* If version of the KRB5_TL_ACTKVNO data is KRB5_TL_ACTKVNO_VER_1 then size of
* a actkvno tuple {act_kvno, act_time} entry is:
*/
-#define ACTKVNO_TUPLE_SIZE sizeof(krb5_int16) + sizeof(krb5_int32)
+#define ACTKVNO_TUPLE_SIZE (sizeof(krb5_int16) + sizeof(krb5_int32))
#define act_kvno(cp) (cp) /* return pointer to start of act_kvno data */
-#define act_time(cp) (cp) + sizeof(krb5_int16) /* return pointer to start of act_time data */
+#define act_time(cp) ((cp) + sizeof(krb5_int16)) /* return pointer to start of act_time data */
krb5_error_code
krb5_dbe_lookup_actkvno(krb5_context context,
{
krb5_tl_data tl_data;
krb5_error_code code;
- krb5_int16 version;
+ krb5_int16 version, tmp_kvno;
krb5_actkvno_node *head_data = NULL, *new_data = NULL, *prev_data = NULL;
unsigned int num_actkvno, i;
krb5_octet *next_tuple;
+ memset(&tl_data, 0, sizeof(tl_data));
tl_data.tl_data_type = KRB5_TL_ACTKVNO;
if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
krb5_free_actkvno_list(context, head_data);
return (ENOMEM);
}
- krb5_kdb_decode_int16(act_kvno(next_tuple), new_data->act_kvno);
+ /* using tmp_kvno to avoid type mismatch */
+ krb5_kdb_decode_int16(act_kvno(next_tuple), tmp_kvno);
+ new_data->act_kvno = (krb5_kvno) tmp_kvno;
krb5_kdb_decode_int32(act_time(next_tuple), new_data->act_time);
- /* XXX WAF: may be able to deal with list pointers in a better
- * way, see add_mkey() */
+
new_data->next = NULL;
if (prev_data != NULL)
prev_data->next = new_data;
const krb5_actkvno_node *actkvno_list)
{
krb5_error_code retval = 0;
- krb5_int16 version;
+ krb5_int16 version, tmp_kvno;
krb5_tl_data new_tl_data;
- krb5_octet *nextloc;
+ unsigned char *nextloc;
const krb5_actkvno_node *cur_actkvno;
if (actkvno_list == NULL) {
return (EINVAL);
}
+ memset(&new_tl_data, 0, sizeof(new_tl_data));
/* allocate initial KRB5_TL_ACTKVNO tl_data entry */
new_tl_data.tl_data_length = sizeof(version);
new_tl_data.tl_data_contents = (krb5_octet *) malloc(new_tl_data.tl_data_length);
return (ENOMEM);
/* add the current version # for the data format used for KRB5_TL_ACTKVNO */
- krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_ACTKVNO_VER_1, (unsigned char *)new_tl_data.tl_data_contents);
+ krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_ACTKVNO_VER_1,
+ (unsigned char *)new_tl_data.tl_data_contents);
- for (cur_actkvno = actkvno_list; cur_actkvno != NULL; cur_actkvno = cur_actkvno->next) {
+ for (cur_actkvno = actkvno_list; cur_actkvno != NULL;
+ cur_actkvno = cur_actkvno->next) {
new_tl_data.tl_data_length += ACTKVNO_TUPLE_SIZE;
new_tl_data.tl_data_contents = (krb5_octet *) realloc(new_tl_data.tl_data_contents,
new_tl_data.tl_data_length);
* next location to store new tuple.
*/
nextloc = new_tl_data.tl_data_contents + new_tl_data.tl_data_length - ACTKVNO_TUPLE_SIZE;
- krb5_kdb_encode_int16((krb5_ui_2)cur_actkvno->act_kvno, (unsigned char *)nextloc);
+ /* using tmp_kvno to avoid type mismatch issues */
+ tmp_kvno = (krb5_int16) cur_actkvno->act_kvno;
+ krb5_kdb_encode_int16(tmp_kvno, nextloc);
nextloc += sizeof(krb5_ui_2);
- krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, (unsigned char *)nextloc);
+ krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, nextloc);
}
new_tl_data.tl_data_type = KRB5_TL_ACTKVNO;
krb5_db_entry master_entry;
int nprinc;
krb5_boolean more, found_key = FALSE;
- krb5_keyblock tmp_mkey, tmp_clearkey;
- krb5_keylist_node *mkey_list_head, **mkey_list_node;
+ krb5_keyblock tmp_clearkey;
+ const krb5_keyblock *current_mkey;
+ krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node;
krb5_key_data *key_data;
krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry;
int i;
if (mkeys_list == NULL)
return (EINVAL);
- memset(&tmp_mkey, 0, sizeof(tmp_mkey));
memset(&tmp_clearkey, 0, sizeof(tmp_clearkey));
nprinc = 1;
* Check if the input mkey is the latest key and if it isn't then find the
* latest mkey.
*/
- if ((retval = krb5_dbekd_decrypt_key_data(context, &tmp_mkey,
+ if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
&master_entry.key_data[0],
&tmp_clearkey, NULL)) != 0) {
/*
aux_data_entry = aux_data_entry->next) {
if (aux_data_entry->mkey_kvno == mkvno) {
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
+ if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
&tmp_clearkey, NULL) == 0) {
found_key = TRUE;
break;
for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
aux_data_entry = aux_data_entry->next) {
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
+ if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
&tmp_clearkey, NULL) == 0) {
found_key = TRUE;
- /* XXX WAF: should I issue warning about kvno not matching?
- */
+ /* XXX WAF: should I issue warning about kvno not matching? */
break;
}
}
goto clean_n_exit;
}
}
+ current_mkey = &tmp_clearkey;
+ } else {
+ current_mkey = mkey;
}
/*
memset(mkey_list_head, 0, sizeof(krb5_keylist_node));
mkey_list_node = &mkey_list_head;
- for (i=0; i < master_entry.n_key_data; i++) {
+ /* XXX WAF: optimize by setting the first mkey_list_node to current mkey and
+ * if there are any others then do for loop below. */
+
+ for (i = 0; i < master_entry.n_key_data; i++) {
if (*mkey_list_node == NULL) {
/* *mkey_list_node points to next field of previous node */
*mkey_list_node = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node));
memset(*mkey_list_node, 0, sizeof(krb5_keylist_node));
}
key_data = &master_entry.key_data[i];
- retval = krb5_dbekd_decrypt_key_data(context, mkey,
+ retval = krb5_dbekd_decrypt_key_data(context, current_mkey,
key_data, &((*mkey_list_node)->keyblock),
NULL);
if (retval)
goto clean_n_exit;
+ (*mkey_list_node)->kvno = key_data->key_data_kvno;
mkey_list_node = &((*mkey_list_node)->next);
}
clean_n_exit:
- if (tmp_mkey.contents) {
- memset(tmp_mkey.contents, 0, tmp_mkey.length);
- krb5_db_free(context, tmp_mkey.contents);
- }
-
if (tmp_clearkey.contents) {
memset(tmp_clearkey.contents, 0, tmp_clearkey.length);
krb5_db_free(context, tmp_clearkey.contents);
projects / thirdparty / krb5.git / commitdiff
