oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16378 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-12-12 12:40:12 +00:00
parent eb128f4928
commit 0c2369acd0
29 changed files with 445 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/kadm5/ChangeLog
View File

@@ -1,4 +1,11 @@
2005-09-08 Love H<>rnquist <20>strand <lha@it.su.se>
2005-11-30 Love H<>rnquist <20>strand <lha@it.su.se>
* context_s.c (set_field): try another way to calculate the path
to the database/logfile/signal-socket
* log.c (kadm5_log_init): set error string on failures
2005-09-08 Love H<>rnquist <20>strand <lha@it.su.se>
* Constify password.

46
lib/kadm5/chpass_s.c
View File

@@ -42,13 +42,13 @@ change(void *server_handle,
int cond)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
Key *keys;
size_t num_keys;
int cmp = 1;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -57,20 +57,20 @@ change(void *server_handle,
if(ret == HDB_ERR_NOENTRY)
goto out;
num_keys = ent.keys.len;
keys = ent.keys.val;
num_keys = ent.entry.keys.len;
keys = ent.entry.keys.val;
ent.keys.len = 0;
ent.keys.val = NULL;
ent.entry.keys.len = 0;
ent.entry.keys.val = NULL;
ret = _kadm5_set_keys(context, &ent, password);
ret = _kadm5_set_keys(context, &ent.entry, password);
if(ret) {
_kadm5_free_keys (context->context, num_keys, keys);
goto out2;
}
ent.kvno++;
ent.entry.kvno++;
if (cond)
cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len,
cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
keys, num_keys);
_kadm5_free_keys (context->context, num_keys, keys);
@@ -80,20 +80,20 @@ change(void *server_handle,
goto out2;
}
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);
@@ -116,7 +116,7 @@ out:
kadm5_ret_t
kadm5_s_chpass_principal_cond(void *server_handle,
krb5_principal princ,
char *password)
const char *password)
{
return change (server_handle, princ, password, 1);
}
@@ -128,7 +128,7 @@ kadm5_s_chpass_principal_cond(void *server_handle,
kadm5_ret_t
kadm5_s_chpass_principal(void *server_handle,
krb5_principal princ,
char *password)
const char *password)
{
return change (server_handle, princ, password, 0);
}
@@ -144,32 +144,32 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_key_data *key_data)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->hdb_fetch(context->context, context->db, 0, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret)
goto out2;
ent.kvno++;
ret = _kadm5_set_modifier(context, &ent);
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);

30
lib/kadm5/create_s.c
View File

@@ -57,7 +57,7 @@ static kadm5_ret_t
create_principal(kadm5_server_context *context,
kadm5_principal_ent_t princ,
u_int32_t mask,
hdb_entry *ent,
hdb_entry_ex *ent,
u_int32_t required_mask,
u_int32_t forbidden_mask)
{
@@ -74,7 +74,7 @@ create_principal(kadm5_server_context *context,
return KADM5_UNK_POLICY;
memset(ent, 0, sizeof(*ent));
ret = krb5_copy_principal(context->context, princ->principal,
&ent->principal);
&ent->entry.principal);
if(ret)
return ret;
@@ -94,9 +94,9 @@ create_principal(kadm5_server_context *context,
if(defent)
kadm5_free_principal_ent(context, defent);
ent->created_by.time = time(NULL);
ent->entry.created_by.time = time(NULL);
ret = krb5_copy_principal(context->context, context->caller,
&ent->created_by.principal);
&ent->entry.created_by.principal);
return ret;
}
@@ -107,7 +107,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
u_int32_t mask)
{
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_server_context *context = server_handle;
ret = create_principal(context, princ, mask, &ent,
@@ -120,13 +120,13 @@ kadm5_s_create_principal_with_key(void *server_handle,
if(ret)
goto out;
ent.kvno = 1;
ent.entry.kvno = 1;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;
kadm5_log_create (context, &ent);
kadm5_log_create (context, &ent.entry);
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
@@ -143,10 +143,10 @@ kadm5_ret_t
kadm5_s_create_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password)
const char *password)
{
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_server_context *context = server_handle;
ret = create_principal(context, princ, mask, &ent,
@@ -159,18 +159,18 @@ kadm5_s_create_principal(void *server_handle,
if(ret)
goto out;
ent.keys.len = 0;
ent.keys.val = NULL;
ent.entry.keys.len = 0;
ent.entry.keys.val = NULL;
ret = _kadm5_set_keys(context, &ent, password);
ret = _kadm5_set_keys(context, &ent.entry, password);
if (ret)
goto out;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;
kadm5_log_create (context, &ent);
kadm5_log_create (context, &ent.entry);
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)

