oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16378 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-12-12 12:40:12 +00:00
parent eb128f4928
commit 0c2369acd0
29 changed files with 445 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
kdc/hprop.c
View File

@@ -100,28 +100,28 @@ open_socket(krb5_context context, const char *hostname, const char *port)
}
krb5_error_code
v5_prop(krb5_context context, HDB *db, hdb_entry *entry, void *appdata)
v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata)
{
krb5_error_code ret;
struct prop_data *pd = appdata;
krb5_data data;
if(encrypt_flag) {
ret = hdb_seal_keys_mkey(context, entry, mkey5);
ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5);
if (ret) {
krb5_warn(context, ret, "hdb_seal_keys_mkey");
return ret;
}
}
if(decrypt_flag) {
ret = hdb_unseal_keys_mkey(context, entry, mkey5);
ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5);
if (ret) {
krb5_warn(context, ret, "hdb_unseal_keys_mkey");
return ret;
}
}
ret = hdb_entry2value(context, entry, &data);
ret = hdb_entry2value(context, &entry->entry, &data);
if(ret) {
krb5_warn(context, ret, "hdb_entry2value");
return ret;
@@ -176,13 +176,13 @@ int
v4_prop(void *arg, struct v4_principal *p)
{
struct prop_data *pd = arg;
hdb_entry ent;
hdb_entry_ex ent;
krb5_error_code ret;
memset(&ent, 0, sizeof(ent));
ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
&ent.principal);
&ent.entry.principal);
if(ret) {
krb5_warn(pd->context, ret,
"krb5_425_conv_principal %s.%s@%s",
@@ -192,49 +192,49 @@ v4_prop(void *arg, struct v4_principal *p)
if(verbose_flag) {
char *s;
krb5_unparse_name_short(pd->context, ent.principal, &s);
krb5_unparse_name_short(pd->context, ent.entry.principal, &s);
krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
free(s);
}
ent.kvno = p->kvno;
ent.keys.len = 3;
ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val));
ent.entry.kvno = p->kvno;
ent.entry.keys.len = 3;
ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val));
if(p->mkvno != -1) {
ent.keys.val[0].mkvno = malloc (sizeof(*ent.keys.val[0].mkvno));
*(ent.keys.val[0].mkvno) = p->mkvno;
ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno));
*(ent.entry.keys.val[0].mkvno) = p->mkvno;
} else
ent.keys.val[0].mkvno = NULL;
ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt));
ent.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
ent.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
krb5_data_alloc(&ent.keys.val[0].key.keyvalue, DES_KEY_SZ);
memcpy(ent.keys.val[0].key.keyvalue.data, p->key, 8);
ent.entry.keys.val[0].mkvno = NULL;
ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt));
ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ);
memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8);
copy_Key(&ent.keys.val[0], &ent.keys.val[1]);
ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
copy_Key(&ent.keys.val[0], &ent.keys.val[2]);
ent.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]);
ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]);
ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
{
int life = _krb5_krb_life_to_time(0, p->max_life);
if(life == NEVERDATE){
ent.max_life = NULL;
ent.entry.max_life = NULL;
} else {
/* clean up lifetime a bit */
if(life > 86400)
life = (life + 86399) / 86400 * 86400;
else if(life > 3600)
life = (life + 3599) / 3600 * 3600;
ALLOC(ent.max_life);
*ent.max_life = life;
ALLOC(ent.entry.max_life);
*ent.entry.max_life = life;
}
}
ALLOC(ent.valid_end);
*ent.valid_end = p->exp_date;
ALLOC(ent.entry.valid_end);
*ent.entry.valid_end = p->exp_date;
ret = krb5_make_principal(pd->context, &ent.created_by.principal,
ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal,
v4_realm,
"kadmin",
"hprop",
@@ -244,44 +244,44 @@ v4_prop(void *arg, struct v4_principal *p)
ret = 0;
goto out;
}
ent.created_by.time = time(NULL);
ALLOC(ent.modified_by);
ent.entry.created_by.time = time(NULL);
ALLOC(ent.entry.modified_by);
ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance,
v4_realm, &ent.modified_by->principal);
v4_realm, &ent.entry.modified_by->principal);
if(ret){
krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
ent.modified_by->principal = NULL;
ent.entry.modified_by->principal = NULL;
ret = 0;
goto out;
}
ent.modified_by->time = p->mod_date;
ent.entry.modified_by->time = p->mod_date;
ent.flags.forwardable = 1;
ent.flags.renewable = 1;
ent.flags.proxiable = 1;
ent.flags.postdate = 1;
ent.flags.client = 1;
ent.flags.server = 1;
ent.entry.flags.forwardable = 1;
ent.entry.flags.renewable = 1;
ent.entry.flags.proxiable = 1;
ent.entry.flags.postdate = 1;
ent.entry.flags.client = 1;
ent.entry.flags.server = 1;
/* special case password changing service */
if(strcmp(p->name, "changepw") == 0 &&
