diff options
Diffstat (limited to 'src/kadmin/dbutil')
-rw-r--r-- | src/kadmin/dbutil/dump.c | 133 | ||||
-rw-r--r-- | src/kadmin/dbutil/kdb5_create.c | 50 | ||||
-rw-r--r-- | src/kadmin/dbutil/kdb5_mkey.c | 155 | ||||
-rw-r--r-- | src/kadmin/dbutil/kdb5_util.c | 60 | ||||
-rw-r--r-- | src/kadmin/dbutil/ovload.c | 13 |
5 files changed, 158 insertions, 253 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index baebf4c6e..caff137a4 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -205,7 +205,7 @@ extern krb5_boolean dbactive; extern int exit_status; extern krb5_context util_context; extern kadm5_config_params global_params; -extern krb5_db_entry master_entry; +extern krb5_db_entry *master_entry; /* Strings */ @@ -1235,7 +1235,7 @@ dump_db(argc, argv) * get new master key vno that will be used to protect princs, used * later on. */ - new_mkvno = get_next_kvno(util_context, &master_entry); + new_mkvno = get_next_kvno(util_context, master_entry); } kret = 0; @@ -1517,7 +1517,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) { int nmatched; int retval; - krb5_db_entry dbent; + krb5_db_entry *dbent; int name_len, mod_name_len, key_len; int alt_key_len, salt_len, alt_salt_len; char *name; @@ -1534,16 +1534,19 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) try2read = (char *) NULL; (*linenop)++; retval = 1; - memset(&dbent, 0, sizeof(dbent)); + dbent = krb5_db_alloc(kcontext, NULL, sizeof(*dbent)); + if (dbent == NULL) + return(1); + memset(dbent, 0, sizeof(*dbent)); /* Make sure we've got key_data entries */ - if (krb5_dbe_create_key_data(kcontext, &dbent) || - krb5_dbe_create_key_data(kcontext, &dbent)) { - krb5_db_free_principal(kcontext, &dbent, 1); + if (krb5_dbe_create_key_data(kcontext, dbent) || + krb5_dbe_create_key_data(kcontext, dbent)) { + krb5_db_free_principal(kcontext, dbent); return(1); } - pkey = &dbent.key_data[0]; - akey = &dbent.key_data[1]; + pkey = &dbent->key_data[0]; + akey = &dbent->key_data[1]; /* * Match the sizes. 6 tokens to match. @@ -1618,17 +1621,17 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) /* Read principal attributes */ if (!error && (fscanf(filep, "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t", - &tmpint1, &dbent.max_life, - &dbent.max_renewable_life, - &tmpint2, &dbent.expiration, - &dbent.pw_expiration, &last_pwd_change, - &dbent.last_success, &dbent.last_failed, + &tmpint1, &dbent->max_life, + &dbent->max_renewable_life, + &tmpint2, &dbent->expiration, + &dbent->pw_expiration, &last_pwd_change, + &dbent->last_success, &dbent->last_failed, &tmpint3) != 10)) { try2read = read_pr_data1; error++; } pkey->key_data_kvno = tmpint1; - dbent.fail_auth_count = tmpint3; + dbent->fail_auth_count = tmpint3; /* Read modifier name */ if (!error && read_string(filep, mod_name, @@ -1639,7 +1642,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) } /* Read second set of attributes */ if (!error && (fscanf(filep, "\t%u\t%u\t%u\t", - &mod_date, &dbent.attributes, + &mod_date, &dbent->attributes, &tmpint1) != 3)) { try2read = read_pr_data2; error++; @@ -1718,22 +1721,20 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) if (!error) { if (!(kret = krb5_parse_name(kcontext, name, - &dbent.princ))) { + &dbent->princ))) { if (!(kret = krb5_parse_name(kcontext, mod_name, &mod_princ))) { if (!(kret = krb5_dbe_update_mod_princ_data(kcontext, - &dbent, + dbent, mod_date, mod_princ)) && !(kret = krb5_dbe_update_last_pwd_change(kcontext, - &dbent, + dbent, last_pwd_change))) { - int one = 1; - - dbent.len = KRB5_KDB_V1_BASE_LENGTH; + dbent->len = KRB5_KDB_V1_BASE_LENGTH; pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ? 