diff options
author | nectar <nectar@FreeBSD.org> | 2002-11-24 20:59:25 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-11-24 20:59:25 +0000 |
commit | d13cd487f69aa39c9486c32e8c28e08dc9a63c76 (patch) | |
tree | 2708753996e89e20cd6831ff0f1965ac9952a791 /crypto/heimdal/kadmin | |
parent | 923bcb0860f02fab9cc26fecdbcffc17a9d9a7ec (diff) | |
parent | 1abd325d288bd51f6ca702d7fbf296a6f47f7e74 (diff) | |
download | FreeBSD-src-d13cd487f69aa39c9486c32e8c28e08dc9a63c76.zip FreeBSD-src-d13cd487f69aa39c9486c32e8c28e08dc9a63c76.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r107207,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/kadmin')
-rw-r--r-- | crypto/heimdal/kadmin/ChangeLog | 4 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/Makefile.in | 45 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadm_conn.c | 7 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.cat8 | 20 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.8 | 14 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.c | 12 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.cat8 | 34 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/server.c | 9 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/version4.c | 2 |
9 files changed, 82 insertions, 65 deletions
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index 6e625f8..a457753 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,3 +1,7 @@ +2002-10-21 Johan Danielsson <joda@pdc.kth.se> + + * version4.c: pull up 1.27; check size of rlen + 2002-09-10 Johan Danielsson <joda@pdc.kth.se> * server.c: constify match_appl_version() diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in index dbf49d8..d2578f5 100644 --- a/crypto/heimdal/kadmin/Makefile.in +++ b/crypto/heimdal/kadmin/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.6.3 from Makefile.am. +# Makefile.in generated by automake 1.6.1 from Makefile.am. # @configure_input@ # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 @@ -55,7 +55,6 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_HEADER = $(INSTALL_DATA) transform = @program_transform_name@ @@ -305,8 +304,8 @@ kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la kadmin_LDFLAGS = -@KRB4_TRUE@am__objects_1 = version4.$(OBJEXT) -am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) $(am__objects_1) \ +@KRB4_TRUE@am__objects_4 = version4.$(OBJEXT) +am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) $(am__objects_4) \ kadm_conn.$(OBJEXT) kadmind_OBJECTS = $(am_kadmind_OBJECTS) @KRB4_TRUE@kadmind_DEPENDENCIES = \ @@ -360,7 +359,8 @@ install-libexecPROGRAMS: $(libexec_PROGRAMS) if test -f $$p \ || test -f $$p1 \ ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \ + f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \ else :; fi; \ @@ -369,24 +369,17 @@ install-libexecPROGRAMS: $(libexec_PROGRAMS) uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + f=`echo "$$f" | sed -e 's,^.*/,,'`; \ echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ rm -f $(DESTDIR)$(libexecdir)/$$f; \ done clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) @@ -396,7 +389,8 @@ install-sbinPROGRAMS: $(sbin_PROGRAMS) if test -f $$p \ || test -f $$p1 \ ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \ + f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \ else :; fi; \ @@ -405,17 +399,14 @@ install-sbinPROGRAMS: $(sbin_PROGRAMS) uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + f=`echo "$$f" | sed -e 's,^.*/,,'`; \ echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \ rm -f $(DESTDIR)$(sbindir)/$$f; \ done clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) @rm -f add_random_users$(EXEEXT) $(LINK) $(add_random_users_LDFLAGS) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS) @@ -466,10 +457,6 @@ install-man8: $(man8_MANS) $(man_MANS) if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ @@ -535,7 +522,7 @@ top_distdir = .. distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @list='$(DISTFILES)'; for file in $$list; do \ + @for file in $(DISTFILES); do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ @@ -585,7 +572,7 @@ mostlyclean-generic: clean-generic: distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]* maintainer-clean-generic: @echo "This command is intended for maintainers to use" diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c