diff options
| author | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
|---|---|---|
| committer | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
| commit | ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch) | |
| tree | e66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/lib/kadm5 | |
| parent | e5f617598c2db0dd51906a38ecea9208123a8b70 (diff) | |
| download | FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz | |
import of heimdal 0.3e
Diffstat (limited to 'crypto/heimdal/lib/kadm5')
42 files changed, 2791 insertions, 1289 deletions
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog index f5a6ee4..0d2699d 100644 --- a/crypto/heimdal/lib/kadm5/ChangeLog +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -1,3 +1,204 @@ +2001-01-30 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump versions + +2000-12-31 Assar Westerlund <assar@sics.se> + + * init_s.c (*): handle krb5_init_context failure consistently + * init_c.c (init_context): handle krb5_init_context failure + consistently + +2000-12-11 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0 + +2000-11-16 Assar Westerlund <assar@sics.se> + + * set_keys.c (make_keys): clean-up salting loop and try not to + leak memory + + * ipropd_master.c (main): check for fd's being too large to select + on + +2000-08-16 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0 + +2000-08-10 Assar Westerlund <assar@sics.se> + + * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match + +2000-08-07 Assar Westerlund <assar@sics.se> + + * ipropd_master.c (main): ignore SIGPIPE + +2000-08-06 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c (receive_everything): make `fd' an int instead of + a pointer. From Derrick J Brashear <shadow@dementia.org> + +2000-08-04 Johan Danielsson <joda@pdc.kth.se> + + * admin.h: change void** to void* + +2000-07-25 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: bump versions to 7:0:0 and 6:0:2 + +2000-07-24 Assar Westerlund <assar@sics.se> + + * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd + and make a new that takes a context + (kadm5_log_nop): add logging of missing lengths + (kadm5_log_truncate): new function + + * dump_log.c (print_entry): update and correct + * randkey_s.c: call _kadm5_bump_pw_expire + * truncate_log.c: new program for truncating the log + * Makefile.am (sbin_PROGRAMS): add truncate_log + (C_SOURCES): add bump_pw_expire.c + * bump_pw_expire.c: new function for extending password expiration + +2000-07-22 Assar Westerlund <assar@sics.se> + + * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys + + * set_keys.c (free_keys, init_keys): elevate to internal kadm5 + functions + + * chpass_s.c (kadm5_s_chpass_principal_cond): new function + * Makefile.am (C_SOURCES): add keys.c + * init_c.c: remove unused variable and handle some parameters + being NULL + +2000-07-22 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c: use krb5_read_priv_message + + * ipropd_master.c: use krb5_{read,write}_priv_message + + * init_c.c: use krb5_write_priv_message + +2000-07-11 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c: no need to call gethostname, since + sname_to_principal will + + * send_recv.c: assert that we have a connected socket + + * get_princs_c.c: call _kadm5_connect + + * rename_c.c: call _kadm5_connect + + * randkey_c.c: call _kadm5_connect + + * privs_c.c: call _kadm5_connect + + * modify_c.c: call _kadm5_connect + + * get_c.c: call _kadm5_connect + + * delete_c.c: call _kadm5_connect + + * create_c.c: call _kadm5_connect + + * chpass_c.c: call _kadm5_connect + + * private.h: add more fields to client context; remove prototypes + + * admin.h: remove prototypes + + * kadm5-protos.h: move public prototypes here + + * kadm5-private.h: move private prototypes here + + * init_c.c: break out connection code to separate function, and + defer calling it until we actually do something + +2000-07-07 Assar Westerlund <assar@sics.se> + + * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for + backwards compatability + +2000-06-26 Johan Danielsson <joda@pdc.kth.se> + + * set_keys.c (_kadm5_set_keys): rewrite this to be more easily + adaptable to different salts + +2000-06-19 Johan Danielsson <joda@pdc.kth.se> + + * get_s.c: pa_* -> KRB5_PADATA_* + +2000-06-16 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c: change default keytab to default keytab (as in + typically FILE:/etc/krb5.keytab) + +2000-06-08 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c: bug fixes, for actually writing the full dump to + the database. based on a patch from Love <lha@stacken.kth.se> + +2000-06-07 Assar Westerlund <assar@sics.se> + + * acl.c: add support for patterns of principals + * log.c (kadm5_log_replay_create): handle more NULL pointers + (should they really happen?) + * log.c (kadm5_log_replay_modify): handle max_life == NULL and + max_renew == NULL + + * ipropd_master.c: use syslog. be less verbose + * ipropd_slave.c: use syslog + +2000-06-05 Assar Westerlund <assar@sics.se> + + * private.h (kadm_ops): add kadm_nop more prototypes + * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop, + kadm5_log_replay_nop): add + * ipropd_slave.c: and some more improvements + * ipropd_master.c: lots of improvements + * iprop.h (IPROP_PORT, IPROP_SERVICE): add + (iprop_cmd): add new commands + + * dump_log.c: add nop + +2000-05-15 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1 + +2000-05-12 Assar Westerlund <assar@sics.se> + + * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a + fallback. handle not having any creator. + * destroy_s.c (kadm5_s_destroy): free all allocated memory + * context_s.c (set_field): free variable if it's already set + (find_db_spec): malloc space for all strings + +2000-04-05 Assar Westerlund <assar@sics.se> + + * Makefile.am (LDADD): add LIB_openldap + +2000-04-03 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1 + (libkadm5clnt_la_LDFLAGS): set version to 5:0:1 + +2000-03-24 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys2): rewrite + (_kadm5_set_keys3): add + + * private.h (struct kadm_func): add chpass_principal_with_key + * init_c.c (set_funcs): add chpass_principal_with_key + +2000-03-23 Assar Westerlund <assar@sics.se> + + * context_s.c (set_funcs): add chpass_principal_with_key + * common_glue.c (kadm5_chpass_principal_with_key): add + * chpass_s.c: comment-ize and change calling convention for + _kadm5_set_keys* + * chpass_c.c (kadm5_c_chpass_principal_with_key): add + 2000-02-07 Assar Westerlund <assar@sics.se> * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0 diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am index 89399d4..d554b18 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.am +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -1,18 +1,19 @@ -# $Id: Makefile.am,v 1.33 2000/02/07 03:37:27 assar Exp $ +# $Id: Makefile.am,v 1.44 2001/01/30 01:56:00 assar Exp $ include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 5:1:0 -libkadm5clnt_la_LDFLAGS = -version-info 4:2:0 -sbin_PROGRAMS = dump_log replay_log +libkadm5srv_la_LDFLAGS = -version-info 7:3:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:1:2 +sbin_PROGRAMS = dump_log replay_log truncate_log libexec_PROGRAMS = ipropd-master ipropd-slave kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -kadm5include_HEADERS = kadm5_err.h admin.h private.h +kadm5include_HEADERS = kadm5_err.h admin.h private.h \ + kadm5-protos.h kadm5-private.h install-build-headers:: $(kadm5include_HEADERS) @foo='$(kadm5include_HEADERS)'; \ @@ -27,55 +28,57 @@ install-build-headers:: $(kadm5include_HEADERS) fi ; \ done -C_SOURCES = \ - admin.h \ - chpass_c.c \ - common_glue.c \ - create_c.c \ - delete_c.c \ - destroy_c.c \ - flush_c.c \ - free.c \ - get_c.c \ - get_princs_c.c \ - init_c.c \ - kadm5_err.c \ - kadm5_locl.h \ - marshall.c \ - modify_c.c \ - private.h \ - privs_c.c \ - randkey_c.c \ - rename_c.c \ +C_SOURCES = \ + admin.h \ + chpass_c.c \ + common_glue.c \ + create_c.c \ + delete_c.c \ + destroy_c.c \ + flush_c.c \ + free.c \ + get_c.c \ + get_princs_c.c \ + init_c.c \ + kadm5_err.c \ + kadm5_locl.h \ + marshall.c \ + modify_c.c \ + private.h \ + privs_c.c \ + randkey_c.c \ + rename_c.c \ send_recv.c -S_SOURCES = \ - acl.c \ - admin.h \ - chpass_s.c \ - common_glue.c \ - context_s.c \ - create_s.c \ - delete_s.c \ - destroy_s.c \ - ent_setup.c \ - error.c \ - flush_s.c \ - free.c \ - get_princs_s.c \ - get_s.c \ - init_s.c \ - kadm5_err.c \ - kadm5_locl.h \ - log.c \ - marshall.c \ - modify_s.c \ - private.h \ - privs_s.c \ - randkey_s.c \ - rename_s.c \ - set_keys.c \ - set_modifier.c \ +S_SOURCES = \ + acl.c \ + admin.h \ + bump_pw_expire.c \ + chpass_s.c \ + common_glue.c \ + context_s.c \ + create_s.c \ + delete_s.c \ + destroy_s.c \ + ent_setup.c \ + error.c \ + flush_s.c \ + free.c \ + get_princs_s.c \ + get_s.c \ + init_s.c \ + kadm5_err.c \ + kadm5_locl.h \ + keys.c \ + log.c \ + marshall.c \ + modify_s.c \ + private.h \ + privs_s.c \ + randkey_s.c \ + rename_s.c \ + set_keys.c \ + set_modifier.c \ password_quality.c libkadm5srv_la_SOURCES = $(S_SOURCES) server_glue.c @@ -89,12 +92,15 @@ ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h +truncate_log_SOURCES = truncate_log.c + LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ + $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ - $(top_builddir)/lib/des/libdes.la \ + $(LIB_des) \ $(LIB_roken) \ $(DBLIB) \ $(LIB_dlopen) diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in index 233ef9d..a281b23 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.in +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -1,6 +1,6 @@ -# Makefile.in generated automatically by automake 1.4 from Makefile.am +# Makefile.in generated automatically by automake 1.4a from Makefile.am -# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -10,15 +10,6 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# $Id: Makefile.am,v 1.33 2000/02/07 03:37:27 assar Exp $ - - -# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ - - -# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $ - - SHELL = @SHELL@ srcdir = @srcdir@ @@ -40,8 +31,6 @@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include -DESTDIR = - pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -54,9 +43,10 @@ AUTOMAKE = @AUTOMAKE@ AUTOHEADER = @AUTOHEADER@ INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = transform = @program_transform_name@ NORMAL_INSTALL = : @@ -65,26 +55,39 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : + +@SET_MAKE@ host_alias = @host_alias@ host_triplet = @host@ -AFS_EXTRA_LD = @AFS_EXTRA_LD@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ INCLUDE_ = @INCLUDE_@ -LD = @LD@ LEX = @LEX@ LIBOBJS = @LIBOBJS@ LIBTOOL = @LIBTOOL@ LIB_ = @LIB_@ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ LIB_kdb = @LIB_kdb@ LIB_otp = @LIB_otp@ LIB_roken = @LIB_roken@ @@ -92,31 +95,43 @@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ -MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@ -MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@ -MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ -NM = @NM@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ RANLIB = @RANLIB@ +STRIP = @STRIP@ VERSION = @VERSION@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.44 2001/01/30 01:56:00 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ + AUTOMAKE_OPTIONS = foreign no-dependencies SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x -INCLUDES = -I$(top_builddir)/include +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) AM_CFLAGS = $(WFLAGS) +CP = cp + COMPILE_ET = $(top_builddir)/lib/com_err/compile_et buildinclude = $(top_builddir)/include @@ -136,6 +151,7 @@ LIB_getsockopt = @LIB_getsockopt@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ LIB_readline = @LIB_readline@ LIB_res_search = @LIB_res_search@ LIB_setpcred = @LIB_setpcred@ @@ -144,6 +160,8 @@ LIB_socket = @LIB_socket@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIBS = @LIBS@ + HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ INCLUDE_hesiod = @INCLUDE_hesiod@ @@ -152,43 +170,90 @@ LIB_hesiod = @LIB_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ LIB_krb4 = @LIB_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + INCLUDE_readline = @INCLUDE_readline@ LEXLIB = @LEXLIB@ -cat1dir = $(mandir)/cat1 -cat3dir = $(mandir)/cat3 -cat5dir = $(mandir)/cat5 -cat8dir = $(mandir)/cat8 - -MANRX = \(.*\)\.\([0-9]\) -CATSUFFIX = @CATSUFFIX@ - NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la CHECK_LOCAL = $(PROGRAMS) lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 5:1:0 -libkadm5clnt_la_LDFLAGS = -version-info 4:2:0 -sbin_PROGRAMS = dump_log replay_log +libkadm5srv_la_LDFLAGS = -version-info 7:3:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:1:2 +sbin_PROGRAMS = dump_log replay_log truncate_log libexec_PROGRAMS = ipropd-master ipropd-slave kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -kadm5include_HEADERS = kadm5_err.h admin.h private.h - -C_SOURCES = admin.h chpass_c.c common_glue.c create_c.c delete_c.c destroy_c.c flush_c.c free.c get_c.c get_princs_c.c init_c.c kadm5_err.c kadm5_locl.h marshall.c modify_c.c private.h privs_c.c randkey_c.c rename_c.c send_recv.c - - -S_SOURCES = acl.c admin.h chpass_s.c common_glue.c context_s.c create_s.c delete_s.c destroy_s.c ent_setup.c error.c flush_s.c free.c get_princs_s.c get_s.c init_s.c kadm5_err.c kadm5_locl.h log.c marshall.c modify_s.c private.h privs_s.c randkey_s.c rename_s.c set_keys.c set_modifier.c password_quality.c +kadm5include_HEADERS = kadm5_err.h admin.h private.h \ + kadm5-protos.h kadm5-private.h + + +C_SOURCES = \ + admin.h \ + chpass_c.c \ + common_glue.c \ + create_c.c \ + delete_c.c \ + destroy_c.c \ + flush_c.c \ + free.c \ + get_c.c \ + get_princs_c.c \ + init_c.c \ + kadm5_err.c \ + kadm5_locl.h \ + marshall.c \ + modify_c.c \ + private.h \ + privs_c.c \ + randkey_c.c \ + rename_c.c \ + send_recv.c + + +S_SOURCES = \ + acl.c \ + admin.h \ + bump_pw_expire.c \ + chpass_s.c \ + common_glue.c \ + context_s.c \ + create_s.c \ + delete_s.c \ + destroy_s.c \ + ent_setup.c \ + error.c \ + flush_s.c \ + free.c \ + get_princs_s.c \ + get_s.c \ + init_s.c \ + kadm5_err.c \ + kadm5_locl.h \ + keys.c \ + log.c \ + marshall.c \ + modify_s.c \ + private.h \ + privs_s.c \ + randkey_s.c \ + rename_s.c \ + set_keys.c \ + set_modifier.c \ + password_quality.c libkadm5srv_la_SOURCES = $(S_SOURCES) server_glue.c @@ -202,10 +267,22 @@ ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h -LDADD = libkadm5srv.la $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la $(LIB_roken) $(DBLIB) $(LIB_dlopen) +truncate_log_SOURCES = truncate_log.c + +LDADD = \ + libkadm5srv.la \ + $(top_builddir)/lib/hdb/libhdb.la \ + $(LIB_openldap) \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_des) \ + $(LIB_roken) \ + $(DBLIB) \ + $(LIB_dlopen) CLEANFILES = kadm5_err.c kadm5_err.h +subdir = lib/kadm5 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = ../../include/config.h CONFIG_CLEAN_FILES = @@ -215,70 +292,87 @@ LTLIBRARIES = $(lib_LTLIBRARIES) DEFS = @DEFS@ -I. -I$(srcdir) -I../../include CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ -LIBS = @LIBS@ X_CFLAGS = @X_CFLAGS@ X_LIBS = @X_LIBS@ X_EXTRA_LIBS = @X_EXTRA_LIBS@ X_PRE_LIBS = @X_PRE_LIBS@ -libkadm5srv_la_LIBADD = -libkadm5srv_la_OBJECTS = acl.lo chpass_s.lo common_glue.lo context_s.lo \ -create_s.lo delete_s.lo destroy_s.lo ent_setup.lo error.lo flush_s.lo \ -free.lo get_princs_s.lo get_s.lo init_s.lo kadm5_err.lo log.lo \ -marshall.lo modify_s.lo privs_s.lo randkey_s.lo rename_s.lo set_keys.lo \ -set_modifier.lo password_quality.lo server_glue.lo libkadm5clnt_la_LIBADD = -libkadm5clnt_la_OBJECTS = chpass_c.lo common_glue.lo create_c.lo \ +am_libkadm5clnt_la_OBJECTS = chpass_c.lo common_glue.lo create_c.lo \ delete_c.lo destroy_c.lo flush_c.lo free.lo get_c.lo get_princs_c.lo \ init_c.lo kadm5_err.lo marshall.lo modify_c.lo privs_c.lo randkey_c.lo \ rename_c.lo send_recv.lo client_glue.lo +libkadm5clnt_la_OBJECTS = $(am_libkadm5clnt_la_OBJECTS) +libkadm5srv_la_LIBADD = +am_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \ +common_glue.lo context_s.lo create_s.lo delete_s.lo destroy_s.lo \ +ent_setup.lo error.lo flush_s.lo free.lo get_princs_s.lo get_s.lo \ +init_s.lo kadm5_err.lo keys.lo log.lo marshall.lo modify_s.lo \ +privs_s.lo randkey_s.lo rename_s.lo set_keys.lo set_modifier.lo \ +password_quality.lo server_glue.lo +libkadm5srv_la_OBJECTS = $(am_libkadm5srv_la_OBJECTS) libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT) -sbin_PROGRAMS = dump_log$(EXEEXT) replay_log$(EXEEXT) +sbin_PROGRAMS = dump_log$(EXEEXT) replay_log$(EXEEXT) \ +truncate_log$(EXEEXT) PROGRAMS = $(libexec_PROGRAMS) $(sbin_PROGRAMS) -ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) +am_dump_log_OBJECTS = dump_log.