strcmp(p->instance, "kerberos") == 0) {
ent.flags.forwardable = 0;
ent.flags.renewable = 0;
ent.flags.proxiable = 0;
ent.flags.postdate = 0;
ent.flags.initial = 1;
ent.flags.change_pw = 1;
ent.entry.flags.forwardable = 0;
ent.entry.flags.renewable = 0;
ent.entry.flags.proxiable = 0;
ent.entry.flags.postdate = 0;
ent.entry.flags.initial = 1;
ent.entry.flags.change_pw = 1;
}
ret = v5_prop(pd->context, NULL, &ent, pd);
if (strcmp (p->name, "krbtgt") == 0
&& strcmp (v4_realm, p->instance) != 0) {
krb5_free_principal (pd->context, ent.principal);
krb5_free_principal (pd->context, ent.entry.principal);
ret = krb5_425_conv_principal (pd->context, p->name,
v4_realm, p->instance,
&ent.principal);
&ent.entry.principal);
if (ret == 0)
ret = v5_prop (pd->context, NULL, &ent, pd);
}
@@ -317,87 +317,90 @@ ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
{
int32_t flags = ntohl(ent->flags);
krb5_error_code ret;
hdb_entry hdb;
hdb_entry_ex hdb;
if(!kaspecials_flag
&& (flags & KAFNORMAL) == 0) /* remove special entries */
return 0;
memset(&hdb, 0, sizeof(hdb));
ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance,
v4_realm, &hdb.principal);
v4_realm, &hdb.entry.principal);
if(ret) {
krb5_warn(pd->context, ret,
"krb5_425_conv_principal (%s.%s@%s)",
ent->name, ent->instance, v4_realm);
return 0;
}
hdb.kvno = ntohl(ent->kvno);
hdb.keys.len = 3;
hdb.keys.val = malloc(hdb.keys.len * sizeof(*hdb.keys.val));
hdb.keys.val[0].mkvno = NULL;
hdb.keys.val[0].salt = calloc(1, sizeof(*hdb.keys.val[0].salt));
hdb.entry.kvno = ntohl(ent->kvno);
hdb.entry.keys.len = 3;
hdb.entry.keys.val =
malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val));
hdb.entry.keys.val[0].mkvno = NULL;
hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt));
if (ka_use_null_salt) {
hdb.keys.val[0].salt->type = hdb_pw_salt;
hdb.keys.val[0].salt->salt.data = NULL;
hdb.keys.val[0].salt->salt.length = 0;
hdb.entry.keys.val[0].salt->type = hdb_pw_salt;
hdb.entry.keys.val[0].salt->salt.data = NULL;
hdb.entry.keys.val[0].salt->salt.length = 0;
} else {
hdb.keys.val[0].salt->type = hdb_afs3_salt;
hdb.keys.val[0].salt->salt.data = strdup(afs_cell);
hdb.keys.val[0].salt->salt.length = strlen(afs_cell);
hdb.entry.keys.val[0].salt->type = hdb_afs3_salt;
hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell);
hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell);
}
hdb.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
krb5_data_copy(&hdb.keys.val[0].key.keyvalue, ent->key, sizeof(ent->key));
copy_Key(&hdb.keys.val[0], &hdb.keys.val[1]);
hdb.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
copy_Key(&hdb.keys.val[0], &hdb.keys.val[2]);
hdb.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue,
ent->key,
sizeof(ent->key));
copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]);
hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]);
hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
ALLOC(hdb.max_life);
*hdb.max_life = ntohl(ent->max_life);
ALLOC(hdb.entry.max_life);
*hdb.entry.max_life = ntohl(ent->max_life);
if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) {
ALLOC(hdb.valid_end);
*hdb.valid_end = ntohl(ent->valid_end);
ALLOC(hdb.entry.valid_end);
*hdb.entry.valid_end = ntohl(ent->valid_end);
}
if (ntohl(ent->pw_change) != NEVERDATE &&
ent->pw_expire != 255 &&
ent->pw_expire != 0) {
ALLOC(hdb.pw_end);
*hdb.pw_end = ntohl(ent->pw_change)
ALLOC(hdb.entry.pw_end);
*hdb.entry.pw_end = ntohl(ent->pw_change)
+ 24 * 60 * 60 * ent->pw_expire;
}
ret = krb5_make_principal(pd->context, &hdb.created_by.principal,
ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal,
v4_realm,
"kadmin",
"hprop",
NULL);
hdb.created_by.time = time(NULL);
hdb.entry.created_by.time = time(NULL);
if(ent->mod_ptr){
struct ka_entry mod;
ALLOC(hdb.modified_by);
ALLOC(hdb.entry.modified_by);
read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm,
&hdb.modified_by->principal);
hdb.modified_by->time = ntohl(ent->mod_time);
&hdb.entry.modified_by->principal);
hdb.entry.modified_by->time = ntohl(ent->mod_time);
memset(&mod, 0, sizeof(mod));
}
hdb.flags.forwardable = 1;
hdb.flags.renewable = 1;
hdb.flags.proxiable = 1;
hdb.flags.postdate = 1;
hdb.entry.flags.forwardable = 1;
hdb.entry.flags.renewable = 1;
hdb.entry.flags.proxiable = 1;
hdb.entry.flags.postdate = 1;
/* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
if (strcmp(ent->name, "krbtgt") == 0 &&
(flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
flags &= ~(KAFNOTGS|KAFNOSEAL);
hdb.flags.client = (flags & KAFNOTGS) == 0;
hdb.flags.server = (flags & KAFNOSEAL) == 0;
hdb.entry.flags.client = (flags & KAFNOTGS) == 0;
hdb.entry.flags.server = (flags & KAFNOSEAL) == 0;
ret = v5_prop(pd->context, NULL, &hdb, pd);
hdb_free_entry(pd->context, &hdb);

