+Thu Aug 10 14:38:14 EDT 1995 Paul Park (pjpark@mit.edu)
+ * adm_funcs.c - Rework adm_modify_kdb() to use kdb5's change-password
+ interfaces. Gut callers of adm_modify_kdb() because most of
+ the work is done in kdb_cpw.c. Add adm_find_keytype and adm_
+ update_tl_attrs.
+ * adm_extern.h - Add prototypes for adm_find_keytype() and adm_update_
+ tl_attrs().
+ * adm_adm_func, adm_fmt_inq.c - Use adm_find_keytype() to locate the
+ key_data entry for a particular key/salt type instead of
+ assuming that it's always in the first slot. Actually handle
+ mod_name and mod_date now.
+ * adm_process, adm_server.c - Find the latest DES key for use instead
+ of assuming that it's in the first slot.
+
Thu Aug 3 11:46:10 EDT 1995 Paul Park (pjpark@mit.edu)
* adm_{adm_func,fmt_inq,funcs,process,server}.c - In order to get
things to compile, replace "salt_type" with "key_data[0].
krb5_replay_data replaydata;
krb5_data outbuf;
int retval;
+ krb5_key_data *key_data;
#if defined(MACH_PASS) || defined(SANDIA)
char *tmp_phrase;
char *tmp_passwd;
outbuf.length = 3;
if (oper_type == CHGOPER || oper_type == CH4OPER) {
- outbuf.data[3] = entry.key_data[0].key_data_type[1];
+ key_data = (krb5_key_data *) NULL;
+ if (adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ ((oper_type == CHGOPER) ?
+ KRB5_KDB_SALTTYPE_NORMAL : KRB5_KDB_SALTTYPE_V4),
+ &key_data)) {
+ com_err("adm_build_key", ENOENT, "finding key data");
+ }
+ outbuf.data[3] = key_data->key_data_type[1];
outbuf.length = 4;
}
retval = krb5_unparse_name(context, newprinc, &composite_name);
- entry.key_data[0].key_data_type[1] = (krb5_int16) salttype;
-
if (retval = adm_enter_pwd_key(context, "adm_change_pwd",
composite_name,
newprinc,
entry.fail_auth_count = atoi(tempstr);
}
#endif
+
if (msg_data.data[3] == KMODVNO) {
+ krb5_key_data *kdata;
+
(void) memcpy(tempstr, (char *) msg_data.data + 4,
msg_data.length - 4);
- entry.key_data[0].key_data_kvno = atoi(tempstr);
+ /*
+ * We could loop through all the supported key/salt types, but
+ * we don't have that technology yet.
+ */
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NORMAL,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_V4,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NOREALM,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
+ if (!adm_find_keytype(&entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_ONLYREALM,
+ &kdata))
+ kdata->key_data_kvno = atoi(tempstr);
}
if (msg_data.data[3] == KMODATTR) {
}
free(msg_data.data);
-#ifdef notdef
- entry.mod_name = client_server_info.client;
- if (retval = krb5_timeofday(context, &entry.mod_date)) {
- com_err("adm_mod_old_key", retval, "while fetching date");
+ if (adm_update_tl_attrs(context,
+ &entry,
+ client_server_info.client,
+ 0)) {
+ com_err("adm_mod_old_key", retval,
+ "while updating modification attributes");
krb5_free_principal(context, newprinc);
krb5_db_free_principal(context, &entry, nprincs);
return(5); /* Protocol Failure */
}
-#endif /* notdef */
retval = krb5_db_put_principal(context, &entry, &one);
if (retval) {
int,
krb5_db_entry *));
+krb5_error_code adm_find_keytype
+ PROTOTYPE((krb5_db_entry *,
+ krb5_keytype,
+ krb5_int32,
+ krb5_key_data **));
+
+krb5_error_code adm_update_tl_attrs
+ PROTOTYPE((krb5_context,
+ krb5_db_entry *,
+ krb5_principal,
+ krb5_boolean));
+
krb5_error_code adm5_kadmin
PROTOTYPE((krb5_context,
krb5_auth_context,
return(0);
}
+/*
+ * With the new database format, we assume that a database entry always has a
+ * key which is des:normal
+ */
krb5_error_code
adm_fmt_prt(context, entry, Principal_name, ret_data)
krb5_context context;
{
struct tm *mod_time;
krb5_error_code retval;
+ krb5_key_data *pkey;
+ krb5_tl_mod_princ *mprinc_data;
#ifdef SANDIA
struct tm *exp_time;
int pwd_expire;
sprintf(thisline, "Maximum Renewal Lifetime (MRL) = %d (seconds)\n",
entry->max_renewable_life);
strcat(my_data, thisline);
+ pkey = (krb5_key_data *) NULL;
+ if (retval = adm_find_keytype(entry,
+ KEYTYPE_DES,
+ KRB5_KDB_SALTTYPE_NORMAL,
+ &pkey)) {
+ free(my_data);
+ return retval;
+ }
sprintf(thisline, "Principal Key Version (PKV) = %d\n",
- entry->key_data[0].key_data_kvno);
+ pkey->key_data_kvno);
strcat(my_data, thisline);
if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) {
free(my_data);
return retval;
}
-#ifdef notdef
- mod_time = localtime((time_t *) &entry->mod_date);
+
+ /*
+ * Find the modification tagged entry.
