diff options
Diffstat (limited to 'src/lib/kdb')
| -rw-r--r-- | src/lib/kdb/decrypt_key.c | 125 | ||||
| -rw-r--r-- | src/lib/kdb/encrypt_key.c | 85 | ||||
| -rw-r--r-- | src/lib/kdb/iprop_xdr.c | 447 | ||||
| -rw-r--r-- | src/lib/kdb/kdb5.c | 997 | ||||
| -rw-r--r-- | src/lib/kdb/kdb5.h | 1 | ||||
| -rw-r--r-- | src/lib/kdb/kdb5int.h | 11 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_convert.c | 1503 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 775 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_default.c | 291 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_log.c | 975 | ||||
| -rw-r--r-- | src/lib/kdb/keytab.c | 158 |
11 files changed, 2688 insertions, 2680 deletions
diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index a564c37b01..8006cf3fa1 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/decrypt_key.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -63,76 +64,76 @@ */ krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { - krb5_error_code retval = 0; - krb5_int16 tmplen; - krb5_octet * ptr; - krb5_enc_data cipher; - krb5_data plain; + krb5_error_code retval = 0; + krb5_int16 tmplen; + krb5_octet * ptr; + krb5_enc_data cipher; + krb5_data plain; ptr = key_data->key_data_contents[0]; if (ptr) { - krb5_kdb_decode_int16(ptr, tmplen); - ptr += 2; + krb5_kdb_decode_int16(ptr, tmplen); + ptr += 2; - cipher.enctype = ENCTYPE_UNKNOWN; - cipher.ciphertext.length = key_data->key_data_length[0]-2; - cipher.ciphertext.data = ptr; - plain.length = key_data->key_data_length[0]-2; - if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL) - return(ENOMEM); + cipher.enctype = ENCTYPE_UNKNOWN; + cipher.ciphertext.length = key_data->key_data_length[0]-2; + cipher.ciphertext.data = ptr; + plain.length = key_data->key_data_length[0]-2; + if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL) + return(ENOMEM); - if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0, - &cipher, &plain))) { - free(plain.data); - return retval; - } + if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0, + &cipher, &plain))) { + free(plain.data); + return retval; + } - /* tmplen is the true length of the key. plain.data is the - plaintext data length, but it may be padded, since the - old-style etypes didn't store the real length. I can check - to make sure that there are enough bytes, but I can't do - any better than that. */ + /* tmplen is the true length of the key. plain.data is the + plaintext data length, but it may be padded, since the + old-style etypes didn't store the real length. I can check + to make sure that there are enough bytes, but I can't do + any better than that. */ - if (tmplen > plain.length) { - free(plain.data); - return(KRB5_CRYPTO_INTERNAL); - } + if (tmplen > plain.length) { + free(plain.data); + return(KRB5_CRYPTO_INTERNAL); + } - dbkey->magic = KV5M_KEYBLOCK; - dbkey->enctype = key_data->key_data_type[0]; - dbkey->length = tmplen; - dbkey->contents = plain.data; + dbkey->magic = KV5M_KEYBLOCK; + dbkey->enctype = key_data->key_data_type[0]; + dbkey->length = tmplen; + dbkey->contents = plain.data; } /* Decode salt data */ if (keysalt) { - if (key_data->key_data_ver == 2) { - keysalt->type = key_data->key_data_type[1]; - if ((keysalt->data.length = key_data->key_data_length[1])) { - if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){ - if (key_data->key_data_contents[0]) { - free(dbkey->contents); - dbkey->contents = 0; - dbkey->length = 0; - } - return ENOMEM; - } - memcpy(keysalt->data.data, key_data->key_data_contents[1], - (size_t) keysalt->data.length); - } else - keysalt->data.data = (char *) NULL; - } else { - keysalt->type = KRB5_KDB_SALTTYPE_NORMAL; - keysalt->data.data = (char *) NULL; - keysalt->data.length = 0; - } + if (key_data->key_data_ver == 2) { + keysalt->type = key_data->key_data_type[1]; + if ((keysalt->data.length = key_data->key_data_length[1])) { + if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){ + if (key_data->key_data_contents[0]) { + free(dbkey->contents); + dbkey->contents = 0; + dbkey->length = 0; + } + return ENOMEM; + } + memcpy(keysalt->data.data, key_data->key_data_contents[1], + (size_t) keysalt->data.length); + } else + keysalt->data.data = (char *) NULL; + } else { + keysalt->type = KRB5_KDB_SALTTYPE_NORMAL; + keysalt->data.data = (char *) NULL; + keysalt->data.length = 0; + } } return retval; diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 0db1a029a4..bbf520bf8b 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/encrypt_key.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -63,37 +64,37 @@ */ krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { - krb5_error_code retval; - krb5_octet * ptr; - size_t len; - int i; - krb5_data plain; - krb5_enc_data cipher; + krb5_error_code retval; + krb5_octet * ptr; + size_t len; + int i; + krb5_data plain; + krb5_enc_data cipher; for (i = 0; i < key_data->key_data_ver; i++) - if (key_data->key_data_contents[i]) - free(key_data->key_data_contents[i]); + if (key_data->key_data_contents[i]) + free(key_data->key_data_contents[i]); key_data->key_data_ver = 1; key_data->key_data_kvno = keyver; - /* - * The First element of the type/length/contents + /* + * The First element of the type/length/contents * fields is the key type/length/contents */ if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length, - &len))) - return(retval); + &len))) + return(retval); if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL) - return(ENOMEM); + return(ENOMEM); key_data->key_data_type[0] = dbkey->enctype; key_data->key_data_length[0] = 2 + len; @@ -109,27 +110,27 @@ krb5_dbekd_def_encrypt_key_data( krb5_context context, cipher.ciphertext.data = ptr; if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0, - &plain, &cipher))) { - free(key_data->key_data_contents[0]); - return retval; + &plain, &cipher))) { + free(key_data->key_data_contents[0]); + return retval; } /* After key comes the salt in necessary */ if (keysalt) { - if (keysalt->type > 0) { - key_data->key_data_ver++; - key_data->key_data_type[1] = keysalt->type; - if ((key_data->key_data_length[1] = keysalt->data.length) != 0) { - key_data->key_data_contents[1] = - (krb5_octet *)malloc(keysalt->data.length); - if (key_data->key_data_contents[1] == NULL) { - free(key_data->key_data_contents[0]); - return ENOMEM; - } - memcpy(key_data->key_data_contents[1], keysalt->data.data, - (size_t) keysalt->data.length); - } - } + if (keysalt->type > 0) { + key_data->key_data_ver++; + key_data->key_data_type[1] = keysalt->type; + if ((key_data->key_data_length[1] = keysalt->data.length) != 0) { + key_data->key_data_contents[1] = + (krb5_octet *)malloc(keysalt->data.length); + if (key_data->key_data_contents[1] == NULL) { + free(key_data->key_data_contents[0]); + return ENOMEM; + } + memcpy(key_data->key_data_contents[1], keysalt->data.data, + (size_t) keysalt->data.length); + } + } } return retval; diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c index a8b7685ffe..093c056760 100644 --- a/src/lib/kdb/iprop_xdr.c +++ b/src/lib/kdb/iprop_xdr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Please do not edit this file. * It was generated using rpcgen. @@ -9,343 +10,343 @@ bool_t xdr_int16_t (XDR *xdrs, int16_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_short (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_short (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_uint16_t (XDR *xdrs, uint16_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_u_short (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_u_short (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_int32_t (XDR *xdrs, int32_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_int (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_uint32_t (XDR *xdrs, uint32_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_u_int (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_u_int (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_utf8str_t (XDR *xdrs, utf8str_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0)) - return FALSE; - return TRUE; + if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdb_sno_t (XDR *xdrs, kdb_sno_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_uint32_t (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_uint32_t (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_time_t (XDR *xdrs, kdbe_time_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_uint32_t (xdrs, &objp->seconds)) - return FALSE; - if (!xdr_uint32_t (xdrs, &objp->useconds)) - return FALSE; - return TRUE; + if (!xdr_uint32_t (xdrs, &objp->seconds)) + return FALSE; + if (!xdr_uint32_t (xdrs, &objp->useconds)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_key_t (XDR *xdrs, kdbe_key_t *objp) { - register int32_t *buf; - - if (!xdr_int32_t (xdrs, &objp->k_ver)) - return FALSE; - if (!xdr_int32_t (xdrs, &objp->k_kvno)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0, - sizeof (int32_t), (xdrproc_t) xdr_int32_t)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0, - sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_int32_t (xdrs, &objp->k_ver)) + return FALSE; + if (!xdr_int32_t (xdrs, &objp->k_kvno)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0, + sizeof (int32_t), (xdrproc_t) xdr_int32_t)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0, + sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_data_t (XDR *xdrs, kdbe_data_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int32_t (xdrs, &objp->k_magic)) - return FALSE; - if (!xdr_utf8str_t (xdrs, &objp->k_data)) - return FALSE; - return TRUE; + if (!xdr_int32_t (xdrs, &objp->k_magic)) + return FALSE; + if (!xdr_utf8str_t (xdrs, &objp->k_data)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_princ_t (XDR *xdrs, kdbe_princ_t *objp) { - register int32_t *buf; - - if (!xdr_utf8str_t (xdrs, &objp->k_realm)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0, - sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t)) - return FALSE; - if (!xdr_int32_t (xdrs, &objp->k_nametype)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_utf8str_t (xdrs, &objp->k_realm)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0, + sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t)) + return FALSE; + if (!xdr_int32_t (xdrs, &objp->k_nametype)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_tl_t (XDR *xdrs, kdbe_tl_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int16_t (xdrs, &objp->tl_type)) - return FALSE; - if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0)) - return FALSE; - return TRUE; + if (!xdr_int16_t (xdrs, &objp->tl_type)) + return FALSE; + if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_pw_hist_t (XDR *xdrs, kdbe_pw_hist_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0, - sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0, + sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_attr_type_t (XDR *xdrs, kdbe_attr_type_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_enum (xdrs, (enum_t *) objp)) - return FALSE; - return TRUE; + if (!xdr_enum (xdrs, (enum_t *) objp)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_val_t (XDR *xdrs, kdbe_val_t *objp) { - register int32_t *buf; - - if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type)) - return FALSE; - switch (objp->av_type) { - case AT_ATTRFLAGS: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags)) - return FALSE; - break; - case AT_MAX_LIFE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life)) - return FALSE; - break; - case AT_MAX_RENEW_LIFE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life)) - return FALSE; - break; - case AT_EXP: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp)) - return FALSE; - break; - case AT_PW_EXP: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp)) - return FALSE; - break; - case AT_LAST_SUCCESS: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success)) - return FALSE; - break; - case AT_LAST_FAILED: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed)) - return FALSE; - break; - case AT_FAIL_AUTH_COUNT: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count)) - return FALSE; - break; - case AT_PRINC: - if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ)) - return FALSE; - break; - case AT_KEYDATA: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0, - sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) - return FALSE; - break; - case AT_TL_DATA: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0, - sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t)) - return FALSE; - break; - case AT_LEN: - if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len)) - return FALSE; - break; - case AT_PW_LAST_CHANGE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change)) - return FALSE; - break; - case AT_MOD_PRINC: - if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ)) - return FALSE; - break; - case AT_MOD_TIME: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time)) - return FALSE; - break; - case AT_MOD_WHERE: - if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where)) - return FALSE; - break; - case AT_PW_POLICY: - if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy)) - return FALSE; - break; - case AT_PW_POLICY_SWITCH: - if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch)) - return FALSE; - break; - case AT_PW_HIST_KVNO: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno)) - return FALSE; - break; - case AT_PW_HIST: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0, - sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t)) - return FALSE; - break; - default: - if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0)) - return FALSE; - break; - } - return TRUE; + register int32_t *buf; + + if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type)) + return FALSE; + switch (objp->av_type) { + case AT_ATTRFLAGS: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags)) + return FALSE; + break; + case AT_MAX_LIFE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life)) + return FALSE; + break; + case AT_MAX_RENEW_LIFE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life)) + return FALSE; + break; + case AT_EXP: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp)) + return FALSE; + break; + case AT_PW_EXP: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp)) + return FALSE; + break; + case AT_LAST_SUCCESS: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success)) + return FALSE; + break; + case AT_LAST_FAILED: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed)) + return FALSE; + break; + case AT_FAIL_AUTH_COUNT: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count)) + return FALSE; + break; + case AT_PRINC: + if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ)) + return FALSE; + break; + case AT_KEYDATA: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0, + sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) + return FALSE; + break; + case AT_TL_DATA: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0, + sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t)) + return FALSE; + break; + case AT_LEN: + if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len)) + return FALSE; + break; + case AT_PW_LAST_CHANGE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change)) + return FALSE; + break; + case AT_MOD_PRINC: + if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ)) + return FALSE; + break; + case AT_MOD_TIME: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time)) + return FALSE; + break; + case AT_MOD_WHERE: + if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where)) + return FALSE; + break; + case AT_PW_POLICY: + if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy)) + return FALSE; + break; + case AT_PW_POLICY_SWITCH: + if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch)) + return FALSE; + break; + case AT_PW_HIST_KVNO: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno)) + return FALSE; + break; + case AT_PW_HIST: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0, + sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t)) + return FALSE; + break; + default: + if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0)) + return FALSE; + break; + } + return TRUE; } bool_t xdr_kdbe_t (XDR *xdrs, kdbe_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0, - sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0, + sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t)) + return FALSE; + return TRUE; } bool_t xdr_kdb_incr_update_t (XDR *xdrs, kdb_incr_update_t *objp) { - register int32_t *buf; - - if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name)) - return FALSE; - if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno)) - return FALSE; - if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time)) - return FALSE; - if (!xdr_kdbe_t (xdrs, &objp->kdb_update)) - return FALSE; - if (!xdr_bool (xdrs, &objp->kdb_deleted)) - return FALSE; - if (!xdr_bool (xdrs, &objp->kdb_commit)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0, - sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) - return FALSE; - if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name)) + return FALSE; + if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno)) + return FALSE; + if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time)) + return FALSE; + if (!xdr_kdbe_t (xdrs, &objp->kdb_update)) + return FALSE; + if (!xdr_bool (xdrs, &objp->kdb_deleted)) + return FALSE; + if (!xdr_bool (xdrs, &objp->kdb_commit)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0, + sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) + return FALSE; + if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdb_ulog_t (XDR *xdrs, kdb_ulog_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0, - sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0, + sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t)) + return FALSE; + return TRUE; } bool_t xdr_update_status_t (XDR *xdrs, update_status_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_enum (xdrs, (enum_t *) objp)) - return FALSE; - return TRUE; + if (!xdr_enum (xdrs, (enum_t *) objp)) + return FALSE; + return TRUE; } bool_t xdr_kdb_last_t (XDR *xdrs, kdb_last_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_kdb_sno_t (xdrs, &objp->last_sno)) - return FALSE; - if (!xdr_kdbe_time_t (xdrs, &objp->last_time)) - return FALSE; - return TRUE; + if (!xdr_kdb_sno_t (xdrs, &objp->last_sno)) + return FALSE; + if (!xdr_kdbe_time_t (xdrs, &objp->last_time)) + return FALSE; + return TRUE; } bool_t xdr_kdb_incr_result_t (XDR *xdrs, kdb_incr_result_t *objp) { - register int32_t *buf; - - if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) - return FALSE; - if (!xdr_kdb_ulog_t (xdrs, &objp->updates)) - return FALSE; - if (!xdr_update_status_t (xdrs, &objp->ret)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) + return FALSE; + if (!xdr_kdb_ulog_t (xdrs, &objp->updates)) + return FALSE; + if (!xdr_update_status_t (xdrs, &objp->ret)) + return FALSE; + return TRUE; } bool_t xdr_kdb_fullresync_result_t (XDR *xdrs, kdb_fullresync_result_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) - return FALSE; - if (!xdr_update_status_t (xdrs, &objp->ret)) - return FALSE; - return TRUE; + if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) + return FALSE; + if (!xdr_update_status_t (xdrs, &objp->ret)) + return FALSE; + return TRUE; } diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 8aef88aaf1..cd9f716974 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2006, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -32,7 +33,7 @@ * distribution under the MIT license. */ -/* +/* * Include files */ @@ -81,7 +82,7 @@ kdb_lock_list() int err; err = CALL_INIT_FUNCTION (kdb_init_lock_list); if (err) - return err; + return err; return k5_mutex_lock(&db_lock); } @@ -89,7 +90,7 @@ void kdb_fini_lock_list(void) { if (INITIALIZER_RAN(kdb_init_lock_list)) - k5_mutex_destroy(&db_lock); + k5_mutex_destroy(&db_lock); } static int @@ -177,27 +178,27 @@ kdb_get_conf_section(krb5_context kcontext) char *value = NULL; if (kcontext->default_realm == NULL) - return NULL; + return NULL; /* The profile has to have been initialized. If the profile was not initialized, expect nothing less than a crash. */ status = profile_get_string(kcontext->profile, - /* realms */ - KDB_REALM_SECTION, - kcontext->default_realm, - /* under the realm name, database_module */ - KDB_MODULE_POINTER, - /* default value is the realm name itself */ - kcontext->default_realm, - &value); + /* realms */ + KDB_REALM_SECTION, + kcontext->default_realm, + /* under the realm name, database_module */ + KDB_MODULE_POINTER, + /* default value is the realm name itself */ + kcontext->default_realm, + &value); if (status) { - /* some problem */ - result = strdup(kcontext->default_realm); - /* let NULL be handled by the caller */ + /* some problem */ + result = strdup(kcontext->default_realm); + /* let NULL be handled by the caller */ } else { - result = strdup(value); - /* free profile string */ - profile_release_string(value); + result = strdup(value); + /* free profile string */ + profile_release_string(value); } return result; @@ -212,27 +213,27 @@ kdb_get_library_name(krb5_context kcontext) char *lib = NULL; status = profile_get_string(kcontext->profile, - /* realms */ - KDB_REALM_SECTION, - kcontext->default_realm, - /* under the realm name, database_module */ - KDB_MODULE_POINTER, - /* default value is the realm name itself */ - kcontext->default_realm, - &value); + /* realms */ + KDB_REALM_SECTION, + kcontext->default_realm, + /* under the realm name, database_module */ + KDB_MODULE_POINTER, + /* default