Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with specification.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3839 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -72,7 +72,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
}
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_GET);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -94,7 +94,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
goto fail;
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_DELETE);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -123,7 +123,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_unparse_name_fixed(context->context, ent.principal,
|
||||
name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CREATE);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD);
|
||||
if(ret){
|
||||
kadm5_free_principal_ent(context->context, &ent);
|
||||
memset(password, 0, strlen(password));
|
||||
@@ -152,7 +152,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_unparse_name_fixed(context->context, ent.principal,
|
||||
name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_MODIFY);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY);
|
||||
if(ret){
|
||||
kadm5_free_principal_ent(context, &ent);
|
||||
goto fail;
|
||||
@@ -178,7 +178,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_warnx(context->context, "%s: %s %s -> %s",
|
||||
client, op, name, name2);
|
||||
ret = _kadm5_acl_check_permission(context,
|
||||
KADM5_ACL_CREATE|KADM5_ACL_DELETE);
|
||||
KADM5_PRIV_ADD|KADM5_PRIV_DELETE);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -202,7 +202,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
}
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -222,7 +222,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
goto fail;
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
|
||||
@@ -41,13 +41,13 @@
|
||||
RCSID("$Id$");
|
||||
|
||||
static struct units acl_units[] = {
|
||||
{ "all", KADM5_ACL_ALL },
|
||||
{ "list", KADM5_ACL_LIST },
|
||||
{ "delete", KADM5_ACL_DELETE },
|
||||
{ "chpass", KADM5_ACL_CHPASS },
|
||||
{ "modify", KADM5_ACL_MODIFY },
|
||||
{ "add", KADM5_ACL_CREATE },
|
||||
{ "get", KADM5_ACL_GET },
|
||||
{ "all", KADM5_PRIV_ALL },
|
||||
{ "cpw", KADM5_PRIV_CPW },
|
||||
{ "list", KADM5_PRIV_LIST },
|
||||
{ "delete", KADM5_PRIV_DELETE },
|
||||
{ "modify", KADM5_PRIV_MODIFY },
|
||||
{ "add", KADM5_PRIV_ADD },
|
||||
{ "get", KADM5_PRIV_GET },
|
||||
{ NULL }
|
||||
};
|
||||
|
||||
@@ -103,17 +103,17 @@ kadm5_ret_t
|
||||
_kadm5_acl_check_permission(kadm5_server_context *context, unsigned op)
|
||||
{
|
||||
unsigned res = ~context->acl_flags & op;
|
||||
if(res & KADM5_ACL_GET)
|
||||
if(res & KADM5_PRIV_GET)
|
||||
return KADM5_AUTH_GET;
|
||||
if(res & KADM5_ACL_CREATE)
|
||||
if(res & KADM5_PRIV_ADD)
|
||||
return KADM5_AUTH_ADD;
|
||||
if(res & KADM5_ACL_MODIFY)
|
||||
if(res & KADM5_PRIV_MODIFY)
|
||||
return KADM5_AUTH_MODIFY;
|
||||
if(res & KADM5_ACL_DELETE)
|
||||
if(res & KADM5_PRIV_DELETE)
|
||||
return KADM5_AUTH_DELETE;
|
||||
if(res & KADM5_ACL_CHPASS)
|
||||
if(res & KADM5_PRIV_CPW)
|
||||
return KADM5_AUTH_CHANGEPW;
|
||||
if(res & KADM5_ACL_LIST)
|
||||
if(res & KADM5_PRIV_LIST)
|
||||
return KADM5_AUTH_LIST;
|
||||
if(res)
|
||||
return KADM5_AUTH_INSUFFICIENT;
|
||||
|
||||
@@ -175,13 +175,13 @@ typedef struct _kadm5_policy_ent_t {
|
||||
#define KADM5_CONFIG_FLAGS (1 << 17)
|
||||
#define KADM5_CONFIG_ENCTYPES (1 << 18)
|
||||
|
||||
#define KADM5_ACL_GET (1 << 0)
|
||||
#define KADM5_ACL_CREATE (1 << 1)
|
||||
#define KADM5_ACL_MODIFY (1 << 2)
|
||||
#define KADM5_ACL_CHPASS (1 << 3)
|
||||
#define KADM5_ACL_DELETE (1 << 4)
|
||||
#define KADM5_ACL_LIST (1 << 5)
|
||||
#define KADM5_ACL_ALL (0x7fffffff) /* XXX ~0 breaks in parse_flags */
|
||||
#define KADM5_PRIV_GET (1 << 0)
|
||||
#define KADM5_PRIV_ADD (1 << 1)
|
||||
#define KADM5_PRIV_MODIFY (1 << 2)
|
||||
#define KADM5_PRIV_DELETE (1 << 3)
|
||||
#define KADM5_PRIV_LIST (1 << 4)
|
||||
#define KADM5_PRIV_CPW (1 << 5)
|
||||
#define KADM5_PRIV_ALL (0x7fffffff) /* XXX ~0 breaks in parse_flags */
|
||||
|
||||
typedef struct {
|
||||
int XXX;
|
||||
|
||||
@@ -72,7 +72,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
}
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_GET);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -94,7 +94,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
goto fail;
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_DELETE);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -123,7 +123,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_unparse_name_fixed(context->context, ent.principal,
|
||||
name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CREATE);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD);
|
||||
if(ret){
|
||||
kadm5_free_principal_ent(context->context, &ent);
|
||||
memset(password, 0, strlen(password));
|
||||
@@ -152,7 +152,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_unparse_name_fixed(context->context, ent.principal,
|
||||
name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_MODIFY);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY);
|
||||
if(ret){
|
||||
kadm5_free_principal_ent(context, &ent);
|
||||
goto fail;
|
||||
@@ -178,7 +178,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
krb5_warnx(context->context, "%s: %s %s -> %s",
|
||||
client, op, name, name2);
|
||||
ret = _kadm5_acl_check_permission(context,
|
||||
KADM5_ACL_CREATE|KADM5_ACL_DELETE);
|
||||
KADM5_PRIV_ADD|KADM5_PRIV_DELETE);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -202,7 +202,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
}
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
@@ -222,7 +222,7 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
|
||||
goto fail;
|
||||
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
|
||||
krb5_warnx(context->context, "%s: %s %s", client, op, name);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
|
||||
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
|
||||
if(ret){
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
|
||||
Reference in New Issue
Block a user