krb5_error_code krb5_dbe_lookup_mod_princ_data(krb5_context context, krb5_db_entry *entry, krb5_timestamp *mod_time, krb5_principal *mod_princ) { krb5_tl_data tl_data; krb5_error_code code; tl_data.tl_data_type = KRB5_TL_MOD_PRINC; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) return(code); if ((tl_data.tl_data_length < 5) || (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0')) return(KRB5_KDB_TRUNCATED_RECORD); /* Mod Date */ krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time); /* Mod Princ */ if ((code = krb5_parse_name(context, (const char *) (tl_data.tl_data_contents+4), mod_princ))) return(code); return(0); }
krb5_error_code krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry, krb5_timestamp *stamp) { krb5_tl_data tl_data; krb5_error_code code; krb5_int32 tmp; tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) return(code); if (tl_data.tl_data_length != 4) { *stamp = 0; return(0); } krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp); *stamp = (krb5_timestamp) tmp; return(0); }
krb5_error_code krb5_decode_princ_entry(krb5_context context, krb5_data *content, krb5_db_entry **entry_ptr) { int sizeleft, i; unsigned char * nextloc; krb5_tl_data ** tl_data; krb5_int16 i16; krb5_db_entry * entry; krb5_error_code retval; *entry_ptr = NULL; entry = k5alloc(sizeof(*entry), &retval); if (entry == NULL) return retval; /* * Reverse the encoding of encode_princ_entry. * * The first part is decoding the base type. If the base type is * bigger than the original base type then the additional fields * need to be filled in. If the base type is larger than any * known base type the additional data goes in e_data. */ /* First do the easy stuff */ nextloc = (unsigned char *)content->data; sizeleft = content->length; if (sizeleft < KRB5_KDB_V1_BASE_LENGTH) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= KRB5_KDB_V1_BASE_LENGTH; /* Base Length */ krb5_kdb_decode_int16(nextloc, entry->len); nextloc += 2; /* Attributes */ krb5_kdb_decode_int32(nextloc, entry->attributes); nextloc += 4; /* Max Life */ krb5_kdb_decode_int32(nextloc, entry->max_life); nextloc += 4; /* Max Renewable Life */ krb5_kdb_decode_int32(nextloc, entry->max_renewable_life); nextloc += 4; /* When the client expires */ krb5_kdb_decode_int32(nextloc, entry->expiration); nextloc += 4; /* When its passwd expires */ krb5_kdb_decode_int32(nextloc, entry->pw_expiration); nextloc += 4; /* Last successful passwd */ krb5_kdb_decode_int32(nextloc, entry->last_success); nextloc += 4; /* Last failed passwd attempt */ krb5_kdb_decode_int32(nextloc, entry->last_failed); nextloc += 4; /* # of failed passwd attempt */ krb5_kdb_decode_int32(nextloc, entry->fail_auth_count); nextloc += 4; /* # tl_data strutures */ krb5_kdb_decode_int16(nextloc, entry->n_tl_data); nextloc += 2; if (entry->n_tl_data < 0) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } /* # key_data strutures */ krb5_kdb_decode_int16(nextloc, entry->n_key_data); nextloc += 2; if (entry->n_key_data < 0) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } /* Check for extra data */ if (entry->len > KRB5_KDB_V1_BASE_LENGTH) { entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH; entry->e_data = k5memdup(nextloc, entry->e_length, &retval); if (entry->e_data == NULL) goto error_out; nextloc += entry->e_length; } /* * Get the principal name for the entry * (stored as a string which gets unparsed.) */ if (sizeleft < 2) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= 2; i = 0; krb5_kdb_decode_int16(nextloc, i16); i = (int) i16; nextloc += 2; if (i <= 0 || i > sizeleft || nextloc[i - 1] != '\0' || memchr((char *)nextloc, '\0', i - 1) != NULL) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ)))) goto error_out; sizeleft -= i; nextloc += i; /* tl_data is a linked list */ tl_data = &entry->tl_data; for (i = 0; i < entry->n_tl_data; i++) { if (sizeleft < 4) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= 4; if ((*tl_data = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) == NULL) { retval = ENOMEM; goto error_out; } (*tl_data)->tl_data_next = NULL; (*tl_data)->tl_data_contents = NULL; krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type); nextloc += 2; krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length); nextloc += 2; if ((*tl_data)->tl_data_length > sizeleft) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= (*tl_data)->tl_data_length; (*tl_data)->tl_data_contents = k5memdup(nextloc, (*tl_data)->tl_data_length, &retval); if ((*tl_data)->tl_data_contents == NULL) goto error_out; nextloc += (*tl_data)->tl_data_length; tl_data = &((*tl_data)->tl_data_next); } /* key_data is an array */ if (entry->n_key_data && ((entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) { retval = ENOMEM; goto error_out; } for (i = 0; i < entry->n_key_data; i++) { krb5_key_data * key_data; int j; if (sizeleft < 4) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= 4; key_data = entry->key_data + i; memset(key_data, 0, sizeof(krb5_key_data)); krb5_kdb_decode_int16(nextloc, key_data->key_data_ver); nextloc += 2; krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno); nextloc += 2; /* key_data_ver determins number of elements and how to unparse them. */ if (key_data->key_data_ver >= 0 && key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) { for (j = 0; j < key_data->key_data_ver; j++) { if (sizeleft < 4) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= 4; krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]); nextloc += 2; krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]); nextloc += 2; if (key_data->key_data_length[j] > sizeleft) { retval = KRB5_KDB_TRUNCATED_RECORD; goto error_out; } sizeleft -= key_data->key_data_length[j]; if (key_data->key_data_length[j]) { key_data->key_data_contents[j] = k5memdup(nextloc, key_data->key_data_length[j], &retval); if (key_data->key_data_contents[j] == NULL) goto error_out; nextloc += key_data->key_data_length[j]; } } } else { retval = KRB5_KDB_BAD_VERSION; goto error_out; } } *entry_ptr = entry; return 0; error_out: krb5_db_free_principal(context, entry); return retval; }