value is the realm name itself */ + kcontext->default_realm, + &value); if (status) - goto clean_n_exit; + goto clean_n_exit; #define DB2_NAME "db2" /* we got the module section. Get the library name from the module */ status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value, - KDB_LIB_POINTER, - /* default to db2 */ - DB2_NAME, - &lib); + KDB_LIB_POINTER, + /* default to db2 */ + DB2_NAME, + &lib); if (status) { - goto clean_n_exit; + goto clean_n_exit; } result = strdup(lib); @@ -246,33 +247,33 @@ static void kdb_setup_opt_functions(db_library lib) { if (lib->vftabl.set_master_key == NULL) - lib->vftabl.set_master_key = kdb_def_set_mkey; + lib->vftabl.set_master_key = kdb_def_set_mkey; if (lib->vftabl.set_master_key_list == NULL) - lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; + lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; if (lib->vftabl.get_master_key == NULL) - lib->vftabl.get_master_key = kdb_def_get_mkey; + lib->vftabl.get_master_key = kdb_def_get_mkey; if (lib->vftabl.get_master_key_list == NULL) - lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; + lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; if (lib->vftabl.fetch_master_key == NULL) - lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; + lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; if (lib->vftabl.verify_master_key == NULL) - lib->vftabl.verify_master_key = krb5_def_verify_master_key; + lib->vftabl.verify_master_key = krb5_def_verify_master_key; if (lib->vftabl.fetch_master_key_list == NULL) - lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; + lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; if (lib->vftabl.store_master_key_list == NULL) - lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; + lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; if (lib->vftabl.dbe_search_enctype == NULL) - lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; + lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; if (lib->vftabl.db_change_pwd == NULL) - lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; + lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; if (lib->vftabl.store_master_key == NULL) - lib->vftabl.store_master_key = krb5_def_store_mkey; + lib->vftabl.store_master_key = krb5_def_store_mkey; if (lib->vftabl.promote_db == NULL) - lib->vftabl.promote_db = krb5_def_promote_db; + lib->vftabl.promote_db = krb5_def_promote_db; if (lib->vftabl.dbekd_decrypt_key_data == NULL) - lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; + lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; if (lib->vftabl.dbekd_encrypt_key_data == NULL) - lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; + lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; } #ifdef STATIC_PLUGINS @@ -290,21 +291,21 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) kdb_vftabl *vftabl_addr = NULL; if (strcmp(lib_name, "db2") == 0) - vftabl_addr = &krb5_db2_kdb_function_table; + vftabl_addr = &krb5_db2_kdb_function_table; #ifdef ENABLE_LDAP if (strcmp(lib_name, "ldap") == 0) - vftabl_addr = &krb5_ldap_kdb_function_table; + vftabl_addr = &krb5_ldap_kdb_function_table; #endif if (!vftabl_addr) { - krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, - "Unable to find requested database type: %s", - lib_name); - return KRB5_KDB_DBTYPE_NOSUP; + krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, + "Unable to find requested database type: %s", + lib_name); + return KRB5_KDB_DBTYPE_NOSUP; } lib = calloc(1, sizeof(*lib)); if (lib == NULL) - return ENOMEM; + return ENOMEM; strlcpy(lib->name, lib_name, sizeof(lib->name)); memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); @@ -312,7 +313,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) status = lib->vftabl.init_library(); if (status) - goto cleanup; + goto cleanup; *libptr = lib; return 0; @@ -339,7 +340,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) When it's static, it goes into ".picdata", which is read-write. */ static const char *const dbpath_names[] = { - KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, + KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, }; const char *filebases[2]; char **profpath = NULL; @@ -350,7 +351,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) *lib = calloc((size_t) 1, sizeof(**lib)); if (*lib == NULL) - return ENOMEM; + return ENOMEM; strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); @@ -358,31 +359,31 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) file(s) first. */ status = profile_get_values(kcontext->profile, dbpath_names, &profpath); if (status != 0 && status != PROF_NO_RELATION) - goto clean_n_exit; + goto clean_n_exit; ndx = 0; if (profpath) - while (profpath[ndx] != NULL) - ndx++; + while (profpath[ndx] != NULL) + ndx++; path = calloc(ndx + db_dl_n_locations, sizeof (char *)); if (path == NULL) { - status = ENOMEM; - goto clean_n_exit; + status = ENOMEM; + goto clean_n_exit; } if (ndx) - memcpy(path, profpath, ndx * sizeof(profpath[0])); + memcpy(path, profpath, ndx * sizeof(profpath[0])); memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *)); status = 0; - - if ((status = krb5int_open_plugin_dirs ((const char **) path, - filebases, + + if ((status = krb5int_open_plugin_dirs ((const char **) path, + filebases, &(*lib)->dl_dir_handle, &kcontext->err))) { - const char *err_str = krb5_get_error_message(kcontext, status); - status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message (kcontext, status, - "Unable to find requested database type: %s", err_str); - krb5_free_error_message (kcontext, err_str); - goto clean_n_exit; + const char *err_str = krb5_get_error_message(kcontext, status); + status = KRB5_KDB_DBTYPE_NOTFOUND; + krb5_set_error_message (kcontext, status, + "Unable to find requested database type: %s", err_str); + krb5_free_error_message (kcontext, err_str); + goto clean_n_exit; } if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table", @@ -392,34 +393,34 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) krb5_set_error_message (kcontext, status, "plugin symbol 'kdb_function_table' lookup failed: %s", err_str); krb5_free_error_message (kcontext, err_str); - goto clean_n_exit; + goto clean_n_exit; } if (vftabl_addrs[0] == NULL) { - /* No plugins! */ - status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message (kcontext, status, - _("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"), - lib_name); - goto clean_n_exit; + /* No plugins! */ + status = KRB5_KDB_DBTYPE_NOTFOUND; + krb5_set_error_message (kcontext, status, + _("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"), + lib_name); + goto clean_n_exit; } memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl)); kdb_setup_opt_functions(*lib); - + if ((status = (*lib)->vftabl.init_library())) goto clean_n_exit; - + clean_n_exit: krb5int_free_plugin_dir_data(vftabl_addrs); /* Both of these DTRT with NULL. */ profile_free_list(profpath); free(path); if (status && *lib) { - if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) - krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); - free(*lib); - *lib = NULL; + if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) + krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); + free(*lib); + *lib = NULL; } return status; } @@ -436,43 +437,43 @@ kdb_find_library(krb5_context kcontext, char *lib_name, db_library * lib) static int kdb_db2_pol_err_loaded = 0; if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) { - initialize_adb_error_table(); - kdb_db2_pol_err_loaded = 1; + initialize_adb_error_table(); + kdb_db2_pol_err_loaded = 1; } if ((status = kdb_lock_list()) != 0) - goto clean_n_exit; + goto clean_n_exit; locked = 1; curr_elt = lib_list; while (curr_elt != NULL) { - if (strcmp(lib_name, curr_elt->name) == 0) { - *lib = curr_elt; - goto clean_n_exit; - } - prev_elt = curr_elt; - curr_elt = curr_elt->next; + if (strcmp(lib_name, curr_elt->name) == 0) { + *lib = curr_elt; + goto clean_n_exit; + } + prev_elt = curr_elt; + curr_elt = curr_elt->next; } /* module not found. create and add to list */ status = kdb_load_library(kcontext, lib_name, lib); if (status) - goto clean_n_exit; + goto clean_n_exit; if (prev_elt) { - /* prev_elt points to the last element in the list */ - prev_elt->next = *lib; - (*lib)->prev = prev_elt; + /* prev_elt points to the last element in the list */ + prev_elt->next = *lib; + (*lib)->prev = prev_elt; } else { - lib_list = *lib; + lib_list = *lib; } clean_n_exit: if (*lib) - (*lib)->reference_cnt++; + (*lib)->reference_cnt++; if (locked) - kdb_unlock_list(); + kdb_unlock_list(); return status; } @@ -484,33 +485,33 @@ kdb_free_library(db_library lib) int locked = 0; if ((status = kdb_lock_list()) != 0) - goto clean_n_exit; + goto clean_n_exit; locked = 1; lib->reference_cnt--; if (lib->reference_cnt == 0) { - status = lib->vftabl.fini_library(); - if (status) - goto clean_n_exit; + status = lib->vftabl.fini_library(); + if (status) + goto clean_n_exit; - /* close the library */ + /* close the library */ if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle))) krb5int_close_plugin_dirs (&lib->dl_dir_handle); - - if (lib->prev == NULL) - lib_list = lib->next; /* first element in the list */ - else - lib->prev->next = lib->next; - - if (lib->next) - lib->next->prev = lib->prev; - free(lib); + + if (lib->prev == NULL) + lib_list = lib->next; /* first element in the list */ + else + lib->prev->next = lib->next; + + if (lib->next) + lib->next->prev = lib->prev; + free(lib); } clean_n_exit: if (locked) - kdb_unlock_list(); + kdb_unlock_list(); return status; } @@ -525,19 +526,19 @@ krb5_db_setup_lib_handle(krb5_context kcontext) dal_handle = calloc((size_t) 1, sizeof(kdb5_dal_handle)); if (dal_handle == NULL) { - status = ENOMEM; - goto clean_n_exit; + status = ENOMEM; + goto clean_n_exit; } library = kdb_get_library_name(kcontext); if (library == NULL) { - status = KRB5_KDB_DBTYPE_NOTFOUND; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOTFOUND; + goto clean_n_exit; } status = kdb_find_library(kcontext, library, &lib); if (status) - goto clean_n_exit; + goto clean_n_exit; dal_handle->lib_handle = lib; kcontext->dal_handle = dal_handle; @@ -546,9 +547,9 @@ clean_n_exit: free(library); if (status) { - free(dal_handle); - if (lib) - kdb_free_library(lib); + free(dal_handle); + if (lib) + kdb_free_library(lib); } return status; @@ -561,7 +562,7 @@ kdb_free_lib_handle(krb5_context kcontext) status = kdb_free_library(kcontext->dal_handle->lib_handle); if (status) - return status; + return status; free(kcontext->dal_handle); kcontext->dal_handle = NULL; @@ -575,16 +576,16 @@ get_errmsg(krb5_context kcontext, krb5_error_code err_code) const char *e; if (err_code == 0) - return; + return; assert(kcontext != NULL && kcontext->dal_handle != NULL); v = &kcontext->dal_handle->lib_handle->vftabl; if (v->errcode_2_string == NULL) - return; + return; e = v->errcode_2_string(kcontext, err_code); assert (e != NULL); krb5_set_error_message(kcontext, err_code, "%s", e); if (v->release_errcode_string) - v->release_errcode_string(kcontext, e); + v->release_errcode_string(kcontext, e); } static krb5_error_code @@ -594,9 +595,9 @@ get_vftabl(krb5_context kcontext, kdb_vftabl **vftabl_ptr) *vftabl_ptr = NULL; if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) - return status; + status = krb5_db_setup_lib_handle(kcontext); + if (status) + return status; } *vftabl_ptr = &kcontext->dal_handle->lib_handle->vftabl; return 0; @@ -614,23 +615,23 @@ krb5_db_open(krb5_context kcontext, char **db_args, int mode) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm ? kcontext->default_realm : "[UNSET]"); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm ? kcontext->default_realm : "[UNSET]"); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; assert(v->init_module != NULL); status = v->init_module(kcontext, section, db_args, mode); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -638,7 +639,7 @@ krb5_error_code krb5_db_inited(krb5_context kcontext) { return !(kcontext && kcontext->dal_handle && - kcontext->dal_handle->db_context); + kcontext->dal_handle->db_context); } krb5_error_code @@ -650,26 +651,26 @@ krb5_db_create(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; if (v->db_create == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; } status = v->db_create(kcontext, section, db_args); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -681,7 +682,7 @@ krb5_db_fini(krb5_context kcontext) /* Do nothing if module was never loaded. */ if (kcontext->dal_handle == NULL) - return 0; + return 0; v = &kcontext->dal_handle->lib_handle->vftabl; assert(v->fini_module != NULL); @@ -689,7 +690,7 @@ krb5_db_fini(krb5_context kcontext) get_errmsg(kcontext, status); if (status) - return status; + return status; return kdb_free_lib_handle(kcontext); } @@ -703,26 +704,26 @@ krb5_db_destroy(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; if (v->db_destroy == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; } status = v->db_destroy(kcontext, section, db_args); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -734,9 +735,9 @@ krb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_age == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_age(kcontext, db_name, t); get_errmsg(kcontext, status); return status; @@ -750,9 +751,9 @@ krb5_db_set_option(krb5_context kcontext, int option, void *value) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_set_option == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_set_option(kcontext, option, value); get_errmsg(kcontext, status); return status; @@ -766,9 +767,9 @@ krb5_db_lock(krb5_context kcontext, int lock_mode) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_lock == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_lock(kcontext, lock_mode); get_errmsg(kcontext, status); return status; @@ -782,9 +783,9 @@ krb5_db_unlock(krb5_context kcontext) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_unlock == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_unlock(kcontext); get_errmsg(kcontext, status); return status; @@ -792,41 +793,41 @@ krb5_db_unlock(krb5_context kcontext) krb5_error_code krb5_db_get_principal(krb5_context kcontext, - krb5_const_principal search_for, - krb5_db_entry * entries, - int *nentries, krb5_boolean * more) + krb5_const_principal search_for, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_principal(kcontext, search_for, 0, entries, nentries, - more); + more); get_errmsg(kcontext, status); return status; } krb5_error_code krb5_db_get_principal_ext(krb5_context kcontext, - krb5_const_principal search_for, - unsigned int flags, - krb5_db_entry * entries, - int *nentries, krb5_boolean * more) + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_principal(kcontext, search_for, - flags, entries, nentries, more); + flags, entries, nentries, more); get_errmsg(kcontext, status); return status; } @@ -839,9 +840,9 @@ krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_free_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_free_principal(kcontext, entry, count); get_errmsg(kcontext, status); return status; @@ -852,18 +853,18 @@ free_db_args(krb5_context kcontext, char **db_args) { int i; if (db_args) { - /* XXX Is this right? Or are we borrowing storage from - the caller? */ - for (i = 0; db_args[i]; i++) - krb5_db_free(kcontext, db_args[i]); - free(db_args); + /* XXX Is this right? Or are we borrowing storage from + the caller? */ + for (i = 0; db_args[i]; i++) + krb5_db_free(kcontext, db_args[i]); + free(db_args); } } static krb5_error_code extract_db_args_from_tl_data(krb5_context kcontext, - krb5_tl_data **start, krb5_int16 *count, - char ***db_argsp) + krb5_tl_data **start, krb5_int16 *count, + char ***db_argsp) { char **db_args = NULL; int db_args_size = 0; @@ -877,51 +878,51 @@ extract_db_args_from_tl_data(krb5_context kcontext, difficult for kadmin remote to pass arguments to server. */ prev = NULL, curr = *start; while (curr) { - if (curr->tl_data_type == KRB5_TL_DB_ARGS) { - char **t; - /* Since this is expected to be NULL terminated string and - this could come from any client, do a check before - passing it to db. */ - if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] != - '\0') { - /* Not null terminated. Dangerous input. */ - status = EINVAL; - goto clean_n_exit; - } - - db_args_size++; - t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */ - if (t == NULL) { - status = ENOMEM; - goto clean_n_exit; - } - - db_args = t; - db_args[db_args_size - 1] = (char *) curr->tl_data_contents; - db_args[db_args_size] = NULL; - - next = curr->tl_data_next; - if (prev == NULL) { - /* current node is the first in the linked list. remove it */ - *start = curr->tl_data_next; - } else { - prev->tl_data_next = curr->tl_data_next; - } - (*count)--; - krb5_db_free(kcontext, curr); - - /* previous does not change */ - curr = next; - } else { - prev = curr; - curr = curr->tl_data_next; - } + if (curr->tl_data_type == KRB5_TL_DB_ARGS) { + char **t; + /* Since this is expected to be NULL terminated string and + this could come from any client, do a check before + passing it to db. */ + if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] != + '\0') { + /* Not null terminated. Dangerous input. */ + status = EINVAL; + goto clean_n_exit; + } + + db_args_size++; + t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */ + if (t == NULL) { + status = ENOMEM; + goto clean_n_exit; + } + + db_args = t; + db_args[db_args_size - 1] = (char *) curr->tl_data_contents; + db_args[db_args_size] = NULL; + + next = curr->tl_data_next; + if (prev == NULL) { + /* current node is the first in the linked list. remove it */ + *start = curr->tl_data_next; + } else { + prev->tl_data_next = curr->tl_data_next; + } + (*count)--; + krb5_db_free(kcontext, curr); + + /* previous does not change */ + curr = next; + } else { + prev = curr; + curr = curr->tl_data_next; + } } status = 0; clean_n_exit: if (status != 0) { - free_db_args(kcontext, db_args); - db_args = NULL; + free_db_args(kcontext, db_args); + db_args = NULL; } *db_argsp = db_args; return status; @@ -929,7 +930,7 @@ clean_n_exit: krb5_error_code krb5int_put_principal_no_log(krb5_context kcontext, - krb5_db_entry *entries, int *nentries) + krb5_db_entry *entries, int *nentries) { kdb_vftabl *v; krb5_error_code status; @@ -937,14 +938,14 @@ krb5int_put_principal_no_log(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_put_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, - &entries->n_tl_data, - &db_args); + &entries->n_tl_data, + &db_args); if (status) - return status; + return status; status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); free_db_args(kcontext, db_args); @@ -953,7 +954,7 @@ krb5int_put_principal_no_log(krb5_context kcontext, krb5_error_code krb5_db_put_principal(krb5_context kcontext, - krb5_db_entry * entries, int *nentries) + krb5_db_entry * entries, int *nentries) { krb5_error_code status = 0; kdb_vftabl *v; @@ -968,88 +969,88 @@ krb5_db_put_principal(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, - &entries->n_tl_data, - &db_args); + &entries->n_tl_data, + &db_args); if (status) - goto clean_n_exit; + goto clean_n_exit; if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { - if (!(upd = (kdb_incr_update_t *) - malloc(sizeof (kdb_incr_update_t)* *nentries))) { - status = errno; - goto err_lock; - } - fupd = upd; + if (!