$(OBJEXT) +dump_log_OBJECTS = $(am_dump_log_OBJECTS) +dump_log_LDADD = $(LDADD) +dump_log_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la +dump_log_LDFLAGS = +am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) +ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS) ipropd_master_LDADD = $(LDADD) ipropd_master_DEPENDENCIES = libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +$(top_builddir)/lib/asn1/libasn1.la ipropd_master_LDFLAGS = -ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) +am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) +ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS) ipropd_slave_LDADD = $(LDADD) ipropd_slave_DEPENDENCIES = libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +$(top_builddir)/lib/asn1/libasn1.la ipropd_slave_LDFLAGS = -dump_log_OBJECTS = dump_log.$(OBJEXT) -dump_log_LDADD = $(LDADD) -dump_log_DEPENDENCIES = libkadm5srv.la \ -$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la -dump_log_LDFLAGS = -replay_log_OBJECTS = replay_log.$(OBJEXT) +am_replay_log_OBJECTS = replay_log.$(OBJEXT) +replay_log_OBJECTS = $(am_replay_log_OBJECTS) replay_log_LDADD = $(LDADD) replay_log_DEPENDENCIES = libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +$(top_builddir)/lib/asn1/libasn1.la replay_log_LDFLAGS = -CFLAGS = @CFLAGS@ +am_truncate_log_OBJECTS = truncate_log.$(OBJEXT) +truncate_log_OBJECTS = $(am_truncate_log_OBJECTS) +truncate_log_LDADD = $(LDADD) +truncate_log_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la +truncate_log_LDFLAGS = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \ +$(dump_log_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) \ +$(replay_log_SOURCES) $(truncate_log_SOURCES) HEADERS = $(kadm5include_HEADERS) -DIST_COMMON = ChangeLog Makefile.am Makefile.in +depcomp = +DIST_COMMON = $(kadm5include_HEADERS) ChangeLog Makefile.am Makefile.in -DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -TAR = tar GZIP_ENV = --best -SOURCES = $(libkadm5srv_la_SOURCES) $(libkadm5clnt_la_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) $(dump_log_SOURCES) $(replay_log_SOURCES) -OBJECTS = $(libkadm5srv_la_OBJECTS) $(libkadm5clnt_la_OBJECTS) $(ipropd_master_OBJECTS) $(ipropd_slave_OBJECTS) $(dump_log_OBJECTS) $(replay_log_OBJECTS) +SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) $(dump_log_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) $(replay_log_SOURCES) $(truncate_log_SOURCES) +OBJECTS = $(am_libkadm5clnt_la_OBJECTS) $(am_libkadm5srv_la_OBJECTS) $(am_dump_log_OBJECTS) $(am_ipropd_master_OBJECTS) $(am_ipropd_slave_OBJECTS) $(am_replay_log_OBJECTS) $(am_truncate_log_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x +.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kadm5/Makefile @@ -301,31 +395,18 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) $(mkinstalldirs) $(DESTDIR)$(libdir) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ - echo "$(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p; \ + echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ done -.c.o: - $(COMPILE) -c $< - -# FIXME: We should only use cygpath when building on Windows, -# and only if it is available. -.c.obj: - $(COMPILE) -c `cygpath -w $<` - -.s.o: - $(COMPILE) -c $< - -.S.o: - $(COMPILE) -c $< - mostlyclean-compile: -rm -f *.o core *.core -rm -f *.$(OBJEXT) @@ -337,15 +418,6 @@ distclean-compile: maintainer-clean-compile: -.c.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - -.s.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - -.S.lo: - $(LIBTOOL) --mode=compile $(COMPILE) -c $< - mostlyclean-libtool: -rm -f *.lo @@ -356,12 +428,12 @@ distclean-libtool: maintainer-clean-libtool: -libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libkadm5srv_la_LDFLAGS) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS) - libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libkadm5clnt_la_LDFLAGS) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS) +libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libkadm5srv_la_LDFLAGS) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS) + mostlyclean-libexecPROGRAMS: clean-libexecPROGRAMS: @@ -376,15 +448,18 @@ install-libexecPROGRAMS: $(libexec_PROGRAMS) $(mkinstalldirs) $(DESTDIR)$(libexecdir) @list='$(libexec_PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ - $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \ else :; fi; \ done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - list='$(libexec_PROGRAMS)'; for p in $$list; do \ - rm -f $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ done mostlyclean-sbinPROGRAMS: @@ -401,17 +476,24 @@ install-sbinPROGRAMS: $(sbin_PROGRAMS) $(mkinstalldirs) $(DESTDIR)$(sbindir) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ - $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(sbindir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(sbindir)/$$f; \ else :; fi; \ done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - list='$(sbin_PROGRAMS)'; for p in $$list; do \ - rm -f $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \ + rm -f $(DESTDIR)$(sbindir)/$$f; \ done +dump_log$(EXEEXT): $(dump_log_OBJECTS) $(dump_log_DEPENDENCIES) + @rm -f dump_log$(EXEEXT) + $(LINK) $(dump_log_LDFLAGS) $(dump_log_OBJECTS) $(dump_log_LDADD) $(LIBS) + ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) @rm -f ipropd-master$(EXEEXT) $(LINK) $(ipropd_master_LDFLAGS) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS) @@ -420,48 +502,61 @@ ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) @rm -f ipropd-slave$(EXEEXT) $(LINK) $(ipropd_slave_LDFLAGS) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS) -dump_log$(EXEEXT): $(dump_log_OBJECTS) $(dump_log_DEPENDENCIES) - @rm -f dump_log$(EXEEXT) - $(LINK) $(dump_log_LDFLAGS) $(dump_log_OBJECTS) $(dump_log_LDADD) $(LIBS) - replay_log$(EXEEXT): $(replay_log_OBJECTS) $(replay_log_DEPENDENCIES) @rm -f replay_log$(EXEEXT) $(LINK) $(replay_log_LDFLAGS) $(replay_log_OBJECTS) $(replay_log_LDADD) $(LIBS) +truncate_log$(EXEEXT): $(truncate_log_OBJECTS) $(truncate_log_DEPENDENCIES) + @rm -f truncate_log$(EXEEXT) + $(LINK) $(truncate_log_LDFLAGS) $(truncate_log_OBJECTS) $(truncate_log_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + install-kadm5includeHEADERS: $(kadm5include_HEADERS) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(kadm5includedir) @list='$(kadm5include_HEADERS)'; for p in $$list; do \ if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \ - echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$p"; \ - $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$p; \ + f="`echo $$p | sed -e 's|^.*/||'`"; \ + echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f"; \ + $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f; \ done uninstall-kadm5includeHEADERS: @$(NORMAL_UNINSTALL) - list='$(kadm5include_HEADERS)'; for p in $$list; do \ - rm -f $(DESTDIR)$(kadm5includedir)/$$p; \ + @list='$(kadm5include_HEADERS)'; for p in $$list; do \ + f="`echo $$p | sed -e 's|^.*/||'`"; \ + echo " rm -f $(DESTDIR)$(kadm5includedir)/$$f"; \ + rm -f $(DESTDIR)$(kadm5includedir)/$$f; \ done tags: TAGS -ID: $(HEADERS) $(SOURCES) $(LISP) - list='$(SOURCES) $(HEADERS)'; \ - unique=`for i in $$list; do echo $$i; done | \ - awk ' { files[$$0] = 1; } \ +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - here=`pwd` && cd $(srcdir) \ - && mkid -f$$here/ID $$unique $(LISP) + mkid -fID $$unique $(LISP) -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS)'; \ - unique=`for i in $$list; do echo $$i; done | \ - awk ' { files[$$0] = 1; } \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ - || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) mostlyclean-tags: @@ -474,17 +569,16 @@ maintainer-clean-tags: distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) -subdir = lib/kadm5 - distdir: $(DISTFILES) @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ - cp -pr $$/$$file $(distdir)/$$file; \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ else \ test -f $(distdir)/$$file \ - || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ - || cp -p $$d/$$file $(distdir)/$$file || :; \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook @@ -515,7 +609,7 @@ uninstall: uninstall-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local all-redirect: all-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install installdirs: $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(libexecdir) \ $(DESTDIR)$(sbindir) $(DESTDIR)$(kadm5includedir) @@ -531,6 +625,7 @@ distclean-generic: -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: + -rm -f Makefile.in mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ mostlyclean-libtool mostlyclean-libexecPROGRAMS \ mostlyclean-sbinPROGRAMS mostlyclean-tags \ @@ -578,8 +673,9 @@ clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ check-local check check-am installcheck-am installcheck install-exec-am \ install-exec install-data-local install-data-am install-data install-am \ install uninstall-am uninstall all-local all-redirect all-am all \ -installdirs mostlyclean-generic distclean-generic clean-generic \ -maintainer-clean-generic clean mostlyclean distclean maintainer-clean +install-strip installdirs mostlyclean-generic distclean-generic \ +clean-generic maintainer-clean-generic clean mostlyclean distclean \ +maintainer-clean install-suid-programs: @@ -587,7 +683,10 @@ install-suid-programs: for file in $$foo; do \ x=$(DESTDIR)$(bindir)/$$file; \ if chown 0:0 $$x && chmod u+s $$x; then :; else \ - chmod 0 $$x; fi; done + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done install-exec-hook: install-suid-programs @@ -599,8 +698,8 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ) else file="$$f"; fi; \ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ : ; else \ - echo " cp $$file $(buildinclude)/$$f"; \ - cp $$file $(buildinclude)/$$f; \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ fi ; \ done @@ -669,87 +768,8 @@ dist-cat8-mans: dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans -install-cat1-mans: - @ext=1;\ - foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat1dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat3-mans: - @ext=3;\ - foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat3dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat5-mans: - @ext=5;\ - foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat5dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat8-mans: - @ext=8;\ - foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done; \ - if test "$$foo"; then \ - $(mkinstalldirs) $(DESTDIR)$(cat8dir); \ - for x in $$foo; do \ - f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \ - if test -f "$(srcdir)/$$f"; then \ - b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ - echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\ - fi; \ - done ;\ - fi - -install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) install-data-local: install-cat-mans diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c index 3f42c60..c963171 100644 --- a/crypto/heimdal/lib/kadm5/acl.c +++ b/crypto/heimdal/lib/kadm5/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: acl.c,v 1.10 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: acl.c,v 1.12 2000/08/10 19:24:08 assar Exp $"); static struct units acl_units[] = { { "all", KADM5_PRIV_ALL }, @@ -68,58 +68,112 @@ _kadm5_privs_to_string(u_int32_t privs, char *string, size_t len) return 0; } -kadm5_ret_t -_kadm5_acl_init(kadm5_server_context *context) +/* + * retrieve the right for the current caller on `princ' (NULL means all) + * and store them in `ret_flags' + * return 0 or an error. + */ + +static kadm5_ret_t +fetch_acl (kadm5_server_context *context, + krb5_const_principal princ, + unsigned *ret_flags) { - FILE *f; - char buf[128]; - krb5_principal princ; - int flags; - krb5_error_code ret; - - krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); - ret = krb5_principal_compare(context->context, context->caller, princ); - krb5_free_principal(context->context, princ); - if(ret != 0){ - context->acl_flags = KADM5_PRIV_ALL; - return 0; - } + unsigned flags = -1; + FILE *f = fopen(context->config.acl_file, "r"); + krb5_error_code ret = 0; + + if(f != NULL) { + char buf[256]; - flags = -1; - f = fopen(context->config.acl_file, "r"); - if(f){ - while(fgets(buf, sizeof(buf), f)){ + while(fgets(buf, sizeof(buf), f) != NULL){ char *foo = NULL, *p; + krb5_principal this_princ; + + flags = -1; p = strtok_r(buf, " \t\n", &foo); if(p == NULL) continue; - ret = krb5_parse_name(context->context, p, &princ); + ret = krb5_parse_name(context->context, p, &this_princ); if(ret) continue; if(!krb5_principal_compare(context->context, - context->caller, princ)){ - krb5_free_principal(context->context, princ); + context->caller, this_princ)) { + krb5_free_principal(context->context, this_princ); continue; } - krb5_free_principal(context->context, princ); - p = strtok_r(NULL, "\n", &foo); + krb5_free_principal(context->context, this_princ); + p = strtok_r(NULL, " \t\n", &foo); if(p == NULL) continue; ret = _kadm5_string_to_privs(p, &flags); - break; + if (ret) + break; + p = strtok_r(NULL, "\n", &foo); + if (p == NULL) { + ret = 0; + break; + } + if (princ != NULL) { + krb5_principal pattern_princ; + krb5_boolean tmp; + + ret = krb5_parse_name (context->context, p, &pattern_princ); + if (ret) + break; + tmp = krb5_principal_match (context->context, + princ, pattern_princ); + krb5_free_principal (context->context, pattern_princ); + if (tmp) { + ret = 0; + break; + } + } } fclose(f); } if(flags == -1) flags = 0; - context->acl_flags = flags; - return 0; + if (ret == 0) + *ret_flags = flags; + return ret; } +/* + * set global acl flags in `context' for the current caller. + * return 0 on success or an error + */ + kadm5_ret_t -_kadm5_acl_check_permission(kadm5_server_context *context, unsigned op) +_kadm5_acl_init(kadm5_server_context *context) { - unsigned res = ~context->acl_flags & op; + krb5_principal princ; + krb5_error_code ret; + + ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); + if (ret) + return ret; + ret = krb5_principal_compare(context->context, context->caller, princ); + krb5_free_principal(context->context, princ); + if(ret != 0) { + context->acl_flags = KADM5_PRIV_ALL; + return 0; + } + + return fetch_acl (context, NULL, &context->acl_flags); +} + +/* + * check if `flags' allows `op' + * return 0 if OK or an error + */ + +static kadm5_ret_t +check_flags (unsigned op, + unsigned flags) +{ + unsigned res = ~flags & op; + if(res & KADM5_PRIV_GET) return KADM5_AUTH_GET; if(res & KADM5_PRIV_ADD) @@ -136,3 +190,26 @@ _kadm5_acl_check_permission(kadm5_server_context *context, unsigned op) return KADM5_AUTH_INSUFFICIENT; return 0; } + +/* + * return 0 if the current caller in `context' is allowed to perform + * `op' on `princ' and otherwise an error + * princ == NULL if it's not relevant. + */ + +kadm5_ret_t +_kadm5_acl_check_permission(kadm5_server_context *context, + unsigned op, + krb5_const_principal princ) +{ + kadm5_ret_t ret; + unsigned princ_flags; + + ret = check_flags (op, context->acl_flags); + if (ret == 0) + return ret; + ret = fetch_acl (context, princ, &princ_flags); + if (ret) + return ret; + return check_flags (op, princ_flags); +} diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h index 6cb08a3..d9bd85f 100644 --- a/crypto/heimdal/lib/kadm5/admin.h +++ b/crypto/heimdal/lib/kadm5/admin.