Make changes to hdb_keyset type be backward-compatible.
This commit is contained in:
Nicolas Williams
@@ -91,7 +91,7 @@ HDB-Ext-Aliases ::= SEQUENCE {
|
||||
hdb_keyset ::= SEQUENCE {
|
||||
kvno[0] INTEGER (0..4294967295),
|
||||
keys[2] SEQUENCE OF Key,
|
||||
set-time[1] KerberosTime, -- time this keyset was created/set
|
||||
set-time[1] KerberosTime OPTIONAL, -- time this keyset was created/set
|
||||
...
|
||||
}
|
||||
|
||||
|
||||
@@ -227,7 +227,7 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
|
||||
HDB_Ext_KeySet *hist_keys;
|
||||
hdb_keyset *tmp_keysets;
|
||||
size_t i;
|
||||
size_t add = 0;
|
||||
size_t replace = 0;
|
||||
|
||||
ext = hdb_find_extension(entry, choice_HDB_extension_data_hist_keys);
|
||||
if (ext != NULL) {
|
||||
@@ -240,7 +240,7 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
|
||||
memmove(&hist_keys->val[1], hist_keys->val,
|
||||
sizeof (*hist_keys->val) * hist_keys->len++);
|
||||
} else {
|
||||
add = 1;
|
||||
replace = 1;
|
||||
ext = calloc(1, sizeof (*ext));
|
||||
if (ext == NULL)
|
||||
return ENOMEM;
|
||||
@@ -265,19 +265,22 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
|
||||
}
|
||||
}
|
||||
hist_keys->val[0].kvno = entry->kvno;
|
||||
(void) hdb_entry_get_pw_change_time(entry, &hist_keys->val[0].set_time);
|
||||
hist_keys->val[0].set_time = malloc(sizeof (*hist_keys->val[0].set_time));
|
||||
if (hist_keys->val[0].set_time == NULL) {
|
||||
free_HDB_extension(ext);
|
||||
return ENOMEM;
|
||||
}
|
||||
(void) hdb_entry_get_pw_change_time(entry, hist_keys->val[0].set_time);
|
||||
|
||||
if (add) {
|
||||
/* XXX hdb_replace_extension() deep-copies ext; what a waste */
|
||||
if (replace) {
|
||||
/* hdb_replace_extension() deep-copies ext; what a waste */
|
||||
ret = hdb_replace_extension(context, entry, ext);
|
||||
if (ret) {
|
||||
free_HDB_extension(ext);
|
||||
return ret;
|
||||
}
|
||||
free_HDB_extension(ext);
|
||||
}
|
||||
|
||||
/* hdb_replace_extension() copies ext, so we have to free it */
|
||||
free_HDB_extension(ext);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -495,6 +495,7 @@ hdb_unseal_keys_kvno(krb5_context context, HDB *db, krb5_kvno kvno,
|
||||
int i, k;
|
||||
int exclude_dead = 0;
|
||||
KerberosTime now = 0;
|
||||
time_t *set_time;
|
||||
|
||||
if ((flags & HDB_F_LIVE_CLNT_KVNOS) || (flags & HDB_F_LIVE_SVC_KVNOS)) {
|
||||
exclude_dead = 1;
|
||||
@@ -523,6 +524,7 @@ hdb_unseal_keys_kvno(krb5_context context, HDB *db, krb5_kvno kvno,
|
||||
|
||||
if (exclude_dead &&
|
||||
((ent->max_life != NULL &&
|
||||
hist_keys->val[i].set_time != NULL &&
|
||||
hist_keys->val[i].set_time < (now - (*ent->max_life))) ||
|
||||
(hist_keys->val[i].kvno < kvno &&
|
||||
(kvno - hist_keys->val[i].kvno) > kvno_diff)))
|
||||
@@ -573,6 +575,9 @@ hdb_unseal_keys_kvno(krb5_context context, HDB *db, krb5_kvno kvno,
|
||||
* so there's no danger that we'll dump this entry and load it
|
||||
* again, repeatedly causing the history to grow boundelessly.
|
||||
*/
|
||||
set_time = malloc(*set_time);
|
||||
if (set_time == NULL)
|
||||
return ENOMEM;
|
||||
tmp_keys = realloc(hist_keys->val,
|
||||
sizeof (*hist_keys->val) * (hist_keys->len + 1));
|
||||
if (tmp_keys == NULL)
|
||||
@@ -583,7 +588,8 @@ hdb_unseal_keys_kvno(krb5_context context, HDB *db, krb5_kvno kvno,
|
||||
tmp_keys[0].keys.len = ent->keys.len;
|
||||
tmp_keys[0].keys.val = ent->keys.val;
|
||||
tmp_keys[0].kvno = ent->kvno;
|
||||
(void) hdb_entry_get_pw_change_time(ent, &tmp_keys[0].set_time);
|
||||
tmp_keys[0].set_time = set_time;
|
||||
(void) hdb_entry_get_pw_change_time(ent, tmp_keys[0].set_time);
|
||||
i++;
|
||||
ent->keys.len = hist_keys->val[i].keys.len;
|
||||
ent->keys.val = hist_keys->val[i].keys.val;
|
||||
|
||||
Reference in New Issue
Block a user