Consolidate handling of tagged database attributes

author Paul Park <pjpark@mit.edu>

Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)

committer Paul Park <pjpark@mit.edu>

Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)
author Paul Park <pjpark@mit.edu>
Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)
committer Paul Park <pjpark@mit.edu>
Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)
diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog

index f91a881e6d552cdbe7eaf00eb886fbb2454acd5b..d473bb02d26b79042137b5beefb785ef0722ed10 100644 (file)
--- a/src/kadmin/v5server/ChangeLog
+++ b/src/kadmin/v5server/ChangeLog
@@ -1,4 +1,11 @@
  
+Thu Aug 10 14:34:31 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * srv_key.c - Consolidate handling of tagged database attributes here
+               in key_update_tl_attrs().  Fix a bug which was never encountered
+       * kadm5_defs.h - Add prototype for key_update_tl_attrs().
+       * admin.c, passwd.c - Use key_update_tl_attrs() where appropriate.
+
+
  Wed Aug 9 17:09:35 EDT 1995    Paul Park       (pjpark@mit.edu)
         * admin.c - Add code to use kdb5's change-password interfaces under
                 USE_KDB5_CPW for now until it's fully shaken out.
diff --git a/src/kadmin/v5server/admin.c b/src/kadmin/v5server/admin.c

index 7db29bba3151517794dad4f5573bacba15db7e3d..37f9cbca2487bb13cfbfae2896df3c8f23dc35e1 100644 (file)
--- a/src/kadmin/v5server/admin.c
+++ b/src/kadmin/v5server/admin.c
@@ -309,10 +309,6 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
  {
      krb5_error_code    kret = 0;
  #ifndef        USE_KDB5_CPW
-    krb5_timestamp     now;
-    krb5_tl_data       *pwchg, *def_pwchg;
-    krb5_tl_data       *new, *def;
-    krb5_tl_mod_princ  modent;
      krb5_int32         num_keys, num_ekeys, num_rkeys;
      krb5_key_data      *key_list;
      krb5_key_data      *ekey_list;
@@ -331,9 +327,6 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
      ekey_list = (krb5_key_data *) NULL;
  #endif /* USE_KDB5_CPW */
      if (dbentp->princ &&
-#ifndef        USE_KDB5_CPW
-       !(kret = krb5_timeofday(kcontext, &now)) &&
-#endif /* USE_KDB5_CPW */
         (!password || ((valid & KRB5_ADM_M_RANDOMKEY) == 0))) {
  
         /*
@@ -359,72 +352,16 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
         dbentp->len = defaultp->len;
         kret = 0;
  
-#ifndef        USE_KDB5_CPW
-       /*
-        * Now merge tagged data.  This is a little bit painful, hold on.
-        * First see if we already have a last change block.  If so, then just
-        * use the existing storage to hold the appropriate value.
-        */
-       pwchg = def_pwchg = (krb5_tl_data *) NULL;
-       for (new = dbentp->tl_data; new; new = new->tl_data_next) {
-           if (new->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-               pwchg = new;
-               break;
-           }
-       }
-       /* Find the entry from the default */
-       for (def = defaultp->tl_data; def; def = def->tl_data_next) {
-           if (def->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-               def_pwchg = def;
-               break;
-           }
-       }
         /*
-        * If not already there, then we have to make a new entry and blast
-        * our scuzz in there.
+        * Update last password change (if appropriate) and modification
+        * date and principal.
          */
-       if (!pwchg) {
-           if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) &&
-               (pwchg->tl_data_contents = (krb5_octet *)
-                malloc(sizeof(krb5_timestamp)))) {
-               pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-               pwchg->tl_data_length = sizeof(krb5_timestamp);
-               pwchg->tl_data_next = dbentp->tl_data;
-               dbentp->tl_data = pwchg;
-               dbentp->n_tl_data++;
-           }
-           else
-               kret = ENOMEM;
-       }
-       if (!kret) {
-           /*
-            * If we're changing the password, the time is now.
-            */
-           if (password || is_pwchange || !def_pwchg) {
-               krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
-           }
-           else {
-               /*
-                * Otherwise, clone the contents of the old one.
-                */
-               memcpy(pwchg->tl_data_contents,
-                      def_pwchg->tl_data_contents,
-                      sizeof(krb5_timestamp));
-           }
+       if (!(kret = key_update_tl_attrs(kcontext,
+                                        dbentp,
+                                        who,
+                                        (password || is_pwchange)))) {
  
