From: Paul Park Date: Mon, 7 Aug 1995 17:33:10 +0000 (+0000) Subject: Hacks to get this to compile with the new kdb format X-Git-Tag: krb5-1.0-beta6~1389 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=273a5b356ba998cb182e44fc95c7af5b42203b87;p=krb5.git Hacks to get this to compile with the new kdb format git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6435 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin.v4/server/ChangeLog b/src/kadmin.v4/server/ChangeLog index 61ae0e257..6d1aee18a 100644 --- a/src/kadmin.v4/server/ChangeLog +++ b/src/kadmin.v4/server/ChangeLog @@ -1,4 +1,9 @@ +Mon Aug 7 13:30:46 EDT 1995 Paul Park (pjpark@mit.edu) + * admin_server,kadm_funcs,kadm_ser_wrap.c - Brute force substitutions + to get this to compile. + + Mon Jul 17 15:12:30 EDT 1995 Paul Park (pjpark@mit.edu) * kadm_ser_wrap.c - Add NULL stash file argument to krb5_db_fetch_mkey. diff --git a/src/kadmin.v4/server/admin_server.c b/src/kadmin.v4/server/admin_server.c index d2d59700c..793a1f36c 100644 --- a/src/kadmin.v4/server/admin_server.c +++ b/src/kadmin.v4/server/admin_server.c @@ -379,9 +379,11 @@ struct sockaddr_in *who; cleanexit(2); } - status = krb5_kdb_decrypt_key(kadm_context, &server_parm.master_encblock, - &sprinc_entries.key, - &cpw_skey); + status = krb5_dbekd_decrypt_key_data(kadm_context, + &server_parm.master_encblock, + &sprinc_entries.key_data[0], + &cpw_skey, + (krb5_keysalt *) NULL); if (status) { syslog(LOG_ERR, "decrypt_key failed: %s", error_message(status)); cleanexit(1); diff --git a/src/kadmin.v4/server/kadm_funcs.c b/src/kadmin.v4/server/kadm_funcs.c index 825beaffd..9493f2740 100644 --- a/src/kadmin.v4/server/kadm_funcs.c +++ b/src/kadmin.v4/server/kadm_funcs.c @@ -53,23 +53,17 @@ kadm_entry2princ(entry, princ) /* NOTE: does not convert the key */ memset(princ, 0, sizeof (*princ)); - retval = krb5_524_conv_principal(kadm_context, entry.principal, + retval = krb5_524_conv_principal(kadm_context, entry.princ, princ->name, princ->instance, realm); if (retval) return retval; princ->exp_date = entry.expiration; strncpy(ctime((const time_t *) &entry.expiration), princ->exp_date_txt, DATE_SZ); - princ->mod_date = entry.mod_date; - strncpy(ctime((const time_t *) &entry.mod_date), princ->mod_date_txt, - DATE_SZ); princ->attributes = entry.attributes; princ->max_life = entry.max_life / (60 * 5); princ->kdc_key_ver = entry.mkvno; - princ->key_version = entry.kvno; - retval = krb5_524_conv_principal(kadm_context, entry.mod_name, - princ->mod_name, princ->mod_instance, - realm); + princ->key_version = entry.key_data[0].key_data_kvno; if (retval) return retval; return 0; @@ -86,22 +80,21 @@ kadm_princ2entry(princ, entry) memset(entry, 0, sizeof (*entry)); /* yeah yeah stupid v4 database doesn't store realm names */ retval = krb5_425_conv_principal(kadm_context, princ.name, princ.instance, - server_parm.krbrlm, &entry->principal); + server_parm.krbrlm, &entry->princ); if (retval) return retval; - entry->kvno = princ.key_version; entry->max_life = princ.max_life * (60 * 5); entry->max_renewable_life = server_parm.max_rlife; /* XXX yeah well */ entry->mkvno = server_parm.mkvno; /* XXX */ entry->expiration = princ.exp_date; - retval = krb5_425_conv_principal(kadm_context, princ.mod_name, - princ.mod_instance, - server_parm.krbrlm, &entry->mod_name); - if (retval) - return retval; - entry->mod_date = princ.mod_date; entry->attributes = princ.attributes; - entry->salt_type = KRB5_KDB_SALTTYPE_V4; + + if (!(retval = krb5_dbe_create_key_data(kadm_context, entry))) { + entry->key_data[0].key_data_type[0] = (krb5_int16) KEYTYPE_DES; + entry->key_data[0].key_data_type[1] = (krb5_int16) KRB5_KDB_SALTTYPE_V4; + entry->key_data[0].key_data_kvno = (krb5_int16) princ.key_version; + } + return(retval); } int @@ -162,7 +155,7 @@ Kadm_vals *valsout; krb5_db_entry newentry, tmpentry; krb5_boolean more; krb5_keyblock newpw; - krb5_encrypted_keyblock encpw; + krb5_tl_mod_princ mprinc; int numfound; if (!check_access(rname, rinstance, rrealm, ADDACL)) { @@ -190,6 +183,12 @@ Kadm_vals *valsout; if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) data_i.max_life = server_parm.max_life; + retval = kadm_princ2entry(data_i, &newentry); + if (retval) { + krb5_db_free_principal(kadm_context, &newentry, 1); + failadd(retval); + } + newpw.magic = KV5M_KEYBLOCK; newpw.etype = ETYPE_UNKNOWN; if ((newpw.contents = (krb5_octet *)malloc(8)) == NULL) @@ -201,8 +200,12 @@ Kadm_vals *valsout; newpw.length = 8; newpw.keytype = KEYTYPE_DES; /* encrypt new key in master key */ - retval = krb5_kdb_encrypt_key(kadm_context, &server_parm.master_encblock, - &newpw, &encpw); + retval = krb5_dbekd_encrypt_key_data(kadm_context, + &server_parm.master_encblock, + &newpw, + (krb5_keysalt *) NULL, + (int) ++data_i.key_version, + &newentry.key_data[0]); memset((char *)newpw.contents, 0, newpw.length); free(newpw.contents); if (retval) { @@ -210,17 +213,8 @@ Kadm_vals *valsout; } data_o = data_i; - retval = kadm_princ2entry(data_i, &newentry); - if (retval) { - memset((char *)encpw.contents, 0, encpw.length); - free(encpw.contents); - krb5_db_free_principal(kadm_context, &newentry, 1); - failadd(retval); - } - - newentry.key = encpw; numfound = 1; - retval = krb5_db_get_principal(kadm_context, newentry.principal, + retval = krb5_db_get_principal(kadm_context, newentry.princ, &tmpentry, &numfound, &more); if (retval) { @@ -232,16 +226,22 @@ Kadm_vals *valsout; krb5_db_free_principal(kadm_context, &newentry, 1); failadd(KADM_INUSE); } else { - newentry.kvno = ++data_i.key_version; - if (retval = krb5_timeofday(kadm_context, &newentry.mod_date)) { + if (retval = krb5_timeofday(kadm_context, &mprinc.mod_date)) { krb5_db_free_principal(kadm_context, &newentry, 1); failadd(retval); } - if (newentry.mod_name) - krb5_free_principal(kadm_context, newentry.mod_name); - newentry.mod_name = NULL; /* in case the following breaks */ + mprinc.mod_princ = NULL; /* in case the following breaks */ retval = krb5_425_conv_principal(kadm_context, rname, rinstance, rrealm, - &newentry.mod_name); + &mprinc.mod_princ); + if (retval) { + krb5_db_free_principal(kadm_context, &newentry, 1); + failadd(retval); + } + + retval = krb5_dbe_encode_mod_princ_data(kadm_context, + &mprinc, + &newentry); + krb5_free_principal(kadm_context, mprinc.mod_princ); if (retval) { krb5_db_free_principal(kadm_context, &newentry, 1); failadd(retval); @@ -258,7 +258,7 @@ Kadm_vals *valsout; failadd(KADM_UK_SERROR); } else { numfound = 1; - retval = krb5_db_get_principal(kadm_context, newentry.principal, + retval = krb5_db_get_principal(kadm_context, newentry.princ, &tmpentry, &numfound, &more); krb5_db_free_principal(kadm_context, &newentry, 1); @@ -433,10 +433,10 @@ Kadm_vals *valsout; /* the actual record which is returned */ Principal data_o, temp_key; u_char fields[4]; krb5_keyblock newpw; - krb5_encrypted_keyblock encpw; krb5_error_code retval; krb5_principal theprinc; krb5_db_entry newentry, odata; + krb5_tl_mod_princ mprinc; if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { failmod(KADM_ILL_WILDCARD); @@ -462,8 +462,8 @@ Kadm_vals *valsout; /* the actual record which is returned */ failmod(retval); } else if (numfound == 1) { kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - krb5_free_principal(kadm_context, newentry.principal); - newentry.principal = theprinc; + krb5_free_principal(kadm_context, newentry.princ); + newentry.princ = theprinc; if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) newentry.expiration = temp_key.exp_date; if (IS_FIELD(KADM_ATTR,valsin2->fields)) @@ -471,7 +471,6 @@ Kadm_vals *valsout; /* the actual record which is returned */ if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) newentry.max_life = temp_key.max_life; if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { - newentry.kvno++; newentry.mkvno = server_parm.mkvno; if ((newpw.contents = (krb5_octet *)malloc(8)) == NULL) { krb5_db_free_principal(kadm_context, &newentry, 1); @@ -486,9 +485,18 @@ Kadm_vals *valsout; /* the actual record which is returned */ temp_key.key_high = ntohl(temp_key.key_high); memcpy(newpw.contents, &temp_key.key_low, 4); memcpy(newpw.contents + 4, &temp_key.key_high, 4); + if (newentry.key_data[0].key_data_contents[0]) { + krb5_xfree(newentry.key_data[0].key_data_contents[0]); + newentry.key_data[0].key_data_contents[0] = (krb5_octet *) NULL; + } /* encrypt new key in master key */ - retval = krb5_kdb_encrypt_key(kadm_context, &server_parm.master_encblock, - &newpw, &encpw); + retval = krb5_dbekd_encrypt_key_data(kadm_context, + &server_parm.master_encblock, + &newpw, + (krb5_keysalt *) NULL, + (int) newentry.key_data[0]. + key_data_kvno+1, + &newentry.key_data[0]); memset(newpw.contents, 0, newpw.length); free(newpw.contents); memset((char *)&temp_key, 0, sizeof(temp_key)); @@ -496,22 +504,27 @@ Kadm_vals *valsout; /* the actual record which is returned */ krb5_db_free_principal(kadm_context, &newentry, 1); failmod(retval); } - if (newentry.key.contents) { - memset((char *)newentry.key.contents, 0, newentry.key.length); - free(newentry.key.contents); - } - newentry.key = encpw; } - if (retval = krb5_timeofday(kadm_context, &newentry.mod_date)) { + if (retval = krb5_timeofday(kadm_context, &mprinc.mod_date)) { krb5_db_free_principal(kadm_context, &newentry, 1); failmod(retval); } retval = krb5_425_conv_principal(kadm_context, rname, rinstance, rrealm, - &newentry.mod_name); + &mprinc.mod_princ); + if (retval) { + krb5_db_free_principal(kadm_context, &newentry, 1); + failmod(retval); + } + + retval = krb5_dbe_encode_mod_princ_data(kadm_context, + &mprinc, + &newentry); + krb5_free_principal(kadm_context, mprinc.mod_princ); if (retval) { krb5_db_free_principal(kadm_context, &newentry, 1); failmod(retval); } + numfound = 1; retval = krb5_db_put_principal(kadm_context, &newentry, &numfound); memset((char *)&data_o, 0, sizeof(data_o)); @@ -520,7 +533,7 @@ Kadm_vals *valsout; /* the actual record which is returned */ failmod(retval); } else { numfound = 1; - retval = krb5_db_get_principal(kadm_context, newentry.principal, &odata, + retval = krb5_db_get_principal(kadm_context, newentry.princ, &odata, &numfound, &more); krb5_db_free_principal(kadm_context, &newentry, 1); if (retval) { @@ -562,7 +575,6 @@ des_cblock newpw; krb5_principal rprinc; krb5_error_code retval; krb5_keyblock localpw; - krb5_encrypted_keyblock encpw; krb5_db_entry odata; if (strcmp(server_parm.krbrlm, rrealm)) { @@ -587,36 +599,29 @@ des_cblock newpw; localpw.etype = ETYPE_UNKNOWN; localpw.keytype = KEYTYPE_DES; localpw.length = 8; - /* encrypt new key in master key */ - retval = krb5_kdb_encrypt_key(kadm_context, &server_parm.master_encblock, - &localpw, &encpw); - memset((char *)localpw.contents, 0, 8); - free(localpw.contents); - if (retval) { - krb5_free_principal(kadm_context, rprinc); - failchange(retval); - } numfound = 1; retval = krb5_db_get_principal(kadm_context, rprinc, &odata, &numfound, &more); krb5_free_principal(kadm_context, rprinc); if (retval) { + memset(localpw.contents, 0, localpw.length); + free(localpw.contents); failchange(retval); } else if (numfound == 1) { - odata.key = encpw; - odata.kvno++; + odata.key_data[0].key_data_kvno++; odata.mkvno = server_parm.mkvno; - if (retval = krb5_timeofday(kadm_context, &odata.mod_date)) { - krb5_db_free_principal(kadm_context, &odata, 1); - failchange(retval); - } - krb5_425_conv_principal(kadm_context, rname, rinstance, - server_parm.krbrlm, &odata.mod_name); + numfound = 1; + retval = krb5_dbekd_encrypt_key_data(kadm_context, + &server_parm.master_encblock, + &localpw, + (krb5_keysalt *) NULL, + (int) odata.key_data[0].key_data_kvno, + &odata.key_data[0]); + memset(localpw.contents, 0, localpw.length); + free(localpw.contents); if (retval) { - krb5_db_free_principal(kadm_context, &odata, 1); failchange(retval); } - numfound = 1; retval = krb5_db_put_principal(kadm_context, &odata, &numfound); krb5_db_free_principal(kadm_context, &odata, 1); if (retval) { @@ -850,7 +855,6 @@ kadm_chg_srvtab(rname, rinstance, rrealm, values) krb5_db_entry odata; krb5_boolean more; krb5_keyblock newpw; - krb5_encrypted_keyblock encpw; if (!check_access(rname, rinstance, rrealm, STABACL)) failsrvtab(KADM_UNAUTH); @@ -874,20 +878,21 @@ kadm_chg_srvtab(rname, rinstance, rrealm, values) krb5_free_principal(kadm_context, inprinc); failsrvtab(retval); } else if (numfound) { - odata.kvno++; + odata.key_data[0].key_data_kvno++; } else { /* * This is a new srvtab entry that we're creating */ isnew = 1; memset((char *)&odata, 0, sizeof (odata)); - odata.principal = inprinc; - odata.kvno = 1; + odata.princ = inprinc; odata.max_life = server_parm.max_life; odata.max_renewable_life = server_parm.max_rlife; odata.mkvno = server_parm.mkvno; odata.expiration = server_parm.expiration; odata.attributes = 0; + if (!krb5_dbe_create_key_data(kadm_context, &odata)) + odata.key_data[0].key_data_kvno = 1; } #ifdef NOENCRYPTION @@ -927,25 +932,14 @@ kadm_chg_srvtab(rname, rinstance, rrealm, values) * Encrypt the new key with the master key, and then update * the database record */ - retval = krb5_kdb_encrypt_key(kadm_context, &server_parm.master_encblock, - &newpw, &encpw); + retval = krb5_dbekd_encrypt_key_data(kadm_context, + &server_parm.master_encblock, + &newpw, + (krb5_keysalt *) NULL, + (int) odata.key_data[0].key_data_kvno, + &odata.key_data[0]); memset((char *)newpw.contents, 0, 8); free(newpw.contents); - if (odata.key.contents) { - memset((char *)odata.key.contents, 0, odata.key.length); - free(odata.key.contents); - } - odata.key = encpw; - if (retval) { - krb5_db_free_principal(kadm_context, &odata, 1); - failsrvtab(retval); - } - if (retval = krb5_timeofday(kadm_context, &odata.mod_date)) { - krb5_db_free_principal(kadm_context, &odata, 1); - failsrvtab(retval); - } - retval = krb5_425_conv_principal(kadm_context, rname, rinstance, - server_parm.krbrlm, &odata.mod_name); if (retval) { krb5_db_free_principal(kadm_context, &odata, 1); failsrvtab(retval); diff --git a/src/kadmin.v4/server/kadm_ser_wrap.c b/src/kadmin.v4/server/kadm_ser_wrap.c index a2daf2307..da59032d1 100644 --- a/src/kadmin.v4/server/kadm_ser_wrap.c +++ b/src/kadmin.v4/server/kadm_ser_wrap.c @@ -109,7 +109,7 @@ kadm_ser_init(inter, realm) server_parm.max_life = master_entry.max_life; server_parm.max_rlife = master_entry.max_renewable_life; server_parm.expiration = master_entry.expiration; - server_parm.mkvno = master_entry.kvno; + server_parm.mkvno = master_entry.key_data[0].key_data_kvno; /* don't set flags, as master has some extra restrictions (??? quoted from kdb_edit.c) */ krb5_db_free_principal(kadm_context, &master_entry, numfound);