Beginning of a kadm5-library

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3662 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-10-25 06:19:27 +00:00
parent 682526e518
commit 68d77a285f
19 changed files with 1960 additions and 0 deletions

26
lib/kadm5/Makefile.am Normal file
View File

@@ -0,0 +1,26 @@
# $Id$
AUTOMAKE_OPTIONS = no-dependencies foreign
##INCLUDES = -I$(top_builddir)/include
lib_LIBRARIES = libkadm5.a libkadm5srv.a
libkadm5_a_SOURCES = \
chpass_s.c context_s.c create_s.c delete_s.c destroy_s.c \
ent_setup.c flush.c free.c get_s.c init_s.c kadm5_err.et \
modify_s.c randkey_s.c rename_s.c set_modifier.c
libkadm5srv_a_SOURCES = $(libkadm5_a_SOURCES) server_glue.c
CLEANFILES = kadm5_err.c kadm5_err.h
SUFFIXES = .et .h
.et.h:
$(SHELL) ../error/compile_et $<
.et.c:
$(SHELL) ../error/compile_et $<
$(libkadm5_a_OBJECTS): kadm5_err.h

395
lib/kadm5/admin.h Normal file
View File

@@ -0,0 +1,395 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
#define KADM5_API_VERSION_1 1
#define KADM5_API_VERSION_2 2
#ifndef USE_KADM5_API_VERSION
#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
#endif
#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
#error No support for API versions other than 2
#endif
#include <krb5.h>
#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
#define KRB5_KDB_DISALLOW_SVR 0x00001000
#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
#define KRB5_KDB_NEW_PRINC 0x00008000
#define KADM5_PRINCIPAL 0x000001
#define KADM5_PRINC_EXPIRE_TIME 0x000002
#define KADM5_PW_EXPIRATION 0x000004
#define KADM5_LAST_PWD_CHANGE 0x000008
#define KADM5_ATTRIBUTES 0x000010
#define KADM5_MAX_LIFE 0x000020
#define KADM5_MOD_TIME 0x000040
#define KADM5_MOD_NAME 0x000080
#define KADM5_KVNO 0x000100
#define KADM5_MKVNO 0x000200
#define KADM5_AUX_ATTRIBUTES 0x000400
#define KADM5_POLICY 0x000800
#define KADM5_POLICY_CLR 0x001000
#define KADM5_MAX_RLIFE 0x002000
#define KADM5_LAST_SUCCESS 0x004000
#define KADM5_LAST_FAILED 0x008000
#define KADM5_FAIL_AUTH_COUNT 0x010000
#define KADM5_KEY_DATA 0x020000
#define KADM5_TL_DATA 0x040000
#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
#define KADM5_PW_MAX_LIFE 0x004000
#define KADM5_PW_MIN_LIFE 0x008000
#define KADM5_PW_MIN_LENGTH 0x010000
#define KADM5_PW_MIN_CLASSES 0x020000
#define KADM5_PW_HISTORY_NUM 0x040000
#define KADM5_REF_COUNT 0x080000
#define KADM5_POLICY_NORMAL_MASK (~0)
#define KADM5_ADMIN_SERVICE "kadmin/admin"
#define KADM5_HIST_PRINCIPAL "kadmin/history"
#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
typedef struct _krb5_key_data {
int16_t key_data_ver; /* Version */
int16_t key_data_kvno; /* Key Version */
int16_t key_data_type[2]; /* Array of types */
int16_t key_data_length[2]; /* Array of lengths */