2 : 1; akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ? @@ -1742,22 +1743,20 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) akey->key_data_type[0]) && (pkey->key_data_type[1] == akey->key_data_type[1])) - dbent.n_key_data--; + dbent->n_key_data--; else if ((akey->key_data_type[0] == 0) && (akey->key_data_length[0] == 0) && (akey->key_data_type[1] == 0) && (akey->key_data_length[1] == 0)) - dbent.n_key_data--; + dbent->n_key_data--; - dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + dbent->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA | KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; if ((kret = krb5_db_put_principal(kcontext, - &dbent, - &one)) || - (one != 1)) { + dbent))) { fprintf(stderr, store_err_fmt, fname, *linenop, name, error_message(kret)); @@ -1768,7 +1767,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) fprintf(stderr, add_princ_fmt, name); retval = 0; } - dbent.n_key_data = 2; + dbent->n_key_data = 2; } krb5_free_principal(kcontext, mod_princ); } @@ -1793,7 +1792,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) fprintf(stderr, no_mem_fmt, fname, *linenop); } - krb5_db_free_principal(kcontext, &dbent, 1); + krb5_db_free_principal(kcontext, dbent); if (mod_name) free(mod_name); if (name) @@ -1822,11 +1821,11 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) int *linenop; { int retval; - krb5_db_entry dbentry; + krb5_db_entry *dbentry; krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9; int nread; int error; - int i, j, one; + int i, j; char *name; krb5_key_data *kp, *kdatap; krb5_tl_data **tlp, *tl; @@ -1835,7 +1834,10 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) const char *try2read; try2read = (char *) NULL; - memset(&dbentry, 0, sizeof(dbentry)); + dbentry = krb5_db_alloc(kcontext, NULL, sizeof(*dbentry)); + if (dbentry == NULL) + return(1); + memset(dbentry, 0, sizeof(*dbentry)); (*linenop)++; retval = 1; name = (char *) NULL; @@ -1850,12 +1852,12 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) error++; /* Get memory for and form tagged data linked list */ - tlp = &dbentry.tl_data; + tlp = &dbentry->tl_data; for (i=0; i<t3; i++) { if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) { memset(*tlp, 0, sizeof(krb5_tl_data)); tlp = &((*tlp)->tl_data_next); - dbentry.n_tl_data++; + dbentry->n_tl_data++; } else { error++; @@ -1873,37 +1875,37 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) error++; if (!error) { - dbentry.len = t1; - dbentry.n_key_data = t4; - dbentry.e_length = t5; + dbentry->len = t1; + dbentry->n_key_data = t4; + dbentry->e_length = t5; if (kp) { memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data))); - dbentry.key_data = kp; + dbentry->key_data = kp; kp = (krb5_key_data *) NULL; } if (op) { memset(op, 0, (size_t) t5); - dbentry.e_data = op; + dbentry->e_data = op; op = (krb5_octet *) NULL; } /* Read in and parse the principal name */ if (!read_string(filep, name, t2, linenop) && - !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) { + !(kret = krb5_parse_name(kcontext, name, &dbentry->princ))) { /* Get the fixed principal attributes */ nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t", &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9); if (nread == 8) { - dbentry.attributes = (krb5_flags) t2; - dbentry.max_life = (krb5_deltat) t3; - dbentry.max_renewable_life = (krb5_deltat) t4; - dbentry.expiration = (krb5_timestamp) t5; - dbentry.pw_expiration = (krb5_timestamp) t6; - dbentry.last_success = (krb5_timestamp) t7; - dbentry.last_failed = (krb5_timestamp) t8; - dbentry.fail_auth_count = (krb5_kvno) t9; - dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + dbentry->attributes = (krb5_flags) t2; + dbentry->max_life = (krb5_deltat) t3; + dbentry->max_renewable_life = (krb5_deltat) t4; + dbentry->expiration = (krb5_timestamp) t5; + dbentry->pw_expiration = (krb5_timestamp) t6; + dbentry->last_success = (krb5_timestamp) t7; + dbentry->last_failed = (krb5_timestamp) t8; + dbentry->fail_auth_count = (krb5_kvno) t9; + dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; @@ -1922,8 +1924,8 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) * it at dump time has almost as good an effect, so * that's what I did. [krb5-admin/89] */ - if (!error && dbentry.n_tl_data) { - for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) { + if (!error && dbentry->n_tl_data) { + for (tl = dbentry->tl_data; tl; tl = tl->tl_data_next) { nread = fscanf(filep, "%d\t%d\t", &t1, &t2); if (nread == 2) { tl->tl_data_type = (krb5_int16) t1; @@ -1947,7 +1949,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) * Assuming aux_attributes will always be * there */ - dbentry.mask |= KADM5_AUX_ATTRIBUTES; + dbentry->mask |= KADM5_AUX_ATTRIBUTES; /* test for an actual policy reference */ memset(&osa_princ_ent, 0, sizeof(osa_princ_ent)); @@ -1957,7 +1959,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) (osa_princ_ent.aux_attributes & KADM5_POLICY) && osa_princ_ent.policy != NULL) { - dbentry.mask |= KADM5_POLICY; + dbentry->mask |= KADM5_POLICY; kdb_free_entry(NULL, NULL, &osa_princ_ent); } xdr_destroy(&xdrs); @@ -1980,13 +1982,13 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) } } if (!error) - dbentry.mask |= KADM5_TL_DATA; + dbentry->mask |= KADM5_TL_DATA; } /* Get the key data */ - if (!error && dbentry.n_key_data) { - for (i=0; !error && (i<dbentry.n_key_data); i++) { - kdatap = &dbentry.key_data[i]; + if (!error && dbentry->n_key_data) { + for (i=0; !error && (i<dbentry->n_key_data); i++) { + kdatap = &dbentry->key_data[i]; nread = fscanf(filep, "%d\t%d\t", &t1, &t2); if (nread == 2) { kdatap->key_data_ver = (krb5_int16) t1; @@ -2028,14 +2030,14 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) } } if (!error) - dbentry.mask |= KADM5_KEY_DATA; + dbentry->mask |= KADM5_KEY_DATA; } /* Get the extra data */ - if (!error && dbentry.e_length) { + if (!error && dbentry->e_length) { if (read_octet_string(filep, - dbentry.e_data, - (int) dbentry.e_length)) { + dbentry->e_data, + (int) dbentry->e_length)) { try2read = read_econtents; error++; } @@ -2056,10 +2058,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) * We have either read in all the data or choked. */ if (!error) { - one = 1; - if ((kret = krb5_db_put_principal(kcontext, - &dbentry, - &one))) { + if ((kret = krb5_db_put_principal(kcontext, dbentry))) { fprintf(stderr, store_err_fmt, fname, *linenop, name, error_message(kret)); @@ -2092,7 +2091,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) free(kp); if (name) free(name); - krb5_db_free_principal(kcontext, &dbentry, 1); + krb5_db_free_principal(kcontext, dbentry); } else { if (nread == EOF) diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index cf2f2a7f2..087c3dc71 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -421,47 +421,49 @@ add_principal(context, princ, op, pblock) struct realm_info *pblock; { krb5_error_code retval; - krb5_db_entry entry; + krb5_db_entry *entry; krb5_kvno mkey_kvno; krb5_timestamp now; struct iterate_args iargs; - int nentries = 1; krb5_actkvno_node actkvno; - memset(&entry, 0, sizeof(entry)); + entry = krb5_db_alloc(context, NULL, sizeof(*entry)); + if (entry == NULL) + return ENOMEM; + memset(entry, 0, sizeof(*entry)); - entry.len = KRB5_KDB_V1_BASE_LENGTH; - entry.attributes = pblock->flags; - entry.max_life = pblock->max_life; - entry.max_renewable_life = pblock->max_rlife; - entry.expiration = pblock->expiration; + entry->len = KRB5_KDB_V1_BASE_LENGTH; + entry->attributes = pblock->flags; + entry->max_life = pblock->max_life; + entry->max_renewable_life = pblock->max_rlife; + entry->expiration = pblock->expiration; - if ((retval = krb5_copy_principal(context, princ, &entry.princ))) + if ((retval = krb5_copy_principal(context, princ, &entry->princ))) goto error_out; if ((retval = krb5_timeofday(context, &now))) goto error_out; - if ((retval = krb5_dbe_update_mod_princ_data(context, &entry, + if ((retval = krb5_dbe_update_mod_princ_data(context, entry, now, &db_create_princ))) goto error_out; switch (op) { case MASTER_KEY: - if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) + if ((entry->key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) == NULL) goto error_out; - memset(entry.key_data, 0, sizeof(krb5_key_data)); - entry.n_key_data = 1; + memset(entry->key_data, 0, sizeof(krb5_key_data)); + entry->n_key_data = 1; if (global_params.mask & KADM5_CONFIG_KVNO) mkey_kvno = global_params.kvno; /* user specified */ else mkey_kvno = 1; /* Default */ - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key, &master_keyblock, NULL, - mkey_kvno, entry.key_data))) + mkey_kvno, entry->key_data))) return retval; /* * There should always be at least one "active" mkey so creating the @@ -471,18 +473,18 @@ add_principal(context, princ, op, pblock) actkvno.act_kvno = mkey_kvno; /* earliest possible time in case system clock is set back */ actkvno.act_time = 0; - if ((retval = krb5_dbe_update_actkvno(context, &entry, &actkvno))) + if ((retval = krb5_dbe_update_actkvno(context, entry, &actkvno))) return retval; /* so getprinc shows the right kvno */ - if ((retval = krb5_dbe_update_mkvno(context, &entry, mkey_kvno))) + if ((retval = krb5_dbe_update_mkvno(context, entry, mkey_kvno))) return retval; break; case TGT_KEY: iargs.ctx = context; iargs.rblock = pblock; - iargs.dbentp = &entry; + iargs.dbentp = entry; /* * Iterate through the key/salt list, ignoring salt types. */ @@ -499,13 +501,13 @@ add_principal(context, princ, op, pblock) break; } - entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | - KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA | - KADM5_PRINC_EXPIRE_TIME); + entry->mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA | + KADM5_PRINC_EXPIRE_TIME); - retval = krb5_db_put_principal(context, &entry, &nentries); + retval = krb5_db_put_principal(context, entry); -error_out:; - krb5_db_free_principal(context, &entry, 1); +error_out: + krb5_db_free_principal(context, entry); return retval; } diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 9c397b6ab..4bd72e50e 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -196,14 +196,13 @@ kdb5_add_mkey(int argc, char *argv[]) char *mkey_fullname; char *pw_str = 0; unsigned int pw_size = 0; - int do_stash = 0, nentries = 0; - krb5_boolean more = 0; + int do_stash = 0; krb5_data pwd; krb5_kvno new_mkey_kvno; krb5_keyblock new_mkeyblock; krb5_enctype new_master_enctype = ENCTYPE_UNKNOWN; char *new_mkey_password; - krb5_db_entry master_entry; + krb5_db_entry *master_entry; krb5_timestamp now; /* @@ -247,26 +246,14 @@ kdb5_add_mkey(int argc, char *argv[]) return; } - retval = krb5_db_get_principal(util_context, master_princ, &master_entry, - &nentries, &more); + retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry); if (retval != 0) { com_err(progname, retval, "while getting master key principal %s", mkey_fullname); exit_status++; goto cleanup_return; - } else if (nentries == 0) { - com_err(progname, KRB5_KDB_NOENTRY, - "principal %s not found in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; - } else if (nentries > 1) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "principal %s has multiple entries in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; } printf("Creating new master key for master key principal '%s'\n", @@ -310,7 +297,7 @@ kdb5_add_mkey(int argc, char *argv[]) goto cleanup_return; } - retval = add_new_mkey(util_context, &master_entry, &new_mkeyblock, 0); + retval = add_new_mkey(util_context, master_entry, &new_mkeyblock, 0); if (retval) { com_err(progname, retval, "adding new master key to master