oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hdb: eliminate hdb_entry_ex

Browse Source 
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
This commit is contained in:
Luke Howard
2022-01-07 12:54:40 +11:00
parent c5551775e2
commit 0e8c4ccc6e
50 changed files with 1035 additions and 1032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
lib/kadm5/chpass_s.c
View File

@@ -111,7 +111,7 @@ change(void *server_handle,
int cond)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret;
Key *keys;
size_t num_keys;
@@ -167,7 +167,7 @@ change(void *server_handle,
* We save these for now so we can handle password history checking;
* we handle keepold further below.
*/
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
ret = hdb_add_current_keys_to_history(context->context, &ent);
if (ret)
goto out3;
}
@@ -179,13 +179,13 @@ change(void *server_handle,
goto out3;
} else {
num_keys = ent.entry.keys.len;
keys = ent.entry.keys.val;
num_keys = ent.keys.len;
keys = ent.keys.val;
ent.entry.keys.len = 0;
ent.entry.keys.val = NULL;
ent.keys.len = 0;
ent.keys.val = NULL;
ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple,
ret = _kadm5_set_keys(context, &ent, n_ks_tuple, ks_tuple,
password);
if(ret) {
_kadm5_free_keys(context->context, num_keys, keys);
@@ -196,10 +196,10 @@ change(void *server_handle,
if (cond) {
HDB_extension *ext;
ext = hdb_find_extension(&ent.entry, choice_HDB_extension_data_hist_keys);
ext = hdb_find_extension(&ent, choice_HDB_extension_data_hist_keys);
if (ext != NULL)
existsp = _kadm5_exists_keys_hist(ent.entry.keys.val,
ent.entry.keys.len,
existsp = _kadm5_exists_keys_hist(ent.keys.val,
ent.keys.len,
&ext->data.u.hist_keys);
}
@@ -210,9 +210,9 @@ change(void *server_handle,
goto out3;
}
}
ent.entry.kvno++;
ent.kvno++;
ent.entry.flags.require_pwchange = 0;
ent.flags.require_pwchange = 0;
if (!keepold) {
HDB_extension ext;
@@ -220,25 +220,25 @@ change(void *server_handle,
memset(&ext, 0, sizeof (ext));
ext.mandatory = FALSE;
ext.data.element = choice_HDB_extension_data_hist_keys;
ret = hdb_replace_extension(context->context, &ent.entry, &ext);
ret = hdb_replace_extension(context->context, &ent, &ext);
if (ret)
goto out3;
}
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;
ret = _kadm5_set_modifier(context, &ent.entry);
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out3;
ret = _kadm5_bump_pw_expire(context, &ent.entry);
ret = _kadm5_bump_pw_expire(context, &ent);
if (ret)
goto out3;
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_modify(context, &ent.entry,
ret = kadm5_log_modify(context, &ent,
KADM5_ATTRIBUTES | KADM5_PRINCIPAL |
KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO |
@@ -367,7 +367,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_key_data *key_data)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret;
uint32_t hook_flags = 0;
@@ -396,23 +396,23 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
goto out3;
if (keepold) {
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
ret = hdb_add_current_keys_to_history(context->context, &ent);
if (ret)
goto out3;
}
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
if (ret)
goto out3;
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
ent.kvno++;
ret = _kadm5_set_modifier(context, &ent);
if (ret)
goto out3;
ret = _kadm5_bump_pw_expire(context, &ent.entry);
ret = _kadm5_bump_pw_expire(context, &ent);
if (ret)
goto out3;
if (keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;
} else {
@@ -423,11 +423,11 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
hdb_replace_extension(context->context, &ent.entry, &ext);
hdb_replace_extension(context->context, &ent, &ext);
}
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_modify(context, &ent.entry,
ret = kadm5_log_modify(context, &ent,
KADM5_PRINCIPAL | KADM5_MOD_NAME |
KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO |
KADM5_PW_EXPIRATION | KADM5_TL_DATA);

24
lib/kadm5/create_s.c
View File

@@ -57,7 +57,7 @@ static kadm5_ret_t
create_principal(kadm5_server_context *context,
kadm5_principal_ent_t princ,
uint32_t mask,
hdb_entry_ex *ent,
hdb_entry *ent,
uint32_t required_mask,
uint32_t forbidden_mask)
{
@@ -74,7 +74,7 @@ create_principal(kadm5_server_context *context,
/* XXX no real policies for now */
return KADM5_UNK_POLICY;
ret = krb5_copy_principal(context->context, princ->principal,
&ent->entry.principal);
&ent->principal);
if(ret)
return ret;
@@ -96,10 +96,10 @@ create_principal(kadm5_server_context *context,
if (ret)
return ret;
ent->entry.created_by.time = time(NULL);
ent->created_by.time = time(NULL);
return krb5_copy_principal(context->context, context->caller,
&ent->entry.created_by.principal);
&ent->created_by.principal);
}
struct create_principal_hook_ctx {
@@ -167,7 +167,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
uint32_t mask)
{
kadm5_ret_t ret;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_server_context *context = server_handle;
if ((mask & KADM5_KVNO) == 0) {
@@ -203,7 +203,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
if (ret)
goto out;
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out2;
@@ -213,7 +213,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
* Creation of would-be virtual principals w/o the materialize flag will be
* rejected in kadm5_log_create().
*/
ret = kadm5_log_create(context, &ent.entry);
ret = kadm5_log_create(context, &ent);
(void) create_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT,
ret, princ, mask, NULL);
@@ -241,7 +241,7 @@ kadm5_s_create_principal(void *server_handle,
const char *password)
{
kadm5_ret_t ret;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_server_context *context = server_handle;
int use_pw = 1;
@@ -324,20 +324,20 @@ kadm5_s_create_principal(void *server_handle,
if (ret)
goto out;
free_Keys(&ent.entry.keys);
free_Keys(&ent.keys);
if (use_pw) {
ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple, password);
ret = _kadm5_set_keys(context, &ent, n_ks_tuple, ks_tuple, password);
if (ret)
goto out2;
}
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out2;
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_create(context, &ent.entry);
ret = kadm5_log_create(context, &ent);
(void) create_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT,
ret, princ, mask, password);