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: admin.h,v 1.15 1999/12/02 17:05:05 joda Exp $ */ +/* $Id: admin.h,v 1.18 2000/08/04 11:26:21 joda Exp $ */ #ifndef __KADM5_ADMIN_H__ #define __KADM5_ADMIN_H__ @@ -105,14 +105,14 @@ typedef struct _krb5_key_data { int16_t key_data_kvno; /* Key Version */ int16_t key_data_type[2]; /* Array of types */ int16_t key_data_length[2]; /* Array of lengths */ - void** key_data_contents[2];/* Array of pointers */ + void* key_data_contents[2];/* Array of pointers */ } krb5_key_data; typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; int16_t tl_data_type; int16_t tl_data_length; - void **tl_data_contents; + void* tl_data_contents; } krb5_tl_data; typedef struct _kadm5_principal_ent_t { @@ -204,462 +204,7 @@ typedef struct _kadm5_config_params { typedef krb5_error_code kadm5_ret_t; -kadm5_ret_t -kadm5_c_chpass_principal __P(( - void *server_handle, - krb5_principal princ, - char *password)); - -kadm5_ret_t -kadm5_c_create_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask, - char *password)); - -kadm5_ret_t -kadm5_c_delete_principal __P(( - void *server_handle, - krb5_principal princ)); - -kadm5_ret_t -kadm5_c_destroy __P((void *server_handle)); - -kadm5_ret_t -kadm5_c_flush __P((void *server_handle)); - -kadm5_ret_t -kadm5_c_get_principal __P(( - void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, - u_int32_t mask)); - -kadm5_ret_t -kadm5_c_get_principals __P(( - void *server_handle, - const char *exp, - char ***princs, - int *count)); - -kadm5_ret_t -kadm5_c_get_privs __P(( - void *server_handle, - u_int32_t *privs)); - -kadm5_ret_t -kadm5_c_init_with_creds __P(( - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_init_with_creds_ctx __P(( - krb5_context context, - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_init_with_password __P(( - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_init_with_password_ctx __P(( - krb5_context context, - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_init_with_skey __P(( - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_init_with_skey_ctx __P(( - krb5_context context, - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_c_modify_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask)); - -kadm5_ret_t -kadm5_c_randkey_principal __P(( - void *server_handle, - krb5_principal princ, - krb5_keyblock **new_keys, - int *n_keys)); - -kadm5_ret_t -kadm5_c_rename_principal __P(( - void *server_handle, - krb5_principal source, - krb5_principal target)); - -kadm5_ret_t -kadm5_chpass_principal __P(( - void *server_handle, - krb5_principal princ, - char *password)); - -kadm5_ret_t -kadm5_create_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask, - char *password)); - -kadm5_ret_t -kadm5_delete_principal __P(( - void *server_handle, - krb5_principal princ)); - -kadm5_ret_t -kadm5_destroy __P((void *server_handle)); - -kadm5_ret_t -kadm5_flush __P((void *server_handle)); - -void -kadm5_free_key_data __P(( - void *server_handle, - int16_t *n_key_data, - krb5_key_data *key_data)); - -void -kadm5_free_name_list __P(( - void *server_handle, - char **names, - int *count)); - -void -kadm5_free_principal_ent __P(( - void *server_handle, - kadm5_principal_ent_t princ)); - -kadm5_ret_t -kadm5_get_principal __P(( - void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, - u_int32_t mask)); - -kadm5_ret_t -kadm5_get_principals __P(( - void *server_handle, - const char *exp, - char ***princs, - int *count)); - -kadm5_ret_t -kadm5_get_privs __P(( - void *server_handle, - u_int32_t *privs)); - -kadm5_ret_t -kadm5_init_with_creds __P(( - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_init_with_creds_ctx __P(( - krb5_context context, - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_init_with_password __P(( - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_init_with_password_ctx __P(( - krb5_context context, - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_init_with_skey __P(( - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_init_with_skey_ctx __P(( - krb5_context context, - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_modify_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask)); - -kadm5_ret_t -kadm5_randkey_principal __P(( - void *server_handle, - krb5_principal princ, - krb5_keyblock **new_keys, - int *n_keys)); - -kadm5_ret_t -kadm5_rename_principal __P(( - void *server_handle, - krb5_principal source, - krb5_principal target)); - -kadm5_ret_t -kadm5_ret_key_data __P(( - krb5_storage *sp, - krb5_key_data *key)); - -kadm5_ret_t -kadm5_ret_principal_ent __P(( - krb5_storage *sp, - kadm5_principal_ent_t princ)); - -kadm5_ret_t -kadm5_ret_principal_ent_mask __P(( - krb5_storage *sp, - kadm5_principal_ent_t princ, - u_int32_t *mask)); - -kadm5_ret_t -kadm5_ret_tl_data __P(( - krb5_storage *sp, - krb5_tl_data *tl)); - -kadm5_ret_t -kadm5_s_chpass_principal __P(( - void *server_handle, - krb5_principal princ, - char *password)); - -kadm5_ret_t -kadm5_s_chpass_principal_with_key __P(( - void *server_handle, - krb5_principal princ, - int n_key_data, - krb5_key_data *key_data)); - -kadm5_ret_t -kadm5_s_create_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask, - char *password)); - -kadm5_ret_t -kadm5_s_create_principal_with_key __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask)); - -kadm5_ret_t -kadm5_s_delete_principal __P(( - void *server_handle, - krb5_principal princ)); - -kadm5_ret_t -kadm5_s_destroy __P((void *server_handle)); - -kadm5_ret_t -kadm5_s_flush __P((void *server_handle)); - -kadm5_ret_t -kadm5_s_get_principal __P(( - void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, - u_int32_t mask)); - -kadm5_ret_t -kadm5_s_get_principals __P(( - void *server_handle, - const char *exp, - char ***princs, - int *count)); - -kadm5_ret_t -kadm5_s_get_privs __P(( - void *server_handle, - u_int32_t *privs)); - -kadm5_ret_t -kadm5_s_init_with_creds __P(( - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_init_with_creds_ctx __P(( - krb5_context context, - const char *client_name, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_init_with_password __P(( - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_init_with_password_ctx __P(( - krb5_context context, - const char *client_name, - const char *password, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_init_with_skey __P(( - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_init_with_skey_ctx __P(( - krb5_context context, - const char *client_name, - const char *keytab, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle)); - -kadm5_ret_t -kadm5_s_modify_principal __P(( - void *server_handle, - kadm5_principal_ent_t princ, - u_int32_t mask)); - -kadm5_ret_t -kadm5_s_randkey_principal __P(( - void *server_handle, - krb5_principal princ, - krb5_keyblock **new_keys, - int *n_keys)); - -kadm5_ret_t -kadm5_s_rename_principal __P(( - void *server_handle, - krb5_principal source, - krb5_principal target)); - -kadm5_ret_t -kadm5_store_key_data __P(( - krb5_storage *sp, - krb5_key_data *key)); - -kadm5_ret_t -kadm5_store_principal_ent __P(( - krb5_storage *sp, - kadm5_principal_ent_t princ)); - -kadm5_ret_t -kadm5_store_principal_ent_mask __P(( - krb5_storage *sp, - kadm5_principal_ent_t princ, - u_int32_t mask)); - -kadm5_ret_t -kadm5_store_tl_data __P(( - krb5_storage *sp, - krb5_tl_data *tl)); - -void -kadm5_setup_passwd_quality_check(krb5_context context, - const char *check_library, - const char *check_function); - -const char * -kadm5_check_password_quality (krb5_context context, - krb5_principal principal, - krb5_data *pwd_data); +#include "kadm5-protos.h" #if 0 /* unimplemented functions */ diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c new file mode 100644 index 0000000..a185c20 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/bump_pw_expire.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: bump_pw_expire.c,v 1.1 2000/07/24 03:47:54 assar Exp $"); + +/* + * extend password_expiration if it's defined + */ + +kadm5_ret_t +_kadm5_bump_pw_expire(kadm5_server_context *context, + hdb_entry *ent) +{ + if (ent->pw_end != NULL) { + time_t life; + + life = krb5_config_get_time_default(context->context, + NULL, + 365 * 24 * 60 * 60, + "kadmin", + "password_lifetime", + NULL); + + *(ent->pw_end) = time(NULL) + life; + } + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c index aaec48f..b06b8cd 100644 --- a/crypto/heimdal/lib/kadm5/chpass_c.c +++ b/crypto/heimdal/lib/kadm5/chpass_c.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: chpass_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: chpass_c.c,v 1.5 2000/07/11 15:59:14 joda Exp $"); kadm5_ret_t kadm5_c_chpass_principal(void *server_handle, @@ -47,6 +47,10 @@ kadm5_c_chpass_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; @@ -68,3 +72,45 @@ kadm5_c_chpass_principal(void *server_handle, krb5_data_free (&reply); return tmp; } + +kadm5_ret_t +kadm5_c_chpass_principal_with_key(void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + int i; + + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_chpass_with_key); + krb5_store_principal(sp, princ); + krb5_store_int32(sp, n_key_data); + for (i = 0; i < n_key_data; ++i) + kadm5_store_key_data (sp, &key_data[i]); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + krb5_storage_free(sp); + krb5_data_free (&reply); + return tmp; +} diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c index e915124..2133469 100644 --- a/crypto/heimdal/lib/kadm5/chpass_s.c +++ b/crypto/heimdal/lib/kadm5/chpass_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,16 +33,21 @@ #include "kadm5_locl.h" -RCSID("$Id: chpass_s.c,v 1.8 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: chpass_s.c,v 1.13 2001/01/30 01:24:28 assar Exp $"); -kadm5_ret_t -kadm5_s_chpass_principal(void *server_handle, - krb5_principal princ, - char *password) +static kadm5_ret_t +change(void *server_handle, + krb5_principal princ, + char *password, + int cond) { kadm5_server_context *context = server_handle; hdb_entry ent; kadm5_ret_t ret; + Key *keys; + size_t num_keys; + int cmp = 1; + ent.principal = princ; ret = context->db->open(context->context, context->db, O_RDWR, 0); if(ret) @@ -51,19 +56,42 @@ kadm5_s_chpass_principal(void *server_handle, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; + + num_keys = ent.keys.len; + keys = ent.keys.val; + + ent.keys.len = 0; + ent.keys.val = NULL; + ret = _kadm5_set_keys(context, &ent, password); - if(ret) + if(ret) { + _kadm5_free_keys (server_handle, num_keys, keys); + goto out2; + } + if (cond) + cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len, + keys, num_keys); + _kadm5_free_keys (server_handle, num_keys, keys); + + if (cmp == 0) goto out2; + ret = _kadm5_set_modifier(context, &ent); if(ret) goto out2; - hdb_seal_keys(context->db, &ent); + ret = _kadm5_bump_pw_expire(context, &ent); + if (ret) + goto out2; + + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | - KADM5_KEY_DATA | KADM5_KVNO); + KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION); ret = context->db->store(context->context, context->db, HDB_F_REPLACE, &ent); @@ -74,6 +102,36 @@ out: return _kadm5_error_code(ret); } + + +/* + * change the password of `princ' to `password' if it's not already that. + */ + +kadm5_ret_t +kadm5_s_chpass_principal_cond(void *server_handle, + krb5_principal princ, + char *password) +{ + return change (server_handle, princ, password, 1); +} + +/* + * change the password of `princ' to `password' + */ + +kadm5_ret_t +kadm5_s_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + return change (server_handle, princ, password, 0); +} + +/* + * change keys for `princ' to `keys' + */ + kadm5_ret_t kadm5_s_chpass_principal_with_key(void *server_handle, krb5_principal princ, @@ -90,19 +148,24 @@ kadm5_s_chpass_principal_with_key(void *server_handle, ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; - ret = _kadm5_set_keys2(&ent, n_key_data, key_data); + ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data); if(ret) goto out2; ret = _kadm5_set_modifier(context, &ent); if(ret) goto out2; + ret = _kadm5_bump_pw_expire(context, &ent); + if (ret) + goto out2; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | - KADM5_KEY_DATA | KADM5_KVNO); + KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION); ret = context->db->store(context->context, context->db, HDB_F_REPLACE, &ent); diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c index 38c551c..b508282 100644 --- a/crypto/heimdal/lib/kadm5/common_glue.c +++ b/crypto/heimdal/lib/kadm5/common_glue.