kadmin support for policies.
This commit is contained in:
Nicolas Williams
committed by
Nicolas Williams
Nicolas Williams
parent
a04721b737
commit
1f349a6aba
@@ -145,6 +145,59 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* try to parse the string `resp' into policy in `attr', also
|
||||
* setting the `bit' in `mask' if attributes are given and valid.
|
||||
*/
|
||||
|
||||
#define VALID_POLICY_NAME_CHARS \
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
|
||||
|
||||
int
|
||||
parse_policy (const char *resp, char **policy, int *mask, int bit)
|
||||
{
|
||||
if (strspn(resp, VALID_POLICY_NAME_CHARS) == strlen(resp) &&
|
||||
*resp != '\0') {
|
||||
|
||||
*policy = strdup(resp);
|
||||
if (*policy == NULL) {
|
||||
fprintf (stderr, "Out of memory");
|
||||
return -1;
|
||||
}
|
||||
if (mask)
|
||||
*mask |= bit;
|
||||
} else if(*resp == '?') {
|
||||
print_flags_table (kdb_attrs, stderr);
|
||||
} else {
|
||||
fprintf (stderr, "Unable to parse \"%s\"\n", resp);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* allow the user to edit the attributes in `attr', prompting with `prompt'
|
||||
*/
|
||||
|
||||
int
|
||||
edit_policy (const char *prompt, char **policy, int *mask, int bit)
|
||||
{
|
||||
char buf[1024], resp[1024];
|
||||
|
||||
if (mask && (*mask & bit))
|
||||
return 0;
|
||||
|
||||
strlcpy(buf, *policy, sizeof (buf));
|
||||
for (;;) {
|
||||
if(get_response("Policy", buf, resp, sizeof(resp)) != 0)
|
||||
return 1;
|
||||
if (resp[0] == '\0')
|
||||
break;
|
||||
if (parse_policy (resp, policy, mask, bit) == 0)
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* time_t
|
||||
* the special value 0 means ``never''
|
||||
@@ -420,6 +473,10 @@ edit_entry(kadm5_principal_ent_t ent, int *mask,
|
||||
KADM5_ATTRIBUTES) != 0)
|
||||
return 1;
|
||||
|
||||
if(edit_policy ("Policy", &ent->policy, mask,
|
||||
KADM5_POLICY) != 0)
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -437,7 +494,8 @@ set_entry(krb5_context contextp,
|
||||
const char *max_renewable_life,
|
||||
const char *expiration,
|
||||
const char *pw_expiration,
|
||||
const char *attributes)
|
||||
const char *attributes,
|
||||
const char *policy)
|
||||
{
|
||||
if (max_ticket_life != NULL) {
|
||||
if (parse_deltat (max_ticket_life, &ent->max_life,
|
||||
@@ -475,6 +533,13 @@ set_entry(krb5_context contextp,
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
if (policy != NULL) {
|
||||
if (parse_policy (policy, &ent->policy,
|
||||
mask, KADM5_POLICY)) {
|
||||
krb5_warnx (contextp, "unable to parse `%s'", attributes);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user