Beginning of a kadm5-library
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3662 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
26
lib/kadm5/Makefile.am
Normal file
26
lib/kadm5/Makefile.am
Normal file
@@ -0,0 +1,26 @@
|
||||
# $Id$
|
||||
|
||||
AUTOMAKE_OPTIONS = no-dependencies foreign
|
||||
|
||||
##INCLUDES = -I$(top_builddir)/include
|
||||
|
||||
lib_LIBRARIES = libkadm5.a libkadm5srv.a
|
||||
|
||||
libkadm5_a_SOURCES = \
|
||||
chpass_s.c context_s.c create_s.c delete_s.c destroy_s.c \
|
||||
ent_setup.c flush.c free.c get_s.c init_s.c kadm5_err.et \
|
||||
modify_s.c randkey_s.c rename_s.c set_modifier.c
|
||||
|
||||
libkadm5srv_a_SOURCES = $(libkadm5_a_SOURCES) server_glue.c
|
||||
|
||||
CLEANFILES = kadm5_err.c kadm5_err.h
|
||||
|
||||
SUFFIXES = .et .h
|
||||
|
||||
.et.h:
|
||||
$(SHELL) ../error/compile_et $<
|
||||
|
||||
.et.c:
|
||||
$(SHELL) ../error/compile_et $<
|
||||
|
||||
$(libkadm5_a_OBJECTS): kadm5_err.h
|
395
lib/kadm5/admin.h
Normal file
395
lib/kadm5/admin.h
Normal file
@@ -0,0 +1,395 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef __KADM5_ADMIN_H__
|
||||
#define __KADM5_ADMIN_H__
|
||||
|
||||
#define KADM5_API_VERSION_1 1
|
||||
#define KADM5_API_VERSION_2 2
|
||||
|
||||
#ifndef USE_KADM5_API_VERSION
|
||||
#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
|
||||
#endif
|
||||
|
||||
#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
|
||||
#error No support for API versions other than 2
|
||||
#endif
|
||||
|
||||
#include <krb5.h>
|
||||
|
||||
#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
|
||||
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
|
||||
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
|
||||
#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
|
||||
#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
|
||||
#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
|
||||
#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
|
||||
#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
|
||||
#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
|
||||
#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
|
||||
#define KRB5_KDB_DISALLOW_SVR 0x00001000
|
||||
#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
|
||||
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
|
||||
#define KRB5_KDB_NEW_PRINC 0x00008000
|
||||
|
||||
#define KADM5_PRINCIPAL 0x000001
|
||||
#define KADM5_PRINC_EXPIRE_TIME 0x000002
|
||||
#define KADM5_PW_EXPIRATION 0x000004
|
||||
#define KADM5_LAST_PWD_CHANGE 0x000008
|
||||
#define KADM5_ATTRIBUTES 0x000010
|
||||
#define KADM5_MAX_LIFE 0x000020
|
||||
#define KADM5_MOD_TIME 0x000040
|
||||
#define KADM5_MOD_NAME 0x000080
|
||||
#define KADM5_KVNO 0x000100
|
||||
#define KADM5_MKVNO 0x000200
|
||||
#define KADM5_AUX_ATTRIBUTES 0x000400
|
||||
#define KADM5_POLICY 0x000800
|
||||
#define KADM5_POLICY_CLR 0x001000
|
||||
#define KADM5_MAX_RLIFE 0x002000
|
||||
#define KADM5_LAST_SUCCESS 0x004000
|
||||
#define KADM5_LAST_FAILED 0x008000
|
||||
#define KADM5_FAIL_AUTH_COUNT 0x010000
|
||||
#define KADM5_KEY_DATA 0x020000
|
||||
#define KADM5_TL_DATA 0x040000
|
||||
|
||||
#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
|
||||
|
||||
#define KADM5_PW_MAX_LIFE 0x004000
|
||||
#define KADM5_PW_MIN_LIFE 0x008000
|
||||
#define KADM5_PW_MIN_LENGTH 0x010000
|
||||
#define KADM5_PW_MIN_CLASSES 0x020000
|
||||
#define KADM5_PW_HISTORY_NUM 0x040000
|
||||
#define KADM5_REF_COUNT 0x080000
|
||||
|
||||
#define KADM5_POLICY_NORMAL_MASK (~0)
|
||||
|
||||
#define KADM5_ADMIN_SERVICE "kadmin/admin"
|
||||
#define KADM5_HIST_PRINCIPAL "kadmin/history"
|
||||
#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
|
||||
|
||||
typedef struct _krb5_key_data {
|
||||
int16_t key_data_ver; /* Version */
|
||||
int16_t key_data_kvno; /* Key Version */
|
||||
int16_t key_data_type[2]; /* Array of types */
|
||||
int16_t key_data_length[2]; /* Array of lengths */
|
||||
void** key_data_contents[2];/* Array of pointers */
|
||||
} krb5_key_data;
|
||||
|
||||
typedef struct _krb5_tl_data {
|
||||
struct _krb5_tl_data* tl_data_next;
|
||||
int16_t tl_data_type;
|
||||
int16_t tl_data_length;
|
||||
void **tl_data_contents;
|
||||
} krb5_tl_data;
|
||||
|
||||
typedef struct _kadm5_principal_ent_t {
|
||||
krb5_principal principal;
|
||||
|
||||
krb5_timestamp princ_expire_time;
|
||||
krb5_timestamp last_pwd_change;
|
||||
krb5_timestamp pw_expiration;
|
||||
krb5_deltat max_life;
|
||||
krb5_principal mod_name;
|
||||
krb5_timestamp mod_date;
|
||||
krb5_flags attributes;
|
||||
krb5_kvno kvno;
|
||||
krb5_kvno mkvno;
|
||||
|
||||
char * policy;
|
||||
u_int32_t aux_attributes;
|
||||
|
||||
krb5_deltat max_renewable_life;
|
||||
krb5_timestamp last_success;
|
||||
krb5_timestamp last_failed;
|
||||
krb5_kvno fail_auth_count;
|
||||
int16_t n_key_data;
|
||||
int16_t n_tl_data;
|
||||
krb5_tl_data *tl_data;
|
||||
krb5_key_data *key_data;
|
||||
} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
|
||||
|
||||
typedef struct _kadm5_policy_ent_t {
|
||||
char *policy;
|
||||
|
||||
u_int32_t pw_min_life;
|
||||
u_int32_t pw_max_life;
|
||||
u_int32_t pw_min_length;
|
||||
u_int32_t pw_min_classes;
|
||||
u_int32_t pw_history_num;
|
||||
u_int32_t policy_refcnt;
|
||||
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
|
||||
|
||||
#define KADM5_CONFIG_REALM (1 << 0)
|
||||
#define KADM5_CONFIG_PROFILE (1 << 1)
|
||||
#define KADM5_CONFIG_KADMIND_PORT (1 << 2)
|
||||
#define KADM5_CONFIG_ADMIN_SERVER (1 << 3)
|
||||
#define KADM5_CONFIG_DBNAME (1 << 4)
|
||||
#define KADM5_CONFIG_ADBNAME (1 << 5)
|
||||
#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6)
|
||||
#define KADM5_CONFIG_ACL_FILE (1 << 7)
|
||||
#define KADM5_CONFIG_DICT_FILE (1 << 8)
|
||||
#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9)
|
||||
#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10)
|
||||
#define KADM5_CONFIG_STASH_FILE (1 << 11)
|
||||
#define KADM5_CONFIG_MKEY_NAME (1 << 12)
|
||||
#define KADM5_CONFIG_ENCTYPE (1 << 13)
|
||||
#define KADM5_CONFIG_MAX_LIFE (1 << 14)
|
||||
#define KADM5_CONFIG_MAX_RLIFE (1 << 15)
|
||||
#define KADM5_CONFIG_EXPIRATION (1 << 16)
|
||||
#define KADM5_CONFIG_FLAGS (1 << 17)
|
||||
#define KADM5_CONFIG_ENCTYPES (1 << 18)
|
||||
|
||||
typedef struct {
|
||||
int XXX;
|
||||
}krb5_key_salt_tuple;
|
||||
|
||||
typedef struct _kadm5_config_params {
|
||||
u_int32_t mask;
|
||||
|
||||
/* Client and server fields */
|
||||
char *realm;
|
||||
char *profile;
|
||||
int kadmind_port;
|
||||
|
||||
/* client fields */
|
||||
char *admin_server;
|
||||
|
||||
/* server fields */
|
||||
char *dbname;
|
||||
char *admin_dbname;
|
||||
char *admin_lockfile;
|
||||
char *acl_file;
|
||||
char *dict_file;
|
||||
char *admin_keytab;
|
||||
|
||||
/* server library (database) fields */
|
||||
int mkey_from_kbd;
|
||||
char *stash_file;
|
||||
char *mkey_name;
|
||||
krb5_enctype enctype;
|
||||
krb5_deltat max_life;
|
||||
krb5_deltat max_rlife;
|
||||
krb5_timestamp expiration;
|
||||
krb5_flags flags;
|
||||
krb5_key_salt_tuple *keysalts;
|
||||
int32_t num_keysalts;
|
||||
} kadm5_config_params;
|
||||
|
||||
typedef krb5_error_code kadm5_ret_t;
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_c_flush __P((void *server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_chpass_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *password));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_create_principal __P((
|
||||
void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask,
|
||||
char *password));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_delete_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_destroy __P((void *server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_flush __P((void *server_handle));
|
||||
|
||||
void
|
||||
kadm5_free_key_data __P((
|
||||
void *server_handle,
|
||||
int16_t *n_key_data,
|
||||
krb5_key_data *key_data));
|
||||
|
||||
void
|
||||
kadm5_free_principal_ent __P((
|
||||
void *server_handle,
|
||||
kadm5_principal_ent_t princ));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
kadm5_principal_ent_t out,
|
||||
u_int32_t mask));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_init_with_password __P((
|
||||
char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_modify_principal __P((
|
||||
void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_randkey_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
krb5_keyblock **new_keys,
|
||||
int *n_keys));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_rename_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal source,
|
||||
krb5_principal target));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_chpass_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *password));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_create_principal __P((
|
||||
void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask,
|
||||
char *password));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_delete_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_destroy __P((void *server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_flush __P((void *server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_get_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
kadm5_principal_ent_t out,
|
||||
u_int32_t mask));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_init_with_password __P((
|
||||
