summaryrefslogtreecommitdiffstats
path: root/src/kadmin/dbutil
diff options
context:
space:
mode:
Diffstat (limited to 'src/kadmin/dbutil')
-rw-r--r--src/kadmin/dbutil/dump.c133
-rw-r--r--src/kadmin/dbutil/kdb5_create.c50
-rw-r--r--src/kadmin/dbutil/kdb5_mkey.c155
-rw-r--r--src/kadmin/dbutil/kdb5_util.c60
-rw-r--r--src/kadmin/dbutil/ovload.c13
5 files changed, 158 insertions, 253 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index baebf4c6e..caff137a4 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -205,7 +205,7 @@ extern krb5_boolean dbactive;
extern int exit_status;
extern krb5_context util_context;
extern kadm5_config_params global_params;
-extern krb5_db_entry master_entry;
+extern krb5_db_entry *master_entry;
/* Strings */
@@ -1235,7 +1235,7 @@ dump_db(argc, argv)
* get new master key vno that will be used to protect princs, used
* later on.
*/
- new_mkvno = get_next_kvno(util_context, &master_entry);
+ new_mkvno = get_next_kvno(util_context, master_entry);
}
kret = 0;
@@ -1517,7 +1517,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
{
int nmatched;
int retval;
- krb5_db_entry dbent;
+ krb5_db_entry *dbent;
int name_len, mod_name_len, key_len;
int alt_key_len, salt_len, alt_salt_len;
char *name;
@@ -1534,16 +1534,19 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
try2read = (char *) NULL;
(*linenop)++;
retval = 1;
- memset(&dbent, 0, sizeof(dbent));
+ dbent = krb5_db_alloc(kcontext, NULL, sizeof(*dbent));
+ if (dbent == NULL)
+ return(1);
+ memset(dbent, 0, sizeof(*dbent));
/* Make sure we've got key_data entries */
- if (krb5_dbe_create_key_data(kcontext, &dbent) ||
- krb5_dbe_create_key_data(kcontext, &dbent)) {
- krb5_db_free_principal(kcontext, &dbent, 1);
+ if (krb5_dbe_create_key_data(kcontext, dbent) ||
+ krb5_dbe_create_key_data(kcontext, dbent)) {
+ krb5_db_free_principal(kcontext, dbent);
return(1);
}
- pkey = &dbent.key_data[0];
- akey = &dbent.key_data[1];
+ pkey = &dbent->key_data[0];
+ akey = &dbent->key_data[1];
/*
* Match the sizes. 6 tokens to match.
@@ -1618,17 +1621,17 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
/* Read principal attributes */
if (!error && (fscanf(filep,
"\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t",
- &tmpint1, &dbent.max_life,
- &dbent.max_renewable_life,
- &tmpint2, &dbent.expiration,
- &dbent.pw_expiration, &last_pwd_change,
- &dbent.last_success, &dbent.last_failed,
+ &tmpint1, &dbent->max_life,
+ &dbent->max_renewable_life,
+ &tmpint2, &dbent->expiration,
+ &dbent->pw_expiration, &last_pwd_change,
+ &dbent->last_success, &dbent->last_failed,
&tmpint3) != 10)) {
try2read = read_pr_data1;
error++;
}
pkey->key_data_kvno = tmpint1;
- dbent.fail_auth_count = tmpint3;
+ dbent->fail_auth_count = tmpint3;
/* Read modifier name */
if (!error && read_string(filep,
mod_name,
@@ -1639,7 +1642,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
}
/* Read second set of attributes */
if (!error && (fscanf(filep, "\t%u\t%u\t%u\t",
- &mod_date, &dbent.attributes,
+ &mod_date, &dbent->attributes,
&tmpint1) != 3)) {
try2read = read_pr_data2;
error++;
@@ -1718,22 +1721,20 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
if (!error) {
if (!(kret = krb5_parse_name(kcontext,
name,
- &dbent.princ))) {
+ &dbent->princ))) {
if (!(kret = krb5_parse_name(kcontext,
mod_name,
&mod_princ))) {
if (!(kret =
krb5_dbe_update_mod_princ_data(kcontext,
- &dbent,
+ dbent,
mod_date,
mod_princ)) &&
!(kret =
krb5_dbe_update_last_pwd_change(kcontext,
- &dbent,
+ dbent,
last_pwd_change))) {
- int one = 1;
-
- dbent.len = KRB5_KDB_V1_BASE_LENGTH;
+ dbent->len = KRB5_KDB_V1_BASE_LENGTH;
pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ?
