diff options
Diffstat (limited to 'crypto/heimdal/lib/kadm5')
52 files changed, 8995 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog new file mode 100644 index 0000000..8c04ecb --- /dev/null +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -0,0 +1,306 @@ +2000-01-06 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv.la): bump version to 5:1:0 + + * context_s.c (_kadm5_s_init_context): handle params == NULL + +1999-12-26 Assar Westerlund <assar@sics.se> + + * get_s.c (kadm5_s_get_principal): handle modified_by->principal + == NULL + +1999-12-20 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0 + + * init_c.c (_kadm5_c_init_context): handle getting back port + number from admin host + (kadm5_c_init_with_context): remove `proto/' part before doing + getaddrinfo() + +1999-12-06 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump version to 5:0:0 and 4:0:0 + + * init_c.c (kadm5_c_init_with_context): don't use unitialized + stuff + +1999-12-04 Assar Westerlund <assar@sics.se> + + * replay_log.c: adapt to changed kadm5_log_foreach + + * log.c (kadm5_log_foreach): change to take a + `kadm5_server_context' + + * init_c.c: use krb5_warn{,x} + + * dump_log.c: adapt to changed kadm5_log_foreach + + * init_c.c: re-write to use getaddrinfo + * Makefile.am (install-build-headers): add dependency + +1999-12-03 Johan Danielsson <joda@pdc.kth.se> + + * log.c (kadm5_log_foreach): pass context + + * dump_log.c: print more interesting things + +1999-12-02 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_master.c (process_msg): check for short reads + +1999-11-25 Assar Westerlund <assar@sics.se> + + * modify_s.c (kadm5_s_modify_principal): support key_data + (kadm5_s_modify_principal_with_key): remove + + * admin.h (kadm5_s_modify_principal_with_key): remove + +1999-11-20 Assar Westerlund <assar@sics.se> + + * context_s.c (find_db_spec): ugly cast work-around. + +1999-11-14 Assar Westerlund <assar@sics.se> + + * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so + that we aren't dependent on the layout of krb5_context_data + * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that + we aren't dependent on the layout of krb5_context_data + +1999-11-13 Assar Westerlund <assar@sics.se> + + * password_quality.c (kadm5_setup_passwd_quality_check): use + correct types for function pointers + +1999-11-09 Johan Danielsson <joda@pdc.kth.se> + + * randkey_s.c: always bail out if the fetch fails + + * admin.h (kadm5_config_params): remove fields we're not using + + * ipropd_slave.c: allow passing a realm + + * ipropd_master.c: allow passing a realm + + * dump_log.c: allow passing a realm + + * acl.c: correctly get acl file + + * private.h (kadm5_server_context): add config_params struct and + remove acl_file; bump protocol version number + + * marshall.c: marshalling of config parameters + + * init_c.c (kadm5_c_init_with_context): try to cope with old + servers + + * init_s.c (kadm5_s_init_with_context): actually use some passed + values + + * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and + stash_file from the config parameters, try to figure out these if + they're not provided + +1999-11-05 Assar Westerlund <assar@sics.se> + + * Makefile.am (install-build-headers): use `cp' instead of + INSTALL_DATA + +1999-11-04 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields + directly in libkrb5's context - bad functions) + + * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in + the copied keys + +1999-10-20 Assar Westerlund <assar@sics.se> + + * Makefile.am: set version of kadm5srv to 3:0:2 (new password + quality functions). + set version of kdam5clnt to 2:1:1 (no interface changes) + + * Makefile.am (LDADD): add $(LIB_dlopen) + +1999-10-17 Assar Westerlund <assar@sics.se> + + * randkey_s.c (kadm5_s_randkey_principal): use + _kadm5_set_keys_randomly + + * set_keys.c (free_keys): free more memory + (_kadm5_set_keys): a little bit more generic + (_kadm5_set_keys_randomly): new function for setting random keys. + +1999-10-14 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys): ignore old keys when setting new + ones and always add 3 DES keys and one 3DES key + +1999-10-03 Assar Westerlund <assar@sics.se> + + * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'. + check return value from strdup + +1999-09-26 Assar Westerlund <assar@sics.se> + + * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate -> + strlcpy + +1999-09-24 Johan Danielsson <joda@pdc.kth.se> + + * dump_log.c: remove unused `optind' + + * replay_log.c: remove unused `optind' + +1999-09-13 Assar Westerlund <assar@sics.se> + + * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv + + * send_recv.c (_kadm5_client_recv): return result in a `krb5_data' + so that we avoid copying it and don't need to dimension in + advance. change all callers. + +1999-09-10 Assar Westerlund <assar@sics.se> + + * password_quality.c: new file + + * admin.h + (kadm5_setup_passwd_quality_check,kadm5_check_password_quality): + add prototypes + + * Makefile.am (S_SOURCES): add password_quality.c + +1999-07-26 Assar Westerlund <assar@sics.se> + + * Makefile.am: update versions to 2:0:1 + +1999-07-24 Assar Westerlund <assar@sics.se> + + * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0 + and pw_expiration == 0 mean never + +1999-07-22 Assar Westerlund <assar@sics.se> + + * log.c (kadm5_log_flush): extra cast + +1999-07-07 Assar Westerlund <assar@sics.se> + + * marshall.c (store_principal_ent): encoding princ_expire_time and + pw_expiration in correct order + +1999-06-28 Assar Westerlund <assar@sics.se> + + * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno, + otherwise hdb will think that the new random keys are already + encrypted which will cause lots of confusion later. + +1999-06-23 Assar Westerlund <assar@sics.se> + + * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited + correctly. From Michal Vocu <michal@karlin.mff.cuni.cz> + +1999-06-15 Assar Westerlund <assar@sics.se> + + * init_c.c (get_cred_cache): use get_default_username + +1999-05-23 Assar Westerlund <assar@sics.se> + + * create_s.c (create_principal): if there's no default entry the + mask should be zero. + +1999-05-21 Assar Westerlund <assar@sics.se> + + * init_c.c (get_cred_cache): use $USERNAME + +1999-05-17 Johan Danielsson <joda@pdc.kth.se> + + * init_c.c (get_cred_cache): figure out principal + +1999-05-05 Johan Danielsson <joda@pdc.kth.se> + + * send_recv.c: cleanup _kadm5_client_{send,recv} + +1999-05-04 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys2): don't check the recently created + memory for NULL pointers + + * private.h (_kadm5_setup_entry): change prototype + + * modify_s.c: call new _kadm5_setup_entry + + * ent_setup.c (_kadm5_setup_entry): change so that it takes three + masks, one for what bits to set and one for each of principal and + def containing the bits that are set there. + + * create_s.c: call new _kadm5_setup_entry + + * create_s.c (get_default): check return value + (create_principal): send wider mask to _kadm5_setup_entry + +1999-05-04 Johan Danielsson <joda@pdc.kth.se> + + * send_recv.c (_kadm5_client_recv): handle arbitrarily sized + packets, check for errors + + * get_c.c: check for failure from _kadm5_client_{send,recv} + +1999-05-04 Assar Westerlund <assar@sics.se> + + * init_c.c (get_new_cache): don't abort when interrupted from + password prompt + + * destroy_c.c (kadm5_c_destroy): check if we should destroy the + auth context + +1999-05-03 Johan Danielsson <joda@pdc.kth.se> + + * chpass_s.c: fix arguments to _kadm5_set_keys2 + + * private.h: proto + + * set_keys.c: clear mkvno + + * rename_s.c: add flags to fetch and store; seal keys before + logging + + * randkey_s.c: add flags to fetch and store; seal keys before + logging + + * modify_s.c: add flags to fetch and store; seal keys before + logging + + * log.c: add flags to fetch and store; seal keys before logging + + * get_s.c: add flags to fetch and store; seal keys before logging + + * get_princs_s.c: add flags to fetch and store; seal keys before + logging + + * delete_s.c: add flags to fetch and store; seal keys before + logging + + * create_s.c: add flags to fetch and store; seal keys before + logging + + * chpass_s.c: add flags to fetch and store; seal keys before + logging + + * Makefile.am: remove server.c + + * admin.h: add prototypes + + * ent_setup.c (_kadm5_setup_entry): set key_data + + * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data + + * modify_s.c: add kadm5_s_modify_principal_with_key + + * create_s.c: add kadm5_s_create_principal_with_key + + * chpass_s.c: add kadm5_s_chpass_principal_with_key + + * kadm5_locl.h: move stuff to private.h + + * private.h: move stuff from kadm5_locl.h +
\ No newline at end of file diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am new file mode 100644 index 0000000..4e043f7 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -0,0 +1,110 @@ +# $Id: Makefile.am,v 1.32 2000/01/06 21:53:30 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la +libkadm5srv_la_LDFLAGS = -version-info 5:1:0 +libkadm5clnt_la_LDFLAGS = -version-info 4:1:0 +sbin_PROGRAMS = dump_log replay_log + +libexec_PROGRAMS = ipropd-master ipropd-slave + +kadm5includedir = $(includedir)/kadm5 +buildkadm5include = $(buildinclude)/kadm5 + +kadm5include_HEADERS = kadm5_err.h admin.h private.h + +install-build-headers:: $(kadm5include_HEADERS) + @foo='$(kadm5include_HEADERS)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildkadm5include)/$$f 2> /dev/null ; then \ + : ; else \ + echo "cp $$file $(buildkadm5include)/$$f";\ + cp $$file $(buildkadm5include)/$$f; \ + fi ; \ + done + +C_SOURCES = \ + admin.h \ + chpass_c.c \ + common_glue.c \ + create_c.c \ + delete_c.c \ + destroy_c.c \ + flush_c.c \ + free.c \ + get_c.c \ + get_princs_c.c \ + init_c.c \ + kadm5_err.c \ + kadm5_locl.h \ + marshall.c \ + modify_c.c \ + private.h \ + privs_c.c \ + randkey_c.c \ + rename_c.c \ + send_recv.c + +S_SOURCES = \ + acl.c \ + admin.h \ + chpass_s.c \ + common_glue.c \ + context_s.c \ + create_s.c \ + delete_s.c \ + destroy_s.c \ + ent_setup.c \ + error.c \ + flush_s.c \ + free.c \ + get_princs_s.c \ + get_s.c \ + init_s.c \ + kadm5_err.c \ + kadm5_locl.h \ + log.c \ + marshall.c \ + modify_s.c \ + private.h \ + privs_s.c \ + randkey_s.c \ + rename_s.c \ + set_keys.c \ + set_modifier.c \ + password_quality.c + +libkadm5srv_la_SOURCES = $(S_SOURCES) server_glue.c +libkadm5clnt_la_SOURCES = $(C_SOURCES) client_glue.c + +dump_log_SOURCES = dump_log.c kadm5_locl.h + +replay_log_SOURCES = replay_log.c kadm5_locl.h + +ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h + +ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h + +LDADD = \ + libkadm5srv.la \ + $(top_builddir)/lib/hdb/libhdb.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/des/libdes.la \ + $(LIB_roken) \ + $(DBLIB) \ + $(LIB_dlopen) + +CLEANFILES = kadm5_err.c kadm5_err.h + +$(libkadm5srv_la_OBJECTS): kadm5_err.h + +client_glue.lo server_glue.lo: $(srcdir)/common_glue.c + +# to help stupid solaris make + +kadm5_err.h: kadm5_err.et diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in new file mode 100644 index 0000000..0872ca9 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -0,0 +1,812 @@ +# Makefile.in generated automatically by automake 1.4 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +# $Id: Makefile.am,v 1.32 2000/01/06 21:53:30 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $ + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_alias = @host_alias@ +host_triplet = @host@ +AFS_EXTRA_LD = @AFS_EXTRA_LD@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +DBLIB = @DBLIB@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDE_ = @INCLUDE_@ +LD = @LD@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@ +MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@ +MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NM = @NM@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include + +AM_CFLAGS = $(WFLAGS) + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +cat1dir = $(mandir)/cat1 +cat3dir = $(mandir)/cat3 +cat5dir = $(mandir)/cat5 +cat8dir = $(mandir)/cat8 + +MANRX = \(.*\)\.\([0-9]\) +CATSUFFIX = @CATSUFFIX@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la + +CHECK_LOCAL = $(PROGRAMS) + +lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la +libkadm5srv_la_LDFLAGS = -version-info 5:1:0 +libkadm5clnt_la_LDFLAGS = -version-info 4:1:0 +sbin_PROGRAMS = dump_log replay_log + +libexec_PROGRAMS = ipropd-master ipropd-slave + +kadm5includedir = $(includedir)/kadm5 +buildkadm5include = $(buildinclude)/kadm5 + +kadm5include_HEADERS = kadm5_err.h admin.h private.h + +C_SOURCES = admin.h chpass_c.c common_glue.c create_c.c delete_c.c destroy_c.c flush_c.c free.c get_c.c get_princs_c.c init_c.c kadm5_err.c kadm5_locl.h marshall.c modify_c.c private.h privs_c.c randkey_c.c rename_c.c send_recv.c + + +S_SOURCES = acl.c admin.h chpass_s.c common_glue.c context_s.c create_s.c delete_s.c destroy_s.c ent_setup.c error.c flush_s.c free.c get_princs_s.c get_s.c init_s.c kadm5_err.c kadm5_locl.h log.c marshall.c modify_s.c private.h privs_s.c randkey_s.c rename_s.c set_keys.c set_modifier.c password_quality.c + + +libkadm5srv_la_SOURCES = $(S_SOURCES) server_glue.c +libkadm5clnt_la_SOURCES = $(C_SOURCES) client_glue.c + +dump_log_SOURCES = dump_log.c kadm5_locl.h + +replay_log_SOURCES = replay_log.c kadm5_locl.h + +ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h + +ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h + +LDADD = libkadm5srv.la $(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la $(LIB_roken) $(DBLIB) $(LIB_dlopen) + + +CLEANFILES = kadm5_err.c kadm5_err.h +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +LTLIBRARIES = $(lib_LTLIBRARIES) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +libkadm5srv_la_LIBADD = +libkadm5srv_la_OBJECTS = acl.lo chpass_s.lo common_glue.lo context_s.lo \ +create_s.lo delete_s.lo destroy_s.lo ent_setup.lo error.lo flush_s.lo \ +free.lo get_princs_s.lo get_s.lo init_s.lo kadm5_err.lo log.lo \ +marshall.lo modify_s.lo privs_s.lo randkey_s.lo rename_s.lo set_keys.lo \ +set_modifier.lo password_quality.lo server_glue.lo +libkadm5clnt_la_LIBADD = +libkadm5clnt_la_OBJECTS = chpass_c.lo common_glue.lo create_c.lo \ +delete_c.lo destroy_c.lo flush_c.lo free.lo get_c.lo get_princs_c.lo \ +init_c.lo kadm5_err.lo marshall.lo modify_c.lo privs_c.lo randkey_c.lo \ +rename_c.lo send_recv.lo client_glue.lo +libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT) +sbin_PROGRAMS = dump_log$(EXEEXT) replay_log$(EXEEXT) +PROGRAMS = $(libexec_PROGRAMS) $(sbin_PROGRAMS) + +ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) +ipropd_master_LDADD = $(LDADD) +ipropd_master_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +ipropd_master_LDFLAGS = +ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) +ipropd_slave_LDADD = $(LDADD) +ipropd_slave_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +ipropd_slave_LDFLAGS = +dump_log_OBJECTS = dump_log.$(OBJEXT) +dump_log_LDADD = $(LDADD) +dump_log_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +dump_log_LDFLAGS = +replay_log_OBJECTS = replay_log.$(OBJEXT) +replay_log_LDADD = $(LDADD) +replay_log_DEPENDENCIES = libkadm5srv.la \ +$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/des/libdes.la +replay_log_LDFLAGS = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +HEADERS = $(kadm5include_HEADERS) + +DIST_COMMON = ChangeLog Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +SOURCES = $(libkadm5srv_la_SOURCES) $(libkadm5clnt_la_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) $(dump_log_SOURCES) $(replay_log_SOURCES) +OBJECTS = $(libkadm5srv_la_OBJECTS) $(libkadm5clnt_la_OBJECTS) $(ipropd_master_OBJECTS) $(ipropd_slave_OBJECTS) $(dump_log_OBJECTS) $(replay_log_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kadm5/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-libLTLIBRARIES: + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + +distclean-libLTLIBRARIES: + +maintainer-clean-libLTLIBRARIES: + +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libdir) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + echo "$(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p; \ + else :; fi; \ + done + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ + done + +.c.o: + $(COMPILE) -c $< + +# FIXME: We should only use cygpath when building on Windows, +# and only if it is available. +.c.obj: + $(COMPILE) -c `cygpath -w $<` + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +.c.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.s.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.S.