8
lib/kadm5/delete_s.c
View File

@@ -40,9 +40,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret) {
krb5_warn(context->context, ret, "opening database");
@@ -52,12 +52,12 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
HDB_F_DECRYPT, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out2;
if(ent.flags.immutable) {
if(ent.entry.flags.immutable) {
ret = KADM5_PROTECT_PRINCIPAL;
goto out;
}
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out;

57
lib/kadm5/ent_setup.c
View File

@@ -63,7 +63,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
static kadm5_ret_t
perform_tl_data(krb5_context context,
HDB *db,
hdb_entry *ent,
hdb_entry_ex *ent,
const krb5_tl_data *tl_data)
{
HDB_extension ext;
@@ -75,7 +75,7 @@ perform_tl_data(krb5_context context,
if (pw[tl_data->tl_data_length] != '\0')
return KADM5_BAD_TL_TYPE;
ret = hdb_entry_set_password(context, db, ent, pw);
ret = hdb_entry_set_password(context, db, &ent->entry, pw);
} else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
unsigned char *s;
@@ -88,7 +88,7 @@ perform_tl_data(krb5_context context,
t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
ret = hdb_entry_set_pw_change_time(context, ent, t);
ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
} else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
ret = decode_HDB_extension(tl_data->tl_data_contents,
@@ -98,7 +98,7 @@ perform_tl_data(krb5_context context,
if (ret)
return KADM5_BAD_TL_TYPE;
ret = hdb_replace_extension(context, ent, &ext);
ret = hdb_replace_extension(context, &ent->entry, &ext);
} else {
return KADM5_BAD_TL_TYPE;
@@ -115,7 +115,7 @@ perform_tl_data(krb5_context context,
kadm5_ret_t
_kadm5_setup_entry(kadm5_server_context *context,
hdb_entry *ent,
hdb_entry_ex *ent,
u_int32_t mask,
kadm5_principal_ent_t princ,
u_int32_t princ_mask,
@@ -125,64 +125,65 @@ _kadm5_setup_entry(kadm5_server_context *context,
if(mask & KADM5_PRINC_EXPIRE_TIME
&& princ_mask & KADM5_PRINC_EXPIRE_TIME) {
if (princ->princ_expire_time)
set_value(ent->valid_end, princ->princ_expire_time);
set_value(ent->entry.valid_end, princ->princ_expire_time);
else
set_null(ent->valid_end);
set_null(ent->entry.valid_end);
}
if(mask & KADM5_PW_EXPIRATION
&& princ_mask & KADM5_PW_EXPIRATION) {
if (princ->pw_expiration)
set_value(ent->pw_end, princ->pw_expiration);
set_value(ent->entry.pw_end, princ->pw_expiration);
else
set_null(ent->pw_end);
set_null(ent->entry.pw_end);
}
if(mask & KADM5_ATTRIBUTES) {
if (princ_mask & KADM5_ATTRIBUTES) {
attr_to_flags(princ->attributes, &ent->flags);
attr_to_flags(princ->attributes, &ent->entry.flags);
} else if(def_mask & KADM5_ATTRIBUTES) {
attr_to_flags(def->attributes, &ent->flags);
ent->flags.invalid = 0;
attr_to_flags(def->attributes, &ent->entry.flags);
ent->entry.flags.invalid = 0;
} else {
ent->flags.client = 1;
ent->flags.server = 1;
ent->flags.forwardable = 1;
ent->flags.proxiable = 1;
ent->flags.renewable = 1;
ent->flags.postdate = 1;
ent->entry.flags.client = 1;
ent->entry.flags.server = 1;
ent->entry.flags.forwardable = 1;
ent->entry.flags.proxiable = 1;
ent->entry.flags.renewable = 1;
ent->entry.flags.postdate = 1;
}
}
if(mask & KADM5_MAX_LIFE) {
if(princ_mask & KADM5_MAX_LIFE) {
if(princ->max_life)
set_value(ent->max_life, princ->max_life);
set_value(ent->entry.max_life, princ->max_life);
else
set_null(ent->max_life);
set_null(ent->entry.max_life);
} else if(def_mask & KADM5_MAX_LIFE) {
if(def->max_life)
set_value(ent->max_life, def->max_life);
set_value(ent->entry.max_life, def->max_life);
else
set_null(ent->max_life);
set_null(ent->entry.max_life);
}
}
if(mask & KADM5_KVNO
&& princ_mask & KADM5_KVNO)
ent->kvno = princ->kvno;
ent->entry.kvno = princ->kvno;
if(mask & KADM5_MAX_RLIFE) {
if(princ_mask & KADM5_MAX_RLIFE) {
if(princ->max_renewable_life)
set_value(ent->max_renew, princ->max_renewable_life);
set_value(ent->entry.max_renew, princ->max_renewable_life);
else
set_null(ent->max_renew);
set_null(ent->entry.max_renew);
} else if(def_mask & KADM5_MAX_RLIFE) {
if(def->max_renewable_life)
set_value(ent->max_renew, def->max_renewable_life);
set_value(ent->entry.max_renew, def->max_renewable_life);
else
set_null(ent->max_renew);
set_null(ent->entry.max_renew);
}
}
if(mask & KADM5_KEY_DATA
&& princ_mask & KADM5_KEY_DATA) {
_kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data);
_kadm5_set_keys2(context, &ent->entry,
princ->n_key_data, princ->key_data);
}
if(mask & KADM5_TL_DATA) {
krb5_tl_data *tl;

