diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/kadmin | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.bz2 | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin')
33 files changed, 8492 insertions, 8481 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 22a67ab..c8cb3fb 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -60,22 +60,22 @@ struct pflag { }; static struct pflag flags[] = { -{"allow_postdated", 15, KRB5_KDB_DISALLOW_POSTDATED, 1 }, -{"allow_forwardable", 17, KRB5_KDB_DISALLOW_FORWARDABLE, 1 }, -{"allow_tgs_req", 13, KRB5_KDB_DISALLOW_TGT_BASED, 1 }, -{"allow_renewable", 15, KRB5_KDB_DISALLOW_RENEWABLE, 1 }, -{"allow_proxiable", 15, KRB5_KDB_DISALLOW_PROXIABLE, 1 }, -{"allow_dup_skey", 14, KRB5_KDB_DISALLOW_DUP_SKEY, 1 }, -{"allow_tix", 9, KRB5_KDB_DISALLOW_ALL_TIX, 1 }, -{"requires_preauth", 16, KRB5_KDB_REQUIRES_PRE_AUTH, 0 }, -{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0 }, -{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0 }, -{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1 }, -{"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 }, -{"support_desmd5", 14, KRB5_KDB_SUPPORT_DESMD5, 0 }, -{"ok_as_delegate", 14, KRB5_KDB_OK_AS_DELEGATE, 0 }, -{"ok_to_auth_as_delegate", 22, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 }, -{"no_auth_data_required", 21, KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 }, + {"allow_postdated", 15, KRB5_KDB_DISALLOW_POSTDATED, 1 }, + {"allow_forwardable", 17, KRB5_KDB_DISALLOW_FORWARDABLE, 1 }, + {"allow_tgs_req", 13, KRB5_KDB_DISALLOW_TGT_BASED, 1 }, + {"allow_renewable", 15, KRB5_KDB_DISALLOW_RENEWABLE, 1 }, + {"allow_proxiable", 15, KRB5_KDB_DISALLOW_PROXIABLE, 1 }, + {"allow_dup_skey", 14, KRB5_KDB_DISALLOW_DUP_SKEY, 1 }, + {"allow_tix", 9, KRB5_KDB_DISALLOW_ALL_TIX, 1 }, + {"requires_preauth", 16, KRB5_KDB_REQUIRES_PRE_AUTH, 0 }, + {"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0 }, + {"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0 }, + {"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1 }, + {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 }, + {"support_desmd5", 14, KRB5_KDB_SUPPORT_DESMD5, 0 }, + {"ok_as_delegate", 14, KRB5_KDB_OK_AS_DELEGATE, 0 }, + {"ok_to_auth_as_delegate", 22, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 }, + {"no_auth_data_required", 21, KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 }, }; static char *prflags[] = { @@ -1036,7 +1036,7 @@ kadmin_addprinc_usage() #if APPLE_PKINIT "\t\t[-certhash hash_string]\n" #endif /* APPLE_PKINIT */ - ); + ); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", @@ -1061,7 +1061,7 @@ kadmin_modprinc_usage() "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n" "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n" "\t\t\tLook at each database documentation for supported arguments\n" - ); + ); } /* Create a dummy password for old-style (pre-1.8) randkey creation. */ @@ -1111,7 +1111,7 @@ kadmin_addprinc(int argc, char *argv[]) #if APPLE_PKINIT if(cert_hash != NULL) { fprintf(stderr, - "add_principal: -certhash not allowed; use modify_principal\n"); + "add_principal: -certhash not allowed; use modify_principal\n"); goto cleanup; } #endif /* APPLE_PKINIT */ @@ -1643,9 +1643,9 @@ kadmin_getpol(int argc, char *argv[]) printf("Maximum password failures before lockout: %lu\n", (unsigned long)policy.pw_max_fail); printf("Password failure count reset interval: %ld\n", - (long)policy.pw_failcnt_interval); + (long)policy.pw_failcnt_interval); printf("Password lockout duration: %ld\n", - (long)policy.pw_lockout_duration); + (long)policy.pw_lockout_duration); } else { printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\t%lu\t%ld\t%ld\n", policy.policy, policy.pw_max_life, policy.pw_min_life, diff --git a/src/kadmin/cli/kadmin.h b/src/kadmin/cli/kadmin.h index 745ebcb..5c9decc 100644 --- a/src/kadmin/cli/kadmin.h +++ b/src/kadmin/cli/kadmin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/cli/kadmin.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Prototypes for kadmin functions called from SS library. */ @@ -67,9 +68,8 @@ extern time_t get_date(char *); /* Yucky global variables */ extern krb5_context context; -extern char *krb5_defkeyname; +extern char *krb5_defkeyname; extern char *whoami; extern void *handle; #endif /* __KADMIN_H__ */ - diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c index fa2de42..8d14f86 100644 --- a/src/kadmin/cli/keytab.c +++ b/src/kadmin/cli/keytab.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * @@ -285,11 +285,11 @@ add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab, code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys); else #endif - if (keepold || ks_tuple != NULL) { - code = kadm5_randkey_principal_3(lhandle, princ, keepold, - n_ks_tuple, ks_tuple, &keys, &nkeys); - } else - code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys); + if (keepold || ks_tuple != NULL) { + code = kadm5_randkey_principal_3(lhandle, princ, keepold, + n_ks_tuple, ks_tuple, &keys, &nkeys); + } else + code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys); if (code != 0) { if (code == KADM5_UNK_PRINC) { fprintf(stderr, "%s: Principal %s does not exist.\n", diff --git a/src/kadmin/cli/keytab_local.c b/src/kadmin/cli/keytab_local.c index 1f029a7..bb9cd88 100644 --- a/src/kadmin/cli/keytab_local.c +++ b/src/kadmin/cli/keytab_local.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * A wrapper around keytab.c used by kadmin.local to expose the -norandkey * flag. This avoids building two object files from the same source file, diff --git a/src/kadmin/cli/ss_wrapper.c b/src/kadmin/cli/ss_wrapper.c index 93cf1dc..92ea16a 100644 --- a/src/kadmin/cli/ss_wrapper.c +++ b/src/kadmin/cli/ss_wrapper.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -7,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -21,7 +21,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * ss wrapper for kadmin */ @@ -52,12 +52,12 @@ main(int argc, char *argv[]) exit(1); } if (request) { - code = ss_execute_line(sci_idx, request); - if (code != 0) { - ss_perror(sci_idx, code, request); - exit_status++; - } + code = ss_execute_line(sci_idx, request); + if (code != 0) { + ss_perror(sci_idx, code, request); + exit_status++; + } } else - retval = ss_listen(sci_idx); + retval = ss_listen(sci_idx); return quit() ? 1 : exit_status; } diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index c03e88d..6361271 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/dbutil/dump.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Dump a KDC database */ @@ -40,240 +41,240 @@ #include "kdb5_util.h" #if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP) #include <regex.h> -#endif /* HAVE_REGEX_H */ +#endif /* HAVE_REGEX_H */ /* * Needed for master key conversion. */ -static int mkey_convert; -krb5_keyblock new_master_keyblock; +static int mkey_convert; +krb5_keyblock new_master_keyblock; krb5_kvno new_mkvno; -static int backwards; -static int recursive; +static int backwards; +static int recursive; /* * Use compile(3) if no regcomp present. */ -#if !defined(HAVE_REGCOMP) && defined(HAVE_REGEXP_H) -#define INIT char *sp = instring; -#define GETC() (*sp++) -#define PEEKC() (*sp) -#define UNGETC(c) (--sp) -#define RETURN(c) return(c) -#define ERROR(c) -#define RE_BUF_SIZE 1024 +#if !defined(HAVE_REGCOMP) && defined(HAVE_REGEXP_H) +#define INIT char *sp = instring; +#define GETC() (*sp++) +#define PEEKC() (*sp) +#define UNGETC(c) (--sp) +#define RETURN(c) return(c) +#define ERROR(c) +#define RE_BUF_SIZE 1024 #include <regexp.h> -#endif /* !HAVE_REGCOMP && HAVE_REGEXP_H */ +#endif /* !HAVE_REGCOMP && HAVE_REGEXP_H */ -#define FLAG_VERBOSE 0x1 /* be verbose */ -#define FLAG_UPDATE 0x2 /* processing an update */ -#define FLAG_OMIT_NRA 0x4 /* avoid dumping non-replicated attrs */ +#define FLAG_VERBOSE 0x1 /* be verbose */ +#define FLAG_UPDATE 0x2 /* processing an update */ +#define FLAG_OMIT_NRA 0x4 /* avoid dumping non-replicated attrs */ struct dump_args { - char *programname; - FILE *ofile; - krb5_context kcontext; - char **names; - int nnames; - int flags; + char *programname; + FILE *ofile; + krb5_context kcontext; + char **names; + int nnames; + int flags; }; static krb5_error_code dump_k5beta_iterator (krb5_pointer, - krb5_db_entry *); + krb5_db_entry *); static krb5_error_code dump_k5beta6_iterator (krb5_pointer, - krb5_db_entry *); + krb5_db_entry *); static krb5_error_code dump_k5beta6_iterator_ext (krb5_pointer, - krb5_db_entry *, - int); + krb5_db_entry *, + int); static krb5_error_code dump_k5beta7_princ (krb5_pointer, - krb5_db_entry *); + krb5_db_entry *); static krb5_error_code dump_k5beta7_princ_ext (krb5_pointer, - krb5_db_entry *, - int); + krb5_db_entry *, + int); static krb5_error_code dump_k5beta7_princ_withpolicy - (krb5_pointer, krb5_db_entry *); +(krb5_pointer, krb5_db_entry *); static krb5_error_code dump_ov_princ (krb5_pointer, - krb5_db_entry *); + krb5_db_entry *); static void dump_k5beta7_policy (void *, osa_policy_ent_t); static void dump_r1_8_policy (void *, osa_policy_ent_t); typedef krb5_error_code (*dump_func)(krb5_pointer, - krb5_db_entry *); + krb5_db_entry *); static int process_k5beta_record (char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); static int process_k5beta6_record (char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); static int process_k5beta7_record (char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); static int process_r1_8_record (char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); static int process_ov_record (char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); typedef krb5_error_code (*load_func)(char *, krb5_context, - FILE *, int, int *); + FILE *, int, int *); typedef struct _dump_version { - char *name; - char *header; - int updateonly; - int create_kadm5; - dump_func dump_princ; - osa_adb_iter_policy_func dump_policy; - load_func load_record; + char *name; + char *header; + int updateonly; + int create_kadm5; + dump_func dump_princ; + osa_adb_iter_policy_func dump_policy; + load_func load_record; } dump_version; dump_version old_version = { - "Kerberos version 5 old format", - "kdb5_edit load_dump version 2.0\n", - 0, - 1, - dump_k5beta_iterator, - NULL, - process_k5beta_record, + "Kerberos version 5 old format", + "kdb5_edit load_dump version 2.0\n", + 0, + 1, + dump_k5beta_iterator, + NULL, + process_k5beta_record, }; dump_version beta6_version = { - "Kerberos version 5 beta 6 format", - "kdb5_edit load_dump version 3.0\n", - 0, - 1, - dump_k5beta6_iterator, - NULL, - process_k5beta6_record, + "Kerberos version 5 beta 6 format", + "kdb5_edit load_dump version 3.0\n", + 0, + 1, + dump_k5beta6_iterator, + NULL, + process_k5beta6_record, }; dump_version beta7_version = { - "Kerberos version 5", - "kdb5_util load_dump version 4\n", - 0, - 0, - dump_k5beta7_princ, - dump_k5beta7_policy, - process_k5beta7_record, + "Kerberos version 5", + "kdb5_util load_dump version 4\n", + 0, + 0, + dump_k5beta7_princ, + dump_k5beta7_policy, + process_k5beta7_record, }; dump_version iprop_version = { - "Kerberos iprop version", - "iprop", - 0, - 0, - dump_k5beta7_princ_withpolicy, - dump_k5beta7_policy, - process_k5beta7_record, + "Kerberos iprop version", + "iprop", + 0, + 0, + dump_k5beta7_princ_withpolicy, + dump_k5beta7_policy, + process_k5beta7_record, }; dump_version ov_version = { - "OpenV*Secure V1.0", - "OpenV*Secure V1.0\t", - 1, - 1, - dump_ov_princ, - dump_k5beta7_policy, - process_ov_record + "OpenV*Secure V1.0", + "OpenV*Secure V1.0\t", + 1, + 1, + dump_ov_princ, + dump_k5beta7_policy, + process_ov_record }; dump_version r1_3_version = { - "Kerberos version 5 release 1.3", - "kdb5_util load_dump version 5\n", - 0, - 0, - dump_k5beta7_princ_withpolicy, - dump_k5beta7_policy, - process_k5beta7_record, + "Kerberos version 5 release 1.3", + "kdb5_util load_dump version 5\n", + 0, + 0, + dump_k5beta7_princ_withpolicy, + dump_k5beta7_policy, + process_k5beta7_record, }; dump_version r1_8_version = { - "Kerberos version 5 release 1.8", - "kdb5_util load_dump version 6\n", - 0, - 0, - dump_k5beta7_princ_withpolicy, - dump_r1_8_policy, - process_r1_8_record, + "Kerberos version 5 release 1.8", + "kdb5_util load_dump version 6\n", + 0, + 0, + dump_k5beta7_princ_withpolicy, + dump_r1_8_policy, + process_r1_8_record, }; dump_version ipropx_1_version = { - "Kerberos iprop extensible version", - "ipropx", - 0, - 0, - dump_k5beta7_princ_withpolicy, - dump_r1_8_policy, - process_r1_8_record, + "Kerberos iprop extensible version", + "ipropx", + 0, + 0, + dump_k5beta7_princ_withpolicy, + dump_r1_8_policy, + process_r1_8_record, }; /* External data */ -extern char *current_dbname; -extern krb5_boolean dbactive; -extern int exit_status; -extern krb5_context util_context; +extern char *current_dbname; +extern krb5_boolean dbactive; +extern int exit_status; +extern krb5_context util_context; extern kadm5_config_params global_params; extern krb5_db_entry master_entry; /* Strings */ -#define k5beta_dump_header "kdb5_edit load_dump version 2.0\n" +#define k5beta_dump_header "kdb5_edit load_dump version 2.0\n" static const char null_mprinc_name[] = "kdb5_dump@MISSING"; /* Message strings */ -#define regex_err "%s: regular expression error - %s\n" -#define regex_merr "%s: regular expression match error - %s\n" -#define pname_unp_err "%s: cannot unparse principal name (%s)\n" -#define mname_unp_err "%s: cannot unparse modifier name (%s)\n" -#define nokeys_err "%s: cannot find any standard key for %s\n" -#define sdump_tl_inc_err "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n" -#define stand_fmt_name "Kerberos version 5" -#define old_fmt_name "Kerberos version 5 old format" -#define b6_fmt_name "Kerberos version 5 beta 6 format" -#define r1_3_fmt_name "Kerberos version 5 release 1.3 format" -#define ofopen_error "%s: cannot open %s for writing (%s)\n" -#define oflock_error "%s: cannot lock %s (%s)\n" -#define dumprec_err "%s: error performing %s dump (%s)\n" -#define dumphdr_err "%s: error dumping %s header (%s)\n" -#define trash_end_fmt "%s(%d): ignoring trash at end of line: " -#define read_name_string "name string" -#define read_key_type "key type" -#define read_key_data "key data" -#define read_pr_data1 "first set of principal attributes" -#define read_mod_name "modifier name" -#define read_pr_data2 "second set of principal attributes" -#define read_salt_data "salt data" -#define read_akey_type "alternate key type" -#define read_akey_data "alternate key data" -#define read_asalt_type "alternate salt type" -#define read_asalt_data "alternate salt data" -#define read_exp_data "expansion data" -#define store_err_fmt "%s(%d): cannot store %s(%s)\n" -#define add_princ_fmt "%s\n" -#define parse_err_fmt "%s(%d): cannot parse %s (%s)\n" -#define read_err_fmt "%s(%d): cannot read %s\n" -#define no_mem_fmt "%s(%d): no memory for buffers\n" -#define rhead_err_fmt "%s(%d): cannot match size tokens\n" -#define err_line_fmt "%s: error processing line %d of %s\n" -#define head_bad_fmt "%s: dump header bad in %s\n" -#define read_bytecnt "record byte count" -#define read_encdata "encoded data" -#define n_name_unp_fmt "%s(%s): cannot unparse name\n" -#define n_dec_cont_fmt "%s(%s): cannot decode contents\n" -#define read_nint_data "principal static attributes" -#define read_tcontents "tagged data contents" -#define read_ttypelen "tagged data type and length" -#define read_kcontents "key data contents" -#define read_ktypelen "key data type and length" -#define read_econtents "extra data contents" -#define k5beta_fmt_name "Kerberos version 5 old format" -#define standard_fmt_name "Kerberos version 5 format" -#define no_name_mem_fmt "%s: cannot get memory for temporary name\n" -#define ctx_err_fmt "%s: cannot initialize Kerberos context\n" -#define stdin_name "standard input" -#define remaster_err_fmt "while re-encoding keys for principal %s with new master key" -#define restfail_fmt "%s: %s restore failed\n" -#define close_err_fmt "%s: cannot close database (%s)\n" -#define dbinit_err_fmt "%s: cannot initialize database (%s)\n" -#define dblock_err_fmt "%s: cannot initialize database lock (%s)\n" -#define dbname_err_fmt "%s: cannot set database name to %s (%s)\n" -#define dbdelerr_fmt "%s: cannot delete bad database %s (%s)\n" -#define dbunlockerr_fmt "%s: cannot unlock database %s (%s)\n" -#define dbrenerr_fmt "%s: cannot rename database %s to %s (%s)\n" -#define dbcreaterr_fmt "%s: cannot create database %s (%s)\n" -#define dfile_err_fmt "%s: cannot open %s (%s)\n" +#define regex_err "%s: regular expression error - %s\n" +#define regex_merr "%s: regular expression match error - %s\n" +#define pname_unp_err "%s: cannot unparse principal name (%s)\n" +#define mname_unp_err "%s: cannot unparse modifier name (%s)\n" +#define nokeys_err "%s: cannot find any standard key for %s\n" +#define sdump_tl_inc_err "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n" +#define stand_fmt_name "Kerberos version 5" +#define old_fmt_name "Kerberos version 5 old format" +#define b6_fmt_name "Kerberos version 5 beta 6 format" +#define r1_3_fmt_name "Kerberos version 5 release 1.3 format" +#define ofopen_error "%s: cannot open %s for writing (%s)\n" +#define oflock_error "%s: cannot lock %s (%s)\n" +#define dumprec_err "%s: error performing %s dump (%s)\n" +#define dumphdr_err "%s: error dumping %s header (%s)\n" +#define trash_end_fmt "%s(%d): ignoring trash at end of line: " +#define read_name_string "name string" +#define read_key_type "key type" +#define read_key_data "key data" +#define read_pr_data1 "first set of principal attributes" +#define read_mod_name "modifier name" +#define read_pr_data2 "second set of principal attributes" +#define read_salt_data "salt data" +#define read_akey_type "alternate key type" +#define read_akey_data "alternate key data" +#define read_asalt_type "alternate salt type" +#define read_asalt_data "alternate salt data" +#define read_exp_data "expansion data" +#define store_err_fmt "%s(%d): cannot store %s(%s)\n" +#define add_princ_fmt "%s\n" +#define parse_err_fmt "%s(%d): cannot parse %s (%s)\n" +#define read_err_fmt "%s(%d): cannot read %s\n" +#define no_mem_fmt "%s(%d): no memory for buffers\n" +#define rhead_err_fmt "%s(%d): cannot match size tokens\n" +#define err_line_fmt "%s: error processing line %d of %s\n" +#define head_bad_fmt "%s: dump header bad in %s\n" +#define read_bytecnt "record byte count" +#define read_encdata "encoded data" +#define n_name_unp_fmt "%s(%s): cannot unparse name\n" +#define n_dec_cont_fmt "%s(%s): cannot decode contents\n" +#define read_nint_data "principal static attributes" +#define read_tcontents "tagged data contents" +#define read_ttypelen "tagged data type and length" +#define read_kcontents "key data contents" +#define read_ktypelen "key data type and length" +#define read_econtents "extra data contents" +#define k5beta_fmt_name "Kerberos version 5 old format" +#define standard_fmt_name "Kerberos version 5 format" +#define no_name_mem_fmt "%s: cannot get memory for temporary name\n" +#define ctx_err_fmt "%s: cannot initialize Kerberos context\n" +#define stdin_name "standard input" +#define remaster_err_fmt "while re-encoding keys for principal %s with new master key" +#define restfail_fmt "%s: %s restore failed\n" +#define close_err_fmt "%s: cannot close database (%s)\n" +#define dbinit_err_fmt "%s: cannot initialize database (%s)\n" +#define dblock_err_fmt "%s: cannot initialize database lock (%s)\n" +#define dbname_err_fmt "%s: cannot set database name to %s (%s)\n" +#define dbdelerr_fmt "%s: cannot delete bad database %s (%s)\n" +#define dbunlockerr_fmt "%s: cannot unlock database %s (%s)\n" +#define dbrenerr_fmt "%s: cannot rename database %s to %s (%s)\n" +#define dbcreaterr_fmt "%s: cannot create database %s (%s)\n" +#define dfile_err_fmt "%s: cannot open %s (%s)\n" static const char oldoption[] = "-old"; static const char b6option[] = "-b6"; @@ -290,15 +291,15 @@ static const char dump_tmptrail[] = "~"; * Re-encrypt the key_data with the new master key... */ krb5_error_code master_key_convert(context, db_entry) - krb5_context context; - krb5_db_entry * db_entry; + krb5_context context; + krb5_db_entry * db_entry; { - krb5_error_code retval; - krb5_keyblock v5plainkey, *key_ptr; - krb5_keysalt keysalt; - int i, j; - krb5_key_data new_key_data, *key_data; - krb5_boolean is_mkey; + krb5_error_code retval; + krb5_keyblock v5plainkey, *key_ptr; + krb5_keysalt keysalt; + int i, j; + krb5_key_data new_key_data, *key_data; + krb5_boolean is_mkey; krb5_kvno kvno; is_mkey = krb5_principal_compare(context, master_princ, db_entry->princ); @@ -321,7 +322,7 @@ krb5_error_code master_key_convert(context, db_entry) key_data, &v5plainkey, &keysalt); if (retval) - return retval; + return retval; memset(&new_key_data, 0, sizeof(new_key_data)); @@ -333,7 +334,7 @@ krb5_error_code master_key_convert(context, db_entry) (int) kvno, &new_key_data); if (retval) - return retval; + return retval; krb5_free_keyblock_contents(context, &v5plainkey); for (j = 0; j < key_data->key_data_ver; j++) { if (key_data->key_data_length[j]) { @@ -342,10 +343,10 @@ krb5_error_code master_key_convert(context, db_entry) } *key_data = new_key_data; } - assert(new_mkvno > 0); + assert(new_mkvno > 0); retval = krb5_dbe_update_mkvno(context, db_entry, new_mkvno); if (retval) - return retval; + return retval; } return 0; } @@ -354,173 +355,173 @@ krb5_error_code master_key_convert(context, db_entry) * Update the "ok" file. */ void update_ok_file (file_name) - char *file_name; + char *file_name; { - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; - static char ok[]=".dump_ok"; - - if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) { - com_err(progname, ENOMEM, - "while allocating filename for update_ok_file"); - exit_status++; - return; - } - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { - com_err(progname, errno, "while creating 'ok' file, '%s'", - file_ok); - exit_status++; - free(file_ok); - return; - } - if (write(fd, "", 1) != 1) { - com_err(progname, errno, "while writing to 'ok' file, '%s'", - file_ok); - exit_status++; - free(file_ok); - return; - } - - free(file_ok); - close(fd); - return; + /* handle slave locking/failure stuff */ + char *file_ok; + int fd; + static char ok[]=".dump_ok"; + + if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) { + com_err(progname, ENOMEM, + "while allocating filename for update_ok_file"); + exit_status++; + return; + } + if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { + com_err(progname, errno, "while creating 'ok' file, '%s'", + file_ok); + exit_status++; + free(file_ok); + return; + } + if (write(fd, "", 1) != 1) { + com_err(progname, errno, "while writing to 'ok' file, '%s'", + file_ok); + exit_status++; + free(file_ok); + return; + } + + free(file_ok); + close(fd); + return; } /* - * name_matches() - See if a principal name matches a regular expression - * or string. + * name_matches() - See if a principal name matches a regular expression + * or string. */ static int name_matches(name, arglist) - char *name; - struct dump_args *arglist; + char *name; + struct dump_args *arglist; { -#if HAVE_REGCOMP - regex_t match_exp; - regmatch_t match_match; - int match_error; - char match_errmsg[BUFSIZ]; - size_t errmsg_size; -#elif HAVE_REGEXP_H - char regexp_buffer[RE_BUF_SIZE]; -#elif HAVE_RE_COMP - extern char *re_comp(); - char *re_result; -#endif /* HAVE_RE_COMP */ - int i, match; +#if HAVE_REGCOMP + regex_t match_exp; + regmatch_t match_match; + int match_error; + char match_errmsg[BUFSIZ]; + size_t errmsg_size; +#elif HAVE_REGEXP_H + char regexp_buffer[RE_BUF_SIZE]; +#elif HAVE_RE_COMP + extern char *re_comp(); + char *re_result; +#endif /* HAVE_RE_COMP */ + int i, match; /* * Plow, brute force, through the list of names/regular expressions. */ match = (arglist->nnames) ? 0 : 1; for (i=0; i<arglist->nnames; i++) { -#if HAVE_REGCOMP - /* - * Compile the regular expression. - */ - match_error = regcomp(&match_exp, arglist->names[i], REG_EXTENDED); - if (match_error) { - errmsg_size = regerror(match_error, - &match_exp, - match_errmsg, - sizeof(match_errmsg)); - fprintf(stderr, regex_err, arglist->programname, match_errmsg); - break; - } - /* - * See if we have a match. - */ - match_error = regexec(&match_exp, name, 1, &match_match, 0); - if (match_error) { - if (match_error != REG_NOMATCH) { - errmsg_size = regerror(match_error, - &match_exp, - match_errmsg, - sizeof(match_errmsg)); - fprintf(stderr, regex_merr, - arglist->programname, match_errmsg); - break; - } - } - else { - /* - * We have a match. See if it matches the whole - * name. - */ - if ((match_match.rm_so == 0) && - (match_match.rm_eo == strlen(name))) - match = 1; - } - regfree(&match_exp); -#elif HAVE_REGEXP_H - /* - * Compile the regular expression. - */ - compile(arglist->names[i], - regexp_buffer, - ®exp_buffer[RE_BUF_SIZE], - '\0'); - if (step(name, regexp_buffer)) { - if ((loc1 == name) && - (loc2 == &name[strlen(name)])) - match = 1; - } -#elif HAVE_RE_COMP - /* - * Compile the regular expression. - */ - if (re_result = re_comp(arglist->names[i])) { - fprintf(stderr, regex_err, arglist->programname, re_result); - break; - } - if (re_exec(name)) - match = 1; -#else /* HAVE_RE_COMP */ - /* - * If no regular expression support, then just compare the strings. - */ - if (!strcmp(arglist->names[i], name)) - match = 1; -#endif /* HAVE_REGCOMP */ - if (match) - break; +#if HAVE_REGCOMP + /* + * Compile the regular expression. + */ + match_error = regcomp(&match_exp, arglist->names[i], REG_EXTENDED); + if (match_error) { + errmsg_size = regerror(match_error, + &match_exp, + match_errmsg, + sizeof(match_errmsg)); + fprintf(stderr, regex_err, arglist->programname, match_errmsg); + break; + } + /* + * See if we have a match. + */ + match_error = regexec(&match_exp, name, 1, &match_match, 0); + if (match_error) { + if (match_error != REG_NOMATCH) { + errmsg_size = regerror(match_error, + &match_exp, + match_errmsg, + sizeof(match_errmsg)); + fprintf(stderr, regex_merr, + arglist->programname, match_errmsg); + break; + } + } + else { + /* + * We have a match. See if it matches the whole + * name. + */ + if ((match_match.rm_so == 0) && + (match_match.rm_eo == strlen(name))) + match = 1; + } + regfree(&match_exp); +#elif HAVE_REGEXP_H + /* + * Compile the regular expression. + */ + compile(arglist->names[i], + regexp_buffer, + ®exp_buffer[RE_BUF_SIZE], + '\0'); + if (step(name, regexp_buffer)) { + if ((loc1 == name) && + (loc2 == &name[strlen(name)])) + match = 1; + } +#elif HAVE_RE_COMP + /* + * Compile the regular expression. + */ + if (re_result = re_comp(arglist->names[i])) { + fprintf(stderr, regex_err, arglist->programname, re_result); + break; + } + if (re_exec(name)) + match = 1; +#else /* HAVE_RE_COMP */ + /* + * If no regular expression support, then just compare the strings. + */ + if (!strcmp(arglist->names[i], name)) + match = 1; +#endif /* HAVE_REGCOMP */ + if (match) + break; } return(match); } static krb5_error_code find_enctype(dbentp, enctype, salttype, kentp) - krb5_db_entry *dbentp; - krb5_enctype enctype; - krb5_int32 salttype; - krb5_key_data **kentp; + krb5_db_entry *dbentp; + krb5_enctype enctype; + krb5_int32 salttype; + krb5_key_data **kentp; { - int i; - int maxkvno; - krb5_key_data *datap; + int i; + int maxkvno; + krb5_key_data *datap; maxkvno = -1; datap = (krb5_key_data *) NULL; for (i=0; i<dbentp->n_key_data; i++) { - if (( (krb5_enctype)dbentp->key_data[i].key_data_type[0] == enctype) && - ((dbentp->key_data[i].key_data_type[1] == salttype) || - (salttype < 0))) { - maxkvno = dbentp->key_data[i].key_data_kvno; - datap = &dbentp->key_data[i]; - } + if (( (krb5_enctype)dbentp->key_data[i].key_data_type[0] == enctype) && + ((dbentp->key_data[i].key_data_type[1] == salttype) || + (salttype < 0))) { + maxkvno = dbentp->key_data[i].key_data_kvno; + datap = &dbentp->key_data[i]; + } } if (maxkvno >= 0) { - *kentp = datap; - return(0); + *kentp = datap; + return(0); } - return(ENOENT); + return(ENOENT); } #if 0 /* - * dump_k5beta_header() - Make a dump header that is recognizable by Kerberos - * Version 5 Beta 5 and previous releases. + * dump_k5beta_header() - Make a dump header that is recognizable by Kerberos + * Version 5 Beta 5 and previous releases. */ static krb5_error_code dump_k5beta_header(arglist) @@ -533,22 +534,22 @@ dump_k5beta_header(arglist) #endif /* - * dump_k5beta_iterator() - Dump an entry in a format that is usable - * by Kerberos Version 5 Beta 5 and previous - * releases. + * dump_k5beta_iterator() - Dump an entry in a format that is usable + * by Kerberos Version 5 Beta 5 and previous + * releases. */ static krb5_error_code dump_k5beta_iterator(ptr, entry) - krb5_pointer ptr; - krb5_db_entry *entry; + krb5_pointer ptr; + krb5_db_entry *entry; { - krb5_error_code retval; - struct dump_args *arg; - char *name, *mod_name; - krb5_principal mod_princ; - krb5_key_data *pkey, *akey, nullkey; - krb5_timestamp mod_date, last_pwd_change; - int i; + krb5_error_code retval; + struct dump_args *arg; + char *name, *mod_name; + krb5_principal mod_princ; + krb5_key_data *pkey, *akey, nullkey; + krb5_timestamp mod_date, last_pwd_change; + int i; /* Initialize */ arg = (struct dump_args *) ptr; @@ -560,177 +561,177 @@ dump_k5beta_iterator(ptr, entry) * Flatten the principal name. */ if ((retval = krb5_unparse_name(arg->kcontext, - entry->princ, - &name))) { - fprintf(stderr, pname_unp_err, - arg->programname, error_message(retval)); - return(retval); + entry->princ, + &name))) { + fprintf(stderr, pname_unp_err, + arg->programname, error_message(retval)); + return(retval); } /* * Re-encode the keys in the new master key, if necessary. */ if (mkey_convert) { - retval = master_key_convert(arg->kcontext, entry); - if (retval) { - com_err(arg->programname, retval, remaster_err_fmt, name); - return retval; - } + retval = master_key_convert(arg->kcontext, entry); + if (retval) { + com_err(arg->programname, retval, remaster_err_fmt, name); + return retval; + } } - + /* * If we don't have any match strings, or if our name matches, then * proceed with the dump, otherwise, just forget about it. */ if (!arg->nnames || name_matches(name, arg)) { - /* - * Deserialize the modifier record. - */ - mod_name = (char *) NULL; - mod_princ = NULL; - last_pwd_change = mod_date = 0; - pkey = akey = (krb5_key_data *) NULL; - if (!(retval = krb5_dbe_lookup_mod_princ_data(arg->kcontext, - entry, - &mod_date, - &mod_princ))) { - if (mod_princ) { - /* - * Flatten the modifier name. - */ - if ((retval = krb5_unparse_name(arg->kcontext, - mod_princ, - &mod_name))) - fprintf(stderr, mname_unp_err, arg->programname, - error_message(retval)); - krb5_free_principal(arg->kcontext, mod_princ); - } - } - if (!mod_name) - mod_name = strdup(null_mprinc_name); - - /* - * Find the last password change record and set it straight. - */ - if ((retval = - krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry, - &last_pwd_change))) { - fprintf(stderr, nokeys_err, arg->programname, name); - free(mod_name); - free(name); - return(retval); - } - - /* - * Find the 'primary' key and the 'alternate' key. - */ - if ((retval = find_enctype(entry, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_NORMAL, - &pkey)) && - (retval = find_enctype(entry, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, - &akey))) { - fprintf(stderr, nokeys_err, arg->programname, name); - free(mod_name); - free(name); - return(retval); - } - - /* If we only have one type, then ship it out as the primary. */ - if (!pkey && akey) { - pkey = akey; - akey = &nullkey; - } - else { - if (!akey) - akey = &nullkey; - } - - /* - * First put out strings representing the length of the variable - * length data in this record, then the name and the primary key type. - */ - fprintf(arg->ofile, "%lu\t%lu\t%d\t%d\t%d\t%d\t%s\t%d\t", - (unsigned long) strlen(name), - (unsigned long) strlen(mod_name), - (krb5_int32) pkey->key_data_length[0], - (krb5_int32) akey->key_data_length[0], - (krb5_int32) pkey->key_data_length[1], - (krb5_int32) akey->key_data_length[1], - name, - (krb5_int32) pkey->key_data_type[0]); - for (i=0; i<pkey->key_data_length[0]; i++) { - fprintf(arg->ofile, "%02x", pkey->key_data_contents[0][i]); - } - /* - * Second, print out strings representing the standard integer - * data in this record. - */ - fprintf(arg->ofile, - "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t", - (krb5_int32) pkey->key_data_kvno, - entry->max_life, entry->max_renewable_life, - 1 /* Fake mkvno */, entry->expiration, entry->pw_expiration, - last_pwd_change, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count, - mod_name, mod_date, - entry->attributes, pkey->key_data_type[1]); - - /* Pound out the salt data, if present. */ - for (i=0; i<pkey->key_data_length[1]; i++) { - fprintf(arg->ofile, "%02x", pkey->key_data_contents[1][i]); - } - /* Pound out the alternate key type and contents */ - fprintf(arg->ofile, "\t%u\t", akey->key_data_type[0]); - for (i=0; i<akey->key_data_length[0]; i++) { - fprintf(arg->ofile, "%02x", akey->key_data_contents[0][i]); - } - /* Pound out the alternate salt type and contents */ - fprintf(arg->ofile, "\t%u\t", akey->key_data_type[1]); - for (i=0; i<akey->key_data_length[1]; i++) { - fprintf(arg->ofile, "%02x", akey->key_data_contents[1][i]); - } - /* Pound out the expansion data. (is null) */ - for (i=0; i < 8; i++) { - fprintf(arg->ofile, "\t%u", 0); - } - fprintf(arg->ofile, ";\n"); - /* If we're blabbing, do it */ - if (arg->flags & FLAG_VERBOSE) - fprintf(stderr, "%s\n", name); - free(mod_name); + /* + * Deserialize the modifier record. + */ + mod_name = (char *) NULL; + mod_princ = NULL; + last_pwd_change = mod_date = 0; + pkey = akey = (krb5_key_data *) NULL; + if (!(retval = krb5_dbe_lookup_mod_princ_data(arg->kcontext, + entry, + &mod_date, + &mod_princ))) { + if (mod_princ) { + /* + * Flatten the modifier name. + */ + if ((retval = krb5_unparse_name(arg->kcontext, + mod_princ, + &mod_name))) + fprintf(stderr, mname_unp_err, arg->programname, + error_message(retval)); + krb5_free_principal(arg->kcontext, mod_princ); + } + } + if (!mod_name) + mod_name = strdup(null_mprinc_name); + + /* + * Find the last password change record and set it straight. + */ + if ((retval = + krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry, + &last_pwd_change))) { + fprintf(stderr, nokeys_err, arg->programname, name); + free(mod_name); + free(name); + return(retval); + } + + /* + * Find the 'primary' key and the 'alternate' key. + */ + if ((retval = find_enctype(entry, + ENCTYPE_DES_CBC_CRC, + KRB5_KDB_SALTTYPE_NORMAL, + &pkey)) && + (retval = find_enctype(entry, + ENCTYPE_DES_CBC_CRC, + KRB5_KDB_SALTTYPE_V4, + &akey))) { + fprintf(stderr, nokeys_err, arg->programname, name); + free(mod_name); + free(name); + return(retval); + } + + /* If we only have one type, then ship it out as the primary. */ + if (!pkey && akey) { + pkey = akey; + akey = &nullkey; + } + else { + if (!akey) + akey = &nullkey; + } + + /* + * First put out strings representing the length of the variable + * length data in this record, then the name and the primary key type. + */ + fprintf(arg->ofile, "%lu\t%lu\t%d\t%d\t%d\t%d\t%s\t%d\t", + (unsigned long) strlen(name), + (unsigned long) strlen(mod_name), + (krb5_int32) pkey->key_data_length[0], + (krb5_int32) akey->key_data_length[0], + (krb5_int32) pkey->key_data_length[1], + (krb5_int32) akey->key_data_length[1], + name, + (krb5_int32) pkey->key_data_type[0]); + for (i=0; i<pkey->key_data_length[0]; i++) { + fprintf(arg->ofile, "%02x", pkey->key_data_contents[0][i]); + } + /* + * Second, print out strings representing the standard integer + * data in this record. + */ + fprintf(arg->ofile, + "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t", + (krb5_int32) pkey->key_data_kvno, + entry->max_life, entry->max_renewable_life, + 1 /* Fake mkvno */, entry->expiration, entry->pw_expiration, + last_pwd_change, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count, + mod_name, mod_date, + entry->attributes, pkey->key_data_type[1]); + + /* Pound out the salt data, if present. */ + for (i=0; i<pkey->key_data_length[1]; i++) { + fprintf(arg->ofile, "%02x", pkey->key_data_contents[1][i]); + } + /* Pound out the alternate key type and contents */ + fprintf(arg->ofile, "\t%u\t", akey->key_data_type[0]); + for (i=0; i<akey->key_data_length[0]; i++) { + fprintf(arg->ofile, "%02x", akey->key_data_contents[0][i]); + } + /* Pound out the alternate salt type and contents */ + fprintf(arg->ofile, "\t%u\t", akey->key_data_type[1]); + for (i=0; i<akey->key_data_length[1]; i++) { + fprintf(arg->ofile, "%02x", akey->key_data_contents[1][i]); + } + /* Pound out the expansion data. (is null) */ + for (i=0; i < 8; i++) { + fprintf(arg->ofile, "\t%u", 0); + } + fprintf(arg->ofile, ";\n"); + /* If we're blabbing, do it */ + if (arg->flags & FLAG_VERBOSE) + fprintf(stderr, "%s\n", name); + free(mod_name); } free(name); return(0); } /* - * dump_k5beta6_iterator() - Output a dump record in krb5b6 format. + * dump_k5beta6_iterator() - Output a dump record in krb5b6 format. */ static krb5_error_code dump_k5beta6_iterator(ptr, entry) - krb5_pointer ptr; - krb5_db_entry *entry; + krb5_pointer ptr; + krb5_db_entry *entry; { return dump_k5beta6_iterator_ext(ptr, entry, 0); } static krb5_error_code dump_k5beta6_iterator_ext(ptr, entry, kadm) - krb5_pointer ptr; - krb5_db_entry *entry; - int kadm; + krb5_pointer ptr; + krb5_db_entry *entry; + int kadm; { - krb5_error_code retval; - struct dump_args *arg; - char *name; - krb5_tl_data *tlp; - krb5_key_data *kdata; - int counter, skip, i, j; + krb5_error_code retval; + struct dump_args *arg; + char *name; + krb5_tl_data *tlp; + krb5_key_data *kdata; + int counter, skip, i, j; /* Initialize */ arg = (struct dump_args *) ptr; @@ -740,274 +741,274 @@ dump_k5beta6_iterator_ext(ptr, entry, kadm) * Flatten the principal name. */ if ((retval = krb5_unparse_name(arg->kcontext, - entry->princ, - &name))) { - fprintf(stderr, pname_unp_err, - arg->programname, error_message(retval)); - return(retval); + entry->princ, + &name))) { + fprintf(stderr, pname_unp_err, + arg->programname, error_message(retval)); + return(retval); } /* * Re-encode the keys in the new master key, if necessary. */ if (mkey_convert) { - retval = master_key_convert(arg->kcontext, entry); - if (retval) { - com_err(arg->programname, retval, remaster_err_fmt, name); - return retval; - } + retval = master_key_convert(arg->kcontext, entry); + if (retval) { + com_err(arg->programname, retval, remaster_err_fmt, name); + return retval; + } } - + /* * If we don't have any match strings, or if our name matches, then * proceed with the dump, otherwise, just forget about it. */ if (!arg->nnames || name_matches(name, arg)) { - /* - * We'd like to just blast out the contents as they would appear in - * the database so that we can just suck it back in, but it doesn't - * lend itself to easy editing. - */ - - /* - * The dump format is as follows: - * len strlen(name) n_tl_data n_key_data e_length - * name - * attributes max_life max_renewable_life expiration - * pw_expiration last_success last_failed fail_auth_count - * n_tl_data*[type length <contents>] - * n_key_data*[ver kvno ver*(type length <contents>)] - * <e_data> - * Fields which are not encapsulated by angle-brackets are to appear - * verbatim. A bracketed field's absence is indicated by a -1 in its - * place - */ - - /* - * Make sure that the tagged list is reasonably correct. - */ - counter = skip = 0; - for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) { - /* - * don't dump tl data types we know aren't understood by - * earlier revisions [krb5-admin/89] - */ - switch (tlp->tl_data_type) { - case KRB5_TL_KADM_DATA: - if (kadm) - counter++; - else - skip++; - break; - default: - counter++; - break; - } - } - - if (counter + skip == entry->n_tl_data) { - /* Pound out header */ - fprintf(arg->ofile, "%d\t%lu\t%d\t%d\t%d\t%s\t", - (int) entry->len, - (unsigned long) strlen(name), - counter, - (int) entry->n_key_data, - (int) entry->e_length, - name); - fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t", - entry->attributes, - entry->max_life, - entry->max_renewable_life, - entry->expiration, - entry->pw_expiration, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed, - (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count); - /* Pound out tagged data. */ - for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) { - if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm) - continue; /* see above, [krb5-admin/89] */ - - fprintf(arg->ofile, "%d\t%d\t", - (int) tlp->tl_data_type, - (int) tlp->tl_data_length); - if (tlp->tl_data_length) - for (i=0; i<tlp->tl_data_length; i++) - fprintf(arg->ofile, "%02x", tlp->tl_data_contents[i]); - else - fprintf(arg->ofile, "%d", -1); - fprintf(arg->ofile, "\t"); - } - - /* Pound out key data */ - for (counter=0; counter<entry->n_key_data; counter++) { - kdata = &entry->key_data[counter]; - fprintf(arg->ofile, "%d\t%d\t", - (int) kdata->key_data_ver, - (int) kdata->key_data_kvno); - for (i=0; i<kdata->key_data_ver; i++) { - fprintf(arg->ofile, "%d\t%d\t", - kdata->key_data_type[i], - kdata->key_data_length[i]); - if (kdata->key_data_length[i]) - for (j=0; j<kdata->key_data_length[i]; j++) - fprintf(arg->ofile, "%02x", - kdata->key_data_contents[i][j]); - else - fprintf(arg->ofile, "%d", -1); - fprintf(arg->ofile, "\t"); - } - } - - /* Pound out extra data */ - if (entry->e_length) - for (i=0; i<entry->e_length; i++) - fprintf(arg->ofile, "%02x", entry->e_data[i]); - else - fprintf(arg->ofile, "%d", -1); - - /* Print trailer */ - fprintf(arg->ofile, ";\n"); - - if (arg->flags & FLAG_VERBOSE) - fprintf(stderr, "%s\n", name); - } - else { - fprintf(stderr, sdump_tl_inc_err, - arg->programname, name, counter+skip, - (int) entry->n_tl_data); - retval = EINVAL; - } + /* + * We'd like to just blast out the contents as they would appear in + * the database so that we can just suck it back in, but it doesn't + * lend itself to easy editing. + */ + + /* + * The dump format is as follows: + * len strlen(name) n_tl_data n_key_data e_length + * name + * attributes max_life max_renewable_life expiration + * pw_expiration last_success last_failed fail_auth_count + * n_tl_data*[type length <contents>] + * n_key_data*[ver kvno ver*(type length <contents>)] + * <e_data> + * Fields which are not encapsulated by angle-brackets are to appear + * verbatim. A bracketed field's absence is indicated by a -1 in its + * place + */ + + /* + * Make sure that the tagged list is reasonably correct. + */ + counter = skip = 0; + for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) { + /* + * don't dump tl data types we know aren't understood by + * earlier revisions [krb5-admin/89] + */ + switch (tlp->tl_data_type) { + case KRB5_TL_KADM_DATA: + if (kadm) + counter++; + else + skip++; + break; + default: + counter++; + break; + } + } + + if (counter + skip == entry->n_tl_data) { + /* Pound out header */ + fprintf(arg->ofile, "%d\t%lu\t%d\t%d\t%d\t%s\t", + (int) entry->len, + (unsigned long) strlen(name), + counter, + (int) entry->n_key_data, + (int) entry->e_length, + name); + fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t", + entry->attributes, + entry->max_life, + entry->max_renewable_life, + entry->expiration, + entry->pw_expiration, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed, + (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count); + /* Pound out tagged data. */ + for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) { + if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm) + continue; /* see above, [krb5-admin/89] */ + + fprintf(arg->ofile, "%d\t%d\t", + (int) tlp->tl_data_type, + (int) tlp->tl_data_length); + if (tlp->tl_data_length) + for (i=0; i<tlp->tl_data_length; i++) + fprintf(arg->ofile, "%02x", tlp->tl_data_contents[i]); + else + fprintf(arg->ofile, "%d", -1); + fprintf(arg->ofile, "\t"); + } + + /* Pound out key data */ + for (counter=0; counter<entry->n_key_data; counter++) { + kdata = &entry->key_data[counter]; + fprintf(arg->ofile, "%d\t%d\t", + (int) kdata->key_data_ver, + (int) kdata->key_data_kvno); + for (i=0; i<kdata->key_data_ver; i++) { + fprintf(arg->ofile, "%d\t%d\t", + kdata->key_data_type[i], + kdata->key_data_length[i]); + if (kdata->key_data_length[i]) + for (j=0; j<kdata->key_data_length[i]; j++) + fprintf(arg->ofile, "%02x", + kdata->key_data_contents[i][j]); + else + fprintf(arg->ofile, "%d", -1); + fprintf(arg->ofile, "\t"); + } + } + + /* Pound out extra data */ + if (entry->e_length) + for (i=0; i<entry->e_length; i++) + fprintf(arg->ofile, "%02x", entry->e_data[i]); + else + fprintf(arg->ofile, "%d", -1); + + /* Print trailer */ + fprintf(arg->ofile, ";\n"); + + if (arg->flags & FLAG_VERBOSE) + fprintf(stderr, "%s\n", name); + } + else { + fprintf(stderr, sdump_tl_inc_err, + arg->programname, name, counter+skip, + (int) entry->n_tl_data); + retval = EINVAL; + } } free(name); return(retval); } /* - * dump_k5beta7_iterator() - Output a dump record in krb5b7 format. + * dump_k5beta7_iterator() - Output a dump record in krb5b7 format. */ static krb5_error_code dump_k5beta7_princ(ptr, entry) - krb5_pointer ptr; - krb5_db_entry *entry; + krb5_pointer ptr; + krb5_db_entry *entry; { return dump_k5beta7_princ_ext(ptr, entry, 0); } static krb5_error_code dump_k5beta7_princ_ext(ptr, entry, kadm) - krb5_pointer ptr; - krb5_db_entry *entry; - int kadm; + krb5_pointer ptr; + krb5_db_entry *entry; + int kadm; { - krb5_error_code retval; - struct dump_args *arg; - char *name; - int tmp_nnames; - - /* Initialize */ - arg = (struct dump_args *) ptr; - name = (char *) NULL; - - /* - * Flatten the principal name. - */ - if ((retval = krb5_unparse_name(arg->kcontext, - entry->princ, - &name))) { - fprintf(stderr, pname_unp_err, - arg->programname, error_message(retval)); - return(retval); - } - /* - * If we don't have any match strings, or if our name matches, then - * proceed with the dump, otherwise, just forget about it. - */ - if (!arg->nnames || name_matches(name, arg)) { - fprintf(arg->ofile, "princ\t"); - - /* save the callee from matching the name again */ - tmp_nnames = arg->nnames; - arg->nnames = 0; - retval = dump_k5beta6_iterator_ext(ptr, entry, kadm); - arg->nnames = tmp_nnames; - } - - free(name); - return retval; + krb5_error_code retval; + struct dump_args *arg; + char *name; + int tmp_nnames; + + /* Initialize */ + arg = (struct dump_args *) ptr; + name = (char *) NULL; + + /* + * Flatten the principal name. + */ + if ((retval = krb5_unparse_name(arg->kcontext, + entry->princ, + &name))) { + fprintf(stderr, pname_unp_err, + arg->programname, error_message(retval)); + return(retval); + } + /* + * If we don't have any match strings, or if our name matches, then + * proceed with the dump, otherwise, just forget about it. + */ + if (!arg->nnames || name_matches(name, arg)) { + fprintf(arg->ofile, "princ\t"); + + /* save the callee from matching the name again */ + tmp_nnames = arg->nnames; + arg->nnames = 0; + retval = dump_k5beta6_iterator_ext(ptr, entry, kadm); + arg->nnames = tmp_nnames; + } + + free(name); + return retval; } static krb5_error_code dump_k5beta7_princ_withpolicy(ptr, entry) - krb5_pointer ptr; - krb5_db_entry *entry; + krb5_pointer ptr; + krb5_db_entry *entry; { return dump_k5beta7_princ_ext(ptr, entry, 1); } void dump_k5beta7_policy(void *data, osa_policy_ent_t entry) { - struct dump_args *arg; + struct dump_args *arg; - arg = (struct dump_args *) data; - fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name, - entry->pw_min_life, entry->pw_max_life, entry->pw_min_length, - entry->pw_min_classes, entry->pw_history_num, - entry->policy_refcnt); + arg = (struct dump_args *) data; + fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name, + entry->pw_min_life, entry->pw_max_life, entry->pw_min_length, + entry->pw_min_classes, entry->pw_history_num, + entry->policy_refcnt); } void dump_r1_8_policy(void *data, osa_policy_ent_t entry) { - struct dump_args *arg; - - arg = (struct dump_args *) data; - fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n", - entry->name, - entry->pw_min_life, entry->pw_max_life, entry->pw_min_length, - entry->pw_min_classes, entry->pw_history_num, - entry->policy_refcnt, entry->pw_max_fail, - entry->pw_failcnt_interval, entry->pw_lockout_duration); + struct dump_args *arg; + + arg = (struct dump_args *) data; + fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n", + entry->name, + entry->pw_min_life, entry->pw_max_life, entry->pw_min_length, + entry->pw_min_classes, entry->pw_history_num, + entry->policy_refcnt, entry->pw_max_fail, + entry->pw_failcnt_interval, entry->pw_lockout_duration); } static void print_key_data(FILE *f, krb5_key_data *key_data) { - int c; - - fprintf(f, "%d\t%d\t", key_data->key_data_type[0], - key_data->key_data_length[0]); - for(c = 0; c < key_data->key_data_length[0]; c++) - fprintf(f, "%02x ", - key_data->key_data_contents[0][c]); + int c; + + fprintf(f, "%d\t%d\t", key_data->key_data_type[0], + key_data->key_data_length[0]); + for(c = 0; c < key_data->key_data_length[0]; c++) + fprintf(f, "%02x ", + key_data->key_data_contents[0][c]); } /* * Function: print_princ - * + * * Purpose: output osa_adb_princ_ent data in a human - * readable format (which is a format suitable for - * ovsec_adm_import consumption) + * readable format (which is a format suitable for + * ovsec_adm_import consumption) * * Arguments: - * data (input) pointer to a structure containing a FILE * - * and a record counter. - * entry (input) entry to get dumped. - * <return value> void + * data (input) pointer to a structure containing a FILE * + * and a record counter. + * entry (input) entry to get dumped. + * <return value> void * * Requires: - * nuttin - * + * nuttin + * * Effects: - * writes data to the specified file pointerp. + * writes data to the specified file pointerp. * * Modifies: - * nuttin - * + * nuttin + * */ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb) { char *princstr; unsigned int x; - int y, foundcrc; + int y, foundcrc; struct dump_args *arg; krb5_tl_data tl_data; osa_princ_ent_rec adb; @@ -1026,49 +1027,49 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb) */ tl_data.tl_data_type = KRB5_TL_KADM_DATA; if (krb5_dbe_lookup_tl_data(arg->kcontext, kdb, &tl_data) - || (tl_data.tl_data_length == 0)) - return 0; + || (tl_data.tl_data_length == 0)) + return 0; memset(&adb, 0, sizeof(adb)); xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents, - tl_data.tl_data_length, XDR_DECODE); + tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) { - xdr_destroy(&xdrs); - return(KADM5_XDR_FAILURE); + xdr_destroy(&xdrs); + return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); - + krb5_unparse_name(arg->kcontext, kdb->princ, &princstr); fprintf(arg->ofile, "princ\t%s\t", princstr); if(adb.policy == NULL) - fputc('\t', arg->ofile); + fputc('\t', arg->ofile); else - fprintf(arg->ofile, "%s\t", adb.policy); + fprintf(arg->ofile, "%s\t", adb.policy); fprintf(arg->ofile, "%lx\t%d\t%d\t%d", adb.aux_attributes, - adb.old_key_len,adb.old_key_next, adb.admin_history_kvno); + adb.old_key_len,adb.old_key_next, adb.admin_history_kvno); for (x = 0; x < adb.old_key_len; x++) { - foundcrc = 0; - for (y = 0; y < adb.old_keys[x].n_key_data; y++) { - krb5_key_data *key_data = &adb.old_keys[x].key_data[y]; - - if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC) - continue; - if (foundcrc) { - fprintf(stderr, "Warning! Multiple DES-CBC-CRC keys " - "for principal %s; skipping duplicates.\n", - princstr); - continue; - } - foundcrc++; - - fputc('\t', arg->ofile); - print_key_data(arg->ofile, key_data); - } - if (!foundcrc) - fprintf(stderr, "Warning! No DES-CBC-CRC key for principal " - "%s, cannot generate OV-compatible record; skipping\n", - princstr); + foundcrc = 0; + for (y = 0; y < adb.old_keys[x].n_key_data; y++) { + krb5_key_data *key_data = &adb.old_keys[x].key_data[y]; + + if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC) + continue; + if (foundcrc) { + fprintf(stderr, "Warning! Multiple DES-CBC-CRC keys " + "for principal %s; skipping duplicates.\n", + princstr); + continue; + } + foundcrc++; + + fputc('\t', arg->ofile); + print_key_data(arg->ofile, key_data); + } + if (!foundcrc) + fprintf(stderr, "Warning! No DES-CBC-CRC key for principal " + "%s, cannot generate OV-compatible record; skipping\n", + princstr); } fputc('\n', arg->ofile); @@ -1078,27 +1079,27 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb) /* * usage is: - * dump_db [-old] [-b6] [-b7] [-ov] [-r13] [-verbose] [-mkey_convert] - * [-new_mkey_file mkey_file] [-rev] [-recurse] - * [filename [principals...]] + * dump_db [-old] [-b6] [-b7] [-ov] [-r13] [-verbose] [-mkey_convert] + * [-new_mkey_file mkey_file] [-rev] [-recurse] + * [filename [principals...]] */ void dump_db(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - FILE *f; - struct dump_args arglist; - char *ofile; - krb5_error_code kret, retval; - dump_version *dump; - int aindex; - krb5_boolean locked; - char *new_mkey_file = 0; - bool_t dump_sno = FALSE; - kdb_log_context *log_ctx; - char **db_args = 0; /* XXX */ - unsigned int ipropx_version = IPROPX_VERSION_0; + FILE *f; + struct dump_args arglist; + char *ofile; + krb5_error_code kret, retval; + dump_version *dump; + int aindex; + krb5_boolean locked; + char *new_mkey_file = 0; + bool_t dump_sno = FALSE; + kdb_log_context *log_ctx; + char **db_args = 0; /* XXX */ + unsigned int ipropx_version = IPROPX_VERSION_0; /* * Parse the arguments. @@ -1116,62 +1117,62 @@ dump_db(argc, argv) * Parse the qualifiers. */ for (aindex = 1; aindex < argc; aindex++) { - if (!strcmp(argv[aindex], oldoption)) - dump = &old_version; - else if (!strcmp(argv[aindex], b6option)) - dump = &beta6_version; - else if (!strcmp(argv[aindex], b7option)) - dump = &beta7_version; - else if (!strcmp(argv[aindex], ovoption)) - dump = &ov_version; - else if (!strcmp(argv[aindex], r13option)) - dump = &r1_3_version; - else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) { - if (log_ctx && log_ctx->iproprole) { - /* Note: ipropx_version is the maximum version acceptable */ - ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1); - dump = ipropx_version ? &ipropx_1_version : &iprop_version; - /* - * dump_sno is used to indicate if the serial - * # should be populated in the output - * file to be used later by iprop for updating - * the slave's update log when loading - */ - dump_sno = TRUE; - /* - * FLAG_OMIT_NRA is set to indicate that non-replicated - * attributes should be omitted. - */ - arglist.flags |= FLAG_OMIT_NRA; - } else { - fprintf(stderr, _("Iprop not enabled\n")); - exit_status++; - return; - } - } else if (!strcmp(argv[aindex], verboseoption)) - arglist.flags |= FLAG_VERBOSE; - else if (!strcmp(argv[aindex], "-mkey_convert")) - mkey_convert = 1; - else if (!strcmp(argv[aindex], "-new_mkey_file")) { - new_mkey_file = argv[++aindex]; - mkey_convert = 1; + if (!strcmp(argv[aindex], oldoption)) + dump = &old_version; + else if (!strcmp(argv[aindex], b6option)) + dump = &beta6_version; + else if (!strcmp(argv[aindex], b7option)) + dump = &beta7_version; + else if (!strcmp(argv[aindex], ovoption)) + dump = &ov_version; + else if (!strcmp(argv[aindex], r13option)) + dump = &r1_3_version; + else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) { + if (log_ctx && log_ctx->iproprole) { + /* Note: ipropx_version is the maximum version acceptable */ + ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1); + dump = ipropx_version ? &ipropx_1_version : &iprop_version; + /* + * dump_sno is used to indicate if the serial + * # should be populated in the output + * file to be used later by iprop for updating + * the slave's update log when loading + */ + dump_sno = TRUE; + /* + * FLAG_OMIT_NRA is set to indicate that non-replicated + * attributes should be omitted. + */ + arglist.flags |= FLAG_OMIT_NRA; + } else { + fprintf(stderr, _("Iprop not enabled\n")); + exit_status++; + return; + } + } else if (!strcmp(argv[aindex], verboseoption)) + arglist.flags |= FLAG_VERBOSE; + else if (!strcmp(argv[aindex], "-mkey_convert")) + mkey_convert = 1; + else if (!strcmp(argv[aindex], "-new_mkey_file")) { + new_mkey_file = argv[++aindex]; + mkey_convert = 1; } else if (!strcmp(argv[aindex], "-rev")) - backwards = 1; - else if (!strcmp(argv[aindex], "-recurse")) - recursive = 1; - else - break; + backwards = 1; + else if (!strcmp(argv[aindex], "-recurse")) + recursive = 1; + else + break; } arglist.names = (char **) NULL; arglist.nnames = 0; if (aindex < argc) { - ofile = argv[aindex]; - aindex++; - if (aindex < argc) { - arglist.names = &argv[aindex]; - arglist.nnames = argc - aindex; - } + ofile = argv[aindex]; + aindex++; + if (aindex < argc) { + arglist.names = &argv[aindex]; + arglist.nnames = argc - aindex; + } } /* @@ -1179,183 +1180,183 @@ dump_db(argc, argv) * to be opened if we try a dump that uses it. */ if (!dbactive) { - com_err(progname, 0, Err_no_database); - exit_status++; - return; + com_err(progname, 0, Err_no_database); + exit_status++; + return; } /* * If we're doing a master key conversion, set up for it. */ if (mkey_convert) { - if (!valid_master_key) { - /* TRUE here means read the keyboard, but only once */ - retval = krb5_db_fetch_mkey(util_context, - master_princ, - master_keyblock.enctype, - TRUE, FALSE, - (char *) NULL, - NULL, NULL, - &master_keyblock); - if (retval) { - com_err(progname, retval, - "while reading master key"); - exit(1); - } - retval = krb5_db_verify_master_key(util_context, - master_princ, - IGNORE_VNO, - &master_keyblock); - if (retval) { - com_err(progname, retval, - "while verifying master key"); - exit(1); - } - } - new_master_keyblock.enctype = global_params.enctype; - if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN) - new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - - if (new_mkey_file) { - krb5_kvno kt_kvno; - - if (global_params.mask & KADM5_CONFIG_KVNO) - kt_kvno = global_params.kvno; - else - kt_kvno = IGNORE_VNO; - - if ((retval = krb5_db_fetch_mkey(util_context, master_princ, - new_master_keyblock.enctype, - FALSE, - FALSE, - new_mkey_file, - &kt_kvno, - NULL, - &new_master_keyblock))) { - com_err(progname, retval, "while reading new master key"); - exit(1); - } - } else { - printf("Please enter new master key....\n"); - if ((retval = krb5_db_fetch_mkey(util_context, master_princ, - new_master_keyblock.enctype, - TRUE, - TRUE, - NULL, NULL, NULL, - &new_master_keyblock))) { - com_err(progname, retval, "while reading new master key"); - exit(1); - } - } - /* - * get new master key vno that will be used to protect princs, used - * later on. - */ - new_mkvno = get_next_kvno(util_context, &master_entry); + if (!valid_master_key) { + /* TRUE here means read the keyboard, but only once */ + retval = krb5_db_fetch_mkey(util_context, + master_princ, + master_keyblock.enctype, + TRUE, FALSE, + (char *) NULL, + NULL, NULL, + &master_keyblock); + if (retval) { + com_err(progname, retval, + "while reading master key"); + exit(1); + } + retval = krb5_db_verify_master_key(util_context, + master_princ, + IGNORE_VNO, + &master_keyblock); + if (retval) { + com_err(progname, retval, + "while verifying master key"); + exit(1); + } + } + new_master_keyblock.enctype = global_params.enctype; + if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN) + new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; + + if (new_mkey_file) { + krb5_kvno kt_kvno; + + if (global_params.mask & KADM5_CONFIG_KVNO) + kt_kvno = global_params.kvno; + else + kt_kvno = IGNORE_VNO; + + if ((retval = krb5_db_fetch_mkey(util_context, master_princ, + new_master_keyblock.enctype, + FALSE, + FALSE, + new_mkey_file, + &kt_kvno, + NULL, + &new_master_keyblock))) { + com_err(progname, retval, "while reading new master key"); + exit(1); + } + } else { + printf("Please enter new master key....\n"); + if ((retval = krb5_db_fetch_mkey(util_context, master_princ, + new_master_keyblock.enctype, + TRUE, + TRUE, + NULL, NULL, NULL, + &new_master_keyblock))) { + com_err(progname, retval, "while reading new master key"); + exit(1); + } + } + /* + * get new master key vno that will be used to protect princs, used + * later on. + */ + new_mkvno = get_next_kvno(util_context, &master_entry); } kret = 0; locked = 0; if (ofile && strcmp(ofile, "-")) { - /* - * Discourage accidental dumping to filenames beginning with '-'. - */ - if (ofile[0] == '-') - usage(); - /* - * Make sure that we don't open and truncate on the fopen, - * since that may hose an on-going kprop process. - * - * We could also control this by opening for read and - * write, doing an flock with LOCK_EX, and then - * truncating the file once we have gotten the lock, - * but that would involve more OS dependencies than I - * want to get into. - */ - unlink(ofile); - if (!(f = fopen(ofile, "w"))) { - fprintf(stderr, ofopen_error, - progname, ofile, error_message(errno)); - exit_status++; - return; - } - if ((kret = krb5_lock_file(util_context, - fileno(f), - KRB5_LOCKMODE_EXCLUSIVE))) { - fprintf(stderr, oflock_error, - progname, ofile, error_message(kret)); - exit_status++; - } - else - locked = 1; + /* + * Discourage accidental dumping to filenames beginning with '-'. + */ + if (ofile[0] == '-') + usage(); + /* + * Make sure that we don't open and truncate on the fopen, + * since that may hose an on-going kprop process. + * + * We could also control this by opening for read and + * write, doing an flock with LOCK_EX, and then + * truncating the file once we have gotten the lock, + * but that would involve more OS dependencies than I + * want to get into. + */ + unlink(ofile); + if (!(f = fopen(ofile, "w"))) { + fprintf(stderr, ofopen_error, + progname, ofile, error_message(errno)); + exit_status++; + return; + } + if ((kret = krb5_lock_file(util_context, + fileno(f), + KRB5_LOCKMODE_EXCLUSIVE))) { + fprintf(stderr, oflock_error, + progname, ofile, error_message(kret)); + exit_status++; + } + else + locked = 1; } else { - f = stdout; + f = stdout; } if (f && !