6
lib/kadm5/delete_s.c
View File

@@ -92,7 +92,7 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry_ex ent;
hdb_entry ent;
memset(&ent, 0, sizeof(ent));
if (!context->keep_open) {
@@ -112,7 +112,7 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
0, &ent);
if (ret == HDB_ERR_NOENTRY)
goto out2;
if (ent.entry.flags.immutable) {
if (ent.flags.immutable) {
ret = KADM5_PROTECT_PRINCIPAL;
goto out3;
}
@@ -121,7 +121,7 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
if (ret)
goto out3;
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;

78
lib/kadm5/ent_setup.c
View File

@@ -73,7 +73,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
static kadm5_ret_t
perform_tl_data(krb5_context context,
HDB *db,
hdb_entry_ex *ent,
hdb_entry *ent,
const krb5_tl_data *tl_data)
{
kadm5_ret_t ret = 0;
@@ -84,7 +84,7 @@ perform_tl_data(krb5_context context,
if (pw[tl_data->tl_data_length] != '\0')
return KADM5_BAD_TL_TYPE;
ret = hdb_entry_set_password(context, db, &ent->entry, pw);
ret = hdb_entry_set_password(context, db, ent, pw);
} else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
unsigned long t;
@@ -96,7 +96,7 @@ perform_tl_data(krb5_context context,
s = tl_data->tl_data_contents;
(void) _krb5_get_int(s, &t, tl_data->tl_data_length);
ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
ret = hdb_entry_set_pw_change_time(context, ent, t);
} else if (tl_data->tl_data_type == KRB5_TL_KEY_ROTATION) {
HDB_Ext_KeyRotation *prev_kr = 0;
@@ -105,7 +105,7 @@ perform_tl_data(krb5_context context,
ext.mandatory = 0;
ext.data.element = choice_HDB_extension_data_key_rotation;
prev_ext = hdb_find_extension(&ent->entry, ext.data.element);
prev_ext = hdb_find_extension(ent, ext.data.element);
if (prev_ext)
prev_kr = &prev_ext->data.u.key_rotation;
ret = decode_HDB_Ext_KeyRotation(tl_data->tl_data_contents,
@@ -115,7 +115,7 @@ perform_tl_data(krb5_context context,
ret = hdb_validate_key_rotations(context, prev_kr,
&ext.data.u.key_rotation);
if (ret == 0)
ret = hdb_replace_extension(context, &ent->entry, &ext);
ret = hdb_replace_extension(context, ent, &ext);
free_HDB_extension(&ext);
} else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
HDB_extension ext;
@@ -128,7 +128,7 @@ perform_tl_data(krb5_context context,
return KADM5_BAD_TL_TYPE;
if (ext.data.element == choice_HDB_extension_data_key_rotation) {
HDB_extension *prev_ext = hdb_find_extension(&ent->entry,
HDB_extension *prev_ext = hdb_find_extension(ent,
ext.data.element);
HDB_Ext_KeyRotation *prev_kr = 0;
@@ -140,19 +140,19 @@ perform_tl_data(krb5_context context,
if (ret)
ret = KADM5_BAD_TL_TYPE; /* XXX Need new error code */
if (ret == 0)
ret = hdb_replace_extension(context, &ent->entry, &ext);
ret = hdb_replace_extension(context, ent, &ext);
free_HDB_extension(&ext);
} else if (tl_data->tl_data_type == KRB5_TL_ETYPES) {
if (!ent->entry.etypes &&
(ent->entry.etypes = calloc(1,
sizeof(ent->entry.etypes[0]))) == NULL)
if (!ent->etypes &&
(ent->etypes = calloc(1,
sizeof(ent->etypes[0]))) == NULL)
ret = krb5_enomem(context);
if (ent->entry.etypes)
free_HDB_EncTypeList(ent->entry.etypes);
if (ent->etypes)
free_HDB_EncTypeList(ent->etypes);
if (ret == 0)
ret = decode_HDB_EncTypeList(tl_data->tl_data_contents,
tl_data->tl_data_length,
ent->entry.etypes, NULL);
ent->etypes, NULL);
if (ret)
return KADM5_BAD_TL_TYPE;
} else if (tl_data->tl_data_type == KRB5_TL_ALIASES) {
@@ -164,14 +164,14 @@ perform_tl_data(krb5_context context,
}
static void
default_flags(hdb_entry_ex *ent)
default_flags(hdb_entry *ent)
{
ent->entry.flags.client = 1;
ent->entry.flags.server = 1;
ent->entry.flags.forwardable = 1;
ent->entry.flags.proxiable = 1;
ent->entry.flags.renewable = 1;
ent->entry.flags.postdate = 1;
ent->flags.client = 1;
ent->flags.server = 1;
ent->flags.forwardable = 1;
ent->flags.proxiable = 1;
ent->flags.renewable = 1;
ent->flags.postdate = 1;
}
@@ -183,7 +183,7 @@ default_flags(hdb_entry_ex *ent)
kadm5_ret_t
_kadm5_setup_entry(kadm5_server_context *context,
hdb_entry_ex *ent,
hdb_entry *ent,
uint32_t mask,
kadm5_principal_ent_t princ,
uint32_t princ_mask,
@@ -193,23 +193,23 @@ _kadm5_setup_entry(kadm5_server_context *context,
if(mask & KADM5_PRINC_EXPIRE_TIME
&& princ_mask & KADM5_PRINC_EXPIRE_TIME) {
if (princ->princ_expire_time)
set_value(ent->entry.valid_end, princ->princ_expire_time);
set_value(ent->valid_end, princ->princ_expire_time);
else
set_null(ent->entry.valid_end);
set_null(ent->valid_end);
}
if(mask & KADM5_PW_EXPIRATION
&& princ_mask & KADM5_PW_EXPIRATION) {
if (princ->pw_expiration)
set_value(ent->entry.pw_end, princ->pw_expiration);
set_value(ent->pw_end, princ->pw_expiration);
else
set_null(ent->entry.pw_end);
set_null(ent->pw_end);
}
if(mask & KADM5_ATTRIBUTES) {
if (princ_mask & KADM5_ATTRIBUTES) {
attr_to_flags(princ->attributes, &ent->entry.flags);
attr_to_flags(princ->attributes, &ent->flags);
} else if(def_mask & KADM5_ATTRIBUTES) {
attr_to_flags(def->attributes, &ent->entry.flags);
ent->entry.flags.invalid = 0;
attr_to_flags(def->attributes, &ent->flags);
ent->flags.invalid = 0;
} else {
default_flags(ent);
}
@@ -218,41 +218,41 @@ _kadm5_setup_entry(kadm5_server_context *context,
if(mask & KADM5_MAX_LIFE) {
if(princ_mask & KADM5_MAX_LIFE) {
if(princ->max_life)
set_value(ent->entry.max_life, princ->max_life);
set_value(ent->max_life, princ->max_life);
else
set_null(ent->entry.max_life);
set_null(ent->max_life);
} else if(def_mask & KADM5_MAX_LIFE) {
if(def->max_life)
set_value(ent->entry.max_life, def->max_life);
set_value(ent->max_life, def->max_life);
else
set_null(ent->entry.max_life);
set_null(ent->max_life);
}
}
if(mask & KADM5_KVNO
&& (princ_mask & KADM5_KVNO)) {
krb5_error_code ret;
ret = hdb_change_kvno(context->context, princ->kvno, &ent->entry);
ret = hdb_change_kvno(context->context, princ->kvno, ent);
if (ret && ret != HDB_ERR_KVNO_NOT_FOUND)
return ret;
ent->entry.kvno = princ->kvno; /* force it */
ent->kvno = princ->kvno; /* force it */
}
if(mask & KADM5_MAX_RLIFE) {
if(princ_mask & KADM5_MAX_RLIFE) {
if(princ->max_renewable_life)
set_value(ent->entry.max_renew, princ->max_renewable_life);
set_value(ent->max_renew, princ->max_renewable_life);
else
set_null(ent->entry.max_renew);
set_null(ent->max_renew);
} else if(def_mask & KADM5_MAX_RLIFE) {
if(def->max_renewable_life)
set_value(ent->entry.max_renew, def->max_renewable_life);
set_value(ent->max_renew, def->max_renewable_life);
else
set_null(ent->entry.max_renew);
set_null(ent->max_renew);
}
}
if(mask & KADM5_KEY_DATA
&& princ_mask & KADM5_KEY_DATA) {
_kadm5_set_keys2(context, &ent->entry,
_kadm5_set_keys2(context, ent,
princ->n_key_data, princ->key_data);
}
if(mask & KADM5_TL_DATA) {

