From 8e78a7eeb7266329891971090d2666f5c6a13ad0 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 6 Jul 2010 21:53:23 +0000 Subject: Remove count parameters from get_principal, put_principal, free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/srv/libkadm5srv_mit.exports | 1 - src/lib/kadm5/srv/server_kdb.c | 53 ++-- src/lib/kadm5/srv/svr_policy.c | 25 +- src/lib/kadm5/srv/svr_principal.c | 457 ++++++++++++++---------------- 4 files changed, 244 insertions(+), 292 deletions(-) (limited to 'src/lib/kadm5/srv') diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports index fa8d69c..6da95bd 100644 --- a/src/lib/kadm5/srv/libkadm5srv_mit.exports +++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports @@ -55,7 +55,6 @@ kadm5_setv4key_principal kadm5_unlock kdb_delete_entry kdb_free_entry -kdb_get_entry kdb_init_hist kdb_init_master kdb_iter_entry diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index d986b62..cb60971 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -175,7 +175,7 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock, krb5_kvno *hist_kvno) { krb5_error_code ret; - krb5_db_entry kdb; + krb5_db_entry *kdb; krb5_keyblock *mkey; /* Fetch the history principal, creating it if necessary. */ @@ -189,27 +189,26 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock, if (ret) return ret; - if (kdb.n_key_data <= 0) { + if (kdb->n_key_data <= 0) { ret = KRB5_KDB_NO_MATCHING_KEY; krb5_set_error_message(handle->context, ret, "History entry contains no key data"); goto done; } - ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb, - &mkey); + ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb, &mkey); if (ret) goto done; - ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb.key_data[0], + ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb->key_data[0], hist_keyblock, NULL); if (ret) goto done; - *hist_kvno = kdb.key_data[0].key_data_kvno; + *hist_kvno = kdb->key_data[0].key_data_kvno; done: - kdb_free_entry(handle, &kdb, NULL); + kdb_free_entry(handle, kdb, NULL); return ret; } @@ -223,7 +222,7 @@ done: * * handle (r) the server_handle * principal (r) the principal to get - * kdb (w) krb5_db_entry to fill in + * kdb (w) krb5_db_entry to create * adb (w) osa_princ_ent_rec to fill in * * when the caller is done with kdb and adb, kdb_free_entry must be @@ -233,27 +232,21 @@ done: */ krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, - krb5_principal principal, krb5_db_entry *kdb, + krb5_principal principal, krb5_db_entry **kdb_ptr, osa_princ_ent_rec *adb) { krb5_error_code ret; - int nprincs; - krb5_boolean more; krb5_tl_data tl_data; XDR xdrs; + krb5_db_entry *kdb; - ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, - &more); - if (ret) - return(ret); + *kdb_ptr = NULL; - if (more) { - krb5_db_free_principal(handle->context, kdb, nprincs); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } else if (nprincs != 1) { - krb5_db_free_principal(handle->context, kdb, nprincs); + ret = krb5_db_get_principal(handle->context, principal, 0, &kdb); + if (ret == KRB5_KDB_NOENTRY) return(KADM5_UNK_PRINC); - } + if (ret) + return(ret); if (adb) { memset(adb, 0, sizeof(*adb)); @@ -274,7 +267,7 @@ kdb_get_entry(kadm5_server_handle_t handle, data will get stored correctly. */ adb->admin_history_kvno = INITIAL_HIST_KVNO; - + *kdb_ptr = kdb; return(ret); } @@ -282,12 +275,13 @@ kdb_get_entry(kadm5_server_handle_t handle, tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); - krb5_db_free_principal(handle->context, kdb, 1); + krb5_db_free_principal(handle->context, kdb); return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); } + *kdb_ptr = kdb; return(0); } @@ -314,7 +308,7 @@ kdb_free_entry(kadm5_server_handle_t handle, if (kdb) - krb5_db_free_principal(handle->context, kdb, 1); + krb5_db_free_principal(handle->context, kdb); if (adb) { xdrmem_create(&xdrs, NULL, 0, XDR_FREE); @@ -351,7 +345,6 @@ kdb_put_entry(kadm5_server_handle_t handle, krb5_int32 now; XDR xdrs; krb5_tl_data tl_data; - int one; ret = krb5_timeofday(handle->context, &now); if (ret) @@ -378,12 +371,10 @@ kdb_put_entry(kadm5_server_handle_t handle, if (ret) return(ret); - one = 1; - /* we are always updating TL data */ kdb->mask |= KADM5_TL_DATA; - ret = krb5_db_put_principal(handle->context, kdb, &one); + ret = krb5_db_put_principal(handle->context, kdb); if (ret) return(ret); @@ -393,11 +384,11 @@ kdb_put_entry(kadm5_server_handle_t handle, krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name) { - int one = 1; krb5_error_code ret; - ret = krb5_db_delete_principal(handle->context, name, &one); - + ret = krb5_db_delete_principal(handle->context, name); + if (ret == KRB5_KDB_NOENTRY) + ret = 0; return ret; } diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 1d3ccbc..65f5db1 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -173,7 +173,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) kadm5_server_handle_t handle = server_handle; osa_policy_ent_t entry; int ret; - int cnt=1; CHECK_HANDLE(server_handle); @@ -183,10 +182,11 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt))) - return ret; - if( cnt != 1 ) + ret = krb5_db_get_policy(handle->context, name, &entry); + if (ret == KRB5_KDB_NOENTRY) return KADM5_UNK_POLICY; + else if (ret) + return ret; if(entry->policy_refcnt != 0) { krb5_db_free_policy(handle->context, entry); @@ -220,7 +220,6 @@ kadm5_modify_policy_internal(void *server_handle, kadm5_server_handle_t handle = server_handle; osa_policy_ent_t p; int ret; - int cnt=1; CHECK_HANDLE(server_handle); @@ -231,10 +230,11 @@ kadm5_modify_policy_internal(void *server_handle, if((mask & KADM5_POLICY)) return KADM5_BAD_MASK; - if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt))) - return ret; - if (cnt != 1) + ret = krb5_db_get_policy(handle->context, entry->policy, &p); + if (ret == KRB5_KDB_NOENTRY) return KADM5_UNK_POLICY; + else if (ret) + return ret; if ((mask & KADM5_PW_MAX_LIFE)) p->pw_max_life = entry->pw_max_life; @@ -289,7 +289,6 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, osa_policy_ent_t t; int ret; kadm5_server_handle_t handle = server_handle; - int cnt=1; CHECK_HANDLE(server_handle); @@ -299,11 +298,11 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt))) - return ret; - - if( cnt != 1 ) + ret = krb5_db_get_policy(handle->context, name, &t); + if (ret == KRB5_KDB_NOENTRY) return KADM5_UNK_POLICY; + else if (ret) + return ret; if ((entry->policy = strdup(t->name)) == NULL) { krb5_db_free_policy(handle->context, t); diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 451e4ff..6b14d3b 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -224,9 +224,10 @@ kadm5_create_principal_3(void *server_handle, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *password) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; kadm5_policy_ent_rec polent; + krb5_boolean have_polent = FALSE; krb5_int32 now; krb5_tl_data *tl_data_orig, *tl_data_tail; unsigned int ret; @@ -264,13 +265,16 @@ kadm5_create_principal_3(void *server_handle, case KADM5_UNK_PRINC: break; case 0: - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return KADM5_DUP; default: return ret; } - memset(&kdb, 0, sizeof(krb5_db_entry)); + kdb = krb5_db_alloc(handle->context, NULL, sizeof(*kdb)); + if (kdb == NULL) + return ENOMEM; + memset(kdb, 0, sizeof(*kdb)); memset(&adb, 0, sizeof(osa_princ_ent_rec)); /* @@ -280,101 +284,84 @@ kadm5_create_principal_3(void *server_handle, if ((mask & KADM5_POLICY)) { if ((ret = kadm5_get_policy(handle->lhandle, entry->policy, &polent)) != KADM5_OK) { - if(ret == EINVAL) - return KADM5_BAD_POLICY; - else - return ret; + if (ret == EINVAL) + ret = KADM5_BAD_POLICY; + if (ret) + goto cleanup; } + have_polent = TRUE; } if (password) { - ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal); - if (ret) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } + ret = passwd_check(handle, password, have_polent, &polent, + entry->principal); + if (ret) + goto cleanup; } /* * Start populating the various DB fields, using the * "defaults" for fields that were not specified by the * mask. */ - if ((ret = krb5_timeofday(handle->context, &now))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } + if ((ret = krb5_timeofday(handle->context, &now))) + goto cleanup; - kdb.magic = KRB5_KDB_MAGIC_NUMBER; - kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */ + kdb->magic = KRB5_KDB_MAGIC_NUMBER; + kdb->len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */ if ((mask & KADM5_ATTRIBUTES)) - kdb.attributes = entry->attributes; + kdb->attributes = entry->attributes; else - kdb.attributes = handle->params.flags; + kdb->attributes = handle->params.flags; if ((mask & KADM5_MAX_LIFE)) - kdb.max_life = entry->max_life; + kdb->max_life = entry->max_life; else - kdb.max_life = handle->params.max_life; + kdb->max_life = handle->params.max_life; if (mask & KADM5_MAX_RLIFE) - kdb.max_renewable_life = entry->max_renewable_life; + kdb->max_renewable_life = entry->max_renewable_life; else - kdb.max_renewable_life = handle->params.max_rlife; + kdb->max_renewable_life = handle->params.max_rlife; if ((mask & KADM5_PRINC_EXPIRE_TIME)) - kdb.expiration = entry->princ_expire_time; + kdb->expiration = entry->princ_expire_time; else - kdb.expiration = handle->params.expiration; + kdb->expiration = handle->params.expiration; - kdb.pw_expiration = 0; - if ((mask & KADM5_POLICY)) { + kdb->pw_expiration = 0; + if (have_polent) { if(polent.pw_max_life) - kdb.pw_expiration = now + polent.pw_max_life; + kdb->pw_expiration = now + polent.pw_max_life; else - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } if ((mask & KADM5_PW_EXPIRATION)) - kdb.pw_expiration = entry->pw_expiration; + kdb->pw_expiration = entry->pw_expiration; - kdb.last_success = 0; - kdb.last_failed = 0; - kdb.fail_auth_count = 0; + kdb->last_success = 0; + kdb->last_failed = 0; + kdb->fail_auth_count = 0; /* this is kind of gross, but in order to free the tl data, I need to free the entire kdb entry, and that will try to free the principal. */ if ((ret = kadm5_copy_principal(handle->context, - entry->principal, &(kdb.princ)))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); - } + entry->principal, &(kdb->princ)))) + goto cleanup; - if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); - } + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now))) + goto cleanup; if (mask & KADM5_TL_DATA) { - /* splice entry->tl_data onto the front of kdb.tl_data */ - tl_data_orig = kdb.tl_data; + /* splice entry->tl_data onto the front of kdb->tl_data */ + tl_data_orig = kdb->tl_data; for (tl_data_tail = entry->tl_data; tl_data_tail; tl_data_tail = tl_data_tail->tl_data_next) { - ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail); + ret = krb5_dbe_update_tl_data(handle->context, kdb, tl_data_tail); if( ret ) - { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } + goto cleanup; } } @@ -382,42 +369,29 @@ kadm5_create_principal_3(void *server_handle, ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, active_mkey_list, &act_kvno, &act_mkey); - if (ret) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return (ret); - } + if (ret) + goto cleanup; if (password) { ret = krb5_dbe_cpw(handle->context, act_mkey, n_ks_tuple?ks_tuple:handle->params.keysalts, n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, password, (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb); + FALSE, kdb); } else { /* Null password means create with random key (new in 1.8). */ ret = krb5_dbe_crk(handle->context, &master_keyblock, n_ks_tuple?ks_tuple:handle->params.keysalts, n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - FALSE, &kdb); - } - if (ret) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + FALSE, kdb); } + if (ret) + goto cleanup; /* Record the master key VNO used to encrypt this entry's keys */ - ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno); + ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno); if (ret) - { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } + goto cleanup; /* populate the admin-server-specific fields. In the OV server, this used to be in a separate database. Since there's already @@ -426,7 +400,7 @@ kadm5_create_principal_3(void *server_handle, single tl_data record, */ adb.admin_history_kvno = INITIAL_HIST_KVNO; - if ((mask & KADM5_POLICY)) { + if (have_polent) { adb.aux_attributes = KADM5_POLICY; /* this does *not* need to be strdup'ed, because adb is xdr */ @@ -437,28 +411,23 @@ kadm5_create_principal_3(void *server_handle, /* increment the policy ref count, if any */ - if ((mask & KADM5_POLICY)) { + if (have_polent) { polent.policy_refcnt++; if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, KADM5_REF_COUNT)) - != KADM5_OK) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); - } + != KADM5_OK) + goto cleanup; } /* In all cases key and the principal data is set, let the database provider know */ - kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ; + kdb->mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ; /* store the new db entry */ - ret = kdb_put_entry(handle, &kdb, &adb); + ret = kdb_put_entry(handle, kdb, &adb); - krb5_db_free_principal(handle->context, &kdb, 1); if (ret) { - if ((mask & KADM5_POLICY)) { + if (have_polent) { /* decrement the policy ref count */ polent.policy_refcnt--; @@ -469,16 +438,13 @@ kadm5_create_principal_3(void *server_handle, (void) kadm5_modify_policy_internal(handle->lhandle, &polent, KADM5_REF_COUNT); } - - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); } - if (mask & KADM5_POLICY) +cleanup: + krb5_db_free_principal(handle->context, kdb); + if (have_polent) (void) kadm5_free_policy_ent(handle->lhandle, &polent); - - return KADM5_OK; + return ret; } @@ -487,7 +453,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) { unsigned int ret; kadm5_policy_ent_rec polent; - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; @@ -510,19 +476,19 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) KADM5_REF_COUNT)) != KADM5_OK) { (void) kadm5_free_policy_ent(handle->lhandle, &polent); - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return(ret); } } if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) { - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } } ret = kdb_delete_entry(handle, principal); - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } @@ -534,7 +500,7 @@ kadm5_modify_principal(void *server_handle, int ret, ret2, i; kadm5_policy_ent_rec npol, opol; int have_npol = 0, have_opol = 0; - krb5_db_entry kdb; + krb5_db_entry *kdb; krb5_tl_data *tl_data_orig; osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; @@ -620,13 +586,13 @@ kadm5_modify_principal(void *server_handle, /* set pw_max_life based on new policy */ if (npol.pw_max_life) { - ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, - &(kdb.pw_expiration)); + ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, + &(kdb->pw_expiration)); if (ret) goto done; - kdb.pw_expiration += npol.pw_max_life; + kdb->pw_expiration += npol.pw_max_life; } else { - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } } @@ -646,7 +612,7 @@ kadm5_modify_principal(void *server_handle, free(adb.policy); adb.policy = NULL; adb.aux_attributes &= ~KADM5_POLICY; - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; opol.policy_refcnt--; break; default: @@ -667,19 +633,19 @@ kadm5_modify_principal(void *server_handle, goto done; if ((mask & KADM5_ATTRIBUTES)) - kdb.attributes = entry->attributes; + kdb->attributes = entry->attributes; if ((mask & KADM5_MAX_LIFE)) - kdb.max_life = entry->max_life; + kdb->max_life = entry->max_life; if ((mask & KADM5_PRINC_EXPIRE_TIME)) - kdb.expiration = entry->princ_expire_time; + kdb->expiration = entry->princ_expire_time; if (mask & KADM5_PW_EXPIRATION) - kdb.pw_expiration = entry->pw_expiration; + kdb->pw_expiration = entry->pw_expiration; if (mask & KADM5_MAX_RLIFE) - kdb.max_renewable_life = entry->max_renewable_life; + kdb->max_renewable_life = entry->max_renewable_life; if((mask & KADM5_KVNO)) { - for (i = 0; i < kdb.n_key_data; i++) - kdb.key_data[i].key_data_kvno = entry->kvno; + for (i = 0; i < kdb->n_key_data; i++) + kdb->key_data[i].key_data_kvno = entry->kvno; } if (mask & KADM5_TL_DATA) { @@ -690,7 +656,7 @@ kadm5_modify_principal(void *server_handle, for (tl = entry->tl_data; tl; tl = tl->tl_data_next) { - ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl); + ret = krb5_dbe_update_tl_data(handle->context, kdb, tl); if( ret ) { goto done; @@ -709,13 +675,13 @@ kadm5_modify_principal(void *server_handle, goto done; } - kdb.fail_auth_count = 0; + kdb->fail_auth_count = 0; } /* let the mask propagate to the database provider */ - kdb.mask = mask; + kdb->mask = mask; - ret = kdb_put_entry(handle, &kdb, &adb); + ret = kdb_put_entry(handle, kdb, &adb); if (ret) goto done; ret = KADM5_OK; @@ -728,7 +694,7 @@ done: ret2 = kadm5_free_policy_ent(handle->lhandle, &npol); ret = ret ? ret : ret2; } - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } @@ -736,7 +702,7 @@ kadm5_ret_t kadm5_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; int ret, i; kadm5_server_handle_t handle = server_handle; @@ -749,7 +715,7 @@ kadm5_rename_principal(void *server_handle, return EINVAL; if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) { - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return(KADM5_DUP); } @@ -758,28 +724,28 @@ kadm5_rename_principal(void *server_handle, /* this is kinda gross, but unavoidable */ - for (i=0; in_key_data; i++) { + if ((kdb->key_data[i].key_data_ver == 1) || + (kdb->key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) { ret = KADM5_NO_RENAME_SALT; goto done; } } - kadm5_free_principal(handle->context, kdb.princ); - ret = kadm5_copy_principal(handle->context, target, &kdb.princ); + kadm5_free_principal(handle->context, kdb->princ); + ret = kadm5_copy_principal(handle->context, target, &kdb->princ); if (ret) { - kdb.princ = NULL; /* so freeing the dbe doesn't lose */ + kdb->princ = NULL; /* so freeing the dbe doesn't lose */ goto done; } - if ((ret = kdb_put_entry(handle, &kdb, &adb))) + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; ret = kdb_delete_entry(handle, source); done: - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } @@ -788,7 +754,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, kadm5_principal_ent_t entry, long in_mask) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; krb5_error_code ret = 0; long mask; @@ -826,29 +792,29 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, entry->aux_attributes = adb.aux_attributes; if ((mask & KADM5_PRINCIPAL) && - (ret = krb5_copy_principal(handle->context, kdb.princ, + (ret = krb5_copy_principal(handle->context, kdb->princ, &entry->principal))) { goto done; } if (mask & KADM5_PRINC_EXPIRE_TIME) - entry->princ_expire_time = kdb.expiration; + entry->princ_expire_time = kdb->expiration; if ((mask & KADM5_LAST_PWD_CHANGE) && - (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, + (ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &(entry->last_pwd_change)))) { goto done; } if (mask & KADM5_PW_EXPIRATION) - entry->pw_expiration = kdb.pw_expiration; + entry->pw_expiration = kdb->pw_expiration; if (mask & KADM5_MAX_LIFE) - entry->max_life = kdb.max_life; + entry->max_life = kdb->max_life; /* this is a little non-sensical because the function returns two */ /* values that must be checked separately against the mask */ if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) { - ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb, + ret = krb5_dbe_lookup_mod_princ_data(handle->context, kdb, &(entry->mod_date), &(entry->mod_name)); if (ret) { @@ -864,34 +830,34 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, } if (mask & KADM5_ATTRIBUTES) - entry->attributes = kdb.attributes; + entry->attributes = kdb->attributes; if (mask & KADM5_KVNO) - for (entry->kvno = 0, i=0; i entry->kvno) - entry->kvno = kdb.key_data[i].key_data_kvno; + for (entry->kvno = 0, i=0; in_key_data; i++) + if (kdb->key_data[i].key_data_kvno > entry->kvno) + entry->kvno = kdb->key_data[i].key_data_kvno; if (mask & KADM5_MKVNO) { - ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist, + ret = krb5_dbe_get_mkvno(handle->context, kdb, master_keylist, &entry->mkvno); if (ret) goto done; } if (mask & KADM5_MAX_RLIFE) - entry->max_renewable_life = kdb.max_renewable_life; + entry->max_renewable_life = kdb->max_renewable_life; if (mask & KADM5_LAST_SUCCESS) - entry->last_success = kdb.last_success; + entry->last_success = kdb->last_success; if (mask & KADM5_LAST_FAILED) - entry->last_failed = kdb.last_failed; + entry->last_failed = kdb->last_failed; if (mask & KADM5_FAIL_AUTH_COUNT) - entry->fail_auth_count = kdb.fail_auth_count; + entry->fail_auth_count = kdb->fail_auth_count; if (mask & KADM5_TL_DATA) { krb5_tl_data *tl, *tl2; entry->tl_data = NULL; - tl = kdb.tl_data; + tl = kdb->tl_data; while (tl) { if (tl->tl_data_type > 255) { if ((tl2 = dup_tl_data(tl)) == NULL) { @@ -907,7 +873,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, } } if (mask & KADM5_KEY_DATA) { - entry->n_key_data = kdb.n_key_data; + entry->n_key_data = kdb->n_key_data; if(entry->n_key_data) { entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data)); if (entry->key_data == NULL) { @@ -919,7 +885,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, for (i = 0; i < entry->n_key_data; i++) ret = krb5_copy_key_data_contents(handle->context, - &kdb.key_data[i], + &kdb->key_data[i], &entry->key_data[i]); if (ret) goto done; @@ -932,7 +898,7 @@ done: krb5_free_principal(handle->context, entry->principal); entry->principal = NULL; } - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } @@ -1338,7 +1304,7 @@ kadm5_chpass_principal_3(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; osa_princ_ent_rec adb; - krb5_db_entry kdb, kdb_save; + krb5_db_entry *kdb, *kdb_save; int ret, ret2, last_pwd, hist_added; int