char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_modify_principal __P((
|
||||
void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_randkey_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal princ,
|
||||
krb5_keyblock **new_keys,
|
||||
int *n_keys));
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_rename_principal __P((
|
||||
void *server_handle,
|
||||
krb5_principal source,
|
||||
krb5_principal target));
|
||||
|
||||
#if 0
|
||||
/* unimplemented functions */
|
||||
kadm5_ret_t
|
||||
kadm5_decrypt_key(void *server_handle,
|
||||
kadm5_principal_ent_t entry, int32_t
|
||||
ktype, int32_t stype, int32_t
|
||||
kvno, krb5_keyblock *keyblock,
|
||||
krb5_keysalt *keysalt, int *kvnop);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_principals(void *server_handle, char *exp,
|
||||
char ***princs, int *count);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_create_policy(void *server_handle,
|
||||
kadm5_policy_ent_t policy, u_int32_t mask);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_delete_policy(void *server_handle, char *policy);
|
||||
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_modify_policy(void *server_handle,
|
||||
kadm5_policy_ent_t policy,
|
||||
u_int32_t mask);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_policies(void *server_handle, char *exp,
|
||||
char ***pols, int *count);
|
||||
|
||||
void
|
||||
kadm5_free_policy_ent(kadm5_policy_ent_t policy);
|
||||
|
||||
void
|
||||
kadm5_free_name_list(void *server_handle,
|
||||
char **names,
|
||||
int *count);
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_privs(void *server_handle, u_int32_t *privs);
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* __KADM5_ADMIN_H__ */
|
95
lib/kadm5/chpass_s.c
Normal file
95
lib/kadm5/chpass_s.c
Normal file
@@ -0,0 +1,95 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_chpass_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *password)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
hdb_entry ent;
|
||||
kadm5_ret_t ret;
|
||||
ent.principal = princ;
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out;
|
||||
{
|
||||
int i;
|
||||
krb5_data salt;
|
||||
Key *key;
|
||||
krb5_get_salt(princ, &salt);
|
||||
for(i = 0; i < ent.keys.len; i++){
|
||||
key = &ent.keys.val[i];
|
||||
if(key->salt && key->salt->type == hdb_pw_salt &&
|
||||
key->salt->salt.length != 0){
|
||||
/* zap old salt, but not v4 salts */
|
||||
free_Salt(key->salt);
|
||||
key->salt = NULL;
|
||||
}
|
||||
krb5_free_keyblock(context->context, &key->key);
|
||||
ret = krb5_string_to_key(password,
|
||||
key->salt ? &key->salt->salt : &salt,
|
||||
key->key.keytype,
|
||||
&key->key);
|
||||
if(ret)
|
||||
break;
|
||||
}
|
||||
krb5_data_free(&salt);
|
||||
}
|
||||
if(ret)
|
||||
goto out2;
|
||||
ret = _kadm5_set_modifier(context, &ent);
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
return ret;
|
||||
}
|
95
lib/kadm5/context_s.c
Normal file
95
lib/kadm5/context_s.c
Normal file
@@ -0,0 +1,95 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_s_init_context(kadm5_server_context **ctx,
|
||||
kadm5_config_params *params)
|
||||
{
|
||||
*ctx = malloc(sizeof(**ctx));
|
||||
if(*ctx == NULL)
|
||||
return ENOMEM;
|
||||
memset(*ctx, 0, sizeof(**ctx));
|
||||
krb5_init_context(&(*ctx)->context);
|
||||
#if 0
|
||||
#define is_set(M) (params->mask & KADM5_CONFIG_ ## M)
|
||||
if(is_set(REALM))
|
||||
ctx->config.realm = strdup(params->realm);
|
||||
else
|
||||
krb5_get_default_realm(ctx->context, &ctx->config.realm);
|
||||
if(is_set(PROFILE))
|
||||
ctx->config.params = strdup(params->profile);
|
||||
|
||||
if(is_set(KADMIND_PORT))
|
||||
ctx->config.kadmind_port = params->kadmind_port;
|
||||
else
|
||||
ctx->config.kadmind_port = 749;
|
||||
if(is_set(ADMIN_SERVER))
|
||||
ctx->config.admin_server = strdup(params->admin_server);
|
||||
if(is_set(DBNAME))
|
||||
ctx->config.dbname = strdup(params->dbname);
|
||||
if(is_set(ADBNAME))
|
||||
ctx->config.adbname = strdup(params->adbname);
|
||||
if(is_set(ADB_LOCKFILE))
|
||||
ctx->config.adb_lockfile = strdup(params->adb_lockfile);
|
||||
if(is_set(ACL_FILE))
|
||||
ctx->config.acl_file = strdup(params->acl_file);
|
||||
if(is_set(DICT_FILE))
|
||||
ctx->config.dict_file = strdup(params->dict_file);
|
||||
if(is_set(ADMIN_KEYTAB))
|
||||
ctx->config.admin_keytab = strdup(params->admin_keytab);
|
||||
if(is_set(MKEY_FROM_KEYBOARD))
|
||||
ctx->config.mkey_from_keyboard = params->mkey_from_keyboard;
|
||||
if(is_set(STASH_FILE))
|
||||
ctx->config.stash_file = strdup(params->stash_file);
|
||||
if(is_set(MKEY_NAME))
|
||||
ctx->config.mkey_name = strdup(params->mkey_name);
|
||||
|
||||
krb5_enctype enctype;
|
||||
krb5_deltat max_life;
|
||||
