diff --git a/kadmin/load.c b/kadmin/load.c index 870ff3177..64a78f4f5 100644 --- a/kadmin/load.c +++ b/kadmin/load.c @@ -369,7 +369,7 @@ doit(const char *filename, int mergep) int line; int flags = O_RDWR; struct entry e; - hdb_entry ent; + hdb_entry_ex ent; HDB *db = _kadm5_s_get_db(kadm_handle); f = fopen(filename, "r"); @@ -447,7 +447,7 @@ doit(const char *filename, int mergep) p = skip_next(p); memset(&ent, 0, sizeof(ent)); - ret = krb5_parse_name(context, e.principal, &ent.principal); + ret = krb5_parse_name(context, e.principal, &ent.entry.principal); if(ret) { fprintf(stderr, "%s:%d:%s (%s)\n", filename, @@ -457,73 +457,73 @@ doit(const char *filename, int mergep) continue; } - if (parse_keys(&ent, e.key)) { + if (parse_keys(&ent.entry, e.key)) { fprintf (stderr, "%s:%d:error parsing keys (%s)\n", filename, line, e.key); hdb_free_entry (context, &ent); continue; } - if (parse_event(&ent.created_by, e.created) == -1) { + if (parse_event(&ent.entry.created_by, e.created) == -1) { fprintf (stderr, "%s:%d:error parsing created event (%s)\n", filename, line, e.created); hdb_free_entry (context, &ent); continue; } - if (parse_event_alloc (&ent.modified_by, e.modified) == -1) { + if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) { fprintf (stderr, "%s:%d:error parsing event (%s)\n", filename, line, e.modified); hdb_free_entry (context, &ent); continue; } - if (parse_time_string_alloc (&ent.valid_start, e.valid_start) == -1) { + if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_start); hdb_free_entry (context, &ent); continue; } - if (parse_time_string_alloc (&ent.valid_end, e.valid_end) == -1) { + if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_end); hdb_free_entry (context, &ent); continue; } - if (parse_time_string_alloc (&ent.pw_end, e.pw_end) == -1) { + if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.pw_end); hdb_free_entry (context, &ent); continue; } - if (parse_integer_alloc (&ent.max_life, e.max_life) == -1) { + if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_life); hdb_free_entry (context, &ent); continue; } - if (parse_integer_alloc (&ent.max_renew, e.max_renew) == -1) { + if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_renew); hdb_free_entry (context, &ent); continue; } - if (parse_hdbflags2int (&ent.flags, e.flags) != 1) { + if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) { fprintf (stderr, "%s:%d:error parsing flags (%s)\n", filename, line, e.flags); hdb_free_entry (context, &ent); continue; } - if(parse_generation(e.generation, &ent.generation) == -1) { + if(parse_generation(e.generation, &ent.entry.generation) == -1) { fprintf (stderr, "%s:%d:error parsing generation (%s)\n", filename, line, e.generation); hdb_free_entry (context, &ent); continue; } - if(parse_extensions(e.extensions, &ent.extensions) == -1) { + if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) { fprintf (stderr, "%s:%d:error parsing extension (%s)\n", filename, line, e.extensions); hdb_free_entry (context, &ent); diff --git a/kdc/hprop.c b/kdc/hprop.c index 662a01f4e..5077acc13 100644 --- a/kdc/hprop.c +++ b/kdc/hprop.c @@ -100,28 +100,28 @@ open_socket(krb5_context context, const char *hostname, const char *port) } krb5_error_code -v5_prop(krb5_context context, HDB *db, hdb_entry *entry, void *appdata) +v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata) { krb5_error_code ret; struct prop_data *pd = appdata; krb5_data data; if(encrypt_flag) { - ret = hdb_seal_keys_mkey(context, entry, mkey5); + ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5); if (ret) { krb5_warn(context, ret, "hdb_seal_keys_mkey"); return ret; } } if(decrypt_flag) { - ret = hdb_unseal_keys_mkey(context, entry, mkey5); + ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5); if (ret) { krb5_warn(context, ret, "hdb_unseal_keys_mkey"); return ret; } } - ret = hdb_entry2value(context, entry, &data); + ret = hdb_entry2value(context, &entry->entry, &data); if(ret) { krb5_warn(context, ret, "hdb_entry2value"); return ret; @@ -176,13 +176,13 @@ int v4_prop(void *arg, struct v4_principal *p) { struct prop_data *pd = arg; - hdb_entry ent; + hdb_entry_ex ent; krb5_error_code ret; memset(&ent, 0, sizeof(ent)); ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm, - &ent.principal); + &ent.entry.principal); if(ret) { krb5_warn(pd->context, ret, "krb5_425_conv_principal %s.%s@%s", @@ -192,49 +192,49 @@ v4_prop(void *arg, struct v4_principal *p) if(verbose_flag) { char *s; - krb5_unparse_name_short(pd->context, ent.principal, &s); + krb5_unparse_name_short(pd->context, ent.entry.principal, &s); krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s); free(s); } - ent.kvno = p->kvno; - ent.keys.len = 3; - ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val)); + ent.entry.kvno = p->kvno; + ent.entry.keys.len = 3; + ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val)); if(p->mkvno != -1) { - ent.keys.val[0].mkvno = malloc (sizeof(*ent.keys.val[0].mkvno)); - *(ent.keys.val[0].mkvno) = p->mkvno; + ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno)); + *(ent.entry.keys.val[0].mkvno) = p->mkvno; } else - ent.keys.val[0].mkvno = NULL; - ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt)); - ent.keys.val[0].salt->type = KRB5_PADATA_PW_SALT; - ent.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; - krb5_data_alloc(&ent.keys.val[0].key.keyvalue, DES_KEY_SZ); - memcpy(ent.keys.val[0].key.keyvalue.data, p->key, 8); + ent.entry.keys.val[0].mkvno = NULL; + ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt)); + ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT; + ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; + krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ); + memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8); - copy_Key(&ent.keys.val[0], &ent.keys.val[1]); - ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&ent.keys.val[0], &ent.keys.val[2]); - ent.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; + copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]); + ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; + copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]); + ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; { int life = _krb5_krb_life_to_time(0, p->max_life); if(life == NEVERDATE){ - ent.max_life = NULL; + ent.entry.max_life = NULL; } else { /* clean up lifetime a bit */ if(life > 86400) life = (life + 86399) / 86400 * 86400; else if(life > 3600) life = (life + 3599) / 3600 * 3600; - ALLOC(ent.max_life); - *ent.max_life = life; + ALLOC(ent.entry.max_life); + *ent.entry.max_life = life; } } - ALLOC(ent.valid_end); - *ent.valid_end = p->exp_date; + ALLOC(ent.entry.valid_end); + *ent.entry.valid_end = p->exp_date; - ret = krb5_make_principal(pd->context, &ent.created_by.principal, + ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal, v4_realm, "kadmin", "hprop", @@ -244,44 +244,44 @@ v4_prop(void *arg, struct v4_principal *p) ret = 0; goto out; } - ent.created_by.time = time(NULL); - ALLOC(ent.modified_by); + ent.entry.created_by.time = time(NULL); + ALLOC(ent.entry.modified_by); ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance, - v4_realm, &ent.modified_by->principal); + v4_realm, &ent.entry.modified_by->principal); if(ret){ krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm); - ent.modified_by->principal = NULL; + ent.entry.modified_by->principal = NULL; ret = 0; goto out; } - ent.modified_by->time = p->mod_date; + ent.entry.modified_by->time = p->mod_date; - ent.flags.forwardable = 1; - ent.flags.renewable = 1; - ent.flags.proxiable = 1; - ent.flags.postdate = 1; - ent.flags.client = 1; - ent.flags.server = 1; + ent.entry.flags.forwardable = 1; + ent.entry.flags.renewable = 1; + ent.entry.flags.proxiable = 1; + ent.entry.flags.postdate = 1; + ent.entry.flags.client = 1; + ent.entry.flags.server = 1; /* special case password changing service */ if(strcmp(p->name, "changepw") == 0 && strcmp(p->instance, "kerberos") == 0) { - ent.flags.forwardable = 0; - ent.flags.renewable = 0; - ent.flags.proxiable = 0; - ent.flags.postdate = 0; - ent.flags.initial = 1; - ent.flags.change_pw = 1; + ent.entry.flags.forwardable = 0; + ent.entry.flags.renewable = 0; + ent.entry.flags.proxiable = 0; + ent.entry.flags.postdate = 0; + ent.entry.flags.initial = 1; + ent.entry.flags.change_pw = 1; } ret = v5_prop(pd->context, NULL, &ent, pd); if (strcmp (p->name, "krbtgt") == 0 && strcmp (v4_realm, p->instance) != 0) { - krb5_free_principal (pd->context, ent.principal); + krb5_free_principal (pd->context, ent.entry.principal); ret = krb5_425_conv_principal (pd->context, p->name, v4_realm, p->instance, - &ent.principal); + &ent.entry.principal); if (ret == 0) ret = v5_prop (pd->context, NULL, &ent, pd); } @@ -317,87 +317,90 @@ ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent) { int32_t flags = ntohl(ent->flags); krb5_error_code ret; - hdb_entry hdb; + hdb_entry_ex hdb; if(!kaspecials_flag && (flags & KAFNORMAL) == 0) /* remove special entries */ return 0; memset(&hdb, 0, sizeof(hdb)); ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance, - v4_realm, &hdb.principal); + v4_realm, &hdb.entry.principal); if(ret) { krb5_warn(pd->context, ret, "krb5_425_conv_principal (%s.%s@%s)", ent->name, ent->instance, v4_realm); return 0; } - hdb.kvno = ntohl(ent->kvno); - hdb.keys.len = 3; - hdb.keys.val = malloc(hdb.keys.len * sizeof(*hdb.keys.val)); - hdb.keys.val[0].mkvno = NULL; - hdb.keys.val[0].salt = calloc(1, sizeof(*hdb.keys.val[0].salt)); + hdb.entry.kvno = ntohl(ent->kvno); + hdb.entry.keys.len = 3; + hdb.entry.keys.val = + malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val)); + hdb.entry.keys.val[0].mkvno = NULL; + hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt)); if (ka_use_null_salt) { - hdb.keys.val[0].salt->type = hdb_pw_salt; - hdb.keys.val[0].salt->salt.data = NULL; - hdb.keys.val[0].salt->salt.length = 0; + hdb.entry.keys.val[0].salt->type = hdb_pw_salt; + hdb.entry.keys.val[0].salt->salt.data = NULL; + hdb.entry.keys.val[0].salt->salt.length = 0; } else { - hdb.keys.val[0].salt->type = hdb_afs3_salt; - hdb.keys.val[0].salt->salt.data = strdup(afs_cell); - hdb.keys.val[0].salt->salt.length = strlen(afs_cell); + hdb.entry.keys.val[0].salt->type = hdb_afs3_salt; + hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell); + hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell); } - hdb.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; - krb5_data_copy(&hdb.keys.val[0].key.keyvalue, ent->key, sizeof(ent->key)); - copy_Key(&hdb.keys.val[0], &hdb.keys.val[1]); - hdb.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&hdb.keys.val[0], &hdb.keys.val[2]); - hdb.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; + hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; + krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue, + ent->key, + sizeof(ent->key)); + copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]); + hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; + copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]); + hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; - ALLOC(hdb.max_life); - *hdb.max_life = ntohl(ent->max_life); + ALLOC(hdb.entry.max_life); + *hdb.entry.max_life = ntohl(ent->max_life); if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) { - ALLOC(hdb.valid_end); - *hdb.valid_end = ntohl(ent->valid_end); + ALLOC(hdb.entry.valid_end); + *hdb.entry.valid_end = ntohl(ent->valid_end); } if (ntohl(ent->pw_change) != NEVERDATE && ent->pw_expire != 255 && ent->pw_expire != 0) { - ALLOC(hdb.pw_end); - *hdb.pw_end = ntohl(ent->pw_change) + ALLOC(hdb.entry.pw_end); + *hdb.entry.pw_end = ntohl(ent->pw_change) + 24 * 60 * 60 * ent->pw_expire; } - ret = krb5_make_principal(pd->context, &hdb.created_by.principal, + ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal, v4_realm, "kadmin", "hprop", NULL); - hdb.created_by.time = time(NULL); + hdb.entry.created_by.time = time(NULL); if(ent->mod_ptr){ struct ka_entry mod; - ALLOC(hdb.modified_by); + ALLOC(hdb.entry.modified_by); read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod)); krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm, - &hdb.modified_by->principal); - hdb.modified_by->time = ntohl(ent->mod_time); + &hdb.entry.modified_by->principal); + hdb.entry.modified_by->time = ntohl(ent->mod_time); memset(&mod, 0, sizeof(mod)); } - hdb.flags.forwardable = 1; - hdb.flags.renewable = 1; - hdb.flags.proxiable = 1; - hdb.flags.postdate = 1; + hdb.entry.flags.forwardable = 1; + hdb.entry.flags.renewable = 1; + hdb.entry.flags.proxiable = 1; + hdb.entry.flags.postdate = 1; /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */ if (strcmp(ent->name, "krbtgt") == 0 && (flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL)) flags &= ~(KAFNOTGS|KAFNOSEAL); - hdb.flags.client = (flags & KAFNOTGS) == 0; - hdb.flags.server = (flags & KAFNOSEAL) == 0; + hdb.entry.flags.client = (flags & KAFNOTGS) == 0; + hdb.entry.flags.server = (flags & KAFNOSEAL) == 0; ret = v5_prop(pd->context, NULL, &hdb, pd); hdb_free_entry(pd->context, &hdb); diff --git a/kdc/hprop.h b/kdc/hprop.h index c0da0215b..a7d873e1c 100644 --- a/kdc/hprop.h +++ b/kdc/hprop.h @@ -53,7 +53,7 @@ struct prop_data{ #define NEVERDATE ((1U << 31) - 1) #endif -krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry*, void*); +krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry_ex*, void*); int mit_prop_dump(void*, const char*); struct v4_principal { diff --git a/kdc/hpropd.c b/kdc/hpropd.c index 865cdcbfa..a17596231 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -377,7 +377,7 @@ main(int argc, char **argv) nprincs = 0; while(1){ krb5_data data; - hdb_entry entry; + hdb_entry_ex entry; if(from_stdin) { ret = krb5_read_message(context, &fd, &data); @@ -417,7 +417,8 @@ main(int argc, char **argv) } break; } - ret = hdb_value2entry(context, &data, &entry); + memset(&entry, 0, sizeof(entry)); + ret = hdb_value2entry(context, &data, &entry.entry); if(ret) krb5_err(context, 1, ret, "hdb_value2entry"); if(print_dump) @@ -434,7 +435,7 @@ main(int argc, char **argv) ret = db->hdb_store(context, db, 0, &entry); if(ret == HDB_ERR_EXISTS) { char *s; - ret = krb5_unparse_name(context, entry.principal, &s); + ret = krb5_unparse_name(context, entry.entry.principal, &s); if (ret) s = strdup("unparseable name"); krb5_warnx(context, "Entry exists: %s", s); diff --git a/kdc/kerberos4.c b/kdc/kerberos4.c index 8fe9d9666..48e1a8b8c 100644 --- a/kdc/kerberos4.c +++ b/kdc/kerberos4.c @@ -92,7 +92,7 @@ krb5_error_code _kdc_db_fetch4(krb5_context context, krb5_kdc_configuration *config, const char *name, const char *instance, const char *realm, - hdb_entry **ent) + hdb_entry_ex **ent) { krb5_principal p; krb5_error_code ret; diff --git a/kdc/misc.c b/kdc/misc.c index 489ca65c2..befef9d51 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -41,16 +41,16 @@ krb5_error_code _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_principal principal, - hdb_entry **h) + hdb_entry_ex **h) { - hdb_entry *ent; + hdb_entry_ex *ent; krb5_error_code ret = HDB_ERR_NOENTRY; int i; ent = malloc (sizeof (*ent)); if (ent == NULL) return ENOMEM; - ent->principal = principal; + ent->entry.principal = principal; for(i = 0; i < config->num_db; i++) { ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); @@ -74,7 +74,7 @@ _kdc_db_fetch(krb5_context context, } void -_kdc_free_ent(krb5_context context, hdb_entry *ent) +_kdc_free_ent(krb5_context context, hdb_entry_ex *ent) { hdb_free_entry (context, ent); free (ent); diff --git a/kdc/mit_dump.c b/kdc/mit_dump.c index 9955e7334..49e14e968 100644 --- a/kdc/mit_dump.c +++ b/kdc/mit_dump.c @@ -221,7 +221,7 @@ mit_prop_dump(void *arg, const char *file) char line [2048]; FILE *f; int lineno = 0; - struct hdb_entry ent; + struct hdb_entry_ex ent; struct prop_data *pd = arg; @@ -274,28 +274,28 @@ mit_prop_dump(void *arg, const char *file) num_key_data = getint(&p); /* number of key-data */ extra_data_length = getint(&p); /* length of extra data */ q = nexttoken(&p); /* principal name */ - krb5_parse_name(pd->context, q, &ent.principal); + krb5_parse_name(pd->context, q, &ent.entry.principal); attributes = getint(&p); /* attributes */ - attr_to_flags(attributes, &ent.flags); + attr_to_flags(attributes, &ent.entry.flags); tmp = getint(&p); /* max life */ if(tmp != 0) { - ALLOC(ent.max_life); - *ent.max_life = tmp; + ALLOC(ent.entry.max_life); + *ent.entry.max_life = tmp; } tmp = getint(&p); /* max renewable life */ if(tmp != 0) { - ALLOC(ent.max_renew); - *ent.max_renew = tmp; + ALLOC(ent.entry.max_renew); + *ent.entry.max_renew = tmp; } tmp = getint(&p); /* expiration */ if(tmp != 0 && tmp != 2145830400) { - ALLOC(ent.valid_end); - *ent.valid_end = tmp; + ALLOC(ent.entry.valid_end); + *ent.entry.valid_end = tmp; } tmp = getint(&p); /* pw expiration */ if(tmp != 0) { - ALLOC(ent.pw_end); - *ent.pw_end = tmp; + ALLOC(ent.entry.pw_end); + *ent.entry.pw_end = tmp; } q = nexttoken(&p); /* last auth */ q = nexttoken(&p); /* last failed auth */ @@ -318,48 +318,49 @@ mit_prop_dump(void *arg, const char *file) val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ); free(buf); - ALLOC(ent.modified_by); - ent.modified_by->time = val; - ent.modified_by->principal = princ; + ALLOC(ent.entry.modified_by); + ent.entry.modified_by->time = val; + ent.entry.modified_by->principal = princ; break; default: nexttoken(&p); break; } } - ALLOC_SEQ(&ent.keys, num_key_data); + ALLOC_SEQ(&ent.entry.keys, num_key_data); for(i = 0; i < num_key_data; i++) { int key_versions; key_versions = getint(&p); /* key data version */ - ent.kvno = getint(&p); /* XXX kvno */ + ent.entry.kvno = getint(&p); /* XXX kvno */ - ALLOC(ent.keys.val[i].mkvno); - *ent.keys.val[i].mkvno = 0; + ALLOC(ent.entry.keys.val[i].mkvno); + *ent.entry.keys.val[i].mkvno = 0; /* key version 0 -- actual key */ - ent.keys.val[i].key.keytype = getint(&p); /* key type */ + ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */ tmp = getint(&p); /* key length */ /* the first two bytes of the key is the key length -- skip it */ - krb5_data_alloc(&ent.keys.val[i].key.keyvalue, tmp - 2); + krb5_data_alloc(&ent.entry.keys.val[i].key.keyvalue, tmp - 2); q = nexttoken(&p); /* key itself */ - hex_to_octet_string(q + 4, &ent.keys.val[i].key.keyvalue); + hex_to_octet_string(q + 4, &ent.entry.keys.val[i].key.keyvalue); if(key_versions > 1) { /* key version 1 -- optional salt */ - ALLOC(ent.keys.val[i].salt); - ent.keys.val[i].salt->type = getint(&p); /* salt type */ + ALLOC(ent.entry.keys.val[i].salt); + ent.entry.keys.val[i].salt->type = getint(&p); /* salt type */ tmp = getint(&p); /* salt length */ if(tmp > 0) { - krb5_data_alloc(&ent.keys.val[i].salt->salt, tmp - 2); + krb5_data_alloc(&ent.entry.keys.val[i].salt->salt, tmp - 2); q = nexttoken(&p); /* salt itself */ - hex_to_octet_string(q + 4, &ent.keys.val[i].salt->salt); + hex_to_octet_string(q + 4, + &ent.entry.keys.val[i].salt->salt); } else { - ent.keys.val[i].salt->salt.length = 0; - ent.keys.val[i].salt->salt.data = NULL; + ent.entry.keys.val[i].salt->salt.length = 0; + ent.entry.keys.val[i].salt->salt.data = NULL; tmp = getint(&p); /* -1, if no data. */ } - fix_salt(pd->context, &ent, i); + fix_salt(pd->context, &ent.entry, i); } } q = nexttoken(&p); /* extra data */ diff --git a/lib/hdb/common.c b/lib/hdb/common.c index df2e16bed..7342439db 100644 --- a/lib/hdb/common.c +++ b/lib/hdb/common.c @@ -79,22 +79,22 @@ hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent) } krb5_error_code -_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { krb5_data key, value; int code; - hdb_principal2key(context, entry->principal, &key); + hdb_principal2key(context, entry->entry.principal, &key); code = db->hdb__get(context, db, key, &value); krb5_data_free(&key); if(code) return code; - code = hdb_value2entry(context, &value, entry); + code = hdb_value2entry(context, &value, &entry->entry); krb5_data_free(&value); if (code) return code; if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, entry); + code = hdb_unseal_keys (context, db, &entry->entry); if (code) hdb_free_entry(context, entry); } @@ -102,31 +102,31 @@ _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) } krb5_error_code -_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { krb5_data key, value; int code; - if(entry->generation == NULL) { + if(entry->entry.generation == NULL) { struct timeval t; - entry->generation = malloc(sizeof(*entry->generation)); - if(entry->generation == NULL) { + entry->entry.generation = malloc(sizeof(*entry->entry.generation)); + if(entry->entry.generation == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } gettimeofday(&t, NULL); - entry->generation->time = t.tv_sec; - entry->generation->usec = t.tv_usec; - entry->generation->gen = 0; + entry->entry.generation->time = t.tv_sec; + entry->entry.generation->usec = t.tv_usec; + entry->entry.generation->gen = 0; } else - entry->generation->gen++; - hdb_principal2key(context, entry->principal, &key); - code = hdb_seal_keys(context, db, entry); + entry->entry.generation->gen++; + hdb_principal2key(context, entry->entry.principal, &key); + code = hdb_seal_keys(context, db, &entry->entry); if (code) { krb5_data_free(&key); return code; } - hdb_entry2value(context, entry, &value); + hdb_entry2value(context, &entry->entry, &value); code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value); krb5_data_free(&value); krb5_data_free(&key); @@ -134,12 +134,12 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) } krb5_error_code -_hdb_remove(krb5_context context, HDB *db, hdb_entry *entry) +_hdb_remove(krb5_context context, HDB *db, hdb_entry_ex *entry) { krb5_data key; int code; - hdb_principal2key(context, entry->principal, &key); + hdb_principal2key(context, entry->entry.principal, &key); code = db->hdb__del(context, db, key); krb5_data_free(&key); return code; diff --git a/lib/hdb/db.c b/lib/hdb/db.c index c7cbef730..710d4851a 100644 --- a/lib/hdb/db.c +++ b/lib/hdb/db.c @@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db) static krb5_error_code DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int flag) + unsigned flags, hdb_entry_ex *entry, int flag) { DB *d = (DB*)db->hdb_db; DBT key, value; @@ -106,21 +106,21 @@ DB_seq(krb5_context context, HDB *db, key_data.length = key.size; data.data = value.data; data.length = value.size; - if (hdb_value2entry(context, &data, entry)) + if (hdb_value2entry(context, &data, &entry->entry)) return DB_seq(context, db, flags, entry, R_NEXT); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, entry); + code = hdb_unseal_keys (context, db, &entry->entry); if (code) hdb_free_entry (context, entry); } - if (code == 0 && entry->principal == NULL) { - entry->principal = malloc(sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (code == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc(sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; hdb_free_entry (context, entry); } else { - hdb_key2principal(context, &key_data, entry->principal); + hdb_key2principal(context, &key_data, entry->entry.principal); } } return code; @@ -128,14 +128,14 @@ DB_seq(krb5_context context, HDB *db, static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_FIRST); } static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_NEXT); } diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index 4333af291..6f2fcaba7 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -91,7 +91,7 @@ DB_unlock(krb5_context context, HDB *db) static krb5_error_code DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int flag) + unsigned flags, hdb_entry_ex *entry, int flag) { DBT key, value; DBC *dbcp = db->hdb_dbc; @@ -113,21 +113,21 @@ DB_seq(krb5_context context, HDB *db, key_data.length = key.size; data.data = value.data; data.length = value.size; - if (hdb_value2entry(context, &data, entry)) + if (hdb_value2entry(context, &data, &entry->entry)) return DB_seq(context, db, flags, entry, DB_NEXT); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, entry); + code = hdb_unseal_keys (context, db, &entry->entry); if (code) hdb_free_entry (context, entry); } - if (entry->principal == NULL) { - entry->principal = malloc(sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (entry->entry.principal == NULL) { + entry->entry.principal = malloc(sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { hdb_free_entry (context, entry); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } else { - hdb_key2principal(context, &key_data, entry->principal); + hdb_key2principal(context, &key_data, entry->entry.principal); } } return 0; @@ -135,14 +135,14 @@ DB_seq(krb5_context context, HDB *db, static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, DB_FIRST); } static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, DB_NEXT); } diff --git a/lib/hdb/hdb.c b/lib/hdb/hdb.c index 5f30d337f..3dc6e85fd 100644 --- a/lib/hdb/hdb.c +++ b/lib/hdb/hdb.c @@ -133,16 +133,19 @@ hdb_unlock(int fd) } void -hdb_free_entry(krb5_context context, hdb_entry *ent) +hdb_free_entry(krb5_context context, hdb_entry_ex *ent) { int i; - for(i = 0; i < ent->keys.len; ++i) { - Key *k = &ent->keys.val[i]; + if (ent->free_entry) + (*ent->free_entry)(context, ent); + + for(i = 0; i < ent->entry.keys.len; ++i) { + Key *k = &ent->entry.keys.val[i]; memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); } - free_hdb_entry(ent); + free_hdb_entry(&ent->entry); } krb5_error_code @@ -153,7 +156,7 @@ hdb_foreach(krb5_context context, void *data) { krb5_error_code ret; - hdb_entry entry; + hdb_entry_ex entry; ret = db->hdb_firstkey(context, db, flags, &entry); while(ret == 0){ ret = (*func)(context, db, &entry, data); diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h index d9516c3a4..b7065b44f 100644 --- a/lib/hdb/hdb.h +++ b/lib/hdb/hdb.h @@ -52,6 +52,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; typedef struct hdb_master_key_data *hdb_master_key; +typedef struct hdb_entry_ex { + void *ctx; + hdb_entry entry; + void (*free_entry)(krb5_context, struct hdb_entry_ex *); +} hdb_entry_ex; + + typedef struct HDB{ void *hdb_db; void *hdb_dbc; @@ -62,13 +69,16 @@ typedef struct HDB{ krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); krb5_error_code (*hdb_close)(krb5_context, struct HDB*); - krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned,hdb_entry*); - krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); - krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); - krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); - krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); + void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*); + krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*, + unsigned,hdb_entry_ex*); + krb5_error_code (*hdb_store)(krb5_context,struct HDB*, + unsigned,hdb_entry_ex*); + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*); + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); @@ -79,7 +89,7 @@ typedef struct HDB{ krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 2 +#define HDB_INTERFACE_VERSION 3 struct hdb_so_method { int version; @@ -92,7 +102,7 @@ struct hdb_so_method { #define HDB_DB_FORMAT_ENTRY "hdb/db-format" typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, - hdb_entry*, void*); + hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; #include diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c index 9d8a874a3..f73b67aa5 100644 --- a/lib/hdb/keytab.c +++ b/lib/hdb/keytab.c @@ -193,7 +193,7 @@ hdb_get_entry(krb5_context context, krb5_enctype enctype, krb5_keytab_entry *entry) { - hdb_entry ent; + hdb_entry_ex ent; krb5_error_code ret; struct hdb_data *d = id->data; int i; @@ -218,7 +218,7 @@ hdb_get_entry(krb5_context context, (*db->hdb_destroy)(context, db); return ret; } - ent.principal = rk_UNCONST(principal); + ent.entry.principal = rk_UNCONST(principal); ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, &ent); (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); @@ -227,20 +227,20 @@ hdb_get_entry(krb5_context context, return KRB5_KT_NOTFOUND; else if(ret) return ret; - if(kvno && ent.kvno != kvno) { + if(kvno && ent.entry.kvno != kvno) { hdb_free_entry(context, &ent); return KRB5_KT_NOTFOUND; } if(enctype == 0) - if(ent.keys.len > 0) - enctype = ent.keys.val[0].key.keytype; + if(ent.entry.keys.len > 0) + enctype = ent.entry.keys.val[0].key.keytype; ret = KRB5_KT_NOTFOUND; - for(i = 0; i < ent.keys.len; i++) { - if(ent.keys.val[i].key.keytype == enctype) { + for(i = 0; i < ent.entry.keys.len; i++) { + if(ent.entry.keys.val[i].key.keytype == enctype) { krb5_copy_principal(context, principal, &entry->principal); - entry->vno = ent.kvno; + entry->vno = ent.entry.kvno; krb5_copy_keyblock_contents(context, - &ent.keys.val[i].key, + &ent.entry.keys.val[i].key, &entry->keyblock); ret = 0; break; diff --git a/lib/hdb/ndbm.c b/lib/hdb/ndbm.c index a86194cde..c0e07ae6c 100644 --- a/lib/hdb/ndbm.c +++ b/lib/hdb/ndbm.c @@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db) static krb5_error_code NDBM_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int first) + unsigned flags, hdb_entry_ex *entry, int first) { struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; @@ -99,21 +99,21 @@ NDBM_seq(krb5_context context, HDB *db, db->hdb_unlock(context, db); data.data = value.dptr; data.length = value.dsize; - if(hdb_value2entry(context, &data, entry)) + if(hdb_value2entry(context, &data, &entry->entry)) return NDBM_seq(context, db, flags, entry, 0); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys (context, db, entry); + ret = hdb_unseal_keys (context, db, &entry->entry); if (ret) hdb_free_entry (context, entry); } - if (entry->principal == NULL) { - entry->principal = malloc (sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (ret == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc (sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { ret = ENOMEM; hdb_free_entry (context, entry); krb5_set_error_string(context, "malloc: out of memory"); } else { - hdb_key2principal (context, &key_data, entry->principal); + hdb_key2principal (context, &key_data, entry->entry.principal); } } return ret; @@ -121,14 +121,14 @@ NDBM_seq(krb5_context context, HDB *db, static krb5_error_code -NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 1); } static krb5_error_code -NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 0); } diff --git a/lib/hdb/print.c b/lib/hdb/print.c index 86e4b3341..69df36f28 100644 --- a/lib/hdb/print.c +++ b/lib/hdb/print.c @@ -268,7 +268,7 @@ hdb_entry2string (krb5_context context, hdb_entry *ent, char **str) /* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */ krb5_error_code -hdb_print_entry(krb5_context context, HDB *db, hdb_entry *entry, void *data) +hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data) { krb5_error_code ret; krb5_storage *sp; @@ -282,7 +282,7 @@ hdb_print_entry(krb5_context