed != new->last_failed)

74
            attrs[i++] = AT_LAST_FAILED;

75


76
        if (current->fail_auth_count != new->fail_auth_count)

77
            attrs[i++] = AT_FAIL_AUTH_COUNT;

78
    }

79


80
    if ((current->princ->type == new->princ->type) &&

81
        (current->princ->length == new->princ->length)) {

82
        if ((current->princ->realm.length ==

83
             new->princ->realm.length) &&

84
            strncmp(current->princ->realm.data,

85
                    new->princ->realm.data,

86
                    current->princ->realm.length)) {

87
            for (j = 0; j < current->princ->length; j++) {

88
                if ((current->princ->data[j].data != NULL) &&

89
                    (strncmp(current->princ->data[j].data,

90
                             new->princ->data[j].data,

91
                             current->princ->data[j].length))) {

92
                    attrs[i++] = AT_PRINC;

93
                    break;

94
                }

95
            }

96
        } else {

97
            attrs[i++] = AT_PRINC;

98
        }

99
    } else {

100
        attrs[i++] = AT_PRINC;

101
    }

102


103
    if (current->n_key_data == new->n_key_data) {

104
        /* Assuming key ordering is the same in new & current */

105
        for (j = 0; j < new->n_key_data; j++) {

106
            if (current->key_data[j].key_data_kvno !=

107
                new->key_data[j].key_data_kvno) {

108
                attrs[i++] = AT_KEYDATA;

109
                break;

110
            }

111
        }

112
    } else {

113
        attrs[i++] = AT_KEYDATA;

114
    }

115


116
    if (current->n_tl_data == new->n_tl_data) {

117
        /* Assuming we preserve the TL_DATA ordering between updates */

118
        for (first = current->tl_data, second = new->tl_data;

119
             first; first = first->tl_data_next,

120
                 second = second->tl_data_next) {

121
            if ((first->tl_data_length == second->tl_data_length) &&

122
                (first->tl_data_type == second->tl_data_type)) {

123
                if ((memcmp((char *)first->tl_data_contents,

124
                            (char *)second->tl_data_contents,

125
                            first->tl_data_length)) != 0) {

126
                    attrs[i++] = AT_TL_DATA;

127
                    break;

128
                }

129
            } else {

130
                attrs[i++] = AT_TL_DATA;

131
                break;

132
            }

133
        }

134
    } else {

135
        attrs[i++] = AT_TL_DATA;

136
    }

137


138
    if (current->len != new->len)

139
        attrs[i++] = AT_LEN;

140
    /*

141
     * Store the no. of (possibly :)) changed attributes

142
     */

143
    *nattrs = i;

144
}

145


146


147
/* Initialize *u with a copy of d.  Return 0 on success, -1 on failure. */

148
static int

149
data_to_utf8str(utf8str_t *u, krb5_data d)

150
{

151
    u->utf8str_t_len = d.length;

152
    if (d.data) {

153
        u->utf8str_t_val = malloc(d.length);

154
        if (u->utf8str_t_val == NULL)

155
            return -1;

156
        memcpy(u->utf8str_t_val, d.data, d.length);

157
    } else

158
        u->utf8str_t_val = NULL;

159
    return 0;

160
}

161


162
/*

163
 * Converts the krb5_principal struct from db2 to ulog format.

164
 */

165
static krb5_error_code

166
conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd,

167
                 int cnt, princ_type tp)

168
{

169
    int i = 0;

170
    kdbe_princ_t *p;

171
    kdbe_data_t *components;

172


173
    if ((upd == NULL) || !princ)

174
        return (KRB5KRB_ERR_GENERIC);

175


176
    switch (tp) {

177
    case REG_PRINC:

178
    case MOD_PRINC:

179
        p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */

180
        p->k_nametype = (int32_t)princ->type;

181


182
        if (data_to_utf8str(&p->k_realm, princ->realm) < 0) {

183
            return ENOMEM;

184
        }

185


186
        p->k_components.k_components_len = princ->length;

