From 1752db3014e1d8416ab8ef49eede1e198e1607b5 Mon Sep 17 00:00:00 2001
From: Paul Park <pjpark@mit.edu>
Date: Thu, 10 Aug 1995 18:56:43 +0000
Subject: [PATCH] Use adm_find_keytype() and adm_update_tl_attrs() to handle
 new db format

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6502 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kadmin.old/server/ChangeLog      | 14 ++++++++
 src/kadmin.old/server/adm_adm_func.c | 52 +++++++++++++++++++++++-----
 src/kadmin.old/server/adm_extern.h   | 12 +++++++
 src/kadmin.old/server/adm_fmt_inq.c  | 32 ++++++++++++++---
 src/kadmin.old/server/adm_process.c  | 29 ++++++++++++++--
 src/kadmin.old/server/adm_server.c   | 15 ++++++--
 6 files changed, 136 insertions(+), 18 deletions(-)

diff --git a/src/kadmin.old/server/ChangeLog b/src/kadmin.old/server/ChangeLog
index 9ae28605d..cd9333c88 100644
--- a/src/kadmin.old/server/ChangeLog
+++ b/src/kadmin.old/server/ChangeLog
@@ -1,4 +1,18 @@
 
+Thu Aug 10 14:38:14 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* adm_funcs.c - Rework adm_modify_kdb() to use kdb5's change-password
+		interfaces.  Gut callers of adm_modify_kdb() because most of
+		the work is done in kdb_cpw.c.  Add adm_find_keytype and adm_
+		update_tl_attrs.
+	* adm_extern.h - Add prototypes for adm_find_keytype() and adm_update_
+		tl_attrs().
+	* adm_adm_func, adm_fmt_inq.c - Use adm_find_keytype() to locate the
+		key_data entry for a particular key/salt type instead of
+		assuming that it's always in the first slot.  Actually handle
+		mod_name and mod_date now.
+	* adm_process, adm_server.c - Find the latest DES key for use instead
+		of assuming that it's in the first slot.
+
 Thu Aug 3 11:46:10 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* adm_{adm_func,fmt_inq,funcs,process,server}.c - In order to get
 		things to compile, replace "salt_type" with "key_data[0].
diff --git a/src/kadmin.old/server/adm_adm_func.c b/src/kadmin.old/server/adm_adm_func.c
index 5f9c860b1..6fbd8e58b 100644
--- a/src/kadmin.old/server/adm_adm_func.c
+++ b/src/kadmin.old/server/adm_adm_func.c
@@ -56,6 +56,7 @@ adm_build_key (context, auth_context, new_passwd, oper_type, entry)
     krb5_replay_data replaydata;
     krb5_data outbuf;
     int retval;
+    krb5_key_data *key_data;
 #if defined(MACH_PASS) || defined(SANDIA)
     char *tmp_phrase;
     char *tmp_passwd;
@@ -107,7 +108,15 @@ adm_build_key (context, auth_context, new_passwd, oper_type, entry)
     outbuf.length = 3;
     
     if (oper_type == CHGOPER || oper_type == CH4OPER) {
-	outbuf.data[3] = entry.key_data[0].key_data_type[1];
+	key_data = (krb5_key_data *) NULL;
+	if (adm_find_keytype(&entry,
+			     KEYTYPE_DES,
+			     ((oper_type == CHGOPER) ? 
+			      KRB5_KDB_SALTTYPE_NORMAL : KRB5_KDB_SALTTYPE_V4),
+			     &key_data)) {
+	    com_err("adm_build_key", ENOENT, "finding key data");
+	}
+	outbuf.data[3] = key_data->key_data_type[1];
 	outbuf.length = 4;
     }
     
@@ -222,8 +231,6 @@ adm_change_pwd(context, auth_context, prog, customer_name, salttype)
     
     retval = krb5_unparse_name(context, newprinc, &composite_name);
 
-    entry.key_data[0].key_data_type[1] = (krb5_int16) salttype;
-
     if (retval = adm_enter_pwd_key(context, "adm_change_pwd",              
 				   composite_name,
 				   newprinc,
@@ -580,10 +587,36 @@ adm_mod_old_key(context, auth_context, cmdname, customer_name)
 	    entry.fail_auth_count = atoi(tempstr);
 	}
 #endif
+
 	if (msg_data.data[3] == KMODVNO) {
+	    krb5_key_data	*kdata;
+
 	    (void) memcpy(tempstr, (char *) msg_data.data + 4,
 			  msg_data.length - 4);
-	    entry.key_data[0].key_data_kvno = atoi(tempstr);
+	    /*
+	     * We could loop through all the supported key/salt types, but
+	     * we don't have that technology yet.
+	     */
+	    if (!adm_find_keytype(&entry,
+				  KEYTYPE_DES,
+				  KRB5_KDB_SALTTYPE_NORMAL,
+				  &kdata))
+		kdata->key_data_kvno = atoi(tempstr);
+	    if (!adm_find_keytype(&entry,
+				  KEYTYPE_DES,
+				  KRB5_KDB_SALTTYPE_V4,
+				  &kdata))
+		kdata->key_data_kvno = atoi(tempstr);
+	    if (!adm_find_keytype(&entry,
+				  KEYTYPE_DES,
+				  KRB5_KDB_SALTTYPE_NOREALM,
+				  &kdata))
+		kdata->key_data_kvno = atoi(tempstr);
+	    if (!adm_find_keytype(&entry,
+				  KEYTYPE_DES,
+				  KRB5_KDB_SALTTYPE_ONLYREALM,
+				  &kdata))
+		kdata->key_data_kvno = atoi(tempstr);
 	}
 	