(kret)) { - arglist.programname = progname; - arglist.ofile = f; - arglist.kcontext = util_context; - fprintf(arglist.ofile, "%s", dump->header); - - if (dump_sno) { - if (ulog_map(util_context, global_params.iprop_logfile, - global_params.iprop_ulogsize, FKCOMMAND, db_args)) { - fprintf(stderr, - _("%s: Could not map log\n"), progname); - exit_status++; - goto unlock_and_return; - } - - /* - * We grab the lock twice (once again in the iterator call), - * but that's ok since the lock func handles incr locks held. - */ - if (krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED)) { - fprintf(stderr, - _("%s: Couldn't grab lock\n"), progname); - exit_status++; - goto unlock_and_return; - } - - if (ipropx_version) - fprintf(f, " %u", IPROPX_VERSION); - fprintf(f, " %u", log_ctx->ulog->kdb_last_sno); - fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds); - fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds); - } - - if (dump->header[strlen(dump->header)-1] != '\n') - fputc('\n', arglist.ofile); - - if ((kret = krb5_db_iterate(util_context, - NULL, - dump->dump_princ, - (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */ - fprintf(stderr, dumprec_err, - progname, dump->name, error_message(kret)); - exit_status++; - if (dump_sno) - (void) krb5_db_unlock(util_context); - } - if (dump->dump_policy && - (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy, - &arglist))) { - fprintf(stderr, dumprec_err, progname, dump->name, - error_message(kret)); - exit_status++; - } - if (ofile && f != stdout && !exit_status) { - if (locked) { - (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK); - locked = 0; - } - fclose(f); - update_ok_file(ofile); - } + arglist.programname = progname; + arglist.ofile = f; + arglist.kcontext = util_context; + fprintf(arglist.ofile, "%s", dump->header); + + if (dump_sno) { + if (ulog_map(util_context, global_params.iprop_logfile, + global_params.iprop_ulogsize, FKCOMMAND, db_args)) { + fprintf(stderr, + _("%s: Could not map log\n"), progname); + exit_status++; + goto unlock_and_return; + } + + /* + * We grab the lock twice (once again in the iterator call), + * but that's ok since the lock func handles incr locks held. + */ + if (krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED)) { + fprintf(stderr, + _("%s: Couldn't grab lock\n"), progname); + exit_status++; + goto unlock_and_return; + } + + if (ipropx_version) + fprintf(f, " %u", IPROPX_VERSION); + fprintf(f, " %u", log_ctx->ulog->kdb_last_sno); + fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds); + fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds); + } + + if (dump->header[strlen(dump->header)-1] != '\n') + fputc('\n', arglist.ofile); + + if ((kret = krb5_db_iterate(util_context, + NULL, + dump->dump_princ, + (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */ + fprintf(stderr, dumprec_err, + progname, dump->name, error_message(kret)); + exit_status++; + if (dump_sno) + (void) krb5_db_unlock(util_context); + } + if (dump->dump_policy && + (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy, + &arglist))) { + fprintf(stderr, dumprec_err, progname, dump->name, + error_message(kret)); + exit_status++; + } + if (ofile && f != stdout && !exit_status) { + if (locked) { + (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK); + locked = 0; + } + fclose(f); + update_ok_file(ofile); + } } unlock_and_return: if (locked) - (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK); + (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK); } /* @@ -1363,24 +1364,24 @@ unlock_and_return: */ static int read_string(f, buf, len, lp) - FILE *f; - char *buf; - int len; - int *lp; + FILE *f; + char *buf; + int len; + int *lp; { int c; int i, retval; retval = 0; for (i=0; i<len; i++) { - c = fgetc(f); - if (c < 0) { - retval = 1; - break; - } - if (c == '\n') - (*lp)++; - buf[i] = (char) c; + c = fgetc(f); + if (c < 0) { + retval = 1; + break; + } + if (c == '\n') + (*lp)++; + buf[i] = (char) c; } buf[len] = '\0'; return(retval); @@ -1391,20 +1392,20 @@ read_string(f, buf, len, lp) */ static int read_octet_string(f, buf, len) - FILE *f; - krb5_octet *buf; - int len; + FILE *f; + krb5_octet *buf; + int len; { int c; int i, retval; retval = 0; for (i=0; i<len; i++) { - if (fscanf(f, "%02x", &c) != 1) { - retval = 1; - break; - } - buf[i] = (krb5_octet) c; + if (fscanf(f, "%02x", &c) != 1) { + retval = 1; + break; + } + buf[i] = (krb5_octet) c; } return(retval); } @@ -1414,35 +1415,35 @@ read_octet_string(f, buf, len) */ static void find_record_end(f, fn, lineno) - FILE *f; - char *fn; - int lineno; + FILE *f; + char *fn; + int lineno; { - int ch; + int ch; if (((ch = fgetc(f)) != ';') || ((ch = fgetc(f)) != '\n')) { - fprintf(stderr, trash_end_fmt, fn, lineno); - while (ch != '\n') { - putc(ch, stderr); - ch = fgetc(f); - } - putc(ch, stderr); + fprintf(stderr, trash_end_fmt, fn, lineno); + while (ch != '\n') { + putc(ch, stderr); + ch = fgetc(f); + } + putc(ch, stderr); } } #if 0 /* - * update_tl_data() - Generate the tl_data entries. + * update_tl_data() - Generate the tl_data entries. */ static krb5_error_code update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change) - krb5_context kcontext; - krb5_db_entry *dbentp; - krb5_principal mod_name; - krb5_timestamp mod_date; - krb5_timestamp last_pwd_change; + krb5_context kcontext; + krb5_db_entry *dbentp; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_timestamp last_pwd_change; { - krb5_error_code kret; + krb5_error_code kret; kret = 0 ; @@ -1450,67 +1451,67 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change) * Handle modification principal. */ if (mod_name) { - krb5_tl_mod_princ mprinc; - - memset(&mprinc, 0, sizeof(mprinc)); - if (!(kret = krb5_copy_principal(kcontext, - mod_name, - &mprinc.mod_princ))) { - mprinc.mod_date = mod_date; - kret = krb5_dbe_encode_mod_princ_data(kcontext, - &mprinc, - dbentp); - } - if (mprinc.mod_princ) - krb5_free_principal(kcontext, mprinc.mod_princ); + krb5_tl_mod_princ mprinc; + + memset(&mprinc, 0, sizeof(mprinc)); + if (!(kret = krb5_copy_principal(kcontext, + mod_name, + &mprinc.mod_princ))) { + mprinc.mod_date = mod_date; + kret = krb5_dbe_encode_mod_princ_data(kcontext, + &mprinc, + dbentp); + } + if (mprinc.mod_princ) + krb5_free_principal(kcontext, mprinc.mod_princ); } /* * Handle last password change. */ if (!kret) { - krb5_tl_data *pwchg; - krb5_boolean linked; - - /* Find a previously existing entry */ - for (pwchg = dbentp->tl_data; - (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE); - pwchg = pwchg->tl_data_next); - - /* Check to see if we found one. */ - linked = 0; - if (!pwchg) { - /* No, allocate a new one */ - if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) { - memset(pwchg, 0, sizeof(krb5_tl_data)); - if (!(pwchg->tl_data_contents = - (krb5_octet *) malloc(sizeof(krb5_timestamp)))) { - free(pwchg); - pwchg = (krb5_tl_data *) NULL; - } - else { - pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE; - pwchg->tl_data_length = - (krb5_int16) sizeof(krb5_timestamp); - } - } - } - else - linked = 1; - - /* Do we have an entry? */ - if (pwchg && pwchg->tl_data_contents) { - /* Encode it */ - krb5_kdb_encode_int32(last_pwd_change, pwchg->tl_data_contents); - /* Link it in if necessary */ - if (!linked) { - pwchg->tl_data_next = dbentp->tl_data; - dbentp->tl_data = pwchg; - dbentp->n_tl_data++; - } - } - else - kret = ENOMEM; + krb5_tl_data *pwchg; + krb5_boolean linked; + + /* Find a previously existing entry */ + for (pwchg = dbentp->tl_data; + (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE); + pwchg = pwchg->tl_data_next); + + /* Check to see if we found one. */ + linked = 0; + if (!pwchg) { + /* No, allocate a new one */ + if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) { + memset(pwchg, 0, sizeof(krb5_tl_data)); + if (!(pwchg->tl_data_contents = + (krb5_octet *) malloc(sizeof(krb5_timestamp)))) { + free(pwchg); + pwchg = (krb5_tl_data *) NULL; + } + else { + pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE; + pwchg->tl_data_length = + (krb5_int16) sizeof(krb5_timestamp); + } + } + } + else + linked = 1; + + /* Do we have an entry? */ + if (pwchg && pwchg->tl_data_contents) { + /* Encode it */ + krb5_kdb_encode_int32(last_pwd_change, pwchg->tl_data_contents); + /* Link it in if necessary */ + if (!linked) { + pwchg->tl_data_next = dbentp->tl_data; + dbentp->tl_data = pwchg; + dbentp->n_tl_data++; + } + } + else + kret = ENOMEM; } return(kret); @@ -1518,33 +1519,33 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change) #endif /* - * process_k5beta_record() - Handle a dump record in old format. + * process_k5beta_record() - Handle a dump record in old format. * * Returns -1 for end of file, 0 for success and 1 for failure. */ static int process_k5beta_record(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { - int nmatched; - int retval; - krb5_db_entry dbent; - int name_len, mod_name_len, key_len; - int alt_key_len, salt_len, alt_salt_len; - char *name; - char *mod_name; - int tmpint1, tmpint2, tmpint3; - int error; - const char *try2read; - int i; - krb5_key_data *pkey, *akey; - krb5_timestamp last_pwd_change, mod_date; - krb5_principal mod_princ; - krb5_error_code kret; + int nmatched; + int retval; + krb5_db_entry dbent; + int name_len, mod_name_len, key_len; + int alt_key_len, salt_len, alt_salt_len; + char *name; + char *mod_name; + int tmpint1, tmpint2, tmpint3; + int error; + const char *try2read; + int i; + krb5_key_data *pkey, *akey; + krb5_timestamp last_pwd_change, mod_date; + krb5_principal mod_princ; + krb5_error_code kret; try2read = (char *) NULL; (*linenop)++; @@ -1553,9 +1554,9 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) /* Make sure we've got key_data entries */ if (krb5_dbe_create_key_data(kcontext, &dbent) || - krb5_dbe_create_key_data(kcontext, &dbent)) { - krb5_db_free_principal(kcontext, &dbent, 1); - return(1); + krb5_dbe_create_key_data(kcontext, &dbent)) { + krb5_db_free_principal(kcontext, &dbent, 1); + return(1); } pkey = &dbent.key_data[0]; akey = &dbent.key_data[1]; @@ -1564,290 +1565,290 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop) * Match the sizes. 6 tokens to match. */ nmatched = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t", - &name_len, &mod_name_len, &key_len, - &alt_key_len, &salt_len, &alt_salt_len); + &name_len, &mod_name_len, &key_len, + &alt_key_len, &salt_len, &alt_salt_len); if (nmatched == 6) { pkey->key_data_length[0] = key_len; - akey->key_data_length[0] = alt_key_len; - pkey->key_data_length[1] = salt_len; - akey->key_data_length[1] = alt_salt_len; - name = (char *) NULL; - mod_name = (char *) NULL; - /* - * Get the memory for the variable length fields. - */ - if ((name = (char *) malloc((size_t) (name_len + 1))) && - (mod_name = (char *) malloc((size_t) (mod_name_len + 1))) && - (!key_len || - (pkey->key_data_contents[0] = - (krb5_octet *) malloc((size_t) (key_len + 1)))) && - (!alt_key_len || - (akey->key_data_contents[0] = - (krb5_octet *) malloc((size_t) (alt_key_len + 1)))) && - (!salt_len || - (pkey->key_data_contents[1] = - (krb5_octet *) malloc((size_t) (salt_len + 1)))) && - (!alt_salt_len || - (akey->key_data_contents[1] = - (krb5_octet *) malloc((size_t) (alt_salt_len + 1)))) - ) { - error = 0; - - /* Read the principal name */ - if (read_string(filep, name, name_len, linenop)) { - try2read = read_name_string; - error++; - } - /* Read the key type */ - if (!error && (fscanf(filep, "\t%d\t", &tmpint1) != 1)) { - try2read = read_key_type; - error++; - } - pkey->key_data_type[0] = tmpint1; - /* Read the old format key */ - if (!error && read_octet_string(filep, - pkey->key_data_contents[0], - pkey->key_data_length[0])) { - try2read = read_key_data; - error++; - } - /* convert to a new format key */ - /* the encrypted version is stored as the unencrypted key length - (4 bytes, MSB first) followed by the encrypted key. */ - if ((pkey->key_data_length[0] > 4) - && (pkey->key_data_contents[0][0] == 0) - && (pkey->key_data_contents[0][1] == 0)) { - /* this really does look like an old key, so drop and swap */ - /* the *new* length is 2 bytes, LSB first, sigh. */ - size_t shortlen = pkey->key_data_length[0]-4+2; - krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen); - krb5_octet *origdata = pkey->key_data_contents[0]; - shortcopy[0] = origdata[3]; - shortcopy[1] = origdata[2]; - memcpy(shortcopy+2,origdata+4,shortlen-2); - free(origdata); - pkey->key_data_length[0] = shortlen; - pkey->key_data_contents[0] = shortcopy; - } - - /* Read principal attributes */ - if (!error && (fscanf(filep, - "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t", - &tmpint1, &dbent.max_life, - &dbent.max_renewable_life, - &tmpint2, &dbent.expiration, - &dbent.pw_expiration, &last_pwd_change, - &dbent.last_success, &dbent.last_failed, - &tmpint3) != 10)) { - try2read = read_pr_data1; - error++; - } - pkey->key_data_kvno = tmpint1; - dbent.fail_auth_count = tmpint3; - /* Read modifier name */ - if (!error && read_string(filep, - mod_name, - mod_name_len, - linenop)) { - try2read = read_mod_name; - error++; - } - /* Read second set of attributes */ - if (!error && (fscanf(filep, "\t%u\t%u\t%u\t", - &mod_date, &dbent.attributes, - &tmpint1) != 3)) { - try2read = read_pr_data2; - error++; - } - pkey->key_data_type[1] = tmpint1; - /* Read salt data */ - if (!error && read_octet_string(filep, - pkey->key_data_contents[1], - pkey->key_data_length[1])) { - try2read = read_salt_data; - error++; - } - /* Read alternate key type */ - if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) { - try2read = read_akey_type; - error++; - } - akey->key_data_type[0] = tmpint1; - /* Read alternate key */ - if (!error && read_octet_string(filep, - akey->key_data_contents[0], - akey->key_data_length[0])) { - try2read = read_akey_data; - error++; - } - - /* convert to a new format key */ - /* the encrypted version is stored as the unencrypted key length - (4 bytes, MSB first) followed by the encrypted key. */ - if ((akey->key_data_length[0] > 4) - && (akey->key_data_contents[0][0] == 0) - && (akey->key_data_contents[0][1] == 0)) { - /* this really does look like an old key, so drop and swap */ - /* the *new* length is 2 bytes, LSB first, sigh. */ - size_t shortlen = akey->key_data_length[0]-4+2; - krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen); - krb5_octet *origdata = akey->key_data_contents[0]; - shortcopy[0] = origdata[3]; - shortcopy[1] = origdata[2]; - memcpy(shortcopy+2,origdata+4,shortlen-2); - free(origdata); - akey->key_data_length[0] = shortlen; - akey->key_data_contents[0] = shortcopy; - } - - /* Read alternate salt type */ - if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) { - try2read = read_asalt_type; - error++; - } - akey->key_data_type[1] = tmpint1; - /* Read alternate salt data */ - if (!error && read_octet_string(filep, - akey->key_data_contents[1], - akey->key_data_length[1])) { - try2read = read_asalt_data; - error++; - } - /* Read expansion data - discard it */ - if (!error) { - for (i=0; i<8; i++) { - if (fscanf(filep, "\t%u", &tmpint1) != 1) { - try2read = read_exp_data; - error++; - break; - } - } - if (!error) - find_record_end(filep, fname, *linenop); - } - - /* - * If no error, then we're done reading. Now parse the names - * and store the database dbent. - */ - if (!error) { - if (!(kret = krb5_parse_name(kcontext, - name, - &dbent.princ))) { - if (!(kret = krb5_parse_name(kcontext, - mod_name, - &mod_princ))) { - if (!(kret = - krb5_dbe_update_mod_princ_data(kcontext, - &dbent, - mod_date, - mod_princ)) && - !(kret = - krb5_dbe_update_last_pwd_change(kcontext, - &dbent, - last_pwd_change))) { - int one = 1; - - dbent.len = KRB5_KDB_V1_BASE_LENGTH; - pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ? - 2 : 1; - akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ? - 2 : 1; - if ((pkey->key_data_type[0] == - akey->key_data_type[0]) && - (pkey->key_data_type[1] == - akey->key_data_type[1])) - dbent.n_key_data--; - else if ((akey->key_data_type[0] == 0) - && (akey->key_data_length[0] == 0) - && (akey->key_data_type[1] == 0) - && (akey->key_data_length[1] == 0)) - dbent.n_key_data--; - - dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | - KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA | - KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | - KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; - - if ((kret = krb5_db_put_principal(kcontext, - &dbent, - &one)) || - (one != 1)) { - fprintf(stderr, store_err_fmt, - fname, *linenop, name, - error_message(kret)); - error++; - } - else { - if (flags & FLAG_VERBOSE) - fprintf(stderr, add_princ_fmt, name); - retval = 0; - } - dbent.n_key_data = 2; - } - krb5_free_principal(kcontext, mod_princ); - } - else { - fprintf(stderr, parse_err_fmt, - fname, *linenop, mod_name, - error_message(kret)); - error++; - } - } - else { - fprintf(stderr, parse_err_fmt, - fname, *linenop, name, error_message(kret)); - error++; - } - } - else { - fprintf(stderr, read_err_fmt, fname, *linenop, try2read); - } - } - else { - fprintf(stderr, no_mem_fmt, fname, *linenop); - } - - krb5_db_free_principal(kcontext, &dbent, 1); - if (mod_name) - free(mod_name); - if (name) - free(name); + akey->key_data_length[0] = alt_key_len; + pkey->key_data_length[1] = salt_len; + akey->key_data_length[1] = alt_salt_len; + name = (char *) NULL; + mod_name = (char *) NULL; + /* + * Get the memory for the variable length fields. + */ + if ((name = (char *) malloc((size_t) (name_len + 1))) && + (mod_name = (char *) malloc((size_t) (mod_name_len + 1))) && + (!key_len || + (pkey->key_data_contents[0] = + (krb5_octet *) malloc((size_t) (key_len + 1)))) && + (!alt_key_len || + (akey->key_data_contents[0] = + (krb5_octet *) malloc((size_t) (alt_key_len + 1)))) && + (!salt_len || + (pkey->key_data_contents[1] = + (krb5_octet *) malloc((size_t) (salt_len + 1)))) && + (!alt_salt_len || + (akey->key_data_contents[1] = + (krb5_octet *) malloc((size_t) (alt_salt_len + 1)))) + ) { + error = 0; + + /* Read the principal name */ + if (read_string(filep, name, name_len, linenop)) { + try2read = read_name_string; + error++; + } + /* Read the key type */ + if (!error && (fscanf(filep, "\t%d\t", &tmpint1) != 1)) { + try2read = read_key_type; + error++; + } + pkey->key_data_type[0] = tmpint1; + /* Read the old format key */ + if (!error && read_octet_string(filep, + pkey->key_data_contents[0], + pkey->key_data_length[0])) { + try2read = read_key_data; + error++; + } + /* convert to a new format key */ + /* the encrypted version is stored as the unencrypted key length + (4 bytes, MSB first) followed by the encrypted key. */ + if ((pkey->key_data_length[0] > 4) + && (pkey->key_data_contents[0][0] == 0) + && (pkey->key_data_contents[0][1] == 0)) { + /* this really does look like an old key, so drop and swap */ + /* the *new* length is 2 bytes, LSB first, sigh. */ + size_t shortlen = pkey->key_data_length[0]-4+2; + krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen); + krb5_octet *origdata = pkey->key_data_contents[0]; + shortcopy[0] = origdata[3]; + shortcopy[1] = origdata[2]; + memcpy(shortcopy+2,origdata+4,shortlen-2); + free(origdata); + pkey->key_data_length[0] = shortlen; + pkey->key_data_contents[0] = shortcopy; + } + + /* Read principal attributes */ + if (!error && (fscanf(filep, + "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t", + &tmpint1, &dbent.max_life, + &dbent.max_renewable_life, + &tmpint2, &dbent.expiration, + &dbent.pw_expiration, &last_pwd_change, + &dbent.last_success, &dbent.last_failed, + &tmpint3) != 10)) { + try2read = read_pr_data1; + error++; + } + pkey->key_data_kvno = tmpint1; + dbent.fail_auth_count = tmpint3; + /* Read modifier name */ + if (!error && read_string(filep, + mod_name, + mod_name_len, + linenop)) { + try2read = read_mod_name; + error++; + } + /* Read second set of attributes */ + if (!error && (fscanf(filep, "\t%u\t%u\t%u\t", + &mod_date, &dbent.attributes, + &tmpint1) != 3)) { + try2read = read_pr_data2; + error++; + } + pkey->key_data_type[1] = tmpint1; + /* Read salt data */ + if (!error && read_octet_string(filep, + pkey->key_data_contents[1], + pkey->key_data_length[1])) { + try2read = read_salt_data; + error++; + } + /* Read alternate key type */ + if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) { + try2read = read_akey_type; + error++; + } + akey->key_data_type[0] = tmpint1; + /* Read alternate key */ + if (!error && read_octet_string(filep, + akey->key_data_contents[0], + akey->key_data_length[0])) { + try2read = read_akey_data; + error++; + } + + /* convert to a new format key */ + /* the encrypted version is stored as the unencrypted key length + (4 bytes, MSB first) followed by the encrypted key. */ + if ((akey->key_data_length[0] > 4) + && (akey->key_data_contents[0][0] == 0) + && (akey->key_data_contents[0][1] == 0)) { + /* this really does look like an old key, so drop and swap */ + /* the *new* length is 2 bytes, LSB first, sigh. */ + size_t shortlen = akey->key_data_length[0]-4+2; + krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen); + krb5_octet *origdata = akey->key_data_contents[0]; + shortcopy[0] = origdata[3]; + shortcopy[1] = origdata[2]; + memcpy(shortcopy+2,origdata+4,shortlen-2); + free(origdata); + akey->key_data_length[0] = shortlen; + akey->key_data_contents[0] = shortcopy; + } + + /* Read alternate salt type */ + if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) { + try2read = read_asalt_type; + error++; + } + akey->key_data_type[1] = tmpint1; + /* Read alternate salt data */ + if (!error && read_octet_string(filep, + akey->key_data_contents[1], + akey->key_data_length[1])) { + try2read = read_asalt_data; + error++; + } + /* Read expansion data - discard it */ + if (!error) { + for (i=0; i<8; i++) { + if (fscanf(filep, "\t%u", &tmpint1) != 1) { + try2read = read_exp_data; + error++; + break; + } + } + if (!error) + find_record_end(filep, fname, *linenop); + } + + /* + * If no error, then we're done reading. Now parse the names + * and store the database dbent. + */ + if (!error) { + if (!(kret = krb5_parse_name(kcontext, + name, + &dbent.princ))) { + if (!(kret = krb5_parse_name(kcontext, + mod_name, + &mod_princ))) { + if (!(kret = + krb5_dbe_update_mod_princ_data(kcontext, + &dbent, + mod_date, + mod_princ)) && + !(kret = + krb5_dbe_update_last_pwd_change(kcontext, + &dbent, + last_pwd_change))) { + int one = 1; + + dbent.len = KRB5_KDB_V1_BASE_LENGTH; + pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ? + 2 : 1; + akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ? + 2 : 1; + if ((pkey->key_data_type[0] == + akey->key_data_type[0]) && + (pkey->key_data_type[1] == + akey->key_data_type[1])) + dbent.n_key_data--; + else if ((akey->key_data_type[0] == 0) + && (akey->key_data_length[0] == 0) + && (akey->key_data_type[1] == 0) + && (akey->key_data_length[1] == 0)) + dbent.n_key_data--; + + dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA | + KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | + KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; + + if ((kret = krb5_db_put_principal(kcontext, + &dbent, + &one)) || + (one != 1)) { + fprintf(stderr, store_err_fmt, + fname, *linenop, name, + error_message(kret)); + error++; + } + else { + if (flags & FLAG_VERBOSE) + fprintf(stderr, add_princ_fmt, name); + retval = 0; + } + dbent.n_key_data = 2; + } + krb5_free_principal(kcontext, mod_princ); + } + else { + fprintf(stderr, parse_err_fmt, + fname, *linenop, mod_name, + error_message(kret)); + error++; + } + } + else { + fprintf(stderr, parse_err_fmt, + fname, *linenop, name, error_message(kret)); + error++; + } + } + else { + fprintf(stderr, read_err_fmt, fname, *linenop, try2read); + } + } + else { + fprintf(stderr, no_mem_fmt, fname, *linenop); + } + + krb5_db_free_principal(kcontext, &dbent, 1); + if (mod_name) + free(mod_name); + if (name) + free(name); } else { - if (nmatched != EOF) - fprintf(stderr, rhead_err_fmt, fname, *linenop); - else - retval = -1; + if (nmatched != EOF) + fprintf(stderr, rhead_err_fmt, fname, *linenop); + else + retval = -1; } return(retval); } /* - * process_k5beta6_record() - Handle a dump record in krb5b6 format. + * process_k5beta6_record() - Handle a dump record in krb5b6 format. * * Returns -1 for end of file, 0 for success and 1 for failure. */ static int process_k5beta6_record(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { - int retval; - krb5_db_entry dbentry; - krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9; - int nread; - int error; - int i, j, one; - char *name; - krb5_key_data *kp, *kdatap; - krb5_tl_data **tlp, *tl; - krb5_octet *op; - krb5_error_code kret; - const char *try2read; + int retval; + krb5_db_entry dbentry; + krb5_int32 t1, t2, t3, t4, t5, t6, t7, t8, t9; + int nread; + int error; + int i, j, one; + char *name; + krb5_key_data *kp, *kdatap; + krb5_tl_data **tlp, *tl; + krb5_octet *op; + krb5_error_code kret; + const char *try2read; try2read = (char *) NULL; memset(&dbentry, 0, sizeof(dbentry)); @@ -1860,269 +1861,269 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop) kret = 0; nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t", &t1, &t2, &t3, &t4, &t5); if (nread == 5) { - /* Get memory for flattened principal name */ - if (!(name = (char *) malloc((size_t) t2 + 1))) - error++; - - /* Get memory for and form tagged data linked list */ - tlp = &dbentry.tl_data; - for (i=0; i<t3; i++) { - if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) { - memset(*tlp, 0, sizeof(krb5_tl_data)); - tlp = &((*tlp)->tl_data_next); - dbentry.n_tl_data++; - } - else { - error++; - break; - } - } - - /* Get memory for key list */ - if (t4 && !(kp = (krb5_key_data *) malloc((size_t) - (t4*sizeof(krb5_key_data))))) - error++; - - /* Get memory for extra data */ - if (t5 && !(op = (krb5_octet *) malloc((size_t) t5))) - error++; - - if (!error) { - dbentry.len = t1; - dbentry.n_key_data = t4; - dbentry.e_length = t5; - if (kp) { - memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data))); - dbentry.key_data = kp; - kp = (krb5_key_data *) NULL; - } - if (op) { - memset(op, 0, (size_t) t5); - dbentry.e_data = op; - op = (krb5_octet *) NULL; - } - - /* Read in and parse the principal name */ - if (!read_string(filep, name, t2, linenop) && - !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) { - - /* Get the fixed principal attributes */ - nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t", - &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9); - if (nread == 8) { - dbentry.attributes = (krb5_flags) t2; - dbentry.max_life = (krb5_deltat) t3; - dbentry.max_renewable_life = (krb5_deltat) t4; - dbentry.expiration = (krb5_timestamp) t5; - dbentry.pw_expiration = (krb5_timestamp) t6; - dbentry.last_success = (krb5_timestamp) t7; - dbentry.last_failed = (krb5_timestamp) t8; - dbentry.fail_auth_count = (krb5_kvno) t9; - dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | - KADM5_MAX_LIFE | KADM5_MAX_RLIFE | - KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | - KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; - } else { - try2read = read_nint_data; - error++; - } - - /* - * Get the tagged data. - * - * Really, this code ought to discard tl data types - * that it knows are special to the current version - * and were not supported in the previous version. - * But it's a pain to implement that here, and doing - * it at dump time has almost as good an effect, so - * that's what I did. [krb5-admin/89] - */ - if (!error && dbentry.n_tl_data) { - for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) { - nread = fscanf(filep, "%d\t%d\t", &t1, &t2); - if (nread == 2) { - tl->tl_data_type = (krb5_int16) t1; - tl->tl_data_length = (krb5_int16) t2; - if (tl->tl_data_length) { - if (!(tl->tl_data_contents = - (krb5_octet *) malloc((size_t) t2+1)) || - read_octet_string(filep, - tl->tl_data_contents, - t2)) { - try2read = read_tcontents; - error++; - break; - } - /* test to set mask fields */ - if (t1 == KRB5_TL_KADM_DATA) { - XDR xdrs; - osa_princ_ent_rec osa_princ_ent; - - /* - * Assuming aux_attributes will always be - * there - */ - dbentry.mask |= KADM5_AUX_ATTRIBUTES; - - /* test for an actual policy reference */ - memset(&osa_princ_ent, 0, sizeof(osa_princ_ent)); - xdrmem_create(&xdrs, (char *)tl->tl_data_contents, - tl->tl_data_length, XDR_DECODE); - if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent) && - (osa_princ_ent.aux_attributes & KADM5_POLICY) && - osa_princ_ent.policy != NULL) { - - dbentry.mask |= KADM5_POLICY; - kdb_free_entry(NULL, NULL, &osa_princ_ent); - } - xdr_destroy(&xdrs); - } - } - else { - /* Should be a null field */ - nread = fscanf(filep, "%d", &t9); - if ((nread != 1) || (t9 != -1)) { - error++; - try2read = read_tcontents; - break; - } - } - } - else { - try2read = read_ttypelen; - error++; - break; - } - } - if (!error) - dbentry.mask |= KADM5_TL_DATA; - } - - /* Get the key data */ - if (!error && dbentry.n_key_data) { - for (i=0; !error && (i<dbentry.n_key_data); i++) { - kdatap = &dbentry.key_data[i]; - nread = fscanf(filep, "%d\t%d\t", &t1, &t2); - if (nread == 2) { - kdatap->key_data_ver = (krb5_int16) t1; - kdatap->key_data_kvno = (krb5_int16) t2; - - for (j=0; j<t1; j++) { - nread = fscanf(filep, "%d\t%d\t", &t3, &t4); - if (nread == 2) { - kdatap->key_data_type[j] = t3; - kdatap->key_data_length[j] = t4; - if (t4) { - if (!(kdatap->key_data_contents[j] = - (krb5_octet *) - malloc((size_t) t4+1)) || - read_octet_string(filep, - kdatap->key_data_contents[j], - t4)) { - try2read = read_kcontents; - error++; - break; - } - } - else { - /* Should be a null field */ - nread = fscanf(filep, "%d", &t9); - if ((nread != 1) || (t9 != -1)) { - error++; - try2read = read_kcontents; - break; - } - } - } - else { - try2read = read_ktypelen; - error++; - break; - } - } - } - } - if (!error) - dbentry.mask |= KADM5_KEY_DATA; - } - - /* Get the extra data */ - if (!error && dbentry.e_length) { - if (read_octet_string(filep, - dbentry.e_data, - (int) dbentry.e_length)) { - try2read = read_econtents; - error++; - } - } - else { - nread = fscanf(filep, "%d", &t9); - if ((nread != 1) || (t9 != -1)) { - error++; - try2read = read_econtents; - } - } - - /* Finally, find the end of the record. */ - if (!error) - find_record_end(filep, fname, *linenop); - - /* - * We have either read in all the data or choked. - */ - if (!error) { - one = 1; - if ((kret = krb5_db_put_principal(kcontext, - &dbentry, - &one))) { - fprintf(stderr, store_err_fmt, - fname, *linenop, - name, error_message(kret)); - } - else { - if (flags & FLAG_VERBOSE) - fprintf(stderr, add_princ_fmt, name); - retval = 0; - } - } - else { - fprintf(stderr, read_err_fmt, fname, *linenop, try2read); - } - } - else { - if (kret) - fprintf(stderr, parse_err_fmt, - fname, *linenop, name, error_message(kret)); - else - fprintf(stderr, no_mem_fmt, fname, *linenop); - } - } - else { - fprintf(stderr, rhead_err_fmt, fname, *linenop); - } - - if (op) - free(op); - if (kp) - free(kp); - if (name) - free(name); - krb5_db_free_principal(kcontext, &dbentry, 1); + /* Get memory for flattened principal name */ + if (!(name = (char *) malloc((size_t) t2 + 1))) + error++; + + /* Get memory for and form tagged data linked list */ + tlp = &dbentry.tl_data; + for (i=0; i<t3; i++) { + if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) { + memset(*tlp, 0, sizeof(krb5_tl_data)); + tlp = &((*tlp)->tl_data_next); + dbentry.n_tl_data++; + } + else { + error++; + break; + } + } + + /* Get memory for key list */ + if (t4 && !(kp = (krb5_key_data *) malloc((size_t) + (t4*sizeof(krb5_key_data))))) + error++; + + /* Get memory for extra data */ + if (t5 && !(op = (krb5_octet *) malloc((size_t) t5))) + error++; + + if (!error) { + dbentry.len = t1; + dbentry.n_key_data = t4; + dbentry.e_length = t5; + if (kp) { + memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data))); + dbentry.key_data = kp; + kp = (krb5_key_data *) NULL; + } + if (op) { + memset(op, 0, (size_t) t5); + dbentry.e_data = op; + op = (krb5_octet *) NULL; + } + + /* Read in and parse the principal name */ + if (!read_string(filep, name, t2, linenop) && + !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) { + + /* Get the fixed principal attributes */ + nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t", + &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9); + if (nread == 8) { + dbentry.attributes = (krb5_flags) t2; + dbentry.max_life = (krb5_deltat) t3; + dbentry.max_renewable_life = (krb5_deltat) t4; + dbentry.expiration = (krb5_timestamp) t5; + dbentry.pw_expiration = (krb5_timestamp) t6; + dbentry.last_success = (krb5_timestamp) t7; + dbentry.last_failed = (krb5_timestamp) t8; + dbentry.fail_auth_count = (krb5_kvno) t9; + dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | + KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | + KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; + } else { + try2read = read_nint_data; + error++; + } + + /* + * Get the tagged data. + * + * Really, this code ought to discard tl data types + * that it knows are special to the current version + * and were not supported in the previous version. + * But it's a pain to implement that here, and doing + * it at dump time has almost as good an effect, so + * that's what I did. [krb5-admin/89] + */ + if (!error && dbentry.n_tl_data) { + for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) { + nread = fscanf(filep, "%d\t%d\t", &t1, &t2); + if (nread == 2) { + tl->tl_data_type = (krb5_int16) t1; + tl->tl_data_length = (krb5_int16) t2; + if (tl->tl_data_length) { + if (!(tl->tl_data_contents = + (krb5_octet *) malloc((size_t) t2+1)) || + read_octet_string(filep, + tl->tl_data_contents, + t2)) { + try2read = read_tcontents; + error++; + break; + } + /* test to set mask fields */ + if (t1 == KRB5_TL_KADM_DATA) { + XDR xdrs; + osa_princ_ent_rec osa_princ_ent; + + /* + * Assuming aux_attributes will always be + * there + */ + dbentry.mask |= KADM5_AUX_ATTRIBUTES; + + /* test for an actual policy reference */ + memset(&osa_princ_ent, 0, sizeof(osa_princ_ent)); + xdrmem_create(&xdrs, (char *)tl->tl_data_contents, + tl->tl_data_length, XDR_DECODE); + if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent) && + (osa_princ_ent.aux_attributes & KADM5_POLICY) && + osa_princ_ent.policy != NULL) { + + dbentry.mask |= KADM5_POLICY; + kdb_free_entry(NULL, NULL, &osa_princ_ent); + } + xdr_destroy(&xdrs); + } + } + else { + /* Should be a null field */ + nread = fscanf(filep, "%d", &t9); + if ((nread != 1) || (t9 != -1)) { + error++; + try2read = read_tcontents; + break; + } + } + } + else { + try2read = read_ttypelen; + error++; + break; + } + } + if (!error) + dbentry.mask |= KADM5_TL_DATA; + } + + /* Get the key data */ + if (!error && dbentry.n_key_data) { + for (i=0; !error && (i<dbentry.n_key_data); i++) { + kdatap = &dbentry.key_data[i]; + nread = fscanf(filep, "%d\t%d\t", &t1, &t2); + if (nread == 2) { + kdatap->key_data_ver = (krb5_int16) t1; + kdatap->key_data_kvno = (krb5_int16) t2; + + for (j=0; j<t1; j++) { + nread = fscanf(filep, "%d\t%d\t", &t3, &t4); + if (nread == 2) { + kdatap->key_data_type[j] = t3; + kdatap->key_data_length[j] = t4; + if (t4) { + if (!(kdatap->key_data_contents[j] = + (krb5_octet *) + malloc((size_t) t4+1)) || + read_octet_string(filep, + kdatap->key_data_contents[j], + t4)) { + try2read = read_kcontents; + error++; + break; + } + } + else { + /* Should be a null field */ + nread = fscanf(filep, "%d", &t9); + if ((nread != 1) || (t9 != -1)) { + error++; + try2read = read_kcontents; + break; + } + } + } + else { + try2read = read_ktypelen; + error++; + break; + } + } + } + } + if (!error) + dbentry.mask |= KADM5_KEY_DATA; + } + + /* Get the extra data */ + if (!error && dbentry.e_length) { + if (read_octet_string(filep, + dbentry.e_data, + (int) dbentry.e_length)) { + try2read = read_econtents; + error++; + } + } + else { + nread = fscanf(filep, "%d", &t9); + if ((nread != 1) || (t9 != -1)) { + error++; + try2read = read_econtents; + } + } + + /* Finally, find the end of the record. */ + if (!error) + find_record_end(filep, fname, *linenop); + + /* + * We have either read in all the data or choked. + */ + if (!error) { + one = 1; + if ((kret = krb5_db_put_principal(kcontext, + &dbentry, + &one))) { + fprintf(stderr, store_err_fmt, + fname, *linenop, + name, error_message(kret)); + } + else { + if (flags & FLAG_VERBOSE) + fprintf(stderr, add_princ_fmt, name); + retval = 0; + } + } + else { + fprintf(stderr, read_err_fmt, fname, *linenop, try2read); + } + } + else { + if (kret) + fprintf(stderr, parse_err_fmt, + fname, *linenop, name, error_message(kret)); + else + fprintf(stderr, no_mem_fmt, fname, *linenop); + } + } + else { + fprintf(stderr, rhead_err_fmt, fname, *linenop); + } + + if (op) + free(op); + if (kp) + free(kp); + if (name) + free(name); + krb5_db_free_principal(kcontext, &dbentry, 1); } else { - if (nread == EOF) - retval = -1; + if (nread == EOF) + retval = -1; } return(retval); } -static int +static int process_k5beta7_policy(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { osa_policy_ent_rec rec; char namebuf[1024]; @@ -2134,38 +2135,38 @@ process_k5beta7_policy(fname, kcontext, filep, flags, linenop) rec.name = namebuf; nread = fscanf(filep, "%1024s\t%d\t%d\t%d\t%d\t%d\t%d", rec.name, - &rec.pw_min_life, &rec.pw_max_life, - &rec.pw_min_length, &rec.pw_min_classes, - &rec.pw_history_num, &rec.policy_refcnt); + &rec.pw_min_life, &rec.pw_max_life, + &rec.pw_min_length, &rec.pw_min_classes, + &rec.pw_history_num, &rec.policy_refcnt); if (nread == EOF) - return -1; + return -1; else if (nread != 7) { - fprintf(stderr, "cannot parse policy on line %d (%d read)\n", - *linenop, nread); - return 1; + fprintf(stderr, "cannot parse policy on line %d (%d read)\n", + *linenop, nread); + return 1; } if ((ret = krb5_db_create_policy(kcontext, &rec))) { - if (ret && - ((ret = krb5_db_put_policy(kcontext, &rec)))) { - fprintf(stderr, "cannot create policy on line %d: %s\n", - *linenop, error_message(ret)); - return 1; - } + if (ret && + ((ret = krb5_db_put_policy(kcontext, &rec)))) { + fprintf(stderr, "cannot create policy on line %d: %s\n", + *linenop, error_message(ret)); + return 1; + } } if (flags & FLAG_VERBOSE) - fprintf(stderr, "created policy %s\n", rec.name); - + fprintf(stderr, "created policy %s\n", rec.name); + return 0; } static int process_r1_8_policy(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { osa_policy_ent_rec rec; char namebuf[1024]; @@ -2181,158 +2182,158 @@ process_r1_8_policy(fname, kcontext, filep, flags, linenop) * ignore any additional values. */ nread = fscanf(filep, "%1024s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d", - rec.name, - &rec.pw_min_life, &rec.pw_max_life, - &rec.pw_min_length, &rec.pw_min_classes, - &rec.pw_history_num, &rec.policy_refcnt, - &rec.pw_max_fail, &rec.pw_failcnt_interval, - &rec.pw_lockout_duration); + rec.name, + &rec.pw_min_life, &rec.pw_max_life, + &rec.pw_min_length, &rec.pw_min_classes, + &rec.pw_history_num, &rec.policy_refcnt, + &rec.pw_max_fail, &rec.pw_failcnt_interval, + &rec.pw_lockout_duration); if (nread == EOF) - return -1; + return -1; else if (nread < 10) { - fprintf(stderr, "cannot parse policy on line %d (%d read)\n", - *linenop, nread); - return 1; + fprintf(stderr, "cannot parse policy on line %d (%d read)\n", + *linenop, nread); + return 1; } if ((ret = krb5_db_create_policy(kcontext, &rec))) { - if (ret && - ((ret = krb5_db_put_policy(kcontext, &rec)))) { - fprintf(stderr, "cannot create policy on line %d: %s\n", - *linenop, error_message(ret)); - return 1; - } + if (ret && + ((ret = krb5_db_put_policy(kcontext, &rec)))) { + fprintf(stderr, "cannot create policy on line %d: %s\n", + *linenop, error_message(ret)); + return 1; + } } if (flags & FLAG_VERBOSE) - fprintf(stderr, "created policy %s\n", rec.name); + fprintf(stderr, "created policy %s\n", rec.name); return 0; } /* - * process_k5beta7_record() - Handle a dump record in krb5b7 format. + * process_k5beta7_record() - Handle a dump record in krb5b7 format. * * Returns -1 for end of file, 0 for success and 1 for failure. */ static int process_k5beta7_record(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { - int nread; - char rectype[100]; - - nread = fscanf(filep, "%100s\t", rectype); - if (nread == EOF) - return -1; - else if (nread != 1) - return 1; - if (strcmp(rectype, "princ") == 0) - process_k5beta6_record(fname, kcontext, filep, flags, - linenop); - else if (strcmp(rectype, "policy") == 0) - process_k5beta7_policy(fname, kcontext, filep, flags, - linenop); - else { - fprintf(stderr, "unknown record type \"%s\" on line %d\n", - rectype, *linenop); - return 1; - } - - return 0; + int nread; + char rectype[100]; + + nread = fscanf(filep, "%100s\t", rectype); + if (nread == EOF) + return -1; + else if (nread != 1) + return 1; + if (strcmp(rectype, "princ") == 0) + process_k5beta6_record(fname, kcontext, filep, flags, + linenop); + else if (strcmp(rectype, "policy") == 0) + process_k5beta7_policy(fname, kcontext, filep, flags, + linenop); + else { + fprintf(stderr, "unknown record type \"%s\" on line %d\n", + rectype, *linenop); + return 1; + } + + return 0; } /* - * process_ov_record() - Handle a dump record in OpenV*Secure 1.0 format. + * process_ov_record() - Handle a dump record in OpenV*Secure 1.0 format. * * Returns -1 for end of file, 0 for success and 1 for failure. */ static int process_ov_record(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { - int nread; - char rectype[100]; - - nread = fscanf(filep, "%100s\t", rectype); - if (nread == EOF) - return -1; - else if (nread != 1) - return 1; - if (strcmp(rectype, "princ") == 0) - process_ov_principal(fname, kcontext, filep, flags, - linenop); - else if (strcmp(rectype, "policy") == 0) - process_k5beta7_policy(fname, kcontext, filep, flags, - linenop); - else if (strcmp(rectype, "End") == 0) - return -1; - else { - fprintf(stderr, "unknown record type \"%s\" on line %d\n", - rectype, *linenop); - return 1; - } - - return 0; + int nread; + char rectype[100]; + + nread = fscanf(filep, "%100s\t", rectype); + if (nread == EOF) + return -1; + else if (nread != 1) + return 1; + if (strcmp(rectype, "princ") == 0) + process_ov_principal(fname, kcontext, filep, flags, + linenop); + else if (strcmp(rectype, "policy") == 0) + process_k5beta7_policy(fname, kcontext, filep, flags, + linenop); + else if (strcmp(rectype, "End") == 0) + return -1; + else { + fprintf(stderr, "unknown record type \"%s\" on line %d\n", + rectype, *linenop); + return 1; + } + + return 0; } /* - * process_r1_8_record() - Handle a dump record in krb5 1.8 format. + * process_r1_8_record() - Handle a dump record in krb5 1.8 format. * * Returns -1 for end of file, 0 for success and 1 for failure. */ static int process_r1_8_record(fname, kcontext, filep, flags, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int flags; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int flags; + int *linenop; { - int nread; - char rectype[100]; - - nread = fscanf(filep, "%100s\t", rectype); - if (nread == EOF) - return -1; - else if (nread != 1) - return 1; - if (strcmp(rectype, "princ") == 0) - process_k5beta6_record(fname, kcontext, filep, flags, - linenop); - else if (strcmp(rectype, "policy") == 0) - process_r1_8_policy(fname, kcontext, filep, flags, - linenop); - else { - fprintf(stderr, "unknown record type \"%s\" on line %d\n", - rectype, *linenop); - return 1; - } - - return 0; + int nread; + char rectype[100]; + + nread = fscanf(filep, "%100s\t", rectype); + if (nread == EOF) + return -1; + else if (nread != 1) + return 1; + if (strcmp(rectype, "princ") == 0) + process_k5beta6_record(fname, kcontext, filep, flags, + linenop); + else if (strcmp(rectype, "policy") == 0) + process_r1_8_policy(fname, kcontext, filep, flags, + linenop); + else { + fprintf(stderr, "unknown record type \"%s\" on line %d\n", + rectype, *linenop); + return 1; + } + + return 0; } /* - * restore_dump() - Restore the database from any version dump file. + * restore_dump() - Restore the database from any version dump file. */ static int restore_dump(programname, kcontext, dumpfile, f, flags, dump) - char *programname; - krb5_context kcontext; - char *dumpfile; - FILE *f; - int flags; - dump_version *dump; + char *programname; + krb5_context kcontext; + char *dumpfile; + FILE *f; + int flags; + dump_version *dump; { - int error; - int lineno; + int error; + int lineno; error = 0; lineno = 1; @@ -2341,15 +2342,15 @@ restore_dump(programname, kcontext, dumpfile, f, flags, dump) * Process the records. */ while (!(error = (*dump->load_record)(dumpfile, - kcontext, - f, - flags, - &lineno))) - ; + kcontext, + f, + flags, + &lineno))) + ; if (error != -1) - fprintf(stderr, err_line_fmt, programname, lineno, dumpfile); + fprintf(stderr, err_line_fmt, programname, lineno, dumpfile); else - error = 0; + error = 0; return(error); } @@ -2360,28 +2361,28 @@ restore_dump(programname, kcontext, dumpfile, f, flags, dump) */ void load_db(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { kadm5_config_params newparams; - krb5_error_code kret; - krb5_context kcontext; - FILE *f; - extern char *optarg; - extern int optind; - char *dumpfile; - char *dbname; - char *dbname_tmp; - char buf[BUFSIZ]; - dump_version *load; - int flags; - krb5_int32 crflags; - int aindex; - int db_locked = 0; - char iheader[MAX_HEADER]; - kdb_log_context *log_ctx; - krb5_boolean add_update = TRUE; - uint32_t caller, last_sno, last_seconds, last_useconds; + krb5_error_code kret; + krb5_context kcontext; + FILE *f; + extern char *optarg; + extern int optind; + char *dumpfile; + char *dbname; + char *dbname_tmp; + char buf[BUFSIZ]; + dump_version *load; + int flags; + krb5_int32 crflags; + int aindex; + int db_locked = 0; + char iheader[MAX_HEADER]; + kdb_log_context *log_ctx; + krb5_boolean add_update = TRUE; + uint32_t caller, last_sno, last_seconds, last_useconds; /* * Parse the arguments. @@ -2396,89 +2397,89 @@ load_db(argc, argv) log_ctx = util_context->kdblog_context; for (aindex = 1; aindex < argc; aindex++) { - if (!strcmp(argv[aindex], oldoption)) - load = &old_version; - else if (!strcmp(argv[aindex], b6option)) - load = &beta6_version; - else if (!strcmp(argv[aindex], b7option)) - load = &beta7_version; - else if (!strcmp(argv[aindex], ovoption)) - load = &ov_version; - else if (!strcmp(argv[aindex], r13option)) - load = &r1_3_version; - else if (!strcmp(argv[aindex], ipropoption)) { - if (log_ctx && log_ctx->iproprole) { - load = &iprop_version; - add_update = FALSE; - } else { - fprintf(stderr, _("Iprop not enabled\n")); - exit_status++; - return; - } - } else if (!strcmp(argv[aindex], verboseoption)) - flags |= FLAG_VERBOSE; - else if (!strcmp(argv[aindex], updateoption)) - flags |= FLAG_UPDATE; - else if (!strcmp(argv[aindex], hashoption)) { - if (!add_db_arg("hash=true")) { - com_err(progname, ENOMEM, "while parsing command arguments\n"); - exit(1); - } - } else - break; + if (!strcmp(argv[aindex], oldoption)) + load = &old_version; + else if (!strcmp(argv[aindex], b6option)) + load = &beta6_version; + else if (!strcmp(argv[aindex], b7option)) + load = &beta7_version; + else if (!strcmp(argv[aindex], ovoption)) + load = &ov_version; + else if (!strcmp(argv[aindex], r13option)) + load = &r1_3_version; + else if (!strcmp(argv[aindex], ipropoption)) { + if (log_ctx && log_ctx->iproprole) { + load = &iprop_version; + add_update = FALSE; + } else { + fprintf(stderr, _("Iprop not enabled\n")); + exit_status++; + return; + } + } else if (!strcmp(argv[aindex], verboseoption)) + flags |= FLAG_VERBOSE; + else if (!strcmp(argv[aindex], updateoption)) + flags |= FLAG_UPDATE; + else if (!strcmp(argv[aindex], hashoption)) { + if (!add_db_arg("hash=true")) { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + } else + break; } if ((argc - aindex) != 1) { - usage(); - return; + usage(); + return; } dumpfile = argv[aindex]; if (asprintf(&dbname_tmp, "%s%s", dbname, dump_tmptrail) < 0) { - fprintf(stderr, no_name_mem_fmt, progname); - exit_status++; - return; + fprintf(stderr, no_name_mem_fmt, progname); + exit_status++; + return; } /* * Initialize the Kerberos context and error tables. */ if ((kret = kadm5_init_krb5_context(&kcontext))) { - fprintf(stderr, ctx_err_fmt, progname); - free(dbname_tmp); - exit_status++; - return; + fprintf(stderr, ctx_err_fmt, progname); + free(dbname_tmp); + exit_status++; + return; } if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) ) { - fprintf(stderr, "%s: Unable to set the default realm\n", progname); - free(dbname_tmp); - exit_status++; - return; + fprintf(stderr, "%s: Unable to set the default realm\n", progname); + free(dbname_tmp); + exit_status++; + return; } if (log_ctx && log_ctx->iproprole) - kcontext->kdblog_context = log_ctx; + kcontext->kdblog_context = log_ctx; /* * Open the dumpfile */ if (dumpfile) { - if ((f = fopen(dumpfile, "r")) == NULL) { - fprintf(stderr, dfile_err_fmt, progname, dumpfile, - error_message(errno)); - exit_status++; - return; - } - if ((kret = krb5_lock_file(kcontext, fileno(f), - KRB5_LOCKMODE_SHARED))) { - fprintf(stderr, "%s: Cannot lock %s: %s\n", progname, - dumpfile, error_message(errno)); - exit_status++; - return; - } + if ((f = fopen(dumpfile, "r")) == NULL) { + fprintf(stderr, dfile_err_fmt, progname, dumpfile, + error_message(errno)); + exit_status++; + return; + } + if ((kret = krb5_lock_file(kcontext, fileno(f), + KRB5_LOCKMODE_SHARED))) { + fprintf(stderr, "%s: Cannot lock %s: %s\n", progname, + dumpfile, error_message(errno)); + exit_status++; + return; + } } else - f = stdin; + f = stdin; /* * Auto-detect dump version if we weren't told, verify if we @@ -2486,41 +2487,41 @@ load_db(argc, argv) */ fgets(buf, sizeof(buf), f); if (load) { - /* only check what we know; some headers only contain a prefix */ - /* NB: this should work for ipropx even though load is iprop */ - if (strncmp(buf, load->header, strlen(load->header)) != 0) { - fprintf(stderr, head_bad_fmt, progname, dumpfile); - exit_status++; - if (dumpfile) fclose(f); - return; - } + /* only check what we know; some headers only contain a prefix */ + /* NB: this should work for ipropx even though load is iprop */ + if (strncmp(buf, load->header, strlen(load->header)) != 0) { + fprintf(stderr, head_bad_fmt, progname, dumpfile); + exit_status++; + if (dumpfile) fclose(f); + return; + } } else { - /* perhaps this should be in an array, but so what? */ - if (strcmp(buf, old_version.header) == 0) - load = &old_version; - else if (strcmp(buf, beta6_version.header) == 0) - load = &beta6_version; - else if (strcmp(buf, beta7_version.header) == 0) - load = &beta7_version; - else if (strcmp(buf, r1_3_version.header) == 0) - load = &r1_3_version; - else if (strcmp(buf, r1_8_version.header) == 0) - load = &r1_8_version; - else if (strncmp(buf, ov_version.header, - strlen(ov_version.header)) == 0) - load = &ov_version; - else { - fprintf(stderr, head_bad_fmt, progname, dumpfile); - exit_status++; - if (dumpfile) fclose(f); - return; - } + /* perhaps this should be in an array, but so what? */ + if (strcmp(buf, old_version.header) == 0) + load = &old_version; + else if (strcmp(buf, beta6_version.header) == 0) + load = &beta6_version; + else if (strcmp(buf, beta7_version.header) == 0) + load = &beta7_version; + else if (strcmp(buf, r1_3_version.header) == 0) + load = &r1_3_version; + else if (strcmp(buf, r1_8_version.header) == 0) + load = &r1_8_version; + else if (strncmp(buf, ov_version.header, + strlen(ov_version.header)) == 0) + load = &ov_version; + else { + fprintf(stderr, head_bad_fmt, progname, dumpfile); + exit_status++; + if (dumpfile) fclose(f); + return; + } } if (load->updateonly && !(flags & FLAG_UPDATE)) { - fprintf(stderr, "%s: dump version %s can only be loaded with the " - "-update flag\n", progname, load->name); - exit_status++; - return; + fprintf(stderr, "%s: dump version %s can only be loaded with the " + "-update flag\n", progname, load->name); + exit_status++; + return; } /* @@ -2530,74 +2531,74 @@ load_db(argc, argv) */ newparams = global_params; if (! (flags & FLAG_UPDATE)) { - newparams.mask |= KADM5_CONFIG_DBNAME; - newparams.dbname = dbname_tmp; - - if ((kret = kadm5_get_config_params(kcontext, 1, - &newparams, &newparams))) { - com_err(progname, kret, - "while retreiving new configuration parameters"); - exit_status++; - return; - } - - if (!add_db_arg("temporary")) { - com_err(progname, ENOMEM, "computing parameters for database"); - exit(1); - } - - if (!add_update && !add_db_arg("merge_nra")) { - com_err(progname, ENOMEM, "computing parameters for database"); - exit(1); - } + newparams.mask |= KADM5_CONFIG_DBNAME; + newparams.dbname = dbname_tmp; + + if ((kret = kadm5_get_config_params(kcontext, 1, + &newparams, &newparams))) { + com_err(progname, kret, + "while retreiving new configuration parameters"); + exit_status++; + return; + } + + if (!add_db_arg("temporary")) { + com_err(progname, ENOMEM, "computing parameters for database"); + exit(1); + } + + if (!add_update && !add_db_arg("merge_nra")) { + com_err(progname, ENOMEM, "computing parameters for database"); + exit(1); + } } - + /* * If not an update restoration, create the database. otherwise open */ if (!(flags & FLAG_UPDATE)) { - if((kret = krb5_db_create(kcontext, db5util_db_args))) { - const char *emsg = krb5_get_error_message(kcontext, kret); - /* - * See if something (like DAL KDB plugin) has set a specific error - * message and use that otherwise use default. - */ - - if (emsg != NULL) { - fprintf(stderr, "%s: %s\n", progname, emsg); - krb5_free_error_message (kcontext, emsg); - } else { - fprintf(stderr, dbcreaterr_fmt, - progname, dbname, error_message(kret)); - } - exit_status++; - kadm5_free_config_params(kcontext, &newparams); - if (dumpfile) fclose(f); - return; - } + if((kret = krb5_db_create(kcontext, db5util_db_args))) { + const char *emsg = krb5_get_error_message(kcontext, kret); + /* + * See if something (like DAL KDB plugin) has set a specific error + * message and use that otherwise use default. + */ + + if (emsg != NULL) { + fprintf(stderr, "%s: %s\n", progname, emsg); + krb5_free_error_message (kcontext, emsg); + } else { + fprintf(stderr, dbcreaterr_fmt, + progname, dbname, error_message(kret)); + } + exit_status++; + kadm5_free_config_params(kcontext, &newparams); + if (dumpfile) fclose(f); + return; + } } else { - /* - * Initialize the database. - */ - if ((kret = krb5_db_open(kcontext, db5util_db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) { - const char *emsg = krb5_get_error_message(kcontext, kret); - /* - * See if something (like DAL KDB plugin) has set a specific - * error message and use that otherwise use default. - */ - - if (emsg != NULL) { - fprintf(stderr, "%s: %s\n", progname, emsg); - krb5_free_error_message (kcontext, emsg); - } else { - fprintf(stderr, dbinit_err_fmt, - progname, error_message(kret)); - } - exit_status++; - goto error; - } + /* + * Initialize the database. + */ + if ((kret = krb5_db_open(kcontext, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) { + const char *emsg = krb5_get_error_message(kcontext, kret); + /* + * See if something (like DAL KDB plugin) has set a specific + * error message and use that otherwise use default. + */ + + if (emsg != NULL) { + fprintf(stderr, "%s: %s\n", progname, emsg); + krb5_free_error_message (kcontext, emsg); + } else { + fprintf(stderr, dbinit_err_fmt, + progname, error_message(kret)); + } + exit_status++; + goto error; + } } @@ -2606,132 +2607,132 @@ load_db(argc, argv) * the update fails. */ if ((kret = krb5_db_lock(kcontext, - (flags & FLAG_UPDATE) ? - KRB5_DB_LOCKMODE_PERMANENT : - KRB5_DB_LOCKMODE_EXCLUSIVE))) { - /* - * Ignore a not supported error since there is nothing to do about it - * anyway. - */ - if (kret != KRB5_PLUGIN_OP_NOTSUPP) { - fprintf(stderr, "%s: %s while permanently locking database\n", - progname, error_message(kret)); - exit_status++; - goto error; - } + (flags & FLAG_UPDATE) ? + KRB5_DB_LOCKMODE_PERMANENT : + KRB5_DB_LOCKMODE_EXCLUSIVE))) { + /* + * Ignore a not supported error since there is nothing to do about it + * anyway. + */ + if (kret != KRB5_PLUGIN_OP_NOTSUPP) { + fprintf(stderr, "%s: %s while permanently locking database\n", + progname, error_message(kret)); + exit_status++; + goto error; + } } else - db_locked = 1; - + db_locked = 1; + if (log_ctx && log_ctx->iproprole) { - if (add_update) - caller = FKCOMMAND; - else - caller = FKPROPD; - - if (ulog_map(kcontext, global_params.iprop_logfile, - global_params.iprop_ulogsize, caller, db5util_db_args)) { - fprintf(stderr, _("%s: Could not map log\n"), - progname); - exit_status++; - goto error; - } - - /* - * We don't want to take out the ulog out from underneath - * kadmind so we reinit the header log. - * - * We also don't want to add to the update log since we - * are doing a whole sale replace of the db, because: - * we could easily exceed # of update entries - * we could implicity delete db entries during a replace - * no advantage in incr updates when entire db is replaced - */ - if (!(flags & FLAG_UPDATE)) { - memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t)); - - log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - log_ctx->ulog->db_version_num = KDB_VERSION; - log_ctx->ulog->kdb_state = KDB_STABLE; - log_ctx->ulog->kdb_block = ULOG_BLOCK; - - log_ctx->iproprole = IPROP_NULL; - - if (!add_update) { - unsigned int ipropx_version = IPROPX_VERSION_0; - - if (!strncmp(buf, "ipropx ", sizeof("ipropx ") - 1)) - sscanf(buf, "%s %u %u %u %u", iheader, - &ipropx_version, &last_sno, - &last_seconds, &last_useconds); - else - sscanf(buf, "%s %u %u %u", iheader, &last_sno, - &last_seconds, &last_useconds); - - switch (ipropx_version) { - case IPROPX_VERSION_0: - load = &iprop_version; - break; - case IPROPX_VERSION_1: - load = &ipropx_1_version; - break; - default: - fprintf(stderr, _("%s: Unknown iprop dump version %d\n"), - progname, ipropx_version); - exit_status++; - goto error; - } - - log_ctx->ulog->kdb_last_sno = last_sno; - log_ctx->ulog->kdb_last_time.seconds = - last_seconds; - log_ctx->ulog->kdb_last_time.useconds = - last_useconds; - } - } + if (add_update) + caller = FKCOMMAND; + else + caller = FKPROPD; + + if (ulog_map(kcontext, global_params.iprop_logfile, + global_params.iprop_ulogsize, caller, db5util_db_args)) { + fprintf(stderr, _("%s: Could not map log\n"), + progname); + exit_status++; + goto error; + } + + /* + * We don't want to take out the ulog out from underneath + * kadmind so we reinit the header log. + * + * We also don't want to add to the update log since we + * are doing a whole sale replace of the db, because: + * we could easily exceed # of update entries + * we could implicity delete db entries during a replace + * no advantage in incr updates when entire db is replaced + */ + if (!(flags & FLAG_UPDATE)) { + memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t)); + + log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + log_ctx->ulog->db_version_num = KDB_VERSION; + log_ctx->ulog->kdb_state = KDB_STABLE; + log_ctx->ulog->kdb_block = ULOG_BLOCK; + + log_ctx->iproprole = IPROP_NULL; + + if (!add_update) { + unsigned int ipropx_version = IPROPX_VERSION_0; + + if (!strncmp(buf, "ipropx ", sizeof("ipropx ") - 1)) + sscanf(buf, "%s %u %u %u %u", iheader, + &ipropx_version, &last_sno, + &last_seconds, &last_useconds); + else + sscanf(buf, "%s %u %u %u", iheader, &last_sno, + &last_seconds, &last_useconds); + + switch (ipropx_version) { + case IPROPX_VERSION_0: + load = &iprop_version; + break; + case IPROPX_VERSION_1: + load = &ipropx_1_version; + break; + default: + fprintf(stderr, _("%s: Unknown iprop dump version %d\n"), + progname, ipropx_version); + exit_status++; + goto error; + } + + log_ctx->ulog->kdb_last_sno = last_sno; + log_ctx->ulog->kdb_last_time.seconds = + last_seconds; + log_ctx->ulog->kdb_last_time.useconds = + last_useconds; + } + } } if (restore_dump(progname, kcontext, (dumpfile) ? dumpfile : stdin_name, - f, flags, load)) { - fprintf(stderr, restfail_fmt, - progname, load->name); - exit_status++; + f, flags, load)) { + fprintf(stderr, restfail_fmt, + progname, load->name); + exit_status++; } if (!(flags & FLAG_UPDATE) && load->create_kadm5 && - ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { - /* error message printed by create_magic_princs */ - exit_status++; + ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { + /* error message printed by create_magic_princs */ + exit_status++; } - + if (db_locked && (kret = krb5_db_unlock(kcontext))) { - /* change this error? */ - fprintf(stderr, dbunlockerr_fmt, - progname, dbname, error_message(kret)); - exit_status++; + /* change this error? */ + fprintf(stderr, dbunlockerr_fmt, + progname, dbname, error_message(kret)); + exit_status++; } #if 0 if ((kret = krb5_db_fini(kcontext))) { - fprintf(stderr, close_err_fmt, - progname, error_message(kret)); - exit_status++; + fprintf(stderr, close_err_fmt, + progname, error_message(kret)); + exit_status++; } #endif /* close policy db below */ if (exit_status == 0 && !(flags & FLAG_UPDATE)) { - kret = krb5_db_promote(kcontext, db5util_db_args); - /* - * Ignore a not supported error since there is nothing to do about it - * anyway. - */ - if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { - fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n", - progname, error_message(kret)); - exit_status++; - } + kret = krb5_db_promote(kcontext, db5util_db_args); + /* + * Ignore a not supported error since there is nothing to do about it + * anyway. + */ + if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { + fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n", + progname, error_message(kret)); + exit_status++; + } } error: @@ -2742,26 +2743,26 @@ error: * If an update: if there was no error, unlock the database. */ if (!(flags & FLAG_UPDATE)) { - if (exit_status) { - kret = krb5_db_destroy(kcontext, db5util_db_args); - /* - * Ignore a not supported error since there is nothing to do about - * it anyway. - */ - if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { - fprintf(stderr, dbdelerr_fmt, - progname, dbname, error_message(kret)); - exit_status++; - } - } + if (exit_status) { + kret = krb5_db_destroy(kcontext, db5util_db_args); + /* + * Ignore a not supported error since there is nothing to do about + * it anyway. + */ + if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { + fprintf(stderr, dbdelerr_fmt, + progname, dbname, error_message(kret)); + exit_status++; + } + } } if (dumpfile) { - (void) krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_UNLOCK); - fclose(f); + (void) krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_UNLOCK); + fclose(f); } if (dbname_tmp) - free(dbname_tmp); + free(dbname_tmp); krb5_free_context(kcontext); } diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index a232bab..5cce78c 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * @@ -6,14 +7,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -24,7 +25,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -49,7 +50,7 @@ #include "kdb5_util.h" static int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime); + char *name, char *realm, int attrs, int lifetime); static int add_admin_princs(void *handle, krb5_context context, char *realm); #define ERR 1 @@ -63,65 +64,65 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm); * * Purpose: create admin principals in KDC database * - * Arguments: params (r) configuration parameters to use - * + * Arguments: params (r) configuration parameters to use + * * Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE * principals in the KDC database and sets their attributes * appropriately. */ int kadm5_create(kadm5_config_params *params) { - int retval; - krb5_context context; + int retval; + krb5_context context; - kadm5_config_params lparams; + kadm5_config_params lparams; - if ((retval = kadm5_init_krb5_context(&context))) - exit(ERR); + if ((retval = kadm5_init_krb5_context(&context))) + exit(ERR); - /* - * The lock file has to exist before calling kadm5_init, but - * params->admin_lockfile may not be set yet... - */ - if ((retval = kadm5_get_config_params(context, 1, - params, &lparams))) { - com_err(progname, retval, "while looking up the Kerberos configuration"); - return 1; - } + /* + * The lock file has to exist before calling kadm5_init, but + * params->admin_lockfile may not be set yet... + */ + if ((retval = kadm5_get_config_params(context, 1, + params, &lparams))) { + com_err(progname, retval, "while looking up the Kerberos configuration"); + return 1; + } - retval = kadm5_create_magic_princs(&lparams, context); + retval = kadm5_create_magic_princs(&lparams, context); - kadm5_free_config_params(context, &lparams); - krb5_free_context(context); + kadm5_free_config_params(context, &lparams); + krb5_free_context(context); - return retval; + return retval; } int kadm5_create_magic_princs(kadm5_config_params *params, - krb5_context context) + krb5_context context) { - int retval; - void *handle; - - retval = krb5_klog_init(context, "admin_server", progname, 0); - if (retval) - return retval; - if ((retval = kadm5_init(context, progname, NULL, NULL, params, - KADM5_STRUCT_VERSION, - KADM5_API_VERSION_3, - db5util_db_args, - &handle))) { - com_err(progname, retval, "while initializing the Kerberos admin interface"); - return retval; - } - - retval = add_admin_princs(handle, context, params->realm); - - kadm5_destroy(handle); - - krb5_klog_close(context); - - return retval; + int retval; + void *handle; + + retval = krb5_klog_init(context, "admin_server", progname, 0); + if (retval) + return retval; + if ((retval = kadm5_init(context, progname, NULL, NULL, params, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, + db5util_db_args, + &handle))) { + com_err(progname, retval, "while initializing the Kerberos admin interface"); + return retval; + } + + retval = add_admin_princs(handle, context, params->realm); + + kadm5_destroy(handle); + + krb5_klog_close(context); + + return retval; } /* @@ -131,22 +132,22 @@ int kadm5_create_magic_princs(kadm5_config_params *params, * * Arguments: * - * name (input) the name - * realm (input) the realm + * name (input) the name + * realm (input) the realm * * Returns: * - * pointer to name@realm, in allocated memory, or NULL if it - * cannot be allocated + * pointer to name@realm, in allocated memory, or NULL if it + * cannot be allocated * * Requires: both strings are null-terminated */ static char *build_name_with_realm(char *name, char *realm) { - char *n; + char *n; - asprintf(&n, "%s@%s", name, realm); - return n; + asprintf(&n, "%s@%s", name, realm); + return n; } /* @@ -156,14 +157,14 @@ static char *build_name_with_realm(char *name, char *realm) * * Arguments: * - * rseed (input) random seed - * realm (input) realm, or NULL for default realm + * rseed (input) random seed + * realm (input) realm, or NULL for default realm * <return value> (output) status, 0 for success, 1 for serious error - * + * * Requires: - * + * * Effects: - * + * * add_admin_princs creates KADM5_ADMIN_SERVICE, * KADM5_CHANGEPW_SERVICE. If any of these exist a message is * printed. If any of these existing principal do not have the proper @@ -171,79 +172,79 @@ static char *build_name_with_realm(char *name, char *realm) */ static int add_admin_princs(void *handle, krb5_context context, char *realm) { - krb5_error_code ret = 0; - char *service_name = 0, *p; - char localname[MAXHOSTNAMELEN]; - struct addrinfo *ai, ai_hints; - int gai_error; - - if (gethostname(localname, MAXHOSTNAMELEN)) { - ret = errno; - perror("gethostname"); - goto clean_and_exit; - } - memset(&ai_hints, 0, sizeof(ai_hints)); - ai_hints.ai_flags = AI_CANONNAME; - gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai); - if (gai_error) { - ret = EINVAL; - fprintf(stderr, "getaddrinfo(%s): %s\n", localname, - gai_strerror(gai_error)); - goto clean_and_exit; - } - if (ai->ai_canonname == NULL) { - ret = EINVAL; - fprintf(stderr, - "getaddrinfo(%s): Cannot determine canonical hostname.