Consolidate handling of tagged database attributes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6500 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 142 insertions, 162 deletions

diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog
index f91a881e6..d473bb02d 100644
--- a/src/kadmin/v5server/ChangeLog
+++ b/src/kadmin/v5server/ChangeLog
@@ -1,4 +1,11 @@
 
+Thu Aug 10 14:34:31 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* srv_key.c - Consolidate handling of tagged database attributes here
+		in key_update_tl_attrs().  Fix a bug which was never encountered
+	* kadm5_defs.h - Add prototype for key_update_tl_attrs().
+	* admin.c, passwd.c - Use key_update_tl_attrs() where appropriate.
+
+
 Wed Aug 9 17:09:35 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* admin.c - Add code to use kdb5's change-password interfaces under
 		USE_KDB5_CPW for now until it's fully shaken out.
diff --git a/src/kadmin/v5server/admin.c b/src/kadmin/v5server/admin.c
index 7db29bba3..37f9cbca2 100644
--- a/src/kadmin/v5server/admin.c
+++ b/src/kadmin/v5server/admin.c
@@ -309,10 +309,6 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
 {
     krb5_error_code	kret = 0;
 #ifndef	USE_KDB5_CPW
-    krb5_timestamp	now;
-    krb5_tl_data	*pwchg, *def_pwchg;
-    krb5_tl_data	*new, *def;
-    krb5_tl_mod_princ	modent;
     krb5_int32		num_keys, num_ekeys, num_rkeys;
     krb5_key_data	*key_list;
     krb5_key_data	*ekey_list;
@@ -331,9 +327,6 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
     ekey_list = (krb5_key_data *) NULL;
 #endif	/* USE_KDB5_CPW */
     if (dbentp->princ &&
-#ifndef	USE_KDB5_CPW
-	!(kret = krb5_timeofday(kcontext, &now)) &&
-#endif	/* USE_KDB5_CPW */
 	(!password || ((valid & KRB5_ADM_M_RANDOMKEY) == 0))) {
 
 	/*
@@ -359,72 +352,16 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
 	dbentp->len = defaultp->len;
 	kret = 0;
 
-#ifndef	USE_KDB5_CPW
-	/*
-	 * Now merge tagged data.  This is a little bit painful, hold on.
-	 * First see if we already have a last change block.  If so, then just
-	 * use the existing storage to hold the appropriate value.
-	 */
-	pwchg = def_pwchg = (krb5_tl_data *) NULL;
-	for (new = dbentp->tl_data; new; new = new->tl_data_next) {
-	    if (new->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-		pwchg = new;
-		break;
-	    }
-	}
-	/* Find the entry from the default */
-	for (def = defaultp->tl_data; def; def = def->tl_data_next) {
-	    if (def->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-		def_pwchg = def;
-		break;
-	    }
-	}
 	/*
-	 * If not already there, then we have to make a new entry and blast
-	 * our scuzz in there.
+	 * Update last password change (if appropriate) and modification
+	 * date and principal.
 	 */
-	if (!pwchg) {
-	    if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) &&
-		(pwchg->tl_data_contents = (krb5_octet *)
-		 malloc(sizeof(krb5_timestamp)))) {
-		pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-		pwchg->tl_data_length = sizeof(krb5_timestamp);
-		pwchg->tl_data_next = dbentp->tl_data;
-		dbentp->tl_data = pwchg;
-		dbentp->n_tl_data++;
-	    }
-	    else
-		kret = ENOMEM;
-	}
-	if (!kret) {
-	    /*
-	     * If we're changing the password, the time is now.
-	     */
-	    if (password || is_pwchange || !def_pwchg) {
-		krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
-	    }
-	    else {
-		/*
-		 * Otherwise, clone the contents of the old one.
-		 */
-		memcpy(pwchg->tl_data_contents,
-		       def_pwchg->tl_data_contents,
-		       sizeof(krb5_timestamp));
-	    }
+	if (!(kret = key_update_tl_attrs(kcontext,
+					 dbentp,
+					 who,
+					 (password || is_pwchange)))) {
 