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libkadm5srv_la_LDFLAGS) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS) + +libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libkadm5clnt_la_LDFLAGS) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS) + +mostlyclean-libexecPROGRAMS: + +clean-libexecPROGRAMS: + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) + +distclean-libexecPROGRAMS: + +maintainer-clean-libexecPROGRAMS: + +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(libexec_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +mostlyclean-sbinPROGRAMS: + +clean-sbinPROGRAMS: + -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) + +distclean-sbinPROGRAMS: + +maintainer-clean-sbinPROGRAMS: + +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(sbindir) + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(sbin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) + @rm -f ipropd-master$(EXEEXT) + $(LINK) $(ipropd_master_LDFLAGS) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS) + +ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) + @rm -f ipropd-slave$(EXEEXT) + $(LINK) $(ipropd_slave_LDFLAGS) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS) + +dump_log$(EXEEXT): $(dump_log_OBJECTS) $(dump_log_DEPENDENCIES) + @rm -f dump_log$(EXEEXT) + $(LINK) $(dump_log_LDFLAGS) $(dump_log_OBJECTS) $(dump_log_LDADD) $(LIBS) + +replay_log$(EXEEXT): $(replay_log_OBJECTS) $(replay_log_DEPENDENCIES) + @rm -f replay_log$(EXEEXT) + $(LINK) $(replay_log_LDFLAGS) $(replay_log_OBJECTS) $(replay_log_LDADD) $(LIBS) + +install-kadm5includeHEADERS: $(kadm5include_HEADERS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(kadm5includedir) + @list='$(kadm5include_HEADERS)'; for p in $$list; do \ + if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \ + echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$p"; \ + $(INSTALL_DATA) $$d$$p $(DESTDIR)$(kadm5includedir)/$$p; \ + done + +uninstall-kadm5includeHEADERS: + @$(NORMAL_UNINSTALL) + list='$(kadm5include_HEADERS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(kadm5includedir)/$$p; \ + done + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +subdir = lib/kadm5 + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \ + install-sbinPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-kadm5includeHEADERS install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \ + uninstall-sbinPROGRAMS uninstall-kadm5includeHEADERS +uninstall: uninstall-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(libexecdir) \ + $(DESTDIR)$(sbindir) $(DESTDIR)$(kadm5includedir) + + +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ + mostlyclean-libtool mostlyclean-libexecPROGRAMS \ + mostlyclean-sbinPROGRAMS mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-libLTLIBRARIES clean-compile clean-libtool \ + clean-libexecPROGRAMS clean-sbinPROGRAMS clean-tags \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-libLTLIBRARIES distclean-compile \ + distclean-libtool distclean-libexecPROGRAMS \ + distclean-sbinPROGRAMS distclean-tags distclean-generic \ + clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-libLTLIBRARIES \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-libexecPROGRAMS \ + maintainer-clean-sbinPROGRAMS maintainer-clean-tags \ + maintainer-clean-generic distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \ +clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \ +uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \ +distclean-compile clean-compile maintainer-clean-compile \ +mostlyclean-libtool distclean-libtool clean-libtool \ +maintainer-clean-libtool mostlyclean-libexecPROGRAMS \ +distclean-libexecPROGRAMS clean-libexecPROGRAMS \ +maintainer-clean-libexecPROGRAMS uninstall-libexecPROGRAMS \ +install-libexecPROGRAMS mostlyclean-sbinPROGRAMS distclean-sbinPROGRAMS \ +clean-sbinPROGRAMS maintainer-clean-sbinPROGRAMS uninstall-sbinPROGRAMS \ +install-sbinPROGRAMS uninstall-kadm5includeHEADERS \ +install-kadm5includeHEADERS tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ +check-local check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-local install-data-am install-data install-am \ +install uninstall-am uninstall all-local all-redirect all-am all \ +installdirs mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + chmod 0 $$x; fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " cp $$file $(buildinclude)/$$f"; \ + cp $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat1-mans: + @ext=1;\ + foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat1dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat3-mans: + @ext=3;\ + foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat3dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat5-mans: + @ext=5;\ + foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat5dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat8-mans: + @ext=8;\ + foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat8dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +install-build-headers:: $(kadm5include_HEADERS) + @foo='$(kadm5include_HEADERS)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildkadm5include)/$$f 2> /dev/null ; then \ + : ; else \ + echo "cp $$file $(buildkadm5include)/$$f";\ + cp $$file $(buildkadm5include)/$$f; \ + fi ; \ + done + +$(libkadm5srv_la_OBJECTS): kadm5_err.h + +client_glue.lo server_glue.lo: $(srcdir)/common_glue.c + +# to help stupid solaris make + +kadm5_err.h: kadm5_err.et + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c new file mode 100644 index 0000000..3f42c60 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/acl.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: acl.c,v 1.10 1999/12/02 17:05:05 joda Exp $"); + +static struct units acl_units[] = { + { "all", KADM5_PRIV_ALL }, + { "change-password",KADM5_PRIV_CPW }, + { "cpw", KADM5_PRIV_CPW }, + { "list", KADM5_PRIV_LIST }, + { "delete", KADM5_PRIV_DELETE }, + { "modify", KADM5_PRIV_MODIFY }, + { "add", KADM5_PRIV_ADD }, + { "get", KADM5_PRIV_GET }, + { NULL } +}; + +kadm5_ret_t +_kadm5_string_to_privs(const char *s, u_int32_t* privs) +{ + int flags; + flags = parse_flags(s, acl_units, 0); + if(flags < 0) + return KADM5_FAILURE; + *privs = flags; + return 0; +} + +kadm5_ret_t +_kadm5_privs_to_string(u_int32_t privs, char *string, size_t len) +{ + if(privs == 0) + strlcpy(string, "none", len); + else + unparse_flags(privs, acl_units + 1, string, len); + return 0; +} + +kadm5_ret_t +_kadm5_acl_init(kadm5_server_context *context) +{ + FILE *f; + char buf[128]; + krb5_principal princ; + int flags; + krb5_error_code ret; + + krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); + ret = krb5_principal_compare(context->context, context->caller, princ); + krb5_free_principal(context->context, princ); + if(ret != 0){ + context->acl_flags = KADM5_PRIV_ALL; + return 0; + } + + flags = -1; + f = fopen(context->config.acl_file, "r"); + if(f){ + while(fgets(buf, sizeof(buf), f)){ + char *foo = NULL, *p; + p = strtok_r(buf, " \t\n", &foo); + if(p == NULL) + continue; + ret = krb5_parse_name(context->context, p, &princ); + if(ret) + continue; + if(!krb5_principal_compare(context->context, + context->caller, princ)){ + krb5_free_principal(context->context, princ); + continue; + } + krb5_free_principal(context->context, princ); + p = strtok_r(NULL, "\n", &foo); + if(p == NULL) + continue; + ret = _kadm5_string_to_privs(p, &flags); + break; + } + fclose(f); + } + if(flags == -1) + flags = 0; + context->acl_flags = flags; + return 0; +} + +kadm5_ret_t +_kadm5_acl_check_permission(kadm5_server_context *context, unsigned op) +{ + unsigned res = ~context->acl_flags & op; + if(res & KADM5_PRIV_GET) + return KADM5_AUTH_GET; + if(res & KADM5_PRIV_ADD) + return KADM5_AUTH_ADD; + if(res & KADM5_PRIV_MODIFY) + return KADM5_AUTH_MODIFY; + if(res & KADM5_PRIV_DELETE) + return KADM5_AUTH_DELETE; + if(res & KADM5_PRIV_CPW) + return KADM5_AUTH_CHANGEPW; + if(res & KADM5_PRIV_LIST) + return KADM5_AUTH_LIST; + if(res) + return KADM5_AUTH_INSUFFICIENT; + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h new file mode 100644 index 0000000..6cb08a3 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/admin.h @@ -0,0 +1,698 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id: admin.h,v 1.15 1999/12/02 17:05:05 joda Exp $ */ + +#ifndef __KADM5_ADMIN_H__ +#define __KADM5_ADMIN_H__ + +#define KADM5_API_VERSION_1 1 +#define KADM5_API_VERSION_2 2 + +#ifndef USE_KADM5_API_VERSION +#define USE_KADM5_API_VERSION KADM5_API_VERSION_2 +#endif + +#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 +#error No support for API versions other than 2 +#endif + +#define KADM5_STRUCT_VERSION 0 + +#include <krb5.h> + +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 +#define KRB5_KDB_NEW_PRINC 0x00008000 + +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 + +#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) + +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 + +#define KADM5_POLICY_NORMAL_MASK (~0) + +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_HIST_PRINCIPAL "kadmin/history" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" + +typedef struct _krb5_key_data { + int16_t key_data_ver; /* Version */ + int16_t key_data_kvno; /* Key Version */ + int16_t key_data_type[2]; /* Array of types */ + int16_t key_data_length[2]; /* Array of lengths */ + void** key_data_contents[2];/* Array of pointers */ +} krb5_key_data; + +typedef struct _krb5_tl_data { + struct _krb5_tl_data* tl_data_next; + int16_t tl_data_type; + int16_t tl_data_length; + void **tl_data_contents; +} krb5_tl_data; + +typedef struct _kadm5_principal_ent_t { + krb5_principal principal; + + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + + char * policy; + u_int32_t aux_attributes; + + krb5_deltat max_renewable_life; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; + int16_t n_key_data; + int16_t n_tl_data; + krb5_tl_data *tl_data; + krb5_key_data *key_data; +} kadm5_principal_ent_rec, *kadm5_principal_ent_t; + +typedef struct _kadm5_policy_ent_t { + char *policy; + + u_int32_t pw_min_life; + u_int32_t pw_max_life; + u_int32_t pw_min_length; + u_int32_t pw_min_classes; + u_int32_t pw_history_num; + u_int32_t policy_refcnt; +} kadm5_policy_ent_rec, *kadm5_policy_ent_t; + +#define KADM5_CONFIG_REALM (1 << 0) +#define KADM5_CONFIG_PROFILE (1 << 1) +#define KADM5_CONFIG_KADMIND_PORT (1 << 2) +#define KADM5_CONFIG_ADMIN_SERVER (1 << 3) +#define KADM5_CONFIG_DBNAME (1 << 4) +#define KADM5_CONFIG_ADBNAME (1 << 5) +#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) +#define KADM5_CONFIG_ACL_FILE (1 << 7) +#define KADM5_CONFIG_DICT_FILE (1 << 8) +#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) +#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) +#define KADM5_CONFIG_STASH_FILE (1 << 11) +#define KADM5_CONFIG_MKEY_NAME (1 << 12) +#define KADM5_CONFIG_ENCTYPE (1 << 13) +#define KADM5_CONFIG_MAX_LIFE (1 << 14) +#define KADM5_CONFIG_MAX_RLIFE (1 << 15) +#define KADM5_CONFIG_EXPIRATION (1 << 16) +#define KADM5_CONFIG_FLAGS (1 << 17) +#define KADM5_CONFIG_ENCTYPES (1 << 18) + +#define KADM5_PRIV_GET (1 << 0) +#define KADM5_PRIV_ADD (1 << 1) +#define KADM5_PRIV_MODIFY (1 << 2) +#define KADM5_PRIV_DELETE (1 << 3) +#define KADM5_PRIV_LIST (1 << 4) +#define KADM5_PRIV_CPW (1 << 5) +#define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) + +typedef struct { + int XXX; +}krb5_key_salt_tuple; + +typedef struct _kadm5_config_params { + u_int32_t mask; + + /* Client and server fields */ + char *realm; + int kadmind_port; + + /* client fields */ + char *admin_server; + + /* server fields */ + char *dbname; + char *acl_file; + + /* server library (database) fields */ + char *stash_file; +} kadm5_config_params; + +typedef krb5_error_code kadm5_ret_t; + +kadm5_ret_t +kadm5_c_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_c_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_c_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_c_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_c_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_c_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_c_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_c_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_c_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_c_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_c_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_c_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_flush __P((void *server_handle)); + +void +kadm5_free_key_data __P(( + void *server_handle, + int16_t *n_key_data, + krb5_key_data *key_data)); + +void +kadm5_free_name_list __P(( + void *server_handle, + char **names, + int *count)); + +void +kadm5_free_principal_ent __P(( + void *server_handle, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_ret_key_data __P(( + krb5_storage *sp, + krb5_key_data *key)); + +kadm5_ret_t +kadm5_ret_principal_ent __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_ret_principal_ent_mask __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t *mask)); + +kadm5_ret_t +kadm5_ret_tl_data __P(( + krb5_storage *sp, + krb5_tl_data *tl)); + +kadm5_ret_t +kadm5_s_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_s_chpass_principal_with_key __P(( + void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +kadm5_s_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_s_create_principal_with_key __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_s_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_get_principals __P(( + void *server_handle, + const char *exp, + char ***princs, + int *count)); + +kadm5_ret_t +kadm5_s_get_privs __P(( + void *server_handle, + u_int32_t *privs)); + +kadm5_ret_t +kadm5_s_init_with_creds __P(( + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_creds_ctx __P(( + krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_password __P(( + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_password_ctx __P(( + krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_skey __P(( + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_init_with_skey_ctx __P(( + krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_s_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_store_key_data __P(( + krb5_storage *sp, + krb5_key_data *key)); + +kadm5_ret_t +kadm5_store_principal_ent __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_store_principal_ent_mask __P(( + krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_store_tl_data __P(( + krb5_storage *sp, + krb5_tl_data *tl)); + +void +kadm5_setup_passwd_quality_check(krb5_context context, + const char *check_library, + const char *check_function); + +const char * +kadm5_check_password_quality (krb5_context context, + krb5_principal principal, + krb5_data *pwd_data); + +#if 0 +/* unimplemented functions */ +kadm5_ret_t +kadm5_decrypt_key(void *server_handle, + kadm5_principal_ent_t entry, int32_t + ktype, int32_t stype, int32_t + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop); + +kadm5_ret_t +kadm5_create_policy(void *server_handle, + kadm5_policy_ent_t policy, u_int32_t mask); + +kadm5_ret_t +kadm5_delete_policy(void *server_handle, char *policy); + + +kadm5_ret_t +kadm5_modify_policy(void *server_handle, + kadm5_policy_ent_t policy, + u_int32_t mask); + +kadm5_ret_t +kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); + +kadm5_ret_t +kadm5_get_policies(void *server_handle, char *exp, + char ***pols, int *count); + +void +kadm5_free_policy_ent(kadm5_policy_ent_t policy); + +#endif + +#endif /* __KADM5_ADMIN_H__ */ diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c new file mode 100644 index 0000000..aaec48f --- /dev/null +++ b/crypto/heimdal/lib/kadm5/chpass_c.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: chpass_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_c_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_chpass); + krb5_store_principal(sp, princ); + krb5_store_string(sp, password); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + krb5_storage_free(sp); + krb5_data_free (&reply); + return tmp; +} diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c new file mode 100644 index 0000000..e915124 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/chpass_s.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: chpass_s.c,v 1.8 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_s_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, + 0, &ent); + if(ret == HDB_ERR_NOENTRY) + goto out; + ret = _kadm5_set_keys(context, &ent, password); + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_modify (context, + &ent, + KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | + KADM5_KEY_DATA | KADM5_KVNO); + + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + return _kadm5_error_code(ret); +} + +kadm5_ret_t +kadm5_s_chpass_principal_with_key(void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, 0, &ent); + if(ret == HDB_ERR_NOENTRY) + goto out; + ret = _kadm5_set_keys2(&ent, n_key_data, key_data); + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_modify (context, + &ent, + KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | + KADM5_KEY_DATA | KADM5_KVNO); + + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + return _kadm5_error_code(ret); +} diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c new file mode 100644 index 0000000..395577d --- /dev/null +++ b/crypto/heimdal/lib/kadm5/client_glue.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: client_glue.c,v 1.5 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_init_with_password(const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_password(client_name, + password, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_password_ctx(krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_password_ctx(context, + client_name, + password, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_skey(const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_skey(client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_skey_ctx(krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_skey_ctx(context, + client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_creds(const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_creds(client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_creds_ctx(krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_creds_ctx(context, + client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c new file mode 100644 index 0000000..38c551c --- /dev/null +++ b/crypto/heimdal/lib/kadm5/common_glue.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: common_glue.c,v 1.4 1999/12/02 17:05:05 joda Exp $"); + +#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P; + +kadm5_ret_t +kadm5_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + return __CALL(chpass_principal, (server_handle, princ, password)); +} + +kadm5_ret_t +kadm5_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password) +{ + return __CALL(create_principal, (server_handle, princ, mask, password)); +} + +kadm5_ret_t +kadm5_delete_principal(void *server_handle, + krb5_principal princ) +{ + return __CALL(delete_principal, (server_handle, princ)); +} + +kadm5_ret_t +kadm5_destroy (void *server_handle) +{ + return __CALL(destroy, (server_handle)); +} + +kadm5_ret_t +kadm5_flush (void *server_handle) +{ + return __CALL(flush, (server_handle)); +} + +kadm5_ret_t +kadm5_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask) +{ + return __CALL(get_principal, (server_handle, princ, out, mask)); +} + +kadm5_ret_t +kadm5_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + return __CALL(modify_principal, (server_handle, princ, mask)); +} + +kadm5_ret_t +kadm5_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + return __CALL(randkey_principal, (server_handle, princ, new_keys, n_keys)); +} + +kadm5_ret_t +kadm5_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + return __CALL(rename_principal, (server_handle, source, target)); +} + +kadm5_ret_t +kadm5_get_principals(void *server_handle, + const char *exp, + char ***princs, + int *count) +{ + return __CALL(get_principals, (server_handle, exp, princs, count)); +} + +kadm5_ret_t +kadm5_get_privs(void *server_handle, + u_int32_t *privs) +{ + return __CALL(get_privs, (server_handle, privs)); +} diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c new file mode 100644 index 0000000..fc52576 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/context_s.c @@ -0,0 +1,221 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: context_s.c,v 1.13 2000/01/06 21:40:08 assar Exp $"); + +static void +set_funcs(kadm5_server_context *c) +{ +#define SET(C, F) (C)->funcs.F = kadm5_s_ ## F + SET(c, chpass_principal); + SET(c, chpass_principal); + SET(c, create_principal); + SET(c, delete_principal); + SET(c, destroy); + SET(c, flush); + SET(c, get_principal); + SET(c, get_principals); + SET(c, get_privs); + SET(c, modify_principal); + SET(c, randkey_principal); + SET(c, rename_principal); +} + +struct database_spec { + char *dbpath; + char *logfile; + char *mkeyfile; + char *aclfile; +}; + +static void +set_field(krb5_context context, krb5_config_binding *binding, + const char *dbname, const char *name, const char *ext, + char **variable) +{ + const char *p; + p = krb5_config_get_string(context, binding, name, NULL); + if(p) + *variable = strdup(p); + else { + p = strrchr(dbname, '.'); + if(p == NULL) + asprintf(variable, "%s.