context, HDB *db, hdb_entry *entry, void *data) return ENOMEM; } - ret = entry2string_int(context, sp, entry); + ret = entry2string_int(context, sp, &entry->entry); if(ret) { krb5_storage_free(sp); return ret; diff --git a/lib/kadm5/ChangeLog b/lib/kadm5/ChangeLog index 54ee797c2..762c34f2e 100644 --- a/lib/kadm5/ChangeLog +++ b/lib/kadm5/ChangeLog @@ -1,4 +1,11 @@ -2005-09-08 Love Hörnquist Åstrand +2005-11-30 Love Hörnquist Åstrand + + * context_s.c (set_field): try another way to calculate the path + to the database/logfile/signal-socket + + * log.c (kadm5_log_init): set error string on failures + +2005-09-08 Love Hörnquist Åstrand * Constify password. diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index cd98a7528..c2737776e 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -42,13 +42,13 @@ change(void *server_handle, int cond) { kadm5_server_context *context = server_handle; - hdb_entry ent; + hdb_entry_ex ent; kadm5_ret_t ret; Key *keys; size_t num_keys; int cmp = 1; - ent.principal = princ; + ent.entry.principal = princ; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; @@ -57,20 +57,20 @@ change(void *server_handle, if(ret == HDB_ERR_NOENTRY) goto out; - num_keys = ent.keys.len; - keys = ent.keys.val; + num_keys = ent.entry.keys.len; + keys = ent.entry.keys.val; - ent.keys.len = 0; - ent.keys.val = NULL; + ent.entry.keys.len = 0; + ent.entry.keys.val = NULL; - ret = _kadm5_set_keys(context, &ent, password); + ret = _kadm5_set_keys(context, &ent.entry, password); if(ret) { _kadm5_free_keys (context->context, num_keys, keys); goto out2; } - ent.kvno++; + ent.entry.kvno++; if (cond) - cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len, + cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len, keys, num_keys); _kadm5_free_keys (context->context, num_keys, keys); @@ -80,20 +80,20 @@ change(void *server_handle, goto out2; } - ret = _kadm5_set_modifier(context, &ent); + ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; - ret = _kadm5_bump_pw_expire(context, &ent); + ret = _kadm5_bump_pw_expire(context, &ent.entry); if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; kadm5_log_modify (context, - &ent, + &ent.entry, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION | KADM5_TL_DATA); @@ -116,7 +116,7 @@ out: kadm5_ret_t kadm5_s_chpass_principal_cond(void *server_handle, krb5_principal princ, - char *password) + const char *password) { return change (server_handle, princ, password, 1); } @@ -128,7 +128,7 @@ kadm5_s_chpass_principal_cond(void *server_handle, kadm5_ret_t kadm5_s_chpass_principal(void *server_handle, krb5_principal princ, - char *password) + const char *password) { return change (server_handle, princ, password, 0); } @@ -144,32 +144,32 @@ kadm5_s_chpass_principal_with_key(void *server_handle, krb5_key_data *key_data) { kadm5_server_context *context = server_handle; - hdb_entry ent; + hdb_entry_ex ent; kadm5_ret_t ret; - ent.principal = princ; + ent.entry.principal = princ; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; ret = context->db->hdb_fetch(context->context, context->db, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; - ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data); + ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); if(ret) goto out2; - ent.kvno++; - ret = _kadm5_set_modifier(context, &ent); + ent.entry.kvno++; + ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; - ret = _kadm5_bump_pw_expire(context, &ent); + ret = _kadm5_bump_pw_expire(context, &ent.entry); if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; kadm5_log_modify (context, - &ent, + &ent.entry, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION | KADM5_TL_DATA); diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c index 9bfacd4ec..b79e95443 100644 --- a/lib/kadm5/create_s.c +++ b/lib/kadm5/create_s.c @@ -57,7 +57,7 @@ static kadm5_ret_t create_principal(kadm5_server_context *context, kadm5_principal_ent_t princ, u_int32_t mask, - hdb_entry *ent, + hdb_entry_ex *ent, u_int32_t required_mask, u_int32_t forbidden_mask) { @@ -74,7 +74,7 @@ create_principal(kadm5_server_context *context, return KADM5_UNK_POLICY; memset(ent, 0, sizeof(*ent)); ret = krb5_copy_principal(context->context, princ->principal, - &ent->principal); + &ent->entry.principal); if(ret) return ret; @@ -94,9 +94,9 @@ create_principal(kadm5_server_context *context, if(defent) kadm5_free_principal_ent(context, defent); - ent->created_by.time = time(NULL); + ent->entry.created_by.time = time(NULL); ret = krb5_copy_principal(context->context, context->caller, - &ent->created_by.principal); + &ent->entry.created_by.principal); return ret; } @@ -107,7 +107,7 @@ kadm5_s_create_principal_with_key(void *server_handle, u_int32_t mask) { kadm5_ret_t ret; - hdb_entry ent; + hdb_entry_ex ent; kadm5_server_context *context = server_handle; ret = create_principal(context, princ, mask, &ent, @@ -120,13 +120,13 @@ kadm5_s_create_principal_with_key(void *server_handle, if(ret) goto out; - ent.kvno = 1; + ent.entry.kvno = 1; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - kadm5_log_create (context, &ent); + kadm5_log_create (context, &ent.entry); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) @@ -143,10 +143,10 @@ kadm5_ret_t kadm5_s_create_principal(void *server_handle, kadm5_principal_ent_t princ, u_int32_t mask, - char *password) + const char *password) { kadm5_ret_t ret; - hdb_entry ent; + hdb_entry_ex ent; kadm5_server_context *context = server_handle; ret = create_principal(context, princ, mask, &ent, @@ -159,18 +159,18 @@ kadm5_s_create_principal(void *server_handle, if(ret) goto out; - ent.keys.len = 0; - ent.keys.val = NULL; + ent.entry.keys.len = 0; + ent.entry.keys.val = NULL; - ret = _kadm5_set_keys(context, &ent, password); + ret = _kadm5_set_keys(context, &ent.entry, password); if (ret) goto out; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - kadm5_log_create (context, &ent); + kadm5_log_create (context, &ent.entry); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) diff --git a/lib/kadm5/delete_s.c b/lib/kadm5/delete_s.c index 37fc13e80..3a6a97fb5 100644 --- a/lib/kadm5/delete_s.c +++ b/lib/kadm5/delete_s.c @@ -40,9 +40,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) { kadm5_server_context *context = server_handle; kadm5_ret_t ret; - hdb_entry ent; + hdb_entry_ex ent; - ent.principal = princ; + ent.entry.principal = princ; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) { krb5_warn(context->context, ret, "opening database"); @@ -52,12 +52,12 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) HDB_F_DECRYPT, &ent); if(ret == HDB_ERR_NOENTRY) goto out2; - if(ent.flags.immutable) { + if(ent.entry.flags.immutable) { ret = KADM5_PROTECT_PRINCIPAL; goto out; } - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; diff --git a/lib/kadm5/ent_setup.c b/lib/kadm5/ent_setup.c index fe2a8921e..0e99b3dbf 100644 --- a/lib/kadm5/ent_setup.c +++ b/lib/kadm5/ent_setup.c @@ -63,7 +63,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags) static kadm5_ret_t perform_tl_data(krb5_context context, HDB *db, - hdb_entry *ent, + hdb_entry_ex *ent, const krb5_tl_data *tl_data) { HDB_extension ext; @@ -75,7 +75,7 @@ perform_tl_data(krb5_context context, if (pw[tl_data->tl_data_length] != '\0') return KADM5_BAD_TL_TYPE; - ret = hdb_entry_set_password(context, db, ent, pw); + ret = hdb_entry_set_password(context, db, &ent->entry, pw); } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) { unsigned char *s; @@ -88,7 +88,7 @@ perform_tl_data(krb5_context context, t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24); - ret = hdb_entry_set_pw_change_time(context, ent, t); + ret = hdb_entry_set_pw_change_time(context, &ent->entry, t); } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) { ret = decode_HDB_extension(tl_data->tl_data_contents, @@ -98,7 +98,7 @@ perform_tl_data(krb5_context context, if (ret) return KADM5_BAD_TL_TYPE; - ret = hdb_replace_extension(context, ent, &ext); + ret = hdb_replace_extension(context, &ent->entry, &ext); } else { return KADM5_BAD_TL_TYPE; @@ -115,7 +115,7 @@ perform_tl_data(krb5_context context, kadm5_ret_t _kadm5_setup_entry(kadm5_server_context *context, - hdb_entry *ent, + hdb_entry_ex *ent, u_int32_t mask, kadm5_principal_ent_t princ, u_int32_t princ_mask, @@ -125,64 +125,65 @@ _kadm5_setup_entry(kadm5_server_context *context, if(mask & KADM5_PRINC_EXPIRE_TIME && princ_mask & KADM5_PRINC_EXPIRE_TIME) { if (princ->princ_expire_time) - set_value(ent->valid_end, princ->princ_expire_time); + set_value(ent->entry.valid_end, princ->princ_expire_time); else - set_null(ent->valid_end); + set_null(ent->entry.valid_end); } if(mask & KADM5_PW_EXPIRATION && princ_mask & KADM5_PW_EXPIRATION) { if (princ->pw_expiration) - set_value(ent->pw_end, princ->pw_expiration); + set_value(ent->entry.pw_end, princ->pw_expiration); else - set_null(ent->pw_end); + set_null(ent->entry.pw_end); } if(mask & KADM5_ATTRIBUTES) { if (princ_mask & KADM5_ATTRIBUTES) { - attr_to_flags(princ->attributes, &ent->flags); + attr_to_flags(princ->attributes, &ent->entry.flags); } else if(def_mask & KADM5_ATTRIBUTES) { - attr_to_flags(def->attributes, &ent->flags); - ent->flags.invalid = 0; + attr_to_flags(def->attributes, &ent->entry.flags); + ent->entry.flags.invalid = 0; } else { - ent->flags.client = 1; - ent->flags.server = 1; - ent->flags.forwardable = 1; - ent->flags.proxiable = 1; - ent->flags.renewable = 1; - ent->flags.postdate = 1; + ent->entry.flags.client = 1; + ent->entry.flags.server = 1; + ent->entry.flags.forwardable = 1; + ent->entry.flags.proxiable = 1; + ent->entry.flags.renewable = 1; + ent->entry.flags.postdate = 1; } } if(mask & KADM5_MAX_LIFE) { if(princ_mask & KADM5_MAX_LIFE) { if(princ->max_life) - set_value(ent->max_life, princ->max_life); + set_value(ent->entry.max_life, princ->max_life); else - set_null(ent->max_life); + set_null(ent->entry.max_life); } else if(def_mask & KADM5_MAX_LIFE) { if(def->max_life) - set_value(ent->max_life, def->max_life); + set_value(ent->entry.max_life, def->max_life); else - set_null(ent->max_life); + set_null(ent->entry.max_life); } } if(mask & KADM5_KVNO && princ_mask & KADM5_KVNO) - ent->kvno = princ->kvno; + ent->entry.kvno = princ->kvno; if(mask & KADM5_MAX_RLIFE) { if(princ_mask & KADM5_MAX_RLIFE) { if(princ->max_renewable_life) - set_value(ent->max_renew, princ->max_renewable_life); + set_value(ent->entry.max_renew, princ->max_renewable_life); else - set_null(ent->max_renew); + set_null(ent->entry.max_renew); } else if(def_mask & KADM5_MAX_RLIFE) { if(def->max_renewable_life) - set_value(ent->max_renew, def->max_renewable_life); + set_value(ent->entry.max_renew, def->max_renewable_life); else - set_null(ent->max_renew); + set_null(ent->entry.max_renew); } } if(mask & KADM5_KEY_DATA && princ_mask & KADM5_KEY_DATA) { - _kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data); + _kadm5_set_keys2(context, &ent->entry, + princ->n_key_data, princ->key_data); } if(mask & KADM5_TL_DATA) { krb5_tl_data *tl; diff --git a/lib/kadm5/get_princs_s.c b/lib/kadm5/get_princs_s.c index 5207d4b56..afab65af5 100644 --- a/lib/kadm5/get_princs_s.c +++ b/lib/kadm5/get_princs_s.c @@ -55,12 +55,12 @@ add_princ(struct foreach_data *d, char *princ) } static krb5_error_code -foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data) +foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data) { struct foreach_data *d = data; char *princ; krb5_error_code ret; - ret = krb5_unparse_name(context, ent->principal, &princ); + ret = krb5_unparse_name(context, ent->entry.principal, &princ); if(ret) return ret; if(d->exp){ diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c index af0cfe2bf..3a1f25b9e 100644 --- a/lib/kadm5/get_s.c +++ b/lib/kadm5/get_s.c @@ -72,9 +72,9 @@ kadm5_s_get_principal(void *server_handle, { kadm5_server_context *context = server_handle; kadm5_ret_t ret; - hdb_entry ent; + hdb_entry_ex ent; - ent.principal = princ; + ent.entry.principal = princ; ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0); if(ret) return ret; @@ -86,49 +86,49 @@ kadm5_s_get_principal(void *server_handle, memset(out, 0, sizeof(*out)); if(mask & KADM5_PRINCIPAL) - ret = krb5_copy_principal(context->context, ent.principal, + ret = krb5_copy_principal(context->context, ent.entry.principal, &out->principal); if(ret) goto out; - if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end) - out->princ_expire_time = *ent.valid_end; - if(mask & KADM5_PW_EXPIRATION && ent.pw_end) - out->pw_expiration = *ent.pw_end; + if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end) + out->princ_expire_time = *ent.entry.valid_end; + if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end) + out->pw_expiration = *ent.entry.pw_end; if(mask & KADM5_LAST_PWD_CHANGE) - hdb_entry_get_pw_change_time(&ent, &out->last_pwd_change); + hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change); if(mask & KADM5_ATTRIBUTES){ - out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; - out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; - out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; - out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; - out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; - out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; - out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; - out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; - out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; - out->attributes |= ent.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0; + out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; + out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; + out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; + out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; + out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; + out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; + out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; + out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; + out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; + out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0; } if(mask & KADM5_MAX_LIFE) { - if(ent.max_life) - out->max_life = *ent.max_life; + if(ent.entry.max_life) + out->max_life = *ent.entry.max_life; else out->max_life = INT_MAX; } if(mask & KADM5_MOD_TIME) { - if(ent.modified_by) - out->mod_date = ent.modified_by->time; + if(ent.entry.modified_by) + out->mod_date = ent.entry.modified_by->time; else - out->mod_date = ent.created_by.time; + out->mod_date = ent.entry.created_by.time; } if(mask & KADM5_MOD_NAME) { - if(ent.modified_by) { - if (ent.modified_by->principal != NULL) + if(ent.entry.modified_by) { + if (ent.entry.modified_by->principal != NULL) ret = krb5_copy_principal(context->context, - ent.modified_by->principal, + ent.entry.modified_by->principal, &out->mod_name); - } else if(ent.created_by.principal != NULL) + } else if(ent.entry.created_by.principal != NULL) ret = krb5_copy_principal(context->context, - ent.created_by.principal, + ent.entry.created_by.principal, &out->mod_name); else out->mod_name = NULL; @@ -137,13 +137,13 @@ kadm5_s_get_principal(void *server_handle, goto out; if(mask & KADM5_KVNO) - out->kvno = ent.kvno; + out->kvno = ent.entry.kvno; if(mask & KADM5_MKVNO) { int n; out->mkvno = 0; /* XXX */ - for(n = 0; n < ent.keys.len; n++) - if(ent.keys.val[n].mkvno) { - out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */ + for(n = 0; n < ent.entry.keys.len; n++) + if(ent.entry.keys.val[n].mkvno) { + out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */ break; } } @@ -152,8 +152,8 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_POLICY) out->policy = NULL; if(mask & KADM5_MAX_RLIFE) { - if(ent.max_renew) - out->max_renewable_life = *ent.max_renew; + if(ent.entry.max_renew) + out->max_renewable_life = *ent.entry.max_renew; else out->max_renewable_life = INT_MAX; } @@ -169,13 +169,13 @@ kadm5_s_get_principal(void *server_handle, krb5_key_data *kd; krb5_salt salt; krb5_data *sp; - krb5_get_pw_salt(context->context, ent.principal, &salt); - out->key_data = malloc(ent.keys.len * sizeof(*out->key_data)); - for(i = 0; i < ent.keys.len; i++){ - key = &ent.keys.val[i]; + krb5_get_pw_salt(context->context, ent.entry.principal, &salt); + out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data)); + for(i = 0; i < ent.entry.keys.len; i++){ + key = &ent.entry.keys.val[i]; kd = &out->key_data[i]; kd->key_data_ver = 2; - kd->key_data_kvno = ent.kvno; + kd->key_data_kvno = ent.entry.kvno; kd->key_data_type[0] = key->key.keytype; if(key->salt) kd->key_data_type[1] = key->salt->type; @@ -215,7 +215,7 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_TL_DATA) { time_t last_pw_expire; - ret = hdb_entry_get_pw_change_time(&ent, &last_pw_expire); + ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire); if (ret == 0 && last_pw_expire) { unsigned char buf[4]; _krb5_put_int(buf, last_pw_expire, sizeof(buf)); @@ -233,7 +233,7 @@ kadm5_s_get_principal(void *server_handle, heim_utf8_string pw; ret = hdb_entry_get_password(context->context, - context->db, &ent, &pw); + context->db, &ent.entry, &pw); if (ret == 0) { ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1); free(pw); diff --git a/lib/kadm5/iprop-log.c b/lib/kadm5/iprop-log.c index 810c61f89..04de8f282 100644 --- a/lib/kadm5/iprop-log.c +++ b/lib/kadm5/iprop-log.c @@ -148,7 +148,7 @@ print_entry(kadm5_server_context *server_context, free(name1); free(name2); krb5_free_principal(context, source); - hdb_free_entry(context, &ent); + free_hdb_entry(&ent); break; case kadm_create: ret = krb5_data_alloc(&data, len); @@ -250,7 +250,7 @@ print_entry(kadm5_server_context *server_context, if(mask & KADM5_TL_DATA) { printf(" tl data\n"); } - hdb_free_entry(context, &ent); + free_hdb_entry(&ent); break; case kadm_nop : break; diff --git a/lib/kadm5/ipropd_master.c b/lib/kadm5/ipropd_master.c index 53b134868..2824f6c62 100644 --- a/lib/kadm5/ipropd_master.c +++ b/lib/kadm5/ipropd_master.c @@ -279,14 +279,14 @@ struct prop_context { }; static int -prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v) +prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v) { krb5_error_code ret; krb5_storage *sp; krb5_data data; struct slave *s = (struct slave *)v; - ret = hdb_entry2value (context, entry, &data); + ret = hdb_entry2value (context, &entry->entry, &data); if (ret) return ret; ret = krb5_data_realloc (&data, data.length + 4); diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 35a9aafef..038e5479e 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -302,14 +302,16 @@ receive_everything (krb5_context context, int fd, krb5_ret_int32 (sp, &opcode); if (opcode == ONE_PRINC) { krb5_data fake_data; - hdb_entry entry; + hdb_entry_ex entry; krb5_storage_free(sp); fake_data.data = (char *)data.data + 4; fake_data.length = data.length - 4; - ret = hdb_value2entry (context, &fake_data, &entry); + memset(&entry, 0, sizeof(entry)); + + ret = hdb_value2entry (context, &fake_data, &entry.entry); if (ret) krb5_err (context, 1, ret, "hdb_value2entry"); ret = mydb->hdb_store(server_context->context, diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 1d8d97ac1..af1c81367 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -271,13 +271,15 @@ kadm5_log_replay_create (kadm5_server_context *context, { krb5_error_code ret; krb5_data data; - hdb_entry ent; + hdb_entry_ex ent; + + memset(&ent, 0, sizeof(ent)); ret = krb5_data_alloc (&data, len); if (ret) return ret; krb5_storage_read (sp, data.data, len); - ret = hdb_value2entry (context->context, &data, &ent); + ret = hdb_value2entry (context->context, &data, &ent.entry); krb5_data_free(&data); if (ret) return ret; @@ -342,12 +344,12 @@ kadm5_log_replay_delete (kadm5_server_context *context, krb5_storage *sp) { krb5_error_code ret; - hdb_entry ent; + hdb_entry_ex ent; - krb5_ret_principal (sp, &ent.principal); + krb5_ret_principal (sp, &ent.entry.principal); ret = context->db->hdb_remove(context->context, context->db, &ent); - krb5_free_principal (context->context, ent.principal); + krb5_free_principal (context->context, ent.entry.principal); return ret; } @@ -419,11 +421,13 @@ kadm5_log_replay_rename (kadm5_server_context *context, { krb5_error_code ret; krb5_principal source; - hdb_entry source_ent, target_ent; + hdb_entry_ex source_ent, target_ent; krb5_data value; off_t off; size_t princ_len, data_len; + memset(&target_ent, 0, sizeof(target_ent)); + off = krb5_storage_seek(sp, 0, SEEK_CUR); krb5_ret_principal (sp, &source); princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; @@ -434,7 +438,7 @@ kadm5_log_replay_rename (kadm5_server_context *context, return ret; } krb5_storage_read (sp, value.data, data_len); - ret = hdb_value2entry (context->context, &value, &target_ent); + ret = hdb_value2entry (context->context, &value, &target_ent.entry); krb5_data_free(&value); if (ret) { krb5_free_principal (context->context, source); @@ -447,7 +451,7 @@ kadm5_log_replay_rename (kadm5_server_context *context, krb5_free_principal (context->context, source); return ret; } - source_ent.principal = source; + source_ent.entry.principal = source; ret = context->db->hdb_remove (context->context, context->db, &source_ent); krb5_free_principal (context->context, source); return ret; @@ -517,7 +521,9 @@ kadm5_log_replay_modify (kadm5_server_context *context, krb5_error_code ret; int32_t mask; krb5_data value; - hdb_entry ent, log_ent; + hdb_entry_ex ent, log_ent; + + memset(&log_ent, 0, sizeof(log_ent)); krb5_ret_int32 (sp, &mask); len -= 4; @@ -525,79 +531,79 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ret) return ret; krb5_storage_read (sp, value.data, len); - ret = hdb_value2entry (context->context, &value, &log_ent); + ret = hdb_value2entry (context->context, &value, &log_ent.entry); krb5_data_free(&value); if (ret) return ret; - ent.principal = log_ent.principal; - log_ent.principal = NULL; + ent.entry.principal = log_ent.entry.principal; + log_ent.entry.principal = NULL; ret = context->db->hdb_fetch(context->context, context->db, HDB_F_DECRYPT, &ent); if (ret) goto out; if (mask & KADM5_PRINC_EXPIRE_TIME) { - if (log_ent.valid_end == NULL) { - ent.valid_end = NULL; + if (log_ent.entry.valid_end == NULL) { + ent.entry.valid_end = NULL; } else { - if (ent.valid_end == NULL) { - ent.valid_end = malloc(sizeof(*ent.valid_end)); - if (ent.valid_end == NULL) { + if (ent.entry.valid_end == NULL) { + ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end)); + if (ent.entry.valid_end == NULL) { ret = ENOMEM; goto out; } } - *ent.valid_end = *log_ent.valid_end; + *ent.entry.valid_end = *log_ent.entry.valid_end; } } if (mask & KADM5_PW_EXPIRATION) { - if (log_ent.pw_end == NULL) { - ent.pw_end = NULL; + if (log_ent.entry.pw_end == NULL) { + ent.entry.pw_end = NULL; } else { - if (ent.pw_end == NULL) { - ent.pw_end = malloc(sizeof(*ent.pw_end)); - if (ent.pw_end == NULL) { + if (ent.entry.pw_end == NULL) { + ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end)); + if (ent.entry.pw_end == NULL) { ret = ENOMEM; goto out; } } - *ent.pw_end = *log_ent.pw_end; + *ent.entry.pw_end = *log_ent.entry.pw_end; } } if (mask & KADM5_LAST_PWD_CHANGE) { abort (); /* XXX */ } if (mask & KADM5_ATTRIBUTES) { - ent.flags = log_ent.flags; + ent.entry.flags = log_ent.entry.flags; } if (mask & KADM5_MAX_LIFE) { - if (log_ent.max_life == NULL) { - ent.max_life = NULL; + if (log_ent.entry.max_life == NULL) { + ent.entry.max_life = NULL; } else { - if (ent.max_life == NULL) { - ent.max_life = malloc (sizeof(*ent.max_life)); - if (ent.max_life == NULL) { + if (ent.entry.max_life == NULL) { + ent.entry.max_life = malloc (sizeof(*ent.entry.max_life)); + if (ent.entry.max_life == NULL) { ret = ENOMEM; goto out; } } - *ent.max_life = *log_ent.max_life; + *ent.entry.max_life = *log_ent.entry.max_life; } } if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) { - if (ent.modified_by == NULL) { - ent.modified_by = malloc(sizeof(*ent.modified_by)); - if (ent.modified_by == NULL) { + if (ent.entry.modified_by == NULL) { + ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by)); + if (ent.entry.modified_by == NULL) { ret = ENOMEM; goto out; } } else - free_Event(ent.modified_by); - ret = copy_Event(log_ent.modified_by, ent.modified_by); + free_Event(ent.entry.modified_by); + ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by); if (ret) goto out; } if (mask & KADM5_KVNO) { - ent.kvno = log_ent.kvno; + ent.entry.kvno = log_ent.entry.kvno; } if (mask & KADM5_MKVNO) { abort (); /* XXX */ @@ -612,17 +618,17 @@ kadm5_log_replay_modify (kadm5_server_context *context, abort (); /* XXX */ } if (mask & KADM5_MAX_RLIFE) { - if (log_ent.max_renew == NULL) { - ent.max_renew = NULL; + if (log_ent.entry.max_renew == NULL) { + ent.entry.max_renew = NULL; } else { - if (ent.max_renew == NULL) { - ent.max_renew = malloc (sizeof(*ent.max_renew)); - if (ent.max_renew == NULL) { + if (ent.entry.max_renew == NULL) { + ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew)); + if (ent.entry.max_renew == NULL) { ret = ENOMEM; goto out; } } - *ent.max_renew = *log_ent.max_renew; + *ent.entry.max_renew = *log_ent.entry.max_renew; } } if (mask & KADM5_LAST_SUCCESS) { @@ -638,34 +644,34 @@ kadm5_log_replay_modify (kadm5_server_context *context, size_t num; int i; - for (i = 0; i < ent.keys.len; ++i) - free_Key(&ent.keys.val[i]); - free (ent.keys.val); + for (i = 0; i < ent.entry.keys.len; ++i) + free_Key(&ent.entry.keys.val[i]); + free (ent.entry.keys.val); - num = log_ent.keys.len; + num = log_ent.entry.keys.len; - ent.keys.len = num; - ent.keys.val = malloc(len * sizeof(*ent.keys.val)); - for (i = 0; i < ent.keys.len; ++i) { - ret = copy_Key(&log_ent.keys.val[i], - &ent.keys.val[i]); + ent.entry.keys.len = num; + ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); + for (i = 0; i < ent.entry.keys.len; ++i) { + ret = copy_Key(&log_ent.entry.keys.val[i], + &ent.entry.keys.val[i]); if (ret) goto out; } } - if ((mask & KADM5_TL_DATA) && log_ent.extensions) { - HDB_extensions *es = ent.extensions; + if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) { + HDB_extensions *es = ent.entry.extensions; - if (ent.extensions == NULL) { - ent.extensions = calloc(1, sizeof(*ent.extensions)); - if (ent.extensions == NULL) + if (ent.entry.extensions == NULL) { + ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions)); + if (ent.entry.extensions == NULL) goto out; } - ret = copy_HDB_extensions(es, ent.extensions); + ret = copy_HDB_extensions(es, ent.entry.extensions); if (ret) { - free(ent.extensions); - ent.extensions = es; + free(ent.entry.extensions); + ent.entry.extensions = es; goto out; } if (es) { diff --git a/lib/kadm5/modify_s.c b/lib/kadm5/modify_s.c index 94de9957e..6253b2df4 100644 --- a/lib/kadm5/modify_s.c +++ b/lib/kadm5/modify_s.c @@ -42,14 +42,14 @@ modify_principal(void *server_handle, u_int32_t forbidden_mask) { kadm5_server_context *context = server_handle; - hdb_entry ent; + hdb_entry_ex ent; kadm5_ret_t ret; if((mask & forbidden_mask)) return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) return KADM5_UNK_POLICY; - ent.principal = princ->principal; + ent.entry.principal = princ->principal; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; @@ -59,16 +59,16 @@ modify_principal(void *server_handle, ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0); if(ret) goto out2; - ret = _kadm5_set_modifier(context, &ent); + ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; kadm5_log_modify (context, - &ent, + &ent.entry, mask | KADM5_MOD_NAME | KADM5_MOD_TIME); ret = context->db->hdb_store(context->context, context->db, diff --git a/lib/kadm5/randkey_s.c b/lib/kadm5/randkey_s.c index 4ce5b0745..1f525a237 100644 --- a/lib/kadm5/randkey_s.c +++ b/lib/kadm5/randkey_s.c @@ -47,10 +47,10 @@ kadm5_s_randkey_principal(void *server_handle, int *n_keys) { kadm5_server_context *context = server_handle; - hdb_entry ent; + hdb_entry_ex ent; kadm5_ret_t ret; - ent.principal = princ; + ent.entry.principal = princ; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; @@ -59,26 +59,26 @@ kadm5_s_randkey_principal(void *server_handle, goto out; ret = _kadm5_set_keys_randomly (context, - &ent, + &ent.entry, new_keys, n_keys); if (ret) goto out2; - ent.kvno++; + ent.entry.kvno++; - ret = _kadm5_set_modifier(context, &ent); + ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out3; - ret = _kadm5_bump_pw_expire(context, &ent); + ret = _kadm5_bump_pw_expire(context, &ent.entry); if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; kadm5_log_modify (context, - &ent, + &ent.entry, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION | KADM5_TL_DATA); diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c index d933b1074..f2e72b980 100644 --- a/lib/kadm5/rename_s.c +++ b/lib/kadm5/rename_s.c @@ -42,8 +42,9 @@ kadm5_s_rename_principal(void *server_handle, { kadm5_server_context *context = server_handle; kadm5_ret_t ret; - hdb_entry ent, ent2; - ent.principal = source; + hdb_entry_ex ent, ent2; + + ent.entry.principal = source; if(krb5_principal_compare(context->context, source, target)) return KADM5_DUP; /* XXX is this right? */ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); @@ -54,7 +55,7 @@ kadm5_s_rename_principal(void *server_handle, context->db->hdb_close(context->context, context->db); goto out; } - ret = _kadm5_set_modifier(context, &ent); + ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; { @@ -65,10 +66,11 @@ kadm5_s_rename_principal(void *server_handle, krb5_get_pw_salt(context->context, source, &salt2); salt.type = hdb_pw_salt; salt.salt = salt2.saltvalue; - for(i = 0; i < ent.keys.len; i++){ - if(ent.keys.val[i].salt == NULL){ - ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt)); - ret = copy_Salt(&salt, ent.keys.val[i].salt); + for(i = 0; i < ent.entry.keys.len; i++){ + if(ent.entry.keys.val[i].salt == NULL){ + ent.entry.keys.val[i].salt = + malloc(sizeof(*ent.entry.keys.val[i].salt)); + ret = copy_Salt(&salt, ent.entry.keys.val[i].salt); if(ret) break; } @@ -77,26 +79,26 @@ kadm5_s_rename_principal(void *server_handle, } if(ret) goto out2; - ent2.principal = ent.principal; - ent.principal = target; + ent2.entry.principal = ent.entry.principal; + ent.entry.principal = target; - ret = hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) { - ent.principal = ent2.principal; + ent.entry.principal = ent2.entry.principal; goto out2; } kadm5_log_rename (context, source, - &ent); + &ent.entry); ret = context->db->hdb_store(context->context, context->db, 0, &ent); if(ret){ - ent.principal = ent2.principal; + ent.entry.principal = ent2.entry.principal; goto out2; } ret = context->db->hdb_remove(context->context, context->db, &ent2); - ent.principal = ent2.principal; + ent.entry.principal = ent2.entry.principal; out2: context->db->hdb_close(context->context, context->db); hdb_free_entry(context->context, &ent);