summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
authormp153739 <none@none>2006-10-07 13:37:05 -0700
committermp153739 <none@none>2006-10-07 13:37:05 -0700
commit56a424cca6b3f91f31bdab72a4626c48c779fe8b (patch)
tree9a50fae6e9e88996cc646a6b9a53425b2b8539d7 /usr/src
parent124771bb5f403108fb9ed84bf6083c8d427d55ff (diff)
downloadillumos-gate-56a424cca6b3f91f31bdab72a4626c48c779fe8b.tar.gz
PSARC 2006/424 Kerberos 1.4 KDC Resync
6406993 kdc and client resync with MIT 1.4
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/Makefile20
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/getdate.y993
-rwxr-xr-xusr/src/cmd/krb5/kadmin/cli/k5srvutil.sh147
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/kadmin.c703
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/kadmin.h75
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/kadmin_ct.c299
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c51
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/keytab.c174
-rw-r--r--usr/src/cmd/krb5/kadmin/cli/ss_wrapper.c53
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/Makefile4
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/dump.c1134
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/import_err.h79
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kadm5_create.c123
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kdb5_create.c128
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kdb5_destroy.c55
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c100
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.c186
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.h74
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/nstrtok.h7
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/ovload.c358
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/string_table.c22
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/string_table.h11
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/strtok.c107
-rw-r--r--usr/src/cmd/krb5/kadmin/dbutil/util.c178
-rw-r--r--usr/src/cmd/krb5/kadmin/kpasswd/Makefile4
-rw-r--r--usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.c259
-rw-r--r--usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.h49
-rw-r--r--usr/src/cmd/krb5/kadmin/kpasswd/kpasswd_strings.h58
-rw-r--r--usr/src/cmd/krb5/kadmin/kpasswd/tty_kpasswd.c82
-rw-r--r--usr/src/cmd/krb5/kadmin/ktutil/ktutil.c323
-rw-r--r--usr/src/cmd/krb5/kadmin/ktutil/ktutil.h83
-rw-r--r--usr/src/cmd/krb5/kadmin/ktutil/ktutil_ct.c152
-rw-r--r--usr/src/cmd/krb5/kadmin/ktutil/ktutil_funcs.c37
-rw-r--r--usr/src/cmd/krb5/kadmin/server/ipropd_svc.c6
-rw-r--r--usr/src/cmd/krb5/kadmin/server/kadm_rpc_svc.c79
-rw-r--r--usr/src/cmd/krb5/kadmin/server/misc.c198
-rw-r--r--usr/src/cmd/krb5/kadmin/server/misc.h82
-rw-r--r--usr/src/cmd/krb5/kadmin/server/ovsec_kadmd.c119
-rw-r--r--usr/src/cmd/krb5/kadmin/server/server_glue_v1.c19
-rw-r--r--usr/src/cmd/krb5/kadmin/server/server_stubs.c1631
-rw-r--r--usr/src/cmd/krb5/kdestroy/kdestroy.c10
-rw-r--r--usr/src/cmd/krb5/kinit/kinit.c172
-rw-r--r--usr/src/cmd/krb5/klist/klist.c105
-rw-r--r--usr/src/cmd/krb5/krb5kdc/dispatch.c43
-rw-r--r--usr/src/cmd/krb5/krb5kdc/do_as_req.c98
-rw-r--r--usr/src/cmd/krb5/krb5kdc/do_tgs_req.c182
-rw-r--r--usr/src/cmd/krb5/krb5kdc/extern.h15
-rw-r--r--usr/src/cmd/krb5/krb5kdc/kdc_preauth.c360
-rw-r--r--usr/src/cmd/krb5/krb5kdc/kdc_util.c297
-rw-r--r--usr/src/cmd/krb5/krb5kdc/kdc_util.h24
-rw-r--r--usr/src/cmd/krb5/krb5kdc/main.c298
-rw-r--r--usr/src/cmd/krb5/krb5kdc/network.c73
-rw-r--r--usr/src/cmd/krb5/krb5kdc/policy.c16
-rw-r--r--usr/src/cmd/krb5/krb5kdc/replay.c31
-rw-r--r--usr/src/cmd/krb5/slave/kprop.c211
-rw-r--r--usr/src/cmd/krb5/slave/kprop.h17
-rw-r--r--usr/src/cmd/krb5/slave/kpropd.c269
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/include/db.h7
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h10
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c15
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c4
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c10
-rw-r--r--usr/src/lib/gss_mechs/mech_krb5/mapfile-vers190
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_debug.c4
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_delete.c74
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_open.c10
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_overflow.c4
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_put.c42
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_search.c34
-rw-r--r--usr/src/lib/krb5/db2/btree/bt_seq.c28
-rw-r--r--usr/src/lib/krb5/db2/btree/extern.h4
-rw-r--r--usr/src/lib/krb5/db2/db/db.c16
-rw-r--r--usr/src/lib/krb5/db2/hash/dbm.c10
-rw-r--r--usr/src/lib/krb5/db2/hash/hash.c40
-rw-r--r--usr/src/lib/krb5/db2/hash/hash.h4
-rw-r--r--usr/src/lib/krb5/db2/hash/hash_bigkey.c22
-rw-r--r--usr/src/lib/krb5/db2/hash/hash_func.c9
-rw-r--r--usr/src/lib/krb5/db2/hash/hash_log2.c3
-rw-r--r--usr/src/lib/krb5/db2/hash/hash_page.c52
-rw-r--r--usr/src/lib/krb5/db2/hash/hsearch.c2
-rw-r--r--usr/src/lib/krb5/db2/hash/search.h6
-rw-r--r--usr/src/lib/krb5/db2/include/db-int.h97
-rw-r--r--usr/src/lib/krb5/db2/include/db-queue.h8
-rw-r--r--usr/src/lib/krb5/db2/mapfile-vers20
-rw-r--r--usr/src/lib/krb5/db2/mpool/mpool.c48
-rw-r--r--usr/src/lib/krb5/db2/mpool/mpool.h14
-rw-r--r--usr/src/lib/krb5/db2/recno/extern.h22
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_close.c3
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_delete.c12
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_open.c8
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_put.c18
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_search.c14
-rw-r--r--usr/src/lib/krb5/db2/recno/rec_seq.c2
-rw-r--r--usr/src/lib/krb5/kadm5/adb.h22
-rw-r--r--usr/src/lib/krb5/kadm5/adb_err.h16
-rw-r--r--usr/src/lib/krb5/kadm5/admin.h565
-rw-r--r--usr/src/lib/krb5/kadm5/admin_internal.h8
-rw-r--r--usr/src/lib/krb5/kadm5/admin_xdr.h52
-rw-r--r--usr/src/lib/krb5/kadm5/alt_prof.c1396
-rw-r--r--usr/src/lib/krb5/kadm5/chpass_util.c48
-rw-r--r--usr/src/lib/krb5/kadm5/chpass_util_strings.h11
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/Makefile.com2
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/client_init.c418
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/client_internal.h33
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/client_principal.c79
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/client_rpc.c16
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c2
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/clnt_policy.c6
-rw-r--r--usr/src/lib/krb5/kadm5/clnt/mapfile-vers23
-rw-r--r--usr/src/lib/krb5/kadm5/kadm_err.h18
-rw-r--r--usr/src/lib/krb5/kadm5/kadm_rpc.h97
-rw-r--r--usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c44
-rw-r--r--usr/src/lib/krb5/kadm5/server_internal.h16
-rw-r--r--usr/src/lib/krb5/kadm5/srv/Makefile.com3
-rw-r--r--usr/src/lib/krb5/kadm5/srv/adb_free.c10
-rw-r--r--usr/src/lib/krb5/kadm5/srv/adb_openclose.c79
-rw-r--r--usr/src/lib/krb5/kadm5/srv/adb_policy.c31
-rw-r--r--usr/src/lib/krb5/kadm5/srv/adb_xdr.c14
-rw-r--r--usr/src/lib/krb5/kadm5/srv/mapfile-vers35
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_acl.c168
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_acl.h10
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_dict.c20
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_init.c165
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_kdb.c59
-rw-r--r--usr/src/lib/krb5/kadm5/srv/server_misc.c25
-rw-r--r--usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c4
-rw-r--r--usr/src/lib/krb5/kadm5/srv/svr_iters.c75
-rw-r--r--usr/src/lib/krb5/kadm5/srv/svr_misc_free.c4
-rw-r--r--usr/src/lib/krb5/kadm5/srv/svr_policy.c10
-rw-r--r--usr/src/lib/krb5/kadm5/srv/svr_principal.c385
-rw-r--r--usr/src/lib/krb5/kadm5/str_conv.c14
-rw-r--r--usr/src/lib/krb5/kdb/Makefile.com2
-rw-r--r--usr/src/lib/krb5/kdb/encrypt_key.c5
-rw-r--r--usr/src/lib/krb5/kdb/fetch_mkey.c8
-rw-r--r--usr/src/lib/krb5/kdb/kdb_cpw.c49
-rw-r--r--usr/src/lib/krb5/kdb/kdb_db2.c80
-rw-r--r--usr/src/lib/krb5/kdb/kdb_db2.h6
-rw-r--r--usr/src/lib/krb5/kdb/kdb_dbm.c18
-rw-r--r--usr/src/lib/krb5/kdb/kdb_kt.h44
-rw-r--r--usr/src/lib/krb5/kdb/kdb_xdr.c33
-rw-r--r--usr/src/lib/krb5/kdb/keytab.c22
-rw-r--r--usr/src/lib/krb5/kdb/mapfile-vers40
-rw-r--r--usr/src/lib/krb5/kdb/setup_mkey.c4
-rw-r--r--usr/src/lib/krb5/kdb/store_mkey.c5
-rw-r--r--usr/src/lib/krb5/ss/copyright.h3
-rw-r--r--usr/src/lib/krb5/ss/error.c34
-rw-r--r--usr/src/lib/krb5/ss/execute_cmd.c9
-rw-r--r--usr/src/lib/krb5/ss/help.c18
-rw-r--r--usr/src/lib/krb5/ss/invocation.c2
-rw-r--r--usr/src/lib/krb5/ss/list_rqs.c25
-rw-r--r--usr/src/lib/krb5/ss/listen.c26
-rw-r--r--usr/src/lib/krb5/ss/mapfile-vers1
-rw-r--r--usr/src/lib/krb5/ss/mit-sipb-copyright.h3
-rw-r--r--usr/src/lib/krb5/ss/mk_cmds.c7
-rw-r--r--usr/src/lib/krb5/ss/pager.c8
-rw-r--r--usr/src/lib/krb5/ss/parse.c25
-rw-r--r--usr/src/lib/krb5/ss/request_tbl.c8
-rw-r--r--usr/src/lib/krb5/ss/requests.c17
-rw-r--r--usr/src/lib/krb5/ss/ss.h27
-rw-r--r--usr/src/lib/krb5/ss/ss_internal.h39
-rw-r--r--usr/src/lib/krb5/ss/utils.c13
-rw-r--r--usr/src/pkgdefs/SUNWkdcu/prototype_com8
-rw-r--r--usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/init_ctx.c7
163 files changed, 8671 insertions, 7257 deletions
diff --git a/usr/src/cmd/krb5/kadmin/cli/Makefile b/usr/src/cmd/krb5/kadmin/cli/Makefile
index 27ce1e9842..ecc77bed36 100644
--- a/usr/src/cmd/krb5/kadmin/cli/Makefile
+++ b/usr/src/cmd/krb5/kadmin/cli/Makefile
@@ -1,11 +1,15 @@
#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
PROG= kadmin kadmin.local
+SHFILES= k5srvutil
+CLOBBERFILES= $(SHFILES)
+
+KRB5SBINSHFILES= $(SHFILES:%=$(KRB5SBIN)/%)
COMMON_OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o
RMT_OBJS= $(COMMON_OBJS) kadmin_rmt.o
@@ -16,8 +20,8 @@ SRCS = $(OBJS:.o=.c)
include ../../../Makefile.cmd
include $(SRC)/lib/gss_mechs/mech_krb5/Makefile.mech_krb5
-POFILE = kadmin.po
-POFILES = generic.po
+POFILE = generic.po
+POFILES = kadmin.po k5srvutil.po
DEFS = -DHAVE_LIBSOCKET=1 -DHAVE_LIBNSL=1 -DHAVE_UNISTD_H=1 -DHAVE_SYS_TIMEB_H=1 \
-DHAVE_ALLOCA_H=1 -DHAVE_FTIME=1 -DHAVE_TIMEZONE
@@ -43,7 +47,7 @@ kadmin.local:= DEFS += -D_KADMIN_LOCAL_
.KEEP_STATE:
-all: $(PROG)
+all: $(PROG) $(SHFILES)
kadmin: $(RMT_OBJS)
$(LINK.c) $(RMT_OBJS) -o $@ $(CLLIBS)
@@ -53,7 +57,11 @@ kadmin.local: $(LOC_OBJS)
$(LINK.c) $(LOC_OBJS) -o $@ $(SRVLIBS)
$(POST_PROCESS)
-install: $(KRB5SBINPROG)
+$(SHFILES): $(SHFILES).sh
+ $(RM) $(SHFILES)
+ $(CP) $(SHFILES).sh $(SHFILES)
+
+install: $(KRB5SBINPROG) $(KRB5SBINSHFILES)
clean:
$(RM) $(OBJS)
@@ -66,7 +74,7 @@ $(POFILE): $(DERIVED_FILES) .WAIT $(POFILES)
$(RM) $@
$(CAT) $(POFILES) > $@
-generic.po: FRC
+kadmin.po: FRC
$(RM) messages.po
$(XGETTEXT) $(XGETFLAGS) `$(GREP) -l gettext *.[ch]`
$(SED) "/^domain/d" messages.po > $@
diff --git a/usr/src/cmd/krb5/kadmin/cli/getdate.y b/usr/src/cmd/krb5/kadmin/cli/getdate.y
index 1bf9a15a72..cb16a86cc2 100644
--- a/usr/src/cmd/krb5/kadmin/cli/getdate.y
+++ b/usr/src/cmd/krb5/kadmin/cli/getdate.y
@@ -18,30 +18,28 @@
%{
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
- * Originally written by Steven M. Bellovin <smb@research.att.com> while
- * at the University of North Carolina at Chapel Hill. Later tweaked by
- * a couple of people on Usenet. Completely overhauled by Rich $alz
- * <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
- * send any email to Rich.
- *
- * This grammar has nine shift/reduce conflicts.
- *
- * This code is in the public domain and has no copyright.
- */
-
-/* SUPPRESS 287 on yaccpar_sccsid */ /* Unusd static variable */
-
-/* SUPPRESS 288 on yyerrlab */ /* Label unused */
+** Originally written by Steven M. Bellovin <smb@research.att.com> while
+** at the University of North Carolina at Chapel Hill. Later tweaked by
+** a couple of people on Usenet. Completely overhauled by Rich $alz
+** <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+** send any email to Rich.
+**
+** This grammar has nine shift/reduce conflicts.
+**
+** This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unusd static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
#ifdef HAVE_CONFIG_H
-#if defined(emacs) || defined(CONFIG_BROKETS)
+#if defined (emacs) || defined (CONFIG_BROKETS)
#include <config.h>
#else
#include "config.h"
@@ -49,37 +47,32 @@
#endif
#include <string.h>
-/*
- * Since the code of getdate.y is not included in the Emacs executable
- * itself, there is no need to #define static in this file. Even if
- * the code were included in the Emacs executable, it probably
- * wouldn't do any harm to #undef it here; this will only cause
- * problems if we try to write to a static variable, which I don't
- * think this code needs to do.
- */
-
+/* Since the code of getdate.y is not included in the Emacs executable
+ itself, there is no need to #define static in this file. Even if
+ the code were included in the Emacs executable, it probably
+ wouldn't do any harm to #undef it here; this will only cause
+ problems if we try to write to a static variable, which I don't
+ think this code needs to do. */
#ifdef emacs
#undef static
#endif
-/*
- * The following block of alloca-related preprocessor directives is here
- * solely to allow compilation by non GNU-C compilers of the C parser
- * produced from this file by old versions of bison. Newer versions of
- * bison include a block similar to this one in bison.simple.
- */
+/* The following block of alloca-related preprocessor directives is here
+ solely to allow compilation by non GNU-C compilers of the C parser
+ produced from this file by old versions of bison. Newer versions of
+ bison include a block similar to this one in bison.simple. */
#ifdef __GNUC__
#undef alloca
-#define alloca __builtin_alloca
+#define alloca __builtin_alloca
#else
#ifdef HAVE_ALLOCA_H
#include <alloca.h>
#else
#ifdef _AIX /* for Bison */
-#pragma alloca
+ #pragma alloca
#else
-void *alloca();
+void *alloca ();
#endif
#endif
#endif
@@ -87,12 +80,14 @@ void *alloca();
#include <stdio.h>
#include <ctype.h>
-/*
- * The code at the top of get_date which figures out the offset of the
- * current time zone checks various CPP symbols to see if special
- * tricks are need, but defaults to using the gettimeofday system call.
- * Include <sys/time.h> if that will be used.
- */
+#if defined(HAVE_STDLIB_H)
+#include <stdlib.h>
+#endif
+
+/* The code at the top of get_date which figures out the offset of the
+ current time zone checks various CPP symbols to see if special
+ tricks are need, but defaults to using the gettimeofday system call.
+ Include <sys/time.h> if that will be used. */
#if defined(vms)
@@ -119,10 +114,10 @@ void *alloca();
#endif
/*
- * We use the obsolete `struct my_timeb' as part of our interface!
- * Since the system doesn't have it, we define it here;
- * our callers must do likewise.
- */
+** We use the obsolete `struct my_timeb' as part of our interface!
+** Since the system doesn't have it, we define it here;
+** our callers must do likewise.
+*/
struct my_timeb {
time_t time; /* Seconds since the epoch */
unsigned short millitm; /* Field not used */
@@ -131,18 +126,15 @@ struct my_timeb {
};
#endif /* defined(vms) */
-#if defined(STDC_HEADERS) || defined(USG)
+#if defined (STDC_HEADERS) || defined (USG)
#include <string.h>
#endif
-/*
- * Some old versions of bison generate parsers that use bcopy.
- * That loses on systems that don't provide the function, so we have
- * to redefine it here.
- */
-
-#if !defined(HAVE_BCOPY) && defined(HAVE_MEMCPY) && !defined(bcopy)
-#define bcopy(from, to, len) memcpy((to), (from), (len))
+/* Some old versions of bison generate parsers that use bcopy.
+ That loses on systems that don't provide the function, so we have
+ to redefine it here. */
+#ifndef bcopy
+#define bcopy(from, to, len) memcpy ((to), (from), (len))
#endif
/*
@@ -179,28 +171,23 @@ GETTEXT(const char *msgid)
extern struct tm *gmtime();
extern struct tm *localtime();
-#define yyparse getdate_yyparse
-#define yylex getdate_yylex
-#define yyerror getdate_yyerror
+#define yyparse getdate_yyparse
+#define yylex getdate_yylex
+#define yyerror getdate_yyerror
-static int yylex();
-static int yyerror();
+static int getdate_yylex (void);
+static int getdate_yyerror (char *);
-#if !defined(lint) && !defined(SABER)
-static char RCS[] =
- "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/cli/getdate.y,v 1.9 1996/10/18 17:48:04 bjaspan Exp $";
-#endif /* !defined(lint) && !defined(SABER) */
-
-#define EPOCH 1970
+#define EPOCH 1970
#define EPOCH_END 2099 /* Solaris 64 bit can support this at this point */
-#define HOUR(x) ((time_t)(x) * 60)
-#define SECSPERDAY (24L * 60L * 60L)
+#define HOUR(x) ((time_t)(x) * 60)
+#define SECSPERDAY (24L * 60L * 60L)
/*
- * An entry in the lexical lookup table.
- */
+** An entry in the lexical lookup table.
+*/
typedef struct _TABLE {
char *name;
int type;
@@ -209,26 +196,26 @@ typedef struct _TABLE {
/*
- * Daylight-savings mode: on, off, or not yet known.
- */
+** Daylight-savings mode: on, off, or not yet known.
+*/
typedef enum _DSTMODE {
DSTon, DSToff, DSTmaybe
} DSTMODE;
/*
- * Meridian: am, pm, or 24-hour style.
- */
+** Meridian: am, pm, or 24-hour style.
+*/
typedef enum _MERIDIAN {
MERam, MERpm, MER24
} MERIDIAN;
/*
- * Global variables. We could get rid of most of these by using a good
- * union as the yacc stack. (This routine was originally written before
- * yacc had the %union construct.) Maybe someday; right now we only use
- * the %union very rarely.
- */
+** Global variables. We could get rid of most of these by using a good
+** union as the yacc stack. (This routine was originally written before
+** yacc had the %union construct.) Maybe someday; right now we only use
+** the %union very rarely.
+*/
static char *yyInput;
static DSTMODE yyDSTmode;
static time_t yyDayOrdinal;
@@ -267,7 +254,7 @@ static time_t yyRelSeconds;
spec : /* NULL */
| spec item
- | tNEVER {
+ | tNEVER {
yyYear = 1970;
yyMonth = 1;
yyDay = 1;
@@ -275,7 +262,7 @@ spec : /* NULL */
yyDSTmode = DSToff;
yyTimezone = 0; /* gmt */
yyHaveDate++;
- }
+ }
;
item : time {
@@ -339,7 +326,7 @@ zone : tZONE {
yyDSTmode = DSTon;
}
|
- tZONE tDST {
+ tZONE tDST {
yyTimezone = $1;
yyDSTmode = DSTon;
}
@@ -519,20 +506,18 @@ static TABLE const OtherTable[] = {
/* The timezone table. */
/* Some of these are commented out because a time_t can't store a float. */
static TABLE const TimezoneTable[] = {
- { gettext("gmt"), tZONE, HOUR(0) }, /* Greenwich Mean */
- { gettext("ut"), tZONE, HOUR(0) }, /* Universal (Coordinated) */
- { gettext("utc"), tZONE, HOUR(0) },
- { gettext("wet"), tZONE, HOUR(0) }, /* Western European */
- { gettext("bst"), tDAYZONE, HOUR(0) }, /* British Summer */
- { gettext("wat"), tZONE, HOUR(1) }, /* West Africa */
- { gettext("at"), tZONE, HOUR(2) }, /* Azores */
+ { gettext("gmt"), tZONE, HOUR( 0) }, /* Greenwich Mean */
+ { gettext("ut"), tZONE, HOUR( 0) }, /* Universal (Coordinated) */
+ { gettext("utc"), tZONE, HOUR( 0) },
+ { gettext("wet"), tZONE, HOUR( 0) }, /* Western European */
+ { gettext("bst"), tDAYZONE, HOUR( 0) }, /* British Summer */
+ { gettext("wat"), tZONE, HOUR( 1) }, /* West Africa */
+ { gettext("at"), tZONE, HOUR( 2) }, /* Azores */
#if 0
- /*
- * For completeness. BST is also British Summer, and GST is
- * also Guam Standard.
- */
- { gettext("bst"), tZONE, HOUR( 3) }, /* Brazil Standard */
- { gettext("gst"), tZONE, HOUR( 3) }, /* Greenland Standard */
+ /* For completeness. BST is also British Summer, and GST is
+ * also Guam Standard. */
+ { gettext("bst"), tZONE, HOUR( 3) }, /* Brazil Standard */
+ { gettext("gst"), tZONE, HOUR( 3) }, /* Greenland Standard */
#endif
#if 0
{ gettext("nft"), tZONE, HOUR(3.5) }, /* Newfoundland */
@@ -577,12 +562,10 @@ static TABLE const TimezoneTable[] = {
#endif
{ gettext("zp6"), tZONE, -HOUR(6) }, /* USSR Zone 5 */
#if 0
- /*
- * For completeness. NST is also Newfoundland Stanard, and SST is
- * also Swedish Summer.
- */
- { gettext("nst"), tZONE, -HOUR(6.5) },/* North Sumatra */
- { gettext("sst"), tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */
+ /* For completeness. NST is also Newfoundland Stanard, and SST is
+ * also Swedish Summer. */
+ { gettext("nst"), tZONE, -HOUR(6.5) },/* North Sumatra */
+ { gettext("sst"), tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */
#endif /* 0 */
{ gettext("wast"), tZONE, -HOUR(7) }, /* West Australian Standard */
{ gettext("wadt"), tDAYZONE, -HOUR(7) }, /* West Australian Daylight */
@@ -610,34 +593,38 @@ static TABLE const TimezoneTable[] = {
/* ARGSUSED */
static int
yyerror(s)
-char *s;
+ char *s;
{
- return (0);
+ return 0;
}
static time_t
-ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian)
+ToSeconds(Hours, Minutes, Seconds, Meridian)
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
{
- if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
- return (-1);
- switch (Meridian) {
- case MER24:
- if (Hours < 0 || Hours > 23)
- return (-1);
- return (Hours * 60L + Minutes) * 60L + Seconds;
- case MERam:
- if (Hours < 1 || Hours > 12)
- return (-1);
- return (Hours * 60L + Minutes) * 60L + Seconds;
- case MERpm:
- if (Hours < 1 || Hours > 12)
- return (-1);
- return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
- default:
- abort ();
- }
- /* NO TREACHED */
+ if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+ return -1;
+ switch (Meridian) {
+ case MER24:
+ if (Hours < 0 || Hours > 23)
+ return -1;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERam:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERpm:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+ default:
+ abort ();
+ }
+ /* NOTREACHED */
}
/*
@@ -645,452 +632,460 @@ ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian)
* of seconds since 00:00:00 1/1/70 GMT.
*/
static time_t
-Convert(time_t Month, time_t Day, time_t Year, time_t Hours,
- time_t Minutes, time_t Seconds, MERIDIAN Meridian, DSTMODE DSTmode)
+Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode)
+ time_t Month;
+ time_t Day;
+ time_t Year;
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
+ DSTMODE DSTmode;
{
- static int DaysInMonth[12] = {
- 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
- };
- time_t tod;
- time_t Julian;
- int i;
-
- if (Year < 0)
- Year = -Year;
- if (Year < 1900)
- Year += 1900;
- DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
- ? 29 : 28;
- if (Year < EPOCH || Year > EPOCH_END || Month < 1 || Month > 12
- /* Lint fluff: " conversion from long may lose accuracy" */
- || Day < 1 || Day > DaysInMonth[(int)--Month])
- return (-1);
-
- for (Julian = Day - 1, i = 0; i < Month; i++)
- Julian += DaysInMonth[i];
- for (i = EPOCH; i < Year; i++)
- Julian += 365 + ((i % 4 == 0) && ((Year % 100 != 0) ||
- (Year % 400 == 0)));
- Julian *= SECSPERDAY;
- Julian += yyTimezone * 60L;
- if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
- return (-1);
- Julian += tod;
-
- if (DSTmode == DSTon
- || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
- Julian -= 60 * 60;
-
- return (Julian);
+ static int DaysInMonth[12] = {
+ 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ };
+ time_t tod;
+ time_t Julian;
+ int i;
+
+ if (Year < 0)
+ Year = -Year;
+ if (Year < 1900)
+ Year += 1900;
+ DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+ ? 29 : 28;
+ if (Year < EPOCH
+ || Year > EPOCH_END
+ || Month < 1 || Month > 12
+ /* Lint fluff: "conversion from long may lose accuracy" */
+ || Day < 1 || Day > DaysInMonth[(int)--Month])
+ return -1;
+
+ for (Julian = Day - 1, i = 0; i < Month; i++)
+ Julian += DaysInMonth[i];
+ for (i = EPOCH; i < Year; i++)
+ Julian += 365 + ((i % 4 == 0) && ((Year % 100 != 0) ||
+ (Year % 400 == 0)));
+ Julian *= SECSPERDAY;
+ Julian += yyTimezone * 60L;
+ if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+ return -1;
+ Julian += tod;
+ if (DSTmode == DSTon
+ || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
+ Julian -= 60 * 60;
+ return Julian;
}
static time_t
DSTcorrect(Start, Future)
-time_t Start;
-time_t Future;
+ time_t Start;
+ time_t Future;
{
- time_t StartDay;
- time_t FutureDay;
+ time_t StartDay;
+ time_t FutureDay;
- StartDay = (localtime(&Start)->tm_hour + 1) % 24;
- FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
- return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+ StartDay = (localtime(&Start)->tm_hour + 1) % 24;
+ FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
+ return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
}
static time_t
RelativeDate(Start, DayOrdinal, DayNumber)
-time_t Start;
-time_t DayOrdinal;
-time_t DayNumber;
+ time_t Start;
+ time_t DayOrdinal;
+ time_t DayNumber;
{
- struct tm *tm;
- time_t now;
-
- now = Start;
- tm = localtime(&now);
- now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
- now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
-
- return (DSTcorrect(Start, now));
+ struct tm *tm;
+ time_t now;
+
+ now = Start;
+ tm = localtime(&now);
+ now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+ now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+ return DSTcorrect(Start, now);
}
static time_t
-RelativeMonth(time_t Start, time_t RelMonth)
+RelativeMonth(Start, RelMonth)
+ time_t Start;
+ time_t RelMonth;
{
- struct tm *tm;
- time_t Month;
- time_t Year;
- time_t ret;
-
- if (RelMonth == 0)
- return (0);
- tm = localtime(&Start);
- Month = 12 * tm->tm_year + tm->tm_mon + RelMonth;
- Year = Month / 12;
- Month = Month % 12 + 1;
+ struct tm *tm;
+ time_t Month;
+ time_t Year;
+ time_t ret;
+
+ if (RelMonth == 0)
+ return 0;
+ tm = localtime(&Start);
+ Month = 12 * tm->tm_year + tm->tm_mon + RelMonth;
+ Year = Month / 12;
+ Month = Month % 12 + 1;
ret = Convert(Month, (time_t)tm->tm_mday, Year,
- (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
- MER24, DSTmaybe);
+ (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+ MER24, DSTmaybe);
if (ret == -1)
- return ret;
+ return ret;
return DSTcorrect(Start, ret);
}
static int
-LookupWord(char *buff)
+LookupWord(buff)
+ char *buff;
{
- register char *p;
- register char *q;
- register const TABLE *tp;
- int i;
- int abbrev;
-
- /* Make it lowercase. */
- for (p = buff; *p; p++)
- if (isupper(*p))
- *p = tolower(*p);
-
- if (strcmp(buff, gettext("am")) == 0 ||
- strcmp(buff, gettext("a.m.")) == 0) {
- yylval.Meridian = MERam;
- return (tMERIDIAN);
- }
- if (strcmp(buff, gettext("pm")) == 0 ||
+ register char *p;
+ register char *q;
+ register const TABLE *tp;
+ int i;
+ int abbrev;
+
+ /* Make it lowercase. */
+ for (p = buff; *p; p++)
+ if (isupper((int) *p))
+ *p = tolower((int) *p);
+
+ if (strcmp(buff, gettext("am")) == 0 || strcmp(buff, gettext("a.m.")) == 0) {
+ yylval.Meridian = MERam;
+ return tMERIDIAN;
+ }
+ if (strcmp(buff, gettext("pm")) == 0 ||
strcmp(buff, gettext("p.m.")) == 0) {
- yylval.Meridian = MERpm;
- return (tMERIDIAN);
+ yylval.Meridian = MERpm;
+ return tMERIDIAN;
+ }
+
+ /* See if we have an abbreviation for a month. */
+ if (strlen(buff) == 3)
+ abbrev = 1;
+ else if (strlen(buff) == 4 && buff[3] == '.') {
+ abbrev = 1;
+ buff[3] = '\0';
+ }
+ else
+ abbrev = 0;
+
+ for (tp = MonthDayTable; tp->name; tp++) {
+ if (abbrev) {
+ if (strncmp(buff, GETTEXT(tp->name), 3) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
}
-
- /* See if we have an abbreviation for a month. */
- if (strlen(buff) == 3)
- abbrev = 1;
- else if (strlen(buff) == 4 && buff[3] == '.') {
- abbrev = 1;
- buff[3] = '\0';
- }
- else
- abbrev = 0;
-
- for (tp = MonthDayTable; tp->name; tp++) {
- if (abbrev) {
- if (strncmp(buff, GETTEXT(tp->name), 3) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
- }
- else if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
+ else if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
}
+ }
- for (tp = TimezoneTable; tp->name; tp++)
- if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
- if (strcmp(buff, gettext("dst")) == 0)
- return (tDST);
+ if (strcmp(buff, gettext("dst")) == 0)
+ return tDST;
- for (tp = UnitsTable; tp->name; tp++)
- if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
/* Strip off any plural and try the units table again. */
- i = strlen(buff) - 1;
- if (buff[i] == 's') {
- buff[i] = '\0';
- for (tp = UnitsTable; tp->name; tp++)
- if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
- buff[i] = 's'; /* Put back for "this" in OtherTable. */
+ i = strlen(buff) - 1;
+ if (buff[i] == 's') {
+ buff[i] = '\0';
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ buff[i] = 's'; /* Put back for "this" in OtherTable. */
+ }
+
+ for (tp = OtherTable; tp->name; tp++)
+ if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
}
- for (tp = OtherTable; tp->name; tp++)
- if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
-
- /* Drop out any periods and try the timezone table again. */
- for (i = 0, p = q = buff; *q; q++)
- if (*q != '.')
- *p++ = *q;
- else
- i++;
- *p = '\0';
- if (i)
- for (tp = TimezoneTable; tp->name; tp++)
- if (strcmp(buff, GETTEXT(tp->name)) == 0) {
- yylval.Number = tp->value;
- return (tp->type);
- }
-
- return (tID);
+ /* Drop out any periods and try the timezone table again. */
+ for (i = 0, p = q = buff; *q; q++)
+ if (*q != '.')
+ *p++ = *q;
+ else
+ i++;
+ *p = '\0';
+ if (i)
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, GETTEXT(tp->name)) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ return tID;
}
static int
yylex()
{
- register char c;
- register char *p;
- char buff[20];
- int Count;
- int sign;
-
- for ( ; ; ) {
- while (isspace(*yyInput))
- yyInput++;
-
- if (isdigit(c = *yyInput) || c == '-' || c == '+') {
- if (c == '-' || c == '+') {
- sign = c == '-' ? -1 : 1;
- if (!isdigit(*++yyInput))
- /* skip the '-' sign */
- continue;
- }
- else
- sign = 0;
- for (yylval.Number = 0; isdigit(c = *yyInput++); )
- yylval.Number = 10 * yylval.Number + c - '0';
- yyInput--;
- if (sign < 0)
- yylval.Number = -yylval.Number;
- return (sign ? tSNUMBER : tUNUMBER);
- }
- if (isalpha(c)) {
- for (p = buff; isalpha(c = *yyInput++) || c == '.'; )
- if (p < &buff[sizeof buff - 1])
- *p++ = c;
- *p = '\0';
- yyInput--;
- return (LookupWord(buff));
- }
- if (c != '(')
- return (*yyInput++);
- Count = 0;
- do {
- c = *yyInput++;
- if (c == '\0')
- return (c);
- if (c == '(')
- Count++;
- else if (c == ')')
- Count--;
- } while (Count > 0);
+ register char c;
+ register char *p;
+ char buff[20];
+ int Count;
+ int sign;
+
+ for ( ; ; ) {
+ while (isspace((int) *yyInput))
+ yyInput++;
+
+ c = *yyInput;
+ if (isdigit((int) c) || c == '-' || c == '+') {
+ if (c == '-' || c == '+') {
+ sign = c == '-' ? -1 : 1;
+ if (!isdigit((int) (*++yyInput)))
+ /* skip the '-' sign */
+ continue;
+ }
+ else
+ sign = 0;
+ for (yylval.Number = 0; isdigit((int) (c = *yyInput++)); )
+ yylval.Number = 10 * yylval.Number + c - '0';
+ yyInput--;
+ if (sign < 0)
+ yylval.Number = -yylval.Number;
+ return sign ? tSNUMBER : tUNUMBER;
}
+ if (isalpha((int) c)) {
+ for (p = buff; isalpha((int) (c = *yyInput++)) || c == '.'; )
+ if (p < &buff[sizeof buff - 1])
+ *p++ = c;
+ *p = '\0';
+ yyInput--;
+ return LookupWord(buff);
+ }
+ if (c != '(')
+ return *yyInput++;
+ Count = 0;
+ do {
+ c = *yyInput++;
+ if (c == '\0')
+ return c;
+ if (c == '(')
+ Count++;
+ else if (c == ')')
+ Count--;
+ } while (Count > 0);
+ }
}
-#define TM_YEAR_ORIGIN 1900
+#define TM_YEAR_ORIGIN 1900
/* Yield A - B, measured in seconds. */
static time_t
-difftm(struct tm *a, struct tm *b)
+difftm(a, b)
+ struct tm *a, *b;
{
- int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
- int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
- return ((((
- /* difference in day of year */
- a->tm_yday - b->tm_yday
- /* + intervening leap days */
- + ((ay >> 2) - (by >> 2))
- - (ay/100 - by/100)
- + ((ay/100 >> 2) - (by/100 >> 2))
- /* + difference in years * 365 */
- + (time_t)(ay-by) * 365
- )*24 + (a->tm_hour - b->tm_hour)
- )*60 + (a->tm_min - b->tm_min)
- )*60 + (a->tm_sec - b->tm_sec));
+ int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+ int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+ return
+ (
+ (
+ (
+ /* difference in day of year */
+ a->tm_yday - b->tm_yday
+ /* + intervening leap days */
+ + ((ay >> 2) - (by >> 2))
+ - (ay/100 - by/100)
+ + ((ay/100 >> 2) - (by/100 >> 2))
+ /* + difference in years * 365 */
+ + (time_t)(ay-by) * 365
+ )*24 + (a->tm_hour - b->tm_hour)
+ )*60 + (a->tm_min - b->tm_min)
+ )*60 + (a->tm_sec - b->tm_sec);
}
+/* For get_date extern declaration compatibility check... yuck. */
+#include <krb5.h>
+#include "kadmin.h"
+
time_t
-get_date(char *p, struct my_timeb *now)
+get_date(p)
+ char *p;
{
- struct tm *tm, gmt;
- struct my_timeb ftz;
- time_t Start;
- time_t tod;
+ struct my_timeb *now = NULL;
+ struct tm *tm, gmt;
+ struct my_timeb ftz;
+ time_t Start;
+ time_t tod;
time_t delta;
- yyInput = p;
- if (now == NULL) {
- now = &ftz;
-
- ftz.time = time((time_t *) 0);
-
- if (! (tm = gmtime (&ftz.time)))
- return (-1);
- gmt = *tm; /* Make a copy, in case localtime modifies *tm. */
- ftz.timezone = difftm (&gmt, localtime (&ftz.time)) / 60;
- }
-
- tm = localtime(&now->time);
- yyYear = tm->tm_year;
- yyMonth = tm->tm_mon + 1;
- yyDay = tm->tm_mday;
- yyTimezone = now->timezone;
-
- /*
- * Since the logic later depends on the yyTimezone being the difference
- * between gmt and local time, non daylight savings time, we need to
- * correct the difference if local time is daylight savings time.
- */
-
- if ((tm->tm_isdst > 0) && (yyTimezone > 0))
- yyTimezone += 60;
- else if ((tm->tm_isdst > 0) && (yyTimezone < 0))
- yyTimezone -= 60;
- yyDSTmode = DSTmaybe;
- yyHour = 0;
- yyMinutes = 0;
- yySeconds = 0;
- yyMeridian = MER24;
- yyRelSeconds = 0;
- yyRelMonth = 0;
- yyHaveDate = 0;
- yyHaveDay = 0;
- yyHaveRel = 0;
- yyHaveTime = 0;
- yyHaveZone = 0;
-
- /*
- * When yyparse returns, zero or more of yyHave{Time,Zone,Date,Day,Rel}
- * will have been incremented. The value is number of items of
- * that type that were found; for all but Rel, more than one is
- * illegal.
- *
- * For each yyHave indicator, the following values are set:
- *
- * yyHaveTime:
- * yyHour, yyMinutes, yySeconds: hh:mm:ss specified, initialized
- * to zeros above
- * yyMeridian: MERam, MERpm, or MER24
- * yyTimeZone: time zone specified in minutes
- * yyDSTmode: DSToff if yyTimeZone is set, otherwise unchanged
- * (initialized above to DSTmaybe)
- *
- * yyHaveZone:
- * yyTimezone: as above
- * yyDSTmode: DSToff if a non-DST zone is specified, otherwise DSTon
- * XXX don't understand interaction with yyHaveTime zone info
- *
- * yyHaveDay:
- * yyDayNumber: 0-6 for Sunday-Saturday
- * yyDayOrdinal: val specified with day ("second monday",
- * Ordinal=2), otherwise 1
- *
- * yyHaveDate:
- * yyMonth, yyDay, yyYear: mm/dd/yy specified, initialized to
- * today above
- *
- * yyHaveRel:
- * yyRelSeconds: seconds specified with MINUTE_UNITs ("3 hours") or
- * SEC_UNITs ("30 seconds")
- * yyRelMonth: months specified with MONTH_UNITs ("3 months", "1
- * year")
- *
- * The code following yyparse turns these values into a single
- * date stamp.
- */
- if (yyparse() || yyHaveTime > 1 || yyHaveZone > 1 ||
- yyHaveDate > 1 || yyHaveDay > 1)
- return (-1);
-
- /*
- * If an absolute time specified, set Start to the equivalent Unix
- * timestamp. Otherwise, set Start to now, and if we do not have
- * a relatime time (ie: only yyHaveZone), decrement Start to the
- * beginning of today.
- *
- * By having yyHaveDay in the "absolute" list, "next Monday" means
- * midnight next Monday. Otherwise, "next Monday" would mean the
- * time right now, next Monday. It's not clear to me why the
- * current behavior is preferred.
- */
- if (yyHaveDate || yyHaveTime || yyHaveDay) {
- Start = Convert(yyMonth, yyDay, yyYear,
- yyHour, yyMinutes, yySeconds,
- yyMeridian, yyDSTmode);
- if (Start < 0)
- return (-1);
- }
- else {
- Start = now->time;
- if (!yyHaveRel)
- Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L)
- + tm->tm_sec;
- }
-
- /*
- * Add in the relative time specified. RelativeMonth adds in the
- * months, accounting for the fact that the actual length of "3
- * months" depends on where you start counting.
- *
- * XXX By having this separate from the previous block, we are
- * allowing dates like "10:00am 3 months", which means 3 months
- * from 10:00am today, or even "1/1/99 two days" which means two
- * days after 1/1/99.
- *
- * XXX Shouldn't this only be done if yyHaveRel, just for
- * thoroughness?
- */
- Start += yyRelSeconds;
+ yyInput = p;
+ if (now == NULL) {
+ now = &ftz;
+
+ ftz.time = time((time_t *) 0);
+
+ if (! (tm = gmtime (&ftz.time)))
+ return -1;
+ gmt = *tm; /* Make a copy, in case localtime modifies *tm. */
+ ftz.timezone = difftm (&gmt, localtime (&ftz.time)) / 60;
+ }
+
+ tm = localtime(&now->time);
+ yyYear = tm->tm_year;
+ yyMonth = tm->tm_mon + 1;
+ yyDay = tm->tm_mday;
+ yyTimezone = now->timezone;
+ yyDSTmode = DSTmaybe;
+ yyHour = 0;
+ yyMinutes = 0;
+ yySeconds = 0;
+ yyMeridian = MER24;
+ yyRelSeconds = 0;
+ yyRelMonth = 0;
+ yyHaveDate = 0;
+ yyHaveDay = 0;
+ yyHaveRel = 0;
+ yyHaveTime = 0;
+ yyHaveZone = 0;
+
+ /*
+ * When yyparse returns, zero or more of yyHave{Time,Zone,Date,Day,Rel}
+ * will have been incremented. The value is number of items of
+ * that type that were found; for all but Rel, more than one is
+ * illegal.
+ *
+ * For each yyHave indicator, the following values are set:
+ *
+ * yyHaveTime:
+ * yyHour, yyMinutes, yySeconds: hh:mm:ss specified, initialized
+ * to zeros above
+ * yyMeridian: MERam, MERpm, or MER24
+ * yyTimeZone: time zone specified in minutes
+ * yyDSTmode: DSToff if yyTimeZone is set, otherwise unchanged
+ * (initialized above to DSTmaybe)
+ *
+ * yyHaveZone:
+ * yyTimezone: as above
+ * yyDSTmode: DSToff if a non-DST zone is specified, otherwise DSTon
+ * XXX don't understand interaction with yyHaveTime zone info
+ *
+ * yyHaveDay:
+ * yyDayNumber: 0-6 for Sunday-Saturday
+ * yyDayOrdinal: val specified with day ("second monday",
+ * Ordinal=2), otherwise 1
+ *
+ * yyHaveDate:
+ * yyMonth, yyDay, yyYear: mm/dd/yy specified, initialized to
+ * today above
+ *
+ * yyHaveRel:
+ * yyRelSeconds: seconds specified with MINUTE_UNITs ("3 hours") or
+ * SEC_UNITs ("30 seconds")
+ * yyRelMonth: months specified with MONTH_UNITs ("3 months", "1
+ * year")
+ *
+ * The code following yyparse turns these values into a single
+ * date stamp.
+ */
+ if (yyparse()
+ || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+ return -1;
+
+ /*
+ * If an absolute time specified, set Start to the equivalent Unix
+ * timestamp. Otherwise, set Start to now, and if we do not have
+ * a relatime time (ie: only yyHaveZone), decrement Start to the
+ * beginning of today.
+ *
+ * By having yyHaveDay in the "absolute" list, "next Monday" means
+ * midnight next Monday. Otherwise, "next Monday" would mean the
+ * time right now, next Monday. It's not clear to me why the
+ * current behavior is preferred.
+ */
+ if (yyHaveDate || yyHaveTime || yyHaveDay) {
+ Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+ yyMeridian, yyDSTmode);
+ if (Start < 0)
+ return -1;
+ }
+ else {
+ Start = now->time;
+ if (!yyHaveRel)
+ Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+ }
+
+ /*
+ * Add in the relative time specified. RelativeMonth adds in the
+ * months, accounting for the fact that the actual length of "3
+ * months" depends on where you start counting.
+ *
+ * XXX By having this separate from the previous block, we are
+ * allowing dates like "10:00am 3 months", which means 3 months
+ * from 10:00am today, or even "1/1/99 two days" which means two
+ * days after 1/1/99.
+ *
+ * XXX Shouldn't this only be done if yyHaveRel, just for
+ * thoroughness?
+ */
+ Start += yyRelSeconds;
delta = RelativeMonth(Start, yyRelMonth);
if (delta == (time_t) -1)
- return -1;
+ return -1;
Start += delta;
- /*
- * Now, if you specified a day of week and counter, add it in. By
- * disallowing Date but allowing Time, you can say "5pm next
- * monday".
- *
- * XXX The yyHaveDay && !yyHaveDate restriction should be enforced
- * above and be able to cause failure.
- */
- if (yyHaveDay && !yyHaveDate) {
- tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
- Start += tod;
- }
-
- /* Have to do *something* with a legitimate -1 so it's distinguishable
- * from the error return value. (Alternately could set errno on error.) */
- return (Start == -1 ? 0 : Start);
+ /*
+ * Now, if you specified a day of week and counter, add it in. By
+ * disallowing Date but allowing Time, you can say "5pm next
+ * monday".
+ *
+ * XXX The yyHaveDay && !yyHaveDate restriction should be enforced
+ * above and be able to cause failure.
+ */
+ if (yyHaveDay && !yyHaveDate) {
+ tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
+ Start += tod;
+ }
+
+ /* Have to do *something* with a legitimate -1 so it's distinguishable
+ * from the error return value. (Alternately could set errno on error.) */
+ return Start == -1 ? 0 : Start;
}
#if defined(TEST)
/* ARGSUSED */
-main(int ac, char *av[])
+main(ac, av)
+ int ac;
+ char *av[];
{
- char buff[128];
- time_t d;
-
- (void)printf(gettext("Enter date, or blank line to exit.\n\t> "));
- (void)fflush(stdout);
- while (gets(buff) && buff[0]) {
- d = get_date(buff, (struct my_timeb *)NULL);
- if (d == -1)
- (void)printf(
+ char buff[128];
+ time_t d;
+
+ (void)printf(gettext("Enter date, or blank line to exit.\n\t> "));
+ (void)fflush(stdout);
+ while (gets(buff) && buff[0]) {
+ d = get_date(buff, (struct my_timeb *)NULL);
+ if (d == -1)
+ (void)printf(
gettext("Bad format - couldn't convert.\n"));
- else
- (void)printf("%s", ctime(&d));
- (void)printf("\t> ");
- (void)fflush(stdout);
- }
- exit(0);
- /* NOTREA CHED */
+ else
+ (void)printf("%s", ctime(&d));
+ (void)printf("\t> ");
+ (void)fflush(stdout);
+ }
+ exit(0);
+ /* NOTREACHED */
}
#endif /* defined(TEST) */
diff --git a/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh b/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh
new file mode 100755
index 0000000000..64d0886c81
--- /dev/null
+++ b/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh
@@ -0,0 +1,147 @@
+#!/bin/sh
+#
+#
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+# Use is subject to license terms.
+#
+#
+#
+#
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+TEXTDOMAIN=SUNW_OST_OSCMD
+export TEXTDOMAIN
+
+# list_princs keytab
+# returns a list of principals in the keytab
+# sorted and uniquified
+list_princs() {
+ klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
+}
+
+set_command() {
+ if [ x$command != x ] ; then
+ cmd_error `gettext "Only one command can be specified"`
+ usage
+ exit 1
+ fi
+ command=$1
+}
+
+#interactive_prompt prompt princ
+# If in interactive mode return true if the principal should be acted on
+# otherwise return true all the time
+#
+# SUNW14resync: If in interactive mode the default is now to return false
+# i.e. if in interactive mode unless the user types "Yes" or
+# "yes" false will be returned.
+#
+interactive_prompt() {
+ if [ $interactive = 0 ] ; then
+ return 0
+ fi
+ PROMPT=`gettext "%s for %s? [yes no] "`
+ Y1=`gettext "yes"`
+ Y2=`gettext "Yes"`
+ printf "$PROMPT" "$1" "$2"
+ read ans
+ case $ans in
+ ${Y1}|${Y2})
+ return 0
+ ;;
+ esac
+ return 1
+ }
+
+cmd_error() {
+ echo $@ 2>&1
+ }
+
+usage() {
+ USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
+ echo $USAGE
+}
+
+
+
+change_key() {
+ princs=`list_princs `
+ for princ in $princs; do
+ ACTION=`gettext "Change key"`
+ if interactive_prompt "$ACTION" $princ; then
+ kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
+ fi
+ done
+ }
+
+delete_old_keys() {
+ princs=`list_princs `
+ for princ in $princs; do
+ ACTION=`gettext "Delete old keys"`
+ if interactive_prompt "$ACTION" $princ; then
+ kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
+ fi
+ done
+ }
+
+delete_keys() {
+ interactive=1
+ princs=`list_princs `
+ for princ in $princs; do
+ ACTION=`gettext "Delete all keys"`
+ if interactive_prompt "$ACTION" $princ; then
+ kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
+ fi
+ done
+ }
+
+
+keytab=/etc/krb5/krb5.keytab
+interactive=0
+
+CHANGE=`gettext "change"`
+DELOLD=`gettext "delold"`
+DELETE=`gettext "delete"`
+LIST=`gettext "list"`
+
+while [ $# -gt 0 ] ; do
+ opt=$1
+ shift
+ case $opt in
+ "-f")
+ keytab=$1
+ shift
+ ;;
+ "-i")
+ interactive=1
+ ;;
+ ${CHANGE}|${DELOLD}|${DELETE}|${LIST})
+ set_command $opt
+ ;;
+ *)
+ ILLEGAL=`gettext "Illegal option: "`
+ cmd_error $ILLEGAL $opt
+ usage
+ exit 1
+ ;;
+ esac
+done
+
+
+case $command in
+ $CHANGE)
+ change_key
+ ;;
+ $DELOLD)
+ delete_old_keys
+ ;;
+ $DELETE)
+ delete_keys
+ ;;
+ $LIST)
+ klist -k $keytab
+ ;;
+ *)
+ usage
+ ;;
+ esac
diff --git a/usr/src/cmd/krb5/kadmin/cli/kadmin.c b/usr/src/cmd/krb5/kadmin/cli/kadmin.c
index b7f9f71e57..f5a92481cf 100644
--- a/usr/src/cmd/krb5/kadmin/cli/kadmin.c
+++ b/usr/src/cmd/krb5/kadmin/cli/kadmin.c
@@ -33,8 +33,8 @@
*/
#include <krb5.h>
-#include <k5-int.h>
#include <kadm5/admin.h>
+#include <krb5/adm_proto.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -56,17 +56,9 @@
/* functions defined in remote/local specific files */
extern void usage(const char *);
-extern void debugEnable(int);
-/* local principal helpers */
-static char *find_component(const char *, char);
-static char *trim_principal(char *);
-static char *build_admin_princ(const char *, const char *);
-
-/*
- * special struct to convert flag names for principals
- * to actual krb5_flags for a principal
- */
+/* special struct to convert flag names for principals
+ to actual krb5_flags for a principal */
struct pflag {
char *flagname; /* name of flag as typed to CLI */
int flaglen; /* length of string (not counting -,+) */
@@ -113,19 +105,23 @@ char *getenv();
int exit_status = 0;
char *def_realm = NULL;
char *whoami = NULL;
-time_t get_date();
void *handle = NULL;
krb5_context context;
char *ccache_name = NULL;
-char *
-strdur(duration)
+int locked = 0;
+static char *strdur(duration)
time_t duration;
{
- static char out[100];
- int days, hours, minutes, seconds;
-
+ static char out[50];
+ int neg, days, hours, minutes, seconds;
+
+ if (duration < 0) {
+ duration *= -1;
+ neg = 1;
+ } else
+ neg = 0;
days = duration / (24 * 3600);
duration %= 24 * 3600;
hours = duration / 3600;
@@ -133,35 +129,27 @@ strdur(duration)
minutes = duration / 60;
duration %= 60;
seconds = duration;
- if (days == 1) {
- snprintf(out, sizeof (out), gettext("%d day %02d:%02d:%02d"),
- days, hours, minutes, seconds);
- } else {
- snprintf(out, sizeof (out), gettext("%d days %02d:%02d:%02d"),
- days, hours, minutes, seconds);
-}
- return (out);
+ snprintf(out, sizeof (out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+ days, days == 1 ? gettext("day") : gettext("days"),
+ hours, minutes, seconds);
+ return out;
}
-char *
-strdate(when)
+static char *strdate(when)
krb5_timestamp when;
{
struct tm *tm;
- static char out[30];
+ static char out[40];
time_t lcltim = when;
-
tm = localtime(&lcltim);
- strftime(out, 30, gettext("%a %b %d %H:%M:%S %Z %Y"), tm);
- return (out);
+ strftime(out, sizeof(out), gettext("%a %b %d %H:%M:%S %Z %Y"), tm);
+ return out;
}
-/*
- * this is a wrapper to go around krb5_parse_principal so we can set
- * the default realm up properly
- */
-krb5_error_code
+/* this is a wrapper to go around krb5_parse_principal so we can set
+ the default realm up properly */
+static krb5_error_code
kadmin_parse_name(name, principal)
char *name;
krb5_principal *principal;
@@ -175,14 +163,14 @@ kadmin_parse_name(name, principal)
/* assumes def_realm is initialized! */
fullname = (char *)malloc(strlen(name) + 1 + strlen(def_realm) + 1);
if (fullname == NULL)
- return (ENOMEM);
+ return ENOMEM;
strcpy(fullname, name);
cp = strchr(fullname, '@');
while (cp) {
if (cp - fullname && *(cp - 1) != '\\')
break;
else
- cp = strchr((cp + 1), '@');
+ cp = strchr(cp + 1, '@');
}
if (cp == NULL) {
strcat(fullname, "@");
@@ -190,120 +178,114 @@ kadmin_parse_name(name, principal)
}
retval = krb5_parse_name(context, fullname, principal);
free(fullname);
- return (retval);
+ return retval;
}
-char *
-kadmin_startup(argc, argv)
+char *kadmin_startup(argc, argv)
int argc;
char *argv[];
{
- extern krb5_kt_ops krb5_ktf_writable_ops;
extern char *optarg;
char *princstr = NULL, *keytab_name = NULL, *query = NULL;
char *password = NULL;
- char *kadmin_princ = NULL;
char *luser, *canon, *cp;
- int optchar, use_keytab = 0, debug = 0;
+ int optchar, freeprinc = 0, use_keytab = 0;
struct passwd *pw;
kadm5_ret_t retval;
krb5_ccache cc;
krb5_principal princ;
kadm5_config_params params;
+ char *svcname = NULL;
memset((char *) &params, 0, sizeof(params));
- if (retval = krb5_init_context(&context)) {
- com_err(whoami, retval,
+ retval = krb5_init_context(&context);
+ if (retval) {
+ com_err(whoami, retval,
gettext("while initializing krb5 library"));
exit(1);
}
- while ((optchar = getopt(argc, argv, "Dr:p:kq:w:d:s:mc:t:e:O")) != EOF) {
+
+ while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:O")) != EOF) {
switch (optchar) {
- case 'O': /* Undocumented option for testing only */
- kadmin_princ = KADM5_ADMIN_SERVICE_P;
- break;
- case 'D':
- debug++;
- break;
case 'r':
def_realm = optarg;
break;
case 'p':
- princstr = strdup(optarg);
- if (princstr == NULL) {
- fprintf(stderr, gettext("Out of memory in %s\n"),
- whoami);
- exit(1);
- }
- break;
- case 'c':
+ princstr = optarg;
+ break;
+ case 'c':
ccache_name = optarg;
break;
- case 'k':
+ case 'k':
use_keytab++;
break;
case 't':
keytab_name = optarg;
break;
- case 'w':
+ case 'w':
password = optarg;
break;
case 'q':
query = optarg;
break;
- case 'd':
+ case 'd':
params.dbname = optarg;
params.mask |= KADM5_CONFIG_DBNAME;
break;
- case 's':
+ case 's':
params.admin_server = optarg;
params.mask |= KADM5_CONFIG_ADMIN_SERVER;
break;
- case 'm':
+ case 'm':
params.mkey_from_kbd = 1;
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
break;
- case 'e':
+ case 'e':
retval = krb5_string_to_keysalts(optarg,
- ", \t", ":.-", 0,
- &params.keysalts,
- &params.num_keysalts);
+ ", \t",
+ ":.-",
+ 0,
+ &params.keysalts,
+ &params.num_keysalts);
if (retval) {
- com_err(whoami, retval,
+ com_err(whoami, retval,
gettext("while parsing keysalts %s"), optarg);
- exit(1);
+ exit(1);
}
params.mask |= KADM5_CONFIG_ENCTYPES;
break;
+ case 'O': /* Undocumented option for testing only */
+ svcname = KADM5_ADMIN_SERVICE_P;
+ break;
default:
usage(whoami);
}
}
-
- debugEnable(debug);
-
if ((ccache_name && use_keytab) ||
(keytab_name && !use_keytab))
- usage(whoami);
+ usage(whoami);
if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
- free(princstr);
+ if (freeprinc)
+ free(princstr);
fprintf(stderr,
gettext("%s: unable to get default realm\n"), whoami);
exit(1);
}
+
params.mask |= KADM5_CONFIG_REALM;
params.realm = def_realm;
- if (kadmin_princ == NULL) {
+ if (svcname == NULL) {
if (kadm5_get_adm_host_srv_name(context,
- def_realm, &kadmin_princ)) {
+ def_realm, &svcname)) {
fprintf(stderr,
gettext("%s: unable to get host based "
"service name for realm %s\n"),
whoami, def_realm);
- free(princstr);
+ if (freeprinc)
+ free(princstr);
exit(1);
}
}
@@ -313,14 +295,14 @@ kadmin_startup(argc, argv)
* argument or the default.
*/
if (ccache_name == NULL) {
- if (retval = krb5_cc_default(context, &cc)) {
+ if ((retval = krb5_cc_default(context, &cc))) {
com_err(whoami, retval,
gettext("while opening default "
"credentials cache"));
exit(1);
}
} else {
- if (retval = krb5_cc_resolve(context, ccache_name, &cc)) {
+ if ((retval = krb5_cc_resolve(context, ccache_name, &cc))) {
com_err(whoami, retval,
gettext("while opening credentials cache %s"),
ccache_name);
@@ -329,47 +311,47 @@ kadmin_startup(argc, argv)
}
/*
- * If no principal name is specified: If a ccache was specified and
- * its primary principal name can be read, it is used, else if a
- * keytab was specified, the principal name is host/hostname,
+ * If no principal name is specified: If a ccache was specified
+ * and its primary principal name can be read, it is used, else if
+ * a keytab was specified, the principal name is host/hostname,
* otherwise append "/admin" to the primary name of the default
* ccache, $USER, or pw_name.
*
* Gee, 100+ lines to figure out the client principal name. This
* should be compressed...
*/
-
+
if (princstr == NULL) {
if (ccache_name != NULL &&
!krb5_cc_get_principal(context, cc, &princ)) {
- if (retval = krb5_unparse_name(context, princ,
- &princstr)) {
+ if ((retval = krb5_unparse_name(context, princ, &princstr))) {
com_err(whoami, retval,
gettext("while canonicalizing principal name"));
- krb5_free_principal(context, princ);
+ krb5_free_principal(context, princ);
exit(1);
- }
- krb5_free_principal(context, princ);
- } else if (use_keytab != 0) {
- if (retval = krb5_sname_to_principal(context, NULL,
- "host", KRB5_NT_SRV_HST,
- &princ)) {
- com_err(whoami, retval,
- gettext("creating host service principal"));
- exit(1);
- }
- if (retval = krb5_unparse_name(context, princ,
- &princstr)) {
+ }
+ krb5_free_principal(context, princ);
+ freeprinc++;
+ } else if (use_keytab != 0) {
+ if ((retval = krb5_sname_to_principal(context, NULL,
+ "host",
+ KRB5_NT_SRV_HST,
+ &princ))) {
com_err(whoami, retval,
+ gettext("creating host service principal"));
+ exit(1);
+ }
+ if ((retval = krb5_unparse_name(context, princ, &princstr))) {
+ com_err(whoami, retval,
gettext("while canonicalizing "
"principal name"));
krb5_free_principal(context, princ);
exit(1);
}
krb5_free_principal(context, princ);
+ freeprinc++;
} else if (!krb5_cc_get_principal(context, cc, &princ)) {
char *realm = NULL;
-
if (krb5_unparse_name(context, princ, &canon)) {
fprintf(stderr,
gettext("%s: unable to canonicalize "
@@ -377,53 +359,98 @@ kadmin_startup(argc, argv)
krb5_free_principal(context, princ);
exit(1);
}
- krb5_free_principal(context, princ);
- (void) trim_principal(canon);
- princstr = build_admin_princ(canon, def_realm);
+ /* strip out realm of principal if it's there */
+ realm = strchr(canon, '@');
+ while (realm) {
+ if (realm - canon && *(realm - 1) != '\\')
+ break;
+ else
+ realm = strchr(realm, '@');
+ }
+ if (realm)
+ *realm++ = '\0';
+ cp = strchr(canon, '/');
+ while (cp) {
+ if (cp - canon && *(cp - 1) != '\\')
+ break;
+ else
+ cp = strchr(cp, '/');
+ }
+ if (cp != NULL)
+ *cp = '\0';
+ princstr = (char*)malloc(strlen(canon) + 6 /* "/admin" */ +
+ (realm ? 1 + strlen(realm) : 0) + 1);
+ if (princstr == NULL) {
+ fprintf(stderr,
+ gettext("%s: out of memory\n"),
+ whoami);
+ exit(1);
+ }
+ strcpy(princstr, canon);
+ strcat(princstr, "/admin");
+ if (realm) {
+ strcat(princstr, "@");
+ strcat(princstr, realm);
+ }
free(canon);
- } else if (luser = getenv("USER")) {
- princstr = build_admin_princ(luser, def_realm);
- } else if (pw = getpwuid(getuid())) {
- princstr = build_admin_princ(pw->pw_name, def_realm);
- } else {
+ krb5_free_principal(context, princ);
+ freeprinc++;
+ } else if ((luser = getenv("USER"))) {
+ princstr = (char *) malloc(strlen(luser) + 7 /* "/admin@" */
+ + strlen(def_realm) + 1);
+ if (princstr == NULL) {
+ fprintf(stderr,
+ gettext("%s: out of memory\n"),
+ whoami);
+ exit(1);
+ }
+ strcpy(princstr, luser);
+ strcat(princstr, "/admin");
+ strcat(princstr, "@");
+ strcat(princstr, def_realm);
+ freeprinc++;
+ } else if ((pw = getpwuid(getuid()))) {
+ princstr = (char *) malloc(strlen(pw->pw_name) + 7 /* "/admin@" */
+ + strlen(def_realm) + 1);
+ if (princstr == NULL) {
fprintf(stderr,
+ gettext("%s: out of memory\n"),
+ whoami);
+ exit(1);
+ }
+ strcpy(princstr, pw->pw_name);
+ strcat(princstr, "/admin@");
+ strcat(princstr, def_realm);
+ freeprinc++;
+ } else {
+ fprintf(stderr,
gettext("%s: unable to figure out "
"a principal name\n"),
- whoami);
- exit(1);
- }
- } else { /* (princstr != NULL) */
- /* See if we need to add the default realm */
- if (find_component(princstr, '@') == NULL) {
- size_t len;
-
- /* principal @ realm NULL */
- len = strlen(princstr) + 1 + strlen(def_realm) + 1;
- princstr = realloc(princstr, len);
- if (princstr == NULL) {
- fprintf(stderr,
- gettext("%s: out of memory\n"), whoami);
- exit(1);
- }
- strcat(princstr, "@");
- strcat(princstr, def_realm);
+ whoami);
+ exit(1);
}
}
+ retval = krb5_klog_init(context, "admin_server", whoami, 0);
+ if (retval) {
+ com_err(whoami, retval, "while setting up logging");
+ exit(1);
+ }
+
/*
- * Initialize the kadm5 connection. If we were given a ccache, use
- * it. Otherwise, use/prompt for the password.
+ * Initialize the kadm5 connection. If we were given a ccache,
+ * use it. Otherwise, use/prompt for the password.
*/
if (ccache_name) {
printf(gettext(
"Authenticating as principal %s with existing credentials.\n"),
princstr);
retval = kadm5_init_with_creds(princstr, cc,
- kadmin_princ,
- &params,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- &handle);
+ svcname,
+ &params,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_2,
+ &handle);
} else if (use_keytab) {
if (keytab_name)
printf(gettext("Authenticating as principal %s with keytab %s.\n"),
@@ -433,19 +460,20 @@ kadmin_startup(argc, argv)
"Authenticating as principal %s with default keytab.\n"),
princstr);
retval = kadm5_init_with_skey(princstr, keytab_name,
- kadmin_princ,
- &params,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- &handle);
+ svcname,
+ &params,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_2,
+ &handle);
} else {
printf(gettext("Authenticating as principal %s with password.\n"),
princstr);
retval = kadm5_init_with_password(princstr, password,
- kadmin_princ, &params,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- &handle);
+ svcname,
+ &params,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_2,
+ &handle);
}
if (retval) {
if (retval == KADM5_RPC_ERROR_CANTENCODEARGS ||
@@ -464,89 +492,47 @@ kadmin_startup(argc, argv)
}
exit(1);
}
- free(princstr);
+ if (freeprinc)
+ free(princstr);
- if (retval = krb5_cc_close(context, cc)) {
- com_err(whoami, retval, gettext("while closing ccache %s"),
- ccache_name);
- exit(1);
- }
- /* register the WRFILE keytab type and set it as the default */
- if (retval = krb5_kt_register(context, &krb5_ktf_writable_ops)) {
- com_err(whoami, retval,
- gettext("while registering writable key table functions"));
+ if ((retval = krb5_cc_close(context, cc))) {
+ com_err(whoami, retval, gettext("while closing ccache %s"),
+ ccache_name);
exit(1);
}
+
+ /* register the WRFILE keytab type and set it as the default */
{
- /*
- * XXX krb5_defkeyname is an internal library global and
- * should go away
- */
+ /* XXX krb5_defkeyname is an internal library global and
+ should go away */
extern char *krb5_defkeyname;
-
krb5_defkeyname = DEFAULT_KEYTAB;
}
-
+
if ((retval = kadm5_init_iprop(handle)) != 0) {
com_err(whoami, retval, gettext("while mapping update log"));
exit(1);
}
/* Solaris kerberos: fix memory leak */
- if (kadmin_princ)
- free(kadmin_princ);
-
- return (query);
-}
-
-static char *
-find_component(const char *principal, char sep)
-{
- char *p = strchr(principal, sep);
-
- for(p = strchr(principal, sep); p; p = strchr(p, sep))
- if (p != principal && *(p - 1) != '\\')
- break;
- return (p);
-}
+ if (svcname)
+ free(svcname);
-static char *
-trim_principal(char *principal)
-{
- char *p = find_component(principal, '/');
-
- if (p == NULL)
- p = find_component(principal, '@');
-
- if (p)
- *p = '\0';
-
- return (principal);
+ return query;
}
-static char *
-build_admin_princ(const char *user, const char *realm)
+int quit()
{
- char *princstr;
+ kadm5_ret_t retval;
- /* Add 7 to the length for "/admin@" */
- princstr = (char *) malloc(strlen(user) + 7 + strlen(realm) + 1);
- if (princstr == NULL) {
- fprintf(stderr,
- gettext("%s: out of memory\n"),
- whoami);
- exit(1);
+ if (locked) {
+ retval = kadm5_unlock(handle);
+ if (retval) {
+ com_err("quit", retval, gettext("while unlocking locked database"));
+ return 1;
}
- sprintf(princstr, "%s/admin@%s", user, realm);
-
- return (princstr);
-}
-
-int
-quit()
-{
- krb5_ccache cc;
- int retval;
+ locked = 0;
+ }
kadm5_destroy(handle);
if (ccache_name != NULL) {
@@ -554,31 +540,64 @@ quit()
gettext("\n\a\a\aAdministration credentials "
"NOT DESTROYED.\n"));
}
+
/* insert more random cleanup here */
+ krb5_klog_close(context);
krb5_free_context(context);
context = NULL;
- return (0);
+ return 0;
+}
+
+void kadmin_lock(argc, argv)
+ int argc;
+ char *argv[];
+{
+ kadm5_ret_t retval;
+
+ if (locked)
+ return;
+ retval = kadm5_lock(handle);
+ if (retval) {
+ com_err("lock", retval, "");
+ return;
+ }
+ locked = 1;
+}
+
+void kadmin_unlock(argc, argv)
+ int argc;
+ char *argv[];
+{
+ kadm5_ret_t retval;
+
+ if (!locked)
+ return;
+ retval = kadm5_unlock(handle);
+ if (retval) {
+ com_err("unlock", retval, "");
+ return;
+ }
+ locked = 0;
}
-void
-kadmin_delprinc(argc, argv)
+void kadmin_delprinc(argc, argv)
int argc;
char *argv[];
{
kadm5_ret_t retval;
krb5_principal princ;
char *canon;
- char reply[32];
+ char reply[32];
if (! (argc == 2 ||
- (argc == 3 && strcmp("-force", argv[1]) == 0))) {
- fprintf(stderr, "%s: delete_principal [-force] %s\n",
+ (argc == 3 && !strcmp("-force", argv[1])))) {
+ fprintf(stderr, "%s: delete_principal [-force] %s\n",
gettext("usage"), gettext("principal"));
return;
}
retval = kadmin_parse_name(argv[argc - 1], &princ);
if (retval) {
- com_err("delete_principal", retval,
+ com_err("delete_principal", retval,
gettext("while parsing principal name"));
return;
}
@@ -590,7 +609,7 @@ kadmin_delprinc(argc, argv)
return;
}
if (argc == 2) {
- printf(gettext("Are you sure you want to delete "
+ printf(gettext("Are you sure you want to delete "
"the principal \"%s\"? (yes/no): "), canon);
fgets(reply, sizeof (reply), stdin);
if (strncmp(gettext("yes\n"), reply, sizeof (reply)) &&
@@ -612,14 +631,14 @@ kadmin_delprinc(argc, argv)
free(canon);
return;
}
- printf(gettext("Principal \"%s\" deleted.\n"), canon);
+ printf(gettext("Principal \"%s\" deleted.\n"), canon);
printf(gettext("Make sure that you have removed this principal "
"from all ACLs before reusing.\n"));
free(canon);
+ return;
}
-void
-kadmin_cpw(argc, argv)
+void kadmin_cpw(argc, argv)
int argc;
char *argv[];
{
@@ -628,7 +647,8 @@ kadmin_cpw(argc, argv)
static char prompt1[1024], prompt2[1024];
char *canon;
char *pwarg = NULL;
- int n_ks_tuple = 0, keepold = 0, randkey = 0;
+ int n_ks_tuple = 0, randkey = 0;
+ krb5_boolean keepold = FALSE;
krb5_key_salt_tuple *ks_tuple = NULL;
krb5_principal princ;
int local_kadmin = 0;
@@ -654,7 +674,7 @@ kadmin_cpw(argc, argv)
continue;
}
if (!strcmp("-keepold", *argv)) {
- keepold++;
+ keepold = TRUE;
continue;
}
if (!strcmp("-e", *argv)) {
@@ -779,6 +799,8 @@ kadmin_cpw(argc, argv)
free(canon);
krb5_free_principal(context, princ);
usage:
+ if (ks_tuple != NULL)
+ free(ks_tuple);
fprintf(stderr, "%s: change_password [-randkey] [-keepold] "
"[-e keysaltlist] [-pw password] %s\n",
gettext("usage"), gettext("principal"));
@@ -786,8 +808,9 @@ kadmin_cpw(argc, argv)
}
}
-int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
- ks_tuple, n_ks_tuple, caller)
+static int
+kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
+ ks_tuple, n_ks_tuple, caller)
int argc;
char *argv[];
kadm5_principal_ent_t oprinc;
@@ -814,16 +837,16 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
if (strlen(argv[i]) == 7 &&
strcmp("-expire", argv[i]) == 0) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
- fprintf(stderr,
+ fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
oprinc->princ_expire_time = date;
*mask |= KADM5_PRINC_EXPIRE_TIME;
@@ -831,18 +854,18 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 9 &&
- strcmp("-pwexpire", argv[i]) == 0) {
+ !strcmp("-pwexpire", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
- fprintf(stderr,
+ fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
oprinc->pw_expiration = date;
*mask |= KADM5_PW_EXPIRATION;
@@ -850,18 +873,18 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 8 &&
- strcmp("-maxlife", argv[i]) == 0) {
+ !strcmp("-maxlife", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
if (date <= now) {
fprintf(stderr,
@@ -877,18 +900,18 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 13 &&
- strcmp("-maxrenewlife", argv[i]) == 0) {
+ !strcmp("-maxrenewlife", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
if (date <= now) {
fprintf(stderr,
@@ -904,9 +927,9 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 5 &&
- strcmp("-kvno", argv[i]) == 0) {
+ !strcmp("-kvno", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
oprinc->kvno = atoi(argv[i]);
*mask |= KADM5_KVNO;
@@ -914,9 +937,9 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 7 &&
- strcmp("-policy", argv[i]) == 0) {
+ !strcmp("-policy", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
oprinc->policy = argv[i];
*mask |= KADM5_POLICY;
@@ -924,22 +947,22 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
}
if (strlen(argv[i]) == 12 &&
- strcmp("-clearpolicy", argv[i]) == 0) {
+ !strcmp("-clearpolicy", argv[i])) {
oprinc->policy = NULL;
*mask |= KADM5_POLICY_CLR;
continue;
}
if (strlen(argv[i]) == 3 &&
- strcmp("-pw", argv[i]) == 0) {
+ !strcmp("-pw", argv[i])) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
*pass = argv[i];
continue;
}
}
if (strlen(argv[i]) == 8 &&
- strcmp("-randkey", argv[i]) == 0) {
+ !strcmp("-randkey", argv[i])) {
++*randkey;
continue;
}
@@ -959,41 +982,40 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
}
for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) {
if (strlen(argv[i]) == flags[j].flaglen + 1 &&
- strcmp(flags[j].flagname,
- /* strip off leading + or - */
- &argv[i][1]) == 0) {
- if (flags[j].set && argv[i][0] == '-' ||
- !flags[j].set && argv[i][0] == '+') {
+ !strcmp(flags[j].flagname,
+ &argv[i][1] /* strip off leading + or - */)) {
+ if ((flags[j].set && argv[i][0] == '-') ||
+ (!flags[j].set && argv[i][0] == '+')) {
oprinc->attributes |= flags[j].theflag;
*mask |= KADM5_ATTRIBUTES;
attrib_set++;
break;
- } else if (flags[j].set && argv[i][0] == '+' ||
- !flags[j].set && argv[i][0] == '-') {
+ } else if ((flags[j].set && argv[i][0] == '+') ||
+ (!flags[j].set && argv[i][0] == '-')) {
oprinc->attributes &= ~flags[j].theflag;
*mask |= KADM5_ATTRIBUTES;
attrib_set++;
break;
} else {
- return (-1);
+ return -1;
}
}
}
if (!attrib_set)
- return (-1); /* nothing was parsed */
+ return -1; /* nothing was parsed */
}
if (i != argc - 1) {
- return (-1);
+ return -1;
}
retval = kadmin_parse_name(argv[i], &oprinc->principal);
if (retval) {
- com_err(caller, retval, gettext("while parsing principal"));
- return (-1);
+ com_err(caller, retval, gettext("while parsing principal"));
+ return -1;
}
- return (0);
+ return 0;
}
-void
+static void
kadmin_addprinc_usage(func)
char *func;
{
@@ -1014,7 +1036,7 @@ kadmin_addprinc_usage(func)
"password_changing_service\n");
}
-void
+static void
kadmin_modprinc_usage(func)
char *func;
{
@@ -1035,8 +1057,7 @@ kadmin_modprinc_usage(func)
"password_changing_service\n");
}
-void
-kadmin_addprinc(argc, argv)
+void kadmin_addprinc(argc, argv)
int argc;
char *argv[];
{
@@ -1100,7 +1121,8 @@ kadmin_addprinc(argc, argv)
(void) kadm5_free_policy_ent(handle, &defpol);
} else
fprintf(stderr, gettext("WARNING: no policy specified "
- "for %s; defaulting to no policy\n"), canon);
+ "for %s; defaulting to no policy\n"),
+ canon);
}
mask &= ~KADM5_POLICY_CLR;
@@ -1115,11 +1137,11 @@ kadmin_addprinc(argc, argv)
if (randkey || (mask & KADM5_ATTRIBUTES))
princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- if (randkey) {
- pass = dummybuf;
+ if (randkey) {
mask |= KADM5_ATTRIBUTES;
+ pass = dummybuf;
} else if (pass == NULL) {
- unsigned int i = sizeof (newpw) - 1;
+ unsigned int sz = sizeof (newpw) - 1;
snprintf(prompt1, sizeof (prompt1),
gettext("Enter password for principal \"%.900s\""),
canon);
@@ -1127,7 +1149,7 @@ kadmin_addprinc(argc, argv)
gettext("Re-enter password for principal \"%.900s\""),
canon);
retval = krb5_read_password(context, prompt1, prompt2,
- newpw, &i);
+ newpw, &sz);
if (retval) {
com_err("add_principal", retval,
gettext("while reading password for \"%s\"."), canon);
@@ -1158,8 +1180,7 @@ kadmin_addprinc(argc, argv)
free(ks_tuple);
return;
}
-
- if (randkey) { /* more special stuff for -randkey */
+ if (randkey) { /* more special stuff for -randkey */
if (ks_tuple != NULL || local_kadmin) {
retval = kadm5_randkey_principal_3(handle, princ.principal,
FALSE,
@@ -1219,7 +1240,6 @@ kadmin_addprinc(argc, argv)
return;
}
}
-
krb5_free_principal(context, princ.principal);
printf(gettext("Principal \"%s\" created.\n"), canon);
if (ks_tuple != NULL)
@@ -1227,8 +1247,7 @@ kadmin_addprinc(argc, argv)
free(canon);
}
-void
-kadmin_modprinc(argc, argv)
+void kadmin_modprinc(argc, argv)
int argc;
char *argv[];
{
@@ -1251,7 +1270,7 @@ kadmin_modprinc(argc, argv)
retval = kadmin_parse_name(argv[argc - 1], &kprinc);
if (retval) {
- com_err("modify_principal", retval,
+ com_err("modify_principal", retval,
gettext("while parsing principal"));
return;
}
@@ -1266,7 +1285,7 @@ kadmin_modprinc(argc, argv)
KADM5_PRINCIPAL_NORMAL_MASK);
krb5_free_principal(context, kprinc);
if (retval) {
- com_err("modify_principal", retval,
+ com_err("modify_principal", retval,
gettext("while getting \"%s\"."), canon);
free(canon);
return;
@@ -1316,8 +1335,7 @@ kadmin_modprinc(argc, argv)
free(canon);
}
-void
-kadmin_getprinc(argc, argv)
+void kadmin_getprinc(argc, argv)
int argc;
char *argv[];
{
@@ -1328,23 +1346,25 @@ kadmin_getprinc(argc, argv)
int i;
if (! (argc == 2 ||
- (argc == 3 && strcmp("-terse", argv[1]) == 0))) {
+ (argc == 3 && !strcmp("-terse", argv[1])))) {
fprintf(stderr, "%s: get_principal [-terse] %s\n",
gettext("usage"), gettext("principal"));
return;
}
+
+
memset(&dprinc, 0, sizeof(dprinc));
memset(&princ, 0, sizeof(princ));
retval = kadmin_parse_name(argv[argc - 1], &princ);
if (retval) {
- com_err("get_principal", retval,
+ com_err("get_principal", retval,
gettext("while parsing principal"));
return;
}
retval = krb5_unparse_name(context, princ, &canon);
if (retval) {
- com_err("get_principal", retval,
+ com_err("get_principal", retval,
gettext("while canonicalizing principal"));
krb5_free_principal(context, princ);
return;
@@ -1353,14 +1373,14 @@ kadmin_getprinc(argc, argv)
KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
krb5_free_principal(context, princ);
if (retval) {
- com_err("get_principal", retval,
+ com_err("get_principal", retval,
gettext("while retrieving \"%s\"."), canon);
free(canon);
return;
}
retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon);
if (retval) {
- com_err("get_principal", retval,
+ com_err("get_principal", retval,
gettext("while unparsing modname"));
kadm5_free_principal_ent(handle, &dprinc);
free(canon);
@@ -1431,7 +1451,7 @@ kadmin_getprinc(argc, argv)
canon, dprinc.princ_expire_time, dprinc.last_pwd_change,
dprinc.pw_expiration, dprinc.max_life, modcanon,
dprinc.mod_date, dprinc.attributes, dprinc.kvno,
- dprinc.mkvno, dprinc.policy ?
+ dprinc.mkvno, dprinc.policy ?
dprinc.policy : gettext("[none]"),
dprinc.max_renewable_life, dprinc.last_success,
dprinc.last_failed, dprinc.fail_auth_count,
@@ -1449,13 +1469,12 @@ kadmin_getprinc(argc, argv)
free(canon);
}
-void
-kadmin_getprincs(argc, argv)
+void kadmin_getprincs(argc, argv)
int argc;
char *argv[];
{
krb5_error_code retval;
- char *exp, **names;
+ char *expr, **names;
int i, count;
FILE *output;
@@ -1464,15 +1483,15 @@ kadmin_getprincs(argc, argv)
sigset_t nmask, omask;
int waitb;
- exp = NULL;
- if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
+ expr = NULL;
+ if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
fprintf(stderr, "%s: get_principals %s\n",
gettext("usage"), gettext("[expression]"));
return;
}
- retval = kadm5_get_principals(handle, exp, &names, &count);
+ retval = kadm5_get_principals(handle, expr, &names, &count);
if (retval) {
- com_err("get_principals", retval,
+ com_err("get_principals", retval,
gettext("while retrieving list."));
return;
}
@@ -1496,7 +1515,7 @@ kadmin_getprincs(argc, argv)
sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0);
for (i = 0; i < count; i++)
- fprintf(output, "%s\n", names[i]);
+ fprintf(output, "%s\n", names[i]);
fclose(output);
@@ -1505,7 +1524,7 @@ kadmin_getprincs(argc, argv)
kadm5_free_name_list(handle, names, count);
}
-int
+static int
kadmin_parse_policy_args(argc, argv, policy, mask, caller)
int argc;
char *argv[];
@@ -1516,24 +1535,23 @@ kadmin_parse_policy_args(argc, argv, policy, mask, caller)
int i;
time_t now;
time_t date;
- krb5_error_code retval;
time(&now);
*mask = 0;
for (i = 1; i < argc - 1; i++) {
if (strlen(argv[i]) == 8 &&
- strcmp(argv[i], "-maxlife") == 0) {
+ !strcmp(argv[i], "-maxlife")) {
if (++i > argc -2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
if (date <= now) {
fprintf(stderr,
@@ -1548,18 +1566,18 @@ kadmin_parse_policy_args(argc, argv, policy, mask, caller)
continue;
}
} else if (strlen(argv[i]) == 8 &&
- strcmp(argv[i], "-minlife") == 0) {
+ !strcmp(argv[i], "-minlife")) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
- date = get_date(argv[i], NULL);
+ date = get_date(argv[i]);
if (date == (time_t)-1) {
fprintf(stderr,
gettext("Invalid date "
"specification "
"\"%s\".\n"),
argv[i]);
- return (-1);
+ return -1;
}
if (date <= now) {
fprintf(stderr,
@@ -1574,43 +1592,43 @@ kadmin_parse_policy_args(argc, argv, policy, mask, caller)
continue;
}
} else if (strlen(argv[i]) == 10 &&
- strcmp(argv[i], "-minlength") == 0) {
+ !strcmp(argv[i], "-minlength")) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
policy->pw_min_length = atoi(argv[i]);
*mask |= KADM5_PW_MIN_LENGTH;
continue;
}
} else if (strlen(argv[i]) == 11 &&
- strcmp(argv[i], "-minclasses") == 0) {
+ !strcmp(argv[i], "-minclasses")) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
policy->pw_min_classes = atoi(argv[i]);
*mask |= KADM5_PW_MIN_CLASSES;
continue;
}
} else if (strlen(argv[i]) == 8 &&
- strcmp(argv[i], "-history") == 0) {
+ !strcmp(argv[i], "-history")) {
if (++i > argc - 2)
- return (-1);
+ return -1;
else {
policy->pw_history_num = atoi(argv[i]);
*mask |= KADM5_PW_HISTORY_NUM;
continue;
}
} else
- return (-1);
+ return -1;
}
if (i != argc -1) {
- fprintf(stderr, gettext("%s: parser lost count!\n"), caller);
- return (-1);
+ fprintf(stderr, gettext("%s: parser lost count!\n"), caller);
+ return -1;
} else
- return (0);
+ return 0;
}
-void
+static void
kadmin_addmodpol_usage(func)
char *func;
{
@@ -1622,8 +1640,7 @@ kadmin_addmodpol_usage(func)
"[-history number]\n");
}
-void
-kadmin_addpol(argc, argv)
+void kadmin_addpol(argc, argv)
int argc;
char *argv[];
{
@@ -1632,8 +1649,7 @@ kadmin_addpol(argc, argv)
kadm5_policy_ent_rec policy;
memset(&policy, 0, sizeof(policy));
- if (kadmin_parse_policy_args(argc, argv,
- &policy, &mask, "add_policy")) {
+ if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
kadmin_addmodpol_usage("add_policy");
return;
} else {
@@ -1647,10 +1663,10 @@ kadmin_addpol(argc, argv)
return;
}
}
+ return;
}
-void
-kadmin_modpol(argc, argv)
+void kadmin_modpol(argc, argv)
int argc;
char *argv[];
{
@@ -1673,19 +1689,19 @@ kadmin_modpol(argc, argv)
return;
}
}
+ return;
}
-void
-kadmin_delpol(argc, argv)
+void kadmin_delpol(argc, argv)
int argc;
char *argv[];
{
krb5_error_code retval;
- char reply[32];
+ char reply[32];
if (! (argc == 2 ||
- (argc == 3 && strcmp("-force", argv[1]) == 0))) {
- fprintf(stderr, "%s: delete_policy [-force] %s\n",
+ (argc == 3 && !strcmp("-force", argv[1])))) {
+ fprintf(stderr, "%s: delete_policy [-force] %s\n",
gettext("usage"), gettext("policy"));
return;
}
@@ -1710,10 +1726,10 @@ kadmin_delpol(argc, argv)
argv[argc - 1]);
return;
}
+ return;
}
-void
-kadmin_getpol(argc, argv)
+void kadmin_getpol(argc, argv)
int argc;
char *argv[];
{
@@ -1721,7 +1737,7 @@ kadmin_getpol(argc, argv)
kadm5_policy_ent_rec policy;
if (! (argc == 2 ||
- (argc == 3 && strcmp("-terse", argv[1]) == 0))) {
+ (argc == 3 && !strcmp("-terse", argv[1])))) {
fprintf(stderr, "%s: get_policy [-terse] %s\n",
gettext("usage"), gettext("policy"));
return;
@@ -1735,45 +1751,45 @@ kadmin_getpol(argc, argv)
}
if (argc == 2) {
printf(gettext("Policy: %s\n"), policy.policy);
- printf(gettext("Maximum password life: %d\n"),
+ printf(gettext("Maximum password life: %ld\n"),
policy.pw_max_life);
- printf(gettext("Minimum password life: %d\n"),
+ printf(gettext("Minimum password life: %ld\n"),
policy.pw_min_life);
- printf(gettext("Minimum password length: %d\n"),
+ printf(gettext("Minimum password length: %ld\n"),
policy.pw_min_length);
printf(gettext("Minimum number of password "
- "character classes: %d\n"),
+ "character classes: %ld\n"),
policy.pw_min_classes);
- printf(gettext("Number of old keys kept: %d\n"),
+ printf(gettext("Number of old keys kept: %ld\n"),
policy.pw_history_num);
- printf(gettext("Reference count: %d\n"), policy.policy_refcnt);
+ printf(gettext("Reference count: %ld\n"), policy.policy_refcnt);
} else {
- printf("\"%s\"\t%d\t%d\t%d\t%d\t%d\t%d\n",
+ printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\n",
policy.policy, policy.pw_max_life, policy.pw_min_life,
policy.pw_min_length, policy.pw_min_classes,
policy.pw_history_num, policy.policy_refcnt);
}
kadm5_free_policy_ent(handle, &policy);
+ return;
}
-void
-kadmin_getpols(argc, argv)
+void kadmin_getpols(argc, argv)
int argc;
char *argv[];
{
krb5_error_code retval;
- char *exp, **names;
+ char *expr, **names;
int i, count;
- exp = NULL;
- if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
- fprintf(stderr, "%s: get_policies %s\n",
+ expr = NULL;
+ if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
+ fprintf(stderr, "%s: get_policies %s\n",
gettext("usage"), gettext("[expression]\n"));
return;
}
- retval = kadm5_get_policies(handle, exp, &names, &count);
+ retval = kadm5_get_policies(handle, expr, &names, &count);
if (retval) {
- com_err("get_policies", retval,
+ com_err("get_policies", retval,
gettext("while retrieving list."));
return;
}
@@ -1781,3 +1797,4 @@ kadmin_getpols(argc, argv)
printf("%s\n", names[i]);
kadm5_free_name_list(handle, names, count);
}
+
diff --git a/usr/src/cmd/krb5/kadmin/cli/kadmin.h b/usr/src/cmd/krb5/kadmin/cli/kadmin.h
new file mode 100644
index 0000000000..abf6fcf526
--- /dev/null
+++ b/usr/src/cmd/krb5/kadmin/cli/kadmin.h
@@ -0,0 +1,75 @@
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+/*
+ * kadmin/cli/kadmin.h
+ *
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Prototypes for kadmin functions called from SS library.
+ */
+
+#ifndef __KADMIN_H__
+#define __KADMIN_H__
+
+/* It would be nice if ss produced a header file we could reference */
+extern char *kadmin_startup(int argc, char *argv[]);
+extern int quit (void);
+extern void kadmin_lock(int argc, char *argv[]);
+extern void kadmin_unlock(int argc, char *argv[]);
+extern void kadmin_delprinc(int argc, char *argv[]);
+extern void kadmin_cpw(int argc, char *argv[]);
+extern void kadmin_addprinc(int argc, char *argv[]);
+extern void kadmin_modprinc(int argc, char *argv[]);
+extern void kadmin_getprinc(int argc, char *argv[]);
+extern void kadmin_getprincs(int argc, char *argv[]);
+extern void kadmin_addpol(int argc, char *argv[]);
+extern void kadmin_modpol(int argc, char *argv[]);
+extern void kadmin_delpol(int argc, char *argv[]);
+extern void kadmin_getpol(int argc, char *argv[]);
+extern void kadmin_getpols(int argc, char *argv[]);
+extern void kadmin_getprivs(int argc, char *argv[]);
+extern void kadmin_keytab_add(int argc, char *argv[]);
+extern void kadmin_keytab_remove(int argc, char *argv[]);
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#else
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#endif
+
+extern time_t get_date(char *);
+
+/* Yucky global variables */
+extern krb5_context context;
+extern char *krb5_defkeyname;
+extern char *whoami;
+extern void *handle;
+
+#endif /* __KADMIN_H__ */
+
diff --git a/usr/src/cmd/krb5/kadmin/cli/kadmin_ct.c b/usr/src/cmd/krb5/kadmin/cli/kadmin_ct.c
index 7da36fe992..b29c36a7be 100644
--- a/usr/src/cmd/krb5/kadmin/cli/kadmin_ct.c
+++ b/usr/src/cmd/krb5/kadmin/cli/kadmin_ct.c
@@ -32,180 +32,201 @@
#include <ss/ss.h>
#ifndef __STDC__
-#define const
+#define const
#endif
-static char const *const ssu00001[] = {
- "add_principal",
- "addprinc",
- "ank",
- (char const *) 0
+static char const * const ssu00001[] = {
+"add_principal",
+ "addprinc",
+ "ank",
+ (char const *)0
};
extern void kadmin_addprinc __SS_PROTO;
-static char const *const ssu00002[] = {
- "delete_principal",
- "delprinc",
- (char const *) 0
+static char const * const ssu00002[] = {
+"delete_principal",
+ "delprinc",
+ (char const *)0
};
extern void kadmin_delprinc __SS_PROTO;
-static char const *const ssu00003[] = {
- "modify_principal",
- "modprinc",
- (char const *) 0
+static char const * const ssu00003[] = {
+"modify_principal",
+ "modprinc",
+ (char const *)0
};
extern void kadmin_modprinc __SS_PROTO;
-static char const *const ssu00004[] = {
- "change_password",
- "cpw",
- (char const *) 0
+static char const * const ssu00004[] = {
+"change_password",
+ "cpw",
+ (char const *)0
};
extern void kadmin_cpw __SS_PROTO;
-static char const *const ssu00005[] = {
- "get_principal",
- "getprinc",
- (char const *) 0
+static char const * const ssu00005[] = {
+"get_principal",
+ "getprinc",
+ (char const *)0
};
extern void kadmin_getprinc __SS_PROTO;
-static char const *const ssu00006[] = {
- "list_principals",
- "listprincs",
- "get_principals",
- "getprincs",
- (char const *) 0
+static char const * const ssu00006[] = {
+"list_principals",
+ "listprincs",
+ "get_principals",
+ "getprincs",
+ (char const *)0
};
extern void kadmin_getprincs __SS_PROTO;
-static char const *const ssu00007[] = {
- "add_policy",
- "addpol",
- (char const *) 0
+static char const * const ssu00007[] = {
+"add_policy",
+ "addpol",
+ (char const *)0
};
extern void kadmin_addpol __SS_PROTO;
-static char const *const ssu00008[] = {
- "modify_policy",
- "modpol",
- (char const *) 0
+static char const * const ssu00008[] = {
+"modify_policy",
+ "modpol",
+ (char const *)0
};
extern void kadmin_modpol __SS_PROTO;
-static char const *const ssu00009[] = {
- "delete_policy",
- "delpol",
- (char const *) 0
+static char const * const ssu00009[] = {
+"delete_policy",
+ "delpol",
+ (char const *)0
};
extern void kadmin_delpol __SS_PROTO;
-static char const *const ssu00010[] = {
- "get_policy",
- "getpol",
- (char const *) 0
+static char const * const ssu00010[] = {
+"get_policy",
+ "getpol",
+ (char const *)0
};
extern void kadmin_getpol __SS_PROTO;
-static char const *const ssu00011[] = {
- "list_policies",
- "listpols",
- "get_policies",
- "getpols",
- (char const *) 0
+static char const * const ssu00011[] = {
+"list_policies",
+ "listpols",
+ "get_policies",
+ "getpols",
+ (char const *)0
};
extern void kadmin_getpols __SS_PROTO;
-static char const *const ssu00012[] = {
- "get_privs",
- "getprivs",
- (char const *) 0
+static char const * const ssu00012[] = {
+"get_privs",
+ "getprivs",
+ (char const *)0
};
extern void kadmin_getprivs __SS_PROTO;
-static char const *const ssu00013[] = {
- "ktadd",
- "xst",
- (char const *) 0
+static char const * const ssu00013[] = {
+"ktadd",
+ "xst",
+ (char const *)0
};
extern void kadmin_keytab_add __SS_PROTO;
-static char const *const ssu00014[] = {
- "ktremove",
- "ktrem",
- (char const *) 0
+static char const * const ssu00014[] = {
+"ktremove",
+ "ktrem",
+ (char const *)0
};
extern void kadmin_keytab_remove __SS_PROTO;
-static char const *const ssu00015[] = {
- "list_requests",
- "lr",
- "?",
- (char const *) 0
+
+static char const * const ssu00015[] = {
+"lock",
+ (char const *)0
+};
+extern void kadmin_lock __SS_PROTO;
+static char const * const ssu00016[] = {
+"unlock",
+ (char const *)0
};
+extern void kadmin_unlock __SS_PROTO;
+
+static char const * const ssu00017[] = {
+"list_requests",
+ "lr",
+ "?",
+ (char const *)0
+};
+
extern void ss_list_requests __SS_PROTO;
-static char const *const ssu00016[] = {
- "quit",
- "exit",
- "q",
- (char const *) 0
+static char const * const ssu00018[] = {
+"quit",
+ "exit",
+ "q",
+ (char const *)0
};
extern void ss_quit __SS_PROTO;
-static ss_request_entry ssu00017[] = {
- {ssu00001,
- kadmin_addprinc,
- gettext("Add principal"),
- 0},
- {ssu00002,
- kadmin_delprinc,
- gettext("Delete principal"),
- 0},
- {ssu00003,
- kadmin_modprinc,
- gettext("Modify principal"),
- 0},
- {ssu00004,
- kadmin_cpw,
- gettext("Change password"),
- 0},
- {ssu00005,
- kadmin_getprinc,
- gettext("Get principal"),
- 0},
- {ssu00006,
- kadmin_getprincs,
- gettext("List principals"),
- 0},
- {ssu00007,
- kadmin_addpol,
- gettext("Add policy"),
- 0},
- {ssu00008,
- kadmin_modpol,
- gettext("Modify policy"),
- 0},
- {ssu00009,
- kadmin_delpol,
- gettext("Delete policy"),
- 0},
- {ssu00010,
- kadmin_getpol,
- gettext("Get policy"),
- 0},
- {ssu00011,
- kadmin_getpols,
- gettext("List policies"),
- 0},
- {ssu00012,
- kadmin_getprivs,
- gettext("Get privileges"),
- 0},
- {ssu00013,
- kadmin_keytab_add,
- gettext("Add entry(s) to a keytab"),
- 0},
- {ssu00014,
- kadmin_keytab_remove,
- gettext("Remove entry(s) from a keytab"),
- 0},
- {ssu00015,
- ss_list_requests,
- gettext("List available requests."),
- 0},
- {ssu00016,
- ss_quit,
- gettext("Exit program."),
- 0},
- {0, 0, 0, 0}
+static ss_request_entry ssu00019[] = {
+ { ssu00001,
+ kadmin_addprinc,
+ gettext("Add principal"),
+ 0 },
+ { ssu00002,
+ kadmin_delprinc,
+ gettext("Delete principal"),
+ 0 },
+ { ssu00003,
+ kadmin_modprinc,
+ gettext("Modify principal"),
+ 0 },
+ { ssu00004,
+ kadmin_cpw,
+ gettext("Change password"),
+ 0 },
+ { ssu00005,
+ kadmin_getprinc,
+ gettext("Get principal"),
+ 0 },
+ { ssu00006,
+ kadmin_getprincs,
+ gettext("List principals"),
+ 0 },
+ { ssu00007,
+ kadmin_addpol,
+ gettext("Add policy"),
+ 0 },
+ { ssu00008,
+ kadmin_modpol,
+ gettext("Modify policy"),
+ 0 },
+ { ssu00009,
+ kadmin_delpol,
+ gettext("Delete policy"),
+ 0 },
+ { ssu00010,
+ kadmin_getpol,
+ gettext("Get policy"),
+ 0 },
+ { ssu00011,
+ kadmin_getpols,
+ gettext("List policies"),
+ 0 },
+ { ssu00012,
+ kadmin_getprivs,
+ gettext("Get privileges"),
+ 0 },
+ { ssu00013,
+ kadmin_keytab_add,
+ gettext("Add entry(s) to a keytab"),
+ 0 },
+ { ssu00014,
+ kadmin_keytab_remove,
+ gettext("Remove entry(s) from a keytab"),
+ 0 },
+ { ssu00015,
+ kadmin_lock,
+ gettext("Lock database exclusively (use with extreme caution!)"),
+ 0 },
+ { ssu00016,
+ kadmin_unlock,
+ gettext("Release exclusive database lock"),
+ 0 },
+ { ssu00017,
+ ss_list_requests,
+ gettext("List available requests."),
+ 0 },
+ { ssu00018,
+ ss_quit,
+ gettext("Exit program."),
+ 0 },
+ { 0, 0, 0, 0 }
};
-ss_request_table kadmin_cmds = {2, ssu00017};
+ss_request_table kadmin_cmds = { 2, ssu00019 };
#undef gettext
diff --git a/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c b/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c
index 0d63238512..261db1536a 100644
--- a/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c
+++ b/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1998-1999 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -41,31 +41,30 @@ debugEnable(int displayMsgs)
#endif
}
-void
-kadmin_getprivs(argc, argv)
-int argc;
-char *argv[];
+void kadmin_getprivs(argc, argv)
+ int argc;
+ char *argv[];
{
- static char *privs[] = {"GET", "ADD", "MODIFY", "DELETE", "LIST",
- "CHANGE"};
- krb5_error_code retval;
- int i;
- long plist;
+ static char *privs[] = {"GET", "ADD", "MODIFY", "DELETE", "LIST", "CHANGE"};
+ krb5_error_code retval;
+ int i;
+ long plist;
- if (argc != 1) {
- fprintf(stderr, "%s: get_privs\n", gettext("usage"));
- return;
- }
- retval = kadm5_get_privs(handle, &plist);
- if (retval) {
- com_err("get_privs", retval,
+ if (argc != 1) {
+ fprintf(stderr, "%s: get_privs\n", gettext("usage"));
+ return;
+ }
+ retval = kadm5_get_privs(handle, &plist);
+ if (retval) {
+ com_err("get_privs", retval,
gettext("while retrieving privileges"));
- return;
- }
- printf(gettext("current privileges:"));
- for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
- if (plist & 1 << i)
- printf(" %s", gettext(privs[i]));
- }
- printf("\n");
+ return;
+ }
+ printf(gettext("current privileges:"));
+ for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
+ if (plist & 1 << i)
+ printf(" %s", gettext(privs[i]));
+ }
+ printf("\n");
+ return;
}
diff --git a/usr/src/cmd/krb5/kadmin/cli/keytab.c b/usr/src/cmd/krb5/kadmin/cli/keytab.c
index cabbcae093..5d88815b7a 100644
--- a/usr/src/cmd/krb5/kadmin/cli/keytab.c
+++ b/usr/src/cmd/krb5/kadmin/cli/keytab.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -8,7 +8,7 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
*
- * $Id: keytab.c,v 1.26 2000/02/19 01:57:07 tlyu Exp $
+ * $Id: keytab.c,v 1.28 2004/05/31 12:39:16 epeisach Exp $
* $Source: /cvs/krbdev/krb5/src/kadmin/cli/keytab.c,v $
*/
@@ -39,7 +39,7 @@
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/cli/keytab.c,v 1.26 2000/02/19 01:57:07 tlyu Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/cli/keytab.c,v 1.28 2004/05/31 12:39:16 epeisach Exp $";
#endif
#include <stdio.h>
@@ -48,33 +48,28 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/cli/keytab.c,v 1.26 2
#include <libintl.h>
#include <krb5.h>
-#include <k5-int.h>
#include <kadm5/admin.h>
+#include <krb5/adm_proto.h>
+#include "kadmin.h"
-static int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
- int keepold,
+static int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+ krb5_boolean keepold,
int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
char *princ_str);
static int remove_principal(char *keytab_str, krb5_keytab keytab, char
*princ_str, char *kvno_str);
static char *etype_string(krb5_enctype enctype);
-extern char *krb5_defkeyname;
-extern char *whoami;
-extern krb5_context context;
-extern void *handle;
static int quiet;
-void
-add_usage()
+static void add_usage()
{
fprintf(stderr, "%s: %s\n", gettext("Usage"),
"ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] "
"[principal | -glob princ-exp] [...]\n");
}
-void
-rem_usage()
+static void rem_usage()
{
fprintf(stderr, "%s: %s\n",
gettext("Usage"),
@@ -82,25 +77,24 @@ rem_usage()
"[kvno|\"all\"|\"old\"]\n");
}
-int
-process_keytab(krb5_context context, char **keytab_str,
+static int process_keytab(krb5_context my_context, char **keytab_str,
krb5_keytab *keytab)
{
int code;
char buf[BUFSIZ];
if (*keytab_str == NULL) {
- if (code = krb5_kt_default(context, keytab)) {
+ if (code = krb5_kt_default(my_context, keytab)) {
com_err(whoami, code, gettext("while opening default keytab"));
- return (1);
+ return 1;
}
- if (code = krb5_kt_get_name(context, *keytab, buf, BUFSIZ)) {
+ if (code = krb5_kt_get_name(my_context, *keytab, buf, BUFSIZ)) {
com_err(whoami, code, gettext("while retrieving keytab name"));
- return (1);
+ return 1;
}
if (!(*keytab_str = strdup(buf))) {
com_err(whoami, ENOMEM, gettext("while creating keytab name"));
- return(1);
+ return 1;
}
} else {
if (strchr(*keytab_str, ':') != NULL) {
@@ -108,7 +102,7 @@ process_keytab(krb5_context context, char **keytab_str,
if (*keytab_str == NULL) {
com_err(whoami, ENOMEM,
gettext("while creating keytab name"));
- return (1);
+ return 1;
}
} else {
char *tmp = *keytab_str;
@@ -118,41 +112,39 @@ process_keytab(krb5_context context, char **keytab_str,
if (*keytab_str == NULL) {
com_err(whoami, ENOMEM,
gettext("while creating keytab name"));
- return (1);
+ return 1;
}
sprintf(*keytab_str, "WRFILE:%s", tmp);
}
- code = krb5_kt_resolve(context, *keytab_str, keytab);
+ code = krb5_kt_resolve(my_context, *keytab_str, keytab);
if (code != 0) {
com_err(whoami, code,
gettext("while resolving keytab %s"), *keytab_str);
free(keytab_str);
- return (1);
+ return 1;
}
}
- return (0);
+ return 0;
}
-void
-kadmin_keytab_add(int argc, char **argv)
+void kadmin_keytab_add(int argc, char **argv)
{
krb5_keytab keytab = 0;
- char *princ_str, *keytab_str = NULL, **princs;
+ char *keytab_str = NULL, **princs;
int code, num, i;
krb5_error_code retval;
- int keepold = 0, n_ks_tuple = 0;
+ int n_ks_tuple = 0;
+ krb5_boolean keepold = FALSE;
krb5_key_salt_tuple *ks_tuple = NULL;
- argc--;
- argv++;
+ argc--; argv++;
quiet = 0;
while (argc) {
if (strncmp(*argv, "-k", 2) == 0) {
- argc--;
- argv++;
+ argc--; argv++;
if (!argc || keytab_str) {
add_usage();
return;
@@ -177,8 +169,7 @@ kadmin_keytab_add(int argc, char **argv)
}
} else
break;
- argc--;
- argv++;
+ argc--; argv++;
}
if (argc == 0) {
@@ -195,8 +186,9 @@ kadmin_keytab_add(int argc, char **argv)
add_usage();
break;
}
- if (code = kadm5_get_principals(handle, *argv,
- &princs, &num)) {
+
+ code = kadm5_get_principals(handle, *argv, &princs, &num);
+ if (code) {
com_err(whoami, code,
gettext("while expanding expression "
"\"%s\"."),
@@ -224,20 +216,17 @@ kadmin_keytab_add(int argc, char **argv)
free(keytab_str);
}
-void
-kadmin_keytab_remove(int argc, char **argv)
+void kadmin_keytab_remove(int argc, char **argv)
{
krb5_keytab keytab = 0;
- char *princ_str, *keytab_str = NULL;
+ char *keytab_str = NULL;
int code;
- argc--;
- argv++;
+ argc--; argv++;
quiet = 0;
while (argc) {
if (strncmp(*argv, "-k", 2) == 0) {
- argc--;
- argv++;
+ argc--; argv++;
if (!argc || keytab_str) {
rem_usage();
return;
@@ -247,8 +236,7 @@ kadmin_keytab_remove(int argc, char **argv)
quiet++;
} else
break;
- argc--;
- argv++;
+ argc--; argv++;
}
if (argc != 1 && argc != 2) {
@@ -267,8 +255,9 @@ kadmin_keytab_remove(int argc, char **argv)
free(keytab_str);
}
-int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
- int keepold, int n_ks_tuple,
+static
+int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+ krb5_boolean keepold, int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *princ_str)
{
@@ -276,7 +265,7 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
krb5_principal princ;
krb5_keytab_entry new_entry;
krb5_keyblock *keys;
- int code, code2, mask, nkeys, i;
+ int code, nkeys, i;
int nktypes = 0;
krb5_key_salt_tuple *permitted_etypes = NULL;
@@ -336,9 +325,9 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
nktypes = n_ks_tuple;
}
- code = kadm5_randkey_principal_3(handle, princ,
- keepold, nktypes, permitted_etypes,
- &keys, &nkeys);
+ code = kadm5_randkey_principal_3(lhandle, princ,
+ keepold, nktypes, permitted_etypes,
+ &keys, &nkeys);
#ifndef _KADMIN_LOCAL_
/* this block is not needed in the kadmin.local client */
@@ -351,20 +340,19 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
code = kadm5_randkey_principal_old(handle, princ, &keys, &nkeys);
}
#endif /* !KADMIN_LOCAL */
- if (code != 0) {
- if (code == KADM5_UNK_PRINC) {
+ if (code != 0) {
+ if (code == KADM5_UNK_PRINC) {
fprintf(stderr,
gettext("%s: Principal %s does not exist.\n"),
whoami, princ_str);
- } else {
+ } else
com_err(whoami, code,
gettext("while changing %s's key"),
princ_str);
- }
- goto cleanup;
- }
+ goto cleanup;
+ }
- code = kadm5_get_principal(handle, princ, &princ_rec,
+ code = kadm5_get_principal(lhandle, princ, &princ_rec,
KADM5_PRINCIPAL_NORMAL_MASK);
if (code != 0) {
com_err(whoami, code, gettext("while retrieving principal"));
@@ -381,7 +369,7 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
if (code != 0) {
com_err(whoami, code,
gettext("while adding key to keytab"));
- (void) kadm5_free_principal_ent(handle, &princ_rec);
+ (void) kadm5_free_principal_ent(lhandle, &princ_rec);
goto cleanup;
}
@@ -392,7 +380,7 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
etype_string(keys[i].enctype), keytab_str);
}
- code = kadm5_free_principal_ent(handle, &princ_rec);
+ code = kadm5_free_principal_ent(lhandle, &princ_rec);
if (code != 0) {
com_err(whoami, code, gettext("while freeing principal entry"));
goto cleanup;
@@ -410,28 +398,27 @@ cleanup:
if (permitted_etypes != NULL && ks_tuple == NULL)
free(permitted_etypes);
- return (code);
+ return code;
}
-int
-remove_principal(char *keytab_str, krb5_keytab keytab, char
+int remove_principal(char *keytab_str, krb5_keytab keytab, char
*princ_str, char *kvno_str)
{
krb5_principal princ;
krb5_keytab_entry entry;
krb5_kt_cursor cursor;
- enum {
- UNDEF, SPEC, HIGH, ALL, OLD
- } mode;
- int code, kvno, did_something;
+ enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
+ int code, did_something;
+ krb5_kvno kvno;
code = krb5_parse_name(context, princ_str, &princ);
if (code != 0) {
com_err(whoami, code,
gettext("while parsing principal name %s"),
princ_str);
- return (code);
+ return code;
}
+
mode = UNDEF;
if (kvno_str == NULL) {
mode = HIGH;
@@ -471,8 +458,9 @@ remove_principal(char *keytab_str, krb5_keytab keytab, char
gettext("while retrieving highest "
"kvno from keytab"));
}
- return (code);
+ return code;
}
+
/* set kvno to spec'ed value for SPEC, highest kvno otherwise */
kvno = entry.vno;
krb5_kt_free_entry(context, &entry);
@@ -480,11 +468,11 @@ remove_principal(char *keytab_str, krb5_keytab keytab, char
code = krb5_kt_start_seq_get(context, keytab, &cursor);
if (code != 0) {
com_err(whoami, code, gettext("while starting keytab scan"));
- return (code);
+ return code;
}
+
did_something = 0;
- while ((code = krb5_kt_next_entry(context,
- keytab, &entry, &cursor)) == 0) {
+ while ((code = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
if (krb5_principal_compare(context, princ, entry.principal) &&
((mode == ALL) ||
(mode == SPEC && entry.vno == kvno) ||
@@ -492,30 +480,31 @@ remove_principal(char *keytab_str, krb5_keytab keytab, char
(mode == HIGH && entry.vno == kvno))) {
/*
- * Ack! What a kludge... the scanning functions
- * lock the keytab so entries cannot be removed
- * while they are operating.
+ * Ack! What a kludge... the scanning functions lock
+ * the keytab so entries cannot be removed while they
+ * are operating.
*/
code = krb5_kt_end_seq_get(context, keytab, &cursor);
if (code != 0) {
com_err(whoami, code,
gettext("while temporarily "
"ending keytab scan"));
- return (code);
+ return code;
}
code = krb5_kt_remove_entry(context, keytab, &entry);
if (code != 0) {
com_err(whoami, code,
gettext("while deleting entry "
"from keytab"));
- return (code);
+ return code;
}
code = krb5_kt_start_seq_get(context, keytab, &cursor);
if (code != 0) {
com_err(whoami, code,
gettext("while restarting keytab scan"));
- return (code);
+ return code;
}
+
did_something++;
if (!quiet)
printf(gettext("Entry for principal "
@@ -527,25 +516,27 @@ remove_principal(char *keytab_str, krb5_keytab keytab, char
}
if (code && code != KRB5_KT_END) {
com_err(whoami, code, gettext("while scanning keytab"));
- return (code);
+ return code;
}
- if (code = krb5_kt_end_seq_get(context, keytab, &cursor)) {
+ if ((code = krb5_kt_end_seq_get(context, keytab, &cursor))) {
com_err(whoami, code, gettext("while ending keytab scan"));
- return (code);
+ return code;
}
+
/*
- * If !did_someting then mode must be OLD or we would have already
- * returned with an error. But check it anyway just to prevent
- * unexpected error messages...
+ * If !did_someting then mode must be OLD or we would have
+ * already returned with an error. But check it anyway just to
+ * prevent unexpected error messages...
*/
if (!did_something && mode == OLD) {
fprintf(stderr,
gettext("%s: There is only one entry for principal "
"%s in keytab %s\n"),
whoami, princ_str, keytab_str);
- return (1);
+ return 1;
}
- return (0);
+
+ return 0;
}
/*
@@ -553,15 +544,14 @@ remove_principal(char *keytab_str, krb5_keytab keytab, char
* encryption type. XXX copied from klist.c; this should be a
* library function, or perhaps just #defines
*/
-static char *
-etype_string(enctype)
+static char *etype_string(enctype)
krb5_enctype enctype;
{
static char buf[100];
krb5_error_code ret;
- if (ret = krb5_enctype_to_string(enctype, buf, sizeof(buf)))
+ if ((ret = krb5_enctype_to_string(enctype, buf, sizeof(buf))))
sprintf(buf, "etype %d", enctype);
- return (buf);
+ return buf;
}
diff --git a/usr/src/cmd/krb5/kadmin/cli/ss_wrapper.c b/usr/src/cmd/krb5/kadmin/cli/ss_wrapper.c
index f0c5fe64f4..d2bd318e82 100644
--- a/usr/src/cmd/krb5/kadmin/cli/ss_wrapper.c
+++ b/usr/src/cmd/krb5/kadmin/cli/ss_wrapper.c
@@ -26,7 +26,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -40,7 +40,7 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*
* ss wrapper for kadmin
*/
@@ -51,22 +51,21 @@
#include <string.h>
#include <libintl.h>
#include <locale.h>
+#include "kadmin.h"
extern ss_request_table kadmin_cmds;
extern int exit_status;
-extern char *kadmin_startup();
extern char *whoami;
-int
-main(argc, argv)
-int argc;
-char *argv[];
+int main(argc, argv)
+ int argc;
+ char *argv[];
{
- char *request;
- krb5_error_code retval;
- int sci_idx, code = 0;
+ char *request;
+ krb5_error_code retval;
+ int sci_idx, code = 0;
- whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
+ whoami = ((whoami = strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
(void) setlocale(LC_ALL, "");
@@ -76,24 +75,24 @@ char *argv[];
(void) textdomain(TEXT_DOMAIN);
- request = kadmin_startup(argc, argv);
- sci_idx = ss_create_invocation(whoami, "5.0", (char *) NULL,
- &kadmin_cmds, &retval);
- if (retval) {
- ss_perror(sci_idx, retval, gettext("creating invocation"));
- exit(1);
- }
+ request = kadmin_startup(argc, argv);
+ sci_idx = ss_create_invocation(whoami, "5.0", (char *) NULL,
+ &kadmin_cmds, &retval);
+ if (retval) {
+ ss_perror(sci_idx, retval, gettext("creating invocation"));
+ exit(1);
+ }
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
- if (request) {
- code = ss_execute_line(sci_idx, request);
- if (code != 0) {
- ss_perror(sci_idx, code, request);
- exit_status++;
- }
- } else
- ss_listen(sci_idx, &retval);
- return (quit() ? 1 : exit_status);
+ if (request) {
+ code = ss_execute_line(sci_idx, request);
+ if (code != 0) {
+ ss_perror(sci_idx, code, request);
+ exit_status++;
+ }
+ } else
+ retval = ss_listen(sci_idx);
+ return quit() ? 1 : exit_status;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/Makefile b/usr/src/cmd/krb5/kadmin/dbutil/Makefile
index 872fb5b1fc..419d88df4d 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/Makefile
+++ b/usr/src/cmd/krb5/kadmin/dbutil/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
@@ -9,7 +9,7 @@ PROG= kdb5_util
OBJS = kdb5_util.o \
kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \
- kdb5_destroy.o ovload.o dump.o
+ kdb5_destroy.o ovload.o strtok.o dump.o
SRCS = $(OBJS:.o=.c)
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/dump.c b/usr/src/cmd/krb5/kadmin/dbutil/dump.c
index 034c98f087..28c472d56f 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/dump.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/dump.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -73,7 +73,7 @@
#define krb5_dbm_db_set_lockmode krb5_db_set_lockmode
#define krb5_dbm_db_close_database krb5_db_close_database
#define krb5_dbm_db_open_database krb5_db_open_database
-#define krb5_dbm_db_iterate krb5_db_iterate
+#define krb5_dbm_db_iterate krb5_db_iterate_ext
#include <stdio.h>
#include <com_err.h>
@@ -82,8 +82,7 @@
#include <libintl.h>
#include "kdb5_util.h"
-
-#if HAVE_REGEX_H
+#if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP)
#include <regex.h>
#endif /* HAVE_REGEX_H */
@@ -92,11 +91,12 @@
*/
extern krb5_keyblock master_key;
extern krb5_principal master_princ;
-extern int valid_master_key;
-extern void usage();
static int mkey_convert;
static krb5_keyblock new_master_key;
+static int backwards;
+static int recursive;
+
/*
* Use compile(3) if no regcomp present.
*/
@@ -120,45 +120,41 @@ struct dump_args {
int verbose;
};
-static krb5_error_code dump_k5beta_iterator
-(krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_k5beta6_iterator
-(krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_iprop_iterator
-(krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_k5beta7_princ
-(krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_iprop_princ
-(krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_ov_princ
-(krb5_pointer,
- krb5_db_entry *);
+static krb5_error_code dump_k5beta_iterator (krb5_pointer,
+ krb5_db_entry *);
+static krb5_error_code dump_k5beta6_iterator (krb5_pointer,
+ krb5_db_entry *);
+static krb5_error_code dump_k5beta6_iterator_ext (krb5_pointer,
+ krb5_db_entry *,
+ int);
+static krb5_error_code dump_iprop_iterator (krb5_pointer,
+ krb5_db_entry *);
+static krb5_error_code dump_k5beta7_princ (krb5_pointer,
+ krb5_db_entry *);
+static krb5_error_code dump_k5beta7_princ_ext (krb5_pointer,
+ krb5_db_entry *,
+ int);
+static krb5_error_code dump_k5beta7_princ_withpolicy
+ (krb5_pointer, krb5_db_entry *);
+static krb5_error_code dump_iprop_princ (krb5_pointer,
+ krb5_db_entry *);
+static krb5_error_code dump_ov_princ (krb5_pointer,
+ krb5_db_entry *);
static void dump_k5beta7_policy (void *, osa_policy_ent_t);
-typedef
-krb5_error_code(*dump_func) (krb5_pointer,
- krb5_db_entry *);
+typedef krb5_error_code (*dump_func)(krb5_pointer,
+ krb5_db_entry *);
-static int process_k5beta_record
-(char *, krb5_context,
- FILE *, int, int *, void *);
-static int process_k5beta6_record
-(char *, krb5_context,
- FILE *, int, int *, void *);
-static int process_k5beta7_record
-(char *, krb5_context,
- FILE *, int, int *, void *);
-static int process_ov_record
-(char *, krb5_context,
- FILE *, int, int *, void *);
-typedef
-krb5_error_code(*load_func) (char *, krb5_context,
- FILE *, int, int *, void *);
+static int process_k5beta_record (char *, krb5_context,
+ FILE *, int, int *, void *);
+static int process_k5beta6_record (char *, krb5_context,
+ FILE *, int, int *, void *);
+static int process_k5beta7_record (char *, krb5_context,
+ FILE *, int, int *, void *);
+static int process_ov_record (char *, krb5_context,
+ FILE *, int, int *, void *);
+typedef krb5_error_code (*load_func)(char *, krb5_context,
+ FILE *, int, int *, void *);
typedef struct _dump_version {
char *name;
@@ -216,6 +212,16 @@ dump_version ov_version = {
process_ov_record,
};
+dump_version r1_3_version = {
+ "Kerberos version 5 release 1.3",
+ "kdb5_util load_dump version 5\n",
+ 0,
+ 0,
+ dump_k5beta7_princ_withpolicy,
+ dump_k5beta7_policy,
+ process_k5beta7_record,
+};
+
/* External data */
extern char *current_dbname;
extern krb5_boolean dbactive;
@@ -225,9 +231,7 @@ extern kadm5_config_params global_params;
/* Strings */
-static const char k5beta_dump_header[] = "kdb5_edit load_dump version 2.0\n";
-static const char k5beta6_dump_header[] = "kdb5_edit load_dump version 3.0\n";
-static const char k5beta7_dump_header[] = "kdb5_edit load_dump version 4\n";
+#define k5beta_dump_header "kdb5_edit load_dump version 2.0\n"
static const char null_mprinc_name[] = "kdb5_dump@MISSING";
@@ -369,6 +373,7 @@ static const char dfile_err_fmt[] =
static const char oldoption[] = "-old";
static const char b6option[] = "-b6";
+static const char b7option[] = "-b7";
static const char ipropoption[] = "-i";
static const char verboseoption[] = "-verbose";
static const char updateoption[] = "-update";
@@ -379,14 +384,14 @@ static const char dump_tmptrail[] = "~";
/*
* Re-encrypt the key_data with the new master key...
*/
-krb5_error_code master_key_convert(context, db_entry)
+static krb5_error_code master_key_convert(context, db_entry)
krb5_context context;
krb5_db_entry * db_entry;
{
krb5_error_code retval;
krb5_keyblock v5plainkey, *key_ptr;
krb5_keysalt keysalt;
- int i;
+ int i, j;
krb5_key_data new_key_data, *key_data;
krb5_boolean is_mkey;
@@ -416,7 +421,11 @@ krb5_error_code master_key_convert(context, db_entry)
if (retval)
return retval;
krb5_free_keyblock_contents(context, &v5plainkey);
- free(key_data->key_data_contents);
+ for (j = 0; j < key_data->key_data_ver; j++) {
+ if (key_data->key_data_length[j]) {
+ free(key_data->key_data_contents[j]);
+ }
+ }
*key_data = new_key_data;
}
return 0;
@@ -425,8 +434,7 @@ krb5_error_code master_key_convert(context, db_entry)
/*
* Update the "ok" file.
*/
-void
-update_ok_file(file_name)
+void update_ok_file (file_name)
char *file_name;
{
/* handle slave locking/failure stuff */
@@ -460,8 +468,10 @@ update_ok_file(file_name)
free(file_ok);
return;
}
+
free(file_ok);
close(fd);
+ return;
}
/*
@@ -479,20 +489,16 @@ name_matches(name, arglist)
int match_error;
char match_errmsg[BUFSIZ];
size_t errmsg_size;
-
#elif HAVE_REGEXP_H
char regexp_buffer[RE_BUF_SIZE];
-
#elif HAVE_RE_COMP
extern char *re_comp();
char *re_result;
-
#endif /* HAVE_RE_COMP */
int i, match;
/*
- * Plow, brute force, through the list of names/regular
- * expressions.
+ * Plow, brute force, through the list of names/regular expressions.
*/
match = (arglist->nnames) ? 0 : 1;
for (i=0; i<arglist->nnames; i++) {
@@ -500,9 +506,8 @@ name_matches(name, arglist)
/*
* Compile the regular expression.
*/
- if (match_error = regcomp(&match_exp,
- arglist->names[i],
- REG_EXTENDED)) {
+ match_error = regcomp(&match_exp, arglist->names[i], REG_EXTENDED);
+ if (match_error) {
errmsg_size = regerror(match_error,
&match_exp,
match_errmsg,
@@ -514,8 +519,8 @@ name_matches(name, arglist)
/*
* See if we have a match.
*/
- if (match_error = regexec(&match_exp,
- name, 1, &match_match, 0)) {
+ match_error = regexec(&match_exp, name, 1, &match_match, 0);
+ if (match_error) {
if (match_error != REG_NOMATCH) {
errmsg_size = regerror(match_error,
&match_exp,
@@ -525,7 +530,8 @@ name_matches(name, arglist)
arglist->programname, match_errmsg);
break;
}
- } else {
+ }
+ else {
/*
* We have a match. See if it matches the whole
* name.
@@ -553,18 +559,16 @@ name_matches(name, arglist)
* Compile the regular expression.
*/
if (re_result = re_comp(arglist->names[i])) {
- fprintf(stderr, gettext(regex_err),
- arglist->programname, re_result);
+ fprintf(stderr, gettext(regex_err), arglist->programname, re_result);
break;
}
if (re_exec(name))
match = 1;
#else /* HAVE_RE_COMP */
/*
- * If no regular expression support, then just compare the
- * strings.
+ * If no regular expression support, then just compare the strings.
*/
- if (strcmp(arglist->names[i], name) == 0)
+ if (!strcmp(arglist->names[i], name))
match = 1;
#endif /* HAVE_REGCOMP */
if (match)
@@ -601,6 +605,7 @@ find_enctype(dbentp, enctype, salttype, kentp)
return(ENOENT);
}
+#if 0
/*
* dump_k5beta_header() - Make a dump header that is recognizable by Kerberos
* Version 5 Beta 5 and previous releases.
@@ -613,6 +618,7 @@ dump_k5beta_header(arglist)
fprintf(arglist->ofile, k5beta_dump_header);
return(0);
}
+#endif
/*
* dump_k5beta_iterator() - Dump an entry in a format that is usable
@@ -693,12 +699,11 @@ dump_k5beta_iterator(ptr, entry)
mod_name = strdup(null_mprinc_name);
/*
- * Find the last password change record and set it
- * straight.
+ * Find the last password change record and set it straight.
*/
if ((retval =
krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry,
- &last_pwd_change))) {
+ &last_pwd_change))) {
fprintf(stderr, gettext(nokeys_err),
arg->programname, name);
krb5_xfree(mod_name);
@@ -723,25 +728,22 @@ dump_k5beta_iterator(ptr, entry)
krb5_xfree(name);
return(retval);
}
- /*
- * If we only have one type, then ship it out as the
- * primary.
- */
+
+ /* If we only have one type, then ship it out as the primary. */
if (!pkey && akey) {
pkey = akey;
akey = &nullkey;
- } else {
+ }
+ else {
if (!akey)
akey = &nullkey;
}
/*
- * First put out strings representing the length of the
- * variable length data in this record, then the name and
- * the primary key type.
+ * First put out strings representing the length of the variable
+ * length data in this record, then the name and the primary key type.
*/
- fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%s\t%d\t",
- strlen(name),
+ fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%s\t%d\t", strlen(name),
strlen(mod_name),
(krb5_int32) pkey->key_data_length[0],
(krb5_int32) akey->key_data_length[0],
@@ -750,40 +752,34 @@ dump_k5beta_iterator(ptr, entry)
name,
(krb5_int32) pkey->key_data_type[0]);
for (i=0; i<pkey->key_data_length[0]; i++) {
- fprintf(arg->ofile, "%02x",
- pkey->key_data_contents[0][i]);
+ fprintf(arg->ofile, "%02x", pkey->key_data_contents[0][i]);
}
/*
- * Second, print out strings representing the standard
- * integer data in this record.
+ * Second, print out strings representing the standard integer
+ * data in this record.
*/
fprintf(arg->ofile,
- "\t%u\t%u\t%u\t%u\t%u\t%u\t%u"
- "\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t",
+ "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t",
(krb5_int32) pkey->key_data_kvno,
entry->max_life, entry->max_renewable_life,
- 1 /* Fake mkvno */, entry->expiration,
- entry->pw_expiration, last_pwd_change,
- entry->last_success, entry->last_failed,
+ 1 /* Fake mkvno */, entry->expiration, entry->pw_expiration,
+ last_pwd_change, entry->last_success, entry->last_failed,
entry->fail_auth_count, mod_name, mod_date,
entry->attributes, pkey->key_data_type[1]);
/* Pound out the salt data, if present. */
for (i=0; i<pkey->key_data_length[1]; i++) {
- fprintf(arg->ofile, "%02x",
- pkey->key_data_contents[1][i]);
+ fprintf(arg->ofile, "%02x", pkey->key_data_contents[1][i]);
}
/* Pound out the alternate key type and contents */
fprintf(arg->ofile, "\t%u\t", akey->key_data_type[0]);
for (i=0; i<akey->key_data_length[0]; i++) {
- fprintf(arg->ofile, "%02x",
- akey->key_data_contents[0][i]);
+ fprintf(arg->ofile, "%02x", akey->key_data_contents[0][i]);
}
/* Pound out the alternate salt type and contents */
fprintf(arg->ofile, "\t%u\t", akey->key_data_type[1]);
for (i=0; i<akey->key_data_length[1]; i++) {
- fprintf(arg->ofile, "%02x",
- akey->key_data_contents[1][i]);
+ fprintf(arg->ofile, "%02x", akey->key_data_contents[1][i]);
}
/* Pound out the expansion data. (is null) */
for (i=0; i < 8; i++) {
@@ -807,6 +803,15 @@ dump_k5beta6_iterator(ptr, entry)
krb5_pointer ptr;
krb5_db_entry *entry;
{
+ return dump_k5beta6_iterator_ext(ptr, entry, 0);
+}
+
+static krb5_error_code
+dump_k5beta6_iterator_ext(ptr, entry, kadm)
+ krb5_pointer ptr;
+ krb5_db_entry *entry;
+ int kadm;
+{
krb5_error_code retval;
struct dump_args *arg;
char *name;
@@ -846,39 +851,45 @@ dump_k5beta6_iterator(ptr, entry)
*/
if (!arg->nnames || name_matches(name, arg)) {
/*
- * We'd like to just blast out the contents as they would
- * appear in the database so that we can just suck it back
- * in, but it doesn't lend itself to easy editing.
+ * We'd like to just blast out the contents as they would appear in
+ * the database so that we can just suck it back in, but it doesn't
+ * lend itself to easy editing.
*/
/*
- * The dump format is as follows: len strlen(name)
- * n_tl_data n_key_data e_length name attributes max_life
- * max_renewable_life expiration pw_expiration last_success
- * last_failed fail_auth_count n_tl_data*[type length
- * <contents>] n_key_data*[ver kvno ver*(type length
- * <contents>)] <e_data> Fields which are not encapsulated
- * by angle-brackets are to appear verbatim. Bracketed
- * fields absence is indicated by a -1 in its place
+ * The dump format is as follows:
+ * len strlen(name) n_tl_data n_key_data e_length
+ * name
+ * attributes max_life max_renewable_life expiration
+ * pw_expiration last_success last_failed fail_auth_count
+ * n_tl_data*[type length <contents>]
+ * n_key_data*[ver kvno ver*(type length <contents>)]
+ * <e_data>
+ * Fields which are not encapsulated by angle-brackets are to appear
+ * verbatim. A bracketed field's absence is indicated by a -1 in its
+ * place
*/
- /*
+ /*
* Make sure that the tagged list is reasonably correct.
*/
counter = skip = 0;
for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
- /*
- * don't dump tl data types we know aren't
- * understood by earlier revisions [krb5-admin/89]
- */
- switch (tlp->tl_data_type) {
- case KRB5_TL_KADM_DATA:
- skip++;
- break;
- default:
- counter++;
- break;
- }
+ /*
+ * don't dump tl data types we know aren't understood by
+ * earlier revisions [krb5-admin/89]
+ */
+ switch (tlp->tl_data_type) {
+ case KRB5_TL_KADM_DATA:
+ if (kadm)
+ counter++;
+ else
+ skip++;
+ break;
+ default:
+ counter++;
+ break;
+ }
}
if (counter + skip == entry->n_tl_data) {
@@ -900,30 +911,23 @@ dump_k5beta6_iterator(ptr, entry)
entry->last_failed,
entry->fail_auth_count);
/* Pound out tagged data. */
- for (tlp = entry->tl_data; tlp;
- tlp = tlp->tl_data_next) {
- if (tlp->tl_data_type == KRB5_TL_KADM_DATA)
- /* see above, [krb5-admin/89] */
- continue;
+ for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
+ if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm)
+ continue; /* see above, [krb5-admin/89] */
fprintf(arg->ofile, "%d\t%d\t",
(int) tlp->tl_data_type,
(int) tlp->tl_data_length);
if (tlp->tl_data_length)
- for (i = 0;
- i < tlp->tl_data_length;
- i++)
- fprintf(arg->ofile, "%02x",
- tlp->
- tl_data_contents[i]);
+ for (i=0; i<tlp->tl_data_length; i++)
+ fprintf(arg->ofile, "%02x", tlp->tl_data_contents[i]);
else
fprintf(arg->ofile, "%d", -1);
fprintf(arg->ofile, "\t");
}
/* Pound out key data */
- for (counter = 0;
- counter < entry->n_key_data; counter++) {
+ for (counter=0; counter<entry->n_key_data; counter++) {
kdata = &entry->key_data[counter];
fprintf(arg->ofile, "%d\t%d\t",
(int) kdata->key_data_ver,
@@ -933,15 +937,9 @@ dump_k5beta6_iterator(ptr, entry)
kdata->key_data_type[i],
kdata->key_data_length[i]);
if (kdata->key_data_length[i])
- for (j = 0;
- j < kdata->
- key_data_length[i];
- j++)
- fprintf(arg->ofile,
- "%02x",
- kdata->
- key_data_contents
- [i][j]);
+ for (j=0; j<kdata->key_data_length[i]; j++)
+ fprintf(arg->ofile, "%02x",
+ kdata->key_data_contents[i][j]);
else
fprintf(arg->ofile, "%d", -1);
fprintf(arg->ofile, "\t");
@@ -951,8 +949,7 @@ dump_k5beta6_iterator(ptr, entry)
/* Pound out extra data */
if (entry->e_length)
for (i=0; i<entry->e_length; i++)
- fprintf(arg->ofile, "%02x",
- entry->e_data[i]);
+ fprintf(arg->ofile, "%02x", entry->e_data[i]);
else
fprintf(arg->ofile, "%d", -1);
@@ -961,9 +958,10 @@ dump_k5beta6_iterator(ptr, entry)
if (arg->verbose)
fprintf(stderr, "%s\n", name);
- } else {
+ }
+ else {
fprintf(stderr, gettext(sdump_tl_inc_err),
- arg->programname, name, counter + skip,
+ arg->programname, name, counter+skip,
(int) entry->n_tl_data);
retval = EINVAL;
}
@@ -971,6 +969,7 @@ dump_k5beta6_iterator(ptr, entry)
krb5_xfree(name);
return(retval);
}
+
/*
* dump_iprop_iterator() - Output a dump record in iprop format.
*/
@@ -1136,6 +1135,15 @@ dump_k5beta7_princ(ptr, entry)
krb5_pointer ptr;
krb5_db_entry *entry;
{
+ return dump_k5beta7_princ_ext(ptr, entry, 0);
+}
+
+static krb5_error_code
+dump_k5beta7_princ_ext(ptr, entry, kadm)
+ krb5_pointer ptr;
+ krb5_db_entry *entry;
+ int kadm;
+{
krb5_error_code retval;
struct dump_args *arg;
char *name;
@@ -1165,11 +1173,12 @@ dump_k5beta7_princ(ptr, entry)
/* save the callee from matching the name again */
tmp_nnames = arg->nnames;
arg->nnames = 0;
- retval = dump_k5beta6_iterator(ptr, entry);
+ retval = dump_k5beta6_iterator_ext(ptr, entry, kadm);
arg->nnames = tmp_nnames;
}
+
free(name);
- return (retval);
+ return retval;
}
/*
@@ -1216,8 +1225,16 @@ dump_iprop_princ(ptr, entry)
free(name);
return (retval);
}
-void
-dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
+
+static krb5_error_code
+dump_k5beta7_princ_withpolicy(ptr, entry)
+ krb5_pointer ptr;
+ krb5_db_entry *entry;
+{
+ return dump_k5beta7_princ_ext(ptr, entry, 1);
+}
+
+void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
{
struct dump_args *arg;
@@ -1228,8 +1245,7 @@ dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
entry->policy_refcnt);
}
-void
-print_key_data(FILE * f, krb5_key_data * key_data)
+static void print_key_data(FILE *f, krb5_key_data *key_data)
{
int c;
@@ -1263,11 +1279,10 @@ print_key_data(FILE * f, krb5_key_data * key_data)
* nuttin
*
*/
-static krb5_error_code
-dump_ov_princ(krb5_pointer ptr, krb5_db_entry * kdb)
+static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
{
char *princstr;
- int x, y, foundcrc, ret;
+ int x, y, foundcrc;
struct dump_args *arg;
krb5_tl_data tl_data;
osa_princ_ent_rec adb;
@@ -1276,21 +1291,21 @@ dump_ov_princ(krb5_pointer ptr, krb5_db_entry * kdb)
arg = (struct dump_args *) ptr;
/*
* XXX Currently, lookup_tl_data always returns zero; it sets
- * tl_data->tl_data_length to zero if the type isn't found. This
- * should be fixed...
+ * tl_data->tl_data_length to zero if the type isn't found.
+ * This should be fixed...
*/
/*
* XXX Should this function do nothing for a principal with no
- * admin data, or print a record of "default" values? See comment
- * in server_kdb.c to help decide.
+ * admin data, or print a record of "default" values? See
+ * comment in server_kdb.c to help decide.
*/
tl_data.tl_data_type = KRB5_TL_KADM_DATA;
- if ((ret = krb5_dbe_lookup_tl_data(arg->kcontext, kdb, &tl_data)) ||
- (tl_data.tl_data_length == 0))
- return (0);
+ if (krb5_dbe_lookup_tl_data(arg->kcontext, kdb, &tl_data)
+ || (tl_data.tl_data_length == 0))
+ return 0;
memset(&adb, 0, sizeof(adb));
- xdrmem_create(&xdrs, (const caddr_t) tl_data.tl_data_contents,
+ xdrmem_create(&xdrs, (const caddr_t) tl_data.tl_data_contents,
tl_data.tl_data_length, XDR_DECODE);
if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) {
xdr_destroy(&xdrs);
@@ -1304,7 +1319,7 @@ dump_ov_princ(krb5_pointer ptr, krb5_db_entry * kdb)
fputc('\t', arg->ofile);
else
fprintf(arg->ofile, "%s\t", adb.policy);
- fprintf(arg->ofile, "%x\t%d\t%d\t%d", adb.aux_attributes,
+ fprintf(arg->ofile, "%lx\t%d\t%d\t%d", adb.aux_attributes,
adb.old_key_len,adb.old_key_next, adb.admin_history_kvno);
for (x = 0; x < adb.old_key_len; x++) {
@@ -1337,12 +1352,14 @@ dump_ov_princ(krb5_pointer ptr, krb5_db_entry * kdb)
fputc('\n', arg->ofile);
free(princstr);
- return (0);
+ return 0;
}
/*
* usage is:
- * dump_db [-i] [-old] [-b6] [-ov] [-verbose] [filename [principals...]]
+ * dump_db [-i] [-old] [-b6] [-b7] [-ov] [-verbose] [-mkey_convert]
+ * [-new_mkey_file mkey_file] [-rev] [-recurse]
+ * [filename [principals...]]
*/
void
dump_db(argc, argv)
@@ -1351,7 +1368,6 @@ dump_db(argc, argv)
{
FILE *f;
struct dump_args arglist;
- int error;
char *programname;
char *ofile;
krb5_error_code kret, retval;
@@ -1370,24 +1386,27 @@ dump_db(argc, argv)
if (strrchr(programname, (int) '/'))
programname = strrchr(argv[0], (int) '/') + 1;
ofile = (char *) NULL;
- error = 0;
- dump = &beta7_version;
+ dump = &r1_3_version;
arglist.verbose = 0;
new_mkey_file = 0;
mkey_convert = 0;
+ backwards = 0;
+ recursive = 0;
log_ctx = util_context->kdblog_context;
/*
* Parse the qualifiers.
*/
for (aindex = 1; aindex < argc; aindex++) {
- if (strcmp(argv[aindex], oldoption) == 0)
+ if (!strcmp(argv[aindex], oldoption))
dump = &old_version;
- else if (strcmp(argv[aindex], b6option) == 0)
+ else if (!strcmp(argv[aindex], b6option))
dump = &beta6_version;
- else if (strcmp(argv[aindex], ovoption) == 0)
+ else if (!strcmp(argv[aindex], b7option))
+ dump = &beta7_version;
+ else if (!strcmp(argv[aindex], ovoption))
dump = &ov_version;
- else if (!strcmp(argv[aindex], ipropoption)) {
+ else if (!strcmp(argv[aindex], ipropoption)) {
if (log_ctx && log_ctx->iproprole) {
dump = &iprop_version;
/*
@@ -1403,14 +1422,18 @@ dump_db(argc, argv)
return;
}
}
- else if (strcmp(argv[aindex], verboseoption) == 0)
+ else if (!strcmp(argv[aindex], verboseoption))
arglist.verbose++;
else if (!strcmp(argv[aindex], "-mkey_convert"))
mkey_convert = 1;
else if (!strcmp(argv[aindex], "-new_mkey_file")) {
new_mkey_file = argv[++aindex];
mkey_convert = 1;
- } else
+ } else if (!strcmp(argv[aindex], "-rev"))
+ backwards = 1;
+ else if (!strcmp(argv[aindex], "-recurse"))
+ recursive = 1;
+ else
break;
}
@@ -1463,10 +1486,11 @@ dump_db(argc, argv)
}
if (!new_mkey_file)
printf(gettext("Please enter new master key....\n"));
-
if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
global_params.enctype,
- !new_mkey_file, TRUE,
+ (new_mkey_file == 0) ?
+ (krb5_boolean) 1 : 0,
+ TRUE,
new_mkey_file, 0,
&new_master_key))) {
com_err(argv[0], retval,
@@ -1479,13 +1503,19 @@ dump_db(argc, argv)
locked = 0;
if (ofile && strcmp(ofile, "-")) {
/*
+ * Discourage accidental dumping to filenames beginning with '-'.
+ */
+ if (ofile[0] == '-')
+ usage();
+ /*
* Make sure that we don't open and truncate on the fopen,
* since that may hose an on-going kprop process.
*
- * We could also control this by opening for read and write,
- * doing an flock with LOCK_EX, and then truncating the
- * file once we have gotten the lock, but that would
- * involve more OS dependencies than I want to get into.
+ * We could also control this by opening for read and
+ * write, doing an flock with LOCK_EX, and then
+ * truncating the file once we have gotten the lock,
+ * but that would involve more OS dependencies than I
+ * want to get into.
*/
unlink(ofile);
if (!(f = fopen(ofile, "w"))) {
@@ -1500,7 +1530,8 @@ dump_db(argc, argv)
fprintf(stderr, gettext(oflock_error),
programname, ofile, error_message(kret));
exit_status++;
- } else
+ }
+ else
locked = 1;
} else {
f = stdout;
@@ -1538,9 +1569,10 @@ dump_db(argc, argv)
if (dump->header[strlen(dump->header)-1] != '\n')
fputc('\n', arglist.ofile);
- if ((kret = krb5_dbm_db_iterate(util_context,
- dump->dump_princ,
- (krb5_pointer) &arglist))) {
+ if ((kret = krb5_dbm_db_iterate(util_context,
+ dump->dump_princ,
+ (krb5_pointer) &arglist,
+ backwards, recursive))) {
fprintf(stderr, gettext(dumprec_err),
programname, dump->name, error_message(kret));
exit_status++;
@@ -1563,8 +1595,7 @@ error:
}
}
if (locked)
- (void) krb5_lock_file(util_context,
- fileno(f), KRB5_LOCKMODE_UNLOCK);
+ (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK);
}
/*
@@ -1673,6 +1704,7 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
if (mprinc.mod_princ)
krb5_free_principal(kcontext, mprinc.mod_princ);
}
+
/*
* Handle last password change.
*/
@@ -1689,119 +1721,42 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
linked = 0;
if (!pwchg) {
/* No, allocate a new one */
- if ((pwchg = (krb5_tl_data *)
- malloc(sizeof (krb5_tl_data)))) {
- memset(pwchg, 0, sizeof(krb5_tl_data));
- if (!(pwchg->tl_data_contents =
- (krb5_octet *) malloc(sizeof (krb5_timestamp)))) {
- free(pwchg);
- pwchg = (krb5_tl_data *) NULL;
- } else {
- pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
- pwchg->tl_data_length =
- (krb5_int16) sizeof (krb5_timestamp);
- }
+ if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
+ memset(pwchg, 0, sizeof(krb5_tl_data));
+ if (!(pwchg->tl_data_contents =
+ (krb5_octet *) malloc(sizeof(krb5_timestamp)))) {
+ free(pwchg);
+ pwchg = (krb5_tl_data *) NULL;
+ }
+ else {
+ pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+ pwchg->tl_data_length =
+ (krb5_int16) sizeof(krb5_timestamp);
+ }
}
- } else
- linked = 1;
+ }
+ else
+ linked = 1;
/* Do we have an entry? */
if (pwchg && pwchg->tl_data_contents) {
/* Encode it */
- krb5_kdb_encode_int32(last_pwd_change,
- pwchg->tl_data_contents);
+ krb5_kdb_encode_int32(last_pwd_change, pwchg->tl_data_contents);
/* Link it in if necessary */
if (!linked) {
pwchg->tl_data_next = dbentp->tl_data;
dbentp->tl_data = pwchg;
dbentp->n_tl_data++;
}
- } else
+ }
+ else
kret = ENOMEM;
}
+
return(kret);
}
-
#endif
-static int
-k5beta_parse_and_store(char *fname, krb5_context kcontext, int verbose,
- int *linenop, krb5_db_entry *dbent,
- char *name, char *mod_name,
- krb5_timestamp last_pwd_change,
- krb5_timestamp mod_date
-)
-{
- int error;
- int retval = 1;
- krb5_error_code kret;
- krb5_principal mod_princ;
- krb5_key_data *pkey, *akey;
-
- pkey = &dbent->key_data[0];
- akey = &dbent->key_data[1];
-
- if (!(kret = krb5_parse_name(kcontext, name, &dbent->princ))) {
- if (!(kret =
- krb5_parse_name(kcontext, mod_name, &mod_princ))) {
- if (!(kret = krb5_dbe_update_mod_princ_data(
- kcontext, dbent,
- mod_date, mod_princ)) &&
- !(kret = krb5_dbe_update_last_pwd_change(
- kcontext, dbent, last_pwd_change))) {
- int one = 1;
-
- dbent->len = KRB5_KDB_V1_BASE_LENGTH;
- pkey->key_data_ver =
- (pkey->key_data_type[1] ||
- pkey->key_data_length[1]) ? 2 : 1;
- akey->key_data_ver =
- (akey->key_data_type[1] ||
- akey->key_data_length[1]) ? 2 : 1;
- if ((pkey->key_data_type[0] ==
- akey->key_data_type[0]) &&
- (pkey->key_data_type[1] ==
- akey->key_data_type[1]))
- dbent->n_key_data--;
- else if ((akey->key_data_type[0] == 0) &&
- (akey->key_data_length[0] == 0) &&
- (akey->key_data_type[1] == 0) &&
- (akey->key_data_length[1] == 0))
- dbent->n_key_data--;
- if ((kret = krb5_db_put_principal(
- kcontext, dbent, &one)) ||
- (one != 1)) {
- fprintf(stderr, gettext(store_err_fmt),
- fname, *linenop, name,
- error_message(kret));
- error++;
- } else {
- if (verbose)
- fprintf(stderr,
- gettext(add_princ_fmt),
- name);
- retval = 0;
- }
- dbent->n_key_data = 2;
- }
- krb5_free_principal(kcontext, mod_princ);
- } else {
- fprintf(stderr,
- gettext(parse_err_fmt),
- fname, *linenop, mod_name,
- error_message(kret));
- error++;
- }
- } else {
- fprintf(stderr, gettext(parse_err_fmt),
- fname, *linenop, name,
- error_message(kret));
- error++;
- }
-
- return (retval);
-}
-
/*
* process_k5beta_record() - Handle a dump record in old format.
*
@@ -1871,15 +1826,14 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
(krb5_octet *) malloc((size_t) (key_len + 1)))) &&
(!alt_key_len ||
(akey->key_data_contents[0] =
- (krb5_octet *)
- malloc((size_t) (alt_key_len + 1)))) &&
+ (krb5_octet *) malloc((size_t) (alt_key_len + 1)))) &&
(!salt_len ||
(pkey->key_data_contents[1] =
(krb5_octet *) malloc((size_t) (salt_len + 1)))) &&
(!alt_salt_len ||
(akey->key_data_contents[1] =
- (krb5_octet *)
- malloc((size_t) (alt_salt_len + 1))))) {
+ (krb5_octet *) malloc((size_t) (alt_salt_len + 1))))
+ ) {
error = 0;
/* Read the principal name */
@@ -1888,10 +1842,9 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
error++;
}
/* Read the key type */
- if (!error &&
- (fscanf(filep, "\t%d\t", &tmpint1) != 1)) {
- try2read = read_key_type;
- error++;
+ if (!error && (fscanf(filep, "\t%d\t", &tmpint1) != 1)) {
+ try2read = read_key_type;
+ error++;
}
pkey->key_data_type[0] = tmpint1;
/* Read the old format key */
@@ -1902,24 +1855,15 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
error++;
}
/* convert to a new format key */
- /*
- * the encrypted version is stored as the
- * unencrypted key length (4 bytes, MSB first)
- * followed by the encrypted key.
- */
- if ((pkey->key_data_length[0] > 4) &&
- (pkey->key_data_contents[0][0] == 0) &&
- (pkey->key_data_contents[0][1] == 0)) {
- /*
- * this really does look like an old key,
- * so drop and swap
- */
- /*
- * the *new* length is 2 bytes, LSB first,
- * sigh.
- */
- size_t shortlen = pkey->key_data_length[0] - 4 + 2;
- krb5_octet *origdata = pkey->key_data_contents[0];
+ /* the encrypted version is stored as the unencrypted key length
+ (4 bytes, MSB first) followed by the encrypted key. */
+ if ((pkey->key_data_length[0] > 4)
+ && (pkey->key_data_contents[0][0] == 0)
+ && (pkey->key_data_contents[0][1] == 0)) {
+ /* this really does look like an old key, so drop and swap */
+ /* the *new* length is 2 bytes, LSB first, sigh. */
+ size_t shortlen = pkey->key_data_length[0]-4+2;
+ krb5_octet *origdata = pkey->key_data_contents[0];
shortcopy1 = (krb5_octet *) malloc(shortlen);
if (shortcopy1) {
@@ -1934,18 +1878,18 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
error++;
}
}
+
/* Read principal attributes */
- if (!error &&
- (fscanf(filep, "\t%u\t%u\t%u\t%u\t%u\t%u"
- "\t%u\t%u\t%u\t%u\t",
- &tmpint1, &dbent.max_life,
- &dbent.max_renewable_life,
- &tmpint2, &dbent.expiration,
- &dbent.pw_expiration, &last_pwd_change,
- &dbent.last_success, &dbent.last_failed,
- &tmpint3) != 10)) {
- try2read = read_pr_data1;
- error++;
+ if (!error && (fscanf(filep,
+ "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t",
+ &tmpint1, &dbent.max_life,
+ &dbent.max_renewable_life,
+ &tmpint2, &dbent.expiration,
+ &dbent.pw_expiration, &last_pwd_change,
+ &dbent.last_success, &dbent.last_failed,
+ &tmpint3) != 10)) {
+ try2read = read_pr_data1;
+ error++;
}
pkey->key_data_kvno = tmpint1;
dbent.fail_auth_count = tmpint3;
@@ -1973,37 +1917,28 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
error++;
}
/* Read alternate key type */
- if (!error &&
- (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
- try2read = read_akey_type;
- error++;
+ if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
+ try2read = read_akey_type;
+ error++;
}
akey->key_data_type[0] = tmpint1;
/* Read alternate key */
if (!error && read_octet_string(filep,
akey->key_data_contents[0],
akey->key_data_length[0])) {
- try2read = read_akey_data;
- error++;
+ try2read = read_akey_data;
+ error++;
}
+
/* convert to a new format key */
- /*
- * the encrypted version is stored as the
- * unencrypted key length (4 bytes, MSB first)
- * followed by the encrypted key.
- */
- if ((akey->key_data_length[0] > 4) &&
- (akey->key_data_contents[0][0] == 0) &&
- (akey->key_data_contents[0][1] == 0)) {
- /*
- * this really does look like an old key,
- * so drop and swap
- */
- /*
- * the *new* length is 2 bytes, LSB first,
- * sigh.
- */
- size_t shortlen = akey->key_data_length[0] - 4 + 2;
+ /* the encrypted version is stored as the unencrypted key length
+ (4 bytes, MSB first) followed by the encrypted key. */
+ if ((akey->key_data_length[0] > 4)
+ && (akey->key_data_contents[0][0] == 0)
+ && (akey->key_data_contents[0][1] == 0)) {
+ /* this really does look like an old key, so drop and swap */
+ /* the *new* length is 2 bytes, LSB first, sigh. */
+ size_t shortlen = akey->key_data_length[0]-4+2;
krb5_octet *origdata = akey->key_data_contents[0];
@@ -2021,11 +1956,11 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
error++;
}
}
+
/* Read alternate salt type */
- if (!error &&
- (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
- try2read = read_asalt_type;
- error++;
+ if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
+ try2read = read_asalt_type;
+ error++;
}
akey->key_data_type[1] = tmpint1;
/* Read alternate salt data */
@@ -2038,31 +1973,93 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
/* Read expansion data - discard it */
if (!error) {
for (i=0; i<8; i++) {
- if (fscanf(filep,
- "\t%u", &tmpint1) != 1) {
+ if (fscanf(filep, "\t%u", &tmpint1) != 1) {
try2read = read_exp_data;
error++;
break;
- }
+ }
}
if (!error)
find_record_end(filep, fname, *linenop);
}
+
/*
- * If no error, then we're done reading. Now parse
- * the names and store the database dbent.
+ * If no error, then we're done reading. Now parse the names
+ * and store the database dbent.
*/
if (!error) {
- retval = k5beta_parse_and_store(
- fname, kcontext, verbose,
- linenop, &dbent, name, mod_name,
- last_pwd_change, mod_date);
- } else {
- fprintf(stderr, gettext(read_err_fmt),
- fname, *linenop, try2read);
+ if (!(kret = krb5_parse_name(kcontext,
+ name,
+ &dbent.princ))) {
+ if (!(kret = krb5_parse_name(kcontext,
+ mod_name,
+ &mod_princ))) {
+ if (!(kret =
+ krb5_dbe_update_mod_princ_data(kcontext,
+ &dbent,
+ mod_date,
+ mod_princ)) &&
+ !(kret =
+ krb5_dbe_update_last_pwd_change(kcontext,
+ &dbent,
+ last_pwd_change))) {
+ int one = 1;
+
+ dbent.len = KRB5_KDB_V1_BASE_LENGTH;
+ pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ?
+ 2 : 1;
+ akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ?
+ 2 : 1;
+ if ((pkey->key_data_type[0] ==
+ akey->key_data_type[0]) &&
+ (pkey->key_data_type[1] ==
+ akey->key_data_type[1]))
+ dbent.n_key_data--;
+ else if ((akey->key_data_type[0] == 0)
+ && (akey->key_data_length[0] == 0)
+ && (akey->key_data_type[1] == 0)
+ && (akey->key_data_length[1] == 0))
+ dbent.n_key_data--;
+ if ((kret = krb5_db_put_principal(kcontext,
+ &dbent,
+ &one)) ||
+ (one != 1)) {
+ fprintf(stderr, gettext(store_err_fmt),
+ fname, *linenop, name,
+ error_message(kret));
+ error++;
+ }
+ else {
+ if (verbose)
+ fprintf(stderr,
+ gettext(add_princ_fmt),
+ name);
+ retval = 0;
+ }
+ dbent.n_key_data = 2;
+ }
+ krb5_free_principal(kcontext, mod_princ);
+ }
+ else {
+ fprintf(stderr,
+ gettext(parse_err_fmt),
+ fname, *linenop, mod_name,
+ error_message(kret));
+ error++;
+ }
+ }
+ else {
+ fprintf(stderr, gettext(parse_err_fmt),
+ fname, *linenop, name, error_message(kret));
+ error++;
+ }
+ }
+ else {
+ fprintf(stderr, gettext(no_mem_fmt), fname, *linenop, try2read);
}
- } else {
- fprintf(stderr, gettext(no_mem_fmt), fname, *linenop);
+ }
+ else {
+ fprintf(stderr, gettext(read_err_fmt), fname, *linenop);
}
krb5_db_free_principal(kcontext, &dbent, 1);
@@ -2070,12 +2067,13 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
free(mod_name);
if (name)
free(name);
- } else {
+ }
+ else {
if (nmatched != EOF)
fprintf(stderr, gettext(rhead_err_fmt),
fname, *linenop);
else
- retval = -1;
+ retval = -1;
}
if (shortcopy1)
@@ -2083,111 +2081,7 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
if (shortcopy2)
free(shortcopy2);
- return (retval);
-}
-
-static int
-get_k5beta6_tag_data(FILE *filep, krb5_db_entry dbentry, const char **try2read)
-{
- int error = 0;
- int i;
-
- krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9;
- int nread;
- krb5_tl_data *tl;
-
- for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) {
- nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
- if (nread == 2) {
- tl->tl_data_type = (krb5_int16) t1;
- tl->tl_data_length = (krb5_int16) t2;
- if (tl->tl_data_length) {
- if (!(tl->tl_data_contents =
- (krb5_octet *)
- malloc((size_t) t2 + 1)) ||
- read_octet_string(filep,
- tl->tl_data_contents, t2)) {
- *try2read = read_tcontents;
- error++;
- break;
- }
- } else {
- /* Should be a null field */
- nread = fscanf(filep, "%d", &t9);
- if ((nread != 1) || (t9 != -1)) {
- error++;
- *try2read = read_tcontents;
- break;
- }
- }
- } else {
- *try2read = read_ttypelen;
- error++;
- break;
- }
- }
-
- return (error);
-}
-
-static int
-get_k5beta6_key_data(FILE *filep, krb5_db_entry dbentry, const char **try2read)
-{
- int error = 0;
- int i, j;
-
- krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9;
- int nread;
- krb5_key_data *kdatap;
-
- for (i = 0; !error && (i < dbentry.n_key_data); i++) {
- kdatap = &dbentry.key_data[i];
- nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
- if (nread == 2) {
- kdatap->key_data_ver = (krb5_int16) t1;
- kdatap->key_data_kvno = (krb5_int16) t2;
-
- for (j = 0; j < t1; j++) {
- nread = fscanf(filep, "%d\t%d\t", &t3, &t4);
- if (nread == 2) {
- kdatap->key_data_type[j] = t3;
- kdatap->key_data_length[j] = t4;
- if (t4) {
- if (!(kdatap->
- key_data_contents[j] =
- (krb5_octet *)
- malloc((size_t) t4
- + 1)) ||
- read_octet_string(filep,
- kdatap->
- key_data_contents[j],
- t4)) {
- *try2read =
- read_kcontents;
- error++;
- break;
- }
- } else {
- /* Should be a null field */
- nread = fscanf(filep,
- "%d", &t9);
- if ((nread != 1) ||
- (t9 != -1)) {
- error++;
- *try2read =
- read_kcontents;
- break;
- }
- }
- } else {
- *try2read = read_ktypelen;
- error++;
- break;
- }
- }
- }
- }
- return (error);
+ return(retval);
}
/*
@@ -2235,12 +2129,12 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
/* Get memory for and form tagged data linked list */
tlp = &dbentry.tl_data;
for (i=0; i<t3; i++) {
- if ((*tlp = (krb5_tl_data *)
- malloc(sizeof (krb5_tl_data)))) {
+ if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
memset(*tlp, 0, sizeof(krb5_tl_data));
tlp = &((*tlp)->tl_data_next);
dbentry.n_tl_data++;
- } else {
+ }
+ else {
error++;
break;
}
@@ -2260,8 +2154,7 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
dbentry.n_key_data = t4;
dbentry.e_length = t5;
if (kp) {
- memset(kp, 0,
- (size_t) (t4 * sizeof (krb5_key_data)));
+ memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data)));
dbentry.key_data = kp;
kp = (krb5_key_data *) NULL;
}
@@ -2270,31 +2163,23 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
dbentry.e_data = op;
op = (krb5_octet *) NULL;
}
+
/* Read in and parse the principal name */
if (!read_string(filep, name, t2, linenop) &&
- !(kret = krb5_parse_name(kcontext,
- name, &dbentry.princ))) {
+ !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) {
/* Get the fixed principal attributes */
- nread = fscanf(filep, "%d\t%d\t%d\t%d"
- "\t%d\t%d\t%d\t%d\t",
- &t2, &t3, &t4, &t5,
- &t6, &t7, &t8, &t9);
+ nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
+ &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9);
if (nread == 8) {
dbentry.attributes = (krb5_flags) t2;
dbentry.max_life = (krb5_deltat) t3;
- dbentry.max_renewable_life =
- (krb5_deltat) t4;
- dbentry.expiration =
- (krb5_timestamp) t5;
- dbentry.pw_expiration =
- (krb5_timestamp) t6;
- dbentry.last_success =
- (krb5_timestamp) t7;
- dbentry.last_failed =
- (krb5_timestamp) t8;
- dbentry.fail_auth_count =
- (krb5_kvno) t9;
+ dbentry.max_renewable_life = (krb5_deltat) t4;
+ dbentry.expiration = (krb5_timestamp) t5;
+ dbentry.pw_expiration = (krb5_timestamp) t6;
+ dbentry.last_success = (krb5_timestamp) t7;
+ dbentry.last_failed = (krb5_timestamp) t8;
+ dbentry.fail_auth_count = (krb5_kvno) t9;
} else {
try2read = read_nint_data;
error++;
@@ -2303,27 +2188,94 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
/*
* Get the tagged data.
*
- * Really, this code ought to discard tl data
- * types that it knows are special to the
- * current version and were not supported
- * in the previous version. But it's a pain
- * to implement that here, and doing it at
- * dump time has almost as good an effect,
- * so that's what I did. [krb5-admin/89/
+ * Really, this code ought to discard tl data types
+ * that it knows are special to the current version
+ * and were not supported in the previous version.
+ * But it's a pain to implement that here, and doing
+ * it at dump time has almost as good an effect, so
+ * that's what I did. [krb5-admin/89]
*/
if (!error && dbentry.n_tl_data) {
- error = get_k5beta6_tag_data(
- filep,
- dbentry,
- &try2read);
+ for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) {
+ nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
+ if (nread == 2) {
+ tl->tl_data_type = (krb5_int16) t1;
+ tl->tl_data_length = (krb5_int16) t2;
+ if (tl->tl_data_length) {
+ if (!(tl->tl_data_contents =
+ (krb5_octet *) malloc((size_t) t2+1)) ||
+ read_octet_string(filep,
+ tl->tl_data_contents,
+ t2)) {
+ try2read = read_tcontents;
+ error++;
+ break;
}
+ }
+ else {
+ /* Should be a null field */
+ nread = fscanf(filep, "%d", &t9);
+ if ((nread != 1) || (t9 != -1)) {
+ error++;
+ try2read = read_tcontents;
+ break;
+ }
+ }
+ }
+ else {
+ try2read = read_ttypelen;
+ error++;
+ break;
+ }
+ }
+ }
+
/* Get the key data */
if (!error && dbentry.n_key_data) {
- error = get_k5beta6_key_data(
- filep,
- dbentry,
- &try2read);
+ for (i=0; !error && (i<dbentry.n_key_data); i++) {
+ kdatap = &dbentry.key_data[i];
+ nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
+ if (nread == 2) {
+ kdatap->key_data_ver = (krb5_int16) t1;
+ kdatap->key_data_kvno = (krb5_int16) t2;
+
+ for (j=0; j<t1; j++) {
+ nread = fscanf(filep, "%d\t%d\t", &t3, &t4);
+ if (nread == 2) {
+ kdatap->key_data_type[j] = t3;
+ kdatap->key_data_length[j] = t4;
+ if (t4) {
+ if (!(kdatap->key_data_contents[j] =
+ (krb5_octet *)
+ malloc((size_t) t4+1)) ||
+ read_octet_string(filep,
+ kdatap->key_data_contents[j],
+ t4)) {
+ try2read = read_kcontents;
+ error++;
+ break;
}
+ }
+ else {
+ /* Should be a null field */
+ nread = fscanf(filep, "%d", &t9);
+ if ((nread != 1) || (t9 != -1)) {
+ error++;
+ try2read = read_kcontents;
+ break;
+ }
+ }
+ }
+ else {
+ try2read = read_ktypelen;
+ error++;
+ break;
+ }
+ }
+ }
+ }
+ }
+
/* Get the extra data */
if (!error && dbentry.e_length) {
if (read_octet_string(filep,
@@ -2332,7 +2284,8 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
try2read = read_econtents;
error++;
}
- } else {
+ }
+ else {
nread = fscanf(filep, "%d", &t9);
if ((nread != 1) || (t9 != -1)) {
error++;
@@ -2345,20 +2298,19 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
find_record_end(filep, fname, *linenop);
/*
- * We have either read in all the data or
- * choked.
+ * We have either read in all the data or choked.
*/
if (!error) {
one = 1;
- if ((kret = krb5_db_put_principal(
- kcontext,
+ if ((kret = krb5_db_put_principal(kcontext,
&dbentry,
&one))) {
fprintf(stderr,
gettext(store_err_fmt),
fname, *linenop,
name, error_message(kret));
- } else {
+ }
+ else {
if (verbose)
fprintf(stderr,
gettext(
@@ -2366,21 +2318,23 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
name);
retval = 0;
}
- } else {
+ }
+ else {
fprintf(stderr, gettext(read_err_fmt),
fname, *linenop, try2read);
}
- } else {
+ }
+ else {
if (kret)
fprintf(stderr, gettext(parse_err_fmt),
- fname, *linenop, name,
- error_message(kret));
+ fname, *linenop, name, error_message(kret));
else
- fprintf(stderr, gettext(no_mem_fmt),
+ fprintf(stderr, gettext(no_mem_fmt),
fname, *linenop);
}
- } else {
- fprintf(stderr,
+ }
+ else {
+ fprintf(stderr,
gettext(rhead_err_fmt), fname, *linenop);
}
@@ -2391,14 +2345,15 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
if (name)
free(name);
krb5_db_free_principal(kcontext, &dbentry, 1);
- } else {
+ }
+ else {
if (nread == EOF)
retval = -1;
}
return(retval);
}
-int
+static int
process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db)
char *fname;
krb5_context kcontext;
@@ -2419,12 +2374,12 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db)
&rec.pw_min_length, &rec.pw_min_classes,
&rec.pw_history_num, &rec.policy_refcnt);
if (nread == EOF)
- return (-1);
+ return -1;
else if (nread != 7) {
fprintf(stderr,
gettext("cannot parse policy on line %d (%d read)\n"),
*linenop, nread);
- return (1);
+ return 1;
}
if ((ret = osa_adb_create_policy(pol_db, &rec))) {
@@ -2432,17 +2387,17 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db)
((ret = osa_adb_put_policy(pol_db, &rec)))) {
fprintf(stderr, gettext("cannot create policy on line %d: %s\n"),
*linenop, error_message(ret));
- return (1);
+ return 1;
}
}
if (verbose)
fprintf(stderr, gettext("created policy %s\n"), rec.name);
- return (0);
+ return 0;
}
/*
- * process_k5beta7_record() - Handle a dump record in krb5b6 format.
+ * process_k5beta7_record() - Handle a dump record in krb5b7 format.
*
* Returns -1 for end of file, 0 for success and 1 for failure.
*/
@@ -2460,9 +2415,9 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db)
nread = fscanf(filep, "%100s\t", rectype);
if (nread == EOF)
- return (-1);
+ return -1;
else if (nread != 1)
- return (1);
+ return 1;
if (strcmp(rectype, "princ") == 0)
process_k5beta6_record(fname, kcontext, filep, verbose,
linenop, pol_db);
@@ -2473,10 +2428,10 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db)
fprintf(stderr,
gettext("unknown record type \"%s\" on line %d\n"),
rectype, *linenop);
- return (1);
+ return 1;
}
- return (0);
+ return 0;
}
/*
@@ -2498,9 +2453,9 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db)
nread = fscanf(filep, "%100s\t", rectype);
if (nread == EOF)
- return (-1);
+ return -1;
else if (nread != 1)
- return (1);
+ return 1;
if (strcmp(rectype, "princ") == 0)
process_ov_principal(fname, kcontext, filep, verbose,
linenop, pol_db);
@@ -2508,15 +2463,15 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db)
process_k5beta7_policy(fname, kcontext, filep, verbose,
linenop, pol_db);
else if (strcmp(rectype, "End") == 0)
- return (-1);
+ return -1;
else {
fprintf(stderr,
gettext("unknown record type \"%s\" on line %d\n"),
rectype, *linenop);
- return (1);
+ return 1;
}
- return (0);
+ return 0;
}
/*
@@ -2546,7 +2501,8 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db)
f,
verbose,
&lineno,
- pol_db)));
+ pol_db)))
+ ;
if (error != -1)
fprintf(stderr, gettext(err_line_fmt),
programname, lineno, dumpfile);
@@ -2557,7 +2513,8 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db)
}
/*
- * Usage: load_db [-i] [-old] [-ov] [-b6] [-verbose] [-update] [-hash] filename
+ * Usage: load_db [-i] [-old] [-ov] [-b6] [-b7] [-verbose] [-update] [-hash]
+ * filename
*/
void
load_db(argc, argv)
@@ -2603,13 +2560,15 @@ load_db(argc, argv)
log_ctx = util_context->kdblog_context;
for (aindex = 1; aindex < argc; aindex++) {
- if (strcmp(argv[aindex], oldoption) == 0)
+ if (!strcmp(argv[aindex], oldoption))
load = &old_version;
- else if (strcmp(argv[aindex], b6option) == 0)
+ else if (!strcmp(argv[aindex], b6option))
load = &beta6_version;
- else if (strcmp(argv[aindex], ovoption) == 0)
+ else if (!strcmp(argv[aindex], b7option))
+ load = &beta7_version;
+ else if (!strcmp(argv[aindex], ovoption))
load = &ov_version;
- else if (!strcmp(argv[aindex], ipropoption)) {
+ else if (!strcmp(argv[aindex], ipropoption)) {
if (log_ctx && log_ctx->iproprole) {
load = &iprop_version;
add_update = FALSE;
@@ -2618,9 +2577,10 @@ load_db(argc, argv)
exit_status++;
return;
}
- } else if (strcmp(argv[aindex], verboseoption) == 0)
+ }
+ else if (!strcmp(argv[aindex], verboseoption))
verbose = 1;
- else if (strcmp(argv[aindex], updateoption) == 0)
+ else if (!strcmp(argv[aindex], updateoption))
update = 1;
else if (!strcmp(argv[aindex], hashoption))
crflags = KRB5_KDB_CREATE_HASH;
@@ -2677,21 +2637,16 @@ load_db(argc, argv)
f = stdin;
/*
- * Auto-detect dump version if we weren't told, verify if we were
- * told.
+ * Auto-detect dump version if we weren't told, verify if we
+ * were told.
*/
fgets(buf, sizeof(buf), f);
if (load) {
- /*
- * only check what we know; some headers only contain a
- * prefix
- */
+ /* only check what we know; some headers only contain a prefix */
if (strncmp(buf, load->header, strlen(load->header)) != 0) {
- fprintf(stderr, gettext(head_bad_fmt),
- programname, dumpfile);
+ fprintf(stderr, gettext(head_bad_fmt), programname, dumpfile);
exit_status++;
- if (dumpfile)
- fclose(f);
+ if (dumpfile) fclose(f);
return;
}
} else {
@@ -2702,15 +2657,16 @@ load_db(argc, argv)
load = &beta6_version;
else if (strcmp(buf, beta7_version.header) == 0)
load = &beta7_version;
+ else if (strcmp(buf, r1_3_version.header) == 0)
+ load = &r1_3_version;
else if (strncmp(buf, ov_version.header,
strlen(ov_version.header)) == 0)
load = &ov_version;
- else {
+ else {
fprintf(stderr, gettext(head_bad_fmt),
programname, dumpfile);
exit_status++;
- if (dumpfile)
- fclose(f);
+ if (dumpfile) fclose(f);
return;
}
}
@@ -2722,6 +2678,7 @@ load_db(argc, argv)
exit_status++;
return;
}
+
/*
* Cons up params for the new databases. If we are not in update
* mode use a temp name that we'll rename later.
@@ -2740,6 +2697,7 @@ load_db(argc, argv)
return;
}
}
+
/*
* If not an update restoration, create the temp database. Always
* create a temp policy db, even if we are not loading a dump file
@@ -2760,22 +2718,22 @@ load_db(argc, argv)
programname, error_message(kret));
exit_status++;
kadm5_free_config_params(kcontext, &newparams);
- if (dumpfile)
- fclose(f);
+ if (dumpfile) fclose(f);
return;
}
+
/*
* Point ourselves at the new databases.
*/
- if ((kret = krb5_db_set_name(kcontext,
- (update) ? dbname : dbname_tmp))) {
+ if ((kret = krb5_db_set_name(kcontext,
+ (update) ? dbname : dbname_tmp))) {
fprintf(stderr, gettext(dbname_err_fmt),
programname,
(update) ? dbname : dbname_tmp, error_message(kret));
exit_status++;
goto error;
}
- if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) {
+ if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) {
fprintf(stderr,
gettext("%s: %s while opening policy database\n"),
programname, error_message(kret));
@@ -2787,7 +2745,7 @@ load_db(argc, argv)
* the update fails.
*/
if (update) {
- if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) {
+ if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) {
fprintf(stderr,
gettext("%s: %s while "
"permanently locking database\n"),
@@ -2800,8 +2758,8 @@ load_db(argc, argv)
/*
* Initialize the database.
*/
- if ((kret = krb5_db_init(kcontext))) {
- fprintf(stderr, gettext(dbinit_err_fmt),
+ if ((kret = krb5_db_init(kcontext))) {
+ fprintf(stderr, gettext(dbinit_err_fmt),
programname, error_message(kret));
exit_status++;
goto error;
@@ -2812,13 +2770,13 @@ load_db(argc, argv)
if (!update) {
kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
if (kret) {
- fprintf(stderr, gettext(dblock_err_fmt),
+ fprintf(stderr, gettext(dblock_err_fmt),
programname, error_message(kret));
exit_status++;
goto error;
}
}
-
+
if (log_ctx && log_ctx->iproprole) {
if (add_update)
caller = FKCOMMAND;
@@ -2866,27 +2824,27 @@ load_db(argc, argv)
}
}
- if (restore_dump(programname, kcontext,
- (dumpfile) ? dumpfile : stdin_name,
+ if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name,
f, verbose, load, tmppol_db)) {
fprintf(stderr, gettext(restfail_fmt),
programname, load->name);
exit_status++;
}
+
if (!update && (kret = krb5_db_unlock(kcontext))) {
/* change this error? */
fprintf(stderr, gettext(dbunlockerr_fmt),
programname, dbname_tmp, error_message(kret));
exit_status++;
}
- if ((kret = krb5_db_fini(kcontext))) {
+ if ((kret = krb5_db_fini(kcontext))) {
fprintf(stderr, gettext(close_err_fmt),
programname, error_message(kret));
exit_status++;
}
if (!update && load->create_kadm5 &&
- ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
+ ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
/* error message printed by create_magic_princs */
exit_status++;
}
@@ -2895,28 +2853,27 @@ load_db(argc, argv)
error:
/*
- * If not an update: if there was an error, destroy the temp
- * database, otherwise rename it into place.
+ * If not an update: if there was an error, destroy the temp database,
+ * otherwise rename it into place.
*
* If an update: if there was no error, unlock the database.
*/
if (!update) {
if (exit_status) {
- if ((kret =
- krb5_db_destroy(kcontext, dbname_tmp))) {
+ if ((kret = krb5_db_destroy(kcontext, dbname_tmp))) {
fprintf(stderr, gettext(dbdelerr_fmt),
- programname, dbname_tmp,
- error_message(kret));
+ programname, dbname_tmp, error_message(kret));
exit_status++;
}
- if ((kret = osa_adb_destroy_policy_db(&newparams))) {
+ if ((kret = osa_adb_destroy_policy_db(&newparams))) {
fprintf(stderr,
gettext("%s: %s while destroying "
"policy database\n"),
programname, error_message(kret));
exit_status++;
}
- } else {
+ }
+ else {
if ((kret = krb5_db_rename(kcontext,
dbname_tmp,
dbname))) {
@@ -2925,13 +2882,15 @@ error:
error_message(kret));
exit_status++;
}
- if ((kret = osa_adb_close_policy(tmppol_db))) {
- fprintf(stderr, gettext(close_err_fmt),
+
+ if ((kret = osa_adb_close_policy(tmppol_db))) {
+ fprintf(stderr, gettext(close_err_fmt),
programname, error_message(kret));
exit_status++;
}
- if ((kret = osa_adb_rename_policy_db(&newparams,
- &global_params))) {
+
+ if ((kret = osa_adb_rename_policy_db(&newparams,
+ &global_params))) {
fprintf(stderr,
gettext("%s: %s while renaming "
"policy db %s to %s\n"),
@@ -2941,25 +2900,26 @@ error:
exit_status++;
}
}
- } else { /* update */
- if (!exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) {
- fprintf(stderr,
+ } else /* update */ {
+ if (! exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) {
+ fprintf(stderr,
gettext("%s: %s while releasing permanent lock\n"),
programname, error_message(kret));
exit_status++;
}
- if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) {
- fprintf(stderr, gettext(close_err_fmt),
+
+ if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) {
+ fprintf(stderr, gettext(close_err_fmt),
programname, error_message(kret));
exit_status++;
}
}
if (dumpfile) {
- (void) krb5_lock_file(kcontext,
- fileno(f), KRB5_LOCKMODE_UNLOCK);
+ (void) krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_UNLOCK);
fclose(f);
}
+
if (dbname_tmp)
free(dbname_tmp);
krb5_free_context(kcontext);
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/import_err.h b/usr/src/cmd/krb5/kadmin/dbutil/import_err.h
index 95f9693dc4..e35cdfe0ab 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/import_err.h
+++ b/usr/src/cmd/krb5/kadmin/dbutil/import_err.h
@@ -1,11 +1,8 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
-#ifndef _IMPORT_ERR_H
-#define _IMPORT_ERR_H
-
#pragma ident "%Z%%M% %I% %E% SMI"
/*
@@ -25,45 +22,49 @@
*
*/
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/*
* import_err.h:
* This file is automatically generated; please do not edit it.
*/
-#define IMPORT_NO_ERR (37349888L)
-#define IMPORT_BAD_FILE (37349889L)
-#define IMPORT_BAD_TOKEN (37349890L)
-#define IMPORT_BAD_VERSION (37349891L)
-#define IMPORT_BAD_RECORD (37349892L)
-#define IMPORT_BAD_FOOTER (37349893L)
-#define IMPORT_FAILED (37349894L)
-#define IMPORT_COUNT_MESSAGE (37349895L)
-#define IMPORT_MISMATCH_COUNT (37349896L)
-#define IMPORT_UNK_OPTION (37349897L)
-#define IMPORT_WARN_DB (37349898L)
-#define IMPORT_RENAME_FAILED (37349899L)
-#define IMPORT_EXTRA_DATA (37349900L)
-#define IMPORT_CONFIRM (37349901L)
-#define IMPORT_OPEN_DUMP (37349902L)
-#define IMPORT_IMPORT (37349903L)
-#define IMPORT_TTY (37349904L)
-#define IMPORT_RENAME_OPEN (37349905L)
-#define IMPORT_RENAME_LOCK (37349906L)
-#define IMPORT_RENAME_UNLOCK (37349907L)
-#define IMPORT_RENAME_CLOSE (37349908L)
-#define IMPORT_SINGLE_RECORD (37349909L)
-#define IMPORT_PLURAL_RECORDS (37349910L)
-#define IMPORT_GET_PARAMS (37349911L)
-#define ERROR_TABLE_BASE_imp (37349888L)
-/* for compatibility with older versions... */
-#define imp_err_base ERROR_TABLE_BASE_imp
+#include <com_err.h>
-#ifdef __cplusplus
-}
+#define IMPORT_NO_ERR (37349888L)
+#define IMPORT_BAD_FILE (37349889L)
+#define IMPORT_BAD_TOKEN (37349890L)
+#define IMPORT_BAD_VERSION (37349891L)
+#define IMPORT_BAD_RECORD (37349892L)
+#define IMPORT_BAD_FOOTER (37349893L)
+#define IMPORT_FAILED (37349894L)
+#define IMPORT_COUNT_MESSAGE (37349895L)
+#define IMPORT_MISMATCH_COUNT (37349896L)
+#define IMPORT_UNK_OPTION (37349897L)
+#define IMPORT_WARN_DB (37349898L)
+#define IMPORT_RENAME_FAILED (37349899L)
+#define IMPORT_EXTRA_DATA (37349900L)
+#define IMPORT_CONFIRM (37349901L)
+#define IMPORT_OPEN_DUMP (37349902L)
+#define IMPORT_IMPORT (37349903L)
+#define IMPORT_TTY (37349904L)
+#define IMPORT_RENAME_OPEN (37349905L)
+#define IMPORT_RENAME_LOCK (37349906L)
+#define IMPORT_RENAME_UNLOCK (37349907L)
+#define IMPORT_RENAME_CLOSE (37349908L)
+#define IMPORT_SINGLE_RECORD (37349909L)
+#define IMPORT_PLURAL_RECORDS (37349910L)
+#define IMPORT_GET_PARAMS (37349911L)
+#define ERROR_TABLE_BASE_imp (37349888L)
+
+extern const struct error_table et_imp_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_imp_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_imp_error_table()
#endif
-#endif /* !_IMPORT_ERR_H */
+#if !defined(_WIN32)
+#define init_imp_err_tbl initialize_imp_error_table
+#define imp_err_base ERROR_TABLE_BASE_imp
+#endif
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kadm5_create.c b/usr/src/cmd/krb5/kadmin/dbutil/kadm5_create.c
index 8c6108a7a6..1e89515519 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kadm5_create.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kadm5_create.c
@@ -37,10 +37,6 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c,v 1.6 1998/10/30 02:52:37 marc Exp $";
-#endif
-
#include "string_table.h"
#include <stdio.h>
@@ -48,6 +44,8 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c
#include <string.h>
#include <kadm5/adb.h>
#include <kadm5/admin.h>
+#include <krb5/adm_proto.h>
+
#include <krb5.h>
#include <krb5/kdb.h>
@@ -63,8 +61,10 @@ int
add_admin_princ(void *handle, krb5_context context,
krb5_principal principal, int attrs, int lifetime);
-#define KADM5_ERR 1
-#define KADM5_OK 0
+static int add_admin_princs(void *handle, krb5_context context, char *realm);
+
+#define ERR 1
+#define OK 0
#define ADMIN_LIFETIME 60*60*3 /* 3 hours */
#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
@@ -82,18 +82,15 @@ extern char *progname;
* principals in the KDC database and sets their attributes
* appropriately.
*/
-int
-kadm5_create(kadm5_config_params * params)
+int kadm5_create(kadm5_config_params *params)
{
int retval;
- void *handle;
krb5_context context;
- FILE *f;
kadm5_config_params lparams;
- if (retval = krb5_init_context(&context))
- exit(KADM5_ERR);
+ if ((retval = krb5_init_context(&context)))
+ exit(ERR);
(void) memset(&lparams, 0, sizeof (kadm5_config_params));
@@ -101,14 +98,15 @@ kadm5_create(kadm5_config_params * params)
* The lock file has to exist before calling kadm5_init, but
* params->admin_lockfile may not be set yet...
*/
- if (retval = kadm5_get_config_params(context, NULL, NULL,
- params, &lparams)) {
- com_err(progname, retval, gettext(str_INITING_KCONTEXT));
- return (1);
+ if ((retval = kadm5_get_config_params(context, NULL, NULL,
+ params, &lparams))) {
+ com_err(progname, retval, gettext("while looking up the Kerberos configuration"));
+ return 1;
}
- if (retval = osa_adb_create_policy_db(&lparams)) {
+
+ if ((retval = osa_adb_create_policy_db(&lparams))) {
com_err(progname, retval, gettext(str_CREATING_POLICY_DB));
- return (1);
+ return 1;
}
retval = kadm5_create_magic_princs(&lparams, context);
@@ -116,28 +114,33 @@ kadm5_create(kadm5_config_params * params)
kadm5_free_config_params(context, &lparams);
krb5_free_context(context);
- return (retval);
+ return retval;
}
-int
-kadm5_create_magic_princs(kadm5_config_params * params,
- krb5_context *context)
+int kadm5_create_magic_princs(kadm5_config_params *params,
+ krb5_context context)
{
int retval;
void *handle;
+ retval = krb5_klog_init(context, "admin_server", progname, 0);
+ if (retval)
+ return retval;
if ((retval = kadm5_init(progname, NULL, NULL, params,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
&handle))) {
- com_err(progname, retval, gettext(str_INITING_KCONTEXT));
- return (retval);
+ com_err(progname, retval, gettext("while initializing the Kerberos admin interface"));
+ return retval;
}
+
retval = add_admin_princs(handle, context, params->realm);
kadm5_destroy(handle);
- return (retval);
+ krb5_klog_close(context);
+
+ return retval;
}
/*
@@ -157,14 +160,13 @@ kadm5_create_magic_princs(kadm5_config_params * params,
*
* Requires: both strings are null-terminated
*/
-char *
-build_name_with_realm(char *name, char *realm)
+static char *build_name_with_realm(char *name, char *realm)
{
char *n;
n = (char *) malloc(strlen(name) + strlen(realm) + 2);
sprintf(n, "%s@%s", name, realm);
- return (n);
+ return n;
}
/*
@@ -187,8 +189,7 @@ build_name_with_realm(char *name, char *realm)
* printed. If any of these existing principal do not have the proper
* attributes, a warning message is printed.
*/
-int
-add_admin_princs(void *handle, krb5_context context, char *realm)
+static int add_admin_princs(void *handle, krb5_context context, char *realm)
{
krb5_error_code ret = 0;
@@ -236,7 +237,7 @@ add_admin_princs(void *handle, krb5_context context, char *realm)
clean_and_exit:
- return (ret);
+ return ret;
}
/*
@@ -255,8 +256,8 @@ clean_and_exit:
*
* Returns:
*
- * KADM5_OK on success
- * KADM5_ERR on serious errors
+ * OK on success
+ * ERR on serious errors
*
* Effects:
*
@@ -267,8 +268,7 @@ clean_and_exit:
* attributes attrs and max life of lifetime (if not zero).
*/
-int
-add_admin_princ(void *handle, krb5_context context,
+int add_admin_princ(void *handle, krb5_context context,
krb5_principal principal, int attrs, int lifetime)
{
char *fullname;
@@ -278,23 +278,23 @@ add_admin_princ(void *handle, krb5_context context,
memset(&ent, 0, sizeof(ent));
if (krb5_unparse_name(context, principal, &fullname))
- return (KADM5_ERR);
+ return ERR;
ent.principal = principal;
ent.max_life = lifetime;
ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
- if (ret = kadm5_create_principal(handle, &ent,
- (KADM5_PRINCIPAL |
- KADM5_MAX_LIFE |
- KADM5_ATTRIBUTES),
- "to-be-random")) {
+ ret = kadm5_create_principal(handle, &ent,
+ (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+ KADM5_ATTRIBUTES),
+ "to-be-random");
+ if (ret) {
if (ret != KADM5_DUP) {
com_err(progname, ret,
gettext(str_PUT_PRINC), fullname);
krb5_free_principal(context, ent.principal);
free(fullname);
- return (KADM5_ERR);
+ return ERR;
}
} else {
/* only randomize key if we created the principal */
@@ -302,25 +302,26 @@ add_admin_princ(void *handle, krb5_context context,
if (ret) {
com_err(progname, ret,
gettext(str_RANDOM_KEY), fullname);
- krb5_free_principal(context, ent.principal);
- free(fullname);
- return (KADM5_ERR);
- }
- ent.attributes = attrs;
- ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
- if (ret) {
- com_err(progname, ret,
- gettext(str_PUT_PRINC), fullname);
- krb5_free_principal(context, ent.principal);
- free(fullname);
- return (KADM5_ERR);
- }
- }
+ krb5_free_principal(context, ent.principal);
+ free(fullname);
+ return ERR;
+ }
+
+ ent.attributes = attrs;
+ ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
+ if (ret) {
+ com_err(progname, ret,
+ gettext(str_PUT_PRINC), fullname);
+ krb5_free_principal(context, ent.principal);
+ free(fullname);
+ return ERR;
+ }
+ }
- krb5_free_principal(context, ent.principal);
- free(fullname);
+ krb5_free_principal(context, ent.principal);
+ free(fullname);
- return (KADM5_OK);
+ return OK;
}
int
@@ -334,7 +335,7 @@ add_admin_old_princ(void *handle, krb5_context context,
fullname = build_name_with_realm(name, realm);
if (ret = krb5_parse_name(context, fullname, &principal)) {
com_err(progname, ret, gettext(str_PARSE_NAME));
- return (KADM5_ERR);
+ return (ERR);
}
return (add_admin_princ(handle, context, principal, attrs, lifetime));
@@ -352,7 +353,7 @@ add_admin_sname_princ(void *handle, krb5_context context,
com_err(progname, ret,
gettext("Could not get host based "
"service name for %s principal\n"), sname);
- return (KADM5_ERR);
+ return (ERR);
}
return (add_admin_princ(handle, context, principal, attrs, lifetime));
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_create.c b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_create.c
index 350f9b54c7..b0afb7e984 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_create.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_create.c
@@ -94,8 +94,7 @@ enum ap_op {
TGT_KEY /* special handling for tgt key */
};
-krb5_key_salt_tuple def_kslist =
- {ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL};
+krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL };
struct realm_info {
krb5_deltat max_life;
@@ -106,7 +105,6 @@ struct realm_info {
krb5_int32 nkslist;
krb5_key_salt_tuple *kslist;
} rblock = { /* XXX */
-
KRB5_KDB_MAX_LIFE,
KRB5_KDB_MAX_RLIFE,
KRB5_KDB_EXPIRATION,
@@ -122,10 +120,11 @@ struct iterate_args {
krb5_db_entry *dbentp;
};
-static krb5_error_code add_principal(krb5_context,
- krb5_principal,
- enum ap_op,
- struct realm_info *,
+static krb5_error_code add_principal
+ (krb5_context,
+ krb5_principal,
+ enum ap_op,
+ struct realm_info *,
krb5_keyblock *);
/*
@@ -151,10 +150,8 @@ krb5_data tgt_princ_entries[] = {
krb5_data db_creator_entries[] = {
{0, sizeof("db_creation")-1, "db_creation"} };
-/*
- * XXX knows about contents of krb5_principal, and that tgt names
- * are of form TGT/REALM@REALM
- */
+/* XXX knows about contents of krb5_principal, and that tgt names
+ are of form TGT/REALM@REALM */
krb5_principal_data tgt_princ = {
0, /* magic number */
{0, 0, 0}, /* krb5_data realm */
@@ -179,8 +176,7 @@ extern osa_adb_policy_t policy_db;
extern kadm5_config_params global_params;
extern krb5_context util_context;
-void
-kdb5_create(argc, argv)
+void kdb5_create(argc, argv)
int argc;
char *argv[];
{
@@ -196,7 +192,7 @@ kdb5_create(argc, argv)
kdb_log_context *log_ctx;
krb5_keyblock mkey;
krb5_data master_salt = { 0, NULL };
-
+
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
@@ -224,41 +220,41 @@ kdb5_create(argc, argv)
log_ctx = util_context->kdblog_context;
retval = krb5_db_set_name(util_context, global_params.dbname);
- if (!retval)
- retval = EEXIST;
+ if (!retval) retval = EEXIST;
if (retval == EEXIST || retval == EACCES || retval == EPERM) {
/* it exists ! */
com_err(argv[0], 0,
gettext("The database '%s' appears to already exist"),
global_params.dbname);
- exit_status++;
- return;
+ exit_status++; return;
}
+/* SUNW14resync XXX */
+#if 0
+ printf ("Loading random data\n");
+ retval = krb5_c_random_os_entropy (util_context, 1, NULL);
+ if (retval) {
+ com_err (argv[0], retval, "Loading random data");
+ exit_status++; return;
+ }
+#endif
/* assemble & parse the master key name */
if ((retval = krb5_db_setup_mkey_name(util_context,
global_params.mkey_name,
global_params.realm,
&mkey_fullname, &master_princ))) {
- com_err(argv[0], retval,
+ com_err(argv[0], retval,
gettext("while setting up master key name"));
- exit_status++;
- return;
+ exit_status++; return;
}
- krb5_princ_set_realm_data(util_context,
- &db_create_princ, global_params.realm);
- krb5_princ_set_realm_length(util_context,
- &db_create_princ,
- strlen(global_params.realm));
- krb5_princ_set_realm_data(util_context,
- &tgt_princ, global_params.realm);
- krb5_princ_set_realm_length(util_context,
- &tgt_princ, strlen(global_params.realm));
- krb5_princ_component(util_context, &tgt_princ, 1)->data =
- global_params.realm;
- krb5_princ_component(util_context, &tgt_princ, 1)->length =
- strlen(global_params.realm);
+
+ krb5_princ_set_realm_data(util_context, &db_create_princ, global_params.realm);
+ krb5_princ_set_realm_length(util_context, &db_create_princ, strlen(global_params.realm));
+ krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
+ krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
+ krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
+ krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
printf(gettext("Initializing database '%s' for realm '%s',\n"
"master key name '%s'\n"),
@@ -279,17 +275,15 @@ kdb5_create(argc, argv)
"master key to verify"),
pw_str, &pw_size);
if (retval) {
- com_err(argv[0], retval,
+ com_err(argv[0], retval,
gettext("while reading master key from keyboard"));
- exit_status++;
- return;
+ exit_status++; return;
}
mkey_password = pw_str;
}
pwd.data = mkey_password;
pwd.length = strlen(mkey_password);
-
retval = krb5_principal2salt(util_context, master_princ, &master_salt);
if (retval) {
com_err(argv[0], retval,
@@ -298,8 +292,9 @@ kdb5_create(argc, argv)
goto cleanup;
}
- if (retval = krb5_c_string_to_key(util_context, global_params.enctype,
- &pwd, &master_salt, &mkey)) {
+ retval = krb5_c_string_to_key(util_context, global_params.enctype,
+ &pwd, &master_salt, &mkey);
+ if (retval) {
com_err(argv[0], retval,
gettext("while transforming master key from password"));
exit_status++;
@@ -393,10 +388,11 @@ kdb5_create(argc, argv)
* it; delete the file below if it was not requested. DO NOT EXIT
* BEFORE DELETING THE KEYFILE if do_stash is not set.
*/
- if (retval = krb5_db_store_mkey(util_context,
- global_params.stash_file,
- master_princ,
- &mkey)) {
+ retval = krb5_db_store_mkey(util_context,
+ global_params.stash_file,
+ master_princ,
+ &mkey);
+ if (retval) {
com_err(argv[0], errno, gettext("while storing key"));
printf(gettext("Warning: couldn't stash master key.\n"));
}
@@ -405,13 +401,11 @@ kdb5_create(argc, argv)
memset(pw_str, 0, pw_size);
if (kadm5_create(&global_params)) {
- if (!do_stash)
- unlink(global_params.stash_file);
- exit_status++;
- goto cleanup;
+ if (!do_stash) unlink(global_params.stash_file);
+ exit_status++;
+ goto cleanup;
}
- if (!do_stash)
- unlink(global_params.stash_file);
+ if (!do_stash) unlink(global_params.stash_file);
cleanup:
if (pw_str) {
@@ -426,7 +420,6 @@ cleanup:
(void) krb5_db_fini(util_context);
return;
-
}
static krb5_error_code
@@ -439,7 +432,6 @@ tgt_keysalt_iterate(ksent, ptr)
struct iterate_args *iargs;
krb5_keyblock key;
krb5_int32 ind;
- krb5_pointer rseed;
krb5_data pwd;
iargs = (struct iterate_args *) ptr;
@@ -453,7 +445,8 @@ tgt_keysalt_iterate(ksent, ptr)
*/
pwd.data = mkey_password;
pwd.length = strlen(mkey_password);
- if (kret = krb5_c_random_seed(context, &pwd))
+ kret = krb5_c_random_seed(context, &pwd);
+ if (kret)
return kret;
if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {
@@ -474,11 +467,12 @@ tgt_keysalt_iterate(ksent, ptr)
}
static krb5_error_code
-add_principal(krb5_context context,
- krb5_principal princ,
- enum ap_op op,
- struct realm_info *pblock,
- krb5_keyblock *mkey)
+add_principal(context, princ, op, pblock, mkey)
+ krb5_context context;
+ krb5_principal princ;
+ enum ap_op op;
+ struct realm_info *pblock;
+ krb5_keyblock *mkey;
{
krb5_error_code retval;
krb5_db_entry entry;
@@ -508,17 +502,17 @@ add_principal(krb5_context context,
switch (op) {
case MASTER_KEY:
- entry.key_data = (krb5_key_data *) malloc(sizeof (krb5_key_data));
- if (entry.key_data == NULL)
+ if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
+ == NULL)
goto error_out;
-
memset((char *) entry.key_data, 0, sizeof(krb5_key_data));
entry.n_key_data = 1;
entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- mkey, NULL, 1, entry.key_data)))
- goto error_out;
+ mkey, NULL,
+ 1, entry.key_data)))
+ goto error_out;
break;
case TGT_KEY:
iargs.ctx = context;
@@ -532,10 +526,10 @@ add_principal(krb5_context context,
1,
tgt_keysalt_iterate,
(krb5_pointer) &iargs)))
- return (retval);
+ return retval;
break;
case NULL_KEY:
- return (EOPNOTSUPP);
+ return EOPNOTSUPP;
default:
break;
}
@@ -543,6 +537,6 @@ add_principal(krb5_context context,
retval = krb5_db_put_principal(context, &entry, &nentries);
error_out:;
- krb5_dbe_free_contents(context, &entry);
- return (retval);
+ krb5_dbe_free_contents(context, &entry);
+ return retval;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_destroy.c b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_destroy.c
index a02d5fda1c..fde0bf7b49 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_destroy.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_destroy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -82,7 +82,6 @@
#include <libintl.h>
#include "kdb5_util.h"
-extern int errno;
extern int exit_status;
extern krb5_boolean dbactive;
extern kadm5_config_params global_params;
@@ -98,9 +97,9 @@ kdb5_destroy(argc, argv)
int optchar;
char *dbname;
char buf[5];
- char dbfilename[MAXPATHLEN];
krb5_error_code retval, retval1, retval2;
krb5_context context;
+ int force = 0;
char ufilename[MAX_FILENAME];
krb5_init_context(&context);
@@ -110,29 +109,42 @@ kdb5_destroy(argc, argv)
dbname = global_params.dbname;
- printf(gettext("Deleting KDC database stored in '%s', "
- "are you sure?\n"), dbname);
- printf(gettext("(type 'yes' or 'y' to confirm)? "));
-
- if (fgets(buf, sizeof (buf), stdin) == NULL) {
- exit_status++;
- return;
+ optind = 1;
+ while ((optchar = getopt(argc, argv, "f")) != -1) {
+ switch(optchar) {
+ case 'f':
+ force++;
+ break;
+ case '?':
+ default:
+ usage();
+ return;
+ /*NOTREACHED*/
+ }
}
- if ((strncmp(buf, gettext("yes\n"),
+ if (!force) {
+ printf(gettext("Deleting KDC database stored in '%s', "
+ "are you sure?\n"), dbname);
+ printf(gettext("(type 'yes' or 'y' to confirm)? "));
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ exit_status++; return;
+ }
+ if ((strncmp(buf, gettext("yes\n"),
strlen(gettext("yes\n"))) != 0) &&
(strncmp(buf, gettext("y\n"),
strlen(gettext("y\n"))) != 0)) {
printf(gettext("database not deleted !! '%s'...\n"),
dbname);
- exit_status++;
- return;
+ exit_status++; return;
+ }
+ printf(gettext("OK, deleting database '%s'...\n"), dbname);
}
- printf(gettext("OK, deleting database '%s'...\n"), dbname);
- if (retval = krb5_db_set_name(context, dbname)) {
+
+ retval = krb5_db_set_name(context, dbname);
+ if (retval) {
com_err(argv[0], retval, "'%s'",dbname);
- exit_status++;
- return;
+ exit_status++; return;
}
retval1 = krb5_db_destroy(context, dbname);
@@ -160,14 +172,12 @@ kdb5_destroy(argc, argv)
if (retval1) {
com_err(argv[0], retval1,
gettext("deleting database '%s'"), dbname);
- exit_status++;
- return;
+ exit_status++; return;
}
if (retval2) {
com_err(argv[0], retval2,
gettext("destroying policy database"));
- exit_status++;
- return;
+ exit_status++; return;
}
if (global_params.iprop_enabled) {
@@ -184,5 +194,6 @@ kdb5_destroy(argc, argv)
}
dbactive = FALSE;
- printf(gettext("** Database '%s' destroyed.\n"), dbname);
+ printf(gettext("** Database '%s' destroyed.\n"), dbname);
+ return;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c
index a29b2bbfd6..6e61fa1454 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -52,6 +52,33 @@
* Store the master database key in a file.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+
#define KDB5_DISPATCH
#define KRB5_KDB5_DBM__
#include <k5-int.h>
@@ -78,8 +105,7 @@
#include <kadm5/admin.h>
#include <stdio.h>
#include <libintl.h>
-
-extern int errno;
+#include "kdb5_util.h"
extern krb5_principal master_princ;
extern kadm5_config_params global_params;
@@ -89,8 +115,8 @@ extern int close_policy_db;
void
kdb5_stash(argc, argv)
-int argc;
-char *argv[];
+ int argc;
+ char *argv[];
{
extern char *optarg;
extern int optind;
@@ -104,8 +130,6 @@ char *argv[];
krb5_context context;
krb5_keyblock mkey;
- int enctypedone = 0;
-
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
@@ -142,67 +166,71 @@ char *argv[];
global_params.enctype);
else
com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
- exit_status++;
- return;
+ exit_status++; return;
}
- if (retval = krb5_db_set_name(context, dbname)) {
+ retval = krb5_db_set_name(context, dbname);
+ if (retval) {
com_err(argv[0], retval,
gettext("while setting active database to '%s'"),
dbname);
- exit_status++;
- return;
+ exit_status++; return;
}
/* assemble & parse the master key name */
- if (retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
- &mkey_fullname, &master_princ)) {
+ retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
+ &mkey_fullname, &master_princ);
+ if (retval) {
com_err(argv[0], retval,
gettext("while setting up master key name"));
- exit_status++;
- return;
+ exit_status++; return;
}
- if (retval = krb5_db_init(context)) {
+
+ retval = krb5_db_init(context);
+ if (retval) {
com_err(argv[0], retval,
gettext("while initializing the database '%s'"),
- dbname);
- exit_status++;
- return;
+ dbname);
+ exit_status++; return;
}
/* TRUE here means read the keyboard, but only once */
- if (retval = krb5_db_fetch_mkey(context, master_princ,
- global_params.enctype,
- TRUE, FALSE, (char *) NULL,
- 0, &mkey)) {
+ retval = krb5_db_fetch_mkey(context, master_princ,
+ global_params.enctype,
+ TRUE, FALSE, (char *) NULL,
+ 0, &mkey);
+ if (retval) {
com_err(argv[0], retval, gettext("while reading master key"));
(void) krb5_db_fini(context);
- exit_status++;
- return;
+ exit_status++; return;
}
- if (retval = krb5_db_verify_master_key(context, master_princ, &mkey)) {
+
+ retval = krb5_db_verify_master_key(context, master_princ, &mkey);
+ if (retval) {
com_err(argv[0], retval, gettext("while verifying master key"));
krb5_free_keyblock_contents(context, &mkey);
(void) krb5_db_fini(context);
- exit_status++;
- return;
+ exit_status++; return;
}
- if (retval = krb5_db_store_mkey(context, keyfile, master_princ,
- &mkey)) {
+
+ retval = krb5_db_store_mkey(context, keyfile, master_princ,
+ &mkey);
+ if (retval) {
com_err(argv[0], errno, gettext("while storing key"));
krb5_free_keyblock_contents(context, &mkey);
(void) krb5_db_fini(context);
- exit_status++;
- return;
+ exit_status++; return;
}
krb5_free_keyblock_contents(context, &mkey);
- if (retval = krb5_db_fini(context)) {
+
+ retval = krb5_db_fini(context);
+ if (retval) {
com_err(argv[0], retval,
gettext("closing database '%s'"), dbname);
- exit_status++;
- return;
+ exit_status++; return;
}
krb5_free_context(context);
exit_status = 0;
+ return;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.c b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.c
index c0d1a141d8..850ec6db3e 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -53,6 +53,32 @@
*/
/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/*
* Yes, I know this is a hack, but we need admin.h without including the
* rpc.h header. Additionally, our rpc.h header brings in
* a des.h header which causes other problems.