\n", - localname); - freeaddrinfo(ai); - goto clean_and_exit; - } - for (p = ai->ai_canonname; *p; p++) { + krb5_error_code ret = 0; + char *service_name = 0, *p; + char localname[MAXHOSTNAMELEN]; + struct addrinfo *ai, ai_hints; + int gai_error; + + if (gethostname(localname, MAXHOSTNAMELEN)) { + ret = errno; + perror("gethostname"); + goto clean_and_exit; + } + memset(&ai_hints, 0, sizeof(ai_hints)); + ai_hints.ai_flags = AI_CANONNAME; + gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai); + if (gai_error) { + ret = EINVAL; + fprintf(stderr, "getaddrinfo(%s): %s\n", localname, + gai_strerror(gai_error)); + goto clean_and_exit; + } + if (ai->ai_canonname == NULL) { + ret = EINVAL; + fprintf(stderr, + "getaddrinfo(%s): Cannot determine canonical hostname.\n", + localname); + freeaddrinfo(ai); + goto clean_and_exit; + } + for (p = ai->ai_canonname; *p; p++) { #ifdef isascii - if (!isascii(*p)) - continue; + if (!isascii(*p)) + continue; #else - if (*p < ' ') - continue; - if (*p > '~') - continue; + if (*p < ' ') + continue; + if (*p > '~') + continue; #endif - if (!isupper(*p)) - continue; - *p = tolower(*p); - } - if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) { - ret = ENOMEM; - fprintf(stderr, "Out of memory\n"); - freeaddrinfo(ai); - goto clean_and_exit; - } - freeaddrinfo(ai); - - if ((ret = add_admin_princ(handle, context, - service_name, realm, - KRB5_KDB_DISALLOW_TGT_BASED, - ADMIN_LIFETIME))) - goto clean_and_exit; - - if ((ret = add_admin_princ(handle, context, - KADM5_ADMIN_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED, - ADMIN_LIFETIME))) - goto clean_and_exit; - - if ((ret = add_admin_princ(handle, context, - KADM5_CHANGEPW_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED | - KRB5_KDB_PWCHANGE_SERVICE, - CHANGEPW_LIFETIME))) - goto clean_and_exit; - + if (!isupper(*p)) + continue; + *p = tolower(*p); + } + if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) { + ret = ENOMEM; + fprintf(stderr, "Out of memory\n"); + freeaddrinfo(ai); + goto clean_and_exit; + } + freeaddrinfo(ai); + + if ((ret = add_admin_princ(handle, context, + service_name, realm, + KRB5_KDB_DISALLOW_TGT_BASED, + ADMIN_LIFETIME))) + goto clean_and_exit; + + if ((ret = add_admin_princ(handle, context, + KADM5_ADMIN_SERVICE, realm, + KRB5_KDB_DISALLOW_TGT_BASED, + ADMIN_LIFETIME))) + goto clean_and_exit; + + if ((ret = add_admin_princ(handle, context, + KADM5_CHANGEPW_SERVICE, realm, + KRB5_KDB_DISALLOW_TGT_BASED | + KRB5_KDB_PWCHANGE_SERVICE, + CHANGEPW_LIFETIME))) + goto clean_and_exit; + clean_and_exit: - free(service_name); + free(service_name); - return ret; + return ret; } /* @@ -251,23 +252,23 @@ clean_and_exit: * * Arguments: * - * creator (r) principal to use as "mod_by" - * rseed (r) seed for random key generator - * name (r) principal name - * realm (r) realm name for principal - * attrs (r) principal's attributes - * lifetime (r) principal's max life, or 0 - * not_unique (r) error message for multiple entries, never used - * exists (r) warning message for principal exists - * wrong_attrs (r) warning message for wrong attributes + * creator (r) principal to use as "mod_by" + * rseed (r) seed for random key generator + * name (r) principal name + * realm (r) realm name for principal + * attrs (r) principal's attributes + * lifetime (r) principal's max life, or 0 + * not_unique (r) error message for multiple entries, never used + * exists (r) warning message for principal exists + * wrong_attrs (r) warning message for wrong attributes * * Returns: * - * OK on success - * ERR on serious errors + * OK on success + * ERR on serious errors * * Effects: - * + * * If the principal is not unique, not_unique is printed (but this * never happens). If the principal exists, then exists is printed * and if the principals attributes != attrs, wrong_attrs is printed. @@ -276,56 +277,56 @@ clean_and_exit: */ int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime) + char *name, char *realm, int attrs, int lifetime) { - char *fullname; - krb5_error_code ret; - kadm5_principal_ent_rec ent; - - memset(&ent, 0, sizeof(ent)); - - fullname = build_name_with_realm(name, realm); - ret = krb5_parse_name(context, fullname, &ent.principal); - if (ret) { - com_err(progname, ret, str_PARSE_NAME); - return(ERR); - } - ent.max_life = lifetime; - ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX; - - ret = kadm5_create_principal(handle, &ent, - (KADM5_PRINCIPAL | KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - "to-be-random"); - if (ret) { - if (ret != KADM5_DUP) { - com_err(progname, ret, str_PUT_PRINC, fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } else { - /* only randomize key if we created the principal */ - ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); - if (ret) { - com_err(progname, ret, str_RANDOM_KEY, fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - - ent.attributes = attrs; - ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES); - if (ret) { - com_err(progname, ret, str_PUT_PRINC, fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } - - krb5_free_principal(context, ent.principal); - free(fullname); - - return OK; + char *fullname; + krb5_error_code ret; + kadm5_principal_ent_rec ent; + + memset(&ent, 0, sizeof(ent)); + + fullname = build_name_with_realm(name, realm); + ret = krb5_parse_name(context, fullname, &ent.principal); + if (ret) { + com_err(progname, ret, str_PARSE_NAME); + return(ERR); + } + ent.max_life = lifetime; + ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX; + + ret = kadm5_create_principal(handle, &ent, + (KADM5_PRINCIPAL | KADM5_MAX_LIFE | + KADM5_ATTRIBUTES), + "to-be-random"); + if (ret) { + if (ret != KADM5_DUP) { + com_err(progname, ret, str_PUT_PRINC, fullname); + krb5_free_principal(context, ent.principal); + free(fullname); + return ERR; + } + } else { + /* only randomize key if we created the principal */ + ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); + if (ret) { + com_err(progname, ret, str_RANDOM_KEY, fullname); + krb5_free_principal(context, ent.principal); + free(fullname); + return ERR; + } + + ent.attributes = attrs; + ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES); + if (ret) { + com_err(progname, ret, str_PUT_PRINC, fullname); + krb5_free_principal(context, ent.principal); + free(fullname); + return ERR; + } + } + + krb5_free_principal(context, ent.principal); + free(fullname); + + return OK; } diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 3cf84fe..3585771 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/dbutil/kdb5_create.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Generate (from scratch) a Kerberos KDC database. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -66,9 +67,9 @@ #include "kdb5_util.h" enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - TGT_KEY /* special handling for tgt key */ + NULL_KEY, /* setup null keys */ + MASTER_KEY, /* use master key as new key */ + TGT_KEY /* special handling for tgt key */ }; krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL }; @@ -92,16 +93,16 @@ struct realm_info { }; struct iterate_args { - krb5_context ctx; - struct realm_info *rblock; - krb5_db_entry *dbentp; + krb5_context ctx; + struct realm_info *rblock; + krb5_db_entry *dbentp; }; -static krb5_error_code add_principal - (krb5_context, - krb5_principal, - enum ap_op, - struct realm_info *); +static krb5_error_code add_principal +(krb5_context, + krb5_principal, + enum ap_op, + struct realm_info *); /* * Steps in creating a database: @@ -122,28 +123,28 @@ extern krb5_principal master_princ; krb5_data master_salt; krb5_data tgt_princ_entries[] = { - {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, - {0, 0, 0} }; + {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, + {0, 0, 0} }; krb5_data db_creator_entries[] = { - {0, sizeof("db_creation")-1, "db_creation"} }; + {0, sizeof("db_creation")-1, "db_creation"} }; /* XXX knows about contents of krb5_principal, and that tgt names - are of form TGT/REALM@REALM */ + are of form TGT/REALM@REALM */ krb5_principal_data tgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - tgt_princ_entries, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ + 0, /* magic number */ + {0, 0, 0}, /* krb5_data realm */ + tgt_princ_entries, /* krb5_data *data */ + 2, /* int length */ + KRB5_NT_SRV_INST /* int type */ }; krb5_principal_data db_create_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - db_creator_entries, /* krb5_data *data */ - 1, /* int length */ - KRB5_NT_SRV_INST /* int type */ + 0, /* magic number */ + {0, 0, 0}, /* krb5_data realm */ + db_creator_entries, /* krb5_data *data */ + 1, /* int length */ + KRB5_NT_SRV_INST /* int type */ }; extern char *mkey_password; @@ -154,8 +155,8 @@ extern kadm5_config_params global_params; extern krb5_context util_context; void kdb5_create(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { int optchar; @@ -168,26 +169,26 @@ void kdb5_create(argc, argv) kdb_log_context *log_ctx; krb5_kvno mkey_kvno; int strong_random = 1; - + while ((optchar = getopt(argc, argv, "sW")) != -1) { - switch(optchar) { - case 's': - do_stash++; - break; - case 'h': - if (!add_db_arg("hash=true")) { - com_err(progname, ENOMEM, "while parsing command arguments\n"); - exit(1); - } - break; - case 'W': - strong_random = 0; - break; - case '?': - default: - usage(); - return; - } + switch(optchar) { + case 's': + do_stash++; + break; + case 'h': + if (!add_db_arg("hash=true")) { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + break; + case 'W': + strong_random = 0; + break; + case '?': + default: + usage(); + return; + } } rblock.max_life = global_params.max_life; @@ -202,18 +203,18 @@ void kdb5_create(argc, argv) printf ("Loading random data\n"); retval = krb5_c_random_os_entropy (util_context, strong_random, NULL); if (retval) { - com_err (progname, retval, "Loading random data"); - exit_status++; return; + com_err (progname, retval, "Loading random data"); + exit_status++; return; } - + /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - &mkey_fullname, &master_princ))) { - com_err(progname, retval, "while setting up master key name"); - exit_status++; return; + global_params.mkey_name, + global_params.realm, + &mkey_fullname, &master_princ))) { + com_err(progname, retval, "while setting up master key name"); + exit_status++; return; } krb5_princ_set_realm_data(util_context, &db_create_princ, global_params.realm); @@ -225,42 +226,42 @@ void kdb5_create(argc, argv) printf("Initializing database '%s' for realm '%s',\n\ master key name '%s'\n", - global_params.dbname, global_params.realm, mkey_fullname); + global_params.dbname, global_params.realm, mkey_fullname); if (!mkey_password) { - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); - fflush(stdout); - - pw_size = 1024; - pw_str = malloc(pw_size); - if (pw_str == NULL) { - com_err(progname, ENOMEM, "while creating new master key"); - exit_status++; return; - } - - retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2, - pw_str, &pw_size); - if (retval) { - com_err(progname, retval, "while reading master key from keyboard"); - exit_status++; return; - } - mkey_password = pw_str; + printf("You will be prompted for the database Master Password.\n"); + printf("It is important that you NOT FORGET this password.\n"); + fflush(stdout); + + pw_size = 1024; + pw_str = malloc(pw_size); + if (pw_str == NULL) { + com_err(progname, ENOMEM, "while creating new master key"); + exit_status++; return; + } + + retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2, + pw_str, &pw_size); + if (retval) { + com_err(progname, retval, "while reading master key from keyboard"); + exit_status++; return; + } + mkey_password = pw_str; } pwd.data = mkey_password; pwd.length = strlen(mkey_password); retval = krb5_principal2salt(util_context, master_princ, &master_salt); if (retval) { - com_err(progname, retval, "while calculating master key salt"); - exit_status++; return; + com_err(progname, retval, "while calculating master key salt"); + exit_status++; return; } - retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, - &pwd, &master_salt, &master_keyblock); + retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, + &pwd, &master_salt, &master_keyblock); if (retval) { - com_err(progname, retval, "while transforming master key from password"); - exit_status++; return; + com_err(progname, retval, "while transforming master key from password"); + exit_status++; return; } rblock.key = &master_keyblock; @@ -269,59 +270,59 @@ master key name '%s'\n", seed.data = master_keyblock.contents; if ((retval = krb5_c_random_seed(util_context, &seed))) { - com_err(progname, retval, "while initializing random key generator"); - exit_status++; return; + com_err(progname, retval, "while initializing random key generator"); + exit_status++; return; } if ((retval = krb5_db_create(util_context, - db5util_db_args))) { - com_err(progname, retval, "while creating database '%s'", - global_params.dbname); - exit_status++; return; + db5util_db_args))) { + com_err(progname, retval, "while creating database '%s'", + global_params.dbname); + exit_status++; return; } /* if ((retval = krb5_db_fini(util_context))) { */ /* com_err(progname, retval, "while closing current database"); */ /* exit_status++; return; */ /* } */ /* if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */ -/* com_err(progname, retval, "while initializing the database '%s'", */ -/* global_params.dbname); */ -/* exit_status++; return; */ +/* com_err(progname, retval, "while initializing the database '%s'", */ +/* global_params.dbname); */ +/* exit_status++; return; */ /* } */ if (log_ctx && log_ctx->iproprole) { - if ((retval = ulog_map(util_context, global_params.iprop_logfile, - global_params.iprop_ulogsize, FKCOMMAND, - db5util_db_args))) { - com_err(argv[0], retval, - _("while creating update log")); - exit_status++; - return; - } - - /* - * We're reinitializing the update log in case one already - * existed, but this should never happen. - */ - (void) memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t)); - - log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - log_ctx->ulog->db_version_num = KDB_VERSION; - log_ctx->ulog->kdb_state = KDB_STABLE; - log_ctx->ulog->kdb_block = ULOG_BLOCK; - - /* - * Since we're creating a new db we shouldn't worry about - * adding the initial principals since any slave might as well - * do full resyncs from this newly created db. - */ - log_ctx->iproprole = IPROP_NULL; + if ((retval = ulog_map(util_context, global_params.iprop_logfile, + global_params.iprop_ulogsize, FKCOMMAND, + db5util_db_args))) { + com_err(argv[0], retval, + _("while creating update log")); + exit_status++; + return; + } + + /* + * We're reinitializing the update log in case one already + * existed, but this should never happen. + */ + (void) memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t)); + + log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + log_ctx->ulog->db_version_num = KDB_VERSION; + log_ctx->ulog->kdb_state = KDB_STABLE; + log_ctx->ulog->kdb_block = ULOG_BLOCK; + + /* + * Since we're creating a new db we shouldn't worry about + * adding the initial principals since any slave might as well + * do full resyncs from this newly created db. + */ + log_ctx->iproprole = IPROP_NULL; } if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) || - (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { - (void) krb5_db_fini(util_context); - com_err(progname, retval, "while adding entries to the database"); - exit_status++; return; + (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { + (void) krb5_db_fini(util_context); + com_err(progname, retval, "while adding entries to the database"); + exit_status++; return; } @@ -342,29 +343,29 @@ master key name '%s'\n", mkey_kvno = 1; /* Default */ retval = krb5_db_store_master_key(util_context, - global_params.stash_file, - master_princ, - mkey_kvno, - &master_keyblock, - mkey_password); + global_params.stash_file, + master_princ, + mkey_kvno, + &master_keyblock, + mkey_password); if (retval) { - com_err(progname, errno, "while storing key"); - printf("Warning: couldn't stash master key.\n"); + com_err(progname, errno, "while storing key"); + printf("Warning: couldn't stash master key.\n"); } /* clean up */ (void) krb5_db_fini(util_context); memset(master_keyblock.contents, 0, master_keyblock.length); free(master_keyblock.contents); if (pw_str) { - memset(pw_str, 0, pw_size); - free(pw_str); + memset(pw_str, 0, pw_size); + free(pw_str); } free(master_salt.data); if (kadm5_create(&global_params)) { - if (!do_stash) unlink(global_params.stash_file); - exit_status++; - return; + if (!do_stash) unlink(global_params.stash_file); + exit_status++; + return; } if (!do_stash) unlink(global_params.stash_file); @@ -373,15 +374,15 @@ master key name '%s'\n", static krb5_error_code tgt_keysalt_iterate(ksent, ptr) - krb5_key_salt_tuple *ksent; - krb5_pointer ptr; + krb5_key_salt_tuple *ksent; + krb5_pointer ptr; { - krb5_context context; - krb5_error_code kret; - struct iterate_args *iargs; - krb5_keyblock key; - krb5_int32 ind; - krb5_data pwd; + krb5_context context; + krb5_error_code kret; + struct iterate_args *iargs; + krb5_keyblock key; + krb5_int32 ind; + krb5_data pwd; iargs = (struct iterate_args *) ptr; kret = 0; @@ -396,20 +397,20 @@ tgt_keysalt_iterate(ksent, ptr) pwd.length = strlen(mkey_password); kret = krb5_c_random_seed(context, &pwd); if (kret) - return kret; + return kret; if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) { - ind = iargs->dbentp->n_key_data-1; - if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype, - &key))) { - kret = krb5_dbekd_encrypt_key_data(context, - iargs->rblock->key, - &key, - NULL, - 1, - &iargs->dbentp->key_data[ind]); - krb5_free_keyblock_contents(context, &key); - } + ind = iargs->dbentp->n_key_data-1; + if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype, + &key))) { + kret = krb5_dbekd_encrypt_key_data(context, + iargs->rblock->key, + &key, + NULL, + 1, + &iargs->dbentp->key_data[ind]); + krb5_free_keyblock_contents(context, &key); + } } return(kret); @@ -422,12 +423,12 @@ add_principal(context, princ, op, pblock) enum ap_op op; struct realm_info *pblock; { - krb5_error_code retval; - krb5_db_entry entry; + krb5_error_code retval; + krb5_db_entry entry; krb5_kvno mkey_kvno; - krb5_timestamp now; - struct iterate_args iargs; - int nentries = 1; + krb5_timestamp now; + struct iterate_args iargs; + int nentries = 1; krb5_actkvno_node actkvno; memset(&entry, 0, sizeof(entry)); @@ -439,32 +440,32 @@ add_principal(context, princ, op, pblock) entry.expiration = pblock->expiration; if ((retval = krb5_copy_principal(context, princ, &entry.princ))) - goto error_out; + goto error_out; if ((retval = krb5_timeofday(context, &now))) - goto error_out; + goto error_out; if ((retval = krb5_dbe_update_mod_princ_data(context, &entry, - now, &db_create_princ))) - goto error_out; + now, &db_create_princ))) + goto error_out; switch (op) { case MASTER_KEY: - if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) - == NULL) - goto error_out; - memset(entry.key_data, 0, sizeof(krb5_key_data)); - entry.n_key_data = 1; + if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) + == NULL) + goto error_out; + memset(entry.key_data, 0, sizeof(krb5_key_data)); + entry.n_key_data = 1; if (global_params.mask & KADM5_CONFIG_KVNO) mkey_kvno = global_params.kvno; /* user specified */ else mkey_kvno = 1; /* Default */ - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &master_keyblock, NULL, - mkey_kvno, entry.key_data))) - return retval; + entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key, + &master_keyblock, NULL, + mkey_kvno, entry.key_data))) + return retval; /* * There should always be at least one "active" mkey so creating the * KRB5_TL_ACTKVNO entry now so the initial mkey is active. @@ -480,30 +481,30 @@ add_principal(context, princ, op, pblock) if ((retval = krb5_dbe_update_mkvno(context, &entry, mkey_kvno))) return retval; - break; + break; case TGT_KEY: - iargs.ctx = context; - iargs.rblock = pblock; - iargs.dbentp = &entry; - /* - * Iterate through the key/salt list, ignoring salt types. - */ - if ((retval = krb5_keysalt_iterate(pblock->kslist, - pblock->nkslist, - 1, - tgt_keysalt_iterate, - (krb5_pointer) &iargs))) - return retval; - break; + iargs.ctx = context; + iargs.rblock = pblock; + iargs.dbentp = &entry; + /* + * Iterate through the key/salt list, ignoring salt types. + */ + if ((retval = krb5_keysalt_iterate(pblock->kslist, + pblock->nkslist, + 1, + tgt_keysalt_iterate, + (krb5_pointer) &iargs))) + return retval; + break; case NULL_KEY: - return EOPNOTSUPP; + return EOPNOTSUPP; default: - break; + break; } entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | - KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA | - KADM5_PRINC_EXPIRE_TIME); + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA | + KADM5_PRINC_EXPIRE_TIME); retval = krb5_db_put_principal(context, &entry, &nentries); diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c index 9640286..d5e8e9e 100644 --- a/src/kadmin/dbutil/kdb5_destroy.c +++ b/src/kadmin/dbutil/kdb5_destroy.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * admin/destroy/kdb5_destroy.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * kdb_dest(roy): destroy the named database. * @@ -40,8 +41,8 @@ extern int exit_status; extern krb5_boolean dbactive; extern kadm5_config_params global_params; -char *yes = "yes\n"; /* \n to compare against result of - fgets */ +char *yes = "yes\n"; /* \n to compare against result of + fgets */ void kdb5_destroy(argc, argv) @@ -60,51 +61,51 @@ kdb5_destroy(argc, argv) retval1 = kadm5_init_krb5_context(&context); if( retval1 ) { - com_err(progname, retval1, "while initializing krb5_context"); - exit(1); + com_err(progname, retval1, "while initializing krb5_context"); + exit(1); } if ((retval1 = krb5_set_default_realm(context, - util_context->default_realm))) { - com_err(progname, retval1, "while setting default realm name"); - exit(1); + util_context->default_realm))) { + com_err(progname, retval1, "while setting default realm name"); + exit(1); } - + dbname = global_params.dbname; optind = 1; while ((optchar = getopt(argc, argv, "f")) != -1) { - switch(optchar) { - case 'f': - force++; - break; - case '?': - default: - usage(); - return; - /*NOTREACHED*/ - } + switch(optchar) { + case 'f': + force++; + break; + case '?': + default: + usage(); + return; + /*NOTREACHED*/ + } } if (!force) { - printf("Deleting KDC database stored in '%s', are you sure?\n", dbname); - printf("(type 'yes' to confirm)? "); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - exit_status++; return; + printf("Deleting KDC database stored in '%s', are you sure?\n", dbname); + printf("(type 'yes' to confirm)? "); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + exit_status++; return; } - if (strcmp(buf, yes)) { - exit_status++; return; + if (strcmp(buf, yes)) { + exit_status++; return; } - printf("OK, deleting database '%s'...\n", dbname); + printf("OK, deleting database '%s'...\n", dbname); } retval1 = krb5_db_destroy(context, db5util_db_args); if (retval1) { - com_err(progname, retval1, "deleting database '%s'",dbname); - exit_status++; return; + com_err(progname, retval1, "deleting database '%s'",dbname); + exit_status++; return; } if (global_params.iprop_enabled) { - (void) unlink(global_params.iprop_logfile); + (void) unlink(global_params.iprop_logfile); } dbactive = FALSE; diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 7827b29..a5be001 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. @@ -23,10 +23,10 @@ #error I cannot find any regexp functions #endif #ifdef SOLARIS_REGEXPS -#include <regexpr.h> +#include <regexpr.h> #endif #ifdef POSIX_REGEXPS -#include <regex.h> +#include <regex.h> #endif extern krb5_keyblock master_keyblock; /* current mkey */ @@ -106,7 +106,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, /* Note, mkey does not have salt */ /* add new mkey encrypted with itself to mkey princ entry */ if ((retval = krb5_dbekd_encrypt_key_data(context, new_mkey, - new_mkey, NULL, + new_mkey, NULL, (int) new_mkey_kvno, &master_entry->key_data[0]))) { return (retval); @@ -234,7 +234,7 @@ kdb5_add_mkey(int argc, char *argv[]) case '?': default: usage(); - return; + return; } } @@ -244,7 +244,7 @@ kdb5_add_mkey(int argc, char *argv[]) /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, global_params.mkey_name, - global_params.realm, + global_params.realm, &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; @@ -274,7 +274,7 @@ kdb5_add_mkey(int argc, char *argv[]) } printf("Creating new master key for master key principal '%s'\n", - mkey_fullname); + mkey_fullname); printf("You will be prompted for a new database Master Password.\n"); printf("It is important that you NOT FORGET this password.\n"); @@ -306,7 +306,7 @@ kdb5_add_mkey(int argc, char *argv[]) goto cleanup_return; } - retval = krb5_c_string_to_key(util_context, new_master_enctype, + retval = krb5_c_string_to_key(util_context, new_master_enctype, &pwd, &master_salt, &new_mkeyblock); if (retval) { com_err(progname, retval, "while transforming master key from password"); @@ -378,7 +378,7 @@ kdb5_use_mkey(int argc, char *argv[]) krb5_kvno use_kvno; krb5_timestamp now, start_time; krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL, - *prev_actkvno, *cur_actkvno; + *prev_actkvno, *cur_actkvno; krb5_db_entry master_entry; int nentries = 0; krb5_boolean more = FALSE; @@ -443,7 +443,7 @@ kdb5_use_mkey(int argc, char *argv[]) /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, global_params.mkey_name, - global_params.realm, + global_params.realm, &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; @@ -609,7 +609,7 @@ kdb5_list_mkeys(int argc, char *argv[]) /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, global_params.mkey_name, - global_params.realm, + global_params.realm, &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; @@ -752,9 +752,9 @@ struct update_enc_mkvno { * * Arguments: * - * glob (r) the shell-style glob (?*[]) to convert - * realm (r) the default realm to append, or NULL - * regexp (w) the ed-style regexp created from glob + * glob (r) the shell-style glob (?*[]) to convert + * realm (r) the default realm to append, or NULL + * regexp (w) the ed-style regexp created from glob * * Effects: * @@ -765,69 +765,69 @@ struct update_enc_mkvno { * * Conversion algorithm: * - * quoted characters are copied quoted - * ? is converted to . - * * is converted to .* - * active characters are quoted: ^, $, . - * [ and ] are active but supported and have the same meaning, so - * they are copied - * other characters are copied - * regexp is anchored with ^ and $ + * quoted characters are copied quoted + * ? is converted to . + * * is converted to .* + * active characters are quoted: ^, $, . + * [ and ] are active but supported and have the same meaning, so + * they are copied + * other characters are copied + * regexp is anchored with ^ and $ */ static int glob_to_regexp(char *glob, char *realm, char **regexp) { - int append_realm; - char *p; - - /* validate the glob */ - if (glob[strlen(glob)-1] == '\\') - return EINVAL; - - /* A character of glob can turn into two in regexp, plus ^ and $ */ - /* and trailing null. If glob has no @, also allocate space for */ - /* the realm. */ - append_realm = (realm != NULL) && (strchr(glob, '@') == NULL); - p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0)); - if (p == NULL) - return ENOMEM; - *regexp = p; - - *p++ = '^'; - while (*glob) { - switch (*glob) { - case '?': - *p++ = '.'; - break; - case '*': - *p++ = '.'; - *p++ = '*'; - break; - case '.': - case '^': - case '$': - *p++ = '\\'; - *p++ = *glob; - break; - case '\\': - *p++ = '\\'; - *p++ = *++glob; - break; - default: - *p++ = *glob; - break; - } - glob++; - } - - if (append_realm) { - *p++ = '@'; - *p++ = '.'; - *p++ = '*'; - } - - *p++ = '$'; - *p++ = '\0'; - return 0; + int append_realm; + char *p; + + /* validate the glob */ + if (glob[strlen(glob)-1] == '\\') + return EINVAL; + + /* A character of glob can turn into two in regexp, plus ^ and $ */ + /* and trailing null. If glob has no @, also allocate space for */ + /* the realm. */ + append_realm = (realm != NULL) && (strchr(glob, '@') == NULL); + p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0)); + if (p == NULL) + return ENOMEM; + *regexp = p; + + *p++ = '^'; + while (*glob) { + switch (*glob) { + case '?': + *p++ = '.'; + break; + case '*': + *p++ = '.'; + *p++ = '*'; + break; + case '.': + case '^': + case '$': + *p++ = '\\'; + *p++ = *glob; + break; + case '\\': + *p++ = '\\'; + *p++ = *++glob; + break; + default: + *p++ = *glob; + break; + } + glob++; + } + + if (append_realm) { + *p++ = '@'; + *p++ = '.'; + *p++ = '*'; + } + + *p++ = '$'; + *p++ = '\0'; + return 0; } static int @@ -1029,7 +1029,7 @@ kdb5_update_princ_encryption(int argc, char *argv[]) #ifdef BSD_REGEXPS ((msg = (char *) re_comp(regexp)) != NULL) #endif - ) { + ) { /* XXX syslog msg or regerr(regerrno) */ com_err(progname, 0, "error compiling converted regexp '%s'", regexp); exit_status++; @@ -1189,14 +1189,14 @@ kdb5_purge_mkeys(int argc, char *argv[]) case '?': default: usage(); - return; + return; } } /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, global_params.mkey_name, - global_params.realm, + global_params.realm, &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index cdd947a..3f42134 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * admin/stash/kdb5_stash.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Store the master database key in a file. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -87,14 +88,14 @@ kdb5_stash(argc, argv) retval = kadm5_init_krb5_context(&context); if( retval ) { - com_err(progname, retval, "while initializing krb5_context"); - exit(1); + com_err(progname, retval, "while initializing krb5_context"); + exit(1); } if ((retval = krb5_set_default_realm(context, - util_context->default_realm))) { - com_err(progname, retval, "while setting default realm name"); - exit(1); + util_context->default_realm))) { + com_err(progname, retval, "while setting default realm name"); + exit(1); } dbname = global_params.dbname; @@ -104,41 +105,41 @@ kdb5_stash(argc, argv) optind = 1; while ((optchar = getopt(argc, argv, "f:")) != -1) { - switch(optchar) { - case 'f': - keyfile = optarg; - break; - case '?': - default: - usage(); - return; - } + switch(optchar) { + case 'f': + keyfile = optarg; + break; + case '?': + default: + usage(); + return; + } } if (!krb5_c_valid_enctype(master_keyblock.enctype)) { - char tmp[32]; - if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp))) - com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up enctype %d", master_keyblock.enctype); - else - com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp); - exit_status++; return; + char tmp[32]; + if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp))) + com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, + "while setting up enctype %d", master_keyblock.enctype); + else + com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp); + exit_status++; return; } /* assemble & parse the master key name */ - retval = krb5_db_setup_mkey_name(context, mkey_name, realm, - &mkey_fullname, &master_princ); + retval = krb5_db_setup_mkey_name(context, mkey_name, realm, + &mkey_fullname, &master_princ); if (retval) { - com_err(progname, retval, "while setting up master key name"); - exit_status++; return; + com_err(progname, retval, "while setting up master key name"); + exit_status++; return; } - retval = krb5_db_open(context, db5util_db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER); + retval = krb5_db_open(context, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER); if (retval) { - com_err(progname, retval, "while initializing the database '%s'", - dbname); - exit_status++; return; + com_err(progname, retval, "while initializing the database '%s'", + dbname); + exit_status++; return; } if (global_params.mask & KADM5_CONFIG_KVNO) @@ -147,45 +148,45 @@ kdb5_stash(argc, argv) mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */ if (!valid_master_key) { - /* TRUE here means read the keyboard, but only once */ - retval = krb5_db_fetch_mkey(context, master_princ, - master_keyblock.enctype, - TRUE, FALSE, (char *) NULL, - &mkey_kvno, - NULL, &master_keyblock); - if (retval) { - com_err(progname, retval, "while reading master key"); - (void) krb5_db_fini(context); - exit_status++; return; - } - - retval = krb5_db_fetch_mkey_list(context, master_princ, - &master_keyblock, mkey_kvno, - &master_keylist); - if (retval) { - com_err(progname, retval, "while getting master key list"); - (void) krb5_db_fini(context); - exit_status++; return; - } + /* TRUE here means read the keyboard, but only once */ + retval = krb5_db_fetch_mkey(context, master_princ, + master_keyblock.enctype, + TRUE, FALSE, (char *) NULL, + &mkey_kvno, + NULL, &master_keyblock); + if (retval) { + com_err(progname, retval, "while reading master key"); + (void) krb5_db_fini(context); + exit_status++; return; + } + + retval = krb5_db_fetch_mkey_list(context, master_princ, + &master_keyblock, mkey_kvno, + &master_keylist); + if (retval) { + com_err(progname, retval, "while getting master key list"); + (void) krb5_db_fini(context); + exit_status++; return; + } } else { - printf("Using existing stashed keys to update stash file.\n"); + printf("Using existing stashed keys to update stash file.\n"); } - retval = krb5_db_store_master_key_list(context, keyfile, master_princ, - master_keylist, NULL); + retval = krb5_db_store_master_key_list(context, keyfile, master_princ, + master_keylist, NULL); if (retval) { - com_err(progname, errno, "while storing key"); - (void) krb5_db_fini(context); - exit_status++; return; + com_err(progname, errno, "while storing key"); + (void) krb5_db_fini(context); + exit_status++; return; } retval = krb5_db_fini(context); if (retval) { - com_err(progname, retval, "closing database '%s'", dbname); - exit_status++; return; + com_err(progname, retval, "closing database '%s'", dbname); + exit_status++; return; } krb5_free_context(context); exit_status = 0; - return; + return; } diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index a4b2e68..ed6ce65 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * admin/edit/kdb5_edit.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Edit a KDC database. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -65,8 +66,8 @@ #include <time.h> #include "kdb5_util.h" -char *Err_no_master_msg = "Master key not entered!\n"; -char *Err_no_database = "Database not currently opened!\n"; +char *Err_no_master_msg = "Master key not entered!\n"; +char *Err_no_database = "Database not currently opened!\n"; /* * XXX Ick, ick, ick. These global variables shouldn't be global.... @@ -84,28 +85,28 @@ kadm5_config_params global_params; void usage() { - fprintf(stderr, "Usage: " - "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" - "\t [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n" - "\tcreate [-s]\n" - "\tdestroy [-f]\n" - "\tstash [-f keyfile]\n" - "\tdump [-old|-ov|-b6|-b7|-r13] [-verbose]\n" - "\t [-mkey_convert] [-new_mkey_file mkey_file]\n" - "\t [-rev] [-recurse] [filename [princs...]]\n" - "\tload [-old|-ov|-b6|-b7|-r13] [-verbose] [-update] filename\n" - "\tark [-e etype_list] principal\n" - "\tadd_mkey [-e etype] [-s]\n" - "\tuse_mkey kvno [time]\n" - "\tlist_mkeys\n" - ); - /* avoid a string length compiler warning */ - fprintf(stderr, - "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n" - "\tpurge_mkeys [-f] [-n] [-v]\n" - "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" - "\t\t\tLook at each database documentation for supported arguments\n"); - exit(1); + fprintf(stderr, "Usage: " + "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" + "\t [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n" + "\tcreate [-s]\n" + "\tdestroy [-f]\n" + "\tstash [-f keyfile]\n" + "\tdump [-old|-ov|-b6|-b7|-r13] [-verbose]\n" + "\t [-mkey_convert] [-new_mkey_file mkey_file]\n" + "\t [-rev] [-recurse] [filename [princs...]]\n" + "\tload [-old|-ov|-b6|-b7|-r13] [-verbose] [-update] filename\n" + "\tark [-e etype_list] principal\n" + "\tadd_mkey [-e etype] [-s]\n" + "\tuse_mkey kvno [time]\n" + "\tlist_mkeys\n" + ); + /* avoid a string length compiler warning */ + fprintf(stderr, + "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n" + "\tpurge_mkeys [-f] [-n] [-v]\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n"); + exit(1); } extern krb5_keyblock master_keyblock; @@ -113,7 +114,7 @@ krb5_kvno master_kvno; /* fetched */ extern krb5_keylist_node *master_keylist; extern krb5_principal master_princ; krb5_db_entry master_entry; -int valid_master_key = 0; +int valid_master_key = 0; char *progname; krb5_boolean manual_mkey = FALSE; @@ -122,57 +123,57 @@ krb5_boolean dbactive = FALSE; static int open_db_and_mkey(void); static void add_random_key(int, char **); - + typedef void (*cmd_func)(int, char **); struct _cmd_table { - char *name; - cmd_func func; - int opendb; + char *name; + cmd_func func; + int opendb; } cmd_table[] = { - {"create", kdb5_create, 0}, - {"destroy", kdb5_destroy, 1}, /* 1 opens the kdb */ - {"stash", kdb5_stash, 1}, - {"dump", dump_db, 1}, - {"load", load_db, 0}, - {"ark", add_random_key, 1}, - {"add_mkey", kdb5_add_mkey, 1}, - {"use_mkey", kdb5_use_mkey, 1}, - {"list_mkeys", kdb5_list_mkeys, 1}, - {"update_princ_encryption", kdb5_update_princ_encryption, 1}, - {"purge_mkeys", kdb5_purge_mkeys, 1}, - {NULL, NULL, 0}, + {"create", kdb5_create, 0}, + {"destroy", kdb5_destroy, 1}, /* 1 opens the kdb */ + {"stash", kdb5_stash, 1}, + {"dump", dump_db, 1}, + {"load", load_db, 0}, + {"ark", add_random_key, 1}, + {"add_mkey", kdb5_add_mkey, 1}, + {"use_mkey", kdb5_use_mkey, 1}, + {"list_mkeys", kdb5_list_mkeys, 1}, + {"update_princ_encryption", kdb5_update_princ_encryption, 1}, + {"purge_mkeys", kdb5_purge_mkeys, 1}, + {NULL, NULL, 0}, }; static struct _cmd_table *cmd_lookup(name) - char *name; + char *name; { - struct _cmd_table *cmd = cmd_table; - while (cmd->name) { - if (strcmp(cmd->name, name) == 0) - return cmd; - else - cmd++; - } - - return NULL; + struct _cmd_table *cmd = cmd_table; + while (cmd->name) { + if (strcmp(cmd->name, name) == 0) + return cmd; + else + cmd++; + } + + return NULL; } #define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL)) char **db5util_db_args = NULL; int db5util_db_args_size = 0; - + static void extended_com_err_fn (const char *myprog, errcode_t code, - const char *fmt, va_list args) + const char *fmt, va_list args) { const char *emsg; if (code) { - emsg = krb5_get_error_message (util_context, code); - fprintf (stderr, "%s: %s ", myprog, emsg); - krb5_free_error_message (util_context, emsg); + emsg = krb5_get_error_message (util_context, code); + fprintf (stderr, "%s: %s ", myprog, emsg); + krb5_free_error_message (util_context, emsg); } else { - fprintf (stderr, "%s: ", myprog); + fprintf (stderr, "%s: ", myprog); } vfprintf (stderr, fmt, args); fprintf (stderr, "\n"); @@ -183,9 +184,9 @@ int add_db_arg(char *arg) char **temp; db5util_db_args_size++; temp = realloc(db5util_db_args, - sizeof(char *) * (db5util_db_args_size + 1)); + sizeof(char *) * (db5util_db_args_size + 1)); if (temp == NULL) - return 0; + return 0; db5util_db_args = temp; db5util_db_args[db5util_db_args_size-1] = arg; db5util_db_args[db5util_db_args_size] = NULL; @@ -197,7 +198,7 @@ int main(argc, argv) char *argv[]; { struct _cmd_table *cmd = NULL; - char *koptarg, **cmd_argv; + char *koptarg, **cmd_argv; char *db_name_tmp = NULL; int cmd_argc; krb5_error_code retval; @@ -208,111 +209,111 @@ int main(argc, argv) * Ensure that "progname" is set before calling com_err. */ progname = (strrchr(argv[0], '/') ? - strrchr(argv[0], '/') + 1 : argv[0]); + strrchr(argv[0], '/') + 1 : argv[0]); retval = kadm5_init_krb5_context(&util_context); if (retval) { - com_err (progname, retval, "while initializing Kerberos code"); - exit(1); + com_err (progname, retval, "while initializing Kerberos code"); + exit(1); } cmd_argv = (char **) malloc(sizeof(char *)*argc); if (cmd_argv == NULL) { - com_err(progname, ENOMEM, "while creating sub-command arguments"); - exit(1); + com_err(progname, ENOMEM, "while creating sub-command arguments"); + exit(1); } memset(cmd_argv, 0, sizeof(char *)*argc); cmd_argc = 1; argv++; argc--; while (*argv) { - if (strcmp(*argv, "-P") == 0 && ARG_VAL) { - mkey_password = koptarg; - manual_mkey = TRUE; - } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { - global_params.dbname = koptarg; - global_params.mask |= KADM5_CONFIG_DBNAME; - - if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0) - { - com_err(progname, ENOMEM, "while parsing command arguments"); - exit(1); - } - - if (!add_db_arg(db_name_tmp)) { - com_err(progname, ENOMEM, "while parsing command arguments\n"); - exit(1); - } - - } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) { - if (!add_db_arg(koptarg)) { - com_err(progname, ENOMEM, "while parsing command arguments\n"); - exit(1); - } - - } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { - global_params.realm = koptarg; - global_params.mask |= KADM5_CONFIG_REALM; - /* not sure this is really necessary */ - if ((retval = krb5_set_default_realm(util_context, - global_params.realm))) { - com_err(progname, retval, "while setting default realm name"); - exit(1); - } - } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { - if (krb5_string_to_enctype(koptarg, &global_params.enctype)) { - com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg); + if (strcmp(*argv, "-P") == 0 && ARG_VAL) { + mkey_password = koptarg; + manual_mkey = TRUE; + } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { + global_params.dbname = koptarg; + global_params.mask |= KADM5_CONFIG_DBNAME; + + if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0) + { + com_err(progname, ENOMEM, "while parsing command arguments"); + exit(1); + } + + if (!add_db_arg(db_name_tmp)) { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) { + if (!add_db_arg(koptarg)) { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { + global_params.realm = koptarg; + global_params.mask |= KADM5_CONFIG_REALM; + /* not sure this is really necessary */ + if ((retval = krb5_set_default_realm(util_context, + global_params.realm))) { + com_err(progname, retval, "while setting default realm name"); + exit(1); + } + } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { + if (krb5_string_to_enctype(koptarg, &global_params.enctype)) { + com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg); exit(1); } else - global_params.mask |= KADM5_CONFIG_ENCTYPE; - } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) { - global_params.kvno = (krb5_kvno) atoi(koptarg); + global_params.mask |= KADM5_CONFIG_ENCTYPE; + } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) { + global_params.kvno = (krb5_kvno) atoi(koptarg); if (global_params.kvno == IGNORE_VNO) { com_err(progname, EINVAL, ": %s is an invalid mkeyVNO", koptarg); exit(1); } else global_params.mask |= KADM5_CONFIG_KVNO; - } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { - global_params.mkey_name = koptarg; - global_params.mask |= KADM5_CONFIG_MKEY_NAME; - } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) { - global_params.stash_file = koptarg; - global_params.mask |= KADM5_CONFIG_STASH_FILE; - } else if (strcmp(*argv, "-m") == 0) { - manual_mkey = TRUE; - global_params.mkey_from_kbd = 1; - global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - } else if (cmd_lookup(*argv) != NULL) { - if (cmd_argv[0] == NULL) - cmd_argv[0] = *argv; - else - usage(); - } else { - cmd_argv[cmd_argc++] = *argv; - } - argv++; argc--; + } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { + global_params.mkey_name = koptarg; + global_params.mask |= KADM5_CONFIG_MKEY_NAME; + } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) { + global_params.stash_file = koptarg; + global_params.mask |= KADM5_CONFIG_STASH_FILE; + } else if (strcmp(*argv, "-m") == 0) { + manual_mkey = TRUE; + global_params.mkey_from_kbd = 1; + global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; + } else if (cmd_lookup(*argv) != NULL) { + if (cmd_argv[0] == NULL) + cmd_argv[0] = *argv; + else + usage(); + } else { + cmd_argv[cmd_argc++] = *argv; + } + argv++; argc--; } if (cmd_argv[0] == NULL) - usage(); - + usage(); + if( !util_context->default_realm ) { - char *temp = NULL; - retval = krb5_get_default_realm(util_context, &temp); - if( retval ) - { - com_err (progname, retval, "while getting default realm"); - exit(1); - } - util_context->default_realm = temp; + char *temp = NULL; + retval = krb5_get_default_realm(util_context, &temp); + if( retval ) + { + com_err (progname, retval, "while getting default realm"); + exit(1); + } + util_context->default_realm = temp; } retval = kadm5_get_config_params(util_context, 1, - &global_params, &global_params); + &global_params, &global_params); if (retval) { - com_err(progname, retval, "while retreiving configuration parameters"); - exit(1); + com_err(progname, retval, "while retreiving configuration parameters"); + exit(1); } /* @@ -323,27 +324,27 @@ int main(argc, argv) master_keyblock.enctype = global_params.enctype; if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) && - (!krb5_c_valid_enctype(master_keyblock.enctype))) { - com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up enctype %d", master_keyblock.enctype); + (!krb5_c_valid_enctype(master_keyblock.enctype))) { + com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, + "while setting up enctype %d", master_keyblock.enctype); } cmd = cmd_lookup(cmd_argv[0]); if (cmd->opendb && open_db_and_mkey()) - return exit_status; + return exit_status; if (global_params.iprop_enabled == TRUE) - ulog_set_role(util_context, IPROP_MASTER); + ulog_set_role(util_context, IPROP_MASTER); else - ulog_set_role(util_context, IPROP_NULL); + ulog_set_role(util_context, IPROP_NULL); (*cmd->func)(cmd_argc, cmd_argv); if( db_name_tmp ) - free( db_name_tmp ); + free( db_name_tmp ); if( db5util_db_args ) - free(db5util_db_args); + free(db5util_db_args); kadm5_free_config_params(util_context, &global_params); krb5_free_context(util_context); @@ -362,24 +363,24 @@ void set_dbname(argc, argv) krb5_error_code retval; if (argc < 3) { - com_err(argv[0], 0, "Too few arguments"); - com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]); - exit_status++; - return; + com_err(argv[0], 0, "Too few arguments"); + com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]); + exit_status++; + return; } if (dbactive) { - if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) { - com_err(progname, retval, "while closing previous database"); - exit_status++; - return; - } - if (valid_master_key) { - krb5_free_keyblock_contents(util_context, &master_keyblock); - master_keyblock.contents = NULL; - valid_master_key = 0; - } - krb5_free_principal(util_context, master_princ); - dbactive = FALSE; + if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) { + com_err(progname, retval, "while closing previous database"); + exit_status++; + return; + } + if (valid_master_key) { + krb5_free_keyblock_contents(util_context, &master_keyblock); + master_keyblock.contents = NULL; + valid_master_key = 0; + } + krb5_free_principal(util_context, master_princ); + dbactive = FALSE; } (void) set_dbname_help(progname, argv[1]); @@ -406,41 +407,41 @@ static int open_db_and_mkey() dbactive = FALSE; valid_master_key = 0; - if ((retval = krb5_db_open(util_context, db5util_db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) { - com_err(progname, retval, "while initializing database"); - exit_status++; - return(1); + if ((retval = krb5_db_open(util_context, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) { + com_err(progname, retval, "while initializing database"); + exit_status++; + return(1); } - /* assemble & parse the master key name */ + /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - 0, &master_princ))) { - com_err(progname, retval, "while setting up master key name"); - exit_status++; - return(1); + global_params.mkey_name, + global_params.realm, + 0, &master_princ))) { + com_err(progname, retval, "while setting up master key name"); + exit_status++; + return(1); } nentries = 1; - if ((retval = krb5_db_get_principal(util_context, master_princ, - &master_entry, &nentries, &more))) { - com_err(progname, retval, "while retrieving master entry"); - exit_status++; - (void) krb5_db_fini(util_context); - return(1); + if ((retval = krb5_db_get_principal(util_context, master_princ, + &master_entry, &nentries, &more))) { + com_err(progname, retval, "while retrieving master entry"); + exit_status++; + (void) krb5_db_fini(util_context); + return(1); } else if (more) { - com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, - "while retrieving master entry"); - exit_status++; - (void) krb5_db_fini(util_context); - return(1); + com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, + "while retrieving master entry"); + exit_status++; + (void) krb5_db_fini(util_context); + return(1); } else if (!nentries) { - com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry"); - exit_status++; - (void) krb5_db_fini(util_context); - return(1); + com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry"); + exit_status++; + (void) krb5_db_fini(util_context); + return(1); } if (global_params.mask & KADM5_CONFIG_KVNO) @@ -450,43 +451,43 @@ static int open_db_and_mkey() /* the databases are now open, and the master principal exists */ dbactive = TRUE; - + if (mkey_password) { - pwd.data = mkey_password; - pwd.length = strlen(mkey_password); - retval = krb5_principal2salt(util_context, master_princ, &scratch); - if (retval) { - com_err(progname, retval, "while calculated master key salt"); - exit_status++; - return(1); - } - - /* If no encryption type is set, use the default */ - if (master_keyblock.enctype == ENCTYPE_UNKNOWN) - master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; + pwd.data = mkey_password; + pwd.length = strlen(mkey_password); + retval = krb5_principal2salt(util_context, master_princ, &scratch); + if (retval) { + com_err(progname, retval, "while calculated master key salt"); + exit_status++; + return(1); + } + + /* If no encryption type is set, use the default */ + if (master_keyblock.enctype == ENCTYPE_UNKNOWN) + master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; if (!krb5_c_valid_enctype(master_keyblock.enctype)) com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); - retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, - &pwd, &scratch, &master_keyblock); - if (retval) { - com_err(progname, retval, - "while transforming master key from password"); - exit_status++; - return(1); - } - free(scratch.data); - mkey_password = 0; + retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, + &pwd, &scratch, &master_keyblock); + if (retval) { + com_err(progname, retval, + "while transforming master key from password"); + exit_status++; + return(1); + } + free(scratch.data); + mkey_password = 0; } else { - if ((retval = krb5_db_fetch_mkey(util_context, master_princ, - master_keyblock.enctype, - manual_mkey, FALSE, - global_params.stash_file, - &master_kvno, - 0, &master_keyblock))) { + if ((retval = krb5_db_fetch_mkey(util_context, master_princ, + master_keyblock.enctype, + manual_mkey, FALSE, + global_params.stash_file, + &master_kvno, + 0, &master_keyblock))) { com_err(progname, retval, "while reading master key"); com_err(progname, 0, "Warning: proceeding without master key"); exit_status++; @@ -495,34 +496,34 @@ static int open_db_and_mkey() } #if 0 /************** Begin IFDEF'ed OUT *******************************/ /* krb5_db_fetch_mkey_list will verify the mkey */ - if ((retval = krb5_db_verify_master_key(util_context, master_princ, - master_kvno, &master_keyblock))) { - com_err(progname, retval, "while verifying master key"); - exit_status++; - krb5_free_keyblock_contents(util_context, &master_keyblock); - return(1); + if ((retval = krb5_db_verify_master_key(util_context, master_princ, + master_kvno, &master_keyblock))) { + com_err(progname, retval, "while verifying master key"); + exit_status++; + krb5_free_keyblock_contents(util_context, &master_keyblock); + return(1); } #endif /**************** END IFDEF'ed OUT *******************************/ if ((retval = krb5_db_fetch_mkey_list(util_context, master_princ, - &master_keyblock, master_kvno, + &master_keyblock, master_kvno, &master_keylist))) { - com_err(progname, retval, "while getting master key list"); - com_err(progname, 0, "Warning: proceeding without master key list"); - exit_status++; - return(0); + com_err(progname, retval, "while getting master key list"); + com_err(progname, 0, "Warning: proceeding without master key list"); + exit_status++; + return(0); } seed.length = master_keyblock.length; seed.data = (char *) master_keyblock.contents; if ((retval = krb5_c_random_seed(util_context, &seed))) { - com_err(progname, retval, "while seeding random number generator"); - exit_status++; - memset(master_keyblock.contents, 0, master_keyblock.length); - krb5_free_keyblock_contents(util_context, &master_keyblock); + com_err(progname, retval, "while seeding random number generator"); + exit_status++; + memset(master_keyblock.contents, 0, master_keyblock.length); + krb5_free_keyblock_contents(util_context, &master_keyblock); krb5_db_free_mkey_list(util_context, master_keylist); - return(1); + return(1); } valid_master_key = 1; @@ -534,22 +535,22 @@ static int open_db_and_mkey() #undef getwd #endif -int +int quit() { krb5_error_code retval; static krb5_boolean finished = 0; if (finished) - return 0; + return 0; krb5_db_free_mkey_list(util_context, master_keylist); retval = krb5_db_fini(util_context); memset(master_keyblock.contents, 0, master_keyblock.length); finished = TRUE; if (retval && retval != KRB5_KDB_DBNOTINITED) { - com_err(progname, retval, "while closing database"); - exit_status++; - return 1; + com_err(progname, retval, "while closing database"); + exit_status++; + return 1; } return 0; } @@ -576,99 +577,99 @@ add_random_key(argc, argv) krb5_keyblock *tmp_mkey; if (argc < 2) - usage(); + usage(); for (argv++, argc--; *argv; argv++, argc--) { - if (!strcmp(*argv, "-e")) { - argv++; argc--; - ks_str = *argv; - continue; - } else - break; + if (!strcmp(*argv, "-e")) { + argv++; argc--; + ks_str = *argv; + continue; + } else + break; } if (argc < 1) - usage(); + usage(); pr_str = *argv; ret = krb5_parse_name(util_context, pr_str, &princ); if (ret) { - com_err(me, ret, "while parsing principal name %s", pr_str); - exit_status++; - return; + com_err(me, ret, "while parsing principal name %s", pr_str); + exit_status++; + return; } n = 1; ret = krb5_db_get_principal(util_context, princ, &dbent, - &n, &more); + &n, &more); if (ret) { - com_err(me, ret, "while fetching principal %s", pr_str); - exit_status++; - return; + com_err(me, ret, "while fetching principal %s", pr_str); + exit_status++; + return; } if (n != 1) { - fprintf(stderr, "principal %s not found\n", pr_str); - exit_status++; - return; + fprintf(stderr, "principal %s not found\n", pr_str); + exit_status++; + return; } if (more) { - fprintf(stderr, "principal %s not unique\n", pr_str); - krb5_db_free_principal(util_context, &dbent, 1); - exit_status++; - return; + fprintf(stderr, "principal %s not unique\n", pr_str); + krb5_db_free_principal(util_context, &dbent, 1); + exit_status++; + return; } ret = krb5_string_to_keysalts(ks_str, - ", \t", ":.-", 0, - &keysalts, - &num_keysalts); + ", \t", ":.-", 0, + &keysalts, + &num_keysalts); if (ret) { - com_err(me, ret, "while parsing keysalts %s", ks_str); - exit_status++; - return; + com_err(me, ret, "while parsing keysalts %s", ks_str); + exit_status++; + return; } if (!num_keysalts || keysalts == NULL) { - num_keysalts = global_params.num_keysalts; - keysalts = global_params.keysalts; - free_keysalts = 0; + num_keysalts = global_params.num_keysalts; + keysalts = global_params.keysalts; + free_keysalts = 0; } else - free_keysalts = 1; + free_keysalts = 1; /* Find the mkey used to protect the existing keys */ ret = krb5_dbe_find_mkey(util_context, master_keylist, &dbent, &tmp_mkey); if (ret) { - com_err(me, ret, "while finding mkey"); - exit_status++; - return; + com_err(me, ret, "while finding mkey"); + exit_status++; + return; } ret = krb5_dbe_ark(util_context, tmp_mkey, - keysalts, num_keysalts, - &dbent); + keysalts, num_keysalts, + &dbent); if (free_keysalts) - free(keysalts); + free(keysalts); if (ret) { - com_err(me, ret, "while randomizing principal %s", pr_str); - krb5_db_free_principal(util_context, &dbent, 1); - exit_status++; - return; + com_err(me, ret, "while randomizing principal %s", pr_str); + krb5_db_free_principal(util_context, &dbent, 1); + exit_status++; + return; } dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(util_context, &now); if (ret) { - com_err(me, ret, "while getting time"); - krb5_db_free_principal(util_context, &dbent, 1); - exit_status++; - return; + com_err(me, ret, "while getting time"); + krb5_db_free_principal(util_context, &dbent, 1); + exit_status++; + return; } ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now); if (ret) { - com_err(me, ret, "while setting changetime"); - krb5_db_free_principal(util_context, &dbent, 1); - exit_status++; - return; + com_err(me, ret, "while setting changetime"); + krb5_db_free_principal(util_context, &dbent, 1); + exit_status++; + return; } ret = krb5_db_put_principal(util_context, &dbent, &n); krb5_db_free_principal(util_context, &dbent, 1); if (ret) { - com_err(me, ret, "while saving principal %s", pr_str); - exit_status++; - return; + com_err(me, ret, "while saving principal %s", pr_str); + exit_status++; + return; } printf("%s changed\n", pr_str); } diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h index 6e99ac3..26a6a41 100644 --- a/src/kadmin/dbutil/kdb5_util.h +++ b/src/kadmin/dbutil/kdb5_util.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * admin/edit/kdb5_edit.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,14 +23,14 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include <kdb_log.h> -#define MAX_HEADER 1024 -#define REALM_SEP '@' -#define REALM_SEP_STR "@" +#define MAX_HEADER 1024 +#define REALM_SEP '@' +#define REALM_SEP_STR "@" extern char *progname; extern char *Err_no_database; @@ -52,31 +53,31 @@ extern int add_db_arg(char *arg); extern void usage(void); -extern void add_key - (char const *, char const *, - krb5_const_principal, const krb5_keyblock *, - krb5_kvno, krb5_keysalt *); +extern void add_key +(char const *, char const *, + krb5_const_principal, const krb5_keyblock *, + krb5_kvno, krb5_keysalt *); extern int set_dbname_help - (char *, char *); +(char *, char *); extern char *kdb5_util_Init (int, char **); extern int quit (void); extern int check_for_match - (char *, int, krb5_db_entry *, int, int); +(char *, int, krb5_db_entry *, int, int); extern void parse_token - (char *, int *, int *, char *); +(char *, int *, int *, char *); extern int create_db_entry (krb5_principal, krb5_db_entry *); extern int kadm5_create_magic_princs (kadm5_config_params *params, - krb5_context context); + krb5_context context); -extern int process_ov_principal (char *fname, krb5_context kcontext, - FILE *filep, int verbose, - int *linenop); +extern int process_ov_principal (char *fname, krb5_context kcontext, + FILE *filep, int verbose, + int *linenop); extern void load_db (int argc, char **argv); extern void dump_db (int argc, char **argv); @@ -88,7 +89,7 @@ extern void kdb5_use_mkey (int argc, char **argv); extern void kdb5_list_mkeys (int argc, char **argv); extern void kdb5_update_princ_encryption (int argc, char **argv); extern krb5_error_code master_key_convert(krb5_context context, - krb5_db_entry *db_entry); + krb5_db_entry *db_entry); extern void kdb5_purge_mkeys (int argc, char **argv); extern void update_ok_file (char *file_name); @@ -101,4 +102,3 @@ extern krb5_error_code add_new_mkey(krb5_context, krb5_db_entry *, extern krb5_kvno get_next_kvno(krb5_context, krb5_db_entry *); void usage (void); - diff --git a/src/kadmin/dbutil/nstrtok.h b/src/kadmin/dbutil/nstrtok.h index f7f0d4a..3ee8f63 100644 --- a/src/kadmin/dbutil/nstrtok.h +++ b/src/kadmin/dbutil/nstrtok.h @@ -1,3 +1,3 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* Prototype for nstrtok */ char *nstrtok(char *, const char *delim); - diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index 4603647..e2afd58 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <unistd.h> #include <string.h> #include <stdlib.h> @@ -14,172 +15,172 @@ #include "kdb5_util.h" #include "nstrtok.h" -#define LINESIZE 32768 /* XXX */ +#define LINESIZE 32768 /* XXX */ static int parse_pw_hist_ent(current, hist) - char *current; - osa_pw_hist_ent *hist; + char *current; + osa_pw_hist_ent *hist; { - int tmp, i, j, ret; - char *cp; - - ret = 0; - hist->n_key_data = 1; - - hist->key_data = (krb5_key_data *) malloc(hist->n_key_data * - sizeof(krb5_key_data)); - if (hist->key_data == NULL) - return ENOMEM; - memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data); - - for (i = 0; i < hist->n_key_data; i++) { - krb5_key_data *key_data = &hist->key_data[i]; - - key_data->key_data_ver = 1; - - if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; - } - key_data->key_data_type[0] = atoi(cp); - - if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; - } - key_data->key_data_length[0] = atoi(cp); - - if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; - } - if(!(key_data->key_data_contents[0] = - (krb5_octet *) malloc(key_data->key_data_length[0]+1))) { - ret = ENOMEM; - goto done; - } - for(j = 0; j < key_data->key_data_length[0]; j++) { - if(sscanf(cp, "%02x", &tmp) != 1) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; - } - key_data->key_data_contents[0][j] = tmp; - cp = strchr(cp, ' ') + 1; - } - } - + int tmp, i, j, ret; + char *cp; + + ret = 0; + hist->n_key_data = 1; + + hist->key_data = (krb5_key_data *) malloc(hist->n_key_data * + sizeof(krb5_key_data)); + if (hist->key_data == NULL) + return ENOMEM; + memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data); + + for (i = 0; i < hist->n_key_data; i++) { + krb5_key_data *key_data = &hist->key_data[i]; + + key_data->key_data_ver = 1; + + if((cp = nstrtok((char *) NULL, "\t")) == NULL) { + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; + } + key_data->key_data_type[0] = atoi(cp); + + if((cp = nstrtok((char *) NULL, "\t")) == NULL) { + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; + } + key_data->key_data_length[0] = atoi(cp); + + if((cp = nstrtok((char *) NULL, "\t")) == NULL) { + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; + } + if(!