adapt to new hdb_seal_keys and hdb_unseal_keys
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9595 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -102,7 +102,7 @@ krb5_error_code
|
|||||||
_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
|
_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
|
||||||
{
|
{
|
||||||
krb5_data key, value;
|
krb5_data key, value;
|
||||||
int code;
|
int code = 0;
|
||||||
|
|
||||||
hdb_principal2key(context, entry->principal, &key);
|
hdb_principal2key(context, entry->principal, &key);
|
||||||
code = db->_get(context, db, key, &value);
|
code = db->_get(context, db, key, &value);
|
||||||
@@ -110,10 +110,13 @@ _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
|
|||||||
if(code)
|
if(code)
|
||||||
return code;
|
return code;
|
||||||
hdb_value2entry(context, &value, entry);
|
hdb_value2entry(context, &value, entry);
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys (context, db, entry);
|
code = hdb_unseal_keys (context, db, entry);
|
||||||
|
if (code)
|
||||||
|
hdb_free_entry(context, entry);
|
||||||
|
}
|
||||||
krb5_data_free(&value);
|
krb5_data_free(&value);
|
||||||
return 0;
|
return code;
|
||||||
}
|
}
|
||||||
|
|
||||||
krb5_error_code
|
krb5_error_code
|
||||||
@@ -123,7 +126,11 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
|
|||||||
int code;
|
int code;
|
||||||
|
|
||||||
hdb_principal2key(context, entry->principal, &key);
|
hdb_principal2key(context, entry->principal, &key);
|
||||||
hdb_seal_keys(context, db, entry);
|
code = hdb_seal_keys(context, db, entry);
|
||||||
|
if (code) {
|
||||||
|
krb5_data_free(&key);
|
||||||
|
return code;
|
||||||
|
}
|
||||||
hdb_entry2value(context, entry, &value);
|
hdb_entry2value(context, entry, &value);
|
||||||
code = db->_put(context, db, flags & HDB_F_REPLACE, key, value);
|
code = db->_put(context, db, flags & HDB_F_REPLACE, key, value);
|
||||||
krb5_data_free(&value);
|
krb5_data_free(&value);
|
||||||
|
|||||||
22
lib/hdb/db.c
22
lib/hdb/db.c
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -102,13 +102,21 @@ DB_seq(krb5_context context, HDB *db,
|
|||||||
data.length = value.size;
|
data.length = value.size;
|
||||||
if (hdb_value2entry(context, &data, entry))
|
if (hdb_value2entry(context, &data, entry))
|
||||||
return DB_seq(context, db, flags, entry, R_NEXT);
|
return DB_seq(context, db, flags, entry, R_NEXT);
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys (context, db, entry);
|
code = hdb_unseal_keys (context, db, entry);
|
||||||
if (entry->principal == NULL) {
|
if (code)
|
||||||
entry->principal = malloc(sizeof(*entry->principal));
|
hdb_free_entry (context, entry);
|
||||||
hdb_key2principal(context, &key_data, entry->principal);
|
|
||||||
}
|
}
|
||||||
return 0;
|
if (code == 0 && entry->principal == NULL) {
|
||||||
|
entry->principal = malloc(sizeof(*entry->principal));
|
||||||
|
if (entry->principal == NULL) {
|
||||||
|
code = ENOMEM;
|
||||||
|
hdb_free_entry (context, entry);
|
||||||
|
} else {
|
||||||
|
hdb_key2principal(context, &key_data, entry->principal);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return code;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -107,11 +107,19 @@ DB_seq(krb5_context context, HDB *db,
|
|||||||
data.length = value.size;
|
data.length = value.size;
|
||||||
if (hdb_value2entry(context, &data, entry))
|
if (hdb_value2entry(context, &data, entry))
|
||||||
return DB_seq(context, db, flags, entry, DB_NEXT);
|
return DB_seq(context, db, flags, entry, DB_NEXT);
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys (context, db, entry);
|
code = hdb_unseal_keys (context, db, entry);
|
||||||
|
if (code)
|
||||||
|
hdb_free_entry (context, entry);
|
||||||
|
}
|
||||||
if (entry->principal == NULL) {
|
if (entry->principal == NULL) {
|
||||||
entry->principal = malloc(sizeof(*entry->principal));
|
entry->principal = malloc(sizeof(*entry->principal));
|
||||||
hdb_key2principal(context, &key_data, entry->principal);
|
if (entry->principal == NULL) {
|
||||||
|
code = ENOMEM;
|
||||||
|
hdb_free_entry (context, entry);
|
||||||
|
} else {
|
||||||
|
hdb_key2principal(context, &key_data, entry->principal);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1999, 2000, PADL Software Pty Ltd.
|
* Copyright (c) 1999 - 2001, PADL Software Pty Ltd.
