+Sun Feb 18 17:40:23 2001 Ezra Peisach <epeisach@mit.edu>
+
+ * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c,
+ server_init.c, server_kdb.c, server_misc.c, svr_iters.c,
+ svr_principal.c: Cleanup assignments in conditionals, variables
+ sadowing one another, unused variables and declared some functions
+ as static.
+
2000-10-17 Ezra Peisach <epeisach@mit.edu>
* svr_chpass_util.c (kadm5_chpass_principal_util): Change msg_len
ret != EEXIST)
return ret;
- if (ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic))
+ if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
return ret;
- if (ret = osa_adb_init_db(&todb, fileto, lockto, magic)) {
+ if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
(void) osa_adb_fini_db(fromdb, magic);
return ret;
}
- if (ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT)) {
+ if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
}
- if (ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT)) {
+ if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
}
- if (rename(filefrom, fileto) < 0) {
+ if ((rename(filefrom, fileto) < 0)) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return errno;
* Do not release the lock on fromdb because it is being renamed
* out of existence; no one can ever use it again.
*/
- if (ret = osa_adb_release_lock(todb)) {
+ if ((ret = osa_adb_release_lock(todb))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
/* now initialize lockp->lockinfo if necessary */
if (lockp->lockinfo.lockfile == NULL) {
- if (code = krb5_init_context(&lockp->lockinfo.context)) {
+ if ((code = krb5_init_context(&lockp->lockinfo.context))) {
free(db);
return((osa_adb_ret_t) code);
}
if (perm) {
if (unlink(db->lock->filename) < 0) {
- int ret;
-
/* somehow we can't delete the file, but we already */
/* have the lock, so release it and return */
0600);
if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
return OSA_ADB_NOLOCKFILE;
- } else if (ret = krb5_lock_file(db->lock->context,
+ } else if ((ret = krb5_lock_file(db->lock->context,
fileno(db->lock->lockfile),
- KRB5_LOCKMODE_UNLOCK))
+ KRB5_LOCKMODE_UNLOCK)))
return ret;
db->lock->lockmode = 0;
osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db)
{
- int ret;
-
if(db->db->close(db->db) == -1) {
(void) osa_adb_release_lock(db);
return OSA_ADB_FAILURE;
#define OPENLOCK(db, mode) \
{ \
- int ret; \
+ int olret; \
if (db == NULL) \
return EINVAL; \
else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \
return OSA_ADB_DBINIT; \
- else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
- return ret; \
+ else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
+ return olret; \
}
#define CLOSELOCK(db) \
{ \
- int ret; \
- if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
- return ret; \
+ int cl_ret; \
+ if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
+ return cl_ret; \
}
osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params)
#include "k5-int.h"
#include <kadm5/server_internal.h>
#include <kadm5/admin.h>
+#include "adm_proto.h"
#include "server_acl.h"
#include <ctype.h>
{
char *sp, *tp, *ap;
static const char *delims = "\t\n\f\v\r ,";
- krb5_error_code ret;
krb5_deltat dt;
krb5_flags flag;
krb5_error_code code;
*rpp = (restriction_t *) NULL;
code = 0;
- if (s)
+ if (s) {
if (!(sp = strdup(s)) /* Don't munge the original */
|| !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) {
code = ENOMEM;
}
}
}
+ }
if (sp)
free(sp);
if (*rpp && code) {
DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n"));
/* Open the ACL file for read */
- if (afp = fopen(acl_acl_file, "r")) {
+ afp = fopen(acl_acl_file, "r");
+ if (afp) {
alineno = 1;
aentpp = &acl_list_head;
/* Get a non-comment line */
- while (alinep = acl_get_line(afp, &alineno)) {
+ while ((alinep = acl_get_line(afp, &alineno))) {
/* Parse it */
*aentpp = acl_parse_line(alinep);
/* If syntax error, then fall out */
fclose(afp);
if (acl_catchall_entry) {
- if (*aentpp = acl_parse_line(acl_catchall_entry)) {
+ *aentpp = acl_parse_line(acl_catchall_entry);
+ if (*aentpp) {
acl_list_tail = *aentpp;
}
else {
return(code);
retval = 0;
- if (aentry = acl_find_entry(kcontext, caller_princ, principal)) {
+
+ aentry = acl_find_entry(kcontext, caller_princ, principal);
+ if (aentry) {
if ((aentry->ae_op_allowed & opmask) == opmask) {
retval = 1;
if (restrictions) {
kadm5_ret_t
kadm5_get_privs(void *server_handle, long *privs)
{
- kadm5_server_handle_t handle = server_handle;
-