(key_data->key_data_contents[0] = + (krb5_octet *) malloc(key_data->key_data_length[0]+1))) { + ret = ENOMEM; + goto done; + } + for(j = 0; j < key_data->key_data_length[0]; j++) { + if(sscanf(cp, "%02x", &tmp) != 1) { + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; + } + key_data->key_data_contents[0][j] = tmp; + cp = strchr(cp, ' ') + 1; + } + } + done: - return ret; + return ret; } /* * Function: parse_principal - * + * * Purpose: parse principal line in db dump file * * Arguments: - * <return value> 0 on success, error code on failure + * <return value> 0 on success, error code on failure * * Requires: - * principal database to be opened. - * nstrtok(3) to have a valid buffer in memory. - * + * principal database to be opened. + * nstrtok(3) to have a valid buffer in memory. + * * Effects: - * [effects] + * [effects] * * Modifies: - * [modifies] - * + * [modifies] + * */ int process_ov_principal(fname, kcontext, filep, verbose, linenop) - char *fname; - krb5_context kcontext; - FILE *filep; - int verbose; - int *linenop; + char *fname; + krb5_context kcontext; + FILE *filep; + int verbose; + int *linenop; { - XDR xdrs; - osa_princ_ent_t rec; - krb5_error_code ret; - krb5_tl_data tl_data; - krb5_principal princ; - krb5_db_entry kdb; - char *current = 0; - char *cp; - int x, one; - krb5_boolean more; - char line[LINESIZE]; + XDR xdrs; + osa_princ_ent_t rec; + krb5_error_code ret; + krb5_tl_data tl_data; + krb5_principal princ; + krb5_db_entry kdb; + char *current = 0; + char *cp; + int x, one; + krb5_boolean more; + char line[LINESIZE]; if (fgets(line, LINESIZE, filep) == (char *) NULL) { - return IMPORT_BAD_FILE; + return IMPORT_BAD_FILE; } if((cp = nstrtok(line, "\t")) == NULL) - return IMPORT_BAD_FILE; + return IMPORT_BAD_FILE; if((rec = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL) - return ENOMEM; + return ENOMEM; memset(rec, 0, sizeof(osa_princ_ent_rec)); - if((ret = krb5_parse_name(kcontext, cp, &princ))) - goto done; + if((ret = krb5_parse_name(kcontext, cp, &princ))) + goto done; krb5_unparse_name(kcontext, princ, ¤t); if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; } else { - if(strcmp(cp, "")) { - if((rec->policy = strdup(cp)) == NULL) { - ret = ENOMEM; - goto done; - } - } else rec->policy = NULL; + if(strcmp(cp, "")) { + if((rec->policy = strdup(cp)) == NULL) { + ret = ENOMEM; + goto done; + } + } else rec->policy = NULL; } if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; } rec->aux_attributes = strtol(cp, (char **)NULL, 16); if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; } rec->old_key_len = atoi(cp); if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; } rec->old_key_next = atoi(cp); if((cp = nstrtok((char *) NULL, "\t")) == NULL) { - com_err(NULL, IMPORT_BAD_RECORD, "%s", current); - ret = IMPORT_FAILED; - goto done; + com_err(NULL, IMPORT_BAD_RECORD, "%s", current); + ret = IMPORT_FAILED; + goto done; } rec->admin_history_kvno = atoi(cp); if (! rec->old_key_len) { - rec->old_keys = NULL; + rec->old_keys = NULL; } else { - if(!(rec->old_keys = (osa_pw_hist_ent *) - malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) { - ret = ENOMEM; - goto done; - } - memset(rec->old_keys,0, - sizeof(osa_pw_hist_ent) * rec->old_key_len); - for(x = 0; x < rec->old_key_len; x++) - parse_pw_hist_ent(current, &rec->old_keys[x]); + if(!(rec->old_keys = (osa_pw_hist_ent *) + malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) { + ret = ENOMEM; + goto done; + } + memset(rec->old_keys,0, + sizeof(osa_pw_hist_ent) * rec->old_key_len); + for(x = 0; x < rec->old_key_len; x++) + parse_pw_hist_ent(current, &rec->old_keys[x]); } xdralloc_create(&xdrs, XDR_ENCODE); if (! xdr_osa_princ_ent_rec(&xdrs, rec)) { - xdr_destroy(&xdrs); - ret = KADM5_XDR_FAILURE; - goto done; + xdr_destroy(&xdrs); + ret = KADM5_XDR_FAILURE; + goto done; } tl_data.tl_data_type = KRB5_TL_KADM_DATA; @@ -189,15 +190,15 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop) one = 1; ret = krb5_db_get_principal(kcontext, princ, &kdb, &one, &more); if (ret) - goto done; - + goto done; + ret = krb5_dbe_update_tl_data(kcontext, &kdb, &tl_data); if (ret) - goto done; + goto done; ret = krb5_db_put_principal(kcontext, &kdb, &one); if (ret) - goto done; + goto done; xdr_destroy(&xdrs); diff --git a/src/kadmin/dbutil/string_table.c b/src/kadmin/dbutil/string_table.c index 1caa140..27def9d 100644 --- a/src/kadmin/dbutil/string_table.c +++ b/src/kadmin/dbutil/string_table.c @@ -1,6 +1,7 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * + * */ /* String table of messages for kadm5_create */ @@ -15,36 +16,36 @@ char *str_CHANGEPW_PRINC_EXISTS = "Warning! Changepw principal already exists."; char *str_HISTORY_PRINC_EXISTS = "Warning! Admin history principal already exists."; -char *str_ADMIN_PRINC_WRONG_ATTRS = +char *str_ADMIN_PRINC_WRONG_ATTRS = "Warning! Admin principal has incorrect attributes.\n" "\tDISALLOW_TGT should be set, and max_life should be three hours.\n" "\tThis program will leave them as-is, but beware!."; -char *str_CHANGEPW_PRINC_WRONG_ATTRS = +char *str_CHANGEPW_PRINC_WRONG_ATTRS = "Warning! Changepw principal has incorrect attributes.\n" "\tDISALLOW_TGT and PW_CHANGE_SERVICE should both be set, and " - "max_life should be five minutes.\n" + "max_life should be five minutes.\n" "\tThis program will leave them as-is, but beware!."; -char *str_HISTORY_PRINC_WRONG_ATTRS = +char *str_HISTORY_PRINC_WRONG_ATTRS = "Warning! Admin history principal has incorrect attributes.\n" - "\tDISALLOW_ALL_TIX should be set.\n" + "\tDISALLOW_ALL_TIX should be set.\n" "\tThis program will leave it as-is, but beware!."; char *str_CREATED_PRINC_DB = - "%s: Admin principal database created (or it already existed).\n"; /* whoami */ + "%s: Admin principal database created (or it already existed).\n"; /* whoami */ char *str_CREATED_POLICY_DB = - "%s: Admin policy database created (or it already existed).\n"; /* whoami */ + "%s: Admin policy database created (or it already existed).\n"; /* whoami */ char *str_RANDOM_KEY = - "while calling random key for %s."; /* principal name */ + "while calling random key for %s."; /* principal name */ char *str_ENCRYPT_KEY = - "while calling encrypt key for %s."; /* principal name */ + "while calling encrypt key for %s."; /* principal name */ char *str_PUT_PRINC = - "while storing %s in Kerberos database."; /* principal name */ + "while storing %s in Kerberos database."; /* principal name */ char *str_CREATING_POLICY_DB = "while creating/opening admin policy database."; @@ -55,7 +56,7 @@ char *str_CREATING_PRINC_DB = "while creating/opening admin principal database." char *str_CLOSING_PRINC_DB = "while closing admin principal database."; char *str_CREATING_PRINC_ENTRY = - "while creating admin principal database entry for %s."; /* princ_name */ + "while creating admin principal database entry for %s."; /* princ_name */ char *str_A_PRINC = "a principal"; @@ -65,20 +66,20 @@ char *str_CREATED_PRINC = "%s: Created %s principal.\n"; /* whoami, princ_name * char *str_INIT_KDB = "while initializing kdb."; -char *str_NO_KDB = -"while initializing kdb.\nThe Kerberos KDC database needs to exist in /krb5.\n\ +char *str_NO_KDB = + "while initializing kdb.\nThe Kerberos KDC database needs to exist in /krb5.\n\ If you haven't run kdb5_create you need to do so before running this command."; char *str_INIT_RANDOM_KEY = "while initializing random key generator."; -char *str_TOO_MANY_ADMIN_PRINC = - "while fetching admin princ. Can only have one admin principal."; +char *str_TOO_MANY_ADMIN_PRINC = + "while fetching admin princ. Can only have one admin principal."; -char *str_TOO_MANY_CHANGEPW_PRINC = - "while fetching changepw princ. Can only have one changepw principal."; +char *str_TOO_MANY_CHANGEPW_PRINC = + "while fetching changepw princ. Can only have one changepw principal."; -char *str_TOO_MANY_HIST_PRINC = - "while fetching history princ. Can only have one history principal."; +char *str_TOO_MANY_HIST_PRINC = + "while fetching history princ. Can only have one history principal."; char *str_WHILE_DESTROYING_ADMIN_SESSION = "while closing session with admin server and destroying tickets."; diff --git a/src/kadmin/dbutil/string_table.h b/src/kadmin/dbutil/string_table.h index b89b9f1..83acfef 100644 --- a/src/kadmin/dbutil/string_table.h +++ b/src/kadmin/dbutil/string_table.h @@ -1,12 +1,13 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - * - */ - + * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. + * + * $Header$ + * + */ + #ifndef _OVSEC_ADM_STRINGS_ - + extern char *str_PARSE_NAME; extern char *str_HISTORY_PARSE_NAME; extern char *str_ADMIN_PRINC_EXISTS; @@ -35,5 +36,5 @@ extern char *str_TOO_MANY_ADMIN_PRINC; extern char *str_TOO_MANY_CHANGEPW_PRINC; extern char *str_TOO_MANY_HIST_PRINC; extern char *str_WHILE_DESTROYING_ADMIN_SESSION; - + #endif /* _OVSEC_ADM_STRINGS_ */ diff --git a/src/kadmin/dbutil/strtok.c b/src/kadmin/dbutil/strtok.c index 80117a3..0640c74 100644 --- a/src/kadmin/dbutil/strtok.c +++ b/src/kadmin/dbutil/strtok.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -28,78 +29,77 @@ /* * Function: nstrtok - * + * * Purpose: the same as strtok ... just different. does not deal with - * multiple tokens in row. + * multiple tokens in row. * * Arguments: - * s (input) string to scan - * delim (input) list of delimiters - * <return value> string or null on error. + * s (input) string to scan + * delim (input) list of delimiters + * <return value> string or null on error. * * Requires: - * nuttin - * + * nuttin + * * Effects: - * sets last to string + * sets last to string * * Modifies: - * last - * + * last + * */ char * nstrtok(s, delim) - register char *s; - register const char *delim; + register char *s; + register const char *delim; { - register const char *spanp; - register int c, sc; - char *tok; - static char *last; + register const char *spanp; + register int c, sc; + char *tok; + static char *last; - if (s == NULL && (s = last) == NULL) - return (NULL); + if (s == NULL && (s = last) == NULL) + return (NULL); - /* - * Skip (span) leading delimiters (s += strspn(s, delim), sort of). - */ -#ifdef OLD + /* + * Skip (span) leading delimiters (s += strspn(s, delim), sort of). + */ +#ifdef OLD cont: - c = *s++; - for (spanp = delim; (sc = *spanp++) != 0;) { - if (c == sc) - goto cont; - } + c = *s++; + for (spanp = delim; (sc = *spanp++) != 0;) { + if (c == sc) + goto cont; + } - if (c == 0) { /* no non-delimiter characters */ - last = NULL; - return (NULL); - } - tok = s - 1; + if (c == 0) { /* no non-delimiter characters */ + last = NULL; + return (NULL); + } + tok = s - 1; #else - tok = s; -#endif + tok = s; +#endif - /* - * Scan token (scan for delimiters: s += strcspn(s, delim), sort of). - * Note that delim must have one NUL; we stop if we see that, too. - */ - for (;;) { - c = *s++; - spanp = delim; - do { - if ((sc = *spanp++) == c) { - if (c == 0) - s = NULL; - else - s[-1] = 0; - last = s; - return (tok); - } - } while (sc != 0); - } - /* NOTREACHED */ + /* + * Scan token (scan for delimiters: s += strcspn(s, delim), sort of). + * Note that delim must have one NUL; we stop if we see that, too. + */ + for (;;) { + c = *s++; + spanp = delim; + do { + if ((sc = *spanp++) == c) { + if (c == 0) + s = NULL; + else + s[-1] = 0; + last = s; + return (tok); + } + } while (sc != 0); + } + /* NOTREACHED */ } - diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c index 5a6ee78..c5f0fe0 100644 --- a/src/kadmin/ktutil/ktutil.c +++ b/src/kadmin/ktutil/ktutil.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/ktutil/ktutil.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * SS user interface for ktutil. */ @@ -50,13 +51,13 @@ int main(argc, argv) retval = krb5_init_context(&kcontext); if (retval) { com_err(argv[0], retval, "while initializing krb5"); - exit(1); + exit(1); } sci_idx = ss_create_invocation("ktutil", "5.0", (char *)NULL, - &ktutil_cmds, &retval); + &ktutil_cmds, &retval); if (retval) { - ss_perror(sci_idx, retval, "creating invocation"); - exit(1); + ss_perror(sci_idx, retval, "creating invocation"); + exit(1); } retval = ss_listen(sci_idx); ktutil_free_kt_list(kcontext, ktlist); @@ -70,12 +71,12 @@ void ktutil_clear_list(argc, argv) krb5_error_code retval; if (argc != 1) { - fprintf(stderr, "%s: invalid arguments\n", argv[0]); - return; + fprintf(stderr, "%s: invalid arguments\n", argv[0]); + return; } retval = ktutil_free_kt_list(kcontext, ktlist); if (retval) - com_err(argv[0], retval, "while freeing ktlist"); + com_err(argv[0], retval, "while freeing ktlist"); ktlist = NULL; } @@ -86,12 +87,12 @@ void ktutil_read_v5(argc, argv) krb5_error_code retval; if (argc != 2) { - fprintf(stderr, "%s: must specify keytab to read\n", argv[0]); - return; + fprintf(stderr, "%s: must specify keytab to read\n", argv[0]); + return; } retval = ktutil_read_keytab(kcontext, argv[1], &ktlist); if (retval) - com_err(argv[0], retval, "while reading keytab \"%s\"", argv[1]); + com_err(argv[0], retval, "while reading keytab \"%s\"", argv[1]); } void ktutil_read_v4(argc, argv) @@ -101,12 +102,12 @@ void ktutil_read_v4(argc, argv) krb5_error_code retval; if (argc != 2) { - fprintf(stderr, "%s: must specify the srvtab to read\n", argv[0]); - return; + fprintf(stderr, "%s: must specify the srvtab to read\n", argv[0]); + return; } retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist); if (retval) - com_err(argv[0], retval, "while reading srvtab \"%s\"", argv[1]); + com_err(argv[0], retval, "while reading srvtab \"%s\"", argv[1]); } void ktutil_write_v5(argc, argv) @@ -116,12 +117,12 @@ void ktutil_write_v5(argc, argv) krb5_error_code retval; if (argc != 2) { - fprintf(stderr, "%s: must specify keytab to write\n", argv[0]); - return; + fprintf(stderr, "%s: must specify keytab to write\n", argv[0]); + return; } retval = ktutil_write_keytab(kcontext, ktlist, argv[1]); if (retval) - com_err(argv[0], retval, "while writing keytab \"%s\"", argv[1]); + com_err(argv[0], retval, "while writing keytab \"%s\"", argv[1]); } void ktutil_write_v4(argc, argv) @@ -139,35 +140,35 @@ void ktutil_add_entry(argc, argv) char *princ = NULL; char *enctype = NULL; krb5_kvno kvno = 0; - int use_pass = 0, use_key = 0, i; + int use_pass = 0, use_key = 0, i; for (i = 1; i < argc; i++) { - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { - princ = argv[++i]; - continue; - } - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { - kvno = (krb5_kvno) atoi(argv[++i]); - continue; - } - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { - enctype = argv[++i]; - continue; - } - if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) { - use_pass++; - continue; - } - if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) { - use_key++; - continue; - } + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { + princ = argv[++i]; + continue; + } + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { + kvno = (krb5_kvno) atoi(argv[++i]); + continue; + } + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { + enctype = argv[++i]; + continue; + } + if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) { + use_pass++; + continue; + } + if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) { + use_key++; + continue; + } } if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { fprintf(stderr, "usage: %s (-key | -password) -p principal " - "-k kvno -e enctype\n", argv[0]); - return; + "-k kvno -e enctype\n", argv[0]); + return; } retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass); @@ -182,12 +183,12 @@ void ktutil_delete_entry(argc, argv) krb5_error_code retval; if (argc != 2) { - fprintf(stderr, "%s: must specify entry to delete\n", argv[0]); - return; + fprintf(stderr, "%s: must specify entry to delete\n", argv[0]); + return; } retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1])); if (retval) - com_err(argv[0], retval, "while deleting entry %d", atoi(argv[1])); + com_err(argv[0], retval, "while deleting entry %d", atoi(argv[1])); } void ktutil_list(argc, argv) @@ -201,80 +202,70 @@ void ktutil_list(argc, argv) char *pname; for (i = 1; i < argc; i++) { - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) { - show_time++; - continue; - } - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { - show_keys++; - continue; - } - if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { - show_enctype++; - continue; - } - - fprintf(stderr, "%s: usage: %s [-t] [-k] [-e]\n", argv[0], argv[0]); - return; + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) { + show_time++; + continue; + } + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { + show_keys++; + continue; + } + if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { + show_enctype++; + continue; + } + + fprintf(stderr, "%s: usage: %s [-t] [-k] [-e]\n", argv[0], argv[0]); + return; } if (show_time) { - printf("slot KVNO Timestamp Principal\n"); - printf("---- ---- ----------------- ---------------------------------------------------\n"); + printf("slot KVNO Timestamp Principal\n"); + printf("---- ---- ----------------- ---------------------------------------------------\n"); } else { - printf("slot KVNO Principal\n"); - printf("---- ---- ---------------------------------------------------------------------\n"); + printf("slot KVNO Principal\n"); + printf("---- ---- ---------------------------------------------------------------------\n"); } for (i = 1, lp = ktlist; lp; i++, lp = lp->next) { - retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname); - if (retval) { - com_err(argv[0], retval, "while unparsing principal name"); - return; - } - printf("%4d %4d ", i, lp->entry->vno); - if (show_time) { - char fmtbuf[18]; - char fill; - time_t tstamp; - - tstamp = lp->entry->timestamp; - (void) localtime(&tstamp); - lp->entry->timestamp = tstamp; - fill = ' '; - if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry-> - timestamp, - fmtbuf, - sizeof(fmtbuf), - &fill)) - printf("%s ", fmtbuf); - } - printf("%40s", pname); - if (show_enctype) { - static char buf[256]; - if ((retval = krb5_enctype_to_string( - lp->entry->key.enctype, buf, 256))) { - com_err(argv[0], retval, "While converting enctype to string"); - return; - } - printf(" (%s) ", buf); - } - - if (show_keys) { - printf(" (0x"); - for (j = 0; j < lp->entry->key.length; j++) - printf("%02x", lp->entry->key.contents[j]); - printf(")"); - } - printf("\n"); - free(pname); + retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname); + if (retval) { + com_err(argv[0], retval, "while unparsing principal name"); + return; + } + printf("%4d %4d ", i, lp->entry->vno); + if (show_time) { + char fmtbuf[18]; + char fill; + time_t tstamp; + + tstamp = lp->entry->timestamp; + (void) localtime(&tstamp); + lp->entry->timestamp = tstamp; + fill = ' '; + if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry-> + timestamp, + fmtbuf, + sizeof(fmtbuf), + &fill)) + printf("%s ", fmtbuf); + } + printf("%40s", pname); + if (show_enctype) { + static char buf[256]; + if ((retval = krb5_enctype_to_string( + lp->entry->key.enctype, buf, 256))) { + com_err(argv[0], retval, "While converting enctype to string"); + return; + } + printf(" (%s) ", buf); + } + + if (show_keys) { + printf(" (0x"); + for (j = 0; j < lp->entry->key.length; j++) + printf("%02x", lp->entry->key.contents[j]); + printf(")"); + } + printf("\n"); + free(pname); } } - - - - - - - - - - diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h index 5ecc7d4..7a3c53e 100644 --- a/src/kadmin/ktutil/ktutil.h +++ b/src/kadmin/ktutil/ktutil.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/ktutil/ktutil.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ typedef struct _krb5_kt_list { @@ -35,23 +36,23 @@ krb5_error_code ktutil_free_kt_list (krb5_context, krb5_kt_list); krb5_error_code ktutil_delete (krb5_context, krb5_kt_list *, int); krb5_error_code ktutil_add (krb5_context, - krb5_kt_list *, - char *, - krb5_kvno, - char *, - int); + krb5_kt_list *, + char *, + krb5_kvno, + char *, + int); krb5_error_code ktutil_read_keytab (krb5_context, - char *, - krb5_kt_list *); + char *, + krb5_kt_list *); krb5_error_code ktutil_write_keytab (krb5_context, - krb5_kt_list, - char *); + krb5_kt_list, + char *); krb5_error_code ktutil_read_srvtab (krb5_context, - char *, - krb5_kt_list *); + char *, + krb5_kt_list *); void ktutil_add_entry (int, char *[]); diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c index e3e9204..1aa74de 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/ktutil/ktutil_funcs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Utility functions for ktutil. */ @@ -42,13 +43,13 @@ krb5_error_code ktutil_free_kt_list(context, list) krb5_error_code retval = 0; for (lp = list; lp;) { - retval = krb5_kt_free_entry(context, lp->entry); - free(lp->entry); - if (retval) - break; - prev = lp; - lp = lp->next; - free(prev); + retval = krb5_kt_free_entry(context, lp->entry); + free(lp->entry); + if (retval) + break; + prev = lp; + lp = lp->next; + free(prev); } return retval; } @@ -66,14 +67,14 @@ krb5_error_code ktutil_delete(context, list, idx) int i; for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) { - if (i == idx) { - if (i == 1) - *list = lp->next; - else - prev->next = lp->next; - lp->next = NULL; - return ktutil_free_kt_list(context, lp); - } + if (i == idx) { + if (i == 1) + *list = lp->next; + else + prev->next = lp->next; + lp->next = NULL; + return ktutil_free_kt_list(context, lp); + } } return EINVAL; } @@ -85,7 +86,7 @@ krb5_error_code ktutil_delete(context, list, idx) * one first. */ krb5_error_code ktutil_add(context, list, princ_str, kvno, - enctype_str, use_pass) + enctype_str, use_pass) krb5_context context; krb5_kt_list *list; char *princ_str; @@ -117,7 +118,7 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno, if (retval) return retval; retval = krb5_string_to_enctype(enctype_str, &enctype); - if (retval) + if (retval) return KRB5_BAD_ENCTYPE; retval = krb5_timeofday(context, &now); if (retval) @@ -133,93 +134,93 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno, } memset(entry, 0, sizeof(*entry)); - if (!lp) { /* if list is empty, start one */ + if (!lp) { /* if list is empty, start one */ lp = (krb5_kt_list) malloc(sizeof(*lp)); - if (!lp) { - return ENOMEM; - } + if (!lp) { + return ENOMEM; + } } else { lp->next = (krb5_kt_list) malloc(sizeof(*lp)); - if (!lp->next) { - return ENOMEM; - } - prev = lp; - lp = lp->next; - } + if (!lp->next) { + return ENOMEM; + } + prev = lp; + lp = lp->next; + } lp->next = NULL; lp->entry = entry; if (use_pass) { password.length = pwsize; - password.data = (char *) malloc(pwsize); - if (!password.data) { - retval = ENOMEM; - goto cleanup; - } + password.data = (char *) malloc(pwsize); + if (!password.data) { + retval = ENOMEM; + goto cleanup; + } - snprintf(promptstr, sizeof(promptstr), "Password for %.1000s", - princ_str); + snprintf(promptstr, sizeof(promptstr), "Password for %.1000s", + princ_str); retval = krb5_read_password(context, promptstr, NULL, password.data, - &password.length); - if (retval) - goto cleanup; - retval = krb5_principal2salt(context, princ, &salt); - if (retval) - goto cleanup; - retval = krb5_c_string_to_key(context, enctype, &password, - &salt, &key); - if (retval) - goto cleanup; - memset(password.data, 0, password.length); - password.length = 0; - lp->entry->key = key; + &password.length); + if (retval) + goto cleanup; + retval = krb5_principal2salt(context, princ, &salt); + if (retval) + goto cleanup; + retval = krb5_c_string_to_key(context, enctype, &password, + &salt, &key); + if (retval) + goto cleanup; + memset(password.data, 0, password.length); + password.length = 0; + lp->entry->key = key; } else { printf("Key for %s (hex): ", princ_str); - fgets(buf, BUFSIZ, stdin); - /* - * We need to get rid of the trailing '\n' from fgets. - * If we have an even number of hex digits (as we should), - * write a '\0' over the '\n'. If for some reason we have - * an odd number of hex digits, force an even number of hex - * digits by writing a '0' into the last position (the string - * will still be null-terminated). - */ - buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0'; - if (strlen(buf) == 0) { - fprintf(stderr, "addent: Error reading key.\n"); - retval = 0; - goto cleanup; - } - + fgets(buf, BUFSIZ, stdin); + /* + * We need to get rid of the trailing '\n' from fgets. + * If we have an even number of hex digits (as we should), + * write a '\0' over the '\n'. If for some reason we have + * an odd number of hex digits, force an even number of hex + * digits by writing a '0' into the last position (the string + * will still be null-terminated). + */ + buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0'; + if (strlen(buf) == 0) { + fprintf(stderr, "addent: Error reading key.\n"); + retval = 0; + goto cleanup; + } + lp->entry->key.enctype = enctype; - lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2); - if (!lp->entry->key.contents) { - retval = ENOMEM; - goto cleanup; - } + lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2); + if (!lp->entry->key.contents) { + retval = ENOMEM; + goto cleanup; + } - i = 0; - for (cp = buf; *cp; cp += 2) { - if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) { - fprintf(stderr, "addent: Illegal character in key.\n"); - retval = 0; - goto cleanup; - } - sscanf(cp, "%02x", &tmp); - lp->entry->key.contents[i++] = (krb5_octet) tmp; - } - lp->entry->key.length = i; + i = 0; + for (cp = buf; *cp; cp += 2) { + if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) { + fprintf(stderr, "addent: Illegal character in key.\n"); + retval = 0; + goto cleanup; + } + sscanf(cp, "%02x", &tmp); + lp->entry->key.contents[i++] = (krb5_octet) tmp; + } + lp->entry->key.length = i; } lp->entry->principal = princ; lp->entry->vno = kvno; lp->entry->timestamp = now; if (!*list) - *list = lp; + *list = lp; return 0; - cleanup: +cleanup: if (prev) prev->next = NULL; ktutil_free_kt_list(context, lp); @@ -242,62 +243,62 @@ krb5_error_code ktutil_read_keytab(context, name, list) krb5_error_code retval = 0; if (*list) { - /* point lp at the tail of the list */ - for (lp = *list; lp->next; lp = lp->next); - back = lp; + /* point lp at the tail of the list */ + for (lp = *list; lp->next; lp = lp->next); + back = lp; } retval = krb5_kt_resolve(context, name, &kt); if (retval) - return retval; + return retval; retval = krb5_kt_start_seq_get(context, kt, &cursor); if (retval) - goto close_kt; + goto close_kt; for (;;) { - entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry)); - if (!entry) { - retval = ENOMEM; - break; - } - memset(entry, 0, sizeof (*entry)); - retval = krb5_kt_next_entry(context, kt, entry, &cursor); - if (retval) - break; + entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry)); + if (!entry) { + retval = ENOMEM; + break; + } + memset(entry, 0, sizeof (*entry)); + retval = krb5_kt_next_entry(context, kt, entry, &cursor); + if (retval) + break; - if (!lp) { /* if list is empty, start one */ - lp = (krb5_kt_list)malloc(sizeof (*lp)); - if (!lp) { - retval = ENOMEM; - break; - } - } else { - lp->next = (krb5_kt_list)malloc(sizeof (*lp)); - if (!lp->next) { - retval = ENOMEM; - break; - } - lp = lp->next; - } - if (!tail) - tail = lp; - lp->next = NULL; - lp->entry = entry; + if (!lp) { /* if list is empty, start one */ + lp = (krb5_kt_list)malloc(sizeof (*lp)); + if (!lp) { + retval = ENOMEM; + break; + } + } else { + lp->next = (krb5_kt_list)malloc(sizeof (*lp)); + if (!lp->next) { + retval = ENOMEM; + break; + } + lp = lp->next; + } + if (!tail) + tail = lp; + lp->next = NULL; + lp->entry = entry; } if (entry) - free(entry); + free(entry); if (retval) { - if (retval == KRB5_KT_END) - retval = 0; - else { - ktutil_free_kt_list(context, tail); - tail = NULL; - if (back) - back->next = NULL; - } + if (retval == KRB5_KT_END) + retval = 0; + else { + ktutil_free_kt_list(context, tail); + tail = NULL; + if (back) + back->next = NULL; + } } if (!*list) - *list = tail; + *list = tail; krb5_kt_end_seq_get(context, kt, &cursor); - close_kt: +close_kt: krb5_kt_close(context, kt); return retval; } @@ -318,14 +319,14 @@ krb5_error_code ktutil_write_keytab(context, list, name) result = snprintf(ktname, sizeof(ktname), "WRFILE:%s", name); if (SNPRINTF_OVERFLOW(result, sizeof(ktname))) - return ENAMETOOLONG; + return ENAMETOOLONG; retval = krb5_kt_resolve(context, ktname, &kt); if (retval) - return retval; + return retval; for (lp = list; lp; lp = lp->next) { - retval = krb5_kt_add_entry(context, kt, lp->entry); - if (retval) - break; + retval = krb5_kt_add_entry(context, kt, lp->entry); + if (retval) + break; } krb5_kt_close(context, kt); return retval; @@ -344,7 +345,7 @@ krb5_error_code ktutil_read_srvtab(context, name, list) krb5_error_code result; if (asprintf(&ktname, "SRVTAB:%s", name) < 0) - return ENOMEM; + return ENOMEM; result = ktutil_read_keytab(context, ktname, list); free(ktname); return result; diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index 68d8af4..9b556e9 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -28,7 +28,7 @@ static int check_rpcsec_auth(struct svc_req *); /* * Function: kadm_1 - * + * * Purpose: RPC proccessing procedure. * originally generated from rpcgen * @@ -79,36 +79,36 @@ void kadm_1(rqstp, transp) svcerr_weakauth(transp); return; } - + switch (rqstp->rq_proc) { case NULLPROC: (void) svc_sendreply(transp, xdr_void, (char *)NULL); return; - + case CREATE_PRINCIPAL: xdr_argument = xdr_cprinc_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) create_principal_2_svc; break; - + case DELETE_PRINCIPAL: xdr_argument = xdr_dprinc_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) delete_principal_2_svc; break; - + case MODIFY_PRINCIPAL: xdr_argument = xdr_mprinc_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) modify_principal_2_svc; break; - + case RENAME_PRINCIPAL: xdr_argument = xdr_rprinc_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) rename_principal_2_svc; break; - + case GET_PRINCIPAL: xdr_argument = xdr_gprinc_arg; xdr_result = xdr_gprinc_ret; @@ -120,7 +120,7 @@ void kadm_1(rqstp, transp) xdr_result = xdr_gprincs_ret; local = (char *(*)()) get_princs_2_svc; break; - + case CHPASS_PRINCIPAL: xdr_argument = xdr_chpass_arg; xdr_result = xdr_generic_ret; @@ -138,31 +138,31 @@ void kadm_1(rqstp, transp) xdr_result = xdr_generic_ret; local = (char *(*)()) setkey_principal_2_svc; break; - + case CHRAND_PRINCIPAL: xdr_argument = xdr_chrand_arg; xdr_result = xdr_chrand_ret; local = (char *(*)()) chrand_principal_2_svc; break; - + case CREATE_POLICY: xdr_argument = xdr_cpol_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) create_policy_2_svc; break; - + case DELETE_POLICY: xdr_argument = xdr_dpol_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) delete_policy_2_svc; break; - + case MODIFY_POLICY: xdr_argument = xdr_mpol_arg; xdr_result = xdr_generic_ret; local = (char *(*)()) modify_policy_2_svc; break; - + case GET_POLICY: xdr_argument = xdr_gpol_arg; xdr_result = xdr_gpol_ret; @@ -174,7 +174,7 @@ void kadm_1(rqstp, transp) xdr_result = xdr_gpols_ret; local = (char *(*)()) get_pols_2_svc; break; - + case GET_PRIVS: xdr_argument = xdr_u_int32; xdr_result = xdr_getprivs_ret; diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index 1725fbf..375fbd1 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -11,109 +12,109 @@ /* * Function: chpass_principal_wrapper_3 - * + * * Purpose: wrapper to kadm5_chpass_principal that checks to see if - * pw_min_life has been reached. if not it returns an error. - * otherwise it calls kadm5_chpass_principal + * pw_min_life has been reached. if not it returns an error. + * otherwise it calls kadm5_chpass_principal * * Arguments: - * principal (input) krb5_principals whose password we are - * changing - * keepold (input) whether to preserve old keys - * n_ks_tuple (input) the number of key-salt tuples in ks_tuple - * ks_tuple (input) array of tuples indicating the caller's - * requested enctypes/salttypes - * password (input) password we are going to change to. - * <return value> 0 on success error code on failure. + * principal (input) krb5_principals whose password we are + * changing + * keepold (input) whether to preserve old keys + * n_ks_tuple (input) the number of key-salt tuples in ks_tuple + * ks_tuple (input) array of tuples indicating the caller's + * requested enctypes/salttypes + * password (input) password we are going to change to. + * <return value> 0 on success error code on failure. * * Requires: - * kadm5_init to have been run. - * + * kadm5_init to have been run. + * * Effects: - * calls kadm5_chpass_principal which changes the kdb and the - * the admin db. + * calls kadm5_chpass_principal which changes the kdb and the + * the admin db. * */ kadm5_ret_t chpass_principal_wrapper_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - char *password) + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *password) { - kadm5_ret_t ret; + kadm5_ret_t ret; ret = check_min_life(server_handle, principal, NULL, 0); if (ret) - return ret; + return ret; return kadm5_chpass_principal_3(server_handle, principal, - keepold, n_ks_tuple, ks_tuple, - password); + keepold, n_ks_tuple, ks_tuple, + password); } /* * Function: randkey_principal_wrapper_3 - * + * * Purpose: wrapper to kadm5_randkey_principal which checks the - * password's min. life. + * password's min. life. * * Arguments: - * principal (input) krb5_principal whose password we are - * changing - * keepold (input) whether to preserve old keys - * n_ks_tuple (input) the number of key-salt tuples in ks_tuple - * ks_tuple (input) array of tuples indicating the caller's - * requested enctypes/salttypes - * key (output) new random key - * <return value> 0, error code on error. + * principal (input) krb5_principal whose password we are + * changing + * keepold (input) whether to preserve old keys + * n_ks_tuple (input) the number of key-salt tuples in ks_tuple + * ks_tuple (input) array of tuples indicating the caller's + * requested enctypes/salttypes + * key (output) new random key + * <return value> 0, error code on error. * * Requires: - * kadm5_init needs to be run - * + * kadm5_init needs to be run + * * Effects: - * calls kadm5_randkey_principal + * calls kadm5_randkey_principal * */ kadm5_ret_t randkey_principal_wrapper_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock **keys, int *n_keys) + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keys, int *n_keys) { - kadm5_ret_t ret; + kadm5_ret_t ret; ret = check_min_life(server_handle, principal, NULL, 0); if (ret) - return ret; + return ret; return kadm5_randkey_principal_3(server_handle, principal, - keepold, n_ks_tuple, ks_tuple, - keys, n_keys); + keepold, n_ks_tuple, ks_tuple, + keys, n_keys); } kadm5_ret_t schpw_util_wrapper(void *server_handle, - krb5_principal client, - krb5_principal target, - krb5_boolean initial_flag, - char *new_pw, char **ret_pw, - char *msg_ret, unsigned int msg_len) + krb5_principal client, + krb5_principal target, + krb5_boolean initial_flag, + char *new_pw, char **ret_pw, + char *msg_ret, unsigned int msg_len) { - kadm5_ret_t ret; - kadm5_server_handle_t handle = server_handle; - krb5_boolean access_granted; - krb5_boolean self; + kadm5_ret_t ret; + kadm5_server_handle_t handle = server_handle; + krb5_boolean access_granted; + krb5_boolean self; /* * If no target is explicitly provided, then the target principal * is the client principal. */ if (target == NULL) - target = client; + target = client; /* * A principal can always change its own password, as long as it @@ -122,32 +123,32 @@ schpw_util_wrapper(void *server_handle, */ self = krb5_principal_compare(handle->context, client, target); if (self) { - ret = check_min_life(server_handle, target, msg_ret, msg_len); - if (ret != 0) - return ret; + ret = check_min_life(server_handle, target, msg_ret, msg_len); + if (ret != 0) + return ret; - access_granted = initial_flag; + access_granted = initial_flag; } else - access_granted = FALSE; + access_granted = FALSE; if (!access_granted && - kadm5int_acl_check_krb(handle->context, client, - ACL_CHANGEPW, target, NULL)) { - /* - * Otherwise, principals with appropriate privileges can change - * any password - */ - access_granted = TRUE; + kadm5int_acl_check_krb(handle->context, client, + ACL_CHANGEPW, target, NULL)) { + /* + * Otherwise, principals with appropriate privileges can change + * any password + */ + access_granted = TRUE; } if (access_granted) { - ret = kadm5_chpass_principal_util(server_handle, - target, - new_pw, ret_pw, - msg_ret, msg_len); + ret = kadm5_chpass_principal_util(server_handle, + target, + new_pw, ret_pw, + msg_ret, msg_len); } else { - ret = KADM5_AUTH_CHANGEPW; - strlcpy(msg_ret, "Unauthorized request", msg_len); + ret = KADM5_AUTH_CHANGEPW; + strlcpy(msg_ret, "Unauthorized request", msg_len); } return ret; @@ -155,60 +156,60 @@ schpw_util_wrapper(void *server_handle, kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal, - char *msg_ret, unsigned int msg_len) + char *msg_ret, unsigned int msg_len) { - krb5_int32 now; - kadm5_ret_t ret; - kadm5_policy_ent_rec pol; - kadm5_principal_ent_rec princ; - kadm5_server_handle_t handle = server_handle; + krb5_int32 now; + kadm5_ret_t ret; + kadm5_policy_ent_rec pol; + kadm5_principal_ent_rec princ; + kadm5_server_handle_t handle = server_handle; if (msg_ret != NULL) - *msg_ret = '\0'; + *msg_ret = '\0'; ret = krb5_timeofday(handle->context, &now); if (ret) - return ret; + return ret; - ret = kadm5_get_principal(handle->lhandle, principal, - &princ, KADM5_PRINCIPAL_NORMAL_MASK); - if(ret) - return ret; + ret = kadm5_get_principal(handle->lhandle, principal, + &princ, KADM5_PRINCIPAL_NORMAL_MASK); + if(ret) + return ret; if(princ.aux_attributes & KADM5_POLICY) { - if((ret=kadm5_get_policy(handle->lhandle, - princ.policy, &pol)) != KADM5_OK) { - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return ret; - } - if((now - princ.last_pwd_change) < pol.pw_min_life && - !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - if (msg_ret != NULL) { - time_t until; - char *time_string, *ptr, *errstr; - - until = princ.last_pwd_change + pol.pw_min_life; - - time_string = ctime(&until); - errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON); - - if (strlen(errstr) + strlen(time_string) >= msg_len) { - *errstr = '\0'; - } else { - if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') - *ptr = '\0'; - snprintf(msg_ret, msg_len, errstr, time_string); - } - } - - (void) kadm5_free_policy_ent(handle->lhandle, &pol); - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return KADM5_PASS_TOOSOON; - } - - ret = kadm5_free_policy_ent(handle->lhandle, &pol); - if (ret) { - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return ret; + if((ret=kadm5_get_policy(handle->lhandle, + princ.policy, &pol)) != KADM5_OK) { + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return ret; + } + if((now - princ.last_pwd_change) < pol.pw_min_life && + !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + if (msg_ret != NULL) { + time_t until; + char *time_string, *ptr, *errstr; + + until = princ.last_pwd_change + pol.pw_min_life; + + time_string = ctime(&until); + errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON); + + if (strlen(errstr) + strlen(time_string) >= msg_len) { + *errstr = '\0'; + } else { + if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') + *ptr = '\0'; + snprintf(msg_ret, msg_len, errstr, time_string); + } + } + + (void) kadm5_free_policy_ent(handle->lhandle, &pol); + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return KADM5_PASS_TOOSOON; + } + + ret = kadm5_free_policy_ent(handle->lhandle, &pol); + if (ret) { + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return ret; } } diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index 073f6ff..10e6054 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 OpenVision Technologies, Inc., All Rights Reserved * @@ -7,51 +8,51 @@ #define _MISC_H 1 typedef struct _krb5_fulladdr { - krb5_address * address; - krb5_ui_4 port; + krb5_address * address; + krb5_ui_4 port; } krb5_fulladdr; void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); + struct sockaddr_in *addr, char *data); int setup_gss_names(struct svc_req *, gss_buffer_desc *, - gss_buffer_desc *); + gss_buffer_desc *); kadm5_ret_t chpass_principal_wrapper_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - char *password); + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *password); kadm5_ret_t randkey_principal_wrapper_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock **keys, int *n_keys); + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keys, int *n_keys); kadm5_ret_t schpw_util_wrapper(void *server_handle, krb5_principal client, - krb5_principal target, krb5_boolean initial_flag, - char *new_pw, char **ret_pw, - char *msg_ret, unsigned int msg_len); + krb5_principal target, krb5_boolean initial_flag, + char *new_pw, char **ret_pw, + char *msg_ret, unsigned int msg_len); kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal, - char *msg_ret, unsigned int msg_len); + char *msg_ret, unsigned int msg_len); -krb5_error_code process_chpw_request(krb5_context context, - void *server_handle, - char *realm, - krb5_keytab keytab, - krb5_fulladdr *local_faddr, - krb5_fulladdr *remote_faddr, - krb5_data *req, krb5_data *rep); +krb5_error_code process_chpw_request(krb5_context context, + void *server_handle, + char *realm, + krb5_keytab keytab, + krb5_fulladdr *local_faddr, + krb5_fulladdr *remote_faddr, + krb5_data *req, krb5_data *rep); void kadm_1(struct svc_req *, SVCXPRT *); void krb5_iprop_prog_1(struct svc_req *, SVCXPRT *); @@ -60,7 +61,7 @@ void trunc_name(size_t *len, char **dots); int gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name, - krb5_principal *princ, gss_buffer_t gss_str); + krb5_principal *princ, gss_buffer_t gss_str); extern volatile int signal_request_exit; @@ -69,7 +70,7 @@ extern volatile int signal_request_hup; void reset_db(void); void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); + struct sockaddr_in *addr, char *data); /* network.c */ krb5_error_code setup_network(void *handle, const char *prog); @@ -77,13 +78,13 @@ krb5_error_code listen_and_process(void *handle, const char *prog); krb5_error_code closedown_network(void *handle, const char *prog); -void +void krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp); -kadm5_ret_t +kadm5_ret_t kiprop_get_adm_host_srv_name(krb5_context, - const char *, - char **); + const char *, + char **); #endif /* _MISC_H */ diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c index df3f01c..5dd7f2e 100644 --- a/src/kadmin/server/network.c +++ b/src/kadmin/server/network.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/server/network.c * @@ -7,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -21,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Network code for Kerberos v5 kadmin server (based on KDC code). */ @@ -61,7 +62,7 @@ #endif #ifdef HAVE_SYS_FILIO_H -#include <sys/filio.h> /* FIONBIO */ +#include <sys/filio.h> /* FIONBIO */ #endif #include "fake-addrinfo.h" @@ -75,15 +76,15 @@ set_sa_port(struct sockaddr *addr, int port) { switch (addr->sa_family) { case AF_INET: - sa2sin(addr)->sin_port = port; - break; + sa2sin(addr)->sin_port = port; + break; #ifdef KRB5_USE_INET6 case AF_INET6: - sa2sin6(addr)->sin6_port = port; - break; + sa2sin6(addr)->sin6_port = port; + break; #endif default: - break; + break; } } @@ -92,13 +93,13 @@ static int ipv6_enabled() #ifdef KRB5_USE_INET6 static int result = -1; if (result == -1) { - int s; - s = socket(AF_INET6, SOCK_STREAM, 0); - if (s >= 0) { - result = 1; - close(s); - } else - result = 0; + int s; + s = socket(AF_INET6, SOCK_STREAM, 0); + if (s >= 0) { + result = 1; + close(s); + } else + result = 0; } return result; #else @@ -139,21 +140,21 @@ set_pktinfo(int sock, int family) switch (family) { #if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO) case AF_INET: - proto = IPPROTO_IP; - option = IP_RECVPKTINFO; - break; + proto = IPPROTO_IP; + option = IP_RECVPKTINFO; + break; #endif #if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO) case AF_INET6: - proto = IPPROTO_IPV6; - option = IPV6_RECVPKTINFO; - break; + proto = IPPROTO_IPV6; + option = IPV6_RECVPKTINFO; + break; #endif default: - return EINVAL; + return EINVAL; } if (setsockopt(sock, proto, option, &sockopt, sizeof(sockopt))) - return errno; + return errno; return 0; } @@ -163,17 +164,17 @@ static const char *paddr (struct sockaddr *sa) static char buf[100]; char portbuf[10]; if (getnameinfo(sa, socklen(sa), - buf, sizeof(buf), portbuf, sizeof(portbuf), - NI_NUMERICHOST|NI_NUMERICSERV)) - strlcpy(buf, "<unprintable>", sizeof(buf)); + buf, sizeof(buf), portbuf, sizeof(portbuf), + NI_NUMERICHOST|NI_NUMERICSERV)) + strlcpy(buf, "<unprintable>", sizeof(buf)); else { - unsigned int len = sizeof(buf) - strlen(buf); - char *p = buf + strlen(buf); - if (len > 2+strlen(portbuf)) { - *p++ = '.'; - len--; - strncpy(p, portbuf, len); - } + unsigned int len = sizeof(buf) - strlen(buf); + char *p = buf + strlen(buf); + if (len > 2+strlen(portbuf)) { + *p++ = '.'; + len--; + strncpy(p, portbuf, len); + } } return buf; } @@ -192,31 +193,31 @@ struct connection { enum conn_type type; void (*service)(void *handle, struct connection *, const char *, int); union { - /* Type-specific information. */ - struct { - /* connection */ - struct sockaddr_storage addr_s; - socklen_t addrlen; - char addrbuf[56]; - krb5_fulladdr faddr; - krb5_address kaddr; - /* incoming */ - size_t bufsiz; - size_t offset; - char *buffer; - size_t msglen; - /* outgoing */ - krb5_data *response; - unsigned char lenbuf[4]; - sg_buf sgbuf[2]; - sg_buf *sgp; - int sgnum; - /* crude denial-of-service avoidance support */ - time_t start_time; - } tcp; - struct { - SVCXPRT *transp; - } rpc; + /* Type-specific information. */ + struct { + /* connection */ + struct sockaddr_storage addr_s; + socklen_t addrlen; + char addrbuf[56]; + krb5_fulladdr faddr; + krb5_address kaddr; + /* incoming */ + size_t bufsiz; + size_t offset; + char *buffer; + size_t msglen; + /* outgoing */ + krb5_data *response; + unsigned char lenbuf[4]; + sg_buf sgbuf[2]; + sg_buf *sgp; + int sgnum; + /* crude denial-of-service avoidance support */ + time_t start_time; + } tcp; + struct { + SVCXPRT *transp; + } rpc; } u; }; @@ -226,47 +227,47 @@ struct connection { /* Start at the top and work down -- this should allow for deletions without disrupting the iteration, since we delete by overwriting the element to be removed with the last element. */ -#define FOREACH_ELT(set,idx,vvar) \ - for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--) - -#define GROW_SET(set, incr, tmpptr) \ - (((int)(set.max + incr) < set.max \ - || (((size_t)((int)(set.max + incr) * sizeof(set.data[0])) \ - / sizeof(set.data[0])) \ - != (set.max + incr))) \ - ? 0 /* overflow */ \ - : ((tmpptr = realloc(set.data, \ - (int)(set.max + incr) * sizeof(set.data[0]))) \ - ? (set.data = tmpptr, set.max += incr, 1) \ - : 0)) +#define FOREACH_ELT(set,idx,vvar) \ + for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--) + +#define GROW_SET(set, incr, tmpptr) \ + (((int)(set.max + incr) < set.max \ + || (((size_t)((int)(set.max + incr) * sizeof(set.data[0])) \ + / sizeof(set.data[0])) \ + != (set.max + incr))) \ + ? 0 /* overflow */ \ + : ((tmpptr = realloc(set.data, \ + (int)(set.max + incr) * sizeof(set.data[0]))) \ + ? (set.data = tmpptr, set.max += incr, 1) \ + : 0)) /* 1 = success, 0 = failure */ -#define ADD(set, val, tmpptr) \ - ((set.n < set.max || GROW_SET(set, 10, tmpptr)) \ - ? (set.data[set.n++] = val, 1) \ - : 0) +#define ADD(set, val, tmpptr) \ + ((set.n < set.max || GROW_SET(set, 10, tmpptr)) \ + ? (set.data[set.n++] = val, 1) \ + : 0) -#define DEL(set, idx) \ - (set.data[idx] = set.data[--set.n], 0) +#define DEL(set, idx) \ + (set.data[idx] = set.data[--set.n], 0) -#define FREE_SET_DATA(set) \ - (free(set.data), set.data = 0, set.max = 0, set.n = 0) +#define FREE_SET_DATA(set) \ + (free(set.data), set.data = 0, set.max = 0, set.n = 0) /* Set<struct connection *> connections; */ static SET(struct connection *) connections; -#define n_sockets connections.n -#define conns connections.data +#define n_sockets connections.n +#define conns connections.data /* Set<u_short> udp_port_data, tcp_port_data; */ static SET(u_short) udp_port_data, tcp_port_data; -struct rpc_svc_data { - u_short port; - u_long prognum; - u_long versnum; - void (*dispatch)(); -}; + struct rpc_svc_data { + u_short port; + u_long prognum; + u_long versnum; + void (*dispatch)(); + }; static SET(struct rpc_svc_data) rpc_svc_data; @@ -277,60 +278,60 @@ static fd_set rpc_listenfds; static krb5_error_code add_udp_port(int port) { - int i; + int i; void *tmp; u_short val; u_short s_port = port; if (s_port != port) - return EINVAL; + return EINVAL; FOREACH_ELT (udp_port_data, i, val) - if (s_port == val) - return 0; + if (s_port == val) + return 0; if (!ADD(udp_port_data, s_port, tmp)) - return ENOMEM; + return ENOMEM; return 0; } static krb5_error_code add_tcp_port(int port) { - int i; + int i; void *tmp; u_short val; u_short s_port = port; if (s_port != port) - return EINVAL; + return EINVAL; FOREACH_ELT (tcp_port_data, i, val) - if (s_port == val) - return 0; + if (s_port == val) + return 0; if (!ADD(tcp_port_data, s_port, tmp)) - return ENOMEM; + return ENOMEM; return 0; } static krb5_error_code add_rpc_service(int port, u_long prognum, u_long versnum, - void (*dispatch)()) + void (*dispatch)()) { - int i; + int i; void *tmp; struct rpc_svc_data svc, val; svc.port = port; if (svc.port != port) - return EINVAL; + return EINVAL; svc.prognum = prognum; svc.versnum = versnum; svc.dispatch = dispatch; FOREACH_ELT (rpc_svc_data, i, val) { - if (val.port == port) - return 0; + if (val.port == port) + return 0; } if (!ADD(rpc_svc_data, svc, tmp)) - return ENOMEM; + return ENOMEM; return 0; } @@ -351,31 +352,31 @@ struct socksetup { static struct connection * add_fd (struct socksetup *data, int sock, enum conn_type conntype, - void (*service)(void *handle, struct connection *, const char *, int)) + void (*service)(void *handle, struct connection *, const char *, int)) { struct connection *newconn; void *tmp; #ifndef _WIN32 if (sock >= FD_SETSIZE) { - data->retval = EMFILE; /* XXX */ - com_err(data->prog, 0, - "file descriptor number %d too high", sock); - return 0; + data->retval = EMFILE; /* XXX */ + com_err(data->prog, 0, + "file descriptor number %d too high", sock); + return 0; } #endif newconn = (struct connection *)malloc(sizeof(*newconn)); if (newconn == NULL) { - data->retval = ENOMEM; - com_err(data->prog, ENOMEM, - "cannot allocate storage for connection info"); - return 0; + data->retval = ENOMEM; + com_err(data->prog, ENOMEM, + "cannot allocate storage for connection info"); + return 0; } if (!ADD(connections, newconn, tmp)) { - data->retval = ENOMEM; - com_err(data->prog, ENOMEM, "cannot save socket info"); - free(newconn); - return 0; + data->retval = ENOMEM; + com_err(data->prog, ENOMEM, "cannot save socket info"); + free(newconn); + return 0; } memset(newconn, 0, sizeof(*newconn)); @@ -395,7 +396,7 @@ static struct connection * add_udp_fd (struct socksetup *data, int sock, int pktinfo) { return add_fd(data, sock, pktinfo ? CONN_UDP_PKTINFO : CONN_UDP, - process_packet); + process_packet); } static struct connection * @@ -417,10 +418,10 @@ delete_fd (struct connection *xconn) int i; FOREACH_ELT(connections, i, conn) - if (conn == xconn) { - DEL(connections, i); - break; - } + if (conn == xconn) { + DEL(connections, i); + break; + } free(xconn); } @@ -431,22 +432,22 @@ add_rpc_listener_fd (struct socksetup *data, struct rpc_svc_data *svc, int sock) conn = add_fd(data, sock, CONN_RPC_LISTENER, accept_rpc_connection); if (conn == NULL) - return NULL; + return NULL; conn->u.rpc.transp = svctcp_create(sock, 0, 0); if (conn->u.rpc.transp == NULL) { - krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %s; continuing", - strerror(errno)); - delete_fd(conn); - return NULL; + krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %s; continuing", + strerror(errno)); + delete_fd(conn); + return NULL; } if (!svc_register(conn->u.rpc.transp, svc->prognum, svc->versnum, - svc->dispatch, 0)) { - krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing", - strerror(errno)); - delete_fd(conn); - return NULL; + svc->dispatch, 0)) { + krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing", + strerror(errno)); + delete_fd(conn); + return NULL; } return conn; @@ -487,60 +488,60 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) sock = socket(addr->sa_family, SOCK_STREAM, 0); if (sock == -1) { - com_err(data->prog, errno, "Cannot create TCP server socket on %s", - paddr(addr)); - return -1; + com_err(data->prog, errno, "Cannot create TCP server socket on %s", + paddr(addr)); + return -1; } set_cloexec_fd(sock); #ifndef _WIN32 if (sock >= FD_SETSIZE) { - close(sock); - com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", - sock, paddr(addr)); - return -1; + close(sock); + com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", + sock, paddr(addr)); + return -1; } #endif if (setreuseaddr(sock, 1) < 0) - com_err(data->prog, errno, - "Cannot enable SO_REUSEADDR on fd %d", sock); + com_err(data->prog, errno, + "Cannot enable SO_REUSEADDR on fd %d", sock); #ifdef KRB5_USE_INET6 if (addr->sa_family == AF_INET6) { #ifdef IPV6_V6ONLY - if (setv6only(sock, 1)) - com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", - sock); - else - com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", - sock); + if (setv6only(sock, 1)) + com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", + sock); + else + com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", + sock); #else - krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); + krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); #endif /* IPV6_V6ONLY */ } #endif /* KRB5_USE_INET6 */ if (bind(sock, addr, socklen(addr)) == -1) { - com_err(data->prog, errno, - "Cannot bind TCP server socket on %s", paddr(addr)); - close(sock); - return -1; + com_err(data->prog, errno, + "Cannot bind TCP server socket on %s", paddr(addr)); + close(sock); + return -1; } if (listen(sock, 5) < 0) { - com_err(data->prog, errno, "Cannot listen on TCP server socket on %s", - paddr(addr)); - close(sock); - return -1; + com_err(data->prog, errno, "Cannot listen on TCP server socket on %s", + paddr(addr)); + close(sock); + return -1; } if (setnbio(sock)) { - com_err(data->prog, errno, - "cannot set listening tcp socket on %s non-blocking", - paddr(addr)); - close(sock); - return -1; + com_err(data->prog, errno, + "cannot set listening tcp socket on %s non-blocking", + paddr(addr)); + close(sock); + return -1; } if (setnolinger(sock)) { - com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s", - paddr(addr)); - close(sock); - return -1; + com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s", + paddr(addr)); + close(sock); + return -1; } return sock; } @@ -553,27 +554,27 @@ setup_a_rpc_listener(struct socksetup *data, struct sockaddr *addr) sock = socket(addr->sa_family, SOCK_STREAM, 0); if (sock == -1) { - com_err(data->prog, errno, "Cannot create RPC server socket on %s", - paddr(addr)); - return -1; + com_err(data->prog, errno, "Cannot create RPC server socket on %s", + paddr(addr)); + return -1; } set_cloexec_fd(sock); #ifndef _WIN32 if (sock >= FD_SETSIZE) { - close(sock); - com_err(data->prog, 0, "RPC socket fd number %d (for %s) too high", - sock, paddr(addr)); - return -1; + close(sock); + com_err(data->prog, 0, "RPC socket fd number %d (for %s) too high", + sock, paddr(addr)); + return -1; } #endif if (setreuseaddr(sock, 1) < 0) - com_err(data->prog, errno, - "Cannot enable SO_REUSEADDR on fd %d", sock); + com_err(data->prog, errno, + "Cannot enable SO_REUSEADDR on fd %d", sock); if (bind(sock, addr, socklen(addr)) == -1) { - com_err(data->prog, errno, - "Cannot bind RPC server socket on %s", paddr(addr)); - close(sock); - return -1; + com_err(data->prog, errno, + "Cannot bind RPC server socket on %s", paddr(addr)); + close(sock); + return -1; } return sock; } @@ -604,58 +605,58 @@ setup_tcp_listener_ports(struct socksetup *data) #endif FOREACH_ELT (tcp_port_data, i, port) { - int s4, s6; - - set_sa_port((struct sockaddr *)&sin4, htons(port)); - if (!ipv6_enabled()) { - s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); - if (s4 < 0) - return -1; - s6 = -1; - } else { + int s4, s6; + + set_sa_port((struct sockaddr *)&sin4, htons(port)); + if (!ipv6_enabled()) { + s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); + if (s4 < 0) + return -1; + s6 = -1; + } else { #ifndef KRB5_USE_INET6 - abort(); + abort(); #else - s4 = s6 = -1; + s4 = s6 = -1; - set_sa_port((struct sockaddr *)&sin6, htons(port)); + set_sa_port((struct sockaddr *)&sin6, htons(port)); - s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6); - if (s6 < 0) - return -1; + s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6); + if (s6 < 0) + return -1; - s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); + s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); #endif /* KRB5_USE_INET6 */ - } - - /* Sockets are created, prepare to listen on them. */ - if (s4 >= 0) { - if (add_tcp_listener_fd(data, s4) == NULL) - close(s4); - else { - FD_SET(s4, &sstate.rfds); - if (s4 >= sstate.max) - sstate.max = s4 + 1; - krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", - s4, paddr((struct sockaddr *)&sin4)); - } - } + } + + /* Sockets are created, prepare to listen on them. */ + if (s4 >= 0) { + if (add_tcp_listener_fd(data, s4) == NULL) + close(s4); + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", + s4, paddr((struct sockaddr *)&sin4)); + } + } #ifdef KRB5_USE_INET6 - if (s6 >= 0) { - if (add_tcp_listener_fd(data, s6) == NULL) { - close(s6); - s6 = -1; - } else { - FD_SET(s6, &sstate.rfds); - if (s6 >= sstate.max) - sstate.max = s6 + 1; - krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", - s6, paddr((struct sockaddr *)&sin6)); - } - if (s4 < 0) - krb5_klog_syslog(LOG_INFO, - "assuming IPv6 socket accepts IPv4"); - } + if (s6 >= 0) { + if (add_tcp_listener_fd(data, s6) == NULL) { + close(s6); + s6 = -1; + } else { + FD_SET(s6, &sstate.rfds); + if (s6 >= sstate.max) + sstate.max = s6 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", + s6, paddr((struct sockaddr *)&sin6)); + } + if (s4 < 0) + krb5_klog_syslog(LOG_INFO, + "assuming IPv6 socket accepts IPv4"); + } #endif } return 0; @@ -676,23 +677,23 @@ setup_rpc_listener_ports(struct socksetup *data) sin4.sin_addr.s_addr = INADDR_ANY; FOREACH_ELT (rpc_svc_data, i, svc) { - int s4; - - set_sa_port((struct sockaddr *)&sin4, htons(svc.port)); - s4 = setup_a_rpc_listener(data, (struct sockaddr *)&sin4); - if (s4 < 0) - return -1; - else { - if (add_rpc_listener_fd(data, &svc, s4) == NULL) - close(s4); - else { - FD_SET(s4, &sstate.rfds); - if (s4 >= sstate.max) - sstate.max = s4 + 1; - krb5_klog_syslog(LOG_INFO, "listening on fd %d: rpc %s", - s4, paddr((struct sockaddr *)&sin4)); - } - } + int s4; + + set_sa_port((struct sockaddr *)&sin4, htons(svc.port)); + s4 = setup_a_rpc_listener(data, (struct sockaddr *)&sin4); + if (s4 < 0) + return -1; + else { + if (add_rpc_listener_fd(data, &svc, s4) == NULL) + close(s4); + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: rpc %s", + s4, paddr((struct sockaddr *)&sin4)); + } + } } FD_ZERO(&rpc_listenfds); rpc_listenfds = svc_fdset; @@ -712,39 +713,39 @@ union pktinfo { static int setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, - char *haddrbuf, int pktinfo); + char *haddrbuf, int pktinfo); static void setup_udp_pktinfo_ports(struct socksetup *data) { #ifdef IP_PKTINFO { - struct sockaddr_in sa; - int r; + struct sockaddr_in sa; + int r; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; #ifdef HAVE_SA_LEN - sa.sin_len = sizeof(sa); + sa.sin_len = sizeof(sa); #endif - r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4); - if (r == 0) - data->udp_flags &= ~UDP_DO_IPV4; + r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4); + if (r == 0) + data->udp_flags &= ~UDP_DO_IPV4; } #endif #ifdef IPV6_PKTINFO { - struct sockaddr_in6 sa; - int r; + struct sockaddr_in6 sa; + int r; - memset(&sa, 0, sizeof(sa)); - sa.sin6_family = AF_INET6; + memset(&sa, 0, sizeof(sa)); + sa.sin6_family = AF_INET6; #ifdef HAVE_SA_LEN - sa.sin6_len = sizeof(sa); + sa.sin6_len = sizeof(sa); #endif - r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6); - if (r == 0) - data->udp_flags &= ~UDP_DO_IPV6; + r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6); + if (r == 0) + data->udp_flags &= ~UDP_DO_IPV6; } #endif } @@ -757,67 +758,67 @@ setup_udp_pktinfo_ports(struct socksetup *data) static int setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, - char *haddrbuf, int pktinfo) + char *haddrbuf, int pktinfo) { int sock = -1, i, r; u_short port; FOREACH_ELT (udp_port_data, i, port) { - sock = socket (addr->sa_family, SOCK_DGRAM, 0); - if (sock == -1) { - data->retval = errno; - com_err(data->prog, data->retval, - "Cannot create server socket for port %d address %s", - port, haddrbuf); - return 1; - } - set_cloexec_fd(sock); + sock = socket (addr->sa_family, SOCK_DGRAM, 0); + if (sock == -1) { + data->retval = errno; + com_err(data->prog, data->retval, + "Cannot create server socket for port %d address %s", + port, haddrbuf); + return 1; + } + set_cloexec_fd(sock); #ifdef KRB5_USE_INET6 - if (addr->sa_family == AF_INET6) { + if (addr->sa_family == AF_INET6) { #ifdef IPV6_V6ONLY - if (setv6only(sock, 1)) - com_err(data->prog, errno, - "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); - else - com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", - sock); + if (setv6only(sock, 1)) + com_err(data->prog, errno, + "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); + else + com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", + sock); #else - krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); + krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); #endif /* IPV6_V6ONLY */ - } + } #endif - set_sa_port(addr, htons(port)); - if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) { - data->retval = errno; - com_err(data->prog, data->retval, - "Cannot bind server socket to port %d address %s", - port, haddrbuf); - close(sock); - return 1; - } + set_sa_port(addr, htons(port)); + if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) { + data->retval = errno; + com_err(data->prog, data->retval, + "Cannot bind server socket to port %d address %s", + port, haddrbuf); + close(sock); + return 1; + } #if !(defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && (defined(IP_PKTINFO) || defined(IPV6_PKTINFO))) - assert(pktinfo == 0); + assert(pktinfo == 0); #endif - if (pktinfo) { - r = set_pktinfo(sock, addr->sa_family); - if (r) { - com_err(data->prog, r, - "Cannot request packet info for udp socket address %s port %d", - haddrbuf, port); - close(sock); - return 1; - } - } - krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock, - paddr((struct sockaddr *)addr), - pktinfo ? " (pktinfo)" : ""); - if (add_udp_fd (data, sock, pktinfo) == 0) { - close(sock); - return 1; - } - FD_SET (sock, &sstate.rfds); - if (sock >= sstate.max) - sstate.max = sock + 1; + if (pktinfo) { + r = set_pktinfo(sock, addr->sa_family); + if (r) { + com_err(data->prog, r, + "Cannot request packet info for udp socket address %s port %d", + haddrbuf, port); + close(sock); + return 1; + } + } + krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock, + paddr((struct sockaddr *)addr), + pktinfo ? " (pktinfo)" : ""); + if (add_udp_fd (data, sock, pktinfo) == 0) { + close(sock); + return 1; + } + FD_SET (sock, &sstate.rfds); + if (sock >= sstate.max) + sstate.max = sock + 1; } return 0; } @@ -830,51 +831,51 @@ setup_udp_port(void *P_data, struct sockaddr *addr) int err; if (addr->sa_family == AF_INET && !(data->udp_flags & UDP_DO_IPV4)) - return 0; + return 0; #ifdef AF_INET6 if (addr->sa_family == AF_INET6 && !