kcrap/kcrap-0.2.3-mit-krb5-1.9.patch

   1 diff -Naur kcrap-0.2.3/server/kcrap_kdb.c kcrap-0.2.3-patched/server/kcrap_kdb.c
   2 --- kcrap-0.2.3/server/kcrap_kdb.c      2009-08-12 19:39:34.000000000 -0400
   3 +++ kcrap-0.2.3-patched/server/kcrap_kdb.c      2011-11-12 22:25:05.000000000 -0500
   4 @@ -36,8 +36,7 @@
   5  int kcrap_open_kdb(krb5_context context, profile_t profile, char* kcrap_section) {
   6      krb5_error_code retval;
   7      int nentries;
   8 -    krb5_boolean more;
   9 -    krb5_db_entry master_entry;
  10 +    krb5_db_entry *master_entry;
  11      krb5_principal master_princ;
  12      char* dbname;
  13      char* realm = NULL;
  14 @@ -89,17 +88,10 @@
  15         com_err("open_kdb", retval, "while setting up master key name");
  16         goto free1;
  17      }
  18 -    if ((retval = krb5_db_get_principal(context, master_princ, &master_entry, &nentries, &more))) {
  19 +    /* krb5_db_get_principal(krb5_context kcontext, krb5_const_principal search_for, unsigned int flags, krb5_db_entry **entry) */
  20 +    if ((retval = krb5_db_get_principal(context, master_princ, 0, &master_entry))) {
  21         com_err("open_kdb", retval, "while retrieving master entry");
  22         goto free2;
  23 -    } else if (more) {
  24 -       retval = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
  25 -       com_err("open_kdb", retval, "while retrieving master entry");
  26 -       goto free3;
  27 -    } else if (!nentries) {
  28 -       retval = KRB5_KDB_NOENTRY;
  29 -       com_err("open_kdb", retval, "while retrieving master entry");
  30 -       goto free3;
  31      }
  32
  33      if ((retval = profile_get_string(profile, "realms", realm, "key_stash_file", NULL, &stash_file))) {
  34 @@ -113,16 +105,18 @@
  35         com_err("open_kdb", retval, "while fetching master key %s for realm %s", KRB5_KDB_M_NAME, realm);
  36         goto free4;
  37      }
  38 +    /*
  39      if ((retval = krb5_db_verify_master_key(context, master_princ, KVNO_ARG_OPT &master_keyblock))) {
  40         com_err("kdb_open", retval, "while verifying master key");
  41         krb5_free_keyblock_contents(context, &master_keyblock);
  42         goto free4;
  43      }
  44 +    */
  45
  46      free4:
  47      profile_release_string(stash_file);
  48      free3:
  49 -    krb5_db_free_principal(context, &master_entry, nentries);
  50 +    krb5_db_free_principal(context, master_entry);
  51      free2:
  52      krb5_free_principal(context, master_princ);
  53      if (retval) krb5_db_fini(context);
  54 @@ -135,11 +129,10 @@
  55
  56
  57  int kcrap_getkey(krb5_context context, struct kcrap_data principal, krb5_enctype keytype, int *nkeyblocks, struct keyblocks *keyblocks) {
  58 -    krb5_db_entry dbe;
  59 +    krb5_db_entry *dbe;
  60      krb5_principal princ;
  61      int nprincs = 1;
  62      int retval;
  63 -    krb5_boolean more;
  64      char* pstr;
  65      int i;
  66      int count;
  67 @@ -157,35 +150,29 @@
  68      if ((retval = krb5_parse_name(context, pstr, &princ)))
  69         goto free0;
  70
  71 -    if ((retval = krb5_db_get_principal(context, princ, &dbe, &nprincs, &more))) {
  72 +    if ((retval = krb5_db_get_principal(context, princ, 0, &dbe))) {
  73         goto free1;
  74 -    } else if (more) {
  75 -       retval = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
  76 -       goto free2;
  77 -    } else if (!nprincs) {
  78 -       retval = KRB5_KDB_NOENTRY;
  79 -       goto free2;
  80      }
  81
  82      if ((retval = krb5_timeofday(context, &nowtime))) {
  83         goto free2;
  84      }
  85
  86 -    if (dbe.pw_expiration && dbe.pw_expiration < nowtime) {
  87 +    if (dbe->pw_expiration && dbe->pw_expiration < nowtime) {
  88         retval = KRB5KDC_ERR_KEY_EXP;
  89         goto free2;
  90      }
  91 -    if (dbe.expiration && dbe.expiration < nowtime) {
  92 +    if (dbe->expiration && dbe->expiration < nowtime) {
  93         retval = KRB5KDC_ERR_NAME_EXP;
  94         goto free2;
  95      }
  96
  97      count = 0;
  98      kvno = 0;
  99 -    for (i = 0; i < dbe.n_key_data; i++) {
 100 -       if (kvno < dbe.key_data[i].key_data_kvno) {
 101 +    for (i = 0; i < dbe->n_key_data; i++) {
 102 +       if (kvno < dbe->key_data[i].key_data_kvno) {
 103             count = 0;
 104 -           kvno = dbe.key_data[i].key_data_kvno;
 105 +           kvno = dbe->key_data[i].key_data_kvno;
 106         }
 107         count++;
 108      }
 109 @@ -195,10 +182,10 @@
 110      }
 111
 112      count = 0;
 113 -    for (i = 0; i < dbe.n_key_data && count < *nkeyblocks; i++) {
 114 -       if (kvno == dbe.key_data[i].key_data_kvno) {
 115 +    for (i = 0; i < dbe->n_key_data && count < *nkeyblocks; i++) {
 116 +       if (kvno == dbe->key_data[i].key_data_kvno) {
 117             /* XXX: what if we needed to specify a salt? */
 118 -           retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock, &dbe.key_data[i], &keyblocks[count].key, NULL);
 119 +           retval = krb5_dbe_decrypt_key_data(context, &master_keyblock, &dbe->key_data[i], &keyblocks[count].key, NULL);
 120             if (retval == 0) count++;
 121         }
 122      }
 123 @@ -211,7 +198,7 @@
 124      }
 125
 126      free2:
 127 -    krb5_db_free_principal(context, &dbe, nprincs);
 128 +    krb5_db_free_principal(context, dbe);
 129      free1:
 130      krb5_free_principal(context, princ);
 131      free0: