diff options
author | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
---|---|---|
committer | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
commit | 3a971fe69aad52dfd248901ae796e64a96ae3e37 (patch) | |
tree | ac7b5c62510ffa9f0316643bcb19a3fed3d5bef7 /crypto/heimdal/kadmin | |
parent | 2934fc23653f64b32f4db32233d7eda11ca274f0 (diff) | |
parent | ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (diff) | |
download | FreeBSD-src-3a971fe69aad52dfd248901ae796e64a96ae3e37.zip FreeBSD-src-3a971fe69aad52dfd248901ae796e64a96ae3e37.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r72445,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/kadmin')
-rw-r--r-- | crypto/heimdal/kadmin/ChangeLog | 233 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/Makefile.am | 27 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/Makefile.in | 501 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/add-random-users.c | 157 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/ank.c | 58 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/cpw.c | 44 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/del.c | 31 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/del_enctype.c | 32 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/get.c | 92 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/init.c | 27 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadm_conn.c | 288 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.8 | 239 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.c | 49 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.8 | 133 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.c | 42 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/load.c | 70 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/mod.c | 18 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/rename.c | 30 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/server.c | 193 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/util.c | 126 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/version4.c | 99 |
21 files changed, 2032 insertions, 457 deletions
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index 05ee0d4..f28577c 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,3 +1,236 @@ +2001-01-29 Assar Westerlund <assar@sics.se> + + * kadm_conn.c (spawn_child): close the newly created socket in the + packet, it's not used. from <shadow@dementia.org> + * version4.c (decode_packet): check success of + krb5_425_conv_principal. from <shadow@dementia.org> + +2001-01-12 Assar Westerlund <assar@sics.se> + + * util.c (parse_attributes): make empty string mean no attributes, + specifying the empty string at the command line should give you no + attributes, but just pressing return at the prompt gives you + default attributes + (edit_entry): only pick up values from the default principal if they + aren't set in the principal being edited + +2001-01-04 Assar Westerlund <assar@sics.se> + + * load.c (doit): print an error and bail out if storing an entry + in the database fails. The most likely reason for it failing is + out-of-space. + +2000-12-31 Assar Westerlund <assar@sics.se> + + * kadmind.c (main): handle krb5_init_context failure consistently + * kadmin.c (main): handle krb5_init_context failure consistently + * add-random-users.c (add_user): handle krb5_init_context failure + consistently + + * kadm_conn.c (spawn_child): use a struct sockaddr_storage + +2000-12-15 Johan Danielsson <joda@pdc.kth.se> + + * get.c: avoid asprintf'ing NULL strings + +2000-12-14 Johan Danielsson <joda@pdc.kth.se> + + * load.c: fix option parsing + +2000-11-16 Assar Westerlund <assar@sics.se> + + * kadm_conn.c (wait_for_connection): check for fd's being too + large to select on + +2000-11-09 Johan Danielsson <joda@pdc.kth.se> + + * get.c: don't try to print modifier name if it isn't set (from + Jacques A. Vidrine" <n@nectar.com>) + +2000-09-19 Assar Westerlund <assar@sics.se> + + * server.c (kadmind_loop): send in keytab to v4 handling function + * version4.c: allow the specification of what keytab to use + + * get.c (print_entry_long): actually print the actual saltvalue + used if it's not the default + +2000-09-10 Johan Danielsson <joda@pdc.kth.se> + + * kadmin.c: add option parsing, and add `privs' as an alias for + `privileges' + + * init.c: complain if there's no realm name specified + + * rename.c: add option parsing + + * load.c: add option parsing + + * get.c: make `get' and `list' aliases to each other, but with + different defaults + + * del_enctype.c: add option parsing + + * del.c: add option parsing + + * ank.c: calling the command `add' make more sense from an english + pov + + * Makefile.am: add kadmin manpage + + * kadmin.8: short manpage + + * kadmin.c: `quit' should be a alias for `exit', not `help' + +2000-08-27 Assar Westerlund <assar@sics.se> + + * server.c (handle_v5): do not try to perform stupid stunts when + printing errors + +2000-08-19 Assar Westerlund <assar@sics.se> + + * util.c (str2time_t): add alias for `now'. + +2000-08-18 Assar Westerlund <assar@sics.se> + + * server.c (handle_v5): accept any kadmin/admin@* principal as the + server + * kadmind.c: remove extra prototype of kadmind_loop + * kadmin_locl.h (kadmind_loop): add prototype + + * init.c (usage): print init-usage and not add-dito + +2000-08-07 Johan Danielsson <joda@pdc.kth.se> + + * kadmind.c: use roken_getsockname + +2000-08-07 Assar Westerlund <assar@sics.se> + + * kadmind.c, kadm_conn.c: use socklen_t instead of int where + appropriate. From <thorpej@netbsd.org> + +2000-08-04 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: link with pidfile library + + * kadmind.c: write a pid file, and setup password quality + functions + + * kadmin_locl.h: util.h + +2000-07-27 Assar Westerlund <assar@sics.se> + + * version4.c (decode_packet): be totally consistent with the + prototype of des_cbc_cksum + * kadmind.c: use sa_size instead of sa_len, some systems define + this to emulate anonymous unions + * kadm_conn.c: use sa_size instead of sa_len, some systems define + this to emulate anonymous unions + +2000-07-24 Assar Westerlund <assar@sics.se> + + * kadmin.c (commands): add quit + * load.c (doit): truncate the log since there's no way of knowing + what changes are going to be added + +2000-07-23 Assar Westerlund <assar@sics.se> + + * util.c (str2time_t): be more careful with strptime that might + zero out the `struct tm' + +2000-07-22 Johan Danielsson <joda@pdc.kth.se> + + * kadm_conn.c: make the parent process wait for children and + terminate after receiving a signal, also terminate on SIGINT + +2000-07-22 Assar Westerlund <assar@sics.se> + + * version4.c: map both princ_expire_time and pw_expiration to v4 + principal expiration + +2000-07-22 Johan Danielsson <joda@pdc.kth.se> + + * version4.c (handle_v4): check for termination + + * server.c (v5_loop): check for termination + + * kadm_conn.c (wait_term): if we're doing something, set just set + a flag otherwise exit rightaway + + * server.c: use krb5_read_priv_message; (v5_loop): check for EOF + +2000-07-21 Assar Westerlund <assar@sics.se> + + * kadm_conn.c: remove sys/select.h. make signal handlers + type-correct and static + + * kadmin_locl.h: add limits.h and sys/select.h + +2000-07-20 Assar Westerlund <assar@sics.se> + + * init.c (init): also create `kadmin/hprop' + * kadmind.c: ports is a string argument + * kadm_conn.c (start_server): fix printf format + + * kadmin_locl.h: add <sys/select.h> + * kadm_conn.c: remove sys/select.h. make signal handlers + type-correct and static + + * kadmin_locl.h: add limits.h and sys/select.h + +2000-07-17 Johan Danielsson <joda@pdc.kth.se> + + * kadm_conn.c: put all processes in a new process group + + * server.c (v5_loop): use krb5_{read,write}_priv_message + +2000-07-11 Johan Danielsson <joda@pdc.kth.se> + + * version4.c: change log strings to match the v5 counterparts + + * mod.c: allow setting kvno + + * kadmind.c: if stdin is not a socket create and listen to sockets + + * kadm_conn.c: socket creation functions + + * util.c (deltat2str): treat 0 and INT_MAX as never + +2000-07-08 Assar Westerlund <assar@sics.se> + + * Makefile.am (INCLUDES): add ../lib/krb5 + * kadmin_locl.h: add krb5_locl.h (since we just use some stuff + from there) + +2000-06-07 Assar Westerlund <assar@sics.se> + + * add-random-users.c: new testing program that adds a number of + randomly generated users + +2000-04-12 Assar Westerlund <assar@sics.se> + + * cpw.c (do_cpw_entry): call set_password if no argument is given, + it will prompt for the password. + * kadmin.c: make help only print the commands that are actually + available. + +2000-04-03 Assar Westerlund <assar@sics.se> + + * del_enctype.c (del_enctype): set ignore correctly + +2000-04-02 Assar Westerlund <assar@sics.se> + + * kadmin.c (main): make parse errors a fatal error + * init.c (init): create changepw/kerberos with disallow-tgt and + pwchange attributes + +2000-03-23 Assar Westerlund <assar@sics.se> + + * util.c (hex2n, parse_des_key): add + * server.c (kadmind_dispatch): add kadm_chpass_with_key + * cpw.c: add --key + * ank.c: add --key + 2000-02-16 Assar Westerlund <assar@sics.se> * load.c (doit): check return value from parse_hdbflags2int diff --git a/crypto/heimdal/kadmin/Makefile.am b/crypto/heimdal/kadmin/Makefile.am index 2bafb55..5852198 100644 --- a/crypto/heimdal/kadmin/Makefile.am +++ b/crypto/heimdal/kadmin/Makefile.am @@ -1,13 +1,17 @@ -# $Id: Makefile.am,v 1.25 2000/01/06 08:04:13 assar Exp $ +# $Id: Makefile.am,v 1.32 2000/11/15 22:51:12 assar Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_readline) $(INCLUDE_krb4) +INCLUDES += $(INCLUDE_readline) $(INCLUDE_krb4) -I$(srcdir)/../lib/krb5 sbin_PROGRAMS = kadmin libexec_PROGRAMS = kadmind +man_MANS = kadmin.8 kadmind.8 + +noinst_PROGRAMS = add_random_users + kadmin_SOURCES = \ ank.c \ cpw.c \ @@ -30,20 +34,29 @@ KRB4LIB = $(LIB_krb4) version4_c = version4.c endif -kadmind_SOURCES = kadmind.c server.c kadmin_locl.h $(version4_c) +kadmind_SOURCES = \ + kadmind.c \ + server.c \ + kadmin_locl.h \ + $(version4_c) \ + kadm_conn.c EXTRA_kadmind_SOURCES = version4.c +add_random_users_SOURCES = add-random-users.c + COMMON_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ + $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/des/libdes.la \ + $(LIB_des) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) \ $(DBLIB) kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(COMMON_LDADD) \ + $(LIB_pidfile) \ $(LIB_dlopen) kadmin_LDADD = \ @@ -53,3 +66,9 @@ kadmin_LDADD = \ $(LIB_readline) \ $(COMMON_LDADD) \ $(LIB_dlopen) + +add_random_users_LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/kadm5/libkadm5srv.la \ + $(COMMON_LDADD) \ + $(LIB_dlopen) diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in index b7fa775..1e84e56 100644 --- a/crypto/heimdal/kadmin/Makefile.in +++ b/crypto/heimdal/kadmin/Makefile.in @@ -1,6 +1,6 @@ -# Makefile.in generated automatically by automake 1.4 from Makefile.am +# Makefile.in generated automatically by automake 1.4a from Makefile.am -# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -10,15 +10,6 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# $Id: Makefile.am,v 1.25 2000/01/06 08:04:13 assar Exp $ - - -# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ - - -# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $ - - SHELL = @SHELL@ srcdir = @srcdir@ @@ -40,8 +31,6 @@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include -DESTDIR = - pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -54,9 +43,10 @@ AUTOMAKE = @AUTOMAKE@ AUTOHEADER = @AUTOHEADER@ INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = transform = @program_transform_name@ NORMAL_INSTALL = : @@ -65,26 +55,39 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : + +@SET_MAKE@ host_alias = @host_alias@ host_triplet = @host@ -AFS_EXTRA_LD = @AFS_EXTRA_LD@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ INCLUDE_ = @INCLUDE_@ -LD = @LD@ LEX = @LEX@ LIBOBJS = @LIBOBJS@ LIBTOOL = @LIBTOOL@ LIB_ = @LIB_@ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ LIB_kdb = @LIB_kdb@ LIB_otp = @LIB_otp@ LIB_roken = @LIB_roken@ @@ -92,31 +95,43 @@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ -MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@ -MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@ -MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ -NM = @NM@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ RANLIB = @RANLIB@ +STRIP = @STRIP@ VERSION = @VERSION@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.32 2000/11/15 22:51:12 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ + AUTOMAKE_OPTIONS = foreign no-dependencies SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x -INCLUDES = -I$(top_builddir)/include $(INCLUDE_readline) $(INCLUDE_krb4) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_krb4) -I$(srcdir)/../lib/krb5 AM_CFLAGS = $(WFLAGS) +CP = cp + COMPILE_ET = $(top_builddir)/lib/com_err/compile_et buildinclude = $(top_builddir)/include @@ -136,6 +151,7 @@ LIB_getsockopt = @LIB_getsockopt@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ LIB_readline = @LIB_readline@ LIB_res_search = @LIB_res_search@ LIB_setpcred = @LIB_setpcred@ @@ -144,6 +160,8 @@ LIB_socket = @LIB_socket@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIBS = @LIBS@ + HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ INCLUDE_hesiod = @INCLUDE_hesiod@ @@ -152,24 +170,20 @@ LIB_hesiod = @LIB_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ LIB_krb4 = @LIB_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + INCLUDE_readline = @INCLUDE_readline@ LEXLIB = @LEXLIB@ -cat1dir = $(mandir)/cat1 -cat3dir = $(mandir)/cat3 -cat5dir = $(mandir)/cat5 -cat8dir = $(mandir)/cat8 - -MANRX = \(.*\)\.\([0-9]\) -CATSUFFIX = @CATSUFFIX@ - NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la CHECK_LOCAL = $(PROGRAMS) @@ -177,84 +191,147 @@ sbin_PROGRAMS = kadmin libexec_PROGRAMS = kadmind -kadmin_SOURCES = ank.c cpw.c del.c del_enctype.c dump.c ext.c get.c init.c kadmin.c load.c mod.c rename.c util.c random_password.c kadmin_locl.h +man_MANS = kadmin.8 kadmind.8 + +noinst_PROGRAMS = add_random_users +kadmin_SOURCES = \ + ank.c \ + cpw.c \ + del.c \ + del_enctype.c \ + dump.c \ + ext.c \ + get.c \ + init.c \ + kadmin.c \ + load.c \ + mod.c \ + rename.c \ + util.c \ + random_password.c \ + kadmin_locl.h -@KRB4_TRUE@KRB4LIB = $(LIB_krb4) -@KRB4_TRUE@version4_c = version4.c -kadmind_SOURCES = kadmind.c server.c kadmin_locl.h $(version4_c) +@KRB4_TRUE@KRB4LIB = @KRB4_TRUE@$(LIB_krb4) +@KRB4_TRUE@version4_c = @KRB4_TRUE@version4.c + +kadmind_SOURCES = \ + kadmind.c \ + server.c \ + kadmin_locl.h \ + $(version4_c) \ + kadm_conn.c + EXTRA_kadmind_SOURCES = version4.c -COMMON_LDADD = $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(LIB_roken) $(DBLIB) +add_random_users_SOURCES = add-random-users.c + +COMMON_LDADD = \ + $(top_builddir)/lib/hdb/libhdb.la \ + $(LIB_openldap) \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_des) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_roken) \ + $(DBLIB) + +kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \ + $(COMMON_LDADD) \ + $(LIB_pidfile) \ + $(LIB_dlopen) -kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la $(COMMON_LDADD) $(LIB_dlopen) +kadmin_LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/kadm5/libkadm5srv.la \ + $(top_builddir)/lib/sl/libsl.la \ + $(LIB_readline) \ + $(COMMON_LDADD) \ + $(LIB_dlopen) -kadmin_LDADD = $(top_builddir)/lib/kadm5/libkadm5clnt.la $(top_builddir)/lib/kadm5/libkadm5srv.la $(top_builddir)/lib/sl/libsl.la $(LIB_readline) $(COMMON_LDADD) $(LIB_dlopen) +add_random_users_LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/kadm5/libkadm5srv.la \ + $(COMMON_LDADD) \ + $(LIB_dlopen) + +subdir = kadmin mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = ../include/config.h CONFIG_CLEAN_FILES = libexec_PROGRAMS = kadmind$(EXEEXT) +noinst_PROGRAMS = add_random_users$(EXEEXT) sbin_PROGRAMS = kadmin$(EXEEXT) -PROGRAMS = $(libexec_PROGRAMS) $(sbin_PROGRAMS) +PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) DEFS = @DEFS@ -I. -I$(srcdir) -I../include CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ -LIBS = @LIBS@ X_CFLAGS = @X_CFLAGS@ X_LIBS = @X_LIBS@ X_EXTRA_LIBS = @X_EXTRA_LIBS@ X_PRE_LIBS = @X_PRE_LIBS@ -@KRB4_TRUE@kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \ -@KRB4_TRUE@version4.$(OBJEXT) -@KRB4_FALSE@kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) -@KRB4_TRUE@kadmind_DEPENDENCIES = \ -@KRB4_TRUE@$(top_builddir)/lib/kadm5/libkadm5srv.la \ -@KRB4_TRUE@$(top_builddir)/lib/hdb/libhdb.la \ -@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \ -@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@kadmind_DEPENDENCIES = \ -@KRB4_FALSE@$(top_builddir)/lib/kadm5/libkadm5srv.la \ -@KRB4_FALSE@$(top_builddir)/lib/hdb/libhdb.la \ -@KRB4_FALSE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \ -@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la -kadmind_LDFLAGS = -kadmin_OBJECTS = ank.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \ +am_add_random_users_OBJECTS = add-random-users.$(OBJEXT) +add_random_users_OBJECTS = $(am_add_random_users_OBJECTS) +add_random_users_DEPENDENCIES = \ +$(top_builddir)/lib/kadm5/libkadm5clnt.la \ +$(top_builddir)/lib/kadm5/libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la +add_random_users_LDFLAGS = +am_kadmin_OBJECTS = ank.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \ del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) get.$(OBJEXT) \ init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) mod.$(OBJEXT) \ rename.$(OBJEXT) util.$(OBJEXT) random_password.$(OBJEXT) +kadmin_OBJECTS = $(am_kadmin_OBJECTS) kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/sl/libsl.la $(top_builddir)/lib/hdb/libhdb.la \ -$(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la \ -$(top_builddir)/lib/asn1/libasn1.la +$(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la kadmin_LDFLAGS = -CFLAGS = @CFLAGS@ +@KRB4_FALSE@am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \ +@KRB4_FALSE@kadm_conn.$(OBJEXT) +@KRB4_TRUE@am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \ +@KRB4_TRUE@version4.$(OBJEXT) kadm_conn.$(OBJEXT) +kadmind_OBJECTS = $(am_kadmind_OBJECTS) +@KRB4_FALSE@kadmind_DEPENDENCIES = \ +@KRB4_FALSE@$(top_builddir)/lib/kadm5/libkadm5srv.la \ +@KRB4_FALSE@$(top_builddir)/lib/hdb/libhdb.la \ +@KRB4_FALSE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_TRUE@kadmind_DEPENDENCIES = \ +@KRB4_TRUE@$(top_builddir)/lib/kadm5/libkadm5srv.la \ +@KRB4_TRUE@$(top_builddir)/lib/hdb/libhdb.la \ +@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la +kadmind_LDFLAGS = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) \ +$(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES) +man8dir = $(mandir)/man8 +MANS = $(man_MANS) +depcomp = DIST_COMMON = ChangeLog Makefile.am Makefile.in -DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -TAR = tar GZIP_ENV = --best -SOURCES = $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES) $(kadmin_SOURCES) -OBJECTS = $(kadmind_OBJECTS) $(kadmin_OBJECTS) +SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES) +OBJECTS = $(am_add_random_users_OBJECTS) $(am_kadmin_OBJECTS) $(am_kadmind_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x +.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile @@ -277,17 +354,29 @@ install-libexecPROGRAMS: $(libexec_PROGRAMS) $(mkinstalldirs) $(DESTDIR)$(libexecdir) @list='$(libexec_PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ - $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \ else :; fi; \ done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - list='$(libexec_PROGRAMS)'; for p in $$list; do \ - rm -f $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ done +mostlyclean-noinstPROGRAMS: + +clean-noinstPROGRAMS: + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) + +distclean-noinstPROGRAMS: + +maintainer-clean-noinstPROGRAMS: + mostlyclean-sbinPROGRAMS: clean-sbinPROGRAMS: @@ -302,31 +391,20 @@ install-sbinPROGRAMS: $(sbin_PROGRAMS) $(mkinstalldirs) $(DESTDIR)$(sbindir) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ - $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(sbindir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(sbindir)/$$f; \ else :; fi; \ done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - list='$(sbin_PROGRAMS)'; for p in $$list; do \ - rm -f $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \ + rm -f $(DESTDIR)$(sbindir)/$$f; \ done -.c.o: - $(COMPILE) -c $< - -# FIXME: We should only use cygpath when building on Windows, -# and only if it is available. -.c.obj: - $(COMPILE) -c `cygpath -w $<` - -.s.o: - $(COMPILE) -c $< - -.S.o: - $(COMPILE) -c $< - mostlyclean-compile: -rm -f *.o core *.core -rm -f *.$(OBJEXT) @@ -338,15 +416,6 @@ distclean-compile: maintainer-clean-compile: -.c.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - -.s.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - -.S.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - mostlyclean-libtool: -rm -f *.lo @@ -357,33 +426,88 @@ distclean-libtool: maintainer-clean-libtool: -kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) - @rm -f kadmind$(EXEEXT) - $(LINK) $(kadmind_LDFLAGS) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS) +add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) + @rm -f add_random_users$(EXEEXT) + $(LINK) $(add_random_users_LDFLAGS) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS) kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES) @rm -f kadmin$(EXEEXT) $(LINK) $(kadmin_LDFLAGS) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS) +kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) + @rm -f kadmind$(EXEEXT) + $(LINK) $(kadmind_LDFLAGS) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +install-man8: + $(mkinstalldirs) $(DESTDIR)$(man8dir) + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \ + done + +uninstall-man8: + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \ + rm -f $(DESTDIR)$(man8dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man8 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man8 + tags: TAGS -ID: $(HEADERS) $(SOURCES) $(LISP) - list='$(SOURCES) $(HEADERS)'; \ - unique=`for i in $$list; do echo $$i; done | \ - awk ' { files[$$0] = 1; } \ +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - here=`pwd` && cd $(srcdir) \ - && mkid -f$$here/ID $$unique $(LISP) + mkid -fID $$unique $(LISP) -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS)'; \ - unique=`for i in $$list; do echo $$i; done | \ - awk ' { files[$$0] = 1; } \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ - || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) mostlyclean-tags: @@ -396,17 +520,16 @@ maintainer-clean-tags: distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) -subdir = kadmin - distdir: $(DISTFILES) @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ - cp -pr $$/$$file $(distdir)/$$file; \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ else \ test -f $(distdir)/$$file \ - || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ - || cp -p $$d/$$file $(distdir)/$$file || :; \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook @@ -424,20 +547,22 @@ install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-exec: install-exec-am -install-data-am: install-data-local +install-data-am: install-man install-data-local install-data: install-data-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am install: install-am -uninstall-am: uninstall-libexecPROGRAMS uninstall-sbinPROGRAMS +uninstall-am: uninstall-libexecPROGRAMS uninstall-sbinPROGRAMS \ + uninstall-man uninstall: uninstall-am -all-am: Makefile $(PROGRAMS) all-local +all-am: Makefile $(PROGRAMS) $(MANS) all-local all-redirect: all-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install installdirs: - $(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) \ + $(DESTDIR)$(mandir)/man8 mostlyclean-generic: @@ -449,25 +574,30 @@ distclean-generic: -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: -mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-sbinPROGRAMS \ - mostlyclean-compile mostlyclean-libtool \ - mostlyclean-tags mostlyclean-generic + -rm -f Makefile.in +mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-noinstPROGRAMS \ + mostlyclean-sbinPROGRAMS mostlyclean-compile \ + mostlyclean-libtool mostlyclean-tags \ + mostlyclean-generic mostlyclean: mostlyclean-am -clean-am: clean-libexecPROGRAMS clean-sbinPROGRAMS clean-compile \ - clean-libtool clean-tags clean-generic mostlyclean-am +clean-am: clean-libexecPROGRAMS clean-noinstPROGRAMS clean-sbinPROGRAMS \ + clean-compile clean-libtool clean-tags clean-generic \ + mostlyclean-am clean: clean-am -distclean-am: distclean-libexecPROGRAMS distclean-sbinPROGRAMS \ - distclean-compile distclean-libtool distclean-tags \ - distclean-generic clean-am +distclean-am: distclean-libexecPROGRAMS distclean-noinstPROGRAMS \ + distclean-sbinPROGRAMS distclean-compile \ + distclean-libtool distclean-tags distclean-generic \ + clean-am -rm -f libtool distclean: distclean-am maintainer-clean-am: maintainer-clean-libexecPROGRAMS \ + maintainer-clean-noinstPROGRAMS \ maintainer-clean-sbinPROGRAMS maintainer-clean-compile \ maintainer-clean-libtool maintainer-clean-tags \ maintainer-clean-generic distclean-am @@ -479,18 +609,21 @@ maintainer-clean: maintainer-clean-am .PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \ clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \ uninstall-libexecPROGRAMS install-libexecPROGRAMS \ +mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \ +clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \ mostlyclean-sbinPROGRAMS distclean-sbinPROGRAMS clean-sbinPROGRAMS \ maintainer-clean-sbinPROGRAMS uninstall-sbinPROGRAMS \ install-sbinPROGRAMS mostlyclean-compile distclean-compile \ clean-compile maintainer-clean-compile mostlyclean-libtool \ -distclean-libtool clean-libtool maintainer-clean-libtool tags \ -mostlyclean-tags distclean-tags clean-tags maintainer-clean-tags \ -distdir info-am info dvi-am dvi check-local check check-am \ -installcheck-am installcheck install-exec-am install-exec \ -install-data-local install-data-am install-data install-am install \ -uninstall-am uninstall all-local all-redirect all-am all installdirs \ -mostlyclean-generic distclean-generic clean-generic \ -maintainer-clean-generic clean mostlyclean distclean maintainer-clean +distclean-libtool clean-libtool maintainer-clean-libtool install-man8 \ +uninstall-man8 install-man uninstall-man tags mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check-local check check-am installcheck-am installcheck \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-local \ +all-redirect all-am all install-strip installdirs mostlyclean-generic \ +distclean-generic clean-generic maintainer-clean-generic clean \ +mostlyclean distclean maintainer-clean install-suid-programs: @@ -498,7 +631,10 @@ install-suid-programs: for file in $$foo; do \ x=$(DESTDIR)$(bindir)/$$file; \ if chown 0:0 $$x && chmod u+s $$x; then :; else \ - chmod 0 $$x; fi; done + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done install-exec-hook: install-suid-programs @@ -510,8 +646,8 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ) else file="$$f"; fi; \ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ : ; else \ - echo " cp $$file $(buildinclude)/$$f"; \ - cp $$file $(buildinclude)/$$f; \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ fi ; \ done @@ -580,87 +716,8 @@ dist-cat8-mans: dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans -install-cat1-mans: - @ext=1;\ - foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat1dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat3-mans: - @ext=3;\ - foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat3dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat5-mans: - @ext=5;\ - foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat5dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat8-mans: - @ext=8;\ - foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat8dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) install-data-local: install-cat-mans diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c new file mode 100644 index 0000000..24cde70 --- /dev/null +++ b/crypto/heimdal/kadmin/add-random-users.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +RCSID("$Id: add-random-users.c,v 1.2 2000/12/31 07:43:39 assar Exp $"); + +#define WORDS_FILENAME "/usr/share/dict/words" + +#define NUSERS 1000 + +static unsigned +read_words (const char *filename, char ***ret_w) +{ + unsigned n, alloc; + FILE *f; + char buf[256]; + char **w = NULL; + + f = fopen (filename, "r"); + if (f == NULL) + err (1, "cannot open %s", filename); + alloc = n = 0; + while (fgets (buf, sizeof(buf), f) != NULL) { + if (buf[strlen (buf) - 1] == '\n') + buf[strlen (buf) - 1] = '\0'; + if (n >= alloc) { + alloc += 16; + w = erealloc (w, alloc * sizeof(char **)); + } + w[n++] = estrdup (buf); + } + *ret_w = w; + return n; +} + +static void +add_user (krb5_context context, void *kadm_handle, + unsigned nwords, char **words) +{ + kadm5_principal_ent_rec princ; + char name[64]; + int r1, r2; + krb5_error_code ret; + int mask; + + r1 = rand(); + r2 = rand(); + + snprintf (name, sizeof(name), "%s%d", words[r1 % nwords], r2 % 1000); + + mask = KADM5_PRINCIPAL; + + memset(&princ, 0, sizeof(princ)); + ret = krb5_parse_name(context, name, &princ.principal); + if (ret) + krb5_err(context, 1, ret, "krb5_parse_name"); + + ret = kadm5_create_principal (kadm_handle, &princ, mask, name); + if (ret) + krb5_err (context, 1, ret, "kadm5_create_principal"); + kadm5_free_principal_ent(kadm_handle, &princ); + printf ("%s\n", name); +} + +static void +add_users (unsigned n) +{ + krb5_error_code ret; + int i; + void *kadm_handle; + krb5_context context; + unsigned nwords; + char **words; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + ret = kadm5_s_init_with_password_ctx(context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + NULL, 0, 0, + &kadm_handle); + if(ret) + krb5_err(context, 1, ret, "kadm5_init_with_password"); + + nwords = read_words (WORDS_FILENAME, &words); + + for (i = 0; i < n; ++i) + add_user (context, kadm_handle, nwords, words); + kadm5_destroy(kadm_handle); + krb5_free_context(context); +} + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + NULL); + exit (ret); +} + +int +main(int argc, char **argv) +{ + int optind = 0; + + set_progname(argv[0]); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + if (help_flag) + usage (0); + srand (0); + add_users (NUSERS); + return 0; +} diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c index 7068912..129ee66 100644 --- a/crypto/heimdal/kadmin/ank.c +++ b/crypto/heimdal/kadmin/ank.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: ank.c,v 1.19 1999/12/02 17:04:57 joda Exp $"); +RCSID("$Id: ank.c,v 1.21 2000/09/10 19:16:39 joda Exp $"); /* * fetch the default principal corresponding to `princ' @@ -68,6 +68,7 @@ add_one_principal (const char *name, int rand_key, int rand_password, char *password, + krb5_key_data *key_data, const char *max_ticket_life, const char *max_renewable_life, const char *attributes, @@ -108,7 +109,7 @@ add_one_principal (const char *name, } edit_entry(&princ, &mask, default_ent, default_mask); - if(rand_key) { + if(rand_key || key_data) { princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; mask |= KADM5_ATTRIBUTES; strlcpy (pwbuf, "hemlig", sizeof(pwbuf)); @@ -152,6 +153,17 @@ add_one_principal (const char *name, kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES | KADM5_KVNO); kadm5_free_principal_ent(kadm_handle, &princ); + } else if (key_data) { + ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent, + 3, key_data); + if (ret) { + krb5_warn(context, ret, "kadm5_chpass_principal_with_key"); + } + kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_ATTRIBUTES); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES); + kadm5_free_principal_ent(kadm_handle, &princ); } else if (rand_password) { char *princ_name; @@ -170,6 +182,10 @@ out: } /* + * parse the string `key_string' into `key', returning 0 iff succesful. + */ + +/* * the ank command */ @@ -177,6 +193,7 @@ static struct getargs args[] = { { "random-key", 'r', arg_flag, NULL, "set random key" }, { "random-password", 0, arg_flag, NULL, "set random password" }, { "password", 'p', arg_string, NULL, "princial's password" }, + { "key", 0, arg_string, NULL, "DES-key in hex" }, { "max-ticket-life", 0, arg_string, NULL, "max ticket lifetime", "lifetime"}, { "max-renewable-life", 0, arg_string, NULL, @@ -194,7 +211,7 @@ static int num_args = sizeof(args) / sizeof(args[0]); static void usage(void) { - arg_printusage (args, num_args, "ank", "principal"); + arg_printusage (args, num_args, "add", "principal..."); } /* @@ -205,6 +222,7 @@ int add_new_key(int argc, char **argv) { char *password = NULL; + char *key = NULL; int random_key = 0; int random_password = 0; int optind = 0; @@ -216,15 +234,18 @@ add_new_key(int argc, char **argv) char *pw_expiration = NULL; int i; int num; + krb5_key_data key_data[3]; + krb5_key_data *kdp = NULL; args[0].value = &random_key; args[1].value = &random_password; args[2].value = &password; - args[3].value = &max_ticket_life; - args[4].value = &max_renewable_life; - args[5].value = &attributes; - args[6].value = &expiration; - args[7].value = &pw_expiration; + args[3].value = &key; + args[4].value = &max_ticket_life; + args[5].value = &max_renewable_life; + args[6].value = &attributes; + args[7].value = &expiration; + args[8].value = &pw_expiration; if(getarg(args, num_args, argc, argv, &optind)) { usage (); @@ -242,16 +263,29 @@ add_new_key(int argc, char **argv) ++num; if (password) ++num; + if (key) + ++num; if (num > 1) { printf ("give only one of " - "--random-key, --random-password, --password\n"); + "--random-key, --random-password, --password, --key\n"); return 