 	if (msg_data.data[3] == KMODATTR) {
@@ -636,15 +669,16 @@ adm_mod_old_key(context, auth_context, cmdname, customer_name)
         }
 	
 	free(msg_data.data);
-#ifdef	notdef
-	entry.mod_name = client_server_info.client;
-	if (retval = krb5_timeofday(context, &entry.mod_date)) {
-	    com_err("adm_mod_old_key", retval, "while fetching date");
+	if (adm_update_tl_attrs(context,
+				&entry,
+				client_server_info.client,
+				0)) {
+	    com_err("adm_mod_old_key", retval,
+		    "while updating modification attributes");
 	    krb5_free_principal(context, newprinc);
 	    krb5_db_free_principal(context, &entry, nprincs);
 	    return(5);		/* Protocol Failure */
 	}
-#endif	/* notdef */
 	
 	retval = krb5_db_put_principal(context, &entry, &one);
 	if (retval) {
diff --git a/src/kadmin.old/server/adm_extern.h b/src/kadmin.old/server/adm_extern.h
index f6ec87084..8e621eaae 100644
--- a/src/kadmin.old/server/adm_extern.h
+++ b/src/kadmin.old/server/adm_extern.h
@@ -158,6 +158,18 @@ krb5_error_code adm_enter_rnd_pwd_key
 		   int,
 		   krb5_db_entry *));
 
+krb5_error_code adm_find_keytype
+	PROTOTYPE((krb5_db_entry *,
+		   krb5_keytype,
+		   krb5_int32,
+		   krb5_key_data **));
+
+krb5_error_code adm_update_tl_attrs
+	PROTOTYPE((krb5_context,
+		   krb5_db_entry *,
+		   krb5_principal,
+		   krb5_boolean));
+
 krb5_error_code adm5_kadmin
 	PROTOTYPE((krb5_context,
 		   krb5_auth_context,
diff --git a/src/kadmin.old/server/adm_fmt_inq.c b/src/kadmin.old/server/adm_fmt_inq.c
index 074a75e43..f111c2341 100644
--- a/src/kadmin.old/server/adm_fmt_inq.c
+++ b/src/kadmin.old/server/adm_fmt_inq.c
@@ -134,6 +134,10 @@ adm_print_exp_time(context, ret_data, time_input)
     return(0);
 }
 
+/*
+ * With the new database format, we assume that a database entry always has a
+ * key which is des:normal
+ */
 krb5_error_code
 adm_fmt_prt(context, entry, Principal_name, ret_data)
     krb5_context context;
@@ -143,6 +147,8 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
 {
     struct tm *mod_time;
     krb5_error_code retval;
+    krb5_key_data	*pkey;
+    krb5_tl_mod_princ	*mprinc_data;
 #ifdef SANDIA
     struct tm *exp_time;
     int pwd_expire;
@@ -162,15 +168,30 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
     sprintf(thisline, "Maximum Renewal Lifetime (MRL) = %d (seconds)\n", 
 			entry->max_renewable_life);
     strcat(my_data, thisline);
+    pkey = (krb5_key_data *) NULL;
+    if (retval = adm_find_keytype(entry,
+				  KEYTYPE_DES,
+				  KRB5_KDB_SALTTYPE_NORMAL,
+				  &pkey)) {
+	free(my_data);
+	return retval;
+    }
     sprintf(thisline, "Principal Key Version (PKV) = %d\n",
-	    entry->key_data[0].key_data_kvno);
+	    pkey->key_data_kvno);
     strcat(my_data, thisline);
     if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) {
 	free(my_data);
 	return retval;
     }
-#ifdef	notdef
-    mod_time = localtime((time_t *) &entry->mod_date);
+
+    /*
+     * Find the modification tagged entry.
+     */
+    if (krb5_dbe_decode_mod_princ_data(context, entry, &mprinc_data)) {
+	free(my_data);
+	return retval;
+    }
+    mod_time = localtime((time_t *) &mprinc_data->mod_date);
     sprintf(thisline, 
 	"Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
            (mod_time->tm_year >= 100) ? 20 : 19,
@@ -181,12 +202,13 @@ adm_fmt_prt(context, entry, Principal_name, ret_data)
            mod_time->tm_min,
            mod_time->tm_sec);
     strcat(my_data, thisline);
-#endif	/* notdef */
+    krb5_free_principal(context, mprinc_data->mod_princ);
+    krb5_xfree(mprinc_data);
     if (retval = adm_print_attributes(my_data, entry->attributes)) {
 	free(my_data);
 	return retval;
     }
-    switch (entry->key_data[0].key_data_type[1] & 0xff) {
+    switch (pkey->key_data_type[1] & 0xff) {
            case 0 : strcat(my_data,
 			"Principal Salt Type (PST) = Version 5 Normal\n");
 		    break;
diff --git a/src/kadmin.old/server/adm_process.c b/src/kadmin.old/server/adm_process.c
index eb5af3e58..39fc77d71 100644
--- a/src/kadmin.old/server/adm_process.c
+++ b/src/kadmin.old/server/adm_process.c
@@ -49,6 +49,7 @@ cpw_keyproc(context, keyblock)
     krb5_boolean more;
     int nprincs = 1;
     krb5_keysalt salt;
+    krb5_key_data *kdatap;
 
     if (*keyblock == NULL) {
 	if (retval = krb5_parse_name(context, 
@@ -78,10 +79,21 @@ cpw_keyproc(context, keyblock)
 	    return(ENOMEM);
 	}
 
+	/* Find our key */
+	if (retval = adm_find_keytype(&cpw_entry,
+				      KEYTYPE_DES,
+				      -1,
+				      &kdatap)) {
+	    krb5_db_free_principal(context, &cpw_entry, nprincs);
+	    syslog(LOG_ERR, "cpw_keyproc: cannot find server DES key");
+	    close(client_server_info.client_socket);
+	    return(retval);
+	}
+
 	/* Extract the real kadmin/<realm> keyblock */
 	if (retval = krb5_dbekd_decrypt_key_data(context, 
 				&master_encblock,
-				&cpw_entry.key_data[0],
+				kdatap,
 				realkey,
 				&salt)) {
 	    krb5_db_free_principal(context, &cpw_entry, nprincs);
@@ -132,6 +144,7 @@ process_client(context, prog)
     krb5_keysalt salt;
     
     krb5_timestamp adm_time;
+    krb5_key_data *kdatap;
 
     outbuf.data = retbuf;
     if (setsockopt(client_server_info.client_socket, 
@@ -192,10 +205,22 @@ process_client(context, prog)
 	exit(0);
     }
 
+    /* Find our key */
+    if (retval = adm_find_keytype(&server_entry,
+				  KEYTYPE_DES,
+				  -1,
+				  &kdatap)) {
+	krb5_db_free_principal(context, &server_entry, number_of_entries);
+	syslog(LOG_ERR, 
+	       "kadmind error: cannot find server DES key");
+	close(client_server_info.client_socket);
+	exit(0);
+    }
+
     /* Extract the real kadmin/<realm> keyblock */
     if (retval = krb5_dbekd_decrypt_key_data(context, 
 				      &master_encblock,
-				      &server_entry.key_data[0],
+				      kdatap,
 				      cpw_keyblock,
 				      &salt)) {
 	krb5_db_free_principal(context, &server_entry, number_of_entries);
diff --git a/src/kadmin.old/server/adm_server.c b/src/kadmin.old/server/adm_server.c
index a8cb92f4a..fcb95b08a 100644
--- a/src/kadmin.old/server/adm_server.c
+++ b/src/kadmin.old/server/adm_server.c
@@ -277,6 +277,7 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
     int number_of_entries;
     char tgs_name[255];
     krb5_keysalt	salt;
+    krb5_key_data	*kdatap;
 
     /* set db name if appropriate */
     if (dbname && (retval = krb5_db_set_name(context, dbname)))
@@ -358,8 +359,18 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
 	convert server.key into a real key 
 	(it may be encrypted in the database) 
  */
+    if (retval = adm_find_keytype(&server_entry,
+				  KEYTYPE_DES,
+				  -1,
+				  &kdatap)) {
+	krb5_db_free_principal(context, &server_entry, number_of_entries);
+	(void) krb5_finish_key(context, &master_encblock);
+	memset((char *)&master_encblock, 0, sizeof(master_encblock));
+	(void) krb5_db_fini(context);
+	return(retval);
+    }
     if (retval = krb5_dbekd_decrypt_key_data(context,&master_encblock,
-				      &server_entry.key_data[0],&tgs_key,
+				      kdatap,&tgs_key,
 				      &salt)) {
 	krb5_db_free_principal(context, &server_entry, number_of_entries);
 	(void) krb5_finish_key(context, &master_encblock);
@@ -368,7 +379,7 @@ init_db(context, dbname, masterkeyname, masterkeyblock)
 	return(retval);
     }
 
-    tgs_kvno = server_entry.key_data[0].key_data_kvno;
+    tgs_kvno = kdatap->key_data_kvno;
     krb5_db_free_principal(context, &server_entry, number_of_entries);
     return(0);
 }
-- 
2.26.2