187


188
        p->k_components.k_components_val = components

189
            = malloc(princ->length * sizeof (kdbe_data_t));

190
        if (p->k_components.k_components_val == NULL) {

191
            free(p->k_realm.utf8str_t_val);

192
            p->k_realm.utf8str_t_val = NULL;

193
            return (ENOMEM);

194
        }

195


196
        memset(components, 0, princ->length * sizeof(kdbe_data_t));

197
        for (i = 0; i < princ->length; i++)

198
            components[i].k_data.utf8str_t_val = NULL;

199
        for (i = 0; i < princ->length; i++) {

200
            components[i].k_magic = princ->data[i].magic;

201
            if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) {

202
                int j;

203
                for (j = 0; j < i; j++) {

204
                    free(components[j].k_data.utf8str_t_val);

205
                    components[j].k_data.utf8str_t_val = NULL;

206
                }

207
                free(components);

208
                p->k_components.k_components_val = NULL;

209
                free(p->k_realm.utf8str_t_val);

210
                p->k_realm.utf8str_t_val = NULL;

211
                return ENOMEM;

212
            }

213
        }

214
        break;

215


216
    default:

217
        break;

218
    }

219
    return (0);

220
}

221


222
/*

223
 * Copies a UTF-8 string from ulog to a krb5_data object, which may

224
 * already have allocated storage associated with it.

225
 *

226
 * Maybe a return value should indicate success/failure?

227
 */

228
static void

229
set_from_utf8str(krb5_data *d, utf8str_t u)

230
{

231
    if (u.utf8str_t_len > INT_MAX - 1) {

232
        d->data = NULL;

233
        return;

234
    }

235
    d->length = u.utf8str_t_len;

236
    d->data = malloc(d->length + 1);

237
    if (d->data == NULL)

238
        return;

239
    if (d->length)      /* Pointer may be null if length = 0.  */

240
        strncpy(d->data, u.utf8str_t_val, d->length);

241
    d->data[d->length] = 0;

242
}

243


244
/*

245
 * Converts the krb5_principal struct from ulog to db2 format.

246
 */

247
static krb5_principal

248
conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ)

249
{

250
    unsigned int i;

251
    int j;

252
    krb5_principal princ;

253
    kdbe_data_t *components;

254


255
    princ = calloc(1, sizeof (krb5_principal_data));

256
    if (princ == NULL) {

257
        return NULL;

258
    }

259
    princ->length = 0;

260
    princ->data = NULL;

261


262
    components = kdbe_princ->k_components.k_components_val;

263


264
    princ->type = (krb5_int32) kdbe_princ->k_nametype;

265
    princ->realm.data = NULL;

266
    set_from_utf8str(&princ->realm, kdbe_princ->k_realm);

267
    if (princ->realm.data == NULL)

268
        goto error;

269


270
    princ->data = calloc(kdbe_princ->k_components.k_components_len,

271
                         sizeof (krb5_data));

272
    if (princ->data == NULL)

273
        goto error;

274
    for (i = 0; i < kdbe_princ->k_components.k_components_len; i++)

275
        princ->data[i].data = NULL;

276
    princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len;

277


278
    for (j = 0; j < princ->length; j++) {

279
        princ->data[j].magic = components[j].k_magic;

280
        set_from_utf8str(&princ->data[j], components[j].k_data);

281
        if (princ->data[j].data == NULL)

282
            goto error;

283
    }

284


285
    return princ;

286
error:

287
    krb5_free_principal(context, princ);

288
    return NULL;

289
}

290


291


292
/*

293
 * This routine converts a krb5 DB record into update log (ulog) entry format.

294
 * Space for the update log entry should be allocated prior to invocation of

295
 * this routine.