4
lib/kadm5/get_princs_s.c
View File

@@ -55,12 +55,12 @@ add_princ(struct foreach_data *d, char *princ)
}
static krb5_error_code
foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data)
foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
{
struct foreach_data *d = data;
char *princ;
krb5_error_code ret;
ret = krb5_unparse_name(context, ent->principal, &princ);
ret = krb5_unparse_name(context, ent->entry.principal, &princ);
if(ret)
return ret;
if(d->exp){

82
lib/kadm5/get_s.c
View File

@@ -72,9 +72,9 @@ kadm5_s_get_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
hdb_entry_ex ent;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
if(ret)
return ret;
@@ -86,49 +86,49 @@ kadm5_s_get_principal(void *server_handle,
memset(out, 0, sizeof(*out));
if(mask & KADM5_PRINCIPAL)
ret = krb5_copy_principal(context->context, ent.principal,
ret = krb5_copy_principal(context->context, ent.entry.principal,
&out->principal);
if(ret)
goto out;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
out->princ_expire_time = *ent.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
out->pw_expiration = *ent.pw_end;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
out->princ_expire_time = *ent.entry.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
out->pw_expiration = *ent.entry.pw_end;
if(mask & KADM5_LAST_PWD_CHANGE)
hdb_entry_get_pw_change_time(&ent, &out->last_pwd_change);
hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
if(mask & KADM5_ATTRIBUTES){
out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
}
if(mask & KADM5_MAX_LIFE) {
if(ent.max_life)
out->max_life = *ent.max_life;
if(ent.entry.max_life)
out->max_life = *ent.entry.max_life;
else
out->max_life = INT_MAX;
}
if(mask & KADM5_MOD_TIME) {
if(ent.modified_by)
out->mod_date = ent.modified_by->time;
if(ent.entry.modified_by)
out->mod_date = ent.entry.modified_by->time;
else
out->mod_date = ent.created_by.time;
out->mod_date = ent.entry.created_by.time;
}
if(mask & KADM5_MOD_NAME) {
if(ent.modified_by) {
if (ent.modified_by->principal != NULL)
if(ent.entry.modified_by) {
if (ent.entry.modified_by->principal != NULL)
ret = krb5_copy_principal(context->context,
ent.modified_by->principal,
ent.entry.modified_by->principal,
&out->mod_name);
} else if(ent.created_by.principal != NULL)
} else if(ent.entry.created_by.principal != NULL)
ret = krb5_copy_principal(context->context,
ent.created_by.principal,
ent.entry.created_by.principal,
&out->mod_name);
else
out->mod_name = NULL;
@@ -137,13 +137,13 @@ kadm5_s_get_principal(void *server_handle,
goto out;
if(mask & KADM5_KVNO)
out->kvno = ent.kvno;
out->kvno = ent.entry.kvno;
if(mask & KADM5_MKVNO) {
int n;
out->mkvno = 0; /* XXX */