void** key_data_contents[2];/* Array of pointers */
} krb5_key_data;
typedef struct _krb5_tl_data {
struct _krb5_tl_data* tl_data_next;
int16_t tl_data_type;
int16_t tl_data_length;
void **tl_data_contents;
} krb5_tl_data;
typedef struct _kadm5_principal_ent_t {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char * policy;
u_int32_t aux_attributes;
krb5_deltat max_renewable_life;
krb5_timestamp last_success;
krb5_timestamp last_failed;
krb5_kvno fail_auth_count;
int16_t n_key_data;
int16_t n_tl_data;
krb5_tl_data *tl_data;
krb5_key_data *key_data;
} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
typedef struct _kadm5_policy_ent_t {
char *policy;
u_int32_t pw_min_life;
u_int32_t pw_max_life;
u_int32_t pw_min_length;
u_int32_t pw_min_classes;
u_int32_t pw_history_num;
u_int32_t policy_refcnt;
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
#define KADM5_CONFIG_REALM (1 << 0)
#define KADM5_CONFIG_PROFILE (1 << 1)
#define KADM5_CONFIG_KADMIND_PORT (1 << 2)
#define KADM5_CONFIG_ADMIN_SERVER (1 << 3)
#define KADM5_CONFIG_DBNAME (1 << 4)
#define KADM5_CONFIG_ADBNAME (1 << 5)
#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6)
#define KADM5_CONFIG_ACL_FILE (1 << 7)
#define KADM5_CONFIG_DICT_FILE (1 << 8)
#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9)
#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10)
#define KADM5_CONFIG_STASH_FILE (1 << 11)
#define KADM5_CONFIG_MKEY_NAME (1 << 12)
#define KADM5_CONFIG_ENCTYPE (1 << 13)
#define KADM5_CONFIG_MAX_LIFE (1 << 14)
#define KADM5_CONFIG_MAX_RLIFE (1 << 15)
#define KADM5_CONFIG_EXPIRATION (1 << 16)
#define KADM5_CONFIG_FLAGS (1 << 17)
#define KADM5_CONFIG_ENCTYPES (1 << 18)
typedef struct {
int XXX;
}krb5_key_salt_tuple;
typedef struct _kadm5_config_params {
u_int32_t mask;
/* Client and server fields */
char *realm;
char *profile;
int kadmind_port;
/* client fields */
char *admin_server;
/* server fields */
char *dbname;
char *admin_dbname;
char *admin_lockfile;
char *acl_file;
char *dict_file;
char *admin_keytab;
/* server library (database) fields */
int mkey_from_kbd;
char *stash_file;
char *mkey_name;
krb5_enctype enctype;
krb5_deltat max_life;
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
krb5_key_salt_tuple *keysalts;
int32_t num_keysalts;
} kadm5_config_params;
typedef krb5_error_code kadm5_ret_t;
kadm5_ret_t
kadm5_c_flush __P((void *server_handle));
kadm5_ret_t
kadm5_chpass_principal __P((
void *server_handle,
krb5_principal princ,
char *password));
kadm5_ret_t
kadm5_create_principal __P((
void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password));
kadm5_ret_t
kadm5_delete_principal __P((
void *server_handle,
krb5_principal princ));
kadm5_ret_t
kadm5_destroy __P((void *server_handle));
kadm5_ret_t
kadm5_flush __P((void *server_handle));
