diff options
Diffstat (limited to 'usr/src/lib')
104 files changed, 3182 insertions, 2248 deletions
diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/db.h b/usr/src/lib/gss_mechs/mech_krb5/include/db.h index 9076723263..2b74608be6 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/include/db.h +++ b/usr/src/lib/gss_mechs/mech_krb5/include/db.h @@ -173,11 +173,4 @@ DB *dbopen __P((const char *, int, int, DBTYPE, const void *)); int bt_rseq(const DB*, DBT *, DBT *, void **, u_int); /* XXX kludge */ __END_DECLS -#if DEBUG_DB - -/* debugging aid used to turn on display of messages */ -void debugDisplayDB(int onOff); - -#endif - #endif /* !_DB_H_ */ diff --git a/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h b/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h index fbdf4b0017..be7274b907 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h +++ b/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h @@ -2,7 +2,7 @@ /* * include/krb5/adm.h * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995,2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -17,7 +17,10 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * @@ -207,13 +210,14 @@ typedef struct __krb5_realm_params { krb5_timestamp realm_expiration; krb5_flags realm_flags; krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; unsigned int realm_kadmind_port_valid:1; unsigned int realm_enctype_valid:1; unsigned int realm_max_life_valid:1; unsigned int realm_max_rlife_valid:1; unsigned int realm_expiration_valid:1; unsigned int realm_flags_valid:1; - unsigned int realm_filler:7; + unsigned int realm_reject_bad_transit_valid:1; krb5_int32 realm_num_keysalts; } krb5_realm_params; #endif /* KRB5_ADM_H__ */ diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c index 607519b834..fec98c2e42 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/ktbase.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -15,7 +15,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -29,7 +29,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Registration functions for keytab. */ @@ -46,9 +46,6 @@ struct krb5_kt_typelist { const krb5_kt_ops *ops; const struct krb5_kt_typelist *next; }; -static const struct krb5_kt_typelist krb5_kt_typelist_dfl = { &krb5_kt_dfl_ops, 0 }; -static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_dfl; - static const struct krb5_kt_typelist krb5_kt_typelist_wrfile = { &krb5_ktf_writable_ops, 0 @@ -61,11 +58,7 @@ static const struct krb5_kt_typelist krb5_kt_typelist_srvtab = { &krb5_kts_ops, &krb5_kt_typelist_file }; - -/* SUNW14resync */ -/* -static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab;*/ - +static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab; /* Lock for protecting the type list. */ static k5_mutex_t kt_typehead_lock = K5_MUTEX_PARTIAL_INITIALIZER; diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c index 704eabd01d..6cda1024ab 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/gic_pwd.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -33,7 +33,7 @@ extern kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context, const char *, extern kadm5_ret_t kadm5_init_with_password(char *, char *, char *, kadm5_config_params *, krb5_ui_4, krb5_ui_4, void **); extern kadm5_ret_t kadm5_chpass_principal_util(void *, krb5_principal, - char *, char **, char *, int); + char *, char **, char *, unsigned int); static krb5_error_code krb5_get_as_key_password( diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c index ffd8cdc07d..6c3c0ff525 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/os/sendto_kdc.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -319,10 +319,6 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message, /*LINTED*/ message->length, message->data, realm, *use_master, tcp_only); - /* - * Solaris Kerberos: keep it simple by not supporting a udp_preference_limit - */ -#if 0 /************** Begin IFDEF'ed OUT *******************************/ if (!tcp_only && context->udp_pref_limit < 0) { int tmp; retval = profile_get_integer(context->profile, @@ -332,15 +328,13 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message, return retval; if (tmp < 0) tmp = DEFAULT_UDP_PREF_LIMIT; - else if (tmp > HARD_UDP_LIMIT) { + else if (tmp > HARD_UDP_LIMIT) /* In the unlikely case that a *really* big value is given, let 'em use as big as we think we can support. */ tmp = HARD_UDP_LIMIT; - } context->udp_pref_limit = tmp; } -#endif /**************** END IFDEF'ed OUT *******************************/ retval = (*use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN); diff --git a/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers b/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers index a61439d044..199a3d4442 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers +++ b/usr/src/lib/gss_mechs/mech_krb5/mapfile-vers @@ -38,26 +38,6 @@ SUNWprivate_1.1 { global: adb_error_table; asn12krb5_buf; - asn1buf_create; - asn1buf_destroy; - asn1buf_ensure_space; - asn1buf_expand; - asn1buf_free; - asn1buf_hex_unparse; - asn1buf_imbed; - asn1buf_insert_charstring; - asn1buf_insert_octet; - asn1buf_insert_octetstring; - asn1buf_len; - asn1buf_remains; - asn1buf_remove_charstring; - asn1buf_remove_octet; - asn1buf_remove_octetstring; - asn1buf_size; - asn1buf_skiptail; - asn1buf_sync; - asn1buf_unparse; - asn1buf_wrap_data; asn1_decode_addrtype; asn1_decode_ap_options; asn1_decode_authdata_elt; @@ -67,10 +47,10 @@ SUNWprivate_1.1 { asn1_decode_checksum; asn1_decode_cksumtype; asn1_decode_enc_kdc_rep_part; - asn1_decode_encrypted_data; - asn1_decode_encryption_key; asn1_decode_enc_sam_key; asn1_decode_enc_sam_response_enc; + asn1_decode_encrypted_data; + asn1_decode_encryption_key; asn1_decode_enctype; asn1_decode_etype_info; asn1_decode_generalstring; @@ -78,8 +58,8 @@ SUNWprivate_1.1 { asn1_decode_host_address; asn1_decode_host_addresses; asn1_decode_ia5string; - asn1_decode_int; asn1_decode_int32; + asn1_decode_int; asn1_decode_integer; asn1_decode_kdc_options; asn1_decode_kdc_rep; @@ -121,9 +101,9 @@ SUNWprivate_1.1 { asn1_encode_charstring; asn1_encode_checksum; asn1_encode_enc_kdc_rep_part; + asn1_encode_enc_sam_response_enc; asn1_encode_encrypted_data; asn1_encode_encryption_key; - asn1_encode_enc_sam_response_enc; asn1_encode_etype_info; asn1_encode_etype_info_entry; asn1_encode_generalstring; @@ -176,6 +156,26 @@ SUNWprivate_1.1 { asn1_make_set; asn1_make_string; asn1_make_tag; + asn1buf_create; + asn1buf_destroy; + asn1buf_ensure_space; + asn1buf_expand; + asn1buf_free; + asn1buf_hex_unparse; + asn1buf_imbed; + asn1buf_insert_charstring; + asn1buf_insert_octet; + asn1buf_insert_octetstring; + asn1buf_len; + asn1buf_remains; + asn1buf_remove_charstring; + asn1buf_remove_octet; + asn1buf_remove_octetstring; + asn1buf_size; + asn1buf_skiptail; + asn1buf_sync; + asn1buf_unparse; + asn1buf_wrap_data; com_err; com_err_va; daemon; @@ -192,15 +192,15 @@ SUNWprivate_1.1 { decode_krb5_enc_data; decode_krb5_enc_kdc_rep_part; decode_krb5_enc_priv_part; - decode_krb5_encryption_key; decode_krb5_enc_sam_key; decode_krb5_enc_sam_response_enc; decode_krb5_enc_tkt_part; + decode_krb5_encryption_key; decode_krb5_error; decode_krb5_etype_info; decode_krb5_kdc_req_body; - decode_krb5_padata_sequence; decode_krb5_pa_enc_ts; + decode_krb5_padata_sequence; decode_krb5_predicted_sam_response; decode_krb5_priv; decode_krb5_pwd_data; @@ -225,15 +225,15 @@ SUNWprivate_1.1 { encode_krb5_enc_data; encode_krb5_enc_kdc_rep_part; encode_krb5_enc_priv_part; - encode_krb5_encryption_key; encode_krb5_enc_sam_response_enc; encode_krb5_enc_tkt_part; + encode_krb5_encryption_key; encode_krb5_error; - encode_krb5_etype_info; encode_krb5_etype_info2; + encode_krb5_etype_info; encode_krb5_kdc_req_body; - encode_krb5_padata_sequence; encode_krb5_pa_enc_ts; + encode_krb5_padata_sequence; encode_krb5_predicted_sam_response; encode_krb5_priv; encode_krb5_pwd_data; @@ -246,17 +246,14 @@ SUNWprivate_1.1 { encode_krb5_tgs_req; encode_krb5_ticket; error_message; - foreach_localaddr; g_delete_cred_id; g_delete_ctx_id; g_delete_name; g_display_com_err_status; g_display_major_status; - ggss_error_table; g_local_host_name; g_make_string_buffer; g_make_token_header; - gmt_mktime; g_order_check; g_order_free; g_order_init; @@ -271,6 +268,14 @@ SUNWprivate_1.1 { g_set_entry_delete; g_set_entry_get; g_set_init; + g_strdup; + g_token_size; + g_validate_cred_id; + g_validate_ctx_id; + g_validate_name; + g_verify_token_header; + ggss_error_table; + gmt_mktime; gss_krb5_ccache_name; gss_krb5_copy_ccache; gss_krb5_get_tkt_flags; @@ -285,12 +290,6 @@ SUNWprivate_1.1 { gss_nt_krb5_name; gss_nt_krb5_principal; gssspi_acquire_cred_with_password; - g_strdup; - g_token_size; - g_validate_cred_id; - g_validate_ctx_id; - g_validate_name; - g_verify_token_header; imp_error_table; k5_ef_hash; k5_ef_mac; @@ -331,9 +330,9 @@ SUNWprivate_1.1 { krb5_appdefault_string; krb5_auth_con_free; krb5_auth_con_genaddrs; + krb5_auth_con_get_checksum_func; krb5_auth_con_getaddrs; krb5_auth_con_getauthenticator; - krb5_auth_con_get_checksum_func; krb5_auth_con_getflags; krb5_auth_con_getivector; krb5_auth_con_getkey; @@ -347,16 +346,16 @@ SUNWprivate_1.1 { krb5_auth_con_getsendsubkey; krb5_auth_con_init; krb5_auth_con_initivector; - krb5_auth_con_setaddrs; krb5_auth_con_set_checksum_func; + krb5_auth_con_set_req_cksumtype; + krb5_auth_con_set_safe_cksumtype; + krb5_auth_con_setaddrs; krb5_auth_con_setflags; krb5_auth_con_setivector; krb5_auth_con_setpermetypes; krb5_auth_con_setports; krb5_auth_con_setrcache; krb5_auth_con_setrecvsubkey; - krb5_auth_con_set_req_cksumtype; - krb5_auth_con_set_safe_cksumtype; krb5_auth_con_setsendsubkey; krb5_auth_con_setuseruserkey; krb5_auth_to_rep; @@ -364,6 +363,25 @@ SUNWprivate_1.1 { krb5_build_principal_ext; krb5_build_principal_va; krb5_c_block_size; + krb5_c_checksum_length; + krb5_c_decrypt; + krb5_c_encrypt; + krb5_c_encrypt_length; + krb5_c_enctype_compare; + krb5_c_free_state; + krb5_c_init_state; + krb5_c_is_coll_proof_cksum; + krb5_c_is_keyed_cksum; + krb5_c_keyed_checksum_types; + krb5_c_make_checksum; + krb5_c_make_random_key; + krb5_c_random_make_octets; + krb5_c_random_seed; + krb5_c_string_to_key; + krb5_c_string_to_key_with_params; + krb5_c_valid_cksumtype; + krb5_c_valid_enctype; + krb5_c_verify_checksum; krb5_cc_close; krb5_cc_copy_creds; krb5_cc_default; @@ -375,7 +393,6 @@ SUNWprivate_1.1 { krb5_cc_get_name; krb5_cc_get_principal; krb5_cc_get_type; - krb5_c_checksum_length; krb5_cc_initialize; krb5_cc_next_cred; krb5_cc_register; @@ -385,24 +402,13 @@ SUNWprivate_1.1 { krb5_cc_set_flags; krb5_cc_start_seq_get; krb5_cc_store_cred; - krb5_c_decrypt; - krb5_c_encrypt; - krb5_c_encrypt_length; - krb5_c_enctype_compare; - krb5_c_free_state; krb5_change_cache; krb5_change_password; - krb5_checksum_size; krb5_check_transited_list; - krb5_c_init_state; - krb5_c_is_coll_proof_cksum; - krb5_c_is_keyed_cksum; - krb5_c_keyed_checksum_types; + krb5_checksum_size; + krb5_cksumtype_to_string; krb5_cksumtypes_length; krb5_cksumtypes_list; - krb5_cksumtype_to_string; - krb5_c_make_checksum; - krb5_c_make_random_key; krb5_copy_addr; krb5_copy_addresses; krb5_copy_authdata; @@ -415,15 +421,8 @@ SUNWprivate_1.1 { krb5_copy_keyblock_data; krb5_copy_principal; krb5_copy_ticket; - krb5_c_random_make_octets; - krb5_c_random_seed; krb5_create_secure_file; krb5_crypto_us_timeofday; - krb5_c_string_to_key; - krb5_c_string_to_key_with_params; - krb5_c_valid_cksumtype; - krb5_c_valid_enctype; - krb5_c_verify_checksum; krb5_decode_kdc_rep; krb5_decode_ticket; krb5_decrypt_tkt_part; @@ -434,9 +433,9 @@ SUNWprivate_1.1 { krb5_encode_kdc_rep; krb5_encrypt_helper; krb5_encrypt_tkt_part; + krb5_enctype_to_string; krb5_enctypes_length; krb5_enctypes_list; - krb5_enctype_to_string; krb5_error_table; krb5_externalize_data; krb5_externalize_opaque; @@ -500,21 +499,20 @@ SUNWprivate_1.1 { krb5_free_uio; krb5_free_unparsed_name; krb5_fwd_tgt_creds; - krb5_generate_seq_number; - krb5_generate_subkey; krb5_gen_portaddr; krb5_gen_replay_name; - krb5_get_credentials; - krb5_get_credentials_renew; - krb5_get_credentials_validate; + krb5_generate_seq_number; + krb5_generate_subkey; krb5_get_cred_from_kdc; krb5_get_cred_from_kdc_renew; krb5_get_cred_from_kdc_validate; krb5_get_cred_via_tkt; + krb5_get_credentials; + krb5_get_credentials_renew; + krb5_get_credentials_validate; krb5_get_default_config_files; krb5_get_default_in_tkt_ktypes; krb5_get_default_realm; - krb5_getenv; krb5_get_host_realm; krb5_get_init_creds; krb5_get_init_creds_keytab; @@ -538,11 +536,12 @@ SUNWprivate_1.1 { krb5_get_prompt_types; krb5_get_realm_domain; krb5_get_renewed_creds; - krb5_get_servername; krb5_get_server_rcache; + krb5_get_servername; krb5_get_tgs_ktypes; krb5_get_time_offsets; krb5_get_validated_creds; + krb5_getenv; krb5_gss_import_name; krb5_gss_init_sec_context; krb5_gss_oid_array; @@ -553,11 +552,7 @@ SUNWprivate_1.1 { krb5_init_ef_handle; krb5_init_keyblock; krb5_init_secure_context; - krb5int_aes_encrypt; - krb5int_cm_call_select; krb5_internalize_opaque; - krb5int_pbkdf2_hmac_sha1; - krb5int_sendtokdc_debug_handler; krb5_is_permitted_enctype; krb5_kdc_rep_decrypt_proc; krb5_kt_add_entry; @@ -566,12 +561,28 @@ SUNWprivate_1.1 { krb5_kt_default_name; krb5_kt_dfl_ops; krb5_kt_end_seq_get; + krb5_kt_free_entry; + krb5_kt_get_entry; + krb5_kt_get_name; + krb5_kt_next_entry; + krb5_kt_read_service_key; + krb5_kt_register; + krb5_kt_remove_entry; + krb5_kt_resolve; + krb5_kt_start_seq_get; + krb5_ktf_ops; + krb5_ktf_writable_ops; krb5_ktfile_add; krb5_ktfile_close; krb5_ktfile_end_get; krb5_ktfile_get_entry; krb5_ktfile_get_name; krb5_ktfile_get_next; + krb5_ktfile_remove; + krb5_ktfile_resolve; + krb5_ktfile_ser_entry; + krb5_ktfile_start_seq_get; + krb5_ktfile_wresolve; krb5_ktfileint_close; krb5_ktfileint_delete_entry; krb5_ktfileint_find_slot; @@ -581,28 +592,12 @@ SUNWprivate_1.1 { krb5_ktfileint_read_entry; krb5_ktfileint_size_entry; krb5_ktfileint_write_entry; - krb5_ktfile_remove; - krb5_ktfile_resolve; - krb5_ktfile_ser_entry; - krb5_ktfile_start_seq_get; - krb5_ktfile_wresolve; - krb5_ktf_ops; - krb5_kt_free_entry; - krb5_ktf_writable_ops; - krb5_kt_get_entry; - krb5_kt_get_name; - krb5_kt_next_entry; - krb5_kt_read_service_key; - krb5_kt_register; - krb5_kt_remove_entry; - krb5_kt_resolve; - krb5_kt_start_seq_get; krb5_kuserok; krb5_libdefault_boolean; krb5_locate_kdc; krb5_lock_file; - krb5_make_fulladdr; krb5_make_full_ipaddr; + krb5_make_fulladdr; krb5_max_dgram_size; krb5_max_skdc_timeout; krb5_mk_1cred; @@ -694,8 +689,8 @@ SUNWprivate_1.1 { krb5_register_serializer; krb5_salttype_to_string; krb5_secure_config_files; - krb5_sendauth; krb5_send_tgs; + krb5_sendauth; krb5_sendto_kdc; krb5_ser_address_init; krb5_ser_auth_context_init; @@ -717,7 +712,6 @@ SUNWprivate_1.1 { krb5_set_default_in_tkt_ktypes; krb5_set_default_realm; krb5_set_default_tgs_ktypes; - krb5_setenv; krb5_set_key_data; krb5_set_key_enctype; krb5_set_key_length; @@ -725,6 +719,7 @@ SUNWprivate_1.1 { krb5_set_principal_realm; krb5_set_real_time; krb5_set_time_offsets; + krb5_setenv; krb5_size_opaque; krb5_skdc_timeout_1; krb5_skdc_timeout_shift; @@ -745,15 +740,20 @@ SUNWprivate_1.1 { krb5_unparse_name; krb5_unparse_name_ext; krb5_unsetenv; + krb5_us_timeofday; krb5_use_enctype; krb5_use_natural_time; - krb5_us_timeofday; krb5_validate_times; krb5_verify_init_creds; krb5_verify_init_creds_opt_init; krb5_verify_init_creds_opt_set_ap_req_nofail; krb5_walk_realm_tree; krb5_write_message; + krb5int_aes_encrypt; + krb5int_cm_call_select; + krb5int_foreach_localaddr; + krb5int_pbkdf2_hmac_sha1; + krb5int_sendtokdc_debug_handler; kv5m_error_table; mit_des_check_key_parity; mit_des_fixup_key_parity; diff --git a/usr/src/lib/krb5/db2/btree/bt_debug.c b/usr/src/lib/krb5/db2/btree/bt_debug.c index b840dd341b..80f0ba807e 100644 --- a/usr/src/lib/krb5/db2/btree/bt_debug.c +++ b/usr/src/lib/krb5/db2/btree/bt_debug.c @@ -55,7 +55,7 @@ static char sccsid[] = "@(#)bt_debug.c 8.6 (Berkeley) 1/9/95"; #include "db-int.h" #include "btree.h" -#if defined(DEBUG_DB) || defined(STATISTICS) +#if defined(DEBUG) || defined(STATISTICS) static FILE *tracefp; @@ -81,7 +81,7 @@ __bt_dinit() } #endif -#ifdef DEBUG_DB +#ifdef DEBUG /* * __bt_dump -- * dump the tree diff --git a/usr/src/lib/krb5/db2/btree/bt_delete.c b/usr/src/lib/krb5/db2/btree/bt_delete.c index d7f5e0c615..90fb7f1e8c 100644 --- a/usr/src/lib/krb5/db2/btree/bt_delete.c +++ b/usr/src/lib/krb5/db2/btree/bt_delete.c @@ -152,7 +152,7 @@ __bt_stkacq(t, hp, c) EPG *e; EPGNO *parent; PAGE *h; - indx_t index; + indx_t idx; db_pgno_t pgno; recno_t nextpg, prevpg; int exact, level; @@ -190,8 +190,8 @@ __bt_stkacq(t, hp, c) /* Move to the next index. */ if (parent->index != NEXTINDEX(h) - 1) { - index = parent->index + 1; - BT_PUSH(t, h->pgno, index); + idx = parent->index + 1; + BT_PUSH(t, h->pgno, idx); break; } mpool_put(t->bt_mp, h, 0); @@ -200,7 +200,7 @@ __bt_stkacq(t, hp, c) /* Restore the stack. */ while (level--) { /* Push the next level down onto the stack. */ - bi = GETBINTERNAL(h, index); + bi = GETBINTERNAL(h, idx); pgno = bi->pgno; BT_PUSH(t, pgno, 0); @@ -210,7 +210,7 @@ __bt_stkacq(t, hp, c) /* Get the next level down. */ if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL) return (1); - index = 0; + idx = 0; } mpool_put(t->bt_mp, h, 0); if ((h = mpool_get(t->bt_mp, nextpg, 0)) == NULL) @@ -245,8 +245,8 @@ __bt_stkacq(t, hp, c) /* Move to the next index. */ if (parent->index != 0) { - index = parent->index - 1; - BT_PUSH(t, h->pgno, index); + idx = parent->index - 1; + BT_PUSH(t, h->pgno, idx); break; } mpool_put(t->bt_mp, h, 0); @@ -255,7 +255,7 @@ __bt_stkacq(t, hp, c) /* Restore the stack. */ while (level--) { /* Push the next level down onto the stack. */ - bi = GETBINTERNAL(h, index); + bi = GETBINTERNAL(h, idx); pgno = bi->pgno; /* Lose the currently pinned page. */ @@ -265,8 +265,8 @@ __bt_stkacq(t, hp, c) if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL) return (1); - index = NEXTINDEX(h) - 1; - BT_PUSH(t, pgno, index); + idx = NEXTINDEX(h) - 1; + BT_PUSH(t, pgno, idx); } mpool_put(t->bt_mp, h, 0); if ((h = mpool_get(t->bt_mp, prevpg, 0)) == NULL) @@ -384,7 +384,7 @@ __bt_pdelete(t, h) BINTERNAL *bi; PAGE *pg; EPGNO *parent; - indx_t cnt, index, *ip, offset; + indx_t cnt, idx, *ip, offset; u_int32_t nksize; char *from; @@ -405,8 +405,8 @@ __bt_pdelete(t, h) if ((pg = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL) return (RET_ERROR); - index = parent->index; - bi = GETBINTERNAL(pg, index); + idx = parent->index; + bi = GETBINTERNAL(pg, idx); /* Free any overflow pages. */ if (bi->flags & P_BIGKEY && @@ -438,11 +438,11 @@ __bt_pdelete(t, h) pg->upper += nksize; /* Adjust indices' offsets, shift the indices down. */ - offset = pg->linp[index]; - for (cnt = index, ip = &pg->linp[0]; cnt--; ++ip) + offset = pg->linp[idx]; + for (cnt = idx, ip = &pg->linp[0]; cnt--; ++ip) if (ip[0] < offset) ip[0] += nksize; - for (cnt = NEXTINDEX(pg) - index; --cnt; ++ip) + for (cnt = NEXTINDEX(pg) - idx; --cnt; ++ip) ip[0] = ip[1] < offset ? ip[1] + nksize : ip[1]; pg->lower -= sizeof(indx_t); } @@ -467,17 +467,17 @@ __bt_pdelete(t, h) * t: tree * key: referenced key * h: page - * index: index on page to delete + * idx: index on page to delete * * Returns: * RET_SUCCESS, RET_ERROR. */ int -__bt_dleaf(t, key, h, index) +__bt_dleaf(t, key, h, idx) BTREE *t; const DBT *key; PAGE *h; - u_int index; + u_int idx; { BLEAF *bl; indx_t cnt, *ip, offset; @@ -488,12 +488,12 @@ __bt_dleaf(t, key, h, index) /* If this record is referenced by the cursor, delete the cursor. */ if (F_ISSET(&t->bt_cursor, CURS_INIT) && !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) && - t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index == index && - __bt_curdel(t, key, h, index)) + t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index == idx && + __bt_curdel(t, key, h, idx)) return (RET_ERROR); /* If the entry uses overflow pages, make them available for reuse. */ - to = bl = GETBLEAF(h, index); + to = bl = GETBLEAF(h, idx); if (bl->flags & P_BIGKEY && __ovfl_delete(t, bl->bytes) == RET_ERROR) return (RET_ERROR); if (bl->flags & P_BIGDATA && @@ -507,18 +507,18 @@ __bt_dleaf(t, key, h, index) h->upper += nbytes; /* Adjust the indices' offsets, shift the indices down. */ - offset = h->linp[index]; - for (cnt = index, ip = &h->linp[0]; cnt--; ++ip) + offset = h->linp[idx]; + for (cnt = idx, ip = &h->linp[0]; cnt--; ++ip) if (ip[0] < offset) ip[0] += nbytes; - for (cnt = NEXTINDEX(h) - index; --cnt; ++ip) + for (cnt = NEXTINDEX(h) - idx; --cnt; ++ip) ip[0] = ip[1] < offset ? ip[1] + nbytes : ip[1]; h->lower -= sizeof(indx_t); /* If the cursor is on this page, adjust it as necessary. */ if (F_ISSET(&t->bt_cursor, CURS_INIT) && !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) && - t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index > index) + t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index > idx) --t->bt_cursor.pg.index; return (RET_SUCCESS); @@ -532,17 +532,17 @@ __bt_dleaf(t, key, h, index) * t: tree * key: referenced key (or NULL) * h: page - * index: index on page to delete + * idx: idx on page to delete * * Returns: * RET_SUCCESS, RET_ERROR. */ static int -__bt_curdel(t, key, h, index) +__bt_curdel(t, key, h, idx) BTREE *t; const DBT *key; PAGE *h; - u_int index; + u_int idx; { CURSOR *c; EPG e; @@ -565,7 +565,7 @@ __bt_curdel(t, key, h, index) */ if (key == NULL) { e.page = h; - e.index = index; + e.index = idx; if ((status = __bt_ret(t, &e, &c->key, &c->key, NULL, NULL, 1)) != RET_SUCCESS) return (status); @@ -573,25 +573,25 @@ __bt_curdel(t, key, h, index) key = &c->key; } /* Check previous key, if not at the beginning of the page. */ - if (index > 0) { + if (idx > 0) { e.page = h; - e.index = index - 1; + e.index = idx - 1; if (__bt_cmp(t, key, &e) == 0) { F_SET(c, CURS_BEFORE); goto dup2; } } /* Check next key, if not at the end of the page. */ - if (index < NEXTINDEX(h) - 1) { + if (idx < NEXTINDEX(h) - 1) { e.page = h; - e.index = index + 1; + e.index = idx + 1; if (__bt_cmp(t, key, &e) == 0) { F_SET(c, CURS_AFTER); goto dup2; } } /* Check previous key if at the beginning of the page. */ - if (index == 0 && h->prevpg != P_INVALID) { + if (idx == 0 && h->prevpg != P_INVALID) { if ((pg = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL) return (RET_ERROR); e.page = pg; @@ -603,7 +603,7 @@ __bt_curdel(t, key, h, index) mpool_put(t->bt_mp, pg, 0); } /* Check next key if at the end of the page. */ - if (index == NEXTINDEX(h) - 1 && h->nextpg != P_INVALID) { + if (idx == NEXTINDEX(h) - 1 && h->nextpg != P_INVALID) { if ((pg = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL) return (RET_ERROR); e.page = pg; @@ -619,7 +619,7 @@ dup2: c->pg.pgno = e.page->pgno; } } e.page = h; - e.index = index; + e.index = idx; if (curcopy || (status = __bt_ret(t, &e, &c->key, &c->key, NULL, NULL, 1)) == RET_SUCCESS) { F_SET(c, CURS_ACQUIRE); diff --git a/usr/src/lib/krb5/db2/btree/bt_open.c b/usr/src/lib/krb5/db2/btree/bt_open.c index 115572c970..2a92597a89 100644 --- a/usr/src/lib/krb5/db2/btree/bt_open.c +++ b/usr/src/lib/krb5/db2/btree/bt_open.c @@ -63,7 +63,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95"; #include "db-int.h" #include "btree.h" -#ifdef DEBUG_DB +#ifdef DEBUG #undef MINPSIZE #define MINPSIZE 128 #endif @@ -127,7 +127,7 @@ __bt_open(fname, flags, mode, openinfo, dflags) */ if (b.psize && (b.psize < MINPSIZE || b.psize > MAX_PAGE_OFFSET + 1 || - b.psize & sizeof(indx_t) - 1)) + b.psize & (sizeof(indx_t) - 1))) goto einval; /* Minimum number of keys per page; absolute minimum is 2. */ @@ -247,7 +247,7 @@ __bt_open(fname, flags, mode, openinfo, dflags) if (m.magic != BTREEMAGIC || m.version != BTREEVERSION) goto eftype; if (m.psize < MINPSIZE || m.psize > MAX_PAGE_OFFSET + 1 || - m.psize & sizeof(indx_t) - 1) + m.psize & (sizeof(indx_t) - 1)) goto eftype; if (m.flags & ~SAVEMETA) goto eftype; @@ -280,8 +280,8 @@ __bt_open(fname, flags, mode, openinfo, dflags) t->bt_psize = b.psize; /* Set the cache size; must be a multiple of the page size. */ - if (b.cachesize && b.cachesize & b.psize - 1) - b.cachesize += (~b.cachesize & b.psize - 1) + 1; + if (b.cachesize && b.cachesize & (b.psize - 1)) + b.cachesize += (~b.cachesize & (b.psize - 1)) + 1; if (b.cachesize < b.psize * MINCACHE) b.cachesize = b.psize * MINCACHE; diff --git a/usr/src/lib/krb5/db2/btree/bt_overflow.c b/usr/src/lib/krb5/db2/btree/bt_overflow.c index 81b4477267..67ec6de624 100644 --- a/usr/src/lib/krb5/db2/btree/bt_overflow.c +++ b/usr/src/lib/krb5/db2/btree/bt_overflow.c @@ -95,7 +95,7 @@ __ovfl_get(t, p, ssz, buf, bufsz) memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t)); *ssz = sz; -#ifdef DEBUG_DB +#ifdef DEBUG if (pg == P_INVALID || sz == 0) abort(); #endif @@ -204,7 +204,7 @@ __ovfl_delete(t, p) memmove(&pg, p, sizeof(db_pgno_t)); memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t)); -#ifdef DEBUG_DB +#ifdef DEBUG if (pg == P_INVALID || sz == 0) abort(); #endif diff --git a/usr/src/lib/krb5/db2/btree/bt_put.c b/usr/src/lib/krb5/db2/btree/bt_put.c index dc552ef6fd..fd1b2edea8 100644 --- a/usr/src/lib/krb5/db2/btree/bt_put.c +++ b/usr/src/lib/krb5/db2/btree/bt_put.c @@ -74,9 +74,9 @@ __bt_put(dbp, key, data, flags) { BTREE *t; DBT tkey, tdata; - EPG *e; + EPG *e = 0; PAGE *h; - indx_t index, nxtindex; + indx_t idx, nxtindex; db_pgno_t pg; u_int32_t nbytes; int dflags, exact, status; @@ -126,24 +126,31 @@ __bt_put(dbp, key, data, flags) dflags = 0; if (key->size + data->size > t->bt_ovflsize) { if (key->size > t->bt_ovflsize) { + u_int32_t yuck_this_is_gross_code; storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR) return (RET_ERROR); tkey.data = kb; tkey.size = NOVFLSIZE; memmove(kb, &pg, sizeof(db_pgno_t)); + yuck_this_is_gross_code = key->size; + if (yuck_this_is_gross_code != key->size) + abort (); memmove(kb + sizeof(db_pgno_t), - &key->size, sizeof(u_int32_t)); + &yuck_this_is_gross_code, sizeof(u_int32_t)); dflags |= P_BIGKEY; key = &tkey; } if (key->size + data->size > t->bt_ovflsize) { + u_int32_t yuck_this_is_gross_code = data->size; if (__ovfl_put(t, data, &pg) == RET_ERROR) return (RET_ERROR); tdata.data = db; tdata.size = NOVFLSIZE; memmove(db, &pg, sizeof(db_pgno_t)); + if (yuck_this_is_gross_code != data->size) + abort (); memmove(db + sizeof(db_pgno_t), - &data->size, sizeof(u_int32_t)); + &yuck_this_is_gross_code, sizeof(u_int32_t)); dflags |= P_BIGDATA; data = &tdata; } @@ -155,7 +162,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR) if (flags == R_CURSOR) { if ((h = mpool_get(t->bt_mp, t->bt_cursor.pg.pgno, 0)) == NULL) return (RET_ERROR); - index = t->bt_cursor.pg.index; + idx = t->bt_cursor.pg.index; goto delete; } @@ -167,7 +174,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR) if ((e = __bt_search(t, key, &exact)) == NULL) return (RET_ERROR); h = e->page; - index = e->index; + idx = e->index; /* * Add the key/data pair to the tree. If an identical key is already @@ -189,7 +196,7 @@ storekey: if (__ovfl_put(t, key, &pg) == RET_ERROR) * Note, the delete may empty the page, so we need to put a * new entry into the page immediately. */ -delete: if (__bt_dleaf(t, key, h, index) == RET_ERROR) { +delete: if (__bt_dleaf(t, key, h, idx) == RET_ERROR) { mpool_put(t->bt_mp, h, 0); return (RET_ERROR); } @@ -205,40 +212,41 @@ delete: if (__bt_dleaf(t, key, h, index) == RET_ERROR) { nbytes = NBLEAFDBT(key->size, data->size); if (h->upper - h->lower < nbytes + sizeof(indx_t)) { if ((status = __bt_split(t, h, key, - data, dflags, nbytes, index)) != RET_SUCCESS) + data, dflags, nbytes, idx)) != RET_SUCCESS) return (status); goto success; } - if (index < (nxtindex = NEXTINDEX(h))) - memmove(h->linp + index + 1, h->linp + index, - (nxtindex - index) * sizeof(indx_t)); + if (idx < (nxtindex = NEXTINDEX(h))) + memmove(h->linp + idx + 1, h->linp + idx, + (nxtindex - idx) * sizeof(indx_t)); h->lower += sizeof(indx_t); - h->linp[index] = h->upper -= nbytes; + h->linp[idx] = h->upper -= nbytes; dest = (char *)h + h->upper; WR_BLEAF(dest, key, data, dflags); /* If the cursor is on this page, adjust it as necessary. */ if (F_ISSET(&t->bt_cursor, CURS_INIT) && !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) && - t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index >= index) + t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index >= idx) ++t->bt_cursor.pg.index; - if (t->bt_order == NOT) + if (t->bt_order == NOT) { if (h->nextpg == P_INVALID) { - if (index == NEXTINDEX(h) - 1) { + if (idx == NEXTINDEX(h) - 1) { t->bt_order = FORWARD; - t->bt_last.index = index; + t->bt_last.index = idx; t->bt_last.pgno = h->pgno; } } else if (h->prevpg == P_INVALID) { - if (index == 0) { + if (idx == 0) { t->bt_order = BACK; t->bt_last.index = 0; t->bt_last.pgno = h->pgno; } } + } mpool_put(t->bt_mp, h, MPOOL_DIRTY); diff --git a/usr/src/lib/krb5/db2/btree/bt_search.c b/usr/src/lib/krb5/db2/btree/bt_search.c index 773ab568e5..18f19b11cc 100644 --- a/usr/src/lib/krb5/db2/btree/bt_search.c +++ b/usr/src/lib/krb5/db2/btree/bt_search.c @@ -71,7 +71,7 @@ __bt_search(t, key, exactp) int *exactp; { PAGE *h; - indx_t base, index, lim; + indx_t base, idx, lim; db_pgno_t pg; int cmp; @@ -83,7 +83,7 @@ __bt_search(t, key, exactp) /* Do a binary search on the current page. */ t->bt_cur.page = h; for (base = 0, lim = NEXTINDEX(h); lim; lim >>= 1) { - t->bt_cur.index = index = base + (lim >> 1); + t->bt_cur.index = idx = base + (lim >> 1); if ((cmp = __bt_cmp(t, key, &t->bt_cur)) == 0) { if (h->flags & P_BLEAF) { *exactp = 1; @@ -92,7 +92,7 @@ __bt_search(t, key, exactp) goto next; } if (cmp > 0) { - base = index + 1; + base = idx + 1; --lim; } } @@ -128,10 +128,10 @@ __bt_search(t, key, exactp) * be a parent page for the key. If a split later occurs, the * inserted page will be to the right of the saved page. */ - index = base ? base - 1 : base; + idx = base ? base - 1 : base; -next: BT_PUSH(t, h->pgno, index); - pg = GETBINTERNAL(h, index)->pgno; +next: BT_PUSH(t, h->pgno, idx); + pg = GETBINTERNAL(h, idx)->pgno; mpool_put(t->bt_mp, h, 0); } } @@ -159,7 +159,7 @@ __bt_snext(t, h, key, exactp) BINTERNAL *bi; EPG e; EPGNO *parent; - indx_t index; + indx_t idx; db_pgno_t pgno; int level; @@ -190,8 +190,8 @@ __bt_snext(t, h, key, exactp) /* Move to the next index. */ if (parent->index != NEXTINDEX(h) - 1) { - index = parent->index + 1; - BT_PUSH(t, h->pgno, index); + idx = parent->index + 1; + BT_PUSH(t, h->pgno, idx); break; } mpool_put(t->bt_mp, h, 0); @@ -200,7 +200,7 @@ __bt_snext(t, h, key, exactp) /* Restore the stack. */ while (level--) { /* Push the next level down onto the stack. */ - bi = GETBINTERNAL(h, index); + bi = GETBINTERNAL(h, idx); pgno = bi->pgno; BT_PUSH(t, pgno, 0); @@ -210,7 +210,7 @@ __bt_snext(t, h, key, exactp) /* Get the next level down. */ if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL) return (0); - index = 0; + idx = 0; } mpool_put(t->bt_mp, h, 0); return (1); @@ -239,7 +239,7 @@ __bt_sprev(t, h, key, exactp) BINTERNAL *bi; EPG e; EPGNO *parent; - indx_t index; + indx_t idx; db_pgno_t pgno; int level; @@ -271,8 +271,8 @@ __bt_sprev(t, h, key, exactp) /* Move to the next index. */ if (parent->index != 0) { - index = parent->index - 1; - BT_PUSH(t, h->pgno, index); + idx = parent->index - 1; + BT_PUSH(t, h->pgno, idx); break; } mpool_put(t->bt_mp, h, 0); @@ -281,7 +281,7 @@ __bt_sprev(t, h, key, exactp) /* Restore the stack. */ while (level--) { /* Push the next level down onto the stack. */ - bi = GETBINTERNAL(h, index); + bi = GETBINTERNAL(h, idx); pgno = bi->pgno; /* Lose the currently pinned page. */ @@ -291,8 +291,8 @@ __bt_sprev(t, h, key, exactp) if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL) return (1); - index = NEXTINDEX(h) - 1; - BT_PUSH(t, pgno, index); + idx = NEXTINDEX(h) - 1; + BT_PUSH(t, pgno, idx); } mpool_put(t->bt_mp, h, 0); return (1); diff --git a/usr/src/lib/krb5/db2/btree/bt_seq.c b/usr/src/lib/krb5/db2/btree/bt_seq.c index 1407225d00..9d8fb48b6c 100644 --- a/usr/src/lib/krb5/db2/btree/bt_seq.c +++ b/usr/src/lib/krb5/db2/btree/bt_seq.c @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -75,7 +75,7 @@ static char sccsid[] = "@(#)bt_seq.c 8.9 (Berkeley) 6/20/95"; #include <stddef.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> /* SUNWresync121 */ +#include <string.h> #include "db-int.h" #include "btree.h" @@ -276,7 +276,7 @@ __bt_seqadv(t, ep, flags) { CURSOR *c; PAGE *h; - indx_t index; + indx_t idx; db_pgno_t pg; int exact, rval; @@ -344,15 +344,15 @@ __bt_seqadv(t, ep, flags) */ if (F_ISSET(c, CURS_AFTER)) goto usecurrent; - index = c->pg.index; - if (++index == NEXTINDEX(h)) { + idx = c->pg.index; + if (++idx == NEXTINDEX(h)) { pg = h->nextpg; mpool_put(t->bt_mp, h, 0); if (pg == P_INVALID) return (RET_SPECIAL); if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL) return (RET_ERROR); - index = 0; + idx = 0; } break; case R_PREV: /* Previous record. */ @@ -367,22 +367,22 @@ usecurrent: F_CLR(c, CURS_AFTER | CURS_BEFORE); ep->index = c->pg.index; return (RET_SUCCESS); } - index = c->pg.index; - if (index == 0) { + idx = c->pg.index; + if (idx == 0) { pg = h->prevpg; mpool_put(t->bt_mp, h, 0); if (pg == P_INVALID) return (RET_SPECIAL); if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL) return (RET_ERROR); - index = NEXTINDEX(h) - 1; + idx = NEXTINDEX(h) - 1; } else - --index; + --idx; break; } ep->page = h; - ep->index = index; + ep->index = idx; return (RET_SUCCESS); } @@ -502,10 +502,10 @@ __bt_first(t, key, erval, exactp) * index: page index */ void -__bt_setcur(t, pgno, index) +__bt_setcur(t, pgno, idx) BTREE *t; db_pgno_t pgno; - u_int index; + u_int idx; { /* Lose any already deleted key. */ if (t->bt_cursor.key.data != NULL) { @@ -517,7 +517,7 @@ __bt_setcur(t, pgno, index) /* Update the cursor. */ t->bt_cursor.pg.pgno = pgno; - t->bt_cursor.pg.index = index; + t->bt_cursor.pg.index = idx; F_SET(&t->bt_cursor, CURS_INIT); } diff --git a/usr/src/lib/krb5/db2/btree/extern.h b/usr/src/lib/krb5/db2/btree/extern.h index bb545fe50c..f105107f58 100644 --- a/usr/src/lib/krb5/db2/btree/extern.h +++ b/usr/src/lib/krb5/db2/btree/extern.h @@ -1,5 +1,5 @@ /* - * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -114,7 +114,7 @@ int __ovfl_delete __P((BTREE *, void *)); int __ovfl_get __P((BTREE *, void *, size_t *, void **, size_t *)); int __ovfl_put __P((BTREE *, const DBT *, db_pgno_t *)); -#ifdef DEBUG_DB +#ifdef DEBUG int __bt_dnpage __P((DB *, db_pgno_t)); int __bt_dpage __P((DB *, PAGE *)); int __bt_dmpage __P((PAGE *)); diff --git a/usr/src/lib/krb5/db2/db/db.c b/usr/src/lib/krb5/db2/db/db.c index 678832129f..286c7017e8 100644 --- a/usr/src/lib/krb5/db2/db/db.c +++ b/usr/src/lib/krb5/db2/db/db.c @@ -99,19 +99,3 @@ __dbpanic(dbp) dbp->seq = (int (*)())__dberr; dbp->sync = (int (*)())__dberr; } - -/* global used to toggle display of debug messages */ -int g_displayDebugDB = 0; - -/* - * debugging aid - * call this function to enable/disable printing of debug messages - * code must be compiled with DEBUG_DB - */ -void debugDisplayDB(int onOff) -{ -#if DEBUG_DB - - g_displayDebugDB = onOff; -#endif -} diff --git a/usr/src/lib/krb5/db2/hash/dbm.c b/usr/src/lib/krb5/db2/hash/dbm.c index 84a5e8b364..cdae51c0a3 100644 --- a/usr/src/lib/krb5/db2/hash/dbm.c +++ b/usr/src/lib/krb5/db2/hash/dbm.c @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -234,7 +234,7 @@ kdb2_dbm_firstkey(db) DBM *db; { int status; - datum retdata, retkey; + datum retkey; #ifdef NEED_COPY DBT k, r; @@ -243,6 +243,8 @@ kdb2_dbm_firstkey(db) retkey.dptr = k.data; retkey.dsize = k.size; #else + datum retdata; + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST); #endif if (status) @@ -260,7 +262,7 @@ kdb2_dbm_nextkey(db) DBM *db; { int status; - datum retdata, retkey; + datum retkey; #ifdef NEED_COPY DBT k, r; @@ -269,6 +271,8 @@ kdb2_dbm_nextkey(db) retkey.dptr = k.data; retkey.dsize = k.size; #else + datum retdata; + status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT); #endif if (status) diff --git a/usr/src/lib/krb5/db2/hash/hash.c b/usr/src/lib/krb5/db2/hash/hash.c index c2769e2628..668b641179 100644 --- a/usr/src/lib/krb5/db2/hash/hash.c +++ b/usr/src/lib/krb5/db2/hash/hash.c @@ -46,16 +46,14 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95"; #include <sys/stat.h> #include <errno.h> - #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <libintl.h> -#ifdef DEBUG_DB +#ifdef DEBUG #include <assert.h> -extern int g_displayDebugDB; #endif #include "db-int.h" @@ -64,7 +62,7 @@ extern int g_displayDebugDB; #include "extern.h" static int32_t flush_meta __P((HTAB *)); -static int32_t hash_access __P((HTAB *, ACTION, DBT *, DBT *)); +static int32_t hash_access __P((HTAB *, ACTION, const DBT *, DBT *)); static int32_t hash_close __P((DB *)); static int32_t hash_delete __P((const DB *, const DBT *, u_int32_t)); static int32_t hash_fd __P((const DB *)); @@ -76,7 +74,7 @@ static int32_t hdestroy __P((HTAB *)); static int32_t cursor_get __P((const DB *, CURSOR *, DBT *, DBT *, \ u_int32_t)); static int32_t cursor_delete __P((const DB *, CURSOR *, u_int32_t)); -static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *)); +static HTAB *init_hash __P((HTAB *, const char *, const HASHINFO *)); static int32_t init_htab __P((HTAB *, int32_t)); #if DB_BYTE_ORDER == DB_LITTLE_ENDIAN static void swap_header __P((HTAB *)); @@ -140,9 +138,8 @@ __kdb2_hash_open(file, flags, mode, info, dflags) } /* store the file name so that we can unlink it later */ - hashp->fname = (char *)file; -#ifdef DEBUG_DB - if (g_displayDebugDB) + hashp->fname = file; +#ifdef DEBUG fprintf(stderr, dgettext(TEXT_DOMAIN, "Using file name %s.