diff options
| author | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
|---|---|---|
| committer | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
| commit | e7e0b349883e80d63c4e856f16351aaa6607766d (patch) | |
| tree | 5518cb944fa25f627a797b58451ccf506b720fcf /crypto/heimdal/lib/kadm5 | |
| parent | e02fd6b8423e63f1fdbfc1f984d7c7291a1bacd1 (diff) | |
| parent | 2db247d3fc10ef5304f61dbd66448efff8cc6684 (diff) | |
| download | FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.zip FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.tar.gz | |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
Diffstat (limited to 'crypto/heimdal/lib/kadm5')
64 files changed, 3195 insertions, 2705 deletions
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog index 9b1235c..5016827 100644 --- a/crypto/heimdal/lib/kadm5/ChangeLog +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -1,13 +1,19 @@ -2008-01-21 Love Hörnquist Åstrand <lha@it.su.se> +2008-04-23 Love Hörnquist Ã…strand <lha@it.su.se> + + * ipropd_master.c: Only log "sending AYT" once, pointed out by Dr + A V Le Blanc. + + +2008-01-21 Love Hörnquist Ã…strand <lha@it.su.se> * default_keys.c: Use hdb_free_keys(). -2008-01-11 Love Hörnquist Åstrand <lha@it.su.se> +2008-01-11 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: add check-cracklib.pl, flush.c, sample_passwd_check.c -2007-12-07 Love Hörnquist Åstrand <lha@it.su.se> +2007-12-07 Love Hörnquist Ã…strand <lha@it.su.se> * use hdb_db_dir() and hdb_default_db() @@ -16,11 +22,11 @@ * init_c.c: We are getting default_client, not client. this way the user can override the result. -2007-09-29 Love Hörnquist Åstrand <lha@it.su.se> +2007-09-29 Love Hörnquist Ã…strand <lha@it.su.se> * iprop.8: fix spelling, From Antoine Jacoutt. -2007-08-16 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-16 Love Hörnquist Ã…strand <lha@it.su.se> * version-script.map: export _kadm5_unmarshal_params, _kadm5_acl_check_permission @@ -29,26 +35,26 @@ * log.c: Unexport the specific log replay operations. -2007-08-10 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-10 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: build sample_passwd_check.la as part of noinst. * sample_passwd_check.c: Add missing prototype for check_length(). -2007-08-07 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-07 Love Hörnquist Ã…strand <lha@it.su.se> * log.c: Sprinkle krb5_set_error_string(). * ipropd_slave.c: Provide better error why kadm5_log_replay failed. -2007-08-06 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-06 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c: - don't push whole database to the new client every time. - make slaves get the whole new database if they have a newer log the the master (and thus have them go back in time). -2007-08-03 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-03 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c: make more sane. @@ -63,12 +69,12 @@ * ipropd_master.c: Start the server at the current version, not 0. -2007-08-02 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-02 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c: Add more logging, to figure out what is happening in the master. -2007-08-01 Love Hörnquist Åstrand <lha@it.su.se> +2007-08-01 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: add version-script for libkadm5srv.la @@ -81,42 +87,42 @@ hostname, catch signals and print why we are quiting, make nop cause one new version, not two -2007-07-30 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-30 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c (send_diffs): make current slave's version uptodate when diff have been sent. -2007-07-27 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-27 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c: More comments and some more error checking. -2007-07-26 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-26 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c (get_cache_principal): make sure id is reset if we fail. From Benjamin Bennet. -2007-07-10 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-10 Love Hörnquist Ã…strand <lha@it.su.se> * context_s.c (find_db_spec): match realm-less as the default realm. * Makefile.am: New library version. -2007-07-05 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-05 Love Hörnquist Ã…strand <lha@it.su.se> * context_s.c: Use hdb_get_dbinfo to pick up configuration. ctx->config.realm can be NULL, check for that, from Bjorn S. -2007-07-04 Love Hörnquist Åstrand <lha@it.su.se> +2007-07-04 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c: Try harder to use the right principal. -2007-06-20 Love Hörnquist Åstrand <lha@it.su.se> +2007-06-20 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c: Catch return value from krb5_program_setup. From Steven Luo. -2007-05-08 Love Hörnquist Åstrand <lha@it.su.se> +2007-05-08 Love Hörnquist Ã…strand <lha@it.su.se> * delete_s.c: Write log entry after store is successful, rename out goto statments. @@ -131,7 +137,7 @@ * create_s.c: Write log entry after store is successful. -2007-05-07 Love Hörnquist Åstrand <lha@it.su.se> +2007-05-07 Love Hörnquist Ã…strand <lha@it.su.se> * iprop-commands.in: Add default values to make this working again. @@ -151,7 +157,7 @@ * log.c (kadm5_log_previous): document assumptions and make less broken. Bug report from Ronny Blomme. -2007-02-17 Love Hörnquist Åstrand <lha@it.su.se> +2007-02-17 Love Hörnquist Ã…strand <lha@it.su.se> * admin.h: add support to get aliases @@ -161,22 +167,22 @@ * iprop-log.8: Small fixes, from David Love. -2006-12-15 Love Hörnquist Åstrand <lha@it.su.se> +2006-12-15 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c: if the user have a kadmin/admin initial ticket, don't ask for password, just use the credential instead. -2006-12-06 Love Hörnquist Åstrand <lha@it.su.se> +2006-12-06 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c: Use strcspn to remove \n from string returned - by fgets. From Björn Sandell + by fgets. From Björn Sandell -2006-11-30 Love Hörnquist Åstrand <lha@it.su.se> +2006-11-30 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c (kadm_connect): clear error string before trying to print a errno, this way we don't pick up a random failure code -2006-11-20 Love Hörnquist Åstrand <lha@it.su.se> +2006-11-20 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context argument. @@ -184,15 +190,15 @@ * init_c.c: Make krb5_get_init_creds_opt_free take a context argument. -2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> +2006-10-22 Love Hörnquist Ã…strand <lha@it.su.se> * ent_setup.c: Try to not leak memory. -2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> +2006-10-07 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: split build files into dist_ and noinst_ SOURCES -2006-08-24 Love Hörnquist Åstrand <lha@it.su.se> +2006-08-24 Love Hörnquist Ã…strand <lha@it.su.se> * get_s.c: Add KRB5_KDB_ALLOW_DIGEST @@ -200,12 +206,12 @@ * admin.h: Add KRB5_KDB_ALLOW_DIGEST -2006-06-16 Love Hörnquist Åstrand <lha@it.su.se> +2006-06-16 Love Hörnquist Ã…strand <lha@it.su.se> * check-cracklib.pl: Add password reuse checking. From Harald Barth. -2006-06-14 Love Hörnquist Åstrand <lha@it.su.se> +2006-06-14 Love Hörnquist Ã…strand <lha@it.su.se> * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4 @@ -213,31 +219,31 @@ * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4 -2006-06-06 Love Hörnquist Åstrand <lha@it.su.se> +2006-06-06 Love Hörnquist Ã…strand <lha@it.su.se> * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION -2006-05-30 Love Hörnquist Åstrand <lha@it.su.se> +2006-05-30 Love Hörnquist Ã…strand <lha@it.su.se> * password_quality.c (kadm5_check_password_quality): set error message in context. -2006-05-13 Love Hörnquist Åstrand <lha@it.su.se> +2006-05-13 Love Hörnquist Ã…strand <lha@it.su.se> * iprop-log.c: Avoid shadowing. * rename_s.c: Avoid shadowing. -2006-05-08 Love Hörnquist Åstrand <lha@it.su.se> +2006-05-08 Love Hörnquist Ã…strand <lha@it.su.se> * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it that way. -2006-05-05 Love Hörnquist Åstrand <lha@it.su.se> +2006-05-05 Love Hörnquist Ã…strand <lha@it.su.se> * Rename u_intXX_t to uintXX_t -2006-04-27 Love Hörnquist Åstrand <lha@it.su.se> +2006-04-27 Love Hörnquist Ã…strand <lha@it.su.se> * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c: Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for @@ -265,12 +271,12 @@ * chpass_s.c: Break out the that we request from principal from the entry and pass it in as a separate argument. -2006-04-25 Love Hörnquist Åstrand <lha@it.su.se> +2006-04-25 Love Hörnquist Ã…strand <lha@it.su.se> * create_s.c (create_principal*): If client doesn't send kvno, make sure to set it to 1. -2006-04-10 Love Hörnquist Åstrand <lha@it.su.se> +2006-04-10 Love Hörnquist Ã…strand <lha@it.su.se> * log.c: (kadm5_log_rename): handle errors better Fixes Coverity, NetBSD CID#628 @@ -285,39 +291,39 @@ * init_c.c (_kadm5_c_get_cred_cache): Free client principal in case of error. Coverity NetBSD CID#1908 -2006-02-02 Love Hörnquist Åstrand <lha@it.su.se> +2006-02-02 Love Hörnquist Ã…strand <lha@it.su.se> * kadm5_err.et: (PASS_REUSE): Spelling, - from Václav H?la <ax@natur.cuni.cz> + from Václav H?la <ax@natur.cuni.cz> -2006-01-25 Love Hörnquist Åstrand <lha@it.su.se> +2006-01-25 Love Hörnquist Ã…strand <lha@it.su.se> * send_recv.c: Clear error-string when introducing new errors. * *_c.c: Clear error-string when introducing new errors. -2006-01-15 Love Hörnquist Åstrand <lha@it.su.se> +2006-01-15 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove dependency -2005-12-13 Love Hörnquist Åstrand <lha@it.su.se> +2005-12-13 Love Hörnquist Ã…strand <lha@it.su.se> * memset hdb_entry_ex before use -2005-12-12 Love Hörnquist Åstrand <lha@it.su.se> +2005-12-12 Love Hörnquist Ã…strand <lha@it.su.se> * Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet -2005-11-30 Love Hörnquist Åstrand <lha@it.su.se> +2005-11-30 Love Hörnquist Ã…strand <lha@it.su.se> * context_s.c (set_field): try another way to calculate the path to the database/logfile/signal-socket * log.c (kadm5_log_init): set error string on failures -2005-09-08 Love Hörnquist Åstrand <lha@it.su.se> +2005-09-08 Love Hörnquist Ã…strand <lha@it.su.se> * Constify password. @@ -327,11 +333,11 @@ * get_s.c (kadm5_s_get_principal): clear error string -2005-08-25 Love Hörnquist Åstrand <lha@it.su.se> +2005-08-25 Love Hörnquist Ã…strand <lha@it.su.se> * iprop-log.8: More text about iprop-log. -2005-08-24 Love Hörnquist Åstrand <lha@it.su.se> +2005-08-24 Love Hörnquist Ã…strand <lha@it.su.se> * iprop.8: SEE ALSO iprop-log. @@ -343,7 +349,7 @@ iprop-log. * log.c (kadm5_log_foreach): add a context variable and pass it - down to `func´. + down to `func´. * iprop-commands.in: Move truncate_log and replay_log into iprop-log. @@ -371,7 +377,7 @@ * Makefile.am: New program iprop-log that incorperates dump_log as a subcommand, truncate_log and replay_log soon to come after. -2005-08-11 Love Hörnquist Åstrand <lha@it.su.se> +2005-08-11 Love Hörnquist Ã…strand <lha@it.su.se> * get_s.c: Implement KADM5_LAST_PWD_CHANGE. @@ -393,7 +399,7 @@ * admin.h: Add more TL types (password and extension). -2005-06-17 Love Hörnquist Åstrand <lha@it.su.se> +2005-06-17 Love Hörnquist Ã…strand <lha@it.su.se> * constify @@ -414,7 +420,7 @@ * common_glue.c: rename variable exp to expression -2005-05-30 Love Hörnquist Åstrand <lha@it.su.se> +2005-05-30 Love Hörnquist Ã…strand <lha@it.su.se> * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE @@ -422,7 +428,7 @@ * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags -2005-05-25 Love Hörnquist Åstrand <lha@it.su.se> +2005-05-25 Love Hörnquist Ã…strand <lha@it.su.se> * kadm5_pwcheck.3: please mdoclint @@ -441,7 +447,7 @@ * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it. -2005-05-13 Love Hörnquist Åstrand <lha@it.su.se> +2005-05-13 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c (_kadm5_c_init_context): fix memory leak in case of failure @@ -454,12 +460,12 @@ * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check and kadm5_add_passwd_quality_verifier. -2005-04-30 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-30 Love Hörnquist Ã…strand <lha@it.su.se> * default_keys.c: #include <err.h>, only print salt it its longer then 0, use krb5_err instead of errx where appropriate -2005-04-25 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-25 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c: add the documented option --port @@ -467,25 +473,25 @@ * dump_log.c: use the newly generated units function -2005-04-24 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-24 Love Hörnquist Ã…strand <lha@it.su.se> * dump_log.c: use strlcpy * password_quality.c: don't use sizeof(pointer) -2005-04-15 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-15 Love Hörnquist Ã…strand <lha@it.su.se> * check-cracklib.pl: external password verifier sample * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL is passed in, load defaults -2005-04-14 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-14 Love Hörnquist Ã…strand <lha@it.su.se> * password_quality.c: add an end tag to the external password quality check protocol -2005-04-13 Love Hörnquist Åstrand <lha@it.su.se> +2005-04-13 Love Hörnquist Ã…strand <lha@it.su.se> * password_quality.c: add external passsword quality check builtin module @@ -497,7 +503,7 @@ To approve password a, make the test program return APPROVED on stderr and fail with exit code 0. -2004-10-12 Love Hörnquist Åstrand <lha@it.su.se> +2004-10-12 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: bump version to 7:7:0 and 6:5:2 @@ -511,7 +517,7 @@ * ipropd_master.c: add help strings to some options -2004-09-12 Love Hörnquist Åstrand <lha@it.su.se> +2004-09-12 Love Hörnquist Ã…strand <lha@it.su.se> * chpass_s.c: deal with changed prototype for _kadm5_free_keys @@ -522,7 +528,7 @@ (function) static variable and returned allocated memory (_kadm5_generate_key_set): free enctypes returned by parse_key_set -2004-09-06 Love Hörnquist Åstrand <lha@it.su.se> +2004-09-06 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c: Fix memory leak, don't return stack variables From Andrew Bartlett @@ -530,7 +536,7 @@ * set_keys.c: make all_etypes const and move outside function to avoid returning data on stack -2004-08-26 Love Hörnquist Åstrand <lha@it.su.se> +2004-08-26 Love Hörnquist Ã…strand <lha@it.su.se> * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the delim of the third element, this is so we can match @@ -539,7 +545,7 @@ what really happen was that the last <SPC> was stamped out, and the it never strtok_r never needed to parse over it. -2004-08-25 Love Hörnquist Åstrand <lha@it.su.se> +2004-08-25 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is without salting, some people tries to add the string @@ -550,17 +556,17 @@ * ipropd_slave.c: add --detach -2004-07-06 Love Hörnquist Åstrand <lha@it.su.se> +2004-07-06 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: use new tsasl interface remove debug printf add upn to computer-accounts -2004-06-28 Love Hörnquist Åstrand <lha@it.su.se> +2004-06-28 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: implement kadm5_ad_init_with_password_ctx set more error strings -2004-06-21 Love Hörnquist Åstrand <lha@it.su.se> +2004-06-21 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: man_MANS = kadm5_pwcheck.3 @@ -571,22 +577,22 @@ * kadm5-pwcheck.h: new password check interface -2004-06-08 Love Hörnquist Åstrand <lha@it.su.se> +2004-06-08 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c (main): process all slaves, not just up to the last slave sending data - (bug report from Björn Sandell <biorn@dce.chalmers.se>) + (bug report from Björn Sandell <biorn@dce.chalmers.se>) (*): only send one ARE_YOU_THERE -2004-06-02 Love Hörnquist Åstrand <lha@it.su.se> +2004-06-02 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: use krb5_set_password_using_ccache -2004-06-01 Love Hörnquist Åstrand <lha@it.su.se> +2004-06-01 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: try handle spn's better -2004-05-31 Love Hörnquist Åstrand <lha@it.su.se> +2004-05-31 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: add expiration time @@ -594,7 +600,7 @@ * ad.c: handle create and delete -2004-05-27 Love Hörnquist Åstrand <lha@it.su.se> +2004-05-27 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: more code for get, handle attributes @@ -603,7 +609,7 @@ * ad.c: more code for get, only fetches kvno for now -2004-05-26 Love Hörnquist Åstrand <lha@it.su.se> +2004-05-26 Love Hörnquist Ã…strand <lha@it.su.se> * ad.c: add support for tsasl @@ -618,12 +624,12 @@ * ad.c: framework for windows AD backend -2004-03-07 Love Hörnquist Åstrand <lha@it.su.se> +2004-03-07 Love Hörnquist Ã…strand <lha@it.su.se> * create_s.c (kadm5_s_create_principal): remove old XXX command and related code, _kadm5_set_keys will do all this now -2004-02-29 Love Hörnquist Åstrand <lha@it.su.se> +2004-02-29 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy enctype for des keys From: Andrew Bartlett <abartlet@samba.org> @@ -640,27 +646,27 @@ * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee to that -2003-12-30 Love Hörnquist Åstrand <lha@it.su.se> +2003-12-30 Love Hörnquist Ã…strand <lha@it.su.se> * chpass_s.c (change): fix same-password-again by decrypting keys and setting an error code From: Buck Huppmann <buckh@pobox.com> -2003-12-21 Love Hörnquist Åstrand <lha@it.su.se> +2003-12-21 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c (_kadm5_c_init_context): catch errors from strdup and other krb5_ functions -2003-12-08 Love Hörnquist Åstrand <lha@it.su.se> +2003-12-08 Love Hörnquist Ã…strand <lha@it.su.se> * rename_s.c (kadm5_s_rename_principal): allow principal to change realm From Panasas Inc -2003-12-07 Love Hörnquist Åstrand <lha@it.su.se> +2003-12-07 Love Hörnquist Ã…strand <lha@it.su.se> * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas, Inc -2003-11-23 Love Hörnquist Åstrand <lha@it.su.se> +2003-11-23 Love Hörnquist Ã…strand <lha@it.su.se> * iprop.h: don't include <krb5-private.h> @@ -670,7 +676,7 @@ * ipropd_master.c: stop using krb5 lib private byte-frobbing functions and replace them with with krb5_storage -2003-11-19 Love Hörnquist Åstrand <lha@it.su.se> +2003-11-19 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c (receive_loop): when seeking over the entries we already have, skip over the trailer. From: Jeffrey Hutzelman @@ -680,14 +686,14 @@ replay_log.c,truncate_log.c: parse kdc.conf From: Jeffrey Hutzelman <jhutz@cmu.edu> -2003-10-10 Love Hörnquist Åstrand <lha@it.su.se> +2003-10-10 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: += test_pw_quality * test_pw_quality.c: test program for verifying password quality function -2003-09-03 Love Hörnquist Åstrand <lha@it.su.se> +2003-09-03 Love Hörnquist Ã…strand <lha@it.su.se> * Makefile.am: add and enable check program default_keys @@ -696,61 +702,61 @@ * init_c.c: use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free -2003-08-17 Love Hörnquist Åstrand <lha@it.su.se> +2003-08-17 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c (_kadm5_set_keys_randomly): remove dup return * ipropd_master.c (main): make sure current_version is initialized -2003-08-15 Love Hörnquist Åstrand <lha@it.su.se> +2003-08-15 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c: use default_keys for the both random keys and password derived keys if its defined -2003-07-24 Love Hörnquist Åstrand <lha@it.su.se> +2003-07-24 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_slave.c (receive_everything): switch close and rename From: Alf Wachsmann <alfw@SLAC.Stanford.EDU> -2003-07-03 Love Hörnquist Åstrand <lha@it.su.se> +2003-07-03 Love Hörnquist Ã…strand <lha@it.su.se> * iprop.h, ipropd_master.c, ipropd_slave.c: Add probing from the server that the client is still there, also make the client check that the server is probing. -2003-07-02 Love Hörnquist Åstrand <lha@it.su.se> +2003-07-02 Love Hörnquist Ã…strand <lha@it.su.se> * truncate_log.c (main): add missing ``if (ret)'' -2003-06-26 Love Hörnquist Åstrand <lha@it.su.se> +2003-06-26 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c (make_keys): add AES support * set_keys.c: fix off by one in the aes case, pointed out by Ken Raeburn -2003-04-30 Love Hörnquist Åstrand <lha@it.su.se> +2003-04-30 Love Hörnquist Ã…strand <lha@it.su.se> * set_keys.c (_kadm5_set_keys_randomly): add ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes support -2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> +2003-04-16 Love Hörnquist Ã…strand <lha@it.su.se> * send_recv.c: check return values from krb5_data_alloc * log.c: check return values from krb5_data_alloc -2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> +2003-04-16 Love Hörnquist Ã…strand <lha@it.su.se> * dump_log.c (print_entry): check return values from krb5_data_alloc -2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> +2003-04-01 Love Hörnquist Ã…strand <lha@it.su.se> * init_c.c (kadm_connect): if a context realm was passed in, use that to form the kadmin/admin principal -2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> +2003-03-19 Love Hörnquist Ã…strand <lha@it.su.se> * ipropd_master.c (main): make sure we don't consider dead slave for select processing diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am index 66ffd37..e25ccd1 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.am +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -1,9 +1,7 @@ -# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -SLC = $(top_builddir)/lib/sl/slc - lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la libkadm5srv_la_LDFLAGS = -version-info 8:1:0 libkadm5clnt_la_LDFLAGS = -version-info 7:1:0 @@ -34,7 +32,9 @@ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h +dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h + nodist_kadm5include_HEADERS = kadm5_err.h install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) @@ -71,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -108,13 +107,15 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ kadm5_err.c \ kadm5_err.h +libkadm5srv_la_DEPENDENCIES = \ + version-script.map + dist_iprop_log_SOURCES = iprop-log.c nodist_iprop_log_SOURCES = iprop-commands.c @@ -127,7 +128,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -139,7 +139,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -183,6 +182,12 @@ $(srcdir)/kadm5-private.h: || rm -f kadm5-private.h EXTRA_DIST = \ + NTMakefile \ + iprop-log-version.rc \ + ipropd-master-version.rc \ + ipropd-slave-version.rc \ + libkadm5srv-version.rc \ + libkadm5srv-exports.def \ kadm5_err.et \ iprop-commands.in \ $(man_MANS) \ diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in index 81f1ced..71f7659 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.in +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -51,7 +53,7 @@ libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT) subdir = lib/kadm5 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -66,7 +68,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -80,9 +82,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -90,23 +95,38 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" \ "$(DESTDIR)$(kadm5includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = libkadm5clnt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @@ -121,8 +141,6 @@ libkadm5clnt_la_OBJECTS = $(dist_libkadm5clnt_la_OBJECTS) \ libkadm5clnt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libkadm5clnt_la_LDFLAGS) $(LDFLAGS) -o $@ -libkadm5srv_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \ - ../hdb/libhdb.la $(am__DEPENDENCIES_1) dist_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \ common_glue.lo context_s.lo create_s.lo delete_s.lo \ destroy_s.lo ent_setup.lo error.lo flush_s.lo free.lo \ @@ -141,14 +159,12 @@ sample_passwd_check_la_OBJECTS = $(am_sample_passwd_check_la_OBJECTS) sample_passwd_check_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(sample_passwd_check_la_LDFLAGS) $(LDFLAGS) -o $@ -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) am_default_keys_OBJECTS = default_keys.$(OBJEXT) default_keys_OBJECTS = $(am_default_keys_OBJECTS) default_keys_LDADD = $(LDADD) default_keys_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -158,7 +174,7 @@ nodist_iprop_log_OBJECTS = iprop-commands.$(OBJEXT) iprop_log_OBJECTS = $(dist_iprop_log_OBJECTS) \ $(nodist_iprop_log_OBJECTS) iprop_log_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ @@ -169,7 +185,7 @@ am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) \ ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS) ipropd_master_LDADD = $(LDADD) ipropd_master_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -179,7 +195,7 @@ am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) \ ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS) ipropd_slave_LDADD = $(LDADD) ipropd_slave_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -188,14 +204,14 @@ test_pw_quality_SOURCES = test_pw_quality.c test_pw_quality_OBJECTS = test_pw_quality.$(OBJEXT) test_pw_quality_LDADD = $(LDADD) test_pw_quality_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -221,8 +237,6 @@ DIST_SOURCES = $(dist_libkadm5clnt_la_SOURCES) \ man3dir = $(mandir)/man3 man8dir = $(mandir)/man8 MANS = $(man_MANS) -dist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) ETAGS = etags CTAGS = ctags @@ -231,49 +245,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -297,10 +320,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -317,6 +341,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -332,31 +358,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -371,10 +411,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -415,31 +457,35 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -SLC = $(top_builddir)/lib/sl/slc lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la libkadm5srv_la_LDFLAGS = -version-info 8:1:0 $(am__append_1) libkadm5clnt_la_LDFLAGS = -version-info 7:1:0 @@ -456,7 +502,8 @@ libkadm5clnt_la_LIBADD = \ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h \ + kadm5-protos.h kadm5-private.h nodist_kadm5include_HEADERS = kadm5_err.h dist_libkadm5clnt_la_SOURCES = \ ad.c \ @@ -479,7 +526,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -516,13 +562,15 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ kadm5_err.c \ kadm5_err.h +libkadm5srv_la_DEPENDENCIES = \ + version-script.map + dist_iprop_log_SOURCES = iprop-log.c nodist_iprop_log_SOURCES = iprop-commands.c ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h @@ -531,7 +579,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -543,7 +590,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -557,6 +603,12 @@ iprop_log_LDADD = \ CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment EXTRA_DIST = \ + NTMakefile \ + iprop-log-version.rc \ + ipropd-master-version.rc \ + ipropd-slave-version.rc \ + libkadm5srv-version.rc \ + libkadm5srv-exports.def \ kadm5_err.et \ iprop-commands.in \ $(man_MANS) \ @@ -568,19 +620,19 @@ EXTRA_DIST = \ all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kadm5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/kadm5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -598,23 +650,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -642,74 +699,108 @@ sample_passwd_check.la: $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_ $(sample_passwd_check_la_LINK) $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_LIBADD) $(LIBS) clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list default_keys$(EXEEXT): $(default_keys_OBJECTS) $(default_keys_DEPENDENCIES) @rm -f default_keys$(EXEEXT) $(LINK) $(default_keys_OBJECTS) $(default_keys_LDADD) $(LIBS) @@ -732,194 +823,266 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ad.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bump_pw_expire.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpass_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpass_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/context_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/create_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/create_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/default_keys.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ent_setup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/flush_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/flush_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/free.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_princs_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_princs_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iprop-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iprop-log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_master.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_slave.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadm5_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/marshall.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modify_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modify_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/password_quality.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privs_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privs_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randkey_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randkey_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sample_passwd_check.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_recv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_modifier.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_pw_quality.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-dist_kadm5includeHEADERS: $(dist_kadm5include_HEADERS) @$(NORMAL_INSTALL) test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)" - @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \ + @list='$(dist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - $(dist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(kadm5includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(kadm5includedir)" || exit $$?; \ done uninstall-dist_kadm5includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \ - done + @list='$(dist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(kadm5includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(kadm5includedir)" && rm -f $$files install-nodist_kadm5includeHEADERS: $(nodist_kadm5include_HEADERS) @$(NORMAL_INSTALL) test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)" - @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - $(nodist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(kadm5includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(kadm5includedir)" || exit $$?; \ done uninstall-nodist_kadm5includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \ - done + @list='$(nodist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(kadm5includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(kadm5includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -935,13 +1098,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -979,6 +1146,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -990,6 +1158,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1000,6 +1169,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1008,27 +1179,36 @@ install-data-am: install-dist_kadm5includeHEADERS install-man \ install-nodist_kadm5includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \ install-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1051,11 +1231,10 @@ uninstall-am: uninstall-dist_kadm5includeHEADERS \ uninstall-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ @@ -1150,6 +1329,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1235,7 +1417,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1288,6 +1470,7 @@ $(srcdir)/kadm5-private.h: $(dist_libkadm5clnt_la_SOURCES) \ $(dist_libkadm5srv_la_SOURCES) \ || rm -f kadm5-private.h + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c index 9a2f75b..5e263a3 100644 --- a/crypto/heimdal/lib/kadm5/acl.c +++ b/crypto/heimdal/lib/kadm5/acl.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: acl.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); static struct units acl_units[] = { { "all", KADM5_PRIV_ALL }, @@ -44,7 +44,7 @@ static struct units acl_units[] = { { "modify", KADM5_PRIV_MODIFY }, { "add", KADM5_PRIV_ADD }, { "get", KADM5_PRIV_GET }, - { NULL } + { NULL, 0 } }; kadm5_ret_t @@ -103,7 +103,7 @@ fetch_acl (kadm5_server_context *context, ret = krb5_parse_name(context->context, p, &this_princ); if(ret) break; - if(!krb5_principal_compare(context->context, + if(!krb5_principal_compare(context->context, context->caller, this_princ)) { krb5_free_principal(context->context, this_princ); continue; @@ -150,7 +150,7 @@ _kadm5_acl_init(kadm5_server_context *context) { krb5_principal princ; krb5_error_code ret; - + ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); if (ret) return ret; diff --git a/crypto/heimdal/lib/kadm5/ad.c b/crypto/heimdal/lib/kadm5/ad.c index 72288d9..4ea5cdb 100644 --- a/crypto/heimdal/lib/kadm5/ad.c +++ b/crypto/heimdal/lib/kadm5/ad.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #define HAVE_TSASL 1 @@ -47,7 +47,7 @@ #include <base64.h> #endif -RCSID("$Id: ad.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #ifdef OPENLDAP @@ -141,7 +141,7 @@ ldap_tsasl_bind_s(LDAP *ld, rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &m0); if (rc != LDAP_SUCCESS) goto out; - + m = ldap_first_entry(ld, m0); if (m == NULL) { ldap_msgfree(m0); @@ -175,7 +175,7 @@ ldap_tsasl_bind_s(LDAP *ld, ret = tsasl_request(peer, &in, &out); if (in.tb_size != 0) { free(in.tb_data); - in.tb_data = NULL; + in.tb_data = NULL; in.tb_size = 0; } if (ret != TSASL_DONE && ret != TSASL_CONTINUE) { @@ -278,23 +278,23 @@ _kadm5_ad_connect(void *server_handle) asprintf(&domain, "_ldap._tcp.%s", context->realm); if (domain == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "malloc"); return KADM5_NO_SRV; } r = dns_lookup(domain, "SRV"); free(domain); if (r == NULL) { - krb5_set_error_string(context->context, "Didn't find ldap dns"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "Didn't find ldap dns"); return KADM5_NO_SRV; - } + } for (rr = r->head ; rr != NULL; rr = rr->next) { - if (rr->type != T_SRV) + if (rr->type != rk_ns_t_srv) continue; s = realloc(servers, sizeof(*servers) * (num_servers + 1)); if (s == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "malloc"); dns_free_data(r); goto fail; } @@ -307,7 +307,7 @@ _kadm5_ad_connect(void *server_handle) } if (num_servers == 0) { - krb5_set_error_string(context->context, "No AD server found in DNS"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "No AD server found in DNS"); return KADM5_NO_SRV; } @@ -318,29 +318,29 @@ _kadm5_ad_connect(void *server_handle) lp = ldap_init(servers[i].server, servers[i].port); if (lp == NULL) continue; - + if (ldap_set_option(lp, LDAP_OPT_PROTOCOL_VERSION, &version)) { ldap_unbind(lp); continue; } - + if (ldap_set_option(lp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) { ldap_unbind(lp); continue; } - + #ifdef HAVE_TSASL lret = ldap_tsasl_bind_s(lp, NULL, NULL, NULL, servers[i].server); - + #else - lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, + lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, LDAP_SASL_QUIET, sasl_interact, NULL); #endif if (lret != LDAP_SUCCESS) { - krb5_set_error_string(context->context, - "Couldn't contact any AD servers: %s", - ldap_err2string(lret)); + krb5_set_error_message(context->context, 0, + "Couldn't contact any AD servers: %s", + ldap_err2string(lret)); ldap_unbind(lp); continue; } @@ -358,10 +358,10 @@ _kadm5_ad_connect(void *server_handle) int attrlen = 0; char **vals; int ret; - + laddattr(&attr, &attrlen, "defaultNamingContext"); - ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, + ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, "objectclass=*", attr, 0, &m); free(attr); if (check_ldap(context, ret)) @@ -370,16 +370,16 @@ _kadm5_ad_connect(void *server_handle) if (ldap_count_entries(CTX2LP(context), m) > 0) { m0 = ldap_first_entry(CTX2LP(context), m); if (m0 == NULL) { - krb5_set_error_string(context->context, - "Error in AD ldap responce"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "Error in AD ldap responce"); ldap_msgfree(m); goto fail; } - vals = ldap_get_values(CTX2LP(context), + vals = ldap_get_values(CTX2LP(context), m0, "defaultNamingContext"); if (vals == NULL) { - krb5_set_error_string(context->context, - "No naming context found"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "No naming context found"); goto fail; } context->base_dn = strdup(vals[0]); @@ -444,7 +444,7 @@ ad_find_entry(kadm5_ad_context *context, *name = NULL; if (fqdn) - asprintf(&filter, + asprintf(&filter, "(&(objectClass=computer)(|(dNSHostName=%s)(servicePrincipalName=%s)))", fqdn, pn); else if(pn) @@ -453,7 +453,7 @@ ad_find_entry(kadm5_ad_context *context, return KADM5_RPC_ERROR; ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(filter); if (check_ldap(context, ret)) @@ -496,7 +496,7 @@ ad_get_cred(kadm5_ad_context *context, const char *password) ret = _kadm5_c_get_cred_cache(context->context, context->client_name, service, - password, krb5_prompter_posix, + password, krb5_prompter_posix, NULL, NULL, &cc); free(service); if(ret) @@ -522,14 +522,14 @@ kadm5_ad_chpass_principal(void *server_handle, krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); - ret = krb5_set_password_using_ccache (context->context, + ret = krb5_set_password_using_ccache (context->context, context->ccache, password, principal, &result_code, &result_code_string, &result_string); - + krb5_data_free (&result_code_string); krb5_data_free (&result_string); @@ -548,7 +548,7 @@ get_fqdn(krb5_context context, const krb5_principal p) s = krb5_principal_get_comp_string(context, p, 0); if (p == NULL) return NULL; - + for (i = 0; i < sizeof(hosttypes)/sizeof(hosttypes[0]); i++) { if (strcasecmp(s, hosttypes[i]) == 0) return krb5_principal_get_comp_string(context, p, 1); @@ -574,42 +574,42 @@ kadm5_ad_create_principal(void *server_handle, #ifdef OPENLDAP LDAPMod *attrs[8], rattrs[7], *a; - char *useraccvals[2] = { NULL, NULL }, + char *useraccvals[2] = { NULL, NULL }, *samvals[2], *dnsvals[2], *spnvals[5], *upnvals[2], *tv[2]; - char *ocvals_spn[] = { "top", "person", "organizationalPerson", - "user", "computer", NULL}; + char *ocvals_spn[] = { "top", "person", "organizationalPerson", + "user", "computer", NULL}; char *p, *realmless_p, *p_msrealm = NULL, *dn = NULL; const char *fqdn; char *s, *samname = NULL, *short_spn = NULL; int ret, i; int32_t uf_flags = 0; - + if ((mask & KADM5_PRINCIPAL) == 0) return KADM5_BAD_MASK; for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++) attrs[i] = &rattrs[i]; attrs[i] = NULL; - + ret = ad_get_cred(context, NULL); if (ret) return ret; - + ret = _kadm5_ad_connect(server_handle); if (ret) return ret; - + fqdn = get_fqdn(context->context, entry->principal); - + ret = krb5_unparse_name(context->context, entry->principal, &p); if (ret) return ret; - + if (ad_find_entry(context, fqdn, p, NULL) == 0) { free(p); return KADM5_DUP; } - + if (mask & KADM5_ATTRIBUTES) { if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX) uf_flags |= UF_ACCOUNTDISABLE|UF_LOCKOUT; @@ -618,7 +618,7 @@ kadm5_ad_create_principal(void *server_handle, if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH) uf_flags |= UF_SMARTCARD_REQUIRED; } - + realmless_p = strdup(p); if (realmless_p == NULL) { ret = ENOMEM; @@ -627,7 +627,7 @@ kadm5_ad_create_principal(void *server_handle, s = strrchr(realmless_p, '@'); if (s) *s = '\0'; - + if (fqdn) { /* create computer account */ asprintf(&samname, "%s$", fqdn); @@ -640,7 +640,7 @@ kadm5_ad_create_principal(void *server_handle, s[0] = '$'; s[1] = '\0'; } - + short_spn = strdup(p); if (short_spn == NULL) { errno = ENOMEM; @@ -733,12 +733,12 @@ kadm5_ad_create_principal(void *server_handle, } else { /* create user account */ - + a = &rattrs[0]; a->mod_op = LDAP_MOD_ADD; a->mod_type = "userAccountControl"; a->mod_values = useraccvals; - asprintf(&useraccvals[0], "%d", + asprintf(&useraccvals[0], "%d", uf_flags | UF_PASSWD_NOT_EXPIRE); useraccvals[1] = NULL; @@ -788,7 +788,7 @@ kadm5_ad_create_principal(void *server_handle, return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -830,7 +830,7 @@ kadm5_ad_delete_principal(void *server_handle, krb5_principal principal) return KADM5_RPC_ERROR; return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -864,19 +864,14 @@ static kadm5_ret_t kadm5_ad_flush(void *server_handle) { kadm5_ad_context *context = server_handle; -#ifdef OPENLDAP - krb5_set_error_string(context->context, "Function not implemented"); - return KADM5_RPC_ERROR; -#else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; -#endif } static kadm5_ret_t kadm5_ad_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t entry, + krb5_principal principal, + kadm5_principal_ent_t entry, uint32_t mask) { kadm5_ad_context *context = server_handle; @@ -921,14 +916,14 @@ kadm5_ad_get_principal(void *server_handle, if (q && (p != q && *(q - 1) != '\\')) *q = '/'; - asprintf(&filter, + asprintf(&filter, "(|(userPrincipalName=%s)(servicePrincipalName=%s)(servicePrincipalName=%s))", u, p, u); free(p); free(u); ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(attr); if (check_ldap(context, ret)) @@ -995,7 +990,7 @@ kadm5_ad_get_principal(void *server_handle, } } if (mask & KADM5_KVNO) { - vals = ldap_get_values(CTX2LP(context), m0, + vals = ldap_get_values(CTX2LP(context), m0, "msDS-KeyVersionNumber"); if (vals) entry->kvno = atoi(vals[0]); @@ -1014,7 +1009,7 @@ kadm5_ad_get_principal(void *server_handle, fail: return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1042,10 +1037,10 @@ kadm5_ad_get_principals(void *server_handle, if (ret) return ret; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1054,7 +1049,7 @@ static kadm5_ret_t kadm5_ad_get_privs(void *server_handle, uint32_t*privs) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1065,7 +1060,7 @@ kadm5_ad_modify_principal(void *server_handle, { kadm5_ad_context *context = server_handle; - /* + /* * KADM5_ATTRIBUTES * KRB5_KDB_DISALLOW_ALL_TIX (| KADM5_KVNO) */ @@ -1109,14 +1104,14 @@ kadm5_ad_modify_principal(void *server_handle, if (q && (p != q && *(q - 1) != '\\')) *q = '\0'; - asprintf(&filter, + asprintf(&filter, "(|(userPrincipalName=%s)(servicePrincipalName=%s))", s, s); free(p); free(s); ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(attr); free(filter); @@ -1199,7 +1194,7 @@ kadm5_ad_modify_principal(void *server_handle, a->mod_values = tv; a++; } - + vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName"); if (vals == NULL) { ret = KADM5_RPC_ERROR; @@ -1224,7 +1219,7 @@ kadm5_ad_modify_principal(void *server_handle, free(tv[0]); return ret; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1267,7 +1262,7 @@ kadm5_ad_randkey_principal(void *server_handle, krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); - ret = krb5_set_password_using_ccache (context->context, + ret = krb5_set_password_using_ccache (context->context, context->ccache, password, principal, @@ -1308,7 +1303,7 @@ kadm5_ad_randkey_principal(void *server_handle, *keys = NULL; *n_keys = 0; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1319,18 +1314,18 @@ kadm5_ad_rename_principal(void *server_handle, krb5_principal to) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } static kadm5_ret_t -kadm5_ad_chpass_principal_with_key(void *server_handle, +kadm5_ad_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1352,7 +1347,7 @@ set_funcs(kadm5_ad_context *c) SET(c, rename_principal); } -kadm5_ret_t +kadm5_ret_t kadm5_ad_init_with_password_ctx(krb5_context context, const char *client_name, const char *password, @@ -1415,7 +1410,7 @@ kadm5_ad_init_with_password_ctx(krb5_context context, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_ad_init_with_password(const char *client_name, const char *password, const char *service_name, @@ -1431,7 +1426,7 @@ kadm5_ad_init_with_password(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_ad_init_with_password_ctx(context, + ret = kadm5_ad_init_with_password_ctx(context, client_name, password, service_name, diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h index 30d68d8..e3e6755 100644 --- a/crypto/heimdal/lib/kadm5/admin.h +++ b/crypto/heimdal/lib/kadm5/admin.h @@ -1,36 +1,36 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: admin.h 20237 2007-02-16 23:54:34Z lha $ */ +/* $Id$ */ #ifndef __KADM5_ADMIN_H__ #define __KADM5_ADMIN_H__ @@ -104,7 +104,7 @@ #define KADM5_HIST_PRINCIPAL "kadmin/history" #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" -typedef struct _krb5_key_data { +typedef struct { int16_t key_data_ver; /* Version */ int16_t key_data_kvno; /* Key Version */ int16_t key_data_type[2]; /* Array of types */ @@ -114,9 +114,9 @@ typedef struct _krb5_key_data { typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; - int16_t tl_data_type; - int16_t tl_data_length; - void* tl_data_contents; + int16_t tl_data_type; + int16_t tl_data_length; + void* tl_data_contents; } krb5_tl_data; #define KRB5_TL_LAST_PWD_CHANGE 0x0001 @@ -223,7 +223,7 @@ typedef krb5_error_code kadm5_ret_t; #if 0 /* unimplemented functions */ -kadm5_ret_t +kadm5_ret_t kadm5_decrypt_key(void *server_handle, kadm5_principal_ent_t entry, int32_t ktype, int32_t stype, int32_t @@ -232,7 +232,7 @@ kadm5_decrypt_key(void *server_handle, kadm5_ret_t kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t policy, uint32_t mask); + kadm5_policy_ent_t policy, uint32_t mask); kadm5_ret_t kadm5_delete_policy(void *server_handle, char *policy); @@ -240,17 +240,17 @@ kadm5_delete_policy(void *server_handle, char *policy); kadm5_ret_t kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t policy, + kadm5_policy_ent_t policy, uint32_t mask); kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); +kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); kadm5_ret_t kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count); -void +void kadm5_free_policy_ent(kadm5_policy_ent_t policy); #endif diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c index 17bd5e1..5d72360 100644 --- a/crypto/heimdal/lib/kadm5/bump_pw_expire.c +++ b/crypto/heimdal/lib/kadm5/bump_pw_expire.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: bump_pw_expire.c 8797 2000-07-24 03:47:54Z assar $"); +RCSID("$Id$"); /* * extend password_expiration if it's defined diff --git a/crypto/heimdal/lib/kadm5/check-cracklib.pl b/crypto/heimdal/lib/kadm5/check-cracklib.pl index 229cc7f..a6fbd4c 100755 --- a/crypto/heimdal/lib/kadm5/check-cracklib.pl +++ b/crypto/heimdal/lib/kadm5/check-cracklib.pl @@ -29,7 +29,7 @@ # policies = builtin:external-check # external_program = <your-path>/check-cracklib.pl # -# $Id: check-cracklib.pl 20578 2007-05-07 22:21:51Z lha $ +# $Id$ use strict; use Crypt::Cracklib; @@ -40,6 +40,9 @@ my $database = '/usr/lib/cracklib_dict'; my $historydb = '/var/heimdal/historydb'; # NEED TO CHANGE THESE TO MATCH YOUR SYSTEM +# seconds password reuse allowed (to catch retries from clients) +my $reusetime = 60; + my %params; sub check_basic @@ -60,6 +63,7 @@ sub check_repeat my $result = 'Do not reuse passwords'; my %DB; my $md5context = new Digest::MD5; + my $timenow = scalar(time()); $md5context->reset(); $md5context->add($principal, ":", $passwd); @@ -67,8 +71,10 @@ sub check_repeat my $key=$md5context->hexdigest(); dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb"; - $result = "ok" if (!$DB{$key}); - $DB{$key}=scalar(time()); + if (!$DB{$key} || ($timenow - $DB{$key} < $reusetime)) { + $result = "ok"; + $DB{$key}=$timenow; + } dbmclose(%DB) or die "Internal: Could not close $historydb"; return $result; } @@ -80,7 +86,7 @@ sub badpassword exit 0 } -while (<>) { +while (<STDIN>) { last if /^end$/; if (!/^([^:]+): (.+)$/) { die "key value pair not correct: $_"; diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c index 5319ce9..af4328c 100644 --- a/crypto/heimdal/lib/kadm5/chpass_c.c +++ b/crypto/heimdal/lib/kadm5/chpass_c.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: chpass_c.c 16661 2006-01-25 12:50:10Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_chpass_principal(void *server_handle, +kadm5_c_chpass_principal(void *server_handle, krb5_principal princ, const char *password) { @@ -53,7 +53,7 @@ kadm5_c_chpass_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_chpass); @@ -61,24 +61,26 @@ kadm5_c_chpass_principal(void *server_handle, krb5_store_string(sp, password); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; } kadm5_ret_t -kadm5_c_chpass_principal_with_key(void *server_handle, +kadm5_c_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) @@ -97,7 +99,7 @@ kadm5_c_chpass_principal_with_key(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_chpass_with_key); @@ -107,17 +109,19 @@ kadm5_c_chpass_principal_with_key(void *server_handle, kadm5_store_key_data (sp, &key_data[i]); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c index abef28c..d5407d1 100644 --- a/crypto/heimdal/lib/kadm5/chpass_s.c +++ b/crypto/heimdal/lib/kadm5/chpass_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: chpass_s.c 20608 2007-05-08 07:11:48Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -change(void *server_handle, +change(void *server_handle, krb5_principal princ, const char *password, int cond) @@ -46,39 +46,55 @@ change(void *server_handle, kadm5_ret_t ret; Key *keys; size_t num_keys; - int cmp = 1; + int existsp = 0; memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); - if(ret == HDB_ERR_NOENTRY) + + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); + if(ret) goto out; - num_keys = ent.entry.keys.len; - keys = ent.entry.keys.val; + if (context->db->hdb_capability_flags & HDB_CAP_F_HANDLE_PASSWORDS) { + ret = context->db->hdb_password(context->context, context->db, + &ent, password, cond); + if (ret) + goto out2; + } else { + + num_keys = ent.entry.keys.len; + keys = ent.entry.keys.val; + + ent.entry.keys.len = 0; + ent.entry.keys.val = NULL; + + ret = _kadm5_set_keys(context, &ent.entry, password); + if(ret) { + _kadm5_free_keys (context->context, num_keys, keys); + goto out2; + } + + if (cond) + existsp = _kadm5_exists_keys (ent.entry.keys.val, + ent.entry.keys.len, + keys, num_keys); + _kadm5_free_keys (context->context, num_keys, keys); - ent.entry.keys.len = 0; - ent.entry.keys.val = NULL; + if (existsp) { + ret = KADM5_PASS_REUSE; + krb5_set_error_message(context->context, ret, + "Password reuse forbidden"); + goto out2; + } - ret = _kadm5_set_keys(context, &ent.entry, password); - if(ret) { - _kadm5_free_keys (context->context, num_keys, keys); - goto out2; + ret = hdb_seal_keys(context->context, context->db, &ent.entry); + if (ret) + goto out2; } ent.entry.kvno++; - if (cond) - cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len, - keys, num_keys); - _kadm5_free_keys (context->context, num_keys, keys); - - if (cmp == 0) { - krb5_set_error_string(context->context, "Password reuse forbidden"); - ret = KADM5_PASS_REUSE; - goto out2; - } ret = _kadm5_set_modifier(context, &ent.entry); if(ret) @@ -88,11 +104,7 @@ change(void *server_handle, if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent.entry); - if (ret) - goto out2; - - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; @@ -117,7 +129,7 @@ out: */ kadm5_ret_t -kadm5_s_chpass_principal_cond(void *server_handle, +kadm5_s_chpass_principal_cond(void *server_handle, krb5_principal princ, const char *password) { @@ -129,7 +141,7 @@ kadm5_s_chpass_principal_cond(void *server_handle, */ kadm5_ret_t -kadm5_s_chpass_principal(void *server_handle, +kadm5_s_chpass_principal(void *server_handle, krb5_principal princ, const char *password) { @@ -141,7 +153,7 @@ kadm5_s_chpass_principal(void *server_handle, */ kadm5_ret_t -kadm5_s_chpass_principal_with_key(void *server_handle, +kadm5_s_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) @@ -154,8 +166,8 @@ kadm5_s_chpass_principal_with_key(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0, + HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent); if(ret == HDB_ERR_NOENTRY) goto out; ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); @@ -173,7 +185,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c index 24d91b3..2783a9a 100644 --- a/crypto/heimdal/lib/kadm5/client_glue.c +++ b/crypto/heimdal/lib/kadm5/client_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: client_glue.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t kadm5_init_with_password(const char *client_name, diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c index 48d9d84..5957922 100644 --- a/crypto/heimdal/lib/kadm5/common_glue.c +++ b/crypto/heimdal/lib/kadm5/common_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: common_glue.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P; diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c index 6ac7a9c..e121a48 100644 --- a/crypto/heimdal/lib/kadm5/context_s.c +++ b/crypto/heimdal/lib/kadm5/context_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: context_s.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); static void set_funcs(kadm5_server_context *c) @@ -53,6 +53,8 @@ set_funcs(kadm5_server_context *c) SET(c, rename_principal); } +#ifndef NO_UNIX_SOCKETS + static void set_socket_name(krb5_context context, struct sockaddr_un *un) { @@ -61,8 +63,18 @@ set_socket_name(krb5_context context, struct sockaddr_un *un) memset(un, 0, sizeof(*un)); un->sun_family = AF_UNIX; strlcpy (un->sun_path, fn, sizeof(un->sun_path)); + +} +#else + +static void +set_socket_info(krb5_context context, struct addrinfo **info) +{ + kadm5_log_signal_socket_info(context, 0, info); } +#endif + static kadm5_ret_t find_db_spec(kadm5_server_context *ctx) { @@ -75,27 +87,27 @@ find_db_spec(kadm5_server_context *ctx) ret = hdb_get_dbinfo(context, &info); if (ret) return ret; - + d = NULL; while ((d = hdb_dbinfo_get_next(info, d)) != NULL) { const char *p = hdb_dbinfo_get_realm(context, d); - + /* match default (realm-less) */ if(p != NULL && strcmp(ctx->config.realm, p) != 0) continue; - + p = hdb_dbinfo_get_dbname(context, d); if (p) ctx->config.dbname = strdup(p); - + p = hdb_dbinfo_get_acl_file(context, d); if (p) ctx->config.acl_file = strdup(p); - + p = hdb_dbinfo_get_mkey_file(context, d); if (p) ctx->config.stash_file = strdup(p); - + p = hdb_dbinfo_get_log_file(context, d); if (p) ctx->log_context.log_file = strdup(p); @@ -115,13 +127,17 @@ find_db_spec(kadm5_server_context *ctx) if (ctx->log_context.log_file == NULL) asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context)); +#ifndef NO_UNIX_SOCKETS set_socket_name(context, &ctx->log_context.socket_name); +#else + set_socket_info(context, &ctx->log_context.socket_info); +#endif return 0; } kadm5_ret_t -_kadm5_s_init_context(kadm5_server_context **ctx, +_kadm5_s_init_context(kadm5_server_context **ctx, kadm5_config_params *params, krb5_context context) { @@ -143,11 +159,11 @@ _kadm5_s_init_context(kadm5_server_context **ctx, (*ctx)->config.acl_file = strdup(params->acl_file); if(is_set(STASH_FILE)) (*ctx)->config.stash_file = strdup(params->stash_file); - + find_db_spec(*ctx); - + /* PROFILE can't be specified for now */ - /* KADMIND_PORT is supposed to be used on the server also, + /* KADMIND_PORT is supposed to be used on the server also, but this doesn't make sense */ /* ADMIN_SERVER is client only */ /* ADNAME is not used at all (as far as I can tell) */ diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c index 903a06a..e36b296 100644 --- a/crypto/heimdal/lib/kadm5/create_c.c +++ b/crypto/heimdal/lib/kadm5/create_c.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: create_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_create_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, const char *password) { @@ -54,7 +54,7 @@ kadm5_c_create_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_create); @@ -63,17 +63,19 @@ kadm5_c_create_principal(void *server_handle, krb5_store_string(sp, password); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c index 9465310..04312c0 100644 --- a/crypto/heimdal/lib/kadm5/create_s.c +++ b/crypto/heimdal/lib/kadm5/create_s.c @@ -1,53 +1,53 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: create_s.c 20607 2007-05-08 07:11:11Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -get_default(kadm5_server_context *context, krb5_principal princ, +get_default(kadm5_server_context *context, krb5_principal princ, kadm5_principal_ent_t def) { kadm5_ret_t ret; krb5_principal def_principal; - krb5_realm *realm = krb5_princ_realm(context->context, princ); + krb5_const_realm realm = krb5_principal_get_realm(context->context, princ); - ret = krb5_make_principal(context->context, &def_principal, - *realm, "default", NULL); + ret = krb5_make_principal(context->context, &def_principal, + realm, "default", NULL); if (ret) return ret; - ret = kadm5_s_get_principal(context, def_principal, def, + ret = kadm5_s_get_principal(context, def_principal, def, KADM5_PRINCIPAL_NORMAL_MASK); krb5_free_principal (context->context, def_principal); return ret; @@ -64,7 +64,7 @@ create_principal(kadm5_server_context *context, kadm5_ret_t ret; kadm5_principal_ent_rec defrec, *defent; uint32_t def_mask; - + if((mask & required_mask) != required_mask) return KADM5_BAD_MASK; if((mask & forbidden_mask)) @@ -73,11 +73,11 @@ create_principal(kadm5_server_context *context, /* XXX no real policies for now */ return KADM5_UNK_POLICY; memset(ent, 0, sizeof(*ent)); - ret = krb5_copy_principal(context->context, princ->principal, + ret = krb5_copy_principal(context->context, princ->principal, &ent->entry.principal); if(ret) return ret; - + defent = &defrec; ret = get_default(context, princ->principal, defent); if(ret) { @@ -93,12 +93,13 @@ create_principal(kadm5_server_context *context, defent, def_mask); if(defent) kadm5_free_principal_ent(context, defent); - + if (ret) + return ret; + ent->entry.created_by.time = time(NULL); - ret = krb5_copy_principal(context->context, context->caller, - &ent->entry.created_by.principal); - return ret; + return krb5_copy_principal(context->context, context->caller, + &ent->entry.created_by.principal); } kadm5_ret_t @@ -112,10 +113,10 @@ kadm5_s_create_principal_with_key(void *server_handle, ret = create_principal(context, princ, mask, &ent, KADM5_PRINCIPAL | KADM5_KEY_DATA, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO - | KADM5_AUX_ATTRIBUTES - | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO + | KADM5_AUX_ATTRIBUTES + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); if(ret) goto out; @@ -126,7 +127,7 @@ kadm5_s_create_principal_with_key(void *server_handle, ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - + ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) goto out; @@ -140,11 +141,11 @@ out: hdb_free_entry(context->context, &ent); return _kadm5_error_code(ret); } - + kadm5_ret_t kadm5_s_create_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, const char *password) { @@ -154,10 +155,10 @@ kadm5_s_create_principal(void *server_handle, ret = create_principal(context, princ, mask, &ent, KADM5_PRINCIPAL, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA - | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); if(ret) goto out; @@ -175,7 +176,7 @@ kadm5_s_create_principal(void *server_handle, ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - + ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) goto out; diff --git a/crypto/heimdal/lib/kadm5/default_keys.c b/crypto/heimdal/lib/kadm5/default_keys.c index 2a851cd..6719e38 100644 --- a/crypto/heimdal/lib/kadm5/default_keys.c +++ b/crypto/heimdal/lib/kadm5/default_keys.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include <err.h> -RCSID("$Id: default_keys.c 22494 2008-01-21 11:56:44Z lha $"); +RCSID("$Id$"); static void print_keys(krb5_context context, Key *keys, size_t nkeys) @@ -72,7 +72,7 @@ print_keys(krb5_context context, Key *keys, size_t nkeys) if (keys[i].salt->salt.length) printf("%.*s", (int)keys[i].salt->salt.length, (char *)keys[i].salt->salt.data); - } + } printf("\n"); } printf("end keys:\n"); @@ -102,7 +102,7 @@ main(int argc, char **argv) krb5_principal principal; ret = krb5_init_context(&context); - if (ret) + if (ret) errx(1, "krb5_init_context"); ret = krb5_parse_name(context, "lha@SU.SE", &principal); diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c index 5018fd6..2c4ed77 100644 --- a/crypto/heimdal/lib/kadm5/delete_c.c +++ b/crypto/heimdal/lib/kadm5/delete_c.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: delete_c.c 16661 2006-01-25 12:50:10Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_delete_principal(void *server_handle, krb5_principal princ) @@ -51,7 +51,7 @@ kadm5_c_delete_principal(void *server_handle, krb5_principal princ) sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_delete); @@ -65,12 +65,12 @@ kadm5_c_delete_principal(void *server_handle, krb5_principal princ) return ret; sp = krb5_storage_from_data (&reply); if(sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c index b4e5a37..7f8f537 100644 --- a/crypto/heimdal/lib/kadm5/delete_s.c +++ b/crypto/heimdal/lib/kadm5/delete_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: delete_s.c 20612 2007-05-08 07:13:45Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_s_delete_principal(void *server_handle, krb5_principal princ) @@ -48,15 +48,15 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) krb5_warn(context->context, ret, "opening database"); return ret; } - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; if(ent.entry.flags.immutable) { ret = KADM5_PROTECT_PRINCIPAL; goto out2; } - + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c index 9ae2e9d..06a0802 100644 --- a/crypto/heimdal/lib/kadm5/destroy_c.c +++ b/crypto/heimdal/lib/kadm5/destroy_c.