diff options
| author | Tom Yu <tlyu@mit.edu> | 1997-05-14 00:24:07 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1997-05-14 00:24:07 +0000 |
| commit | d40ed9c47e404a0cda5fb44c015dae8df6bdf996 (patch) | |
| tree | 2ac58514bfc5cc3579e8df0088f02e2a427bcba1 /src/kadmin/v4server | |
| parent | aeea6a838e995040a6978fcdcee85c8f740cdd17 (diff) | |
| download | krb5-d40ed9c47e404a0cda5fb44c015dae8df6bdf996.zip krb5-d40ed9c47e404a0cda5fb44c015dae8df6bdf996.tar.gz krb5-d40ed9c47e404a0cda5fb44c015dae8df6bdf996.tar.bz2 | |
* Makefile.in:
* admin_server.c:
* kadm_server.c:
* kadm_ser_wrap.c: Convert to use new kadm5 API; this still needs
work to remove references to krb5_db and to regain full v4 kadmind
functionality (or as much as is possible).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10086 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/v4server')
| -rw-r--r-- | src/kadmin/v4server/ChangeLog | 9 | ||||
| -rw-r--r-- | src/kadmin/v4server/Makefile.in | 2 | ||||
| -rw-r--r-- | src/kadmin/v4server/admin_server.c | 75 | ||||
| -rw-r--r-- | src/kadmin/v4server/kadm_ser_wrap.c | 13 | ||||
| -rw-r--r-- | src/kadmin/v4server/kadm_server.c | 64 |
5 files changed, 86 insertions, 77 deletions
diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index bceda42..36683c1 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,12 @@ +Tue May 13 20:21:21 1997 Tom Yu <tlyu@mit.edu> + + * Makefile.in: + * admin_server.c: + * kadm_server.c: + * kadm_ser_wrap.c: Convert to use new kadm5 API; this still needs + work to remove references to krb5_db and to regain full v4 kadmind + functionality (or as much as is possible). + Tue Feb 18 09:59:59 1997 Ezra Peisach <epeisach@mit.edu> * acl_files.c: Do not declare malloc() or calloc() if stdlib.h exists. diff --git a/src/kadmin/v4server/Makefile.in b/src/kadmin/v4server/Makefile.in index ae99b35..6ebb497 100644 --- a/src/kadmin/v4server/Makefile.in +++ b/src/kadmin/v4server/Makefile.in @@ -1,5 +1,5 @@ CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) \ - -DOVSEC_KADM -DUSE_KADM5_API_VERSION=1 -DNEED_SOCKETS + -DKADM5 -DNEED_SOCKETS PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) diff --git a/src/kadmin/v4server/admin_server.c b/src/kadmin/v4server/admin_server.c index ac45303..8dc97b9 100644 --- a/src/kadmin/v4server/admin_server.c +++ b/src/kadmin/v4server/admin_server.c @@ -41,10 +41,10 @@ #include <sys/time.h> #include <syslog.h> -#ifdef OVSEC_KADM +#ifdef KADM5 #include <kadm5/admin.h> -void *ovsec_handle; -kadm5_config_params params; +void *kadm5_handle; +kadm5_config_params paramsin, paramsout; #endif #include "k5-int.h" @@ -97,8 +97,8 @@ char *argv[]; extern int fascist_cpw; krb5_error_code retval; -#ifdef OVSEC_KADM - memset(¶ms, 0, sizeof(params)); +#ifdef KADM5 + memset(¶msin, 0, sizeof(paramsin)); #endif retval = krb5_init_context(&kadm_context); @@ -132,9 +132,9 @@ char *argv[]; acldir = optarg; break; case 'd': -#ifdef OVSEC_KADM - params.dbname = optarg; - params.mask |= KADM5_CONFIG_DBNAME; +#ifdef KADM5 + paramsin.dbname = optarg; + paramsin.mask |= KADM5_CONFIG_DBNAME; #else if (errval = krb5_db_set_name(kadm_context, optarg)) { com_err(argv[0], errval, "while setting dbname"); @@ -152,9 +152,9 @@ char *argv[]; (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); break; case 'k': -#ifdef OVSEC_KADM - params.admin_keytab = optarg; - params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; +#ifdef KADM5 + paramsin.admin_keytab = optarg; + paramsin.mask |= KADM5_CONFIG_ADMIN_KEYTAB; #endif break; case 'h': /* get help on using admin_server */ @@ -171,27 +171,27 @@ char *argv[]; (void) strncpy(krbrlm, lrealm, sizeof(krbrlm) - 1); } -#ifdef OVSEC_KADM - params.realm = krbrlm; - params.mask |= KADM5_CONFIG_REALM; +#ifdef KADM5 + paramsin.realm = krbrlm; + paramsin.mask |= KADM5_CONFIG_REALM; if (errval = kadm5_get_config_params(kadm_context, NULL, NULL, - ¶ms, ¶ms)) { + ¶msin, ¶msout)) { com_err(argv[0], errval, "while retrieving kadm5 params"); exit(1); } - if (errval = krb5_db_set_name(kadm_context, params.dbname)) { + if (errval = krb5_db_set_name(kadm_context, paramsout.dbname)) { com_err(argv[0], errval, "while setting dbname"); exit(1); } -#endif /* OVSEC_KADM */ +#endif /* KADM5 */ printf("KADM Server %s initializing\n",KADM_VERSTR); printf("Please do not use 'kill -9' to kill this job, use a\n"); printf("regular kill instead\n\n"); -#ifdef OVSEC_KADM - printf("KADM Server starting in the OVSEC_KADM mode (%sprocess id %d).\n", +#ifdef KADM5 + printf("KADM Server starting in the KADM5 mode (%sprocess id %d).\n", debug ? "" : "parent ", getpid()); #else printf("KADM Server starting in %s mode for the purposes for password changing\n\n", fascist_cpw ? "fascist" : "NON-FASCIST"); @@ -216,8 +216,8 @@ char *argv[]; } /* set up the server_parm struct */ if ((errval = kadm_ser_init(prm.inter, krbrlm -#ifdef OVSEC_KADM - , ¶ms +#ifdef KADM5 + , ¶msout #endif ))==KADM_SUCCESS) { krb5_db_fini(kadm_context); /* Close the Kerberos database-- @@ -395,7 +395,7 @@ void process_client(fd, who) krb5_key_data *kdatap; int status; -#ifdef OVSEC_KADM +#ifdef KADM5 char *service_name; service_name = (char *) malloc(strlen(server_parm.sname) + @@ -405,23 +405,22 @@ void process_client(fd, who) syslog(LOG_ERR, "error: out of memory allocating service name"); cleanexit(1); } - sprintf(service_name, "%s/%s@%s", server_parm.sname, - server_parm.sinst, server_parm.krbrlm); - - retval = ovsec_kadm_init_with_skey(service_name, - params.admin_keytab, - OVSEC_KADM_ADMIN_SERVICE, krbrlm, - OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, - &ovsec_handle); + sprintf(service_name, "%s@%s", KADM5_ADMIN_SERVICE, paramsin.realm); + + retval = kadm5_init_with_skey(service_name, + paramsout.admin_keytab, + KADM5_ADMIN_SERVICE, + ¶msin, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_2, + &kadm5_handle); if (retval) { - syslog(LOG_ERR, "error: ovsec_kadm_init failed: %s", + syslog(LOG_ERR, "error: kadm5_init failed: %s", error_message(retval)); cleanexit(1); } free(service_name); - - if (retval = krb5_db_set_name(kadm_context, params.dbname)) { + if (retval = krb5_db_set_name(kadm_context, paramsout.dbname)) { syslog(LOG_ERR, "%s while setting dbname", error_message(retval)); cleanexit(1); } @@ -498,8 +497,8 @@ void process_client(fd, who) else if (retval) syslog(LOG_ERR, "short dlen read: %d", retval); (void) close(fd); -#ifdef OVSEC_KADM - (void) ovsec_kadm_destroy(ovsec_handle); +#ifdef KADM5 + (void) kadm5_destroy(kadm5_handle); #endif cleanexit(retval ? 3 : 0); } @@ -642,8 +641,8 @@ kill_children() return; } -#ifdef OVSEC_KADM -krb5_ui_4 convert_ovsec_to_kadm(val) +#ifdef KADM5 +krb5_ui_4 convert_kadm5_to_kadm(val) krb5_ui_4 val; { switch (val) { diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c index 7ea289f..b2e62dc 100644 --- a/src/kadmin/v4server/kadm_ser_wrap.c +++ b/src/kadmin/v4server/kadm_ser_wrap.c @@ -28,9 +28,8 @@ unwraps wrapped packets and calls the appropriate server subroutine #include <krb_err.h> #include <syslog.h> -#ifdef OVSEC_KADM +#ifdef KADM5 #include <kadm5/admin.h> -extern void *ovsec_handle; #endif Kadm_Server server_parm; @@ -39,7 +38,7 @@ Kadm_Server server_parm; kadm_ser_init set up the server_parm structure */ -#ifdef OVSEC_KADM +#ifdef KADM5 kadm_ser_init(inter, realm, params) int inter; /* interactive or from file */ char realm[]; @@ -87,7 +86,7 @@ kadm_ser_init(inter, realm) /* setting up the database */ mkey_name = KRB5_KDB_M_NAME; -#ifdef OVSEC_KADM +#ifdef KADM5 server_parm.master_keyblock.enctype = params->enctype; krb5_use_enctype(kadm_context, &server_parm.master_encblock, server_parm.master_keyblock.enctype); @@ -108,7 +107,7 @@ kadm_ser_init(inter, realm) krb5_db_fetch_mkey(kadm_context, server_parm.master_princ, &server_parm.master_encblock, (inter == 1), FALSE, -#ifdef OVSEC_KADM +#ifdef KADM5 params->stash_file, #else (char *) NULL, @@ -240,7 +239,7 @@ int *dat_len; retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); break; -#ifndef OVSEC_KADM +#ifndef KADM5 case ADD_ENT: retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); @@ -265,7 +264,7 @@ int *dat_len; retval = kadm_ser_stab(msg_st.app_data+1,(int) msg_st.app_length,&ad, &retdat, &retlen); break; -#endif /* OVSEC_KADM */ +#endif /* KADM5 */ default: clr_cli_secrets(); errpkt(dat, dat_len, KADM_NO_OPCODE); diff --git a/src/kadmin/v4server/kadm_server.c b/src/kadmin/v4server/kadm_server.c index 81e43f1..8a11b07 100644 --- a/src/kadmin/v4server/kadm_server.c +++ b/src/kadmin/v4server/kadm_server.c @@ -25,12 +25,12 @@ #include <time.h> #endif -#ifdef OVSEC_KADM +#ifdef KADM5 #include <com_err.h> #include <kadm5/admin.h> #include <kadm5/chpass_util_strings.h> #include <krb5/kdb.h> -extern void *ovsec_handle; +extern void *kadm5_handle; #endif #include <kadm.h> @@ -39,10 +39,10 @@ extern void *ovsec_handle; extern krb5_context kadm_context; int fascist_cpw = 0; /* Be fascist about insecure passwords? */ -#ifdef OVSEC_KADM +#ifdef KADM5 char pw_required[] = "The version of kpasswd that you are using is not compatible with the\nOpenV*Secure V4 Administration Server. Please contact your security\nadministrator.\n\n"; -#else /* !OVSEC_KADM */ +#else /* !KADM5 */ char bad_pw_err[] = "\007\007\007ERROR: Insecure password not accepted. Please choose another.\n\n"; @@ -56,7 +56,7 @@ char check_pw_msg[] = char pw_blurb[] = "A good password is something which is easy for you to remember, but that\npeople who know you won't easily guess; so don't use your name, or your\ndog's name, or a word from the dictionary. Passwords should be at least\n6 characters long, and may contain UPPER- and lower-case letters,\nnumbers, or punctuation. A good password can be:\n\n -- some initials, like \"GykoR-66\" for \"Get your kicks on Rte 66.\"\n -- an easily pronounced nonsense word, like \"slaRooBey\" or \"krang-its\"\n -- a mis-spelled phrase, like \"2HotPeetzas\" or \"ItzAGurl\"\n\nPlease Note: It is important that you do not tell ANYONE your password,\nincluding your friends, or even people from Athena or Information\nSystems. Remember, *YOU* are assumed to be responsible for anything\ndone using your password.\n"; -#endif /* OVSEC_KADM */ +#endif /* KADM5 */ /* from V4 month_sname.c -- was not part of API */ /* @@ -143,9 +143,9 @@ int *outlen; int status, stvlen = 0; int retval; extern int kadm_approve_pw(); -#ifdef OVSEC_KADM - ovsec_kadm_principal_ent_t princ_ent; - ovsec_kadm_policy_ent_t pol_ent; +#ifdef KADM5 + kadm5_principal_ent_rec princ_ent; + kadm5_policy_ent_rec pol_ent; krb5_principal user_princ; char msg_ret[1024], *time_string, *ptr; const char *msg_ptr; @@ -172,7 +172,7 @@ int *outlen; memcpy((char *)(((krb5_int32 *)newkey) + 1), (char *)&keyhigh, 4); memcpy((char *)newkey, (char *)&keylow, 4); -#ifdef OVSEC_KADM +#ifdef KADM5 /* we don't use the client-provided key itself */ keylow = keyhigh = 0; memset(newkey, 0, sizeof(newkey)); @@ -204,8 +204,10 @@ int *outlen; goto send_response; } - retval = ovsec_kadm_get_principal(ovsec_handle, user_princ, - &princ_ent); + /* Use the default mask for now. */ + retval = kadm5_get_principal(kadm5_handle, user_princ, + &princ_ent, + KADM5_PRINCIPAL_NORMAL_MASK); if (retval != 0) { msg_ptr = error_message(retval); goto send_response; @@ -213,32 +215,32 @@ int *outlen; /* * This daemon necessarily has the modify privilege, so - * ovsec_kadm_chpass_principal will allow it to violate the + * kadm5_chpass_principal will allow it to violate the * policy's minimum lifetime. Since that's A Bad Thing, we need * to enforce it ourselves. Unfortunately, this means we are * duplicating code from both ovsec_adm_server and - * ovsec_kadm_chpass_util(). + * kadm5_chpass_util(). */ - if (princ_ent->aux_attributes & OVSEC_KADM_POLICY) { - retval = ovsec_kadm_get_policy(ovsec_handle, - princ_ent->policy, - &pol_ent); + if (princ_ent.aux_attributes & KADM5_POLICY) { + retval = kadm5_get_policy(kadm5_handle, + princ_ent.policy, + &pol_ent); if (retval != 0) { - (void) ovsec_kadm_free_principal_ent(ovsec_handle, princ_ent); + (void) kadm5_free_principal_ent(kadm5_handle, &princ_ent); msg_ptr = error_message(retval); goto send_response; } /* make "now" a boolean, true == too soon */ - now = ((now - princ_ent->last_pwd_change) < pol_ent->pw_min_life); + now = ((now - princ_ent.last_pwd_change) < pol_ent.pw_min_life); - (void) ovsec_kadm_free_policy_ent(ovsec_handle, pol_ent); + (void) kadm5_free_policy_ent(kadm5_handle, &pol_ent); - if(now && !(princ_ent->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - (void) ovsec_kadm_free_principal_ent(ovsec_handle, princ_ent); + if(now && !(princ_ent.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + (void) kadm5_free_principal_ent(kadm5_handle, &princ_ent); retval = CHPASS_UTIL_PASSWORD_TOO_SOON; - until = princ_ent->last_pwd_change + pol_ent->pw_min_life; + until = princ_ent.last_pwd_change + pol_ent.pw_min_life; time_string = ctime(&until); if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') @@ -252,16 +254,16 @@ int *outlen; } } - (void) ovsec_kadm_free_principal_ent(ovsec_handle, princ_ent); + (void) kadm5_free_principal_ent(kadm5_handle, &princ_ent); - retval = ovsec_kadm_chpass_principal_util(ovsec_handle, user_princ, - pword, NULL, msg_ret); + retval = kadm5_chpass_principal_util(kadm5_handle, user_princ, + pword, NULL, msg_ret); msg_ptr = msg_ret; (void) krb5_free_principal(kadm_context, user_princ); send_response: - retval = convert_ovsec_to_kadm(retval); + retval = convert_kadm5_to_kadm(retval); if (retval) { /* don't send message on success because kpasswd.v4 will */ @@ -277,7 +279,7 @@ send_response: krb_log("'%s.%s@%s' tried to use an insecure password in changepw", ad->pname, ad->pinst, ad->prealm); } -#else /* OVSEC_KADM */ +#else /* KADM5 */ if (retval = kadm_approve_pw(ad->pname, ad->pinst, ad->prealm, newkey, no_pword ? 0 : pword)) { if (retval == KADM_PW_MISMATCH) { @@ -323,12 +325,12 @@ send_response: retval = kadm_change(ad->pname, ad->pinst, ad->prealm, newkey); keylow = keyhigh = 0; memset(newkey, 0, sizeof(newkey)); -#endif /* OVSEC_KADM */ +#endif /* KADM5 */ return retval; } -#ifndef OVSEC_KADM +#ifndef KADM5 /* kadm_ser_add - the server side of the add_entry routine recieves : KTEXT, {values} @@ -568,4 +570,4 @@ int *outlen; return status; } } -#endif /* !OVSEC_KADM */ +#endif /* !KADM5 */ |