\n"), file); #endif @@ -171,7 +168,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags) /* Process arguments to set up hash table header. */ if (new_table) { - if (!(hashp = init_hash(hashp, file, (HASHINFO *)info))) + if (!(hashp = init_hash(hashp, file, info))) RETURN_ERROR(errno, error1); } else { /* Table already exists */ @@ -257,9 +254,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags) dbp->sync = hash_sync; dbp->type = DB_HASH; -#ifdef DEBUG_DB - if (g_displayDebugDB) { - +#ifdef DEBUG (void)fprintf(stderr, "%s\n%s%lx\n%s%d\n%s%d\n%s%d\n%s%d\n%s%d\n%s%x\n%s%x\n%s%d\n%s%d\n", "init_htab:", @@ -273,7 +268,6 @@ __kdb2_hash_open(file, flags, mode, info, dflags) "HIGH MASK ", hashp->hdr.high_mask, "LOW MASK ", hashp->hdr.low_mask, "NKEYS ", hashp->hdr.nkeys); - } #endif #ifdef HASH_STATISTICS hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0; @@ -292,7 +286,7 @@ error1: error0: if (!specified_file) - free(hashp->fname); + free((void*)(hashp->fname)); /* SUNW14resync */ free(hashp); errno = save_errno; return (NULL); @@ -336,7 +330,7 @@ static HTAB * init_hash(hashp, file, info) HTAB *hashp; const char *file; - HASHINFO *info; + const HASHINFO *info; { struct stat statbuf; int32_t nelem; @@ -393,7 +387,6 @@ init_htab(hashp, nelem) int32_t nelem; { int32_t l2, nbuckets; - db_pgno_t i; /* * Divide number of elements by the fill factor and determine a @@ -572,9 +565,7 @@ hdestroy(hashp) * files within mpool itself. */ if (hashp->fname && !hashp->save_file) { -#ifdef DEBUG_DB - - if (g_displayDebugDB) +#ifdef DEBUG fprintf(stderr, dgettext(TEXT_DOMAIN, "Unlinking file %s.\n"), hashp->fname); #endif @@ -582,7 +573,7 @@ hdestroy(hashp) chmod(hashp->fname, 0700); unlink(hashp->fname); /* destroy the temporary name */ - free(hashp->fname); + free((void *)(hashp->fname)); /* SUNW14resync */ } free(hashp); @@ -672,7 +663,7 @@ hash_get(dbp, key, data, flag) hashp->local_errno = errno = EINVAL; return (ERROR); } - return (hash_access(hashp, HASH_GET, (DBT *)key, data)); + return (hash_access(hashp, HASH_GET, key, data)); } static int32_t @@ -694,7 +685,7 @@ hash_put(dbp, key, data, flag) return (ERROR); } return (hash_access(hashp, flag == R_NOOVERWRITE ? - HASH_PUTNEW : HASH_PUT, (DBT *)key, (DBT *)data)); + HASH_PUTNEW : HASH_PUT, key, (DBT *)data)); } static int32_t @@ -715,7 +706,7 @@ hash_delete(dbp, key, flag) return (ERROR); } - return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL)); + return (hash_access(hashp, HASH_DELETE, key, NULL)); } /* @@ -725,7 +716,8 @@ static int32_t hash_access(hashp, action, key, val) HTAB *hashp; ACTION action; - DBT *key, *val; + const DBT *key; + DBT *val; { DBT page_key, page_val; CURSOR cursor; diff --git a/usr/src/lib/krb5/db2/hash/hash.h b/usr/src/lib/krb5/db2/hash/hash.h index f582e83eb6..f955307177 100644 --- a/usr/src/lib/krb5/db2/hash/hash.h +++ b/usr/src/lib/krb5/db2/hash/hash.h @@ -1,5 +1,5 @@ /* - * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -103,7 +103,7 @@ typedef struct htab { /* Memory resident data structure */ u_int32_t (*hash) __P((const void *, size_t)); /* Hash Function */ int32_t flags; /* Flag values */ int32_t fp; /* File pointer */ - char *fname; /* File path */ + const char *fname; /* File path */ u_int8_t *bigdata_buf; /* Temporary Buffer for BIG data */ u_int8_t *bigkey_buf; /* Temporary Buffer for BIG keys */ u_int16_t *split_buf; /* Temporary buffer for splits */ diff --git a/usr/src/lib/krb5/db2/hash/hash_bigkey.c b/usr/src/lib/krb5/db2/hash/hash_bigkey.c index 0f5307d8ca..a96b8aa985 100644 --- a/usr/src/lib/krb5/db2/hash/hash_bigkey.c +++ b/usr/src/lib/krb5/db2/hash/hash_bigkey.c @@ -62,7 +62,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.5 (Berkeley) 11/2/95"; #include <stdlib.h> #include <string.h> -#ifdef DEBUG_DB +#ifdef DEBUG #include <assert.h> #endif @@ -245,7 +245,7 @@ __find_bigpair(hashp, cursorp, key, size) } } __put_page(hashp, pagep, A_RAW, 0); -#ifdef DEBUG_DB +#ifdef DEBUG assert(ksize >= 0); #endif if (ksize != 0) { @@ -379,7 +379,7 @@ collect_key(hashp, pagep, len, last_page) PAGE16 *next_pagep; int32_t totlen, retval; db_pgno_t next_pgno; -#ifdef DEBUG_DB +#ifdef DEBUG db_pgno_t save_addr; #endif @@ -388,7 +388,7 @@ collect_key(hashp, pagep, len, last_page) totlen = len + BIGKEYLEN(pagep); if (hashp->bigkey_buf) free(hashp->bigkey_buf); - hashp->bigkey_buf = (unsigned char *)malloc(totlen); + hashp->bigkey_buf = (u_int8_t *)malloc(totlen); if (!hashp->bigkey_buf) return (-1); memcpy(hashp->bigkey_buf + len, @@ -402,7 +402,7 @@ collect_key(hashp, pagep, len, last_page) if (BIGKEYLEN(pagep) == 0) { if (hashp->bigkey_buf) free(hashp->bigkey_buf); - hashp->bigkey_buf = (unsigned char *)malloc(len); + hashp->bigkey_buf = (u_int8_t *)malloc(len); return (hashp->bigkey_buf ? len : -1); } totlen = len + BIGKEYLEN(pagep); @@ -414,12 +414,12 @@ collect_key(hashp, pagep, len, last_page) next_pagep = __get_page(hashp, next_pgno, A_RAW); if (!next_pagep) return (-1); -#ifdef DEBUG_DB +#ifdef DEBUG save_addr = ADDR(pagep); #endif retval = collect_key(hashp, next_pagep, totlen, last_page); -#ifdef DEBUG_DB +#ifdef DEBUG assert(save_addr == ADDR(pagep)); #endif memcpy(hashp->bigkey_buf + len, BIGKEY(pagep), BIGKEYLEN(pagep)); @@ -446,7 +446,7 @@ collect_data(hashp, pagep, len) PAGE16 *next_pagep; int32_t totlen, retval; db_pgno_t next_pgno; -#ifdef DEBUG_DB +#ifdef DEBUG db_pgno_t save_addr; #endif @@ -455,7 +455,7 @@ collect_data(hashp, pagep, len) if (hashp->bigdata_buf) free(hashp->bigdata_buf); totlen = len + BIGDATALEN(pagep); - hashp->bigdata_buf = (unsigned char *)malloc(totlen); + hashp->bigdata_buf = (u_int8_t *)malloc(totlen); if (!hashp->bigdata_buf) return (-1); memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep), @@ -470,11 +470,11 @@ collect_data(hashp, pagep, len) if (!next_pagep) return (-1); -#ifdef DEBUG_DB +#ifdef DEBUG save_addr = ADDR(pagep); #endif retval = collect_data(hashp, next_pagep, totlen); -#ifdef DEBUG_DB +#ifdef DEBUG assert(save_addr == ADDR(pagep)); #endif memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep), diff --git a/usr/src/lib/krb5/db2/hash/hash_func.c b/usr/src/lib/krb5/db2/hash/hash_func.c index 0966a58b5d..8bbfa14ff4 100644 --- a/usr/src/lib/krb5/db2/hash/hash_func.c +++ b/usr/src/lib/krb5/db2/hash/hash_func.c @@ -47,9 +47,11 @@ static char sccsid[] = "@(#)hash_func.c 8.4 (Berkeley) 11/7/95"; #include "page.h" #include "extern.h" +#if 0 static u_int32_t hash1 __P((const void *, size_t)); static u_int32_t hash2 __P((const void *, size_t)); static u_int32_t hash3 __P((const void *, size_t)); +#endif static u_int32_t hash4 __P((const void *, size_t)); /* Default hash function. */ @@ -64,6 +66,7 @@ u_int32_t (*__default_hash) __P((const void *, size_t)) = hash4; #define PRIME1 37 #define PRIME2 1048583 +#if 0 static u_int32_t hash1(key, len) const void *key; @@ -153,6 +156,8 @@ hash3(key, len) } return (n); } +#endif + /* Chris Torek's hash function. */ static u_int32_t @@ -161,14 +166,14 @@ hash4(key, len) size_t len; { u_int32_t h, loop; - u_int8_t *k; + const u_int8_t *k; #define HASH4a h = (h << 5) - h + *k++; #define HASH4b h = (h << 5) + h + *k++; #define HASH4 HASH4b h = 0; - k = (u_int8_t *)key; + k = (const u_int8_t *)key; if (len > 0) { loop = (len + 8 - 1) >> 3; diff --git a/usr/src/lib/krb5/db2/hash/hash_log2.c b/usr/src/lib/krb5/db2/hash/hash_log2.c index affacc42d4..5838823022 100644 --- a/usr/src/lib/krb5/db2/hash/hash_log2.c +++ b/usr/src/lib/krb5/db2/hash/hash_log2.c @@ -41,6 +41,9 @@ static char sccsid[] = "@(#)hash_log2.c 8.4 (Berkeley) 11/7/95"; #endif /* LIBC_SCCS and not lint */ #include "db-int.h" +#include "hash.h" +#include "page.h" +#include "extern.h" u_int32_t __kdb2_log2(num) diff --git a/usr/src/lib/krb5/db2/hash/hash_page.c b/usr/src/lib/krb5/db2/hash/hash_page.c index 827a8ef96b..b95090def2 100644 --- a/usr/src/lib/krb5/db2/hash/hash_page.c +++ b/usr/src/lib/krb5/db2/hash/hash_page.c @@ -58,7 +58,7 @@ static char sccsid[] = "@(#)hash_page.c 8.11 (Berkeley) 11/7/95"; #include <sys/types.h> -#ifdef DEBUG_DB +#ifdef DEBUG #include <assert.h> #endif #include <stdio.h> @@ -82,7 +82,7 @@ static void putpair __P((PAGE8 *, const DBT *, const DBT *)); static void swap_page_header_in __P((PAGE16 *)); static void swap_page_header_out __P((PAGE16 *)); -#ifdef DEBUG_DB_SLOW +#ifdef DEBUG_SLOW static void account_page(HTAB *, db_pgno_t, int); #endif @@ -215,12 +215,12 @@ __get_item_next(hashp, cursorp, key, val, item_info) DBT *key, *val; ITEM_INFO *item_info; { - int stat; + int status; - stat = __get_item(hashp, cursorp, key, val, item_info); + status = __get_item(hashp, cursorp, key, val, item_info); cursorp->ndx++; cursorp->pgndx++; - return (stat); + return (status); } /* @@ -323,7 +323,7 @@ __delpair(hashp, cursorp, item_info) --ndx; } else pagep = cursorp->pagep; -#ifdef DEBUG_DB +#ifdef DEBUG assert(ADDR(pagep) == cursorp->pgno); #endif @@ -379,7 +379,7 @@ __delpair(hashp, cursorp, item_info) for (n = ndx; n < NUM_ENT(pagep) - 1; n++) if (KEY_OFF(pagep, (n + 1)) != BIGPAIR) { next_key = next_realkey(pagep, n); -#ifdef DEBUG_DB +#ifdef DEBUG assert(next_key != -1); #endif KEY_OFF(pagep, n) = KEY_OFF(pagep, (n + 1)) + delta; @@ -413,7 +413,7 @@ __delpair(hashp, cursorp, item_info) return (-1); while (NEXT_PGNO(pagep) != to_find) { next_pgno = NEXT_PGNO(pagep); -#ifdef DEBUG_DB +#ifdef DEBUG assert(next_pgno != INVALID_PGNO); #endif __put_page(hashp, pagep, A_RAW, 0); @@ -669,7 +669,7 @@ add_bigptr(hashp, item_info, big_pgno) pagep = __add_ovflpage(hashp, pagep); if (!pagep) return (-1); -#ifdef DEBUG_DB +#ifdef DEBUG assert(BIGPAIRFITS(pagep)); #endif } @@ -819,7 +819,7 @@ __new_page(hashp, addr, addr_type) pagep = mpool_new(hashp->mp, &paddr, MPOOL_PAGE_REQUEST); if (!pagep) return (-1); -#if DEBUG_DB_SLOW +#if DEBUG_SLOW account_page(hashp, paddr, 1); #endif @@ -938,7 +938,7 @@ __put_page(hashp, pagep, addr_type, is_dirty) PAGE16 *pagep; int32_t addr_type, is_dirty; { -#if DEBUG_DB_SLOW +#if DEBUG_SLOW account_page(hashp, ((BKT *)((char *)pagep - sizeof(BKT)))->pgno, -1); #endif @@ -974,10 +974,10 @@ __get_page(hashp, addr, addr_type) } pagep = (PAGE16 *)mpool_get(hashp->mp, paddr, 0); -#if DEBUG_DB_SLOW +#if DEBUG_SLOW account_page(hashp, paddr, 1); #endif -#ifdef DEBUG_DB +#ifdef DEBUG assert(ADDR(pagep) == paddr || ADDR(pagep) == 0 || addr_type == A_BITMAP || addr_type == A_HEADER); #endif @@ -1079,7 +1079,7 @@ overflow_page(hashp) int32_t bit, first_page, free_bit, free_page, i, in_use_bits, j; int32_t max_free, offset, splitnum; u_int16_t addr; -#ifdef DEBUG_DB2 +#ifdef DEBUG2 int32_t tmp1, tmp2; #endif @@ -1158,7 +1158,7 @@ overflow_page(hashp) (int32_t)OADDR_OF(splitnum, offset), 1, free_page)) return (0); hashp->hdr.spares[splitnum]++; -#ifdef DEBUG_DB2 +#ifdef DEBUG2 free_bit = 2; #endif offset++; @@ -1185,7 +1185,7 @@ overflow_page(hashp) /* Calculate address of the new overflow page */ addr = OADDR_OF(splitnum, offset); -#ifdef DEBUG_DB2 +#ifdef DEBUG2 (void)fprintf(stderr, dgettext(TEXT_DOMAIN, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n"), addr, free_bit, free_page); @@ -1200,7 +1200,7 @@ overflow_page(hashp) found: bit = bit + first_free(freep[j]); SETBIT(freep, bit); -#ifdef DEBUG_DB2 +#ifdef DEBUG2 tmp1 = bit; tmp2 = i; #endif @@ -1219,7 +1219,7 @@ found: if (offset >= SPLITMASK) return (0); /* Out of overflow pages */ addr = OADDR_OF(i, offset); -#ifdef DEBUG_DB2 +#ifdef DEBUG2 (void)fprintf(stderr, dgettext(TEXT_DOMAIN, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n"), addr, tmp1, tmp2); @@ -1233,7 +1233,7 @@ found: return (addr); } -#ifdef DEBUG_DB +#ifdef DEBUG int bucket_to_page(hashp, n) HTAB *hashp; @@ -1260,7 +1260,7 @@ oaddr_to_page(hashp, n) return (ret_val); } -#endif /* DEBUG_DB */ +#endif /* DEBUG */ static indx_t page_to_oaddr(hashp, pgno) @@ -1287,7 +1287,7 @@ page_to_oaddr(hashp, pgno) ret_val = OADDR_OF(sp + 1, pgno - ((POW2(sp + 1) - 1) + hashp->hdr.spares[sp])); -#ifdef DEBUG_DB +#ifdef DEBUG assert(OADDR_TO_PAGE(ret_val) == (pgno + hashp->hdr.hdrpages)); #endif return (ret_val); @@ -1307,7 +1307,7 @@ __free_ovflpage(hashp, pagep) addr = page_to_oaddr(hashp, ADDR(pagep)); -#ifdef DEBUG_DB2 +#ifdef DEBUG2 (void)fprintf(stderr, dgettext(TEXT_DOMAIN, "Freeing %d\n"), addr); #endif @@ -1320,7 +1320,7 @@ __free_ovflpage(hashp, pagep) free_bit = bit_address & ((hashp->hdr.bsize << BYTE_SHIFT) - 1); freep = fetch_bitmap(hashp, free_page); -#ifdef DEBUG_DB +#ifdef DEBUG /* * This had better never happen. It means we tried to read a bitmap * that has already had overflow pages allocated off it, and we @@ -1330,7 +1330,7 @@ __free_ovflpage(hashp, pagep) assert(0); #endif CLRBIT(freep, free_bit); -#ifdef DEBUG_DB2 +#ifdef DEBUG2 (void)fprintf(stderr, dgettext(TEXT_DOMAIN, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n"), obufp->addr, free_bit, free_page); @@ -1351,7 +1351,7 @@ fetch_bitmap(hashp, ndx) return (hashp->mapp[ndx]); } -#ifdef DEBUG_DB_SLOW +#ifdef DEBUG_SLOW static void account_page(hashp, pgno, inout) HTAB *hashp; @@ -1391,4 +1391,4 @@ account_page(hashp, pgno, inout) "Warning: pg %d has been out for %d times\n"), list[i].pgno, list[i].times); } -#endif /* DEBUG_DB_SLOW */ +#endif /* DEBUG_SLOW */ diff --git a/usr/src/lib/krb5/db2/hash/hsearch.c b/usr/src/lib/krb5/db2/hash/hsearch.c index 64b932c582..06b4bccfe1 100644 --- a/usr/src/lib/krb5/db2/hash/hsearch.c +++ b/usr/src/lib/krb5/db2/hash/hsearch.c @@ -70,7 +70,7 @@ hcreate(nel) extern ENTRY * hsearch(item, action) ENTRY item; - SEARCH_ACTION action; + ACTION action; { DBT key, val; int status; diff --git a/usr/src/lib/krb5/db2/hash/search.h b/usr/src/lib/krb5/db2/hash/search.h index fc90b16806..9cb65b7a64 100644 --- a/usr/src/lib/krb5/db2/hash/search.h +++ b/usr/src/lib/krb5/db2/hash/search.h @@ -1,5 +1,5 @@ /* - * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -58,7 +58,7 @@ typedef struct entry { typedef enum { FIND, ENTER -} SEARCH_ACTION; +} ACTION; #define hcreate kdb2_hcreate #define hdestroy kdb2_hdestroy @@ -66,7 +66,7 @@ typedef enum { int hcreate __P((unsigned int)); void hdestroy __P((void)); -ENTRY *hsearch __P((ENTRY, SEARCH_ACTION)); +ENTRY *hsearch __P((ENTRY, ACTION)); #ifdef __cplusplus } diff --git a/usr/src/lib/krb5/db2/include/db-int.h b/usr/src/lib/krb5/db2/include/db-int.h index 37f6a0a377..c5c43a481a 100644 --- a/usr/src/lib/krb5/db2/include/db-int.h +++ b/usr/src/lib/krb5/db2/include/db-int.h @@ -1,5 +1,5 @@ /* - * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -52,22 +52,91 @@ extern "C" { #include <db.h> -/* deal with autoconf-based stuff (db.h includes db-config.h) */ +/* deal with autoconf-based stuff */ -#ifndef HAVE_MEMMOVE -#define memmove my_memmove +#define DB_LITTLE_ENDIAN 1234 +#define DB_BIG_ENDIAN 4321 + +#include <stdlib.h> +#ifdef HAVE_ENDIAN_H +# include <endian.h> +#endif +#ifdef HAVE_MACHINE_ENDIAN_H +# include <machine/endian.h> +#endif +#ifdef HAVE_SYS_PARAM_H +# include <sys/param.h> #endif -#ifndef HAVE_MKSTEMP -#define mkstemp my_mkstemp +/* SUNW14resync: + The following code is disabled as it correctly determines the + endianness of the system. This would break backward compatability + for x86 as prior to this resync all architectures are treated + similarily - as big endian. See definition of "WORDS_BIGENDIAN" in + db-config.h. +*/ +#if 0 +/* Handle both BIG and LITTLE defined and BYTE_ORDER matches one, or + just one defined; both with and without leading underscores. + + Ignore "PDP endian" machines, this code doesn't support them + anyways. */ +#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER) +# ifdef __LITTLE_ENDIAN__ +# define LITTLE_ENDIAN __LITTLE_ENDIAN__ +# endif +# ifdef __BIG_ENDIAN__ +# define BIG_ENDIAN __BIG_ENDIAN__ +# endif +#endif +#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER) +# ifdef _LITTLE_ENDIAN +# define LITTLE_ENDIAN _LITTLE_ENDIAN +# endif +# ifdef _BIG_ENDIAN +# define BIG_ENDIAN _BIG_ENDIAN +# endif +# ifdef _BYTE_ORDER +# define BYTE_ORDER _BYTE_ORDER +# endif +#endif +#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER) +# ifdef __LITTLE_ENDIAN +# define LITTLE_ENDIAN __LITTLE_ENDIAN +# endif +# ifdef __BIG_ENDIAN +# define BIG_ENDIAN __BIG_ENDIAN +# endif +# ifdef __BYTE_ORDER +# define BYTE_ORDER __BYTE_ORDER +# endif +#endif + +#if defined(_MIPSEL) && !defined(LITTLE_ENDIAN) +# define LITTLE_ENDIAN +#endif +#if defined(_MIPSEB) && !defined(BIG_ENDIAN) +# define BIG_ENDIAN +#endif + +#if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) && defined(BYTE_ORDER) +# if LITTLE_ENDIAN == BYTE_ORDER +# define DB_BYTE_ORDER DB_LITTLE_ENDIAN +# elif BIG_ENDIAN == BYTE_ORDER +# define DB_BYTE_ORDER DB_BIG_ENDIAN +# else +# error "LITTLE_ENDIAN and BIG_ENDIAN defined, but can't determine byte order" +# endif +#elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) +# define DB_BYTE_ORDER DB_LITTLE_ENDIAN +#elif defined(BIG_ENDIAN) && !defined(LITTLE_ENDIAN) +# define DB_BYTE_ORDER DB_BIG_ENDIAN +#else +# error "can't determine byte order from included system headers" #endif -#ifndef HAVE_STRERROR -#define strerror my_strerror #endif -#define DB_LITTLE_ENDIAN 1234 -#define DB_BIG_ENDIAN 4321 #ifdef WORDS_BIGENDIAN #define DB_BYTE_ORDER DB_BIG_ENDIAN @@ -86,6 +155,13 @@ extern "C" { #include <fcntl.h> #include <stdio.h> #include <errno.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#ifdef HAVE_INTTYPES_H +/* Tru64 5.1: int8_t is defined here, and stdint.h doesn't exist. */ +#include <inttypes.h> +#endif #include <sys/types.h> #include <sys/stat.h> #include <sys/param.h> @@ -227,7 +303,6 @@ void __dbpanic __P((DB *dbp)); #ifndef O_BINARY #define O_BINARY 0 /* Needed for Win32 compiles */ #endif - #endif /* _DB_INT_H_ */ #ifdef __cplusplus diff --git a/usr/src/lib/krb5/db2/include/db-queue.h b/usr/src/lib/krb5/db2/include/db-queue.h index 6f09a66805..983c444d59 100644 --- a/usr/src/lib/krb5/db2/include/db-queue.h +++ b/usr/src/lib/krb5/db2/include/db-queue.h @@ -1,6 +1,6 @@ /* - * Copyright (c) 1997-2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #ifndef _KRB5_DB2_DBQUEUE_H @@ -47,6 +47,9 @@ extern "C" { * @(#)queue.h 8.3 (Berkeley) 12/13/93 */ +#ifndef _QUEUE_H_ +#define _QUEUE_H_ + /* * This file defines three types of data structures: lists, tail queues, * and circular queues. @@ -253,6 +256,7 @@ struct { \ (elm)->field.cqe_prev->field.cqe_next = \ (elm)->field.cqe_next; \ } +#endif /* !_QUEUE_H_ */ #ifdef __cplusplus } diff --git a/usr/src/lib/krb5/db2/mapfile-vers b/usr/src/lib/krb5/db2/mapfile-vers index cb677fcf4e..a986849ad8 100644 --- a/usr/src/lib/krb5/db2/mapfile-vers +++ b/usr/src/lib/krb5/db2/mapfile-vers @@ -36,7 +36,7 @@ SUNW_1.1 { SUNWprivate_1.1 { global: - debugDisplayDB; + kdb2_bt_rseq; kdb2_dbm_clearerr; kdb2_dbm_close; kdb2_dbm_delete; @@ -44,10 +44,10 @@ SUNWprivate_1.1 { kdb2_dbm_error; kdb2_dbm_fetch; kdb2_dbm_firstkey; - kdb2_dbminit; kdb2_dbm_nextkey; kdb2_dbm_open; kdb2_dbm_store; + kdb2_dbminit; kdb2_dbopen; kdb2_delete; kdb2_fetch; @@ -55,16 +55,16 @@ SUNWprivate_1.1 { kdb2_hcreate; kdb2_hdestroy; kdb2_hsearch; + kdb2_mpool_close; + kdb2_mpool_delete; + kdb2_mpool_filter; + kdb2_mpool_get; + kdb2_mpool_new; + kdb2_mpool_open; + kdb2_mpool_put; + kdb2_mpool_sync; kdb2_nextkey; kdb2_store; - mpool_close; - mpool_delete; - mpool_filter; - mpool_get; - mpool_new; - mpool_open; - mpool_put; - mpool_sync; local: *; }; diff --git a/usr/src/lib/krb5/db2/mpool/mpool.c b/usr/src/lib/krb5/db2/mpool/mpool.c index f8c2d3648d..2881fb813a 100644 --- a/usr/src/lib/krb5/db2/mpool/mpool.c +++ b/usr/src/lib/krb5/db2/mpool/mpool.c @@ -53,11 +53,6 @@ static BKT *mpool_bkt __P((MPOOL *)); static BKT *mpool_look __P((MPOOL *, db_pgno_t)); static int mpool_write __P((MPOOL *, BKT *)); -#if DEBUG_DB - -extern int g_displayDebugDB; -#endif - /* * mpool_open -- * Initialize a memory pool. @@ -165,13 +160,10 @@ mpool_delete(mp, page) bp = (BKT *)((char *)page - sizeof(BKT)); -#ifdef DEBUG_DB +#ifdef DEBUG if (!(bp->flags & MPOOL_PINNED)) { - if (g_displayDebugDB) { - fprintf(stderr, - "mpool_delete: page %d not pinned\n", - bp->pgno); - } + (void)fprintf(stderr, + "mpool_delete: page %d not pinned\n", bp->pgno); abort(); } #endif @@ -206,13 +198,10 @@ mpool_get(mp, pgno, flags) /* Check for a page that is cached. */ if ((bp = mpool_look(mp, pgno)) != NULL) { -#ifdef DEBUG_DB +#ifdef DEBUG if (!(flags & MPOOL_IGNOREPIN) && bp->flags & MPOOL_PINNED) { - if (g_displayDebugDB) { - fprintf(stderr, - "mpool_get: page %d already pinned\n", - bp->pgno); - } + (void)fprintf(stderr, + "mpool_get: page %d already pinned\n", bp->pgno); abort(); } #endif @@ -240,6 +229,12 @@ mpool_get(mp, pgno, flags) ++mp->pageread; #endif off = mp->pagesize * pgno; + if (off / mp->pagesize != pgno) { + /* Run past the end of the file, or at least the part we + can address without large-file support? */ + errno = E2BIG; + return NULL; + } if (lseek(mp->fd, off, SEEK_SET) != off) return (NULL); @@ -294,13 +289,10 @@ mpool_put(mp, page, flags) ++mp->pageput; #endif bp = (BKT *)((char *)page - sizeof(BKT)); -#ifdef DEBUG_DB +#ifdef DEBUG if (!(bp->flags & MPOOL_PINNED)) { - if (g_displayDebugDB) { - fprintf(stderr, - "mpool_put: page %d not pinned\n", - bp->pgno); - } + (void)fprintf(stderr, + "mpool_put: page %d not pinned\n", bp->pgno); abort(); } #endif @@ -387,7 +379,7 @@ mpool_bkt(mp) head = &mp->hqh[HASHKEY(bp->pgno)]; CIRCLEQ_REMOVE(head, bp, hq); CIRCLEQ_REMOVE(&mp->lqh, bp, q); -#ifdef DEBUG_DB +#ifdef DEBUG { void *spage; spage = bp->page; memset(bp, 0xff, sizeof(BKT) + mp->pagesize); @@ -403,7 +395,7 @@ new: if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL) #ifdef STATISTICS ++mp->pagealloc; #endif -#if defined(DEBUG_DB) || defined(PURIFY) +#if defined(DEBUG) || defined(PURIFY) memset(bp, 0xff, sizeof(BKT) + mp->pagesize); #endif bp->page = (char *)bp + sizeof(BKT); @@ -432,6 +424,12 @@ mpool_write(mp, bp) (mp->pgout)(mp->pgcookie, bp->pgno, bp->page); off = mp->pagesize * bp->pgno; + if (off / mp->pagesize != bp->pgno) { + /* Run past the end of the file, or at least the part we + can address without large-file support? */ + errno = E2BIG; + return RET_ERROR; + } if (lseek(mp->fd, off, SEEK_SET) != off) return (RET_ERROR); if (write(mp->fd, bp->page, mp->pagesize) != mp->pagesize) diff --git a/usr/src/lib/krb5/db2/mpool/mpool.h b/usr/src/lib/krb5/db2/mpool/mpool.h index 7f354a5548..4963b1f074 100644 --- a/usr/src/lib/krb5/db2/mpool/mpool.h +++ b/usr/src/lib/krb5/db2/mpool/mpool.h @@ -1,6 +1,6 @@ /* - * Copyright (c) 1997-2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #ifndef _KRB5_DB2_MPOOL_MPOOL_H @@ -105,6 +105,16 @@ typedef struct MPOOL { #define MPOOL_PAGE_NEXT 0x02 /* Allocate a new page with the next page number. */ +#define mpool_open kdb2_mpool_open +#define mpool_filter kdb2_mpool_filter +#define mpool_new kdb2_mpool_new +#define mpool_get kdb2_mpool_get +#define mpool_delete kdb2_mpool_delete +#define mpool_put kdb2_mpool_put +#define mpool_sync kdb2_mpool_sync +#define mpool_close kdb2_mpool_close +#define mpool_stat kdb2_mpool_stat + __BEGIN_DECLS MPOOL *mpool_open __P((void *, int, db_pgno_t, db_pgno_t)); void mpool_filter __P((MPOOL *, void (*)(void *, db_pgno_t, void *), diff --git a/usr/src/lib/krb5/db2/recno/extern.h b/usr/src/lib/krb5/db2/recno/extern.h index 40027665c3..366396ecb4 100644 --- a/usr/src/lib/krb5/db2/recno/extern.h +++ b/usr/src/lib/krb5/db2/recno/extern.h @@ -1,6 +1,6 @@ /* - * Copyright (c) 1997-2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #ifndef _KRB5_DB2_RECNO_EXTERN_H @@ -50,6 +50,24 @@ extern "C" { #include "../btree/extern.h" +#define __rec_close __kdb2_rec_close +#define __rec_delete __kdb2_rec_delete +#define __rec_dleaf __kdb2_rec_dleaf +#define __rec_fd __kdb2_rec_fd +#define __rec_fmap __kdb2_rec_fmap +#define __rec_fout __kdb2_rec_fout +#define __rec_fpipe __kdb2_rec_fpipe +#define __rec_get __kdb2_rec_get +#define __rec_iput __kdb2_rec_iput +#define __rec_put __kdb2_rec_put +#define __rec_ret __kdb2_rec_ret +#define __rec_search __kdb2_rec_search +#define __rec_seq __kdb2_rec_seq +#define __rec_sync __kdb2_rec_sync +#define __rec_vmap __kdb2_rec_vmap +#define __rec_vout __kdb2_rec_vout +#define __rec_vpipe __kdb2_rec_vpipe + int __rec_close __P((DB *)); int __rec_delete __P((const DB *, const DBT *, u_int)); int __rec_dleaf __P((BTREE *, PAGE *, u_int32_t)); diff --git a/usr/src/lib/krb5/db2/recno/rec_close.c b/usr/src/lib/krb5/db2/recno/rec_close.c index c2f53b17a9..c7bd9a5fdc 100644 --- a/usr/src/lib/krb5/db2/recno/rec_close.c +++ b/usr/src/lib/krb5/db2/recno/rec_close.c @@ -85,13 +85,14 @@ __rec_close(dbp) status = RET_ERROR; #endif - if (!F_ISSET(t, R_INMEM)) + if (!F_ISSET(t, R_INMEM)) { if (F_ISSET(t, R_CLOSEFP)) { if (fclose(t->bt_rfp)) status = RET_ERROR; } else if (close(t->bt_rfd)) status = RET_ERROR; + } if (__bt_close(dbp) == RET_ERROR) status = RET_ERROR; diff --git a/usr/src/lib/krb5/db2/recno/rec_delete.c b/usr/src/lib/krb5/db2/recno/rec_delete.c index 5651808aaa..5c6f2ebfcd 100644 --- a/usr/src/lib/krb5/db2/recno/rec_delete.c +++ b/usr/src/lib/krb5/db2/recno/rec_delete.c @@ -147,16 +147,16 @@ rec_rdelete(t, nrec) * * Parameters: * t: tree - * index: index on current page to delete + * idx: index on current page to delete * * Returns: * RET_SUCCESS, RET_ERROR. */ int -__rec_dleaf(t, h, index) +__rec_dleaf(t, h, idx) BTREE *t; PAGE *h; - u_int32_t index; + u_int32_t idx; { RLEAF *rl; indx_t *ip, cnt, offset; @@ -174,7 +174,7 @@ __rec_dleaf(t, h, index) * down, overwriting the deleted record and its index. If the record * uses overflow pages, make them available for reuse. */ - to = rl = GETRLEAF(h, index); + to = rl = GETRLEAF(h, idx); if (rl->flags & P_BIGDATA && __ovfl_delete(t, rl->bytes) == RET_ERROR) return (RET_ERROR); nbytes = NRLEAF(rl); @@ -187,8 +187,8 @@ __rec_dleaf(t, h, index) memmove(from + nbytes, from, (char *)to - from); h->upper += nbytes; - offset = h->linp[index]; - for (cnt = &h->linp[index] - (ip = &h->linp[0]); cnt--; ++ip) + offset = h->linp[idx]; + for (cnt = &h->linp[idx] - (ip = &h->linp[0]); cnt--; ++ip) if (ip[0] < offset) ip[0] += nbytes; for (cnt = &h->linp[NEXTINDEX(h)] - ip; --cnt; ++ip) diff --git a/usr/src/lib/krb5/db2/recno/rec_open.c b/usr/src/lib/krb5/db2/recno/rec_open.c index 22a6c73f7a..48f933eb56 100644 --- a/usr/src/lib/krb5/db2/recno/rec_open.c +++ b/usr/src/lib/krb5/db2/recno/rec_open.c @@ -70,7 +70,7 @@ __rec_open(fname, flags, mode, openinfo, dflags) int rfd, sverrno; /* Open the user's file -- if this fails, we're done. */ - if (fname != NULL && (rfd = open(fname, flags, mode)) < 0) + if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) return (NULL); /* Create a btree in memory (backed by disk). */ @@ -87,9 +87,9 @@ __rec_open(fname, flags, mode, openinfo, dflags) btopeninfo.prefix = NULL; btopeninfo.lorder = openinfo->lorder; dbp = __bt_open(openinfo->bfname, - O_RDWR, S_IRUSR | S_IWUSR, &btopeninfo, dflags); + O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, &btopeninfo, dflags); } else - dbp = __bt_open(NULL, O_RDWR, S_IRUSR | S_IWUSR, NULL, dflags); + dbp = __bt_open(NULL, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, NULL, dflags); if (dbp == NULL) goto err; @@ -132,7 +132,7 @@ __rec_open(fname, flags, mode, openinfo, dflags) default: goto einval; } -slow: if ((t->bt_rfp = fdopen(rfd, "r")) == NULL) +slow: if ((t->bt_rfp = fdopen(rfd, "rb")) == NULL) goto err; F_SET(t, R_CLOSEFP); t->bt_irec = diff --git a/usr/src/lib/krb5/db2/recno/rec_put.c b/usr/src/lib/krb5/db2/recno/rec_put.c index b15d759a55..5474a50d86 100644 --- a/usr/src/lib/krb5/db2/recno/rec_put.c +++ b/usr/src/lib/krb5/db2/recno/rec_put.c @@ -198,7 +198,7 @@ __rec_iput(t, nrec, data, flags) DBT tdata; EPG *e; PAGE *h; - indx_t index, nxtindex; + indx_t idx, nxtindex; db_pgno_t pg; u_int32_t nbytes; int dflags, status; @@ -229,7 +229,7 @@ __rec_iput(t, nrec, data, flags) return (RET_ERROR); h = e->page; - index = e->index; + idx = e->index; /* * Add the specified key/data pair to the tree. The R_IAFTER and @@ -239,13 +239,13 @@ __rec_iput(t, nrec, data, flags) */ switch (flags) { case R_IAFTER: - ++index; + ++idx; break; case R_IBEFORE: break; default: if (nrec < t->bt_nrecs && - __rec_dleaf(t, h, index) == RET_ERROR) { + __rec_dleaf(t, h, idx) == RET_ERROR) { mpool_put(t->bt_mp, h, 0); return (RET_ERROR); } @@ -259,18 +259,18 @@ __rec_iput(t, nrec, data, flags) */ nbytes = NRLEAFDBT(data->size); if (h->upper - h->lower < nbytes + sizeof(indx_t)) { - status = __bt_split(t, h, NULL, data, dflags, nbytes, index); + status = __bt_split(t, h, NULL, data, dflags, nbytes, idx); if (status == RET_SUCCESS) ++t->bt_nrecs; return (status); } - if (index < (nxtindex = NEXTINDEX(h))) - memmove(h->linp + index + 1, h->linp + index, - (nxtindex - index) * sizeof(indx_t)); + if (idx < (nxtindex = NEXTINDEX(h))) + memmove(h->linp + idx + 1, h->linp + idx, + (nxtindex - idx) * sizeof(indx_t)); h->lower += sizeof(indx_t); - h->linp[index] = h->upper -= nbytes; + h->linp[idx] = h->upper -= nbytes; dest = (char *)h + h->upper; WR_RLEAF(dest, data, dflags); diff --git a/usr/src/lib/krb5/db2/recno/rec_search.c b/usr/src/lib/krb5/db2/recno/rec_search.c index 733e1a9b1f..5af988c1e7 100644 --- a/usr/src/lib/krb5/db2/recno/rec_search.c +++ b/usr/src/lib/krb5/db2/recno/rec_search.c @@ -68,7 +68,7 @@ __rec_search(t, recno, op) recno_t recno; enum SRCHOP op; { - register indx_t index; + register indx_t idx; register PAGE *h; EPGNO *parent; RINTERNAL *r; @@ -86,23 +86,23 @@ __rec_search(t, recno, op) t->bt_cur.index = recno - total; return (&t->bt_cur); } - for (index = 0, top = NEXTINDEX(h);;) { - r = GETRINTERNAL(h, index); - if (++index == top || total + r->nrecs > recno) + for (idx = 0, top = NEXTINDEX(h);;) { + r = GETRINTERNAL(h, idx); + if (++idx == top || total + r->nrecs > recno) break; total += r->nrecs; } - BT_PUSH(t, pg, index - 1); + BT_PUSH(t, pg, idx - 1); pg = r->pgno; switch (op) { case SDELETE: - --GETRINTERNAL(h, (index - 1))->nrecs; + --GETRINTERNAL(h, (idx - 1))->nrecs; mpool_put(t->bt_mp, h, MPOOL_DIRTY); break; case SINSERT: - ++GETRINTERNAL(h, (index - 1))->nrecs; + ++GETRINTERNAL(h, (idx - 1))->nrecs; mpool_put(t->bt_mp, h, MPOOL_DIRTY); break; case SEARCH: diff --git a/usr/src/lib/krb5/db2/recno/rec_seq.c b/usr/src/lib/krb5/db2/recno/rec_seq.c index 8f26ee0c44..d72577f584 100644 --- a/usr/src/lib/krb5/db2/recno/rec_seq.c +++ b/usr/src/lib/krb5/db2/recno/rec_seq.c @@ -33,7 +33,7 @@ * SUCH DAMAGE. */ -#ifndef lint +#if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)rec_seq.c 8.3 (Berkeley) 7/14/94"; #endif /* not lint */ diff --git a/usr/src/lib/krb5/kadm5/adb.h b/usr/src/lib/krb5/kadm5/adb.h index 6c6f6a53bc..28448888d5 100644 --- a/usr/src/lib/krb5/kadm5/adb.h +++ b/usr/src/lib/krb5/kadm5/adb.h @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -69,8 +69,10 @@ typedef struct _osa_adb_db_ent_t { int magic; DB *db; HASHINFO info; + BTREEINFO btinfo; char *filename; osa_adb_lock_t lock; + int opencnt; } osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t; /* an osa_pw_hist_ent stores all the key_datas for a single password */ @@ -92,12 +94,12 @@ typedef struct _osa_princ_ent_t { typedef struct _osa_policy_ent_t { int version; char *name; - rpc_u_int32 pw_min_life; - rpc_u_int32 pw_max_life; - rpc_u_int32 pw_min_length; - rpc_u_int32 pw_min_classes; - rpc_u_int32 pw_history_num; - rpc_u_int32 policy_refcnt; + uint32_t pw_min_life; + uint32_t pw_max_life; + uint32_t pw_min_length; + uint32_t pw_min_classes; + uint32_t pw_history_num; + uint32_t policy_refcnt; } osa_policy_ent_rec, *osa_policy_ent_t; typedef void (*osa_adb_iter_princ_func) (void *, osa_princ_ent_t); @@ -115,6 +117,8 @@ typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); */ bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp); +bool_t xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp); +bool_t xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp); /* * Functions @@ -122,6 +126,10 @@ bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp); osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfile, int magic); osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfile, int magic); +osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, + char *fileto, char *lockto, int magic); +osa_adb_ret_t osa_adb_rename_policy_db(kadm5_config_params *fromparams, + kadm5_config_params *toparams); osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfile, int magic); osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic); diff --git a/usr/src/lib/krb5/kadm5/adb_err.h b/usr/src/lib/krb5/kadm5/adb_err.h index f8024341b0..602a124151 100644 --- a/usr/src/lib/krb5/kadm5/adb_err.h +++ b/usr/src/lib/krb5/kadm5/adb_err.h @@ -17,11 +17,8 @@ * */ +#include <com_err.h> -/* - * adb_err.h: - * This file is automatically generated; please do not edit it. - */ #define OSA_ADB_NOERR (28810240L) #define OSA_ADB_DUP (28810241L) #define OSA_ADB_NOENT (28810242L) @@ -38,5 +35,16 @@ #define OSA_ADB_NOEXCL_PERM (28810253L) #define ERROR_TABLE_BASE_adb (28810240L) +extern const struct error_table et_adb_error_table; + +#if !defined(_WIN32) /* for compatibility with older versions... */ +extern void initialize_adb_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_adb_error_table() +#endif + +#if !defined(_WIN32) +#define init_adb_err_tbl initialize_adb_error_table #define adb_err_base ERROR_TABLE_BASE_adb +#endif diff --git a/usr/src/lib/krb5/kadm5/admin.h b/usr/src/lib/krb5/kadm5/admin.h index ce78ab0bb3..d4d98c66f9 100644 --- a/usr/src/lib/krb5/kadm5/admin.h +++ b/usr/src/lib/krb5/kadm5/admin.h @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -28,12 +28,36 @@ extern "C" { * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * */ - - +/* + * lib/kadm5/admin.h + * + * Copyright 2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.54 2004/08/21 02:31:09 tlyu Exp $ */ #include <sys/types.h> @@ -46,14 +70,14 @@ extern "C" { #include <kadm5/adb_err.h> #include <kadm5/chpass_util_strings.h> -#define KADM5_ADMIN_SERVICE_P "kadmin@admin" -#define KADM5_ADMIN_SERVICE "kadmin/admin" -#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" -#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" -#define KADM5_HIST_PRINCIPAL "kadmin/history" -#define KADM5_ADMIN_HOST_SERVICE "kadmin" -#define KADM5_CHANGEPW_HOST_SERVICE "changepw" -#define KADM5_KIPROP_HOST_SERVICE "kiprop" +#define KADM5_ADMIN_SERVICE_P "kadmin@admin" +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" +#define KADM5_HIST_PRINCIPAL "kadmin/history" +#define KADM5_ADMIN_HOST_SERVICE "kadmin" +#define KADM5_CHANGEPW_HOST_SERVICE "changepw" +#define KADM5_KIPROP_HOST_SERVICE "kiprop" typedef krb5_principal kadm5_princ_t; typedef char *kadm5_policy_t; @@ -61,51 +85,51 @@ typedef long kadm5_ret_t; typedef int rpc_int32; typedef unsigned int rpc_u_int32; -#define KADM5_PW_FIRST_PROMPT \ - ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) -#define KADM5_PW_SECOND_PROMPT \ - ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) +#define KADM5_PW_FIRST_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) +#define KADM5_PW_SECOND_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) /* - * Succsessfull return code + * Successful return code */ -#define KADM5_OK 0 +#define KADM5_OK 0 /* * Field masks */ /* kadm5_principal_ent_t */ -#define KADM5_PRINCIPAL 0x000001 -#define KADM5_PRINC_EXPIRE_TIME 0x000002 -#define KADM5_PW_EXPIRATION 0x000004 -#define KADM5_LAST_PWD_CHANGE 0x000008 -#define KADM5_ATTRIBUTES 0x000010 -#define KADM5_MAX_LIFE 0x000020 -#define KADM5_MOD_TIME 0x000040 -#define KADM5_MOD_NAME 0x000080 -#define KADM5_KVNO 0x000100 -#define KADM5_MKVNO 0x000200 -#define KADM5_AUX_ATTRIBUTES 0x000400 -#define KADM5_POLICY 0x000800 -#define KADM5_POLICY_CLR 0x001000 +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 /* version 2 masks */ -#define KADM5_MAX_RLIFE 0x002000 -#define KADM5_LAST_SUCCESS 0x004000 -#define KADM5_LAST_FAILED 0x008000 -#define KADM5_FAIL_AUTH_COUNT 0x010000 -#define KADM5_KEY_DATA 0x020000 -#define KADM5_TL_DATA 0x040000 +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 /* all but KEY_DATA and TL_DATA */ -#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff +#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff /* kadm5_policy_ent_t */ -#define KADM5_PW_MAX_LIFE 0x004000 -#define KADM5_PW_MIN_LIFE 0x008000 -#define KADM5_PW_MIN_LENGTH 0x010000 -#define KADM5_PW_MIN_CLASSES 0x020000 -#define KADM5_PW_HISTORY_NUM 0x040000 -#define KADM5_REF_COUNT 0x080000 +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 /* kadm5_config_params */ #define KADM5_CONFIG_REALM 0x0000001 @@ -150,23 +174,23 @@ typedef unsigned int rpc_u_int32; /* * permission bits */ -#define KADM5_PRIV_GET 0x01 -#define KADM5_PRIV_ADD 0x02 -#define KADM5_PRIV_MODIFY 0x04 -#define KADM5_PRIV_DELETE 0x08 +#define KADM5_PRIV_GET 0x01 +#define KADM5_PRIV_ADD 0x02 +#define KADM5_PRIV_MODIFY 0x04 +#define KADM5_PRIV_DELETE 0x08 /* * API versioning constants */ -#define KADM5_MASK_BITS 0xffffff00 +#define KADM5_MASK_BITS 0xffffff00 -#define KADM5_STRUCT_VERSION_MASK 0x12345600 -#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) -#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 +#define KADM5_STRUCT_VERSION_MASK 0x12345600 +#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) +#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 -#define KADM5_API_VERSION_MASK 0x12345700 -#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) -#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) +#define KADM5_API_VERSION_MASK 0x12345700 +#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) +#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) #ifdef KRB5_DNS_LOOKUP /* @@ -192,12 +216,12 @@ typedef struct _kadm5_principal_ent_t_v2 { /* version 2 fields */ krb5_deltat max_renewable_life; - krb5_timestamp last_success; - krb5_timestamp last_failed; - krb5_kvno fail_auth_count; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; krb5_int16 n_key_data; krb5_int16 n_tl_data; - krb5_tl_data *tl_data; + krb5_tl_data *tl_data; krb5_key_data *key_data; } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; @@ -216,9 +240,13 @@ typedef struct _kadm5_principal_ent_t_v1 { long aux_attributes; } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1; - +#if USE_KADM5_API_VERSION == 1 +typedef struct _kadm5_principal_ent_t_v1 + kadm5_principal_ent_rec, *kadm5_principal_ent_t; +#else typedef struct _kadm5_principal_ent_t_v2 -kadm5_principal_ent_rec, *kadm5_principal_ent_t; + kadm5_principal_ent_rec, *kadm5_principal_ent_t; +#endif typedef struct _kadm5_policy_ent_t { char *policy; @@ -248,33 +276,37 @@ typedef enum { * Data structure returned by kadm5_get_config_params() */ typedef struct _kadm5_config_params { - long mask; - char *realm; - char *profile; - int kadmind_port; - char *admin_server; - char *dbname; - char *admin_dbname; - char *admin_lockfile; - char *admin_keytab; - char *acl_file; - char *dict_file; - int mkey_from_kbd; - char *stash_file; - char *mkey_name; - krb5_enctype enctype; - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_key_salt_tuple *keysalts; - krb5_int32 num_keysalts; - char *kpasswd_server; - int kpasswd_port; - krb5_chgpwd_prot kpasswd_protocol; - bool_t iprop_enabled; - int iprop_ulogsize; - char *iprop_polltime; + long mask; + char * realm; + char * profile; + int kadmind_port; + int kpasswd_port; + + char * admin_server; + + char * dbname; + char * admin_dbname; + char * admin_lockfile; + char * admin_keytab; + char * acl_file; + char * dict_file; + + int mkey_from_kbd; + char * stash_file; + char * mkey_name; + krb5_enctype enctype; + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_key_salt_tuple *keysalts; + krb5_int32 num_keysalts; + char *kpasswd_server; + + krb5_chgpwd_prot kpasswd_protocol; + bool_t iprop_enabled; + int iprop_ulogsize; + char *iprop_polltime; } kadm5_config_params; /*********************************************************************** @@ -287,13 +319,13 @@ typedef struct _kadm5_config_params { * Data structure returned by krb5_read_realm_params() */ typedef struct __krb5_realm_params { - char *realm_profile; - char *realm_dbname; - char *realm_mkey_name; - char *realm_stash_file; - char *realm_kdc_ports; - char *realm_kdc_tcp_ports; - char *realm_acl_file; + char * realm_profile; + char * realm_dbname; + char * realm_mkey_name; + char * realm_stash_file; + char * realm_kdc_ports; + char * realm_kdc_tcp_ports; + char * realm_acl_file; krb5_int32 realm_kadmind_port; krb5_enctype realm_enctype; krb5_deltat realm_max_life; @@ -301,13 +333,14 @@ typedef struct __krb5_realm_params { krb5_timestamp realm_expiration; krb5_flags realm_flags; krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; unsigned int realm_kadmind_port_valid:1; unsigned int realm_enctype_valid:1; unsigned int realm_max_life_valid:1; unsigned int realm_max_rlife_valid:1; unsigned int realm_expiration_valid:1; unsigned int realm_flags_valid:1; - unsigned int realm_filler:7; + unsigned int realm_reject_bad_transit_valid:1; krb5_int32 realm_num_keysalts; } krb5_realm_params; @@ -315,52 +348,63 @@ typedef struct __krb5_realm_params { * functions */ - -kadm5_ret_t -kadm5_get_master(krb5_context context, const char *realm, char **master); - kadm5_ret_t kadm5_get_adm_host_srv_name(krb5_context context, - const char *realm, char **host_service_name); + const char *realm, char **host_service_name); kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context context, - const char *realm, char **host_service_name); + const char *realm, char **host_service_name); +#if USE_KADM5_API_VERSION > 1 krb5_error_code kadm5_get_config_params(krb5_context context, char *kdcprofile, char *kdcenv, kadm5_config_params *params_in, kadm5_config_params *params_out); -/* SUNWresync121 XXX */ -krb5_error_code kadm5_free_config_params(krb5_context context, - kadm5_config_params *params); +krb5_error_code kadm5_free_config_params(krb5_context context, + kadm5_config_params *params); krb5_error_code kadm5_free_realm_params(krb5_context kcontext, kadm5_config_params *params); -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - void **server_handle); +krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, + char *, size_t); +#endif +kadm5_ret_t kadm5_init(char *client_name, char *pass, + char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else + kadm5_config_params *params, +#endif + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else kadm5_config_params *params, +#endif krb5_ui_4 struct_version, krb5_ui_4 api_version, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else kadm5_config_params *params, +#endif krb5_ui_4 struct_version, krb5_ui_4 api_version, void **server_handle); - +#if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, krb5_ccache cc, char *service_name, @@ -368,6 +412,9 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, krb5_ui_4 struct_version, krb5_ui_4 api_version, void **server_handle); +#endif +kadm5_ret_t kadm5_lock(void *server_handle); +kadm5_ret_t kadm5_unlock(void *server_handle); kadm5_ret_t kadm5_flush(void *server_handle); kadm5_ret_t kadm5_destroy(void *server_handle); kadm5_ret_t kadm5_create_principal(void *server_handle, @@ -385,13 +432,17 @@ kadm5_ret_t kadm5_modify_principal(void *server_handle, kadm5_principal_ent_t ent, long mask); kadm5_ret_t kadm5_rename_principal(void *server_handle, - krb5_principal, krb5_principal); - + krb5_principal,krb5_principal); +#if USE_KADM5_API_VERSION == 1 kadm5_ret_t kadm5_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t ent, - long mask); - + krb5_principal principal, + kadm5_principal_ent_t *ent); +#else +kadm5_ret_t kadm5_get_principal(void *server_handle, + krb5_principal principal, + kadm5_principal_ent_t ent, + long mask); +#endif kadm5_ret_t kadm5_chpass_principal(void *server_handle, krb5_principal principal, char *pass); @@ -401,6 +452,11 @@ kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *pass); +#if USE_KADM5_API_VERSION == 1 +kadm5_ret_t kadm5_randkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock **keyblock); +#else /* * Solaris Kerberos: @@ -415,7 +471,6 @@ kadm5_ret_t kadm5_randkey_principal(void *server_handle, krb5_principal principal, krb5_keyblock **keyblocks, int *n_keys); - kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, krb5_principal principal, krb5_boolean keepold, @@ -423,6 +478,7 @@ kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, krb5_key_salt_tuple *ks_tuple, krb5_keyblock **keyblocks, int *n_keys); +#endif kadm5_ret_t kadm5_setv4key_principal(void *server_handle, krb5_principal principal, krb5_keyblock *keyblock); @@ -440,6 +496,12 @@ kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, krb5_keyblock *keyblocks, int n_keys); +kadm5_ret_t kadm5_decrypt_key(void *server_handle, + kadm5_principal_ent_t entry, krb5_int32 + ktype, krb5_int32 stype, krb5_int32 + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop); + kadm5_ret_t kadm5_create_policy(void *server_handle, kadm5_policy_ent_t ent, long mask); @@ -466,20 +528,24 @@ kadm5_ret_t kadm5_modify_policy(void *server_handle, kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, kadm5_policy_ent_t entry, long mask); - +#if USE_KADM5_API_VERSION == 1 +kadm5_ret_t kadm5_get_policy(void *server_handle, + kadm5_policy_t policy, + kadm5_policy_ent_t *ent); +#else kadm5_ret_t kadm5_get_policy(void *server_handle, kadm5_policy_t policy, kadm5_policy_ent_t ent); - +#endif kadm5_ret_t kadm5_get_privs(void *server_handle, - long *privs); + long *privs); kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, char *new_pw, char **ret_pw, char *msg_ret, - int msg_len); + unsigned int msg_len); kadm5_ret_t kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t @@ -495,14 +561,261 @@ kadm5_ret_t kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count); - +#if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_free_key_data(void *server_handle, krb5_int16 *n_key_data, krb5_key_data *key_data); +#endif + +kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, + int count); + +#if USE_KADM5_API_VERSION == 1 +/* + * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time + * compatible with KADM5_API_VERSION_2. Basically, this means we have + * to continue to provide all the old ovsec_kadm function and symbol + * names. + */ + +#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl" +#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict" -kadm5_ret_t kadm5_free_name_list(void *server_handle, - char **names, int count); +#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin" +#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw" +#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history" +typedef krb5_principal ovsec_kadm_princ_t; +typedef krb5_keyblock ovsec_kadm_keyblock; +typedef char *ovsec_kadm_policy_t; +typedef long ovsec_kadm_ret_t; + +enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL }; +enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL }; + +#define OVSEC_KADM_PW_FIRST_PROMPT \ + ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) +#define OVSEC_KADM_PW_SECOND_PROMPT \ + ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) + +/* + * Successful return code + */ +#define OVSEC_KADM_OK 0 + +/* + * Create/Modify masks + */ +/* principal */ +#define OVSEC_KADM_PRINCIPAL 0x000001 +#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002 +#define OVSEC_KADM_PW_EXPIRATION 0x000004 +#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008 +#define OVSEC_KADM_ATTRIBUTES 0x000010 +#define OVSEC_KADM_MAX_LIFE 0x000020 +#define OVSEC_KADM_MOD_TIME 0x000040 +#define OVSEC_KADM_MOD_NAME 0x000080 +#define OVSEC_KADM_KVNO 0x000100 +#define OVSEC_KADM_MKVNO 0x000200 +#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400 +#define OVSEC_KADM_POLICY 0x000800 +#define OVSEC_KADM_POLICY_CLR 0x001000 +/* policy */ +#define OVSEC_KADM_PW_MAX_LIFE 0x004000 +#define OVSEC_KADM_PW_MIN_LIFE 0x008000 +#define OVSEC_KADM_PW_MIN_LENGTH 0x010000 +#define OVSEC_KADM_PW_MIN_CLASSES 0x020000 +#define OVSEC_KADM_PW_HISTORY_NUM 0x040000 +#define OVSEC_KADM_REF_COUNT 0x080000 + +/* + * permission bits + */ +#define OVSEC_KADM_PRIV_GET 0x01 +#define OVSEC_KADM_PRIV_ADD 0x02 +#define OVSEC_KADM_PRIV_MODIFY 0x04 +#define OVSEC_KADM_PRIV_DELETE 0x08 + +/* + * API versioning constants + */ +#define OVSEC_KADM_MASK_BITS 0xffffff00 + +#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600 +#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01) +#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1 + +#define OVSEC_KADM_API_VERSION_MASK 0x12345700 +#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01) + + +typedef struct _ovsec_kadm_principal_ent_t { + krb5_principal principal; + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + char *policy; + long aux_attributes; +} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t; + +typedef struct _ovsec_kadm_policy_ent_t { + char *policy; + long pw_min_life; + long pw_max_life; + long pw_min_length; + long pw_min_classes; + long pw_history_num; + long policy_refcnt; +} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t; + +/* + * functions + */ +ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, + char *service_name, char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, + char *pass, + char *service_name, + char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, + char *keytab, + char *service_name, + char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); +ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); +ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle, + ovsec_kadm_principal_ent_t ent, + long mask, char *pass); +ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle, + krb5_principal principal); +ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle, + ovsec_kadm_principal_ent_t ent, + long mask); +ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle, + krb5_principal,krb5_principal); +ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle, + krb5_principal principal, + ovsec_kadm_principal_ent_t *ent); +ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle, + krb5_principal principal, + char *pass); +ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock **keyblock); +ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle, + ovsec_kadm_policy_ent_t ent, + long mask); +/* + * ovsec_kadm_create_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from ovsec_kadm_create_policy. + */ +ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle, + ovsec_kadm_policy_ent_t + entry, long mask); +ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle, + ovsec_kadm_policy_t policy); +ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle, + ovsec_kadm_policy_ent_t ent, + long mask); +/* + * ovsec_kadm_modify_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from ovsec_kadm_modify_policy. + */ +ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle, + ovsec_kadm_policy_ent_t + entry, long mask); +ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle, + ovsec_kadm_policy_t policy, + ovsec_kadm_policy_ent_t *ent); +ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, + long *privs); + +ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle, + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret); + +ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle, + ovsec_kadm_principal_ent_t + ent); +ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle, + ovsec_kadm_policy_ent_t ent); + +ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle, + char **names, int count); + +ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle, + char *exp, char ***princs, + int *count); + +ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle, + char *exp, char ***pols, + int *count); + +#define OVSEC_KADM_FAILURE KADM5_FAILURE +#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET +#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD +#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY +#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE +#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT +#define OVSEC_KADM_BAD_DB KADM5_BAD_DB +#define OVSEC_KADM_DUP KADM5_DUP +#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR +#define OVSEC_KADM_NO_SRV KADM5_NO_SRV +#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY +#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT +#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC +#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY +#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK +#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS +#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH +#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY +#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL +#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR +#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY +#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE +#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT +#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS +#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT +#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE +#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON +#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF +#define OVSEC_KADM_INIT KADM5_INIT +#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD +#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL +#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE +#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION +#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION +#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION +#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION +#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION +#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION +#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION +#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION +#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING +#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT + +#endif /* USE_KADM5_API_VERSION == 1 */ krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle); kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle, diff --git a/usr/src/lib/krb5/kadm5/admin_internal.h b/usr/src/lib/krb5/kadm5/admin_internal.h index f63f783e8a..60d55a52e8 100644 --- a/usr/src/lib/krb5/kadm5/admin_internal.h +++ b/usr/src/lib/krb5/kadm5/admin_internal.h @@ -21,7 +21,6 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_internal.h,v 1.13.18.1 2000/05/19 22:24:14 raeburn Exp $ */ #ifndef __KADM5_ADMIN_INTERNAL_H__ @@ -82,18 +81,17 @@ * * Got that? */ -int _kadm5_check_handle(); - #define _KADM5_CHECK_HANDLE(handle) \ -{ int code; if ((code = _kadm5_check_handle((void *)handle))) return code; } +{ int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;} +int _kadm5_check_handle(void *handle); kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, void *lhandle, krb5_principal princ, char *new_pw, char **ret_pw, char *msg_ret, - int msg_len); + unsigned int msg_len); /* this is needed by the alt_prof code I stole. The functions maybe shouldn't be named krb5_*, but they are. */ diff --git a/usr/src/lib/krb5/kadm5/admin_xdr.h b/usr/src/lib/krb5/kadm5/admin_xdr.h index b1ef2a11d9..8eff0ca9f1 100644 --- a/usr/src/lib/krb5/kadm5/admin_xdr.h +++ b/usr/src/lib/krb5/kadm5/admin_xdr.h @@ -21,65 +21,61 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_xdr.h,v 1.5 1996/07/22 20:35:33 marc Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin_xdr.h,v 1.7 2001/07/25 19:02:29 epeisach Exp $ * - * $Log: admin_xdr.h,v $ - * Revision 1.5 1996/07/22 20:35:33 marc - * this commit includes all the changes on the OV_9510_INTEGRATION and - * OV_MERGE branches. This includes, but is not limited to, the new openvision - * admin system, and major changes to gssapi to add functionality, and bring - * the implementation in line with rfc1964. before committing, the - * code was built and tested for netbsd and solaris. - * - * Revision 1.4.4.1 1996/07/18 03:08:25 marc - * merged in changes from OV_9510_BP to OV_9510_FINAL1 - * - * Revision 1.4.2.1 1996/06/20 02:16:37 marc - * File added to the repository on a branch - * - * Revision 1.4 1996/05/30 16:36:34 bjaspan - * finish updating to kadm5 naming (oops) - * - * Revision 1.3 1996/05/22 00:28:19 bjaspan - * rename to kadm5 - * - * Revision 1.2 1996/05/12 06:30:10 marc - * - fixup includes and data types to match beta6 - * - * Revision 1.1 1993/11/09 04:06:01 shanzer - * Initial revision - * */ #include <kadm5/admin.h> #include "kadm_rpc.h" +bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp); bool_t xdr_nullstring(XDR *xdrs, char **objp); +bool_t xdr_nulltype(XDR *xdrs, void **objp, xdrproc_t proc); bool_t xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp); bool_t xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp); bool_t xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp); bool_t xdr_krb5_flags(XDR *xdrs, krb5_flags *objp); +bool_t xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp); +bool_t xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp); +bool_t xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp); +bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp); +bool_t xdr_krb5_key_salt_tuple(XDR *xdrs, krb5_key_salt_tuple *objp); +bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head); bool_t xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp); +bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs, kadm5_principal_ent_rec *objp); bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp); bool_t xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp); bool_t xdr_kadm5_policy_ent_t(XDR *xdrs, kadm5_policy_ent_t *objp); bool_t xdr_kadm5_principal_ent_t(XDR *xdrs, kadm5_principal_ent_t *objp); bool_t xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp); +bool_t xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp); +bool_t xdr_generic_ret(XDR *xdrs, generic_ret *objp); bool_t xdr_dprinc_arg(XDR *xdrs, dprinc_arg *objp); bool_t xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp); bool_t xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp); bool_t xdr_chpass_arg(XDR *xdrs, chpass_arg *objp); +bool_t xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp); +bool_t xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp); +bool_t xdr_setkey_arg(XDR *xdrs, setkey_arg *objp); +bool_t xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp); bool_t xdr_chrand_arg(XDR *xdrs, chrand_arg *objp); +bool_t xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp); bool_t xdr_chrand_ret(XDR *xdrs, chrand_ret *objp); bool_t xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp); -bool_t xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp); +bool_t xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp); +bool_t xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp); +bool_t xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp); bool_t xdr_cpol_arg(XDR *xdrs, cpol_arg *objp); bool_t xdr_dpol_arg(XDR *xdrs, dpol_arg *objp); bool_t xdr_mpol_arg(XDR *xdrs, mpol_arg *objp); bool_t xdr_gpol_arg(XDR *xdrs, gpol_arg *objp); bool_t xdr_gpol_ret(XDR *xdrs, gpol_ret *objp); +bool_t xdr_gpols_arg(XDR *xdrs, gpols_arg *objp); +bool_t xdr_gpols_ret(XDR *xdrs, gpols_ret *objp); +bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp); bool_t xdr_krb5_principal(XDR *xdrs, krb5_principal *objp); bool_t xdr_krb5_octet(XDR *xdrs, krb5_octet *objp); bool_t xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp); +bool_t xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp); diff --git a/usr/src/lib/krb5/kadm5/alt_prof.c b/usr/src/lib/krb5/kadm5/alt_prof.c index 5c465f4702..b3ea033280 100644 --- a/usr/src/lib/krb5/kadm5/alt_prof.c +++ b/usr/src/lib/krb5/kadm5/alt_prof.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,7 +26,7 @@ /* * lib/kadm/alt_prof.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995,2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -41,7 +41,10 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * @@ -69,6 +72,20 @@ krb5_error_code kadm5_free_config_params(); "des-cbc-md5:normal " \ "des-cbc-crc:normal" +static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len) +krb5_key_salt_tuple *ksalt; +krb5_int32 len; +{ + krb5_key_salt_tuple *knew; + + if((knew = (krb5_key_salt_tuple *) + malloc((len ) * sizeof(krb5_key_salt_tuple)))) { + memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple)); + return knew; + } + return 0; +} + /* * krb5_aprof_init() - Initialize alternate profile context. * @@ -82,36 +99,36 @@ krb5_error_code kadm5_free_config_params(); */ krb5_error_code krb5_aprof_init(fname, envname, acontextp) -char *fname; -char *envname; -krb5_pointer *acontextp; + char *fname; + char *envname; + krb5_pointer *acontextp; { - krb5_error_code kret; - const char *namelist[2]; - profile_t profile; - - namelist[1] = (char *)NULL; - profile = (profile_t)NULL; - if (envname) { - if ((namelist[0] = getenv(envname))) { - kret = profile_init(namelist, &profile); - if (kret) - return (kret); - *acontextp = (krb5_pointer) profile; - return (0); - } - } - profile = (profile_t)NULL; - if (fname) { - kret = profile_init_path(fname, &profile); - if (kret == ENOENT) { - profile = 0; - } else if (kret) - return (kret); - *acontextp = (krb5_pointer) profile; - return (0); + krb5_error_code kret; + const_profile_filespec_t namelist[2]; + profile_t profile; + + namelist[1] = (profile_filespec_t) NULL; + profile = (profile_t) NULL; + if (envname) { + if ((namelist[0] = getenv(envname))) { + kret = profile_init(namelist, &profile); + if (kret) + return kret; + *acontextp = (krb5_pointer) profile; + return 0; } - return (0); + } + profile = (profile_t) NULL; + if (fname) { + kret = profile_init_path(fname, &profile); + if (kret == ENOENT) { + profile = 0; + } else if (kret) + return kret; + *acontextp = (krb5_pointer) profile; + return 0; + } + return 0; } /* @@ -127,13 +144,71 @@ krb5_pointer *acontextp; */ krb5_error_code krb5_aprof_getvals(acontext, hierarchy, retdata) -krb5_pointer acontext; -const char **hierarchy; -char ***retdata; + krb5_pointer acontext; + const char **hierarchy; + char ***retdata; { - return (profile_get_values((profile_t)acontext, - hierarchy, - retdata)); + return(profile_get_values((profile_t) acontext, + hierarchy, + retdata)); +} + +/* + * krb5_aprof_get_boolean() + * + * Parameters: + * acontext - opaque context for alternate profile + * hierarchy - hierarchy of value to retrieve + * retdata - Returned data value + * Returns: + * error codes + */ + +static krb5_error_code +string_to_boolean (const char *string, krb5_boolean *out) +{ + static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; + static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; + int i; + + for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) + if (!strcasecmp(string, yes[i])) { + *out = 1; + return 0; + } + for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) + if (!strcasecmp(string, no[i])) { + *out = 0; + return 0; + } + return PROF_BAD_BOOLEAN; +} + +krb5_error_code +krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy, + int uselast, krb5_boolean *retdata) +{ + krb5_error_code kret; + char **values; + char *valp; + int idx; + krb5_boolean val; + + kret = krb5_aprof_getvals (acontext, hierarchy, &values); + if (kret) + return kret; + idx = 0; + if (uselast) { + while (values[idx]) + idx++; + idx--; + } + valp = values[idx]; + kret = string_to_boolean (valp, &val); + if (kret) + return kret; + *retdata = val; + return 0; } /* @@ -153,31 +228,31 @@ char ***retdata; */ krb5_error_code krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp) -krb5_pointer acontext; -const char **hierarchy; -krb5_boolean uselast; -krb5_deltat *deltatp; + krb5_pointer acontext; + const char **hierarchy; + krb5_boolean uselast; + krb5_deltat *deltatp; { - krb5_error_code kret; - char **values; - char *valp; - int index; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index = 0; values[index]; index++); - index--; - } - valp = values[index]; - kret = krb5_string_to_deltat(valp, deltatp); - - /* Free the string storage */ - for (index = 0; values[index]; index++) - krb5_xfree(values[index]); - krb5_xfree(values); + krb5_error_code kret; + char **values; + char *valp; + int idx; + + if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { + idx = 0; + if (uselast) { + for (idx=0; values[idx]; idx++); + idx--; } - return (kret); + valp = values[idx]; + kret = krb5_string_to_deltat(valp, deltatp); + + /* Free the string storage */ + for (idx=0; values[idx]; idx++) + krb5_xfree(values[idx]); + krb5_xfree(values); + } + return(kret); } /* @@ -196,31 +271,31 @@ krb5_deltat *deltatp; */ krb5_error_code krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) -krb5_pointer acontext; -const char **hierarchy; -krb5_boolean uselast; -char **stringp; + krb5_pointer acontext; + const char **hierarchy; + krb5_boolean uselast; + char **stringp; { - krb5_error_code kret; - char **values; - int index, i; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index = 0; values[index]; index++); - index--; - } + krb5_error_code kret; + char **values; + int idx, i; + + if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { + idx = 0; + if (uselast) { + for (idx=0; values[idx]; idx++); + idx--; + } - *stringp = values[index]; + *stringp = values[idx]; - /* Free the string storage */ - for (i = 0; values[i]; i++) - if (i != index) - krb5_xfree(values[i]); - krb5_xfree(values); - } - return (kret); + /* Free the string storage */ + for (i=0; values[i]; i++) + if (i != idx) + krb5_xfree(values[i]); + krb5_xfree(values); + } + return(kret); } /* @@ -240,31 +315,31 @@ char **stringp; */ krb5_error_code krb5_aprof_get_int32(acontext, hierarchy, uselast, intp) -krb5_pointer acontext; -const char **hierarchy; -krb5_boolean uselast; -krb5_int32 *intp; + krb5_pointer acontext; + const char **hierarchy; + krb5_boolean uselast; + krb5_int32 *intp; { - krb5_error_code kret; - char **values; - int index; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index = 0; values[index]; index++); - index--; - } + krb5_error_code kret; + char **values; + int idx; + + if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { + idx = 0; + if (uselast) { + for (idx=0; values[idx]; idx++); + idx--; + } - if (sscanf(values[index], "%d", intp) != 1) - kret = EINVAL; + if (sscanf(values[idx], "%d", intp) != 1) + kret = EINVAL; - /* Free the string storage */ - for (index = 0; values[index]; index++) - krb5_xfree(values[index]); - krb5_xfree(values); - } - return (kret); + /* Free the string storage */ + for (idx=0; values[idx]; idx++) + krb5_xfree(values[idx]); + krb5_xfree(values); + } + return(kret); } /* @@ -278,10 +353,10 @@ krb5_int32 *intp; */ krb5_error_code krb5_aprof_finish(acontext) -krb5_pointer acontext; + krb5_pointer acontext; { - profile_release(acontext); - return (0); + profile_release(acontext); + return(0); } /* @@ -292,13 +367,13 @@ krb5_pointer acontext; * * Arguments: * - * context(r) krb5_context to use - * profile(r) profile file to use - * envname(r) envname that contains a profile name to + * context (r) krb5_context to use + * profile (r) profile file to use + * envname (r) envname that contains a profile name to * override profile - * params_in(r) params structure containing user-supplied + * params_in (r) params structure containing user-supplied * values, or NULL - * params_out(w) params structure to be filled in + * params_out (w) params structure to be filled in * * Effects: * @@ -314,21 +389,21 @@ krb5_pointer acontext; */ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv, params_in, params_out) -krb5_context context; -char *kdcprofile; -char *kdcenv; -kadm5_config_params *params_in, *params_out; + krb5_context context; + char *kdcprofile; + char *kdcenv; + kadm5_config_params *params_in, *params_out; { - char *filename; - char *envname; - char *lrealm; - krb5_pointer aprofile = 0; - const char *hierarchy[4]; - char *svalue; - krb5_int32 ivalue; - kadm5_config_params params, empty_params; - - krb5_error_code kret = 0; + char *filename; + char *envname; + char *lrealm; + krb5_pointer aprofile = 0; + const char *hierarchy[4]; + char *svalue; + krb5_int32 ivalue; + kadm5_config_params params, empty_params; + + krb5_error_code kret = 0; krb5_error_code dnsret = 1; #ifdef KRB5_DNS_LOOKUP @@ -337,47 +412,47 @@ kadm5_config_params *params_in, *params_out; krb5_data dns_realm; #endif /* KRB5_DNS_LOOKUP */ - memset((char *)¶ms, 0, sizeof (params)); - memset((char *)&empty_params, 0, sizeof (empty_params)); - - if (params_in == NULL) params_in = &empty_params; - - if (params_in->mask & KADM5_CONFIG_REALM) { - lrealm = params.realm = strdup(params_in->realm); - if (params.realm) - params.mask |= KADM5_CONFIG_REALM; - } else { - kret = krb5_get_default_realm(context, &lrealm); - if (kret) - goto cleanup; - params.realm = lrealm; - params.mask |= KADM5_CONFIG_REALM; - } - if (params_in->mask & KADM5_CONFIG_PROFILE) { - filename = params.profile = strdup(params_in->profile); - if (params.profile) - params.mask |= KADM5_CONFIG_PROFILE; - envname = NULL; - } else { - /* - * XXX These defaults should to work on both client and - * server. kadm5_get_config_params can be implemented as a - * wrapper function in each library that provides correct - * defaults for NULL values. - */ - filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; - envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; - if (context->profile_secure == TRUE) envname = 0; - } - - kret = krb5_aprof_init(filename, envname, &aprofile); - if (kret) - goto cleanup; - - /* Initialize realm parameters */ - hierarchy[0] = "realms"; - hierarchy[1] = lrealm; - hierarchy[3] = (char *)NULL; + memset((char *) ¶ms, 0, sizeof(params)); + memset((char *) &empty_params, 0, sizeof(empty_params)); + + if (params_in == NULL) params_in = &empty_params; + + if (params_in->mask & KADM5_CONFIG_REALM) { + lrealm = params.realm = strdup(params_in->realm); + if (params.realm) + params.mask |= KADM5_CONFIG_REALM; + } else { + kret = krb5_get_default_realm(context, &lrealm); + if (kret) + goto cleanup; + params.realm = lrealm; + params.mask |= KADM5_CONFIG_REALM; + } + if (params_in->mask & KADM5_CONFIG_PROFILE) { + filename = params.profile = strdup(params_in->profile); + if (params.profile) + params.mask |= KADM5_CONFIG_PROFILE; + envname = NULL; + } else { + /* + * XXX These defaults should to work on both client and + * server. kadm5_get_config_params can be implemented as a + * wrapper function in each library that provides correct + * defaults for NULL values. + */ + filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; + envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; + if (context->profile_secure == TRUE) envname = 0; + } + + kret = krb5_aprof_init(filename, envname, &aprofile); + if (kret) + goto cleanup; + + /* Initialize realm parameters */ + hierarchy[0] = "realms"; + hierarchy[1] = lrealm; + hierarchy[3] = (char *) NULL; #ifdef KRB5_DNS_LOOKUP /* @@ -388,17 +463,17 @@ kadm5_config_params *params_in, *params_out; dns_realm.magic = 0; #endif /* KRB5_DNS_LOOKUP */ - /* Get the value for the admin server */ - hierarchy[2] = "admin_server"; - if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) { - params.admin_server = strdup(params_in->admin_server); - if (params.admin_server) - params.mask |= KADM5_CONFIG_ADMIN_SERVER; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.admin_server = svalue; - params.mask |= KADM5_CONFIG_ADMIN_SERVER; - } + /* Get the value for the admin server */ + hierarchy[2] = "admin_server"; + if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) { + params.admin_server = strdup(params_in->admin_server); + if (params.admin_server) + params.mask |= KADM5_CONFIG_ADMIN_SERVER; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.admin_server = svalue; + params.mask |= KADM5_CONFIG_ADMIN_SERVER; + } #ifdef KRB5_DNS_LOOKUP else if (strcmp(envname, "KRB5_CONFIG") == 0) { /* @@ -421,167 +496,182 @@ kadm5_config_params *params_in, *params_out; } #endif /* KRB5_DNS_LOOKUP */ - if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) { - char *p; - if (p = strchr(params.admin_server, ':')) { - params.kadmind_port = atoi(p+1); - params.mask |= KADM5_CONFIG_KADMIND_PORT; - *p = '\0'; - } - } - - /* Get the value for the database */ - hierarchy[2] = "database_name"; - if (params_in->mask & KADM5_CONFIG_DBNAME) { - params.dbname = strdup(params_in->dbname); - if (params.dbname) - params.mask |= KADM5_CONFIG_DBNAME; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.dbname = svalue; - params.mask |= KADM5_CONFIG_DBNAME; - } else { - params.dbname = strdup(DEFAULT_KDB_FILE); - if (params.dbname) - params.mask |= KADM5_CONFIG_DBNAME; - } - - /* - * admin database name and lockfile are now always derived from dbname - */ - if (params.mask & KADM5_CONFIG_DBNAME) { - params.admin_dbname = (char *)malloc(strlen(params.dbname) - + 7); - if (params.admin_dbname) { - sprintf(params.admin_dbname, "%s.kadm5", - params.dbname); - params.mask |= KADM5_CONFIG_ADBNAME; - } - } - - if (params.mask & KADM5_CONFIG_ADBNAME) { - params.admin_lockfile = - (char *)malloc(strlen(params.admin_dbname)+ 6); - if (params.admin_lockfile) { - sprintf(params.admin_lockfile, "%s.lock", - params.admin_dbname); - params.mask |= KADM5_CONFIG_ADB_LOCKFILE; - } - } - - /* Get the value for the admin(policy) database lock file */ - hierarchy[2] = "admin_keytab"; - if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) { - params.admin_keytab = strdup(params_in->admin_keytab); - if (params.admin_keytab) - params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; - params.admin_keytab = svalue; - } else if (params.admin_keytab = (char *)getenv("KRB5_KTNAME")) { - params.admin_keytab = strdup(params.admin_keytab); - if (params.admin_keytab) - params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; - } else { - params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB); - if (params.admin_keytab) - params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; - } - - /* Get the name of the acl file */ - hierarchy[2] = "acl_file"; - if (params_in->mask & KADM5_CONFIG_ACL_FILE) { - params.acl_file = strdup(params_in->acl_file); - if (params.acl_file) - params.mask |= KADM5_CONFIG_ACL_FILE; + if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) { + char *p; + p = strchr(params.admin_server, ':'); + if (p) { + params.kadmind_port = atoi(p+1); + params.mask |= KADM5_CONFIG_KADMIND_PORT; + *p = '\0'; + } + } + + /* Get the value for the database */ + hierarchy[2] = "database_name"; + if (params_in->mask & KADM5_CONFIG_DBNAME) { + params.dbname = strdup(params_in->dbname); + if (params.dbname) + params.mask |= KADM5_CONFIG_DBNAME; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.dbname = svalue; + params.mask |= KADM5_CONFIG_DBNAME; + } else { + params.dbname = strdup(DEFAULT_KDB_FILE); + if (params.dbname) + params.mask |= KADM5_CONFIG_DBNAME; + } + + /* + * admin database name and lockfile are now always derived from dbname + */ + if (params.mask & KADM5_CONFIG_DBNAME) { + params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7); + if (params.admin_dbname) { + sprintf(params.admin_dbname, "%s.kadm5", params.dbname); + params.mask |= KADM5_CONFIG_ADBNAME; + } + } + + if (params.mask & KADM5_CONFIG_ADBNAME) { + params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname) + + 6); + if (params.admin_lockfile) { + sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname); + params.mask |= KADM5_CONFIG_ADB_LOCKFILE; + } + } + + /* Get the value for the admin (policy) database lock file*/ + hierarchy[2] = "admin_keytab"; + if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) { + params.admin_keytab = strdup(params_in->admin_keytab); + if (params.admin_keytab) + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; + params.admin_keytab = svalue; + } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) { + params.admin_keytab = strdup(params.admin_keytab); + if (params.admin_keytab) + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; + } else { + params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB); + if (params.admin_keytab) + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; + } + + /* Get the name of the acl file */ + hierarchy[2] = "acl_file"; + if (params_in->mask & KADM5_CONFIG_ACL_FILE) { + params.acl_file = strdup(params_in->acl_file); + if (params.acl_file) + params.mask |= KADM5_CONFIG_ACL_FILE; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_ACL_FILE; + params.acl_file = svalue; + } else { + params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE); + if (params.acl_file) + params.mask |= KADM5_CONFIG_ACL_FILE; + } + + /* Get the name of the dict file */ + hierarchy[2] = "dict_file"; + if (params_in->mask & KADM5_CONFIG_DICT_FILE) { + params.dict_file = strdup(params_in->dict_file); + if (params.dict_file) + params.mask |= KADM5_CONFIG_DICT_FILE; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_DICT_FILE; + params.dict_file = svalue; + } + + /* Get the value for the kadmind port */ + if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) { + hierarchy[2] = "kadmind_port"; + if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) { + params.mask |= KADM5_CONFIG_KADMIND_PORT; + params.kadmind_port = params_in->kadmind_port; + } else if (aprofile && + !