oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add flags to fetch and store; seal keys before logging

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6097 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1999-05-03 17:09:58 +00:00
parent e7955cc129
commit c3e59002fe
9 changed files with 52 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/kadm5/chpass_s.c
View File

@@ -52,7 +52,8 @@ kadm5_s_chpass_principal(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db,
0, &ent);
if(ret == HDB_ERR_NOENTRY) if(ret == HDB_ERR_NOENTRY)
goto out; goto out;
ret = _kadm5_set_keys(context, &ent, password); ret = _kadm5_set_keys(context, &ent, password);
@@ -62,12 +63,15 @@ kadm5_s_chpass_principal(void *server_handle,
if(ret) if(ret)
goto out2; goto out2;
hdb_seal_keys(context->db, &ent);
kadm5_log_modify (context, kadm5_log_modify (context,
&ent, &ent,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO); KADM5_KEY_DATA | KADM5_KVNO);
ret = context->db->store(context->context, context->db, 1, &ent); ret = context->db->store(context->context, context->db,
HDB_F_REPLACE, &ent);
out2: out2:
hdb_free_entry(context->context, &ent); hdb_free_entry(context->context, &ent);
out: out:
@@ -88,7 +92,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db, 0, &ent);
if(ret == HDB_ERR_NOENTRY) if(ret == HDB_ERR_NOENTRY)
goto out; goto out;
ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data); ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
@@ -98,12 +102,15 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
if(ret) if(ret)
goto out2; goto out2;
hdb_seal_keys(context->db, &ent);
kadm5_log_modify (context, kadm5_log_modify (context,
&ent, &ent,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO); KADM5_KEY_DATA | KADM5_KVNO);
ret = context->db->store(context->context, context->db, 1, &ent); ret = context->db->store(context->context, context->db,
HDB_F_REPLACE, &ent);
out2: out2:
hdb_free_entry(context->context, &ent); hdb_free_entry(context->context, &ent);
out: out:

4
lib/kadm5/create_s.c
View File

@@ -117,6 +117,8 @@ kadm5_s_create_principal_with_key(void *server_handle,
if(ret) if(ret)
goto out; goto out;
hdb_seal_keys(context->db, &ent);
kadm5_log_create (context, &ent); kadm5_log_create (context, &ent);
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
@@ -167,6 +169,8 @@ kadm5_s_create_principal(void *server_handle,
ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1; ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1;
ret = _kadm5_set_keys(context, &ent, password); ret = _kadm5_set_keys(context, &ent, password);
hdb_seal_keys(context->db, &ent);
kadm5_log_create (context, &ent); kadm5_log_create (context, &ent);
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);

7
lib/kadm5/delete_s.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -53,7 +53,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
krb5_warn(context->context, ret, "opening database"); krb5_warn(context->context, ret, "opening database");
return ret; return ret;
} }
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
if(ret == HDB_ERR_NOENTRY) if(ret == HDB_ERR_NOENTRY)
goto out2; goto out2;
if(ent.flags.immutable) { if(ent.flags.immutable) {
@@ -61,6 +62,8 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
goto out; goto out;
} }
hdb_seal_keys(context->db, &ent);
kadm5_log_delete (context, princ); kadm5_log_delete (context, princ);
ret = context->db->remove(context->context, context->db, &ent); ret = context->db->remove(context->context, context->db, &ent);

4
lib/kadm5/get_princs_s.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -104,7 +104,7 @@ kadm5_s_get_principals(void *server_handle,
} }
d.princs = NULL; d.princs = NULL;
d.count = 0; d.count = 0;
ret = hdb_foreach(context->context, context->db, foreach, &d); ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
context->db->close(context->context, context->db); context->db->close(context->context, context->db);
if(ret == 0) if(ret == 0)
ret = add_princ(&d, NULL); ret = add_princ(&d, NULL);

