kadmin support for policies.
This commit is contained in:
Nicolas Williams
committed by
Nicolas Williams
Nicolas Williams
parent
a04721b737
commit
1f349a6aba
@@ -68,6 +68,7 @@ add_one_principal (const char *name,
|
||||
int rand_password,
|
||||
int use_defaults,
|
||||
char *password,
|
||||
char *policy,
|
||||
krb5_key_data *key_data,
|
||||
const char *max_ticket_life,
|
||||
const char *max_renewable_life,
|
||||
@@ -94,7 +95,7 @@ add_one_principal (const char *name,
|
||||
|
||||
ret = set_entry(context, &princ, &mask,
|
||||
max_ticket_life, max_renewable_life,
|
||||
expiration, pw_expiration, attributes);
|
||||
expiration, pw_expiration, attributes, policy);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -245,6 +246,7 @@ add_new_key(struct add_options *opt, int argc, char **argv)
|
||||
opt->random_password_flag,
|
||||
opt->use_defaults_flag,
|
||||
opt->password_string,
|
||||
opt->policy_string,
|
||||
kdp,
|
||||
opt->max_ticket_life_string,
|
||||
opt->max_renewable_life_string,
|
||||
|
||||
@@ -179,6 +179,12 @@ command = {
|
||||
type = "flag"
|
||||
help = "use default values"
|
||||
}
|
||||
option = {
|
||||
long = "policy"
|
||||
type = "string"
|
||||
argument = "policy"
|
||||
help = "policy name"
|
||||
}
|
||||
argument = "principal..."
|
||||
min_args = "1"
|
||||
help = "Adds a principal to the database."
|
||||
@@ -353,6 +359,12 @@ command = {
|
||||
argument = "subject dn"
|
||||
help = "aliases"
|
||||
}
|
||||
option = {
|
||||
long = "policy"
|
||||
type = "string"
|
||||
argument = "policy"
|
||||
help = "policy name"
|
||||
}
|
||||
argument = "principal"
|
||||
min_args = "1"
|
||||
max_args = "1"
|
||||
|
||||
@@ -109,6 +109,9 @@ int str2attributes(const char *, krb5_flags *);
|
||||
int parse_attributes (const char *, krb5_flags *, int *, int);
|
||||
int edit_attributes (const char *, krb5_flags *, int *, int);
|
||||
|
||||
int parse_policy (const char *, char **, int *, int);
|
||||
int edit_policy (const char *, char **, int *, int);
|
||||
|
||||
void time_t2str(time_t, char *, size_t, int);
|
||||
int str2time_t (const char *, time_t *);
|
||||
int parse_timet (const char *, krb5_timestamp *, int *, int);
|
||||
@@ -124,7 +127,7 @@ int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
|
||||
void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
|
||||
int set_entry(krb5_context, kadm5_principal_ent_t, int *,
|
||||
const char *, const char *, const char *,
|
||||
const char *, const char *);
|
||||
const char *, const char *, const char *);
|
||||
int
|
||||
foreach_principal(const char *, int (*)(krb5_principal, void*),
|
||||
const char *, void *);
|
||||
|
||||
@@ -207,6 +207,7 @@ do_mod_entry(krb5_principal principal, void *data)
|
||||
e->expiration_time_string ||
|
||||
e->pw_expiration_time_string ||
|
||||
e->attributes_string ||
|
||||
e->policy_string ||
|
||||
e->kvno_integer != -1 ||
|
||||
e->constrained_delegation_strings.num_strings ||
|
||||
e->alias_strings.num_strings ||
|
||||
@@ -216,7 +217,8 @@ do_mod_entry(krb5_principal principal, void *data)
|
||||
e->max_renewable_life_string,
|
||||
e->expiration_time_string,
|
||||
e->pw_expiration_time_string,
|
||||
e->attributes_string);
|
||||
e->attributes_string,
|
||||
e->policy_string);
|
||||
if(e->kvno_integer != -1) {
|
||||
princ.kvno = e->kvno_integer;
|
||||
mask |= KADM5_KVNO;
|
||||
|
||||
@@ -145,6 +145,59 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* try to parse the string `resp' into policy in `attr', also
|
||||
* setting the `bit' in `mask' if attributes are given and valid.
|
||||
*/
|
||||
|
||||
#define VALID_POLICY_NAME_CHARS \
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
|
||||
|
||||
int
|
||||
parse_policy (const char *resp, char **policy, int *mask, int bit)
|
||||
{
|
||||
if (strspn(resp, VALID_POLICY_NAME_CHARS) == strlen(resp) &&
|
||||
*resp != '\0') {
|
||||
|
||||
*policy = strdup(resp);
|
||||
if (*policy == NULL) {
|
||||
fprintf (stderr, "Out of memory");
|
||||
return -1;
|
||||
}
|
||||
if (mask)
|
||||
*mask |= bit;
|
||||
} else if(*resp == '?') {
|
||||
print_flags_table (kdb_attrs, stderr);
|
||||
} else {
|
||||
fprintf (stderr, "Unable to parse \"%s\"\n", resp);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* allow the user to edit the attributes in `attr', prompting with `prompt'
|
||||
*/
|
||||
|
||||
int
|
||||
edit_policy (const char *prompt, char **policy, int *mask, int bit)
|
||||
{
|
||||
char buf[1024], resp[1024];
|
||||
|
||||
if (mask && (*mask & bit))
|
||||
return 0;
|
||||
|
||||
strlcpy(buf, *policy, sizeof (buf));
|
||||
for (;;) {
|
||||
if(get_response("Policy", buf, resp, sizeof(resp)) != 0)
|
||||
return 1;
|
||||
if (resp[0] == '\0')
|
||||
break;
|
||||
if (parse_policy (resp, policy, mask, bit) == 0)
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* time_t
|
||||
* the special value 0 means ``never''
|
||||
@@ -420,6 +473,10 @@ edit_entry(kadm5_principal_ent_t ent, int *mask,
|
||||
KADM5_ATTRIBUTES) != 0)
|
||||
return 1;
|
||||
|
||||
if(edit_policy ("Policy", &ent->policy, mask,
|
||||
KADM5_POLICY) != 0)
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -437,7 +494,8 @@ set_entry(krb5_context contextp,
|
||||
const char *max_renewable_life,
|
||||
const char *expiration,
|
||||
const char *pw_expiration,
|
||||
const char *attributes)
|
||||
const char *attributes,
|
||||
const char *policy)
|
||||
{
|
||||
if (max_ticket_life != NULL) {
|
||||
if (parse_deltat (max_ticket_life, &ent->max_life,
|
||||
@@ -475,6 +533,13 @@ set_entry(krb5_context contextp,
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
if (policy != NULL) {
|
||||
if (parse_policy (policy, &ent->policy,
|
||||
mask, KADM5_POLICY)) {
|
||||
krb5_warnx (contextp, "unable to parse `%s'", attributes);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user