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, + &ivalue)) { + params.kadmind_port = ivalue; + params.mask |= KADM5_CONFIG_KADMIND_PORT; + } else { + params.kadmind_port = DEFAULT_KADM5_PORT; + params.mask |= KADM5_CONFIG_KADMIND_PORT; + } + } + + /* Get the value for the kpasswd port */ + if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) { + hierarchy[2] = "kpasswd_port"; + if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) { + params.mask |= KADM5_CONFIG_KPASSWD_PORT; + params.kpasswd_port = params_in->kpasswd_port; } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.mask |= KADM5_CONFIG_ACL_FILE; - params.acl_file = svalue; + !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, + &ivalue)) { + params.kpasswd_port = ivalue; + params.mask |= KADM5_CONFIG_KPASSWD_PORT; } else { - params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE); - if (params.acl_file) - params.mask |= KADM5_CONFIG_ACL_FILE; - } - - /* Get the name of the dict file */ - hierarchy[2] = "dict_file"; - if (params_in->mask & KADM5_CONFIG_DICT_FILE) { - params.dict_file = strdup(params_in->dict_file); - if (params.dict_file) - params.mask |= KADM5_CONFIG_DICT_FILE; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.mask |= KADM5_CONFIG_DICT_FILE; - params.dict_file = svalue; - } - - /* Get the value for the kadmind port */ - if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) { - hierarchy[2] = "kadmind_port"; - if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) { - params.mask |= KADM5_CONFIG_KADMIND_PORT; - params.kadmind_port = params_in->kadmind_port; - } else if (aprofile && - !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, - &ivalue)) { - params.kadmind_port = ivalue; - params.mask |= KADM5_CONFIG_KADMIND_PORT; - } else { - params.kadmind_port = DEFAULT_KADM5_PORT; - params.mask |= KADM5_CONFIG_KADMIND_PORT; - } - } - - /* Get the value for the master key name */ - hierarchy[2] = "master_key_name"; - if (params_in->mask & KADM5_CONFIG_MKEY_NAME) { - params.mkey_name = strdup(params_in->mkey_name); - if (params.mkey_name) - params.mask |= KADM5_CONFIG_MKEY_NAME; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.mask |= KADM5_CONFIG_MKEY_NAME; - params.mkey_name = svalue; + params.kpasswd_port = DEFAULT_KPASSWD_PORT; + params.mask |= KADM5_CONFIG_KPASSWD_PORT; } - - /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; - if (params_in->mask & KADM5_CONFIG_ENCTYPE) { - params.mask |= KADM5_CONFIG_ENCTYPE; - params.enctype = params_in->enctype; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { - params.mask |= KADM5_CONFIG_ENCTYPE; - krb5_xfree(svalue); - } - } else { - params.mask |= KADM5_CONFIG_ENCTYPE; - params.enctype = DEFAULT_KDC_ENCTYPE; - } - - /* Get the value for mkey_from_kbd */ - if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) { - params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - params.mkey_from_kbd = params_in->mkey_from_kbd; - } - - /* Get the value for the stashfile */ - hierarchy[2] = "key_stash_file"; - if (params_in->mask & KADM5_CONFIG_STASH_FILE) { - params.stash_file = strdup(params_in->stash_file); - if (params.stash_file) - params.mask |= KADM5_CONFIG_STASH_FILE; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.mask |= KADM5_CONFIG_STASH_FILE; - params.stash_file = svalue; - } - - /* - * Get the value for maximum ticket lifetime. + } + + /* Get the value for the master key name */ + hierarchy[2] = "master_key_name"; + if (params_in->mask & KADM5_CONFIG_MKEY_NAME) { + params.mkey_name = strdup(params_in->mkey_name); + if (params.mkey_name) + params.mask |= KADM5_CONFIG_MKEY_NAME; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_MKEY_NAME; + params.mkey_name = svalue; + } + + /* Get the value for the master key type */ + hierarchy[2] = "master_key_type"; + if (params_in->mask & KADM5_CONFIG_ENCTYPE) { + params.mask |= KADM5_CONFIG_ENCTYPE; + params.enctype = params_in->enctype; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { + params.mask |= KADM5_CONFIG_ENCTYPE; + krb5_xfree(svalue); + } + } else { + params.mask |= KADM5_CONFIG_ENCTYPE; + params.enctype = DEFAULT_KDC_ENCTYPE; + } + + /* Get the value for mkey_from_kbd */ + if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) { + params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; + params.mkey_from_kbd = params_in->mkey_from_kbd; + } + + /* Get the value for the stashfile */ + hierarchy[2] = "key_stash_file"; + if (params_in->mask & KADM5_CONFIG_STASH_FILE) { + params.stash_file = strdup(params_in->stash_file); + if (params.stash_file) + params.mask |= KADM5_CONFIG_STASH_FILE; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_STASH_FILE; + params.stash_file = svalue; + } + + /* + * Get the value for maximum ticket lifetime. * See SEAM documentation or the Bug ID 4184504 * We have changed the logic so that the entries are * created in the database with the maximum duration @@ -589,86 +679,86 @@ kadm5_config_params *params_in, *params_out; * However this wil get negotiated down when * as or tgs request is processed by KDC. */ - hierarchy[2] = "max_life"; - if (params_in->mask & KADM5_CONFIG_MAX_LIFE) { - params.mask |= KADM5_CONFIG_MAX_LIFE; - params.max_life = params_in->max_life; - } else { - params.mask |= KADM5_CONFIG_MAX_LIFE; - params.max_life = KRB5_INT32_MAX; - } - - /* Get the value for maximum renewable ticket lifetime. */ - hierarchy[2] = "max_renewable_life"; - if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) { - params.mask |= KADM5_CONFIG_MAX_RLIFE; - params.max_rlife = params_in->max_rlife; - } else { - params.mask |= KADM5_CONFIG_MAX_RLIFE; - params.max_rlife = KRB5_INT32_MAX; - } - - /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; - if (params_in->mask & KADM5_CONFIG_EXPIRATION) { - params.mask |= KADM5_CONFIG_EXPIRATION; - params.expiration = params_in->expiration; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { - params.mask |= KADM5_CONFIG_EXPIRATION; - krb5_xfree(svalue); - } - } else { - params.mask |= KADM5_CONFIG_EXPIRATION; - params.expiration = 0; - } - - /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; - if (params_in->mask & KADM5_CONFIG_FLAGS) { - params.mask |= KADM5_CONFIG_FLAGS; - params.flags = params_in->flags; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - char *sp, *ep, *tp; - - sp = svalue; - params.flags = 0; - while (sp) { - if ((ep = strchr(sp, (int)',')) || - (ep = strchr(sp, (int)' ')) || - (ep = strchr(sp, (int)'\t'))) { - /* Fill in trailing whitespace of sp */ - tp = ep - 1; - while (isspace(*tp) && (tp < sp)) { - *tp = '\0'; - tp--; - } - *ep = '\0'; - ep++; - /* Skip over trailing whitespace of ep */ - while (isspace(*ep) && (*ep)) ep++; - } - /* Convert this flag */ - if (krb5_string_to_flags(sp, - "+", - "-", - ¶ms.flags)) - break; - sp = ep; - } - if (!sp) - params.mask |= KADM5_CONFIG_FLAGS; - krb5_xfree(svalue); - } else { - params.mask |= KADM5_CONFIG_FLAGS; - params.flags = KRB5_KDB_DEF_FLAGS; - } - - /* Get the value for the supported enctype/salttype matrix */ - hierarchy[2] = "supported_enctypes"; - if (params_in->mask & KADM5_CONFIG_ENCTYPES) { + hierarchy[2] = "max_life"; + if (params_in->mask & KADM5_CONFIG_MAX_LIFE) { + params.mask |= KADM5_CONFIG_MAX_LIFE; + params.max_life = params_in->max_life; + } else { + params.max_life = KRB5_INT32_MAX; + params.mask |= KADM5_CONFIG_MAX_LIFE; + } + + /* Get the value for maximum renewable ticket lifetime. */ + hierarchy[2] = "max_renewable_life"; + if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) { + params.mask |= KADM5_CONFIG_MAX_RLIFE; + params.max_rlife = params_in->max_rlife; + } else { + params.max_rlife = KRB5_INT32_MAX; + params.mask |= KADM5_CONFIG_MAX_RLIFE; + } + + /* Get the value for the default principal expiration */ + hierarchy[2] = "default_principal_expiration"; + if (params_in->mask & KADM5_CONFIG_EXPIRATION) { + params.mask |= KADM5_CONFIG_EXPIRATION; + params.expiration = params_in->expiration; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { + params.mask |= KADM5_CONFIG_EXPIRATION; + krb5_xfree(svalue); + } + } else { + params.mask |= KADM5_CONFIG_EXPIRATION; + params.expiration = 0; + } + + /* Get the value for the default principal flags */ + hierarchy[2] = "default_principal_flags"; + if (params_in->mask & KADM5_CONFIG_FLAGS) { + params.mask |= KADM5_CONFIG_FLAGS; + params.flags = params_in->flags; + } else if (aprofile && + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + char *sp, *ep, *tp; + + sp = svalue; + params.flags = 0; + while (sp) { + if ((ep = strchr(sp, (int) ',')) || + (ep = strchr(sp, (int) ' ')) || + (ep = strchr(sp, (int) '\t'))) { + /* Fill in trailing whitespace of sp */ + tp = ep - 1; + while (isspace((int) *tp) && (tp > sp)) { + *tp = '\0'; + tp--; + } + *ep = '\0'; + ep++; + /* Skip over trailing whitespace of ep */ + while (isspace((int) *ep) && (*ep)) ep++; + } + /* Convert this flag */ + if (krb5_string_to_flags(sp, + "+", + "-", + ¶ms.flags)) + break; + sp = ep; + } + if (!sp) + params.mask |= KADM5_CONFIG_FLAGS; + krb5_xfree(svalue); + } else { + params.mask |= KADM5_CONFIG_FLAGS; + params.flags = KRB5_KDB_DEF_FLAGS; + } + + /* Get the value for the supported enctype/salttype matrix */ + hierarchy[2] = "supported_enctypes"; + if (params_in->mask & KADM5_CONFIG_ENCTYPES) { params.mask |= KADM5_CONFIG_ENCTYPES; if (params_in->num_keysalts > 0) { params.keysalts = malloc(params_in->num_keysalts * @@ -680,30 +770,29 @@ kadm5_config_params *params_in, *params_out; (void) memcpy(params.keysalts, params_in->keysalts, (params_in->num_keysalts * sizeof (*params.keysalts))); - params.num_keysalts = params_in->num_keysalts; - } - } else { - svalue = NULL; - if (aprofile) - krb5_aprof_get_string(aprofile, hierarchy, - TRUE, &svalue); - if (svalue == NULL) - svalue = strdup(DEFAULT_ENCTYPE_LIST); - - params.keysalts = NULL; - params.num_keysalts = 0; - krb5_string_to_keysalts(svalue, - ", \t", /* Tuple separators */ - ":.-", /* Key/salt separators */ - 0, /* No duplicates */ - ¶ms.keysalts, - ¶ms.num_keysalts); - if (params.num_keysalts) - params.mask |= KADM5_CONFIG_ENCTYPES; - - if (svalue) - krb5_xfree(svalue); - } + params.num_keysalts = params_in->num_keysalts; + } + } else { + svalue = NULL; + if (aprofile) + krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); + if (svalue == NULL) + svalue = strdup(DEFAULT_ENCTYPE_LIST); + + params.keysalts = NULL; + params.num_keysalts = 0; + krb5_string_to_keysalts(svalue, + ", \t",/* Tuple separators */ + ":.-", /* Key/salt separators */ + 0, /* No duplicates */ + ¶ms.keysalts, + ¶ms.num_keysalts); + if (params.num_keysalts) + params.mask |= KADM5_CONFIG_ENCTYPES; + + if (svalue) + krb5_xfree(svalue); + } hierarchy[2] = "kpasswd_server"; if (params_in->mask & KADM5_CONFIG_KPASSWD_SERVER) { @@ -883,18 +972,18 @@ kadm5_config_params *params_in, *params_out; *params_out = params; cleanup: - if (aprofile) - krb5_aprof_finish(aprofile); - if (kret) { - (void) kadm5_free_config_params(context, ¶ms); - params_out->mask = 0; - } + if (aprofile) + krb5_aprof_finish(aprofile); + if (kret) { + kadm5_free_config_params(context, ¶ms); + params_out->mask = 0; + } #ifdef KRB5_DNS_LOOKUP if (dns_realm.data) free(dns_realm.data); #endif /* KRB5_DNS_LOOKUP */ - return (kret); + return(kret); } /* * kadm5_free_config_params() - Free data allocated by above. @@ -902,10 +991,10 @@ cleanup: /*ARGSUSED*/ krb5_error_code kadm5_free_config_params(context, params) -krb5_context context; -kadm5_config_params *params; + krb5_context context; + kadm5_config_params *params; { - if (params) { + if (params) { if (params->profile) { krb5_xfree(params->profile); params->profile = NULL; @@ -963,11 +1052,52 @@ kadm5_config_params *params; return (0); } -/* +krb5_error_code +kadm5_get_admin_service_name(krb5_context ctx, + char *realm_in, + char *admin_name, + size_t maxlen) +{ + krb5_error_code ret; + kadm5_config_params params_in, params_out; + struct hostent *hp; + + memset(¶ms_in, 0, sizeof(params_in)); + memset(¶ms_out, 0, sizeof(params_out)); + + params_in.mask |= KADM5_CONFIG_REALM; + params_in.realm = realm_in; + ret = kadm5_get_config_params(ctx, DEFAULT_PROFILE_PATH, + "KRB5_CONFIG", ¶ms_in, ¶ms_out); + if (ret) + return ret; + + if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) { + ret = KADM5_MISSING_KRB5_CONF_PARAMS; + goto err_params; + } + + hp = gethostbyname(params_out.admin_server); + if (hp == NULL) { + ret = errno; + goto err_params; + } + if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) { + ret = ENOMEM; + goto err_params; + } + sprintf(admin_name, "kadmin/%s", hp->h_name); + +err_params: + kadm5_free_config_params(ctx, ¶ms_out); + return ret; +} + +/*********************************************************************** * This is the old krb5_realm_read_params, which I mutated into - * kadm5_get_config_params but which old code(kdb5_* and krb5kdc) + * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) * still uses. - */ + ***********************************************************************/ /* * krb5_read_realm_params() - Read per-realm parameters from KDC @@ -975,154 +1105,161 @@ kadm5_config_params *params; */ krb5_error_code krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) -krb5_context kcontext; -char *realm; -char *kdcprofile; -char *kdcenv; -krb5_realm_params **rparamp; + krb5_context kcontext; + char *realm; + char *kdcprofile; + char *kdcenv; + krb5_realm_params **rparamp; { - char *filename; - char *envname; - char *lrealm; - krb5_pointer aprofile = 0; - krb5_realm_params *rparams; - const char *hierarchy[4]; - char *svalue; - krb5_int32 ivalue; - krb5_deltat dtvalue; - - krb5_error_code kret; - - filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; - envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; - - if (kcontext->profile_secure == TRUE) envname = 0; - - rparams = (krb5_realm_params *) NULL; - if (realm) - lrealm = strdup(realm); - else { - kret = krb5_get_default_realm(kcontext, &lrealm); - if (kret) - goto cleanup; - } - - kret = krb5_aprof_init(filename, envname, &aprofile); + char *filename; + char *envname; + char *lrealm; + krb5_pointer aprofile = 0; + krb5_realm_params *rparams; + const char *hierarchy[4]; + char *svalue; + krb5_int32 ivalue; + krb5_boolean bvalue; + krb5_deltat dtvalue; + + krb5_error_code kret; + + filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; + envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; + + if (kcontext->profile_secure == TRUE) envname = 0; + + rparams = (krb5_realm_params *) NULL; + if (realm) + lrealm = strdup(realm); + else { + kret = krb5_get_default_realm(kcontext, &lrealm); if (kret) - goto cleanup; - - rparams = (krb5_realm_params *) malloc(sizeof (krb5_realm_params)); - if (rparams == 0) { - kret = ENOMEM; - goto cleanup; - } - - /* Initialize realm parameters */ - memset((char *)rparams, 0, sizeof (krb5_realm_params)); - - /* Get the value for the database */ - hierarchy[0] = "realms"; - hierarchy[1] = lrealm; - hierarchy[2] = "database_name"; - hierarchy[3] = (char *)NULL; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_dbname = svalue; - - /* Get the value for the KDC port list */ - hierarchy[2] = "kdc_ports"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_kdc_ports = svalue; - hierarchy[2] = "kdc_tcp_ports"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_kdc_tcp_ports = svalue; - - /* Get the name of the acl file */ - hierarchy[2] = "acl_file"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_acl_file = svalue; - - /* Get the value for the kadmind port */ - hierarchy[2] = "kadmind_port"; - if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { - rparams->realm_kadmind_port = ivalue; - rparams->realm_kadmind_port_valid = 1; - } - - /* Get the value for the master key name */ - hierarchy[2] = "master_key_name"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_mkey_name = svalue; - - /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) - rparams->realm_enctype_valid = 1; - krb5_xfree(svalue); - } - - /* Get the value for the stashfile */ - hierarchy[2] = "key_stash_file"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_stash_file = svalue; - - /* Get the value for maximum ticket lifetime. */ - hierarchy[2] = "max_life"; - if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { - rparams->realm_max_life = dtvalue; - rparams->realm_max_life_valid = 1; - } - - /* Get the value for maximum renewable ticket lifetime. */ - hierarchy[2] = "max_renewable_life"; - if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { - rparams->realm_max_rlife = dtvalue; - rparams->realm_max_rlife_valid = 1; - } - - /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_timestamp(svalue, - &rparams->realm_expiration)) - rparams->realm_expiration_valid = 1; - krb5_xfree(svalue); - } - - /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - char *sp, *ep, *tp; - - sp = svalue; - rparams->realm_flags = 0; - while (sp) { - if ((ep = strchr(sp, (int)',')) || - (ep = strchr(sp, (int)' ')) || - (ep = strchr(sp, (int)'\t'))) { - /* Fill in trailing whitespace of sp */ - tp = ep - 1; - while (isspace(*tp) && (tp < sp)) { - *tp = '\0'; - tp--; - } - *ep = '\0'; - ep++; - /* Skip over trailing whitespace of ep */ - while (isspace(*ep) && (*ep)) ep++; - } - /* Convert this flag */ - if (krb5_string_to_flags(sp, - "+", - "-", - &rparams->realm_flags)) - break; - sp = ep; + goto cleanup; + } + + kret = krb5_aprof_init(filename, envname, &aprofile); + if (kret) + goto cleanup; + + rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params)); + if (rparams == 0) { + kret = ENOMEM; + goto cleanup; + } + + /* Initialize realm parameters */ + memset((char *) rparams, 0, sizeof(krb5_realm_params)); + + /* Get the value for the database */ + hierarchy[0] = "realms"; + hierarchy[1] = lrealm; + hierarchy[2] = "database_name"; + hierarchy[3] = (char *) NULL; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_dbname = svalue; + + /* Get the value for the KDC port list */ + hierarchy[2] = "kdc_ports"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_kdc_ports = svalue; + hierarchy[2] = "kdc_tcp_ports"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_kdc_tcp_ports = svalue; + + /* Get the name of the acl file */ + hierarchy[2] = "acl_file"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_acl_file = svalue; + + /* Get the value for the kadmind port */ + hierarchy[2] = "kadmind_port"; + if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { + rparams->realm_kadmind_port = ivalue; + rparams->realm_kadmind_port_valid = 1; + } + + /* Get the value for the master key name */ + hierarchy[2] = "master_key_name"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_mkey_name = svalue; + + /* Get the value for the master key type */ + hierarchy[2] = "master_key_type"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) + rparams->realm_enctype_valid = 1; + krb5_xfree(svalue); + } + + /* Get the value for the stashfile */ + hierarchy[2] = "key_stash_file"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) + rparams->realm_stash_file = svalue; + + /* Get the value for maximum ticket lifetime. */ + hierarchy[2] = "max_life"; + if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { + rparams->realm_max_life = dtvalue; + rparams->realm_max_life_valid = 1; + } + + /* Get the value for maximum renewable ticket lifetime. */ + hierarchy[2] = "max_renewable_life"; + if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { + rparams->realm_max_rlife = dtvalue; + rparams->realm_max_rlife_valid = 1; + } + + /* Get the value for the default principal expiration */ + hierarchy[2] = "default_principal_expiration"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + if (!krb5_string_to_timestamp(svalue, + &rparams->realm_expiration)) + rparams->realm_expiration_valid = 1; + krb5_xfree(svalue); + } + + hierarchy[2] = "reject_bad_transit"; + if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { + rparams->realm_reject_bad_transit = bvalue; + rparams->realm_reject_bad_transit_valid = 1; + } + + /* Get the value for the default principal flags */ + hierarchy[2] = "default_principal_flags"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + char *sp, *ep, *tp; + + sp = svalue; + rparams->realm_flags = 0; + while (sp) { + if ((ep = strchr(sp, (int) ',')) || + (ep = strchr(sp, (int) ' ')) || + (ep = strchr(sp, (int) '\t'))) { + /* Fill in trailing whitespace of sp */ + tp = ep - 1; + while (isspace((int) *tp) && (tp < sp)) { + *tp = '\0'; + tp--; } - if (!sp) - rparams->realm_flags_valid = 1; - krb5_xfree(svalue); + *ep = '\0'; + ep++; + /* Skip over trailing whitespace of ep */ + while (isspace((int) *ep) && (*ep)) ep++; + } + /* Convert this flag */ + if (krb5_string_to_flags(sp, + "+", + "-", + &rparams->realm_flags)) + break; + sp = ep; } + if (!sp) + rparams->realm_flags_valid = 1; + krb5_xfree(svalue); + } /* Get the value for the supported enctype/salttype matrix */ /* @@ -1151,44 +1288,47 @@ krb5_realm_params **rparamp; krb5_xfree(svalue); svalue = NULL; } - cleanup: - if (aprofile) - krb5_aprof_finish(aprofile); - if (lrealm) - free(lrealm); - if (kret) { - if (rparams) - krb5_free_realm_params(kcontext, rparams); - rparams = 0; - } - *rparamp = rparams; - return (kret); + if (aprofile) + krb5_aprof_finish(aprofile); + if (lrealm) + free(lrealm); + if (kret) { + if (rparams) + krb5_free_realm_params(kcontext, rparams); + rparams = 0; + } + *rparamp = rparams; + return(kret); } /* * krb5_free_realm_params() - Free data allocated by above. */ -/*ARGSUSED*/ krb5_error_code krb5_free_realm_params(kcontext, rparams) -krb5_context kcontext; -krb5_realm_params *rparams; + krb5_context kcontext; + krb5_realm_params *rparams; { - if (rparams) { - if (rparams->realm_profile) - krb5_xfree(rparams->realm_profile); - if (rparams->realm_dbname) - krb5_xfree(rparams->realm_dbname); - if (rparams->realm_mkey_name) - krb5_xfree(rparams->realm_mkey_name); - if (rparams->realm_stash_file) - krb5_xfree(rparams->realm_stash_file); - if (rparams->realm_keysalts) - krb5_xfree(rparams->realm_keysalts); - if (rparams->realm_kdc_ports) - krb5_xfree(rparams->realm_kdc_ports); - krb5_xfree(rparams); - } - return (0); + if (rparams) { + if (rparams->realm_profile) + krb5_xfree(rparams->realm_profile); + if (rparams->realm_dbname) + krb5_xfree(rparams->realm_dbname); + if (rparams->realm_mkey_name) + krb5_xfree(rparams->realm_mkey_name); + if (rparams->realm_stash_file) + krb5_xfree(rparams->realm_stash_file); + if (rparams->realm_keysalts) + krb5_xfree(rparams->realm_keysalts); + if (rparams->realm_kdc_ports) + krb5_xfree(rparams->realm_kdc_ports); + if (rparams->realm_kdc_tcp_ports) + krb5_xfree(rparams->realm_kdc_tcp_ports); + if (rparams->realm_acl_file) + krb5_xfree(rparams->realm_acl_file); + krb5_xfree(rparams); + } + return(0); } + diff --git a/usr/src/lib/krb5/kadm5/chpass_util.c b/usr/src/lib/krb5/kadm5/chpass_util.c index e72bc03b61..18422e0924 100644 --- a/usr/src/lib/krb5/kadm5/chpass_util.c +++ b/usr/src/lib/krb5/kadm5/chpass_util.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -33,7 +33,9 @@ #include <stdio.h> +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif #include <time.h> #include <locale.h> @@ -49,8 +51,7 @@ const char *chpw_error_message(kadm5_ret_t code); /* * Function: kadm5_chpass_principal_util * - * Purpose: Wrapper around chpass_principal. We can read new pw, - * change pw and return useful messages + * Purpose: Wrapper around chpass_principal. We can read new pw, change pw and return useful messages * * Arguments: * @@ -91,7 +92,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, char *new_pw, char **ret_pw, char *msg_ret, - int msg_len) + unsigned int msg_len) { int code, code2; unsigned int pwsize; @@ -99,7 +100,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, char *new_password; kadm5_principal_ent_rec princ_ent; kadm5_policy_ent_rec policy_ent; - krb5_chgpwd_prot passwd_protocol; + krb5_chgpwd_prot passwd_protocol; _KADM5_CHECK_HANDLE(server_handle); @@ -113,8 +114,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, if ((code = (int) krb5_init_context(&context)) == 0) { pwsize = sizeof(buffer); - code = krb5_read_password(context, - KADM5_PW_FIRST_PROMPT, + code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT, KADM5_PW_SECOND_PROMPT, buffer, &pwsize); krb5_free_context(context); @@ -184,7 +184,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, #ifdef ZEROPASSWD if (!ret_pw) - memset(buffer, 0, sizeof (buffer)); + memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */ #endif if (code == KADM5_OK) { @@ -194,15 +194,12 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, } if ((code != KADM5_PASS_Q_TOOSHORT) && - (code != KADM5_PASS_REUSE) && - (code != KADM5_PASS_Q_CLASS) && - (code != KADM5_PASS_Q_DICT) && - (code != KADM5_PASS_TOOSOON)) { + (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && + (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) { /* Can't get more info for other errors */ sprintf(buffer, "%s %s", error_message(code), string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - sprintf(msg_ret, "%s\n%s\n", - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), buffer); return(code); } @@ -260,8 +257,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, code2 = kadm5_get_policy(lhandle, princ_ent.policy, &policy_ent); if (code2 != 0) { - sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", - error_message(code2), + sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", error_message(code2), string_text(CHPASS_UTIL_GET_POLICY_INFO), error_message(code), string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), @@ -271,17 +267,16 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, } if (code == KADM5_PASS_Q_TOOSHORT) { - sprintf(msg_ret, - string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), + sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), policy_ent.pw_min_length); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); } + if (code == KADM5_PASS_Q_CLASS) { - sprintf(msg_ret, - string_text(CHPASS_UTIL_TOO_FEW_CLASSES), + sprintf(msg_ret, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), policy_ent.pw_min_classes); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); @@ -292,26 +287,23 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, time_t until; char *time_string, *ptr; - until = princ_ent.last_pwd_change + - policy_ent.pw_min_life; + until = princ_ent.last_pwd_change + policy_ent.pw_min_life; time_string = ctime(&until); - if (*(ptr = &time_string[strlen(time_string)-1]) == - '\n') + if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') *ptr = '\0'; - sprintf(msg_ret, - string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), + sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), time_string); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); } else { + /* We should never get here, but just in case ... */ sprintf(buffer, "%s %s", error_message(code), string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - sprintf(msg_ret, "%s\n%s\n", - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), buffer); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); diff --git a/usr/src/lib/krb5/kadm5/chpass_util_strings.h b/usr/src/lib/krb5/kadm5/chpass_util_strings.h index 1b51f9af60..e3b147b486 100644 --- a/usr/src/lib/krb5/kadm5/chpass_util_strings.h +++ b/usr/src/lib/krb5/kadm5/chpass_util_strings.h @@ -40,5 +40,16 @@ #define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L) #define ERROR_TABLE_BASE_ovku (-1492553984L) +extern const struct error_table et_ovku_error_table; + +#if !defined(_WIN32) /* for compatibility with older versions... */ +extern void initialize_ovku_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_ovku_error_table() +#endif + +#if !defined(_WIN32) +#define init_ovku_err_tbl initialize_ovku_error_table #define ovku_err_base ERROR_TABLE_BASE_ovku +#endif diff --git a/usr/src/lib/krb5/kadm5/clnt/Makefile.com b/usr/src/lib/krb5/kadm5/clnt/Makefile.com index 4f4d2c2f11..2a9db0023a 100644 --- a/usr/src/lib/krb5/kadm5/clnt/Makefile.com +++ b/usr/src/lib/krb5/kadm5/clnt/Makefile.com @@ -78,7 +78,7 @@ CPPFLAGS += -I.. -I../.. -I../../.. -I$(SRC)/lib/gss_mechs/mech_krb5/include \ -DHAVE_LIBSOCKET=1 -DHAVE_LIBNSL=1 -DSETRPCENT_TYPE=void \ -DENDRPCENT_TYPE=void -DHAVE_SYS_ERRLIST=1 -DNEED_SYS_ERRLIST=1 \ -DHAVE_SYSLOG_H=1 -DHAVE_OPENLOG=1 -DHAVE_SYSLOG=1 -DHAVE_CLOSELOG=1 \ - -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 + -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 -DUSE_KADM5_API_VERSION=2 CFLAGS += $(CCVERBOSE) -I.. LDLIBS += -lc diff --git a/usr/src/lib/krb5/kadm5/clnt/client_init.c b/usr/src/lib/krb5/kadm5/clnt/client_init.c index 44d0fb4a9d..838f8fb18e 100644 --- a/usr/src/lib/krb5/kadm5/clnt/client_init.c +++ b/usr/src/lib/krb5/kadm5/clnt/client_init.c @@ -42,7 +42,9 @@ #include <stdio.h> #include <netdb.h> +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif #include <string.h> #include <com_err.h> #include <sys/types.h> @@ -55,19 +57,22 @@ #endif #include <libintl.h> +#include <kadm5/admin.h> +#include <kadm5/kadm_rpc.h> +#include "client_internal.h" + #include <syslog.h> #include <gssapi/gssapi.h> #include <gssapi_krb5.h> #include <gssapiP_krb5.h> -#include <kadm5/kadm_rpc.h> #include <rpc/clnt.h> -#include <kadm5/admin.h> -#include "client_internal.h" + #include <iprop_hdr.h> #include "iprop.h" #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +static int old_auth_gssapi = 0; /* connection timeout to kadmind in seconds */ #define KADMIND_CONNECT_TIMEOUT 25 @@ -93,7 +98,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, krb5_ui_4 api_version, void **server_handle) { - return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache, + return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache, service_name, params, struct_version, api_version, server_handle); @@ -107,19 +112,19 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, krb5_ui_4 api_version, void **server_handle) { - return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, + return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, api_version, server_handle); } kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - void **server_handle) + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle) { - return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, + return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, api_version, server_handle); } @@ -131,7 +136,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, krb5_ui_4 api_version, void **server_handle) { - return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL, + return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL, service_name, params, struct_version, api_version, server_handle); } @@ -579,132 +584,132 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, krb5_ui_4 api_version, void **server_handle) { - int i; - krb5_creds creds; - krb5_ccache ccache = NULL; - krb5_timestamp now; - OM_uint32 gssstat, minor_stat; - kadm5_server_handle_t handle; - kadm5_config_params params_local; - int code = 0; - krb5_get_init_creds_opt opt; - gss_buffer_desc input_name; - krb5_error_code kret; - krb5_int32 starttime; - char *server = NULL; - krb5_principal serverp = NULL, clientp = NULL; - bool_t cpw = FALSE; + int i; + krb5_creds creds; + krb5_ccache ccache = NULL; + krb5_timestamp now; + OM_uint32 gssstat, minor_stat; + kadm5_server_handle_t handle; + kadm5_config_params params_local; + int code = 0; + krb5_get_init_creds_opt opt; + gss_buffer_desc input_name; + krb5_error_code kret; + krb5_int32 starttime; + char *server = NULL; + krb5_principal serverp = NULL, clientp = NULL; + bool_t cpw = FALSE; ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN, "entering kadm5_init_any\n")); - if (! server_handle) { - return (EINVAL); - } - - if (! (handle = malloc(sizeof(*handle)))) { - return (ENOMEM); - } - if (! (handle->lhandle = malloc(sizeof(*handle)))) { - free(handle); - return (ENOMEM); - } - - handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; - handle->struct_version = struct_version; - handle->api_version = api_version; - handle->clnt = 0; - handle->cache_name = 0; - handle->destroy_cache = 0; - *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_2; - handle->lhandle->struct_version = KADM5_STRUCT_VERSION; - handle->lhandle->lhandle = handle->lhandle; - - kret = krb5_init_context(&handle->context); + if (! server_handle) { + return EINVAL; + } + + if (! (handle = malloc(sizeof(*handle)))) { + return ENOMEM; + } + if (! (handle->lhandle = malloc(sizeof(*handle)))) { + free(handle); + return ENOMEM; + } + + handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; + handle->struct_version = struct_version; + handle->api_version = api_version; + handle->clnt = 0; + handle->cache_name = 0; + handle->destroy_cache = 0; + *handle->lhandle = *handle; + handle->lhandle->api_version = KADM5_API_VERSION_2; + handle->lhandle->struct_version = KADM5_STRUCT_VERSION; + handle->lhandle->lhandle = handle->lhandle; + + kret = krb5_init_context(&handle->context); if (kret) { free(handle->lhandle); free(handle); return (kret); } - if(service_name == NULL || client_name == NULL) { - krb5_free_context(handle->context); - free(handle->lhandle); - free(handle); - return (EINVAL); - } - memset((char *) &creds, 0, sizeof(creds)); - - /* - * Verify the version numbers before proceeding; we can't use - * CHECK_HANDLE because not all fields are set yet. - */ - GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, + if(service_name == NULL || client_name == NULL) { + krb5_free_context(handle->context); + free(handle->lhandle); + free(handle); + return EINVAL; + } + memset((char *) &creds, 0, sizeof(creds)); + + /* + * Verify the version numbers before proceeding; we can't use + * CHECK_HANDLE because not all fields are set yet. + */ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, KADM5_NEW_LIB_API_VERSION); - - /* - * Acquire relevant profile entries. In version 2, merge values - * in params_in with values from profile, based on - * params_in->mask. - * - * In version 1, we've given a realm (which may be NULL) instead - * of params_in. So use that realm, make params_in contain an - * empty mask, and behave like version 2. - */ - memset((char *) ¶ms_local, 0, sizeof(params_local)); - if (api_version == KADM5_API_VERSION_1) { - if (params_in) - params_local.mask = KADM5_CONFIG_REALM; - params_in = ¶ms_local; + + /* + * Acquire relevant profile entries. In version 2, merge values + * in params_in with values from profile, based on + * params_in->mask. + * + * In version 1, we've given a realm (which may be NULL) instead + * of params_in. So use that realm, make params_in contain an + * empty mask, and behave like version 2. + */ + memset((char *) ¶ms_local, 0, sizeof(params_local)); + if (api_version == KADM5_API_VERSION_1) { + if (params_in) + params_local.mask = KADM5_CONFIG_REALM; + params_in = ¶ms_local; } #define ILLEGAL_PARAMS ( \ - KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_ADB_LOCKFILE | \ - KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \ - KADM5_CONFIG_DICT_FILE | KADM5_CONFIG_ADMIN_KEYTAB | \ - KADM5_CONFIG_STASH_FILE | KADM5_CONFIG_MKEY_NAME | \ - KADM5_CONFIG_ENCTYPE | KADM5_CONFIG_MAX_LIFE | \ - KADM5_CONFIG_MAX_RLIFE | KADM5_CONFIG_EXPIRATION | \ - KADM5_CONFIG_FLAGS | KADM5_CONFIG_ENCTYPES | \ - KADM5_CONFIG_MKEY_FROM_KBD) - - if (params_in && params_in->mask & ILLEGAL_PARAMS) { + KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_ADB_LOCKFILE | \ + KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \ + KADM5_CONFIG_DICT_FILE | KADM5_CONFIG_ADMIN_KEYTAB | \ + KADM5_CONFIG_STASH_FILE | KADM5_CONFIG_MKEY_NAME | \ + KADM5_CONFIG_ENCTYPE | KADM5_CONFIG_MAX_LIFE | \ + KADM5_CONFIG_MAX_RLIFE | KADM5_CONFIG_EXPIRATION | \ + KADM5_CONFIG_FLAGS | KADM5_CONFIG_ENCTYPES | \ + KADM5_CONFIG_MKEY_FROM_KBD) + + if (params_in && params_in->mask & ILLEGAL_PARAMS) { krb5_free_context(handle->context); free(handle->lhandle); - free(handle); + free(handle); ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN, "bad client parameters, returning %d"), KADM5_BAD_CLIENT_PARAMS); - return (KADM5_BAD_CLIENT_PARAMS); - } + return KADM5_BAD_CLIENT_PARAMS; + } - if ((code = kadm5_get_config_params(handle->context, + if ((code = kadm5_get_config_params(handle->context, DEFAULT_PROFILE_PATH, "KRB5_CONFIG", params_in, &handle->params))) { - krb5_free_context(handle->context); - free(handle->lhandle); - free(handle); + krb5_free_context(handle->context); + free(handle->lhandle); + free(handle); ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN, "failed to get config_params, return: %d\n"), code); - return(code); - } + return(code); + } #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \ KADM5_CONFIG_ADMIN_SERVER | \ KADM5_CONFIG_KADMIND_PORT) - if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { + if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { (void) kadm5_free_config_params(handle->context, &handle->params); - krb5_free_context(handle->context); + krb5_free_context(handle->context); free(handle->lhandle); - free(handle); + free(handle); ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN, "missing config parameters\n")); - return (KADM5_MISSING_CONF_PARAMS); - } + return KADM5_MISSING_KRB5_CONF_PARAMS; + } /* * Acquire a service ticket for service_name@realm in the name of @@ -775,52 +780,61 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, /* XXX temporarily fix a bug in krb5_cc_get_type */ #undef krb5_cc_get_type #define krb5_cc_get_type(context, cache) ((cache)->ops->prefix) - - if (init_type == INIT_CREDS) { - ccache = ccache_in; - handle->cache_name = (char *) - malloc(strlen(krb5_cc_get_type(handle->context, ccache)) + - strlen(krb5_cc_get_name(handle->context, ccache)) + 2); - - if (handle->cache_name == NULL) { - code = ENOMEM; - goto error; - } - sprintf(handle->cache_name, "%s:%s", - krb5_cc_get_type(handle->context, ccache), - krb5_cc_get_name(handle->context, ccache)); - } else { - handle->cache_name = - (char *) malloc(strlen(ADM_CCACHE)+strlen("FILE:")+1); - if (handle->cache_name == NULL) { - code = ENOMEM; - goto error; - } - sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE); - mktemp(handle->cache_name + strlen("FILE:")); - - if ((code = krb5_cc_resolve(handle->context, - handle->cache_name, &ccache))) - goto error; + + + if (init_type == INIT_CREDS) { + ccache = ccache_in; + handle->cache_name = (char *) + malloc(strlen(krb5_cc_get_type(handle->context, ccache)) + + strlen(krb5_cc_get_name(handle->context, ccache)) + 2); + if (handle->cache_name == NULL) { + code = ENOMEM; + goto error; + } + sprintf(handle->cache_name, "%s:%s", + krb5_cc_get_type(handle->context, ccache), + krb5_cc_get_name(handle->context, ccache)); + } else { +#if 0 + handle->cache_name = + (char *) malloc(strlen(ADM_CCACHE)+strlen("FILE:")+1); + if (handle->cache_name == NULL) { + code = ENOMEM; + goto error; + } + sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE); + mktemp(handle->cache_name + strlen("FILE:")); +#endif + { + static int counter = 0; + handle->cache_name = malloc(sizeof("MEMORY:kadm5_") + + 3*sizeof(counter)); + sprintf(handle->cache_name, "MEMORY:kadm5_%u", counter++); + } + + if ((code = krb5_cc_resolve(handle->context, handle->cache_name, + &ccache))) + goto error; - if ((code = krb5_cc_initialize (handle->context, ccache, + if ((code = krb5_cc_initialize (handle->context, ccache, creds.client))) - goto error; + goto error; - handle->destroy_cache = 1; - } - handle->lhandle->cache_name = handle->cache_name; + handle->destroy_cache = 1; + } + handle->lhandle->cache_name = handle->cache_name; ADMIN_LOG(LOG_ERR, dgettext(TEXT_DOMAIN, "cache created: %s\n"), handle->cache_name); - - if ((code = krb5_timeofday(handle->context, &now))) - goto error; + + if ((code = krb5_timeofday(handle->context, &now))) + goto error; - /* - * Get a ticket, use the method specified in init_type. - */ - creds.times.starttime = 0; /* start timer at KDC */ - creds.times.endtime = 0; /* endtime will be limited by service */ + /* + * Get a ticket, use the method specified in init_type. + */ + + creds.times.starttime = 0; /* start timer at KDC */ + creds.times.endtime = 0; /* endtime will be limited by service */ memset(&opt, 0, sizeof (opt)); krb5_get_init_creds_opt_init(&opt); @@ -854,19 +868,16 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, creds.times.starttime, server, &opt); - if (pass) - krb5_kt_close(handle->context, kt); - } - } - - /* Improved error messages */ - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) - code = KADM5_BAD_PASSWORD; + if (pass) krb5_kt_close(handle->context, kt); + } + } - if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) - code = KADM5_SECURE_PRINC_MISSING; + /* Improved error messages */ + if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) + code = KADM5_SECURE_PRINC_MISSING; - if (code != 0) { + if (code != 0) { ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN, "failed to obtain credentials cache\n")); goto error; @@ -882,8 +893,8 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, ADMIN_LOGO(LOG_ERR, dgettext(TEXT_DOMAIN, "obtained credentials cache\n")); #ifdef ZEROPASSWD - if (pass != NULL) - memset(pass, 0, strlen(pass)); + if (pass != NULL) + memset(pass, 0, strlen(pass)); #endif if (init_type != INIT_PASS || @@ -903,19 +914,19 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, goto cleanup; error: - /* - * Note that it is illegal for this code to execute if "handle" - * has not been allocated and initialized. I.e., don't use "goto - * error" before the block of code at the top of the function - * that allocates and initializes "handle". - */ - if (handle->cache_name) + /* + * Note that it is illegal for this code to execute if "handle" + * has not been allocated and initialized. I.e., don't use "goto + * error" before the block of code at the top of the function + * that allocates and initializes "handle". + */ + if (handle->cache_name) free(handle->cache_name); - if (handle->destroy_cache && ccache) + if (handle->destroy_cache && ccache) krb5_cc_destroy(handle->context, ccache); - if(handle->clnt && handle->clnt->cl_auth) + if(handle->clnt && handle->clnt->cl_auth) AUTH_DESTROY(handle->clnt->cl_auth); - if(handle->clnt) + if(handle->clnt) clnt_destroy(handle->clnt); (void) kadm5_free_config_params(handle->context, &handle->params); @@ -935,76 +946,91 @@ cleanup: if (serverp && serverp != creds.server) krb5_free_principal(handle->context, serverp); - krb5_free_cred_contents(handle->context, &creds); + krb5_free_cred_contents(handle->context, &creds); /* * Dont clean up the handle if the code is OK (code==0) * because it is returned to the caller in the 'server_handle' * ptr. */ - if (code) { + if (code) { krb5_free_context(handle->context); free(handle->lhandle); free(handle); } - return (code); + return code; } kadm5_ret_t kadm5_destroy(void *server_handle) { - krb5_ccache ccache = NULL; - int code = KADM5_OK; - kadm5_server_handle_t handle = + krb5_ccache ccache = NULL; + int code = KADM5_OK; + kadm5_server_handle_t handle = (kadm5_server_handle_t) server_handle; OM_uint32 min_stat; - CHECK_HANDLE(server_handle); - - if (handle->destroy_cache && handle->cache_name) { + CHECK_HANDLE(server_handle); +/* SUNW14resync: + * krb5_cc_resolve() will resolve a ccache with the same data that + * handle->my_cred points to. If the ccache is a MEMORY ccache then + * gss_release_cred() will free that data (it doesn't do this when ccache + * is a FILE ccache). + * if'ed out to avoid the double free. + */ +#if 0 + if (handle->destroy_cache && handle->cache_name) { if ((code = krb5_cc_resolve(handle->context, handle->cache_name, &ccache)) == 0) code = krb5_cc_destroy (handle->context, ccache); - } - if (handle->cache_name) + } +#endif + if (handle->cache_name) free(handle->cache_name); - - if (handle->clnt && handle->clnt->cl_auth) { + if (handle->clnt && handle->clnt->cl_auth) { /* * Since kadm5 doesn't use the default credentials we * must clean this up manually. */ if (handle->my_cred != GSS_C_NO_CREDENTIAL) (void) gss_release_cred(&min_stat, &handle->my_cred); - AUTH_DESTROY(handle->clnt->cl_auth); + AUTH_DESTROY(handle->clnt->cl_auth); } - if (handle->clnt) + if (handle->clnt) clnt_destroy(handle->clnt); - if (handle->lhandle) - free (handle->lhandle); + if (handle->lhandle) + free (handle->lhandle); - kadm5_free_config_params(handle->context, &handle->params); - krb5_free_context(handle->context); + kadm5_free_config_params(handle->context, &handle->params); + krb5_free_context(handle->context); - handle->magic_number = 0; - free(handle); + handle->magic_number = 0; + free(handle); - return (code); + return code; +} +/* not supported on client */ +kadm5_ret_t kadm5_lock(void *server_handle) +{ + return EINVAL; } -/*ARGSUSED*/ -kadm5_ret_t -kadm5_flush(void *server_handle) +/* not supported on client */ +kadm5_ret_t kadm5_unlock(void *server_handle) { - return (KADM5_OK); + return EINVAL; } -int -_kadm5_check_handle(void *handle) +kadm5_ret_t kadm5_flush(void *server_handle) { - CHECK_HANDLE(handle); - return (0); + return KADM5_OK; +} + +int _kadm5_check_handle(void *handle) +{ + CHECK_HANDLE(handle); + return 0; } /* diff --git a/usr/src/lib/krb5/kadm5/clnt/client_internal.h b/usr/src/lib/krb5/kadm5/clnt/client_internal.h index 756d4b4a05..ff739b4b91 100644 --- a/usr/src/lib/krb5/kadm5/clnt/client_internal.h +++ b/usr/src/lib/krb5/kadm5/clnt/client_internal.h @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -29,9 +29,9 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/clnt/client_internal.h, v 1.1 1996/07/24 22:22:43 tlyu Exp $ - * - * $Log: client_internal.h, v $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_internal.h,v 1.1 1996/07/24 22:22:43 tlyu Exp $ + * + * $Log: client_internal.h,v $ * Revision 1.1 1996/07/24 22:22:43 tlyu * * Makefile.in, configure.in: break out client lib into a * subdirectory @@ -97,31 +97,32 @@ typedef struct _kadm5_server_handle_t { krb5_ui_4 magic_number; krb5_ui_4 struct_version; krb5_ui_4 api_version; - char *cache_name; + char * cache_name; int destroy_cache; - CLIENT *clnt; + CLIENT * clnt; krb5_context context; gss_cred_id_t my_cred; kadm5_config_params params; struct _kadm5_server_handle_t *lhandle; } kadm5_server_handle_rec, *kadm5_server_handle_t; - -#define CLIENT_CHECK_HANDLE(handle) \ +#define CLIENT_CHECK_HANDLE(handle) \ { \ -kadm5_server_handle_t srvr = (kadm5_server_handle_t)handle; \ + kadm5_server_handle_t srvr = \ + (kadm5_server_handle_t) handle; \ + \ if (srvr->params.kpasswd_protocol == KRB5_CHGPWD_RPCSEC && ! srvr->clnt) \ - return (KADM5_BAD_SERVER_HANDLE); \ + return KADM5_BAD_SERVER_HANDLE; \ if (! srvr->cache_name) \ - return (KADM5_BAD_SERVER_HANDLE); \ + return KADM5_BAD_SERVER_HANDLE; \ if (! srvr->lhandle) \ -return (KADM5_BAD_SERVER_HANDLE); \ + return KADM5_BAD_SERVER_HANDLE; \ } -#define CHECK_HANDLE(handle) \ -GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \ -KADM5_NEW_LIB_API_VERSION) \ -CLIENT_CHECK_HANDLE(handle) +#define CHECK_HANDLE(handle) \ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \ + KADM5_NEW_LIB_API_VERSION) \ + CLIENT_CHECK_HANDLE(handle) #ifdef __cplusplus } diff --git a/usr/src/lib/krb5/kadm5/clnt/client_principal.c b/usr/src/lib/krb5/kadm5/clnt/client_principal.c index b6fc1103f4..92fc52d122 100644 --- a/usr/src/lib/krb5/kadm5/clnt/client_principal.c +++ b/usr/src/lib/krb5/kadm5/clnt/client_principal.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,19 +26,27 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.8 2000/02/27 22:18:15 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.11 2004/06/16 03:11:53 tlyu Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.8 2000/02/27 22:18:15 tlyu Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/client_principal.c,v 1.11 2004/06/16 03:11:53 tlyu Exp $"; #endif #include <rpc/rpc.h> /* SUNWresync121 XXX */ #include <kadm5/admin.h> #include <kadm5/kadm_rpc.h> +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif #include "client_internal.h" +#ifdef DEBUG /* SUNWresync14 XXX */ +#define eret() clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; +#else +#define eret() return KADM5_RPC_ERROR; +#endif + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t princ, long mask, @@ -93,7 +101,7 @@ kadm5_create_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -154,7 +162,7 @@ kadm5_create_principal_3(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -173,7 +181,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) arg.api_version = handle->api_version; r = delete_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -226,7 +234,7 @@ kadm5_modify_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -251,7 +259,7 @@ kadm5_get_principal(void *server_handle, arg.api_version = handle->api_version; r = get_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { kadm5_principal_ent_t_v1 *entp; @@ -291,7 +299,7 @@ kadm5_get_principals(void *server_handle, arg.api_version = handle->api_version; r = get_princs_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if(r->code == 0) { *count = r->count; *princs = r->princs; @@ -320,7 +328,7 @@ kadm5_rename_principal(void *server_handle, return EINVAL; r = rename_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -342,7 +350,7 @@ kadm5_chpass_principal(void *server_handle, return EINVAL; r = chpass_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -369,7 +377,7 @@ kadm5_chpass_principal_3(void *server_handle, return EINVAL; r = chpass_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -392,7 +400,7 @@ kadm5_setv4key_principal(void *server_handle, return EINVAL; r = setv4key_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -402,7 +410,6 @@ kadm5_setkey_principal(void *server_handle, krb5_keyblock *keyblocks, int n_keys) { - setkey_arg arg; generic_ret *r; kadm5_server_handle_t handle = server_handle; @@ -418,7 +425,7 @@ kadm5_setkey_principal(void *server_handle, return EINVAL; r = setkey_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -448,7 +455,7 @@ kadm5_setkey_principal_3(void *server_handle, return EINVAL; r = setkey_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -527,7 +534,6 @@ kadm5_randkey_principal_3(void *server_handle, { chrand3_arg arg; chrand_ret *r; - krb5_keyblock new; kadm5_server_handle_t handle = server_handle; int i, ret; @@ -549,27 +555,30 @@ kadm5_randkey_principal_3(void *server_handle, return EINVAL; r = chrand_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); - } else if (key && (r->n_keys > 0)) { - *key = (krb5_keyblock *) - malloc(r->n_keys*sizeof(krb5_keyblock)); - if (*key == NULL) - return ENOMEM; - for (i = 0; i < r->n_keys; i++) { - ret = krb5_copy_keyblock_contents(handle->context, - &r->keys[i], - &(*key)[i]); - if (ret) { - free(*key); - *key = NULL; - return ENOMEM; - } - } - if (n_keys) - *n_keys = r->n_keys; + } else { + if (n_keys) + *n_keys = r->n_keys; + if (key) { + if(r->n_keys) { + *key = (krb5_keyblock *) + malloc(r->n_keys*sizeof(krb5_keyblock)); + if (*key == NULL) + return ENOMEM; + for (i = 0; i < r->n_keys; i++) { + ret = krb5_copy_keyblock_contents(handle->context, + &r->keys[i], + &(*key)[i]); + if (ret) { + free(*key); + return ENOMEM; + } + } + } else *key = NULL; + } } return r->code; diff --git a/usr/src/lib/krb5/kadm5/clnt/client_rpc.c b/usr/src/lib/krb5/kadm5/clnt/client_rpc.c index bbe65e38bc..1e029e1bf7 100644 --- a/usr/src/lib/krb5/kadm5/clnt/client_rpc.c +++ b/usr/src/lib/krb5/kadm5/clnt/client_rpc.c @@ -1,5 +1,5 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -27,7 +27,9 @@ #include <kadm5/kadm_rpc.h> #include <krb5.h> #include <kadm5/admin.h> +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif /* Default timeout can be changed using clnt_control() */ static struct timeval TIMEOUT = { 25, 0 }; @@ -51,7 +53,7 @@ create_principal_1(argp, clnt) generic_ret * create_principal3_1(argp, clnt) - cprinc_arg *argp; + cprinc3_arg *argp; CLIENT *clnt; { static generic_ret res; @@ -138,7 +140,7 @@ get_principal_1(argp, clnt) gprincs_ret * get_princs_1(argp, clnt) - gprinc_arg *argp; + gprincs_arg *argp; CLIENT *clnt; { static gprincs_ret res; @@ -172,7 +174,7 @@ chpass_principal_1(argp, clnt) generic_ret * chpass_principal3_1(argp, clnt) - chpass_arg *argp; + chpass3_arg *argp; CLIENT *clnt; { static generic_ret res; @@ -229,7 +231,7 @@ setkey_principal_1(argp, clnt) generic_ret * setkey_principal3_1(argp, clnt) - setkey_arg *argp; + setkey3_arg *argp; CLIENT *clnt; { static generic_ret res; @@ -265,7 +267,7 @@ chrand_principal_1(argp, clnt) chrand_ret * chrand_principal3_1(argp, clnt) - chrand_arg *argp; + chrand3_arg *argp; CLIENT *clnt; { static chrand_ret res; @@ -352,7 +354,7 @@ get_policy_1(argp, clnt) gpols_ret * get_pols_1(argp, clnt) - gprinc_arg *argp; + gpols_arg *argp; CLIENT *clnt; { static gpols_ret res; diff --git a/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c b/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c index 4ce989fad3..ffbf55a090 100644 --- a/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c +++ b/usr/src/lib/krb5/kadm5/clnt/clnt_chpass_util.c @@ -26,7 +26,7 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, char *new_pw, char **ret_pw, char *msg_ret, - int msg_len) + unsigned int msg_len) { kadm5_server_handle_t handle = server_handle; diff --git a/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c b/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c index 1161389f66..15ee88ef8a 100644 --- a/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c +++ b/usr/src/lib/krb5/kadm5/clnt/clnt_policy.c @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,7 +26,7 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/clnt_policy.c,v 1.2 1998/02/14 02:32:57 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/clnt/clnt_policy.c,v 1.4 2004/02/19 01:22:26 raeburn Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) @@ -86,7 +86,6 @@ kadm5_delete_policy(void *server_handle, char *name) kadm5_ret_t kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t policy, long mask) - { mpol_arg arg; generic_ret *r; @@ -109,7 +108,6 @@ kadm5_modify_policy(void *server_handle, kadm5_ret_t kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) - { gpol_arg arg; gpol_ret *r; diff --git a/usr/src/lib/krb5/kadm5/clnt/mapfile-vers b/usr/src/lib/krb5/kadm5/clnt/mapfile-vers index f47b2d722b..241e1286b1 100644 --- a/usr/src/lib/krb5/kadm5/clnt/mapfile-vers +++ b/usr/src/lib/krb5/kadm5/clnt/mapfile-vers @@ -27,10 +27,14 @@ SUNWprivate_1.1 { global: + _kadm5_get_kpasswd_protocol; + chpass_principal3_1; chpass_principal_1; chpw_error_message; + chrand_principal3_1; chrand_principal_1; create_policy_1; + create_principal3_1; create_principal_1; delete_policy_1; delete_principal_1; @@ -58,11 +62,10 @@ SUNWprivate_1.1 { kadm5_free_policy_ent; kadm5_free_principal_ent; kadm5_get_adm_host_srv_name; + kadm5_get_admin_service_name; kadm5_get_config_params; kadm5_get_cpw_host_srv_name; kadm5_get_kiprop_host_srv_name; - _kadm5_get_kpasswd_protocol; - kadm5_get_master; kadm5_get_policies; kadm5_get_policy; kadm5_get_principal; @@ -73,14 +76,18 @@ SUNWprivate_1.1 { kadm5_init_with_creds; kadm5_init_with_password; kadm5_init_with_skey; + kadm5_lock; kadm5_modify_policy; kadm5_modify_principal; kadm5_randkey_principal; kadm5_randkey_principal_3; kadm5_randkey_principal_old; kadm5_rename_principal; + kadm5_setkey_principal; kadm5_setkey_principal_3; + kadm5_unlock; krb5_aprof_finish; + krb5_aprof_get_boolean; krb5_aprof_get_deltat; krb5_aprof_get_int32; krb5_aprof_get_string; @@ -104,10 +111,15 @@ SUNWprivate_1.1 { modify_policy_1; modify_principal_1; rename_principal_1; + setkey_principal3_1; + setkey_principal_1; + xdr_chpass3_arg; xdr_chpass_arg; + xdr_chrand3_arg; xdr_chrand_arg; xdr_chrand_ret; xdr_cpol_arg; + xdr_cprinc3_arg; xdr_cprinc_arg; xdr_dpol_arg; xdr_dprinc_arg; @@ -129,19 +141,24 @@ SUNWprivate_1.1 { xdr_krb5_enctype; xdr_krb5_flags; xdr_krb5_int16; - xdr_krb5_keyblock; xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; xdr_krb5_kvno; xdr_krb5_octet; xdr_krb5_principal; + xdr_krb5_salttype; xdr_krb5_timestamp; xdr_krb5_tl_data; + xdr_krb5_ui_2; xdr_krb5_ui_4; xdr_mpol_arg; xdr_mprinc_arg; xdr_nullstring; xdr_nulltype; xdr_rprinc_arg; + xdr_setkey3_arg; + xdr_setkey_arg; xdr_ui_4; local: *; diff --git a/usr/src/lib/krb5/kadm5/kadm_err.h b/usr/src/lib/krb5/kadm5/kadm_err.h index 4e636670a1..c4463ff13a 100644 --- a/usr/src/lib/krb5/kadm5/kadm_err.h +++ b/usr/src/lib/krb5/kadm5/kadm_err.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -81,10 +81,22 @@ #define KADM5_SETKEY_DUP_ENCTYPES (43787571L) #define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L) #define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L) -#define KADM5_RPC_ERROR_CANTENCODEARGS (43787574L) -#define KADM5_RPC_ERROR_CANTDECODEARGS (43787575L) +#define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L) +#define KADM5_RPC_ERROR_CANTENCODEARGS (43787575L) +#define KADM5_RPC_ERROR_CANTDECODEARGS (43787576L) #define ERROR_TABLE_BASE_ovk (43787520L) +extern const struct error_table et_ovk_error_table; + +#if !defined(_WIN32) /* for compatibility with older versions... */ +extern void initialize_ovk_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_ovk_error_table() +#endif + +#if !defined(_WIN32) +#define init_ovk_err_tbl initialize_ovk_error_table #define ovk_err_base ERROR_TABLE_BASE_ovk +#endif diff --git a/usr/src/lib/krb5/kadm5/kadm_rpc.h b/usr/src/lib/krb5/kadm5/kadm_rpc.h index 54d5869fb4..9521c9f923 100644 --- a/usr/src/lib/krb5/kadm5/kadm_rpc.h +++ b/usr/src/lib/krb5/kadm5/kadm_rpc.h @@ -17,6 +17,8 @@ * */ +#ifndef __KADM_RPC_H__ +#define __KADM_RPC_H__ #include <rpc/types.h> @@ -254,44 +256,99 @@ bool_t xdr_getprivs_ret(); #define KADM ((krb5_ui_4)2112) #define KADMVERS ((krb5_ui_4)2) #define CREATE_PRINCIPAL ((krb5_ui_4)1) -extern generic_ret *create_principal_1(); +extern generic_ret *create_principal_1_svc(cprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt); + #define DELETE_PRINCIPAL ((krb5_ui_4)2) -extern generic_ret *delete_principal_1(); +extern generic_ret *delete_principal_1_svc(dprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt); + #define MODIFY_PRINCIPAL ((krb5_ui_4)3) -extern generic_ret *modify_principal_1(); +extern generic_ret *modify_principal_1_svc(mprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt); + #define RENAME_PRINCIPAL ((krb5_ui_4)4) -extern generic_ret *rename_principal_1(); +extern generic_ret *rename_principal_1_svc(rprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt); + #define GET_PRINCIPAL ((krb5_ui_4)5) -extern gprinc_ret *get_principal_1(); +extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp); +extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt); + #define CHPASS_PRINCIPAL ((krb5_ui_4)6) -extern generic_ret *chpass_principal_1(); +extern generic_ret *chpass_principal_1_svc(chpass_arg *arg, + struct svc_req *rqstp); +extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt); + #define CHRAND_PRINCIPAL ((krb5_ui_4)7) -extern chrand_ret *chrand_principal_1(); +extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg, + struct svc_req *rqstp); +extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt); + #define CREATE_POLICY ((krb5_ui_4)8) -extern generic_ret *create_policy_1(); +extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt); + #define DELETE_POLICY ((krb5_ui_4)9) -extern generic_ret *delete_policy_1(); +extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt); + #define MODIFY_POLICY ((krb5_ui_4)10) -extern generic_ret *modify_policy_1(); +extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt); + #define GET_POLICY ((krb5_ui_4)11) -extern gpol_ret *get_policy_1(); +extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp); +extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt); + #define GET_PRIVS ((krb5_ui_4)12) -extern getprivs_ret *get_privs_1(); +extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); +extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt); + #define INIT ((krb5_ui_4)13) +extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); extern generic_ret *init_1(); + #define GET_PRINCS ((krb5_ui_4) 14) -extern gprincs_ret *get_princs_1(); +extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp); +extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt); + #define GET_POLS ((krb5_ui_4) 15) -extern gpols_ret *get_pols_1(); +extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp); +extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt); + #define SETKEY_PRINCIPAL ((krb5_ui_4) 16) -extern generic_ret *setkey_principal_1(); +extern generic_ret *setkey_principal_1_svc(setkey_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt); + #define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17) -extern generic_ret *setv4key_principal_1(); +extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt); + #define CREATE_PRINCIPAL3 ((krb5_ui_4) 18) -extern generic_ret *create_principal3_1(); +extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt); + #define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19) -extern generic_ret *chpass_principal3_1(); +extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt); + #define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20) -extern chrand_ret *chrand_principal3_1(); +extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg, + struct svc_req *rqstp); +extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt); + #define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21) -extern generic_ret *setkey_principal3_1(); +extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt); + +#endif /* __KADM_RPC_H__ */ diff --git a/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c b/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c index fef7da4749..d9d5697458 100644 --- a/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c +++ b/usr/src/lib/krb5/kadm5/kadm_rpc_xdr.c @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -52,7 +52,7 @@ bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp) { /* Assumes that krb5_ui_4 and u_int32 are both four bytes long. This should not be a harmful assumption. */ - return xdr_u_int(xdrs, (rpc_u_int32 *) objp); + return xdr_u_int(xdrs, (uint32_t *) objp); } @@ -150,7 +150,7 @@ xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp) /* This assumes that int32 and krb5_timestamp are the same size. This shouldn't be a problem, since we've got a unit test which checks for this. */ - if (!xdr_int(xdrs, (rpc_int32 *) objp)) { + if (!xdr_int(xdrs, (int32_t *) objp)) { return (FALSE); } return (TRUE); @@ -181,7 +181,7 @@ xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp) /* This assumes that int32 and krb5_deltat are the same size. This shouldn't be a problem, since we've got a unit test which checks for this. */ - if (!xdr_int(xdrs, (rpc_int32 *) objp)) { + if (!xdr_int(xdrs, (int32_t *) objp)) { return (FALSE); } return (TRUE); @@ -193,7 +193,7 @@ xdr_krb5_flags(XDR *xdrs, krb5_flags *objp) /* This assumes that int32 and krb5_flags are the same size. This shouldn't be a problem, since we've got a unit test which checks for this. */ - if (!xdr_int(xdrs, (rpc_int32 *) objp)) { + if (!xdr_int(xdrs, (int32_t *) objp)) { return (FALSE); } return (TRUE); @@ -202,7 +202,7 @@ xdr_krb5_flags(XDR *xdrs, krb5_flags *objp) bool_t xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp) { - if (!xdr_u_int(xdrs, (rpc_u_int32 *) objp)) { + if (!xdr_u_int(xdrs, (uint32_t *) objp)) { return (FALSE); } return (TRUE); @@ -223,6 +223,30 @@ xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp) return(TRUE); } +/* + * Function: xdr_krb5_ui_2 + * + * Purpose: XDR function which serves as a wrapper for xdr_u_int, + * to prevent compiler warnings about type clashes between u_int + * and krb5_ui_2. + */ +bool_t +xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp) +{ + unsigned int tmp; + + tmp = (unsigned int) *objp; + + if (!xdr_u_int(xdrs, &tmp)) + return(FALSE); + + *objp = (krb5_ui_2) tmp; + + return(TRUE); +} + + + bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp) { /* @@ -285,7 +309,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head) { krb5_tl_data *tl, *tl2; bool_t more; - uint len; + unsigned int len; switch (xdrs->x_op) { case XDR_FREE: @@ -346,10 +370,10 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head) bool_t xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp) { - rpc_u_int32 tmp; + uint32_t tmp; if (xdrs->x_op == XDR_ENCODE) - tmp = (rpc_u_int32) *objp; + tmp = (uint32_t) *objp; if (!xdr_u_int(xdrs, &tmp)) return (FALSE); @@ -1021,7 +1045,7 @@ xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp) bool_t xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp) { - if (!xdr_int(xdrs, (rpc_int32 *) objp)) /* SUNWresync121 XXX */ + if (!xdr_int(xdrs, (int32_t *) objp)) /* SUNWresync121 XXX */ return FALSE; return TRUE; } diff --git a/usr/src/lib/krb5/kadm5/server_internal.h b/usr/src/lib/krb5/kadm5/server_internal.h index 9f11e51d2d..e0c473f900 100644 --- a/usr/src/lib/krb5/kadm5/server_internal.h +++ b/usr/src/lib/krb5/kadm5/server_internal.h @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -25,7 +25,7 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/server_internal.h,v 1.27 1996/10/21 20:29:58 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/server_internal.h,v 1.31 2001/07/08 12:24:56 epeisach Exp $ */ /* @@ -37,7 +37,9 @@ #ifndef __KADM5_SERVER_INTERNAL_H__ #define __KADM5_SERVER_INTERNAL_H__ +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif #include <stdlib.h> #include "k5-int.h" #include <krb5/kdb.h> @@ -77,11 +79,21 @@ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, krb5_db_entry *kdb, osa_princ_ent_rec *adb); krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name); +krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, + void (*iter_fct)(void *, krb5_principal), + void *data); int init_dict(kadm5_config_params *); int find_word(const char *word); void destroy_dict(void); +/* XXX this ought to be in libkrb5.a, but isn't */ +kadm5_ret_t krb5_copy_key_data_contents(krb5_context context, + krb5_key_data *from, + krb5_key_data *to); +kadm5_ret_t krb5_free_key_data_contents(krb5_context context, + krb5_key_data *key); + /* * *Warning* * *Warning* This is going to break if we diff --git a/usr/src/lib/krb5/kadm5/srv/Makefile.com b/usr/src/lib/krb5/kadm5/srv/Makefile.com index 20fde869e3..adc8b81255 100644 --- a/usr/src/lib/krb5/kadm5/srv/Makefile.com +++ b/usr/src/lib/krb5/kadm5/srv/Makefile.com @@ -86,7 +86,8 @@ CPPFLAGS += -I.. -I../.. -I../../.. \ -DENDRPCENT_TYPE=void -DHAVE_SYS_ERRLIST=1 -DNEED_SYS_ERRLIST=1 \ -DHAVE_SYSLOG_H=1 -DHAVE_OPENLOG=1 -DHAVE_SYSLOG=1 -DHAVE_CLOSELOG=1 \ -DHAVE_STEP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGCOMP=1 \ - -DHAVE_REGEXEC=1 -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 + -DHAVE_REGEXEC=1 -DHAVE_STRFTIME=1 -DHAVE_VSPRINTF=1 \ + -DUSE_KADM5_API_VERSION=2 CFLAGS += $(CCVERBOSE) -I.. diff --git a/usr/src/lib/krb5/kadm5/srv/adb_free.c b/usr/src/lib/krb5/kadm5/srv/adb_free.c index 1cef66e694..e9618da443 100644 --- a/usr/src/lib/krb5/kadm5/srv/adb_free.c +++ b/usr/src/lib/krb5/kadm5/srv/adb_free.c @@ -21,9 +21,13 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/adb_free.c,v 1.2 1996/10/18 19:45:49 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_free.c,v 1.3 2000/06/01 02:02:03 tritan Exp $ * * $Log: adb_free.c,v $ + * Revision 1.3 2000/06/01 02:02:03 tritan + * Check for existance of <memory.h>. + * (from Nathan Neulinger <nneul@umr.edu>) + * * Revision 1.2 1996/10/18 19:45:49 bjaspan * * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c: * include stdlib.h instead of malloc.h [krb5-admin/35] @@ -68,11 +72,13 @@ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/adb_free.c,v 1.2 1996/10/18 19:45:49 bjaspan Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_free.c,v 1.3 2000/06/01 02:02:03 tritan Exp $"; #endif #include "adb.h" +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif #include <stdlib.h> void diff --git a/usr/src/lib/krb5/kadm5/srv/adb_openclose.c b/usr/src/lib/krb5/kadm5/srv/adb_openclose.c index b3a0fedde2..8c1ad3862f 100644 --- a/usr/src/lib/krb5/kadm5/srv/adb_openclose.c +++ b/usr/src/lib/krb5/kadm5/srv/adb_openclose.c @@ -25,11 +25,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.4.2.1 2000/05/19 22:24:16 raeburn Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.8 2002/10/08 20:20:29 tlyu Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.4.2.1 2000/05/19 22:24:16 raeburn Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_openclose.c,v 1.8 2002/10/08 20:20:29 tlyu Exp $"; #endif #include <sys/file.h> @@ -50,15 +50,17 @@ osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename, { int lf; DB *db; - HASHINFO info; + BTREEINFO btinfo; - memset(&info, 0, sizeof(info)); - info.hash = NULL; - info.bsize = 256; - info.ffactor = 8; - info.nelem = 25000; - info.lorder = 0; - db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_HASH, &info); + memset(&btinfo, 0, sizeof(btinfo)); + btinfo.flags = 0; + btinfo.cachesize = 0; + btinfo.psize = 4096; + btinfo.lorder = 0; + btinfo.minkeypage = 0; + btinfo.compare = NULL; + btinfo.prefix = NULL; + db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo); if (db == NULL) return errno; if (db->close(db) < 0) @@ -94,23 +96,23 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, ret != EEXIST) return ret; - if (ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)) + if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic))) return ret; - if (ret = osa_adb_init_db(&todb, fileto, lockto, magic)) { + if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) { (void) osa_adb_fini_db(fromdb, magic); return ret; } - if (ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT)) { + if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; } - if (ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT)) { + if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; } - if (rename(filefrom, fileto) < 0) { + if ((rename(filefrom, fileto) < 0)) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return errno; @@ -119,7 +121,7 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, * Do not release the lock on fromdb because it is being renamed * out of existence; no one can ever use it again. */ - if (ret = osa_adb_release_lock(todb)) { + if ((ret = osa_adb_release_lock(todb))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; @@ -152,6 +154,13 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, db->info.nelem = 25000; db->info.lorder = 0; + db->btinfo.flags = 0; + db->btinfo.cachesize = 0; + db->btinfo.psize = 4096; + db->btinfo.lorder = 0; + db->btinfo.minkeypage = 0; + db->btinfo.compare = NULL; + db->btinfo.prefix = NULL; /* * A process is allowed to open the same database multiple times * and access it via different handles. If the handles use @@ -201,7 +210,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, /* now initialize lockp->lockinfo if necessary */ if (lockp->lockinfo.lockfile == NULL) { - if (code = krb5_init_context(&lockp->lockinfo.context)) { + if ((code = krb5_init_context(&lockp->lockinfo.context))) { free(db); return((osa_adb_ret_t) code); } @@ -229,6 +238,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, db->lock = &lockp->lockinfo; db->lock->refcnt++; + db->opencnt = 0; db->filename = strdup(filename); db->magic = magic; @@ -330,8 +340,6 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) if (perm) { if (unlink(db->lock->filename) < 0) { - int ret; - /* somehow we can't delete the file, but we already */ /* have the lock, so release it and return */ @@ -369,9 +377,9 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) 0600); if ((db->lock->lockfile = fdopen(fd, "w+F")) == NULL) return OSA_ADB_NOLOCKFILE; - } else if (ret = krb5_lock_file(db->lock->context, + } else if ((ret = krb5_lock_file(db->lock->context, fileno(db->lock->lockfile), - KRB5_LOCKMODE_UNLOCK)) + KRB5_LOCKMODE_UNLOCK))) return ret; db->lock->lockmode = 0; @@ -386,22 +394,36 @@ osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype) ret = osa_adb_get_lock(db, locktype); if (ret != OSA_ADB_OK) return ret; - - db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info); - if (db->db == NULL) { + if (db->opencnt) + goto open_ok; + + db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo); + if (db->db != NULL) + goto open_ok; + switch (errno) { +#ifdef EFTYPE + case EFTYPE: +#endif + case EINVAL: + db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info); + if (db->db != NULL) + goto open_ok; + default: (void) osa_adb_release_lock(db); - if(errno == EINVAL) + if (errno == EINVAL) return OSA_ADB_BAD_DB; return errno; } +open_ok: + db->opencnt++; return OSA_ADB_OK; } osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db) { - int ret; - - if(db->db->close(db->db) == -1) { + if (--db->opencnt) + return osa_adb_release_lock(db); + if(db->db != NULL && db->db->close(db->db) == -1) { (void) osa_adb_release_lock(db); return OSA_ADB_FAILURE; } @@ -410,4 +432,3 @@ osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db) return(osa_adb_release_lock(db)); } - diff --git a/usr/src/lib/krb5/kadm5/srv/adb_policy.c b/usr/src/lib/krb5/kadm5/srv/adb_policy.c index 16e464d106..460eb11621 100644 --- a/usr/src/lib/krb5/kadm5/srv/adb_policy.c +++ b/usr/src/lib/krb5/kadm5/srv/adb_policy.c @@ -21,11 +21,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.4 1996/10/18 19:45:50 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.4 1996/10/18 19:45:50 bjaspan Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $"; #endif #include <sys/file.h> @@ -33,28 +33,27 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_policy.c,v #include "adb.h" #include <stdlib.h> #include <string.h> +#include <errno.h> -extern int errno; extern caddr_t xdralloc_getdata(XDR *xdrs); extern void xdralloc_create(XDR *xdrs, enum xdr_op op); -extern osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, - char *fileto, char *lockto, int magic); + #define OPENLOCK(db, mode) \ { \ - int ret; \ + int olret; \ if (db == NULL) \ return EINVAL; \ else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \ return OSA_ADB_DBINIT; \ - else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \ - return ret; \ + else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \ + return olret; \ } #define CLOSELOCK(db) \ { \ - int ret; \ - if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \ - return ret; \ + int cl_ret; \ + if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \ + return cl_ret; \ } osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params) @@ -101,7 +100,7 @@ osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db) * * Arguments: * entry (input) pointer to the entry to be added - * <return value> OSA_ADB_OK on sucsess, else error code. + * <return value> OSA_ADB_OK on success, else error code. * * Requires: * entry have a valid name. @@ -176,7 +175,7 @@ error: * Arguments: * db (input) database handle * name (input) name of policy - * <return value> OSA_ADB_OK on sucsess, or error code. + * <return value> OSA_ADB_OK on success, or error code. * * Requires: * db being valid. @@ -234,7 +233,7 @@ error: * db (input) db handle * name (input) name of policy * entry (output) policy entry - * <return value> 0 on sucsess, error code on failure. + * <return value> 0 on success, error code on failure. * * Requires: * Effects: @@ -300,7 +299,7 @@ error: * Arguments: * db (input) db handle * entry (input) policy entry - * <return value> 0 on sucsess error code on failure. + * <return value> 0 on success error code on failure. * * Requires: * [requires] @@ -373,7 +372,7 @@ error: * db (input) db handle * func (input) fucntion pointer to call * data opaque data type - * <return value> 0 on sucsess error code on failure + * <return value> 0 on success error code on failure * * Requires: * Effects: diff --git a/usr/src/lib/krb5/kadm5/srv/adb_xdr.c b/usr/src/lib/krb5/kadm5/srv/adb_xdr.c index 1f882fea51..2ab1b85b6d 100644 --- a/usr/src/lib/krb5/kadm5/srv/adb_xdr.c +++ b/usr/src/lib/krb5/kadm5/srv/adb_xdr.c @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,7 +26,7 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1.2 1998/02/14 02:31:34 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1.4 2001/07/25 19:03:35 epeisach Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) @@ -38,10 +38,9 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/adb_xdr.c,v 1. #include <rpc/rpc.h> /* SUNWresync121 XXX */ #include "adb.h" #include "admin_xdr.h" +#ifdef HAVE_MEMORY_H #include <memory.h> - -extern bool_t -xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp); +#endif bool_t xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp) @@ -56,9 +55,10 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp) return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1])) return(FALSE); - if (!xdr_krb5_int16(xdrs, &objp->key_data_length[0])) + /* SUNW14resync */ + if (!xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[0])) return(FALSE); - if (!xdr_krb5_int16(xdrs, &objp->key_data_length[1])) + if (!xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[1])) return(FALSE); tmp = (unsigned int) objp->key_data_length[0]; diff --git a/usr/src/lib/krb5/kadm5/srv/mapfile-vers b/usr/src/lib/krb5/kadm5/srv/mapfile-vers index 074d6da1ce..4a92d4a409 100644 --- a/usr/src/lib/krb5/kadm5/srv/mapfile-vers +++ b/usr/src/lib/krb5/kadm5/srv/mapfile-vers @@ -36,19 +36,12 @@ SUNW_1.1 { SUNWprivate_1.1 { global: - acl_check; - acl_finish; - acl_impose_restrictions; - acl_init; + __kadm5_get_priv; + _kadm5_get_kpasswd_protocol; adb_policy_close; adb_policy_init; destroy_dict; find_word; - free_history_entry; - get_either_iter; - get_pols_iter; - get_princs_iter; - glob_to_regexp; handle_chpw; hist_db; hist_encblock; @@ -59,7 +52,6 @@ SUNWprivate_1.1 { kadm5_chpass_principal; kadm5_chpass_principal_3; kadm5_chpass_principal_util; - kadm5_chpass_principal_v2; kadm5_create_policy; kadm5_create_policy_internal; kadm5_create_principal; @@ -76,20 +68,18 @@ SUNWprivate_1.1 { kadm5_get_adm_host_srv_name; kadm5_get_config_params; kadm5_get_cpw_host_srv_name; - kadm5_get_either; kadm5_get_kiprop_host_srv_name; - _kadm5_get_kpasswd_protocol; kadm5_get_master; kadm5_get_policies; kadm5_get_policy; kadm5_get_principal; kadm5_get_principals; - __kadm5_get_priv; + kadm5_get_privs; kadm5_init; kadm5_init_iprop; kadm5_init_with_creds; kadm5_init_with_password; - kadm5_init_with_skey; + kadm5_lock; kadm5_modify_policy; kadm5_modify_policy_internal; kadm5_modify_principal; @@ -98,6 +88,11 @@ SUNWprivate_1.1 { kadm5_rename_principal; kadm5_setkey_principal; kadm5_setkey_principal_3; + kadm5_unlock; + kadm5int_acl_check; + kadm5int_acl_finish; + kadm5int_acl_impose_restrictions; + kadm5int_acl_init;kadm5_init_with_skey; kdb_delete_entry; kdb_free_entry; kdb_get_entry; @@ -106,6 +101,7 @@ SUNWprivate_1.1 { kdb_iter_entry; kdb_put_entry; krb5_aprof_finish; + krb5_aprof_get_boolean; krb5_aprof_get_deltat; krb5_aprof_get_int32; krb5_aprof_get_string; @@ -149,9 +145,6 @@ SUNWprivate_1.1 { osa_free_policy_ent; osa_free_princ_ent; passwd_check; - xdralloc_create; - xdralloc_getdata; - xdralloc_release; xdr_chpass3_arg; xdr_chpass_arg; xdr_chrand3_arg; @@ -180,14 +173,17 @@ SUNWprivate_1.1 { xdr_krb5_enctype; xdr_krb5_flags; xdr_krb5_int16; - xdr_krb5_keyblock; xdr_krb5_key_data; xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; xdr_krb5_kvno; xdr_krb5_octet; xdr_krb5_principal; + xdr_krb5_salttype; xdr_krb5_timestamp; xdr_krb5_tl_data; + xdr_krb5_ui_2; xdr_krb5_ui_4; xdr_mpol_arg; xdr_mprinc_arg; @@ -200,6 +196,9 @@ SUNWprivate_1.1 { xdr_setkey3_arg; xdr_setkey_arg; xdr_ui_4; + xdralloc_create; + xdralloc_getdata; + xdralloc_release; local: *; }; diff --git a/usr/src/lib/krb5/kadm5/srv/server_acl.c b/usr/src/lib/krb5/kadm5/srv/server_acl.c index fe31b9312d..df25e8ad65 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_acl.c +++ b/usr/src/lib/krb5/kadm5/srv/server_acl.c @@ -129,11 +129,11 @@ static const char *acl_catchall_entry = NULL; /* - * acl_get_line() - Get a line from the ACL file. + * kadm5int_acl_get_line() - Get a line from the ACL file. * Lines ending with \ are continued on the next line */ static char * -acl_get_line(fp, lnp) +kadm5int_acl_get_line(fp, lnp) FILE *fp; int *lnp; /* caller should set to 1 before first call */ { @@ -190,10 +190,10 @@ acl_get_line(fp, lnp) } /* - * acl_parse_line() - Parse the contents of an ACL line. + * kadm5int_acl_parse_line() - Parse the contents of an ACL line. */ static aent_t * -acl_parse_line(lp) +kadm5int_acl_parse_line(lp) const char *lp; { static char acle_principal[BUFSIZ]; @@ -205,7 +205,7 @@ acl_parse_line(lp) int t, found, opok, nmatch; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_parse_line(line=%20s)\n", lp)); + ("* kadm5int_acl_parse_line(line=%20s)\n", lp)); /* * Format is still simple: * entry ::= [<whitespace>] <principal> <whitespace> <opstring> @@ -229,7 +229,7 @@ acl_parse_line(lp) for (op=acle_ops; *op; op++) { char rop; - rop = (isupper(*op)) ? tolower(*op) : *op; + rop = (isupper((int) *op)) ? tolower((int) *op) : *op; found = 0; for (t=0; acl_op_table[t].ao_op; t++) { if (rop == acl_op_table[t].ao_op) { @@ -272,7 +272,7 @@ acl_parse_line(lp) char *trailing; trailing = &acle_restrictions[strlen(acle_restrictions)-1]; - while ( isspace(*trailing) ) + while ( isspace((int) *trailing) ) trailing--; trailing[1] = '\0'; acle->ae_restriction_string = strdup(acle_restrictions); @@ -285,12 +285,12 @@ acl_parse_line(lp) } } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_parse_line() = %x\n", (long) acle)); + ("X kadm5int_acl_parse_line() = %x\n", (long) acle)); return(acle); } /* - * acl_parse_restrictions() - Parse optional restrictions field + * kadm5int_acl_parse_restrictions() - Parse optional restrictions field * * Allowed restrictions are: * [+-]flagname (recognized by krb5_string_to_flags) @@ -304,23 +304,22 @@ acl_parse_line(lp) * Returns: 0 on success, or system errors */ static krb5_error_code -acl_parse_restrictions(s, rpp) +kadm5int_acl_parse_restrictions(s, rpp) char *s; restriction_t **rpp; { char *sp, *tp, *ap; static const char *delims = "\t\n\f\v\r ,"; - krb5_error_code ret; krb5_deltat dt; krb5_flags flag; krb5_error_code code; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); + ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); *rpp = (restriction_t *) NULL; code = 0; - if (s) + if (s) { if (!(sp = strdup(s)) /* Don't munge the original */ || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) { code = ENOMEM; @@ -378,6 +377,7 @@ acl_parse_restrictions(s, rpp) } } } + } if (sp) free(sp); if (*rpp && code) { @@ -387,19 +387,19 @@ acl_parse_restrictions(s, rpp) *rpp = (restriction_t *) NULL; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_parse_restrictions() = %d, mask=0x%08x\n", + ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n", code, (*rpp) ? (*rpp)->mask : 0)); return code; } /* - * acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp + * kadm5int_acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp * * Returns: 0 on success; * malloc or timeofday errors */ krb5_error_code -acl_impose_restrictions(kcontext, recp, maskp, rp) +kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp) krb5_context kcontext; kadm5_principal_ent_rec *recp; long *maskp; @@ -409,7 +409,7 @@ acl_impose_restrictions(kcontext, recp, maskp, rp) krb5_int32 now; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", + ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", *maskp, (long)rp)); if (!rp) return 0; @@ -462,20 +462,20 @@ acl_impose_restrictions(kcontext, recp, maskp, rp) *maskp |= KADM5_MAX_RLIFE; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); + ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); return 0; } /* - * acl_free_entries() - Free all ACL entries. + * kadm5int_acl_free_entries() - Free all ACL entries. */ static void -acl_free_entries() +kadm5int_acl_free_entries() { aent_t *ap; aent_t *np; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_free_entries()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n")); for (ap=acl_list_head; ap; ap = np) { if (ap->ae_name) free(ap->ae_name); @@ -497,14 +497,14 @@ acl_free_entries() } acl_list_head = acl_list_tail = (aent_t *) NULL; acl_inited = 0; - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_free_entries()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_free_entries()\n")); } /* - * acl_load_acl_file() - Open and parse the ACL file. + * kadm5int_acl_load_acl_file() - Open and parse the ACL file. */ static int -acl_load_acl_file() +kadm5int_acl_load_acl_file() { FILE *afp; char *alinep; @@ -512,16 +512,17 @@ acl_load_acl_file() int alineno; int retval = 1; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n")); /* Open the ACL file for read */ - if (afp = fopen(acl_acl_file, "rF")) { + afp = fopen(acl_acl_file, "rF"); + if (afp) { alineno = 1; aentpp = &acl_list_head; /* Get a non-comment line */ - while (alinep = acl_get_line(afp, &alineno)) { + while ((alinep = kadm5int_acl_get_line(afp, &alineno))) { /* Parse it */ - *aentpp = acl_parse_line(alinep); + *aentpp = kadm5int_acl_parse_line(alinep); /* If syntax error, then fall out */ if (!*aentpp) { krb5_klog_syslog(LOG_ERR, ACL_SYN_ERR_MSG, @@ -536,7 +537,8 @@ acl_load_acl_file() fclose(afp); if (acl_catchall_entry) { - if (*aentpp = acl_parse_line(acl_catchall_entry)) { + *aentpp = kadm5int_acl_parse_line(acl_catchall_entry); + if (*aentpp) { acl_list_tail = *aentpp; } else { @@ -551,7 +553,7 @@ acl_load_acl_file() krb5_klog_syslog(LOG_ERR, ACL_CANTOPEN_MSG, error_message(errno), acl_acl_file); if (acl_catchall_entry && - (acl_list_head = acl_parse_line((char *)acl_catchall_entry))) { + (acl_list_head = kadm5int_acl_parse_line((char *)acl_catchall_entry))) { acl_list_tail = acl_list_head; } else { @@ -563,20 +565,20 @@ acl_load_acl_file() } if (!retval) { - acl_free_entries(); + kadm5int_acl_free_entries(); } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_load_acl_file() = %d\n", retval)); + ("X kadm5int_acl_load_acl_file() = %d\n", retval)); return(retval); } /* - * acl_match_data() - See if two data entries match. + * kadm5int_acl_match_data() - See if two data entries match. * * Wildcarding is only supported for a whole component. */ static krb5_boolean -acl_match_data(e1, e2, targetflag, ws) +kadm5int_acl_match_data(e1, e2, targetflag, ws) krb5_data *e1, *e2; int targetflag; wildstate_t *ws; @@ -591,7 +593,7 @@ acl_match_data(e1, e2, targetflag, ws) if (ws && !targetflag) { if (ws->nwild >= 9) { DPRINT(DEBUG_ACL, acl_debug_level, - ("Too many wildcards in ACL entry %s\n", e1->data)); + ("Too many wildcards in ACL entry %s\n", e1->data)); } else ws->backref[ws->nwild++] = e2; @@ -602,7 +604,7 @@ acl_match_data(e1, e2, targetflag, ws) int n = e1->data[1] - '1'; if (n >= ws->nwild) { DPRINT(DEBUG_ACL, acl_debug_level, - ("Too many backrefs in ACL entry %s\n", e1->data)); + ("Too many backrefs in ACL entry %s\n", e1->data)); } else if ((ws->backref[n]->length == e2->length) && (!strncmp(ws->backref[n]->data, e2->data, e2->length))) @@ -619,10 +621,10 @@ acl_match_data(e1, e2, targetflag, ws) } /* - * acl_find_entry() - Find a matching entry. + * kadm5int_acl_find_entry() - Find a matching entry. */ static aent_t * -acl_find_entry(kcontext, principal, dest_princ) +kadm5int_acl_find_entry(kcontext, principal, dest_princ) krb5_context kcontext; krb5_principal principal; krb5_principal dest_princ; @@ -633,7 +635,7 @@ acl_find_entry(kcontext, principal, dest_princ) int matchgood; wildstate_t state; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_find_entry()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n")); memset((char *)&state, 0, sizeof state); for (entry=acl_list_head; entry; entry = entry->ae_next) { if (entry->ae_name_bad) @@ -656,12 +658,12 @@ acl_find_entry(kcontext, principal, dest_princ) continue; } matchgood = 0; - if (acl_match_data(&entry->ae_principal->realm, + if (kadm5int_acl_match_data(&entry->ae_principal->realm, &principal->realm, 0, (wildstate_t *)0) && (entry->ae_principal->length == principal->length)) { matchgood = 1; for (i=0; i<principal->length; i++) { - if (!acl_match_data(&entry->ae_principal->data[i], + if (!kadm5int_acl_match_data(&entry->ae_principal->data[i], &principal->data[i], 0, &state)) { matchgood = 0; break; @@ -673,46 +675,44 @@ acl_find_entry(kcontext, principal, dest_princ) continue; /* We've matched the principal. If we have a target, then try it */ - if (entry->ae_target) { - if (!strcmp(entry->ae_target, "*")) - break; + if (entry->ae_target && strcmp(entry->ae_target, "*")) { if (!entry->ae_target_princ && !entry->ae_target_bad) { kret = krb5_parse_name(kcontext, entry->ae_target, &entry->ae_target_princ); if (kret) entry->ae_target_bad = 1; } - } - if (entry->ae_target_bad) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Bad target in ACL entry for %s\n", entry->ae_name)); - entry->ae_name_bad = 1; - continue; - } - if (entry->ae_target && !dest_princ) - matchgood = 0; - else if (entry->ae_target && entry->ae_target_princ && dest_princ) { - if (acl_match_data(&entry->ae_target_princ->realm, - &dest_princ->realm, 1, (wildstate_t *)0) && - (entry->ae_target_princ->length == dest_princ->length)) { - for (i=0; i<dest_princ->length; i++) { - if (!acl_match_data(&entry->ae_target_princ->data[i], - &dest_princ->data[i], 1, &state)) { - matchgood = 0; - break; + if (entry->ae_target_bad) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Bad target in ACL entry for %s\n", entry->ae_name)); + entry->ae_name_bad = 1; + continue; + } + if (!dest_princ) + matchgood = 0; + else if (entry->ae_target_princ && dest_princ) { + if (kadm5int_acl_match_data(&entry->ae_target_princ->realm, + &dest_princ->realm, 1, (wildstate_t *)0) && + (entry->ae_target_princ->length == dest_princ->length)) { + for (i=0; i<dest_princ->length; i++) { + if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i], + &dest_princ->data[i], 1, &state)) { + matchgood = 0; + break; + } } - } + } + else + matchgood = 0; } - else - matchgood = 0; - } + } if (!matchgood) continue; if (entry->ae_restriction_string && !entry->ae_restriction_bad && !entry->ae_restrictions - && acl_parse_restrictions(entry->ae_restriction_string, + && kadm5int_acl_parse_restrictions(entry->ae_restriction_string, &entry->ae_restrictions)) { DPRINT(DEBUG_ACL, acl_debug_level, ("Bad restrictions in ACL entry for %s\n", entry->ae_name)); @@ -724,15 +724,15 @@ acl_find_entry(kcontext, principal, dest_princ) } break; } - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_find_entry()=%x\n",entry)); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry)); return(entry); } /* - * acl_init() - Initialize ACL context. + * kadm5int_acl_init() - Initialize ACL context. */ krb5_error_code -acl_init(kcontext, debug_level, acl_file) +kadm5int_acl_init(kcontext, debug_level, acl_file) krb5_context kcontext; int debug_level; char *acl_file; @@ -742,30 +742,30 @@ acl_init(kcontext, debug_level, acl_file) kret = 0; acl_debug_level = debug_level; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_init(afile=%s)\n", + ("* kadm5int_acl_init(afile=%s)\n", ((acl_file) ? acl_file : "(null)"))); acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL; - acl_inited = acl_load_acl_file(); + acl_inited = kadm5int_acl_load_acl_file(); - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_init() = %d\n", kret)); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_init() = %d\n", kret)); return(kret); } /* - * acl_finish - Terminate ACL context. + * kadm5int_acl_finish - Terminate ACL context. */ void -acl_finish(kcontext, debug_level) +kadm5int_acl_finish(kcontext, debug_level) krb5_context kcontext; int debug_level; { - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_finish()\n")); - acl_free_entries(); - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_finish()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n")); + kadm5int_acl_free_entries(); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_finish()\n")); } /* - * acl_check() - Is this operation permitted for this principal? + * kadm5int_acl_check() - Is this operation permitted for this principal? * this code used not to be based on gssapi. In order * to minimize porting hassles, I've put all the * gssapi hair in this function. This might not be @@ -773,7 +773,7 @@ acl_finish(kcontext, debug_level) * solution is, of course, a real authorization service.) */ krb5_boolean -acl_check(kcontext, caller, opmask, principal, restrictions) +kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions) krb5_context kcontext; gss_name_t caller; krb5_int32 opmask; @@ -806,7 +806,9 @@ acl_check(kcontext, caller, opmask, principal, restrictions) return(code); retval = 0; - if (aentry = acl_find_entry(kcontext, caller_princ, principal)) { + + aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal); + if (aentry) { if ((aentry->ae_op_allowed & opmask) == opmask) { retval = 1; if (restrictions) { @@ -828,8 +830,6 @@ acl_check(kcontext, caller, opmask, principal, restrictions) kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { - kadm5_server_handle_t handle = server_handle; - CHECK_HANDLE(server_handle); /* this is impossible to do with the current interface. For now, @@ -869,7 +869,7 @@ __kadm5_get_priv(void *server_handle, long *privs, gss_name_t client) if (k_error) return(retval); - if (aentry = acl_find_entry(handle->context, caller_principal, + if (aentry = kadm5int_acl_find_entry(handle->context, caller_principal, (krb5_principal)NULL)) *privs = aentry->ae_op_allowed; krb5_free_principal(handle->context, caller_principal); diff --git a/usr/src/lib/krb5/kadm5/srv/server_acl.h b/usr/src/lib/krb5/kadm5/srv/server_acl.h index 756c3d7b4a..ffe618c82c 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_acl.h +++ b/usr/src/lib/krb5/kadm5/srv/server_acl.h @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -118,20 +118,20 @@ typedef struct _restriction { char *policy; } restriction_t; -krb5_error_code acl_init +krb5_error_code kadm5int_acl_init (krb5_context, int, char *); -void acl_finish +void kadm5int_acl_finish (krb5_context, int); -krb5_boolean acl_check +krb5_boolean kadm5int_acl_check (krb5_context, gss_name_t, krb5_int32, krb5_principal, restriction_t **); -krb5_error_code acl_impose_restrictions +krb5_error_code kadm5int_acl_impose_restrictions (krb5_context, kadm5_principal_ent_rec *, long *, diff --git a/usr/src/lib/krb5/kadm5/srv/server_dict.c b/usr/src/lib/krb5/kadm5/srv/server_dict.c index f823502d4e..f79262da8c 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_dict.c +++ b/usr/src/lib/krb5/kadm5/srv/server_dict.c @@ -21,11 +21,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/server_dict.c,v 1.2 1996/10/18 19:45:52 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_dict.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/server_dict.c,v 1.2 1996/10/18 19:45:52 bjaspan Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_dict.c,v 1.7 2003/01/05 23:27:59 hartmans Exp $"; #endif #include <sys/types.h> @@ -33,19 +33,23 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo #include <fcntl.h> #include <sys/stat.h> #include <unistd.h> +#include <errno.h> #include <kadm5/admin.h> #include <stdlib.h> #include <stdio.h> #include <string.h> +#ifdef HAVE_MEMORY_H #include <memory.h> +#endif +#include "adm_proto.h" #include <syslog.h> #include <libintl.h> #include "server_internal.h" static char **word_list = NULL; /* list of word pointers */ static char *word_block = NULL; /* actual word data */ -static int word_count = 0; /* number of words */ -extern int errno; +static unsigned int word_count = 0; /* number of words */ + /* * Function: word_compare @@ -65,7 +69,7 @@ extern int errno; static int word_compare(const void *s1, const void *s2) { - return (strcasecmp(*(char **)s1, *(char **)s2)); + return (strcasecmp(*(const char **)s1, *(const char **)s2)); } /* @@ -75,7 +79,7 @@ word_compare(const void *s1, const void *s2) * * Arguments: * none - * <return value> KADM5_OK on sucsess errno on failure; + * <return value> KADM5_OK on success errno on failure; * (but success on ENOENT) * * Requires: @@ -106,7 +110,7 @@ int init_dict(kadm5_config_params *params) if(word_list != NULL && word_block != NULL) return KADM5_OK; if (! (params->mask & KADM5_CONFIG_DICT_FILE)) { - syslog(LOG_INFO, + krb5_klog_syslog(LOG_INFO, dgettext(TEXT_DOMAIN, "No dictionary file specified, continuing " "without one.")); @@ -114,7 +118,7 @@ int init_dict(kadm5_config_params *params) } if ((fd = open(params->dict_file, O_RDONLY)) == -1) { if (errno == ENOENT) { - syslog(LOG_ERR, + krb5_klog_syslog(LOG_ERR, dgettext(TEXT_DOMAIN, "WARNING! Cannot find dictionary file %s, " "continuing without one."), params->dict_file); diff --git a/usr/src/lib/krb5/kadm5/srv/server_init.c b/usr/src/lib/krb5/kadm5/srv/server_init.c index 7d2ee2a540..7f32ba7f79 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_init.c +++ b/usr/src/lib/krb5/kadm5/srv/server_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,12 +26,12 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * - * $Id: server_init.c,v 1.5 1997/10/13 15:03:13 epeisach Exp $ + * $Id: server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $ * $Source: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.5 1997/10/13 15:03:13 epeisach Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $"; #endif #include <stdio.h> @@ -138,7 +138,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ENOMEM; memset(handle, 0, sizeof(*handle)); - if (ret = (int) krb5_init_context(&(handle->context))) { + ret = (int) krb5_init_context(&(handle->context)); + if (ret) { free(handle); return(ret); } @@ -178,11 +179,10 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return KADM5_BAD_SERVER_PARAMS; } - if (ret = kadm5_get_config_params(handle->context, - (char *) NULL, - (char *) NULL, - params_in, - &handle->params)) { + ret = kadm5_get_config_params(handle->context, (char *) NULL, + (char *) NULL, params_in, + &handle->params); + if (ret) { krb5_free_context(handle->context); free(handle); return(ret); @@ -195,23 +195,26 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, KADM5_CONFIG_FLAGS | \ KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \ KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) + if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { krb5_free_context(handle->context); free(handle); return KADM5_MISSING_CONF_PARAMS; } - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - if (ret = krb5_db_set_name(handle->context, - handle->params.dbname)) { + /* + * Set the db_name based on configuration before calling + * krb5_db_init, so it will get used. + */ + + ret = krb5_db_set_name(handle->context, handle->params.dbname); + if (ret) { free(handle); return(ret); } - if (ret = krb5_db_init(handle->context)) { + ret = krb5_db_init(handle->context); + if (ret) { krb5_free_context(handle->context); free(handle); return(ret); @@ -225,69 +228,73 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ret; } - if (! (handle->lhandle = malloc(sizeof(*handle)))) { - krb5_db_fini(handle->context); - krb5_free_context(handle->context); - free(handle); - return ENOMEM; - } - *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_2; - handle->lhandle->struct_version = KADM5_STRUCT_VERSION; - handle->lhandle->lhandle = handle->lhandle; - - /* can't check the handle until current_caller is set */ - if (ret = check_handle((void *) handle)) { - free(handle); - return ret; - } - - /* - * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL - * or an empty string, reads the master password from [the stash - * file]. Otherwise, the non-NULL password is ignored and the - * user is prompted for it via the tty." However, the code was - * implemented the other way: when a non-NULL password was - * provided, the stash file was used. This is somewhat more - * sensible, as then a local or remote client that provides a - * password does not prompt the user. This code maintains the - * previous actual behavior, and not the old spec behavior, - * because that is how the unit tests are written. - * - * In KADM5_API_VERSION_2, this decision is controlled by - * params. - * - * kdb_init_master's third argument is "from_keyboard". - */ - if (ret = kdb_init_master(handle, handle->params.realm, - (handle->api_version == KADM5_API_VERSION_1 ? - ((pass == NULL) || !(strlen(pass))) : - ((handle->params.mask & - KADM5_CONFIG_MKEY_FROM_KBD) && - handle->params.mkey_from_kbd)) - )) { + if (! (handle->lhandle = malloc(sizeof(*handle)))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); free(handle); - return ret; + return ENOMEM; } - - if ((ret = kdb_init_hist(handle, handle->params.realm))) { + *handle->lhandle = *handle; + handle->lhandle->api_version = KADM5_API_VERSION_2; + handle->lhandle->struct_version = KADM5_STRUCT_VERSION; + handle->lhandle->lhandle = handle->lhandle; + + /* can't check the handle until current_caller is set */ + ret = check_handle((void *) handle); + if (ret) { + free(handle); + return ret; + } + + /* + * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL + * or an empty string, reads the master password from [the stash + * file]. Otherwise, the non-NULL password is ignored and the + * user is prompted for it via the tty." However, the code was + * implemented the other way: when a non-NULL password was + * provided, the stash file was used. This is somewhat more + * sensible, as then a local or remote client that provides a + * password does not prompt the user. This code maintains the + * previous actual behavior, and not the old spec behavior, + * because that is how the unit tests are written. + * + * In KADM5_API_VERSION_2, this decision is controlled by + * params. + * + * kdb_init_master's third argument is "from_keyboard". + */ + ret = kdb_init_master(handle, handle->params.realm, + (handle->api_version == KADM5_API_VERSION_1 ? + ((pass == NULL) || !(strlen(pass))) : + ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) + && handle->params.mkey_from_kbd) + )); + if (ret) { + krb5_db_fini(handle->context); + krb5_free_context(handle->context); + free(handle); + return ret; + } + + ret = kdb_init_hist(handle, handle->params.realm); + if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); free(handle); return ret; } - if (ret = init_dict(&handle->params)) { - krb5_db_fini(handle->context); + ret = init_dict(&handle->params); + if (ret) { + krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); free(handle); return ret; } - if (ret = adb_policy_init(handle)) { + ret = adb_policy_init(handle); + if (ret) { krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); @@ -321,6 +328,38 @@ kadm5_ret_t kadm5_destroy(void *server_handle) return KADM5_OK; } +kadm5_ret_t kadm5_lock(void *server_handle) +{ + kadm5_server_handle_t handle = server_handle; + kadm5_ret_t ret; + + CHECK_HANDLE(server_handle); + ret = osa_adb_open_and_lock(handle->policy_db, OSA_ADB_EXCLUSIVE); + if (ret) + return ret; + ret = krb5_db_lock(handle->context, KRB5_LOCKMODE_EXCLUSIVE); + if (ret) + return ret; + + return KADM5_OK; +} + +kadm5_ret_t kadm5_unlock(void *server_handle) +{ + kadm5_server_handle_t handle = server_handle; + kadm5_ret_t ret; + + CHECK_HANDLE(server_handle); + ret = osa_adb_close_and_unlock(handle->policy_db); + if (ret) + return ret; + ret = krb5_db_unlock(handle->context); + if (ret) + return ret; + + return KADM5_OK; +} + kadm5_ret_t kadm5_flush(void *server_handle) { kadm5_server_handle_t handle = server_handle; diff --git a/usr/src/lib/krb5/kadm5/srv/server_kdb.c b/usr/src/lib/krb5/kadm5/srv/server_kdb.c index 431d718ed1..0beac7d875 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_kdb.c +++ b/usr/src/lib/krb5/kadm5/srv/server_kdb.