index 3914822..f2b54de 100644 --- a/crypto/heimdal/kadmin/kadm_conn.c +++ b/crypto/heimdal/kadmin/kadm_conn.c @@ -36,7 +36,7 @@ #include <sys/wait.h> #endif -RCSID("$Id: kadm_conn.c,v 1.13 2001/05/16 22:06:44 assar Exp $"); +RCSID("$Id: kadm_conn.c,v 1.13.6.1 2002/10/21 14:53:39 joda Exp $"); struct kadm_port { char *port; @@ -62,12 +62,15 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port) kadm_ports = p; } +extern int do_kerberos4; + static void add_standard_ports (krb5_context context) { add_kadm_port(context, "kerberos-adm", 749); #ifdef KRB4 - add_kadm_port(context, "kerberos-master", 751); + if(do_kerberos4) + add_kadm_port(context, "kerberos-master", 751); #endif } diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8 index 8a3a32c..2155533 100644 --- a/crypto/heimdal/kadmin/kadmin.cat8 +++ b/crypto/heimdal/kadmin/kadmin.cat8 @@ -1,19 +1,19 @@ -KADMIN(8) FreeBSD System Manager's Manual KADMIN(8) +KADMIN(8) NetBSD System Manager's Manual KADMIN(8) NNAAMMEE kkaaddmmiinn - Kerberos administration utility SSYYNNOOPPSSIISS kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc - _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m | - ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r | - ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] - [--vv | ----vveerrssiioonn] [_c_o_m_m_a_n_d] + _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m | + ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r | + ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn] + [_c_o_m_m_a_n_d] DDEESSCCRRIIPPTTIIOONN The kkaaddmmiinn program is used to make modification to the Kerberos database, - either remotely via the kadmind(8) daemon, or locally (with the --ll - option). + either remotely via the kadmind(8) daemon, or locally (with the --ll op- + tion). Supported options: @@ -112,10 +112,10 @@ DDEESSCCRRIIPPTTIIOONN mmeerrggee _f_i_l_e - similar to lliisstt but just modifies the database with the - entries in the dump file + similar to lliisstt but just modifies the database with the en- + tries in the dump file SSEEEE AALLSSOO kadmind(8), kdc(8) -HEIMDAL September 10, 2000 HEIMDAL + HEIMDAL September 10, 2000 2 diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index f7a3f5b..ac1fcd2 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -1,4 +1,4 @@ -.\" $Id: kadmind.8,v 1.10 2002/08/20 17:07:11 joda Exp $ +.\" $Id: kadmind.8,v 1.10.2.1 2002/10/21 14:53:39 joda Exp $ .\" .Dd March 5, 2002 .Dt KADMIND 8 @@ -26,6 +26,7 @@ .Fl -ports= Ns Ar port .Xc .Oc +.Op Fl -no-kerberos4 .Sh DESCRIPTION .Nm listens for requests for changes to the Kerberos database and performs @@ -118,11 +119,16 @@ enable debugging .Fl -ports= Ns Ar port .Xc ports to listen to. By default, if run as a daemon, it listen to ports -749, and 751 (if built with Kerberos 4 support), but you can add any -number of ports with this option. The port string is a whitespace -separated list of port specifications, with the special string +749, and 751 (if Kerberos 4 support is built and enabled), but you can +add any number of ports with this option. The port string is a +whitespace separated list of port specifications, with the special +string .Dq + representing the default set of ports. +.It Fl -no-kerberos4 +make +.Nm +ignore Kerberos 4 kadmin requests. .El .\".Sh ENVIRONMENT .Sh FILES diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c index c8fe8ec..5ef6349 100644 --- a/crypto/heimdal/kadmin/kadmind.c +++ b/crypto/heimdal/kadmin/kadmind.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: kadmind.c,v 1.27 2001/05/14 06:16:41 assar Exp $"); +RCSID("$Id: kadmind.c,v 1.27.6.1 2002/10/21 14:53:39 joda Exp $"); static char *check_library = NULL; static char *check_function = NULL; @@ -45,6 +45,9 @@ static int version_flag; static int debug_flag; static char *port_str; char *realm; +#ifdef KRB4 +int do_kerberos4 = 1; +#endif static struct getargs args[] = { { @@ -71,6 +74,11 @@ static struct getargs args[] = { { "debug", 'd', arg_flag, &debug_flag, "enable debugging" }, +#ifdef KRB4 + { "kerberos4", 0, arg_negative_flag, &do_kerberos4, + "don't respond to kerberos 4 requests" + }, +#endif { "ports", 'p', arg_string, &port_str, "ports to listen to", "port" }, { "help", 'h', arg_flag, &help_flag }, diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8 