summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorTom Yu <tlyu@mit.edu>2003-03-06 02:39:51 +0000
committerTom Yu <tlyu@mit.edu>2003-03-06 02:39:51 +0000
commit416d9a774090ee78c30a844025887bd2b9e79d16 (patch)
tree125ef2ffc3d8cee7138aa853731aa3ba8bc0e065 /src/lib
parent74cb6881569b70f41fb9781ebc9a5b95bba59c7d (diff)
downloadkrb5-416d9a774090ee78c30a844025887bd2b9e79d16.tar.gz
krb5-416d9a774090ee78c30a844025887bd2b9e79d16.tar.xz
krb5-416d9a774090ee78c30a844025887bd2b9e79d16.zip
use kdb keytab for kadmind
kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/kdb/ChangeLog18
-rw-r--r--src/lib/kdb/Makefile.in4
-rw-r--r--src/lib/kdb/kdb_xdr.c4
-rw-r--r--src/lib/kdb/keytab.c31
4 files changed, 49 insertions, 8 deletions
diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index ce72e34e3..d685be6d9 100644
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,3 +1,21 @@
+2003-03-05 Tom Yu <tlyu@mit.edu>
+
+ * kdb_xdr.c (krb5_dbe_search_enctype): Check for ktype > 0 rather
+ than ktype >= 0; file keytab uses ktype 0 to indicate "first
+ match", as does acquire_cred. The kdc uses -1, though.
+
+ * Makefile.in (LIBMAJOR): Bump major version due to change in
+ krb5_ktkdb_resolve's signature.
+
+ * keytab.c (krb5_ktkdb_resolve): Add NAME parameter, which is
+ ignored, so that kdb keytab can be registered.
+ (krb5_ktkdb_set_context): New function; allows caller to set a
+ different context for use with ktkdb_get_entry(). This is
+ primarily useful for kadmind, where the gssapi library context,
+ which will be used for the keytab, will necessarily have a
+ different context than that used by the kadm5 library to access
+ the database for its own purposes.
+
2003-02-08 Tom Yu <tlyu@mit.edu>
* keytab.c (krb5_ktkdb_get_entry): Fix comment; not going to
diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in
index 0afd963ec..ea80b7652 100644
--- a/src/lib/kdb/Makefile.in
+++ b/src/lib/kdb/Makefile.in
@@ -8,8 +8,8 @@ PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
LIB=kdb5
-LIBMAJOR=3
-LIBMINOR=2
+LIBMAJOR=4
+LIBMINOR=0
RELDIR=kdb
# Depends on libk5crypto and libkrb5
SHLIB_DBLIB_DEPS = $(SHLIB_DBLIB-@DB_VERSION@)
diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_xdr.c
index 6068444c3..fb0a41ea4 100644
--- a/src/lib/kdb/kdb_xdr.c
+++ b/src/lib/kdb/kdb_xdr.c
@@ -764,14 +764,14 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
}
- if (ktype >= 0) {
+ if (ktype > 0) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
return(ret);
}
- if (((ktype < 0) || similar) &&
+ if (((ktype <= 0) || similar) &&
((db_stype == stype) || (stype < 0))) {
if (kvno >= 0) {
if (kvno == dbentp->key_data[i].key_data_kvno) {
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index d7ee59aad..6ec375ac2 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -36,7 +36,7 @@ krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_prin
krb5_kt_ops krb5_kt_kdb_ops = {
0,
"KDB", /* Prefix -- this string should not appear anywhere else! */
- NULL, /* resolve */
+ krb5_ktkdb_resolve, /* resolve */
NULL, /* get_name */
krb5_ktkdb_close, /* close */
krb5_ktkdb_get_entry, /* get */
@@ -53,8 +53,9 @@ typedef struct krb5_ktkdb_data {
} krb5_ktkdb_data;
krb5_error_code
-krb5_ktkdb_resolve(context, id)
+krb5_ktkdb_resolve(context, name, id)
krb5_context context;
+ const char * name;
krb5_keytab * id;
{
if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
@@ -83,15 +84,32 @@ krb5_ktkdb_close(context, kt)
return 0;
}
+static krb5_context ktkdb_ctx = NULL;
+
+/*
+ * Set a different context for use with ktkdb_get_entry(). This is
+ * primarily useful for kadmind, where the gssapi library context,
+ * which will be used for the keytab, will necessarily have a
+ * different context than that used by the kadm5 library to access the
+ * database for its own purposes.
+ */
+krb5_error_code
+krb5_ktkdb_set_context(krb5_context ctx)
+{
+ ktkdb_ctx = ctx;
+ return 0;
+}
+
krb5_error_code
-krb5_ktkdb_get_entry(context, id, principal, kvno, enctype, entry)
- krb5_context context;
+krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
+ krb5_context in_context;
krb5_keytab id;
krb5_const_principal principal;
krb5_kvno kvno;
krb5_enctype enctype;
krb5_keytab_entry * entry;
{
+ krb5_context context;
krb5_keyblock * master_key;
krb5_error_code kerror = 0;
krb5_key_data * key_data;
@@ -99,6 +117,11 @@ krb5_ktkdb_get_entry(context, id, principal, kvno, enctype, entry)
krb5_boolean more = 0;
int n = 0;
+ if (ktkdb_ctx)
+ context = ktkdb_ctx;
+ else
+ context = in_context;
+
/* Open database */
/* krb5_db_init(context); */
if ((kerror = krb5_db_open_database(context)))
generated by cgit (git 2.34.1) at 2026-01-08 04:19:59 +0000