%s", dbname, ext); + else + asprintf(variable, "%.*s.%s", (int)(p - dbname), dbname, ext); + } +} + +static void +set_socket_name(const char *dbname, struct sockaddr_un *un) +{ + const char *p; + memset(un, 0, sizeof(*un)); + un->sun_family = AF_UNIX; + p = strrchr(dbname, '.'); + if(p == NULL) + snprintf(un->sun_path, sizeof(un->sun_path), "%s.signal", + dbname); + else + snprintf(un->sun_path, sizeof(un->sun_path), "%.*s.signal", + (int)(p - dbname), dbname); +} + +static void +set_config(kadm5_server_context *ctx, + krb5_config_binding *binding) +{ + const char *p; + if(ctx->config.dbname == NULL) { + p = krb5_config_get_string(ctx->context, binding, "dbname", NULL); + if(p) + ctx->config.dbname = strdup(p); + else + ctx->config.dbname = strdup(HDB_DEFAULT_DB); + } + if(ctx->log_context.log_file == NULL) + set_field(ctx->context, binding, ctx->config.dbname, + "log_file", "log", &ctx->log_context.log_file); + set_socket_name(ctx->config.dbname, &ctx->log_context.socket_name); + if(ctx->config.acl_file == NULL) + set_field(ctx->context, binding, ctx->config.dbname, + "acl_file", "acl", &ctx->config.acl_file); + /* XXX calling a file a `stash file' isn't very clever */ + if(ctx->config.stash_file == NULL) + set_field(ctx->context, binding, ctx->config.dbname, + "mkey_file", "mkey", &ctx->config.stash_file); +} + +static kadm5_ret_t +find_db_spec(kadm5_server_context *ctx) +{ + krb5_config_binding *top_binding = NULL; + krb5_config_binding *db_binding; + krb5_config_binding *default_binding = NULL; + krb5_context context = ctx->context; + + while((db_binding = (krb5_config_binding *) + krb5_config_get_next(context, + NULL, &top_binding, + krb5_config_list, + "kdc", + "database", + NULL))) { + const char *p; + p = krb5_config_get_string(context, db_binding, "realm", NULL); + if(p == NULL) { + if(default_binding) { + krb5_warnx(context, "WARNING: more than one realm-less " + "database specification"); + krb5_warnx(context, "WARNING: using the first encountered"); + } else + default_binding = db_binding; + continue; + } + if(strcmp(ctx->config.realm, p) != 0) + continue; + + set_config(ctx, db_binding); + return 0; + } + if(default_binding) + set_config(ctx, default_binding); + else { + ctx->config.dbname = strdup(HDB_DEFAULT_DB); + ctx->config.acl_file = HDB_DB_DIR "/kadmind.acl"; + ctx->config.stash_file = HDB_DB_DIR "/m-key"; + ctx->log_context.log_file = HDB_DB_DIR "/log"; + memset(&ctx->log_context.socket_name, 0, + sizeof(ctx->log_context.socket_name)); + ctx->log_context.socket_name.sun_family = AF_UNIX; + strlcpy(ctx->log_context.socket_name.sun_path, + KADM5_LOG_SIGNAL, + sizeof(ctx->log_context.socket_name.sun_path)); + } + return 0; +} + +kadm5_ret_t +_kadm5_s_init_context(kadm5_server_context **ctx, + kadm5_config_params *params, + krb5_context context) +{ + *ctx = malloc(sizeof(**ctx)); + if(*ctx == NULL) + return ENOMEM; + memset(*ctx, 0, sizeof(**ctx)); + set_funcs(*ctx); + (*ctx)->context = context; + krb5_add_et_list (context, initialize_kadm5_error_table_r); +#define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M) + if(is_set(REALM)) + (*ctx)->config.realm = strdup(params->realm); + else + krb5_get_default_realm(context, &(*ctx)->config.realm); + if(is_set(DBNAME)) + (*ctx)->config.dbname = strdup(params->dbname); + if(is_set(ACL_FILE)) + (*ctx)->config.acl_file = strdup(params->acl_file); + if(is_set(STASH_FILE)) + (*ctx)->config.stash_file = strdup(params->stash_file); + + find_db_spec(*ctx); + + /* PROFILE can't be specified for now */ + /* KADMIND_PORT is supposed to be used on the server also, + but this doesn't make sense */ + /* ADMIN_SERVER is client only */ + /* ADNAME is not used at all (as far as I can tell) */ + /* ADB_LOCKFILE ditto */ + /* DICT_FILE */ + /* ADMIN_KEYTAB */ + /* MKEY_FROM_KEYBOARD is not supported */ + /* MKEY_NAME neither */ + /* ENCTYPE */ + /* MAX_LIFE */ + /* MAX_RLIFE */ + /* EXPIRATION */ + /* FLAGS */ + /* ENCTYPES */ + + return 0; +} + +HDB * +_kadm5_s_get_db(void *server_handle) +{ + kadm5_server_context *context = server_handle; + return context->db; +} diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c new file mode 100644 index 0000000..45eb3e2 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/create_c.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: create_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_c_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_create); + kadm5_store_principal_ent(sp, princ); + krb5_store_int32(sp, mask); + krb5_store_string(sp, password); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + krb5_storage_free(sp); + krb5_data_free (&reply); + return tmp; +} + diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c new file mode 100644 index 0000000..6e352f6 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/create_s.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: create_s.c,v 1.16 1999/12/02 17:05:05 joda Exp $"); + +static kadm5_ret_t +get_default(kadm5_server_context *context, krb5_principal princ, + kadm5_principal_ent_t def) +{ + kadm5_ret_t ret; + krb5_principal def_principal; + krb5_realm *realm = krb5_princ_realm(context->context, princ); + + ret = krb5_make_principal(context->context, &def_principal, + *realm, "default", NULL); + if (ret) + return ret; + ret = kadm5_s_get_principal(context, def_principal, def, + KADM5_PRINCIPAL_NORMAL_MASK); + krb5_free_principal (context->context, def_principal); + return ret; +} + +static kadm5_ret_t +create_principal(kadm5_server_context *context, + kadm5_principal_ent_t princ, + u_int32_t mask, + hdb_entry *ent, + u_int32_t required_mask, + u_int32_t forbidden_mask) +{ + kadm5_ret_t ret; + kadm5_principal_ent_rec defrec, *defent; + u_int32_t def_mask; + + if((mask & required_mask) != required_mask) + return KADM5_BAD_MASK; + if((mask & forbidden_mask)) + return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) + /* XXX no real policies for now */ + return KADM5_UNK_POLICY; + memset(ent, 0, sizeof(*ent)); + ret = krb5_copy_principal(context->context, princ->principal, + &ent->principal); + if(ret) + return ret; + + defent = &defrec; + ret = get_default(context, princ->principal, defent); + if(ret) { + defent = NULL; + def_mask = 0; + } else { + def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE; + } + + ret = _kadm5_setup_entry(ent, mask | def_mask, + princ, mask, + defent, def_mask); + if(defent) + kadm5_free_principal_ent(context, defent); + + ent->created_by.time = time(NULL); + ret = krb5_copy_principal(context->context, context->caller, + &ent->created_by.principal); + + return ret; +} + +kadm5_ret_t +kadm5_s_create_principal_with_key(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + kadm5_ret_t ret; + hdb_entry ent; + kadm5_server_context *context = server_handle; + + ret = create_principal(context, princ, mask, &ent, + KADM5_PRINCIPAL | KADM5_KEY_DATA, + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO + | KADM5_AUX_ATTRIBUTES + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); + if(ret) + goto out; + + ret = _kadm5_set_keys2(&ent, princ->n_key_data, princ->key_data); + if(ret) + goto out; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_create (context, &ent); + + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + goto out; + ret = context->db->store(context->context, context->db, 0, &ent); + context->db->close(context->context, context->db); +out: + hdb_free_entry(context->context, &ent); + return _kadm5_error_code(ret); +} + + +kadm5_ret_t +kadm5_s_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password) +{ + kadm5_ret_t ret; + hdb_entry ent; + kadm5_server_context *context = server_handle; + + ret = create_principal(context, princ, mask, &ent, + KADM5_PRINCIPAL, + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO + | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); + if(ret) + goto out; + + /* XXX this should be fixed */ + ent.keys.len = 4; + ent.keys.val = calloc(ent.keys.len, sizeof(*ent.keys.val)); + ent.keys.val[0].key.keytype = ETYPE_DES_CBC_CRC; + /* flag as version 4 compatible salt; ignored by _kadm5_set_keys + if we don't want to be compatible */ + ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt)); + ent.keys.val[0].salt->type = hdb_pw_salt; + ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; + ent.keys.val[1].salt = calloc(1, sizeof(*ent.keys.val[1].salt)); + ent.keys.val[1].salt->type = hdb_pw_salt; + ent.keys.val[2].key.keytype = ETYPE_DES_CBC_MD5; + ent.keys.val[2].salt = calloc(1, sizeof(*ent.keys.val[2].salt)); + ent.keys.val[2].salt->type = hdb_pw_salt; + ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1; + ret = _kadm5_set_keys(context, &ent, password); + + hdb_seal_keys(context->db, &ent); + + kadm5_log_create (context, &ent); + + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + goto out; + ret = context->db->store(context->context, context->db, 0, &ent); + context->db->close(context->context, context->db); +out: + hdb_free_entry(context->context, &ent); + return _kadm5_error_code(ret); +} + diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c new file mode 100644 index 0000000..71a3cf0 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/delete_c.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: delete_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_c_delete_principal(void *server_handle, krb5_principal princ) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_delete); + krb5_store_principal(sp, princ); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if (ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if (ret) + return ret; + sp = krb5_storage_from_data (&reply); + if(sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + krb5_storage_free(sp); + krb5_data_free (&reply); + return tmp; +} diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c new file mode 100644 index 0000000..ef326587b --- /dev/null +++ b/crypto/heimdal/lib/kadm5/delete_s.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: delete_s.c,v 1.7 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_s_delete_principal(void *server_handle, krb5_principal princ) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent; + + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) { + krb5_warn(context->context, ret, "opening database"); + return ret; + } + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); + if(ret == HDB_ERR_NOENTRY) + goto out2; + if(ent.flags.immutable) { + ret = KADM5_PROTECT_PRINCIPAL; + goto out; + } + + hdb_seal_keys(context->db, &ent); + + kadm5_log_delete (context, princ); + + ret = context->db->remove(context->context, context->db, &ent); +out: + hdb_free_entry(context->context, &ent); +out2: + context->db->close(context->context, context->db); + return _kadm5_error_code(ret); +} diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c new file mode 100644 index 0000000..b42c84c --- /dev/null +++ b/crypto/heimdal/lib/kadm5/destroy_c.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: destroy_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_c_destroy(void *server_handle) +{ + kadm5_client_context *context = server_handle; + + free(context->realm); + free(context->admin_server); + close(context->sock); + if (context->ac != NULL) + krb5_auth_con_free(context->context, context->ac); + if(context->my_context) + krb5_free_context(context->context); + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c new file mode 100644 index 0000000..22158d0 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/destroy_s.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: destroy_s.c,v 1.5 1999/12/02 17:05:05 joda Exp $"); + +kadm5_ret_t +kadm5_s_destroy(void *server_handle) +{ + kadm5_ret_t ret; + kadm5_server_context *context = server_handle; + krb5_context kcontext = context->context; + + ret = context->db->destroy(kcontext, context->db); + if(context->my_context) + krb5_free_context(kcontext); + return ret; +} + diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c new file mode 100644 index 0000000..68a3f53 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/dump_log.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "iprop.h" +#include "parse_time.h" + +RCSID("$Id: dump_log.c,v 1.9 1999/12/04 19:49:43 assar Exp $"); + +static char *op_names[] = { + "get", + "delete", + "create", + "rename", + "chpass", + "modify", + "randkey", + "get_privs", + "get_princs" +}; + +static void +print_entry(kadm5_server_context *server_context, + u_int32_t ver, + time_t timestamp, + enum kadm_ops op, + u_int32_t len, + krb5_storage *sp) +{ + char t[256]; + u_int32_t mask; + hdb_entry ent; + krb5_principal source; + char *name1, *name2; + krb5_data data; + krb5_context context = server_context->context; + + off_t end = sp->seek(sp, 0, SEEK_CUR) + len; + + krb5_error_code ret; + + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); + + if(op < kadm_get || op > kadm_get_princs) { + printf("unknown op: %d\n", op); + sp->seek(sp, end, SEEK_SET); + return; + } + + printf ("%s: ver = %u, timestamp = %s, len = %u\n", + op_names[op], ver, t, len); + switch(op) { + case kadm_delete: + krb5_ret_principal(sp, &source); + krb5_unparse_name(context, source, &name1); + printf(" %s\n", name1); + free(name1); + krb5_free_principal(context, source); + break; + case kadm_rename: + krb5_data_alloc(&data, len); + krb5_ret_principal(sp, &source); + sp->fetch(sp, data.data, data.length); + hdb_value2entry(context, &data, &ent); + krb5_unparse_name(context, source, &name1); + krb5_unparse_name(context, ent.principal, &name2); + printf(" %s -> %s\n", name1, name2); + free(name1); + free(name2); + krb5_free_principal(context, source); + hdb_free_entry(context, &ent); + break; + case kadm_create: + krb5_data_alloc(&data, len); + sp->fetch(sp, data.data, data.length); + ret = hdb_value2entry(context, &data, &ent); + if(ret) + abort(); + mask = ~0; + goto foo; + case kadm_modify: + krb5_data_alloc(&data, len); + krb5_ret_int32(sp, &mask); + sp->fetch(sp, data.data, data.length); + ret = hdb_value2entry(context, &data, &ent); + if(ret) + abort(); + foo: + if(ent.principal /* mask & KADM5_PRINCIPAL */) { + krb5_unparse_name(context, ent.principal, &name1); + printf(" principal = %s\n", name1); + free(name1); + } + if(mask & KADM5_PRINC_EXPIRE_TIME) { + if(ent.valid_end == NULL) { + strcpy(t, "never"); + } else { + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + localtime(ent.valid_end)); + } + printf(" expires = %s\n", t); + } + if(mask & KADM5_PW_EXPIRATION) { + if(ent.valid_end == NULL) { + strcpy(t, "never"); + } else { + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + localtime(ent.valid_end)); + } + printf(" password exp = %s\n", t); + } + if(mask & KADM5_LAST_PWD_CHANGE) { + } + if(mask & KADM5_ATTRIBUTES) { + unparse_flags(HDBFlags2int(ent.flags), + HDBFlags_units, t, sizeof(t)); + printf(" attributes = %s\n", t); + } + if(mask & KADM5_MAX_LIFE) { + if(ent.max_life == NULL) + strcpy(t, "for ever"); + else + unparse_time(*ent.max_life, t, sizeof(t)); + printf(" max life = %s\n", t); + } + if(mask & KADM5_MAX_RLIFE) { + if(ent.max_renew == NULL) + strcpy(t, "for ever"); + else + unparse_time(*ent.max_renew, t, sizeof(t)); + printf(" max rlife = %s\n", t); + } + if(mask & KADM5_MOD_TIME) { + printf(" mod time\n"); + } + if(mask & KADM5_MOD_NAME) { + printf(" mod name\n"); + } + if(mask & KADM5_KVNO) { + printf(" kvno = %d\n", ent.kvno); + } + if(mask & KADM5_MKVNO) { + printf(" mkvno\n"); + } + if(mask & KADM5_AUX_ATTRIBUTES) { + printf(" aux attributes\n"); + } + if(mask & KADM5_POLICY) { + printf(" policy\n"); + } + if(mask & KADM5_POLICY_CLR) { + printf(" mod time\n"); + } + if(mask & KADM5_LAST_SUCCESS) { + printf(" last success\n"); + } + if(mask & KADM5_LAST_FAILED) { + printf(" last failed\n"); + } + if(mask & KADM5_FAIL_AUTH_COUNT) { + printf(" fail auth count\n"); + } + if(mask & KADM5_KEY_DATA) { + printf(" key data\n"); + } + if(mask & KADM5_TL_DATA) { + printf(" tl data\n"); + } + hdb_free_entry(context, &ent); + break; + default: + abort(); + } + sp->seek(sp, end, SEEK_SET); +} + +char *realm; +int version_flag; +int help_flag; +struct getargs args[] = { + { "realm", 'r', arg_string, &realm }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + void *kadm_handle; + kadm5_server_context *server_context; + kadm5_config_params conf; + + krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + memset(&conf, 0, sizeof(conf)); + if(realm) { + conf.mask |= KADM5_CONFIG_REALM; + conf.realm = realm; + } + ret = kadm5_init_with_password_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if (ret) + krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); + + server_context = (kadm5_server_context *)kadm_handle; + + ret = kadm5_log_init (server_context); + if (ret) + krb5_err (context, 1, ret, "kadm5_log_init"); + + ret = kadm5_log_foreach (server_context, print_entry); + if(ret) + krb5_warn(context, ret, "kadm5_log_foreach"); + + ret = kadm5_log_end (server_context); + if (ret) + krb5_warn(context, ret, "kadm5_log_end"); + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c new file mode 100644 index 0000000..46653c7 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/ent_setup.c @@ -0,0 +1,141 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: ent_setup.c,v 1.11 1999/12/02 17:05:06 joda Exp $"); + +#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0) +#define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0) + +static void +attr_to_flags(unsigned attr, HDBFlags *flags) +{ + flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED); + flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE); + flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED); + flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE); + flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE); + /* DUP_SKEY */ + flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX); + flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH); + /* HW_AUTH */ + flags->server = !