for(n = 0; n < ent.keys.len; n++)
if(ent.keys.val[n].mkvno) {
out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
for(n = 0; n < ent.entry.keys.len; n++)
if(ent.entry.keys.val[n].mkvno) {
out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
break;
}
}
@@ -152,8 +152,8 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_POLICY)
out->policy = NULL;
if(mask & KADM5_MAX_RLIFE) {
if(ent.max_renew)
out->max_renewable_life = *ent.max_renew;
if(ent.entry.max_renew)
out->max_renewable_life = *ent.entry.max_renew;
else
out->max_renewable_life = INT_MAX;
}
@@ -169,13 +169,13 @@ kadm5_s_get_principal(void *server_handle,
krb5_key_data *kd;
krb5_salt salt;
krb5_data *sp;
krb5_get_pw_salt(context->context, ent.principal, &salt);
out->key_data = malloc(ent.keys.len * sizeof(*out->key_data));
for(i = 0; i < ent.keys.len; i++){
key = &ent.keys.val[i];
krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data));
for(i = 0; i < ent.entry.keys.len; i++){
key = &ent.entry.keys.val[i];
kd = &out->key_data[i];
kd->key_data_ver = 2;
kd->key_data_kvno = ent.kvno;
kd->key_data_kvno = ent.entry.kvno;
kd->key_data_type[0] = key->key.keytype;
if(key->salt)
kd->key_data_type[1] = key->salt->type;
@@ -215,7 +215,7 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_TL_DATA) {
time_t last_pw_expire;
ret = hdb_entry_get_pw_change_time(&ent, &last_pw_expire);
ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
if (ret == 0 && last_pw_expire) {
unsigned char buf[4];
_krb5_put_int(buf, last_pw_expire, sizeof(buf));
@@ -233,7 +233,7 @@ kadm5_s_get_principal(void *server_handle,
heim_utf8_string pw;
ret = hdb_entry_get_password(context->context,
context->db, &ent, &pw);
context->db, &ent.entry, &pw);
if (ret == 0) {
ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
free(pw);

4
lib/kadm5/iprop-log.c
View File

@@ -148,7 +148,7 @@ print_entry(kadm5_server_context *server_context,
free(name1);
free(name2);
krb5_free_principal(context, source);
hdb_free_entry(context, &ent);
free_hdb_entry(&ent);
break;
case kadm_create:
ret = krb5_data_alloc(&data, len);
@@ -250,7 +250,7 @@ print_entry(kadm5_server_context *server_context,
if(mask & KADM5_TL_DATA) {
printf(" tl data\n");
}
hdb_free_entry(context, &ent);
free_hdb_entry(&ent);
break;
case kadm_nop :
break;

4
lib/kadm5/ipropd_master.c
View File

@@ -279,14 +279,14 @@ struct prop_context {
};
static int
prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v)
prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data data;
struct slave *s = (struct slave *)v;
ret = hdb_entry2value (context, entry, &data);
ret = hdb_entry2value (context, &entry->entry, &data);
if (ret)
return ret;
ret = krb5_data_realloc (&data, data.length + 4);

