oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16378 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-12-12 12:40:12 +00:00
parent eb128f4928
commit 0c2369acd0
29 changed files with 445 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/hdb/common.c
View File

@@ -79,22 +79,22 @@ hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
}
krb5_error_code
_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_data key, value;
int code;
hdb_principal2key(context, entry->principal, &key);
hdb_principal2key(context, entry->entry.principal, &key);
code = db->hdb__get(context, db, key, &value);
krb5_data_free(&key);
if(code)
return code;
code = hdb_value2entry(context, &value, entry);
code = hdb_value2entry(context, &value, &entry->entry);
krb5_data_free(&value);
if (code)
return code;
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, entry);
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry(context, entry);
}
@@ -102,31 +102,31 @@ _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
}
krb5_error_code
_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_data key, value;
int code;
if(entry->generation == NULL) {
if(entry->entry.generation == NULL) {
struct timeval t;
entry->generation = malloc(sizeof(*entry->generation));
if(entry->generation == NULL) {
entry->entry.generation = malloc(sizeof(*entry->entry.generation));
if(entry->entry.generation == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
gettimeofday(&t, NULL);
entry->generation->time = t.tv_sec;
entry->generation->usec = t.tv_usec;
entry->generation->gen = 0;
entry->entry.generation->time = t.tv_sec;
entry->entry.generation->usec = t.tv_usec;
entry->entry.generation->gen = 0;
} else
entry->generation->gen++;
hdb_principal2key(context, entry->principal, &key);
code = hdb_seal_keys(context, db, entry);
entry->entry.generation->gen++;
hdb_principal2key(context, entry->entry.principal, &key);
code = hdb_seal_keys(context, db, &entry->entry);
if (code) {
krb5_data_free(&key);
return code;
}
hdb_entry2value(context, entry, &value);
hdb_entry2value(context, &entry->entry, &value);
code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
krb5_data_free(&value);
krb5_data_free(&key);
@@ -134,12 +134,12 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
}
krb5_error_code
_hdb_remove(krb5_context context, HDB *db, hdb_entry *entry)
_hdb_remove(krb5_context context, HDB *db, hdb_entry_ex *entry)
{
krb5_data key;
int code;
hdb_principal2key(context, entry->principal, &key);
hdb_principal2key(context, entry->entry.principal, &key);
code = db->hdb__del(context, db, key);
krb5_data_free(&key);
return code;

18
lib/hdb/db.c
View File

@@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db)
static krb5_error_code
DB_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry *entry, int flag)
unsigned flags, hdb_entry_ex *entry, int flag)
{
DB *d = (DB*)db->hdb_db;
DBT key, value;
@@ -106,21 +106,21 @@ DB_seq(krb5_context context, HDB *db,
key_data.length = key.size;
data.data = value.data;
data.length = value.size;
if (hdb_value2entry(context, &data, entry))
if (hdb_value2entry(context, &data, &entry->entry))
return DB_seq(context, db, flags, entry, R_NEXT);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, entry);
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
}
if (code == 0 && entry->principal == NULL) {
entry->principal = malloc(sizeof(*entry->principal));
if (entry->principal == NULL) {
if (code == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
code = ENOMEM;
hdb_free_entry (context, entry);
} else {
hdb_key2principal(context, &key_data, entry->principal);
hdb_key2principal(context, &key_data, entry->entry.principal);
}
}
return code;
@@ -128,14 +128,14 @@ DB_seq(krb5_context context, HDB *db,
static krb5_error_code
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_FIRST);
}
static krb5_error_code
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_NEXT);
}

18
lib/hdb/db3.c
View File

@@ -91,7 +91,7 @@ DB_unlock(krb5_context context, HDB *db)
static krb5_error_code
DB_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry *entry, int flag)
unsigned flags, hdb_entry_ex *entry, int flag)
{
DBT key, value;
DBC *dbcp = db->hdb_dbc;
@@ -113,21 +113,21 @@ DB_seq(krb5_context context, HDB *db,
key_data.length = key.size;
data.data = value.data;
data.length = value.size;
if (hdb_value2entry(context, &data, entry))
if (hdb_value2entry(context, &data, &entry->entry))
return DB_seq(context, db, flags, entry, DB_NEXT);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, entry);
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
}
if (entry->principal == NULL) {
entry->principal = malloc(sizeof(*entry->principal));
if (entry->principal == NULL) {
if (entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
} else {
hdb_key2principal(context, &key_data, entry->principal);
hdb_key2principal(context, &key_data, entry->entry.principal);
}
}
return 0;
@@ -135,14 +135,14 @@ DB_seq(krb5_context context, HDB *db,
static krb5_error_code
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, DB_FIRST);
}
static krb5_error_code
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, DB_NEXT);
}

