convert to slc; don't purge keys older that a certain time, instead
purge keys that have newer versions that are at least a certain age git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14261 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2004 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -42,6 +42,7 @@ RCSID("$Id$");
|
|||||||
struct e {
|
struct e {
|
||||||
krb5_principal principal;
|
krb5_principal principal;
|
||||||
int max_vno;
|
int max_vno;
|
||||||
|
time_t timestamp;
|
||||||
struct e *next;
|
struct e *next;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -57,14 +58,17 @@ get_entry (krb5_principal princ, struct e *head)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
add_entry (krb5_principal princ, int vno, struct e **head)
|
add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head)
|
||||||
{
|
{
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
struct e *e;
|
struct e *e;
|
||||||
|
|
||||||
e = get_entry (princ, *head);
|
e = get_entry (princ, *head);
|
||||||
if (e != NULL) {
|
if (e != NULL) {
|
||||||
e->max_vno = max (e->max_vno, vno);
|
if(e->max_vno < vno) {
|
||||||
|
e->max_vno = vno;
|
||||||
|
e->timestamp = timestamp;
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
e = malloc (sizeof (*e));
|
e = malloc (sizeof (*e));
|
||||||
@@ -74,6 +78,7 @@ add_entry (krb5_principal princ, int vno, struct e **head)
|
|||||||
if (ret)
|
if (ret)
|
||||||
krb5_err (context, 1, ret, "krb5_copy_principal");
|
krb5_err (context, 1, ret, "krb5_copy_principal");
|
||||||
e->max_vno = vno;
|
e->max_vno = vno;
|
||||||
|
e->timestamp = timestamp;
|
||||||
e->next = *head;
|
e->next = *head;
|
||||||
*head = e;
|
*head = e;
|
||||||
}
|
}
|
||||||
@@ -95,40 +100,19 @@ delete_list (struct e *head)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
int
|
int
|
||||||
kt_purge(int argc, char **argv)
|
kt_purge(struct purge_options *opt, int argc, char **argv)
|
||||||
{
|
{
|
||||||
krb5_error_code ret = 0;
|
krb5_error_code ret = 0;
|
||||||
krb5_kt_cursor cursor;
|
krb5_kt_cursor cursor;
|
||||||
krb5_keytab keytab;
|
krb5_keytab keytab;
|
||||||
krb5_keytab_entry entry;
|
krb5_keytab_entry entry;
|
||||||
int help_flag = 0;
|
|
||||||
char *age_str = "1 week";
|
|
||||||
int age;
|
int age;
|
||||||
struct getargs args[] = {
|
|
||||||
{ "age", 0, arg_string, NULL, "age to retire" },
|
|
||||||
{ "help", 'h', arg_flag, NULL }
|
|
||||||
};
|
|
||||||
int num_args = sizeof(args) / sizeof(args[0]);
|
|
||||||
int optind = 0;
|
|
||||||
int i = 0;
|
|
||||||
struct e *head = NULL;
|
struct e *head = NULL;
|
||||||
time_t judgement_day;
|
time_t judgement_day;
|
||||||
|
|
||||||
args[i++].value = &age_str;
|
age = parse_time(opt->age_string, "s");
|
||||||
args[i++].value = &help_flag;
|
|
||||||
|
|
||||||
if(getarg(args, num_args, argc, argv, &optind)) {
|
|
||||||
arg_printusage(args, num_args, "ktutil purge", "");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if(help_flag) {
|
|
||||||
arg_printusage(args, num_args, "ktutil purge", "");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
age = parse_time(age_str, "s");
|
|
||||||
if(age < 0) {
|
if(age < 0) {
|
||||||
krb5_warnx(context, "unparasable time `%s'", age_str);
|
krb5_warnx(context, "unparasable time `%s'", opt->age_string);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -137,12 +121,12 @@ kt_purge(int argc, char **argv)
|
|||||||
|
|
||||||
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
|
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
|
||||||
if(ret){
|
if(ret){
|
||||||
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
|
krb5_warn(context, ret, "%s", keytab_string);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
|
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
|
||||||
add_entry (entry.principal, entry.vno, &head);
|
add_entry (entry.principal, entry.vno, entry.timestamp, &head);
|
||||||
krb5_kt_free_entry(context, &entry);
|
krb5_kt_free_entry(context, &entry);
|
||||||
}
|
}
|
||||||
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
|
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
|
||||||
@@ -151,7 +135,7 @@ kt_purge(int argc, char **argv)
|
|||||||
|
|
||||||
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
|
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
|
||||||
if(ret){
|
if(ret){
|
||||||
krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string);
|
krb5_warn(context, ret, "%s", keytab_string);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -164,7 +148,7 @@ kt_purge(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (entry.vno < e->max_vno
|
if (entry.vno < e->max_vno
|
||||||
&& judgement_day - entry.timestamp > age) {
|
&& judgement_day - e->timestamp > age) {
|
||||||
if (verbose_flag) {
|
if (verbose_flag) {
|
||||||
char *name_str;
|
char *name_str;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user