4
lib/kadm5/get_princs_s.c
View File

@@ -55,12 +55,12 @@ add_princ(krb5_context context, struct foreach_data *d, char *princ)
}
static krb5_error_code
foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data)
{
struct foreach_data *d = data;
char *princ;
krb5_error_code ret;
ret = krb5_unparse_name(context, ent->entry.principal, &princ);
ret = krb5_unparse_name(context, ent->principal, &princ);
if(ret)
return ret;
if(d->exp){

112
lib/kadm5/get_s.c
View File

@@ -122,7 +122,7 @@ kadm5_s_get_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry_ex ent;
hdb_entry ent;
unsigned int flags = HDB_F_GET_ANY | HDB_F_ADMIN_DATA;
if ((mask & KADM5_KEY_DATA) || (mask & KADM5_KVNO))
@@ -157,57 +157,57 @@ kadm5_s_get_principal(void *server_handle,
return _kadm5_error_code(ret);
if(mask & KADM5_PRINCIPAL)
ret = krb5_copy_principal(context->context, ent.entry.principal,
ret = krb5_copy_principal(context->context, ent.principal,
&out->principal);
if(ret)
goto out;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
out->princ_expire_time = *ent.entry.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
out->pw_expiration = *ent.entry.pw_end;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
out->princ_expire_time = *ent.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
out->pw_expiration = *ent.pw_end;
if(mask & KADM5_LAST_PWD_CHANGE)
hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
hdb_entry_get_pw_change_time(&ent, &out->last_pwd_change);
if(mask & KADM5_ATTRIBUTES){
out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.entry.flags.require_pwchange ? KRB5_KDB_REQUIRES_PWCHANGE : 0;
out->attributes |= ent.entry.flags.client ? 0 : KRB5_KDB_DISALLOW_CLIENT;
out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
out->attributes |= ent.entry.flags.trusted_for_delegation ? KRB5_KDB_TRUSTED_FOR_DELEGATION : 0;
out->attributes |= ent.entry.flags.allow_kerberos4 ? KRB5_KDB_ALLOW_KERBEROS4 : 0;
out->attributes |= ent.entry.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
out->attributes |= ent.entry.flags.virtual_keys ? KRB5_KDB_VIRTUAL_KEYS : 0;
out->attributes |= ent.entry.flags.virtual ? KRB5_KDB_VIRTUAL : 0;
out->attributes |= ent.entry.flags.no_auth_data_reqd ? KRB5_KDB_NO_AUTH_DATA_REQUIRED : 0;
out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.flags.require_pwchange ? KRB5_KDB_REQUIRES_PWCHANGE : 0;
out->attributes |= ent.flags.client ? 0 : KRB5_KDB_DISALLOW_CLIENT;
out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
out->attributes |= ent.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
out->attributes |= ent.flags.trusted_for_delegation ? KRB5_KDB_TRUSTED_FOR_DELEGATION : 0;
out->attributes |= ent.flags.allow_kerberos4 ? KRB5_KDB_ALLOW_KERBEROS4 : 0;
out->attributes |= ent.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
out->attributes |= ent.flags.virtual_keys ? KRB5_KDB_VIRTUAL_KEYS : 0;
out->attributes |= ent.flags.virtual ? KRB5_KDB_VIRTUAL : 0;
out->attributes |= ent.flags.no_auth_data_reqd ? KRB5_KDB_NO_AUTH_DATA_REQUIRED : 0;
}
if(mask & KADM5_MAX_LIFE) {
if(ent.entry.max_life)
out->max_life = *ent.entry.max_life;
if(ent.max_life)
out->max_life = *ent.max_life;
else
out->max_life = INT_MAX;
}
if(mask & KADM5_MOD_TIME) {
if(ent.entry.modified_by)
out->mod_date = ent.entry.modified_by->time;
if(ent.modified_by)
out->mod_date = ent.modified_by->time;
else
out->mod_date = ent.entry.created_by.time;
out->mod_date = ent.created_by.time;
}
if(mask & KADM5_MOD_NAME) {
if(ent.entry.modified_by) {
if (ent.entry.modified_by->principal != NULL)
if(ent.modified_by) {
if (ent.modified_by->principal != NULL)
ret = krb5_copy_principal(context->context,
ent.entry.modified_by->principal,
ent.modified_by->principal,
&out->mod_name);
} else if(ent.entry.created_by.principal != NULL)
} else if(ent.created_by.principal != NULL)
ret = krb5_copy_principal(context->context,
ent.entry.created_by.principal,
ent.created_by.principal,
&out->mod_name);
else
out->mod_name = NULL;
@@ -216,13 +216,13 @@ kadm5_s_get_principal(void *server_handle,
goto out;
if(mask & KADM5_KVNO)
out->kvno = ent.entry.kvno;
out->kvno = ent.kvno;
