krb5 commit: Make salt defaulting work for keysalts
Tom Yu
tlyu at MIT.EDU
Mon Jan 6 17:48:03 EST 2014
https://github.com/krb5/krb5/commit/cc26d29b8087e31d0ea1aca6bde45f8935e8b744
commit cc26d29b8087e31d0ea1aca6bde45f8935e8b744
Author: Tom Yu <tlyu at mit.edu>
Date: Mon Jan 6 17:17:02 2014 -0500
Make salt defaulting work for keysalts
Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character. Change most of its callers to pass NULL so they
get the default separators.
Adapted from a patch proposed by Jon Looney.
ticket: 884
src/kadmin/cli/kadmin.c | 8 ++++----
src/kadmin/cli/keytab.c | 2 +-
src/kadmin/dbutil/kdb5_util.c | 2 +-
src/lib/kadm5/alt_prof.c | 4 ++--
src/lib/kadm5/srv/svr_policy.c | 2 +-
src/lib/kadm5/srv/svr_principal.c | 4 ++--
src/lib/kadm5/str_conv.c | 2 +-
7 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index f5ca8ad..733e784 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -337,7 +337,7 @@ kadmin_startup(int argc, char *argv[])
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
break;
case 'e':
- retval = krb5_string_to_keysalts(optarg, ", \t", ":.-", 0,
+ retval = krb5_string_to_keysalts(optarg, NULL, NULL, 0,
¶ms.keysalts,
¶ms.num_keysalts);
if (retval) {
@@ -788,7 +788,7 @@ kadmin_cpw(int argc, char *argv[])
cpw_usage(_("change_password: missing keysaltlist arg"));
goto cleanup;
}
- retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+ retval = krb5_string_to_keysalts(*++argv, NULL, NULL, 0,
&ks_tuple, &n_ks_tuple);
if (retval) {
com_err("change_password", retval,
@@ -1068,7 +1068,7 @@ kadmin_parse_princ_args(int argc, char *argv[], kadm5_principal_ent_t oprinc,
if (!strcmp("-e", argv[i])) {
if (++i > argc - 2)
return -1;
- retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
+ retval = krb5_string_to_keysalts(argv[i], NULL, NULL, 0,
ks_tuple, n_ks_tuple);
if (retval) {
com_err(caller, retval, _("while parsing keysalts %s"),
@@ -1616,7 +1616,7 @@ kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
if (++i > argc - 2)
return -1;
if (strcmp(argv[i], "-")) {
- retval = krb5_string_to_keysalts(argv[i], ",", ":.-", 0,
+ retval = krb5_string_to_keysalts(argv[i], ",", NULL, 0,
&ks_tuple, &n_ks_tuple);
if (retval) {
com_err(caller, retval, _("while parsing keysalts %s"),
diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index 6d7288f..cd52da5 100644
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -158,7 +158,7 @@ kadmin_keytab_add(int argc, char **argv)
add_usage();
return;
}
- retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+ retval = krb5_string_to_keysalts(*++argv, NULL, NULL, 0,
&ks_tuple, &n_ks_tuple);
if (retval) {
com_err("ktadd", retval, _("while parsing keysalts %s"),
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index f12c685..b781647 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -586,7 +586,7 @@ add_random_key(argc, argv)
return;
}
ret = krb5_string_to_keysalts(ks_str,
- ", \t", ":.-", 0,
+ NULL, NULL, 0,
&keysalts,
&num_keysalts);
if (ret) {
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index bd1b8c8..09be1ef 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -727,8 +727,8 @@ krb5_error_code kadm5_get_config_params(krb5_context context,
params.keysalts = NULL;
params.num_keysalts = 0;
krb5_string_to_keysalts(svalue,
- ", \t", /* Tuple separators */
- ":.-", /* Key/salt separators */
+ NULL, /* Tuple separators */
+ NULL, /* Key/salt separators */
0, /* No duplicates */
¶ms.keysalts,
¶ms.num_keysalts);
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 1f794e4..dfb3183 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -27,7 +27,7 @@ validate_allowed_keysalts(const char *allowed_keysalts)
if (strchr(allowed_keysalts, '\t') != NULL)
return KADM5_BAD_KEYSALTS;
- ret = krb5_string_to_keysalts(allowed_keysalts, ",", ":.-", 0,
+ ret = krb5_string_to_keysalts(allowed_keysalts, ",", NULL, 0,
&ks_tuple, &n_ks_tuple);
free(ks_tuple);
if (ret == EINVAL)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 7681636..bc66d5c 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -256,8 +256,8 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
}
ret = krb5_string_to_keysalts(polent.allowed_keysalts,
- ", ", /* Tuple separators */
- ":.-", /* Key/salt separators */
+ ",", /* Tuple separators */
+ NULL, /* Key/salt separators */
0, /* No duplicates */
&ak_ks_tuple,
&ak_n_ks_tuple);
diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 00d61f5..83d081e 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -57,7 +57,7 @@ struct flags_lookup_entry {
*/
static const char default_tupleseps[] = ", \t";
-static const char default_ksaltseps[] = ":.";
+static const char default_ksaltseps[] = ":";
/* Keytype strings */
/* Flags strings */
More information about the cvs-krb5
mailing list