svn rev #21755: branches/mkey_migrate/src/lib/kdb/
wfiveash@MIT.EDU
wfiveash at MIT.EDU
Fri Jan 16 16:28:39 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21755
Commit By: wfiveash
Log Message:
Fixed several bugs discovered during initial debugging of KDB
creation.
Changed Files:
U branches/mkey_migrate/src/lib/kdb/kdb5.c
U branches/mkey_migrate/src/lib/kdb/kdb_default.c
Modified: branches/mkey_migrate/src/lib/kdb/kdb5.c
===================================================================
--- branches/mkey_migrate/src/lib/kdb/kdb5.c 2009-01-16 00:33:00 UTC (rev 21754)
+++ branches/mkey_migrate/src/lib/kdb/kdb5.c 2009-01-16 21:28:38 UTC (rev 21755)
@@ -2484,9 +2484,9 @@
* If version of the KRB5_TL_ACTKVNO data is KRB5_TL_ACTKVNO_VER_1 then size of
* a actkvno tuple {act_kvno, act_time} entry is:
*/
-#define ACTKVNO_TUPLE_SIZE sizeof(krb5_int16) + sizeof(krb5_int32)
+#define ACTKVNO_TUPLE_SIZE (sizeof(krb5_int16) + sizeof(krb5_int32))
#define act_kvno(cp) (cp) /* return pointer to start of act_kvno data */
-#define act_time(cp) (cp) + sizeof(krb5_int16) /* return pointer to start of act_time data */
+#define act_time(cp) ((cp) + sizeof(krb5_int16)) /* return pointer to start of act_time data */
krb5_error_code
krb5_dbe_lookup_actkvno(krb5_context context,
@@ -2495,11 +2495,12 @@
{
krb5_tl_data tl_data;
krb5_error_code code;
- krb5_int16 version;
+ krb5_int16 version, tmp_kvno;
krb5_actkvno_node *head_data = NULL, *new_data = NULL, *prev_data = NULL;
unsigned int num_actkvno, i;
krb5_octet *next_tuple;
+ memset(&tl_data, 0, sizeof(tl_data));
tl_data.tl_data_type = KRB5_TL_ACTKVNO;
if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
@@ -2526,10 +2527,11 @@
krb5_free_actkvno_list(context, head_data);
return (ENOMEM);
}
- krb5_kdb_decode_int16(act_kvno(next_tuple), new_data->act_kvno);
+ /* using tmp_kvno to avoid type mismatch */
+ krb5_kdb_decode_int16(act_kvno(next_tuple), tmp_kvno);
+ new_data->act_kvno = (krb5_kvno) tmp_kvno;
krb5_kdb_decode_int32(act_time(next_tuple), new_data->act_time);
- /* XXX WAF: may be able to deal with list pointers in a better
- * way, see add_mkey() */
+
new_data->next = NULL;
if (prev_data != NULL)
prev_data->next = new_data;
@@ -2558,15 +2560,16 @@
const krb5_actkvno_node *actkvno_list)
{
krb5_error_code retval = 0;
- krb5_int16 version;
+ krb5_int16 version, tmp_kvno;
krb5_tl_data new_tl_data;
- krb5_octet *nextloc;
+ unsigned char *nextloc;
const krb5_actkvno_node *cur_actkvno;
if (actkvno_list == NULL) {
return (EINVAL);
}
+ memset(&new_tl_data, 0, sizeof(new_tl_data));
/* allocate initial KRB5_TL_ACTKVNO tl_data entry */
new_tl_data.tl_data_length = sizeof(version);
new_tl_data.tl_data_contents = (krb5_octet *) malloc(new_tl_data.tl_data_length);
@@ -2574,9 +2577,11 @@
return (ENOMEM);
/* add the current version # for the data format used for KRB5_TL_ACTKVNO */
- krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_ACTKVNO_VER_1, (unsigned char *)new_tl_data.tl_data_contents);
+ krb5_kdb_encode_int16((krb5_ui_2)KRB5_TL_ACTKVNO_VER_1,
+ (unsigned char *)new_tl_data.tl_data_contents);
- for (cur_actkvno = actkvno_list; cur_actkvno != NULL; cur_actkvno = cur_actkvno->next) {
+ for (cur_actkvno = actkvno_list; cur_actkvno != NULL;
+ cur_actkvno = cur_actkvno->next) {
new_tl_data.tl_data_length += ACTKVNO_TUPLE_SIZE;
new_tl_data.tl_data_contents = (krb5_octet *) realloc(new_tl_data.tl_data_contents,
new_tl_data.tl_data_length);
@@ -2588,9 +2593,11 @@
* next location to store new tuple.