@@ -108,23 +134,24 @@ krb5_context util_context;
osa_adb_policy_t policy_db;
kadm5_config_params global_params;
-void
-usage()
+void usage()
{
- fprintf(stderr, "%s: "
- "kdb5_util cmd [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
- "\t [-f] [stashfile] [-P password] [-m ] [cmd options]\n"
- "\tcreate [-s]\n"
- "\tdestroy \n"
- "\tstash \n"
- "\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n"
- "\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
+ fprintf(stderr, "%s: "
+ "kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
+ "\t [-f | -sf stashfilename] [-P password] [-m] cmd [cmd_options]\n"
+ "\tcreate [-s]\n"
+ "\tdestroy [-f]\n"
+ "\tstash [-f keyfile]\n"
+ "\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n"
+ "\t [-mkey_convert] [-new_mkey_file mkey_file]\n"
+ "\t [-rev] [-recurse] [filename [princs...]]\n"
+ "\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
#ifdef SUNWOFF
- "\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n"
+ "\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n"
#endif
- "\tark [-e etype_list] principal\n",
+ "\tark [-e etype_list] principal\n",
gettext("Usage"));
- exit(1);
+ exit(1);
}
krb5_keyblock master_key;
@@ -137,55 +164,48 @@ char *progname;
krb5_boolean manual_mkey = FALSE;
krb5_boolean dbactive = FALSE;
-int kdb5_create(int, char **);
-int kdb5_destroy(int, char **);
-int kdb5_stash(int, char **);
-int dump_db(int, char **);
-int load_db(int, char **);
-int open_db_and_mkey();
-int add_random_key(int, char **);
+static int open_db_and_mkey(void);
+
+static void add_random_key(int, char **);
-typedef int (*cmd_func)(int, char **);
+typedef void (*cmd_func)(int, char **);
struct _cmd_table {
char *name;
cmd_func func;
int opendb;
} cmd_table[] = {
- "create", kdb5_create, 0,
- "destroy", kdb5_destroy, 1,
- "stash", kdb5_stash, 1,
- "dump", dump_db, 1,
- "load", load_db, 0,
- "ark", add_random_key, 1,
- NULL, NULL, 0,
+ {"create", kdb5_create, 0},
+ {"destroy", kdb5_destroy, 1},
+ {"stash", kdb5_stash, 1},
+ {"dump", dump_db, 1},
+ {"load", load_db, 0},
+ {"ark", add_random_key, 1},
+ {NULL, NULL, 0},
};
-struct _cmd_table *
-cmd_lookup(name)
+static struct _cmd_table *cmd_lookup(name)
char *name;
{
struct _cmd_table *cmd = cmd_table;
-
while (cmd->name) {
if (strcmp(cmd->name, name) == 0)
- return (cmd);
+ return cmd;
else
cmd++;
}
- return (NULL);
+ return NULL;
}
-#define ARG_VAL (--argc > 0 ? (optarg = *(++argv)) : (char *)(usage(), NULL))
+#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
-int
-main(argc, argv)
+int main(argc, argv)
int argc;
char *argv[];
{
struct _cmd_table *cmd = NULL;
- char *optarg, **cmd_argv;
+ char *koptarg, **cmd_argv;
int cmd_argc;
krb5_error_code retval;
@@ -218,17 +238,16 @@ main(argc, argv)
memset(cmd_argv, 0, sizeof(char *)*argc);
cmd_argc = 1;
- argv++;
- argc--;
+ argv++; argc--;
while (*argv) {
if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
- mkey_password = optarg;
+ mkey_password = koptarg;
manual_mkey = TRUE;
} else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
- global_params.dbname = optarg;
+ global_params.dbname = koptarg;
global_params.mask |= KADM5_CONFIG_DBNAME;
} else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
- global_params.realm = optarg;
+ global_params.realm = koptarg;
global_params.mask |= KADM5_CONFIG_REALM;
/* not sure this is really necessary */
if ((retval = krb5_set_default_realm(util_context,
@@ -239,20 +258,20 @@ main(argc, argv)
exit(1);
}
} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
- if (krb5_string_to_enctype(optarg,
+ if (krb5_string_to_enctype(koptarg,
&global_params.enctype))
com_err(argv[0], 0,
gettext("%s is an invalid enctype"),
- optarg);
+ koptarg);
else
global_params.mask |= KADM5_CONFIG_ENCTYPE;
} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
- global_params.mkey_name = optarg;
+ global_params.mkey_name = koptarg;
global_params.mask |= KADM5_CONFIG_MKEY_NAME;
} else if (((strcmp(*argv, "-sf") == 0)
/* SUNWresync121 - carry the old -f forward too */
|| (strcmp(*argv, "-f") == 0)) && ARG_VAL) {
- global_params.stash_file = optarg;
+ global_params.stash_file = koptarg;
global_params.mask |= KADM5_CONFIG_STASH_FILE;
} else if (strcmp(*argv, "-m") == 0) {
manual_mkey = TRUE;
@@ -266,19 +285,20 @@ main(argc, argv)
} else {
cmd_argv[cmd_argc++] = *argv;
}
- argv++;
- argc--;
+ argv++; argc--;
}
if (cmd_argv[0] == NULL)
usage();
- if (retval = kadm5_get_config_params(util_context, NULL, NULL,
- &global_params, &global_params)) {
+ retval = kadm5_get_config_params(util_context, NULL, NULL,
+ &global_params, &global_params);
+ if (retval) {
com_err(argv[0], retval,
gettext("while retreiving configuration parameters"));
exit(1);
}
+
/*
* Dump creates files which should not be world-readable. It is
* easiest to do a single umask call here.
@@ -295,7 +315,7 @@ main(argc, argv)
cmd = cmd_lookup(cmd_argv[0]);
if (cmd->opendb && open_db_and_mkey())
- return (exit_status);
+ return exit_status;
if (global_params.iprop_enabled == TRUE)
ulog_set_role(util_context, IPROP_MASTER);
@@ -309,7 +329,7 @@ main(argc, argv)
}
kadm5_free_config_params(util_context, &global_params);
krb5_free_context(util_context);
- return (exit_status);
+ return exit_status;
}
#if 0
@@ -317,8 +337,7 @@ main(argc, argv)
* This function is no longer used in kdb5_util (and it would no
* longer work, anyway).
*/
-void
-set_dbname(argc, argv)
+void set_dbname(argc, argv)
int argc;
char *argv[];
{
@@ -348,8 +367,8 @@ set_dbname(argc, argv)
}
(void) set_dbname_help(argv[0], argv[1]);
+ return;
}
-
#endif
/*
@@ -361,8 +380,7 @@ set_dbname(argc, argv)
* cannot be fetched (the master key stash file may not exist when the
* program is run).
*/
-int
-open_db_and_mkey()
+static int open_db_and_mkey()
{
krb5_error_code retval;
int nentries;
@@ -385,12 +403,13 @@ open_db_and_mkey()
exit_status++;
return(1);
}
- if (retval = osa_adb_open_policy(&policy_db, &global_params)) {
+ if ((retval = osa_adb_open_policy(&policy_db, &global_params))) {
com_err(progname, retval,
gettext("opening policy database"));
exit_status++;
- return (1);
+ return (1);
}
+
/* assemble & parse the master key name */
if ((retval = krb5_db_setup_mkey_name(util_context,
@@ -423,6 +442,7 @@ open_db_and_mkey()
(void) krb5_db_fini(util_context);
return(1);
}
+
krb5_db_free_principal(util_context, &master_entry, nentries);
/* the databases are now open, and the master principal exists */
@@ -431,13 +451,13 @@ open_db_and_mkey()
if (mkey_password) {
pwd.data = mkey_password;
pwd.length = strlen(mkey_password);
- retval = krb5_principal2salt(util_context,
- master_princ, &scratch);
+ retval = krb5_principal2salt(util_context, master_princ, &scratch);
if (retval) {
com_err(progname, retval,
gettext("while calculated master key salt"));
- return(1);
+ return(1);
}
+
/* If no encryption type is set, use the default */
if (global_params.enctype == ENCTYPE_UNKNOWN) {
global_params.enctype = DEFAULT_KDC_ENCTYPE;
@@ -491,7 +511,7 @@ open_db_and_mkey()
valid_master_key = 1;
dbactive = TRUE;
- return (0);
+ return 0;
}
#ifdef HAVE_GETCWD
@@ -505,7 +525,7 @@ quit()
static krb5_boolean finished = 0;
if (finished)
- return (0);
+ return 0;
retval = krb5_db_fini(util_context);
krb5_free_keyblock_contents(util_context, &master_key);
finished = TRUE;
@@ -513,12 +533,12 @@ quit()
if (retval && retval != KRB5_KDB_DBNOTINITED) {
com_err(progname, retval, gettext("while closing database"));
exit_status++;
- return (1);
+ return 1;
}
- return (0);
+ return 0;
}
-int
+static void
add_random_key(argc, argv)
int argc;
char **argv;
@@ -526,7 +546,7 @@ add_random_key(argc, argv)
krb5_error_code ret;
krb5_principal princ;
krb5_db_entry dbent;
- int n, i;
+ int n;
krb5_boolean more;
krb5_timestamp now;
@@ -554,23 +574,27 @@ add_random_key(argc, argv)
ret = krb5_parse_name(util_context, pr_str, &princ);
if (ret) {
com_err(me, ret, gettext("while parsing principal name %s"), pr_str);
- return 1;
+ exit_status++;
+ return;
}
n = 1;
ret = krb5_db_get_principal(util_context, princ, &dbent,
&n, &more);
if (ret) {
com_err(me, ret, gettext("while fetching principal %s"), pr_str);
- return 1;
+ exit_status++;
+ return;
}
if (n != 1) {
fprintf(stderr, gettext("principal %s not found\n"), pr_str);
- return 1;
+ exit_status++;
+ return;
}
if (more) {
fprintf(stderr, gettext("principal %s not unique\n"), pr_str);
krb5_dbe_free_contents(util_context, &dbent);
- return 1;
+ exit_status++;
+ return;
}
ret = krb5_string_to_keysalts(ks_str,
", \t", ":.-", 0,
@@ -578,7 +602,8 @@ add_random_key(argc, argv)
&num_keysalts);
if (ret) {
com_err(me, ret, gettext("while parsing keysalts %s"), ks_str);
- return 1;
+ exit_status++;
+ return;
}
if (!num_keysalts || keysalts == NULL) {
num_keysalts = global_params.num_keysalts;
@@ -594,27 +619,30 @@ add_random_key(argc, argv)
if (ret) {
com_err(me, ret, gettext("while randomizing principal %s"), pr_str);
krb5_dbe_free_contents(util_context, &dbent);
- return 1;
+ exit_status++;
+ return;
}
dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
ret = krb5_timeofday(util_context, &now);
if (ret) {
com_err(me, ret, gettext("while getting time"));
krb5_dbe_free_contents(util_context, &dbent);
- return 1;
+ exit_status++;
+ return;
}
ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now);
if (ret) {
com_err(me, ret, gettext("while setting changetime"));
krb5_dbe_free_contents(util_context, &dbent);
- return 1;
+ exit_status++;
+ return;
}
ret = krb5_db_put_principal(util_context, &dbent, &n);
krb5_dbe_free_contents(util_context, &dbent);
if (ret) {
com_err(me, ret, gettext("while saving principal %s"), pr_str);
- return 1;
+ exit_status++;
+ return;
}
printf("%s changed\n", pr_str);
- return 0;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.h b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.h
index 84643664a3..2244295c29 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.h
+++ b/usr/src/cmd/krb5/kadmin/dbutil/kdb5_util.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -39,7 +39,7 @@ extern "C" {
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -47,40 +47,68 @@ extern "C" {
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*/
-
#include <kdb/kdb_log.h>
-
-#define MAX_HEADER 1024
-#define REALM_SEP '@'
-#define REALM_SEP_STR "@"
+#define MAX_HEADER 1024
+#define REALM_SEP '@'
+#define REALM_SEP_STR "@"
extern char *progname;
extern char *Err_no_database;
+extern krb5_boolean dbactive;
+extern int exit_status;
+extern krb5_context util_context;
+extern kadm5_config_params global_params;
+extern int valid_master_key;
+extern krb5_db_entry master_db;
+
+extern void usage(void);
+
+extern void add_key
+ (char const *, char const *,
+ krb5_const_principal, const krb5_keyblock *,
+ krb5_kvno, krb5_keysalt *);
+extern int set_dbname_help
+ (char *, char *);
+
+extern char *kdb5_util_Init (int, char **);
+
+extern int quit (void);
+
+extern int check_for_match
+ (char *, int, krb5_db_entry *, int, int);
+
+extern void parse_token
+ (char *, int *, int *, char *);
+
+extern int create_db_entry (krb5_principal, krb5_db_entry *);
-void add_key
-(char const *, char const *,
- krb5_const_principal, const krb5_keyblock *,
- krb5_kvno, krb5_keysalt *);
-int set_dbname_help
- (char *, char *);
+extern int kadm5_create_magic_princs (kadm5_config_params *params,
+ krb5_context context);
-char *kdb5_util_Init (int, char **);
+extern int process_ov_principal (char *fname, krb5_context kcontext,
+ FILE *filep, int verbose,
+ int *linenop,
+ void *pol_db);
-int quit();
+extern void load_db (int argc, char **argv);
+extern void dump_db (int argc, char **argv);
+extern void kdb5_create (int argc, char **argv);
+extern void kdb5_destroy (int argc, char **argv);
+extern void kdb5_stash (int argc, char **argv);
-int check_for_match
- (char *, int, krb5_db_entry *, int, int);
+extern void update_ok_file (char *file_name);
-void parse_token
- (char *, int *, int *, char *);
+extern int kadm5_create (kadm5_config_params *params);
-int create_db_entry
- (krb5_principal, krb5_db_entry *);
+void usage (void);
#ifdef __cplusplus
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/nstrtok.h b/usr/src/cmd/krb5/kadmin/dbutil/nstrtok.h
new file mode 100644
index 0000000000..fab4740862
--- /dev/null
+++ b/usr/src/cmd/krb5/kadmin/dbutil/nstrtok.h
@@ -0,0 +1,7 @@
+
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+
+/* Prototype for nstrtok */
+char *nstrtok(char *, const char *delim);
+
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/ovload.c b/usr/src/cmd/krb5/kadmin/dbutil/ovload.c
index 2cdfc39276..4c8990d39d 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/ovload.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/ovload.c
@@ -21,212 +21,210 @@
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <kadm5/adb.h>
#include "import_err.h"
+#include "kdb5_util.h"
+#include "nstrtok.h"
-#define LINESIZE 32768 /* XXX */
-#define PLURAL(count) (((count) == 1) ? \
- error_message(IMPORT_SINGLE_RECORD) : \
- error_message(IMPORT_PLURAL_RECORDS))
+#define LINESIZE 32768 /* XXX */
+#define PLURAL(count) (((count) == 1) ? error_message(IMPORT_SINGLE_RECORD) : error_message(IMPORT_PLURAL_RECORDS))
-int
-parse_pw_hist_ent(current, hist)
-char *current;
-osa_pw_hist_ent *hist;
+static int parse_pw_hist_ent(current, hist)
+ char *current;
+ osa_pw_hist_ent *hist;
{
- int tmp, i, j, ret;
- char *cp;
-
- ret = 0;
- hist->n_key_data = 1;
-
- hist->key_data = (krb5_key_data *) malloc(hist->n_key_data *
- sizeof (krb5_key_data));
- if (hist->key_data == NULL)
- return (ENOMEM);
- memset(hist->key_data, 0, sizeof (krb5_key_data) * hist->n_key_data);
-
- for (i = 0; i < hist->n_key_data; i++) {
- krb5_key_data *key_data = &hist->key_data[i];
-
- key_data->key_data_ver = 1;
-
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- key_data->key_data_type[0] = atoi(cp);
-
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- key_data->key_data_length[0] = atoi(cp);
-
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- if (!(key_data->key_data_contents[0] = (krb5_octet *)
- malloc(key_data->key_data_length[0] + 1))) {
- ret = ENOMEM;
- goto done;
- }
- for (j = 0; j < key_data->key_data_length[0]; j++) {
- if (sscanf(cp, "%02x", &tmp) != 1) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- key_data->key_data_contents[0][j] = tmp;
- cp = strchr(cp, ' ') + 1;
- }
- }
-
+ int tmp, i, j, ret;
+ char *cp;
+
+ ret = 0;
+ hist->n_key_data = 1;
+
+ hist->key_data = (krb5_key_data *) malloc(hist->n_key_data *
+ sizeof(krb5_key_data));
+ if (hist->key_data == NULL)
+ return ENOMEM;
+ memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data);
+
+ for (i = 0; i < hist->n_key_data; i++) {
+ krb5_key_data *key_data = &hist->key_data[i];
+
+ key_data->key_data_ver = 1;
+
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ key_data->key_data_type[0] = atoi(cp);
+
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ key_data->key_data_length[0] = atoi(cp);
+
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ if(!(key_data->key_data_contents[0] =
+ (krb5_octet *) malloc(key_data->key_data_length[0]+1))) {
+ ret = ENOMEM;
+ goto done;
+ }
+ for(j = 0; j < key_data->key_data_length[0]; j++) {
+ if(sscanf(cp, "%02x", &tmp) != 1) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ key_data->key_data_contents[0][j] = tmp;
+ cp = strchr(cp, ' ') + 1;
+ }
+ }
+
done:
- return (ret);
+ return ret;
}
/*
* Function: parse_principal
- *
+ *
* Purpose: parse principal line in db dump file
*
* Arguments:
- * <return value> 0 on sucsess, error code on failure
+ * <return value> 0 on success, error code on failure
*
* Requires:
* principal database to be opened.
- * strtok(3) to have a valid buffer in memory.
- *
+ * nstrtok(3) to have a valid buffer in memory.
+ *
* Effects:
* [effects]
*
* Modifies:
* [modifies]
- *
+ *
*/
-int
-process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db)
-char *fname;
-krb5_context kcontext;
-FILE *filep;
-int verbose;
-int *linenop;
-void *pol_db;
+int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db)
+ char *fname;
+ krb5_context kcontext;
+ FILE *filep;
+ int verbose;
+ int *linenop;
+ void *pol_db;
{
- XDR xdrs;
- osa_princ_ent_t rec;
- osa_adb_ret_t ret;
- krb5_tl_data tl_data;
- krb5_principal princ;
- krb5_db_entry kdb;
- char *current;
- char *cp;
- int tmp, x, i, one;
- unsigned int more;
- char line[LINESIZE];
-
- if (fgets(line, LINESIZE, filep) == (char *) NULL) {
- return (IMPORT_BAD_FILE);
- }
- if ((cp = strtok(line, "\t")) == NULL)
- return (IMPORT_BAD_FILE);
- if ((rec = (osa_princ_ent_t)
- malloc(sizeof (osa_princ_ent_rec))) == NULL)
- return (ENOMEM);
- memset(rec, 0, sizeof (osa_princ_ent_rec));
- if ((ret = krb5_parse_name(kcontext, cp, &princ)))
- goto done;
- krb5_unparse_name(kcontext, princ, &current);
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- } else {
- if (strcmp(cp, "")) {
- if ((rec->policy = (char *)
- malloc(strlen(cp) + 1)) == NULL) {
- ret = ENOMEM;
- goto done;
- }
- strcpy(rec->policy, cp);
- } else
- rec->policy = NULL;
- }
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- rec->aux_attributes = strtol(cp, (char **) NULL, 16);
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- rec->old_key_len = atoi(cp);
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
- goto done;
- }
- rec->old_key_next = atoi(cp);
- if ((cp = strtok((char *) NULL, "\t")) == NULL) {
- com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
- ret = IMPORT_FAILED;
+ XDR xdrs;
+ osa_princ_ent_t rec;
+ osa_adb_ret_t ret;
+ krb5_tl_data tl_data;
+ krb5_principal princ;
+ krb5_db_entry kdb;
+ char *current;
+ char *cp;
+ int x, one;
+ krb5_boolean more;
+ char line[LINESIZE];
+
+ if (fgets(line, LINESIZE, filep) == (char *) NULL) {
+ return IMPORT_BAD_FILE;
+ }
+ if((cp = nstrtok(line, "\t")) == NULL)
+ return IMPORT_BAD_FILE;
+ if((rec = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
+ return ENOMEM;
+ memset(rec, 0, sizeof(osa_princ_ent_rec));
+ if((ret = krb5_parse_name(kcontext, cp, &princ)))
+ goto done;
+ krb5_unparse_name(kcontext, princ, &current);
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ } else {
+ if(strcmp(cp, "")) {
+ if((rec->policy = (char *) malloc(strlen(cp)+1)) == NULL) {
+ ret = ENOMEM;
goto done;
- }
- rec->admin_history_kvno = atoi(cp);
- if (!rec->old_key_len) {
- rec->old_keys = NULL;
- } else {
- if (!(rec->old_keys = (osa_pw_hist_ent *)
- malloc(sizeof (osa_pw_hist_ent) * rec->old_key_len))) {
- ret = ENOMEM;
- goto done;
- }
- memset(rec->old_keys, 0,
- sizeof (osa_pw_hist_ent) * rec->old_key_len);
- for (x = 0; x < rec->old_key_len; x++)
- parse_pw_hist_ent(current, &rec->old_keys[x]);
- }
-
- xdralloc_create(&xdrs, XDR_ENCODE);
- if (!xdr_osa_princ_ent_rec(&xdrs, rec)) {
- xdr_destroy(&xdrs);
- ret = OSA_ADB_XDR_FAILURE;
- goto done;
- }
- tl_data.tl_data_type = KRB5_TL_KADM_DATA;
- tl_data.tl_data_length = xdr_getpos(&xdrs);
- tl_data.tl_data_contents = (krb5_octet *) xdralloc_getdata(&xdrs);
-
- one = 1;
- ret = krb5_db_get_principal(kcontext, princ, &kdb, &one,
- &more);
- if (ret)
- goto done;
-
- if (ret = krb5_dbe_update_tl_data(kcontext, &kdb,
- &tl_data))
- goto done;
-
- if (ret = krb5_db_put_principal(kcontext, &kdb, &one))
- goto done;
-
- xdr_destroy(&xdrs);
-
- (*linenop)++;
+ }
+ strcpy(rec->policy, cp);
+ } else rec->policy = NULL;
+ }
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ rec->aux_attributes = strtol(cp, (char **)NULL, 16);
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ rec->old_key_len = atoi(cp);
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ rec->old_key_next = atoi(cp);
+ if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+ com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+ ret = IMPORT_FAILED;
+ goto done;
+ }
+ rec->admin_history_kvno = atoi(cp);
+ if (! rec->old_key_len) {
+ rec->old_keys = NULL;
+ } else {
+ if(!(rec->old_keys = (osa_pw_hist_ent *)
+ malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) {
+ ret = ENOMEM;
+ goto done;
+ }
+ memset(rec->old_keys,0,
+ sizeof(osa_pw_hist_ent) * rec->old_key_len);
+ for(x = 0; x < rec->old_key_len; x++)
+ parse_pw_hist_ent(current, &rec->old_keys[x]);
+ }
+
+ xdralloc_create(&xdrs, XDR_ENCODE);
+ if (! xdr_osa_princ_ent_rec(&xdrs, rec)) {
+ xdr_destroy(&xdrs);
+ ret = OSA_ADB_XDR_FAILURE;
+ goto done;
+ }
+
+ tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+ tl_data.tl_data_length = xdr_getpos(&xdrs);
+ tl_data.tl_data_contents = (krb5_octet *) xdralloc_getdata(&xdrs);
+
+ one = 1;
+ ret = krb5_db_get_principal(kcontext, princ, &kdb, &one, &more);
+ if (ret)
+ goto done;
+
+ ret = krb5_dbe_update_tl_data(kcontext, &kdb, &tl_data);
+ if (ret)
+ goto done;
+
+ ret = krb5_db_put_principal(kcontext, &kdb, &one);
+ if (ret)
+ goto done;
+
+ xdr_destroy(&xdrs);
+
+ (*linenop)++;
done:
- free(current);
- krb5_free_principal(kcontext, princ);
- osa_free_princ_ent(rec);
- return (ret);
+ free(current);
+ krb5_free_principal(kcontext, princ);
+ osa_free_princ_ent(rec);
+ return ret;
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/string_table.c b/usr/src/cmd/krb5/kadmin/dbutil/string_table.c
index 534eaba055..4917341201 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/string_table.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/string_table.c
@@ -20,18 +20,9 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/\
- * dbutil/string_table.c,v 1.3 1996/08/05 18:38:26 bjaspan Exp $
+ *
*/
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/"
- ".cvsroot/src/kadmin/dbutil/string_table.c,v 1.3 "
- "1996/08/05 18:38:26 bjaspan Exp $";
-
-#endif
-
/* String table of messages for kadm5_create */
/*
* I18n HACK. We define gettext(s) to be s so that we can extract the
@@ -41,9 +32,6 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/"
#define gettext(s) s
-char *str_INITING_KCONTEXT =
-gettext("while initializing the kerberos context");
-
char *str_PARSE_NAME = gettext("while parsing admin principal name.");
char *str_HISTORY_PARSE_NAME =
@@ -115,7 +103,7 @@ gettext("%s: Created %s principal.\n"); /* whoami, princ_name */
char *str_INIT_KDB = gettext("while initializing kdb.");
-char *str_NO_KDB =
+char *str_NO_KDB =
gettext("while initializing kdb.\nThe Kerberos KDC database "
"needs to exist in /krb5.\nIf you haven't run "
"kdb5_create you need to do so before running this command.");
@@ -124,14 +112,14 @@ gettext("while initializing kdb.\nThe Kerberos KDC database "
char *str_INIT_RANDOM_KEY =
gettext("while initializing random key generator.");
-char *str_TOO_MANY_ADMIN_PRINC =
+char *str_TOO_MANY_ADMIN_PRINC =
gettext("while fetching admin princ. Can only have one admin principal.");
-char *str_TOO_MANY_CHANGEPW_PRINC =
+char *str_TOO_MANY_CHANGEPW_PRINC =
gettext("while fetching changepw princ. "
"Can only have one changepw principal.");
-char *str_TOO_MANY_HIST_PRINC =
+char *str_TOO_MANY_HIST_PRINC =
gettext("while fetching history princ. "
"Can only have one history principal.");
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/string_table.h b/usr/src/cmd/krb5/kadmin/dbutil/string_table.h
index 4012e54eb5..160d9730ec 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/string_table.h
+++ b/usr/src/cmd/krb5/kadmin/dbutil/string_table.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#ifndef _STRING_TABLE_H
@@ -38,8 +38,7 @@ extern "C" {
*/
#ifndef _OVSEC_ADM_STRINGS_
-
-extern char *str_INITING_KCONTEXT;
+
extern char *str_PARSE_NAME;
extern char *str_HISTORY_PARSE_NAME;
extern char *str_ADMIN_PRINC_EXISTS;
@@ -68,8 +67,8 @@ extern char *str_TOO_MANY_ADMIN_PRINC;
extern char *str_TOO_MANY_CHANGEPW_PRINC;
extern char *str_TOO_MANY_HIST_PRINC;
extern char *str_WHILE_DESTROYING_ADMIN_SESSION;
-
-#endif /* _OVSEC_ADM_STRINGS_ */
+
+#endif /* _OVSEC_ADM_STRINGS_ */
#ifdef __cplusplus
}
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/strtok.c b/usr/src/cmd/krb5/kadmin/dbutil/strtok.c
new file mode 100644
index 0000000000..ce9258e517
--- /dev/null
+++ b/usr/src/cmd/krb5/kadmin/dbutil/strtok.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+/*
+ * Copyright (c) 1988 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that: (1) source distributions retain this entire copyright
+ * notice and comment, and (2) distributions including binaries display
+ * the following acknowledgement: ``This product includes software
+ * developed by the University of California, Berkeley and its contributors''
+ * in the documentation or other materials provided with the distribution
+ * and in all advertising materials mentioning features or use of this
+ * software. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+#include <stddef.h>
+#include <string.h>
+#include "nstrtok.h"
+
+/*
+ * Function: nstrtok
+ *
+ * Purpose: the same as strtok ... just different. does not deal with
+ * multiple tokens in row.
+ *
+ * Arguments:
+ * s (input) string to scan
+ * delim (input) list of delimiters
+ * <return value> string or null on error.
+ *
+ * Requires:
+ * nuttin
+ *
+ * Effects:
+ * sets last to string
+ *
+ * Modifies:
+ * last
+ *
+ */
+
+char *
+nstrtok(s, delim)
+ register char *s;
+ register const char *delim;
+{
+ register const char *spanp;
+ register int c, sc;
+ char *tok;
+ static char *last;
+
+
+ if (s == NULL && (s = last) == NULL)
+ return (NULL);
+
+ /*
+ * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
+ */
+#ifdef OLD
+cont:
+ c = *s++;
+ for (spanp = delim; (sc = *spanp++) != 0;) {
+ if (c == sc)
+ goto cont;
+ }
+
+ if (c == 0) { /* no non-delimiter characters */
+ last = NULL;
+ return (NULL);
+ }
+ tok = s - 1;
+#else
+ tok = s;
+#endif
+
+ /*
+ * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
+ * Note that delim must have one NUL; we stop if we see that, too.
+ */
+ for (;;) {
+ c = *s++;
+ spanp = delim;
+ do {
+ if ((sc = *spanp++) == c) {
+ if (c == 0)
+ s = NULL;
+ else
+ s[-1] = 0;
+ last = s;
+ return (tok);
+ }
+ } while (sc != 0);
+ }
+ /* NOTREACHED */
+}
+
diff --git a/usr/src/cmd/krb5/kadmin/dbutil/util.c b/usr/src/cmd/krb5/kadmin/dbutil/util.c
index 529120bb1f..f2bda0fc38 100644
--- a/usr/src/cmd/krb5/kadmin/dbutil/util.c
+++ b/usr/src/cmd/krb5/kadmin/dbutil/util.c
@@ -28,7 +28,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -36,18 +36,21 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* Utilities for kdb5_edit.
- *
+ *
* Some routines derived from code contributed by the Sandia National
* Laboratories. Sandia National Laboratories also makes no
* representations about the suitability of the modifications, or
* additions to this software for any purpose. It is provided "as is"
* without express or implied warranty.
- *
+ *
*/
#define KDB5_DISPATCH
@@ -71,7 +74,6 @@
#define krb5_dbm_db_close_database krb5_db_close_database
#define krb5_dbm_db_open_database krb5_db_open_database
-#include <kadm5/admin.h>
#include "./kdb5_edit.h"
#ifndef HAVE_STRSTR
@@ -80,117 +82,117 @@ strstr(s1, s2)
char *s1;
char *s2;
{
- int s2len;
- int i;
- char *temp_ptr;
-
- temp_ptr = s1;
- for (i = 0; i < strlen(s1); i++) {
- if (memcmp(temp_ptr, s2, strlen(s2)) == 0)
- return (temp_ptr);
- temp_ptr += 1;
- }
- return ((char *) 0);
+ int s2len;
+ int i;
+ char *temp_ptr;
+
+ temp_ptr = s1;
+ for ( i = 0; i < strlen(s1); i++) {
+ if (memcmp(temp_ptr, s2, strlen(s2)) == 0) return(temp_ptr);
+ temp_ptr += 1;
+ }
+ return ((char *) 0);
}
-
-#endif /* HAVE_STRSTR */
+#endif /* HAVE_STRSTR */
void
parse_token(token_in, must_be_first_char, num_tokens, tokens_out)
char *token_in;
-int *must_be_first_char;
-int *num_tokens;
+int *must_be_first_char;
+int *num_tokens;
char *tokens_out;
{
- int i, j;
- int token_count = 0;
+ int i, j;
+ int token_count = 0;
- i = 0;
- j = 0;
+ i = 0;
+ j = 0;
/* Eliminate Up Front Asterisks */
- *must_be_first_char = 1;
- for (i = 0; token_in[i] == '*'; i++) {
- *must_be_first_char = 0;
- }
+ *must_be_first_char = 1;
+ for (i = 0; token_in[i] == '*'; i++) {
+ *must_be_first_char = 0;
+ }
- if (i == strlen(token_in)) {
- *num_tokens = 0;
- return;
- }
- /* Fill first token_out */
- token_count++;
- while ((token_in[i] != '*') && (token_in[i] != '\0')) {
- tokens_out[j] = token_in[i];
- j++;
- i++;
- }
+ if (i == strlen(token_in)) {
+ *num_tokens = 0;
+ return;
+ }
- if (i == strlen(token_in)) {
- tokens_out[j] = '\0';
- *num_tokens = token_count;
- return;
- }
- /* Then All Subsequent Tokens */
- while (i < strlen(token_in)) {
- if (token_in[i] == '*') {
- token_count++;
- tokens_out[j] = '\t';
- } else {
- tokens_out[j] = token_in[i];
- }
- i++;
- j++;
- }
+ /* Fill first token_out */
+ token_count++;
+ while ((token_in[i] != '*') && (token_in[i] != '\0')) {
+ tokens_out[j] = token_in[i];
+ j++;
+ i++;
+ }
+
+ if (i == strlen(token_in)) {
tokens_out[j] = '\0';
+ *num_tokens = token_count;
+ return;
+ }
- if (tokens_out[j - 1] == '\t') {
- token_count--;
- tokens_out[j - 1] = '\0';
+ /* Then All Subsequent Tokens */
+ while (i < strlen(token_in)) {
+ if (token_in[i] == '*') {
+ token_count++;
+ tokens_out[j] = '\t';
+ } else {
+ tokens_out[j] = token_in[i];
}
- *num_tokens = token_count;
+ i++;
+ j++;
+ }
+ tokens_out[j] = '\0';
+
+ if (tokens_out[j - 1] == '\t') {
+ token_count--;
+ tokens_out[j - 1] = '\0';
+ }
+
+ *num_tokens = token_count;
+ return;
}
int
-check_for_match(search_field, must_be_first_character, chk_entry,
- num_tokens, type)
+check_for_match(search_field, must_be_first_character, chk_entry,
+ num_tokens, type)
int must_be_first_character;
char *search_field;
krb5_db_entry *chk_entry;
int num_tokens;
int type;
{
- char token1[256];
- char *found1;
- char token2[256];
- char *found2;
- char token3[256];
- char *found3;
- char *local_entry;
+ char token1[256];
+ char *found1;
+ char token2[256];
+ char *found2;
+ char token3[256];
+ char *found3;
+ char *local_entry;
- local_entry = chk_entry->princ->data[type].data;
+ local_entry = chk_entry->princ->data[type].data;
- token1[0] = token2[0] = token3[0] = '\0';
+ token1[0] = token2[0] = token3[0] = '\0';
- (void) sscanf(search_field, "%s\t%s\t%s", token1, token2, token3);
+ (void) sscanf(search_field, "%s\t%s\t%s", token1, token2, token3);
- found1 = strstr(local_entry, token1);
+ found1 = strstr(local_entry, token1);
- if (must_be_first_character && (found1 != local_entry))
- return (0);
+ if (must_be_first_character && (found1 != local_entry)) return(0);
- if (found1 && (num_tokens == 1))
- return (1);
+ if (found1 && (num_tokens == 1)) return(1);
- if (found1 && (num_tokens > 1)) {
- found2 = strstr(local_entry, token2);
- if (found2 && (found2 > found1) && (num_tokens == 2))
- return (1);
- }
- if ((found2 > found1) && (num_tokens == 3)) {
- found3 = strstr(local_entry, token3);
- if (found3 && (found3 > found2) && (found2 > found1))
- return (1);
- }
- return (0);
+ if (found1 && (num_tokens > 1)) {
+ found2 = strstr(local_entry, token2);
+ if (found2 && (found2 > found1) && (num_tokens == 2)) return(1);
+ }
+
+ if ((found2 > found1) && (num_tokens == 3)) {
+ found3 = strstr(local_entry, token3);
+ if (found3 && (found3 > found2) && (found2 > found1)) return(1);
+ }
+ return(0);
}
+
diff --git a/usr/src/cmd/krb5/kadmin/kpasswd/Makefile b/usr/src/cmd/krb5/kadmin/kpasswd/Makefile
index 1cc3124c7d..70e67264ea 100644
--- a/usr/src/cmd/krb5/kadmin/kpasswd/Makefile
+++ b/usr/src/cmd/krb5/kadmin/kpasswd/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
@@ -29,7 +29,7 @@ CPPFLAGS += -I$(SRC)/lib/gss_mechs/mech_krb5/include \
-I$(SRC)/lib/krb5 \
-DHAVE_LIBSOCKET=1 -DHAVE_LIBNSL=1 -DHAVE_UNISTD_H=1 \
-DHAVE_SYS_TIMEB_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_FTIME=1 \
- -DHAVE_TIMEZONE -DUSE_KADM5_API_VERSION=1
+ -DHAVE_TIMEZONE -DUSE_KADM5_API_VERSION=2
COPTFLAG += $(XESS) #-I$(KINCDIR)
diff --git a/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.c b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.c
index f4a2efbfdf..ef7c0b3bf1 100644
--- a/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.c
+++ b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -25,21 +25,21 @@
/*
* Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header: /cvs/krbdev/krb5/src/kadmin/passwd/kpasswd.c,v 1.24 1997/02/20\
- * 06:12:57 probe Exp $
+ *
+ * $Header: /cvs/krbdev/krb5/src/kadmin/passwd/kpasswd.c,v 1.25 2001/02/26 18:22:08 epeisach Exp $
*
*
*/
-static char rcsid[] = "$Id: kpasswd.c,v 1.24 1997/02/20 "
- "06:12:57 probe Exp $";
+static char rcsid[] = "$Id: kpasswd.c,v 1.25 2001/02/26 18:22:08 epeisach Exp $";
#include <kadm5/admin.h>
#include <krb5.h>
#include "kpasswd_strings.h"
-#define string_text error_message
+#define string_text error_message
+
+#include "kpasswd.h"
#include <stdio.h>
#include <pwd.h>
@@ -52,7 +52,7 @@ extern void display_intro_message();
extern long read_old_password();
extern long read_new_password();
-#define MISC_EXIT_STATUS 6
+#define MISC_EXIT_STATUS 6
/*
* Function: kpasswd
@@ -67,7 +67,7 @@ extern long read_new_password();
* read_new_password (f) function to read new and change password
* display_intro_message (f) function to display intro message
* whoami (extern) argv[0]
- *
+ *
* Returns:
* exit status of 0 for success
* 1 principal unknown
@@ -77,10 +77,10 @@ extern long read_new_password();
* 5 password not typed
* 6 misc error
* 7 incorrect usage
- *
+ *
* Requires:
* Passwords cannot be more than 255 characters long.
- *
+ *
* Effects:
*
* If argc is 2, the password for the principal specified in argv[1]
@@ -93,7 +93,7 @@ extern long read_new_password();
* read_new_password is called to read the new password and change the
* principal's password (presumably ovsec_kadm_chpass_principal).
* admin system is de-initialized before the function returns.
- *
+ *
* Modifies:
*
* Changes the principal's password.
@@ -101,129 +101,113 @@ extern long read_new_password();
*/
int
kpasswd(context, argc, argv)
-krb5_context context;
-int argc;
-char *argv[];
+ krb5_context context;
+ int argc;
+ char *argv[];
{
- kadm5_ret_t code;
- krb5_ccache ccache = NULL;
- krb5_principal princ = 0;
- char *princ_str;
- struct passwd *pw = 0;
- int pwsize;
- char password[255]; /* I don't really like 255 */
- /* but that's what kinit uses */
- char msg_ret[1024], admin_realm[1024];
- kadm5_principal_ent_rec principal_entry;
- kadm5_policy_ent_rec policy_entry;
- void *server_handle;
- kadm5_config_params params;
- char *cpw_service;
+ kadm5_ret_t code;
+ krb5_ccache ccache = NULL;
+ krb5_principal princ = 0;
+ char *princ_str;
+ struct passwd *pw = 0;
+ unsigned int pwsize;
+ char password[255]; /* I don't really like 255 but that's what kinit uses */
+ char msg_ret[1024], admin_realm[1024];
+ kadm5_principal_ent_rec principal_entry;
+ kadm5_policy_ent_rec policy_entry;
+ void *server_handle;
+ kadm5_config_params params;
+ char *cpw_service;
memset((char *)&params, 0, sizeof (params));
memset(&principal_entry, 0, sizeof (principal_entry));
memset(&policy_entry, 0, sizeof (policy_entry));
- if (argc > 2) {
- com_err(whoami, KPW_STR_USAGE, 0);
- return (7);
- /* NOTREACHED */
- }
- /*
- * Get principal name to change
- */
+ if (argc > 2) {
+ com_err(whoami, KPW_STR_USAGE, 0);
+ return(7);
+ /*NOTREACHED*/
+ }
- /*
- * Look on the command line first, followed by the default
- * credential cache, followed by defaulting to the Unix user name
- */
+ /************************************
+ * Get principal name to change *
+ ************************************/
- if (argc == 2)
- princ_str = strdup(argv[1]);
- else {
- code = krb5_cc_default(context, &ccache);
- /* If we succeed, find who is in the credential cache */
- if (code == 0) {
- /* Get default principal from cache if one exists */
- code = krb5_cc_get_principal(context, ccache, &princ);
- /*
- * if we got a principal, unparse it, otherwise get
- * out of the if with an error code
- */
- (void) krb5_cc_close(context, ccache);
- if (code == 0) {
- code = krb5_unparse_name(context,
- princ, &princ_str);
- if (code != 0) {
- com_err(whoami, code,
- string_text(
- KPW_STR_UNPARSE_NAME));
- return (MISC_EXIT_STATUS);
- }
- }
- }
- /* this is a crock.. we want to compare against */
- /*
- * "KRB5_CC_DOESNOTEXIST" but there is no such error code,
- * and
- */
- /*
- * both the file and stdio types return FCC_NOFILE. If
- * there is
- */
- /* ever another ccache type (or if the error codes are ever */
- /* fixed), this code will have to be updated. */
- if (code && code != KRB5_FCC_NOFILE) {
- com_err(whoami, code,
- string_text(KPW_STR_WHILE_LOOKING_AT_CC));
- return (MISC_EXIT_STATUS);
- }
- /* if either krb5_cc failed check the passwd file */
- if (code != 0) {
- pw = getpwuid(getuid());
- if (pw == NULL) {
- com_err(whoami, 0,
- string_text(KPW_STR_NOT_IN_PASSWD_FILE));
- return (MISC_EXIT_STATUS);
- }
- princ_str = strdup(pw->pw_name);
- }
+ /* Look on the command line first, followed by the default credential
+ cache, followed by defaulting to the Unix user name */
+
+ if (argc == 2)
+ princ_str = strdup(argv[1]);
+ else {
+ code = krb5_cc_default(context, &ccache);
+ /* If we succeed, find who is in the credential cache */
+ if (code == 0) {
+ /* Get default principal from cache if one exists */
+ code = krb5_cc_get_principal(context, ccache, &princ);
+ /* if we got a principal, unparse it, otherwise get out of the if
+ with an error code */
+ (void) krb5_cc_close(context, ccache);
+ if (code == 0) {
+ code = krb5_unparse_name(context, princ, &princ_str);
+ if (code != 0) {
+ com_err(whoami, code, string_text(KPW_STR_UNPARSE_NAME));
+ return(MISC_EXIT_STATUS);
}
+ }
+ }
- display_intro_message(string_text(KPW_STR_CHANGING_PW_FOR), princ_str);
+ /* this is a crock.. we want to compare against */
+ /* "KRB5_CC_DOESNOTEXIST" but there is no such error code, and */
+ /* both the file and stdio types return FCC_NOFILE. If there is */
+ /* ever another ccache type (or if the error codes are ever */
+ /* fixed), this code will have to be updated. */
+ if (code && code != KRB5_FCC_NOFILE) {
+ com_err(whoami, code, string_text(KPW_STR_WHILE_LOOKING_AT_CC));
+ return(MISC_EXIT_STATUS);
+ }
- /*
- * Need to get a krb5_principal, unless we started from with one
- * from the credential cache
- */
+ /* if either krb5_cc failed check the passwd file */
+ if (code != 0) {
+ pw = getpwuid( getuid());
+ if (pw == NULL) {
+ com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE));
+ return(MISC_EXIT_STATUS);
+ }
+ princ_str = strdup(pw->pw_name);
+ }
+ }
+
+ display_intro_message(string_text(KPW_STR_CHANGING_PW_FOR), princ_str);
- if (!princ) {
- code = krb5_parse_name(context, princ_str, &princ);
- if (code != 0) {
- com_err(whoami, code,
- string_text(KPW_STR_PARSE_NAME), princ_str);
- free(princ_str);
- return (MISC_EXIT_STATUS);
- }
- }
- pwsize = sizeof (password);
- code = read_old_password(context, password, &pwsize);
+ /* Need to get a krb5_principal, unless we started from with one from
+ the credential cache */
- if (code != 0) {
- memset(password, 0, sizeof (password));
- com_err(whoami, code,
- string_text(KPW_STR_WHILE_READING_PASSWORD));
- krb5_free_principal(context, princ);
- free(princ_str);
- return (MISC_EXIT_STATUS);
- }
- if (pwsize == 0) {
- memset(password, 0, sizeof (password));
- com_err(whoami, 0, string_text(KPW_STR_NO_PASSWORD_READ));
- krb5_free_principal(context, princ);
- free(princ_str);
- return (5);
- }
+ if (! princ) {
+ code = krb5_parse_name (context, princ_str, &princ);
+ if (code != 0) {
+ com_err(whoami, code, string_text(KPW_STR_PARSE_NAME), princ_str);
+ free(princ_str);
+ return(MISC_EXIT_STATUS);
+ }
+ }
+
+ pwsize = sizeof(password);
+ code = read_old_password(context, password, &pwsize);
+
+ if (code != 0) {
+ memset(password, 0, sizeof(password));
+ com_err(whoami, code, string_text(KPW_STR_WHILE_READING_PASSWORD));
+ krb5_free_principal(context, princ);
+ free(princ_str);
+ return(MISC_EXIT_STATUS);
+ }
+ if (pwsize == 0) {
+ memset(password, 0, sizeof(password));
+ com_err(whoami, 0, string_text(KPW_STR_NO_PASSWORD_READ));
+ krb5_free_principal(context, princ);
+ free(princ_str);
+ return(5);
+ }
snprintf(admin_realm, sizeof (admin_realm),
krb5_princ_realm(context, princ)->data);
@@ -346,23 +330,22 @@ char *argv[];
}
} /* if protocol == KRB5_CHGPWD_RPCSEC */
- pwsize = sizeof (password);
- code = read_new_password(server_handle, password,
- &pwsize, msg_ret, sizeof (msg_ret), princ);
- memset(password, 0, sizeof (password));
-
- if (code)
- com_err(whoami, 0, msg_ret);
+ pwsize = sizeof(password);
+ code = read_new_password(server_handle, password, &pwsize, msg_ret, sizeof (msg_ret), princ);
+ memset(password, 0, sizeof(password));
- krb5_free_principal(context, princ);
- free(princ_str);
+ if (code)
+ com_err(whoami, 0, msg_ret);
- (void) kadm5_destroy(server_handle);
+ krb5_free_principal(context, princ);
+ free(princ_str);
- if (code == KRB5_LIBOS_CANTREADPWD)
- return (5);
- else if (code)
- return (4);
- else
- return (0);
+ (void) kadm5_destroy(server_handle);
+
+ if (code == KRB5_LIBOS_CANTREADPWD)
+ return(5);
+ else if (code)
+ return(4);
+ else
+ return(0);
}
diff --git a/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.h b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.h
new file mode 100644
index 0000000000..e53d868f0c
--- /dev/null
+++ b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd.h
@@ -0,0 +1,49 @@
+/*
+ * kadmin/passwd/kpasswd.h
+ *
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Prototypes for the kpasswd program callback functions.
+ */
+
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+
+#ifndef __KPASSWD_H__
+#define __KPASSWD_H__
+
+int kpasswd(krb5_context context, int argc, char *argv[]);
+
+long read_old_password(krb5_context context, char *password,
+ unsigned int *pwsize);
+
+long read_new_password(void *server_handle, char *password,
+ unsigned int *pwsize, char *msg_ret,
+ int msg_len, krb5_principal princ);
+
+void display_intro_message(const char *fmt_string, const char *arg_string);
+
+#endif /* __KPASSWD_H__ */
+
+
diff --git a/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd_strings.h b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd_strings.h
index 7d29943edc..86de60b65a 100644
--- a/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd_strings.h
+++ b/usr/src/cmd/krb5/kadmin/kpasswd/kpasswd_strings.h
@@ -17,33 +17,45 @@
*
*/
+#include <com_err.h>
/*
* kpasswd_strings.h:
* This file is automatically generated; please do not edit it.
*/
-#define KPW_STR_USAGE (-1767084800L)
-#define KPW_STR_PRIN_UNKNOWN (-1767084799L)
-#define KPW_STR_WHILE_LOOKING_AT_CC (-1767084798L)
-#define KPW_STR_OLD_PASSWORD_INCORRECT (-1767084797L)
-#define KPW_STR_CANT_OPEN_ADMIN_SERVER (-1767084796L)
-#define KPW_STR_NEW_PASSWORD_MISMATCH (-1767084795L)
-#define KPW_STR_PASSWORD_CHANGED (-1767084794L)
-#define KPW_STR_PASSWORD_NOT_CHANGED (-1767084793L)
-#define KPW_STR_PARSE_NAME (-1767084792L)
-#define KPW_STR_UNPARSE_NAME (-1767084791L)
-#define KPW_STR_NOT_IN_PASSWD_FILE (-1767084790L)
-#define KPW_STR_CHANGING_PW_FOR (-1767084789L)
-#define KPW_STR_OLD_PASSWORD_PROMPT (-1767084788L)
-#define KPW_STR_WHILE_READING_PASSWORD (-1767084787L)
-#define KPW_STR_NO_PASSWORD_READ (-1767084786L)
-#define KPW_STR_WHILE_TRYING_TO_CHANGE (-1767084785L)
-#define KPW_STR_WHILE_DESTROYING_ADMIN_SESSION (-1767084784L)
-#define KPW_STR_WHILE_FREEING_PRINCIPAL (-1767084783L)
-#define KPW_STR_WHILE_FREEING_POLICY (-1767084782L)
-#define KPW_STR_CANT_GET_POLICY_INFO (-1767084781L)
-#define KPW_STR_POLICY_EXPLANATION (-1767084780L)
-#define ERROR_TABLE_BASE_kpws (-1767084800L)
+#define KPW_STR_USAGE (-1767084800L)
+#define KPW_STR_PRIN_UNKNOWN (-1767084799L)
+#define KPW_STR_WHILE_LOOKING_AT_CC (-1767084798L)
+#define KPW_STR_OLD_PASSWORD_INCORRECT (-1767084797L)
+#define KPW_STR_CANT_OPEN_ADMIN_SERVER (-1767084796L)
+#define KPW_STR_NEW_PASSWORD_MISMATCH (-1767084795L)
+#define KPW_STR_PASSWORD_CHANGED (-1767084794L)
+#define KPW_STR_PASSWORD_NOT_CHANGED (-1767084793L)
+#define KPW_STR_PARSE_NAME (-1767084792L)
+#define KPW_STR_UNPARSE_NAME (-1767084791L)
+#define KPW_STR_NOT_IN_PASSWD_FILE (-1767084790L)
+#define KPW_STR_CHANGING_PW_FOR (-1767084789L)
+#define KPW_STR_OLD_PASSWORD_PROMPT (-1767084788L)
+#define KPW_STR_WHILE_READING_PASSWORD (-1767084787L)
+#define KPW_STR_NO_PASSWORD_READ (-1767084786L)
+#define KPW_STR_WHILE_TRYING_TO_CHANGE (-1767084785L)
+#define KPW_STR_WHILE_DESTROYING_ADMIN_SESSION (-1767084784L)
+#define KPW_STR_WHILE_FREEING_PRINCIPAL (-1767084783L)
+#define KPW_STR_WHILE_FREEING_POLICY (-1767084782L)
+#define KPW_STR_CANT_GET_POLICY_INFO (-1767084781L)
+#define KPW_STR_POLICY_EXPLANATION (-1767084780L)
+#define ERROR_TABLE_BASE_kpws (-1767084800L)
+extern const struct error_table et_kpws_error_table;
+
+#if !defined(_WIN32)
/* for compatibility with older versions... */
-#define kpws_err_base ERROR_TABLE_BASE_kpws
+extern void initialize_kpws_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_kpws_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_kpws_err_tbl initialize_kpws_error_table
+#define kpws_err_base ERROR_TABLE_BASE_kpws
+#endif
diff --git a/usr/src/cmd/krb5/kadmin/kpasswd/tty_kpasswd.c b/usr/src/cmd/krb5/kadmin/kpasswd/tty_kpasswd.c
index ec1618155e..63ee6d3772 100644
--- a/usr/src/cmd/krb5/kadmin/kpasswd/tty_kpasswd.c
+++ b/usr/src/cmd/krb5/kadmin/kpasswd/tty_kpasswd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -25,22 +25,21 @@
/*
* Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header: /cvs/krbdev/krb5/src/kadmin/passwd/tty_kpasswd.c,v 1.7\
- * 1997/02/20 06:13:01 probe Exp $
+ *
+ * $Header: /cvs/krbdev/krb5/src/kadmin/passwd/tty_kpasswd.c,v 1.9 2001/02/26 18:22:08 epeisach Exp $
*
*
*/
-static char rcsid[] = "$Id: tty_kpasswd.c,v 1.7 "
- "1997/02/20 06:13:01 probe Exp $";
+static char rcsid[] = "$Id: tty_kpasswd.c,v 1.9 2001/02/26 18:22:08 epeisach Exp $";
#include <kadm5/admin.h>
#include <krb5.h>
#include "kpasswd_strings.h"
-#define string_text error_message
+#define string_text error_message
+#include "kpasswd.h"
#include <stdio.h>
#include <pwd.h>
#include <string.h>
@@ -49,39 +48,34 @@ static char rcsid[] = "$Id: tty_kpasswd.c,v 1.7 "
char *whoami;
-void
-display_intro_message(fmt_string, arg_string)
-char *fmt_string;
-char *arg_string;
+void display_intro_message(fmt_string, arg_string)
+ const char *fmt_string;
+ const char *arg_string;
{
- com_err(whoami, 0, fmt_string, arg_string);
+ com_err(whoami, 0, fmt_string, arg_string);
}
-long
-read_old_password(context, password, pwsize)
-krb5_context context;
-char *password;
-unsigned int *pwsize;
+long read_old_password(context, password, pwsize)
+ krb5_context context;
+ char *password;
+ unsigned int *pwsize;
{
- long code = krb5_read_password(context,
+ long code = krb5_read_password(context,
(char *) string_text(KPW_STR_OLD_PASSWORD_PROMPT),
- 0, password, pwsize);
-
- return (code);
+ 0, password, pwsize);
+ return code;
}
-long
-read_new_password(server_handle, password, pwsize,
- msg_ret, msg_len, princ)
-void *server_handle;
-char *password;
-int *pwsize;
-char *msg_ret;
-int msg_len;
-krb5_principal princ;
+long read_new_password(server_handle, password, pwsize, msg_ret, msg_len, princ)
+ void *server_handle;
+ char *password;
+ unsigned int *pwsize;
+ char *msg_ret;
+ int msg_len;
+ krb5_principal princ;
{
return (kadm5_chpass_principal_util(server_handle, princ, NULL,
- NULL /* don't need new pw back */,
+ NULL /* don't need new pw back */,
msg_ret, msg_len));
}
@@ -91,13 +85,13 @@ krb5_principal princ;
*/
int
main(argc, argv)
-int argc;
-char *argv[];
+ int argc;
+ char *argv[];
{
- krb5_context context;
- int retval;
+ krb5_context context;
+ int retval;
- whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
+ whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
(void) setlocale(LC_ALL, "");
@@ -107,15 +101,17 @@ char *argv[];
(void) textdomain(TEXT_DOMAIN);
- if (retval = krb5_init_context(&context)) {
+ retval = krb5_init_context(&context);
+ if (retval) {
com_err(whoami, retval, gettext("initializing krb5 context"));
- exit(retval);
- }
+ exit(retval);
+ }
/* initialize_kpws_error_table(); SUNWresync121 */
- retval = kpasswd(context, argc, argv);
- if (!retval)
- printf(string_text(KPW_STR_PASSWORD_CHANGED));
+ retval = kpasswd(context, argc, argv);
+
+ if (!retval)
+ printf(string_text(KPW_STR_PASSWORD_CHANGED));
- exit(retval);
+ exit(retval);
}
diff --git a/usr/src/cmd/krb5/kadmin/ktutil/ktutil.c b/usr/src/cmd/krb5/kadmin/ktutil/ktutil.c
index 47e5b1bf24..848a14da62 100644
--- a/usr/src/cmd/krb5/kadmin/ktutil/ktutil.c
+++ b/usr/src/cmd/krb5/kadmin/ktutil/ktutil.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -33,7 +33,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* SS user interface for ktutil.
*/
@@ -66,14 +66,12 @@ extern ss_request_table ktutil_cmds;
krb5_context kcontext;
krb5_kt_list ktlist = NULL;
-int
-main(argc, argv)
-int argc;
-char *argv[];
+int main(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
- extern krb5_kt_ops krb5_ktf_writable_ops;
- int sci_idx;
+ krb5_error_code retval;
+ int sci_idx;
(void) setlocale(LC_ALL, "");
@@ -83,84 +81,75 @@ char *argv[];
(void) textdomain(TEXT_DOMAIN);
- retval = krb5_init_context(&kcontext);
- if (retval) {
+ retval = krb5_init_context(&kcontext);
+ if (retval) {
com_err(argv[0], retval, gettext("while initializing krb5"));
- exit(1);
- }
- retval = krb5_kt_register(kcontext, &krb5_ktf_writable_ops);
- if (retval) {
- com_err(argv[0], retval,
- gettext("while registering writable key table functions"));
- exit(1);
- }
+ exit(1);
+ }
retval = ktutil_initialize_cmds_table (&ktutil_cmds);
if (retval) {
com_err(argv[0], retval,
gettext("while localizing command description messages"));
exit(1);
}
- sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL,
- &ktutil_cmds, &retval);
- if (retval) {
- ss_perror(sci_idx, retval, gettext("creating invocation"));
- exit(1);
- }
- ss_listen(sci_idx, &retval);
- ktutil_free_kt_list(kcontext, ktlist);
- exit(0);
+ sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL,
+ &ktutil_cmds, &retval);
+ if (retval) {
+ ss_perror(sci_idx, retval, gettext("creating invocation"));
+ exit(1);
+ }
+ retval = ss_listen(sci_idx);
+ ktutil_free_kt_list(kcontext, ktlist);
+ exit(0);
}
-void
-ktutil_clear_list(argc, argv)
-int argc;
-char *argv[];
+void ktutil_clear_list(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 1) {
+ if (argc != 1) {
fprintf(stderr, gettext("%s: invalid arguments\n"), argv[0]);
- return;
- }
- retval = ktutil_free_kt_list(kcontext, ktlist);
- if (retval)
+ return;
+ }
+ retval = ktutil_free_kt_list(kcontext, ktlist);
+ if (retval)
com_err(argv[0], retval, gettext("while freeing ktlist"));
- ktlist = NULL;
+ ktlist = NULL;
}
-void
-ktutil_read_v5(argc, argv)
-int argc;
-char *argv[];
+void ktutil_read_v5(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 2) {
+ if (argc != 2) {
fprintf(stderr,
gettext("%s: must specify keytab to read\n"), argv[0]);
- return;
- }
- retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
- if (retval)
+ return;
+ }
+ retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
+ if (retval)
com_err(argv[0], retval,
gettext("while reading keytab \"%s\""), argv[1]);
}
-void
-ktutil_read_v4(argc, argv)
-int argc;
-char *argv[];
+void ktutil_read_v4(argc, argv)
+ int argc;
+ char *argv[];
{
#ifdef KRB5_KRB4_COMPAT
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 2) {
+ if (argc != 2) {
fprintf(stderr,
gettext("%s: must specify the srvtab to read\n"), argv[0]);
- return;
- }
- retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
- if (retval)
+ return;
+ }
+ retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
+ if (retval)
com_err(argv[0], retval,
gettext("while reading srvtab \"%s\""), argv[1]);
#else
@@ -168,39 +157,37 @@ char *argv[];
#endif
}
-void
-ktutil_write_v5(argc, argv)
-int argc;
-char *argv[];
+void ktutil_write_v5(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 2) {
+ if (argc != 2) {
fprintf(stderr,
gettext("%s: must specify keytab to write\n"), argv[0]);
- return;
- }
- retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
- if (retval)
+ return;
+ }
+ retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
+ if (retval)
com_err(argv[0], retval,
gettext("while writing keytab \"%s\""), argv[1]);
}
-void
-ktutil_write_v4(argc, argv)
-int argc;
-char *argv[];
+void ktutil_write_v4(argc, argv)
+ int argc;
+ char *argv[];
{
#ifdef KRB5_KRB4_COMPAT
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 2) {
+ if (argc != 2) {
fprintf(stderr,
gettext("%s: must specify srvtab to write\n"), argv[0]);
- return;
- }
- retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]);
- if (retval)
+ return;
+ }
+ retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]);
+ if (retval)
com_err(argv[0], retval,
gettext("while writing srvtab \"%s\""), argv[1]);
#else
@@ -252,108 +239,102 @@ void ktutil_add_entry(argc, argv)
com_err(argv[0], retval, gettext("while adding new entry"));
}
-void
-ktutil_delete_entry(argc, argv)
-int argc;
-char *argv[];
+void ktutil_delete_entry(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
+ krb5_error_code retval;
- if (argc != 2) {
- fprintf(stderr,
- gettext("%s: must specify entry to delete\n"), argv[0]);
- return;
- }
- retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
- if (retval)
- com_err(argv[0], retval,
+ if (argc != 2) {
+ fprintf(stderr,
+ gettext("%s: must specify entry to delete\n"), argv[0]);
+ return;
+ }
+ retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
+ if (retval)
+ com_err(argv[0], retval,
gettext("while deleting entry %d"), atoi(argv[1]));
}
-void
-ktutil_list(argc, argv)
-int argc;
-char *argv[];
+void ktutil_list(argc, argv)
+ int argc;
+ char *argv[];
{
- krb5_error_code retval;
- krb5_kt_list lp;
- struct tm *stime;
- int show_time = 0, show_keys = 0, show_enctype = 0;
- int i, j;
- char *pname;
-
- for (i = 1; i < argc; i++) {
- if ((strlen(argv[i]) == 2) && strncmp(argv[i], "-t", 2) == 0) {
- show_time++;
- continue;
- }
- if ((strlen(argv[i]) == 2) && strncmp(argv[i], "-k", 2) == 0) {
- show_keys++;
- continue;
- }
- if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
- show_enctype++;
- continue;
- }
- if ((strlen(argv[i]) == 2) &&
- (strncmp(argv[i], "-e", 2) == 0)) {
- show_enctype = 1;
- continue;
- }
- fprintf(stderr, gettext("%s: illegal arguments\n"), argv[0]);
- return;
+ krb5_error_code retval;
+ krb5_kt_list lp;
+ int show_time = 0, show_keys = 0, show_enctype = 0;
+ int i, j;
+ char *pname;
+
+ for (i = 1; i < argc; i++) {
+ if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
+ show_time++;
+ continue;
+ }
+ if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
+ show_keys++;
+ continue;
+ }
+ if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
+ show_enctype++;
+ continue;
}
+
+ fprintf(stderr, "%s: %s [-t] [-k] [-e]\n", gettext("usage"), argv[0]);
+ return;
+ }
+ if (show_time) {
+ printf(gettext("slot KVNO Timestamp Principal\n"));
+ printf("---- ---- ----------------- ---------------------------------------------------\n");
+ } else {
+ printf(gettext("slot KVNO Principal\n"));
+ printf("---- ---- ---------------------------------------------------------------------\n");
+ }
+ for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
+ retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
+ if (retval) {
+ com_err(argv[0], retval,
+ gettext("while unparsing principal name"));
+ return;
+ }
+ printf("%4d %4d ", i, lp->entry->vno);
if (show_time) {
- printf(gettext("slot KVNO Timestamp Principal\n"));
- printf("---- ---- ----------------- ---------------------------------------------------\n");
- } else {
- printf(gettext("slot KVNO Principal\n"));
- printf("---- ---- ---------------------------------------------------------------------\n");
+ char fmtbuf[18];
+ char fill;
+ time_t tstamp;
+
+ (void) localtime(&tstamp);
+ lp->entry->timestamp = tstamp;
+ fill = ' ';
+ if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
+ timestamp,
+ fmtbuf,
+ sizeof(fmtbuf),
+ &fill))
+ printf("%s ", fmtbuf);
}
- for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
- retval = krb5_unparse_name(kcontext,
- lp->entry->principal, &pname);
- if (retval) {
- com_err(argv[0], retval,
- gettext("while unparsing principal name"));
- return;
+ printf("%40s", pname);
+ if (show_enctype) {
+ static char buf[256];
+ if ((retval = krb5_enctype_to_string(
+ lp->entry->key.enctype, buf, 256))) {
+ com_err(argv[0], retval,
+ gettext("While converting "
+ "enctype to string"));
+ return;
}
- printf("%4d %4d ", i, lp->entry->vno);
- if (show_time) {
- char fmtbuf[18];
- char fill;
-
- stime = localtime((time_t *) & lp->entry->timestamp);
- fill = ' ';
- if (!krb5_timestamp_to_sfstring(
- (krb5_timestamp) lp->entry->timestamp,
- fmtbuf,
- sizeof (fmtbuf),
- &fill))
- printf("%s ", fmtbuf);
- }
- printf("%40s", pname);
- if (show_enctype) {
- static char buf[256];
-
- if ((retval = krb5_enctype_to_string(
- lp->entry->key.enctype, buf, 256))) {
- com_err(argv[0], retval,
- gettext("While converting "
- "enctype to string"));
- return;
- }
- printf(" (%s) ", buf);
- }
- if (show_keys) {
- printf(" (0x");
- for (j = 0; j < lp->entry->key.length; j++)
- printf("%02x", lp->entry->key.contents[j]);
- printf(")");
- }
- printf("\n");
- krb5_xfree(pname);
+ printf(" (%s) ", buf);
}
+
+ if (show_keys) {
+ printf(" (0x");
+ for (j = 0; j < lp->entry->key.length; j++)
+ printf("%02x", lp->entry->key.contents[j]);
+ printf(")");
+ }
+ printf("\n");
+ krb5_xfree(pname);
+ }
}
diff --git a/usr/src/cmd/krb5/kadmin/ktutil/ktutil.h b/usr/src/cmd/krb5/kadmin/ktutil/ktutil.h
index 3cdd5d1d4d..74afbc0d5b 100644
--- a/usr/src/cmd/krb5/kadmin/ktutil/ktutil.h
+++ b/usr/src/cmd/krb5/kadmin/ktutil/ktutil.h
@@ -28,7 +28,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -42,49 +42,54 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*/
typedef struct _krb5_kt_list {
- struct _krb5_kt_list *next;
- krb5_keytab_entry *entry;
+ struct _krb5_kt_list *next;
+ krb5_keytab_entry *entry;
} *krb5_kt_list;
-krb5_error_code ktutil_free_kt_list
-(krb5_context,
- krb5_kt_list);
-
-krb5_error_code ktutil_delete
-(krb5_context,
- krb5_kt_list *,
- int);
-
-krb5_error_code ktutil_add
- (krb5_context,
- krb5_kt_list *,
- char *,
- krb5_kvno,
- char *,
- int);
-
-krb5_error_code ktutil_read_keytab
-(krb5_context,
- char *,
- krb5_kt_list *);
-
-krb5_error_code ktutil_write_keytab
-(krb5_context,
- krb5_kt_list,
- char *);
+krb5_error_code ktutil_free_kt_list (krb5_context, krb5_kt_list);
-#ifdef KRB5_KRB4_COMPAT
-krb5_error_code ktutil_read_srvtab
-(krb5_context,
- char *,
- krb5_kt_list *);
-krb5_error_code ktutil_write_srvtab
-(krb5_context,
- krb5_kt_list,
- char *);
+krb5_error_code ktutil_delete (krb5_context, krb5_kt_list *, int);
+
+krb5_error_code ktutil_add (krb5_context,
+ krb5_kt_list *,
+ char *,
+ krb5_kvno,
+ char *,
+ int);
+krb5_error_code ktutil_read_keytab (krb5_context,
+ char *,
+ krb5_kt_list *);
+
+krb5_error_code ktutil_write_keytab (krb5_context,
+ krb5_kt_list,
+ char *);
+
+#ifdef KRB5_KRB4_COMPAT
+krb5_error_code ktutil_read_srvtab (krb5_context,
+ char *,
+ krb5_kt_list *);
+krb5_error_code ktutil_write_srvtab (krb5_context,
+ krb5_kt_list,
+ char *);
#endif
+
+void ktutil_add_entry (int, char *[]);
+
+void ktutil_clear_list (int, char *[]);
+
+void ktutil_read_v5 (int, char *[]);
+
+void ktutil_read_v4 (int, char *[]);
+
+void ktutil_write_v5 (int, char *[]);
+
+void ktutil_write_v4 (int, char *[]);
+
+void ktutil_delete_entry (int, char *[]);
+
+void ktutil_list (int, char *[]);
diff --git a/usr/src/cmd/krb5/kadmin/ktutil/ktutil_ct.c b/usr/src/cmd/krb5/kadmin/ktutil/ktutil_ct.c
index 854e0b3074..bf6a2ba1f9 100644
--- a/usr/src/cmd/krb5/kadmin/ktutil/ktutil_ct.c
+++ b/usr/src/cmd/krb5/kadmin/ktutil/ktutil_ct.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -38,116 +38,116 @@
#define gettext(s) s
#ifndef __STDC__
-#define const
+#define const
#endif
-static char const *const ssu00001[] = {
- "clear_list",
- "clear",
- (char const *) 0
+static char const * const ssu00001[] = {
+"clear_list",
+ "clear",
+ (char const *)0
};
extern void ktutil_clear_list __SS_PROTO;
-static char const *const ssu00002[] = {
- "read_kt",
- "rkt",
- (char const *) 0
+static char const * const ssu00002[] = {
+"read_kt",
+ "rkt",
+ (char const *)0
};
extern void ktutil_read_v5 __SS_PROTO;
-static char const *const ssu00003[] = {
- "read_st",
- "rst",
- (char const *) 0
+static char const * const ssu00003[] = {
+"read_st",
+ "rst",
+ (char const *)0
};
extern void ktutil_read_v4 __SS_PROTO;
-static char const *const ssu00004[] = {
- "write_kt",
- "wkt",
- (char const *) 0
+static char const * const ssu00004[] = {
+"write_kt",
+ "wkt",
+ (char const *)0
};
extern void ktutil_write_v5 __SS_PROTO;
-static char const *const ssu00005[] = {
- "write_st",
- "wst",
- (char const *) 0
+static char const * const ssu00005[] = {
+"write_st",
+ "wst",
+ (char const *)0
};
extern void ktutil_write_v4 __SS_PROTO;
-static char const *const ssu00006[] = {
- "add_entry",
- "addent",
- (char const *) 0
+static char const * const ssu00006[] = {
+"add_entry",
+ "addent",
+ (char const *)0
};
extern void ktutil_add_entry __SS_PROTO;
-static char const *const ssu00007[] = {
- "delete_entry",
- "delent",
- (char const *) 0
+static char const * const ssu00007[] = {
+"delete_entry",
+ "delent",
+ (char const *)0
};
extern void ktutil_delete_entry __SS_PROTO;
-static char const *const ssu00008[] = {
- "list",
- "l",
- (char const *) 0
+static char const * const ssu00008[] = {
+"list",
+ "l",
+ (char const *)0
};
extern void ktutil_list __SS_PROTO;
-static char const *const ssu00009[] = {
- "list_requests",
- "lr",
- "?",
- (char const *) 0
+static char const * const ssu00009[] = {
+"list_requests",
+ "lr",
+ "?",
+ (char const *)0
};
extern void ss_list_requests __SS_PROTO;
-static char const *const ssu00010[] = {
- "quit",
- "exit",
- "q",
- (char const *) 0
+static char const * const ssu00010[] = {
+"quit",
+ "exit",
+ "q",
+ (char const *)0
};
extern void ss_quit __SS_PROTO;
static ss_request_entry ssu00011[] = {
- {ssu00001,
- ktutil_clear_list,
+ { ssu00001,
+ ktutil_clear_list,
gettext("Clear the current keylist."),
- 0},
- {ssu00002,
- ktutil_read_v5,
+ 0 },
+ { ssu00002,
+ ktutil_read_v5,
gettext("Read a krb5 keytab into the current keylist."),
- 0},
- {ssu00003,
- ktutil_read_v4,
+ 0 },
+ { ssu00003,
+ ktutil_read_v4,
gettext("Read a krb4 srvtab into the current keylist."),
- 0},
- {ssu00004,
- ktutil_write_v5,
+ 0 },
+ { ssu00004,
+ ktutil_write_v5,
gettext("Write the current keylist to a krb5 keytab."),
- 0},
- {ssu00005,
- ktutil_write_v4,
+ 0 },
+ { ssu00005,
+ ktutil_write_v4,
gettext("Write the current keylist to a krb4 srvtab."),
- 0},
- {ssu00006,
- ktutil_add_entry,
+ 0 },
+ { ssu00006,
+ ktutil_add_entry,
gettext("Add an entry to the current keylist."),
- 0},
- {ssu00007,
- ktutil_delete_entry,
+ 0 },
+ { ssu00007,
+ ktutil_delete_entry,
gettext("Delete an entry from the current keylist."),
- 0},
- {ssu00008,
- ktutil_list,
+ 0 },
+ { ssu00008,
+ ktutil_list,
gettext("List the current keylist."),
- 0},
- {ssu00009,
- ss_list_requests,
+ 0 },
+ { ssu00009,
+ ss_list_requests,
gettext("List available requests."),
- 0},
- {ssu00010,
- ss_quit,
+ 0 },
+ { ssu00010,
+ ss_quit,
gettext("Exit program."),
- 0},
- {0, 0, 0, 0}
+ 0 },
+ { 0, 0, 0, 0 }
};
-ss_request_table ktutil_cmds = {2, ssu00011};
+ss_request_table ktutil_cmds = { 2, ssu00011 };
#undef gettext
diff --git a/usr/src/cmd/krb5/kadmin/ktutil/ktutil_funcs.c b/usr/src/cmd/krb5/kadmin/ktutil/ktutil_funcs.c
index 1393292591..89859da78e 100644
--- a/usr/src/cmd/krb5/kadmin/ktutil/ktutil_funcs.c
+++ b/usr/src/cmd/krb5/kadmin/ktutil/ktutil_funcs.c
@@ -5,6 +5,7 @@
#pragma ident "%Z%%M% %I% %E% SMI"
+
/*
* kadmin/ktutil/ktutil_funcs.c
*
@@ -69,16 +70,16 @@ krb5_error_code ktutil_free_kt_list(context, list)
* Delete a numbered entry in a kt_list. Takes a pointer to a kt_list
* in case head gets deleted.
*/
-krb5_error_code ktutil_delete(context, list, index)
+krb5_error_code ktutil_delete(context, list, idx)
krb5_context context;
krb5_kt_list *list;
- int index;
+ int idx;
{
krb5_kt_list lp, prev;
int i;
for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
- if (i == index) {
+ if (i == idx) {
if (i == 1)
*list = lp->next;
else
@@ -117,7 +118,8 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
char promptstr[1024];
char *cp;
- int i, tmp, pwsize = BUFSIZ;
+ int i, tmp;
+ unsigned int pwsize = BUFSIZ;
retval = krb5_parse_name(context, princ_str, &princ);
if (retval)
@@ -211,7 +213,7 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
i = 0;
for (cp = buf; *cp; cp += 2) {
- if (!isxdigit(cp[0]) || !isxdigit(cp[1])) {
+ if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) {
fprintf(stderr, "addent: %s",
gettext("Illegal character in key.\n"));
retval = 0;
@@ -296,7 +298,7 @@ krb5_error_code ktutil_read_keytab(context, name, list)
}
if (entry)
free((char *)entry);
- if (retval)
+ if (retval) {
if (retval == KRB5_KT_END)
retval = 0;
else {
@@ -305,6 +307,7 @@ krb5_error_code ktutil_read_keytab(context, name, list)
if (back)
back->next = NULL;
}
+ }
if (!*list)
*list = tail;
krb5_kt_end_seq_get(context, kt, &cursor);
@@ -353,12 +356,12 @@ krb5_error_code ktutil_write_keytab(context, list, name)
* including the null terminator.
*/
-int getstr(fp, s, n)
+static int getstr(fp, s, n)
FILE *fp;
register char *s;
int n;
{
- register count = n;
+ register int count = n;
while (fread(s, 1, 1, fp) > 0 && --count)
if (*s++ == '\0')
return (n - count);
@@ -512,10 +515,22 @@ krb5_error_code ktutil_write_srvtab(context, list, name)
lp1 = prev->next;
}
lp1->entry = lp->entry;
- } else if (lp1->entry->vno < lp->entry->vno)
- /* Check if lp->entry is newer kvno; if so, update */
- lp1->entry = lp->entry;
+ } else {
+ /* This heuristic should be roughly the same as in the
+ keytab-reading code in libkrb5. */
+ int offset = 0;
+ if (lp1->entry->vno > 240 || lp->entry->vno > 240) {
+ offset = 128;
+ }
+#define M(X) (((X) + offset) % 256)
+ if (M(lp1->entry->vno) < M(lp->entry->vno))
+ /* Check if lp->entry is newer kvno; if so, update */
+ lp1->entry = lp->entry;
+ }
}
+ umask(0077); /*Changing umask for all of ktutil is OK
+ * We don't ever write out anything that should use
+ * default umask.*/
fp = fopen(name, "w");
if (!fp) {
retval = EIO;
diff --git a/usr/src/cmd/krb5/kadmin/server/ipropd_svc.c b/usr/src/cmd/krb5/kadmin/server/ipropd_svc.c
index 7bae9b7de9..dd15cc7ac4 100644
--- a/usr/src/cmd/krb5/kadmin/server/ipropd_svc.c
+++ b/usr/src/cmd/krb5/kadmin/server/ipropd_svc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -151,7 +151,7 @@ iprop_get_updates_1(kdb_last_t *arg, struct svc_req *rqstp)
whoami);
goto out;
}
- if (!acl_check(handle->context,
+ if (!kadm5int_acl_check(handle->context,
name,
ACL_IPROP,
NULL,
@@ -271,7 +271,7 @@ iprop_full_resync_1(
whoami);
goto out;
}
- if (!acl_check(handle->context,
+ if (!kadm5int_acl_check(handle->context,
name,
ACL_IPROP,
NULL,
diff --git a/usr/src/cmd/krb5/kadmin/server/kadm_rpc_svc.c b/usr/src/cmd/krb5/kadmin/server/kadm_rpc_svc.c
index 3fb857739f..2eab293cd3 100644
--- a/usr/src/cmd/krb5/kadmin/server/kadm_rpc_svc.c
+++ b/usr/src/cmd/krb5/kadmin/server/kadm_rpc_svc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -36,14 +36,27 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/server/kadm_rpc_svc.c
#include <stdio.h>
#include <rpc/rpc.h> /* SUNWresync 121 XXX */
+#include <gssapi_krb5.h> /* for gss_nt_krb5_name */
#include <syslog.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <rpc/rpcsec_gss.h>
#include <kadm5/kadm_rpc.h>
#include <krb5.h>
#include <kadm5/admin.h>
#include <libintl.h>
+#include <krb5/adm_proto.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#include "misc.h"
+#include "kadm5/server_internal.h"
+
+extern void *global_server_handle;
+void log_badauth(OM_uint32 major, OM_uint32 minor,
+ struct sockaddr_in *addr, char *data);
/*
* Function: kadm_1
*
@@ -61,8 +74,7 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/server/kadm_rpc_svc.c
* Modifies:
*/
-void
-kadm_1(rqstp, transp)
+void kadm_1(rqstp, transp)
struct svc_req *rqstp;
register SVCXPRT *transp;
{
@@ -86,11 +98,10 @@ kadm_1(rqstp, transp)
setkey3_arg setkey_principal3_1_arg;
} argument;
char *result;
-
bool_t (*xdr_argument)(), (*xdr_result)();
char *(*local)();
- if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) {
+ if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) {
krb5_klog_syslog(LOG_ERR,
gettext("Authentication attempt failed: invalid "
"RPC authentication flavor %d"),
@@ -107,154 +118,154 @@ kadm_1(rqstp, transp)
case CREATE_PRINCIPAL:
xdr_argument = xdr_cprinc_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) create_principal_1;
+ local = (char *(*)()) create_principal_1_svc;
break;
case DELETE_PRINCIPAL:
xdr_argument = xdr_dprinc_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) delete_principal_1;
+ local = (char *(*)()) delete_principal_1_svc;
break;
case MODIFY_PRINCIPAL:
xdr_argument = xdr_mprinc_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) modify_principal_1;
+ local = (char *(*)()) modify_principal_1_svc;
break;
case RENAME_PRINCIPAL:
xdr_argument = xdr_rprinc_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) rename_principal_1;
+ local = (char *(*)()) rename_principal_1_svc;
break;
case GET_PRINCIPAL:
xdr_argument = xdr_gprinc_arg;
xdr_result = xdr_gprinc_ret;
- local = (char *(*)()) get_principal_1;
+ local = (char *(*)()) get_principal_1_svc;
break;
case GET_PRINCS:
xdr_argument = xdr_gprincs_arg;
xdr_result = xdr_gprincs_ret;
- local = (char *(*)()) get_princs_1;
+ local = (char *(*)()) get_princs_1_svc;
break;
case CHPASS_PRINCIPAL:
xdr_argument = xdr_chpass_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) chpass_principal_1;
+ local = (char *(*)()) chpass_principal_1_svc;
break;
#ifdef SUNWOFF
case SETV4KEY_PRINCIPAL:
xdr_argument = xdr_setv4key_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) setv4key_principal_1;
+ local = (char *(*)()) setv4key_principal_1_svc;
break;
#endif
case SETKEY_PRINCIPAL:
xdr_argument = xdr_setkey_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) setkey_principal_1;
+ local = (char *(*)()) setkey_principal_1_svc;
break;
case CHRAND_PRINCIPAL:
xdr_argument = xdr_chrand_arg;
xdr_result = xdr_chrand_ret;
- local = (char *(*)()) chrand_principal_1;
+ local = (char *(*)()) chrand_principal_1_svc;
break;
case CREATE_POLICY:
xdr_argument = xdr_cpol_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) create_policy_1;
+ local = (char *(*)()) create_policy_1_svc;
break;
case DELETE_POLICY:
xdr_argument = xdr_dpol_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) delete_policy_1;
+ local = (char *(*)()) delete_policy_1_svc;
break;
case MODIFY_POLICY:
xdr_argument = xdr_mpol_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) modify_policy_1;
+ local = (char *(*)()) modify_policy_1_svc;
break;
case GET_POLICY:
xdr_argument = xdr_gpol_arg;
xdr_result = xdr_gpol_ret;
- local = (char *(*)()) get_policy_1;
+ local = (char *(*)()) get_policy_1_svc;
break;
case GET_POLS:
xdr_argument = xdr_gpols_arg;
xdr_result = xdr_gpols_ret;
- local = (char *(*)()) get_pols_1;
+ local = (char *(*)()) get_pols_1_svc;
break;
case GET_PRIVS:
- xdr_argument = xdr_u_int;
+ xdr_argument = xdr_u_int;
xdr_result = xdr_getprivs_ret;
- local = (char *(*)()) get_privs_1;
+ local = (char *(*)()) get_privs_1_svc;
break;
case INIT:
- xdr_argument = xdr_u_int;
+ xdr_argument = xdr_u_int;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) init_1;
+ local = (char *(*)()) init_1_svc;
break;
case CREATE_PRINCIPAL3:
xdr_argument = xdr_cprinc3_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) create_principal3_1;
+ local = (char *(*)()) create_principal3_1_svc;
break;
case CHPASS_PRINCIPAL3:
xdr_argument = xdr_chpass3_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) chpass_principal3_1;
+ local = (char *(*)()) chpass_principal3_1_svc;
break;
case CHRAND_PRINCIPAL3:
xdr_argument = xdr_chrand3_arg;
xdr_result = xdr_chrand_ret;
- local = (char *(*)()) chrand_principal3_1;
+ local = (char *(*)()) chrand_principal3_1_svc;
break;
case SETKEY_PRINCIPAL3:
xdr_argument = xdr_setkey3_arg;
xdr_result = xdr_generic_ret;
- local = (char *(*)()) setkey_principal3_1;
+ local = (char *(*)()) setkey_principal3_1_svc;
break;
default:
- krb5_klog_syslog(LOG_ERR,
+ krb5_klog_syslog(LOG_ERR,
gettext("Invalid KADM5 procedure number: %d"),
rqstp->rq_proc);
svcerr_noproc(transp);
return;
}
memset((char *)&argument, 0, sizeof(argument));
- if (!svc_getargs(transp, xdr_argument, (char *) &argument)) {
+ if (!svc_getargs(transp, xdr_argument, (char *) &argument)) {
svcerr_decode(transp);
return;
}
result = (*local)(&argument, rqstp);
- if (result != NULL &&
- !svc_sendreply(transp, xdr_result, (char *) result)) {
+ if (result != NULL && !svc_sendreply(transp, xdr_result, (char *) result)) {
krb5_klog_syslog(LOG_ERR,
gettext("WARNING! Unable to send function results, "
"continuing."));
svcerr_systemerr(transp);
}
- if (!svc_freeargs(transp, xdr_argument, (char *) &argument)) {
- krb5_klog_syslog(LOG_ERR,
+ if (!svc_freeargs(transp, xdr_argument, (char *) &argument)) {
+ krb5_klog_syslog(LOG_ERR,
gettext("WARNING! Unable to free arguments, "
"continuing."));
}
+ return;
}
diff --git a/usr/src/cmd/krb5/kadmin/server/misc.c b/usr/src/cmd/krb5/kadmin/server/misc.c
index 18a14df98e..03bdf8758d 100644
--- a/usr/src/cmd/krb5/kadmin/server/misc.c
+++ b/usr/src/cmd/krb5/kadmin/server/misc.c
@@ -21,25 +21,16 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/\
- * server/misc.c,v 1.10 1996/07/22 20:28:55 marc Exp $
*/
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
- "/.cvsroot/src/kadmin/server/misc.c,v 1.10 1996/07/22 20:28:55 "
- "marc Exp $";
-
-#endif
-
#include <kadm5/adb.h>
#include <kadm5/server_internal.h>
#include <krb5/kdb.h>
#include "misc.h"
/*
- * Function: chpass_principal_wrapper
- *
+ * Function: chpass_principal_wrapper_3
+ *
* Purpose: wrapper to kadm5_chpass_principal that checks to see if
* pw_min_life has been reached. if not it returns an error.
* otherwise it calls kadm5_chpass_principal
@@ -47,123 +38,134 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
* Arguments:
* principal (input) krb5_principals whose password we are
* changing
- * passoword (input) passowrd we are going to change to.
- * <return value> 0 on sucsess error code on failure.
+ * keepold (input) whether to preserve old keys
+ * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
+ * ks_tuple (input) array of tuples indicating the caller's
+ * requested enctypes/salttypes
+ * password (input) password we are going to change to.
+ * <return value> 0 on success error code on failure.
*
* Requires:
* kadm5_init to have been run.
- *
+ *
* Effects:
* calls kadm5_chpass_principal which changes the kdb and the
* the admin db.
*
*/
kadm5_ret_t
-chpass_principal_wrapper(void *server_handle,
- krb5_principal principal, char *password)
+chpass_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ char *password)
{
- krb5_int32 now;
- kadm5_ret_t ret;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- kadm5_server_handle_t handle = server_handle;
-
- if (ret = krb5_timeofday(handle->context, &now))
- return (ret);
-
- if ((ret = kadm5_get_principal(handle->lhandle, principal,
- &princ,
- KADM5_PRINCIPAL_NORMAL_MASK)) !=
- KADM5_OK)
- return (ret);
- if (princ.aux_attributes & KADM5_POLICY) {
- if ((ret = kadm5_get_policy(handle->lhandle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- if ((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- (void) kadm5_free_policy_ent(handle->lhandle, &pol);
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (KADM5_PASS_TOOSOON);
- }
- if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- }
- if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
- return (ret);
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, principal);
+ if (ret)
+ return ret;
- return (kadm5_chpass_principal(server_handle, principal, password));
+ return kadm5_chpass_principal_3(server_handle, principal,
+ keepold, n_ks_tuple, ks_tuple,
+ password);
}
/*
- * Function: randkey_principal_wrapper
- *
+ * Function: randkey_principal_wrapper_3
+ *
* Purpose: wrapper to kadm5_randkey_principal which checks the
- * passwords min. life.
+ * password's min. life.
*
* Arguments:
* principal (input) krb5_principal whose password we are
* changing
+ * keepold (input) whether to preserve old keys
+ * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
+ * ks_tuple (input) array of tuples indicating the caller's
+ * requested enctypes/salttypes
* key (output) new random key
- * < return value > 0, error code on error.
+ * <return value> 0, error code on error.
*
* Requires:
* kadm5_init needs to be run
- *
+ *
* Effects:
* calls kadm5_randkey_principal
*
*/
kadm5_ret_t
-randkey_principal_wrapper(void *server_handle,
- krb5_principal principal,
- krb5_keyblock ** keys, int *n_keys)
+randkey_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ krb5_keyblock **keys, int *n_keys)
{
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, principal);
+ if (ret)
+ return ret;
+ return kadm5_randkey_principal_3(server_handle, principal,
+ keepold, n_ks_tuple, ks_tuple,
+ keys, n_keys);
+}
- krb5_int32 now;
- kadm5_ret_t ret;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- kadm5_server_handle_t handle = server_handle;
-
- if (ret = krb5_timeofday(handle->context, &now))
- return (ret);
-
- if ((ret = kadm5_get_principal(handle->lhandle,
- principal, &princ,
- KADM5_PRINCIPAL_NORMAL_MASK)) !=
- OSA_ADB_OK)
- return (ret);
- if (princ.aux_attributes & KADM5_POLICY) {
- if ((ret = kadm5_get_policy(handle->lhandle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- if ((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- (void) kadm5_free_policy_ent(handle->lhandle, &pol);
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (KADM5_PASS_TOOSOON);
- }
- if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
+kadm5_ret_t
+chpass_util_wrapper(void *server_handle, krb5_principal princ,
+ char *new_pw, char **ret_pw,
+ char *msg_ret, unsigned int msg_len)
+{
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, princ);
+ if (ret)
+ return ret;
+
+ return kadm5_chpass_principal_util(server_handle, princ,
+ new_pw, ret_pw,
+ msg_ret, msg_len);
+}
+
+kadm5_ret_t
+check_min_life(void *server_handle, krb5_principal principal)
+{
+ krb5_int32 now;
+ kadm5_ret_t ret;
+ kadm5_policy_ent_rec pol;
+ kadm5_principal_ent_rec princ;
+ kadm5_server_handle_t handle = server_handle;
+
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
+ return ret;
+
+ ret = kadm5_get_principal(handle->lhandle, principal,
+ &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+ if(ret != OSA_ADB_OK)
+ return ret;
+ if(princ.aux_attributes & KADM5_POLICY) {
+ if((ret=kadm5_get_policy(handle->lhandle,
+ princ.policy, &pol)) != KADM5_OK) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ if((now - princ.last_pwd_change) < pol.pw_min_life &&
+ !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ (void) kadm5_free_policy_ent(handle->lhandle, &pol);
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return KADM5_PASS_TOOSOON;
}
- if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
- return (ret);
- return (kadm5_randkey_principal(server_handle,
- principal, keys, n_keys));
+
+ ret = kadm5_free_policy_ent(handle->lhandle, &pol);
+ if (ret) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ }
+
+ return kadm5_free_principal_ent(handle->lhandle, &princ);
}
diff --git a/usr/src/cmd/krb5/kadmin/server/misc.h b/usr/src/cmd/krb5/kadmin/server/misc.h
index 7ba418fc7f..bc6a749c74 100644
--- a/usr/src/cmd/krb5/kadmin/server/misc.h
+++ b/usr/src/cmd/krb5/kadmin/server/misc.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#ifndef _MISC_H
@@ -33,69 +33,45 @@ extern "C" {
/*
* Copyright 1994 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/\
- * server/misc.h,v 1.6 1996/07/22 20:28:56 marc Exp $
- *
- * $Log: misc.h,v $
- * Revision 1.6 1996/07/22 20:28:56 marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches. This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964. before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.5.4.1 1996/07/18 03:03:40 marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.5.2.1 1996/06/20 21:57:20 marc
- * File added to the repository on a branch
- *
- * Revision 1.5 1996/05/30 21:13:24 bjaspan
- * kadm5_get_principal_v1 takes a kadm5_principal_ent_t_v1
- * add kadm5_get_policy_v1
- *
- * Revision 1.4 1996/05/20 21:39:05 bjaspan
- * rename to kadm5
- * add kadm5_get_principal_v1
- *
- * Revision 1.3 1994/09/13 18:24:41 jik
- * Back out randkey changes.
- *
- * Revision 1.2 1994/09/12 20:26:12 jik
- * randkey_principal_wrapper now takes a new_kvno option.
- *
- * Revision 1.1 1994/08/11 17:00:44 jik
- * Initial revision
- *
*/
kadm5_ret_t
-chpass_principal_wrapper(void *server_handle,
- krb5_principal principal,
- char *password);
+chpass_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ char *password);
kadm5_ret_t
-randkey_principal_wrapper(void *server_handle,
- krb5_principal principal,
- krb5_keyblock ** key,
- int *n_keys);
+randkey_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ krb5_keyblock **keys, int *n_keys);
kadm5_ret_t
-kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 * ent);
+chpass_util_wrapper(void *server_handle, krb5_principal princ,
+ char *new_pw, char **ret_pw,
+ char *msg_ret, unsigned int msg_len);
-kadm5_ret_t
-kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t * ent);
+kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal);
+
+kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
+ krb5_principal principal,
+ kadm5_principal_ent_t_v1 *ent);
-/* BSM */
-extern void audit_kadmind_auth(SVCXPRT *, in_port_t, char *, char *,
- char *, int);
-extern void audit_kadmind_unauth(SVCXPRT *, in_port_t, char *, char *, char *);
+kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
+ kadm5_policy_ent_t *ent);
+
+#ifdef SVC_GETARGS
+void kadm_1(struct svc_req *, SVCXPRT *);
+#endif
#ifdef __cplusplus
}
#endif
#endif /* !_MISC_H */
+
diff --git a/usr/src/cmd/krb5/kadmin/server/ovsec_kadmd.c b/usr/src/cmd/krb5/kadmin/server/ovsec_kadmd.c
index 9f8ab69426..e19dfd8d88 100644
--- a/usr/src/cmd/krb5/kadmin/server/ovsec_kadmd.c
+++ b/usr/src/cmd/krb5/kadmin/server/ovsec_kadmd.c
@@ -22,42 +22,72 @@
*
*/
-
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*/
/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+
+/*
* SUNWresync121 XXX
* Beware future resyncers, this file is much diff from MIT (1.0...)
*/
-#include <stdio.h>
-#include <stdio_ext.h>
-#include <signal.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <unistd.h>
-#include <netinet/in.h>
-#include <arpa/inet.h> /* inet_ntoa */
-#include <netdb.h>
-#include <gssapi/gssapi.h>
-#include <rpc/rpc.h>
-#include <kadm5/admin.h>
-#include <kadm5/kadm_rpc.h>
-#include <kadm5/server_internal.h>
-#include <server_acl.h>
-#include <krb5/adm_proto.h>
-#include <string.h>
-#include <gssapi_krb5.h>
-#include <libintl.h>
-#include <locale.h>
-#include <sys/resource.h>
-#include <kdb/kdb_log.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <signal.h>
+#include <syslog.h>
+#include <sys/types.h>
+#ifdef _AIX
+#include <sys/select.h>
+#endif
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <arpa/inet.h> /* inet_ntoa */
+#include <gssapi/gssapi.h>
+#include <rpc/rpc.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include <server_acl.h>
+#include <krb5/adm_proto.h>
+#include <string.h>
+#include <kadm5/server_internal.h>
+#include <gssapi_krb5.h>
+#include <libintl.h>
+#include <locale.h>
+#include <sys/resource.h>
+#include <kdb/kdb_log.h>
+#include <kdb/kdb_kt.h>
#include <rpc/rpcsec_gss.h>
+#include "misc.h"
#ifndef FD_SETSIZE
#define FD_SETSIZE 256
@@ -67,6 +97,12 @@
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
#endif
+#if defined(NEED_DAEMON_PROTO)
+extern int daemon(int, int);
+#endif
+
+
+
static int signal_request_exit = 0;
static int schpw;
kadm5_config_params chgpw_params;
@@ -80,6 +116,7 @@ krb5_error_code log_kt_error(char*, char*);
static struct sigaction s_action;
#endif /* POSIX_SIGNALS */
+
#define TIMEOUT 15
typedef struct _auth_gssapi_name {
@@ -92,7 +129,7 @@ void *global_server_handle;
/*
* This is a kludge, but the server needs these constants to be
- * compatible with old clients. They are defined in <kadm5/admin.h>,
+ * compatible with old clients. They are defined in <kadm5/admin.h>,
* but only if USE_KADM5_API_VERSION == 1.
*/
#define OVSEC_KADM_ADMIN_SERVICE_P "ovsec_adm@admin"
@@ -113,6 +150,8 @@ extern kadm5_ret_t kiprop_get_adm_host_srv_name(
static krb5_context context; /* XXX yuck. the signal handlers need this */
+static krb5_context hctx;
+
in_port_t l_port = 0; /* global local port num, for BSM audits */
int nofork = 0; /* global; don't fork (debug mode) */
@@ -120,7 +159,7 @@ int nofork = 0; /* global; don't fork (debug mode) */
/*
* Function: usage
- *
+ *
* Purpose: print out the server usage message
*
* Arguments:
@@ -129,8 +168,7 @@ int nofork = 0; /* global; don't fork (debug mode) */
* Modifies:
*/
-void
-usage()
+static void usage()
{
fprintf(stderr, gettext("Usage: kadmind [-r realm] [-m] [-d] "
"[-p port-number]\n"));
@@ -154,9 +192,9 @@ usage()
* displayed on stderr, each preceeded by "GSS-API error <msg>: " and
* followed by a newline.
*/
-static void display_status_1();
+static void display_status_1(char *, OM_uint32, int);
-void display_status(msg, maj_stat, min_stat)
+static void display_status(msg, maj_stat, min_stat)
char *msg;
OM_uint32 maj_stat;
OM_uint32 min_stat;
@@ -366,7 +404,6 @@ set_svc_domnames(char *svcname, char **dnames,
int
main(int argc, char *argv[])
{
- void kadm_1(struct svc_req *, SVCXPRT *);
SVCXPRT *transp;
extern char *optarg;
extern int optind, opterr;
@@ -489,7 +526,16 @@ main(int argc, char *argv[])
}
krb5_klog_init(context, "admin_server", whoami, 1);
-
+ /* SUNW14resync */
+#if 0
+ krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
+ ret = krb5_c_random_os_entropy(context, 1, NULL);
+ if(ret) {
+ krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
+ error_message(ret));
+ exit(1);
+ }
+#endif
/*
* When using the Horowitz/IETF protocol for
@@ -574,8 +620,7 @@ main(int argc, char *argv[])
krb5_klog_close(context);
exit(1);
}
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_ACL_FILE | \
- KADM5_CONFIG_ADMIN_KEYTAB)
+#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_ACL_FILE)
if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
krb5_klog_syslog(LOG_ERR,
@@ -584,7 +629,7 @@ main(int argc, char *argv[])
(params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
fprintf(stderr,
gettext("%s: Missing required configuration values "
- "(%x) while initializing, aborting\n"), whoami,
+ "(%lx) while initializing, aborting\n"), whoami,
(params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
krb5_klog_close(context);
exit(1);
@@ -820,7 +865,7 @@ main(int argc, char *argv[])
(gss_OID) nt_krb5_name_oid,
&gss_oldchangepw_name);
}
- if (ret = acl_init(context, 0, params.acl_file)) {
+ if (ret = kadm5int_acl_init(context, 0, params.acl_file)) {
krb5_klog_syslog(LOG_ERR, gettext("Cannot initialize acl file: %s"),
error_message(ret));
fprintf(stderr, gettext("%s: Cannot initialize acl file: %s\n"),
diff --git a/usr/src/cmd/krb5/kadmin/server/server_glue_v1.c b/usr/src/cmd/krb5/kadmin/server/server_glue_v1.c
index 6769e55bd1..74bfce56b3 100644
--- a/usr/src/cmd/krb5/kadmin/server/server_glue_v1.c
+++ b/usr/src/cmd/krb5/kadmin/server/server_glue_v1.c
@@ -19,6 +19,7 @@
#include <kadm5/admin.h>
+#include "misc.h"
/*
* In server_stubs.c, kadmind has to be able to call kadm5 functions
@@ -36,19 +37,15 @@
* typecasts instead.
*/
-kadm5_ret_t
-kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 * ent)
+kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
+ krb5_principal principal,
+ kadm5_principal_ent_t_v1 *ent)
{
- return (kadm5_get_principal(server_handle, principal,
- (kadm5_principal_ent_t) ent, 0));
+ return kadm5_get_principal(server_handle, principal,(kadm5_principal_ent_t) ent, 0);
}
-kadm5_ret_t
-kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t * ent)
+kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
+ kadm5_policy_ent_t *ent)
{
- return (kadm5_get_policy(server_handle, name,
- (kadm5_policy_ent_t) ent));
+ return kadm5_get_policy(server_handle, name,(kadm5_policy_ent_t) ent);
}
diff --git a/usr/src/cmd/krb5/kadmin/server/server_stubs.c b/usr/src/cmd/krb5/kadmin/server/server_stubs.c
index 52e755b71d..b992cc5e57 100644
--- a/usr/src/cmd/krb5/kadmin/server/server_stubs.c
+++ b/usr/src/cmd/krb5/kadmin/server/server_stubs.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,17 +26,8 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/
- * kadmin/server/server_stubs.c,v 1.34 1996/07/22 20:29:13 marc Exp $
*/
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
- "/.cvsroot/src/kadmin/server/server_stubs.c,v 1.34 "
- "1996/07/22 20:29:13 marc Exp $";
-
-#endif
-
#include <gssapi/gssapi.h>
#include <gssapi_krb5.h> /* for gss_nt_krb5_name */
#include <krb5.h>
@@ -47,27 +38,37 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
#include <security/pam_appl.h>
#include <syslog.h>
+#include <arpa/inet.h> /* inet_ntoa */
+#include <krb5/adm_proto.h> /* krb5_klog_syslog */
#include <libintl.h>
#include "misc.h"
-#define LOG_UNAUTH gettext("Unauthorized request: %s, %s, " \
+#define LOG_UNAUTH gettext("Unauthorized request: %s, %s, " \
"client=%s, service=%s, addr=%s")
-#define LOG_DONE gettext("Request: %s, %s, %s, client=%s, " \
+#define LOG_DONE gettext("Request: %s, %s, %s, client=%s, " \
"service=%s, addr=%s")
-extern gss_name_t gss_changepw_name;
-extern gss_name_t gss_oldchangepw_name;
-extern void *global_server_handle;
+extern gss_name_t gss_changepw_name;
+extern gss_name_t gss_oldchangepw_name;
+extern void * global_server_handle;
extern short l_port;
char buf[33];
-#define CHANGEPW_SERVICE(rqstp) \
+#define CHANGEPW_SERVICE(rqstp) \
(cmp_gss_names_rel_1(acceptor_name(rqstp), gss_changepw_name) |\
- (gss_oldchangepw_name && \
- cmp_gss_names_rel_1(acceptor_name(rqstp), \
+ (gss_oldchangepw_name && \
+ cmp_gss_names_rel_1(acceptor_name(rqstp), \
gss_oldchangepw_name)))
+
+static int gss_to_krb5_name(kadm5_server_handle_t handle,
+ gss_name_t gss_name, krb5_principal *princ);
+
+static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str);
+
+static gss_name_t acceptor_name(struct svc_req * rqstp);
+
kadm5_ret_t
kadm5_get_priv(void *server_handle,
long *privs, gss_name_t clnt);
@@ -120,26 +121,25 @@ client_addr(struct svc_req * req, char *buf)
return (buf);
}
-int
-cmp_gss_names(gss_name_t n1, gss_name_t n2)
+static int cmp_gss_names(gss_name_t n1, gss_name_t n2)
{
- OM_uint32 emaj, emin;
- int equal;
+ OM_uint32 emaj, emin;
+ int equal;
- if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal)))
- return (0);
+ if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal)))
+ return(0);
- return (equal);
+ return(equal);
}
/* Does a comparison of the names and then releases the first entity */
/* For use above in CHANGEPW_SERVICE */
-int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
+static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
{
OM_uint32 min_stat;
int ret;
-
- ret = cmp_gss_names(n1, n2);
+
+ ret = cmp_gss_names(n1, n2);
if (n1) (void) gss_release_name(&min_stat, &n1);
return ret;
}
@@ -155,29 +155,10 @@ int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
* handle The server handle.