(data->udp_flags & UDP_DO_IPV6)) - return 0; + return 0; #endif err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf), - 0, 0, NI_NUMERICHOST); + 0, 0, NI_NUMERICHOST); if (err) - strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf)); + strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf)); switch (addr->sa_family) { case AF_INET: - break; + break; #ifdef AF_INET6 case AF_INET6: #ifdef KRB5_USE_INET6 - break; + break; #else - { - static int first = 1; - if (first) { - krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses"); - first = 0; - } - return 0; - } + { + static int first = 1; + if (first) { + krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses"); + first = 0; + } + return 0; + } #endif #endif #ifdef AF_LINK /* some BSD systems, AIX */ case AF_LINK: - return 0; + return 0; #endif #ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */ case AF_DLI: - return 0; + return 0; #endif #ifdef AF_APPLETALK case AF_APPLETALK: - return 0; + return 0; #endif default: - krb5_klog_syslog (LOG_INFO, - "skipping unrecognized local address family %d", - addr->sa_family); - return 0; + krb5_klog_syslog (LOG_INFO, + "skipping unrecognized local address family %d", + addr->sa_family); + return 0; } return setup_udp_port_1(data, addr, haddrbuf, 0); } @@ -886,40 +887,40 @@ static void klog_handler(const void *data, size_t len) static int bufoffset; void *p; -#define flush_buf() \ - (bufoffset \ - ? (((buf[0] == 0 || buf[0] == '\n') \ - ? (fork()==0?abort():(void)0) \ - : (void)0), \ - krb5_klog_syslog(LOG_INFO, "%s", buf), \ - memset(buf, 0, sizeof(buf)), \ - bufoffset = 0) \ - : 0) +#define flush_buf() \ + (bufoffset \ + ? (((buf[0] == 0 || buf[0] == '\n') \ + ? (fork()==0?abort():(void)0) \ + : (void)0), \ + krb5_klog_syslog(LOG_INFO, "%s", buf), \ + memset(buf, 0, sizeof(buf)), \ + bufoffset = 0) \ + : 0) p = memchr(data, 0, len); if (p) - len = (const char *)p - (const char *)data; + len = (const char *)p - (const char *)data; scan_for_newlines: if (len == 0) - return; + return; p = memchr(data, '\n', len); if (p) { - if (p != data) - klog_handler(data, (size_t)((const char *)p - (const char *)data)); - flush_buf(); - len -= ((const char *)p - (const char *)data) + 1; - data = 1 + (const char *)p; - goto scan_for_newlines; + if (p != data) + klog_handler(data, (size_t)((const char *)p - (const char *)data)); + flush_buf(); + len -= ((const char *)p - (const char *)data) + 1; + data = 1 + (const char *)p; + goto scan_for_newlines; } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) { - size_t x = sizeof(buf) - len - 1; - klog_handler(data, x); - flush_buf(); - len -= x; - data = (const char *)data + x; - goto scan_for_newlines; + size_t x = sizeof(buf) - len - 1; + klog_handler(data, x); + flush_buf(); + len -= x; + data = (const char *)data + x; + goto scan_for_newlines; } else { - memcpy(buf + bufoffset, data, len); - bufoffset += len; + memcpy(buf + bufoffset, data, len); + bufoffset += len; } } #endif @@ -953,70 +954,70 @@ static char *rtm_type_name(int type) } static void process_routing_update(void *handle, struct connection *conn, - const char *prog, int selflags) + const char *prog, int selflags) { int n_read; struct rt_msghdr rtm; krb5_klog_syslog(LOG_INFO, "routing socket readable"); while ((n_read = read(conn->fd, &rtm, sizeof(rtm))) > 0) { - if (n_read < sizeof(rtm)) { - /* Quick hack to figure out if the interesting - fields are present in a short read. + if (n_read < sizeof(rtm)) { + /* Quick hack to figure out if the interesting + fields are present in a short read. - A short read seems to be normal for some message types. - Only complain if we don't have the critical initial - header fields. */ + A short read seems to be normal for some message types. + Only complain if we don't have the critical initial + header fields. */ #define RS(FIELD) (offsetof(struct rt_msghdr, FIELD) + sizeof(rtm.FIELD)) - if (n_read < RS(rtm_type) || - n_read < RS(rtm_version) || - n_read < RS(rtm_msglen)) { - krb5_klog_syslog(LOG_ERR, - "short read (%d/%d) from routing socket", - n_read, (int) sizeof(rtm)); - return; - } - } - krb5_klog_syslog(LOG_INFO, - "got routing msg type %d(%s) v%d", - rtm.rtm_type, rtm_type_name(rtm.rtm_type), - rtm.rtm_version); - if (rtm.rtm_msglen > sizeof(rtm)) { - /* It appears we get a partial message and the rest is - thrown away? */ - } else if (rtm.rtm_msglen != n_read) { - krb5_klog_syslog(LOG_ERR, - "read %d from routing socket but msglen is %d", - n_read, rtm.rtm_msglen); - } - switch (rtm.rtm_type) { - case RTM_ADD: - case RTM_DELETE: - case RTM_NEWADDR: - case RTM_DELADDR: - case RTM_IFINFO: - case RTM_OLDADD: - case RTM_OLDDEL: - krb5_klog_syslog(LOG_INFO, "reconfiguration needed"); - network_reconfiguration_needed = 1; - break; - case RTM_RESOLVE: + if (n_read < RS(rtm_type) || + n_read < RS(rtm_version) || + n_read < RS(rtm_msglen)) { + krb5_klog_syslog(LOG_ERR, + "short read (%d/%d) from routing socket", + n_read, (int) sizeof(rtm)); + return; + } + } + krb5_klog_syslog(LOG_INFO, + "got routing msg type %d(%s) v%d", + rtm.rtm_type, rtm_type_name(rtm.rtm_type), + rtm.rtm_version); + if (rtm.rtm_msglen > sizeof(rtm)) { + /* It appears we get a partial message and the rest is + thrown away? */ + } else if (rtm.rtm_msglen != n_read) { + krb5_klog_syslog(LOG_ERR, + "read %d from routing socket but msglen is %d", + n_read, rtm.rtm_msglen); + } + switch (rtm.rtm_type) { + case RTM_ADD: + case RTM_DELETE: + case RTM_NEWADDR: + case RTM_DELADDR: + case RTM_IFINFO: + case RTM_OLDADD: + case RTM_OLDDEL: + krb5_klog_syslog(LOG_INFO, "reconfiguration needed"); + network_reconfiguration_needed = 1; + break; + case RTM_RESOLVE: #ifdef RTM_NEWMADDR - case RTM_NEWMADDR: - case RTM_DELMADDR: + case RTM_NEWMADDR: + case RTM_DELMADDR: #endif - case RTM_MISS: - case RTM_REDIRECT: - case RTM_LOSING: - case RTM_GET: - /* Not interesting. */ - krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting"); - break; - default: - krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it"); - network_reconfiguration_needed = 1; - break; - } + case RTM_MISS: + case RTM_REDIRECT: + case RTM_LOSING: + case RTM_GET: + /* Not interesting. */ + krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting"); + break; + default: + krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it"); + network_reconfiguration_needed = 1; + break; + } } } @@ -1025,14 +1026,14 @@ setup_routing_socket(struct socksetup *data) { int sock = socket(PF_ROUTE, SOCK_RAW, 0); if (sock < 0) { - int e = errno; - krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s", - strerror(e)); + int e = errno; + krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s", + strerror(e)); } else { - krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock); - add_fd(data, sock, CONN_ROUTING, process_routing_update); - setnbio(sock); - FD_SET(sock, &sstate.rfds); + krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock); + add_fd(data, sock, CONN_ROUTING, process_routing_update); + setnbio(sock); + FD_SET(sock, &sstate.rfds); } } #endif @@ -1058,25 +1059,25 @@ setup_network(void *handle, const char *prog) retval = add_udp_port(server_handle->params.kpasswd_port); if (retval) - return retval; + return retval; retval = add_tcp_port(server_handle->params.kpasswd_port); if (retval) - return retval; + return retval; retval = add_rpc_service(server_handle->params.kadmind_port, - KADM, KADMVERS, - kadm_1); + KADM, KADMVERS, + kadm_1); if (retval) - return retval; + return retval; #ifndef DISABLE_IPROP if (server_handle->params.iprop_enabled) { - retval = add_rpc_service(server_handle->params.iprop_port, - KRB5_IPROP_PROG, KRB5_IPROP_VERS, - krb5_iprop_prog_1); - if (retval) - return retval; + retval = add_rpc_service(server_handle->params.iprop_port, + KRB5_IPROP_PROG, KRB5_IPROP_VERS, + krb5_iprop_prog_1); + if (retval) + return retval; } #endif /* DISABLE_IPROP */ @@ -1093,16 +1094,16 @@ setup_network(void *handle, const char *prog) setup_data.udp_flags = UDP_DO_IPV4 | UDP_DO_IPV6; setup_udp_pktinfo_ports(&setup_data); if (setup_data.udp_flags) { - if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) { - return setup_data.retval; - } + if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) { + return setup_data.retval; + } } setup_tcp_listener_ports(&setup_data); setup_rpc_listener_ports(&setup_data); krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets); if (n_sockets == 0) { - com_err(prog, 0, "no sockets set up?"); - exit (1); + com_err(prog, 0, "no sockets set up?"); + exit (1); } return 0; @@ -1112,45 +1113,45 @@ static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa) { switch (sa->sa_family) { case AF_INET: - faddr->address->addrtype = ADDRTYPE_INET; - faddr->address->length = 4; - faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr; - faddr->port = ntohs(sa2sin(sa)->sin_port); - break; + faddr->address->addrtype = ADDRTYPE_INET; + faddr->address->length = 4; + faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr; + faddr->port = ntohs(sa2sin(sa)->sin_port); + break; #ifdef KRB5_USE_INET6 case AF_INET6: - if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) { - faddr->address->addrtype = ADDRTYPE_INET; - faddr->address->length = 4; - faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr; - } else { - faddr->address->addrtype = ADDRTYPE_INET6; - faddr->address->length = 16; - faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr; - } - faddr->port = ntohs(sa2sin6(sa)->sin6_port); - break; + if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) { + faddr->address->addrtype = ADDRTYPE_INET; + faddr->address->length = 4; + faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr; + } else { + faddr->address->addrtype = ADDRTYPE_INET6; + faddr->address->length = 16; + faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr; + } + faddr->port = ntohs(sa2sin6(sa)->sin6_port); + break; #endif default: - faddr->address->addrtype = -1; - faddr->address->length = 0; - faddr->address->contents = 0; - faddr->port = 0; - break; + faddr->address->addrtype = -1; + faddr->address->length = 0; + faddr->address->contents = 0; + faddr->port = 0; + break; } } static int recv_from_to(int s, void *buf, size_t len, int flags, - struct sockaddr *from, socklen_t *fromlen, - struct sockaddr *to, socklen_t *tolen) + struct sockaddr *from, socklen_t *fromlen, + struct sockaddr *to, socklen_t *tolen) { #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) if (to && tolen) { - /* Clobber with something recognizeable in case we try to use - the address. */ - memset(to, 0x40, *tolen); - *tolen = 0; + /* Clobber with something recognizeable in case we try to use + the address. */ + memset(to, 0x40, *tolen); + *tolen = 0; } return recvfrom(s, buf, len, flags, from, fromlen); @@ -1162,7 +1163,7 @@ recv_from_to(int s, void *buf, size_t len, int flags, struct msghdr msg; if (!to || !tolen) - return recvfrom(s, buf, len, flags, from, fromlen); + return recvfrom(s, buf, len, flags, from, fromlen); /* Clobber with something recognizeable in case we can't extract the address but try to use it anyways. */ @@ -1180,7 +1181,7 @@ recv_from_to(int s, void *buf, size_t len, int flags, r = recvmsg(s, &msg, flags); if (r < 0) - return r; + return r; *fromlen = msg.msg_namelen; /* On Darwin (and presumably all *BSD with KAME stacks), @@ -1188,36 +1189,36 @@ recv_from_to(int s, void *buf, size_t len, int flags, 3542 recommends making this check, even though the (new) spec for CMSG_FIRSTHDR says it's supposed to do the check. */ if (msg.msg_controllen) { - cmsgptr = CMSG_FIRSTHDR(&msg); - while (cmsgptr) { + cmsgptr = CMSG_FIRSTHDR(&msg); + while (cmsgptr) { #ifdef IP_PKTINFO - if (cmsgptr->cmsg_level == IPPROTO_IP - && cmsgptr->cmsg_type == IP_PKTINFO - && *tolen >= sizeof(struct sockaddr_in)) { - struct in_pktinfo *pktinfo; - memset(to, 0, sizeof(struct sockaddr_in)); - pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr); - ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr; - ((struct sockaddr_in *)to)->sin_family = AF_INET; - *tolen = sizeof(struct sockaddr_in); - return r; - } + if (cmsgptr->cmsg_level == IPPROTO_IP + && cmsgptr->cmsg_type == IP_PKTINFO + && *tolen >= sizeof(struct sockaddr_in)) { + struct in_pktinfo *pktinfo; + memset(to, 0, sizeof(struct sockaddr_in)); + pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr); + ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr; + ((struct sockaddr_in *)to)->sin_family = AF_INET; + *tolen = sizeof(struct sockaddr_in); + return r; + } #endif #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO)&& defined(HAVE_STRUCT_IN6_PKTINFO) - if (cmsgptr->cmsg_level == IPPROTO_IPV6 - && cmsgptr->cmsg_type == IPV6_PKTINFO - && *tolen >= sizeof(struct sockaddr_in6)) { - struct in6_pktinfo *pktinfo; - memset(to, 0, sizeof(struct sockaddr_in6)); - pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); - ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr; - ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6; - *tolen = sizeof(struct sockaddr_in6); - return r; - } + if (cmsgptr->cmsg_level == IPPROTO_IPV6 + && cmsgptr->cmsg_type == IPV6_PKTINFO + && *tolen >= sizeof(struct sockaddr_in6)) { + struct in6_pktinfo *pktinfo; + memset(to, 0, sizeof(struct sockaddr_in6)); + pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); + ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr; + ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6; + *tolen = sizeof(struct sockaddr_in6); + return r; + } #endif - cmsgptr = CMSG_NXTHDR(&msg, cmsgptr); - } + cmsgptr = CMSG_NXTHDR(&msg, cmsgptr); + } } /* No info about destination addr was available. */ *tolen = 0; @@ -1227,8 +1228,8 @@ recv_from_to(int s, void *buf, size_t len, int flags, static int send_to_from(int s, void *buf, size_t len, int flags, - const struct sockaddr *to, socklen_t tolen, - const struct sockaddr *from, socklen_t fromlen) + const struct sockaddr *to, socklen_t tolen, + const struct sockaddr *from, socklen_t fromlen) { #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) return sendto(s, buf, len, flags, to, tolen); @@ -1240,14 +1241,14 @@ send_to_from(int s, void *buf, size_t len, int flags, if (from == 0 || fromlen == 0 || from->sa_family != to->sa_family) { use_sendto: - return sendto(s, buf, len, flags, to, tolen); + return sendto(s, buf, len, flags, to, tolen); } iov.iov_base = buf; iov.iov_len = len; /* Truncation? */ if (iov.iov_len != len) - return EINVAL; + return EINVAL; memset(cbuf, 0, sizeof(cbuf)); memset(&msg, 0, sizeof(msg)); msg.msg_name = (void *) to; @@ -1264,36 +1265,36 @@ send_to_from(int s, void *buf, size_t len, int flags, switch (from->sa_family) { #if defined(IP_PKTINFO) case AF_INET: - if (fromlen != sizeof(struct sockaddr_in)) - goto use_sendto; - cmsgptr->cmsg_level = IPPROTO_IP; - cmsgptr->cmsg_type = IP_PKTINFO; - cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); - { - struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr); - const struct sockaddr_in *from4 = (const struct sockaddr_in *)from; - p->ipi_spec_dst = from4->sin_addr; - } - msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); - break; + if (fromlen != sizeof(struct sockaddr_in)) + goto use_sendto; + cmsgptr->cmsg_level = IPPROTO_IP; + cmsgptr->cmsg_type = IP_PKTINFO; + cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + { + struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr); + const struct sockaddr_in *from4 = (const struct sockaddr_in *)from; + p->ipi_spec_dst = from4->sin_addr; + } + msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); + break; #endif #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO) case AF_INET6: - if (fromlen != sizeof(struct sockaddr_in6)) - goto use_sendto; - cmsgptr->cmsg_level = IPPROTO_IPV6; - cmsgptr->cmsg_type = IPV6_PKTINFO; - cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - { - struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); - const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from; - p->ipi6_addr = from6->sin6_addr; - } - msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - break; + if (fromlen != sizeof(struct sockaddr_in6)) + goto use_sendto; + cmsgptr->cmsg_level = IPPROTO_IPV6; + cmsgptr->cmsg_type = IPV6_PKTINFO; + cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + { + struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); + const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from; + p->ipi6_addr = from6->sin6_addr; + } + msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); + break; #endif default: - goto use_sendto; + goto use_sendto; } return sendmsg(s, &msg, flags); #endif @@ -1302,8 +1303,8 @@ send_to_from(int s, void *buf, size_t len, int flags, /* Dispatch routine for set/change password */ static krb5_error_code dispatch(void *handle, - struct sockaddr *local_saddr, krb5_fulladdr *remote_faddr, - krb5_data *request, krb5_data **response) + struct sockaddr *local_saddr, krb5_fulladdr *remote_faddr, + krb5_data *request, krb5_data **response) { krb5_error_code ret; krb5_keytab kt = NULL; @@ -1314,42 +1315,42 @@ dispatch(void *handle, *response = NULL; if (local_saddr == NULL) { - ret = krb5_os_localaddr(server_handle->context, &local_kaddrs); - if (ret != 0) - goto cleanup; + ret = krb5_os_localaddr(server_handle->context, &local_kaddrs); + if (ret != 0) + goto cleanup; - local_faddr.address = local_kaddrs[0]; - local_faddr.port = 0; + local_faddr.address = local_kaddrs[0]; + local_faddr.port = 0; } else { - local_faddr.address = &local_kaddr_buf; - init_addr(&local_faddr, local_saddr); + local_faddr.address = &local_kaddr_buf; + init_addr(&local_faddr, local_saddr); } ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt); if (ret != 0) { - krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", - krb5_get_error_message(server_handle->context, ret)); - goto cleanup; + krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", + krb5_get_error_message(server_handle->context, ret)); + goto cleanup; } *response = (krb5_data *)malloc(sizeof(krb5_data)); if (*response == NULL) { - ret = ENOMEM; - goto cleanup; + ret = ENOMEM; + goto cleanup; } ret = process_chpw_request(server_handle->context, - handle, - server_handle->params.realm, - kt, - &local_faddr, - remote_faddr, - request, - *response); + handle, + server_handle->params.realm, + kt, + &local_faddr, + remote_faddr, + request, + *response); cleanup: if (local_kaddrs != NULL) - krb5_free_addresses(server_handle->context, local_kaddrs); + krb5_free_addresses(server_handle->context, local_kaddrs); krb5_kt_close(server_handle->context, kt); @@ -1357,8 +1358,8 @@ cleanup: } static void process_packet(void *handle, - struct connection *conn, const char *prog, - int selflags) + struct connection *conn, const char *prog, + int selflags) { int cc; socklen_t saddr_len, daddr_len; @@ -1376,40 +1377,40 @@ static void process_packet(void *handle, saddr_len = sizeof(saddr); daddr_len = sizeof(daddr); cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0, - (struct sockaddr *)&saddr, &saddr_len, - (struct sockaddr *)&daddr, &daddr_len); + (struct sockaddr *)&saddr, &saddr_len, + (struct sockaddr *)&daddr, &daddr_len); if (cc == -1) { - if (errno != EINTR - /* This is how Linux indicates that a previous - transmission was refused, e.g., if the client timed out - before getting the response packet. */ - && errno != ECONNREFUSED - ) - com_err(prog, errno, "while receiving from network"); - return; + if (errno != EINTR + /* This is how Linux indicates that a previous + transmission was refused, e.g., if the client timed out + before getting the response packet. */ + && errno != ECONNREFUSED + ) + com_err(prog, errno, "while receiving from network"); + return; } if (!cc) - return; /* zero-length packet? */ + return; /* zero-length packet? */ #if 0 if (daddr_len > 0) { - char addrbuf[100]; - if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf), - 0, 0, NI_NUMERICHOST)) - strlcpy(addrbuf, "?", sizeof(addrbuf)); - com_err(prog, 0, "pktinfo says local addr is %s", addrbuf); + char addrbuf[100]; + if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf), + 0, 0, NI_NUMERICHOST)) + strlcpy(addrbuf, "?", sizeof(addrbuf)); + com_err(prog, 0, "pktinfo says local addr is %s", addrbuf); } #endif if (daddr_len == 0 && conn->type == CONN_UDP) { - /* If the PKTINFO option isn't set, this socket should be - bound to a specific local address. This info probably - should've been saved in our socket data structure at setup - time. */ - daddr_len = sizeof(daddr); - if (getsockname(port_fd, (struct sockaddr *)&daddr, &daddr_len) != 0) - daddr_len = 0; - /* On failure, keep going anyways. */ + /* If the PKTINFO option isn't set, this socket should be + bound to a specific local address. This info probably + should've been saved in our socket data structure at setup + time. */ + daddr_len = sizeof(daddr); + if (getsockname(port_fd, (struct sockaddr *)&daddr, &daddr_len) != 0) + daddr_len = 0; + /* On failure, keep going anyways. */ } request.length = cc; @@ -1418,28 +1419,28 @@ static void process_packet(void *handle, init_addr(&faddr, ss2sa(&saddr)); /* this address is in net order */ if ((retval = dispatch(handle, ss2sa(&daddr), &faddr, &request, &response))) { - com_err(prog, retval, "while dispatching (udp)"); - return; + com_err(prog, retval, "while dispatching (udp)"); + return; } if (response == NULL) - return; + return; cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0, - (struct sockaddr *)&saddr, saddr_len, - (struct sockaddr *)&daddr, daddr_len); + (struct sockaddr *)&saddr, saddr_len, + (struct sockaddr *)&daddr, daddr_len); if (cc == -1) { - char addrbuf[46]; + char addrbuf[46]; krb5_free_data(server_handle->context, response); - if (inet_ntop(((struct sockaddr *)&saddr)->sa_family, - addr.contents, addrbuf, sizeof(addrbuf)) == 0) { - strlcpy(addrbuf, "?", sizeof(addrbuf)); - } - com_err(prog, errno, "while sending reply to %s/%d", - addrbuf, faddr.port); - return; + if (inet_ntop(((struct sockaddr *)&saddr)->sa_family, + addr.contents, addrbuf, sizeof(addrbuf)) == 0) { + strlcpy(addrbuf, "?", sizeof(addrbuf)); + } + com_err(prog, errno, "while sending reply to %s/%d", + addrbuf, faddr.port); + return; } if (cc != response->length) { - com_err(prog, 0, "short reply write %d vs %d\n", - response->length, cc); + com_err(prog, 0, "short reply write %d vs %d\n", + response->length, cc); } krb5_free_data(server_handle->context, response); return; @@ -1459,31 +1460,31 @@ static int kill_lru_tcp_or_rpc_connection(void *handle, struct connection *newco krb5_klog_syslog(LOG_INFO, "too many connections"); FOREACH_ELT (connections, i, c) { - if (c->type != CONN_TCP && c->type != CONN_RPC) - continue; - if (c == newconn) - continue; + if (c->type != CONN_TCP && c->type != CONN_RPC) + continue; + if (c == newconn) + continue; #if 0 - krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd, - c->u.tcp.start_time); + krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd, + c->u.tcp.start_time); #endif - if (oldest_tcp == NULL - || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time) - oldest_tcp = c; + if (oldest_tcp == NULL + || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time) + oldest_tcp = c; } if (oldest_tcp != NULL) { - krb5_klog_syslog(LOG_INFO, "dropping %s fd %d from %s", - c->type == CONN_RPC ? "rpc" : "tcp", - oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf); - fd = oldest_tcp->fd; - kill_tcp_or_rpc_connection(handle, oldest_tcp, 1); + krb5_klog_syslog(LOG_INFO, "dropping %s fd %d from %s", + c->type == CONN_RPC ? "rpc" : "tcp", + oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf); + fd = oldest_tcp->fd; + kill_tcp_or_rpc_connection(handle, oldest_tcp, 1); } return fd; } static void accept_tcp_connection(void *handle, - struct connection *conn, const char *prog, - int selflags) + struct connection *conn, const char *prog, + int selflags) { int s; struct sockaddr_storage addr_s; @@ -1495,12 +1496,12 @@ static void accept_tcp_connection(void *handle, s = accept(conn->fd, addr, &addrlen); if (s < 0) - return; + return; set_cloexec_fd(s); #ifndef _WIN32 if (s >= FD_SETSIZE) { - close(s); - return; + close(s); + return; } #endif setnbio(s), setnolinger(s), setkeepalive(s); @@ -1510,26 +1511,26 @@ static void accept_tcp_connection(void *handle, newconn = add_tcp_data_fd(&sockdata, s); if (newconn == NULL) - return; + return; if (getnameinfo((struct sockaddr *)&addr_s, addrlen, - newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), - tmpbuf, sizeof(tmpbuf), - NI_NUMERICHOST | NI_NUMERICSERV)) - strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); + newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), + tmpbuf, sizeof(tmpbuf), + NI_NUMERICHOST | NI_NUMERICSERV)) + strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); else { - char *p, *end; - p = newconn->u.tcp.addrbuf; - end = p + sizeof(newconn->u.tcp.addrbuf); - p += strlen(p); - if (end - p > 2 + strlen(tmpbuf)) { - *p++ = '.'; - strlcpy(p, tmpbuf, end - p); - } + char *p, *end; + p = newconn->u.tcp.addrbuf; + end = p + sizeof(newconn->u.tcp.addrbuf); + p += strlen(p); + if (end - p > 2 + strlen(tmpbuf)) { + *p++ = '.'; + strlcpy(p, tmpbuf, end - p); + } } #if 0 krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s", - s, newconn->u.tcp.addrbuf); + s, newconn->u.tcp.addrbuf); #endif newconn->u.tcp.addr_s = addr_s; @@ -1539,15 +1540,15 @@ static void accept_tcp_connection(void *handle, newconn->u.tcp.start_time = time(0); if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) - kill_lru_tcp_or_rpc_connection(handle, newconn); + kill_lru_tcp_or_rpc_connection(handle, newconn); if (newconn->u.tcp.buffer == 0) { - com_err(prog, errno, "allocating buffer for new TCP session from %s", - newconn->u.tcp.addrbuf); - delete_fd(newconn); - close(s); - tcp_or_rpc_data_counter--; - return; + com_err(prog, errno, "allocating buffer for new TCP session from %s", + newconn->u.tcp.addrbuf); + delete_fd(newconn); + close(s); + tcp_or_rpc_data_counter--; + return; } newconn->u.tcp.offset = 0; newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr; @@ -1557,7 +1558,7 @@ static void accept_tcp_connection(void *handle, FD_SET(s, &sstate.rfds); if (sstate.max <= s) - sstate.max = s + 1; + sstate.max = s + 1; } static void @@ -1569,37 +1570,37 @@ kill_tcp_or_rpc_connection(void *handle, struct connection *conn, int isForcedCl assert(conn->fd != -1); if (conn->u.tcp.response) - krb5_free_data(server_handle->context, conn->u.tcp.response); + krb5_free_data(server_handle->context, conn->u.tcp.response); if (conn->u.tcp.buffer) - free(conn->u.tcp.buffer); + free(conn->u.tcp.buffer); FD_CLR(conn->fd, &sstate.rfds); FD_CLR(conn->fd, &sstate.wfds); if (sstate.max == conn->fd + 1) - while (sstate.max > 0 - && ! FD_ISSET(sstate.max-1, &sstate.rfds) - && ! FD_ISSET(sstate.max-1, &sstate.wfds) - /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */ - ) - sstate.max--; + while (sstate.max > 0 + && ! FD_ISSET(sstate.max-1, &sstate.rfds) + && ! FD_ISSET(sstate.max-1, &sstate.wfds) + /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */ + ) + sstate.max--; /* In the non-forced case, the RPC runtime will close the descriptor for us */ if (conn->type == CONN_TCP || isForcedClose) { - close(conn->fd); + close(conn->fd); } /* For RPC connections, call into RPC runtime to flush out any internal state */ if (conn->type == CONN_RPC && isForcedClose) { - fd_set fds; + fd_set fds; - FD_ZERO(&fds); - FD_SET(conn->fd, &fds); + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); - svc_getreqset(&fds); + svc_getreqset(&fds); - if (FD_ISSET(conn->fd, &svc_fdset)) { - krb5_klog_syslog(LOG_ERR, - "descriptor %d closed but still in svc_fdset", conn->fd); - } + if (FD_ISSET(conn->fd, &svc_fdset)) { + krb5_klog_syslog(LOG_ERR, + "descriptor %d closed but still in svc_fdset", conn->fd); + } } conn->fd = -1; @@ -1617,14 +1618,14 @@ make_toolong_error (void *handle, krb5_data **out) retval = krb5_us_timeofday(server_handle->context, &errpkt.stime, &errpkt.susec); if (retval) - return retval; + return retval; errpkt.error = KRB_ERR_FIELD_TOOLONG; retval = krb5_build_principal(server_handle->context, &errpkt.server, - strlen(server_handle->params.realm), - server_handle->params.realm, - "kadmin", "changepw", NULL); + strlen(server_handle->params.realm), + server_handle->params.realm, + "kadmin", "changepw", NULL); if (retval) - return retval; + return retval; errpkt.client = NULL; errpkt.cusec = 0; errpkt.ctime = 0; @@ -1634,11 +1635,11 @@ make_toolong_error (void *handle, krb5_data **out) errpkt.e_data.data = 0; scratch = malloc(sizeof(*scratch)); if (scratch == NULL) - return ENOMEM; + return ENOMEM; retval = krb5_mk_error(server_handle->context, &errpkt, scratch); if (retval) { - free(scratch); - return retval; + free(scratch); + return retval; } *out = scratch; @@ -1650,7 +1651,7 @@ queue_tcp_outgoing_response(struct connection *conn) { store_32_be(conn->u.tcp.response->length, conn->u.tcp.lenbuf); SG_SET(&conn->u.tcp.sgbuf[1], conn->u.tcp.response->data, - conn->u.tcp.response->length); + conn->u.tcp.response->length); conn->u.tcp.sgp = conn->u.tcp.sgbuf; conn->u.tcp.sgnum = 2; FD_SET(conn->fd, &sstate.wfds); @@ -1658,128 +1659,128 @@ queue_tcp_outgoing_response(struct connection *conn) static void process_tcp_connection(void *handle, - struct connection *conn, const char *prog, int selflags) + struct connection *conn, const char *prog, int selflags) { int isForcedClose = 1; /* not used now, but for completeness */ if (selflags & SSF_WRITE) { - ssize_t nwrote; - SOCKET_WRITEV_TEMP tmp; - - nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum, - tmp); - if (nwrote < 0) { - goto kill_tcp_connection; - } - if (nwrote == 0) { - /* eof */ - isForcedClose = 0; - goto kill_tcp_connection; - } - while (nwrote) { - sg_buf *sgp = conn->u.tcp.sgp; - if (nwrote < SG_LEN(sgp)) { - SG_ADVANCE(sgp, nwrote); - nwrote = 0; - } else { - nwrote -= SG_LEN(sgp); - conn->u.tcp.sgp++; - conn->u.tcp.sgnum--; - if (conn->u.tcp.sgnum == 0 && nwrote != 0) - abort(); - } - } - if (conn->u.tcp.sgnum == 0) { - /* finished sending */ - /* We should go back to reading, though if we sent a - FIELD_TOOLONG error in reply to a length with the high - bit set, RFC 4120 says we have to close the TCP - stream. */ - isForcedClose = 0; - goto kill_tcp_connection; - } + ssize_t nwrote; + SOCKET_WRITEV_TEMP tmp; + + nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum, + tmp); + if (nwrote < 0) { + goto kill_tcp_connection; + } + if (nwrote == 0) { + /* eof */ + isForcedClose = 0; + goto kill_tcp_connection; + } + while (nwrote) { + sg_buf *sgp = conn->u.tcp.sgp; + if (nwrote < SG_LEN(sgp)) { + SG_ADVANCE(sgp, nwrote); + nwrote = 0; + } else { + nwrote -= SG_LEN(sgp); + conn->u.tcp.sgp++; + conn->u.tcp.sgnum--; + if (conn->u.tcp.sgnum == 0 && nwrote != 0) + abort(); + } + } + if (conn->u.tcp.sgnum == 0) { + /* finished sending */ + /* We should go back to reading, though if we sent a + FIELD_TOOLONG error in reply to a length with the high + bit set, RFC 4120 says we have to close the TCP + stream. */ + isForcedClose = 0; + goto kill_tcp_connection; + } } else if (selflags & SSF_READ) { - /* Read message length and data into one big buffer, already - allocated at connect time. If we have a complete message, - we stop reading, so we should only be here if there is no - data in the buffer, or only an incomplete message. */ - size_t len; - ssize_t nread; - if (conn->u.tcp.offset < 4) { - /* msglen has not been computed */ - /* XXX Doing at least two reads here, letting the kernel - worry about buffering. It'll be faster when we add - code to manage the buffer here. */ - len = 4 - conn->u.tcp.offset; - nread = SOCKET_READ(conn->fd, - conn->u.tcp.buffer + conn->u.tcp.offset, len); - if (nread < 0) - /* error */ - goto kill_tcp_connection; - if (nread == 0) - /* eof */ - goto kill_tcp_connection; - conn->u.tcp.offset += nread; - if (conn->u.tcp.offset == 4) { - unsigned char *p = (unsigned char *)conn->u.tcp.buffer; - conn->u.tcp.msglen = load_32_be(p); - if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) { - krb5_error_code err; - /* message too big */ - krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu", - conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen, - (unsigned long) conn->u.tcp.bufsiz - 4); - /* XXX Should return an error. */ - err = make_toolong_error (handle, &conn->u.tcp.response); - if (err) { - krb5_klog_syslog(LOG_ERR, - "error constructing KRB_ERR_FIELD_TOOLONG error! %s", - error_message(err)); - goto kill_tcp_connection; - } - goto have_response; - } - } - } else { - /* msglen known */ - krb5_data request; - krb5_error_code err; - struct sockaddr_storage local_saddr; - socklen_t local_saddrlen = sizeof(local_saddr); - struct sockaddr *local_saddrp = NULL; - - len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4); - nread = SOCKET_READ(conn->fd, - conn->u.tcp.buffer + conn->u.tcp.offset, len); - if (nread < 0) - /* error */ - goto kill_tcp_connection; - if (nread == 0) - /* eof */ - goto kill_tcp_connection; - conn->u.tcp.offset += nread; - if (conn->u.tcp.offset < conn->u.tcp.msglen + 4) - return; - /* have a complete message, and exactly one message */ - request.length = conn->u.tcp.msglen; - request.data = conn->u.tcp.buffer + 4; - - if (getsockname(conn->fd, ss2sa(&local_saddr), &local_saddrlen) == 0) { - local_saddrp = ss2sa(&local_saddr); - } - - err = dispatch(handle, local_saddrp, &conn->u.tcp.faddr, - &request, &conn->u.tcp.response); - if (err) { - com_err(prog, err, "while dispatching (tcp)"); - goto kill_tcp_connection; - } - have_response: - queue_tcp_outgoing_response(conn); - FD_CLR(conn->fd, &sstate.rfds); - } + /* Read message length and data into one big buffer, already + allocated at connect time. If we have a complete message, + we stop reading, so we should only be here if there is no + data in the buffer, or only an incomplete message. */ + size_t len; + ssize_t nread; + if (conn->u.tcp.offset < 4) { + /* msglen has not been computed */ + /* XXX Doing at least two reads here, letting the kernel + worry about buffering. It'll be faster when we add + code to manage the buffer here. */ + len = 4 - conn->u.tcp.offset; + nread = SOCKET_READ(conn->fd, + conn->u.tcp.buffer + conn->u.tcp.offset, len); + if (nread < 0) + /* error */ + goto kill_tcp_connection; + if (nread == 0) + /* eof */ + goto kill_tcp_connection; + conn->u.tcp.offset += nread; + if (conn->u.tcp.offset == 4) { + unsigned char *p = (unsigned char *)conn->u.tcp.buffer; + conn->u.tcp.msglen = load_32_be(p); + if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) { + krb5_error_code err; + /* message too big */ + krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu", + conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen, + (unsigned long) conn->u.tcp.bufsiz - 4); + /* XXX Should return an error. */ + err = make_toolong_error (handle, &conn->u.tcp.response); + if (err) { + krb5_klog_syslog(LOG_ERR, + "error constructing KRB_ERR_FIELD_TOOLONG error! %s", + error_message(err)); + goto kill_tcp_connection; + } + goto have_response; + } + } + } else { + /* msglen known */ + krb5_data request; + krb5_error_code err; + struct sockaddr_storage local_saddr; + socklen_t local_saddrlen = sizeof(local_saddr); + struct sockaddr *local_saddrp = NULL; + + len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4); + nread = SOCKET_READ(conn->fd, + conn->u.tcp.buffer + conn->u.tcp.offset, len); + if (nread < 0) + /* error */ + goto kill_tcp_connection; + if (nread == 0) + /* eof */ + goto kill_tcp_connection; + conn->u.tcp.offset += nread; + if (conn->u.tcp.offset < conn->u.tcp.msglen + 4) + return; + /* have a complete message, and exactly one message */ + request.length = conn->u.tcp.msglen; + request.data = conn->u.tcp.buffer + 4; + + if (getsockname(conn->fd, ss2sa(&local_saddr), &local_saddrlen) == 0) { + local_saddrp = ss2sa(&local_saddr); + } + + err = dispatch(handle, local_saddrp, &conn->u.tcp.faddr, + &request, &conn->u.tcp.response); + if (err) { + com_err(prog, err, "while dispatching (tcp)"); + goto kill_tcp_connection; + } + have_response: + queue_tcp_outgoing_response(conn); + FD_CLR(conn->fd, &sstate.rfds); + } } else - abort(); + abort(); return; @@ -1788,8 +1789,8 @@ kill_tcp_connection: } static void service_conn(void *handle, - struct connection *conn, const char *prog, - int selflags) + struct connection *conn, const char *prog, + int selflags) { conn->service(handle, conn, prog, selflags); } @@ -1810,82 +1811,82 @@ static int getcurtime(struct timeval *tvp) krb5_error_code listen_and_process(void *handle, const char *prog) { - int nfound; + int nfound; /* This struct contains 3 fd_set objects; on some platforms, they can be rather large. Making this static avoids putting all that junk on the stack. */ static struct select_state sout; - int i, sret, netchanged = 0; - krb5_error_code err; + int i, sret, netchanged = 0; + krb5_error_code err; kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; if (conns == (struct connection **) NULL) - return KDC5_NONET; - + return KDC5_NONET; + while (!signal_request_exit) { - if (signal_request_hup) { - krb5_klog_reopen(server_handle->context); - reset_db(); - signal_request_hup = 0; - } + if (signal_request_hup) { + krb5_klog_reopen(server_handle->context); + reset_db(); + signal_request_hup = 0; + } #ifdef PURIFY - if (signal_pure_report) { - purify_new_reports(); - signal_pure_report = 0; - } - if (signal_pure_clear) { - purify_clear_new_reports(); - signal_pure_clear = 0; - } + if (signal_pure_report) { + purify_new_reports(); + signal_pure_report = 0; + } + if (signal_pure_clear) { + purify_clear_new_reports(); + signal_pure_clear = 0; + } #endif /* PURIFY */ - if (network_reconfiguration_needed) { - krb5_klog_syslog(LOG_INFO, "network reconfiguration needed"); - /* It might be tidier to add a timer-callback interface to - the control loop here, but for this one use, it's not a - big deal. */ - err = getcurtime(&sstate.end_time); - if (err) { - com_err(prog, err, "while getting the time"); - continue; - } - sstate.end_time.tv_sec += 3; - netchanged = 1; - } else - sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0; - - err = krb5int_cm_call_select(&sstate, &sout, &sret); - if (err) { - if (err != EINTR) - com_err(prog, err, "while selecting for network input(1)"); - continue; - } - if (sret == 0 && netchanged) { - network_reconfiguration_needed = 0; - closedown_network(handle, prog); - err = setup_network(handle, prog); - if (err) { - com_err(prog, err, "while reinitializing network"); - return err; - } - netchanged = 0; - } - if (sret == -1) { - if (errno != EINTR) - com_err(prog, errno, "while selecting for network input(2)"); - continue; - } - nfound = sret; - for (i=0; i<n_sockets && nfound > 0; i++) { - int sflags = 0; - if (conns[i]->fd < 0) - abort(); - if (FD_ISSET(conns[i]->fd, &sout.rfds)) - sflags |= SSF_READ, nfound--; - if (FD_ISSET(conns[i]->fd, &sout.wfds)) - sflags |= SSF_WRITE, nfound--; - if (sflags) - service_conn(handle, conns[i], prog, sflags); - } + if (network_reconfiguration_needed) { + krb5_klog_syslog(LOG_INFO, "network reconfiguration needed"); + /* It might be tidier to add a timer-callback interface to + the control loop here, but for this one use, it's not a + big deal. */ + err = getcurtime(&sstate.end_time); + if (err) { + com_err(prog, err, "while getting the time"); + continue; + } + sstate.end_time.tv_sec += 3; + netchanged = 1; + } else + sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0; + + err = krb5int_cm_call_select(&sstate, &sout, &sret); + if (err) { + if (err != EINTR) + com_err(prog, err, "while selecting for network input(1)"); + continue; + } + if (sret == 0 && netchanged) { + network_reconfiguration_needed = 0; + closedown_network(handle, prog); + err = setup_network(handle, prog); + if (err) { + com_err(prog, err, "while reinitializing network"); + return err; + } + netchanged = 0; + } + if (sret == -1) { + if (errno != EINTR) + com_err(prog, errno, "while selecting for network input(2)"); + continue; + } + nfound = sret; + for (i=0; i<n_sockets && nfound > 0; i++) { + int sflags = 0; + if (conns[i]->fd < 0) + abort(); + if (FD_ISSET(conns[i]->fd, &sout.rfds)) + sflags |= SSF_READ, nfound--; + if (FD_ISSET(conns[i]->fd, &sout.wfds)) + sflags |= SSF_WRITE, nfound--; + if (sflags) + service_conn(handle, conns[i], prog, sflags); + } } krb5_klog_syslog(LOG_INFO, "shutdown signal received"); return 0; @@ -1898,31 +1899,31 @@ closedown_network(void *handle, const char *prog) struct connection *conn; if (conns == (struct connection **) NULL) - return KDC5_NONET; + return KDC5_NONET; FOREACH_ELT (connections, i, conn) { - if (conn->fd >= 0) { - krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd); - (void) close(conn->fd); - if (conn->type == CONN_RPC) { - fd_set fds; - - FD_ZERO(&fds); - FD_SET(conn->fd, &fds); - - svc_getreqset(&fds); - } - } - if (conn->type == CONN_RPC_LISTENER) { - if (conn->u.rpc.transp != NULL) - svc_destroy(conn->u.rpc.transp); - } - DEL (connections, i); - /* There may also be per-connection data in the tcp structure - (tcp.buffer, tcp.response) that we're not freeing here. - That should only happen if we quit with a connection in - progress. */ - free(conn); + if (conn->fd >= 0) { + krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd); + (void) close(conn->fd); + if (conn->type == CONN_RPC) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); + + svc_getreqset(&fds); + } + } + if (conn->type == CONN_RPC_LISTENER) { + if (conn->u.rpc.transp != NULL) + svc_destroy(conn->u.rpc.transp); + } + DEL (connections, i); + /* There may also be per-connection data in the tcp structure + (tcp.buffer, tcp.response) that we're not freeing here. + That should only happen if we quit with a connection in + progress. */ + free(conn); } FREE_SET_DATA(connections); FREE_SET_DATA(udp_port_data); @@ -1933,7 +1934,7 @@ closedown_network(void *handle, const char *prog) } static void accept_rpc_connection(void *handle, struct connection *conn, - const char *prog, int selflags) + const char *prog, int selflags) { struct socksetup sockdata; fd_set fds; @@ -1942,7 +1943,7 @@ static void accept_rpc_connection(void *handle, struct connection *conn, assert(selflags & SSF_READ); if ((selflags & SSF_READ) == 0) - return; + return; sockdata.prog = prog; sockdata.retval = 0; @@ -1959,73 +1960,73 @@ static void accept_rpc_connection(void *handle, struct connection *conn, * Scan svc_fdset for any new connections. */ for (s = 0; s < FD_SETSIZE; s++) { - /* sstate.rfds |= svc_fdset & ~(rpc_listenfds | sstate.rfds) */ - if (FD_ISSET(s, &svc_fdset) - && !FD_ISSET(s, &rpc_listenfds) - && !FD_ISSET(s, &sstate.rfds)) - { - struct connection *newconn; - struct sockaddr_storage addr_s; - struct sockaddr *addr = (struct sockaddr *)&addr_s; - socklen_t addrlen = sizeof(addr_s); - char tmpbuf[10]; - - newconn = add_rpc_data_fd(&sockdata, s); - if (newconn == NULL) - continue; - - set_cloexec_fd(s); + /* sstate.rfds |= svc_fdset & ~(rpc_listenfds | sstate.rfds) */ + if (FD_ISSET(s, &svc_fdset) + && !FD_ISSET(s, &rpc_listenfds) + && !FD_ISSET(s, &sstate.rfds)) + { + struct connection *newconn; + struct sockaddr_storage addr_s; + struct sockaddr *addr = (struct sockaddr *)&addr_s; + socklen_t addrlen = sizeof(addr_s); + char tmpbuf[10]; + + newconn = add_rpc_data_fd(&sockdata, s); + if (newconn == NULL) + continue; + + set_cloexec_fd(s); #if 0 - setnbio(s), setnolinger(s), setkeepalive(s); + setnbio(s), setnolinger(s), setkeepalive(s); #endif - if (getpeername(s, addr, &addrlen) || - getnameinfo(addr, addrlen, - newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), - tmpbuf, sizeof(tmpbuf), - NI_NUMERICHOST | NI_NUMERICSERV)) - strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); - else { - char *p, *end; - p = newconn->u.tcp.addrbuf; - end = p + sizeof(newconn->u.tcp.addrbuf); - p += strlen(p); - if (end - p > 2 + strlen(tmpbuf)) { - *p++ = '.'; - strlcpy(p, tmpbuf, end - p); - } - } + if (getpeername(s, addr, &addrlen) || + getnameinfo(addr, addrlen, + newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), + tmpbuf, sizeof(tmpbuf), + NI_NUMERICHOST | NI_NUMERICSERV)) + strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); + else { + char *p, *end; + p = newconn->u.tcp.addrbuf; + end = p + sizeof(newconn->u.tcp.addrbuf); + p += strlen(p); + if (end - p > 2 + strlen(tmpbuf)) { + *p++ = '.'; + strlcpy(p, tmpbuf, end - p); + } + } #if 0 - krb5_klog_syslog(LOG_INFO, "accepted RPC connection on socket %d from %s", - s, newconn->u.tcp.addrbuf); + krb5_klog_syslog(LOG_INFO, "accepted RPC connection on socket %d from %s", + s, newconn->u.tcp.addrbuf); #endif - newconn->u.tcp.addr_s = addr_s; - newconn->u.tcp.addrlen = addrlen; - newconn->u.tcp.start_time = time(0); + newconn->u.tcp.addr_s = addr_s; + newconn->u.tcp.addrlen = addrlen; + newconn->u.tcp.start_time = time(0); - if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) - kill_lru_tcp_or_rpc_connection(handle, newconn); + if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) + kill_lru_tcp_or_rpc_connection(handle, newconn); - newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr; - init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s)); + newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr; + init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s)); - FD_SET(s, &sstate.rfds); - if (sstate.max <= s) - sstate.max = s + 1; - } + FD_SET(s, &sstate.rfds); + if (sstate.max <= s) + sstate.max = s + 1; + } } } static void process_rpc_connection(void *handle, struct connection *conn, - const char *prog, int selflags) + const char *prog, int selflags) { fd_set fds; assert(selflags & SSF_READ); if ((selflags & SSF_READ) == 0) - return; + return; FD_ZERO(&fds); FD_SET(conn->fd, &fds); @@ -2033,7 +2034,7 @@ static void process_rpc_connection(void *handle, struct connection *conn, svc_getreqset(&fds); if (!FD_ISSET(conn->fd, &svc_fdset)) - kill_tcp_or_rpc_connection(handle, conn, 0); + kill_tcp_or_rpc_connection(handle, conn, 0); } #endif /* INET */ diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index c01cbef..1615877 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -5,14 +6,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -23,7 +24,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -50,7 +51,7 @@ #include <kadm5/kadm_rpc.h> #include <kadm5/server_acl.h> #include <adm_proto.h> -#include "kdb_kt.h" /* for krb5_ktkdb_set_context */ +#include "kdb_kt.h" /* for krb5_ktkdb_set_context */ #include <string.h> #include "kadm5/server_internal.h" /* XXX for kadm5_server_handle_t */ #include <kdb_log.h> @@ -60,30 +61,30 @@ #ifdef PURIFY #include "purify.h" -int signal_pure_report = 0; -int signal_pure_clear = 0; -void request_pure_report(int); -void request_pure_clear(int); +int signal_pure_report = 0; +int signal_pure_clear = 0; +void request_pure_report(int); +void request_pure_clear(int); #endif /* PURIFY */ #if defined(NEED_DAEMON_PROTO) extern int daemon(int, int); #endif -volatile int signal_request_exit = 0; -volatile int signal_request_hup = 0; +volatile int signal_request_exit = 0; +volatile int signal_request_hup = 0; void setup_signal_handlers(iprop_role iproprole); -void request_exit(int); -void request_hup(int); -void reset_db(void); -void sig_pipe(int); +void request_exit(int); +void request_hup(int); +void reset_db(void); +void sig_pipe(int); #ifdef POSIX_SIGNALS static struct sigaction s_action; #endif /* POSIX_SIGNALS */ -#define TIMEOUT 15 +#define TIMEOUT 15 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; gss_name_t gss_kadmin_name = NULL; @@ -94,16 +95,16 @@ extern krb5_keylist_node *master_keylist; char *build_princ_name(char *name, char *realm); void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); + struct sockaddr_in *addr, char *data); void log_badverf(gss_name_t client_name, gss_name_t server_name, - struct svc_req *rqst, struct rpc_msg *msg, - char *data); + struct svc_req *rqst, struct rpc_msg *msg, + char *data); void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char - *error, char *data); + *error, char *data); void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor); void log_badauth_display_status_1(char *m, OM_uint32 code, int type, - int rec); - + int rec); + int schpw; void do_schpw(int s, kadm5_config_params *params); @@ -117,7 +118,7 @@ void kadm5_set_use_password_server (void); /* * Function: usage - * + * * Purpose: print out the server usage message * * Arguments: @@ -128,15 +129,15 @@ void kadm5_set_use_password_server (void); static void usage() { - fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] " + fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] " #ifdef USE_PASSWORD_SERVER - "[-passwordserver] " + "[-passwordserver] " #endif - "[-port port-number]\n" - "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" - "\t\t\tLook at each database documentation for supported arguments\n" - ); - exit(1); + "[-port port-number]\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n" + ); + exit(1); } /* @@ -146,9 +147,9 @@ static void usage() * * Arguments: * - * msg a string to be displayed with the message - * maj_stat the GSS-API major status code - * min_stat the GSS-API minor status code + * msg a string to be displayed with the message + * maj_stat the GSS-API major status code + * min_stat the GSS-API minor status code * * Effects: * @@ -159,35 +160,35 @@ static void usage() static void display_status_1(char *, OM_uint32, int); static void display_status(msg, maj_stat, min_stat) - char *msg; - OM_uint32 maj_stat; - OM_uint32 min_stat; + char *msg; + OM_uint32 maj_stat; + OM_uint32 min_stat; { - display_status_1(msg, maj_stat, GSS_C_GSS_CODE); - display_status_1(msg, min_stat, GSS_C_MECH_CODE); + display_status_1(msg, maj_stat, GSS_C_GSS_CODE); + display_status_1(msg, min_stat, GSS_C_MECH_CODE); } static void display_status_1(m, code, type) - char *m; - OM_uint32 code; - int type; + char *m; + OM_uint32 code; + int type; { - OM_uint32 maj_stat, min_stat; - gss_buffer_desc msg; - OM_uint32 msg_ctx; - - msg_ctx = 0; - while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); - fprintf(stderr, "GSS-API error %s: %s\n", m, - (char *)msg.value); - (void) gss_release_buffer(&min_stat, &msg); - - if (!msg_ctx) - break; - } + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + fprintf(stderr, "GSS-API error %s: %s\n", m, + (char *)msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } } @@ -200,410 +201,410 @@ int nofork = 0; int main(int argc, char *argv[]) { - extern char *optarg; - extern int optind, opterr; - int ret; - OM_uint32 OMret, major_status, minor_status; - char *whoami; - gss_buffer_desc in_buf; - auth_gssapi_name names[4]; - gss_buffer_desc gssbuf; - gss_OID nt_krb5_name_oid; - kadm5_config_params params; - char **db_args = NULL; - int db_args_size = 0; - char *errmsg; - int i; - int strong_random = 1; - - kdb_log_context *log_ctx; - - setvbuf(stderr, NULL, _IONBF, 0); - - /* This is OID value the Krb5_Name NameType */ - gssbuf.value = "{1 2 840 113554 1 2 2 1}"; - gssbuf.length = strlen(gssbuf.value); - major_status = gss_str_to_oid(&minor_status, &gssbuf, &nt_krb5_name_oid); - if (major_status != GSS_S_COMPLETE) { - fprintf(stderr, "Couldn't create KRB5 Name NameType OID\n"); - display_status("str_to_oid", major_status, minor_status); - exit(1); - } - - names[0].name = names[1].name = names[2].name = names[3].name = NULL; - names[0].type = names[1].type = names[2].type = names[3].type = - nt_krb5_name_oid; + extern char *optarg; + extern int optind, opterr; + int ret; + OM_uint32 OMret, major_status, minor_status; + char *whoami; + gss_buffer_desc in_buf; + auth_gssapi_name names[4]; + gss_buffer_desc gssbuf; + gss_OID nt_krb5_name_oid; + kadm5_config_params params; + char **db_args = NULL; + int db_args_size = 0; + char *errmsg; + int i; + int strong_random = 1; + + kdb_log_context *log_ctx; + + setvbuf(stderr, NULL, _IONBF, 0); + + /* This is OID value the Krb5_Name NameType */ + gssbuf.value = "{1 2 840 113554 1 2 2 1}"; + gssbuf.length = strlen(gssbuf.value); + major_status = gss_str_to_oid(&minor_status, &gssbuf, &nt_krb5_name_oid); + if (major_status != GSS_S_COMPLETE) { + fprintf(stderr, "Couldn't create KRB5 Name NameType OID\n"); + display_status("str_to_oid", major_status, minor_status); + exit(1); + } + + names[0].name = names[1].name = names[2].name = names[3].name = NULL; + names[0].type = names[1].type = names[2].type = names[3].type = + nt_krb5_name_oid; #ifdef PURIFY - purify_start_batch(); + purify_start_batch(); #endif /* PURIFY */ - whoami = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]); - - nofork = 0; - - memset(¶ms, 0, sizeof(params)); - - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-x") == 0) { - argc--; argv++; - if (!argc) - usage(); - db_args_size++; - { - char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ - if( temp == NULL ) - { - fprintf(stderr,"%s: cannot initialize. Not enough memory\n", - whoami); - exit(1); - } - db_args = temp; - } - db_args[db_args_size-1] = *argv; - db_args[db_args_size] = NULL; - }else if (strcmp(*argv, "-r") == 0) { - argc--; argv++; - if (!argc) - usage(); - params.realm = *argv; - params.mask |= KADM5_CONFIG_REALM; - argc--; argv++; - continue; - } else if (strcmp(*argv, "-m") == 0) { - params.mkey_from_kbd = 1; - params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - } else if (strcmp(*argv, "-nofork") == 0) { - nofork = 1; + whoami = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]); + + nofork = 0; + + memset(¶ms, 0, sizeof(params)); + + argc--; argv++; + while (argc) { + if (strcmp(*argv, "-x") == 0) { + argc--; argv++; + if (!argc) + usage(); + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: cannot initialize. Not enough memory\n", + whoami); + exit(1); + } + db_args = temp; + } + db_args[db_args_size-1] = *argv; + db_args[db_args_size] = NULL; + }else if (strcmp(*argv, "-r") == 0) { + argc--; argv++; + if (!argc) + usage(); + params.realm = *argv; + params.mask |= KADM5_CONFIG_REALM; + argc--; argv++; + continue; + } else if (strcmp(*argv, "-m") == 0) { + params.mkey_from_kbd = 1; + params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; + } else if (strcmp(*argv, "-nofork") == 0) { + nofork = 1; #ifdef USE_PASSWORD_SERVER - } else if (strcmp(*argv, "-passwordserver") == 0) { - kadm5_set_use_password_server (); -#endif - } else if(strcmp(*argv, "-port") == 0) { - argc--; argv++; - if(!argc) - usage(); - params.kadmind_port = atoi(*argv); - params.mask |= KADM5_CONFIG_KADMIND_PORT; - } else if (strcmp(*argv, "-W") == 0) { - strong_random = 0; - } else - break; - argc--; argv++; - } - - if (argc != 0) - usage(); - - if ((ret = kadm5_init_krb5_context(&context))) { - fprintf(stderr, "%s: %s while initializing context, aborting\n", - whoami, error_message(ret)); - exit(1); - } - - krb5_klog_init(context, "admin_server", whoami, 1); - - if((ret = kadm5_init(context, "kadmind", NULL, - NULL, ¶ms, - KADM5_STRUCT_VERSION, - KADM5_API_VERSION_3, - db_args, - &global_server_handle)) != KADM5_OK) { - const char *e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", - e_txt); - fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, e_txt); - krb5_klog_close(context); - exit(1); - } - - if ((ret = kadm5_get_config_params(context, 1, ¶ms, - ¶ms))) { - const char *e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", - whoami, e_txt); - fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } + } else if (strcmp(*argv, "-passwordserver") == 0) { + kadm5_set_use_password_server (); +#endif + } else if(strcmp(*argv, "-port") == 0) { + argc--; argv++; + if(!argc) + usage(); + params.kadmind_port = atoi(*argv); + params.mask |= KADM5_CONFIG_KADMIND_PORT; + } else if (strcmp(*argv, "-W") == 0) { + strong_random = 0; + } else + break; + argc--; argv++; + } + + if (argc != 0) + usage(); + + if ((ret = kadm5_init_krb5_context(&context))) { + fprintf(stderr, "%s: %s while initializing context, aborting\n", + whoami, error_message(ret)); + exit(1); + } + + krb5_klog_init(context, "admin_server", whoami, 1); + + if((ret = kadm5_init(context, "kadmind", NULL, + NULL, ¶ms, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, + db_args, + &global_server_handle)) != KADM5_OK) { + const char *e_txt = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", + e_txt); + fprintf(stderr, "%s: %s while initializing, aborting\n", + whoami, e_txt); + krb5_klog_close(context); + exit(1); + } + + if ((ret = kadm5_get_config_params(context, 1, ¶ms, + ¶ms))) { + const char *e_txt = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", + whoami, e_txt); + fprintf(stderr, "%s: %s while initializing, aborting\n", + whoami, e_txt); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_ACL_FILE) - if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { - krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values " - "(%lx) while initializing, aborting", whoami, - (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); - fprintf(stderr, "%s: Missing required configuration values " - "(%lx) while initializing, aborting\n", whoami, - (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); - krb5_klog_close(context); - kadm5_destroy(global_server_handle); - exit(1); - } - - if ((ret = setup_network(global_server_handle, whoami))) { - const char *e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network, aborting", - whoami, e_txt); - fprintf(stderr, "%s: %s while initializing network, aborting\n", - whoami, e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm); - names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); - if (names[0].name == NULL || names[1].name == NULL) { - krb5_klog_syslog(LOG_ERR, - "Cannot build GSS-API authentication names, " - "failing."); - fprintf(stderr, "%s: Cannot build GSS-API authentication names.\n", - whoami); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - /* - * Go through some contortions to point gssapi at a kdb keytab. - * This prevents kadmind from needing to use an actual file-based - * keytab. - */ - /* XXX extract kadm5's krb5_context */ - hctx = ((kadm5_server_handle_t)global_server_handle)->context; - /* Set ktkdb's internal krb5_context. */ - ret = krb5_ktkdb_set_context(hctx); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context."); - goto kterr; - } - /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */ - ret = krb5_db_set_mkey(hctx, &master_keyblock); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab."); - goto kterr; - } - ret = krb5_db_set_mkey_list(hctx, master_keylist); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab."); - goto kterr; - } - ret = krb5_kt_register(context, &krb5_kt_kdb_ops); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't register kdb keytab."); - goto kterr; - } - /* Tell gssapi about the kdb keytab. */ - ret = krb5_gss_register_acceptor_identity("KDB:"); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't register acceptor keytab."); - goto kterr; - } + if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { + krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values " + "(%lx) while initializing, aborting", whoami, + (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); + fprintf(stderr, "%s: Missing required configuration values " + "(%lx) while initializing, aborting\n", whoami, + (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); + krb5_klog_close(context); + kadm5_destroy(global_server_handle); + exit(1); + } + + if ((ret = setup_network(global_server_handle, whoami))) { + const char *e_txt = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network, aborting", + whoami, e_txt); + fprintf(stderr, "%s: %s while initializing network, aborting\n", + whoami, e_txt); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm); + names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); + if (names[0].name == NULL || names[1].name == NULL) { + krb5_klog_syslog(LOG_ERR, + "Cannot build GSS-API authentication names, " + "failing."); + fprintf(stderr, "%s: Cannot build GSS-API authentication names.\n", + whoami); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + /* + * Go through some contortions to point gssapi at a kdb keytab. + * This prevents kadmind from needing to use an actual file-based + * keytab. + */ + /* XXX extract kadm5's krb5_context */ + hctx = ((kadm5_server_handle_t)global_server_handle)->context; + /* Set ktkdb's internal krb5_context. */ + ret = krb5_ktkdb_set_context(hctx); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context."); + goto kterr; + } + /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */ + ret = krb5_db_set_mkey(hctx, &master_keyblock); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab."); + goto kterr; + } + ret = krb5_db_set_mkey_list(hctx, master_keylist); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab."); + goto kterr; + } + ret = krb5_kt_register(context, &krb5_kt_kdb_ops); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Can't register kdb keytab."); + goto kterr; + } + /* Tell gssapi about the kdb keytab. */ + ret = krb5_gss_register_acceptor_identity("KDB:"); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Can't register acceptor keytab."); + goto kterr; + } kterr: - if (ret) { - krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret)); - fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - if (svcauth_gssapi_set_names(names, 2) == FALSE) { - krb5_klog_syslog(LOG_ERR, - "Cannot set GSS-API authentication names (keytab not present?), " - "failing."); - fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n", - whoami); - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - /* if set_names succeeded, this will too */ - in_buf.value = names[1].name; - in_buf.length = strlen(names[1].name) + 1; - (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, - &gss_changepw_name); - - svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); - svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); - svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); - - svcauth_gss_set_log_badauth_func(log_badauth, NULL); - svcauth_gss_set_log_badverf_func(log_badverf, NULL); - svcauth_gss_set_log_miscerr_func(log_miscerr, NULL); - - if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) { - fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n", - whoami); - exit(1); - } - - if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) { - errmsg = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", - errmsg); - fprintf(stderr, "%s: Cannot initialize acl file: %s\n", - whoami, errmsg); - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - if (!nofork && (ret = daemon(0, 0))) { - ret = errno; - errmsg = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg); - fprintf(stderr, "%s: Cannot detach from tty: %s\n", - whoami, errmsg); - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - - krb5_klog_syslog(LOG_INFO, "Seeding random number generator"); - ret = krb5_c_random_os_entropy(context, strong_random, NULL); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting", - krb5_get_error_message(context, ret)); - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - + if (ret) { + krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret)); + fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + if (svcauth_gssapi_set_names(names, 2) == FALSE) { + krb5_klog_syslog(LOG_ERR, + "Cannot set GSS-API authentication names (keytab not present?), " + "failing."); + fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n", + whoami); + svcauth_gssapi_unset_names(); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + /* if set_names succeeded, this will too */ + in_buf.value = names[1].name; + in_buf.length = strlen(names[1].name) + 1; + (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, + &gss_changepw_name); + + svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); + svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); + svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); + + svcauth_gss_set_log_badauth_func(log_badauth, NULL); + svcauth_gss_set_log_badverf_func(log_badverf, NULL); + svcauth_gss_set_log_miscerr_func(log_miscerr, NULL); + + if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) { + fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n", + whoami); + exit(1); + } + + if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) { + errmsg = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", + errmsg); + fprintf(stderr, "%s: Cannot initialize acl file: %s\n", + whoami, errmsg); + svcauth_gssapi_unset_names(); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + if (!nofork && (ret = daemon(0, 0))) { + ret = errno; + errmsg = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg); + fprintf(stderr, "%s: Cannot detach from tty: %s\n", + whoami, errmsg); + svcauth_gssapi_unset_names(); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + + krb5_klog_syslog(LOG_INFO, "Seeding random number generator"); + ret = krb5_c_random_os_entropy(context, strong_random, NULL); + if (ret) { + krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting", + krb5_get_error_message(context, ret)); + svcauth_gssapi_unset_names(); + kadm5_destroy(global_server_handle); + krb5_klog_close(context); + exit(1); + } + if (params.iprop_enabled == TRUE) - ulog_set_role(hctx, IPROP_MASTER); + ulog_set_role(hctx, IPROP_MASTER); else - ulog_set_role(hctx, IPROP_NULL); + ulog_set_role(hctx, IPROP_NULL); log_ctx = hctx->kdblog_context; if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { - /* - * IProp is enabled, so let's map in the update log - * and setup the service. - */ - if ((ret = ulog_map(hctx, params.iprop_logfile, - params.iprop_ulogsize, FKADMIND, db_args)) != 0) { - fprintf(stderr, - _("%s: %s while mapping update log (`%s.ulog')\n"), - whoami, error_message(ret), params.dbname); - krb5_klog_syslog(LOG_ERR, - _("%s while mapping update log (`%s.ulog')"), - error_message(ret), params.dbname); - krb5_klog_close(context); - exit(1); - } - - - if (nofork) - fprintf(stderr, - "%s: create IPROP svc (PROG=%d, VERS=%d)\n", - whoami, KRB5_IPROP_PROG, KRB5_IPROP_VERS); + /* + * IProp is enabled, so let's map in the update log + * and setup the service. + */ + if ((ret = ulog_map(hctx, params.iprop_logfile, + params.iprop_ulogsize, FKADMIND, db_args)) != 0) { + fprintf(stderr, + _("%s: %s while mapping update log (`%s.ulog')\n"), + whoami, error_message(ret), params.dbname); + krb5_klog_syslog(LOG_ERR, + _("%s while mapping update log (`%s.ulog')"), + error_message(ret), params.dbname); + krb5_klog_close(context); + exit(1); + } + + + if (nofork) + fprintf(stderr, + "%s: create IPROP svc (PROG=%d, VERS=%d)\n", + whoami, KRB5_IPROP_PROG, KRB5_IPROP_VERS); #if 0 - if (!svc_create(krb5_iprop_prog_1, - KRB5_IPROP_PROG, KRB5_IPROP_VERS, - "circuit_v")) { - fprintf(stderr, - _("%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"), - whoami, - KRB5_IPROP_PROG, KRB5_IPROP_VERS); - krb5_klog_syslog(LOG_ERR, - _("Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."), - KRB5_IPROP_PROG, KRB5_IPROP_VERS); - krb5_klog_close(context); - exit(1); - } + if (!svc_create(krb5_iprop_prog_1, + KRB5_IPROP_PROG, KRB5_IPROP_VERS, + "circuit_v")) { + fprintf(stderr, + _("%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"), + whoami, + KRB5_IPROP_PROG, KRB5_IPROP_VERS); + krb5_klog_syslog(LOG_ERR, + _("Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."), + KRB5_IPROP_PROG, KRB5_IPROP_VERS); + krb5_klog_close(context); + exit(1); + } #endif #if 0 /* authgss only? */ - if ((ret = kiprop_get_adm_host_srv_name(context, - params.realm, - &kiprop_name)) != 0) { - krb5_klog_syslog(LOG_ERR, - _("%s while getting IProp svc name, failing"), - error_message(ret)); - fprintf(stderr, - _("%s: %s while getting IProp svc name, failing\n"), - whoami, error_message(ret)); - krb5_klog_close(context); - exit(1); - } - - auth_gssapi_name iprop_name; - iprop_name.name = build_princ_name(foo, bar); - if (iprop_name.name == NULL) { - foo error; - } - iprop_name.type = nt_krb5_name_oid; - if (svcauth_gssapi_set_names(&iprop_name, 1) == FALSE) { - foo error; - } - if (!rpc_gss_set_svc_name(kiprop_name, "kerberos_v5", 0, - KRB5_IPROP_PROG, KRB5_IPROP_VERS)) { - rpc_gss_error_t err; - (void) rpc_gss_get_error(&err); - - krb5_klog_syslog(LOG_ERR, - _("Unable to set RPCSEC_GSS service name (`%s'), failing."), - kiprop_name ? kiprop_name : "<null>"); - - fprintf(stderr, - _("%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"), - whoami, - kiprop_name ? kiprop_name : "<null>"); - - if (nofork) { - fprintf(stderr, - "%s: set svc name (rpcsec err=%d, sys err=%d)\n", - whoami, - err.rpc_gss_error, - err.system_error); - } - - exit(1); - } - free(kiprop_name); + if ((ret = kiprop_get_adm_host_srv_name(context, + params.realm, + &kiprop_name)) != 0) { + krb5_klog_syslog(LOG_ERR, + _("%s while getting IProp svc name, failing"), + error_message(ret)); + fprintf(stderr, + _("%s: %s while getting IProp svc name, failing\n"), + whoami, error_message(ret)); + krb5_klog_close(context); + exit(1); + } + + auth_gssapi_name iprop_name; + iprop_name.name = build_princ_name(foo, bar); + if (iprop_name.name == NULL) { + foo error; + } + iprop_name.type = nt_krb5_name_oid; + if (svcauth_gssapi_set_names(&iprop_name, 1) == FALSE) { + foo error; + } + if (!rpc_gss_set_svc_name(kiprop_name, "kerberos_v5", 0, + KRB5_IPROP_PROG, KRB5_IPROP_VERS)) { + rpc_gss_error_t err; + (void) rpc_gss_get_error(&err); + + krb5_klog_syslog(LOG_ERR, + _("Unable to set RPCSEC_GSS service name (`%s'), failing."), + kiprop_name ? kiprop_name : "<null>"); + + fprintf(stderr, + _("%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"), + whoami, + kiprop_name ? kiprop_name : "<null>"); + + if (nofork) { + fprintf(stderr, + "%s: set svc name (rpcsec err=%d, sys err=%d)\n", + whoami, + err.rpc_gss_error, + err.system_error); + } + + exit(1); + } + free(kiprop_name); #endif } setup_signal_handlers(log_ctx->iproprole); krb5_klog_syslog(LOG_INFO, _("starting")); if (nofork) - fprintf(stderr, "%s: starting...