*/
nextloc = new_tl_data.tl_data_contents + new_tl_data.tl_data_length - ACTKVNO_TUPLE_SIZE;
- krb5_kdb_encode_int16((krb5_ui_2)cur_actkvno->act_kvno, (unsigned char *)nextloc);
+ /* using tmp_kvno to avoid type mismatch issues */
+ tmp_kvno = (krb5_int16) cur_actkvno->act_kvno;
+ krb5_kdb_encode_int16(tmp_kvno, nextloc);
nextloc += sizeof(krb5_ui_2);
- krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, (unsigned char *)nextloc);
+ krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, nextloc);
}
new_tl_data.tl_data_type = KRB5_TL_ACTKVNO;
Modified: branches/mkey_migrate/src/lib/kdb/kdb_default.c
===================================================================
--- branches/mkey_migrate/src/lib/kdb/kdb_default.c 2009-01-16 00:33:00 UTC (rev 21754)
+++ branches/mkey_migrate/src/lib/kdb/kdb_default.c 2009-01-16 21:28:38 UTC (rev 21755)
@@ -493,8 +493,9 @@
krb5_db_entry master_entry;
int nprinc;
krb5_boolean more, found_key = FALSE;
- krb5_keyblock tmp_mkey, tmp_clearkey;
- krb5_keylist_node *mkey_list_head, **mkey_list_node;
+ krb5_keyblock tmp_clearkey;
+ const krb5_keyblock *current_mkey;
+ krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node;
krb5_key_data *key_data;
krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry;
int i;
@@ -502,7 +503,6 @@
if (mkeys_list == NULL)
return (EINVAL);
- memset(&tmp_mkey, 0, sizeof(tmp_mkey));
memset(&tmp_clearkey, 0, sizeof(tmp_clearkey));
nprinc = 1;
@@ -523,7 +523,7 @@
* Check if the input mkey is the latest key and if it isn't then find the
* latest mkey.
*/
- if ((retval = krb5_dbekd_decrypt_key_data(context, &tmp_mkey,
+ if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
&master_entry.key_data[0],
&tmp_clearkey, NULL)) != 0) {
/*
@@ -538,7 +538,7 @@
aux_data_entry = aux_data_entry->next) {
if (aux_data_entry->mkey_kvno == mkvno) {
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
+ if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
&tmp_clearkey, NULL) == 0) {
found_key = TRUE;
break;
@@ -550,11 +550,10 @@
for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
aux_data_entry = aux_data_entry->next) {
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
+ if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
&tmp_clearkey, NULL) == 0) {
found_key = TRUE;
- /* XXX WAF: should I issue warning about kvno not matching?
- */
+ /* XXX WAF: should I issue warning about kvno not matching? */
break;
}
}
@@ -565,6 +564,9 @@
goto clean_n_exit;
}
}
+ current_mkey = &tmp_clearkey;
+ } else {
+ current_mkey = mkey;
}
/*
@@ -581,7 +583,10 @@
memset(mkey_list_head, 0, sizeof(krb5_keylist_node));
mkey_list_node = &mkey_list_head;
- for (i=0; i < master_entry.n_key_data; i++) {
+ /* XXX WAF: optimize by setting the first mkey_list_node to current mkey and
+ * if there are any others then do for loop below. */
+
+ for (i = 0; i < master_entry.n_key_data; i++) {
if (*mkey_list_node == NULL) {
/* *mkey_list_node points to next field of previous node */
*mkey_list_node = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node));
@@ -592,12 +597,13 @@
memset(*mkey_list_node, 0, sizeof(krb5_keylist_node));
}
key_data = &master_entry.key_data[i];
- retval = krb5_dbekd_decrypt_key_data(context, mkey,
+ retval = krb5_dbekd_decrypt_key_data(context, current_mkey,
key_data, &((*mkey_list_node)->keyblock),
NULL);
if (retval)
goto clean_n_exit;
+ (*mkey_list_node)->kvno = key_data->key_data_kvno;
mkey_list_node = &((*mkey_list_node)->next);
}
@@ -605,11 +611,6 @@
clean_n_exit:
- if (tmp_mkey.contents) {
- memset(tmp_mkey.contents, 0, tmp_mkey.length);
- krb5_db_free(context, tmp_mkey.contents);
- }
-
if (tmp_clearkey.contents) {
memset(tmp_clearkey.contents, 0, tmp_clearkey.length);
krb5_db_free(context, tmp_clearkey.contents);
More information about the cvs-krb5
mailing list