-	    /*
-	     * Handle the modification date/principal.
-	     */
-	    modent.mod_date = now;
-	    kret = krb5_copy_principal(kcontext, who, &modent.mod_princ);
-	    if (!kret) {
-		kret = krb5_dbe_encode_mod_princ_data(kcontext,
-						      &modent,
-						      dbentp);
-		krb5_free_principal(kcontext, modent.mod_princ);
-	    }
-	}
-	if (!kret) {
+#ifndef	USE_KDB5_CPW
 	    /* See if this is a random key or not */
 	    if (password) {
 		krb5_data		pwdata;
@@ -502,8 +439,15 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
 		    }
 		}
 	    }
-	}
 #endif	/* USE_KDB5_CPW */
+
+	    /*
+	     * Finally, if this is a password change, clear the password-change
+	     * required bit.
+	     */
+	    if (password || is_pwchange)
+		dbentp->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+	}
     }
 
 #ifndef	USE_KDB5_CPW
@@ -921,7 +865,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
     krb5_principal	orig_principal;
     krb5_int32		operation;
     const char *	op_msg;
-    krb5_tl_mod_princ	*mprinc;
 
     DPRINT(DEBUG_CALLS, debug_level,
 	   ("* admin_delete_rename(%s,%s)\n",
@@ -977,7 +920,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
 			    int			n_howmany;
 			    krb5_boolean	n_more;
 			    krb5_db_entry	xxx_dbentry;
-			    krb5_timestamp	now;
 
 			    n_howmany = 1;
 
@@ -987,7 +929,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
 							       &xxx_dbentry,
 							       &n_howmany,
 							       &n_more))
-				&& !(kret = krb5_timeofday(kcontext, &now))
 				&& !n_howmany) {
 				/* Change our name */
 				krb5_free_principal(kcontext,
@@ -995,44 +936,26 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
 				orig_entry.princ = new_principal;
 
 				/* Update our stats */
-				mprinc = (krb5_tl_mod_princ *) NULL;
-				(void) krb5_dbe_decode_mod_princ_data(kcontext,
+				if (!(kret = key_update_tl_attrs(kcontext,
+								 &orig_entry,
+								 client,
+								 0))) {
+				    n_howmany = 1;
+				    if ((kret = krb5_db_put_principal(kcontext,
 								      &orig_entry,
-								      &mprinc);
-				if (!mprinc) {
-				    mprinc = (krb5_tl_mod_princ *)
-					malloc(sizeof(krb5_tl_mod_princ));
-				    if (mprinc)
-					memset(mprinc, 0, sizeof(*mprinc));
-				}
-				if (mprinc) {
-				    if (mprinc->mod_princ)
-					krb5_free_principal(kcontext,
-							    mprinc->mod_princ);
-				    krb5_copy_principal(kcontext,
-							client,
-							&mprinc->mod_princ);
-				    mprinc->mod_date = now;
-				    krb5_dbe_encode_mod_princ_data(kcontext,
-								   mprinc,
-								   &orig_entry);
-				    krb5_free_principal(kcontext,
-							mprinc->mod_princ);
-				    krb5_xfree(mprinc);
-				}
-
-				n_howmany = 1;
-				if ((kret = krb5_db_put_principal(kcontext,
-								  &orig_entry,
-								  &n_howmany))
-				    || (n_howmany != 1)) {
-				    retval = KRB5_ADM_SYSTEM_ERROR;
+								      &n_howmany))
+					|| (n_howmany != 1)) {
+					retval = KRB5_ADM_SYSTEM_ERROR;
+				    }
+				    else {
+					com_err(programname, 0,
+						admin_db_rename_fmt,
+						op_msg, original, new,
+						client_name);
+				    }
 				}
 				else {
-				    com_err(programname, 0,
-					    admin_db_rename_fmt,
-					    op_msg, original, new,
-					    client_name);
+				    retval = KRB5_ADM_SYSTEM_ERROR;
 				}
 				orig_entry.princ = (krb5_principal) NULL;
 			    }
@@ -1412,11 +1335,9 @@ admin_key_op(kcontext, debug_level, ticket, nargs, arglist, is_delete)
     krb5_principal	principal;
     krb5_int32		operation;
     const char *	op_msg;
-    krb5_tl_mod_princ	*mprinc;
     krb5_int32		nkeysalts;
     krb5_key_salt_tuple	*keysalt_list;
     krb5_int32		*kvno_list;
-    krb5_timestamp	now;
     int			n_howmany;
 