-           /*
-            * Handle the modification date/principal.
-            */
-           modent.mod_date = now;
-           kret = krb5_copy_principal(kcontext, who, &modent.mod_princ);
-           if (!kret) {
-               kret = krb5_dbe_encode_mod_princ_data(kcontext,
-                                                     &modent,
-                                                     dbentp);
-               krb5_free_principal(kcontext, modent.mod_princ);
-           }
-       }
-       if (!kret) {
+#ifndef        USE_KDB5_CPW
             /* See if this is a random key or not */
             if (password) {
                 krb5_data               pwdata;
@@ -502,8 +439,15 @@ admin_merge_dbentries(kcontext, debug_level, who, defaultp,
                     }
                 }
             }
-       }
  #endif /* USE_KDB5_CPW */
+
+           /*
+            * Finally, if this is a password change, clear the password-change
+            * required bit.
+            */
+           if (password || is_pwchange)
+               dbentp->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+       }
      }
  
  #ifndef        USE_KDB5_CPW
@@ -921,7 +865,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
      krb5_principal     orig_principal;
      krb5_int32         operation;
      const char *       op_msg;
-    krb5_tl_mod_princ  *mprinc;
  
      DPRINT(DEBUG_CALLS, debug_level,
            ("* admin_delete_rename(%s,%s)\n",
@@ -977,7 +920,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
                             int                 n_howmany;
                             krb5_boolean        n_more;
                             krb5_db_entry       xxx_dbentry;
-                           krb5_timestamp      now;
  
                             n_howmany = 1;
  
@@ -987,7 +929,6 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
                                                                &xxx_dbentry,
                                                                &n_howmany,
                                                                &n_more))
-                               && !(kret = krb5_timeofday(kcontext, &now))
                                 && !n_howmany) {
                                 /* Change our name */
                                 krb5_free_principal(kcontext,
@@ -995,44 +936,26 @@ admin_delete_rename(kcontext, debug_level, ticket, original, new)
                                 orig_entry.princ = new_principal;
  
                                 /* Update our stats */
-                               mprinc = (krb5_tl_mod_princ *) NULL;
-                               (void) krb5_dbe_decode_mod_princ_data(kcontext,
+                               if (!(kret = key_update_tl_attrs(kcontext,
+                                                                &orig_entry,
+                                                                client,
+                                                                0))) {
+                                   n_howmany = 1;
+                                   if ((kret = krb5_db_put_principal(kcontext,
                                                                       &orig_entry,
-                                                                     &mprinc);
-                               if (!mprinc) {
-                                   mprinc = (krb5_tl_mod_princ *)
-                                       malloc(sizeof(krb5_tl_mod_princ));
-                                   if (mprinc)
-                                       memset(mprinc, 0, sizeof(*mprinc));
-                               }
-                               if (mprinc) {
-                                   if (mprinc->mod_princ)
-                                       krb5_free_principal(kcontext,
-                                                           mprinc->mod_princ);
-                                   krb5_copy_principal(kcontext,
-                                                       client,
-                                                       &mprinc->mod_princ);
-                                   mprinc->mod_date = now;
-                                   krb5_dbe_encode_mod_princ_data(kcontext,
-                                                                  mprinc,
-                                                                  &orig_entry);
-                                   krb5_free_principal(kcontext,
-                                                       mprinc->mod_princ);
-                                   krb5_xfree(mprinc);
-                               }
-
-                               n_howmany = 1;
-                               if ((kret = krb5_db_put_principal(kcontext,
-                                                                 &orig_entry,
-                                                                 &n_howmany))
-                                   || (n_howmany != 1)) {
-                                   retval = KRB5_ADM_SYSTEM_ERROR;
+                                                                     &n_howmany))
+                                       || (n_howmany != 1)) {
+                                       retval = KRB5_ADM_SYSTEM_ERROR;
+                                   }
+                                   else {
+                                       com_err(programname, 0,
+                                               admin_db_rename_fmt,
+                                               op_msg, original, new,
+                                               client_name);
+                                   }
                                 }
                                 else {
-                                   com_err(programname, 0,
-                                           admin_db_rename_fmt,
-                                           op_msg, original, new,
-                                           client_name);
+                                   retval = KRB5_ADM_SYSTEM_ERROR;
                                 }
                                 orig_entry.princ = (krb5_principal) NULL;
                             }
@@ -1412,11 +1335,9 @@ admin_key_op(kcontext, debug_level, ticket, nargs, arglist, is_delete)
      krb5_principal     principal;
      krb5_int32         operation;
      const char *       op_msg;
-    krb5_tl_mod_princ  *mprinc;
      krb5_int32         nkeysalts;
      krb5_key_salt_tuple        *keysalt_list;
      krb5_int32         *kvno_list;
-    krb5_timestamp     now;
      int                        n_howmany;
  
