Add kadmind. HOW-TO documents how to get here from raw eBones.

1 files changed, 373 insertions, 0 deletions

diff --git a/eBones/usr.sbin/kadmind/kadm_funcs.c b/eBones/usr.sbin/kadmind/kadm_funcs.c
new file mode 100644
index 0000000..585a834
--- /dev/null
+++ b/eBones/usr.sbin/kadmind/kadm_funcs.c
@@ -0,0 +1,373 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * Copyright.MIT
+ *
+ * Kerberos administration server-side database manipulation routines
+ */
+
+#ifndef	lint
+#if 0
+static char rcsid_kadm_funcs_c[] =
+"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp ";
+#endif
+static const char rcsid[] =
+	"$Id$";
+#endif	lint
+
+/*
+kadm_funcs.c
+the actual database manipulation code
+*/
+
+#include <sys/param.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#include <krb_db.h>
+#include "kadm_server.h"
+
+extern Kadm_Server server_parm;
+
+check_access(pname, pinst, prealm, acltype)
+char *pname;
+char *pinst;
+char *prealm;
+enum acl_types acltype;
+{
+    char checkname[MAX_K_NAME_SZ];
+    char filename[MAXPATHLEN];
+    extern char *acldir;
+
+    (void) sprintf(checkname, "%s.%s@%s", pname, pinst, prealm);
+    
+    switch (acltype) {
+    case ADDACL:
+	(void) sprintf(filename, "%s%s", acldir, ADD_ACL_FILE);
+	break;
+    case GETACL:
+	(void) sprintf(filename, "%s%s", acldir, GET_ACL_FILE);
+	break;
+    case MODACL:
+	(void) sprintf(filename, "%s%s", acldir, MOD_ACL_FILE);
+	break;
+    }
+    return(acl_check(filename, checkname));
+}
+
+int
+wildcard(str)
+char *str;
+{
+    if (!strcmp(str, WILDCARD_STR))
+	return(1);
+    return(0);
+}
+
+#define failadd(code) {  (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; }
+
+kadm_add_entry (rname, rinstance, rrealm, valsin, valsout)
+char *rname;				/* requestors name */
+char *rinstance;			/* requestors instance */
+char *rrealm;				/* requestors realm */
+Kadm_vals *valsin;
+Kadm_vals *valsout;
+{
+  long numfound;		/* check how many we get written */
+  int more;			/* pointer to more grabbed records */
+  Principal data_i, data_o;		/* temporary principal */
+  u_char flags[4];
+  des_cblock newpw;
+  Principal default_princ;
+
+  if (!check_access(rname, rinstance, rrealm, ADDACL)) {
+    (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'",
+	       rname, rinstance, rrealm, valsin->name, valsin->instance);
+    return KADM_UNAUTH;
+  }
+  
+  /* Need to check here for "legal" name and instance */
+  if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+      failadd(KADM_ILL_WILDCARD);
+  }
+
+  (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'",
+		 valsin->name, valsin->instance, rname, rinstance, rrealm);
+  
+  numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+				&default_princ, 1, &more);
+  if (numfound == -1) {
+      failadd(KADM_DB_INUSE);
+  } else if (numfound != 1) {
+      failadd(KADM_UK_RERROR);
+  }
+
+  kadm_vals_to_prin(valsin->fields, &data_i, valsin);
+  (void) strncpy(data_i.name, valsin->name, ANAME_SZ);
+  (void) strncpy(data_i.instance, valsin->instance, INST_SZ);
+
+  if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
+	  data_i.exp_date = default_princ.exp_date;
+  if (!IS_FIELD(KADM_ATTR,valsin->fields))
+      data_i.attributes = default_princ.attributes;
+  if (!IS_FIELD(KADM_MAXLIFE,valsin->fields))
+      data_i.max_life = default_princ.max_life; 
+
+  bzero((char *)&default_princ, sizeof(default_princ));
+
+  /* convert to host order */
+  data_i.key_low = ntohl(data_i.key_low);
+  data_i.key_high = ntohl(data_i.key_high);
+
+
+  bcopy(&data_i.key_low,newpw,4);
+  bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4);
+
+  /* encrypt new key in master key */
+  kdb_encrypt_key (newpw, newpw, server_parm.master_key,
+		     server_parm.master_key_schedule, ENCRYPT);
+  bcopy(newpw,&data_i.key_low,4);
+  bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4);
+  bzero((char *)newpw, sizeof(newpw));
+
+  data_o = data_i;
