IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-pwd-extop: Use the proper mkvno number in keys

Browse Source 
Setting 0 will work as MIT KDCs assume the current master key when that is
found. But it is a legacy compatibility mode and we should instead set the
proper mkvno number on keys so changeing master key becomes possible w/o
having to do a dump reload and stopping the service. This is especially
important in replicated environments.
This commit is contained in:
Simo Sorce 2011-06-10 14:24:18 -04:00
parent 5746bbe92a
commit 229b9a209c
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
View File

@ -680,8 +680,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
kset->major_vno = 1;
kset->minor_vno = 1;
kset->kvno = kvno;
/* we also assum mkvno is 0 */
kset->mkvno = 0;
kset->mkvno = krbcfg->mkvno;
kset->keys = NULL;
kset->num_keys = 0;

1
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
View File

@ -105,6 +105,7 @@ struct ipapwd_encsalt {
struct ipapwd_krbcfg {
krb5_context krbctx;
char *realm;
int mkvno;
krb5_keyblock *kmkey;
int num_supp_encsalts;
struct ipapwd_encsalt *supp_encsalts;

5
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
View File

@ -152,7 +152,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
Slapi_Attr *a;
Slapi_Value *v;
BerElement *be = NULL;
ber_tag_t tag, tmp;
ber_tag_t tag, tvno;
ber_int_t ttype;
const struct berval *bval;
struct berval *mkey = NULL;
@ -219,12 +219,13 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
goto free_and_error;
}
tag = ber_scanf(be, "{i{iO}}", &tmp, &ttype, &mkey);
tag = ber_scanf(be, "{i{iO}}", &tvno, &ttype, &mkey);
if (tag == LBER_ERROR) {
LOG_FATAL("Bad Master key encoding ?!\n");
goto free_and_error;
}
config->mkvno = tvno;
kmkey->magic = KV5M_KEYBLOCK;
kmkey->enctype = ttype;
kmkey->length = mkey->bv_len;

3
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
View File

@ -298,8 +298,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
kset->minor_vno = 1;
/* increment kvno (will be 1 if this is a new entry) */
kset->kvno = kvno + 1;
/* we also assum mkvno is 0 */
kset->mkvno = 0;
kset->mkvno = krbcfg->mkvno;
kset->num_keys = krbcfg->num_pref_encsalts;
kset->keys = calloc(kset->num_keys, sizeof(struct ipapwd_krbkey));