if(mask & KADM5_MKVNO) {
size_t n;
out->mkvno = 0; /* XXX */
for(n = 0; n < ent.entry.keys.len; n++)
if(ent.entry.keys.val[n].mkvno) {
out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
for(n = 0; n < ent.keys.len; n++)
if(ent.keys.val[n].mkvno) {
out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
break;
}
}
@@ -239,7 +239,7 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_POLICY) {
HDB_extension *ext;
ext = hdb_find_extension(&ent.entry, choice_HDB_extension_data_policy);
ext = hdb_find_extension(&ent, choice_HDB_extension_data_policy);
if (ext == NULL) {
out->policy = strdup("default");
/* It's OK if we retun NULL instead of "default" */
@@ -252,27 +252,27 @@ kadm5_s_get_principal(void *server_handle,
}
}
if(mask & KADM5_MAX_RLIFE) {
if(ent.entry.max_renew)
out->max_renewable_life = *ent.entry.max_renew;
if(ent.max_renew)
out->max_renewable_life = *ent.max_renew;
else
out->max_renewable_life = INT_MAX;
}
if(mask & KADM5_KEY_DATA){
size_t i;
size_t n_keys = ent.entry.keys.len;
size_t n_keys = ent.keys.len;
krb5_salt salt;
HDB_extension *ext;
HDB_Ext_KeySet *hist_keys = NULL;
/* Don't return stale keys to kadm5 clients */
ret = hdb_prune_keys(context->context, &ent.entry);
ret = hdb_prune_keys(context->context, &ent);
if (ret)
goto out;
ext = hdb_find_extension(&ent.entry, choice_HDB_extension_data_hist_keys);
ext = hdb_find_extension(&ent, choice_HDB_extension_data_hist_keys);
if (ext != NULL)
hist_keys = &ext->data.u.hist_keys;
krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
krb5_get_pw_salt(context->context, ent.principal, &salt);
for (i = 0; hist_keys != NULL && i < hist_keys->len; i++)
n_keys += hist_keys->val[i].keys.len;
out->key_data = malloc(n_keys * sizeof(*out->key_data));
@@ -281,8 +281,8 @@ kadm5_s_get_principal(void *server_handle,
goto out;
}
out->n_key_data = 0;
ret = copy_keyset_to_kadm5(context, ent.entry.kvno, ent.entry.keys.len,
ent.entry.keys.val, &salt, out);
ret = copy_keyset_to_kadm5(context, ent.kvno, ent.keys.len,
ent.keys.val, &salt, out);
if (ret)
goto out;
for (i = 0; hist_keys != NULL && i < hist_keys->len; i++) {
@@ -305,12 +305,12 @@ kadm5_s_get_principal(void *server_handle,
const HDB_Ext_KeyRotation *kr;
heim_octet_string krb5_config;
if (ent.entry.etypes) {
if (ent.etypes) {
krb5_data buf;
size_t len;
ASN1_MALLOC_ENCODE(HDB_EncTypeList, buf.data, buf.length,
ent.entry.etypes, &len, ret);
ent.etypes, &len, ret);
if (ret == 0) {
ret = add_tl_data(out, KRB5_TL_ETYPES, buf.data, buf.length);
free(buf.data);
@@ -319,14 +319,14 @@ kadm5_s_get_principal(void *server_handle,
goto out;
}
ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
ret = hdb_entry_get_pw_change_time(&ent, &last_pw_expire);
if (ret == 0 && last_pw_expire) {
unsigned char buf[4];
_krb5_put_int(buf, last_pw_expire, sizeof(buf));
ret = add_tl_data(out, KRB5_TL_LAST_PWD_CHANGE, buf, sizeof(buf));
}
ret = hdb_entry_get_krb5_config(&ent.entry, &krb5_config);
ret = hdb_entry_get_krb5_config(&ent, &krb5_config);
if (ret == 0 && krb5_config.length) {
ret = add_tl_data(out, KRB5_TL_KRB5_CONFIG, krb5_config.data,
krb5_config.length);
@@ -342,7 +342,7 @@ kadm5_s_get_principal(void *server_handle,
/* XXX But not if the client doesn't have ext-keys */
ret = hdb_entry_get_password(context->context,
context->db, &ent.entry, &pw);
context->db, &ent, &pw);
if (ret == 0) {
ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
free(pw);
@@ -352,7 +352,7 @@ kadm5_s_get_principal(void *server_handle,
krb5_clear_error_message(context->context);
}
ret = hdb_entry_get_pkinit_acl(&ent.entry, &acl);
ret = hdb_entry_get_pkinit_acl(&ent, &acl);
if (ret == 0 && acl) {
krb5_data buf;
size_t len;
@@ -370,7 +370,7 @@ kadm5_s_get_principal(void *server_handle,
goto out;
}
ret = hdb_entry_get_aliases(&ent.entry, &aliases);
ret = hdb_entry_get_aliases(&ent, &aliases);
if (ret == 0 && aliases) {
krb5_data buf;
size_t len;
@@ -388,7 +388,7 @@ kadm5_s_get_principal(void *server_handle,
goto out;
}
ret = hdb_entry_get_key_rotation(context->context, &ent.entry, &kr);
ret = hdb_entry_get_key_rotation(context->context, &ent, &kr);
if (ret == 0 && kr) {
krb5_data buf;
size_t len;