\n", whoami); - - listen_and_process(global_server_handle, whoami); - krb5_klog_syslog(LOG_INFO, "finished, exiting"); - - /* Clean up memory, etc */ - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - closedown_network(global_server_handle, whoami); - kadm5int_acl_finish(context, 0); - if(gss_changepw_name) { - (void) gss_release_name(&OMret, &gss_changepw_name); - } - if(gss_oldchangepw_name) { - (void) gss_release_name(&OMret, &gss_oldchangepw_name); - } - for(i = 0 ; i < 4; i++) { - if (names[i].name) { - free(names[i].name); - } - } - - krb5_klog_close(context); - krb5_free_context(context); - exit(2); + fprintf(stderr, "%s: starting...\n", whoami); + + listen_and_process(global_server_handle, whoami); + krb5_klog_syslog(LOG_INFO, "finished, exiting"); + + /* Clean up memory, etc */ + svcauth_gssapi_unset_names(); + kadm5_destroy(global_server_handle); + closedown_network(global_server_handle, whoami); + kadm5int_acl_finish(context, 0); + if(gss_changepw_name) { + (void) gss_release_name(&OMret, &gss_changepw_name); + } + if(gss_oldchangepw_name) { + (void) gss_release_name(&OMret, &gss_oldchangepw_name); + } + for(i = 0 ; i < 4; i++) { + if (names[i].name) { + free(names[i].name); + } + } + + krb5_klog_close(context); + krb5_free_context(context); + exit(2); } /* @@ -615,123 +616,123 @@ kterr: void setup_signal_handlers(iprop_role iproprole) { #ifdef POSIX_SIGNALS - (void) sigemptyset(&s_action.sa_mask); - s_action.sa_handler = request_exit; - (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL); - (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL); - (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL); - s_action.sa_handler = request_hup; - (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL); - s_action.sa_handler = sig_pipe; - (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL); + (void) sigemptyset(&s_action.sa_mask); + s_action.sa_handler = request_exit; + (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL); + (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL); + (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = request_hup; + (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = sig_pipe; + (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL); #ifdef PURIFY - s_action.sa_handler = request_pure_report; - (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL); - s_action.sa_handler = request_pure_clear; - (void) sigaction(SIGUSR2, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = request_pure_report; + (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = request_pure_clear; + (void) sigaction(SIGUSR2, &s_action, (struct sigaction *) NULL); #endif /* PURIFY */ - /* - * IProp will fork for a full-resync, we don't want to - * wait on it and we don't want the living dead procs either. - */ - if (iproprole == IPROP_MASTER) { - s_action.sa_handler = SIG_IGN; - (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL); - } + /* + * IProp will fork for a full-resync, we don't want to + * wait on it and we don't want the living dead procs either. + */ + if (iproprole == IPROP_MASTER) { + s_action.sa_handler = SIG_IGN; + (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL); + } #else /* POSIX_SIGNALS */ - signal(SIGINT, request_exit); - signal(SIGTERM, request_exit); - signal(SIGQUIT, request_exit); - signal(SIGHUP, request_hup); - signal(SIGPIPE, sig_pipe); + signal(SIGINT, request_exit); + signal(SIGTERM, request_exit); + signal(SIGQUIT, request_exit); + signal(SIGHUP, request_hup); + signal(SIGPIPE, sig_pipe); #ifdef PURIFY - signal(SIGUSR1, request_pure_report); - signal(SIGUSR2, request_pure_clear); + signal(SIGUSR1, request_pure_report); + signal(SIGUSR2, request_pure_clear); #endif /* PURIFY */ - /* - * IProp will fork for a full-resync, we don't want to - * wait on it and we don't want the living dead procs either. - */ - if (iproprole == IPROP_MASTER) - (void) signal(SIGCHLD, SIG_IGN); + /* + * IProp will fork for a full-resync, we don't want to + * wait on it and we don't want the living dead procs either. + */ + if (iproprole == IPROP_MASTER) + (void) signal(SIGCHLD, SIG_IGN); #endif /* POSIX_SIGNALS */ } #ifdef PURIFY /* * Function: request_pure_report - * + * * Purpose: sets flag saying the server got a signal and that it should - * dump a purify report when convenient. + * dump a purify report when convenient. * * Arguments: * Requires: * Effects: * Modifies: - * sets signal_pure_report to one + * sets signal_pure_report to one */ void request_pure_report(int signum) { - krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report"); - signal_pure_report = 1; - return; + krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report"); + signal_pure_report = 1; + return; } /* * Function: request_pure_clear - * + * * Purpose: sets flag saying the server got a signal and that it should - * dump a purify report when convenient, then clear the - * purify tables. + * dump a purify report when convenient, then clear the + * purify tables. * * Arguments: * Requires: * Effects: * Modifies: - * sets signal_pure_report to one - * sets signal_pure_clear to one + * sets signal_pure_report to one + * sets signal_pure_clear to one */ void request_pure_clear(int signum) { - krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report and clear the old Purify info"); - signal_pure_report = 1; - signal_pure_clear = 1; - return; + krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report and clear the old Purify info"); + signal_pure_report = 1; + signal_pure_clear = 1; + return; } #endif /* PURIFY */ /* * Function: request_hup - * + * * Purpose: sets flag saying the server got a signal and that it should - * reset the database files when convenient. + * reset the database files when convenient. * * Arguments: * Requires: * Effects: * Modifies: - * sets signal_request_hup to one + * sets signal_request_hup to one */ void request_hup(int signum) { - signal_request_hup = 1; - return; + signal_request_hup = 1; + return; } /* * Function: reset_db - * + * * Purpose: flushes the currently opened database files to disk. * * Arguments: * Requires: * Effects: - * + * * Currently, just sets signal_request_reset to 0. The kdb and adb * libraries used to be sufficiently broken that it was prudent to * close and reopen the databases periodically. They are no longer @@ -740,42 +741,42 @@ void request_hup(int signum) void reset_db(void) { #ifdef notdef - kadm5_ret_t ret; - char *errmsg; - - if (ret = kadm5_flush(global_server_handle)) { - krb5_klog_syslog(LOG_ERR, "FATAL ERROR! %s while flushing databases. " - "Databases may be corrupt! Aborting.", - krb5_get_error_message (context, ret)); - krb5_klog_close(context); - exit(3); - } + kadm5_ret_t ret; + char *errmsg; + + if (ret = kadm5_flush(global_server_handle)) { + krb5_klog_syslog(LOG_ERR, "FATAL ERROR! %s while flushing databases. " + "Databases may be corrupt! Aborting.", + krb5_get_error_message (context, ret)); + krb5_klog_close(context); + exit(3); + } #endif - return; + return; } /* * Function: request_exit - * + * * Purpose: sets flags saying the server got a signal and that it - * should exit when convient. + * should exit when convient. * * Arguments: * Requires: * Effects: - * modifies signal_request_exit which ideally makes the server exit - * at some point. + * modifies signal_request_exit which ideally makes the server exit + * at some point. * * Modifies: - * signal_request_exit + * signal_request_exit */ void request_exit(int signum) { - krb5_klog_syslog(LOG_DEBUG, "Got signal to request exit"); - signal_request_exit = 1; - return; + krb5_klog_syslog(LOG_DEBUG, "Got signal to request exit"); + signal_request_exit = 1; + return; } /* @@ -789,40 +790,40 @@ void request_exit(int signum) */ void sig_pipe(int unused) { - krb5_klog_syslog(LOG_NOTICE, "Warning: Received a SIGPIPE; probably a " - "client aborted. Continuing."); - return; + krb5_klog_syslog(LOG_NOTICE, "Warning: Received a SIGPIPE; probably a " + "client aborted. Continuing."); + return; } /* * Function: build_princ_name - * + * * Purpose: takes a name and a realm and builds a string that can be - * consumed by krb5_parse_name. + * consumed by krb5_parse_name. * * Arguments: - * name (input) name to be part of principal - * realm (input) realm part of principal - * <return value> char * pointing to "name@realm" + * name (input) name to be part of principal + * realm (input) realm part of principal + * <return value> char * pointing to "name@realm" * * Requires: - * name be non-null. - * + * name be non-null. + * * Effects: * Modifies: */ char *build_princ_name(char *name, char *realm) { - char *fullname; + char *fullname; - if (realm) { - if (asprintf(&fullname, "%s@%s", name, realm) < 0) - fullname = NULL; - } else - fullname = strdup(name); + if (realm) { + if (asprintf(&fullname, "%s@%s", name, realm) < 0) + fullname = NULL; + } else + fullname = strdup(name); - return fullname; + return fullname; } /* @@ -832,11 +833,11 @@ char *build_princ_name(char *name, char *realm) * messages. * * Argiments: - * client_name (r) GSS-API client name - * server_name (r) GSS-API server name - * rqst (r) RPC service request - * msg (r) RPC message - * data (r) arbitrary data (NULL), not used + * client_name (r) GSS-API client name + * server_name (r) GSS-API server name + * rqst (r) RPC service request + * msg (r) RPC message + * data (r) arbitrary data (NULL), not used * * Effects: * @@ -844,91 +845,91 @@ char *build_princ_name(char *name, char *realm) * format. */ void log_badverf(gss_name_t client_name, gss_name_t server_name, - struct svc_req *rqst, struct rpc_msg *msg, char - *data) + struct svc_req *rqst, struct rpc_msg *msg, char + *data) { - struct procnames { - rpcproc_t proc; - const char *proc_name; - }; - static const struct procnames proc_names[] = { - {1, "CREATE_PRINCIPAL"}, - {2, "DELETE_PRINCIPAL"}, - {3, "MODIFY_PRINCIPAL"}, - {4, "RENAME_PRINCIPAL"}, - {5, "GET_PRINCIPAL"}, - {6, "CHPASS_PRINCIPAL"}, - {7, "CHRAND_PRINCIPAL"}, - {8, "CREATE_POLICY"}, - {9, "DELETE_POLICY"}, - {10, "MODIFY_POLICY"}, - {11, "GET_POLICY"}, - {12, "GET_PRIVS"}, - {13, "INIT"}, - {14, "GET_PRINCS"}, - {15, "GET_POLS"}, - {16, "SETKEY_PRINCIPAL"}, - {17, "SETV4KEY_PRINCIPAL"}, - {18, "CREATE_PRINCIPAL3"}, - {19, "CHPASS_PRINCIPAL3"}, - {20, "CHRAND_PRINCIPAL3"}, - {21, "SETKEY_PRINCIPAL3"} - }; + struct procnames { + rpcproc_t proc; + const char *proc_name; + }; + static const struct procnames proc_names[] = { + {1, "CREATE_PRINCIPAL"}, + {2, "DELETE_PRINCIPAL"}, + {3, "MODIFY_PRINCIPAL"}, + {4, "RENAME_PRINCIPAL"}, + {5, "GET_PRINCIPAL"}, + {6, "CHPASS_PRINCIPAL"}, + {7, "CHRAND_PRINCIPAL"}, + {8, "CREATE_POLICY"}, + {9, "DELETE_POLICY"}, + {10, "MODIFY_POLICY"}, + {11, "GET_POLICY"}, + {12, "GET_PRIVS"}, + {13, "INIT"}, + {14, "GET_PRINCS"}, + {15, "GET_POLS"}, + {16, "SETKEY_PRINCIPAL"}, + {17, "SETV4KEY_PRINCIPAL"}, + {18, "CREATE_PRINCIPAL3"}, + {19, "CHPASS_PRINCIPAL3"}, + {20, "CHRAND_PRINCIPAL3"}, + {21, "SETKEY_PRINCIPAL3"} + }; #define NPROCNAMES (sizeof (proc_names) / sizeof (struct procnames)) - OM_uint32 minor; - gss_buffer_desc client, server; - gss_OID gss_type; - char *a; - rpcproc_t proc; - int i; - const char *procname; - size_t clen, slen; - char *cdots, *sdots; - - client.length = 0; - client.value = NULL; - server.length = 0; - server.value = NULL; - - (void) gss_display_name(&minor, client_name, &client, &gss_type); - (void) gss_display_name(&minor, server_name, &server, &gss_type); - if (client.value == NULL) { - client.value = "(null)"; - clen = sizeof("(null)") -1; - } else { - clen = client.length; - } - trunc_name(&clen, &cdots); - if (server.value == NULL) { - server.value = "(null)"; - slen = sizeof("(null)") - 1; - } else { - slen = server.length; - } - trunc_name(&slen, &sdots); - a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); - - proc = msg->rm_call.cb_proc; - procname = NULL; - for (i = 0; i < NPROCNAMES; i++) { - if (proc_names[i].proc == proc) { - procname = proc_names[i].proc_name; - break; - } - } - if (procname != NULL) - krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " - "claimed client = %.*s%s, server = %.*s%s, addr = %s", - procname, (int) clen, (char *) client.value, cdots, - (int) slen, (char *) server.value, sdots, a); - else - krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " - "claimed client = %.*s%s, server = %.*s%s, addr = %s", - proc, (int) clen, (char *) client.value, cdots, - (int) slen, (char *) server.value, sdots, a); - - (void) gss_release_buffer(&minor, &client); - (void) gss_release_buffer(&minor, &server); + OM_uint32 minor; + gss_buffer_desc client, server; + gss_OID gss_type; + char *a; + rpcproc_t proc; + int i; + const char *procname; + size_t clen, slen; + char *cdots, *sdots; + + client.length = 0; + client.value = NULL; + server.length = 0; + server.value = NULL; + + (void) gss_display_name(&minor, client_name, &client, &gss_type); + (void) gss_display_name(&minor, server_name, &server, &gss_type); + if (client.value == NULL) { + client.value = "(null)"; + clen = sizeof("(null)") -1; + } else { + clen = client.length; + } + trunc_name(&clen, &cdots); + if (server.value == NULL) { + server.value = "(null)"; + slen = sizeof("(null)") - 1; + } else { + slen = server.length; + } + trunc_name(&slen, &sdots); + a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); + + proc = msg->rm_call.cb_proc; + procname = NULL; + for (i = 0; i < NPROCNAMES; i++) { + if (proc_names[i].proc == proc) { + procname = proc_names[i].proc_name; + break; + } + } + if (procname != NULL) + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + procname, (int) clen, (char *) client.value, cdots, + (int) slen, (char *) server.value, sdots, a); + else + krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + proc, (int) clen, (char *) client.value, cdots, + (int) slen, (char *) server.value, sdots, a); + + (void) gss_release_buffer(&minor, &client); + (void) gss_release_buffer(&minor, &server); } /* @@ -937,10 +938,10 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, * Purpose: Callback from GSS-API Sun RPC for miscellaneous errors * * Arguments: - * rqst (r) RPC service request - * msg (r) RPC message - * error (r) error message from RPC - * data (r) arbitrary data (NULL), not used + * rqst (r) RPC service request + * msg (r) RPC message + * error (r) error message from RPC + * data (r) arbitrary data (NULL), not used * * Effects: * @@ -948,12 +949,12 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name, * format. */ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, - char *error, char *data) + char *error, char *data) { - char *a; - - a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); - krb5_klog_syslog(LOG_NOTICE, "Miscellaneous RPC error: %s, %s", a, error); + char *a; + + a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); + krb5_klog_syslog(LOG_NOTICE, "Miscellaneous RPC error: %s, %s", a, error); } @@ -965,10 +966,10 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, * failures/errors. * * Arguments: - * major (r) GSS-API major status - * minor (r) GSS-API minor status - * addr (r) originating address - * data (r) arbitrary data (NULL), not used + * major (r) GSS-API major status + * minor (r) GSS-API minor status + * addr (r) originating address + * data (r) arbitrary data (NULL), not used * * Effects: * @@ -976,57 +977,56 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, * format. */ void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data) + struct sockaddr_in *addr, char *data) { - char *a; - - /* Authentication attempt failed: <IP address>, <GSS-API error */ - /* strings> */ + char *a; + + /* Authentication attempt failed: <IP address>, <GSS-API error */ + /* strings> */ - a = inet_ntoa(addr->sin_addr); + a = inet_ntoa(addr->sin_addr); - krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API " - "error strings are:", a); - log_badauth_display_status(" ", major, minor); - krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete."); + krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API " + "error strings are:", a); + log_badauth_display_status(" ", major, minor); + krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete."); } void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor) { - log_badauth_display_status_1(msg, major, GSS_C_GSS_CODE, 0); - log_badauth_display_status_1(msg, minor, GSS_C_MECH_CODE, 0); + log_badauth_display_status_1(msg, major, GSS_C_GSS_CODE, 0); + log_badauth_display_status_1(msg, minor, GSS_C_MECH_CODE, 0); } void log_badauth_display_status_1(char *m, OM_uint32 code, int type, - int rec) + int rec) { - OM_uint32 gssstat, minor_stat; - gss_buffer_desc msg; - OM_uint32 msg_ctx; - - msg_ctx = 0; - while (1) { - gssstat = gss_display_status(&minor_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); - if (gssstat != GSS_S_COMPLETE) { - if (!rec) { - log_badauth_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); - log_badauth_display_status_1(m, minor_stat, - GSS_C_MECH_CODE, 1); - } else - krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %.*s: " - "recursive failure!", (int) msg.length, - (char *) msg.value); - return; - } - - krb5_klog_syslog(LOG_NOTICE, "%s %.*s", m, (int)msg.length, - (char *)msg.value); - (void) gss_release_buffer(&minor_stat, &msg); - - if (!msg_ctx) - break; - } + OM_uint32 gssstat, minor_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + gssstat = gss_display_status(&minor_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + if (gssstat != GSS_S_COMPLETE) { + if (!rec) { + log_badauth_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); + log_badauth_display_status_1(m, minor_stat, + GSS_C_MECH_CODE, 1); + } else + krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %.*s: " + "recursive failure!", (int) msg.length, + (char *) msg.value); + return; + } + + krb5_klog_syslog(LOG_NOTICE, "%s %.*s", m, (int)msg.length, + (char *)msg.value); + (void) gss_release_buffer(&minor_stat, &msg); + + if (!msg_ctx) + break; + } } - diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index c3b7fa1..c1b2217 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -1,7 +1,8 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include <kadm5/admin.h> #include <syslog.h> -#include <adm_proto.h> /* krb5_klog_syslog */ +#include <adm_proto.h> /* krb5_klog_syslog */ #include <stdio.h> #include <errno.h> @@ -11,19 +12,19 @@ #define GETSOCKNAME_ARG3_TYPE int #endif -#define RFC3244_VERSION 0xff80 +#define RFC3244_VERSION 0xff80 krb5_error_code process_chpw_request(context, server_handle, realm, keytab, - local_faddr, remote_faddr, req, rep) - krb5_context context; - void *server_handle; - char *realm; - krb5_keytab keytab; - krb5_fulladdr *local_faddr; - krb5_fulladdr *remote_faddr; - krb5_data *req; - krb5_data *rep; + local_faddr, remote_faddr, req, rep) + krb5_context context; + void *server_handle; + char *realm; + krb5_keytab keytab; + krb5_fulladdr *local_faddr; + krb5_fulladdr *remote_faddr; + krb5_data *req; + krb5_data *rep; { krb5_error_code ret; char *ptr; @@ -58,12 +59,12 @@ process_chpw_request(context, server_handle, realm, keytab, cipher.length = 0; if (req->length < 4) { - /* either this, or the server is printing bad messages, - or the caller passed in garbage */ - ret = KRB5KRB_AP_ERR_MODIFIED; - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated", sizeof(strresult)); - goto chpwfail; + /* either this, or the server is printing bad messages, + or the caller passed in garbage */ + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated", sizeof(strresult)); + goto chpwfail; } ptr = req->data; @@ -74,7 +75,7 @@ process_chpw_request(context, server_handle, realm, keytab, plen = (plen<<8) | (*ptr++ & 0xff); if (plen != req->length) - return(KRB5KRB_AP_ERR_MODIFIED); + return(KRB5KRB_AP_ERR_MODIFIED); /* verify version number */ @@ -82,11 +83,11 @@ process_chpw_request(context, server_handle, realm, keytab, vno = (vno<<8) | (*ptr++ & 0xff); if (vno != 1 && vno != RFC3244_VERSION) { - ret = KRB5KDC_ERR_BAD_PVNO; - numresult = KRB5_KPASSWD_BAD_VERSION; - snprintf(strresult, sizeof(strresult), - "Request contained unknown protocol version number %d", vno); - goto chpwfail; + ret = KRB5KDC_ERR_BAD_PVNO; + numresult = KRB5_KPASSWD_BAD_VERSION; + snprintf(strresult, sizeof(strresult), + "Request contained unknown protocol version number %d", vno); + goto chpwfail; } /* read, check ap-req length */ @@ -95,11 +96,11 @@ process_chpw_request(context, server_handle, realm, keytab, ap_req.length = (ap_req.length<<8) | (*ptr++ & 0xff); if (ptr + ap_req.length >= req->data + req->length) { - ret = KRB5KRB_AP_ERR_MODIFIED; - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated in AP-REQ", - sizeof(strresult)); - goto chpwfail; + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated in AP-REQ", + sizeof(strresult)); + goto chpwfail; } /* verify ap_req */ @@ -109,38 +110,38 @@ process_chpw_request(context, server_handle, realm, keytab, ret = krb5_auth_con_init(context, &auth_context); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed initializing auth context", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed initializing auth context", + sizeof(strresult)); + goto chpwfail; } ret = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); + KRB5_AUTH_CONTEXT_DO_SEQUENCE); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed initializing auth context", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed initializing auth context", + sizeof(strresult)); + goto chpwfail; } - + ret = krb5_build_principal(context, &changepw, strlen(realm), realm, - "kadmin", "changepw", NULL); + "kadmin", "changepw", NULL); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed building kadmin/changepw principal", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed building kadmin/changepw principal", + sizeof(strresult)); + goto chpwfail; } ret = krb5_rd_req(context, &auth_context, &ap_req, changepw, keytab, - NULL, &ticket); + NULL, &ticket); if (ret) { - numresult = KRB5_KPASSWD_AUTHERROR; - strlcpy(strresult, "Failed reading application request", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_AUTHERROR; + strlcpy(strresult, "Failed reading application request", + sizeof(strresult)); + goto chpwfail; } /* mk_priv requires that the local address be set. @@ -158,22 +159,22 @@ process_chpw_request(context, server_handle, realm, keytab, is specified. Are we having fun yet? */ ret = krb5_auth_con_setaddrs(context, auth_context, NULL, - remote_faddr->address); + remote_faddr->address); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed storing client internet address", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed storing client internet address", + sizeof(strresult)); + goto chpwfail; } /* construct the ap-rep */ ret = krb5_mk_rep(context, auth_context, &ap_rep); if (ret) { - numresult = KRB5_KPASSWD_AUTHERROR; - strlcpy(strresult, "Failed replying to application request", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_AUTHERROR; + strlcpy(strresult, "Failed replying to application request", + sizeof(strresult)); + goto chpwfail; } /* decrypt the ChangePasswdData */ @@ -183,57 +184,57 @@ process_chpw_request(context, server_handle, realm, keytab, ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed decrypting request", sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed decrypting request", sizeof(strresult)); + goto chpwfail; } client = ticket->enc_part2->client; /* decode ChangePasswdData for setpw requests */ if (vno == RFC3244_VERSION) { - krb5_data *clear_data; - - ret = decode_krb5_setpw_req(&clear, &clear_data, &target); - if (ret != 0) { - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Failed decoding ChangePasswdData", - sizeof(strresult)); - goto chpwfail; - } - - memset(clear.data, 0, clear.length); - free(clear.data); - - clear = *clear_data; - free(clear_data); - - if (target != NULL) { - ret = krb5_unparse_name(context, target, &targetstr); - if (ret != 0) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed unparsing target name for log", - sizeof(strresult)); - goto chpwfail; - } - } + krb5_data *clear_data; + + ret = decode_krb5_setpw_req(&clear, &clear_data, &target); + if (ret != 0) { + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Failed decoding ChangePasswdData", + sizeof(strresult)); + goto chpwfail; + } + + memset(clear.data, 0, clear.length); + free(clear.data); + + clear = *clear_data; + free(clear_data); + + if (target != NULL) { + ret = krb5_unparse_name(context, target, &targetstr); + if (ret != 0) { + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed unparsing target name for log", + sizeof(strresult)); + goto chpwfail; + } + } } ret = krb5_unparse_name(context, client, &clientstr); if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed unparsing client name for log", - sizeof(strresult)); - goto chpwfail; + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed unparsing client name for log", + sizeof(strresult)); + goto chpwfail; } /* for cpw, verify that this is an AS_REQ ticket */ if (vno == 1 && - (ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) { - numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED; - strlcpy(strresult, "Ticket must be derived from a password", - sizeof(strresult)); - goto chpwfail; + (ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) { + numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED; + strlcpy(strresult, "Ticket must be derived from a password", + sizeof(strresult)); + goto chpwfail; } /* change the password */ @@ -243,10 +244,10 @@ process_chpw_request(context, server_handle, realm, keytab, ptr[clear.length] = '\0'; ret = schpw_util_wrapper(server_handle, client, target, - (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0, - ptr, NULL, strresult, sizeof(strresult)); + (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0, + ptr, NULL, strresult, sizeof(strresult)); if (ret) - errmsg = krb5_get_error_message(context, ret); + errmsg = krb5_get_error_message(context, ret); /* zap the password */ memset(clear.data, 0, clear.length); @@ -260,81 +261,81 @@ process_chpw_request(context, server_handle, realm, keytab, switch (addr->addrtype) { case ADDRTYPE_INET: { - struct sockaddr_in *sin = ss2sin(&ss); + struct sockaddr_in *sin = ss2sin(&ss); - sin->sin_family = AF_INET; - memcpy(&sin->sin_addr, addr->contents, addr->length); - sin->sin_port = htons(remote_faddr->port); - salen = sizeof(*sin); - break; + sin->sin_family = AF_INET; + memcpy(&sin->sin_addr, addr->contents, addr->length); + sin->sin_port = htons(remote_faddr->port); + salen = sizeof(*sin); + break; } case ADDRTYPE_INET6: { - struct sockaddr_in6 *sin6 = ss2sin6(&ss); + struct sockaddr_in6 *sin6 = ss2sin6(&ss); - sin6->sin6_family = AF_INET6; - memcpy(&sin6->sin6_addr, addr->contents, addr->length); - sin6->sin6_port = htons(remote_faddr->port); - salen = sizeof(*sin6); - break; + sin6->sin6_family = AF_INET6; + memcpy(&sin6->sin6_addr, addr->contents, addr->length); + sin6->sin6_port = htons(remote_faddr->port); + salen = sizeof(*sin6); + break; } default: { - struct sockaddr *sa = ss2sa(&ss); + struct sockaddr *sa = ss2sa(&ss); - sa->sa_family = AF_UNSPEC; - salen = sizeof(*sa); - break; + sa->sa_family = AF_UNSPEC; + salen = sizeof(*sa); + break; } } if (getnameinfo(ss2sa(&ss), salen, - addrbuf, sizeof(addrbuf), NULL, 0, - NI_NUMERICHOST | NI_NUMERICSERV) != 0) - strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf)); + addrbuf, sizeof(addrbuf), NULL, 0, + NI_NUMERICHOST | NI_NUMERICSERV) != 0) + strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf)); if (vno == RFC3244_VERSION) { - size_t tlen; - char *tdots; - const char *targetp; - - if (target == NULL) { - tlen = clen; - tdots = cdots; - targetp = targetstr; - } else { - tlen = strlen(targetstr); - trunc_name(&tlen, &tdots); - targetp = clientstr; - } - - krb5_klog_syslog(LOG_NOTICE, "setpw request from %s by %.*s%s for %.*s%s: %s", - addrbuf, - (int) clen, clientstr, cdots, - (int) tlen, targetp, tdots, - errmsg ? errmsg : "success"); + size_t tlen; + char *tdots; + const char *targetp; + + if (target == NULL) { + tlen = clen; + tdots = cdots; + targetp = targetstr; + } else { + tlen = strlen(targetstr); + trunc_name(&tlen, &tdots); + targetp = clientstr; + } + + krb5_klog_syslog(LOG_NOTICE, "setpw request from %s by %.*s%s for %.*s%s: %s", + addrbuf, + (int) clen, clientstr, cdots, + (int) tlen, targetp, tdots, + errmsg ? errmsg : "success"); } else { - krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", - addrbuf, - (int) clen, clientstr, cdots, - errmsg ? errmsg : "success"); + krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", + addrbuf, + (int) clen, clientstr, cdots, + errmsg ? errmsg : "success"); } switch (ret) { case KADM5_AUTH_CHANGEPW: - numresult = KRB5_KPASSWD_ACCESSDENIED; - break; + numresult = KRB5_KPASSWD_ACCESSDENIED; + break; case KADM5_PASS_Q_TOOSHORT: case KADM5_PASS_REUSE: case KADM5_PASS_Q_CLASS: case KADM5_PASS_Q_DICT: case KADM5_PASS_TOOSOON: - numresult = KRB5_KPASSWD_HARDERROR; - break; + numresult = KRB5_KPASSWD_HARDERROR; + break; case 0: - numresult = KRB5_KPASSWD_SUCCESS; - strlcpy(strresult, "", sizeof(strresult)); - break; + numresult = KRB5_KPASSWD_SUCCESS; + strlcpy(strresult, "", sizeof(strresult)); + break; default: - numresult = KRB5_KPASSWD_SOFTERROR; - break; + numresult = KRB5_KPASSWD_SOFTERROR; + break; } chpwfail: @@ -352,66 +353,66 @@ chpwfail: cipher.length = 0; if (ap_rep.length) { - ret = krb5_auth_con_setaddrs(context, auth_context, - local_faddr->address, NULL); - if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, - "Failed storing client and server internet addresses", - sizeof(strresult)); - } else { - ret = krb5_mk_priv(context, auth_context, &clear, &cipher, - &replay); - if (ret) { - numresult = KRB5_KPASSWD_HARDERROR; - strlcpy(strresult, "Failed encrypting reply", - sizeof(strresult)); - } - } + ret = krb5_auth_con_setaddrs(context, auth_context, + local_faddr->address, NULL); + if (ret) { + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, + "Failed storing client and server internet addresses", + sizeof(strresult)); + } else { + ret = krb5_mk_priv(context, auth_context, &clear, &cipher, + &replay); + if (ret) { + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed encrypting reply", + sizeof(strresult)); + } + } } /* if no KRB-PRIV was constructed, then we need a KRB-ERROR. if this fails, just bail. there's nothing else we can do. */ if (cipher.length == 0) { - /* clear out ap_rep now, so that it won't be inserted in the + /* clear out ap_rep now, so that it won't be inserted in the reply */ - if (ap_rep.length) { - free(ap_rep.data); - ap_rep.length = 0; - } - - krberror.ctime = 0; - krberror.cusec = 0; - krberror.susec = 0; - ret = krb5_timeofday(context, &krberror.stime); - if (ret) - goto bailout; - - /* this is really icky. but it's what all the other callers - to mk_error do. */ - krberror.error = ret; - krberror.error -= ERROR_TABLE_BASE_krb5; - if (krberror.error < 0 || krberror.error > 128) - krberror.error = KRB_ERR_GENERIC; - - krberror.client = NULL; - - ret = krb5_build_principal(context, &krberror.server, - strlen(realm), realm, - "kadmin", "changepw", NULL); - if (ret) - goto bailout; - krberror.text.length = 0; - krberror.e_data = clear; - - ret = krb5_mk_error(context, &krberror, &cipher); - - krb5_free_principal(context, krberror.server); - - if (ret) - goto bailout; + if (ap_rep.length) { + free(ap_rep.data); + ap_rep.length = 0; + } + + krberror.ctime = 0; + krberror.cusec = 0; + krberror.susec = 0; + ret = krb5_timeofday(context, &krberror.stime); + if (ret) + goto bailout; + + /* this is really icky. but it's what all the other callers + to mk_error do. */ + krberror.error = ret; + krberror.error -= ERROR_TABLE_BASE_krb5; + if (krberror.error < 0 || krberror.error > 128) + krberror.error = KRB_ERR_GENERIC; + + krberror.client = NULL; + + ret = krb5_build_principal(context, &krberror.server, + strlen(realm), realm, + "kadmin", "changepw", NULL); + if (ret) + goto bailout; + krberror.text.length = 0; + krberror.e_data = clear; + + ret = krb5_mk_error(context, &krberror, &cipher); + + krb5_free_principal(context, krberror.server); + + if (ret) + goto bailout; } /* construct the reply */ @@ -419,9 +420,9 @@ chpwfail: rep->length = 6 + ap_rep.length + cipher.length; rep->data = (char *) malloc(rep->length); if (rep->data == NULL) { - rep->length = 0; /* checked by caller */ - ret = ENOMEM; - goto bailout; + rep->length = 0; /* checked by caller */ + ret = ENOMEM; + goto bailout; } ptr = rep->data; @@ -443,8 +444,8 @@ chpwfail: /* ap-rep data */ if (ap_rep.length) { - memcpy(ptr, ap_rep.data, ap_rep.length); - ptr += ap_rep.length; + memcpy(ptr, ap_rep.data, ap_rep.length); + ptr += ap_rep.length; } /* krb-priv or krb-error */ @@ -453,25 +454,25 @@ chpwfail: bailout: if (auth_context) - krb5_auth_con_free(context, auth_context); + krb5_auth_con_free(context, auth_context); if (changepw) - krb5_free_principal(context, changepw); + krb5_free_principal(context, changepw); if (ap_rep.length) - free(ap_rep.data); + free(ap_rep.data); if (ticket) - krb5_free_ticket(context, ticket); + krb5_free_ticket(context, ticket); if (clear.length) - free(clear.data); + free(clear.data); if (cipher.length) - free(cipher.data); + free(cipher.data); if (target) - krb5_free_principal(context, target); + krb5_free_principal(context, target); if (targetstr) - krb5_free_unparsed_name(context, targetstr); + krb5_free_unparsed_name(context, targetstr); if (clientstr) - krb5_free_unparsed_name(context, clientstr); + krb5_free_unparsed_name(context, clientstr); if (errmsg) - krb5_free_error_message(context, errmsg); + krb5_free_error_message(context, errmsg); return(ret); } diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 9449fe8..29a8805 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -17,21 +18,21 @@ #include <string.h> #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" -#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" +#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" -extern gss_name_t gss_changepw_name; -extern gss_name_t gss_oldchangepw_name; -extern void * global_server_handle; +extern gss_name_t gss_changepw_name; +extern gss_name_t gss_oldchangepw_name; +extern void * global_server_handle; -#define CHANGEPW_SERVICE(rqstp) \ - (cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), gss_changepw_name) |\ - (gss_oldchangepw_name && \ - cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), \ - gss_oldchangepw_name))) +#define CHANGEPW_SERVICE(rqstp) \ + (cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), gss_changepw_name) | \ + (gss_oldchangepw_name && \ + cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), \ + gss_oldchangepw_name))) static int gss_to_krb5_name(kadm5_server_handle_t handle, - gss_name_t gss_name, krb5_principal *princ); + gss_name_t gss_name, krb5_principal *princ); static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str); @@ -41,25 +42,25 @@ gss_name_t rqst2name(struct svc_req *rqstp); static int cmp_gss_names(gss_name_t n1, gss_name_t n2) { - OM_uint32 emaj, emin; - int equal; + OM_uint32 emaj, emin; + int equal; - if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal))) - return(0); + if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal))) + return(0); - return(equal); + return(equal); } /* Does a comparison of the names and then releases the first entity */ /* For use above in CHANGEPW_SERVICE */ static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2) { - OM_uint32 min_stat; - int ret; + OM_uint32 min_stat; + int ret; - ret = cmp_gss_names(n1, n2); - if (n1) (void) gss_release_name(&min_stat, &n1); - return ret; + ret = cmp_gss_names(n1, n2); + if (n1) (void) gss_release_name(&min_stat, &n1); + return ret; } /* @@ -70,13 +71,13 @@ static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2) * * Arguments: * - * handle The server handle. + * handle The server handle. */ static int check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } /* @@ -88,45 +89,45 @@ static int check_handle(void *handle) * kadm5_init. * * Arguments: - * api_version (input) The API version specified by the client - * rqstp (input) The RPC request - * handle (output) The returned handle - * <return value> (output) An error code, or 0 if no error occurred - * + * api_version (input) The API version specified by the client + * rqstp (input) The RPC request + * handle (output) The returned handle + * <return value> (output) An error code, or 0 if no error occurred + * * Effects: - * Returns a pointer to allocated storage containing the server - * handle. If an error occurs, then no allocated storage is - * returned, and the return value of the function will be a - * non-zero com_err code. - * + * Returns a pointer to allocated storage containing the server + * handle. If an error occurs, then no allocated storage is + * returned, and the return value of the function will be a + * non-zero com_err code. + * * The allocated storage for the handle should be freed with - * free_server_handle (see below) when it is no longer needed. + * free_server_handle (see below) when it is no longer needed. */ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version, - struct svc_req *rqstp, - kadm5_server_handle_t - *out_handle) + struct svc_req *rqstp, + kadm5_server_handle_t + *out_handle) { - kadm5_server_handle_t handle; + kadm5_server_handle_t handle; - *out_handle = NULL; + *out_handle = NULL; - if (! (handle = (kadm5_server_handle_t) - malloc(sizeof(*handle)))) - return ENOMEM; + if (! (handle = (kadm5_server_handle_t) + malloc(sizeof(*handle)))) + return ENOMEM; - *handle = *(kadm5_server_handle_t)global_server_handle; - handle->api_version = api_version; + *handle = *(kadm5_server_handle_t)global_server_handle; + handle->api_version = api_version; - if (! gss_to_krb5_name(handle, rqst2name(rqstp), - &handle->current_caller)) { - free(handle); - return KADM5_FAILURE; - } + if (! gss_to_krb5_name(handle, rqst2name(rqstp), + &handle->current_caller)) { + free(handle); + return KADM5_FAILURE; + } - *out_handle = handle; - return 0; + *out_handle = handle; + return 0; } /* @@ -135,14 +136,14 @@ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version, * Purpose: Free handle memory allocated by new_server_handle * * Arguments: - * handle (input/output) The handle to free + * handle (input/output) The handle to free */ static void free_server_handle(kadm5_server_handle_t handle) { - if (!handle) - return; - krb5_free_principal(handle->context, handle->current_caller); - free(handle); + if (!handle) + return; + krb5_free_principal(handle->context, handle->current_caller); + free(handle); } /* @@ -152,9 +153,9 @@ static void free_server_handle(kadm5_server_handle_t handle) * names. * * Arguments: - * rqstp (r) the RPC request - * client_name (w) the gss_buffer_t for the client name - * server_name (w) the gss_buffer_t for the server name + * rqstp (r) the RPC request + * client_name (w) the gss_buffer_t for the client name + * server_name (w) the gss_buffer_t for the server name * * Effects: * @@ -163,82 +164,82 @@ static void free_server_handle(kadm5_server_handle_t handle) * on success and -1 on failure. */ int setup_gss_names(struct svc_req *rqstp, - gss_buffer_desc *client_name, - gss_buffer_desc *server_name) + gss_buffer_desc *client_name, + gss_buffer_desc *server_name) { - OM_uint32 maj_stat, min_stat; - gss_name_t server_gss_name; - - if (gss_name_to_string(rqst2name(rqstp), client_name) != 0) - return -1; - maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL, - &server_gss_name, NULL, NULL, NULL, - NULL, NULL); - if (maj_stat != GSS_S_COMPLETE) { - gss_release_buffer(&min_stat, client_name); - gss_release_name(&min_stat, &server_gss_name); - return -1; - } - if (gss_name_to_string(server_gss_name, server_name) != 0) { - gss_release_buffer(&min_stat, client_name); - gss_release_name(&min_stat, &server_gss_name); - return -1; - } - gss_release_name(&min_stat, &server_gss_name); - return 0; + OM_uint32 maj_stat, min_stat; + gss_name_t server_gss_name; + + if (gss_name_to_string(rqst2name(rqstp), client_name) != 0) + return -1; + maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL, + &server_gss_name, NULL, NULL, NULL, + NULL, NULL); + if (maj_stat != GSS_S_COMPLETE) { + gss_release_buffer(&min_stat, client_name); + gss_release_name(&min_stat, &server_gss_name); + return -1; + } + if (gss_name_to_string(server_gss_name, server_name) != 0) { + gss_release_buffer(&min_stat, client_name); + gss_release_name(&min_stat, &server_gss_name); + return -1; + } + gss_release_name(&min_stat, &server_gss_name); + return 0; } static gss_name_t acceptor_name(gss_ctx_id_t context) { - OM_uint32 maj_stat, min_stat; - gss_name_t name; - - maj_stat = gss_inquire_context(&min_stat, context, NULL, &name, - NULL, NULL, NULL, NULL, NULL); - if (maj_stat != GSS_S_COMPLETE) - return NULL; - return name; + OM_uint32 maj_stat, min_stat; + gss_name_t name; + + maj_stat = gss_inquire_context(&min_stat, context, NULL, &name, + NULL, NULL, NULL, NULL, NULL); + if (maj_stat != GSS_S_COMPLETE) + return NULL; + return name; } - + static int cmp_gss_krb5_name(kadm5_server_handle_t handle, - gss_name_t gss_name, krb5_principal princ) + gss_name_t gss_name, krb5_principal princ) { - krb5_principal princ2; - int status; - - if (! gss_to_krb5_name(handle, gss_name, &princ2)) - return 0; - status = krb5_principal_compare(handle->context, princ, princ2); - krb5_free_principal(handle->context, princ2); - return status; + krb5_principal princ2; + int status; + + if (! gss_to_krb5_name(handle, gss_name, &princ2)) + return 0; + status = krb5_principal_compare(handle->context, princ, princ2); + krb5_free_principal(handle->context, princ2); + return status; } static int gss_to_krb5_name(kadm5_server_handle_t handle, - gss_name_t gss_name, krb5_principal *princ) + gss_name_t gss_name, krb5_principal *princ) { - OM_uint32 status, minor_stat; - gss_buffer_desc gss_str; - gss_OID gss_type; - int success; - - status = gss_display_name(&minor_stat, gss_name, &gss_str, &gss_type); - if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) - return 0; - success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0); - gss_release_buffer(&minor_stat, &gss_str); - return success; + OM_uint32 status, minor_stat; + gss_buffer_desc gss_str; + gss_OID gss_type; + int success; + + status = gss_display_name(&minor_stat, gss_name, &gss_str, &gss_type); + if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) + return 0; + success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0); + gss_release_buffer(&minor_stat, &gss_str); + return success; } static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str) { - OM_uint32 status, minor_stat; - gss_OID gss_type; + OM_uint32 status, minor_stat; + gss_OID gss_type; - status = gss_display_name(&minor_stat, gss_name, str, &gss_type); - if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) - return 1; - return 0; + status = gss_display_name(&minor_stat, gss_name, str, &gss_type); + if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) + return 1; + return 0; } static int @@ -261,12 +262,12 @@ log_unauth( /* okay to cast lengths to int because trunc_name limits max value */ return krb5_klog_syslog(LOG_NOTICE, - "Unauthorized request: %s, %.*s%s, " - "client=%.*s%s, service=%.*s%s, addr=%s", - op, (int)tlen, target, tdots, - (int)clen, (char *)client->value, cdots, - (int)slen, (char *)server->value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + "Unauthorized request: %s, %.*s%s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, (int)tlen, target, tdots, + (int)clen, (char *)client->value, cdots, + (int)slen, (char *)server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } static int @@ -290,72 +291,72 @@ log_done( /* okay to cast lengths to int because trunc_name limits max value */ return krb5_klog_syslog(LOG_NOTICE, - "Request: %s, %.*s%s, %s, " - "client=%.*s%s, service=%.*s%s, addr=%s", - op, (int)tlen, target, tdots, errmsg, - (int)clen, (char *)client->value, cdots, - (int)slen, (char *)server->value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + "Request: %s, %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + op, (int)tlen, target, tdots, errmsg, + (int)clen, (char *)client->value, cdots, + (int)slen, (char *)server->value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } generic_ret * create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) - || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, - arg->rec.principal, &rp) - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; - log_unauth("kadm5_create_principal", prime_arg, - &client_name, &service_name, rqstp); + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, + arg->rec.principal, &rp) + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_principal((void *)handle, - &arg->rec, arg->mask, - arg->passwd); + ret.code = kadm5_create_principal((void *)handle, + &arg->rec, arg->mask, + arg->passwd); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_create_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_create_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); - exit_func: +exit_func: free_server_handle(handle); return &ret; } @@ -363,56 +364,56 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) generic_ret * create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) - || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, - arg->rec.principal, &rp) - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; - log_unauth("kadm5_create_principal", prime_arg, - &client_name, &service_name, rqstp); + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, + arg->rec.principal, &rp) + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_ADD; + log_unauth("kadm5_create_principal", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_principal_3((void *)handle, - &arg->rec, arg->mask, - arg->n_ks_tuple, - arg->ks_tuple, - arg->passwd); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - log_done("kadm5_create_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); - - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_create_principal_3((void *)handle, + &arg->rec, arg->mask, + arg->n_ks_tuple, + arg->ks_tuple, + arg->passwd); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_create_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); @@ -426,50 +427,50 @@ exit_func: generic_ret * delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } - + if (CHANGEPW_SERVICE(rqstp) - || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, - arg->princ, NULL)) { - ret.code = KADM5_AUTH_DELETE; - log_unauth("kadm5_delete_principal", prime_arg, - &client_name, &service_name, rqstp); + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, + arg->princ, NULL)) { + ret.code = KADM5_AUTH_DELETE; + log_unauth("kadm5_delete_principal", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_delete_principal((void *)handle, arg->princ); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_delete_principal((void *)handle, arg->princ); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_delete_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_delete_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -484,52 +485,52 @@ exit_func: generic_ret * modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) - || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, - arg->rec.principal, &rp) - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_MODIFY; - log_unauth("kadm5_modify_principal", prime_arg, - &client_name, &service_name, rqstp); + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, + arg->rec.principal, &rp) + || kadm5int_acl_impose_restrictions(handle->context, + &arg->rec, &arg->mask, rp)) { + ret.code = KADM5_AUTH_MODIFY; + log_unauth("kadm5_modify_principal", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_modify_principal((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_modify_principal((void *)handle, &arg->rec, + arg->mask); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_modify_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_modify_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); @@ -542,34 +543,34 @@ exit_func: generic_ret * rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg1, - *prime_arg2; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; - const char *errmsg = NULL; - size_t tlen1, tlen2, clen, slen; - char *tdots1, *tdots2, *cdots, *sdots; + static generic_ret ret; + char *prime_arg1, + *prime_arg2; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; + const char *errmsg = NULL; + size_t tlen1, tlen2, clen, slen; + char *tdots1, *tdots2, *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) || krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } tlen1 = strlen(prime_arg1); trunc_name(&tlen1, &tdots1); @@ -582,54 +583,54 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { - if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_DELETE, arg->src, NULL)) - ret.code = KADM5_AUTH_DELETE; - /* any restrictions at all on the ADD kills the RENAME */ - if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_ADD, arg->dest, &rp) || rp) { - if (ret.code == KADM5_AUTH_DELETE) - ret.code = KADM5_AUTH_INSUFFICIENT; - else - ret.code = KADM5_AUTH_ADD; - } + if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_DELETE, arg->src, NULL)) + ret.code = KADM5_AUTH_DELETE; + /* any restrictions at all on the ADD kills the RENAME */ + if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_ADD, arg->dest, &rp) || rp) { + if (ret.code == KADM5_AUTH_DELETE) + ret.code = KADM5_AUTH_INSUFFICIENT; + else + ret.code = KADM5_AUTH_ADD; + } } else - ret.code = KADM5_AUTH_INSUFFICIENT; + ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { - /* okay to cast lengths to int because trunc_name limits max value */ - krb5_klog_syslog(LOG_NOTICE, - "Unauthorized request: kadm5_rename_principal, " - "%.*s%s to %.*s%s, " - "client=%.*s%s, service=%.*s%s, addr=%s", - (int)tlen1, prime_arg1, tdots1, - (int)tlen2, prime_arg2, tdots2, - (int)clen, (char *)client_name.value, cdots, - (int)slen, (char *)service_name.value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + /* okay to cast lengths to int because trunc_name limits max value */ + krb5_klog_syslog(LOG_NOTICE, + "Unauthorized request: kadm5_rename_principal, " + "%.*s%s to %.*s%s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + (int)tlen1, prime_arg1, tdots1, + (int)tlen2, prime_arg2, tdots2, + (int)clen, (char *)client_name.value, cdots, + (int)slen, (char *)service_name.value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { - ret.code = kadm5_rename_principal((void *)handle, arg->src, - arg->dest); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - /* okay to cast lengths to int because trunc_name limits max value */ - krb5_klog_syslog(LOG_NOTICE, - "Request: kadm5_rename_principal, " - "%.*s%s to %.*s%s, %s, " - "client=%.*s%s, service=%.*s%s, addr=%s", - (int)tlen1, prime_arg1, tdots1, - (int)tlen2, prime_arg2, tdots2, - errmsg ? errmsg : "success", - (int)clen, (char *)client_name.value, cdots, - (int)slen, (char *)service_name.value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_rename_principal((void *)handle, arg->src, + arg->dest); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + /* okay to cast lengths to int because trunc_name limits max value */ + krb5_klog_syslog(LOG_NOTICE, + "Request: kadm5_rename_principal, " + "%.*s%s to %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s", + (int)tlen1, prime_arg1, tdots1, + (int)tlen2, prime_arg2, tdots2, + errmsg ? errmsg : "success", + (int)clen, (char *)client_name.value, cdots, + (int)slen, (char *)service_name.value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg1); - free(prime_arg2); + free(prime_arg2); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: @@ -640,56 +641,56 @@ exit_func: gprinc_ret * get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) { - static gprinc_ret ret; - char *prime_arg, *funcname; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static gprinc_ret ret; + char *prime_arg, *funcname; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_gprinc_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; funcname = "kadm5_get_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && - (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_INQUIRE, - arg->princ, - NULL))) { - ret.code = KADM5_AUTH_GET; - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); + (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, + rqst2name(rqstp), + ACL_INQUIRE, + arg->princ, + NULL))) { + ret.code = KADM5_AUTH_GET; + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec, - arg->mask); - - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec, + arg->mask); - log_done(funcname, prime_arg, errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + log_done(funcname, prime_arg, errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); @@ -702,53 +703,53 @@ exit_func: gprincs_ret * get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) { - static gprincs_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static gprincs_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_gprincs_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) - prime_arg = "*"; + prime_arg = "*"; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_LIST, - NULL, - NULL)) { - ret.code = KADM5_AUTH_LIST; - log_unauth("kadm5_get_principals", prime_arg, - &client_name, &service_name, rqstp); + rqst2name(rqstp), + ACL_LIST, + NULL, + NULL)) { + ret.code = KADM5_AUTH_LIST; + log_unauth("kadm5_get_principals", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_principals((void *)handle, - arg->exp, &ret.princs, - &ret.count); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_get_principals((void *)handle, + arg->exp, &ret.princs, + &ret.count); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_get_principals", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_get_principals", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); @@ -761,57 +762,57 @@ exit_func: generic_ret * chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, - FALSE, 0, NULL, arg->pass); + ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, + FALSE, 0, NULL, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_chpass_principal((void *)handle, arg->princ, - arg->pass); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_CHANGEPW, arg->princ, NULL)) { + ret.code = kadm5_chpass_principal((void *)handle, arg->princ, + arg->pass); } else { - log_unauth("kadm5_chpass_principal", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; } if (ret.code != KADM5_AUTH_CHANGEPW) { - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret.code != 0) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_chpass_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_chpass_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -825,63 +826,63 @@ exit_func: generic_ret * chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->pass); + ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->pass); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_CHANGEPW, arg->princ, NULL)) { + ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + arg->pass); } else { - log_unauth("kadm5_chpass_principal", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + log_unauth("kadm5_chpass_principal", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_chpass_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_chpass_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -895,54 +896,54 @@ exit_func: generic_ret * setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, - arg->keyblock); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_SETKEY, arg->princ, NULL)) { + ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, + arg->keyblock); } else { - log_unauth("kadm5_setv4key_principal", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + log_unauth("kadm5_setv4key_principal", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setv4key_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_setv4key_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -956,54 +957,54 @@ exit_func: generic_ret * setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setkey_principal((void *)handle, arg->princ, - arg->keyblocks, arg->n_keys); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_SETKEY, arg->princ, NULL)) { + ret.code = kadm5_setkey_principal((void *)handle, arg->princ, + arg->keyblocks, arg->n_keys); } else { - log_unauth("kadm5_setkey_principal", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setkey_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_setkey_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -1017,57 +1018,57 @@ exit_func: generic_ret * setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->keyblocks, arg->n_keys); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_SETKEY, arg->princ, NULL)) { + ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + arg->keyblocks, arg->n_keys); } else { - log_unauth("kadm5_setkey_principal", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + log_unauth("kadm5_setkey_principal", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setkey_principal", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_setkey_principal", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); @@ -1081,66 +1082,66 @@ exit_func: chrand_ret * chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) { - static chrand_ret ret; - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static chrand_ret ret; + krb5_keyblock *k; + int nkeys; + char *prime_arg, *funcname; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; funcname = "kadm5_randkey_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, - FALSE, 0, NULL, &k, &nkeys); + ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, + FALSE, 0, NULL, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_randkey_principal((void *)handle, arg->princ, - &k, &nkeys); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_CHANGEPW, arg->princ, NULL)) { + ret.code = kadm5_randkey_principal((void *)handle, arg->princ, + &k, &nkeys); } else { - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code == KADM5_OK) { - ret.keys = k; - ret.n_keys = nkeys; + ret.keys = k; + ret.n_keys = nkeys; } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done(funcname, prime_arg, errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done(funcname, prime_arg, errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); @@ -1153,71 +1154,71 @@ exit_func: chrand_ret * chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) { - static chrand_ret ret; - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static chrand_ret ret; + krb5_keyblock *k; + int nkeys; + char *prime_arg, *funcname; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; funcname = "kadm5_randkey_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; + ret.code = KADM5_BAD_PRINCIPAL; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - &k, &nkeys); + ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), - ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - &k, &nkeys); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_CHANGEPW, arg->princ, NULL)) { + ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + &k, &nkeys); } else { - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code == KADM5_OK) { - ret.keys = k; - ret.n_keys = nkeys; + ret.keys = k; + ret.n_keys = nkeys; } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done(funcname, prime_arg, errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done(funcname, prime_arg, errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); @@ -1230,50 +1231,50 @@ exit_func: generic_ret * create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_ADD, NULL, NULL)) { - ret.code = KADM5_AUTH_ADD; - log_unauth("kadm5_create_policy", prime_arg, - &client_name, &service_name, rqstp); + rqst2name(rqstp), + ACL_ADD, NULL, NULL)) { + ret.code = KADM5_AUTH_ADD; + log_unauth("kadm5_create_policy", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_policy((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - log_done("kadm5_create_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); - - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_create_policy((void *)handle, &arg->rec, + arg->mask); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_create_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1285,48 +1286,48 @@ exit_func: generic_ret * delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->name; - + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_DELETE, NULL, NULL)) { - log_unauth("kadm5_delete_policy", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_DELETE; + rqst2name(rqstp), + ACL_DELETE, NULL, NULL)) { + log_unauth("kadm5_delete_policy", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_DELETE; } else { - ret.code = kadm5_delete_policy((void *)handle, arg->name); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_delete_policy((void *)handle, arg->name); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_delete_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_delete_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1338,49 +1339,49 @@ exit_func: generic_ret * modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static generic_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_MODIFY, NULL, NULL)) { - log_unauth("kadm5_modify_policy", prime_arg, - &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_MODIFY; + rqst2name(rqstp), + ACL_MODIFY, NULL, NULL)) { + log_unauth("kadm5_modify_policy", prime_arg, + &client_name, &service_name, rqstp); + ret.code = KADM5_AUTH_MODIFY; } else { - ret.code = kadm5_modify_policy((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - log_done("kadm5_modify_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); - - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_modify_policy((void *)handle, &arg->rec, + arg->mask); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_modify_policy", + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1389,74 +1390,74 @@ exit_func: return &ret; } -gpol_ret * +gpol_ret * get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) { - static gpol_ret ret; - kadm5_ret_t ret2; - char *prime_arg, *funcname; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_principal_ent_rec caller_ent; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static gpol_ret ret; + kadm5_ret_t ret2; + char *prime_arg, *funcname; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_principal_ent_rec caller_ent; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_gpol_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; funcname = "kadm5_get_policy"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->name; ret.code = KADM5_AUTH_GET; if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_INQUIRE, NULL, NULL)) - ret.code = KADM5_OK; + rqst2name(rqstp), + ACL_INQUIRE, NULL, NULL)) + ret.code = KADM5_OK; else { - ret.code = kadm5_get_principal(handle->lhandle, - handle->current_caller, - &caller_ent, - KADM5_PRINCIPAL_NORMAL_MASK); - if (ret.code == KADM5_OK) { - if (caller_ent.aux_attributes & KADM5_POLICY && - strcmp(caller_ent.policy, arg->name) == 0) { - ret.code = KADM5_OK; - } else ret.code = KADM5_AUTH_GET; - ret2 = kadm5_free_principal_ent(handle->lhandle, - &caller_ent); - ret.code = ret.code ? ret.code : ret2; - } - } - + ret.code = kadm5_get_principal(handle->lhandle, + handle->current_caller, + &caller_ent, + KADM5_PRINCIPAL_NORMAL_MASK); + if (ret.code == KADM5_OK) { + if (caller_ent.aux_attributes & KADM5_POLICY && + strcmp(caller_ent.policy, arg->name) == 0) { + ret.code = KADM5_OK; + } else ret.code = KADM5_AUTH_GET; + ret2 = kadm5_free_principal_ent(handle->lhandle, + &caller_ent); + ret.code = ret.code ? ret.code : ret2; + } + } + if (ret.code == KADM5_OK) { - ret.code = kadm5_get_policy(handle, arg->name, &ret.rec); - - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - log_done(funcname, - ((prime_arg == NULL) ? "(null)" : prime_arg), - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_get_policy(handle, arg->name, &ret.rec); + + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done(funcname, + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } else { - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1469,51 +1470,51 @@ exit_func: gpols_ret * get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) { - static gpols_ret ret; - char *prime_arg; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static gpols_ret ret; + char *prime_arg; + gss_buffer_desc client_name, + service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; xdr_free(xdr_gpols_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; + goto exit_func; if ((ret.code = check_handle((void *)handle))) - goto exit_func; + goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; + ret.code = KADM5_FAILURE; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) - prime_arg = "*"; + prime_arg = "*"; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_LIST, NULL, NULL)) { - ret.code = KADM5_AUTH_LIST; - log_unauth("kadm5_get_policies", prime_arg, - &client_name, &service_name, rqstp); + rqst2name(rqstp), + ACL_LIST, NULL, NULL)) { + ret.code = KADM5_AUTH_LIST; + log_unauth("kadm5_get_policies", prime_arg, + &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_policies((void *)handle, - arg->exp, &ret.pols, - &ret.count); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); - - log_done("kadm5_get_policies", prime_arg, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); - - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + ret.code = kadm5_get_policies((void *)handle, + arg->exp, &ret.pols, + &ret.count); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_get_policies", prime_arg, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); @@ -1524,104 +1525,104 @@ exit_func: getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) { - static getprivs_ret ret; - gss_buffer_desc client_name, service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; + static getprivs_ret ret; + gss_buffer_desc client_name, service_name; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; - xdr_free(xdr_getprivs_ret, &ret); + xdr_free(xdr_getprivs_ret, &ret); - if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - goto exit_func; + if ((ret.code = new_server_handle(*arg, rqstp, &handle))) + goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; + if ((ret.code = check_handle((void *)handle))) + goto exit_func; - ret.api_version = handle->api_version; + ret.api_version = handle->api_version; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } + if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { + ret.code = KADM5_FAILURE; + goto exit_func; + } - ret.code = kadm5_get_privs((void *)handle, &ret.privs); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret.code = kadm5_get_privs((void *)handle, &ret.privs); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_get_privs", client_name.value, - errmsg ? errmsg : "success", - &client_name, &service_name, rqstp); + log_done("kadm5_get_privs", client_name.value, + errmsg ? errmsg : "success", + &client_name, &service_name, rqstp); - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); exit_func: - free_server_handle(handle); - return &ret; + free_server_handle(handle); + return &ret; } generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) { - static generic_ret ret; - gss_buffer_desc client_name, - service_name; - kadm5_server_handle_t handle; - OM_uint32 minor_stat; - const char *errmsg = NULL; - size_t clen, slen; - char *cdots, *sdots; - - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - goto exit_func; - if (! (ret.code = check_handle((void *)handle))) { - ret.api_version = handle->api_version; - } - - free_server_handle(handle); - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - - if (ret.code != 0) - errmsg = krb5_get_error_message(NULL, ret.code); - - clen = client_name.length; - trunc_name(&clen, &cdots); - slen = service_name.length; - trunc_name(&slen, &sdots); - /* okay to cast lengths to int because trunc_name limits max value */ - krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, " - "client=%.