aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kadm5/srv
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2010-07-06 21:53:23 +0000
committerGreg Hudson <ghudson@mit.edu>2010-07-06 21:53:23 +0000
commit8e78a7eeb7266329891971090d2666f5c6a13ad0 (patch)
treeb5d8a1827176cd1fdc9da5983181ee25c30b31b8 /src/lib/kadm5/srv
parent4a1d6a694452122f71d876e39ee335ea7ee022b6 (diff)
downloadkrb5-8e78a7eeb7266329891971090d2666f5c6a13ad0.zip
krb5-8e78a7eeb7266329891971090d2666f5c6a13ad0.tar.gz
krb5-8e78a7eeb7266329891971090d2666f5c6a13ad0.tar.bz2
Remove count parameters from get_principal, put_principal,
free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/srv')
-rw-r--r--src/lib/kadm5/srv/libkadm5srv_mit.exports1
-rw-r--r--src/lib/kadm5/srv/server_kdb.c53
-rw-r--r--src/lib/kadm5/srv/svr_policy.c25
-rw-r--r--src/lib/kadm5/srv/svr_principal.c457
4 files changed, 244 insertions, 292 deletions
diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports
index fa8d69c..6da95bd 100644
--- a/src/lib/kadm5/srv/libkadm5srv_mit.exports
+++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports
@@ -55,7 +55,6 @@ kadm5_setv4key_principal
kadm5_unlock
kdb_delete_entry
kdb_free_entry
-kdb_get_entry
kdb_init_hist
kdb_init_master
kdb_iter_entry
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index d986b62..cb60971 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -175,7 +175,7 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock,
krb5_kvno *hist_kvno)
{
krb5_error_code ret;
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
krb5_keyblock *mkey;
/* Fetch the history principal, creating it if necessary. */
@@ -189,27 +189,26 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock,
if (ret)
return ret;
- if (kdb.n_key_data <= 0) {
+ if (kdb->n_key_data <= 0) {
ret = KRB5_KDB_NO_MATCHING_KEY;
krb5_set_error_message(handle->context, ret,
"History entry contains no key data");
goto done;
}
- ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb,
- &mkey);
+ ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb, &mkey);
if (ret)
goto done;
- ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb.key_data[0],
+ ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb->key_data[0],
hist_keyblock, NULL);
if (ret)
goto done;
- *hist_kvno = kdb.key_data[0].key_data_kvno;
+ *hist_kvno = kdb->key_data[0].key_data_kvno;
done:
- kdb_free_entry(handle, &kdb, NULL);
+ kdb_free_entry(handle, kdb, NULL);
return ret;
}
@@ -223,7 +222,7 @@ done:
*
* handle (r) the server_handle
* principal (r) the principal to get
- * kdb (w) krb5_db_entry to fill in
+ * kdb (w) krb5_db_entry to create
* adb (w) osa_princ_ent_rec to fill in
*
* when the caller is done with kdb and adb, kdb_free_entry must be
@@ -233,27 +232,21 @@ done:
*/
krb5_error_code
kdb_get_entry(kadm5_server_handle_t handle,
- krb5_principal principal, krb5_db_entry *kdb,
+ krb5_principal principal, krb5_db_entry **kdb_ptr,
osa_princ_ent_rec *adb)
{
krb5_error_code ret;
- int nprincs;
- krb5_boolean more;
krb5_tl_data tl_data;
XDR xdrs;
+ krb5_db_entry *kdb;
- ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
- &more);
- if (ret)
- return(ret);
+ *kdb_ptr = NULL;
- if (more) {
- krb5_db_free_principal(handle->context, kdb, nprincs);
- return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
- } else if (nprincs != 1) {
- krb5_db_free_principal(handle->context, kdb, nprincs);
+ ret = krb5_db_get_principal(handle->context, principal, 0, &kdb);
+ if (ret == KRB5_KDB_NOENTRY)
return(KADM5_UNK_PRINC);
- }
+ if (ret)
+ return(ret);
if (adb) {
memset(adb, 0, sizeof(*adb));
@@ -274,7 +267,7 @@ kdb_get_entry(kadm5_server_handle_t handle,
data will get stored correctly. */
adb->admin_history_kvno = INITIAL_HIST_KVNO;
-
+ *kdb_ptr = kdb;
return(ret);
}
@@ -282,12 +275,13 @@ kdb_get_entry(kadm5_server_handle_t handle,
tl_data.tl_data_length, XDR_DECODE);
if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
xdr_destroy(&xdrs);
- krb5_db_free_principal(handle->context, kdb, 1);
+ krb5_db_free_principal(handle->context, kdb);
return(KADM5_XDR_FAILURE);
}
xdr_destroy(&xdrs);
}
+ *kdb_ptr = kdb;
return(0);
}
@@ -314,7 +308,7 @@ kdb_free_entry(kadm5_server_handle_t handle,
if (kdb)
- krb5_db_free_principal(handle->context, kdb, 1);
+ krb5_db_free_principal(handle->context, kdb);
if (adb) {
xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
@@ -351,7 +345,6 @@ kdb_put_entry(kadm5_server_handle_t handle,