4
lib/kadm5/ipropd_master.c
View File

@@ -392,14 +392,14 @@ error:
}
static int
dump_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
dump_one (krb5_context context, HDB *db, hdb_entry *entry, void *v)
{
krb5_error_code ret;
krb5_storage *dump = (krb5_storage *)v;
krb5_storage *sp;
krb5_data data;
ret = hdb_entry2value (context, &entry->entry, &data);
ret = hdb_entry2value (context, entry, &data);
if (ret)
return ret;
ret = krb5_data_realloc (&data, data.length + 4);

4
lib/kadm5/ipropd_slave.c
View File

@@ -571,7 +571,7 @@ receive_everything(krb5_context context, int fd,
krb5_ret_uint32(sp, &opcode);
if (opcode == ONE_PRINC) {
krb5_data fake_data;
hdb_entry_ex entry;
hdb_entry entry;
krb5_storage_free(sp);
@@ -580,7 +580,7 @@ receive_everything(krb5_context context, int fd,
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry(context, &fake_data, &entry.entry);
ret = hdb_value2entry(context, &fake_data, &entry);
if (ret)
krb5_err(context, IPROPD_RESTART, ret, "hdb_value2entry");
ret = mydb->hdb_store(server_context->context,

154
lib/kadm5/log.c
View File

@@ -974,12 +974,12 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
krb5_ssize_t bytes;
kadm5_ret_t ret;
krb5_data value;
hdb_entry_ex ent, existing;
hdb_entry ent, existing;
kadm5_log_context *log_context = &context->log_context;
memset(&existing, 0, sizeof(existing));
memset(&ent, 0, sizeof(ent));
ent.entry = *entry;
ent = *entry;
/*
* Do not allow creation of concrete entries within namespaces unless
@@ -989,14 +989,14 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
0, 0, 0, &existing);
if (ret != 0 && ret != HDB_ERR_NOENTRY)
return ret;
if (ret == 0 && !ent.entry.flags.materialize &&
(existing.entry.flags.virtual || existing.entry.flags.virtual_keys)) {
if (ret == 0 && !ent.flags.materialize &&
(existing.flags.virtual || existing.flags.virtual_keys)) {
hdb_free_entry(context->context, context->db, &existing);
return HDB_ERR_EXISTS;
}
if (ret == 0)
hdb_free_entry(context->context, context->db, &existing);
ent.entry.flags.materialize = 0; /* Clear in stored entry */
ent.flags.materialize = 0; /* Clear in stored entry */
/*
* If we're not logging then we can't recover-to-perform, so just
@@ -1055,7 +1055,7 @@ kadm5_log_replay_create(kadm5_server_context *context,
{
krb5_error_code ret;
krb5_data data;
hdb_entry_ex ent;
hdb_entry ent;
memset(&ent, 0, sizeof(ent));
@@ -1065,7 +1065,7 @@ kadm5_log_replay_create(kadm5_server_context *context,
return ret;
}
krb5_storage_read(sp, data.data, len);
ret = hdb_value2entry(context->context, &data, &ent.entry);
ret = hdb_value2entry(context->context, &data, &ent);
krb5_data_free(&data);
if (ret) {
krb5_set_error_message(context->context, ret,
@@ -1196,11 +1196,11 @@ kadm5_log_rename(kadm5_server_context *context,
off_t end_off = 0; /* Ditto; this allows de-indentation by two levels */
off_t off;
krb5_data value;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_log_context *log_context = &context->log_context;
memset(&ent, 0, sizeof(ent));
ent.entry = *entry;
ent = *entry;
if (strcmp(log_context->log_file, "/dev/null") == 0) {
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
@@ -1306,7 +1306,7 @@ kadm5_log_replay_rename(kadm5_server_context *context,
{
krb5_error_code ret;
krb5_principal source;
hdb_entry_ex target_ent;
hdb_entry target_ent;
krb5_data value;
off_t off;
size_t princ_len, data_len;
@@ -1328,7 +1328,7 @@ kadm5_log_replay_rename(kadm5_server_context *context,
return ret;
}
krb5_storage_read(sp, value.data, data_len);
ret = hdb_value2entry(context->context, &value, &target_ent.entry);
ret = hdb_value2entry(context->context, &value, &target_ent);
krb5_data_free(&value);
if (ret) {
krb5_free_principal(context->context, source);
@@ -1360,11 +1360,11 @@ kadm5_log_modify(kadm5_server_context *context,
kadm5_ret_t ret;
krb5_data value;
uint32_t len;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_log_context *log_context = &context->log_context;
memset(&ent, 0, sizeof(ent));
ent.entry = *entry;
ent = *entry;
if (strcmp(log_context->log_file, "/dev/null") == 0)
return context->db->hdb_store(context->context, context->db,
@@ -1428,7 +1428,7 @@ kadm5_log_replay_modify(kadm5_server_context *context,
krb5_error_code ret;
uint32_t mask;
krb5_data value;
hdb_entry_ex ent, log_ent;
hdb_entry ent, log_ent;
memset(&log_ent, 0, sizeof(log_ent));
@@ -1446,7 +1446,7 @@ kadm5_log_replay_modify(kadm5_server_context *context,
ret = errno ? errno : EIO;
return ret;
}
ret = hdb_value2entry (context->context, &value, &log_ent.entry);
ret = hdb_value2entry (context->context, &value, &log_ent);
krb5_data_free(&value);
if (ret)
return ret;
@@ -1454,37 +1454,37 @@ kadm5_log_replay_modify(kadm5_server_context *context,
memset(&ent, 0, sizeof(ent));
/* NOTE: We do not use hdb_fetch_kvno() here */
ret = context->db->hdb_fetch_kvno(context->context, context->db,
log_ent.entry.principal,
log_ent.principal,
HDB_F_DECRYPT|HDB_F_ALL_KVNOS|
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
if (ret)
goto out;
if (mask & KADM5_PRINC_EXPIRE_TIME) {
if (log_ent.entry.valid_end == NULL) {
ent.entry.valid_end = NULL;
if (log_ent.valid_end == NULL) {
ent.valid_end = NULL;
} else {
if (ent.entry.valid_end == NULL) {
ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
if (ent.entry.valid_end == NULL) {
if (ent.valid_end == NULL) {
ent.valid_end = malloc(sizeof(*ent.valid_end));