*s%s, service=%.*s%s, addr=%s, " - "vers=%d, flavor=%d", - (int)clen, (char *)client_name.value, cdots, - errmsg ? errmsg : "success", - (int)clen, (char *)client_name.value, cdots, - (int)slen, (char *)service_name.value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), - ret.api_version & ~(KADM5_API_VERSION_MASK), - rqstp->rq_cred.oa_flavor); - if (errmsg != NULL) - krb5_free_error_message(NULL, errmsg); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - + static generic_ret ret; + gss_buffer_desc client_name, + service_name; + kadm5_server_handle_t handle; + OM_uint32 minor_stat; + const char *errmsg = NULL; + size_t clen, slen; + char *cdots, *sdots; + + xdr_free(xdr_generic_ret, &ret); + + if ((ret.code = new_server_handle(*arg, rqstp, &handle))) + goto exit_func; + if (! (ret.code = check_handle((void *)handle))) { + ret.api_version = handle->api_version; + } + + free_server_handle(handle); + + if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { + ret.code = KADM5_FAILURE; + goto exit_func; + } + + if (ret.code != 0) + errmsg = krb5_get_error_message(NULL, ret.code); + + clen = client_name.length; + trunc_name(&clen, &cdots); + slen = service_name.length; + trunc_name(&slen, &sdots); + /* okay to cast lengths to int because trunc_name limits max value */ + krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, " + "client=%.*s%s, service=%.*s%s, addr=%s, " + "vers=%d, flavor=%d", + (int)clen, (char *)client_name.value, cdots, + errmsg ? errmsg : "success", + (int)clen, (char *)client_name.value, cdots, + (int)slen, (char *)service_name.value, sdots, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), + ret.api_version & ~(KADM5_API_VERSION_MASK), + rqstp->rq_cred.oa_flavor); + if (errmsg != NULL) + krb5_free_error_message(NULL, errmsg); + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); + exit_func: - return(&ret); + return(&ret); } gss_name_t rqst2name(struct svc_req *rqstp) { - if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS) - return rqstp->rq_clntname; - else - return rqstp->rq_clntcred; + if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS) + return rqstp->rq_clntname; + else + return rqstp->rq_clntcred; } diff --git a/src/kadmin/testing/util/bsddb_dump.c b/src/kadmin/testing/util/bsddb_dump.c index ba69b84..5dbe7ae 100644 --- a/src/kadmin/testing/util/bsddb_dump.c +++ b/src/kadmin/testing/util/bsddb_dump.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * $Id$ */ @@ -9,56 +10,56 @@ main(int argc, char *argv[]) { - char *file; - DB *db; - DBT dbkey, dbdata; - int code, i; + char *file; + DB *db; + DBT dbkey, dbdata; + int code, i; - HASHINFO info; + HASHINFO info; - info.hash = NULL; - info.bsize = 256; - info.ffactor = 8; - info.nelem = 25000; - info.lorder = 0; + info.hash = NULL; + info.bsize = 256; + info.ffactor = 8; + info.nelem = 25000; + info.lorder = 0; - if (argc != 2) { - fprintf(stderr, "usage: argv[0] dbfile\n"); - exit(2); - } - - file = argv[1]; + if (argc != 2) { + fprintf(stderr, "usage: argv[0] dbfile\n"); + exit(2); + } - if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) { - perror("Opening db file"); - exit(1); - } + file = argv[1]; - if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) { - perror("starting db iteration"); - exit(1); - } + if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) { + perror("Opening db file"); + exit(1); + } - while (code == 0) { - for (i=0; i<dbkey.size; i++) - printf("%02x", (int) ((unsigned char *) dbkey.data)[i]); - printf("\t"); - for (i=0; i<dbdata.size; i++) - printf("%02x", (int) ((unsigned char *) dbdata.data)[i]); - printf("\n"); + if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) { + perror("starting db iteration"); + exit(1); + } - code = (*db->seq)(db, &dbkey, &dbdata, R_NEXT); - } + while (code == 0) { + for (i=0; i<dbkey.size; i++) + printf("%02x", (int) ((unsigned char *) dbkey.data)[i]); + printf("\t"); + for (i=0; i<dbdata.size; i++) + printf("%02x", (int) ((unsigned char *) dbdata.data)[i]); + printf("\n"); - if (code == -1) { - perror("during db iteration"); - exit(1); - } + code = (*db->seq)(db, &dbkey, &dbdata, R_NEXT); + } - if ((*db->close)(db) == -1) { - perror("closing db"); - exit(1); - } + if (code == -1) { + perror("during db iteration"); + exit(1); + } - exit(0); + if ((*db->close)(db) == -1) { + perror("closing db"); + exit(1); + } + + exit(0); } diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index 08f3a52..b286356 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "autoconf.h" #include <stdio.h> #include <string.h> @@ -15,96 +16,96 @@ #include "tcl_kadm5.h" struct flagval { - char *name; - krb5_flags val; + char *name; + krb5_flags val; }; /* XXX This should probably be in the hash table like server_handle */ static krb5_context context; static struct flagval krb5_flags_array[] = { - {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED}, - {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE}, - {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED}, - {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE}, - {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE}, - {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY}, - {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX}, - {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH}, - {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH}, - {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE}, - {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR}, - {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE} + {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED}, + {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE}, + {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED}, + {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE}, + {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE}, + {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY}, + {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX}, + {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH}, + {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH}, + {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE}, + {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR}, + {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE} }; static struct flagval aux_attributes[] = { - {"KADM5_POLICY", KADM5_POLICY} + {"KADM5_POLICY", KADM5_POLICY} }; static struct flagval principal_mask_flags[] = { - {"KADM5_PRINCIPAL", KADM5_PRINCIPAL}, - {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME}, - {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION}, - {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE}, - {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES}, - {"KADM5_MAX_LIFE", KADM5_MAX_LIFE}, - {"KADM5_MOD_TIME", KADM5_MOD_TIME}, - {"KADM5_MOD_NAME", KADM5_MOD_NAME}, - {"KADM5_KVNO", KADM5_KVNO}, - {"KADM5_MKVNO", KADM5_MKVNO}, - {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES}, - {"KADM5_POLICY", KADM5_POLICY}, - {"KADM5_POLICY_CLR", KADM5_POLICY_CLR}, - {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE}, - {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS}, - {"KADM5_LAST_FAILED", KADM5_LAST_FAILED}, - {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT}, - {"KADM5_KEY_DATA", KADM5_KEY_DATA}, - {"KADM5_TL_DATA", KADM5_TL_DATA}, - {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK} + {"KADM5_PRINCIPAL", KADM5_PRINCIPAL}, + {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME}, + {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION}, + {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE}, + {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES}, + {"KADM5_MAX_LIFE", KADM5_MAX_LIFE}, + {"KADM5_MOD_TIME", KADM5_MOD_TIME}, + {"KADM5_MOD_NAME", KADM5_MOD_NAME}, + {"KADM5_KVNO", KADM5_KVNO}, + {"KADM5_MKVNO", KADM5_MKVNO}, + {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES}, + {"KADM5_POLICY", KADM5_POLICY}, + {"KADM5_POLICY_CLR", KADM5_POLICY_CLR}, + {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE}, + {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS}, + {"KADM5_LAST_FAILED", KADM5_LAST_FAILED}, + {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT}, + {"KADM5_KEY_DATA", KADM5_KEY_DATA}, + {"KADM5_TL_DATA", KADM5_TL_DATA}, + {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK} }; static struct flagval policy_mask_flags[] = { - {"KADM5_POLICY", KADM5_POLICY}, - {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE}, - {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE}, - {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH}, - {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES}, - {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM}, - {"KADM5_REF_COUNT", KADM5_REF_COUNT}, - {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE}, - {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL}, - {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION}, + {"KADM5_POLICY", KADM5_POLICY}, + {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE}, + {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE}, + {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH}, + {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES}, + {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM}, + {"KADM5_REF_COUNT", KADM5_REF_COUNT}, + {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE}, + {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL}, + {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION}, }; static struct flagval config_mask_flags[] = { - {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM}, - {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME}, - {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME}, - {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE}, - {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE}, - {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION}, - {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS}, - {"KADM5_CONFIG_ADMIN_KEYTAB", KADM5_CONFIG_ADMIN_KEYTAB}, - {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE}, - {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE}, - {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME}, - {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE}, - {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE}, - {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT}, - {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES}, - {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER}, - {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE}, - {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD}, + {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM}, + {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME}, + {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME}, + {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE}, + {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE}, + {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION}, + {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS}, + {"KADM5_CONFIG_ADMIN_KEYTAB", KADM5_CONFIG_ADMIN_KEYTAB}, + {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE}, + {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE}, + {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME}, + {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE}, + {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE}, + {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT}, + {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES}, + {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER}, + {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE}, + {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD}, }; static struct flagval priv_flags[] = { - {"KADM5_PRIV_GET", KADM5_PRIV_GET}, - {"KADM5_PRIV_ADD", KADM5_PRIV_ADD}, - {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY}, - {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE} + {"KADM5_PRIV_GET", KADM5_PRIV_GET}, + {"KADM5_PRIV_ADD", KADM5_PRIV_ADD}, + {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY}, + {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE} }; - + static char *arg_error = "wrong # args"; @@ -117,18 +118,18 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name) Tcl_HashEntry *entry; if (! struct_table) { - if (! (struct_table = - malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); + if (! (struct_table = + malloc(sizeof(*struct_table)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); } do { - sprintf(buf, "kadm5_handle%d", i); - entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr); - i++; + sprintf(buf, "kadm5_handle%d", i); + entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr); + i++; } while (! newPtr); Tcl_SetHashValue(entry, handle); @@ -139,19 +140,19 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name) } static int get_server_handle(Tcl_Interp *interp, const char *name, - void **handle) + void **handle) { Tcl_HashEntry *entry; if(!strcasecmp(name, "null")) - *handle = 0; + *handle = 0; else { - if (! (struct_table && - (entry = Tcl_FindHashEntry(struct_table, name)))) { - Tcl_AppendResult(interp, "unknown server handle ", name, 0); - return TCL_ERROR; - } - *handle = (void *) Tcl_GetHashValue(entry); + if (! (struct_table && + (entry = Tcl_FindHashEntry(struct_table, name)))) { + Tcl_AppendResult(interp, "unknown server handle ", name, 0); + return TCL_ERROR; + } + *handle = (void *) Tcl_GetHashValue(entry); } return TCL_OK; } @@ -161,2413 +162,2413 @@ static int remove_server_handle(Tcl_Interp *interp, const char *name) Tcl_HashEntry *entry; if (! (struct_table && - (entry = Tcl_FindHashEntry(struct_table, name)))) { - Tcl_AppendResult(interp, "unknown server handle ", name, 0); - return TCL_ERROR; + (entry = Tcl_FindHashEntry(struct_table, name)))) { + Tcl_AppendResult(interp, "unknown server handle ", name, 0); + return TCL_ERROR; } Tcl_SetHashValue(entry, NULL); return TCL_OK; } -#define GET_HANDLE(num_args, ignored) \ - void *server_handle; \ - const char *whoami = argv[0]; \ - argv++, argc--; \ - if (argc != num_args + 1) { \ - Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \ - return TCL_ERROR; \ - } \ - { \ - int ltcl_ret; \ - if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \ - != TCL_OK) { \ - return ltcl_ret; \ - } \ - } \ +#define GET_HANDLE(num_args, ignored) \ + void *server_handle; \ + const char *whoami = argv[0]; \ + argv++, argc--; \ + if (argc != num_args + 1) { \ + Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \ + return TCL_ERROR; \ + } \ + { \ + int ltcl_ret; \ + if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \ + != TCL_OK) { \ + return ltcl_ret; \ + } \ + } \ argv++, argc--; static Tcl_HashTable *create_flag_table(struct flagval *flags, int size) { - Tcl_HashTable *table; - Tcl_HashEntry *entry; - int i; + Tcl_HashTable *table; + Tcl_HashEntry *entry; + int i; - if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } + if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } - Tcl_InitHashTable(table, TCL_STRING_KEYS); + Tcl_InitHashTable(table, TCL_STRING_KEYS); - for (i = 0; i < size; i++) { - int newPtr; - - if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } + for (i = 0; i < size; i++) { + int newPtr; - Tcl_SetHashValue(entry, &flags[i].val); - } + if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } - return table; + Tcl_SetHashValue(entry, &flags[i].val); + } + + return table; } static Tcl_DString *unparse_str(char *in_str) { - Tcl_DString *str; + Tcl_DString *str; - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } - Tcl_DStringInit(str); + Tcl_DStringInit(str); - if (! in_str) { - Tcl_DStringAppend(str, "null", -1); - } - else { - Tcl_DStringAppend(str, in_str, -1); - } + if (! in_str) { + Tcl_DStringAppend(str, "null", -1); + } + else { + Tcl_DStringAppend(str, in_str, -1); + } - return str; + return str; } - + static int parse_str(Tcl_Interp *interp, const char *in_str, char **out_str) { - if (! in_str) { - *out_str = 0; - } - else if (! strcasecmp(in_str, "null")) { - *out_str = 0; - } - else { - *out_str = (char *) in_str; - } - return TCL_OK; + if (! in_str) { + *out_str = 0; + } + else if (! strcasecmp(in_str, "null")) { + *out_str = 0; + } + else { + *out_str = (char *) in_str; + } + return TCL_OK; } static void set_ok(Tcl_Interp *interp, char *string) { - Tcl_SetResult(interp, "OK", TCL_STATIC); - Tcl_AppendElement(interp, "KADM5_OK"); - Tcl_AppendElement(interp, string); + Tcl_SetResult(interp, "OK", TCL_STATIC); + Tcl_AppendElement(interp, "KADM5_OK"); + Tcl_AppendElement(interp, string); } static Tcl_DString *unparse_err(kadm5_ret_t code) { - char *code_string; - const char *error_string; - Tcl_DString *dstring; - - switch (code) { - case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break; - case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break; - case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break; - case KADM5_AUTH_MODIFY: - code_string = "KADM5_AUTH_MODIFY"; break; - case KADM5_AUTH_DELETE: - code_string = "KADM5_AUTH_DELETE"; break; - case KADM5_AUTH_INSUFFICIENT: - code_string = "KADM5_AUTH_INSUFFICIENT"; break; - case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break; - case KADM5_DUP: code_string = "KADM5_DUP"; break; - case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break; - case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break; - case KADM5_BAD_HIST_KEY: - code_string = "KADM5_BAD_HIST_KEY"; break; - case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break; - case KADM5_INIT: code_string = "KADM5_INIT"; break; - case KADM5_BAD_PASSWORD: - code_string = "KADM5_BAD_PASSWORD"; break; - case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break; - case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break; - case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break; - case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break; - case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break; - case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break; - case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break; - case KADM5_BAD_PRINCIPAL: - code_string = "KADM5_BAD_PRINCIPAL"; break; - case KADM5_BAD_AUX_ATTR: - code_string = "KADM5_BAD_AUX_ATTR"; break; - case KADM5_PASS_Q_TOOSHORT: - code_string = "KADM5_PASS_Q_TOOSHORT"; break; - case KADM5_PASS_Q_CLASS: - code_string = "KADM5_PASS_Q_CLASS"; break; - case KADM5_PASS_Q_DICT: - code_string = "KADM5_PASS_Q_DICT"; break; - case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break; - case KADM5_PASS_TOOSOON: - code_string = "KADM5_PASS_TOOSOON"; break; - case KADM5_POLICY_REF: - code_string = "KADM5_POLICY_REF"; break; - case KADM5_PROTECT_PRINCIPAL: - code_string = "KADM5_PROTECT_PRINCIPAL"; break; - case KADM5_BAD_SERVER_HANDLE: - code_string = "KADM5_BAD_SERVER_HANDLE"; break; - case KADM5_BAD_STRUCT_VERSION: - code_string = "KADM5_BAD_STRUCT_VERSION"; break; - case KADM5_OLD_STRUCT_VERSION: - code_string = "KADM5_OLD_STRUCT_VERSION"; break; - case KADM5_NEW_STRUCT_VERSION: - code_string = "KADM5_NEW_STRUCT_VERSION"; break; - case KADM5_BAD_API_VERSION: - code_string = "KADM5_BAD_API_VERSION"; break; - case KADM5_OLD_LIB_API_VERSION: - code_string = "KADM5_OLD_LIB_API_VERSION"; break; - case KADM5_OLD_SERVER_API_VERSION: - code_string = "KADM5_OLD_SERVER_API_VERSION"; break; - case KADM5_NEW_LIB_API_VERSION: - code_string = "KADM5_NEW_LIB_API_VERSION"; break; - case KADM5_NEW_SERVER_API_VERSION: - code_string = "KADM5_NEW_SERVER_API_VERSION"; break; - case KADM5_SECURE_PRINC_MISSING: - code_string = "KADM5_SECURE_PRINC_MISSING"; break; - case KADM5_NO_RENAME_SALT: - code_string = "KADM5_NO_RENAME_SALT"; break; - case KADM5_BAD_CLIENT_PARAMS: - code_string = "KADM5_BAD_CLIENT_PARAMS"; break; - case KADM5_BAD_SERVER_PARAMS: - code_string = "KADM5_BAD_SERVER_PARAMS"; break; - case KADM5_AUTH_LIST: - code_string = "KADM5_AUTH_LIST"; break; - case KADM5_AUTH_CHANGEPW: - code_string = "KADM5_AUTH_CHANGEPW"; break; - case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break; - case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break; - case KADM5_MISSING_CONF_PARAMS: - code_string = "KADM5_MISSING_CONF_PARAMS"; break; - case KADM5_BAD_SERVER_NAME: - code_string = "KADM5_BAD_SERVER_NAME"; break; - case KADM5_MISSING_KRB5_CONF_PARAMS: - code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break; - - - case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break; - case OSA_ADB_NOENT: code_string = "ENOENT"; break; - case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break; - case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break; - case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break; - case OSA_ADB_BAD_DB: code_string = "Invalid database."; break; - case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break; - case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break; - case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break; - case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break; - case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break; - case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break; - - case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break; - case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break; - case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break; - case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break; - case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break; - case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break; - case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break; - case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break; - case KRB5_KDB_TRUNCATED_RECORD: - code_string = "KRB5_KDB_TRUNCATED_RECORD"; break; - case KRB5_KDB_RECURSIVELOCK: - code_string = "KRB5_KDB_RECURSIVELOCK"; break; - case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break; - case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break; - case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break; - case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break; - case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break; - case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break; - case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break; - case KRB5_KDB_INVALIDKEYSIZE: - code_string = "KRB5_KDB_INVALIDKEYSIZE"; break; - case KRB5_KDB_CANTREAD_STORED: - code_string = "KRB5_KDB_CANTREAD_STORED"; break; - case KRB5_KDB_BADSTORED_MKEY: - code_string = "KRB5_KDB_BADSTORED_MKEY"; break; - case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break; - case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break; - - case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break; - case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break; - case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break; - case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break; - case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break; - case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break; - case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break; - case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break; - case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break; - - case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break; - case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break; - - case EINVAL: code_string = "EINVAL"; break; - case ENOENT: code_string = "ENOENT"; break; - - default: - fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code, - error_message (code)); - code_string = "UNKNOWN"; - break; - } - - error_string = error_message(code); - - if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX Do we really want to exit? Ok if this is */ - /* just a test program, but what about if it gets */ - /* used for other things later? */ - } - - Tcl_DStringInit(dstring); - - if (! (Tcl_DStringAppendElement(dstring, "ERROR") && - Tcl_DStringAppendElement(dstring, code_string) && - Tcl_DStringAppendElement(dstring, error_string))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - return dstring; + char *code_string; + const char *error_string; + Tcl_DString *dstring; + + switch (code) { + case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break; + case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break; + case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break; + case KADM5_AUTH_MODIFY: + code_string = "KADM5_AUTH_MODIFY"; break; + case KADM5_AUTH_DELETE: + code_string = "KADM5_AUTH_DELETE"; break; + case KADM5_AUTH_INSUFFICIENT: + code_string = "KADM5_AUTH_INSUFFICIENT"; break; + case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break; + case KADM5_DUP: code_string = "KADM5_DUP"; break; + case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break; + case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break; + case KADM5_BAD_HIST_KEY: + code_string = "KADM5_BAD_HIST_KEY"; break; + case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break; + case KADM5_INIT: code_string = "KADM5_INIT"; break; + case KADM5_BAD_PASSWORD: + code_string = "KADM5_BAD_PASSWORD"; break; + case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break; + case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break; + case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break; + case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break; + case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break; + case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break; + case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break; + case KADM5_BAD_PRINCIPAL: + code_string = "KADM5_BAD_PRINCIPAL"; break; + case KADM5_BAD_AUX_ATTR: + code_string = "KADM5_BAD_AUX_ATTR"; break; + case KADM5_PASS_Q_TOOSHORT: + code_string = "KADM5_PASS_Q_TOOSHORT"; break; + case KADM5_PASS_Q_CLASS: + code_string = "KADM5_PASS_Q_CLASS"; break; + case KADM5_PASS_Q_DICT: + code_string = "KADM5_PASS_Q_DICT"; break; + case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break; + case KADM5_PASS_TOOSOON: + code_string = "KADM5_PASS_TOOSOON"; break; + case KADM5_POLICY_REF: + code_string = "KADM5_POLICY_REF"; break; + case KADM5_PROTECT_PRINCIPAL: + code_string = "KADM5_PROTECT_PRINCIPAL"; break; + case KADM5_BAD_SERVER_HANDLE: + code_string = "KADM5_BAD_SERVER_HANDLE"; break; + case KADM5_BAD_STRUCT_VERSION: + code_string = "KADM5_BAD_STRUCT_VERSION"; break; + case KADM5_OLD_STRUCT_VERSION: + code_string = "KADM5_OLD_STRUCT_VERSION"; break; + case KADM5_NEW_STRUCT_VERSION: + code_string = "KADM5_NEW_STRUCT_VERSION"; break; + case KADM5_BAD_API_VERSION: + code_string = "KADM5_BAD_API_VERSION"; break; + case KADM5_OLD_LIB_API_VERSION: + code_string = "KADM5_OLD_LIB_API_VERSION"; break; + case KADM5_OLD_SERVER_API_VERSION: + code_string = "KADM5_OLD_SERVER_API_VERSION"; break; + case KADM5_NEW_LIB_API_VERSION: + code_string = "KADM5_NEW_LIB_API_VERSION"; break; + case KADM5_NEW_SERVER_API_VERSION: + code_string = "KADM5_NEW_SERVER_API_VERSION"; break; + case KADM5_SECURE_PRINC_MISSING: + code_string = "KADM5_SECURE_PRINC_MISSING"; break; + case KADM5_NO_RENAME_SALT: + code_string = "KADM5_NO_RENAME_SALT"; break; + case KADM5_BAD_CLIENT_PARAMS: + code_string = "KADM5_BAD_CLIENT_PARAMS"; break; + case KADM5_BAD_SERVER_PARAMS: + code_string = "KADM5_BAD_SERVER_PARAMS"; break; + case KADM5_AUTH_LIST: + code_string = "KADM5_AUTH_LIST"; break; + case KADM5_AUTH_CHANGEPW: + code_string = "KADM5_AUTH_CHANGEPW"; break; + case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break; + case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break; + case KADM5_MISSING_CONF_PARAMS: + code_string = "KADM5_MISSING_CONF_PARAMS"; break; + case KADM5_BAD_SERVER_NAME: + code_string = "KADM5_BAD_SERVER_NAME"; break; + case KADM5_MISSING_KRB5_CONF_PARAMS: + code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break; + + + case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break; + case OSA_ADB_NOENT: code_string = "ENOENT"; break; + case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break; + case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break; + case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break; + case OSA_ADB_BAD_DB: code_string = "Invalid database."; break; + case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break; + case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break; + case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break; + case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break; + case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break; + case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break; + + case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break; + case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break; + case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break; + case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break; + case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break; + case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break; + case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break; + case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break; + case KRB5_KDB_TRUNCATED_RECORD: + code_string = "KRB5_KDB_TRUNCATED_RECORD"; break; + case KRB5_KDB_RECURSIVELOCK: + code_string = "KRB5_KDB_RECURSIVELOCK"; break; + case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break; + case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break; + case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break; + case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break; + case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break; + case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break; + case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break; + case KRB5_KDB_INVALIDKEYSIZE: + code_string = "KRB5_KDB_INVALIDKEYSIZE"; break; + case KRB5_KDB_CANTREAD_STORED: + code_string = "KRB5_KDB_CANTREAD_STORED"; break; + case KRB5_KDB_BADSTORED_MKEY: + code_string = "KRB5_KDB_BADSTORED_MKEY"; break; + case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break; + case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break; + + case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break; + case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break; + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break; + case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break; + case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break; + case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break; + case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break; + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break; + case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break; + + case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break; + case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break; + + case EINVAL: code_string = "EINVAL"; break; + case ENOENT: code_string = "ENOENT"; break; + + default: + fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code, + error_message (code)); + code_string = "UNKNOWN"; + break; + } + + error_string = error_message(code); + + if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX Do we really want to exit? Ok if this is */ + /* just a test program, but what about if it gets */ + /* used for other things later? */ + } + + Tcl_DStringInit(dstring); + + if (! (Tcl_DStringAppendElement(dstring, "ERROR") && + Tcl_DStringAppendElement(dstring, code_string) && + Tcl_DStringAppendElement(dstring, error_string))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + return dstring; } static void stash_error(Tcl_Interp *interp, krb5_error_code code) { - Tcl_DString *dstring = unparse_err(code); - Tcl_DStringResult(interp, dstring); - Tcl_DStringFree(dstring); - free(dstring); + Tcl_DString *dstring = unparse_err(code); + Tcl_DStringResult(interp, dstring); + Tcl_DStringFree(dstring); + free(dstring); } static Tcl_DString *unparse_key_data(krb5_key_data *key_data, int n_key_data) { - Tcl_DString *str; - char buf[2048]; - int i, j; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - for (i = 0; i < n_key_data; i++) { - krb5_key_data *key = &key_data[i]; - - Tcl_DStringStartSublist(str); - sprintf(buf, "%d", key->key_data_type[0]); - Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%d", key->key_data_ver > 1 ? - key->key_data_type[1] : -1); - Tcl_DStringAppendElement(str, buf); - if (key->key_data_contents[0]) { - sprintf(buf, "0x"); - for (j = 0; j < key->key_data_length[0]; j++) { - sprintf(buf + 2*(j+1), "%02x", - key->key_data_contents[0][j]); - } - } else *buf = '\0'; - Tcl_DStringAppendElement(str, buf); - Tcl_DStringEndSublist(str); - } - - return str; + Tcl_DString *str; + char buf[2048]; + int i, j; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + Tcl_DStringInit(str); + for (i = 0; i < n_key_data; i++) { + krb5_key_data *key = &key_data[i]; + + Tcl_DStringStartSublist(str); + sprintf(buf, "%d", key->key_data_type[0]); + Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", key->key_data_ver > 1 ? + key->key_data_type[1] : -1); + Tcl_DStringAppendElement(str, buf); + if (key->key_data_contents[0]) { + sprintf(buf, "0x"); + for (j = 0; j < key->key_data_length[0]; j++) { + sprintf(buf + 2*(j+1), "%02x", + key->key_data_contents[0][j]); + } + } else *buf = '\0'; + Tcl_DStringAppendElement(str, buf); + Tcl_DStringEndSublist(str); + } + + return str; } static Tcl_DString *unparse_tl_data(krb5_tl_data *tl_data, int n_tl_data) { - Tcl_DString *str; - char buf[2048]; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - Tcl_DStringStartSublist(str); - for (; tl_data; tl_data = tl_data->tl_data_next) { - Tcl_DStringStartSublist(str); - sprintf(buf, "%d", tl_data->tl_data_type); - Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%d", tl_data->tl_data_length); - Tcl_DStringAppendElement(str, buf); - Tcl_DStringAppend(str, " ", 1); - Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents, - tl_data->tl_data_length); - Tcl_DStringEndSublist(str); - } - Tcl_DStringEndSublist(str); - - return str; + Tcl_DString *str; + char buf[2048]; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + Tcl_DStringInit(str); + Tcl_DStringStartSublist(str); + for (; tl_data; tl_data = tl_data->tl_data_next) { + Tcl_DStringStartSublist(str); + sprintf(buf, "%d", tl_data->tl_data_type); + Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", tl_data->tl_data_length); + Tcl_DStringAppendElement(str, buf); + Tcl_DStringAppend(str, " ", 1); + Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents, + tl_data->tl_data_length); + Tcl_DStringEndSublist(str); + } + Tcl_DStringEndSublist(str); + + return str; } static Tcl_DString *unparse_flags(struct flagval *array, int size, - krb5_int32 flags) + krb5_int32 flags) { - int i; - Tcl_DString *str; + int i; + Tcl_DString *str; - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } - Tcl_DStringInit(str); + Tcl_DStringInit(str); - for (i = 0; i < size; i++) { - if (flags & array[i].val) { - Tcl_DStringAppendElement(str, array[i].name); - } - } + for (i = 0; i < size; i++) { + if (flags & array[i].val) { + Tcl_DStringAppendElement(str, array[i].name); + } + } - return str; + return str; } static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table, - struct flagval *array, int size, const char *str, - krb5_flags *flags) + struct flagval *array, int size, const char *str, + krb5_flags *flags) { - int tmp, argc, i, retcode = TCL_OK; - const char **argv; - Tcl_HashEntry *entry; - - if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) { - *flags = tmp; - return TCL_OK; - } - Tcl_ResetResult(interp); - - if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) { - return TCL_ERROR; - } - - if (! table) { - table = create_flag_table(array, size); - } - - *flags = 0; - - for (i = 0; i < argc; i++) { - if (! (entry = Tcl_FindHashEntry(table, argv[i]))) { - Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0); - retcode = TCL_ERROR; - break; - } - *flags |= *(krb5_flags *) Tcl_GetHashValue(entry); - } - - Tcl_Free((char *) argv); - return(retcode); + int tmp, argc, i, retcode = TCL_OK; + const char **argv; + Tcl_HashEntry *entry; + + if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) { + *flags = tmp; + return TCL_OK; + } + Tcl_ResetResult(interp); + + if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) { + return TCL_ERROR; + } + + if (! table) { + table = create_flag_table(array, size); + } + + *flags = 0; + + for (i = 0; i < argc; i++) { + if (! (entry = Tcl_FindHashEntry(table, argv[i]))) { + Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0); + retcode = TCL_ERROR; + break; + } + *flags |= *(krb5_flags *) Tcl_GetHashValue(entry); + } + + Tcl_Free((char *) argv); + return(retcode); } static Tcl_DString *unparse_privs(krb5_flags flags) { - return unparse_flags(priv_flags, sizeof(priv_flags) / - sizeof(struct flagval), flags); + return unparse_flags(priv_flags, sizeof(priv_flags) / + sizeof(struct flagval), flags); } static Tcl_DString *unparse_krb5_flags(krb5_flags flags) { - return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) / - sizeof(struct flagval), flags); + return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) / + sizeof(struct flagval), flags); } static int parse_krb5_flags(Tcl_Interp *interp, const char *str, - krb5_flags *flags) + krb5_flags *flags) { - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, krb5_flags_array, - sizeof(krb5_flags_array) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; + krb5_flags tmp; + static Tcl_HashTable *table = 0; + int tcl_ret; + + if ((tcl_ret = parse_flags(interp, table, krb5_flags_array, + sizeof(krb5_flags_array) / + sizeof(struct flagval), + str, &tmp)) != TCL_OK) { + return tcl_ret; + } + + *flags = tmp; + return TCL_OK; } static Tcl_DString *unparse_aux_attributes(krb5_int32 flags) { - return unparse_flags(aux_attributes, sizeof(aux_attributes) / - sizeof(struct flagval), flags); + return unparse_flags(aux_attributes, sizeof(aux_attributes) / + sizeof(struct flagval), flags); } static int parse_aux_attributes(Tcl_Interp *interp, const char *str, - long *flags) + long *flags) { - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, aux_attributes, - sizeof(aux_attributes) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; + krb5_flags tmp; + static Tcl_HashTable *table = 0; + int tcl_ret; + + if ((tcl_ret = parse_flags(interp, table, aux_attributes, + sizeof(aux_attributes) / + sizeof(struct flagval), + str, &tmp)) != TCL_OK) { + return tcl_ret; + } + + *flags = tmp; + return TCL_OK; } static int parse_principal_mask(Tcl_Interp *interp, const char *str, - krb5_int32 *flags) + krb5_int32 *flags) { - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, principal_mask_flags, - sizeof(principal_mask_flags) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; + krb5_flags tmp; + static Tcl_HashTable *table = 0; + int tcl_ret; + + if ((tcl_ret = parse_flags(interp, table, principal_mask_flags, + sizeof(principal_mask_flags) / + sizeof(struct flagval), + str, &tmp)) != TCL_OK) { + return tcl_ret; + } + + *flags = tmp; + return TCL_OK; } static int parse_policy_mask(Tcl_Interp *interp, const char *str, - krb5_int32 *flags) + krb5_int32 *flags) { - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, policy_mask_flags, - sizeof(policy_mask_flags) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; + krb5_flags tmp; + static Tcl_HashTable *table = 0; + int tcl_ret; + + if ((tcl_ret = parse_flags(interp, table, policy_mask_flags, + sizeof(policy_mask_flags) / + sizeof(struct flagval), + str, &tmp)) != TCL_OK) { + return tcl_ret; + } + + *flags = tmp; + return TCL_OK; } static Tcl_DString *unparse_principal_ent(kadm5_principal_ent_t princ, - krb5_int32 mask) + krb5_int32 mask) { - Tcl_DString *str, *tmp_dstring; - char *tmp; - char buf[20]; - krb5_error_code krb5_ret; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - tmp = 0; /* It looks to me from looking at the library source */ - /* code for krb5_parse_name that the pointer passed into */ - /* it should be initialized to 0 if I want it do be */ - /* allocated automatically. */ - if (mask & KADM5_PRINCIPAL) { - krb5_ret = krb5_unparse_name(context, princ->principal, &tmp); - if (krb5_ret) { - /* XXX Do we want to return an error? Not sure. */ - Tcl_DStringAppendElement(str, "[unparseable principal]"); - } - else { - Tcl_DStringAppendElement(str, tmp); - free(tmp); - } - } else - Tcl_DStringAppendElement(str, "null"); - - sprintf(buf, "%d", princ->princ_expire_time); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->last_pwd_change); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->pw_expiration); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->max_life); - Tcl_DStringAppendElement(str, buf); - - tmp = 0; - if (mask & KADM5_MOD_NAME) { - if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) { - /* XXX */ - Tcl_DStringAppendElement(str, "[unparseable principal]"); - } - else { - Tcl_DStringAppendElement(str, tmp); - free(tmp); - } - } else - Tcl_DStringAppendElement(str, "null"); - - sprintf(buf, "%d", princ->mod_date); - Tcl_DStringAppendElement(str, buf); - - if (mask & KADM5_ATTRIBUTES) { - tmp_dstring = unparse_krb5_flags(princ->attributes); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - } else - Tcl_DStringAppendElement(str, "null"); - - sprintf(buf, "%d", princ->kvno); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->mkvno); - Tcl_DStringAppendElement(str, buf); - - /* XXX This may be dangerous, because the contents of the policy */ - /* field are undefined if the POLICY bit isn't set. However, I */ - /* think it's a bug for the field not to be null in that case */ - /* anyway, so we should assume that it will be null so that we'll */ - /* catch it if it isn't. */ - - tmp_dstring = unparse_str(princ->policy); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - tmp_dstring = unparse_aux_attributes(princ->aux_attributes); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - sprintf(buf, "%d", princ->max_renewable_life); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->last_success); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->last_failed); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->fail_auth_count); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->n_key_data); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->n_tl_data); - Tcl_DStringAppendElement(str, buf); - - tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - return str; + Tcl_DString *str, *tmp_dstring; + char *tmp; + char buf[20]; + krb5_error_code krb5_ret; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + Tcl_DStringInit(str); + + tmp = 0; /* It looks to me from looking at the library source */ + /* code for krb5_parse_name that the pointer passed into */ + /* it should be initialized to 0 if I want it do be */ + /* allocated automatically. */ + if (mask & KADM5_PRINCIPAL) { + krb5_ret = krb5_unparse_name(context, princ->principal, &tmp); + if (krb5_ret) { + /* XXX Do we want to return an error? Not sure. */ + Tcl_DStringAppendElement(str, "[unparseable principal]"); + } + else { + Tcl_DStringAppendElement(str, tmp); + free(tmp); + } + } else + Tcl_DStringAppendElement(str, "null"); + + sprintf(buf, "%d", princ->princ_expire_time); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->last_pwd_change); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->pw_expiration); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->max_life); + Tcl_DStringAppendElement(str, buf); + + tmp = 0; + if (mask & KADM5_MOD_NAME) { + if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) { + /* XXX */ + Tcl_DStringAppendElement(str, "[unparseable principal]"); + } + else { + Tcl_DStringAppendElement(str, tmp); + free(tmp); + } + } else + Tcl_DStringAppendElement(str, "null"); + + sprintf(buf, "%d", princ->mod_date); + Tcl_DStringAppendElement(str, buf); + + if (mask & KADM5_ATTRIBUTES) { + tmp_dstring = unparse_krb5_flags(princ->attributes); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); + } else + Tcl_DStringAppendElement(str, "null"); + + sprintf(buf, "%d", princ->kvno); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->mkvno); + Tcl_DStringAppendElement(str, buf); + + /* XXX This may be dangerous, because the contents of the policy */ + /* field are undefined if the POLICY bit isn't set. However, I */ + /* think it's a bug for the field not to be null in that case */ + /* anyway, so we should assume that it will be null so that we'll */ + /* catch it if it isn't. */ + + tmp_dstring = unparse_str(princ->policy); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); + + tmp_dstring = unparse_aux_attributes(princ->aux_attributes); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); + + sprintf(buf, "%d", princ->max_renewable_life); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->last_success); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->last_failed); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->fail_auth_count); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->n_key_data); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", princ->n_tl_data); + Tcl_DStringAppendElement(str, buf); + + tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); + + tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); + + return str; } static int parse_keysalts(Tcl_Interp *interp, const char *list, - krb5_key_salt_tuple **keysalts, - int num_keysalts) + krb5_key_salt_tuple **keysalts, + int num_keysalts) { - const char **argv, **argv1 = NULL; - int i, tmp, argc, argc1, retcode; - - *keysalts = NULL; - if (list == NULL) - return TCL_OK; - - if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return retcode; - } - if (argc != num_keysalts) { - sprintf(interp->result, "%d keysalts specified, " - "but num_keysalts is %d", argc, num_keysalts); - retcode = TCL_ERROR; - goto finished; - } - *keysalts = (krb5_key_salt_tuple *) - malloc(sizeof(krb5_key_salt_tuple)*num_keysalts); - for (i = 0; i < num_keysalts; i++) { - if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != - TCL_OK) { - goto finished; - } - if (argc1 != 2) { - sprintf(interp->result, "wrong # fields in keysalt " - "(%d should be 2)", argc1); - retcode = TCL_ERROR; - goto finished; - } - /* XXX this used to be argv1[1] too! */ - if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing ks_enctype"); - retcode = TCL_ERROR; - goto finished; - } - (*keysalts)[i].ks_enctype = tmp; - if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing ks_salttype"); - goto finished; - } - (*keysalts)[i].ks_salttype = tmp; - - Tcl_Free((char *) argv1); - argv1 = NULL; - } + const char **argv, **argv1 = NULL; + int i, tmp, argc, argc1, retcode; + + *keysalts = NULL; + if (list == NULL) + return TCL_OK; + + if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return retcode; + } + if (argc != num_keysalts) { + sprintf(interp->result, "%d keysalts specified, " + "but num_keysalts is %d", argc, num_keysalts); + retcode = TCL_ERROR; + goto finished; + } + *keysalts = (krb5_key_salt_tuple *) + malloc(sizeof(krb5_key_salt_tuple)*num_keysalts); + for (i = 0; i < num_keysalts; i++) { + if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != + TCL_OK) { + goto finished; + } + if (argc1 != 2) { + sprintf(interp->result, "wrong # fields in keysalt " + "(%d should be 2)", argc1); + retcode = TCL_ERROR; + goto finished; + } + /* XXX this used to be argv1[1] too! */ + if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing ks_enctype"); + retcode = TCL_ERROR; + goto finished; + } + (*keysalts)[i].ks_enctype = tmp; + if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing ks_salttype"); + goto finished; + } + (*keysalts)[i].ks_salttype = tmp; + + Tcl_Free((char *) argv1); + argv1 = NULL; + } finished: - if (argv1) { - Tcl_Free((char *) argv1); - } - Tcl_Free((char *) argv); - return retcode; + if (argv1) { + Tcl_Free((char *) argv1); + } + Tcl_Free((char *) argv); + return retcode; } static int parse_key_data(Tcl_Interp *interp, const char *list, - krb5_key_data **key_data, - int n_key_data) + krb5_key_data **key_data, + int n_key_data) { - const char **argv; - int argc, retcode; - - *key_data = NULL; - if (list == NULL) { - if (n_key_data != 0) { - sprintf(interp->result, "0 key_datas specified, " - "but n_key_data is %d", n_key_data); - retcode = TCL_ERROR; - goto finished; - } else - return TCL_OK; - } - - if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return retcode; - } - if (argc != n_key_data) { - sprintf(interp->result, "%d key_datas specified, " - "but n_key_data is %d", argc, n_key_data); - retcode = TCL_ERROR; - goto finished; - } - - if (argc != 0) { - sprintf(interp->result, "cannot parse key_data yet"); - retcode = TCL_ERROR; - goto finished; - } + const char **argv; + int argc, retcode; + + *key_data = NULL; + if (list == NULL) { + if (n_key_data != 0) { + sprintf(interp->result, "0 key_datas specified, " + "but n_key_data is %d", n_key_data); + retcode = TCL_ERROR; + goto finished; + } else + return TCL_OK; + } + + if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return retcode; + } + if (argc != n_key_data) { + sprintf(interp->result, "%d key_datas specified, " + "but n_key_data is %d", argc, n_key_data); + retcode = TCL_ERROR; + goto finished; + } + + if (argc != 0) { + sprintf(interp->result, "cannot parse key_data yet"); + retcode = TCL_ERROR; + goto finished; + } finished: - Tcl_Free((char *) argv); - return retcode; + Tcl_Free((char *) argv); + return retcode; } static int parse_tl_data(Tcl_Interp *interp, const char *list, - krb5_tl_data **tlp, - int n_tl_data) + krb5_tl_data **tlp, + int n_tl_data) { - krb5_tl_data *tl, *tl2; - const char **argv, **argv1 = NULL; - int i, tmp, argc, argc1, retcode; - - *tlp = NULL; - if (list == NULL) { - if (n_tl_data != 0) { - sprintf(interp->result, "0 tl_datas specified, " - "but n_tl_data is %d", n_tl_data); - retcode = TCL_ERROR; - goto finished; - } else - return TCL_OK; - } - - if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return retcode; - } - if (argc != n_tl_data) { - sprintf(interp->result, "%d tl_datas specified, " - "but n_tl_data is %d", argc, n_tl_data); - retcode = TCL_ERROR; - goto finished; - } - - tl = tl2 = NULL; - for (i = 0; i < n_tl_data; i++) { - tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); - memset(tl2, 0, sizeof(krb5_tl_data)); - tl2->tl_data_next = tl; - tl = tl2; - } - tl2 = tl; - - for (i = 0; i < n_tl_data; i++) { - if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != - TCL_OK) { - goto finished; - } - if (argc1 != 3) { - sprintf(interp->result, "wrong # fields in tl_data " - "(%d should be 3)", argc1); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing tl_data_type"); - retcode = TCL_ERROR; - goto finished; - } - tl->tl_data_type = tmp; - if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing tl_data_length"); - retcode = TCL_ERROR; - goto finished; - } - tl->tl_data_length = tmp; - if (tl->tl_data_length != strlen(argv1[2])) { - sprintf(interp->result, "specified length %d does not " - "match length %lu of string \"%s\"", tmp, - (unsigned long) strlen(argv1[2]), argv1[2]); - retcode = TCL_ERROR; - goto finished; - } - tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]); - - Tcl_Free((char *) argv1); - argv1 = NULL; - tl = tl->tl_data_next; - } - if (tl != NULL) { - sprintf(interp->result, "tl is not NULL!"); - retcode = TCL_ERROR; - goto finished; - } - *tlp = tl2; + krb5_tl_data *tl, *tl2; + const char **argv, **argv1 = NULL; + int i, tmp, argc, argc1, retcode; + + *tlp = NULL; + if (list == NULL) { + if (n_tl_data != 0) { + sprintf(interp->result, "0 tl_datas specified, " + "but n_tl_data is %d", n_tl_data); + retcode = TCL_ERROR; + goto finished; + } else + return TCL_OK; + } + + if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return retcode; + } + if (argc != n_tl_data) { + sprintf(interp->result, "%d tl_datas specified, " + "but n_tl_data is %d", argc, n_tl_data); + retcode = TCL_ERROR; + goto finished; + } + + tl = tl2 = NULL; + for (i = 0; i < n_tl_data; i++) { + tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); + memset(tl2, 0, sizeof(krb5_tl_data)); + tl2->tl_data_next = tl; + tl = tl2; + } + tl2 = tl; + + for (i = 0; i < n_tl_data; i++) { + if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != + TCL_OK) { + goto finished; + } + if (argc1 != 3) { + sprintf(interp->result, "wrong # fields in tl_data " + "(%d should be 3)", argc1); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing tl_data_type"); + retcode = TCL_ERROR; + goto finished; + } + tl->tl_data_type = tmp; + if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing tl_data_length"); + retcode = TCL_ERROR; + goto finished; + } + tl->tl_data_length = tmp; + if (tl->tl_data_length != strlen(argv1[2])) { + sprintf(interp->result, "specified length %d does not " + "match length %lu of string \"%s\"", tmp, + (unsigned long) strlen(argv1[2]), argv1[2]); + retcode = TCL_ERROR; + goto finished; + } + tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]); + + Tcl_Free((char *) argv1); + argv1 = NULL; + tl = tl->tl_data_next; + } + if (tl != NULL) { + sprintf(interp->result, "tl is not NULL!"); + retcode = TCL_ERROR; + goto finished; + } + *tlp = tl2; finished: - if (argv1) { - Tcl_Free((char *) argv1); - } - Tcl_Free((char *) argv); - return retcode; + if (argv1) { + Tcl_Free((char *) argv1); + } + Tcl_Free((char *) argv); + return retcode; } static int parse_config_params(Tcl_Interp *interp, char *list, - kadm5_config_params *params) + kadm5_config_params *params) { - static Tcl_HashTable *table = 0; - const char **argv = NULL; - int tmp, argc, retcode; - - memset(params, 0, sizeof(kadm5_config_params)); - if (list == NULL) - return TCL_OK; - - if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return retcode; - } - - if (argc != 20) { - sprintf(interp->result, - "wrong # args in config params structure (%d should be 20)", - argc); - retcode = TCL_ERROR; - goto finished; - } - - if ((retcode = parse_flags(interp, table, config_mask_flags, - sizeof(config_mask_flags) / - sizeof(struct flagval), - argv[0], &tmp)) != TCL_OK) { - goto finished; - } - params->mask = tmp; - - if ((retcode = parse_str(interp, argv[1], ¶ms->realm)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing realm name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = Tcl_GetInt(interp, argv[2], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing kadmind_port"); - retcode = TCL_ERROR; - goto finished; - } - params->kadmind_port = tmp; - if ((retcode = parse_str(interp, argv[3], ¶ms->admin_server)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing profile name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = parse_str(interp, argv[4], ¶ms->dbname)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing profile name"); - retcode = TCL_ERROR; - goto finished; - } - /* Ignore argv[5], which used to set the admin_dbname field. */ - /* Ignore argv[6], which used to set the admin_lockfile field. */ - if ((retcode = parse_str(interp, argv[7], ¶ms->admin_keytab)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing admin_keytab name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = parse_str(interp, argv[8], ¶ms->acl_file)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing acl_file name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = parse_str(interp, argv[9], ¶ms->dict_file)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing dict_file name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = Tcl_GetInt(interp, argv[10], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mkey_from_kbd"); - retcode = TCL_ERROR; - goto finished; - } - params->mkey_from_kbd = tmp; - if ((retcode = parse_str(interp, argv[11], ¶ms->stash_file)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing stash_file name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = parse_str(interp, argv[12], ¶ms->mkey_name)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mkey_name name"); - retcode = TCL_ERROR; - goto finished; - } - if ((retcode = Tcl_GetInt(interp, argv[13], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing enctype"); - retcode = TCL_ERROR; - goto finished; - } - params->enctype = tmp; - if ((retcode = Tcl_GetInt(interp, argv[14], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing max_life"); - retcode = TCL_ERROR; - goto finished; - } - params->max_life = tmp; - if ((retcode = Tcl_GetInt(interp, argv[15], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing max_rlife"); - retcode = TCL_ERROR; - goto finished; - } - params->max_rlife = tmp; - if ((retcode = Tcl_GetInt(interp, argv[16], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing expiration"); - retcode = TCL_ERROR; - goto finished; - } - params->expiration = tmp; - if ((retcode = parse_krb5_flags(interp, argv[17], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing flags"); - retcode = TCL_ERROR; - goto finished; - } - params->flags = tmp; - if ((retcode = Tcl_GetInt(interp, argv[18], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing num_keysalts"); - retcode = TCL_ERROR; - goto finished; - } - params->num_keysalts = tmp; - if ((retcode = parse_keysalts(interp, argv[19], ¶ms->keysalts, - params->num_keysalts)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing keysalts"); - retcode = TCL_ERROR; - goto finished; - } + static Tcl_HashTable *table = 0; + const char **argv = NULL; + int tmp, argc, retcode; + + memset(params, 0, sizeof(kadm5_config_params)); + if (list == NULL) + return TCL_OK; + + if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return retcode; + } + + if (argc != 20) { + sprintf(interp->result, + "wrong # args in config params structure (%d should be 20)", + argc); + retcode = TCL_ERROR; + goto finished; + } + + if ((retcode = parse_flags(interp, table, config_mask_flags, + sizeof(config_mask_flags) / + sizeof(struct flagval), + argv[0], &tmp)) != TCL_OK) { + goto finished; + } + params->mask = tmp; + + if ((retcode = parse_str(interp, argv[1], ¶ms->realm)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing realm name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = Tcl_GetInt(interp, argv[2], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing kadmind_port"); + retcode = TCL_ERROR; + goto finished; + } + params->kadmind_port = tmp; + if ((retcode = parse_str(interp, argv[3], ¶ms->admin_server)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing profile name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = parse_str(interp, argv[4], ¶ms->dbname)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing profile name"); + retcode = TCL_ERROR; + goto finished; + } + /* Ignore argv[5], which used to set the admin_dbname field. */ + /* Ignore argv[6], which used to set the admin_lockfile field. */ + if ((retcode = parse_str(interp, argv[7], ¶ms->admin_keytab)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing admin_keytab name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = parse_str(interp, argv[8], ¶ms->acl_file)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing acl_file name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = parse_str(interp, argv[9], ¶ms->dict_file)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing dict_file name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = Tcl_GetInt(interp, argv[10], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing mkey_from_kbd"); + retcode = TCL_ERROR; + goto finished; + } + params->mkey_from_kbd = tmp; + if ((retcode = parse_str(interp, argv[11], ¶ms->stash_file)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing stash_file name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = parse_str(interp, argv[12], ¶ms->mkey_name)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing mkey_name name"); + retcode = TCL_ERROR; + goto finished; + } + if ((retcode = Tcl_GetInt(interp, argv[13], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing enctype"); + retcode = TCL_ERROR; + goto finished; + } + params->enctype = tmp; + if ((retcode = Tcl_GetInt(interp, argv[14], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing max_life"); + retcode = TCL_ERROR; + goto finished; + } + params->max_life = tmp; + if ((retcode = Tcl_GetInt(interp, argv[15], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing max_rlife"); + retcode = TCL_ERROR; + goto finished; + } + params->max_rlife = tmp; + if ((retcode = Tcl_GetInt(interp, argv[16], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing expiration"); + retcode = TCL_ERROR; + goto finished; + } + params->expiration = tmp; + if ((retcode = parse_krb5_flags(interp, argv[17], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing flags"); + retcode = TCL_ERROR; + goto finished; + } + params->flags = tmp; + if ((retcode = Tcl_GetInt(interp, argv[18], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing num_keysalts"); + retcode = TCL_ERROR; + goto finished; + } + params->num_keysalts = tmp; + if ((retcode = parse_keysalts(interp, argv[19], ¶ms->keysalts, + params->num_keysalts)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing keysalts"); + retcode = TCL_ERROR; + goto finished; + } finished: - return retcode; + return retcode; } - + static int parse_principal_ent(Tcl_Interp *interp, char *list, - kadm5_principal_ent_t *out_princ) + kadm5_principal_ent_t *out_princ) { - kadm5_principal_ent_t princ = 0; - krb5_error_code krb5_ret; - int tcl_ret; - int argc; - const char **argv; - int tmp; - int retcode = TCL_OK; - - if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return tcl_ret; - } - - if (argc != 12 && argc != 20) { - sprintf(interp->result, - "wrong # args in principal structure (%d should be 12 or 20)", - argc); - retcode = TCL_ERROR; - goto finished; - } - - if (! (princ = malloc(sizeof *princ))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - memset(princ, 0, sizeof(*princ)); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal"); - retcode = TCL_ERROR; - goto finished; - } - - /* - * All of the numerical values parsed here are parsed into an - * "int" and then assigned into the structure in case the actual - * width of the field in the Kerberos structure is different from - * the width of an integer. - */ - - if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing princ_expire_time"); - retcode = TCL_ERROR; - goto finished; - } - princ->princ_expire_time = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing last_pwd_change"); - retcode = TCL_ERROR; - goto finished; - } - princ->last_pwd_change = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_expiration"); - retcode = TCL_ERROR; - goto finished; - } - princ->pw_expiration = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing max_life"); - retcode = TCL_ERROR; - goto finished; - } - princ->max_life = tmp; - - if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing mod_name"); - retcode = TCL_ERROR; - goto finished; - } - - if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mod_date"); - retcode = TCL_ERROR; - goto finished; - } - princ->mod_date = tmp; - - if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing attributes"); - retcode = TCL_ERROR; - goto finished; - } - - if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing kvno"); - retcode = TCL_ERROR; - goto finished; - } - princ->kvno = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mkvno"); - retcode = TCL_ERROR; - goto finished; - } - princ->mkvno = tmp; - - if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - retcode = TCL_ERROR; - goto finished; - } - if(princ->policy != NULL) { - if(!