2 : 1;
akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ?
@@ -1742,22 +1743,20 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
akey->key_data_type[0]) &&
(pkey->key_data_type[1] ==
akey->key_data_type[1]))
- dbent.n_key_data--;
+ dbent->n_key_data--;
else if ((akey->key_data_type[0] == 0)
&& (akey->key_data_length[0] == 0)
&& (akey->key_data_type[1] == 0)
&& (akey->key_data_length[1] == 0))
- dbent.n_key_data--;
+ dbent->n_key_data--;
- dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+ dbent->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA |
KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
if ((kret = krb5_db_put_principal(kcontext,
- &dbent,
- &one)) ||
- (one != 1)) {
+ dbent))) {
fprintf(stderr, store_err_fmt,
fname, *linenop, name,
error_message(kret));
@@ -1768,7 +1767,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
fprintf(stderr, add_princ_fmt, name);
retval = 0;
}
- dbent.n_key_data = 2;
+ dbent->n_key_data = 2;
}
krb5_free_principal(kcontext, mod_princ);
}
@@ -1793,7 +1792,7 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
fprintf(stderr, no_mem_fmt, fname, *linenop);
}
- krb5_db_free_principal(kcontext, &dbent, 1);
+ krb5_db_free_principal(kcontext, dbent);
if (mod_name)
free(mod_name);
if (name)
@@ -1822,11 +1821,11 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
int *linenop;
{
int retval;
- krb5_db_entry dbentry;
+ krb5_db_entry *dbentry;
krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9;
int nread;
int error;
- int i, j, one;
+ int i, j;
char *name;
krb5_key_data *kp, *kdatap;
krb5_tl_data **tlp, *tl;
@@ -1835,7 +1834,10 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
const char *try2read;
try2read = (char *) NULL;
- memset(&dbentry, 0, sizeof(dbentry));
+ dbentry = krb5_db_alloc(kcontext, NULL, sizeof(*dbentry));
+ if (dbentry == NULL)
+ return(1);
+ memset(dbentry, 0, sizeof(*dbentry));
(*linenop)++;
retval = 1;
name = (char *) NULL;
@@ -1850,12 +1852,12 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
error++;
/* Get memory for and form tagged data linked list */
- tlp = &dbentry.tl_data;
+ tlp = &dbentry->tl_data;
for (i=0; i<t3; i++) {
if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
memset(*tlp, 0, sizeof(krb5_tl_data));
tlp = &((*tlp)->tl_data_next);
- dbentry.n_tl_data++;
+ dbentry->n_tl_data++;
}
else {
error++;
@@ -1873,37 +1875,37 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
error++;
if (!error) {
- dbentry.len = t1;
- dbentry.n_key_data = t4;
- dbentry.e_length = t5;
+ dbentry->len = t1;
+ dbentry->n_key_data = t4;
+ dbentry->e_length = t5;
if (kp) {
memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data)));
- dbentry.key_data = kp;
+ dbentry->key_data = kp;
kp = (krb5_key_data *) NULL;
}
if (op) {
memset(op, 0, (size_t) t5);
- dbentry.e_data = op;
+ dbentry->e_data = op;
op = (krb5_octet *) NULL;
}
/* Read in and parse the principal name */
if (!read_string(filep, name, t2, linenop) &&
- !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) {
+ !(kret = krb5_parse_name(kcontext, name, &dbentry->princ))) {
/* Get the fixed principal attributes */
nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
&t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9);
if (nread == 8) {
- dbentry.attributes = (krb5_flags) t2;
- dbentry.max_life = (krb5_deltat) t3;
- dbentry.max_renewable_life = (krb5_deltat) t4;
- dbentry.expiration = (krb5_timestamp) t5;
- dbentry.pw_expiration = (krb5_timestamp) t6;
- dbentry.last_success = (krb5_timestamp) t7;
- dbentry.last_failed = (krb5_timestamp) t8;
- dbentry.fail_auth_count = (krb5_kvno) t9;
- dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+ dbentry->attributes = (krb5_flags) t2;
+ dbentry->max_life = (krb5_deltat) t3;
+ dbentry->max_renewable_life = (krb5_deltat) t4;
+ dbentry->expiration = (krb5_timestamp) t5;
+ dbentry->pw_expiration = (krb5_timestamp) t6;
+ dbentry->last_success = (krb5_timestamp) t7;
+ dbentry->last_failed = (krb5_timestamp) t8;
+ dbentry->fail_auth_count = (krb5_kvno) t9;
+ dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
@@ -1922,8 +1924,8 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
* it at dump time has almost as good an effect, so
* that's what I did. [krb5-admin/89]
*/
- if (!error && dbentry.n_tl_data) {
- for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) {
+ if (!error && dbentry->n_tl_data) {
+ for (tl = dbentry->tl_data; tl; tl = tl->tl_data_next) {
nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
if (nread == 2) {
tl->tl_data_type = (krb5_int16) t1;
@@ -1947,7 +1949,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
* Assuming aux_attributes will always be
* there
*/
- dbentry.mask |= KADM5_AUX_ATTRIBUTES;
+ dbentry->mask |= KADM5_AUX_ATTRIBUTES;
/* test for an actual policy reference */
memset(&osa_princ_ent, 0, sizeof(osa_princ_ent));
@@ -1957,7 +1959,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
(osa_princ_ent.aux_attributes & KADM5_POLICY) &&
osa_princ_ent.policy != NULL) {
- dbentry.mask |= KADM5_POLICY;
+ dbentry->mask |= KADM5_POLICY;
kdb_free_entry(NULL, NULL, &osa_princ_ent);
}
xdr_destroy(&xdrs);
@@ -1980,13 +1982,13 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
}
}
if (!error)
- dbentry.mask |= KADM5_TL_DATA;
+ dbentry->mask |= KADM5_TL_DATA;
}
/* Get the key data */
- if (!error && dbentry.n_key_data) {
- for (i=0; !error && (i<dbentry.n_key_data); i++) {
- kdatap = &dbentry.key_data[i];
+ if (!error && dbentry->n_key_data) {
+ for (i=0; !error && (i<dbentry->n_key_data); i++) {
+ kdatap = &dbentry->key_data[i];
nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
if (nread == 2) {
kdatap->key_data_ver = (krb5_int16) t1;
@@ -2028,14 +2030,14 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
}
}
if (!error)
- dbentry.mask |= KADM5_KEY_DATA;
+ dbentry->mask |= KADM5_KEY_DATA;
}
/* Get the extra data */
- if (!error && dbentry.e_length) {
+ if (!error && dbentry->e_length) {
if (read_octet_string(filep,
- dbentry.e_data,
- (int) dbentry.e_length)) {
+ dbentry->e_data,
+ (int) dbentry->e_length)) {
try2read = read_econtents;
error++;
}
@@ -2056,10 +2058,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
* We have either read in all the data or choked.
*/
if (!error) {
- one = 1;
- if ((kret = krb5_db_put_principal(kcontext,
- &dbentry,
- &one))) {
+ if ((kret = krb5_db_put_principal(kcontext, dbentry))) {
fprintf(stderr, store_err_fmt,
fname, *linenop,
name, error_message(kret));
@@ -2092,7 +2091,7 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
free(kp);
if (name)
free(name);
- krb5_db_free_principal(kcontext, &dbentry, 1);
+ krb5_db_free_principal(kcontext, dbentry);
}
else {
if (nread == EOF)
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index cf2f2a7f2..087c3dc71 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -421,47 +421,49 @@ add_principal(context, princ, op, pblock)
struct realm_info *pblock;
{
krb5_error_code retval;
- krb5_db_entry entry;
+ krb5_db_entry *entry;
krb5_kvno mkey_kvno;
krb5_timestamp now;
struct iterate_args iargs;
- int nentries = 1;
krb5_actkvno_node actkvno;
- memset(&entry, 0, sizeof(entry));
+ entry = krb5_db_alloc(context, NULL, sizeof(*entry));
+ if (entry == NULL)
+ return ENOMEM;
+ memset(entry, 0, sizeof(*entry));
- entry.len = KRB5_KDB_V1_BASE_LENGTH;
- entry.attributes = pblock->flags;
- entry.max_life = pblock->max_life;
- entry.max_renewable_life = pblock->max_rlife;
- entry.expiration = pblock->expiration;
+ entry->len = KRB5_KDB_V1_BASE_LENGTH;
+ entry->attributes = pblock->flags;
+ entry->max_life = pblock->max_life;
+ entry->max_renewable_life = pblock->max_rlife;
+ entry->expiration = pblock->expiration;
- if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
+ if ((retval = krb5_copy_principal(context, princ, &entry->princ)))
goto error_out;
if ((retval = krb5_timeofday(context, &now)))
goto error_out;
- if ((retval = krb5_dbe_update_mod_princ_data(context, &entry,
+ if ((retval = krb5_dbe_update_mod_princ_data(context, entry,
now, &db_create_princ)))
goto error_out;
switch (op) {
case MASTER_KEY:
- if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
+ if ((entry->key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
== NULL)
goto error_out;
- memset(entry.key_data, 0, sizeof(krb5_key_data));
- entry.n_key_data = 1;
+ memset(entry->key_data, 0, sizeof(krb5_key_data));
+ entry->n_key_data = 1;
if (global_params.mask & KADM5_CONFIG_KVNO)
mkey_kvno = global_params.kvno; /* user specified */
else
mkey_kvno = 1; /* Default */
- entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key,
&master_keyblock, NULL,
- mkey_kvno, entry.key_data)))
+ mkey_kvno, entry->key_data)))
return retval;
/*
* There should always be at least one "active" mkey so creating the
@@ -471,18 +473,18 @@ add_principal(context, princ, op, pblock)
actkvno.act_kvno = mkey_kvno;
/* earliest possible time in case system clock is set back */
actkvno.act_time = 0;
- if ((retval = krb5_dbe_update_actkvno(context, &entry, &actkvno)))
+ if ((retval = krb5_dbe_update_actkvno(context, entry, &actkvno)))
return retval;
/* so getprinc shows the right kvno */
- if ((retval = krb5_dbe_update_mkvno(context, &entry, mkey_kvno)))
+ if ((retval = krb5_dbe_update_mkvno(context, entry, mkey_kvno)))
return retval;
break;
case TGT_KEY:
iargs.ctx = context;
iargs.rblock = pblock;
- iargs.dbentp = &entry;
+ iargs.dbentp = entry;
/*
* Iterate through the key/salt list, ignoring salt types.
*/
@@ -499,13 +501,13 @@ add_principal(context, princ, op, pblock)
break;
}
- entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
- KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
- KADM5_PRINC_EXPIRE_TIME);
+ entry->mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+ KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
+ KADM5_PRINC_EXPIRE_TIME);
- retval = krb5_db_put_principal(context, &entry, &nentries);
+ retval = krb5_db_put_principal(context, entry);
-error_out:;
- krb5_db_free_principal(context, &entry, 1);
+error_out:
+ krb5_db_free_principal(context, entry);
return retval;
}
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 9c397b6ab..4bd72e50e 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -196,14 +196,13 @@ kdb5_add_mkey(int argc, char *argv[])
char *mkey_fullname;
char *pw_str = 0;
unsigned int pw_size = 0;
- int do_stash = 0, nentries = 0;
- krb5_boolean more = 0;
+ int do_stash = 0;
krb5_data pwd;
krb5_kvno new_mkey_kvno;
krb5_keyblock new_mkeyblock;
krb5_enctype new_master_enctype = ENCTYPE_UNKNOWN;
char *new_mkey_password;
- krb5_db_entry master_entry;
+ krb5_db_entry *master_entry;
krb5_timestamp now;
/*
@@ -247,26 +246,14 @@ kdb5_add_mkey(int argc, char *argv[])
return;
}
- retval = krb5_db_get_principal(util_context, master_princ, &master_entry,
- &nentries, &more);
+ retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry);
if (retval != 0) {
com_err(progname, retval,
"while getting master key principal %s",
mkey_fullname);
exit_status++;
goto cleanup_return;
- } else if (nentries == 0) {
- com_err(progname, KRB5_KDB_NOENTRY,
- "principal %s not found in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
- } else if (nentries > 1) {
- com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
- "principal %s has multiple entries in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
}
printf("Creating new master key for master key principal '%s'\n",
@@ -310,7 +297,7 @@ kdb5_add_mkey(int argc, char *argv[])
goto cleanup_return;
}
- retval = add_new_mkey(util_context, &master_entry, &new_mkeyblock, 0);
+ retval = add_new_mkey(util_context, master_entry, &new_mkeyblock, 0);
if (retval) {
com_err(progname, retval, "adding new master key to master principal");
exit_status++;
@@ -323,14 +310,14 @@ kdb5_add_mkey(int argc, char *argv[])
goto cleanup_return;
}
- if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
now, master_princ))) {
com_err(progname, retval, "while updating the master key principal modification time");
exit_status++;
goto cleanup_return;
}
- if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) {
+ if ((retval = krb5_db_put_principal(util_context, master_entry))) {