296
 */

297
krb5_error_code

298
ulog_conv_2logentry(krb5_context context, krb5_db_entry *entry,

299
                    kdb_incr_update_t *update)

300
{

301
    int i, j, cnt, final, nattrs, tmpint;

302
    krb5_principal tmpprinc;

303
    krb5_tl_data *newtl;

304
    krb5_db_entry *curr;

305
    krb5_error_code ret;

306
    kdbe_attr_type_t *attr_types;

307
    int kadm_data_yes;

308


309
    nattrs = tmpint = 0;

310
    final = -1;

311
    kadm_data_yes = 0;

312
    attr_types = NULL;

313


314
    /*

315
     * XXX we rely on the good behaviour of the database not to

316
     * exceed this limit.

317
     */

318
    if ((update->kdb_update.kdbe_t_val = (kdbe_val_t *)

319
         malloc(MAXENTRY_SIZE)) == NULL) {

320
        return (ENOMEM);

321
    }

322


323
    /*

324
     * Find out which attrs have been modified

325
     */

326
    if ((attr_types = (kdbe_attr_type_t *)malloc(

327
             sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE))

328
        == NULL) {

329
        return (ENOMEM);

330
    }

331


332
    ret = krb5_db_get_principal(context, entry->princ, 0, &curr);

333
    if (ret && ret != KRB5_KDB_NOENTRY) {

334
        free(attr_types);

335
        return (ret);

336
    }

337


338
    if (ret == KRB5_KDB_NOENTRY) {

339
        /*

340
         * This is a new entry to the database, hence will

341
         * include all the attribute-value pairs

342
         *

343
         * We leave out the TL_DATA types which we model as

344
         * attrs in kdbe_attr_type_t, since listing AT_TL_DATA

345
         * encompasses these other types-turned-attributes

346
         *

347
         * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME,

348
         * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY,

349
         * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST,

350
         * totalling 8 attrs.

351
         */

352
        while (nattrs < MAXATTRS_SIZE - 8) {

353
            attr_types[nattrs] = nattrs;

354
            nattrs++;

355
        }

356
    } else {

357
        /* Always exclude non-replicated attributes for now. */

358
        find_changed_attrs(curr, entry, TRUE, attr_types, &nattrs);

359
        krb5_db_free_principal(context, curr);

360
    }

361


362
    for (i = 0; i < nattrs; i++) {

363
        switch (attr_types[i]) {

364
        case AT_ATTRFLAGS:

365
            if (entry->attributes >= 0) {

366
                ULOG_ENTRY_TYPE(update, ++final).av_type =

367
                    AT_ATTRFLAGS;

368
                ULOG_ENTRY(update, final).av_attrflags =

369
                    (uint32_t)entry->attributes;

370
            }

371
            break;

372


373
        case AT_MAX_LIFE:

374
            if (entry->max_life >= 0) {

375
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MAX_LIFE;

376
                ULOG_ENTRY(update, final).av_max_life =

377
                    (uint32_t)entry->max_life;

378
            }

379
            break;

380


381
        case AT_MAX_RENEW_LIFE:

382
            if (entry->max_renewable_life >= 0) {

383
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MAX_RENEW_LIFE;

384
                ULOG_ENTRY(update, final).av_max_renew_life =

385
                    (uint32_t)entry->max_renewable_life;

386
            }

387
            break;

388


389
        case AT_EXP:

390
            if (entry->expiration >= 0) {

391
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_EXP;

392
                ULOG_ENTRY(update, final).av_exp = (uint32_t)entry->expiration;

393
            }

394
            break;

395


396
        case AT_PW_EXP:

397
            if (entry->pw_expiration >= 0) {

398
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PW_EXP;

399
                ULOG_ENTRY(update, final).av_pw_exp =

400
                    (uint32_t)entry->pw_expiration;

401
            }

402
            break;

403


404
        case AT_PRINC:

405
            if (entry->princ->length > 0) {

406
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PRINC;

407
                if ((ret = conv_princ_2ulog(entry->princ,

408
                                            update, final, REG_PRINC))) {

409
                    free(attr_types);

410
                    return (ret);

411
                }

412
            }

413
            break;

414


415
        case AT_KEYDATA:

416
/* BEGIN CSTYLED */

417
            if (entry->n_key_data >= 0) {

418
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_KEYDATA;

