diff options
author | Will Fiveash <will.fiveash@oracle.com> | 2009-01-13 01:17:16 +0000 |
---|---|---|
committer | Will Fiveash <will.fiveash@oracle.com> | 2009-01-13 01:17:16 +0000 |
commit | ec9ade5c57cc9275dc103a52d3483fc5fbc6d52e (patch) | |
tree | 6cf5e8bc598099261c9a2385b4423535348b3521 /src/lib | |
parent | 9002edc53df996fd9ab740e6652b8eadf31b8cb3 (diff) | |
download | krb5-ec9ade5c57cc9275dc103a52d3483fc5fbc6d52e.zip krb5-ec9ade5c57cc9275dc103a52d3483fc5fbc6d52e.tar.gz krb5-ec9ade5c57cc9275dc103a52d3483fc5fbc6d52e.tar.bz2 |
Added kdb5_util list_mkeys command, cleaned up some code formatting
(removed hard tabs), added logic to add default actkvno tl_data when
creating a new mkey princ.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21739 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/kadm5/srv/server_kdb.c | 2 | ||||
-rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 18 | ||||
-rw-r--r-- | src/lib/kdb/kdb5.c | 465 | ||||
-rw-r--r-- | src/lib/kdb/kdb_default.c | 18 | ||||
-rw-r--r-- | src/lib/kdb/keytab.c | 2 | ||||
-rw-r--r-- | src/lib/kdb/libkdb5.exports | 4 | ||||
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 |
7 files changed, 274 insertions, 236 deletions
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 63c098b..70403ce 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -16,7 +16,7 @@ static char *rcsid = "$Header$"; krb5_principal master_princ; krb5_keyblock master_keyblock; /* local mkey */ -krb5_keyblock_node *master_keylist = NULL; +krb5_keylist_node *master_keylist = NULL; krb5_actkvno_node *active_mkey_list = NULL; krb5_db_entry master_db; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 2ab499f..f21b6f5 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -11,6 +11,7 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <sys/time.h> #include <errno.h> +#include <k5-int.h> #include <kadm5/admin.h> #include <kdb.h> #include <stdio.h> @@ -26,8 +27,7 @@ static char *rcsid = "$Header$"; extern krb5_principal master_princ; extern krb5_principal hist_princ; -/* extern krb5_keyblock master_keyblock; */ -extern krb5_keyblock_node *master_keylist; +extern krb5_keylist_node *master_keylist; extern krb5_actkvno_node *active_mkey_list; extern krb5_keyblock hist_key; extern krb5_db_entry master_db; @@ -201,6 +201,7 @@ kadm5_create_principal_3(void *server_handle, unsigned int ret; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; + krb5_kvno act_kvno; CHECK_HANDLE(server_handle); @@ -344,7 +345,7 @@ kadm5_create_principal_3(void *server_handle, /* initialize the keys */ ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_mkey); + active_mkey_list, &act_kvno, &act_mkey); if (ret) return (ret); @@ -360,9 +361,8 @@ kadm5_create_principal_3(void *server_handle, return(ret); } - /* XXX WAF: this needs to be changed to use real mkvno */ /* Record the master key VNO used to encrypt this entry's keys */ - ret = krb5_dbe_update_mkvno(handle->context, &kdb, 1); + ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno); if (ret) { krb5_db_free_principal(handle->context, &kdb, 1); @@ -1362,7 +1362,7 @@ kadm5_chpass_principal_3(void *server_handle, goto done; ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) goto done; @@ -1541,7 +1541,7 @@ kadm5_randkey_principal_3(void *server_handle, return(ret); ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) goto done; @@ -1707,7 +1707,7 @@ kadm5_setv4key_principal(void *server_handle, keysalt.data.data = NULL; ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) goto done; @@ -1926,7 +1926,7 @@ kadm5_setkey_principal_3(void *server_handle, memset (&tmp_key_data, 0, sizeof(tmp_key_data)); ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) goto done; diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index f5e9e5c..c9bf7cd 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1441,22 +1441,22 @@ krb5_db_set_mkey(krb5_context context, krb5_keyblock * key) krb5_error_code krb5_db_set_mkey_list(krb5_context kcontext, - krb5_keyblock_node * keylist) + krb5_keylist_node * keylist) { krb5_error_code status = 0; kdb5_dal_handle *dal_handle; if (kcontext->dal_handle == NULL) { - status = kdb_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } } dal_handle = kcontext->dal_handle; status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); if (status) { - goto clean_n_exit; + goto clean_n_exit; } status = dal_handle->lib_handle->vftabl.set_master_key_list(kcontext, keylist); @@ -1464,7 +1464,7 @@ krb5_db_set_mkey_list(krb5_context kcontext, kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: +clean_n_exit: return status; } @@ -1498,22 +1498,22 @@ krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key) } krb5_error_code -krb5_db_get_mkey_list(krb5_context kcontext, krb5_keyblock_node ** keylist) +krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) { krb5_error_code status = 0; kdb5_dal_handle *dal_handle; if (kcontext->dal_handle == NULL) { - status = kdb_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } } dal_handle = kcontext->dal_handle; status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); if (status) { - goto clean_n_exit; + goto clean_n_exit; } /* Let's use temp key and copy it later to avoid memory problems @@ -1522,7 +1522,7 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keyblock_node ** keylist) get_errmsg(kcontext, status); kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: +clean_n_exit: return status; } @@ -1531,35 +1531,35 @@ krb5_db_fetch_mkey_list(krb5_context context, krb5_principal mname, const krb5_keyblock * mkey, krb5_kvno mkvno, - krb5_keyblock_node **mkey_list) + krb5_keylist_node **mkey_list) { - kdb5_dal_handle *dal_handle; - krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + krb5_error_code status = 0; - if (context->dal_handle == NULL) { - status = kdb_setup_lib_handle(context); - if (status) { - goto clean_n_exit; - } - } + if (context->dal_handle == NULL) { + status = kdb_setup_lib_handle(context); + if (status) { + goto clean_n_exit; + } + } - dal_handle = context->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } + dal_handle = context->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } - status = dal_handle->lib_handle->vftabl.fetch_master_key_list(context, - mname, - mkey, - mkvno, - mkey_list); - get_errmsg(context, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + status = dal_handle->lib_handle->vftabl.fetch_master_key_list(context, + mname, + mkey, + mkvno, + mkey_list); + get_errmsg(context, status); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } + if (status) { + goto clean_n_exit; + } clean_n_exit: return status; @@ -1567,15 +1567,15 @@ clean_n_exit: krb5_error_code krb5_db_free_mkey_list(krb5_context context, - krb5_keyblock_node *mkey_list) + krb5_keylist_node *mkey_list) { - krb5_keyblock_node *cur, *prev; + krb5_keylist_node *cur, *prev; for (cur = mkey_list; cur != NULL;) { - prev = cur; - cur = cur->next; - krb5_free_keyblock_contents(context, &prev->keyblock); - krb5_xfree(prev); + prev = cur; + cur = cur->next; + krb5_free_keyblock_contents(context, &prev->keyblock); + krb5_xfree(prev); } return 0; @@ -1889,8 +1889,8 @@ clean_n_exit: krb5_error_code krb5_dbe_fetch_act_mkey_list(krb5_context context, - krb5_principal mprinc, - krb5_actkvno_node **act_mkey_list) + krb5_principal mprinc, + krb5_actkvno_node **act_mkey_list) { krb5_error_code retval = 0; krb5_db_entry master_entry; @@ -1898,24 +1898,45 @@ krb5_dbe_fetch_act_mkey_list(krb5_context context, krb5_boolean more; if (act_mkey_list == NULL) - return (EINVAL); + return (EINVAL); nprinc = 1; if ((retval = krb5_db_get_principal(context, mprinc, - &master_entry, &nprinc, &more))) - return (retval); - + &master_entry, &nprinc, &more))) + return (retval); + if (nprinc != 1) { - if (nprinc) - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5_KDB_NOMASTERKEY); + if (nprinc) + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(context, &master_entry, nprinc); - return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + krb5_db_free_principal(context, &master_entry, nprinc); + return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } retval = krb5_dbe_lookup_actkvno(context, &master_entry, act_mkey_list); + if (*act_mkey_list == NULL) { + krb5_actkvno_node *tmp_actkvno; + krb5_timestamp now; + /* + * for mkey princ entries without KRB5_TL_ACTKVNO data provide a default + */ + + if ((retval = krb5_timeofday(context, &now))) + return (retval); + + tmp_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); + if (tmp_actkvno == NULL) + return (ENOMEM); + + tmp_actkvno->act_time = now; + tmp_actkvno->act_kvno = master_entry.key_data[0].key_data_kvno; + tmp_actkvno->next = NULL; + + *act_mkey_list = tmp_actkvno; + } + krb5_db_free_principal(context, &master_entry, nprinc); return retval; } @@ -1927,13 +1948,14 @@ krb5_dbe_fetch_act_mkey_list(krb5_context context, krb5_error_code krb5_dbe_find_act_mkey(krb5_context context, - krb5_keyblock_node *mkey_list, + krb5_keylist_node *mkey_list, krb5_actkvno_node *act_mkey_list, + krb5_kvno *act_kvno, krb5_keyblock **act_mkey) { - krb5_kvno act_kvno; + krb5_kvno tmp_act_kvno; krb5_error_code retval; - krb5_keyblock_node *cur_keyblock = mkey_list; + krb5_keylist_node *cur_keyblock = mkey_list; krb5_actkvno_node *prev_actkvno, *cur_actkvno; krb5_timestamp now; krb5_boolean found = FALSE; @@ -1954,11 +1976,11 @@ krb5_dbe_find_act_mkey(krb5_context context, prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { if (cur_actkvno->act_time == now) { - act_kvno = cur_actkvno->act_kvno; + tmp_act_kvno = cur_actkvno->act_kvno; found = TRUE; break; } else if (cur_actkvno->act_time > now && prev_actkvno->act_time <= now) { - act_kvno = prev_actkvno->act_kvno; + tmp_act_kvno = prev_actkvno->act_kvno; found = TRUE; break; } @@ -1970,18 +1992,20 @@ krb5_dbe_find_act_mkey(krb5_context context, * the latest entry. */ if (prev_actkvno->act_time <= now) { - act_kvno = prev_actkvno->act_kvno; + tmp_act_kvno = prev_actkvno->act_kvno; } else { /* XXX this shouldn't happen */ return (KRB5_KDB_NOACTMASTERKEY); } } - while (cur_keyblock && cur_keyblock->kvno != act_kvno) + while (cur_keyblock && cur_keyblock->kvno != tmp_act_kvno) cur_keyblock = cur_keyblock->next; if (cur_keyblock) { *act_mkey = &cur_keyblock->keyblock; + if (act_kvno != NULL) + *act_kvno = tmp_act_kvno; return (0); } else { return (KRB5_KDB_NO_MATCHING_KEY); @@ -1993,27 +2017,27 @@ krb5_dbe_find_act_mkey(krb5_context context, * free the output key. */ krb5_error_code -krb5_dbe_find_mkey(krb5_context context, - krb5_keyblock_node *mkey_list, +krb5_dbe_find_mkey(krb5_context context, + krb5_keylist_node *mkey_list, krb5_db_entry *entry, krb5_keyblock **mkey) { krb5_kvno mkvno; krb5_error_code retval; - krb5_keyblock_node *cur_keyblock = mkey_list; + krb5_keylist_node *cur_keyblock = mkey_list; retval = krb5_dbe_lookup_mkvno(context, entry, &mkvno); if (retval) - return (retval); + return (retval); while (cur_keyblock && cur_keyblock->kvno != mkvno) - cur_keyblock = cur_keyblock->next; + cur_keyblock = cur_keyblock->next; if (cur_keyblock) { - *mkey = &cur_keyblock->keyblock; - return (0); + *mkey = &cur_keyblock->keyblock; + return (0); } else { - return (KRB5_KDB_NO_MATCHING_KEY); + return (KRB5_KDB_NO_MATCHING_KEY); } } @@ -2307,15 +2331,14 @@ krb5_dbe_lookup_mkvno(krb5_context context, krb5_error_code krb5_dbe_update_mkvno(krb5_context context, - krb5_db_entry * entry, - krb5_kvno mkvno) + krb5_db_entry * entry, + krb5_kvno mkvno) { krb5_tl_data tl_data; - krb5_octet buf[2]; /* this is the encoded size of an int16 */ + krb5_octet buf[2]; /* this is the encoded size of an int16 */ tl_data.tl_data_type = KRB5_TL_MKVNO; tl_data.tl_data_length = sizeof(buf); - /* use standard encoding */ krb5_kdb_encode_int16((krb5_ui_2) mkvno, buf); tl_data.tl_data_contents = buf; @@ -2323,80 +2346,81 @@ krb5_dbe_update_mkvno(krb5_context context, } krb5_error_code -krb5_dbe_lookup_mkey_aux(krb5_context context, - krb5_db_entry * entry, - krb5_mkey_aux_node ** mkey_aux_data_list) +krb5_dbe_lookup_mkey_aux(krb5_context context, + krb5_db_entry * entry, + krb5_mkey_aux_node ** mkey_aux_data_list) { krb5_tl_data tl_data; krb5_int16 version; krb5_mkey_aux_node *head_data = NULL, *new_data = NULL, - *prev_data = NULL; + *prev_data = NULL; krb5_octet *curloc; /* current location pointer */ krb5_error_code code; tl_data.tl_data_type = KRB5_TL_MKEY_AUX; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_contents == NULL) { - *mkey_aux_data_list = NULL; - return (0); + *mkey_aux_data_list = NULL; + return (0); } else { - /* get version to determine how to parse the data */ - krb5_kdb_decode_int16(tl_data.tl_data_contents, version); - if (version == KRB5_TL_MKEY_AUX_VER_1) { - - /* curloc points to first tuple entry in the tl_data_contents */ - curloc = tl_data.tl_data_contents + sizeof(version); - - while (curloc != (tl_data.tl_data_contents + tl_data.tl_data_length)) { - assert(curloc < tl_data.tl_data_contents + tl_data.tl_data_length); - - new_data = (krb5_mkey_aux_node *) malloc(sizeof(krb5_mkey_aux_node)); - if (new_data == NULL) { - krb5_free_mkey_aux_list(context, head_data); - return (ENOMEM); - } - krb5_kdb_decode_int16(curloc, new_data->mkey_kvno); - curloc += sizeof(krb5_ui_2); - krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_kvno); - curloc += sizeof(krb5_ui_2); - krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_type[0]); - curloc += sizeof(krb5_ui_2); - krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_length[0]); - curloc += sizeof(krb5_ui_2); - - new_data->latest_mkey.key_data_contents[0] = (krb5_octet *) - malloc(new_data->latest_mkey.key_data_length[0]); - - if (new_data->latest_mkey.key_data_contents[0] == NULL) { - krb5_free_mkey_aux_list(context, head_data); - return (ENOMEM); - } - memcpy(new_data->latest_mkey.key_data_contents[0], curloc, new_data->latest_mkey.key_data_length[0]); - - new_data->next = NULL; - if (prev_data != NULL) - prev_data->next = new_data; - else - head_data = new_data; - prev_data = new_data; - } - } else { - krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, - "Illegal version number for KRB5_TL_MKEY_AUX %d\n", - version); - return (KRB5_KDB_BAD_VERSION); - } + /* get version to determine how to parse the data */ + krb5_kdb_decode_int16(tl_data.tl_data_contents, version); + if (version == KRB5_TL_MKEY_AUX_VER_1) { + + /* curloc points to first tuple entry in the tl_data_contents */ + curloc = tl_data.tl_data_contents + sizeof(version); + + while (curloc != (tl_data.tl_data_contents + tl_data.tl_data_length)) { + assert(curloc < tl_data.tl_data_contents + tl_data.tl_data_length); + + new_data = (krb5_mkey_aux_node *) malloc(sizeof(krb5_mkey_aux_node)); + if (new_data == NULL) { + krb5_free_mkey_aux_list(context, head_data); + return (ENOMEM); + } + krb5_kdb_decode_int16(curloc, new_data->mkey_kvno); + curloc += sizeof(krb5_ui_2); + krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_kvno); + curloc += sizeof(krb5_ui_2); + krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_type[0]); + curloc += sizeof(krb5_ui_2); + krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_length[0]); + curloc += sizeof(krb5_ui_2); + + new_data->latest_mkey.key_data_contents[0] = (krb5_octet *) + malloc(new_data->latest_mkey.key_data_length[0]); + + if (new_data->latest_mkey.key_data_contents[0] == NULL) { + krb5_free_mkey_aux_list(context, head_data); + return (ENOMEM); + } + memcpy(new_data->latest_mkey.key_data_contents[0], curloc, + new_data->latest_mkey.key_data_length[0]); + + new_data->next = NULL; + if (prev_data != NULL) + prev_data->next = new_data; + else + head_data = new_data; + prev_data = new_data; + } + } else { + krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, + "Illegal version number for KRB5_TL_MKEY_AUX %d\n", + version); + return (KRB5_KDB_BAD_VERSION); + } } *mkey_aux_data_list = head_data; return (0); } krb5_error_code -krb5_dbe_update_mkey_aux(krb5_context context, - krb5_db_entry * entry, - krb5_mkey_aux_node * mkey_aux_data_list) +krb5_dbe_update_mkey_aux(krb5_context context, + krb5_db_entry * entry, + krb5_mkey_aux_node * mkey_aux_data_list) { krb5_tl_data tl_data; krb5_int16 version; @@ -2408,38 +2432,48 @@ krb5_dbe_update_mkey_aux(krb5_context context, * determine out how much space to allocate */ tl_data.tl_data_length = sizeof(version); /* version */ - for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL; aux_data_entry = aux_data_entry->next) { - tl_data.tl_data_length += sizeof(krb5_ui_2); /* mkey_kvno */ - tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey kvno */ - tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey enctype */ - tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey length */ - tl_data.tl_data_length += aux_data_entry->latest_mkey.key_data_length[0]; /* mkey data */ + for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL; + aux_data_entry = aux_data_entry->next) { + tl_data.tl_data_length += sizeof(krb5_ui_2); /* mkey_kvno */ + tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey kvno */ + tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey enctype */ + tl_data.tl_data_length += sizeof(krb5_ui_2); /* latest_mkey length */ + tl_data.tl_data_length += + aux_data_entry->latest_mkey.key_data_length[0]; /* mkey data */ } tl_data.tl_data_contents = (krb5_octet *) malloc(tl_data.tl_data_length); if (tl_data.tl_data_contents == NULL) { - return (ENOMEM); + return (ENOMEM); } nextloc = tl_data.tl_data_contents; /* version */ - krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_MKEY_AUX_VER_1, (unsigned char *)nextloc); + krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_MKEY_AUX_VER_1, + (unsigned char *)nextloc); nextloc += sizeof(krb5_ui_2); - for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL; aux_data_entry = aux_data_entry->next) { - krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->mkey_kvno, (unsigned char *)nextloc); - nextloc += sizeof(krb5_ui_2); - krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_kvno, (unsigned char *)nextloc); - nextloc += sizeof(krb5_ui_2); - krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_type[0], (unsigned char *)nextloc); - nextloc += sizeof(krb5_ui_2); - krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_length[0], (unsigned char *)nextloc); - nextloc += sizeof(krb5_ui_2); - - if (aux_data_entry->latest_mkey.key_data_length[0] > 0) { - memcpy(nextloc, aux_data_entry->latest_mkey.key_data_contents[0], - aux_data_entry->latest_mkey.key_data_length[0]); - nextloc += aux_data_entry->latest_mkey.key_data_length[0]; - } + + for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL; + aux_data_entry = aux_data_entry->next) { + + krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->mkey_kvno, + (unsigned char *)nextloc); + nextloc += sizeof(krb5_ui_2); + krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_kvno, + (unsigned char *)nextloc); + nextloc += sizeof(krb5_ui_2); + krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_type[0], + (unsigned char *)nextloc); + nextloc += sizeof(krb5_ui_2); + krb5_kdb_encode_int16((krb5_ui_2)aux_data_entry->latest_mkey.key_data_length[0], + (unsigned char *)nextloc); + nextloc += sizeof(krb5_ui_2); + + if (aux_data_entry->latest_mkey.key_data_length[0] > 0) { + memcpy(nextloc, aux_data_entry->latest_mkey.key_data_contents[0], + aux_data_entry->latest_mkey.key_data_length[0]); + nextloc += aux_data_entry->latest_mkey.key_data_length[0]; + } } return (krb5_dbe_update_tl_data(context, entry, &tl_data)); @@ -2456,8 +2490,8 @@ krb5_dbe_update_mkey_aux(krb5_context context, krb5_error_code krb5_dbe_lookup_actkvno(krb5_context context, - krb5_db_entry *entry, - krb5_actkvno_node **actkvno_list) + krb5_db_entry *entry, + krb5_actkvno_node **actkvno_list) { krb5_tl_data tl_data; krb5_error_code code; @@ -2469,56 +2503,59 @@ krb5_dbe_lookup_actkvno(krb5_context context, tl_data.tl_data_type = KRB5_TL_ACTKVNO; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_contents == NULL) { - *actkvno_list = NULL; - return (0); + *actkvno_list = NULL; + return (0); } else { - /* get version to determine how to parse the data */ - krb5_kdb_decode_int16(tl_data.tl_data_contents, version); - if (version == KRB5_TL_ACTKVNO_VER_1) { - /* - * Find number of tuple entries, remembering to account for version - * field. - */ - num_actkvno = (tl_data.tl_data_length - sizeof(version)) / ACTKVNO_TUPLE_SIZE; - prev_data = NULL; - /* next_tuple points to first tuple entry in the tl_data_contents */ - next_tuple = tl_data.tl_data_contents + sizeof(version); - for (i = 0; i < num_actkvno; i++) { - new_data = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); - if (new_data == NULL) { - krb5_free_actkvno_list(context, head_data); - return (ENOMEM); - } - krb5_kdb_decode_int16(act_kvno(next_tuple), new_data->act_kvno); - krb5_kdb_decode_int32(act_time(next_tuple), new_data->act_time); - /* XXX WAF: may be able to deal with list pointers in a better - * way, see add_mkey() */ - new_data->next = NULL; - if (prev_data != NULL) - prev_data->next = new_data; - else - head_data = new_data; - prev_data = new_data; - next_tuple += ACTKVNO_TUPLE_SIZE; - } - } else { - krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, - "Illegal version number for KRB5_TL_ACTKVNO %d\n", - version); - return (KRB5_KDB_BAD_VERSION); - } + /* get version to determine how to parse the data */ + krb5_kdb_decode_int16(tl_data.tl_data_contents, version); + if (version == KRB5_TL_ACTKVNO_VER_1) { + /* + * Find number of tuple entries, remembering to account for version + * field. + */ + num_actkvno = (tl_data.tl_data_length - sizeof(version)) / ACTKVNO_TUPLE_SIZE; + prev_data = NULL; + /* next_tuple points to first tuple entry in the tl_data_contents */ + next_tuple = tl_data.tl_data_contents + sizeof(version); + for (i = 0; i < num_actkvno; i++) { + new_data = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); + if (new_data == NULL) { + krb5_free_actkvno_list(context, head_data); + return (ENOMEM); + } + krb5_kdb_decode_int16(act_kvno(next_tuple), new_data->act_kvno); + krb5_kdb_decode_int32(act_time(next_tuple), new_data->act_time); + /* XXX WAF: may be able to deal with list pointers in a better + * way, see add_mkey() */ + new_data->next = NULL; + if (prev_data != NULL) + prev_data->next = new_data; + else + head_data = new_data; + prev_data = new_data; + next_tuple += ACTKVNO_TUPLE_SIZE; + } + } else { + krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, + "Illegal version number for KRB5_TL_ACTKVNO %d\n", + version); + return (KRB5_KDB_BAD_VERSION); + } } *actkvno_list = head_data; return (0); } +/* + * Add KRB5_TL_ACTKVNO TL data entries to krb5_db_entry *entry + */ krb5_error_code krb5_dbe_update_actkvno(krb5_context context, - krb5_db_entry *entry, - const krb5_actkvno_node *actkvno_list) + krb5_db_entry *entry, + const krb5_actkvno_node *actkvno_list) { krb5_error_code retval = 0; krb5_int16 version; @@ -2526,36 +2563,34 @@ krb5_dbe_update_actkvno(krb5_context context, krb5_octet *nextloc; const krb5_actkvno_node *cur_actkvno; - /* XXX WAF: should kvno be verified that it exists for the princ entry? */ - /* No, this should be handed by functions higher in the stack verifying the user data */ - if (actkvno_list == NULL) { - return (EINVAL); + return (EINVAL); } /* allocate initial KRB5_TL_ACTKVNO tl_data entry */ new_tl_data.tl_data_length = sizeof(version); new_tl_data.tl_data_contents = (krb5_octet *) malloc(new_tl_data.tl_data_length); - if (new_tl_data.tl_data_contents == NULL) { - return (ENOMEM); - } + if (new_tl_data.tl_data_contents == NULL) + return (ENOMEM); + + /* add the current version # for the data format used for KRB5_TL_ACTKVNO */ krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_ACTKVNO_VER_1, (unsigned char *)new_tl_data.tl_data_contents); for (cur_actkvno = actkvno_list; cur_actkvno != NULL; cur_actkvno = cur_actkvno->next) { - new_tl_data.tl_data_length += ACTKVNO_TUPLE_SIZE; - new_tl_data.tl_data_contents = (krb5_octet *) realloc(new_tl_data.tl_data_contents, new_tl_data.tl_data_length); - if (new_tl_data.tl_data_contents == NULL) { - return (ENOMEM); - } + new_tl_data.tl_data_length += ACTKVNO_TUPLE_SIZE; + new_tl_data.tl_data_contents = (krb5_octet *) realloc(new_tl_data.tl_data_contents, + new_tl_data.tl_data_length); + if (new_tl_data.tl_data_contents == NULL) + return (ENOMEM); - /* - * using realloc so tl_data_contents is required to correctly calculate - * next location to store new tuple. - */ - nextloc = new_tl_data.tl_data_contents + new_tl_data.tl_data_length - ACTKVNO_TUPLE_SIZE; - krb5_kdb_encode_int16((krb5_ui_2)cur_actkvno->act_kvno, (unsigned char *)nextloc); - nextloc += sizeof(krb5_ui_2); - krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, (unsigned char *)nextloc); + /* + * Using realloc so tl_data_contents is required to correctly calculate + * next location to store new tuple. + */ + nextloc = new_tl_data.tl_data_contents + new_tl_data.tl_data_length - ACTKVNO_TUPLE_SIZE; + krb5_kdb_encode_int16((krb5_ui_2)cur_actkvno->act_kvno, (unsigned char *)nextloc); + nextloc += sizeof(krb5_ui_2); + krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, (unsigned char *)nextloc); } new_tl_data.tl_data_type = KRB5_TL_ACTKVNO; diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 161f6ea..32f13dd 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -487,14 +487,14 @@ krb5_def_fetch_mkey_list(krb5_context context, krb5_principal mprinc, const krb5_keyblock *mkey, krb5_kvno mkvno, - krb5_keyblock_node **mkeys_list) + krb5_keylist_node **mkeys_list) { krb5_error_code retval; krb5_db_entry master_entry; int nprinc; krb5_boolean more, found_key = FALSE; krb5_keyblock tmp_mkey, tmp_clearkey; - krb5_keyblock_node *mkey_list_head, **mkey_list_node; + krb5_keylist_node *mkey_list_head, **mkey_list_node; krb5_key_data *key_data; krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry; int i; @@ -572,24 +572,24 @@ krb5_def_fetch_mkey_list(krb5_context context, * create a mkey list for the mkeys field in kdc_realm_t. */ - mkey_list_head = (krb5_keyblock_node *) malloc(sizeof(krb5_keyblock_node)); + mkey_list_head = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node)); if (mkey_list_head == NULL) { retval = ENOMEM; goto clean_n_exit; } - memset(mkey_list_head, 0, sizeof(krb5_keyblock_node)); + memset(mkey_list_head, 0, sizeof(krb5_keylist_node)); mkey_list_node = &mkey_list_head; for (i=0; i < master_entry.n_key_data; i++) { if (*mkey_list_node == NULL) { /* *mkey_list_node points to next field of previous node */ - *mkey_list_node = (krb5_keyblock_node *) malloc(sizeof(krb5_keyblock_node)); + *mkey_list_node = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node)); if (*mkey_list_node == NULL) { retval = ENOMEM; goto clean_n_exit; } - memset(*mkey_list_node, 0, sizeof(krb5_keyblock_node)); + memset(*mkey_list_node, 0, sizeof(krb5_keylist_node)); } key_data = &master_entry.key_data[i]; retval = krb5_dbekd_decrypt_key_data(context, mkey, @@ -617,7 +617,7 @@ clean_n_exit: krb5_db_free_principal(context, &master_entry, nprinc); if (retval != 0) { - krb5_keyblock_node *cur_node, *next_node; + krb5_keylist_node *cur_node, *next_node; for (cur_node = mkey_list_head; cur_node != NULL; cur_node = next_node) { next_node = cur_node->next; @@ -645,14 +645,14 @@ krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, } krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, - krb5_keyblock_node *keylist ) + krb5_keylist_node *keylist ) { /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext, - krb5_keyblock_node **keylist ) + krb5_keylist_node **keylist ) { /* printf("default get master key\n"); */ return 0; diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index 413a2e8..7b241a1 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -123,7 +123,7 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) krb5_keytab_entry * entry; { krb5_context context; - krb5_keyblock_node * master_keylist; + krb5_keylist_node * master_keylist; krb5_keyblock * master_key; krb5_error_code kerror = 0; krb5_key_data * key_data; diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index b83797d..bf28a1c 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -6,7 +6,6 @@ krb5_db_free krb5_db_create krb5_db_delete_principal krb5_db_destroy -krb5_db_fetch_latest_mkey krb5_db_fetch_mkey krb5_db_fetch_mkey_list krb5_db_free_mkey_list @@ -14,6 +13,7 @@ krb5_db_fini krb5_db_free_principal krb5_db_get_age krb5_db_get_mkey +krb5_db_get_mkey_list krb5_db_get_context krb5_db_get_principal krb5_db_get_principal_ext @@ -23,6 +23,7 @@ krb5_db_lock krb5_db_put_principal krb5_db_set_context krb5_db_set_mkey +krb5_db_set_mkey_list krb5_db_setup_mkey_name krb5_db_unlock krb5_db_store_master_key @@ -32,6 +33,7 @@ krb5_dbe_ark krb5_dbe_cpw krb5_dbe_create_key_data krb5_dbe_crk +krb5_dbe_find_act_mkey krb5_dbe_fetch_act_mkey_list krb5_dbe_find_enctype krb5_dbe_find_mkey diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index ad560c0..30c198d 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -221,6 +221,7 @@ krb5_free_etype_info krb5_free_host_realm krb5_free_kdc_rep krb5_free_kdc_req +krb5_free_key_data_contents krb5_free_keyblock krb5_free_keyblock_contents krb5_free_keytab_entry_contents |