(void) krb5_db_fini(util_context);
com_err(progname, retval, "while adding master key entry to the database");
exit_status++;
@@ -375,9 +362,7 @@ kdb5_use_mkey(int argc, char *argv[])
krb5_timestamp now, start_time;
krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL,
*prev_actkvno, *cur_actkvno;
- krb5_db_entry master_entry;
- int nentries = 0;
- krb5_boolean more = FALSE;
+ krb5_db_entry *master_entry;
krb5_keylist_node *keylist_node;
krb5_boolean inserted = FALSE;
@@ -446,29 +431,17 @@ kdb5_use_mkey(int argc, char *argv[])
goto cleanup_return;
}
- retval = krb5_db_get_principal(util_context, master_princ, &master_entry,
- &nentries, &more);
+ retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry);
if (retval != 0) {
com_err(progname, retval,
"while getting master key principal %s",
mkey_fullname);
exit_status++;
goto cleanup_return;
- } else if (nentries == 0) {
- com_err(progname, KRB5_KDB_NOENTRY,
- "principal %s not found in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
- } else if (nentries > 1) {
- com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
- "principal %s has multiple entries in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
}
- retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list);
+ retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
if (retval != 0) {
com_err(progname, retval,
"while looking up active version of master key");
@@ -552,21 +525,21 @@ kdb5_use_mkey(int argc, char *argv[])
goto cleanup_return;
}
- if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_actkvno(util_context, master_entry,
actkvno_list))) {
com_err(progname, retval, "while updating actkvno data for master principal entry");
exit_status++;
goto cleanup_return;
}
- if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
now, master_princ))) {
com_err(progname, retval, "while updating the master key principal modification time");
exit_status++;
goto cleanup_return;
}
- if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) {
+ if ((retval = krb5_db_put_principal(util_context, master_entry))) {
(void) krb5_db_fini(util_context);
com_err(progname, retval, "while adding master key entry to the database");
exit_status++;
@@ -590,9 +563,7 @@ kdb5_list_mkeys(int argc, char *argv[])
krb5_kvno act_kvno;
krb5_timestamp act_time;
krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno;
- krb5_db_entry master_entry;
- int nentries = 0;
- krb5_boolean more = FALSE;
+ krb5_db_entry *master_entry;
krb5_keylist_node *cur_kb_node;
krb5_keyblock *act_mkey;
@@ -612,29 +583,17 @@ kdb5_list_mkeys(int argc, char *argv[])
return;
}
- retval = krb5_db_get_principal(util_context, master_princ, &master_entry,
- &nentries, &more);
+ retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry);
if (retval != 0) {
com_err(progname, retval,
"while getting master key principal %s",
mkey_fullname);
exit_status++;
goto cleanup_return;
- } else if (nentries == 0) {
- com_err(progname, KRB5_KDB_NOENTRY,
- "principal %s not found in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
- } else if (nentries > 1) {
- com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
- "principal %s has multiple entries in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
}
- retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list);
+ retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
if (retval != 0) {
com_err(progname, retval, "while looking up active kvno list");
exit_status++;
@@ -642,7 +601,7 @@ kdb5_list_mkeys(int argc, char *argv[])
}
if (actkvno_list == NULL) {
- act_kvno = master_entry.key_data[0].key_data_kvno;
+ act_kvno = master_entry->key_data[0].key_data_kvno;
} else {
retval = krb5_dbe_find_act_mkey(util_context, master_keylist,
actkvno_list, &act_kvno, &act_mkey);
@@ -834,7 +793,6 @@ update_princ_encryption_1(void *cb, krb5_db_entry *ent)
krb5_error_code retval;
int match;
krb5_timestamp now;
- int nentries = 1;
int result;
krb5_kvno old_mkvno;
@@ -905,7 +863,7 @@ update_princ_encryption_1(void *cb, krb5_db_entry *ent)
ent->mask |= KADM5_KEY_DATA;
- if ((retval = krb5_db_put_principal(util_context, ent, &nentries))) {
+ if ((retval = krb5_db_put_principal(util_context, ent))) {
com_err(progname, retval,
"while updating principal '%s' key data in the database",
pname);
@@ -957,9 +915,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
int optchar;
krb5_error_code retval;
krb5_actkvno_node *actkvno_list = 0;
- krb5_db_entry master_entry;
- int nentries = 1;
- krb5_boolean more = FALSE;
+ krb5_db_entry *master_entry;
char *mkey_fullname = 0;
#ifdef BSD_REGEXPS
char *msg;
@@ -1032,23 +988,16 @@ kdb5_update_princ_encryption(int argc, char *argv[])
goto cleanup;
}
- retval = krb5_db_get_principal(util_context, master_princ, &master_entry,
- &nentries, &more);
+ retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry);
if (retval != 0) {
com_err(progname, retval, "while getting master key principal %s",
mkey_fullname);
exit_status++;
goto cleanup;
}
- if (nentries != 1) {
- com_err(progname, 0,
- "cannot find master key principal %s in database!",
- mkey_fullname);
- exit_status++;
- goto cleanup;
- }
- retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list);
+ retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
if (retval != 0) {
com_err(progname, retval, "while looking up active kvno list");
exit_status++;
@@ -1058,11 +1007,11 @@ kdb5_update_princ_encryption(int argc, char *argv[])
/* Master key is always stored encrypted in the latest version of
itself. */
new_mkvno = krb5_db_get_key_data_kvno(util_context,
- master_entry.n_key_data,
- master_entry.key_data);
+ master_entry->n_key_data,
+ master_entry->key_data);
retval = krb5_dbe_find_mkey(util_context, master_keylist,
- &master_entry, &tmp_keyblock);
+ master_entry, &tmp_keyblock);
if (retval) {
com_err(progname, retval, "retrieving the most recent master key");
exit_status++;
@@ -1154,9 +1103,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
krb5_error_code retval;
char *mkey_fullname = NULL;
krb5_timestamp now;
- krb5_db_entry master_entry;
- int nentries = 0;
- krb5_boolean more = FALSE;
+ krb5_db_entry *master_entry;
krb5_boolean force = FALSE, dry_run = FALSE, verbose = FALSE;
struct purge_args args;
char buf[5];
@@ -1205,26 +1152,14 @@ kdb5_purge_mkeys(int argc, char *argv[])
return;
}
- retval = krb5_db_get_principal(util_context, master_princ, &master_entry,
- &nentries, &more);
+ retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry);
if (retval != 0) {
com_err(progname, retval,
"while getting master key principal %s",
mkey_fullname);
exit_status++;
goto cleanup_return;
- } else if (nentries == 0) {
- com_err(progname, KRB5_KDB_NOENTRY,
- "principal %s not found in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
- } else if (nentries > 1) {
- com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
- "principal %s has multiple entries in Kerberos database",
- mkey_fullname);
- exit_status++;
- goto cleanup_return;
}
if (!force) {
@@ -1243,13 +1178,13 @@ kdb5_purge_mkeys(int argc, char *argv[])
}
/* save the old keydata */
- old_key_data_count = master_entry.n_key_data;
+ old_key_data_count = master_entry->n_key_data;
if (old_key_data_count == 1) {
if (verbose)
printf("There is only one master key which can not be purged.\n");
goto cleanup_return;
}
- old_key_data = master_entry.key_data;
+ old_key_data = master_entry->key_data;
args.kvnos = (struct kvnos_in_use *) malloc(sizeof(struct kvnos_in_use) * old_key_data_count);
if (args.kvnos == NULL) {
@@ -1264,7 +1199,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
/* populate the kvnos array with all the current mkvnos */
for (i = 0; i < old_key_data_count; i++)
- args.kvnos[i].kvno = master_entry.key_data[i].key_data_kvno;
+ args.kvnos[i].kvno = master_entry->key_data[i].key_data_kvno;
if ((retval = krb5_db_iterate(util_context,
NULL,
@@ -1310,29 +1245,29 @@ kdb5_purge_mkeys(int argc, char *argv[])
goto cleanup_return;
}
- retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list);
+ retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
if (retval != 0) {
