static krb5_error_code find_mkvnos_in_use(krb5_pointer ptr, krb5_db_entry *entry) { krb5_error_code retval; struct purge_args * args; unsigned int i; krb5_kvno mkvno; args = (struct purge_args *) ptr; retval = krb5_dbe_get_mkvno(args->kcontext, entry, &mkvno); if (retval) return (retval); for (i = 0; i < args->num_kvnos; i++) { if (args->kvnos[i].kvno == mkvno) { /* XXX do I need to worry about use_count wrapping? */ args->kvnos[i].use_count++; break; } } return 0; }
/* Write a principal's metadata. */ static krb5_error_code princ_meta(struct rec_args *args, const char *name, krb5_db_entry *dbe) { int got_adb = 0; char *modby; krb5_kvno mkvno; const char *policy; krb5_principal mod_princ = NULL; krb5_timestamp mod_time, last_pwd; krb5_error_code ret; osa_princ_ent_rec adb; struct rechandle *h = args->rh; memset(&adb, 0, sizeof(adb)); if (startrec(h) < 0) return errno; if (writefield(h, "%s", name) < 0) return errno; ret = krb5_dbe_lookup_last_pwd_change(util_context, dbe, &last_pwd); if (ret) return ret; ret = krb5_dbe_get_mkvno(util_context, dbe, &mkvno); if (ret) return ret; ret = krb5_dbe_lookup_mod_princ_data(util_context, dbe, &mod_time, &mod_princ); if (ret) return ret; ret = krb5_unparse_name(util_context, mod_princ, &modby); krb5_free_principal(util_context, mod_princ); if (ret) return ret; ret = writefield(h, "%s", modby); krb5_free_unparsed_name(util_context, modby); if (ret < 0) return errno; if (write_date(args, mod_time) < 0) return errno; if (write_date(args, last_pwd) < 0) return errno; got_adb = get_adb(dbe, &adb); if (got_adb && adb.policy != NULL) policy = adb.policy; else policy = ""; ret = writefield(h, "%s", policy); if (ret < 0) { ret = errno; goto cleanup; } if (writefield(h, "%d", mkvno) < 0) { ret = errno; goto cleanup; } if (writefield(h, "%d", adb.admin_history_kvno) < 0) { ret = errno; goto cleanup; } if (endrec(h) < 0) ret = errno; else ret = 0; cleanup: kdb_free_entry(NULL, NULL, &adb); return ret; }
static int update_princ_encryption_1(void *cb, krb5_db_entry *ent) { struct update_enc_mkvno *p = cb; char *pname = 0; krb5_error_code retval; int match; krb5_timestamp now; int result; krb5_kvno old_mkvno; retval = krb5_unparse_name(util_context, ent->princ, &pname); if (retval) { com_err(progname, retval, _("getting string representation of principal name")); goto fail; } if (krb5_principal_compare(util_context, ent->princ, master_princ)) { goto skip; } #ifdef SOLARIS_REGEXPS match = (step(pname, p->expbuf) != 0); #endif #ifdef POSIX_REGEXPS match = (regexec(&p->preg, pname, 0, NULL, 0) == 0); #endif #ifdef BSD_REGEXPS match = (re_exec(pname) != 0); #endif if (!match) { goto skip; } p->re_match_count++; retval = krb5_dbe_get_mkvno(util_context, ent, &old_mkvno); if (retval) { com_err(progname, retval, _("determining master key used for principal '%s'"), pname); goto fail; } /* Line up "skip" and "update" messages for viewing. */ if (old_mkvno == new_mkvno) { if (p->dry_run && p->verbose) printf(_("would skip: %s\n"), pname); else if (p->verbose) printf(_("skipping: %s\n"), pname); p->already_current++; goto skip; } if (p->dry_run) { if (p->verbose) printf(_("would update: %s\n"), pname); p->updated++; goto skip; } else if (p->verbose) printf(_("updating: %s\n"), pname); retval = master_key_convert (util_context, ent); if (retval) { com_err(progname, retval, _("error re-encrypting key for principal '%s'"), pname); goto fail; } if ((retval = krb5_timeofday(util_context, &now))) { com_err(progname, retval, _("while getting current time")); goto fail; } if ((retval = krb5_dbe_update_mod_princ_data(util_context, ent, now, master_princ))) { com_err(progname, retval, _("while updating principal '%s' modification time"), pname); goto fail; } ent->mask |= KADM5_KEY_DATA; if ((retval = krb5_db_put_principal(util_context, ent))) { com_err(progname, retval, _("while updating principal '%s' key data " "in the database"), pname); goto fail; } p->updated++; skip: result = 0; goto egress; fail: exit_status++; result = 1; egress: if (pname) krb5_free_unparsed_name(util_context, pname); return result; }