diff options
author | Paul Park <pjpark@mit.edu> | 1995-08-08 22:02:01 +0000 |
---|---|---|
committer | Paul Park <pjpark@mit.edu> | 1995-08-08 22:02:01 +0000 |
commit | f099e506f2a35b556166e2282be98401e3e402a5 (patch) | |
tree | 4ad464c9a1eecbf7e74a9e297eaf5c82e47494e3 /src | |
parent | 92b1fae527c4a04fdbb094497cea26937715e786 (diff) | |
download | krb5-f099e506f2a35b556166e2282be98401e3e402a5.tar.gz krb5-f099e506f2a35b556166e2282be98401e3e402a5.tar.xz krb5-f099e506f2a35b556166e2282be98401e3e402a5.zip |
Fix key merging logic and allow multiple key/salt strings to be parsed
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6465 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/kadmin/v5server/admin.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/src/kadmin/v5server/admin.c b/src/kadmin/v5server/admin.c index b46d80651..5d8dee3f4 100644 --- a/src/kadmin/v5server/admin.c +++ b/src/kadmin/v5server/admin.c @@ -151,10 +151,11 @@ admin_merge_keys(kcontext, dbentp, unique, krb5_key_data *kp1, *kp2; keylist = (krb5_key_data *) NULL; + kret = 0; + numout = 0; if ((keylist = (krb5_key_data *) malloc(sizeof(krb5_key_data) * (nkeys1+nkeys2)))) { memset(keylist, 0, sizeof(krb5_key_data) * (nkeys1+nkeys2)); - numout = 0; if (!unique) { /* The easy case */ /* @@ -281,7 +282,12 @@ admin_merge_keys(kcontext, dbentp, unique, *nkeysout = numout; } else { - free(keylist); + if (keylist) { + if (numout) + key_free_key_data(keylist, numout); + else + free(keylist); + } } return(kret); } @@ -744,6 +750,8 @@ admin_add_modify(kcontext, debug_level, ticket, nargs, arglist, ((should_exist) ? &new_dbentry : &cur_dbentry), 1); + if (should_exist) + principal = (krb5_principal) NULL; } else { /* Database entry failed or yielded unexpected results */ @@ -772,8 +780,9 @@ admin_add_modify(kcontext, debug_level, ticket, nargs, arglist, } } - /* Clean up from krb5_parse_name */ - krb5_free_principal(kcontext, principal); + /* Clean up from krb5_parse_name (If left over) */ + if (principal) + krb5_free_principal(kcontext, principal); } else { /* Principal name parse failed */ @@ -1053,12 +1062,13 @@ admin_keysalt_parse(kcontext, debug_level, nents, entries, dups, int i,j; char *kvnop; int ncolon; - krb5_int32 nparsed; + krb5_int32 nparsed, onparsed; DPRINT(DEBUG_CALLS, debug_level, ("* admin_keysalt_parse()\n")); retval = 0; ndone = 0; keysalts = (krb5_key_salt_tuple *) NULL; + nparsed = 0; if (kvnolist = (krb5_int32 *) malloc(nents * sizeof(krb5_int32))) { for (i=0; i<nents; i++) kvnolist[i] = -1; @@ -1093,13 +1103,14 @@ admin_keysalt_parse(kcontext, debug_level, nents, entries, dups, * Parse the string. Don't allow more than one pair per entry, * but allow duplicate entries if we're told so. */ + onparsed = nparsed; if (!krb5_string_to_keysalts(entries[i].data, "", ":", dups, &keysalts, &nparsed)) { - if (nparsed == 1) { + if (nparsed == (onparsed+1)) { if (kvnop) { if (sscanf(kvnop,"%d", &kvnolist[ndone]) != 1) { retval = KRB5_ADM_BAD_OPTION; @@ -1156,6 +1167,7 @@ admin_keysalt_verify(kcontext, debug_level, dbentp, should_be_there, DPRINT(DEBUG_CALLS, debug_level, ("* admin_keysalt_verify()\n")); for (i=0; i<nksents; i++) { + kdata = (krb5_key_data *) NULL; (void) key_name_to_data(dbentp, &kslist[i], kvnolist[i], &kdata); if (should_be_there && !kdata) { retval = KRB5_ADM_KEY_DOES_NOT_EXIST; @@ -1191,8 +1203,11 @@ admin_keysalt_operate(kcontext, debug_level, dbentp, password, keyectomy, krb5_key_data *kdata, *ekdata; krb5_int32 num_keys, num_ekeys; krb5_int16 count; + krb5_db_entry tmpent; DPRINT(DEBUG_CALLS, debug_level, ("* admin_keysalt_operate()\n")); + memset(&tmpent, 0, sizeof(krb5_db_entry)); + tmpent.princ = dbentp->princ; /* Needed for salts in string2key */ if (keyectomy) { count = dbentp->n_key_data; for (i=0; i<nksents; i++) { @@ -1241,14 +1256,14 @@ admin_keysalt_operate(kcontext, debug_level, dbentp, password, keyectomy, /* Convert the string to key for the new key types */ kdata = ekdata = (krb5_key_data *) NULL; if (!key_string_to_keys(kcontext, - dbentp, + &tmpent, password, nksents, kslist, &num_keys, &kdata) && !key_encrypt_keys(kcontext, - dbentp, + &tmpent, &num_keys, kdata, &ekdata)) { @@ -1271,6 +1286,8 @@ admin_keysalt_operate(kcontext, debug_level, dbentp, password, keyectomy, key_free_key_data(kdata, num_keys); if (ekdata && num_keys) key_free_key_data(ekdata, num_keys); + if (tmpent.key_data && tmpent.n_key_data) + key_free_key_data(tmpent.key_data, tmpent.n_key_data); } DPRINT(DEBUG_CALLS, debug_level, ("X admin_keysalt_operate() = %d\n", retval)); @@ -1373,7 +1390,7 @@ admin_key_op(kcontext, debug_level, ticket, nargs, arglist, is_delete) !(retval = admin_keysalt_operate(kcontext, debug_level, &entry, - arglist[1], + &arglist[1], is_delete, nkeysalts, keysalt_list, |