summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc/hprop.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc/hprop.c')
-rw-r--r--crypto/heimdal/kdc/hprop.c419
1 files changed, 179 insertions, 240 deletions
diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c
index 3bc066f..e5b7fd1 100644
--- a/crypto/heimdal/kdc/hprop.c
+++ b/crypto/heimdal/kdc/hprop.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "hprop.h"
-RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $");
+RCSID("$Id: hprop.c 21745 2007-07-31 16:11:25Z lha $");
static int version_flag;
static int help_flag;
@@ -93,28 +93,28 @@ open_socket(krb5_context context, const char *hostname, const char *port)
}
krb5_error_code
-v5_prop(krb5_context context, HDB *db, hdb_entry *entry, void *appdata)
+v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata)
{
krb5_error_code ret;
struct prop_data *pd = appdata;
krb5_data data;
if(encrypt_flag) {
- ret = hdb_seal_keys_mkey(context, entry, mkey5);
+ ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5);
if (ret) {
krb5_warn(context, ret, "hdb_seal_keys_mkey");
return ret;
}
}
if(decrypt_flag) {
- ret = hdb_unseal_keys_mkey(context, entry, mkey5);
+ ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5);
if (ret) {
krb5_warn(context, ret, "hdb_unseal_keys_mkey");
return ret;
}
}
- ret = hdb_entry2value(context, entry, &data);
+ ret = hdb_entry2value(context, &entry->entry, &data);
if(ret) {
krb5_warn(context, ret, "hdb_entry2value");
return ret;
@@ -129,88 +129,17 @@ v5_prop(krb5_context context, HDB *db, hdb_entry *entry, void *appdata)
return ret;
}
-#ifdef KRB4
-
-static char realm_buf[REALM_SZ];
-
-static int
-kdb_prop(void *arg, Principal *p)
-{
- int ret;
- struct v4_principal pr;
-
- memset(&pr, 0, sizeof(pr));
-
- if(p->attributes != 0) {
- warnx("%s.%s has non-zero attributes - skipping",
- p->name, p->instance);
- return 0;
- }
- strlcpy(pr.name, p->name, sizeof(pr.name));
- strlcpy(pr.instance, p->instance, sizeof(pr.instance));
-
- copy_to_key(&p->key_low, &p->key_high, pr.key);
- pr.exp_date = p->exp_date;
- pr.mod_date = p->mod_date;
- strlcpy(pr.mod_name, p->mod_name, sizeof(pr.mod_name));
- strlcpy(pr.mod_instance, p->mod_instance, sizeof(pr.mod_instance));
- pr.max_life = p->max_life;
- pr.mkvno = p->kdc_key_ver;
- pr.kvno = p->key_version;
-
- ret = v4_prop(arg, &pr);
- memset(&pr, 0, sizeof(pr));
- return ret;
-}
-
-#endif /* KRB4 */
-
-#ifndef KRB4
-static time_t
-krb_life_to_time(time_t start, int life)
-{
- static int lifetimes[] = {
- 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318,
- 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684,
- 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720,
- 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116,
- 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904,
- 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303,
- 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
- 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
- };
-
-#if 0
- int i;
- double q = exp((log(2592000.0) - log(38400.0)) / 63);
- double x = 38400;
- for(i = 0; i < 64; i++) {
- lifetimes[i] = (int)x;
- x *= q;
- }
-#endif
-
- if(life == 0xff)
- return NEVERDATE;
- if(life < 0x80)
- return start + life * 5 * 60;
- if(life > 0xbf)
- life = 0xbf;
- return start + lifetimes[life - 0x80];
-}
-#endif /* !KRB4 */
-
int
v4_prop(void *arg, struct v4_principal *p)
{
struct prop_data *pd = arg;
- hdb_entry ent;
+ hdb_entry_ex ent;
krb5_error_code ret;
memset(&ent, 0, sizeof(ent));
ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
- &ent.principal);
+ &ent.entry.principal);