krb5_deltat max_rlife;
|
||||
krb5_timestamp expiration;
|
||||
krb5_flags flags;
|
||||
krb5_key_salt_tuple *keysalts;
|
||||
krb5_int32 num_keysalts;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
116
lib/kadm5/create_s.c
Normal file
116
lib/kadm5/create_s.c
Normal file
@@ -0,0 +1,116 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
#define REQUIRED_MASK (KADM5_PRINCIPAL)
|
||||
#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT | KADM5_KEY_DATA)
|
||||
|
||||
#define set_value(X, V) do { (X) = malloc(sizeof(*X)); *(X) = V; } while(0)
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_create_principal(void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask,
|
||||
char *password)
|
||||
{
|
||||
kadm5_server_context *context;
|
||||
hdb_entry ent;
|
||||
kadm5_ret_t ret;
|
||||
context = server_handle;
|
||||
if((mask & REQUIRED_MASK) != REQUIRED_MASK)
|
||||
return KADM5_BAD_MASK;
|
||||
if((mask & FORBIDDEN_MASK))
|
||||
return KADM5_BAD_MASK;
|
||||
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
|
||||
/* XXX no real policies for now */
|
||||
return KADM5_UNK_POLICY;
|
||||
memset(&ent, 0, sizeof(ent));
|
||||
ret = krb5_copy_principal(context->context, princ->principal,
|
||||
&ent.principal);
|
||||
if(ret)
|
||||
return ret;
|
||||
/* set defaults */
|
||||
ent.flags.postdate = 1;
|
||||
ent.flags.forwardable = 1;
|
||||
ent.flags.initial = 0;
|
||||
ent.flags.renewable = 1;
|
||||
ent.flags.proxiable = 1;
|
||||
ent.flags.require_preauth = 0;
|
||||
ent.flags.server = 1;
|
||||
ent.flags.client = 1;
|
||||
ent.flags.change_pw = 0;
|
||||
ent.flags.invalid = 0;
|
||||
|
||||
ent.kvno = 1;
|
||||
|
||||
ret = _kadm5_setup_entry(&ent, princ, mask);
|
||||
|
||||
{
|
||||
krb5_data salt;
|
||||
ent.keys.len = 1;
|
||||
ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val));
|
||||
ent.keys.val[0].mkvno = 0;
|
||||
ret = krb5_get_salt (ent.principal, &salt);
|
||||
krb5_string_to_key(password,
|
||||
&salt,
|
||||
KEYTYPE_DES,
|
||||
&ent.keys.val[0].key);
|
||||
krb5_data_free(&salt);
|
||||
ent.keys.val[0].salt = NULL;
|
||||
}
|
||||
|
||||
ent.created_by.time = time(NULL);
|
||||
ret = krb5_copy_principal(context->context, context->caller,
|
||||
&ent.created_by.principal);
|
||||
if(ret)
|
||||
goto out;
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
goto out;
|
||||
ret = context->db->store(context->context, context->db, 0, &ent);
|
||||
context->db->close(context->context, context->db);
|
||||
out:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
if(ret == HDB_ERR_INUSE)
|
||||
return KADM5_DUP;
|
||||
return ret;
|
||||
}
|
||||
|
57
lib/kadm5/delete_s.c
Normal file
57
lib/kadm5/delete_s.c
Normal file
@@ -0,0 +1,57 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
kadm5_ret_t ret;
|
||||
hdb_entry ent;
|
||||
ent.principal = princ;
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret) return ret;
|
||||
ret = context->db->delete(context->context, context->db, &ent);
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
return ret;
|
||||
}
|
53
lib/kadm5/destroy_s.c
Normal file
53
lib/kadm5/destroy_s.c
Normal file
@@ -0,0 +1,53 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_destroy(void *server_handle)
|
||||
{
|
||||
kadm5_ret_t ret;
|
||||
kadm5_server_context *context = server_handle;
|
||||
ret = context->db->destroy(context->context, context->db);
|
||||
krb5_free_context(context->context);
|
||||
free(context->config.realm);
|
||||
return ret;
|
||||
}
|
||||
|
90
lib/kadm5/ent_setup.c
Normal file
90
lib/kadm5/ent_setup.c
Normal file
@@ -0,0 +1,90 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0);
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_setup_entry(hdb_entry *ent, kadm5_principal_ent_t princ, u_int32_t mask)
|
||||
{
|
||||
if(mask & KADM5_PRINC_EXPIRE_TIME)
|
||||
set_value(ent->valid_end, princ->princ_expire_time);
|
||||
if(mask & KADM5_PW_EXPIRATION)
|
||||
set_value(ent->pw_end, princ->pw_expiration);
|
||||
if(mask & KADM5_ATTRIBUTES){
|
||||
ent->flags.postdate =
|
||||
!(princ->attributes & KRB5_KDB_DISALLOW_POSTDATED);
|
||||
ent->flags.forwardable =
|
||||
!(princ->attributes & KRB5_KDB_DISALLOW_FORWARDABLE);
|
||||
ent->flags.initial =
|
||||
!!(princ->attributes & KRB5_KDB_DISALLOW_TGT_BASED);
|
||||
ent->flags.renewable =
|
||||
!(princ->attributes & KRB5_KDB_DISALLOW_RENEWABLE);
|
||||
ent->flags.proxiable =
|
||||
!(princ->attributes & KRB5_KDB_DISALLOW_PROXIABLE);
|
||||
/* DUP_SKEY */
|
||||
ent->flags.invalid =
|
||||
!!(princ->attributes & KRB5_KDB_DISALLOW_ALL_TIX);
|
||||
ent->flags.require_preauth =
|
||||
!!(princ->attributes & KRB5_KDB_REQUIRES_PRE_AUTH);
|
||||
/* HW_AUTH */
|
||||
ent->flags.server =
|
||||
