diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index 9d197035f..179208c86 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -52,7 +52,8 @@ kadm5_s_chpass_principal(void *server_handle, ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, + 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; ret = _kadm5_set_keys(context, &ent, password); @@ -62,12 +63,15 @@ kadm5_s_chpass_principal(void *server_handle, if(ret) goto out2; + hdb_seal_keys(context->db, &ent); + kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO); - ret = context->db->store(context->context, context->db, 1, &ent); + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); out2: hdb_free_entry(context->context, &ent); out: @@ -88,7 +92,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle, ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data); @@ -98,12 +102,15 @@ kadm5_s_chpass_principal_with_key(void *server_handle, if(ret) goto out2; + hdb_seal_keys(context->db, &ent); + kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO); - ret = context->db->store(context->context, context->db, 1, &ent); + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); out2: hdb_free_entry(context->context, &ent); out: diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c index 31b55c576..49cf4edaf 100644 --- a/lib/kadm5/create_s.c +++ b/lib/kadm5/create_s.c @@ -117,6 +117,8 @@ kadm5_s_create_principal_with_key(void *server_handle, if(ret) goto out; + hdb_seal_keys(context->db, &ent); + kadm5_log_create (context, &ent); ret = context->db->open(context->context, context->db, O_RDWR, 0); @@ -167,6 +169,8 @@ kadm5_s_create_principal(void *server_handle, ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1; ret = _kadm5_set_keys(context, &ent, password); + hdb_seal_keys(context->db, &ent); + kadm5_log_create (context, &ent); ret = context->db->open(context->context, context->db, O_RDWR, 0); diff --git a/lib/kadm5/delete_s.c b/lib/kadm5/delete_s.c index 6b0ff5c81..0031ac5c4 100644 --- a/lib/kadm5/delete_s.c +++ b/lib/kadm5/delete_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -53,7 +53,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) krb5_warn(context->context, ret, "opening database"); return ret; } - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); if(ret == HDB_ERR_NOENTRY) goto out2; if(ent.flags.immutable) { @@ -61,6 +62,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) goto out; } + hdb_seal_keys(context->db, &ent); + kadm5_log_delete (context, princ); ret = context->db->remove(context->context, context->db, &ent); diff --git a/lib/kadm5/get_princs_s.c b/lib/kadm5/get_princs_s.c index 7fe413a61..1a6855890 100644 --- a/lib/kadm5/get_princs_s.c +++ b/lib/kadm5/get_princs_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -104,7 +104,7 @@ kadm5_s_get_principals(void *server_handle, } d.princs = NULL; d.count = 0; - ret = hdb_foreach(context->context, context->db, foreach, &d); + ret = hdb_foreach(context->context, context->db, 0, foreach, &d); context->db->close(context->context, context->db); if(ret == 0) ret = add_princ(&d, NULL); diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c index 981130c8d..dfc89deb4 100644 --- a/lib/kadm5/get_s.c +++ b/lib/kadm5/get_s.c @@ -54,7 +54,8 @@ kadm5_s_get_principal(void *server_handle, ret = context->db->open(context->context, context->db, O_RDONLY, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); context->db->close(context->context, context->db); if(ret) return _kadm5_error_code(ret); @@ -105,8 +106,15 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_KVNO) out->kvno = ent.kvno; - if(mask & KADM5_MKVNO && ent.keys.len) - out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */ + if(mask & KADM5_MKVNO) { + int n; + out->mkvno = 0; /* XXX */ + for(n = 0; n < ent.keys.len; n++) + if(ent.keys.val[n].mkvno) { + out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */ + break; + } + } if(mask & KADM5_AUX_ATTRIBUTES) /* XXX implement */; if(mask & KADM5_POLICY) diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 0d17c3905..44286e098 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -483,7 +483,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, return ret; ent.principal = log_ent.principal; log_ent.principal = NULL; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); if (ret) return ret; if (mask & KADM5_PRINC_EXPIRE_TIME) { @@ -559,7 +560,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, copy_Key(&log_ent.keys.val[i], &ent.keys.val[i]); } - ret = context->db->store(context->context, context->db, 1, &ent); + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); hdb_free_entry (context->context, &ent); hdb_free_entry (context->context, &log_ent); return ret; diff --git a/lib/kadm5/modify_s.c b/lib/kadm5/modify_s.c index f762058a8..adb99fc9b 100644 --- a/lib/kadm5/modify_s.c +++ b/lib/kadm5/modify_s.c @@ -58,7 +58,7 @@ modify_principal(void *server_handle, ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret) goto out; ret = _kadm5_setup_entry(&ent, princ, NULL, mask); @@ -68,11 +68,14 @@ modify_principal(void *server_handle, if(ret) goto out2; + hdb_seal_keys(context->db, &ent); + kadm5_log_modify (context, &ent, mask | KADM5_MOD_NAME | KADM5_MOD_TIME); - ret = context->db->store(context->context, context->db, 1, &ent); + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); out2: hdb_free_entry(context->context, &ent); out: diff --git a/lib/kadm5/randkey_s.c b/lib/kadm5/randkey_s.c index c10295fa8..5d0bd8471 100644 --- a/lib/kadm5/randkey_s.c +++ b/lib/kadm5/randkey_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -54,7 +54,7 @@ kadm5_s_randkey_principal(void *server_handle, ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; { @@ -90,12 +90,15 @@ kadm5_s_randkey_principal(void *server_handle, if(ret) goto out2; + hdb_seal_keys(context->db, &ent); + kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO); - ret = context->db->store(context->context, context->db, 1, &ent); + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); out2: hdb_free_entry(context->context, &ent); out: diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c index 4cc3d2b4e..27c4e2722 100644 --- a/lib/kadm5/rename_s.c +++ b/lib/kadm5/rename_s.c @@ -56,7 +56,7 @@ kadm5_s_rename_principal(void *server_handle, ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->fetch(context->context, context->db, &ent); + ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret){ context->db->close(context->context, context->db); goto out; @@ -87,6 +87,8 @@ kadm5_s_rename_principal(void *server_handle, ent2.principal = ent.principal; ent.principal = target; + hdb_seal_keys(context->db, &ent); + kadm5_log_rename (context, source, &ent);