oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin support for policies.

Browse Source
This commit is contained in:
Nicolas Williams
2011-07-15 16:30:37 -05:00
committed by Nicolas Williams
parent a04721b737
commit 1f349a6aba
5 changed files with 88 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kadmin/ank.c
View File

@@ -68,6 +68,7 @@ add_one_principal (const char *name,
int rand_password, int rand_password,
int use_defaults, int use_defaults,
char *password, char *password,
char *policy,
krb5_key_data *key_data, krb5_key_data *key_data,
const char *max_ticket_life, const char *max_ticket_life,
const char *max_renewable_life, const char *max_renewable_life,
@@ -94,7 +95,7 @@ add_one_principal (const char *name,
ret = set_entry(context, &princ, &mask, ret = set_entry(context, &princ, &mask,
max_ticket_life, max_renewable_life, max_ticket_life, max_renewable_life,
expiration, pw_expiration, attributes); expiration, pw_expiration, attributes, policy);
if (ret) if (ret)
goto out; goto out;
@@ -245,6 +246,7 @@ add_new_key(struct add_options *opt, int argc, char **argv)
opt->random_password_flag, opt->random_password_flag,
opt->use_defaults_flag, opt->use_defaults_flag,
opt->password_string, opt->password_string,
opt->policy_string,
kdp, kdp,
opt->max_ticket_life_string, opt->max_ticket_life_string,
opt->max_renewable_life_string, opt->max_renewable_life_string,

12
kadmin/kadmin-commands.in
View File

@@ -179,6 +179,12 @@ command = {
type = "flag" type = "flag"
help = "use default values" help = "use default values"
} }
option = {
long = "policy"
type = "string"
argument = "policy"
help = "policy name"
}
argument = "principal..." argument = "principal..."
min_args = "1" min_args = "1"
help = "Adds a principal to the database." help = "Adds a principal to the database."
@@ -353,6 +359,12 @@ command = {
argument = "subject dn" argument = "subject dn"
help = "aliases" help = "aliases"
} }
option = {
long = "policy"
type = "string"
argument = "policy"
help = "policy name"
}
argument = "principal" argument = "principal"
min_args = "1" min_args = "1"
max_args = "1" max_args = "1"

5
kadmin/kadmin_locl.h
View File

@@ -109,6 +109,9 @@ int str2attributes(const char *, krb5_flags *);
int parse_attributes (const char *, krb5_flags *, int *, int); int parse_attributes (const char *, krb5_flags *, int *, int);
int edit_attributes (const char *, krb5_flags *, int *, int); int edit_attributes (const char *, krb5_flags *, int *, int);
int parse_policy (const char *, char **, int *, int);
int edit_policy (const char *, char **, int *, int);
void time_t2str(time_t, char *, size_t, int); void time_t2str(time_t, char *, size_t, int);
int str2time_t (const char *, time_t *); int str2time_t (const char *, time_t *);
int parse_timet (const char *, krb5_timestamp *, int *, int); int parse_timet (const char *, krb5_timestamp *, int *, int);
@@ -124,7 +127,7 @@ int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int); void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
int set_entry(krb5_context, kadm5_principal_ent_t, int *, int set_entry(krb5_context, kadm5_principal_ent_t, int *,
const char *, const char *, const char *, const char *, const char *, const char *,
const char *, const char *); const char *, const char *, const char *);
int int
foreach_principal(const char *, int (*)(krb5_principal, void*), foreach_principal(const char *, int (*)(krb5_principal, void*),
const char *, void *); const char *, void *);

4
kadmin/mod.c
View File

@@ -207,6 +207,7 @@ do_mod_entry(krb5_principal principal, void *data)
e->expiration_time_string || e->expiration_time_string ||
e->pw_expiration_time_string || e->pw_expiration_time_string ||
e->attributes_string || e->attributes_string ||
e->policy_string ||
e->kvno_integer != -1 || e->kvno_integer != -1 ||
e->constrained_delegation_strings.num_strings || e->constrained_delegation_strings.num_strings ||
e->alias_strings.num_strings || e->alias_strings.num_strings ||
@@ -216,7 +217,8 @@ do_mod_entry(krb5_principal principal, void *data)
e->max_renewable_life_string, e->max_renewable_life_string,
e->expiration_time_string, e->expiration_time_string,
e->pw_expiration_time_string, e->pw_expiration_time_string,
e->attributes_string); e->attributes_string,
e->policy_string);
if(e->kvno_integer != -1) { if(e->kvno_integer != -1) {
princ.kvno = e->kvno_integer; princ.kvno = e->kvno_integer;
mask |= KADM5_KVNO; mask |= KADM5_KVNO;

67
kadmin/util.c
View File

@@ -145,6 +145,59 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
return 0; return 0;
} }
/*
* try to parse the string `resp' into policy in `attr', also
* setting the `bit' in `mask' if attributes are given and valid.
*/
#define VALID_POLICY_NAME_CHARS \
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
int
parse_policy (const char *resp, char **policy, int *mask, int bit)
{
if (strspn(resp, VALID_POLICY_NAME_CHARS) == strlen(resp) &&
*resp != '\0') {
*policy = strdup(resp);
if (*policy == NULL) {
fprintf (stderr, "Out of memory");
return -1;
}
if (mask)
*mask |= bit;
} else if(*resp == '?') {
print_flags_table (kdb_attrs, stderr);
} else {
fprintf (stderr, "Unable to parse \"%s\"\n", resp);
}
return -1;
}
/*
* allow the user to edit the attributes in `attr', prompting with `prompt'
*/
int
edit_policy (const char *prompt, char **policy, int *mask, int bit)
{
char buf[1024], resp[1024];
if (mask && (*mask & bit))
return 0;
strlcpy(buf, *policy, sizeof (buf));
for (;;) {
if(get_response("Policy", buf, resp, sizeof(resp)) != 0)
return 1;
if (resp[0] == '\0')
break;
if (parse_policy (resp, policy, mask, bit) == 0)
break;
}
return 0;
}
/* /*
* time_t * time_t
* the special value 0 means ``never'' * the special value 0 means ``never''
@@ -420,6 +473,10 @@ edit_entry(kadm5_principal_ent_t ent, int *mask,
KADM5_ATTRIBUTES) != 0) KADM5_ATTRIBUTES) != 0)
return 1; return 1;
if(edit_policy ("Policy", &ent->policy, mask,
KADM5_POLICY) != 0)
return 1;
return 0; return 0;
} }
@@ -437,7 +494,8 @@ set_entry(krb5_context contextp,
const char *max_renewable_life, const char *max_renewable_life,
const char *expiration, const char *expiration,
const char *pw_expiration, const char *pw_expiration,
const char *attributes) const char *attributes,
const char *policy)
{ {
if (max_ticket_life != NULL) { if (max_ticket_life != NULL) {
if (parse_deltat (max_ticket_life, &ent->max_life, if (parse_deltat (max_ticket_life, &ent->max_life,
@@ -475,6 +533,13 @@ set_entry(krb5_context contextp,
return 1; return 1;
} }
} }
if (policy != NULL) {
if (parse_policy (policy, &ent->policy,
mask, KADM5_POLICY)) {
krb5_warnx (contextp, "unable to parse `%s'", attributes);
return 1;
}
}
return 0; return 0;
} }