!(princ->attributes & KRB5_KDB_DISALLOW_SVR);
|
||||
ent->flags.change_pw =
|
||||
!!(princ->attributes & KRB5_KDB_PWCHANGE_SERVICE);
|
||||
/* SUPPPORT_DESMD5 */
|
||||
/* NEW_PRINC */
|
||||
|
||||
}
|
||||
if(mask & KADM5_MAX_LIFE)
|
||||
set_value(ent->max_life, princ->max_life);
|
||||
if(mask & KADM5_KVNO)
|
||||
ent->kvno = princ->kvno;
|
||||
if(mask & KADM5_MAX_RLIFE)
|
||||
set_value(ent->max_renew, princ->max_renewable_life);
|
||||
if(mask & KADM5_TL_DATA){
|
||||
/* XXX */
|
||||
}
|
||||
if(mask & KADM5_FAIL_AUTH_COUNT){
|
||||
/* XXX */
|
||||
}
|
||||
return 0;
|
||||
}
|
53
lib/kadm5/flush.c
Normal file
53
lib/kadm5/flush.c
Normal file
@@ -0,0 +1,53 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_flush(void *server_handle)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_c_flush(void *server_handle)
|
||||
{
|
||||
return 0;
|
||||
}
|
83
lib/kadm5/free.c
Normal file
83
lib/kadm5/free.c
Normal file
@@ -0,0 +1,83 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
void
|
||||
kadm5_free_key_data(void *server_handle,
|
||||
int16_t *n_key_data,
|
||||
krb5_key_data *key_data)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < *n_key_data; i++){
|
||||
if(key_data[i].key_data_contents[0]){
|
||||
memset(key_data[i].key_data_contents[0],
|
||||
0,
|
||||
key_data[i].key_data_length[0]);
|
||||
free(key_data[i].key_data_contents[0]);
|
||||
}
|
||||
if(key_data[i].key_data_contents[1])
|
||||
free(key_data[i].key_data_contents[1]);
|
||||
}
|
||||
*n_key_data = 0;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
kadm5_free_principal_ent(void *server_handle,
|
||||
kadm5_principal_ent_t princ)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
if(princ->principal)
|
||||
krb5_free_principal(context->context, princ->principal);
|
||||
if(princ->mod_name)
|
||||
krb5_free_principal(context->context, princ->mod_name);
|
||||
kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
|
||||
while(princ->n_tl_data && princ->tl_data){
|
||||
krb5_tl_data *tp;
|
||||
tp = princ->tl_data;
|
||||
princ->tl_data = tp->tl_data_next;
|
||||
princ->n_tl_data--;
|
||||
memset(tp->tl_data_contents, 0, tp->tl_data_length);
|
||||
free(tp->tl_data_contents);
|
||||
free(tp);
|
||||
}
|
||||
}
|
||||
|
174
lib/kadm5/get_s.c
Normal file
174
lib/kadm5/get_s.c
Normal file
@@ -0,0 +1,174 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_get_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
kadm5_principal_ent_t out,
|
||||
u_int32_t mask)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
kadm5_ret_t ret;
|
||||
hdb_entry ent;
|
||||
|
||||
ent.principal = princ;
|
||||
ret = context->db->open(context->context, context->db, O_RDONLY, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
|
||||
|
||||
memset(out, 0, sizeof(*out));
|
||||
if(mask & KADM5_PRINCIPAL)
|
||||
ret = krb5_copy_principal(context->context, ent.principal,
|
||||
&out->principal);
|
||||
if(ret)
|
||||
goto out;
|
||||
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
|
||||
out->princ_expire_time = *ent.valid_end;
|
||||
if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
|
||||
out->pw_expiration = *ent.pw_end;
|
||||
if(mask & KADM5_LAST_PWD_CHANGE)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_ATTRIBUTES){
|
||||
out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
|
||||
out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
|
||||
out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
|
||||
out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
|
||||
out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
|
||||
out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
|
||||
out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
|
||||
out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
|
||||
out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
|
||||
}
|
||||
if(mask & KADM5_MAX_LIFE && ent.max_life)
|
||||
out->max_life = *ent.max_life;
|
||||
if(mask & KADM5_MOD_TIME)
|
||||
if(ent.modified_by)
|
||||
out->mod_date = ent.modified_by->time;
|
||||
else
|
||||
out->mod_date = ent.created_by.time;
|
||||
if(mask & KADM5_MOD_NAME)
|
||||
if(ent.modified_by)
|
||||
ret = krb5_copy_principal(context->context,
|
||||
ent.modified_by->principal,
|
||||
&out->mod_name);
|
||||
else
|
||||
ret = krb5_copy_principal(context->context,
|
||||
ent.created_by.principal,
|
||||
&out->mod_name);
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
if(mask & KADM5_KVNO)
|
||||
out->kvno = ent.kvno;
|
||||
if(mask & KADM5_MKVNO && ent.keys.len)
|
||||
out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */
|
||||
if(mask & KADM5_AUX_ATTRIBUTES)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_POLICY)
|
||||
out->policy = NULL;
|
||||