14
lib/kadm5/get_s.c
View File

@@ -54,7 +54,8 @@ kadm5_s_get_principal(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDONLY, 0); ret = context->db->open(context->context, context->db, O_RDONLY, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
context->db->close(context->context, context->db); context->db->close(context->context, context->db);
if(ret) if(ret)
return _kadm5_error_code(ret); return _kadm5_error_code(ret);
@@ -105,8 +106,15 @@ kadm5_s_get_principal(void *server_handle,
if(mask & KADM5_KVNO) if(mask & KADM5_KVNO)
out->kvno = ent.kvno; out->kvno = ent.kvno;
if(mask & KADM5_MKVNO && ent.keys.len) if(mask & KADM5_MKVNO) {
out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */ int n;
out->mkvno = 0; /* XXX */
for(n = 0; n < ent.keys.len; n++)
if(ent.keys.val[n].mkvno) {
out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
break;
}
}
if(mask & KADM5_AUX_ATTRIBUTES) if(mask & KADM5_AUX_ATTRIBUTES)
/* XXX implement */; /* XXX implement */;
if(mask & KADM5_POLICY) if(mask & KADM5_POLICY)

8
lib/kadm5/log.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -483,7 +483,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
return ret; return ret;
ent.principal = log_ent.principal; ent.principal = log_ent.principal;
log_ent.principal = NULL; log_ent.principal = NULL;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
if (ret) if (ret)
return ret; return ret;
if (mask & KADM5_PRINC_EXPIRE_TIME) { if (mask & KADM5_PRINC_EXPIRE_TIME) {
@@ -559,7 +560,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
copy_Key(&log_ent.keys.val[i], copy_Key(&log_ent.keys.val[i],
&ent.keys.val[i]); &ent.keys.val[i]);
} }
ret = context->db->store(context->context, context->db, 1, &ent); ret = context->db->store(context->context, context->db,
HDB_F_REPLACE, &ent);
hdb_free_entry (context->context, &ent); hdb_free_entry (context->context, &ent);
hdb_free_entry (context->context, &log_ent); hdb_free_entry (context->context, &log_ent);
return ret; return ret;

7
lib/kadm5/modify_s.c
View File

@@ -58,7 +58,7 @@ modify_principal(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db, 0, &ent);
if(ret) if(ret)
goto out; goto out;
ret = _kadm5_setup_entry(&ent, princ, NULL, mask); ret = _kadm5_setup_entry(&ent, princ, NULL, mask);
@@ -68,11 +68,14 @@ modify_principal(void *server_handle,
if(ret) if(ret)
goto out2; goto out2;
hdb_seal_keys(context->db, &ent);
kadm5_log_modify (context, kadm5_log_modify (context,
&ent, &ent,
mask | KADM5_MOD_NAME | KADM5_MOD_TIME); mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
ret = context->db->store(context->context, context->db, 1, &ent); ret = context->db->store(context->context, context->db,
HDB_F_REPLACE, &ent);
out2: out2:
hdb_free_entry(context->context, &ent); hdb_free_entry(context->context, &ent);
out: out:

9
lib/kadm5/randkey_s.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -54,7 +54,7 @@ kadm5_s_randkey_principal(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db, 0, &ent);
if(ret == HDB_ERR_NOENTRY) if(ret == HDB_ERR_NOENTRY)
goto out; goto out;
{ {
@@ -90,12 +90,15 @@ kadm5_s_randkey_principal(void *server_handle,
if(ret) if(ret)
goto out2; goto out2;
hdb_seal_keys(context->db, &ent);
kadm5_log_modify (context, kadm5_log_modify (context,
&ent, &ent,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO); KADM5_KEY_DATA | KADM5_KVNO);
ret = context->db->store(context->context, context->db, 1, &ent); ret = context->db->store(context->context, context->db,
HDB_F_REPLACE, &ent);
out2: out2:
hdb_free_entry(context->context, &ent); hdb_free_entry(context->context, &ent);
out: out:

4
lib/kadm5/rename_s.c
View File

@@ -56,7 +56,7 @@ kadm5_s_rename_principal(void *server_handle,
ret = context->db->open(context->context, context->db, O_RDWR, 0); ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) if(ret)
return ret; return ret;
ret = context->db->fetch(context->context, context->db, &ent); ret = context->db->fetch(context->context, context->db, 0, &ent);
if(ret){ if(ret){
context->db->close(context->context, context->db); context->db->close(context->context, context->db);
goto out; goto out;
@@ -87,6 +87,8 @@ kadm5_s_rename_principal(void *server_handle,
ent2.principal = ent.principal; ent2.principal = ent.principal;
ent.principal = target; ent.principal = target;
hdb_seal_keys(context->db, &ent);
kadm5_log_rename (context, kadm5_log_rename (context,
source, source,
&ent); &ent);