void
kadm5_free_key_data __P((
void *server_handle,
int16_t *n_key_data,
krb5_key_data *key_data));
void
kadm5_free_principal_ent __P((
void *server_handle,
kadm5_principal_ent_t princ));
kadm5_ret_t
kadm5_get_principal __P((
void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
u_int32_t mask));
kadm5_ret_t
kadm5_init_with_password __P((
char *client_name,
char *pass,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle));
kadm5_ret_t
kadm5_modify_principal __P((
void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask));
kadm5_ret_t
kadm5_randkey_principal __P((
void *server_handle,
krb5_principal princ,
krb5_keyblock **new_keys,
int *n_keys));
kadm5_ret_t
kadm5_rename_principal __P((
void *server_handle,
krb5_principal source,
krb5_principal target));
kadm5_ret_t
kadm5_s_chpass_principal __P((
void *server_handle,
krb5_principal princ,
char *password));
kadm5_ret_t
kadm5_s_create_principal __P((
void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password));
kadm5_ret_t
kadm5_s_delete_principal __P((
void *server_handle,
krb5_principal princ));
kadm5_ret_t
kadm5_s_destroy __P((void *server_handle));
kadm5_ret_t
kadm5_s_flush __P((void *server_handle));
kadm5_ret_t
kadm5_s_get_principal __P((
void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
u_int32_t mask));
kadm5_ret_t
kadm5_s_init_with_password __P((
char *client_name,
char *pass,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle));
kadm5_ret_t
kadm5_s_modify_principal __P((
void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask));
kadm5_ret_t
kadm5_s_randkey_principal __P((
void *server_handle,
krb5_principal princ,
krb5_keyblock **new_keys,
int *n_keys));
kadm5_ret_t
kadm5_s_rename_principal __P((
void *server_handle,
krb5_principal source,
krb5_principal target));
#if 0
/* unimplemented functions */
kadm5_ret_t
kadm5_decrypt_key(void *server_handle,
kadm5_principal_ent_t entry, int32_t
ktype, int32_t stype, int32_t
kvno, krb5_keyblock *keyblock,
krb5_keysalt *keysalt, int *kvnop);
kadm5_ret_t
kadm5_get_principals(void *server_handle, char *exp,
char ***princs, int *count);
kadm5_ret_t
kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t policy, u_int32_t mask);
kadm5_ret_t
kadm5_delete_policy(void *server_handle, char *policy);
kadm5_ret_t
kadm5_modify_policy(void *server_handle,
kadm5_policy_ent_t policy,
u_int32_t mask);
kadm5_ret_t
kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent);
kadm5_ret_t
kadm5_get_policies(void *server_handle, char *exp,
char ***pols, int *count);
void
kadm5_free_policy_ent(kadm5_policy_ent_t policy);
void
kadm5_free_name_list(void *server_handle,
char **names,
int *count);
kadm5_ret_t
kadm5_get_privs(void *server_handle, u_int32_t *privs);
#endif
#endif /* __KADM5_ADMIN_H__ */