if(ret) {
krb5_warn(pd->context, ret,
"krb5_425_conv_principal %s.%s@%s",
@@ -220,49 +149,55 @@ v4_prop(void *arg, struct v4_principal *p)
if(verbose_flag) {
char *s;
- krb5_unparse_name_short(pd->context, ent.principal, &s);
+ krb5_unparse_name_short(pd->context, ent.entry.principal, &s);
krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
free(s);
}
- ent.kvno = p->kvno;
- ent.keys.len = 3;
- ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val));
+ ent.entry.kvno = p->kvno;
+ ent.entry.keys.len = 3;
+ ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val));
+ if (ent.entry.keys.val == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
if(p->mkvno != -1) {
- ent.keys.val[0].mkvno = malloc (sizeof(*ent.keys.val[0].mkvno));
- *(ent.keys.val[0].mkvno) = p->mkvno;
+ ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno));
+ if (ent.entry.keys.val[0].mkvno == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
+ *(ent.entry.keys.val[0].mkvno) = p->mkvno;
} else
- ent.keys.val[0].mkvno = NULL;
- ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt));
- ent.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
- ent.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
- krb5_data_alloc(&ent.keys.val[0].key.keyvalue, sizeof(des_cblock));
- memcpy(ent.keys.val[0].key.keyvalue.data, p->key, 8);
-
- copy_Key(&ent.keys.val[0], &ent.keys.val[1]);
- ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
- copy_Key(&ent.keys.val[0], &ent.keys.val[2]);
- ent.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
+ ent.entry.keys.val[0].mkvno = NULL;
+ ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt));
+ if (ent.entry.keys.val[0].salt == NULL)
+ krb5_errx(pd->context, ENOMEM, "calloc");
+ ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
+ ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
+ krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ);
+ memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8);
+
+ copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]);
+ ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
+ copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]);
+ ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
{
- int life = krb_life_to_time(0, p->max_life);
+ int life = _krb5_krb_life_to_time(0, p->max_life);
if(life == NEVERDATE){
- ent.max_life = NULL;
+ ent.entry.max_life = NULL;
} else {
/* clean up lifetime a bit */
if(life > 86400)
life = (life + 86399) / 86400 * 86400;
else if(life > 3600)
life = (life + 3599) / 3600 * 3600;
- ALLOC(ent.max_life);
- *ent.max_life = life;
+ ALLOC(ent.entry.max_life);
+ *ent.entry.max_life = life;
}
}
- ALLOC(ent.valid_end);
- *ent.valid_end = p->exp_date;
+ ALLOC(ent.entry.valid_end);
+ *ent.entry.valid_end = p->exp_date;
- ret = krb5_make_principal(pd->context, &ent.created_by.principal,
+ ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal,
v4_realm,
"kadmin",
"hprop",
@@ -272,44 +207,44 @@ v4_prop(void *arg, struct v4_principal *p)
ret = 0;
goto out;
}
- ent.created_by.time = time(NULL);
- ALLOC(ent.modified_by);
+ ent.entry.created_by.time = time(NULL);
+ ALLOC(ent.entry.modified_by);
ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance,
- v4_realm, &ent.modified_by->principal);
+ v4_realm, &ent.entry.modified_by->principal);
if(ret){
krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
- ent.modified_by->principal = NULL;
+ ent.entry.modified_by->principal = NULL;
ret = 0;
goto out;
}
- ent.modified_by->time = p->mod_date;
-
- ent.flags.forwardable = 1;
- ent.flags.renewable = 1;
- ent.flags.proxiable = 1;
- ent.flags.postdate = 1;
- ent.flags.client = 1;