0; } + if (key) { + const char *error; + + if (parse_des_key (key, key_data, &error)) { + printf ("failed parsing key `%s': %s\n", key, error); + return 0; + } + kdp = key_data; + } + for (i = optind; i < argc; ++i) { ret = add_one_principal (argv[i], random_key, random_password, password, + kdp, max_ticket_life, max_renewable_life, attributes, @@ -262,5 +296,9 @@ add_new_key(int argc, char **argv) break; } } + if (kdp) { + int16_t dummy = 3; + kadm5_free_key_data (kadm_handle, &dummy, key_data); + } return 0; } diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c index 2bd71a7..3abc1d1 100644 --- a/crypto/heimdal/kadmin/cpw.c +++ b/crypto/heimdal/kadmin/cpw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,18 +33,20 @@ #include "kadmin_locl.h" -RCSID("$Id: cpw.c,v 1.9 1999/12/02 17:04:57 joda Exp $"); +RCSID("$Id: cpw.c,v 1.11 2000/04/12 10:45:54 assar Exp $"); struct cpw_entry_data { int random_key; int random_password; char *password; + krb5_key_data *key_data; }; static struct getargs args[] = { { "random-key", 'r', arg_flag, NULL, "set random key" }, { "random-password", 0, arg_flag, NULL, "set random password" }, { "password", 'p', arg_string, NULL, "princial's password" }, + { "key", 0, arg_string, NULL, "DES key in hex" } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -119,6 +121,16 @@ set_password (krb5_principal principal, char *password) } static int +set_key_data (krb5_principal principal, krb5_key_data *key_data) +{ + krb5_error_code ret; + + ret = kadm5_chpass_principal_with_key (kadm_handle, principal, + 3, key_data); + return ret; +} + +static int do_cpw_entry(krb5_principal principal, void *data) { struct cpw_entry_data *e = data; @@ -127,6 +139,8 @@ do_cpw_entry(krb5_principal principal, void *data) return set_random_key (principal); else if (e->random_password) return set_random_password (principal); + else if (e->key_data) + return set_key_data (principal, e->key_data); else return set_password (principal, e->password); } @@ -139,14 +153,20 @@ cpw_entry(int argc, char **argv) int optind = 0; struct cpw_entry_data data; int num; + char *key_string; + krb5_key_data key_data[3]; data.random_key = 0; data.random_password = 0; data.password = NULL; + data.key_data = NULL; + + key_string = NULL; args[0].value = &data.random_key; args[1].value = &data.random_password; args[2].value = &data.password; + args[3].value = &key_string; if(getarg(args, num_args, argc, argv, &optind)){ usage(); return 0; @@ -159,19 +179,35 @@ cpw_entry(int argc, char **argv) ++num; if (data.password) ++num; + if (key_string) + ++num; if (num > 1) { printf ("give only one of " - "--random-key, --random-password, --password\n"); + "--random-key, --random-password, --password, --key\n"); return 0; } + if (key_string) { + const char *error; + + if (parse_des_key (key_string, key_data, &error)) { + printf ("failed parsing key `%s': %s\n", key_string, error); + return 0; + } + data.key_data = key_data; + } + argc -= optind; argv += optind; for(i = 0; i < argc; i++) ret = foreach_principal(argv[i], do_cpw_entry, &data); + if (data.key_data) { + int16_t dummy; + kadm5_free_key_data (kadm_handle, &dummy, key_data); + } + return 0; } - diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c index 39ee24e..9d7e91b 100644 --- a/crypto/heimdal/kadmin/del.c +++ b/crypto/heimdal/kadmin/del.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1998, 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: del.c,v 1.4 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: del.c,v 1.5 2000/09/10 19:17:00 joda Exp $"); static int do_del_entry(krb5_principal principal, void *data) @@ -41,12 +41,39 @@ do_del_entry(krb5_principal principal, void *data) return kadm5_delete_principal(kadm_handle, principal); } +static struct getargs args[] = { + { "help", 'h', arg_flag, NULL } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(void) +{ + arg_printusage (args, num_args, "delete", "principal..."); +} + + int del_entry(int argc, char **argv) { + int optind = 0; + int help_flag = 0; + int i; krb5_error_code ret; + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + usage (); + return 0; + } + if(optind == argc || help_flag) { + usage (); + return 0; + } + for(i = 1; i < argc; i++) ret = foreach_principal(argv[i], do_del_entry, NULL); return 0; diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c index d772b65..1333a4d 100644 --- a/crypto/heimdal/kadmin/del_enctype.c +++ b/crypto/heimdal/kadmin/del_enctype.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,21 +33,31 @@ #include "kadmin_locl.h" -RCSID("$Id: del_enctype.c,v 1.4 1999/12/14 02:37:49 assar Exp $"); +RCSID("$Id: del_enctype.c,v 1.6 2000/09/10 19:17:23 joda Exp $"); + +/* + * del_enctype principal enctypes... + */ + +static struct getargs args[] = { + { "help", 'h', arg_flag, NULL } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); static void usage(void) { - fprintf (stderr, "Usage: del_enctype principal enctypes...\n"); + arg_printusage (args, num_args, "del_enctype", "principal enctypes..."); } -/* - * del_enctype principal enctypes... - */ int del_enctype(int argc, char **argv) { + int optind = 0; + int help_flag = 0; + kadm5_principal_ent_rec princ; krb5_principal princ_ent = NULL; krb5_error_code ret; @@ -57,7 +67,13 @@ del_enctype(int argc, char **argv) int n_etypes; krb5_enctype *etypes; - if (argc < 3) { + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + usage (); + return 0; + } + if(argc - optind < 3 || help_flag) { usage (); return 0; } @@ -110,7 +126,7 @@ del_enctype(int argc, char **argv) if (docopy) { new_key_data[j++] = *key; } else { - int16_t ignore; + int16_t ignore = 1; kadm5_free_key_data (kadm_handle, &ignore, key); } diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c index 1492ca9..7ecea7c 100644 --- a/crypto/heimdal/kadmin/get.c +++ b/crypto/heimdal/kadmin/get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <parse_units.h> -RCSID("$Id: get.c,v 1.8 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: get.c,v 1.12 2000/12/15 14:24:24 joda Exp $"); struct get_entry_data { void (*header)(void); @@ -102,11 +102,27 @@ print_entry_short(kadm5_principal_ent_t princ) printf("\n"); } +/* + * return 0 iff `salt' actually is the same as the current salt in `k' + */ + +static int +cmp_salt (const krb5_salt *salt, const krb5_key_data *k) +{ + if (salt->salttype != k->key_data_type[1]) + return 1; + if (salt->saltvalue.length != k->key_data_length[1]) + return 1; + return memcmp (salt->saltvalue.data, k->key_data_contents[1], + salt->saltvalue.length); +} + static void print_entry_long(kadm5_principal_ent_t princ) { char buf[1024]; int i; + krb5_salt def_salt; krb5_unparse_name_fixed(context, princ->principal, buf, sizeof(buf)); printf("%24s: %s\n", "Principal", buf); @@ -134,17 +150,21 @@ print_entry_long(kadm5_principal_ent_t princ) printf("%24s: %d\n", "Failed login count", princ->fail_auth_count); time_t2str(princ->mod_date, buf, sizeof(buf), 1); printf("%24s: %s\n", "Last modified", buf); - krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf)); - printf("%24s: %s\n", "Modifier", buf); + if(princ->mod_name != NULL) { + krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf)); + printf("%24s: %s\n", "Modifier", buf); + } attributes2str (princ->attributes, buf, sizeof(buf)); printf("%24s: %s\n", "Attributes", buf); - printf("%24s: ", "Keytypes(salts)"); + printf("%24s: ", "Keytypes(salttype[(salt-value)])"); + + krb5_get_pw_salt (context, princ->principal, &def_salt); for (i = 0; i < princ->n_key_data; ++i) { krb5_key_data *k = &princ->key_data[i]; krb5_error_code ret; - char *e_string, *s_string; + char *e_string, *s_string, *salt; ret = krb5_enctype_to_string (context, k->key_data_type[0], @@ -159,10 +179,21 @@ print_entry_long(kadm5_principal_ent_t princ) if (ret) asprintf (&s_string, "unknown(%d)", k->key_data_type[1]); - printf ("%s%s(%s)", (i != 0) ? ", " : "", e_string, s_string); + if (cmp_salt(&def_salt, k) == 0) + salt = strdup(""); + else if(k->key_data_length[1] == 0) + salt = strdup("()"); + else + asprintf (&salt, "(%.*s)", k->key_data_length[1], + (char *)k->key_data_contents[1]); + + + printf ("%s%s(%s%s)", (i != 0) ? ", " : "", e_string, s_string, salt); free (e_string); free (s_string); + free (salt); } + krb5_free_salt (context, def_salt); printf("\n\n"); } @@ -190,37 +221,49 @@ do_get_entry(krb5_principal principal, void *data) return 0; } -int -get_entry(int argc, char **argv) +static int +getit(const char *name, int terse_flag, int argc, char **argv) { int i; krb5_error_code ret; struct get_entry_data data; struct getargs args[] = { { "long", 'l', arg_flag, NULL, "long format" }, + { "short", 's', arg_flag, NULL, "short format" }, { "terse", 't', arg_flag, NULL, "terse format" }, }; int num_args = sizeof(args) / sizeof(args[0]); int optind = 0; - int long_flag = 0; - int terse_flag = 0; + int long_flag = -1; + int short_flag = -1; args[0].value = &long_flag; - args[1].value = &terse_flag; + args[1].value = &short_flag; + args[2].value = &terse_flag; + if(getarg(args, num_args, argc, argv, &optind)) goto usage; if(optind == argc) goto usage; + if(long_flag == -1 && (short_flag == 1 || terse_flag == 1)) + long_flag = 0; + if(short_flag == -1 && (long_flag == 1 || terse_flag == 1)) + short_flag = 0; + if(terse_flag == -1 && (long_flag == 1 || short_flag == 1)) + terse_flag = 0; + if(long_flag == 0 && short_flag == 0 && terse_flag == 0) + short_flag = 1; + if(long_flag) { data.format = print_entry_long; data.header = NULL; + } else if(short_flag){ + data.format = print_entry_short; + data.header = print_header_short; } else if(terse_flag) { data.format = print_entry_terse; data.header = NULL; - } else { - data.format = print_entry_short; - data.header = print_header_short; } argc -= optind; @@ -230,21 +273,18 @@ get_entry(int argc, char **argv) ret = foreach_principal(argv[i], do_get_entry, &data); return 0; usage: - arg_printusage (args, num_args, "get", "principal..."); + arg_printusage (args, num_args, name, "principal..."); return 0; } int -list_princs(int argc, char **argv) +get_entry(int argc, char **argv) { - int i; - krb5_error_code ret; - struct get_entry_data data; + return getit("get", 0, argc, argv); +} - data.format = print_entry_terse; - data.header = NULL; - - for(i = 1; i < argc; i++) - ret = foreach_principal(argv[i], do_get_entry, &data); - return 0; +int +list_princs(int argc, char **argv) +{ + return getit("list", 1, argc, argv); } diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c index b889131..2391a08 100644 --- a/crypto/heimdal/kadmin/init.c +++ b/crypto/heimdal/kadmin/init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <kadm5/private.h> -RCSID("$Id: init.c,v 1.23 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: init.c,v 1.27 2000/09/10 19:20:16 joda Exp $"); static kadm5_ret_t create_random_entry(krb5_principal princ, @@ -97,7 +97,7 @@ static int num_args = sizeof(args) / sizeof(args[0]); static void usage(void) { - arg_printusage (args, num_args, "ank", "principal"); + arg_printusage (args, num_args, "init", "realm..."); } int @@ -119,6 +119,11 @@ init(int argc, char **argv) return 0; } + if(argc - optind < 1) { + usage(); + return 0; + } + if (realm_max_life) { if (str2deltat (realm_max_life, &max_life) != 0) { krb5_warnx (context, "unable to parse `%s'", realm_max_life); @@ -145,7 +150,8 @@ init(int argc, char **argv) const char *realm = argv[i]; /* Create `krbtgt/REALM' */ - krb5_make_principal(context, &princ, realm, "krbtgt", realm, NULL); + krb5_make_principal(context, &princ, realm, + KRB5_TGS_NAME, realm, NULL); if (realm_max_life == NULL) { max_life = 0; edit_deltat ("Realm max ticket life", &max_life, NULL, 0); @@ -180,7 +186,18 @@ init(int argc, char **argv) /* Create `changepw/kerberos' (for v4 compat) */ krb5_make_principal(context, &princ, realm, "changepw", "kerberos", NULL); - create_random_entry(princ, 60*60, 60*60, 0); + create_random_entry(princ, 60*60, 60*60, + KRB5_KDB_DISALLOW_TGT_BASED| + KRB5_KDB_PWCHANGE_SERVICE); + + krb5_free_principal(context, princ); + + /* Create `kadmin/hprop' for database propagation */ + krb5_make_principal(context, &princ, realm, + "kadmin", "hprop", NULL); + create_random_entry(princ, 60*60, 60*60, + KRB5_KDB_REQUIRES_PRE_AUTH| + KRB5_KDB_DISALLOW_TGT_BASED); krb5_free_principal(context, princ); /* Create `default' */ diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c new file mode 100644 index 0000000..28bf177 --- /dev/null +++ b/crypto/heimdal/kadmin/kadm_conn.c @@ -0,0 +1,288 @@ +/* + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif + +RCSID("$Id: kadm_conn.c,v 1.11 2001/01/29 08:43:01 assar Exp $"); + +struct kadm_port { + char *port; + unsigned short def_port; + struct kadm_port *next; +} *kadm_ports; + +static void +add_kadm_port(krb5_context context, const char *service, unsigned int port) +{ + struct kadm_port *p; + p = malloc(sizeof(*p)); + if(p == NULL) { + krb5_warnx(context, "failed to allocate %lu bytes\n", + (unsigned long)sizeof(*p)); + return; + } + + p->port = strdup(service); + p->def_port = port; + + p->next = kadm_ports; + kadm_ports = p; +} + +static void +add_standard_ports (krb5_context context) +{ + add_kadm_port(context, "kerberos-adm", 749); +#ifdef KRB4 + add_kadm_port(context, "kerberos-master", 751); +#endif +} + +/* + * parse the set of space-delimited ports in `str' and add them. + * "+" => all the standard ones + * otherwise it's port|service[/protocol] + */ + +void +parse_ports(krb5_context context, const char *str) +{ + char p[128]; + + while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) { + if(strcmp(p, "+") == 0) + add_standard_ports(context); + else + add_kadm_port(context, p, 0); + } +} + +static pid_t pgrp; +sig_atomic_t term_flag, doing_useful_work; + +static RETSIGTYPE +sigchld(int sig) +{ + int status; + waitpid(-1, &status, 0); + SIGRETURN(0); +} + +static RETSIGTYPE +terminate(int sig) +{ + if(getpid() == pgrp) { + /* parent */ + term_flag = 1; + signal(sig, SIG_IGN); + killpg(pgrp, sig); + } else { + /* child */ + if(doing_useful_work) + term_flag = 1; + else + exit(0); + } + SIGRETURN(0); +} + +static int +spawn_child(krb5_context context, int *socks, int num_socks, int this_sock) +{ + int e, i; + struct sockaddr_storage __ss; + struct sockaddr *sa = (struct sockaddr *)&__ss; + socklen_t sa_size = sizeof(__ss); + int s; + pid_t pid; + krb5_address addr; + char buf[128]; + size_t buf_len; + + s = accept(socks[this_sock], sa, &sa_size); + if(s < 0) { + krb5_warn(context, errno, "accept"); + return 1; + } + e = krb5_sockaddr2address(sa, &addr); + if(e) + krb5_warn(context, e, "krb5_sockaddr2address"); + else { + e = krb5_print_address (&addr, buf, sizeof(buf), + &buf_len); + if(e) + krb5_warn(context, e, "krb5_sockaddr2address"); + else + krb5_warnx(context, "connection from %s", buf); + krb5_free_address(context, &addr); + } + + pid = fork(); + if(pid == 0) { + for(i = 0; i < num_socks; i++) + close(socks[i]); + dup2(s, STDIN_FILENO); + dup2(s, STDOUT_FILENO); + if(s != STDIN_FILENO && s != STDOUT_FILENO) + close(s); + return 0; + } else { + close(s); + } + return 1; +} + +static int +wait_for_connection(krb5_context context, + int *socks, int num_socks) +{ + int i, e; + fd_set orig_read_set, read_set; + int max_fd = -1; + + FD_ZERO(&orig_read_set); + + for(i = 0; i < num_socks; i++) { + if (socks[i] >= FD_SETSIZE) + errx (1, "fd too large"); + FD_SET(socks[i], &orig_read_set); + max_fd = max(max_fd, socks[i]); + } + + pgrp = getpid(); + + if(setpgid(0, pgrp) < 0) + err(1, "setpgid"); + + signal(SIGTERM, terminate); + signal(SIGINT, terminate); + signal(SIGCHLD, sigchld); + + while (term_flag == 0) { + read_set = orig_read_set; + e = select(max_fd + 1, &read_set, NULL, NULL, NULL); + if(e < 0) { + if(errno != EINTR) + krb5_warn(context, errno, "select"); + } else if(e == 0) + krb5_warnx(context, "select returned 0"); + else { + for(i = 0; i < num_socks; i++) { + if(FD_ISSET(socks[i], &read_set)) + if(spawn_child(context, socks, num_socks, i) == 0) + return 0; + } + } + } + signal(SIGCHLD, SIG_IGN); + while(1) { + int status; + pid_t pid; + pid = waitpid(-1, &status, 0); + if(pid == -1 && errno == ECHILD) + break; + } + exit(0); +} + + +int +start_server(krb5_context context) +{ + int e; + struct kadm_port *p; + + int *socks = NULL, *tmp; + int num_socks = 0; + int i; + + for(p = kadm_ports; p; p = p->next) { + struct addrinfo hints, *ai, *ap; + char portstr[32]; + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_socktype = SOCK_STREAM; + + e = getaddrinfo(NULL, p->port, &hints, &ai); + if(e) { + snprintf(portstr, sizeof(portstr), "%u", p->def_port); + e = getaddrinfo(NULL, portstr, &hints, &ai); + } + + if(e) { + krb5_warn(context, krb5_eai_to_heim_errno(e), "%s", portstr); + continue; + } + i = 0; + for(ap = ai; ap; ap = ap->ai_next) + i++; + tmp = realloc(socks, (num_socks + i) * sizeof(*socks)); + if(tmp == NULL) { + krb5_warnx(context, "failed to reallocate %lu bytes", + (unsigned long)(num_socks + i) * sizeof(*socks)); + continue; + } + socks = tmp; + for(ap = ai; ap; ap = ap->ai_next) { + int one = 1; + int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); + if(s < 0) { + krb5_warn(context, errno, "socket"); + continue; + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)) < 0) + krb5_warn(context, errno, "setsockopt"); +#endif + if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) { + krb5_warn(context, errno, "bind"); + close(s); + continue; + } + if (listen (s, SOMAXCONN) < 0) { + krb5_warn(context, errno, "listen"); + close(s); + continue; + } + socks[num_socks++] = s; + } + freeaddrinfo (ai); + } + if(num_socks == 0) + krb5_errx(context, 1, "no sockets to listen to - exiting"); + return wait_for_connection(context, socks, num_socks); +} diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8 new file mode 100644 index 0000000..bfb4cfc --- /dev/null +++ b/crypto/heimdal/kadmin/kadmin.8 @@ -0,0 +1,239 @@ +.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $ +.\" +.Dd September 10, 2000 +.Dt KADMIN 8 +.Os HEIMDAL +.Sh NAME +.Nm kadmin +.Nd +Kerberos administration utility +.Sh SYNOPSIS +.Nm +.Oo Fl p Ar string \*(Ba Xo +.Fl -principal= Ns Ar string Oc +.Xc +.Oo Fl c Ar file \*(Ba Xo +.Fl -config-file= Ns Ar file Oc +.Xc +.Oo Fl k Ar file \*(Ba Xo +.Fl -key-file= Ns Ar file Oc +.Xc +.Oo Fl r Ar realm \*(Ba Xo +.Fl -realm= Ns Ar realm Oc +.Xc +.Oo Fl a Ar host \*(Ba Xo +.Fl -admin-server= Ns Ar host Oc +.Xc +.Oo Fl s Ar port number \*(Ba Xo +.Fl -server-port= Ns Ar port number Oc +.Xc +.Op Fl l | Fl -local +.Op Fl h | Fl -help +.Op Fl v | Fl -version +.Op Ar command +.Sh DESCRIPTION +The +.Nm +program is used to make modification to the Kerberos database, either remotely via the +.Xr kadmind 8 +daemon, or locally (with the +.Fl l +option). +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl p Ar string Ns , +.Fl -principal= Ns Ar string +.Xc +principal to authenticate as +.It Xo +.Fl c Ar file Ns , +.Fl -config-file= Ns Ar file +.Xc +location of config file +.It Xo +.Fl k Ar file Ns , +.Fl -key-file= Ns Ar file +.Xc +location of master key file +.It Xo +.Fl r Ar realm Ns , +.Fl -realm= Ns Ar realm +.Xc +realm to use +.It Xo +.Fl a Ar host Ns , +.Fl -admin-server= Ns Ar host +.Xc +server to contact +.It Xo +.Fl s Ar port number Ns , +.Fl -server-port= Ns Ar port number +.Xc +port to use +.It Xo +.Fl l Ns , +.Fl -local +.Xc +local admin mode +.El +.Pp +If no +.Ar command +is given on the command line, +.Nm +will prompt for commands to process. Commands include: +.\" not using a list here, since groff apparently gets confused +.\" with nested Xo/Xc +.Bd -ragged -offset indent +.Nm add +.Op Fl r | Fl -random-key +.Op Fl -random-password +.Oo Fl p Ar string \*(Ba Xo +.Fl -password= Ns Ar string Oc +.Xc +.Op Fl -key= Ns Ar string +.Op Fl -max-ticket-life= Ns Ar lifetime +.Op Fl -max-renewable-life= Ns Ar lifetime +.Op Fl -attributes= Ns Ar attributes +.Op Fl -expiration-time= Ns Ar time +.Op Fl -pw-expiration-time= Ns Ar time +.Ar principal... +.Pp +.Bd -filled -offset indent +creates a new principal +.Ed +.Pp +.Nm passwd +.Op Fl r | Fl -random-key +.Op Fl -random-password +.Oo Fl p Ar string \*(Ba Xo +.Fl -password= Ns Ar string Oc +.Xc +.Op Fl -key= Ns Ar string +.Ar principal... +.Pp +.Bd -filled -offset indent +changes the password of an existing principal +.Ed +.Pp +.Nm delete +.Ar principal... +.Pp +.Bd -filled -offset indent +removes a principal +.Ed +.Pp +.Nm del_enctype +.Ar principal enctypes... +.Pp +.Bd -filled -offset indent +removes some enctypes from a principal, this can be useful the service +belonging to the principal is known to not handle certain enctypes +.Ed +.Pp +.Nm ext_keytab +.Oo Fl k Ar string \*(Ba Xo +.Fl -keytab= Ns Ar string Oc +.Xc +.Ar principal... +.Pp +.Bd -filled -offset indent +creates a keytab with the keys of the specified principals +.Ed +.Pp +.Nm get +.Op Fl l | Fl -long +.Op Fl s | Fl -short +.Op Fl t | Fl -terse +.Ar expression... +.Pp +.Bd -filled -offset indent +lists the principals that match the expressions (which are shell glob +like), long format gives more information, and terse just prints the +names +.Ed +.Pp +.Nm rename +.Ar from to +.Pp +.Bd -filled -offset indent +renames a principal +.Ed +.Pp +.Nm modify +.Oo Fl a Ar attributes \*(Ba Xo +.Fl -attributes= Ns Ar attributes Oc +.Xc +.Op Fl -max-ticket-life= Ns Ar lifetime +.Op Fl -max-renewable-life= Ns Ar lifetime +.Op Fl -expiration-time= Ns Ar time +.Op Fl -pw-expiration-time= Ns Ar time +.Op Fl -kvno= Ns Ar number +.Ar principal +.Pp +.Bd -filled -offset indent +modifies certain attributes of a principal +.Ed +.Pp +.Nm privileges +.Pp +.Bd -filled -offset indent +lists the operations you are allowd to perform +.Ed +.Pp +.Ed + +When running in local mode, the following commands can also be used. + +.Bd -ragged -offset indent +.Nm dump +.Op Fl d | Fl -decrypt +.Op Ar dump-file +.Pp +.Bd -filled -offset indent +writes the database in +.Dq human readable +form to the specified file, or standard out +.Ed +.Pp +.Nm init +.Op Fl -realm-max-ticket-life= Ns Ar string +.Op Fl -realm-max-renewable-life= Ns Ar string +.Ar realm +.Pp +.Bd -filled -offset indent +initialises the Kerberos database with entries for a new realm, it's +possible to have more than one realm served by one server +.Ed +.Pp +.Nm load +.Ar file +.Pp +.Bd -filled -offset indent +reads a previously dumped database, and re-creates that database from scratch +.Ed +.Pp +.Nm merge +.Ar file +.Pp +.Bd -filled -offset indent +similar to +.Nm list +but just modifies the database with the entries in the dump file +.Ed +.Pp +.Ed + +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr kadmind 8 , +.Xr kdc 8 +.\".Sh STANDARDS +.