(attr & KRB5_KDB_DISALLOW_SVR); + flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE); + flags->client = 1; /* XXX */ +} + +/* + * Create the hdb entry `ent' based on data from `princ' with + * `princ_mask' specifying what fields to be gotten from there and + * `mask' specifying what fields we want filled in. + */ + +kadm5_ret_t +_kadm5_setup_entry(hdb_entry *ent, + u_int32_t mask, + kadm5_principal_ent_t princ, + u_int32_t princ_mask, + kadm5_principal_ent_t def, + u_int32_t def_mask) +{ + if(mask & KADM5_PRINC_EXPIRE_TIME + && princ_mask & KADM5_PRINC_EXPIRE_TIME) { + if (princ->princ_expire_time) + set_value(ent->valid_end, princ->princ_expire_time); + else + set_null(ent->valid_end); + } + if(mask & KADM5_PW_EXPIRATION + && princ_mask & KADM5_PW_EXPIRATION) { + if (princ->pw_expiration) + set_value(ent->pw_end, princ->pw_expiration); + else + set_null(ent->pw_end); + } + if(mask & KADM5_ATTRIBUTES) { + if (princ_mask & KADM5_ATTRIBUTES) { + attr_to_flags(princ->attributes, &ent->flags); + } else if(def_mask & KADM5_ATTRIBUTES) { + attr_to_flags(def->attributes, &ent->flags); + ent->flags.invalid = 0; + } else { + ent->flags.client = 1; + ent->flags.server = 1; + ent->flags.forwardable = 1; + ent->flags.proxiable = 1; + ent->flags.renewable = 1; + ent->flags.postdate = 1; + } + } + if(mask & KADM5_MAX_LIFE) { + if(princ_mask & KADM5_MAX_LIFE) { + if(princ->max_life) + set_value(ent->max_life, princ->max_life); + else + set_null(ent->max_life); + } else if(def_mask & KADM5_MAX_LIFE) { + if(def->max_life) + set_value(ent->max_life, def->max_life); + else + set_null(ent->max_life); + } + } + if(mask & KADM5_KVNO + && princ_mask & KADM5_KVNO) + ent->kvno = princ->kvno; + if(mask & KADM5_MAX_RLIFE) { + if(princ_mask & KADM5_MAX_RLIFE) { + if(princ->max_renewable_life) + set_value(ent->max_renew, princ->max_renewable_life); + else + set_null(ent->max_renew); + } else if(def_mask & KADM5_MAX_RLIFE) { + if(def->max_renewable_life) + set_value(ent->max_renew, def->max_renewable_life); + else + set_null(ent->max_renew); + } + } + if(mask & KADM5_KEY_DATA + && princ_mask & KADM5_KEY_DATA) { + _kadm5_set_keys2(ent, princ->n_key_data, princ->key_data); + } + if(mask & KADM5_TL_DATA) { + /* XXX */ + } + if(mask & KADM5_FAIL_AUTH_COUNT) { + /* XXX */ + } + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c new file mode 100644 index 0000000..11b1ded --- /dev/null +++ b/crypto/heimdal/lib/kadm5/error.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: error.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +_kadm5_error_code(kadm5_ret_t code) +{ + switch(code){ + case HDB_ERR_EXISTS: + return KADM5_DUP; + case HDB_ERR_NOENTRY: + return KADM5_UNK_PRINC; + } + return code; +} diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c new file mode 100644 index 0000000..4808259 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/flush.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: flush.c,v 1.2 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +kadm5_s_flush(void *server_handle) +{ + return 0; +} + +kadm5_ret_t +kadm5_c_flush(void *server_handle) +{ + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c new file mode 100644 index 0000000..01cdcf7 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/flush_c.c @@ -0,0 +1,41 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "kadm5_locl.h" + +RCSID("$Id: flush_c.c,v 1.1 1999/03/23 18:23:36 joda Exp $"); + +kadm5_ret_t +kadm5_c_flush(void *server_handle) +{ + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c new file mode 100644 index 0000000..dffbe2f --- /dev/null +++ b/crypto/heimdal/lib/kadm5/flush_s.c @@ -0,0 +1,41 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "kadm5_locl.h" + +RCSID("$Id: flush_s.c,v 1.1 1999/03/23 18:23:37 joda Exp $"); + +kadm5_ret_t +kadm5_s_flush(void *server_handle) +{ + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c new file mode 100644 index 0000000..fcc1e70 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/free.c @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: free.c,v 1.4 1999/12/02 17:05:06 joda Exp $"); + +void +kadm5_free_key_data(void *server_handle, + int16_t *n_key_data, + krb5_key_data *key_data) +{ + int i; + for(i = 0; i < *n_key_data; i++){ + if(key_data[i].key_data_contents[0]){ + memset(key_data[i].key_data_contents[0], + 0, + key_data[i].key_data_length[0]); + free(key_data[i].key_data_contents[0]); + } + if(key_data[i].key_data_contents[1]) + free(key_data[i].key_data_contents[1]); + } + *n_key_data = 0; +} + + +void +kadm5_free_principal_ent(void *server_handle, + kadm5_principal_ent_t princ) +{ + kadm5_server_context *context = server_handle; + if(princ->principal) + krb5_free_principal(context->context, princ->principal); + if(princ->mod_name) + krb5_free_principal(context->context, princ->mod_name); + kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data); + while(princ->n_tl_data && princ->tl_data) { + krb5_tl_data *tp; + tp = princ->tl_data; + princ->tl_data = tp->tl_data_next; + princ->n_tl_data--; + memset(tp->tl_data_contents, 0, tp->tl_data_length); + free(tp->tl_data_contents); + free(tp); + } + if (princ->key_data != NULL) + free (princ->key_data); +} + +void +kadm5_free_name_list(void *server_handle, + char **names, + int *count) +{ + int i; + for(i = 0; i < *count; i++) + free(names[i]); + free(names); + *count = 0; +} diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c new file mode 100644 index 0000000..9ca672a --- /dev/null +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: get_c.c,v 1.5 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +kadm5_c_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_get); + krb5_store_principal(sp, princ); + krb5_store_int32(sp, mask); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if(ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if (ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + if(ret == 0) + kadm5_ret_principal_ent(sp, out); + krb5_storage_free(sp); + krb5_data_free (&reply); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c new file mode 100644 index 0000000..0956052 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/get_princs_c.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: get_princs_c.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +kadm5_c_get_principals(void *server_handle, + const char *exp, + char ***princs, + int *count) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_get_princs); + krb5_store_int32(sp, exp != NULL); + if(exp) + krb5_store_string(sp, exp); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + if(ret == 0) { + int i; + krb5_ret_int32(sp, &tmp); + *princs = calloc(tmp + 1, sizeof(**princs)); + if (*princs == NULL) { + ret = ENOMEM; + goto out; + } + for(i = 0; i < tmp; i++) + krb5_ret_string(sp, &(*princs)[i]); + *count = tmp; + } +out: + krb5_storage_free(sp); + krb5_data_free (&reply); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c new file mode 100644 index 0000000..2702bae --- /dev/null +++ b/crypto/heimdal/lib/kadm5/get_princs_s.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: get_princs_s.c,v 1.5 1999/12/02 17:05:06 joda Exp $"); + +struct foreach_data { + const char *exp; + char *exp2; + char **princs; + int count; +}; + +static krb5_error_code +add_princ(struct foreach_data *d, char *princ) +{ + char **tmp; + tmp = realloc(d->princs, (d->count + 1) * sizeof(*tmp)); + if(tmp == NULL) + return ENOMEM; + d->princs = tmp; + d->princs[d->count++] = princ; + return 0; +} + +static krb5_error_code +foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data) +{ + struct foreach_data *d = data; + char *princ; + krb5_error_code ret; + ret = krb5_unparse_name(context, ent->principal, &princ); + if(ret) + return ret; + if(d->exp){ + if(fnmatch(d->exp, princ, 0) == 0 || fnmatch(d->exp2, princ, 0) == 0) + ret = add_princ(d, princ); + else + free(princ); + }else{ + ret = add_princ(d, princ); + } + if(ret) + free(princ); + return ret; +} + +kadm5_ret_t +kadm5_s_get_principals(void *server_handle, + const char *exp, + char ***princs, + int *count) +{ + struct foreach_data d; + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) { + krb5_warn(context->context, ret, "opening database"); + return ret; + } + d.exp = exp; + { + krb5_realm r; + krb5_get_default_realm(context->context, &r); + asprintf(&d.exp2, "%s@%s", exp, r); + free(r); + } + d.princs = NULL; + d.count = 0; + ret = hdb_foreach(context->context, context->db, 0, foreach, &d); + context->db->close(context->context, context->db); + if(ret == 0) + ret = add_princ(&d, NULL); + if(ret == 0){ + *princs = d.princs; + *count = d.count - 1; + }else + kadm5_free_name_list(context, d.princs, &d.count); + free(d.exp2); + return _kadm5_error_code(ret); +} diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c new file mode 100644 index 0000000..12613b6 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/get_s.c @@ -0,0 +1,181 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: get_s.c,v 1.11 1999/12/26 19:38:23 assar Exp $"); + +kadm5_ret_t +kadm5_s_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent; + + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDONLY, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); + context->db->close(context->context, context->db); + if(ret) + return _kadm5_error_code(ret); + + memset(out, 0, sizeof(*out)); + if(mask & KADM5_PRINCIPAL) + ret = krb5_copy_principal(context->context, ent.principal, + &out->principal); + if(ret) + goto out; + if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end) + out->princ_expire_time = *ent.valid_end; + if(mask & KADM5_PW_EXPIRATION && ent.pw_end) + out->pw_expiration = *ent.pw_end; + if(mask & KADM5_LAST_PWD_CHANGE) + /* XXX implement */; + if(mask & KADM5_ATTRIBUTES){ + out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; + out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; + out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; + out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; + out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; + out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; + out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; + out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; + out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; + } + if(mask & KADM5_MAX_LIFE && ent.max_life) + out->max_life = *ent.max_life; + if(mask & KADM5_MOD_TIME) { + if(ent.modified_by) + out->mod_date = ent.modified_by->time; + else + out->mod_date = ent.created_by.time; + } + if(mask & KADM5_MOD_NAME) { + if(ent.modified_by) { + if (ent.modified_by->principal != NULL) + ret = krb5_copy_principal(context->context, + ent.modified_by->principal, + &out->mod_name); + } else + ret = krb5_copy_principal(context->context, + ent.created_by.principal, + &out->mod_name); + } + if(ret) + goto out; + + if(mask & KADM5_KVNO) + out->kvno = ent.kvno; + if(mask & KADM5_MKVNO) { + int n; + out->mkvno = 0; /* XXX */ + for(n = 0; n < ent.keys.len; n++) + if(ent.keys.val[n].mkvno) { + out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */ + break; + } + } + if(mask & KADM5_AUX_ATTRIBUTES) + /* XXX implement */; + if(mask & KADM5_POLICY) + out->policy = NULL; + if(mask & KADM5_MAX_RLIFE && ent.max_renew) + out->max_renewable_life = *ent.max_renew; + if(mask & KADM5_LAST_SUCCESS) + /* XXX implement */; + if(mask & KADM5_LAST_FAILED) + /* XXX implement */; + if(mask & KADM5_FAIL_AUTH_COUNT) + /* XXX implement */; + if(mask & KADM5_KEY_DATA){ + int i; + Key *key; + krb5_key_data *kd; + krb5_salt salt; + krb5_data *sp; + krb5_get_pw_salt(context->context, ent.principal, &salt); + out->key_data = malloc(ent.keys.len * sizeof(*out->key_data)); + for(i = 0; i < ent.keys.len; i++){ + key = &ent.keys.val[i]; + kd = &out->key_data[i]; + kd->key_data_ver = 2; + kd->key_data_kvno = ent.kvno; + kd->key_data_type[0] = key->key.keytype; + if(key->salt) + kd->key_data_type[1] = key->salt->type; + else + kd->key_data_type[1] = pa_pw_salt; + /* setup key */ + kd->key_data_length[0] = key->key.keyvalue.length; + kd->key_data_contents[0] = malloc(kd->key_data_length[0]); + if(kd->key_data_contents[0] == NULL){ + ret = ENOMEM; + break; + } + memcpy(kd->key_data_contents[0], key->key.keyvalue.data, + kd->key_data_length[0]); + /* setup salt */ + if(key->salt) + sp = &key->salt->salt; + else + sp = &salt.saltvalue; + kd->key_data_length[1] = sp->length; + kd->key_data_contents[1] = malloc(kd->key_data_length[1]); + if(kd->key_data_length[1] != 0 + && kd->key_data_contents[1] == NULL) { + memset(kd->key_data_contents[0], 0, kd->key_data_length[0]); + ret = ENOMEM; + break; + } + memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]); + out->n_key_data = i + 1; + } + krb5_free_salt(context->context, salt); + } + if(ret){ + kadm5_free_principal_ent(context, out); + goto out; + } + if(mask & KADM5_TL_DATA) + /* XXX implement */; +out: + hdb_free_entry(context->context, &ent); + + return _kadm5_error_code(ret); +} diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c new file mode 100644 index 0000000..f6429df --- /dev/null +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -0,0 +1,602 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> + +RCSID("$Id: init_c.c,v 1.34 1999/12/20 14:05:49 assar Exp $"); + +static void +set_funcs(kadm5_client_context *c) +{ +#define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F + SET(c, chpass_principal); + SET(c, chpass_principal); + SET(c, create_principal); + SET(c, delete_principal); + SET(c, destroy); + SET(c, flush); + SET(c, get_principal); + SET(c, get_principals); + SET(c, get_privs); + SET(c, modify_principal); + SET(c, randkey_principal); + SET(c, rename_principal); +} + +kadm5_ret_t +_kadm5_c_init_context(kadm5_client_context **ctx, + kadm5_config_params *params, + krb5_context context) +{ + krb5_error_code ret; + char *colon; + + *ctx = malloc(sizeof(**ctx)); + if(*ctx == NULL) + return ENOMEM; + memset(*ctx, 0, sizeof(**ctx)); + krb5_add_et_list (context, initialize_kadm5_error_table_r); + set_funcs(*ctx); + (*ctx)->context = context; + if(params->mask & KADM5_CONFIG_REALM) + (*ctx)->realm = strdup(params->realm); + else + krb5_get_default_realm((*ctx)->context, &(*ctx)->realm); + if(params->mask & KADM5_CONFIG_ADMIN_SERVER) + (*ctx)->admin_server = strdup(params->admin_server); + else { + char **hostlist; + + ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist); + if (ret) + return ret; + (*ctx)->admin_server = strdup(*hostlist); + krb5_free_krbhst (context, hostlist); + } + + if ((*ctx)->admin_server == NULL) + return ENOMEM; + colon = strchr ((*ctx)->admin_server, ':'); + if (colon != NULL) + *colon++ = '\0'; + + (*ctx)->kadmind_port = 0; + + if(params->mask & KADM5_CONFIG_KADMIND_PORT) + (*ctx)->kadmind_port = params->kadmind_port; + else if (colon != NULL) { + char *end; + + (*ctx)->kadmind_port = htons(strtol (colon, &end, 0)); + } + if ((*ctx)->kadmind_port == 0) + (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", + "tcp", 749); + return 0; +} + +static krb5_error_code +get_kadm_ticket(krb5_context context, + krb5_ccache id, + krb5_principal client, + const char *server_name) +{ + krb5_error_code ret; + krb5_creds in, *out; + + memset(&in, 0, sizeof(in)); + in.client = client; + ret = krb5_parse_name(context, server_name, &in.server); + if(ret) + return ret; + ret = krb5_get_credentials(context, 0, id, &in, &out); + if(ret == 0) + krb5_free_creds(context, out); + krb5_free_principal(context, in.server); + return ret; +} + +static krb5_error_code +get_new_cache(krb5_context context, + krb5_principal client, + const char *password, + krb5_prompter_fct prompter, + const char *keytab, + const char *server_name, + krb5_ccache *ret_cache) +{ + krb5_error_code ret; + krb5_creds cred; + krb5_get_init_creds_opt opt; + krb5_ccache id; + + krb5_get_init_creds_opt_init (&opt); + if(password == NULL && prompter == NULL) { + krb5_keytab kt; + if(keytab == NULL) + ret = krb5_kt_default(context, &kt); + else + ret = krb5_kt_resolve(context, keytab, &kt); + if(ret) + return ret; + ret = krb5_get_init_creds_keytab (context, + &cred, + client, + kt, + 0, + server_name, + &opt); + krb5_kt_close(context, kt); + } else { + ret = krb5_get_init_creds_password (context, + &cred, + client, + password, + prompter, + NULL, + 0, + server_name, + &opt); + } + switch(ret){ + case 0: + break; + case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */ + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + case KRB5KRB_AP_ERR_MODIFIED: + return KADM5_BAD_PASSWORD; + default: + return ret; + } + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + if(ret) + return ret; + ret = krb5_cc_initialize (context, id, cred.client); + if (ret) + return ret; + ret = krb5_cc_store_cred (context, id, &cred); + if (ret) + return ret; + krb5_free_creds_contents (context, &cred); + *ret_cache = id; + return 0; +} + +static krb5_error_code +get_cred_cache(krb5_context context, + const char *client_name, + const char *server_name, + const char *password, + krb5_prompter_fct prompter, + const char *keytab, + krb5_ccache ccache, + krb5_ccache *ret_cache) +{ + krb5_error_code ret; + krb5_ccache id = NULL; + krb5_principal default_client = NULL, client = NULL; + + /* treat empty password as NULL */ + if(password && *password == '\0') + password = NULL; + if(server_name == NULL) + server_name = KADM5_ADMIN_SERVICE; + + if(client_name != NULL) { + ret = krb5_parse_name(context, client_name, &client); + if(ret) + return ret; + } + + if(password != NULL || prompter != NULL) { + /* get principal from default cache, ok if this doesn't work */ + ret = krb5_cc_default(context, &id); + if(ret == 0) { + ret = krb5_cc_get_principal(context, id, &default_client); + if(ret) { + krb5_cc_close(context, id); + id = NULL; + } + } + + if(client == NULL) + client = default_client; + if(client == NULL) { + const char *user; + + user = get_default_username (); + + if(user == NULL) + return KADM5_FAILURE; + ret = krb5_make_principal(context, &client, + NULL, user, "admin", NULL); + if(ret) + return ret; + } + if(client != default_client) { + krb5_free_principal(context, default_client); + default_client = NULL; + if (id != NULL) { + krb5_cc_close(context, id); + id = NULL; + } + } + } else if(ccache != NULL) + id = ccache; + + + if(id && (default_client == NULL || + krb5_principal_compare(context, client, default_client))) { + ret = get_kadm_ticket(context, id, client, server_name); + if(ret == 0) { + *ret_cache = id; + krb5_free_principal(context, default_client); + if (default_client != client) + krb5_free_principal(context, client); + return 0; + } + if(ccache != NULL) + /* couldn't get ticket from cache */ + return -1; + } + /* get creds via AS request */ + if(id) + krb5_cc_close(context, id); + if (client != default_client) + krb5_free_principal(context, default_client); + + ret = get_new_cache(context, client, password, prompter, keytab, + server_name, ret_cache); + krb5_free_principal(context, client); + return ret; +} + +static kadm5_ret_t +kadm5_c_init_with_context(krb5_context context, + const char *client_name, + const char *password, + krb5_prompter_fct prompter, + const char *keytab, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + kadm5_ret_t ret; + kadm5_client_context *ctx; + krb5_principal server; + krb5_ccache cc; + int s; + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + char portstr[NI_MAXSERV]; + char *hostname, *slash; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + ret = _kadm5_c_init_context(&ctx, realm_params, context); + if(ret) + return ret; + + snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port)); + + hostname = ctx->admin_server; + slash = strchr (hostname, '/'); + if (slash != NULL) + hostname = slash + 1; + + error = getaddrinfo (hostname, portstr, &hints, &ai); + if (error) + return