419
                ULOG_ENTRY(update, final).av_keydata.av_keydata_len =

420
                    entry->n_key_data;

421
                ULOG_ENTRY(update, final).av_keydata.av_keydata_val =

422
                    malloc(entry->n_key_data * sizeof (kdbe_key_t));

423
                if (ULOG_ENTRY(update, final).av_keydata.av_keydata_val ==

424
                    NULL) {

425
                    free(attr_types);

426
                    return (ENOMEM);

427
                }

428


429
                for (j = 0; j < entry->n_key_data; j++) {

430
                    ULOG_ENTRY_KEYVAL(update, final, j).k_ver =

431
                        entry->key_data[j].key_data_ver;

432
                    ULOG_ENTRY_KEYVAL(update, final, j).k_kvno =

433
                        entry->key_data[j].key_data_kvno;

434
                    ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_len = entry->key_data[j].key_data_ver;

435
                    ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_len = entry->key_data[j].key_data_ver;

436


437
                    ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val = malloc(entry->key_data[j].key_data_ver * sizeof(int32_t));

438
                    if (ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val == NULL) {

439
                        free(attr_types);

440
                        return (ENOMEM);

441
                    }

442


443
                    ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val = malloc(entry->key_data[j].key_data_ver * sizeof(utf8str_t));

444
                    if (ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val == NULL) {

445
                        free(attr_types);

446
                        return (ENOMEM);

447
                    }

448


449
                    for (cnt = 0; cnt < entry->key_data[j].key_data_ver;

450
                         cnt++) {

451
                        ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val[cnt] = entry->key_data[j].key_data_type[cnt];

452
                        ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = entry->key_data[j].key_data_length[cnt];

453
                        ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(entry->key_data[j].key_data_length[cnt] * sizeof (char));

454
                        if (ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) {

455
                            free(attr_types);

456
                            return (ENOMEM);

457
                        }

458
                        (void) memcpy(ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, entry->key_data[j].key_data_contents[cnt], entry->key_data[j].key_data_length[cnt]);

459
                    }

460
                }

461
            }

462
            break;

463


464
        case AT_TL_DATA:

465
            ret = krb5_dbe_lookup_last_pwd_change(context, entry, &tmpint);

466
            if (ret == 0) {

467
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PW_LAST_CHANGE;

468
                ULOG_ENTRY(update, final).av_pw_last_change = tmpint;

469
            }

470
            tmpint = 0;

471


472
            if(!(ret = krb5_dbe_lookup_mod_princ_data(context, entry, &tmpint,

473
                                                      &tmpprinc))) {

474


475
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MOD_PRINC;

476


477
                ret = conv_princ_2ulog(tmpprinc, update, final, MOD_PRINC);

478
                krb5_free_principal(context, tmpprinc);

479
                if (ret) {

480
                    free(attr_types);

481
                    return (ret);

482
                }

483
                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MOD_TIME;

484
                ULOG_ENTRY(update, final).av_mod_time =

485
                    tmpint;

486
            }

487


488
            newtl = entry->tl_data;

489
            while (newtl) {

490
                switch (newtl->tl_data_type) {

491
                case KRB5_TL_LAST_PWD_CHANGE:

492
                case KRB5_TL_MOD_PRINC:

493
                    break;

494


495
                case KRB5_TL_KADM_DATA:

496
                default:

497
                    if (kadm_data_yes == 0) {

498
                        ULOG_ENTRY_TYPE(update, ++final).av_type = AT_TL_DATA;

499
                        ULOG_ENTRY(update, final).av_tldata.av_tldata_len = 0;

500
                        ULOG_ENTRY(update, final).av_tldata.av_tldata_val =

501
                            malloc(entry->n_tl_data * sizeof(kdbe_tl_t));

502


503
                        if (ULOG_ENTRY(update, final).av_tldata.av_tldata_val

504
                            == NULL) {

505
                            free(attr_types);

506
                            return (ENOMEM);

507
                        }

508
                        kadm_data_yes = 1;

509
                    }

510


511
                    tmpint = ULOG_ENTRY(update, final).av_tldata.av_tldata_len;

