ndr_err = ndr_pull_struct_blob_all(&sce->values[0], scb, scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob_all");
}
if (scb->sub.num_packages < 2) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"num_packages < 2");
}
subblob = strhex_to_data_blob(scb, scb->sub.packages[i].data);
if (subblob.data == NULL) {
+ talloc_free(scb);
return ldb_module_oom(module);
}
if (strcmp(scb->sub.packages[i].name, "Packages") == 0) {
if (scpp) {
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Packages twice");
}
if (strcmp(scb->sub.packages[i].name, "Primary:Kerberos") == 0) {
if (scpk) {
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Primary:Kerberos twice");
}
if (strcmp(scb->sub.packages[i].name, "Primary:Kerberos-Newer-Keys") == 0) {
if (scpkn) {
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Primary:Kerberos-Newer-Keys twice");
}
if (strcmp(scb->sub.packages[i].name, "Primary:CLEARTEXT") == 0) {
if (scpct) {
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Primary:CLEARTEXT twice");
}
if (scpp == NULL) {
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Primary:Packages missing");
* If Primary:Kerberos is missing w2k8r2 reboots
* when a password is changed.
*/
+ talloc_free(scb);
return ldb_error(ldb,
LDB_ERR_CONSTRAINT_VIOLATION,
"Primary:Kerberos missing");
p = talloc_zero(scb, struct package_PackagesBlob);
if (p == NULL) {
+ talloc_free(scb);
return ldb_module_oom(module);
}
ndr_err = ndr_pull_struct_blob(&scpbp, p, p,
(ndr_pull_flags_fn_t)ndr_pull_package_PackagesBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob Packages");
}
if (p->names == NULL) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"Packages names == NULL");
}
}
if (scb->sub.num_packages != (n + 1)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"Packages num_packages != num_names + 1");
}
k = talloc_zero(scb, struct package_PrimaryKerberosBlob);
if (k == NULL) {
+ talloc_free(scb);
return ldb_module_oom(module);
}
ndr_err = ndr_pull_struct_blob(&scpbk, k, k,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob PrimaryKerberos");
}
if (k->version != 3) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos version != 3");
}
if (k->ctr.ctr3.salt.string == NULL) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos salt == NULL");
}
if (strlen(k->ctr.ctr3.salt.string) == 0) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos strlen(salt) == 0");
}
if (k->ctr.ctr3.num_keys != 2) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos num_keys != 2");
}
if (k->ctr.ctr3.num_old_keys > k->ctr.ctr3.num_keys) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos num_old_keys > num_keys");
}
if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos key[0] != DES_CBC_MD5");
}
if (k->ctr.ctr3.keys[1].keytype != ENCTYPE_DES_CBC_CRC) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos key[1] != DES_CBC_CRC");
}
if (k->ctr.ctr3.keys[0].value_len != 8) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos key[0] value_len != 8");
}
if (k->ctr.ctr3.keys[1].value_len != 8) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos key[1] value_len != 8");
}
continue;
}
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryKerberos old_keys type/value_len doesn't match");
}
k = talloc_zero(scb, struct package_PrimaryKerberosBlob);
if (k == NULL) {
+ talloc_free(scb);
return ldb_module_oom(module);
}
ndr_err = ndr_pull_struct_blob(&scpbkn, k, k,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob PrimaryKerberosNeverKeys");
}
if (k->version != 4) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNerverKeys version != 4");
}
if (k->ctr.ctr4.salt.string == NULL) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys salt == NULL");
}
if (strlen(k->ctr.ctr4.salt.string) == 0) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys strlen(salt) == 0");
}
if (k->ctr.ctr4.num_keys != 4) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys num_keys != 2");
}
if (k->ctr.ctr4.num_old_keys > k->ctr.ctr4.num_keys) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys num_old_keys > num_keys");
}
if (k->ctr.ctr4.num_older_keys > k->ctr.ctr4.num_old_keys) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys num_older_keys > num_old_keys");
}
if (k->ctr.ctr4.keys[0].keytype != ENCTYPE_AES256_CTS_HMAC_SHA1_96) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[0] != AES256");
}
if (k->ctr.ctr4.keys[1].keytype != ENCTYPE_AES128_CTS_HMAC_SHA1_96) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[1] != AES128");
}
if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[2] != DES_CBC_MD5");
}
if (k->ctr.ctr4.keys[3].keytype != ENCTYPE_DES_CBC_CRC) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[3] != DES_CBC_CRC");
}
if (k->ctr.ctr4.keys[0].value_len != 32) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[0] value_len != 32");
}
if (k->ctr.ctr4.keys[1].value_len != 16) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[1] value_len != 16");
}
if (k->ctr.ctr4.keys[2].value_len != 8) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[2] value_len != 8");
}
if (k->ctr.ctr4.keys[3].value_len != 8) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"KerberosNewerKeys key[3] value_len != 8");
}
ct = talloc_zero(scb, struct package_PrimaryCLEARTEXTBlob);
if (ct == NULL) {
+ talloc_free(scb);
return ldb_module_oom(module);
}
ndr_err = ndr_pull_struct_blob(&scpbct, ct, ct,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryCLEARTEXTBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob PrimaryCLEARTEXT");
}
if ((ct->cleartext.length % 2) != 0) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"PrimaryCLEARTEXT length % 2 != 0");
}
ndr_err = ndr_push_struct_blob(&blob, scb, scb,
(ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"ndr_pull_struct_blob_all");
}
if (sce->values[0].length != blob.length) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"supplementalCredentialsBlob length differ");
}
if (!mem_equal_const_time(sce->values[0].data, blob.data, blob.length)) {
+ talloc_free(scb);
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
"supplementalCredentialsBlob memcmp differ");
}
projects / thirdparty / samba.git / commitdiff