krb5_int32 now;
XDR xdrs;
krb5_tl_data tl_data;
- int one;
ret = krb5_timeofday(handle->context, &now);
if (ret)
@@ -378,12 +371,10 @@ kdb_put_entry(kadm5_server_handle_t handle,
if (ret)
return(ret);
- one = 1;
-
/* we are always updating TL data */
kdb->mask |= KADM5_TL_DATA;
- ret = krb5_db_put_principal(handle->context, kdb, &one);
+ ret = krb5_db_put_principal(handle->context, kdb);
if (ret)
return(ret);
@@ -393,11 +384,11 @@ kdb_put_entry(kadm5_server_handle_t handle,
krb5_error_code
kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name)
{
- int one = 1;
krb5_error_code ret;
- ret = krb5_db_delete_principal(handle->context, name, &one);
-
+ ret = krb5_db_delete_principal(handle->context, name);
+ if (ret == KRB5_KDB_NOENTRY)
+ ret = 0;
return ret;
}
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 1d3ccbc..65f5db1 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -173,7 +173,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
kadm5_server_handle_t handle = server_handle;
osa_policy_ent_t entry;
int ret;
- int cnt=1;
CHECK_HANDLE(server_handle);
@@ -183,10 +182,11 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
return EINVAL;
if(strlen(name) == 0)
return KADM5_BAD_POLICY;
- if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt)))
- return ret;
- if( cnt != 1 )
+ ret = krb5_db_get_policy(handle->context, name, &entry);
+ if (ret == KRB5_KDB_NOENTRY)
return KADM5_UNK_POLICY;
+ else if (ret)
+ return ret;
if(entry->policy_refcnt != 0) {
krb5_db_free_policy(handle->context, entry);
@@ -220,7 +220,6 @@ kadm5_modify_policy_internal(void *server_handle,
kadm5_server_handle_t handle = server_handle;
osa_policy_ent_t p;
int ret;
- int cnt=1;
CHECK_HANDLE(server_handle);
@@ -231,10 +230,11 @@ kadm5_modify_policy_internal(void *server_handle,
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
- if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
- return ret;
- if (cnt != 1)
+ ret = krb5_db_get_policy(handle->context, entry->policy, &p);
+ if (ret == KRB5_KDB_NOENTRY)
return KADM5_UNK_POLICY;
+ else if (ret)
+ return ret;
if ((mask & KADM5_PW_MAX_LIFE))
p->pw_max_life = entry->pw_max_life;
@@ -289,7 +289,6 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
osa_policy_ent_t t;
int ret;
kadm5_server_handle_t handle = server_handle;
- int cnt=1;
CHECK_HANDLE(server_handle);
@@ -299,11 +298,11 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
return EINVAL;
if(strlen(name) == 0)
return KADM5_BAD_POLICY;
- if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt)))
- return ret;
-
- if( cnt != 1 )
+ ret = krb5_db_get_policy(handle->context, name, &t);
+ if (ret == KRB5_KDB_NOENTRY)
return KADM5_UNK_POLICY;
+ else if (ret)
+ return ret;
if ((entry->policy = strdup(t->name)) == NULL) {
krb5_db_free_policy(handle->context, t);
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 451e4ff..6b14d3b 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -224,9 +224,10 @@ kadm5_create_principal_3(void *server_handle,
int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
char *password)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
kadm5_policy_ent_rec polent;
+ krb5_boolean have_polent = FALSE;
krb5_int32 now;
krb5_tl_data *tl_data_orig, *tl_data_tail;
unsigned int ret;
@@ -264,13 +265,16 @@ kadm5_create_principal_3(void *server_handle,
case KADM5_UNK_PRINC:
break;
case 0:
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return KADM5_DUP;
default:
return ret;
}
- memset(&kdb, 0, sizeof(krb5_db_entry));
+ kdb = krb5_db_alloc(handle->context, NULL, sizeof(*kdb));
+ if (kdb == NULL)
+ return ENOMEM;
+ memset(kdb, 0, sizeof(*kdb));
memset(&adb, 0, sizeof(osa_princ_ent_rec));
/*
@@ -280,101 +284,84 @@ kadm5_create_principal_3(void *server_handle,
if ((mask & KADM5_POLICY)) {
if ((ret = kadm5_get_policy(handle->lhandle, entry->policy,
&polent)) != KADM5_OK) {
- if(ret == EINVAL)
- return KADM5_BAD_POLICY;
- else
- return ret;
+ if (ret == EINVAL)
+ ret = KADM5_BAD_POLICY;
+ if (ret)
+ goto cleanup;
}
+ have_polent = TRUE;
}
if (password) {
- ret = passwd_check(handle, password, (mask & KADM5_POLICY),
- &polent, entry->principal);
- if (ret) {
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
- }
+ ret = passwd_check(handle, password, have_polent, &polent,
+ entry->principal);
+ if (ret)
+ goto cleanup;
}
/*
* Start populating the various DB fields, using the
* "defaults" for fields that were not specified by the
* mask.
*/
- if ((ret = krb5_timeofday(handle->context, &now))) {
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
- }
+ if ((ret = krb5_timeofday(handle->context, &now)))
+ goto cleanup;
- kdb.magic = KRB5_KDB_MAGIC_NUMBER;
- kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
+ kdb->magic = KRB5_KDB_MAGIC_NUMBER;
+ kdb->len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
if ((mask & KADM5_ATTRIBUTES))
- kdb.attributes = entry->attributes;
+ kdb->attributes = entry->attributes;
else
- kdb.attributes = handle->params.flags;
+ kdb->attributes = handle->params.flags;
if ((mask & KADM5_MAX_LIFE))
- kdb.max_life = entry->max_life;
+ kdb->max_life = entry->max_life;
else
- kdb.max_life = handle->params.max_life;
+ kdb->max_life = handle->params.max_life;
if (mask & KADM5_MAX_RLIFE)
- kdb.max_renewable_life = entry->max_renewable_life;
+ kdb->max_renewable_life = entry->max_renewable_life;
else
- kdb.max_renewable_life = handle->params.max_rlife;
+ kdb->max_renewable_life = handle->params.max_rlife;
if ((mask & KADM5_PRINC_EXPIRE_TIME))
- kdb.expiration = entry->princ_expire_time;
+ kdb->expiration = entry->princ_expire_time;
else
- kdb.expiration = handle->params.expiration;
+ kdb->expiration = handle->params.expiration;
- kdb.pw_expiration = 0;
- if ((mask & KADM5_POLICY)) {
+ kdb->pw_expiration = 0;
+ if (have_polent) {
if(polent.pw_max_life)
- kdb.pw_expiration = now + polent.pw_max_life;
+ kdb->pw_expiration = now + polent.pw_max_life;
else
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
if ((mask & KADM5_PW_EXPIRATION))
- kdb.pw_expiration = entry->pw_expiration;
+ kdb->pw_expiration = entry->pw_expiration;
- kdb.last_success = 0;
- kdb.last_failed = 0;
- kdb.fail_auth_count = 0;
+ kdb->last_success = 0;
+ kdb->last_failed = 0;
+ kdb->fail_auth_count = 0;
/* this is kind of gross, but in order to free the tl data, I need
to free the entire kdb entry, and that will try to free the
principal. */
if ((ret = kadm5_copy_principal(handle->context,
- entry->principal, &(kdb.princ)))) {
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
- }
+ entry->principal, &(kdb->princ))))
+ goto cleanup;
- if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
- }
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now)))
+ goto cleanup;
if (mask & KADM5_TL_DATA) {
- /* splice entry->tl_data onto the front of kdb.tl_data */
- tl_data_orig = kdb.tl_data;
+ /* splice entry->tl_data onto the front of kdb->tl_data */
+ tl_data_orig = kdb->tl_data;
for (tl_data_tail = entry->tl_data; tl_data_tail;
tl_data_tail = tl_data_tail->tl_data_next)
{
- ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail);
+ ret = krb5_dbe_update_tl_data(handle->context, kdb, tl_data_tail);
if( ret )
- {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
- }
+ goto cleanup;
}
}
@@ -382,42 +369,29 @@ kadm5_create_principal_3(void *server_handle,
ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
active_mkey_list, &act_kvno, &act_mkey);
- if (ret) {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return (ret);
- }
+ if (ret)
+ goto cleanup;
if (password) {
ret = krb5_dbe_cpw(handle->context, act_mkey,
n_ks_tuple?ks_tuple:handle->params.keysalts,
n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
password, (mask & KADM5_KVNO)?entry->kvno:1,
- FALSE, &kdb);
+ FALSE, kdb);
} else {
/* Null password means create with random key (new in 1.8). */
ret = krb5_dbe_crk(handle->context, &master_keyblock,
n_ks_tuple?ks_tuple:handle->params.keysalts,
n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
- FALSE, &kdb);
- }
- if (ret) {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
+ FALSE, kdb);
}
+ if (ret)
+ goto cleanup;
/* Record the master key VNO used to encrypt this entry's keys */
- ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno);
+ ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
if (ret)
- {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
- }
+ goto cleanup;
/* populate the admin-server-specific fields. In the OV server,
this used to be in a separate database. Since there's already
@@ -426,7 +400,7 @@ kadm5_create_principal_3(void *server_handle,
single tl_data record, */
adb.admin_history_kvno = INITIAL_HIST_KVNO;
- if ((mask & KADM5_POLICY)) {
+ if (have_polent) {
adb.aux_attributes = KADM5_POLICY;
/* this does *not* need to be strdup'ed, because adb is xdr */
@@ -437,28 +411,23 @@ kadm5_create_principal_3(void *server_handle,
/* increment the policy ref count, if any */
- if ((mask & KADM5_POLICY)) {
+ if (have_polent) {
polent.policy_refcnt++;
if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
KADM5_REF_COUNT))
- != KADM5_OK) {
- krb5_db_free_principal(handle->context, &kdb, 1);
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
- }
+ != KADM5_OK)
+ goto cleanup;
}
/* In all cases key and the principal data is set, let the database provider know */
- kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ;
+ kdb->mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ;
/* store the new db entry */
- ret = kdb_put_entry(handle, &kdb, &adb);
+ ret = kdb_put_entry(handle, kdb, &adb);
- krb5_db_free_principal(handle->context, &kdb, 1);
if (ret) {
- if ((mask & KADM5_POLICY)) {
+ if (have_polent) {
/* decrement the policy ref count */
polent.policy_refcnt--;
@@ -469,16 +438,13 @@ kadm5_create_principal_3(void *server_handle,
(void) kadm5_modify_policy_internal(handle->lhandle, &polent,
KADM5_REF_COUNT);
}
-
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
}
- if (mask & KADM5_POLICY)
+cleanup:
+ krb5_db_free_principal(handle->context, kdb);
+ if (have_polent)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
-
- return KADM5_OK;
+ return ret;
}
@@ -487,7 +453,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
{
unsigned int ret;
kadm5_policy_ent_rec polent;
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
kadm5_server_handle_t handle = server_handle;
@@ -510,19 +476,19 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
KADM5_REF_COUNT))
!= KADM5_OK) {
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return(ret);
}
}
if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
}
ret = kdb_delete_entry(handle, principal);
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
@@ -534,7 +500,7 @@ kadm5_modify_principal(void *server_handle,
int ret, ret2, i;
kadm5_policy_ent_rec npol, opol;
int have_npol = 0, have_opol = 0;
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
krb5_tl_data *tl_data_orig;
osa_princ_ent_rec adb;
kadm5_server_handle_t handle = server_handle;
@@ -620,13 +586,13 @@ kadm5_modify_principal(void *server_handle,
/* set pw_max_life based on new policy */
if (npol.pw_max_life) {
- ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
- &(kdb.pw_expiration));
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb,
+ &(kdb->pw_expiration));
if (ret)
goto done;
- kdb.pw_expiration += npol.pw_max_life;
+ kdb->pw_expiration += npol.pw_max_life;
} else {
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
}
@@ -646,7 +612,7 @@ kadm5_modify_principal(void *server_handle,
free(adb.policy);
adb.policy = NULL;
adb.aux_attributes &= ~KADM5_POLICY;
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
opol.policy_refcnt--;
break;
default:
@@ -667,19 +633,19 @@ kadm5_modify_principal(void *server_handle,
goto done;
if ((mask & KADM5_ATTRIBUTES))
- kdb.attributes = entry->attributes;
+ kdb->attributes = entry->attributes;
if ((mask & KADM5_MAX_LIFE))
- kdb.max_life = entry->max_life;
+ kdb->max_life = entry->max_life;
if ((mask & KADM5_PRINC_EXPIRE_TIME))
- kdb.expiration = entry->princ_expire_time;
+ kdb->expiration = entry->princ_expire_time;
if (mask & KADM5_PW_EXPIRATION)
- kdb.pw_expiration = entry->pw_expiration;
+ kdb->pw_expiration = entry->pw_expiration;
if (mask & KADM5_MAX_RLIFE)
- kdb.max_renewable_life = entry->max_renewable_life;
+ kdb->max_renewable_life = entry->max_renewable_life;
if((mask & KADM5_KVNO)) {
- for (i = 0; i < kdb.n_key_data; i++)
- kdb.key_data[i].key_data_kvno = entry->kvno;
+ for (i = 0; i < kdb->n_key_data; i++)
+ kdb->key_data[i].key_data_kvno = entry->kvno;
}
if (mask & KADM5_TL_DATA) {
@@ -690,7 +656,7 @@ kadm5_modify_principal(void *server_handle,
for (tl = entry->tl_data; tl;
tl = tl->tl_data_next)
{
- ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl);
+ ret = krb5_dbe_update_tl_data(handle->context, kdb, tl);
if( ret )
{
goto done;
@@ -709,13 +675,13 @@ kadm5_modify_principal(void *server_handle,
goto done;
}
- kdb.fail_auth_count = 0;
+ kdb->fail_auth_count = 0;
}
/* let the mask propagate to the database provider */
- kdb.mask = mask;
+ kdb->mask = mask;
- ret = kdb_put_entry(handle, &kdb, &adb);
+ ret = kdb_put_entry(handle, kdb, &adb);
if (ret) goto done;
ret = KADM5_OK;
@@ -728,7 +694,7 @@ done:
ret2 = kadm5_free_policy_ent(handle->lhandle, &npol);
ret = ret ? ret : ret2;
}
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
@@ -736,7 +702,7 @@ kadm5_ret_t
kadm5_rename_principal(void *server_handle,
krb5_principal source, krb5_principal target)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
int ret, i;
kadm5_server_handle_t handle = server_handle;
@@ -749,7 +715,7 @@ kadm5_rename_principal(void *server_handle,
return EINVAL;
if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) {
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return(KADM5_DUP);
}
@@ -758,28 +724,28 @@ kadm5_rename_principal(void *server_handle,
/* this is kinda gross, but unavoidable */
- for (i=0; i<kdb.n_key_data; i++) {
- if ((kdb.key_data[i].key_data_ver == 1) ||
- (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
+ for (i=0; i<kdb->n_key_data; i++) {
+ if ((kdb->key_data[i].key_data_ver == 1) ||
+ (kdb->key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
ret = KADM5_NO_RENAME_SALT;
goto done;
}
}
- kadm5_free_principal(handle->context, kdb.princ);
- ret = kadm5_copy_principal(handle->context, target, &kdb.princ);
+ kadm5_free_principal(handle->context, kdb->princ);
+ ret = kadm5_copy_principal(handle->context, target, &kdb->princ);
if (ret) {
- kdb.princ = NULL; /* so freeing the dbe doesn't lose */
+ kdb->princ = NULL; /* so freeing the dbe doesn't lose */
goto done;
}
- if ((ret = kdb_put_entry(handle, &kdb, &adb)))
+ if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
ret = kdb_delete_entry(handle, source);
done:
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
@@ -788,7 +754,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
kadm5_principal_ent_t entry,
long in_mask)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
krb5_error_code ret = 0;
long mask;
@@ -826,29 +792,29 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
entry->aux_attributes = adb.aux_attributes;
if ((mask & KADM5_PRINCIPAL) &&
- (ret = krb5_copy_principal(handle->context, kdb.princ,
+ (ret = krb5_copy_principal(handle->context, kdb->princ,
&entry->principal))) {
goto done;
}
if (mask & KADM5_PRINC_EXPIRE_TIME)
- entry->princ_expire_time = kdb.expiration;
+ entry->princ_expire_time = kdb->expiration;
if ((mask & KADM5_LAST_PWD_CHANGE) &&
- (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
+ (ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb,
&(entry->last_pwd_change)))) {
goto done;
}
if (mask & KADM5_PW_EXPIRATION)
- entry->pw_expiration = kdb.pw_expiration;
+ entry->pw_expiration = kdb->pw_expiration;
if (mask & KADM5_MAX_LIFE)
- entry->max_life = kdb.max_life;
+ entry->max_life = kdb->max_life;
/* this is a little non-sensical because the function returns two */
/* values that must be checked separately against the mask */
if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
- ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
+ ret = krb5_dbe_lookup_mod_princ_data(handle->context, kdb,
&(entry->mod_date),
&(entry->mod_name));
if (ret) {
@@ -864,34 +830,34 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
}
if (mask & KADM5_ATTRIBUTES)
- entry->attributes = kdb.attributes;
+ entry->attributes = kdb->attributes;
if (mask & KADM5_KVNO)
- for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++)
- if (kdb.key_data[i].key_data_kvno > entry->kvno)
- entry->kvno = kdb.key_data[i].key_data_kvno;
+ for (entry->kvno = 0, i=0; i<kdb->n_key_data; i++)
+ if (kdb->key_data[i].key_data_kvno > entry->kvno)
+ entry->kvno = kdb->key_data[i].key_data_kvno;
if (mask & KADM5_MKVNO) {
- ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist,
+ ret = krb5_dbe_get_mkvno(handle->context, kdb, master_keylist,
&entry->mkvno);
if (ret)
goto done;
}
if (mask & KADM5_MAX_RLIFE)
- entry->max_renewable_life = kdb.max_renewable_life;
+ entry->max_renewable_life = kdb->max_renewable_life;
if (mask & KADM5_LAST_SUCCESS)
- entry->last_success = kdb.last_success;
+ entry->last_success = kdb->last_success;
if (mask & KADM5_LAST_FAILED)
- entry->last_failed = kdb.last_failed;
+ entry->last_failed = kdb->last_failed;
if (mask & KADM5_FAIL_AUTH_COUNT)
- entry->fail_auth_count = kdb.fail_auth_count;
+ entry->fail_auth_count = kdb->fail_auth_count;
if (mask & KADM5_TL_DATA) {
krb5_tl_data *tl, *tl2;
entry->tl_data = NULL;
- tl = kdb.tl_data;
+ tl = kdb->tl_data;
while (tl) {
if (tl->tl_data_type > 255) {
if ((tl2 = dup_tl_data(tl)) == NULL) {
@@ -907,7 +873,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
}
}
if (mask & KADM5_KEY_DATA) {
- entry->n_key_data = kdb.n_key_data;
+ entry->n_key_data = kdb->n_key_data;
if(entry->n_key_data) {
entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
if (entry->key_data == NULL) {
@@ -919,7 +885,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
for (i = 0; i < entry->n_key_data; i++)
ret = krb5_copy_key_data_contents(handle->context,
- &kdb.key_data[i],
+ &kdb->key_data[i],
&entry->key_data[i]);
if (ret)
goto done;
@@ -932,7 +898,7 @@ done:
krb5_free_principal(handle->context, entry->principal);
entry->principal = NULL;
}
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
@@ -1338,7 +1304,7 @@ kadm5_chpass_principal_3(void *server_handle,
krb5_int32 now;
kadm5_policy_ent_rec pol;
osa_princ_ent_rec adb;
- krb5_db_entry kdb, kdb_save;
+ krb5_db_entry *kdb, *kdb_save;
int ret, ret2, last_pwd, hist_added;
int have_pol = 0;
kadm5_server_handle_t handle = server_handle;
@@ -1365,7 +1331,7 @@ kadm5_chpass_principal_3(void *server_handle,
/* we are going to need the current keys after the new keys are set */
if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) {
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return(ret);
}
@@ -1388,15 +1354,15 @@ kadm5_chpass_principal_3(void *server_handle,
n_ks_tuple?ks_tuple:handle->params.keysalts,
n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
password, 0 /* increment kvno */,
- keepold, &kdb);
+ keepold, kdb);
if (ret)
goto done;
- ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno);
+ ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
if (ret)
goto done;
- kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
ret = krb5_timeofday(handle->context, &now);
if (ret)
@@ -1405,8 +1371,7 @@ kadm5_chpass_principal_3(void *server_handle,
if ((adb.aux_attributes & KADM5_POLICY)) {
/* the policy was loaded before */
- ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd);
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &last_pwd);
if (ret)
goto done;
@@ -1418,7 +1383,7 @@ kadm5_chpass_principal_3(void *server_handle,
* local caller implicitly has all authorization bits.
*/
if ((now - last_pwd) < pol.pw_min_life &&
- !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
ret = KADM5_PASS_TOOSOON;
goto done;
}
@@ -1430,13 +1395,13 @@ kadm5_chpass_principal_3(void *server_handle,
ret = create_history_entry(handle->context,
act_mkey, &hist_keyblock,
- kdb_save.n_key_data,
- kdb_save.key_data, &hist);
+ kdb_save->n_key_data,
+ kdb_save->key_data, &hist);
if (ret)
goto done;
ret = check_pw_reuse(handle->context, act_mkey, &hist_keyblock,
- kdb.n_key_data, kdb.key_data,
+ kdb->n_key_data, kdb->key_data,
1, &hist);
if (ret)
goto done;
@@ -1446,7 +1411,7 @@ kadm5_chpass_principal_3(void *server_handle,
* can't check the history. */
if (adb.admin_history_kvno == hist_kvno) {
ret = check_pw_reuse(handle->context, act_mkey, &hist_keyblock,
- kdb.n_key_data, kdb.key_data,
+ kdb->n_key_data, kdb->key_data,
adb.old_key_len, adb.old_keys);
if (ret)
goto done;
@@ -1460,11 +1425,11 @@ kadm5_chpass_principal_3(void *server_handle,
}
if (pol.pw_max_life)
- kdb.pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = now + pol.pw_max_life;
else
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
} else {
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
#ifdef USE_PASSWORD_SERVER
@@ -1496,28 +1461,27 @@ kadm5_chpass_principal_3(void *server_handle,
}
#endif
- ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
+ ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
if (ret)
goto done;
/* unlock principal on this KDC */
- kdb.fail_auth_count = 0;
+ kdb->fail_auth_count = 0;
/* key data and attributes changed, let the database provider know */
- kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES |
+ kdb->mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES |
KADM5_FAIL_AUTH_COUNT;
/* | KADM5_CPW_FUNCTION */
- if ((ret = kdb_put_entry(handle, &kdb, &adb)))
+ if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
ret = KADM5_OK;
done:
if (!hist_added && hist.key_data)
free_history_entry(handle->context, &hist);
- kdb_free_entry(handle, &kdb, &adb);
- kdb_free_entry(handle, &kdb_save, NULL);
- krb5_db_free_principal(handle->context, &kdb, 1);
+ kdb_free_entry(handle, kdb, &adb);
+ kdb_free_entry(handle, kdb_save, NULL);
krb5_free_keyblock_contents(handle->context, &hist_keyblock);
if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
@@ -1546,7 +1510,7 @@ kadm5_randkey_principal_3(void *server_handle,
krb5_keyblock **keyblocks,
int *n_keys)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
krb5_int32 now;
kadm5_policy_ent_rec pol;
@@ -1584,11 +1548,11 @@ kadm5_randkey_principal_3(void *server_handle,
n_ks_tuple?ks_tuple:handle->params.keysalts,
n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
keepold,
- &kdb);
+ kdb);
if (ret)
goto done;
- kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
ret = krb5_timeofday(handle->context, &now);
if (ret)
@@ -1600,8 +1564,7 @@ kadm5_randkey_principal_3(void *server_handle,
goto done;
have_pol = 1;
- ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd);
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &last_pwd);
if (ret)
goto done;
@@ -1613,45 +1576,45 @@ kadm5_randkey_principal_3(void *server_handle,
* local caller implicitly has all authorization bits.
*/
if((now - last_pwd) < pol.pw_min_life &&
- !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
ret = KADM5_PASS_TOOSOON;
goto done;
}
#endif
if (pol.pw_max_life)
- kdb.pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = now + pol.pw_max_life;
else
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
} else {
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
- ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
+ ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
if (ret)
goto done;
/* unlock principal on this KDC */
- kdb.fail_auth_count = 0;
+ kdb->fail_auth_count = 0;
if (keyblocks) {
ret = decrypt_key_data(handle->context, act_mkey,
- kdb.n_key_data, kdb.key_data,
+ kdb->n_key_data, kdb->key_data,
keyblocks, n_keys);
if (ret)
goto done;
}
/* key data changed, let the database provider know */
- kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+ kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
/* | KADM5_RANDKEY_USED */;
- if ((ret = kdb_put_entry(handle, &kdb, &adb)))
+ if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
ret = KADM5_OK;
done:
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
if (have_pol)
kadm5_free_policy_ent(handle->lhandle, &pol);
@@ -1670,7 +1633,7 @@ kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
krb5_int32 now;
kadm5_policy_ent_rec pol;
@@ -1702,18 +1665,18 @@ kadm5_setv4key_principal(void *server_handle,
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
- for (kvno = 0, i=0; i<kdb.n_key_data; i++)
- if (kdb.key_data[i].key_data_kvno > kvno)
- kvno = kdb.key_data[i].key_data_kvno;
+ for (kvno = 0, i=0; i<kdb->n_key_data; i++)
+ if (kdb->key_data[i].key_data_kvno > kvno)
+ kvno = kdb->key_data[i].key_data_kvno;
- if (kdb.key_data != NULL)
- cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+ if (kdb->key_data != NULL)
+ cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
- kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data));
- if (kdb.key_data == NULL)
+ kdb->key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data));
+ if (kdb->key_data == NULL)
return ENOMEM;
- memset(kdb.key_data, 0, sizeof(krb5_key_data));
- kdb.n_key_data = 1;
+ memset(kdb->key_data, 0, sizeof(krb5_key_data));
+ kdb->n_key_data = 1;
keysalt.type = KRB5_KDB_SALTTYPE_V4;
/* XXX data.magic? */
keysalt.data.length = 0;
@@ -1732,18 +1695,18 @@ kadm5_setv4key_principal(void *server_handle,
}
for (k = 0; k < tmp_key_data.key_data_ver; k++) {
- kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
- kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
+ kdb->key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
+ kdb->key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
if (tmp_key_data.key_data_contents[k]) {
- kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
- if (kdb.key_data->key_data_contents[k] == NULL) {
- cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
- kdb.key_data = NULL;
- kdb.n_key_data = 0;
+ kdb->key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
+ if (kdb->key_data->key_data_contents[k] == NULL) {
+ cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
+ kdb->key_data = NULL;
+ kdb->n_key_data = 0;
ret = ENOMEM;
goto done;
}
- memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+ memcpy (kdb->key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
free (tmp_key_data.key_data_contents[k]);
@@ -1753,7 +1716,7 @@ kadm5_setv4key_principal(void *server_handle,
- kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
ret = krb5_timeofday(handle->context, &now);
if (ret)
@@ -1773,31 +1736,31 @@ kadm5_setv4key_principal(void *server_handle,
* local caller implicitly has all authorization bits.
*/
if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd))
+ kdb, &last_pwd))
goto done;
if((now - last_pwd) < pol.pw_min_life &&
- !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
ret = KADM5_PASS_TOOSOON;
goto done;
}
#endif
if (pol.pw_max_life)
- kdb.pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = now + pol.pw_max_life;
else
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
} else {
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
- ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
+ ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
if (ret)
goto done;
/* unlock principal on this KDC */
- kdb.fail_auth_count = 0;
+ kdb->fail_auth_count = 0;
- if ((ret = kdb_put_entry(handle, &kdb, &adb)))
+ if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
ret = KADM5_OK;
@@ -1809,7 +1772,7 @@ done:
}
}
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
if (have_pol)
kadm5_free_policy_ent(handle->lhandle, &pol);
@@ -1836,7 +1799,7 @@ kadm5_setkey_principal_3(void *server_handle,
krb5_keyblock *keyblocks,
int n_keys)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
krb5_int32 now;
kadm5_policy_ent_rec pol;
@@ -1887,29 +1850,29 @@ kadm5_setkey_principal_3(void *server_handle,
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
- for (kvno = 0, i=0; i<kdb.n_key_data; i++)
- if (kdb.key_data[i].key_data_kvno > kvno)
- kvno = kdb.key_data[i].key_data_kvno;
+ for (kvno = 0, i=0; i<kdb->n_key_data; i++)
+ if (kdb->key_data[i].key_data_kvno > kvno)
+ kvno = kdb->key_data[i].key_data_kvno;
if (keepold) {
- old_key_data = kdb.key_data;
- n_old_keys = kdb.n_key_data;
+ old_key_data = kdb->key_data;
+ n_old_keys = kdb->n_key_data;
} else {
- if (kdb.key_data != NULL)
- cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+ if (kdb->key_data != NULL)
+ cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
n_old_keys = 0;
old_key_data = NULL;
}
- kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys)
- *sizeof(krb5_key_data));
- if (kdb.key_data == NULL) {
+ kdb->key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys)
+ *sizeof(krb5_key_data));
+ if (kdb->key_data == NULL) {
ret = ENOMEM;
goto done;
}
- memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data));
- kdb.n_key_data = 0;
+ memset(kdb->key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data));
+ kdb->n_key_data = 0;
for (i = 0; i < n_keys; i++) {
if (n_ks_tuple) {
@@ -1935,7 +1898,7 @@ kadm5_setkey_principal_3(void *server_handle,
if (ret)
goto done;
- tptr = &kdb.key_data[i];
+ tptr = &kdb->key_data[i];
tptr->key_data_ver = tmp_key_data.key_data_ver;
tptr->key_data_kvno = tmp_key_data.key_data_kvno;
for (k = 0; k < tmp_key_data.key_data_ver; k++) {
@@ -1962,21 +1925,21 @@ kadm5_setkey_principal_3(void *server_handle,
tmp_key_data.key_data_contents[k] = NULL;
}
}
- kdb.n_key_data++;
+ kdb->n_key_data++;
}
/* copy old key data if necessary */
for (i = 0; i < n_old_keys; i++) {
- kdb.key_data[i+n_keys] = old_key_data[i];
+ kdb->key_data[i+n_keys] = old_key_data[i];
memset(&old_key_data[i], 0, sizeof (krb5_key_data));
- kdb.n_key_data++;
+ kdb->n_key_data++;
}
if (old_key_data)
krb5_db_free(handle->context, old_key_data);
- /* assert(kdb.n_key_data == n_keys + n_old_keys) */
- kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ /* assert(kdb->n_key_data == n_keys + n_old_keys) */
+ kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
if ((ret = krb5_timeofday(handle->context, &now)))
goto done;
@@ -1995,35 +1958,35 @@ kadm5_setkey_principal_3(void *server_handle,
* local caller implicitly has all authorization bits.
*/
if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd))
+ kdb, &last_pwd))
goto done;
if((now - last_pwd) < pol.pw_min_life &&
- !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
ret = KADM5_PASS_TOOSOON;
goto done;
}
#endif
if (pol.pw_max_life)
- kdb.pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = now + pol.pw_max_life;
else
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
} else {
- kdb.pw_expiration = 0;
+ kdb->pw_expiration = 0;
}
- if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now)))
goto done;
/* unlock principal on this KDC */
- kdb.fail_auth_count = 0;
+ kdb->fail_auth_count = 0;
- if ((ret = kdb_put_entry(handle, &kdb, &adb)))
+ if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
ret = KADM5_OK;
done:
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
if (have_pol)
kadm5_free_policy_ent(handle->lhandle, &pol);
@@ -2040,7 +2003,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
krb5_keyblock **keyblocks /* OUT */,
int *n_keys /* OUT */)
{
- krb5_db_entry kdb;
+ krb5_db_entry *kdb;
osa_princ_ent_rec adb;
kadm5_ret_t ret;
kadm5_server_handle_t handle = server_handle;
@@ -2058,7 +2021,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
return(ret);
if (keyblocks) {
- if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb,
+ if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb,
&mkey_ptr))) {
krb5_keylist_node *tmp_mkey_list;
/* try refreshing master key list */
@@ -2069,7 +2032,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
krb5_dbe_free_key_list(handle->context, master_keylist);
master_keylist = tmp_mkey_list;
if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist,
- &kdb, &mkey_ptr))) {
+ kdb, &mkey_ptr))) {
goto done;
}
} else {
@@ -2078,7 +2041,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
}
ret = decrypt_key_data(handle->context, mkey_ptr,
- kdb.n_key_data, kdb.key_data,
+ kdb->n_key_data, kdb->key_data,
keyblocks, n_keys);
if (ret)
goto done;
@@ -2086,7 +2049,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
ret = KADM5_OK;
done:
- kdb_free_entry(handle, &kdb, &adb);
+ kdb_free_entry(handle, kdb, &adb);
return ret;
}
generated by cgit v1.1 at 2024-07-09 02:17:31 +0000