diff options
| author | Tom Yu <tlyu@mit.edu> | 1997-07-01 20:28:43 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1997-07-01 20:28:43 +0000 |
| commit | 8c16f676c0269643d148acfe9d8aa4629926ae7b (patch) | |
| tree | 6fbfe990809d08bfcaf8ec5e455b98f8328830c6 /src/kadmin/v4server | |
| parent | 2e4589f5bfa0238570c25ba8df0b7ca53bf75f82 (diff) | |
| download | krb5-8c16f676c0269643d148acfe9d8aa4629926ae7b.zip krb5-8c16f676c0269643d148acfe9d8aa4629926ae7b.tar.gz krb5-8c16f676c0269643d148acfe9d8aa4629926ae7b.tar.bz2 | |
* kadm_funcs.c, kadm_server.c, kadm_ser_wrap.c: Reenable mod and
check_pw.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10113 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/v4server')
| -rw-r--r-- | src/kadmin/v4server/ChangeLog | 3 | ||||
| -rw-r--r-- | src/kadmin/v4server/kadm_funcs.c | 266 | ||||
| -rw-r--r-- | src/kadmin/v4server/kadm_ser_wrap.c | 10 | ||||
| -rw-r--r-- | src/kadmin/v4server/kadm_server.c | 13 |
4 files changed, 115 insertions, 177 deletions
diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index 09390a5..22afa03 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,5 +1,8 @@ Tue Jul 1 02:38:50 1997 Tom Yu <tlyu@mit.edu> + * kadm_funcs.c, kadm_server.c, kadm_ser_wrap.c: Reenable mod and + check_pw. + * kadm_funcs.c, kadm_server.c, kadm_ser_wrap.c: Reenable get and add. diff --git a/src/kadmin/v4server/kadm_funcs.c b/src/kadmin/v4server/kadm_funcs.c index f1e4a1b..fd619e2 100644 --- a/src/kadmin/v4server/kadm_funcs.c +++ b/src/kadmin/v4server/kadm_funcs.c @@ -148,22 +148,17 @@ char *str; krb5_error_code kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) - char *rname; /* requestors name */ - char *rinstance; /* requestors instance */ - char *rrealm; /* requestors realm */ + char *rname; /* requestors name */ + char *rinstance; /* requestors instance */ + char *rrealm; /* requestors realm */ Kadm_vals *valsin; Kadm_vals *valsout; { - Principal data_i, data_o; /* temporary principal */ + Principal data_i, data_o; /* temporary principal */ u_char flags[4]; - krb5_principal default_princ; krb5_error_code retval; kadm5_principal_ent_rec newentry, tmpentry; - krb5_boolean more; krb5_keyblock newpw; - krb5_key_data *pkey; - krb5_keysalt sblock; - int numfound; long mask = 0; if (!check_access(rname, rinstance, rrealm, ADDACL)) { @@ -257,7 +252,7 @@ kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) if (retval) goto err; - kadm_entry2princ(tmpentry, &data_o); + kadm_entry2princ(&tmpentry, &data_o); kadm5_free_principal_ent(kadm5_handle, &tmpentry); memset((char *)flags, 0, sizeof(flags)); SET_FIELD(KADM_NAME,flags); @@ -341,7 +336,7 @@ Kadm_vals *valsout; krb5_db_free_principal(kadm_context, &entry, numfound); faildel(KADM_UK_RERROR); } - kadm_entry2princ(entry, &data_o); + kadm_entry2princ(&entry, &data_o); krb5_db_free_principal(kadm_context, &entry, numfound); memset((char *)flags, 0, sizeof(flags)); SET_FIELD(KADM_NAME,flags); @@ -358,8 +353,6 @@ Kadm_vals *valsout; #endif /* !KADM5 */ -#ifdef KADM5 - krb5_error_code kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) char *rname; /* requestors name */ @@ -406,7 +399,7 @@ kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) case 0: break; } - retval = kadm_entry2princ(ent, &data_o); + retval = kadm_entry2princ(&ent, &data_o); kadm5_free_principal_ent(kadm5_handle, &ent); if (retval) { goto err_princ; @@ -422,167 +415,118 @@ err: return retval; } -#endif /* KADM5 */ - -#ifndef KADM5 - -#define failmod(code) { (void) syslog(LOG_ERR, "FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } +krb5_error_code kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin1, *valsin2; /* holds