512
                    ULOG_ENTRY(update, final).av_tldata.av_tldata_len++;

513
                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type;

514
                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length;

515
                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char));

516
                    if (ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) {

517
                        free(attr_types);

518
                        return (ENOMEM);

519
                    }

520
                    (void) memcpy(ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length);

521
                    break;

522
                }

523
                newtl = newtl->tl_data_next;

524
            }

525
            break;

526
/* END CSTYLED */

527


528
        case AT_LEN:

529
            ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LEN;

530
            ULOG_ENTRY(update, final).av_len = (int16_t)entry->len;

531
            break;

532


533
        default:

534
            break;

535
        }

536


537
    }

538


539
    free(attr_types);

540


541
    /*

542
     * Update len field in kdb_update

543
     */

544
    update->kdb_update.kdbe_t_len = ++final;

545
    return (0);

546
}

547


548
/* Convert an update log (ulog) entry into a kerberos record. */

549
krb5_error_code

550
ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,

551
                   kdb_incr_update_t *update)

552
{

553
    krb5_db_entry *ent = NULL;

554
    int replica;

555
    krb5_principal mod_princ = NULL;

556
    int i, j, cnt = 0, mod_time = 0, nattrs;

557
    krb5_principal dbprinc;

558
    char *dbprincstr = NULL;

559
    krb5_tl_data newtl;

560
    krb5_error_code ret;

561
    unsigned int prev_n_keys = 0;

562
    krb5_boolean is_add;

563
    void *newptr;

564


565
    *entry = NULL;

566


567
    replica = (context->kdblog_context != NULL) &&

568
        (context->kdblog_context->iproprole == IPROP_REPLICA);

569


570
    /*

571
     * Store the no. of changed attributes in nattrs

572
     */

573
    nattrs = update->kdb_update.kdbe_t_len;

574


575
    dbprincstr = k5memdup0(update->kdb_princ_name.utf8str_t_val,

576
                           update->kdb_princ_name.utf8str_t_len, &ret);

577
    if (dbprincstr == NULL)

578
        goto cleanup;

579


580
    ret = krb5_parse_name(context, dbprincstr, &dbprinc);

581
    free(dbprincstr);

582
    if (ret)

583
        goto cleanup;

584


585
    ret = krb5_db_get_principal(context, dbprinc, 0, &ent);

586
    krb5_free_principal(context, dbprinc);

587
    if (ret && ret != KRB5_KDB_NOENTRY)

588
        goto cleanup;

589
    is_add = (ret == KRB5_KDB_NOENTRY);

590


591
    /*

592
     * Set ent->n_tl_data = 0 initially, if this is an ADD update

593
     */

594
    if (is_add) {

595
        ent = calloc(1, sizeof(*ent));

596
        if (ent == NULL)

597
            return (ENOMEM);

598
        ent->n_tl_data = 0;

599
    }

600


601
    for (i = 0; i < nattrs; i++) {

602
        krb5_principal tmpprinc = NULL;

603


604
#define u (ULOG_ENTRY(update, i))

605
        switch (ULOG_ENTRY_TYPE(update, i).av_type) {

606
        case AT_ATTRFLAGS:

607
            ent->attributes = (krb5_flags) u.av_attrflags;

608
            break;

609


610
        case AT_MAX_LIFE:

611
            ent->max_life = (krb5_deltat) u.av_max_life;

612
            break;

613


614
        case AT_MAX_RENEW_LIFE:

615
            ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life;

616
            break;

617


618
        case AT_EXP:

619
            ent->expiration = (krb5_timestamp) u.av_exp;

620
            break;

621


622
        case AT_PW_EXP:

623
            ent->pw_expiration = (krb5_timestamp) u.av_pw_exp;

624
            break;

625


626
        case AT_LAST_SUCCESS:

627
            if (!replica)

628
                ent->last_success = (krb5_timestamp) u.av_last_success;

629
            break;

630


631
        case AT_LAST_FAILED:

632
            if (!replica)