*/
-static int
-check_handle(void *handle)
+static int check_handle(void *handle)
{
- CHECK_HANDLE(handle);
- return (0);
-}
-
-int
-gss_to_krb5_name(kadm5_server_handle_t handle,
- gss_name_t gss_name, krb5_principal * princ)
-{
- OM_uint32 stat, min_stat;
- gss_buffer_desc gss_str;
- gss_OID gss_type;
- int success;
-
- stat = gss_display_name(&min_stat, gss_name, &gss_str, &gss_type);
- if ((stat != GSS_S_COMPLETE) ||
- (!g_OID_equal(gss_type, gss_nt_krb5_name)))
- return (0);
- success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0);
- gss_release_buffer(&min_stat, &gss_str);
- return (success);
+ CHECK_HANDLE(handle);
+ return 0;
}
/*
@@ -193,46 +174,46 @@ gss_to_krb5_name(kadm5_server_handle_t handle,
* rqstp (input) The RPC request
* handle (output) The returned handle
* <return value> (output) An error code, or 0 if no error occurred
- *
+ *
* Effects:
* Returns a pointer to allocated storage containing the server
* handle. If an error occurs, then no allocated storage is
* returned, and the return value of the function will be a
* non-zero com_err code.
- *
+ *
* The allocated storage for the handle should be freed with
* free_server_handle (see below) when it is no longer needed.
*/
-static kadm5_ret_t
-new_server_handle(krb5_ui_4 api_version,
- struct svc_req * rqstp,
- kadm5_server_handle_t *out_handle)
+static kadm5_ret_t new_server_handle(krb5_ui_4 api_version,
+ struct svc_req *rqstp,
+ kadm5_server_handle_t
+ *out_handle)
{
- kadm5_server_handle_t handle;
+ kadm5_server_handle_t handle;
gss_name_t name;
OM_uint32 min_stat;
- if (!(handle = (kadm5_server_handle_t)
- malloc(sizeof (*handle))))
- return (ENOMEM);
+ if (! (handle = (kadm5_server_handle_t)
+ malloc(sizeof(*handle))))
+ return ENOMEM;
- *handle = *(kadm5_server_handle_t) global_server_handle;
- handle->api_version = api_version;
+ *handle = *(kadm5_server_handle_t)global_server_handle;
+ handle->api_version = api_version;
- if (!(name = get_clnt_name(rqstp))) {
- free(handle);
- return (KADM5_FAILURE);
- }
- if (!gss_to_krb5_name(handle, name, &handle->current_caller)) {
- free(handle);
+ if (!(name = get_clnt_name(rqstp))) {
+ free(handle);
+ return KADM5_FAILURE;
+ }
+ if (! gss_to_krb5_name(handle, name, &handle->current_caller)) {
+ free(handle);
gss_release_name(&min_stat, &name);
- return (KADM5_FAILURE);
+ return KADM5_FAILURE;
}
gss_release_name(&min_stat, &name);
- *out_handle = handle;
- return (0);
+ *out_handle = handle;
+ return 0;
}
/*
@@ -243,39 +224,10 @@ new_server_handle(krb5_ui_4 api_version,
* Arguments:
* handle (input/output) The handle to free
*/
-static void
-free_server_handle(kadm5_server_handle_t handle)
+static void free_server_handle(kadm5_server_handle_t handle)
{
- krb5_free_principal(handle->context, handle->current_caller);
- free(handle);
-}
-
-gss_name_t
-acceptor_name(struct svc_req * rqstp)
-{
- OM_uint32 maj_stat, min_stat;
- gss_name_t name;
- rpc_gss_rawcred_t *raw_cred;
- void *cookie;
- gss_buffer_desc name_buff;
-
- rpc_gss_getcred(rqstp, &raw_cred, NULL, &cookie);
- name_buff.value = raw_cred->svc_principal;
- name_buff.length = strlen(raw_cred->svc_principal);
- maj_stat = gss_import_name(&min_stat, &name_buff,
- (gss_OID) gss_nt_krb5_name, &name);
- if (maj_stat != GSS_S_COMPLETE) {
- gss_release_buffer(&min_stat, &name_buff);
- return (NULL);
- }
- maj_stat = gss_display_name(&min_stat, name, &name_buff, NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- gss_release_buffer(&min_stat, &name_buff);
- return (NULL);
- }
- gss_release_buffer(&min_stat, &name_buff);
-
- return (name);
+ krb5_free_principal(handle->context, handle->current_caller);
+ free(handle);
}
/*
@@ -296,11 +248,11 @@ acceptor_name(struct svc_req * rqstp)
* on success and -1 on failure. On failure client_name and server_name
* will point to null.
*/
-int
-setup_gss_names(struct svc_req * rqstp,
+/* SUNW14resync */
+int setup_gss_names(struct svc_req *rqstp,
char **client_name, char **server_name)
{
- OM_uint32 maj_stat, min_stat;
+ OM_uint32 maj_stat, min_stat;
rpc_gss_rawcred_t *raw_cred;
gss_buffer_desc name_buf;
char *tmp, *val;
@@ -358,18 +310,44 @@ setup_gss_names(struct svc_req * rqstp,
return (tmp ? 0 : -1);
}
-int
-cmp_gss_krb5_name(kadm5_server_handle_t handle,
- gss_name_t gss_name, krb5_principal princ)
+static gss_name_t acceptor_name(struct svc_req * rqstp)
{
- krb5_principal princ2;
- int stat;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name;
+ rpc_gss_rawcred_t *raw_cred;
+ void *cookie;
+ gss_buffer_desc name_buff;
- if (!gss_to_krb5_name(handle, gss_name, &princ2))
- return (0);
- stat = krb5_principal_compare(handle->context, princ, princ2);
- krb5_free_principal(handle->context, princ2);
- return (stat);
+ rpc_gss_getcred(rqstp, &raw_cred, NULL, &cookie);
+ name_buff.value = raw_cred->svc_principal;
+ name_buff.length = strlen(raw_cred->svc_principal);
+ maj_stat = gss_import_name(&min_stat, &name_buff,
+ (gss_OID) gss_nt_krb5_name, &name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ gss_release_buffer(&min_stat, &name_buff);
+ return (NULL);
+ }
+ maj_stat = gss_display_name(&min_stat, name, &name_buff, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ gss_release_buffer(&min_stat, &name_buff);
+ return (NULL);
+ }
+ gss_release_buffer(&min_stat, &name_buff);
+
+ return name;
+}
+
+static int cmp_gss_krb5_name(kadm5_server_handle_t handle,
+ gss_name_t gss_name, krb5_principal princ)
+{
+ krb5_principal princ2;
+ int status;
+
+ if (! gss_to_krb5_name(handle, gss_name, &princ2))
+ return 0;
+ status = krb5_principal_compare(handle->context, princ, princ2);
+ krb5_free_principal(handle->context, princ2);
+ return status;
}
@@ -438,75 +416,102 @@ int verify_pam_pw(char *userdata, char *pwd) {
return (result);
}
+static int gss_to_krb5_name(kadm5_server_handle_t handle,
+ gss_name_t gss_name, krb5_principal *princ)
+{
+ OM_uint32 status, minor_stat;
+ gss_buffer_desc gss_str;
+ gss_OID gss_type;
+ int success;
+
+ status = gss_display_name(&minor_stat, gss_name, &gss_str, &gss_type);
+ if ((status != GSS_S_COMPLETE) || (!g_OID_equal(gss_type, gss_nt_krb5_name)))
+ return 0;
+ success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0);
+ gss_release_buffer(&minor_stat, &gss_str);
+ return success;
+}
+
+static int
+gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str)
+{
+ OM_uint32 status, minor_stat;
+ gss_OID gss_type;
+
+ status = gss_display_name(&minor_stat, gss_name, str, &gss_type);
+ if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name))
+ return 1;
+ return 0;
+}
+
generic_ret *
-create_principal_1(cprinc_arg * arg, struct svc_req * rqstp)
+create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- int policy_migrate = 0;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ int policy_migrate = 0;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- kadm5_ret_t retval;
- restriction_t *rp;
- gss_name_t name = NULL;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ kadm5_ret_t retval;
+ restriction_t *rp;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- goto error;
- }
- if (krb5_unparse_name(handle->context, arg->rec.principal,
- &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
- goto error;
- }
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
+ goto error;
+ }
+ if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
+ goto error;
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (acl_check(handle->context, name, ACL_MIGRATE,
+ if (kadm5int_acl_check(handle->context, name, ACL_MIGRATE,
arg->rec.principal, &rp) &&
verify_pam_pw(prime_arg, arg->passwd)) {
policy_migrate = 1;
}
- if (CHANGEPW_SERVICE(rqstp)
- || (!acl_check(handle->context, name, ACL_ADD,
+ if (CHANGEPW_SERVICE(rqstp)
+ || (!kadm5int_acl_check(handle->context, name, ACL_ADD,
arg->rec.principal, &rp) &&
!(policy_migrate))
- || acl_impose_restrictions(handle->context,
- &arg->rec, &arg->mask, rp)) {
- ret.code = KADM5_AUTH_ADD;
+ || kadm5int_acl_impose_restrictions(handle->context,
+ &arg->rec, &arg->mask, rp)) {
+ ret.code = KADM5_AUTH_ADD;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_create_principal",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH,
- "kadm5_create_principal", prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_create_principal((void *) handle,
- &arg->rec, arg->mask,
- arg->passwd);
+ } else {
+ ret.code = kadm5_create_principal((void *)handle,
+ &arg->rec, arg->mask,
+ arg->passwd);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_create_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
- prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
+ prime_arg,((ret.code == 0) ? "success" :
+ error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
if (policy_migrate && (ret.code == 0)) {
arg->rec.policy = strdup("default");
@@ -530,27 +535,27 @@ create_principal_1(cprinc_arg * arg, struct svc_req * rqstp)
}
error:
- if (name)
- gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (prime_arg)
- free(prime_arg);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ if (name)
+ gss_release_name(&minor_stat, &name);
+ free_server_handle(handle);
+ if (prime_arg)
+ free(prime_arg);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return (&ret);
}
generic_ret *
-create_principal3_1(cprinc3_arg *arg, struct svc_req *rqstp)
+create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
int policy_migrate = 0;
- OM_uint32 min_stat;
+ OM_uint32 minor_stat;
kadm5_server_handle_t handle;
kadm5_ret_t retval;
restriction_t *rp;
@@ -558,19 +563,19 @@ create_principal3_1(cprinc3_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
@@ -578,22 +583,22 @@ create_principal3_1(cprinc3_arg *arg, struct svc_req *rqstp)
goto error;
}
- if (acl_check(handle->context, name, ACL_MIGRATE,
+ if (kadm5int_acl_check(handle->context, name, ACL_MIGRATE,
arg->rec.principal, &rp) &&
verify_pam_pw(prime_arg, arg->passwd)) {
policy_migrate = 1;
}
if (CHANGEPW_SERVICE(rqstp)
- || (!acl_check(handle->context, name, ACL_ADD,
+ || (!kadm5int_acl_check(handle->context, name, ACL_ADD,
arg->rec.principal, &rp) &&
!(policy_migrate))
- || acl_impose_restrictions(handle->context,
+ || kadm5int_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_AUTH_ADD;
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
} else {
ret.code = kadm5_create_principal_3((void *)handle,
&arg->rec, arg->mask,
@@ -601,7 +606,7 @@ create_principal3_1(cprinc3_arg *arg, struct svc_req *rqstp)
arg->ks_tuple,
arg->passwd);
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
- prime_arg,((ret.code == 0) ? "success" :
+ prime_arg,((ret.code == 0) ? "success" :
error_message(ret.code)),
client_name, service_name,
client_addr(rqstp, buf));
@@ -629,390 +634,384 @@ create_principal3_1(cprinc3_arg *arg, struct svc_req *rqstp)
error:
if (name)
- gss_release_name(&min_stat, &name);
+ gss_release_name(&minor_stat, &name);
free_server_handle(handle);
if (client_name)
- free(client_name);
+ free(client_name);
if (service_name)
- free(service_name);
+ free(service_name);
if (prime_arg)
- free(prime_arg);
- return (&ret);
+ free(prime_arg);
+ return &ret;
}
generic_ret *
-delete_principal_1(dprinc_arg * arg, struct svc_req * rqstp)
+delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ }
+ if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
- }
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
-
- if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, name, ACL_DELETE,
- arg->princ, NULL)) {
- ret.code = KADM5_AUTH_DELETE;
+
+ if (CHANGEPW_SERVICE(rqstp)
+ || !kadm5int_acl_check(handle->context, name, ACL_DELETE,
+ arg->princ, NULL)) {
+ ret.code = KADM5_AUTH_DELETE;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_delete_principal",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH,
- "kadm5_delete_principal", prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_delete_principal((void *) handle, arg->princ);
+ } else {
+ ret.code = kadm5_delete_principal((void *)handle, arg->princ);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_delete_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE,
- "kadm5_delete_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg,
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
- if (name)
- gss_release_name(&min_stat, &name);
- if (prime_arg)
- free(prime_arg);
- free_server_handle(handle);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ if (name)
+ gss_release_name(&min_stat, &name);
+ if (prime_arg)
+ free(prime_arg);
+ free_server_handle(handle);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
generic_ret *
-modify_principal_1(mprinc_arg * arg, struct svc_req * rqstp)
+modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- goto error;
- }
- if (krb5_unparse_name(handle->context, arg->rec.principal,
- &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
+ }
+ if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
+ goto error;
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (CHANGEPW_SERVICE(rqstp)
- || !acl_check(handle->context, name, ACL_MODIFY,
- arg->rec.principal, &rp)
- || acl_impose_restrictions(handle->context,
- &arg->rec, &arg->mask, rp)) {
- ret.code = KADM5_AUTH_MODIFY;
+ if (CHANGEPW_SERVICE(rqstp)
+ || !kadm5int_acl_check(handle->context, name, ACL_MODIFY,
+ arg->rec.principal, &rp)
+ || kadm5int_acl_impose_restrictions(handle->context,
+ &arg->rec, &arg->mask, rp)) {
+ ret.code = KADM5_AUTH_MODIFY;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_modify_principal",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH,
- "kadm5_modify_principal", prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_modify_principal((void *) handle, &arg->rec,
- arg->mask);
+ } else {
+ ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
+ arg->mask);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_modify_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
- prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
+ prime_arg, ((ret.code == 0) ? "success" :
+ error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
- if (name)
- gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (prime_arg)
- free(prime_arg);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ if (name)
+ gss_release_name(&min_stat, &name);
+ free_server_handle(handle);
+ if (prime_arg)
+ free(prime_arg);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
generic_ret *
-rename_principal_1(rprinc_arg * arg, struct svc_req * rqstp)
+rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg1 = NULL, *prime_arg2 = NULL;
- char prime_arg[BUFSIZ];
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
+ char prime_arg[BUFSIZ];
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
- goto error;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- goto error;
- }
- if (krb5_unparse_name(handle->context, arg->src, &prime_arg1)) {
- ret.code = KADM5_BAD_PRINCIPAL;
- goto error;
- }
- if (krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) {
- ret.code = KADM5_BAD_PRINCIPAL;
- goto error;
- }
- sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
- ret.code = KADM5_OK;
+ if ((ret.code = check_handle((void *)handle)))
+ goto error;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
+ goto error;
+ }
+ if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) ||
+ krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
+ goto error;
+ }
+ sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
+
+ ret.code = KADM5_OK;
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (!CHANGEPW_SERVICE(rqstp)) {
- if (!acl_check(handle->context, name,
- ACL_DELETE, arg->src, NULL))
- ret.code = KADM5_AUTH_DELETE;
- /* any restrictions at all on the ADD kills the RENAME */
- if (!acl_check(handle->context, name,
- ACL_ADD, arg->dest, &rp)) {
- if (ret.code == KADM5_AUTH_DELETE)
- ret.code = KADM5_AUTH_INSUFFICIENT;
- else
- ret.code = KADM5_AUTH_ADD;
- }
- } else
- ret.code = KADM5_AUTH_INSUFFICIENT;
-
- if (ret.code != KADM5_OK) {
+ if (! CHANGEPW_SERVICE(rqstp)) {
+ if (!kadm5int_acl_check(handle->context, name,
+ ACL_DELETE, arg->src, NULL))
+ ret.code = KADM5_AUTH_DELETE;
+ /* any restrictions at all on the ADD kills the RENAME */
+ if (!kadm5int_acl_check(handle->context, name,
+ ACL_ADD, arg->dest, &rp)) {
+ if (ret.code == KADM5_AUTH_DELETE)
+ ret.code = KADM5_AUTH_INSUFFICIENT;
+ else
+ ret.code = KADM5_AUTH_ADD;
+ }
+ } else
+ ret.code = KADM5_AUTH_INSUFFICIENT;
+ if (ret.code != KADM5_OK) {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_rename_principal",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH,
- "kadm5_rename_principal", prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_rename_principal((void *) handle, arg->src,
- arg->dest);
+ } else {
+ ret.code = kadm5_rename_principal((void *)handle, arg->src,
+ arg->dest);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_rename_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
- prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
+ prime_arg, ((ret.code == 0) ? "success" :
+ error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
- if (name)
- gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (prime_arg1)
- free(prime_arg1);
- if (prime_arg2)
- free(prime_arg2);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ if (name)
+ gss_release_name(&min_stat, &name);
+ free_server_handle(handle);
+ if (prime_arg1)
+ free(prime_arg1);
+ if (prime_arg2)
+ free(prime_arg2);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
gprinc_ret *
-get_principal_1(gprinc_arg * arg, struct svc_req * rqstp)
+get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
- static gprinc_ret ret;
- kadm5_principal_ent_t_v1 e;
- char *prime_arg = NULL, *funcname;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static gprinc_ret ret;
+ kadm5_principal_ent_t_v1 e;
+ char *prime_arg = NULL, *funcname;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_gprinc_ret, (char *) &ret);
+ xdr_free(xdr_gprinc_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_principal (V1)" : "kadm5_get_principal";
+ funcname = handle->api_version == KADM5_API_VERSION_1 ?
+ "kadm5_get_principal (V1)" : "kadm5_get_principal";
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ }
+ if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
- }
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (!cmp_gss_krb5_name(handle, name, arg->princ) &&
- (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- name,
- ACL_INQUIRE,
- arg->princ,
- NULL))) {
- ret.code = KADM5_AUTH_GET;
+ if (! cmp_gss_krb5_name(handle, name, arg->princ) &&
+ (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
+ name,
+ ACL_INQUIRE,
+ arg->princ,
+ NULL))) {
+ ret.code = KADM5_AUTH_GET;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
funcname,
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name, service_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
+ prime_arg, client_name, service_name,
client_addr(rqstp, buf));
- } else {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_principal_v1((void *) handle,
- arg->princ, &e);
- if (ret.code == KADM5_OK) {
- memcpy(&ret.rec, e,
- sizeof (kadm5_principal_ent_rec_v1));
- free(e);
- }
- } else {
- ret.code = kadm5_get_principal((void *) handle,
- arg->princ, &ret.rec,
- arg->mask);
- }
-
+ } else {
+ if (handle->api_version == KADM5_API_VERSION_1) {
+ ret.code = kadm5_get_principal_v1((void *)handle,
+ arg->princ, &e);
+ if(ret.code == KADM5_OK) {
+ memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
+ free(e);
+ }
+ } else {
+ ret.code = kadm5_get_principal((void *)handle,
+ arg->princ, &ret.rec,
+ arg->mask);
+ }
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname,
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
+ prime_arg,
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
- gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (prime_arg)
- free(prime_arg);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ gss_release_name(&min_stat, &name);
+ free_server_handle(handle);
+ if (prime_arg)
+ free(prime_arg);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
gprincs_ret *
-get_princs_1(gprincs_arg * arg, struct svc_req * rqstp)
+get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
{
- static gprincs_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static gprincs_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_gprincs_ret, (char *) &ret);
+ xdr_free(xdr_gprincs_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- prime_arg = arg->exp;
- if (prime_arg == NULL)
- prime_arg = "*";
+ }
+ prime_arg = arg->exp;
+ if (prime_arg == NULL)
+ prime_arg = "*";
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- name,
- ACL_LIST,
- NULL,
- NULL)) {
- ret.code = KADM5_AUTH_LIST;
+ if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
+ name,
+ ACL_LIST,
+ NULL,
+ NULL)) {
+ ret.code = KADM5_AUTH_LIST;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_get_principals",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
- prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_get_principals((void *) handle,
- arg->exp, &ret.princs,
- &ret.count);
+ } else {
+ ret.code = kadm5_get_principals((void *)handle,
+ arg->exp, &ret.princs,
+ &ret.count);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_get_principals",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
- prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
+ prime_arg,
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
}
error:
@@ -1027,30 +1026,30 @@ error:
}
generic_ret *
-chpass_principal_1(chpass_arg * arg, struct svc_req * rqstp)
+chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ }
+ if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
@@ -1058,34 +1057,33 @@ chpass_principal_1(chpass_arg * arg, struct svc_req * rqstp)
goto error;
}
- if (cmp_gss_krb5_name(handle, name, arg->princ)) {
- ret.code = chpass_principal_wrapper((void *) handle, arg->princ,
- arg->pass);
- } else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name,
- ACL_CHANGEPW, arg->princ, NULL)) {
- ret.code = kadm5_chpass_principal((void *) handle, arg->princ,
- arg->pass);
- } else {
+ if (cmp_gss_krb5_name(handle, name, arg->princ)) {
+ ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
+ FALSE, 0, NULL, arg->pass);
+ } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+ kadm5int_acl_check(handle->context, name,
+ ACL_CHANGEPW, arg->princ, NULL)) {
+ ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
+ arg->pass);
+ } else {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_chpass_principal",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH,
- "kadm5_chpass_principal", prime_arg, client_name,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
+ prime_arg, client_name,
service_name, client_addr(rqstp, buf));
- ret.code = KADM5_AUTH_CHANGEPW;
- }
-
- if (ret.code != KADM5_AUTH_CHANGEPW) {
+ ret.code = KADM5_AUTH_CHANGEPW;
+ }
+ if(ret.code != KADM5_AUTH_CHANGEPW) {
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_chpass_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
- prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
+ prime_arg, ((ret.code == 0) ? "success" :
+ error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
@@ -1101,7 +1099,7 @@ error:
}
generic_ret *
-chpass_principal3_1(chpass3_arg *arg, struct svc_req *rqstp)
+chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1113,19 +1111,19 @@ chpass_principal3_1(chpass3_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
@@ -1134,10 +1132,13 @@ chpass_principal3_1(chpass3_arg *arg, struct svc_req *rqstp)
}
if (cmp_gss_krb5_name(handle, name, arg->princ)) {
- ret.code = chpass_principal_wrapper((void *)handle, arg->princ,
- arg->pass);
+ ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
+ arg->keepold,
+ arg->n_ks_tuple,
+ arg->ks_tuple,
+ arg->pass);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name,
+ kadm5int_acl_check(handle->context, name,
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ,
arg->keepold,
@@ -1146,14 +1147,14 @@ chpass_principal3_1(chpass3_arg *arg, struct svc_req *rqstp)
arg->pass);
} else {
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
ret.code = KADM5_AUTH_CHANGEPW;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
- prime_arg, ((ret.code == 0) ? "success" :
+ prime_arg, ((ret.code == 0) ? "success" :
error_message(ret.code)),
client_name, service_name,
client_addr(rqstp, buf));
@@ -1164,17 +1165,17 @@ error:
gss_release_name(&min_stat, &name);
free_server_handle(handle);
if (client_name)
- free(client_name);
+ free(client_name);
if (service_name)
- free(service_name);
+ free(service_name);
if (prime_arg)
- free(prime_arg);
+ free(prime_arg);
return (&ret);
}
#ifdef SUNWOFF
generic_ret *
-setv4key_principal_1(setv4key_arg *arg, struct svc_req *rqstp)
+setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1186,19 +1187,19 @@ setv4key_principal_1(setv4key_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
@@ -1207,13 +1208,14 @@ setv4key_principal_1(setv4key_arg *arg, struct svc_req *rqstp)
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name, ACL_SETKEY, arg->princ, NULL)) {
+ kadm5int_acl_check(handle->context, name,
+ ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
arg->keyblock);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
ret.code = KADM5_AUTH_SETKEY;
}
@@ -1240,7 +1242,7 @@ error:
#endif
generic_ret *
-setkey_principal_1(setkey_arg *arg, struct svc_req *rqstp)
+setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
@@ -1252,28 +1254,28 @@ setkey_principal_1(setkey_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name, ACL_SETKEY, arg->princ, NULL)) {
+ kadm5int_acl_check(handle->context, name, ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
arg->keyblocks, arg->n_keys);
} else {
@@ -1296,16 +1298,16 @@ error:
gss_release_name(&min_stat, &name);
free_server_handle(handle);
if (client_name)
- free(client_name);
+ free(client_name);
if (service_name)
- free(service_name);
+ free(service_name);
if (prime_arg)
- free(prime_arg);
+ free(prime_arg);
return (&ret);
}
generic_ret *
-setkey_principal3_1(setkey3_arg *arg, struct svc_req *rqstp)
+setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1317,28 +1319,29 @@ setkey_principal3_1(setkey3_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
- ret.code = KADM5_FAILURE;
+ ret.code = KADM5_FAILURE;
goto error;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name, ACL_SETKEY, arg->princ, NULL)) {
+ kadm5int_acl_check(handle->context, name,
+ ACL_SETKEY, arg->princ, NULL)) {
ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
@@ -1352,11 +1355,11 @@ setkey_principal3_1(setkey3_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_SETKEY) {
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name,
- client_addr(rqstp, buf));
+ error_message(ret.code)),
+ client_name, service_name,
+ client_addr(rqstp, buf));
}
error:
@@ -1366,100 +1369,101 @@ error:
if (client_name)
free(client_name);
if (service_name)
- free(service_name);
+ free(service_name);
if (prime_arg)
- free(prime_arg);
- return (&ret);
+ free(prime_arg);
+ return &ret;
}
chrand_ret *
-chrand_principal_1(chrand_arg * arg, struct svc_req * rqstp)
+chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
{
- static chrand_ret ret;
- krb5_keyblock *k;
- int nkeys;
- char *prime_arg = NULL, *funcname;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static chrand_ret ret;
+ krb5_keyblock *k;
+ int nkeys;
+ char *prime_arg = NULL, *funcname;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_chrand_ret, (char *) &ret);
+ xdr_free(xdr_chrand_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ funcname = handle->api_version == KADM5_API_VERSION_1 ?
+ "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ }
+ if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
- }
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (cmp_gss_krb5_name(handle, name, arg->princ)) {
- ret.code = randkey_principal_wrapper((void *) handle,
- arg->princ, &k, &nkeys);
- } else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name,
- ACL_CHANGEPW, arg->princ, NULL)) {
- ret.code = kadm5_randkey_principal((void *) handle, arg->princ,
- &k, &nkeys);
- } else {
+ if (cmp_gss_krb5_name(handle, name, arg->princ)) {
+ ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
+ FALSE, 0, NULL, &k, &nkeys);
+ } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+ kadm5int_acl_check(handle->context, name,
+ ACL_CHANGEPW, arg->princ, NULL)) {
+ ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
+ &k, &nkeys);
+ } else {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
- ret.code = KADM5_AUTH_CHANGEPW;
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
+ ret.code = KADM5_AUTH_CHANGEPW;
+ }
- if (ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context,
- k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
- }
- if (ret.code != KADM5_AUTH_CHANGEPW) {
+ if(ret.code == KADM5_OK) {
+ if (handle->api_version == KADM5_API_VERSION_1) {
+ krb5_copy_keyblock_contents(handle->context, k, &ret.key);
+ krb5_free_keyblock(handle->context, k);
+ } else {
+ ret.keys = k;
+ ret.n_keys = nkeys;
+ }
+ }
+
+ if(ret.code != KADM5_AUTH_CHANGEPW) {
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg, ((ret.code == 0) ? "success" :
- error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
+ prime_arg, ((ret.code == 0) ? "success" :
+ error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
gss_release_name(&min_stat, &name);
free_server_handle(handle);
if (prime_arg)
- free(prime_arg);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ free(prime_arg);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
chrand_ret *
-chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
+chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
{
static chrand_ret ret;
krb5_keyblock *k;
@@ -1473,10 +1477,10 @@ chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
xdr_free(xdr_chrand_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
return &ret;
- if (ret.code = check_handle((void *)handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
ret.api_version = handle->api_version;
@@ -1488,7 +1492,7 @@ chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
goto error;
}
if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
- ret.code = KADM5_BAD_PRINCIPAL;
+ ret.code = KADM5_BAD_PRINCIPAL;
goto error;
}
if (!(name = get_clnt_name(rqstp))) {
@@ -1497,10 +1501,13 @@ chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
}
if (cmp_gss_krb5_name(handle, name, arg->princ)) {
- ret.code = randkey_principal_wrapper((void *)handle,
- arg->princ, &k, &nkeys);
+ ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
+ arg->keepold,
+ arg->n_ks_tuple,
+ arg->ks_tuple,
+ &k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
- acl_check(handle->context, name,
+ kadm5int_acl_check(handle->context, name,
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ,
arg->keepold,
@@ -1509,8 +1516,8 @@ chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
&k, &nkeys);
} else {
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
ret.code = KADM5_AUTH_CHANGEPW;
}
@@ -1526,10 +1533,10 @@ chrand_principal3_1(chrand3_arg *arg, struct svc_req *rqstp)
if(ret.code != KADM5_AUTH_CHANGEPW) {
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg, ((ret.code == 0) ? "success" :
+ prime_arg, ((ret.code == 0) ? "success" :
error_message(ret.code)),
- client_name, service_name,
- client_addr(rqstp, buf));
+ client_name, service_name,
+ client_addr(rqstp, buf));
}
error:
@@ -1545,190 +1552,190 @@ error:
return (&ret);
}
-
generic_ret *
-create_policy_1(cpol_arg * arg, struct svc_req * rqstp)
+create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ ret.api_version = handle->api_version;
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- prime_arg = arg->rec.policy;
+ }
+ prime_arg = arg->rec.policy;
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- name,
- ACL_ADD, NULL, NULL)) {
- ret.code = KADM5_AUTH_ADD;
+ if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
+ name,
+ ACL_ADD, NULL, NULL)) {
+ ret.code = KADM5_AUTH_ADD;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_create_policy",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
- prime_arg, client_name,
- service_name, client_addr(rqstp, buf));
-
- } else {
- ret.code = kadm5_create_policy((void *) handle, &arg->rec,
- arg->mask);
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
+ prime_arg, client_name,
+ service_name, client_addr(rqstp, buf));
+
+ } else {
+ ret.code = kadm5_create_policy((void *)handle, &arg->rec,
+ arg->mask);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_create_policy",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ free_server_handle(handle);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
generic_ret *
-delete_policy_1(dpol_arg * arg, struct svc_req * rqstp)
+delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- prime_arg = arg->name;
-
+ }
+ prime_arg = arg->name;
+
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+ if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
name,
- ACL_DELETE, NULL, NULL)) {
+ ACL_DELETE, NULL, NULL)) {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_delete_policy",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
- ret.code = KADM5_AUTH_DELETE;
- } else {
- ret.code = kadm5_delete_policy((void *) handle, arg->name);
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
+ ret.code = KADM5_AUTH_DELETE;
+ } else {
+ ret.code = kadm5_delete_policy((void *)handle, arg->name);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_delete_policy",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
gss_release_name(&min_stat, &name);
- free_server_handle(handle);
- if (client_name)
- free(client_name);
- if (service_name)
- free(service_name);
- return (&ret);
+ free_server_handle(handle);
+ if (client_name)
+ free(client_name);
+ if (service_name)
+ free(service_name);
+ return &ret;
}
generic_ret *
-modify_policy_1(mpol_arg * arg, struct svc_req * rqstp)
+modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static generic_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- prime_arg = arg->rec.policy;
+ }
+ prime_arg = arg->rec.policy;
- if (!(name = get_clnt_name(rqstp))) {
- ret.code = KADM5_FAILURE;
+ if (!(name = get_clnt_name(rqstp))) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
+ }
- if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+ if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
name,
- ACL_MODIFY, NULL, NULL)) {
+ ACL_MODIFY, NULL, NULL)) {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_modify_policy",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
- prime_arg, client_name,
- service_name, client_addr(rqstp, buf));
- ret.code = KADM5_AUTH_MODIFY;
- } else {
- ret.code = kadm5_modify_policy((void *) handle, &arg->rec,
- arg->mask);
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
+ prime_arg, client_name,
+ service_name, client_addr(rqstp, buf));
+ ret.code = KADM5_AUTH_MODIFY;
+ } else {
+ ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
+ arg->mask);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_modify_policy",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
@@ -1741,37 +1748,38 @@ error:
return (&ret);
}
-gpol_ret *
-get_policy_1(gpol_arg * arg, struct svc_req * rqstp)
+gpol_ret *
+get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
{
- static gpol_ret ret;
- kadm5_ret_t ret2;
- char *prime_arg = NULL, *funcname;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_policy_ent_t e;
- kadm5_principal_ent_rec caller_ent;
- krb5_principal caller;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static gpol_ret ret;
+ kadm5_ret_t ret2;
+ char *prime_arg = NULL, *funcname;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_policy_ent_t e;
+ kadm5_principal_ent_rec caller_ent;
+ krb5_principal caller;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_gpol_ret, (char *) &ret);
+ xdr_free(xdr_gpol_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *) handle)))
goto error;
- ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_policy (V1)" : "kadm5_get_policy";
+ ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
+ funcname = handle->api_version == KADM5_API_VERSION_1 ?
+ "kadm5_get_policy (V1)" : "kadm5_get_policy";
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
goto error;
- }
- prime_arg = arg->name;
+ }
+ prime_arg = arg->name;
ret.code = KADM5_AUTH_GET;
if (!(name = get_clnt_name(rqstp))) {
@@ -1779,7 +1787,7 @@ get_policy_1(gpol_arg * arg, struct svc_req * rqstp)
goto error;
}
- if (!CHANGEPW_SERVICE(rqstp) && acl_check(handle->context,
+ if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context,
name,
ACL_INQUIRE, NULL, NULL))
ret.code = KADM5_OK;
@@ -1791,42 +1799,39 @@ get_policy_1(gpol_arg * arg, struct svc_req * rqstp)
if (ret.code == KADM5_OK) {
if (caller_ent.aux_attributes & KADM5_POLICY &&
strcmp(caller_ent.policy, arg->name) == 0) {
- ret.code = KADM5_OK;
- } else
- ret.code = KADM5_AUTH_GET;
- ret2 = kadm5_free_principal_ent(handle->lhandle,
- &caller_ent);
- ret.code = ret.code ? ret.code : ret2;
- }
- }
-
- if (ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_policy_v1((void *) handle,
- arg->name, &e);
- if (ret.code == KADM5_OK) {
- memcpy(&ret.rec, e,
- sizeof (kadm5_policy_ent_rec));
- free(e);
- }
- } else {
- ret.code = kadm5_get_policy((void *) handle, arg->name,
- &ret.rec);
- }
-
+ ret.code = KADM5_OK;
+ } else ret.code = KADM5_AUTH_GET;
+ ret2 = kadm5_free_principal_ent(handle->lhandle,
+ &caller_ent);
+ ret.code = ret.code ? ret.code : ret2;
+ }
+ }
+
+ if (ret.code == KADM5_OK) {
+ if (handle->api_version == KADM5_API_VERSION_1) {
+ ret.code = kadm5_get_policy_v1((void *)handle, arg->name, &e);
+ if(ret.code == KADM5_OK) {
+ memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
+ free(e);
+ }
+ } else {
+ ret.code = kadm5_get_policy((void *)handle, arg->name,
+ &ret.rec);
+ }
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
} else {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name,
- service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
+ prime_arg, client_name,
+ service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
@@ -1841,61 +1846,62 @@ error:
}
gpols_ret *
-get_pols_1(gpols_arg * arg, struct svc_req * rqstp)
+get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
{
- static gpols_ret ret;
- char *prime_arg = NULL;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static gpols_ret ret;
+ char *prime_arg = NULL;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_gpols_ret, (char *) &ret);
+ xdr_free(xdr_gpols_ret, (char *) &ret);
- if (ret.code = new_server_handle(arg->api_version, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- goto error;
- }
- prime_arg = arg->exp;
- if (prime_arg == NULL)
- prime_arg = "*";
+ ret.api_version = handle->api_version;
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
+ goto error;
+ }
+ prime_arg = arg->exp;
+ if (prime_arg == NULL)
+ prime_arg = "*";
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
}
- if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
- name,
- ACL_LIST, NULL, NULL)) {
- ret.code = KADM5_AUTH_LIST;
+ if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
+ name,
+ ACL_LIST, NULL, NULL)) {
+ ret.code = KADM5_AUTH_LIST;
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
"kadm5_get_policies",
prime_arg, client_name);
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
- prime_arg, client_name, service_name,
- client_addr(rqstp, buf));
- } else {
- ret.code = kadm5_get_policies((void *) handle,
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
+ prime_arg, client_name, service_name,
+ client_addr(rqstp, buf));
+ } else {
+ ret.code = kadm5_get_policies((void *)handle,
arg->exp, &ret.pols,
&ret.count);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_get_policies",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
- prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
+ prime_arg,
+ ((ret.code == 0) ? "success" : error_message(ret.code)),
+ client_name, service_name, client_addr(rqstp, buf));
+ }
error:
if (name)
@@ -1908,28 +1914,28 @@ error:
return (&ret);
}
-getprivs_ret *
-get_privs_1(krb5_ui_4 * arg, struct svc_req * rqstp)
+getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
- static getprivs_ret ret;
- char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
- gss_name_t name = NULL;
+ static getprivs_ret ret;
+ char *client_name = NULL, *service_name = NULL;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ gss_name_t name = NULL;
- xdr_free(xdr_getprivs_ret, (char *) &ret);
+ xdr_free(xdr_getprivs_ret, (char *) &ret);
- if (ret.code = new_server_handle(*arg, rqstp, &handle))
- return (&ret);
+ if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
+ return &ret;
- if (ret.code = check_handle((void *) handle))
+ if ((ret.code = check_handle((void *)handle)))
goto error;
- ret.api_version = handle->api_version;
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- goto error;
- }
+ ret.api_version = handle->api_version;
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
+ goto error;
+ }
if (!(name = get_clnt_name(rqstp))) {
ret.code = KADM5_FAILURE;
goto error;
@@ -1956,26 +1962,26 @@ error:
return (&ret);
}
-generic_ret *
-init_1(krb5_ui_4 * arg, struct svc_req * rqstp)
+generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
- static generic_ret ret;
+ static generic_ret ret;
char *client_name, *service_name;
kadm5_server_handle_t handle;
- xdr_free(xdr_generic_ret, (char *) &ret);
+ xdr_free(xdr_generic_ret, (char *) &ret);
- if (ret.code = new_server_handle(*arg, rqstp, &handle))
- return (&ret);
- if (!(ret.code = check_handle((void *) handle))) {
- ret.api_version = handle->api_version;
- }
- free_server_handle(handle);
+ if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
+ return &ret;
+ if (! (ret.code = check_handle((void *)handle))) {
+ ret.api_version = handle->api_version;
+ }
- if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
- ret.code = KADM5_FAILURE;
- return (&ret);
- }
+ free_server_handle(handle);
+
+ if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+ ret.code = KADM5_FAILURE;
+ return &ret;
+ }
audit_kadmind_auth(rqstp->rq_xprt, l_port,
(ret.api_version == KADM5_API_VERSION_1 ?
@@ -1983,8 +1989,9 @@ init_1(krb5_ui_4 * arg, struct svc_req * rqstp)
NULL, client_name, ret.code);
krb5_klog_syslog(LOG_NOTICE, LOG_DONE,
(ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
- client_name, (ret.code == 0) ? "success" : error_message(ret.code),
+ "kadm5_init (V1)" : "kadm5_init"),
+ client_name,
+ (ret.code == 0) ? "success" : error_message(ret.code),
client_name, service_name, client_addr(rqstp, buf));
free(client_name);
free(service_name);
diff --git a/usr/src/cmd/krb5/kdestroy/kdestroy.c b/usr/src/cmd/krb5/kdestroy/kdestroy.c
index fb3e6ac96b..df578d13e1 100644
--- a/usr/src/cmd/krb5/kdestroy/kdestroy.c
+++ b/usr/src/cmd/krb5/kdestroy/kdestroy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -38,6 +38,9 @@
#include <com_err.h>
#include <string.h>
#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#include <locale.h>
#include <rpc/types.h>
#include <rpc/rpcsys.h>
@@ -77,7 +80,7 @@ int default_k4 = 0;
#endif
-void usage()
+static void usage()
{
#define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available"))
@@ -240,7 +243,8 @@ main(argc, argv)
exit(1);
}
} else {
- if (code = krb5_cc_default(kcontext, &cache)) {
+ code = krb5_cc_default(kcontext, &cache);
+ if (code) {
com_err(progname, code, gettext("while getting default ccache"));
exit(1);
}
diff --git a/usr/src/cmd/krb5/kinit/kinit.c b/usr/src/cmd/krb5/kinit/kinit.c
index aca4caa01e..62f5736d08 100644
--- a/usr/src/cmd/krb5/kinit/kinit.c
+++ b/usr/src/cmd/krb5/kinit/kinit.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -73,15 +73,17 @@ extern int getopt();
#ifdef HAVE_PWD_H
#include <pwd.h>
+static
char * get_name_from_os()
{
struct passwd *pw;
- if (pw = getpwuid((int) getuid()))
+ if ((pw = getpwuid((int) getuid())))
return pw->pw_name;
return 0;
}
#else /* HAVE_PWD_H */
#ifdef _WIN32
+static
char * get_name_from_os()
{
static char name[1024];
@@ -94,6 +96,7 @@ char * get_name_from_os()
}
}
#else /* _WIN32 */
+static
char * get_name_from_os()
{
return 0;
@@ -101,8 +104,6 @@ char * get_name_from_os()
#endif /* _WIN32 */
#endif /* HAVE_PWD_H */
-static char *progname;
-
static char* progname_v5 = 0;
#ifdef KRB5_KRB4_COMPAT
static char* progname_v4 = 0;
@@ -123,7 +124,7 @@ static int default_k4 = 0;
static int authed_k5 = 0;
static int authed_k4 = 0;
-#define KRB4_BACKUP_DEFAULT_LIFE_SECS 10*60*60 /* 10 hours */
+#define KRB4_BACKUP_DEFAULT_LIFE_SECS 24*60*60 /* 1 day */
#define ROOT_UNAME "root"
typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
@@ -236,10 +237,11 @@ struct option long_options[] = {
/* Save the program name for the error messages */
static char *progname;
-void
-usage(void)
+static void
+usage(progname)
{
#define USAGE_BREAK "\n\t"
+
#ifdef GETOPT_LONG
#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable"
#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable"
@@ -260,7 +262,7 @@ usage(void)
USAGE_BREAK_LONG
"[-p | -P" USAGE_LONG_PROXIABLE "] "
USAGE_BREAK_LONG
- "[-A" USAGE_LONG_ADDRESSES "] "
+ "[-a | -A" USAGE_LONG_ADDRESSES "] "
USAGE_BREAK
"[-v] [-R] "
"[-k [-t keytab_file]] "
@@ -283,12 +285,13 @@ usage(void)
#ifdef KRB5_KRB4_COMPAT
#define USAGE_OPT_FMT "%s%-50s%s\n"
+#define ULINE(indent, col1, col2) \
+fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2)
#else
#define USAGE_OPT_FMT "%s%s\n"
-#endif
-
#define ULINE(indent, col1, col2) \
-fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2)
+fprintf(stderr, USAGE_OPT_FMT, indent, col1)
+#endif
ULINE(" ", "options:", "valid with Kerberos:");
fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
@@ -307,6 +310,7 @@ fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2)
ULINE("\t", gettext("-p proxiable"), OPTTYPE_KRB5);
ULINE("\t", gettext("-P not proxiable"), OPTTYPE_KRB5);
ULINE("\t", gettext("-A do not include addresses"), OPTTYPE_KRB5);
+ ULINE("\t", gettext("-a include addresses"), OPTTYPE_KRB5);
ULINE("\t", gettext("-v validate"), OPTTYPE_KRB5);
ULINE("\t", gettext("-R renew"), OPTTYPE_BOTH);
ULINE("\t", gettext("-k use keytab"), OPTTYPE_BOTH);
@@ -318,11 +322,12 @@ fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2)
exit(2);
}
-char *
-parse_options(argc, argv, opts)
+static char *
+parse_options(argc, argv, opts, progname)
int argc;
char **argv;
struct k_opts* opts;
+ char *progname;
{
krb5_error_code code;
int errflg = 0;
@@ -330,7 +335,7 @@ parse_options(argc, argv, opts)
int use_k5 = 0;
int i;
- while ((i = GETOPT(argc, argv, "r:fpFP54AVl:s:c:kt:RS:v"))
+ while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:v"))
!= -1) {
switch (i) {
case 'V':
@@ -516,7 +521,7 @@ parse_options(argc, argv, opts)
}
if (errflg) {
- usage();
+ usage(progname);
}
got_k5 = got_k5 && use_k5;
@@ -526,7 +531,7 @@ parse_options(argc, argv, opts)
return opts->principal_name;
}
-int
+static int
k5_begin(opts, k5, k4)
struct k_opts* opts;
struct k5_data* k5;
@@ -534,12 +539,12 @@ struct k4_data* k4;
{
char* progname = progname_v5;
krb5_error_code code = 0;
- char* cp;
if (!got_k5)
return 0;
- if (code = krb5_init_context(&k5->ctx)) {
+ code = krb5_init_context(&k5->ctx);
+ if (code) {
com_err(progname, code, gettext("while initializing Kerberos 5 library"));
return 0;
}
@@ -575,21 +580,25 @@ struct k4_data* k4;
/* No principal name specified */
if (opts->action == INIT_KT) {
/* Use the default host/service name */
- if (code = krb5_sname_to_principal(k5->ctx, NULL, NULL,
- KRB5_NT_SRV_HST, &k5->me)) {
- com_err(progname, code, gettext(
- "when creating default server principal name"));
- return 0;
- }
+ code = krb5_sname_to_principal(k5->ctx, NULL, NULL,
+ KRB5_NT_SRV_HST, &k5->me);
+ if (code) {
+ com_err(progname, code, gettext(
+ "when creating default server principal name"));
+ return 0;
+ }
} else {
- /* Get default principal from cache if one exists */
- if (code = krb5_cc_get_principal(k5->ctx, k5->cc, &k5->me)) {
- char *name = get_name_from_os();
- if (!name)
- {
- fprintf(stderr, gettext("Unable to identify user\n"));
- return 0;
- }
+ /* Get default principal from cache if one exists */
+ code = krb5_cc_get_principal(k5->ctx, k5->cc,
+ &k5->me);
+ if (code)
+ {
+ char *name = get_name_from_os();
+ if (!name)
+ {
+ fprintf(stderr, gettext("Unable to identify user\n"));
+ return 0;
+ }
/* use strcmp to ensure only "root" is matched */
if (strcmp(name, ROOT_UNAME) == 0)
{
@@ -599,21 +608,25 @@ struct k4_data* k4;
"when creating default server principal name"));
return 0;
}
- } else if (code = krb5_parse_name(k5->ctx, name, &k5->me)) {
- com_err(progname, code, gettext("when parsing name %s"),
- name);
- return 0;
+ } else
+ if ((code = krb5_parse_name(k5->ctx, name,
+ &k5->me)))
+ {
+ com_err(progname, code, gettext("when parsing name %s"),
+ name);
+ return 0;
}
- }
- }
+ }
+ }
}
- if (code = krb5_unparse_name(k5->ctx, k5->me, &k5->name)) {
+
+ code = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
+ if (code) {
com_err(progname, code, gettext("when unparsing name"));
return 0;
}
opts->principal_name = k5->name;
-
#ifdef KRB5_KRB4_COMPAT
if (got_k4)
{
@@ -630,7 +643,7 @@ struct k4_data* k4;
return 1;
}
-void
+static void
k5_end(k5)
struct k5_data* k5;
{
@@ -645,7 +658,7 @@ k5_end(k5)
memset(k5, 0, sizeof(*k5));
}
-int
+static int
k4_begin(opts, k4)
struct k_opts* opts;
struct k4_data* k4;
@@ -665,8 +678,9 @@ k4_begin(opts, k4)
if (opts->principal_name)
{
/* Use specified name */
- if (k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
- opts->principal_name))
+ k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
+ opts->principal_name);
+ if (k_errno)
{
fprintf(stderr, "%s: %s\n", progname,
krb_get_err_text(k_errno));
@@ -682,8 +696,9 @@ k4_begin(opts, k4)
return 0;
} else {
/* Get default principal from cache if one exists */
- if (k_errno = krb_get_tf_fullname(tkt_string(), k4->aname,
- k4->inst, k4->realm))
+ k_errno = krb_get_tf_fullname(tkt_string(), k4->aname,
+ k4->inst, k4->realm);
+ if (k_errno)
{
char *name = get_name_from_os();
if (!name)
@@ -691,8 +706,9 @@ k4_begin(opts, k4)
fprintf(stderr, "Unable to identify user\n");
return 0;
}
- if (k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
- name))
+ k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
+ name);
+ if (k_errno)
{
fprintf(stderr, "%s: %s\n", progname,
krb_get_err_text(k_errno));
@@ -733,7 +749,7 @@ k4_begin(opts, k4)
return 1;
}
-void
+static void
k4_end(k4)
struct k4_data* k4;
{
@@ -745,7 +761,7 @@ static char stash_password[1024];
static int got_password = 0;
#endif /* KRB5_KRB4_COMPAT */
-krb5_error_code
+static krb5_error_code
KRB5_CALLCONV
kinit_prompter(
krb5_context ctx,
@@ -771,11 +787,10 @@ kinit_prompter(
got_password = 1;
#endif
}
-
return rc;
}
-int
+static int
k5_kinit(opts, k5)
struct k_opts* opts;
struct k5_data* k5;
@@ -905,7 +920,6 @@ k5_kinit(opts, k5)
goto cleanup;
}
krb5_get_init_creds_opt_set_address_list(&options, addresses);
- krb5_free_addresses(k5->ctx, addresses);
}
if (opts->no_addresses)
krb5_get_init_creds_opt_set_address_list(&options, NULL);
@@ -920,8 +934,6 @@ k5_kinit(opts, k5)
}
}
-
-
switch (opts->action) {
case INIT_PW:
code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
@@ -982,13 +994,15 @@ k5_kinit(opts, k5)
opts->lifetime = my_creds.times.endtime - my_creds.times.authtime;
}
- if (code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me)) {
+ code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me);
+ if (code) {
com_err(progname, code, gettext("when initializing cache %s"),
opts->k5_cache_name?opts->k5_cache_name:"");
goto cleanup;
}
- if (code = krb5_cc_store_cred(k5->ctx, k5->cc, &my_creds)) {
+ code = krb5_cc_store_cred(k5->ctx, k5->cc, &my_creds);
+ if (code) {
com_err(progname, code, gettext("while storing credentials"));
goto cleanup;
}
@@ -1012,7 +1026,7 @@ k5_kinit(opts, k5)
return notix?0:1;
}
-int
+static int
k4_kinit(opts, k4, ctx)
struct k_opts* opts;
struct k4_data* k4;
@@ -1035,17 +1049,13 @@ k4_kinit(opts, k4, ctx)
if (!k4->lifetime)
k4->lifetime = KRB4_BACKUP_DEFAULT_LIFE_SECS;
- k4->lifetime /= (5 * 60);
- if (k4->lifetime < 1)
- k4->lifetime = 1;
- if (k4->lifetime > 255)
- k4->lifetime = 255;
+ k4->lifetime = krb_time_to_life(0, k4->lifetime);
switch (opts->action)
{
case INIT_PW:
if (!got_password) {
- int pwsize = sizeof(stash_password);
+ unsigned int pwsize = sizeof(stash_password);
krb5_error_code code;
char prompt[1024];
@@ -1074,7 +1084,7 @@ k4_kinit(opts, k4, ctx)
fprintf(stderr, "%s: %s\n", progname,
krb_get_err_text(k_errno));
if (authed_k5)
- fprintf(stderr, gettext("Maybe your KDC does not support v4. "
+ fprintf(stderr, gettext("Maybe your KDC does not support v4. "
"Try the -5 option next time.\n"));
return 0;
}
@@ -1087,17 +1097,25 @@ k4_kinit(opts, k4, ctx)
fprintf(stderr, gettext("%s: renewal of krb4 tickets is not supported\n"),
progname);
return 0;
+#else
+ /* These cases are handled by the 524 code - this prevents the compiler
+ warnings of not using all the enumerated types.
+ */
+ case INIT_KT:
+ case RENEW:
+ case VALIDATE:
+ return 0;
#endif
}
#endif
return 0;
}
-char*
-getvprogname(v)
- char *v;
+static char*
+getvprogname(v, progname)
+ char *v, *progname;
{
- int len = strlen(progname) + 2 + strlen(v) + 2;
+ unsigned int len = strlen(progname) + 2 + strlen(v) + 2;
char *ret = malloc(len);
if (ret)
sprintf(ret, "%s(v%s)", progname, v);
@@ -1108,7 +1126,7 @@ getvprogname(v)
#ifdef HAVE_KRB524
/* Convert krb5 tickets to krb4. */
-int try_convert524(k5)
+static int try_convert524(k5)
struct k5_data* k5;
{
char * progname = progname_v524;
@@ -1128,9 +1146,6 @@ int try_convert524(k5)
initialized.
*/
- /* or do this directly with krb524_convert_creds_kdc */
- krb524_init_ets(k5->ctx);
-
if ((code = krb5_build_principal(k5->ctx,
&kpcserver,
krb5_princ_realm(k5->ctx, k5->me)->length,
@@ -1217,10 +1232,10 @@ main(argc, argv)
(void) textdomain(TEXT_DOMAIN);
progname = GET_PROGNAME(argv[0]);
- progname_v5 = getvprogname("5");
+ progname_v5 = getvprogname("5", progname);
#ifdef KRB5_KRB4_COMPAT
- progname_v4 = getvprogname("4");
- progname_v524 = getvprogname("524");
+ progname_v4 = getvprogname("4", progname);
+ progname_v524 = getvprogname("524", progname);
#endif
/* Ensure we can be driven from a pipe */
@@ -1246,7 +1261,7 @@ main(argc, argv)
memset(&k5, 0, sizeof(k5));
memset(&k4, 0, sizeof(k4));
- parse_options(argc, argv, &opts);
+ parse_options(argc, argv, &opts, progname);
got_k5 = k5_begin(&opts, &k5, &k4);
got_k4 = k4_begin(&opts, &k4);
@@ -1270,7 +1285,8 @@ main(argc, argv)
k5_end(&k5);
k4_end(&k4);
- if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4))
+ if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4) ||
+ (!got_k5 && !got_k4))
exit(1);
return 0;
}
diff --git a/usr/src/cmd/krb5/klist/klist.c b/usr/src/cmd/krb5/klist/klist.c
index 9e1e938c30..f564e6790b 100644
--- a/usr/src/cmd/krb5/klist/klist.c
+++ b/usr/src/cmd/krb5/klist/klist.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -36,7 +36,6 @@
#include <k5-int.h>
#include "com_err.h"
#include <krb5.h>
-
#ifdef KRB5_KRB4_COMPAT
#include <kerberosIV/krb.h>
#endif /* KRB5_KRB4_COMPAT */
@@ -48,7 +47,9 @@
#include <libintl.h>
#include <locale.h>
#include <netinet/in.h>
+#if defined(HAVE_ARPA_INET_H)
#include <arpa/inet.h>
+#endif
#include <inet/ip.h>
#include <inet/ip6.h>
@@ -58,9 +59,10 @@
#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
#endif /* _WIN32 */
+#ifndef _WIN32
#include <sys/socket.h>
#include <netdb.h>
-
+#endif
extern int optind;
@@ -74,15 +76,13 @@ size_t timestamp_width;
krb5_context kcontext;
char * etype_string (krb5_enctype );
-void show_credential (char *,
- krb5_context,
- krb5_creds *);
+void show_credential (krb5_creds *);
void do_ccache (char *);
void do_keytab (char *);
void printtime (time_t);
void one_addr (krb5_address *);
-void fillit (FILE *, int, int);
+void fillit (FILE *, unsigned int, int);
void show_addr(krb5_address *a);
#ifdef KRB5_KRB4_COMPAT
@@ -109,7 +109,7 @@ static int default_k4 = 1;
static int default_k4 = 0;
#endif /* KRB5_KRB4_COMPAT */
-void usage()
+static void usage()
{
#define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available"))
@@ -140,7 +140,9 @@ void usage()
int
-main(int argc, char *argv[])
+main(argc, argv)
+ int argc;
+ char **argv;
{
int c;
char *name;
@@ -260,7 +262,7 @@ main(int argc, char *argv[])
if (!krb5_timestamp_to_sfstring(now, tmp, 20, (char *) NULL) ||
!krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp),
(char *) NULL))
- timestamp_width = strlen(tmp);
+ timestamp_width = (int) strlen(tmp);
else
timestamp_width = 15;
}
@@ -321,42 +323,40 @@ void do_keytab(name)
}
if ((code = krb5_kt_get_name(kcontext, kt, buf, BUFSIZ))) {
- com_err(progname, code,
+ com_err(progname, code,
gettext("while getting keytab name"));
exit(1);
}
- printf(gettext("Keytab name: %s\n"), buf);
+ printf(gettext("Keytab name: %s\n"), buf);
if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor))) {
- com_err(progname, code,
+ com_err(progname, code,
gettext("while starting keytab scan"));
exit(1);
}
if (show_time) {
- printf(gettext("KVNO Timestamp"));
- fillit(stdout, timestamp_width -
- sizeof (gettext("Timestamp")) + 2, (int)' ');
- printf(gettext("Principal\n"));
- printf("---- ");
+ printf(gettext("KVNO Timestamp"));
+ fillit(stdout, timestamp_width -
+ sizeof (gettext("Timestamp")) + 2, (int)' ');
+ printf(gettext("Principal\n"));
+ printf("---- ");
fillit(stdout, timestamp_width, (int) '-');
printf(" ");
- fillit(stdout, 78 - timestamp_width -
+ fillit(stdout, 78 - timestamp_width -
sizeof (gettext("KVNO")), (int)'-');
printf("\n");
} else {
- printf(gettext("KVNO Principal\n"));
- printf("---- ------------------------------"
+ printf(gettext("KVNO Principal\n"));
+ printf("---- ------------------------------"
"--------------------------------------"
"------\n");
}
- while ((code = krb5_kt_next_entry(kcontext, kt,
- &entry, &cursor)) == 0) {
- if (code = krb5_unparse_name(kcontext,
- entry.principal, &pname)) {
- com_err(progname, code,
+ while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
+ if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
+ com_err(progname, code,
gettext("while unparsing principal name"));
exit(1);
}
@@ -443,7 +443,7 @@ void do_ccache(name)
gettext("while setting cache "
"flags(ticket cache %s:%s)"),
krb5_cc_get_type(kcontext, cache),
- krb5_cc_get_name(kcontext, cache));
+ krb5_cc_get_name(kcontext, cache));
}
exit(1);
}
@@ -463,7 +463,7 @@ void do_ccache(name)
printf(gettext("Ticket cache: %s:%s\nDefault principal: "
"%s\n\n"),
krb5_cc_get_type(kcontext, cache),
- krb5_cc_get_name(kcontext, cache), defname);
+ krb5_cc_get_name(kcontext, cache), defname);
fputs(gettext("Valid starting"), stdout);
fillit(stdout, timestamp_width -
sizeof (gettext("Valid starting")) + 3, (int)' ');
@@ -490,7 +490,7 @@ void do_ccache(name)
creds.times.endtime > now)
exit_status = 0;
} else {
- show_credential(progname, kcontext, &creds);
+ show_credential(&creds);
}
krb5_free_cred_contents(kcontext, &creds);
}
@@ -537,7 +537,7 @@ etype_string(enctype)
return buf;
}
-char *
+static char *
flags_string(cred)
register krb5_creds *cred;
{
@@ -566,6 +566,12 @@ flags_string(cred)
buf[i++] = 'H';
if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
buf[i++] = 'A';
+ if (cred->ticket_flags & TKT_FLG_TRANSIT_POLICY_CHECKED)
+ buf[i++] = 'T';
+ if (cred->ticket_flags & TKT_FLG_OK_AS_DELEGATE)
+ buf[i++] = 'O'; /* D/d are taken. Use short strings? */
+ if (cred->ticket_flags & TKT_FLG_ANONYMOUS)
+ buf[i++] = 'a';
buf[i] = '\0';
return(buf);
}
@@ -585,9 +591,7 @@ printtime(tv)
}
void
-show_credential(progname, kcontext, cred)
- char * progname;
- krb5_context kcontext;
+show_credential(cred)
register krb5_creds * cred;
{
krb5_error_code retval;
@@ -657,18 +661,22 @@ show_credential(progname, kcontext, cred)
if (show_etype) {
retval = decode_krb5_ticket(&cred->ticket, &tkt);
- if (retval == 0) {
- if (!extra_field)
- fputs("\t",stdout);
- else
- fputs(", ",stdout);
- printf(gettext("Etype(skey, tkt): %s, "),
- etype_string(cred->keyblock.enctype));
- printf("%s ",
- etype_string(tkt->enc_part.enctype));
+ if (retval)
+ goto err_tkt;
+
+ if (!extra_field)
+ fputs("\t",stdout);
+ else
+ fputs(", ",stdout);
+ printf(gettext("Etype(skey, tkt): %s, "),
+ etype_string(cred->keyblock.enctype));
+ printf("%s ",
+ etype_string(tkt->enc_part.enctype));
+ extra_field++;
+
+ err_tkt:
+ if (tkt != NULL)
krb5_free_ticket(kcontext, tkt);
- extra_field++;
- }
}
/* if any additional info was printed, extra_field is non-zero */
@@ -762,7 +770,7 @@ void one_addr(a)
void
fillit(f, num, c)
FILE *f;
- int num;
+ unsigned int num;
int c;
{
int i;
@@ -812,7 +820,8 @@ do_v4_ccache(name)
*/
/* Open ticket file */
- if (k_errno = tf_init(file, R_TKT_FIL)) {
+ k_errno = tf_init(file, R_TKT_FIL);
+ if (k_errno) {
fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
exit(1);
}
@@ -832,7 +841,7 @@ do_v4_ccache(name)
}
/* Open ticket file */
- if (k_errno = tf_init(file, R_TKT_FIL)) {
+ if ((k_errno = tf_init(file, R_TKT_FIL))) {
fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
exit(1);
}
@@ -861,7 +870,7 @@ do_v4_ccache(name)
}
printtime(c.issue_date);
fputs(" ", stdout);
- printtime(c.issue_date + ((unsigned char) c.lifetime) * 5 * 60);
+ printtime(krb_life_to_time(c.issue_date, c.lifetime));
printf(" %s%s%s%s%s\n",
c.service, (c.instance[0] ? "." : ""), c.instance,
(c.realm[0] ? "@" : ""), c.realm);
diff --git a/usr/src/cmd/krb5/krb5kdc/dispatch.c b/usr/src/cmd/krb5/krb5kdc/dispatch.c
index 8d01e92ceb..c1ccabe1f2 100644
--- a/usr/src/cmd/krb5/krb5kdc/dispatch.c
+++ b/usr/src/cmd/krb5/krb5kdc/dispatch.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -44,15 +44,16 @@
#include <string.h>
extern krb5_error_code setup_server_realm(krb5_principal);
+static krb5_int32 last_usec = 0, last_os_random = 0;
krb5_error_code
-dispatch(krb5_data *pkt, const krb5_fulladdr *from, int portnum,
- krb5_data **response)
+dispatch(krb5_data *pkt, const krb5_fulladdr *from, krb5_data **response)
{
krb5_error_code retval;
krb5_kdc_req *as_req;
-
+ krb5_int32 now, now_usec;
+
/* decode incoming packet, and dispatch */
#ifndef NOCACHE
@@ -67,15 +68,37 @@ dispatch(krb5_data *pkt, const krb5_fulladdr *from, int portnum,
if (name == 0)
name = "[unknown address type]";
krb5_klog_syslog(LOG_INFO,
- "DISPATCH: repeated (retransmitted?) request from %s port %d, resending previous response",
- name, portnum);
+ "DISPATCH: repeated (retransmitted?) request from %s, resending previous response",
+ name);
return 0;
}
#endif
+/* SUNW14resync XXX */
+#if 0
+ retval = krb5_crypto_us_timeofday(&now, &now_usec);
+ if (retval == 0) {
+ krb5_int32 usec_difference = now_usec-last_usec;
+ krb5_data data;
+ if(last_os_random == 0)
+ last_os_random = now;
+ /* Grab random data from OS every hour*/
+ if(now-last_os_random >= 60*60) {
+ krb5_c_random_os_entropy(kdc_context, 0, NULL);
+ last_os_random = now;
+ }
+
+ data.length = sizeof(krb5_int32);
+ data.data = (void *) &usec_difference;
+
+ krb5_c_random_add_entropy(kdc_context,
+ KRB5_C_RANDSOURCE_TIMING, &data);
+ last_usec = now_usec;
+ }
+#endif
/* try TGS_REQ first; they are more common! */
if (krb5_is_tgs_req(pkt)) {
- retval = process_tgs_req(pkt, from, portnum, response);
+ retval = process_tgs_req(pkt, from, response);
} else if (krb5_is_as_req(pkt)) {
if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
/*
@@ -83,11 +106,15 @@ dispatch(krb5_data *pkt, const krb5_fulladdr *from, int portnum,
* pointer.
*/
if (!(retval = setup_server_realm(as_req->server))) {
- retval = process_as_req(as_req, from, portnum, response);
+ retval = process_as_req(as_req, from, response);
}
krb5_free_kdc_req(kdc_context, as_req);
}
}
+#ifdef KRB5_KRB4_COMPAT
+ else if (pkt->data[0] == 4) /* old version */
+ retval = process_v4(pkt, from, response);
+#endif
else
retval = KRB5KRB_AP_ERR_MSG_TYPE;
#ifndef NOCACHE
diff --git a/usr/src/cmd/krb5/krb5kdc/do_as_req.c b/usr/src/cmd/krb5/krb5kdc/do_as_req.c
index 6e715caa69..22f3e97d37 100644
--- a/usr/src/cmd/krb5/krb5kdc/do_as_req.c
+++ b/usr/src/cmd/krb5/krb5kdc/do_as_req.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -34,6 +34,7 @@
* KDC Routines to deal with AS_REQ's
*/
+#define NEED_SOCKETS
#include "k5-int.h"
#include "com_err.h"
@@ -52,20 +53,14 @@
#include "adm_proto.h"
#include "extern.h"
-static krb5_error_code prepare_error_as (krb5_kdc_req *,
- int,
- krb5_data *,
- krb5_data **);
+static krb5_error_code prepare_error_as (krb5_kdc_req *, int, krb5_data *,
+ krb5_data **, const char *);
/*ARGSUSED*/
krb5_error_code
-process_as_req(request, from, portnum, response)
-register krb5_kdc_req *request;
-const krb5_fulladdr *from; /* who sent it ? */
-int portnum;
-krb5_data **response; /* filled in with a response packet */
+process_as_req(krb5_kdc_req *request, const krb5_fulladdr *from,
+ krb5_data **response)
{
-
krb5_db_entry client, server;
krb5_kdc_rep reply;
krb5_enc_kdc_rep_part reply_encpart;
@@ -87,22 +82,28 @@ krb5_data **response; /* filled in with a response packet */
register int i;
krb5_timestamp until, rtime;
long long tmp_client_times, tmp_server_times, tmp_realm_times;
- char *cname = 0, *sname = 0, *fromstring = 0;
+ char *cname = 0, *sname = 0;
+ const char *fromstring = 0;
+ char ktypestr[128];
+ char rep_etypestr[128];
+ char fromstringbuf[70];
struct in_addr from_in4; /* IPv4 address of sender */
ticket_reply.enc_part.ciphertext.data = 0;
e_data.data = 0;
- reply.padata = 0; /* avoid bogus free in error_out */
(void) memset(&encrypting_key, 0, sizeof(krb5_keyblock));
+ reply.padata = 0; /* avoid bogus free in error_out */
(void) memset(&session_key, 0, sizeof(krb5_keyblock));
-#ifdef HAVE_NETINET_IN_H
- if (from->address->addrtype == ADDRTYPE_INET) {
+ ktypes2str(ktypestr, sizeof(ktypestr),
+ request->nktypes, request->ktype);
+
(void) memcpy(&from_in4, from->address->contents, /* SUNW */
sizeof (struct in_addr));
- fromstring = inet_ntoa(from_in4);
- }
-#endif
+
+ fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
+ &from_in4,
+ fromstringbuf, sizeof(fromstringbuf));
if (!fromstring)
fromstring = "<unknown>";
@@ -190,7 +191,7 @@ krb5_data **response; /* filled in with a response packet */
}
if ((errcode = krb5_c_make_random_key(kdc_context, useenctype,
- &session_key))) {
+ &session_key))) {
/* random key failed */
status = "RANDOM_KEY_FAILED";
goto errout;
@@ -240,8 +241,8 @@ krb5_data **response; /* filled in with a response packet */
tmp_realm_times = (long long) enc_tkt_reply.times.starttime + max_life_for_realm;
- enc_tkt_reply.times.endtime =
- min(until,
+ enc_tkt_reply.times.endtime =
+ min(until,
min(tmp_client_times,
min(tmp_server_times,
min(tmp_realm_times,KRB5_KDB_EXPIRATION))));
@@ -270,9 +271,9 @@ krb5_data **response; /* filled in with a response packet */
tmp_realm_times = (double) enc_tkt_reply.times.starttime + max_renewable_life_for_realm;
enc_tkt_reply.times.renew_till =
- min(rtime, min(tmp_client_times,
- min(tmp_server_times,
- min(tmp_realm_times,KRB5_KDB_EXPIRATION))));
+ min(rtime, min(tmp_client_times,
+ min(tmp_server_times,
+ min(tmp_realm_times,KRB5_KDB_EXPIRATION))));
} else
enc_tkt_reply.times.renew_till = 0; /* XXX */
@@ -347,9 +348,6 @@ krb5_data **response; /* filled in with a response packet */
status = "DECRYPT_SERVER_KEY";
goto errout;
}
- if ((encrypting_key.enctype == ENCTYPE_DES_CBC_CRC) &&
- (isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5)))
- encrypting_key.enctype = ENCTYPE_DES_CBC_MD5;
errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key, &ticket_reply);
krb5_free_keyblock_contents(kdc_context, &encrypting_key);
@@ -439,11 +437,20 @@ krb5_data **response; /* filled in with a response packet */
memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
- audit_krb5kdc_as_req(&from_in4, (in_port_t)from->port, (in_port_t)portnum,
+ /* SUNW14resync:
+ * The third argument to audit_krb5kdc_as_req() is zero as the local
+ * portnumber is no longer passed to process_as_req().
+ */
+ audit_krb5kdc_as_req(&from_in4, (in_port_t)from->port, 0,
cname, sname, 0);
-
- krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): ISSUE: authtime %d, %s for %s",
- fromstring, portnum, authtime, cname, sname);
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ krb5_klog_syslog(LOG_INFO,
+ "AS_REQ (%s) %s: ISSUE: authtime %d, "
+ "%s, %s for %s",
+ ktypestr,
+ fromstring, authtime,
+ rep_etypestr,
+ cname, sname);
#ifdef KRBCONF_KDC_MODIFIES_KDB
/*
@@ -457,24 +464,28 @@ krb5_data **response; /* filled in with a response packet */
errout:
if (status) {
audit_krb5kdc_as_req(&from_in4, (in_port_t)from->port,
- (in_port_t)portnum, cname, sname, errcode);
- krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): %s: %s for %s%s%s",
- fromstring, portnum, status,
+ 0, cname, sname, errcode);
+ krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
+ ktypestr,
+ fromstring, status,
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
errcode ? ", " : "",
errcode ? error_message(errcode) : "");
}
if (errcode) {
+ if (status == 0)
+ status = error_message (errcode);
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
- errcode = prepare_error_as(request, errcode, &e_data, response);
+ errcode = prepare_error_as(request, errcode, &e_data, response,
+ status);
}
- krb5_free_keyblock_contents(kdc_context, &encrypting_key);
-
+ if (encrypting_key.contents)
+ krb5_free_keyblock_contents(kdc_context, &encrypting_key);
if (reply.padata)
krb5_free_pa_data(kdc_context, reply.padata);
@@ -495,7 +506,7 @@ errout:
kdc_active_realm->realm_dbname);
krb5_db_init(kdc_context);
/* Reset master key */
- krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_encblock);
+ krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
}
#endif /* KRBCONF_KDC_MODIFIES_KDB */
krb5_db_free_principal(kdc_context, &client, c_nprincs);
@@ -516,11 +527,8 @@ errout:
}
static krb5_error_code
-prepare_error_as (request, error, e_data, response)
-register krb5_kdc_req *request;
-int error;
-krb5_data *e_data;
-krb5_data **response;
+prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data,
+ krb5_data **response, const char *status)
{
krb5_error errpkt;
krb5_error_code retval;
@@ -535,10 +543,10 @@ krb5_data **response;
errpkt.error = error;
errpkt.server = request->server;
errpkt.client = request->client;
- errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
+ errpkt.text.length = strlen(status)+1;
if (!(errpkt.text.data = malloc(errpkt.text.length)))
return ENOMEM;
- (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
+ (void) strcpy(errpkt.text.data, status);
if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
free(errpkt.text.data);
diff --git a/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c b/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c
index d09b29fedf..9f0f5fc79a 100644
--- a/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c
+++ b/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -8,7 +8,7 @@
/*
* kdc/do_tgs_req.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -34,6 +34,7 @@
* KDC Routines to deal with TGS_REQ's
*/
+#define NEED_SOCKETS
#include "k5-int.h"
#include "com_err.h"
@@ -53,27 +54,18 @@
extern krb5_error_code setup_server_realm(krb5_principal);
-static void find_alternate_tgs (krb5_kdc_req *,
- krb5_db_entry *,
- krb5_boolean *,
- int *,
- const krb5_fulladdr *,
- int,
- char *);
+static void find_alternate_tgs (krb5_kdc_req *, krb5_db_entry *,
+ krb5_boolean *, int *,
+ const krb5_fulladdr *from, char *cname);
-static krb5_error_code prepare_error_tgs (krb5_kdc_req *,
- krb5_ticket *,
- int,
- const char *,
- krb5_data **);
+static krb5_error_code prepare_error_tgs (krb5_kdc_req *, krb5_ticket *,
+ int, const char *, krb5_data **,
+ const char *);
/*ARGSUSED*/
krb5_error_code
-process_tgs_req(pkt, from, portnum, response)
-krb5_data *pkt;
-const krb5_fulladdr *from; /* who sent it ? */
-int portnum;
-krb5_data **response; /* filled in with a response packet */
+process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
+ krb5_data **response)
{
krb5_keyblock * subkey;
krb5_kdc_req *request = 0;
@@ -93,7 +85,8 @@ krb5_data **response; /* filled in with a response packet */
krb5_timestamp until, rtime;
krb5_keyblock encrypting_key;
krb5_key_data *server_key;
- char *cname = 0, *sname = 0, *tmp = 0, *fromstring = 0;
+ char *cname = 0, *sname = 0, *tmp = 0;
+ const char *fromstring = 0;
krb5_last_req_entry *nolrarray[2], nolrentry;
/* krb5_address *noaddrarray[1]; */
krb5_enctype useenctype;
@@ -101,6 +94,9 @@ krb5_data **response; /* filled in with a response packet */
register int i;
int firstpass = 1;
const char *status = 0;
+ char ktypestr[128];
+ char rep_etypestr[128];
+ char fromstringbuf[70];
long long tmp_server_times, tmp_realm_times;
(void) memset(&encrypting_key, 0, sizeof(krb5_keyblock));
@@ -110,17 +106,17 @@ krb5_data **response; /* filled in with a response packet */
if (retval)
return retval;
+ ktypes2str(ktypestr, sizeof(ktypestr),
+ request->nktypes, request->ktype);
/*
* setup_server_realm() sets up the global realm-specific data pointer.
*/
if ((retval = setup_server_realm(request->server)))
return retval;
-#ifdef HAVE_NETINET_IN_H
- if (from->address->addrtype == ADDRTYPE_INET)
- fromstring =
- (char *) inet_ntoa(*(struct in_addr *)from->address->contents);
-#endif
+ fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
+ from->address->contents,
+ fromstringbuf, sizeof(fromstringbuf));
if (!fromstring)
fromstring = "<unknown>";
@@ -172,7 +168,6 @@ krb5_data **response; /* filled in with a response packet */
nprincs = 0;
goto cleanup;
}
-
tgt_again:
if (more) {
status = "NON_UNIQUE_PRINCIPAL";
@@ -190,11 +185,11 @@ tgt_again:
krb5_data *tgs_1 =
krb5_princ_component(kdc_context, tgs_server, 1);
- if (server_1->length != tgs_1->length ||
+ if (!tgs_1 || server_1->length != tgs_1->length ||
memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
krb5_db_free_principal(kdc_context, &server, nprincs);
find_alternate_tgs(request, &server, &more, &nprincs,
- from, portnum, cname); /* SUNW */
+ from, cname);
firstpass = 0;
goto tgt_again;
}
@@ -402,7 +397,7 @@ tgt_again:
request->rtime =
min(request->till,
min(KRB5_KDB_EXPIRATION,
- header_ticket->enc_part2->times.renew_till));
+ header_ticket->enc_part2->times.renew_till));
}
}
rtime = (request->rtime == 0) ? kdc_infinity : request->rtime;
@@ -523,6 +518,36 @@ tgt_again:
}
newtransited = 1;
}
+ if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
+ errcode = krb5_check_transited_list (kdc_context,
+ &enc_tkt_reply.transited.tr_contents,
+ krb5_princ_realm (kdc_context, header_ticket->enc_part2->client),
+ krb5_princ_realm (kdc_context, request->server));
+ if (errcode == 0) {
+ setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
+ } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
+ krb5_klog_syslog (LOG_INFO,
+ "bad realm transit path from '%s' to '%s' via '%.*s'",
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ enc_tkt_reply.transited.tr_contents.length,
+ enc_tkt_reply.transited.tr_contents.data);
+ else
+ krb5_klog_syslog (LOG_ERR,
+ "unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ enc_tkt_reply.transited.tr_contents.length,
+ enc_tkt_reply.transited.tr_contents.data,
+ error_message (errcode));
+ } else
+ krb5_klog_syslog (LOG_INFO, "not checking transit path");
+ if (reject_bad_transit
+ && !isflagset (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) {
+ errcode = KRB5KDC_ERR_POLICY;
+ status = "BAD_TRANSIT";
+ goto cleanup;
+ }
ticket_reply.enc_part2 = &enc_tkt_reply;
@@ -537,31 +562,30 @@ tgt_again:
* Make sure the client for the second ticket matches
* requested server.
*/
- if (!krb5_principal_compare(kdc_context, request->server,
- request->second_ticket[st_idx]->enc_part2->client)) {
- if ((errcode = krb5_unparse_name(kdc_context,
- request->second_ticket[st_idx]->enc_part2->client,
- &tmp)))
+ krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2;
+ krb5_principal client2 = t2enc->client;
+ if (!krb5_principal_compare(kdc_context, request->server, client2)) {
+ if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp)))
tmp = 0;
audit_krb5kdc_tgs_req_2ndtktmm(
(struct in_addr *)from->address->contents,
(in_port_t)from->port,
- (in_port_t)portnum, cname, sname);
- krb5_klog_syslog(LOG_INFO, "TGS_REQ %s(%d): 2ND_TKT_MISMATCH: authtime %d, %s for %s, 2nd tkt client %s",
- fromstring, portnum, authtime,
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
- tmp ? tmp : "<unknown>");
+ 0, cname, sname);
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ %s: 2ND_TKT_MISMATCH: "
+ "authtime %d, %s for %s, 2nd tkt client %s",
+ fromstring, authtime,
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ tmp ? tmp : "<unknown>");
errcode = KRB5KDC_ERR_SERVER_NOMATCH;
goto cleanup;
}
ticket_reply.enc_part.kvno = 0;
- ticket_reply.enc_part.enctype =
- request->second_ticket[st_idx]->enc_part2->session->enctype;
- if ((errcode = krb5_encrypt_tkt_part(kdc_context,
- request->second_ticket[st_idx]->enc_part2->session,
- &ticket_reply))) {
+ ticket_reply.enc_part.enctype = t2enc->session->enctype;
+ if ((errcode = krb5_encrypt_tkt_part(kdc_context, t2enc->session,
+ &ticket_reply))) {
status = "2ND_TKT_ENCRYPT";
goto cleanup;
}
@@ -587,9 +611,6 @@ tgt_again:
status = "DECRYPT_SERVER_KEY";
goto cleanup;
}
- if ((encrypting_key.enctype == ENCTYPE_DES_CBC_CRC) &&
- (isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5)))
- encrypting_key.enctype = ENCTYPE_DES_CBC_MD5;
errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key,
&ticket_reply);
krb5_free_keyblock_contents(kdc_context, &encrypting_key);
@@ -646,42 +667,51 @@ tgt_again:
}
if (ticket_reply.enc_part.ciphertext.data) {
- memset(ticket_reply.enc_part.ciphertext.data, 0,
+ memset(ticket_reply.enc_part.ciphertext.data, 0,
ticket_reply.enc_part.ciphertext.length);
- free(ticket_reply.enc_part.ciphertext.data);
+ free(ticket_reply.enc_part.ciphertext.data);
ticket_reply.enc_part.ciphertext.data = NULL;
}
/* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
can use them in raw form if needed. But, we don't... */
if (reply.enc_part.ciphertext.data) {
- memset(reply.enc_part.ciphertext.data, 0,
+ memset(reply.enc_part.ciphertext.data, 0,
reply.enc_part.ciphertext.length);
- free(reply.enc_part.ciphertext.data);
+ free(reply.enc_part.ciphertext.data);
reply.enc_part.ciphertext.data = NULL;
}
cleanup:
if (status) {
audit_krb5kdc_tgs_req((struct in_addr *)from->address->contents,
- (in_port_t)from->port, (in_port_t)portnum,
+ (in_port_t)from->port, 0,
cname ? cname : "<unknown client>",
sname ? sname : "<unknown client>",
errcode);
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ %s(%d): %s: authtime %d, %s for %s%s%s",
- fromstring, portnum, status, authtime,
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
- errcode ? ", " : "",
- errcode ? error_message(errcode) : "");
+ if (!errcode)
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ (%s) %s: %s: authtime %d, "
+ "%s%s %s for %s%s%s",
+ ktypestr,
+ fromstring, status, authtime,
+ !errcode ? rep_etypestr : "",
+ !errcode ? "," : "",
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ errcode ? ", " : "",
+ errcode ? error_message(errcode) : "");
}
+
if (errcode) {
+ if (status == 0)
+ status = error_message (errcode);
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
retval = prepare_error_tgs(request, header_ticket, errcode,
- fromstring, response);
+ fromstring, response, status);
}
if (header_ticket)
@@ -703,12 +733,8 @@ cleanup:
}
static krb5_error_code
-prepare_error_tgs (request, ticket, error, ident, response)
-register krb5_kdc_req *request;
-krb5_ticket *ticket;
-int error;
-const char *ident;
-krb5_data **response;
+prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error,
+ const char *ident, krb5_data **response, const char *status)
{
krb5_error errpkt;
krb5_error_code retval;
@@ -726,10 +752,10 @@ krb5_data **response;
errpkt.client = ticket->enc_part2->client;
else
errpkt.client = 0;
- errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
+ errpkt.text.length = strlen(status) + 1;
if (!(errpkt.text.data = malloc(errpkt.text.length)))
return ENOMEM;
- (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
+ (void) strcpy(errpkt.text.data, status);
if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
free(errpkt.text.data);
@@ -754,15 +780,9 @@ krb5_data **response;
* some intermediate realm.
*/
static void
-find_alternate_tgs(request, server, more, nprincs, from, portnum, cname)
-krb5_kdc_req *request;
-krb5_db_entry *server;
-krb5_boolean *more;
-int *nprincs;
-const krb5_fulladdr *from; /* who sent it ? */
-int portnum;
-char *cname;
-
+find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
+ krb5_boolean *more, int *nprincs,
+ const krb5_fulladdr *from, char *cname)
{
krb5_error_code retval;
krb5_principal *plist, *pl2;
@@ -822,17 +842,18 @@ char *cname;
krb5_free_principal(kdc_context, request->server);
request->server = tmpprinc;
if (krb5_unparse_name(kdc_context, request->server, &sname)) {
+
audit_krb5kdc_tgs_req_alt_tgt(
(struct in_addr *)from->address->contents,
(in_port_t)from->port,
- (in_port_t)portnum, cname, "<unparseable>", 0);
+ 0, cname, "<unparseable>", 0);
krb5_klog_syslog(LOG_INFO,
"TGS_REQ: issuing alternate <un-unparseable> TGT");
} else {
audit_krb5kdc_tgs_req_alt_tgt(
(struct in_addr *)from->address->contents,
(in_port_t)from->port,
- (in_port_t)portnum, cname, sname, 0);
+ 0, cname, sname, 0);
krb5_klog_syslog(LOG_INFO,
"TGS_REQ: issuing TGT %s", sname);
free(sname);
@@ -848,4 +869,3 @@ char *cname;
krb5_free_realm_tree(kdc_context, plist);
return;
}
-
diff --git a/usr/src/cmd/krb5/krb5kdc/extern.h b/usr/src/cmd/krb5/krb5kdc/extern.h
index b5f2bfab8d..7ab087ef7f 100644
--- a/usr/src/cmd/krb5/krb5kdc/extern.h
+++ b/usr/src/cmd/krb5/krb5kdc/extern.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -15,7 +15,7 @@ extern "C" {
#endif
/*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,2001 by the Massachusetts Institute of Technology.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
@@ -60,13 +60,10 @@ typedef struct __kdc_realm_data {
char * realm_mpname; /* Master principal name for realm */
krb5_principal realm_mprinc; /* Master principal for realm */
krb5_keyblock realm_mkey; /* Master key for this realm */
- krb5_kvno realm_mkvno; /* Master key vno for this realm */
/*
* TGS per-realm data.
*/
krb5_principal realm_tgsprinc; /* TGS principal for this realm */
- krb5_keyblock realm_tgskey; /* TGS' key for this realm */
- krb5_kvno realm_tgskvno; /* TGS' key vno for this realm */
/*
* Other per-realm data.
*/
@@ -77,14 +74,15 @@ typedef struct __kdc_realm_data {
*/
krb5_deltat realm_maxlife; /* Maximum ticket life for realm */
krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */
- void *realm_kstypes; /* Key/Salts supported for realm */
- krb5_int32 realm_nkstypes; /* Number of key/salts */
+ krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
} kdc_realm_t;
extern kdc_realm_t **kdc_realmlist;
extern int kdc_numrealms;
extern kdc_realm_t *kdc_active_realm;
+kdc_realm_t *find_realm_data (char *, krb5_ui_4);
+
/*
* Replace previously used global variables with the active (e.g. request's)
* realm data. This allows us to support multiple realms with minimal logic
@@ -95,12 +93,11 @@ extern kdc_realm_t *kdc_active_realm;
#define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife
#define master_keyblock kdc_active_realm->realm_mkey
#define master_princ kdc_active_realm->realm_mprinc
-#define tgs_key kdc_active_realm->realm_tgskey
-#define tgs_kvno kdc_active_realm->realm_tgskvno
#define tgs_server_struct *(kdc_active_realm->realm_tgsprinc)
#define tgs_server kdc_active_realm->realm_tgsprinc
#define dbm_db_name kdc_active_realm->realm_dbname
#define primary_port kdc_active_realm->realm_pport
+#define reject_bad_transit kdc_active_realm->realm_reject_bad_transit
/* various externs for KDC */
extern krb5_data empty_string; /* an empty string */
diff --git a/usr/src/cmd/krb5/krb5kdc/kdc_preauth.c b/usr/src/cmd/krb5/krb5kdc/kdc_preauth.c
index b0f0504d3c..bb16e1d53a 100644
--- a/usr/src/cmd/krb5/krb5kdc/kdc_preauth.c
+++ b/usr/src/cmd/krb5/krb5kdc/kdc_preauth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -8,7 +8,7 @@
/*
* kdc/kdc_preauth.c
*
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -65,26 +65,38 @@
#include "com_err.h"
#include <assert.h>
#include <stdio.h>
+#include "adm_proto.h"
#include <libintl.h>
#include <syslog.h>
+#include <assert.h>
+
+/* XXX This is ugly and should be in a header file somewhere */
+#ifndef KRB5INT_DES_TYPES_DEFINED
+#define KRB5INT_DES_TYPES_DEFINED
+typedef unsigned char des_cblock[8]; /* crypto-block size */
+#endif
+typedef des_cblock mit_des_cblock;
+extern void mit_des_fixup_key_parity (mit_des_cblock );
+extern int mit_des_is_weak_key (mit_des_cblock );
+
typedef krb5_error_code (*verify_proc)
(krb5_context, krb5_db_entry *client,
- krb5_kdc_req *request,
- krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
typedef krb5_error_code (*edata_proc)
(krb5_context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *data);
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *data);
typedef krb5_error_code (*return_proc)
(krb5_context, krb5_pa_data * padata,
- krb5_db_entry *client,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_key_data *client_key,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa);
+ krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa);
typedef struct _krb5_preauth_systems {
char * name;
@@ -97,54 +109,50 @@ typedef struct _krb5_preauth_systems {
static krb5_error_code verify_enc_timestamp
(krb5_context, krb5_db_entry *client,
- krb5_kdc_req *request,
- krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
static krb5_error_code get_etype_info
(krb5_context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *data);
-
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *data);
static krb5_error_code
get_etype_info2(krb5_context context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
+ krb5_db_entry *client, krb5_db_entry *server,
krb5_pa_data *pa_data);
-
static krb5_error_code
-return_etype_info2(krb5_context, krb5_pa_data * padata,
- krb5_db_entry *client,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_key_data *client_key,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa);
-
+return_etype_info2(krb5_context, krb5_pa_data * padata,
+ krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa);
static krb5_error_code return_pw_salt
(krb5_context, krb5_pa_data * padata,
- krb5_db_entry *client,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_key_data *client_key,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa);
+ krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa);
/* SAM preauth support */
static krb5_error_code verify_sam_response
- (krb5_context, krb5_db_entry *client,
- krb5_kdc_req *request,
- krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
+ (krb5_context, krb5_db_entry *client,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data);
static krb5_error_code get_sam_edata
(krb5_context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *data);
-
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *data);
static krb5_error_code return_sam_data
(krb5_context, krb5_pa_data * padata,
- krb5_db_entry *client,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_key_data *client_key,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa);
+ krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa);
/*
* Preauth property flags
*/
@@ -172,12 +180,12 @@ static krb5_preauth_systems preauth_systems[] = {
0
},
{
- "etype-info2",
+ "etype-info2",
KRB5_PADATA_ETYPE_INFO2,
0,
- get_etype_info2,
+ get_etype_info2,
0,
- return_etype_info2
+ return_etype_info2
},
{
"pw-salt",
@@ -221,9 +229,9 @@ find_pa_system(int type, krb5_preauth_systems **preauth)
return 0;
}
-const char *missing_required_preauth(client, server, enc_tkt_reply)
- krb5_db_entry *client, *server;
- krb5_enc_tkt_part *enc_tkt_reply;
+const char *missing_required_preauth(krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_enc_tkt_part *enc_tkt_reply)
{
#if 0
/*
@@ -258,11 +266,8 @@ const char *missing_required_preauth(client, server, enc_tkt_reply)
return 0;
}
-void get_preauth_hint_list(
- krb5_kdc_req *request,
- krb5_db_entry *client,
- krb5_db_entry *server,
- krb5_data *e_data)
+void get_preauth_hint_list(krb5_kdc_req *request, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_data *e_data)
{
int hw_only;
krb5_preauth_systems *ap;
@@ -329,11 +334,8 @@ errout:
*/
krb5_error_code
-check_padata (
- krb5_context context,
- krb5_db_entry * client,
- krb5_kdc_req * request,
- krb5_enc_tkt_part * enc_tkt_reply)
+check_padata (krb5_context context, krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply)
{
krb5_error_code retval = 0;
krb5_pa_data **padata;
@@ -388,16 +390,15 @@ check_padata (
if (!pa_found)
krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s",
error_message (retval));
-
- /* The following switch statement allows us
- * to return some preauth system errors back to the client.
- */
- switch(retval) {
+/* The following switch statement allows us
+ * to return some preauth system errors back to the client.
+ */
+ switch(retval) {
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
- case KRB5KRB_AP_ERR_SKEW:
- return retval;
- default:
- return KRB5KDC_ERR_PREAUTH_FAILED;
+ case KRB5KRB_AP_ERR_SKEW:
+ return retval;
+ default:
+ return KRB5KDC_ERR_PREAUTH_FAILED;
}
}
@@ -406,13 +407,9 @@ check_padata (
* structures which should be returned by the KDC to the client
*/
krb5_error_code
-return_padata(
- krb5_context context,
- krb5_db_entry * client,
- krb5_kdc_req * request,
- krb5_kdc_rep * reply,
- krb5_key_data * client_key,
- krb5_keyblock * encrypting_key)
+return_padata(krb5_context context, krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key, krb5_keyblock *encrypting_key)
{
krb5_error_code retval;
krb5_pa_data ** padata;
@@ -466,6 +463,7 @@ cleanup:
krb5_free_pa_data(context, send_pa_list);
return (retval);
}
+
static krb5_boolean
enctype_requires_etype_info_2(krb5_enctype enctype)
{
@@ -480,7 +478,7 @@ enctype_requires_etype_info_2(krb5_enctype enctype)
return 0;
default:
if (krb5_c_valid_enctype(enctype))
- return 1;
+ return 1;
else return 0;
}
}
@@ -496,13 +494,11 @@ request_contains_enctype (krb5_context context, const krb5_kdc_req *request,
return 0;
}
+
static krb5_error_code
-verify_enc_timestamp(
- krb5_context context,
- krb5_db_entry * client,
- krb5_kdc_req * request,
- krb5_enc_tkt_part * enc_tkt_reply,
- krb5_pa_data * pa)
+verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+ krb5_pa_data *pa)
{
krb5_pa_enc_ts * pa_enc = 0;
krb5_error_code retval;
@@ -514,7 +510,7 @@ verify_enc_timestamp(
krb5_int32 start;
krb5_timestamp timenow;
krb5_error_code decrypt_err;
-
+
(void) memset(&key, 0, sizeof(krb5_keyblock));
scratch.data = (char *) pa->contents;
scratch.length = pa->length;
@@ -574,7 +570,6 @@ cleanup:
krb5_free_data_contents(context, &enc_ts_data);
if (pa_enc)
free(pa_enc);
-
/*
* If we get NO_MATCHING_KEY and decryption previously failed, and
* we failed to find any other keys of the correct enctype after
@@ -583,15 +578,14 @@ cleanup:
*/
if (retval == KRB5_KDB_NO_MATCHING_KEY && decrypt_err != 0)
retval = decrypt_err;
-
return retval;
}
static krb5_error_code
_make_etype_info_entry(krb5_context context,
- krb5_kdc_req *request, krb5_key_data *client_key,
- krb5_enctype etype, krb5_etype_info_entry **entry,
- int etype_info2)
+ krb5_kdc_req *request, krb5_key_data *client_key,
+ krb5_enctype etype, krb5_etype_info_entry **entry,
+ int etype_info2)
{
krb5_data salt;
krb5_etype_info_entry * tmp_entry;
@@ -618,16 +612,16 @@ _make_etype_info_entry(krb5_context context,
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
- tmp_entry->s2kparams.data = malloc(1);
- if (tmp_entry->s2kparams.data == NULL) {
+ tmp_entry->s2kparams.data = malloc(1);
+ if (tmp_entry->s2kparams.data == NULL) {
retval = ENOMEM;
goto fail;
- }
- tmp_entry->s2kparams.length = 1;
- tmp_entry->s2kparams.data[0] = 1;
- break;
+ }
+ tmp_entry->s2kparams.length = 1;
+ tmp_entry->s2kparams.data[0] = 1;
+ break;
default:
- break;
+ break;
}
}
@@ -642,7 +636,7 @@ _make_etype_info_entry(krb5_context context,
fail:
if (tmp_entry) {
if (tmp_entry->s2kparams.data)
- free(tmp_entry->s2kparams.data);
+ free(tmp_entry->s2kparams.data);
free(tmp_entry);
}
if (salt.data)
@@ -653,81 +647,81 @@ fail:
* This function returns the etype information for a particular
* client, to be passed back in the preauth list in the KRB_ERROR
* message. It supports generating both etype_info and etype_info2
- * as most of the work is the same.
+ * as most of the work is the same.
*/
static krb5_error_code
etype_info_helper(krb5_context context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *pa_data, int etype_info2)
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *pa_data, int etype_info2)
{
krb5_etype_info_entry ** entry = 0;
krb5_key_data *client_key;
krb5_error_code retval;
krb5_data * scratch;
krb5_enctype db_etype;
- int i = 0;
- int start = 0;
+ int i = 0;
+ int start = 0;
int seen_des = 0;
- entry = malloc((client->n_key_data * 2 + 1) *
- sizeof(krb5_etype_info_entry *));
+ entry = malloc((client->n_key_data * 2 + 1) * sizeof(krb5_etype_info_entry *));
if (entry == NULL)
return ENOMEM;
entry[0] = NULL;
while (1) {
retval = krb5_dbe_search_enctype(context, client, &start, -1,
- -1, 0, &client_key);
+ -1, 0, &client_key);
if (retval == KRB5_KDB_NO_MATCHING_KEY)
- break;
+ break;
if (retval)
- goto cleanup;
+ goto cleanup;
db_etype = client_key->key_data_type[0];
if (db_etype == ENCTYPE_DES_CBC_MD4)
- db_etype = ENCTYPE_DES_CBC_MD5;
+ db_etype = ENCTYPE_DES_CBC_MD5;
+
if (request_contains_enctype(context, request, db_etype)) {
- assert(etype_info2 ||
- !enctype_requires_etype_info_2(db_etype));
- if ((retval = _make_etype_info_entry(context, request, client_key,
- db_etype, &entry[i], etype_info2)) != 0) {
+ assert(etype_info2 ||
+ !enctype_requires_etype_info_2(db_etype));
+ if ((retval = _make_etype_info_entry(context, request, client_key,
+ db_etype, &entry[i], etype_info2)) != 0) {
goto cleanup;
- }
- entry[i+1] = 0;
- i++;
+ }
+ entry[i+1] = 0;
+ i++;
}
- /*
- * If there is a des key in the kdb, try the "similar" enctypes,
- * avoid duplicate entries.
+ /*
+ * If there is a des key in the kdb, try the "similar" enctypes,
+ * avoid duplicate entries.
*/
if (!seen_des) {
- switch (db_etype) {
- case ENCTYPE_DES_CBC_MD5:
+ switch (db_etype) {
+ case ENCTYPE_DES_CBC_MD5:
db_etype = ENCTYPE_DES_CBC_CRC;
break;
- case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_CRC:
db_etype = ENCTYPE_DES_CBC_MD5;
break;
- default:
+ default:
continue;
- }
- if (request_contains_enctype(context, request, db_etype)) {
+ }
+ if (request_contains_enctype(context, request, db_etype)) {
if ((retval = _make_etype_info_entry(context, request,
- client_key, db_etype, &entry[i], etype_info2)) != 0) {
- goto cleanup;
+ client_key, db_etype, &entry[i], etype_info2)) != 0) {
+ goto cleanup;
}
- entry[i+1] = 0;
+ entry[i+1] = 0;
i++;
- }
- seen_des++;
+ }
+ seen_des++;
}
}
if (etype_info2)
retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry,
- &scratch);
- else
- retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry, &scratch);
+ &scratch);
+ else retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry,
+ &scratch);
if (retval)
goto cleanup;
pa_data->contents = (unsigned char *)scratch->data;
@@ -748,40 +742,39 @@ cleanup:
static krb5_error_code
get_etype_info(krb5_context context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *pa_data)
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *pa_data)
{
int i;
for (i=0; i < request->nktypes; i++) {
- if (enctype_requires_etype_info_2(request->ktype[i]))
- return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
- * skip this
- * type*/
+ if (enctype_requires_etype_info_2(request->ktype[i]))
+ return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
+ * skip this
+ * type*/
}
return etype_info_helper(context, request, client, server, pa_data, 0);
}
static krb5_error_code
get_etype_info2(krb5_context context, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_pa_data *pa_data)
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *pa_data)
{
return etype_info_helper( context, request, client, server, pa_data, 1);
}
static krb5_error_code
-return_etype_info2(krb5_context context, krb5_pa_data * padata,
- krb5_db_entry *client,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_key_data *client_key,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa)
+return_etype_info2(krb5_context context, krb5_pa_data * padata,
+ krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa)
{
krb5_error_code retval;
krb5_pa_data *tmp_padata;
krb5_etype_info_entry **entry = NULL;
krb5_data *scratch = NULL;
-
tmp_padata = malloc( sizeof(krb5_pa_data));
if (tmp_padata == NULL)
return ENOMEM;
@@ -794,61 +787,51 @@ return_etype_info2(krb5_context context, krb5_pa_data * padata,
entry[0] = NULL;
entry[1] = NULL;
/* using encrypting_key->enctype as this is specified in rfc4120 */
- retval = _make_etype_info_entry(context, request,
- client_key, encrypting_key->enctype,
- entry, 1);
+ retval = _make_etype_info_entry(context, request, client_key, encrypting_key->enctype,
+ entry, 1);
if (retval)
goto cleanup;
-
- retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry,
- &scratch);
+ retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry, &scratch);
if (retval)
goto cleanup;
tmp_padata->contents = (uchar_t *)scratch->data;
tmp_padata->length = scratch->length;
*send_pa = tmp_padata;
- /* For cleanup - we no longer own the contents of the krb5_data
+ /* For cleanup - we no longer own the contents of the krb5_data
* only to pointer to the krb5_data
*/
- scratch->data = 0;
+ scratch->data = 0;
cleanup:
if (entry)
krb5_free_etype_info(context, entry);
if (retval) {
if (tmp_padata)
- free(tmp_padata);
+ free(tmp_padata);
}
if (scratch)
- krb5_free_data(context, scratch);
+ krb5_free_data(context, scratch);
return retval;
}
static krb5_error_code
-return_pw_salt(context, in_padata, client, request, reply, client_key,
- encrypting_key, send_pa)
- krb5_context context;
- krb5_pa_data * in_padata;
- krb5_db_entry * client;
- krb5_kdc_req * request;
- krb5_kdc_rep * reply;
- krb5_key_data * client_key;
- krb5_keyblock * encrypting_key;
- krb5_pa_data ** send_pa;
+return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
+ krb5_db_entry *client, krb5_kdc_req *request,
+ krb5_kdc_rep *reply, krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key, krb5_pa_data **send_pa)
{
krb5_error_code retval;
krb5_pa_data * padata;
krb5_data * scratch;
krb5_data salt_data;
int i;
-
+
for (i = 0; i < request->nktypes; i++) {
if (enctype_requires_etype_info_2(request->ktype[i]))
- return 0;
+ return 0;
}
-
if (client_key->key_data_ver == 1 ||
client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)
return 0;
@@ -921,16 +904,10 @@ cleanup:
}
static krb5_error_code
-return_sam_data(context, in_padata, client, request, reply, client_key,
- encrypting_key, send_pa)
- krb5_context context;
- krb5_pa_data * in_padata;
- krb5_db_entry * client;
- krb5_kdc_req * request;
- krb5_kdc_rep * reply;
- krb5_key_data * client_key;
- krb5_keyblock * encrypting_key;
- krb5_pa_data ** send_pa;
+return_sam_data(krb5_context context, krb5_pa_data *in_padata,
+ krb5_db_entry *client, krb5_kdc_req *request,
+ krb5_kdc_rep *reply, krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key, krb5_pa_data **send_pa)
{
krb5_error_code retval;
krb5_data scratch;
@@ -1070,12 +1047,9 @@ static struct {
};
static krb5_error_code
-get_sam_edata(context, request, client, server, pa_data)
- krb5_context context;
- krb5_kdc_req * request;
- krb5_db_entry * client;
- krb5_db_entry * server;
- krb5_pa_data * pa_data;
+get_sam_edata(krb5_context context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_pa_data *pa_data)
{
krb5_error_code retval;
krb5_sam_challenge sc;
@@ -1104,7 +1078,8 @@ get_sam_edata(context, request, client, server, pa_data)
*/
{
- int npr = 1, more;
+ int npr = 1;
+ krb5_boolean more;
krb5_db_entry assoc;
krb5_key_data *assoc_key;
krb5_principal newp;
@@ -1131,7 +1106,7 @@ get_sam_edata(context, request, client, server, pa_data)
strlen(sam_ptr->name);
npr = 1;
retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, (uint *)&more);
- if(!retval) {
+ if(!retval && npr) {
sc.sam_type = sam_ptr->sam_type;
break;
}
@@ -1289,6 +1264,7 @@ get_sam_edata(context, request, client, server, pa_data)
int i;
(void) memset(&session_key, 0, sizeof(krb5_keyblock));
+
(void) memset(inputblock, 0, 8);
retval = krb5_c_make_random_key(kdc_context, ENCTYPE_DES_CBC_CRC,
@@ -1457,12 +1433,9 @@ cleanup:
}
static krb5_error_code
-verify_sam_response(context, client, request, enc_tkt_reply, pa)
- krb5_context context;
- krb5_db_entry * client;
- krb5_kdc_req * request;
- krb5_enc_tkt_part * enc_tkt_reply;
- krb5_pa_data * pa;
+verify_sam_response(krb5_context context, krb5_db_entry *client,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+ krb5_pa_data *pa)
{
krb5_error_code retval;
krb5_data scratch;
@@ -1544,7 +1517,8 @@ verify_sam_response(context, client, request, enc_tkt_reply, pa)
rep.server = "SAM/rc"; /* Should not match any principal name. */
rep.ctime = psr->stime;
rep.cusec = psr->susec;
- if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
+ retval = krb5_rc_store(kdc_context, kdc_rcache, &rep);
+ if (retval) {
com_err("krb5kdc", retval, gettext("SAM psr replay attack!"));
goto cleanup;
}
@@ -1592,6 +1566,8 @@ verify_sam_response(context, client, request, enc_tkt_reply, pa)
if (sr) free(sr);
if (psr) free(psr);
if (esre) free(esre);
+ if (princ_psr) free(princ_psr);
+ if (princ_req) free(princ_req);
return retval;
}
diff --git a/usr/src/cmd/krb5/krb5kdc/kdc_util.c b/usr/src/cmd/krb5/krb5kdc/kdc_util.c
index 9424a3fb09..6158ca00f1 100644
--- a/usr/src/cmd/krb5/krb5kdc/kdc_util.c
+++ b/usr/src/cmd/krb5/krb5kdc/kdc_util.c
@@ -34,9 +34,11 @@
#include "kdc_util.h"
#include "extern.h"
#include <stdio.h>
+#include <ctype.h>
#include <syslog.h>
#include "adm.h"
#include "adm_proto.h"
+#include <limits.h>
#ifdef USE_RCACHE
static char *kdc_current_rcname = (char *) NULL;
@@ -48,9 +50,7 @@ krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
* initialize the replay cache.