2
kdc/hprop.h
View File

@@ -53,7 +53,7 @@ struct prop_data{
#define NEVERDATE ((1U << 31) - 1)
#endif
krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry*, void*);
krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry_ex*, void*);
int mit_prop_dump(void*, const char*);
struct v4_principal {

7
kdc/hpropd.c
View File

@@ -377,7 +377,7 @@ main(int argc, char **argv)
nprincs = 0;
while(1){
krb5_data data;
hdb_entry entry;
hdb_entry_ex entry;
if(from_stdin) {
ret = krb5_read_message(context, &fd, &data);
@@ -417,7 +417,8 @@ main(int argc, char **argv)
}
break;
}
ret = hdb_value2entry(context, &data, &entry);
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry(context, &data, &entry.entry);
if(ret)
krb5_err(context, 1, ret, "hdb_value2entry");
if(print_dump)
@@ -434,7 +435,7 @@ main(int argc, char **argv)
ret = db->hdb_store(context, db, 0, &entry);
if(ret == HDB_ERR_EXISTS) {
char *s;
ret = krb5_unparse_name(context, entry.principal, &s);
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup("unparseable name");
krb5_warnx(context, "Entry exists: %s", s);

2
kdc/kerberos4.c
View File

@@ -92,7 +92,7 @@ krb5_error_code
_kdc_db_fetch4(krb5_context context,
krb5_kdc_configuration *config,
const char *name, const char *instance, const char *realm,
hdb_entry **ent)
hdb_entry_ex **ent)
{
krb5_principal p;
krb5_error_code ret;

8
kdc/misc.c
View File

@@ -41,16 +41,16 @@ krb5_error_code
_kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal,
hdb_entry **h)
hdb_entry_ex **h)
{
hdb_entry *ent;
hdb_entry_ex *ent;
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
ent = malloc (sizeof (*ent));
if (ent == NULL)
return ENOMEM;
ent->principal = principal;
ent->entry.principal = principal;
for(i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
@@ -74,7 +74,7 @@ _kdc_db_fetch(krb5_context context,
}
void
_kdc_free_ent(krb5_context context, hdb_entry *ent)
_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
{
hdb_free_entry (context, ent);
free (ent);