the parameters being - passed in */ -Kadm_vals *valsout; /* the actual record which is returned */ + char *rname; /* requestors name */ + char *rinstance; /* requestors instance */ + char *rrealm; /* requestors realm */ + Kadm_vals *valsin1, *valsin2; /* holds the parameters being + passed in */ + Kadm_vals *valsout; /* the actual record which is returned */ { - int numfound; - krb5_boolean more; - Principal data_o, temp_key; - u_char fields[4]; - krb5_keyblock newpw; - krb5_error_code retval; - krb5_principal theprinc; - krb5_db_entry newentry, odata; - krb5_tl_mod_princ mprinc; - krb5_key_data *pkey; - krb5_keysalt sblock; + Principal data_o, temp_key; + u_char fields[4]; + krb5_keyblock newpw; + krb5_error_code retval; + krb5_principal theprinc; + kadm5_principal_ent_rec entry; + long mask = 0; - if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { - failmod(KADM_ILL_WILDCARD); - } + if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { + retval = KADM_ILL_WILDCARD; + goto err; + } - if (!check_access(rname, rinstance, rrealm, MODACL)) { - syslog(LOG_WARNING, "WARNING: '%s.%s@%s' tried to change '%s.%s's entry", + if (!check_access(rname, rinstance, rrealm, MODACL)) { + syslog(LOG_WARNING, "WARNING: '%s.%s@%s' tried to change '%s.%s's entry", rname, rinstance, rrealm, valsin1->name, valsin1->instance); - return KADM_UNAUTH; - } + return KADM_UNAUTH; + } + + syslog(LOG_INFO, "request to modify '%s.%s's entry from '%s.%s@%s' ", + valsin1->name, valsin1->instance, rname, rinstance, rrealm); + retval = krb5_425_conv_principal(kadm_context, + valsin1->name, valsin1->instance, + server_parm.krbrlm, &theprinc); + if (retval) + goto err; + retval = kadm5_get_principal(kadm5_handle, theprinc, &entry, + KADM5_PRINCIPAL_NORMAL_MASK); + if (retval) + goto err_princ; - syslog(LOG_INFO, "request to modify '%s.%s's entry from '%s.%s@%s' ", - valsin1->name, valsin1->instance, rname, rinstance, rrealm); - retval = krb5_425_conv_principal(kadm_context, - valsin1->name, valsin1->instance, - server_parm.krbrlm, &theprinc); - if (retval) - failmod(retval); - numfound = 1; - retval = krb5_db_get_principal(kadm_context, theprinc, &newentry, - &numfound, &more); - if (retval) { - krb5_free_principal(kadm_context, theprinc); - failmod(retval); - } else if (numfound == 1) { kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - krb5_free_principal(kadm_context, newentry.princ); - newentry.princ = theprinc; - if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) - newentry.expiration = temp_key.exp_date; - if (IS_FIELD(KADM_ATTR,valsin2->fields)) - newentry.attributes = temp_key.attributes; - if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) - newentry.max_life = temp_key.max_life; - if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { - if ((newpw.contents = (krb5_octet *)malloc(8)) == NULL) { - krb5_db_free_principal(kadm_context, &newentry, 1); - memset((char *)&temp_key, 0, sizeof (temp_key)); - failmod(KADM_NOMEM); - } - newpw.magic = KV5M_KEYBLOCK; - newpw.length = 8; - newpw.enctype = ENCTYPE_DES_CBC_CRC; - temp_key.key_low = ntohl(temp_key.key_low); - temp_key.key_high = ntohl(temp_key.key_high); - memcpy(newpw.contents, &temp_key.key_low, 4); - memcpy(newpw.contents + 4, &temp_key.key_high, 4); - if (retval = krb5_dbe_find_enctype(kadm_context, - &newentry, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, - -1, - &pkey)) { - krb5_db_free_principal(kadm_context, &newentry, 1); - memset((char *)&temp_key, 0, sizeof (temp_key)); - failmod(retval); - } - if (pkey->key_data_contents[0]) { - krb5_xfree(pkey->key_data_contents[0]); - pkey->key_data_contents[0] = (krb5_octet *) NULL; - } - /* encrypt