if(mask & KADM5_MAX_RLIFE && ent.max_renew)
|
||||
out->max_renewable_life = *ent.max_renew;
|
||||
if(mask & KADM5_LAST_SUCCESS)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_LAST_FAILED)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_FAIL_AUTH_COUNT)
|
||||
/* XXX implement */;
|
||||
if(mask & KADM5_KEY_DATA){
|
||||
int i;
|
||||
Key *key;
|
||||
krb5_key_data *kd;
|
||||
krb5_data salt, *sp;
|
||||
krb5_get_salt(ent.principal, &salt);
|
||||
out->key_data = malloc(ent.keys.len * sizeof(*out->key_data));
|
||||
for(i = 0; i < ent.keys.len; i++){
|
||||
key = &ent.keys.val[i];
|
||||
kd = &out->key_data[i];
|
||||
kd->key_data_ver = 2;
|
||||
kd->key_data_kvno = ent.kvno;
|
||||
kd->key_data_type[0] = key->key.keytype;
|
||||
if(key->salt)
|
||||
kd->key_data_type[1] = key->salt->type;
|
||||
else
|
||||
kd->key_data_type[1] = pa_pw_salt;
|
||||
/* setup key */
|
||||
kd->key_data_length[0] = key->key.keyvalue.length;
|
||||
kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
|
||||
if(kd->key_data_contents[0] == NULL){
|
||||
ret = ENOMEM;
|
||||
break;
|
||||
}
|
||||
memcpy(kd->key_data_contents[0], key->key.keyvalue.data,
|
||||
kd->key_data_length[0]);
|
||||
/* setup salt */
|
||||
if(key->salt)
|
||||
sp = &key->salt->salt;
|
||||
else
|
||||
sp = &salt;
|
||||
kd->key_data_length[1] = sp->length;
|
||||
kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
|
||||
if(kd->key_data_contents[1] == NULL){
|
||||
memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
|
||||
ret = ENOMEM;
|
||||
break;
|
||||
}
|
||||
memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
|
||||
out->n_key_data = i;
|
||||
}
|
||||
krb5_data_free(&salt);
|
||||
}
|
||||
if(ret){
|
||||
kadm5_free_principal_ent(context, out);
|
||||
goto out;
|
||||
}
|
||||
if(mask & KADM5_TL_DATA)
|
||||
/* XXX implement */;
|
||||
out:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
|
||||
return ret;
|
||||
}
|
101
lib/kadm5/init_s.c
Normal file
101
lib/kadm5/init_s.c
Normal file
@@ -0,0 +1,101 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_init_with_password(char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle)
|
||||
{
|
||||
kadm5_ret_t ret;
|
||||
kadm5_server_context *context;
|
||||
ret = _kadm5_s_init_context(&context, realm_params);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = hdb_create(context->context, &context->db, NULL);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = krb5_parse_name(context->context, service_name, &context->caller);
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
*server_handle = context;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if 0
|
||||
kadm5_ret_t
|
||||
kadm5_init_with_skey(char *client_name, char *keytab,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle)
|
||||
{
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_init(char *client_name, char *pass,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle)
|
||||
{
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_init_with_creds(char *client_name,
|
||||
krb5_ccache ccache,
|
||||
char *service_name,
|
||||
kadm5_config_params *params,
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
#endif
|
59
lib/kadm5/kadm5_err.et
Normal file
59
lib/kadm5/kadm5_err.et
Normal file
@@ -0,0 +1,59 @@
|
||||
#
|
||||
# Error messages for the kadm5 library
|
||||
#
|
||||
# This might look like a com_err file, but is not
|
||||
#
|
||||
id $Id$
|
||||
|
||||
error_table kadm5 ovk
|
||||
|
||||
prefix KADM5
|
||||
error_code FAILURE, "Operation failed for unspecified reason"
|
||||
error_code AUTH_GET, "Operation requires ``get'' privilege"
|
||||
error_code AUTH_ADD, "Operation requires ``add'' privilege"
|
||||
error_code AUTH_MODIFY, "Operation requires ``modify'' privilege"
|
||||
error_code AUTH_DELETE, "Operation requires ``delete'' privilege"
|
||||
error_code AUTH_INSUFFICIENT, "Insufficient authorization for operation"
|
||||
error_code BAD_DB, "Database inconsistency detected"
|
||||
error_code DUP, "Principal or policy already exists"
|
||||
error_code RPC_ERROR, "Communication failure with server"
|
||||
error_code NO_SRV, "No administration server found for realm"
|
||||
error_code BAD_HIST_KEY, "Password history principal key version mismatch"
|
||||
error_code NOT_INIT, "Connection to server not initialized"
|
||||
error_code UNK_PRINC, "Principal does not exist"
|
||||
error_code UNK_POLICY, "Policy does not exist"
|
||||
error_code BAD_MASK, "Invalid field mask for operation"
|
||||
error_code BAD_CLASS, "Invalid number of character classes"
|
||||
error_code BAD_LENGTH, "Invalid password length"
|
||||
error_code BAD_POLICY, "Illegal policy name"
|
||||
error_code BAD_PRINCIPAL, "Illegal principal name."
|
||||
error_code BAD_AUX_ATTR, "Invalid auxillary attributes"
|
||||
error_code BAD_HISTORY, "Invalid password history count"
|
||||
error_code BAD_MIN_PASS_LIFE, "Password minimum life is greater then password maximum life"
|
||||
error_code PASS_Q_TOOSHORT, "Password is too short"
|
||||
error_code PASS_Q_CLASS, "Password does not contain enough character classes"
|
||||
error_code PASS_Q_DICT, "Password is in the password dictionary"
|
||||
error_code PASS_REUSE, "Cannot resuse password"
|
||||
error_code PASS_TOOSOON, "Current password's minimum life has not expired"
|
||||
error_code POLICY_REF, "Policy is in use"
|
||||
error_code INIT, "Connection to server already initialized"
|
||||
error_code BAD_PASSWORD, "Incorrect password"
|
||||
error_code PROTECT_PRINCIPAL, "Cannot change protected principal"
|
||||
error_code BAD_SERVER_HANDLE, "Programmer error! Bad Admin server handle"
|
||||
error_code BAD_STRUCT_VERSION, "Programmer error! Bad API structure version"
|
||||
error_code OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported"
|
||||
error_code NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries"
|
||||
error_code BAD_API_VERSION, "Programmer error! Bad API version"
|
||||
error_code OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries"
|
||||
error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
|
||||
error_code NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries"
|
||||
error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
|
||||
error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
|
||||
error_code NO_RENAME_SALT, "The salt type of the specified principal does not support renaming"
|
||||
error_code BAD_CLIENT_PARAMS, "Illegal configuration parameter for remote KADM5 client"
|
||||
error_code BAD_SERVER_PARAMS, "Illegal configuration parameter for local KADM5 client."
|
||||
error_code AUTH_LIST, "Operation requires ``list'' privilege"
|
||||
error_code AUTH_CHANGEPW, "Operation requires ``change-password'' privilege"
|
||||
error_code BAD_TL_TYPE, "Programmer error! Illegal tagged data list element type"
|
||||
error_code MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
|
||||
error_code BAD_SERVER_NAME, "Bad krb5 admin server hostname"
|
83
lib/kadm5/kadm5_locl.h
Normal file
83
lib/kadm5/kadm5_locl.h
Normal file
@@ -0,0 +1,83 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef __KADM5_LOCL_H__
|
||||
#define __KADM5_LOCL_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#ifdef HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#endif
|
||||
#include "admin.h"
|
||||
#include "kadm5_err.h"
|
||||
#include <hdb.h>
|
||||
|
||||
typedef struct kadm5_server_context {
|
||||
krb5_context context;
|
||||
kadm5_config_params config;
|
||||
HDB *db;
|
||||
krb5_principal caller;
|
||||
}kadm5_server_context;
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_s_init_context __P((
|
||||
kadm5_server_context **ctx,
|
||||
kadm5_config_params *params));
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_set_modifier __P((
|
||||
kadm5_server_context *context,
|
||||
hdb_entry *ent));
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_setup_entry __P((
|
||||
hdb_entry *ent,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask));
|
||||
|
||||
#endif /* __KADM5_LOCL_H__ */
|
81
lib/kadm5/modify_s.c
Normal file
81
lib/kadm5/modify_s.c
Normal file
@@ -0,0 +1,81 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_KEY_DATA)
|
||||
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_modify_principal(void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
hdb_entry ent;
|
||||
kadm5_ret_t ret;
|
||||
if((mask & FORBIDDEN_MASK))
|
||||
return KADM5_BAD_MASK;
|
||||
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
|
||||
return KADM5_UNK_POLICY;
|
||||
|
||||
ent.principal = princ->principal;
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
if(ret)
|
||||
goto out;
|
||||
ret = _kadm5_setup_entry(&ent, princ, mask);
|
||||
if(ret)
|
||||
goto out2;
|
||||
ret = _kadm5_set_modifier(context, &ent);
|
||||
if(ret)
|
||||
goto out2;
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
return ret;
|
||||
}
|
||||
|
105
lib/kadm5/randkey_s.c
Normal file
105
lib/kadm5/randkey_s.c
Normal file
@@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_randkey_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
krb5_keyblock **new_keys,
|
||||
int *n_keys)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
hdb_entry ent;
|
||||
kadm5_ret_t ret;
|
||||
ent.principal = princ;
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
goto out;
|
||||
{
|
||||
int i;
|
||||
Key *key;
|
||||
*new_keys = malloc(ent.keys.len * sizeof(**new_keys));
|
||||
for(i = 0; i < ent.keys.len; i++){
|
||||
key = &ent.keys.val[i];
|
||||
if(key->salt){
|
||||
/* zap any salt */
|
||||
free_Salt(key->salt);
|
||||
key->salt = NULL;
|
||||
}
|
||||
krb5_free_keyblock(context->context, &key->key);
|
||||
ret = krb5_generate_random_keyblock(context->context,
|
||||
key->key.keytype,
|
||||
&key->key);
|
||||
|
||||
if(ret)
|
||||
break;
|
||||
ret = krb5_copy_keyblock(context->context, &key->key, &new_keys[i]);
|
||||
if(ret)
|
||||
break;
|
||||
*n_keys = i + 1;
|
||||
}
|
||||
}
|
||||
if(ret)
|
||||
goto out2;
|
||||
ret = _kadm5_set_modifier(context, &ent);
|
||||
if(ret)
|
||||
goto out2;
|
||||
|
||||
ret = context->db->store(context->context, context->db, 1, &ent);
|
||||
out2:
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
context->db->close(context->context, context->db);
|
||||