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: destroy_c.c 13198 2003-12-07 19:01:39Z lha $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_c_destroy(void *server_handle) { kadm5_client_context *context = server_handle; diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c index edfc6b5..25fc48b 100644 --- a/crypto/heimdal/lib/kadm5/destroy_s.c +++ b/crypto/heimdal/lib/kadm5/destroy_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: destroy_s.c 12880 2003-09-19 00:25:35Z lha $"); +RCSID("$Id$"); /* * dealloc a `kadm5_config_params' @@ -56,14 +56,20 @@ static void destroy_kadm5_log_context (kadm5_log_context *c) { free (c->log_file); - close (c->socket_fd); + rk_closesocket (c->socket_fd); +#ifdef NO_UNIX_SOCKETS + if (c->socket_info) { + freeaddrinfo(c->socket_info); + c->socket_info = NULL; + } +#endif } /* * destroy a kadm5 handle */ -kadm5_ret_t +kadm5_ret_t kadm5_s_destroy(void *server_handle) { kadm5_ret_t ret; diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c index dfc4a9b..f2d1f2f 100644 --- a/crypto/heimdal/lib/kadm5/ent_setup.c +++ b/crypto/heimdal/lib/kadm5/ent_setup.c @@ -1,39 +1,41 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: ent_setup.c 18823 2006-10-22 10:15:53Z lha $"); +RCSID("$Id$"); #define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0) #define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0) @@ -66,7 +68,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags) static kadm5_ret_t perform_tl_data(krb5_context context, HDB *db, - hdb_entry_ex *ent, + hdb_entry_ex *ent, const krb5_tl_data *tl_data) { kadm5_ret_t ret = 0; @@ -101,7 +103,7 @@ perform_tl_data(krb5_context context, NULL); if (ret) return KADM5_BAD_TL_TYPE; - + ret = hdb_replace_extension(context, &ent->entry, &ext); free_HDB_extension(&ext); } else { @@ -110,6 +112,17 @@ perform_tl_data(krb5_context context, return ret; } +static void +default_flags(hdb_entry_ex *ent, int server) +{ + ent->entry.flags.client = 1; + ent->entry.flags.server = !!server; + ent->entry.flags.forwardable = 1; + ent->entry.flags.proxiable = 1; + ent->entry.flags.renewable = 1; + ent->entry.flags.postdate = 1; +} + /* * Create the hdb entry `ent' based on data from `princ' with @@ -121,7 +134,7 @@ kadm5_ret_t _kadm5_setup_entry(kadm5_server_context *context, hdb_entry_ex *ent, uint32_t mask, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t princ_mask, kadm5_principal_ent_t def, uint32_t def_mask) @@ -147,14 +160,10 @@ _kadm5_setup_entry(kadm5_server_context *context, attr_to_flags(def->attributes, &ent->entry.flags); ent->entry.flags.invalid = 0; } else { - ent->entry.flags.client = 1; - ent->entry.flags.server = 1; - ent->entry.flags.forwardable = 1; - ent->entry.flags.proxiable = 1; - ent->entry.flags.renewable = 1; - ent->entry.flags.postdate = 1; + default_flags(ent, 1); } } + if(mask & KADM5_MAX_LIFE) { if(princ_mask & KADM5_MAX_LIFE) { if(princ->max_life) diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c index 46211d2..e6a6dec 100644 --- a/crypto/heimdal/lib/kadm5/error.c +++ b/crypto/heimdal/lib/kadm5/error.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: error.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t _kadm5_error_code(kadm5_ret_t code) diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c index ad1574f..4409fe6 100644 --- a/crypto/heimdal/lib/kadm5/flush.c +++ b/crypto/heimdal/lib/kadm5/flush.c @@ -1,47 +1,47 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: flush.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_s_flush(void *server_handle) { return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_c_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c index 748a49a..c1a2a0a 100644 --- a/crypto/heimdal/lib/kadm5/flush_c.c +++ b/crypto/heimdal/lib/kadm5/flush_c.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,9 +32,9 @@ #include "kadm5_locl.h" -RCSID("$Id: flush_c.c 5723 1999-03-23 18:23:37Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_c_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c index 9bed0c6..9a52458 100644 --- a/crypto/heimdal/lib/kadm5/flush_s.c +++ b/crypto/heimdal/lib/kadm5/flush_s.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,9 +32,9 @@ #include "kadm5_locl.h" -RCSID("$Id: flush_s.c 5723 1999-03-23 18:23:37Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_s_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c index 1f1740d..670bc2c 100644 --- a/crypto/heimdal/lib/kadm5/free.c +++ b/crypto/heimdal/lib/kadm5/free.c @@ -1,49 +1,49 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: free.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); -void +void kadm5_free_key_data(void *server_handle, - int16_t *n_key_data, + int16_t *n_key_data, krb5_key_data *key_data) { int i; for(i = 0; i < *n_key_data; i++){ if(key_data[i].key_data_contents[0]){ - memset(key_data[i].key_data_contents[0], + memset(key_data[i].key_data_contents[0], 0, key_data[i].key_data_length[0]); free(key_data[i].key_data_contents[0]); @@ -55,7 +55,7 @@ kadm5_free_key_data(void *server_handle, } -void +void kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t princ) { @@ -78,9 +78,9 @@ kadm5_free_principal_ent(void *server_handle, free (princ->key_data); } -void +void kadm5_free_name_list(void *server_handle, - char **names, + char **names, int *count) { int i; diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 5f9724f..3c31a51 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_get_principal(void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, +kadm5_c_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, uint32_t mask) { kadm5_client_context *context = server_handle; @@ -54,7 +54,7 @@ kadm5_c_get_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_get); @@ -69,13 +69,13 @@ kadm5_c_get_principal(void *server_handle, return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); ret = tmp; - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); if(ret == 0) kadm5_ret_principal_ent(sp, out); krb5_storage_free(sp); diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c index 81a3cfd..d5e3461 100644 --- a/crypto/heimdal/lib/kadm5/get_princs_c.c +++ b/crypto/heimdal/lib/kadm5/get_princs_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_princs_c.c 15484 2005-06-17 05:21:07Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_get_principals(void *server_handle, +kadm5_c_get_principals(void *server_handle, const char *expression, - char ***princs, + char ***princs, int *count) { kadm5_client_context *context = server_handle; @@ -61,6 +61,8 @@ kadm5_c_get_principals(void *server_handle, krb5_store_string(sp, expression); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c index cab6ef7..55c8f2e 100644 --- a/crypto/heimdal/lib/kadm5/get_princs_s.c +++ b/crypto/heimdal/lib/kadm5/get_princs_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_princs_s.c 16378 2005-12-12 12:40:12Z lha $"); +RCSID("$Id$"); struct foreach_data { const char *exp; @@ -77,9 +77,9 @@ foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data) } kadm5_ret_t -kadm5_s_get_principals(void *server_handle, +kadm5_s_get_principals(void *server_handle, const char *expression, - char ***princs, + char ***princs, int *count) { struct foreach_data d; @@ -99,7 +99,7 @@ kadm5_s_get_principals(void *server_handle, } d.princs = NULL; d.count = 0; - ret = hdb_foreach(context->context, context->db, 0, foreach, &d); + ret = hdb_foreach(context->context, context->db, HDB_F_ADMIN_DATA, foreach, &d); context->db->hdb_close(context->context, context->db); if(ret == 0) ret = add_princ(&d, NULL); diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c index 5d0db9b..e03585e 100644 --- a/crypto/heimdal/lib/kadm5/get_s.c +++ b/crypto/heimdal/lib/kadm5/get_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_s.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -add_tl_data(kadm5_principal_ent_t ent, int16_t type, +add_tl_data(kadm5_principal_ent_t ent, int16_t type, const void *data, size_t size) { krb5_tl_data *tl; @@ -48,7 +48,7 @@ add_tl_data(kadm5_principal_ent_t ent, int16_t type, tl->tl_data_type = type; tl->tl_data_length = size; tl->tl_data_contents = malloc(size); - if (tl->tl_data_contents == NULL) { + if (tl->tl_data_contents == NULL && size != 0) { free(tl); return _kadm5_error_code(ENOMEM); } @@ -61,32 +61,32 @@ add_tl_data(kadm5_principal_ent_t ent, int16_t type, return 0; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */ kadm5_ret_t -kadm5_s_get_principal(void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, +kadm5_s_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, uint32_t mask) { kadm5_server_context *context = server_handle; kadm5_ret_t ret; hdb_entry_ex ent; - + memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); context->db->hdb_close(context->context, context->db); if(ret) return _kadm5_error_code(ret); memset(out, 0, sizeof(*out)); if(mask & KADM5_PRINCIPAL) - ret = krb5_copy_principal(context->context, ent.entry.principal, + ret = krb5_copy_principal(context->context, ent.entry.principal, &out->principal); if(ret) goto out; @@ -126,11 +126,11 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_MOD_NAME) { if(ent.entry.modified_by) { if (ent.entry.modified_by->principal != NULL) - ret = krb5_copy_principal(context->context, + ret = krb5_copy_principal(context->context, ent.entry.modified_by->principal, &out->mod_name); } else if(ent.entry.created_by.principal != NULL) - ret = krb5_copy_principal(context->context, + ret = krb5_copy_principal(context->context, ent.entry.created_by.principal, &out->mod_name); else @@ -142,7 +142,7 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_KVNO) out->kvno = ent.entry.kvno; if(mask & KADM5_MKVNO) { - int n; + size_t n; out->mkvno = 0; /* XXX */ for(n = 0; n < ent.entry.keys.len; n++) if(ent.entry.keys.val[n].mkvno) { @@ -150,8 +150,16 @@ kadm5_s_get_principal(void *server_handle, break; } } +#if 0 /* XXX implement */ if(mask & KADM5_AUX_ATTRIBUTES) - /* XXX implement */; + ; + if(mask & KADM5_LAST_SUCCESS) + ; + if(mask & KADM5_LAST_FAILED) + ; + if(mask & KADM5_FAIL_AUTH_COUNT) + ; +#endif if(mask & KADM5_POLICY) out->policy = NULL; if(mask & KADM5_MAX_RLIFE) { @@ -160,21 +168,15 @@ kadm5_s_get_principal(void *server_handle, else out->max_renewable_life = INT_MAX; } - if(mask & KADM5_LAST_SUCCESS) - /* XXX implement */; - if(mask & KADM5_LAST_FAILED) - /* XXX implement */; - if(mask & KADM5_FAIL_AUTH_COUNT) - /* XXX implement */; if(mask & KADM5_KEY_DATA){ - int i; + size_t i; Key *key; krb5_key_data *kd; krb5_salt salt; krb5_data *sp; krb5_get_pw_salt(context->context, ent.entry.principal, &salt); out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data)); - if (out->key_data == NULL) { + if (out->key_data == NULL && ent.entry.keys.len != 0) { ret = ENOMEM; goto out; } @@ -191,11 +193,11 @@ kadm5_s_get_principal(void *server_handle, /* setup key */ kd->key_data_length[0] = key->key.keyvalue.length; kd->key_data_contents[0] = malloc(kd->key_data_length[0]); - if(kd->key_data_contents[0] == NULL){ + if(kd->key_data_contents[0] == NULL && kd->key_data_length[0] != 0){ ret = ENOMEM; break; } - memcpy(kd->key_data_contents[0], key->key.keyvalue.data, + memcpy(kd->key_data_contents[0], key->key.keyvalue.data, kd->key_data_length[0]); /* setup salt */ if(key->salt) @@ -221,6 +223,7 @@ kadm5_s_get_principal(void *server_handle, } if(mask & KADM5_TL_DATA) { time_t last_pw_expire; + const HDB_Ext_PKINIT_acl *acl; const HDB_Ext_Aliases *aliases; ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire); @@ -233,21 +236,46 @@ kadm5_s_get_principal(void *server_handle, kadm5_free_principal_ent(context, out); goto out; } - /* + /* * If the client was allowed to get key data, let it have the * password too. */ if(mask & KADM5_KEY_DATA) { heim_utf8_string pw; - ret = hdb_entry_get_password(context->context, + ret = hdb_entry_get_password(context->context, context->db, &ent.entry, &pw); if (ret == 0) { ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1); free(pw); } - krb5_clear_error_string(context->context); - ret = 0; + krb5_clear_error_message(context->context); + } + + ret = hdb_entry_get_pkinit_acl(&ent.entry, &acl); + if (ret == 0 && acl) { + krb5_data buf; + size_t len; + + ASN1_MALLOC_ENCODE(HDB_Ext_PKINIT_acl, buf.data, buf.length, + acl, &len, ret); + if (ret) { + kadm5_free_principal_ent(context, out); + goto out; + } + if (len != buf.length) + krb5_abortx(context->context, + "internal ASN.1 encoder error"); + ret = add_tl_data(out, KRB5_TL_PKINIT_ACL, buf.data, buf.length); + free(buf.data); + if (ret) { + kadm5_free_principal_ent(context, out); + goto out; + } + } + if(ret){ + kadm5_free_principal_ent(context, out); + goto out; } ret = hdb_entry_get_aliases(&ent.entry, &aliases); diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c index be53992..1623ed1 100644 --- a/crypto/heimdal/lib/kadm5/init_c.c +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -1,43 +1,49 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include <sys/types.h> +#ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H #include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H #include <netdb.h> +#endif -RCSID("$Id: init_c.c 21972 2007-10-18 19:11:15Z lha $"); +RCSID("$Id$"); static void set_funcs(kadm5_client_context *c) @@ -58,7 +64,7 @@ set_funcs(kadm5_client_context *c) } kadm5_ret_t -_kadm5_c_init_context(kadm5_client_context **ctx, +_kadm5_c_init_context(kadm5_client_context **ctx, kadm5_config_params *params, krb5_context context) { @@ -117,7 +123,7 @@ _kadm5_c_init_context(kadm5_client_context **ctx, (*ctx)->kadmind_port = htons(strtol (colon, &end, 0)); } if ((*ctx)->kadmind_port == 0) - (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", + (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", "tcp", 749); return 0; } @@ -130,11 +136,11 @@ get_kadm_ticket(krb5_context context, { krb5_error_code ret; krb5_creds in, *out; - + memset(&in, 0, sizeof(in)); in.client = client; ret = krb5_parse_name(context, server_name, &in.server); - if(ret) + if(ret) return ret; ret = krb5_get_credentials(context, 0, id, &in, &out); if(ret == 0) @@ -156,14 +162,14 @@ get_new_cache(krb5_context context, krb5_creds cred; krb5_get_init_creds_opt *opt; krb5_ccache id; - + ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) return ret; - krb5_get_init_creds_opt_set_default_flags(context, "kadmin", - krb5_principal_get_realm(context, - client), + krb5_get_init_creds_opt_set_default_flags(context, "kadmin", + krb5_principal_get_realm(context, + client), opt); @@ -210,7 +216,7 @@ get_new_cache(krb5_context context, default: return ret; } - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if(ret) return ret; ret = krb5_cc_initialize (context, id, cred.client); @@ -225,7 +231,7 @@ get_new_cache(krb5_context context, } /* - * Check the credential cache `id´ to figure out what principal to use + * Check the credential cache `id´ to figure out what principal to use * when talking to the kadmind. If there is a initial kadmin/admin@ * credential in the cache, use that client principal. Otherwise, use * the client principals first component and add /admin to the @@ -246,7 +252,7 @@ get_cache_principal(krb5_context context, *id = NULL; return ret; } - + ret = krb5_cc_get_principal(context, *id, &p1); if(ret) { krb5_cc_close(context, *id); @@ -254,7 +260,7 @@ get_cache_principal(krb5_context context, return ret; } - ret = krb5_make_principal(context, &p2, NULL, + ret = krb5_make_principal(context, &p2, NULL, "kadmin", "admin", NULL); if (ret) { krb5_cc_close(context, *id); @@ -319,16 +325,16 @@ _kadm5_c_get_cred_cache(krb5_context context, krb5_error_code ret; krb5_ccache id = NULL; krb5_principal default_client = NULL, client = NULL; - + /* treat empty password as NULL */ if(password && *password == '\0') password = NULL; if(server_name == NULL) server_name = KADM5_ADMIN_SERVICE; - + if(client_name != NULL) { ret = krb5_parse_name(context, client_name, &client); - if(ret) + if(ret) return ret; } @@ -342,7 +348,7 @@ _kadm5_c_get_cred_cache(krb5_context context, ret = get_cache_principal(context, &id, &default_client); if (ret) { - /* + /* * No client was specified by the caller and we cannot * determine the client from a credentials cache. */ @@ -351,10 +357,10 @@ _kadm5_c_get_cred_cache(krb5_context context, user = get_default_username (); if(user == NULL) { - krb5_set_error_string(context, "Unable to find local user name"); + krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name"); return KADM5_FAILURE; } - ret = krb5_make_principal(context, &default_client, + ret = krb5_make_principal(context, &default_client, NULL, user, "admin", NULL); if(ret) return ret; @@ -369,9 +375,9 @@ _kadm5_c_get_cred_cache(krb5_context context, if (client == NULL && default_client != NULL) client = default_client; - - if(id && (default_client == NULL || - krb5_principal_compare(context, client, default_client))) { + + if(id && client && (default_client == NULL || + krb5_principal_compare(context, client, default_client) != 0)) { ret = get_kadm_ticket(context, id, client, server_name); if(ret == 0) { *ret_cache = id; @@ -390,7 +396,7 @@ _kadm5_c_get_cred_cache(krb5_context context, if (client != default_client) krb5_free_principal(context, default_client); - ret = get_new_cache(context, client, password, prompter, keytab, + ret = get_new_cache(context, client, password, prompter, keytab, server_name, ret_cache); krb5_free_principal(context, client); return ret; @@ -402,7 +408,7 @@ kadm_connect(kadm5_client_context *ctx) kadm5_ret_t ret; krb5_principal server; krb5_ccache cc; - int s; + rk_socket_t s = rk_INVALID_SOCKET; struct addrinfo *ai, *a; struct addrinfo hints; int error; @@ -414,7 +420,7 @@ kadm_connect(kadm5_client_context *ctx) memset (&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; - + snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port)); hostname = ctx->admin_server; @@ -424,37 +430,37 @@ kadm_connect(kadm5_client_context *ctx) error = getaddrinfo (hostname, portstr, &hints, &ai); if (error) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KADM5_BAD_SERVER_NAME; } - + for (a = ai; a != NULL; a = a->ai_next) { s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) continue; if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_warn (context, errno, "connect(%s)", hostname); - close (s); + rk_closesocket (s); continue; } break; } if (a == NULL) { freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_warnx (context, "failed to contact %s", hostname); return KADM5_FAILURE; } ret = _kadm5_c_get_cred_cache(context, - ctx->client_name, - ctx->service_name, - NULL, ctx->prompter, ctx->keytab, + ctx->client_name, + ctx->service_name, + NULL, ctx->prompter, ctx->keytab, ctx->ccache, &cc); - + if(ret) { freeaddrinfo (ai); - close(s); + rk_closesocket(s); return ret; } @@ -465,8 +471,8 @@ kadm_connect(kadm5_client_context *ctx) if (service_name == NULL) { freeaddrinfo (ai); - close(s); - krb5_clear_error_string(context); + rk_closesocket(s); + krb5_clear_error_message(context); return ENOMEM; } @@ -476,14 +482,14 @@ kadm_connect(kadm5_client_context *ctx) freeaddrinfo (ai); if(ctx->ccache == NULL) krb5_cc_close(context, cc); - close(s); + rk_closesocket(s); return ret; } ctx->ac = NULL; - ret = krb5_sendauth(context, &ctx->ac, &s, - KADMIN_APPL_VERSION, NULL, - server, AP_OPTS_MUTUAL_REQUIRED, + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); if(ret == 0) { krb5_data params; @@ -494,47 +500,47 @@ kadm_connect(kadm5_client_context *ctx) p.realm = ctx->realm; } ret = _kadm5_marshal_params(context, &p, ¶ms); - + ret = krb5_write_priv_message(context, ctx->ac, &s, ¶ms); krb5_data_free(¶ms); if(ret) { freeaddrinfo (ai); - close(s); + rk_closesocket(s); if(ctx->ccache == NULL) krb5_cc_close(context, cc); return ret; } } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) { - close(s); + rk_closesocket(s); s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) { freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return errno; } if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - close (s); + rk_closesocket (s); freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return errno; } - ret = krb5_sendauth(context, &ctx->ac, &s, - KADMIN_OLD_APPL_VERSION, NULL, - server, AP_OPTS_MUTUAL_REQUIRED, + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_OLD_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); } freeaddrinfo (ai); if(ret) { - close(s); + rk_closesocket(s); return ret; } - + krb5_free_principal(context, server); if(ctx->ccache == NULL) krb5_cc_close(context, cc); ctx->sock = s; - + return 0; } @@ -547,9 +553,9 @@ _kadm5_connect(void *handle) return 0; } -static kadm5_ret_t +static kadm5_ret_t kadm5_c_init_with_context(krb5_context context, - const char *client_name, + const char *client_name, const char *password, krb5_prompter_fct prompter, const char *keytab, @@ -569,15 +575,15 @@ kadm5_c_init_with_context(krb5_context context, return ret; if(password != NULL && *password != '\0') { - ret = _kadm5_c_get_cred_cache(context, + ret = _kadm5_c_get_cred_cache(context, client_name, - service_name, + service_name, password, prompter, keytab, ccache, &cc); if(ret) return ret; /* XXX */ ccache = cc; } - + if (client_name != NULL) ctx->client_name = strdup(client_name); @@ -592,13 +598,13 @@ kadm5_c_init_with_context(krb5_context context, ctx->ccache = ccache; /* maybe we should copy the params here */ ctx->sock = -1; - + *server_handle = ctx; return 0; } -static kadm5_ret_t -init_context(const char *client_name, +static kadm5_ret_t +init_context(const char *client_name, const char *password, krb5_prompter_fct prompter, const char *keytab, @@ -612,7 +618,7 @@ init_context(const char *client_name, krb5_context context; kadm5_ret_t ret; kadm5_server_context *ctx; - + ret = krb5_init_context(&context); if (ret) return ret; @@ -636,9 +642,9 @@ init_context(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_password_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -659,8 +665,8 @@ kadm5_c_init_with_password_ctx(krb5_context context, server_handle); } -kadm5_ret_t -kadm5_c_init_with_password(const char *client_name, +kadm5_ret_t +kadm5_c_init_with_password(const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -668,21 +674,21 @@ kadm5_c_init_with_password(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, - password, + return init_context(client_name, + password, krb5_prompter_posix, NULL, NULL, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_skey_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -704,8 +710,8 @@ kadm5_c_init_with_skey_ctx(krb5_context context, } -kadm5_ret_t -kadm5_c_init_with_skey(const char *client_name, +kadm5_ret_t +kadm5_c_init_with_skey(const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -713,19 +719,19 @@ kadm5_c_init_with_skey(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, + return init_context(client_name, NULL, NULL, keytab, NULL, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_creds_ctx(krb5_context context, const char *client_name, krb5_ccache ccache, @@ -748,7 +754,7 @@ kadm5_c_init_with_creds_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_creds(const char *client_name, krb5_ccache ccache, const char *service_name, @@ -757,20 +763,20 @@ kadm5_c_init_with_creds(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, + return init_context(client_name, NULL, NULL, NULL, ccache, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } #if 0 -kadm5_ret_t +kadm5_ret_t kadm5_init(char *client_name, char *pass, char *service_name, kadm5_config_params *realm_params, diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c index dee464b..1001fce 100644 --- a/crypto/heimdal/lib/kadm5/init_s.c +++ b/crypto/heimdal/lib/kadm5/init_s.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: init_s.c 9441 2000-12-31 08:01:16Z assar $"); +RCSID("$Id$"); -static kadm5_ret_t +static kadm5_ret_t kadm5_s_init_with_context(krb5_context context, - const char *client_name, + const char *client_name, const char *service_name, kadm5_config_params *realm_params, unsigned long struct_version, @@ -55,19 +55,29 @@ kadm5_s_init_with_context(krb5_context context, assert(ctx->config.stash_file != NULL); assert(ctx->config.acl_file != NULL); assert(ctx->log_context.log_file != NULL); +#ifndef NO_UNIX_SOCKETS assert(ctx->log_context.socket_name.sun_path[0] != '\0'); +#else + assert(ctx->log_context.socket_info != NULL); +#endif ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname); if(ret) return ret; - ret = hdb_set_master_keyfile (ctx->context, + ret = hdb_set_master_keyfile (ctx->context, ctx->db, ctx->config.stash_file); if(ret) return ret; ctx->log_context.log_fd = -1; +#ifndef NO_UNIX_SOCKETS ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0); +#else + ctx->log_context.socket_fd = socket (ctx->log_context.socket_info->ai_family, + ctx->log_context.socket_info->ai_socktype, + ctx->log_context.socket_info->ai_protocol); +#endif ret = krb5_parse_name(ctx->context, client_name, &ctx->caller); if(ret) @@ -76,14 +86,14 @@ kadm5_s_init_with_context(krb5_context context, ret = _kadm5_acl_init(ctx); if(ret) return ret; - + *server_handle = ctx; return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_password_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -100,8 +110,8 @@ kadm5_s_init_with_password_ctx(krb5_context context, server_handle); } -kadm5_ret_t -kadm5_s_init_with_password(const char *client_name, +kadm5_ret_t +kadm5_s_init_with_password(const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -116,13 +126,13 @@ kadm5_s_init_with_password(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_password_ctx(context, - client_name, - password, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_password_ctx(context, + client_name, + password, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); @@ -133,9 +143,9 @@ kadm5_s_init_with_password(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_skey_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -152,7 +162,7 @@ kadm5_s_init_with_skey_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_skey(const char *client_name, const char *keytab, const char *service_name, @@ -168,13 +178,13 @@ kadm5_s_init_with_skey(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_skey_ctx(context, - client_name, - keytab, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_skey_ctx(context, + client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); @@ -185,7 +195,7 @@ kadm5_s_init_with_skey(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_creds_ctx(krb5_context context, const char *client_name, krb5_ccache ccache, @@ -204,7 +214,7 @@ kadm5_s_init_with_creds_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_creds(const char *client_name, krb5_ccache ccache, const char *service_name, @@ -220,13 +230,13 @@ kadm5_s_init_with_creds(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_creds_ctx(context, - client_name, - ccache, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_creds_ctx(context, + client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); diff --git a/crypto/heimdal/lib/kadm5/iprop-commands.in b/crypto/heimdal/lib/kadm5/iprop-commands.in index 438594e..78d88c9 100644 --- a/crypto/heimdal/lib/kadm5/iprop-commands.in +++ b/crypto/heimdal/lib/kadm5/iprop-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: iprop-commands.in 20602 2007-05-08 03:08:35Z lha $ */ +/* $Id$ */ command = { name = "dump" diff --git a/crypto/heimdal/lib/kadm5/iprop-log.8 b/crypto/heimdal/lib/kadm5/iprop-log.8 index 599046b..7f84b09 100644 --- a/crypto/heimdal/lib/kadm5/iprop-log.8 +++ b/crypto/heimdal/lib/kadm5/iprop-log.8 @@ -1,110 +1,98 @@ -.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $ -.\" -.\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan +.\" $Id$ +.\" +.\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $ +.\" $Id$ .\" .Dd February 18, 2007 .Dt IPROP-LOG 8 .Os Heimdal .Sh NAME .Nm iprop-log -.Nd -maintain the iprop log file +.Nd maintain the iprop log file .Sh SYNOPSIS .Nm -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl Fl version +.Op Fl h | Fl Fl help .Ar command .Pp .Nm iprop-log truncate .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log dump .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log replay -.Op Fl -start-version= Ns Ar version-number -.Op Fl -end-version= Ns Ar version-number +.Op Fl Fl start-version= Ns Ar version-number +.Op Fl Fl end-version= Ns Ar version-number .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Sh DESCRIPTION Supported options: .Bl -tag -width Ds -.It Xo -.Fl -version -.Xc -.It Xo -.Fl h , -.Fl -help -.Xc +.It Fl Fl version +.It Fl h , Fl Fl help .El .Pp command can be one of the following: .Bl -tag -width truncate .It truncate .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -113,38 +101,27 @@ last entry of the old log. If the log is truncted by emptying the file, the log will start over at the first version (0). .It dump .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file .It Xo .Fl r Ar string , -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc realm .El .Pp -Print out all entires in the log to standard output. +Print out all entries in the log to standard output. .It replay .Bl -tag -width Ds -.It Xo -.Fl -start-version= Ns Ar version-number -.Xc +.It Fl Fl start-version= Ns Ar version-number start replay with this version .It Xo -.Fl -end-version= Ns Ar version-number +.Fl Fl end-version= Ns Ar version-number .Xc end replay with this version -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -152,15 +129,9 @@ Replay the changes from specified entries (or all if none is specified) in the transaction log to the database. .It last-version .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp diff --git a/crypto/heimdal/lib/kadm5/iprop-log.c b/crypto/heimdal/lib/kadm5/iprop-log.c index 7b43076..b201de6 100644 --- a/crypto/heimdal/lib/kadm5/iprop-log.c +++ b/crypto/heimdal/lib/kadm5/iprop-log.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" @@ -36,7 +36,7 @@ #include <parse_time.h> #include "iprop-commands.h" -RCSID("$Id: iprop-log.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); static krb5_context context; @@ -75,7 +75,7 @@ get_kadmin_context(const char *config_file, char *realm) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -119,12 +119,12 @@ print_entry(kadm5_server_context *server_context, krb5_context scontext = server_context->context; off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len; - + krb5_error_code ret; strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); - if(op < kadm_get || op > kadm_nop) { + if((int)op < (int)kadm_get || (int)op > (int)kadm_nop) { printf("unknown op: %d\n", op); krb5_storage_seek(sp, end, SEEK_SET); return; @@ -184,7 +184,7 @@ print_entry(kadm5_server_context *server_context, if(ent.valid_end == NULL) { strlcpy(t, "never", sizeof(t)); } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(ent.valid_end)); } printf(" expires = %s\n", t); @@ -193,7 +193,7 @@ print_entry(kadm5_server_context *server_context, if(ent.pw_end == NULL) { strlcpy(t, "never", sizeof(t)); } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(ent.pw_end)); } printf(" password exp = %s\n", t); @@ -201,7 +201,7 @@ print_entry(kadm5_server_context *server_context, if(mask & KADM5_LAST_PWD_CHANGE) { } if(mask & KADM5_ATTRIBUTES) { - unparse_flags(HDBFlags2int(ent.flags), + unparse_flags(HDBFlags2int(ent.flags), asn1_HDBFlags_units(), t, sizeof(t)); printf(" attributes = %s\n", t); } @@ -271,7 +271,7 @@ iprop_dump(struct dump_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_init (server_context); @@ -294,7 +294,7 @@ iprop_truncate(struct truncate_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_truncate (server_context); @@ -311,7 +311,7 @@ last_version(struct last_version_options *opt, int argc, char **argv) krb5_error_code ret; uint32_t version; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_init (server_context); @@ -344,14 +344,14 @@ apply_entry(kadm5_server_context *server_context, time_t timestamp, enum kadm_ops op, uint32_t len, - krb5_storage *sp, + krb5_storage *sp, void *ctx) { struct replay_options *opt = ctx; krb5_error_code ret; - if((opt->start_version_integer != -1 && ver < opt->start_version_integer) || - (opt->end_version_integer != -1 && ver > opt->end_version_integer)) { + if((opt->start_version_integer != -1 && ver < (uint32_t)opt->start_version_integer) || + (opt->end_version_integer != -1 && ver > (uint32_t)opt->end_version_integer)) { /* XXX skip this entry */ krb5_storage_seek(sp, len, SEEK_CUR); return; @@ -363,7 +363,7 @@ apply_entry(kadm5_server_context *server_context, op, ver, len, sp); if (ret) krb5_warn (server_context->context, ret, "kadm5_log_replay"); - + printf ("done\n"); } @@ -373,7 +373,7 @@ iprop_replay(struct replay_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = server_context->db->hdb_open(context, @@ -404,9 +404,9 @@ static int version_flag; static struct getargs args[] = { { "version", 0, arg_flag, &version_flag, - NULL, NULL - }, - { "help", 'h', arg_flag, &help_flag, + NULL, NULL + }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; @@ -426,8 +426,11 @@ help(void *opt, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + static char shelp[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = shelp; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/crypto/heimdal/lib/kadm5/iprop.8 b/crypto/heimdal/lib/kadm5/iprop.8 index d1e55cc..6be1f11 100644 --- a/crypto/heimdal/lib/kadm5/iprop.8 +++ b/crypto/heimdal/lib/kadm5/iprop.8 @@ -1,35 +1,35 @@ -.\" $Id: iprop.8 21940 2007-09-28 22:28:09Z lha $ -.\" -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" $Id$ +.\" +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" .Dd May 24, 2005 .Dt IPROP 8 @@ -38,51 +38,49 @@ .Nm iprop , .Nm ipropd-master , .Nm ipropd-slave -.Nd -propagate changes to a Heimdal Kerberos master KDC to slave KDCs +.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs .Sh SYNOPSIS .Nm ipropd-master .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Ar file +.Fl Fl database= Ns Ar file .Xc .Oc -.Op Fl -slave-stats-file= Ns Ar file -.Op Fl -time-missing= Ns Ar time -.Op Fl -time-gone= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl slave-stats-file= Ns Ar file +.Op Fl Fl time-missing= Ns Ar time +.Op Fl Fl time-gone= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Nm ipropd-slave .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc -.Op Fl -time-lost= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl time-lost= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Ar master -.Pp .Sh DESCRIPTION .Nm ipropd-master is used to propagate changes to a Heimdal Kerberos database from the @@ -96,9 +94,9 @@ file in the KDC's database directory, e.g.\& .Pa /var/heimdal/slaves . This has principals one per-line of the form .Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM -where -.Ar slave -is the hostname of the slave server in the given +where +.Ar slave +is the hostname of the slave server in the given .Ar REALM , e.g.\& .Dl iprop/kerberos-1.example.com@EXAMPLE.COM @@ -110,20 +108,23 @@ In contrast to .Xr hprop 8 , which sends the whole database to the slaves regularly, .Nm -normally sends only the changes as they happen on the master. The -master keeps track of all the changes by assigning a version number to -every change to the database. The slaves know which was the latest -version they saw, and in this way it can be determined if they are in -sync or not. A log of all the changes is kept on the master. When a -slave is at an older version than the oldest one in the log, the whole -database has to be sent. +normally sends only the changes as they happen on the master. +The master keeps track of all the changes by assigning a version +number to every change to the database. +The slaves know which was the latest version they saw, and in this +way it can be determined if they are in sync or not. +A log of all the changes is kept on the master. +When a slave is at an older version than the oldest one in the log, +the whole database has to be sent. .Pp The changes are propagated over a secure channel (on port 2121 by -default). This should normally be defined as +default). +This should normally be defined as .Dq iprop/tcp in .Pa /etc/services -or another source of the services database. The master and slaves +or another source of the services database. +The master and slaves must each have access to a keytab with keys for the .Nm iprop service principal on the local host. @@ -136,78 +137,37 @@ file (e.g.\& Supported options for .Nm ipropd-master : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Ar file Database (default per KDC) -.It Xo -.Fl -slave-stats-file= Ns Ar file -.Xc +.It Fl Fl slave-stats-file= Ns Ar file file for slave status information -.It Xo -.Fl -time-missing= Ns Ar time -.Xc +.It Fl Fl time-missing= Ns Ar time time before slave is polled for presence (default 2 min) -.It Xo -.Fl -time-gone= Ns Ar time -.Xc +.It Fl Fl time-gone= Ns Ar time time of inactivity after which a slave is considered gone (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El .Pp Supported options for .Nm ipropd-slave : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl -time-lost= Ns Ar time -.Xc +.It Fl Fl time-lost= Ns Ar time time before server is considered lost (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds. @@ -216,8 +176,8 @@ like 5 min, 300 s, or simply a number of seconds. .Pa slave-stats in the database directory. .Sh SEE ALSO -.Xr hpropd 8 , +.Xr krb5.conf 5 , .Xr hprop 8 , -.Xr krb5.conf 8 , -.Xr kdc 8 , -.Xr iprop-log 8 . +.Xr hpropd 8 , +.Xr iprop-log 8 , +.Xr kdc 8 . diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h index beb5414..32a80ce 100644 --- a/crypto/heimdal/lib/kadm5/iprop.h +++ b/crypto/heimdal/lib/kadm5/iprop.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1998-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: iprop.h 22211 2007-12-07 19:27:27Z lha $ */ +/* $Id$ */ #ifndef __IPROP_H__ #define __IPROP_H__ diff --git a/crypto/heimdal/lib/kadm5/ipropd_common.c b/crypto/heimdal/lib/kadm5/ipropd_common.c index e656159..2e3d941 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_common.c +++ b/crypto/heimdal/lib/kadm5/ipropd_common.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" @@ -63,7 +63,11 @@ setup_signal(void) #else signal(SIGINT, sigterm); signal(SIGTERM, sigterm); +#ifndef NO_SIGXCPU signal(SIGXCPU, sigterm); +#endif +#ifndef NO_SIGPIPE signal(SIGPIPE, SIG_IGN); #endif +#endif } diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c index bd8f71f..492bbad 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_master.c +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" #include <rtbl.h> -RCSID("$Id: ipropd_master.c 22211 2007-12-07 19:27:27Z lha $"); - static krb5_log_facility *log_facility; const char *slave_stats_file; @@ -47,12 +45,13 @@ static int time_before_gone; const char *master_hostname; -static int +static krb5_socket_t make_signal_socket (krb5_context context) { +#ifndef NO_UNIX_SOCKETS struct sockaddr_un addr; const char *fn; - int fd; + krb5_socket_t fd; fn = kadm5_log_signal_socket(context); @@ -66,25 +65,39 @@ make_signal_socket (krb5_context context) if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) krb5_err (context, 1, errno, "bind %s", addr.sun_path); return fd; +#else + struct addrinfo *ai = NULL; + krb5_socket_t fd; + + kadm5_log_signal_socket_info(context, 1, &ai); + + fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (rk_IS_BAD_SOCKET(fd)) + krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF=%d", ai->ai_family); + + if (rk_IS_SOCKET_ERROR( bind (fd, ai->ai_addr, ai->ai_addrlen) )) + krb5_err (context, 1, rk_SOCK_ERRNO, "bind"); + return fd; +#endif } -static int +static krb5_socket_t make_listen_socket (krb5_context context, const char *port_str) { - int fd; + krb5_socket_t fd; int one = 1; struct sockaddr_in addr; fd = socket (AF_INET, SOCK_STREAM, 0); - if (fd < 0) - krb5_err (context, 1, errno, "socket AF_INET"); + if (rk_IS_BAD_SOCKET(fd)) + krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF_INET"); setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)); memset (&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; if (port_str) { addr.sin_port = krb5_getportbyname (context, - port_str, "tcp", + port_str, "tcp", 0); if (addr.sin_port == 0) { char *ptr; @@ -96,7 +109,7 @@ make_listen_socket (krb5_context context, const char *port_str) addr.sin_port = htons(port); } } else { - addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, + addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, "tcp", IPROP_PORT); } if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) @@ -107,7 +120,7 @@ make_listen_socket (krb5_context context, const char *port_str) } struct slave { - int fd; + krb5_socket_t fd; struct sockaddr_in addr; char *name; krb5_auth_context ac; @@ -128,9 +141,11 @@ check_acl (krb5_context context, const char *name) FILE *fp; char buf[256]; int ret = 1; - char *slavefile; + char *slavefile = NULL; - asprintf(&slavefile, "%s/slaves", hdb_db_dir(context)); + if (asprintf(&slavefile, "%s/slaves", hdb_db_dir(context)) == -1 + || slavefile == NULL) + errx(1, "out of memory"); fn = krb5_config_get_string_default(context, NULL, @@ -182,9 +197,9 @@ slave_dead(krb5_context context, slave *s) { krb5_warnx(context, "slave %s dead", s->name); - if (s->fd >= 0) { - close (s->fd); - s->fd = -1; + if (!rk_IS_BAD_SOCKET(s->fd)) { + rk_closesocket (s->fd); + s->fd = rk_INVALID_SOCKET; } s->flags |= SLAVE_F_DEAD; slave_seen(s); @@ -195,8 +210,8 @@ remove_slave (krb5_context context, slave *s, slave **root) { slave **p; - if (s->fd >= 0) - close (s->fd); + if (!rk_IS_BAD_SOCKET(s->fd)) + rk_closesocket (s->fd); if (s->name) free (s->name); if (s->ac) @@ -211,7 +226,8 @@ remove_slave (krb5_context context, slave *s, slave **root) } static void -add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) +add_slave (krb5_context context, krb5_keytab keytab, slave **root, + krb5_socket_t fd) { krb5_principal server; krb5_error_code ret; @@ -230,8 +246,8 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) addr_len = sizeof(s->addr); s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len); - if (s->fd < 0) { - krb5_warn (context, errno, "accept"); + if (rk_IS_BAD_SOCKET(s->fd)) { + krb5_warn (context, rk_SOCK_ERRNO, "accept"); goto error; } if (master_hostname) @@ -254,6 +270,7 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) goto error; } ret = krb5_unparse_name (context, ticket->client, &s->name); + krb5_free_ticket (context, ticket); if (ret) { krb5_warn (context, ret, "krb5_unparse_name"); goto error; @@ -262,8 +279,6 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) krb5_warnx (context, "%s not in acl", s->name); goto error; } - krb5_free_ticket (context, ticket); - ticket = NULL; { slave *l = *root; @@ -297,7 +312,7 @@ error: struct prop_context { krb5_auth_context auth_context; - int fd; + krb5_socket_t fd; }; static int @@ -364,7 +379,7 @@ send_complete (krb5_context context, slave *s, return ret; } - ret = hdb_foreach (context, db, 0, prop_one, s); + ret = hdb_foreach (context, db, HDB_F_ADMIN_DATA, prop_one, s); if (ret) { krb5_warn (context, ret, "hdb_foreach"); slave_dead(context, s); @@ -408,6 +423,8 @@ send_are_you_there (krb5_context context, slave *s) if (s->flags & (SLAVE_F_DEAD|SLAVE_F_AYT)) return 0; + krb5_warnx(context, "slave %s missing, sending AYT", s->name); + s->flags |= SLAVE_F_AYT; data.data = buf; @@ -467,7 +484,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, for (;;) { ret = kadm5_log_previous (context, sp, &ver, ×tamp, &op, &len); if (ret) - krb5_err(context, 1, ret, + krb5_err(context, 1, ret, "send_diffs: failed to find previous entry"); left = krb5_storage_seek(sp, -16, SEEK_CUR); if (ver == s->version) @@ -475,6 +492,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, if (ver == s->version + 1) break; if (left == 0) { + krb5_storage_free(sp); krb5_warnx(context, "slave %s (version %lu) out of sync with master " "(first version in log %lu), sending complete database", @@ -490,6 +508,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, ret = krb5_data_alloc (&data, right - left + 4); if (ret) { + krb5_storage_free(sp); krb5_warn (context, ret, "send_diffs: krb5_data_alloc"); slave_dead(context, s); return 1; @@ -556,14 +575,15 @@ process_msg (krb5_context context, slave *s, int log_fd, } /* new started slave that have old log */ if (s->version == 0 && tmp != 0) { - if (s->version < tmp) { - krb5_warnx (context, "Slave %s have later version the master " - "OUT OF SYNC", s->name); - } else { - s->version = tmp; + if (current_version < (uint32_t)tmp) { + krb5_warnx (context, "Slave %s (version %lu) have later version " + "the master (version %lu) OUT OF SYNC", + s->name, (unsigned long)tmp, + (unsigned long)current_version); } + s->version = tmp; } - if (tmp < s->version) { + if ((uint32_t)tmp < s->version) { krb5_warnx (context, "Slave claims to not have " "version we already sent to it"); } else { @@ -580,6 +600,7 @@ process_msg (krb5_context context, slave *s, int log_fd, } krb5_data_free (&out); + krb5_storage_free (sp); slave_seen(s); @@ -627,7 +648,7 @@ write_master_down(krb5_context context) fp = open_stats(context); if (fp == NULL) return; - krb5_format_time(context, t, str, sizeof(str), TRUE); + krb5_format_time(context, t, str, sizeof(str), TRUE); fprintf(fp, "master down at %s\n", str); fclose(fp); @@ -645,7 +666,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) if (fp == NULL) return; - krb5_format_time(context, t, str, sizeof(str), TRUE); + krb5_format_time(context, t, str, sizeof(str), TRUE); fprintf(fp, "Status for slaves, last updated: %s\n\n", str); fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version); @@ -669,7 +690,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) krb5_address addr; krb5_error_code ret; rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name); - ret = krb5_sockaddr2address (context, + ret = krb5_sockaddr2address (context, (struct sockaddr*)&slaves->addr, &addr); if(ret == 0) { krb5_print_address(&addr, str, sizeof(str), NULL); @@ -677,7 +698,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str); } else rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>"); - + snprintf(str, sizeof(str), "%u", (unsigned)slaves->version); rtbl_add_column_entry(tbl, SLAVE_VERSION, str); @@ -686,7 +707,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) else rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up"); - ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); + ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); rtbl_add_column_entry(tbl, SLAVE_SEEN, str); slaves = slaves->next; @@ -699,35 +720,40 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) } +static char sHDB[] = "HDB:"; static char *realm; static int version_flag; static int help_flag; -static char *keytab_str = "HDB:"; +static char *keytab_str = sHDB; static char *database; static char *config_file; static char *port_str; +#ifdef SUPPORT_DETACH static int detach_from_console = 0; +#endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "database", 'd', arg_string, &database, "database", "file"}, - { "slave-stats-file", 0, arg_string, &slave_stats_file, + { "slave-stats-file", 0, arg_string, rk_UNCONST(&slave_stats_file), "file for slave status information", "file"}, - { "time-missing", 0, arg_string, &slave_time_missing, + { "time-missing", 0, arg_string, rk_UNCONST(&slave_time_missing), "time before slave is polled for presence", "time"}, - { "time-gone", 0, arg_string, &slave_time_gone, + { "time-gone", 0, arg_string, rk_UNCONST(&slave_time_gone), "time of inactivity after which a slave is considered gone", "time"}, { "port", 0, arg_string, &port_str, "port ipropd will listen to", "port"}, - { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, - { "hostname", 0, arg_string, &master_hostname, +#ifdef SUPPORT_DETACH + { "detach", 0, arg_flag, &detach_from_console, + "detach from console", NULL }, +#endif + { "hostname", 0, arg_string, rk_UNCONST(&master_hostname), "hostname of master (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -739,16 +765,16 @@ main(int argc, char **argv) void *kadm_handle; kadm5_server_context *server_context; kadm5_config_params conf; - int signal_fd, listen_fd; + krb5_socket_t signal_fd, listen_fd; int log_fd; slave *slaves = NULL; uint32_t current_version = 0, old_version = 0; krb5_keytab keytab; int optidx; char **files; - + optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag) { @@ -780,8 +806,10 @@ main(int argc, char **argv) if (time_before_missing < 0) krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing); +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif pidfile (NULL); krb5_openlog (context, "ipropd-master", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -793,7 +821,7 @@ main(int argc, char **argv) ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str); - + memset(&conf, 0, sizeof(conf)); if(realm) { conf.mask |= KADM5_CONFIG_REALM; @@ -803,7 +831,7 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -820,7 +848,7 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); - krb5_warnx(context, "ipropd-master started at version: %lu", + krb5_warnx(context, "ipropd-master started at version: %lu", (unsigned long)current_version); while(exit_flag == 0){ @@ -830,8 +858,10 @@ main(int argc, char **argv) struct timeval to = {30, 0}; uint32_t vers; +#ifndef NO_LIMIT_FD_SETSIZE if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE) krb5_errx (context, 1, "fd too large"); +#endif FD_ZERO(&readset); FD_SET(signal_fd, &readset); @@ -860,7 +890,7 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) { - krb5_warnx(context, + krb5_warnx(context, "Missed a signal, updating slaves %lu to %lu", (unsigned long)old_version, (unsigned long)current_version); @@ -873,7 +903,11 @@ main(int argc, char **argv) } if (ret && FD_ISSET(signal_fd, &readset)) { +#ifndef NO_UNIX_SOCKETS struct sockaddr_un peer_addr; +#else + struct sockaddr_storage peer_addr; +#endif socklen_t peer_len = sizeof(peer_addr); if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0, @@ -886,14 +920,17 @@ main(int argc, char **argv) old_version = current_version; kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) { - krb5_warnx(context, + krb5_warnx(context, "Got a signal, updating slaves %lu to %lu", (unsigned long)old_version, (unsigned long)current_version); - for (p = slaves; p != NULL; p = p->next) + for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; send_diffs (context, p, log_fd, database, current_version); + } } else { - krb5_warnx(context, + krb5_warnx(context, "Got a signal, but no update in log version %lu", (unsigned long)current_version); } @@ -909,10 +946,8 @@ main(int argc, char **argv) slave_dead(context, p); } else if (slave_gone_p (p)) slave_dead(context, p); - else if (slave_missing_p (p)) { - krb5_warnx(context, "slave %s missing, sending AYT", p->name); + else if (slave_missing_p (p)) send_are_you_there (context, p); - } } if (ret && FD_ISSET(listen_fd, &readset)) { @@ -923,13 +958,15 @@ main(int argc, char **argv) write_stats(context, slaves, current_version); } - if(exit_flag == SIGXCPU) - krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); - else if(exit_flag == SIGINT || exit_flag == SIGTERM) + if(exit_flag == SIGINT || exit_flag == SIGTERM) krb5_warnx(context, "%s terminated", getprogname()); +#ifdef SIGXCPU + else if(exit_flag == SIGXCPU) + krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); +#endif else - krb5_warnx(context, "%s unexpected exit reason: %d", - getprogname(), exit_flag); + krb5_warnx(context, "%s unexpected exit reason: %ld", + getprogname(), (long)exit_flag); write_master_down(context); diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c index 482a3f7..38e9a7b 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_slave.c +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -1,42 +1,45 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" -RCSID("$Id: ipropd_slave.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); + +static const char *config_name = "ipropd-slave"; static krb5_log_facility *log_facility; -static char *server_time_lost = "5 min"; +static char five_min[] = "5 min"; +static char *server_time_lost = five_min; static int time_before_lost; const char *slave_str = NULL; @@ -44,39 +47,53 @@ static int connect_to_master (krb5_context context, const char *master, const char *port_str) { - int fd; - struct sockaddr_in addr; - struct hostent *he; - - fd = socket (AF_INET, SOCK_STREAM, 0); - if (fd < 0) - krb5_err (context, 1, errno, "socket AF_INET"); - memset (&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - if (port_str) { - addr.sin_port = krb5_getportbyname (context, - port_str, "tcp", - 0); - if (addr.sin_port == 0) { - char *ptr; - long port; - - port = strtol (port_str, &ptr, 10); - if (port == 0 && ptr == port_str) - krb5_errx (context, 1, "bad port `%s'", port_str); - addr.sin_port = htons(port); + char port[NI_MAXSERV]; + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + int s = -1; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + + if (port_str == NULL) { + snprintf(port, sizeof(port), "%u", IPROP_PORT); + port_str = port; + } + + error = getaddrinfo (master, port_str, &hints, &ai); + if (error) { + krb5_warnx(context, "Failed to get address of to %s: %s", + master, gai_strerror(error)); + return -1; + } + + for (a = ai; a != NULL; a = a->ai_next) { + char node[NI_MAXHOST]; + error = getnameinfo(a->ai_addr, a->ai_addrlen, + node, sizeof(node), NULL, 0, NI_NUMERICHOST); + if (error) + strlcpy(node, "[unknown-addr]", sizeof(node)); + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + krb5_warn(context, errno, "connection failed to %s[%s]", + master, node); + close (s); + continue; } - } else { - addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, - "tcp", IPROP_PORT); + krb5_warnx(context, "connection successful " + "to master: %s[%s]", master, node); + break; } - he = roken_gethostbyname (master); - if (he == NULL) - krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno)); - memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr)); - if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) - krb5_err (context, 1, errno, "connect"); - return fd; + freeaddrinfo (ai); + + if (a == NULL) + return -1; + + return s; } static void @@ -90,7 +107,7 @@ get_creds(krb5_context context, const char *keytab_str, krb5_creds creds; char *server; char keytab_buf[256]; - + if (keytab_str == NULL) { ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); if (ret) @@ -101,7 +118,7 @@ get_creds(krb5_context context, const char *keytab_str, ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret) krb5_err(context, 1, ret, "%s", keytab_str); - + ret = krb5_sname_to_principal (context, slave_str, IPROP_NAME, KRB5_NT_SRV_HST, &client); @@ -119,21 +136,24 @@ get_creds(krb5_context context, const char *keytab_str, free (server); krb5_get_init_creds_opt_free(context, init_opts); if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); - + ret = krb5_kt_close(context, keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); - - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache); - if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, cache); + if(ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, *cache, client); if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_store_cred(context, *cache, &creds); if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred"); + + krb5_free_cred_contents(context, &creds); + krb5_free_principal(context, client); } -static void +static krb5_error_code ihave (krb5_context context, krb5_auth_context auth_context, int fd, uint32_t version) { @@ -148,10 +168,11 @@ ihave (krb5_context context, krb5_auth_context auth_context, krb5_storage_free (sp); data.length = 8; data.data = buf; - + ret = krb5_write_priv_message(context, auth_context, &fd, &data); if (ret) - krb5_err (context, 1, ret, "krb5_write_priv_message"); + krb5_warn (context, ret, "krb5_write_message"); + return ret; } static void @@ -178,9 +199,9 @@ receive_loop (krb5_context context, krb5_ret_int32 (sp, &tmp); op = tmp; krb5_ret_int32 (sp, &len); - if (vers <= server_context->log_context.version) + if ((uint32_t)vers <= server_context->log_context.version) krb5_storage_seek(sp, len + 8, SEEK_CUR); - } while(vers <= server_context->log_context.version); + } while((uint32_t)vers <= server_context->log_context.version); /* * Read up rest of the entires into the memory... @@ -226,8 +247,8 @@ receive_loop (krb5_context context, if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers); if (len < 0) krb5_errx(context, 1, "log is corrupted, " - "negative length of entry version %ld: %ld", - (long)vers, (long)len); + "negative length of entry version %ld: %ld", + (long)vers, (long)len); cur = krb5_storage_seek(sp, 0, SEEK_CUR); krb5_warnx (context, "replaying entry %d", (int)vers); @@ -235,22 +256,22 @@ receive_loop (krb5_context context, ret = kadm5_log_replay (server_context, op, vers, len, sp); if (ret) { - char *s = krb5_get_error_message(server_context->context, ret); + const char *s = krb5_get_error_message(server_context->context, ret); krb5_warnx (context, - "kadm5_log_replay: %ld. Lost entry entry, " - "Database out of sync ?: %s (%d)", + "kadm5_log_replay: %ld. Lost entry entry, " + "Database out of sync ?: %s (%d)", (long)vers, s ? s : "unknown error", ret); - krb5_xfree(s); + krb5_free_error_message(context, s); } { - /* + /* * Make sure the krb5_log_replay does the right thing wrt * reading out data from the sp. */ cur2 = krb5_storage_seek(sp, 0, SEEK_CUR); if (cur + len != cur2) - krb5_errx(context, 1, + krb5_errx(context, 1, "kadm5_log_reply version: %ld didn't read the whole entry", (long)vers); } @@ -318,20 +339,20 @@ send_im_here (krb5_context context, int fd, krb5_err (context, 1, ret, "krb5_write_priv_message"); } -static void +static krb5_error_code receive_everything (krb5_context context, int fd, kadm5_server_context *server_context, krb5_auth_context auth_context) { int ret; krb5_data data; - int32_t vno; + int32_t vno = 0; int32_t opcode; krb5_storage *sp; char *dbname; HDB *mydb; - + krb5_warnx(context, "receive complete database"); asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); @@ -339,12 +360,12 @@ receive_everything (krb5_context context, int fd, if(ret) krb5_err(context,1, ret, "hdb_create"); free(dbname); - + ret = hdb_set_master_keyfile (context, mydb, server_context->config.stash_file); if(ret) krb5_err(context,1, ret, "hdb_set_master_keyfile"); - + /* I really want to use O_EXCL here, but given that I can't easily clean up on error, I won't */ ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600); @@ -355,8 +376,10 @@ receive_everything (krb5_context context, int fd, do { ret = krb5_read_priv_message(context, auth_context, &fd, &data); - if (ret) - krb5_err (context, 1, ret, "krb5_read_priv_message"); + if (ret) { + krb5_warn (context, ret, "krb5_read_priv_message"); + goto cleanup; + } sp = krb5_storage_from_data (&data); if (sp == NULL) @@ -408,12 +431,13 @@ receive_everything (krb5_context context, int fd, if (ret) krb5_err (context, 1, ret, "kadm5_log_nop"); - krb5_data_free (&data); - ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name); if (ret) krb5_err (context, 1, ret, "db->rename"); + cleanup: + krb5_data_free (&data); + ret = mydb->hdb_close (context, mydb); if (ret) krb5_err (context, 1, ret, "db->close"); @@ -423,6 +447,7 @@ receive_everything (krb5_context context, int fd, krb5_err (context, 1, ret, "db->destroy"); krb5_warnx(context, "receive complete database, version %ld", (long)vno); + return ret; } static char *config_file; @@ -431,27 +456,38 @@ static int version_flag; static int help_flag; static char *keytab_str; static char *port_str; +#ifdef SUPPORT_DETACH static int detach_from_console = 0; +#endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "time-lost", 0, arg_string, &server_time_lost, "time before server is considered lost", "time" }, { "port", 0, arg_string, &port_str, "port ipropd-slave will connect to", "port"}, - { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, - { "hostname", 0, arg_string, &slave_str, +#ifdef SUPPORT_DETACH + { "detach", 0, arg_flag, &detach_from_console, + "detach from console", NULL }, +#endif + { "hostname", 0, arg_string, rk_UNCONST(&slave_str), "hostname of slave (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); +static void +usage(int status) +{ + arg_printusage(args, num_args, NULL, "master"); + exit(status); +} + int main(int argc, char **argv) { @@ -465,24 +501,36 @@ main(int argc, char **argv) krb5_ccache ccache; krb5_principal server; char **files; - int optidx; + int optidx = 0; + time_t reconnect_min; + time_t backoff; + time_t reconnect_max; + time_t reconnect; + time_t before = 0; const char *master; - - optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + + setprogname(argv[0]); + + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) - krb5_std_usage(0, args, num_args); + usage(0); if(version_flag) { print_version(NULL); exit(0); } + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + setup_signal(); if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + if (asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)) == -1 + || config_file == NULL) errx(1, "out of memory"); } @@ -499,12 +547,14 @@ main(int argc, char **argv) argv += optidx; if (argc != 1) - krb5_std_usage(1, args, num_args); + usage(1); master = argv[0]; +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif pidfile (NULL); krb5_openlog (context, "ipropd-slave", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -526,7 +576,7 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -539,94 +589,160 @@ main(int argc, char **argv) get_creds(context, keytab_str, &ccache, master); - master_fd = connect_to_master (context, master, port_str); - ret = krb5_sname_to_principal (context, master, IPROP_NAME, KRB5_NT_SRV_HST, &server); if (ret) krb5_err (context, 1, ret, "krb5_sname_to_principal"); auth_context = NULL; - ret = krb5_sendauth (context, &auth_context, &master_fd, - IPROP_VERSION, NULL, server, - AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, - ccache, NULL, NULL, NULL); - if (ret) - krb5_err (context, 1, ret, "krb5_sendauth"); - - krb5_warnx(context, "ipropd-slave started at version: %ld", - (long)server_context->log_context.version); - - ihave (context, auth_context, master_fd, - server_context->log_context.version); - - while (exit_flag == 0) { - krb5_data out; - krb5_storage *sp; - int32_t tmp; - fd_set readset; - struct timeval to; - - if (master_fd >= FD_SETSIZE) - krb5_errx (context, 1, "fd too large"); + master_fd = -1; + + krb5_appdefault_time(context, config_name, NULL, "reconnect-min", + 10, &reconnect_min); + krb5_appdefault_time(context, config_name, NULL, "reconnect-max", + 300, &reconnect_max); + krb5_appdefault_time(context, config_name, NULL, "reconnect-backoff", + 10, &backoff); + reconnect = reconnect_min; + + while (!exit_flag) { + time_t now, elapsed; + int connected = FALSE; + + now = time(NULL); + elapsed = now - before; + + if (elapsed < reconnect) { + time_t left = reconnect - elapsed; + krb5_warnx(context, "sleeping %d seconds before " + "retrying to connect", (int)left); + sleep(left); + } + before = now; - FD_ZERO(&readset); - FD_SET(master_fd, &readset); + master_fd = connect_to_master (context, master, port_str); + if (master_fd < 0) + goto retry; - to.tv_sec = time_before_lost; - to.tv_usec = 0; + reconnect = reconnect_min; - ret = select (master_fd + 1, - &readset, NULL, NULL, &to); - if (ret < 0) { - if (errno == EINTR) - continue; - else - krb5_err (context, 1, errno, "select"); + if (auth_context) { + krb5_auth_con_free(context, auth_context); + auth_context = NULL; + krb5_cc_destroy(context, ccache); + get_creds(context, keytab_str, &ccache, master); + } + ret = krb5_sendauth (context, &auth_context, &master_fd, + IPROP_VERSION, NULL, server, + AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, + ccache, NULL, NULL, NULL); + if (ret) { + krb5_warn (context, ret, "krb5_sendauth"); + goto retry; } - if (ret == 0) - krb5_errx (context, 1, "server didn't send a message " - "in %d seconds", time_before_lost); - ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); + krb5_warnx(context, "ipropd-slave started at version: %ld", + (long)server_context->log_context.version); + ret = ihave (context, auth_context, master_fd, + server_context->log_context.version); if (ret) - krb5_err (context, 1, ret, "krb5_read_priv_message"); + goto retry; + + connected = TRUE; + + while (connected && !exit_flag) { + krb5_data out; + krb5_storage *sp; + int32_t tmp; + fd_set readset; + struct timeval