krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext,
char *keyfile,
krb5_principal mname,
- krb5_keylist_node *keylist,
char *master_pwd);
krb5_error_code krb5_db_fetch_mkey ( krb5_context context,
krb5_principal mname,
krb5_error_code
krb5_db_fetch_mkey_list( krb5_context context,
krb5_principal mname,
- const krb5_keyblock * mkey,
- krb5_kvno mkvno,
- krb5_keylist_node **mkeys_list );
-/**
- * Free a master keylist.
- */
-void
-krb5_db_free_mkey_list( krb5_context context,
- krb5_keylist_node *mkey_list );
+ const krb5_keyblock * mkey );
krb5_error_code
krb5_dbe_find_enctype( krb5_context kcontext,
krb5_error_code
krb5_dbe_find_act_mkey( krb5_context context,
- krb5_keylist_node * mkey_list,
krb5_actkvno_node * act_mkey_list,
krb5_kvno * act_kvno,
krb5_keyblock ** act_mkey);
krb5_error_code
krb5_dbe_find_mkey( krb5_context context,
- krb5_keylist_node * mkey_list,
krb5_db_entry * entry,
krb5_keyblock ** mkey);
krb5_db_entry * entry,
krb5_kvno * mkvno);
+krb5_keylist_node *
+krb5_db_mkey_list_alias( krb5_context kcontext );
+
/* Set *mkvno to mkvno in entry tl_data, or minimum value from mkey_list. */
krb5_error_code
krb5_dbe_get_mkvno( krb5_context context,
krb5_db_entry * entry,
- krb5_keylist_node * mkey_list,
krb5_kvno * mkvno);
krb5_error_code
krb5_def_fetch_mkey_list( krb5_context context,
krb5_principal mprinc,
const krb5_keyblock *mkey,
- krb5_kvno mkvno,
krb5_keylist_node **mkeys_list);
krb5_error_code
krb5_error_code (*fetch_master_key_list)(krb5_context kcontext,
krb5_principal mname,
const krb5_keyblock *key,
- krb5_kvno kvno,
krb5_keylist_node **mkeys_list);
/*
krb5_keyblock *tmp_mkey;
key_data = &db_entry->key_data[i];
- retval = krb5_dbe_find_mkey(context, master_keylist, db_entry, &tmp_mkey);
+ retval = krb5_dbe_find_mkey(context, db_entry, &tmp_mkey);
if (retval)
return retval;
retval = krb5_dbe_decrypt_key_data(context, tmp_mkey, key_data,
bool_t dump_sno = FALSE;
kdb_log_context *log_ctx;
unsigned int ipropx_version = IPROPX_VERSION_0;
- krb5_keylist_node *mkeys;
/*
* Parse the arguments.
exit(1);
}
retval = krb5_db_fetch_mkey_list(util_context, master_princ,
- &master_keyblock, IGNORE_VNO,
- &mkeys);
+ &master_keyblock);
if (retval) {
com_err(progname, retval, _("while verifying master key"));
exit(1);
}
- krb5_db_free_mkey_list(util_context, mkeys);
}
new_master_keyblock.enctype = global_params.enctype;
if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
extern krb5_keyblock master_keyblock; /* current mkey */
extern krb5_kvno master_kvno;
extern krb5_principal master_princ;
-extern krb5_keylist_node *master_keylist;
extern krb5_data master_salt;
extern char *mkey_password;
extern char *progname;
krb5_key_data tmp_key_data, *old_key_data;
krb5_mkey_aux_node *mkey_aux_data_head = NULL, **mkey_aux_data;
krb5_keylist_node *keylist_node;
+ krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(context);
/* do this before modifying master_entry key_data */
new_mkey_kvno = get_next_kvno(context, master_entry);
krb5_db_entry *master_entry;
krb5_keylist_node *keylist_node;
krb5_boolean inserted = FALSE;
+ krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
memset(&master_princ, 0, sizeof(master_princ));
krb5_db_entry *master_entry;
krb5_keylist_node *cur_kb_node;
krb5_keyblock *act_mkey;
+ krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
if (master_keylist == NULL) {
com_err(progname, 0, _("master keylist not initialized"));
if (actkvno_list == NULL) {
act_kvno = master_entry->key_data[0].key_data_kvno;
} else {
- retval = krb5_dbe_find_act_mkey(util_context, master_keylist,
- actkvno_list, &act_kvno, &act_mkey);
+ retval = krb5_dbe_find_act_mkey(util_context, actkvno_list, &act_kvno,
+ &act_mkey);
if (retval == KRB5_KDB_NOACTMASTERKEY) {
/* Maybe we went through a time warp, and the only keys
with activation dates have them set in the future? */