new key in master key */ - sblock.type = KRB5_KDB_SALTTYPE_V4; - sblock.data.length = 0; - sblock.data.data = (char *) NULL; - retval = krb5_dbekd_encrypt_key_data(kadm_context, - &server_parm.master_encblock, - &newpw, - &sblock, - (int) pkey->key_data_kvno+1, - pkey); - memset(newpw.contents, 0, newpw.length); - free(newpw.contents); - memset((char *)&temp_key, 0, sizeof(temp_key)); - if (retval) { - krb5_db_free_principal(kadm_context, &newentry, 1); - failmod(retval); - } - } - if (retval = krb5_timeofday(kadm_context, &mprinc.mod_date)) { - krb5_db_free_principal(kadm_context, &newentry, 1); - failmod(retval); - } - retval = krb5_425_conv_principal(kadm_context, rname, rinstance, rrealm, - &mprinc.mod_princ); - if (retval) { - krb5_db_free_principal(kadm_context, &newentry, 1); - failmod(retval); + + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) { + entry.princ_expire_time = temp_key.exp_date; + mask |= KADM5_PRINC_EXPIRE_TIME; } - retval = krb5_dbe_encode_mod_princ_data(kadm_context, - &mprinc, - &newentry); - krb5_free_principal(kadm_context, mprinc.mod_princ); - if (retval) { - krb5_db_free_principal(kadm_context, &newentry, 1); - failmod(retval); + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) { + entry.max_life = temp_key.max_life * (60 * 5); + mask |= KADM5_MAX_LIFE; } - numfound = 1; - retval = krb5_db_put_principal(kadm_context, &newentry, &numfound); - memset((char *)&data_o, 0, sizeof(data_o)); - if (retval) { - krb5_db_free_principal(kadm_context, &newentry, 1); - failmod(retval); - } else { - numfound = 1; - retval = krb5_db_get_principal(kadm_context, newentry.princ, &odata, - &numfound, &more); - krb5_db_free_principal(kadm_context, &newentry, 1); - if (retval) { - failmod(retval); - } else if (numfound != 1 || more) { - krb5_db_free_principal(kadm_context, &odata, numfound); - failmod(KADM_UK_RERROR); - } - retval = kadm_entry2princ(odata, &data_o); - krb5_db_free_principal(kadm_context, &odata, 1); - if (retval) - failmod(retval); - memset((char *) fields, 0, sizeof(fields)); - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - kadm_prin_to_vals(fields, valsout, &data_o); - syslog(LOG_INFO, "'%s.%s' modified.", valsin1->name, valsin1->instance); - return KADM_DATA; /* Set all the appropriate fields */ + retval = kadm5_modify_principal(kadm5_handle, &entry, mask); + if (retval) + goto err_entry; + + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + if ((newpw.contents = (krb5_octet *)malloc(8)) == NULL) { + retval = KADM_NOMEM; + goto err_entry; + } + newpw.magic = KV5M_KEYBLOCK; + newpw.length = 8; + newpw.enctype = ENCTYPE_DES_CBC_CRC; + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + memcpy(newpw.contents, &temp_key.key_low, 4); + memcpy(newpw.contents + 4, &temp_key.key_high, 4); + memset((char *)&temp_key, 0, sizeof(temp_key)); + + retval = kadm5_setv4key_principal(kadm5_handle, entry.principal, + &newpw); + krb5_free_keyblock_contents(kadm_context, &newpw); + if (retval) + goto err_entry; } - } else { - failmod(KADM_NOENTRY); - } + + kadm5_free_principal_ent(kadm5_handle, &entry); + + retval = kadm5_get_principal(kadm5_handle, theprinc, &entry, + KADM5_PRINCIPAL_NORMAL_MASK); + if (retval) + goto err_princ; + + retval = kadm_entry2princ(&entry, &data_o); + kadm5_free_principal_ent(kadm5_handle, &entry); + krb5_free_principal(kadm_context, theprinc); + if (retval) + goto err; + + memset((char *) fields, 0, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + syslog(LOG_INFO, "'%s.%s' modified.", valsin1->name, valsin1->instance); + return KADM_DATA; /* Set all the appropriate fields */ + +err_entry: + kadm5_free_principal_ent(kadm5_handle, &entry); +err_princ: + krb5_free_principal(kadm_context, theprinc); +err: + syslog(LOG_ERR, "FAILED modifying '%s.