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: common_glue.c,v 1.4 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: common_glue.c,v 1.5 2000/03/23 22:58:26 assar Exp $"); #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P; @@ -46,6 +46,16 @@ kadm5_chpass_principal(void *server_handle, } kadm5_ret_t +kadm5_chpass_principal_with_key(void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data) +{ + return __CALL(chpass_principal_with_key, + (server_handle, princ, n_key_data, key_data)); +} + +kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t princ, u_int32_t mask, diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c index fc52576..805f4f0 100644 --- a/crypto/heimdal/lib/kadm5/context_s.c +++ b/crypto/heimdal/lib/kadm5/context_s.c @@ -33,14 +33,14 @@ #include "kadm5_locl.h" -RCSID("$Id: context_s.c,v 1.13 2000/01/06 21:40:08 assar Exp $"); +RCSID("$Id: context_s.c,v 1.15 2000/05/12 15:22:33 assar Exp $"); static void set_funcs(kadm5_server_context *c) { #define SET(C, F) (C)->funcs.F = kadm5_s_ ## F SET(c, chpass_principal); - SET(c, chpass_principal); + SET(c, chpass_principal_with_key); SET(c, create_principal); SET(c, delete_principal); SET(c, destroy); @@ -66,6 +66,10 @@ set_field(krb5_context context, krb5_config_binding *binding, char **variable) { const char *p; + + if (*variable != NULL) + free (*variable); + p = krb5_config_get_string(context, binding, name, NULL); if(p) *variable = strdup(p); @@ -153,10 +157,10 @@ find_db_spec(kadm5_server_context *ctx) if(default_binding) set_config(ctx, default_binding); else { - ctx->config.dbname = strdup(HDB_DEFAULT_DB); - ctx->config.acl_file = HDB_DB_DIR "/kadmind.acl"; - ctx->config.stash_file = HDB_DB_DIR "/m-key"; - ctx->log_context.log_file = HDB_DB_DIR "/log"; + ctx->config.dbname = strdup(HDB_DEFAULT_DB); + ctx->config.acl_file = strdup(HDB_DB_DIR "/kadmind.acl"); + ctx->config.stash_file = strdup(HDB_DB_DIR "/m-key"); + ctx->log_context.log_file = strdup(HDB_DB_DIR "/log"); memset(&ctx->log_context.socket_name, 0, sizeof(ctx->log_context.socket_name)); ctx->log_context.socket_name.sun_family = AF_UNIX; diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c index 45eb3e2..8d81cb3 100644 --- a/crypto/heimdal/lib/kadm5/create_c.c +++ b/crypto/heimdal/lib/kadm5/create_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: create_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: create_c.c,v 1.4 2000/07/11 15:59:21 joda Exp $"); kadm5_ret_t kadm5_c_create_principal(void *server_handle, @@ -48,6 +48,10 @@ kadm5_c_create_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c index 6e352f6..287211b 100644 --- a/crypto/heimdal/lib/kadm5/create_s.c +++ b/crypto/heimdal/lib/kadm5/create_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: create_s.c,v 1.16 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: create_s.c,v 1.19 2001/01/30 01:24:28 assar Exp $"); static kadm5_ret_t get_default(kadm5_server_context *context, krb5_principal princ, @@ -87,7 +87,8 @@ create_principal(kadm5_server_context *context, def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE; } - ret = _kadm5_setup_entry(ent, mask | def_mask, + ret = _kadm5_setup_entry(context, + ent, mask | def_mask, princ, mask, defent, def_mask); if(defent) @@ -119,11 +120,13 @@ kadm5_s_create_principal_with_key(void *server_handle, if(ret) goto out; - ret = _kadm5_set_keys2(&ent, princ->n_key_data, princ->key_data); + ret = _kadm5_set_keys2(context, &ent, princ->n_key_data, princ->key_data); if(ret) goto out; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_create (context, &ent); @@ -174,8 +177,12 @@ kadm5_s_create_principal(void *server_handle, ent.keys.val[2].salt->type = hdb_pw_salt; ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1; ret = _kadm5_set_keys(context, &ent, password); + if (ret) + goto out; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_create (context, &ent); diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c index 71a3cf0..7575c5e 100644 --- a/crypto/heimdal/lib/kadm5/delete_c.c +++ b/crypto/heimdal/lib/kadm5/delete_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: delete_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: delete_c.c,v 1.4 2000/07/11 15:59:29 joda Exp $"); kadm5_ret_t kadm5_c_delete_principal(void *server_handle, krb5_principal princ) @@ -45,6 +45,10 @@ kadm5_c_delete_principal(void *server_handle, krb5_principal princ) int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c index ef326587b..2f2bf88 100644 --- a/crypto/heimdal/lib/kadm5/delete_s.c +++ b/crypto/heimdal/lib/kadm5/delete_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: delete_s.c,v 1.7 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: delete_s.c,v 1.9 2001/01/30 01:24:28 assar Exp $"); kadm5_ret_t kadm5_s_delete_principal(void *server_handle, krb5_principal princ) @@ -57,7 +57,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) goto out; } - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_delete (context, princ); diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c index 22158d0..a8ad328 100644 --- a/crypto/heimdal/lib/kadm5/destroy_s.c +++ b/crypto/heimdal/lib/kadm5/destroy_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,35 @@ #include "kadm5_locl.h" -RCSID("$Id: destroy_s.c,v 1.5 1999/12/02 17:05:05 joda Exp $"); +RCSID("$Id: destroy_s.c,v 1.6 2000/05/12 15:23:13 assar Exp $"); + +/* + * dealloc a `kadm5_config_params' + */ + +static void +destroy_config (kadm5_config_params *c) +{ + free (c->realm); + free (c->dbname); + free (c->acl_file); + free (c->stash_file); +} + +/* + * dealloc a kadm5_log_context + */ + +static void +destroy_kadm5_log_context (kadm5_log_context *c) +{ + free (c->log_file); + close (c->socket_fd); +} + +/* + * destroy a kadm5 handle + */ kadm5_ret_t kadm5_s_destroy(void *server_handle) @@ -43,8 +71,11 @@ kadm5_s_destroy(void *server_handle) krb5_context kcontext = context->context; ret = context->db->destroy(kcontext, context->db); + destroy_kadm5_log_context (&context->log_context); + destroy_config (&context->config); + krb5_free_principal (kcontext, context->caller); if(context->my_context) krb5_free_context(kcontext); + free (context); return ret; } - diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c index 68a3f53..691f2d3 100644 --- a/crypto/heimdal/lib/kadm5/dump_log.c +++ b/crypto/heimdal/lib/kadm5/dump_log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "iprop.h" #include "parse_time.h" -RCSID("$Id: dump_log.c,v 1.9 1999/12/04 19:49:43 assar Exp $"); +RCSID("$Id: dump_log.c,v 1.11 2000/07/24 04:30:11 assar Exp $"); static char *op_names[] = { "get", @@ -45,7 +45,9 @@ static char *op_names[] = { "modify", "randkey", "get_privs", - "get_princs" + "get_princs", + "chpass_with_key", + "nop" }; static void @@ -70,7 +72,7 @@ print_entry(kadm5_server_context *server_context, strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); - if(op < kadm_get || op > kadm_get_princs) { + if(op < kadm_get || op > kadm_nop) { printf("unknown op: %d\n", op); sp->seek(sp, end, SEEK_SET); return; @@ -130,11 +132,11 @@ print_entry(kadm5_server_context *server_context, printf(" expires = %s\n", t); } if(mask & KADM5_PW_EXPIRATION) { - if(ent.valid_end == NULL) { + if(ent.pw_end == NULL) { strcpy(t, "never"); } else { strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", - localtime(ent.valid_end)); + localtime(ent.pw_end)); } printf(" password exp = %s\n", t); } @@ -197,16 +199,19 @@ print_entry(kadm5_server_context *server_context, } hdb_free_entry(context, &ent); break; + case kadm_nop : + break; default: abort(); } sp->seek(sp, end, SEEK_SET); } -char *realm; -int version_flag; -int help_flag; -struct getargs args[] = { +static char *realm; +static int version_flag; +static int help_flag; + +static struct getargs args[] = { { "realm", 'r', arg_string, &realm }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c index 46653c7..29fab74 100644 --- a/crypto/heimdal/lib/kadm5/ent_setup.c +++ b/crypto/heimdal/lib/kadm5/ent_setup.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: ent_setup.c,v 1.11 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: ent_setup.c,v 1.12 2000/03/23 23:02:35 assar Exp $"); #define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0) #define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0) @@ -62,7 +62,8 @@ attr_to_flags(unsigned attr, HDBFlags *flags) */ kadm5_ret_t -_kadm5_setup_entry(hdb_entry *ent, +_kadm5_setup_entry(kadm5_server_context *context, + hdb_entry *ent, u_int32_t mask, kadm5_principal_ent_t princ, u_int32_t princ_mask, @@ -129,7 +130,7 @@ _kadm5_setup_entry(hdb_entry *ent, } if(mask & KADM5_KEY_DATA && princ_mask & KADM5_KEY_DATA) { - _kadm5_set_keys2(ent, princ->n_key_data, princ->key_data); + _kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data); } if(mask & KADM5_TL_DATA) { /* XXX */ diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 9ca672a..279a77a 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: get_c.c,v 1.5 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: get_c.c,v 1.6 2000/07/11 15:59:36 joda Exp $"); kadm5_ret_t kadm5_c_get_principal(void *server_handle, @@ -48,6 +48,10 @@ kadm5_c_get_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c index 0956052..3536cdf 100644 --- a/crypto/heimdal/lib/kadm5/get_princs_c.c +++ b/crypto/heimdal/lib/kadm5/get_princs_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: get_princs_c.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: get_princs_c.c,v 1.4 2000/07/11 16:00:19 joda Exp $"); kadm5_ret_t kadm5_c_get_principals(void *server_handle, @@ -48,6 +48,10 @@ kadm5_c_get_principals(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c index 12613b6..0851900 100644 --- a/crypto/heimdal/lib/kadm5/get_s.c +++ b/crypto/heimdal/lib/kadm5/get_s.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: get_s.c,v 1.11 1999/12/26 19:38:23 assar Exp $"); +RCSID("$Id: get_s.c,v 1.13 2000/06/19 16:11:31 joda Exp $"); kadm5_ret_t kadm5_s_get_principal(void *server_handle, @@ -78,8 +78,12 @@ kadm5_s_get_principal(void *server_handle, out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; } - if(mask & KADM5_MAX_LIFE && ent.max_life) - out->max_life = *ent.max_life; + if(mask & KADM5_MAX_LIFE) { + if(ent.max_life) + out->max_life = *ent.max_life; + else + out->max_life = INT_MAX; + } if(mask & KADM5_MOD_TIME) { if(ent.modified_by) out->mod_date = ent.modified_by->time; @@ -92,10 +96,12 @@ kadm5_s_get_principal(void *server_handle, ret = krb5_copy_principal(context->context, ent.modified_by->principal, &out->mod_name); - } else + } else if(ent.created_by.principal != NULL) ret = krb5_copy_principal(context->context, ent.created_by.principal, &out->mod_name); + else + out->mod_name = NULL; } if(ret) goto out; @@ -115,8 +121,12 @@ kadm5_s_get_principal(void *server_handle, /* XXX implement */; if(mask & KADM5_POLICY) out->policy = NULL; - if(mask & KADM5_MAX_RLIFE && ent.max_renew) - out->max_renewable_life = *ent.max_renew; + if(mask & KADM5_MAX_RLIFE) { + if(ent.max_renew) + out->max_renewable_life = *ent.max_renew; + else + out->max_renewable_life = INT_MAX; + } if(mask & KADM5_LAST_SUCCESS) /* XXX implement */; if(mask & KADM5_LAST_FAILED) @@ -140,7 +150,7 @@ kadm5_s_get_principal(void *server_handle, if(key->salt) kd->key_data_type[1] = key->salt->type; else - kd->key_data_type[1] = pa_pw_salt; + kd->key_data_type[1] = KRB5_PADATA_PW_SALT; /* setup key */ kd->key_data_length[0] = key->key.keyvalue.length; kd->key_data_contents[0] = malloc(kd->key_data_length[0]); diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c index 098e9c8..e4df034 100644 --- a/crypto/heimdal/lib/kadm5/init_c.c +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -37,14 +37,14 @@ #include <netinet/in.h> #include <netdb.h> -RCSID("$Id: init_c.c,v 1.35 2000/01/28 03:20:18 assar Exp $"); +RCSID("$Id: init_c.c,v 1.40 2000/12/31 08:00:23 assar Exp $"); static void set_funcs(kadm5_client_context *c) { #define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F SET(c, chpass_principal); - SET(c, chpass_principal); + SET(c, chpass_principal_with_key); SET(c, create_principal); SET(c, delete_principal); SET(c, destroy); @@ -288,21 +288,10 @@ get_cred_cache(krb5_context context, return ret; } -static kadm5_ret_t -kadm5_c_init_with_context(krb5_context context, - const char *client_name, - const char *password, - krb5_prompter_fct prompter, - const char *keytab, - krb5_ccache ccache, - const char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) +static kadm5_ret_t +kadm_connect(kadm5_client_context *ctx) { kadm5_ret_t ret; - kadm5_client_context *ctx; krb5_principal server; krb5_ccache cc; int s; @@ -311,15 +300,12 @@ kadm5_c_init_with_context(krb5_context context, int error; char portstr[NI_MAXSERV]; char *hostname, *slash; + krb5_context context = ctx->context; memset (&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; - - ret = _kadm5_c_init_context(&ctx, realm_params, context); - if(ret) - return ret; - + snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port)); hostname = ctx->admin_server; @@ -347,8 +333,9 @@ kadm5_c_init_with_context(krb5_context context, krb5_warnx (context, "failed to contact %s", hostname); return KADM5_FAILURE; } - ret = get_cred_cache(context, client_name, service_name, - password, prompter, keytab, ccache, &cc); + ret = get_cred_cache(context, ctx->client_name, ctx->service_name, + NULL, ctx->prompter, ctx->keytab, + ctx->ccache, &cc); if(ret) { freeaddrinfo (ai); @@ -358,7 +345,7 @@ kadm5_c_init_with_context(krb5_context context, ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server); if(ret) { freeaddrinfo (ai); - if(ccache == NULL) + if(ctx->ccache == NULL) krb5_cc_close(context, cc); close(s); return ret; @@ -370,19 +357,18 @@ kadm5_c_init_with_context(krb5_context context, server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); if(ret == 0) { - krb5_data params, enc_data; - ret = _kadm5_marshal_params(context, realm_params, ¶ms); - - ret = krb5_mk_priv(context, - ctx->ac, - ¶ms, - &enc_data, - NULL); - - ret = krb5_write_message(context, &s, &enc_data); + krb5_data params; + ret = _kadm5_marshal_params(context, ctx->realm_params, ¶ms); + ret = krb5_write_priv_message(context, ctx->ac, &s, ¶ms); krb5_data_free(¶ms); - krb5_data_free(&enc_data); + if(ret) { + freeaddrinfo (ai); + close(s); + if(ctx->ccache == NULL) + krb5_cc_close(context, cc); + return ret; + } } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) { close(s); @@ -396,8 +382,6 @@ kadm5_c_init_with_context(krb5_context context, freeaddrinfo (ai); return errno; } - freeaddrinfo (ai); - ret = krb5_sendauth(context, &ctx->ac, &s, KADMIN_OLD_APPL_VERSION, NULL, server, AP_OPTS_MUTUAL_REQUIRED, @@ -410,13 +394,70 @@ kadm5_c_init_with_context(krb5_context context, } krb5_free_principal(context, server); - if(ccache == NULL) + if(ctx->ccache == NULL) krb5_cc_close(context, cc); if(ret) { close(s); return ret; } ctx->sock = s; + + return 0; +} + +kadm5_ret_t +_kadm5_connect(void *handle) +{ + kadm5_client_context *ctx = handle; + if(ctx->sock == -1) + return kadm_connect(ctx); + return 0; +} + +static kadm5_ret_t +kadm5_c_init_with_context(krb5_context context, + const char *client_name, + const char *password, + krb5_prompter_fct prompter, + const char *keytab, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + kadm5_ret_t ret; + kadm5_client_context *ctx; + krb5_ccache cc; + + ret = _kadm5_c_init_context(&ctx, realm_params, context); + if(ret) + return ret; + + if(password != NULL && *password != '\0') { + ret = get_cred_cache(context, client_name, service_name, + password, prompter, keytab, ccache, &cc); + if(ret) + return ret; /* XXX */ + ccache = cc; + } + + + if (client_name != NULL) + ctx->client_name = strdup(client_name); + else + ctx->client_name = NULL; + if (service_name != NULL) + ctx->service_name = strdup(service_name); + else + ctx->service_name = NULL; + ctx->prompter = prompter; + ctx->keytab = keytab; + ctx->ccache = ccache; + ctx->realm_params = realm_params; + ctx->sock = -1; + *server_handle = ctx; return 0; } @@ -437,7 +478,9 @@ init_context(const char *client_name, kadm5_ret_t ret; kadm5_server_context *ctx; - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + return ret; ret = kadm5_c_init_with_context(context, client_name, password, diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c index 6c1f3d1..bf5d036 100644 --- a/crypto/heimdal/lib/kadm5/init_s.c +++ b/crypto/heimdal/lib/kadm5/init_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: init_s.c,v 1.9 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: init_s.c,v 1.10 2000/12/31 08:01:16 assar Exp $"); static kadm5_ret_t @@ -113,7 +113,9 @@ kadm5_s_init_with_password(const char *client_name, kadm5_ret_t ret; kadm5_server_context *ctx; - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + return ret; ret = kadm5_s_init_with_password_ctx(context, client_name, password, @@ -163,7 +165,9 @@ kadm5_s_init_with_skey(const char *client_name, kadm5_ret_t ret; kadm5_server_context *ctx; - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + return ret; ret = kadm5_s_init_with_skey_ctx(context, client_name, keytab, @@ -213,7 +217,9 @@ kadm5_s_init_with_creds(const char *client_name, kadm5_ret_t ret; kadm5_server_context *ctx; - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) + return ret; ret = kadm5_s_init_with_creds_ctx(context, client_name, ccache, diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h index 499f515..a8f2b7f 100644 --- a/crypto/heimdal/lib/kadm5/iprop.h +++ b/crypto/heimdal/lib/kadm5/iprop.