diff options
| -rw-r--r-- | src/kdc/do_as_req.c | 10 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 6 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 4 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 27 | ||||
| -rw-r--r-- | src/kdc/kdc_util.h | 13 | ||||
| -rw-r--r-- | src/kdc/kerberos_v4.c | 6 |
6 files changed, 50 insertions, 16 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index afc7d5210..4c2a09b95 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -1,7 +1,7 @@ /* * kdc/do_as_req.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -118,8 +118,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, limit_string(sname); c_nprincs = 1; - if ((errcode = krb5_db_get_principal(kdc_context, request->client, - &client, &c_nprincs, &more))) { + if ((errcode = get_principal(kdc_context, request->client, + &client, &c_nprincs, &more))) { status = "LOOKING_UP_CLIENT"; c_nprincs = 0; goto errout; @@ -139,8 +139,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } s_nprincs = 1; - if ((errcode = krb5_db_get_principal(kdc_context, request->server, &server, - &s_nprincs, &more))) { + if ((errcode = get_principal(kdc_context, request->server, &server, + &s_nprincs, &more))) { status = "LOOKING_UP_SERVER"; goto errout; } diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index ef1fab01f..0b263d0dc 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -150,8 +150,8 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, header? */ nprincs = 1; - if ((errcode = krb5_db_get_principal(kdc_context, request->server, &server, - &nprincs, &more))) { + if ((errcode = get_principal(kdc_context, request->server, &server, + &nprincs, &more))) { status = "LOOKING_UP_SERVER"; nprincs = 0; goto cleanup; @@ -796,7 +796,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server, tmp = *krb5_princ_realm(kdc_context, *pl2); krb5_princ_set_realm(kdc_context, *pl2, krb5_princ_realm(kdc_context, tgs_server)); - retval = krb5_db_get_principal(kdc_context, *pl2, server, nprincs, more); + retval = get_principal(kdc_context, *pl2, server, nprincs, more); krb5_princ_set_realm(kdc_context, *pl2, &tmp); if (retval) { *nprincs = 0; diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 13a450e43..67764b22e 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1,7 +1,7 @@ /* * kdc/kdc_preauth.c * - * Copyright 1995, 2003 by the Massachusetts Institute of Technology. + * Copyright 1995, 2003, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -1892,7 +1892,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, krb5_princ_component(kdc_context,newp,probeslot)->length = strlen(sam_ptr->name); npr = 1; - retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more); + retval = get_principal(kdc_context, newp, &assoc, &npr, &more); if(!retval && npr) { sc.sam_type = sam_ptr->sam_type; break; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 82154d6cd..869eb1896 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -384,9 +384,9 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) nprincs = 1; - if ((retval = krb5_db_get_principal(kdc_context, ticket->server, - &server, &nprincs, - &more))) { + if ((retval = get_principal(kdc_context, ticket->server, + &server, &nprincs, + &more))) { return(retval); } if (more) { @@ -1578,3 +1578,24 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) strcat(s, "}"); return; } + +krb5_error_code +get_principal_locked (krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, int *nentries, + krb5_boolean *more) +{ + return krb5_db_get_principal (kcontext, search_for, entries, nentries, + more); +} + +krb5_error_code +get_principal (krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, int *nentries, krb5_boolean *more) +{ + /* Eventually this will be used to manage locking while looking up + principals in the database. */ + return get_principal_locked (kcontext, search_for, entries, nentries, + more); +} diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 61dc5672b..e3982254c 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -1,7 +1,7 @@ /* * kdc/kdc_util.h * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2007 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -168,6 +168,17 @@ krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); void kdc_insert_lookaside (krb5_data *, krb5_data *); void kdc_free_lookaside(krb5_context); +/* kdc_util.c */ +krb5_error_code +get_principal_locked (krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, int *nentries, + krb5_boolean *more); +krb5_error_code +get_principal (krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, int *nentries, krb5_boolean *more); + #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) #define clear(flagfield, flag) (flagfield &= ~(flag)) diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 2d4f815b7..189cf7396 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -441,8 +441,10 @@ kerb_get_principal(char *name, char *inst, /* could have wild cards */ local_realm, &search))) return(0); - if ((retval = krb5_db_get_principal(kdc_context, search, &entries, - &nprinc, &more5))) { + /* The krb4 support in the KDC is not thread-safe yet, so maintain + the global lock until that gets fixed. */ + if ((retval = get_principal_locked(kdc_context, search, &entries, + &nprinc, &more5))) { krb5_free_principal(kdc_context, search); return(0); } |