+  numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				&data_o, 1, &more);
+  if (numfound == -1) {
+      failadd(KADM_DB_INUSE);
+  } else if (numfound) {
+      failadd(KADM_INUSE);
+  } else {
+    data_i.key_version++;
+    data_i.kdc_key_ver = server_parm.master_key_version;
+    (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1);
+    (void) strncpy(data_i.mod_instance, rinstance,
+		   sizeof(data_i.mod_instance)-1);
+
+    numfound = kerb_put_principal(&data_i, 1);
+    if (numfound == -1) {
+	failadd(KADM_DB_INUSE);
+    } else if (numfound) {
+	failadd(KADM_UK_SERROR);
+    } else {
+      numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				    &data_o, 1, &more);
+      if ((numfound!=1) || (more!=0)) {
+	  failadd(KADM_UK_RERROR);
+      }
+      bzero((char *)flags, sizeof(flags));
+      SET_FIELD(KADM_NAME,flags);
+      SET_FIELD(KADM_INST,flags);
+      SET_FIELD(KADM_EXPDATE,flags);
+      SET_FIELD(KADM_ATTR,flags);
+      SET_FIELD(KADM_MAXLIFE,flags);
+      kadm_prin_to_vals(flags, valsout, &data_o);
+      (void) log("'%s.%s' added.", valsin->name, valsin->instance);
+      return KADM_DATA;		/* Set all the appropriate fields */
+    }
+  }
+}
+#undef failadd
+
+#define failget(code) {  (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; }
+
+kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout)
+char *rname;				/* requestors name */
+char *rinstance;			/* requestors instance */
+char *rrealm;				/* requestors realm */
+Kadm_vals *valsin;			/* what they wannt to get */
+u_char *flags;				/* which fields we want */
+Kadm_vals *valsout;			/* what data is there */
+{
+  long numfound;		/* check how many were returned */
+  int more;			/* To point to more name.instances */
+  Principal data_o;		/* Data object to hold Principal */
+
+  
+  if (!check_access(rname, rinstance, rrealm, GETACL)) {
+    (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry",
+	    rname, rinstance, rrealm, valsin->name, valsin->instance);
+    return KADM_UNAUTH;
+  }
+  
+  if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+      failget(KADM_ILL_WILDCARD);
+  }
+
+  (void) log("retrieve '%s.%s's entry for '%s.%s@%s'",
+	     valsin->name, valsin->instance, rname, rinstance, rrealm);
+  
+  /* Look up the record in the database */
+  numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				&data_o, 1, &more);
+  if (numfound == -1) {
+      failget(KADM_DB_INUSE);
+  }  else if (numfound) {	/* We got the record, let's return it */
+    kadm_prin_to_vals(flags, valsout, &data_o);
+    (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance);
+    return KADM_DATA;		/* Set all the appropriate fields */
+  } else {
+      failget(KADM_NOENTRY);	/* Else whimper and moan */
+  }
+}
+#undef failget
+
+#define failmod(code) {  (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; }
+
+kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout)
+char *rname;				/* requestors name */
+char *rinstance;			/* requestors instance */
+char *rrealm;				/* requestors realm */
+Kadm_vals *valsin1, *valsin2;		/* holds the parameters being
+					   passed in */
+Kadm_vals *valsout;		/* the actual record which is returned */
+{
+  long numfound;
+  int more;
+  Principal data_o, temp_key;
+  u_char fields[4];
+  des_cblock newpw;
+
+  if (wildcard(valsin1->name) || wildcard(valsin1->instance)) {
+      failmod(KADM_ILL_WILDCARD);
+  }
+  
+  if (!check_access(rname, rinstance, rrealm, MODACL)) {
+    (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry",
+	       rname, rinstance, rrealm, valsin1->name, valsin1->instance);
+    return KADM_UNAUTH;
+  }
+  
+  (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ",
+	     valsin1->name, valsin1->instance, rname, rinstance, rrealm);
+  
+  numfound = kerb_get_principal(valsin1->name, valsin1->instance, 
+				&data_o, 1, &more);
+  if (numfound == -1) {
+      failmod(KADM_DB_INUSE);
+  } else if (numfound) {
+      kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
+      (void) strncpy(data_o.name, valsin1->name, ANAME_SZ);
+      (void) strncpy(data_o.instance, valsin1->instance, INST_SZ);
+      if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
+	  data_o.exp_date = temp_key.exp_date;
+      if (IS_FIELD(KADM_ATTR,valsin2->fields))
+	  data_o.attributes = temp_key.attributes;
+      if (IS_FIELD(KADM_MAXLIFE,valsin2->fields))
+	  data_o.max_life = temp_key.max_life; 
+      if (IS_FIELD(KADM_DESKEY,valsin2->fields)) {
+	  data_o.key_version++;
+	  data_o.kdc_key_ver = server_parm.master_key_version;
+
+
+	  /* convert to host order */
+	  temp_key.key_low = ntohl(temp_key.key_low);
+	  temp_key.key_high = ntohl(temp_key.key_high);
+
+
+	  bcopy(&temp_key.key_low,newpw,4);
+	  bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4);
+
+	  /* encrypt new key in master key */
+	  kdb_encrypt_key (newpw, newpw, server_parm.master_key,
+			   server_parm.master_key_schedule, ENCRYPT);
+	  bcopy(newpw,&data_o.key_low,4);
+	  bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4);
+	  bzero((char *)newpw, sizeof(newpw));
+      }
+      bzero((char *)&temp_key, sizeof(temp_key));
+
+      (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
+      (void) strncpy(data_o.mod_instance, rinstance,
+		     sizeof(data_o.mod_instance)-1);
+      more = kerb_put_principal(&data_o, 1);
+
+      bzero((char *)&data_o, sizeof(data_o));
+
+      if (more == -1) {
+	  failmod(KADM_DB_INUSE);
+      } else if (more) {
+	  failmod(KADM_UK_SERROR);
+      } else {
+	  numfound = kerb_get_principal(valsin1->name, valsin1->instance, 
+					&data_o, 1, &more);
+	  if ((more!=0)||(numfound!=1)) {
+	      failmod(KADM_UK_RERROR);
+	  }
+	  bzero((char *) fields, sizeof(fields));
+	  SET_FIELD(KADM_NAME,fields);
+	  SET_FIELD(KADM_INST,fields);
+	  SET_FIELD(KADM_EXPDATE,fields);
+	  SET_FIELD(KADM_ATTR,fields);
+	  SET_FIELD(KADM_MAXLIFE,fields);
+	  kadm_prin_to_vals(fields, valsout, &data_o);
+	  (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance);
+	  return KADM_DATA;		/* Set all the appropriate fields */
+      }
+  }
+  else {
+      failmod(KADM_NOENTRY);
+  }
+}
+#undef failmod
+
+#define failchange(code) {  (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; }
+
+kadm_change (rname, rinstance, rrealm, newpw)
+char *rname;
+char *rinstance;
+char *rrealm;
+des_cblock newpw;
+{
+  long numfound;
+  int more;
+  Principal data_o;
+  des_cblock local_pw;
+
+  if (strcmp(server_parm.krbrlm, rrealm)) {
+      (void) log("change key request from wrong realm, '%s.%s@%s'!\n",
+		 rname, rinstance, rrealm);
+      return(KADM_WRONG_REALM);
+  }
+
+  if (wildcard(rname) || wildcard(rinstance)) {
+      failchange(KADM_ILL_WILDCARD);
+  }
+  (void) log("'%s.%s@%s' wants to change its password",
+	     rname, rinstance, rrealm);
+  
+  bcopy(newpw, local_pw, sizeof(local_pw));
+  
+  /* encrypt new key in master key */
+  kdb_encrypt_key (local_pw, local_pw, server_parm.master_key,
+		     server_parm.master_key_schedule, ENCRYPT);
+
+  numfound = kerb_get_principal(rname, rinstance, 
+				&data_o, 1, &more);
+  if (numfound == -1) {
+      failchange(KADM_DB_INUSE);
+  } else if (numfound) {
+    bcopy(local_pw,&data_o.key_low,4);
+    bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4);
+    data_o.key_version++;
+    data_o.kdc_key_ver = server_parm.master_key_version;
+    (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
+    (void) strncpy(data_o.mod_instance, rinstance,
+		   sizeof(data_o.mod_instance)-1);
+    more = kerb_put_principal(&data_o, 1);
+    bzero((char *) local_pw, sizeof(local_pw));
+    bzero((char *) &data_o, sizeof(data_o));
+    if (more == -1) {
+	failchange(KADM_DB_INUSE);
+    } else if (more) {
+	failchange(KADM_UK_SERROR);
+    } else {
+	(void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm);
+	return KADM_SUCCESS;
+    }
+  }
+  else {
+      failchange(KADM_NOENTRY);
+  }
+}
+#undef failchange