if (ent.valid_end == NULL) {
ret = krb5_enomem(context->context);
goto out;
}
}
*ent.entry.valid_end = *log_ent.entry.valid_end;
*ent.valid_end = *log_ent.valid_end;
}
}
if (mask & KADM5_PW_EXPIRATION) {
if (log_ent.entry.pw_end == NULL) {
ent.entry.pw_end = NULL;
if (log_ent.pw_end == NULL) {
ent.pw_end = NULL;
} else {
if (ent.entry.pw_end == NULL) {
ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
if (ent.entry.pw_end == NULL) {
if (ent.pw_end == NULL) {
ent.pw_end = malloc(sizeof(*ent.pw_end));
if (ent.pw_end == NULL) {
ret = krb5_enomem(context->context);
goto out;
}
}
*ent.entry.pw_end = *log_ent.entry.pw_end;
*ent.pw_end = *log_ent.pw_end;
}
}
if (mask & KADM5_LAST_PWD_CHANGE) {
@@ -1492,39 +1492,39 @@ kadm5_log_replay_modify(kadm5_server_context *context,
"Unimplemented mask KADM5_LAST_PWD_CHANGE");
}
if (mask & KADM5_ATTRIBUTES) {
ent.entry.flags = log_ent.entry.flags;
ent.flags = log_ent.flags;
}
if (mask & KADM5_MAX_LIFE) {
if (log_ent.entry.max_life == NULL) {
ent.entry.max_life = NULL;
if (log_ent.max_life == NULL) {
ent.max_life = NULL;
} else {
if (ent.entry.max_life == NULL) {
ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
if (ent.entry.max_life == NULL) {
if (ent.max_life == NULL) {
ent.max_life = malloc (sizeof(*ent.max_life));
if (ent.max_life == NULL) {
ret = krb5_enomem(context->context);
goto out;
}
}
*ent.entry.max_life = *log_ent.entry.max_life;
*ent.max_life = *log_ent.max_life;
}
}
if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
if (ent.entry.modified_by == NULL) {
ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
if (ent.entry.modified_by == NULL) {
if (ent.modified_by == NULL) {
ent.modified_by = malloc(sizeof(*ent.modified_by));
if (ent.modified_by == NULL) {
ret = krb5_enomem(context->context);
goto out;
}
} else
free_Event(ent.entry.modified_by);
ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
free_Event(ent.modified_by);
ret = copy_Event(log_ent.modified_by, ent.modified_by);
if (ret) {
ret = krb5_enomem(context->context);
goto out;
}
}
if (mask & KADM5_KVNO) {
ent.entry.kvno = log_ent.entry.kvno;
ent.kvno = log_ent.kvno;
}
if (mask & KADM5_MKVNO) {
krb5_warnx(context->context, "Unimplemented mask KADM5_KVNO");
@@ -1537,17 +1537,17 @@ kadm5_log_replay_modify(kadm5_server_context *context,
krb5_warnx(context->context, "Unimplemented mask KADM5_POLICY_CLR");
}
if (mask & KADM5_MAX_RLIFE) {
if (log_ent.entry.max_renew == NULL) {
ent.entry.max_renew = NULL;
if (log_ent.max_renew == NULL) {
ent.max_renew = NULL;
} else {
if (ent.entry.max_renew == NULL) {
ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
if (ent.entry.max_renew == NULL) {
if (ent.max_renew == NULL) {
ent.max_renew = malloc (sizeof(*ent.max_renew));
if (ent.max_renew == NULL) {
ret = krb5_enomem(context->context);
goto out;
}
}
*ent.entry.max_renew = *log_ent.entry.max_renew;
*ent.max_renew = *log_ent.max_renew;
}
}
if (mask & KADM5_LAST_SUCCESS) {
@@ -1573,62 +1573,62 @@ kadm5_log_replay_modify(kadm5_server_context *context,
*/
mask |= KADM5_TL_DATA;
for (i = 0; i < ent.entry.keys.len; ++i)
free_Key(&ent.entry.keys.val[i]);
free (ent.entry.keys.val);
for (i = 0; i < ent.keys.len; ++i)
free_Key(&ent.keys.val[i]);
free (ent.keys.val);
num = log_ent.entry.keys.len;
num = log_ent.keys.len;
ent.entry.keys.len = num;
ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
if (ent.entry.keys.val == NULL) {
ent.keys.len = num;
ent.keys.val = malloc(len * sizeof(*ent.keys.val));
if (ent.keys.val == NULL) {
krb5_enomem(context->context);
goto out;
}
for (i = 0; i < ent.entry.keys.len; ++i) {
ret = copy_Key(&log_ent.entry.keys.val[i],
&ent.entry.keys.val[i]);
for (i = 0; i < ent.keys.len; ++i) {
ret = copy_Key(&log_ent.keys.val[i],
&ent.keys.val[i]);
if (ret) {
krb5_set_error_message(context->context, ret, "out of memory");
goto out;
}
}
}
if ((mask & KADM5_TL_DATA) && log_ent.entry.etypes) {
if (ent.entry.etypes)
free_HDB_EncTypeList(ent.entry.etypes);
free(ent.entry.etypes);
ent.entry.etypes = calloc(1, sizeof(*ent.entry.etypes));
if (ent.entry.etypes == NULL)
if ((mask & KADM5_TL_DATA) && log_ent.etypes) {
if (ent.etypes)
free_HDB_EncTypeList(ent.etypes);
free(ent.etypes);
ent.etypes = calloc(1, sizeof(*ent.etypes));
if (ent.etypes == NULL)
ret = ENOMEM;
if (ret == 0)
ret = copy_HDB_EncTypeList(log_ent.entry.etypes, ent.entry.etypes);
ret = copy_HDB_EncTypeList(log_ent.etypes, ent.etypes);
if (ret) {
ret = krb5_enomem(context->context);
free(ent.entry.etypes);
ent.entry.etypes = NULL;
free(ent.etypes);
ent.etypes = NULL;
goto out;
}
}
if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
if (ent.entry.extensions) {
free_HDB_extensions(ent.entry.extensions);
free(ent.entry.extensions);
ent.entry.extensions = NULL;
if ((mask & KADM5_TL_DATA) && log_ent.extensions) {
if (ent.extensions) {
free_HDB_extensions(ent.extensions);
free(ent.extensions);
ent.extensions = NULL;
}
ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
if (ent.entry.extensions == NULL)
ent.extensions = calloc(1, sizeof(*ent.extensions));
if (ent.extensions == NULL)
ret = ENOMEM;
if (ret == 0)
ret = copy_HDB_extensions(log_ent.entry.extensions,
ent.entry.extensions);
ret = copy_HDB_extensions(log_ent.extensions,
ent.extensions);
if (ret) {
ret = krb5_enomem(context->context);
free(ent.entry.extensions);
ent.entry.extensions = NULL;
free(ent.extensions);
ent.extensions = NULL;
goto out;
}
}