CHECK_HANDLE(server_handle);
/* this is impossible to do with the current interface. For now,
#ifdef HAVE_MEMORY_H
#include <memory.h>
#endif
+#include "adm_proto.h"
#include <syslog.h>
#include "server_internal.h"
static char **word_list = NULL; /* list of word pointers */
static char *word_block = NULL; /* actual word data */
-static int word_count = 0; /* number of words */
+static unsigned int word_count = 0; /* number of words */
extern int errno;
/*
static int
word_compare(const void *s1, const void *s2)
{
- return (strcasecmp(*(char **)s1, *(char **)s2));
+ return (strcasecmp(*(const char **)s1, *(const char **)s2));
}
/*
return ENOMEM;
memset(handle, 0, sizeof(*handle));
- if (ret = (int) krb5_init_context(&(handle->context))) {
+ ret = (int) krb5_init_context(&(handle->context));
+ if (ret) {
free(handle);
return(ret);
}
return KADM5_BAD_SERVER_PARAMS;
}
- if (ret = kadm5_get_config_params(handle->context,
- (char *) NULL,
- (char *) NULL,
- params_in,
- &handle->params)) {
+ ret = kadm5_get_config_params(handle->context, (char *) NULL,
+ (char *) NULL, params_in,
+ &handle->params);
+ if (ret) {
krb5_free_context(handle->context);
free(handle);
return(ret);
return KADM5_MISSING_CONF_PARAMS;
}
- /*
- * Set the db_name based on configuration before calling
- * krb5_db_init, so it will get used.
- */
- if (ret = krb5_db_set_name(handle->context,
- handle->params.dbname)) {
+ /*
+ * Set the db_name based on configuration before calling
+ * krb5_db_init, so it will get used.
+ */
+
+ ret = krb5_db_set_name(handle->context, handle->params.dbname);
+ if (ret) {
free(handle);
return(ret);
}
- if (ret = krb5_db_init(handle->context)) {
+ ret = krb5_db_init(handle->context);
+ if (ret) {
krb5_free_context(handle->context);
free(handle);
return(ret);
return ret;
}
- if (! (handle->lhandle = malloc(sizeof(*handle)))) {
- krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
- free(handle);
- return ENOMEM;
- }
- *handle->lhandle = *handle;
- handle->lhandle->api_version = KADM5_API_VERSION_2;
- handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
- handle->lhandle->lhandle = handle->lhandle;
-
- /* can't check the handle until current_caller is set */
- if (ret = check_handle((void *) handle)) {
- free(handle);
- return ret;
- }
-
- /*
- * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
- * or an empty string, reads the master password from [the stash
- * file]. Otherwise, the non-NULL password is ignored and the
- * user is prompted for it via the tty." However, the code was
- * implemented the other way: when a non-NULL password was
- * provided, the stash file was used. This is somewhat more
- * sensible, as then a local or remote client that provides a
- * password does not prompt the user. This code maintains the
- * previous actual behavior, and not the old spec behavior,
- * because that is how the unit tests are written.
- *
- * In KADM5_API_VERSION_2, this decision is controlled by
- * params.
- *
- * kdb_init_master's third argument is "from_keyboard".
- */
- if (ret = kdb_init_master(handle, handle->params.realm,
- (handle->api_version == KADM5_API_VERSION_1 ?
- ((pass == NULL) || !(strlen(pass))) :
- ((handle->params.mask &
- KADM5_CONFIG_MKEY_FROM_KBD) &&
- handle->params.mkey_from_kbd))
- )) {
+ if (! (handle->lhandle = malloc(sizeof(*handle)))) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
free(handle);
- return ret;
+ return ENOMEM;
}
-
- if ((ret = kdb_init_hist(handle, handle->params.realm))) {
+ *handle->lhandle = *handle;
+ handle->lhandle->api_version = KADM5_API_VERSION_2;
+ handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+ handle->lhandle->lhandle = handle->lhandle;
+
+ /* can't check the handle until current_caller is set */
+ ret = check_handle((void *) handle);
+ if (ret) {
+ free(handle);
+ return ret;
+ }
+
+ /*
+ * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
+ * or an empty string, reads the master password from [the stash
+ * file]. Otherwise, the non-NULL password is ignored and the
+ * user is prompted for it via the tty." However, the code was
+ * implemented the other way: when a non-NULL password was
+ * provided, the stash file was used. This is somewhat more
+ * sensible, as then a local or remote client that provides a
+ * password does not prompt the user. This code maintains the
+ * previous actual behavior, and not the old spec behavior,
+ * because that is how the unit tests are written.