KADM5_BAD_SERVER_NAME; + + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + krb5_warn (context, errno, "connect(%s)", hostname); + close (s); + continue; + } + break; + } + if (a == NULL) { + freeaddrinfo (ai); + krb5_warnx (context, "failed to contact %s", hostname); + return KADM5_FAILURE; + } + ret = get_cred_cache(context, client_name, service_name, + password, prompter, keytab, ccache, &cc); + + if(ret) { + freeaddrinfo (ai); + close(s); + return ret; + } + ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server); + if(ret) { + freeaddrinfo (ai); + if(ccache == NULL) + krb5_cc_close(context, cc); + close(s); + return ret; + } + ctx->ac = NULL; + + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, + NULL, NULL, cc, NULL, NULL, NULL); + if(ret == 0) { + krb5_data params, enc_data; + ret = _kadm5_marshal_params(context, realm_params, ¶ms); + + ret = krb5_mk_priv(context, + ctx->ac, + ¶ms, + &enc_data, + NULL); + + ret = krb5_write_message(context, &s, &enc_data); + + krb5_data_free(¶ms); + krb5_data_free(&enc_data); + } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) { + close(s); + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) { + freeaddrinfo (ai); + return errno; + } + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + close (s); + freeaddrinfo (ai); + return errno; + } + freeaddrinfo (ai); + + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_OLD_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, + NULL, NULL, cc, NULL, NULL, NULL); + } + freeaddrinfo (ai); + if(ret) { + close(s); + return ret; + } + + krb5_free_principal(context, server); + if(ccache == NULL) + krb5_cc_close(context, cc); + if(ret) { + close(s); + return ret; + } + ctx->sock = s; + *server_handle = ctx; + return 0; +} + +static kadm5_ret_t +init_context(const char *client_name, + const char *password, + krb5_prompter_fct prompter, + const char *keytab, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + krb5_context context; + kadm5_ret_t ret; + kadm5_server_context *ctx; + + krb5_init_context(&context); + ret = kadm5_c_init_with_context(context, + client_name, + password, + prompter, + keytab, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); + if(ret){ + krb5_free_context(context); + return ret; + } + ctx = *server_handle; + ctx->my_context = 1; + return 0; +} + +kadm5_ret_t +kadm5_c_init_with_password_ctx(krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_context(context, + client_name, + password, + krb5_prompter_posix, + NULL, + NULL, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_c_init_with_password(const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return init_context(client_name, + password, + krb5_prompter_posix, + NULL, + NULL, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_c_init_with_skey_ctx(krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_context(context, + client_name, + NULL, + NULL, + keytab, + NULL, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + + +kadm5_ret_t +kadm5_c_init_with_skey(const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return init_context(client_name, + NULL, + NULL, + keytab, + NULL, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_c_init_with_creds_ctx(krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_c_init_with_context(context, + client_name, + NULL, + NULL, + NULL, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_c_init_with_creds(const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return init_context(client_name, + NULL, + NULL, + NULL, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +#if 0 +kadm5_ret_t +kadm5_init(char *client_name, char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ +} +#endif + diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c new file mode 100644 index 0000000..6c1f3d1 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/init_s.c @@ -0,0 +1,232 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: init_s.c,v 1.9 1999/12/02 17:05:06 joda Exp $"); + + +static kadm5_ret_t +kadm5_s_init_with_context(krb5_context context, + const char *client_name, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + kadm5_ret_t ret; + kadm5_server_context *ctx; + ret = _kadm5_s_init_context(&ctx, realm_params, context); + if(ret) + return ret; + + assert(ctx->config.dbname != NULL); + assert(ctx->config.stash_file != NULL); + assert(ctx->config.acl_file != NULL); + assert(ctx->log_context.log_file != NULL); + assert(ctx->log_context.socket_name.sun_path[0] != '\0'); + + ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname); + if(ret) + return ret; + ret = hdb_set_master_keyfile (ctx->context, + ctx->db, ctx->config.stash_file); + if(ret) + return ret; + + ctx->log_context.log_fd = -1; + + ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0); + + ret = krb5_parse_name(ctx->context, client_name, &ctx->caller); + if(ret) + return ret; + + ret = _kadm5_acl_init(ctx); + if(ret) + return ret; + + *server_handle = ctx; + return 0; +} + +kadm5_ret_t +kadm5_s_init_with_password_ctx(krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_context(context, + client_name, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_s_init_with_password(const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + krb5_context context; + kadm5_ret_t ret; + kadm5_server_context *ctx; + + krb5_init_context(&context); + ret = kadm5_s_init_with_password_ctx(context, + client_name, + password, + service_name, + realm_params, + struct_version, + api_version, + server_handle); + if(ret){ + krb5_free_context(context); + return ret; + } + ctx = *server_handle; + ctx->my_context = 1; + return 0; +} + +kadm5_ret_t +kadm5_s_init_with_skey_ctx(krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_context(context, + client_name, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_s_init_with_skey(const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + krb5_context context; + kadm5_ret_t ret; + kadm5_server_context *ctx; + + krb5_init_context(&context); + ret = kadm5_s_init_with_skey_ctx(context, + client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, + server_handle); + if(ret){ + krb5_free_context(context); + return ret; + } + ctx = *server_handle; + ctx->my_context = 1; + return 0; +} + +kadm5_ret_t +kadm5_s_init_with_creds_ctx(krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_context(context, + client_name, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_s_init_with_creds(const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + krb5_context context; + kadm5_ret_t ret; + kadm5_server_context *ctx; + + krb5_init_context(&context); + ret = kadm5_s_init_with_creds_ctx(context, + client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); + if(ret){ + krb5_free_context(context); + return ret; + } + ctx = *server_handle; + ctx->my_context = 1; + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h new file mode 100644 index 0000000..499f515 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/iprop.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1998-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: iprop.h,v 1.4 1999/12/02 17:05:06 joda Exp $ */ + +#ifndef __IPROP_H__ +#define __IPROP_H__ + +#include "kadm5_locl.h" +#include <getarg.h> +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#define IPROP_VERSION "iprop-0.0" + +#define KADM5_SLAVE_ACL HDB_DB_DIR "/slaves" + +#define IPROP_NAME "iprop" + +enum iprop_cmd { I_HAVE = 1, FOR_YOU = 2 }; + +#endif /* __IPROP_H__ */ diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c new file mode 100644 index 0000000..b2e71a7 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -0,0 +1,422 @@ +/* + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "iprop.h" + +RCSID("$Id: ipropd_master.c,v 1.12 1999/12/02 17:05:06 joda Exp $"); + +static int +make_signal_socket (krb5_context context) +{ + struct sockaddr_un addr; + int fd; + + fd = socket (AF_UNIX, SOCK_DGRAM, 0); + if (fd < 0) + krb5_err (context, 1, errno, "socket AF_UNIX"); + memset (&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strncpy (addr.sun_path, KADM5_LOG_SIGNAL, sizeof(addr.sun_path)); + addr.sun_path[sizeof(addr.sun_path) - 1] = '\0'; + unlink (addr.sun_path); + if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) + krb5_err (context, 1, errno, "bind %s", addr.sun_path); + return fd; +} + +static int +make_listen_socket (krb5_context context) +{ + int fd; + int one = 1; + struct sockaddr_in addr; + + fd = socket (AF_INET, SOCK_STREAM, 0); + if (fd < 0) + krb5_err (context, 1, errno, "socket AF_INET"); + setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(4711); + if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) + krb5_err (context, 1, errno, "bind"); + if (listen(fd, SOMAXCONN) < 0) + krb5_err (context, 1, errno, "listen"); + return fd; +} + +struct slave { + int fd; + struct sockaddr_in addr; + char *name; + krb5_auth_context ac; + u_int32_t version; + struct slave *next; +}; + +typedef struct slave slave; + +static int +check_acl (krb5_context context, const char *name) +{ + FILE *fp; + char buf[256]; + int ret = 1; + + fp = fopen (KADM5_SLAVE_ACL, "r"); + if (fp == NULL) + return 1; + while (fgets(buf, sizeof(buf), fp) != NULL) { + if (buf[strlen(buf) - 1 ] == '\n') + buf[strlen(buf) - 1 ] = '\0'; + if (strcmp (buf, name) == 0) { + ret = 0; + break; + } + } + fclose (fp); + return ret; +} + +static void +add_slave (krb5_context context, slave **root, int fd) +{ + krb5_principal server; + krb5_error_code ret; + slave *s; + int addr_len; + krb5_ticket *ticket = NULL; + char hostname[128]; + + s = malloc(sizeof(*s)); + if (s == NULL) { + krb5_warnx (context, "add_slave: no memory"); + return; + } + s->name = NULL; + s->ac = NULL; + + addr_len = sizeof(s->addr); + s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len); + if (s->fd < 0) { + krb5_warn (context, errno, "accept"); + goto error; + } + gethostname(hostname, sizeof(hostname)); + ret = krb5_sname_to_principal (context, hostname, IPROP_NAME, + KRB5_NT_SRV_HST, &server); + if (ret) { + krb5_warn (context, ret, "krb5_sname_to_principal"); + goto error; + } + + ret = krb5_recvauth (context, &s->ac, &s->fd, + IPROP_VERSION, server, 0, NULL, &ticket); + krb5_free_principal (context, server); + if (ret) { + krb5_warn (context, ret, "krb5_recvauth"); + goto error; + } + ret = krb5_unparse_name (context, ticket->client, &s->name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + goto error; + } + if (check_acl (context, s->name)) { + krb5_warnx (context, "%s not in acl", s->name); + goto error; + } + krb5_free_ticket (context, ticket); + printf ("connection from %s\n", s->name); + + s->version = 0; + s->next = *root; + *root = s; + return; +error: + if (s->name) + free (s->name); + if (s->ac) + krb5_auth_con_free(context, s->ac); + if (ticket) + krb5_free_ticket (context, ticket); + close (s->fd); + free(s); +} + +static void +remove_slave (krb5_context context, slave *s, slave **root) +{ + slave **p; + + close (s->fd); + free (s->name); + krb5_auth_con_free (context, s->ac); + + for (p = root; *p; p = &(*p)->next) + if (*p == s) { + *p = s->next; + break; + } + free (s); +} + +static int +send_complete (krb5_context context, slave *s) +{ + abort (); +} + +static int +send_diffs (krb5_context context, slave *s, int log_fd, + u_int32_t current_version) +{ + krb5_storage *sp, *data_sp; + u_int32_t ver; + time_t timestamp; + enum kadm_ops op; + u_int32_t len; + off_t right, left; + krb5_data data; + krb5_data priv_data; + int ret = 0; + + if (s->version == current_version) + return 0; + + sp = kadm5_log_goto_end (log_fd); + right = sp->seek(sp, 0, SEEK_CUR); + printf ("%ld, looking for %d\n", (long)right, s->version); + for (;;) { + if (kadm5_log_previous (sp, &ver, ×tamp, &op, &len)) + abort (); + printf ("version = %d\n", ver); + left = sp->seek(sp, -16, SEEK_CUR); + if (ver == s->version) + return 0; + if (ver == s->version + 1) + break; + if (left == 0) + return send_complete (context, s); + } + krb5_data_alloc (&data, right - left + 4); + sp->fetch (sp, (char *)data.data + 4, data.length - 4); + krb5_storage_free(sp); + + _krb5_put_int(data.data, FOR_YOU, 4); + + ret = krb5_mk_priv (context, s->ac, &data, &priv_data, NULL); + krb5_data_free(&data); + if (ret) { + krb5_warn (context, ret, "krb_mk_priv"); + return 0; + } + + ret = krb5_write_message (context, &s->fd, &priv_data); + krb5_data_free (&priv_data); + if (ret) { + krb5_warn (context, ret, "krb5_write_message"); + return 1; + } + return 0; +} + +static int +process_msg (krb5_context context, slave *s, int log_fd, + u_int32_t current_version) +{ + int ret = 0; + krb5_data in, out; + krb5_storage *sp; + int32_t tmp; + + ret = krb5_read_message (context, &s->fd, &in); + if (ret) + return 1; + + if(in.length == 0) { + krb5_warnx(context, "process_msg: short message"); + return 1; + } + + ret = krb5_rd_priv (context, s->ac, &in, &out, NULL); + krb5_data_free (&in); + if (ret) { + krb5_warn (context, ret, "krb5_rd_priv"); + return 1; + } + + sp = krb5_storage_from_mem (out.data, out.length); + krb5_ret_int32 (sp, &tmp); + switch (tmp) { + case I_HAVE : + krb5_ret_int32 (sp, &tmp); + s->version = tmp; + ret = send_diffs (context, s, log_fd, current_version); + break; + case FOR_YOU : + default : + krb5_warnx (context, "Ignoring command %d", tmp); + break; + } + + krb5_data_free (&out); + return ret; +} + +char *realm; +int version_flag; +int help_flag; +struct getargs args[] = { + { "realm", 'r', arg_string, &realm }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + void *kadm_handle; + kadm5_server_context *server_context; + kadm5_config_params conf; + int signal_fd, listen_fd; + int log_fd; + slave *slaves = NULL; + u_int32_t current_version, old_version = 0; + + int optind; + + optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + memset(&conf, 0, sizeof(conf)); + if(realm) { + conf.mask |= KADM5_CONFIG_REALM; + conf.realm = realm; + } + ret = kadm5_init_with_password_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if (ret) + krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); + + server_context = (kadm5_server_context *)kadm_handle; + + log_fd = open (server_context->log_context.log_file, O_RDONLY, 0); + if (log_fd < 0) + krb5_err (context, 1, errno, "open %s", + server_context->log_context.log_file); + + signal_fd = make_signal_socket (context); + listen_fd = make_listen_socket (context); + + for (;;) { + slave *p; + fd_set readset; + int max_fd = 0; + struct timeval to = {30, 0}; + u_int32_t vers; + + FD_ZERO(&readset); + FD_SET(signal_fd, &readset); + max_fd = max(max_fd, signal_fd); + FD_SET(listen_fd, &readset); + max_fd = max(max_fd, listen_fd); + + for (p = slaves; p != NULL; p = p->next) { + FD_SET(p->fd, &readset); + max_fd = max(max_fd, p->fd); + } + + ret = select (max_fd + 1, + &readset, NULL, NULL, &to); + if (ret < 0) { + if (errno == EINTR) + continue; + else + krb5_err (context, 1, errno, "select"); + } + + if (ret == 0) { + old_version = current_version; + kadm5_log_get_version (log_fd, ¤t_version); + + if (current_version > old_version) + for (p = slaves; p != NULL; p = p->next) + send_diffs (context, p, log_fd, current_version); + } + + if (ret && FD_ISSET(signal_fd, &readset)) { + struct sockaddr_un peer_addr; + int peer_len = sizeof(peer_addr); + + if(recvfrom(signal_fd, &vers, sizeof(vers), 0, + (struct sockaddr *)&peer_addr, &peer_len) < 0) { + krb5_warn (context, errno, "recvfrom"); + continue; + } + printf ("signal: %u\n", vers); + --ret; + old_version = current_version; + kadm5_log_get_version (log_fd, ¤t_version); + for (p = slaves; p != NULL; p = p->next) + send_diffs (context, p, log_fd, current_version); + } + + for(p = slaves; p != NULL && ret--; p = p->next) + if (FD_ISSET(p->fd, &readset)) { + if(process_msg (context, p, log_fd, current_version)) + remove_slave (context, p, &slaves); + } + + if (ret && FD_ISSET(listen_fd, &readset)) { + add_slave (context, &slaves, listen_fd); + --ret; + } + + } + + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c new file mode 100644 index 0000000..76884eb --- /dev/null +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -0,0 +1,313 @@ +/* + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "iprop.h" + +RCSID("$Id: ipropd_slave.c,v 1.10 1999/12/02 17:05:06 joda Exp $"); + +static int +connect_to_master (krb5_context context, const char *master) +{ + int fd; + struct sockaddr_in addr; + struct hostent *he; + + fd = socket (AF_INET, SOCK_STREAM, 0); + if (fd < 0) + krb5_err (context, 1, errno, "socket AF_INET"); + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(4711); + he = roken_gethostbyname (master); + if (he == NULL) + krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno)); + memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr)); + if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) + krb5_err (context, 1, errno, "connect"); + return fd; +} + +static void +get_creds(krb5_context context, krb5_ccache *cache, const char *host) +{ + krb5_keytab keytab; + krb5_principal client; + krb5_error_code ret; + krb5_get_init_creds_opt init_opts; +#if 0 + krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP; +#endif + krb5_creds creds; + char my_hostname[128]; + char *server; + + ret = krb5_kt_default(context, &keytab); + if(ret) krb5_err(context, 1, ret, "krb5_kt_default"); + + gethostname (my_hostname, sizeof(my_hostname)); + ret = krb5_sname_to_principal (context, my_hostname, IPROP_NAME, + KRB5_NT_SRV_HST, &client); + if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal"); + + krb5_get_init_creds_opt_init(&init_opts); +#if 0 + krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1); +#endif + + asprintf (&server, "%s/%s", IPROP_NAME, host); + if (server == NULL) + krb5_errx (context, 1, "malloc: no memory"); + + ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, + 0, server, &init_opts); + free (server); + if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); + + ret = krb5_kt_close(context, keytab); + if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); + + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache); + if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); + + ret = krb5_cc_initialize(context, *cache, client); + if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_cc_store_cred(context, *cache, &creds); + if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred"); +} + +static void +ihave (krb5_context context, krb5_auth_context auth_context, + int fd, u_int32_t version) +{ + int ret; + u_char buf[8]; + krb5_storage *sp; + krb5_data data, priv_data; + + sp = krb5_storage_from_mem (buf, 8); + krb5_store_int32 (sp, I_HAVE); + krb5_store_int32 (sp, version); + krb5_storage_free (sp); + data.length = 8; + data.data = buf; + + ret = krb5_mk_priv (context, auth_context, &data, &priv_data, NULL); + if (ret) + krb5_err (context, 1, ret, "krb_mk_priv"); + + ret = krb5_write_message (context, &fd, &priv_data); + if (ret) + krb5_err (context, 1, ret, "krb5_write_message"); + + krb5_data_free (&priv_data); +} + +static