*/
krb5_error_code
-kdc_initialize_rcache(kcontext, rcache_name)
- krb5_context kcontext;
- char *rcache_name;
+kdc_initialize_rcache(krb5_context kcontext, char *rcache_name)
{
krb5_error_code retval;
char *rcname;
@@ -91,10 +91,8 @@ kdc_initialize_rcache(kcontext, rcache_name)
* The replacement should be freed with krb5_free_authdata().
*/
krb5_error_code
-concat_authorization_data(first, second, output)
-krb5_authdata **first;
-krb5_authdata **second;
-krb5_authdata ***output;
+concat_authorization_data(krb5_authdata **first, krb5_authdata **second,
+ krb5_authdata ***output)
{
register int i, j;
register krb5_authdata **ptr, **retdata;
@@ -140,9 +138,7 @@ krb5_authdata ***output;
}
krb5_boolean
-realm_compare(princ1, princ2)
- krb5_principal princ1;
- krb5_principal princ2;
+realm_compare(krb5_principal princ1, krb5_principal princ2)
{
krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1);
krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2);
@@ -155,11 +151,9 @@ realm_compare(princ1, princ2)
* Returns TRUE if the kerberos principal is the name of a Kerberos ticket
* service.
*/
-krb5_boolean krb5_is_tgs_principal(principal)
- krb5_principal principal;
+krb5_boolean krb5_is_tgs_principal(krb5_principal principal)
{
-
- if (krb5_princ_size(kdc_context, principal) > 0 &&
+ if ((krb5_princ_size(kdc_context, principal) > 0) &&
(krb5_princ_component(kdc_context, principal, 0)->length ==
KRB5_TGS_NAME_SIZE) &&
(!memcmp(krb5_princ_component(kdc_context, principal, 0)->data,
@@ -173,11 +167,8 @@ krb5_boolean krb5_is_tgs_principal(principal)
* for source data.
*/
static krb5_error_code
-comp_cksum(kcontext, source, ticket, his_cksum)
- krb5_context kcontext;
- krb5_data * source;
- krb5_ticket * ticket;
- krb5_checksum * his_cksum;
+comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket,
+ krb5_checksum *his_cksum)
{
krb5_error_code retval;
krb5_boolean valid;
@@ -202,12 +193,9 @@ comp_cksum(kcontext, source, ticket, his_cksum)
}
krb5_error_code
-kdc_process_tgs_req(request, from, pkt, ticket, subkey)
- krb5_kdc_req * request;
- const krb5_fulladdr * from;
- krb5_data * pkt;
- krb5_ticket ** ticket;
- krb5_keyblock ** subkey;
+kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
+ krb5_data *pkt, krb5_ticket **ticket,
+ krb5_keyblock **subkey)
{
krb5_pa_data ** tmppa;
krb5_ap_req * apreq;
@@ -218,8 +206,8 @@ kdc_process_tgs_req(request, from, pkt, ticket, subkey)
krb5_auth_context auth_context = NULL;
krb5_authenticator * authenticator = NULL;
krb5_checksum * his_cksum = NULL;
- krb5_keyblock * key = NULL;
- krb5_kvno kvno = 0;
+/* krb5_keyblock * key = NULL;*/
+/* krb5_kvno kvno = 0;*/
if (!request->padata)
return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
@@ -328,8 +316,8 @@ kdc_process_tgs_req(request, from, pkt, ticket, subkey)
goto cleanup_auth_context;
}
- if ((retval = krb5_auth_con_getremotesubkey(kdc_context,
- auth_context, subkey)))
+ if ((retval = krb5_auth_con_getrecvsubkey(kdc_context,
+ auth_context, subkey)))
goto cleanup_auth_context;
if ((retval = krb5_auth_con_getauthenticator(kdc_context, auth_context,
@@ -396,17 +384,13 @@ cleanup:
* much else. -- tlyu
*/
krb5_error_code
-kdc_get_server_key(ticket, key, kvno)
- krb5_ticket * ticket;
- krb5_keyblock ** key;
- krb5_kvno * kvno; /* XXX nothing uses this */
+kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
{
krb5_error_code retval;
krb5_db_entry server;
krb5_boolean more;
int nprincs;
krb5_key_data * server_key;
- int i;
nprincs = 1;
@@ -456,9 +440,7 @@ static krb5_last_req_entry nolrentry = { KV5M_LAST_REQ_ENTRY, KRB5_LRQ_NONE, 0 }
static krb5_last_req_entry *nolrarray[] = { &nolrentry, 0 };
krb5_error_code
-fetch_last_req_info(dbentry, lrentry)
-krb5_db_entry *dbentry;
-krb5_last_req_entry ***lrentry;
+fetch_last_req_info(krb5_db_entry *dbentry, krb5_last_req_entry ***lrentry)
{
*lrentry = nolrarray;
return 0;
@@ -468,8 +450,7 @@ krb5_last_req_entry ***lrentry;
/* XXX! This is a temporary place-holder */
krb5_error_code
-check_hot_list(ticket)
-krb5_ticket *ticket;
+check_hot_list(krb5_ticket *ticket)
{
return 0;
}
@@ -499,11 +480,9 @@ krb5_ticket *ticket;
* If r2 is not a subrealm, SUBREALM returns 0.
*/
static int
-subrealm(r1,r2)
-char *r1;
-char *r2;
+subrealm(char *r1, char *r2)
{
- int l1,l2;
+ size_t l1,l2;
l1 = strlen(r1);
l2 = strlen(r2);
if(l2 <= l1) return(0);
@@ -573,12 +552,9 @@ char *r2;
*/
krb5_error_code
-add_to_transited(tgt_trans, new_trans, tgs, client, server)
- krb5_data * tgt_trans;
- krb5_data * new_trans;
- krb5_principal tgs;
- krb5_principal client;
- krb5_principal server;
+add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans,
+ krb5_principal tgs, krb5_principal client,
+ krb5_principal server)
{
krb5_error_code retval;
char *realm;
@@ -634,20 +610,21 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
/* read field into current */
for (i = 0; *otrans != '\0';) {
- if (*otrans == '\\')
- if (*(++otrans) == '\0')
- break;
- else
- continue;
- if (*otrans == ',') {
- otrans++;
- break;
- }
- current[i++] = *otrans++;
- if (i >= MAX_REALM_LN) {
- retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
- goto fail;
- }
+ if (*otrans == '\\') {
+ if (*(++otrans) == '\0')
+ break;
+ else
+ continue;
+ }
+ if (*otrans == ',') {
+ otrans++;
+ break;
+ }
+ current[i++] = *otrans++;
+ if (i >= MAX_REALM_LN) {
+ retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+ goto fail;
+ }
}
current[i] = '\0';
@@ -690,20 +667,21 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
/* read field into next */
for (i = 0; *otrans != '\0';) {
- if (*otrans == '\\')
- if (*(++otrans) == '\0')
- break;
- else
- continue;
- if (*otrans == ',') {
- otrans++;
- break;
- }
- next[i++] = *otrans++;
- if (i >= MAX_REALM_LN) {
- retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
- goto fail;
- }
+ if (*otrans == '\\') {
+ if (*(++otrans) == '\0')
+ break;
+ else
+ continue;
+ }
+ if (*otrans == ',') {
+ otrans++;
+ break;
+ }
+ next[i++] = *otrans++;
+ if (i >= MAX_REALM_LN) {
+ retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+ goto fail;
+ }
}
next[i] = '\0';
nlst = i - 1;
@@ -734,10 +712,10 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
}
strncat(current, ",", sizeof(current) - 1 - strlen(current));
if (pl > 0) {
- strncat(current, realm, pl);
+ strncat(current, realm, (unsigned) pl);
}
else {
- strncat(current, realm+strlen(realm)+pl, -pl);
+ strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
}
}
@@ -760,10 +738,10 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
goto fail;
}
if (pl1 > 0) {
- strncat(current, realm, pl1);
+ strncat(current, realm, (unsigned) pl1);
}
else {
- strncat(current, realm+strlen(realm)+pl1, -pl1);
+ strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
}
}
else { /* If not a subrealm */
@@ -789,10 +767,10 @@ add_to_transited(tgt_trans, new_trans, tgs, client, server)
strncat(current,",", sizeof(current) - 1 - strlen(current));
current[sizeof(current) - 1] = '\0';
if (pl > 0) {
- strncat(current, exp, pl);
+ strncat(current, exp, (unsigned) pl);
}
else {
- strncat(current, exp+strlen(exp)+pl, -pl);
+ strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
}
}
}
@@ -854,20 +832,16 @@ fail:
* as a com_err error number!
*/
#define AS_INVALID_OPTIONS (KDC_OPT_FORWARDED | KDC_OPT_PROXY |\
- KDC_OPT_VALIDATE | KDC_OPT_RENEW | KDC_OPT_ENC_TKT_IN_SKEY)
-
+KDC_OPT_VALIDATE | KDC_OPT_RENEW | KDC_OPT_ENC_TKT_IN_SKEY)
int
-validate_as_request(request, client, server, kdc_time, status)
-register krb5_kdc_req *request;
-krb5_db_entry client;
-krb5_db_entry server;
-krb5_timestamp kdc_time;
-const char **status;
+validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
+ krb5_db_entry server, krb5_timestamp kdc_time,
+ const char **status)
{
int errcode;
/*
- * If an illegal option is set, complain.
+ * If an option is set that is only allowed in TGS requests, complain.
*/
if (request->kdc_options & AS_INVALID_OPTIONS) {
*status = "INVALID AS OPTIONS";
@@ -995,8 +969,7 @@ const char **status;
* returns -1 on failure.
*/
static int
-asn1length(astream)
-unsigned char **astream;
+asn1length(unsigned char **astream)
{
int length; /* resulting length */
int sublen; /* sublengths */
@@ -1047,11 +1020,8 @@ unsigned char **astream;
* returns 0 on success, -1 otherwise.
*/
int
-fetch_asn1_field(astream, level, field, data)
-unsigned char *astream;
-unsigned int level;
-unsigned int field;
-krb5_data *data;
+fetch_asn1_field(unsigned char *astream, unsigned int level,
+ unsigned int field, krb5_data *data)
{
unsigned char *estream; /* end of stream */
int classes; /* # classes seen so far this level */
@@ -1138,23 +1108,18 @@ krb5_data *data;
KDC_OPT_VALIDATE)
int
-validate_tgs_request(request, server, ticket, kdc_time, status)
-register krb5_kdc_req *request;
-krb5_db_entry server;
-krb5_ticket *ticket;
-krb5_timestamp kdc_time;
-const char **status;
+validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
+ krb5_ticket *ticket, krb5_timestamp kdc_time,
+ const char **status)
{
int errcode;
int st_idx = 0;
- krb5_flags badflags;
/*
* If an illegal option is set, ignore it.
*/
- badflags = request->kdc_options & ~(TGS_OPTIONS_HANDLED);
- request->kdc_options &= ~badflags;
-
+ request->kdc_options &= TGS_OPTIONS_HANDLED;
+
/* Check to see if server has expired */
if (server.expiration && server.expiration < kdc_time) {
*status = "SERVICE EXPIRED";
@@ -1197,7 +1162,8 @@ const char **status;
return KRB_AP_ERR_NOT_US;
}
/* ...and that the second component matches the server realm... */
- if ((krb5_princ_component(kdc_context, ticket->server, 1)->length !=
+ if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
+ (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
krb5_princ_realm(kdc_context, request->server)->length) ||
memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
krb5_princ_realm(kdc_context, request->server)->data,
@@ -1387,10 +1353,8 @@ const char **status;
* keytype, and 0 if not.
*/
int
-dbentry_has_key_for_enctype(context, client, enctype)
- krb5_context context;
- krb5_db_entry * client;
- krb5_enctype enctype;
+dbentry_has_key_for_enctype(krb5_context context, krb5_db_entry *client,
+ krb5_enctype enctype)
{
krb5_error_code retval;
krb5_key_data *datap;
@@ -1413,10 +1377,8 @@ dbentry_has_key_for_enctype(context, client, enctype)
* options bits for now.
*/
int
-dbentry_supports_enctype(context, client, enctype)
- krb5_context context;
- krb5_db_entry * client;
- krb5_enctype enctype;
+dbentry_supports_enctype(krb5_context context, krb5_db_entry *client,
+ krb5_enctype enctype)
{
/*
* If it's DES_CBC_MD5, there's a bit in the attribute mask which
@@ -1454,19 +1416,18 @@ dbentry_supports_enctype(context, client, enctype)
* requested, and what the KDC and the application server can support.
*/
krb5_enctype
-select_session_keytype(context, server, nktypes, ktype)
- krb5_context context;
- krb5_db_entry * server;
- int nktypes;
- krb5_enctype *ktype;
+select_session_keytype(krb5_context context, krb5_db_entry *server,
+ int nktypes, krb5_enctype *ktype)
{
int i;
- krb5_enctype dfl = 0;
for (i = 0; i < nktypes; i++) {
if (!krb5_c_valid_enctype(ktype[i]))
continue;
+ if (!krb5_is_permitted_enctype(context, ktype[i]))
+ continue;
+
if (dbentry_supports_enctype(context, server, ktype[i]))
return ktype[i];
}
@@ -1477,17 +1438,14 @@ select_session_keytype(context, server, nktypes, ktype)
* This function returns salt information for a particular client_key
*/
krb5_error_code
-get_salt_from_key(context, client, client_key, salt)
- krb5_context context;
- krb5_principal client;
- krb5_key_data * client_key;
- krb5_data * salt;
+get_salt_from_key(krb5_context context, krb5_principal client,
+ krb5_key_data *client_key, krb5_data *salt)
{
krb5_error_code retval;
krb5_data * realm;
salt->data = 0;
- salt->length = -1;
+ salt->length = SALT_TYPE_NO_LENGTH;
if (client_key->key_data_ver == 1)
return 0;
@@ -1548,3 +1506,82 @@ void limit_string(char *name)
name[i] = '\0';
return;
}
+
+/*
+ * L10_2 = log10(2**x), rounded up; log10(2) ~= 0.301.
+ */
+#define L10_2(x) ((int)(((x * 301) + 999) / 1000))
+
+/*
+ * Max length of sprintf("%ld") for an int of type T; includes leading
+ * minus sign and terminating NUL.
+ */
+#define D_LEN(t) (L10_2(sizeof(t) * CHAR_BIT) + 2)
+
+void
+ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype)
+{
+ int i;
+ char stmp[D_LEN(krb5_enctype) + 1];
+ char *p;
+
+ if (nktypes < 0
+ || len < (sizeof(" etypes {...}") + D_LEN(int))) {
+ *s = '\0';
+ return;
+ }
+
+ sprintf(s, "%d etypes {", nktypes);
+ for (i = 0; i < nktypes; i++) {
+ sprintf(stmp, "%s%ld", i ? " " : "", (long)ktype[i]);
+ if (strlen(s) + strlen(stmp) + sizeof("}") > len)
+ break;
+ strcat(s, stmp);
+ }
+ if (i < nktypes) {
+ /*
+ * We broke out of the loop. Try to truncate the list.
+ */
+ p = s + strlen(s);
+ while (p - s + sizeof("...}") > len) {
+ while (p > s && *p != ' ' && *p != '{')
+ *p-- = '\0';
+ if (p > s && *p == ' ') {
+ *p-- = '\0';
+ continue;
+ }
+ }
+ strcat(s, "...");
+ }
+ strcat(s, "}");
+ return;
+}
+
+void
+rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep)
+{
+ char stmp[sizeof("ses=") + D_LEN(krb5_enctype)];
+
+ if (len < (3 * D_LEN(krb5_enctype)
+ + sizeof("etypes {rep= tkt= ses=}"))) {
+ *s = '\0';
+ return;
+ }
+
+ sprintf(s, "etypes {rep=%ld", (long)rep->enc_part.enctype);
+
+ if (rep->ticket != NULL) {
+ sprintf(stmp, " tkt=%ld", (long)rep->ticket->enc_part.enctype);
+ strcat(s, stmp);
+ }
+
+ if (rep->ticket != NULL
+ && rep->ticket->enc_part2 != NULL
+ && rep->ticket->enc_part2->session != NULL) {
+ sprintf(stmp, " ses=%ld",
+ (long)rep->ticket->enc_part2->session->enctype);
+ strcat(s, stmp);
+ }
+ strcat(s, "}");
+ return;
+}
diff --git a/usr/src/cmd/krb5/krb5kdc/kdc_util.h b/usr/src/cmd/krb5/krb5kdc/kdc_util.h
index 615b4558cb..4c4f8d9127 100644
--- a/usr/src/cmd/krb5/krb5kdc/kdc_util.h
+++ b/usr/src/cmd/krb5/krb5kdc/kdc_util.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -32,7 +32,7 @@
*/
#ifndef __KRB5_KDC_UTIL__
-#define __KRB5_KDC_UTIL__
+#define __KRB5_KDC_UTIL__
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -109,21 +109,24 @@ get_salt_from_key (krb5_context, krb5_principal,
void limit_string (char *name);
+void
+ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
+
+void
+rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
+
/* do_as_req.c */
krb5_error_code process_as_req (krb5_kdc_req *,
const krb5_fulladdr *,
- int,
krb5_data ** );
/* do_tgs_req.c */
krb5_error_code process_tgs_req (krb5_data *,
const krb5_fulladdr *,
- int,
krb5_data ** );
/* dispatch.c */
krb5_error_code dispatch (krb5_data *,
const krb5_fulladdr *,
- int,
krb5_data **);
/* main.c */
@@ -166,13 +169,7 @@ krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *,
krb5_data **);
void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *,
krb5_data *);
-
-/* sock2p.c */
-#ifndef HAVE_INET_NTOP
-/* It's provided by sock2p.c in this case. */
-extern const char *inet_ntop (int, const void *, char *, size_t);
-#endif
-extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *);
+void kdc_free_lookaside(krb5_context);
/* which way to convert key? */
#define CONVERT_INTO_DB 0
@@ -185,8 +182,9 @@ extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *);
#ifdef KRB5_KRB4_COMPAT
krb5_error_code process_v4 (const krb5_data *,
const krb5_fulladdr *,
- int is_secondary,
krb5_data **);
+void process_v4_mode (const char *, const char *);
+void enable_v4_crossrealm(char *);
#else
#define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
#endif
diff --git a/usr/src/cmd/krb5/krb5kdc/main.c b/usr/src/cmd/krb5/krb5kdc/main.c
index 0cf052f686..ba3393f41b 100644
--- a/usr/src/cmd/krb5/krb5kdc/main.c
+++ b/usr/src/cmd/krb5/krb5kdc/main.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -53,7 +53,13 @@
#include <netinet/in.h>
#endif
-kdc_realm_t *find_realm_data (char *, krb5_ui_4);
+#ifdef KRB5_KRB4_COMPAT
+#include <des.h>
+#endif
+
+#if defined(NEED_DAEMON_PROTO)
+extern int daemon(int, int);
+#endif
void usage (char *);
@@ -84,9 +90,7 @@ static struct sigaction s_action;
* Find the realm entry for a given realm.
*/
kdc_realm_t *
-find_realm_data(rname, rsize)
- char *rname;
- krb5_ui_4 rsize;
+find_realm_data(char *rname, krb5_ui_4 rsize)
{
int i;
for (i=0; i<kdc_numrealms; i++) {
@@ -98,8 +102,7 @@ find_realm_data(rname, rsize)
}
krb5_error_code
-setup_server_realm(sprinc)
- krb5_principal sprinc;
+setup_server_realm(krb5_principal sprinc)
{
krb5_error_code kret;
kdc_realm_t *newrealm;
@@ -118,8 +121,7 @@ setup_server_realm(sprinc)
}
static void
-finish_realm(rdp)
- kdc_realm_t *rdp;
+finish_realm(kdc_realm_t *rdp)
{
if (rdp->realm_dbname)
free(rdp->realm_dbname);
@@ -131,8 +133,6 @@ finish_realm(rdp)
free(rdp->realm_ports);
if (rdp->realm_tcp_ports)
free(rdp->realm_tcp_ports);
- if (rdp->realm_kstypes)
- free(rdp->realm_kstypes);
if (rdp->realm_keytab)
krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
if (rdp->realm_context) {
@@ -142,15 +142,12 @@ finish_realm(rdp)
memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
free(rdp->realm_mkey.contents);
}
- if (rdp->realm_tgskey.length && rdp->realm_tgskey.contents) {
- memset(rdp->realm_tgskey.contents, 0, rdp->realm_tgskey.length);
- free(rdp->realm_tgskey.contents);
- }
krb5_db_fini(rdp->realm_context);
if (rdp->realm_tgsprinc)
krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
krb5_free_context(rdp->realm_context);
}
+ memset((char *) rdp, 0, sizeof(*rdp));
free(rdp);
}
@@ -162,32 +159,14 @@ finish_realm(rdp)
* realm data and we should be all set to begin operation for that realm.
*/
static krb5_error_code
-init_realm(progname, rdp, realm, def_dbname, def_mpname,
- def_enctype, def_udp_ports, def_tcp_ports, def_manual)
- char *progname;
- kdc_realm_t *rdp;
- char *realm;
- char *def_dbname;
- char *def_mpname;
- krb5_enctype def_enctype;
- char *def_udp_ports;
- char *def_tcp_ports;
- krb5_boolean def_manual;
+init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
+ char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports,
+ char *def_tcp_ports, krb5_boolean def_manual)
{
krb5_error_code kret;
krb5_boolean manual;
- krb5_db_entry db_entry;
- int num2get;
- krb5_boolean more;
- krb5_boolean db_inited;
krb5_realm_params *rparams;
- krb5_key_data *kdata;
- krb5_key_salt_tuple *kslist;
- krb5_int32 nkslist;
- int i;
- krb5_deltat now, krb5_kdb_max_time;
- db_inited = 0;
memset((char *) rdp, 0, sizeof(kdc_realm_t));
if (!realm) {
kret = EINVAL;
@@ -208,7 +187,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
com_err(progname, kret, gettext("while reading realm parameters"));
goto whoops;
}
-
+
/* Handle profile file name */
if (rparams && rparams->realm_profile)
rdp->realm_profile = strdup(rparams->realm_profile);
@@ -249,50 +228,20 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
rdp->realm_mkey.enctype = (krb5_enctype) rparams->realm_enctype;
else
rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
- if ((kret = krb5_timeofday(rdp->realm_context, &now))) {
- com_err(progname, kret, gettext("while getting timeofday"));
- goto whoops;
- }
- /* Handle ticket maximum life */
- if (rparams && rparams->realm_max_life_valid)
- rdp->realm_maxlife = rparams->realm_max_life;
+ /* Handle reject-bad-transit flag */
+ if (rparams && rparams->realm_reject_bad_transit_valid)
+ rdp->realm_reject_bad_transit = rparams->realm_reject_bad_transit;
else
- rdp->realm_maxlife = KRB5_KDB_EXPIRATION - now - 3600;
+ rdp->realm_reject_bad_transit = 1;
+
+ /* Handle ticket maximum life */
+ rdp->realm_maxlife = (rparams && rparams->realm_max_life_valid) ?
+ rparams->realm_max_life : KRB5_KDB_MAX_LIFE;
/* Handle ticket renewable maximum life */
- if (rparams && rparams->realm_max_rlife_valid)
- rdp->realm_maxrlife = rparams->realm_max_rlife;
- else
- rdp->realm_maxrlife = KRB5_KDB_EXPIRATION - now - 3600;
-
- /* Handle key/salt list */
- if (rparams && rparams->realm_num_keysalts) {
- rdp->realm_kstypes = rparams->realm_keysalts;
- rdp->realm_nkstypes = rparams->realm_num_keysalts;
- rparams->realm_keysalts = NULL;
- rparams->realm_num_keysalts = 0;
- kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes;
- nkslist = rdp->realm_nkstypes;
- } else {
- /*
- * XXX Initialize default key/salt list.
- */
- if ((kslist = (krb5_key_salt_tuple *)
- malloc(sizeof(krb5_key_salt_tuple)))) {
- kslist->ks_enctype = ENCTYPE_DES_CBC_CRC;
- kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
- rdp->realm_kstypes = kslist;
- rdp->realm_nkstypes = 1;
- nkslist = 1;
- }
- else {
- com_err(progname, ENOMEM,
- gettext("while setting up key/salt list for realm %s"),
- realm);
- exit(1);
- }
- }
+ rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ?
+ rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
if (rparams)
krb5_free_realm_params(rdp->realm_context, rparams);
@@ -344,8 +293,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
gettext("while initializing database "),
gettext("for realm %s"), realm);
goto whoops;
- } else
- db_inited = 1;
+ }
/* Verify the master key */
if ((kret = krb5_db_verify_master_key(rdp->realm_context,
@@ -357,52 +305,6 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
goto whoops;
}
- /* Fetch the master key and get its version number */
- num2get = 1;
- kret = krb5_db_get_principal(rdp->realm_context, rdp->realm_mprinc,
- &db_entry, &num2get, &more);
- if (!kret) {
- if (num2get != 1)
- kret = KRB5_KDB_NOMASTERKEY;
- else {
- if (more) {
- krb5_db_free_principal(rdp->realm_context,
- &db_entry,
- num2get);
- kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
- }
- }
- }
- if (kret) {
- com_err(progname, kret,
- gettext("while fetching master entry for realm %s"),
- realm);
- goto whoops;
- }
-
- /*
- * Get the most recent master key. Search the key list in
- * the order specified by the key/salt list.
- */
- kdata = (krb5_key_data *) NULL;
- for (i=0; i<nkslist; i++) {
- if (!(kret = krb5_dbe_find_enctype(rdp->realm_context,
- &db_entry,
- kslist[i].ks_enctype,
- -1,
- -1,
- &kdata)))
- break;
- }
- if (!kdata) {
- com_err(progname, kret,
- gettext("while finding master key for realm %s"),
- realm);
- goto whoops;
- }
- rdp->realm_mkvno = kdata->key_data_kvno;
- krb5_db_free_principal(rdp->realm_context, &db_entry, num2get);
-
if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
com_err(progname, kret,
gettext("while processing master key for realm %s"),
@@ -411,8 +313,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
}
/* Set up the keytab */
- if ((kret = krb5_ktkdb_resolve(rdp->realm_context,
- NULL,
+ if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL,
&rdp->realm_keytab))) {
com_err(progname, kret,
gettext("while resolving kdb keytab for realm %s"),
@@ -430,68 +331,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
goto whoops;
}
- /* Get the TGS database entry */
- num2get = 1;
- if (!(kret = krb5_db_get_principal(rdp->realm_context,
- rdp->realm_tgsprinc,
- &db_entry,
- &num2get,
- &more))) {
- if (num2get != 1)
- kret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
- else {
- if (more) {
- krb5_db_free_principal(rdp->realm_context,
- &db_entry,
- num2get);
- kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
- }
- }
- }
- if (kret) {
- com_err(progname, kret,
- gettext("while fetching TGS entry for realm %s"),
- realm);
- goto whoops;
- }
- /*
- * Get the most recent TGS key. Search the key list in
- * the order specified by the key/salt list.
- */
- kdata = (krb5_key_data *) NULL;
- for (i=0; i<nkslist; i++) {
- if (!(kret = krb5_dbe_find_enctype(rdp->realm_context,
- &db_entry,
- kslist[i].ks_enctype,
- -1,
- -1,
- &kdata)))
- break;
- }
- if (!kdata) {
- com_err(progname, kret,
- gettext("while finding TGS key for realm %s"),
- realm);
- goto whoops;
- }
- if (!(kret = krb5_dbekd_decrypt_key_data(rdp->realm_context,
- &rdp->realm_mkey,
- kdata,
- &rdp->realm_tgskey, NULL))){
- rdp->realm_tgskvno = kdata->key_data_kvno;
- }
- krb5_db_free_principal(rdp->realm_context,
- &db_entry,
- num2get);
- if (kret) {
- com_err(progname, kret,
- gettext("while decrypting TGS key for realm %s"),
- realm);
- goto whoops;
- }
-
if (!rkey_init_done) {
- krb5_timestamp now;
krb5_data seed;
#ifdef KRB5_KRB4_COMPAT
krb5_keyblock temp_key;
@@ -501,18 +341,14 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
* generators.
*/
- if ((kret = krb5_timeofday(rdp->realm_context, &now)))
- goto whoops;
- seed.length = sizeof(now);
- seed.data = (char *) &now;
- if ((kret = krb5_c_random_seed(rdp->realm_context, &seed)))
- goto whoops;
-
seed.length = rdp->realm_mkey.length;
seed.data = (char *)rdp->realm_mkey.contents;
-
- if ((kret = krb5_c_random_seed(rdp->realm_context, &seed)))
+/* SUNW14resync - XXX */
+#if 0
+ if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
+ KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
goto whoops;
+#endif
#ifdef KRB5_KRB4_COMPAT
if ((kret = krb5_c_make_random_key(rdp->realm_context,
@@ -532,14 +368,14 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
* If we choked, then clean up any dirt we may have dropped on the floor.
*/
if (kret) {
+
finish_realm(rdp);
}
return(kret);
}
krb5_sigtype
-request_exit(signo)
- int signo;
+request_exit(int signo)
{
signal_requests_exit = 1;
@@ -551,8 +387,7 @@ request_exit(signo)
}
krb5_sigtype
-request_hup(signo)
- int signo;
+request_hup(int signo)
{
signal_requests_hup = 1;
@@ -564,7 +399,7 @@ request_hup(signo)
}
void
-setup_signal_handlers()
+setup_signal_handlers(void)
{
#ifdef POSIX_SIGNALS
(void) sigemptyset(&s_action.sa_mask);
@@ -584,24 +419,20 @@ setup_signal_handlers()
}
krb5_error_code
-setup_sam()
+setup_sam(void)
{
return krb5_c_make_random_key(kdc_context, ENCTYPE_DES_CBC_MD5, &psr_key);
}
void
-usage(name)
-char *name;
+usage(char *name)
{
fprintf(stderr, gettext("usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-n]\n"), name);
return;
}
void
-initialize_realms(kcontext, argc, argv)
- krb5_context kcontext;
- int argc;
- char **argv;
+initialize_realms(krb5_context kcontext, int argc, char **argv)
{
int c;
char *db_name = (char *) NULL;
@@ -620,10 +451,6 @@ initialize_realms(kcontext, argc, argv)
char *v4mode = 0;
#endif
extern char *optarg;
-#ifdef ATHENA_DES3_KLUDGE
- extern struct krb5_keytypes krb5_enctypes_list[];
- extern int krb5_enctypes_length;
-#endif
if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
hierarchy[0] = "kdcdefaults";
@@ -715,19 +542,11 @@ initialize_realms(kcontext, argc, argv)
v4mode = strdup(optarg);
#endif
break;
- case '3':
-#ifdef ATHENA_DES3_KLUDGE
- if (krb5_enctypes_list[krb5_enctypes_length-1].etype
- != ENCTYPE_LOCAL_DES3_HMAC_SHA1) {
- fprintf(stderr,
- "internal inconsistency in enctypes_list"
- " while disabling\n"
- "des3-marc-hmac-sha1 enctype\n");
- exit(1);
- }
- krb5_enctypes_length--;
- break;
+ case 'X':
+#ifdef KRB5_KRB4_COMPAT
+ enable_v4_crossrealm(argv[0]);
#endif
+ break;
case '?':
default:
usage(argv[0]);
@@ -750,6 +569,8 @@ initialize_realms(kcontext, argc, argv)
if ((retval = krb5_get_default_realm(kcontext, &lrealm))) {
com_err(argv[0], retval,
gettext("while attempting to retrieve default realm"));
+ fprintf (stderr, "%s: %s, %s", argv[0], error_message (retval),
+ gettext("attempting to retrieve default realm\n"));
exit(1);
}
if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
@@ -771,7 +592,8 @@ initialize_realms(kcontext, argc, argv)
* Now handle the replay cache.
*/
if ((retval = kdc_initialize_rcache(kcontext, rcname))) {
- com_err(argv[0], retval, gettext("while initializing KDC replay cache"));
+ com_err(argv[0], retval, gettext("while initializing KDC replay cache '%s'"),
+ rcname);
exit(1);
}
#endif
@@ -787,8 +609,7 @@ initialize_realms(kcontext, argc, argv)
}
void
-finish_realms(prog)
- char *prog;
+finish_realms(char *prog)
{
int i;
@@ -824,13 +645,10 @@ finish_realms(prog)
exit
*/
-int main(argc, argv)
- int argc;
- char *argv[];
+int main(int argc, char **argv)
{
krb5_error_code retval;
krb5_context kcontext;
- int *port_list;
int errout = 0;
(void) setlocale(LC_ALL, "");
@@ -851,7 +669,6 @@ int main(argc, argv)
}
memset((char *) kdc_realmlist, 0,
(size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS));
- port_list = NULL;
/*
* A note about Kerberos contexts: This context, "kcontext", is used
@@ -874,7 +691,8 @@ int main(argc, argv)
setup_signal_handlers();
- if (retval = setup_sam()) {
+ retval = setup_sam();
+ if (retval) {
com_err(argv[0], retval, gettext("while initializing SAM"));
finish_realms(argv[0]);
return 1;
@@ -906,6 +724,18 @@ int main(argc, argv)
krb5_klog_syslog(LOG_INFO, "shutting down");
krb5_klog_close(kdc_context);
finish_realms(argv[0]);
+ if (kdc_realmlist)
+ free(kdc_realmlist);
+#ifdef USE_RCACHE
+ (void) krb5_rc_close(kcontext, kdc_rcache);
+#endif
+#ifndef NOCACHE
+ kdc_free_lookaside(kcontext);
+#endif
krb5_free_context(kcontext);
return errout;
}
+
+
+
+
diff --git a/usr/src/cmd/krb5/krb5kdc/network.c b/usr/src/cmd/krb5/krb5kdc/network.c
index ffa738b800..0913e8ad87 100644
--- a/usr/src/cmd/krb5/krb5kdc/network.c
+++ b/usr/src/cmd/krb5/krb5kdc/network.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -93,8 +93,7 @@ set_sa_port(struct sockaddr *addr, int port)
}
}
-static int
-ipv6_enabled()
+static int ipv6_enabled()
{
#ifdef KRB5_USE_INET6
static int result = -1;
@@ -107,9 +106,9 @@ ipv6_enabled()
} else
result = 0;
}
- return (result);
+ return result;
#else
- return (0);
+ return 0;
#endif
}
@@ -127,7 +126,7 @@ setv6only(int sock, int value)
}
#endif
-
+
static const char *paddr (struct sockaddr *sa)
{
static char buf[100];
@@ -137,7 +136,7 @@ static const char *paddr (struct sockaddr *sa)
NI_NUMERICHOST|NI_NUMERICSERV))
strcpy(buf, "<unprintable>");
else {
- int len = sizeof(buf) - strlen(buf);
+ unsigned int len = sizeof(buf) - strlen(buf);
char *p = buf + strlen(buf);
if (len > 2+strlen(portbuf)) {
*p++ = '.';
@@ -150,10 +149,12 @@ static const char *paddr (struct sockaddr *sa)
/* KDC data. */
+enum kdc_conn_type { CONN_UDP, CONN_TCP_LISTENER, CONN_TCP };
+
/* Per-connection info. */
struct connection {
int fd;
- enum { CONN_UDP, CONN_TCP_LISTENER, CONN_TCP } type;
+ enum kdc_conn_type type;
void (*service)(struct connection *, const char *, int);
/* Solaris Kerberos: for auditing */
in_port_t port; /* local port */
@@ -189,7 +190,7 @@ struct connection {
} u;
};
-
+
#define SET(TYPE) struct { TYPE *data; int n, max; }
/* Start at the top and work down -- this should allow for deletions
@@ -270,10 +271,12 @@ static krb5_error_code add_tcp_port(int port)
return 0;
}
+
#define USE_AF AF_INET
#define USE_TYPE SOCK_DGRAM
#define USE_PROTO 0
#define SOCKET_ERRNO errno
+#include "foreachaddr.h"
struct socksetup {
const char *prog;
@@ -281,7 +284,7 @@ struct socksetup {
};
static struct connection *
-add_fd (struct socksetup *data, int sock, int conntype,
+add_fd (struct socksetup *data, int sock, enum kdc_conn_type conntype,
void (*service)(struct connection *, const char *, int))
{
struct connection *newconn;
@@ -305,7 +308,6 @@ add_fd (struct socksetup *data, int sock, int conntype,
newconn->type = conntype;
newconn->fd = sock;
newconn->service = service;
-
return newconn;
}
@@ -340,11 +342,8 @@ delete_fd (struct connection *xconn)
FOREACH_ELT(connections, i, conn)
if (conn == xconn) {
DEL(connections, i);
- /* Solaris kerberos: fix memory leak */
- free(xconn);
- return;
+ break;
}
-
free(xconn);
}
@@ -354,7 +353,7 @@ setnbio(int sock)
static const int one = 1;
return ioctlsocket(sock, FIONBIO, (const void *)&one);
}
-
+
static int
setnolinger(int s)
{
@@ -478,8 +477,8 @@ setup_tcp_listener_ports(struct socksetup *data)
if (add_tcp_listener_fd(data, s4) == 0)
close(s4);
else
- krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s port %d",
- s4, paddr((struct sockaddr *)&sin4), port);
+ krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+ s4, paddr((struct sockaddr *)&sin4));
}
#ifdef KRB5_USE_INET6
if (s6 >= 0) {
@@ -490,8 +489,8 @@ setup_tcp_listener_ports(struct socksetup *data)
close(s6);
s6 = -1;
} else
- krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s port %d",
- s6, paddr((struct sockaddr *)&sin6), port);
+ krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+ s6, paddr((struct sockaddr *)&sin6));
if (s4 < 0)
krb5_klog_syslog(LOG_INFO,
"assuming IPv6 socket accepts IPv4");
@@ -537,6 +536,10 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
case AF_LINK:
return 0;
#endif
+#ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */
+ case AF_DLI:
+ return 0;
+#endif
default:
krb5_klog_syslog (LOG_INFO,
"skipping unrecognized local address family %d",
@@ -564,8 +567,8 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
FD_SET (sock, &sstate.rfds);
if (sock >= sstate.max)
sstate.max = sock + 1;
- krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s port %d", sock,
- paddr((struct sockaddr *)addr), port);
+ krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s", sock,
+ paddr((struct sockaddr *)addr));
if (add_udp_fd (data, sock) == 0)
return 1;
}
@@ -617,6 +620,8 @@ scan_for_newlines:
}
#endif
+/* XXX */
+extern int krb5int_debug_sendto_kdc;
extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t);
krb5_error_code
@@ -632,6 +637,7 @@ setup_network(const char *prog)
FD_ZERO(&sstate.xfds);
sstate.max = 0;
+/* krb5int_debug_sendto_kdc = 1; */
krb5int_sendtokdc_debug_handler = klog_handler;
/* Handle each realm's ports */
@@ -732,7 +738,7 @@ static void process_packet(struct connection *conn, const char *prog,
krb5_data *response;
char pktbuf[MAX_DGRAM_SIZE];
int port_fd = conn->fd;
-
+
response = NULL;
saddr_len = sizeof(saddr);
cc = recvfrom(port_fd, pktbuf, sizeof(pktbuf), 0,
@@ -755,7 +761,7 @@ static void process_packet(struct connection *conn, const char *prog,
faddr.address = &addr;
init_addr(&faddr, ss2sa(&saddr));
/* this address is in net order */
- if ((retval = dispatch(&request, &faddr, conn->port, &response))) {
+ if ((retval = dispatch(&request, &faddr, &response))) {
com_err(prog, retval, gettext("while dispatching (udp)"));
return;
}
@@ -826,6 +832,10 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
strcpy(p, tmpbuf);
}
}
+#if 0
+ krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s",
+ s, newconn->u.tcp.addrbuf);
+#endif
newconn->u.tcp.addr_s = addr_s;
newconn->u.tcp.addrlen = addrlen;
@@ -865,6 +875,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
newconn->u.tcp.addrbuf);
delete_fd(newconn);
close(s);
+ tcp_data_counter--;
return;
}
newconn->u.tcp.offset = 0;
@@ -896,24 +907,20 @@ kill_tcp_connection(struct connection *conn)
sstate.max--;
close(conn->fd);
conn->fd = -1;
- tcp_data_counter--;
- /* Solaris kerberos: fix memory leak */
delete_fd(conn);
+ tcp_data_counter--;
}
static void
process_tcp_connection(struct connection *conn, const char *prog, int selflags)
{
-
if (selflags & SSF_WRITE) {
ssize_t nwrote;
SOCKET_WRITEV_TEMP tmp;
- krb5_error_code e;
nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum,
tmp);
if (nwrote < 0) {
- e = SOCKET_ERRNO;
goto kill_tcp_connection;
}
if (nwrote == 0)
@@ -991,11 +998,10 @@ process_tcp_connection(struct connection *conn, const char *prog, int selflags)
conn->u.tcp.offset += nread;
if (conn->u.tcp.offset < conn->u.tcp.msglen + 4)
return;
-
/* have a complete message, and exactly one message */
request.length = conn->u.tcp.msglen;
request.data = conn->u.tcp.buffer + 4;
- err = dispatch(&request, &conn->u.tcp.faddr, conn->port,
+ err = dispatch(&request, &conn->u.tcp.faddr,
&conn->u.tcp.response);
if (err) {
com_err(prog, err, gettext("while dispatching (tcp)"));
@@ -1083,6 +1089,11 @@ closedown_network(const char *prog)
if (conn->fd >= 0)
(void) close(conn->fd);
DEL (connections, i);
+ /* There may also be per-connection data in the tcp structure
+ (tcp.buffer, tcp.response) that we're not freeing here.
+ That should only happen if we quit with a connection in
+ progress. */
+ free(conn);
}
FREE_SET_DATA(connections);
FREE_SET_DATA(udp_port_data);
diff --git a/usr/src/cmd/krb5/krb5kdc/policy.c b/usr/src/cmd/krb5/krb5kdc/policy.c
index 38b9114faa..f2039fc12e 100644
--- a/usr/src/cmd/krb5/krb5kdc/policy.c
+++ b/usr/src/cmd/krb5/krb5kdc/policy.c
@@ -33,12 +33,9 @@
#include "kdc_util.h"
int
-against_local_policy_as(request, client, server, kdc_time, status)
-register krb5_kdc_req *request;
-krb5_db_entry client;
-krb5_db_entry server;
-krb5_timestamp kdc_time;
-const char **status;
+against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client,
+ krb5_db_entry server, krb5_timestamp kdc_time,
+ const char **status)
{
#if 0
/* An AS request must include the addresses field */
@@ -55,11 +52,8 @@ const char **status;
* This is where local policy restrictions for the TGS should placed.
*/
krb5_error_code
-against_local_policy_tgs(request, server, ticket, status)
-register krb5_kdc_req *request;
-krb5_db_entry server;
-krb5_ticket *ticket;
-const char **status;
+against_local_policy_tgs(register krb5_kdc_req *request, krb5_db_entry server,
+ krb5_ticket *ticket, const char **status)
{
#if 0
/*
diff --git a/usr/src/cmd/krb5/krb5kdc/replay.c b/usr/src/cmd/krb5/krb5kdc/replay.c
index dd96cb1d96..d944bbada7 100644
--- a/usr/src/cmd/krb5/krb5kdc/replay.c
+++ b/usr/src/cmd/krb5/krb5kdc/replay.c
@@ -74,10 +74,8 @@ static int num_entries = 0;
FALSE if the caller should do the work */
krb5_boolean
-kdc_check_lookaside(inpkt, from, outpkt)
- register krb5_data *inpkt;
- register const krb5_fulladdr *from;
- register krb5_data **outpkt;
+kdc_check_lookaside(krb5_data *inpkt, const krb5_fulladdr *from,
+ krb5_data **outpkt)
{
krb5_int32 timenow;
register krb5_kdc_replay_ent *eptr, *last, *hold;
@@ -130,10 +128,8 @@ kdc_check_lookaside(inpkt, from, outpkt)
already there, and can fail softly due to other weird errors. */
void
-kdc_insert_lookaside(inpkt, from, outpkt)
- register krb5_data *inpkt;
- register const krb5_fulladdr *from;
- register krb5_data *outpkt;
+kdc_insert_lookaside(krb5_data *inpkt, const krb5_fulladdr *from,
+ krb5_data *outpkt)
{
register krb5_kdc_replay_ent *eptr;
krb5_int32 timenow;
@@ -175,4 +171,23 @@ kdc_insert_lookaside(inpkt, from, outpkt)
return;
}
+/* frees memory associated with the lookaside queue for memory profiling */
+void
+kdc_free_lookaside(krb5_context kcontext)
+{
+ register krb5_kdc_replay_ent *eptr, *last, *hold;
+ if (root_ptr.next) {
+ for (last = &root_ptr, eptr = root_ptr.next;
+ eptr; eptr = eptr->next) {
+ krb5_free_data(kcontext, eptr->req_packet);
+ krb5_free_data(kcontext, eptr->reply_packet);
+ krb5_free_address(kcontext, eptr->addr);
+ hold = eptr;
+ last->next = eptr->next;
+ eptr = last;
+ free(hold);
+ }
+ }
+}
+
#endif /* NOCACHE */
diff --git a/usr/src/cmd/krb5/slave/kprop.c b/usr/src/cmd/krb5/slave/kprop.c
index a4eb7e5a24..af5d00403d 100644
--- a/usr/src/cmd/krb5/slave/kprop.c
+++ b/usr/src/cmd/krb5/slave/kprop.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -36,7 +36,6 @@
#include <errno.h>
#include <stdio.h>
-#include <stdlib.h>
#include <ctype.h>
#include <sys/file.h>
#include <signal.h>
@@ -73,27 +72,27 @@ krb5_address sender_addr;
krb5_address receiver_addr;
void PRS
- (int, char **);
+ (int, char **);
void get_tickets
- (krb5_context);
+ (krb5_context);
static void usage
- (void);
+ (void);
krb5_error_code open_connection
- (char *, int *, char *, int);
+ (char *, int *, char *, unsigned int);
void kerberos_authenticate
- (krb5_context, krb5_auth_context *,
+ (krb5_context, krb5_auth_context *,
int, krb5_principal, krb5_creds **);
int open_database
- (krb5_context, char *, int *);
+ (krb5_context, char *, int *);
void close_database
- (krb5_context, int);
+ (krb5_context, int);
void xmit_database
- (krb5_context, krb5_auth_context, krb5_creds *,
+ (krb5_context, krb5_auth_context, krb5_creds *,
int, int, int);
void send_error
- (krb5_context, krb5_creds *, int, char *, krb5_error_code);
+ (krb5_context, krb5_creds *, int, char *, krb5_error_code);
void update_last_prop_file
- (char *, char *);
+ (char *, char *);
static void usage()
{
@@ -134,7 +133,8 @@ main(argc, argv)
get_tickets(context);
database_fd = open_database(context, file, &database_size);
- if (retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg))) {
+ retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg));
+ if (retval) {
com_err(progname, retval, gettext("%s while opening connection to %s"),
Errmsg, slave_host);
exit(1);
@@ -155,6 +155,7 @@ main(argc, argv)
close_database(context, database_fd);
exit(0);
}
+
void PRS(argc, argv)
int argc;
char **argv;
@@ -202,16 +203,12 @@ void PRS(argc, argv)
slave_host = *argv;
else
usage();
-
}
void get_tickets(context)
krb5_context context;
{
- char my_host_name[MAXHOSTNAMELEN];
char buf[BUFSIZ];
- char *cp;
- struct hostent *hp;
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
krb5_keytab keytab = NULL;
@@ -262,11 +259,13 @@ void get_tickets(context)
com_err(progname, errno, gettext("while setting client principal name"));
exit(1);
}
-
if (realm) {
- (void) krb5_xfree(krb5_princ_realm(context, my_principal)->data);
- krb5_princ_set_realm_length(context, my_principal, strlen(realm));
- krb5_princ_set_realm_data(context, my_principal, strdup(realm));
+ retval = krb5_set_principal_realm(context, my_principal, realm);
+ if (retval) {
+ com_err(progname, errno,
+ gettext("while setting client principal realm"));
+ exit(1);
+ }
}
#if 0
krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL;
@@ -277,12 +276,16 @@ void get_tickets(context)
*/
(void) mktemp(tkstring);
snprintf(buf, sizeof (buf), gettext("FILE:%s"), tkstring);
- if (retval = krb5_cc_resolve(context, buf, &ccache)) {
+
+ retval = krb5_cc_resolve(context, buf, &ccache);
+ if (retval) {
com_err(progname, retval, gettext("while opening credential cache %s"),
buf);
exit(1);
}
- if (retval = krb5_cc_initialize(context, ccache, my_principal)) {
+
+ retval = krb5_cc_initialize(context, ccache, my_principal);
+ if (retval) {
com_err (progname, retval, gettext("when initializing cache %s"),
buf);
exit(1);
@@ -303,21 +306,26 @@ void get_tickets(context)
exit(1);
}
if (realm) {
- (void) krb5_xfree(krb5_princ_realm(context, creds.server)->data);
- krb5_princ_set_realm_length(context, creds.server, strlen(realm));
- krb5_princ_set_realm_data(context, creds.server, strdup(realm));
+ retval = krb5_set_principal_realm(context, creds.server, realm);
+ if (retval) {
+ com_err(progname, errno,
+ gettext("while setting server principal realm"));
+ exit(1);
+ }
}
/*
* Now fill in the client....
*/
- if (retval = krb5_copy_principal(context, my_principal, &creds.client)) {
+ retval = krb5_copy_principal(context, my_principal, &creds.client);
+ if (retval) {
com_err(progname, retval, gettext("While copying client principal"));
(void) krb5_cc_destroy(context, ccache);
exit(1);
}
if (srvtab) {
- if (retval = krb5_kt_resolve(context, srvtab, &keytab)) {
+ retval = krb5_kt_resolve(context, srvtab, &keytab);
+ if (retval) {
com_err(progname, retval, gettext("while resolving keytab"));
(void) krb5_cc_destroy(context, ccache);
exit(1);
@@ -345,12 +353,13 @@ void get_tickets(context)
if (keytab)
(void) krb5_kt_close(context, keytab);
-
+
/*
* Now destroy the cache right away --- the credentials we
* need will be in my_creds.
*/
- if (retval = krb5_cc_destroy(context, ccache)) {
+ retval = krb5_cc_destroy(context, ccache);
+ if (retval) {
com_err(progname, retval, gettext("while destroying ticket cache"));
exit(1);
}
@@ -363,10 +372,10 @@ void get_tickets(context)
krb5_error_code
open_connection(host, fd, Errmsg, ErrmsgSz)
- char *host;
- int *fd;
- char *Errmsg;
- int ErrmsgSz;
+ char *host;
+ int *fd;
+ char *Errmsg;
+ unsigned int ErrmsgSz;
{
int s;
krb5_error_code retval;
@@ -437,7 +446,6 @@ open_connection(host, fd, Errmsg, ErrmsgSz)
freeaddrinfo(aitop);
return(retval);
}
-
*fd = s;
/*
@@ -486,43 +494,46 @@ void kerberos_authenticate(context, auth_context, fd, me, new_creds)
krb5_error *error = NULL;
krb5_ap_rep_enc_part *rep_result;
- if (retval = krb5_auth_con_init(context, auth_context))
+ retval = krb5_auth_con_init(context, auth_context);
+ if (retval)
exit(1);
krb5_auth_con_setflags(context, *auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- if (retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr,
- &receiver_addr)) {
+ retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr,
+ &receiver_addr);
+ if (retval) {
com_err(progname, retval, gettext("in krb5_auth_con_setaddrs"));
exit(1);
}
- if (retval = krb5_sendauth(context, auth_context, (void *)&fd,
- kprop_version, me, creds.server,
- AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL,
- &error, &rep_result, new_creds)) {
- com_err(progname, retval, gettext("while authenticating to server"));
- if (error) {
- if (error->error == KRB_ERR_GENERIC) {
- if (error->text.data)
- fprintf(stderr,
- gettext("Generic remote error: %s\n"),
- error->text.data);
- } else if (error->error) {
- com_err(progname,
- error->error + ERROR_TABLE_BASE_krb5,
- gettext("signalled from server"));
- if (error->text.data)
- fprintf(stderr,
- gettext("Error text from server: %s\n"),
- error->text.data);
- }
- krb5_free_error(context, error);
- }
- exit(1);
+ retval = krb5_sendauth(context, auth_context, (void *)&fd,
+ kprop_version, me, creds.server,
+ AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL,
+ &error, &rep_result, new_creds);
+ if (retval) {
+ com_err(progname, retval, gettext("while authenticating to server"));
+ if (error) {
+ if (error->error == KRB_ERR_GENERIC) {
+ if (error->text.data)
+ fprintf(stderr,
+ gettext("Generic remote error: %s\n"),
+ error->text.data);
+ } else if (error->error) {
+ com_err(progname,
+ (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5,
+ gettext("signalled from server"));
+ if (error->text.data)
+ fprintf(stderr,
+ gettext("Error text from server: %s\n"),
+ error->text.data);
+ }
+ krb5_free_error(context, error);
}
- krb5_free_ap_rep_enc_part(context, rep_result);
+ exit(1);
+ }
+ krb5_free_ap_rep_enc_part(context, rep_result);
}
char * dbpathname;
@@ -601,7 +612,8 @@ close_database(context, fd)
int fd;
{
int err;
- if (err = krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK))
+ err = krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
+ if (err)
com_err(progname, err, gettext("while unlocking database '%s'"), dbpathname);
free(dbpathname);
(void)close(fd);
@@ -618,20 +630,24 @@ close_database(context, fd)
* will abort the entire operation.
*/
void
-xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
+xmit_database(context, auth_context, my_creds, fd, database_fd,
+ in_database_size)
krb5_context context;
krb5_auth_context auth_context;
krb5_creds *my_creds;
int fd;
int database_fd;
- int database_size;
+ int in_database_size;
{
- krb5_int32 send_size, sent_size, n;
+ krb5_int32 sent_size, n;
krb5_data inbuf, outbuf;
char buf[KPROP_BUFSIZ];
krb5_error_code retval;
krb5_error *error;
-
+ /* These must be 4 bytes */
+ krb5_ui_4 database_size = in_database_size;
+ krb5_ui_4 send_size;
+
/*
* Send over the size
*/
@@ -639,36 +655,42 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
inbuf.data = (char *) &send_size;
inbuf.length = sizeof(send_size); /* must be 4, really */
/* KPROP_CKSUMTYPE */
- if (retval = krb5_mk_safe(context, auth_context, &inbuf,
- &outbuf, NULL)) {
+ retval = krb5_mk_safe(context, auth_context, &inbuf,
+ &outbuf, NULL);
+ if (retval) {
com_err(progname, retval, gettext("while encoding database size"));
send_error(context, my_creds, fd, gettext("while encoding database size"), retval);
exit(1);
}
- if (retval = krb5_write_message(context, (void *) &fd, &outbuf)) {
+
+ retval = krb5_write_message(context, (void *) &fd, &outbuf);
+ if (retval) {
krb5_free_data_contents(context, &outbuf);
com_err(progname, retval, gettext("while sending database size"));
exit(1);
}
krb5_free_data_contents(context, &outbuf);
- /*
- * Initialize the initial vector.
- */
- if (retval = krb5_auth_con_initivector(context, auth_context)) {
- send_error(context, my_creds, fd,
+ /*
+ * Initialize the initial vector.
+ */
+ retval = krb5_auth_con_initivector(context, auth_context);
+ if (retval) {
+ send_error(context, my_creds, fd,
gettext("failed while initializing i_vector"), retval);
- com_err(progname, retval, gettext("while allocating i_vector"));
- exit(1);
- }
+ com_err(progname, retval, gettext("while allocating i_vector"));
+ exit(1);
+ }
+
/*
* Send over the file, block by block....
*/
inbuf.data = buf;
sent_size = 0;
- while (n = read(database_fd, buf, sizeof(buf))) {
+ while ((n = read(database_fd, buf, sizeof(buf)))) {
inbuf.length = n;
- if (retval = krb5_mk_priv(context, auth_context, &inbuf,
- &outbuf, NULL)) {
+ retval = krb5_mk_priv(context, auth_context, &inbuf,
+ &outbuf, NULL);
+ if (retval) {
snprintf(buf, sizeof (buf),
gettext("while encoding database block starting at %d"),
sent_size);
@@ -676,7 +698,9 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
send_error(context, my_creds, fd, buf, retval);
exit(1);
}
- if (retval = krb5_write_message(context, (void *)&fd,&outbuf)) {
+
+ retval = krb5_write_message(context, (void *)&fd,&outbuf);
+ if (retval) {
krb5_free_data_contents(context, &outbuf);
com_err(progname, retval,
gettext("while sending database block starting at %d"),
@@ -694,11 +718,13 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
KRB5KRB_ERR_GENERIC);
exit(1);
}
+
/*
* OK, we've sent the database; now let's wait for a success
* indication from the remote end.
*/
- if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) {
+ retval = krb5_read_message(context, (void *) &fd, &inbuf);
+ if (retval) {
com_err(progname, retval,
gettext("while reading response from server"));
exit(1);
@@ -708,7 +734,8 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
* the error message
*/
if (krb5_is_krb_error(&inbuf)) {
- if (retval = krb5_rd_error(context, &inbuf, &error)) {
+ retval = krb5_rd_error(context, &inbuf, &error);
+ if (retval) {
com_err(progname, retval,
gettext("while decoding error response from server"));
exit(1);
@@ -719,7 +746,9 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
gettext("Generic remote error: %s\n"),
error->text.data);
} else if (error->error) {
- com_err(progname, error->error + ERROR_TABLE_BASE_krb5,
+ com_err(progname,
+ (krb5_error_code) error->error +
+ ERROR_TABLE_BASE_krb5,
gettext("signalled from server"));
if (error->text.data)
fprintf(stderr,
@@ -729,11 +758,14 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
krb5_free_error(context, error);
exit(1);
}
- if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) {
+
+ retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
+ if (retval) {
com_err(progname, retval,
gettext("while decoding final size packet from server"));
exit(1);
}
+
memcpy((char *)&send_size, outbuf.data, sizeof(send_size));
send_size = ntohl(send_size);
if (send_size != database_size) {
@@ -770,7 +802,8 @@ send_error(context, my_creds, fd, err_text, err_code)
else
text = error_message(err_code);
error.text.length = strlen(text) + 1;
- if (error.text.data = malloc(error.text.length)) {
+ error.text.data = malloc((unsigned int) error.text.length);
+ if (error.text.data) {
strcpy(error.text.data, text);
if (!krb5_mk_error(context, &error, &outbuf)) {
(void) krb5_write_message(context, (void *)&fd,&outbuf);
@@ -804,8 +837,8 @@ void update_last_prop_file(hostname, file_name)
* have already specified a host name and therefore would be redundant.
*/
if (strcmp(file_name, KPROP_DEFAULT_FILE) == 0) {
- strcat(file_last_prop, ".");
- strcat(file_last_prop, hostname);
+ strcat(file_last_prop, ".");
+ strcat(file_last_prop, hostname);
}
strcat(file_last_prop, last_prop);
if ((fd = THREEPARAMOPEN(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
diff --git a/usr/src/cmd/krb5/slave/kprop.h b/usr/src/cmd/krb5/slave/kprop.h
index 83ee7763c5..b71a5e5c19 100644
--- a/usr/src/cmd/krb5/slave/kprop.h
+++ b/usr/src/cmd/krb5/slave/kprop.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -22,7 +22,7 @@ extern "C" {
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -36,18 +36,17 @@ extern "C" {
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*
*/
-#define KPROP_SERVICE_NAME "host"
-#define TGT_SERVICE_NAME "krbtgt"
-#define KPROP_SERVICE "krb5_prop"
-#define KPROP_CKSUMTYPE CKSUMTYPE_RSA_MD4_DES
+#define KPROP_SERVICE_NAME "host"
+#define TGT_SERVICE_NAME "krbtgt"
+#define KPROP_SERVICE "krb5_prop"
-#define KPROP_PROT_VERSION "kprop5_01"
+#define KPROP_PROT_VERSION "kprop5_01"
-#define KPROP_BUFSIZ 32768
+#define KPROP_BUFSIZ 32768
extern krb5_address *cvtkaddr(struct sockaddr_storage *ss, krb5_address *krbap);
diff --git a/usr/src/cmd/krb5/slave/kpropd.c b/usr/src/cmd/krb5/slave/kpropd.c
index 189a99929e..a5d6b7aa6f 100644
--- a/usr/src/cmd/krb5/slave/kpropd.c
+++ b/usr/src/cmd/krb5/slave/kpropd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* All rights reserved.
@@ -61,6 +61,7 @@
* write...
*/
+
#include <stdio.h>
#include <ctype.h>
#include <sys/file.h>
@@ -129,7 +130,6 @@ char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
char *kerb_database = NULL;
char *acl_file_name = KPROPD_ACL_FILE;
-int database_fd;
krb5_address sender_addr;
krb5_address receiver_addr;
short port = 0;
@@ -139,36 +139,35 @@ void PRS
int do_standalone
(iprop_role iproprole);
void doit
- (int);
+ (int);
krb5_error_code do_iprop(kdb_log_context *log_ctx);
void kerberos_authenticate
- (krb5_context,
+ (krb5_context,
int,
krb5_principal *,
krb5_enctype *,
struct sockaddr_storage);
-
krb5_boolean authorized_principal
- (krb5_context,
+ (krb5_context,
krb5_principal,
krb5_enctype);
void recv_database
- (krb5_context,
+ (krb5_context,
int,
int,
krb5_data *);
void load_database
- (krb5_context,
+ (krb5_context,
char *,
char *);
void send_error
- (krb5_context,
+ (krb5_context,
int,
krb5_error_code,
char *);
void recv_error
- (krb5_context,
+ (krb5_context,
krb5_data *);
int convert_polltime
(char *);
@@ -283,64 +282,59 @@ int do_standalone(iprop_role iproprole)
gettext("in setsockopt(SO_REUSEADDR)"));
}
ret = bind(finet, (struct sockaddr *) &sin6, sizeof(sin6));
- }
+ }
- if (ret < 0) {
- perror(gettext("bind"));
- com_err(progname, errno,
+ if (ret < 0) {
+ perror(gettext("bind"));
+ com_err(progname, errno,
gettext("while binding listener socket"));
- exit(1);
+ exit(1);
+ }
}
- }
-
- if (!debug && (iproprole != IPROP_SLAVE))
- daemon(1, 0);
-
+ if (!debug && (iproprole != IPROP_SLAVE))
+ daemon(1, 0);
#ifdef PID_FILE
- if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
- fprintf(pidfile, gettext("%d\n"), getpid());
- fclose(pidfile);
- } else
- com_err(progname, errno,
+ if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
+ fprintf(pidfile, gettext("%d\n"), getpid());
+ fclose(pidfile);
+ } else
+ com_err(progname, errno,
gettext("while opening pid file %s for writing"),
PID_FILE);
#endif
-
- if (listen(finet, 5) < 0) {
- com_err(progname, errno, gettext("in listen call"));
- exit(1);
- }
-
- while (1) {
- int child_pid;
-
- s = accept(finet, (struct sockaddr *) &sin6, &sin6_size);
-
- if (s < 0) {
- if (errno != EINTR)
- com_err(progname, errno,
- gettext("from accept system call"));
- continue;
+ if (listen(finet, 5) < 0) {
+ com_err(progname, errno, gettext("in listen call"));
+ exit(1);
}
+ while (1) {
+ int child_pid;
- if (debug && (iproprole != IPROP_SLAVE))
- child_pid = 0;
- else
- child_pid = fork();
+ s = accept(finet, (struct sockaddr *) &sin6, &sin6_size);
- switch (child_pid) {
- case -1:
- com_err(progname, errno, gettext("while forking"));
- exit(1);
+ if (s < 0) {
+ if (errno != EINTR)
+ com_err(progname, errno,
+ gettext("from accept system call"));
+ continue;
+ }
+ if (debug && (iproprole != IPROP_SLAVE))
+ child_pid = 0;
+ else
+ child_pid = fork();
+ switch (child_pid) {
+ case -1:
+ com_err(progname, errno, gettext("while forking"));
+ exit(1);
/*NOTREACHED*/
- case 0:
+ case 0:
/* child */
- (void) close(finet);
- doit(s);
- close(s);
- _exit(0);
+ (void) close(finet);
+
+ doit(s);
+ close(s);
+ _exit(0);
/*NOTREACHED*/
- default:
+ default:
/* parent */
if (wait(&status) < 0) {
com_err(progname, errno,
@@ -373,8 +367,9 @@ void doit(fd)
krb5_error_code retval;
krb5_data confmsg;
int lock_fd;
- int omask;
+ mode_t omask;
krb5_enctype etype;
+ int database_fd;
char ntop[NI_MAXHOST] = "";
krb5_context doit_context;
kdb_log_context *log_ctx;
@@ -389,7 +384,6 @@ void doit(fd)
ulog_set_role(doit_context, IPROP_SLAVE);
fromlen = (socklen_t)sizeof (from);
-
if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror(gettext("getpeername"));
@@ -461,18 +455,19 @@ void doit(fd)
kerberos_authenticate(doit_context, fd, &client, &etype, from);
if (!authorized_principal(doit_context, client, etype)) {
- char *name;
+ char *name;
- if (retval = krb5_unparse_name(doit_context, client, &name)) {
- com_err(progname, retval,
+ retval = krb5_unparse_name(doit_context, client, &name);
+ if (retval) {
+ com_err(progname, retval,
gettext("While unparsing client name"));
- exit(1);
- }
- syslog(LOG_WARNING,
+ exit(1);
+ }
+ syslog(LOG_WARNING,
gettext("Rejected connection from unauthorized principal %s"),
- name);
- free(name);
- exit(1);
+ name);
+ free(name);
+ exit(1);
}
omask = umask(077);
lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
@@ -519,8 +514,8 @@ void doit(fd)
* Send the acknowledgement message generated in
* recv_database, then close the socket.
*/
- if (retval = krb5_write_message(doit_context, (void *) &fd,
- &confmsg)) {
+ retval = krb5_write_message(doit_context, (void *) &fd, &confmsg);
+ if (retval) {
krb5_free_data_contents(doit_context, &confmsg);
com_err(progname, retval,
gettext("while sending # of received bytes"));
@@ -532,7 +527,7 @@ void doit(fd)
gettext("while trying to close database file"));
exit(1);
}
-
+
exit(0);
}
@@ -1075,9 +1070,12 @@ void PRS(argc,argv)
exit(1);
}
if (realm) {
- (void) krb5_xfree(krb5_princ_realm(context, server)->data);
- krb5_princ_set_realm_length(context, server, strlen(realm));
- krb5_princ_set_realm_data(context, server, strdup(realm));
+ retval = krb5_set_principal_realm(kpropd_context, server, realm);
+ if (retval) {
+ com_err(progname, errno,
+ gettext("while constructing my service realm"));
+ exit(1);
+ }
}
/*
* Construct the name of the temporary file.
@@ -1162,7 +1160,9 @@ kerberos_authenticate(context, fd, clientp, etype, ss)
if (debug) {
char *name;
- if (retval = krb5_unparse_name(context, server, &name)) {
+
+ retval = krb5_unparse_name(context, server, &name);
+ if (retval) {
com_err(progname, retval, gettext("While unparsing server name"));
exit(1);
}
@@ -1171,42 +1171,46 @@ kerberos_authenticate(context, fd, clientp, etype, ss)
free(name);
}
- if (retval = krb5_auth_con_init(context, &auth_context)) {
+ retval = krb5_auth_con_init(context, &auth_context);
+ if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_init: %s"),
- error_message(retval));
+ error_message(retval));
exit(1);
}
- if (retval = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
+ retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_setflags: %s"),
error_message(retval));
exit(1);
}
- if (retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr,
- &sender_addr)) {
+ retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr,
+ &sender_addr);
+ if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_setaddrs: %s"),
error_message(retval));
exit(1);
}
if (srvtab) {
- if (retval = krb5_kt_resolve(context, srvtab, &keytab)) {
+ retval = krb5_kt_resolve(context, srvtab, &keytab);
+ if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_kt_resolve: %s"), error_message(retval));
exit(1);
}
}
- if (retval = krb5_recvauth(context, &auth_context, (void *) &fd,
- kprop_version, server, 0, keytab, &ticket)){
- syslog(LOG_ERR, gettext("Error in krb5_recvauth: %s"),
- error_message(retval));
+ retval = krb5_recvauth(context, &auth_context, (void *) &fd,
+ kprop_version, server, 0, keytab, &ticket);
+ if (retval) {
+ syslog(LOG_ERR, gettext("Error in krb5_recvauth: %s"), error_message(retval));
exit(1);
}
- if (retval = krb5_copy_principal(context,
- ticket->enc_part2->client, clientp)) {
+ retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp);
+ if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_copy_prinicpal: %s"),
error_message(retval));
exit(1);
@@ -1218,14 +1222,15 @@ kerberos_authenticate(context, fd, clientp, etype, ss)
char * name;
char etypebuf[100];
- if (retval = krb5_unparse_name(context, *clientp, &name)) {
+ retval = krb5_unparse_name(context, *clientp, &name);
+ if (retval) {
com_err(progname, retval,
gettext("While unparsing client name"));
exit(1);
}
- if (retval = krb5_enctype_to_string(*etype, etypebuf,
- sizeof(etypebuf))) {
+ retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf));
+ if (retval) {
com_err(progname, retval, gettext("While unparsing ticket etype"));
exit(1);
}
@@ -1269,11 +1274,11 @@ authorized_principal(context, p, auth_etype)
/* if the next character is not whitespace or nul, then
the match is only partial. continue on to new lines. */
- if (*ptr && !isspace(*ptr))
+ if (*ptr && !isspace((int) *ptr))
continue;
/* otherwise, skip trailing whitespace */
- for (; *ptr && isspace(*ptr); ptr++) ;
+ for (; *ptr && isspace((int) *ptr); ptr++) ;
/* now, look for an etype string. if there isn't one,
return true. if there is an invalid string, continue.
@@ -1302,7 +1307,7 @@ recv_database(context, fd, database_fd, confmsg)
int database_fd;
krb5_data *confmsg;
{
- int database_size;
+ krb5_ui_4 database_size; /* This must be 4 bytes */
int received_size, n;
char buf[1024];
krb5_data inbuf, outbuf;
@@ -1311,7 +1316,8 @@ recv_database(context, fd, database_fd, confmsg)
/*
* Receive and decode size from client
*/
- if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) {
+ retval = krb5_read_message(context, (void *) &fd, &inbuf);
+ if (retval) {
send_error(context, fd, retval, gettext("while reading database size"));
com_err(progname, retval,
gettext("while reading size of database from client"));
@@ -1319,8 +1325,10 @@ recv_database(context, fd, database_fd, confmsg)
}
if (krb5_is_krb_error(&inbuf))
recv_error(context, &inbuf);
- if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) {
- send_error(context, fd, retval, gettext("while decoding database size"));
+ retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
+ if (retval) {
+ send_error(context, fd, retval, gettext(
+ "while decoding database size"));
krb5_free_data_contents(context, &inbuf);
com_err(progname, retval,
gettext("while decoding database size from client"));
@@ -1331,21 +1339,24 @@ recv_database(context, fd, database_fd, confmsg)
krb5_free_data_contents(context, &outbuf);
database_size = ntohl(database_size);
- /*
- * Initialize the initial vector.
- */
- if (retval = krb5_auth_con_initivector(context, auth_context)) {
- send_error(context, fd, retval, gettext("failed while initializing i_vector"));
- com_err(progname, retval, gettext("while initializing i_vector"));
- exit(1);
- }
+ /*
+ * Initialize the initial vector.
+ */
+ retval = krb5_auth_con_initivector(context, auth_context);
+ if (retval) {
+ send_error(context, fd, retval, gettext(
+ "failed while initializing i_vector"));
+ com_err(progname, retval, gettext("while initializing i_vector"));
+ exit(1);
+ }
/*
* Now start receiving the database from the net
*/
received_size = 0;
while (received_size < database_size) {
- if (retval = krb5_read_message(context, (void *) &fd, &inbuf)) {
+ retval = krb5_read_message(context, (void *) &fd, &inbuf);
+ if (retval) {
snprintf(buf, sizeof (buf),
gettext("while reading database block starting at offset %d"),
received_size);
@@ -1355,8 +1366,9 @@ recv_database(context, fd, database_fd, confmsg)
}
if (krb5_is_krb_error(&inbuf))
recv_error(context, &inbuf);
- if (retval = krb5_rd_priv(context, auth_context, &inbuf,
- &outbuf, NULL)) {
+ retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &outbuf, NULL);
+ if (retval) {
snprintf(buf, sizeof (buf),
gettext("while decoding database block starting at offset %d"),
received_size);
@@ -1384,6 +1396,7 @@ recv_database(context, fd, database_fd, confmsg)
/* SUNWresync121: our krb5...contents sets length to 0 */
krb5_free_data_contents(context, &inbuf);
krb5_free_data_contents(context, &outbuf);
+
}
/*
* OK, we've seen the entire file. Did we get too many bytes?
@@ -1401,7 +1414,8 @@ recv_database(context, fd, database_fd, confmsg)
database_size = htonl(database_size);
inbuf.data = (char *) &database_size;
inbuf.length = sizeof(database_size);
- if (retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL)) {
+ retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL);
+ if (retval) {
com_err(progname, retval,
gettext("while encoding # of receieved bytes"));
send_error(context, fd, retval,
@@ -1443,7 +1457,8 @@ send_error(context, fd, err_code, err_text)
}
}
error.text.length = strlen(text) + 1;
- if (error.text.data = malloc(error.text.length)) {
+ error.text.data = malloc(error.text.length);
+ if (error.text.data) {
strcpy(error.text.data, text);
if (!krb5_mk_error(context, &error, &outbuf)) {
(void) krb5_write_message(context, (void *)&fd,&outbuf);
@@ -1461,7 +1476,8 @@ recv_error(context, inbuf)
krb5_error *error;
krb5_error_code retval;
- if (retval = krb5_rd_error(context, inbuf, &error)) {
+ retval = krb5_rd_error(context, inbuf, &error);
+ if (retval) {
com_err(progname, retval,
gettext("while decoding error packet from client"));
exit(1);
@@ -1484,25 +1500,35 @@ recv_error(context, inbuf)
}
void
-load_database(context, kdb5_util, database_file_name)
+load_database(context, kdb_util, database_file_name)
krb5_context context;
- char *kdb5_util;
+ char *kdb_util;
char *database_file_name;
{
static char *edit_av[10];
- int error_ret, save_stderr;
+ int error_ret, save_stderr = -1;
int child_pid;
int count;
+
+ /* <sys/param.h> has been included, so BSD will be defined on
+ BSD systems */
+#if BSD > 0 && BSD <= 43
+#ifndef WEXITSTATUS
+#define WEXITSTATUS(w) (w).w_retcode
+#endif
+ union wait waitb;
+#else
int waitb;
+#endif
krb5_error_code retval;
kdb_log_context *log_ctx;
if (debug)
- printf(gettext("calling kdb5_util to load database\n"));
+ printf(gettext("calling kdb_util to load database\n"));
log_ctx = context->kdblog_context;
- edit_av[0] = kdb5_util;
+ edit_av[0] = kdb_util;
count = 1;
if (realm) {
edit_av[count++] = "-r";
@@ -1523,7 +1549,7 @@ load_database(context, kdb5_util, database_file_name)
switch(child_pid = fork()) {
case -1:
com_err(progname, errno, gettext("while trying to fork %s"),
- kdb5_util);
+ kdb_util);
exit(1);
/*NOTREACHED*/
case 0:
@@ -1537,12 +1563,12 @@ load_database(context, kdb5_util, database_file_name)
dup(0);
}
- execv(kdb5_util, edit_av);
+ execv(kdb_util, edit_av);
retval = errno;
if (!debug)
dup2(save_stderr, 2);
com_err(progname, retval, gettext("while trying to exec %s"),
- kdb5_util);
+ kdb_util);
_exit(1);
/*NOTREACHED*/
default:
@@ -1550,15 +1576,16 @@ load_database(context, kdb5_util, database_file_name)
printf(gettext("Child PID is %d\n"), child_pid);
if (wait(&waitb) < 0) {
com_err(progname, errno, gettext("while waiting for %s"),
- kdb5_util);
+ kdb_util);
exit(1);
}
}
- if ((error_ret = WEXITSTATUS(waitb)) != 0) {
+ error_ret = WEXITSTATUS(waitb);
+ if (error_ret) {
com_err(progname, 0,
- gettext("%s returned a bad exit status (%d)"), kdb5_util,
- error_ret);
+ gettext("%s returned a bad exit status (%d)"),
+ kdb_util, error_ret);
exit(1);
}
return;
diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/db.h b/usr/src/lib/gss_mechs/mech_krb5/include/db.h
index 9076723263..2b74608be6 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/include/db.h
+++ b/usr/src/lib/gss_mechs/mech_krb5/include/db.h
@@ -173,11 +173,4 @@ DB *dbopen __P((const char *, int, int, DBTYPE, const void *));
int bt_rseq(const DB*, DBT *, DBT *, void **, u_int); /* XXX kludge */
__END_DECLS
-#if DEBUG_DB
-
-/* debugging aid used to turn on display of messages */
-void debugDisplayDB(int onOff);
-
-#endif
-
#endif /* !_DB_H_ */
diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h b/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h
index fbdf4b0017..be7274b907 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h
+++ b/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h
@@ -2,7 +2,7 @@
/*
* include/krb5/adm.h
*
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995,2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -17,7 +17,10 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
@@ -207,13 +210,14 @@ typedef struct __krb5_realm_params {
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
+ unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
- unsigned int realm_filler:7;
+ unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
#endif /* KRB5_ADM_H__ */
diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c
index 607519b834..fec98c2e42 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c
+++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -15,7 +15,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -29,7 +29,7 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*
* Registration functions for keytab.
*/
@@ -46,9 +46,6 @@ struct krb5_kt_typelist {
const krb5_kt_ops *ops;
const struct krb5_kt_typelist *next;
};
-static const struct krb5_kt_typelist krb5_kt_typelist_dfl = { &krb5_kt_dfl_ops, 0 };
-static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_dfl;
-
static const struct krb5_kt_typelist krb5_kt_typelist_wrfile = {
&krb5_ktf_writable_ops,
0
@@ -61,11 +58,7 @@ static const struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
&krb5_kts_ops,
&krb5_kt_typelist_file
};
-
-/* SUNW14resync */
-/*
-static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab;*/
-
+static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab;
/* Lock for protecting the type list. */
static k5_mutex_t kt_typehead_lock = K5_MUTEX_PARTIAL_INITIALIZER;
diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c
index 704eabd01d..6cda1024ab 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c
+++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -33,7 +33,7 @@ extern kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context, const char *,
extern kadm5_ret_t kadm5_init_with_password(char *, char *, char *,
kadm5_config_params *, krb5_ui_4, krb5_ui_4, void **);
extern kadm5_ret_t kadm5_chpass_principal_util(void *, krb5_principal,
- char *, char **, char *, int);
+ char *, char **, char *, unsigned int);
static krb5_error_code
krb5_get_as_key_password(
diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c
index ffd8cdc07d..6c3c0ff525 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c
+++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -319,10 +319,6 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
/*LINTED*/
message->length, message->data, realm, *use_master, tcp_only);
- /*
- * Solaris Kerberos: keep it simple by not supporting a udp_preference_limit
- */
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
if (!tcp_only && context->udp_pref_limit < 0) {
int tmp;
retval = profile_get_integer(context->profile,
@@ -332,15 +328,13 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
return retval;
if (tmp < 0)
tmp = DEFAULT_UDP_PREF_LIMIT;
- else if (tmp > HARD_UDP_LIMIT) {
+ else if (tmp > HARD_UDP_LIMIT)
/* In the unlikely case that a *really* big value is
given, let 'em use as big as we think we can
support. */
tmp = HARD_UDP_LIMIT;
- }
context->udp_pref_limit = tmp;
}
-#endif /**************** END IFDEF'ed OUT *******************************/
retval = (*use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN);
diff --git a/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers b/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers
index a61439d044..199a3d4442 100644
--- a/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers
+++ b/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers
@@ -38,26 +38,6 @@ SUNWprivate_1.1 {
global:
adb_error_table;
asn12krb5_buf;
- asn1buf_create;
- asn1buf_destroy;
- asn1buf_ensure_space;
- asn1buf_expand;
- asn1buf_free;
- asn1buf_hex_unparse;
- asn1buf_imbed;
- asn1buf_insert_charstring;
- asn1buf_insert_octet;
- asn1buf_insert_octetstring;
- asn1buf_len;
- asn1buf_remains;
- asn1buf_remove_charstring;
- asn1buf_remove_octet;
- asn1buf_remove_octetstring;
- asn1buf_size;
- asn1buf_skiptail;
- asn1buf_sync;
- asn1buf_unparse;
- asn1buf_wrap_data;
asn1_decode_addrtype;
asn1_decode_ap_options;
asn1_decode_authdata_elt;
@@ -67,10 +47,10 @@ SUNWprivate_1.1 {
asn1_decode_checksum;
asn1_decode_cksumtype;
asn1_decode_enc_kdc_rep_part;
- asn1_decode_encrypted_data;
- asn1_decode_encryption_key;
asn1_decode_enc_sam_key;
asn1_decode_enc_sam_response_enc;
+ asn1_decode_encrypted_data;
+ asn1_decode_encryption_key;
asn1_decode_enctype;
asn1_decode_etype_info;
asn1_decode_generalstring;
@@ -78,8 +58,8 @@ SUNWprivate_1.1 {
asn1_decode_host_address;
asn1_decode_host_addresses;
asn1_decode_ia5string;
- asn1_decode_int;
asn1_decode_int32;
+ asn1_decode_int;
asn1_decode_integer;
asn1_decode_kdc_options;
asn1_decode_kdc_rep;
@@ -121,9 +101,9 @@ SUNWprivate_1.1 {
asn1_encode_charstring;
asn1_encode_checksum;
asn1_encode_enc_kdc_rep_part;
+ asn1_encode_enc_sam_response_enc;
asn1_encode_encrypted_data;
asn1_encode_encryption_key;
- asn1_encode_enc_sam_response_enc;
asn1_encode_etype_info;
asn1_encode_etype_info_entry;
asn1_encode_generalstring;
@@ -176,6 +156,26 @@ SUNWprivate_1.1 {
asn1_make_set;
asn1_make_string;
asn1_make_tag;
+ asn1buf_create;
+ asn1buf_destroy;
+ asn1buf_ensure_space;
+ asn1buf_expand;
+ asn1buf_free;
+ asn1buf_hex_unparse;
+ asn1buf_imbed;
+ asn1buf_insert_charstring;
+ asn1buf_insert_octet;
+ asn1buf_insert_octetstring;
+ asn1buf_len;
+ asn1buf_remains;
+ asn1buf_remove_charstring;
+ asn1buf_remove_octet;
+ asn1buf_remove_octetstring;
+ asn1buf_size;
+ asn1buf_skiptail;
+ asn1buf_sync;
+ asn1buf_unparse;
+ asn1buf_wrap_data;
com_err;
com_err_va;
daemon;
@@ -192,15 +192,15 @@ SUNWprivate_1.1 {
decode_krb5_enc_data;
decode_krb5_enc_kdc_rep_part;
decode_krb5_enc_priv_part;
- decode_krb5_encryption_key;
decode_krb5_enc_sam_key;
decode_krb5_enc_sam_response_enc;
decode_krb5_enc_tkt_part;
+ decode_krb5_encryption_key;
decode_krb5_error;
decode_krb5_etype_info;
decode_krb5_kdc_req_body;
- decode_krb5_padata_sequence;
decode_krb5_pa_enc_ts;
+ decode_krb5_padata_sequence;
decode_krb5_predicted_sam_response;
decode_krb5_priv;
decode_krb5_pwd_data;
@@ -225,15 +225,15 @@ SUNWprivate_1.1 {
encode_krb5_enc_data;
encode_krb5_enc_kdc_rep_part;
encode_krb5_enc_priv_part;
- encode_krb5_encryption_key;
encode_krb5_enc_sam_response_enc;
encode_krb5_enc_tkt_part;
+ encode_krb5_encryption_key;
encode_krb5_error;
- encode_krb5_etype_info;
encode_krb5_etype_info2;
+ encode_krb5_etype_info;
encode_krb5_kdc_req_body;
- encode_krb5_padata_sequence;
encode_krb5_pa_enc_ts;
+ encode_krb5_padata_sequence;
encode_krb5_predicted_sam_response;
encode_krb5_priv;
encode_krb5_pwd_data;
@@ -246,17 +246,14 @@ SUNWprivate_1.1 {
encode_krb5_tgs_req;
encode_krb5_ticket;
error_message;
- foreach_localaddr;
g_delete_cred_id;
g_delete_ctx_id;
g_delete_name;
g_display_com_err_status;
g_display_major_status;
- ggss_error_table;
g_local_host_name;
g_make_string_buffer;
g_make_token_header;
- gmt_mktime;
g_order_check;
g_order_free;
g_order_init;
@@ -271,6 +268,14 @@ SUNWprivate_1.1 {
g_set_entry_delete;
g_set_entry_get;
g_set_init;
+ g_strdup;
+ g_token_size;
+ g_validate_cred_id;
+ g_validate_ctx_id;
+ g_validate_name;
+ g_verify_token_header;
+ ggss_error_table;
+ gmt_mktime;
gss_krb5_ccache_name;
gss_krb5_copy_ccache;
gss_krb5_get_tkt_flags;
@@ -285,12 +290,6 @@ SUNWprivate_1.1 {
gss_nt_krb5_name;
gss_nt_krb5_principal;
gssspi_acquire_cred_with_password;
- g_strdup;
- g_token_size;
- g_validate_cred_id;
- g_validate_ctx_id;
- g_validate_name;
- g_verify_token_header;
imp_error_table;
k5_ef_hash;
k5_ef_mac;
@@ -331,9 +330,9 @@ SUNWprivate_1.1 {
krb5_appdefault_string;
krb5_auth_con_free;
krb5_auth_con_genaddrs;
+ krb5_auth_con_get_checksum_func;
krb5_auth_con_getaddrs;
krb5_auth_con_getauthenticator;
- krb5_auth_con_get_checksum_func;
krb5_auth_con_getflags;
krb5_auth_con_getivector;
krb5_auth_con_getkey;
@@ -347,16 +346,16 @@ SUNWprivate_1.1 {
krb5_auth_con_getsendsubkey;
krb5_auth_con_init;
krb5_auth_con_initivector;
- krb5_auth_con_setaddrs;
krb5_auth_con_set_checksum_func;
+ krb5_auth_con_set_req_cksumtype;
+ krb5_auth_con_set_safe_cksumtype;
+ krb5_auth_con_setaddrs;
krb5_auth_con_setflags;
krb5_auth_con_setivector;
krb5_auth_con_setpermetypes;
krb5_auth_con_setports;
krb5_auth_con_setrcache;
krb5_auth_con_setrecvsubkey;
- krb5_auth_con_set_req_cksumtype;
- krb5_auth_con_set_safe_cksumtype;
krb5_auth_con_setsendsubkey;
krb5_auth_con_setuseruserkey;
krb5_auth_to_rep;
@@ -364,6 +363,25 @@ SUNWprivate_1.1 {
krb5_build_principal_ext;
krb5_build_principal_va;
krb5_c_block_size;
+ krb5_c_checksum_length;
+ krb5_c_decrypt;
+ krb5_c_encrypt;
+ krb5_c_encrypt_length;
+ krb5_c_enctype_compare;
+ krb5_c_free_state;
+ krb5_c_init_state;
+ krb5_c_is_coll_proof_cksum;
+ krb5_c_is_keyed_cksum;
+ krb5_c_keyed_checksum_types;
+ krb5_c_make_checksum;
+ krb5_c_make_random_key;
+ krb5_c_random_make_octets;
+ krb5_c_random_seed;
+ krb5_c_string_to_key;
+ krb5_c_string_to_key_with_params;
+ krb5_c_valid_cksumtype;
+ krb5_c_valid_enctype;
+ krb5_c_verify_checksum;
krb5_cc_close;
krb5_cc_copy_creds;
krb5_cc_default;
@@ -375,7 +393,6 @@ SUNWprivate_1.1 {
krb5_cc_get_name;
krb5_cc_get_principal;
krb5_cc_get_type;
- krb5_c_checksum_length;
krb5_cc_initialize;
krb5_cc_next_cred;
krb5_cc_register;
@@ -385,24 +402,13 @@ SUNWprivate_1.1 {
krb5_cc_set_flags;
krb5_cc_start_seq_get;
krb5_cc_store_cred;
- krb5_c_decrypt;
- krb5_c_encrypt;
- krb5_c_encrypt_length;
- krb5_c_enctype_compare;
- krb5_c_free_state;
krb5_change_cache;
krb5_change_password;
- krb5_checksum_size;
krb5_check_transited_list;
- krb5_c_init_state;
- krb5_c_is_coll_proof_cksum;
- krb5_c_is_keyed_cksum;
- krb5_c_keyed_checksum_types;
+ krb5_checksum_size;
+ krb5_cksumtype_to_string;
krb5_cksumtypes_length;
krb5_cksumtypes_list;
- krb5_cksumtype_to_string;
- krb5_c_make_checksum;
- krb5_c_make_random_key;
krb5_copy_addr;
krb5_copy_addresses;
krb5_copy_authdata;
@@ -415,15 +421,8 @@ SUNWprivate_1.1 {
krb5_copy_keyblock_data;
krb5_copy_principal;
krb5_copy_ticket;
- krb5_c_random_make_octets;
- krb5_c_random_seed;
krb5_create_secure_file;
krb5_crypto_us_timeofday;
- krb5_c_string_to_key;
- krb5_c_string_to_key_with_params;
- krb5_c_valid_cksumtype;
- krb5_c_valid_enctype;
- krb5_c_verify_checksum;
krb5_decode_kdc_rep;
krb5_decode_ticket;
krb5_decrypt_tkt_part;
@@ -434,9 +433,9 @@ SUNWprivate_1.1 {
krb5_encode_kdc_rep;
krb5_encrypt_helper;
krb5_encrypt_tkt_part;
+ krb5_enctype_to_string;
krb5_enctypes_length;
krb5_enctypes_list;
- krb5_enctype_to_string;
krb5_error_table;
krb5_externalize_data;
krb5_externalize_opaque;
@@ -500,21 +499,20 @@ SUNWprivate_1.1 {
krb5_free_uio;
krb5_free_unparsed_name;
krb5_fwd_tgt_creds;
- krb5_generate_seq_number;
- krb5_generate_subkey;
krb5_gen_portaddr;
krb5_gen_replay_name;
- krb5_get_credentials;
- krb5_get_credentials_renew;
- krb5_get_credentials_validate;
+ krb5_generate_seq_number;
+ krb5_generate_subkey;
krb5_get_cred_from_kdc;
krb5_get_cred_from_kdc_renew;
krb5_get_cred_from_kdc_validate;
krb5_get_cred_via_tkt;
+ krb5_get_credentials;
+ krb5_get_credentials_renew;
+ krb5_get_credentials_validate;
krb5_get_default_config_files;
krb5_get_default_in_tkt_ktypes;
krb5_get_default_realm;
- krb5_getenv;
krb5_get_host_realm;
krb5_get_init_creds;
krb5_get_init_creds_keytab;
@@ -538,11 +536,12 @@ SUNWprivate_1.1 {
krb5_get_prompt_types;
krb5_get_realm_domain;
krb5_get_renewed_creds;
- krb5_get_servername;
krb5_get_server_rcache;
+ krb5_get_servername;
krb5_get_tgs_ktypes;
krb5_get_time_offsets;
krb5_get_validated_creds;
+ krb5_getenv;
krb5_gss_import_name;
krb5_gss_init_sec_context;
krb5_gss_oid_array;
@@ -553,11 +552,7 @@ SUNWprivate_1.1 {
krb5_init_ef_handle;
krb5_init_keyblock;
krb5_init_secure_context;
- krb5int_aes_encrypt;
- krb5int_cm_call_select;
krb5_internalize_opaque;
- krb5int_pbkdf2_hmac_sha1;
- krb5int_sendtokdc_debug_handler;
krb5_is_permitted_enctype;
krb5_kdc_rep_decrypt_proc;
krb5_kt_add_entry;
@@ -566,12 +561,28 @@ SUNWprivate_1.1 {
krb5_kt_default_name;
krb5_kt_dfl_ops;
krb5_kt_end_seq_get;
+ krb5_kt_free_entry;
+ krb5_kt_get_entry;
+ krb5_kt_get_name;
+ krb5_kt_next_entry;
+ krb5_kt_read_service_key;
+ krb5_kt_register;
+ krb5_kt_remove_entry;
+ krb5_kt_resolve;
+ krb5_kt_start_seq_get;
+ krb5_ktf_ops;
+ krb5_ktf_writable_ops;
krb5_ktfile_add;
krb5_ktfile_close;
krb5_ktfile_end_get;
krb5_ktfile_get_entry;
krb5_ktfile_get_name;
krb5_ktfile_get_next;
+ krb5_ktfile_remove;
+ krb5_ktfile_resolve;
+ krb5_ktfile_ser_entry;
+ krb5_ktfile_start_seq_get;
+ krb5_ktfile_wresolve;
krb5_ktfileint_close;
krb5_ktfileint_delete_entry;
krb5_ktfileint_find_slot;
@@ -581,28 +592,12 @@ SUNWprivate_1.1 {
krb5_ktfileint_read_entry;
krb5_ktfileint_size_entry;
krb5_ktfileint_write_entry;
- krb5_ktfile_remove;
- krb5_ktfile_resolve;
- krb5_ktfile_ser_entry;
- krb5_ktfile_start_seq_get;
- krb5_ktfile_wresolve;
- krb5_ktf_ops;
- krb5_kt_free_entry;
- krb5_ktf_writable_ops;
- krb5_kt_get_entry;
- krb5_kt_get_name;
- krb5_kt_next_entry;
- krb5_kt_read_service_key;
- krb5_kt_register;
- krb5_kt_remove_entry;
- krb5_kt_resolve;
- krb5_kt_start_seq_get;
krb5_kuserok;
krb5_libdefault_boolean;
krb5_locate_kdc;
krb5_lock_file;
- krb5_make_fulladdr;
krb5_make_full_ipaddr;
+ krb5_make_fulladdr;
krb5_max_dgram_size;
krb5_max_skdc_timeout;
krb5_mk_1cred;
@@ -694,8 +689,8 @@ SUNWprivate_1.1 {
krb5_register_serializer;
krb5_salttype_to_string;
krb5_secure_config_files;
- krb5_sendauth;
krb5_send_tgs;
+ krb5_sendauth;
krb5_sendto_kdc;
krb5_ser_address_init;
krb5_ser_auth_context_init;
@@ -717,7 +712,6 @@ SUNWprivate_1.1 {
krb5_set_default_in_tkt_ktypes;
krb5_set_default_realm;
krb5_set_default_tgs_ktypes;
- krb5_setenv;
krb5_set_key_data;
krb5_set_key_enctype;
krb5_set_key_length;
@@ -725,6 +719,7 @@ SUNWprivate_1.1 {
krb5_set_principal_realm;
krb5_set_real_time;
krb5_set_time_offsets;
+ krb5_setenv;
krb5_size_opaque;
krb5_skdc_timeout_1;
krb5_skdc_timeout_shift;
@@ -745,15 +740,20 @@ SUNWprivate_1.1 {
krb5_unparse_name;
krb5_unparse_name_ext;
krb5_unsetenv;
+ krb5_us_timeofday;
krb5_use_enctype;
krb5_use_natural_time;
- krb5_us_timeofday;
krb5_validate_times;
krb5_verify_init_creds;
krb5_verify_init_creds_opt_init;
krb5_verify_init_creds_opt_set_ap_req_nofail;
krb5_walk_realm_tree;
krb5_write_message;
+ krb5int_aes_encrypt;
+ krb5int_cm_call_select;
+ krb5int_foreach_localaddr;
+ krb5int_pbkdf2_hmac_sha1;
+ krb5int_sendtokdc_debug_handler;
kv5m_error_table;
mit_des_check_key_parity;
mit_des_fixup_key_parity;
diff --git a/usr/src/lib/krb5/db2/btree/bt_debug.c b/usr/src/lib/krb5/db2/btree/bt_debug.c
index b840dd341b..80f0ba807e 100644
--- a/usr/src/lib/krb5/db2/btree/bt_debug.c
+++ b/usr/src/lib/krb5/db2/btree/bt_debug.c
@@ -55,7 +55,7 @@ static char sccsid[] = "@(#)bt_debug.c 8.6 (Berkeley) 1/9/95";
#include "db-int.h"
#include "btree.h"
-#if defined(DEBUG_DB) || defined(STATISTICS)
+#if defined(DEBUG) || defined(STATISTICS)
static FILE *tracefp;
@@ -81,7 +81,7 @@ __bt_dinit()
}
#endif
-#ifdef DEBUG_DB
+#ifdef DEBUG
/*
* __bt_dump --
* dump the tree
diff --git a/usr/src/lib/krb5/db2/btree/bt_delete.c b/usr/src/lib/krb5/db2/btree/bt_delete.c
index d7f5e0c615..90fb7f1e8c 100644
--- a/usr/src/lib/krb5/db2/btree/bt_delete.c
+++ b/usr/src/lib/krb5/db2/btree/bt_delete.c
@@ -152,7 +152,7 @@ __bt_stkacq(t, hp, c)
EPG *e;
EPGNO *parent;
PAGE *h;
- indx_t index;
+ indx_t idx;
db_pgno_t pgno;
recno_t nextpg, prevpg;
int exact, level;
@@ -190,8 +190,8 @@ __bt_stkacq(t, hp, c)
/* Move to the next index. */
if (parent->index != NEXTINDEX(h) - 1) {
- index = parent->index + 1;
- BT_PUSH(t, h->pgno, index);
+ idx = parent->index + 1;
+ BT_PUSH(t, h->pgno, idx);
break;
}
mpool_put(t->bt_mp, h, 0);
@@ -200,7 +200,7 @@ __bt_stkacq(t, hp, c)
/* Restore the stack. */
while (level--) {
/* Push the next level down onto the stack. */
- bi = GETBINTERNAL(h, index);
+ bi = GETBINTERNAL(h, idx);
pgno = bi->pgno;
BT_PUSH(t, pgno, 0);
@@ -210,7 +210,7 @@ __bt_stkacq(t, hp, c)
/* Get the next level down. */
if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
return (1);
- index = 0;
+ idx = 0;
}
mpool_put(t->bt_mp, h, 0);
if ((h = mpool_get(t->bt_mp, nextpg, 0)) == NULL)
@@ -245,8 +245,8 @@ __bt_stkacq(t, hp, c)
/* Move to the next index. */
if (parent->index != 0) {
- index = parent->index - 1;
- BT_PUSH(t, h->pgno, index);
+ idx = parent->index - 1;
+ BT_PUSH(t, h->pgno, idx);
break;
}
mpool_put(t->bt_mp, h, 0);
@@ -255,7 +255,7 @@ __bt_stkacq(t, hp, c)
/* Restore the stack. */
while (level--) {
/* Push the next level down onto the stack. */
- bi = GETBINTERNAL(h, index);
+ bi = GETBINTERNAL(h, idx);
pgno = bi->pgno;
/* Lose the currently pinned page. */
@@ -265,8 +265,8 @@ __bt_stkacq(t, hp, c)
if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
return (1);
- index = NEXTINDEX(h) - 1;
- BT_PUSH(t, pgno, index);
+ idx = NEXTINDEX(h) - 1;
+ BT_PUSH(t, pgno, idx);
}
mpool_put(t->bt_mp, h, 0);
if ((h = mpool_get(t->bt_mp, prevpg, 0)) == NULL)
@@ -384,7 +384,7 @@ __bt_pdelete(t, h)
BINTERNAL *bi;
PAGE *pg;
EPGNO *parent;
- indx_t cnt, index, *ip, offset;
+ indx_t cnt, idx, *ip, offset;
u_int32_t nksize;
char *from;
@@ -405,8 +405,8 @@ __bt_pdelete(t, h)
if ((pg = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
return (RET_ERROR);
- index = parent->index;
- bi = GETBINTERNAL(pg, index);
+ idx = parent->index;
+ bi = GETBINTERNAL(pg, idx);
/* Free any overflow pages. */
if (bi->flags & P_BIGKEY &&
@@ -438,11 +438,11 @@ __bt_pdelete(t, h)
pg->upper += nksize;
/* Adjust indices' offsets, shift the indices down. */
- offset = pg->linp[index];
- for (cnt = index, ip = &pg->linp[0]; cnt--; ++ip)
+ offset = pg->linp[idx];
+ for (cnt = idx, ip = &pg->linp[0]; cnt--; ++ip)
if (ip[0] < offset)
ip[0] += nksize;
- for (cnt = NEXTINDEX(pg) - index; --cnt; ++ip)
+ for (cnt = NEXTINDEX(pg) - idx; --cnt; ++ip)
ip[0] = ip[1] < offset ? ip[1] + nksize : ip[1];
pg->lower -= sizeof(indx_t);
}
@@ -467,17 +467,17 @@ __bt_pdelete(t, h)
* t: tree
* key: referenced key
* h: page
- * index: index on page to delete
+ * idx: index on page to delete
*
* Returns:
* RET_SUCCESS, RET_ERROR.
*/
int
-__bt_dleaf(t, key, h, index)
+__bt_dleaf(t, key, h, idx)
BTREE *t;
const DBT *key;
PAGE *h;
- u_int index;
+ u_int idx;
{
BLEAF *bl;
indx_t cnt, *ip, offset;
@@ -488,12 +488,12 @@ __bt_dleaf(t, key, h, index)
/* If this record is referenced by the cursor, delete the cursor. */
if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
!F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
- t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index == index &&
- __bt_curdel(t, key, h, index))
+ t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index == idx &&
+ __bt_curdel(t, key, h, idx))
return (RET_ERROR);
/* If the entry uses overflow pages, make them available for reuse. */
- to = bl = GETBLEAF(h, index);
+ to = bl = GETBLEAF(h, idx);
if (bl->flags & P_BIGKEY && __ovfl_delete(t, bl->bytes) == RET_ERROR)
return (RET_ERROR);
if (bl->flags & P_BIGDATA &&
@@ -507,18 +507,18 @@ __bt_dleaf(t, key, h, index)
h->upper += nbytes;
/* Adjust the indices' offsets, shift the indices down. */
- offset = h->linp[index];
- for (cnt = index, ip = &h->linp[0]; cnt--; ++ip)
+ offset = h->linp[idx];
+ for (cnt = idx, ip = &h->linp[0]; cnt--; ++ip)
if (ip[0] < offset)
ip[0] += nbytes;
- for (cnt = NEXTINDEX(h) - index; --cnt; ++ip)
+ for (cnt = NEXTINDEX(h) - idx; --cnt; ++ip)
ip[0] = ip[1] < offset ? ip[1] + nbytes : ip[1];
h->lower -= sizeof(indx_t);
/* If the cursor is on this page, adjust it as necessary. */
if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
!F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
- t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index > index)
+ t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index > idx)
--t->bt_cursor.pg.index;
return (RET_SUCCESS);
@@ -532,17 +532,17 @@ __bt_dleaf(t, key, h, index)
* t: tree
* key: referenced key (or NULL)
* h: page
- * index: index on page to delete
+ * idx: idx on page to delete
*
* Returns:
* RET_SUCCESS, RET_ERROR.