to; + +#ifndef NO_LIMIT_FD_SETSIZE + if (master_fd >= FD_SETSIZE) + krb5_errx (context, 1, "fd too large"); +#endif + + FD_ZERO(&readset); + FD_SET(master_fd, &readset); + + to.tv_sec = time_before_lost; + to.tv_usec = 0; + + ret = select (master_fd + 1, + &readset, NULL, NULL, &to); + if (ret < 0) { + if (errno == EINTR) + continue; + else + krb5_err (context, 1, errno, "select"); + } + if (ret == 0) + krb5_errx (context, 1, "server didn't send a message " + "in %d seconds", time_before_lost); + + ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); + if (ret) { + krb5_warn (context, ret, "krb5_read_priv_message"); + connected = FALSE; + continue; + } + + sp = krb5_storage_from_mem (out.data, out.length); + krb5_ret_int32 (sp, &tmp); + switch (tmp) { + case FOR_YOU : + receive (context, sp, server_context); + ret = ihave (context, auth_context, master_fd, + server_context->log_context.version); + if (ret) + connected = FALSE; + break; + case TELL_YOU_EVERYTHING : + ret = receive_everything (context, master_fd, server_context, + auth_context); + if (ret) + connected = FALSE; + break; + case ARE_YOU_THERE : + send_im_here (context, master_fd, auth_context); + break; + case NOW_YOU_HAVE : + case I_HAVE : + case ONE_PRINC : + case I_AM_HERE : + default : + krb5_warnx (context, "Ignoring command %d", tmp); + break; + } + krb5_storage_free (sp); + krb5_data_free (&out); - sp = krb5_storage_from_mem (out.data, out.length); - krb5_ret_int32 (sp, &tmp); - switch (tmp) { - case FOR_YOU : - receive (context, sp, server_context); - ihave (context, auth_context, master_fd, - server_context->log_context.version); - break; - case TELL_YOU_EVERYTHING : - receive_everything (context, master_fd, server_context, - auth_context); - break; - case ARE_YOU_THERE : - send_im_here (context, master_fd, auth_context); - break; - case NOW_YOU_HAVE : - case I_HAVE : - case ONE_PRINC : - case I_AM_HERE : - default : - krb5_warnx (context, "Ignoring command %d", tmp); - break; } - krb5_storage_free (sp); - krb5_data_free (&out); + retry: + if (connected == FALSE) + krb5_warnx (context, "disconnected for server"); + if (exit_flag) + krb5_warnx (context, "got an exit signal"); + + if (master_fd >= 0) + close(master_fd); + + reconnect += backoff; + if (reconnect > reconnect_max) + reconnect = reconnect_max; } - - if(exit_flag == SIGXCPU) + + if (0); +#ifndef NO_SIGXCPU + else if(exit_flag == SIGXCPU) krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); +#endif else if(exit_flag == SIGINT || exit_flag == SIGTERM) krb5_warnx(context, "%s terminated", getprogname()); else - krb5_warnx(context, "%s unexpected exit reason: %d", - getprogname(), exit_flag); + krb5_warnx(context, "%s unexpected exit reason: %ld", + getprogname(), (long)exit_flag); return 0; } diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h index 56b2b32..ab8d694 100644 --- a/crypto/heimdal/lib/kadm5/kadm5-private.h +++ b/crypto/heimdal/lib/kadm5/kadm5-private.h @@ -45,19 +45,19 @@ _kadm5_client_send ( kadm5_client_context */*context*/, krb5_storage */*sp*/); -int -_kadm5_cmp_keys ( - Key */*keys1*/, - int /*len1*/, - Key */*keys2*/, - int /*len2*/); - kadm5_ret_t _kadm5_connect (void */*handle*/); kadm5_ret_t _kadm5_error_code (kadm5_ret_t /*code*/); +int +_kadm5_exists_keys ( + Key */*keys1*/, + int /*len1*/, + Key */*keys2*/, + int /*len2*/); + void _kadm5_free_keys ( krb5_context /*context*/, @@ -354,6 +354,12 @@ const char * kadm5_log_signal_socket (krb5_context /*context*/); kadm5_ret_t +kadm5_log_signal_socket_info ( + krb5_context /*context*/, + int /*server_end*/, + struct addrinfo **/*ret_addrs*/); + +kadm5_ret_t kadm5_log_truncate (kadm5_server_context */*server_context*/); kadm5_ret_t diff --git a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h index 96f3f18..70cbae5 100644 --- a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h +++ b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kadm5-pwcheck.h 15489 2005-06-17 06:45:52Z lha $ */ +/* $Id$ */ #ifndef KADM5_PWCHECK_H #define KADM5_PWCHECK_H 1 @@ -44,7 +44,7 @@ typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context, krb5_principal, krb5_data*); -/* +/* * The 4th argument, is a tuning parameter for the quality check * function, the lib/caller will providing it for the password quality * module. diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et index 1ac624a..ae78472 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_err.et +++ b/crypto/heimdal/lib/kadm5/kadm5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: kadm5_err.et 16683 2006-02-02 13:11:47Z lha $" +id "$Id$" error_table ovk kadm5 diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h index c79e644..68b6a5e 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_locl.h +++ b/crypto/heimdal/lib/kadm5/kadm5_locl.h @@ -1,44 +1,43 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kadm5_locl.h 8579 2000-07-08 11:57:40Z assar $ */ +/* $Id$ */ #ifndef __KADM5_LOCL_H__ #define __KADM5_LOCL_H__ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif +#include <roken.h> #include <stdio.h> #include <stdlib.h> @@ -78,7 +77,6 @@ #include "kadm5_err.h" #include <hdb.h> #include <der.h> -#include <roken.h> #include <parse_units.h> #include "private.h" diff --git a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 index ee045c9..5174d9b 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 +++ b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: kadm5_pwcheck.3 15237 2005-05-25 13:16:27Z lha $ +.\" $Id$ .\" .Dd February 29, 2004 .Dt KADM5_PWCHECK 3 @@ -77,16 +77,17 @@ library. .Pp There are two versions of the shared object API; the old version (0) is deprecated, but still supported. The new version (1) supports -multiple password quality checking modules in the same shared object. +multiple password quality checking policies in the same shared object. See below for details. .Pp -The password quality checker will run over all tests that are -configured by the user. +The password quality checker will run all policies that are +configured by the user. If any policy rejects the password, the password +will be rejected. .Pp -Module names are of the form -.Ql vendor:test-name -or, if the the test name is unique enough, just -.Ql test-name . +Policy names are of the form +.Ql module-name:policy-name +or, if the the policy name is unique enough, just +.Ql policy-name . .Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT (This refers to the version 1 API only.) .Pp @@ -101,10 +102,16 @@ Its .Ft name and .Ft vendor -fields should be contain the obvious information and +fields should contain the obvious information. +.Ft name +must match the +.Ql module-name +portion of the policy name (the part before the colon), if the policy name +contains a colon, or the policy will not be run. .Ft version should be .Dv KADM5_PASSWD_VERSION_V1 . +.Pp .Ft funcs contains an array of .Ft "struct kadm5_pw_policy_check_func" @@ -113,8 +120,14 @@ structures that is terminated with an entry whose component is .Dv NULL . The +.Ft name +field of the array must match the +.Ql policy-name +portion of a policy name (the part after the colon, or the complete policy +name if there is no colon) specified by the user or the policy will not be +run. The .Ft func -Fields of the array elements are functions that are exported by the +fields of the array elements are functions that are exported by the module to be called to check the password. They get the following arguments: the Kerberos context, principal, password, a tuning parameter, and a pointer to a message buffer and its length. The tuning parameter diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c index 2521fae..d46b8db 100644 --- a/crypto/heimdal/lib/kadm5/keys.c +++ b/crypto/heimdal/lib/kadm5/keys.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: keys.c 14297 2004-10-11 23:50:25Z lha $"); +RCSID("$Id$"); /* * free all the memory used by (len, keys) @@ -64,37 +64,39 @@ _kadm5_init_keys (Key *keys, int len) } /* - * return 0 iff `keys1, len1' and `keys2, len2' are identical + * return 1 if any key in `keys1, len1' exists in `keys2, len2' */ int -_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2) +_kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2) { - int i; - - if (len1 != len2) - return 1; + int i, j; for (i = 0; i < len1; ++i) { - if ((keys1[i].salt != NULL && keys2[i].salt == NULL) - || (keys1[i].salt == NULL && keys2[i].salt != NULL)) + for (j = 0; j < len2; j++) { + if ((keys1[i].salt != NULL && keys2[j].salt == NULL) + || (keys1[i].salt == NULL && keys2[j].salt != NULL)) + continue; + + if (keys1[i].salt != NULL) { + if (keys1[i].salt->type != keys2[j].salt->type) + continue; + if (keys1[i].salt->salt.length != keys2[j].salt->salt.length) + continue; + if (memcmp (keys1[i].salt->salt.data, keys2[j].salt->salt.data, + keys1[i].salt->salt.length) != 0) + continue; + } + if (keys1[i].key.keytype != keys2[j].key.keytype) + continue; + if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length) + continue; + if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data, + keys1[i].key.keyvalue.length) != 0) + continue; + return 1; - if (keys1[i].salt != NULL) { - if (keys1[i].salt->type != keys2[i].salt->type) - return 1; - if (keys1[i].salt->salt.length != keys2[i].salt->salt.length) - return 1; - if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data, - keys1[i].salt->salt.length) != 0) - return 1; } - if (keys1[i].key.keytype != keys2[i].key.keytype) - return 1; - if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length) - return 1; - if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data, - keys1[i].key.keyvalue.length) != 0) - return 1; } return 0; } diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c index 5c4aaef..05b84b1 100644 --- a/crypto/heimdal/lib/kadm5/log.c +++ b/crypto/heimdal/lib/kadm5/log.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include "heim_threads.h" -RCSID("$Id: log.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); /* * A log record consists of: @@ -99,13 +99,15 @@ kadm5_log_init (kadm5_server_context *context) return 0; fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600); if (fd < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: open %s", + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: open %s", log_context->log_file); - return errno; + return ret; } if (flock (fd, LOCK_EX) < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: flock %s", - log_context->log_file); + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: flock %s", + log_context->log_file); close (fd); return errno; } @@ -191,12 +193,12 @@ kadm5_log_flush (kadm5_log_context *log_context, { krb5_data data; size_t len; - int ret; + ssize_t ret; krb5_storage_to_data(sp, &data); len = data.length; ret = write (log_context->log_fd, data.data, len); - if (ret != len) { + if (ret < 0 || (size_t)ret != len) { krb5_data_free(&data); return errno; } @@ -204,15 +206,25 @@ kadm5_log_flush (kadm5_log_context *log_context, krb5_data_free(&data); return errno; } + /* * Try to send a signal to any running `ipropd-master' */ +#ifndef NO_UNIX_SOCKETS sendto (log_context->socket_fd, (void *)&log_context->version, sizeof(log_context->version), 0, (struct sockaddr *)&log_context->socket_name, sizeof(log_context->socket_name)); +#else + sendto (log_context->socket_fd, + (void *)&log_context->version, + sizeof(log_context->version), + 0, + log_context->socket_info->ai_addr, + log_context->socket_info->ai_addrlen); +#endif krb5_data_free(&data); return 0; @@ -279,15 +291,15 @@ kadm5_log_replay_create (kadm5_server_context *context, ret = krb5_data_alloc (&data, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent.entry); krb5_data_free(&data); if (ret) { - krb5_set_error_string(context->context, - "Unmarshaling hdb entry failed"); + krb5_set_error_message(context->context, ret, + "Unmarshaling hdb entry failed"); return ret; } ret = context->db->hdb_store(context->context, context->db, 0, &ent); @@ -358,8 +370,8 @@ kadm5_log_replay_delete (kadm5_server_context *context, ret = krb5_ret_principal (sp, &principal); if (ret) { - krb5_set_error_string(context->context, "Failed to read deleted " - "principal from log version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read deleted " + "principal from log version: %ld", (long)ver); return ret; } @@ -456,8 +468,8 @@ kadm5_log_replay_rename (kadm5_server_context *context, off = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_ret_principal (sp, &source); if (ret) { - krb5_set_error_string(context->context, "Failed to read renamed " - "principal in log, version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read renamed " + "principal in log, version: %ld", (long)ver); return ret; } princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; @@ -474,7 +486,7 @@ kadm5_log_replay_rename (kadm5_server_context *context, krb5_free_principal (context->context, source); return ret; } - ret = context->db->hdb_store (context->context, context->db, + ret = context->db->hdb_store (context->context, context->db, 0, &target_ent); hdb_free_entry (context->context, &target_ent); if (ret) { @@ -561,7 +573,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, len -= 4; ret = krb5_data_alloc (&value, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, value.data, len); @@ -571,9 +583,9 @@ kadm5_log_replay_modify (kadm5_server_context *context, return ret; memset(&ent, 0, sizeof(ent)); - ret = context->db->hdb_fetch(context->context, context->db, - log_ent.entry.principal, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + log_ent.entry.principal, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if (ret) goto out; if (mask & KADM5_PRINC_EXPIRE_TIME) { @@ -583,8 +595,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.valid_end == NULL) { ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end)); if (ent.entry.valid_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -598,8 +610,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.pw_end == NULL) { ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end)); if (ent.entry.pw_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -619,8 +631,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_life == NULL) { ent.entry.max_life = malloc (sizeof(*ent.entry.max_life)); if (ent.entry.max_life == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -631,15 +643,15 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.modified_by == NULL) { ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by)); if (ent.entry.modified_by == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } else free_Event(ent.entry.modified_by); ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -665,8 +677,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_renew == NULL) { ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew)); if (ent.entry.max_renew == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -684,7 +696,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, } if (mask & KADM5_KEY_DATA) { size_t num; - int i; + size_t i; for (i = 0; i < ent.entry.keys.len; ++i) free_Key(&ent.entry.keys.val[i]); @@ -695,14 +707,14 @@ kadm5_log_replay_modify (kadm5_server_context *context, ent.entry.keys.len = num; ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); if (ent.entry.keys.val == NULL) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ENOMEM, "out of memory"); return ENOMEM; } for (i = 0; i < ent.entry.keys.len; ++i) { ret = copy_Key(&log_ent.entry.keys.val[i], &ent.entry.keys.val[i]); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -717,7 +729,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, ret = copy_HDB_extensions(log_ent.entry.extensions, ent.entry.extensions); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); free(ent.entry.extensions); ent.entry.extensions = es; goto out; @@ -727,7 +739,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, free(es); } } - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); out: hdb_free_entry (context->context, &ent); @@ -834,9 +846,9 @@ kadm5_log_goto_end (int fd) /* * Return previous log entry. - * - * The pointer in `sp´ is assumed to be at the top of the entry before - * previous entry. On success, the `sp´ pointer is set to data portion + * + * The pointer in `sp´ is assumed to be at the top of the entry before + * previous entry. On success, the `sp´ pointer is set to data portion * of previous entry. In case of error, it's not changed at all. */ @@ -860,16 +872,22 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; *len = tmp; ret = krb5_ret_int32 (sp, &tmp); + if (ret) + goto end_of_storage; *ver = tmp; off = 24 + *len; krb5_storage_seek(sp, -off, SEEK_CUR); ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *ver) { + if ((uint32_t)tmp != *ver) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, version number wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, version number wrong " + "(tmp %lu ver %lu)", + (unsigned long)tmp, + (unsigned long)*ver); return KADM5_BAD_DB; } ret = krb5_ret_int32 (sp, &tmp); @@ -877,22 +895,25 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; *timestamp = tmp; ret = krb5_ret_int32 (sp, &tmp); + if (ret) + goto end_of_storage; *op = tmp; ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *len) { + if ((uint32_t)tmp != *len) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, length wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, length wrong"); return KADM5_BAD_DB; } return 0; end_of_storage: krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: end of storage " - "reached before end"); + krb5_set_error_message(context, ret, "kadm5_log_previous: end of storage " + "reached before end"); return ret; } @@ -919,8 +940,8 @@ kadm5_log_replay (kadm5_server_context *context, case kadm_nop : return kadm5_log_replay_nop (context, ver, len, sp); default : - krb5_set_error_string(context->context, - "Unsupported replay op %d", (int)op); + krb5_set_error_message(context->context, KADM5_FAILURE, + "Unsupported replay op %d", (int)op); return KADM5_FAILURE; } } @@ -962,6 +983,8 @@ kadm5_log_truncate (kadm5_server_context *server_context) } +#ifndef NO_UNIX_SOCKETS + static char *default_signal = NULL; static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -980,3 +1003,55 @@ kadm5_log_signal_socket(krb5_context context) "signal_socket", NULL); } + +#else /* NO_UNIX_SOCKETS */ + +#define SIGNAL_SOCKET_HOST "127.0.0.1" +#define SIGNAL_SOCKET_PORT "12701" + +kadm5_ret_t +kadm5_log_signal_socket_info(krb5_context context, + int server_end, + struct addrinfo **ret_addrs) +{ + struct addrinfo hints; + struct addrinfo *addrs = NULL; + kadm5_ret_t ret = KADM5_FAILURE; + int wsret; + + memset(&hints, 0, sizeof(hints)); + + hints.ai_flags = AI_NUMERICHOST; + if (server_end) + hints.ai_flags |= AI_PASSIVE; + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + wsret = getaddrinfo(SIGNAL_SOCKET_HOST, + SIGNAL_SOCKET_PORT, + &hints, &addrs); + + if (wsret != 0) { + krb5_set_error_message(context, KADM5_FAILURE, + "%s", gai_strerror(wsret)); + goto done; + } + + if (addrs == NULL) { + krb5_set_error_message(context, KADM5_FAILURE, + "getaddrinfo() failed to return address list"); + goto done; + } + + *ret_addrs = addrs; + addrs = NULL; + ret = 0; + + done: + if (addrs) + freeaddrinfo(addrs); + return ret; +} + +#endif diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c index 05ca33f..65804af 100644 --- a/crypto/heimdal/lib/kadm5/marshall.c +++ b/crypto/heimdal/lib/kadm5/marshall.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: marshall.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_store_key_data(krb5_storage *sp, @@ -189,7 +189,7 @@ ret_principal_ent(krb5_storage *sp, if (mask & KADM5_PRINCIPAL) krb5_ret_principal(sp, &princ->principal); - + if (mask & KADM5_PRINC_EXPIRE_TIME) { krb5_ret_int32(sp, &tmp); princ->princ_expire_time = tmp; @@ -260,7 +260,7 @@ ret_principal_ent(krb5_storage *sp, krb5_ret_int32(sp, &tmp); princ->n_key_data = tmp; princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data)); - if (princ->key_data == NULL) + if (princ->key_data == NULL && princ->n_key_data != 0) return ENOMEM; for(i = 0; i < princ->n_key_data; i++) kadm5_ret_key_data(sp, &princ->key_data[i]); @@ -301,14 +301,14 @@ kadm5_ret_principal_ent_mask(krb5_storage *sp, } kadm5_ret_t -_kadm5_marshal_params(krb5_context context, - kadm5_config_params *params, +_kadm5_marshal_params(krb5_context context, + kadm5_config_params *params, krb5_data *out) { krb5_storage *sp = krb5_storage_emem(); - + krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM)); - + if(params->mask & KADM5_CONFIG_REALM) krb5_store_string(sp, params->realm); krb5_storage_to_data(sp, out); @@ -322,15 +322,23 @@ _kadm5_unmarshal_params(krb5_context context, krb5_data *in, kadm5_config_params *params) { - krb5_storage *sp = krb5_storage_from_data(in); + krb5_error_code ret; + krb5_storage *sp; int32_t mask; - - krb5_ret_int32(sp, &mask); + + sp = krb5_storage_from_data(in); + if (sp == NULL) + return ENOMEM; + + ret = krb5_ret_int32(sp, &mask); + if (ret) + goto out; params->mask = mask; - + if(params->mask & KADM5_CONFIG_REALM) - krb5_ret_string(sp, ¶ms->realm); + ret = krb5_ret_string(sp, ¶ms->realm); + out: krb5_storage_free(sp); - return 0; + return ret; } diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c index ed399b3..dd96ae2 100644 --- a/crypto/heimdal/lib/kadm5/modify_c.c +++ b/crypto/heimdal/lib/kadm5/modify_c.