      DPRINT(DEBUG_CALLS, debug_level,
@@ -1493,26 +1414,11 @@ admin_key_op(kcontext, debug_level, ticket, nargs, arglist, is_delete)
                                                              nkeysalts,
                                                              keysalt_list,
                                                              kvno_list)) &&
-                           /* Get the time of day */
-                           !(kret = krb5_timeofday(kcontext, &now))) {
-                               /* Update our stats */
-                           if (!krb5_dbe_decode_mod_princ_data(kcontext,
-                                                               &entry,
-                                                               &mprinc)) {
-                               krb5_free_principal(kcontext,
-                                                   mprinc->mod_princ);
-                               krb5_copy_principal(kcontext,
-                                                   client,
-                                                   &mprinc->mod_princ);
-                               mprinc->mod_date = now;
-                               krb5_dbe_encode_mod_princ_data(kcontext,
-                                                              mprinc,
-                                                              &entry);
-                               krb5_free_principal(kcontext,
-                                                   mprinc->mod_princ);
-                               krb5_xfree(mprinc);
-                           }
-                           
+                           /* Update our statistics */
+                           !(retval = key_update_tl_attrs(kcontext,
+                                                          &entry,
+                                                          client,
+                                                          0))) {
                             n_howmany = 1;
                             if ((kret = krb5_db_put_principal(kcontext,
                                                               &entry,
diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h

index 1e9e02187e15bb115bd09ea1a5f0ec33e54a0d94..676a56cd7429f52cb5c0b2afdccf782a38b739dd 100644 (file)
--- a/src/kadmin/v5server/kadm5_defs.h
+++ b/src/kadmin/v5server/kadm5_defs.h
@@ -149,6 +149,11 @@ krb5_error_code key_dbent_to_keysalts
         KRB5_PROTOTYPE((krb5_db_entry *,
                         krb5_int32 *,
                         krb5_key_salt_tuple **));
+krb5_error_code key_update_tl_attrs
+       KRB5_PROTOTYPE((krb5_context,
+                       krb5_db_entry *,
+                       krb5_principal,
+                       krb5_boolean));
  
  /* srv_acl.c */
  krb5_error_code acl_init
diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c

index 335aca0a32b995314aac83a1622ac117b086c35e..33bda1cdbaaf29ea12ff98bde203d515c32808a7 100644 (file)
--- a/src/kadmin/v5server/passwd.c
+++ b/src/kadmin/v5server/passwd.c
@@ -213,9 +213,6 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
  #else  /* USE_KDB5_CPW */
      krb5_int32         num_keys;
      krb5_key_data      *key_list;
-    krb5_tl_data       *pwchg;
-    krb5_tl_mod_princ  modent;
-    krb5_timestamp     now;
  #endif /* USE_KDB5_CPW */
  
      DPRINT(DEBUG_CALLS, debug_level, ("* passwd_set_npass()\n"));
@@ -305,36 +302,17 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
                                 &entry2write.key_data))
         goto cleanup;
      entry2write.n_key_data = num_keys;
+#endif /* USE_KDB5_CPW */
  
-    if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) &&
-       (pwchg->tl_data_contents = (krb5_octet *)
-        malloc(sizeof(krb5_timestamp)))) {
-
-       pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-       pwchg->tl_data_length = sizeof(krb5_timestamp);
-       pwchg->tl_data_next = (krb5_tl_data *) NULL;
-       entry2write.tl_data = pwchg;
-       entry2write.n_tl_data++;
-       /* Set the time for last successful password change */
-       if (kret = krb5_timeofday(kcontext, &now))
-           goto cleanup;
-       krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
-    }
-    else {
-       kret = ENOMEM;
+    /* Update the statistics */
+    if (kret = key_update_tl_attrs(kcontext,
+                                  &entry2write,
+                                  entry2write.princ,
+                                  1))
         goto cleanup;
-    }
-
  