13
lib/hdb/hdb.c
View File

@@ -133,16 +133,19 @@ hdb_unlock(int fd)
}
void
hdb_free_entry(krb5_context context, hdb_entry *ent)
hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{
int i;
for(i = 0; i < ent->keys.len; ++i) {
Key *k = &ent->keys.val[i];
if (ent->free_entry)
(*ent->free_entry)(context, ent);
for(i = 0; i < ent->entry.keys.len; ++i) {
Key *k = &ent->entry.keys.val[i];
memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
}
free_hdb_entry(ent);
free_hdb_entry(&ent->entry);
}
krb5_error_code
@@ -153,7 +156,7 @@ hdb_foreach(krb5_context context,
void *data)
{
krb5_error_code ret;
hdb_entry entry;
hdb_entry_ex entry;
ret = db->hdb_firstkey(context, db, flags, &entry);
while(ret == 0){
ret = (*func)(context, db, &entry, data);

28
lib/hdb/hdb.h
View File

@@ -52,6 +52,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
typedef struct hdb_master_key_data *hdb_master_key;
typedef struct hdb_entry_ex {
void *ctx;
hdb_entry entry;
void (*free_entry)(krb5_context, struct hdb_entry_ex *);
} hdb_entry_ex;
typedef struct HDB{
void *hdb_db;
void *hdb_dbc;
@@ -62,13 +69,16 @@ typedef struct HDB{
krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t);
krb5_error_code (*hdb_close)(krb5_context, struct HDB*);
krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned,hdb_entry*);
krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*);
krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*);
krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
unsigned, hdb_entry*);
krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
unsigned, hdb_entry*);
void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*);
krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,
unsigned,hdb_entry_ex*);
krb5_error_code (*hdb_store)(krb5_context,struct HDB*,
unsigned,hdb_entry_ex*);
krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*);
krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
unsigned, hdb_entry_ex*);
krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
unsigned, hdb_entry_ex*);
krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation);
krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*);
krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*);
@@ -79,7 +89,7 @@ typedef struct HDB{
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
}HDB;
#define HDB_INTERFACE_VERSION 2
#define HDB_INTERFACE_VERSION 3
struct hdb_so_method {
int version;
@@ -92,7 +102,7 @@ struct hdb_so_method {
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
hdb_entry*, void*);
hdb_entry_ex*, void*);
extern krb5_kt_ops hdb_kt_ops;
#include <hdb-protos.h>

18
lib/hdb/keytab.c
View File

@@ -193,7 +193,7 @@ hdb_get_entry(krb5_context context,
krb5_enctype enctype,
krb5_keytab_entry *entry)
{
hdb_entry ent;
hdb_entry_ex ent;
krb5_error_code ret;
struct hdb_data *d = id->data;
int i;
@@ -218,7 +218,7 @@ hdb_get_entry(krb5_context context,
(*db->hdb_destroy)(context, db);
return ret;
}
ent.principal = rk_UNCONST(principal);
ent.entry.principal = rk_UNCONST(principal);
ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, &ent);
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
@@ -227,20 +227,20 @@ hdb_get_entry(krb5_context context,
return KRB5_KT_NOTFOUND;
else if(ret)
return ret;
if(kvno && ent.kvno != kvno) {
if(kvno && ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent);
return KRB5_KT_NOTFOUND;
}
if(enctype == 0)
if(ent.keys.len > 0)
enctype = ent.keys.val[0].key.keytype;
if(ent.entry.keys.len > 0)
enctype = ent.entry.keys.val[0].key.keytype;
ret = KRB5_KT_NOTFOUND;
for(i = 0; i < ent.keys.len; i++) {
if(ent.keys.val[i].key.keytype == enctype) {
for(i = 0; i < ent.entry.keys.len; i++) {
if(ent.entry.keys.val[i].key.keytype == enctype) {
krb5_copy_principal(context, principal, &entry->principal);
entry->vno = ent.kvno;
entry->vno = ent.entry.kvno;
krb5_copy_keyblock_contents(context,
&ent.keys.val[i].key,
&ent.entry.keys.val[i].key,
&entry->keyblock);
ret = 0;
break;

18
lib/hdb/ndbm.c
View File

@@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db)
static krb5_error_code
NDBM_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry *entry, int first)
unsigned flags, hdb_entry_ex *entry, int first)
{
struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
@@ -99,21 +99,21 @@ NDBM_seq(krb5_context context, HDB *db,
db->hdb_unlock(context, db);
data.data = value.dptr;
data.length = value.dsize;
if(hdb_value2entry(context, &data, entry))
if(hdb_value2entry(context, &data, &entry->entry))
return NDBM_seq(context, db, flags, entry, 0);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys (context, db, entry);
ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret)
hdb_free_entry (context, entry);
}
if (entry->principal == NULL) {
entry->principal = malloc (sizeof(*entry->principal));
if (entry->principal == NULL) {
if (ret == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc (sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
ret = ENOMEM;
hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory");
} else {
hdb_key2principal (context, &key_data, entry->principal);
hdb_key2principal (context, &key_data, entry->entry.principal);
}
}
return ret;
@@ -121,14 +121,14 @@ NDBM_seq(krb5_context context, HDB *db,
static krb5_error_code
NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 1);
}
static krb5_error_code
NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 0);
}

