static krb5_error_code
find_mkvnos_in_use(krb5_pointer ptr,
krb5_db_entry *entry)
{
krb5_error_code retval;
struct purge_args * args;
unsigned int i;
krb5_kvno mkvno;
args = (struct purge_args *) ptr;
retval = krb5_dbe_get_mkvno(args->kcontext, entry, &mkvno);
if (retval)
return (retval);
for (i = 0; i < args->num_kvnos; i++) {
if (args->kvnos[i].kvno == mkvno) {
/* XXX do I need to worry about use_count wrapping? */
args->kvnos[i].use_count++;
break;
}
}
return 0;
}
/* Write a principal's metadata. */
static krb5_error_code
princ_meta(struct rec_args *args, const char *name, krb5_db_entry *dbe)
{
int got_adb = 0;
char *modby;
krb5_kvno mkvno;
const char *policy;
krb5_principal mod_princ = NULL;
krb5_timestamp mod_time, last_pwd;
krb5_error_code ret;
osa_princ_ent_rec adb;
struct rechandle *h = args->rh;
memset(&adb, 0, sizeof(adb));
if (startrec(h) < 0)
return errno;
if (writefield(h, "%s", name) < 0)
return errno;
ret = krb5_dbe_lookup_last_pwd_change(util_context, dbe, &last_pwd);
if (ret)
return ret;
ret = krb5_dbe_get_mkvno(util_context, dbe, &mkvno);
if (ret)
return ret;
ret = krb5_dbe_lookup_mod_princ_data(util_context, dbe, &mod_time,
&mod_princ);
if (ret)
return ret;
ret = krb5_unparse_name(util_context, mod_princ, &modby);
krb5_free_principal(util_context, mod_princ);
if (ret)
return ret;
ret = writefield(h, "%s", modby);
krb5_free_unparsed_name(util_context, modby);
if (ret < 0)
return errno;
if (write_date(args, mod_time) < 0)
return errno;
if (write_date(args, last_pwd) < 0)
return errno;
got_adb = get_adb(dbe, &adb);
if (got_adb && adb.policy != NULL)
policy = adb.policy;
else
policy = "";
ret = writefield(h, "%s", policy);
if (ret < 0) {
ret = errno;
goto cleanup;
}
if (writefield(h, "%d", mkvno) < 0) {
ret = errno;
goto cleanup;
}
if (writefield(h, "%d", adb.admin_history_kvno) < 0) {
ret = errno;
goto cleanup;
}
if (endrec(h) < 0)
ret = errno;
else
ret = 0;
cleanup:
kdb_free_entry(NULL, NULL, &adb);
return ret;
}
static int
update_princ_encryption_1(void *cb, krb5_db_entry *ent)
{
struct update_enc_mkvno *p = cb;
char *pname = 0;
krb5_error_code retval;
int match;
krb5_timestamp now;
int result;
krb5_kvno old_mkvno;
retval = krb5_unparse_name(util_context, ent->princ, &pname);
if (retval) {
com_err(progname, retval,
_("getting string representation of principal name"));
goto fail;
}
if (krb5_principal_compare(util_context, ent->princ, master_princ)) {
goto skip;
}
#ifdef SOLARIS_REGEXPS
match = (step(pname, p->expbuf) != 0);
#endif
#ifdef POSIX_REGEXPS
match = (regexec(&p->preg, pname, 0, NULL, 0) == 0);
#endif
#ifdef BSD_REGEXPS
match = (re_exec(pname) != 0);
#endif
if (!match) {
goto skip;
}
p->re_match_count++;
retval = krb5_dbe_get_mkvno(util_context, ent, &old_mkvno);
if (retval) {
com_err(progname, retval,
_("determining master key used for principal '%s'"), pname);
goto fail;
}
/* Line up "skip" and "update" messages for viewing. */
if (old_mkvno == new_mkvno) {
if (p->dry_run && p->verbose)
printf(_("would skip: %s\n"), pname);
else if (p->verbose)
printf(_("skipping: %s\n"), pname);
p->already_current++;
goto skip;
}
if (p->dry_run) {
if (p->verbose)
printf(_("would update: %s\n"), pname);
p->updated++;
goto skip;
} else if (p->verbose)
printf(_("updating: %s\n"), pname);
retval = master_key_convert (util_context, ent);
if (retval) {
com_err(progname, retval,
_("error re-encrypting key for principal '%s'"), pname);
goto fail;
}
if ((retval = krb5_timeofday(util_context, &now))) {
com_err(progname, retval, _("while getting current time"));
goto fail;
}
if ((retval = krb5_dbe_update_mod_princ_data(util_context, ent,
now, master_princ))) {
com_err(progname, retval,
_("while updating principal '%s' modification time"), pname);
goto fail;
}
ent->mask |= KADM5_KEY_DATA;
if ((retval = krb5_db_put_principal(util_context, ent))) {
com_err(progname, retval, _("while updating principal '%s' key data "
"in the database"), pname);
goto fail;
}
p->updated++;
skip:
result = 0;
goto egress;
fail:
exit_status++;
result = 1;
egress:
if (pname)
krb5_free_unparsed_name(util_context, pname);
return result;
}