-    /* Set entry modifier and modification time. */
-    modent.mod_date = now;
-    if (!(kret = krb5_copy_principal(kcontext,
-                                    entry2write.princ, 
-                                    &modent.mod_princ))) {
-       kret = krb5_dbe_encode_mod_princ_data(kcontext, &modent, &entry2write);
-       krb5_free_principal(kcontext, modent.mod_princ);
-    }
-#endif /* USE_KDB5_CPW */
+    /* Clear the password-change-required bit */
+    entry2write.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
  
      /* Now write the entry */
      nwrite = 1;
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c

index 5a60462a7953755e8406a86e6d46d0aef376736a..e5dd60f88e80f7f7d21491237cd148c387498dfa 100644 (file)
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -1214,7 +1214,7 @@ key_name_to_data(dbentp, ksent, kvno, kdatap)
              (ksent->ks_salttype < 0))) {
             if (kvno >= 0) {
                 if (kvno == dbentp->key_data[i].key_data_kvno) {
-                   maxkvno == kvno;
+                   maxkvno = kvno;
                     datap = &dbentp->key_data[i];
                     break;
                 }
@@ -1287,3 +1287,87 @@ key_dbent_to_keysalts(dbentp, nentsp, ksentsp)
      }
      return(kret);
  }
+
+krb5_error_code
+key_update_tl_attrs(kcontext, dbentp, mod_name, is_pwchg)
+    krb5_context       kcontext;
+    krb5_db_entry      *dbentp;
+    krb5_principal     mod_name;
+    krb5_boolean       is_pwchg;
+{
+    krb5_error_code    kret;
+
+    kret = 0 ;
+
+    /*
+     * Handle modification principal.
+     */
+    if (mod_name) {
+       krb5_tl_mod_princ       mprinc;
+
+       memset(&mprinc, 0, sizeof(mprinc));
+       if (!(kret = krb5_copy_principal(kcontext,
+                                        mod_name,
+                                        &mprinc.mod_princ)) &&
+           !(kret = krb5_timeofday(kcontext, &mprinc.mod_date)))
+           kret = krb5_dbe_encode_mod_princ_data(kcontext,
+                                                 &mprinc,
+                                                 dbentp);
+       if (mprinc.mod_princ)
+           krb5_free_principal(kcontext, mprinc.mod_princ);
+    }
+
+    /*
+     * Handle last password change.
+     */
+    if (!kret && is_pwchg) {
+       krb5_tl_data    *pwchg;
+       krb5_timestamp  now;
+       krb5_boolean    linked;
+
+       /* Find a previously existing entry */
+       for (pwchg = dbentp->tl_data;
+            (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE);
+            pwchg = pwchg->tl_data_next);
+
+       /* Check to see if we found one. */
+       linked = 0;
+       if (!pwchg) {
+           /* No, allocate a new one */
+           if (pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) {
+               memset(pwchg, 0, sizeof(krb5_tl_data));
+               if (!(pwchg->tl_data_contents =
+                     (krb5_octet *) malloc(sizeof(krb5_timestamp)))) {
+                   free(pwchg);
+                   pwchg = (krb5_tl_data *) NULL;
+               }
+               else {
+                   pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+                   pwchg->tl_data_length =
+                       (krb5_int16) sizeof(krb5_timestamp);
+               }
+           }
+       }
+       else
+           linked = 1;
+
+       /* Do we have an entry? */
+       if (pwchg && pwchg->tl_data_contents) {
+           /* Yes, do the timestamp */
+           if (!(kret = krb5_timeofday(kcontext, &now))) {
+               /* Encode it */
+               krb5_kdb_encode_int32(now, pwchg->tl_data_contents);
+               /* Link it in if necessary */
+               if (!linked) {
+                   pwchg->tl_data_next = dbentp->tl_data;
+                   dbentp->tl_data = pwchg;
+                   dbentp->n_tl_data++;
+               }
+           }
+       }
+       else
+           kret = ENOMEM;
+    }
+
+    return(kret);
+}
author	Paul Park <pjpark@mit.edu>
	Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)
committer	Paul Park <pjpark@mit.edu>
	Thu, 10 Aug 1995 18:54:45 +0000 (18:54 +0000)
src/kadmin/v5server/ChangeLog		patch \| blob \| history
src/kadmin/v5server/admin.c		patch \| blob \| history
src/kadmin/v5server/kadm5_defs.h		patch \| blob \| history
src/kadmin/v5server/passwd.c		patch \| blob \| history
src/kadmin/v5server/srv_key.c		patch \| blob \| history