void +receive (krb5_context context, + krb5_storage *sp, + kadm5_server_context *server_context) +{ + int ret; + off_t left, right; + void *buf; + int32_t vers; + + ret = server_context->db->open(context, + server_context->db, + O_RDWR | O_CREAT, 0); + if (ret) + krb5_err (context, 1, ret, "db->open"); + + do { + int32_t len, timestamp, tmp; + enum kadm_ops op; + + if(krb5_ret_int32 (sp, &vers) != 0) + return; + krb5_ret_int32 (sp, ×tamp); + krb5_ret_int32 (sp, &tmp); + op = tmp; + krb5_ret_int32 (sp, &len); + if (vers <= server_context->log_context.version) + sp->seek(sp, len, SEEK_CUR); + } while(vers <= server_context->log_context.version); + + left = sp->seek (sp, -16, SEEK_CUR); + right = sp->seek (sp, 0, SEEK_END); + buf = malloc (right - left); + if (buf == NULL) { + krb5_warnx (context, "malloc: no memory"); + return; + } + sp->seek (sp, left, SEEK_SET); + sp->fetch (sp, buf, right - left); + write (server_context->log_context.log_fd, buf, right-left); + fsync (server_context->log_context.log_fd); + free (buf); + + sp->seek (sp, left, SEEK_SET); + + for(;;) { + int32_t len, timestamp, tmp; + enum kadm_ops op; + + if(krb5_ret_int32 (sp, &vers) != 0) + break; + krb5_ret_int32 (sp, ×tamp); + krb5_ret_int32 (sp, &tmp); + op = tmp; + krb5_ret_int32 (sp, &len); + + ret = kadm5_log_replay (server_context, + op, vers, len, sp); + if (ret) + krb5_warn (context, ret, "kadm5_log_replay"); + else + server_context->log_context.version = vers; + sp->seek (sp, 8, SEEK_CUR); + } + + ret = server_context->db->close (context, server_context->db); + if (ret) + krb5_err (context, 1, ret, "db->close"); +} + +char *realm; +int version_flag; +int help_flag; +struct getargs args[] = { + { "realm", 'r', arg_string, &realm }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_auth_context auth_context; + void *kadm_handle; + kadm5_server_context *server_context; + kadm5_config_params conf; + int master_fd; + krb5_ccache ccache; + krb5_principal server; + + int optind; + + optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + memset(&conf, 0, sizeof(conf)); + if(realm) { + conf.mask |= KADM5_CONFIG_REALM; + conf.realm = realm; + } + ret = kadm5_init_with_password_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if (ret) + krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); + + server_context = (kadm5_server_context *)kadm_handle; + + ret = kadm5_log_init (server_context); + if (ret) + krb5_err (context, 1, ret, "kadm5_log_init"); + + get_creds(context, &ccache, argv[1]); + + master_fd = connect_to_master (context, argv[1]); + + ret = krb5_sname_to_principal (context, argv[1], IPROP_NAME, + KRB5_NT_SRV_HST, &server); + if (ret) + krb5_err (context, 1, ret, "krb5_sname_to_principal"); + + auth_context = NULL; + ret = krb5_sendauth (context, &auth_context, &master_fd, + IPROP_VERSION, NULL, server, + AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, + ccache, NULL, NULL, NULL); + if (ret) + krb5_err (context, 1, ret, "krb5_sendauth"); + + ihave (context, auth_context, master_fd, + server_context->log_context.version); + + for (;;) { + int ret; + krb5_data data, out; + krb5_storage *sp; + int32_t tmp; + + ret = krb5_read_message (context, &master_fd, &data); + if (ret) + krb5_err (context, 1, ret, "krb5_read_message"); + + ret = krb5_rd_priv (context, auth_context, &data, &out, NULL); + krb5_data_free (&data); + if (ret) + krb5_err (context, 1, ret, "krb5_rd_priv"); + + sp = krb5_storage_from_mem (out.data, out.length); + krb5_ret_int32 (sp, &tmp); + switch (tmp) { + case FOR_YOU : + receive (context, sp, server_context); + ihave (context, auth_context, master_fd, + server_context->log_context.version); + break; + case I_HAVE : + default : + krb5_warnx (context, "Ignoring command %d", tmp); + break; + } + krb5_storage_free (sp); + krb5_data_free (&out); + } + + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et new file mode 100644 index 0000000..506a554 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/kadm5_err.et @@ -0,0 +1,59 @@ +# +# Error messages for the kadm5 library +# +# This might look like a com_err file, but is not +# +id "$Id: kadm5_err.et,v 1.4 1998/02/16 16:37:17 joda Exp $" + +error_table ovk kadm5 + +prefix KADM5 +error_code FAILURE, "Operation failed for unspecified reason" +error_code AUTH_GET, "Operation requires `get' privilege" +error_code AUTH_ADD, "Operation requires `add' privilege" +error_code AUTH_MODIFY, "Operation requires `modify' privilege" +error_code AUTH_DELETE, "Operation requires `delete' privilege" +error_code AUTH_INSUFFICIENT, "Insufficient authorization for operation" +error_code BAD_DB, "Database inconsistency detected" +error_code DUP, "Principal or policy already exists" +error_code RPC_ERROR, "Communication failure with server" +error_code NO_SRV, "No administration server found for realm" +error_code BAD_HIST_KEY, "Password history principal key version mismatch" +error_code NOT_INIT, "Connection to server not initialized" +error_code UNK_PRINC, "Principal does not exist" +error_code UNK_POLICY, "Policy does not exist" +error_code BAD_MASK, "Invalid field mask for operation" +error_code BAD_CLASS, "Invalid number of character classes" +error_code BAD_LENGTH, "Invalid password length" +error_code BAD_POLICY, "Invalid policy name" +error_code BAD_PRINCIPAL, "Invalid principal name." +error_code BAD_AUX_ATTR, "Invalid auxillary attributes" +error_code BAD_HISTORY, "Invalid password history count" +error_code BAD_MIN_PASS_LIFE, "Password minimum life is greater then password maximum life" +error_code PASS_Q_TOOSHORT, "Password is too short" +error_code PASS_Q_CLASS, "Password does not contain enough character classes" +error_code PASS_Q_DICT, "Password is in the password dictionary" +error_code PASS_REUSE, "Can't resuse password" +error_code PASS_TOOSOON, "Current password's minimum life has not expired" +error_code POLICY_REF, "Policy is in use" +error_code INIT, "Connection to server already initialized" +error_code BAD_PASSWORD, "Incorrect password" +error_code PROTECT_PRINCIPAL, "Can't change protected principal" +error_code BAD_SERVER_HANDLE, "Programmer error! Bad Admin server handle" +error_code BAD_STRUCT_VERSION, "Programmer error! Bad API structure version" +error_code OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported" +error_code NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries" +error_code BAD_API_VERSION, "Programmer error! Bad API version" +error_code OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries" +error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server" +error_code NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries" +error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server" +error_code SECURE_PRINC_MISSING,"Database error! Required principal missing" +error_code NO_RENAME_SALT, "The salt type of the specified principal does not support renaming" +error_code BAD_CLIENT_PARAMS, "Invalid configuration parameter for remote KADM5 client" +error_code BAD_SERVER_PARAMS, "Invalid configuration parameter for local KADM5 client." +error_code AUTH_LIST, "Operation requires `list' privilege" +error_code AUTH_CHANGEPW, "Operation requires `change-password' privilege" +error_code BAD_TL_TYPE, "Programmer error! Invalid tagged data list element type" +error_code MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing" +error_code BAD_SERVER_NAME, "Bad krb5 admin server hostname" diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h new file mode 100644 index 0000000..9344a2c --- /dev/null +++ b/crypto/heimdal/lib/kadm5/kadm5_locl.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm5_locl.h,v 1.21 1999/12/02 17:05:06 joda Exp $ */ + +#ifndef __KADM5_LOCL_H__ +#define __KADM5_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#include <fnmatch.h> +#include "admin.h" +#include "kadm5_err.h" +#include <hdb.h> +#include <roken.h> +#include <parse_units.h> +#include "private.h" + +#endif /* __KADM5_LOCL_H__ */ diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c new file mode 100644 index 0000000..e9dc38c --- /dev/null +++ b/crypto/heimdal/lib/kadm5/log.c @@ -0,0 +1,666 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: log.c,v 1.13 1999/12/04 19:50:35 assar Exp $"); + +/* + * A log record consists of: + * + * version number 4 bytes + * time in seconds 4 bytes + * operation (enum kadm_ops) 4 bytes + * length of record 4 bytes + * data... n bytes + * length of record 4 bytes + * version number 4 bytes + * + */ + +kadm5_ret_t +kadm5_log_get_version (int fd, + u_int32_t *ver) +{ + int ret; + krb5_storage *sp; + int32_t old_version; + + ret = lseek (fd, 0, SEEK_END); + if(ret < 0) + return errno; + if(ret == 0) { + *ver = 0; + return 0; + } + sp = krb5_storage_from_fd (fd); + sp->seek(sp, -4, SEEK_CUR); + krb5_ret_int32 (sp, &old_version); + *ver = old_version; + krb5_storage_free(sp); + lseek (fd, 0, SEEK_END); + return 0; +} + +kadm5_ret_t +kadm5_log_init (kadm5_server_context *context) +{ + int fd; + kadm5_ret_t ret; + kadm5_log_context *log_context = &context->log_context; + + if (log_context->log_fd != -1) + return 0; + fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600); + if (fd < 0) + return errno; + if (flock (fd, LOCK_EX) < 0) { + close (fd); + return errno; + } + + ret = kadm5_log_get_version (fd, &log_context->version); + if (ret) + return ret; + + log_context->log_fd = fd; + return 0; +} + +kadm5_ret_t +kadm5_log_end (kadm5_server_context *context) +{ + kadm5_log_context *log_context = &context->log_context; + int fd = log_context->log_fd; + + flock (fd, LOCK_UN); + close(fd); + log_context->log_fd = -1; + return 0; +} + +static kadm5_ret_t +kadm5_log_preamble (kadm5_server_context *context, + krb5_storage *sp, + enum kadm_ops op) +{ + kadm5_log_context *log_context = &context->log_context; + kadm5_ret_t kadm_ret; + + kadm_ret = kadm5_log_init (context); + if (kadm_ret) + return kadm_ret; + + krb5_store_int32 (sp, ++log_context->version); + krb5_store_int32 (sp, time(NULL)); + krb5_store_int32 (sp, op); + return 0; +} + +static kadm5_ret_t +kadm5_log_postamble (kadm5_log_context *context, + krb5_storage *sp) +{ + krb5_store_int32 (sp, context->version); + return 0; +} + +/* + * flush the log record in `sp'. + */ + +static kadm5_ret_t +kadm5_log_flush (kadm5_log_context *log_context, + krb5_storage *sp) +{ + krb5_data data; + size_t len; + int ret; + + krb5_storage_to_data(sp, &data); + len = data.length; + ret = write (log_context->log_fd, data.data, len); + if (ret != len) { + krb5_data_free(&data); + return errno; + } + if (fsync (log_context->log_fd) < 0) { + krb5_data_free(&data); + return errno; + } + /* + * Try to send a signal to any running `ipropd-master' + */ + sendto (log_context->socket_fd, + (void *)&log_context->version, + sizeof(log_context->version), + 0, + (struct sockaddr *)&log_context->socket_name, + sizeof(log_context->socket_name)); + + krb5_data_free(&data); + return 0; +} + +/* + * Add a `create' operation to the log. + */ + +kadm5_ret_t +kadm5_log_create (kadm5_server_context *context, + hdb_entry *ent) +{ + krb5_storage *sp; + kadm5_ret_t ret; + krb5_data value; + kadm5_log_context *log_context = &context->log_context; + + sp = krb5_storage_emem(); + ret = hdb_entry2value (context->context, ent, &value); + if (ret) { + krb5_storage_free(sp); + return ret; + } + ret = kadm5_log_preamble (context, sp, kadm_create); + if (ret) { + krb5_data_free (&value); + krb5_storage_free(sp); + return ret; + } + krb5_store_int32 (sp, value.length); + sp->store(sp, value.data, value.length); + krb5_store_int32 (sp, value.length); + krb5_data_free (&value); + ret = kadm5_log_postamble (log_context, sp); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_flush (log_context, sp); + krb5_storage_free (sp); + if (ret) + return ret; + ret = kadm5_log_end (context); + return ret; +} + +/* + * Read the data of a create log record from `sp' and change the + * database. + */ + +kadm5_ret_t +kadm5_log_replay_create (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + krb5_error_code ret; + krb5_data data; + hdb_entry ent; + + krb5_data_alloc (&data, len); + sp->fetch (sp, data.data, len); + ret = hdb_value2entry (context->context, &data, &ent); + krb5_data_free(&data); + if (ret) + return ret; + ret = context->db->store(context->context, context->db, 0, &ent); + hdb_free_entry (context->context, &ent); + return ret; +} + +/* + * Add a `delete' operation to the log. + */ + +kadm5_ret_t +kadm5_log_delete (kadm5_server_context *context, + krb5_principal princ) +{ + krb5_storage *sp; + kadm5_ret_t ret; + off_t off; + off_t len; + kadm5_log_context *log_context = &context->log_context; + + sp = krb5_storage_emem(); + ret = kadm5_log_preamble (context, sp, kadm_delete); + if (ret) { + krb5_storage_free(sp); + return ret; + } + krb5_store_int32 (sp, 0); + off = sp->seek (sp, 0, SEEK_CUR); + krb5_store_principal (sp, princ); + len = sp->seek (sp, 0, SEEK_CUR) - off; + sp->seek(sp, -(len + 4), SEEK_CUR); + krb5_store_int32 (sp, len); + sp->seek(sp, len, SEEK_CUR); + krb5_store_int32 (sp, len); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_postamble (log_context, sp); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_flush (log_context, sp); + krb5_storage_free (sp); + if (ret) + return ret; + ret = kadm5_log_end (context); + return ret; +} + +/* + * Read a `delete' log operation from `sp' and apply it. + */ + +kadm5_ret_t +kadm5_log_replay_delete (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + krb5_error_code ret; + hdb_entry ent; + + krb5_ret_principal (sp, &ent.principal); + + ret = context->db->remove(context->context, context->db, &ent); + krb5_free_principal (context->context, ent.principal); + return ret; +} + +/* + * Add a `rename' operation to the log. + */ + +kadm5_ret_t +kadm5_log_rename (kadm5_server_context *context, + krb5_principal source, + hdb_entry *ent) +{ + krb5_storage *sp; + kadm5_ret_t ret; + off_t off; + off_t len; + krb5_data value; + kadm5_log_context *log_context = &context->log_context; + + sp = krb5_storage_emem(); + ret = hdb_entry2value (context->context, ent, &value); + if (ret) { + krb5_storage_free(sp); + return ret; + } + ret = kadm5_log_preamble (context, sp, kadm_rename); + if (ret) { + krb5_storage_free(sp); + krb5_data_free (&value); + return ret; + } + krb5_store_int32 (sp, 0); + off = sp->seek (sp, 0, SEEK_CUR); + krb5_store_principal (sp, source); + sp->store(sp, value.data, value.length); + krb5_data_free (&value); + len = sp->seek (sp, 0, SEEK_CUR) - off; + + sp->seek(sp, -(len + 4), SEEK_CUR); + krb5_store_int32 (sp, len); + sp->seek(sp, len, SEEK_CUR); + krb5_store_int32 (sp, len); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_postamble (log_context, sp); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_flush (log_context, sp); + krb5_storage_free (sp); + if (ret) + return ret; + ret = kadm5_log_end (context); + return ret; +} + +/* + * Read a `rename' log operation from `sp' and apply it. + */ + +kadm5_ret_t +kadm5_log_replay_rename (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + krb5_error_code ret; + krb5_principal source; + hdb_entry source_ent, target_ent; + krb5_data value; + off_t off; + size_t princ_len, data_len; + + off = sp->seek(sp, 0, SEEK_CUR); + krb5_ret_principal (sp, &source); + princ_len = sp->seek(sp, 0, SEEK_CUR) - off; + data_len = len - princ_len; + krb5_data_alloc (&value, data_len); + sp->fetch (sp, value.data, data_len); + ret = hdb_value2entry (context->context, &value, &target_ent); + krb5_data_free(&value); + if (ret) { + krb5_free_principal (context->context, source); + return ret; + } + ret = context->db->store (context->context, context->db, 0, &target_ent); + hdb_free_entry (context->context, &target_ent); + if (ret) { + krb5_free_principal (context->context, source); + return ret; + } + source_ent.principal = source; + ret = context->db->remove (context->context, context->db, &source_ent); + krb5_free_principal (context->context, source); + return ret; +} + + +/* + * Add a `modify' operation to the log. + */ + +kadm5_ret_t +kadm5_log_modify (kadm5_server_context *context, + hdb_entry *ent, + u_int32_t mask) +{ + krb5_storage *sp; + kadm5_ret_t ret; + krb5_data value; + u_int32_t len; + kadm5_log_context *log_context = &context->log_context; + + sp = krb5_storage_emem(); + ret = hdb_entry2value (context->context, ent, &value); + if (ret) { + krb5_storage_free(sp); + return ret; + } + ret = kadm5_log_preamble (context, sp, kadm_modify); + if (ret) { + krb5_data_free (&value); + krb5_storage_free(sp); + return ret; + } + len = value.length + 4; + krb5_store_int32 (sp, len); + krb5_store_int32 (sp, mask); + sp->store(sp, value.data, value.length); + krb5_data_free (&value); + krb5_store_int32 (sp, len); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_postamble (log_context, sp); + if (ret) { + krb5_storage_free (sp); + return ret; + } + ret = kadm5_log_flush (log_context, sp); + krb5_storage_free (sp); + if (ret) + return ret; + ret = kadm5_log_end (context); + return ret; +} + +/* + * Read a `modify' log operation from `sp' and apply it. + */ + +kadm5_ret_t +kadm5_log_replay_modify (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + krb5_error_code ret; + int32_t mask; + krb5_data value; + hdb_entry ent, log_ent; + + krb5_ret_int32 (sp, &mask); + len -= 4; + krb5_data_alloc (&value, len); + sp->fetch (sp, value.data, len); + ret = hdb_value2entry (context->context, &value, &log_ent); + krb5_data_free(&value); + if (ret) + return ret; + ent.principal = log_ent.principal; + log_ent.principal = NULL; + ret = context->db->fetch(context->context, context->db, + HDB_F_DECRYPT, &ent); + if (ret) + return ret; + if (mask & KADM5_PRINC_EXPIRE_TIME) { + if (ent.valid_end == NULL) + ent.valid_end = malloc(sizeof(*ent.valid_end)); + *ent.valid_end = *log_ent.valid_end; + } + if (mask & KADM5_PW_EXPIRATION) { + if (ent.pw_end == NULL) + ent.pw_end = malloc(sizeof(*ent.pw_end)); + *ent.pw_end = *log_ent.pw_end; + } + if (mask & KADM5_LAST_PWD_CHANGE) { + abort (); /* XXX */ + } + if (mask & KADM5_ATTRIBUTES) { + ent.flags = log_ent.flags; + } + if (mask & KADM5_MAX_LIFE) { + if (ent.max_life == NULL) + ent.max_life = malloc (sizeof(*ent.max_life)); + *ent.max_life = *log_ent.max_life; + } + if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) { + if (ent.modified_by == NULL) { + ent.modified_by = malloc(sizeof(*ent.modified_by)); + } else + free_Event(ent.modified_by); + copy_Event(log_ent.modified_by, ent.modified_by); + } + if (mask & KADM5_KVNO) { + ent.kvno = log_ent.kvno; + } + if (mask & KADM5_MKVNO) { + abort (); /* XXX */ + } + if (mask & KADM5_AUX_ATTRIBUTES) { + abort (); /* XXX */ + } + if (mask & KADM5_POLICY) { + abort (); /* XXX */ + } + if (mask & KADM5_POLICY_CLR) { + abort (); /* XXX */ + } + if (mask & KADM5_MAX_RLIFE) { + if (ent.max_renew == NULL) + ent.max_renew = malloc (sizeof(*ent.max_renew)); + *ent.max_renew = *log_ent.max_renew; + } + if (mask & KADM5_LAST_SUCCESS) { + abort (); /* XXX */ + } + if (mask & KADM5_LAST_FAILED) { + abort (); /* XXX */ + } + if (mask & KADM5_FAIL_AUTH_COUNT) { + abort (); /* XXX */ + } + if (mask & KADM5_KEY_DATA) { + size_t len; + int i; + + for (i = 0; i < ent.keys.len; ++i) + free_Key(&ent.keys.val[i]); + free (ent.keys.val); + + len = log_ent.keys.len; + + ent.keys.len = len; + ent.keys.val = malloc(len * sizeof(*ent.keys.val)); + for (i = 0; i < ent.keys.len; ++i) + copy_Key(&log_ent.keys.val[i], + &ent.keys.val[i]); + } + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); + hdb_free_entry (context->context, &ent); + hdb_free_entry (context->context, &log_ent); + return ret; +} + +/* + * Call `func' for each log record in the log in `context' + */ + +kadm5_ret_t +kadm5_log_foreach (kadm5_server_context *context, + void (*func)(kadm5_server_context *server_context, + u_int32_t ver, + time_t timestamp, + enum kadm_ops op, + u_int32_t len, + krb5_storage *sp)) +{ + int fd = context->log_context.log_fd; + krb5_storage *sp; + + lseek (fd, 0, SEEK_SET); + sp = krb5_storage_from_fd (fd); + for (;;) { + int32_t ver, timestamp, op, len; + + if(krb5_ret_int32 (sp, &ver) != 0) + break; + krb5_ret_int32 (sp, ×tamp); + krb5_ret_int32 (sp, &op); + krb5_ret_int32 (sp, &len); + (*func)(context, ver, timestamp, op, len, sp); + sp->seek(sp, 8, SEEK_CUR); + } + return 0; +} + +/* + * Go to end of log. + */ + +krb5_storage * +kadm5_log_goto_end (int fd) +{ + krb5_storage *sp; + + sp = krb5_storage_from_fd (fd); + sp->seek(sp, 0, SEEK_END); + return sp; +} + +/* + * Return previous log entry. + */ + +kadm5_ret_t +kadm5_log_previous (krb5_storage *sp, + u_int32_t *ver, + time_t *timestamp, + enum kadm_ops *op, + u_int32_t *len) +{ + off_t off; + int32_t tmp; + + sp->seek(sp, -8, SEEK_CUR); + krb5_ret_int32 (sp, &tmp); + *len = tmp; + krb5_ret_int32 (sp, &tmp); + *ver = tmp; + off = 24 + *len; + sp->seek(sp, -off, SEEK_CUR); + krb5_ret_int32 (sp, &tmp); + assert(tmp == *ver); + krb5_ret_int32 (sp, &tmp); + *timestamp = tmp; + krb5_ret_int32 (sp, &tmp); + *op = tmp; + krb5_ret_int32 (sp, &tmp); + assert(tmp == *len); + return 0; +} + +/* + * Replay a record from the log + */ + +kadm5_ret_t +kadm5_log_replay (kadm5_server_context *context, + enum kadm_ops op, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp) +{ + switch (op) { + case kadm_create : + return kadm5_log_replay_create (context, ver, len, sp); + case kadm_delete : + return kadm5_log_replay_delete (context, ver, len, sp); + case kadm_rename : + return kadm5_log_replay_rename (context, ver, len, sp); + case kadm_modify : + return kadm5_log_replay_modify (context, ver, len, sp); + default : + return KADM5_FAILURE; + } +} diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c new file mode 100644 index 0000000..9828837 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/marshall.c @@ -0,0 +1,330 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: marshall.c,v 1.6 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +kadm5_store_key_data(krb5_storage *sp, + krb5_key_data *key) +{ + krb5_data c; + krb5_store_int32(sp, key->key_data_ver); + krb5_store_int32(sp, key->key_data_kvno); + krb5_store_int32(sp, key->key_data_type[0]); + c.length = key->key_data_length[0]; + c.data = key->key_data_contents[0]; + krb5_store_data(sp, c); + krb5_store_int32(sp, key->key_data_type[1]); + c.length = key->key_data_length[1]; + c.data = key->key_data_contents[1]; + krb5_store_data(sp, c); + return 0; +} + +kadm5_ret_t +kadm5_ret_key_data(krb5_storage *sp, + krb5_key_data *key) +{ + krb5_data c; + int32_t tmp; + krb5_ret_int32(sp, &tmp); + key->key_data_ver = tmp; + krb5_ret_int32(sp, &tmp); + key->key_data_kvno = tmp; + krb5_ret_int32(sp, &tmp); + key->key_data_type[0] = tmp; + krb5_ret_data(sp, &c); + key->key_data_length[0] = c.length; + key->key_data_contents[0] = c.data; + krb5_ret_int32(sp, &tmp); + key->key_data_type[1] = tmp; + krb5_ret_data(sp, &c); + key->key_data_length[1] = c.length; + key->key_data_contents[1] = c.data; + return 0; +} + +kadm5_ret_t +kadm5_store_tl_data(krb5_storage *sp, + krb5_tl_data *tl) +{ + krb5_data c; + krb5_store_int32(sp, tl->tl_data_type); + c.length = tl->tl_data_length; + c.data = tl->tl_data_contents; + krb5_store_data(sp, c); + return 0; +} + +kadm5_ret_t +kadm5_ret_tl_data(krb5_storage *sp, + krb5_tl_data *tl) +{ + krb5_data c; + int32_t tmp; + krb5_ret_int32(sp, &tmp); + tl->tl_data_type = tmp; + krb5_ret_data(sp, &c); + tl->tl_data_length = c.length; + tl->tl_data_contents = c.data; + return 0; +} + +static kadm5_ret_t +store_principal_ent(krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + int i; + + if (mask & KADM5_PRINCIPAL) + krb5_store_principal(sp, princ->principal); + if (mask & KADM5_PRINC_EXPIRE_TIME) + krb5_store_int32(sp, princ->princ_expire_time); + if (mask & KADM5_PW_EXPIRATION) + krb5_store_int32(sp, princ->pw_expiration); + if (mask & KADM5_LAST_PWD_CHANGE) + krb5_store_int32(sp, princ->last_pwd_change); + if (mask & KADM5_MAX_LIFE) + krb5_store_int32(sp, princ->max_life); + if (mask & KADM5_MOD_NAME) { + krb5_store_int32(sp, princ->mod_name != NULL); + if(princ->mod_name) + krb5_store_principal(sp, princ->mod_name); + } + if (mask & KADM5_MOD_TIME) + krb5_store_int32(sp, princ->mod_date); + if (mask & KADM5_ATTRIBUTES) + krb5_store_int32(sp, princ->attributes); + if (mask & KADM5_KVNO) + krb5_store_int32(sp, princ->kvno); + if (mask & KADM5_MKVNO) + krb5_store_int32(sp, princ->mkvno); + if (mask & KADM5_POLICY) { + krb5_store_int32(sp, princ->policy != NULL); + if(princ->policy) + krb5_store_string(sp, princ->policy); + } + if (mask & KADM5_AUX_ATTRIBUTES) + krb5_store_int32(sp, princ->aux_attributes); + if (mask & KADM5_MAX_RLIFE) + krb5_store_int32(sp, princ->max_renewable_life); + if (mask & KADM5_LAST_SUCCESS) + krb5_store_int32(sp, princ->last_success); + if (mask & KADM5_LAST_FAILED) + krb5_store_int32(sp, princ->last_failed); + if (mask & KADM5_FAIL_AUTH_COUNT) + krb5_store_int32(sp, princ->fail_auth_count); + if (mask & KADM5_KEY_DATA) { + krb5_store_int32(sp, princ->n_key_data); + for(i = 0; i < princ->n_key_data; i++) + kadm5_store_key_data(sp, &princ->key_data[i]); + } + if (mask & KADM5_TL_DATA) { + krb5_tl_data *tp; + + krb5_store_int32(sp, princ->n_tl_data); + for(tp = princ->tl_data; tp; tp = tp->tl_data_next) + kadm5_store_tl_data(sp, tp); + } + return 0; +} + + +kadm5_ret_t +kadm5_store_principal_ent(krb5_storage *sp, + kadm5_principal_ent_t princ) +{ + return store_principal_ent (sp, princ, ~0); +} + +kadm5_ret_t +kadm5_store_principal_ent_mask(krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + krb5_store_int32(sp, mask); + return store_principal_ent (sp, princ, mask); +} + +static kadm5_ret_t +ret_principal_ent(krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + int i; + int32_t tmp; + + if (mask & KADM5_PRINCIPAL) + krb5_ret_principal(sp, &princ->principal); + + if (mask & KADM5_PRINC_EXPIRE_TIME) { + krb5_ret_int32(sp, &tmp); + princ->princ_expire_time = tmp; + } + if (mask & KADM5_PW_EXPIRATION) { + krb5_ret_int32(sp, &tmp); + princ->pw_expiration = tmp; + } + if (mask & KADM5_LAST_PWD_CHANGE) { + krb5_ret_int32(sp, &tmp); + princ->last_pwd_change = tmp; + } + if (mask & KADM5_MAX_LIFE) { + krb5_ret_int32(sp, &tmp); + princ->max_life = tmp; + } + if (mask & KADM5_MOD_NAME) { + krb5_ret_int32(sp, &tmp); + if(tmp) + krb5_ret_principal(sp, &princ->mod_name); + else + princ->mod_name = NULL; + } + if (mask & KADM5_MOD_TIME) { + krb5_ret_int32(sp, &tmp); + princ->mod_date = tmp; + } + if (mask & KADM5_ATTRIBUTES) { + krb5_ret_int32(sp, &tmp); + princ->attributes = tmp; + } + if (mask & KADM5_KVNO) { + krb5_ret_int32(sp, &tmp); + princ->kvno = tmp; + } + if (mask & KADM5_MKVNO) { + krb5_ret_int32(sp, &tmp); + princ->mkvno = tmp; + } + if (mask & KADM5_POLICY) { + krb5_ret_int32(sp, &tmp); + if(tmp) + krb5_ret_string(sp, &princ->policy); + else + princ->policy = NULL; + } + if (mask & KADM5_AUX_ATTRIBUTES) { + krb5_ret_int32(sp, &tmp); + princ->aux_attributes = tmp; + } + if (mask & KADM5_MAX_RLIFE) { + krb5_ret_int32(sp, &tmp); + princ->max_renewable_life = tmp; + } + if (mask & KADM5_LAST_SUCCESS) { + krb5_ret_int32(sp, &tmp); + princ->last_success = tmp; + } + if (mask & KADM5_LAST_FAILED) { + krb5_ret_int32(sp, &tmp); + princ->last_failed = tmp; + } + if (mask & KADM5_FAIL_AUTH_COUNT) { + krb5_ret_int32(sp, &tmp); + princ->fail_auth_count = tmp; + } + if (mask & KADM5_KEY_DATA) { + krb5_ret_int32(sp, &tmp); + princ->n_key_data = tmp; + princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data)); + for(i = 0; i < princ->n_key_data; i++) + kadm5_ret_key_data(sp, &princ->key_data[i]); + } + if (mask & KADM5_TL_DATA) { + krb5_ret_int32(sp, &tmp); + princ->n_tl_data = tmp; + princ->tl_data = NULL; + for(i = 0; i < princ->n_tl_data; i++){ + krb5_tl_data *tp = malloc(sizeof(*tp)); + kadm5_ret_tl_data(sp, tp); + tp->tl_data_next = princ->tl_data; + princ->tl_data = tp; + } + } + return 0; +} + +kadm5_ret_t +kadm5_ret_principal_ent(krb5_storage *sp, + kadm5_principal_ent_t princ) +{ + return ret_principal_ent (sp, princ, ~0); +} + +kadm5_ret_t +kadm5_ret_principal_ent_mask(krb5_storage *sp, + kadm5_principal_ent_t princ, + u_int32_t *mask) +{ + int32_t tmp; + + krb5_ret_int32 (sp, &tmp); + *mask = tmp; + return ret_principal_ent (sp, princ, *mask); +} + +kadm5_ret_t +_kadm5_marshal_params(krb5_context context, + kadm5_config_params *params, + krb5_data *out) +{ + krb5_storage *sp = krb5_storage_emem(); + + krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM)); + + if(params->mask & KADM5_CONFIG_REALM) + krb5_store_string(sp, params->realm); + krb5_storage_to_data(sp, out); + krb5_storage_free(sp); + + return 0; +} + +kadm5_ret_t +_kadm5_unmarshal_params(krb5_context context, + krb5_data *in, + kadm5_config_params *params) +{ + krb5_storage *sp = krb5_storage_from_data(in); + + krb5_ret_int32(sp, ¶ms->mask); + + if(params->mask & KADM5_CONFIG_REALM) + krb5_ret_string(sp, ¶ms->realm); + krb5_storage_free(sp); + + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c new file mode 100644 index 0000000..2a64ccc --- /dev/null +++ b/crypto/heimdal/lib/kadm5/modify_c.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: modify_c.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); + +kadm5_ret_t +kadm5_c_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_modify); + kadm5_store_principal_ent(sp, princ); + krb5_store_int32(sp, mask); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if(ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + krb5_storage_free(sp); + krb5_data_free (&reply); + return tmp; +} + diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c new file mode 100644 index 0000000..4157202 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/modify_s.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: modify_s.c,v 1.9 1999/12/02 17:05:06 joda Exp $"); + +static kadm5_ret_t +modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + u_int32_t forbidden_mask) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + if((mask & forbidden_mask)) + return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) + return KADM5_UNK_POLICY; + + ent.principal = princ->principal; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, 0, &ent); + if(ret) + goto out; + ret = _kadm5_setup_entry(&ent, mask, princ, mask, NULL, 0); + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_modify (context, + &ent, + mask | KADM5_MOD_NAME | KADM5_MOD_TIME); + + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + return _kadm5_error_code(ret); +} + + +kadm5_ret_t +kadm5_s_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + return modify_principal(server_handle, princ, mask, + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO + | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS + | KADM5_LAST_FAILED); +} diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c new file mode 100644 index 0000000..86d35f3 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/password_quality.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: password_quality.c,v 1.3 1999/12/02 17:05:06 joda Exp $"); + +#ifdef HAVE_DLFCN_H +#include <dlfcn.h> +#endif + +static const char * +simple_passwd_quality (krb5_context context, + krb5_principal principal, + krb5_data *pwd) +{ + if (pwd->length < 6) + return "Password too short"; + else + return NULL; +} + +typedef const char* (*passwd_quality_check_func)(krb5_context, + krb5_principal, + krb5_data*); + +static passwd_quality_check_func passwd_quality_check = simple_passwd_quality; + +#ifdef HAVE_DLOPEN +extern const char *check_library; +extern const char *check_function; + +#define PASSWD_VERSION 0 + +#endif + +/* + * setup the password quality hook + */ + +void +kadm5_setup_passwd_quality_check(krb5_context context, + const char *check_library, + const char *check_function) +{ +#ifdef HAVE_DLOPEN + void *handle; + void *sym; + int *version; + int flags; + const char *tmp; + +#ifdef RTLD_NOW + flags = RTLD_NOW; +#else + flags = 0; +#endif + + if(check_library == NULL) { + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_library", + NULL); + if(tmp != NULL) + check_library = tmp; + } + if(check_function == NULL) { + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_function", + NULL); + if(tmp != NULL) + check_function = tmp; + } + if(check_library != NULL && check_function == NULL) + check_function = "passwd_check"; + + if(check_library == NULL) + return; + handle = dlopen(check_library, flags); + if(handle == NULL) { + krb5_warnx(context, "failed to open `%s'", check_library); + return; + } + version = dlsym(handle, "version"); + if(version == NULL) { + krb5_warnx(context, + "didn't find `version' symbol in `%s'", check_library); + dlclose(handle); + return; + } + if(*version != PASSWD_VERSION) { + krb5_warnx(context, + "version of loaded library is %d (expected %d)", + *version, PASSWD_VERSION); + dlclose(handle); + return; + } + sym = dlsym(handle, check_function); + if(sym == NULL) { + krb5_warnx(context, + "didn't find `%s' symbol in `%s'", + check_function, check_library); + dlclose(handle); + return; + } + passwd_quality_check = (passwd_quality_check_func) sym; +#endif /* HAVE_DLOPEN */ +} + +const char * +kadm5_check_password_quality (krb5_context context, + krb5_principal principal, + krb5_data *pwd_data) +{ + return (*passwd_quality_check) (context, principal, pwd_data); +} diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h new file mode 100644 index 0000000..e56a0f5 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/private.h @@ -0,0 +1,281 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: private.h,v 1.10 1999/12/04 23:09:34 assar Exp $ */ + +#ifndef __kadm5_private_h__ +#define __kadm5_private_h__ + +struct kadm_func { + kadm5_ret_t (*chpass_principal) (void *, krb5_principal, char*); + kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, + u_int32_t, char*); + kadm5_ret_t (*delete_principal) (void*, krb5_principal); + kadm5_ret_t (*destroy) (void*); + kadm5_ret_t (*flush) (void*); + kadm5_ret_t (*get_principal) (void*, krb5_principal, + kadm5_principal_ent_t, u_int32_t); + kadm5_ret_t (*get_principals) (void*, const char*, char***, int*); + kadm5_ret_t (*get_privs) (void*, u_int32_t*); + kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, u_int32_t); + kadm5_ret_t (*randkey_principal) (void*, krb5_principal, + krb5_keyblock**, int*); + kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); +}; + +/* XXX should be integrated */ +typedef struct kadm5_common_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + void *data; +}kadm5_common_context; + +typedef struct kadm5_log_peer { + int fd; + char *name; + krb5_auth_context ac; + struct kadm5_log_peer *next; +} kadm5_log_peer; + +typedef struct kadm5_log_context { + char *log_file; + int log_fd; + u_int32_t version; + struct sockaddr_un socket_name; + int socket_fd; +} kadm5_log_context; + +typedef struct kadm5_server_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + /* */ + kadm5_config_params config; + HDB *db; + krb5_principal caller; + unsigned acl_flags; + kadm5_log_context log_context; +}kadm5_server_context; + +typedef struct kadm5_client_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + /* */ + krb5_auth_context ac; + char *realm; + char *admin_server; + int kadmind_port; + int sock; +}kadm5_client_context; + +enum kadm_ops { + kadm_get, + kadm_delete, + kadm_create, + kadm_rename, + kadm_chpass, + kadm_modify, + kadm_randkey, + kadm_get_privs, + kadm_get_princs +}; + +#define KADMIN_APPL_VERSION "KADM0.1" +#define KADMIN_OLD_APPL_VERSION "KADM0.0" + +#define KADM5_LOG_SIGNAL HDB_DB_DIR "/signal" + +kadm5_ret_t _kadm5_privs_to_string (u_int32_t, char*, size_t); + +kadm5_ret_t _kadm5_string_to_privs (const char*, u_int32_t*); + +HDB *_kadm5_s_get_db (void *); + +kadm5_ret_t +_kadm5_acl_check_permission __P(( + kadm5_server_context *context, + unsigned op)); + +kadm5_ret_t +_kadm5_acl_init __P((kadm5_server_context *context)); + +kadm5_ret_t +_kadm5_c_init_context __P(( + kadm5_client_context **ctx, + kadm5_config_params *params, + krb5_context context)); + +kadm5_ret_t +_kadm5_client_recv __P(( + kadm5_client_context *context, + krb5_data *reply)); + +kadm5_ret_t +_kadm5_client_send __P(( + kadm5_client_context *context, + krb5_storage *sp)); + +kadm5_ret_t +_kadm5_error_code __P((kadm5_ret_t code)); + +kadm5_ret_t +_kadm5_s_init_context __P(( + kadm5_server_context **ctx, + kadm5_config_params *params, + krb5_context context)); + +kadm5_ret_t +_kadm5_set_keys __P(( + kadm5_server_context *context, + hdb_entry *ent, + const char *password)); + +kadm5_ret_t +_kadm5_set_keys2 __P(( + hdb_entry *ent, + int16_t n_key_data, + krb5_key_data *key_data)); + +kadm5_ret_t +_kadm5_set_keys_randomly __P((kadm5_server_context *context, + hdb_entry *ent, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +_kadm5_set_modifier __P(( + kadm5_server_context *context, + hdb_entry *ent)); + +kadm5_ret_t +_kadm5_setup_entry __P(( + hdb_entry *ent, + u_int32_t mask, + kadm5_principal_ent_t princ, + u_int32_t princ_mask, + kadm5_principal_ent_t def, + u_int32_t def_mask)); + +kadm5_ret_t +kadm5_log_get_version (int fd, + u_int32_t *ver); + +kadm5_ret_t +kadm5_log_init (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_create (kadm5_server_context *context, + hdb_entry *ent); + +kadm5_ret_t +kadm5_log_delete (kadm5_server_context *context, + krb5_principal princ); + +kadm5_ret_t +kadm5_log_rename (kadm5_server_context *context, + krb5_principal source, + hdb_entry *ent); + +kadm5_ret_t +kadm5_log_modify (kadm5_server_context *context, + hdb_entry *ent, + u_int32_t mask); + +kadm5_ret_t +kadm5_log_end (kadm5_server_context *context); + +kadm5_ret_t +kadm5_log_foreach (kadm5_server_context *context, + void (*func)(kadm5_server_context *server_context, + u_int32_t ver, + time_t timestamp, + enum kadm_ops op, + u_int32_t len, + krb5_storage *sp)); + +kadm5_ret_t +kadm5_log_replay_create (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_delete (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_rename (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay_modify (kadm5_server_context *context, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +kadm5_ret_t +kadm5_log_replay (kadm5_server_context *context, + enum kadm_ops op, + u_int32_t ver, + u_int32_t len, + krb5_storage *sp); + +krb5_storage * +kadm5_log_goto_end (int fd); + +kadm5_ret_t +kadm5_log_previous (krb5_storage *sp, + u_int32_t *ver, + time_t *timestamp, + enum kadm_ops *op, + u_int32_t *len); + +kadm5_ret_t +_kadm5_marshal_params __P((krb5_context context, + kadm5_config_params *params, + krb5_data *out)); + +kadm5_ret_t +_kadm5_unmarshal_params __P((krb5_context context, + krb5_data *in, + kadm5_config_params *params)); + + + +#endif /* __kadm5_private_h__ */ diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c new file mode 100644 index 0000000..25d4976 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/privs_c.