     DPRINT(DEBUG_CALLS, debug_level,
@@ -1493,26 +1414,11 @@ admin_key_op(kcontext, debug_level, ticket, nargs, arglist, is_delete)
 							     nkeysalts,
 							     keysalt_list,
 							     kvno_list)) &&
-			    /* Get the time of day */
-			    !(kret = krb5_timeofday(kcontext, &now))) {
-				/* Update our stats */
-			    if (!krb5_dbe_decode_mod_princ_data(kcontext,
-								&entry,
-								&mprinc)) {
-				krb5_free_principal(kcontext,
-						    mprinc->mod_princ);
-				krb5_copy_principal(kcontext,
-						    client,
-						    &mprinc->mod_princ);
-				mprinc->mod_date = now;
-				krb5_dbe_encode_mod_princ_data(kcontext,
-							       mprinc,
-							       &entry);
-				krb5_free_principal(kcontext,
-						    mprinc->mod_princ);
-				krb5_xfree(mprinc);
-			    }
-			    
+			    /* Update our statistics */
+			    !(retval = key_update_tl_attrs(kcontext,
+							   &entry,
+							   client,
+							   0))) {
 			    n_howmany = 1;
 			    if ((kret = krb5_db_put_principal(kcontext,
 							      &entry,
diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h
index 1e9e02187..676a56cd7 100644
--- a/src/kadmin/v5server/kadm5_defs.h
+++ b/src/kadmin/v5server/kadm5_defs.h
@@ -149,6 +149,11 @@ krb5_error_code key_dbent_to_keysalts
 	KRB5_PROTOTYPE((krb5_db_entry *,
 			krb5_int32 *,
 			krb5_key_salt_tuple **));
+krb5_error_code key_update_tl_attrs
+	KRB5_PROTOTYPE((krb5_context,
+			krb5_db_entry *,
+			krb5_principal,
+			krb5_boolean));
 
 /* srv_acl.c */
 krb5_error_code acl_init
diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c
index 335aca0a3..33bda1cdb 100644
--- a/src/kadmin/v5server/passwd.c
+++ b/src/kadmin/v5server/passwd.c
@@ -213,9 +213,6 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
 #else	/* USE_KDB5_CPW */
     krb5_int32		num_keys;
     krb5_key_data	*key_list;
-    krb5_tl_data	*pwchg;
-    krb5_tl_mod_princ	modent;
-    krb5_timestamp	now;
 #endif	/* USE_KDB5_CPW */
 
     DPRINT(DEBUG_CALLS, debug_level, ("* passwd_set_npass()\n"));
@@ -305,36 +302,17 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
 				&entry2write.key_data))
 	goto cleanup;
     entry2write.n_key_data = num_keys;
+#endif	/* USE_KDB5_CPW */
 
-    if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) &&
-	(pwchg->tl_data_contents = (krb5_octet *)
-	 malloc(sizeof(krb5_timestamp)))) {
-
-	pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-	pwchg->tl_data_length = sizeof(krb5_timestamp);
-	pwchg->tl_data_next = (krb5_tl_data *) NULL;
-	entry2write.tl_data = pwchg;
-	entry2write.n_tl_data++;
-	/* Set the time for last successful password change */
-	if (kret = krb5_timeofday(kcontext, &now))
-	    goto cleanup;
-	krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
-    }
-    else {
-	kret = ENOMEM;
+    /* Update the statistics */
+    if (kret = key_update_tl_attrs(kcontext,
+				   &entry2write,
+				   entry2write.princ,
+				   1))
 	goto cleanup;
-    }
-
 