principal"); exit_status++; @@ -323,14 +310,14 @@ kdb5_add_mkey(int argc, char *argv[]) goto cleanup_return; } - if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, + if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; goto cleanup_return; } - if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { + if ((retval = krb5_db_put_principal(util_context, master_entry))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; @@ -375,9 +362,7 @@ kdb5_use_mkey(int argc, char *argv[]) krb5_timestamp now, start_time; krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL, *prev_actkvno, *cur_actkvno; - krb5_db_entry master_entry; - int nentries = 0; - krb5_boolean more = FALSE; + krb5_db_entry *master_entry; krb5_keylist_node *keylist_node; krb5_boolean inserted = FALSE; @@ -446,29 +431,17 @@ kdb5_use_mkey(int argc, char *argv[]) goto cleanup_return; } - retval = krb5_db_get_principal(util_context, master_princ, &master_entry, - &nentries, &more); + retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry); if (retval != 0) { com_err(progname, retval, "while getting master key principal %s", mkey_fullname); exit_status++; goto cleanup_return; - } else if (nentries == 0) { - com_err(progname, KRB5_KDB_NOENTRY, - "principal %s not found in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; - } else if (nentries > 1) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "principal %s has multiple entries in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active version of master key"); @@ -552,21 +525,21 @@ kdb5_use_mkey(int argc, char *argv[]) goto cleanup_return; } - if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, + if ((retval = krb5_dbe_update_actkvno(util_context, master_entry, actkvno_list))) { com_err(progname, retval, "while updating actkvno data for master principal entry"); exit_status++; goto cleanup_return; } - if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, + if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; goto cleanup_return; } - if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { + if ((retval = krb5_db_put_principal(util_context, master_entry))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; @@ -590,9 +563,7 @@ kdb5_list_mkeys(int argc, char *argv[]) krb5_kvno act_kvno; krb5_timestamp act_time; krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno; - krb5_db_entry master_entry; - int nentries = 0; - krb5_boolean more = FALSE; + krb5_db_entry *master_entry; krb5_keylist_node *cur_kb_node; krb5_keyblock *act_mkey; @@ -612,29 +583,17 @@ kdb5_list_mkeys(int argc, char *argv[]) return; } - retval = krb5_db_get_principal(util_context, master_princ, &master_entry, - &nentries, &more); + retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry); if (retval != 0) { com_err(progname, retval, "while getting master key principal %s", mkey_fullname); exit_status++; goto cleanup_return; - } else if (nentries == 0) { - com_err(progname, KRB5_KDB_NOENTRY, - "principal %s not found in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; - } else if (nentries > 1) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "principal %s has multiple entries in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; @@ -642,7 +601,7 @@ kdb5_list_mkeys(int argc, char *argv[]) } if (actkvno_list == NULL) { - act_kvno = master_entry.key_data[0].key_data_kvno; + act_kvno = master_entry->key_data[0].key_data_kvno; } else { retval = krb5_dbe_find_act_mkey(util_context, master_keylist, actkvno_list, &act_kvno, &act_mkey); @@ -834,7 +793,6 @@ update_princ_encryption_1(void *cb, krb5_db_entry *ent) krb5_error_code retval; int match; krb5_timestamp now; - int nentries = 1; int result; krb5_kvno old_mkvno; @@ -905,7 +863,7 @@ update_princ_encryption_1(void *cb, krb5_db_entry *ent) ent->mask |= KADM5_KEY_DATA; - if ((retval = krb5_db_put_principal(util_context, ent, &nentries))) { + if ((retval = krb5_db_put_principal(util_context, ent))) { com_err(progname, retval, "while updating principal '%s' key data in the database", pname); @@ -957,9 +915,7 @@ kdb5_update_princ_encryption(int argc, char *argv[]) int optchar; krb5_error_code retval; krb5_actkvno_node *actkvno_list = 0; - krb5_db_entry master_entry; - int nentries = 1; - krb5_boolean more = FALSE; + krb5_db_entry *master_entry; char *mkey_fullname = 0; #ifdef BSD_REGEXPS char *msg; @@ -1032,23 +988,16 @@ kdb5_update_princ_encryption(int argc, char *argv[]) goto cleanup; } - retval = krb5_db_get_principal(util_context, master_princ, &master_entry, - &nentries, &more); + retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry); if (retval != 0) { com_err(progname, retval, "while getting master key principal %s", mkey_fullname); exit_status++; goto cleanup; } - if (nentries != 1) { - com_err(progname, 0, - "cannot find master key principal %s in database!", - mkey_fullname); - exit_status++; - goto cleanup; - } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; @@ -1058,11 +1007,11 @@ kdb5_update_princ_encryption(int argc, char *argv[]) /* Master key is always stored encrypted in the latest version of itself. */ new_mkvno = krb5_db_get_key_data_kvno(util_context, - master_entry.n_key_data, - master_entry.key_data); + master_entry->n_key_data, + master_entry->key_data); retval = krb5_dbe_find_mkey(util_context, master_keylist, - &master_entry, &tmp_keyblock); + master_entry, &tmp_keyblock); if (retval) { com_err(progname, retval, "retrieving the most recent master key"); exit_status++; @@ -1154,9 +1103,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) krb5_error_code retval; char *mkey_fullname = NULL; krb5_timestamp now; - krb5_db_entry master_entry; - int nentries = 0; - krb5_boolean more = FALSE; + krb5_db_entry *master_entry; krb5_boolean force = FALSE, dry_run = FALSE, verbose = FALSE; struct purge_args args; char buf[5]; @@ -1205,26 +1152,14 @@ kdb5_purge_mkeys(int argc, char *argv[]) return; } - retval = krb5_db_get_principal(util_context, master_princ, &master_entry, - &nentries, &more); + retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry); if (retval != 0) { com_err(progname, retval, "while getting master key principal %s", mkey_fullname); exit_status++; goto cleanup_return; - } else if (nentries == 0) { - com_err(progname, KRB5_KDB_NOENTRY, - "principal %s not found in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; - } else if (nentries > 1) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "principal %s has multiple entries in Kerberos database", - mkey_fullname); - exit_status++; - goto cleanup_return; } if (!force) { @@ -1243,13 +1178,13 @@ kdb5_purge_mkeys(int argc, char *argv[]) } /* save the old keydata */ - old_key_data_count = master_entry.n_key_data; + old_key_data_count = master_entry->n_key_data; if (old_key_data_count == 1) { if (verbose) printf("There is only one master key which can not be purged.\n"); goto cleanup_return; } - old_key_data = master_entry.key_data; + old_key_data = master_entry->key_data; args.kvnos = (struct kvnos_in_use *) malloc(sizeof(struct kvnos_in_use) * old_key_data_count); if (args.kvnos == NULL) { @@ -1264,7 +1199,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) /* populate the kvnos array with all the current mkvnos */ for (i = 0; i < old_key_data_count; i++) - args.kvnos[i].kvno = master_entry.key_data[i].key_data_kvno; + args.kvnos[i].kvno = master_entry->key_data[i].key_data_kvno; if ((retval = krb5_db_iterate(util_context, NULL, @@ -1310,29 +1245,29 @@ kdb5_purge_mkeys(int argc, char *argv[]) goto cleanup_return; } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; goto cleanup_return; } - retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &mkey_aux_list); + retval = krb5_dbe_lookup_mkey_aux(util_context, master_entry, &mkey_aux_list); if (retval != 0) { com_err(progname, retval, "while looking up mkey aux data list"); exit_status++; goto cleanup_return; } - master_entry.key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse); - if (master_entry.key_data == NULL) { + master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse); + if (master_entry->key_data == NULL) { retval = ENOMEM; com_err(progname, ENOMEM, "while allocating key_data"); exit_status++; goto cleanup_return; } - memset(master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); - master_entry.n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */ + memset(master_entry->key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); + master_entry->n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */ /* * Assuming that the latest mkey will not be purged because it will always @@ -1342,7 +1277,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) for (j = 0; j < args.num_kvnos; j++) { if (args.kvnos[j].kvno == (krb5_kvno) old_key_data[i].key_data_kvno) { if (args.kvnos[j].use_count != 0) { - master_entry.key_data[k++] = old_key_data[i]; + master_entry->key_data[k++] = old_key_data[i]; break; } else { /* remove unused mkey */ @@ -1397,7 +1332,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) } assert(k == num_kvnos_inuse); - if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, + if ((retval = krb5_dbe_update_actkvno(util_context, master_entry, actkvno_list))) { com_err(progname, retval, "while updating actkvno data for master principal entry"); @@ -1405,7 +1340,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) goto cleanup_return; } - if ((retval = krb5_dbe_update_mkey_aux(util_context, &master_entry, + if ((retval = krb5_dbe_update_mkey_aux(util_context, master_entry, mkey_aux_list))) { com_err(progname, retval, "while updating mkey_aux data for master principal entry"); @@ -1419,7 +1354,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) goto cleanup_return; } - if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, + if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); @@ -1427,9 +1362,9 @@ kdb5_purge_mkeys(int argc, char *argv[]) goto cleanup_return; } - master_entry.mask |= KADM5_KEY_DATA; + master_entry->mask |= KADM5_KEY_DATA; - if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { + if ((retval = krb5_db_put_principal(util_context, master_entry))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 09b0d0704..6c8e364c6 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -110,7 +110,7 @@ krb5_keyblock master_keyblock; krb5_kvno master_kvno; /* fetched */ extern krb5_keylist_node *master_keylist; extern krb5_principal master_princ; -krb5_db_entry master_entry; +krb5_db_entry *master_entry = NULL; int valid_master_key = 0; char *progname; @@ -397,8 +397,6 @@ void set_dbname(argc, argv) static int open_db_and_mkey() { krb5_error_code retval; - int nentries; - krb5_boolean more; krb5_data scratch, pwd, seed; dbactive = FALSE; @@ -421,24 +419,12 @@ static int open_db_and_mkey() exit_status++; return(1); } - nentries = 1; - if ((retval = krb5_db_get_principal(util_context, master_princ, - &master_entry, &nentries, &more))) { + if ((retval = krb5_db_get_principal(util_context, master_princ, 0, + &master_entry))) { com_err(progname, retval, "while retrieving master entry"); exit_status++; (void) krb5_db_fini(util_context); return(1); - } else if (more) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "while retrieving master entry"); - exit_status++; - (void) krb5_db_fini(util_context); - return(1); - } else if (!nentries) { - com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry"); - exit_status++; - (void) krb5_db_fini(util_context); - return(1); } if (global_params.mask & KADM5_CONFIG_KVNO) @@ -549,9 +535,7 @@ add_random_key(argc, argv) { krb5_error_code ret; krb5_principal princ; - krb5_db_entry dbent; - int n; - krb5_boolean more; + krb5_db_entry *dbent; krb5_timestamp now; krb5_key_salt_tuple *keysalts = NULL; @@ -582,25 +566,12 @@ add_random_key(argc, argv) exit_status++; return; } - n = 1; - ret = krb5_db_get_principal(util_context, princ, &dbent, - &n, &more); + ret = krb5_db_get_principal(util_context, princ, 0, &dbent); if (ret) { com_err(me, ret, "while fetching principal %s", pr_str); exit_status++; return; } - if (n != 1) { - fprintf(stderr, "principal %s not found\n", pr_str); - exit_status++; - return; - } - if (more) { - fprintf(stderr, "principal %s not unique\n", pr_str); - krb5_db_free_principal(util_context, &dbent, 1); - exit_status++; - return; - } ret = krb5_string_to_keysalts(ks_str, ", \t", ":.-", 0, &keysalts, @@ -618,41 +589,40 @@ add_random_key(argc, argv) free_keysalts = 1; /* Find the mkey used to protect the existing keys */ - ret = krb5_dbe_find_mkey(util_context, master_keylist, &dbent, &tmp_mkey); + ret = krb5_dbe_find_mkey(util_context, master_keylist, dbent, &tmp_mkey); if (ret) { com_err(me, ret, "while finding mkey"); + krb5_db_free_principal(util_context, dbent); exit_status++; return; } - ret = krb5_dbe_ark(util_context, tmp_mkey, - keysalts, num_keysalts, - &dbent); + ret = krb5_dbe_ark(util_context, tmp_mkey, keysalts, num_keysalts, dbent); if (free_keysalts) free(keysalts); if (ret) { com_err(me, ret, "while randomizing principal %s", pr_str); - krb5_db_free_principal(util_context, &dbent, 1); + krb5_db_free_principal(util_context, dbent); exit_status++; return; } - dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; + dbent->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(util_context, &now); if (ret) { com_err(me, ret, "while getting time"); - krb5_db_free_principal(util_context, &dbent, 1); + krb5_db_free_principal(util_context, dbent); exit_status++; return; } - ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now); + ret = krb5_dbe_update_last_pwd_change(util_context, dbent, now); if (ret) { com_err(me, ret, "while setting changetime"); - krb5_db_free_principal(util_context, &dbent, 1); + krb5_db_free_principal(util_context, dbent); exit_status++; return; } - ret = krb5_db_put_principal(util_context, &dbent, &n); - krb5_db_free_principal(util_context, &dbent, 1); + ret = krb5_db_put_principal(util_context, dbent); + krb5_db_free_principal(util_context, dbent); if (ret) { com_err(me, ret, "while saving principal %s", pr_str); exit_status++; diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index e2afd5844..de677a25b 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -108,11 +108,10 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop) krb5_error_code ret; krb5_tl_data tl_data; krb5_principal princ; - krb5_db_entry kdb; + krb5_db_entry *kdb = NULL; char *current = 0; char *cp; - int x, one; - krb5_boolean more; + int x; char line[LINESIZE]; if (fgets(line, LINESIZE, filep) == (char *) NULL) { @@ -187,16 +186,15 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop) tl_data.tl_data_length = xdr_getpos(&xdrs); tl_data.tl_data_contents = (krb5_octet *) xdralloc_getdata(&xdrs); - one = 1; - ret = krb5_db_get_principal(kcontext, princ, &kdb, &one, &more); + ret = krb5_db_get_principal(kcontext, princ, 0, &kdb); if (ret) goto done; - ret = krb5_dbe_update_tl_data(kcontext, &kdb, &tl_data); + ret = krb5_dbe_update_tl_data(kcontext, kdb, &tl_data); if (ret) goto done; - ret = krb5_db_put_principal(kcontext, &kdb, &one); + ret = krb5_db_put_principal(kcontext, kdb); if (ret) goto done; @@ -208,5 +206,6 @@ done: free(current); krb5_free_principal(kcontext, princ); osa_free_princ_ent(rec); + krb5_db_free_principal(kcontext, kdb); return ret; } |