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -25,11 +25,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.2 1998/10/30 02:54:39 marc Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.4 2003/06/13 22:30:59 tlyu Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.2 1998/10/30 02:54:39 marc Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_kdb.c,v 1.4 2003/06/13 22:30:59 tlyu Exp $"; #endif #include <stdio.h> @@ -59,7 +59,10 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, { int ret = 0; char *realm; - krb5_keyblock tmk; + krb5_boolean from_kbd = FALSE; + + if (from_keyboard) + from_kbd = TRUE; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) @@ -73,14 +76,15 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, realm, NULL, &master_princ))) goto done; - if (ret = krb5_db_fetch_mkey(handle->context, master_princ, - handle->params.enctype, - from_keyboard, - FALSE /* only prompt once */, - handle->params.stash_file, - NULL /* I'm not sure about this, - but it's what the kdc does --marc */, - &handle->master_keyblock)) + + ret = krb5_db_fetch_mkey(handle->context, master_princ, + handle->params.enctype, from_kbd, + FALSE /* only prompt once */, + handle->params.stash_file, + NULL /* I'm not sure about this, + but it's what the kdc does --marc */, + &handle->master_keyblock); + if (ret) goto done; if ((ret = krb5_db_init(handle->context)) != KSUCCESS) @@ -171,11 +175,10 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) ks[0].ks_enctype = handle->params.enctype; ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; ret = kadm5_create_principal_3(handle, &ent, - (KADM5_PRINCIPAL | - KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), + (KADM5_PRINCIPAL | KADM5_MAX_LIFE | + KADM5_ATTRIBUTES), 1, ks, - "to-be-random"); + "to-be-random"); if (ret) goto done; @@ -200,12 +203,12 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) } ret = krb5_dbe_find_enctype(handle->context, &hist_db, - handle->params.enctype, -1, -1, &key_data); + handle->params.enctype, -1, -1, &key_data); if (ret) goto done; ret = krb5_dbekd_decrypt_key_data(handle->context, - &handle->master_keyblock, key_data, &hist_key, NULL); + &handle->master_keyblock, key_data, &hist_key, NULL); if (ret) goto done; @@ -247,8 +250,9 @@ kdb_get_entry(kadm5_server_handle_t handle, krb5_tl_data tl_data; XDR xdrs; - if (ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, - &more)) + ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, + &more); + if (ret) return(ret); if (more) { @@ -357,11 +361,13 @@ kdb_put_entry(kadm5_server_handle_t handle, krb5_tl_data tl_data; int one; - if (ret = krb5_timeofday(handle->context, &now)) + ret = krb5_timeofday(handle->context, &now); + if (ret) return(ret); - if (ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, - handle->current_caller)) + ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, + handle->current_caller); + if (ret) return(ret); xdralloc_create(&xdrs, XDR_ENCODE); @@ -382,7 +388,8 @@ kdb_put_entry(kadm5_server_handle_t handle, one = 1; - if (ret = krb5_db_put_principal(handle->context, kdb, &one)) + ret = krb5_db_put_principal(handle->context, kdb, &one); + if (ret) return(ret); return(0); @@ -424,9 +431,11 @@ kdb_iter_entry(kadm5_server_handle_t handle, id.func = iter_fct; id.data = data; - if (ret = krb5_db_iterate(handle->context, kdb_iter_func, &id)) + ret = krb5_db_iterate(handle->context, kdb_iter_func, &id); + if (ret) return(ret); return(0); } + diff --git a/usr/src/lib/krb5/kadm5/srv/server_misc.c b/usr/src/lib/krb5/kadm5/srv/server_misc.c index 8ec8658c32..b2283e973b 100644 --- a/usr/src/lib/krb5/kadm5/srv/server_misc.c +++ b/usr/src/lib/krb5/kadm5/srv/server_misc.c @@ -21,11 +21,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.2 1997/08/07 00:23:11 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.2 1997/08/07 00:23:11 tlyu Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $"; #endif #include "k5-int.h" @@ -61,6 +61,7 @@ adb_policy_close(kadm5_server_handle_t handle) return KADM5_OK; } +#ifdef HESIOD /* stolen from v4sever/kadm_funcs.c */ static char * reverse(str) @@ -81,7 +82,9 @@ reverse(str) return(newstr); } +#endif /* HESIOD */ +#if 0 static int lower(str) char *str; @@ -97,7 +100,9 @@ lower(str) } return(effect); } +#endif +#ifdef HESIOD static int str_check_gecos(gecos, pwstr) char *gecos; @@ -130,6 +135,7 @@ str_check_gecos(gecos, pwstr) } return 0; } +#endif /* HESIOD */ /* some of this is stolen from gatekeeper ... */ kadm5_ret_t @@ -153,17 +159,17 @@ passwd_check(kadm5_server_handle_t handle, return KADM5_PASS_Q_TOOSHORT; s = password; while ((c = *s++)) { - if (islower(c)) { + if (islower((int) c)) { nlower = 1; continue; } - else if (isupper(c)) { + else if (isupper((int) c)) { nupper = 1; continue; - } else if (isdigit(c)) { + } else if (isdigit((int) c)) { ndigit = 1; continue; - } else if (ispunct(c)) { + } else if (ispunct((int) c)) { npunct = 1; continue; } else { @@ -176,13 +182,12 @@ passwd_check(kadm5_server_handle_t handle, if((find_word(password) == KADM5_OK)) return KADM5_PASS_Q_DICT; else { - char *cp; - int c, n = krb5_princ_size(handle->context, principal); + int i, n = krb5_princ_size(handle->context, principal); cp = krb5_princ_realm(handle->context, principal)->data; if (strcasecmp(cp, password) == 0) return KADM5_PASS_Q_DICT; - for (c = 0; c < n ; c++) { - cp = krb5_princ_component(handle->context, principal, c)->data; + for (i = 0; i < n ; i++) { + cp = krb5_princ_component(handle->context, principal, i)->data; if (strcasecmp(cp, password) == 0) return KADM5_PASS_Q_DICT; #ifdef HESIOD diff --git a/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c b/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c index c8ea05e655..e010d27f68 100644 --- a/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c +++ b/usr/src/lib/krb5/kadm5/srv/svr_chpass_util.c @@ -1,5 +1,5 @@ /* - * Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -31,7 +31,7 @@ kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, char *new_pw, char **ret_pw, char *msg_ret, - int msg_len) + unsigned int msg_len) { kadm5_server_handle_t handle = server_handle; diff --git a/usr/src/lib/krb5/kadm5/srv/svr_iters.c b/usr/src/lib/krb5/kadm5/srv/svr_iters.c index 075ed7a0db..a20db95242 100644 --- a/usr/src/lib/krb5/kadm5/srv/svr_iters.c +++ b/usr/src/lib/krb5/kadm5/srv/svr_iters.c @@ -21,11 +21,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v 1.2 1996/11/07 21:43:14 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_iters.c,v 1.6 2003/01/12 18:17:02 epeisach Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v 1.2 1996/11/07 21:43:14 bjaspan Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_iters.c,v 1.6 2003/01/12 18:17:02 epeisach Exp $"; #endif #if defined(HAVE_COMPILE) && defined(HAVE_STEP) @@ -42,7 +42,6 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo #include <string.h> #include <kadm5/admin.h> #include "adb.h" -#include <dyn/dyn.h> #ifdef SOLARIS_REGEXPS #include <regexpr.h> #endif @@ -59,7 +58,9 @@ kdb_iter_entry(kadm5_server_handle_t handle, struct iter_data { krb5_context context; - DynObject matches; + char **names; + int n_names, sz_names; + unsigned int malloc_failed; char *exp; #ifdef SOLARIS_REGEXPS char *expbuf; @@ -96,7 +97,7 @@ struct iter_data { * other characters are copied * regexp is anchored with ^ and $ */ -kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) +static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) { int append_realm; char *p; @@ -151,26 +152,38 @@ kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) return KADM5_OK; } -void get_either_iter(struct iter_data *data, char *name) +static void get_either_iter(struct iter_data *data, char *name) { - if ( + int match; #ifdef SOLARIS_REGEXPS - (step(name, data->expbuf) != 0) + match = (step(name, data->expbuf) != 0); #endif #ifdef POSIX_REGEXPS - (regexec(&data->preg, name, 0, NULL, 0) == 0) + match = (regexec(&data->preg, name, 0, NULL, 0) == 0); #endif #ifdef BSD_REGEXPS - (re_exec(name) != 0) + match = (re_exec(name) != 0); #endif - ) - { - (void) DynAdd(data->matches, &name); + if (match) { + if (data->n_names == data->sz_names) { + int new_sz = data->sz_names * 2; + char **new_names = realloc(data->names, + new_sz * sizeof(char *)); + if (new_names) { + data->names = new_names; + data->sz_names = new_sz; + } else { + data->malloc_failed = 1; + free(name); + return; + } + } + data->names[data->n_names++] = name; } else free(name); } -void get_pols_iter(void *data, osa_policy_ent_t entry) +static void get_pols_iter(void *data, osa_policy_ent_t entry) { char *name; @@ -179,7 +192,7 @@ void get_pols_iter(void *data, osa_policy_ent_t entry) get_either_iter(data, name); } -void get_princs_iter(void *data, krb5_principal princ) +static void get_princs_iter(void *data, krb5_principal princ) { struct iter_data *id = (struct iter_data *) data; char *name; @@ -189,15 +202,18 @@ void get_princs_iter(void *data, krb5_principal princ) get_either_iter(data, name); } -kadm5_ret_t kadm5_get_either(int princ, +static kadm5_ret_t kadm5_get_either(int princ, void *server_handle, char *exp, char ***princs, int *count) { struct iter_data data; - char *msg, *regexp; - int ret; +#ifdef BSD_REGEXPS + char *msg; +#endif + char *regexp; + int i, ret; kadm5_server_handle_t handle = server_handle; *count = 0; @@ -227,7 +243,11 @@ kadm5_ret_t kadm5_get_either(int princ, return EINVAL; } - if ((data.matches = DynCreate(sizeof(char *), -4)) == NULL) { + data.n_names = 0; + data.sz_names = 10; + data.malloc_failed = 0; + data.names = malloc(sizeof(char *) * data.sz_names); + if (data.names == NULL) { free(regexp); return ENOMEM; } @@ -239,16 +259,21 @@ kadm5_ret_t kadm5_get_either(int princ, ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data); } + free(regexp); +#ifdef POSIX_REGEXPS + regfree(&data.preg); +#endif + if (ret == OSA_ADB_OK && data.malloc_failed) + ret = ENOMEM; if (ret != OSA_ADB_OK) { - free(regexp); - DynDestroy(data.matches); + for (i = 0; i < data.n_names; i++) + free(data.names[i]); + free(data.names); return ret; } - (*princs) = (char **) DynArray(data.matches); - *count = DynSize(data.matches); - DynRelease(data.matches); - free(regexp); + *princs = data.names; + *count = data.n_names; return KADM5_OK; } diff --git a/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c b/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c index fa3b7e58a6..a552c4e2b4 100644 --- a/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c +++ b/usr/src/lib/krb5/kadm5/srv/svr_misc_free.c @@ -21,12 +21,12 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $ * */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_misc_free.c,v 1.2 1996/10/18 19:45:53 bjaspan Exp $"; #endif #include <kadm5/admin.h> #include <stdlib.h> diff --git a/usr/src/lib/krb5/kadm5/srv/svr_policy.c b/usr/src/lib/krb5/kadm5/srv/svr_policy.c index b651f4b40d..de1abc1c9b 100644 --- a/usr/src/lib/krb5/kadm5/srv/svr_policy.c +++ b/usr/src/lib/krb5/kadm5/srv/svr_policy.c @@ -21,11 +21,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_policy.c,v 1.1 1996/07/24 22:23:36 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_policy.c,v 1.1 1996/07/24 22:23:36 tlyu Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $"; #endif #include <sys/types.h> @@ -49,7 +49,7 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroo * entry (input) The policy entry to be written out to the DB. * mask (input) Specifies which fields in entry are to ge written out * and which get default values. - * <return value> 0 if sucsessfull otherwise an error code is returned. + * <return value> 0 if successful otherwise an error code is returned. * * Requires: * Entry must be a valid principal entry, and mask have a valid value. @@ -82,14 +82,14 @@ kadm5_create_policy(void *server_handle, * entry (input) The policy entry to be written out to the DB. * mask (input) Specifies which fields in entry are to ge written out * and which get default values. - * <return value> 0 if sucsessfull otherwise an error code is returned. + * <return value> 0 if successful otherwise an error code is returned. * * Requires: * Entry must be a valid principal entry, and mask have a valid value. * * Effects: * Writes the data to the database, and does a database sync if - * sucsessfull. + * successful. * */ diff --git a/usr/src/lib/krb5/kadm5/srv/svr_principal.c b/usr/src/lib/krb5/kadm5/srv/svr_principal.c index 92e498808d..19f3946f73 100644 --- a/usr/src/lib/krb5/kadm5/srv/svr_principal.c +++ b/usr/src/lib/krb5/kadm5/srv/svr_principal.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -26,11 +26,11 @@ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * - * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.19 2000/02/27 22:18:16 tlyu Exp $ + * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.30.8.1 2004/12/20 21:16:20 tlyu Exp $ */ #if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.19 2000/02/27 22:18:16 tlyu Exp $"; +static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v 1.30.8.1 2004/12/20 21:16:20 tlyu Exp $"; #endif #include <sys/types.h> @@ -44,6 +44,9 @@ static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal. #include "server_internal.h" #include <stdarg.h> #include <stdlib.h> +#ifdef USE_PASSWORD_SERVER +#include <sys/wait.h> +#endif extern krb5_principal master_princ; extern krb5_principal hist_princ; @@ -56,8 +59,8 @@ extern kadm5_ret_t krb5_free_key_data_contents(krb5_context context, krb5_key_data *key); static int decrypt_key_data(krb5_context context, - krb5_keyblock *, int n_key_data, krb5_key_data *key_data, - krb5_keyblock **keyblocks, int *n_keys); + krb5_keyblock *, int n_key_data, krb5_key_data *key_data, + krb5_keyblock **keyblocks, int *n_keys); /* * XXX Functions that ought to be in libkrb5.a, but aren't. @@ -135,8 +138,9 @@ kadm5_create_principal(void *server_handle, * Default to using the new API with the default set of * key/salt combinations. */ - return (kadm5_create_principal_3(server_handle, entry, mask, - 0, NULL, password)); + return + kadm5_create_principal_3(server_handle, entry, mask, + 0, NULL, password); } kadm5_ret_t kadm5_create_principal_3(void *server_handle, @@ -200,8 +204,8 @@ kadm5_create_principal_3(void *server_handle, return ret; } } - if (ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal)) { + if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY), + &polent, entry->principal))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return ret; @@ -211,10 +215,10 @@ kadm5_create_principal_3(void *server_handle, * "defaults" for fields that were not specified by the * mask. */ - if (ret = krb5_timeofday(handle->context, &now)) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + if ((ret = krb5_timeofday(handle->context, &now))) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; } kdb.magic = KRB5_KDB_MAGIC_NUMBER; @@ -229,7 +233,7 @@ kadm5_create_principal_3(void *server_handle, kdb.attributes = handle->params.flags; kdb.attributes |= entry->attributes; } else { - kdb.attributes = handle->params.flags; + kdb.attributes = handle->params.flags; } if ((mask & KADM5_MAX_LIFE)) @@ -265,28 +269,28 @@ kadm5_create_principal_3(void *server_handle, to free the entire kdb entry, and that will try to free the principal. */ - if (ret = krb5_copy_principal(handle->context, - entry->principal, &(kdb.princ))) { + if ((ret = krb5_copy_principal(handle->context, + entry->principal, &(kdb.princ)))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) { - krb5_dbe_free_contents(handle->context, &kdb); - if (mask & KADM5_POLICY) + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { + krb5_dbe_free_contents(handle->context, &kdb); + if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + return(ret); } /* initialize the keys */ - if (ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, - (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb)) { + if ((ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, + (mask & KADM5_KVNO)?entry->kvno:1, + FALSE, &kdb))) { krb5_dbe_free_contents(handle->context, &kdb); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); @@ -383,7 +387,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) if (principal == NULL) return EINVAL; - if (ret = kdb_get_entry(handle, principal, &kdb, &adb)) + if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); if ((adb.aux_attributes & KADM5_POLICY)) { @@ -399,9 +403,9 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) return(ret); } } - if (ret = kadm5_free_policy_ent(handle->lhandle, &polent)) { - kdb_free_entry(handle, &kdb, &adb); - return ret; + if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) { + kdb_free_entry(handle, &kdb, &adb); + return ret; } } @@ -420,7 +424,7 @@ kadm5_modify_principal(void *server_handle, kadm5_policy_ent_rec npol, opol; int have_npol = 0, have_opol = 0; krb5_db_entry kdb; - krb5_tl_data *tl_data_orig, *tl_data_tail; + krb5_tl_data *tl_data_orig; osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; @@ -447,7 +451,8 @@ kadm5_modify_principal(void *server_handle, } } - if (ret = kdb_get_entry(handle, entry->principal, &kdb, &adb)) + ret = kdb_get_entry(handle, entry->principal, &kdb, &adb); + if (ret) return(ret); /* @@ -488,6 +493,7 @@ kadm5_modify_principal(void *server_handle, break; default: goto done; + break; } npol.policy_refcnt++; } @@ -501,12 +507,13 @@ kadm5_modify_principal(void *server_handle, /* set pw_max_life based on new policy */ if (npol.pw_max_life) { - if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, - &(kdb.pw_expiration))) - goto done; - kdb.pw_expiration += npol.pw_max_life; + ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, + &(kdb.pw_expiration)); + if (ret) + goto done; + kdb.pw_expiration += npol.pw_max_life; } else { - kdb.pw_expiration = 0; + kdb.pw_expiration = 0; } } @@ -519,6 +526,7 @@ kadm5_modify_principal(void *server_handle, case KADM5_UNK_POLICY: ret = KADM5_BAD_DB; goto done; + break; case KADM5_OK: have_opol = 1; if (adb.policy) @@ -530,6 +538,7 @@ kadm5_modify_principal(void *server_handle, break; default: goto done; + break; } } @@ -644,7 +653,8 @@ kadm5_rename_principal(void *server_handle, } krb5_free_principal(handle->context, kdb.princ); - if (ret = krb5_copy_principal(handle->context, target, &kdb.princ)) { + ret = krb5_copy_principal(handle->context, target, &kdb.princ); + if (ret) { kdb.princ = NULL; /* so freeing the dbe doesn't lose */ goto done; } @@ -730,17 +740,19 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, /* this is a little non-sensical because the function returns two */ /* values that must be checked separately against the mask */ if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) { - if (ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb, - &(entry->mod_date), - &(entry->mod_name))) { - goto done; - } - if (! (mask & KADM5_MOD_TIME)) - entry->mod_date = 0; - if (! (mask & KADM5_MOD_NAME)) { - krb5_free_principal(handle->context, entry->principal); - entry->principal = NULL; - } + ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb, + &(entry->mod_date), + &(entry->mod_name)); + if (ret) { + goto done; + } + + if (! (mask & KADM5_MOD_TIME)) + entry->mod_date = 0; + if (! (mask & KADM5_MOD_NAME)) { + krb5_free_principal(handle->context, entry->principal); + entry->principal = NULL; + } } if (mask & KADM5_ATTRIBUTES) @@ -771,7 +783,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, if (mask & KADM5_FAIL_AUTH_COUNT) entry->fail_auth_count = kdb.fail_auth_count; if (mask & KADM5_TL_DATA) { - krb5_tl_data td, *tl, *tl2; + krb5_tl_data *tl, *tl2; entry->tl_data = NULL; @@ -803,9 +815,10 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, entry->key_data = NULL; for (i = 0; i < entry->n_key_data; i++) - if (ret = krb5_copy_key_data_contents(handle->context, - &kdb.key_data[i], - &entry->key_data[i])) + ret = krb5_copy_key_data_contents(handle->context, + &kdb.key_data[i], + &entry->key_data[i]); + if (ret) goto done; } } @@ -883,37 +896,38 @@ check_pw_reuse(krb5_context context, krb5_keyblock *master_keyblock, krb5_keyblock *hist_keyblock, int n_new_key_data, krb5_key_data *new_key_data, - int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data) + unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data) { int x, y, z; krb5_keyblock newkey, histkey; krb5_error_code ret; for (x = 0; x < n_new_key_data; x++) { - if (ret = krb5_dbekd_decrypt_key_data(context, - master_keyblock, - &(new_key_data[x]), - &newkey, NULL)) + ret = krb5_dbekd_decrypt_key_data(context, + master_keyblock, + &(new_key_data[x]), + &newkey, NULL); + if (ret) return(ret); for (y = 0; y < n_pw_hist_data; y++) { for (z = 0; z < pw_hist_data[y].n_key_data; z++) { - if (ret = - krb5_dbekd_decrypt_key_data(context, - hist_keyblock, - &pw_hist_data[y].key_data[z], - &histkey, NULL)) - return(ret); - - if ((newkey.length == histkey.length) && - (newkey.enctype == histkey.enctype) && - (memcmp(newkey.contents, histkey.contents, - histkey.length) == 0)) { - krb5_free_keyblock_contents(context, &histkey); - krb5_free_keyblock_contents(context, &newkey); - - return(KADM5_PASS_REUSE); - } - krb5_free_keyblock_contents(context, &histkey); + ret = krb5_dbekd_decrypt_key_data(context, + hist_keyblock, + &pw_hist_data[y].key_data[z], + &histkey, NULL); + if (ret) + return(ret); + + if ((newkey.length == histkey.length) && + (newkey.enctype == histkey.enctype) && + (memcmp(newkey.contents, histkey.contents, + histkey.length) == 0)) { + krb5_free_keyblock_contents(context, &histkey); + krb5_free_keyblock_contents(context, &newkey); + + return(KADM5_PASS_REUSE); + } + krb5_free_keyblock_contents(context, &histkey); } } krb5_free_keyblock_contents(context, &newkey); @@ -958,25 +972,29 @@ int create_history_entry(krb5_context context, memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data)); for (i = 0; i < n_key_data; i++) { - if (ret = krb5_dbekd_decrypt_key_data(context, - master_keyblock, - &key_data[i], - &key, &salt)) - return ret; - if (ret = krb5_dbekd_encrypt_key_data(context, - &hist_key, - &key, &salt, - key_data[i].key_data_kvno, - &hist->key_data[i])) - return ret; - krb5_free_keyblock_contents(context, &key); - /* krb5_free_keysalt(context, &salt); */ + ret = krb5_dbekd_decrypt_key_data(context, + master_keyblock, + &key_data[i], + &key, &salt); + if (ret) + return ret; + + ret = krb5_dbekd_encrypt_key_data(context, &hist_key, + &key, &salt, + key_data[i].key_data_kvno, + &hist->key_data[i]); + if (ret) + return ret; + + krb5_free_keyblock_contents(context, &key); + /* krb5_free_keysalt(context, &salt); */ } hist->n_key_data = n_key_data; return 0; } +static void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) { int i; @@ -1013,14 +1031,13 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) * adb->old_key_len). */ #define KADM_MOD(x) (x + adb->old_key_next) % adb->old_key_len -static kadm5_ret_t add_to_history( - krb5_context context, - osa_princ_ent_t adb, - kadm5_policy_ent_t pol, - osa_pw_hist_ent *pw) +static kadm5_ret_t add_to_history(krb5_context context, + osa_princ_ent_t adb, + kadm5_policy_ent_t pol, + osa_pw_hist_ent *pw) { - osa_pw_hist_ent *histp; - int i; + osa_pw_hist_ent *histp; + int i; /* A history of 1 means just check the current password */ if (pol->pw_history_num == 1) @@ -1120,8 +1137,9 @@ kadm5_chpass_principal(void *server_handle, * Default to using the new API with the default set of * key/salt combinations. */ - return (kadm5_chpass_principal_3(server_handle, principal, FALSE, - 0, NULL, password)); + return + kadm5_chpass_principal_3(server_handle, principal, FALSE, + 0, NULL, password); } kadm5_ret_t @@ -1134,7 +1152,7 @@ kadm5_chpass_principal_3(void *server_handle, kadm5_policy_ent_rec pol; osa_princ_ent_rec adb; krb5_db_entry kdb, kdb_save; - int ret, ret2, last_pwd, i, hist_added; + int ret, ret2, last_pwd, hist_added; int have_pol = 0; kadm5_server_handle_t handle = server_handle; osa_pw_hist_ent hist; @@ -1169,24 +1187,27 @@ kadm5_chpass_principal_3(void *server_handle, KADM5_POLICY, &pol, principal))) goto done; - if (ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, 0 /* increment kvno */, - keepold, &kdb)) + ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, 0 /* increment kvno */, + keepold, &kdb); + if (ret) goto done; kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; - if (ret = krb5_timeofday(handle->context, &now)) + ret = krb5_timeofday(handle->context, &now); + if (ret) goto done; if ((adb.aux_attributes & KADM5_POLICY)) { /* the policy was loaded before */ - if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) - goto done; + ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd); + if (ret) + goto done; #if 0 /* @@ -1202,17 +1223,19 @@ kadm5_chpass_principal_3(void *server_handle, } #endif - if (ret = create_history_entry(handle->context, - &handle->master_keyblock, kdb_save.n_key_data, - kdb_save.key_data, &hist)) - goto done; + ret = create_history_entry(handle->context, + &handle->master_keyblock, kdb_save.n_key_data, + kdb_save.key_data, &hist); + if (ret) + goto done; - if (ret = check_pw_reuse(handle->context, - &handle->master_keyblock, - &hist_key, - kdb.n_key_data, kdb.key_data, - 1, &hist)) - goto done; + ret = check_pw_reuse(handle->context, + &handle->master_keyblock, + &hist_key, + kdb.n_key_data, kdb.key_data, + 1, &hist); + if (ret) + goto done; if (pol.pw_history_num > 1) { if (adb.admin_history_kvno != hist_kvno) { @@ -1220,15 +1243,17 @@ kadm5_chpass_principal_3(void *server_handle, goto done; } - if (ret = check_pw_reuse(handle->context, + ret = check_pw_reuse(handle->context, &handle->master_keyblock, &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys)) + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys); + if (ret) goto done; - if (ret = add_to_history(handle->context, &adb, &pol, &hist)) - goto done; + ret = add_to_history(handle->context, &adb, &pol, &hist); + if (ret) + goto done; hist_added = 1; } @@ -1240,7 +1265,8 @@ kadm5_chpass_principal_3(void *server_handle, kdb.pw_expiration = 0; } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) + ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); + if (ret) goto done; if ((ret = kdb_put_entry(handle, &kdb, &adb))) @@ -1318,16 +1344,18 @@ kadm5_randkey_principal_3(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - if (ret = krb5_dbe_crk(handle->context, &handle->master_keyblock, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - keepold, - &kdb)) - goto done; + ret = krb5_dbe_crk(handle->context, &handle->master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + keepold, + &kdb); + if (ret) + goto done; kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; - if (ret = krb5_timeofday(handle->context, &now)) + ret = krb5_timeofday(handle->context, &now); + if (ret) goto done; if ((adb.aux_attributes & KADM5_POLICY)) { @@ -1336,8 +1364,9 @@ kadm5_randkey_principal_3(void *server_handle, goto done; have_pol = 1; - if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) + ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd); + if (ret) goto done; #if 0 @@ -1360,11 +1389,12 @@ kadm5_randkey_principal_3(void *server_handle, goto done; } - if (ret = check_pw_reuse(handle->context, - &handle->master_keyblock, - &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys)) + ret = check_pw_reuse(handle->context, + &handle->master_keyblock, + &hist_key, + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys); + if (ret) goto done; } if (pol.pw_max_life) @@ -1375,28 +1405,31 @@ kadm5_randkey_principal_3(void *server_handle, kdb.pw_expiration = 0; } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) + ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); + if (ret) goto done; if (keyblocks) { if (handle->api_version == KADM5_API_VERSION_1) { /* Version 1 clients will expect to see a DES_CRC enctype. */ - if (ret = krb5_dbe_find_enctype(handle->context, &kdb, - ENCTYPE_DES_CBC_CRC, - -1, -1, &key_data)) - goto done; - - if (ret = decrypt_key_data(handle->context, + ret = krb5_dbe_find_enctype(handle->context, &kdb, + ENCTYPE_DES_CBC_CRC, + -1, -1, &key_data); + if (ret) + goto done; + + ret = decrypt_key_data(handle->context, &handle->master_keyblock, 1, key_data, - keyblocks, NULL)) - goto done; + keyblocks, NULL); + if (ret) + goto done; } else { - ret = decrypt_key_data(handle->context, - &handle->master_keyblock, - kdb.n_key_data, kdb.key_data, - keyblocks, n_keys); - if (ret) - goto done; + ret = decrypt_key_data(handle->context, + &handle->master_keyblock, + kdb.n_key_data, kdb.key_data, + keyblocks, n_keys); + if (ret) + goto done; } } @@ -1418,8 +1451,10 @@ kadm5_setkey_principal(void *server_handle, krb5_keyblock *keyblocks, int n_keys) { - return (kadm5_setkey_principal_3(server_handle, principal, - FALSE, 0, NULL, keyblocks, n_keys)); + return + kadm5_setkey_principal_3(server_handle, principal, + FALSE, 0, NULL, + keyblocks, n_keys); } kadm5_ret_t @@ -1452,21 +1487,22 @@ kadm5_setkey_principal_3(void *server_handle, for (i = 0; i < n_keys; i++) { for (j = i+1; j < n_keys; j++) { - if (ret = krb5_c_enctype_compare(handle->context, - keyblocks[i].enctype, - keyblocks[j].enctype, - &similar)) + if ((ret = krb5_c_enctype_compare(handle->context, + keyblocks[i].enctype, + keyblocks[j].enctype, + &similar))) return(ret); - if (similar) + if (similar) { if (n_ks_tuple) { if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype) return KADM5_SETKEY_DUP_ENCTYPES; } else return KADM5_SETKEY_DUP_ENCTYPES; + } } } - if (n_ks_tuple != n_keys) + if (n_ks_tuple && n_ks_tuple != n_keys) return KADM5_SETKEY3_ETYPE_MISMATCH; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) @@ -1526,7 +1562,7 @@ kadm5_setkey_principal_3(void *server_handle, /* assert(kdb.n_key_data == n_keys + n_old_keys) */ kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; - if (ret = krb5_timeofday(handle->context, &now)) + if ((ret = krb5_timeofday(handle->context, &now))) goto done; if ((adb.aux_attributes & KADM5_POLICY)) { @@ -1578,8 +1614,8 @@ kadm5_setkey_principal_3(void *server_handle, kdb.pw_expiration = 0; } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) - goto done; + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) + goto done; if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1600,9 +1636,9 @@ done: * number of keys decrypted. */ static int decrypt_key_data(krb5_context context, - krb5_keyblock *master_keyblock, - int n_key_data, krb5_key_data *key_data, - krb5_keyblock **keyblocks, int *n_keys) + krb5_keyblock *master_keyblock, + int n_key_data, krb5_key_data *key_data, + krb5_keyblock **keyblocks, int *n_keys) { krb5_keyblock *keys; int ret, i; @@ -1613,8 +1649,11 @@ static int decrypt_key_data(krb5_context context, memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); for (i = 0; i < n_key_data; i++) { - if (ret = krb5_dbekd_decrypt_key_data(context, - master_keyblock, &key_data[i], &keys[i], NULL)) { + ret = krb5_dbekd_decrypt_key_data(context, + master_keyblock, + &key_data[i], + &keys[i], NULL); + if (ret) { memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); free(keys); @@ -1678,13 +1717,13 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, /* find_enctype only uses these two fields */ dbent.n_key_data = entry->n_key_data; dbent.key_data = entry->key_data; - if (ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype, - stype, kvno, &key_data)) + if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype, + stype, kvno, &key_data))) return ret; - if (ret = krb5_dbekd_decrypt_key_data(handle->context, - &handle->master_keyblock, key_data, - keyblock, keysalt)) + if ((ret = krb5_dbekd_decrypt_key_data(handle->context, + &handle->master_keyblock, key_data, + keyblock, keysalt))) return ret; if (kvnop) diff --git a/usr/src/lib/krb5/kadm5/str_conv.c b/usr/src/lib/krb5/kadm5/str_conv.c index 9e81c46194..62cb897d49 100644 --- a/usr/src/lib/krb5/kadm5/str_conv.c +++ b/usr/src/lib/krb5/kadm5/str_conv.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -68,6 +68,7 @@ #include "k5-int.h" #include "admin_internal.h" +#include "adm_proto.h" /* * Local data structures. @@ -359,8 +360,9 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) len = (size_t) *nksaltp; /* Get new keysalt array */ - if (*ksaltp = (krb5_key_salt_tuple *) - malloc((len + 1) * sizeof(krb5_key_salt_tuple))) { + *ksaltp = (krb5_key_salt_tuple *) + malloc((len + 1) * sizeof(krb5_key_salt_tuple)); + if (*ksaltp) { /* Copy old keysalt if appropriate */ if (savep) { @@ -420,8 +422,7 @@ krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) krb5_key_salt_tuple *ksaltlist; krb5_int32 nksalt; krb5_boolean ignoresalt; - krb5_error_code (*iterator) (krb5_key_salt_tuple *, - krb5_pointer); + krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); krb5_pointer arg; { int i; @@ -436,7 +437,8 @@ krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) i, scratch.ks_enctype, scratch.ks_salttype)) { - if (kret = (*iterator)(&scratch, arg)) + kret = (*iterator)(&scratch, arg); + if (kret) break; } } diff --git a/usr/src/lib/krb5/kdb/Makefile.com b/usr/src/lib/krb5/kdb/Makefile.com index f3c1efd3be..ca2b92c533 100644 --- a/usr/src/lib/krb5/kdb/Makefile.com +++ b/usr/src/lib/krb5/kdb/Makefile.com @@ -76,7 +76,7 @@ POFILES = generic.po # override liblink INS.liblink= -$(RM) $@; $(SYMLINK) $(LIBLINKS)$(VERS) $@ -CPPFLAGS += -DHAVE_CONFIG_H \ +CPPFLAGS += -DHAVE_CONFIG_H -DHAVE_BT_RSEQ \ -I$(KRB5IPROPDIR) \ -I$(SRC)/lib/krb5 \ -I$(SRC)/lib/gss_mechs/mech_krb5/include \ diff --git a/usr/src/lib/krb5/kdb/encrypt_key.c b/usr/src/lib/krb5/kdb/encrypt_key.c index a3b86e70f6..0e855b4f5b 100644 --- a/usr/src/lib/krb5/kdb/encrypt_key.c +++ b/usr/src/lib/krb5/kdb/encrypt_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -78,7 +78,6 @@ krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data) krb5_key_data * key_data; { krb5_error_code retval; - krb5_keyblock tmp; krb5_octet * ptr; size_t len; int i; @@ -129,7 +128,7 @@ krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data) if (keysalt->type > 0) { key_data->key_data_ver++; key_data->key_data_type[1] = keysalt->type; - if (key_data->key_data_length[1] = keysalt->data.length) { + if ((key_data->key_data_length[1] = keysalt->data.length) != 0) { key_data->key_data_contents[1] = (krb5_octet *)malloc(keysalt->data.length); if (key_data->key_data_contents[1] == NULL) { diff --git a/usr/src/lib/krb5/kdb/fetch_mkey.c b/usr/src/lib/krb5/kdb/fetch_mkey.c index 8a34949597..26ebdda318 100644 --- a/usr/src/lib/krb5/kdb/fetch_mkey.c +++ b/usr/src/lib/krb5/kdb/fetch_mkey.c @@ -174,18 +174,20 @@ krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile, retval = KRB5_KDB_CANTREAD_STORED; goto errout; } - if (!key->length || key->length < 0) { + if (!key->length || ((int) key->length) < 0) { retval = KRB5_KDB_BADSTORED_MKEY; goto errout; } + if (!(key->contents = (krb5_octet *)malloc(key->length))) { retval = ENOMEM; goto errout; } if (fread((krb5_pointer) key->contents, - sizeof(key->contents[0]), key->length, kf) != key->length) { + sizeof(key->contents[0]), key->length, kf) + != key->length) { retval = KRB5_KDB_CANTREAD_STORED; - memset(key->contents, 0, key->length); + memset(key->contents, 0, key->length); free(key->contents); key->contents = 0; } else diff --git a/usr/src/lib/krb5/kdb/kdb_cpw.c b/usr/src/lib/krb5/kdb/kdb_cpw.c index dbfa37c58a..ca51291ede 100644 --- a/usr/src/lib/krb5/kdb/kdb_cpw.c +++ b/usr/src/lib/krb5/kdb/kdb_cpw.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -86,6 +86,9 @@ cleanup_key_data(context, count, data) { int i, j; + /* If data is NULL, count is always 0 */ + if (data == NULL) return; + for (i = 0; i < count; i++) { for (j = 0; j < data[i].key_data_ver; j++) { if (data[i].key_data_length[j]) { @@ -108,7 +111,6 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) krb5_principal krbtgt_princ; krb5_keyblock key; krb5_db_entry krbtgt_entry; - krb5_key_data * krbtgt_kdata; krb5_boolean more; int max_kvno, one, i, j; krb5_error_code retval; @@ -168,7 +170,7 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) if (similar) continue; - if (retval = krb5_dbe_create_key_data(context, db_entry)) + if ((retval = krb5_dbe_create_key_data(context, db_entry))) goto add_key_rnd_err; /* there used to be code here to extract the old key, and derive @@ -282,8 +284,8 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) /* increment the kvno */ kvno++; - if (retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno)) { + if ((retval = add_key_rnd(context, master_key, ks_tuple, + ks_tuple_count, db_entry, kvno))) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); db_entry->n_key_data = key_data_count; db_entry->key_data = key_data; @@ -291,7 +293,7 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */ for (i = 0; i < key_data_count; i++) { if (key_data[i].key_data_kvno == (kvno - 1)) { - if (retval = krb5_dbe_create_key_data(context, db_entry)) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); break; @@ -325,10 +327,10 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, krb5_keysalt key_salt; krb5_keyblock key; krb5_data pwd; - krb5_boolean found; int i, j; retval = 0; + for (i = 0; i < ks_tuple_count; i++) { krb5_boolean similar; @@ -354,15 +356,15 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, if (j < i) continue; - if (retval = krb5_dbe_create_key_data(context, db_entry)) + if ((retval = krb5_dbe_create_key_data(context, db_entry))) return(retval); /* Convert password string to key using appropriate salt */ switch (key_salt.type = ks_tuple[i].ks_salttype) { case KRB5_KDB_SALTTYPE_ONLYREALM: { krb5_data * saltdata; - if (retval = krb5_copy_data(context, krb5_princ_realm(context, - db_entry->princ), &saltdata)) + if ((retval = krb5_copy_data(context, krb5_princ_realm(context, + db_entry->princ), &saltdata))) return(retval); key_salt.data = *saltdata; @@ -370,13 +372,13 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, } break; case KRB5_KDB_SALTTYPE_NOREALM: - if (retval=krb5_principal2salt_norealm(context, db_entry->princ, - &key_salt.data)) + if ((retval=krb5_principal2salt_norealm(context, db_entry->princ, + &key_salt.data))) return(retval); break; case KRB5_KDB_SALTTYPE_NORMAL: - if (retval = krb5_principal2salt(context, db_entry->princ, - &key_salt.data)) + if ((retval = krb5_principal2salt(context, db_entry->princ, + &key_salt.data))) return(retval); break; case KRB5_KDB_SALTTYPE_V4: @@ -391,19 +393,20 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, return(retval); key_salt.data = *saltdata; - key_salt.data.length = -1; /*length actually used below...