4
lib/hdb/print.c
View File

@@ -268,7 +268,7 @@ hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */
krb5_error_code
hdb_print_entry(krb5_context context, HDB *db, hdb_entry *entry, void *data)
hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
{
krb5_error_code ret;
krb5_storage *sp;
@@ -282,7 +282,7 @@ hdb_print_entry(krb5_context context, HDB *db, hdb_entry *entry, void *data)
return ENOMEM;
}
ret = entry2string_int(context, sp, entry);
ret = entry2string_int(context, sp, &entry->entry);
if(ret) {
krb5_storage_free(sp);
return ret;

9
lib/kadm5/ChangeLog
View File

@@ -1,4 +1,11 @@
2005-09-08 Love H<>rnquist <20>strand <lha@it.su.se>
2005-11-30 Love H<>rnquist <20>strand <lha@it.su.se>
* context_s.c (set_field): try another way to calculate the path
to the database/logfile/signal-socket
* log.c (kadm5_log_init): set error string on failures
2005-09-08 Love H<>rnquist <20>strand <lha@it.su.se>
* Constify password.

46
lib/kadm5/chpass_s.c
View File

@@ -42,13 +42,13 @@ change(void *server_handle,
int cond)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
Key *keys;
size_t num_keys;
int cmp = 1;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -57,20 +57,20 @@ change(void *server_handle,
if(ret == HDB_ERR_NOENTRY)
goto out;
num_keys = ent.keys.len;
keys = ent.keys.val;
num_keys = ent.entry.keys.len;
keys = ent.entry.keys.val;
ent.keys.len = 0;
ent.keys.val = NULL;
ent.entry.keys.len = 0;
ent.entry.keys.val = NULL;
ret = _kadm5_set_keys(context, &ent, password);
ret = _kadm5_set_keys(context, &ent.entry, password);
if(ret) {
_kadm5_free_keys (context->context, num_keys, keys);
goto out2;
}
ent.kvno++;
ent.entry.kvno++;
if (cond)
cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len,
cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
keys, num_keys);
_kadm5_free_keys (context->context, num_keys, keys);
@@ -80,20 +80,20 @@ change(void *server_handle,
goto out2;
}
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);
@@ -116,7 +116,7 @@ out:
kadm5_ret_t
kadm5_s_chpass_principal_cond(void *server_handle,
krb5_principal princ,
char *password)
const char *password)
{
return change (server_handle, princ, password, 1);
}
@@ -128,7 +128,7 @@ kadm5_s_chpass_principal_cond(void *server_handle,
kadm5_ret_t
kadm5_s_chpass_principal(void *server_handle,
krb5_principal princ,
char *password)
const char *password)
{
return change (server_handle, princ, password, 0);
}
@@ -144,32 +144,32 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_key_data *key_data)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->hdb_fetch(context->context, context->db, 0, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret)
goto out2;
ent.kvno++;
ret = _kadm5_set_modifier(context, &ent);
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);

30
lib/kadm5/create_s.c
View File

@@ -57,7 +57,7 @@ static kadm5_ret_t
create_principal(kadm5_server_context *context,
kadm5_principal_ent_t princ,
u_int32_t mask,
hdb_entry *ent,
hdb_entry_ex *ent,
u_int32_t required_mask,
u_int32_t forbidden_mask)
{
@@ -74,7 +74,7 @@ create_principal(kadm5_server_context *context,
return KADM5_UNK_POLICY;
memset(ent, 0, sizeof(*ent));
ret = krb5_copy_principal(context->context, princ->principal,
&ent->principal);
&ent->entry.principal);
if(ret)
return ret;
@@ -94,9 +94,9 @@ create_principal(kadm5_server_context *context,
if(defent)
kadm5_free_principal_ent(context, defent);
ent->created_by.time = time(NULL);
ent->entry.created_by.time = time(NULL);
ret = krb5_copy_principal(context->context, context->caller,
&ent->created_by.principal);
&ent->entry.created_by.principal);
return ret;
}
@@ -107,7 +107,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
u_int32_t mask)
{
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_server_context *context = server_handle;
ret = create_principal(context, princ, mask, &ent,
@@ -120,13 +120,13 @@ kadm5_s_create_principal_with_key(void *server_handle,
if(ret)
goto out;
ent.kvno = 1;
ent.entry.kvno = 1;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;
kadm5_log_create (context, &ent);
kadm5_log_create (context, &ent.entry);
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
@@ -143,10 +143,10 @@ kadm5_ret_t
kadm5_s_create_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password)
const char *password)
{
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_server_context *context = server_handle;
ret = create_principal(context, princ, mask, &ent,
@@ -159,18 +159,18 @@ kadm5_s_create_principal(void *server_handle,
if(ret)
goto out;
ent.keys.len = 0;
ent.keys.val = NULL;
ent.entry.keys.len = 0;
ent.entry.keys.val = NULL;
ret = _kadm5_set_keys(context, &ent, password);
ret = _kadm5_set_keys(context, &ent.entry, password);
if (ret)
goto out;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;
kadm5_log_create (context, &ent);
kadm5_log_create (context, &ent.entry);
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)

8
lib/kadm5/delete_s.c
View File

@@ -40,9 +40,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret) {
krb5_warn(context->context, ret, "opening database");
@@ -52,12 +52,12 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
HDB_F_DECRYPT, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out2;
if(ent.flags.immutable) {
if(ent.entry.flags.immutable) {
ret = KADM5_PROTECT_PRINCIPAL;
goto out;
}
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;

57
lib/kadm5/ent_setup.c
View File

@@ -63,7 +63,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
static kadm5_ret_t
perform_tl_data(krb5_context context,
HDB *db,
hdb_entry *ent,
hdb_entry_ex *ent,
const krb5_tl_data *tl_data)
{
HDB_extension ext;
@@ -75,7 +75,7 @@ perform_tl_data(krb5_context context,
if (pw[tl_data->tl_data_length] != '\0')
return KADM5_BAD_TL_TYPE;
ret = hdb_entry_set_password(context, db, ent, pw);
ret = hdb_entry_set_password(context, db, &ent->entry, pw);
} else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
unsigned char *s;
@@ -88,7 +88,7 @@ perform_tl_data(krb5_context context,
t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
ret = hdb_entry_set_pw_change_time(context, ent, t);
ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
} else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
ret = decode_HDB_extension(tl_data->tl_data_contents,
@@ -98,7 +98,7 @@ perform_tl_data(krb5_context context,
if (ret)
return KADM5_BAD_TL_TYPE;
ret = hdb_replace_extension(context, ent, &ext);
ret = hdb_replace_extension(context, &ent->entry, &ext);
} else {
return KADM5_BAD_TL_TYPE;
@@ -115,7 +115,7 @@ perform_tl_data(krb5_context context,
kadm5_ret_t
_kadm5_setup_entry(kadm5_server_context *context,
hdb_entry *ent,
hdb_entry_ex *ent,
u_int32_t mask,
kadm5_principal_ent_t princ,
u_int32_t princ_mask,
@@ -125,64 +125,65 @@ _kadm5_setup_entry(kadm5_server_context *context,
if(mask & KADM5_PRINC_EXPIRE_TIME
&& princ_mask & KADM5_PRINC_EXPIRE_TIME) {
if (princ->princ_expire_time)
set_value(ent->valid_end, princ->princ_expire_time);
set_value(ent->entry.valid_end, princ->princ_expire_time);
else
set_null(ent->valid_end);
set_null(ent->entry.valid_end);
}
if(mask & KADM5_PW_EXPIRATION
&& princ_mask & KADM5_PW_EXPIRATION) {
if (princ->pw_expiration)
set_value(ent->pw_end, princ->pw_expiration);
set_value(ent->entry.pw_end, princ->pw_expiration);
else
set_null(ent->pw_end);
set_null(ent->entry.pw_end);
}
if(mask & KADM5_ATTRIBUTES) {
if (princ_mask & KADM5_ATTRIBUTES) {
attr_to_flags(princ->attributes, &ent->flags);
attr_to_flags(princ->attributes, &ent->entry.flags);
} else if(def_mask & KADM5_ATTRIBUTES) {
attr_to_flags(def->attributes, &ent->flags);
ent->flags.invalid = 0;
attr_to_flags(def->attributes, &ent->entry.flags);
ent->entry.flags.invalid = 0;
} else {
ent->flags.client = 1;
ent->flags.server = 1;
ent->flags.forwardable = 1;
ent->flags.proxiable = 1;
ent->flags.renewable = 1;
ent->flags.postdate = 1;
ent->entry.flags.client = 1;
ent->entry.flags.server = 1;
ent->entry.flags.forwardable = 1;
ent->entry.flags.proxiable = 1;
ent->entry.flags.renewable = 1;
ent->entry.flags.postdate = 1;
}
}
if(mask & KADM5_MAX_LIFE) {
if(princ_mask & KADM5_MAX_LIFE) {
if(princ->max_life)
set_value(ent->max_life, princ->max_life);
set_value(ent->entry.max_life, princ->max_life);
else
set_null(ent->max_life);
set_null(ent->entry.max_life);
} else if(def_mask & KADM5_MAX_LIFE) {
if(def->max_life)
set_value(ent->max_life, def->max_life);
set_value(ent->entry.max_life, def->max_life);
else
set_null(ent->max_life);
set_null(ent->entry.max_life);
}
}
if(mask & KADM5_KVNO
&& princ_mask & KADM5_KVNO)
ent->kvno = princ->kvno;
ent->entry.kvno = princ->kvno;
if(mask & KADM5_MAX_RLIFE) {
if(princ_mask & KADM5_MAX_RLIFE) {
if(princ->max_renewable_life)
set_value(ent->max_renew, princ->max_renewable_life);
set_value(ent->entry.max_renew, princ->max_renewable_life);
else
set_null(ent->max_renew);
set_null(ent->entry.max_renew);
} else if(def_mask & KADM5_MAX_RLIFE) {
if(def->max_renewable_life)
set_value(ent->max_renew, def->max_renewable_life);
set_value(ent->entry.max_renew, def->max_renewable_life);
else
set_null(ent->max_renew);
set_null(ent->entry.max_renew);
}
}
if(mask & KADM5_KEY_DATA
&& princ_mask & KADM5_KEY_DATA) {
_kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data);
_kadm5_set_keys2(context, &ent->entry,
princ->n_key_data, princ->key_data);
}
if(mask & KADM5_TL_DATA) {
krb5_tl_data *tl;

