diff options
| author | Simo Sorce <simo@redhat.com> | 2015-12-15 14:49:22 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2016-02-19 15:39:18 -0500 |
| commit | 1d4e83625f1c8cde7638702ab404f4594da3f062 (patch) | |
| tree | 6118ec4a219de0714e7bbb26c8488f6bda686412 /src/kadmin/server | |
| parent | 2e9f19882c1e127fd7d9b09f9d6c3331ee638bfd (diff) | |
| download | krb5-1d4e83625f1c8cde7638702ab404f4594da3f062.zip krb5-1d4e83625f1c8cde7638702ab404f4594da3f062.tar.gz krb5-1d4e83625f1c8cde7638702ab404f4594da3f062.tar.bz2 | |
Add kadm5_setkey_principal_4 RPC to kadmin
This new version of the RPC allows a user to set not only the
keyblocks but also the kvno and the salts of a key.
ticket: 8355 (new)
Diffstat (limited to 'src/kadmin/server')
| -rw-r--r-- | src/kadmin/server/kadm_rpc_svc.c | 7 | ||||
| -rw-r--r-- | src/kadmin/server/server_stubs.c | 61 |
2 files changed, 68 insertions, 0 deletions
diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index f4d2a7c..dee3938 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -58,6 +58,7 @@ void kadm_1(rqstp, transp) chpass3_arg chpass_principal3_2_arg; chrand3_arg chrand_principal3_2_arg; setkey3_arg setkey_principal3_2_arg; + setkey4_arg setkey_principal4_2_arg; } argument; char *result; bool_t (*xdr_argument)(), (*xdr_result)(); @@ -222,6 +223,12 @@ void kadm_1(rqstp, transp) local = (char *(*)()) set_string_2_svc; break; + case SETKEY_PRINCIPAL4: + xdr_argument = xdr_setkey4_arg; + xdr_result = xdr_generic_ret; + local = (char *(*)()) setkey_principal4_2_svc; + break; + default: krb5_klog_syslog(LOG_ERR, "Invalid KADM5 procedure number: %s, %d", client_addr(rqstp->rq_xprt), rqstp->rq_proc); diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 6ac797e..673cc2e 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -1100,6 +1100,67 @@ exit_func: return &ret; } +generic_ret * +setkey_principal4_2_svc(setkey4_arg *arg, struct svc_req *rqstp) +{ + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; + + xdr_free(xdr_generic_ret, &ret); + + if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + goto exit_func; + + if ((ret.code = check_handle((void *)handle))) + goto exit_func; + + ret.api_version = handle->api_version; + + if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { + ret.code = KADM5_FAILURE; + goto exit_func; + } + if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; + } + + if (!(CHANGEPW_SERVICE(rqstp)) && + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, + arg->princ, NULL)) { + ret.code = kadm5_setkey_principal_4((void *)handle, arg->princ, + arg->keepold, arg->key_data, + arg->n_key_data); + } else { + log_unauth("kadm5_setkey_principal", prime_arg, &client_name, + &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; + } + + if (ret.code != KADM5_AUTH_SETKEY) { + if (ret.code != 0) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_setkey_principal", prime_arg, errmsg, &client_name, + &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } + + free(prime_arg); +exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); + free_server_handle(handle); + return &ret; +} + chrand_ret * chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) { |