*/
static int
-__bt_curdel(t, key, h, index)
+__bt_curdel(t, key, h, idx)
BTREE *t;
const DBT *key;
PAGE *h;
- u_int index;
+ u_int idx;
{
CURSOR *c;
EPG e;
@@ -565,7 +565,7 @@ __bt_curdel(t, key, h, index)
*/
if (key == NULL) {
e.page = h;
- e.index = index;
+ e.index = idx;
if ((status = __bt_ret(t, &e,
&c->key, &c->key, NULL, NULL, 1)) != RET_SUCCESS)
return (status);
@@ -573,25 +573,25 @@ __bt_curdel(t, key, h, index)
key = &c->key;
}
/* Check previous key, if not at the beginning of the page. */
- if (index > 0) {
+ if (idx > 0) {
e.page = h;
- e.index = index - 1;
+ e.index = idx - 1;
if (__bt_cmp(t, key, &e) == 0) {
F_SET(c, CURS_BEFORE);
goto dup2;
}
}
/* Check next key, if not at the end of the page. */
- if (index < NEXTINDEX(h) - 1) {
+ if (idx < NEXTINDEX(h) - 1) {
e.page = h;
- e.index = index + 1;
+ e.index = idx + 1;
if (__bt_cmp(t, key, &e) == 0) {
F_SET(c, CURS_AFTER);
goto dup2;
}
}
/* Check previous key if at the beginning of the page. */
- if (index == 0 && h->prevpg != P_INVALID) {
+ if (idx == 0 && h->prevpg != P_INVALID) {
if ((pg = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL)
return (RET_ERROR);
e.page = pg;
@@ -603,7 +603,7 @@ __bt_curdel(t, key, h, index)
mpool_put(t->bt_mp, pg, 0);
}
/* Check next key if at the end of the page. */
- if (index == NEXTINDEX(h) - 1 && h->nextpg != P_INVALID) {
+ if (idx == NEXTINDEX(h) - 1 && h->nextpg != P_INVALID) {
if ((pg = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL)
return (RET_ERROR);
e.page = pg;
@@ -619,7 +619,7 @@ dup2: c->pg.pgno = e.page->pgno;
}
}
e.page = h;
- e.index = index;
+ e.index = idx;
if (curcopy || (status =
__bt_ret(t, &e, &c->key, &c->key, NULL, NULL, 1)) == RET_SUCCESS) {
F_SET(c, CURS_ACQUIRE);
diff --git a/usr/src/lib/krb5/db2/btree/bt_open.c b/usr/src/lib/krb5/db2/btree/bt_open.c
index 115572c970..2a92597a89 100644
--- a/usr/src/lib/krb5/db2/btree/bt_open.c
+++ b/usr/src/lib/krb5/db2/btree/bt_open.c
@@ -63,7 +63,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95";
#include "db-int.h"
#include "btree.h"
-#ifdef DEBUG_DB
+#ifdef DEBUG
#undef MINPSIZE
#define MINPSIZE 128
#endif
@@ -127,7 +127,7 @@ __bt_open(fname, flags, mode, openinfo, dflags)
*/
if (b.psize &&
(b.psize < MINPSIZE || b.psize > MAX_PAGE_OFFSET + 1 ||
- b.psize & sizeof(indx_t) - 1))
+ b.psize & (sizeof(indx_t) - 1)))
goto einval;
/* Minimum number of keys per page; absolute minimum is 2. */
@@ -247,7 +247,7 @@ __bt_open(fname, flags, mode, openinfo, dflags)
if (m.magic != BTREEMAGIC || m.version != BTREEVERSION)
goto eftype;
if (m.psize < MINPSIZE || m.psize > MAX_PAGE_OFFSET + 1 ||
- m.psize & sizeof(indx_t) - 1)
+ m.psize & (sizeof(indx_t) - 1))
goto eftype;
if (m.flags & ~SAVEMETA)
goto eftype;
@@ -280,8 +280,8 @@ __bt_open(fname, flags, mode, openinfo, dflags)
t->bt_psize = b.psize;
/* Set the cache size; must be a multiple of the page size. */
- if (b.cachesize && b.cachesize & b.psize - 1)
- b.cachesize += (~b.cachesize & b.psize - 1) + 1;
+ if (b.cachesize && b.cachesize & (b.psize - 1))
+ b.cachesize += (~b.cachesize & (b.psize - 1)) + 1;
if (b.cachesize < b.psize * MINCACHE)
b.cachesize = b.psize * MINCACHE;
diff --git a/usr/src/lib/krb5/db2/btree/bt_overflow.c b/usr/src/lib/krb5/db2/btree/bt_overflow.c
index 81b4477267..67ec6de624 100644
--- a/usr/src/lib/krb5/db2/btree/bt_overflow.c
+++ b/usr/src/lib/krb5/db2/btree/bt_overflow.c
@@ -95,7 +95,7 @@ __ovfl_get(t, p, ssz, buf, bufsz)
memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t));
*ssz = sz;
-#ifdef DEBUG_DB
+#ifdef DEBUG
if (pg == P_INVALID || sz == 0)
abort();
#endif
@@ -204,7 +204,7 @@ __ovfl_delete(t, p)
memmove(&pg, p, sizeof(db_pgno_t));
memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t));
-#ifdef DEBUG_DB
+#ifdef DEBUG
if (pg == P_INVALID || sz == 0)
abort();
#endif
diff --git a/usr/src/lib/krb5/db2/btree/bt_put.c b/usr/src/lib/krb5/db2/btree/bt_put.c
index dc552ef6fd..fd1b2edea8 100644
--- a/usr/src/lib/krb5/db2/btree/bt_put.c
+++ b/usr/src/lib/krb5/db2/btree/bt_put.c
@@ -74,9 +74,9 @@ __bt_put(dbp, key, data, flags)
{
BTREE *t;
DBT tkey, tdata;
- EPG *e;
+ EPG *e = 0;
PAGE *h;
- indx_t index, nxtindex;
+ indx_t idx, nxtindex;
db_pgno_t pg;
u_int32_t nbytes;
int dflags, exact, status;
@@ -126,24 +126,31 @@ __bt_put(dbp, key, data, flags)
dflags = 0;
if (key->size + data->size > t->bt_ovflsize) {
if (key->size > t->bt_ovflsize) {
+ u_int32_t yuck_this_is_gross_code;
storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR)
return (RET_ERROR);
tkey.data = kb;
tkey.size = NOVFLSIZE;
memmove(kb, &pg, sizeof(db_pgno_t));
+ yuck_this_is_gross_code = key->size;
+ if (yuck_this_is_gross_code != key->size)
+ abort ();
memmove(kb + sizeof(db_pgno_t),
- &key->size, sizeof(u_int32_t));
+ &yuck_this_is_gross_code, sizeof(u_int32_t));
dflags |= P_BIGKEY;
key = &tkey;
}
if (key->size + data->size > t->bt_ovflsize) {
+ u_int32_t yuck_this_is_gross_code = data->size;
if (__ovfl_put(t, data, &pg) == RET_ERROR)
return (RET_ERROR);
tdata.data = db;
tdata.size = NOVFLSIZE;
memmove(db, &pg, sizeof(db_pgno_t));
+ if (yuck_this_is_gross_code != data->size)
+ abort ();
memmove(db + sizeof(db_pgno_t),
- &data->size, sizeof(u_int32_t));
+ &yuck_this_is_gross_code, sizeof(u_int32_t));
dflags |= P_BIGDATA;
data = &tdata;
}
@@ -155,7 +162,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR)
if (flags == R_CURSOR) {
if ((h = mpool_get(t->bt_mp, t->bt_cursor.pg.pgno, 0)) == NULL)
return (RET_ERROR);
- index = t->bt_cursor.pg.index;
+ idx = t->bt_cursor.pg.index;
goto delete;
}
@@ -167,7 +174,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR)
if ((e = __bt_search(t, key, &exact)) == NULL)
return (RET_ERROR);
h = e->page;
- index = e->index;
+ idx = e->index;
/*
* Add the key/data pair to the tree. If an identical key is already
@@ -189,7 +196,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR)
* Note, the delete may empty the page, so we need to put a
* new entry into the page immediately.
*/
-delete: if (__bt_dleaf(t, key, h, index) == RET_ERROR) {
+delete: if (__bt_dleaf(t, key, h, idx) == RET_ERROR) {
mpool_put(t->bt_mp, h, 0);
return (RET_ERROR);
}
@@ -205,40 +212,41 @@ delete: if (__bt_dleaf(t, key, h, index) == RET_ERROR) {
nbytes = NBLEAFDBT(key->size, data->size);
if (h->upper - h->lower < nbytes + sizeof(indx_t)) {
if ((status = __bt_split(t, h, key,
- data, dflags, nbytes, index)) != RET_SUCCESS)
+ data, dflags, nbytes, idx)) != RET_SUCCESS)
return (status);
goto success;
}
- if (index < (nxtindex = NEXTINDEX(h)))
- memmove(h->linp + index + 1, h->linp + index,
- (nxtindex - index) * sizeof(indx_t));
+ if (idx < (nxtindex = NEXTINDEX(h)))
+ memmove(h->linp + idx + 1, h->linp + idx,
+ (nxtindex - idx) * sizeof(indx_t));
h->lower += sizeof(indx_t);
- h->linp[index] = h->upper -= nbytes;
+ h->linp[idx] = h->upper -= nbytes;
dest = (char *)h + h->upper;
WR_BLEAF(dest, key, data, dflags);
/* If the cursor is on this page, adjust it as necessary. */
if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
!F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
- t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index >= index)
+ t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index >= idx)
++t->bt_cursor.pg.index;
- if (t->bt_order == NOT)
+ if (t->bt_order == NOT) {
if (h->nextpg == P_INVALID) {
- if (index == NEXTINDEX(h) - 1) {
+ if (idx == NEXTINDEX(h) - 1) {
t->bt_order = FORWARD;
- t->bt_last.index = index;
+ t->bt_last.index = idx;
t->bt_last.pgno = h->pgno;
}
} else if (h->prevpg == P_INVALID) {
- if (index == 0) {
+ if (idx == 0) {
t->bt_order = BACK;
t->bt_last.index = 0;
t->bt_last.pgno = h->pgno;
}
}
+ }
mpool_put(t->bt_mp, h, MPOOL_DIRTY);
diff --git a/usr/src/lib/krb5/db2/btree/bt_search.c b/usr/src/lib/krb5/db2/btree/bt_search.c
index 773ab568e5..18f19b11cc 100644
--- a/usr/src/lib/krb5/db2/btree/bt_search.c
+++ b/usr/src/lib/krb5/db2/btree/bt_search.c
@@ -71,7 +71,7 @@ __bt_search(t, key, exactp)
int *exactp;
{
PAGE *h;
- indx_t base, index, lim;
+ indx_t base, idx, lim;
db_pgno_t pg;
int cmp;
@@ -83,7 +83,7 @@ __bt_search(t, key, exactp)
/* Do a binary search on the current page. */
t->bt_cur.page = h;
for (base = 0, lim = NEXTINDEX(h); lim; lim >>= 1) {
- t->bt_cur.index = index = base + (lim >> 1);
+ t->bt_cur.index = idx = base + (lim >> 1);
if ((cmp = __bt_cmp(t, key, &t->bt_cur)) == 0) {
if (h->flags & P_BLEAF) {
*exactp = 1;
@@ -92,7 +92,7 @@ __bt_search(t, key, exactp)
goto next;
}
if (cmp > 0) {
- base = index + 1;
+ base = idx + 1;
--lim;
}
}
@@ -128,10 +128,10 @@ __bt_search(t, key, exactp)
* be a parent page for the key. If a split later occurs, the
* inserted page will be to the right of the saved page.
*/
- index = base ? base - 1 : base;
+ idx = base ? base - 1 : base;
-next: BT_PUSH(t, h->pgno, index);
- pg = GETBINTERNAL(h, index)->pgno;
+next: BT_PUSH(t, h->pgno, idx);
+ pg = GETBINTERNAL(h, idx)->pgno;
mpool_put(t->bt_mp, h, 0);
}
}
@@ -159,7 +159,7 @@ __bt_snext(t, h, key, exactp)
BINTERNAL *bi;
EPG e;
EPGNO *parent;
- indx_t index;
+ indx_t idx;
db_pgno_t pgno;
int level;
@@ -190,8 +190,8 @@ __bt_snext(t, h, key, exactp)
/* Move to the next index. */
if (parent->index != NEXTINDEX(h) - 1) {
- index = parent->index + 1;
- BT_PUSH(t, h->pgno, index);
+ idx = parent->index + 1;
+ BT_PUSH(t, h->pgno, idx);
break;
}
mpool_put(t->bt_mp, h, 0);
@@ -200,7 +200,7 @@ __bt_snext(t, h, key, exactp)
/* Restore the stack. */
while (level--) {
/* Push the next level down onto the stack. */
- bi = GETBINTERNAL(h, index);
+ bi = GETBINTERNAL(h, idx);
pgno = bi->pgno;
BT_PUSH(t, pgno, 0);
@@ -210,7 +210,7 @@ __bt_snext(t, h, key, exactp)
/* Get the next level down. */
if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
return (0);
- index = 0;
+ idx = 0;
}
mpool_put(t->bt_mp, h, 0);
return (1);
@@ -239,7 +239,7 @@ __bt_sprev(t, h, key, exactp)
BINTERNAL *bi;
EPG e;
EPGNO *parent;
- indx_t index;
+ indx_t idx;
db_pgno_t pgno;
int level;
@@ -271,8 +271,8 @@ __bt_sprev(t, h, key, exactp)
/* Move to the next index. */
if (parent->index != 0) {
- index = parent->index - 1;
- BT_PUSH(t, h->pgno, index);
+ idx = parent->index - 1;
+ BT_PUSH(t, h->pgno, idx);
break;
}
mpool_put(t->bt_mp, h, 0);
@@ -281,7 +281,7 @@ __bt_sprev(t, h, key, exactp)
/* Restore the stack. */
while (level--) {
/* Push the next level down onto the stack. */
- bi = GETBINTERNAL(h, index);
+ bi = GETBINTERNAL(h, idx);
pgno = bi->pgno;
/* Lose the currently pinned page. */
@@ -291,8 +291,8 @@ __bt_sprev(t, h, key, exactp)
if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
return (1);
- index = NEXTINDEX(h) - 1;
- BT_PUSH(t, pgno, index);
+ idx = NEXTINDEX(h) - 1;
+ BT_PUSH(t, pgno, idx);
}
mpool_put(t->bt_mp, h, 0);
return (1);
diff --git a/usr/src/lib/krb5/db2/btree/bt_seq.c b/usr/src/lib/krb5/db2/btree/bt_seq.c
index 1407225d00..9d8fb48b6c 100644
--- a/usr/src/lib/krb5/db2/btree/bt_seq.c
+++ b/usr/src/lib/krb5/db2/btree/bt_seq.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -75,7 +75,7 @@ static char sccsid[] = "@(#)bt_seq.c 8.9 (Berkeley) 6/20/95";
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h> /* SUNWresync121 */
+#include <string.h>
#include "db-int.h"
#include "btree.h"
@@ -276,7 +276,7 @@ __bt_seqadv(t, ep, flags)
{
CURSOR *c;
PAGE *h;
- indx_t index;
+ indx_t idx;
db_pgno_t pg;
int exact, rval;
@@ -344,15 +344,15 @@ __bt_seqadv(t, ep, flags)
*/
if (F_ISSET(c, CURS_AFTER))
goto usecurrent;
- index = c->pg.index;
- if (++index == NEXTINDEX(h)) {
+ idx = c->pg.index;
+ if (++idx == NEXTINDEX(h)) {
pg = h->nextpg;
mpool_put(t->bt_mp, h, 0);
if (pg == P_INVALID)
return (RET_SPECIAL);
if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
return (RET_ERROR);
- index = 0;
+ idx = 0;
}
break;
case R_PREV: /* Previous record. */
@@ -367,22 +367,22 @@ usecurrent: F_CLR(c, CURS_AFTER | CURS_BEFORE);
ep->index = c->pg.index;
return (RET_SUCCESS);
}
- index = c->pg.index;
- if (index == 0) {
+ idx = c->pg.index;
+ if (idx == 0) {
pg = h->prevpg;
mpool_put(t->bt_mp, h, 0);
if (pg == P_INVALID)
return (RET_SPECIAL);
if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
return (RET_ERROR);
- index = NEXTINDEX(h) - 1;
+ idx = NEXTINDEX(h) - 1;
} else
- --index;
+ --idx;
break;
}
ep->page = h;
- ep->index = index;
+ ep->index = idx;
return (RET_SUCCESS);
}
@@ -502,10 +502,10 @@ __bt_first(t, key, erval, exactp)
* index: page index
*/
void
-__bt_setcur(t, pgno, index)
+__bt_setcur(t, pgno, idx)
BTREE *t;
db_pgno_t pgno;
- u_int index;
+ u_int idx;
{
/* Lose any already deleted key. */
if (t->bt_cursor.key.data != NULL) {
@@ -517,7 +517,7 @@ __bt_setcur(t, pgno, index)
/* Update the cursor. */
t->bt_cursor.pg.pgno = pgno;
- t->bt_cursor.pg.index = index;
+ t->bt_cursor.pg.index = idx;
F_SET(&t->bt_cursor, CURS_INIT);
}
diff --git a/usr/src/lib/krb5/db2/btree/extern.h b/usr/src/lib/krb5/db2/btree/extern.h
index bb545fe50c..f105107f58 100644
--- a/usr/src/lib/krb5/db2/btree/extern.h
+++ b/usr/src/lib/krb5/db2/btree/extern.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -114,7 +114,7 @@ int __ovfl_delete __P((BTREE *, void *));
int __ovfl_get __P((BTREE *, void *, size_t *, void **, size_t *));
int __ovfl_put __P((BTREE *, const DBT *, db_pgno_t *));
-#ifdef DEBUG_DB
+#ifdef DEBUG
int __bt_dnpage __P((DB *, db_pgno_t));
int __bt_dpage __P((DB *, PAGE *));
int __bt_dmpage __P((PAGE *));
diff --git a/usr/src/lib/krb5/db2/db/db.c b/usr/src/lib/krb5/db2/db/db.c
index 678832129f..286c7017e8 100644
--- a/usr/src/lib/krb5/db2/db/db.c
+++ b/usr/src/lib/krb5/db2/db/db.c
@@ -99,19 +99,3 @@ __dbpanic(dbp)
dbp->seq = (int (*)())__dberr;
dbp->sync = (int (*)())__dberr;
}
-
-/* global used to toggle display of debug messages */
-int g_displayDebugDB = 0;
-
-/*
- * debugging aid
- * call this function to enable/disable printing of debug messages
- * code must be compiled with DEBUG_DB
- */
-void debugDisplayDB(int onOff)
-{
-#if DEBUG_DB
-
- g_displayDebugDB = onOff;
-#endif
-}
diff --git a/usr/src/lib/krb5/db2/hash/dbm.c b/usr/src/lib/krb5/db2/hash/dbm.c
index 84a5e8b364..cdae51c0a3 100644
--- a/usr/src/lib/krb5/db2/hash/dbm.c
+++ b/usr/src/lib/krb5/db2/hash/dbm.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -234,7 +234,7 @@ kdb2_dbm_firstkey(db)
DBM *db;
{
int status;
- datum retdata, retkey;
+ datum retkey;
#ifdef NEED_COPY
DBT k, r;
@@ -243,6 +243,8 @@ kdb2_dbm_firstkey(db)
retkey.dptr = k.data;
retkey.dsize = k.size;
#else
+ datum retdata;
+
status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST);
#endif
if (status)
@@ -260,7 +262,7 @@ kdb2_dbm_nextkey(db)
DBM *db;
{
int status;
- datum retdata, retkey;
+ datum retkey;
#ifdef NEED_COPY
DBT k, r;
@@ -269,6 +271,8 @@ kdb2_dbm_nextkey(db)
retkey.dptr = k.data;
retkey.dsize = k.size;
#else
+ datum retdata;
+
status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT);
#endif
if (status)
diff --git a/usr/src/lib/krb5/db2/hash/hash.c b/usr/src/lib/krb5/db2/hash/hash.c
index c2769e2628..668b641179 100644
--- a/usr/src/lib/krb5/db2/hash/hash.c
+++ b/usr/src/lib/krb5/db2/hash/hash.c
@@ -46,16 +46,14 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95";
#include <sys/stat.h>
#include <errno.h>
-
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <libintl.h>
-#ifdef DEBUG_DB
+#ifdef DEBUG
#include <assert.h>
-extern int g_displayDebugDB;
#endif
#include "db-int.h"
@@ -64,7 +62,7 @@ extern int g_displayDebugDB;
#include "extern.h"
static int32_t flush_meta __P((HTAB *));
-static int32_t hash_access __P((HTAB *, ACTION, DBT *, DBT *));
+static int32_t hash_access __P((HTAB *, ACTION, const DBT *, DBT *));
static int32_t hash_close __P((DB *));
static int32_t hash_delete __P((const DB *, const DBT *, u_int32_t));
static int32_t hash_fd __P((const DB *));
@@ -76,7 +74,7 @@ static int32_t hdestroy __P((HTAB *));
static int32_t cursor_get __P((const DB *, CURSOR *, DBT *, DBT *, \
u_int32_t));
static int32_t cursor_delete __P((const DB *, CURSOR *, u_int32_t));
-static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *));
+static HTAB *init_hash __P((HTAB *, const char *, const HASHINFO *));
static int32_t init_htab __P((HTAB *, int32_t));
#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
static void swap_header __P((HTAB *));
@@ -140,9 +138,8 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
}
/* store the file name so that we can unlink it later */
- hashp->fname = (char *)file;
-#ifdef DEBUG_DB
- if (g_displayDebugDB)
+ hashp->fname = file;
+#ifdef DEBUG
fprintf(stderr, dgettext(TEXT_DOMAIN,
"Using file name %s.\n"), file);
#endif
@@ -171,7 +168,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
/* Process arguments to set up hash table header. */
if (new_table) {
- if (!(hashp = init_hash(hashp, file, (HASHINFO *)info)))
+ if (!(hashp = init_hash(hashp, file, info)))
RETURN_ERROR(errno, error1);
} else {
/* Table already exists */
@@ -257,9 +254,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
dbp->sync = hash_sync;
dbp->type = DB_HASH;
-#ifdef DEBUG_DB
- if (g_displayDebugDB) {
-
+#ifdef DEBUG
(void)fprintf(stderr,
"%s\n%s%lx\n%s%d\n%s%d\n%s%d\n%s%d\n%s%d\n%s%x\n%s%x\n%s%d\n%s%d\n",
"init_htab:",
@@ -273,7 +268,6 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
"HIGH MASK ", hashp->hdr.high_mask,
"LOW MASK ", hashp->hdr.low_mask,
"NKEYS ", hashp->hdr.nkeys);
- }
#endif
#ifdef HASH_STATISTICS
hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0;
@@ -292,7 +286,7 @@ error1:
error0:
if (!specified_file)
- free(hashp->fname);
+ free((void*)(hashp->fname)); /* SUNW14resync */
free(hashp);
errno = save_errno;
return (NULL);
@@ -336,7 +330,7 @@ static HTAB *
init_hash(hashp, file, info)
HTAB *hashp;
const char *file;
- HASHINFO *info;
+ const HASHINFO *info;
{
struct stat statbuf;
int32_t nelem;
@@ -393,7 +387,6 @@ init_htab(hashp, nelem)
int32_t nelem;
{
int32_t l2, nbuckets;
- db_pgno_t i;
/*
* Divide number of elements by the fill factor and determine a
@@ -572,9 +565,7 @@ hdestroy(hashp)
* files within mpool itself.
*/
if (hashp->fname && !hashp->save_file) {
-#ifdef DEBUG_DB
-
- if (g_displayDebugDB)
+#ifdef DEBUG
fprintf(stderr, dgettext(TEXT_DOMAIN,
"Unlinking file %s.\n"), hashp->fname);
#endif
@@ -582,7 +573,7 @@ hdestroy(hashp)
chmod(hashp->fname, 0700);
unlink(hashp->fname);
/* destroy the temporary name */
- free(hashp->fname);
+ free((void *)(hashp->fname)); /* SUNW14resync */
}
free(hashp);
@@ -672,7 +663,7 @@ hash_get(dbp, key, data, flag)
hashp->local_errno = errno = EINVAL;
return (ERROR);
}
- return (hash_access(hashp, HASH_GET, (DBT *)key, data));
+ return (hash_access(hashp, HASH_GET, key, data));
}
static int32_t
@@ -694,7 +685,7 @@ hash_put(dbp, key, data, flag)
return (ERROR);
}
return (hash_access(hashp, flag == R_NOOVERWRITE ?
- HASH_PUTNEW : HASH_PUT, (DBT *)key, (DBT *)data));
+ HASH_PUTNEW : HASH_PUT, key, (DBT *)data));
}
static int32_t
@@ -715,7 +706,7 @@ hash_delete(dbp, key, flag)
return (ERROR);
}
- return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL));
+ return (hash_access(hashp, HASH_DELETE, key, NULL));
}
/*
@@ -725,7 +716,8 @@ static int32_t
hash_access(hashp, action, key, val)
HTAB *hashp;
ACTION action;
- DBT *key, *val;
+ const DBT *key;
+ DBT *val;
{
DBT page_key, page_val;
CURSOR cursor;
diff --git a/usr/src/lib/krb5/db2/hash/hash.h b/usr/src/lib/krb5/db2/hash/hash.h
index f582e83eb6..f955307177 100644
--- a/usr/src/lib/krb5/db2/hash/hash.h
+++ b/usr/src/lib/krb5/db2/hash/hash.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -103,7 +103,7 @@ typedef struct htab { /* Memory resident data structure */
u_int32_t (*hash) __P((const void *, size_t)); /* Hash Function */
int32_t flags; /* Flag values */
int32_t fp; /* File pointer */
- char *fname; /* File path */
+ const char *fname; /* File path */
u_int8_t *bigdata_buf; /* Temporary Buffer for BIG data */
u_int8_t *bigkey_buf; /* Temporary Buffer for BIG keys */
u_int16_t *split_buf; /* Temporary buffer for splits */
diff --git a/usr/src/lib/krb5/db2/hash/hash_bigkey.c b/usr/src/lib/krb5/db2/hash/hash_bigkey.c
index 0f5307d8ca..a96b8aa985 100644
--- a/usr/src/lib/krb5/db2/hash/hash_bigkey.c
+++ b/usr/src/lib/krb5/db2/hash/hash_bigkey.c
@@ -62,7 +62,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.5 (Berkeley) 11/2/95";
#include <stdlib.h>
#include <string.h>
-#ifdef DEBUG_DB
+#ifdef DEBUG
#include <assert.h>
#endif
@@ -245,7 +245,7 @@ __find_bigpair(hashp, cursorp, key, size)
}
}
__put_page(hashp, pagep, A_RAW, 0);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(ksize >= 0);
#endif
if (ksize != 0) {
@@ -379,7 +379,7 @@ collect_key(hashp, pagep, len, last_page)
PAGE16 *next_pagep;
int32_t totlen, retval;
db_pgno_t next_pgno;
-#ifdef DEBUG_DB
+#ifdef DEBUG
db_pgno_t save_addr;
#endif
@@ -388,7 +388,7 @@ collect_key(hashp, pagep, len, last_page)
totlen = len + BIGKEYLEN(pagep);
if (hashp->bigkey_buf)
free(hashp->bigkey_buf);
- hashp->bigkey_buf = (unsigned char *)malloc(totlen);
+ hashp->bigkey_buf = (u_int8_t *)malloc(totlen);
if (!hashp->bigkey_buf)
return (-1);
memcpy(hashp->bigkey_buf + len,
@@ -402,7 +402,7 @@ collect_key(hashp, pagep, len, last_page)
if (BIGKEYLEN(pagep) == 0) {
if (hashp->bigkey_buf)
free(hashp->bigkey_buf);
- hashp->bigkey_buf = (unsigned char *)malloc(len);
+ hashp->bigkey_buf = (u_int8_t *)malloc(len);
return (hashp->bigkey_buf ? len : -1);
}
totlen = len + BIGKEYLEN(pagep);
@@ -414,12 +414,12 @@ collect_key(hashp, pagep, len, last_page)
next_pagep = __get_page(hashp, next_pgno, A_RAW);
if (!next_pagep)
return (-1);
-#ifdef DEBUG_DB
+#ifdef DEBUG
save_addr = ADDR(pagep);
#endif
retval = collect_key(hashp, next_pagep, totlen, last_page);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(save_addr == ADDR(pagep));
#endif
memcpy(hashp->bigkey_buf + len, BIGKEY(pagep), BIGKEYLEN(pagep));
@@ -446,7 +446,7 @@ collect_data(hashp, pagep, len)
PAGE16 *next_pagep;
int32_t totlen, retval;
db_pgno_t next_pgno;
-#ifdef DEBUG_DB
+#ifdef DEBUG
db_pgno_t save_addr;
#endif
@@ -455,7 +455,7 @@ collect_data(hashp, pagep, len)
if (hashp->bigdata_buf)
free(hashp->bigdata_buf);
totlen = len + BIGDATALEN(pagep);
- hashp->bigdata_buf = (unsigned char *)malloc(totlen);
+ hashp->bigdata_buf = (u_int8_t *)malloc(totlen);
if (!hashp->bigdata_buf)
return (-1);
memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
@@ -470,11 +470,11 @@ collect_data(hashp, pagep, len)
if (!next_pagep)
return (-1);
-#ifdef DEBUG_DB
+#ifdef DEBUG
save_addr = ADDR(pagep);
#endif
retval = collect_data(hashp, next_pagep, totlen);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(save_addr == ADDR(pagep));
#endif
memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
diff --git a/usr/src/lib/krb5/db2/hash/hash_func.c b/usr/src/lib/krb5/db2/hash/hash_func.c
index 0966a58b5d..8bbfa14ff4 100644
--- a/usr/src/lib/krb5/db2/hash/hash_func.c
+++ b/usr/src/lib/krb5/db2/hash/hash_func.c
@@ -47,9 +47,11 @@ static char sccsid[] = "@(#)hash_func.c 8.4 (Berkeley) 11/7/95";
#include "page.h"
#include "extern.h"
+#if 0
static u_int32_t hash1 __P((const void *, size_t));
static u_int32_t hash2 __P((const void *, size_t));
static u_int32_t hash3 __P((const void *, size_t));
+#endif
static u_int32_t hash4 __P((const void *, size_t));
/* Default hash function. */
@@ -64,6 +66,7 @@ u_int32_t (*__default_hash) __P((const void *, size_t)) = hash4;
#define PRIME1 37
#define PRIME2 1048583
+#if 0
static u_int32_t
hash1(key, len)
const void *key;
@@ -153,6 +156,8 @@ hash3(key, len)
}
return (n);
}
+#endif
+
/* Chris Torek's hash function. */
static u_int32_t
@@ -161,14 +166,14 @@ hash4(key, len)
size_t len;
{
u_int32_t h, loop;
- u_int8_t *k;
+ const u_int8_t *k;
#define HASH4a h = (h << 5) - h + *k++;
#define HASH4b h = (h << 5) + h + *k++;
#define HASH4 HASH4b
h = 0;
- k = (u_int8_t *)key;
+ k = (const u_int8_t *)key;
if (len > 0) {
loop = (len + 8 - 1) >> 3;
diff --git a/usr/src/lib/krb5/db2/hash/hash_log2.c b/usr/src/lib/krb5/db2/hash/hash_log2.c
index affacc42d4..5838823022 100644
--- a/usr/src/lib/krb5/db2/hash/hash_log2.c
+++ b/usr/src/lib/krb5/db2/hash/hash_log2.c
@@ -41,6 +41,9 @@ static char sccsid[] = "@(#)hash_log2.c 8.4 (Berkeley) 11/7/95";
#endif /* LIBC_SCCS and not lint */
#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
u_int32_t
__kdb2_log2(num)
diff --git a/usr/src/lib/krb5/db2/hash/hash_page.c b/usr/src/lib/krb5/db2/hash/hash_page.c
index 827a8ef96b..b95090def2 100644
--- a/usr/src/lib/krb5/db2/hash/hash_page.c
+++ b/usr/src/lib/krb5/db2/hash/hash_page.c
@@ -58,7 +58,7 @@ static char sccsid[] = "@(#)hash_page.c 8.11 (Berkeley) 11/7/95";
#include <sys/types.h>
-#ifdef DEBUG_DB
+#ifdef DEBUG
#include <assert.h>
#endif
#include <stdio.h>
@@ -82,7 +82,7 @@ static void putpair __P((PAGE8 *, const DBT *, const DBT *));
static void swap_page_header_in __P((PAGE16 *));
static void swap_page_header_out __P((PAGE16 *));
-#ifdef DEBUG_DB_SLOW
+#ifdef DEBUG_SLOW
static void account_page(HTAB *, db_pgno_t, int);
#endif
@@ -215,12 +215,12 @@ __get_item_next(hashp, cursorp, key, val, item_info)
DBT *key, *val;
ITEM_INFO *item_info;
{
- int stat;
+ int status;
- stat = __get_item(hashp, cursorp, key, val, item_info);
+ status = __get_item(hashp, cursorp, key, val, item_info);
cursorp->ndx++;
cursorp->pgndx++;
- return (stat);
+ return (status);
}
/*
@@ -323,7 +323,7 @@ __delpair(hashp, cursorp, item_info)
--ndx;
} else
pagep = cursorp->pagep;
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(ADDR(pagep) == cursorp->pgno);
#endif
@@ -379,7 +379,7 @@ __delpair(hashp, cursorp, item_info)
for (n = ndx; n < NUM_ENT(pagep) - 1; n++)
if (KEY_OFF(pagep, (n + 1)) != BIGPAIR) {
next_key = next_realkey(pagep, n);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(next_key != -1);
#endif
KEY_OFF(pagep, n) = KEY_OFF(pagep, (n + 1)) + delta;
@@ -413,7 +413,7 @@ __delpair(hashp, cursorp, item_info)
return (-1);
while (NEXT_PGNO(pagep) != to_find) {
next_pgno = NEXT_PGNO(pagep);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(next_pgno != INVALID_PGNO);
#endif
__put_page(hashp, pagep, A_RAW, 0);
@@ -669,7 +669,7 @@ add_bigptr(hashp, item_info, big_pgno)
pagep = __add_ovflpage(hashp, pagep);
if (!pagep)
return (-1);
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(BIGPAIRFITS(pagep));
#endif
}
@@ -819,7 +819,7 @@ __new_page(hashp, addr, addr_type)
pagep = mpool_new(hashp->mp, &paddr, MPOOL_PAGE_REQUEST);
if (!pagep)
return (-1);
-#if DEBUG_DB_SLOW
+#if DEBUG_SLOW
account_page(hashp, paddr, 1);
#endif
@@ -938,7 +938,7 @@ __put_page(hashp, pagep, addr_type, is_dirty)
PAGE16 *pagep;
int32_t addr_type, is_dirty;
{
-#if DEBUG_DB_SLOW
+#if DEBUG_SLOW
account_page(hashp,
((BKT *)((char *)pagep - sizeof(BKT)))->pgno, -1);
#endif
@@ -974,10 +974,10 @@ __get_page(hashp, addr, addr_type)
}
pagep = (PAGE16 *)mpool_get(hashp->mp, paddr, 0);
-#if DEBUG_DB_SLOW
+#if DEBUG_SLOW
account_page(hashp, paddr, 1);
#endif
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(ADDR(pagep) == paddr || ADDR(pagep) == 0 ||
addr_type == A_BITMAP || addr_type == A_HEADER);
#endif
@@ -1079,7 +1079,7 @@ overflow_page(hashp)
int32_t bit, first_page, free_bit, free_page, i, in_use_bits, j;
int32_t max_free, offset, splitnum;
u_int16_t addr;
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
int32_t tmp1, tmp2;
#endif
@@ -1158,7 +1158,7 @@ overflow_page(hashp)
(int32_t)OADDR_OF(splitnum, offset), 1, free_page))
return (0);
hashp->hdr.spares[splitnum]++;
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
free_bit = 2;
#endif
offset++;
@@ -1185,7 +1185,7 @@ overflow_page(hashp)
/* Calculate address of the new overflow page */
addr = OADDR_OF(splitnum, offset);
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
(void)fprintf(stderr, dgettext(TEXT_DOMAIN,
"OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n"),
addr, free_bit, free_page);
@@ -1200,7 +1200,7 @@ overflow_page(hashp)
found:
bit = bit + first_free(freep[j]);
SETBIT(freep, bit);
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
tmp1 = bit;
tmp2 = i;
#endif
@@ -1219,7 +1219,7 @@ found:
if (offset >= SPLITMASK)
return (0); /* Out of overflow pages */
addr = OADDR_OF(i, offset);
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
(void)fprintf(stderr, dgettext(TEXT_DOMAIN,
"OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n"),
addr, tmp1, tmp2);
@@ -1233,7 +1233,7 @@ found:
return (addr);
}
-#ifdef DEBUG_DB
+#ifdef DEBUG
int
bucket_to_page(hashp, n)
HTAB *hashp;
@@ -1260,7 +1260,7 @@ oaddr_to_page(hashp, n)
return (ret_val);
}
-#endif /* DEBUG_DB */
+#endif /* DEBUG */
static indx_t
page_to_oaddr(hashp, pgno)
@@ -1287,7 +1287,7 @@ page_to_oaddr(hashp, pgno)
ret_val = OADDR_OF(sp + 1,
pgno - ((POW2(sp + 1) - 1) + hashp->hdr.spares[sp]));
-#ifdef DEBUG_DB
+#ifdef DEBUG
assert(OADDR_TO_PAGE(ret_val) == (pgno + hashp->hdr.hdrpages));
#endif
return (ret_val);
@@ -1307,7 +1307,7 @@ __free_ovflpage(hashp, pagep)
addr = page_to_oaddr(hashp, ADDR(pagep));
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
(void)fprintf(stderr, dgettext(TEXT_DOMAIN,
"Freeing %d\n"), addr);
#endif
@@ -1320,7 +1320,7 @@ __free_ovflpage(hashp, pagep)
free_bit = bit_address & ((hashp->hdr.bsize << BYTE_SHIFT) - 1);
freep = fetch_bitmap(hashp, free_page);
-#ifdef DEBUG_DB
+#ifdef DEBUG
/*
* This had better never happen. It means we tried to read a bitmap
* that has already had overflow pages allocated off it, and we
@@ -1330,7 +1330,7 @@ __free_ovflpage(hashp, pagep)
assert(0);
#endif
CLRBIT(freep, free_bit);
-#ifdef DEBUG_DB2
+#ifdef DEBUG2
(void)fprintf(stderr, dgettext(TEXT_DOMAIN,
"FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n"),
obufp->addr, free_bit, free_page);
@@ -1351,7 +1351,7 @@ fetch_bitmap(hashp, ndx)
return (hashp->mapp[ndx]);
}
-#ifdef DEBUG_DB_SLOW
+#ifdef DEBUG_SLOW
static void
account_page(hashp, pgno, inout)
HTAB *hashp;
@@ -1391,4 +1391,4 @@ account_page(hashp, pgno, inout)
"Warning: pg %d has been out for %d times\n"),
list[i].pgno, list[i].times);
}
-#endif /* DEBUG_DB_SLOW */
+#endif /* DEBUG_SLOW */
diff --git a/usr/src/lib/krb5/db2/hash/hsearch.c b/usr/src/lib/krb5/db2/hash/hsearch.c
index 64b932c582..06b4bccfe1 100644
--- a/usr/src/lib/krb5/db2/hash/hsearch.c
+++ b/usr/src/lib/krb5/db2/hash/hsearch.c
@@ -70,7 +70,7 @@ hcreate(nel)
extern ENTRY *
hsearch(item, action)
ENTRY item;
- SEARCH_ACTION action;
+ ACTION action;
{
DBT key, val;
int status;
diff --git a/usr/src/lib/krb5/db2/hash/search.h b/usr/src/lib/krb5/db2/hash/search.h
index fc90b16806..9cb65b7a64 100644
--- a/usr/src/lib/krb5/db2/hash/search.h
+++ b/usr/src/lib/krb5/db2/hash/search.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -58,7 +58,7 @@ typedef struct entry {
typedef enum {
FIND, ENTER
-} SEARCH_ACTION;
+} ACTION;
#define hcreate kdb2_hcreate
#define hdestroy kdb2_hdestroy
@@ -66,7 +66,7 @@ typedef enum {
int hcreate __P((unsigned int));
void hdestroy __P((void));
-ENTRY *hsearch __P((ENTRY, SEARCH_ACTION));
+ENTRY *hsearch __P((ENTRY, ACTION));
#ifdef __cplusplus
}
diff --git a/usr/src/lib/krb5/db2/include/db-int.h b/usr/src/lib/krb5/db2/include/db-int.h
index 37f6a0a377..c5c43a481a 100644
--- a/usr/src/lib/krb5/db2/include/db-int.h
+++ b/usr/src/lib/krb5/db2/include/db-int.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -52,22 +52,91 @@ extern "C" {
#include <db.h>
-/* deal with autoconf-based stuff (db.h includes db-config.h) */
+/* deal with autoconf-based stuff */
-#ifndef HAVE_MEMMOVE
-#define memmove my_memmove
+#define DB_LITTLE_ENDIAN 1234
+#define DB_BIG_ENDIAN 4321
+
+#include <stdlib.h>
+#ifdef HAVE_ENDIAN_H
+# include <endian.h>
+#endif
+#ifdef HAVE_MACHINE_ENDIAN_H
+# include <machine/endian.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
#endif
-#ifndef HAVE_MKSTEMP
-#define mkstemp my_mkstemp
+/* SUNW14resync:
+ The following code is disabled as it correctly determines the
+ endianness of the system. This would break backward compatability
+ for x86 as prior to this resync all architectures are treated
+ similarily - as big endian. See definition of "WORDS_BIGENDIAN" in
+ db-config.h.
+*/
+#if 0
+/* Handle both BIG and LITTLE defined and BYTE_ORDER matches one, or
+ just one defined; both with and without leading underscores.
+
+ Ignore "PDP endian" machines, this code doesn't support them
+ anyways. */
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN__
+# define LITTLE_ENDIAN __LITTLE_ENDIAN__
+# endif
+# ifdef __BIG_ENDIAN__
+# define BIG_ENDIAN __BIG_ENDIAN__
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef _LITTLE_ENDIAN
+# define LITTLE_ENDIAN _LITTLE_ENDIAN
+# endif
+# ifdef _BIG_ENDIAN
+# define BIG_ENDIAN _BIG_ENDIAN
+# endif
+# ifdef _BYTE_ORDER
+# define BYTE_ORDER _BYTE_ORDER
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN
+# define LITTLE_ENDIAN __LITTLE_ENDIAN
+# endif
+# ifdef __BIG_ENDIAN
+# define BIG_ENDIAN __BIG_ENDIAN
+# endif
+# ifdef __BYTE_ORDER
+# define BYTE_ORDER __BYTE_ORDER
+# endif
+#endif
+
+#if defined(_MIPSEL) && !defined(LITTLE_ENDIAN)
+# define LITTLE_ENDIAN
+#endif
+#if defined(_MIPSEB) && !defined(BIG_ENDIAN)
+# define BIG_ENDIAN
+#endif
+
+#if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) && defined(BYTE_ORDER)
+# if LITTLE_ENDIAN == BYTE_ORDER
+# define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+# elif BIG_ENDIAN == BYTE_ORDER
+# define DB_BYTE_ORDER DB_BIG_ENDIAN
+# else
+# error "LITTLE_ENDIAN and BIG_ENDIAN defined, but can't determine byte order"
+# endif
+#elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
+# define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+#elif defined(BIG_ENDIAN) && !defined(LITTLE_ENDIAN)
+# define DB_BYTE_ORDER DB_BIG_ENDIAN
+#else
+# error "can't determine byte order from included system headers"
#endif
-#ifndef HAVE_STRERROR
-#define strerror my_strerror
#endif
-#define DB_LITTLE_ENDIAN 1234
-#define DB_BIG_ENDIAN 4321
#ifdef WORDS_BIGENDIAN
#define DB_BYTE_ORDER DB_BIG_ENDIAN
@@ -86,6 +155,13 @@ extern "C" {
#include <fcntl.h>
#include <stdio.h>
#include <errno.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+/* Tru64 5.1: int8_t is defined here, and stdint.h doesn't exist. */
+#include <inttypes.h>
+#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
@@ -227,7 +303,6 @@ void __dbpanic __P((DB *dbp));
#ifndef O_BINARY
#define O_BINARY 0 /* Needed for Win32 compiles */
#endif
-
#endif /* _DB_INT_H_ */
#ifdef __cplusplus
diff --git a/usr/src/lib/krb5/db2/include/db-queue.h b/usr/src/lib/krb5/db2/include/db-queue.h
index 6f09a66805..983c444d59 100644
--- a/usr/src/lib/krb5/db2/include/db-queue.h
+++ b/usr/src/lib/krb5/db2/include/db-queue.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#ifndef _KRB5_DB2_DBQUEUE_H
@@ -47,6 +47,9 @@ extern "C" {
* @(#)queue.h 8.3 (Berkeley) 12/13/93
*/
+#ifndef _QUEUE_H_
+#define _QUEUE_H_
+
/*
* This file defines three types of data structures: lists, tail queues,
* and circular queues.
@@ -253,6 +256,7 @@ struct { \
(elm)->field.cqe_prev->field.cqe_next = \
(elm)->field.cqe_next; \
}
+#endif /* !_QUEUE_H_ */
#ifdef __cplusplus
}
diff --git a/usr/src/lib/krb5/db2/mapfile-vers b/usr/src/lib/krb5/db2/mapfile-vers
index cb677fcf4e..a986849ad8 100644
--- a/usr/src/lib/krb5/db2/mapfile-vers
+++ b/usr/src/lib/krb5/db2/mapfile-vers
@@ -36,7 +36,7 @@ SUNW_1.1 {
SUNWprivate_1.1 {
global:
- debugDisplayDB;
+ kdb2_bt_rseq;
kdb2_dbm_clearerr;
kdb2_dbm_close;
kdb2_dbm_delete;
@@ -44,10 +44,10 @@ SUNWprivate_1.1 {
kdb2_dbm_error;
kdb2_dbm_fetch;
kdb2_dbm_firstkey;
- kdb2_dbminit;
kdb2_dbm_nextkey;
kdb2_dbm_open;
kdb2_dbm_store;
+ kdb2_dbminit;
kdb2_dbopen;
kdb2_delete;
kdb2_fetch;
@@ -55,16 +55,16 @@ SUNWprivate_1.1 {
kdb2_hcreate;
kdb2_hdestroy;
kdb2_hsearch;
+ kdb2_mpool_close;
+ kdb2_mpool_delete;
+ kdb2_mpool_filter;
+ kdb2_mpool_get;
+ kdb2_mpool_new;
+ kdb2_mpool_open;
+ kdb2_mpool_put;
+ kdb2_mpool_sync;
kdb2_nextkey;
kdb2_store;
- mpool_close;
- mpool_delete;
- mpool_filter;
- mpool_get;
- mpool_new;
- mpool_open;
- mpool_put;
- mpool_sync;
local:
*;
};
diff --git a/usr/src/lib/krb5/db2/mpool/mpool.c b/usr/src/lib/krb5/db2/mpool/mpool.c
index f8c2d3648d..2881fb813a 100644
--- a/usr/src/lib/krb5/db2/mpool/mpool.c
+++ b/usr/src/lib/krb5/db2/mpool/mpool.c
@@ -53,11 +53,6 @@ static BKT *mpool_bkt __P((MPOOL *));
static BKT *mpool_look __P((MPOOL *, db_pgno_t));
static int mpool_write __P((MPOOL *, BKT *));
-#if DEBUG_DB
-
-extern int g_displayDebugDB;
-#endif
-
/*
* mpool_open --
* Initialize a memory pool.
@@ -165,13 +160,10 @@ mpool_delete(mp, page)
bp = (BKT *)((char *)page - sizeof(BKT));
-#ifdef DEBUG_DB
+#ifdef DEBUG
if (!(bp->flags & MPOOL_PINNED)) {
- if (g_displayDebugDB) {
- fprintf(stderr,
- "mpool_delete: page %d not pinned\n",
- bp->pgno);
- }
+ (void)fprintf(stderr,
+ "mpool_delete: page %d not pinned\n", bp->pgno);
abort();
}
#endif
@@ -206,13 +198,10 @@ mpool_get(mp, pgno, flags)
/* Check for a page that is cached. */
if ((bp = mpool_look(mp, pgno)) != NULL) {
-#ifdef DEBUG_DB
+#ifdef DEBUG
if (!(flags & MPOOL_IGNOREPIN) && bp->flags & MPOOL_PINNED) {
- if (g_displayDebugDB) {
- fprintf(stderr,
- "mpool_get: page %d already pinned\n",
- bp->pgno);
- }
+ (void)fprintf(stderr,
+ "mpool_get: page %d already pinned\n", bp->pgno);
abort();
}
#endif
@@ -240,6 +229,12 @@ mpool_get(mp, pgno, flags)
++mp->pageread;
#endif
off = mp->pagesize * pgno;
+ if (off / mp->pagesize != pgno) {
+ /* Run past the end of the file, or at least the part we
+ can address without large-file support? */
+ errno = E2BIG;
+ return NULL;
+ }
if (lseek(mp->fd, off, SEEK_SET) != off)
return (NULL);
@@ -294,13 +289,10 @@ mpool_put(mp, page, flags)
++mp->pageput;
#endif
bp = (BKT *)((char *)page - sizeof(BKT));
-#ifdef DEBUG_DB
+#ifdef DEBUG
if (!(bp->flags & MPOOL_PINNED)) {
- if (g_displayDebugDB) {
- fprintf(stderr,
- "mpool_put: page %d not pinned\n",
- bp->pgno);
- }
+ (void)fprintf(stderr,
+ "mpool_put: page %d not pinned\n", bp->pgno);
abort();
}
#endif
@@ -387,7 +379,7 @@ mpool_bkt(mp)
head = &mp->hqh[HASHKEY(bp->pgno)];
CIRCLEQ_REMOVE(head, bp, hq);
CIRCLEQ_REMOVE(&mp->lqh, bp, q);
-#ifdef DEBUG_DB
+#ifdef DEBUG
{ void *spage;
spage = bp->page;
memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
@@ -403,7 +395,7 @@ new: if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL)
#ifdef STATISTICS
++mp->pagealloc;
#endif
-#if defined(DEBUG_DB) || defined(PURIFY)
+#if defined(DEBUG) || defined(PURIFY)
memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
#endif
bp->page = (char *)bp + sizeof(BKT);
@@ -432,6 +424,12 @@ mpool_write(mp, bp)
(mp->pgout)(mp->pgcookie, bp->pgno, bp->page);
off = mp->pagesize * bp->pgno;
+ if (off / mp->pagesize != bp->pgno) {
+ /* Run past the end of the file, or at least the part we
+ can address without large-file support? */
+ errno = E2BIG;
+ return RET_ERROR;
+ }
if (lseek(mp->fd, off, SEEK_SET) != off)
return (RET_ERROR);
if (write(mp->fd, bp->page, mp->pagesize) != mp->pagesize)
diff --git a/usr/src/lib/krb5/db2/mpool/mpool.h b/usr/src/lib/krb5/db2/mpool/mpool.h
index 7f354a5548..4963b1f074 100644
--- a/usr/src/lib/krb5/db2/mpool/mpool.h
+++ b/usr/src/lib/krb5/db2/mpool/mpool.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#ifndef _KRB5_DB2_MPOOL_MPOOL_H
@@ -105,6 +105,16 @@ typedef struct MPOOL {
#define MPOOL_PAGE_NEXT 0x02 /* Allocate a new page with the next
page number. */
+#define mpool_open kdb2_mpool_open
+#define mpool_filter kdb2_mpool_filter
+#define mpool_new kdb2_mpool_new
+#define mpool_get kdb2_mpool_get
+#define mpool_delete kdb2_mpool_delete
+#define mpool_put kdb2_mpool_put
+#define mpool_sync kdb2_mpool_sync
+#define mpool_close kdb2_mpool_close
+#define mpool_stat kdb2_mpool_stat
+
__BEGIN_DECLS
MPOOL *mpool_open __P((void *, int, db_pgno_t, db_pgno_t));
void mpool_filter __P((MPOOL *, void (*)(void *, db_pgno_t, void *),
diff --git a/usr/src/lib/krb5/db2/recno/extern.h b/usr/src/lib/krb5/db2/recno/extern.h
index 40027665c3..366396ecb4 100644
--- a/usr/src/lib/krb5/db2/recno/extern.h
+++ b/usr/src/lib/krb5/db2/recno/extern.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 1997-2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#ifndef _KRB5_DB2_RECNO_EXTERN_H
@@ -50,6 +50,24 @@ extern "C" {
#include "../btree/extern.h"
+#define __rec_close __kdb2_rec_close
+#define __rec_delete __kdb2_rec_delete
+#define __rec_dleaf __kdb2_rec_dleaf
+#define __rec_fd __kdb2_rec_fd
+#define __rec_fmap __kdb2_rec_fmap
+#define __rec_fout __kdb2_rec_fout
+#define __rec_fpipe __kdb2_rec_fpipe
+#define __rec_get __kdb2_rec_get
+#define __rec_iput __kdb2_rec_iput
+#define __rec_put __kdb2_rec_put
+#define __rec_ret __kdb2_rec_ret
+#define __rec_search __kdb2_rec_search
+#define __rec_seq __kdb2_rec_seq
+#define __rec_sync __kdb2_rec_sync
+#define __rec_vmap __kdb2_rec_vmap
+#define __rec_vout __kdb2_rec_vout
+#define __rec_vpipe __kdb2_rec_vpipe
+
int __rec_close __P((DB *));
int __rec_delete __P((const DB *, const DBT *, u_int));
int __rec_dleaf __P((BTREE *, PAGE *, u_int32_t));
diff --git a/usr/src/lib/krb5/db2/recno/rec_close.c b/usr/src/lib/krb5/db2/recno/rec_close.c
index c2f53b17a9..c7bd9a5fdc 100644
--- a/usr/src/lib/krb5/db2/recno/rec_close.c
+++ b/usr/src/lib/krb5/db2/recno/rec_close.c
@@ -85,13 +85,14 @@ __rec_close(dbp)
status = RET_ERROR;
#endif
- if (!F_ISSET(t, R_INMEM))
+ if (!F_ISSET(t, R_INMEM)) {
if (F_ISSET(t, R_CLOSEFP)) {
if (fclose(t->bt_rfp))
status = RET_ERROR;
} else
if (close(t->bt_rfd))
status = RET_ERROR;
+ }
if (__bt_close(dbp) == RET_ERROR)
status = RET_ERROR;
diff --git a/usr/src/lib/krb5/db2/recno/rec_delete.c b/usr/src/lib/krb5/db2/recno/rec_delete.c
index 5651808aaa..5c6f2ebfcd 100644
--- a/usr/src/lib/krb5/db2/recno/rec_delete.c
+++ b/usr/src/lib/krb5/db2/recno/rec_delete.c
@@ -147,16 +147,16 @@ rec_rdelete(t, nrec)
*
* Parameters:
* t: tree
- * index: index on current page to delete
+ * idx: index on current page to delete
*
* Returns:
* RET_SUCCESS, RET_ERROR.
*/
int
-__rec_dleaf(t, h, index)
+__rec_dleaf(t, h, idx)
BTREE *t;
PAGE *h;
- u_int32_t index;
+ u_int32_t idx;
{
RLEAF *rl;
indx_t *ip, cnt, offset;
@@ -174,7 +174,7 @@ __rec_dleaf(t, h, index)
* down, overwriting the deleted record and its index. If the record
* uses overflow pages, make them available for reuse.
*/
- to = rl = GETRLEAF(h, index);
+ to = rl = GETRLEAF(h, idx);
if (rl->flags & P_BIGDATA && __ovfl_delete(t, rl->bytes) == RET_ERROR)
return (RET_ERROR);
nbytes = NRLEAF(rl);
@@ -187,8 +187,8 @@ __rec_dleaf(t, h, index)
memmove(from + nbytes, from, (char *)to - from);
h->upper += nbytes;
- offset = h->linp[index];
- for (cnt = &h->linp[index] - (ip = &h->linp[0]); cnt--; ++ip)
+ offset = h->linp[idx];
+ for (cnt = &h->linp[idx] - (ip = &h->linp[0]); cnt--; ++ip)
if (ip[0] < offset)
ip[0] += nbytes;
for (cnt = &h->linp[NEXTINDEX(h)] - ip; --cnt; ++ip)
diff --git a/usr/src/lib/krb5/db2/recno/rec_open.c b/usr/src/lib/krb5/db2/recno/rec_open.c
index 22a6c73f7a..48f933eb56 100644
--- a/usr/src/lib/krb5/db2/recno/rec_open.c
+++ b/usr/src/lib/krb5/db2/recno/rec_open.c
@@ -70,7 +70,7 @@ __rec_open(fname, flags, mode, openinfo, dflags)
int rfd, sverrno;
/* Open the user's file -- if this fails, we're done. */
- if (fname != NULL && (rfd = open(fname, flags, mode)) < 0)
+ if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
return (NULL);
/* Create a btree in memory (backed by disk). */
@@ -87,9 +87,9 @@ __rec_open(fname, flags, mode, openinfo, dflags)
btopeninfo.prefix = NULL;
btopeninfo.lorder = openinfo->lorder;
dbp = __bt_open(openinfo->bfname,
- O_RDWR, S_IRUSR | S_IWUSR, &btopeninfo, dflags);
+ O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, &btopeninfo, dflags);
} else
- dbp = __bt_open(NULL, O_RDWR, S_IRUSR | S_IWUSR, NULL, dflags);
+ dbp = __bt_open(NULL, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, NULL, dflags);
if (dbp == NULL)
goto err;
@@ -132,7 +132,7 @@ __rec_open(fname, flags, mode, openinfo, dflags)
default:
goto einval;
}
-slow: if ((t->bt_rfp = fdopen(rfd, "r")) == NULL)
+slow: if ((t->bt_rfp = fdopen(rfd, "rb")) == NULL)
goto err;
F_SET(t, R_CLOSEFP);
t->bt_irec =
diff --git a/usr/src/lib/krb5/db2/recno/rec_put.c b/usr/src/lib/krb5/db2/recno/rec_put.c
index b15d759a55..5474a50d86 100644
--- a/usr/src/lib/krb5/db2/recno/rec_put.c
+++ b/usr/src/lib/krb5/db2/recno/rec_put.c
@@ -198,7 +198,7 @@ __rec_iput(t, nrec, data, flags)
DBT tdata;
EPG *e;
PAGE *h;
- indx_t index, nxtindex;
+ indx_t idx, nxtindex;
db_pgno_t pg;
u_int32_t nbytes;
int dflags, status;
@@ -229,7 +229,7 @@ __rec_iput(t, nrec, data, flags)
return (RET_ERROR);
h = e->page;
- index = e->index;
+ idx = e->index;
/*
* Add the specified key/data pair to the tree. The R_IAFTER and
@@ -239,13 +239,13 @@ __rec_iput(t, nrec, data, flags)
*/
switch (flags) {
case R_IAFTER:
- ++index;
+ ++idx;
break;
case R_IBEFORE:
break;
default:
if (nrec < t->bt_nrecs &&
- __rec_dleaf(t, h, index) == RET_ERROR) {
+ __rec_dleaf(t, h, idx) == RET_ERROR) {
mpool_put(t->bt_mp, h, 0);
return (RET_ERROR);
}
@@ -259,18 +259,18 @@ __rec_iput(t, nrec, data, flags)
*/
nbytes = NRLEAFDBT(data->size);
if (h->upper - h->lower < nbytes + sizeof(indx_t)) {
- status = __bt_split(t, h, NULL, data, dflags, nbytes, index);
+ status = __bt_split(t, h, NULL, data, dflags, nbytes, idx);
if (status == RET_SUCCESS)
++t->bt_nrecs;
return (status);
}
- if (index < (nxtindex = NEXTINDEX(h)))
- memmove(h->linp + index + 1, h->linp + index,
- (nxtindex - index) * sizeof(indx_t));
+ if (idx < (nxtindex = NEXTINDEX(h)))
+ memmove(h->linp + idx + 1, h->linp + idx,
+ (nxtindex - idx) * sizeof(indx_t));
h->lower += sizeof(indx_t);
- h->linp[index] = h->upper -= nbytes;
+ h->linp[idx] = h->upper -= nbytes;
dest = (char *)h + h->upper;
WR_RLEAF(dest, data, dflags);
diff --git a/usr/src/lib/krb5/db2/recno/rec_search.c b/usr/src/lib/krb5/db2/recno/rec_search.c
index 733e1a9b1f..5af988c1e7 100644
--- a/usr/src/lib/krb5/db2/recno/rec_search.c
+++ b/usr/src/lib/krb5/db2/recno/rec_search.c
@@ -68,7 +68,7 @@ __rec_search(t, recno, op)
recno_t recno;
enum SRCHOP op;
{
- register indx_t index;
+ register indx_t idx;
register PAGE *h;
EPGNO *parent;
RINTERNAL *r;
@@ -86,23 +86,23 @@ __rec_search(t, recno, op)
t->bt_cur.index = recno - total;
return (&t->bt_cur);
}
- for (index = 0, top = NEXTINDEX(h);;) {
- r = GETRINTERNAL(h, index);
- if (++index == top || total + r->nrecs > recno)
+ for (idx = 0, top = NEXTINDEX(h);;) {
+ r = GETRINTERNAL(h, idx);
+ if (++idx == top || total + r->nrecs > recno)
break;
total += r->nrecs;
}
- BT_PUSH(t, pg, index - 1);
+ BT_PUSH(t, pg, idx - 1);
pg = r->pgno;
switch (op) {
case SDELETE:
- --GETRINTERNAL(h, (index - 1))->nrecs;
+ --GETRINTERNAL(h, (idx - 1))->nrecs;
mpool_put(t->bt_mp, h, MPOOL_DIRTY);
break;
case SINSERT:
- ++GETRINTERNAL(h, (index - 1))->nrecs;
+ ++GETRINTERNAL(h, (idx - 1))->nrecs;
mpool_put(t->bt_mp, h, MPOOL_DIRTY);
break;
case SEARCH:
diff --git a/usr/src/lib/krb5/db2/recno/rec_seq.c b/usr/src/lib/krb5/db2/recno/rec_seq.c
index 8f26ee0c44..d72577f584 100644
--- a/usr/src/lib/krb5/db2/recno/rec_seq.c
+++ b/usr/src/lib/krb5/db2/recno/rec_seq.c
@@ -33,7 +33,7 @@
* SUCH DAMAGE.
*/
-#ifndef lint
+#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)rec_seq.c 8.3 (Berkeley) 7/14/94";
#endif /* not lint */
diff --git a/usr/src/lib/krb5/kadm5/adb.h b/usr/src/lib/krb5/kadm5/adb.h
index 6c6f6a53bc..28448888d5 100644
--- a/usr/src/lib/krb5/kadm5/adb.h
+++ b/usr/src/lib/krb5/kadm5/adb.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -69,8 +69,10 @@ typedef struct _osa_adb_db_ent_t {
int magic;
DB *db;
HASHINFO info;
+ BTREEINFO btinfo;
char *filename;
osa_adb_lock_t lock;
+ int opencnt;
} osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t;
/* an osa_pw_hist_ent stores all the key_datas for a single password */
@@ -92,12 +94,12 @@ typedef struct _osa_princ_ent_t {
typedef struct _osa_policy_ent_t {
int version;
char *name;
- rpc_u_int32 pw_min_life;
- rpc_u_int32 pw_max_life;
- rpc_u_int32 pw_min_length;
- rpc_u_int32 pw_min_classes;
- rpc_u_int32 pw_history_num;
- rpc_u_int32 policy_refcnt;
+ uint32_t pw_min_life;
+ uint32_t pw_max_life;
+ uint32_t pw_min_length;
+ uint32_t pw_min_classes;
+ uint32_t pw_history_num;
+ uint32_t policy_refcnt;
} osa_policy_ent_rec, *osa_policy_ent_t;
typedef void (*osa_adb_iter_princ_func) (void *, osa_princ_ent_t);
@@ -115,6 +117,8 @@ typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
*/
bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp);
bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
+bool_t xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp);
+bool_t xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp);
/*
* Functions
@@ -122,6 +126,10 @@ bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfile, int magic);
osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfile, int magic);
+osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
+ char *fileto, char *lockto, int magic);
+osa_adb_ret_t osa_adb_rename_policy_db(kadm5_config_params *fromparams,
+ kadm5_config_params *toparams);
osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
char *lockfile, int magic);
osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic);
diff --git a/usr/src/lib/krb5/kadm5/adb_err.h b/usr/src/lib/krb5/kadm5/adb_err.h
index f8024341b0..602a124151 100644
--- a/usr/src/lib/krb5/kadm5/adb_err.h
+++ b/usr/src/lib/krb5/kadm5/adb_err.h
@@ -17,11 +17,8 @@
*
*/
+#include <com_err.h>
-/*
- * adb_err.h:
- * This file is automatically generated; please do not edit it.
- */
#define OSA_ADB_NOERR (28810240L)
#define OSA_ADB_DUP (28810241L)
#define OSA_ADB_NOENT (28810242L)
@@ -38,5 +35,16 @@
#define OSA_ADB_NOEXCL_PERM (28810253L)
#define ERROR_TABLE_BASE_adb (28810240L)
+extern const struct error_table et_adb_error_table;
+
+#if !defined(_WIN32)
/* for compatibility with older versions... */
+extern void initialize_adb_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_adb_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_adb_err_tbl initialize_adb_error_table
#define adb_err_base ERROR_TABLE_BASE_adb
+#endif
diff --git a/usr/src/lib/krb5/kadm5/admin.h b/usr/src/lib/krb5/kadm5/admin.h
index ce78ab0bb3..d4d98c66f9 100644
--- a/usr/src/lib/krb5/kadm5/admin.h
+++ b/usr/src/lib/krb5/kadm5/admin.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -28,12 +28,36 @@ extern "C" {
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
-
-
+/*
+ * lib/kadm5/admin.h
+ *
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.54 2004/08/21 02:31:09 tlyu Exp $
*/
#include <sys/types.h>
@@ -46,14 +70,14 @@ extern "C" {
#include <kadm5/adb_err.h>
#include <kadm5/chpass_util_strings.h>
-#define KADM5_ADMIN_SERVICE_P "kadmin@admin"
-#define KADM5_ADMIN_SERVICE "kadmin/admin"
-#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw"
-#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
-#define KADM5_HIST_PRINCIPAL "kadmin/history"
-#define KADM5_ADMIN_HOST_SERVICE "kadmin"
-#define KADM5_CHANGEPW_HOST_SERVICE "changepw"
-#define KADM5_KIPROP_HOST_SERVICE "kiprop"
+#define KADM5_ADMIN_SERVICE_P "kadmin@admin"
+#define KADM5_ADMIN_SERVICE "kadmin/admin"
+#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw"
+#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
+#define KADM5_HIST_PRINCIPAL "kadmin/history"
+#define KADM5_ADMIN_HOST_SERVICE "kadmin"
+#define KADM5_CHANGEPW_HOST_SERVICE "changepw"
+#define KADM5_KIPROP_HOST_SERVICE "kiprop"
typedef krb5_principal kadm5_princ_t;
typedef char *kadm5_policy_t;
@@ -61,51 +85,51 @@ typedef long kadm5_ret_t;
typedef int rpc_int32;
typedef unsigned int rpc_u_int32;
-#define KADM5_PW_FIRST_PROMPT \
- ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define KADM5_PW_SECOND_PROMPT \
- ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+#define KADM5_PW_FIRST_PROMPT \
+ (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define KADM5_PW_SECOND_PROMPT \
+ (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
- * Succsessfull return code
+ * Successful return code
*/
-#define KADM5_OK 0
+#define KADM5_OK 0
/*
* Field masks
*/
/* kadm5_principal_ent_t */
-#define KADM5_PRINCIPAL 0x000001
-#define KADM5_PRINC_EXPIRE_TIME 0x000002
-#define KADM5_PW_EXPIRATION 0x000004
-#define KADM5_LAST_PWD_CHANGE 0x000008
-#define KADM5_ATTRIBUTES 0x000010
-#define KADM5_MAX_LIFE 0x000020
-#define KADM5_MOD_TIME 0x000040
-#define KADM5_MOD_NAME 0x000080
-#define KADM5_KVNO 0x000100
-#define KADM5_MKVNO 0x000200
-#define KADM5_AUX_ATTRIBUTES 0x000400
-#define KADM5_POLICY 0x000800
-#define KADM5_POLICY_CLR 0x001000
+#define KADM5_PRINCIPAL 0x000001
+#define KADM5_PRINC_EXPIRE_TIME 0x000002
+#define KADM5_PW_EXPIRATION 0x000004
+#define KADM5_LAST_PWD_CHANGE 0x000008
+#define KADM5_ATTRIBUTES 0x000010
+#define KADM5_MAX_LIFE 0x000020
+#define KADM5_MOD_TIME 0x000040
+#define KADM5_MOD_NAME 0x000080
+#define KADM5_KVNO 0x000100
+#define KADM5_MKVNO 0x000200
+#define KADM5_AUX_ATTRIBUTES 0x000400
+#define KADM5_POLICY 0x000800
+#define KADM5_POLICY_CLR 0x001000
/* version 2 masks */
-#define KADM5_MAX_RLIFE 0x002000
-#define KADM5_LAST_SUCCESS 0x004000
-#define KADM5_LAST_FAILED 0x008000
-#define KADM5_FAIL_AUTH_COUNT 0x010000
-#define KADM5_KEY_DATA 0x020000
-#define KADM5_TL_DATA 0x040000
+#define KADM5_MAX_RLIFE 0x002000
+#define KADM5_LAST_SUCCESS 0x004000
+#define KADM5_LAST_FAILED 0x008000
+#define KADM5_FAIL_AUTH_COUNT 0x010000
+#define KADM5_KEY_DATA 0x020000
+#define KADM5_TL_DATA 0x040000
/* all but KEY_DATA and TL_DATA */
-#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
+#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
/* kadm5_policy_ent_t */
-#define KADM5_PW_MAX_LIFE 0x004000
-#define KADM5_PW_MIN_LIFE 0x008000
-#define KADM5_PW_MIN_LENGTH 0x010000
-#define KADM5_PW_MIN_CLASSES 0x020000
-#define KADM5_PW_HISTORY_NUM 0x040000
-#define KADM5_REF_COUNT 0x080000
+#define KADM5_PW_MAX_LIFE 0x004000
+#define KADM5_PW_MIN_LIFE 0x008000
+#define KADM5_PW_MIN_LENGTH 0x010000
+#define KADM5_PW_MIN_CLASSES 0x020000
+#define KADM5_PW_HISTORY_NUM 0x040000
+#define KADM5_REF_COUNT 0x080000
/* kadm5_config_params */
#define KADM5_CONFIG_REALM 0x0000001
@@ -150,23 +174,23 @@ typedef unsigned int rpc_u_int32;
/*
* permission bits
*/
-#define KADM5_PRIV_GET 0x01
-#define KADM5_PRIV_ADD 0x02
-#define KADM5_PRIV_MODIFY 0x04
-#define KADM5_PRIV_DELETE 0x08
+#define KADM5_PRIV_GET 0x01
+#define KADM5_PRIV_ADD 0x02
+#define KADM5_PRIV_MODIFY 0x04
+#define KADM5_PRIV_DELETE 0x08
/*
* API versioning constants
*/
-#define KADM5_MASK_BITS 0xffffff00
+#define KADM5_MASK_BITS 0xffffff00
-#define KADM5_STRUCT_VERSION_MASK 0x12345600
-#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
-#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
+#define KADM5_STRUCT_VERSION_MASK 0x12345600
+#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
+#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
-#define KADM5_API_VERSION_MASK 0x12345700
-#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
-#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
+#define KADM5_API_VERSION_MASK 0x12345700
+#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
+#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
#ifdef KRB5_DNS_LOOKUP
/*
@@ -192,12 +216,12 @@ typedef struct _kadm5_principal_ent_t_v2 {
/* version 2 fields */
krb5_deltat max_renewable_life;
- krb5_timestamp last_success;
- krb5_timestamp last_failed;
- krb5_kvno fail_auth_count;
+ krb5_timestamp last_success;
+ krb5_timestamp last_failed;
+ krb5_kvno fail_auth_count;
krb5_int16 n_key_data;
krb5_int16 n_tl_data;
- krb5_tl_data *tl_data;
+ krb5_tl_data *tl_data;
krb5_key_data *key_data;
} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
@@ -216,9 +240,13 @@ typedef struct _kadm5_principal_ent_t_v1 {
long aux_attributes;
} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
-
+#if USE_KADM5_API_VERSION == 1
+typedef struct _kadm5_principal_ent_t_v1
+ kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+#else
typedef struct _kadm5_principal_ent_t_v2
-kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+ kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+#endif
typedef struct _kadm5_policy_ent_t {
char *policy;
@@ -248,33 +276,37 @@ typedef enum {
* Data structure returned by kadm5_get_config_params()
*/
typedef struct _kadm5_config_params {
- long mask;
- char *realm;
- char *profile;
- int kadmind_port;
- char *admin_server;
- char *dbname;
- char *admin_dbname;
- char *admin_lockfile;
- char *admin_keytab;
- char *acl_file;
- char *dict_file;
- int mkey_from_kbd;
- char *stash_file;
- char *mkey_name;
- krb5_enctype enctype;
- krb5_deltat max_life;
- krb5_deltat max_rlife;
- krb5_timestamp expiration;
- krb5_flags flags;
- krb5_key_salt_tuple *keysalts;
- krb5_int32 num_keysalts;
- char *kpasswd_server;
- int kpasswd_port;
- krb5_chgpwd_prot kpasswd_protocol;
- bool_t iprop_enabled;
- int iprop_ulogsize;
- char *iprop_polltime;
+ long mask;
+ char * realm;
+ char * profile;
+ int kadmind_port;
+ int kpasswd_port;
+
+ char * admin_server;
+
+ char * dbname;
+ char * admin_dbname;
+ char * admin_lockfile;
+ char * admin_keytab;
+ char * acl_file;
+ char * dict_file;
+
+ int mkey_from_kbd;
+ char * stash_file;
+ char * mkey_name;
+ krb5_enctype enctype;
+ krb5_deltat max_life;
+ krb5_deltat max_rlife;
+ krb5_timestamp expiration;
+ krb5_flags flags;
+ krb5_key_salt_tuple *keysalts;
+ krb5_int32 num_keysalts;
+ char *kpasswd_server;
+
+ krb5_chgpwd_prot kpasswd_protocol;
+ bool_t iprop_enabled;
+ int iprop_ulogsize;
+ char *iprop_polltime;
} kadm5_config_params;
/***********************************************************************
@@ -287,13 +319,13 @@ typedef struct _kadm5_config_params {
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
- char *realm_profile;
- char *realm_dbname;
- char *realm_mkey_name;
- char *realm_stash_file;
- char *realm_kdc_ports;
- char *realm_kdc_tcp_ports;
- char *realm_acl_file;
+ char * realm_profile;
+ char * realm_dbname;
+ char * realm_mkey_name;
+ char * realm_stash_file;
+ char * realm_kdc_ports;
+ char * realm_kdc_tcp_ports;
+ char * realm_acl_file;
krb5_int32 realm_kadmind_port;
krb5_enctype realm_enctype;
krb5_deltat realm_max_life;
@@ -301,13 +333,14 @@ typedef struct __krb5_realm_params {
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
+ unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
- unsigned int realm_filler:7;
+ unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
@@ -315,52 +348,63 @@ typedef struct __krb5_realm_params {
* functions
*/
-
-kadm5_ret_t
-kadm5_get_master(krb5_context context, const char *realm, char **master);
-
kadm5_ret_t
kadm5_get_adm_host_srv_name(krb5_context context,
- const char *realm, char **host_service_name);
+ const char *realm, char **host_service_name);
kadm5_ret_t
kadm5_get_cpw_host_srv_name(krb5_context context,
- const char *realm, char **host_service_name);
+ const char *realm, char **host_service_name);
+#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
char *kdcprofile, char *kdcenv,
kadm5_config_params *params_in,
kadm5_config_params *params_out);
-/* SUNWresync121 XXX */
-krb5_error_code kadm5_free_config_params(krb5_context context,
- kadm5_config_params *params);
+krb5_error_code kadm5_free_config_params(krb5_context context,
+ kadm5_config_params *params);
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
kadm5_config_params *params);
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- void **server_handle);
+krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
+ char *, size_t);
+#endif
+kadm5_ret_t kadm5_init(char *client_name, char *pass,
+ char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
+ kadm5_config_params *params,
+#endif
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
kadm5_config_params *params,
+#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
kadm5_config_params *params,
+#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
-
+#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
@@ -368,6 +412,9 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
+#endif
+kadm5_ret_t kadm5_lock(void *server_handle);
+kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
kadm5_ret_t kadm5_destroy(void *server_handle);
kadm5_ret_t kadm5_create_principal(void *server_handle,
@@ -385,13 +432,17 @@ kadm5_ret_t kadm5_modify_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
- krb5_principal, krb5_principal);
-
+ krb5_principal,krb5_principal);
+#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_principal(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t ent,
- long mask);
-
+ krb5_principal principal,
+ kadm5_principal_ent_t *ent);
+#else
+kadm5_ret_t kadm5_get_principal(void *server_handle,
+ krb5_principal principal,
+ kadm5_principal_ent_t ent,
+ long mask);
+#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
@@ -401,6 +452,11 @@ kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
+#if USE_KADM5_API_VERSION == 1
+kadm5_ret_t kadm5_randkey_principal(void *server_handle,
+ krb5_principal principal,
+ krb5_keyblock **keyblock);
+#else
/*
* Solaris Kerberos:
@@ -415,7 +471,6 @@ kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblocks,
int *n_keys);
-
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
@@ -423,6 +478,7 @@ kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
+#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
@@ -440,6 +496,12 @@ kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
krb5_keyblock *keyblocks,
int n_keys);
+kadm5_ret_t kadm5_decrypt_key(void *server_handle,
+ kadm5_principal_ent_t entry, krb5_int32
+ ktype, krb5_int32 stype, krb5_int32
+ kvno, krb5_keyblock *keyblock,
+ krb5_keysalt *keysalt, int *kvnop);
+
kadm5_ret_t kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
@@ -466,20 +528,24 @@ kadm5_ret_t kadm5_modify_policy(void *server_handle,
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
-
+#if USE_KADM5_API_VERSION == 1
+kadm5_ret_t kadm5_get_policy(void *server_handle,
+ kadm5_policy_t policy,
+ kadm5_policy_ent_t *ent);
+#else
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
-
+#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
- long *privs);
+ long *privs);
kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len);
+ unsigned int msg_len);
kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
kadm5_principal_ent_t
@@ -495,14 +561,261 @@ kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
-
+#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
+#endif
+
+kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
+ int count);
+
+#if USE_KADM5_API_VERSION == 1
+/*
+ * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
+ * compatible with KADM5_API_VERSION_2. Basically, this means we have
+ * to continue to provide all the old ovsec_kadm function and symbol
+ * names.
+ */
+
+#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
+#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
-kadm5_ret_t kadm5_free_name_list(void *server_handle,
- char **names, int count);
+#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
+#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
+#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
+typedef krb5_principal ovsec_kadm_princ_t;
+typedef krb5_keyblock ovsec_kadm_keyblock;
+typedef char *ovsec_kadm_policy_t;
+typedef long ovsec_kadm_ret_t;
+
+enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
+enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
+
+#define OVSEC_KADM_PW_FIRST_PROMPT \
+ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define OVSEC_KADM_PW_SECOND_PROMPT \
+ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+
+/*
+ * Successful return code
+ */
+#define OVSEC_KADM_OK 0
+
+/*
+ * Create/Modify masks
+ */
+/* principal */
+#define OVSEC_KADM_PRINCIPAL 0x000001
+#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
+#define OVSEC_KADM_PW_EXPIRATION 0x000004
+#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
+#define OVSEC_KADM_ATTRIBUTES 0x000010
+#define OVSEC_KADM_MAX_LIFE 0x000020
+#define OVSEC_KADM_MOD_TIME 0x000040
+#define OVSEC_KADM_MOD_NAME 0x000080
+#define OVSEC_KADM_KVNO 0x000100
+#define OVSEC_KADM_MKVNO 0x000200
+#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
+#define OVSEC_KADM_POLICY 0x000800
+#define OVSEC_KADM_POLICY_CLR 0x001000
+/* policy */
+#define OVSEC_KADM_PW_MAX_LIFE 0x004000
+#define OVSEC_KADM_PW_MIN_LIFE 0x008000
+#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
+#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
+#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
+#define OVSEC_KADM_REF_COUNT 0x080000
+
+/*
+ * permission bits
+ */
+#define OVSEC_KADM_PRIV_GET 0x01
+#define OVSEC_KADM_PRIV_ADD 0x02
+#define OVSEC_KADM_PRIV_MODIFY 0x04
+#define OVSEC_KADM_PRIV_DELETE 0x08
+
+/*
+ * API versioning constants
+ */
+#define OVSEC_KADM_MASK_BITS 0xffffff00
+
+#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
+#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
+#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
+
+#define OVSEC_KADM_API_VERSION_MASK 0x12345700
+#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
+
+
+typedef struct _ovsec_kadm_principal_ent_t {
+ krb5_principal principal;
+ krb5_timestamp princ_expire_time;
+ krb5_timestamp last_pwd_change;
+ krb5_timestamp pw_expiration;
+ krb5_deltat max_life;
+ krb5_principal mod_name;
+ krb5_timestamp mod_date;
+ krb5_flags attributes;
+ krb5_kvno kvno;
+ krb5_kvno mkvno;
+ char *policy;
+ long aux_attributes;
+} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
+
+typedef struct _ovsec_kadm_policy_ent_t {
+ char *policy;
+ long pw_min_life;
+ long pw_max_life;
+ long pw_min_length;
+ long pw_min_classes;
+ long pw_history_num;
+ long policy_refcnt;
+} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
+
+/*
+ * functions
+ */
+ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
+ char *service_name, char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
+ char *pass,
+ char *service_name,
+ char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
+ char *keytab,
+ char *service_name,
+ char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
+ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
+ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
+ ovsec_kadm_principal_ent_t ent,
+ long mask, char *pass);
+ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
+ krb5_principal principal);
+ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
+ ovsec_kadm_principal_ent_t ent,
+ long mask);
+ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
+ krb5_principal,krb5_principal);
+ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
+ krb5_principal principal,
+ ovsec_kadm_principal_ent_t *ent);
+ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
+ krb5_principal principal,
+ char *pass);
+ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
+ krb5_principal principal,
+ krb5_keyblock **keyblock);
+ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
+ ovsec_kadm_policy_ent_t ent,
+ long mask);
+/*
+ * ovsec_kadm_create_policy_internal is not part of the supported,
+ * exposed API. It is available only in the server library, and you
+ * shouldn't use it unless you know why it's there and how it's
+ * different from ovsec_kadm_create_policy.
+ */
+ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
+ ovsec_kadm_policy_ent_t
+ entry, long mask);
+ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
+ ovsec_kadm_policy_t policy);
+ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
+ ovsec_kadm_policy_ent_t ent,
+ long mask);
+/*
+ * ovsec_kadm_modify_policy_internal is not part of the supported,
+ * exposed API. It is available only in the server library, and you
+ * shouldn't use it unless you know why it's there and how it's
+ * different from ovsec_kadm_modify_policy.
+ */
+ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
+ ovsec_kadm_policy_ent_t
+ entry, long mask);
+ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
+ ovsec_kadm_policy_t policy,
+ ovsec_kadm_policy_ent_t *ent);
+ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
+ long *privs);
+
+ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
+ krb5_principal princ,
+ char *new_pw,
+ char **ret_pw,
+ char *msg_ret);
+
+ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
+ ovsec_kadm_principal_ent_t
+ ent);
+ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
+ ovsec_kadm_policy_ent_t ent);
+
+ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
+ char **names, int count);
+
+ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
+ char *exp, char ***princs,
+ int *count);
+
+ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
+ char *exp, char ***pols,
+ int *count);
+
+#define OVSEC_KADM_FAILURE KADM5_FAILURE
+#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
+#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
+#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
+#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
+#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
+#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
+#define OVSEC_KADM_DUP KADM5_DUP
+#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
+#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
+#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
+#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
+#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
+#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
+#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
+#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
+#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
+#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
+#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
+#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
+#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
+#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
+#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
+#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
+#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
+#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
+#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
+#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
+#define OVSEC_KADM_INIT KADM5_INIT
+#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
+#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
+#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
+#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
+#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
+#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
+#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
+#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
+#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
+#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
+#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
+#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
+#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
+
+#endif /* USE_KADM5_API_VERSION == 1 */
krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle);
kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle,
diff --git a/usr/src/lib/krb5/kadm5/admin_internal.h b/usr/src/lib/krb5/kadm5/admin_internal.h
index f63f783e8a..60d55a52e8 100644
--- a/usr/src/lib/krb5/kadm5/admin_internal.h
+++ b/usr/src/lib/krb5/kadm5/admin_internal.h
@@ -21,7 +21,6 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_internal.h,v 1.13.18.1 2000/05/19 22:24:14 raeburn Exp $
*/
#ifndef __KADM5_ADMIN_INTERNAL_H__
@@ -82,18 +81,17 @@
*
* Got that?
*/
-int _kadm5_check_handle();
-
#define _KADM5_CHECK_HANDLE(handle) \
-{ int code; if ((code = _kadm5_check_handle((void *)handle))) return code; }
+{ int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;}
+int _kadm5_check_handle(void *handle);
kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
void *lhandle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len);
+ unsigned int msg_len);
/* this is needed by the alt_prof code I stole. The functions
maybe shouldn't be named krb5_*, but they are. */
diff --git a/usr/src/lib/krb5/kadm5/admin_xdr.h b/usr/src/lib/krb5/kadm5/admin_xdr.h
index b1ef2a11d9..8eff0ca9f1 100644
--- a/usr/src/lib/krb5/kadm5/admin_xdr.h
+++ b/usr/src/lib/krb5/kadm5/admin_xdr.h
@@ -21,65 +21,61 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_xdr.h,v 1.5 1996/07/22 20:35:33 marc Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_xdr.h,v 1.7 2001/07/25 19:02:29 epeisach Exp $
*
- * $Log: admin_xdr.h,v $
- * Revision 1.5 1996/07/22 20:35:33 marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches. This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964. before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.4.4.1 1996/07/18 03:08:25 marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.4.2.1 1996/06/20 02:16:37 marc
- * File added to the repository on a branch
- *
- * Revision 1.4 1996/05/30 16:36:34 bjaspan
- * finish updating to kadm5 naming (oops)
- *
- * Revision 1.3 1996/05/22 00:28:19 bjaspan
- * rename to kadm5
- *
- * Revision 1.2 1996/05/12 06:30:10 marc
- * - fixup includes and data types to match beta6
- *
- * Revision 1.1 1993/11/09 04:06:01 shanzer
- * Initial revision
- *
*/
#include <kadm5/admin.h>
#include "kadm_rpc.h"
+bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp);
bool_t xdr_nullstring(XDR *xdrs, char **objp);
+bool_t xdr_nulltype(XDR *xdrs, void **objp, xdrproc_t proc);
bool_t xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp);
bool_t xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp);
bool_t xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp);
bool_t xdr_krb5_flags(XDR *xdrs, krb5_flags *objp);
+bool_t xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp);
+bool_t xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp);
+bool_t xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp);
+bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp);
+bool_t xdr_krb5_key_salt_tuple(XDR *xdrs, krb5_key_salt_tuple *objp);
+bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head);
bool_t xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp);
+bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs, kadm5_principal_ent_rec *objp);
bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp);
bool_t xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp);
bool_t xdr_kadm5_policy_ent_t(XDR *xdrs, kadm5_policy_ent_t *objp);
bool_t xdr_kadm5_principal_ent_t(XDR *xdrs, kadm5_principal_ent_t *objp);
bool_t xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp);
+bool_t xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp);
+bool_t xdr_generic_ret(XDR *xdrs, generic_ret *objp);
bool_t xdr_dprinc_arg(XDR *xdrs, dprinc_arg *objp);
bool_t xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp);
bool_t xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp);
bool_t xdr_chpass_arg(XDR *xdrs, chpass_arg *objp);
+bool_t xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp);
+bool_t xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp);
+bool_t xdr_setkey_arg(XDR *xdrs, setkey_arg *objp);
+bool_t xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp);
bool_t xdr_chrand_arg(XDR *xdrs, chrand_arg *objp);
+bool_t xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp);
bool_t xdr_chrand_ret(XDR *xdrs, chrand_ret *objp);
bool_t xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp);
-bool_t xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp);
+bool_t xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp);
+bool_t xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp);
+bool_t xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp);
bool_t xdr_cpol_arg(XDR *xdrs, cpol_arg *objp);
bool_t xdr_dpol_arg(XDR *xdrs, dpol_arg *objp);
bool_t xdr_mpol_arg(XDR *xdrs, mpol_arg *objp);
bool_t xdr_gpol_arg(XDR *xdrs, gpol_arg *objp);
bool_t xdr_gpol_ret(XDR *xdrs, gpol_ret *objp);
+bool_t xdr_gpols_arg(XDR *xdrs, gpols_arg *objp);
+bool_t xdr_gpols_ret(XDR *xdrs, gpols_ret *objp);
+bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp);
bool_t xdr_krb5_principal(XDR *xdrs, krb5_principal *objp);
bool_t xdr_krb5_octet(XDR *xdrs, krb5_octet *objp);
bool_t xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp);
bool_t xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp);
+bool_t xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp);
bool_t xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp);
diff --git a/usr/src/lib/krb5/kadm5/alt_prof.c b/usr/src/lib/krb5/kadm5/alt_prof.c
index 5c465f4702..b3ea033280 100644
--- a/usr/src/lib/krb5/kadm5/alt_prof.c
+++ b/usr/src/lib/krb5/kadm5/alt_prof.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,7 +26,7 @@
/*
* lib/kadm/alt_prof.c
*
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995,2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -41,7 +41,10 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
@@ -69,6 +72,20 @@ krb5_error_code kadm5_free_config_params();
"des-cbc-md5:normal " \
"des-cbc-crc:normal"
+static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len)
+krb5_key_salt_tuple *ksalt;
+krb5_int32 len;
+{
+ krb5_key_salt_tuple *knew;
+
+ if((knew = (krb5_key_salt_tuple *)
+ malloc((len ) * sizeof(krb5_key_salt_tuple)))) {
+ memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
+ return knew;
+ }
+ return 0;
+}
+
/*
* krb5_aprof_init() - Initialize alternate profile context.
*
@@ -82,36 +99,36 @@ krb5_error_code kadm5_free_config_params();
*/
krb5_error_code
krb5_aprof_init(fname, envname, acontextp)
-char *fname;
-char *envname;
-krb5_pointer *acontextp;
+ char *fname;
+ char *envname;
+ krb5_pointer *acontextp;
{
- krb5_error_code kret;
- const char *namelist[2];
- profile_t profile;
-
- namelist[1] = (char *)NULL;
- profile = (profile_t)NULL;
- if (envname) {
- if ((namelist[0] = getenv(envname))) {
- kret = profile_init(namelist, &profile);
- if (kret)
- return (kret);
- *acontextp = (krb5_pointer) profile;
- return (0);
- }
- }
- profile = (profile_t)NULL;
- if (fname) {
- kret = profile_init_path(fname, &profile);
- if (kret == ENOENT) {
- profile = 0;
- } else if (kret)
- return (kret);
- *acontextp = (krb5_pointer) profile;
- return (0);
+ krb5_error_code kret;
+ const_profile_filespec_t namelist[2];
+ profile_t profile;
+
+ namelist[1] = (profile_filespec_t) NULL;
+ profile = (profile_t) NULL;
+ if (envname) {
+ if ((namelist[0] = getenv(envname))) {
+ kret = profile_init(namelist, &profile);
+ if (kret)
+ return kret;
+ *acontextp = (krb5_pointer) profile;
+ return 0;
}
- return (0);
+ }
+ profile = (profile_t) NULL;
+ if (fname) {
+ kret = profile_init_path(fname, &profile);
+ if (kret == ENOENT) {
+ profile = 0;
+ } else if (kret)
+ return kret;
+ *acontextp = (krb5_pointer) profile;
+ return 0;
+ }
+ return 0;
}
/*
@@ -127,13 +144,71 @@ krb5_pointer *acontextp;
*/
krb5_error_code
krb5_aprof_getvals(acontext, hierarchy, retdata)
-krb5_pointer acontext;
-const char **hierarchy;
-char ***retdata;
+ krb5_pointer acontext;
+ const char **hierarchy;
+ char ***retdata;
{
- return (profile_get_values((profile_t)acontext,
- hierarchy,
- retdata));
+ return(profile_get_values((profile_t) acontext,
+ hierarchy,
+ retdata));
+}
+
+/*
+ * krb5_aprof_get_boolean()
+ *
+ * Parameters:
+ * acontext - opaque context for alternate profile
+ * hierarchy - hierarchy of value to retrieve
+ * retdata - Returned data value
+ * Returns:
+ * error codes
+ */
+
+static krb5_error_code
+string_to_boolean (const char *string, krb5_boolean *out)
+{
+ static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" };
+ static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" };
+ int i;
+
+ for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++)
+ if (!strcasecmp(string, yes[i])) {
+ *out = 1;
+ return 0;
+ }
+ for (i = 0; i < sizeof(no)/sizeof(no[0]); i++)
+ if (!strcasecmp(string, no[i])) {
+ *out = 0;
+ return 0;
+ }
+ return PROF_BAD_BOOLEAN;
+}
+
+krb5_error_code
+krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy,
+ int uselast, krb5_boolean *retdata)
+{
+ krb5_error_code kret;
+ char **values;
+ char *valp;
+ int idx;
+ krb5_boolean val;
+
+ kret = krb5_aprof_getvals (acontext, hierarchy, &values);
+ if (kret)
+ return kret;
+ idx = 0;
+ if (uselast) {
+ while (values[idx])
+ idx++;
+ idx--;
+ }
+ valp = values[idx];
+ kret = string_to_boolean (valp, &val);
+ if (kret)
+ return kret;
+ *retdata = val;
+ return 0;
}
/*
@@ -153,31 +228,31 @@ char ***retdata;
*/
krb5_error_code
krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp)
-krb5_pointer acontext;
-const char **hierarchy;
-krb5_boolean uselast;
-krb5_deltat *deltatp;
+ krb5_pointer acontext;
+ const char **hierarchy;
+ krb5_boolean uselast;
+ krb5_deltat *deltatp;
{
- krb5_error_code kret;
- char **values;
- char *valp;
- int index;
-
- if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
- index = 0;
- if (uselast) {
- for (index = 0; values[index]; index++);
- index--;
- }
- valp = values[index];
- kret = krb5_string_to_deltat(valp, deltatp);
-
- /* Free the string storage */
- for (index = 0; values[index]; index++)
- krb5_xfree(values[index]);
- krb5_xfree(values);
+ krb5_error_code kret;
+ char **values;
+ char *valp;
+ int idx;
+
+ if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
+ idx = 0;
+ if (uselast) {
+ for (idx=0; values[idx]; idx++);
+ idx--;
}
- return (kret);
+ valp = values[idx];
+ kret = krb5_string_to_deltat(valp, deltatp);
+
+ /* Free the string storage */
+ for (idx=0; values[idx]; idx++)
+ krb5_xfree(values[idx]);
+ krb5_xfree(values);
+ }
+ return(kret);
}
/*
@@ -196,31 +271,31 @@ krb5_deltat *deltatp;
*/
krb5_error_code
krb5_aprof_get_string(acontext, hierarchy, uselast, stringp)
-krb5_pointer acontext;
-const char **hierarchy;
-krb5_boolean uselast;
-char **stringp;
+ krb5_pointer acontext;
+ const char **hierarchy;
+ krb5_boolean uselast;
+ char **stringp;
{
- krb5_error_code kret;
- char **values;
- int index, i;
-
- if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
- index = 0;
- if (uselast) {
- for (index = 0; values[index]; index++);
- index--;
- }
+ krb5_error_code kret;
+ char **values;
+ int idx, i;
+
+ if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
+ idx = 0;
+ if (uselast) {
+ for (idx=0; values[idx]; idx++);
+ idx--;
+ }
- *stringp = values[index];
+ *stringp = values[idx];
- /* Free the string storage */
- for (i = 0; values[i]; i++)
- if (i != index)
- krb5_xfree(values[i]);
- krb5_xfree(values);
- }
- return (kret);
+ /* Free the string storage */
+ for (i=0; values[i]; i++)
+ if (i != idx)
+ krb5_xfree(values[i]);
+ krb5_xfree(values);
+ }
+ return(kret);
}
/*
@@ -240,31 +315,31 @@ char **stringp;
*/
krb5_error_code
krb5_aprof_get_int32(acontext, hierarchy, uselast, intp)
-krb5_pointer acontext;
-const char **hierarchy;
-krb5_boolean uselast;
-krb5_int32 *intp;
+ krb5_pointer acontext;
+ const char **hierarchy;
+ krb5_boolean uselast;
+ krb5_int32 *intp;
{
- krb5_error_code kret;
- char **values;
- int index;
-
- if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
- index = 0;
- if (uselast) {
- for (index = 0; values[index]; index++);
- index--;
- }
+ krb5_error_code kret;
+ char **values;
+ int idx;
+
+ if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
+ idx = 0;
+ if (uselast) {
+ for (idx=0; values[idx]; idx++);
+ idx--;
+ }
- if (sscanf(values[index], "%d", intp) != 1)
- kret = EINVAL;
+ if (sscanf(values[idx], "%d", intp) != 1)
+ kret = EINVAL;
- /* Free the string storage */
- for (index = 0; values[index]; index++)
- krb5_xfree(values[index]);
- krb5_xfree(values);
- }
- return (kret);
+ /* Free the string storage */
+ for (idx=0; values[idx]; idx++)
+ krb5_xfree(values[idx]);
+ krb5_xfree(values);
+ }
+ return(kret);
}
/*
@@ -278,10 +353,10 @@ krb5_int32 *intp;
*/
krb5_error_code
krb5_aprof_finish(acontext)
-krb5_pointer acontext;
+ krb5_pointer acontext;
{
- profile_release(acontext);
- return (0);
+ profile_release(acontext);
+ return(0);
}
/*
@@ -292,13 +367,13 @@ krb5_pointer acontext;
*
* Arguments:
*
- * context(r) krb5_context to use
- * profile(r) profile file to use
- * envname(r) envname that contains a profile name to
+ * context (r) krb5_context to use
+ * profile (r) profile file to use
+ * envname (r) envname that contains a profile name to
* override profile
- * params_in(r) params structure containing user-supplied
+ * params_in (r) params structure containing user-supplied
* values, or NULL
- * params_out(w) params structure to be filled in
+ * params_out (w) params structure to be filled in
*
* Effects:
*
@@ -314,21 +389,21 @@ krb5_pointer acontext;
*/
krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
params_in, params_out)
-krb5_context context;
-char *kdcprofile;
-char *kdcenv;
-kadm5_config_params *params_in, *params_out;
+ krb5_context context;
+ char *kdcprofile;
+ char *kdcenv;
+ kadm5_config_params *params_in, *params_out;
{
- char *filename;
- char *envname;
- char *lrealm;
- krb5_pointer aprofile = 0;
- const char *hierarchy[4];
- char *svalue;
- krb5_int32 ivalue;
- kadm5_config_params params, empty_params;
-
- krb5_error_code kret = 0;
+ char *filename;
+ char *envname;
+ char *lrealm;
+ krb5_pointer aprofile = 0;
+ const char *hierarchy[4];
+ char *svalue;
+ krb5_int32 ivalue;
+ kadm5_config_params params, empty_params;
+
+ krb5_error_code kret = 0;
krb5_error_code dnsret = 1;
#ifdef KRB5_DNS_LOOKUP
@@ -337,47 +412,47 @@ kadm5_config_params *params_in, *params_out;
krb5_data dns_realm;
#endif /* KRB5_DNS_LOOKUP */
- memset((char *)&params, 0, sizeof (params));
- memset((char *)&empty_params, 0, sizeof (empty_params));
-
- if (params_in == NULL) params_in = &empty_params;
-
- if (params_in->mask & KADM5_CONFIG_REALM) {
- lrealm = params.realm = strdup(params_in->realm);
- if (params.realm)
- params.mask |= KADM5_CONFIG_REALM;
- } else {
- kret = krb5_get_default_realm(context, &lrealm);
- if (kret)
- goto cleanup;
- params.realm = lrealm;
- params.mask |= KADM5_CONFIG_REALM;
- }
- if (params_in->mask & KADM5_CONFIG_PROFILE) {
- filename = params.profile = strdup(params_in->profile);
- if (params.profile)
- params.mask |= KADM5_CONFIG_PROFILE;
- envname = NULL;
- } else {
- /*
- * XXX These defaults should to work on both client and
- * server. kadm5_get_config_params can be implemented as a
- * wrapper function in each library that provides correct
- * defaults for NULL values.
- */
- filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
- envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
- if (context->profile_secure == TRUE) envname = 0;
- }
-
- kret = krb5_aprof_init(filename, envname, &aprofile);
- if (kret)
- goto cleanup;
-
- /* Initialize realm parameters */
- hierarchy[0] = "realms";
- hierarchy[1] = lrealm;
- hierarchy[3] = (char *)NULL;
+ memset((char *) &params, 0, sizeof(params));
+ memset((char *) &empty_params, 0, sizeof(empty_params));
+
+ if (params_in == NULL) params_in = &empty_params;
+
+ if (params_in->mask & KADM5_CONFIG_REALM) {
+ lrealm = params.realm = strdup(params_in->realm);
+ if (params.realm)
+ params.mask |= KADM5_CONFIG_REALM;
+ } else {
+ kret = krb5_get_default_realm(context, &lrealm);
+ if (kret)
+ goto cleanup;
+ params.realm = lrealm;
+ params.mask |= KADM5_CONFIG_REALM;
+ }
+ if (params_in->mask & KADM5_CONFIG_PROFILE) {
+ filename = params.profile = strdup(params_in->profile);
+ if (params.profile)
+ params.mask |= KADM5_CONFIG_PROFILE;
+ envname = NULL;
+ } else {
+ /*
+ * XXX These defaults should to work on both client and
+ * server. kadm5_get_config_params can be implemented as a
+ * wrapper function in each library that provides correct
+ * defaults for NULL values.
