summaryrefslogtreecommitdiffstats
path: root/src/kadmin.old/server
diff options
context:
space:
mode:
Diffstat (limited to 'src/kadmin.old/server')
-rw-r--r--src/kadmin.old/server/ChangeLog14
-rw-r--r--src/kadmin.old/server/adm_adm_func.c52
-rw-r--r--src/kadmin.old/server/adm_extern.h12
-rw-r--r--src/kadmin.old/server/adm_fmt_inq.c32
-rw-r--r--src/kadmin.old/server/adm_process.c29
-rw-r--r--src/kadmin.old/server/adm_server.c15
6 files changed, 136 insertions, 18 deletions
diff --git a/src/kadmin.old/server/ChangeLog b/src/kadmin.old/server/ChangeLog
index 9ae28605d..cd9333c88 100644
--- a/src/kadmin.old/server/ChangeLog
+++ b/src/kadmin.old/server/ChangeLog
@@ -1,4 +1,18 @@
+Thu Aug 10 14:38:14 EDT 1995 Paul Park (pjpark@mit.edu)
+ * adm_funcs.c - Rework adm_modify_kdb() to use kdb5's change-password
+ interfaces. Gut callers of adm_modify_kdb() because most of
+ the work is done in kdb_cpw.c. Add adm_find_keytype and adm_
+ update_tl_attrs.
+ * adm_extern.h - Add prototypes for adm_find_keytype() and adm_update_
+ tl_attrs().
+ * adm_adm_func, adm_fmt_inq.c - Use adm_find_keytype() to locate the
+ key_data entry for a particular key/salt type instead of
+ assuming that it's always in the first slot. Actually handle
+ mod_name and mod_date now.
+ * adm_process, adm_server.c - Find the latest DES key for use instead
+ of assuming that it's in the first slot.
+
Thu Aug 3 11:46:10 EDT 1995 Paul Park (pjpark@mit.edu)
* adm_{adm_func,fmt_inq,funcs,process,server}.c - In order to get
things to compile, replace "salt_type" with "key_data[0].
diff --git a/src/kadmin.old/server/adm_adm_func.c b/src/kadmin.old/server/adm_adm_func.c
index 5f9c860b1..6fbd8e58b 100644
--- a/src/kadmin.old/server/adm_adm_func.c
+++ b/src/kadmin.old/server/adm_adm_func.c
@@ -56,6 +56,7 @@ adm_build_key (context, auth_context, new_passwd, oper_type, entry)
krb5_replay_data replaydata;
krb5_data outbuf;
int retval;
+ krb5_key_data *key_data;
#if defined(MACH_PASS) || defined(SANDIA)
char *tmp_phrase;
char *tmp_passwd;
@@ -107,7 +108,15 @@ adm_build_key (context, auth_context, new_passwd, oper_type, entry)
outbuf.length = 3;
if (oper_type == CHGOPER || oper_type == CH4OPER) {
- outbuf.data[3] = entry.key_data[0].key_data_type[1];
+ key_data = (krb5_key_data *) NULL;
+ if (adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ ((oper_type == CHGOPER) ?
+ KRB5_KDB_SALTTYPE_NORMAL : KRB5_KDB_SALTTYPE_V4),
+ &key_data)) {
+ com_err("adm_build_key", ENOENT, "finding key data");
+ }
+ outbuf.data[3] = key_data->key_data_type[1];
outbuf.length = 4;
}
@@ -222,8 +231,6 @@ adm_change_pwd(context, auth_context, prog, customer_name, salttype)
retval = krb5_unparse_name(context, newprinc, &composite_name);
- entry.key_data[0].key_data_type[1] = (krb5_int16) salttype;
-
if (retval = adm_enter_pwd_key(context, "adm_change_pwd",
composite_name,
newprinc,
@@ -580,10 +587,36 @@ adm_mod_old_key(context, auth_context, cmdname, customer_name)
entry.fail_auth_count = atoi(tempstr);
}
#endif
+
if (msg_data.data[3] == KMODVNO) {
+ krb5_key_data *kdata;
+
(void) memcpy(tempstr, (char *) msg_data.data + 4,
msg_data.length - 4);
- entry.key_data[0].key_data_kvno = atoi(tempstr);
+ /*
+ * We could loop through all the supported key/salt types, but
+ * we don't have that technology yet.