\".Sh HISTORY +.\".Sh AUTHORS +.\".Sh BUGS diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c index 6d29d63..5a21ffb 100644 --- a/crypto/heimdal/kadmin/kadmin.c +++ b/crypto/heimdal/kadmin/kadmin.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <sl.h> -RCSID("$Id: kadmin.c,v 1.27 2000/01/31 23:51:52 assar Exp $"); +RCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $"); static char *config_file; static char *keyfile; @@ -141,6 +141,7 @@ static SL_cmd commands[] = { "privileges", get_privs, "privileges", "Shows which kinds of operations you are allowed to perform." }, + { "privs" }, { "list", list_princs, "list expression...", "Lists principals in a terse format. The same as `get -t'." @@ -148,16 +149,19 @@ static SL_cmd commands[] = { { "help", help, "help"}, { "?"}, { "exit", exit_kadmin, "exit"}, + { "quit" }, { NULL} }; krb5_context context; void *kadm_handle; +static SL_cmd *actual_cmds; + int help(int argc, char **argv) { - sl_help(commands, argc, argv); + sl_help(actual_cmds, argc, argv); return 0; } @@ -181,6 +185,24 @@ get_privs(int argc, char **argv) char str[128]; kadm5_ret_t ret; + int help_flag = 0; + struct getargs args[] = { + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage (args, num_args, "privileges", NULL); + return 0; + } + if(help_flag) { + arg_printusage (args, num_args, "privileges", NULL); + return 0; + } + ret = kadm5_get_privs(kadm_handle, &privs); if(ret) krb5_warn(context, ret, "kadm5_get_privs"); @@ -199,14 +221,15 @@ main(int argc, char **argv) kadm5_config_params conf; int optind = 0; int e; - SL_cmd *cmd; set_progname(argv[0]); - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); while((e = getarg(args, num_args, argc, argv, &optind))) - warnx("error at argument `%s'", argv[optind]); + errx(1, "error at argument `%s'", argv[optind]); if (help_flag) usage (0); @@ -254,7 +277,7 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - cmd = commands; + actual_cmds = commands; } else { ret = kadm5_c_init_with_password_ctx(context, client_name, @@ -262,17 +285,23 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - cmd = commands + 4; /* XXX */ + actual_cmds = commands + 4; /* XXX */ } if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); + + signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command + parser will handle SIGINT its own way; + we should really take care of this in + each function, f.i `get' might be + interruptable, but not `create' */ if (argc != 0) { - ret = sl_command (cmd, argc, argv); + ret = sl_command (actual_cmds, argc, argv); if(ret == -1) krb5_warnx (context, "unrecognized command: %s", argv[0]); } else - ret = sl_loop (cmd, "kadmin> ") != 0; + ret = sl_loop (actual_cmds, "kadmin> ") != 0; kadm5_destroy(kadm_handle); krb5_config_file_free (context, cf); diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 new file mode 100644 index 0000000..67d5c9b --- /dev/null +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -0,0 +1,133 @@ +.Dd June 7, 2000 +.Dt KADMIND 8 +.Os HEIMDAL +.Sh NAME +.Nm kadmind +.Nd +server for administrative access to kerberos database +.Sh SYNOPSIS +.Nm +.Oo Fl c Ar file \*(Ba Xo +.Fl -config-file= Ns Ar file Oc +.Xc +.Oo Fl k Ar file \*(Ba Xo +.Fl -key-file= Ns Ar file Oc +.Xc +.Op Fl -keytab= Ns Ar keytab +.Oo Fl r Ar realm \*(Ba Xo +.Fl -realm= Ns Ar realm Oc +.Xc +.Op Fl d | Fl -debug +.Oo Fl p Ar port \*(Ba Xo +.Fl -ports= Ns Ar port Oc +.Xc +.Sh DESCRIPTION +.Nm +listens for requests for changes to the Kerberos database and performs +these, subject to permissions. When starting, if stdin is a socket it assumes that it has been started by +.Xr inetd 8 , +otherwise it behaves as a daemon, forking processes for each new +connection. The +.Fl -debug +option causes +.Nm +to accept exactly one connection, which is useful for debugging. + +If built with krb4 support, it implements both the Heimdal Kerberos 5 +administrative protocol and the Kerberos 4 protocol. Password changes +via the Kerberos 4 protocol are also performed by +.Nm kadmind , +but the +.Xr kpasswdd 8 +daemon is responsible for the Kerberos 5 password changing protocol +(used by +.Xr kpasswd 1 ). +.Pp +This daemon should only be run on ther master server, and not on any +slaves. +.Pp +Principals are always allowed to change their own password and list +their own principals. Apart from that, doing any operation requires +permission explicitly added in the ACL file +.Pa /var/heimdal/kadmind.acl . +The format of this file is: +.Bd -ragged +.Va principal +.Va rights +.Op Va principal-pattern +.Ed +.Pp +Where rights is any combination of: +.Bl -bullet +.It +change-password | cpw +.It +list +.It +delete +.It +modify +.It +add +.It +get +.It +all +.El +.Pp +And the optional +.Ar principal-pattern +restricts the rights to principals that match the glob-style pattern. +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl c Ar file Ns , +.Fl -config-file= Ns Ar file +.Xc +location of config file +.It Xo +.Fl k Ar file Ns , +.Fl -key-file= Ns Ar file +.Xc +location of master key file +.It Xo +.Fl -keytab= Ns Ar keytab +.Xc +what keytab to use +.It Xo +.Fl r Ar realm Ns , +.Fl -realm= Ns Ar realm +.Xc +realm to use +.It Xo +.Fl d Ns , +.Fl -debug +.Xc +enable debugging +.It Xo +.Fl p Ar port Ns , +.Fl -ports= Ns Ar port +.Xc +ports to listen to. By default, if run as a daemon, it listen to ports +749, and 751 (if built with Kerberos 4 support), but you can add any +number of ports with this option. The port string is a whitespace +separated list of port specifications, with the special string +.Dq + +representing the default set of ports. +.El +.\".Sh ENVIRONMENT +.Sh FILES +.Pa /var/heimdal/kadmind.acl +.Sh EXAMPLES +This will cause kadmind to listen to port 4711 in addition to any +compiled in defaults: +.Bd -literal -offset indent +# kadmind --ports="+ 4711" & +.Ed +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr kdc 8 , +.Xr kadmin 1 , +.Xr kpasswdd 8 , +.Xr kpasswd 1 diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c index 4b4fb0d..7c1696b 100644 --- a/crypto/heimdal/kadmin/kadmind.c +++ b/crypto/heimdal/kadmin/kadmind.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,15 +33,17 @@ #include "kadmin_locl.h" -RCSID("$Id: kadmind.c,v 1.16 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: kadmind.c,v 1.24 2000/12/31 07:45:23 assar Exp $"); +static char *check_library = NULL; +static char *check_function = NULL; static char *config_file; static char *keyfile; static char *keytab_str = "HDB:"; static int help_flag; static int version_flag; static int debug_flag; -static int debug_port; +static char *port_str; char *realm; static struct getargs args[] = { @@ -60,11 +62,17 @@ static struct getargs args[] = { { "realm", 'r', arg_string, &realm, "realm to use", "realm" }, +#ifdef HAVE_DLOPEN + { "check-library", 0, arg_string, &check_library, + "library to load password check function from", "library" }, + { "check-function", 0, arg_string, &check_function, + "password check function to load", "function" }, +#endif { "debug", 'd', arg_flag, &debug_flag, "enable debugging" }, - { "debug-port", 'p', arg_integer,&debug_port, - "port to use with debug", "port" }, + { "ports", 'p', arg_string, &port_str, + "ports to listen to", "port" }, { "help", 'h', arg_flag, &help_flag }, { "version", 'v', arg_flag, &version_flag } }; @@ -80,9 +88,6 @@ usage(int ret) exit (ret); } -krb5_error_code -kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int); - int main(int argc, char **argv) { @@ -95,7 +100,9 @@ main(int argc, char **argv) set_progname(argv[0]); - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); ret = krb5_openlog(context, "kadmind", &logf); ret = krb5_set_warn_dest(context, logf); @@ -132,16 +139,27 @@ main(int argc, char **argv) if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve"); + kadm5_setup_passwd_quality_check (context, check_library, check_function); + { int fd = 0; + struct sockaddr sa; + socklen_t sa_size; krb5_auth_context ac = NULL; - if(debug_flag){ - if(debug_port == 0) + int debug_port; + sa_size = sizeof(sa); + if(debug_flag) { + if(port_str == NULL) debug_port = krb5_getportbyname (context, "kerberos-adm", "tcp", 749); else - debug_port = htons(debug_port); + debug_port = htons(atoi(port_str)); mini_inetd(debug_port); + } else if(roken_getsockname(STDIN_FILENO, &sa, &sa_size) < 0 && + errno == ENOTSOCK) { + parse_ports(context, port_str ? port_str : "+"); + pidfile(NULL); + start_server(context); } if(realm) krb5_set_default_realm(context, realm); /* XXX */ diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c index 6a95887..c53a7ad 100644 --- a/crypto/heimdal/kadmin/load.c +++ b/crypto/heimdal/kadmin/load.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <kadm5/private.h> -RCSID("$Id: load.c,v 1.36 2000/02/16 16:05:28 assar Exp $"); +RCSID("$Id: load.c,v 1.40 2001/01/04 15:59:26 assar Exp $"); struct entry { char *principal; @@ -324,6 +324,13 @@ doit(const char *filename, int merge) krb5_warn(context, errno, "fopen(%s)", filename); return 1; } + ret = kadm5_log_truncate (kadm_handle); + if (ret) { + fclose (f); + krb5_warn(context, ret, "kadm5_log_truncate"); + return 1; + } + if(!merge) flags |= O_CREAT | O_TRUNC; ret = db->open(context, db, flags, 0600); @@ -333,7 +340,9 @@ doit(const char *filename, int merge) return 1; } line = 0; - while(fgets(s, sizeof(s), f)){ + ret = 0; + while(fgets(s, sizeof(s), f) != NULL) { + ret = 0; line++; e.principal = s; for(p = s; *p; p++){ @@ -454,32 +463,71 @@ doit(const char *filename, int merge) } #endif - db->store(context, db, HDB_F_REPLACE, &ent); + ret = db->store(context, db, HDB_F_REPLACE, &ent); hdb_free_entry (context, &ent); + if (ret) { + krb5_warn(context, ret, "db_store"); + break; + } } db->close(context, db); fclose(f); - return 0; + return ret != 0; +} + + +static struct getargs args[] = { + { "help", 'h', arg_flag, NULL } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(const char *name) +{ + arg_printusage (args, num_args, name, "file"); } + + int load(int argc, char **argv) { - if(argc < 2){ - krb5_warnx(context, "Usage: load filename"); + int optind = 0; + int help_flag = 0; + + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + usage ("load"); + return 0; + } + if(argc - optind != 1 || help_flag) { + usage ("load"); return 0; } - doit(argv[1], 0); + + doit(argv[optind], 0); return 0; } int merge(int argc, char **argv) { - if(argc < 2){ - krb5_warnx(context, "Usage: merge filename"); + int optind = 0; + int help_flag = 0; + + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + usage ("merge"); return 0; } - doit(argv[1], 1); + if(argc - optind != 1 || help_flag) { + usage ("merge"); + return 0; + } + + doit(argv[optind], 1); return 0; } diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c index 48d00a6..1ea9c86 100644 --- a/crypto/heimdal/kadmin/mod.c +++ b/crypto/heimdal/kadmin/mod.