+ */
+ filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
+ envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
+ if (context->profile_secure == TRUE) envname = 0;
+ }
+
+ kret = krb5_aprof_init(filename, envname, &aprofile);
+ if (kret)
+ goto cleanup;
+
+ /* Initialize realm parameters */
+ hierarchy[0] = "realms";
+ hierarchy[1] = lrealm;
+ hierarchy[3] = (char *) NULL;
#ifdef KRB5_DNS_LOOKUP
/*
@@ -388,17 +463,17 @@ kadm5_config_params *params_in, *params_out;
dns_realm.magic = 0;
#endif /* KRB5_DNS_LOOKUP */
- /* Get the value for the admin server */
- hierarchy[2] = "admin_server";
- if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) {
- params.admin_server = strdup(params_in->admin_server);
- if (params.admin_server)
- params.mask |= KADM5_CONFIG_ADMIN_SERVER;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.admin_server = svalue;
- params.mask |= KADM5_CONFIG_ADMIN_SERVER;
- }
+ /* Get the value for the admin server */
+ hierarchy[2] = "admin_server";
+ if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) {
+ params.admin_server = strdup(params_in->admin_server);
+ if (params.admin_server)
+ params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.admin_server = svalue;
+ params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ }
#ifdef KRB5_DNS_LOOKUP
else if (strcmp(envname, "KRB5_CONFIG") == 0) {
/*
@@ -421,167 +496,182 @@ kadm5_config_params *params_in, *params_out;
}
#endif /* KRB5_DNS_LOOKUP */
- if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) {
- char *p;
- if (p = strchr(params.admin_server, ':')) {
- params.kadmind_port = atoi(p+1);
- params.mask |= KADM5_CONFIG_KADMIND_PORT;
- *p = '\0';
- }
- }
-
- /* Get the value for the database */
- hierarchy[2] = "database_name";
- if (params_in->mask & KADM5_CONFIG_DBNAME) {
- params.dbname = strdup(params_in->dbname);
- if (params.dbname)
- params.mask |= KADM5_CONFIG_DBNAME;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.dbname = svalue;
- params.mask |= KADM5_CONFIG_DBNAME;
- } else {
- params.dbname = strdup(DEFAULT_KDB_FILE);
- if (params.dbname)
- params.mask |= KADM5_CONFIG_DBNAME;
- }
-
- /*
- * admin database name and lockfile are now always derived from dbname
- */
- if (params.mask & KADM5_CONFIG_DBNAME) {
- params.admin_dbname = (char *)malloc(strlen(params.dbname)
- + 7);
- if (params.admin_dbname) {
- sprintf(params.admin_dbname, "%s.kadm5",
- params.dbname);
- params.mask |= KADM5_CONFIG_ADBNAME;
- }
- }
-
- if (params.mask & KADM5_CONFIG_ADBNAME) {
- params.admin_lockfile =
- (char *)malloc(strlen(params.admin_dbname)+ 6);
- if (params.admin_lockfile) {
- sprintf(params.admin_lockfile, "%s.lock",
- params.admin_dbname);
- params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
- }
- }
-
- /* Get the value for the admin(policy) database lock file */
- hierarchy[2] = "admin_keytab";
- if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) {
- params.admin_keytab = strdup(params_in->admin_keytab);
- if (params.admin_keytab)
- params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
- params.admin_keytab = svalue;
- } else if (params.admin_keytab = (char *)getenv("KRB5_KTNAME")) {
- params.admin_keytab = strdup(params.admin_keytab);
- if (params.admin_keytab)
- params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
- } else {
- params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB);
- if (params.admin_keytab)
- params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
- }
-
- /* Get the name of the acl file */
- hierarchy[2] = "acl_file";
- if (params_in->mask & KADM5_CONFIG_ACL_FILE) {
- params.acl_file = strdup(params_in->acl_file);
- if (params.acl_file)
- params.mask |= KADM5_CONFIG_ACL_FILE;
+ if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) {
+ char *p;
+ p = strchr(params.admin_server, ':');
+ if (p) {
+ params.kadmind_port = atoi(p+1);
+ params.mask |= KADM5_CONFIG_KADMIND_PORT;
+ *p = '\0';
+ }
+ }
+
+ /* Get the value for the database */
+ hierarchy[2] = "database_name";
+ if (params_in->mask & KADM5_CONFIG_DBNAME) {
+ params.dbname = strdup(params_in->dbname);
+ if (params.dbname)
+ params.mask |= KADM5_CONFIG_DBNAME;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.dbname = svalue;
+ params.mask |= KADM5_CONFIG_DBNAME;
+ } else {
+ params.dbname = strdup(DEFAULT_KDB_FILE);
+ if (params.dbname)
+ params.mask |= KADM5_CONFIG_DBNAME;
+ }
+
+ /*
+ * admin database name and lockfile are now always derived from dbname
+ */
+ if (params.mask & KADM5_CONFIG_DBNAME) {
+ params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7);
+ if (params.admin_dbname) {
+ sprintf(params.admin_dbname, "%s.kadm5", params.dbname);
+ params.mask |= KADM5_CONFIG_ADBNAME;
+ }
+ }
+
+ if (params.mask & KADM5_CONFIG_ADBNAME) {
+ params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname)
+ + 6);
+ if (params.admin_lockfile) {
+ sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname);
+ params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
+ }
+ }
+
+ /* Get the value for the admin (policy) database lock file*/
+ hierarchy[2] = "admin_keytab";
+ if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) {
+ params.admin_keytab = strdup(params_in->admin_keytab);
+ if (params.admin_keytab)
+ params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+ params.admin_keytab = svalue;
+ } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) {
+ params.admin_keytab = strdup(params.admin_keytab);
+ if (params.admin_keytab)
+ params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+ } else {
+ params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB);
+ if (params.admin_keytab)
+ params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+ }
+
+ /* Get the name of the acl file */
+ hierarchy[2] = "acl_file";
+ if (params_in->mask & KADM5_CONFIG_ACL_FILE) {
+ params.acl_file = strdup(params_in->acl_file);
+ if (params.acl_file)
+ params.mask |= KADM5_CONFIG_ACL_FILE;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.mask |= KADM5_CONFIG_ACL_FILE;
+ params.acl_file = svalue;
+ } else {
+ params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE);
+ if (params.acl_file)
+ params.mask |= KADM5_CONFIG_ACL_FILE;
+ }
+
+ /* Get the name of the dict file */
+ hierarchy[2] = "dict_file";
+ if (params_in->mask & KADM5_CONFIG_DICT_FILE) {
+ params.dict_file = strdup(params_in->dict_file);
+ if (params.dict_file)
+ params.mask |= KADM5_CONFIG_DICT_FILE;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.mask |= KADM5_CONFIG_DICT_FILE;
+ params.dict_file = svalue;
+ }
+
+ /* Get the value for the kadmind port */
+ if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) {
+ hierarchy[2] = "kadmind_port";
+ if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) {
+ params.mask |= KADM5_CONFIG_KADMIND_PORT;
+ params.kadmind_port = params_in->kadmind_port;
+ } else if (aprofile &&
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
+ &ivalue)) {
+ params.kadmind_port = ivalue;
+ params.mask |= KADM5_CONFIG_KADMIND_PORT;
+ } else {
+ params.kadmind_port = DEFAULT_KADM5_PORT;
+ params.mask |= KADM5_CONFIG_KADMIND_PORT;
+ }
+ }
+
+ /* Get the value for the kpasswd port */
+ if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) {
+ hierarchy[2] = "kpasswd_port";
+ if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) {
+ params.mask |= KADM5_CONFIG_KPASSWD_PORT;
+ params.kpasswd_port = params_in->kpasswd_port;
} else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.mask |= KADM5_CONFIG_ACL_FILE;
- params.acl_file = svalue;
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
+ &ivalue)) {
+ params.kpasswd_port = ivalue;
+ params.mask |= KADM5_CONFIG_KPASSWD_PORT;
} else {
- params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE);
- if (params.acl_file)
- params.mask |= KADM5_CONFIG_ACL_FILE;
- }
-
- /* Get the name of the dict file */
- hierarchy[2] = "dict_file";
- if (params_in->mask & KADM5_CONFIG_DICT_FILE) {
- params.dict_file = strdup(params_in->dict_file);
- if (params.dict_file)
- params.mask |= KADM5_CONFIG_DICT_FILE;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.mask |= KADM5_CONFIG_DICT_FILE;
- params.dict_file = svalue;
- }
-
- /* Get the value for the kadmind port */
- if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) {
- hierarchy[2] = "kadmind_port";
- if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) {
- params.mask |= KADM5_CONFIG_KADMIND_PORT;
- params.kadmind_port = params_in->kadmind_port;
- } else if (aprofile &&
- !krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
- &ivalue)) {
- params.kadmind_port = ivalue;
- params.mask |= KADM5_CONFIG_KADMIND_PORT;
- } else {
- params.kadmind_port = DEFAULT_KADM5_PORT;
- params.mask |= KADM5_CONFIG_KADMIND_PORT;
- }
- }
-
- /* Get the value for the master key name */
- hierarchy[2] = "master_key_name";
- if (params_in->mask & KADM5_CONFIG_MKEY_NAME) {
- params.mkey_name = strdup(params_in->mkey_name);
- if (params.mkey_name)
- params.mask |= KADM5_CONFIG_MKEY_NAME;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.mask |= KADM5_CONFIG_MKEY_NAME;
- params.mkey_name = svalue;
+ params.kpasswd_port = DEFAULT_KPASSWD_PORT;
+ params.mask |= KADM5_CONFIG_KPASSWD_PORT;
}
-
- /* Get the value for the master key type */
- hierarchy[2] = "master_key_type";
- if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
- params.mask |= KADM5_CONFIG_ENCTYPE;
- params.enctype = params_in->enctype;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- if (!krb5_string_to_enctype(svalue, &params.enctype)) {
- params.mask |= KADM5_CONFIG_ENCTYPE;
- krb5_xfree(svalue);
- }
- } else {
- params.mask |= KADM5_CONFIG_ENCTYPE;
- params.enctype = DEFAULT_KDC_ENCTYPE;
- }
-
- /* Get the value for mkey_from_kbd */
- if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
- params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
- params.mkey_from_kbd = params_in->mkey_from_kbd;
- }
-
- /* Get the value for the stashfile */
- hierarchy[2] = "key_stash_file";
- if (params_in->mask & KADM5_CONFIG_STASH_FILE) {
- params.stash_file = strdup(params_in->stash_file);
- if (params.stash_file)
- params.mask |= KADM5_CONFIG_STASH_FILE;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- params.mask |= KADM5_CONFIG_STASH_FILE;
- params.stash_file = svalue;
- }
-
- /*
- * Get the value for maximum ticket lifetime.
+ }
+
+ /* Get the value for the master key name */
+ hierarchy[2] = "master_key_name";
+ if (params_in->mask & KADM5_CONFIG_MKEY_NAME) {
+ params.mkey_name = strdup(params_in->mkey_name);
+ if (params.mkey_name)
+ params.mask |= KADM5_CONFIG_MKEY_NAME;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.mask |= KADM5_CONFIG_MKEY_NAME;
+ params.mkey_name = svalue;
+ }
+
+ /* Get the value for the master key type */
+ hierarchy[2] = "master_key_type";
+ if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
+ params.mask |= KADM5_CONFIG_ENCTYPE;
+ params.enctype = params_in->enctype;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ if (!krb5_string_to_enctype(svalue, &params.enctype)) {
+ params.mask |= KADM5_CONFIG_ENCTYPE;
+ krb5_xfree(svalue);
+ }
+ } else {
+ params.mask |= KADM5_CONFIG_ENCTYPE;
+ params.enctype = DEFAULT_KDC_ENCTYPE;
+ }
+
+ /* Get the value for mkey_from_kbd */
+ if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
+ params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+ params.mkey_from_kbd = params_in->mkey_from_kbd;
+ }
+
+ /* Get the value for the stashfile */
+ hierarchy[2] = "key_stash_file";
+ if (params_in->mask & KADM5_CONFIG_STASH_FILE) {
+ params.stash_file = strdup(params_in->stash_file);
+ if (params.stash_file)
+ params.mask |= KADM5_CONFIG_STASH_FILE;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ params.mask |= KADM5_CONFIG_STASH_FILE;
+ params.stash_file = svalue;
+ }
+
+ /*
+ * Get the value for maximum ticket lifetime.
* See SEAM documentation or the Bug ID 4184504
* We have changed the logic so that the entries are
* created in the database with the maximum duration
@@ -589,86 +679,86 @@ kadm5_config_params *params_in, *params_out;
* However this wil get negotiated down when
* as or tgs request is processed by KDC.
*/
- hierarchy[2] = "max_life";
- if (params_in->mask & KADM5_CONFIG_MAX_LIFE) {
- params.mask |= KADM5_CONFIG_MAX_LIFE;
- params.max_life = params_in->max_life;
- } else {
- params.mask |= KADM5_CONFIG_MAX_LIFE;
- params.max_life = KRB5_INT32_MAX;
- }
-
- /* Get the value for maximum renewable ticket lifetime. */
- hierarchy[2] = "max_renewable_life";
- if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) {
- params.mask |= KADM5_CONFIG_MAX_RLIFE;
- params.max_rlife = params_in->max_rlife;
- } else {
- params.mask |= KADM5_CONFIG_MAX_RLIFE;
- params.max_rlife = KRB5_INT32_MAX;
- }
-
- /* Get the value for the default principal expiration */
- hierarchy[2] = "default_principal_expiration";
- if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
- params.mask |= KADM5_CONFIG_EXPIRATION;
- params.expiration = params_in->expiration;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- if (!krb5_string_to_timestamp(svalue, &params.expiration)) {
- params.mask |= KADM5_CONFIG_EXPIRATION;
- krb5_xfree(svalue);
- }
- } else {
- params.mask |= KADM5_CONFIG_EXPIRATION;
- params.expiration = 0;
- }
-
- /* Get the value for the default principal flags */
- hierarchy[2] = "default_principal_flags";
- if (params_in->mask & KADM5_CONFIG_FLAGS) {
- params.mask |= KADM5_CONFIG_FLAGS;
- params.flags = params_in->flags;
- } else if (aprofile &&
- !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- char *sp, *ep, *tp;
-
- sp = svalue;
- params.flags = 0;
- while (sp) {
- if ((ep = strchr(sp, (int)',')) ||
- (ep = strchr(sp, (int)' ')) ||
- (ep = strchr(sp, (int)'\t'))) {
- /* Fill in trailing whitespace of sp */
- tp = ep - 1;
- while (isspace(*tp) && (tp < sp)) {
- *tp = '\0';
- tp--;
- }
- *ep = '\0';
- ep++;
- /* Skip over trailing whitespace of ep */
- while (isspace(*ep) && (*ep)) ep++;
- }
- /* Convert this flag */
- if (krb5_string_to_flags(sp,
- "+",
- "-",
- &params.flags))
- break;
- sp = ep;
- }
- if (!sp)
- params.mask |= KADM5_CONFIG_FLAGS;
- krb5_xfree(svalue);
- } else {
- params.mask |= KADM5_CONFIG_FLAGS;
- params.flags = KRB5_KDB_DEF_FLAGS;
- }
-
- /* Get the value for the supported enctype/salttype matrix */
- hierarchy[2] = "supported_enctypes";
- if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
+ hierarchy[2] = "max_life";
+ if (params_in->mask & KADM5_CONFIG_MAX_LIFE) {
+ params.mask |= KADM5_CONFIG_MAX_LIFE;
+ params.max_life = params_in->max_life;
+ } else {
+ params.max_life = KRB5_INT32_MAX;
+ params.mask |= KADM5_CONFIG_MAX_LIFE;
+ }
+
+ /* Get the value for maximum renewable ticket lifetime. */
+ hierarchy[2] = "max_renewable_life";
+ if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) {
+ params.mask |= KADM5_CONFIG_MAX_RLIFE;
+ params.max_rlife = params_in->max_rlife;
+ } else {
+ params.max_rlife = KRB5_INT32_MAX;
+ params.mask |= KADM5_CONFIG_MAX_RLIFE;
+ }
+
+ /* Get the value for the default principal expiration */
+ hierarchy[2] = "default_principal_expiration";
+ if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
+ params.mask |= KADM5_CONFIG_EXPIRATION;
+ params.expiration = params_in->expiration;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ if (!krb5_string_to_timestamp(svalue, &params.expiration)) {
+ params.mask |= KADM5_CONFIG_EXPIRATION;
+ krb5_xfree(svalue);
+ }
+ } else {
+ params.mask |= KADM5_CONFIG_EXPIRATION;
+ params.expiration = 0;
+ }
+
+ /* Get the value for the default principal flags */
+ hierarchy[2] = "default_principal_flags";
+ if (params_in->mask & KADM5_CONFIG_FLAGS) {
+ params.mask |= KADM5_CONFIG_FLAGS;
+ params.flags = params_in->flags;
+ } else if (aprofile &&
+ !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ char *sp, *ep, *tp;
+
+ sp = svalue;
+ params.flags = 0;
+ while (sp) {
+ if ((ep = strchr(sp, (int) ',')) ||
+ (ep = strchr(sp, (int) ' ')) ||
+ (ep = strchr(sp, (int) '\t'))) {
+ /* Fill in trailing whitespace of sp */
+ tp = ep - 1;
+ while (isspace((int) *tp) && (tp > sp)) {
+ *tp = '\0';
+ tp--;
+ }
+ *ep = '\0';
+ ep++;
+ /* Skip over trailing whitespace of ep */
+ while (isspace((int) *ep) && (*ep)) ep++;
+ }
+ /* Convert this flag */
+ if (krb5_string_to_flags(sp,
+ "+",
+ "-",
+ &params.flags))
+ break;
+ sp = ep;
+ }
+ if (!sp)
+ params.mask |= KADM5_CONFIG_FLAGS;
+ krb5_xfree(svalue);
+ } else {
+ params.mask |= KADM5_CONFIG_FLAGS;
+ params.flags = KRB5_KDB_DEF_FLAGS;
+ }
+
+ /* Get the value for the supported enctype/salttype matrix */
+ hierarchy[2] = "supported_enctypes";
+ if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
params.mask |= KADM5_CONFIG_ENCTYPES;
if (params_in->num_keysalts > 0) {
params.keysalts = malloc(params_in->num_keysalts *
@@ -680,30 +770,29 @@ kadm5_config_params *params_in, *params_out;
(void) memcpy(params.keysalts, params_in->keysalts,
(params_in->num_keysalts *
sizeof (*params.keysalts)));
- params.num_keysalts = params_in->num_keysalts;
- }
- } else {
- svalue = NULL;
- if (aprofile)
- krb5_aprof_get_string(aprofile, hierarchy,
- TRUE, &svalue);
- if (svalue == NULL)
- svalue = strdup(DEFAULT_ENCTYPE_LIST);
-
- params.keysalts = NULL;
- params.num_keysalts = 0;
- krb5_string_to_keysalts(svalue,
- ", \t", /* Tuple separators */
- ":.-", /* Key/salt separators */
- 0, /* No duplicates */
- &params.keysalts,
- &params.num_keysalts);
- if (params.num_keysalts)
- params.mask |= KADM5_CONFIG_ENCTYPES;
-
- if (svalue)
- krb5_xfree(svalue);
- }
+ params.num_keysalts = params_in->num_keysalts;
+ }
+ } else {
+ svalue = NULL;
+ if (aprofile)
+ krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
+ if (svalue == NULL)
+ svalue = strdup(DEFAULT_ENCTYPE_LIST);
+
+ params.keysalts = NULL;
+ params.num_keysalts = 0;
+ krb5_string_to_keysalts(svalue,
+ ", \t",/* Tuple separators */
+ ":.-", /* Key/salt separators */
+ 0, /* No duplicates */
+ &params.keysalts,
+ &params.num_keysalts);
+ if (params.num_keysalts)
+ params.mask |= KADM5_CONFIG_ENCTYPES;
+
+ if (svalue)
+ krb5_xfree(svalue);
+ }
hierarchy[2] = "kpasswd_server";
if (params_in->mask & KADM5_CONFIG_KPASSWD_SERVER) {
@@ -883,18 +972,18 @@ kadm5_config_params *params_in, *params_out;
*params_out = params;
cleanup:
- if (aprofile)
- krb5_aprof_finish(aprofile);
- if (kret) {
- (void) kadm5_free_config_params(context, &params);
- params_out->mask = 0;
- }
+ if (aprofile)
+ krb5_aprof_finish(aprofile);
+ if (kret) {
+ kadm5_free_config_params(context, &params);
+ params_out->mask = 0;
+ }
#ifdef KRB5_DNS_LOOKUP
if (dns_realm.data)
free(dns_realm.data);
#endif /* KRB5_DNS_LOOKUP */
- return (kret);
+ return(kret);
}
/*
* kadm5_free_config_params() - Free data allocated by above.
@@ -902,10 +991,10 @@ cleanup:
/*ARGSUSED*/
krb5_error_code
kadm5_free_config_params(context, params)
-krb5_context context;
-kadm5_config_params *params;
+ krb5_context context;
+ kadm5_config_params *params;
{
- if (params) {
+ if (params) {
if (params->profile) {
krb5_xfree(params->profile);
params->profile = NULL;
@@ -963,11 +1052,52 @@ kadm5_config_params *params;
return (0);
}
-/*
+krb5_error_code
+kadm5_get_admin_service_name(krb5_context ctx,
+ char *realm_in,
+ char *admin_name,
+ size_t maxlen)
+{
+ krb5_error_code ret;
+ kadm5_config_params params_in, params_out;
+ struct hostent *hp;
+
+ memset(&params_in, 0, sizeof(params_in));
+ memset(&params_out, 0, sizeof(params_out));
+
+ params_in.mask |= KADM5_CONFIG_REALM;
+ params_in.realm = realm_in;
+ ret = kadm5_get_config_params(ctx, DEFAULT_PROFILE_PATH,
+ "KRB5_CONFIG", &params_in, &params_out);
+ if (ret)
+ return ret;
+
+ if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) {
+ ret = KADM5_MISSING_KRB5_CONF_PARAMS;
+ goto err_params;
+ }
+
+ hp = gethostbyname(params_out.admin_server);
+ if (hp == NULL) {
+ ret = errno;
+ goto err_params;
+ }
+ if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) {
+ ret = ENOMEM;
+ goto err_params;
+ }
+ sprintf(admin_name, "kadmin/%s", hp->h_name);
+
+err_params:
+ kadm5_free_config_params(ctx, &params_out);
+ return ret;
+}
+
+/***********************************************************************
* This is the old krb5_realm_read_params, which I mutated into
- * kadm5_get_config_params but which old code(kdb5_* and krb5kdc)
+ * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
* still uses.
- */
+ ***********************************************************************/
/*
* krb5_read_realm_params() - Read per-realm parameters from KDC
@@ -975,154 +1105,161 @@ kadm5_config_params *params;
*/
krb5_error_code
krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp)
-krb5_context kcontext;
-char *realm;
-char *kdcprofile;
-char *kdcenv;
-krb5_realm_params **rparamp;
+ krb5_context kcontext;
+ char *realm;
+ char *kdcprofile;
+ char *kdcenv;
+ krb5_realm_params **rparamp;
{
- char *filename;
- char *envname;
- char *lrealm;
- krb5_pointer aprofile = 0;
- krb5_realm_params *rparams;
- const char *hierarchy[4];
- char *svalue;
- krb5_int32 ivalue;
- krb5_deltat dtvalue;
-
- krb5_error_code kret;
-
- filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
- envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
-
- if (kcontext->profile_secure == TRUE) envname = 0;
-
- rparams = (krb5_realm_params *) NULL;
- if (realm)
- lrealm = strdup(realm);
- else {
- kret = krb5_get_default_realm(kcontext, &lrealm);
- if (kret)
- goto cleanup;
- }
-
- kret = krb5_aprof_init(filename, envname, &aprofile);
+ char *filename;
+ char *envname;
+ char *lrealm;
+ krb5_pointer aprofile = 0;
+ krb5_realm_params *rparams;
+ const char *hierarchy[4];
+ char *svalue;
+ krb5_int32 ivalue;
+ krb5_boolean bvalue;
+ krb5_deltat dtvalue;
+
+ krb5_error_code kret;
+
+ filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
+ envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
+
+ if (kcontext->profile_secure == TRUE) envname = 0;
+
+ rparams = (krb5_realm_params *) NULL;
+ if (realm)
+ lrealm = strdup(realm);
+ else {
+ kret = krb5_get_default_realm(kcontext, &lrealm);
if (kret)
- goto cleanup;
-
- rparams = (krb5_realm_params *) malloc(sizeof (krb5_realm_params));
- if (rparams == 0) {
- kret = ENOMEM;
- goto cleanup;
- }
-
- /* Initialize realm parameters */
- memset((char *)rparams, 0, sizeof (krb5_realm_params));
-
- /* Get the value for the database */
- hierarchy[0] = "realms";
- hierarchy[1] = lrealm;
- hierarchy[2] = "database_name";
- hierarchy[3] = (char *)NULL;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_dbname = svalue;
-
- /* Get the value for the KDC port list */
- hierarchy[2] = "kdc_ports";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_kdc_ports = svalue;
- hierarchy[2] = "kdc_tcp_ports";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_kdc_tcp_ports = svalue;
-
- /* Get the name of the acl file */
- hierarchy[2] = "acl_file";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_acl_file = svalue;
-
- /* Get the value for the kadmind port */
- hierarchy[2] = "kadmind_port";
- if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
- rparams->realm_kadmind_port = ivalue;
- rparams->realm_kadmind_port_valid = 1;
- }
-
- /* Get the value for the master key name */
- hierarchy[2] = "master_key_name";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_mkey_name = svalue;
-
- /* Get the value for the master key type */
- hierarchy[2] = "master_key_type";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
- rparams->realm_enctype_valid = 1;
- krb5_xfree(svalue);
- }
-
- /* Get the value for the stashfile */
- hierarchy[2] = "key_stash_file";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_stash_file = svalue;
-
- /* Get the value for maximum ticket lifetime. */
- hierarchy[2] = "max_life";
- if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
- rparams->realm_max_life = dtvalue;
- rparams->realm_max_life_valid = 1;
- }
-
- /* Get the value for maximum renewable ticket lifetime. */
- hierarchy[2] = "max_renewable_life";
- if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
- rparams->realm_max_rlife = dtvalue;
- rparams->realm_max_rlife_valid = 1;
- }
-
- /* Get the value for the default principal expiration */
- hierarchy[2] = "default_principal_expiration";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- if (!krb5_string_to_timestamp(svalue,
- &rparams->realm_expiration))
- rparams->realm_expiration_valid = 1;
- krb5_xfree(svalue);
- }
-
- /* Get the value for the default principal flags */
- hierarchy[2] = "default_principal_flags";
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- char *sp, *ep, *tp;
-
- sp = svalue;
- rparams->realm_flags = 0;
- while (sp) {
- if ((ep = strchr(sp, (int)',')) ||
- (ep = strchr(sp, (int)' ')) ||
- (ep = strchr(sp, (int)'\t'))) {
- /* Fill in trailing whitespace of sp */
- tp = ep - 1;
- while (isspace(*tp) && (tp < sp)) {
- *tp = '\0';
- tp--;
- }
- *ep = '\0';
- ep++;
- /* Skip over trailing whitespace of ep */
- while (isspace(*ep) && (*ep)) ep++;
- }
- /* Convert this flag */
- if (krb5_string_to_flags(sp,
- "+",
- "-",
- &rparams->realm_flags))
- break;
- sp = ep;
+ goto cleanup;
+ }
+
+ kret = krb5_aprof_init(filename, envname, &aprofile);
+ if (kret)
+ goto cleanup;
+
+ rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params));
+ if (rparams == 0) {
+ kret = ENOMEM;
+ goto cleanup;
+ }
+
+ /* Initialize realm parameters */
+ memset((char *) rparams, 0, sizeof(krb5_realm_params));
+
+ /* Get the value for the database */
+ hierarchy[0] = "realms";
+ hierarchy[1] = lrealm;
+ hierarchy[2] = "database_name";
+ hierarchy[3] = (char *) NULL;
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_dbname = svalue;
+
+ /* Get the value for the KDC port list */
+ hierarchy[2] = "kdc_ports";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_kdc_ports = svalue;
+ hierarchy[2] = "kdc_tcp_ports";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_kdc_tcp_ports = svalue;
+
+ /* Get the name of the acl file */
+ hierarchy[2] = "acl_file";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_acl_file = svalue;
+
+ /* Get the value for the kadmind port */
+ hierarchy[2] = "kadmind_port";
+ if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
+ rparams->realm_kadmind_port = ivalue;
+ rparams->realm_kadmind_port_valid = 1;
+ }
+
+ /* Get the value for the master key name */
+ hierarchy[2] = "master_key_name";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_mkey_name = svalue;
+
+ /* Get the value for the master key type */
+ hierarchy[2] = "master_key_type";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
+ rparams->realm_enctype_valid = 1;
+ krb5_xfree(svalue);
+ }
+
+ /* Get the value for the stashfile */
+ hierarchy[2] = "key_stash_file";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
+ rparams->realm_stash_file = svalue;
+
+ /* Get the value for maximum ticket lifetime. */
+ hierarchy[2] = "max_life";
+ if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
+ rparams->realm_max_life = dtvalue;
+ rparams->realm_max_life_valid = 1;
+ }
+
+ /* Get the value for maximum renewable ticket lifetime. */
+ hierarchy[2] = "max_renewable_life";
+ if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
+ rparams->realm_max_rlife = dtvalue;
+ rparams->realm_max_rlife_valid = 1;
+ }
+
+ /* Get the value for the default principal expiration */
+ hierarchy[2] = "default_principal_expiration";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ if (!krb5_string_to_timestamp(svalue,
+ &rparams->realm_expiration))
+ rparams->realm_expiration_valid = 1;
+ krb5_xfree(svalue);
+ }
+
+ hierarchy[2] = "reject_bad_transit";
+ if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
+ rparams->realm_reject_bad_transit = bvalue;
+ rparams->realm_reject_bad_transit_valid = 1;
+ }
+
+ /* Get the value for the default principal flags */
+ hierarchy[2] = "default_principal_flags";
+ if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ char *sp, *ep, *tp;
+
+ sp = svalue;
+ rparams->realm_flags = 0;
+ while (sp) {
+ if ((ep = strchr(sp, (int) ',')) ||
+ (ep = strchr(sp, (int) ' ')) ||
+ (ep = strchr(sp, (int) '\t'))) {
+ /* Fill in trailing whitespace of sp */
+ tp = ep - 1;
+ while (isspace((int) *tp) && (tp < sp)) {
+ *tp = '\0';
+ tp--;
}
- if (!sp)
- rparams->realm_flags_valid = 1;
- krb5_xfree(svalue);
+ *ep = '\0';
+ ep++;
+ /* Skip over trailing whitespace of ep */
+ while (isspace((int) *ep) && (*ep)) ep++;
+ }
+ /* Convert this flag */
+ if (krb5_string_to_flags(sp,
+ "+",
+ "-",
+ &rparams->realm_flags))
+ break;
+ sp = ep;
}
+ if (!sp)
+ rparams->realm_flags_valid = 1;
+ krb5_xfree(svalue);
+ }
/* Get the value for the supported enctype/salttype matrix */
/*
@@ -1151,44 +1288,47 @@ krb5_realm_params **rparamp;
krb5_xfree(svalue);
svalue = NULL;
}
-
cleanup:
- if (aprofile)
- krb5_aprof_finish(aprofile);
- if (lrealm)
- free(lrealm);
- if (kret) {
- if (rparams)
- krb5_free_realm_params(kcontext, rparams);
- rparams = 0;
- }
- *rparamp = rparams;
- return (kret);
+ if (aprofile)
+ krb5_aprof_finish(aprofile);
+ if (lrealm)
+ free(lrealm);
+ if (kret) {
+ if (rparams)
+ krb5_free_realm_params(kcontext, rparams);
+ rparams = 0;
+ }
+ *rparamp = rparams;
+ return(kret);
}
/*
* krb5_free_realm_params() - Free data allocated by above.
*/
-/*ARGSUSED*/
krb5_error_code
krb5_free_realm_params(kcontext, rparams)
-krb5_context kcontext;
-krb5_realm_params *rparams;
+ krb5_context kcontext;
+ krb5_realm_params *rparams;
{
- if (rparams) {
- if (rparams->realm_profile)
- krb5_xfree(rparams->realm_profile);
- if (rparams->realm_dbname)
- krb5_xfree(rparams->realm_dbname);
- if (rparams->realm_mkey_name)
- krb5_xfree(rparams->realm_mkey_name);
- if (rparams->realm_stash_file)
- krb5_xfree(rparams->realm_stash_file);
- if (rparams->realm_keysalts)
- krb5_xfree(rparams->realm_keysalts);
- if (rparams->realm_kdc_ports)
- krb5_xfree(rparams->realm_kdc_ports);
- krb5_xfree(rparams);
- }
- return (0);
+ if (rparams) {
+ if (rparams->realm_profile)
+ krb5_xfree(rparams->realm_profile);
+ if (rparams->realm_dbname)
+ krb5_xfree(rparams->realm_dbname);
+ if (rparams->realm_mkey_name)
+ krb5_xfree(rparams->realm_mkey_name);
+ if (rparams->realm_stash_file)
+ krb5_xfree(rparams->realm_stash_file);
+ if (rparams->realm_keysalts)
+ krb5_xfree(rparams->realm_keysalts);
+ if (rparams->realm_kdc_ports)
+ krb5_xfree(rparams->realm_kdc_ports);
+ if (rparams->realm_kdc_tcp_ports)
+ krb5_xfree(rparams->realm_kdc_tcp_ports);
+ if (rparams->realm_acl_file)
+ krb5_xfree(rparams->realm_acl_file);
+ krb5_xfree(rparams);
+ }
+ return(0);
}
+
diff --git a/usr/src/lib/krb5/kadm5/chpass_util.c b/usr/src/lib/krb5/kadm5/chpass_util.c
index e72bc03b61..18422e0924 100644
--- a/usr/src/lib/krb5/kadm5/chpass_util.c
+++ b/usr/src/lib/krb5/kadm5/chpass_util.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -33,7 +33,9 @@
#include <stdio.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <time.h>
#include <locale.h>
@@ -49,8 +51,7 @@ const char *chpw_error_message(kadm5_ret_t code);
/*
* Function: kadm5_chpass_principal_util
*
- * Purpose: Wrapper around chpass_principal. We can read new pw,
- * change pw and return useful messages
+ * Purpose: Wrapper around chpass_principal. We can read new pw, change pw and return useful messages
*
* Arguments:
*
@@ -91,7 +92,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len)
+ unsigned int msg_len)
{
int code, code2;
unsigned int pwsize;
@@ -99,7 +100,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
char *new_password;
kadm5_principal_ent_rec princ_ent;
kadm5_policy_ent_rec policy_ent;
- krb5_chgpwd_prot passwd_protocol;
+ krb5_chgpwd_prot passwd_protocol;
_KADM5_CHECK_HANDLE(server_handle);
@@ -113,8 +114,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
if ((code = (int) krb5_init_context(&context)) == 0) {
pwsize = sizeof(buffer);
- code = krb5_read_password(context,
- KADM5_PW_FIRST_PROMPT,
+ code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT,
KADM5_PW_SECOND_PROMPT,
buffer, &pwsize);
krb5_free_context(context);
@@ -184,7 +184,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
#ifdef ZEROPASSWD
if (!ret_pw)
- memset(buffer, 0, sizeof (buffer));
+ memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */
#endif
if (code == KADM5_OK) {
@@ -194,15 +194,12 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
}
if ((code != KADM5_PASS_Q_TOOSHORT) &&
- (code != KADM5_PASS_REUSE) &&
- (code != KADM5_PASS_Q_CLASS) &&
- (code != KADM5_PASS_Q_DICT) &&
- (code != KADM5_PASS_TOOSOON)) {
+ (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) &&
+ (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) {
/* Can't get more info for other errors */
sprintf(buffer, "%s %s", error_message(code),
string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
- sprintf(msg_ret, "%s\n%s\n",
- string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+ sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
buffer);
return(code);
}
@@ -260,8 +257,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
code2 = kadm5_get_policy(lhandle, princ_ent.policy,
&policy_ent);
if (code2 != 0) {
- sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ",
- error_message(code2),
+ sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", error_message(code2),
string_text(CHPASS_UTIL_GET_POLICY_INFO),
error_message(code),
string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
@@ -271,17 +267,16 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
}
if (code == KADM5_PASS_Q_TOOSHORT) {
- sprintf(msg_ret,
- string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT),
+ sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT),
policy_ent.pw_min_length);
(void) kadm5_free_principal_ent(lhandle, &princ_ent);
(void) kadm5_free_policy_ent(lhandle, &policy_ent);
return(code);
}
+
if (code == KADM5_PASS_Q_CLASS) {
- sprintf(msg_ret,
- string_text(CHPASS_UTIL_TOO_FEW_CLASSES),
+ sprintf(msg_ret, string_text(CHPASS_UTIL_TOO_FEW_CLASSES),
policy_ent.pw_min_classes);
(void) kadm5_free_principal_ent(lhandle, &princ_ent);
(void) kadm5_free_policy_ent(lhandle, &policy_ent);
@@ -292,26 +287,23 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
time_t until;
char *time_string, *ptr;
- until = princ_ent.last_pwd_change +
- policy_ent.pw_min_life;
+ until = princ_ent.last_pwd_change + policy_ent.pw_min_life;
time_string = ctime(&until);
- if (*(ptr = &time_string[strlen(time_string)-1]) ==
- '\n')
+ if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
*ptr = '\0';
- sprintf(msg_ret,
- string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),
+ sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),
time_string);
(void) kadm5_free_principal_ent(lhandle, &princ_ent);
(void) kadm5_free_policy_ent(lhandle, &policy_ent);
return(code);
} else {
+
/* We should never get here, but just in case ... */
sprintf(buffer, "%s %s", error_message(code),
string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
- sprintf(msg_ret, "%s\n%s\n",
- string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+ sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
buffer);
(void) kadm5_free_principal_ent(lhandle, &princ_ent);
(void) kadm5_free_policy_ent(lhandle, &policy_ent);
diff --git a/usr/src/lib/krb5/kadm5/chpass_util_strings.h b/usr/src/lib/krb5/kadm5/chpass_util_strings.h
index 1b51f9af60..e3b147b486 100644
--- a/usr/src/lib/krb5/kadm5/chpass_util_strings.h
+++ b/usr/src/lib/krb5/kadm5/chpass_util_strings.h
@@ -40,5 +40,16 @@
#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L)
#define ERROR_TABLE_BASE_ovku (-1492553984L)
+extern const struct error_table et_ovku_error_table;
+
+#if !defined(_WIN32)
/* for compatibility with older versions... */
+extern void initialize_ovku_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_ovku_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_ovku_err_tbl initialize_ovku_error_table
#define ovku_err_base ERROR_TABLE_BASE_ovku
+#endif
diff --git a/usr/src/lib/krb5/kadm5/clnt/Makefile.com b/usr/src/lib/krb5/kadm5/clnt/Makefile.com
index 4f4d2c2f11..2a9db0023a 100644
--- a/usr/src/lib/krb5/kadm5/clnt/Makefile.com
+++ b/usr/src/lib/krb5/kadm5/clnt/Makefile.com
@@ -78,7 +78,7 @@ CPPFLAGS += -I.. -I../.. -I../../.. -I$(SRC)/lib/gss_mechs/mech_krb5/include \
-DHAVE_LIBSOCKET=1 -DHAVE_LIBNSL=1 -DSETRPCENT_TYPE=void \
-DENDRPCENT_TYPE=void -DHAVE_SYS_ERRLIST=1 -DNEED_SYS_ERRLIST=1 \
-DHAVE_SYSLOG_H=1 -DHAVE_OPENLOG=1 -DHAVE_SYSLOG=1 -DHAVE_CLOSELOG=1 \
- -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1
+ -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 -DUSE_KADM5_API_VERSION=2
CFLAGS += $(CCVERBOSE) -I..
LDLIBS += -lc
diff --git a/usr/src/lib/krb5/kadm5/clnt/client_init.c b/usr/src/lib/krb5/kadm5/clnt/client_init.c
index 44d0fb4a9d..838f8fb18e 100644
--- a/usr/src/lib/krb5/kadm5/clnt/client_init.c
+++ b/usr/src/lib/krb5/kadm5/clnt/client_init.c
@@ -42,7 +42,9 @@
#include <stdio.h>
#include <netdb.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <string.h>
#include <com_err.h>
#include <sys/types.h>
@@ -55,19 +57,22 @@
#endif
#include <libintl.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include "client_internal.h"
+
#include <syslog.h>
#include <gssapi/gssapi.h>
#include <gssapi_krb5.h>
#include <gssapiP_krb5.h>
-#include <kadm5/kadm_rpc.h>
#include <rpc/clnt.h>
-#include <kadm5/admin.h>
-#include "client_internal.h"
+
#include <iprop_hdr.h>
#include "iprop.h"
#define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX"
+static int old_auth_gssapi = 0;
/* connection timeout to kadmind in seconds */
#define KADMIND_CONNECT_TIMEOUT 25
@@ -93,7 +98,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ui_4 api_version,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
+ return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
service_name, params,
struct_version, api_version,
server_handle);
@@ -107,19 +112,19 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
krb5_ui_4 api_version,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+ return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
service_name, params, struct_version,
api_version, server_handle);
}
kadm5_ret_t kadm5_init(char *client_name, char *pass,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- void **server_handle)
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+ return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
service_name, params, struct_version,
api_version, server_handle);
}
@@ -131,7 +136,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
krb5_ui_4 api_version,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
+ return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
service_name, params, struct_version,
api_version, server_handle);
}
@@ -579,132 +584,132 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
krb5_ui_4 api_version,
void **server_handle)
{
- int i;
- krb5_creds creds;
- krb5_ccache ccache = NULL;
- krb5_timestamp now;
- OM_uint32 gssstat, minor_stat;
- kadm5_server_handle_t handle;
- kadm5_config_params params_local;
- int code = 0;
- krb5_get_init_creds_opt opt;
- gss_buffer_desc input_name;
- krb5_error_code kret;
- krb5_int32 starttime;
- char *server = NULL;
- krb5_principal serverp = NULL, clientp = NULL;
- bool_t cpw = FALSE;
+ int i;
+ krb5_creds creds;
+ krb5_ccache ccache = NULL;
+ krb5_timestamp now;
+ OM_uint32 gssstat, minor_stat;
+ kadm5_server_handle_t handle;
+ kadm5_config_params params_local;
+ int code = 0;
+ krb5_get_init_creds_opt opt;
+ gss_buffer_desc input_name;
+ krb5_error_code kret;
+ krb5_int32 starttime;
+ char *server = NULL;
+ krb5_principal serverp = NULL, clientp = NULL;
+ bool_t cpw = FALSE;
ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN,
"entering kadm5_init_any\n"));
- if (! server_handle) {
- return (EINVAL);
- }
-
- if (! (handle = malloc(sizeof(*handle)))) {
- return (ENOMEM);
- }
- if (! (handle->lhandle = malloc(sizeof(*handle)))) {
- free(handle);
- return (ENOMEM);
- }
-
- handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
- handle->struct_version = struct_version;
- handle->api_version = api_version;
- handle->clnt = 0;
- handle->cache_name = 0;
- handle->destroy_cache = 0;
- *handle->lhandle = *handle;
- handle->lhandle->api_version = KADM5_API_VERSION_2;
- handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
- handle->lhandle->lhandle = handle->lhandle;
-
- kret = krb5_init_context(&handle->context);
+ if (! server_handle) {
+ return EINVAL;
+ }
+
+ if (! (handle = malloc(sizeof(*handle)))) {
+ return ENOMEM;
+ }
+ if (! (handle->lhandle = malloc(sizeof(*handle)))) {
+ free(handle);
+ return ENOMEM;
+ }
+
+ handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
+ handle->struct_version = struct_version;
+ handle->api_version = api_version;
+ handle->clnt = 0;
+ handle->cache_name = 0;
+ handle->destroy_cache = 0;
+ *handle->lhandle = *handle;
+ handle->lhandle->api_version = KADM5_API_VERSION_2;
+ handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+ handle->lhandle->lhandle = handle->lhandle;
+
+ kret = krb5_init_context(&handle->context);
if (kret) {
free(handle->lhandle);
free(handle);
return (kret);
}
- if(service_name == NULL || client_name == NULL) {
- krb5_free_context(handle->context);
- free(handle->lhandle);
- free(handle);
- return (EINVAL);
- }
- memset((char *) &creds, 0, sizeof(creds));
-
- /*
- * Verify the version numbers before proceeding; we can't use
- * CHECK_HANDLE because not all fields are set yet.
- */
- GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
+ if(service_name == NULL || client_name == NULL) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
+ free(handle);
+ return EINVAL;
+ }
+ memset((char *) &creds, 0, sizeof(creds));
+
+ /*
+ * Verify the version numbers before proceeding; we can't use
+ * CHECK_HANDLE because not all fields are set yet.
+ */
+ GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
KADM5_NEW_LIB_API_VERSION);
-
- /*
- * Acquire relevant profile entries. In version 2, merge values
- * in params_in with values from profile, based on
- * params_in->mask.
- *
- * In version 1, we've given a realm (which may be NULL) instead
- * of params_in. So use that realm, make params_in contain an
- * empty mask, and behave like version 2.
- */
- memset((char *) &params_local, 0, sizeof(params_local));
- if (api_version == KADM5_API_VERSION_1) {
- if (params_in)
- params_local.mask = KADM5_CONFIG_REALM;
- params_in = &params_local;
+
+ /*
+ * Acquire relevant profile entries. In version 2, merge values
+ * in params_in with values from profile, based on
+ * params_in->mask.
+ *
+ * In version 1, we've given a realm (which may be NULL) instead
+ * of params_in. So use that realm, make params_in contain an
+ * empty mask, and behave like version 2.
+ */
+ memset((char *) &params_local, 0, sizeof(params_local));
+ if (api_version == KADM5_API_VERSION_1) {
+ if (params_in)
+ params_local.mask = KADM5_CONFIG_REALM;
+ params_in = &params_local;
}
#define ILLEGAL_PARAMS ( \
- KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_ADB_LOCKFILE | \
- KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \
- KADM5_CONFIG_DICT_FILE | KADM5_CONFIG_ADMIN_KEYTAB | \
- KADM5_CONFIG_STASH_FILE | KADM5_CONFIG_MKEY_NAME | \
- KADM5_CONFIG_ENCTYPE | KADM5_CONFIG_MAX_LIFE | \
- KADM5_CONFIG_MAX_RLIFE | KADM5_CONFIG_EXPIRATION | \
- KADM5_CONFIG_FLAGS | KADM5_CONFIG_ENCTYPES | \
- KADM5_CONFIG_MKEY_FROM_KBD)
-
- if (params_in && params_in->mask & ILLEGAL_PARAMS) {
+ KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_ADB_LOCKFILE | \
+ KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \
+ KADM5_CONFIG_DICT_FILE | KADM5_CONFIG_ADMIN_KEYTAB | \
+ KADM5_CONFIG_STASH_FILE | KADM5_CONFIG_MKEY_NAME | \
+ KADM5_CONFIG_ENCTYPE | KADM5_CONFIG_MAX_LIFE | \
+ KADM5_CONFIG_MAX_RLIFE | KADM5_CONFIG_EXPIRATION | \
+ KADM5_CONFIG_FLAGS | KADM5_CONFIG_ENCTYPES | \
+ KADM5_CONFIG_MKEY_FROM_KBD)
+
+ if (params_in && params_in->mask & ILLEGAL_PARAMS) {
krb5_free_context(handle->context);
free(handle->lhandle);
- free(handle);
+ free(handle);
ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN,
"bad client parameters, returning %d"),
KADM5_BAD_CLIENT_PARAMS);
- return (KADM5_BAD_CLIENT_PARAMS);
- }
+ return KADM5_BAD_CLIENT_PARAMS;
+ }
- if ((code = kadm5_get_config_params(handle->context,
+ if ((code = kadm5_get_config_params(handle->context,
DEFAULT_PROFILE_PATH,
"KRB5_CONFIG",
params_in,
&handle->params))) {
- krb5_free_context(handle->context);
- free(handle->lhandle);
- free(handle);
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
+ free(handle);
ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN,
"failed to get config_params, return: %d\n"), code);
- return(code);
- }
+ return(code);
+ }
#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \
KADM5_CONFIG_ADMIN_SERVER | \
KADM5_CONFIG_KADMIND_PORT)
- if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+ if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
(void) kadm5_free_config_params(handle->context,
&handle->params);
- krb5_free_context(handle->context);
+ krb5_free_context(handle->context);
free(handle->lhandle);
- free(handle);
+ free(handle);
ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN,
"missing config parameters\n"));
- return (KADM5_MISSING_CONF_PARAMS);
- }
+ return KADM5_MISSING_KRB5_CONF_PARAMS;
+ }
/*
* Acquire a service ticket for service_name@realm in the name of
@@ -775,52 +780,61 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
/* XXX temporarily fix a bug in krb5_cc_get_type */
#undef krb5_cc_get_type
#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix)
-
- if (init_type == INIT_CREDS) {
- ccache = ccache_in;
- handle->cache_name = (char *)
- malloc(strlen(krb5_cc_get_type(handle->context, ccache)) +
- strlen(krb5_cc_get_name(handle->context, ccache)) + 2);
-
- if (handle->cache_name == NULL) {
- code = ENOMEM;
- goto error;
- }
- sprintf(handle->cache_name, "%s:%s",
- krb5_cc_get_type(handle->context, ccache),
- krb5_cc_get_name(handle->context, ccache));
- } else {
- handle->cache_name =
- (char *) malloc(strlen(ADM_CCACHE)+strlen("FILE:")+1);
- if (handle->cache_name == NULL) {
- code = ENOMEM;
- goto error;
- }
- sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE);
- mktemp(handle->cache_name + strlen("FILE:"));
-
- if ((code = krb5_cc_resolve(handle->context,
- handle->cache_name, &ccache)))
- goto error;
+
+
+ if (init_type == INIT_CREDS) {
+ ccache = ccache_in;
+ handle->cache_name = (char *)
+ malloc(strlen(krb5_cc_get_type(handle->context, ccache)) +
+ strlen(krb5_cc_get_name(handle->context, ccache)) + 2);
+ if (handle->cache_name == NULL) {
+ code = ENOMEM;
+ goto error;
+ }
+ sprintf(handle->cache_name, "%s:%s",
+ krb5_cc_get_type(handle->context, ccache),
+ krb5_cc_get_name(handle->context, ccache));
+ } else {
+#if 0
+ handle->cache_name =
+ (char *) malloc(strlen(ADM_CCACHE)+strlen("FILE:")+1);
+ if (handle->cache_name == NULL) {
+ code = ENOMEM;
+ goto error;
+ }
+ sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE);
+ mktemp(handle->cache_name + strlen("FILE:"));
+#endif
+ {
+ static int counter = 0;
+ handle->cache_name = malloc(sizeof("MEMORY:kadm5_")
+ + 3*sizeof(counter));
+ sprintf(handle->cache_name, "MEMORY:kadm5_%u", counter++);
+ }
+
+ if ((code = krb5_cc_resolve(handle->context, handle->cache_name,
+ &ccache)))
+ goto error;
- if ((code = krb5_cc_initialize (handle->context, ccache,
+ if ((code = krb5_cc_initialize (handle->context, ccache,
creds.client)))
- goto error;
+ goto error;
- handle->destroy_cache = 1;
- }
- handle->lhandle->cache_name = handle->cache_name;
+ handle->destroy_cache = 1;
+ }
+ handle->lhandle->cache_name = handle->cache_name;
ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN,
"cache created: %s\n"), handle->cache_name);
-
- if ((code = krb5_timeofday(handle->context, &now)))
- goto error;
+
+ if ((code = krb5_timeofday(handle->context, &now)))
+ goto error;
- /*
- * Get a ticket, use the method specified in init_type.
- */
- creds.times.starttime = 0; /* start timer at KDC */
- creds.times.endtime = 0; /* endtime will be limited by service */
+ /*
+ * Get a ticket, use the method specified in init_type.
+ */
+
+ creds.times.starttime = 0; /* start timer at KDC */
+ creds.times.endtime = 0; /* endtime will be limited by service */
memset(&opt, 0, sizeof (opt));
krb5_get_init_creds_opt_init(&opt);
@@ -854,19 +868,16 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
creds.times.starttime,
server, &opt);
- if (pass)
- krb5_kt_close(handle->context, kt);
- }
- }
-
- /* Improved error messages */
- if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
- code = KADM5_BAD_PASSWORD;
+ if (pass) krb5_kt_close(handle->context, kt);
+ }
+ }
- if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
- code = KADM5_SECURE_PRINC_MISSING;
+ /* Improved error messages */
+ if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
+ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+ code = KADM5_SECURE_PRINC_MISSING;
- if (code != 0) {
+ if (code != 0) {
ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN,
"failed to obtain credentials cache\n"));
goto error;
@@ -882,8 +893,8 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN, "obtained credentials cache\n"));
#ifdef ZEROPASSWD
- if (pass != NULL)
- memset(pass, 0, strlen(pass));
+ if (pass != NULL)
+ memset(pass, 0, strlen(pass));
#endif
if (init_type != INIT_PASS ||
@@ -903,19 +914,19 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
goto cleanup;
error:
- /*
- * Note that it is illegal for this code to execute if "handle"
- * has not been allocated and initialized. I.e., don't use "goto
- * error" before the block of code at the top of the function
- * that allocates and initializes "handle".
- */
- if (handle->cache_name)
+ /*
+ * Note that it is illegal for this code to execute if "handle"
+ * has not been allocated and initialized. I.e., don't use "goto
+ * error" before the block of code at the top of the function
+ * that allocates and initializes "handle".
+ */
+ if (handle->cache_name)
free(handle->cache_name);
- if (handle->destroy_cache && ccache)
+ if (handle->destroy_cache && ccache)
krb5_cc_destroy(handle->context, ccache);
- if(handle->clnt && handle->clnt->cl_auth)
+ if(handle->clnt && handle->clnt->cl_auth)
AUTH_DESTROY(handle->clnt->cl_auth);
- if(handle->clnt)
+ if(handle->clnt)
clnt_destroy(handle->clnt);
(void) kadm5_free_config_params(handle->context, &handle->params);
@@ -935,76 +946,91 @@ cleanup:
if (serverp && serverp != creds.server)
krb5_free_principal(handle->context, serverp);
- krb5_free_cred_contents(handle->context, &creds);
+ krb5_free_cred_contents(handle->context, &creds);
/*
* Dont clean up the handle if the code is OK (code==0)
* because it is returned to the caller in the 'server_handle'
* ptr.
*/
- if (code) {
+ if (code) {
krb5_free_context(handle->context);
free(handle->lhandle);
free(handle);
}
- return (code);
+ return code;
}
kadm5_ret_t
kadm5_destroy(void *server_handle)
{
- krb5_ccache ccache = NULL;
- int code = KADM5_OK;
- kadm5_server_handle_t handle =
+ krb5_ccache ccache = NULL;
+ int code = KADM5_OK;
+ kadm5_server_handle_t handle =
(kadm5_server_handle_t) server_handle;
OM_uint32 min_stat;
- CHECK_HANDLE(server_handle);
-
- if (handle->destroy_cache && handle->cache_name) {
+ CHECK_HANDLE(server_handle);
+/* SUNW14resync:
+ * krb5_cc_resolve() will resolve a ccache with the same data that
+ * handle->my_cred points to. If the ccache is a MEMORY ccache then
+ * gss_release_cred() will free that data (it doesn't do this when ccache
+ * is a FILE ccache).
+ * if'ed out to avoid the double free.
+ */
+#if 0
+ if (handle->destroy_cache && handle->cache_name) {
if ((code = krb5_cc_resolve(handle->context,
handle->cache_name, &ccache)) == 0)
code = krb5_cc_destroy (handle->context, ccache);
- }
- if (handle->cache_name)
+ }
+#endif
+ if (handle->cache_name)
free(handle->cache_name);
-
- if (handle->clnt && handle->clnt->cl_auth) {
+ if (handle->clnt && handle->clnt->cl_auth) {
/*
* Since kadm5 doesn't use the default credentials we
* must clean this up manually.
*/
if (handle->my_cred != GSS_C_NO_CREDENTIAL)
(void) gss_release_cred(&min_stat, &handle->my_cred);
- AUTH_DESTROY(handle->clnt->cl_auth);
+ AUTH_DESTROY(handle->clnt->cl_auth);
}
- if (handle->clnt)
+ if (handle->clnt)
clnt_destroy(handle->clnt);
- if (handle->lhandle)
- free (handle->lhandle);
+ if (handle->lhandle)
+ free (handle->lhandle);
- kadm5_free_config_params(handle->context, &handle->params);
- krb5_free_context(handle->context);
+ kadm5_free_config_params(handle->context, &handle->params);
+ krb5_free_context(handle->context);
- handle->magic_number = 0;
- free(handle);
+ handle->magic_number = 0;
+ free(handle);
- return (code);
+ return code;
+}
+/* not supported on client */
+kadm5_ret_t kadm5_lock(void *server_handle)
+{
+ return EINVAL;
}
-/*ARGSUSED*/
-kadm5_ret_t
-kadm5_flush(void *server_handle)
+/* not supported on client */
+kadm5_ret_t kadm5_unlock(void *server_handle)
{
- return (KADM5_OK);
+ return EINVAL;
}
-int
-_kadm5_check_handle(void *handle)
+kadm5_ret_t kadm5_flush(void *server_handle)
{
- CHECK_HANDLE(handle);
- return (0);
+ return KADM5_OK;
+}
+
+int _kadm5_check_handle(void *handle)
+{
+ CHECK_HANDLE(handle);
+ return 0;
}
/*
diff --git a/usr/src/lib/krb5/kadm5/clnt/client_internal.h b/usr/src/lib/krb5/kadm5/clnt/client_internal.h
index 756d4b4a05..ff739b4b91 100644
--- a/usr/src/lib/krb5/kadm5/clnt/client_internal.h
+++ b/usr/src/lib/krb5/kadm5/clnt/client_internal.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -29,9 +29,9 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/clnt/client_internal.h, v 1.1 1996/07/24 22:22:43 tlyu Exp $
- *
- * $Log: client_internal.h, v $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_internal.h,v 1.1 1996/07/24 22:22:43 tlyu Exp $
+ *
+ * $Log: client_internal.h,v $
* Revision 1.1 1996/07/24 22:22:43 tlyu
* * Makefile.in, configure.in: break out client lib into a
* subdirectory
@@ -97,31 +97,32 @@ typedef struct _kadm5_server_handle_t {
krb5_ui_4 magic_number;
krb5_ui_4 struct_version;
krb5_ui_4 api_version;
- char *cache_name;
+ char * cache_name;
int destroy_cache;
- CLIENT *clnt;
+ CLIENT * clnt;
krb5_context context;
gss_cred_id_t my_cred;
kadm5_config_params params;
struct _kadm5_server_handle_t *lhandle;
} kadm5_server_handle_rec, *kadm5_server_handle_t;
-
-#define CLIENT_CHECK_HANDLE(handle) \
+#define CLIENT_CHECK_HANDLE(handle) \
{ \
-kadm5_server_handle_t srvr = (kadm5_server_handle_t)handle; \
+ kadm5_server_handle_t srvr = \
+ (kadm5_server_handle_t) handle; \
+ \
if (srvr->params.kpasswd_protocol == KRB5_CHGPWD_RPCSEC && ! srvr->clnt) \
- return (KADM5_BAD_SERVER_HANDLE); \
+ return KADM5_BAD_SERVER_HANDLE; \
if (! srvr->cache_name) \
- return (KADM5_BAD_SERVER_HANDLE); \
+ return KADM5_BAD_SERVER_HANDLE; \
if (! srvr->lhandle) \
-return (KADM5_BAD_SERVER_HANDLE); \
+ return KADM5_BAD_SERVER_HANDLE; \
}
-#define CHECK_HANDLE(handle) \
-GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \
-KADM5_NEW_LIB_API_VERSION) \
-CLIENT_CHECK_HANDLE(handle)
+#define CHECK_HANDLE(handle) \
+ GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \
+ KADM5_NEW_LIB_API_VERSION) \
+ CLIENT_CHECK_HANDLE(handle)
#ifdef __cplusplus
}
diff --git a/usr/src/lib/krb5/kadm5/clnt/client_principal.c b/usr/src/lib/krb5/kadm5/clnt/client_principal.c
index b6fc1103f4..92fc52d122 100644
--- a/usr/src/lib/krb5/kadm5/clnt/client_principal.c
+++ b/usr/src/lib/krb5/kadm5/clnt/client_principal.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,19 +26,27 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.8 2000/02/27 22:18:15 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.11 2004/06/16 03:11:53 tlyu Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.8 2000/02/27 22:18:15 tlyu Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.11 2004/06/16 03:11:53 tlyu Exp $";
#endif
#include <rpc/rpc.h> /* SUNWresync121 XXX */
#include <kadm5/admin.h>
#include <kadm5/kadm_rpc.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include "client_internal.h"
+#ifdef DEBUG /* SUNWresync14 XXX */
+#define eret() clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR;
+#else
+#define eret() return KADM5_RPC_ERROR;
+#endif
+
kadm5_ret_t
kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t princ, long mask,
@@ -93,7 +101,7 @@ kadm5_create_principal(void *server_handle,
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -154,7 +162,7 @@ kadm5_create_principal_3(void *server_handle,
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -173,7 +181,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
arg.api_version = handle->api_version;
r = delete_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -226,7 +234,7 @@ kadm5_modify_principal(void *server_handle,
krb5_free_principal(handle->context, arg.rec.mod_name);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -251,7 +259,7 @@ kadm5_get_principal(void *server_handle,
arg.api_version = handle->api_version;
r = get_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if (handle->api_version == KADM5_API_VERSION_1) {
kadm5_principal_ent_t_v1 *entp;
@@ -291,7 +299,7 @@ kadm5_get_principals(void *server_handle,
arg.api_version = handle->api_version;
r = get_princs_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if(r->code == 0) {
*count = r->count;
*princs = r->princs;
@@ -320,7 +328,7 @@ kadm5_rename_principal(void *server_handle,
return EINVAL;
r = rename_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -342,7 +350,7 @@ kadm5_chpass_principal(void *server_handle,
return EINVAL;
r = chpass_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -369,7 +377,7 @@ kadm5_chpass_principal_3(void *server_handle,
return EINVAL;
r = chpass_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -392,7 +400,7 @@ kadm5_setv4key_principal(void *server_handle,
return EINVAL;
r = setv4key_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -402,7 +410,6 @@ kadm5_setkey_principal(void *server_handle,
krb5_keyblock *keyblocks,
int n_keys)
{
-
setkey_arg arg;
generic_ret *r;
kadm5_server_handle_t handle = server_handle;
@@ -418,7 +425,7 @@ kadm5_setkey_principal(void *server_handle,
return EINVAL;
r = setkey_principal_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -448,7 +455,7 @@ kadm5_setkey_principal_3(void *server_handle,
return EINVAL;
r = setkey_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
return r->code;
}
@@ -527,7 +534,6 @@ kadm5_randkey_principal_3(void *server_handle,
{
chrand3_arg arg;
chrand_ret *r;
- krb5_keyblock new;
kadm5_server_handle_t handle = server_handle;
int i, ret;
@@ -549,27 +555,30 @@ kadm5_randkey_principal_3(void *server_handle,
return EINVAL;
r = chrand_principal3_1(&arg, handle->clnt);
if(r == NULL)
- return KADM5_RPC_ERROR;
+ eret();
if (handle->api_version == KADM5_API_VERSION_1) {
if (key)
krb5_copy_keyblock(handle->context, &r->key, key);
- } else if (key && (r->n_keys > 0)) {
- *key = (krb5_keyblock *)
- malloc(r->n_keys*sizeof(krb5_keyblock));
- if (*key == NULL)
- return ENOMEM;
- for (i = 0; i < r->n_keys; i++) {
- ret = krb5_copy_keyblock_contents(handle->context,
- &r->keys[i],
- &(*key)[i]);
- if (ret) {
- free(*key);
- *key = NULL;
- return ENOMEM;
- }
- }
- if (n_keys)
- *n_keys = r->n_keys;
+ } else {
+ if (n_keys)
+ *n_keys = r->n_keys;
+ if (key) {
+ if(r->n_keys) {
+ *key = (krb5_keyblock *)
+ malloc(r->n_keys*sizeof(krb5_keyblock));
+ if (*key == NULL)
+ return ENOMEM;
+ for (i = 0; i < r->n_keys; i++) {
+ ret = krb5_copy_keyblock_contents(handle->context,
+ &r->keys[i],
+ &(*key)[i]);
+ if (ret) {
+ free(*key);
+ return ENOMEM;
+ }
+ }
+ } else *key = NULL;
+ }
}
return r->code;
diff --git a/usr/src/lib/krb5/kadm5/clnt/client_rpc.c b/usr/src/lib/krb5/kadm5/clnt/client_rpc.c
index bbe65e38bc..1e029e1bf7 100644
--- a/usr/src/lib/krb5/kadm5/clnt/client_rpc.c
+++ b/usr/src/lib/krb5/kadm5/clnt/client_rpc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -27,7 +27,9 @@
#include <kadm5/kadm_rpc.h>
#include <krb5.h>
#include <kadm5/admin.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
/* Default timeout can be changed using clnt_control() */
static struct timeval TIMEOUT = { 25, 0 };
@@ -51,7 +53,7 @@ create_principal_1(argp, clnt)
generic_ret *
create_principal3_1(argp, clnt)
- cprinc_arg *argp;
+ cprinc3_arg *argp;
CLIENT *clnt;
{
static generic_ret res;
@@ -138,7 +140,7 @@ get_principal_1(argp, clnt)
gprincs_ret *
get_princs_1(argp, clnt)
- gprinc_arg *argp;
+ gprincs_arg *argp;
CLIENT *clnt;
{
static gprincs_ret res;
@@ -172,7 +174,7 @@ chpass_principal_1(argp, clnt)
generic_ret *
chpass_principal3_1(argp, clnt)
- chpass_arg *argp;
+ chpass3_arg *argp;
CLIENT *clnt;
{
static generic_ret res;
@@ -229,7 +231,7 @@ setkey_principal_1(argp, clnt)
generic_ret *
setkey_principal3_1(argp, clnt)
- setkey_arg *argp;
+ setkey3_arg *argp;
CLIENT *clnt;
{
static generic_ret res;
@@ -265,7 +267,7 @@ chrand_principal_1(argp, clnt)
chrand_ret *
chrand_principal3_1(argp, clnt)
- chrand_arg *argp;
+ chrand3_arg *argp;
CLIENT *clnt;
{
static chrand_ret res;
@@ -352,7 +354,7 @@ get_policy_1(argp, clnt)
gpols_ret *
get_pols_1(argp, clnt)
- gprinc_arg *argp;
+ gpols_arg *argp;
CLIENT *clnt;
{
static gpols_ret res;
diff --git a/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c b/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c
index 4ce989fad3..ffbf55a090 100644
--- a/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c
+++ b/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c
@@ -26,7 +26,7 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len)
+ unsigned int msg_len)
{
kadm5_server_handle_t handle = server_handle;
diff --git a/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c b/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c
index 1161389f66..15ee88ef8a 100644
--- a/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c
+++ b/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,7 +26,7 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/clnt_policy.c,v 1.2 1998/02/14 02:32:57 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/clnt_policy.c,v 1.4 2004/02/19 01:22:26 raeburn Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
@@ -86,7 +86,6 @@ kadm5_delete_policy(void *server_handle, char *name)
kadm5_ret_t
kadm5_modify_policy(void *server_handle,
kadm5_policy_ent_t policy, long mask)
-
{
mpol_arg arg;
generic_ret *r;
@@ -109,7 +108,6 @@ kadm5_modify_policy(void *server_handle,
kadm5_ret_t
kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
-
{
gpol_arg arg;
gpol_ret *r;
diff --git a/usr/src/lib/krb5/kadm5/clnt/mapfile-vers b/usr/src/lib/krb5/kadm5/clnt/mapfile-vers
index f47b2d722b..241e1286b1 100644
--- a/usr/src/lib/krb5/kadm5/clnt/mapfile-vers
+++ b/usr/src/lib/krb5/kadm5/clnt/mapfile-vers
@@ -27,10 +27,14 @@
SUNWprivate_1.1 {
global:
+ _kadm5_get_kpasswd_protocol;
+ chpass_principal3_1;
chpass_principal_1;
chpw_error_message;
+ chrand_principal3_1;
chrand_principal_1;
create_policy_1;
+ create_principal3_1;
create_principal_1;
delete_policy_1;
delete_principal_1;
@@ -58,11 +62,10 @@ SUNWprivate_1.1 {
kadm5_free_policy_ent;
kadm5_free_principal_ent;
kadm5_get_adm_host_srv_name;
+ kadm5_get_admin_service_name;
kadm5_get_config_params;
kadm5_get_cpw_host_srv_name;
kadm5_get_kiprop_host_srv_name;
- _kadm5_get_kpasswd_protocol;
- kadm5_get_master;
kadm5_get_policies;
kadm5_get_policy;
kadm5_get_principal;
@@ -73,14 +76,18 @@ SUNWprivate_1.1 {
kadm5_init_with_creds;
kadm5_init_with_password;
kadm5_init_with_skey;
+ kadm5_lock;
kadm5_modify_policy;
kadm5_modify_principal;
kadm5_randkey_principal;
kadm5_randkey_principal_3;
kadm5_randkey_principal_old;
kadm5_rename_principal;
+ kadm5_setkey_principal;
kadm5_setkey_principal_3;
+ kadm5_unlock;
krb5_aprof_finish;
+ krb5_aprof_get_boolean;
krb5_aprof_get_deltat;
krb5_aprof_get_int32;
krb5_aprof_get_string;
@@ -104,10 +111,15 @@ SUNWprivate_1.1 {
modify_policy_1;
modify_principal_1;
rename_principal_1;
+ setkey_principal3_1;
+ setkey_principal_1;
+ xdr_chpass3_arg;
xdr_chpass_arg;
+ xdr_chrand3_arg;
xdr_chrand_arg;
xdr_chrand_ret;
xdr_cpol_arg;
+ xdr_cprinc3_arg;
xdr_cprinc_arg;
xdr_dpol_arg;
xdr_dprinc_arg;
@@ -129,19 +141,24 @@ SUNWprivate_1.1 {
xdr_krb5_enctype;
xdr_krb5_flags;
xdr_krb5_int16;
- xdr_krb5_keyblock;
xdr_krb5_key_data_nocontents;
+ xdr_krb5_key_salt_tuple;
+ xdr_krb5_keyblock;
xdr_krb5_kvno;
xdr_krb5_octet;
xdr_krb5_principal;
+ xdr_krb5_salttype;
xdr_krb5_timestamp;
xdr_krb5_tl_data;
+ xdr_krb5_ui_2;
xdr_krb5_ui_4;
xdr_mpol_arg;
xdr_mprinc_arg;
xdr_nullstring;
xdr_nulltype;
xdr_rprinc_arg;
+ xdr_setkey3_arg;
+ xdr_setkey_arg;
xdr_ui_4;
local:
*;
diff --git a/usr/src/lib/krb5/kadm5/kadm_err.h b/usr/src/lib/krb5/kadm5/kadm_err.h
index 4e636670a1..c4463ff13a 100644
--- a/usr/src/lib/krb5/kadm5/kadm_err.h
+++ b/usr/src/lib/krb5/kadm5/kadm_err.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -81,10 +81,22 @@
#define KADM5_SETKEY_DUP_ENCTYPES (43787571L)
#define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L)
#define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L)
-#define KADM5_RPC_ERROR_CANTENCODEARGS (43787574L)
-#define KADM5_RPC_ERROR_CANTDECODEARGS (43787575L)
+#define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L)
+#define KADM5_RPC_ERROR_CANTENCODEARGS (43787575L)
+#define KADM5_RPC_ERROR_CANTDECODEARGS (43787576L)
#define ERROR_TABLE_BASE_ovk (43787520L)
+extern const struct error_table et_ovk_error_table;
+
+#if !defined(_WIN32)
/* for compatibility with older versions... */
+extern void initialize_ovk_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_ovk_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_ovk_err_tbl initialize_ovk_error_table
#define ovk_err_base ERROR_TABLE_BASE_ovk
+#endif
diff --git a/usr/src/lib/krb5/kadm5/kadm_rpc.h b/usr/src/lib/krb5/kadm5/kadm_rpc.h
index 54d5869fb4..9521c9f923 100644
--- a/usr/src/lib/krb5/kadm5/kadm_rpc.h
+++ b/usr/src/lib/krb5/kadm5/kadm_rpc.h
@@ -17,6 +17,8 @@
*
*/
+#ifndef __KADM_RPC_H__
+#define __KADM_RPC_H__
#include <rpc/types.h>
@@ -254,44 +256,99 @@ bool_t xdr_getprivs_ret();
#define KADM ((krb5_ui_4)2112)
#define KADMVERS ((krb5_ui_4)2)
#define CREATE_PRINCIPAL ((krb5_ui_4)1)
-extern generic_ret *create_principal_1();
+extern generic_ret *create_principal_1_svc(cprinc_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt);
+
#define DELETE_PRINCIPAL ((krb5_ui_4)2)
-extern generic_ret *delete_principal_1();
+extern generic_ret *delete_principal_1_svc(dprinc_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt);
+
#define MODIFY_PRINCIPAL ((krb5_ui_4)3)
-extern generic_ret *modify_principal_1();
+extern generic_ret *modify_principal_1_svc(mprinc_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt);
+
#define RENAME_PRINCIPAL ((krb5_ui_4)4)
-extern generic_ret *rename_principal_1();
+extern generic_ret *rename_principal_1_svc(rprinc_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt);
+
#define GET_PRINCIPAL ((krb5_ui_4)5)
-extern gprinc_ret *get_principal_1();
+extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp);
+extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt);
+
#define CHPASS_PRINCIPAL ((krb5_ui_4)6)
-extern generic_ret *chpass_principal_1();
+extern generic_ret *chpass_principal_1_svc(chpass_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt);
+
#define CHRAND_PRINCIPAL ((krb5_ui_4)7)
-extern chrand_ret *chrand_principal_1();
+extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg,
+ struct svc_req *rqstp);
+extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt);
+
#define CREATE_POLICY ((krb5_ui_4)8)
-extern generic_ret *create_policy_1();
+extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp);
+extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt);
+
#define DELETE_POLICY ((krb5_ui_4)9)
-extern generic_ret *delete_policy_1();
+extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp);
+extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt);
+
#define MODIFY_POLICY ((krb5_ui_4)10)
-extern generic_ret *modify_policy_1();
+extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp);
+extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt);
+
#define GET_POLICY ((krb5_ui_4)11)
-extern gpol_ret *get_policy_1();
+extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp);
+extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt);
+
#define GET_PRIVS ((krb5_ui_4)12)
-extern getprivs_ret *get_privs_1();
+extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
+extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt);
+
#define INIT ((krb5_ui_4)13)
+extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
extern generic_ret *init_1();
+
#define GET_PRINCS ((krb5_ui_4) 14)
-extern gprincs_ret *get_princs_1();
+extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp);
+extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt);
+
#define GET_POLS ((krb5_ui_4) 15)
-extern gpols_ret *get_pols_1();
+extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp);
+extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt);
+
#define SETKEY_PRINCIPAL ((krb5_ui_4) 16)
-extern generic_ret *setkey_principal_1();
+extern generic_ret *setkey_principal_1_svc(setkey_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt);
+
#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17)
-extern generic_ret *setv4key_principal_1();
+extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt);
+
#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18)
-extern generic_ret *create_principal3_1();
+extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt);
+
#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19)
-extern generic_ret *chpass_principal3_1();
+extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt);
+
#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20)
-extern chrand_ret *chrand_principal3_1();
+extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg,
+ struct svc_req *rqstp);
+extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt);
+
#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21)
-extern generic_ret *setkey_principal3_1();
+extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg,
+ struct svc_req *rqstp);
+extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt);
+
+#endif /* __KADM_RPC_H__ */
diff --git a/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c b/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c
index fef7da4749..d9d5697458 100644
--- a/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c
+++ b/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -52,7 +52,7 @@ bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp)
{
/* Assumes that krb5_ui_4 and u_int32 are both four bytes long.
This should not be a harmful assumption. */
- return xdr_u_int(xdrs, (rpc_u_int32 *) objp);
+ return xdr_u_int(xdrs, (uint32_t *) objp);
}
@@ -150,7 +150,7 @@ xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp)
/* This assumes that int32 and krb5_timestamp are the same size.
This shouldn't be a problem, since we've got a unit test which
checks for this. */
- if (!xdr_int(xdrs, (rpc_int32 *) objp)) {
+ if (!xdr_int(xdrs, (int32_t *) objp)) {
return (FALSE);
}
return (TRUE);
@@ -181,7 +181,7 @@ xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp)
/* This assumes that int32 and krb5_deltat are the same size.
This shouldn't be a problem, since we've got a unit test which
checks for this. */
- if (!xdr_int(xdrs, (rpc_int32 *) objp)) {
+ if (!xdr_int(xdrs, (int32_t *) objp)) {
return (FALSE);
}
return (TRUE);
@@ -193,7 +193,7 @@ xdr_krb5_flags(XDR *xdrs, krb5_flags *objp)
/* This assumes that int32 and krb5_flags are the same size.
This shouldn't be a problem, since we've got a unit test which
checks for this. */
- if (!xdr_int(xdrs, (rpc_int32 *) objp)) {
+ if (!xdr_int(xdrs, (int32_t *) objp)) {
return (FALSE);
}
return (TRUE);
@@ -202,7 +202,7 @@ xdr_krb5_flags(XDR *xdrs, krb5_flags *objp)
bool_t
xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp)
{
- if (!xdr_u_int(xdrs, (rpc_u_int32 *) objp)) {
+ if (!xdr_u_int(xdrs, (uint32_t *) objp)) {
return (FALSE);
}
return (TRUE);
@@ -223,6 +223,30 @@ xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
return(TRUE);
}
+/*
+ * Function: xdr_krb5_ui_2
+ *
+ * Purpose: XDR function which serves as a wrapper for xdr_u_int,
+ * to prevent compiler warnings about type clashes between u_int
+ * and krb5_ui_2.
+ */
+bool_t
+xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
+{
+ unsigned int tmp;
+
+ tmp = (unsigned int) *objp;
+
+ if (!xdr_u_int(xdrs, &tmp))
+ return(FALSE);
+
+ *objp = (krb5_ui_2) tmp;
+
+ return(TRUE);
+}
+
+
+
bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
{
/*
@@ -285,7 +309,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head)
{
krb5_tl_data *tl, *tl2;
bool_t more;
- uint len;
+ unsigned int len;
switch (xdrs->x_op) {
case XDR_FREE:
@@ -346,10 +370,10 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head)
bool_t
xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp)
{
- rpc_u_int32 tmp;
+ uint32_t tmp;
if (xdrs->x_op == XDR_ENCODE)
- tmp = (rpc_u_int32) *objp;
+ tmp = (uint32_t) *objp;
if (!xdr_u_int(xdrs, &tmp))
return (FALSE);
@@ -1021,7 +1045,7 @@ xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp)
bool_t
xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp)
{
- if (!xdr_int(xdrs, (rpc_int32 *) objp)) /* SUNWresync121 XXX */
+ if (!xdr_int(xdrs, (int32_t *) objp)) /* SUNWresync121 XXX */
return FALSE;
return TRUE;
}
diff --git a/usr/src/lib/krb5/kadm5/server_internal.h b/usr/src/lib/krb5/kadm5/server_internal.h
index 9f11e51d2d..e0c473f900 100644
--- a/usr/src/lib/krb5/kadm5/server_internal.h
+++ b/usr/src/lib/krb5/kadm5/server_internal.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -25,7 +25,7 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/server_internal.h,v 1.27 1996/10/21 20:29:58 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/server_internal.h,v 1.31 2001/07/08 12:24:56 epeisach Exp $
*/
/*
@@ -37,7 +37,9 @@
#ifndef __KADM5_SERVER_INTERNAL_H__
#define __KADM5_SERVER_INTERNAL_H__
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <stdlib.h>
#include "k5-int.h"
#include <krb5/kdb.h>
@@ -77,11 +79,21 @@ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle,
krb5_db_entry *kdb, osa_princ_ent_rec *adb);
krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle,
krb5_principal name);
+krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle,
+ void (*iter_fct)(void *, krb5_principal),
+ void *data);
int init_dict(kadm5_config_params *);
int find_word(const char *word);
void destroy_dict(void);
+/* XXX this ought to be in libkrb5.a, but isn't */
+kadm5_ret_t krb5_copy_key_data_contents(krb5_context context,
+ krb5_key_data *from,
+ krb5_key_data *to);
+kadm5_ret_t krb5_free_key_data_contents(krb5_context context,
+ krb5_key_data *key);
+
/*
* *Warning*
* *Warning* This is going to break if we
diff --git a/usr/src/lib/krb5/kadm5/srv/Makefile.com b/usr/src/lib/krb5/kadm5/srv/Makefile.com
index 20fde869e3..adc8b81255 100644
--- a/usr/src/lib/krb5/kadm5/srv/Makefile.com
+++ b/usr/src/lib/krb5/kadm5/srv/Makefile.com
@@ -86,7 +86,8 @@ CPPFLAGS += -I.. -I../.. -I../../.. \
-DENDRPCENT_TYPE=void -DHAVE_SYS_ERRLIST=1 -DNEED_SYS_ERRLIST=1 \
-DHAVE_SYSLOG_H=1 -DHAVE_OPENLOG=1 -DHAVE_SYSLOG=1 -DHAVE_CLOSELOG=1 \
-DHAVE_STEP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGCOMP=1 \
- -DHAVE_REGEXEC=1 -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1
+ -DHAVE_REGEXEC=1 -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 \
+ -DUSE_KADM5_API_VERSION=2
CFLAGS += $(CCVERBOSE) -I..
diff --git a/usr/src/lib/krb5/kadm5/srv/adb_free.c b/usr/src/lib/krb5/kadm5/srv/adb_free.c
index 1cef66e694..e9618da443 100644
--- a/usr/src/lib/krb5/kadm5/srv/adb_free.c
+++ b/usr/src/lib/krb5/kadm5/srv/adb_free.c
@@ -21,9 +21,13 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/adb_free.c,v 1.2 1996/10/18 19:45:49 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_free.c,v 1.3 2000/06/01 02:02:03 tritan Exp $
*
* $Log: adb_free.c,v $
+ * Revision 1.3 2000/06/01 02:02:03 tritan
+ * Check for existance of <memory.h>.
+ * (from Nathan Neulinger <nneul@umr.edu>)
+ *
* Revision 1.2 1996/10/18 19:45:49 bjaspan
* * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c:
* include stdlib.h instead of malloc.h [krb5-admin/35]
@@ -68,11 +72,13 @@
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/adb_free.c,v 1.2 1996/10/18 19:45:49 bjaspan Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_free.c,v 1.3 2000/06/01 02:02:03 tritan Exp $";
#endif
#include "adb.h"
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
#include <stdlib.h>
void
diff --git a/usr/src/lib/krb5/kadm5/srv/adb_openclose.c b/usr/src/lib/krb5/kadm5/srv/adb_openclose.c
index b3a0fedde2..8c1ad3862f 100644
--- a/usr/src/lib/krb5/kadm5/srv/adb_openclose.c
+++ b/usr/src/lib/krb5/kadm5/srv/adb_openclose.c
@@ -25,11 +25,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.4.2.1 2000/05/19 22:24:16 raeburn Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.8 2002/10/08 20:20:29 tlyu Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.4.2.1 2000/05/19 22:24:16 raeburn Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.8 2002/10/08 20:20:29 tlyu Exp $";
#endif
#include <sys/file.h>
@@ -50,15 +50,17 @@ osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
{
int lf;
DB *db;
- HASHINFO info;
+ BTREEINFO btinfo;
- memset(&info, 0, sizeof(info));
- info.hash = NULL;
- info.bsize = 256;
- info.ffactor = 8;
- info.nelem = 25000;
- info.lorder = 0;
- db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_HASH, &info);
+ memset(&btinfo, 0, sizeof(btinfo));
+ btinfo.flags = 0;
+ btinfo.cachesize = 0;
+ btinfo.psize = 4096;
+ btinfo.lorder = 0;
+ btinfo.minkeypage = 0;
+ btinfo.compare = NULL;
+ btinfo.prefix = NULL;
+ db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
if (db == NULL)
return errno;
if (db->close(db) < 0)
@@ -94,23 +96,23 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
ret != EEXIST)
return ret;
- if (ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic))
+ if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
return ret;
- if (ret = osa_adb_init_db(&todb, fileto, lockto, magic)) {
+ if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
(void) osa_adb_fini_db(fromdb, magic);
return ret;
}
- if (ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT)) {
+ if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
}
- if (ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT)) {
+ if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
}
- if (rename(filefrom, fileto) < 0) {
+ if ((rename(filefrom, fileto) < 0)) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return errno;
@@ -119,7 +121,7 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
* Do not release the lock on fromdb because it is being renamed
* out of existence; no one can ever use it again.
*/
- if (ret = osa_adb_release_lock(todb)) {
+ if ((ret = osa_adb_release_lock(todb))) {
(void) osa_adb_fini_db(fromdb, magic);
(void) osa_adb_fini_db(todb, magic);
return ret;
@@ -152,6 +154,13 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
db->info.nelem = 25000;
db->info.lorder = 0;
+ db->btinfo.flags = 0;
+ db->btinfo.cachesize = 0;
+ db->btinfo.psize = 4096;
+ db->btinfo.lorder = 0;
+ db->btinfo.minkeypage = 0;
+ db->btinfo.compare = NULL;
+ db->btinfo.prefix = NULL;
/*
* A process is allowed to open the same database multiple times
* and access it via different handles. If the handles use
@@ -201,7 +210,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
/* now initialize lockp->lockinfo if necessary */
if (lockp->lockinfo.lockfile == NULL) {
- if (code = krb5_init_context(&lockp->lockinfo.context)) {
+ if ((code = krb5_init_context(&lockp->lockinfo.context))) {
free(db);
return((osa_adb_ret_t) code);
}
@@ -229,6 +238,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
db->lock = &lockp->lockinfo;
db->lock->refcnt++;
+ db->opencnt = 0;
db->filename = strdup(filename);
db->magic = magic;
@@ -330,8 +340,6 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
if (perm) {
if (unlink(db->lock->filename) < 0) {
- int ret;
-
/* somehow we can't delete the file, but we already */
/* have the lock, so release it and return */
@@ -369,9 +377,9 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
0600);
if ((db->lock->lockfile = fdopen(fd, "w+F")) == NULL)
return OSA_ADB_NOLOCKFILE;
- } else if (ret = krb5_lock_file(db->lock->context,
+ } else if ((ret = krb5_lock_file(db->lock->context,
fileno(db->lock->lockfile),
- KRB5_LOCKMODE_UNLOCK))
+ KRB5_LOCKMODE_UNLOCK)))
return ret;
db->lock->lockmode = 0;
@@ -386,22 +394,36 @@ osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
ret = osa_adb_get_lock(db, locktype);
if (ret != OSA_ADB_OK)
return ret;
-
- db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
- if (db->db == NULL) {
+ if (db->opencnt)
+ goto open_ok;
+
+ db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
+ if (db->db != NULL)
+ goto open_ok;
+ switch (errno) {
+#ifdef EFTYPE
+ case EFTYPE:
+#endif
+ case EINVAL:
+ db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
+ if (db->db != NULL)
+ goto open_ok;
+ default:
(void) osa_adb_release_lock(db);
- if(errno == EINVAL)
+ if (errno == EINVAL)
return OSA_ADB_BAD_DB;
return errno;
}
+open_ok:
+ db->opencnt++;
return OSA_ADB_OK;
}
osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db)
{
- int ret;
-
- if(db->db->close(db->db) == -1) {
+ if (--db->opencnt)
+ return osa_adb_release_lock(db);
+ if(db->db != NULL && db->db->close(db->db) == -1) {
(void) osa_adb_release_lock(db);
return OSA_ADB_FAILURE;
}
@@ -410,4 +432,3 @@ osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db)
return(osa_adb_release_lock(db));
}
-
diff --git a/usr/src/lib/krb5/kadm5/srv/adb_policy.c b/usr/src/lib/krb5/kadm5/srv/adb_policy.c
index 16e464d106..460eb11621 100644
--- a/usr/src/lib/krb5/kadm5/srv/adb_policy.c
+++ b/usr/src/lib/krb5/kadm5/srv/adb_policy.c
@@ -21,11 +21,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.4 1996/10/18 19:45:50 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.4 1996/10/18 19:45:50 bjaspan Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $";
#endif
#include <sys/file.h>
@@ -33,28 +33,27 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v
#include "adb.h"
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
-extern int errno;
extern caddr_t xdralloc_getdata(XDR *xdrs);
extern void xdralloc_create(XDR *xdrs, enum xdr_op op);
-extern osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
- char *fileto, char *lockto, int magic);
+
#define OPENLOCK(db, mode) \
{ \
- int ret; \
+ int olret; \
if (db == NULL) \
return EINVAL; \
else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \
return OSA_ADB_DBINIT; \
- else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
- return ret; \
+ else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
+ return olret; \
}
#define CLOSELOCK(db) \
{ \
- int ret; \
- if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
- return ret; \
+ int cl_ret; \
+ if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
+ return cl_ret; \
}
osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params)
@@ -101,7 +100,7 @@ osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db)
*
* Arguments:
* entry (input) pointer to the entry to be added
- * <return value> OSA_ADB_OK on sucsess, else error code.
+ * <return value> OSA_ADB_OK on success, else error code.
*
* Requires:
* entry have a valid name.
@@ -176,7 +175,7 @@ error:
* Arguments:
* db (input) database handle
* name (input) name of policy
- * <return value> OSA_ADB_OK on sucsess, or error code.
+ * <return value> OSA_ADB_OK on success, or error code.
*
* Requires:
* db being valid.
@@ -234,7 +233,7 @@ error:
* db (input) db handle
* name (input) name of policy
* entry (output) policy entry
- * <return value> 0 on sucsess, error code on failure.
+ * <return value> 0 on success, error code on failure.
*
* Requires:
* Effects:
@@ -300,7 +299,7 @@ error:
* Arguments:
* db (input) db handle
* entry (input) policy entry
- * <return value> 0 on sucsess error code on failure.
+ * <return value> 0 on success error code on failure.
*
* Requires:
* [requires]
@@ -373,7 +372,7 @@ error:
* db (input) db handle
* func (input) fucntion pointer to call
* data opaque data type
- * <return value> 0 on sucsess error code on failure
+ * <return value> 0 on success error code on failure
*
* Requires:
* Effects:
diff --git a/usr/src/lib/krb5/kadm5/srv/adb_xdr.c b/usr/src/lib/krb5/kadm5/srv/adb_xdr.c
index 1f882fea51..2ab1b85b6d 100644
--- a/usr/src/lib/krb5/kadm5/srv/adb_xdr.c
+++ b/usr/src/lib/krb5/kadm5/srv/adb_xdr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,7 +26,7 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1.2 1998/02/14 02:31:34 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1.4 2001/07/25 19:03:35 epeisach Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
@@ -38,10 +38,9 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1.
#include <rpc/rpc.h> /* SUNWresync121 XXX */
#include "adb.h"
#include "admin_xdr.h"
+#ifdef HAVE_MEMORY_H
#include <memory.h>
-
-extern bool_t
-xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp);
+#endif
bool_t
xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
@@ -56,9 +55,10 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
return(FALSE);
if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
return(FALSE);
- if (!xdr_krb5_int16(xdrs, &objp->key_data_length[0]))
+ /* SUNW14resync */
+ if (!xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[0]))
return(FALSE);
- if (!xdr_krb5_int16(xdrs, &objp->key_data_length[1]))
+ if (!xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[1]))
return(FALSE);
tmp = (unsigned int) objp->key_data_length[0];
diff --git a/usr/src/lib/krb5/kadm5/srv/mapfile-vers b/usr/src/lib/krb5/kadm5/srv/mapfile-vers
index 074d6da1ce..4a92d4a409 100644
--- a/usr/src/lib/krb5/kadm5/srv/mapfile-vers
+++ b/usr/src/lib/krb5/kadm5/srv/mapfile-vers
@@ -36,19 +36,12 @@ SUNW_1.1 {
SUNWprivate_1.1 {
global:
- acl_check;
- acl_finish;
- acl_impose_restrictions;
- acl_init;
+ __kadm5_get_priv;
+ _kadm5_get_kpasswd_protocol;
adb_policy_close;
adb_policy_init;
destroy_dict;
find_word;
- free_history_entry;
- get_either_iter;
- get_pols_iter;
- get_princs_iter;
- glob_to_regexp;
handle_chpw;
hist_db;
hist_encblock;
@@ -59,7 +52,6 @@ SUNWprivate_1.1 {
kadm5_chpass_principal;
kadm5_chpass_principal_3;
kadm5_chpass_principal_util;
- kadm5_chpass_principal_v2;
kadm5_create_policy;
kadm5_create_policy_internal;
kadm5_create_principal;
@@ -76,20 +68,18 @@ SUNWprivate_1.1 {
kadm5_get_adm_host_srv_name;
kadm5_get_config_params;
kadm5_get_cpw_host_srv_name;
- kadm5_get_either;
kadm5_get_kiprop_host_srv_name;
- _kadm5_get_kpasswd_protocol;
kadm5_get_master;
kadm5_get_policies;
kadm5_get_policy;
kadm5_get_principal;
kadm5_get_principals;
- __kadm5_get_priv;
+ kadm5_get_privs;
kadm5_init;
kadm5_init_iprop;
kadm5_init_with_creds;
kadm5_init_with_password;
- kadm5_init_with_skey;
+ kadm5_lock;
kadm5_modify_policy;
kadm5_modify_policy_internal;
kadm5_modify_principal;
@@ -98,6 +88,11 @@ SUNWprivate_1.1 {
kadm5_rename_principal;
kadm5_setkey_principal;
kadm5_setkey_principal_3;
+ kadm5_unlock;
+ kadm5int_acl_check;
+ kadm5int_acl_finish;
+ kadm5int_acl_impose_restrictions;
+ kadm5int_acl_init;kadm5_init_with_skey;
kdb_delete_entry;
kdb_free_entry;
kdb_get_entry;
@@ -106,6 +101,7 @@ SUNWprivate_1.1 {
kdb_iter_entry;
kdb_put_entry;
krb5_aprof_finish;
+ krb5_aprof_get_boolean;
krb5_aprof_get_deltat;
krb5_aprof_get_int32;
krb5_aprof_get_string;
@@ -149,9 +145,6 @@ SUNWprivate_1.1 {
osa_free_policy_ent;
osa_free_princ_ent;
passwd_check;
- xdralloc_create;
- xdralloc_getdata;
- xdralloc_release;
xdr_chpass3_arg;
xdr_chpass_arg;
xdr_chrand3_arg;
@@ -180,14 +173,17 @@ SUNWprivate_1.1 {
xdr_krb5_enctype;
xdr_krb5_flags;
xdr_krb5_int16;
- xdr_krb5_keyblock;
xdr_krb5_key_data;
xdr_krb5_key_data_nocontents;
+ xdr_krb5_key_salt_tuple;
+ xdr_krb5_keyblock;
xdr_krb5_kvno;
xdr_krb5_octet;
xdr_krb5_principal;
+ xdr_krb5_salttype;
xdr_krb5_timestamp;
xdr_krb5_tl_data;
+ xdr_krb5_ui_2;
xdr_krb5_ui_4;
xdr_mpol_arg;
xdr_mprinc_arg;
@@ -200,6 +196,9 @@ SUNWprivate_1.1 {
xdr_setkey3_arg;
xdr_setkey_arg;
xdr_ui_4;
+ xdralloc_create;
+ xdralloc_getdata;
+ xdralloc_release;
local:
*;
};
diff --git a/usr/src/lib/krb5/kadm5/srv/server_acl.c b/usr/src/lib/krb5/kadm5/srv/server_acl.c
index fe31b9312d..df25e8ad65 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_acl.c
+++ b/usr/src/lib/krb5/kadm5/srv/server_acl.c
@@ -129,11 +129,11 @@ static const char *acl_catchall_entry = NULL;
/*
- * acl_get_line() - Get a line from the ACL file.
+ * kadm5int_acl_get_line() - Get a line from the ACL file.
* Lines ending with \ are continued on the next line
*/
static char *
-acl_get_line(fp, lnp)
+kadm5int_acl_get_line(fp, lnp)
FILE *fp;
int *lnp; /* caller should set to 1 before first call */
{
@@ -190,10 +190,10 @@ acl_get_line(fp, lnp)
}
/*
- * acl_parse_line() - Parse the contents of an ACL line.
+ * kadm5int_acl_parse_line() - Parse the contents of an ACL line.
*/
static aent_t *
-acl_parse_line(lp)
+kadm5int_acl_parse_line(lp)
const char *lp;
{
static char acle_principal[BUFSIZ];
@@ -205,7 +205,7 @@ acl_parse_line(lp)
int t, found, opok, nmatch;
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("* acl_parse_line(line=%20s)\n", lp));
+ ("* kadm5int_acl_parse_line(line=%20s)\n", lp));
/*
* Format is still simple:
* entry ::= [<whitespace>] <principal> <whitespace> <opstring>
@@ -229,7 +229,7 @@ acl_parse_line(lp)
for (op=acle_ops; *op; op++) {
char rop;
- rop = (isupper(*op)) ? tolower(*op) : *op;
+ rop = (isupper((int) *op)) ? tolower((int) *op) : *op;
found = 0;
for (t=0; acl_op_table[t].ao_op; t++) {
if (rop == acl_op_table[t].ao_op) {
@@ -272,7 +272,7 @@ acl_parse_line(lp)
char *trailing;
trailing = &acle_restrictions[strlen(acle_restrictions)-1];
- while ( isspace(*trailing) )
+ while ( isspace((int) *trailing) )
trailing--;
trailing[1] = '\0';
acle->ae_restriction_string = strdup(acle_restrictions);
@@ -285,12 +285,12 @@ acl_parse_line(lp)
}
}
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("X acl_parse_line() = %x\n", (long) acle));
+ ("X kadm5int_acl_parse_line() = %x\n", (long) acle));
return(acle);
}
/*
- * acl_parse_restrictions() - Parse optional restrictions field
+ * kadm5int_acl_parse_restrictions() - Parse optional restrictions field
*
* Allowed restrictions are:
* [+-]flagname (recognized by krb5_string_to_flags)
@@ -304,23 +304,22 @@ acl_parse_line(lp)
* Returns: 0 on success, or system errors
*/
static krb5_error_code
-acl_parse_restrictions(s, rpp)
+kadm5int_acl_parse_restrictions(s, rpp)
char *s;
restriction_t **rpp;
{
char *sp, *tp, *ap;
static const char *delims = "\t\n\f\v\r ,";
- krb5_error_code ret;
krb5_deltat dt;
krb5_flags flag;
krb5_error_code code;
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("* acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
+ ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
*rpp = (restriction_t *) NULL;
code = 0;
- if (s)
+ if (s) {
if (!(sp = strdup(s)) /* Don't munge the original */
|| !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) {
code = ENOMEM;
@@ -378,6 +377,7 @@ acl_parse_restrictions(s, rpp)
}
}
}
+ }
if (sp)
free(sp);
if (*rpp && code) {
@@ -387,19 +387,19 @@ acl_parse_restrictions(s, rpp)
*rpp = (restriction_t *) NULL;
}
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("X acl_parse_restrictions() = %d, mask=0x%08x\n",
+ ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n",
code, (*rpp) ? (*rpp)->mask : 0));
return code;
}
/*
- * acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp
+ * kadm5int_acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp
*
* Returns: 0 on success;
* malloc or timeofday errors
*/
krb5_error_code
-acl_impose_restrictions(kcontext, recp, maskp, rp)
+kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp)
krb5_context kcontext;
kadm5_principal_ent_rec *recp;
long *maskp;
@@ -409,7 +409,7 @@ acl_impose_restrictions(kcontext, recp, maskp, rp)
krb5_int32 now;
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("* acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
+ ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
*maskp, (long)rp));
if (!rp)
return 0;
@@ -462,20 +462,20 @@ acl_impose_restrictions(kcontext, recp, maskp, rp)
*maskp |= KADM5_MAX_RLIFE;
}
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("X acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
+ ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
return 0;
}
/*
- * acl_free_entries() - Free all ACL entries.
+ * kadm5int_acl_free_entries() - Free all ACL entries.
*/
static void
-acl_free_entries()
+kadm5int_acl_free_entries()
{
aent_t *ap;
aent_t *np;
- DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_free_entries()\n"));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n"));
for (ap=acl_list_head; ap; ap = np) {
if (ap->ae_name)
free(ap->ae_name);
@@ -497,14 +497,14 @@ acl_free_entries()
}
acl_list_head = acl_list_tail = (aent_t *) NULL;
acl_inited = 0;
- DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_free_entries()\n"));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_free_entries()\n"));
}
/*
- * acl_load_acl_file() - Open and parse the ACL file.
+ * kadm5int_acl_load_acl_file() - Open and parse the ACL file.
*/
static int
-acl_load_acl_file()
+kadm5int_acl_load_acl_file()
{
FILE *afp;
char *alinep;
@@ -512,16 +512,17 @@ acl_load_acl_file()
int alineno;
int retval = 1;
- DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n"));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n"));
/* Open the ACL file for read */
- if (afp = fopen(acl_acl_file, "rF")) {
+ afp = fopen(acl_acl_file, "rF");
+ if (afp) {
alineno = 1;
aentpp = &acl_list_head;
/* Get a non-comment line */
- while (alinep = acl_get_line(afp, &alineno)) {
+ while ((alinep = kadm5int_acl_get_line(afp, &alineno))) {
/* Parse it */
- *aentpp = acl_parse_line(alinep);
+ *aentpp = kadm5int_acl_parse_line(alinep);
/* If syntax error, then fall out */
if (!*aentpp) {
krb5_klog_syslog(LOG_ERR, ACL_SYN_ERR_MSG,
@@ -536,7 +537,8 @@ acl_load_acl_file()
fclose(afp);
if (acl_catchall_entry) {
- if (*aentpp = acl_parse_line(acl_catchall_entry)) {
+ *aentpp = kadm5int_acl_parse_line(acl_catchall_entry);
+ if (*aentpp) {
acl_list_tail = *aentpp;
}
else {
@@ -551,7 +553,7 @@ acl_load_acl_file()
krb5_klog_syslog(LOG_ERR, ACL_CANTOPEN_MSG,
error_message(errno), acl_acl_file);
if (acl_catchall_entry &&
- (acl_list_head = acl_parse_line((char *)acl_catchall_entry))) {
+ (acl_list_head = kadm5int_acl_parse_line((char *)acl_catchall_entry))) {
acl_list_tail = acl_list_head;
}
else {
@@ -563,20 +565,20 @@ acl_load_acl_file()
}
if (!retval) {
- acl_free_entries();
+ kadm5int_acl_free_entries();
}
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("X acl_load_acl_file() = %d\n", retval));
+ ("X kadm5int_acl_load_acl_file() = %d\n", retval));
return(retval);
}
/*
- * acl_match_data() - See if two data entries match.
+ * kadm5int_acl_match_data() - See if two data entries match.
*
* Wildcarding is only supported for a whole component.
*/
static krb5_boolean
-acl_match_data(e1, e2, targetflag, ws)
+kadm5int_acl_match_data(e1, e2, targetflag, ws)
krb5_data *e1, *e2;
int targetflag;
wildstate_t *ws;
@@ -591,7 +593,7 @@ acl_match_data(e1, e2, targetflag, ws)
if (ws && !targetflag) {
if (ws->nwild >= 9) {
DPRINT(DEBUG_ACL, acl_debug_level,
- ("Too many wildcards in ACL entry %s\n", e1->data));
+ ("Too many wildcards in ACL entry %s\n", e1->data));
}
else
ws->backref[ws->nwild++] = e2;
@@ -602,7 +604,7 @@ acl_match_data(e1, e2, targetflag, ws)
int n = e1->data[1] - '1';
if (n >= ws->nwild) {
DPRINT(DEBUG_ACL, acl_debug_level,
- ("Too many backrefs in ACL entry %s\n", e1->data));
+ ("Too many backrefs in ACL entry %s\n", e1->data));
}
else if ((ws->backref[n]->length == e2->length) &&
(!strncmp(ws->backref[n]->data, e2->data, e2->length)))
@@ -619,10 +621,10 @@ acl_match_data(e1, e2, targetflag, ws)
}
/*
- * acl_find_entry() - Find a matching entry.
+ * kadm5int_acl_find_entry() - Find a matching entry.