+ */
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NORMAL,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_V4,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NOREALM,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_ONLYREALM,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
}
if (msg_data.data[3] == KMODATTR) {
@@ -636,15 +669,16 @@ adm_mod_old_key(context, auth_context, cmdname, customer_name)
}
free(msg_data.data);
-#ifdef notdef
- entry.mod_name = client_server_info.client;
- if (retval = krb5_timeofday(context, &entry.mod_date)) {
- com_err("adm_mod_old_key", retval, "while fetching date");
+ if (adm_update_tl_attrs(context,
+ &entry,
+ client_server_info.client,
+ 0)) {
+ com_err("adm_mod_old_key", retval,
+ "while updating modification attributes");
krb5_free_principal(context, newprinc);
krb5_db_free_principal(context, &entry, nprincs);
return(5); /* Protocol Failure */
}
-#endif /* notdef */
retval = krb5_db_put_principal(context, &entry, &one);
if (retval) {
diff --git a/src/kadmin.old/server/adm_extern.h b/src/kadmin.old/server/adm_extern.h
index f6ec87084..8e621eaae 100644
--- a/src/kadmin.old/server/adm_extern.h
+++ b/src/kadmin.old/server/adm_extern.h
@@ -158,6 +158,18 @@ krb5_error_code adm_enter_rnd_pwd_key
int,
krb5_db_entry *));
+krb5_error_code adm_find_keytype
+ PROTOTYPE((krb5_db_entry *,
+ krb5_keytype,
+ krb5_int32,
+ krb5_key_data **));
+
+krb5_error_code adm_update_tl_attrs
+ PROTOTYPE((krb5_context,
+ krb5_db_entry *,
+ krb5_principal,
+ krb5_boolean));
+
krb5_error_code adm5_kadmin
PROTOTYPE((krb5_context,
krb5_auth_context,
diff --git a/src/kadmin.old/server/adm_fmt_inq.c b/src/kadmin.old/server/adm_fmt_inq.c
index 074a75e43..f111c2341 100644
--- a/src/kadmin.old/server/adm_fmt_inq.c
+++ b/src/kadmin.old/server/adm_fmt_inq.c
@@ -134,6 +134,10 @@ adm_print_exp_time(context, ret_data, time_input)
return(0);
}
+/*
+ * With the new database format, we assume that a database entry always has a
+ * key which is des:normal
+ */
krb5_error_code
adm_fmt_prt(context, entry, Principal_name, ret_data)
krb5_context context;
@@ -143,6 +147,8 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
{
struct tm *mod_time;
krb5_error_code retval;
+ krb5_key_data *pkey;
+ krb5_tl_mod_princ *mprinc_data;
#ifdef SANDIA
struct tm *exp_time;
int pwd_expire;
@@ -162,15 +168,30 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
sprintf(thisline, "Maximum Renewal Lifetime (MRL) = %d (seconds)\n",
entry->max_renewable_life);
strcat(my_data, thisline);
+ pkey = (krb5_key_data *) NULL;
+ if (retval = adm_find_keytype(entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NORMAL,
+ &pkey)) {
+ free(my_data);
+ return retval;
+ }
sprintf(thisline, "Principal Key Version (PKV) = %d\n",
- entry->key_data[0].key_data_kvno);
+ pkey->key_data_kvno);
strcat(my_data, thisline);
if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) {
free(my_data);
return retval;
}
-#ifdef notdef
- mod_time = localtime((time_t *) &entry->mod_date);
+
+ /*
+ * Find the modification tagged entry.
+ */
+ if (krb5_dbe_decode_mod_princ_data(context, entry, &mprinc_data)) {
+ free(my_data);
+ return retval;
+ }
+ mod_time = localtime((time_t *) &mprinc_data->mod_date);
sprintf(thisline,
"Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
(mod_time->tm_year >= 100) ? 20 : 19,
@@ -181,12 +202,13 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
mod_time->tm_min,
mod_time->tm_sec);
strcat(my_data, thisline);
-#endif /* notdef */
+ krb5_free_principal(context, mprinc_data->mod_princ);
+ krb5_xfree(mprinc_data);
if (retval = adm_print_attributes(my_data, entry->attributes)) {
free(my_data);
return retval;
}
- switch (entry->key_data[0].key_data_type[1] & 0xff) {
+ switch (pkey->key_data_type[1] & 0xff) {
case 0 : strcat(my_data,
"Principal Salt Type (PST) = Version 5 Normal\n");
break;
diff --git a/src/kadmin.old/server/adm_process.c b/src/kadmin.old/server/adm_process.c
index eb5af3e58..39fc77d71 100644
--- a/src/kadmin.old/server/adm_process.c
+++ b/src/kadmin.old/server/adm_process.c
@@ -49,6 +49,7 @@ cpw_keyproc(context, keyblock)
krb5_boolean more;
int nprincs = 1;
krb5_keysalt salt;
+ krb5_key_data *kdatap;
if (*keyblock == NULL) {
if (retval = krb5_parse_name(context,
@@ -78,10 +79,21 @@ cpw_keyproc(context, keyblock)
return(ENOMEM);
}
+ /* Find our key */
+ if (retval = adm_find_keytype(&cpw_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &cpw_entry, nprincs);
+ syslog(LOG_ERR, "cpw_keyproc: cannot find server DES key");
+ close(client_server_info.client_socket);
+ return(retval);
+ }
+
/* Extract the real kadmin/<realm> keyblock */
if (retval = krb5_dbekd_decrypt_key_data(context,
&master_encblock,
- &cpw_entry.key_data[0],
+ kdatap,
realkey,
&salt)) {
krb5_db_free_principal(context, &cpw_entry, nprincs);
@@ -132,6 +144,7 @@ process_client(context, prog)
krb5_keysalt salt;
krb5_timestamp adm_time;
+ krb5_key_data *kdatap;
outbuf.data = retbuf;
if (setsockopt(client_server_info.client_socket,
@@ -192,10 +205,22 @@ process_client(context, prog)
exit(0);
}
+ /* Find our key */
+ if (retval = adm_find_keytype(&server_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &server_entry, number_of_entries);
+ syslog(LOG_ERR,
+ "kadmind error: cannot find server DES key");
+ close(client_server_info.client_socket);
+ exit(0);
+ }
+
/* Extract the real kadmin/<realm> keyblock */
if (retval = krb5_dbekd_decrypt_key_data(context,
&master_encblock,
- &server_entry.key_data[0],
+ kdatap,
cpw_keyblock,
&salt)) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
diff --git a/src/kadmin.old/server/adm_server.c b/src/kadmin.old/server/adm_server.c
index a8cb92f4a..fcb95b08a 100644
--- a/src/kadmin.old/server/adm_server.c
+++ b/src/kadmin.old/server/adm_server.c
@@ -277,6 +277,7 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
int number_of_entries;
char tgs_name[255];
krb5_keysalt salt;
+ krb5_key_data *kdatap;
/* set db name if appropriate */
if (dbname && (retval = krb5_db_set_name(context, dbname)))
@@ -358,8 +359,18 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
convert server.key into a real key
(it may be encrypted in the database)
*/
+ if (retval = adm_find_keytype(&server_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &server_entry, number_of_entries);
+ (void) krb5_finish_key(context, &master_encblock);
+ memset((char *)&master_encblock, 0, sizeof(master_encblock));
+ (void) krb5_db_fini(context);
+ return(retval);
+ }
if (retval = krb5_dbekd_decrypt_key_data(context,&master_encblock,
- &server_entry.key_data[0],&tgs_key,
+ kdatap,&tgs_key,
&salt)) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
(void) krb5_finish_key(context, &master_encblock);
@@ -368,7 +379,7 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
return(retval);
}
- tgs_kvno = server_entry.key_data[0].key_data_kvno;
+ tgs_kvno = kdatap->key_data_kvno;
krb5_db_free_principal(context, &server_entry, number_of_entries);
return(0);
}
generated by cgit (git 2.34.1) at 2026-01-07 22:13:04 +0000