%s' (%s)", + valsin1->name, valsin1->instance, error_message(retval)); + return retval; } -#undef failmod +#ifndef KADM5 #define failchange(code) { syslog(LOG_ERR, "FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } kadm_change (rname, rinstance, rrealm, newpw) @@ -672,6 +616,7 @@ des_cblock newpw; } } #undef failchange +#endif /* !KADM5 */ check_pw(newpw, checkstr) des_cblock newpw; @@ -842,7 +787,6 @@ char *pwstring; } return(0); } -#endif /* !KADM5 */ /* * This routine checks to see if a principal should be considered an diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c index 2c23b7a..21ed707 100644 --- a/src/kadmin/v4server/kadm_ser_wrap.c +++ b/src/kadmin/v4server/kadm_ser_wrap.c @@ -243,11 +243,6 @@ int *dat_len; retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); break; -#ifndef KADM5 - case DEL_ENT: - retval = kadm_ser_del(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; case MOD_ENT: retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); @@ -256,6 +251,11 @@ int *dat_len; retval = kadm_ser_ckpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); break; +#ifndef KADM5 + case DEL_ENT: + retval = kadm_ser_del(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; #endif /* KADM5 */ case GET_ENT: retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, diff --git a/src/kadmin/v4server/kadm_server.c b/src/kadmin/v4server/kadm_server.c index 2a9f622..18e5981 100644 --- a/src/kadmin/v4server/kadm_server.c +++ b/src/kadmin/v4server/kadm_server.c @@ -39,11 +39,8 @@ extern void *kadm5_handle; extern krb5_context kadm_context; int fascist_cpw = 0; /* Be fascist about insecure passwords? */ -#ifdef KADM5 char pw_required[] = "The version of kpasswd that you are using is not compatible with the\nOpenV*Secure V4 Administration Server. Please contact your security\nadministrator.\n\n"; -#else /* !KADM5 */ - char bad_pw_err[] = "\007\007\007ERROR: Insecure password not accepted. Please choose another.\n\n"; @@ -56,8 +53,6 @@ char check_pw_msg[] = char pw_blurb[] = "A good password is something which is easy for you to remember, but that\npeople who know you won't easily guess; so don't use your name, or your\ndog's name, or a word from the dictionary. Passwords should be at least\n6 characters long, and may contain UPPER- and lower-case letters,\nnumbers, or punctuation. A good password can be:\n\n -- some initials, like \"GykoR-66\" for \"Get your kicks on Rte 66.\"\n -- an easily pronounced nonsense word, like \"slaRooBey\" or \"krang-its\"\n -- a mis-spelled phrase, like \"2HotPeetzas\" or \"ItzAGurl\"\n\nPlease Note: It is important that you do not tell ANYONE your password,\nincluding your friends, or even people from Athena or Information\nSystems. Remember, *YOU* are assumed to be responsible for anything\ndone using your password.\n"; -#endif /* KADM5 */ - /* from V4 month_sname.c -- was not part of API */ /* * Given an integer 1-12, month_sname() returns a string @@ -398,6 +393,8 @@ int *outlen; } } +#endif /* !KADM5 */ + /* kadm_ser_mod - the server side of the mod_entry routine recieves : KTEXT, {values, values} @@ -434,9 +431,6 @@ int *outlen; } } -#endif /* !KADM5 */ - -#ifdef KADM5 /* kadm_ser_get recieves : KTEXT, {values, flags} @@ -475,9 +469,7 @@ int *outlen; return status; } } -#endif /* KADM5 */ -#ifndef KADM5 /* kadm_ser_ckpw - the server side of the check_password routine recieves : KTEXT, {key} @@ -541,7 +533,6 @@ int *outlen; } return(0); } -#endif /* !KADM5 */ /* kadm_ser_stab - the server side of the change_srvtab routine |