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: mod.c,v 1.7 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: mod.c,v 1.10 2000/07/11 14:34:56 joda Exp $"); static int parse_args (krb5_context context, kadm5_principal_ent_t ent, int argc, char **argv, int *optind, char *name, @@ -49,6 +49,7 @@ parse_args(krb5_context context, kadm5_principal_ent_t ent, char *max_rlife_str = NULL; char *expiration_str = NULL; char *pw_expiration_str = NULL; + int new_kvno = -1; int ret, i; struct getargs args[] = { @@ -62,6 +63,8 @@ parse_args(krb5_context context, kadm5_principal_ent_t ent, NULL, "Expiration time", "time"}, {"pw-expiration-time", 0, arg_string, NULL, "Password expiration time", "time"}, + {"kvno", 0, arg_integer, + NULL, "Key version number", "number"}, }; i = 0; @@ -70,6 +73,7 @@ parse_args(krb5_context context, kadm5_principal_ent_t ent, args[i++].value = &max_rlife_str; args[i++].value = &expiration_str; args[i++].value = &pw_expiration_str; + args[i++].value = &new_kvno; *optind = 0; /* XXX */ @@ -86,6 +90,11 @@ parse_args(krb5_context context, kadm5_principal_ent_t ent, expiration_str, pw_expiration_str, attr_str); if (ret) return ret; + + if(new_kvno != -1) { + ent->kvno = new_kvno; + *mask |= KADM5_KVNO; + } return 0; } @@ -122,13 +131,12 @@ mod_entry(int argc, char **argv) KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION); + krb5_free_principal (context, princ_ent); if (ret) { printf ("no such principal: %s\n", argv[0]); - krb5_free_principal (context, princ_ent); return 0; } edit_entry(&princ, &mask, NULL, 0); - } else { princ.principal = princ_ent; } @@ -136,8 +144,6 @@ mod_entry(int argc, char **argv) ret = kadm5_modify_principal(kadm_handle, &princ, mask); if(ret) krb5_warn(context, ret, "kadm5_modify_principal"); - if(princ_ent) - krb5_free_principal(context, princ_ent); kadm5_free_principal_ent(kadm_handle, &princ); return 0; } diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c index 4d8a48e..0ba2a58 100644 --- a/crypto/heimdal/kadmin/rename.c +++ b/crypto/heimdal/kadmin/rename.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,18 +33,40 @@ #include "kadmin_locl.h" -RCSID("$Id: rename.c,v 1.2 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: rename.c,v 1.3 2000/09/10 19:19:20 joda Exp $"); + +static struct getargs args[] = { + { "help", 'h', arg_flag, NULL } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(void) +{ + arg_printusage (args, num_args, "rename", "from to"); +} int rename_entry(int argc, char **argv) { + int optind = 0; + int help_flag = 0; + krb5_error_code ret; krb5_principal princ1, princ2; - if(argc != 3){ - krb5_warnx(context, "rename source target"); + args[0].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + usage (); return 0; } + if(argc - optind < 3 || help_flag) { + usage (); + return 0; + } + ret = krb5_parse_name(context, argv[1], &princ1); if(ret){ krb5_warn(context, ret, "krb5_parse_name(%s)", argv[1]); diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index d491e46..add1dde 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <krb5-private.h> -RCSID("$Id: server.c,v 1.24 2000/01/02 03:58:45 assar Exp $"); +RCSID("$Id: server.c,v 1.32 2000/09/19 12:46:01 assar Exp $"); static kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_boolean initial, @@ -73,7 +73,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, } krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -96,7 +96,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -126,7 +126,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_unparse_name_fixed(context->context, ent.principal, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, + ent.principal); if(ret){ kadm5_free_principal_ent(context->context, &ent); memset(password, 0, strlen(password)); @@ -156,7 +157,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_unparse_name_fixed(context->context, ent.principal, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY, + ent.principal); if(ret){ kadm5_free_principal_ent(context, &ent); goto fail; @@ -183,7 +185,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_warnx(context->context, "%s: %s %s -> %s", client, op, name, name2); ret = _kadm5_acl_check_permission(context, - KADM5_PRIV_ADD|KADM5_PRIV_DELETE); + KADM5_PRIV_ADD, + princ2) + || _kadm5_acl_check_permission(context, + KADM5_PRIV_DELETE, + princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -220,7 +226,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { krb5_free_principal(context->context, princ); @@ -235,6 +241,77 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_store_int32(sp, ret); break; } + case kadm_chpass_with_key:{ + int i; + krb5_key_data *key_data; + int n_key_data; + + op = "CHPASS_WITH_KEY"; + ret = krb5_ret_principal(sp, &princ); + if(ret) + goto fail; + ret = krb5_ret_int32(sp, &n_key_data); + if (ret) { + krb5_free_principal(context->context, princ); + goto fail; + } + + key_data = malloc (n_key_data * sizeof(*key_data)); + if (key_data == NULL) { + ret = ENOMEM; + krb5_free_principal(context->context, princ); + goto fail; + } + + for (i = 0; i < n_key_data; ++i) { + ret = kadm5_ret_key_data (sp, &key_data[i]); + if (ret) { + int16_t dummy = i; + + kadm5_free_key_data (context, &dummy, key_data); + free (key_data); + krb5_free_principal(context->context, princ); + goto fail; + } + } + + krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); + krb5_warnx(context->context, "%s: %s %s", client, op, name); + + /* + * The change is allowed if at least one of: + * a) it's for the principal him/herself and this was an initial ticket + * b) the user is on the CPW ACL. + */ + + if (initial + && krb5_principal_compare (context->context, context->caller, + princ)) + ret = 0; + else + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + + if(ret) { + int16_t dummy = n_key_data; + + kadm5_free_key_data (context, &dummy, key_data); + free (key_data); + krb5_free_principal(context->context, princ); + goto fail; + } + ret = kadm5_chpass_principal_with_key(kadm_handle, princ, + n_key_data, key_data); + { + int16_t dummy = n_key_data; + kadm5_free_key_data (context, &dummy, key_data); + } + free (key_data); + krb5_free_principal(context->context, princ); + krb5_storage_free(sp); + sp = krb5_storage_emem(); + krb5_store_int32(sp, ret); + break; + } case kadm_randkey:{ op = "RANDKEY"; ret = krb5_ret_principal(sp, &princ); @@ -253,7 +330,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { krb5_free_principal(context->context, princ); @@ -296,7 +373,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, }else exp = NULL; krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*"); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL); if(ret){ free(exp); goto fail; @@ -342,52 +419,23 @@ v5_loop (krb5_context context, int fd) { krb5_error_code ret; - ssize_t n; - unsigned long len; - u_char tmp[4]; - struct iovec iov[2]; - krb5_data in, out, msg, reply; + krb5_data in, out; for (;;) { - n = krb5_net_read(context, &fd, tmp, 4); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_read"); - if (n == 0) - exit (0); - _krb5_get_int (tmp, &len, 4); - - ret = krb5_data_alloc(&in, len); - if (ret) - krb5_err (context, 1, ret, "krb5_data_alloc"); - - n = krb5_net_read(context, &fd, in.data, in.length); - if (n == 0) - exit (0); - if(n < 0) - krb5_errx(context, 1, "read error: %d", errno); - ret = krb5_rd_priv(context, ac, &in, &out, NULL); - if (ret) - krb5_err(context, 1, ret, "krb5_rd_priv"); + doing_useful_work = 0; + if(term_flag) + exit(0); + ret = krb5_read_priv_message(context, ac, &fd, &in); + if(ret == HEIM_ERR_EOF) + exit(0); + if(ret) + krb5_err(context, 1, ret, "krb5_read_priv_message"); + doing_useful_work = 1; + kadmind_dispatch(kadm_handle, initial, &in, &out); krb5_data_free(&in); - kadmind_dispatch(kadm_handle, initial, &out, &msg); - krb5_data_free(&out); - ret = krb5_mk_priv(context, ac, &msg, &reply, NULL); - krb5_data_free(&msg); - if(ret) - krb5_err(context, 1, ret, "krb5_mk_priv"); - - _krb5_put_int(tmp, reply.length, 4); - - iov[0].iov_base = tmp; - iov[0].iov_len = 4; - iov[1].iov_base = reply.data; - iov[1].iov_len = reply.length; - n = writev(fd, iov, 2); - krb5_data_free(&reply); - if(n < 0) - krb5_err(context, 1, errno, "writev"); - if(n < iov[0].iov_len + iov[1].iov_len) - krb5_errx(context, 1, "short write"); + ret = krb5_write_priv_message(context, ac, &fd, &out); + if(ret) + krb5_err(context, 1, ret, "krb5_write_priv_message"); } } @@ -411,7 +459,7 @@ handle_v5(krb5_context context, krb5_error_code ret; u_char version[sizeof(KRB5_SENDAUTH_VERSION)]; krb5_ticket *ticket; - krb5_principal server; + char *server_name; char *client; void *kadm_handle; ssize_t n; @@ -430,32 +478,33 @@ handle_v5(krb5_context context, if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0) krb5_errx(context, 1, "bad sendauth version %.8s", version); - ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server); - if (ret) - krb5_err (context, 1, ret, "krb5_parse_name %s", KADM5_ADMIN_SERVICE); ret = krb5_recvauth_match_version(context, &ac, &fd, match_appl_version, &kadm_version, - server, KRB5_RECVAUTH_IGNORE_VERSION, + NULL, KRB5_RECVAUTH_IGNORE_VERSION, keytab, &ticket); - if(ret == KRB5_KT_NOTFOUND) { - char *name; - krb5_unparse_name(context, server, &name); - krb5_errx(context, 1, "krb5_recvauth: %s (%s)", - krb5_get_err_text(context, ret), - name); - } - krb5_free_principal(context, server); - + if(ret == KRB5_KT_NOTFOUND) + krb5_errx(context, 1, "krb5_recvauth: key no found"); if(ret) krb5_err(context, 1, ret, "krb5_recvauth"); + ret = krb5_unparse_name (context, ticket->server, &server_name); + if (ret) + krb5_err (context, 1, ret, "krb5_unparse_name"); + + if (strncmp (server_name, KADM5_ADMIN_SERVICE, + strlen(KADM5_ADMIN_SERVICE)) != 0) + krb5_errx (context, 1, "ticket for strange principal (%s)", + server_name); + + free (server_name); + memset(&realm_params, 0, sizeof(realm_params)); if(kadm_version == 1) { - krb5_data enc_data, params; - ret = krb5_read_message(context, &fd, &enc_data); - ret = krb5_rd_priv(context, ac, &enc_data, ¶ms, NULL); - krb5_data_free(&enc_data); + krb5_data params; + ret = krb5_read_priv_message(context, ac, &fd, ¶ms); + if(ret) + krb5_err(context, 1, ret, "krb5_read_priv_message"); _kadm5_unmarshal_params(context, ¶ms, &realm_params); } @@ -490,12 +539,12 @@ kadmind_loop(krb5_context context, if(n == 0) exit(0); if(n < 0) - krb5_errx(context, 1, "read error: %d", errno); + krb5_err(context, 1, errno, "read"); _krb5_get_int(tmp, &len, 4); if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') { len >>= 16; #ifdef KRB4 - handle_v4(context, len, fd); + handle_v4(context, keytab, len, fd); #else krb5_errx(context, 1, "packet appears to be version 4"); #endif diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c index f30c8c5..8d7abc3 100644 --- a/crypto/heimdal/kadmin/util.c +++ b/crypto/heimdal/kadmin/util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <parse_units.h> -RCSID("$Id: util.c,v 1.23 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: util.c,v 1.30 2001/01/11 23:07:29 assar Exp $"); /* * util.c - functions for parsing, unparsing, and editing different @@ -103,9 +103,7 @@ parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit) { krb5_flags tmp = *attr; - if (resp[0] == '\0') - return 0; - else if (str2attributes(resp, &tmp) == 0) { + if (str2attributes(resp, &tmp) == 0) { *attr = tmp; if (mask) *mask |= bit; @@ -133,6 +131,8 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit) attributes2str(*attr, buf, sizeof(buf)); for (;;) { get_response("Attributes", buf, resp, sizeof(resp)); + if (resp[0] == '\0') + break; if (parse_attributes (resp, attr, mask, bit) == 0) break; } @@ -168,15 +168,20 @@ time_t2str(time_t t, char *str, size_t len, int include_time) */ int -str2time_t (const char *str, time_t *time) +str2time_t (const char *str, time_t *t) { const char *p; - struct tm tm; + struct tm tm, tm2; memset (&tm, 0, sizeof (tm)); if(strcasecmp(str, "never") == 0) { - *time = 0; + *t = 0; + return 0; + } + + if(strcasecmp(str, "now") == 0) { + *t = time(NULL); return 0; } @@ -186,13 +191,17 @@ str2time_t (const char *str, time_t *time) return -1; /* Do it on the end of the day */ - tm.tm_hour = 23; - tm.tm_min = 59; - tm.tm_sec = 59; - - strptime (p, "%H:%M:%S", &tm); + tm2.tm_hour = 23; + tm2.tm_min = 59; + tm2.tm_sec = 59; + + if(strptime (p, "%H:%M:%S", &tm2) != NULL) { + tm.tm_hour = tm2.tm_hour; + tm.tm_min = tm2.tm_min; + tm.tm_sec = tm2.tm_sec; + } - *time = tm2time (tm, 0); + *t = tm2time (tm, 0); return 0; } @@ -252,10 +261,10 @@ edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit) void deltat2str(unsigned t, char *str, size_t len) { - if(t) - unparse_time(t, str, len); - else + if(t == 0 || t == INT_MAX) snprintf(str, len, "unlimited"); + else + unparse_time(t, str, len); } /* @@ -333,27 +342,37 @@ int edit_entry(kadm5_principal_ent_t ent, int *mask, kadm5_principal_ent_t default_ent, int default_mask) { - if (default_ent && (default_mask & KADM5_MAX_LIFE)) + if (default_ent + && (default_mask & KADM5_MAX_LIFE) + && !(*mask & KADM5_MAX_LIFE)) ent->max_life = default_ent->max_life; edit_deltat ("Max ticket life", &ent->max_life, mask, KADM5_MAX_LIFE); - if (default_ent && (default_mask & KADM5_MAX_RLIFE)) + if (default_ent + && (default_mask & KADM5_MAX_RLIFE) + && !(*mask & KADM5_MAX_RLIFE)) ent->max_renewable_life = default_ent->max_renewable_life; edit_deltat ("Max renewable life", &ent->max_renewable_life, mask, KADM5_MAX_RLIFE); - if (default_ent && (default_mask & KADM5_PRINC_EXPIRE_TIME)) + if (default_ent + && (default_mask & KADM5_PRINC_EXPIRE_TIME) + && !(*mask & KADM5_PRINC_EXPIRE_TIME)) ent->princ_expire_time = default_ent->princ_expire_time; edit_timet ("Principal expiration time", &ent->princ_expire_time, mask, KADM5_PRINC_EXPIRE_TIME); - if (default_ent && (default_mask & KADM5_PW_EXPIRATION)) + if (default_ent + && (default_mask & KADM5_PW_EXPIRATION) + && !(*mask & KADM5_PW_EXPIRATION)) ent->pw_expiration = default_ent->pw_expiration; edit_timet ("Password expiration time", &ent->pw_expiration, mask, KADM5_PW_EXPIRATION); - if (default_ent && (default_mask & KADM5_ATTRIBUTES)) + if (default_ent + && (default_mask & KADM5_ATTRIBUTES) + && !(*mask & KADM5_ATTRIBUTES)) ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX; edit_attributes ("Attributes", &ent->attributes, mask, KADM5_ATTRIBUTES); @@ -518,3 +537,66 @@ get_response(const char *prompt, const char *def, char *buf, size_t len) strncpy(buf, def, len); buf[len-1] = 0; } + +/* + * return [0, 16) or -1 + */ + +static int +hex2n (char c) +{ + static char hexdigits[] = "0123456789abcdef"; + const char *p; + + p = strchr (hexdigits, tolower((int)c)); + if (p == NULL) + return -1; + else + return p - hexdigits; +} + +/* + * convert a key in a readable format into a keyblock. + * return 0 iff succesful, otherwise `err' should point to an error message + */ + +int +parse_des_key (const char *key_string, krb5_key_data *key_data, + const char **err) +{ + const char *p = key_string; + unsigned char bits[8]; + int i; + + if (strlen (key_string) != 16) { + *err = "bad length, should be 16 for DES key"; + return 1; + } + for (i = 0; i < 8; ++i) { + int d1, d2; + + d1 = hex2n(p[2 * i]); + d2 = hex2n(p[2 * i + 1]); + if (d1 < 0 || d2 < 0) { + *err = "non-hex character"; + return 1; + } + bits[i] = (d1 << 4) | d2; + } + for (i = 0; i < 3; ++i) { + key_data[i].key_data_ver = 2; + key_data[i].key_data_kvno = 0; + /* key */ + key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC; + key_data[i].key_data_length[0] = 8; + key_data[i].key_data_contents[0] = malloc(8); + memcpy (key_data[i].key_data_contents[0], bits, 8); + /* salt */ + key_data[i].key_data_type[1] = KRB5_PW_SALT; + key_data[i].key_data_length[1] = 0; + key_data[i].key_data_contents[1] = NULL; + } + key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5; + key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4; + return 0; +} diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c index 77ac029..e4ebce7 100644 --- a/crypto/heimdal/kadmin/version4.c +++ b/crypto/heimdal/kadmin/version4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,7 +41,7 @@ #include <krb_err.h> #include <kadm_err.h> -RCSID("$Id: version4.c,v 1.16 1999/11/25 22:32:47 assar Exp $"); +RCSID("$Id: version4.c,v 1.24 2001/01/29 08:40:45 assar Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 @@ -196,7 +196,7 @@ flags_4_to_5(char *flags) case KADM_INST: mask |= KADM5_PRINCIPAL; case KADM_EXPDATE: - mask |= KADM5_PW_EXPIRATION; + mask |= KADM5_PRINC_EXPIRE_TIME; case KADM_MAXLIFE: mask |= KADM5_MAX_LIFE; #ifdef EXTENDED_KADM @@ -221,6 +221,7 @@ ent_to_values(krb5_context context, { krb5_error_code ret; char realm[REALM_SZ]; + time_t exp = 0; memset(vals, 0, sizeof(*vals)); if(mask & KADM5_PRINCIPAL) { @@ -229,16 +230,17 @@ ent_to_values(krb5_context context, SET_FIELD(KADM_NAME, vals->fields); SET_FIELD(KADM_INST, vals->fields); } - if(mask & KADM5_PW_EXPIRATION) { - time_t exp = 0; + if(mask & KADM5_PRINC_EXPIRE_TIME) { if(ent->princ_expire_time != 0) exp = ent->princ_expire_time; + } + if(mask & KADM5_PW_EXPIRATION) { if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration)) exp = ent->pw_expiration; - if(exp) { - vals->exp_date = exp; - SET_FIELD(KADM_EXPDATE, vals->fields); - } + } + if(exp) { + vals->exp_date = exp; + SET_FIELD(KADM_EXPDATE, vals->fields); } if(mask & KADM5_MAX_LIFE) { if(ent->max_life == 0) @@ -298,8 +300,8 @@ values_to_ent(krb5_context context, *mask |= KADM5_PRINCIPAL; } if(IS_FIELD(KADM_EXPDATE, vals->fields)) { - ent->pw_expiration = vals->exp_date; - *mask |= KADM5_PW_EXPIRATION; + ent->princ_expire_time = vals->exp_date; + *mask |= KADM5_PRINC_EXPIRE_TIME; } if(IS_FIELD(KADM_MAXLIFE, vals->fields)) { ent->max_life = krb_life_to_time(0, vals->max_life); @@ -465,7 +467,7 @@ kadm_ser_cpw(krb5_context context, char *password = NULL; krb5_error_code ret; - krb5_warnx(context, "v4-compat %s: cpw %s", + krb5_warnx(context, "v4-compat %s: CHPASS %s", principal_string, principal_string); ret = message->fetch(message, key + 4, 4); @@ -515,7 +517,7 @@ kadm_ser_cpw(krb5_context context, } return 0; fail: - krb5_warn(context, ret, "v4-compat cpw"); + krb5_warn(context, ret, "v4-compat CHPASS"); return error_code(ret); } @@ -540,10 +542,11 @@ kadm_ser_add(krb5_context context, goto fail; krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: add %s", + krb5_warnx(context, "v4-compat %s: ADD %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD, + ent.principal); if (ret) goto fail; @@ -553,7 +556,7 @@ kadm_ser_add(krb5_context context, goto fail; } - mask = KADM5_PRINCIPAL | KADM5_PW_EXPIRATION | KADM5_MAX_LIFE | + mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE | KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME; kadm5_get_principal(kadm_handle, ent.principal, &out, mask); @@ -563,7 +566,7 @@ kadm_ser_add(krb5_context context, store_vals(reply, &values); return 0; fail: - krb5_warn(context, ret, "v4-compat add"); + krb5_warn(context, ret, "v4-compat ADD"); return error_code(ret); } @@ -594,10 +597,11 @@ kadm_ser_get(krb5_context context, goto fail; krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: get %s", + krb5_warnx(context, "v4-compat %s: GET %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET, + ent.principal); if (ret) goto fail; @@ -616,7 +620,7 @@ kadm_ser_get(krb5_context context, store_vals(reply, &values); return 0; fail: - krb5_warn(context, ret, "v4-compat get"); + krb5_warn(context, ret, "v4-compat GET"); return error_code(ret); } @@ -644,10 +648,11 @@ kadm_ser_mod(krb5_context context, goto fail; krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: mod %s", + krb5_warnx(context, "v4-compat %s: MOD %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY, + ent.principal); if (ret) goto fail; @@ -673,7 +678,7 @@ kadm_ser_mod(krb5_context context, store_vals(reply, &values1); return 0; fail: - krb5_warn(context, ret, "v4-compat mod"); + krb5_warn(context, ret, "v4-compat MOD"); return error_code(ret); } @@ -698,10 +703,11 @@ kadm_ser_del(krb5_context context, goto fail; krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: del %s", + krb5_warnx(context, "v4-compat %s: DEL %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE, + ent.principal); if (ret) goto fail; @@ -714,7 +720,7 @@ kadm_ser_del(krb5_context context, return 0; fail: - krb5_warn(context, ret, "v4-compat add"); + krb5_warn(context, ret, "v4-compat ADD"); return error_code(ret); } @@ -785,6 +791,7 @@ dispatch(krb5_context context, static void decode_packet(krb5_context context, + krb5_keytab keytab, struct sockaddr_in *admin_addr, struct sockaddr_in *client_addr, krb5_data message, @@ -803,6 +810,7 @@ decode_packet(krb5_context context, void *kadm_handle; krb5_principal client; char *client_str; + krb5_keytab_entry entry; if(message.length < KADM_VERSIZE || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) { @@ -828,13 +836,16 @@ decode_packet(krb5_context context, make_you_loose_packet (KADM_NOMEM, reply); return; } - ret = krb5_kt_read_service_key(context, - "HDB:", - principal, - 0, -/* ETYPE_DES_CBC_CRC,*/ - ETYPE_DES_CBC_MD5, - &key); + ret = krb5_kt_get_entry (context, keytab, principal, 0, + ETYPE_DES_CBC_MD5, &entry); + krb5_kt_close (context, keytab); + if (ret) { + krb5_free_principal(context, principal); + make_you_loose_packet (KADM_NO_AUTH, reply); + return; + } + ret = krb5_copy_keyblock (context, &entry.keyblock,& key); + krb5_kt_free_entry(context, &entry); krb5_free_principal(context, principal); if(ret) { if(ret == KRB5_KT_NOTFOUND) @@ -862,8 +873,14 @@ decode_packet(krb5_context context, return; } - krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm, - &client); + ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm, + &client); + if (ret) { + krb5_warnx (context, "krb5_425_conv_principal: %d", ret); + make_you_loose_packet (KADM_NOMEM, reply); + return; + } + krb5_unparse_name(context, client, &client_str); ret = kadm5_init_with_password_ctx(context, @@ -878,8 +895,7 @@ decode_packet(krb5_context context, goto out; } - checksum = des_quad_cksum((des_cblock*)(msg + off), NULL, rlen, - 0, &ad.session); + checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session); if(checksum != ad.checksum) { krb5_warnx(context, "decode_packet: bad checksum"); make_you_loose_packet (KADM_BAD_CHK, reply); @@ -919,12 +935,13 @@ out: void handle_v4(krb5_context context, + krb5_keytab keytab, int len, int fd) { int first = 1; struct sockaddr_in admin_addr, client_addr; - int addr_len; + socklen_t addr_len; krb5_data message, reply; ssize_t n; @@ -936,6 +953,9 @@ handle_v4(krb5_context context, krb5_errx (context, 1, "getpeername"); while(1) { + doing_useful_work = 0; + if(term_flag) + exit(0); if(first) { /* first time around, we have already read len, and two bytes of the version string */ @@ -966,7 +986,8 @@ handle_v4(krb5_context context, if (n < 0) krb5_err (context, 1, errno, "krb5_net_read"); } - decode_packet(context, &admin_addr, &client_addr, + doing_useful_work = 1; + decode_packet(context, keytab, &admin_addr, &client_addr, message, &reply); krb5_data_free(&message); { |