4
lib/kadm5/get_princs_s.c
View File

@@ -55,12 +55,12 @@ add_princ(struct foreach_data *d, char *princ)
}
static krb5_error_code
foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data)
foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
{
struct foreach_data *d = data;
char *princ;
krb5_error_code ret;
ret = krb5_unparse_name(context, ent->principal, &princ);
ret = krb5_unparse_name(context, ent->entry.principal, &princ);
if(ret)
return ret;
if(d->exp){

82
lib/kadm5/get_s.c
View File

@@ -72,9 +72,9 @@ kadm5_s_get_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
if(ret)
return ret;
@@ -86,49 +86,49 @@ kadm5_s_get_principal(void *server_handle,
memset(out, 0, sizeof(*out));
if(mask & KADM5_PRINCIPAL)
ret = krb5_copy_principal(context->context, ent.principal,
ret = krb5_copy_principal(context->context, ent.entry.principal,
&out->principal);
if(ret)
goto out;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
out->princ_expire_time = *ent.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
out->pw_expiration = *ent.pw_end;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
out->princ_expire_time = *ent.entry.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
out->pw_expiration = *ent.entry.pw_end;
if(mask & KADM5_LAST_PWD_CHANGE)
hdb_entry_get_pw_change_time(&ent, &out->last_pwd_change);
hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
if(mask & KADM5_ATTRIBUTES){
out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
}
if(mask & KADM5_MAX_LIFE) {
if(ent.max_life)
out->max_life = *ent.max_life;
if(ent.entry.max_life)
out->max_life = *ent.entry.max_life;
else
out->max_life = INT_MAX;
}
if(mask & KADM5_MOD_TIME) {
if(ent.modified_by)
out->mod_date = ent.modified_by->time;
if(ent.entry.modified_by)
out->mod_date = ent.entry.modified_by->time;
else
out->mod_date = ent.created_by.time;
out->mod_date = ent.entry.created_by.time;
}
if(mask & KADM5_MOD_NAME) {
if(ent.modified_by) {
if (ent.modified_by->principal != NULL)
if(ent.entry.modified_by) {
if (ent.entry.modified_by->principal != NULL)
ret = krb5_copy_principal(context->context,
ent.modified_by->principal,
ent.entry.modified_by->principal,
&out->mod_name);
} else if(ent.created_by.principal != NULL)
} else if(ent.entry.created_by.principal != NULL)
ret = krb5_copy_principal(context->context,
ent.created_by.principal,
ent.entry.created_by.principal,
&out->mod_name);
else
out->mod_name = NULL;
@@ -137,13 +137,13 @@ kadm5_s_get_principal(void *server_handle,
goto out;
if(mask & KADM5_KVNO)
out->kvno = ent.kvno;
out->kvno = ent.entry.kvno;
if(mask & KADM5_MKVNO) {
int n;
out->mkvno = 0; /* XXX */
for(n = 0; n < ent.keys.len; n++)
if(ent.keys.val[n].mkvno) {
out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
for(n = 0; n < ent.entry.keys.len; n++)
if(ent.entry.keys.val[n].mkvno) {
out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
break;
}
}
@@ -152,8 +152,8 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_POLICY)
out->policy = NULL;
if(mask & KADM5_MAX_RLIFE) {
if(ent.max_renew)
out->max_renewable_life = *ent.max_renew;
if(ent.entry.max_renew)
out->max_renewable_life = *ent.entry.max_renew;
else
out->max_renewable_life = INT_MAX;
}
@@ -169,13 +169,13 @@ kadm5_s_get_principal(void *server_handle,
krb5_key_data *kd;
krb5_salt salt;
krb5_data *sp;
krb5_get_pw_salt(context->context, ent.principal, &salt);
out->key_data = malloc(ent.keys.len * sizeof(*out->key_data));
for(i = 0; i < ent.keys.len; i++){
key = &ent.keys.val[i];
krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data));
for(i = 0; i < ent.entry.keys.len; i++){
key = &ent.entry.keys.val[i];
kd = &out->key_data[i];
kd->key_data_ver = 2;
kd->key_data_kvno = ent.kvno;
kd->key_data_kvno = ent.entry.kvno;
kd->key_data_type[0] = key->key.keytype;
if(key->salt)
kd->key_data_type[1] = key->salt->type;
@@ -215,7 +215,7 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_TL_DATA) {
time_t last_pw_expire;
ret = hdb_entry_get_pw_change_time(&ent, &last_pw_expire);
ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
if (ret == 0 && last_pw_expire) {
unsigned char buf[4];
_krb5_put_int(buf, last_pw_expire, sizeof(buf));
@@ -233,7 +233,7 @@ kadm5_s_get_principal(void *server_handle,
heim_utf8_string pw;
ret = hdb_entry_get_password(context->context,
context->db, &ent, &pw);
context->db, &ent.entry, &pw);
if (ret == 0) {
ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
free(pw);