+ */
+ if (krb5_dbe_decode_mod_princ_data(context, entry, &mprinc_data)) {
+ free(my_data);
+ return retval;
+ }
+ mod_time = localtime((time_t *) &mprinc_data->mod_date);
sprintf(thisline,
"Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
(mod_time->tm_year >= 100) ? 20 : 19,
mod_time->tm_min,
mod_time->tm_sec);
strcat(my_data, thisline);
-#endif /* notdef */
+ krb5_free_principal(context, mprinc_data->mod_princ);
+ krb5_xfree(mprinc_data);
if (retval = adm_print_attributes(my_data, entry->attributes)) {
free(my_data);
return retval;
}
- switch (entry->key_data[0].key_data_type[1] & 0xff) {
+ switch (pkey->key_data_type[1] & 0xff) {
case 0 : strcat(my_data,
"Principal Salt Type (PST) = Version 5 Normal\n");
break;
krb5_boolean more;
int nprincs = 1;
krb5_keysalt salt;
+ krb5_key_data *kdatap;
if (*keyblock == NULL) {
if (retval = krb5_parse_name(context,
return(ENOMEM);
}
+ /* Find our key */
+ if (retval = adm_find_keytype(&cpw_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &cpw_entry, nprincs);
+ syslog(LOG_ERR, "cpw_keyproc: cannot find server DES key");
+ close(client_server_info.client_socket);
+ return(retval);
+ }
+
/* Extract the real kadmin/<realm> keyblock */
if (retval = krb5_dbekd_decrypt_key_data(context,
&master_encblock,
- &cpw_entry.key_data[0],
+ kdatap,
realkey,
&salt)) {
krb5_db_free_principal(context, &cpw_entry, nprincs);
krb5_keysalt salt;
krb5_timestamp adm_time;
+ krb5_key_data *kdatap;
outbuf.data = retbuf;
if (setsockopt(client_server_info.client_socket,
exit(0);
}
+ /* Find our key */
+ if (retval = adm_find_keytype(&server_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &server_entry, number_of_entries);
+ syslog(LOG_ERR,
+ "kadmind error: cannot find server DES key");
+ close(client_server_info.client_socket);
+ exit(0);
+ }
+
/* Extract the real kadmin/<realm> keyblock */
if (retval = krb5_dbekd_decrypt_key_data(context,
&master_encblock,
- &server_entry.key_data[0],
+ kdatap,
cpw_keyblock,
&salt)) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
int number_of_entries;
char tgs_name[255];
krb5_keysalt salt;
+ krb5_key_data *kdatap;
/* set db name if appropriate */
if (dbname && (retval = krb5_db_set_name(context, dbname)))
convert server.key into a real key
(it may be encrypted in the database)
*/
+ if (retval = adm_find_keytype(&server_entry,
+ KEYTYPE_DES,
+ -1,
+ &kdatap)) {
+ krb5_db_free_principal(context, &server_entry, number_of_entries);
+ (void) krb5_finish_key(context, &master_encblock);
+ memset((char *)&master_encblock, 0, sizeof(master_encblock));
+ (void) krb5_db_fini(context);
+ return(retval);
+ }
if (retval = krb5_dbekd_decrypt_key_data(context,&master_encblock,
- &server_entry.key_data[0],&tgs_key,
+ kdatap,&tgs_key,
&salt)) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
(void) krb5_finish_key(context, &master_encblock);
return(retval);
}
- tgs_kvno = server_entry.key_data[0].key_data_kvno;
+ tgs_kvno = kdatap->key_data_kvno;
krb5_db_free_principal(context, &server_entry, number_of_entries);
return(0);
}
projects / krb5.git / commitdiff