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
@@ -888,8 +888,11 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
|
|||||||
} while (rc == LDAP_RES_SEARCH_REFERENCE);
|
} while (rc == LDAP_RES_SEARCH_REFERENCE);
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys(context, db, entry);
|
ret = hdb_unseal_keys(context, db, entry);
|
||||||
|
if (ret)
|
||||||
|
hdb_free_entry(context,entry);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -1106,8 +1109,11 @@ LDAP_fetch(krb5_context context, HDB * db, unsigned flags,
|
|||||||
|
|
||||||
ret = LDAP_message2entry(context, db, e, entry);
|
ret = LDAP_message2entry(context, db, e, entry);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys(context, db, entry);
|
ret = hdb_unseal_keys(context, db, entry);
|
||||||
|
if (ret)
|
||||||
|
hdb_free_entry(context,entry);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
@@ -1135,7 +1141,9 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
|
|||||||
e = ldap_first_entry((LDAP *) db->db, msg);
|
e = ldap_first_entry((LDAP *) db->db, msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
hdb_seal_keys(context, db, entry);
|
ret = hdb_seal_keys(context, db, entry);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
/* turn new entry into LDAPMod array */
|
/* turn new entry into LDAPMod array */
|
||||||
ret = LDAP_entry2mods(context, db, entry, e, &mods);
|
ret = LDAP_entry2mods(context, db, entry, e, &mods);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -75,7 +75,7 @@ NDBM_seq(krb5_context context, HDB *db,
|
|||||||
struct ndbm_db *d = (struct ndbm_db *)db->db;
|
struct ndbm_db *d = (struct ndbm_db *)db->db;
|
||||||
datum key, value;
|
datum key, value;
|
||||||
krb5_data key_data, data;
|
krb5_data key_data, data;
|
||||||
krb5_error_code ret;
|
krb5_error_code ret = 0;
|
||||||
|
|
||||||
if(first)
|
if(first)
|
||||||
key = dbm_firstkey(d->db);
|
key = dbm_firstkey(d->db);
|
||||||
@@ -93,13 +93,21 @@ NDBM_seq(krb5_context context, HDB *db,
|
|||||||
data.length = value.dsize;
|
data.length = value.dsize;
|
||||||
if(hdb_value2entry(context, &data, entry))
|
if(hdb_value2entry(context, &data, entry))
|
||||||
return NDBM_seq(context, db, flags, entry, 0);
|
return NDBM_seq(context, db, flags, entry, 0);
|
||||||
if (db->master_key_set && (flags & HDB_F_DECRYPT))
|
if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
|
||||||
hdb_unseal_keys (context, db, entry);
|
ret = hdb_unseal_keys (context, db, entry);
|
||||||
|
if (ret)
|
||||||
|
hdb_free_entry (context, entry);
|
||||||
|
}
|
||||||
if (entry->principal == NULL) {
|
if (entry->principal == NULL) {
|
||||||
entry->principal = malloc (sizeof(*entry->principal));
|
entry->principal = malloc (sizeof(*entry->principal));
|
||||||
hdb_key2principal (context, &key_data, entry->principal);
|
if (entry->principal == NULL) {
|
||||||
|
ret = ENOMEM;
|
||||||
|
hdb_free_entry (context, entry);
|
||||||
|
} else {
|
||||||
|
hdb_key2principal (context, &key_data, entry->principal);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -84,7 +84,9 @@ change(void *server_handle,
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out2;
|
||||||
|
|
||||||
kadm5_log_modify (context,
|
kadm5_log_modify (context,
|
||||||
&ent,
|
&ent,
|
||||||
@@ -156,7 +158,9 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out2;
|
||||||
|
|
||||||
kadm5_log_modify (context,
|
kadm5_log_modify (context,
|
||||||
&ent,
|
&ent,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -124,7 +124,9 @@ kadm5_s_create_principal_with_key(void *server_handle,
|
|||||||
if(ret)
|
if(ret)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
kadm5_log_create (context, &ent);
|
kadm5_log_create (context, &ent);
|
||||||
|
|
||||||
@@ -175,8 +177,12 @@ kadm5_s_create_principal(void *server_handle,
|
|||||||
ent.keys.val[2].salt->type = hdb_pw_salt;
|
ent.keys.val[2].salt->type = hdb_pw_salt;
|
||||||
ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1;
|
ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1;
|
||||||
ret = _kadm5_set_keys(context, &ent, password);
|
ret = _kadm5_set_keys(context, &ent, password);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
kadm5_log_create (context, &ent);
|
kadm5_log_create (context, &ent);
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -57,7 +57,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
kadm5_log_delete (context, princ);
|
kadm5_log_delete (context, princ);
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -63,7 +63,9 @@ modify_principal(void *server_handle,
|
|||||||
if(ret)
|
if(ret)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out2;
|
||||||
|
|
||||||
kadm5_log_modify (context,
|
kadm5_log_modify (context,
|
||||||
&ent,
|
&ent,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -72,7 +72,9 @@ kadm5_s_randkey_principal(void *server_handle,
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret)
|
||||||
|
goto out2;
|
||||||
|
|
||||||
kadm5_log_modify (context,
|
kadm5_log_modify (context,
|
||||||
&ent,
|
&ent,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -82,7 +82,11 @@ kadm5_s_rename_principal(void *server_handle,
|
|||||||
ent2.principal = ent.principal;
|
ent2.principal = ent.principal;
|
||||||
ent.principal = target;
|
ent.principal = target;
|
||||||
|
|
||||||
hdb_seal_keys(context->context, context->db, &ent);
|
ret = hdb_seal_keys(context->context, context->db, &ent);
|
||||||
|
if (ret) {
|
||||||
|
ent.principal = ent2.principal;
|
||||||
|
goto out2;
|
||||||
|
}
|
||||||
|
|
||||||
kadm5_log_rename (context,
|
kadm5_log_rename (context,
|
||||||
source,
|
source,
|
||||||
|
|||||||
Reference in New Issue
Block a user