if(ret){
|
||||
int i;
|
||||
for(i = 0; i < *n_keys; i++)
|
||||
krb5_free_keyblock(context->context, &(*new_keys)[i]);
|
||||
free(*new_keys);
|
||||
*n_keys = 0;
|
||||
}
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
return ret;
|
||||
}
|
||||
|
105
lib/kadm5/rename_s.c
Normal file
105
lib/kadm5/rename_s.c
Normal file
@@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_s_rename_principal(void *server_handle,
|
||||
krb5_principal source,
|
||||
krb5_principal target)
|
||||
{
|
||||
kadm5_server_context *context = server_handle;
|
||||
kadm5_ret_t ret;
|
||||
hdb_entry ent, ent2;
|
||||
ent.principal = source;
|
||||
if(krb5_principal_compare(context->context, source, target))
|
||||
return KADM5_DUP; /* XXX is this right? */
|
||||
if(!krb5_realm_compare(context->context, source, target))
|
||||
return KADM5_FAILURE; /* XXX better code */
|
||||
ret = context->db->open(context->context, context->db, O_RDWR, 0);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = context->db->fetch(context->context, context->db, &ent);
|
||||
if(ret){
|
||||
context->db->close(context->context, context->db);
|
||||
goto out;
|
||||
}
|
||||
ret = _kadm5_set_modifier(context, &ent);
|
||||
if(ret)
|
||||
goto out2;
|
||||
{
|
||||
/* fix salt */
|
||||
int i;
|
||||
krb5_data salt;
|
||||
krb5_get_salt(target, &salt);
|
||||
for(i = 0; i < ent.keys.len; i++){
|
||||
if(ent.keys.val[i].salt == NULL){
|
||||
ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt));
|
||||
ent.keys.val[i].salt->type = hdb_pw_salt;
|
||||
ret = krb5_data_copy(&ent.keys.val[i].salt->salt,
|
||||
salt.data, salt.length);
|
||||
if(ret)
|
||||
break;
|
||||
}
|
||||
}
|
||||
krb5_data_free(&salt);
|
||||
}
|
||||
if(ret)
|
||||
goto out2;
|
||||
ent2.principal = ent.principal;
|
||||
ent.principal = target;
|
||||
ret = context->db->store(context->context, context->db, 0, &ent);
|
||||
if(ret){
|
||||
ent.principal = ent2.principal;
|
||||
goto out2;
|
||||
}
|
||||
ret = context->db->delete(context->context, context->db, &ent2);
|
||||
ent.principal = ent2.principal;
|
||||
out2:
|
||||
context->db->close(context->context, context->db);
|
||||
hdb_free_entry(context->context, &ent);
|
||||
out:
|
||||
if(ret == HDB_ERR_NOENTRY)
|
||||
return KADM5_UNK_PRINC;
|
||||
if(ret == HDB_ERR_INUSE)
|
||||
return KADM5_DUP;
|
||||
return ret;
|
||||
}
|
||||
|
130
lib/kadm5/server_glue.c
Normal file
130
lib/kadm5/server_glue.c
Normal file
@@ -0,0 +1,130 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_chpass_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *password)
|
||||
{
|
||||
return kadm5_s_chpass_principal(server_handle, princ, password);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_create_principal(void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask,
|
||||
char *password)
|
||||
{
|
||||
return kadm5_s_create_principal(server_handle, princ, mask, password);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_delete_principal(void *server_handle,
|
||||
krb5_principal princ)
|
||||
{
|
||||
return kadm5_s_delete_principal(server_handle, princ);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_destroy (void *server_handle)
|
||||
{
|
||||
return kadm5_s_destroy(server_handle);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_flush (void *server_handle)
|
||||
{
|
||||
return kadm5_s_flush(server_handle);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_get_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
kadm5_principal_ent_t out,
|
||||
u_int32_t mask)
|
||||
{
|
||||
return kadm5_s_get_principal(server_handle, princ, out, mask);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_init_with_password(char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
kadm5_config_params *realm_params,
|
||||
unsigned long struct_version,
|
||||
unsigned long api_version,
|
||||
void **server_handle)
|
||||
{
|
||||
return kadm5_s_init_with_password(client_name,
|
||||
pass,
|
||||
service_name,
|
||||
realm_params,
|
||||
struct_version,
|
||||
api_version,
|
||||
server_handle);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_modify_principal(void *server_handle,
|
||||
kadm5_principal_ent_t princ,
|
||||
u_int32_t mask)
|
||||
{
|
||||
return kadm5_s_modify_principal(server_handle, princ, mask);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_randkey_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
krb5_keyblock **new_keys,
|
||||
int *n_keys)
|
||||
{
|
||||
return kadm5_s_randkey_principal(server_handle, princ, new_keys, n_keys);
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
kadm5_rename_principal(void *server_handle,
|
||||
krb5_principal source,
|
||||
krb5_principal target)
|
||||
{
|
||||
return kadm5_s_rename_principal(server_handle, source, target);
|
||||
}
|
||||
|
59
lib/kadm5/set_modifier.c
Normal file
59
lib/kadm5/set_modifier.c
Normal file
@@ -0,0 +1,59 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "kadm5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
kadm5_ret_t
|
||||
_kadm5_set_modifier(kadm5_server_context *context,
|
||||
hdb_entry *ent)
|
||||
{
|
||||
kadm5_ret_t ret;
|
||||
if(ent->modified_by == NULL){
|
||||
ent->modified_by = malloc(sizeof(*ent->modified_by));
|
||||
if(ent->modified_by == NULL)
|
||||
return ENOMEM;
|
||||
} else
|
||||
free_Event(ent->modified_by);
|
||||
ent->modified_by->time = time(NULL);
|
||||
ret = krb5_copy_principal(context->context, context->caller,
|
||||
&ent->modified_by->principal);
|
||||
return ret;
|
||||
}
|
||||
|
Reference in New Issue
Block a user