com_err(progname, retval, "while looking up active kvno list");
exit_status++;
goto cleanup_return;
}
- retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &mkey_aux_list);
+ retval = krb5_dbe_lookup_mkey_aux(util_context, master_entry, &mkey_aux_list);
if (retval != 0) {
com_err(progname, retval, "while looking up mkey aux data list");
exit_status++;
goto cleanup_return;
}
- master_entry.key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse);
- if (master_entry.key_data == NULL) {
+ master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse);
+ if (master_entry->key_data == NULL) {
retval = ENOMEM;
com_err(progname, ENOMEM, "while allocating key_data");
exit_status++;
goto cleanup_return;
}
- memset(master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse);
- master_entry.n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */
+ memset(master_entry->key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse);
+ master_entry->n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */
/*
* Assuming that the latest mkey will not be purged because it will always
@@ -1342,7 +1277,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
for (j = 0; j < args.num_kvnos; j++) {
if (args.kvnos[j].kvno == (krb5_kvno) old_key_data[i].key_data_kvno) {
if (args.kvnos[j].use_count != 0) {
- master_entry.key_data[k++] = old_key_data[i];
+ master_entry->key_data[k++] = old_key_data[i];
break;
} else {
/* remove unused mkey */
@@ -1397,7 +1332,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
}
assert(k == num_kvnos_inuse);
- if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_actkvno(util_context, master_entry,
actkvno_list))) {
com_err(progname, retval,
"while updating actkvno data for master principal entry");
@@ -1405,7 +1340,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
goto cleanup_return;
}
- if ((retval = krb5_dbe_update_mkey_aux(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_mkey_aux(util_context, master_entry,
mkey_aux_list))) {
com_err(progname, retval,
"while updating mkey_aux data for master principal entry");
@@ -1419,7 +1354,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
goto cleanup_return;
}
- if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry,
+ if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
now, master_princ))) {
com_err(progname, retval,
"while updating the master key principal modification time");
@@ -1427,9 +1362,9 @@ kdb5_purge_mkeys(int argc, char *argv[])
goto cleanup_return;
}
- master_entry.mask |= KADM5_KEY_DATA;
+ master_entry->mask |= KADM5_KEY_DATA;
- if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) {
+ if ((retval = krb5_db_put_principal(util_context, master_entry))) {
(void) krb5_db_fini(util_context);
com_err(progname, retval, "while adding master key entry to the database");
exit_status++;
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index 09b0d0704..6c8e364c6 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -110,7 +110,7 @@ krb5_keyblock master_keyblock;
krb5_kvno master_kvno; /* fetched */
extern krb5_keylist_node *master_keylist;
extern krb5_principal master_princ;
-krb5_db_entry master_entry;
+krb5_db_entry *master_entry = NULL;
int valid_master_key = 0;
char *progname;
@@ -397,8 +397,6 @@ void set_dbname(argc, argv)
static int open_db_and_mkey()
{
krb5_error_code retval;
- int nentries;
- krb5_boolean more;
krb5_data scratch, pwd, seed;
dbactive = FALSE;
@@ -421,24 +419,12 @@ static int open_db_and_mkey()
exit_status++;
return(1);
}
- nentries = 1;
- if ((retval = krb5_db_get_principal(util_context, master_princ,
- &master_entry, &nentries, &more))) {
+ if ((retval = krb5_db_get_principal(util_context, master_princ, 0,
+ &master_entry))) {
com_err(progname, retval, "while retrieving master entry");
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
- } else if (more) {
- com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
- "while retrieving master entry");
- exit_status++;
- (void) krb5_db_fini(util_context);
- return(1);
- } else if (!nentries) {