have_pol = 0; kadm5_server_handle_t handle = server_handle; @@ -1365,7 +1331,7 @@ kadm5_chpass_principal_3(void *server_handle, /* we are going to need the current keys after the new keys are set */ if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) { - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return(ret); } @@ -1388,15 +1354,15 @@ kadm5_chpass_principal_3(void *server_handle, n_ks_tuple?ks_tuple:handle->params.keysalts, n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, password, 0 /* increment kvno */, - keepold, &kdb); + keepold, kdb); if (ret) goto done; - ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno); + ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno); if (ret) goto done; - kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; + kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) @@ -1405,8 +1371,7 @@ kadm5_chpass_principal_3(void *server_handle, if ((adb.aux_attributes & KADM5_POLICY)) { /* the policy was loaded before */ - ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd); + ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &last_pwd); if (ret) goto done; @@ -1418,7 +1383,7 @@ kadm5_chpass_principal_3(void *server_handle, * local caller implicitly has all authorization bits. */ if ((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { ret = KADM5_PASS_TOOSOON; goto done; } @@ -1430,13 +1395,13 @@ kadm5_chpass_principal_3(void *server_handle, ret = create_history_entry(handle->context, act_mkey, &hist_keyblock, - kdb_save.n_key_data, - kdb_save.key_data, &hist); + kdb_save->n_key_data, + kdb_save->key_data, &hist); if (ret) goto done; ret = check_pw_reuse(handle->context, act_mkey, &hist_keyblock, - kdb.n_key_data, kdb.key_data, + kdb->n_key_data, kdb->key_data, 1, &hist); if (ret) goto done; @@ -1446,7 +1411,7 @@ kadm5_chpass_principal_3(void *server_handle, * can't check the history. */ if (adb.admin_history_kvno == hist_kvno) { ret = check_pw_reuse(handle->context, act_mkey, &hist_keyblock, - kdb.n_key_data, kdb.key_data, + kdb->n_key_data, kdb->key_data, adb.old_key_len, adb.old_keys); if (ret) goto done; @@ -1460,11 +1425,11 @@ kadm5_chpass_principal_3(void *server_handle, } if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; + kdb->pw_expiration = now + pol.pw_max_life; else - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } #ifdef USE_PASSWORD_SERVER @@ -1496,28 +1461,27 @@ kadm5_chpass_principal_3(void *server_handle, } #endif - ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); + ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now); if (ret) goto done; /* unlock principal on this KDC */ - kdb.fail_auth_count = 0; + kdb->fail_auth_count = 0; /* key data and attributes changed, let the database provider know */ - kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | + kdb->mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | KADM5_FAIL_AUTH_COUNT; /* | KADM5_CPW_FUNCTION */ - if ((ret = kdb_put_entry(handle, &kdb, &adb))) + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; ret = KADM5_OK; done: if (!hist_added && hist.key_data) free_history_entry(handle->context, &hist); - kdb_free_entry(handle, &kdb, &adb); - kdb_free_entry(handle, &kdb_save, NULL); - krb5_db_free_principal(handle->context, &kdb, 1); + kdb_free_entry(handle, kdb, &adb); + kdb_free_entry(handle, kdb_save, NULL); krb5_free_keyblock_contents(handle->context, &hist_keyblock); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) @@ -1546,7 +1510,7 @@ kadm5_randkey_principal_3(void *server_handle, krb5_keyblock **keyblocks, int *n_keys) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; @@ -1584,11 +1548,11 @@ kadm5_randkey_principal_3(void *server_handle, n_ks_tuple?ks_tuple:handle->params.keysalts, n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, keepold, - &kdb); + kdb); if (ret) goto done; - kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; + kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) @@ -1600,8 +1564,7 @@ kadm5_randkey_principal_3(void *server_handle, goto done; have_pol = 1; - ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd); + ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &last_pwd); if (ret) goto done; @@ -1613,45 +1576,45 @@ kadm5_randkey_principal_3(void *server_handle, * local caller implicitly has all authorization bits. */ if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { ret = KADM5_PASS_TOOSOON; goto done; } #endif if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; + kdb->pw_expiration = now + pol.pw_max_life; else - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } - ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); + ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now); if (ret) goto done; /* unlock principal on this KDC */ - kdb.fail_auth_count = 0; + kdb->fail_auth_count = 0; if (keyblocks) { ret = decrypt_key_data(handle->context, act_mkey, - kdb.n_key_data, kdb.key_data, + kdb->n_key_data, kdb->key_data, keyblocks, n_keys); if (ret) goto done; } /* key data changed, let the database provider know */ - kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; + kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; /* | KADM5_RANDKEY_USED */; - if ((ret = kdb_put_entry(handle, &kdb, &adb))) + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; ret = KADM5_OK; done: - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); @@ -1670,7 +1633,7 @@ kadm5_setv4key_principal(void *server_handle, krb5_principal principal, krb5_keyblock *keyblock) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; @@ -1702,18 +1665,18 @@ kadm5_setv4key_principal(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - for (kvno = 0, i=0; i kvno) - kvno = kdb.key_data[i].key_data_kvno; + for (kvno = 0, i=0; in_key_data; i++) + if (kdb->key_data[i].key_data_kvno > kvno) + kvno = kdb->key_data[i].key_data_kvno; - if (kdb.key_data != NULL) - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + if (kdb->key_data != NULL) + cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data); - kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data)); - if (kdb.key_data == NULL) + kdb->key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data)); + if (kdb->key_data == NULL) return ENOMEM; - memset(kdb.key_data, 0, sizeof(krb5_key_data)); - kdb.n_key_data = 1; + memset(kdb->key_data, 0, sizeof(krb5_key_data)); + kdb->n_key_data = 1; keysalt.type = KRB5_KDB_SALTTYPE_V4; /* XXX data.magic? */ keysalt.data.length = 0; @@ -1732,18 +1695,18 @@ kadm5_setv4key_principal(void *server_handle, } for (k = 0; k < tmp_key_data.key_data_ver; k++) { - kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; - kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; + kdb->key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; + kdb->key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; if (tmp_key_data.key_data_contents[k]) { - kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); - if (kdb.key_data->key_data_contents[k] == NULL) { - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - kdb.key_data = NULL; - kdb.n_key_data = 0; + kdb->key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if (kdb->key_data->key_data_contents[k] == NULL) { + cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data); + kdb->key_data = NULL; + kdb->n_key_data = 0; ret = ENOMEM; goto done; } - memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + memcpy (kdb->key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); free (tmp_key_data.key_data_contents[k]); @@ -1753,7 +1716,7 @@ kadm5_setv4key_principal(void *server_handle, - kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; + kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) @@ -1773,31 +1736,31 @@ kadm5_setv4key_principal(void *server_handle, * local caller implicitly has all authorization bits. */ if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) + kdb, &last_pwd)) goto done; if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { ret = KADM5_PASS_TOOSOON; goto done; } #endif if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; + kdb->pw_expiration = now + pol.pw_max_life; else - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } - ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); + ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now); if (ret) goto done; /* unlock principal on this KDC */ - kdb.fail_auth_count = 0; + kdb->fail_auth_count = 0; - if ((ret = kdb_put_entry(handle, &kdb, &adb))) + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; ret = KADM5_OK; @@ -1809,7 +1772,7 @@ done: } } - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); @@ -1836,7 +1799,7 @@ kadm5_setkey_principal_3(void *server_handle, krb5_keyblock *keyblocks, int n_keys) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; @@ -1887,29 +1850,29 @@ kadm5_setkey_principal_3(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - for (kvno = 0, i=0; i kvno) - kvno = kdb.key_data[i].key_data_kvno; + for (kvno = 0, i=0; in_key_data; i++) + if (kdb->key_data[i].key_data_kvno > kvno) + kvno = kdb->key_data[i].key_data_kvno; if (keepold) { - old_key_data = kdb.key_data; - n_old_keys = kdb.n_key_data; + old_key_data = kdb->key_data; + n_old_keys = kdb->n_key_data; } else { - if (kdb.key_data != NULL) - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + if (kdb->key_data != NULL) + cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data); n_old_keys = 0; old_key_data = NULL; } - kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys) - *sizeof(krb5_key_data)); - if (kdb.key_data == NULL) { + kdb->key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys) + *sizeof(krb5_key_data)); + if (kdb->key_data == NULL) { ret = ENOMEM; goto done; } - memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data)); - kdb.n_key_data = 0; + memset(kdb->key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data)); + kdb->n_key_data = 0; for (i = 0; i < n_keys; i++) { if (n_ks_tuple) { @@ -1935,7 +1898,7 @@ kadm5_setkey_principal_3(void *server_handle, if (ret) goto done; - tptr = &kdb.key_data[i]; + tptr = &kdb->key_data[i]; tptr->key_data_ver = tmp_key_data.key_data_ver; tptr->key_data_kvno = tmp_key_data.key_data_kvno; for (k = 0; k < tmp_key_data.key_data_ver; k++) { @@ -1962,21 +1925,21 @@ kadm5_setkey_principal_3(void *server_handle, tmp_key_data.key_data_contents[k] = NULL; } } - kdb.n_key_data++; + kdb->n_key_data++; } /* copy old key data if necessary */ for (i = 0; i < n_old_keys; i++) { - kdb.key_data[i+n_keys] = old_key_data[i]; + kdb->key_data[i+n_keys] = old_key_data[i]; memset(&old_key_data[i], 0, sizeof (krb5_key_data)); - kdb.n_key_data++; + kdb->n_key_data++; } if (old_key_data) krb5_db_free(handle->context, old_key_data); - /* assert(kdb.n_key_data == n_keys + n_old_keys) */ - kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; + /* assert(kdb->n_key_data == n_keys + n_old_keys) */ + kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; if ((ret = krb5_timeofday(handle->context, &now))) goto done; @@ -1995,35 +1958,35 @@ kadm5_setkey_principal_3(void *server_handle, * local caller implicitly has all authorization bits. */ if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) + kdb, &last_pwd)) goto done; if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { ret = KADM5_PASS_TOOSOON; goto done; } #endif if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; + kdb->pw_expiration = now + pol.pw_max_life; else - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb->pw_expiration = 0; } - if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now))) goto done; /* unlock principal on this KDC */ - kdb.fail_auth_count = 0; + kdb->fail_auth_count = 0; - if ((ret = kdb_put_entry(handle, &kdb, &adb))) + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; ret = KADM5_OK; done: - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); @@ -2040,7 +2003,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, krb5_keyblock **keyblocks /* OUT */, int *n_keys /* OUT */) { - krb5_db_entry kdb; + krb5_db_entry *kdb; osa_princ_ent_rec adb; kadm5_ret_t ret; kadm5_server_handle_t handle = server_handle; @@ -2058,7 +2021,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, return(ret); if (keyblocks) { - if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb, + if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb, &mkey_ptr))) { krb5_keylist_node *tmp_mkey_list; /* try refreshing master key list */ @@ -2069,7 +2032,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, krb5_dbe_free_key_list(handle->context, master_keylist); master_keylist = tmp_mkey_list; if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, - &kdb, &mkey_ptr))) { + kdb, &mkey_ptr))) { goto done; } } else { @@ -2078,7 +2041,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, } ret = decrypt_key_data(handle->context, mkey_ptr, - kdb.n_key_data, kdb.key_data, + kdb->n_key_data, kdb->key_data, keyblocks, n_keys); if (ret) goto done; @@ -2086,7 +2049,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, ret = KADM5_OK; done: - kdb_free_entry(handle, &kdb, &adb); + kdb_free_entry(handle, kdb, &adb); return ret; } -- cgit v1.1