57
kdc/mit_dump.c
View File

@@ -221,7 +221,7 @@ mit_prop_dump(void *arg, const char *file)
char line [2048];
FILE *f;
int lineno = 0;
struct hdb_entry ent;
struct hdb_entry_ex ent;
struct prop_data *pd = arg;
@@ -274,28 +274,28 @@ mit_prop_dump(void *arg, const char *file)
num_key_data = getint(&p); /* number of key-data */
extra_data_length = getint(&p); /* length of extra data */
q = nexttoken(&p); /* principal name */
krb5_parse_name(pd->context, q, &ent.principal);
krb5_parse_name(pd->context, q, &ent.entry.principal);
attributes = getint(&p); /* attributes */
attr_to_flags(attributes, &ent.flags);
attr_to_flags(attributes, &ent.entry.flags);
tmp = getint(&p); /* max life */
if(tmp != 0) {
ALLOC(ent.max_life);
*ent.max_life = tmp;
ALLOC(ent.entry.max_life);
*ent.entry.max_life = tmp;
}
tmp = getint(&p); /* max renewable life */
if(tmp != 0) {
ALLOC(ent.max_renew);
*ent.max_renew = tmp;
ALLOC(ent.entry.max_renew);
*ent.entry.max_renew = tmp;
}
tmp = getint(&p); /* expiration */
if(tmp != 0 && tmp != 2145830400) {
ALLOC(ent.valid_end);
*ent.valid_end = tmp;
ALLOC(ent.entry.valid_end);
*ent.entry.valid_end = tmp;
}
tmp = getint(&p); /* pw expiration */
if(tmp != 0) {
ALLOC(ent.pw_end);
*ent.pw_end = tmp;
ALLOC(ent.entry.pw_end);
*ent.entry.pw_end = tmp;
}
q = nexttoken(&p); /* last auth */
q = nexttoken(&p); /* last failed auth */
@@ -318,48 +318,49 @@ mit_prop_dump(void *arg, const char *file)
val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ);
free(buf);
ALLOC(ent.modified_by);
ent.modified_by->time = val;
ent.modified_by->principal = princ;
ALLOC(ent.entry.modified_by);
ent.entry.modified_by->time = val;
ent.entry.modified_by->principal = princ;
break;
default:
nexttoken(&p);
break;
}
}
ALLOC_SEQ(&ent.keys, num_key_data);
ALLOC_SEQ(&ent.entry.keys, num_key_data);
for(i = 0; i < num_key_data; i++) {
int key_versions;
key_versions = getint(&p); /* key data version */
ent.kvno = getint(&p); /* XXX kvno */
ent.entry.kvno = getint(&p); /* XXX kvno */
ALLOC(ent.keys.val[i].mkvno);
*ent.keys.val[i].mkvno = 0;
ALLOC(ent.entry.keys.val[i].mkvno);
*ent.entry.keys.val[i].mkvno = 0;
/* key version 0 -- actual key */
ent.keys.val[i].key.keytype = getint(&p); /* key type */
ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */
tmp = getint(&p); /* key length */
/* the first two bytes of the key is the key length --
skip it */
krb5_data_alloc(&ent.keys.val[i].key.keyvalue, tmp - 2);
krb5_data_alloc(&ent.entry.keys.val[i].key.keyvalue, tmp - 2);
q = nexttoken(&p); /* key itself */
hex_to_octet_string(q + 4, &ent.keys.val[i].key.keyvalue);
hex_to_octet_string(q + 4, &ent.entry.keys.val[i].key.keyvalue);
if(key_versions > 1) {
/* key version 1 -- optional salt */
ALLOC(ent.keys.val[i].salt);
ent.keys.val[i].salt->type = getint(&p); /* salt type */
ALLOC(ent.entry.keys.val[i].salt);
ent.entry.keys.val[i].salt->type = getint(&p); /* salt type */
tmp = getint(&p); /* salt length */
if(tmp > 0) {
krb5_data_alloc(&ent.keys.val[i].salt->salt, tmp - 2);
krb5_data_alloc(&ent.entry.keys.val[i].salt->salt, tmp - 2);
q = nexttoken(&p); /* salt itself */
hex_to_octet_string(q + 4, &ent.keys.val[i].salt->salt);
hex_to_octet_string(q + 4,
&ent.entry.keys.val[i].salt->salt);
} else {
ent.keys.val[i].salt->salt.length = 0;
ent.keys.val[i].salt->salt.data = NULL;
ent.entry.keys.val[i].salt->salt.length = 0;
ent.entry.keys.val[i].salt->salt.data = NULL;
tmp = getint(&p); /* -1, if no data. */
}
fix_salt(pd->context, &ent, i);
fix_salt(pd->context, &ent.entry, i);
}
}
q = nexttoken(&p); /* extra data */