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: iprop.h,v 1.4 1999/12/02 17:05:06 joda Exp $ */ +/* $Id: iprop.h,v 1.5 2000/06/05 17:02:43 assar Exp $ */ #ifndef __IPROP_H__ #define __IPROP_H__ @@ -48,6 +48,15 @@ #define IPROP_NAME "iprop" -enum iprop_cmd { I_HAVE = 1, FOR_YOU = 2 }; +#define IPROP_SERVICE "iprop" + +#define IPROP_PORT 2121 + +enum iprop_cmd { I_HAVE = 1, + FOR_YOU = 2, + TELL_YOU_EVERYTHING = 3, + ONE_PRINC = 4, + NOW_YOU_HAVE = 5 +}; #endif /* __IPROP_H__ */ diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c index b2e71a7..99cddc4 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_master.c +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ #include "iprop.h" -RCSID("$Id: ipropd_master.c,v 1.12 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: ipropd_master.c,v 1.21 2000/11/15 23:12:45 assar Exp $"); + +static krb5_log_facility *log_facility; static int make_signal_socket (krb5_context context) @@ -46,8 +48,7 @@ make_signal_socket (krb5_context context) krb5_err (context, 1, errno, "socket AF_UNIX"); memset (&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - strncpy (addr.sun_path, KADM5_LOG_SIGNAL, sizeof(addr.sun_path)); - addr.sun_path[sizeof(addr.sun_path) - 1] = '\0'; + strlcpy (addr.sun_path, KADM5_LOG_SIGNAL, sizeof(addr.sun_path)); unlink (addr.sun_path); if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) krb5_err (context, 1, errno, "bind %s", addr.sun_path); @@ -67,7 +68,8 @@ make_listen_socket (krb5_context context) setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); memset (&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; - addr.sin_port = htons(4711); + addr.sin_port = krb5_getportbyname (context, + IPROP_SERVICE, "tcp", IPROP_PORT); if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) krb5_err (context, 1, errno, "bind"); if (listen(fd, SOMAXCONN) < 0) @@ -109,12 +111,12 @@ check_acl (krb5_context context, const char *name) } static void -add_slave (krb5_context context, slave **root, int fd) +add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) { krb5_principal server; krb5_error_code ret; slave *s; - int addr_len; + socklen_t addr_len; krb5_ticket *ticket = NULL; char hostname[128]; @@ -141,7 +143,7 @@ add_slave (krb5_context context, slave **root, int fd) } ret = krb5_recvauth (context, &s->ac, &s->fd, - IPROP_VERSION, server, 0, NULL, &ticket); + IPROP_VERSION, server, 0, keytab, &ticket); krb5_free_principal (context, server); if (ret) { krb5_warn (context, ret, "krb5_recvauth"); @@ -157,7 +159,7 @@ add_slave (krb5_context context, slave **root, int fd) goto error; } krb5_free_ticket (context, ticket); - printf ("connection from %s\n", s->name); + krb5_warnx (context, "connection from %s", s->name); s->version = 0; s->next = *root; @@ -191,24 +193,87 @@ remove_slave (krb5_context context, slave *s, slave **root) free (s); } +struct prop_context { + krb5_auth_context auth_context; + int fd; +}; + +static int +prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v) +{ + krb5_error_code ret; + krb5_data data; + struct slave *slave = (struct slave *)v; + + ret = hdb_entry2value (context, entry, &data); + if (ret) + return ret; + ret = krb5_data_realloc (&data, data.length + 4); + if (ret) { + krb5_data_free (&data); + return ret; + } + memmove ((char *)data.data + 4, data.data, data.length - 4); + _krb5_put_int (data.data, ONE_PRINC, 4); + + ret = krb5_write_priv_message (context, slave->ac, &slave->fd, &data); + krb5_data_free (&data); + return ret; +} + static int -send_complete (krb5_context context, slave *s) +send_complete (krb5_context context, slave *s, + const char *database, u_int32_t current_version) { - abort (); + krb5_error_code ret; + HDB *db; + krb5_data data; + char buf[8]; + + ret = hdb_create (context, &db, database); + if (ret) + krb5_err (context, 1, ret, "hdb_create: %s", database); + ret = db->open (context, db, O_RDONLY, 0); + if (ret) + krb5_err (context, 1, ret, "db->open"); + + _krb5_put_int(buf, TELL_YOU_EVERYTHING, 4); + + data.data = buf; + data.length = 4; + + ret = krb5_write_priv_message(context, s->ac, &s->fd, &data); + + if (ret) + krb5_err (context, 1, ret, "krb5_write_priv_message"); + + ret = hdb_foreach (context, db, 0, prop_one, s); + if (ret) + krb5_err (context, 1, ret, "hdb_foreach"); + + _krb5_put_int (buf, NOW_YOU_HAVE, 4); + _krb5_put_int (buf + 4, current_version, 4); + data.length = 8; + + ret = krb5_write_priv_message(context, s->ac, &s->fd, &data); + + if (ret) + krb5_err (context, 1, ret, "krb5_write_priv_message"); + + return 0; } static int send_diffs (krb5_context context, slave *s, int log_fd, - u_int32_t current_version) + const char *database, u_int32_t current_version) { - krb5_storage *sp, *data_sp; + krb5_storage *sp; u_int32_t ver; time_t timestamp; enum kadm_ops op; u_int32_t len; off_t right, left; krb5_data data; - krb5_data priv_data; int ret = 0; if (s->version == current_version) @@ -216,18 +281,16 @@ send_diffs (krb5_context context, slave *s, int log_fd, sp = kadm5_log_goto_end (log_fd); right = sp->seek(sp, 0, SEEK_CUR); - printf ("%ld, looking for %d\n", (long)right, s->version); for (;;) { if (kadm5_log_previous (sp, &ver, ×tamp, &op, &len)) abort (); - printf ("version = %d\n", ver); left = sp->seek(sp, -16, SEEK_CUR); if (ver == s->version) return 0; if (ver == s->version + 1) break; if (left == 0) - return send_complete (context, s); + return send_complete (context, s, database, current_version); } krb5_data_alloc (&data, right - left + 4); sp->fetch (sp, (char *)data.data + 4, data.length - 4); @@ -235,17 +298,10 @@ send_diffs (krb5_context context, slave *s, int log_fd, _krb5_put_int(data.data, FOR_YOU, 4); - ret = krb5_mk_priv (context, s->ac, &data, &priv_data, NULL); - krb5_data_free(&data); - if (ret) { - krb5_warn (context, ret, "krb_mk_priv"); - return 0; - } + ret = krb5_write_priv_message(context, s->ac, &s->fd, &data); - ret = krb5_write_message (context, &s->fd, &priv_data); - krb5_data_free (&priv_data); if (ret) { - krb5_warn (context, ret, "krb5_write_message"); + krb5_warn (context, ret, "krb5_write_priv_message"); return 1; } return 0; @@ -253,26 +309,16 @@ send_diffs (krb5_context context, slave *s, int log_fd, static int process_msg (krb5_context context, slave *s, int log_fd, - u_int32_t current_version) + const char *database, u_int32_t current_version) { int ret = 0; - krb5_data in, out; + krb5_data out; krb5_storage *sp; int32_t tmp; - ret = krb5_read_message (context, &s->fd, &in); - if (ret) - return 1; - - if(in.length == 0) { - krb5_warnx(context, "process_msg: short message"); - return 1; - } - - ret = krb5_rd_priv (context, s->ac, &in, &out, NULL); - krb5_data_free (&in); - if (ret) { - krb5_warn (context, ret, "krb5_rd_priv"); + ret = krb5_read_priv_message(context, s->ac, &s->fd, &out); + if(ret) { + krb5_warn (context, ret, "error reading message from %s", s->name); return 1; } @@ -282,7 +328,7 @@ process_msg (krb5_context context, slave *s, int log_fd, case I_HAVE : krb5_ret_int32 (sp, &tmp); s->version = tmp; - ret = send_diffs (context, s, log_fd, current_version); + ret = send_diffs (context, s, log_fd, database, current_version); break; case FOR_YOU : default : @@ -294,15 +340,21 @@ process_msg (krb5_context context, slave *s, int log_fd, return ret; } -char *realm; -int version_flag; -int help_flag; -struct getargs args[] = { +static char *realm; +static int version_flag; +static int help_flag; +static char *keytab_str = "HDB:"; +static char *database; + +static struct getargs args[] = { { "realm", 'r', arg_string, &realm }, + { "keytab", 'k', arg_string, &keytab_str, + "keytab to get authentication from", "kspec" }, + { "database", 'd', arg_string, &database, "database", "file"}, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; -int num_args = sizeof(args) / sizeof(args[0]); +static int num_args = sizeof(args) / sizeof(args[0]); int main(int argc, char **argv) @@ -316,7 +368,7 @@ main(int argc, char **argv) int log_fd; slave *slaves = NULL; u_int32_t current_version, old_version = 0; - + krb5_keytab keytab; int optind; optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); @@ -328,17 +380,28 @@ main(int argc, char **argv) exit(0); } + krb5_openlog (context, "ipropd-master", &log_facility); + krb5_set_warn_dest(context, log_facility); + + ret = krb5_kt_register(context, &hdb_kt_ops); + if(ret) + krb5_err(context, 1, ret, "krb5_kt_register"); + + ret = krb5_kt_resolve(context, keytab_str, &keytab); + if(ret) + krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str); + memset(&conf, 0, sizeof(conf)); if(realm) { conf.mask |= KADM5_CONFIG_REALM; conf.realm = realm; } - ret = kadm5_init_with_password_ctx (context, - KADM5_ADMIN_SERVICE, - NULL, - KADM5_ADMIN_SERVICE, - &conf, 0, 0, - &kadm_handle); + ret = kadm5_init_with_skey_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -352,6 +415,8 @@ main(int argc, char **argv) signal_fd = make_signal_socket (context); listen_fd = make_listen_socket (context); + signal (SIGPIPE, SIG_IGN); + for (;;) { slave *p; fd_set readset; @@ -359,6 +424,9 @@ main(int argc, char **argv) struct timeval to = {30, 0}; u_int32_t vers; + if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE) + krb5_errx (context, 1, "fd too large"); + FD_ZERO(&readset); FD_SET(signal_fd, &readset); max_fd = max(max_fd, signal_fd); @@ -381,38 +449,37 @@ main(int argc, char **argv) if (ret == 0) { old_version = current_version; - kadm5_log_get_version (log_fd, ¤t_version); + kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) for (p = slaves; p != NULL; p = p->next) - send_diffs (context, p, log_fd, current_version); + send_diffs (context, p, log_fd, database, current_version); } if (ret && FD_ISSET(signal_fd, &readset)) { struct sockaddr_un peer_addr; - int peer_len = sizeof(peer_addr); + socklen_t peer_len = sizeof(peer_addr); if(recvfrom(signal_fd, &vers, sizeof(vers), 0, (struct sockaddr *)&peer_addr, &peer_len) < 0) { krb5_warn (context, errno, "recvfrom"); continue; } - printf ("signal: %u\n", vers); --ret; old_version = current_version; - kadm5_log_get_version (log_fd, ¤t_version); + kadm5_log_get_version_fd (log_fd, ¤t_version); for (p = slaves; p != NULL; p = p->next) - send_diffs (context, p, log_fd, current_version); + send_diffs (context, p, log_fd, database, current_version); } for(p = slaves; p != NULL && ret--; p = p->next) if (FD_ISSET(p->fd, &readset)) { - if(process_msg (context, p, log_fd, current_version)) + if(process_msg (context, p, log_fd, database, current_version)) remove_slave (context, p, &slaves); } if (ret && FD_ISSET(listen_fd, &readset)) { - add_slave (context, &slaves, listen_fd); + add_slave (context, keytab, &slaves, listen_fd); --ret; } diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c index 76884eb..8d8bf25 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_slave.c +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ #include "iprop.h" -RCSID("$Id: ipropd_slave.c,v 1.10 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: ipropd_slave.c,v 1.21 2000/08/06 02:06:19 assar Exp $"); + +static krb5_log_facility *log_facility; static int connect_to_master (krb5_context context, const char *master) @@ -47,7 +49,8 @@ connect_to_master (krb5_context context, const char *master) krb5_err (context, 1, errno, "socket AF_INET"); memset (&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; - addr.sin_port = htons(4711); + addr.sin_port = krb5_getportbyname (context, + IPROP_SERVICE, "tcp", IPROP_PORT); he = roken_gethostbyname (master); if (he == NULL) krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno)); @@ -58,31 +61,37 @@ connect_to_master (krb5_context context, const char *master) } static void -get_creds(krb5_context context, krb5_ccache *cache, const char *host) +get_creds(krb5_context context, const char *keytab_str, + krb5_ccache *cache, const char *host) { krb5_keytab keytab; krb5_principal client; krb5_error_code ret; krb5_get_init_creds_opt init_opts; -#if 0 - krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP; -#endif krb5_creds creds; - char my_hostname[128]; char *server; + char keytab_buf[256]; - ret = krb5_kt_default(context, &keytab); - if(ret) krb5_err(context, 1, ret, "krb5_kt_default"); + ret = krb5_kt_register(context, &hdb_kt_ops); + if(ret) + krb5_err(context, 1, ret, "krb5_kt_register"); - gethostname (my_hostname, sizeof(my_hostname)); - ret = krb5_sname_to_principal (context, my_hostname, IPROP_NAME, + if (keytab_str == NULL) { + ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); + if (ret) + krb5_err (context, 1, ret, "krb5_kt_default_name"); + keytab_str = keytab_buf; + } + + ret = krb5_kt_resolve(context, keytab_str, &keytab); + if(ret) + krb5_err(context, 1, ret, "%s", keytab_str); + + ret = krb5_sname_to_principal (context, NULL, IPROP_NAME, KRB5_NT_SRV_HST, &client); if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal"); krb5_get_init_creds_opt_init(&init_opts); -#if 0 - krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1); -#endif asprintf (&server, "%s/%s", IPROP_NAME, host); if (server == NULL) @@ -134,21 +143,15 @@ ihave (krb5_context context, krb5_auth_context auth_context, } static void -receive (krb5_context context, - krb5_storage *sp, - kadm5_server_context *server_context) +receive_loop (krb5_context context, + krb5_storage *sp, + kadm5_server_context *server_context) { int ret; off_t left, right; void *buf; int32_t vers; - ret = server_context->db->open(context, - server_context->db, - O_RDWR | O_CREAT, 0); - if (ret) - krb5_err (context, 1, ret, "db->open"); - do { int32_t len, timestamp, tmp; enum kadm_ops op; @@ -166,7 +169,7 @@ receive (krb5_context context, left = sp->seek (sp, -16, SEEK_CUR); right = sp->seek (sp, 0, SEEK_END); buf = malloc (right - left); - if (buf == NULL) { + if (buf == NULL && (right - left) != 0) { krb5_warnx (context, "malloc: no memory"); return; } @@ -197,21 +200,120 @@ receive (krb5_context context, server_context->log_context.version = vers; sp->seek (sp, 8, SEEK_CUR); } +} + +static void +receive (krb5_context context, + krb5_storage *sp, + kadm5_server_context *server_context) +{ + int ret; + + ret = server_context->db->open(context, + server_context->db, + O_RDWR | O_CREAT, 0600); + if (ret) + krb5_err (context, 1, ret, "db->open"); + + receive_loop (context, sp, server_context); + + ret = server_context->db->close (context, server_context->db); + if (ret) + krb5_err (context, 1, ret, "db->close"); +} + +static void +receive_everything (krb5_context context, int fd, + kadm5_server_context *server_context, + krb5_auth_context auth_context) +{ + int ret; + krb5_data data; + int32_t vno; + int32_t opcode; + + ret = server_context->db->open(context, + server_context->db, + O_RDWR | O_CREAT | O_TRUNC, 0600); + if (ret) + krb5_err (context, 1, ret, "db->open"); + + do { + krb5_storage *sp; + + ret = krb5_read_priv_message(context, auth_context, &fd, &data); + + if (ret) + krb5_err (context, 1, ret, "krb5_read_priv_message"); + + sp = krb5_storage_from_data (&data); + krb5_ret_int32 (sp, &opcode); + if (opcode == ONE_PRINC) { + krb5_data fake_data; + hdb_entry entry; + + fake_data.data = (char *)data.data + 4; + fake_data.length = data.length - 4; + + ret = hdb_value2entry (context, &fake_data, &entry); + if (ret) + krb5_err (context, 1, ret, "hdb_value2entry"); + ret = server_context->db->store(server_context->context, + server_context->db, + 0, &entry); + if (ret) + krb5_err (context, 1, ret, "hdb_store"); + + hdb_free_entry (context, &entry); + krb5_data_free (&data); + } + } while (opcode == ONE_PRINC); + + if (opcode != NOW_YOU_HAVE) + krb5_errx (context, 1, "receive_everything: strange %d", opcode); + + _krb5_get_int ((char *)data.data + 4, &vno, 4); + + ret = kadm5_log_reinit (server_context); + if (ret) + krb5_err(context, 1, ret, "kadm5_log_reinit"); + + ret = kadm5_log_set_version (server_context, vno - 1); + if (ret) + krb5_err (context, 1, ret, "kadm5_log_set_version"); + + ret = kadm5_log_nop (server_context); + if (ret) + krb5_err (context, 1, ret, "kadm5_log_nop"); + + krb5_data_free (&data); ret = server_context->db->close (context, server_context->db); if (ret) krb5_err (context, 1, ret, "db->close"); } -char *realm; -int version_flag; -int help_flag; -struct getargs args[] = { +static char *realm; +static int version_flag; +static int help_flag; +static char *keytab_str; + +static struct getargs args[] = { { "realm", 'r', arg_string, &realm }, + { "keytab", 'k', arg_string, &keytab_str, + "keytab to get authentication from", "kspec" }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; -int num_args = sizeof(args) / sizeof(args[0]); + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage (int code, struct getargs *args, int num_args) +{ + arg_printusage (args, num_args, NULL, "master"); + exit (code); +} int main(int argc, char **argv) @@ -227,16 +329,32 @@ main(int argc, char **argv) krb5_principal server; int optind; + const char *master; - optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); + optind = krb5_program_setup(&context, argc, argv, args, num_args, usage); if(help_flag) - krb5_std_usage(0, args, num_args); + usage (0, args, num_args); if(version_flag) { print_version(NULL); exit(0); } + argc -= optind; + argv += optind; + + if (argc != 1) + usage (1, args, num_args); + + master = argv[0]; + + krb5_openlog (context, "ipropd-master", &log_facility); + krb5_set_warn_dest(context, log_facility); + + ret = krb5_kt_register(context, &hdb_kt_ops); + if(ret) + krb5_err(context, 1, ret, "krb5_kt_register"); + memset(&conf, 0, sizeof(conf)); if(realm) { conf.mask |= KADM5_CONFIG_REALM; @@ -257,11 +375,11 @@ main(int argc, char **argv) if (ret) krb5_err (context, 1, ret, "kadm5_log_init"); - get_creds(context, &ccache, argv[1]); + get_creds(context, keytab_str, &ccache, master); - master_fd = connect_to_master (context, argv[1]); + master_fd = connect_to_master (context, master); - ret = krb5_sname_to_principal (context, argv[1], IPROP_NAME, + ret = krb5_sname_to_principal (context, master, IPROP_NAME, KRB5_NT_SRV_HST, &server); if (ret) krb5_err (context, 1, ret, "krb5_sname_to_principal"); @@ -279,18 +397,14 @@ main(int argc, char **argv) for (;;) { int ret; - krb5_data data, out; + krb5_data out; krb5_storage *sp; int32_t tmp; - ret = krb5_read_message (context, &master_fd, &data); - if (ret) - krb5_err (context, 1, ret, "krb5_read_message"); + ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); - ret = krb5_rd_priv (context, auth_context, &data, &out, NULL); - krb5_data_free (&data); if (ret) - krb5_err (context, 1, ret, "krb5_rd_priv"); + krb5_err (context, 1, ret, "krb5_read_priv_message"); sp = krb5_storage_from_mem (out.data, out.length); krb5_ret_int32 (sp, &tmp); @@ -300,7 +414,13 @@ main(int argc, char **argv) ihave (context, auth_context, master_fd, server_context->log_context.version); break; + case TELL_YOU_EVERYTHING : + receive_everything (context, master_fd, server_context, + auth_context); + break; + case NOW_YOU_HAVE : case I_HAVE : + case ONE_PRINC : default : krb5_warnx (context, "Ignoring command %d", tmp); break; @@ -308,6 +428,6 @@ main(int argc, char **argv) krb5_storage_free (sp); krb5_data_free (&out); } - + return 0; -} + } diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h new file mode 100644 index 0000000..4e74a2b --- /dev/null +++ b/crypto/heimdal/lib/kadm5/kadm5-private.h @@ -0,0 +1,245 @@ +/* + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm5-private.h,v 1.3 2000/07/24 04:31:17 assar Exp $ */ + +#ifndef __kadm5_privatex_h__ +#define __kadm5_privatex_h__ + +kadm5_ret_t _kadm5_privs_to_string (u_int32_t, char*, size_t); + +kadm5_ret_t _kadm5_string_to_privs (const char*, u_int32_t*); + +HDB *_kadm5_s_get_db (void *); + +kadm5_ret_t +_kadm5_acl_check_permission __P(( + kadm5_server_context *context, + unsigned op, + krb5_const_principal princ)); + +kadm5_ret_t +_kadm5_acl_init __P((kadm5_server_context *context)); + +kadm5_ret_t +_kadm5_c_init_context __P(( + kadm5_client_context **ctx, + kadm5_config_params *params, + krb5_context context)); + +kadm5_ret_t +_kadm5_client_recv __P(( + kadm5_client_context *context, + krb5_data *reply)); + +kadm5_ret_t +_kadm5_client_send __P(( + kadm5_client_context *context, + krb5_storage *sp)); + +kadm5_ret_t +_kadm5_connect __P((void*)); + +kadm5_ret_t +_kadm5_error_code __P((kadm5_ret_t code)); + +kadm5_ret_t +_kadm5_s_init_context __P(( + kadm5_server_context **ctx, + kadm5_config_params *params, + krb5_context context)); + +kadm5_ret_t +_kadm5_set_keys __P(( + kadm5_server_context *context, + hdb_entry *ent, + const char *password)); + +kadm5_ret_t +_kadm5_set_keys2 __P(( + kadm5_server_context *context, + hdb_entry *ent, + int16_t n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +_kadm5_set_keys3 __P(( + kadm5_server_context *context, + hdb_entry *ent, + int n_keys, + krb5_keyblock *keyblocks)); + +kadm5_ret_t +_kadm5_set_keys_randomly __P((kadm5_server_context *context, + hdb_entry *ent, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +_kadm5_set_modifier __P(( + kadm5_server_context *context, + hdb_entry *ent)); + +kadm5_ret_t +_kadm5_bump_pw_expire __P((kadm5_server_context *context, + hdb_entry *ent)); + +kadm5_ret_t +_kadm5_setup_entry __P(( + kadm5_server_context *context, + hdb_entry *ent, + u_int32_t mask, + kadm5_principal_ent_t princ, + u_int32_t princ_mask, + kadm5_principal_ent_t def, + u_int32_t def_mask)); + +kadm5_ret_t +kadm5_log_get_version_fd (int fd, u_int32_t *ver); + +kadm5_ret_t +kadm5_log_get_version (kadm5_server_context *context, u_int32_t *ver); + +kadm5_ret_t +kadm5_log_set_version (kadm5_server_context *context, u_int32_t vno); + +kadm5_ret_t +kadm5_log_init (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_reinit (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_create (kadm5_server_context *context, + hdb_entry *ent); + +kadm5_ret_t +kadm5_log_delete (kadm5_server_context *context, + krb5_principal princ); + +kadm5_ret_t +kadm5_log_rename (kadm5_server_context *context, + krb5_principal source, + hdb_entry *ent); + +kadm5_ret_t +kadm5_log_modify (kadm5_server_context *context, + hdb_entry *ent, + u_int32_t mask); + +kadm5_ret_t +kadm5_log_nop (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_end (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_foreach (kadm5_server_context *context, + void (*func)(kadm5_server_context *server_context, + u_int32_t ver, + time_t timestamp, + enum kadm_ops op, + u_int32_t len, + krb5_storage *sp)); + +kadm5_ret_t +kadm5_log_replay_create (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_delete (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_rename (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_modify (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_nop (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay (kadm5_server_context *context, + enum kadm_ops op, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +krb5_storage * +kadm5_log_goto_end (int fd); + +kadm5_ret_t +kadm5_log_previous (krb5_storage *sp, + u_int32_t *ver, + time_t *timestamp, + enum kadm_ops *op, + u_int32_t *len); + +kadm5_ret_t +kadm5_log_truncate (kadm5_server_context *server_context); + +kadm5_ret_t +_kadm5_marshal_params __P((krb5_context context, + kadm5_config_params *params, + krb5_data *out)); + +kadm5_ret_t +_kadm5_unmarshal_params __P((krb5_context context, + krb5_data *in, + kadm5_config_params *params)); + +void +_kadm5_free_keys (kadm5_server_context *context, + int len, Key *keys); + +void +_kadm5_init_keys (Key *keys, int len); + +int +_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2); + +#endif /* __kadm5_privatex_h__ */ diff --git a/crypto/heimdal/lib/kadm5/kadm5-protos.h b/crypto/heimdal/lib/kadm5/kadm5-protos.h new file mode 100644 index 0000000..070492b --- /dev/null +++ b/crypto/heimdal/lib/kadm5/kadm5-protos.h @@ -0,0 +1,516 @@ +/* + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm5-protos.h,v 1.2 2000/07/22 05:52:01 assar Exp $ */ + +#ifndef __kadm5_protos_h__ +#define __kadm5_protos_h__ + +kadm5_ret_t +kadm5_c_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_c_chpass_principal_with_key __P(( + void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +kadm5_c_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_c_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_c_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_c_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_c_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_c_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_c_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_c_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_c_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_c_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_chpass_principal_with_key __P(( + void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +kadm5_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_flush __P((void *server_handle)); + +void +kadm5_free_key_data __P(( + void *server_handle, + int16_t *n_key_data, + krb5_key_data *key_data)); + +void +kadm5_free_name_list __P(( + void *server_handle, + char **names, + int *count)); + +void +kadm5_free_principal_ent __P(( + void *server_handle, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_ret_key_data __P(( + krb5_storage *sp, + krb5_key_data *key)); + +kadm5_ret_t +kadm5_ret_principal_ent __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_ret_principal_ent_mask __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t *mask)); + +kadm5_ret_t +kadm5_ret_tl_data __P(( + krb5_storage *sp, + krb5_tl_data *tl)); + +kadm5_ret_t +kadm5_s_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_s_chpass_principal_cond __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_s_chpass_principal_with_key __P(( + void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +kadm5_s_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_s_create_principal_with_key __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_s_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_s_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_s_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_s_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_store_key_data __P(( + krb5_storage *sp, + krb5_key_data *key)); + +kadm5_ret_t +kadm5_store_principal_ent __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_store_principal_ent_mask __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_store_tl_data __P(( + krb5_storage *sp, + krb5_tl_data *tl)); + +void +kadm5_setup_passwd_quality_check(krb5_context context, + const char *check_library, + const char *check_function); + +const char * +kadm5_check_password_quality (krb5_context context, + krb5_principal principal, + krb5_data *pwd_data); + +#endif /* __kadm5_protos_h__ */ diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h index 9344a2c..6f634ed 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_locl.h +++ b/crypto/heimdal/lib/kadm5/kadm5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kadm5_locl.h,v 1.21 1999/12/02 17:05:06 joda Exp $ */ +/* $Id: kadm5_locl.h,v 1.23 2000/07/08 11:57:40 assar Exp $ */ #ifndef __KADM5_LOCL_H__ #define __KADM5_LOCL_H__ @@ -45,6 +45,7 @@ #include <string.h> #include <errno.h> #include <assert.h> +#include <limits.h> #ifdef HAVE_UNISTD_H #include <unistd.h> #endif @@ -76,6 +77,7 @@ #include "admin.h" #include "kadm5_err.h" #include <hdb.h> +#include <der.h> #include <roken.h> #include <parse_units.h> #include "private.h" diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c new file mode 100644 index 0000000..3ae21ab --- /dev/null +++ b/crypto/heimdal/lib/kadm5/keys.