- com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry");
- exit_status++;
- (void) krb5_db_fini(util_context);
- return(1);
}
if (global_params.mask & KADM5_CONFIG_KVNO)
@@ -549,9 +535,7 @@ add_random_key(argc, argv)
{
krb5_error_code ret;
krb5_principal princ;
- krb5_db_entry dbent;
- int n;
- krb5_boolean more;
+ krb5_db_entry *dbent;
krb5_timestamp now;
krb5_key_salt_tuple *keysalts = NULL;
@@ -582,25 +566,12 @@ add_random_key(argc, argv)
exit_status++;
return;
}
- n = 1;
- ret = krb5_db_get_principal(util_context, princ, &dbent,
- &n, &more);
+ ret = krb5_db_get_principal(util_context, princ, 0, &dbent);
if (ret) {
com_err(me, ret, "while fetching principal %s", pr_str);
exit_status++;
return;
}
- if (n != 1) {
- fprintf(stderr, "principal %s not found\n", pr_str);
- exit_status++;
- return;
- }
- if (more) {
- fprintf(stderr, "principal %s not unique\n", pr_str);
- krb5_db_free_principal(util_context, &dbent, 1);
- exit_status++;
- return;
- }
ret = krb5_string_to_keysalts(ks_str,
", \t", ":.-", 0,
&keysalts,
@@ -618,41 +589,40 @@ add_random_key(argc, argv)
free_keysalts = 1;
/* Find the mkey used to protect the existing keys */
- ret = krb5_dbe_find_mkey(util_context, master_keylist, &dbent, &tmp_mkey);
+ ret = krb5_dbe_find_mkey(util_context, master_keylist, dbent, &tmp_mkey);
if (ret) {
com_err(me, ret, "while finding mkey");
+ krb5_db_free_principal(util_context, dbent);
exit_status++;
return;
}
- ret = krb5_dbe_ark(util_context, tmp_mkey,
- keysalts, num_keysalts,
- &dbent);
+ ret = krb5_dbe_ark(util_context, tmp_mkey, keysalts, num_keysalts, dbent);
if (free_keysalts)
free(keysalts);
if (ret) {
com_err(me, ret, "while randomizing principal %s", pr_str);
- krb5_db_free_principal(util_context, &dbent, 1);
+ krb5_db_free_principal(util_context, dbent);
exit_status++;
return;
}
- dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ dbent->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
ret = krb5_timeofday(util_context, &now);
if (ret) {
com_err(me, ret, "while getting time");
- krb5_db_free_principal(util_context, &dbent, 1);
+ krb5_db_free_principal(util_context, dbent);
exit_status++;
return;
}
- ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now);
+ ret = krb5_dbe_update_last_pwd_change(util_context, dbent, now);
if (ret) {
com_err(me, ret, "while setting changetime");
- krb5_db_free_principal(util_context, &dbent, 1);
+ krb5_db_free_principal(util_context, dbent);
exit_status++;
return;
}
- ret = krb5_db_put_principal(util_context, &dbent, &n);
- krb5_db_free_principal(util_context, &dbent, 1);
+ ret = krb5_db_put_principal(util_context, dbent);
+ krb5_db_free_principal(util_context, dbent);
if (ret) {
com_err(me, ret, "while saving principal %s", pr_str);
exit_status++;
diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c
index e2afd5844..de677a25b 100644
--- a/src/kadmin/dbutil/ovload.c
+++ b/src/kadmin/dbutil/ovload.c
@@ -108,11 +108,10 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop)
krb5_error_code ret;
krb5_tl_data tl_data;
krb5_principal princ;
- krb5_db_entry kdb;
+ krb5_db_entry *kdb = NULL;
char *current = 0;
char *cp;
- int x, one;
- krb5_boolean more;
+ int x;
char line[LINESIZE];
if (fgets(line, LINESIZE, filep) == (char *) NULL) {
@@ -187,16 +186,15 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop)
tl_data.tl_data_length = xdr_getpos(&xdrs);
tl_data.tl_data_contents = (krb5_octet *) xdralloc_getdata(&xdrs);
- one = 1;
- ret = krb5_db_get_principal(kcontext, princ, &kdb, &one, &more);
+ ret = krb5_db_get_principal(kcontext, princ, 0, &kdb);
if (ret)
goto done;
- ret = krb5_dbe_update_tl_data(kcontext, &kdb, &tl_data);
+ ret = krb5_dbe_update_tl_data(kcontext, kdb, &tl_data);
if (ret)
goto done;
- ret = krb5_db_put_principal(kcontext, &kdb, &one);
+ ret = krb5_db_put_principal(kcontext, kdb);
if (ret)
goto done;
@@ -208,5 +206,6 @@ done:
free(current);
krb5_free_principal(kcontext, princ);
osa_free_princ_ent(rec);
+ krb5_db_free_principal(kcontext, kdb);
return ret;
}
generated by cgit (git 2.34.1) at 2024-10-08 22:21:41 +0000