6
lib/kadm5/ipropd_slave.c
View File

@@ -302,14 +302,16 @@ receive_everything (krb5_context context, int fd,
krb5_ret_int32 (sp, &opcode);
if (opcode == ONE_PRINC) {
krb5_data fake_data;
hdb_entry entry;
hdb_entry_ex entry;
krb5_storage_free(sp);
fake_data.data = (char *)data.data + 4;
fake_data.length = data.length - 4;
ret = hdb_value2entry (context, &fake_data, &entry);
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry (context, &fake_data, &entry.entry);
if (ret)
krb5_err (context, 1, ret, "hdb_value2entry");
ret = mydb->hdb_store(server_context->context,

126
lib/kadm5/log.c
View File

@@ -271,13 +271,15 @@ kadm5_log_replay_create (kadm5_server_context *context,
{
krb5_error_code ret;
krb5_data data;
hdb_entry ent;
hdb_entry_ex ent;
memset(&ent, 0, sizeof(ent));
ret = krb5_data_alloc (&data, len);
if (ret)
return ret;
krb5_storage_read (sp, data.data, len);
ret = hdb_value2entry (context->context, &data, &ent);
ret = hdb_value2entry (context->context, &data, &ent.entry);
krb5_data_free(&data);
if (ret)
return ret;
@@ -342,12 +344,12 @@ kadm5_log_replay_delete (kadm5_server_context *context,
krb5_storage *sp)
{
krb5_error_code ret;
hdb_entry ent;
hdb_entry_ex ent;
krb5_ret_principal (sp, &ent.principal);
krb5_ret_principal (sp, &ent.entry.principal);
ret = context->db->hdb_remove(context->context, context->db, &ent);
krb5_free_principal (context->context, ent.principal);
krb5_free_principal (context->context, ent.entry.principal);
return ret;
}
@@ -419,11 +421,13 @@ kadm5_log_replay_rename (kadm5_server_context *context,
{
krb5_error_code ret;
krb5_principal source;
hdb_entry source_ent, target_ent;
hdb_entry_ex source_ent, target_ent;
krb5_data value;
off_t off;
size_t princ_len, data_len;
memset(&target_ent, 0, sizeof(target_ent));
off = krb5_storage_seek(sp, 0, SEEK_CUR);
krb5_ret_principal (sp, &source);
princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
@@ -434,7 +438,7 @@ kadm5_log_replay_rename (kadm5_server_context *context,
return ret;
}
krb5_storage_read (sp, value.data, data_len);
ret = hdb_value2entry (context->context, &value, &target_ent);
ret = hdb_value2entry (context->context, &value, &target_ent.entry);
krb5_data_free(&value);
if (ret) {
krb5_free_principal (context->context, source);
@@ -447,7 +451,7 @@ kadm5_log_replay_rename (kadm5_server_context *context,
krb5_free_principal (context->context, source);
return ret;
}
source_ent.principal = source;
source_ent.entry.principal = source;
ret = context->db->hdb_remove (context->context, context->db, &source_ent);
krb5_free_principal (context->context, source);
return ret;
@@ -517,7 +521,9 @@ kadm5_log_replay_modify (kadm5_server_context *context,
krb5_error_code ret;
int32_t mask;
krb5_data value;
hdb_entry ent, log_ent;
hdb_entry_ex ent, log_ent;
memset(&log_ent, 0, sizeof(log_ent));
krb5_ret_int32 (sp, &mask);
len -= 4;
@@ -525,79 +531,79 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ret)
return ret;
krb5_storage_read (sp, value.data, len);
ret = hdb_value2entry (context->context, &value, &log_ent);
ret = hdb_value2entry (context->context, &value, &log_ent.entry);
krb5_data_free(&value);
if (ret)
return ret;
ent.principal = log_ent.principal;
log_ent.principal = NULL;
ent.entry.principal = log_ent.entry.principal;
log_ent.entry.principal = NULL;
ret = context->db->hdb_fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
if (ret)
goto out;
if (mask & KADM5_PRINC_EXPIRE_TIME) {
if (log_ent.valid_end == NULL) {
ent.valid_end = NULL;
if (log_ent.entry.valid_end == NULL) {
ent.entry.valid_end = NULL;
} else {
if (ent.valid_end == NULL) {
ent.valid_end = malloc(sizeof(*ent.valid_end));
if (ent.valid_end == NULL) {
if (ent.entry.valid_end == NULL) {
ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
if (ent.entry.valid_end == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.valid_end = *log_ent.valid_end;