index 4eeefc6..b7172bc 100644 --- a/crypto/heimdal/kadmin/kadmind.cat8 +++ b/crypto/heimdal/kadmin/kadmind.cat8 @@ -1,23 +1,23 @@ -KADMIND(8) FreeBSD System Manager's Manual KADMIND(8) +KADMIND(8) NetBSD System Manager's Manual KADMIND(8) NNAAMMEE kkaaddmmiinndd - server for administrative access to kerberos database SSYYNNOOPPSSIISS kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] - [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp - _p_o_r_t | ----ppoorrttss==_p_o_r_t] + [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t | + ----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44] DDEESSCCRRIIPPTTIIOONN kkaaddmmiinndd listens for requests for changes to the Kerberos database and performs these, subject to permissions. When starting, if stdin is a - socket it assumes that it has been started by inetd(8), otherwise it - behaves as a daemon, forking processes for each new connection. The - ----ddeebbuugg option causes kkaaddmmiinndd to accept exactly one connection, which is - useful for debugging. + socket it assumes that it has been started by inetd(8), otherwise it be- + haves as a daemon, forking processes for each new connection. The ----ddeebbuugg + option causes kkaaddmmiinndd to accept exactly one connection, which is useful + for debugging. - If built with krb4 support, it implements both the Heimdal Kerberos 5 - administrative protocol and the Kerberos 4 protocol. Password changes via + If built with krb4 support, it implements both the Heimdal Kerberos 5 ad- + ministrative protocol and the Kerberos 4 protocol. Password changes via the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpasswdd(8) daemon is responsible for the Kerberos 5 password changing protocol (used by kpasswd(1)) @@ -63,10 +63,14 @@ DDEESSCCRRIIPPTTIIOONN --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t ports to listen to. By default, if run as a daemon, it listen to - ports 749, and 751 (if built with Kerberos 4 support), but you - can add any number of ports with this option. The port string is - a whitespace separated list of port specifications, with the spe- - cial string ``+'' representing the default set of ports. + ports 749, and 751 (if Kerberos 4 support is built and enabled), + but you can add any number of ports with this option. The port + string is a whitespace separated list of port specifications, + with the special string ``+'' representing the default set of + ports. + + ----nnoo--kkeerrbbeerrooss44 + make kkaaddmmiinndd ignore Kerberos 4 kadmin requests. FFIILLEESS _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l @@ -75,7 +79,7 @@ EEXXAAMMPPLLEESS This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com- piled in defaults: - kkaaddmmiinndd ----ppoorrttss="+ 4711" & + kkaaddmmiinndd----ppoorrttss="+ 4711" & This acl file will grant Joe all rights, and allow Mallory to view and add host principals. @@ -86,4 +90,4 @@ EEXXAAMMPPLLEESS SSEEEE AALLSSOO kpasswd(1), kadmin(8), kdc(8), kpasswdd(8) -HEIMDAL March 5, 2002 HEIMDAL + HEIMDAL March 5, 2002 2 diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 143e95d..82050bb 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <krb5-private.h> -RCSID("$Id: server.c,v 1.36 2002/09/10 19:23:28 joda Exp $"); +RCSID("$Id: server.c,v 1.36.2.1 2002/10/21 14:53:39 joda Exp $"); static kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_boolean initial, @@ -532,6 +532,8 @@ handle_v5(krb5_context context, v5_loop (context, ac, initial, kadm_handle, fd); } +extern int do_kerberos4; + krb5_error_code kadmind_loop(krb5_context context, krb5_auth_context ac, @@ -551,7 +553,10 @@ kadmind_loop(krb5_context context, if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') { len >>= 16; #ifdef KRB4 - handle_v4(context, keytab, len, fd); + if(do_kerberos4) + handle_v4(context, keytab, len, fd); + else + krb5_errx(context, 1, "version 4 kadmin is disabled"); #else krb5_errx(context, 1, "packet appears to be version 4"); #endif diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c index f4c6b08..466ec3a 100644 --- a/crypto/heimdal/kadmin/version4.c +++ b/crypto/heimdal/kadmin/version4.c @@ -41,7 +41,7 @@ #include <krb_err.h> #include <kadm_err.h> -RCSID("$Id: version4.c,v 1.27 2002/10/21 12:35:07 joda Exp $"); +RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 |