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: privs_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_c_get_privs(void *server_handle, u_int32_t *privs) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_get_privs); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if(ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if (ret) + return ret; + sp = krb5_storage_from_data(&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + if(ret == 0){ + krb5_ret_int32(sp, &tmp); + *privs = tmp; + } + krb5_storage_free(sp); + krb5_data_free (&reply); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c new file mode 100644 index 0000000..85cd5d5 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/privs_s.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: privs_s.c,v 1.2 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_s_get_privs(void *server_handle, u_int32_t *privs) +{ + kadm5_server_context *context = server_handle; + *privs = context->acl_flags; + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c new file mode 100644 index 0000000..7531b6e --- /dev/null +++ b/crypto/heimdal/lib/kadm5/randkey_c.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: randkey_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_c_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_randkey); + krb5_store_principal(sp, princ); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if (ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data(&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + if(ret == 0){ + krb5_keyblock *k; + int i; + + krb5_ret_int32(sp, &tmp); + k = malloc(tmp * sizeof(*k)); + if (k == NULL) { + ret = ENOMEM; + goto out; + } + for(i = 0; i < tmp; i++) + krb5_ret_keyblock(sp, &k[i]); + *n_keys = tmp; + *new_keys = k; + } +out: + krb5_storage_free(sp); + krb5_data_free (&reply); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c new file mode 100644 index 0000000..25c8571 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/randkey_s.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: randkey_s.c,v 1.10 1999/12/02 17:05:07 joda Exp $"); + +/* + * Set the keys of `princ' to random values, returning the random keys + * in `new_keys', `n_keys'. + */ + +kadm5_ret_t +kadm5_s_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, 0, &ent); + if(ret) + goto out; + + ret = _kadm5_set_keys_randomly (context, + &ent, + new_keys, + n_keys); + if (ret) + goto out2; + + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out3; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_modify (context, + &ent, + KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | + KADM5_KEY_DATA | KADM5_KVNO); + + ret = context->db->store(context->context, context->db, + HDB_F_REPLACE, &ent); +out3: + if (ret) { + int i; + + for (i = 0; i < *n_keys; ++i) + krb5_free_keyblock_contents (context->context, &(*new_keys)[i]); + free (*new_keys); + *new_keys = NULL; + *n_keys = 0; + } +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + return _kadm5_error_code(ret); +} diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c new file mode 100644 index 0000000..d33e611 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/rename_c.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: rename_c.c,v 1.3 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_c_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + kadm5_client_context *context = server_handle; + kadm5_ret_t ret; + krb5_storage *sp; + unsigned char buf[1024]; + int32_t tmp; + krb5_data reply; + + sp = krb5_storage_from_mem(buf, sizeof(buf)); + if (sp == NULL) + return ENOMEM; + krb5_store_int32(sp, kadm_rename); + krb5_store_principal(sp, source); + krb5_store_principal(sp, target); + ret = _kadm5_client_send(context, sp); + krb5_storage_free(sp); + if (ret) + return ret; + ret = _kadm5_client_recv(context, &reply); + if(ret) + return ret; + sp = krb5_storage_from_data (&reply); + if (sp == NULL) { + krb5_data_free (&reply); + return ENOMEM; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + krb5_storage_free(sp); + krb5_data_free (&reply); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c new file mode 100644 index 0000000..e7f9038 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/rename_s.c @@ -0,0 +1,104 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: rename_s.c,v 1.9 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_s_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent, ent2; + ent.principal = source; + if(krb5_principal_compare(context->context, source, target)) + return KADM5_DUP; /* XXX is this right? */ + if(!krb5_realm_compare(context->context, source, target)) + return KADM5_FAILURE; /* XXX better code */ + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, 0, &ent); + if(ret){ + context->db->close(context->context, context->db); + goto out; + } + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + { + /* fix salt */ + int i; + Salt salt; + krb5_salt salt2; + krb5_get_pw_salt(context->context, source, &salt2); + salt.type = hdb_pw_salt; + salt.salt = salt2.saltvalue; + for(i = 0; i < ent.keys.len; i++){ + if(ent.keys.val[i].salt == NULL){ + ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt)); + ret = copy_Salt(&salt, ent.keys.val[i].salt); + if(ret) + break; + } + } + krb5_free_salt(context->context, salt2); + } + if(ret) + goto out2; + ent2.principal = ent.principal; + ent.principal = target; + + hdb_seal_keys(context->db, &ent); + + kadm5_log_rename (context, + source, + &ent); + + ret = context->db->store(context->context, context->db, 0, &ent); + if(ret){ + ent.principal = ent2.principal; + goto out2; + } + ret = context->db->remove(context->context, context->db, &ent2); + ent.principal = ent2.principal; +out2: + context->db->close(context->context, context->db); + hdb_free_entry(context->context, &ent); +out: + return _kadm5_error_code(ret); +} + diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c new file mode 100644 index 0000000..c0e05ee --- /dev/null +++ b/crypto/heimdal/lib/kadm5/replay_log.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "iprop.h" + +RCSID("$Id: replay_log.c,v 1.7 1999/12/04 19:51:11 assar Exp $"); + +static void +apply_entry(kadm5_server_context *server_context, + u_int32_t ver, + time_t timestamp, + enum kadm_ops op, + u_int32_t len, + krb5_storage *sp) +{ + krb5_error_code ret; + + printf ("ver %u... ", ver); + fflush (stdout); + + ret = kadm5_log_replay (server_context, + op, ver, len, sp); + if (ret) + krb5_warn (server_context->context, ret, "kadm5_log_replay"); + + + printf ("done\n"); +} + +int version_flag; +int help_flag; +struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + void *kadm_handle; + kadm5_config_params conf; + kadm5_server_context *server_context; + + krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + memset(&conf, 0, sizeof(conf)); + ret = kadm5_init_with_password_ctx (context, + KADM5_ADMIN_SERVICE, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if (ret) + krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); + + server_context = (kadm5_server_context *)kadm_handle; + + ret = server_context->db->open(context, + server_context->db, + O_RDWR | O_CREAT, 0); + if (ret) + krb5_err (context, 1, ret, "db->open"); + + ret = kadm5_log_init (server_context); + if (ret) + krb5_err (context, 1, ret, "kadm5_log_init"); + + ret = kadm5_log_foreach (server_context, apply_entry); + if(ret) + krb5_warn(context, ret, "kadm5_log_foreach"); + ret = kadm5_log_end (server_context); + if (ret) + krb5_warn(context, ret, "kadm5_log_end"); + ret = server_context->db->close (context, server_context->db); + if (ret) + krb5_err (context, 1, ret, "db->close"); + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c new file mode 100644 index 0000000..4ff5122 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/sample_passwd_check.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +/* $Id: sample_passwd_check.c,v 1.1 1999/09/10 10:11:03 assar Exp $ */ + +#include <string.h> +#include <stdlib.h> +#include <krb5.h> + +/* specify the api-version this library conforms to */ + +int version = 0; + +/* just check the length of the password, this is what the default + check does, but this lets you specify the minimum length in + krb5.conf */ +const char* +check_length(krb5_context context, + krb5_principal prinipal, + krb5_data *password) +{ + int min_length = krb5_config_get_int_default(context, NULL, 6, + "password_quality", + "min_length", + NULL); + if(password->length < min_length) + return "Password too short"; + return NULL; +} + +#ifdef DICTPATH + +/* use cracklib to check password quality; this requires a patch for + cracklib that can be found at + ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */ + +const char* +check_cracklib(krb5_context context, + krb5_principal principal, + krb5_data *password) +{ + char *s = malloc(password->length + 1); + char *msg; + char *strings[2]; + if(s == NULL) + return NULL; /* XXX */ + strings[0] = principal->name.name_string.val[0]; /* XXX */ + strings[1] = NULL; + memcpy(s, password->data, password->length); + s[password->length] = '\0'; + msg = FascistCheck(s, DICTPATH, strings); + memset(s, 0, password->length); + free(s); + return msg; +} +#endif diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c new file mode 100644 index 0000000..51f6972 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: send_recv.c,v 1.7 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) +{ + krb5_data msg, out; + krb5_error_code ret; + size_t len; + krb5_storage *sock; + + len = sp->seek(sp, 0, SEEK_CUR); + ret = krb5_data_alloc(&msg, len); + sp->seek(sp, 0, SEEK_SET); + sp->fetch(sp, msg.data, msg.length); + + ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL); + krb5_data_free(&msg); + if(ret) + return ret; + + sock = krb5_storage_from_fd(context->sock); + if(sock == NULL) { + krb5_data_free(&out); + return ENOMEM; + } + + ret = krb5_store_data(sock, out); + krb5_storage_free(sock); + krb5_data_free(&out); + return ret; +} + +kadm5_ret_t +_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply) +{ + krb5_error_code ret; + krb5_data data; + krb5_storage *sock; + + sock = krb5_storage_from_fd(context->sock); + if(sock == NULL) + return ENOMEM; + ret = krb5_ret_data(sock, &data); + krb5_storage_free(sock); + if(ret == KRB5_CC_END) + return KADM5_RPC_ERROR; + else if(ret) + return ret; + + ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL); + krb5_data_free(&data); + return ret; +} + diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c new file mode 100644 index 0000000..21b6077 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/server_glue.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: server_glue.c,v 1.6 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +kadm5_init_with_password(const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_password(client_name, + password, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_password_ctx(krb5_context context, + const char *client_name, + const char *password, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_password_ctx(context, + client_name, + password, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_skey(const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_skey(client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_skey_ctx(krb5_context context, + const char *client_name, + const char *keytab, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_skey_ctx(context, + client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_creds(const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_creds(client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_init_with_creds_ctx(krb5_context context, + const char *client_name, + krb5_ccache ccache, + const char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_creds_ctx(context, + client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c new file mode 100644 index 0000000..e4d5d1a --- /dev/null +++ b/crypto/heimdal/lib/kadm5/set_keys.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: set_keys.c,v 1.18 1999/12/04 23:11:01 assar Exp $"); + +/* + * free all the memory used by (len, keys) + */ + +static void +free_keys (kadm5_server_context *context, + int len, Key *keys) +{ + int i; + + for (i = 0; i < len; ++i) { + free (keys[i].mkvno); + keys[i].mkvno = NULL; + if (keys[i].salt != NULL) { + free_Salt(keys[i].salt); + free(keys[i].salt); + keys[i].salt = NULL; + } + krb5_free_keyblock_contents(context->context, &keys[i].key); + } + free (keys); +} + +/* + * null-ify `len', `keys' + */ + +static void +init_keys (Key *keys, int len) +{ + int i; + + for (i = 0; i < len; ++i) { + keys[i].mkvno = NULL; + keys[i].salt = NULL; + keys[i].key.keyvalue.length = 0; + keys[i].key.keyvalue.data = NULL; + } +} + +/* + * the known and used DES enctypes + */ + +static krb5_enctype des_types[] = { ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_MD5 }; + +static unsigned n_des_types = 3; + +/* + * Set the keys of `ent' to the string-to-key of `password' + */ + +kadm5_ret_t +_kadm5_set_keys(kadm5_server_context *context, + hdb_entry *ent, + const char *password) +{ + kadm5_ret_t ret = 0; + int i; + unsigned len; + Key *keys; + krb5_salt salt; + krb5_boolean v4_salt = FALSE; + + len = n_des_types + 1; + keys = malloc (len * sizeof(*keys)); + if (keys == NULL) + return ENOMEM; + + init_keys (keys, len); + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.length = 0; + salt.saltvalue.data = NULL; + + if (krb5_config_get_bool (context->context, + NULL, "kadmin", "use_v4_salt", NULL)) { + v4_salt = TRUE; + } else { + ret = krb5_get_pw_salt (context->context, ent->principal, &salt); + if (ret) + goto out; + } + + for (i = 0; i < n_des_types; ++i) { + ret = krb5_string_to_key_salt (context->context, + des_types[i], + password, + salt, + &keys[i].key); + if (ret) + goto out; + if (v4_salt) { + keys[i].salt = malloc (sizeof(*keys[i].salt)); + if (keys[i].salt == NULL) { + ret = ENOMEM; + goto out; + } + keys[i].salt->type = salt.salttype; + ret = copy_octet_string (&salt.saltvalue, &keys[i].salt->salt); + if (ret) + goto out; + } + } + + ret = krb5_string_to_key (context->context, + ETYPE_DES3_CBC_SHA1, + password, + ent->principal, + &keys[n_des_types].key); + if (ret) + goto out; + + free_keys (context, ent->keys.len, ent->keys.val); + ent->keys.len = len; + ent->keys.val = keys; + ent->kvno++; + return ret; +out: + krb5_data_free (&salt.saltvalue); + free_keys (context, len, keys); + return ret; +} + +/* + * Set the keys of `ent' to (`n_key_data', `key_data') + */ + +kadm5_ret_t +_kadm5_set_keys2(hdb_entry *ent, + int16_t n_key_data, + krb5_key_data *key_data) +{ + krb5_error_code ret; + int i; + + ent->keys.len = n_key_data; + ent->keys.val = malloc(ent->keys.len * sizeof(*ent->keys.val)); + if(ent->keys.val == NULL) + return ENOMEM; + for(i = 0; i < n_key_data; i++) { + ent->keys.val[i].mkvno = NULL; + ent->keys.val[i].key.keytype = key_data[i].key_data_type[0]; + ret = krb5_data_copy(&ent->keys.val[i].key.keyvalue, + key_data[i].key_data_contents[0], + key_data[i].key_data_length[0]); + if(ret) + return ret; + if(key_data[i].key_data_ver == 2) { + Salt *salt; + salt = malloc(sizeof(*salt)); + if(salt == NULL) + return ENOMEM; + ent->keys.val[i].salt = salt; + salt->type = key_data[i].key_data_type[1]; + krb5_data_copy(&salt->salt, + key_data[i].key_data_contents[1], + key_data[i].key_data_length[1]); + } else + ent->keys.val[i].salt = NULL; + } + ent->kvno++; + return 0; +} + +/* + * Set the keys of `ent' to random keys and return them in `n_keys' + * and `new_keys'. + */ + +kadm5_ret_t +_kadm5_set_keys_randomly (kadm5_server_context *context, + hdb_entry *ent, + krb5_keyblock **new_keys, + int *n_keys) +{ + kadm5_ret_t ret = 0; + int i; + unsigned len; + krb5_keyblock *keys; + Key *hkeys; + + len = n_des_types + 1; + keys = malloc (len * sizeof(*keys)); + if (keys == NULL) + return ENOMEM; + + for (i = 0; i < len; ++i) { + keys[i].keyvalue.length = 0; + keys[i].keyvalue.data = NULL; + } + + hkeys = malloc (len * sizeof(*hkeys)); + if (hkeys == NULL) { + free (keys); + return ENOMEM; + } + + init_keys (hkeys, len); + + ret = krb5_generate_random_keyblock (context->context, + des_types[0], + &keys[0]); + if (ret) + goto out; + + ret = krb5_copy_keyblock_contents (context->context, + &keys[0], + &hkeys[0].key); + if (ret) + goto out; + + for (i = 1; i < n_des_types; ++i) { + ret = krb5_copy_keyblock_contents (context->context, + &keys[0], + &keys[i]); + if (ret) + goto out; + keys[i].keytype = des_types[i]; + ret = krb5_copy_keyblock_contents (context->context, + &keys[0], + &hkeys[i].key); + if (ret) + goto out; + hkeys[i].key.keytype = des_types[i]; + } + + ret = krb5_generate_random_keyblock (context->context, + ETYPE_DES3_CBC_SHA1, + &keys[n_des_types]); + if (ret) + goto out; + + ret = krb5_copy_keyblock_contents (context->context, + &keys[n_des_types], + &hkeys[n_des_types].key); + if (ret) + goto out; + + free_keys (context, ent->keys.len, ent->keys.val); + ent->keys.len = len; + ent->keys.val = hkeys; + ent->kvno++; + *new_keys = keys; + *n_keys = len; + return ret; +out: + for (i = 0; i < len; ++i) + krb5_free_keyblock_contents (context->context, &keys[i]); + free (keys); + free_keys (context, len, hkeys); + return ret; +} diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c new file mode 100644 index 0000000..2b09745 --- /dev/null +++ b/crypto/heimdal/lib/kadm5/set_modifier.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id: set_modifier.c,v 1.2 1999/12/02 17:05:07 joda Exp $"); + +kadm5_ret_t +_kadm5_set_modifier(kadm5_server_context *context, + hdb_entry *ent) +{ + kadm5_ret_t ret; + if(ent->modified_by == NULL){ + ent->modified_by = malloc(sizeof(*ent->modified_by)); + if(ent->modified_by == NULL) + return ENOMEM; + } else + free_Event(ent->modified_by); + ent->modified_by->time = time(NULL); + ret = krb5_copy_principal(context->context, context->caller, + &ent->modified_by->principal); + return ret; +} + |