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: keys.c,v 1.1 2000/07/22 05:53:02 assar Exp $"); + +/* + * free all the memory used by (len, keys) + */ + +void +_kadm5_free_keys (kadm5_server_context *context, + int len, Key *keys) +{ + int i; + + for (i = 0; i < len; ++i) { + free (keys[i].mkvno); + keys[i].mkvno = NULL; + if (keys[i].salt != NULL) { + free_Salt(keys[i].salt); + free(keys[i].salt); + keys[i].salt = NULL; + } + krb5_free_keyblock_contents(context->context, &keys[i].key); + } + free (keys); +} + +/* + * null-ify `len', `keys' + */ + +void +_kadm5_init_keys (Key *keys, int len) +{ + int i; + + for (i = 0; i < len; ++i) { + keys[i].mkvno = NULL; + keys[i].salt = NULL; + keys[i].key.keyvalue.length = 0; + keys[i].key.keyvalue.data = NULL; + } +} + +/* + * return 0 iff `keys1, len1' and `keys2, len2' are identical + */ + +int +_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2) +{ + int i; + + if (len1 != len2) + return 1; + + for (i = 0; i < len1; ++i) { + if ((keys1[i].salt != NULL && keys2[i].salt == NULL) + || (keys1[i].salt == NULL && keys2[i].salt != NULL)) + return 1; + if (keys1[i].salt != NULL) { + if (keys1[i].salt->type != keys2[i].salt->type) + return 1; + if (keys1[i].salt->salt.length != keys2[i].salt->salt.length) + return 1; + if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data, + keys1[i].salt->salt.length) != 0) + return 1; + } + if (keys1[i].key.keytype != keys2[i].key.keytype) + return 1; + if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length) + return 1; + if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data, + keys1[i].key.keyvalue.length) != 0) + return 1; + } + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c index e9dc38c..875f749 100644 --- a/crypto/heimdal/lib/kadm5/log.c +++ b/crypto/heimdal/lib/kadm5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: log.c,v 1.13 1999/12/04 19:50:35 assar Exp $"); +RCSID("$Id: log.c,v 1.18 2000/07/24 04:32:17 assar Exp $"); /* * A log record consists of: @@ -49,8 +49,8 @@ RCSID("$Id: log.c,v 1.13 1999/12/04 19:50:35 assar Exp $"); */ kadm5_ret_t -kadm5_log_get_version (int fd, - u_int32_t *ver) +kadm5_log_get_version_fd (int fd, + u_int32_t *ver) { int ret; krb5_storage *sp; @@ -73,6 +73,21 @@ kadm5_log_get_version (int fd, } kadm5_ret_t +kadm5_log_get_version (kadm5_server_context *context, u_int32_t *ver) +{ + return kadm5_log_get_version_fd (context->log_context.log_fd, ver); +} + +kadm5_ret_t +kadm5_log_set_version (kadm5_server_context *context, u_int32_t vno) +{ + kadm5_log_context *log_context = &context->log_context; + + log_context->version = vno; + return 0; +} + +kadm5_ret_t kadm5_log_init (kadm5_server_context *context) { int fd; @@ -89,7 +104,7 @@ kadm5_log_init (kadm5_server_context *context) return errno; } - ret = kadm5_log_get_version (fd, &log_context->version); + ret = kadm5_log_get_version_fd (fd, &log_context->version); if (ret) return ret; @@ -98,6 +113,30 @@ kadm5_log_init (kadm5_server_context *context) } kadm5_ret_t +kadm5_log_reinit (kadm5_server_context *context) +{ + int fd; + kadm5_log_context *log_context = &context->log_context; + + if (log_context->log_fd != -1) { + close (log_context->log_fd); + log_context->log_fd = -1; + } + fd = open (log_context->log_file, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (fd < 0) + return errno; + if (flock (fd, LOCK_EX) < 0) { + close (fd); + return errno; + } + + log_context->version = 0; + log_context->log_fd = fd; + return 0; +} + + +kadm5_ret_t kadm5_log_end (kadm5_server_context *context) { kadm5_log_context *log_context = &context->log_context; @@ -483,14 +522,22 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ret) return ret; if (mask & KADM5_PRINC_EXPIRE_TIME) { - if (ent.valid_end == NULL) - ent.valid_end = malloc(sizeof(*ent.valid_end)); - *ent.valid_end = *log_ent.valid_end; + if (log_ent.valid_end == NULL) { + ent.valid_end = NULL; + } else { + if (ent.valid_end == NULL) + ent.valid_end = malloc(sizeof(*ent.valid_end)); + *ent.valid_end = *log_ent.valid_end; + } } if (mask & KADM5_PW_EXPIRATION) { - if (ent.pw_end == NULL) - ent.pw_end = malloc(sizeof(*ent.pw_end)); - *ent.pw_end = *log_ent.pw_end; + if (log_ent.pw_end == NULL) { + ent.pw_end = NULL; + } else { + if (ent.pw_end == NULL) + ent.pw_end = malloc(sizeof(*ent.pw_end)); + *ent.pw_end = *log_ent.pw_end; + } } if (mask & KADM5_LAST_PWD_CHANGE) { abort (); /* XXX */ @@ -499,9 +546,13 @@ kadm5_log_replay_modify (kadm5_server_context *context, ent.flags = log_ent.flags; } if (mask & KADM5_MAX_LIFE) { - if (ent.max_life == NULL) - ent.max_life = malloc (sizeof(*ent.max_life)); - *ent.max_life = *log_ent.max_life; + if (log_ent.max_life == NULL) { + ent.max_life = NULL; + } else { + if (ent.max_life == NULL) + ent.max_life = malloc (sizeof(*ent.max_life)); + *ent.max_life = *log_ent.max_life; + } } if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) { if (ent.modified_by == NULL) { @@ -526,9 +577,13 @@ kadm5_log_replay_modify (kadm5_server_context *context, abort (); /* XXX */ } if (mask & KADM5_MAX_RLIFE) { - if (ent.max_renew == NULL) - ent.max_renew = malloc (sizeof(*ent.max_renew)); - *ent.max_renew = *log_ent.max_renew; + if (log_ent.max_renew == NULL) { + ent.max_renew = NULL; + } else { + if (ent.max_renew == NULL) + ent.max_renew = malloc (sizeof(*ent.max_renew)); + *ent.max_renew = *log_ent.max_renew; + } } if (mask & KADM5_LAST_SUCCESS) { abort (); /* XXX */ @@ -563,6 +618,51 @@ kadm5_log_replay_modify (kadm5_server_context *context, } /* + * Add a `nop' operation to the log. + */ + +kadm5_ret_t +kadm5_log_nop (kadm5_server_context *context) +{ + krb5_storage *sp; + kadm5_ret_t ret; + kadm5_log_context *log_context = &context->log_context; + + sp = krb5_storage_emem(); + ret = kadm5_log_preamble (context, sp, kadm_nop); + if (ret) { + krb5_storage_free (sp); + return ret; + } + krb5_store_int32 (sp, 0); + krb5_store_int32 (sp, 0); + ret = kadm5_log_postamble (log_context, sp); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_flush (log_context, sp); + krb5_storage_free (sp); + if (ret) + return ret; + ret = kadm5_log_end (context); + return ret; +} + +/* + * Read a `nop' log operation from `sp' and apply it. + */ + +kadm5_ret_t +kadm5_log_replay_nop (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + return 0; +} + +/* * Call `func' for each log record in the log in `context' */ @@ -660,7 +760,46 @@ kadm5_log_replay (kadm5_server_context *context, return kadm5_log_replay_rename (context, ver, len, sp); case kadm_modify : return kadm5_log_replay_modify (context, ver, len, sp); + case kadm_nop : + return kadm5_log_replay_nop (context, ver, len, sp); default : return KADM5_FAILURE; } } + +/* + * truncate the log - i.e. create an empty file with just (nop vno + 2) + */ + +kadm5_ret_t +kadm5_log_truncate (kadm5_server_context *server_context) +{ + kadm5_ret_t ret; + u_int32_t vno; + + ret = kadm5_log_init (server_context); + if (ret) + return ret; + + ret = kadm5_log_get_version (server_context, &vno); + if (ret) + return ret; + + ret = kadm5_log_reinit (server_context); + if (ret) + return ret; + + ret = kadm5_log_set_version (server_context, vno + 1); + if (ret) + return ret; + + ret = kadm5_log_nop (server_context); + if (ret) + return ret; + + ret = kadm5_log_end (server_context); + if (ret) + return ret; + return 0; + +} diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c index 2a64ccc..8d8ca56 100644 --- a/crypto/heimdal/lib/kadm5/modify_c.c +++ b/crypto/heimdal/lib/kadm5/modify_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: modify_c.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: modify_c.c,v 1.4 2000/07/11 15:59:46 joda Exp $"); kadm5_ret_t kadm5_c_modify_principal(void *server_handle, @@ -47,6 +47,10 @@ kadm5_c_modify_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c index 4157202..8c595a9 100644 --- a/crypto/heimdal/lib/kadm5/modify_s.c +++ b/crypto/heimdal/lib/kadm5/modify_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: modify_s.c,v 1.9 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: modify_s.c,v 1.12 2001/01/30 01:24:28 assar Exp $"); static kadm5_ret_t modify_principal(void *server_handle, @@ -56,14 +56,16 @@ modify_principal(void *server_handle, ret = context->db->fetch(context->context, context->db, 0, &ent); if(ret) goto out; - ret = _kadm5_setup_entry(&ent, mask, princ, mask, NULL, 0); + ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0); if(ret) goto out2; ret = _kadm5_set_modifier(context, &ent); if(ret) goto out2; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c index 86d35f3..bc1463f 100644 --- a/crypto/heimdal/lib/kadm5/password_quality.c +++ b/crypto/heimdal/lib/kadm5/password_quality.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: password_quality.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); +RCSID("$Id: password_quality.c,v 1.4 2000/07/05 13:14:45 joda Exp $"); #ifdef HAVE_DLFCN_H #include <dlfcn.h> @@ -57,8 +57,6 @@ typedef const char* (*passwd_quality_check_func)(krb5_context, static passwd_quality_check_func passwd_quality_check = simple_passwd_quality; #ifdef HAVE_DLOPEN -extern const char *check_library; -extern const char *check_function; #define PASSWD_VERSION 0 diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h index e56a0f5..bcdf363 100644 --- a/crypto/heimdal/lib/kadm5/private.h +++ b/crypto/heimdal/lib/kadm5/private.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: private.h,v 1.10 1999/12/04 23:09:34 assar Exp $ */ +/* $Id: private.h,v 1.14 2000/07/11 15:58:57 joda Exp $ */ #ifndef __kadm5_private_h__ #define __kadm5_private_h__ @@ -51,6 +51,8 @@ struct kadm_func { kadm5_ret_t (*randkey_principal) (void*, krb5_principal, krb5_keyblock**, int*); kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); + kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, + int, krb5_key_data *); }; /* XXX should be integrated */ @@ -86,7 +88,7 @@ typedef struct kadm5_server_context { krb5_principal caller; unsigned acl_flags; kadm5_log_context log_context; -}kadm5_server_context; +} kadm5_server_context; typedef struct kadm5_client_context { krb5_context context; @@ -98,6 +100,12 @@ typedef struct kadm5_client_context { char *admin_server; int kadmind_port; int sock; + char *client_name; + char *service_name; + krb5_prompter_fct prompter; + const char *keytab; + krb5_ccache ccache; + kadm5_config_params *realm_params; }kadm5_client_context; enum kadm_ops { @@ -109,7 +117,9 @@ enum kadm_ops { kadm_modify, kadm_randkey, kadm_get_privs, - kadm_get_princs + kadm_get_princs, + kadm_chpass_with_key, + kadm_nop }; #define KADMIN_APPL_VERSION "KADM0.1" @@ -117,165 +127,6 @@ enum kadm_ops { #define KADM5_LOG_SIGNAL HDB_DB_DIR "/signal" -kadm5_ret_t _kadm5_privs_to_string (u_int32_t, char*, size_t); - -kadm5_ret_t _kadm5_string_to_privs (const char*, u_int32_t*); - -HDB *_kadm5_s_get_db (void *); - -kadm5_ret_t -_kadm5_acl_check_permission __P(( - kadm5_server_context *context, - unsigned op)); - -kadm5_ret_t -_kadm5_acl_init __P((kadm5_server_context *context)); - -kadm5_ret_t -_kadm5_c_init_context __P(( - kadm5_client_context **ctx, - kadm5_config_params *params, - krb5_context context)); - -kadm5_ret_t -_kadm5_client_recv __P(( - kadm5_client_context *context, - krb5_data *reply)); - -kadm5_ret_t -_kadm5_client_send __P(( - kadm5_client_context *context, - krb5_storage *sp)); - -kadm5_ret_t -_kadm5_error_code __P((kadm5_ret_t code)); - -kadm5_ret_t -_kadm5_s_init_context __P(( - kadm5_server_context **ctx, - kadm5_config_params *params, - krb5_context context)); - -kadm5_ret_t -_kadm5_set_keys __P(( - kadm5_server_context *context, - hdb_entry *ent, - const char *password)); - -kadm5_ret_t -_kadm5_set_keys2 __P(( - hdb_entry *ent, - int16_t n_key_data, - krb5_key_data *key_data)); - -kadm5_ret_t -_kadm5_set_keys_randomly __P((kadm5_server_context *context, - hdb_entry *ent, - krb5_keyblock **new_keys, - int *n_keys)); - -kadm5_ret_t -_kadm5_set_modifier __P(( - kadm5_server_context *context, - hdb_entry *ent)); - -kadm5_ret_t -_kadm5_setup_entry __P(( - hdb_entry *ent, - u_int32_t mask, - kadm5_principal_ent_t princ, - u_int32_t princ_mask, - kadm5_principal_ent_t def, - u_int32_t def_mask)); - -kadm5_ret_t -kadm5_log_get_version (int fd, - u_int32_t *ver); - -kadm5_ret_t -kadm5_log_init (kadm5_server_context *context); - -kadm5_ret_t -kadm5_log_create (kadm5_server_context *context, - hdb_entry *ent); - -kadm5_ret_t -kadm5_log_delete (kadm5_server_context *context, - krb5_principal princ); - -kadm5_ret_t -kadm5_log_rename (kadm5_server_context *context, - krb5_principal source, - hdb_entry *ent); - -kadm5_ret_t -kadm5_log_modify (kadm5_server_context *context, - hdb_entry *ent, - u_int32_t mask); - -kadm5_ret_t -kadm5_log_end (kadm5_server_context *context); - -kadm5_ret_t -kadm5_log_foreach (kadm5_server_context *context, - void (*func)(kadm5_server_context *server_context, - u_int32_t ver, - time_t timestamp, - enum kadm_ops op, - u_int32_t len, - krb5_storage *sp)); - -kadm5_ret_t -kadm5_log_replay_create (kadm5_server_context *context, - u_int32_t ver, - u_int32_t len, - krb5_storage *sp); - -kadm5_ret_t -kadm5_log_replay_delete (kadm5_server_context *context, - u_int32_t ver, - u_int32_t len, - krb5_storage *sp); - -kadm5_ret_t -kadm5_log_replay_rename (kadm5_server_context *context, - u_int32_t ver, - u_int32_t len, - krb5_storage *sp); - -kadm5_ret_t -kadm5_log_replay_modify (kadm5_server_context *context, - u_int32_t ver, - u_int32_t len, - krb5_storage *sp); - -kadm5_ret_t -kadm5_log_replay (kadm5_server_context *context, - enum kadm_ops op, - u_int32_t ver, - u_int32_t len, - krb5_storage *sp); - -krb5_storage * -kadm5_log_goto_end (int fd); - -kadm5_ret_t -kadm5_log_previous (krb5_storage *sp, - u_int32_t *ver, - time_t *timestamp, - enum kadm_ops *op, - u_int32_t *len); - -kadm5_ret_t -_kadm5_marshal_params __P((krb5_context context, - kadm5_config_params *params, - krb5_data *out)); - -kadm5_ret_t -_kadm5_unmarshal_params __P((krb5_context context, - krb5_data *in, - kadm5_config_params *params)); - - +#include "kadm5-private.h" #endif /* __kadm5_private_h__ */ diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c index 25d4976..83d293c 100644 --- a/crypto/heimdal/lib/kadm5/privs_c.c +++ b/crypto/heimdal/lib/kadm5/privs_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: privs_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: privs_c.c,v 1.4 2000/07/11 15:59:54 joda Exp $"); kadm5_ret_t kadm5_c_get_privs(void *server_handle, u_int32_t *privs) @@ -45,6 +45,10 @@ kadm5_c_get_privs(void *server_handle, u_int32_t *privs) int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c index 7531b6e..eedf697 100644 --- a/crypto/heimdal/lib/kadm5/randkey_c.c +++ b/crypto/heimdal/lib/kadm5/randkey_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: randkey_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: randkey_c.c,v 1.4 2000/07/11 16:00:02 joda Exp $"); kadm5_ret_t kadm5_c_randkey_principal(void *server_handle, @@ -48,6 +48,10 @@ kadm5_c_randkey_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c index 25c8571..9780b11 100644 --- a/crypto/heimdal/lib/kadm5/randkey_s.c +++ b/crypto/heimdal/lib/kadm5/randkey_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: randkey_s.c,v 1.10 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: randkey_s.c,v 1.13 2001/01/30 01:24:28 assar Exp $"); /* * Set the keys of `princ' to random values, returning the random keys @@ -68,13 +68,18 @@ kadm5_s_randkey_principal(void *server_handle, ret = _kadm5_set_modifier(context, &ent); if(ret) goto out3; + ret = _kadm5_bump_pw_expire(context, &ent); + if (ret) + goto out2; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | - KADM5_KEY_DATA | KADM5_KVNO); + KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION); ret = context->db->store(context->context, context->db, HDB_F_REPLACE, &ent); diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c index d33e611..95ccf25 100644 --- a/crypto/heimdal/lib/kadm5/rename_c.c +++ b/crypto/heimdal/lib/kadm5/rename_c.