4
lib/kadm5/iprop-log.c
View File

@@ -148,7 +148,7 @@ print_entry(kadm5_server_context *server_context,
free(name1);
free(name2);
krb5_free_principal(context, source);
hdb_free_entry(context, &ent);
free_hdb_entry(&ent);
break;
case kadm_create:
ret = krb5_data_alloc(&data, len);
@@ -250,7 +250,7 @@ print_entry(kadm5_server_context *server_context,
if(mask & KADM5_TL_DATA) {
printf(" tl data\n");
}
hdb_free_entry(context, &ent);
free_hdb_entry(&ent);
break;
case kadm_nop :
break;

4
lib/kadm5/ipropd_master.c
View File

@@ -279,14 +279,14 @@ struct prop_context {
};
static int
prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v)
prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data data;
struct slave *s = (struct slave *)v;
ret = hdb_entry2value (context, entry, &data);
ret = hdb_entry2value (context, &entry->entry, &data);
if (ret)
return ret;
ret = krb5_data_realloc (&data, data.length + 4);

6
lib/kadm5/ipropd_slave.c
View File

@@ -302,14 +302,16 @@ receive_everything (krb5_context context, int fd,
krb5_ret_int32 (sp, &opcode);
if (opcode == ONE_PRINC) {
krb5_data fake_data;
hdb_entry entry;
hdb_entry_ex entry;
krb5_storage_free(sp);
fake_data.data = (char *)data.data + 4;
fake_data.length = data.length - 4;
ret = hdb_value2entry (context, &fake_data, &entry);
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry (context, &fake_data, &entry.entry);
if (ret)
krb5_err (context, 1, ret, "hdb_value2entry");
ret = mydb->hdb_store(server_context->context,

