+Wed Sep 14 22:33:23 1994 Theodore Y. Ts'o (tytso@dcl)
+
+ * adm_server (init_db): Save a copy of the master key database
+ entry in the master_entry global variable.
+
+ * adm_process.c (process_client): Removed calls to
+ free(final_msg.data), where final_msg.data was pointing to
+ an automatic variable.
+
+ * adm_process.c (cpw_keyproc): In the case where the
+ keyprocarg->key is set, copy the keyblock instead of
+ passing a pointer down --- more pointer aliasing problems!
+
+ * adm_funcs.c (adm_modify_kdb): Added calls to krb5_copy_principal
+ instead of merely assigning pointers to one another and
+ causing pointer aliasing problems. Make sure the master
+ key version number is propagated correctly.
+
Thu Aug 4 03:38:58 1994 Tom Yu (tlyu@dragons-lair)
* Makefile.in: whoops install manpage as kadmin.8, not kadmin.1
#include <krb5/los-proto.h>
#include <krb5/adm_defs.h>
#include <krb5/adm_err.h>
+#include <krb5/kdb.h>
#include "adm_extern.h"
krb5_error_code
extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
+extern krb5_db_entry master_entry;
extern volatile int signal_requests_exit;
extern char *dbm_db_name;
extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
-struct mblock {
- krb5_deltat max_life;
- krb5_deltat max_rlife;
- krb5_timestamp expiration;
- krb5_flags flags;
- krb5_kvno mkvno;
-} mblock = { /* XXX */
- KRB5_KDB_MAX_LIFE,
- KRB5_KDB_MAX_RLIFE,
- KRB5_KDB_EXPIRATION,
- KRB5_KDB_DEF_FLAGS,
- 0
-};
-
typedef unsigned char des_cblock[8];
/* krb5_kvno may be narrow */
int one = 1;
krb5_kvno KDB5_VERSION_NUM = 1;
- krb5_deltat KDB5_MAX_TKT_LIFE = KRB5_KDB_MAX_LIFE;
- krb5_deltat KDB5_MAX_REN_LIFE = KRB5_KDB_MAX_RLIFE;
- krb5_timestamp KDB5_EXP_DATE = KRB5_KDB_EXPIRATION;
extern krb5_flags NEW_ATTRIBUTES;
if (!req_type) { /* New entry - initialize */
memset((char *) entry, 0, sizeof(krb5_db_entry));
- entry->principal = (krb5_principal) principal;
+ retval = krb5_copy_principal(principal, &entry->principal);
+ if (retval)
+ return retval;
entry->kvno = KDB5_VERSION_NUM;
- entry->max_life = KDB5_MAX_TKT_LIFE;
- entry->max_renewable_life = KDB5_MAX_REN_LIFE;
- entry->mkvno = mblock.mkvno;
- entry->expiration = KDB5_EXP_DATE;
- entry->mod_name = master_princ;
+ entry->max_life = master_entry.max_life;
+ entry->max_renewable_life = master_entry.max_renewable_life;
+ entry->mkvno = master_entry.mkvno;
+ entry->expiration = master_entry.expiration;
+ retval = krb5_copy_principal(master_princ, &entry->mod_name);
+ if (retval) {
+ krb5_free_principal(entry->principal);
+ entry->principal = 0;
+ return retval;
+ }
} else { /* Modify existing entry */
entry->kvno++;
#ifdef SANDIA
entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
#endif
- entry->mod_name = (krb5_principal) principal;
+ retval = krb5_copy_principal(principal, &entry->mod_name);
+ if (retval)
+ return retval;
}
if (key && key->length) {
#include <krb5/los-proto.h>
#include <krb5/adm_defs.h>
#include <krb5/sysincl.h>
+#include <krb5/kdb.h>
#include <syslog.h>
#include <signal.h>
#include <krb5/asn1.h>
#include <krb5/adm_defs.h>
+#include <krb5/kdb.h>
#include "adm_extern.h"
krb5_error_code
#include <krb5/ext-proto.h>
#include <krb5/los-proto.h>
#include <krb5/adm_defs.h>
+#include <krb5/kdb.h>
#include "adm_extern.h"
extern int errno;
arg = ( struct cpw_keyproc_arg *) keyprocarg;
if (arg->key) {
- *key = arg->key;
+ retval = krb5_copy_keyblock(arg->key, key);
+ if (retval)
+ return retval;
} else {
if (retval = krb5_parse_name(client_server_info.name_of_service,
&cpw_krb)) {
0,
&msg_data)) {
syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv");
- free(final_msg.data);
goto finish;
}
- free(final_msg.data);
/* Send Final Reply to Client */
if (retval = krb5_write_message(&client_server_info.client_socket,
int classification; /* default = Unclassified */
#endif
+krb5_db_entry master_entry;
+
krb5_flags NEW_ATTRIBUTES;
cleanexit(val)
(void) krb5_db_fini();
return(retval);
}
-
+
+/*
+ * fetch the master database entry, and hold on to it.
+ */
+ number_of_entries = 1;
+ if (retval = krb5_db_get_principal(masterkeyname, &master_entry,
+ &number_of_entries, &more)) {
+ return(retval);
+ }
+ if (number_of_entries != 1) {
+ if (number_of_entries)
+ krb5_db_free_principal(&master_entry, number_of_entries);
+ return(KRB5_KDB_NOMASTERKEY);
+ } else if (more) {
+ krb5_db_free_principal(&master_entry, number_of_entries);
+ return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+ }
+
/*
fetch the TGS key, and hold onto it; this is an efficiency hack
the master key name here is from the master_princ global,