diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-01-25 05:20:07 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-01-25 05:20:07 +0000 |
| commit | 1f649490ad49642906a0ad6083059e35a24988e8 (patch) | |
| tree | ba870faeb6a46f2e1455276a3262b4d38e92b207 /src/lib/kadm5/srv | |
| parent | af11454d3adf02a0e6fe3156e37b7b06fd5a9d3b (diff) | |
| download | krb5-1f649490ad49642906a0ad6083059e35a24988e8.tar.gz krb5-1f649490ad49642906a0ad6083059e35a24988e8.tar.xz krb5-1f649490ad49642906a0ad6083059e35a24988e8.zip | |
Make principal renaming work in libkadm5srv by converting to explicit
salts as necessary. Add a principal rename command to the client.
(The RPC infrastructure was already present.)
Adapted from patches submitted by mdw@umich.edu and lha@apple.com.
ticket: 6323
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/srv')
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 64 |
1 files changed, 49 insertions, 15 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 696362ac6..9abb4e6d6 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -4,21 +4,14 @@ * * $Header$ */ -#include <assert.h> -#include <sys/types.h> +#include "k5-int.h" #include <sys/time.h> -#include <errno.h> #include <kadm5/admin.h> #include <kdb.h> -#include <stdio.h> -#include <string.h> #include "server_internal.h" -#include <stdarg.h> -#include <stdlib.h> #ifdef USE_PASSWORD_SERVER #include <sys/wait.h> #include <signal.h> - #endif #include <krb5/kadm5_hook_plugin.h> @@ -730,10 +723,12 @@ kadm5_ret_t kadm5_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { - krb5_db_entry *kdb; - osa_princ_ent_rec adb; - int ret, i; + krb5_db_entry *kdb; + osa_princ_ent_rec adb; + int ret, i; kadm5_server_handle_t handle = server_handle; + krb5_int32 stype; + krb5_data sdata; CHECK_HANDLE(server_handle); @@ -750,14 +745,53 @@ kadm5_rename_principal(void *server_handle, if ((ret = kdb_get_entry(handle, source, &kdb, &adb))) return ret; - /* this is kinda gross, but unavoidable */ + /* Transform salts as necessary. */ + for (i = 0; i < kdb->n_key_data; i++) { + sdata = empty_data(); + if (kdb->key_data[i].key_data_ver > 1) + stype = kdb->key_data[i].key_data_type[1]; + else + stype = KRB5_KDB_SALTTYPE_NORMAL; - for (i=0; i<kdb->n_key_data; i++) { - if ((kdb->key_data[i].key_data_ver == 1) || - (kdb->key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) { + /* For salt types which compute a salt from the principal name, compute + * the salt based on the old principal name into sdata. */ + switch (stype) { + case KRB5_KDB_SALTTYPE_NORMAL: + ret = krb5_principal2salt(handle->context, kdb->princ, &sdata); + if (ret) + goto done; + break; + case KRB5_KDB_SALTTYPE_NOREALM: + krb5_principal2salt_norealm(handle->context, kdb->princ, &sdata); + if (ret) + goto done; + break; + case KRB5_KDB_SALTTYPE_ONLYREALM: + ret = alloc_data(&sdata, kdb->princ->realm.length); + if (ret) + goto done; + memcpy(sdata.data, kdb->princ->realm.data, + kdb->princ->realm.length); + break; + case KRB5_KDB_SALTTYPE_SPECIAL: + case KRB5_KDB_SALTTYPE_V4: + case KRB5_KDB_SALTTYPE_AFS3: + /* Don't compute a new salt. Assume the realm doesn't change for + * V4 and AFS3. */ + break; + default: + /* We don't recognize this salt type. Be conservative. */ ret = KADM5_NO_RENAME_SALT; goto done; } + /* If we computed a salt, store it as an explicit salt. */ + if (sdata.data != NULL) { + kdb->key_data[i].key_data_type[1] = KRB5_KDB_SALTTYPE_SPECIAL; + free(kdb->key_data[i].key_data_contents[1]); + kdb->key_data[i].key_data_contents[1] = (krb5_octet *)sdata.data; + kdb->key_data[i].key_data_length[1] = sdata.length; + kdb->key_data[i].key_data_ver = 2; + } } kadm5_free_principal(handle->context, kdb->princ); |