*/
static aent_t *
-acl_find_entry(kcontext, principal, dest_princ)
+kadm5int_acl_find_entry(kcontext, principal, dest_princ)
krb5_context kcontext;
krb5_principal principal;
krb5_principal dest_princ;
@@ -633,7 +635,7 @@ acl_find_entry(kcontext, principal, dest_princ)
int matchgood;
wildstate_t state;
- DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_find_entry()\n"));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n"));
memset((char *)&state, 0, sizeof state);
for (entry=acl_list_head; entry; entry = entry->ae_next) {
if (entry->ae_name_bad)
@@ -656,12 +658,12 @@ acl_find_entry(kcontext, principal, dest_princ)
continue;
}
matchgood = 0;
- if (acl_match_data(&entry->ae_principal->realm,
+ if (kadm5int_acl_match_data(&entry->ae_principal->realm,
&principal->realm, 0, (wildstate_t *)0) &&
(entry->ae_principal->length == principal->length)) {
matchgood = 1;
for (i=0; i<principal->length; i++) {
- if (!acl_match_data(&entry->ae_principal->data[i],
+ if (!kadm5int_acl_match_data(&entry->ae_principal->data[i],
&principal->data[i], 0, &state)) {
matchgood = 0;
break;
@@ -673,46 +675,44 @@ acl_find_entry(kcontext, principal, dest_princ)
continue;
/* We've matched the principal. If we have a target, then try it */
- if (entry->ae_target) {
- if (!strcmp(entry->ae_target, "*"))
- break;
+ if (entry->ae_target && strcmp(entry->ae_target, "*")) {
if (!entry->ae_target_princ && !entry->ae_target_bad) {
kret = krb5_parse_name(kcontext, entry->ae_target,
&entry->ae_target_princ);
if (kret)
entry->ae_target_bad = 1;
}
- }
- if (entry->ae_target_bad) {
- DPRINT(DEBUG_ACL, acl_debug_level,
- ("Bad target in ACL entry for %s\n", entry->ae_name));
- entry->ae_name_bad = 1;
- continue;
- }
- if (entry->ae_target && !dest_princ)
- matchgood = 0;
- else if (entry->ae_target && entry->ae_target_princ && dest_princ) {
- if (acl_match_data(&entry->ae_target_princ->realm,
- &dest_princ->realm, 1, (wildstate_t *)0) &&
- (entry->ae_target_princ->length == dest_princ->length)) {
- for (i=0; i<dest_princ->length; i++) {
- if (!acl_match_data(&entry->ae_target_princ->data[i],
- &dest_princ->data[i], 1, &state)) {
- matchgood = 0;
- break;
+ if (entry->ae_target_bad) {
+ DPRINT(DEBUG_ACL, acl_debug_level,
+ ("Bad target in ACL entry for %s\n", entry->ae_name));
+ entry->ae_name_bad = 1;
+ continue;
+ }
+ if (!dest_princ)
+ matchgood = 0;
+ else if (entry->ae_target_princ && dest_princ) {
+ if (kadm5int_acl_match_data(&entry->ae_target_princ->realm,
+ &dest_princ->realm, 1, (wildstate_t *)0) &&
+ (entry->ae_target_princ->length == dest_princ->length)) {
+ for (i=0; i<dest_princ->length; i++) {
+ if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i],
+ &dest_princ->data[i], 1, &state)) {
+ matchgood = 0;
+ break;
+ }
}
- }
+ }
+ else
+ matchgood = 0;
}
- else
- matchgood = 0;
- }
+ }
if (!matchgood)
continue;
if (entry->ae_restriction_string
&& !entry->ae_restriction_bad
&& !entry->ae_restrictions
- && acl_parse_restrictions(entry->ae_restriction_string,
+ && kadm5int_acl_parse_restrictions(entry->ae_restriction_string,
&entry->ae_restrictions)) {
DPRINT(DEBUG_ACL, acl_debug_level,
("Bad restrictions in ACL entry for %s\n", entry->ae_name));
@@ -724,15 +724,15 @@ acl_find_entry(kcontext, principal, dest_princ)
}
break;
}
- DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_find_entry()=%x\n",entry));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry));
return(entry);
}
/*
- * acl_init() - Initialize ACL context.
+ * kadm5int_acl_init() - Initialize ACL context.
*/
krb5_error_code
-acl_init(kcontext, debug_level, acl_file)
+kadm5int_acl_init(kcontext, debug_level, acl_file)
krb5_context kcontext;
int debug_level;
char *acl_file;
@@ -742,30 +742,30 @@ acl_init(kcontext, debug_level, acl_file)
kret = 0;
acl_debug_level = debug_level;
DPRINT(DEBUG_CALLS, acl_debug_level,
- ("* acl_init(afile=%s)\n",
+ ("* kadm5int_acl_init(afile=%s)\n",
((acl_file) ? acl_file : "(null)")));
acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL;
- acl_inited = acl_load_acl_file();
+ acl_inited = kadm5int_acl_load_acl_file();
- DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_init() = %d\n", kret));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_init() = %d\n", kret));
return(kret);
}
/*
- * acl_finish - Terminate ACL context.
+ * kadm5int_acl_finish - Terminate ACL context.
*/
void
-acl_finish(kcontext, debug_level)
+kadm5int_acl_finish(kcontext, debug_level)
krb5_context kcontext;
int debug_level;
{
- DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_finish()\n"));
- acl_free_entries();
- DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_finish()\n"));
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n"));
+ kadm5int_acl_free_entries();
+ DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_finish()\n"));
}
/*
- * acl_check() - Is this operation permitted for this principal?
+ * kadm5int_acl_check() - Is this operation permitted for this principal?
* this code used not to be based on gssapi. In order
* to minimize porting hassles, I've put all the
* gssapi hair in this function. This might not be
@@ -773,7 +773,7 @@ acl_finish(kcontext, debug_level)
* solution is, of course, a real authorization service.)
*/
krb5_boolean
-acl_check(kcontext, caller, opmask, principal, restrictions)
+kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions)
krb5_context kcontext;
gss_name_t caller;
krb5_int32 opmask;
@@ -806,7 +806,9 @@ acl_check(kcontext, caller, opmask, principal, restrictions)
return(code);
retval = 0;
- if (aentry = acl_find_entry(kcontext, caller_princ, principal)) {
+
+ aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal);
+ if (aentry) {
if ((aentry->ae_op_allowed & opmask) == opmask) {
retval = 1;
if (restrictions) {
@@ -828,8 +830,6 @@ acl_check(kcontext, caller, opmask, principal, restrictions)
kadm5_ret_t
kadm5_get_privs(void *server_handle, long *privs)
{
- kadm5_server_handle_t handle = server_handle;
-
CHECK_HANDLE(server_handle);
/* this is impossible to do with the current interface. For now,
@@ -869,7 +869,7 @@ __kadm5_get_priv(void *server_handle, long *privs, gss_name_t client)
if (k_error)
return(retval);
- if (aentry = acl_find_entry(handle->context, caller_principal,
+ if (aentry = kadm5int_acl_find_entry(handle->context, caller_principal,
(krb5_principal)NULL))
*privs = aentry->ae_op_allowed;
krb5_free_principal(handle->context, caller_principal);
diff --git a/usr/src/lib/krb5/kadm5/srv/server_acl.h b/usr/src/lib/krb5/kadm5/srv/server_acl.h
index 756c3d7b4a..ffe618c82c 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_acl.h
+++ b/usr/src/lib/krb5/kadm5/srv/server_acl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -118,20 +118,20 @@ typedef struct _restriction {
char *policy;
} restriction_t;
-krb5_error_code acl_init
+krb5_error_code kadm5int_acl_init
(krb5_context,
int,
char *);
-void acl_finish
+void kadm5int_acl_finish
(krb5_context,
int);
-krb5_boolean acl_check
+krb5_boolean kadm5int_acl_check
(krb5_context,
gss_name_t,
krb5_int32,
krb5_principal,
restriction_t **);
-krb5_error_code acl_impose_restrictions
+krb5_error_code kadm5int_acl_impose_restrictions
(krb5_context,
kadm5_principal_ent_rec *,
long *,
diff --git a/usr/src/lib/krb5/kadm5/srv/server_dict.c b/usr/src/lib/krb5/kadm5/srv/server_dict.c
index f823502d4e..f79262da8c 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_dict.c
+++ b/usr/src/lib/krb5/kadm5/srv/server_dict.c
@@ -21,11 +21,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/server_dict.c,v 1.2 1996/10/18 19:45:52 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_dict.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/server_dict.c,v 1.2 1996/10/18 19:45:52 bjaspan Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_dict.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $";
#endif
#include <sys/types.h>
@@ -33,19 +33,23 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo
#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <errno.h>
#include <kadm5/admin.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_MEMORY_H
#include <memory.h>
+#endif
+#include "adm_proto.h"
#include <syslog.h>
#include <libintl.h>
#include "server_internal.h"
static char **word_list = NULL; /* list of word pointers */
static char *word_block = NULL; /* actual word data */
-static int word_count = 0; /* number of words */
-extern int errno;
+static unsigned int word_count = 0; /* number of words */
+
/*
* Function: word_compare
@@ -65,7 +69,7 @@ extern int errno;
static int
word_compare(const void *s1, const void *s2)
{
- return (strcasecmp(*(char **)s1, *(char **)s2));
+ return (strcasecmp(*(const char **)s1, *(const char **)s2));
}
/*
@@ -75,7 +79,7 @@ word_compare(const void *s1, const void *s2)
*
* Arguments:
* none
- * <return value> KADM5_OK on sucsess errno on failure;
+ * <return value> KADM5_OK on success errno on failure;
* (but success on ENOENT)
*
* Requires:
@@ -106,7 +110,7 @@ int init_dict(kadm5_config_params *params)
if(word_list != NULL && word_block != NULL)
return KADM5_OK;
if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
- syslog(LOG_INFO,
+ krb5_klog_syslog(LOG_INFO,
dgettext(TEXT_DOMAIN,
"No dictionary file specified, continuing "
"without one."));
@@ -114,7 +118,7 @@ int init_dict(kadm5_config_params *params)
}
if ((fd = open(params->dict_file, O_RDONLY)) == -1) {
if (errno == ENOENT) {
- syslog(LOG_ERR,
+ krb5_klog_syslog(LOG_ERR,
dgettext(TEXT_DOMAIN,
"WARNING! Cannot find dictionary file %s, "
"continuing without one."), params->dict_file);
diff --git a/usr/src/lib/krb5/kadm5/srv/server_init.c b/usr/src/lib/krb5/kadm5/srv/server_init.c
index 7d2ee2a540..7f32ba7f79 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_init.c
+++ b/usr/src/lib/krb5/kadm5/srv/server_init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,12 +26,12 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
*
- * $Id: server_init.c,v 1.5 1997/10/13 15:03:13 epeisach Exp $
+ * $Id: server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $
* $Source: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.5 1997/10/13 15:03:13 epeisach Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $";
#endif
#include <stdio.h>
@@ -138,7 +138,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
return ENOMEM;
memset(handle, 0, sizeof(*handle));
- if (ret = (int) krb5_init_context(&(handle->context))) {
+ ret = (int) krb5_init_context(&(handle->context));
+ if (ret) {
free(handle);
return(ret);
}
@@ -178,11 +179,10 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
return KADM5_BAD_SERVER_PARAMS;
}
- if (ret = kadm5_get_config_params(handle->context,
- (char *) NULL,
- (char *) NULL,
- params_in,
- &handle->params)) {
+ ret = kadm5_get_config_params(handle->context, (char *) NULL,
+ (char *) NULL, params_in,
+ &handle->params);
+ if (ret) {
krb5_free_context(handle->context);
free(handle);
return(ret);
@@ -195,23 +195,26 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
KADM5_CONFIG_FLAGS | \
KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES)
+
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
krb5_free_context(handle->context);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
}
- /*
- * Set the db_name based on configuration before calling
- * krb5_db_init, so it will get used.
- */
- if (ret = krb5_db_set_name(handle->context,
- handle->params.dbname)) {
+ /*
+ * Set the db_name based on configuration before calling
+ * krb5_db_init, so it will get used.
+ */
+
+ ret = krb5_db_set_name(handle->context, handle->params.dbname);
+ if (ret) {
free(handle);
return(ret);
}
- if (ret = krb5_db_init(handle->context)) {
+ ret = krb5_db_init(handle->context);
+ if (ret) {
krb5_free_context(handle->context);
free(handle);
return(ret);
@@ -225,69 +228,73 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
return ret;
}
- if (! (handle->lhandle = malloc(sizeof(*handle)))) {
- krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
- free(handle);
- return ENOMEM;
- }
- *handle->lhandle = *handle;
- handle->lhandle->api_version = KADM5_API_VERSION_2;
- handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
- handle->lhandle->lhandle = handle->lhandle;
-
- /* can't check the handle until current_caller is set */
- if (ret = check_handle((void *) handle)) {
- free(handle);
- return ret;
- }
-
- /*
- * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
- * or an empty string, reads the master password from [the stash
- * file]. Otherwise, the non-NULL password is ignored and the
- * user is prompted for it via the tty." However, the code was
- * implemented the other way: when a non-NULL password was
- * provided, the stash file was used. This is somewhat more
- * sensible, as then a local or remote client that provides a
- * password does not prompt the user. This code maintains the
- * previous actual behavior, and not the old spec behavior,
- * because that is how the unit tests are written.
- *
- * In KADM5_API_VERSION_2, this decision is controlled by
- * params.
- *
- * kdb_init_master's third argument is "from_keyboard".
- */
- if (ret = kdb_init_master(handle, handle->params.realm,
- (handle->api_version == KADM5_API_VERSION_1 ?
- ((pass == NULL) || !(strlen(pass))) :
- ((handle->params.mask &
- KADM5_CONFIG_MKEY_FROM_KBD) &&
- handle->params.mkey_from_kbd))
- )) {
+ if (! (handle->lhandle = malloc(sizeof(*handle)))) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
free(handle);
- return ret;
+ return ENOMEM;
}
-
- if ((ret = kdb_init_hist(handle, handle->params.realm))) {
+ *handle->lhandle = *handle;
+ handle->lhandle->api_version = KADM5_API_VERSION_2;
+ handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+ handle->lhandle->lhandle = handle->lhandle;
+
+ /* can't check the handle until current_caller is set */
+ ret = check_handle((void *) handle);
+ if (ret) {
+ free(handle);
+ return ret;
+ }
+
+ /*
+ * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
+ * or an empty string, reads the master password from [the stash
+ * file]. Otherwise, the non-NULL password is ignored and the
+ * user is prompted for it via the tty." However, the code was
+ * implemented the other way: when a non-NULL password was
+ * provided, the stash file was used. This is somewhat more
+ * sensible, as then a local or remote client that provides a
+ * password does not prompt the user. This code maintains the
+ * previous actual behavior, and not the old spec behavior,
+ * because that is how the unit tests are written.
+ *
+ * In KADM5_API_VERSION_2, this decision is controlled by
+ * params.
+ *
+ * kdb_init_master's third argument is "from_keyboard".
+ */
+ ret = kdb_init_master(handle, handle->params.realm,
+ (handle->api_version == KADM5_API_VERSION_1 ?
+ ((pass == NULL) || !(strlen(pass))) :
+ ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+ && handle->params.mkey_from_kbd)
+ ));
+ if (ret) {
+ krb5_db_fini(handle->context);
+ krb5_free_context(handle->context);
+ free(handle);
+ return ret;
+ }
+
+ ret = kdb_init_hist(handle, handle->params.realm);
+ if (ret) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
free(handle);
return ret;
}
- if (ret = init_dict(&handle->params)) {
- krb5_db_fini(handle->context);
+ ret = init_dict(&handle->params);
+ if (ret) {
+ krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
krb5_free_context(handle->context);
free(handle);
return ret;
}
- if (ret = adb_policy_init(handle)) {
+ ret = adb_policy_init(handle);
+ if (ret) {
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
krb5_free_context(handle->context);
@@ -321,6 +328,38 @@ kadm5_ret_t kadm5_destroy(void *server_handle)
return KADM5_OK;
}
+kadm5_ret_t kadm5_lock(void *server_handle)
+{
+ kadm5_server_handle_t handle = server_handle;
+ kadm5_ret_t ret;
+
+ CHECK_HANDLE(server_handle);
+ ret = osa_adb_open_and_lock(handle->policy_db, OSA_ADB_EXCLUSIVE);
+ if (ret)
+ return ret;
+ ret = krb5_db_lock(handle->context, KRB5_LOCKMODE_EXCLUSIVE);
+ if (ret)
+ return ret;
+
+ return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_unlock(void *server_handle)
+{
+ kadm5_server_handle_t handle = server_handle;
+ kadm5_ret_t ret;
+
+ CHECK_HANDLE(server_handle);
+ ret = osa_adb_close_and_unlock(handle->policy_db);
+ if (ret)
+ return ret;
+ ret = krb5_db_unlock(handle->context);
+ if (ret)
+ return ret;
+
+ return KADM5_OK;
+}
+
kadm5_ret_t kadm5_flush(void *server_handle)
{
kadm5_server_handle_t handle = server_handle;
diff --git a/usr/src/lib/krb5/kadm5/srv/server_kdb.c b/usr/src/lib/krb5/kadm5/srv/server_kdb.c
index 431d718ed1..0beac7d875 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_kdb.c
+++ b/usr/src/lib/krb5/kadm5/srv/server_kdb.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -25,11 +25,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.2 1998/10/30 02:54:39 marc Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.4 2003/06/13 22:30:59 tlyu Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.2 1998/10/30 02:54:39 marc Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.4 2003/06/13 22:30:59 tlyu Exp $";
#endif
#include <stdio.h>
@@ -59,7 +59,10 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
{
int ret = 0;
char *realm;
- krb5_keyblock tmk;
+ krb5_boolean from_kbd = FALSE;
+
+ if (from_keyboard)
+ from_kbd = TRUE;
if (r == NULL) {
if ((ret = krb5_get_default_realm(handle->context, &realm)))
@@ -73,14 +76,15 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
realm, NULL, &master_princ)))
goto done;
- if (ret = krb5_db_fetch_mkey(handle->context, master_princ,
- handle->params.enctype,
- from_keyboard,
- FALSE /* only prompt once */,
- handle->params.stash_file,
- NULL /* I'm not sure about this,
- but it's what the kdc does --marc */,
- &handle->master_keyblock))
+
+ ret = krb5_db_fetch_mkey(handle->context, master_princ,
+ handle->params.enctype, from_kbd,
+ FALSE /* only prompt once */,
+ handle->params.stash_file,
+ NULL /* I'm not sure about this,
+ but it's what the kdc does --marc */,
+ &handle->master_keyblock);
+ if (ret)
goto done;
if ((ret = krb5_db_init(handle->context)) != KSUCCESS)
@@ -171,11 +175,10 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
ks[0].ks_enctype = handle->params.enctype;
ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
ret = kadm5_create_principal_3(handle, &ent,
- (KADM5_PRINCIPAL |
- KADM5_MAX_LIFE |
- KADM5_ATTRIBUTES),
+ (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+ KADM5_ATTRIBUTES),
1, ks,
- "to-be-random");
+ "to-be-random");
if (ret)
goto done;
@@ -200,12 +203,12 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
}
ret = krb5_dbe_find_enctype(handle->context, &hist_db,
- handle->params.enctype, -1, -1, &key_data);
+ handle->params.enctype, -1, -1, &key_data);
if (ret)
goto done;
ret = krb5_dbekd_decrypt_key_data(handle->context,
- &handle->master_keyblock, key_data, &hist_key, NULL);
+ &handle->master_keyblock, key_data, &hist_key, NULL);
if (ret)
goto done;
@@ -247,8 +250,9 @@ kdb_get_entry(kadm5_server_handle_t handle,
krb5_tl_data tl_data;
XDR xdrs;
- if (ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
- &more))
+ ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
+ &more);
+ if (ret)
return(ret);
if (more) {
@@ -357,11 +361,13 @@ kdb_put_entry(kadm5_server_handle_t handle,
krb5_tl_data tl_data;
int one;
- if (ret = krb5_timeofday(handle->context, &now))
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
return(ret);
- if (ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
- handle->current_caller))
+ ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
+ handle->current_caller);
+ if (ret)
return(ret);
xdralloc_create(&xdrs, XDR_ENCODE);
@@ -382,7 +388,8 @@ kdb_put_entry(kadm5_server_handle_t handle,
one = 1;
- if (ret = krb5_db_put_principal(handle->context, kdb, &one))
+ ret = krb5_db_put_principal(handle->context, kdb, &one);
+ if (ret)
return(ret);
return(0);
@@ -424,9 +431,11 @@ kdb_iter_entry(kadm5_server_handle_t handle,
id.func = iter_fct;
id.data = data;
- if (ret = krb5_db_iterate(handle->context, kdb_iter_func, &id))
+ ret = krb5_db_iterate(handle->context, kdb_iter_func, &id);
+ if (ret)
return(ret);
return(0);
}
+
diff --git a/usr/src/lib/krb5/kadm5/srv/server_misc.c b/usr/src/lib/krb5/kadm5/srv/server_misc.c
index 8ec8658c32..b2283e973b 100644
--- a/usr/src/lib/krb5/kadm5/srv/server_misc.c
+++ b/usr/src/lib/krb5/kadm5/srv/server_misc.c
@@ -21,11 +21,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.2 1997/08/07 00:23:11 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.2 1997/08/07 00:23:11 tlyu Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $";
#endif
#include "k5-int.h"
@@ -61,6 +61,7 @@ adb_policy_close(kadm5_server_handle_t handle)
return KADM5_OK;
}
+#ifdef HESIOD
/* stolen from v4sever/kadm_funcs.c */
static char *
reverse(str)
@@ -81,7 +82,9 @@ reverse(str)
return(newstr);
}
+#endif /* HESIOD */
+#if 0
static int
lower(str)
char *str;
@@ -97,7 +100,9 @@ lower(str)
}
return(effect);
}
+#endif
+#ifdef HESIOD
static int
str_check_gecos(gecos, pwstr)
char *gecos;
@@ -130,6 +135,7 @@ str_check_gecos(gecos, pwstr)
}
return 0;
}
+#endif /* HESIOD */
/* some of this is stolen from gatekeeper ... */
kadm5_ret_t
@@ -153,17 +159,17 @@ passwd_check(kadm5_server_handle_t handle,
return KADM5_PASS_Q_TOOSHORT;
s = password;
while ((c = *s++)) {
- if (islower(c)) {
+ if (islower((int) c)) {
nlower = 1;
continue;
}
- else if (isupper(c)) {
+ else if (isupper((int) c)) {
nupper = 1;
continue;
- } else if (isdigit(c)) {
+ } else if (isdigit((int) c)) {
ndigit = 1;
continue;
- } else if (ispunct(c)) {
+ } else if (ispunct((int) c)) {
npunct = 1;
continue;
} else {
@@ -176,13 +182,12 @@ passwd_check(kadm5_server_handle_t handle,
if((find_word(password) == KADM5_OK))
return KADM5_PASS_Q_DICT;
else {
- char *cp;
- int c, n = krb5_princ_size(handle->context, principal);
+ int i, n = krb5_princ_size(handle->context, principal);
cp = krb5_princ_realm(handle->context, principal)->data;
if (strcasecmp(cp, password) == 0)
return KADM5_PASS_Q_DICT;
- for (c = 0; c < n ; c++) {
- cp = krb5_princ_component(handle->context, principal, c)->data;
+ for (i = 0; i < n ; i++) {
+ cp = krb5_princ_component(handle->context, principal, i)->data;
if (strcasecmp(cp, password) == 0)
return KADM5_PASS_Q_DICT;
#ifdef HESIOD
diff --git a/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c b/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c
index c8ea05e655..e010d27f68 100644
--- a/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c
+++ b/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -31,7 +31,7 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len)
+ unsigned int msg_len)
{
kadm5_server_handle_t handle = server_handle;
diff --git a/usr/src/lib/krb5/kadm5/srv/svr_iters.c b/usr/src/lib/krb5/kadm5/srv/svr_iters.c
index 075ed7a0db..a20db95242 100644
--- a/usr/src/lib/krb5/kadm5/srv/svr_iters.c
+++ b/usr/src/lib/krb5/kadm5/srv/svr_iters.c
@@ -21,11 +21,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v 1.2 1996/11/07 21:43:14 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_iters.c,v 1.6 2003/01/12 18:17:02 epeisach Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v 1.2 1996/11/07 21:43:14 bjaspan Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_iters.c,v 1.6 2003/01/12 18:17:02 epeisach Exp $";
#endif
#if defined(HAVE_COMPILE) && defined(HAVE_STEP)
@@ -42,7 +42,6 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo
#include <string.h>
#include <kadm5/admin.h>
#include "adb.h"
-#include <dyn/dyn.h>
#ifdef SOLARIS_REGEXPS
#include <regexpr.h>
#endif
@@ -59,7 +58,9 @@ kdb_iter_entry(kadm5_server_handle_t handle,
struct iter_data {
krb5_context context;
- DynObject matches;
+ char **names;
+ int n_names, sz_names;
+ unsigned int malloc_failed;
char *exp;
#ifdef SOLARIS_REGEXPS
char *expbuf;
@@ -96,7 +97,7 @@ struct iter_data {
* other characters are copied
* regexp is anchored with ^ and $
*/
-kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
+static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
{
int append_realm;
char *p;
@@ -151,26 +152,38 @@ kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
return KADM5_OK;
}
-void get_either_iter(struct iter_data *data, char *name)
+static void get_either_iter(struct iter_data *data, char *name)
{
- if (
+ int match;
#ifdef SOLARIS_REGEXPS
- (step(name, data->expbuf) != 0)
+ match = (step(name, data->expbuf) != 0);
#endif
#ifdef POSIX_REGEXPS
- (regexec(&data->preg, name, 0, NULL, 0) == 0)
+ match = (regexec(&data->preg, name, 0, NULL, 0) == 0);
#endif
#ifdef BSD_REGEXPS
- (re_exec(name) != 0)
+ match = (re_exec(name) != 0);
#endif
- )
- {
- (void) DynAdd(data->matches, &name);
+ if (match) {
+ if (data->n_names == data->sz_names) {
+ int new_sz = data->sz_names * 2;
+ char **new_names = realloc(data->names,
+ new_sz * sizeof(char *));
+ if (new_names) {
+ data->names = new_names;
+ data->sz_names = new_sz;
+ } else {
+ data->malloc_failed = 1;
+ free(name);
+ return;
+ }
+ }
+ data->names[data->n_names++] = name;
} else
free(name);
}
-void get_pols_iter(void *data, osa_policy_ent_t entry)
+static void get_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
@@ -179,7 +192,7 @@ void get_pols_iter(void *data, osa_policy_ent_t entry)
get_either_iter(data, name);
}
-void get_princs_iter(void *data, krb5_principal princ)
+static void get_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
@@ -189,15 +202,18 @@ void get_princs_iter(void *data, krb5_principal princ)
get_either_iter(data, name);
}
-kadm5_ret_t kadm5_get_either(int princ,
+static kadm5_ret_t kadm5_get_either(int princ,
void *server_handle,
char *exp,
char ***princs,
int *count)
{
struct iter_data data;
- char *msg, *regexp;
- int ret;
+#ifdef BSD_REGEXPS
+ char *msg;
+#endif
+ char *regexp;
+ int i, ret;
kadm5_server_handle_t handle = server_handle;
*count = 0;
@@ -227,7 +243,11 @@ kadm5_ret_t kadm5_get_either(int princ,
return EINVAL;
}
- if ((data.matches = DynCreate(sizeof(char *), -4)) == NULL) {
+ data.n_names = 0;
+ data.sz_names = 10;
+ data.malloc_failed = 0;
+ data.names = malloc(sizeof(char *) * data.sz_names);
+ if (data.names == NULL) {
free(regexp);
return ENOMEM;
}
@@ -239,16 +259,21 @@ kadm5_ret_t kadm5_get_either(int princ,
ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data);
}
+ free(regexp);
+#ifdef POSIX_REGEXPS
+ regfree(&data.preg);
+#endif
+ if (ret == OSA_ADB_OK && data.malloc_failed)
+ ret = ENOMEM;
if (ret != OSA_ADB_OK) {
- free(regexp);
- DynDestroy(data.matches);
+ for (i = 0; i < data.n_names; i++)
+ free(data.names[i]);
+ free(data.names);
return ret;
}
- (*princs) = (char **) DynArray(data.matches);
- *count = DynSize(data.matches);
- DynRelease(data.matches);
- free(regexp);
+ *princs = data.names;
+ *count = data.n_names;
return KADM5_OK;
}
diff --git a/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c b/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c
index fa3b7e58a6..a552c4e2b4 100644
--- a/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c
+++ b/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c
@@ -21,12 +21,12 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $
*
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $";
#endif
#include <kadm5/admin.h>
#include <stdlib.h>
diff --git a/usr/src/lib/krb5/kadm5/srv/svr_policy.c b/usr/src/lib/krb5/kadm5/srv/svr_policy.c
index b651f4b40d..de1abc1c9b 100644
--- a/usr/src/lib/krb5/kadm5/srv/svr_policy.c
+++ b/usr/src/lib/krb5/kadm5/srv/svr_policy.c
@@ -21,11 +21,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_policy.c,v 1.1 1996/07/24 22:23:36 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_policy.c,v 1.1 1996/07/24 22:23:36 tlyu Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $";
#endif
#include <sys/types.h>
@@ -49,7 +49,7 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo
* entry (input) The policy entry to be written out to the DB.
* mask (input) Specifies which fields in entry are to ge written out
* and which get default values.
- * <return value> 0 if sucsessfull otherwise an error code is returned.
+ * <return value> 0 if successful otherwise an error code is returned.
*
* Requires:
* Entry must be a valid principal entry, and mask have a valid value.
@@ -82,14 +82,14 @@ kadm5_create_policy(void *server_handle,
* entry (input) The policy entry to be written out to the DB.
* mask (input) Specifies which fields in entry are to ge written out
* and which get default values.
- * <return value> 0 if sucsessfull otherwise an error code is returned.
+ * <return value> 0 if successful otherwise an error code is returned.
*
* Requires:
* Entry must be a valid principal entry, and mask have a valid value.
*
* Effects:
* Writes the data to the database, and does a database sync if
- * sucsessfull.
+ * successful.
*
*/
diff --git a/usr/src/lib/krb5/kadm5/srv/svr_principal.c b/usr/src/lib/krb5/kadm5/srv/svr_principal.c
index 92e498808d..19f3946f73 100644
--- a/usr/src/lib/krb5/kadm5/srv/svr_principal.c
+++ b/usr/src/lib/krb5/kadm5/srv/svr_principal.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -26,11 +26,11 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.19 2000/02/27 22:18:16 tlyu Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.30.8.1 2004/12/20 21:16:20 tlyu Exp $
*/
#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.19 2000/02/27 22:18:16 tlyu Exp $";
+static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.30.8.1 2004/12/20 21:16:20 tlyu Exp $";
#endif
#include <sys/types.h>
@@ -44,6 +44,9 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.
#include "server_internal.h"
#include <stdarg.h>
#include <stdlib.h>
+#ifdef USE_PASSWORD_SERVER
+#include <sys/wait.h>
+#endif
extern krb5_principal master_princ;
extern krb5_principal hist_princ;
@@ -56,8 +59,8 @@ extern kadm5_ret_t
krb5_free_key_data_contents(krb5_context context, krb5_key_data *key);
static int decrypt_key_data(krb5_context context,
- krb5_keyblock *, int n_key_data, krb5_key_data *key_data,
- krb5_keyblock **keyblocks, int *n_keys);
+ krb5_keyblock *, int n_key_data, krb5_key_data *key_data,
+ krb5_keyblock **keyblocks, int *n_keys);
/*
* XXX Functions that ought to be in libkrb5.a, but aren't.
@@ -135,8 +138,9 @@ kadm5_create_principal(void *server_handle,
* Default to using the new API with the default set of
* key/salt combinations.
*/
- return (kadm5_create_principal_3(server_handle, entry, mask,
- 0, NULL, password));
+ return
+ kadm5_create_principal_3(server_handle, entry, mask,
+ 0, NULL, password);
}
kadm5_ret_t
kadm5_create_principal_3(void *server_handle,
@@ -200,8 +204,8 @@ kadm5_create_principal_3(void *server_handle,
return ret;
}
}
- if (ret = passwd_check(handle, password, (mask & KADM5_POLICY),
- &polent, entry->principal)) {
+ if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY),
+ &polent, entry->principal))) {
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
return ret;
@@ -211,10 +215,10 @@ kadm5_create_principal_3(void *server_handle,
* "defaults" for fields that were not specified by the
* mask.
*/
- if (ret = krb5_timeofday(handle->context, &now)) {
- if (mask & KADM5_POLICY)
- (void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return ret;
+ if ((ret = krb5_timeofday(handle->context, &now))) {
+ if (mask & KADM5_POLICY)
+ (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+ return ret;
}
kdb.magic = KRB5_KDB_MAGIC_NUMBER;
@@ -229,7 +233,7 @@ kadm5_create_principal_3(void *server_handle,
kdb.attributes = handle->params.flags;
kdb.attributes |= entry->attributes;
} else {
- kdb.attributes = handle->params.flags;
+ kdb.attributes = handle->params.flags;
}
if ((mask & KADM5_MAX_LIFE))
@@ -265,28 +269,28 @@ kadm5_create_principal_3(void *server_handle,
to free the entire kdb entry, and that will try to free the
principal. */
- if (ret = krb5_copy_principal(handle->context,
- entry->principal, &(kdb.princ))) {
+ if ((ret = krb5_copy_principal(handle->context,
+ entry->principal, &(kdb.princ)))) {
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
return(ret);
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) {
- krb5_dbe_free_contents(handle->context, &kdb);
- if (mask & KADM5_POLICY)
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
+ krb5_dbe_free_contents(handle->context, &kdb);
+ if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
- return(ret);
+ return(ret);
}
/* initialize the keys */
- if (ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
- n_ks_tuple?ks_tuple:handle->params.keysalts,
- n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
- password,
- (mask & KADM5_KVNO)?entry->kvno:1,
- FALSE, &kdb)) {
+ if ((ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
+ n_ks_tuple?ks_tuple:handle->params.keysalts,
+ n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+ password,
+ (mask & KADM5_KVNO)?entry->kvno:1,
+ FALSE, &kdb))) {
krb5_dbe_free_contents(handle->context, &kdb);
if (mask & KADM5_POLICY)
(void) kadm5_free_policy_ent(handle->lhandle, &polent);
@@ -383,7 +387,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
if (principal == NULL)
return EINVAL;
- if (ret = kdb_get_entry(handle, principal, &kdb, &adb))
+ if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
if ((adb.aux_attributes & KADM5_POLICY)) {
@@ -399,9 +403,9 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
return(ret);
}
}
- if (ret = kadm5_free_policy_ent(handle->lhandle, &polent)) {
- kdb_free_entry(handle, &kdb, &adb);
- return ret;
+ if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
+ kdb_free_entry(handle, &kdb, &adb);
+ return ret;
}
}
@@ -420,7 +424,7 @@ kadm5_modify_principal(void *server_handle,
kadm5_policy_ent_rec npol, opol;
int have_npol = 0, have_opol = 0;
krb5_db_entry kdb;
- krb5_tl_data *tl_data_orig, *tl_data_tail;
+ krb5_tl_data *tl_data_orig;
osa_princ_ent_rec adb;
kadm5_server_handle_t handle = server_handle;
@@ -447,7 +451,8 @@ kadm5_modify_principal(void *server_handle,
}
}
- if (ret = kdb_get_entry(handle, entry->principal, &kdb, &adb))
+ ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
+ if (ret)
return(ret);
/*
@@ -488,6 +493,7 @@ kadm5_modify_principal(void *server_handle,
break;
default:
goto done;
+ break;
}
npol.policy_refcnt++;
}
@@ -501,12 +507,13 @@ kadm5_modify_principal(void *server_handle,
/* set pw_max_life based on new policy */
if (npol.pw_max_life) {
- if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
- &(kdb.pw_expiration)))
- goto done;
- kdb.pw_expiration += npol.pw_max_life;
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
+ &(kdb.pw_expiration));
+ if (ret)
+ goto done;
+ kdb.pw_expiration += npol.pw_max_life;
} else {
- kdb.pw_expiration = 0;
+ kdb.pw_expiration = 0;
}
}
@@ -519,6 +526,7 @@ kadm5_modify_principal(void *server_handle,
case KADM5_UNK_POLICY:
ret = KADM5_BAD_DB;
goto done;
+ break;
case KADM5_OK:
have_opol = 1;
if (adb.policy)
@@ -530,6 +538,7 @@ kadm5_modify_principal(void *server_handle,
break;
default:
goto done;
+ break;
}
}
@@ -644,7 +653,8 @@ kadm5_rename_principal(void *server_handle,
}
krb5_free_principal(handle->context, kdb.princ);
- if (ret = krb5_copy_principal(handle->context, target, &kdb.princ)) {
+ ret = krb5_copy_principal(handle->context, target, &kdb.princ);
+ if (ret) {
kdb.princ = NULL; /* so freeing the dbe doesn't lose */
goto done;
}
@@ -730,17 +740,19 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
/* this is a little non-sensical because the function returns two */
/* values that must be checked separately against the mask */
if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
- if (ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
- &(entry->mod_date),
- &(entry->mod_name))) {
- goto done;
- }
- if (! (mask & KADM5_MOD_TIME))
- entry->mod_date = 0;
- if (! (mask & KADM5_MOD_NAME)) {
- krb5_free_principal(handle->context, entry->principal);
- entry->principal = NULL;
- }
+ ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
+ &(entry->mod_date),
+ &(entry->mod_name));
+ if (ret) {
+ goto done;
+ }
+
+ if (! (mask & KADM5_MOD_TIME))
+ entry->mod_date = 0;
+ if (! (mask & KADM5_MOD_NAME)) {
+ krb5_free_principal(handle->context, entry->principal);
+ entry->principal = NULL;
+ }
}
if (mask & KADM5_ATTRIBUTES)
@@ -771,7 +783,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
if (mask & KADM5_FAIL_AUTH_COUNT)
entry->fail_auth_count = kdb.fail_auth_count;
if (mask & KADM5_TL_DATA) {
- krb5_tl_data td, *tl, *tl2;
+ krb5_tl_data *tl, *tl2;
entry->tl_data = NULL;
@@ -803,9 +815,10 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
entry->key_data = NULL;
for (i = 0; i < entry->n_key_data; i++)
- if (ret = krb5_copy_key_data_contents(handle->context,
- &kdb.key_data[i],
- &entry->key_data[i]))
+ ret = krb5_copy_key_data_contents(handle->context,
+ &kdb.key_data[i],
+ &entry->key_data[i]);
+ if (ret)
goto done;
}
}
@@ -883,37 +896,38 @@ check_pw_reuse(krb5_context context,
krb5_keyblock *master_keyblock,
krb5_keyblock *hist_keyblock,
int n_new_key_data, krb5_key_data *new_key_data,
- int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
+ unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
{
int x, y, z;
krb5_keyblock newkey, histkey;
krb5_error_code ret;
for (x = 0; x < n_new_key_data; x++) {
- if (ret = krb5_dbekd_decrypt_key_data(context,
- master_keyblock,
- &(new_key_data[x]),
- &newkey, NULL))
+ ret = krb5_dbekd_decrypt_key_data(context,
+ master_keyblock,
+ &(new_key_data[x]),
+ &newkey, NULL);
+ if (ret)
return(ret);
for (y = 0; y < n_pw_hist_data; y++) {
for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
- if (ret =
- krb5_dbekd_decrypt_key_data(context,
- hist_keyblock,
- &pw_hist_data[y].key_data[z],
- &histkey, NULL))
- return(ret);
-
- if ((newkey.length == histkey.length) &&
- (newkey.enctype == histkey.enctype) &&
- (memcmp(newkey.contents, histkey.contents,
- histkey.length) == 0)) {
- krb5_free_keyblock_contents(context, &histkey);
- krb5_free_keyblock_contents(context, &newkey);
-
- return(KADM5_PASS_REUSE);
- }
- krb5_free_keyblock_contents(context, &histkey);
+ ret = krb5_dbekd_decrypt_key_data(context,
+ hist_keyblock,
+ &pw_hist_data[y].key_data[z],
+ &histkey, NULL);
+ if (ret)
+ return(ret);
+
+ if ((newkey.length == histkey.length) &&
+ (newkey.enctype == histkey.enctype) &&
+ (memcmp(newkey.contents, histkey.contents,
+ histkey.length) == 0)) {
+ krb5_free_keyblock_contents(context, &histkey);
+ krb5_free_keyblock_contents(context, &newkey);
+
+ return(KADM5_PASS_REUSE);
+ }
+ krb5_free_keyblock_contents(context, &histkey);
}
}
krb5_free_keyblock_contents(context, &newkey);
@@ -958,25 +972,29 @@ int create_history_entry(krb5_context context,
memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
for (i = 0; i < n_key_data; i++) {
- if (ret = krb5_dbekd_decrypt_key_data(context,
- master_keyblock,
- &key_data[i],
- &key, &salt))
- return ret;
- if (ret = krb5_dbekd_encrypt_key_data(context,
- &hist_key,
- &key, &salt,
- key_data[i].key_data_kvno,
- &hist->key_data[i]))
- return ret;
- krb5_free_keyblock_contents(context, &key);
- /* krb5_free_keysalt(context, &salt); */
+ ret = krb5_dbekd_decrypt_key_data(context,
+ master_keyblock,
+ &key_data[i],
+ &key, &salt);
+ if (ret)
+ return ret;
+
+ ret = krb5_dbekd_encrypt_key_data(context, &hist_key,
+ &key, &salt,
+ key_data[i].key_data_kvno,
+ &hist->key_data[i]);
+ if (ret)
+ return ret;
+
+ krb5_free_keyblock_contents(context, &key);
+ /* krb5_free_keysalt(context, &salt); */
}
hist->n_key_data = n_key_data;
return 0;
}
+static
void free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
{
int i;
@@ -1013,14 +1031,13 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
* adb->old_key_len).
*/
#define KADM_MOD(x) (x + adb->old_key_next) % adb->old_key_len
-static kadm5_ret_t add_to_history(
- krb5_context context,
- osa_princ_ent_t adb,
- kadm5_policy_ent_t pol,
- osa_pw_hist_ent *pw)
+static kadm5_ret_t add_to_history(krb5_context context,
+ osa_princ_ent_t adb,
+ kadm5_policy_ent_t pol,
+ osa_pw_hist_ent *pw)
{
- osa_pw_hist_ent *histp;
- int i;
+ osa_pw_hist_ent *histp;
+ int i;
/* A history of 1 means just check the current password */
if (pol->pw_history_num == 1)
@@ -1120,8 +1137,9 @@ kadm5_chpass_principal(void *server_handle,
* Default to using the new API with the default set of
* key/salt combinations.
*/
- return (kadm5_chpass_principal_3(server_handle, principal, FALSE,
- 0, NULL, password));
+ return
+ kadm5_chpass_principal_3(server_handle, principal, FALSE,
+ 0, NULL, password);
}
kadm5_ret_t
@@ -1134,7 +1152,7 @@ kadm5_chpass_principal_3(void *server_handle,
kadm5_policy_ent_rec pol;
osa_princ_ent_rec adb;
krb5_db_entry kdb, kdb_save;
- int ret, ret2, last_pwd, i, hist_added;
+ int ret, ret2, last_pwd, hist_added;
int have_pol = 0;
kadm5_server_handle_t handle = server_handle;
osa_pw_hist_ent hist;
@@ -1169,24 +1187,27 @@ kadm5_chpass_principal_3(void *server_handle,
KADM5_POLICY, &pol, principal)))
goto done;
- if (ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
- n_ks_tuple?ks_tuple:handle->params.keysalts,
- n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
- password, 0 /* increment kvno */,
- keepold, &kdb))
+ ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
+ n_ks_tuple?ks_tuple:handle->params.keysalts,
+ n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+ password, 0 /* increment kvno */,
+ keepold, &kdb);
+ if (ret)
goto done;
kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
- if (ret = krb5_timeofday(handle->context, &now))
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
goto done;
if ((adb.aux_attributes & KADM5_POLICY)) {
/* the policy was loaded before */
- if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd))
- goto done;
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+ &kdb, &last_pwd);
+ if (ret)
+ goto done;
#if 0
/*
@@ -1202,17 +1223,19 @@ kadm5_chpass_principal_3(void *server_handle,
}
#endif
- if (ret = create_history_entry(handle->context,
- &handle->master_keyblock, kdb_save.n_key_data,
- kdb_save.key_data, &hist))
- goto done;
+ ret = create_history_entry(handle->context,
+ &handle->master_keyblock, kdb_save.n_key_data,
+ kdb_save.key_data, &hist);
+ if (ret)
+ goto done;
- if (ret = check_pw_reuse(handle->context,
- &handle->master_keyblock,
- &hist_key,
- kdb.n_key_data, kdb.key_data,
- 1, &hist))
- goto done;
+ ret = check_pw_reuse(handle->context,
+ &handle->master_keyblock,
+ &hist_key,
+ kdb.n_key_data, kdb.key_data,
+ 1, &hist);
+ if (ret)
+ goto done;
if (pol.pw_history_num > 1) {
if (adb.admin_history_kvno != hist_kvno) {
@@ -1220,15 +1243,17 @@ kadm5_chpass_principal_3(void *server_handle,
goto done;
}
- if (ret = check_pw_reuse(handle->context,
+ ret = check_pw_reuse(handle->context,
&handle->master_keyblock,
&hist_key,
- kdb.n_key_data, kdb.key_data,
- adb.old_key_len, adb.old_keys))
+ kdb.n_key_data, kdb.key_data,
+ adb.old_key_len, adb.old_keys);
+ if (ret)
goto done;
- if (ret = add_to_history(handle->context, &adb, &pol, &hist))
- goto done;
+ ret = add_to_history(handle->context, &adb, &pol, &hist);
+ if (ret)
+ goto done;
hist_added = 1;
}
@@ -1240,7 +1265,8 @@ kadm5_chpass_principal_3(void *server_handle,
kdb.pw_expiration = 0;
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
+ ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
+ if (ret)
goto done;
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
@@ -1318,16 +1344,18 @@ kadm5_randkey_principal_3(void *server_handle,
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
return(ret);
- if (ret = krb5_dbe_crk(handle->context, &handle->master_keyblock,
- n_ks_tuple?ks_tuple:handle->params.keysalts,
- n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
- keepold,
- &kdb))
- goto done;
+ ret = krb5_dbe_crk(handle->context, &handle->master_keyblock,
+ n_ks_tuple?ks_tuple:handle->params.keysalts,
+ n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+ keepold,
+ &kdb);
+ if (ret)
+ goto done;
kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
- if (ret = krb5_timeofday(handle->context, &now))
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
goto done;
if ((adb.aux_attributes & KADM5_POLICY)) {
@@ -1336,8 +1364,9 @@ kadm5_randkey_principal_3(void *server_handle,
goto done;
have_pol = 1;
- if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
- &kdb, &last_pwd))
+ ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+ &kdb, &last_pwd);
+ if (ret)
goto done;
#if 0
@@ -1360,11 +1389,12 @@ kadm5_randkey_principal_3(void *server_handle,
goto done;
}
- if (ret = check_pw_reuse(handle->context,
- &handle->master_keyblock,
- &hist_key,
- kdb.n_key_data, kdb.key_data,
- adb.old_key_len, adb.old_keys))
+ ret = check_pw_reuse(handle->context,
+ &handle->master_keyblock,
+ &hist_key,
+ kdb.n_key_data, kdb.key_data,
+ adb.old_key_len, adb.old_keys);
+ if (ret)
goto done;
}
if (pol.pw_max_life)
@@ -1375,28 +1405,31 @@ kadm5_randkey_principal_3(void *server_handle,
kdb.pw_expiration = 0;
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
+ ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
+ if (ret)
goto done;
if (keyblocks) {
if (handle->api_version == KADM5_API_VERSION_1) {
/* Version 1 clients will expect to see a DES_CRC enctype. */
- if (ret = krb5_dbe_find_enctype(handle->context, &kdb,
- ENCTYPE_DES_CBC_CRC,
- -1, -1, &key_data))
- goto done;
-
- if (ret = decrypt_key_data(handle->context,
+ ret = krb5_dbe_find_enctype(handle->context, &kdb,
+ ENCTYPE_DES_CBC_CRC,
+ -1, -1, &key_data);
+ if (ret)
+ goto done;
+
+ ret = decrypt_key_data(handle->context,
&handle->master_keyblock, 1, key_data,
- keyblocks, NULL))
- goto done;
+ keyblocks, NULL);
+ if (ret)
+ goto done;
} else {
- ret = decrypt_key_data(handle->context,
- &handle->master_keyblock,
- kdb.n_key_data, kdb.key_data,
- keyblocks, n_keys);
- if (ret)
- goto done;
+ ret = decrypt_key_data(handle->context,
+ &handle->master_keyblock,
+ kdb.n_key_data, kdb.key_data,
+ keyblocks, n_keys);
+ if (ret)
+ goto done;
}
}
@@ -1418,8 +1451,10 @@ kadm5_setkey_principal(void *server_handle,
krb5_keyblock *keyblocks,
int n_keys)
{
- return (kadm5_setkey_principal_3(server_handle, principal,
- FALSE, 0, NULL, keyblocks, n_keys));
+ return
+ kadm5_setkey_principal_3(server_handle, principal,
+ FALSE, 0, NULL,
+ keyblocks, n_keys);
}
kadm5_ret_t
@@ -1452,21 +1487,22 @@ kadm5_setkey_principal_3(void *server_handle,
for (i = 0; i < n_keys; i++) {
for (j = i+1; j < n_keys; j++) {
- if (ret = krb5_c_enctype_compare(handle->context,
- keyblocks[i].enctype,
- keyblocks[j].enctype,
- &similar))
+ if ((ret = krb5_c_enctype_compare(handle->context,
+ keyblocks[i].enctype,
+ keyblocks[j].enctype,
+ &similar)))
return(ret);
- if (similar)
+ if (similar) {
if (n_ks_tuple) {
if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
return KADM5_SETKEY_DUP_ENCTYPES;
} else
return KADM5_SETKEY_DUP_ENCTYPES;
+ }
}
}
- if (n_ks_tuple != n_keys)
+ if (n_ks_tuple && n_ks_tuple != n_keys)
return KADM5_SETKEY3_ETYPE_MISMATCH;
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
@@ -1526,7 +1562,7 @@ kadm5_setkey_principal_3(void *server_handle,
/* assert(kdb.n_key_data == n_keys + n_old_keys) */
kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
- if (ret = krb5_timeofday(handle->context, &now))
+ if ((ret = krb5_timeofday(handle->context, &now)))
goto done;
if ((adb.aux_attributes & KADM5_POLICY)) {
@@ -1578,8 +1614,8 @@ kadm5_setkey_principal_3(void *server_handle,
kdb.pw_expiration = 0;
}
- if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
- goto done;
+ if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
+ goto done;
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
@@ -1600,9 +1636,9 @@ done:
* number of keys decrypted.
*/
static int decrypt_key_data(krb5_context context,
- krb5_keyblock *master_keyblock,
- int n_key_data, krb5_key_data *key_data,
- krb5_keyblock **keyblocks, int *n_keys)
+ krb5_keyblock *master_keyblock,
+ int n_key_data, krb5_key_data *key_data,
+ krb5_keyblock **keyblocks, int *n_keys)
{
krb5_keyblock *keys;
int ret, i;
@@ -1613,8 +1649,11 @@ static int decrypt_key_data(krb5_context context,
memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
for (i = 0; i < n_key_data; i++) {
- if (ret = krb5_dbekd_decrypt_key_data(context,
- master_keyblock, &key_data[i], &keys[i], NULL)) {
+ ret = krb5_dbekd_decrypt_key_data(context,
+ master_keyblock,
+ &key_data[i],
+ &keys[i], NULL);
+ if (ret) {
memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
free(keys);
@@ -1678,13 +1717,13 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
/* find_enctype only uses these two fields */
dbent.n_key_data = entry->n_key_data;
dbent.key_data = entry->key_data;
- if (ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
- stype, kvno, &key_data))
+ if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
+ stype, kvno, &key_data)))
return ret;
- if (ret = krb5_dbekd_decrypt_key_data(handle->context,
- &handle->master_keyblock, key_data,
- keyblock, keysalt))
+ if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
+ &handle->master_keyblock, key_data,
+ keyblock, keysalt)))
return ret;
if (kvnop)
diff --git a/usr/src/lib/krb5/kadm5/str_conv.c b/usr/src/lib/krb5/kadm5/str_conv.c
index 9e81c46194..62cb897d49 100644
--- a/usr/src/lib/krb5/kadm5/str_conv.c
+++ b/usr/src/lib/krb5/kadm5/str_conv.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -68,6 +68,7 @@
#include "k5-int.h"
#include "admin_internal.h"
+#include "adm_proto.h"
/*
* Local data structures.
@@ -359,8 +360,9 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp)
len = (size_t) *nksaltp;
/* Get new keysalt array */
- if (*ksaltp = (krb5_key_salt_tuple *)
- malloc((len + 1) * sizeof(krb5_key_salt_tuple))) {
+ *ksaltp = (krb5_key_salt_tuple *)
+ malloc((len + 1) * sizeof(krb5_key_salt_tuple));
+ if (*ksaltp) {
/* Copy old keysalt if appropriate */
if (savep) {
@@ -420,8 +422,7 @@ krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
krb5_key_salt_tuple *ksaltlist;
krb5_int32 nksalt;
krb5_boolean ignoresalt;
- krb5_error_code (*iterator) (krb5_key_salt_tuple *,
- krb5_pointer);
+ krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer);
krb5_pointer arg;
{
int i;
@@ -436,7 +437,8 @@ krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
i,
scratch.ks_enctype,
scratch.ks_salttype)) {
- if (kret = (*iterator)(&scratch, arg))
+ kret = (*iterator)(&scratch, arg);
+ if (kret)
break;
}
}
diff --git a/usr/src/lib/krb5/kdb/Makefile.com b/usr/src/lib/krb5/kdb/Makefile.com
index f3c1efd3be..ca2b92c533 100644
--- a/usr/src/lib/krb5/kdb/Makefile.com
+++ b/usr/src/lib/krb5/kdb/Makefile.com
@@ -76,7 +76,7 @@ POFILES = generic.po
# override liblink
INS.liblink= -$(RM) $@; $(SYMLINK) $(LIBLINKS)$(VERS) $@
-CPPFLAGS += -DHAVE_CONFIG_H \
+CPPFLAGS += -DHAVE_CONFIG_H -DHAVE_BT_RSEQ \
-I$(KRB5IPROPDIR) \
-I$(SRC)/lib/krb5 \
-I$(SRC)/lib/gss_mechs/mech_krb5/include \
diff --git a/usr/src/lib/krb5/kdb/encrypt_key.c b/usr/src/lib/krb5/kdb/encrypt_key.c
index a3b86e70f6..0e855b4f5b 100644
--- a/usr/src/lib/krb5/kdb/encrypt_key.c
+++ b/usr/src/lib/krb5/kdb/encrypt_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -78,7 +78,6 @@ krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data)
krb5_key_data * key_data;
{
krb5_error_code retval;
- krb5_keyblock tmp;
krb5_octet * ptr;
size_t len;
int i;
@@ -129,7 +128,7 @@ krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data)
if (keysalt->type > 0) {
key_data->key_data_ver++;
key_data->key_data_type[1] = keysalt->type;
- if (key_data->key_data_length[1] = keysalt->data.length) {
+ if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
key_data->key_data_contents[1] =
(krb5_octet *)malloc(keysalt->data.length);
if (key_data->key_data_contents[1] == NULL) {
diff --git a/usr/src/lib/krb5/kdb/fetch_mkey.c b/usr/src/lib/krb5/kdb/fetch_mkey.c
index 8a34949597..26ebdda318 100644
--- a/usr/src/lib/krb5/kdb/fetch_mkey.c
+++ b/usr/src/lib/krb5/kdb/fetch_mkey.c
@@ -174,18 +174,20 @@ krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile,
retval = KRB5_KDB_CANTREAD_STORED;
goto errout;
}
- if (!key->length || key->length < 0) {
+ if (!key->length || ((int) key->length) < 0) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
}
+
if (!(key->contents = (krb5_octet *)malloc(key->length))) {
retval = ENOMEM;
goto errout;
}
if (fread((krb5_pointer) key->contents,
- sizeof(key->contents[0]), key->length, kf) != key->length) {
+ sizeof(key->contents[0]), key->length, kf)
+ != key->length) {
retval = KRB5_KDB_CANTREAD_STORED;
- memset(key->contents, 0, key->length);
+ memset(key->contents, 0, key->length);
free(key->contents);
key->contents = 0;
} else
diff --git a/usr/src/lib/krb5/kdb/kdb_cpw.c b/usr/src/lib/krb5/kdb/kdb_cpw.c
index dbfa37c58a..ca51291ede 100644
--- a/usr/src/lib/krb5/kdb/kdb_cpw.c
+++ b/usr/src/lib/krb5/kdb/kdb_cpw.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -86,6 +86,9 @@ cleanup_key_data(context, count, data)
{
int i, j;
+ /* If data is NULL, count is always 0 */
+ if (data == NULL) return;
+
for (i = 0; i < count; i++) {
for (j = 0; j < data[i].key_data_ver; j++) {
if (data[i].key_data_length[j]) {
@@ -108,7 +111,6 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
krb5_principal krbtgt_princ;
krb5_keyblock key;
krb5_db_entry krbtgt_entry;
- krb5_key_data * krbtgt_kdata;
krb5_boolean more;
int max_kvno, one, i, j;
krb5_error_code retval;
@@ -168,7 +170,7 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
if (similar)
continue;
- if (retval = krb5_dbe_create_key_data(context, db_entry))
+ if ((retval = krb5_dbe_create_key_data(context, db_entry)))
goto add_key_rnd_err;
/* there used to be code here to extract the old key, and derive
@@ -282,8 +284,8 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry)
/* increment the kvno */
kvno++;
- if (retval = add_key_rnd(context, master_key, ks_tuple,
- ks_tuple_count, db_entry, kvno)) {
+ if ((retval = add_key_rnd(context, master_key, ks_tuple,
+ ks_tuple_count, db_entry, kvno))) {
cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
db_entry->n_key_data = key_data_count;
db_entry->key_data = key_data;
@@ -291,7 +293,7 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry)
/* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */
for (i = 0; i < key_data_count; i++) {
if (key_data[i].key_data_kvno == (kvno - 1)) {
- if (retval = krb5_dbe_create_key_data(context, db_entry)) {
+ if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
cleanup_key_data(context, db_entry->n_key_data,
db_entry->key_data);
break;
@@ -325,10 +327,10 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
krb5_keysalt key_salt;
krb5_keyblock key;
krb5_data pwd;
- krb5_boolean found;
int i, j;
retval = 0;
+
for (i = 0; i < ks_tuple_count; i++) {
krb5_boolean similar;
@@ -354,15 +356,15 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
if (j < i)
continue;
- if (retval = krb5_dbe_create_key_data(context, db_entry))
+ if ((retval = krb5_dbe_create_key_data(context, db_entry)))
return(retval);
/* Convert password string to key using appropriate salt */
switch (key_salt.type = ks_tuple[i].ks_salttype) {
case KRB5_KDB_SALTTYPE_ONLYREALM: {
krb5_data * saltdata;
- if (retval = krb5_copy_data(context, krb5_princ_realm(context,
- db_entry->princ), &saltdata))
+ if ((retval = krb5_copy_data(context, krb5_princ_realm(context,
+ db_entry->princ), &saltdata)))
return(retval);
key_salt.data = *saltdata;
@@ -370,13 +372,13 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
}
break;
case KRB5_KDB_SALTTYPE_NOREALM:
- if (retval=krb5_principal2salt_norealm(context, db_entry->princ,
- &key_salt.data))
+ if ((retval=krb5_principal2salt_norealm(context, db_entry->princ,
+ &key_salt.data)))
return(retval);
break;
case KRB5_KDB_SALTTYPE_NORMAL:
- if (retval = krb5_principal2salt(context, db_entry->princ,
- &key_salt.data))
+ if ((retval = krb5_principal2salt(context, db_entry->princ,
+ &key_salt.data)))
return(retval);
break;
case KRB5_KDB_SALTTYPE_V4:
@@ -391,19 +393,20 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
return(retval);
key_salt.data = *saltdata;
- key_salt.data.length = -1; /*length actually used below...*/
+ key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/
krb5_xfree(saltdata);
#else
/* Why do we do this? Well, the afs_mit_string_to_key needs to
use strlen, and the realm is not NULL terminated.... */
- int slen = (*krb5_princ_realm(context,db_entry->princ)).length;
+ unsigned int slen =
+ (*krb5_princ_realm(context,db_entry->princ)).length;
if(!(key_salt.data.data = (char *) malloc(slen+1)))
return ENOMEM;
key_salt.data.data[slen] = 0;
memcpy((char *)key_salt.data.data,
(char *)(*krb5_princ_realm(context,db_entry->princ)).data,
slen);
- key_salt.data.length = -1; /*length actually used below...*/
+ key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/
#endif
}
@@ -424,13 +427,13 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
return(retval);
}
- if (key_salt.data.length == -1)
+ if (key_salt.data.length == SALT_TYPE_AFS_LENGTH)
key_salt.data.length =
krb5_princ_realm(context, db_entry->princ)->length;
- if (retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
+ if ((retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
(const krb5_keysalt *)&key_salt,
- kvno, &db_entry->key_data[db_entry->n_key_data-1])) {
+ kvno, &db_entry->key_data[db_entry->n_key_data-1]))) {
if (key_salt.data.data)
free(key_salt.data.data);
@@ -539,8 +542,8 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry)
/* increment the kvno */
new_kvno = old_kvno+1;
- if (retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count,
- passwd, db_entry, new_kvno)) {
+ if ((retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count,
+ passwd, db_entry, new_kvno))) {
cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
db_entry->n_key_data = key_data_count;
db_entry->key_data = key_data;
@@ -548,7 +551,7 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry)
/* Copy keys with key_data_kvno == old_kvno */
for (i = 0; i < key_data_count; i++) {
if (key_data[i].key_data_kvno == old_kvno) {
- if (retval = krb5_dbe_create_key_data(context, db_entry)) {
+ if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
cleanup_key_data(context, db_entry->n_key_data,
db_entry->key_data);
break;
diff --git a/usr/src/lib/krb5/kdb/kdb_db2.c b/usr/src/lib/krb5/kdb/kdb_db2.c
index 3697d7bbc8..4f1997162b 100644
--- a/usr/src/lib/krb5/kdb/kdb_db2.c
+++ b/usr/src/lib/krb5/kdb/kdb_db2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -657,14 +657,16 @@ krb5_db2_db_create(context, db_name, flags)
/*
* Destroy the database. Zero's out all of the files, just to be sure.
*/
-krb5_error_code
+static krb5_error_code
destroy_file_suffix(dbname, suffix)
char *dbname;
char *suffix;
{
char *filename;
struct stat statb;
- int nb,fd,i,j;
+ int nb,fd;
+ unsigned int j;
+ off_t pos;
char buf[BUFSIZ];
char zbuf[BUFSIZ];
int dowrite;
@@ -693,8 +695,8 @@ destroy_file_suffix(dbname, suffix)
* we're just about to unlink it anyways.
*/
memset(zbuf, 0, BUFSIZ);
- i = 0;
- while (i < statb.st_size) {
+ pos = 0;
+ while (pos < statb.st_size) {
dowrite = 0;
nb = read(fd, buf, BUFSIZ);
if (nb < 0) {
@@ -708,16 +710,18 @@ destroy_file_suffix(dbname, suffix)
break;
}
}
+ /* For signedness */
+ j = nb;
if (dowrite) {
- lseek(fd, i, SEEK_SET);
- nb = write(fd, zbuf, nb);
+ lseek(fd, pos, SEEK_SET);
+ nb = write(fd, zbuf, j);
if (nb < 0) {
int retval = errno;
free(filename);
return retval;
}
}
- i += nb;
+ pos += nb;
}
/* ??? Is fsync really needed? I don't know of any non-networked
filesystem which will discard queued writes to disk if a file
@@ -898,7 +902,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
DB *db;
DBT key, contents;
krb5_data keydata, contdata;
- int try, dbret;
+ int trynum, dbret;
*more = FALSE;
*nentries = 0;
@@ -907,7 +911,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
return KRB5_KDB_DBNOTINITED;
db_ctx = (krb5_db2_context *) context->db_context;
- for (try = 0; try < KRB5_DB2_MAX_RETRY; try++) {
+ for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) {
if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
if (db_ctx->db_nb_locks)
return(retval);
@@ -916,7 +920,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
}
break;
}
- if (try == KRB5_DB2_MAX_RETRY)
+ if (trynum == KRB5_DB2_MAX_RETRY)
return KRB5_KDB_DB_INUSE;
/* XXX deal with wildcard lookups */
@@ -1181,7 +1185,7 @@ krb5_db2_db_delete_principal(context, searchfor, nentries)
for (i = 0; i < entry.n_key_data; i++) {
if (entry.key_data[i].key_data_length[0]) {
memset((char *)entry.key_data[i].key_data_contents[0], 0,
- entry.key_data[i].key_data_length[0]);
+ (unsigned) entry.key_data[i].key_data_length[0]);
}
}
@@ -1217,10 +1221,11 @@ cleanup:
}
krb5_error_code
-krb5_db2_db_iterate (context, func, func_arg)
+krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive)
krb5_context context;
krb5_error_code (*func) (krb5_pointer, krb5_db_entry *);
krb5_pointer func_arg;
+ int backwards, recursive;
{
krb5_db2_context *db_ctx;
DB *db;
@@ -1229,17 +1234,36 @@ krb5_db2_db_iterate (context, func, func_arg)
krb5_db_entry entries;
krb5_error_code retval;
int dbret;
-
+ void *cookie;
+
+ cookie = NULL;
if (!k5db2_inited(context))
return KRB5_KDB_DBNOTINITED;
db_ctx = (krb5_db2_context *) context->db_context;
retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED);
+
if (retval)
return retval;
db = db_ctx->db;
- dbret = (*db->seq)(db, &key, &contents, R_FIRST);
+ if (recursive && db->type != DB_BTREE) {
+ (void)krb5_db2_db_unlock(context);
+ return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */
+ }
+
+ if (!recursive) {
+ dbret = (*db->seq)(db, &key, &contents,
+ backwards ? R_LAST : R_FIRST);
+ } else {
+#ifdef HAVE_BT_RSEQ
+ dbret = bt_rseq(db, &key, &contents, &cookie,
+ backwards ? R_LAST : R_FIRST);
+#else
+ (void)krb5_db2_db_unlock(context);
+ return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */
+#endif
+ }
while (dbret == 0) {
contdata.data = contents.data;
contdata.length = contents.size;
@@ -1250,7 +1274,18 @@ krb5_db2_db_iterate (context, func, func_arg)
krb5_dbe_free_contents(context, &entries);
if (retval)
break;
- dbret = (*db->seq)(db, &key, &contents, R_NEXT);
+ if (!recursive) {
+ dbret = (*db->seq)(db, &key, &contents,
+ backwards ? R_PREV : R_NEXT);
+ } else {
+#ifdef HAVE_BT_RSEQ
+ dbret = bt_rseq(db, &key, &contents, &cookie,
+ backwards ? R_PREV : R_NEXT);
+#else
+ (void)krb5_db2_db_unlock(context);
+ return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */
+#endif
+ }
}
switch (dbret) {
case 1:
@@ -1264,6 +1299,15 @@ krb5_db2_db_iterate (context, func, func_arg)
return retval;
}
+krb5_error_code
+krb5_db2_db_iterate(context, func, func_arg)
+ krb5_context context;
+ krb5_error_code (*func) (krb5_pointer, krb5_db_entry *);
+ krb5_pointer func_arg;
+{
+ return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0);
+}
+
krb5_boolean
krb5_db2_db_set_lockmode(context, mode)
krb5_context context;
@@ -1407,6 +1451,7 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain)
krb5_int32 lockcount;
krb5_int32 lockmode;
krb5_int32 dbnamelen;
+ krb5_boolean nb_lock;
char *dbname;
bp = *buffer;
@@ -1444,7 +1489,8 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain)
kret = krb5_db_lock(tmpctx, lockmode);
if (!kret && lockmode)
dbctx->db_locks_held = lockcount;
- (void) krb5_db2_db_set_lockmode(tmpctx, nb_lockmode);
+ nb_lock = nb_lockmode & 0xff;
+ (void) krb5_db2_db_set_lockmode(tmpctx, nb_lock);
}
if (dbname)
krb5_xfree(dbname);
diff --git a/usr/src/lib/krb5/kdb/kdb_db2.h b/usr/src/lib/krb5/kdb/kdb_db2.h
index bc0c690dae..5df517b0a4 100644
--- a/usr/src/lib/krb5/kdb/kdb_db2.h
+++ b/usr/src/lib/krb5/kdb/kdb_db2.h
@@ -42,6 +42,7 @@
#define krb5_db2_db_free_principal krb5_db_free_principal
#define krb5_db2_db_put_principal krb5_db_put_principal
#define krb5_db2_db_delete_principal krb5_db_delete_principal
+#define krb5_db2_db_iterate_ext krb5_db_iterate_ext
#define krb5_db2_db_iterate krb5_db_iterate
#define krb5_db2_db_lock krb5_db_lock
#define krb5_db2_db_unlock krb5_db_unlock
@@ -105,6 +106,11 @@ krb5_error_code krb5_db2_db_put_principal
(krb5_context,
krb5_db_entry *,
int * );
+krb5_error_code krb5_db2_db_iterate_ext
+ (krb5_context,
+ krb5_error_code (*) (krb5_pointer,
+ krb5_db_entry *),
+ krb5_pointer, int, int );
krb5_error_code krb5_db2_db_iterate
(krb5_context,
krb5_error_code (*) (krb5_pointer,
diff --git a/usr/src/lib/krb5/kdb/kdb_dbm.c b/usr/src/lib/krb5/kdb/kdb_dbm.c
index 873caf643b..d4a606ac67 100644
--- a/usr/src/lib/krb5/kdb/kdb_dbm.c
+++ b/usr/src/lib/krb5/kdb/kdb_dbm.c
@@ -57,11 +57,11 @@ extern char *progname;
static char default_db_name[] = DEFAULT_KDB_FILE;
static char *gen_dbsuffix
- PROTOTYPE((char *, char * ));
+ (char *, char * );
static krb5_error_code krb5_dbm_db_start_update
- PROTOTYPE((krb5_context));
+ (krb5_context);
static krb5_error_code krb5_dbm_db_end_update
- PROTOTYPE((krb5_context));
+ (krb5_context);
krb5_error_code
krb5_dbm_db_get_age(krb5_context, char *, time_t *);
@@ -358,10 +358,10 @@ krb5_dbm_db_set_mkey(context, db_context, key)
}
krb5_error_code
-krb5_dbm_db_get_mkey(context, eblock)
-
+krb5_dbm_db_get_mkey(context, db_context, key)
krb5_context context;
- krb5_encrypt_block **eblock;
+ krb5_db_context * db_context;
+ krb5_keyblock **key;
{
krb5_db_context *db_ctx;
@@ -369,7 +369,7 @@ krb5_dbm_db_get_mkey(context, eblock)
return(KRB5_KDB_DBNOTINITED);
db_ctx = context->db_context;
- *eblock = db_ctx->db_master_key;
+ *key = db_ctx->db_master_key;
return 0;
}
@@ -618,7 +618,7 @@ krb5_dbm_db_create(context, db_name)
/*
* Destroy the database. Zero's out all of the files, just to be sure.
*/
-krb5_error_code
+static krb5_error_code
destroy_file_suffix(dbname, suffix)
char *dbname;
char *suffix;
@@ -1141,7 +1141,7 @@ cleanup:
krb5_error_code
krb5_dbm_db_iterate (context, func, func_arg)
krb5_context context;
- krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *));
+ krb5_error_code (*func) (krb5_pointer, krb5_db_entry *);
krb5_pointer func_arg;
{
datum key, contents;
diff --git a/usr/src/lib/krb5/kdb/kdb_kt.h b/usr/src/lib/krb5/kdb/kdb_kt.h
new file mode 100644
index 0000000000..e400d0d54f
--- /dev/null
+++ b/usr/src/lib/krb5/kdb/kdb_kt.h
@@ -0,0 +1,44 @@
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+/*
+ * include/krb5/kdb_kt.h
+ *
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * KDC keytab definitions.
+ */
+
+
+#ifndef KRB5_KDB5_KT_H
+#define KRB5_KDB5_KT_H
+
+#include <krb5/kdb.h>
+
+extern struct _krb5_kt_ops krb5_kt_kdb_ops;
+
+krb5_error_code krb5_ktkdb_resolve (krb5_context, const char *, krb5_keytab *);
+
+krb5_error_code krb5_ktkdb_set_context(krb5_context);
+
+#endif /* KRB5_KDB5_DBM__ */
diff --git a/usr/src/lib/krb5/kdb/kdb_xdr.c b/usr/src/lib/krb5/kdb/kdb_xdr.c
index e058ad2e63..4f6864f6b1 100644
--- a/usr/src/lib/krb5/kdb/kdb_xdr.c
+++ b/usr/src/lib/krb5/kdb/kdb_xdr.c
@@ -153,7 +153,7 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
- if (code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))
+ if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
return(code);
if (tl_data.tl_data_length != 4) {
@@ -183,13 +183,13 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
krb5_error_code retval = 0;
krb5_octet * nextloc = 0;
char * unparse_mod_princ = 0;
- int unparse_mod_princ_size;
+ unsigned int unparse_mod_princ_size;
if ((retval = krb5_unparse_name(context, mod_princ,
&unparse_mod_princ)))
return(retval);
- unparse_mod_princ_size = (int) strlen(unparse_mod_princ) + 1;
+ unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
== NULL) {
@@ -227,7 +227,7 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
- if (code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))
+ if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
return(code);
if ((tl_data.tl_data_length < 5) ||
@@ -239,7 +239,7 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
/* Mod Princ */
if ((code = krb5_parse_name(context,
- (krb5_const char *) (tl_data.tl_data_contents+4),
+ (const char *) (tl_data.tl_data_contents+4),
mod_princ)))
return(code);
@@ -277,7 +277,8 @@ krb5_encode_princ_contents(context, content, entry)
krb5_data * content;
krb5_db_entry * entry;
{
- int unparse_princ_size, i, j;
+ int i, j;
+ unsigned int unparse_princ_size;
char * unparse_princ;
char * nextloc;
krb5_tl_data * tl_data;
@@ -340,7 +341,7 @@ krb5_encode_princ_contents(context, content, entry)
/*
* Now we go through entry again, this time copying data
- * These first entries are always saved regaurdless of version
+ * These first entries are always saved regardless of version
*/
nextloc = content->data;
@@ -429,7 +430,7 @@ krb5_encode_princ_contents(context, content, entry)
for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
krb5_int16 type = entry->key_data[i].key_data_type[j];
- krb5_int16 length = entry->key_data[i].key_data_length[j];
+ krb5_ui_2 length = entry->key_data[i].key_data_length[j];
krb5_kdb_encode_int16(type, nextloc);
nextloc += 2;
@@ -690,7 +691,8 @@ krb5_dbe_free_contents(context, entry)
if (entry->key_data[i].key_data_length[j]) {
if (entry->key_data[i].key_data_contents[j]) {
memset(entry->key_data[i].key_data_contents[j],
- 0, entry->key_data[i].key_data_length[j]);
+ 0,
+ (unsigned) entry->key_data[i].key_data_length[j]);
free (entry->key_data[i].key_data_contents[j]);
}
}
@@ -723,7 +725,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
krb5_int32 kvno;
krb5_key_data **kdatap;
{
- int i, index;
+ int i, idx;
int maxkvno;
krb5_key_data *datap;
krb5_error_code ret;
@@ -762,20 +764,21 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
ret = KRB5_KDB_NO_PERMITTED_KEY;
continue;
}
+
- if (ktype >= 0) {
+ if (ktype > 0) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
return(ret);
}
- if (((ktype < 0) || similar) &&
+ if (((ktype <= 0) || similar) &&
((db_stype == stype) || (stype < 0))) {
if (kvno >= 0) {
if (kvno == dbentp->key_data[i].key_data_kvno) {
datap = &dbentp->key_data[i];
- index = i;
+ idx = i;
maxkvno = kvno;
break;
}
@@ -783,7 +786,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
if (dbentp->key_data[i].key_data_kvno > maxkvno) {
maxkvno = dbentp->key_data[i].key_data_kvno;
datap = &dbentp->key_data[i];
- index = i;
+ idx = i;
}
}
}
@@ -791,7 +794,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
if (maxkvno < 0)
return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
*kdatap = datap;
- *start = index+1;
+ *start = idx+1;
return 0;
}
diff --git a/usr/src/lib/krb5/kdb/keytab.c b/usr/src/lib/krb5/kdb/keytab.c
index e4e6523250..fb26c1c572 100644
--- a/usr/src/lib/krb5/kdb/keytab.c
+++ b/usr/src/lib/krb5/kdb/keytab.c
@@ -28,6 +28,7 @@
#include <string.h>
#include "k5-int.h"
+#include "kdb_kt.h"
static int
is_xrealm_tgt(krb5_context, krb5_const_principal);
@@ -37,16 +38,21 @@ krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab);
krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal,
krb5_kvno, krb5_enctype, krb5_keytab_entry *);
-krb5_error_code krb5_ktkdb_resolve(
- krb5_context context,
- const char * name,
- krb5_keytab * id);
+static krb5_error_code
+krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab,
+ char *name, unsigned int namelen)
+{
+ if (namelen < sizeof("KDB:"))
+ return KRB5_KT_NAME_TOOLONG;
+ strcpy(name, "KDB:");
+ return 0;
+}
krb5_kt_ops krb5_kt_kdb_ops = {
0,
"KDB", /* Prefix -- this string should not appear anywhere else! */
krb5_ktkdb_resolve, /* resolve */
- NULL, /* get_name */
+ krb5_ktkdb_get_name, /* get_name */
krb5_ktkdb_close, /* close */
krb5_ktkdb_get_entry, /* get */
NULL, /* start_seq_get */
@@ -125,14 +131,16 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
krb5_db_entry db_entry;
krb5_boolean more = 0;
int n = 0;
- int xrealm_tgt = is_xrealm_tgt(context, principal);
- krb5_boolean similar;
+ int xrealm_tgt;
+ krb5_boolean similar;
if (ktkdb_ctx)
context = ktkdb_ctx;
else
context = in_context;
+ xrealm_tgt = is_xrealm_tgt(context, principal);
+
/* Open database */
/* krb5_db_init(context); */
if ((kerror = krb5_db_open_database(context)))
diff --git a/usr/src/lib/krb5/kdb/mapfile-vers b/usr/src/lib/krb5/kdb/mapfile-vers
index 7734b92971..c41940f823 100644
--- a/usr/src/lib/krb5/kdb/mapfile-vers
+++ b/usr/src/lib/krb5/kdb/mapfile-vers
@@ -36,34 +36,19 @@ SUNW_1.1 {
SUNWprivate_1.1 {
global:
- destroy_file_suffix;
krb5_db_close_database;
krb5_db_create;
krb5_db_delete_principal;
krb5_db_destroy;
- krb5_dbe_apw;
- krb5_dbe_ark;
- krb5_dbe_cpw;
- krb5_dbe_create_key_data;
- krb5_dbe_crk;
- krb5_dbe_find_enctype;
- krb5_dbe_free_contents;
- krb5_dbekd_decrypt_key_data;
- krb5_dbekd_encrypt_key_data;
- krb5_dbe_lookup_last_pwd_change;
- krb5_dbe_lookup_mod_princ_data;
- krb5_dbe_lookup_tl_data;
- krb5_dbe_search_enctype;
- krb5_dbe_update_last_pwd_change;
- krb5_dbe_update_mod_princ_data;
- krb5_dbe_update_tl_data;
krb5_db_fetch_mkey;
krb5_db_fini;
krb5_db_free_principal;
krb5_db_get_age;
+ krb5_db_get_mkey;
krb5_db_get_principal;
krb5_db_init;
krb5_db_iterate;
+ krb5_db_iterate_ext;
krb5_db_lock;
krb5_db_open_database;
krb5_db_put_principal;
@@ -75,13 +60,32 @@ SUNWprivate_1.1 {
krb5_db_store_mkey;
krb5_db_unlock;
krb5_db_verify_master_key;
+ krb5_dbe_apw;
+ krb5_dbe_ark;
+ krb5_dbe_cpw;
+ krb5_dbe_create_key_data;
+ krb5_dbe_crk;
+ krb5_dbe_find_enctype;
+ krb5_dbe_free_contents;
+ krb5_dbe_lookup_last_pwd_change;
+ krb5_dbe_lookup_mod_princ_data;
+ krb5_dbe_lookup_tl_data;
+ krb5_dbe_search_enctype;
+ krb5_dbe_update_last_pwd_change;
+ krb5_dbe_update_mod_princ_data;
+ krb5_dbe_update_tl_data;
+ krb5_dbekd_decrypt_key_data;
+ krb5_dbekd_encrypt_key_data;
krb5_decode_princ_contents;
krb5_encode_princ_contents;
+ krb5_encode_princ_dbkey;
krb5_free_princ_contents;
+ krb5_free_princ_dbkey;
+ krb5_kt_kdb_ops;
krb5_ktkdb_close;
krb5_ktkdb_get_entry;
- krb5_kt_kdb_ops;
krb5_ktkdb_resolve;
+ krb5_ktkdb_set_context;
krb5_mkey_pwd_prompt1;
krb5_mkey_pwd_prompt2;
krb5_ser_db_context_init;
diff --git a/usr/src/lib/krb5/kdb/setup_mkey.c b/usr/src/lib/krb5/kdb/setup_mkey.c
index adf0f24e79..8f662ac859 100644
--- a/usr/src/lib/krb5/kdb/setup_mkey.c
+++ b/usr/src/lib/krb5/kdb/setup_mkey.c
@@ -49,8 +49,8 @@ krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal)
krb5_principal *principal;
{
krb5_error_code retval;
- int keylen;
- int rlen = strlen(realm);
+ size_t keylen;
+ size_t rlen = strlen(realm);
char *fname;
if (!keyname)
diff --git a/usr/src/lib/krb5/kdb/store_mkey.c b/usr/src/lib/krb5/kdb/store_mkey.c
index 196d5e7287..b2f9446808 100644
--- a/usr/src/lib/krb5/kdb/store_mkey.c
+++ b/usr/src/lib/krb5/kdb/store_mkey.c
@@ -66,7 +66,7 @@ krb5_db_store_mkey(context, keyfile, mname, key)
char defkeyfile[MAXPATHLEN+1];
krb5_data *realm = krb5_princ_realm(context, mname);
#if HAVE_UMASK
- int oumask;
+ mode_t oumask;
#endif
if (!keyfile) {
@@ -98,7 +98,8 @@ krb5_db_store_mkey(context, keyfile, mname, key)
(fwrite((krb5_pointer) &key->length,
sizeof(key->length), 1, kf) != 1) ||
(fwrite((krb5_pointer) key->contents,
- sizeof(key->contents[0]), key->length, kf) != key->length)) {
+ sizeof(key->contents[0]), (unsigned) key->length,
+ kf) != key->length)) {
retval = errno;
(void) fclose(kf);
}
diff --git a/usr/src/lib/krb5/ss/copyright.h b/usr/src/lib/krb5/ss/copyright.h
index 3a8663ae42..d67bba3992 100644
--- a/usr/src/lib/krb5/ss/copyright.h
+++ b/usr/src/lib/krb5/ss/copyright.h
@@ -13,6 +13,9 @@ this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.
+Furthermore if you modify this software you must label
+your software as modified software and not distribute it in such a
+fashion that it might be confused with the original M.I.T. software.
M.I.T. and the M.I.T. S.I.P.B. make no representations about
the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
diff --git a/usr/src/lib/krb5/ss/error.c b/usr/src/lib/krb5/ss/error.c
index a15a04378e..31c62ffa00 100644
--- a/usr/src/lib/krb5/ss/error.c
+++ b/usr/src/lib/krb5/ss/error.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -14,25 +14,10 @@
#include <stdio.h>
-/*
- * I'm assuming that com_err.h includes varargs.h, which it does
- * (right now). There really ought to be a way for me to include the
- * file without worrying about whether com_err.h includes it or not,
- * but varargs.h doesn't define anything that I can use as a flag, and
- * gcc will lose if I try to include it twice and redefine stuff.
- */
-#if !defined(__STDC__) || !defined(ibm032) || !defined(NeXT)
-#define ss_error ss_error_external
-#endif
-
#include "copyright.h"
#include "com_err.h"
#include "ss_internal.h"
-extern void com_err_va ();
-
-#undef ss_error
-
char * ss_name(sci_idx)
int sci_idx;
{
@@ -71,26 +56,11 @@ char * ss_name(sci_idx)
}
}
-#ifdef HAVE_STDARG_H
void ss_error (int sci_idx, long code, const char * fmt, ...)
-#else
-void ss_error (va_alist)
- va_dcl
-#endif
{
register char *whoami;
va_list pvar;
-#ifndef HAVE_STDARG_H
- int sci_idx;
- long code;
- char * fmt;
- va_start (pvar);
- sci_idx = va_arg (pvar, int);
- code = va_arg (pvar, long);
- fmt = va_arg (pvar, char *);
-#else
va_start (pvar, fmt);
-#endif
whoami = ss_name (sci_idx);
com_err_va (whoami, code, fmt, pvar);
free (whoami);
diff --git a/usr/src/lib/krb5/ss/execute_cmd.c b/usr/src/lib/krb5/ss/execute_cmd.c
index ca6108cb49..6a0030cdaf 100644
--- a/usr/src/lib/krb5/ss/execute_cmd.c
+++ b/usr/src/lib/krb5/ss/execute_cmd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -196,8 +196,7 @@ int ss_execute_line (sci_idx, line_ptr)
char *line_ptr;
{
char **argv;
- int argc;
- int rc;
+ int argc, ret;
/* flush leading whitespace */
while (line_ptr[0] == ' ' || line_ptr[0] == '\t')
@@ -220,9 +219,9 @@ int ss_execute_line (sci_idx, line_ptr)
return 0;
/* look it up in the request tables, execute if found */
- rc = really_execute_command (sci_idx, argc, &argv);
+ ret = really_execute_command (sci_idx, argc, &argv);
free(argv);
- return (rc);
+ return(ret);
}
diff --git a/usr/src/lib/krb5/ss/help.c b/usr/src/lib/krb5/ss/help.c
index 5979e45463..b5e4ef15f5 100644
--- a/usr/src/lib/krb5/ss/help.c
+++ b/usr/src/lib/krb5/ss/help.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -13,13 +13,13 @@
#include <sys/param.h>
#include <sys/types.h>
+#include <errno.h>
#include <sys/file.h>
#include <fcntl.h> /* just for O_* */
#include <sys/wait.h>
#include "ss_internal.h"
#include "copyright.h"
#include <libintl.h>
-#include <errno.h>
extern void ss_list_requests();
@@ -63,16 +63,18 @@ void ss_help (argc, argv, sci_idx, info_ptr)
return;
}
for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) {
- (void) strcpy(buffer, info->info_dirs[idx]);
- (void) strcat(buffer, "/");
- (void) strcat(buffer, argv[1]);
- (void) strcat(buffer, ".info");
+ (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
+ buffer[sizeof(buffer) - 1] = '\0';
+ (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
+ (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
+ (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
}
if ((fd = open(&buffer[0], O_RDONLY)) < 0) {
char buf[MAXPATHLEN];
- strcpy(buf, "No info found for ");
- strcat(buf, argv[1]);
+ strncpy(buf, "No info found for ", sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
+ strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
ss_perror(sci_idx, 0, buf);
return;
}
diff --git a/usr/src/lib/krb5/ss/invocation.c b/usr/src/lib/krb5/ss/invocation.c
index 94b3de637f..87e6bb9fae 100644
--- a/usr/src/lib/krb5/ss/invocation.c
+++ b/usr/src/lib/krb5/ss/invocation.c
@@ -71,7 +71,7 @@ ss_delete_invocation(sci_idx)
t = ss_info(sci_idx);
free(t->prompt);
- free((char *)t->rqt_tables);
+ free(t->rqt_tables);
while(t->info_dirs[0] != (char *)NULL)
ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code);
free((char *)t->info_dirs);
diff --git a/usr/src/lib/krb5/ss/list_rqs.c b/usr/src/lib/krb5/ss/list_rqs.c
index 53dc909d13..4bb4e95499 100644
--- a/usr/src/lib/krb5/ss/list_rqs.c
+++ b/usr/src/lib/krb5/ss/list_rqs.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -32,9 +32,13 @@ static char const NL[2] = "\n";
void
ss_list_requests(argc, argv, sci_idx, info_ptr)
int argc;
- char **argv;
+ const char * const *argv;
int sci_idx;
- pointer info_ptr;
+#ifdef __STDC__
+ void *info_ptr;
+#else
+ char *info_ptr;
+#endif
{
register ss_request_entry *entry;
register char const * const *name;
@@ -93,21 +97,22 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
buffer[0] = '\0';
if (entry->flags & SS_OPT_DONT_LIST)
continue;
+ buffer[sizeof(buffer) - 1] = '\0';
for (name = entry->command_names; *name; name++) {
register int len = strlen(*name);
- strncat(buffer, *name, len);
+ strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer));
spacing += len + 2;
if (name[1]) {
- strcat(buffer, ", ");
+ strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer));
}
}
if (spacing > 23) {
- strcat(buffer, NL);
+ strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
fputs(buffer, output);
spacing = 0;
buffer[0] = '\0';
}
- strncat(buffer, twentyfive_spaces, 25-spacing);
+ strncat(buffer, twentyfive_spaces, strlen(twentyfive_spaces) - spacing);
/*
* Due to libss not knowing what TEXT_DOMAIN
@@ -115,8 +120,8 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
* messages, we know require the callers (ktutil,kadmin)
* to L10N the messages before calling libss.
*/
- strcat(buffer, entry->info_string);
- strcat(buffer, NL);
+ strncat(buffer, entry->info_string, sizeof(buffer) -1 - strlen(buffer));
+ strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
fputs(buffer, output);
}
}
diff --git a/usr/src/lib/krb5/ss/listen.c b/usr/src/lib/krb5/ss/listen.c
index 5d4d88f2bd..a1035e9fde 100644
--- a/usr/src/lib/krb5/ss/listen.c
+++ b/usr/src/lib/krb5/ss/listen.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -20,27 +20,21 @@
#include <stdio.h>
#include <setjmp.h>
#include <signal.h>
+#include <termios.h>
#include <libintl.h>
#include <sys/param.h>
-#ifdef BSD
-#include <sgtty.h>
-#endif
static ss_data *current_info;
static jmp_buf listen_jmpb;
static RETSIGTYPE print_prompt()
{
-#ifdef BSD
- /* put input into a reasonable mode */
- struct sgttyb ttyb;
- if (ioctl(fileno(stdin), TIOCGETP, &ttyb) != -1) {
- if (ttyb.sg_flags & (CBREAK|RAW)) {
- ttyb.sg_flags &= ~(CBREAK|RAW);
- (void) ioctl(0, TIOCSETP, &ttyb);
- }
+ struct termios termbuf;
+
+ if (tcgetattr(STDIN_FILENO, &termbuf) == 0) {
+ termbuf.c_lflag |= ICANON|ISIG|ECHO;
+ tcsetattr(STDIN_FILENO, TCSANOW, &termbuf);
}
-#endif
(void) fputs(current_info->prompt, stdout);
(void) fflush(stdout);
}
@@ -59,7 +53,7 @@ int ss_listen (sci_idx)
register ss_data *info;
char input[BUFSIZ];
char buffer[BUFSIZ];
- char *end = buffer;
+ char *volatile end = buffer;
int code;
jmp_buf old_jmpb;
ss_data *old_info = current_info;
@@ -175,7 +169,7 @@ void ss_abort_subsystem(sci_idx, code)
void ss_quit(argc, argv, sci_idx, infop)
int argc;
- char **argv;
+ char const * const *argv;
int sci_idx;
pointer infop;
{
diff --git a/usr/src/lib/krb5/ss/mapfile-vers b/usr/src/lib/krb5/ss/mapfile-vers
index 932cc36186..ac2ff358a0 100644
--- a/usr/src/lib/krb5/ss/mapfile-vers
+++ b/usr/src/lib/krb5/ss/mapfile-vers
@@ -27,7 +27,6 @@
SUNWprivate_1.1 {
global:
- debugDisplaySS;
ss_abort_subsystem;
ss_add_info_dir;
ss_add_request_table;
diff --git a/usr/src/lib/krb5/ss/mit-sipb-copyright.h b/usr/src/lib/krb5/ss/mit-sipb-copyright.h
index d9444d9bd6..cdcbe576e6 100644
--- a/usr/src/lib/krb5/ss/mit-sipb-copyright.h
+++ b/usr/src/lib/krb5/ss/mit-sipb-copyright.h
@@ -12,6 +12,9 @@ this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.
+Furthermore if you modify this software you must label
+your software as modified software and not distribute it in such a
+fashion that it might be confused with the original M.I.T. software.
M.I.T. and the M.I.T. S.I.P.B. make no representations about
the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
diff --git a/usr/src/lib/krb5/ss/mk_cmds.c b/usr/src/lib/krb5/ss/mk_cmds.c
index 858ebc4e6c..b47e5c62db 100644
--- a/usr/src/lib/krb5/ss/mk_cmds.c
+++ b/usr/src/lib/krb5/ss/mk_cmds.c
@@ -25,7 +25,7 @@
static const char copyright[] =
"Copyright 1987 by MIT Student Information Processing Board";
-extern pointer malloc PROTOTYPE((unsigned));
+extern pointer malloc (unsigned);
extern char *last_token;
extern FILE *output_file;
@@ -68,8 +68,9 @@ int main(argc, argv)
p = strrchr(path, '.');
*p = '\0';
q = rindex(path, '/');
- strcpy(c_file, (q) ? q + 1 : path);
- strcat(c_file, ".c");
+ strncpy(c_file, (q) ? q + 1 : path, sizeof(c_file) - 1);
+ c_file[sizeof(c_file) - 1] = '\0';
+ strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file));
*p = '.';
output_file = fopen(c_file, "w+F");
diff --git a/usr/src/lib/krb5/ss/pager.c b/usr/src/lib/krb5/ss/pager.c
index 3972f2fd9f..24c8f7e819 100644
--- a/usr/src/lib/krb5/ss/pager.c
+++ b/usr/src/lib/krb5/ss/pager.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -16,11 +16,11 @@
#include "ss_internal.h"
#include "copyright.h"
+#include <errno.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/file.h>
#include <signal.h>
-#include <errno.h>
static char MORE[] = "more";
extern char *_ss_pager_name;
@@ -43,7 +43,7 @@ int ss_pager_create()
if (pipe(filedes) != 0)
return(-1);
- switch(fork()) {
+ switch((int) fork()) {
case -1:
return(-1);
case 0:
@@ -112,7 +112,7 @@ void ss_page_stdin()
char buf[80];
register int n;
while ((n = read(0, buf, 80)) > 0)
- write(1, buf, n);
+ write(1, buf, (unsigned) n);
}
exit(errno);
}
diff --git a/usr/src/lib/krb5/ss/parse.c b/usr/src/lib/krb5/ss/parse.c
index 0bc97db28d..9edb3ffe37 100644
--- a/usr/src/lib/krb5/ss/parse.c
+++ b/usr/src/lib/krb5/ss/parse.c
@@ -8,10 +8,7 @@
#include "ss_internal.h"
#include "copyright.h"
-
-/* global indicating if we should be printing debug messages */
-extern int g_displayDebugSS;
-
+#include <errno.h>
enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING };
@@ -58,9 +55,7 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
while (1) {
#ifdef DEBUG
{
- if (g_displayDebugSS)
- printf ("character `%c', mode %d\n",
- *line_ptr, parse_mode);
+ printf ("character `%c', mode %d\n", *line_ptr, parse_mode);
}
#endif
while (parse_mode == WHITESPACE) {
@@ -130,15 +125,13 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
end_of_line:
*argc_ptr = argc;
#ifdef DEBUG
-
- if (g_displayDebugSS)
- {
- int i;
- printf ("argc = %d\n", argc);
- for (i = 0; i <= argc; i++)
- printf ("\targv[%2d] = `%s'\n", i,
- argv[i] ? argv[i] : "<NULL>");
- }
+ {
+ int i;
+ printf ("argc = %d\n", argc);
+ for (i = 0; i <= argc; i++)
+ printf ("\targv[%2d] = `%s'\n", i,
+ argv[i] ? argv[i] : "<NULL>");
+ }
#endif
return(argv);
}
diff --git a/usr/src/lib/krb5/ss/request_tbl.c b/usr/src/lib/krb5/ss/request_tbl.c
index 56df137f22..18004d2bd3 100644
--- a/usr/src/lib/krb5/ss/request_tbl.c
+++ b/usr/src/lib/krb5/ss/request_tbl.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -31,8 +31,8 @@ ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr)
;
/* size == C subscript of NULL == #elements */
size += 2; /* new element, and NULL */
- info->rqt_tables = (ssrt **)realloc((char *)info->rqt_tables,
- (unsigned)size*sizeof(ssrt));
+ info->rqt_tables = (ssrt **)realloc(info->rqt_tables,
+ size*sizeof(ssrt));
if (info->rqt_tables == (ssrt **)NULL) {
*code_ptr = errno;
return;
diff --git a/usr/src/lib/krb5/ss/requests.c b/usr/src/lib/krb5/ss/requests.c
index 479a716b33..5c3a710d93 100644
--- a/usr/src/lib/krb5/ss/requests.c
+++ b/usr/src/lib/krb5/ss/requests.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2000 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
@@ -13,12 +13,11 @@
* For copyright information, see mit-sipb-copyright.h.
*/
-#include <ss/mit-sipb-copyright.h>
#include <stdio.h>
#include "ss_internal.h"
#include <libintl.h>
-#define DECLARE(name) void name(argc,argv,sci_idx)int argc,sci_idx;char **argv;
+#define DECLARE(name) void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr;
/*
* ss_self_identify -- assigned by default to the "." request
@@ -55,13 +54,3 @@ DECLARE(ss_unimplemented)
{
ss_perror(sci_idx, SS_ET_UNIMPLEMENTED, "");
}
-
-int g_displayDebugSS = 0;
-/*
- * debug message display toggle
- */
-void
-debugDisplaySS(int onOff) {
-
- g_displayDebugSS = onOff;
-}
diff --git a/usr/src/lib/krb5/ss/ss.h b/usr/src/lib/krb5/ss/ss.h
index 0fdad1d880..7ce5b6bb70 100644
--- a/usr/src/lib/krb5/ss/ss.h
+++ b/usr/src/lib/krb5/ss/ss.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -13,9 +13,8 @@
#ifndef _ss_h
#define _ss_h __FILE__
-#include <ss/mit-sipb-copyright.h>
-#include <ss/ss_err.h>
#include <errno.h>
+#include <ss/ss_err.h>
#ifdef __STDC__
#define __SS_CONST const
@@ -52,16 +51,24 @@ typedef struct _ss_rp_options { /* DEFAULT VALUES */
#define SS_OPT_DONT_SUMMARIZE 0x0002
void ss_help __SS_PROTO;
+void ss_list_requests __SS_PROTO;
+void ss_quit __SS_PROTO;
char *ss_current_request();
-char *ss_name();
-#ifdef __STDC__
+char *ss_name(int);
void ss_error (int, long, char const *, ...);
void ss_perror (int, long, char const *);
-#else
-void ss_error ();
-void ss_perror ();
-#endif
-void ss_abort_subsystem();
+int ss_listen (int);
+int ss_create_invocation(char *, char *, char *, ss_request_table *, int *);
+void ss_delete_invocation(int);
+void ss_add_info_dir(int , char *, int *);
+void ss_delete_info_dir(int , char *, int *);
+int ss_execute_command(int sci_idx, char **);
+void ss_abort_subsystem(int, int);
+void ss_set_prompt(int, char *);
+char *ss_get_prompt(int);
+void ss_add_request_table(int, ss_request_table *, int, int *);
+void ss_delete_request_table(int, ss_request_table *, int *);
+int ss_execute_line (int, char*);
extern ss_request_table ss_std_requests;
/* toggles the display of debugging messages */
diff --git a/usr/src/lib/krb5/ss/ss_internal.h b/usr/src/lib/krb5/ss/ss_internal.h
index d82f050b28..43431797a3 100644
--- a/usr/src/lib/krb5/ss/ss_internal.h
+++ b/usr/src/lib/krb5/ss/ss_internal.h
@@ -15,20 +15,8 @@
#include <stdlib.h>
#endif
-#ifdef __STDC__
-
-#define PROTOTYPE(p) p
typedef void * pointer;
-#else
-
-#define const
-#define volatile
-#define PROTOTYPE(p) ()
-typedef char * pointer;
-
-#endif /* not __STDC__ */
-
#include <ss/ss.h>
#if defined(__GNUC__)
@@ -38,13 +26,13 @@ typedef char * pointer;
#if defined(vax)
#define LOCAL_ALLOC(x) alloca(x)
#define LOCAL_FREE(x)
-extern pointer alloca PROTOTYPE((unsigned));
+extern pointer alloca (unsigned);
#else
#if defined(__HIGHC__) /* Barf! */
pragma on(alloca);
#define LOCAL_ALLOC(x) alloca(x)
#define LOCAL_FREE(x)
-extern pointer alloca PROTOTYPE((unsigned));
+extern pointer alloca (unsigned);
#else
/* no alloca? */
#define LOCAL_ALLOC(x) malloc(x)
@@ -103,23 +91,30 @@ typedef struct _ss_data { /* init values */
(*code_ptr=0,ss_info(sci_idx)->current_request)
void ss_unknown_function();
void ss_delete_info_dir();
-int ss_execute_line();
-char **ss_parse();
-ss_abbrev_info *ss_abbrev_initialize PROTOTYPE((char *, int *));
-void ss_page_stdin();
+char **ss_parse (int, char *, int *);
+ss_abbrev_info *ss_abbrev_initialize (char *, int *);
+void ss_page_stdin (void);
+int ss_pager_create (void);
+void ss_self_identify __SS_PROTO;
+void ss_subsystem_name __SS_PROTO;
+void ss_subsystem_version __SS_PROTO;
+void ss_unimplemented __SS_PROTO;
extern ss_data **_ss_table;
extern char *ss_et_msgs[];
#ifndef HAVE_STDLIB_H
-extern pointer malloc PROTOTYPE((unsigned));
-extern pointer realloc PROTOTYPE((pointer, unsigned));
-extern pointer calloc PROTOTYPE((unsigned, unsigned));
+extern pointer malloc (unsigned);
+extern pointer realloc (pointer, unsigned);
+extern pointer calloc (unsigned, unsigned);
#endif
-#ifdef USE_SIGPROCMASK
+#if defined(USE_SIGPROCMASK) && !defined(POSIX_SIGNALS)
/* fake sigmask, sigblock, sigsetmask */
#include <signal.h>
+#ifdef sigmask
+#undef sigmask
+#endif
#define sigmask(x) (1L<<(x)-1)
#define sigsetmask(x) sigprocmask(SIG_SETMASK,&x,NULL)
static int _fake_sigstore;
diff --git a/usr/src/lib/krb5/ss/utils.c b/usr/src/lib/krb5/ss/utils.c
index 0084cec202..64a35a0b39 100644
--- a/usr/src/lib/krb5/ss/utils.c
+++ b/usr/src/lib/krb5/ss/utils.c
@@ -63,13 +63,12 @@ char * generate_rqte(func_name, info_string, cmds, options)
var_name = generate_cmds_string(cmds);
generate_function_definition(func_name);
size = 6; /* " { " */
- size += strlen(var_name)+7; /* "quux, " */
- size += strlen(func_name)+7; /* "foo, " */
- size += strlen(info_string)+9; /* "\"Info!\", " */
+ size += strlen(var_name)+8; /* "quux, " */
+ size += strlen(func_name)+8; /* "foo, " */
+ size += strlen(info_string)+8; /* "\"Info!\", " */
sprintf(numbuf, "%d", options);
- size += strlen(numbuf);
- size += 4; /* " }," + NL */
- string = malloc(size * sizeof(char *));
+ size += strlen(numbuf)+5; /* " }," + NL + NUL */
+ string = malloc(size);
strcpy(string, " { ");
strcat(string, var_name);
strcat(string, ",\n ");
@@ -125,7 +124,7 @@ char *quote(string)
return(result);
}
-#ifndef HAS_STRDUP
+#ifndef HAVE_STRDUP
/* make duplicate of string and return pointer */
char *strdup(s)
register char *s;
diff --git a/usr/src/pkgdefs/SUNWkdcu/prototype_com b/usr/src/pkgdefs/SUNWkdcu/prototype_com
index 8a4231607f..2551dadb15 100644
--- a/usr/src/pkgdefs/SUNWkdcu/prototype_com
+++ b/usr/src/pkgdefs/SUNWkdcu/prototype_com
@@ -2,9 +2,8 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License"). You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "%Z%%M% %I% %E% SMI"
@@ -71,6 +70,7 @@ s none usr/lib/krb5/libkdb.so=libkdb.so.1
f none usr/lib/krb5/visualrt.jar 444 root bin
d none usr/sbin 0755 root bin
f none usr/sbin/gkadmin 555 root bin
+f none usr/sbin/k5srvutil 555 root bin
f none usr/sbin/kadmin 555 root bin
f none usr/sbin/kadmin.local 555 root bin
f none usr/sbin/kclient 555 root bin
diff --git a/usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/init_ctx.c b/usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/init_ctx.c
index 6b189e78be..270fad25a7 100644
--- a/usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/init_ctx.c
+++ b/usr/src/uts/common/gssapi/mechs/krb5/krb5/krb/init_ctx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -490,10 +490,7 @@ init_common (krb5_context *context, krb5_boolean secure)
ctx->prompt_types = 0;
ctx->use_conf_ktypes = 0;
- /*
- * Solaris Kerberos: simplifying config by hard-coding udp_pref_limit
- */
- ctx->udp_pref_limit = DEFAULT_UDP_PREF_LIMIT;
+ ctx->udp_pref_limit = -1;
#endif /* !_KERNEL */
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-02 14:20:48 +0000