(princ->policy = strdup(princ->policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); - } - } - - if ((tcl_ret = parse_aux_attributes(interp, argv[11], - &princ->aux_attributes)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing aux_attributes"); - retcode = TCL_ERROR; - goto finished; - } - - if (argc == 12) goto finished; - - if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing max_renewable_life"); - retcode = TCL_ERROR; - goto finished; - } - princ->max_renewable_life = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing last_success"); - retcode = TCL_ERROR; - goto finished; - } - princ->last_success = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing last_failed"); - retcode = TCL_ERROR; - goto finished; - } - princ->last_failed = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing fail_auth_count"); - retcode = TCL_ERROR; - goto finished; - } - princ->fail_auth_count = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing n_key_data"); - retcode = TCL_ERROR; - goto finished; - } - princ->n_key_data = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing n_tl_data"); - retcode = TCL_ERROR; - goto finished; - } - princ->n_tl_data = tmp; - - if ((tcl_ret = parse_key_data(interp, argv[18], - &princ->key_data, - princ->n_key_data)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing key_data"); - retcode = TCL_ERROR; - goto finished; - } - - if ((tcl_ret = parse_tl_data(interp, argv[19], - &princ->tl_data, - princ->n_tl_data)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing tl_data"); - retcode = TCL_ERROR; - goto finished; - } - princ->n_tl_data = tmp; + kadm5_principal_ent_t princ = 0; + krb5_error_code krb5_ret; + int tcl_ret; + int argc; + const char **argv; + int tmp; + int retcode = TCL_OK; + + if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return tcl_ret; + } + + if (argc != 12 && argc != 20) { + sprintf(interp->result, + "wrong # args in principal structure (%d should be 12 or 20)", + argc); + retcode = TCL_ERROR; + goto finished; + } + + if (! (princ = malloc(sizeof *princ))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + memset(princ, 0, sizeof(*princ)); + + if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal"); + retcode = TCL_ERROR; + goto finished; + } + + /* + * All of the numerical values parsed here are parsed into an + * "int" and then assigned into the structure in case the actual + * width of the field in the Kerberos structure is different from + * the width of an integer. + */ + + if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing princ_expire_time"); + retcode = TCL_ERROR; + goto finished; + } + princ->princ_expire_time = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing last_pwd_change"); + retcode = TCL_ERROR; + goto finished; + } + princ->last_pwd_change = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_expiration"); + retcode = TCL_ERROR; + goto finished; + } + princ->pw_expiration = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing max_life"); + retcode = TCL_ERROR; + goto finished; + } + princ->max_life = tmp; + + if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing mod_name"); + retcode = TCL_ERROR; + goto finished; + } + + if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing mod_date"); + retcode = TCL_ERROR; + goto finished; + } + princ->mod_date = tmp; + + if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing attributes"); + retcode = TCL_ERROR; + goto finished; + } + + if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing kvno"); + retcode = TCL_ERROR; + goto finished; + } + princ->kvno = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing mkvno"); + retcode = TCL_ERROR; + goto finished; + } + princ->mkvno = tmp; + + if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy"); + retcode = TCL_ERROR; + goto finished; + } + if(princ->policy != NULL) { + if(!(princ->policy = strdup(princ->policy))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); + } + } + + if ((tcl_ret = parse_aux_attributes(interp, argv[11], + &princ->aux_attributes)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing aux_attributes"); + retcode = TCL_ERROR; + goto finished; + } + + if (argc == 12) goto finished; + + if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing max_renewable_life"); + retcode = TCL_ERROR; + goto finished; + } + princ->max_renewable_life = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing last_success"); + retcode = TCL_ERROR; + goto finished; + } + princ->last_success = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing last_failed"); + retcode = TCL_ERROR; + goto finished; + } + princ->last_failed = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing fail_auth_count"); + retcode = TCL_ERROR; + goto finished; + } + princ->fail_auth_count = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing n_key_data"); + retcode = TCL_ERROR; + goto finished; + } + princ->n_key_data = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing n_tl_data"); + retcode = TCL_ERROR; + goto finished; + } + princ->n_tl_data = tmp; + + if ((tcl_ret = parse_key_data(interp, argv[18], + &princ->key_data, + princ->n_key_data)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing key_data"); + retcode = TCL_ERROR; + goto finished; + } + + if ((tcl_ret = parse_tl_data(interp, argv[19], + &princ->tl_data, + princ->n_tl_data)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing tl_data"); + retcode = TCL_ERROR; + goto finished; + } + princ->n_tl_data = tmp; finished: - Tcl_Free((char *) argv); - *out_princ = princ; - return retcode; + Tcl_Free((char *) argv); + *out_princ = princ; + return retcode; } static void free_principal_ent(kadm5_principal_ent_t *princ) { - krb5_free_principal(context, (*princ)->principal); - krb5_free_principal(context, (*princ)->mod_name); - free(*princ); - *princ = 0; + krb5_free_principal(context, (*princ)->principal); + krb5_free_principal(context, (*princ)->mod_name); + free(*princ); + *princ = 0; } static Tcl_DString *unparse_policy_ent(kadm5_policy_ent_t policy) { - Tcl_DString *str, *tmp_dstring; - char buf[20]; + Tcl_DString *str, *tmp_dstring; + char buf[20]; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } + Tcl_DStringInit(str); - Tcl_DStringInit(str); + tmp_dstring = unparse_str(policy->policy); + Tcl_DStringAppendElement(str, tmp_dstring->string); + Tcl_DStringFree(tmp_dstring); + free(tmp_dstring); - tmp_dstring = unparse_str(policy->policy); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - sprintf(buf, "%ld", policy->pw_min_life); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->pw_min_life); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%ld", policy->pw_max_life); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->pw_max_life); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%ld", policy->pw_min_length); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->pw_min_length); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%ld", policy->pw_min_classes); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->pw_min_classes); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%ld", policy->pw_history_num); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->pw_history_num); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%ld", policy->policy_refcnt); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%ld", policy->policy_refcnt); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%d", policy->pw_max_fail); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", policy->pw_max_fail); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%d", policy->pw_failcnt_interval); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", policy->pw_failcnt_interval); + Tcl_DStringAppendElement(str, buf); - sprintf(buf, "%d", policy->pw_lockout_duration); - Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", policy->pw_lockout_duration); + Tcl_DStringAppendElement(str, buf); - return str; + return str; } - - + + static int parse_policy_ent(Tcl_Interp *interp, char *list, - kadm5_policy_ent_t *out_policy) + kadm5_policy_ent_t *out_policy) { - kadm5_policy_ent_t policy = 0; - int tcl_ret; - int argc; - const char **argv; - int tmp; - int retcode = TCL_OK; - - if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return tcl_ret; - } - - if (argc != 7 && argc != 10) { - sprintf(interp->result, "wrong # args in policy structure (%d should be 7 or 10)", - argc); - retcode = TCL_ERROR; - goto finished; - } - - if (! (policy = malloc(sizeof *policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - retcode = TCL_ERROR; - goto finished; - } - - if(policy->policy != NULL) { - if (! (policy->policy = strdup(policy->policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - } - - /* - * All of the numerical values parsed here are parsed into an - * "int" and then assigned into the structure in case the actual - * width of the field in the Kerberos structure is different from - * the width of an integer. - */ - - if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_life"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_life = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_max_life"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_max_life = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_length"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_length = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_classes"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_classes = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_history_num"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_history_num = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy_refcnt"); - retcode = TCL_ERROR; - goto finished; - } - policy->policy_refcnt = tmp; - - if (argc == 7) goto finished; - - if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_max_fail"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_max_fail = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_failcnt_interval"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_failcnt_interval = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_lockout_duration"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_lockout_duration = tmp; + kadm5_policy_ent_t policy = 0; + int tcl_ret; + int argc; + const char **argv; + int tmp; + int retcode = TCL_OK; + + if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { + return tcl_ret; + } + + if (argc != 7 && argc != 10) { + sprintf(interp->result, "wrong # args in policy structure (%d should be 7 or 10)", + argc); + retcode = TCL_ERROR; + goto finished; + } + + if (! (policy = malloc(sizeof *policy))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy name"); + retcode = TCL_ERROR; + goto finished; + } + + if(policy->policy != NULL) { + if (! (policy->policy = strdup(policy->policy))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + } + + /* + * All of the numerical values parsed here are parsed into an + * "int" and then assigned into the structure in case the actual + * width of the field in the Kerberos structure is different from + * the width of an integer. + */ + + if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_min_life"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_min_life = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_max_life"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_max_life = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_min_length"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_min_length = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_min_classes"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_min_classes = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_history_num"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_history_num = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy_refcnt"); + retcode = TCL_ERROR; + goto finished; + } + policy->policy_refcnt = tmp; + + if (argc == 7) goto finished; + + if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_max_fail"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_max_fail = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_failcnt_interval"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_failcnt_interval = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_lockout_duration"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_lockout_duration = tmp; finished: - Tcl_Free((char *) argv); - *out_policy = policy; - return retcode; + Tcl_Free((char *) argv); + *out_policy = policy; + return retcode; } static void free_policy_ent(kadm5_policy_ent_t *policy) { - free(*policy); - *policy = 0; + free(*policy); + *policy = 0; } static Tcl_DString *unparse_keytype(krb5_enctype enctype) { - Tcl_DString *str; - char buf[50]; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - switch (enctype) { - /* XXX is this right? */ - case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break; - case ENCTYPE_DES_CBC_CRC: - Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break; - default: - sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype); - Tcl_DStringAppend(str, buf, -1); - break; - } - - return str; + Tcl_DString *str; + char buf[50]; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + Tcl_DStringInit(str); + + switch (enctype) { + /* XXX is this right? */ + case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break; + case ENCTYPE_DES_CBC_CRC: + Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break; + default: + sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype); + Tcl_DStringAppend(str, buf, -1); + break; + } + + return str; } - - + + static Tcl_DString *unparse_keyblocks(krb5_keyblock *keyblocks, int num_keys) { - Tcl_DString *str; - Tcl_DString *keytype; - int i, j; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - for (j = 0; j < num_keys; j++) { - krb5_keyblock *keyblock = &keyblocks[j]; - - Tcl_DStringStartSublist(str); - - keytype = unparse_keytype(keyblock->enctype); - Tcl_DStringAppendElement(str, keytype->string); - Tcl_DStringFree(keytype); - free(keytype); - if (keyblock->length == 0) { - Tcl_DStringAppendElement(str, "0x00"); - } - else { - Tcl_DStringAppendElement(str, "0x"); - for (i = 0; i < keyblock->length; i++) { - char buf[3]; - sprintf(buf, "%02x", (int) keyblock->contents[i]); - Tcl_DStringAppend(str, buf, -1); - } - } - - Tcl_DStringEndSublist(str); - } - - - return str; + Tcl_DString *str; + Tcl_DString *keytype; + int i, j; + + if (! (str = malloc(sizeof(*str)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + + Tcl_DStringInit(str); + + for (j = 0; j < num_keys; j++) { + krb5_keyblock *keyblock = &keyblocks[j]; + + Tcl_DStringStartSublist(str); + + keytype = unparse_keytype(keyblock->enctype); + Tcl_DStringAppendElement(str, keytype->string); + Tcl_DStringFree(keytype); + free(keytype); + if (keyblock->length == 0) { + Tcl_DStringAppendElement(str, "0x00"); + } + else { + Tcl_DStringAppendElement(str, "0x"); + for (i = 0; i < keyblock->length; i++) { + char buf[3]; + sprintf(buf, "%02x", (int) keyblock->contents[i]); + Tcl_DStringAppend(str, buf, -1); + } + } + + Tcl_DStringEndSublist(str); + } + + + return str; } enum init_type { INIT_NONE, INIT_PASS, INIT_CREDS }; - + static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData, - Tcl_Interp *interp, int argc, const char *argv[]) + Tcl_Interp *interp, int argc, const char *argv[]) { - kadm5_ret_t ret; - char *client_name, *pass, *service_name; - int tcl_ret; - krb5_ui_4 struct_version, api_version; - const char *handle_var; - void *server_handle; - char *handle_name, *params_str; - const char *whoami = argv[0]; - kadm5_config_params params; - - argv++, argc--; - - kadm5_init_krb5_context(&context); - - if (argc != 7) { - Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); - return TCL_ERROR; - } - - if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[3], ¶ms_str)) != TCL_OK) || - ((tcl_ret = parse_config_params(interp, params_str, ¶ms)) - != TCL_OK) || - ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) != - TCL_OK) || - ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) != - TCL_OK)) { - return tcl_ret; - } - - handle_var = argv[6]; - - if (! (handle_var && *handle_var)) { - Tcl_SetResult(interp, "must specify server handle variable name", - TCL_STATIC); - return TCL_ERROR; - } - - if (init_type == INIT_CREDS) { - krb5_ccache cc; - - if (pass == NULL) { - if ((ret = krb5_cc_default(context, &cc))) { - stash_error(interp, ret); - return TCL_ERROR; - } - } else { - if ((ret = krb5_cc_resolve(context, pass, &cc))) { - stash_error(interp, ret); - return TCL_ERROR; - } - } - - ret = kadm5_init_with_creds(context, client_name, cc, service_name, - ¶ms, struct_version, - api_version, NULL, &server_handle); - - (void) krb5_cc_close(context, cc); - } else - ret = kadm5_init(context, client_name, pass, service_name, ¶ms, - struct_version, api_version, NULL, &server_handle); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - - if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name)) - != TCL_OK) { - return tcl_ret; - } - - if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) { - return TCL_ERROR; - } - - set_ok(interp, "KADM5 API initialized."); - return TCL_OK; + kadm5_ret_t ret; + char *client_name, *pass, *service_name; + int tcl_ret; + krb5_ui_4 struct_version, api_version; + const char *handle_var; + void *server_handle; + char *handle_name, *params_str; + const char *whoami = argv[0]; + kadm5_config_params params; + + argv++, argc--; + + kadm5_init_krb5_context(&context); + + if (argc != 7) { + Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); + return TCL_ERROR; + } + + if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) || + ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) || + ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) || + ((tcl_ret = parse_str(interp, argv[3], ¶ms_str)) != TCL_OK) || + ((tcl_ret = parse_config_params(interp, params_str, ¶ms)) + != TCL_OK) || + ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) != + TCL_OK) || + ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) != + TCL_OK)) { + return tcl_ret; + } + + handle_var = argv[6]; + + if (! (handle_var && *handle_var)) { + Tcl_SetResult(interp, "must specify server handle variable name", + TCL_STATIC); + return TCL_ERROR; + } + + if (init_type == INIT_CREDS) { + krb5_ccache cc; + + if (pass == NULL) { + if ((ret = krb5_cc_default(context, &cc))) { + stash_error(interp, ret); + return TCL_ERROR; + } + } else { + if ((ret = krb5_cc_resolve(context, pass, &cc))) { + stash_error(interp, ret); + return TCL_ERROR; + } + } + + ret = kadm5_init_with_creds(context, client_name, cc, service_name, + ¶ms, struct_version, + api_version, NULL, &server_handle); + + (void) krb5_cc_close(context, cc); + } else + ret = kadm5_init(context, client_name, pass, service_name, ¶ms, + struct_version, api_version, NULL, &server_handle); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } + + if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name)) + != TCL_OK) { + return tcl_ret; + } + + if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) { + return TCL_ERROR; + } + + set_ok(interp, "KADM5 API initialized."); + return TCL_OK; } static int tcl_kadm5_init(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv); + return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv); } static int tcl_kadm5_init_with_creds(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv); + return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv); } static int tcl_kadm5_destroy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - kadm5_ret_t ret; - int tcl_ret; + kadm5_ret_t ret; + int tcl_ret; + + GET_HANDLE(0, 0); - GET_HANDLE(0, 0); + ret = kadm5_destroy(server_handle); - ret = kadm5_destroy(server_handle); + if (ret != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } - if (ret != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } + if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) { + return tcl_ret; + } - if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) { - return tcl_ret; - } - - set_ok(interp, "KADM5 API deinitialized."); - return TCL_OK; -} + set_ok(interp, "KADM5 API deinitialized."); + return TCL_OK; +} -static int tcl_kadm5_create_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) +static int tcl_kadm5_create_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - int tcl_ret; - kadm5_ret_t ret; - int retcode = TCL_OK; - char *princ_string; - kadm5_principal_ent_t princ = 0; - krb5_int32 mask; - char *pw; -#ifdef OVERRIDE - int override_qual; -#endif - - GET_HANDLE(3, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing principal"); - return tcl_ret; - } - - if (princ_string && - ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } - - if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } + int tcl_ret; + kadm5_ret_t ret; + int retcode = TCL_OK; + char *princ_string; + kadm5_principal_ent_t princ = 0; + krb5_int32 mask; + char *pw; +#ifdef OVERRIDE + int override_qual; +#endif + + GET_HANDLE(3, 0); + + if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing principal"); + return tcl_ret; + } + + if (princ_string && + ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) + != TCL_OK)) { + return tcl_ret; + } + + if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { + retcode = tcl_ret; + goto finished; + } + + if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) { + retcode = tcl_ret; + goto finished; + } #ifdef OVERRIDE - if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) != - TCL_OK) { - retcode = tcl_ret; - goto finished; - } -#endif + if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) != + TCL_OK) { + retcode = tcl_ret; + goto finished; + } +#endif #ifdef OVERRIDE - ret = kadm5_create_principal(server_handle, princ, mask, pw, - override_qual); + ret = kadm5_create_principal(server_handle, princ, mask, pw, + override_qual); #else - ret = kadm5_create_principal(server_handle, princ, mask, pw); -#endif - - if (ret != KADM5_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - goto finished; - } - else { - set_ok(interp, "Principal created."); - } + ret = kadm5_create_principal(server_handle, princ, mask, pw); +#endif + + if (ret != KADM5_OK) { + stash_error(interp, ret); + retcode = TCL_ERROR; + goto finished; + } + else { + set_ok(interp, "Principal created."); + } finished: - if (princ) { - free_principal_ent(&princ); - } - return retcode; + if (princ) { + free_principal_ent(&princ); + } + return retcode; } -static int tcl_kadm5_delete_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) +static int tcl_kadm5_delete_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - krb5_principal princ; - krb5_error_code krb5_ret; - kadm5_ret_t ret; - int tcl_ret; - char *name; - - GET_HANDLE(1, 0); - - if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) - return tcl_ret; - if(name != NULL) { - if ((krb5_ret = krb5_parse_name(context, name, &princ))) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal"); - return TCL_ERROR; - } - } else princ = NULL; - ret = kadm5_delete_principal(server_handle, princ); - - if(princ != NULL) - krb5_free_principal(context, princ); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - set_ok(interp, "Principal deleted."); - return TCL_OK; - } + krb5_principal princ; + krb5_error_code krb5_ret; + kadm5_ret_t ret; + int tcl_ret; + char *name; + + GET_HANDLE(1, 0); + + if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) + return tcl_ret; + if(name != NULL) { + if ((krb5_ret = krb5_parse_name(context, name, &princ))) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal"); + return TCL_ERROR; + } + } else princ = NULL; + ret = kadm5_delete_principal(server_handle, princ); + + if(princ != NULL) + krb5_free_principal(context, princ); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } + else { + set_ok(interp, "Principal deleted."); + return TCL_OK; + } } -static int tcl_kadm5_modify_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) +static int tcl_kadm5_modify_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - char *princ_string; - kadm5_principal_ent_t princ = 0; - int tcl_ret; - krb5_int32 mask; - int retcode = TCL_OK; - kadm5_ret_t ret; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing principal"); - return tcl_ret; - } - - if (princ_string && - ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_modify_principal(server_handle, princ, mask); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - else { - set_ok(interp, "Principal modified."); - } + char *princ_string; + kadm5_principal_ent_t princ = 0; + int tcl_ret; + krb5_int32 mask; + int retcode = TCL_OK; + kadm5_ret_t ret; + + GET_HANDLE(2, 0); + + if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing principal"); + return tcl_ret; + } + + if (princ_string && + ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) + != TCL_OK)) { + return tcl_ret; + } + + if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_modify_principal(server_handle, princ, mask); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + retcode = TCL_ERROR; + } + else { + set_ok(interp, "Principal modified."); + } finished: - if (princ) { - free_principal_ent(&princ); - } - return retcode; + if (princ) { + free_principal_ent(&princ); + } + return retcode; } -static int tcl_kadm5_rename_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) +static int tcl_kadm5_rename_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - krb5_principal source, target; - krb5_error_code krb5_ret; - kadm5_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing source"); - return TCL_ERROR; - } - - if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing target"); - krb5_free_principal(context, source); - return TCL_ERROR; - } - - ret = kadm5_rename_principal(server_handle, source, target); - - if (ret == KADM5_OK) { - set_ok(interp, "Principal renamed."); - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - - krb5_free_principal(context, source); - krb5_free_principal(context, target); - return retcode; + krb5_principal source, target; + krb5_error_code krb5_ret; + kadm5_ret_t ret; + int retcode = TCL_OK; + + GET_HANDLE(2, 0); + + if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing source"); + return TCL_ERROR; + } + + if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing target"); + krb5_free_principal(context, source); + return TCL_ERROR; + } + + ret = kadm5_rename_principal(server_handle, source, target); + + if (ret == KADM5_OK) { + set_ok(interp, "Principal renamed."); + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } + + krb5_free_principal(context, source); + krb5_free_principal(context, target); + return retcode; } - -static int tcl_kadm5_chpass_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) + +static int tcl_kadm5_chpass_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - krb5_principal princ; - char *pw; -#ifdef OVERRIDE - int override_qual; -#endif - krb5_error_code krb5_ret; - int retcode = TCL_OK; - kadm5_ret_t ret; - - GET_HANDLE(2, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &pw) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing password"); - retcode = TCL_ERROR; - goto finished; - } + krb5_principal princ; + char *pw; +#ifdef OVERRIDE + int override_qual; +#endif + krb5_error_code krb5_ret; + int retcode = TCL_OK; + kadm5_ret_t ret; + + GET_HANDLE(2, 0); + + if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal name"); + return TCL_ERROR; + } + + if (parse_str(interp, argv[1], &pw) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing password"); + retcode = TCL_ERROR; + goto finished; + } #ifdef OVERRIDE - if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing override_qual"); - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_chpass_principal(server_handle, - princ, pw, override_qual); + if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing override_qual"); + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_chpass_principal(server_handle, + princ, pw, override_qual); #else - ret = kadm5_chpass_principal(server_handle, princ, pw); -#endif - - if (ret == KADM5_OK) { - set_ok(interp, "Password changed."); - goto finished; - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } + ret = kadm5_chpass_principal(server_handle, princ, pw); +#endif + + if (ret == KADM5_OK) { + set_ok(interp, "Password changed."); + goto finished; + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } finished: - krb5_free_principal(context, princ); - return retcode; + krb5_free_principal(context, princ); + return retcode; } static int tcl_kadm5_chpass_principal_util(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) + Tcl_Interp *interp, + int argc, const char *argv[]) { - krb5_principal princ; - char *new_pw; -#ifdef OVERRIDE - int override_qual; -#endif - char *pw_ret, *pw_ret_var; - char msg_ret[1024], *msg_ret_var; - krb5_error_code krb5_ret; - kadm5_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(4, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &new_pw) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing new password"); - retcode = TCL_ERROR; - goto finished; - } + krb5_principal princ; + char *new_pw; #ifdef OVERRIDE - if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing override_qual"); - retcode = TCL_ERROR; - goto finished; - } + int override_qual; #endif - if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_ret variable name"); - retcode = TCL_ERROR; - goto finished; - } - - if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing msg_ret variable name"); - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_chpass_principal_util(server_handle, princ, new_pw, -#ifdef OVERRIDE - override_qual, -#endif - pw_ret_var ? &pw_ret : 0, - msg_ret_var ? msg_ret : 0, - msg_ret_var ? sizeof(msg_ret) : 0); - - if (ret == KADM5_OK) { - if (pw_ret_var && - (! Tcl_SetVar(interp, pw_ret_var, pw_ret, - TCL_LEAVE_ERR_MSG))) { - Tcl_AppendElement(interp, "while setting pw_ret variable"); - retcode = TCL_ERROR; - goto finished; - } - if (msg_ret_var && - (! Tcl_SetVar(interp, msg_ret_var, msg_ret, - TCL_LEAVE_ERR_MSG))) { - Tcl_AppendElement(interp, - "while setting msg_ret variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Password changed."); - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } + char *pw_ret, *pw_ret_var; + char msg_ret[1024], *msg_ret_var; + krb5_error_code krb5_ret; + kadm5_ret_t ret; + int retcode = TCL_OK; + + GET_HANDLE(4, 0); + + if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal name"); + return TCL_ERROR; + } + + if (parse_str(interp, argv[1], &new_pw) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing new password"); + retcode = TCL_ERROR; + goto finished; + } +#ifdef OVERRIDE + if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing override_qual"); + retcode = TCL_ERROR; + goto finished; + } +#endif + if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_ret variable name"); + retcode = TCL_ERROR; + goto finished; + } + + if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing msg_ret variable name"); + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_chpass_principal_util(server_handle, princ, new_pw, +#ifdef OVERRIDE + override_qual, +#endif + pw_ret_var ? &pw_ret : 0, + msg_ret_var ? msg_ret : 0, + msg_ret_var ? sizeof(msg_ret) : 0); + + if (ret == KADM5_OK) { + if (pw_ret_var && + (! Tcl_SetVar(interp, pw_ret_var, pw_ret, + TCL_LEAVE_ERR_MSG))) { + Tcl_AppendElement(interp, "while setting pw_ret variable"); + retcode = TCL_ERROR; + goto finished; + } + if (msg_ret_var && + (! Tcl_SetVar(interp, msg_ret_var, msg_ret, + TCL_LEAVE_ERR_MSG))) { + Tcl_AppendElement(interp, + "while setting msg_ret variable"); + retcode = TCL_ERROR; + goto finished; + } + set_ok(interp, "Password changed."); + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } finished: - krb5_free_principal(context, princ); - return retcode; + krb5_free_principal(context, princ); + return retcode; } -static int tcl_kadm5_randkey_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) +static int tcl_kadm5_randkey_principal(ClientData clientData, + Tcl_Interp *interp, + int argc, const char *argv[]) { - krb5_principal princ; - krb5_keyblock *keyblocks; - int num_keys; - char *keyblock_var, *num_var, buf[50]; - Tcl_DString *keyblock_dstring = 0; - krb5_error_code krb5_ret; - kadm5_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(3, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing keyblock variable name"); - retcode = TCL_ERROR; - goto finished; - } - if (parse_str(interp, argv[2], &num_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing keyblock variable name"); - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_randkey_principal(server_handle, - princ, keyblock_var ? &keyblocks : 0, - &num_keys); - - if (ret == KADM5_OK) { - if (keyblock_var) { - keyblock_dstring = unparse_keyblocks(keyblocks, num_keys); - if (! Tcl_SetVar(interp, keyblock_var, - keyblock_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting keyblock variable"); - retcode = TCL_ERROR; - goto finished; - } - } - if (num_var) { - sprintf(buf, "%d", num_keys); - if (! Tcl_SetVar(interp, num_var, buf, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting num_keys variable"); - } - } - set_ok(interp, "Key randomized."); - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } + krb5_principal princ; + krb5_keyblock *keyblocks; + int num_keys; + char *keyblock_var, *num_var, buf[50]; + Tcl_DString *keyblock_dstring = 0; + krb5_error_code krb5_ret; + kadm5_ret_t ret; + int retcode = TCL_OK; + + GET_HANDLE(3, 0); + + if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal name"); + return TCL_ERROR; + } + + if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing keyblock variable name"); + retcode = TCL_ERROR; + goto finished; + } + if (parse_str(interp, argv[2], &num_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing keyblock variable name"); + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_randkey_principal(server_handle, + princ, keyblock_var ? &keyblocks : 0, + &num_keys); + + if (ret == KADM5_OK) { + if (keyblock_var) { + keyblock_dstring = unparse_keyblocks(keyblocks, num_keys); + if (! Tcl_SetVar(interp, keyblock_var, + keyblock_dstring->string, + TCL_LEAVE_ERR_MSG)) { + Tcl_AppendElement(interp, + "while setting keyblock variable"); + retcode = TCL_ERROR; + goto finished; + } + } + if (num_var) { + sprintf(buf, "%d", num_keys); + if (! Tcl_SetVar(interp, num_var, buf, + TCL_LEAVE_ERR_MSG)) { + Tcl_AppendElement(interp, + "while setting num_keys variable"); + } + } + set_ok(interp, "Key randomized."); + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } finished: - krb5_free_principal(context, princ); - if (keyblock_dstring) { - Tcl_DStringFree(keyblock_dstring); - free(keyblock_dstring); - } - return retcode; + krb5_free_principal(context, princ); + if (keyblock_dstring) { + Tcl_DStringFree(keyblock_dstring); + free(keyblock_dstring); + } + return retcode; } static int tcl_kadm5_get_principal(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - krb5_principal princ; - kadm5_principal_ent_rec ent; - Tcl_DString *ent_dstring = 0; - char *ent_var; - char *name; - krb5_error_code krb5_ret; - int tcl_ret; - kadm5_ret_t ret = -1; - krb5_int32 mask; - int retcode = TCL_OK; - - GET_HANDLE(3, 1); - - if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) - return tcl_ret; - if(name != NULL) { - if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - } else princ = NULL; - - if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry variable name"); - retcode = TCL_ERROR; - goto finished; - } - if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing principal mask"); - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0, - mask); - - if (ret == KADM5_OK) { - if (ent_var) { - ent_dstring = unparse_principal_ent(&ent, mask); - if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Principal retrieved."); - } - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } + krb5_principal princ; + kadm5_principal_ent_rec ent; + Tcl_DString *ent_dstring = 0; + char *ent_var; + char *name; + krb5_error_code krb5_ret; + int tcl_ret; + kadm5_ret_t ret = -1; + krb5_int32 mask; + int retcode = TCL_OK; + + GET_HANDLE(3, 1); + + if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) + return tcl_ret; + if(name != NULL) { + if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) { + stash_error(interp, krb5_ret); + Tcl_AppendElement(interp, "while parsing principal name"); + return TCL_ERROR; + } + } else princ = NULL; + + if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing entry variable name"); + retcode = TCL_ERROR; + goto finished; + } + if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing principal mask"); + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0, + mask); + + if (ret == KADM5_OK) { + if (ent_var) { + ent_dstring = unparse_principal_ent(&ent, mask); + if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, + TCL_LEAVE_ERR_MSG)) { + Tcl_AppendElement(interp, + "while setting entry variable"); + retcode = TCL_ERROR; + goto finished; + } + set_ok(interp, "Principal retrieved."); + } + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } finished: - if (ent_dstring) { - Tcl_DStringFree(ent_dstring); - free(ent_dstring); - } - if(princ != NULL) - krb5_free_principal(context, princ); - if (ret == KADM5_OK && ent_var && - (ret = kadm5_free_principal_ent(server_handle, &ent)) && - (retcode == TCL_OK)) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - return retcode; + if (ent_dstring) { + Tcl_DStringFree(ent_dstring); + free(ent_dstring); + } + if(princ != NULL) + krb5_free_principal(context, princ); + if (ret == KADM5_OK && ent_var && + (ret = kadm5_free_principal_ent(server_handle, &ent)) && + (retcode == TCL_OK)) { + stash_error(interp, ret); + retcode = TCL_ERROR; + } + return retcode; } - + static int tcl_kadm5_create_policy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - int tcl_ret; - kadm5_ret_t ret; - int retcode = TCL_OK; - char *policy_string; - kadm5_policy_ent_t policy = 0; - krb5_int32 mask; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - return tcl_ret; - } - - if (policy_string && - ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } - - ret = kadm5_create_policy(server_handle, policy, mask); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - goto finished; - } - else { - set_ok(interp, "Policy created."); - } + int tcl_ret; + kadm5_ret_t ret; + int retcode = TCL_OK; + char *policy_string; + kadm5_policy_ent_t policy = 0; + krb5_int32 mask; + + GET_HANDLE(2, 0); + + if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy"); + return tcl_ret; + } + + if (policy_string && + ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) + != TCL_OK)) { + return tcl_ret; + } + + if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { + retcode = tcl_ret; + goto finished; + } + + ret = kadm5_create_policy(server_handle, policy, mask); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + retcode = TCL_ERROR; + goto finished; + } + else { + set_ok(interp, "Policy created."); + } finished: - if (policy) { - free_policy_ent(&policy); - } - return retcode; + if (policy) { + free_policy_ent(&policy); + } + return retcode; } static int tcl_kadm5_delete_policy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - kadm5_ret_t ret; - char *policy; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &policy) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - return TCL_ERROR; - } - - ret = kadm5_delete_policy(server_handle, policy); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - set_ok(interp, "Policy deleted."); - return TCL_OK; - } + kadm5_ret_t ret; + char *policy; + + GET_HANDLE(1, 0); + + if (parse_str(interp, argv[0], &policy) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy name"); + return TCL_ERROR; + } + + ret = kadm5_delete_policy(server_handle, policy); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } + else { + set_ok(interp, "Policy deleted."); + return TCL_OK; + } } static int tcl_kadm5_modify_policy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - char *policy_string; - kadm5_policy_ent_t policy = 0; - int tcl_ret; - krb5_int32 mask; - int retcode = TCL_OK; - kadm5_ret_t ret; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - return tcl_ret; - } - - if (policy_string && - ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = TCL_ERROR; - goto finished; - } - - ret = kadm5_modify_policy(server_handle, policy, mask); - - if (ret != KADM5_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - else { - set_ok(interp, "Policy modified."); - } + char *policy_string; + kadm5_policy_ent_t policy = 0; + int tcl_ret; + krb5_int32 mask; + int retcode = TCL_OK; + kadm5_ret_t ret; + + GET_HANDLE(2, 0); + + if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy"); + return tcl_ret; + } + + if (policy_string && + ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) + != TCL_OK)) { + return tcl_ret; + } + + if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { + retcode = TCL_ERROR; + goto finished; + } + + ret = kadm5_modify_policy(server_handle, policy, mask); + + if (ret != KADM5_OK) { + stash_error(interp, ret); + retcode = TCL_ERROR; + } + else { + set_ok(interp, "Policy modified."); + } finished: - if (policy) { - free_policy_ent(&policy); - } - return retcode; + if (policy) { + free_policy_ent(&policy); + } + return retcode; } static int tcl_kadm5_get_policy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - kadm5_policy_ent_rec ent; - Tcl_DString *ent_dstring = 0; - char *policy; - char *ent_var; - kadm5_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 1); - - if (parse_str(interp, argv[0], &policy) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &ent_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry variable name"); - return TCL_ERROR; - } - - ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0); - - if (ret == KADM5_OK) { - if (ent_var) { - ent_dstring = unparse_policy_ent(&ent); - if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Policy retrieved."); - } - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } + kadm5_policy_ent_rec ent; + Tcl_DString *ent_dstring = 0; + char *policy; + char *ent_var; + kadm5_ret_t ret; + int retcode = TCL_OK; + + GET_HANDLE(2, 1); + + if (parse_str(interp, argv[0], &policy) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing policy name"); + return TCL_ERROR; + } + + if (parse_str(interp, argv[1], &ent_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing entry variable name"); + return TCL_ERROR; + } + + ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0); + + if (ret == KADM5_OK) { + if (ent_var) { + ent_dstring = unparse_policy_ent(&ent); + if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, + TCL_LEAVE_ERR_MSG)) { + Tcl_AppendElement(interp, + "while setting entry variable"); + retcode = TCL_ERROR; + goto finished; + } + set_ok(interp, "Policy retrieved."); + } + } + else { + stash_error(interp, ret); + retcode = TCL_ERROR; + } finished: - if (ent_dstring) { - Tcl_DStringFree(ent_dstring); - free(ent_dstring); - } - if (ent_var && ret == KADM5_OK && - (ret = kadm5_free_policy_ent(server_handle, &ent)) && - (retcode == TCL_OK)) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - return retcode; + if (ent_dstring) { + Tcl_DStringFree(ent_dstring); + free(ent_dstring); + } + if (ent_var && ret == KADM5_OK && + (ret = kadm5_free_policy_ent(server_handle, &ent)) && + (retcode == TCL_OK)) { + stash_error(interp, ret); + retcode = TCL_ERROR; + } + return retcode; } - - + + static int tcl_kadm5_free_principal_ent(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) + Tcl_Interp *interp, + int argc, const char *argv[]) { - char *ent_name; - kadm5_principal_ent_t ent; - kadm5_ret_t ret; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry name"); - return TCL_ERROR; - } - - if ((! ent_name) && - (ret = kadm5_free_principal_ent(server_handle, 0))) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - Tcl_HashEntry *entry; - - if (strncmp(ent_name, "principal", sizeof("principal")-1)) { - Tcl_AppendResult(interp, "invalid principal handle \"", - ent_name, "\"", 0); - return TCL_ERROR; - } - if (! struct_table) { - if (! (struct_table = malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { - Tcl_AppendResult(interp, "principal handle \"", ent_name, - "\" not found", 0); - return TCL_ERROR; - } - - ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry); - - ret = kadm5_free_principal_ent(server_handle, ent); - if (ret != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - Tcl_DeleteHashEntry(entry); - } - set_ok(interp, "Principal freed."); - return TCL_OK; + char *ent_name; + kadm5_principal_ent_t ent; + kadm5_ret_t ret; + + GET_HANDLE(1, 0); + + if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing entry name"); + return TCL_ERROR; + } + + if ((! ent_name) && + (ret = kadm5_free_principal_ent(server_handle, 0))) { + stash_error(interp, ret); + return TCL_ERROR; + } + else { + Tcl_HashEntry *entry; + + if (strncmp(ent_name, "principal", sizeof("principal")-1)) { + Tcl_AppendResult(interp, "invalid principal handle \"", + ent_name, "\"", 0); + return TCL_ERROR; + } + if (! struct_table) { + if (! (struct_table = malloc(sizeof(*struct_table)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); + } + + if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { + Tcl_AppendResult(interp, "principal handle \"", ent_name, + "\" not found", 0); + return TCL_ERROR; + } + + ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry); + + ret = kadm5_free_principal_ent(server_handle, ent); + if (ret != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } + Tcl_DeleteHashEntry(entry); + } + set_ok(interp, "Principal freed."); + return TCL_OK; } - - + + static int tcl_kadm5_free_policy_ent(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) + Tcl_Interp *interp, + int argc, const char *argv[]) { - char *ent_name; - kadm5_policy_ent_t ent; - kadm5_ret_t ret; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry name"); - return TCL_ERROR; - } - - if ((! ent_name) && - (ret = kadm5_free_policy_ent(server_handle, 0))) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - Tcl_HashEntry *entry; - - if (strncmp(ent_name, "policy", sizeof("policy")-1)) { - Tcl_AppendResult(interp, "invalid principal handle \"", - ent_name, "\"", 0); - return TCL_ERROR; - } - if (! struct_table) { - if (! (struct_table = malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { - Tcl_AppendResult(interp, "policy handle \"", ent_name, - "\" not found", 0); - return TCL_ERROR; - } - - ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry); - - if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - Tcl_DeleteHashEntry(entry); - } - set_ok(interp, "Policy freed."); - return TCL_OK; + char *ent_name; + kadm5_policy_ent_t ent; + kadm5_ret_t ret; + + GET_HANDLE(1, 0); + + if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing entry name"); + return TCL_ERROR; + } + + if ((! ent_name) && + (ret = kadm5_free_policy_ent(server_handle, 0))) { + stash_error(interp, ret); + return TCL_ERROR; + } + else { + Tcl_HashEntry *entry; + + if (strncmp(ent_name, "policy", sizeof("policy")-1)) { + Tcl_AppendResult(interp, "invalid principal handle \"", + ent_name, "\"", 0); + return TCL_ERROR; + } + if (! struct_table) { + if (! (struct_table = malloc(sizeof(*struct_table)))) { + fprintf(stderr, "Out of memory!\n"); + exit(1); /* XXX */ + } + Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); + } + + if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { + Tcl_AppendResult(interp, "policy handle \"", ent_name, + "\" not found", 0); + return TCL_ERROR; + } + + ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry); + + if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) { + stash_error(interp, ret); + return TCL_ERROR; + } + Tcl_DeleteHashEntry(entry); + } + set_ok(interp, "Policy freed."); + return TCL_OK; } - - + + static int tcl_kadm5_get_privs(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) + int argc, const char *argv[]) { - const char *set_ret; - kadm5_ret_t ret; - char *priv_var; - long privs; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &priv_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing privs variable name"); - return TCL_ERROR; - } - - ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0); - - if (ret == KADM5_OK) { - if (priv_var) { - Tcl_DString *str = unparse_privs(privs); - set_ret = Tcl_SetVar(interp, priv_var, str->string, - TCL_LEAVE_ERR_MSG); - Tcl_DStringFree(str); - free(str); - if (! set_ret) { - Tcl_AppendElement(interp, "while setting priv variable"); - return TCL_ERROR; - } - } - set_ok(interp, "Privileges retrieved."); - return TCL_OK; - } - else { - stash_error(interp, ret); - return TCL_ERROR; - } + const char *set_ret; + kadm5_ret_t ret; + char *priv_var; + long privs; + + GET_HANDLE(1, 0); + + if (parse_str(interp, argv[0], &priv_var) != TCL_OK) { + Tcl_AppendElement(interp, "while parsing privs variable name"); + return TCL_ERROR; + } + + ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0); + + if (ret == KADM5_OK) { + if (priv_var) { + Tcl_DString *str = unparse_privs(privs); + set_ret = Tcl_SetVar(interp, priv_var, str->string, + TCL_LEAVE_ERR_MSG); + Tcl_DStringFree(str); + free(str); + if (! set_ret) { + Tcl_AppendElement(interp, "while setting priv variable"); + return TCL_ERROR; + } + } + set_ok(interp, "Privileges retrieved."); + return TCL_OK; + } + else { + stash_error(interp, ret); + return TCL_ERROR; + } } - + void Tcl_kadm5_init(Tcl_Interp *interp) { char buf[20]; - Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE", - KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY); - Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE", - KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE", + KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE", + KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION); - Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_2); - Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_3); - Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK); - Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY); + Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK); - Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf, - TCL_GLOBAL_ONLY); - - Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0); - Tcl_CreateCommand(interp, "kadm5_init_with_creds", - tcl_kadm5_init_with_creds, 0, 0); - Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0, - 0); - Tcl_CreateCommand(interp, "kadm5_create_principal", - tcl_kadm5_create_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_delete_principal", - tcl_kadm5_delete_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_modify_principal", - tcl_kadm5_modify_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_rename_principal", - tcl_kadm5_rename_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_chpass_principal", - tcl_kadm5_chpass_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_chpass_principal_util", - tcl_kadm5_chpass_principal_util, 0, 0); - Tcl_CreateCommand(interp, "kadm5_randkey_principal", - tcl_kadm5_randkey_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_get_principal", - tcl_kadm5_get_principal, 0, 0); - Tcl_CreateCommand(interp, "kadm5_create_policy", - tcl_kadm5_create_policy, 0, 0); - Tcl_CreateCommand(interp, "kadm5_delete_policy", - tcl_kadm5_delete_policy, 0, 0); - Tcl_CreateCommand(interp, "kadm5_modify_policy", - tcl_kadm5_modify_policy, 0, 0); - Tcl_CreateCommand(interp, "kadm5_get_policy", - tcl_kadm5_get_policy, 0, 0); - Tcl_CreateCommand(interp, "kadm5_free_principal_ent", - tcl_kadm5_free_principal_ent, 0, 0); - Tcl_CreateCommand(interp, "kadm5_free_policy_ent", - tcl_kadm5_free_policy_ent, 0, 0); - Tcl_CreateCommand(interp, "kadm5_get_privs", - tcl_kadm5_get_privs, 0, 0); + Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf, + TCL_GLOBAL_ONLY); + + Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0); + Tcl_CreateCommand(interp, "kadm5_init_with_creds", + tcl_kadm5_init_with_creds, 0, 0); + Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0, + 0); + Tcl_CreateCommand(interp, "kadm5_create_principal", + tcl_kadm5_create_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_delete_principal", + tcl_kadm5_delete_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_modify_principal", + tcl_kadm5_modify_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_rename_principal", + tcl_kadm5_rename_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_chpass_principal", + tcl_kadm5_chpass_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_chpass_principal_util", + tcl_kadm5_chpass_principal_util, 0, 0); + Tcl_CreateCommand(interp, "kadm5_randkey_principal", + tcl_kadm5_randkey_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_get_principal", + tcl_kadm5_get_principal, 0, 0); + Tcl_CreateCommand(interp, "kadm5_create_policy", + tcl_kadm5_create_policy, 0, 0); + Tcl_CreateCommand(interp, "kadm5_delete_policy", + tcl_kadm5_delete_policy, 0, 0); + Tcl_CreateCommand(interp, "kadm5_modify_policy", + tcl_kadm5_modify_policy, 0, 0); + Tcl_CreateCommand(interp, "kadm5_get_policy", + tcl_kadm5_get_policy, 0, 0); + Tcl_CreateCommand(interp, "kadm5_free_principal_ent", + tcl_kadm5_free_principal_ent, 0, 0); + Tcl_CreateCommand(interp, "kadm5_free_policy_ent", + tcl_kadm5_free_policy_ent, 0, 0); + Tcl_CreateCommand(interp, "kadm5_get_privs", + tcl_kadm5_get_privs, 0, 0); } diff --git a/src/kadmin/testing/util/tcl_kadm5.h b/src/kadmin/testing/util/tcl_kadm5.h index d2fdd1d..1f91a11 100644 --- a/src/kadmin/testing/util/tcl_kadm5.h +++ b/src/kadmin/testing/util/tcl_kadm5.h @@ -1,3 +1,3 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ void Tcl_kadm5_init(Tcl_Interp *interp); - diff --git a/src/kadmin/testing/util/tcl_krb5_hash.c b/src/kadmin/testing/util/tcl_krb5_hash.c index 7fe1b8f..35c6bb0 100644 --- a/src/kadmin/testing/util/tcl_krb5_hash.c +++ b/src/kadmin/testing/util/tcl_krb5_hash.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * All of the TCL krb5 functions which return (or place into output * variables) structures or pointers to structures that can't be @@ -10,7 +11,7 @@ * table. * * The functions in this file do four things: - * + * * 1) Given a pointer to a datum and a string representing the type of * datum to which the pointer refers, create a new handle for the * datum, store the datum in the hash table using the new handle as @@ -54,114 +55,113 @@ static char *memory_error = "out of memory"; */ static TclHashTable *get_hash_table(Tcl_Interp *interp, - char *type) + char *type) { - static Tcl_HashTable *hash_table = 0; - - if (! hash_table) { - if (! (hash_table = malloc(sizeof(*hash_table)))) { - Tcl_SetResult(interp, memory_error, TCL_STATIC); - return 0; - } - Tcl_InitHashTable(hash_table, TCL_STRING_KEYS); - } - return hash_table; + static Tcl_HashTable *hash_table = 0; + + if (! hash_table) { + if (! (hash_table = malloc(sizeof(*hash_table)))) { + Tcl_SetResult(interp, memory_error, TCL_STATIC); + return 0; + } + Tcl_InitHashTable(hash_table, TCL_STRING_KEYS); + } + return hash_table; } #define MAX_ID 999999999 #define ID_BUF_SIZE 10 static Tcl_HashEntry *get_new_handle(Tcl_Interp *interp, - char *type) + char *type) { - static unsigned long int id_counter = 0; - Tcl_DString *handle; - char int_buf[ID_BUF_SIZE]; - - if (! (handle = malloc(sizeof(*handle)))) { - Tcl_SetResult(interp, memory_error, TCL_STATIC); - return 0; - } - Tcl_DStringInit(handle); + static unsigned long int id_counter = 0; + Tcl_DString *handle; + char int_buf[ID_BUF_SIZE]; + + if (! (handle = malloc(sizeof(*handle)))) { + Tcl_SetResult(interp, memory_error, TCL_STATIC); + return 0; + } + Tcl_DStringInit(handle); - assert(id_counter <= MAX_ID); + assert(id_counter <= MAX_ID); - sprintf(int_buf, "%d", id_counter++); + sprintf(int_buf, "%d", id_counter++); - Tcl_DStringAppend(handle, type, -1); - Tcl_DStringAppend(handle, SEP_STR, -1); - Tcl_DStringAppend(handle, int_buf, -1); + Tcl_DStringAppend(handle, type, -1); + Tcl_DStringAppend(handle, SEP_STR, -1); + Tcl_DStringAppend(handle, int_buf, -1); - return handle; + return handle; } - - + + Tcl_DString *tcl_krb5_create_object(Tcl_Interp *interp, - char *type, - ClientData datum) + char *type, + ClientData datum) { - Tcl_HashTable *table; - Tcl_DString *handle; - Tcl_HashEntry *entry; - int entry_created = 0; + Tcl_HashTable *table; + Tcl_DString *handle; + Tcl_HashEntry *entry; + int entry_created = 0; - if (! (table = get_hash_table(interp, type))) { - return 0; - } + if (! (table = get_hash_table(interp, type))) { + return 0; + } - if (! (handle = get_new_handle(interp, type))) { - return 0; - } + if (! (handle = get_new_handle(interp, type))) { + return 0; + } - if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) { - Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC); - Tcl_DStringFree(handle); - return TCL_ERROR; - } + if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) { + Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC); + Tcl_DStringFree(handle); + return TCL_ERROR; + } - assert(entry_created); + assert(entry_created); - Tcl_SetHashValue(entry, datum); + Tcl_SetHashValue(entry, datum); - return handle; + return handle; } ClientData tcl_krb5_get_object(Tcl_Interp *interp, - char *handle) + char *handle) { - char *myhandle, *id_ptr; - Tcl_HashTable *table; - Tcl_HashEntry *entry; - - if (! (myhandle = strdup(handle))) { - Tcl_SetResult(interp, memory_error, TCL_STATIC); - return 0; - } - - if (! (id_ptr = index(myhandle, *SEP_STR))) { - free(myhandle); - Tcl_ResetResult(interp); - Tcl_AppendResult(interp, "malformatted handle \"", handle, - "\"", 0); - return 0; - } - - *id_ptr = '\0'; - - if (! (table = get_hash_table(interp, myhandle))) { - free(myhandle); - return 0; - } - - free(myhandle); - - if (! (entry = Tcl_FindHashEntry(table, handle))) { - Tcl_ResetResult(interp); - Tcl_AppendResult(interp, "no object corresponding to handle \"", - handle, "\"", 0); - return 0; - } - - return(Tcl_GetHashValue(entry)); + char *myhandle, *id_ptr; + Tcl_HashTable *table; + Tcl_HashEntry *entry; + + if (! (myhandle = strdup(handle))) { + Tcl_SetResult(interp, memory_error, TCL_STATIC); + return 0; + } + + if (! (id_ptr = index(myhandle, *SEP_STR))) { + free(myhandle); + Tcl_ResetResult(interp); + Tcl_AppendResult(interp, "malformatted handle \"", handle, + "\"", 0); + return 0; + } + + *id_ptr = '\0'; + + if (! (table = get_hash_table(interp, myhandle))) { + free(myhandle); + return 0; + } + + free(myhandle); + + if (! (entry = Tcl_FindHashEntry(table, handle))) { + Tcl_ResetResult(interp); + Tcl_AppendResult(interp, "no object corresponding to handle \"", + handle, "\"", 0); + return 0; + } + + return(Tcl_GetHashValue(entry)); } - diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c index 7f93eb4..37e49d6 100644 --- a/src/kadmin/testing/util/test.c +++ b/src/kadmin/testing/util/test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "autoconf.h" #if HAVE_TCL_H #include <tcl.h> @@ -11,11 +12,11 @@ #if _TCL_MAIN int main(argc, argv) - int argc; /* Number of command-line arguments. */ - char **argv; /* Values of command-line arguments. */ + int argc; /* Number of command-line arguments. */ + char **argv; /* Values of command-line arguments. */ { Tcl_Main(argc, argv, Tcl_AppInit); - return 0; /* Needed only to prevent compiler warning. */ + return 0; /* Needed only to prevent compiler warning. */ } #else /* @@ -31,7 +32,7 @@ int *tclDummyMainPtr = (int *) main; int Tcl_AppInit(Tcl_Interp *interp) { - Tcl_kadm5_init(interp); + Tcl_kadm5_init(interp); - return(TCL_OK); + return(TCL_OK); } |