summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kadmin/mod.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin/mod.c')
-rw-r--r--crypto/heimdal/kadmin/mod.c302
1 files changed, 206 insertions, 96 deletions
diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c
index 0e9cd08..f5f9e04 100644
--- a/crypto/heimdal/kadmin/mod.c
+++ b/crypto/heimdal/kadmin/mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,120 +32,230 @@
*/
#include "kadmin_locl.h"
+#include "kadmin-commands.h"
-RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $");
+RCSID("$Id: mod.c 21968 2007-10-18 18:50:33Z lha $");
-static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
- int argc, char **argv, int *optind, char *name,
- int *mask);
+static void
+add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
+{
+ krb5_tl_data *tl, **ptl;
-static int
-parse_args(krb5_context context, kadm5_principal_ent_t ent,
- int argc, char **argv, int *optind, char *name,
- int *mask)
+ tl = ecalloc(1, sizeof(*tl));
+ tl->tl_data_next = NULL;
+ tl->tl_data_type = KRB5_TL_EXTENSION;
+ tl->tl_data_length = data->length;
+ tl->tl_data_contents = data->data;
+
+ princ->n_tl_data++;
+ ptl = &princ->tl_data;
+ while (*ptl != NULL)
+ ptl = &(*ptl)->tl_data_next;
+ *ptl = tl;
+
+ return;
+}
+
+static void
+add_constrained_delegation(krb5_context context,
+ kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
{
- char *attr_str = NULL;
- char *max_life_str = NULL;
- char *max_rlife_str = NULL;
- char *expiration_str = NULL;
- char *pw_expiration_str = NULL;
- int new_kvno = -1;
- int ret, i;
-
- struct getargs args[] = {
- {"attributes", 'a', arg_string, NULL, "Attributies",
- "attributes"},
- {"max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
- "lifetime"},
- {"max-renewable-life", 0, arg_string, NULL,
- "max renewable lifetime", "lifetime" },
- {"expiration-time", 0, arg_string,
- NULL, "Expiration time", "time"},
- {"pw-expiration-time", 0, arg_string,
- NULL, "Password expiration time", "time"},
- {"kvno", 0, arg_integer,
- NULL, "Key version number", "number"},
- };
-
- i = 0;
- args[i++].value = &attr_str;
- args[i++].value = &max_life_str;
- args[i++].value = &max_rlife_str;
- args[i++].value = &expiration_str;
- args[i++].value = &pw_expiration_str;
- args[i++].value = &new_kvno;
-
- *optind = 0; /* XXX */
-
- if(getarg(args, sizeof(args) / sizeof(args[0]),
- argc, argv, optind)){
- arg_printusage(args,
- sizeof(args) / sizeof(args[0]),
- name ? name : "",
- "principal");
- return -1;
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ size_t size;
+
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
+
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.allowed_to_delegate_to.val = NULL;
+ ext.data.u.allowed_to_delegate_to.len = 0;
+ } else {
+ krb5_principal p;
+ int i;
+
+ ext.data.u.allowed_to_delegate_to.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
+ ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ret = krb5_parse_name(context, strings->strings[i], &p);
+ ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
+ krb5_free_principal(context, p);
+ }
}
-
- ret = set_entry(context, ent, mask, max_life_str, max_rlife_str,
- expiration_str, pw_expiration_str, attr_str);
+
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
if (ret)
- return ret;
+ abort();
+ if (buf.length != size)
+ abort();
- if(new_kvno != -1) {
- ent->kvno = new_kvno;
- *mask |= KADM5_KVNO;
- }
- return 0;
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
}
-int
-mod_entry(int argc, char **argv)
+static void
+add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
{
- kadm5_principal_ent_rec princ;
- int mask = 0;
krb5_error_code ret;
- krb5_principal princ_ent = NULL;
- int optind;
+ HDB_extension ext;
+ krb5_data buf;
+ krb5_principal p;
+ size_t size;
+ int i;
+
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_aliases;
+ ext.data.u.aliases.case_insensitive = 0;
- memset (&princ, 0, sizeof(princ));
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.aliases.aliases.val = NULL;
+ ext.data.u.aliases.aliases.len = 0;
+ } else {
+ ext.data.u.aliases.aliases.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.aliases.aliases.val[0]));
+ ext.data.u.aliases.aliases.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ret = krb5_parse_name(context, strings->strings[i], &p);
+ ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+ krb5_free_principal(context, p);
+ }
+ }
- ret = parse_args (context, &princ, argc, argv,
- &optind, "mod", &mask);
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
if (ret)
- return 0;
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
- argc -= optind;
- argv += optind;
+static void
+add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
+{
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ size_t size;
+ int i;
- if (argc != 1) {
- printf ("Usage: mod [options] principal\n");
- return 0;
- }
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_pkinit_acl;
+ ext.data.u.aliases.case_insensitive = 0;
- krb5_parse_name(context, argv[0], &princ_ent);
-
- if (mask == 0) {
- memset(&princ, 0, sizeof(princ));
- ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
- KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
- KADM5_PRINC_EXPIRE_TIME |
- KADM5_PW_EXPIRATION);
- krb5_free_principal (context, princ_ent);
- if (ret) {
- printf ("no such principal: %s\n", argv[0]);
- return 0;
- }
- if(edit_entry(&princ, &mask, NULL, 0))
- goto out;
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.pkinit_acl.val = NULL;
+ ext.data.u.pkinit_acl.len = 0;
} else {
- princ.principal = princ_ent;
+ ext.data.u.pkinit_acl.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.pkinit_acl.val[0]));
+ ext.data.u.pkinit_acl.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
+ }
}
- ret = kadm5_modify_principal(kadm_handle, &princ, mask);
- if(ret)
- krb5_warn(context, ret, "kadm5_modify_principal");
- out:
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
+ if (ret)
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
+static int
+do_mod_entry(krb5_principal principal, void *data)
+{
+ krb5_error_code ret;
+ kadm5_principal_ent_rec princ;
+ int mask = 0;
+ struct modify_options *e = data;
+
+ memset (&princ, 0, sizeof(princ));
+ ret = kadm5_get_principal(kadm_handle, principal, &princ,
+ KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+ KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
+ KADM5_PRINC_EXPIRE_TIME |
+ KADM5_PW_EXPIRATION);
+ if(ret)
+ return ret;
+
+ if(e->max_ticket_life_string ||
+ e->max_renewable_life_string ||
+ e->expiration_time_string ||
+ e->pw_expiration_time_string ||
+ e->attributes_string ||
+ e->kvno_integer != -1 ||
+ e->constrained_delegation_strings.num_strings ||
+ e->alias_strings.num_strings ||
+ e->pkinit_acl_strings.num_strings) {
+ ret = set_entry(context, &princ, &mask,
+ e->max_ticket_life_string,
+ e->max_renewable_life_string,
+ e->expiration_time_string,
+ e->pw_expiration_time_string,
+ e->attributes_string);
+ if(e->kvno_integer != -1) {
+ princ.kvno = e->kvno_integer;
+ mask |= KADM5_KVNO;
+ }
+ if (e->constrained_delegation_strings.num_strings) {
+ add_constrained_delegation(context, &princ,
+ &e->constrained_delegation_strings);
+ mask |= KADM5_TL_DATA;
+ }
+ if (e->alias_strings.num_strings) {
+ add_aliases(context, &princ, &e->alias_strings);
+ mask |= KADM5_TL_DATA;
+ }
+ if (e->pkinit_acl_strings.num_strings) {
+ add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
+ mask |= KADM5_TL_DATA;
+ }
+
+ } else
+ ret = edit_entry(&princ, &mask, NULL, 0);
+ if(ret == 0) {
+ ret = kadm5_modify_principal(kadm_handle, &princ, mask);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_modify_principal");
+ }
+
kadm5_free_principal_ent(kadm_handle, &princ);
- return 0;
+ return ret;
}
+
+int
+mod_entry(struct modify_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ int i;
+
+ for(i = 0; i < argc; i++) {
+ ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
+ if (ret)
+ break;
+ }
+ return ret != 0;
+}
+
OpenPOWER on IntegriCloud