(upd = (kdb_incr_update_t *) + malloc(sizeof (kdb_incr_update_t)* *nentries))) { + status = errno; + goto err_lock; + } + fupd = upd; - (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries); + (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries); if ((status = ulog_conv_2logentry(kcontext, entries, upd, *nentries))) - goto err_lock; + goto err_lock; } status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); if (status != 0) - goto err_lock; + goto err_lock; ulog_locked = 1; for (i = 0; i < *nentries; i++) { if (fupd) { - if ((status = krb5_unparse_name(kcontext, entries->princ, - &princ_name))) - goto err_lock; + if ((status = krb5_unparse_name(kcontext, entries->princ, + &princ_name))) + goto err_lock; - upd->kdb_princ_name.utf8str_t_val = princ_name; - upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); + upd->kdb_princ_name.utf8str_t_val = princ_name; + upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_add_update(kcontext, upd)) != 0) - goto err_lock; - upd++; + if ((status = ulog_add_update(kcontext, upd)) != 0) + goto err_lock; + upd++; } } if (v->db_put_principal == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto err_lock; + status = KRB5_KDB_DBTYPE_NOSUP; + goto err_lock; } status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); if (status == 0 && fupd) { - upd = fupd; - for (i = 0; i < *nentries; i++) { - (void) ulog_finish_update(kcontext, upd); - upd++; - } + upd = fupd; + for (i = 0; i < *nentries; i++) { + (void) ulog_finish_update(kcontext, upd); + upd++; + } } err_lock: if (ulog_locked) - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); clean_n_exit: free_db_args(kcontext, db_args); if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) - ulog_free_entries(fupd, *nentries); + ulog_free_entries(fupd, *nentries); return status; } krb5_error_code krb5int_delete_principal_no_log(krb5_context kcontext, - krb5_principal search_for, - int *nentries) + krb5_principal search_for, + int *nentries) { kdb_vftabl *v; krb5_error_code status; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_delete_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); return status; @@ -1057,7 +1058,7 @@ krb5int_delete_principal_no_log(krb5_context kcontext, krb5_error_code krb5_db_delete_principal(krb5_context kcontext, - krb5_principal search_for, int *nentries) + krb5_principal search_for, int *nentries) { krb5_error_code status = 0; kdb_vftabl *v; @@ -1069,36 +1070,36 @@ krb5_db_delete_principal(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); if (status) - return status; + return status; /* * We'll be sharing the same locks as db for logging */ if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { - if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) { - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - return status; - } + if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) { + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + return status; + } - (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); + (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); - upd.kdb_princ_name.utf8str_t_val = princ_name; - upd.kdb_princ_name.utf8str_t_len = strlen(princ_name); + upd.kdb_princ_name.utf8str_t_val = princ_name; + upd.kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_delete_update(kcontext, &upd)) != 0) { - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - free(princ_name); - return status; - } + if ((status = ulog_delete_update(kcontext, &upd)) != 0) { + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + free(princ_name); + return status; + } - free(princ_name); + free(princ_name); } if (v->db_delete_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); @@ -1107,8 +1108,8 @@ krb5_db_delete_principal(krb5_context kcontext, * We need to commit our update upon success */ if (!status) - if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) - (void) ulog_finish_update(kcontext, &upd); + if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) + (void) ulog_finish_update(kcontext, &upd); ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); @@ -1117,18 +1118,18 @@ krb5_db_delete_principal(krb5_context kcontext, krb5_error_code krb5_db_iterate(krb5_context kcontext, - char *match_entry, - int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg) + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_iterate == NULL) - return 0; + return 0; status = v->db_iterate(kcontext, match_entry, func, func_arg); get_errmsg(kcontext, status); return status; @@ -1142,9 +1143,9 @@ krb5_supported_realms(krb5_context kcontext, char **realms) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_supported_realms == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_supported_realms(kcontext, realms); get_errmsg(kcontext, status); return status; @@ -1158,9 +1159,9 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_free_supported_realms == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_free_supported_realms(kcontext, realms); get_errmsg(kcontext, status); return status; @@ -1168,14 +1169,14 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms) krb5_error_code krb5_db_set_master_key_ext(krb5_context kcontext, - char *pwd, krb5_keyblock * key) + char *pwd, krb5_keyblock * key) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->set_master_key(kcontext, pwd, key); get_errmsg(kcontext, status); return status; @@ -1196,7 +1197,7 @@ krb5_db_set_mkey_list(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->set_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); return status; @@ -1210,7 +1211,7 @@ krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->get_master_key(kcontext, key); get_errmsg(kcontext, status); return status; @@ -1224,9 +1225,9 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->get_master_key_list == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->get_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); return status; @@ -1234,17 +1235,17 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) krb5_error_code krb5_db_fetch_mkey_list(krb5_context context, - krb5_principal mname, - const krb5_keyblock * mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkey_list) + krb5_principal mname, + const krb5_keyblock * mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkey_list) { kdb_vftabl *v; krb5_error_code status = 0; status = get_vftabl(context, &v); if (status) - return status; + return status; status = v->fetch_master_key_list(context, mname, mkey, mkvno, mkey_list); get_errmsg(context, status); return status; @@ -1268,42 +1269,42 @@ krb5_db_free_mkey_list(krb5_context context, krb5_error_code krb5_db_store_master_key(krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock * key, char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock * key, char *master_pwd) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->store_master_key == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->store_master_key(kcontext, keyfile, mname, kvno, key, - master_pwd); + master_pwd); get_errmsg(kcontext, status); return status; } krb5_error_code krb5_db_store_master_key_list(krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->store_master_key_list == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->store_master_key_list(kcontext, keyfile, mname, keylist, - master_pwd); + master_pwd); get_errmsg(kcontext, status); return status; } @@ -1331,24 +1332,24 @@ krb5_db_fetch_mkey(krb5_context context, memset(&tmp_key, 0, sizeof(tmp_key)); if (fromkeyboard) { - krb5_data scratch; - - if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, - twice ? krb5_mkey_pwd_prompt2 : 0, - password, &size))) { - goto clean_n_exit; - } - - pwd.data = password; - pwd.length = size; - if (!salt) { - retval = krb5_principal2salt(context, mname, &scratch); - if (retval) - goto clean_n_exit; - } - retval = - krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch, - key); + krb5_data scratch; + + if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, + twice ? krb5_mkey_pwd_prompt2 : 0, + password, &size))) { + goto clean_n_exit; + } + + pwd.data = password; + pwd.length = size; + if (!salt) { + retval = krb5_principal2salt(context, mname, &scratch); + if (retval) + goto clean_n_exit; + } + retval = + krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch, + key); /* * If a kvno pointer was passed in and it dereferences the IGNORE_VNO * value then it should be assigned the value of the kvno associated @@ -1363,9 +1364,9 @@ krb5_db_fetch_mkey(krb5_context context, krb5_db_entry master_entry; rc = krb5_db_get_principal(context, mname, - &master_entry, &nentries, &more); + &master_entry, &nentries, &more); - if (rc == 0 && nentries == 1 && more == FALSE) + if (rc == 0 && nentries == 1 && more == FALSE) *kvno = (krb5_kvno) master_entry.key_data->key_data_kvno; else *kvno = 1; @@ -1374,45 +1375,45 @@ krb5_db_fetch_mkey(krb5_context context, krb5_db_free_principal(context, &master_entry, nentries); } - if (!salt) - free(scratch.data); - zap(password, sizeof(password)); /* erase it */ + if (!salt) + free(scratch.data); + zap(password, sizeof(password)); /* erase it */ } else { - kdb_vftabl *v; + kdb_vftabl *v; - if (context->dal_handle == NULL) { - retval = krb5_db_setup_lib_handle(context); - if (retval) - goto clean_n_exit; - } + if (context->dal_handle == NULL) { + retval = krb5_db_setup_lib_handle(context); + if (retval) + goto clean_n_exit; + } /* get the enctype from the stash */ - tmp_key.enctype = ENCTYPE_UNKNOWN; + tmp_key.enctype = ENCTYPE_UNKNOWN; - v = &context->dal_handle->lib_handle->vftabl; - retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args); - get_errmsg(context, retval); + v = &context->dal_handle->lib_handle->vftabl; + retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args); + get_errmsg(context, retval); - if (retval) - goto clean_n_exit; + if (retval) + goto clean_n_exit; - key->contents = malloc(tmp_key.length); - if (key->contents == NULL) { - retval = ENOMEM; - goto clean_n_exit; - } + key->contents = malloc(tmp_key.length); + if (key->contents == NULL) { + retval = ENOMEM; + goto clean_n_exit; + } - key->magic = tmp_key.magic; - key->enctype = tmp_key.enctype; - key->length = tmp_key.length; - memcpy(key->contents, tmp_key.contents, tmp_key.length); + key->magic = tmp_key.magic; + key->enctype = tmp_key.enctype; + key->length = tmp_key.length; + memcpy(key->contents, tmp_key.contents, tmp_key.length); } clean_n_exit: if (tmp_key.contents) { - zap(tmp_key.contents, tmp_key.length); - krb5_db_free(context, tmp_key.contents); + zap(tmp_key.contents, tmp_key.length); + krb5_db_free(context, tmp_key.contents); } return retval; } @@ -1428,9 +1429,9 @@ krb5_db_verify_master_key(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->verify_master_key == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->verify_master_key(kcontext, mprinc, kvno, mkey); get_errmsg(kcontext, status); return status; @@ -1506,13 +1507,13 @@ krb5_dbe_find_act_mkey(krb5_context context, krb5_error_code retval; krb5_keylist_node *cur_keyblock = mkey_list; krb5_actkvno_node *prev_actkvno, *cur_actkvno; - krb5_timestamp now; - krb5_boolean found = FALSE; + krb5_timestamp now; + krb5_boolean found = FALSE; if (act_mkey_list == NULL) { - *act_kvno = 0; - *act_mkey = NULL; - return 0; + *act_kvno = 0; + *act_mkey = NULL; + return 0; } if ((retval = krb5_timeofday(context, &now))) @@ -1613,7 +1614,7 @@ krb5_db_alloc(krb5_context kcontext, void *ptr, size_t size) status = get_vftabl(kcontext, &v); if (status) - return NULL; + return NULL; return v->db_alloc(kcontext, ptr, size); } @@ -1625,7 +1626,7 @@ krb5_db_free(krb5_context kcontext, void *ptr) status = get_vftabl(kcontext, &v); if (status) - return; + return; v->db_free(kcontext, ptr); } @@ -1633,59 +1634,59 @@ krb5_db_free(krb5_context kcontext, void *ptr) krb5_error_code krb5_dbe_find_enctype(krb5_context kcontext, - krb5_db_entry * dbentp, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, krb5_key_data ** kdatap) + krb5_db_entry * dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data ** kdatap) { krb5_int32 start = 0; return krb5_dbe_search_enctype(kcontext, dbentp, &start, ktype, stype, - kvno, kdatap); + kvno, kdatap); } krb5_error_code krb5_dbe_search_enctype(krb5_context kcontext, - krb5_db_entry * dbentp, - krb5_int32 * start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, krb5_key_data ** kdatap) + krb5_db_entry * dbentp, + krb5_int32 * start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data ** kdatap) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->dbe_search_enctype(kcontext, dbentp, start, ktype, stype, - kvno, kdatap); + kvno, kdatap); get_errmsg(kcontext, status); return status; } -#define REALM_SEP_STRING "@" +#define REALM_SEP_STRING "@" krb5_error_code krb5_db_setup_mkey_name(krb5_context context, - const char *keyname, - const char *realm, - char **fullname, krb5_principal * principal) + const char *keyname, + const char *realm, + char **fullname, krb5_principal * principal) { krb5_error_code retval; char *fname; if (!keyname) - keyname = KRB5_KDB_M_NAME; /* XXX external? */ + keyname = KRB5_KDB_M_NAME; /* XXX external? */ if (asprintf(&fname, "%s%s%s", keyname, REALM_SEP_STRING, realm) < 0) - return ENOMEM; + return ENOMEM; if ((retval = krb5_parse_name(context, fname, principal))) - return retval; + return retval; if (fullname) - *fullname = fname; + *fullname = fname; else - free(fname); + free(fname); return 0; } @@ -1702,11 +1703,11 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp) tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_length != 4) { - *stamp = 0; - return (0); + *stamp = 0; + return (0); } krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp); @@ -1725,10 +1726,10 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data) krb5_tl_data *tl_data; for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) { - if (tl_data->tl_data_type == ret_tl_data->tl_data_type) { - *ret_tl_data = *tl_data; - return (0); - } + if (tl_data->tl_data_type == ret_tl_data->tl_data_type) { + *ret_tl_data = *tl_data; + return (0); + } } /* @@ -1748,10 +1749,10 @@ krb5_dbe_create_key_data(context, entry) krb5_db_entry *entry; { if ((entry->key_data = - (krb5_key_data *) krb5_db_alloc(context, entry->key_data, - (sizeof(krb5_key_data) * - (entry->n_key_data + 1)))) == NULL) - return (ENOMEM); + (krb5_key_data *) krb5_db_alloc(context, entry->key_data, + (sizeof(krb5_key_data) * + (entry->n_key_data + 1)))) == NULL) + return (ENOMEM); memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data)); entry->n_key_data++; @@ -1774,14 +1775,14 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ) unsigned int unparse_mod_princ_size; if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ))) - return (retval); + return (retval); unparse_mod_princ_size = strlen(unparse_mod_princ) + 1; if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4)) - == NULL) { - free(unparse_mod_princ); - return (ENOMEM); + == NULL) { + free(unparse_mod_princ); + return (ENOMEM); } tl_data.tl_data_type = KRB5_TL_MOD_PRINC; @@ -1818,28 +1819,28 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ) tl_data.tl_data_type = KRB5_TL_MOD_PRINC; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if ((tl_data.tl_data_length < 5) || - (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0')) - return (KRB5_KDB_TRUNCATED_RECORD); + (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0')) + return (KRB5_KDB_TRUNCATED_RECORD); /* Mod Date */ krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time); /* Mod Princ */ if ((code = krb5_parse_name(context, - (const char *) (tl_data.tl_data_contents + 4), - mod_princ))) - return (code); + (const char *) (tl_data.tl_data_contents + 4), + mod_princ))) + return (code); return (0); } krb5_error_code -krb5_dbe_lookup_mkvno(krb5_context context, - krb5_db_entry *entry, - krb5_kvno *mkvno) +krb5_dbe_lookup_mkvno(krb5_context context, + krb5_db_entry *entry, + krb5_kvno *mkvno) { krb5_tl_data tl_data; krb5_error_code code; @@ -1848,13 +1849,13 @@ krb5_dbe_lookup_mkvno(krb5_context context, tl_data.tl_data_type = KRB5_TL_MKVNO; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_length == 0) { - *mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */ - return (0); + *mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */ + return (0); } else if (tl_data.tl_data_length != 2) { - return (KRB5_KDB_TRUNCATED_RECORD); + return (KRB5_KDB_TRUNCATED_RECORD); } krb5_kdb_decode_int16(tl_data.tl_data_contents, tmp); @@ -1887,7 +1888,7 @@ krb5_dbe_lookup_mkey_aux(krb5_context context, krb5_tl_data tl_data; krb5_int16 version; krb5_mkey_aux_node *head_data = NULL, *new_data = NULL, - *prev_data = NULL; + *prev_data = NULL; krb5_octet *curloc; /* current location pointer */ krb5_error_code code; @@ -2079,7 +2080,7 @@ krb5_dbe_lookup_actkvno(krb5_context context, * field. */ num_actkvno = (tl_data.tl_data_length - sizeof(version)) / - ACTKVNO_TUPLE_SIZE; + ACTKVNO_TUPLE_SIZE; prev_data = NULL; /* next_tuple points to first tuple entry in the tl_data_contents */ next_tuple = tl_data.tl_data_contents + sizeof(version); @@ -2105,8 +2106,8 @@ krb5_dbe_lookup_actkvno(krb5_context context, } } else { krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, - "Illegal version number for KRB5_TL_ACTKVNO %d\n", - version); + "Illegal version number for KRB5_TL_ACTKVNO %d\n", + version); return (KRB5_KDB_BAD_VERSION); } } @@ -2183,7 +2184,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp) krb5_timestamp stamp; { krb5_tl_data tl_data; - krb5_octet buf[4]; /* this is the encoded size of an int32 */ + krb5_octet buf[4]; /* this is the encoded size of an int32 */ tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; tl_data.tl_data_length = sizeof(buf); @@ -2196,7 +2197,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp) krb5_error_code krb5_dbe_delete_tl_data(krb5_context context, krb5_db_entry *entry, - krb5_int16 tl_data_type) + krb5_int16 tl_data_type) { krb5_tl_data *tl_data, *prev_tl_data, *free_tl_data; @@ -2245,40 +2246,40 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data) * fails. */ if ((tmp = - (krb5_octet *) krb5_db_alloc(context, NULL, - new_tl_data->tl_data_length)) == NULL) - return (ENOMEM); + (krb5_octet *) krb5_db_alloc(context, NULL, + new_tl_data->tl_data_length)) == NULL) + return (ENOMEM); /* * Find an existing entry of the specified type and point at * it, or NULL if not found. */ - if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */ - for (tl_data = entry->tl_data; tl_data; - tl_data = tl_data->tl_data_next) - if (tl_data->tl_data_type == new_tl_data->tl_data_type) - break; + if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */ + for (tl_data = entry->tl_data; tl_data; + tl_data = tl_data->tl_data_next) + if (tl_data->tl_data_type == new_tl_data->tl_data_type) + break; } /* If necessary, chain a new record in the beginning and point at it. */ if (!tl_data) { - tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data)); - if (tl_data == NULL) { - free(tmp); - return (ENOMEM); - } - memset(tl_data, 0, sizeof(krb5_tl_data)); - tl_data->tl_data_next = entry->tl_data; - entry->tl_data = tl_data; - entry->n_tl_data++; + tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data)); + if (tl_data == NULL) { + free(tmp); + return (ENOMEM); + } + memset(tl_data, 0, sizeof(krb5_tl_data)); + tl_data->tl_data_next = entry->tl_data; + entry->tl_data = tl_data; + entry->n_tl_data++; } /* fill in the record */ if (tl_data->tl_data_contents) - krb5_db_free(context, tl_data->tl_data_contents); + krb5_db_free(context, tl_data->tl_data_contents); tl_data->tl_data_type = new_tl_data->tl_data_type; tl_data->tl_data_length = new_tl_data->tl_data_length; @@ -2291,20 +2292,20 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data) /* change password functions */ krb5_error_code krb5_dbe_cpw(krb5_context kcontext, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char *passwd, - int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry) + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char *passwd, + int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->db_change_pwd(kcontext, master_key, ks_tuple, ks_tuple_count, - passwd, new_kvno, keepold, db_entry); + passwd, new_kvno, keepold, db_entry); get_errmsg(kcontext, status); return status; } @@ -2318,9 +2319,9 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_create_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_create_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2328,16 +2329,16 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy) krb5_error_code krb5_db_get_policy(krb5_context kcontext, char *name, - osa_policy_ent_t * policy, int *cnt) + osa_policy_ent_t * policy, int *cnt) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_policy(kcontext, name, policy, cnt); get_errmsg(kcontext, status); return status; @@ -2351,9 +2352,9 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_put_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_put_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2361,16 +2362,16 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy) krb5_error_code krb5_db_iter_policy(krb5_context kcontext, char *match_entry, - osa_adb_iter_policy_func func, void *data) + osa_adb_iter_policy_func func, void *data) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_iter_policy == NULL) - return 0; + return 0; status = v->db_iter_policy(kcontext, match_entry, func, data); get_errmsg(kcontext, status); return status; @@ -2384,9 +2385,9 @@ krb5_db_delete_policy(krb5_context kcontext, char *policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_delete_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2400,7 +2401,7 @@ krb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status || v->db_free_policy == NULL) - return; + return; v->db_free_policy(kcontext, policy); get_errmsg(kcontext, status); } @@ -2414,16 +2415,16 @@ krb5_db_promote(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; status = v->promote_db(kcontext, section, db_args); get_errmsg(kcontext, status); @@ -2433,37 +2434,37 @@ clean_n_exit: } krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbekd_decrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; return v->dbekd_decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt); } krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbekd_encrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; return v->dbekd_encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver, - key_data); + key_data); } krb5_error_code @@ -2471,7 +2472,7 @@ krb5_db_get_context(krb5_context context, void **db_context) { *db_context = KRB5_DB_GET_DB_CONTEXT(context); if (*db_context == NULL) - return KRB5_KDB_DBNOTINITED; + return KRB5_KDB_DBNOTINITED; return 0; } @@ -2485,17 +2486,17 @@ krb5_db_set_context(krb5_context context, void *db_context) krb5_error_code krb5_db_invoke(krb5_context kcontext, - unsigned int method, - const krb5_data *req, - krb5_data *rep) + unsigned int method, + const krb5_data *req, + krb5_data *rep) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_invoke == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; return v->db_invoke(kcontext, method, req, rep); } diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h index e3a1f2633a..eb9e15ce22 100644 --- a/src/lib/kdb/kdb5.h +++ b/src/lib/kdb/kdb5.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef _KRB5_KDB5_H_ #define _KRB5_KDB5_H_ diff --git a/src/lib/kdb/kdb5int.h b/src/lib/kdb/kdb5int.h index 40f38ad210..994f1f9317 100644 --- a/src/lib/kdb/kdb5int.h +++ b/src/lib/kdb/kdb5int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb5/kdb5int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Private header file for the kdb5 library for internal functions */ @@ -34,11 +35,11 @@ krb5_error_code krb5int_put_principal_no_log(krb5_context kcontext, - krb5_db_entry *entries, int *nentries); + krb5_db_entry *entries, int *nentries); krb5_error_code krb5int_delete_principal_no_log(krb5_context kcontext, - krb5_principal search_for, - int *nentries); + krb5_principal search_for, + int *nentries); #endif /* __KDB5INT_H__ */ diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c index 9eacac3ea7..df3019d6d1 100644 --- a/src/lib/kdb/kdb_convert.c +++ b/src/lib/kdb/kdb_convert.