126
lib/kadm5/log.c
View File

@@ -271,13 +271,15 @@ kadm5_log_replay_create (kadm5_server_context *context,
{
krb5_error_code ret;
krb5_data data;
hdb_entry ent;
hdb_entry_ex ent;
memset(&ent, 0, sizeof(ent));
ret = krb5_data_alloc (&data, len);
if (ret)
return ret;
krb5_storage_read (sp, data.data, len);
ret = hdb_value2entry (context->context, &data, &ent);
ret = hdb_value2entry (context->context, &data, &ent.entry);
krb5_data_free(&data);
if (ret)
return ret;
@@ -342,12 +344,12 @@ kadm5_log_replay_delete (kadm5_server_context *context,
krb5_storage *sp)
{
krb5_error_code ret;
hdb_entry ent;
hdb_entry_ex ent;
krb5_ret_principal (sp, &ent.principal);
krb5_ret_principal (sp, &ent.entry.principal);
ret = context->db->hdb_remove(context->context, context->db, &ent);
krb5_free_principal (context->context, ent.principal);
krb5_free_principal (context->context, ent.entry.principal);
return ret;
}
@@ -419,11 +421,13 @@ kadm5_log_replay_rename (kadm5_server_context *context,
{
krb5_error_code ret;
krb5_principal source;
hdb_entry source_ent, target_ent;
hdb_entry_ex source_ent, target_ent;
krb5_data value;
off_t off;
size_t princ_len, data_len;
memset(&target_ent, 0, sizeof(target_ent));
off = krb5_storage_seek(sp, 0, SEEK_CUR);
krb5_ret_principal (sp, &source);
princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
@@ -434,7 +438,7 @@ kadm5_log_replay_rename (kadm5_server_context *context,
return ret;
}
krb5_storage_read (sp, value.data, data_len);
ret = hdb_value2entry (context->context, &value, &target_ent);
ret = hdb_value2entry (context->context, &value, &target_ent.entry);
krb5_data_free(&value);
if (ret) {
krb5_free_principal (context->context, source);
@@ -447,7 +451,7 @@ kadm5_log_replay_rename (kadm5_server_context *context,
krb5_free_principal (context->context, source);
return ret;
}
source_ent.principal = source;
source_ent.entry.principal = source;
ret = context->db->hdb_remove (context->context, context->db, &source_ent);
krb5_free_principal (context->context, source);
return ret;
@@ -517,7 +521,9 @@ kadm5_log_replay_modify (kadm5_server_context *context,
krb5_error_code ret;
int32_t mask;
krb5_data value;
hdb_entry ent, log_ent;
hdb_entry_ex ent, log_ent;
memset(&log_ent, 0, sizeof(log_ent));
krb5_ret_int32 (sp, &mask);
len -= 4;
@@ -525,79 +531,79 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ret)
return ret;
krb5_storage_read (sp, value.data, len);
ret = hdb_value2entry (context->context, &value, &log_ent);
ret = hdb_value2entry (context->context, &value, &log_ent.entry);
krb5_data_free(&value);
if (ret)
return ret;
ent.principal = log_ent.principal;
log_ent.principal = NULL;
ent.entry.principal = log_ent.entry.principal;
log_ent.entry.principal = NULL;
ret = context->db->hdb_fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
if (ret)
goto out;
if (mask & KADM5_PRINC_EXPIRE_TIME) {
if (log_ent.valid_end == NULL) {
ent.valid_end = NULL;
if (log_ent.entry.valid_end == NULL) {
ent.entry.valid_end = NULL;
} else {
if (ent.valid_end == NULL) {
ent.valid_end = malloc(sizeof(*ent.valid_end));
if (ent.valid_end == NULL) {
if (ent.entry.valid_end == NULL) {
ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
if (ent.entry.valid_end == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.valid_end = *log_ent.valid_end;
*ent.entry.valid_end = *log_ent.entry.valid_end;
}
}
if (mask & KADM5_PW_EXPIRATION) {
if (log_ent.pw_end == NULL) {
ent.pw_end = NULL;
if (log_ent.entry.pw_end == NULL) {
ent.entry.pw_end = NULL;
} else {
if (ent.pw_end == NULL) {
ent.pw_end = malloc(sizeof(*ent.pw_end));
if (ent.pw_end == NULL) {
if (ent.entry.pw_end == NULL) {
ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
if (ent.entry.pw_end == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.pw_end = *log_ent.pw_end;
*ent.entry.pw_end = *log_ent.entry.pw_end;
}
}
if (mask & KADM5_LAST_PWD_CHANGE) {
abort (); /* XXX */
}
if (mask & KADM5_ATTRIBUTES) {
ent.flags = log_ent.flags;
ent.entry.flags = log_ent.entry.flags;
}
if (mask & KADM5_MAX_LIFE) {
if (log_ent.max_life == NULL) {
ent.max_life = NULL;
if (log_ent.entry.max_life == NULL) {
ent.entry.max_life = NULL;
} else {
if (ent.max_life == NULL) {
ent.max_life = malloc (sizeof(*ent.max_life));
if (ent.max_life == NULL) {
if (ent.entry.max_life == NULL) {
ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
if (ent.entry.max_life == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.max_life = *log_ent.max_life;
*ent.entry.max_life = *log_ent.entry.max_life;
}
}
if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
if (ent.modified_by == NULL) {
ent.modified_by = malloc(sizeof(*ent.modified_by));
if (ent.modified_by == NULL) {
if (ent.entry.modified_by == NULL) {
ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
if (ent.entry.modified_by == NULL) {
ret = ENOMEM;
goto out;
}
} else
free_Event(ent.modified_by);
ret = copy_Event(log_ent.modified_by, ent.modified_by);
free_Event(ent.entry.modified_by);
ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
if (ret)
goto out;
}
if (mask & KADM5_KVNO) {
ent.kvno = log_ent.kvno;
ent.entry.kvno = log_ent.entry.kvno;
}
if (mask & KADM5_MKVNO) {
abort (); /* XXX */
@@ -612,17 +618,17 @@ kadm5_log_replay_modify (kadm5_server_context *context,
abort (); /* XXX */
}
if (mask & KADM5_MAX_RLIFE) {
if (log_ent.max_renew == NULL) {
ent.max_renew = NULL;
if (log_ent.entry.max_renew == NULL) {
ent.entry.max_renew = NULL;
} else {
if (ent.max_renew == NULL) {
ent.max_renew = malloc (sizeof(*ent.max_renew));
if (ent.max_renew == NULL) {
if (ent.entry.max_renew == NULL) {
ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
if (ent.entry.max_renew == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.max_renew = *log_ent.max_renew;
*ent.entry.max_renew = *log_ent.entry.max_renew;
}
}
if (mask & KADM5_LAST_SUCCESS) {
@@ -638,34 +644,34 @@ kadm5_log_replay_modify (kadm5_server_context *context,
size_t num;
int i;
for (i = 0; i < ent.keys.len; ++i)
free_Key(&ent.keys.val[i]);
free (ent.keys.val);
for (i = 0; i < ent.entry.keys.len; ++i)
free_Key(&ent.entry.keys.val[i]);
free (ent.entry.keys.val);
num = log_ent.keys.len;
num = log_ent.entry.keys.len;
ent.keys.len = num;
ent.keys.val = malloc(len * sizeof(*ent.keys.val));
for (i = 0; i < ent.keys.len; ++i) {
ret = copy_Key(&log_ent.keys.val[i],
&ent.keys.val[i]);
ent.entry.keys.len = num;
ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
for (i = 0; i < ent.entry.keys.len; ++i) {
ret = copy_Key(&log_ent.entry.keys.val[i],
&ent.entry.keys.val[i]);
if (ret)
goto out;
}
}
if ((mask & KADM5_TL_DATA) && log_ent.extensions) {
HDB_extensions *es = ent.extensions;
if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
HDB_extensions *es = ent.entry.extensions;
if (ent.extensions == NULL) {
ent.extensions = calloc(1, sizeof(*ent.extensions));
if (ent.extensions == NULL)
if (ent.entry.extensions == NULL) {
ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
if (ent.entry.extensions == NULL)
goto out;
}
ret = copy_HDB_extensions(es, ent.extensions);
ret = copy_HDB_extensions(es, ent.entry.extensions);
if (ret) {
free(ent.extensions);
ent.extensions = es;
free(ent.entry.extensions);
ent.entry.extensions = es;
goto out;
}
if (es) {