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: modify_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask) { kadm5_client_context *context = server_handle; @@ -53,7 +53,7 @@ kadm5_c_modify_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_modify); @@ -68,12 +68,12 @@ kadm5_c_modify_principal(void *server_handle, return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c index 449f619..7907995 100644 --- a/crypto/heimdal/lib/kadm5/modify_s.c +++ b/crypto/heimdal/lib/kadm5/modify_s.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: modify_s.c 20610 2007-05-08 07:12:37Z lha $"); +RCSID("$Id$"); static kadm5_ret_t modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, uint32_t forbidden_mask) { @@ -48,13 +48,13 @@ modify_principal(void *server_handle, return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) return KADM5_UNK_POLICY; - + memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, - princ->principal, HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + princ->principal, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret) goto out; ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0); @@ -68,7 +68,7 @@ modify_principal(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; @@ -87,12 +87,12 @@ out: kadm5_ret_t kadm5_s_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask) { - return modify_principal(server_handle, princ, mask, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO + return modify_principal(server_handle, princ, mask, + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED); } diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c index 2610ce8..a6f0b3e 100644 --- a/crypto/heimdal/lib/kadm5/password_quality.c +++ b/crypto/heimdal/lib/kadm5/password_quality.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include "kadm5-pwcheck.h" -RCSID("$Id: password_quality.c 17595 2006-05-30 21:51:55Z lha $"); +RCSID("$Id$"); #ifdef HAVE_SYS_WAIT_H #include <sys/wait.h> @@ -95,8 +95,8 @@ char_class_passwd_quality (krb5_context context, "1234567890", "!@#$%^&*()/?<>,.{[]}\\|'~`\" " }; - int i, counter = 0, req_classes; - size_t len; + int counter = 0, req_classes; + size_t i, len; char *pw; req_classes = krb5_config_get_int_default(context, NULL, 3, @@ -148,7 +148,7 @@ external_passwd_quality (krb5_context context, char reply[1024]; FILE *in = NULL, *out = NULL, *error = NULL; - if (memchr(pwd->data, pwd->length, '\n') != NULL) { + if (memchr(pwd->data, '\n', pwd->length) != NULL) { snprintf(message, length, "password contains newline, " "not valid for external test"); return 1; @@ -170,7 +170,7 @@ external_passwd_quality (krb5_context context, return 1; } - child = pipe_execv(&in, &out, &error, program, p, NULL); + child = pipe_execv(&in, &out, &error, program, program, p, NULL); if (child < 0) { snprintf(message, length, "external password quality " "program failed to execute for principal %s", p); @@ -182,7 +182,7 @@ external_passwd_quality (krb5_context context, "new-password: %.*s\n" "end\n", p, (int)pwd->length, (char *)pwd->data); - + fclose(in); if (fgets(reply, sizeof(reply), out) == NULL) { @@ -199,7 +199,7 @@ external_passwd_quality (krb5_context context, fclose(out); fclose(error); - waitpid(child, &status, 0); + wait_for_process(child); return 1; } reply[strcspn(reply, "\n")] = '\0'; @@ -207,12 +207,9 @@ external_passwd_quality (krb5_context context, fclose(out); fclose(error); - if (waitpid(child, &status, 0) < 0) { - snprintf(message, length, "external program failed: %s", reply); - free(p); - return 1; - } - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + status = wait_for_process(child); + + if (SE_IS_ERROR(status) || SE_PROCSTATUS(status) != 0) { snprintf(message, length, "external program failed: %s", reply); free(p); return 1; @@ -230,18 +227,18 @@ external_passwd_quality (krb5_context context, } -static kadm5_passwd_quality_check_func_v0 passwd_quality_check = +static kadm5_passwd_quality_check_func_v0 passwd_quality_check = min_length_passwd_quality_v0; struct kadm5_pw_policy_check_func builtin_funcs[] = { { "minimum-length", min_length_passwd_quality }, { "character-class", char_class_passwd_quality }, { "external-check", external_passwd_quality }, - { NULL } + { NULL, NULL } }; struct kadm5_pw_policy_verifier builtin_verifier = { - "builtin", - KADM5_PASSWD_VERSION_V1, + "builtin", + KADM5_PASSWD_VERSION_V1, "Heimdal builtin", builtin_funcs }; @@ -269,17 +266,17 @@ kadm5_setup_passwd_quality_check(krb5_context context, const char *tmp; if(check_library == NULL) { - tmp = krb5_config_get_string(context, NULL, - "password_quality", - "check_library", + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_library", NULL); if(tmp != NULL) check_library = tmp; } if(check_function == NULL) { - tmp = krb5_config_get_string(context, NULL, - "password_quality", - "check_function", + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_function", NULL); if(tmp != NULL) check_function = tmp; @@ -294,7 +291,7 @@ kadm5_setup_passwd_quality_check(krb5_context context, krb5_warnx(context, "failed to open `%s'", check_library); return; } - version = dlsym(handle, "version"); + version = (int *) dlsym(handle, "version"); if(version == NULL) { krb5_warnx(context, "didn't find `version' symbol in `%s'", check_library); @@ -310,8 +307,8 @@ kadm5_setup_passwd_quality_check(krb5_context context, } sym = dlsym(handle, check_function); if(sym == NULL) { - krb5_warnx(context, - "didn't find `%s' symbol in `%s'", + krb5_warnx(context, + "didn't find `%s' symbol in `%s'", check_function, check_library); dlclose(handle); return; @@ -334,7 +331,7 @@ add_verifier(krb5_context context, const char *check_library) krb5_warnx(context, "failed to open `%s'", check_library); return ENOENT; } - v = dlsym(handle, "kadm5_password_verifier"); + v = (struct kadm5_pw_policy_verifier *) dlsym(handle, "kadm5_password_verifier"); if(v == NULL) { krb5_warnx(context, "didn't find `kadm5_password_verifier' symbol " @@ -385,21 +382,23 @@ kadm5_add_passwd_quality_verifier(krb5_context context, krb5_error_code ret; char **tmp; - tmp = krb5_config_get_strings(context, NULL, - "password_quality", - "policy_libraries", + tmp = krb5_config_get_strings(context, NULL, + "password_quality", + "policy_libraries", NULL); - if(tmp == NULL) + if(tmp == NULL || *tmp == NULL) return 0; - while(tmp) { + while (*tmp) { ret = add_verifier(context, *tmp); if (ret) return ret; tmp++; } + return 0; + } else { + return add_verifier(context, check_library); } - return add_verifier(context, check_library); #else return 0; #endif /* HAVE_DLOPEN */ @@ -419,10 +418,12 @@ find_func(krb5_context context, const char *name) p = strchr(name, ':'); if (p) { + size_t len = p - name + 1; func = p + 1; - module = strndup(name, p - name); + module = malloc(len); if (module == NULL) return NULL; + strlcpy(module, name, len); } else func = name; @@ -431,7 +432,7 @@ find_func(krb5_context context, const char *name) if (module && strcmp(module, verifiers[i]->name) != 0) continue; for (f = verifiers[i]->funcs; f->name ; f++) - if (strcmp(name, f->name) == 0) { + if (strcmp(func, f->name) == 0) { if (module) free(module); return f; @@ -466,13 +467,13 @@ kadm5_check_password_quality (krb5_context context, * Check if we should use the old version of policy function. */ - v = krb5_config_get_strings(context, NULL, - "password_quality", - "policies", + v = krb5_config_get_strings(context, NULL, + "password_quality", + "policies", NULL); if (v == NULL) { msg = (*passwd_quality_check) (context, principal, pwd_data); - krb5_set_error_string(context, "password policy failed: %s", msg); + krb5_set_error_message(context, 0, "password policy failed: %s", msg); return msg; } @@ -483,16 +484,16 @@ kadm5_check_password_quality (krb5_context context, proc = find_func(context, *vp); if (proc == NULL) { msg = "failed to find password verifier function"; - krb5_set_error_string(context, "Failed to find password policy " - "function: %s", *vp); + krb5_set_error_message(context, 0, "Failed to find password policy " + "function: %s", *vp); break; } ret = (proc->func)(context, principal, pwd_data, NULL, error_msg, sizeof(error_msg)); if (ret) { - krb5_set_error_string(context, "Password policy " - "%s failed with %s", - proc->name, error_msg); + krb5_set_error_message(context, 0, "Password policy " + "%s failed with %s", + proc->name, error_msg); msg = error_msg; break; } @@ -504,9 +505,9 @@ kadm5_check_password_quality (krb5_context context, if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) { msg = (*passwd_quality_check) (context, principal, pwd_data); if (msg) - krb5_set_error_string(context, "(old) password policy " - "failed with %s", msg); - + krb5_set_error_message(context, 0, "(old) password policy " + "failed with %s", msg); + } return msg; } diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h index d5e1380..7c5b27f 100644 --- a/crypto/heimdal/lib/kadm5/private.h +++ b/crypto/heimdal/lib/kadm5/private.h @@ -1,54 +1,54 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: private.h 22211 2007-12-07 19:27:27Z lha $ */ +/* $Id$ */ #ifndef __kadm5_privatex_h__ #define __kadm5_privatex_h__ struct kadm_func { kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*); - kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, + kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t, const char*); kadm5_ret_t (*delete_principal) (void*, krb5_principal); kadm5_ret_t (*destroy) (void*); kadm5_ret_t (*flush) (void*); - kadm5_ret_t (*get_principal) (void*, krb5_principal, + kadm5_ret_t (*get_principal) (void*, krb5_principal, kadm5_principal_ent_t, uint32_t); kadm5_ret_t (*get_principals) (void*, const char*, char***, int*); kadm5_ret_t (*get_privs) (void*, uint32_t*); kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t); - kadm5_ret_t (*randkey_principal) (void*, krb5_principal, + kadm5_ret_t (*randkey_principal) (void*, krb5_principal, krb5_keyblock**, int*); kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, @@ -74,8 +74,12 @@ typedef struct kadm5_log_context { char *log_file; int log_fd; uint32_t version; +#ifndef NO_UNIX_SOCKETS struct sockaddr_un socket_name; - int socket_fd; +#else + struct addrinfo *socket_info; +#endif + krb5_socket_t socket_fd; } kadm5_log_context; typedef struct kadm5_server_context { diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c index 58e6824..60facf6 100644 --- a/crypto/heimdal/lib/kadm5/privs_c.c +++ b/crypto/heimdal/lib/kadm5/privs_c.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: privs_c.c 17512 2006-05-08 13:43:17Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_get_privs(void *server_handle, uint32_t *privs) @@ -53,7 +53,7 @@ kadm5_c_get_privs(void *server_handle, uint32_t *privs) sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_get_privs); @@ -66,12 +66,12 @@ kadm5_c_get_privs(void *server_handle, uint32_t *privs) return ret; sp = krb5_storage_from_data(&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); ret = tmp; if(ret == 0){ krb5_ret_uint32(sp, privs); diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c index 9c345e3..bfe298d 100644 --- a/crypto/heimdal/lib/kadm5/privs_s.c +++ b/crypto/heimdal/lib/kadm5/privs_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: privs_s.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_s_get_privs(void *server_handle, uint32_t *privs) diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c index 60a3f53..bfa12084 100644 --- a/crypto/heimdal/lib/kadm5/randkey_c.c +++ b/crypto/heimdal/lib/kadm5/randkey_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: randkey_c.c 16662 2006-01-25 12:53:09Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_randkey_principal(void *server_handle, +kadm5_c_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, + krb5_keyblock **new_keys, int *n_keys) { kadm5_client_context *context = server_handle; @@ -54,7 +54,7 @@ kadm5_c_randkey_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_randkey); @@ -68,11 +68,11 @@ kadm5_c_randkey_principal(void *server_handle, return ret; sp = krb5_storage_from_data(&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_ret_int32(sp, &tmp); ret = tmp; if(ret == 0){ diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c index cb0f0fa..dcb179aa 100644 --- a/crypto/heimdal/lib/kadm5/randkey_s.c +++ b/crypto/heimdal/lib/kadm5/randkey_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $"); +RCSID("$Id$"); /* * Set the keys of `princ' to random values, returning the random keys @@ -41,9 +41,9 @@ RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $"); */ kadm5_ret_t -kadm5_s_randkey_principal(void *server_handle, +kadm5_s_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, + krb5_keyblock **new_keys, int *n_keys) { kadm5_server_context *context = server_handle; @@ -54,8 +54,8 @@ kadm5_s_randkey_principal(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret) goto out; @@ -78,7 +78,7 @@ kadm5_s_randkey_principal(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c index cec2fd3..25fcea2 100644 --- a/crypto/heimdal/lib/kadm5/rename_c.c +++ b/crypto/heimdal/lib/kadm5/rename_c.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: rename_c.c 8655 2000-07-11 16:00:19Z joda $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_rename_principal(void *server_handle, +kadm5_c_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c index 2a19426..0835129 100644 --- a/crypto/heimdal/lib/kadm5/rename_s.c +++ b/crypto/heimdal/lib/kadm5/rename_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: rename_s.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_s_rename_principal(void *server_handle, +kadm5_s_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { @@ -51,8 +51,8 @@ kadm5_s_rename_principal(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, - source, HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + source, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret){ context->db->hdb_close(context->context, context->db); goto out; @@ -62,15 +62,16 @@ kadm5_s_rename_principal(void *server_handle, goto out2; { /* fix salt */ - int i; + size_t i; Salt salt; krb5_salt salt2; + memset(&salt, 0, sizeof(salt)); krb5_get_pw_salt(context->context, source, &salt2); salt.type = hdb_pw_salt; salt.salt = salt2.saltvalue; for(i = 0; i < ent.entry.keys.len; i++){ if(ent.entry.keys.val[i].salt == NULL){ - ent.entry.keys.val[i].salt = + ent.entry.keys.val[i].salt = malloc(sizeof(*ent.entry.keys.val[i].salt)); if(ent.entry.keys.val[i].salt == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c index 1a21c10..6df9513 100644 --- a/crypto/heimdal/lib/kadm5/sample_passwd_check.c +++ b/crypto/heimdal/lib/kadm5/sample_passwd_check.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,7 +30,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $ */ +/* $Id$ */ #include <string.h> #include <stdlib.h> diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c index b64bbfe..cd63293 100644 --- a/crypto/heimdal/lib/kadm5/send_recv.c +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997-2003, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: send_recv.c 17311 2006-04-27 11:10:07Z lha $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) { krb5_data msg, out; @@ -48,27 +48,27 @@ _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) len = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); if (ret) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ret; } krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_read(sp, msg.data, msg.length); - + ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL); krb5_data_free(&msg); if(ret) return ret; - + sock = krb5_storage_from_fd(context->sock); if(sock == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free(&out); return ENOMEM; } - + ret = krb5_store_data(sock, out); if (ret) - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sock); krb5_data_free(&out); return ret; @@ -83,12 +83,12 @@ _kadm5_client_recv(kadm5_client_context *context, krb5_data *reply) sock = krb5_storage_from_fd(context->sock); if(sock == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } ret = krb5_ret_data(sock, &data); krb5_storage_free(sock); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); if(ret == KRB5_CC_END) return KADM5_RPC_ERROR; else if(ret) diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c index 2862c36..4b430b6 100644 --- a/crypto/heimdal/lib/kadm5/server_glue.c +++ b/crypto/heimdal/lib/kadm5/server_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: server_glue.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t kadm5_init_with_password(const char *client_name, diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c index ee4de3b..ea0b816 100644 --- a/crypto/heimdal/lib/kadm5/set_keys.c +++ b/crypto/heimdal/lib/kadm5/set_keys.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $"); +RCSID("$Id$"); /* * Set the keys of `ent' to the string-to-key of `password' @@ -41,7 +41,7 @@ RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $"); kadm5_ret_t _kadm5_set_keys(kadm5_server_context *context, - hdb_entry *ent, + hdb_entry *ent, const char *password) { Key *keys; @@ -49,7 +49,7 @@ _kadm5_set_keys(kadm5_server_context *context, kadm5_ret_t ret; ret = hdb_generate_key_set_password(context->context, - ent->principal, + ent->principal, password, &keys, &num_keys); if (ret) return ret; @@ -60,7 +60,7 @@ _kadm5_set_keys(kadm5_server_context *context, hdb_entry_set_pw_change_time(context->context, ent, 0); - if (krb5_config_get_bool_default(context->context, NULL, FALSE, + if (krb5_config_get_bool_default(context->context, NULL, FALSE, "kadmin", "save-password", NULL)) { ret = hdb_entry_set_password(context->context, context->db, @@ -78,8 +78,8 @@ _kadm5_set_keys(kadm5_server_context *context, kadm5_ret_t _kadm5_set_keys2(kadm5_server_context *context, - hdb_entry *ent, - int16_t n_key_data, + hdb_entry *ent, + int16_t n_key_data, krb5_key_data *key_data) { krb5_error_code ret; @@ -89,7 +89,7 @@ _kadm5_set_keys2(kadm5_server_context *context, len = n_key_data; keys = malloc (len * sizeof(*keys)); - if (keys == NULL) + if (keys == NULL && len != 0) return ENOMEM; _kadm5_init_keys (keys, len); @@ -105,14 +105,14 @@ _kadm5_set_keys2(kadm5_server_context *context, if(key_data[i].key_data_ver == 2) { Salt *salt; - salt = malloc(sizeof(*salt)); + salt = calloc(1, sizeof(*salt)); if(salt == NULL) { ret = ENOMEM; goto out; } keys[i].salt = salt; salt->type = key_data[i].key_data_type[1]; - krb5_data_copy(&salt->salt, + krb5_data_copy(&salt->salt, key_data[i].key_data_contents[1], key_data[i].key_data_length[1]); } else @@ -148,7 +148,7 @@ _kadm5_set_keys3(kadm5_server_context *context, len = n_keys; keys = malloc (len * sizeof(*keys)); - if (keys == NULL) + if (keys == NULL && len != 0) return ENOMEM; _kadm5_init_keys (keys, len); @@ -201,8 +201,8 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, { krb5_keyblock *kblock = NULL; kadm5_ret_t ret = 0; - int i, des_keyblock; - size_t num_keys; + int des_keyblock; + size_t i, num_keys; Key *keys; ret = hdb_generate_key_set(context->context, ent->principal, @@ -221,7 +221,7 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, des_keyblock = -1; for (i = 0; i < num_keys; i++) { - /* + /* * To make sure all des keys are the the same we generate only * the first one and then copy key to all other des keys. */ @@ -259,7 +259,7 @@ out: _kadm5_free_keys (context->context, num_keys, keys); return ret; } - + _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val); ent->keys.val = keys; ent->keys.len = num_keys; diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c index 6296519..ee4d4a8 100644 --- a/crypto/heimdal/lib/kadm5/set_modifier.c +++ b/crypto/heimdal/lib/kadm5/set_modifier.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: set_modifier.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t _kadm5_set_modifier(kadm5_server_context *context, @@ -47,7 +47,7 @@ _kadm5_set_modifier(kadm5_server_context *context, } else free_Event(ent->modified_by); ent->modified_by->time = time(NULL); - ret = krb5_copy_principal(context->context, context->caller, + ret = krb5_copy_principal(context->context, context->caller, &ent->modified_by->principal); return ret; } diff --git a/crypto/heimdal/lib/kadm5/test_pw_quality.c b/crypto/heimdal/lib/kadm5/test_pw_quality.c index 745e03e..e3c8d2f 100644 --- a/crypto/heimdal/lib/kadm5/test_pw_quality.c +++ b/crypto/heimdal/lib/kadm5/test_pw_quality.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003, 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003, 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include <getarg.h> -RCSID("$Id: test_pw_quality.c 15105 2005-05-09 19:13:29Z lha $"); +RCSID("$Id$"); static int version_flag; static int help_flag; @@ -59,7 +59,7 @@ main(int argc, char **argv) krb5_data pw_data; krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag) { |