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: rename_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: rename_c.c,v 1.4 2000/07/11 16:00:08 joda Exp $"); kadm5_ret_t kadm5_c_rename_principal(void *server_handle, @@ -47,6 +47,10 @@ kadm5_c_rename_principal(void *server_handle, int32_t tmp; krb5_data reply; + ret = _kadm5_connect(server_handle); + if(ret) + return ret; + sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c index e7f9038..a478e0a 100644 --- a/crypto/heimdal/lib/kadm5/rename_s.c +++ b/crypto/heimdal/lib/kadm5/rename_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: rename_s.c,v 1.9 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: rename_s.c,v 1.11 2001/01/30 01:24:29 assar Exp $"); kadm5_ret_t kadm5_s_rename_principal(void *server_handle, @@ -82,7 +82,11 @@ kadm5_s_rename_principal(void *server_handle, ent2.principal = ent.principal; ent.principal = target; - hdb_seal_keys(context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) { + ent.principal = ent2.principal; + goto out2; + } kadm5_log_rename (context, source, diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c index 51f6972..796cd05 100644 --- a/crypto/heimdal/lib/kadm5/send_recv.c +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: send_recv.c,v 1.7 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: send_recv.c,v 1.8 2000/07/11 16:00:58 joda Exp $"); kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) @@ -43,6 +43,8 @@ _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) size_t len; krb5_storage *sock; + assert(context->sock != -1); + len = sp->seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); sp->seek(sp, 0, SEEK_SET); diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c index e4d5d1a..f3f4e36 100644 --- a/crypto/heimdal/lib/kadm5/set_keys.c +++ b/crypto/heimdal/lib/kadm5/set_keys.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,173 +33,347 @@ #include "kadm5_locl.h" -RCSID("$Id: set_keys.c,v 1.18 1999/12/04 23:11:01 assar Exp $"); +RCSID("$Id: set_keys.c,v 1.23 2000/11/15 23:13:30 assar Exp $"); /* - * free all the memory used by (len, keys) + * the known and used DES enctypes */ -static void -free_keys (kadm5_server_context *context, - int len, Key *keys) +static krb5_enctype des_types[] = { ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_MD5 }; +static unsigned n_des_types = sizeof(des_types) / sizeof(des_types[0]); + +static krb5_error_code +make_keys(krb5_context context, krb5_principal principal, const char *password, + Key **keys_ret, size_t *num_keys_ret) { + krb5_enctype all_etypes[] = { ETYPE_DES3_CBC_SHA1, + ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC }; + + + krb5_enctype e; + + krb5_error_code ret = 0; + char **ktypes, **kp; + + Key *keys = NULL, *tmp; + int num_keys = 0; + Key key; + int i; + char *v4_ktypes[] = {"des3:pw-salt", "v4", NULL}; + + ktypes = krb5_config_get_strings(context, NULL, "kadmin", + "default_keys", NULL); + + /* for each entry in `default_keys' try to parse it as a sequence + of etype:salttype:salt, syntax of this if something like: + [(des|des3|etype):](pw|afs3)[:string], if etype is omitted it + means everything, and if string is omitted is means the default + string (for that principal). Additional special values: + v5 == pw-salt, and + v4 == pw-salt: + */ + + if (ktypes == NULL + && krb5_config_get_bool (context, NULL, "kadmin", + "use_v4_salt", NULL)) + ktypes = v4_ktypes; + + for(kp = ktypes; kp && *kp; kp++) { + krb5_enctype *etypes; + int num_etypes; + krb5_salt salt; + krb5_boolean salt_set; + + const char *p; + char buf[3][256]; + int num_buf = 0; + + p = *kp; + if(strcmp(p, "v5") == 0) + p = "pw-salt"; + else if(strcmp(p, "v4") == 0) + p = "des:pw-salt:"; + + /* split p in a list of :-separated strings */ + for(num_buf = 0; num_buf < 3; num_buf++) + if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1) + break; + + etypes = NULL; + num_etypes = 0; + memset(&salt, 0, sizeof(salt)); + salt_set = FALSE; + + for(i = 0; i < num_buf; i++) { + if(etypes == NULL) { + /* this might be a etype specifier */ + /* XXX there should be a string_to_etypes handling + special cases like `des' and `all' */ + if(strcmp(buf[i], "des") == 0) { + etypes = all_etypes + 1; + num_etypes = 3; + continue; + } else if(strcmp(buf[i], "des3") == 0) { + e = ETYPE_DES3_CBC_SHA1; + etypes = &e; + num_etypes = 1; + continue; + } else { + ret = krb5_string_to_enctype(context, buf[i], &e); + if(ret == 0) { + etypes = &e; + num_etypes = 1; + continue; + } + } + } + if(salt.salttype == 0) { + /* interpret string as a salt specifier, if no etype + is set, this sets default values */ + /* XXX should perhaps use string_to_salttype, but that + interface sucks */ + if(strcmp(buf[i], "pw-salt") == 0) { + if(etypes == NULL) { + etypes = all_etypes; + num_etypes = 4; + } + salt.salttype = KRB5_PW_SALT; + } else if(strcmp(buf[i], "afs3-salt") == 0) { + if(etypes == NULL) { + etypes = all_etypes + 1; + num_etypes = 3; + } + salt.salttype = KRB5_AFS3_SALT; + } + } else { + /* if there is a final string, use it as the string to + salt with, this is mostly useful with null salt for + v4 compat, and a cell name for afs compat */ + salt.saltvalue.data = buf[i]; + salt.saltvalue.length = strlen(buf[i]); + salt_set = TRUE; + } + } - for (i = 0; i < len; ++i) { - free (keys[i].mkvno); - keys[i].mkvno = NULL; - if (keys[i].salt != NULL) { - free_Salt(keys[i].salt); - free(keys[i].salt); - keys[i].salt = NULL; + if(etypes == NULL || salt.salttype == 0) { + krb5_warnx(context, "bad value for default_keys `%s'", *kp); + continue; } - krb5_free_keyblock_contents(context->context, &keys[i].key); - } - free (keys); -} -/* - * null-ify `len', `keys' - */ + if(!salt_set && salt.salttype == KRB5_PW_SALT) + /* make up default salt */ + ret = krb5_get_pw_salt(context, principal, &salt); + memset(&key, 0, sizeof(key)); + for(i = 0; i < num_etypes; i++) { + ret = krb5_string_to_key_salt (context, + etypes[i], + password, + salt, + &key.key); + + if(ret) + goto out; -static void -init_keys (Key *keys, int len) -{ - int i; + if (salt.salttype != KRB5_PW_SALT || salt_set) { + key.salt = malloc (sizeof(*key.salt)); + if (key.salt == NULL) { + free_Key(&key); + ret = ENOMEM; + goto out; + } + key.salt->type = salt.salttype; + krb5_data_zero (&key.salt->salt); + + /* is the salt has not been set explicitly, it will be + the default salt, so there's no need to explicitly + copy it */ + if (salt_set) { + ret = krb5_data_copy(&key.salt->salt, + salt.saltvalue.data, + salt.saltvalue.length); + if (ret) { + free_Key(&key); + goto out; + } + } + } + tmp = realloc(keys, (num_keys + 1) * sizeof(*keys)); + if(tmp == NULL) { + free_Key(&key); + ret = ENOMEM; + goto out; + } + keys = tmp; + keys[num_keys++] = key; + } + } - for (i = 0; i < len; ++i) { - keys[i].mkvno = NULL; - keys[i].salt = NULL; - keys[i].key.keyvalue.length = 0; - keys[i].key.keyvalue.data = NULL; + if(num_keys == 0) { + /* if we didn't manage to find a single valid key, create a + default set */ + /* XXX only do this is there is no `default_keys'? */ + krb5_salt v5_salt; + tmp = realloc(keys, (num_keys + 4) * sizeof(*keys)); + if(tmp == NULL) { + ret = ENOMEM; + goto out; + } + keys = tmp; + ret = krb5_get_pw_salt(context, principal, &v5_salt); + if(ret) + goto out; + for(i = 0; i < 4; i++) { + memset(&key, 0, sizeof(key)); + ret = krb5_string_to_key_salt(context, all_etypes[i], password, + v5_salt, &key.key); + if(ret) { + krb5_free_salt(context, v5_salt); + goto out; + } + keys[num_keys++] = key; + } + krb5_free_salt(context, v5_salt); } + + out: + if(ret == 0) { + *keys_ret = keys; + *num_keys_ret = num_keys; + } else { + for(i = 0; i < num_keys; i++) { + free_Key(&keys[i]); + } + free(keys); + } + return ret; } /* - * the known and used DES enctypes + * Set the keys of `ent' to the string-to-key of `password' */ -static krb5_enctype des_types[] = { ETYPE_DES_CBC_CRC, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_MD5 }; +kadm5_ret_t +_kadm5_set_keys(kadm5_server_context *context, + hdb_entry *ent, + const char *password) +{ + kadm5_ret_t ret; + Key *keys; + size_t num_keys; -static unsigned n_des_types = 3; + ret = make_keys(context->context, ent->principal, password, + &keys, &num_keys); + + if(ret) + return ret; + + _kadm5_free_keys (context, ent->keys.len, ent->keys.val); + ent->keys.val = keys; + ent->keys.len = num_keys; + ent->kvno++; + return 0; +} /* - * Set the keys of `ent' to the string-to-key of `password' + * Set the keys of `ent' to (`n_key_data', `key_data') */ kadm5_ret_t -_kadm5_set_keys(kadm5_server_context *context, - hdb_entry *ent, - const char *password) +_kadm5_set_keys2(kadm5_server_context *context, + hdb_entry *ent, + int16_t n_key_data, + krb5_key_data *key_data) { - kadm5_ret_t ret = 0; + krb5_error_code ret; int i; unsigned len; Key *keys; - krb5_salt salt; - krb5_boolean v4_salt = FALSE; - len = n_des_types + 1; + len = n_key_data; keys = malloc (len * sizeof(*keys)); if (keys == NULL) return ENOMEM; - init_keys (keys, len); - - salt.salttype = KRB5_PW_SALT; - salt.saltvalue.length = 0; - salt.saltvalue.data = NULL; + _kadm5_init_keys (keys, len); - if (krb5_config_get_bool (context->context, - NULL, "kadmin", "use_v4_salt", NULL)) { - v4_salt = TRUE; - } else { - ret = krb5_get_pw_salt (context->context, ent->principal, &salt); - if (ret) + for(i = 0; i < n_key_data; i++) { + keys[i].mkvno = NULL; + keys[i].key.keytype = key_data[i].key_data_type[0]; + ret = krb5_data_copy(&keys[i].key.keyvalue, + key_data[i].key_data_contents[0], + key_data[i].key_data_length[0]); + if(ret) goto out; - } + if(key_data[i].key_data_ver == 2) { + Salt *salt; - for (i = 0; i < n_des_types; ++i) { - ret = krb5_string_to_key_salt (context->context, - des_types[i], - password, - salt, - &keys[i].key); - if (ret) - goto out; - if (v4_salt) { - keys[i].salt = malloc (sizeof(*keys[i].salt)); - if (keys[i].salt == NULL) { + salt = malloc(sizeof(*salt)); + if(salt == NULL) { ret = ENOMEM; goto out; } - keys[i].salt->type = salt.salttype; - ret = copy_octet_string (&salt.saltvalue, &keys[i].salt->salt); - if (ret) - goto out; - } + keys[i].salt = salt; + salt->type = key_data[i].key_data_type[1]; + krb5_data_copy(&salt->salt, + key_data[i].key_data_contents[1], + key_data[i].key_data_length[1]); + } else + keys[i].salt = NULL; } - - ret = krb5_string_to_key (context->context, - ETYPE_DES3_CBC_SHA1, - password, - ent->principal, - &keys[n_des_types].key); - if (ret) - goto out; - - free_keys (context, ent->keys.len, ent->keys.val); + _kadm5_free_keys (context, ent->keys.len, ent->keys.val); ent->keys.len = len; ent->keys.val = keys; ent->kvno++; - return ret; -out: - krb5_data_free (&salt.saltvalue); - free_keys (context, len, keys); + return 0; + out: + _kadm5_free_keys (context, len, keys); return ret; } /* - * Set the keys of `ent' to (`n_key_data', `key_data') + * Set the keys of `ent' to `n_keys, keys' */ kadm5_ret_t -_kadm5_set_keys2(hdb_entry *ent, - int16_t n_key_data, - krb5_key_data *key_data) +_kadm5_set_keys3(kadm5_server_context *context, + hdb_entry *ent, + int n_keys, + krb5_keyblock *keyblocks) { krb5_error_code ret; int i; + unsigned len; + Key *keys; - ent->keys.len = n_key_data; - ent->keys.val = malloc(ent->keys.len * sizeof(*ent->keys.val)); - if(ent->keys.val == NULL) + len = n_keys; + keys = malloc (len * sizeof(*keys)); + if (keys == NULL) return ENOMEM; - for(i = 0; i < n_key_data; i++) { - ent->keys.val[i].mkvno = NULL; - ent->keys.val[i].key.keytype = key_data[i].key_data_type[0]; - ret = krb5_data_copy(&ent->keys.val[i].key.keyvalue, - key_data[i].key_data_contents[0], - key_data[i].key_data_length[0]); + + _kadm5_init_keys (keys, len); + + for(i = 0; i < n_keys; i++) { + keys[i].mkvno = NULL; + ret = krb5_copy_keyblock_contents (context->context, + &keyblocks[i], + &keys[i].key); if(ret) - return ret; - if(key_data[i].key_data_ver == 2) { - Salt *salt; - salt = malloc(sizeof(*salt)); - if(salt == NULL) - return ENOMEM; - ent->keys.val[i].salt = salt; - salt->type = key_data[i].key_data_type[1]; - krb5_data_copy(&salt->salt, - key_data[i].key_data_contents[1], - key_data[i].key_data_length[1]); - } else - ent->keys.val[i].salt = NULL; + goto out; + keys[i].salt = NULL; } + _kadm5_free_keys (context, ent->keys.len, ent->keys.val); + ent->keys.len = len; + ent->keys.val = keys; ent->kvno++; return 0; + out: + _kadm5_free_keys (context, len, keys); + return ret; } /* @@ -235,7 +409,7 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, return ENOMEM; } - init_keys (hkeys, len); + _kadm5_init_keys (hkeys, len); ret = krb5_generate_random_keyblock (context->context, des_types[0], @@ -276,7 +450,7 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, if (ret) goto out; - free_keys (context, ent->keys.len, ent->keys.val); + _kadm5_free_keys (context, ent->keys.len, ent->keys.val); ent->keys.len = len; ent->keys.val = hkeys; ent->kvno++; @@ -287,6 +461,6 @@ out: for (i = 0; i < len; ++i) krb5_free_keyblock_contents (context->context, &keys[i]); free (keys); - free_keys (context, len, hkeys); + _kadm5_free_keys (context, len, hkeys); return ret; } diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c new file mode 100644 index 0000000..215fdd7 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/truncate_log.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "iprop.h" + +RCSID("$Id: truncate_log.c,v 1.1 2000/07/24 04:27:06 assar Exp $"); + +static char *realm; +static int version_flag; +static int help_flag; + +static struct getargs args[] = { + { "realm", 'r', arg_string, &realm }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + void *kadm_handle; + kadm5_server_context *server_context; + kadm5_config_params conf; + + krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + memset(&conf, 0, sizeof(conf)); + if(realm) { + conf.mask |= KADM5_CONFIG_REALM; + conf.realm = realm; + } + + ret = kadm5_init_with_password_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if (ret) + krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); + + server_context = (kadm5_server_context *)kadm_handle; + + ret = kadm5_log_truncate (server_context); + krb5_err (context, 1, ret, "kadm5_log_truncate"); + return 0; +} |