*/ + key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ krb5_xfree(saltdata); #else /* Why do we do this? Well, the afs_mit_string_to_key needs to use strlen, and the realm is not NULL terminated.... */ - int slen = (*krb5_princ_realm(context,db_entry->princ)).length; + unsigned int slen = + (*krb5_princ_realm(context,db_entry->princ)).length; if(!(key_salt.data.data = (char *) malloc(slen+1))) return ENOMEM; key_salt.data.data[slen] = 0; memcpy((char *)key_salt.data.data, (char *)(*krb5_princ_realm(context,db_entry->princ)).data, slen); - key_salt.data.length = -1; /*length actually used below...*/ + key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ #endif } @@ -424,13 +427,13 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, return(retval); } - if (key_salt.data.length == -1) + if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) key_salt.data.length = krb5_princ_realm(context, db_entry->princ)->length; - if (retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, + if ((retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, (const krb5_keysalt *)&key_salt, - kvno, &db_entry->key_data[db_entry->n_key_data-1])) { + kvno, &db_entry->key_data[db_entry->n_key_data-1]))) { if (key_salt.data.data) free(key_salt.data.data); @@ -539,8 +542,8 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) /* increment the kvno */ new_kvno = old_kvno+1; - if (retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno)) { + if ((retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, + passwd, db_entry, new_kvno))) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); db_entry->n_key_data = key_data_count; db_entry->key_data = key_data; @@ -548,7 +551,7 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) /* Copy keys with key_data_kvno == old_kvno */ for (i = 0; i < key_data_count; i++) { if (key_data[i].key_data_kvno == old_kvno) { - if (retval = krb5_dbe_create_key_data(context, db_entry)) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); break; diff --git a/usr/src/lib/krb5/kdb/kdb_db2.c b/usr/src/lib/krb5/kdb/kdb_db2.c index 3697d7bbc8..4f1997162b 100644 --- a/usr/src/lib/krb5/kdb/kdb_db2.c +++ b/usr/src/lib/krb5/kdb/kdb_db2.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -657,14 +657,16 @@ krb5_db2_db_create(context, db_name, flags) /* * Destroy the database. Zero's out all of the files, just to be sure. */ -krb5_error_code +static krb5_error_code destroy_file_suffix(dbname, suffix) char *dbname; char *suffix; { char *filename; struct stat statb; - int nb,fd,i,j; + int nb,fd; + unsigned int j; + off_t pos; char buf[BUFSIZ]; char zbuf[BUFSIZ]; int dowrite; @@ -693,8 +695,8 @@ destroy_file_suffix(dbname, suffix) * we're just about to unlink it anyways. */ memset(zbuf, 0, BUFSIZ); - i = 0; - while (i < statb.st_size) { + pos = 0; + while (pos < statb.st_size) { dowrite = 0; nb = read(fd, buf, BUFSIZ); if (nb < 0) { @@ -708,16 +710,18 @@ destroy_file_suffix(dbname, suffix) break; } } + /* For signedness */ + j = nb; if (dowrite) { - lseek(fd, i, SEEK_SET); - nb = write(fd, zbuf, nb); + lseek(fd, pos, SEEK_SET); + nb = write(fd, zbuf, j); if (nb < 0) { int retval = errno; free(filename); return retval; } } - i += nb; + pos += nb; } /* ??? Is fsync really needed? I don't know of any non-networked filesystem which will discard queued writes to disk if a file @@ -898,7 +902,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) DB *db; DBT key, contents; krb5_data keydata, contdata; - int try, dbret; + int trynum, dbret; *more = FALSE; *nentries = 0; @@ -907,7 +911,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) return KRB5_KDB_DBNOTINITED; db_ctx = (krb5_db2_context *) context->db_context; - for (try = 0; try < KRB5_DB2_MAX_RETRY; try++) { + for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) { if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) { if (db_ctx->db_nb_locks) return(retval); @@ -916,7 +920,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) } break; } - if (try == KRB5_DB2_MAX_RETRY) + if (trynum == KRB5_DB2_MAX_RETRY) return KRB5_KDB_DB_INUSE; /* XXX deal with wildcard lookups */ @@ -1181,7 +1185,7 @@ krb5_db2_db_delete_principal(context, searchfor, nentries) for (i = 0; i < entry.n_key_data; i++) { if (entry.key_data[i].key_data_length[0]) { memset((char *)entry.key_data[i].key_data_contents[0], 0, - entry.key_data[i].key_data_length[0]); + (unsigned) entry.key_data[i].key_data_length[0]); } } @@ -1217,10 +1221,11 @@ cleanup: } krb5_error_code -krb5_db2_db_iterate (context, func, func_arg) +krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive) krb5_context context; krb5_error_code (*func) (krb5_pointer, krb5_db_entry *); krb5_pointer func_arg; + int backwards, recursive; { krb5_db2_context *db_ctx; DB *db; @@ -1229,17 +1234,36 @@ krb5_db2_db_iterate (context, func, func_arg) krb5_db_entry entries; krb5_error_code retval; int dbret; - + void *cookie; + + cookie = NULL; if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; db_ctx = (krb5_db2_context *) context->db_context; retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED); + if (retval) return retval; db = db_ctx->db; - dbret = (*db->seq)(db, &key, &contents, R_FIRST); + if (recursive && db->type != DB_BTREE) { + (void)krb5_db2_db_unlock(context); + return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */ + } + + if (!recursive) { + dbret = (*db->seq)(db, &key, &contents, + backwards ? R_LAST : R_FIRST); + } else { +#ifdef HAVE_BT_RSEQ + dbret = bt_rseq(db, &key, &contents, &cookie, + backwards ? R_LAST : R_FIRST); +#else + (void)krb5_db2_db_unlock(context); + return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */ +#endif + } while (dbret == 0) { contdata.data = contents.data; contdata.length = contents.size; @@ -1250,7 +1274,18 @@ krb5_db2_db_iterate (context, func, func_arg) krb5_dbe_free_contents(context, &entries); if (retval) break; - dbret = (*db->seq)(db, &key, &contents, R_NEXT); + if (!recursive) { + dbret = (*db->seq)(db, &key, &contents, + backwards ? R_PREV : R_NEXT); + } else { +#ifdef HAVE_BT_RSEQ + dbret = bt_rseq(db, &key, &contents, &cookie, + backwards ? R_PREV : R_NEXT); +#else + (void)krb5_db2_db_unlock(context); + return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */ +#endif + } } switch (dbret) { case 1: @@ -1264,6 +1299,15 @@ krb5_db2_db_iterate (context, func, func_arg) return retval; } +krb5_error_code +krb5_db2_db_iterate(context, func, func_arg) + krb5_context context; + krb5_error_code (*func) (krb5_pointer, krb5_db_entry *); + krb5_pointer func_arg; +{ + return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0); +} + krb5_boolean krb5_db2_db_set_lockmode(context, mode) krb5_context context; @@ -1407,6 +1451,7 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain) krb5_int32 lockcount; krb5_int32 lockmode; krb5_int32 dbnamelen; + krb5_boolean nb_lock; char *dbname; bp = *buffer; @@ -1444,7 +1489,8 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain) kret = krb5_db_lock(tmpctx, lockmode); if (!kret && lockmode) dbctx->db_locks_held = lockcount; - (void) krb5_db2_db_set_lockmode(tmpctx, nb_lockmode); + nb_lock = nb_lockmode & 0xff; + (void) krb5_db2_db_set_lockmode(tmpctx, nb_lock); } if (dbname) krb5_xfree(dbname); diff --git a/usr/src/lib/krb5/kdb/kdb_db2.h b/usr/src/lib/krb5/kdb/kdb_db2.h index bc0c690dae..5df517b0a4 100644 --- a/usr/src/lib/krb5/kdb/kdb_db2.h +++ b/usr/src/lib/krb5/kdb/kdb_db2.h @@ -42,6 +42,7 @@ #define krb5_db2_db_free_principal krb5_db_free_principal #define krb5_db2_db_put_principal krb5_db_put_principal #define krb5_db2_db_delete_principal krb5_db_delete_principal +#define krb5_db2_db_iterate_ext krb5_db_iterate_ext #define krb5_db2_db_iterate krb5_db_iterate #define krb5_db2_db_lock krb5_db_lock #define krb5_db2_db_unlock krb5_db_unlock @@ -105,6 +106,11 @@ krb5_error_code krb5_db2_db_put_principal (krb5_context, krb5_db_entry *, int * ); +krb5_error_code krb5_db2_db_iterate_ext + (krb5_context, + krb5_error_code (*) (krb5_pointer, + krb5_db_entry *), + krb5_pointer, int, int ); krb5_error_code krb5_db2_db_iterate (krb5_context, krb5_error_code (*) (krb5_pointer, diff --git a/usr/src/lib/krb5/kdb/kdb_dbm.c b/usr/src/lib/krb5/kdb/kdb_dbm.c index 873caf643b..d4a606ac67 100644 --- a/usr/src/lib/krb5/kdb/kdb_dbm.c +++ b/usr/src/lib/krb5/kdb/kdb_dbm.c @@ -57,11 +57,11 @@ extern char *progname; static char default_db_name[] = DEFAULT_KDB_FILE; static char *gen_dbsuffix - PROTOTYPE((char *, char * )); + (char *, char * ); static krb5_error_code krb5_dbm_db_start_update - PROTOTYPE((krb5_context)); + (krb5_context); static krb5_error_code krb5_dbm_db_end_update - PROTOTYPE((krb5_context)); + (krb5_context); krb5_error_code krb5_dbm_db_get_age(krb5_context, char *, time_t *); @@ -358,10 +358,10 @@ krb5_dbm_db_set_mkey(context, db_context, key) } krb5_error_code -krb5_dbm_db_get_mkey(context, eblock) - +krb5_dbm_db_get_mkey(context, db_context, key) krb5_context context; - krb5_encrypt_block **eblock; + krb5_db_context * db_context; + krb5_keyblock **key; { krb5_db_context *db_ctx; @@ -369,7 +369,7 @@ krb5_dbm_db_get_mkey(context, eblock) return(KRB5_KDB_DBNOTINITED); db_ctx = context->db_context; - *eblock = db_ctx->db_master_key; + *key = db_ctx->db_master_key; return 0; } @@ -618,7 +618,7 @@ krb5_dbm_db_create(context, db_name) /* * Destroy the database. Zero's out all of the files, just to be sure. */ -krb5_error_code +static krb5_error_code destroy_file_suffix(dbname, suffix) char *dbname; char *suffix; @@ -1141,7 +1141,7 @@ cleanup: krb5_error_code krb5_dbm_db_iterate (context, func, func_arg) krb5_context context; - krb5_error_code (*func) PROTOTYPE((krb5_pointer, krb5_db_entry *)); + krb5_error_code (*func) (krb5_pointer, krb5_db_entry *); krb5_pointer func_arg; { datum key, contents; diff --git a/usr/src/lib/krb5/kdb/kdb_kt.h b/usr/src/lib/krb5/kdb/kdb_kt.h new file mode 100644 index 0000000000..e400d0d54f --- /dev/null +++ b/usr/src/lib/krb5/kdb/kdb_kt.h @@ -0,0 +1,44 @@ +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * include/krb5/kdb_kt.h + * + * Copyright 1997 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * KDC keytab definitions. + */ + + +#ifndef KRB5_KDB5_KT_H +#define KRB5_KDB5_KT_H + +#include <krb5/kdb.h> + +extern struct _krb5_kt_ops krb5_kt_kdb_ops; + +krb5_error_code krb5_ktkdb_resolve (krb5_context, const char *, krb5_keytab *); + +krb5_error_code krb5_ktkdb_set_context(krb5_context); + +#endif /* KRB5_KDB5_DBM__ */ diff --git a/usr/src/lib/krb5/kdb/kdb_xdr.c b/usr/src/lib/krb5/kdb/kdb_xdr.c index e058ad2e63..4f6864f6b1 100644 --- a/usr/src/lib/krb5/kdb/kdb_xdr.c +++ b/usr/src/lib/krb5/kdb/kdb_xdr.c @@ -153,7 +153,7 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp) tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; - if (code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)) + if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) return(code); if (tl_data.tl_data_length != 4) { @@ -183,13 +183,13 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ) krb5_error_code retval = 0; krb5_octet * nextloc = 0; char * unparse_mod_princ = 0; - int unparse_mod_princ_size; + unsigned int unparse_mod_princ_size; if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ))) return(retval); - unparse_mod_princ_size = (int) strlen(unparse_mod_princ) + 1; + unparse_mod_princ_size = strlen(unparse_mod_princ) + 1; if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4)) == NULL) { @@ -227,7 +227,7 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ) tl_data.tl_data_type = KRB5_TL_MOD_PRINC; - if (code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)) + if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) return(code); if ((tl_data.tl_data_length < 5) || @@ -239,7 +239,7 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ) /* Mod Princ */ if ((code = krb5_parse_name(context, - (krb5_const char *) (tl_data.tl_data_contents+4), + (const char *) (tl_data.tl_data_contents+4), mod_princ))) return(code); @@ -277,7 +277,8 @@ krb5_encode_princ_contents(context, content, entry) krb5_data * content; krb5_db_entry * entry; { - int unparse_princ_size, i, j; + int i, j; + unsigned int unparse_princ_size; char * unparse_princ; char * nextloc; krb5_tl_data * tl_data; @@ -340,7 +341,7 @@ krb5_encode_princ_contents(context, content, entry) /* * Now we go through entry again, this time copying data - * These first entries are always saved regaurdless of version + * These first entries are always saved regardless of version */ nextloc = content->data; @@ -429,7 +430,7 @@ krb5_encode_princ_contents(context, content, entry) for (j = 0; j < entry->key_data[i].key_data_ver; j++) { krb5_int16 type = entry->key_data[i].key_data_type[j]; - krb5_int16 length = entry->key_data[i].key_data_length[j]; + krb5_ui_2 length = entry->key_data[i].key_data_length[j]; krb5_kdb_encode_int16(type, nextloc); nextloc += 2; @@ -690,7 +691,8 @@ krb5_dbe_free_contents(context, entry) if (entry->key_data[i].key_data_length[j]) { if (entry->key_data[i].key_data_contents[j]) { memset(entry->key_data[i].key_data_contents[j], - 0, entry->key_data[i].key_data_length[j]); + 0, + (unsigned) entry->key_data[i].key_data_length[j]); free (entry->key_data[i].key_data_contents[j]); } } @@ -723,7 +725,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) krb5_int32 kvno; krb5_key_data **kdatap; { - int i, index; + int i, idx; int maxkvno; krb5_key_data *datap; krb5_error_code ret; @@ -762,20 +764,21 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) ret = KRB5_KDB_NO_PERMITTED_KEY; continue; } + - if (ktype >= 0) { + if (ktype > 0) { if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, dbentp->key_data[i].key_data_type[0], &similar))) return(ret); } - if (((ktype < 0) || similar) && + if (((ktype <= 0) || similar) && ((db_stype == stype) || (stype < 0))) { if (kvno >= 0) { if (kvno == dbentp->key_data[i].key_data_kvno) { datap = &dbentp->key_data[i]; - index = i; + idx = i; maxkvno = kvno; break; } @@ -783,7 +786,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) if (dbentp->key_data[i].key_data_kvno > maxkvno) { maxkvno = dbentp->key_data[i].key_data_kvno; datap = &dbentp->key_data[i]; - index = i; + idx = i; } } } @@ -791,7 +794,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) if (maxkvno < 0) return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; *kdatap = datap; - *start = index+1; + *start = idx+1; return 0; } diff --git a/usr/src/lib/krb5/kdb/keytab.c b/usr/src/lib/krb5/kdb/keytab.c index e4e6523250..fb26c1c572 100644 --- a/usr/src/lib/krb5/kdb/keytab.c +++ b/usr/src/lib/krb5/kdb/keytab.c @@ -28,6 +28,7 @@ #include <string.h> #include "k5-int.h" +#include "kdb_kt.h" static int is_xrealm_tgt(krb5_context, krb5_const_principal); @@ -37,16 +38,21 @@ krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab); krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry *); -krb5_error_code krb5_ktkdb_resolve( - krb5_context context, - const char * name, - krb5_keytab * id); +static krb5_error_code +krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab, + char *name, unsigned int namelen) +{ + if (namelen < sizeof("KDB:")) + return KRB5_KT_NAME_TOOLONG; + strcpy(name, "KDB:"); + return 0; +} krb5_kt_ops krb5_kt_kdb_ops = { 0, "KDB", /* Prefix -- this string should not appear anywhere else! */ krb5_ktkdb_resolve, /* resolve */ - NULL, /* get_name */ + krb5_ktkdb_get_name, /* get_name */ krb5_ktkdb_close, /* close */ krb5_ktkdb_get_entry, /* get */ NULL, /* start_seq_get */ @@ -125,14 +131,16 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) krb5_db_entry db_entry; krb5_boolean more = 0; int n = 0; - int xrealm_tgt = is_xrealm_tgt(context, principal); - krb5_boolean similar; + int xrealm_tgt; + krb5_boolean similar; if (ktkdb_ctx) context = ktkdb_ctx; else context = in_context; + xrealm_tgt = is_xrealm_tgt(context, principal); + /* Open database */ /* krb5_db_init(context); */ if ((kerror = krb5_db_open_database(context))) diff --git a/usr/src/lib/krb5/kdb/mapfile-vers b/usr/src/lib/krb5/kdb/mapfile-vers index 7734b92971..c41940f823 100644 --- a/usr/src/lib/krb5/kdb/mapfile-vers +++ b/usr/src/lib/krb5/kdb/mapfile-vers @@ -36,34 +36,19 @@ SUNW_1.1 { SUNWprivate_1.1 { global: - destroy_file_suffix; krb5_db_close_database; krb5_db_create; krb5_db_delete_principal; krb5_db_destroy; - krb5_dbe_apw; - krb5_dbe_ark; - krb5_dbe_cpw; - krb5_dbe_create_key_data; - krb5_dbe_crk; - krb5_dbe_find_enctype; - krb5_dbe_free_contents; - krb5_dbekd_decrypt_key_data; - krb5_dbekd_encrypt_key_data; - krb5_dbe_lookup_last_pwd_change; - krb5_dbe_lookup_mod_princ_data; - krb5_dbe_lookup_tl_data; - krb5_dbe_search_enctype; - krb5_dbe_update_last_pwd_change; - krb5_dbe_update_mod_princ_data; - krb5_dbe_update_tl_data; krb5_db_fetch_mkey; krb5_db_fini; krb5_db_free_principal; krb5_db_get_age; + krb5_db_get_mkey; krb5_db_get_principal; krb5_db_init; krb5_db_iterate; + krb5_db_iterate_ext; krb5_db_lock; krb5_db_open_database; krb5_db_put_principal; @@ -75,13 +60,32 @@ SUNWprivate_1.1 { krb5_db_store_mkey; krb5_db_unlock; krb5_db_verify_master_key; + krb5_dbe_apw; + krb5_dbe_ark; + krb5_dbe_cpw; + krb5_dbe_create_key_data; + krb5_dbe_crk; + krb5_dbe_find_enctype; + krb5_dbe_free_contents; + krb5_dbe_lookup_last_pwd_change; + krb5_dbe_lookup_mod_princ_data; + krb5_dbe_lookup_tl_data; + krb5_dbe_search_enctype; + krb5_dbe_update_last_pwd_change; + krb5_dbe_update_mod_princ_data; + krb5_dbe_update_tl_data; + krb5_dbekd_decrypt_key_data; + krb5_dbekd_encrypt_key_data; krb5_decode_princ_contents; krb5_encode_princ_contents; + krb5_encode_princ_dbkey; krb5_free_princ_contents; + krb5_free_princ_dbkey; + krb5_kt_kdb_ops; krb5_ktkdb_close; krb5_ktkdb_get_entry; - krb5_kt_kdb_ops; krb5_ktkdb_resolve; + krb5_ktkdb_set_context; krb5_mkey_pwd_prompt1; krb5_mkey_pwd_prompt2; krb5_ser_db_context_init; diff --git a/usr/src/lib/krb5/kdb/setup_mkey.c b/usr/src/lib/krb5/kdb/setup_mkey.c index adf0f24e79..8f662ac859 100644 --- a/usr/src/lib/krb5/kdb/setup_mkey.c +++ b/usr/src/lib/krb5/kdb/setup_mkey.c @@ -49,8 +49,8 @@ krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal) krb5_principal *principal; { krb5_error_code retval; - int keylen; - int rlen = strlen(realm); + size_t keylen; + size_t rlen = strlen(realm); char *fname; if (!keyname) diff --git a/usr/src/lib/krb5/kdb/store_mkey.c b/usr/src/lib/krb5/kdb/store_mkey.c index 196d5e7287..b2f9446808 100644 --- a/usr/src/lib/krb5/kdb/store_mkey.c +++ b/usr/src/lib/krb5/kdb/store_mkey.c @@ -66,7 +66,7 @@ krb5_db_store_mkey(context, keyfile, mname, key) char defkeyfile[MAXPATHLEN+1]; krb5_data *realm = krb5_princ_realm(context, mname); #if HAVE_UMASK - int oumask; + mode_t oumask; #endif if (!keyfile) { @@ -98,7 +98,8 @@ krb5_db_store_mkey(context, keyfile, mname, key) (fwrite((krb5_pointer) &key->length, sizeof(key->length), 1, kf) != 1) || (fwrite((krb5_pointer) key->contents, - sizeof(key->contents[0]), key->length, kf) != key->length)) { + sizeof(key->contents[0]), (unsigned) key->length, + kf) != key->length)) { retval = errno; (void) fclose(kf); } diff --git a/usr/src/lib/krb5/ss/copyright.h b/usr/src/lib/krb5/ss/copyright.h index 3a8663ae42..d67bba3992 100644 --- a/usr/src/lib/krb5/ss/copyright.h +++ b/usr/src/lib/krb5/ss/copyright.h @@ -13,6 +13,9 @@ this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. +Furthermore if you modify this software you must label +your software as modified software and not distribute it in such a +fashion that it might be confused with the original M.I.T. software. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. diff --git a/usr/src/lib/krb5/ss/error.c b/usr/src/lib/krb5/ss/error.c index a15a04378e..31c62ffa00 100644 --- a/usr/src/lib/krb5/ss/error.c +++ b/usr/src/lib/krb5/ss/error.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -14,25 +14,10 @@ #include <stdio.h> -/* - * I'm assuming that com_err.h includes varargs.h, which it does - * (right now). There really ought to be a way for me to include the - * file without worrying about whether com_err.h includes it or not, - * but varargs.h doesn't define anything that I can use as a flag, and - * gcc will lose if I try to include it twice and redefine stuff. - */ -#if !defined(__STDC__) || !defined(ibm032) || !defined(NeXT) -#define ss_error ss_error_external -#endif - #include "copyright.h" #include "com_err.h" #include "ss_internal.h" -extern void com_err_va (); - -#undef ss_error - char * ss_name(sci_idx) int sci_idx; { @@ -71,26 +56,11 @@ char * ss_name(sci_idx) } } -#ifdef HAVE_STDARG_H void ss_error (int sci_idx, long code, const char * fmt, ...) -#else -void ss_error (va_alist) - va_dcl -#endif { register char *whoami; va_list pvar; -#ifndef HAVE_STDARG_H - int sci_idx; - long code; - char * fmt; - va_start (pvar); - sci_idx = va_arg (pvar, int); - code = va_arg (pvar, long); - fmt = va_arg (pvar, char *); -#else va_start (pvar, fmt); -#endif whoami = ss_name (sci_idx); com_err_va (whoami, code, fmt, pvar); free (whoami); diff --git a/usr/src/lib/krb5/ss/execute_cmd.c b/usr/src/lib/krb5/ss/execute_cmd.c index ca6108cb49..6a0030cdaf 100644 --- a/usr/src/lib/krb5/ss/execute_cmd.c +++ b/usr/src/lib/krb5/ss/execute_cmd.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -196,8 +196,7 @@ int ss_execute_line (sci_idx, line_ptr) char *line_ptr; { char **argv; - int argc; - int rc; + int argc, ret; /* flush leading whitespace */ while (line_ptr[0] == ' ' || line_ptr[0] == '\t') @@ -220,9 +219,9 @@ int ss_execute_line (sci_idx, line_ptr) return 0; /* look it up in the request tables, execute if found */ - rc = really_execute_command (sci_idx, argc, &argv); + ret = really_execute_command (sci_idx, argc, &argv); free(argv); - return (rc); + return(ret); } diff --git a/usr/src/lib/krb5/ss/help.c b/usr/src/lib/krb5/ss/help.c index 5979e45463..b5e4ef15f5 100644 --- a/usr/src/lib/krb5/ss/help.c +++ b/usr/src/lib/krb5/ss/help.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -13,13 +13,13 @@ #include <sys/param.h> #include <sys/types.h> +#include <errno.h> #include <sys/file.h> #include <fcntl.h> /* just for O_* */ #include <sys/wait.h> #include "ss_internal.h" #include "copyright.h" #include <libintl.h> -#include <errno.h> extern void ss_list_requests(); @@ -63,16 +63,18 @@ void ss_help (argc, argv, sci_idx, info_ptr) return; } for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) { - (void) strcpy(buffer, info->info_dirs[idx]); - (void) strcat(buffer, "/"); - (void) strcat(buffer, argv[1]); - (void) strcat(buffer, ".info"); + (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer)); + (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer)); + (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer)); if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it; } if ((fd = open(&buffer[0], O_RDONLY)) < 0) { char buf[MAXPATHLEN]; - strcpy(buf, "No info found for "); - strcat(buf, argv[1]); + strncpy(buf, "No info found for ", sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; + strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf)); ss_perror(sci_idx, 0, buf); return; } diff --git a/usr/src/lib/krb5/ss/invocation.c b/usr/src/lib/krb5/ss/invocation.c index 94b3de637f..87e6bb9fae 100644 --- a/usr/src/lib/krb5/ss/invocation.c +++ b/usr/src/lib/krb5/ss/invocation.c @@ -71,7 +71,7 @@ ss_delete_invocation(sci_idx) t = ss_info(sci_idx); free(t->prompt); - free((char *)t->rqt_tables); + free(t->rqt_tables); while(t->info_dirs[0] != (char *)NULL) ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code); free((char *)t->info_dirs); diff --git a/usr/src/lib/krb5/ss/list_rqs.c b/usr/src/lib/krb5/ss/list_rqs.c index 53dc909d13..4bb4e95499 100644 --- a/usr/src/lib/krb5/ss/list_rqs.c +++ b/usr/src/lib/krb5/ss/list_rqs.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -32,9 +32,13 @@ static char const NL[2] = "\n"; void ss_list_requests(argc, argv, sci_idx, info_ptr) int argc; - char **argv; + const char * const *argv; int sci_idx; - pointer info_ptr; +#ifdef __STDC__ + void *info_ptr; +#else + char *info_ptr; +#endif { register ss_request_entry *entry; register char const * const *name; @@ -93,21 +97,22 @@ ss_list_requests(argc, argv, sci_idx, info_ptr) buffer[0] = '\0'; if (entry->flags & SS_OPT_DONT_LIST) continue; + buffer[sizeof(buffer) - 1] = '\0'; for (name = entry->command_names; *name; name++) { register int len = strlen(*name); - strncat(buffer, *name, len); + strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer)); spacing += len + 2; if (name[1]) { - strcat(buffer, ", "); + strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer)); } } if (spacing > 23) { - strcat(buffer, NL); + strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer)); fputs(buffer, output); spacing = 0; buffer[0] = '\0'; } - strncat(buffer, twentyfive_spaces, 25-spacing); + strncat(buffer, twentyfive_spaces, strlen(twentyfive_spaces) - spacing); /* * Due to libss not knowing what TEXT_DOMAIN @@ -115,8 +120,8 @@ ss_list_requests(argc, argv, sci_idx, info_ptr) * messages, we know require the callers (ktutil,kadmin) * to L10N the messages before calling libss. */ - strcat(buffer, entry->info_string); - strcat(buffer, NL); + strncat(buffer, entry->info_string, sizeof(buffer) -1 - strlen(buffer)); + strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer)); fputs(buffer, output); } } diff --git a/usr/src/lib/krb5/ss/listen.c b/usr/src/lib/krb5/ss/listen.c index 5d4d88f2bd..a1035e9fde 100644 --- a/usr/src/lib/krb5/ss/listen.c +++ b/usr/src/lib/krb5/ss/listen.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -20,27 +20,21 @@ #include <stdio.h> #include <setjmp.h> #include <signal.h> +#include <termios.h> #include <libintl.h> #include <sys/param.h> -#ifdef BSD -#include <sgtty.h> -#endif static ss_data *current_info; static jmp_buf listen_jmpb; static RETSIGTYPE print_prompt() { -#ifdef BSD - /* put input into a reasonable mode */ - struct sgttyb ttyb; - if (ioctl(fileno(stdin), TIOCGETP, &ttyb) != -1) { - if (ttyb.sg_flags & (CBREAK|RAW)) { - ttyb.sg_flags &= ~(CBREAK|RAW); - (void) ioctl(0, TIOCSETP, &ttyb); - } + struct termios termbuf; + + if (tcgetattr(STDIN_FILENO, &termbuf) == 0) { + termbuf.c_lflag |= ICANON|ISIG|ECHO; + tcsetattr(STDIN_FILENO, TCSANOW, &termbuf); } -#endif (void) fputs(current_info->prompt, stdout); (void) fflush(stdout); } @@ -59,7 +53,7 @@ int ss_listen (sci_idx) register ss_data *info; char input[BUFSIZ]; char buffer[BUFSIZ]; - char *end = buffer; + char *volatile end = buffer; int code; jmp_buf old_jmpb; ss_data *old_info = current_info; @@ -175,7 +169,7 @@ void ss_abort_subsystem(sci_idx, code) void ss_quit(argc, argv, sci_idx, infop) int argc; - char **argv; + char const * const *argv; int sci_idx; pointer infop; { diff --git a/usr/src/lib/krb5/ss/mapfile-vers b/usr/src/lib/krb5/ss/mapfile-vers index 932cc36186..ac2ff358a0 100644 --- a/usr/src/lib/krb5/ss/mapfile-vers +++ b/usr/src/lib/krb5/ss/mapfile-vers @@ -27,7 +27,6 @@ SUNWprivate_1.1 { global: - debugDisplaySS; ss_abort_subsystem; ss_add_info_dir; ss_add_request_table; diff --git a/usr/src/lib/krb5/ss/mit-sipb-copyright.h b/usr/src/lib/krb5/ss/mit-sipb-copyright.h index d9444d9bd6..cdcbe576e6 100644 --- a/usr/src/lib/krb5/ss/mit-sipb-copyright.h +++ b/usr/src/lib/krb5/ss/mit-sipb-copyright.h @@ -12,6 +12,9 @@ this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. +Furthermore if you modify this software you must label +your software as modified software and not distribute it in such a +fashion that it might be confused with the original M.I.T. software. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. diff --git a/usr/src/lib/krb5/ss/mk_cmds.c b/usr/src/lib/krb5/ss/mk_cmds.c index 858ebc4e6c..b47e5c62db 100644 --- a/usr/src/lib/krb5/ss/mk_cmds.c +++ b/usr/src/lib/krb5/ss/mk_cmds.c @@ -25,7 +25,7 @@ static const char copyright[] = "Copyright 1987 by MIT Student Information Processing Board"; -extern pointer malloc PROTOTYPE((unsigned)); +extern pointer malloc (unsigned); extern char *last_token; extern FILE *output_file; @@ -68,8 +68,9 @@ int main(argc, argv) p = strrchr(path, '.'); *p = '\0'; q = rindex(path, '/'); - strcpy(c_file, (q) ? q + 1 : path); - strcat(c_file, ".c"); + strncpy(c_file, (q) ? q + 1 : path, sizeof(c_file) - 1); + c_file[sizeof(c_file) - 1] = '\0'; + strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file)); *p = '.'; output_file = fopen(c_file, "w+F"); diff --git a/usr/src/lib/krb5/ss/pager.c b/usr/src/lib/krb5/ss/pager.c index 3972f2fd9f..24c8f7e819 100644 --- a/usr/src/lib/krb5/ss/pager.c +++ b/usr/src/lib/krb5/ss/pager.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -16,11 +16,11 @@ #include "ss_internal.h" #include "copyright.h" +#include <errno.h> #include <stdio.h> #include <sys/types.h> #include <sys/file.h> #include <signal.h> -#include <errno.h> static char MORE[] = "more"; extern char *_ss_pager_name; @@ -43,7 +43,7 @@ int ss_pager_create() if (pipe(filedes) != 0) return(-1); - switch(fork()) { + switch((int) fork()) { case -1: return(-1); case 0: @@ -112,7 +112,7 @@ void ss_page_stdin() char buf[80]; register int n; while ((n = read(0, buf, 80)) > 0) - write(1, buf, n); + write(1, buf, (unsigned) n); } exit(errno); } diff --git a/usr/src/lib/krb5/ss/parse.c b/usr/src/lib/krb5/ss/parse.c index 0bc97db28d..9edb3ffe37 100644 --- a/usr/src/lib/krb5/ss/parse.c +++ b/usr/src/lib/krb5/ss/parse.c @@ -8,10 +8,7 @@ #include "ss_internal.h" #include "copyright.h" - -/* global indicating if we should be printing debug messages */ -extern int g_displayDebugSS; - +#include <errno.h> enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING }; @@ -58,9 +55,7 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr) while (1) { #ifdef DEBUG { - if (g_displayDebugSS) - printf ("character `%c', mode %d\n", - *line_ptr, parse_mode); + printf ("character `%c', mode %d\n", *line_ptr, parse_mode); } #endif while (parse_mode == WHITESPACE) { @@ -130,15 +125,13 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr) end_of_line: *argc_ptr = argc; #ifdef DEBUG - - if (g_displayDebugSS) - { - int i; - printf ("argc = %d\n", argc); - for (i = 0; i <= argc; i++) - printf ("\targv[%2d] = `%s'\n", i, - argv[i] ? argv[i] : "<NULL>"); - } + { + int i; + printf ("argc = %d\n", argc); + for (i = 0; i <= argc; i++) + printf ("\targv[%2d] = `%s'\n", i, + argv[i] ? argv[i] : "<NULL>"); + } #endif return(argv); } diff --git a/usr/src/lib/krb5/ss/request_tbl.c b/usr/src/lib/krb5/ss/request_tbl.c index 56df137f22..18004d2bd3 100644 --- a/usr/src/lib/krb5/ss/request_tbl.c +++ b/usr/src/lib/krb5/ss/request_tbl.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -31,8 +31,8 @@ ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr) ; /* size == C subscript of NULL == #elements */ size += 2; /* new element, and NULL */ - info->rqt_tables = (ssrt **)realloc((char *)info->rqt_tables, - (unsigned)size*sizeof(ssrt)); + info->rqt_tables = (ssrt **)realloc(info->rqt_tables, + size*sizeof(ssrt)); if (info->rqt_tables == (ssrt **)NULL) { *code_ptr = errno; return; diff --git a/usr/src/lib/krb5/ss/requests.c b/usr/src/lib/krb5/ss/requests.c index 479a716b33..5c3a710d93 100644 --- a/usr/src/lib/krb5/ss/requests.c +++ b/usr/src/lib/krb5/ss/requests.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -13,12 +13,11 @@ * For copyright information, see mit-sipb-copyright.h. */ -#include <ss/mit-sipb-copyright.h> #include <stdio.h> #include "ss_internal.h" #include <libintl.h> -#define DECLARE(name) void name(argc,argv,sci_idx)int argc,sci_idx;char **argv; +#define DECLARE(name) void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr; /* * ss_self_identify -- assigned by default to the "." request @@ -55,13 +54,3 @@ DECLARE(ss_unimplemented) { ss_perror(sci_idx, SS_ET_UNIMPLEMENTED, ""); } - -int g_displayDebugSS = 0; -/* - * debug message display toggle - */ -void -debugDisplaySS(int onOff) { - - g_displayDebugSS = onOff; -} diff --git a/usr/src/lib/krb5/ss/ss.h b/usr/src/lib/krb5/ss/ss.h index 0fdad1d880..7ce5b6bb70 100644 --- a/usr/src/lib/krb5/ss/ss.h +++ b/usr/src/lib/krb5/ss/ss.h @@ -1,5 +1,5 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -13,9 +13,8 @@ #ifndef _ss_h #define _ss_h __FILE__ -#include <ss/mit-sipb-copyright.h> -#include <ss/ss_err.h> #include <errno.h> +#include <ss/ss_err.h> #ifdef __STDC__ #define __SS_CONST const @@ -52,16 +51,24 @@ typedef struct _ss_rp_options { /* DEFAULT VALUES */ #define SS_OPT_DONT_SUMMARIZE 0x0002 void ss_help __SS_PROTO; +void ss_list_requests __SS_PROTO; +void ss_quit __SS_PROTO; char *ss_current_request(); -char *ss_name(); -#ifdef __STDC__ +char *ss_name(int); void ss_error (int, long, char const *, ...); void ss_perror (int, long, char const *); -#else -void ss_error (); -void ss_perror (); -#endif -void ss_abort_subsystem(); +int ss_listen (int); +int ss_create_invocation(char *, char *, char *, ss_request_table *, int *); +void ss_delete_invocation(int); +void ss_add_info_dir(int , char *, int *); +void ss_delete_info_dir(int , char *, int *); +int ss_execute_command(int sci_idx, char **); +void ss_abort_subsystem(int, int); +void ss_set_prompt(int, char *); +char *ss_get_prompt(int); +void ss_add_request_table(int, ss_request_table *, int, int *); +void ss_delete_request_table(int, ss_request_table *, int *); +int ss_execute_line (int, char*); extern ss_request_table ss_std_requests; /* toggles the display of debugging messages */ diff --git a/usr/src/lib/krb5/ss/ss_internal.h b/usr/src/lib/krb5/ss/ss_internal.h index d82f050b28..43431797a3 100644 --- a/usr/src/lib/krb5/ss/ss_internal.h +++ b/usr/src/lib/krb5/ss/ss_internal.h @@ -15,20 +15,8 @@ #include <stdlib.h> #endif -#ifdef __STDC__ - -#define PROTOTYPE(p) p typedef void * pointer; -#else - -#define const -#define volatile -#define PROTOTYPE(p) () -typedef char * pointer; - -#endif /* not __STDC__ */ - #include <ss/ss.h> #if defined(__GNUC__) @@ -38,13 +26,13 @@ typedef char * pointer; #if defined(vax) #define LOCAL_ALLOC(x) alloca(x) #define LOCAL_FREE(x) -extern pointer alloca PROTOTYPE((unsigned)); +extern pointer alloca (unsigned); #else #if defined(__HIGHC__) /* Barf! */ pragma on(alloca); #define LOCAL_ALLOC(x) alloca(x) #define LOCAL_FREE(x) -extern pointer alloca PROTOTYPE((unsigned)); +extern pointer alloca (unsigned); #else /* no alloca? */ #define LOCAL_ALLOC(x) malloc(x) @@ -103,23 +91,30 @@ typedef struct _ss_data { /* init values */ (*code_ptr=0,ss_info(sci_idx)->current_request) void ss_unknown_function(); void ss_delete_info_dir(); -int ss_execute_line(); -char **ss_parse(); -ss_abbrev_info *ss_abbrev_initialize PROTOTYPE((char *, int *)); -void ss_page_stdin(); +char **ss_parse (int, char *, int *); +ss_abbrev_info *ss_abbrev_initialize (char *, int *); +void ss_page_stdin (void); +int ss_pager_create (void); +void ss_self_identify __SS_PROTO; +void ss_subsystem_name __SS_PROTO; +void ss_subsystem_version __SS_PROTO; +void ss_unimplemented __SS_PROTO; extern ss_data **_ss_table; extern char *ss_et_msgs[]; #ifndef HAVE_STDLIB_H -extern pointer malloc PROTOTYPE((unsigned)); -extern pointer realloc PROTOTYPE((pointer, unsigned)); -extern pointer calloc PROTOTYPE((unsigned, unsigned)); +extern pointer malloc (unsigned); +extern pointer realloc (pointer, unsigned); +extern pointer calloc (unsigned, unsigned); #endif -#ifdef USE_SIGPROCMASK +#if defined(USE_SIGPROCMASK) && !defined(POSIX_SIGNALS) /* fake sigmask, sigblock, sigsetmask */ #include <signal.h> +#ifdef sigmask +#undef sigmask +#endif #define sigmask(x) (1L<<(x)-1) #define sigsetmask(x) sigprocmask(SIG_SETMASK,&x,NULL) static int _fake_sigstore; diff --git a/usr/src/lib/krb5/ss/utils.c b/usr/src/lib/krb5/ss/utils.c index 0084cec202..64a35a0b39 100644 --- a/usr/src/lib/krb5/ss/utils.c +++ b/usr/src/lib/krb5/ss/utils.c @@ -63,13 +63,12 @@ char * generate_rqte(func_name, info_string, cmds, options) var_name = generate_cmds_string(cmds); generate_function_definition(func_name); size = 6; /* " { " */ - size += strlen(var_name)+7; /* "quux, " */ - size += strlen(func_name)+7; /* "foo, " */ - size += strlen(info_string)+9; /* "\"Info!\", " */ + size += strlen(var_name)+8; /* "quux, " */ + size += strlen(func_name)+8; /* "foo, " */ + size += strlen(info_string)+8; /* "\"Info!\", " */ sprintf(numbuf, "%d", options); - size += strlen(numbuf); - size += 4; /* " }," + NL */ - string = malloc(size * sizeof(char *)); + size += strlen(numbuf)+5; /* " }," + NL + NUL */ + string = malloc(size); strcpy(string, " { "); strcat(string, var_name); strcat(string, ",\n "); @@ -125,7 +124,7 @@ char *quote(string) return(result); } -#ifndef HAS_STRDUP +#ifndef HAVE_STRDUP /* make duplicate of string and return pointer */ char *strdup(s) register char *s; |