10
lib/kadm5/modify_s.c
View File

@@ -42,14 +42,14 @@ modify_principal(void *server_handle,
u_int32_t forbidden_mask)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
if((mask & forbidden_mask))
return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
return KADM5_UNK_POLICY;
ent.principal = princ->principal;
ent.entry.principal = princ->principal;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -59,16 +59,16 @@ modify_principal(void *server_handle,
ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
if(ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
ret = context->db->hdb_store(context->context, context->db,

16
lib/kadm5/randkey_s.c
View File

@@ -47,10 +47,10 @@ kadm5_s_randkey_principal(void *server_handle,
int *n_keys)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -59,26 +59,26 @@ kadm5_s_randkey_principal(void *server_handle,
goto out;
ret = _kadm5_set_keys_randomly (context,
&ent,
&ent.entry,
new_keys,
n_keys);
if (ret)
goto out2;
ent.kvno++;
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out3;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);

30
lib/kadm5/rename_s.c
View File

@@ -42,8 +42,9 @@ kadm5_s_rename_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent, ent2;
ent.principal = source;
hdb_entry_ex ent, ent2;
ent.entry.principal = source;
if(krb5_principal_compare(context->context, source, target))
return KADM5_DUP; /* XXX is this right? */
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
@@ -54,7 +55,7 @@ kadm5_s_rename_principal(void *server_handle,
context->db->hdb_close(context->context, context->db);
goto out;
}
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
{
@@ -65,10 +66,11 @@ kadm5_s_rename_principal(void *server_handle,
krb5_get_pw_salt(context->context, source, &salt2);
salt.type = hdb_pw_salt;
salt.salt = salt2.saltvalue;
for(i = 0; i < ent.keys.len; i++){
if(ent.keys.val[i].salt == NULL){
ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt));
ret = copy_Salt(&salt, ent.keys.val[i].salt);
for(i = 0; i < ent.entry.keys.len; i++){
if(ent.entry.keys.val[i].salt == NULL){
ent.entry.keys.val[i].salt =
malloc(sizeof(*ent.entry.keys.val[i].salt));
ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
if(ret)
break;
}
@@ -77,26 +79,26 @@ kadm5_s_rename_principal(void *server_handle,
}
if(ret)
goto out2;
ent2.principal = ent.principal;
ent.principal = target;
ent2.entry.principal = ent.entry.principal;
ent.entry.principal = target;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret) {
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
goto out2;
}
kadm5_log_rename (context,
source,
&ent);
&ent.entry);
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
if(ret){
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
goto out2;
}
ret = context->db->hdb_remove(context->context, context->db, &ent2);
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
out2:
context->db->hdb_close(context->context, context->db);
hdb_free_entry(context->context, &ent);