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -/* #pragma ident "@(#)kdb_convert.c 1.3 05/01/05 SMI" */ +/* #pragma ident "@(#)kdb_convert.c 1.3 05/01/05 SMI" */ /* * This file contains api's for conversion of the kdb_incr_update_t @@ -20,15 +21,15 @@ #include <kdb_log.h> /* BEGIN CSTYLED */ -#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i] +#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i] -#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u +#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u -#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j] +#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j] -#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j] +#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j] -#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j] +#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j] /* END CSTYLED */ typedef enum { @@ -44,99 +45,99 @@ typedef enum { */ static void find_changed_attrs(krb5_db_entry *current, krb5_db_entry *new, - krb5_boolean exclude_nra, - kdbe_attr_type_t *attrs, int *nattrs) + krb5_boolean exclude_nra, + kdbe_attr_type_t *attrs, int *nattrs) { int i = 0, j = 0; krb5_tl_data *first, *second; if (current->attributes != new->attributes) - attrs[i++] = AT_ATTRFLAGS; + attrs[i++] = AT_ATTRFLAGS; if (current->max_life != new->max_life) - attrs[i++] = AT_MAX_LIFE; + attrs[i++] = AT_MAX_LIFE; if (current->max_renewable_life != new->max_renewable_life) - attrs[i++] = AT_MAX_RENEW_LIFE; + attrs[i++] = AT_MAX_RENEW_LIFE; if (current->expiration != new->expiration) - attrs[i++] = AT_EXP; + attrs[i++] = AT_EXP; if (current->pw_expiration != new->pw_expiration) - attrs[i++] = AT_PW_EXP; + attrs[i++] = AT_PW_EXP; if (!exclude_nra) { - if (current->last_success != new->last_success) - attrs[i++] = AT_LAST_SUCCESS; + if (current->last_success != new->last_success) + attrs[i++] = AT_LAST_SUCCESS; - if (current->last_failed != new->last_failed) - attrs[i++] = AT_LAST_FAILED; + if (current->last_failed != new->last_failed) + attrs[i++] = AT_LAST_FAILED; - if (current->fail_auth_count != new->fail_auth_count) - attrs[i++] = AT_FAIL_AUTH_COUNT; + if (current->fail_auth_count != new->fail_auth_count) + attrs[i++] = AT_FAIL_AUTH_COUNT; } if ((current->princ->type == new->princ->type) && - (current->princ->length == new->princ->length)) { - if ((current->princ->realm.length == - new->princ->realm.length) && - strncmp(current->princ->realm.data, - new->princ->realm.data, - current->princ->realm.length)) { - for (j = 0; j < current->princ->length; j++) { - if ((current->princ->data[j].data != NULL) && - (strncmp(current->princ->data[j].data, - new->princ->data[j].data, - current->princ->data[j].length))) { - attrs[i++] = AT_PRINC; - break; - } - } - } else { - attrs[i++] = AT_PRINC; - } + (current->princ->length == new->princ->length)) { + if ((current->princ->realm.length == + new->princ->realm.length) && + strncmp(current->princ->realm.data, + new->princ->realm.data, + current->princ->realm.length)) { + for (j = 0; j < current->princ->length; j++) { + if ((current->princ->data[j].data != NULL) && + (strncmp(current->princ->data[j].data, + new->princ->data[j].data, + current->princ->data[j].length))) { + attrs[i++] = AT_PRINC; + break; + } + } + } else { + attrs[i++] = AT_PRINC; + } } else { - attrs[i++] = AT_PRINC; + attrs[i++] = AT_PRINC; } if (current->n_key_data == new->n_key_data) { - /* Assuming key ordering is the same in new & current */ - for (j = 0; j < new->n_key_data; j++) { - if (current->key_data[j].key_data_kvno != - new->key_data[j].key_data_kvno) { - attrs[i++] = AT_KEYDATA; - break; - } - } + /* Assuming key ordering is the same in new & current */ + for (j = 0; j < new->n_key_data; j++) { + if (current->key_data[j].key_data_kvno != + new->key_data[j].key_data_kvno) { + attrs[i++] = AT_KEYDATA; + break; + } + } } else { - attrs[i++] = AT_KEYDATA; + attrs[i++] = AT_KEYDATA; } if (current->n_tl_data == new->n_tl_data) { - /* Assuming we preserve the TL_DATA ordering between updates */ - for (first = current->tl_data, second = new->tl_data; - first; first = first->tl_data_next, - second = second->tl_data_next) { - if ((first->tl_data_length == second->tl_data_length) && - (first->tl_data_type == second->tl_data_type)) { - if ((memcmp((char *)first->tl_data_contents, - (char *)second->tl_data_contents, - first->tl_data_length)) != 0) { - attrs[i++] = AT_TL_DATA; - break; - } - } else { - attrs[i++] = AT_TL_DATA; - break; - } - } + /* Assuming we preserve the TL_DATA ordering between updates */ + for (first = current->tl_data, second = new->tl_data; + first; first = first->tl_data_next, + second = second->tl_data_next) { + if ((first->tl_data_length == second->tl_data_length) && + (first->tl_data_type == second->tl_data_type)) { + if ((memcmp((char *)first->tl_data_contents, + (char *)second->tl_data_contents, + first->tl_data_length)) != 0) { + attrs[i++] = AT_TL_DATA; + break; + } + } else { + attrs[i++] = AT_TL_DATA; + break; + } + } } else { - attrs[i++] = AT_TL_DATA; + attrs[i++] = AT_TL_DATA; } if (current->len != new->len) - attrs[i++] = AT_LEN; + attrs[i++] = AT_LEN; /* * Store the no. of (possibly :)) changed attributes */ @@ -151,12 +152,12 @@ data_to_utf8str(utf8str_t *u, krb5_data d) { u->utf8str_t_len = d.length; if (d.data) { - u->utf8str_t_val = malloc(d.length); - if (u->utf8str_t_val == NULL) - return -1; - memcpy(u->utf8str_t_val, d.data, d.length); + u->utf8str_t_val = malloc(d.length); + if (u->utf8str_t_val == NULL) + return -1; + memcpy(u->utf8str_t_val, d.data, d.length); } else - u->utf8str_t_val = NULL; + u->utf8str_t_val = NULL; return 0; } @@ -165,57 +166,57 @@ data_to_utf8str(utf8str_t *u, krb5_data d) */ static krb5_error_code conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd, - int cnt, princ_type tp) + int cnt, princ_type tp) { int i = 0; kdbe_princ_t *p; kdbe_data_t *components; if ((upd == NULL) || !princ) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); switch (tp) { case REG_PRINC: case MOD_PRINC: - p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */ - p->k_nametype = (int32_t)princ->type; - - if (data_to_utf8str(&p->k_realm, princ->realm) < 0) { - return ENOMEM; - } - - p->k_components.k_components_len = princ->length; - - p->k_components.k_components_val = components - = malloc(princ->length * sizeof (kdbe_data_t)); - if (p->k_components.k_components_val == NULL) { - free(p->k_realm.utf8str_t_val); - p->k_realm.utf8str_t_val = NULL; - return (ENOMEM); - } - - memset(components, 0, princ->length * sizeof(kdbe_data_t)); - for (i = 0; i < princ->length; i++) - components[i].k_data.utf8str_t_val = NULL; - for (i = 0; i < princ->length; i++) { - components[i].k_magic = princ->data[i].magic; - if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) { - int j; - for (j = 0; j < i; j++) { - free(components[j].k_data.utf8str_t_val); - components[j].k_data.utf8str_t_val = NULL; - } - free(components); - p->k_components.k_components_val = NULL; - free(p->k_realm.utf8str_t_val); - p->k_realm.utf8str_t_val = NULL; - return ENOMEM; - } - } - break; + p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */ + p->k_nametype = (int32_t)princ->type; + + if (data_to_utf8str(&p->k_realm, princ->realm) < 0) { + return ENOMEM; + } + + p->k_components.k_components_len = princ->length; + + p->k_components.k_components_val = components + = malloc(princ->length * sizeof (kdbe_data_t)); + if (p->k_components.k_components_val == NULL) { + free(p->k_realm.utf8str_t_val); + p->k_realm.utf8str_t_val = NULL; + return (ENOMEM); + } + + memset(components, 0, princ->length * sizeof(kdbe_data_t)); + for (i = 0; i < princ->length; i++) + components[i].k_data.utf8str_t_val = NULL; + for (i = 0; i < princ->length; i++) { + components[i].k_magic = princ->data[i].magic; + if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) { + int j; + for (j = 0; j < i; j++) { + free(components[j].k_data.utf8str_t_val); + components[j].k_data.utf8str_t_val = NULL; + } + free(components); + p->k_components.k_components_val = NULL; + free(p->k_realm.utf8str_t_val); + p->k_realm.utf8str_t_val = NULL; + return ENOMEM; + } + } + break; default: - break; + break; } return (0); } @@ -230,15 +231,15 @@ static void set_from_utf8str(krb5_data *d, utf8str_t u) { if (u.utf8str_t_len > INT_MAX-1 || u.utf8str_t_len >= SIZE_MAX-1) { - d->data = NULL; - return; + d->data = NULL; + return; } d->length = u.utf8str_t_len; d->data = malloc(d->length + 1); if (d->data == NULL) - return; - if (d->length) /* Pointer may be null if length = 0. */ - strncpy(d->data, u.utf8str_t_val, d->length); + return; + if (d->length) /* Pointer may be null if length = 0. */ + strncpy(d->data, u.utf8str_t_val, d->length); d->data[d->length] = 0; } @@ -254,7 +255,7 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ) princ = calloc(1, sizeof (krb5_principal_data)); if (princ == NULL) { - return NULL; + return NULL; } princ->length = 0; princ->data = NULL; @@ -265,21 +266,21 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ) princ->realm.data = NULL; set_from_utf8str(&princ->realm, kdbe_princ->k_realm); if (princ->realm.data == NULL) - goto error; + goto error; princ->data = calloc(kdbe_princ->k_components.k_components_len, - sizeof (krb5_data)); + sizeof (krb5_data)); if (princ->data == NULL) - goto error; + goto error; for (i = 0; i < kdbe_princ->k_components.k_components_len; i++) - princ->data[i].data = NULL; + princ->data[i].data = NULL; princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len; for (i = 0; i < princ->length; i++) { - princ->data[i].magic = components[i].k_magic; - set_from_utf8str(&princ->data[i], components[i].k_data); - if (princ->data[i].data == NULL) - goto error; + princ->data[i].magic = components[i].k_magic; + set_from_utf8str(&princ->data[i], components[i].k_data); + if (princ->data[i].data == NULL) + goto error; } return princ; @@ -296,8 +297,8 @@ error: */ krb5_error_code ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, - kdb_incr_update_t *updates, - int nentries) + kdb_incr_update_t *updates, + int nentries) { int i, j, k, cnt, final, nattrs, tmpint, nprincs; unsigned int more; @@ -313,294 +314,294 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, krb5_boolean exclude_nra = TRUE; if ((updates == NULL) || (entries == NULL)) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); upd = updates; ent = entries; for (k = 0; k < nentries; k++) { - nprincs = nattrs = tmpint = 0; - final = -1; - kadm_data_yes = 0; - attr_types = NULL; - - /* - * XXX we rely on the good behaviour of the database not to - * exceed this limit. - */ - if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *) - malloc(MAXENTRY_SIZE)) == NULL) { - return (ENOMEM); - } - - /* - * Find out which attrs have been modified - */ - if ((attr_types = (kdbe_attr_type_t *)malloc( - sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE)) - == NULL) { - return (ENOMEM); - } - - if ((ret = krb5_db_get_principal(context, ent->princ, &curr, - &nprincs, &more))) { - free(attr_types); - return (ret); - } - - if (nprincs == 0) { - /* - * This is a new entry to the database, hence will - * include all the attribute-value pairs - * - * We leave out the TL_DATA types which we model as - * attrs in kdbe_attr_type_t, since listing AT_TL_DATA - * encompasses these other types-turned-attributes - * - * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME, - * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY, - * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST, - * totalling 8 attrs. - */ - while (nattrs < MAXATTRS_SIZE - 8) { - attr_types[nattrs] = nattrs; - nattrs++; - } - } else { - find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs); - - krb5_db_free_principal(context, &curr, nprincs); - } - - for (i = 0; i < nattrs; i++) { - switch (attr_types[i]) { - case AT_ATTRFLAGS: - if (ent->attributes >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_ATTRFLAGS; - ULOG_ENTRY(upd, final).av_attrflags = - (uint32_t)ent->attributes; - } - break; - - case AT_MAX_LIFE: - if (ent->max_life >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MAX_LIFE; - ULOG_ENTRY(upd, final).av_max_life = - (uint32_t)ent->max_life; - } - break; - - case AT_MAX_RENEW_LIFE: - if (ent->max_renewable_life >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MAX_RENEW_LIFE; - ULOG_ENTRY(upd, - final).av_max_renew_life = - (uint32_t)ent->max_renewable_life; - } - break; - - case AT_EXP: - if (ent->expiration >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_EXP; - ULOG_ENTRY(upd, final).av_exp = - (uint32_t)ent->expiration; - } - break; - - case AT_PW_EXP: - if (ent->pw_expiration >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PW_EXP; - ULOG_ENTRY(upd, final).av_pw_exp = - (uint32_t)ent->pw_expiration; - } - break; - - case AT_LAST_SUCCESS: - if (!exclude_nra && ent->last_success >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LAST_SUCCESS; - ULOG_ENTRY(upd, - final).av_last_success = - (uint32_t)ent->last_success; - } - break; - - case AT_LAST_FAILED: - if (!exclude_nra && ent->last_failed >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LAST_FAILED; - ULOG_ENTRY(upd, - final).av_last_failed = - (uint32_t)ent->last_failed; - } - break; - - case AT_FAIL_AUTH_COUNT: - if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_FAIL_AUTH_COUNT; - ULOG_ENTRY(upd, - final).av_fail_auth_count = - (uint32_t)ent->fail_auth_count; - } - break; - - case AT_PRINC: - if (ent->princ->length > 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PRINC; - if ((ret = conv_princ_2ulog(ent->princ, - upd, final, REG_PRINC))) { - free(attr_types); - return (ret); - } - } - break; - - case AT_KEYDATA: + nprincs = nattrs = tmpint = 0; + final = -1; + kadm_data_yes = 0; + attr_types = NULL; + + /* + * XXX we rely on the good behaviour of the database not to + * exceed this limit. + */ + if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *) + malloc(MAXENTRY_SIZE)) == NULL) { + return (ENOMEM); + } + + /* + * Find out which attrs have been modified + */ + if ((attr_types = (kdbe_attr_type_t *)malloc( + sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE)) + == NULL) { + return (ENOMEM); + } + + if ((ret = krb5_db_get_principal(context, ent->princ, &curr, + &nprincs, &more))) { + free(attr_types); + return (ret); + } + + if (nprincs == 0) { + /* + * This is a new entry to the database, hence will + * include all the attribute-value pairs + * + * We leave out the TL_DATA types which we model as + * attrs in kdbe_attr_type_t, since listing AT_TL_DATA + * encompasses these other types-turned-attributes + * + * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME, + * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY, + * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST, + * totalling 8 attrs. + */ + while (nattrs < MAXATTRS_SIZE - 8) { + attr_types[nattrs] = nattrs; + nattrs++; + } + } else { + find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs); + + krb5_db_free_principal(context, &curr, nprincs); + } + + for (i = 0; i < nattrs; i++) { + switch (attr_types[i]) { + case AT_ATTRFLAGS: + if (ent->attributes >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_ATTRFLAGS; + ULOG_ENTRY(upd, final).av_attrflags = + (uint32_t)ent->attributes; + } + break; + + case AT_MAX_LIFE: + if (ent->max_life >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MAX_LIFE; + ULOG_ENTRY(upd, final).av_max_life = + (uint32_t)ent->max_life; + } + break; + + case AT_MAX_RENEW_LIFE: + if (ent->max_renewable_life >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MAX_RENEW_LIFE; + ULOG_ENTRY(upd, + final).av_max_renew_life = + (uint32_t)ent->max_renewable_life; + } + break; + + case AT_EXP: + if (ent->expiration >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_EXP; + ULOG_ENTRY(upd, final).av_exp = + (uint32_t)ent->expiration; + } + break; + + case AT_PW_EXP: + if (ent->pw_expiration >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PW_EXP; + ULOG_ENTRY(upd, final).av_pw_exp = + (uint32_t)ent->pw_expiration; + } + break; + + case AT_LAST_SUCCESS: + if (!exclude_nra && ent->last_success >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LAST_SUCCESS; + ULOG_ENTRY(upd, + final).av_last_success = + (uint32_t)ent->last_success; + } + break; + + case AT_LAST_FAILED: + if (!exclude_nra && ent->last_failed >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LAST_FAILED; + ULOG_ENTRY(upd, + final).av_last_failed = + (uint32_t)ent->last_failed; + } + break; + + case AT_FAIL_AUTH_COUNT: + if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_FAIL_AUTH_COUNT; + ULOG_ENTRY(upd, + final).av_fail_auth_count = + (uint32_t)ent->fail_auth_count; + } + break; + + case AT_PRINC: + if (ent->princ->length > 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PRINC; + if ((ret = conv_princ_2ulog(ent->princ, + upd, final, REG_PRINC))) { + free(attr_types); + return (ret); + } + } + break; + + case AT_KEYDATA: /* BEGIN CSTYLED */ - if (ent->n_key_data >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_KEYDATA; - ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data; - - ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t)); - if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - for (j = 0; j < ent->n_key_data; j++) { - ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver; - ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno; - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver; - - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) { - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt]; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt]; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) { - free(attr_types); - return (ENOMEM); - } - (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]); - } - } - } - break; - - case AT_TL_DATA: - ret = krb5_dbe_lookup_last_pwd_change(context, - ent, &tmpint); - if (ret == 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PW_LAST_CHANGE; - ULOG_ENTRY(upd, final).av_pw_last_change = tmpint; - } - tmpint = 0; - - if(!(ret = krb5_dbe_lookup_mod_princ_data( - context, ent, &tmpint, &tmpprinc))) { - - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MOD_PRINC; - - ret = conv_princ_2ulog(tmpprinc, - upd, final, MOD_PRINC); - krb5_free_principal(context, tmpprinc); - if (ret) { - free(attr_types); - return (ret); - } - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MOD_TIME; - ULOG_ENTRY(upd, final).av_mod_time = - tmpint; - } - - newtl = ent->tl_data; - while (newtl) { - switch (newtl->tl_data_type) { - case KRB5_TL_LAST_PWD_CHANGE: - case KRB5_TL_MOD_PRINC: - break; - - case KRB5_TL_KADM_DATA: - default: - if (kadm_data_yes == 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t)); - - if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) { - free(attr_types); - return (ENOMEM); - } - kadm_data_yes = 1; - } - - tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char)); - if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) { - free(attr_types); - return (ENOMEM); - } - (void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length); - break; - } - newtl = newtl->tl_data_next; - } - break; + if (ent->n_key_data >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_KEYDATA; + ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data; + + ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t)); + if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + for (j = 0; j < ent->n_key_data; j++) { + ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver; + ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno; + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver; + + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) { + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt]; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt]; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) { + free(attr_types); + return (ENOMEM); + } + (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]); + } + } + } + break; + + case AT_TL_DATA: + ret = krb5_dbe_lookup_last_pwd_change(context, + ent, &tmpint); + if (ret == 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PW_LAST_CHANGE; + ULOG_ENTRY(upd, final).av_pw_last_change = tmpint; + } + tmpint = 0; + + if(!