+ *
+ * In KADM5_API_VERSION_2, this decision is controlled by
+ * params.
+ *
+ * kdb_init_master's third argument is "from_keyboard".
+ */
+ ret = kdb_init_master(handle, handle->params.realm,
+ (handle->api_version == KADM5_API_VERSION_1 ?
+ ((pass == NULL) || !(strlen(pass))) :
+ ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+ && handle->params.mkey_from_kbd)
+ ));
+ if (ret) {
+ krb5_db_fini(handle->context);
+ krb5_free_context(handle->context);
+ free(handle);
+ return ret;
+ }
+
+ ret = kdb_init_hist(handle, handle->params.realm);
+ if (ret) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
free(handle);
return ret;
}
- if (ret = init_dict(&handle->params)) {
- krb5_db_fini(handle->context);
+ ret = init_dict(&handle->params);
+ if (ret) {
+ krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
krb5_free_context(handle->context);
free(handle);
return ret;
}
- if (ret = adb_policy_init(handle)) {
+ ret = adb_policy_init(handle);
+ if (ret) {
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
krb5_free_context(handle->context);
{
int ret = 0;
char *realm;
- krb5_keyblock tmk;
+ krb5_boolean from_kbd = FALSE;
+
+ if (from_keyboard)
+ from_kbd = TRUE;
if (r == NULL) {
if ((ret = krb5_get_default_realm(handle->context, &realm)))
master_keyblock.enctype = handle->params.enctype;
- if (ret = krb5_db_fetch_mkey(handle->context, master_princ,
- master_keyblock.enctype, from_keyboard,
- FALSE /* only prompt once */,
- handle->params.stash_file,
- NULL /* I'm not sure about this,
- but it's what the kdc does --marc */,
- &master_keyblock))
+ ret = krb5_db_fetch_mkey(handle->context, master_princ,
+ master_keyblock.enctype, from_kbd,
+ FALSE /* only prompt once */,
+ handle->params.stash_file,
+ NULL /* I'm not sure about this,
+ but it's what the kdc does --marc */,
+ &master_keyblock);
+ if (ret)
goto done;
if ((ret = krb5_db_init(handle->context)) != KSUCCESS)
hist_kvno = 2;
- if (ret = kadm5_create_principal(handle, &ent,
- (KADM5_PRINCIPAL |
- KADM5_MAX_LIFE |
- KADM5_ATTRIBUTES),
- "to-be-random"))
+ ret = kadm5_create_principal(handle, &ent,
+ (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+ KADM5_ATTRIBUTES),
+ "to-be-random");
+ if (ret)
goto done;
/* this won't let us randomize the hist_princ. So we cheat. */
}
- if (ret = krb5_dbe_find_enctype(handle->context,
- &hist_db,
- handle->params.enctype,
- -1,
- -1,
- &key_data))
+ ret = krb5_dbe_find_enctype(handle->context, &hist_db,
+ handle->params.enctype, -1, -1, &key_data);
+ if (ret)
goto done;
- if (ret = krb5_dbekd_decrypt_key_data(handle->context, &master_keyblock,
- key_data, &hist_key, NULL))
+ ret = krb5_dbekd_decrypt_key_data(handle->context, &master_keyblock,
+ key_data, &hist_key, NULL);
+ if (ret)
goto done;
hist_kvno = key_data->key_data_kvno;
krb5_tl_data tl_data;
XDR xdrs;
- if (ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
- &more))
+ ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
+ &more);
+ if (ret)
return(ret);
if (more) {
krb5_tl_data tl_data;
int one;
- if (ret = krb5_timeofday(handle->context, &now))
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
return(ret);
- if (ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
- handle->current_caller))
+ ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
+ handle->current_caller);
+ if (ret)
return(ret);
xdralloc_create(&xdrs, XDR_ENCODE);
one = 1;
- if (ret = krb5_db_put_principal(handle->context, kdb, &one))
+ ret = krb5_db_put_principal(handle->context, kdb, &one);
+ if (ret)
return(ret);
return(0);
id.func = iter_fct;
id.data = data;
- if (ret = krb5_db_iterate(handle->context, kdb_iter_func, &id))
+ ret = krb5_db_iterate(handle->context, kdb_iter_func, &id);
+ if (ret)
return(ret);
return(0);
return KADM5_OK;
}
+#ifdef HESIOD
/* stolen from v4sever/kadm_funcs.c */
static char *
reverse(str)
return(newstr);
}
+#endif /* HESIOD */
+#if 0
static int
lower(str)
char *str;
}
return(effect);
}
+#endif
+#ifdef HESIOD
static int
str_check_gecos(gecos, pwstr)
char *gecos;
}
return 0;
}
+#endif /* HESIOD */
/* some of this is stolen from gatekeeper ... */
kadm5_ret_t
if((find_word(password) == KADM5_OK))
return KADM5_PASS_Q_DICT;
else {
- char *cp;
- int c, n = krb5_princ_size(handle->context, principal);
+ int i, n = krb5_princ_size(handle->context, principal);
cp = krb5_princ_realm(handle->context, principal)->data;
if (strcasecmp(cp, password) == 0)
return KADM5_PASS_Q_DICT;
- for (c = 0; c < n ; c++) {
- cp = krb5_princ_component(handle->context, principal, c)->data;
+ for (i = 0; i < n ; i++) {
+ cp = krb5_princ_component(handle->context, principal, i)->data;
if (strcasecmp(cp, password) == 0)
return KADM5_PASS_Q_DICT;
#ifdef HESIOD
* other characters are copied
* regexp is anchored with ^ and $
*/
-kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
+static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
{
int append_realm;
char *p;
return KADM5_OK;
}
-void get_either_iter(struct iter_data *data, char *name)
+static void get_either_iter(struct iter_data *data, char *name)
{
if (
#ifdef SOLARIS_REGEXPS
free(name);
}
-void get_pols_iter(void *data, osa_policy_ent_t entry)
+static void get_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
get_either_iter(data, name);
}
-void get_princs_iter(void *data, krb5_principal princ)
+static void get_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
int *count)
{
struct iter_data data;
- char *msg, *regexp;
+#ifdef BSD_REGEXPS
+ char *msg;
+#endif
+ char *regexp;
int ret;
kadm5_server_handle_t handle = server_handle;
return ret;
}
}
- if (ret = passwd_check(handle, password, (mask & KADM5_POLICY),
- &polent, entry->principal)) {
+ if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY),
+ &polent, entry->principal))) {
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
return ret;
* "defaults" for fields that were not specified by the
* mask.
*/
- if (ret = krb5_timeofday(handle->context, &now)) {
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
+ if ((ret = krb5_timeofday(handle->context, &now))) {
+ if (mask & KADM5_POLICY)
+ (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+ return ret;
}
kdb.magic = KRB5_KDB_MAGIC_NUMBER;
to free the entire kdb entry, and that will try to free the
principal. */
- if (ret = krb5_copy_principal(handle->context,
- entry->principal, &(kdb.princ))) {
+ if ((ret = krb5_copy_principal(handle->context,
+ entry->principal, &(kdb.princ)))) {
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
return(ret);
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) {
- krb5_dbe_free_contents(handle->context, &kdb);
- if (mask & KADM5_POLICY)
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
+ krb5_dbe_free_contents(handle->context, &kdb);
+ if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
+ return(ret);
}
/* initialize the keys */
- if (ret = krb5_dbe_cpw(handle->context, &master_keyblock,
- n_ks_tuple?ks_tuple:handle->params.keysalts,
- n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
- password,
- (mask & KADM5_KVNO)?entry->kvno:1,
- FALSE, &kdb)) {
+ if ((ret = krb5_dbe_cpw(handle->context, &master_keyblock,
+ n_ks_tuple?ks_tuple:handle->params.keysalts,
+ n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+ password,
+ (mask & KADM5_KVNO)?entry->kvno:1,
+ FALSE, &kdb))) {
krb5_dbe_free_contents(handle->context, &kdb);
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
if (principal == NULL)
return EINVAL;
- if (ret = kdb_get_entry(handle, principal, &kdb, &adb))
+ if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
if ((adb.aux_attributes & KADM5_POLICY)) {
return(ret);
}
}
- if (ret = kadm5_free_policy_ent(handle->lhandle, &polent)) {
- kdb_free_entry(handle, &kdb, &adb);
- return ret;
+ if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
+ kdb_free_entry(handle, &kdb, &adb);
+ return ret;
}
}
kadm5_policy_ent_rec npol, opol;
int have_npol = 0, have_opol = 0;
krb5_db_entry kdb;
- krb5_tl_data *tl_data_orig, *tl_data_tail;
+ krb5_tl_data *tl_data_orig;
osa_princ_ent_rec adb;
kadm5_server_handle_t handle = server_handle;
if (mask & KADM5_FAIL_AUTH_COUNT)
entry->fail_auth_count = kdb.fail_auth_count;
if (mask & KADM5_TL_DATA) {
- krb5_tl_data td, *tl, *tl2;
+ krb5_tl_data *tl, *tl2;
entry->tl_data = NULL;
* in hist_key, and added to hist->key_data. hist->n_key_data is
* set to n_key_data.
*/
+static
int create_history_entry(krb5_context context, int n_key_data,
krb5_key_data *key_data, osa_pw_hist_ent *hist)
{
return 0;
}
+static
int free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
{
int i;
kadm5_policy_ent_t pol,
osa_pw_hist_ent *pw)
{
- osa_pw_hist_ent hist, *histp;
- int ret, i;
+ osa_pw_hist_ent *histp;
+ int i;
/* A history of 1 means just check the current password */
if (pol->pw_history_num == 1)
kadm5_policy_ent_rec pol;
osa_princ_ent_rec adb;
krb5_db_entry kdb, kdb_save;
- int ret, ret2, last_pwd, i, hist_added;
+ int ret, ret2, last_pwd, hist_added;
int have_pol = 0;
kadm5_server_handle_t handle = server_handle;
osa_pw_hist_ent hist;
krb5_int32 now;
kadm5_policy_ent_rec pol;
krb5_key_data *key_data;
- krb5_keyblock *keyblock;
int ret, last_pwd, have_pol = 0;
kadm5_server_handle_t handle = server_handle;
osa_princ_ent_rec adb;
krb5_int32 now;
kadm5_policy_ent_rec pol;
- krb5_key_data *key_data;
krb5_keysalt keysalt;
- int i, kvno, ret, last_pwd, have_pol = 0;
- int deskeys;
+ int i, kvno, ret, have_pol = 0;
+#if 0
+ int last_pwd;
+#endif
kadm5_server_handle_t handle = server_handle;
CHECK_HANDLE(server_handle);
kadm5_policy_ent_rec pol;
krb5_key_data *old_key_data;
int n_old_keys;
- int i, j, kvno, ret, last_pwd, have_pol = 0;
+ int i, j, kvno, ret, have_pol = 0;
+#if 0
+ int last_pwd;
+#endif
kadm5_server_handle_t handle = server_handle;
krb5_boolean similar;
krb5_keysalt keysalt;
for (i = 0; i < n_keys; i++) {
for (j = i+1; j < n_keys; j++) {
- if (ret = krb5_c_enctype_compare(handle->context,
- keyblocks[i].enctype,
- keyblocks[j].enctype,
- &similar))
+ if ((ret = krb5_c_enctype_compare(handle->context,
+ keyblocks[i].enctype,
+ keyblocks[j].enctype,
+ &similar)))
return(ret);
- if (similar)
+ if (similar) {
if (n_ks_tuple) {
if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
return KADM5_SETKEY_DUP_ENCTYPES;
} else
return KADM5_SETKEY_DUP_ENCTYPES;
+ }
}
}
/* assert(kdb.n_key_data == n_keys + n_old_keys) */
kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
- if (ret = krb5_timeofday(handle->context, &now))
+ if ((ret = krb5_timeofday(handle->context, &now)))
goto done;
if ((adb.aux_attributes & KADM5_POLICY)) {
kdb.pw_expiration = 0;
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
- goto done;
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
+ goto done;
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
for (i = 0; i < n_key_data; i++) {
- if (ret = krb5_dbekd_decrypt_key_data(context,
- &master_keyblock,
- &key_data[i],
- &keys[i], NULL)) {
+ ret = krb5_dbekd_decrypt_key_data(context, &master_keyblock,
+ &key_data[i],
+ &keys[i], NULL);
+ if (ret) {
memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
free(keys);
/* find_enctype only uses these two fields */
dbent.n_key_data = entry->n_key_data;
dbent.key_data = entry->key_data;
- if (ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
- stype, kvno, &key_data))
+ if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
+ stype, kvno, &key_data)))
return ret;
- if (ret = krb5_dbekd_decrypt_key_data(handle->context,
- &master_keyblock, key_data,
- keyblock, keysalt))
+ if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
+ &master_keyblock, key_data,
+ keyblock, keysalt)))
return ret;
if (kvnop)
projects / krb5.git / commitdiff