95
lib/kadm5/chpass_s.c Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_chpass_principal(void *server_handle,
krb5_principal princ,
char *password)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
kadm5_ret_t ret;
ent.principal = princ;
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->fetch(context->context, context->db, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
{
int i;
krb5_data salt;
Key *key;
krb5_get_salt(princ, &salt);
for(i = 0; i < ent.keys.len; i++){
key = &ent.keys.val[i];
if(key->salt && key->salt->type == hdb_pw_salt &&
key->salt->salt.length != 0){
/* zap old salt, but not v4 salts */
free_Salt(key->salt);
key->salt = NULL;
}
krb5_free_keyblock(context->context, &key->key);
ret = krb5_string_to_key(password,
key->salt ? &key->salt->salt : &salt,
key->key.keytype,
&key->key);
if(ret)
break;
}
krb5_data_free(&salt);
}
if(ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out2;
ret = context->db->store(context->context, context->db, 1, &ent);
out2:
hdb_free_entry(context->context, &ent);
out:
context->db->close(context->context, context->db);
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
return ret;
}

95
lib/kadm5/context_s.c Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
_kadm5_s_init_context(kadm5_server_context **ctx,
kadm5_config_params *params)
{
*ctx = malloc(sizeof(**ctx));
if(*ctx == NULL)
return ENOMEM;
memset(*ctx, 0, sizeof(**ctx));
krb5_init_context(&(*ctx)->context);
#if 0
#define is_set(M) (params->mask & KADM5_CONFIG_ ## M)
if(is_set(REALM))
ctx->config.realm = strdup(params->realm);
else
krb5_get_default_realm(ctx->context, &ctx->config.realm);
if(is_set(PROFILE))
ctx->config.params = strdup(params->profile);
if(is_set(KADMIND_PORT))
ctx->config.kadmind_port = params->kadmind_port;
else
ctx->config.kadmind_port = 749;
if(is_set(ADMIN_SERVER))
ctx->config.admin_server = strdup(params->admin_server);
if(is_set(DBNAME))
ctx->config.dbname = strdup(params->dbname);
if(is_set(ADBNAME))
ctx->config.adbname = strdup(params->adbname);
if(is_set(ADB_LOCKFILE))
ctx->config.adb_lockfile = strdup(params->adb_lockfile);
if(is_set(ACL_FILE))
ctx->config.acl_file = strdup(params->acl_file);
if(is_set(DICT_FILE))
ctx->config.dict_file = strdup(params->dict_file);
if(is_set(ADMIN_KEYTAB))
ctx->config.admin_keytab = strdup(params->admin_keytab);
if(is_set(MKEY_FROM_KEYBOARD))
ctx->config.mkey_from_keyboard = params->mkey_from_keyboard;
if(is_set(STASH_FILE))
ctx->config.stash_file = strdup(params->stash_file);
if(is_set(MKEY_NAME))
ctx->config.mkey_name = strdup(params->mkey_name);
krb5_enctype enctype;
krb5_deltat max_life;
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
krb5_key_salt_tuple *keysalts;
krb5_int32 num_keysalts;
#endif
return 0;
}

116
lib/kadm5/create_s.c Normal file
View File

@@ -0,0 +1,116 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
#define REQUIRED_MASK (KADM5_PRINCIPAL)
#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT | KADM5_KEY_DATA)
#define set_value(X, V) do { (X) = malloc(sizeof(*X)); *(X) = V; } while(0)
kadm5_ret_t
kadm5_s_create_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password)
{
kadm5_server_context *context;
hdb_entry ent;
kadm5_ret_t ret;
context = server_handle;
if((mask & REQUIRED_MASK) != REQUIRED_MASK)
return KADM5_BAD_MASK;
if((mask & FORBIDDEN_MASK))
return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
/* XXX no real policies for now */
return KADM5_UNK_POLICY;
memset(&ent, 0, sizeof(ent));
ret = krb5_copy_principal(context->context, princ->principal,
&ent.principal);
if(ret)
return ret;
/* set defaults */
ent.flags.postdate = 1;
ent.flags.forwardable = 1;
ent.flags.initial = 0;
ent.flags.renewable = 1;
ent.flags.proxiable = 1;
ent.flags.require_preauth = 0;
ent.flags.server = 1;
ent.flags.client = 1;
ent.flags.change_pw = 0;
ent.flags.invalid = 0;
ent.kvno = 1;
ret = _kadm5_setup_entry(&ent, princ, mask);
{
krb5_data salt;
ent.keys.len = 1;
ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val));
ent.keys.val[0].mkvno = 0;
ret = krb5_get_salt (ent.principal, &salt);
krb5_string_to_key(password,
&salt,
KEYTYPE_DES,
&ent.keys.val[0].key);
krb5_data_free(&salt);
ent.keys.val[0].salt = NULL;
}
ent.created_by.time = time(NULL);
ret = krb5_copy_principal(context->context, context->caller,
&ent.created_by.principal);
if(ret)
goto out;
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret)
goto out;
ret = context->db->store(context->context, context->db, 0, &ent);
context->db->close(context->context, context->db);
out:
hdb_free_entry(context->context, &ent);
if(ret == HDB_ERR_INUSE)
return KADM5_DUP;
return ret;
}

57
lib/kadm5/delete_s.c Normal file
View File

@@ -0,0 +1,57 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
ent.principal = princ;
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret) return ret;
ret = context->db->delete(context->context, context->db, &ent);
context->db->close(context->context, context->db);
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
return ret;
}

53
lib/kadm5/destroy_s.c Normal file
View File

@@ -0,0 +1,53 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_destroy(void *server_handle)
{
kadm5_ret_t ret;
kadm5_server_context *context = server_handle;
ret = context->db->destroy(context->context, context->db);
krb5_free_context(context->context);
free(context->config.realm);
return ret;
}