*ent.entry.valid_end = *log_ent.entry.valid_end;
}
}
if (mask & KADM5_PW_EXPIRATION) {
if (log_ent.pw_end == NULL) {
ent.pw_end = NULL;
if (log_ent.entry.pw_end == NULL) {
ent.entry.pw_end = NULL;
} else {
if (ent.pw_end == NULL) {
ent.pw_end = malloc(sizeof(*ent.pw_end));
if (ent.pw_end == NULL) {
if (ent.entry.pw_end == NULL) {
ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
if (ent.entry.pw_end == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.pw_end = *log_ent.pw_end;
*ent.entry.pw_end = *log_ent.entry.pw_end;
}
}
if (mask & KADM5_LAST_PWD_CHANGE) {
abort (); /* XXX */
}
if (mask & KADM5_ATTRIBUTES) {
ent.flags = log_ent.flags;
ent.entry.flags = log_ent.entry.flags;
}
if (mask & KADM5_MAX_LIFE) {
if (log_ent.max_life == NULL) {
ent.max_life = NULL;
if (log_ent.entry.max_life == NULL) {
ent.entry.max_life = NULL;
} else {
if (ent.max_life == NULL) {
ent.max_life = malloc (sizeof(*ent.max_life));
if (ent.max_life == NULL) {
if (ent.entry.max_life == NULL) {
ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
if (ent.entry.max_life == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.max_life = *log_ent.max_life;
*ent.entry.max_life = *log_ent.entry.max_life;
}
}
if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
if (ent.modified_by == NULL) {
ent.modified_by = malloc(sizeof(*ent.modified_by));
if (ent.modified_by == NULL) {
if (ent.entry.modified_by == NULL) {
ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
if (ent.entry.modified_by == NULL) {
ret = ENOMEM;
goto out;
}
} else
free_Event(ent.modified_by);
ret = copy_Event(log_ent.modified_by, ent.modified_by);
free_Event(ent.entry.modified_by);
ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
if (ret)
goto out;
}
if (mask & KADM5_KVNO) {
ent.kvno = log_ent.kvno;
ent.entry.kvno = log_ent.entry.kvno;
}
if (mask & KADM5_MKVNO) {
abort (); /* XXX */
@@ -612,17 +618,17 @@ kadm5_log_replay_modify (kadm5_server_context *context,
abort (); /* XXX */
}
if (mask & KADM5_MAX_RLIFE) {
if (log_ent.max_renew == NULL) {
ent.max_renew = NULL;
if (log_ent.entry.max_renew == NULL) {
ent.entry.max_renew = NULL;
} else {
if (ent.max_renew == NULL) {
ent.max_renew = malloc (sizeof(*ent.max_renew));
if (ent.max_renew == NULL) {
if (ent.entry.max_renew == NULL) {
ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
if (ent.entry.max_renew == NULL) {
ret = ENOMEM;
goto out;
}
}
*ent.max_renew = *log_ent.max_renew;
*ent.entry.max_renew = *log_ent.entry.max_renew;
}
}
if (mask & KADM5_LAST_SUCCESS) {
@@ -638,34 +644,34 @@ kadm5_log_replay_modify (kadm5_server_context *context,
size_t num;
int i;
for (i = 0; i < ent.keys.len; ++i)
free_Key(&ent.keys.val[i]);
free (ent.keys.val);
for (i = 0; i < ent.entry.keys.len; ++i)
free_Key(&ent.entry.keys.val[i]);
free (ent.entry.keys.val);
num = log_ent.keys.len;
num = log_ent.entry.keys.len;
ent.keys.len = num;
ent.keys.val = malloc(len * sizeof(*ent.keys.val));
for (i = 0; i < ent.keys.len; ++i) {
ret = copy_Key(&log_ent.keys.val[i],
&ent.keys.val[i]);
ent.entry.keys.len = num;
ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
for (i = 0; i < ent.entry.keys.len; ++i) {
ret = copy_Key(&log_ent.entry.keys.val[i],
&ent.entry.keys.val[i]);
if (ret)
goto out;
}
}
if ((mask & KADM5_TL_DATA) && log_ent.extensions) {
HDB_extensions *es = ent.extensions;
if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
HDB_extensions *es = ent.entry.extensions;
if (ent.extensions == NULL) {
ent.extensions = calloc(1, sizeof(*ent.extensions));
if (ent.extensions == NULL)
if (ent.entry.extensions == NULL) {
ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
if (ent.entry.extensions == NULL)
goto out;
}
ret = copy_HDB_extensions(es, ent.extensions);
ret = copy_HDB_extensions(es, ent.entry.extensions);
if (ret) {
free(ent.extensions);
ent.extensions = es;
free(ent.entry.extensions);
ent.entry.extensions = es;
goto out;
}
if (es) {