(ret = krb5_dbe_lookup_mod_princ_data( + context, ent, &tmpint, &tmpprinc))) { + + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MOD_PRINC; + + ret = conv_princ_2ulog(tmpprinc, + upd, final, MOD_PRINC); + krb5_free_principal(context, tmpprinc); + if (ret) { + free(attr_types); + return (ret); + } + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MOD_TIME; + ULOG_ENTRY(upd, final).av_mod_time = + tmpint; + } + + newtl = ent->tl_data; + while (newtl) { + switch (newtl->tl_data_type) { + case KRB5_TL_LAST_PWD_CHANGE: + case KRB5_TL_MOD_PRINC: + break; + + case KRB5_TL_KADM_DATA: + default: + if (kadm_data_yes == 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t)); + + if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) { + free(attr_types); + return (ENOMEM); + } + kadm_data_yes = 1; + } + + tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char)); + if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) { + free(attr_types); + return (ENOMEM); + } + (void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length); + break; + } + newtl = newtl->tl_data_next; + } + break; /* END CSTYLED */ - case AT_LEN: - if (ent->len >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LEN; - ULOG_ENTRY(upd, final).av_len = - (int16_t)ent->len; - } - break; - - default: - break; - } - - } - - free(attr_types); - - /* - * Update len field in kdb_update - */ - upd->kdb_update.kdbe_t_len = ++final; - - /* - * Bump up to next struct - */ - upd++; - ent++; + case AT_LEN: + if (ent->len >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LEN; + ULOG_ENTRY(upd, final).av_len = + (int16_t)ent->len; + } + break; + + default: + break; + } + + } + + free(attr_types); + + /* + * Update len field in kdb_update + */ + upd->kdb_update.kdbe_t_len = ++final; + + /* + * Bump up to next struct + */ + upd++; + ent++; } return (0); } @@ -613,8 +614,8 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, */ krb5_error_code ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, - kdb_incr_update_t *updates, - int nentries) + kdb_incr_update_t *updates, + int nentries) { int k; krb5_db_entry *ent; @@ -622,248 +623,248 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, int slave; if ((updates == NULL) || (entries == NULL)) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); ent = entries; upd = updates; slave = (context->kdblog_context != NULL) && - (context->kdblog_context->iproprole == IPROP_SLAVE); + (context->kdblog_context->iproprole == IPROP_SLAVE); for (k = 0; k < nentries; k++) { - krb5_principal mod_princ = NULL; - int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0; - krb5_principal dbprinc; - char *dbprincstr = NULL; - - krb5_tl_data *newtl = NULL; - krb5_error_code ret; - unsigned int more; - unsigned int prev_n_keys = 0; - - /* - * If the ulog entry represents a DELETE update, - * just skip to the next entry. - */ - if (upd->kdb_deleted == TRUE) - goto next; - - /* - * Store the no. of changed attributes in nattrs - */ - nattrs = upd->kdb_update.kdbe_t_len; - - dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1) - * sizeof (char)); - if (dbprincstr == NULL) - return (ENOMEM); - strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val, - upd->kdb_princ_name.utf8str_t_len); - dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - - ret = krb5_parse_name(context, dbprincstr, &dbprinc); - free(dbprincstr); - if (ret) - return (ret); - - ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs, - &more); - krb5_free_principal(context, dbprinc); - if (ret) - return (ret); - - /* - * Set ent->n_tl_data = 0 initially, if this is an ADD update - */ - if (nprincs == 0) - ent->n_tl_data = 0; - - for (i = 0; i < nattrs; i++) { - krb5_principal tmpprinc = NULL; + krb5_principal mod_princ = NULL; + int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0; + krb5_principal dbprinc; + char *dbprincstr = NULL; + + krb5_tl_data *newtl = NULL; + krb5_error_code ret; + unsigned int more; + unsigned int prev_n_keys = 0; + + /* + * If the ulog entry represents a DELETE update, + * just skip to the next entry. + */ + if (upd->kdb_deleted == TRUE) + goto next; + + /* + * Store the no. of changed attributes in nattrs + */ + nattrs = upd->kdb_update.kdbe_t_len; + + dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1) + * sizeof (char)); + if (dbprincstr == NULL) + return (ENOMEM); + strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val, + upd->kdb_princ_name.utf8str_t_len); + dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; + + ret = krb5_parse_name(context, dbprincstr, &dbprinc); + free(dbprincstr); + if (ret) + return (ret); + + ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs, + &more); + krb5_free_principal(context, dbprinc); + if (ret) + return (ret); + + /* + * Set ent->n_tl_data = 0 initially, if this is an ADD update + */ + if (nprincs == 0) + ent->n_tl_data = 0; + + for (i = 0; i < nattrs; i++) { + krb5_principal tmpprinc = NULL; #define u (ULOG_ENTRY(upd, i)) - switch (ULOG_ENTRY_TYPE(upd, i).av_type) { - case AT_ATTRFLAGS: - ent->attributes = (krb5_flags) u.av_attrflags; - break; - - case AT_MAX_LIFE: - ent->max_life = (krb5_deltat) u.av_max_life; - break; - - case AT_MAX_RENEW_LIFE: - ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life; - break; - - case AT_EXP: - ent->expiration = (krb5_timestamp) u.av_exp; - break; - - case AT_PW_EXP: - ent->pw_expiration = (krb5_timestamp) u.av_pw_exp; - break; - - case AT_LAST_SUCCESS: - if (!slave) - ent->last_success = (krb5_timestamp) u.av_last_success; - break; - - case AT_LAST_FAILED: - if (!slave) - ent->last_failed = (krb5_timestamp) u.av_last_failed; - break; - - case AT_FAIL_AUTH_COUNT: - if (!slave) - ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count; - break; - - case AT_PRINC: - tmpprinc = conv_princ_2db(context, &u.av_princ); - if (tmpprinc == NULL) - return ENOMEM; - if (nprincs) - krb5_free_principal(context, ent->princ); - ent->princ = tmpprinc; - break; - - case AT_KEYDATA: - if (nprincs != 0) - prev_n_keys = ent->n_key_data; - else - prev_n_keys = 0; - ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len; - if (nprincs == 0) - ent->key_data = NULL; - - ent->key_data = (krb5_key_data *)realloc(ent->key_data, - (ent->n_key_data * - sizeof (krb5_key_data))); - /* XXX Memory leak: Old key data in - records eliminated by resizing to - smaller size. */ - if (ent->key_data == NULL) - /* XXX Memory leak: old storage. */ - return (ENOMEM); + switch (ULOG_ENTRY_TYPE(upd, i).av_type) { + case AT_ATTRFLAGS: + ent->attributes = (krb5_flags) u.av_attrflags; + break; + + case AT_MAX_LIFE: + ent->max_life = (krb5_deltat) u.av_max_life; + break; + + case AT_MAX_RENEW_LIFE: + ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life; + break; + + case AT_EXP: + ent->expiration = (krb5_timestamp) u.av_exp; + break; + + case AT_PW_EXP: + ent->pw_expiration = (krb5_timestamp) u.av_pw_exp; + break; + + case AT_LAST_SUCCESS: + if (!slave) + ent->last_success = (krb5_timestamp) u.av_last_success; + break; + + case AT_LAST_FAILED: + if (!slave) + ent->last_failed = (krb5_timestamp) u.av_last_failed; + break; + + case AT_FAIL_AUTH_COUNT: + if (!slave) + ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count; + break; + + case AT_PRINC: + tmpprinc = conv_princ_2db(context, &u.av_princ); + if (tmpprinc == NULL) + return ENOMEM; + if (nprincs) + krb5_free_principal(context, ent->princ); + ent->princ = tmpprinc; + break; + + case AT_KEYDATA: + if (nprincs != 0) + prev_n_keys = ent->n_key_data; + else + prev_n_keys = 0; + ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len; + if (nprincs == 0) + ent->key_data = NULL; + + ent->key_data = (krb5_key_data *)realloc(ent->key_data, + (ent->n_key_data * + sizeof (krb5_key_data))); + /* XXX Memory leak: Old key data in + records eliminated by resizing to + smaller size. */ + if (ent->key_data == NULL) + /* XXX Memory leak: old storage. */ + return (ENOMEM); /* BEGIN CSTYLED */ - for (j = prev_n_keys; j < ent->n_key_data; j++) { - for (cnt = 0; cnt < 2; cnt++) { - ent->key_data[j].key_data_contents[cnt] = NULL; - } - } - for (j = 0; j < ent->n_key_data; j++) { - krb5_key_data *kp = &ent->key_data[j]; - kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j); - kp->key_data_ver = (krb5_int16)kv->k_ver; - kp->key_data_kvno = (krb5_int16)kv->k_kvno; - if (kp->key_data_ver > 2) { - return EINVAL; /* XXX ? */ - } - - for (cnt = 0; cnt < kp->key_data_ver; cnt++) { - void *newptr; - kp->key_data_type[cnt] = (krb5_int16)kv->k_enctype.k_enctype_val[cnt]; - kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len; - newptr = realloc(kp->key_data_contents[cnt], - kp->key_data_length[cnt]); - if (newptr == NULL) - return ENOMEM; - kp->key_data_contents[cnt] = newptr; - - (void) memset(kp->key_data_contents[cnt], 0, - kp->key_data_length[cnt]); - (void) memcpy(kp->key_data_contents[cnt], - kv->k_contents.k_contents_val[cnt].utf8str_t_val, - kp->key_data_length[cnt]); - } - } - break; - - case AT_TL_DATA: { - int t; - - cnt = u.av_tldata.av_tldata_len; - newtl = calloc(cnt, sizeof (krb5_tl_data)); - if (newtl == NULL) - return (ENOMEM); - - for (j = 0, t = 0; j < cnt; j++) { - newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type; - newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len; - newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet)); - if (newtl[t].tl_data_contents == NULL) - /* XXX Memory leak: newtl - and previously - allocated elements. */ - return (ENOMEM); - - (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length); - newtl[t].tl_data_next = NULL; - if (t > 0) - newtl[t - 1].tl_data_next = &newtl[t]; - t++; - } - - if ((ret = krb5_dbe_update_tl_data(context, ent, newtl))) - return (ret); - for (j = 0; j < t; j++) - if (newtl[j].tl_data_contents) { - free(newtl[j].tl_data_contents); - newtl[j].tl_data_contents = NULL; - } - if (newtl) { - free(newtl); - newtl = NULL; - } - break; + for (j = prev_n_keys; j < ent->n_key_data; j++) { + for (cnt = 0; cnt < 2; cnt++) { + ent->key_data[j].key_data_contents[cnt] = NULL; + } + } + for (j = 0; j < ent->n_key_data; j++) { + krb5_key_data *kp = &ent->key_data[j]; + kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j); + kp->key_data_ver = (krb5_int16)kv->k_ver; + kp->key_data_kvno = (krb5_int16)kv->k_kvno; + if (kp->key_data_ver > 2) { + return EINVAL; /* XXX ? */ + } + + for (cnt = 0; cnt < kp->key_data_ver; cnt++) { + void *newptr; + kp->key_data_type[cnt] = (krb5_int16)kv->k_enctype.k_enctype_val[cnt]; + kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len; + newptr = realloc(kp->key_data_contents[cnt], + kp->key_data_length[cnt]); + if (newptr == NULL) + return ENOMEM; + kp->key_data_contents[cnt] = newptr; + + (void) memset(kp->key_data_contents[cnt], 0, + kp->key_data_length[cnt]); + (void) memcpy(kp->key_data_contents[cnt], + kv->k_contents.k_contents_val[cnt].utf8str_t_val, + kp->key_data_length[cnt]); + } + } + break; + + case AT_TL_DATA: { + int t; + + cnt = u.av_tldata.av_tldata_len; + newtl = calloc(cnt, sizeof (krb5_tl_data)); + if (newtl == NULL) + return (ENOMEM); + + for (j = 0, t = 0; j < cnt; j++) { + newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type; + newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len; + newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet)); + if (newtl[t].tl_data_contents == NULL) + /* XXX Memory leak: newtl + and previously + allocated elements. */ + return (ENOMEM); + + (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length); + newtl[t].tl_data_next = NULL; + if (t > 0) + newtl[t - 1].tl_data_next = &newtl[t]; + t++; + } + + if ((ret = krb5_dbe_update_tl_data(context, ent, newtl))) + return (ret); + for (j = 0; j < t; j++) + if (newtl[j].tl_data_contents) { + free(newtl[j].tl_data_contents); + newtl[j].tl_data_contents = NULL; + } + if (newtl) { + free(newtl); + newtl = NULL; + } + break; /* END CSTYLED */ - } - case AT_PW_LAST_CHANGE: - if ((ret = krb5_dbe_update_last_pwd_change(context, ent, - u.av_pw_last_change))) - return (ret); - break; - - case AT_MOD_PRINC: - tmpprinc = conv_princ_2db(context, &u.av_mod_princ); - if (tmpprinc == NULL) - return ENOMEM; - mod_princ = tmpprinc; - break; - - case AT_MOD_TIME: - mod_time = u.av_mod_time; - break; - - case AT_LEN: - ent->len = (krb5_int16) u.av_len; - break; - - default: - break; - } + } + case AT_PW_LAST_CHANGE: + if ((ret = krb5_dbe_update_last_pwd_change(context, ent, + u.av_pw_last_change))) + return (ret); + break; + + case AT_MOD_PRINC: + tmpprinc = conv_princ_2db(context, &u.av_mod_princ); + if (tmpprinc == NULL) + return ENOMEM; + mod_princ = tmpprinc; + break; + + case AT_MOD_TIME: + mod_time = u.av_mod_time; + break; + + case AT_LEN: + ent->len = (krb5_int16) u.av_len; + break; + + default: + break; + } #undef u - } - - /* - * process mod_princ_data request - */ - if (mod_time && mod_princ) { - ret = krb5_dbe_update_mod_princ_data(context, ent, - mod_time, mod_princ); - krb5_free_principal(context, mod_princ); - mod_princ = NULL; - if (ret) - return (ret); - } + } + + /* + * process mod_princ_data request + */ + if (mod_time && mod_princ) { + ret = krb5_dbe_update_mod_princ_data(context, ent, + mod_time, mod_princ); + krb5_free_principal(context, mod_princ); + mod_princ = NULL; + if (ret) + return (ret); + } next: - /* - * Bump up to next struct - */ - upd++; - ent++; + /* + * Bump up to next struct + */ + upd++; + ent++; } return (0); } @@ -881,7 +882,7 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates) int i, j, k, cnt; if (updates == NULL) - return; + return; upd = updates; @@ -890,127 +891,127 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates) */ for (cnt = 0; cnt < no_of_updates; cnt++) { - /* - * ulog entry - kdb_princ_name - */ - free(upd->kdb_princ_name.utf8str_t_val); + /* + * ulog entry - kdb_princ_name + */ + free(upd->kdb_princ_name.utf8str_t_val); /* BEGIN CSTYLED */ - /* - * ulog entry - kdb_kdcs_seen_by - */ - if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) { - for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++) - free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val); - free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val); - } - - /* - * ulog entry - kdb_futures - */ - free(upd->kdb_futures.kdb_futures_val); - - /* - * ulog entry - kdb_update - */ - if (upd->kdb_update.kdbe_t_val) { - /* - * Loop thru all the attributes and free up stuff - */ - for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) { - - /* - * Free av_key_data - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) { - - for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) { - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val); - if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) { - for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) { - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val); - } - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val); - } - } - free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val); - } - - - /* - * Free av_tl_data - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) { - free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val); - } - free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val); - } - - /* - * Free av_princ - */ - if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) { - free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val); - if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) { - free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val); - } - free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val); - } - } - - /* - * Free av_mod_princ - */ - if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) { - free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val); - if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) { - free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val); - } - free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val); - } - } - - /* - * Free av_mod_where - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val) - free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val); - - /* - * Free av_pw_policy - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val) - free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val); - - /* - * XXX: Free av_pw_hist - * - * For now, we just free the pointer - * to av_pw_hist_val, since we aren't - * populating this union member in - * the conv api function(s) anyways. - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val) - free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val); - - } - - /* - * Free up the pointer to kdbe_t_val - */ - free(upd->kdb_update.kdbe_t_val); - } + /* + * ulog entry - kdb_kdcs_seen_by + */ + if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) { + for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++) + free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val); + free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val); + } + + /* + * ulog entry - kdb_futures + */ + free(upd->kdb_futures.kdb_futures_val); + + /* + * ulog entry - kdb_update + */ + if (upd->kdb_update.kdbe_t_val) { + /* + * Loop thru all the attributes and free up stuff + */ + for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) { + + /* + * Free av_key_data + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) { + + for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) { + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val); + if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) { + for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) { + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val); + } + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val); + } + } + free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val); + } + + + /* + * Free av_tl_data + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) { + free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val); + } + free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val); + } + + /* + * Free av_princ + */ + if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) { + free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val); + if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) { + free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val); + } + free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val); + } + } + + /* + * Free av_mod_princ + */ + if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) { + free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val); + if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) { + free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val); + } + free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val); + } + } + + /* + * Free av_mod_where + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val) + free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val); + + /* + * Free av_pw_policy + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val) + free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val); + + /* + * XXX: Free av_pw_hist + * + * For now, we just free the pointer + * to av_pw_hist_val, since we aren't + * populating this union member in + * the conv api function(s) anyways. + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val) + free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val); + + } + + /* + * Free up the pointer to kdbe_t_val + */ + free(upd->kdb_update.kdbe_t_val); + } /* END CSTYLED */ - /* - * Bump up to next struct - */ - upd++; + /* + * Bump up to next struct + */ + upd++; } diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index 55e8199d2e..723d98eaf6 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -1,14 +1,15 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/kdb_cpw.c * - * Copyright 1995, 2009 by the Massachusetts Institute of Technology. + * Copyright 1995, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,19 +23,19 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -45,7 +46,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -58,25 +59,25 @@ int krb5_db_get_key_data_kvno(context, count, data) - krb5_context context; - int count; - krb5_key_data * data; + krb5_context context; + int count; + krb5_key_data * data; { int i, kvno; /* Find last key version number */ for (kvno = i = 0; i < count; i++) { - if (kvno < data[i].key_data_kvno) { - kvno = data[i].key_data_kvno; - } + if (kvno < data[i].key_data_kvno) { + kvno = data[i].key_data_kvno; + } } return(kvno); } static void cleanup_key_data(context, count, data) - krb5_context context; - int count; - krb5_key_data * data; + krb5_context context; + int count; + krb5_key_data * data; { int i, j; @@ -84,30 +85,30 @@ cleanup_key_data(context, count, data) if (data == NULL) return; for (i = 0; i < count; i++) { - for (j = 0; j < data[i].key_data_ver; j++) { - if (data[i].key_data_length[j]) { - krb5_db_free(context, data[i].key_data_contents[j]); - } - } + for (j = 0; j < data[i].key_data_ver; j++) { + if (data[i].key_data_length[j]) { + krb5_db_free(context, data[i].key_data_contents[j]); + } + } } krb5_db_free(context, data); } static krb5_error_code add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_db_entry * db_entry; - int kvno; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_db_entry * db_entry; + int kvno; { - krb5_principal krbtgt_princ; - krb5_keyblock key; - krb5_db_entry krbtgt_entry; - krb5_boolean more; - int max_kvno, one, i, j, k; - krb5_error_code retval; + krb5_principal krbtgt_princ; + krb5_keyblock key; + krb5_db_entry krbtgt_entry; + krb5_boolean more; + int max_kvno, one, i, j, k; + krb5_error_code retval; krb5_key_data tmp_key_data; krb5_key_data *tptr; @@ -115,111 +116,111 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) retval = krb5_build_principal_ext(context, &krbtgt_princ, - db_entry->princ->realm.length, - db_entry->princ->realm.data, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - db_entry->princ->realm.length, - db_entry->princ->realm.data, - 0); + db_entry->princ->realm.length, + db_entry->princ->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + db_entry->princ->realm.length, + db_entry->princ->realm.data, + 0); if (retval) - return retval; + return retval; /* Get tgt from database */ retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry, - &one, &more); + &one, &more); krb5_free_principal(context, krbtgt_princ); /* don't need it anymore */ if (retval) - return(retval); + return(retval); if ((one > 1) || (more)) { - krb5_db_free_principal(context, &krbtgt_entry, one); - return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; + krb5_db_free_principal(context, &krbtgt_entry, one); + return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; } - if (!one) - return KRB5_KDB_NOENTRY; + if (!one) + return KRB5_KDB_NOENTRY; /* Get max kvno */ for (max_kvno = j = 0; j < krbtgt_entry.n_key_data; j++) { - if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) { - max_kvno = krbtgt_entry.key_data[j].key_data_kvno; - } + if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) { + max_kvno = krbtgt_entry.key_data[j].key_data_kvno; + } } for (i = 0; i < ks_tuple_count; i++) { - krb5_boolean similar; - - similar = 0; - - /* - * We could use krb5_keysalt_iterate to replace this loop, or use - * krb5_keysalt_is_present for the loop below, but we want to avoid - * circular library dependencies. - */ - for (j = 0; j < i; j++) { - if ((retval = krb5_c_enctype_compare(context, - ks_tuple[i].ks_enctype, - ks_tuple[j].ks_enctype, - &similar))) - return(retval); - - if (similar) - break; - } - - if (similar) - continue; - - if ((retval = krb5_dbe_create_key_data(context, db_entry))) - goto add_key_rnd_err; - - /* there used to be code here to extract the old key, and derive - a new key from it. Now that there's a unified prng, that isn't - necessary. */ - - /* make new key */ - if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype, - &key))) - goto add_key_rnd_err; - - - /* db library will free this. Since, its a so, it could actually be using different memory management - function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used - here which will later be copied to the db_entry */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, - &key, NULL, kvno, - &tmp_key_data); - - krb5_free_keyblock_contents(context, &key); - if( retval ) - goto add_key_rnd_err; - - tptr = &db_entry->key_data[db_entry->n_key_data-1]; - - tptr->key_data_ver = tmp_key_data.key_data_ver; - tptr->key_data_kvno = tmp_key_data.key_data_kvno; - - for( k = 0; k < tmp_key_data.key_data_ver; k++ ) - { - tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; - tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; - if( tmp_key_data.key_data_contents[k] ) - { - tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); - if( tptr->key_data_contents[k] == NULL ) - { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->key_data = NULL; - db_entry->n_key_data = 0; - retval = ENOMEM; - goto add_key_rnd_err; - } - memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free( tmp_key_data.key_data_contents[k] ); - tmp_key_data.key_data_contents[k] = NULL; - } - } + krb5_boolean similar; + + similar = 0; + + /* + * We could use krb5_keysalt_iterate to replace this loop, or use + * krb5_keysalt_is_present for the loop below, but we want to avoid + * circular library dependencies. + */ + for (j = 0; j < i; j++) { + if ((retval = krb5_c_enctype_compare(context, + ks_tuple[i].ks_enctype, + ks_tuple[j].ks_enctype, + &similar))) + return(retval); + + if (similar) + break; + } + + if (similar) + continue; + + if ((retval = krb5_dbe_create_key_data(context, db_entry))) + goto add_key_rnd_err; + + /* there used to be code here to extract the old key, and derive + a new key from it. Now that there's a unified prng, that isn't + necessary. */ + + /* make new key */ + if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype, + &key))) + goto add_key_rnd_err; + + + /* db library will free this. Since, its a so, it could actually be using different memory management + function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used + here which will later be copied to the db_entry */ + retval = krb5_dbekd_encrypt_key_data(context, master_key, + &key, NULL, kvno, + &tmp_key_data); + + krb5_free_keyblock_contents(context, &key); + if( retval ) + goto add_key_rnd_err; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_rnd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } } @@ -228,40 +229,40 @@ add_key_rnd_err: for( i = 0; i < tmp_key_data.key_data_ver; i++ ) { - if( tmp_key_data.key_data_contents[i] ) - { - memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); - free( tmp_key_data.key_data_contents[i] ); - } + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } } return(retval); } /* - * Change random key for a krb5_db_entry + * Change random key for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_boolean keepold; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_boolean keepold; + krb5_db_entry * db_entry; { - int key_data_count; - int n_new_key_data; - krb5_key_data * key_data; - krb5_error_code retval; - int kvno; - int i; + int key_data_count; + int n_new_key_data; + krb5_key_data * key_data; + krb5_error_code retval; + int kvno; + int i; /* First save the old keydata */ kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -271,53 +272,53 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) kvno++; retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno); + ks_tuple_count, db_entry, kvno); if (retval) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else if (keepold) { - n_new_key_data = db_entry->n_key_data; - for (i = 0; i < key_data_count; i++) { - retval = krb5_dbe_create_key_data(context, db_entry); - if (retval) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - db_entry->key_data[i+n_new_key_data] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */ + n_new_key_data = db_entry->n_key_data; + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + db_entry->key_data[i+n_new_key_data] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */ } else { - cleanup_key_data(context, key_data_count, key_data); + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add random key for a krb5_db_entry + * Add random key for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys older than the max kvno are nuked. */ krb5_error_code krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_db_entry * db_entry; { - int key_data_count; - krb5_key_data * key_data; - krb5_error_code retval; - int kvno; - int i; + int key_data_count; + krb5_key_data * key_data; + krb5_error_code retval; + int kvno; + int i; /* First save the old keydata */ kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -326,50 +327,50 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) /* increment the kvno */ kvno++; - if ((retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno))) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + if ((retval = add_key_rnd(context, master_key, ks_tuple, + ks_tuple_count, db_entry, kvno))) { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else { - /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */ - for (i = 0; i < key_data_count; i++) { - if (key_data[i].key_data_kvno == (kvno - 1)) { - if ((retval = krb5_dbe_create_key_data(context, db_entry))) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - /* We should decrypt/re-encrypt the data to use the same mkvno*/ - db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - } - cleanup_key_data(context, key_data_count, key_data); + /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */ + for (i = 0; i < key_data_count; i++) { + if (key_data[i].key_data_kvno == (kvno - 1)) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + /* We should decrypt/re-encrypt the data to use the same mkvno*/ + db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + } + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add key_data for a krb5_db_entry + * Add key_data for a krb5_db_entry * If passwd is NULL the assumes that the caller wants a random password. */ static krb5_error_code -add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, - db_entry, kvno) - krb5_context context; +add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, + db_entry, kvno) + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - krb5_db_entry * db_entry; - int kvno; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + krb5_db_entry * db_entry; + int kvno; { - krb5_error_code retval; - krb5_keysalt key_salt; - krb5_keyblock key; - krb5_data pwd; - int i, j, k; + krb5_error_code retval; + krb5_keysalt key_salt; + krb5_keyblock key; + krb5_data pwd; + int i, j, k; krb5_key_data tmp_key_data; krb5_key_data *tptr; @@ -378,229 +379,229 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, retval = 0; for (i = 0; i < ks_tuple_count; i++) { - krb5_boolean similar; - - similar = 0; - - /* - * We could use krb5_keysalt_iterate to replace this loop, or use - * krb5_keysalt_is_present for the loop below, but we want to avoid - * circular library dependencies. - */ - for (j = 0; j < i; j++) { - if ((retval = krb5_c_enctype_compare(context, - ks_tuple[i].ks_enctype, - ks_tuple[j].ks_enctype, - &similar))) - return(retval); - - if (similar && - (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) - break; - } - - if (j < i) - continue; - - if ((retval = krb5_dbe_create_key_data(context, db_entry))) - return(retval); - - /* Convert password string to key using appropriate salt */ - switch (key_salt.type = ks_tuple[i].ks_salttype) { - case KRB5_KDB_SALTTYPE_ONLYREALM: { + krb5_boolean similar; + + similar = 0; + + /* + * We could use krb5_keysalt_iterate to replace this loop, or use + * krb5_keysalt_is_present for the loop below, but we want to avoid + * circular library dependencies. + */ + for (j = 0; j < i; j++) { + if ((retval = krb5_c_enctype_compare(context, + ks_tuple[i].ks_enctype, + ks_tuple[j].ks_enctype, + &similar))) + return(retval); + + if (similar && + (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) + break; + } + + if (j < i) + continue; + + if ((retval = krb5_dbe_create_key_data(context, db_entry))) + return(retval); + + /* Convert password string to key using appropriate salt */ + switch (key_salt.type = ks_tuple[i].ks_salttype) { + case KRB5_KDB_SALTTYPE_ONLYREALM: { krb5_data * saltdata; if ((retval = krb5_copy_data(context, krb5_princ_realm(context, - db_entry->princ), &saltdata))) - return(retval); - - key_salt.data = *saltdata; - free(saltdata); - } - break; - case KRB5_KDB_SALTTYPE_NOREALM: + db_entry->princ), &saltdata))) + return(retval); + + key_salt.data = *saltdata; + free(saltdata); + } + break; + case KRB5_KDB_SALTTYPE_NOREALM: if ((retval=krb5_principal2salt_norealm(context, db_entry->princ, - &key_salt.data))) - return(retval); + &key_salt.data))) + return(retval); break; - case KRB5_KDB_SALTTYPE_NORMAL: + case KRB5_KDB_SALTTYPE_NORMAL: if ((retval = krb5_principal2salt(context, db_entry->princ, - &key_salt.data))) - return(retval); + &key_salt.data))) + return(retval); break; - case KRB5_KDB_SALTTYPE_V4: + case KRB5_KDB_SALTTYPE_V4: key_salt.data.length = 0; key_salt.data.data = 0; break; - case KRB5_KDB_SALTTYPE_AFS3: - /* The afs_mit_string_to_key needs to use strlen, and the - realm field is not (necessarily) NULL terminated. */ - retval = krb5int_copy_data_contents_add0(context, - krb5_princ_realm(context, - db_entry->princ), - &key_salt.data); - if (retval) - return retval; - key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ - break; - default: - return(KRB5_KDB_BAD_SALTTYPE); - } - - pwd.data = passwd; - pwd.length = strlen(passwd); - - /* AFS string to key will happen here */ - if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype, - &pwd, &key_salt.data, &key))) { - if (key_salt.data.data) - free(key_salt.data.data); - return(retval); - } - - if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) - key_salt.data.length = - krb5_princ_realm(context, db_entry->princ)->length; - - /* memory allocation to be done by db. So, use temporary block and later copy - it to the memory allocated by db */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, - (const krb5_keysalt *)&key_salt, - kvno, &tmp_key_data); - if (key_salt.data.data) - free(key_salt.data.data); - free(key.contents); - - if( retval ) - return retval; - - tptr = &db_entry->key_data[db_entry->n_key_data-1]; - - tptr->key_data_ver = tmp_key_data.key_data_ver; - tptr->key_data_kvno = tmp_key_data.key_data_kvno; - - for( k = 0; k < tmp_key_data.key_data_ver; k++ ) - { - tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; - tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; - if( tmp_key_data.key_data_contents[k] ) - { - tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); - if( tptr->key_data_contents[k] == NULL ) - { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->key_data = NULL; - db_entry->n_key_data = 0; - retval = ENOMEM; - goto add_key_pwd_err; - } - memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free( tmp_key_data.key_data_contents[k] ); - tmp_key_data.key_data_contents[k] = NULL; - } - } + case KRB5_KDB_SALTTYPE_AFS3: + /* The afs_mit_string_to_key needs to use strlen, and the + realm field is not (necessarily) NULL terminated. */ + retval = krb5int_copy_data_contents_add0(context, + krb5_princ_realm(context, + db_entry->princ), + &key_salt.data); + if (retval) + return retval; + key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ + break; + default: + return(KRB5_KDB_BAD_SALTTYPE); + } + + pwd.data = passwd; + pwd.length = strlen(passwd); + + /* AFS string to key will happen here */ + if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype, + &pwd, &key_salt.data, &key))) { + if (key_salt.data.data) + free(key_salt.data.data); + return(retval); + } + + if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) + key_salt.data.length = + krb5_princ_realm(context, db_entry->princ)->length; + + /* memory allocation to be done by db. So, use temporary block and later copy + it to the memory allocated by db */ + retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, + (const krb5_keysalt *)&key_salt, + kvno, &tmp_key_data); + if (key_salt.data.data) + free(key_salt.data.data); + free(key.contents); + + if( retval ) + return retval; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_pwd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } } - add_key_pwd_err: +add_key_pwd_err: for( i = 0; i < tmp_key_data.key_data_ver; i++ ) { - if( tmp_key_data.key_data_contents[i] ) - { - memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); - free( tmp_key_data.key_data_contents[i] ); - } + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } } return(retval); } /* - * Change password for a krb5_db_entry + * Change password for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code krb5_dbe_def_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, - new_kvno, keepold, db_entry) - krb5_context context; + new_kvno, keepold, db_entry) + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - int new_kvno; - krb5_boolean keepold; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + int new_kvno; + krb5_boolean keepold; + krb5_db_entry * db_entry; { - int key_data_count; - int n_new_key_data; - krb5_key_data * key_data; - krb5_error_code retval; - int old_kvno; - int i; + int key_data_count; + int n_new_key_data; + krb5_key_data * key_data; + krb5_error_code retval; + int old_kvno; + int i; /* First save the old keydata */ old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; db_entry->n_key_data = 0; - /* increment the kvno. if the requested kvno is too small, + /* increment the kvno. if the requested kvno is too small, increment the old kvno */ if (new_kvno < old_kvno+1) - new_kvno = old_kvno+1; + new_kvno = old_kvno+1; retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno); + passwd, db_entry, new_kvno); if (retval) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else if (keepold) { - n_new_key_data = db_entry->n_key_data; - for (i = 0; i < key_data_count; i++) { - retval = krb5_dbe_create_key_data(context, db_entry); - if (retval) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - db_entry->key_data[i+n_new_key_data] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - krb5_db_free( context, key_data ); + n_new_key_data = db_entry->n_key_data; + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + db_entry->key_data[i+n_new_key_data] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + krb5_db_free( context, key_data ); } else { - cleanup_key_data(context, key_data_count, key_data); + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add password for a krb5_db_entry + * Add password for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys older than the max kvno are nuked. */ krb5_error_code krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + krb5_db_entry * db_entry; { - int key_data_count; - krb5_key_data * key_data; - krb5_error_code retval; - int old_kvno, new_kvno; - int i; + int key_data_count; + krb5_key_data * key_data; + krb5_error_code retval; + int old_kvno, new_kvno; + int i; /* First save the old keydata */ old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -610,27 +611,25 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) new_kvno = old_kvno+1; if ((retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno))) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + passwd, db_entry, new_kvno))) { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else { - /* Copy keys with key_data_kvno == old_kvno */ - for (i = 0; i < key_data_count; i++) { - if (key_data[i].key_data_kvno == old_kvno) { - if ((retval = krb5_dbe_create_key_data(context, db_entry))) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - /* We should decrypt/re-encrypt the data to use the same mkvno*/ - db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - } - cleanup_key_data(context, key_data_count, key_data); + /* Copy keys with key_data_kvno == old_kvno */ + for (i = 0; i < key_data_count; i++) { + if (key_data[i].key_data_kvno == old_kvno) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + /* We should decrypt/re-encrypt the data to use the same mkvno*/ + db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + } + cleanup_key_data(context, key_data_count, key_data); } return(retval); } - - diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 69cc52b8e7..81c70f36c5 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -1,14 +1,15 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/kdb_helper.c * - * Copyright 1995, 2009 by the Massachusetts Institute of Technology. + * Copyright 1995, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* @@ -48,30 +49,30 @@ */ krb5_error_code krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) - krb5_context kcontext; - krb5_db_entry *dbentp; - krb5_int32 *start; - krb5_int32 ktype; - krb5_int32 stype; - krb5_int32 kvno; - krb5_key_data **kdatap; + krb5_context kcontext; + krb5_db_entry *dbentp; + krb5_int32 *start; + krb5_int32 ktype; + krb5_int32 stype; + krb5_int32 kvno; + krb5_key_data **kdatap; { - int i, idx; - int maxkvno; - krb5_key_data *datap; - krb5_error_code ret; + int i, idx; + int maxkvno; + krb5_key_data *datap; + krb5_error_code ret; ret = 0; if (kvno == -1 && stype == -1 && ktype == -1) - kvno = 0; - - if (kvno == 0) { - /* Get the max key version */ - for (i = 0; i < dbentp->n_key_data; i++) { - if (kvno < dbentp->key_data[i].key_data_kvno) { - kvno = dbentp->key_data[i].key_data_kvno; - } - } + kvno = 0; + + if (kvno == 0) { + /* Get the max key version */ + for (i = 0; i < dbentp->n_key_data; i++) { + if (kvno < dbentp->key_data[i].key_data_kvno) { + kvno = dbentp->key_data[i].key_data_kvno; + } + } } maxkvno = -1; @@ -80,56 +81,56 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) krb5_boolean similar; krb5_int32 db_stype; - ret = 0; - if (dbentp->key_data[i].key_data_ver > 1) { - db_stype = dbentp->key_data[i].key_data_type[1]; - } else { - db_stype = KRB5_KDB_SALTTYPE_NORMAL; - } - - /* - * Filter out non-permitted enctypes. - */ - if (!krb5_is_permitted_enctype(kcontext, - dbentp->key_data[i].key_data_type[0])) { - ret = KRB5_KDB_NO_PERMITTED_KEY; - continue; - } - - - if (ktype > 0) { - if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, - dbentp->key_data[i].key_data_type[0], - &similar))) - - return(ret); - } - - if (((ktype <= 0) || similar) && - ((db_stype == stype) || (stype < 0))) { - if (kvno >= 0) { - if (kvno == dbentp->key_data[i].key_data_kvno) { - datap = &dbentp->key_data[i]; - idx = i; - maxkvno = kvno; - break; - } - } else { - if (dbentp->key_data[i].key_data_kvno > maxkvno) { - maxkvno = dbentp->key_data[i].key_data_kvno; - datap = &dbentp->key_data[i]; - idx = i; - } - } - } + ret = 0; + if (dbentp->key_data[i].key_data_ver > 1) { + db_stype = dbentp->key_data[i].key_data_type[1]; + } else { + db_stype = KRB5_KDB_SALTTYPE_NORMAL; + } + + /* + * Filter out non-permitted enctypes. + */ + if (!krb5_is_permitted_enctype(kcontext, + dbentp->key_data[i].key_data_type[0])) { + ret = KRB5_KDB_NO_PERMITTED_KEY; + continue; + } + + + if (ktype > 0) { + if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, + dbentp->key_data[i].key_data_type[0], + &similar))) + + return(ret); + } + + if (((ktype <= 0) || similar) && + ((db_stype == stype) || (stype < 0))) { + if (kvno >= 0) { + if (kvno == dbentp->key_data[i].key_data_kvno) { + datap = &dbentp->key_data[i]; + idx = i; + maxkvno = kvno; + break; + } + } else { + if (dbentp->key_data[i].key_data_kvno > maxkvno) { + maxkvno = dbentp->key_data[i].key_data_kvno; + datap = &dbentp->key_data[i]; + idx = i; + } + } + } } if (maxkvno < 0) - return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; + return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; *kdatap = datap; *start = idx+1; return 0; } - + /* * kdb default functions. Ideally, some other file should have this functions. For now, TBD. */ @@ -139,10 +140,10 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) krb5_error_code krb5_def_store_mkey_list(krb5_context context, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd) { krb5_error_code retval = 0; char defkeyfile[MAXPATHLEN+1]; @@ -168,8 +169,8 @@ krb5_def_store_mkey_list(krb5_context context, if (!S_ISREG(stb.st_mode)) { retval = EINVAL; krb5_set_error_message (context, retval, - "keyfile (%s) is not a regular file: %s", - keyfile, error_message(retval)); + "keyfile (%s) is not a regular file: %s", + keyfile, error_message(retval)); goto out; } } @@ -179,7 +180,7 @@ krb5_def_store_mkey_list(krb5_context context, /* create temp file template for use by mktemp() */ if ((retval = asprintf(&tmp_ktname, "WRFILE:%s_XXXXXX", keyfile)) < 0) { krb5_set_error_message (context, retval, - "Could not create temp keytab file name."); + "Could not create temp keytab file name."); goto out; } @@ -193,8 +194,8 @@ krb5_def_store_mkey_list(krb5_context context, if (mktemp(tmp_ktpath) == NULL) { retval = errno; krb5_set_error_message (context, retval, - "Could not create temp stash file: %s", - error_message(errno)); + "Could not create temp stash file: %s", + error_message(errno)); goto out; } @@ -223,8 +224,8 @@ krb5_def_store_mkey_list(krb5_context context, if (rename(tmp_ktpath, keyfile) < 0) { retval = errno; krb5_set_error_message (context, retval, - "rename of temporary keyfile (%s) to (%s) failed: %s", - tmp_ktpath, keyfile, error_message(errno)); + "rename of temporary keyfile (%s) to (%s) failed: %s", + tmp_ktpath, keyfile, error_message(errno)); } } @@ -249,14 +250,14 @@ krb5_def_store_mkey(krb5_context context, list.keyblock = *key; list.next = NULL; return krb5_def_store_mkey_list(context, keyfile, mname, &list, - master_pwd); + master_pwd); } static krb5_error_code krb5_db_def_fetch_mkey_stash(krb5_context context, - const char *keyfile, - krb5_keyblock *key, - krb5_kvno *kvno) + const char *keyfile, + krb5_keyblock *key, + krb5_kvno *kvno) { krb5_error_code retval = 0; krb5_ui_2 enctype; @@ -266,14 +267,14 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #ifdef ANSI_STDIO if (!