90
lib/kadm5/ent_setup.c Normal file
View File

@@ -0,0 +1,90 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0);
kadm5_ret_t
_kadm5_setup_entry(hdb_entry *ent, kadm5_principal_ent_t princ, u_int32_t mask)
{
if(mask & KADM5_PRINC_EXPIRE_TIME)
set_value(ent->valid_end, princ->princ_expire_time);
if(mask & KADM5_PW_EXPIRATION)
set_value(ent->pw_end, princ->pw_expiration);
if(mask & KADM5_ATTRIBUTES){
ent->flags.postdate =
!(princ->attributes & KRB5_KDB_DISALLOW_POSTDATED);
ent->flags.forwardable =
!(princ->attributes & KRB5_KDB_DISALLOW_FORWARDABLE);
ent->flags.initial =
!!(princ->attributes & KRB5_KDB_DISALLOW_TGT_BASED);
ent->flags.renewable =
!(princ->attributes & KRB5_KDB_DISALLOW_RENEWABLE);
ent->flags.proxiable =
!(princ->attributes & KRB5_KDB_DISALLOW_PROXIABLE);
/* DUP_SKEY */
ent->flags.invalid =
!!(princ->attributes & KRB5_KDB_DISALLOW_ALL_TIX);
ent->flags.require_preauth =
!!(princ->attributes & KRB5_KDB_REQUIRES_PRE_AUTH);
/* HW_AUTH */
ent->flags.server =
!(princ->attributes & KRB5_KDB_DISALLOW_SVR);
ent->flags.change_pw =
!!(princ->attributes & KRB5_KDB_PWCHANGE_SERVICE);
/* SUPPPORT_DESMD5 */
/* NEW_PRINC */
}
if(mask & KADM5_MAX_LIFE)
set_value(ent->max_life, princ->max_life);
if(mask & KADM5_KVNO)
ent->kvno = princ->kvno;
if(mask & KADM5_MAX_RLIFE)
set_value(ent->max_renew, princ->max_renewable_life);
if(mask & KADM5_TL_DATA){
/* XXX */
}
if(mask & KADM5_FAIL_AUTH_COUNT){
/* XXX */
}
return 0;
}

53
lib/kadm5/flush.c Normal file
View File

@@ -0,0 +1,53 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_flush(void *server_handle)
{
return 0;
}
kadm5_ret_t
kadm5_c_flush(void *server_handle)
{
return 0;
}

83
lib/kadm5/free.c Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
void
kadm5_free_key_data(void *server_handle,
int16_t *n_key_data,
krb5_key_data *key_data)
{
int i;
for(i = 0; i < *n_key_data; i++){
if(key_data[i].key_data_contents[0]){
memset(key_data[i].key_data_contents[0],
0,
key_data[i].key_data_length[0]);
free(key_data[i].key_data_contents[0]);
}
if(key_data[i].key_data_contents[1])
free(key_data[i].key_data_contents[1]);
}
*n_key_data = 0;
}
void
kadm5_free_principal_ent(void *server_handle,
kadm5_principal_ent_t princ)
{
kadm5_server_context *context = server_handle;
if(princ->principal)
krb5_free_principal(context->context, princ->principal);
if(princ->mod_name)
krb5_free_principal(context->context, princ->mod_name);
kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
while(princ->n_tl_data && princ->tl_data){
krb5_tl_data *tp;
tp = princ->tl_data;
princ->tl_data = tp->tl_data_next;
princ->n_tl_data--;
memset(tp->tl_data_contents, 0, tp->tl_data_length);
free(tp->tl_data_contents);
free(tp);
}
}