10
lib/kadm5/modify_s.c
View File

@@ -42,14 +42,14 @@ modify_principal(void *server_handle,
u_int32_t forbidden_mask)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
if((mask & forbidden_mask))
return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
return KADM5_UNK_POLICY;
ent.principal = princ->principal;
ent.entry.principal = princ->principal;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -59,16 +59,16 @@ modify_principal(void *server_handle,
ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
if(ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
ret = context->db->hdb_store(context->context, context->db,

16
lib/kadm5/randkey_s.c
View File

@@ -47,10 +47,10 @@ kadm5_s_randkey_principal(void *server_handle,
int *n_keys)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
hdb_entry_ex ent;
kadm5_ret_t ret;
ent.principal = princ;
ent.entry.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
@@ -59,26 +59,26 @@ kadm5_s_randkey_principal(void *server_handle,
goto out;
ret = _kadm5_set_keys_randomly (context,
&ent,
&ent.entry,
new_keys,
n_keys);
if (ret)
goto out2;
ent.kvno++;
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out3;
ret = _kadm5_bump_pw_expire(context, &ent);
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);

30
lib/kadm5/rename_s.c
View File

@@ -42,8 +42,9 @@ kadm5_s_rename_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent, ent2;
ent.principal = source;
hdb_entry_ex ent, ent2;
ent.entry.principal = source;
if(krb5_principal_compare(context->context, source, target))
return KADM5_DUP; /* XXX is this right? */
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
@@ -54,7 +55,7 @@ kadm5_s_rename_principal(void *server_handle,
context->db->hdb_close(context->context, context->db);
goto out;
}
ret = _kadm5_set_modifier(context, &ent);
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
{
@@ -65,10 +66,11 @@ kadm5_s_rename_principal(void *server_handle,
krb5_get_pw_salt(context->context, source, &salt2);
salt.type = hdb_pw_salt;
salt.salt = salt2.saltvalue;
for(i = 0; i < ent.keys.len; i++){
if(ent.keys.val[i].salt == NULL){
ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt));
ret = copy_Salt(&salt, ent.keys.val[i].salt);
for(i = 0; i < ent.entry.keys.len; i++){
if(ent.entry.keys.val[i].salt == NULL){
ent.entry.keys.val[i].salt =
malloc(sizeof(*ent.entry.keys.val[i].salt));
ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
if(ret)
break;
}
@@ -77,26 +79,26 @@ kadm5_s_rename_principal(void *server_handle,
}
if(ret)
goto out2;
ent2.principal = ent.principal;
ent.principal = target;
ent2.entry.principal = ent.entry.principal;
ent.entry.principal = target;
ret = hdb_seal_keys(context->context, context->db, &ent);
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret) {
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
goto out2;
}
kadm5_log_rename (context,
source,
&ent);
&ent.entry);
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
if(ret){
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
goto out2;
}
ret = context->db->hdb_remove(context->context, context->db, &ent2);
ent.principal = ent2.principal;
ent.entry.principal = ent2.entry.principal;
out2:
context->db->hdb_close(context->context, context->db);
hdb_free_entry(context->context, &ent);