oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Complete --keepold support and fix crasher in kadmin cpw -r --keepold.

Browse Source
This commit is contained in:
Nicolas Williams
2011-07-19 00:21:30 -05:00
parent 2510d2d8fc
commit 0d90e0c4d0
10 changed files with 66 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kadmin/cpw.c
View File

@@ -112,7 +112,7 @@ set_key_data (krb5_principal principal, krb5_key_data *key_data, int keepold)
{ {
krb5_error_code ret; krb5_error_code ret;
ret = kadm5_chpass_principal_with_key (kadm_handle, principal, ret = kadm5_chpass_principal_with_key_3(kadm_handle, principal, keepold,
3, key_data); 3, key_data);
return ret; return ret;
} }

19
kadmin/server.c
View File

@@ -218,10 +218,15 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
case kadm_chpass:{ case kadm_chpass:{
op = "CHPASS"; op = "CHPASS";
ret = krb5_ret_principal(sp, &princ); ret = krb5_ret_principal(sp, &princ);
if(ret) if (ret)
goto fail; goto fail;
ret = krb5_ret_string(sp, &password); ret = krb5_ret_string(sp, &password);
if(ret){ if (ret) {
krb5_free_principal(contextp->context, princ);
goto fail;
}
ret = krb5_ret_int32(sp, &keepold);
if (ret && ret != HEIM_ERR_EOF) {
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
@@ -262,7 +267,8 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
free(password); free(password);
goto fail; goto fail;
} }
ret = kadm5_chpass_principal(kadm_handlep, princ, password); ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL,
password);
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
free(password); free(password);
@@ -285,6 +291,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = krb5_ret_int32(sp, &keepold);
if (ret && ret != HEIM_ERR_EOF) {
krb5_free_principal(contextp->context, princ);
goto fail;
}
/* n_key_data will be squeezed into an int16_t below. */ /* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 || if (n_key_data < 0 || n_key_data >= 1 << 16 ||
(size_t)n_key_data > UINT_MAX/sizeof(*key_data)) { (size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
@@ -329,7 +340,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = kadm5_chpass_principal_with_key(kadm_handlep, princ, ret = kadm5_chpass_principal_with_key_3(kadm_handlep, princ, keepold,
n_key_data, key_data); n_key_data, key_data);
{ {
int16_t dummy = n_key_data; int16_t dummy = n_key_data;

7
lib/kadm5/ad.c
View File

@@ -516,6 +516,9 @@ kadm5_ad_chpass_principal(void *server_handle,
int result_code; int result_code;
kadm5_ret_t ret; kadm5_ret_t ret;
if (keepold)
return KADM5_KEEPOLD_NOSUPP;
ret = ad_get_cred(context, NULL); ret = ad_get_cred(context, NULL);
if (ret) if (ret)
return ret; return ret;
@@ -1237,6 +1240,9 @@ kadm5_ad_randkey_principal(void *server_handle,
{ {
kadm5_ad_context *context = server_handle; kadm5_ad_context *context = server_handle;
if (keepold)
return KADM5_KEEPOLD_NOSUPP;
/* /*
* random key * random key
*/ */
@@ -1326,6 +1332,7 @@ kadm5_ad_rename_principal(void *server_handle,
static kadm5_ret_t static kadm5_ret_t
kadm5_ad_chpass_principal_with_key(void *server_handle, kadm5_ad_chpass_principal_with_key(void *server_handle,
krb5_principal princ, krb5_principal princ,
int keepold,
int n_key_data, int n_key_data,
krb5_key_data *key_data) krb5_key_data *key_data)
{ {

2
lib/kadm5/chpass_c.c
View File

@@ -84,6 +84,7 @@ kadm5_c_chpass_principal(void *server_handle,
kadm5_ret_t kadm5_ret_t
kadm5_c_chpass_principal_with_key(void *server_handle, kadm5_c_chpass_principal_with_key(void *server_handle,
krb5_principal princ, krb5_principal princ,
int keepold,
int n_key_data, int n_key_data,
krb5_key_data *key_data) krb5_key_data *key_data)
{ {
@@ -109,6 +110,7 @@ kadm5_c_chpass_principal_with_key(void *server_handle,
krb5_store_int32(sp, n_key_data); krb5_store_int32(sp, n_key_data);
for (i = 0; i < n_key_data; ++i) for (i = 0; i < n_key_data; ++i)
kadm5_store_key_data (sp, &key_data[i]); kadm5_store_key_data (sp, &key_data[i]);
krb5_store_int32(sp, keepold); /* extension */
ret = _kadm5_client_send(context, sp); ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp); krb5_storage_free(sp);
if (ret) if (ret)

13
lib/kadm5/chpass_s.c
View File

@@ -182,6 +182,7 @@ kadm5_s_chpass_principal(void *server_handle,
kadm5_ret_t kadm5_ret_t
kadm5_s_chpass_principal_with_key(void *server_handle, kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_principal princ, krb5_principal princ,
int keepold,
int n_key_data, int n_key_data,
krb5_key_data *key_data) krb5_key_data *key_data)
{ {
@@ -197,9 +198,11 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent); HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent);
if(ret == HDB_ERR_NOENTRY) if(ret == HDB_ERR_NOENTRY)
goto out; goto out;
if (keepold) {
ret = hdb_add_current_keys_to_history(context->context, &ent.entry); ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
if (ret) if (ret)
goto out2; goto out2;
}
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret) if(ret)
goto out2; goto out2;
@@ -211,9 +214,19 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
if (ret) if (ret)
goto out2; goto out2;
if (keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry); ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret) if (ret)
goto out2; goto out2;
} else {
HDB_extension ext;
ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
hdb_replace_extension(context->context, &ent.entry, &ext);
}
ret = context->db->hdb_store(context->context, context->db, ret = context->db->hdb_store(context->context, context->db,
HDB_F_REPLACE, &ent); HDB_F_REPLACE, &ent);

13
lib/kadm5/common_glue.c
View File

@@ -70,7 +70,18 @@ kadm5_chpass_principal_with_key(void *server_handle,
krb5_key_data *key_data) krb5_key_data *key_data)
{ {
return __CALL(chpass_principal_with_key, return __CALL(chpass_principal_with_key,
(server_handle, princ, n_key_data, key_data)); (server_handle, princ, 0, n_key_data, key_data));
}
kadm5_ret_t
kadm5_chpass_principal_with_key_3(void *server_handle,
krb5_principal princ,
int keepold,
int n_key_data,
krb5_key_data *key_data)
{
return __CALL(chpass_principal_with_key,
(server_handle, princ, keepold, n_key_data, key_data));
} }
kadm5_ret_t kadm5_ret_t

1
lib/kadm5/kadm5_err.et
View File

@@ -61,3 +61,4 @@ error_code KS_TUPLE_NOSUPP, "Key/salt tuples not supported by this function"
error_code SETKEY3_ETYPE_MISMATCH, "Key/salt tuples don't match keys" error_code SETKEY3_ETYPE_MISMATCH, "Key/salt tuples don't match keys"
error_code DECRYPT_USAGE_NOSUPP, "Given usage of kadm5_decrypt() not supported" error_code DECRYPT_USAGE_NOSUPP, "Given usage of kadm5_decrypt() not supported"
error_code POLICY_OP_NOSUPP, "Policy operations not supported" error_code POLICY_OP_NOSUPP, "Policy operations not supported"
error_code KEEPOLD_NOSUPP, "Keep old keys option not supported"

2
lib/kadm5/private.h
View File

@@ -52,7 +52,7 @@ struct kadm_func {
krb5_key_salt_tuple*, krb5_keyblock**, krb5_key_salt_tuple*, krb5_keyblock**,
int*); int*);
kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, int,
int, krb5_key_data *); int, krb5_key_data *);
kadm5_ret_t (*lock) (void *); kadm5_ret_t (*lock) (void *);
kadm5_ret_t (*unlock) (void *); kadm5_ret_t (*unlock) (void *);

10
lib/kadm5/randkey_c.c
View File

@@ -81,10 +81,6 @@ kadm5_c_randkey_principal(void *server_handle,
*/ */
krb5_store_int32(sp, kadm_randkey); krb5_store_int32(sp, kadm_randkey);
krb5_store_principal(sp, princ); krb5_store_principal(sp, princ);
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
return ret;
if (keepold == TRUE || n_ks_tuple > 0) if (keepold == TRUE || n_ks_tuple > 0)
krb5_store_uint32(sp, keepold); krb5_store_uint32(sp, keepold);
@@ -94,8 +90,12 @@ kadm5_c_randkey_principal(void *server_handle,
krb5_store_int32(sp, ks_tuple[i].ks_enctype); krb5_store_int32(sp, ks_tuple[i].ks_enctype);
krb5_store_int32(sp, ks_tuple[i].ks_salttype); krb5_store_int32(sp, ks_tuple[i].ks_salttype);
} }
/* Future extensions go here */ /* Future extensions go here */
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
return ret;
ret = _kadm5_client_recv(context, &reply); ret = _kadm5_client_recv(context, &reply);
if(ret) if(ret)
return ret; return ret;

1
lib/kadm5/version-script.map
View File

@@ -9,6 +9,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
kadm5_chpass_principal; kadm5_chpass_principal;
kadm5_chpass_principal_3; kadm5_chpass_principal_3;
kadm5_chpass_principal_with_key; kadm5_chpass_principal_with_key;
kadm5_chpass_principal_with_key_3;
kadm5_create_principal; kadm5_create_principal;
kadm5_delete_principal; kadm5_delete_principal;
kadm5_destroy; kadm5_destroy;