633
                ent->last_failed = (krb5_timestamp) u.av_last_failed;

634
            break;

635


636
        case AT_FAIL_AUTH_COUNT:

637
            if (!replica)

638
                ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count;

639
            break;

640


641
        case AT_PRINC:

642
            tmpprinc = conv_princ_2db(context, &u.av_princ);

643
            if (tmpprinc == NULL) {

644
                ret = ENOMEM;

645
                goto cleanup;

646
            }

647
            krb5_free_principal(context, ent->princ);

648
            ent->princ = tmpprinc;

649
            break;

650


651
        case AT_KEYDATA:

652
            if (!is_add)

653
                prev_n_keys = ent->n_key_data;

654
            else

655
                prev_n_keys = 0;

656
            ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len;

657
            if (is_add)

658
                ent->key_data = NULL;

659


660
            /* Allocate one extra key data to avoid allocating zero bytes. */

661
            newptr = realloc(ent->key_data, (ent->n_key_data + 1) *

662
                             sizeof(krb5_key_data));

663
            if (newptr == NULL) {

664
                ret = ENOMEM;

665
                goto cleanup;

666
            }

667
            ent->key_data = newptr;

668


669
/* BEGIN CSTYLED */

670
            for (j = prev_n_keys; j < ent->n_key_data; j++) {

671
                for (cnt = 0; cnt < 2; cnt++) {

672
                    ent->key_data[j].key_data_contents[cnt] = NULL;

673
                }

674
            }

675
            for (j = 0; j < ent->n_key_data; j++) {

676
                krb5_key_data *kp = &ent->key_data[j];

677
                kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(update, i, j);

678
                kp->key_data_ver = (krb5_int16)kv->k_ver;

679
                kp->key_data_kvno = (krb5_ui_2)kv->k_kvno;

680
                if (kp->key_data_ver > 2) {

681
                    ret = EINVAL; /* XXX ? */

682
                    goto cleanup;

683
                }

684


685
                for (cnt = 0; cnt < kp->key_data_ver; cnt++) {

686
                    kp->key_data_type[cnt] =  (krb5_int16)kv->k_enctype.k_enctype_val[cnt];

687
                    kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len;

688
                    newptr = realloc(kp->key_data_contents[cnt],

689
                                     kp->key_data_length[cnt]);

690
                    if (newptr == NULL) {

691
                        ret = ENOMEM;

692
                        goto cleanup;

693
                    }

694
                    kp->key_data_contents[cnt] = newptr;

695


696
                    (void) memset(kp->key_data_contents[cnt], 0,

697
                                  kp->key_data_length[cnt]);

698
                    (void) memcpy(kp->key_data_contents[cnt],

699
                                  kv->k_contents.k_contents_val[cnt].utf8str_t_val,

700
                                  kp->key_data_length[cnt]);

701
                }

702
            }

703
            break;

704


705
        case AT_TL_DATA: {

706
            for (j = 0; j < (int)u.av_tldata.av_tldata_len; j++) {

707
                newtl.tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;

708
                newtl.tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;

709
                newtl.tl_data_contents = (krb5_octet *)u.av_tldata.av_tldata_val[j].tl_data.tl_data_val;

710
                newtl.tl_data_next = NULL;

711
                ret = krb5_dbe_update_tl_data(context, ent, &newtl);

712
                if (ret)

713
                    goto cleanup;

714
            }

715
            break;

716
/* END CSTYLED */

717
        }

718
        case AT_PW_LAST_CHANGE:

719
            ret = krb5_dbe_update_last_pwd_change(context, ent,

720
                                                  u.av_pw_last_change);

721
            if (ret)

722
                goto cleanup;

723
            break;

724


725
        case AT_MOD_PRINC:

726
            tmpprinc = conv_princ_2db(context, &u.av_mod_princ);

727
            if (tmpprinc == NULL) {

728
                ret = ENOMEM;

729
                goto cleanup;

730
            }

731
            mod_princ = tmpprinc;

732
            break;

733


734
        case AT_MOD_TIME:

735
            mod_time = u.av_mod_time;

736
            break;

737


738
        case AT_LEN:

739
            ent->len = (krb5_int16) u.av_len;

740
            break;

741


742
        default:

743
            break;

744
        }

745
#undef u

746
    }

747


748
    /*

749
     * process mod_princ_data request

750
     */

751
    if (mod_time && mod_princ) {

752
        ret = krb5_dbe_update_mod_princ_data(context, ent,

753
                                             mod_time, mod_princ);

754
        if (ret)

755
            goto cleanup;

756
    }

757


758
    *entry = ent;

759
    ent = NULL;

760
    ret = 0;

761
cleanup:

762
    krb5_db_free_principal(context, ent);

763
    krb5_free_principal(context, mod_princ);

764
    return ret;

765
}

766


767


768


769
/*

770
 * This routine frees up memory associated with the bunched ulog entries.

771
 */

772
void

773
ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates)

774
{

775


776
    kdb_incr_update_t *upd;

777
    unsigned int i, j;

778
    int k, cnt;

779


780
    if (updates == NULL)

781
        return;

782


783
    upd = updates;

784


785
    /*

786
     * Loop thru each ulog entry

787
     */

788
    for (cnt = 0; cnt < no_of_updates; cnt++) {

789


790
        /*

791
         * ulog entry - kdb_princ_name

792
         */

793
        free(upd->kdb_princ_name.utf8str_t_val);

794


795
/* BEGIN CSTYLED */

796


797
        /*

798
         * ulog entry - kdb_kdcs_seen_by

799
         */

800
        if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) {

801
            for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++)

802
                free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val);

803
            free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val);

804
        }

805


806
        /*

807
         * ulog entry - kdb_futures

808
         */

809
        free(upd->kdb_futures.kdb_futures_val);

810


811
        /*

812
         * ulog entry - kdb_update

813
         */

814
        if (upd->kdb_update.kdbe_t_val) {

815
            /*

816
             * Loop thru all the attributes and free up stuff

817
             */

818
            for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) {

819


820
                /*

821
                 * Free av_key_data

822
                 */

823
                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) {

824


825
                    for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) {

826
                        free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val);

827
                        if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) {

828
                            for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) {

829
                                free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val);

830
                            }

831
                            free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val);

832
                        }

833
                    }

834
                    free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val);

835
                }

836


837


838
                /*

839
                 * Free av_tl_data

840
                 */

841
                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) {

842
                    for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) {

843
                        free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val);

844
                    }

845
                    free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val);

846
                }

847


848
                /*

849
                 * Free av_princ

850
                 */

851
                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) {

852
                    free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val);

853
                    if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) {

854
                        for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) {

855
                            free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val);

856
                        }

857
                        free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val);

858
                    }

859
                }

860


861
                /*

862
                 * Free av_mod_princ

863
                 */

864
                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) {

865
                    free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val);

866
                    if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) {

867
                        for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) {

868
                            free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val);

869
                        }

870
                        free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val);

871
                    }

872
                }

873


874
                /*

875
                 * Free av_mod_where

876
                 */

877
                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val)

878
                    free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val);

879


880
                /*

881
                 * Free av_pw_policy

882
                 */

883
                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val)

884
                    free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val);

885


886
                /*

887
                 * XXX: Free av_pw_hist

888
                 *

889
                 * For now, we just free the pointer

890
                 * to av_pw_hist_val, since we aren't

891
                 * populating this union member in

892
                 * the conv api function(s) anyways.

893
                 */

894
                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val)

895
                    free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val);

896


897
            }

898


899
            /*

900
             * Free up the pointer to kdbe_t_val

901
             */

902
            free(upd->kdb_update.kdbe_t_val);

903
        }

904


905
/* END CSTYLED */

906


907
        /*

908
         * Bump up to next struct

909
         */

910
        upd++;

911
    }

912


913


914
    /*

915
     * Finally, free up the pointer to the bunched ulog entries

916
     */

917
    free(updates);

918
}

919


920