diff --git a/lib/hdb/hdb.c b/lib/hdb/hdb.c index a06bb7584..5d940f3ab 100644 --- a/lib/hdb/hdb.c +++ b/lib/hdb/hdb.c @@ -20,7 +20,6 @@ void hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal *p) { krb5_storage *sp; - int32_t tmp; sp = krb5_storage_from_mem(key->data, key->length); krb5_ret_principal(sp, p); krb5_storage_free(sp); @@ -31,10 +30,14 @@ hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value) { krb5_storage *sp; sp = krb5_storage_emem(); - krb5_store_keyblock(sp, ent->keyblock); krb5_store_int32(sp, ent->kvno); + krb5_store_keyblock(sp, ent->keyblock); krb5_store_int32(sp, ent->max_life); krb5_store_int32(sp, ent->max_renew); + krb5_store_int32(sp, ent->last_change); + krb5_store_principal(sp, ent->changed_by); + krb5_store_int32(sp, ent->expires); + krb5_store_int32(sp, ent->u.flags); krb5_storage_to_data(sp, value); krb5_storage_free(sp); } @@ -42,23 +45,35 @@ hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value) void hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent) { + /* XXX must check return values */ krb5_storage *sp; int32_t tmp; sp = krb5_storage_from_mem(value->data, value->length); - krb5_ret_keyblock(sp, &ent->keyblock); krb5_ret_int32(sp, &tmp); ent->kvno = tmp; + krb5_ret_keyblock(sp, &ent->keyblock); krb5_ret_int32(sp, &tmp); ent->max_life = tmp; krb5_ret_int32(sp, &tmp); ent->max_renew = tmp; + krb5_ret_int32(sp, &tmp); + ent->last_change = tmp; + krb5_ret_principal(sp, &ent->changed_by); + krb5_ret_int32(sp, &tmp); + ent->expires = tmp; + krb5_ret_int32(sp, &tmp); + ent->u.flags = tmp; krb5_storage_free(sp); } - -#ifdef HAVE_DB_H - -#endif +void +hdb_free_entry(krb5_context context, hdb_entry *ent) +{ + krb5_free_principal(context, ent->principal); + krb5_free_keyblock(context, &ent->keyblock); + krb5_free_principal(context, ent->changed_by); +} + krb5_error_code @@ -68,9 +83,10 @@ hdb_open(krb5_context context, HDB **db, if(filename == NULL) filename = HDB_DEFAULT_DB; #ifdef HAVE_DB_H - return hdb_db_open(context,db, filename, flags, mode); + return hdb_db_open(context, db, filename, flags, mode); #elif HAVE_NDBM_H - return hdb_ndbm_open(context,db, filename, flags, mode); + return hdb_ndbm_open(context, db, filename, flags, mode); +#else +#error No suitable database library #endif - return 17; } diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h index 437d888bd..c43b29494 100644 --- a/lib/hdb/hdb.h +++ b/lib/hdb/hdb.h @@ -6,11 +6,25 @@ #include typedef struct hdb_entry{ - krb5_principal principal; - krb5_keyblock keyblock; - int kvno; - time_t max_life; - time_t max_renew; + krb5_principal principal; /* Principal */ + int kvno; /* Key version number */ + krb5_keyblock keyblock; /* Key matching vno */ + time_t max_life; /* Max ticket lifetime */ + time_t max_renew; /* Max renewable ticket */ + time_t last_change; /* Time of last update */ + krb5_principal changed_by; /* Who did last update */ + time_t expires; /* Time when principal expires */ + union { + int flags; + struct { + int initial:1; /* Require AS_REQ */ + int forwardable:1; /* Ticket may be forwardable */ + int renewable:1; /* Ticket may be renewable */ + int allow_postdate:1; /* Ticket may be postdated */ + int server:1; /* Principal may be server */ + int locked:1; /* Principal is locked */ + }s; + }u; }hdb_entry; typedef struct HDB{ @@ -24,6 +38,7 @@ typedef struct HDB{ krb5_error_code (*nextkey)(krb5_context, struct HDB*, hdb_entry*); }HDB; +void hdb_free_entry(krb5_context, hdb_entry*); krb5_error_code hdb_db_open(krb5_context, HDB**, const char*, int, mode_t); krb5_error_code hdb_ndbm_open(krb5_context, HDB**, const char*, int, mode_t); krb5_error_code hdb_open(krb5_context, HDB**, const char*, int, mode_t);