svn rev #21811: branches/mkey_migrate/src/ kadmin/dbutil/ plugins/kdb/ldap/libkdb_ldap/
wfiveash@MIT.EDU
wfiveash at MIT.EDU
Tue Jan 27 18:31:21 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21811
Commit By: wfiveash
Log Message:
Modified the ldap plugin so the mkvno slot in the krbprincipalkey
attribute is used.
Changed Files:
U branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
U branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
U branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
U branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
U branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c 2009-01-27 23:14:35 UTC (rev 21810)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c 2009-01-27 23:31:19 UTC (rev 21811)
@@ -185,7 +185,7 @@
switch(optchar) {
case 'e':
if (krb5_string_to_enctype(optarg, &new_master_enctype)) {
- com_err(progname, EINVAL, ": %s is an invalid enctype", optarg);
+ com_err(progname, EINVAL, "%s is an invalid enctype", optarg);
exit_status++;
return;
}
@@ -338,7 +338,7 @@
use_kvno = atoi(argv[1]);
if (use_kvno == 0) {
- com_err(progname, EINVAL, ": 0 is an invalid KVNO value.");
+ com_err(progname, EINVAL, "0 is an invalid KVNO value");
exit_status++;
return;
} else {
@@ -351,14 +351,14 @@
}
}
if (!found) {
- com_err(progname, EINVAL, ": %d is an invalid KVNO value.", use_kvno);
+ com_err(progname, EINVAL, "%d is an invalid KVNO value", use_kvno);
exit_status++;
return;
}
}
if ((retval = krb5_timeofday(util_context, &now))) {
- com_err(progname, retval, "while getting current time.");
+ com_err(progname, retval, "while getting current time");
exit_status++;
return;
}
@@ -466,7 +466,7 @@
if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry,
new_actkvno_list_head))) {
- com_err(progname, retval, "while updating actkvno data for master principal entry.");
+ com_err(progname, retval, "while updating actkvno data for master principal entry");
exit_status++;
return;
}
Modified: branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
===================================================================
--- branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c 2009-01-27 23:14:35 UTC (rev 21810)
+++ branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c 2009-01-27 23:31:19 UTC (rev 21811)
@@ -148,7 +148,7 @@
return(0);
}
-
+#if 0 /************** Begin IFDEF'ed OUT *******************************/
krb5_error_code
krb5_dbe_lookup_mkvno(krb5_context context,
krb5_db_entry *entry,
@@ -192,6 +192,7 @@
return (krb5_dbe_update_tl_data(context, entry, &tl_data));
}
+#endif /**************** END IFDEF'ed OUT *******************************/
/* it seems odd that there's no function to remove a tl_data, but if
I need one, I'll add one */
Modified: branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
===================================================================
--- branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-01-27 23:14:35 UTC (rev 21810)
+++ branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-01-27 23:31:19 UTC (rev 21811)
@@ -2059,9 +2059,16 @@
/* KRBSECRETKEY */
if ((bvalues=ldap_get_values_len(ld, ent, "krbprincipalkey")) != NULL) {
+ krb5_kvno mkvno = 0;
+
mask |= KDB_SECRET_KEY_ATTR;
- if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data)) != 0)
+ if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
goto cleanup;
+ if (mkvno != 0) {
+ /* don't add the tl data if mkvno == 0 */
+ if ((st=krb5_dbe_update_mkvno(context, entry, mkvno)) != 0)
+ goto cleanup;
+ }
}
/* LAST PASSWORD CHANGE */
Modified: branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
===================================================================
--- branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h 2009-01-27 23:14:35 UTC (rev 21810)
+++ branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h 2009-01-27 23:31:19 UTC (rev 21811)
@@ -112,7 +112,7 @@
krb5_error_code
krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
- krb5_tl_data *);
+ krb5_tl_data *, krb5_kvno *);
krb5_error_code
berval2tl_data(struct berval *in, krb5_tl_data **out);
Modified: branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
===================================================================
--- branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2009-01-27 23:14:35 UTC (rev 21810)
+++ branches/mkey_migrate/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2009-01-27 23:31:19 UTC (rev 21811)
@@ -371,7 +371,7 @@
/* Decoding ASN.1 encoded key */
static struct berval **
-krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data) {
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvno) {
struct berval **ret = NULL;
int currkvno;
int num_versions = 1;
@@ -396,7 +396,7 @@
if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
asn1_encode_sequence_of_keys (key_data+last,
(krb5_int16) i - last + 1,
- 0, /* For now, mkvno == 0*/
+ mkvno,
&code);
ret[j] = malloc (sizeof (struct berval));
if (ret[j] == NULL) {
@@ -927,8 +927,12 @@
}
if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
+ krb5_kvno mkvno;
+
+ if ((st=krb5_dbe_lookup_mkvno(context, entries, &mkvno)) != 0)
+ goto cleanup;
bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
- entries->n_key_data);
+ entries->n_key_data, mkvno);
if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
@@ -1220,11 +1224,12 @@
}
krb5_error_code
-krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
+krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
krb5_context context;
krb5_db_entry *entries;
struct berval **bvalues;
krb5_tl_data *userinfo_tl_data;
+ krb5_kvno *mkvno;
{
char *user=NULL;
int i=0, j=0, noofkeys=0;
@@ -1235,7 +1240,6 @@
goto cleanup;
for (i=0; bvalues[i] != NULL; ++i) {
- int mkvno; /* Not used currently */
krb5_int16 n_kd;
krb5_key_data *kd;
krb5_data in;
@@ -1248,7 +1252,7 @@
st = asn1_decode_sequence_of_keys (&in,
&kd,
&n_kd,
- &mkvno);
+ mkvno);
if (st != 0) {
const char *msg = error_message(st);
More information about the cvs-krb5
mailing list