add flags to fetch and store; seal keys before logging
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6097 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -52,7 +52,8 @@ kadm5_s_chpass_principal(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db,
|
||||
0, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out;
|
||||
ret = _kadm5_set_keys(context, &ent, password);
|
||||
@@ -62,12 +63,15 @@ kadm5_s_chpass_principal(void *server_handle,
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_modify (context,
|
||||
&ent,
|
||||
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
|
||||
KADM5_KEY_DATA | KADM5_KVNO);
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
ret = context->db->store(context->context, context->db,
|
||||
HDB_F_REPLACE, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
@@ -88,7 +92,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db, 0, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out;
|
||||
ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
|
||||
@@ -98,12 +102,15 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_modify (context,
|
||||
&ent,
|
||||
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
|
||||
KADM5_KEY_DATA | KADM5_KVNO);
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
ret = context->db->store(context->context, context->db,
|
||||
HDB_F_REPLACE, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
|
||||
@@ -117,6 +117,8 @@ kadm5_s_create_principal_with_key(void *server_handle,
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_create (context, &ent);
|
||||
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
@@ -167,6 +169,8 @@ kadm5_s_create_principal(void *server_handle,
|
||||
ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1;
|
||||
ret = _kadm5_set_keys(context, &ent, password);
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_create (context, &ent);
|
||||
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -53,7 +53,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
|
||||
krb5_warn(context->context, ret, "opening database");
|
||||
return ret;
|
||||
}
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db,
|
||||
HDB_F_DECRYPT, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out2;
|
||||
if(ent.flags.immutable) {
|
||||
@@ -61,6 +62,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
|
||||
goto out;
|
||||
}
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_delete (context, princ);
|
||||
|
||||
ret = context->db->remove(context->context, context->db, &ent);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -104,7 +104,7 @@ kadm5_s_get_principals(void *server_handle,
|
||||
}
|
||||
d.princs = NULL;
|
||||
d.count = 0;
|
||||
ret = hdb_foreach(context->context, context->db, foreach, &d);
|
||||
ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret == 0)
|
||||
ret = add_princ(&d, NULL);
|
||||
|
||||
@@ -54,7 +54,8 @@ kadm5_s_get_principal(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDONLY, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db,
|
||||
HDB_F_DECRYPT, &ent);
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret)
|
||||
return _kadm5_error_code(ret);
|
||||
@@ -105,8 +106,15 @@ kadm5_s_get_principal(void *server_handle,
|
||||
|
||||
if(mask & KADM5_KVNO)
|
||||
out->kvno = ent.kvno;
|
||||
if(mask & KADM5_MKVNO && ent.keys.len)
|
||||
out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */
|
||||
if(mask & KADM5_MKVNO) {
|
||||
int n;
|
||||
out->mkvno = 0; /* XXX */
|
||||
for(n = 0; n < ent.keys.len; n++)
|
||||
if(ent.keys.val[n].mkvno) {
|
||||
out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(mask & KADM5_AUX_ATTRIBUTES)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_POLICY)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -483,7 +483,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
|
||||
return ret;
|
||||
ent.principal = log_ent.principal;
|
||||
log_ent.principal = NULL;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db,
|
||||
HDB_F_DECRYPT, &ent);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (mask & KADM5_PRINC_EXPIRE_TIME) {
|
||||
@@ -559,7 +560,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
|
||||
copy_Key(&log_ent.keys.val[i],
|
||||
&ent.keys.val[i]);
|
||||
}
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
ret = context->db->store(context->context, context->db,
|
||||
HDB_F_REPLACE, &ent);
|
||||
hdb_free_entry (context->context, &ent);
|
||||
hdb_free_entry (context->context, &log_ent);
|
||||
return ret;
|
||||
|
||||
@@ -58,7 +58,7 @@ modify_principal(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db, 0, &ent);
|
||||
if(ret)
|
||||
goto out;
|
||||
ret = _kadm5_setup_entry(&ent, princ, NULL, mask);
|
||||
@@ -68,11 +68,14 @@ modify_principal(void *server_handle,
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_modify (context,
|
||||
&ent,
|
||||
mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
ret = context->db->store(context->context, context->db,
|
||||
HDB_F_REPLACE, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -54,7 +54,7 @@ kadm5_s_randkey_principal(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db, 0, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out;
|
||||
{
|
||||
@@ -90,12 +90,15 @@ kadm5_s_randkey_principal(void *server_handle,
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_modify (context,
|
||||
&ent,
|
||||
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
|
||||
KADM5_KEY_DATA | KADM5_KVNO);
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
ret = context->db->store(context->context, context->db,
|
||||
HDB_F_REPLACE, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
|
||||
@@ -56,7 +56,7 @@ kadm5_s_rename_principal(void *server_handle,
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
ret = context->db->fetch(context->context, context->db, 0, &ent);
|
||||
if(ret){
|
||||
context->db->close(context->context, context->db);
|
||||
goto out;
|
||||
@@ -87,6 +87,8 @@ kadm5_s_rename_principal(void *server_handle,
|
||||
ent2.principal = ent.principal;
|
||||
ent.principal = target;
|
||||
|
||||
hdb_seal_keys(context->db, &ent);
|
||||
|
||||
kadm5_log_rename (context,
|
||||
source,
|
||||
&ent);
|
||||
|
||||
Reference in New Issue
Block a user