10
lib/kadm5/modify_s.c
View File

@@ -97,7 +97,7 @@ modify_principal(void *server_handle,
uint32_t forbidden_mask)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret;
memset(&ent, 0, sizeof(ent));
@@ -139,7 +139,7 @@ modify_principal(void *server_handle,
ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
if (ret)
goto out3;
ret = _kadm5_set_modifier(context, &ent.entry);
ret = _kadm5_set_modifier(context, &ent);
if (ret)
goto out3;
@@ -157,7 +157,7 @@ modify_principal(void *server_handle,
goto out3;
}
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;
@@ -174,14 +174,14 @@ modify_principal(void *server_handle,
goto out3;
}
/* This calls free_HDB_extension(), freeing ext.data.u.policy */
ret = hdb_replace_extension(context->context, &ent.entry, &ext);
ret = hdb_replace_extension(context->context, &ent, &ext);
free(ext.data.u.policy);
if (ret)
goto out3;
}
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_modify(context, &ent.entry,
ret = kadm5_log_modify(context, &ent,
mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
(void) modify_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT,

8
lib/kadm5/prune_s.c
View File

@@ -95,7 +95,7 @@ kadm5_s_prune_principal(void *server_handle,
int kvno)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret;
memset(&ent, 0, sizeof(ent));
@@ -121,15 +121,15 @@ kadm5_s_prune_principal(void *server_handle,
if (ret)
goto out3;
ret = hdb_prune_keys_kvno(context->context, &ent.entry, kvno);
ret = hdb_prune_keys_kvno(context->context, &ent, kvno);
if (ret)
goto out3;
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;
ret = kadm5_log_modify(context, &ent.entry, KADM5_KEY_DATA);
ret = kadm5_log_modify(context, &ent, KADM5_KEY_DATA);
(void) prune_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT,
ret, princ, kvno);

