Modified the ldap plugin so the mkvno slot in the krbprincipalkey

attribute is used.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21811 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index cfe35fe2bcbaf7d33ce0faee93577fbb71508e94..0c0daec546ee3f601b38530f9dddcc1ec1abeb70 100644 (file)
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -185,7 +185,7 @@ kdb5_add_mkey(int argc, char *argv[])
         switch(optchar) {
         case 'e':
             if (krb5_string_to_enctype(optarg, &new_master_enctype)) {
-                com_err(progname, EINVAL, ": %s is an invalid enctype", optarg);
+                com_err(progname, EINVAL, "%s is an invalid enctype", optarg);
                 exit_status++;
                 return;
             }
@@ -338,7 +338,7 @@ kdb5_use_mkey(int argc, char *argv[])
 
     use_kvno = atoi(argv[1]);
     if (use_kvno == 0) {
-        com_err(progname, EINVAL, ": 0 is an invalid KVNO value.");
+        com_err(progname, EINVAL, "0 is an invalid KVNO value");
         exit_status++;
         return;
     } else {
@@ -351,14 +351,14 @@ kdb5_use_mkey(int argc, char *argv[])
             }
         }
         if (!found) {
-            com_err(progname, EINVAL, ": %d is an invalid KVNO value.", use_kvno);
+            com_err(progname, EINVAL, "%d is an invalid KVNO value", use_kvno);
             exit_status++;
             return;
         }
     }
 
     if ((retval = krb5_timeofday(util_context, &now))) {
-        com_err(progname, retval, "while getting current time.");
+        com_err(progname, retval, "while getting current time");
         exit_status++;
         return;
     }
@@ -466,7 +466,7 @@ kdb5_use_mkey(int argc, char *argv[])
 
     if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry,
                                           new_actkvno_list_head))) {
-        com_err(progname, retval, "while updating actkvno data for master principal entry.");
+        com_err(progname, retval, "while updating actkvno data for master principal entry");
         exit_status++;
         return;
     }

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
index 1c93a8cdb1d12cee401ad757b437e4df8db1e6be..f8e1d4415e4b858427b44f3a43e1433ddb2d16d6 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
@@ -148,7 +148,7 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
 
     return(0);
 }
-
+#if 0 /************** Begin IFDEF'ed OUT *******************************/
 krb5_error_code
 krb5_dbe_lookup_mkvno(krb5_context context,
                      krb5_db_entry *entry,
@@ -192,6 +192,7 @@ krb5_dbe_update_mkvno(krb5_context    context,
 
     return (krb5_dbe_update_tl_data(context, entry, &tl_data));
 }
+#endif /**************** END IFDEF'ed OUT *******************************/
 
 /* it seems odd that there's no function to remove a tl_data, but if
    I need one, I'll add one */

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 79ca63472f7c252aa7fa5ff54172096e4d6bf7b1..f0734deb2a55a173c96345b356eb1739c3171f72 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -2059,9 +2059,16 @@ populate_krb5_db_entry (krb5_context context,
 
     /* KRBSECRETKEY */
     if ((bvalues=ldap_get_values_len(ld, ent, "krbprincipalkey")) != NULL) {
+        krb5_kvno mkvno = 0;
+
        mask |= KDB_SECRET_KEY_ATTR;
-       if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data)) != 0)
+       if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
            goto cleanup;
+        if (mkvno != 0) {
+            /* don't add the tl data if mkvno == 0 */
+            if ((st=krb5_dbe_update_mkvno(context, entry, mkvno)) != 0)
+                goto cleanup;
+        }
     }
 
     /* LAST PASSWORD CHANGE */

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
index 18e2acc0605bfc9b1a70000fe3fe54856f51d6ca..502e71ccd559fa45685b06c0e8c80540c56903b8 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -112,7 +112,7 @@ krb5_ldap_parse_principal_name(char *, char **);
 
 krb5_error_code
 krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
-    krb5_tl_data *);
+                        krb5_tl_data *, krb5_kvno *);
 
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out);

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 561a65d99b9c0816b3d28a6654baf0f6efa45275..f7d19e0ccc58ec63bc51353bc9d4d200824b1044 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -371,7 +371,7 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
 
 /* Decoding ASN.1 encoded key */
 static struct berval **
-krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data) {
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvno) {
     struct berval **ret = NULL;
     int currkvno;
     int num_versions = 1;
@@ -396,7 +396,7 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data) {
        if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
            asn1_encode_sequence_of_keys (key_data+last,
                                          (krb5_int16) i - last + 1,
-                                         0, /* For now, mkvno == 0*/
+                                         mkvno,
                                          &code);
            ret[j] = malloc (sizeof (struct berval));
            if (ret[j] == NULL) {
@@ -927,8 +927,12 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
        }
 
        if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
+            krb5_kvno mkvno;
+
+            if ((st=krb5_dbe_lookup_mkvno(context, entries, &mkvno)) != 0)
+                goto cleanup;
            bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
-                                                    entries->n_key_data);
+                                                    entries->n_key_data, mkvno);
 
            if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
                                              LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
@@ -1220,11 +1224,12 @@ cleanup:
 }
 
 krb5_error_code
-krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
+krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
     krb5_context                context;
     krb5_db_entry               *entries;
     struct berval               **bvalues;
     krb5_tl_data                *userinfo_tl_data;
+    krb5_kvno                   *mkvno;
 {
     char                        *user=NULL;
     int                         i=0, j=0, noofkeys=0;
@@ -1235,7 +1240,6 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
        goto cleanup;
 
     for (i=0; bvalues[i] != NULL; ++i) {
-       int mkvno; /* Not used currently */
        krb5_int16 n_kd;
        krb5_key_data *kd;
        krb5_data in;
@@ -1248,7 +1252,7 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
        st = asn1_decode_sequence_of_keys (&in,
                                           &kd,
                                           &n_kd,
-                                          &mkvno);
+                                          mkvno);
 
        if (st != 0) {
            const char *msg = error_message(st);