- ent.flags.server = 1;
+ ent.entry.modified_by->time = p->mod_date;
+
+ ent.entry.flags.forwardable = 1;
+ ent.entry.flags.renewable = 1;
+ ent.entry.flags.proxiable = 1;
+ ent.entry.flags.postdate = 1;
+ ent.entry.flags.client = 1;
+ ent.entry.flags.server = 1;
/* special case password changing service */
if(strcmp(p->name, "changepw") == 0 &&
strcmp(p->instance, "kerberos") == 0) {
- ent.flags.forwardable = 0;
- ent.flags.renewable = 0;
- ent.flags.proxiable = 0;
- ent.flags.postdate = 0;
- ent.flags.initial = 1;
- ent.flags.change_pw = 1;
+ ent.entry.flags.forwardable = 0;
+ ent.entry.flags.renewable = 0;
+ ent.entry.flags.proxiable = 0;
+ ent.entry.flags.postdate = 0;
+ ent.entry.flags.initial = 1;
+ ent.entry.flags.change_pw = 1;
}
ret = v5_prop(pd->context, NULL, &ent, pd);
if (strcmp (p->name, "krbtgt") == 0
&& strcmp (v4_realm, p->instance) != 0) {
- krb5_free_principal (pd->context, ent.principal);
+ krb5_free_principal (pd->context, ent.entry.principal);
ret = krb5_425_conv_principal (pd->context, p->name,
v4_realm, p->instance,
- &ent.principal);
+ &ent.entry.principal);
if (ret == 0)
ret = v5_prop (pd->context, NULL, &ent, pd);
}
@@ -345,87 +280,96 @@ ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
{
int32_t flags = ntohl(ent->flags);
krb5_error_code ret;
- hdb_entry hdb;
+ hdb_entry_ex hdb;
if(!kaspecials_flag
&& (flags & KAFNORMAL) == 0) /* remove special entries */
return 0;
memset(&hdb, 0, sizeof(hdb));
ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance,
- v4_realm, &hdb.principal);
+ v4_realm, &hdb.entry.principal);
if(ret) {
krb5_warn(pd->context, ret,
"krb5_425_conv_principal (%s.%s@%s)",
ent->name, ent->instance, v4_realm);
return 0;
}
- hdb.kvno = ntohl(ent->kvno);
- hdb.keys.len = 3;
- hdb.keys.val = malloc(hdb.keys.len * sizeof(*hdb.keys.val));
- hdb.keys.val[0].mkvno = NULL;
- hdb.keys.val[0].salt = calloc(1, sizeof(*hdb.keys.val[0].salt));
+ hdb.entry.kvno = ntohl(ent->kvno);
+ hdb.entry.keys.len = 3;
+ hdb.entry.keys.val =
+ malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val));
+ if (hdb.entry.keys.val == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
+ hdb.entry.keys.val[0].mkvno = NULL;
+ hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt));
+ if (hdb.entry.keys.val[0].salt == NULL)
+ krb5_errx(pd->context, ENOMEM, "calloc");
if (ka_use_null_salt) {
- hdb.keys.val[0].salt->type = hdb_pw_salt;
- hdb.keys.val[0].salt->salt.data = NULL;
- hdb.keys.val[0].salt->salt.length = 0;
+ hdb.entry.keys.val[0].salt->type = hdb_pw_salt;
+ hdb.entry.keys.val[0].salt->salt.data = NULL;
+ hdb.entry.keys.val[0].salt->salt.length = 0;
} else {
- hdb.keys.val[0].salt->type = hdb_afs3_salt;
- hdb.keys.val[0].salt->salt.data = strdup(afs_cell);
- hdb.keys.val[0].salt->salt.length = strlen(afs_cell);
+ hdb.entry.keys.val[0].salt->type = hdb_afs3_salt;
+ hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell);
+ if (hdb.entry.keys.val[0].salt->salt.data == NULL)
+ krb5_errx(pd->context, ENOMEM, "strdup");
+ hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell);
}
- hdb.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
- krb5_data_copy(&hdb.keys.val[0].key.keyvalue, ent->key, sizeof(ent->key));
- copy_Key(&hdb.keys.val[0], &hdb.keys.val[1]);
- hdb.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
- copy_Key(&hdb.keys.val[0], &hdb.keys.val[2]);
- hdb.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
-
- ALLOC(hdb.max_life);
- *hdb.max_life = ntohl(ent->max_life);
-
- if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != -1){
- ALLOC(hdb.valid_end);
- *hdb.valid_end = ntohl(ent->valid_end);
+ hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
+ krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue,
+ ent->key,
+ sizeof(ent->key));
+ copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]);
+ hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
+ copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]);
+ hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
+
+ ALLOC(hdb.entry.max_life);
+ *hdb.entry.max_life = ntohl(ent->max_life);
+
+ if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) {
+ ALLOC(hdb.entry.valid_end);
+ *hdb.entry.valid_end = ntohl(ent->valid_end);
}
if (ntohl(ent->pw_change) != NEVERDATE &&
ent->pw_expire != 255 &&
ent->pw_expire != 0) {
- ALLOC(hdb.pw_end);
- *hdb.pw_end = ntohl(ent->pw_change)
+ ALLOC(hdb.entry.pw_end);
+ *hdb.entry.pw_end = ntohl(ent->pw_change)
+ 24 * 60 * 60 * ent->pw_expire;
}
- ret = krb5_make_principal(pd->context, &hdb.created_by.principal,
+ ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal,
v4_realm,
"kadmin",
"hprop",
NULL);
- hdb.created_by.time = time(NULL);
+ hdb.entry.created_by.time = time(NULL);
if(ent->mod_ptr){
struct ka_entry mod;
- ALLOC(hdb.modified_by);
+ ALLOC(hdb.entry.modified_by);
read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm,
- &hdb.modified_by->principal);
- hdb.modified_by->time = ntohl(ent->mod_time);
+ &hdb.entry.modified_by->principal);
+ hdb.entry.modified_by->time = ntohl(ent->mod_time);
memset(&mod, 0, sizeof(mod));
}
- hdb.flags.forwardable = 1;
- hdb.flags.renewable = 1;
- hdb.flags.proxiable = 1;
- hdb.flags.postdate = 1;
+ hdb.entry.flags.forwardable = 1;
+ hdb.entry.flags.renewable = 1;
+ hdb.entry.flags.proxiable = 1;
+ hdb.entry.flags.postdate = 1;
/* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
if (strcmp(ent->name, "krbtgt") == 0 &&
(flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
flags &= ~(KAFNOTGS|KAFNOSEAL);
- hdb.flags.client = (flags & KAFNOTGS) == 0;
- hdb.flags.server = (flags & KAFNOSEAL) == 0;
+ hdb.entry.flags.client = (flags & KAFNOTGS) == 0;
+ hdb.entry.flags.server = (flags & KAFNOSEAL) == 0;
ret = v5_prop(pd->context, NULL, &hdb, pd);
hdb_free_entry(pd->context, &hdb);
@@ -469,9 +413,6 @@ struct getargs args[] = {
"heimdal"
"|mit-dump"
"|krb4-dump"
-#ifdef KRB4
- "|krb4-db"
-#endif
"|kaserver"
},
@@ -503,7 +444,7 @@ get_creds(krb5_context context, krb5_ccache *cache)
krb5_keytab keytab;
krb5_principal client;
krb5_error_code ret;
- krb5_get_init_creds_opt init_opts;
+ krb5_get_init_creds_opt *init_opts;
krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
krb5_creds creds;
@@ -517,11 +458,14 @@ get_creds(krb5_context context, krb5_ccache *cache)
"kadmin", HPROP_NAME, NULL);
if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
- krb5_get_init_creds_opt_init(&init_opts);
- krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1);
+ ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
+ if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+ krb5_get_init_creds_opt_set_preauth_list(init_opts, &preauth, 1);
- ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, &init_opts);
+ ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, init_opts);
if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
+
+ krb5_get_init_creds_opt_free(context, init_opts);
ret = krb5_kt_close(context, keytab);
if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
@@ -537,18 +481,17 @@ get_creds(krb5_context context, krb5_ccache *cache)
ret = krb5_cc_store_cred(context, *cache, &creds);
if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
- krb5_free_creds_contents(context, &creds);
+ krb5_free_cred_contents(context, &creds);
}
enum hprop_source {
HPROP_HEIMDAL = 1,
- HPROP_KRB4_DB,
HPROP_KRB4_DUMP,
HPROP_KASERVER,
HPROP_MIT_DUMP
};
-#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DB || (X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
+#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
struct {
int type;
@@ -556,9 +499,6 @@ struct {
} types[] = {
{ HPROP_HEIMDAL, "heimdal" },
{ HPROP_KRB4_DUMP, "krb4-dump" },
-#ifdef KRB4
- { HPROP_KRB4_DB, "krb4-db" },
-#endif
{ HPROP_KASERVER, "kaserver" },
{ HPROP_MIT_DUMP, "mit-dump" }
};
@@ -574,9 +514,9 @@ parse_source_type(const char *s)
return 0;
}
-static void
+static int
iterate (krb5_context context,
- const char *database,
+ const char *database_name,
HDB *db,
int type,
struct prop_data *pd)
@@ -585,38 +525,36 @@ iterate (krb5_context context,
switch(type) {
case HPROP_KRB4_DUMP:
- ret = v4_prop_dump(pd, database);
- break;
-#ifdef KRB4
- case HPROP_KRB4_DB:
- ret = kerb_db_iterate ((k_iter_proc_t)kdb_prop, pd);
+ ret = v4_prop_dump(pd, database_name);
if(ret)
- krb5_errx(context, 1, "kerb_db_iterate: %s",
- krb_get_err_text(ret));
+ krb5_warnx(context, "v4_prop_dump: %s",
+ krb5_get_err_text(context, ret));
break;
-#endif /* KRB4 */
case HPROP_KASERVER:
- ret = ka_dump(pd, database);
+ ret = ka_dump(pd, database_name);
if(ret)
- krb5_err(context, 1, ret, "ka_dump");
+ krb5_warn(context, ret, "ka_dump");
break;
case HPROP_MIT_DUMP:
- ret = mit_prop_dump(pd, database);
+ ret = mit_prop_dump(pd, database_name);
if (ret)
- krb5_errx(context, 1, "mit_prop_dump: %s",
+ krb5_warnx(context, "mit_prop_dump: %s",
krb5_get_err_text(context, ret));
break;
case HPROP_HEIMDAL:
ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
if(ret)
- krb5_err(context, 1, ret, "hdb_foreach");
+ krb5_warn(context, ret, "hdb_foreach");
break;
+ default:
+ krb5_errx(context, 1, "unknown prop type: %d", type);
}
+ return ret;
}
static int
dump_database (krb5_context context, int type,
- const char *database, HDB *db)
+ const char *database_name, HDB *db)
{
krb5_error_code ret;
struct prop_data pd;
@@ -626,7 +564,9 @@ dump_database (krb5_context context, int type,
pd.auth_context = NULL;
pd.sock = STDOUT_FILENO;
- iterate (context, database, db, type, &pd);
+ ret = iterate (context, database_name, db, type, &pd);
+ if (ret)
+ krb5_errx(context, 1, "iterate failure");
krb5_data_zero (&data);
ret = krb5_write_message (context, &pd.sock, &data);
if (ret)
@@ -637,23 +577,24 @@ dump_database (krb5_context context, int type,
static int
propagate_database (krb5_context context, int type,
- const char *database,
+ const char *database_name,
HDB *db, krb5_ccache ccache,
- int optind, int argc, char **argv)
+ int optidx, int argc, char **argv)
{
krb5_principal server;
krb5_error_code ret;
- int i;
+ int i, failed = 0;
- for(i = optind; i < argc; i++){
+ for(i = optidx; i < argc; i++){
krb5_auth_context auth_context;
int fd;
struct prop_data pd;
krb5_data data;
char *port, portstr[NI_MAXSERV];
-
- port = strchr(argv[i], ':');
+ char *host = argv[i];
+
+ port = strchr(host, ':');
if(port == NULL) {
snprintf(portstr, sizeof(portstr), "%u",
ntohs(krb5_getportbyname (context, "hprop", "tcp",
@@ -662,16 +603,18 @@ propagate_database (krb5_context context, int type,
} else
*port++ = '\0';
- fd = open_socket(context, argv[i], port);
+ fd = open_socket(context, host, port);
if(fd < 0) {
- krb5_warn (context, errno, "connect %s", argv[i]);
+ failed++;
+ krb5_warn (context, errno, "connect %s", host);
continue;
}
ret = krb5_sname_to_principal(context, argv[i],
HPROP_NAME, KRB5_NT_SRV_HST, &server);
if(ret) {
- krb5_warn(context, ret, "krb5_sname_to_principal(%s)", argv[i]);
+ failed++;
+ krb5_warn(context, ret, "krb5_sname_to_principal(%s)", host);
close(fd);
continue;
}
@@ -702,31 +645,45 @@ propagate_database (krb5_context context, int type,
krb5_free_principal(context, server);
if(ret) {
- krb5_warn(context, ret, "krb5_sendauth");
+ failed++;
+ krb5_warn(context, ret, "krb5_sendauth (%s)", host);
close(fd);
- continue;
+ goto next_host;
}
pd.context = context;
pd.auth_context = auth_context;
pd.sock = fd;
- iterate (context, database, db, type, &pd);
+ ret = iterate (context, database_name, db, type, &pd);
+ if (ret) {
+ krb5_warnx(context, "iterate to host %s failed", host);
+ failed++;
+ goto next_host;
+ }
krb5_data_zero (&data);
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
- if(ret)
+ if(ret) {
krb5_warn(context, ret, "krb5_write_priv_message");
+ failed++;
+ goto next_host;
+ }
ret = krb5_read_priv_message(context, auth_context, &fd, &data);
- if(ret)
- krb5_warn(context, ret, "krb5_read_priv_message");
- else
+ if(ret) {
+ krb5_warn(context, ret, "krb5_read_priv_message: %s", host);
+ failed++;
+ goto next_host;
+ } else
krb5_data_free (&data);
+ next_host:
krb5_auth_con_free(context, auth_context);
close(fd);
}
+ if (failed)
+ return 1;
return 0;
}
@@ -737,13 +694,13 @@ main(int argc, char **argv)
krb5_context context;
krb5_ccache ccache = NULL;
HDB *db = NULL;
- int optind = 0;
+ int optidx = 0;
- int type = 0;
+ int type, exit_code;
setprogname(argv[0]);
- if(getarg(args, num_args, argc, argv, &optind))
+ if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(help_flag)
@@ -780,12 +737,10 @@ main(int argc, char **argv)
"only one of `--encrypt' and `--decrypt' is meaningful");
if(source_type != NULL) {
- if(type != 0)
- krb5_errx(context, 1, "more than one database type specified");
type = parse_source_type(source_type);
if(type == 0)
krb5_errx(context, 1, "unknown source type `%s'", source_type);
- } else if(type == 0)
+ } else
type = HPROP_HEIMDAL;
if(!to_stdout)
@@ -799,27 +754,11 @@ main(int argc, char **argv)
krb5_errx(context, 1, "No master key file found");
}
-#ifdef KRB4
- if (IS_TYPE_V4(type)) {
- int e;
-
- if (v4_realm == NULL) {
- e = krb_get_lrealm(realm_buf, 1);
- if(e)
- krb5_errx(context, 1, "krb_get_lrealm: %s",
- krb_get_err_text(e));
- v4_realm = realm_buf;
- }
- }
-#endif
+ if (IS_TYPE_V4(type) && v4_realm == NULL)
+ krb5_errx(context, 1, "Its a Kerberos 4 database "
+ "but no realm configured");
switch(type) {
-#ifdef KRB4
- case HPROP_KRB4_DB:
- if (database == NULL)
- krb5_errx(context, 1, "no database specified");
- break;
-#endif
case HPROP_KASERVER:
if (database == NULL)
database = DEFAULT_DATABASE;
@@ -842,9 +781,9 @@ main(int argc, char **argv)
ret = hdb_create (context, &db, database);
if(ret)
krb5_err(context, 1, ret, "hdb_create: %s", database);
- ret = db->open(context, db, O_RDONLY, 0);
+ ret = db->hdb_open(context, db, O_RDONLY, 0);
if(ret)
- krb5_err(context, 1, ret, "db->open");
+ krb5_err(context, 1, ret, "db->hdb_open");
break;
default:
krb5_errx(context, 1, "unknown dump type `%d'", type);
@@ -852,17 +791,17 @@ main(int argc, char **argv)
}
if (to_stdout)
- dump_database (context, type, database, db);
+ exit_code = dump_database (context, type, database, db);
else
- propagate_database (context, type, database,
- db, ccache, optind, argc, argv);
+ exit_code = propagate_database (context, type, database,
+ db, ccache, optidx, argc, argv);
if(ccache != NULL)
krb5_cc_destroy(context, ccache);
if(db != NULL)
- (*db->destroy)(context, db);
+ (*db->hdb_destroy)(context, db);
krb5_free_context(context);
- return 0;
+ return exit_code;
}
OpenPOWER on IntegriCloud