24
lib/kadm5/randkey_s.c
View File

@@ -102,7 +102,7 @@ kadm5_s_randkey_principal(void *server_handle,
int *n_keys)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret;
size_t i;
@@ -129,36 +129,36 @@ kadm5_s_randkey_principal(void *server_handle,
goto out3;
if (keepold) {
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
ret = hdb_add_current_keys_to_history(context->context, &ent);
if (ret == 0 && keepold == 1)
ret = hdb_prune_keys_kvno(context->context, &ent.entry, 0);
ret = hdb_prune_keys_kvno(context->context, &ent, 0);
if (ret)
goto out3;
} else {
/* Remove all key history */
ret = hdb_clear_extension(context->context, &ent.entry,
ret = hdb_clear_extension(context->context, &ent,
choice_HDB_extension_data_hist_keys);
if (ret)
goto out3;
}
ret = _kadm5_set_keys_randomly(context, &ent.entry, n_ks_tuple, ks_tuple,
ret = _kadm5_set_keys_randomly(context, &ent, n_ks_tuple, ks_tuple,
new_keys, n_keys);
if (ret)
goto out3;
ent.entry.kvno++;
ent.kvno++;
ent.entry.flags.require_pwchange = 0;
ent.flags.require_pwchange = 0;
ret = _kadm5_set_modifier(context, &ent.entry);
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out4;
ret = _kadm5_bump_pw_expire(context, &ent.entry);
ret = _kadm5_bump_pw_expire(context, &ent);
if (ret)
goto out4;
if (keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out4;
} else {
@@ -169,11 +169,11 @@ kadm5_s_randkey_principal(void *server_handle,
ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
hdb_replace_extension(context->context, &ent.entry, &ext);
hdb_replace_extension(context->context, &ent, &ext);
}
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_modify(context, &ent.entry,
ret = kadm5_log_modify(context, &ent,
KADM5_ATTRIBUTES | KADM5_PRINCIPAL |
KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO |

26
lib/kadm5/rename_s.c
View File

@@ -97,7 +97,7 @@ kadm5_s_rename_principal(void *server_handle,
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry_ex ent;
hdb_entry ent;
krb5_principal oldname;
size_t i;
@@ -121,14 +121,14 @@ kadm5_s_rename_principal(void *server_handle,
0, &ent);
if (ret)
goto out2;
oldname = ent.entry.principal;
oldname = ent.principal;
ret = rename_principal_hook(context, KADM5_HOOK_STAGE_PRECOMMIT,
0, source, target);
if (ret)
goto out3;
ret = _kadm5_set_modifier(context, &ent.entry);
ret = _kadm5_set_modifier(context, &ent);
if (ret)
goto out3;
{
@@ -139,14 +139,14 @@ kadm5_s_rename_principal(void *server_handle,
krb5_get_pw_salt(context->context, source, &salt2);
salt.type = hdb_pw_salt;
salt.salt = salt2.saltvalue;
for(i = 0; i < ent.entry.keys.len; i++){
if(ent.entry.keys.val[i].salt == NULL){
ent.entry.keys.val[i].salt =
malloc(sizeof(*ent.entry.keys.val[i].salt));
if (ent.entry.keys.val[i].salt == NULL)
for(i = 0; i < ent.keys.len; i++){
if(ent.keys.val[i].salt == NULL){
ent.keys.val[i].salt =
malloc(sizeof(*ent.keys.val[i].salt));
if (ent.keys.val[i].salt == NULL)
ret = krb5_enomem(context->context);
else
ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
ret = copy_Salt(&salt, ent.keys.val[i].salt);
if (ret)
break;
}
@@ -157,19 +157,19 @@ kadm5_s_rename_principal(void *server_handle,
goto out3;
/* Borrow target */
ent.entry.principal = target;
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
ent.principal = target;
ret = hdb_seal_keys(context->context, context->db, &ent);
if (ret)
goto out3;
/* This logs the change for iprop and writes to the HDB */
ret = kadm5_log_rename(context, source, &ent.entry);
ret = kadm5_log_rename(context, source, &ent);
(void) rename_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT,
ret, source, target);
out3:
ent.entry.principal = oldname; /* Unborrow target */
ent.principal = oldname; /* Unborrow target */
hdb_free_entry(context->context, context->db, &ent);
out2:

26
lib/kadm5/setkey3_s.c
View File

@@ -115,7 +115,7 @@ kadm5_s_setkey_principal_3(void *server_handle,
krb5_keyblock *keyblocks, int n_keys)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
hdb_entry ent;
kadm5_ret_t ret = 0;
size_t i;
@@ -154,9 +154,9 @@ kadm5_s_setkey_principal_3(void *server_handle,
}
if (keepold) {
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
ret = hdb_add_current_keys_to_history(context->context, &ent);
} else
ret = hdb_clear_extension(context->context, &ent.entry,
ret = hdb_clear_extension(context->context, &ent,
choice_HDB_extension_data_hist_keys);
/*
@@ -167,7 +167,7 @@ kadm5_s_setkey_principal_3(void *server_handle,
* each ks_tuple's enctype matches the corresponding key enctype.
*/
if (ret == 0) {
free_Keys(&ent.entry.keys);
free_Keys(&ent.keys);
for (i = 0; i < n_keys; ++i) {
Key k;
Salt s;
@@ -186,22 +186,22 @@ kadm5_s_setkey_principal_3(void *server_handle,
s.opaque = 0;
k.salt = &s;
}
if ((ret = add_Keys(&ent.entry.keys, &k)) != 0)
if ((ret = add_Keys(&ent.keys, &k)) != 0)
break;
}
}
if (ret == 0) {
ent.entry.kvno++;
ent.entry.flags.require_pwchange = 0;
hdb_entry_set_pw_change_time(context->context, &ent.entry, 0);
hdb_entry_clear_password(context->context, &ent.entry);
ent.kvno++;
ent.flags.require_pwchange = 0;
hdb_entry_set_pw_change_time(context->context, &ent, 0);
hdb_entry_clear_password(context->context, &ent);
if ((ret = hdb_seal_keys(context->context, context->db,
&ent.entry)) == 0
&& (ret = _kadm5_set_modifier(context, &ent.entry)) == 0
&& (ret = _kadm5_bump_pw_expire(context, &ent.entry)) == 0)
ret = kadm5_log_modify(context, &ent.entry,
&ent)) == 0
&& (ret = _kadm5_set_modifier(context, &ent)) == 0
&& (ret = _kadm5_bump_pw_expire(context, &ent)) == 0)
ret = kadm5_log_modify(context, &ent,
KADM5_ATTRIBUTES | KADM5_PRINCIPAL |
KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO |