diff options
Diffstat (limited to 'src/lib/kadm5/srv')
-rw-r--r-- | src/lib/kadm5/srv/server_init.c | 6 | ||||
-rw-r--r-- | src/lib/kadm5/srv/server_misc.c | 3 | ||||
-rw-r--r-- | src/lib/kadm5/srv/svr_policy.c | 8 | ||||
-rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 34 |
4 files changed, 33 insertions, 18 deletions
diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index dd1fe66..106d318 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -259,7 +259,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ret; } - ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW); + ret = krb5_db_open(handle->context, db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); if (ret) { krb5_free_context(handle->context); free_db_args(handle); @@ -406,7 +407,8 @@ kadm5_ret_t kadm5_flush(void *server_handle) CHECK_HANDLE(server_handle); if ((ret = krb5_db_fini(handle->context)) || - (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) || + (ret = krb5_db_open(handle->context, handle->db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || (ret = adb_policy_close(handle)) || (ret = adb_policy_init(handle))) { (void) kadm5_destroy(server_handle); diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index f7bfd58..fa4e62e 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -25,7 +25,8 @@ adb_policy_init(kadm5_server_handle_t handle) if( krb5_db_inited( handle->context ) ) return KADM5_OK; - return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW ); + return krb5_db_open( handle->context, NULL, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN ); } kadm5_ret_t diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 31333b7..d57d2f1 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -47,7 +47,7 @@ kadm5_create_policy(void *server_handle, { CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; @@ -157,7 +157,7 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if(name == (kadm5_policy_t) NULL) return EINVAL; @@ -185,7 +185,7 @@ kadm5_modify_policy(void *server_handle, { CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; @@ -266,7 +266,7 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * In version 1, entry is a pointer to a kadm5_policy_ent_t that diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 18ab480..36ca2a1 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -199,7 +199,7 @@ kadm5_create_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * Argument sanity checking, and opening up the DB @@ -380,6 +380,9 @@ kadm5_create_principal_3(void *server_handle, } } + /* In all cases key and the principal data is set, let the database provider know */ + kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ; + /* store the new db entry */ ret = kdb_put_entry(handle, &kdb, &adb); @@ -421,7 +424,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (principal == NULL) return EINVAL; @@ -469,7 +472,7 @@ kadm5_modify_principal(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || @@ -628,6 +631,9 @@ kadm5_modify_principal(void *server_handle, } } + /* let the mask propagate to the database provider */ + kdb.mask = mask; + ret = kdb_put_entry(handle, &kdb, &adb); if (ret) goto done; @@ -656,7 +662,7 @@ kadm5_rename_principal(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (source == NULL || target == NULL) return EINVAL; @@ -711,7 +717,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * In version 1, all the defined fields are always returned. @@ -1289,7 +1295,7 @@ kadm5_chpass_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); hist_added = 0; memset(&hist, 0, sizeof(hist)); @@ -1433,6 +1439,9 @@ kadm5_chpass_principal_3(void *server_handle, if (ret) goto done; + /* key data and attributes changed, let the database provider know */ + kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1478,13 +1487,13 @@ kadm5_randkey_principal_3(void *server_handle, int ret, last_pwd, have_pol = 0; kadm5_server_handle_t handle = server_handle; - krb5_db_clr_error(); - if (keyblocks) *keyblocks = NULL; CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if (principal == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1580,6 +1589,9 @@ kadm5_randkey_principal_3(void *server_handle, } } + /* key data changed, let the database provider know */ + kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1616,12 +1628,12 @@ kadm5_setv4key_principal(void *server_handle, kadm5_server_handle_t handle = server_handle; krb5_key_data tmp_key_data; - krb5_db_clr_error(); - memset( &tmp_key_data, 0, sizeof(tmp_key_data)); CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if (principal == NULL || keyblock == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1797,7 +1809,7 @@ kadm5_setkey_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (principal == NULL || keyblocks == NULL) return EINVAL; |