goto skip;
}
p->re_match_count++;
- retval = krb5_dbe_get_mkvno(util_context, ent, master_keylist, &old_mkvno);
+ retval = krb5_dbe_get_mkvno(util_context, ent, &old_mkvno);
if (retval) {
com_err(progname, retval,
_("determining master key used for principal '%s'"), pname);
#endif
char *regexp = NULL;
krb5_keyblock *tmp_keyblock = NULL;
+ krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
while ((optchar = getopt(argc, argv, "fnv")) != -1) {
switch (optchar) {
master_entry->n_key_data,
master_entry->key_data);
- retval = krb5_dbe_find_mkey(util_context, master_keylist,
- master_entry, &tmp_keyblock);
+ retval = krb5_dbe_find_mkey(util_context, master_entry, &tmp_keyblock);
if (retval) {
com_err(progname, retval, _("retrieving the most recent master key"));
exit_status++;
cleanup:
free(regexp);
memset(&new_master_keyblock, 0, sizeof(new_master_keyblock));
- krb5_free_keyblock(util_context, tmp_keyblock);
krb5_free_unparsed_name(util_context, mkey_fullname);
krb5_dbe_free_actkvno_list(util_context, actkvno_list);
}
args = (struct purge_args *) ptr;
- retval = krb5_dbe_get_mkvno(args->kcontext, entry, master_keylist, &mkvno);
+ retval = krb5_dbe_get_mkvno(args->kcontext, entry, &mkvno);
if (retval)
return (retval);
krb5_mkey_aux_node *mkey_aux_list = NULL, *mkey_aux_entry, *prev_mkey_aux_entry;
krb5_key_data *old_key_data;
+ /*
+ * Verify that the master key list has been initialized before doing
+ * anything else.
+ */
+ if (krb5_db_mkey_list_alias(util_context) == NULL) {
+ com_err(progname, KRB5_KDB_DBNOTINITED,
+ _("master keylist not initialized"));
+ exit_status++;
+ return;
+ }
+
memset(&master_princ, 0, sizeof(master_princ));
memset(&args, 0, sizeof(args));
}
}
- if (master_keylist == NULL) {
- com_err(progname, 0, _("master keylist not initialized"));
- exit_status++;
- return;
- }
-
/* assemble & parse the master key name */
if ((retval = krb5_db_setup_mkey_name(util_context,
global_params.mkey_name,
#include "kdb5_util.h"
extern krb5_keyblock master_keyblock;
-extern krb5_keylist_node *master_keylist;
extern krb5_principal master_princ;
extern kadm5_config_params global_params;
}
retval = krb5_db_fetch_mkey_list(util_context, master_princ,
- &master_keyblock, mkey_kvno,
- &master_keylist);
+ &master_keyblock);
if (retval) {
com_err(progname, retval, _("while getting master key list"));
exit_status++; return;
}
retval = krb5_db_store_master_key_list(util_context, keyfile, master_princ,
- master_keylist, NULL);
+ NULL);
if (retval) {
com_err(progname, errno, _("while storing key"));
exit_status++; return;
krb5_keyblock master_keyblock;
krb5_kvno master_kvno; /* fetched */
-extern krb5_keylist_node *master_keylist;
extern krb5_principal master_princ;
krb5_db_entry *master_entry = NULL;
int valid_master_key = 0;
}
if ((retval = krb5_db_fetch_mkey_list(util_context, master_princ,
- &master_keyblock, master_kvno,
- &master_keylist))) {
+ &master_keyblock))) {
com_err(progname, retval, "while getting master key list");
com_err(progname, 0, "Warning: proceeding without master key list");
exit_status++;
exit_status++;
memset(master_keyblock.contents, 0, master_keyblock.length);
krb5_free_keyblock_contents(util_context, &master_keyblock);
- krb5_db_free_mkey_list(util_context, master_keylist);
return(1);
}
if (finished)
return 0;
- krb5_db_free_mkey_list(util_context, master_keylist);
retval = krb5_db_fini(util_context);
memset(master_keyblock.contents, 0, master_keyblock.length);
finished = TRUE;
free_keysalts = 1;
/* Find the mkey used to protect the existing keys */
- ret = krb5_dbe_find_mkey(util_context, master_keylist, dbent, &tmp_mkey);
+ ret = krb5_dbe_find_mkey(util_context, dbent, &tmp_mkey);
if (ret) {
com_err(me, ret, _("while finding mkey"));
krb5_db_free_principal(util_context, dbent);
extern char **db5util_db_args;
extern int db5util_db_args_size;
extern krb5_kvno new_mkvno;
-extern krb5_keylist_node *master_keylist;
extern krb5_keyblock new_master_keyblock;
extern int add_db_arg(char *arg);
gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
-extern krb5_keylist_node *master_keylist;
-
char *build_princ_name(char *name, char *realm);
void log_badauth(OM_uint32 major, OM_uint32 minor,
struct sockaddr_in *addr, char *data);
krb5_principal realm_mprinc; /* Master principal for realm */
/*
* Note realm_mkey is mkey read from stash or keyboard and may not be the
- * latest. The mkey_list will have all the mkeys in use.
+ * latest.
*/
krb5_keyblock realm_mkey; /* Master key for this realm */
- krb5_keylist_node * mkey_list; /* list of mkeys in use for this realm */
/*
* TGS per-realm data.
*/
#define max_life_for_realm kdc_active_realm->realm_maxlife
#define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife
#define master_keyblock kdc_active_realm->realm_mkey
-#define master_keylist kdc_active_realm->mkey_list
#define master_princ kdc_active_realm->realm_mprinc
#define tgs_server kdc_active_realm->realm_tgsprinc
#define reject_bad_transit kdc_active_realm->realm_reject_bad_transit
memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
free(rdp->realm_mkey.contents);
}
- if (rdp->mkey_list)
- krb5_dbe_free_key_list(rdp->realm_context, rdp->mkey_list);
krb5_db_fini(rdp->realm_context);
if (rdp->realm_tgsprinc)
krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
}
if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc,
- &rdp->realm_mkey, mkvno, &rdp->mkey_list))) {
+ &rdp->realm_mkey))) {
kdc_err(rdp->realm_context, kret,
_("while fetching master keys list for realm %s"), realm);
goto whoops;
krb5_string_to_keysalts
krb5_match_config_pattern
master_db
-master_keylist
master_princ
osa_free_princ_ent
passwd_check
krb5_principal master_princ;
krb5_keyblock master_keyblock; /* local mkey */
-krb5_keylist_node *master_keylist = NULL;
krb5_actkvno_node *active_mkey_list = NULL;
krb5_db_entry master_db;
goto done;
if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ,
- &master_keyblock, mkvno, &master_keylist))) {
+ &master_keyblock))) {
krb5_db_fini(handle->context);
return (ret);
}
goto done;
}
- ret = krb5_dbe_find_mkey(handle->context, master_keylist, kdb, &mkey);
+ ret = krb5_dbe_find_mkey(handle->context, kdb, &mkey);
if (ret)
goto done;
extern krb5_principal master_princ;
extern krb5_principal hist_princ;
extern krb5_keyblock master_keyblock;
-extern krb5_keylist_node *master_keylist;
extern krb5_actkvno_node *active_mkey_list;
extern krb5_db_entry master_db;
/* initialize the keys */
- ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
- active_mkey_list, &act_kvno, &act_mkey);
+ ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, &act_kvno,
+ &act_mkey);
if (ret)
goto cleanup;
entry->kvno = kdb->key_data[i].key_data_kvno;
if (mask & KADM5_MKVNO) {
- ret = krb5_dbe_get_mkvno(handle->context, kdb, master_keylist,
- &entry->mkvno);
+ ret = krb5_dbe_get_mkvno(handle->context, kdb, &entry->mkvno);
if (ret)
goto done;
}
principal)))
goto done;
- ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
- active_mkey_list, &act_kvno, &act_mkey);
+ ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, &act_kvno,
+ &act_mkey);
if (ret)
goto done;
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
- ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
- active_mkey_list, NULL, &act_mkey);
+ ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL,
+ &act_mkey);
if (ret)
goto done;
keysalt.data.length = 0;
keysalt.data.data = NULL;
- ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
- active_mkey_list, NULL, &act_mkey);
+ ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL,
+ &act_mkey);
if (ret)
goto done;
}
memset (&tmp_key_data, 0, sizeof(tmp_key_data));
- ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
- active_mkey_list, NULL, &act_mkey);
+ ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list, NULL,
+ &act_mkey);
if (ret)
goto done;
/* find_mkey only uses this field */
dbent.tl_data = entry->tl_data;
- if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &dbent,
- &mkey_ptr))) {
- krb5_keylist_node *tmp_mkey_list;
+ if ((ret = krb5_dbe_find_mkey(handle->context, &dbent, &mkey_ptr))) {
/* try refreshing master key list */
/* XXX it would nice if we had the mkvno here for optimization */
if (krb5_db_fetch_mkey_list(handle->context, master_princ,
- &master_keyblock, 0, &tmp_mkey_list) == 0) {
- krb5_dbe_free_key_list(handle->context, master_keylist);
- master_keylist = tmp_mkey_list;
- if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist,
- &dbent, &mkey_ptr))) {
+ &master_keyblock) == 0) {
+ if ((ret = krb5_dbe_find_mkey(handle->context, &dbent,
+ &mkey_ptr))) {
return ret;
}
} else {
MAKE_INIT_FUNCTION(kdb_init_lock_list);
MAKE_FINI_FUNCTION(kdb_fini_lock_list);
+static void
+free_mkey_list(krb5_context context, krb5_keylist_node *mkey_list)
+{
+ krb5_keylist_node *cur, *next;
+
+ for (cur = mkey_list; cur != NULL; cur = next) {
+ next = cur->next;
+ krb5_free_keyblock_contents(context, &cur->keyblock);
+ krb5_xfree(cur);
+ }
+}
+
int
kdb_init_lock_list()
{
kdb_free_lib_handle(krb5_context kcontext)
{
krb5_error_code status = 0;
- krb5_keylist_node *old_keylist = kcontext->dal_handle->master_keylist;
status = kdb_free_library(kcontext->dal_handle->lib_handle);
if (status)
return status;
- /* The dal_handle holds an alias to the most recent mkey_list. */
- if (kcontext->dal_handle->free_keylist) {
- kcontext->dal_handle->master_keylist = NULL; /* Force freeing. */
- krb5_db_free_mkey_list(kcontext, old_keylist);
- }
+
+ free_mkey_list(kcontext, kcontext->dal_handle->master_keylist);
krb5_free_principal(kcontext, kcontext->dal_handle->master_princ);
free(kcontext->dal_handle);
kcontext->dal_handle = NULL;
return v->iterate(kcontext, match_entry, func, func_arg);
}
+/* Return a read only pointer alias to mkey list. Do not free this! */
+krb5_keylist_node *
+krb5_db_mkey_list_alias(krb5_context kcontext)
+{
+ return kcontext->dal_handle->master_keylist;
+}
+
krb5_error_code
krb5_db_fetch_mkey_list(krb5_context context, krb5_principal mname,
- const krb5_keyblock *mkey, krb5_kvno mkvno,
- krb5_keylist_node **mkey_list)
+ const krb5_keyblock *mkey)
{
kdb_vftabl *v;
krb5_error_code status = 0;
status = get_vftabl(context, &v);
if (status)
return status;
+
if (!context->dal_handle->master_princ) {
status = krb5_copy_principal(context, mname,
&context->dal_handle->master_princ);
if (status)
return status;
}
- if (mkey_list == NULL)
- mkey_list = &local_keylist;
- status = v->fetch_master_key_list(context, mname, mkey, mkvno, mkey_list);
+
+ status = v->fetch_master_key_list(context, mname, mkey, &local_keylist);
if (status == 0) {
- /* The dal_handle holds an alias to the most recent master_keylist. */
- krb5_keylist_node *old_keylist = context->dal_handle->master_keylist;
- context->dal_handle->master_keylist = *mkey_list;
- if (context->dal_handle->free_keylist)
- krb5_db_free_mkey_list(context, old_keylist);
- context->dal_handle->free_keylist = (mkey_list == &local_keylist);
+ free_mkey_list(context, context->dal_handle->master_keylist);
+ context->dal_handle->master_keylist = local_keylist;
}
return status;
}
-void
-krb5_db_free_mkey_list(krb5_context context, krb5_keylist_node *mkey_list)
-{
- krb5_keylist_node *cur, *prev;
-
- /*
- * The dal_handle holds onto the most recent master keylist that has been
- * fetched throughout the lifetime of the context; if this function is
- * called on that keylist, then the dal_handle is updated to indicate that
- * the keylist should be freed on next call to krb5_db_fetch_mkey_list() or
- * when the database is closed. Otherwise, the master_keylist is freed.
- * Either way, the caller must not access this master keylist after calling
- * this function.
- */
- if (context && context->dal_handle->master_keylist == mkey_list) {
- context->dal_handle->free_keylist = 1;
- return;
- }
- for (cur = mkey_list; cur != NULL;) {
- prev = cur;
- cur = cur->next;
- krb5_free_keyblock_contents(context, &prev->keyblock);
- krb5_xfree(prev);
- }
-}
-
krb5_error_code
krb5_db_store_master_key(krb5_context kcontext, char *keyfile,
krb5_principal mname, krb5_kvno kvno,
krb5_keyblock * key, char *master_pwd)
{
+ krb5_error_code status = 0;
+ kdb_vftabl *v;
krb5_keylist_node list;
+ status = get_vftabl(kcontext, &v);
+ if (status)
+ return status;
+
+ if (v->store_master_key_list == NULL)
+ return KRB5_KDB_DBTYPE_NOSUP;
+
list.kvno = kvno;
list.keyblock = *key;
list.next = NULL;
- return krb5_db_store_master_key_list(kcontext, keyfile, mname, &list,
- master_pwd);
+
+ return v->store_master_key_list(kcontext, keyfile, mname,
+ &list, master_pwd);
}
krb5_error_code
krb5_db_store_master_key_list(krb5_context kcontext, char *keyfile,
- krb5_principal mname, krb5_keylist_node *keylist,
- char *master_pwd)
+ krb5_principal mname, char *master_pwd)
{
krb5_error_code status = 0;
kdb_vftabl *v;
status = get_vftabl(kcontext, &v);
if (status)
return status;
+
if (v->store_master_key_list == NULL)
- return KRB5_PLUGIN_OP_NOTSUPP;
- return v->store_master_key_list(kcontext, keyfile, mname, keylist,
+ return KRB5_KDB_DBTYPE_NOSUP;
+
+ if (kcontext->dal_handle->master_keylist == NULL)
+ return KRB5_KDB_DBNOTINITED;
+
+ return v->store_master_key_list(kcontext, keyfile, mname,
+ kcontext->dal_handle->master_keylist,
master_pwd);
}
*/
krb5_error_code
-krb5_dbe_find_act_mkey(krb5_context context, krb5_keylist_node *mkey_list,
- krb5_actkvno_node *act_mkey_list, krb5_kvno *act_kvno,
- krb5_keyblock **act_mkey)
+krb5_dbe_find_act_mkey(krb5_context context, krb5_actkvno_node *act_mkey_list,
+ krb5_kvno *act_kvno, krb5_keyblock **act_mkey)
{
krb5_kvno tmp_act_kvno;
krb5_error_code retval;
- krb5_keylist_node *cur_keyblock = mkey_list;
+ krb5_keylist_node *cur_keyblock = context->dal_handle->master_keylist;
krb5_actkvno_node *prev_actkvno, *cur_actkvno;
krb5_timestamp now;
krb5_boolean found = FALSE;
return 0;
}
+ if (!cur_keyblock)
+ return KRB5_KDB_DBNOTINITED;
+
if ((retval = krb5_timeofday(context, &now)))
return (retval);
* free the output key.
*/
krb5_error_code
-krb5_dbe_find_mkey(krb5_context context, krb5_keylist_node *mkey_list,
- krb5_db_entry *entry, krb5_keyblock **mkey)
+krb5_dbe_find_mkey(krb5_context context, krb5_db_entry *entry,
+ krb5_keyblock **mkey)
{
krb5_kvno mkvno;
krb5_error_code retval;
- krb5_keylist_node *cur_keyblock = mkey_list;
+ krb5_keylist_node *cur_keyblock = context->dal_handle->master_keylist;
- retval = krb5_dbe_get_mkvno(context, entry, mkey_list, &mkvno);
+ if (!cur_keyblock)
+ return KRB5_KDB_DBNOTINITED;
+
+ retval = krb5_dbe_get_mkvno(context, entry, &mkvno);
if (retval)
return (retval);
krb5_error_code
krb5_dbe_get_mkvno(krb5_context context, krb5_db_entry *entry,
- krb5_keylist_node *mkey_list, krb5_kvno *mkvno)
+ krb5_kvno *mkvno)
{
krb5_error_code code;
krb5_kvno kvno;
+ krb5_keylist_node *mkey_list = context->dal_handle->master_keylist;
if (mkey_list == NULL)
- return EINVAL;
+ return KRB5_KDB_DBNOTINITED;
/* Output the value from entry tl_data if present. */
code = krb5_dbe_lookup_mkvno(context, entry, &kvno);
{
krb5_error_code status = 0;
kdb_vftabl *v;
- krb5_keylist_node *n = kcontext->dal_handle->master_keylist;
krb5_keyblock *cur_mkey;
status = get_vftabl(kcontext, &v);
if (status)
return status;
- if (mkey || !n)
+ if (mkey || kcontext->dal_handle->master_keylist == NULL)
return v->decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt);
status = decrypt_iterator(kcontext, key_data, dbkey, keysalt);
if (status == 0)
cur_mkey = &kcontext->dal_handle->master_keylist->keyblock;
if (krb5_db_fetch_mkey_list(kcontext,
kcontext->dal_handle->master_princ,
- cur_mkey, -1, NULL) == 0)
+ cur_mkey) == 0)
return decrypt_iterator(kcontext, key_data, dbkey, keysalt);
}
return status;
void *db_context;
db_library lib_handle;
krb5_keylist_node *master_keylist;
- krb5_boolean free_keylist;
krb5_principal master_princ;
};
/* typedef kdb5_dal_handle is in k5-int.h now */
krb5_def_fetch_mkey_list(krb5_context context,
krb5_principal mprinc,
const krb5_keyblock *mkey,
- krb5_kvno mkvno,
krb5_keylist_node **mkeys_list)
{
krb5_error_code retval;
krb5_db_destroy
krb5_db_fetch_mkey
krb5_db_fetch_mkey_list
-krb5_db_free_mkey_list
krb5_db_fini
krb5_db_free_principal
krb5_db_get_age
krb5_db_get_principal
krb5_db_iterate
krb5_db_lock
+krb5_db_mkey_list_alias
krb5_db_put_principal
krb5_db_refresh_config
krb5_db_set_context
krb5_error_code retval;
krb5_data pwd, scratch;
char *args[2];
- krb5_keylist_node *mkeys;
krb5_db_entry *master_entry;
/* assemble & parse the master key name */
free(args[0]);
if ((retval = krb5_db_fetch_mkey_list(test_context, master_princ,
- &master_keyblock, IGNORE_VNO,
- &mkeys))){
+ &master_keyblock))){
com_err(pname, retval, "while verifying master key");
(void) krb5_db_fini(test_context);
return(1);
}
- krb5_db_free_mkey_list(test_context, mkeys);
if ((retval = krb5_db_get_principal(test_context, master_princ, 0,
&master_entry))) {
com_err(pname, retval, "while retrieving master entry");
krb5_error_code retval;
krb5_data pwd, scratch;
char *args[2];
- krb5_keylist_node *mkeys;
krb5_db_entry *master_entry;
/* assemble & parse the master key name */
return(1);
}
if ((retval = krb5_db_fetch_mkey_list(context, master_princ,
- &master_keyblock, IGNORE_VNO,
- &mkeys))) {
+ &master_keyblock))) {
com_err(pname, retval, "while verifying master key");
(void) krb5_db_fini(context);
return(1);
}
- krb5_db_free_mkey_list(context, mkeys);
if ((retval = krb5_db_get_principal(context, master_princ, 0,
&master_entry))) {
com_err(pname, retval, "while retrieving master entry");
projects / krb5.git / commitdiff