-    /* Set entry modifier and modification time. */
-    modent.mod_date = now;
-    if (!(kret = krb5_copy_principal(kcontext,
-				     entry2write.princ, 
-				     &modent.mod_princ))) {
-	kret = krb5_dbe_encode_mod_princ_data(kcontext, &modent, &entry2write);
-	krb5_free_principal(kcontext, modent.mod_princ);
-    }
-#endif	/* USE_KDB5_CPW */
+    /* Clear the password-change-required bit */
+    entry2write.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     /* Now write the entry */
     nwrite = 1;
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c
index 5a60462a7..e5dd60f88 100644
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -1214,7 +1214,7 @@ key_name_to_data(dbentp, ksent, kvno, kdatap)
 	     (ksent->ks_salttype < 0))) {
 	    if (kvno >= 0) {
 		if (kvno == dbentp->key_data[i].key_data_kvno) {
-		    maxkvno == kvno;
+		    maxkvno = kvno;
 		    datap = &dbentp->key_data[i];
 		    break;
 		}
@@ -1287,3 +1287,87 @@ key_dbent_to_keysalts(dbentp, nentsp, ksentsp)
     }
     return(kret);
 }
+
+krb5_error_code
+key_update_tl_attrs(kcontext, dbentp, mod_name, is_pwchg)
+    krb5_context	kcontext;
+    krb5_db_entry	*dbentp;
+    krb5_principal	mod_name;
+    krb5_boolean	is_pwchg;
+{
+    krb5_error_code	kret;
+
+    kret = 0 ;
+
+    /*
+     * Handle modification principal.
+     */
+    if (mod_name) {
+	krb5_tl_mod_princ	mprinc;
+
+	memset(&mprinc, 0, sizeof(mprinc));
+	if (!(kret = krb5_copy_principal(kcontext,
+					 mod_name,
+					 &mprinc.mod_princ)) &&
+	    !(kret = krb5_timeofday(kcontext, &mprinc.mod_date)))
+	    kret = krb5_dbe_encode_mod_princ_data(kcontext,
+						  &mprinc,
+						  dbentp);
+	if (mprinc.mod_princ)
+	    krb5_free_principal(kcontext, mprinc.mod_princ);
+    }
+
+    /*
+     * Handle last password change.
+     */
+    if (!kret && is_pwchg) {
+	krb5_tl_data	*pwchg;
+	krb5_timestamp	now;
+	krb5_boolean	linked;
+
+	/* Find a previously existing entry */
+	for (pwchg = dbentp->tl_data;
+	     (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE);
+	     pwchg = pwchg->tl_data_next);
+
+	/* Check to see if we found one. */
+	linked = 0;
+	if (!pwchg) {
+	    /* No, allocate a new one */
+	    if (pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) {
+		memset(pwchg, 0, sizeof(krb5_tl_data));
+		if (!(pwchg->tl_data_contents =
+		      (krb5_octet *) malloc(sizeof(krb5_timestamp)))) {
+		    free(pwchg);
+		    pwchg = (krb5_tl_data *) NULL;
+		}
+		else {
+		    pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+		    pwchg->tl_data_length =
+			(krb5_int16) sizeof(krb5_timestamp);
+		}
+	    }
+	}
+	else
+	    linked = 1;
+
+	/* Do we have an entry? */
+	if (pwchg && pwchg->tl_data_contents) {
+	    /* Yes, do the timestamp */
+	    if (!(kret = krb5_timeofday(kcontext, &now))) {
+		/* Encode it */
+		krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
+		/* Link it in if necessary */
+		if (!linked) {
+		    pwchg->tl_data_next = dbentp->tl_data;
+		    dbentp->tl_data = pwchg;
+		    dbentp->n_tl_data++;
+		}
+	    }
+	}
+	else
+	    kret = ENOMEM;
+    }
+
+    return(kret);
+}