(kf = fopen(keyfile, "rb"))) #else - if (!(kf = fopen(keyfile, "r"))) + if (!(kf = fopen(keyfile, "r"))) #endif - return KRB5_KDB_CANTREAD_STORED; + return KRB5_KDB_CANTREAD_STORED; set_cloexec_file(kf); if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; } #if BIG_ENDIAN_MASTER_KEY @@ -281,16 +282,16 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #endif if (key->enctype == ENCTYPE_UNKNOWN) - key->enctype = enctype; + key->enctype = enctype; else if (enctype != key->enctype) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; } if (fread((krb5_pointer) &keylength, - sizeof(keylength), 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; + sizeof(keylength), 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; } #if BIG_ENDIAN_MASTER_KEY @@ -300,23 +301,23 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #endif if (!key->length || ((int) key->length) < 0) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; } - + if (!(key->contents = (krb5_octet *)malloc(key->length))) { - retval = ENOMEM; - goto errout; + retval = ENOMEM; + goto errout; } if (fread((krb5_pointer) key->contents, sizeof(key->contents[0]), - key->length, kf) != key->length) { - retval = KRB5_KDB_CANTREAD_STORED; - zap(key->contents, key->length); - free(key->contents); - key->contents = 0; + key->length, kf) != key->length) { + retval = KRB5_KDB_CANTREAD_STORED; + zap(key->contents, key->length); + free(key->contents); + key->contents = 0; } else - retval = 0; + retval = 0; /* * Note, the old stash format did not store the kvno and at this point it @@ -325,9 +326,9 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, * verifcation trouble if the mkey princ is using a kvno other than 1. */ if (kvno && *kvno == IGNORE_VNO) - *kvno = 1; + *kvno = 1; - errout: +errout: (void) fclose(kf); return retval; } @@ -391,7 +392,7 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context, errout: if (kt) - krb5_kt_close(context, kt); + krb5_kt_close(context, kt); return retval; } @@ -428,12 +429,12 @@ krb5_db_def_fetch_mkey(krb5_context context, * key, but set a message indicating the actual error. */ if (retval != 0) { - krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, - "Can not fetch master key (error: %s).", - error_message(retval)); - return KRB5_KDB_CANTREAD_STORED; + krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, + "Can not fetch master key (error: %s).", + error_message(retval)); + return KRB5_KDB_CANTREAD_STORED; } else - return 0; + return 0; } /* @@ -453,52 +454,52 @@ krb5_def_verify_master_key(krb5_context context, nprinc = 1; if ((retval = krb5_db_get_principal(context, mprinc, - &master_entry, &nprinc, &more))) - return(retval); - + &master_entry, &nprinc, &more))) + return(retval); + if (nprinc != 1) { - if (nprinc) - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5_KDB_NOMASTERKEY); + if (nprinc) + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } - - if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, - &master_entry.key_data[0], - &tempkey, NULL))) { - krb5_db_free_principal(context, &master_entry, nprinc); - return retval; + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } + + if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, + &master_entry.key_data[0], + &tempkey, NULL))) { + krb5_db_free_principal(context, &master_entry, nprinc); + return retval; } if (mkey->length != tempkey.length || - memcmp((char *)mkey->contents, - (char *)tempkey.contents,mkey->length)) { - retval = KRB5_KDB_BADMASTERKEY; + memcmp((char *)mkey->contents, + (char *)tempkey.contents,mkey->length)) { + retval = KRB5_KDB_BADMASTERKEY; } if (kvno != IGNORE_VNO && kvno != (krb5_kvno) master_entry.key_data->key_data_kvno) { retval = KRB5_KDB_BADMASTERKEY; krb5_set_error_message (context, retval, - "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)", - kvno, master_entry.key_data->key_data_kvno); + "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)", + kvno, master_entry.key_data->key_data_kvno); } zap((char *)tempkey.contents, tempkey.length); free(tempkey.contents); krb5_db_free_principal(context, &master_entry, nprinc); - + return retval; } krb5_error_code krb5_def_fetch_mkey_list(krb5_context context, - krb5_principal mprinc, - const krb5_keyblock *mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkeys_list) + krb5_principal mprinc, + const krb5_keyblock *mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkeys_list) { krb5_error_code retval; krb5_db_entry master_entry; @@ -507,7 +508,7 @@ krb5_def_fetch_mkey_list(krb5_context context, krb5_keyblock cur_mkey; krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node; krb5_key_data *key_data; - krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; + krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; int i; if (mkeys_list == NULL) @@ -583,7 +584,7 @@ krb5_def_fetch_mkey_list(krb5_context context, } if (found_key != TRUE) { krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY, - "Unable to decrypt latest master key with the provided master key\n"); + "Unable to decrypt latest master key with the provided master key\n"); retval = KRB5_KDB_BADMASTERKEY; goto clean_n_exit; } @@ -592,7 +593,7 @@ krb5_def_fetch_mkey_list(krb5_context context, /* * Extract all the mkeys from master_entry using the most current mkey and - * create a mkey list for the mkeys field in kdc_realm_t. + * create a mkey list for the mkeys field in kdc_realm_t. */ mkey_list_head = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node)); @@ -644,36 +645,36 @@ clean_n_exit: } krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ) + char *pwd, + krb5_keyblock *key ) { /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ) + krb5_keyblock **key ) { /* printf("default get master key\n"); */ return 0; } krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, - krb5_keylist_node *keylist ) + krb5_keylist_node *keylist ) { /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext, - krb5_keylist_node **keylist ) + krb5_keylist_node **keylist ) { /* printf("default get master key\n"); */ return 0; } krb5_error_code krb5_def_promote_db (krb5_context kcontext, - char *s, char **args) + char *s, char **args) { /* printf("default promote_db\n"); */ return KRB5_PLUGIN_OP_NOTSUPP; diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c index 3652935a14..fe128535cf 100644 --- a/src/lib/kdb/kdb_log.c +++ b/src/lib/kdb/kdb_log.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -/* #pragma ident "@(#)kdb_log.c 1.3 04/02/23 SMI" */ +/* #pragma ident "@(#)kdb_log.c 1.3 04/02/23 SMI" */ #include <sys/stat.h> #include <sys/types.h> @@ -23,15 +24,15 @@ * modify the Kerberos principal update and header logs. */ -#define getpagesize() sysconf(_SC_PAGESIZE) +#define getpagesize() sysconf(_SC_PAGESIZE) -static int pagesize = 0; +static int pagesize = 0; -#define INIT_ULOG(ctx) \ - log_ctx = ctx->kdblog_context; \ - assert(log_ctx != NULL); \ - ulog = log_ctx->ulog; \ - assert(ulog != NULL) +#define INIT_ULOG(ctx) \ + log_ctx = ctx->kdblog_context; \ + assert(log_ctx != NULL); \ + ulog = log_ctx->ulog; \ + assert(ulog != NULL) /* XXX */ typedef unsigned long ulong_t; @@ -46,9 +47,9 @@ ulog_lock(krb5_context ctx, int mode) kdb_hlog_t *ulog = NULL; if (ctx == NULL) - return KRB5_LOG_ERROR; + return KRB5_LOG_ERROR; if (ctx->kdblog_context == NULL || ctx->kdblog_context->iproprole == IPROP_NULL) - return 0; + return 0; INIT_ULOG(ctx); return krb5_lock_file(ctx, log_ctx->ulogfd, mode); } @@ -59,23 +60,23 @@ ulog_lock(krb5_context ctx, int mode) static krb5_error_code ulog_sync_update(kdb_hlog_t *ulog, kdb_ent_header_t *upd) { - ulong_t start, end, size; - krb5_error_code retval; + ulong_t start, end, size; + krb5_error_code retval; if (ulog == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); if (!pagesize) - pagesize = getpagesize(); + pagesize = getpagesize(); start = ((ulong_t)upd) & (~(pagesize-1)); end = (((ulong_t)upd) + ulog->kdb_block + - (pagesize-1)) & (~(pagesize-1)); + (pagesize-1)) & (~(pagesize-1)); size = end - start; if ((retval = msync((caddr_t)start, size, MS_SYNC))) { - return (retval); + return (retval); } return (0); @@ -89,14 +90,14 @@ ulog_sync_header(kdb_hlog_t *ulog) { if (!pagesize) - pagesize = getpagesize(); + pagesize = getpagesize(); if (msync((caddr_t)ulog, pagesize, MS_SYNC)) { - /* - * Couldn't sync to disk, let's panic - */ - syslog(LOG_ERR, "ulog_sync_header: could not sync to disk"); - abort(); + /* + * Couldn't sync to disk, let's panic + */ + syslog(LOG_ERR, "ulog_sync_header: could not sync to disk"); + abort(); } } @@ -109,10 +110,10 @@ ulog_sync_header(kdb_hlog_t *ulog) static krb5_error_code ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) { - uint_t new_block, new_size; + uint_t new_block, new_size; if (ulog == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); new_size = sizeof (kdb_hlog_t); @@ -122,28 +123,28 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) new_size += ulogentries * new_block; if (new_size <= MAXLOGLEN) { - /* - * Reinit log with new block size - */ - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = new_block; - - ulog_sync_header(ulog); - - /* - * Time to expand log considering new block size - */ - if (extend_file_to(ulogfd, new_size) < 0) - return errno; + /* + * Reinit log with new block size + */ + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = new_block; + + ulog_sync_header(ulog); + + /* + * Time to expand log considering new block size + */ + if (extend_file_to(ulogfd, new_size) < 0) + return errno; } else { - /* - * Can't map into file larger than MAXLOGLEN - */ - return (KRB5_LOG_ERROR); + /* + * Can't map into file larger than MAXLOGLEN + */ + return (KRB5_LOG_ERROR); } return (0); @@ -158,25 +159,25 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) krb5_error_code ulog_add_update(krb5_context context, kdb_incr_update_t *upd) { - XDR xdrs; - kdbe_time_t ktime; - struct timeval timestamp; + XDR xdrs; + kdbe_time_t ktime; + struct timeval timestamp; kdb_ent_header_t *indx_log; - uint_t i, recsize; - ulong_t upd_size; - krb5_error_code retval; - kdb_sno_t cur_sno; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; - int ulogfd; + uint_t i, recsize; + ulong_t upd_size; + krb5_error_code retval; + kdb_sno_t cur_sno; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; + int ulogfd; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; ulogfd = log_ctx->ulogfd; if (upd == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); (void) gettimeofday(×tamp, NULL); ktime.seconds = timestamp.tv_sec; @@ -187,10 +188,10 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) recsize = sizeof (kdb_ent_header_t) + upd_size; if (recsize > ulog->kdb_block) { - if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { - /* Resize element array failed */ - return (retval); - } + if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { + /* Resize element array failed */ + return (retval); + } } cur_sno = ulog->kdb_last_sno; @@ -200,9 +201,9 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) * resyncs once they see their sno > than the masters. */ if (cur_sno == ULONG_MAX) - cur_sno = 1; + cur_sno = 1; else - cur_sno++; + cur_sno++; /* * We squirrel this away for finish_update() to index @@ -224,15 +225,15 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) ulog->kdb_state = KDB_UNSTABLE; xdrmem_create(&xdrs, (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_ENCODE); + indx_log->kdb_entry_size, XDR_ENCODE); if (!xdr_kdb_incr_update_t(&xdrs, upd)) - return (KRB5_LOG_CONV); + return (KRB5_LOG_CONV); if ((retval = ulog_sync_update(ulog, indx_log))) - return (retval); + return (retval); if (ulog->kdb_num < ulogentries) - ulog->kdb_num++; + ulog->kdb_num++; ulog->kdb_last_sno = cur_sno; ulog->kdb_last_time = ktime; @@ -242,13 +243,13 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) * always kdb_entry_sno + 1. */ if (cur_sno > ulogentries) { - i = upd->kdb_entry_sno % ulogentries; - indx_log = (kdb_ent_header_t *)INDEX(ulog, i); - ulog->kdb_first_sno = indx_log->kdb_entry_sno; - ulog->kdb_first_time = indx_log->kdb_time; + i = upd->kdb_entry_sno % ulogentries; + indx_log = (kdb_ent_header_t *)INDEX(ulog, i); + ulog->kdb_first_sno = indx_log->kdb_entry_sno; + ulog->kdb_first_time = indx_log->kdb_time; } else if (cur_sno == 1) { - ulog->kdb_first_sno = 1; - ulog->kdb_first_time = indx_log->kdb_time; + ulog->kdb_first_sno = 1; + ulog->kdb_first_time = indx_log->kdb_time; } ulog_sync_header(ulog); @@ -263,12 +264,12 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) krb5_error_code ulog_finish_update(krb5_context context, kdb_incr_update_t *upd) { - krb5_error_code retval; - kdb_ent_header_t *indx_log; - uint_t i; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; + krb5_error_code retval; + kdb_ent_header_t *indx_log; + uint_t i; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; @@ -282,7 +283,7 @@ ulog_finish_update(krb5_context context, kdb_incr_update_t *upd) ulog->kdb_state = KDB_STABLE; if ((retval = ulog_sync_update(ulog, indx_log))) - return (retval); + return (retval); ulog_sync_header(ulog); @@ -323,15 +324,15 @@ ulog_delete_update(krb5_context context, kdb_incr_update_t *upd) krb5_error_code ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) { - krb5_db_entry *entry = NULL; - kdb_incr_update_t *upd = NULL, *fupd; - int i, no_of_updates; - krb5_error_code retval; - krb5_principal dbprinc = NULL; - kdb_last_t errlast; - char *dbprincstr = NULL; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; + krb5_db_entry *entry = NULL; + kdb_incr_update_t *upd = NULL, *fupd; + int i, no_of_updates; + krb5_error_code retval; + krb5_principal dbprinc = NULL; + kdb_last_t errlast; + char *dbprincstr = NULL; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; INIT_ULOG(context); @@ -348,84 +349,84 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) errlast.last_time.useconds = (unsigned int)0; if ((retval = krb5_db_open(context, db_args, - KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN))) - goto cleanup; + KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN))) + goto cleanup; for (i = 0; i < no_of_updates; i++) { - int nentry = 1; + int nentry = 1; - if (!upd->kdb_commit) - continue; + if (!upd->kdb_commit) + continue; - if (upd->kdb_deleted) { - dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len - + 1) * sizeof (char)); + if (upd->kdb_deleted) { + dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + + 1) * sizeof (char)); - if (dbprincstr == NULL) { - retval = ENOMEM; - goto cleanup; - } + if (dbprincstr == NULL) { + retval = ENOMEM; + goto cleanup; + } - (void) strncpy(dbprincstr, - (char *)upd->kdb_princ_name.utf8str_t_val, - (upd->kdb_princ_name.utf8str_t_len + 1)); - dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; + (void) strncpy(dbprincstr, + (char *)upd->kdb_princ_name.utf8str_t_val, + (upd->kdb_princ_name.utf8str_t_len + 1)); + dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - if ((retval = krb5_parse_name(context, dbprincstr, - &dbprinc))) { - goto cleanup; - } + if ((retval = krb5_parse_name(context, dbprincstr, + &dbprinc))) { + goto cleanup; + } - free(dbprincstr); + free(dbprincstr); - retval = krb5int_delete_principal_no_log(context, - dbprinc, - &nentry); + retval = krb5int_delete_principal_no_log(context, + dbprinc, + &nentry); - if (dbprinc) { - krb5_free_principal(context, dbprinc); - dbprinc = NULL; - } + if (dbprinc) { + krb5_free_principal(context, dbprinc); + dbprinc = NULL; + } - if (retval) - goto cleanup; - } else { - entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry)); + if (retval) + goto cleanup; + } else { + entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry)); - if (!entry) { - retval = errno; - goto cleanup; - } + if (!entry) { + retval = errno; + goto cleanup; + } - (void) memset(entry, 0, sizeof (krb5_db_entry)); + (void) memset(entry, 0, sizeof (krb5_db_entry)); - if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) - goto cleanup; + if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) + goto cleanup; - retval = krb5int_put_principal_no_log(context, entry, - &nentry); + retval = krb5int_put_principal_no_log(context, entry, + &nentry); - if (entry) { - krb5_db_free_principal(context, entry, nentry); - free(entry); - entry = NULL; - } - if (retval) - goto cleanup; - } + if (entry) { + krb5_db_free_principal(context, entry, nentry); + free(entry); + entry = NULL; + } + if (retval) + goto cleanup; + } - upd++; + upd++; } cleanup: if (fupd) - ulog_free_entries(fupd, no_of_updates); + ulog_free_entries(fupd, no_of_updates); if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) { - if (retval) - ulog_finish_update_slave(ulog, errlast); - else - ulog_finish_update_slave(ulog, incr_ret->lastentry); + if (retval) + ulog_finish_update_slave(ulog, errlast); + else + ulog_finish_update_slave(ulog, incr_ret->lastentry); } return (retval); @@ -440,95 +441,95 @@ cleanup: static krb5_error_code ulog_check(krb5_context context, kdb_hlog_t *ulog, char **db_args) { - XDR xdrs; - krb5_error_code retval = 0; - unsigned int i; - kdb_ent_header_t *indx_log; - kdb_incr_update_t *upd = NULL; - kdb_incr_result_t *incr_ret = NULL; + XDR xdrs; + krb5_error_code retval = 0; + unsigned int i; + kdb_ent_header_t *indx_log; + kdb_incr_update_t *upd = NULL; + kdb_incr_result_t *incr_ret = NULL; ulog->kdb_state = KDB_STABLE; for (i = 0; i < ulog->kdb_num; i++) { - indx_log = (kdb_ent_header_t *)INDEX(ulog, i); - - if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { - /* - * Update entry corrupted we should scream and die - */ - ulog->kdb_state = KDB_CORRUPT; - retval = KRB5_LOG_CORRUPT; - break; - } - - if (indx_log->kdb_commit == FALSE) { - ulog->kdb_state = KDB_UNSTABLE; - - incr_ret = (kdb_incr_result_t *) - malloc(sizeof (kdb_incr_result_t)); - if (incr_ret == NULL) { - retval = errno; - goto error; - } - - upd = (kdb_incr_update_t *) - malloc(sizeof (kdb_incr_update_t)); - if (upd == NULL) { - retval = errno; - goto error; - } - - (void) memset(upd, 0, sizeof (kdb_incr_update_t)); - xdrmem_create(&xdrs, (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_DECODE); - if (!xdr_kdb_incr_update_t(&xdrs, upd)) { - retval = KRB5_LOG_CONV; - goto error; - } - - incr_ret->updates.kdb_ulog_t_len = 1; - incr_ret->updates.kdb_ulog_t_val = upd; - - upd->kdb_commit = TRUE; - - /* - * We don't want to readd this update and just use the - * existing update to be propagated later on - */ - ulog_set_role(context, IPROP_NULL); - retval = ulog_replay(context, incr_ret, db_args); - - /* - * upd was freed by ulog_replay, we NULL - * the pointer in case we subsequently break from loop. - */ - upd = NULL; - if (incr_ret) { - free(incr_ret); - incr_ret = NULL; - } - ulog_set_role(context, IPROP_MASTER); - - if (retval) - goto error; - - /* - * We flag this as committed since this was - * the last entry before kadmind crashed, ergo - * the slaves have not seen this update before - */ - indx_log->kdb_commit = TRUE; - retval = ulog_sync_update(ulog, indx_log); - if (retval) - goto error; - - ulog->kdb_state = KDB_STABLE; - } + indx_log = (kdb_ent_header_t *)INDEX(ulog, i); + + if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { + /* + * Update entry corrupted we should scream and die + */ + ulog->kdb_state = KDB_CORRUPT; + retval = KRB5_LOG_CORRUPT; + break; + } + + if (indx_log->kdb_commit == FALSE) { + ulog->kdb_state = KDB_UNSTABLE; + + incr_ret = (kdb_incr_result_t *) + malloc(sizeof (kdb_incr_result_t)); + if (incr_ret == NULL) { + retval = errno; + goto error; + } + + upd = (kdb_incr_update_t *) + malloc(sizeof (kdb_incr_update_t)); + if (upd == NULL) { + retval = errno; + goto error; + } + + (void) memset(upd, 0, sizeof (kdb_incr_update_t)); + xdrmem_create(&xdrs, (char *)indx_log->entry_data, + indx_log->kdb_entry_size, XDR_DECODE); + if (!xdr_kdb_incr_update_t(&xdrs, upd)) { + retval = KRB5_LOG_CONV; + goto error; + } + + incr_ret->updates.kdb_ulog_t_len = 1; + incr_ret->updates.kdb_ulog_t_val = upd; + + upd->kdb_commit = TRUE; + + /* + * We don't want to readd this update and just use the + * existing update to be propagated later on + */ + ulog_set_role(context, IPROP_NULL); + retval = ulog_replay(context, incr_ret, db_args); + + /* + * upd was freed by ulog_replay, we NULL + * the pointer in case we subsequently break from loop. + */ + upd = NULL; + if (incr_ret) { + free(incr_ret); + incr_ret = NULL; + } + ulog_set_role(context, IPROP_MASTER); + + if (retval) + goto error; + + /* + * We flag this as committed since this was + * the last entry before kadmind crashed, ergo + * the slaves have not seen this update before + */ + indx_log->kdb_commit = TRUE; + retval = ulog_sync_update(ulog, indx_log); + if (retval) + goto error; + + ulog->kdb_state = KDB_STABLE; + } } error: if (upd) - ulog_free_entries(upd, 1); + ulog_free_entries(upd, 1); free(incr_ret); @@ -547,134 +548,134 @@ error: */ krb5_error_code ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, - int caller, char **db_args) + int caller, char **db_args) { - struct stat st; - krb5_error_code retval; - uint32_t ulog_filesize; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - int ulogfd = -1; + struct stat st; + krb5_error_code retval; + uint32_t ulog_filesize; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + int ulogfd = -1; ulog_filesize = sizeof (kdb_hlog_t); if (stat(logname, &st) == -1) { - if (caller == FKPROPLOG) { - /* - * File doesn't exist so we exit with kproplog - */ - return (errno); - } + if (caller == FKPROPLOG) { + /* + * File doesn't exist so we exit with kproplog + */ + return (errno); + } - if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) { - return (errno); - } + if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) { + return (errno); + } - if (lseek(ulogfd, 0L, SEEK_CUR) == -1) { - return (errno); - } + if (lseek(ulogfd, 0L, SEEK_CUR) == -1) { + return (errno); + } - if ((caller == FKADMIND) || (caller == FKCOMMAND)) - ulog_filesize += ulogentries * ULOG_BLOCK; + if ((caller == FKADMIND) || (caller == FKCOMMAND)) + ulog_filesize += ulogentries * ULOG_BLOCK; - if (extend_file_to(ulogfd, ulog_filesize) < 0) - return errno; + if (extend_file_to(ulogfd, ulog_filesize) < 0) + return errno; } else { - ulogfd = open(logname, O_RDWR, 0600); - if (ulogfd == -1) - /* - * Can't open existing log file - */ - return errno; + ulogfd = open(logname, O_RDWR, 0600); + if (ulogfd == -1) + /* + * Can't open existing log file + */ + return errno; } if (caller == FKPROPLOG) { - if (fstat(ulogfd, &st) < 0) { - close(ulogfd); - return errno; - } - ulog_filesize = st.st_size; - - ulog = (kdb_hlog_t *)mmap(0, ulog_filesize, - PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0); + if (fstat(ulogfd, &st) < 0) { + close(ulogfd); + return errno; + } + ulog_filesize = st.st_size; + + ulog = (kdb_hlog_t *)mmap(0, ulog_filesize, + PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0); } else { - /* - * else kadmind, kpropd, & kcommands should udpate stores - */ - ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, - PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0); + /* + * else kadmind, kpropd, & kcommands should udpate stores + */ + ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, + PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0); } if ((int)(ulog) == -1) { - /* - * Can't map update log file to memory - */ - close(ulogfd); - return (errno); + /* + * Can't map update log file to memory + */ + close(ulogfd); + return (errno); } if (!context->kdblog_context) { - if (!(log_ctx = malloc(sizeof (kdb_log_context)))) - return (errno); - memset(log_ctx, 0, sizeof(*log_ctx)); - context->kdblog_context = log_ctx; + if (!(log_ctx = malloc(sizeof (kdb_log_context)))) + return (errno); + memset(log_ctx, 0, sizeof(*log_ctx)); + context->kdblog_context = log_ctx; } else - log_ctx = context->kdblog_context; + log_ctx = context->kdblog_context; log_ctx->ulog = ulog; log_ctx->ulogentries = ulogentries; log_ctx->ulogfd = ulogfd; if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) { - if (ulog->kdb_hmagic == 0) { - /* - * New update log - */ - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = ULOG_BLOCK; - if (!(caller == FKPROPLOG)) - ulog_sync_header(ulog); - } else { - return (KRB5_LOG_CORRUPT); - } + if (ulog->kdb_hmagic == 0) { + /* + * New update log + */ + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = ULOG_BLOCK; + if (!(caller == FKPROPLOG)) + ulog_sync_header(ulog); + } else { + return (KRB5_LOG_CORRUPT); + } } if (caller == FKADMIND) { - retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); - if (retval) - return retval; - switch (ulog->kdb_state) { - case KDB_STABLE: - case KDB_UNSTABLE: - /* - * Log is currently un/stable, check anyway - */ - retval = ulog_check(context, ulog, db_args); - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - if (retval == KRB5_LOG_CORRUPT) { - return (retval); - } - break; - case KDB_CORRUPT: - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_CORRUPT); - default: - /* - * Invalid db state - */ - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_ERROR); - } + retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); + if (retval) + return retval; + switch (ulog->kdb_state) { + case KDB_STABLE: + case KDB_UNSTABLE: + /* + * Log is currently un/stable, check anyway + */ + retval = ulog_check(context, ulog, db_args); + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + if (retval == KRB5_LOG_CORRUPT) { + return (retval); + } + break; + case KDB_CORRUPT: + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_CORRUPT); + default: + /* + * Invalid db state + */ + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_ERROR); + } } else if ((caller == FKPROPLOG) || (caller == FKPROPD)) { - /* - * kproplog and kpropd don't need to do anything else - */ - return (0); + /* + * kproplog and kpropd don't need to do anything else + */ + return (0); } /* @@ -683,33 +684,33 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, */ retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); if (retval) - return retval; + return retval; if (ulog->kdb_num != ulogentries) { - if ((ulog->kdb_num != 0) && - ((ulog->kdb_last_sno > ulog->kdb_num) || - (ulog->kdb_num > ulogentries))) { - - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = ULOG_BLOCK; - - ulog_sync_header(ulog); - } - - /* - * Expand ulog if we have specified a greater size - */ - if (ulog->kdb_num < ulogentries) { - ulog_filesize += ulogentries * ulog->kdb_block; - - if (extend_file_to(ulogfd, ulog_filesize) < 0) { - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return errno; - } - } + if ((ulog->kdb_num != 0) && + ((ulog->kdb_last_sno > ulog->kdb_num) || + (ulog->kdb_num > ulogentries))) { + + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = ULOG_BLOCK; + + ulog_sync_header(ulog); + } + + /* + * Expand ulog if we have specified a greater size + */ + if (ulog->kdb_num < ulogentries) { + ulog_filesize += ulogentries * ulog->kdb_block; + + if (extend_file_to(ulogfd, ulog_filesize) < 0) { + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return errno; + } + } } ulog_lock(context, KRB5_LOCKMODE_UNLOCK); @@ -720,44 +721,44 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, * Get the last set of updates seen, (last+1) to n is returned. */ krb5_error_code -ulog_get_entries(krb5_context context, /* input - krb5 lib config */ - kdb_last_t last, /* input - slave's last sno */ - kdb_incr_result_t *ulog_handle) /* output - incr result for slave */ +ulog_get_entries(krb5_context context, /* input - krb5 lib config */ + kdb_last_t last, /* input - slave's last sno */ + kdb_incr_result_t *ulog_handle) /* output - incr result for slave */ { - XDR xdrs; - kdb_ent_header_t *indx_log; - kdb_incr_update_t *upd; - uint_t indx, count, tdiff; - uint32_t sno; - krb5_error_code retval; - struct timeval timestamp; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; + XDR xdrs; + kdb_ent_header_t *indx_log; + kdb_incr_update_t *upd; + uint_t indx, count, tdiff; + uint32_t sno; + krb5_error_code retval; + struct timeval timestamp; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; retval = ulog_lock(context, KRB5_LOCKMODE_SHARED); if (retval) - return retval; + return retval; /* * Check to make sure we don't have a corrupt ulog first. */ if (ulog->kdb_state == KDB_CORRUPT) { - ulog_handle->ret = UPDATE_ERROR; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_CORRUPT); + ulog_handle->ret = UPDATE_ERROR; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_CORRUPT); } gettimeofday(×tamp, NULL); tdiff = timestamp.tv_sec - ulog->kdb_last_time.seconds; if (tdiff <= ULOG_IDLE_TIME) { - ulog_handle->ret = UPDATE_BUSY; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (0); + ulog_handle->ret = UPDATE_BUSY; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (0); } /* @@ -767,8 +768,8 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ */ retval = krb5_db_lock(context, KRB5_LOCKMODE_SHARED); if (retval) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (retval); + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (retval); } /* @@ -776,103 +777,103 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ * the client's ulog has just been created. */ if ((last.last_sno > ulog->kdb_last_sno) || - (last.last_sno < ulog->kdb_first_sno) || - (last.last_sno == 0)) { - ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; - return (0); + (last.last_sno < ulog->kdb_first_sno) || + (last.last_sno == 0)) { + ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; + return (0); } else if (last.last_sno <= ulog->kdb_last_sno) { - sno = last.last_sno; - - indx = (sno - 1) % ulogentries; - - indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); - - /* - * Validate the time stamp just to make sure it was the same sno - */ - if ((indx_log->kdb_time.seconds == last.last_time.seconds) && - (indx_log->kdb_time.useconds == last.last_time.useconds)) { - - /* - * If we have the same sno we return success - */ - if (last.last_sno == ulog->kdb_last_sno) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_NIL; - return (0); - } - - count = ulog->kdb_last_sno - sno; - - ulog_handle->updates.kdb_ulog_t_val = - (kdb_incr_update_t *)malloc( - sizeof (kdb_incr_update_t) * count); - - upd = ulog_handle->updates.kdb_ulog_t_val; - - if (upd == NULL) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_ERROR; - return (errno); - } - - while (sno < ulog->kdb_last_sno) { - indx = sno % ulogentries; - - indx_log = (kdb_ent_header_t *) - INDEX(ulog, indx); - - (void) memset(upd, 0, - sizeof (kdb_incr_update_t)); - xdrmem_create(&xdrs, - (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_DECODE); - if (!xdr_kdb_incr_update_t(&xdrs, upd)) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_ERROR; - return (KRB5_LOG_CONV); - } - /* - * Mark commitment since we didn't - * want to decode and encode the - * incr update record the first time. - */ - upd->kdb_commit = indx_log->kdb_commit; - - upd++; - sno++; - } /* while */ - - ulog_handle->updates.kdb_ulog_t_len = count; - - ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; - ulog_handle->lastentry.last_time.seconds = - ulog->kdb_last_time.seconds; - ulog_handle->lastentry.last_time.useconds = - ulog->kdb_last_time.useconds; - ulog_handle->ret = UPDATE_OK; - - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - - return (0); - } else { - /* - * We have time stamp mismatch or we no longer have - * the slave's last sno, so we brute force it - */ - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; - - return (0); - } + sno = last.last_sno; + + indx = (sno - 1) % ulogentries; + + indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); + + /* + * Validate the time stamp just to make sure it was the same sno + */ + if ((indx_log->kdb_time.seconds == last.last_time.seconds) && + (indx_log->kdb_time.useconds == last.last_time.useconds)) { + + /* + * If we have the same sno we return success + */ + if (last.last_sno == ulog->kdb_last_sno) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_NIL; + return (0); + } + + count = ulog->kdb_last_sno - sno; + + ulog_handle->updates.kdb_ulog_t_val = + (kdb_incr_update_t *)malloc( + sizeof (kdb_incr_update_t) * count); + + upd = ulog_handle->updates.kdb_ulog_t_val; + + if (upd == NULL) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_ERROR; + return (errno); + } + + while (sno < ulog->kdb_last_sno) { + indx = sno % ulogentries; + + indx_log = (kdb_ent_header_t *) + INDEX(ulog, indx); + + (void) memset(upd, 0, + sizeof (kdb_incr_update_t)); + xdrmem_create(&xdrs, + (char *)indx_log->entry_data, + indx_log->kdb_entry_size, XDR_DECODE); + if (!xdr_kdb_incr_update_t(&xdrs, upd)) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_ERROR; + return (KRB5_LOG_CONV); + } + /* + * Mark commitment since we didn't + * want to decode and encode the + * incr update record the first time. + */ + upd->kdb_commit = indx_log->kdb_commit; + + upd++; + sno++; + } /* while */ + + ulog_handle->updates.kdb_ulog_t_len = count; + + ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; + ulog_handle->lastentry.last_time.seconds = + ulog->kdb_last_time.seconds; + ulog_handle->lastentry.last_time.useconds = + ulog->kdb_last_time.useconds; + ulog_handle->ret = UPDATE_OK; + + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + + return (0); + } else { + /* + * We have time stamp mismatch or we no longer have + * the slave's last sno, so we brute force it + */ + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; + + return (0); + } } /* @@ -886,15 +887,15 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ krb5_error_code ulog_set_role(krb5_context ctx, iprop_role role) { - kdb_log_context *log_ctx; + kdb_log_context *log_ctx; if (!ctx->kdblog_context) { - if (!(log_ctx = malloc(sizeof (kdb_log_context)))) - return (errno); - memset(log_ctx, 0, sizeof(*log_ctx)); - ctx->kdblog_context = log_ctx; + if (!(log_ctx = malloc(sizeof (kdb_log_context)))) + return (errno); + memset(log_ctx, 0, sizeof(*log_ctx)); + ctx->kdblog_context = log_ctx; } else - log_ctx = ctx->kdblog_context; + log_ctx = ctx->kdblog_context; log_ctx->iproprole = role; @@ -911,25 +912,25 @@ static int extend_file_to(int fd, uint_t new_size) current_offset = lseek(fd, 0, SEEK_END); if (current_offset < 0) - return -1; + return -1; if (new_size > INT_MAX) { - errno = EINVAL; - return -1; + errno = EINVAL; + return -1; } while (current_offset < new_size) { - int write_size, wrote_size; - write_size = new_size - current_offset; - if (write_size > 512) - write_size = 512; - wrote_size = write(fd, zero, write_size); - if (wrote_size < 0) - return -1; - if (wrote_size == 0) { - errno = EINVAL; /* XXX ?? */ - return -1; - } - current_offset += wrote_size; - write_size = new_size - current_offset; + int write_size, wrote_size; + write_size = new_size - current_offset; + if (write_size > 512) + write_size = 512; + wrote_size = write(fd, zero, write_size); + if (wrote_size < 0) + return -1; + if (wrote_size == 0) { + errno = EINVAL; /* XXX ?? */ + return -1; + } + current_offset += wrote_size; + write_size = new_size - current_offset; } return 0; } diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index 47626f1521..03cc897c3d 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/v5server/keytab.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include <string.h> @@ -35,30 +36,30 @@ is_xrealm_tgt(krb5_context, krb5_const_principal); krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab); krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal, - krb5_kvno, krb5_enctype, krb5_keytab_entry *); + krb5_kvno, krb5_enctype, krb5_keytab_entry *); static krb5_error_code krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab, - char *name, unsigned int namelen) + char *name, unsigned int namelen) { if (strlcpy(name, "KDB:", namelen) >= namelen); - return KRB5_KT_NAME_TOOLONG; + return KRB5_KT_NAME_TOOLONG; return 0; } krb5_kt_ops krb5_kt_kdb_ops = { 0, - "KDB", /* Prefix -- this string should not appear anywhere else! */ - krb5_ktkdb_resolve, /* resolve */ - krb5_ktkdb_get_name, /* get_name */ - krb5_ktkdb_close, /* close */ - krb5_ktkdb_get_entry, /* get */ - NULL, /* start_seq_get */ - NULL, /* get_next */ - NULL, /* end_get */ - NULL, /* add (extended) */ - NULL, /* remove (extended) */ - NULL, /* (void *) &krb5_ktfile_ser_entry */ + "KDB", /* Prefix -- this string should not appear anywhere else! */ + krb5_ktkdb_resolve, /* resolve */ + krb5_ktkdb_get_name, /* get_name */ + krb5_ktkdb_close, /* close */ + krb5_ktkdb_get_entry, /* get */ + NULL, /* start_seq_get */ + NULL, /* get_next */ + NULL, /* end_get */ + NULL, /* add (extended) */ + NULL, /* remove (extended) */ + NULL, /* (void *) &krb5_ktfile_ser_entry */ }; typedef struct krb5_ktkdb_data { @@ -67,9 +68,9 @@ typedef struct krb5_ktkdb_data { krb5_error_code krb5_ktkdb_resolve(context, name, id) - krb5_context context; - const char * name; - krb5_keytab * id; + krb5_context context; + const char * name; + krb5_keytab * id; { if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) return(ENOMEM); @@ -80,21 +81,21 @@ krb5_ktkdb_resolve(context, name, id) krb5_error_code krb5_ktkdb_close(context, kt) - krb5_context context; - krb5_keytab kt; + krb5_context context; + krb5_keytab kt; { - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktkdb_resolve(). - */ - - kt->ops = NULL; - free(kt); - - return 0; + /* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktkdb_resolve(). + */ + + kt->ops = NULL; + free(kt); + + return 0; } static krb5_context ktkdb_ctx = NULL; @@ -115,28 +116,28 @@ krb5_ktkdb_set_context(krb5_context ctx) krb5_error_code krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) - krb5_context in_context; - krb5_keytab id; + krb5_context in_context; + krb5_keytab id; krb5_const_principal principal; - krb5_kvno kvno; - krb5_enctype enctype; - krb5_keytab_entry * entry; + krb5_kvno kvno; + krb5_enctype enctype; + krb5_keytab_entry * entry; { - krb5_context context; + krb5_context context; krb5_keylist_node * master_keylist; krb5_keyblock * master_key; - krb5_error_code kerror = 0; - krb5_key_data * key_data; - krb5_db_entry db_entry; - krb5_boolean more = 0; - int n = 0; + krb5_error_code kerror = 0; + krb5_key_data * key_data; + krb5_db_entry db_entry; + krb5_boolean more = 0; + int n = 0; int xrealm_tgt; krb5_boolean similar; if (ktkdb_ctx) - context = ktkdb_ctx; + context = ktkdb_ctx; else - context = in_context; + context = in_context; xrealm_tgt = is_xrealm_tgt(context, principal); @@ -146,59 +147,59 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) /* get_principal */ kerror = krb5_db_get_principal(context, principal, & - db_entry, &n, &more); + db_entry, &n, &more); if (kerror) { - /* krb5_db_close_database(context); */ + /* krb5_db_close_database(context); */ return(kerror); } if (n != 1) { - /* krb5_db_close_database(context); */ - return KRB5_KT_NOTFOUND; + /* krb5_db_close_database(context); */ + return KRB5_KT_NOTFOUND; } if (db_entry.attributes & KRB5_KDB_DISALLOW_SVR - || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) { - kerror = KRB5_KT_NOTFOUND; - goto error; + || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) { + kerror = KRB5_KT_NOTFOUND; + goto error; } /* match key */ kerror = krb5_db_get_mkey_list(context, &master_keylist); if (kerror) - goto error; + goto error; kerror = krb5_dbe_find_mkey(context, master_keylist, &db_entry, &master_key); if (kerror) - goto error; + goto error; /* For cross realm tgts, we match whatever enctype is provided; * for other principals, we only match the first enctype that is * found. Since the TGS and AS code do the same thing, then we * will only successfully decrypt tickets we have issued.*/ kerror = krb5_dbe_find_enctype(context, &db_entry, - xrealm_tgt?enctype:-1, - -1, kvno, &key_data); + xrealm_tgt?enctype:-1, + -1, kvno, &key_data); if (kerror == KRB5_KDB_NO_MATCHING_KEY) - kerror = KRB5_KT_KVNONOTFOUND; + kerror = KRB5_KT_KVNONOTFOUND; if (kerror) - goto error; + goto error; kerror = krb5_dbekd_decrypt_key_data(context, master_key, - key_data, &entry->key, NULL); + key_data, &entry->key, NULL); if (kerror) - goto error; - - if (enctype > 0) { - kerror = krb5_c_enctype_compare(context, enctype, - entry->key.enctype, &similar); - if (kerror) - goto error; - - if (!similar) { - kerror = KRB5_KDB_NO_PERMITTED_KEY; - goto error; - } + goto error; + + if (enctype > 0) { + kerror = krb5_c_enctype_compare(context, enctype, + entry->key.enctype, &similar); + if (kerror) + goto error; + + if (!similar) { + kerror = KRB5_KDB_NO_PERMITTED_KEY; + goto error; + } } /* * Coerce the enctype of the output keyblock in case we got an @@ -208,10 +209,10 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) kerror = krb5_copy_principal(context, principal, &entry->principal); if (kerror) - goto error; + goto error; /* Close database */ - error: +error: krb5_db_free_principal(context, &db_entry, 1); /* krb5_db_close_database(context); */ return(kerror); @@ -227,16 +228,15 @@ is_xrealm_tgt(krb5_context context, krb5_const_principal princ) { krb5_data *dat; if (krb5_princ_size(context, princ) != 2) - return 0; + return 0; dat = krb5_princ_component(context, princ, 0); if (strncmp("krbtgt", dat->data, dat->length) != 0) - return 0; + return 0; dat = krb5_princ_component(context, princ, 1); if (dat->length != princ->realm.length) - return 1; + return 1; if (strncmp(dat->data, princ->realm.data, dat->length) == 0) - return 0; + return 0; return 1; } - |