diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-03-21 16:57:05 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-03-21 16:57:05 +0000 |
| commit | 57a0c5e6c3c3af0eeed0487d56b53311752a8930 (patch) | |
| tree | 887daeb4dcec0cdb6d1885327eacaacdf6ca46e0 /src/lib/kadm5/srv | |
| parent | fd3a2c5a467a42bbb864e1ddc7fc7f5bda93e339 (diff) | |
| download | krb5-57a0c5e6c3c3af0eeed0487d56b53311752a8930.tar.gz krb5-57a0c5e6c3c3af0eeed0487d56b53311752a8930.tar.xz krb5-57a0c5e6c3c3af0eeed0487d56b53311752a8930.zip | |
Only store master mey list in DAL handle
r24314 (#6778) created a hybrid owernship model for the master key
list, with one virtual copy stored in the DAL handle and one provided
to the caller of krb5_db_fetch_mkey_list. Replace this with a model
where only the DAL handle owns the list, and a caller can get access
to an alias pointer with a new function krb5_db_mkey_list_alias().
Functions which previously accepted the master key list as an input
parameter now expect to find it in the DAL handle.
Patch by Will Fiveash <will.fiveash@oracle.com>.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/srv')
| -rw-r--r-- | src/lib/kadm5/srv/libkadm5srv_mit.exports | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_kdb.c | 5 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 36 |
3 files changed, 17 insertions, 25 deletions
diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports index 44311ee26..e661f30a6 100644 --- a/src/lib/kadm5/srv/libkadm5srv_mit.exports +++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports @@ -84,7 +84,6 @@ krb5_string_to_flags krb5_string_to_keysalts krb5_match_config_pattern master_db -master_keylist master_princ osa_free_princ_ent passwd_check diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index db7230e24..3860b6b2f 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -18,7 +18,6 @@ krb5_principal master_princ; krb5_keyblock master_keyblock; /* local mkey */ -krb5_keylist_node *master_keylist = NULL; krb5_actkvno_node *active_mkey_list = NULL; krb5_db_entry master_db; @@ -69,7 +68,7 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, goto done; if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ, - &master_keyblock, mkvno, &master_keylist))) { + &master_keyblock))) { krb5_db_fini(handle->context); return (ret); } @@ -192,7 +191,7 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock, goto done; } - ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb, &mkey); + ret = krb5_dbe_find_mkey(handle->context, kdb, &mkey); if (ret) goto done; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index d50007c52..f4715fbb1 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -25,7 +25,6 @@ extern krb5_principal master_princ; extern krb5_principal hist_princ; extern krb5_keyblock master_keyblock; -extern krb5_keylist_node *master_keylist; extern krb5_actkvno_node *active_mkey_list; extern krb5_db_entry master_db; @@ -364,8 +363,8 @@ kadm5_create_principal_3(void *server_handle, /* initialize the keys */ - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_kvno, &act_mkey); + ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, &act_kvno, + &act_mkey); if (ret) goto cleanup; @@ -869,8 +868,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, entry->kvno = kdb->key_data[i].key_data_kvno; if (mask & KADM5_MKVNO) { - ret = krb5_dbe_get_mkvno(handle->context, kdb, master_keylist, - &entry->mkvno); + ret = krb5_dbe_get_mkvno(handle->context, kdb, &entry->mkvno); if (ret) goto done; } @@ -1385,8 +1383,8 @@ kadm5_chpass_principal_3(void *server_handle, principal))) goto done; - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_kvno, &act_mkey); + ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, &act_kvno, + &act_mkey); if (ret) goto done; @@ -1579,8 +1577,8 @@ kadm5_randkey_principal_3(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); + ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL, + &act_mkey); if (ret) goto done; @@ -1727,8 +1725,8 @@ kadm5_setv4key_principal(void *server_handle, keysalt.data.length = 0; keysalt.data.data = NULL; - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); + ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL, + &act_mkey); if (ret) goto done; @@ -1931,8 +1929,8 @@ kadm5_setkey_principal_3(void *server_handle, } memset (&tmp_key_data, 0, sizeof(tmp_key_data)); - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); + ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL, + &act_mkey); if (ret) goto done; @@ -2178,17 +2176,13 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, /* find_mkey only uses this field */ dbent.tl_data = entry->tl_data; - if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &dbent, - &mkey_ptr))) { - krb5_keylist_node *tmp_mkey_list; + if ((ret = krb5_dbe_find_mkey(handle->context, &dbent, &mkey_ptr))) { /* try refreshing master key list */ /* XXX it would nice if we had the mkvno here for optimization */ if (krb5_db_fetch_mkey_list(handle->context, master_princ, - &master_keyblock, 0, &tmp_mkey_list) == 0) { - krb5_dbe_free_key_list(handle->context, master_keylist); - master_keylist = tmp_mkey_list; - if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, - &dbent, &mkey_ptr))) { + &master_keyblock) == 0) { + if ((ret = krb5_dbe_find_mkey(handle->context, &dbent, + &mkey_ptr))) { return ret; } } else { |