174
lib/kadm5/get_s.c Normal file
View File

@@ -0,0 +1,174 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_get_principal(void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
u_int32_t mask)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
ent.principal = princ;
ret = context->db->open(context->context, context->db, O_RDONLY, 0);
if(ret)
return ret;
ret = context->db->fetch(context->context, context->db, &ent);
context->db->close(context->context, context->db);
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
memset(out, 0, sizeof(*out));
if(mask & KADM5_PRINCIPAL)
ret = krb5_copy_principal(context->context, ent.principal,
&out->principal);
if(ret)
goto out;
if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
out->princ_expire_time = *ent.valid_end;
if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
out->pw_expiration = *ent.pw_end;
if(mask & KADM5_LAST_PWD_CHANGE)
/* XXX implement */;
if(mask & KADM5_ATTRIBUTES){
out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
}
if(mask & KADM5_MAX_LIFE && ent.max_life)
out->max_life = *ent.max_life;
if(mask & KADM5_MOD_TIME)
if(ent.modified_by)
out->mod_date = ent.modified_by->time;
else
out->mod_date = ent.created_by.time;
if(mask & KADM5_MOD_NAME)
if(ent.modified_by)
ret = krb5_copy_principal(context->context,
ent.modified_by->principal,
&out->mod_name);
else
ret = krb5_copy_principal(context->context,
ent.created_by.principal,
&out->mod_name);
if(ret)
goto out;
if(mask & KADM5_KVNO)
out->kvno = ent.kvno;
if(mask & KADM5_MKVNO && ent.keys.len)
out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */
if(mask & KADM5_AUX_ATTRIBUTES)
/* XXX implement */;
if(mask & KADM5_POLICY)
out->policy = NULL;
if(mask & KADM5_MAX_RLIFE && ent.max_renew)
out->max_renewable_life = *ent.max_renew;
if(mask & KADM5_LAST_SUCCESS)
/* XXX implement */;
if(mask & KADM5_LAST_FAILED)
/* XXX implement */;
if(mask & KADM5_FAIL_AUTH_COUNT)
/* XXX implement */;
if(mask & KADM5_KEY_DATA){
int i;
Key *key;
krb5_key_data *kd;
krb5_data salt, *sp;
krb5_get_salt(ent.principal, &salt);
out->key_data = malloc(ent.keys.len * sizeof(*out->key_data));
for(i = 0; i < ent.keys.len; i++){
key = &ent.keys.val[i];
kd = &out->key_data[i];
kd->key_data_ver = 2;
kd->key_data_kvno = ent.kvno;
kd->key_data_type[0] = key->key.keytype;
if(key->salt)
kd->key_data_type[1] = key->salt->type;
else
kd->key_data_type[1] = pa_pw_salt;
/* setup key */
kd->key_data_length[0] = key->key.keyvalue.length;
kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
if(kd->key_data_contents[0] == NULL){
ret = ENOMEM;
break;
}
memcpy(kd->key_data_contents[0], key->key.keyvalue.data,
kd->key_data_length[0]);
/* setup salt */
if(key->salt)
sp = &key->salt->salt;
else
sp = &salt;
kd->key_data_length[1] = sp->length;
kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
if(kd->key_data_contents[1] == NULL){
memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
ret = ENOMEM;
break;
}
memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
out->n_key_data = i;
}
krb5_data_free(&salt);
}
if(ret){
kadm5_free_principal_ent(context, out);
goto out;
}
if(mask & KADM5_TL_DATA)
/* XXX implement */;
out:
hdb_free_entry(context->context, &ent);
return ret;
}

101
lib/kadm5/init_s.c Normal file
View File

@@ -0,0 +1,101 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_init_with_password(char *client_name,
char *pass,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
kadm5_ret_t ret;
kadm5_server_context *context;
ret = _kadm5_s_init_context(&context, realm_params);
if(ret)
return ret;
ret = hdb_create(context->context, &context->db, NULL);
if(ret)
return ret;
ret = krb5_parse_name(context->context, service_name, &context->caller);
if(ret)
return ret;
*server_handle = context;
return 0;
}
#if 0
kadm5_ret_t
kadm5_init_with_skey(char *client_name, char *keytab,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
}
kadm5_ret_t
kadm5_init(char *client_name, char *pass,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
}
kadm5_ret_t
kadm5_init_with_creds(char *client_name,
krb5_ccache ccache,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle)
{
}
#endif

59
lib/kadm5/kadm5_err.et Normal file
View File

@@ -0,0 +1,59 @@
#
# Error messages for the kadm5 library
#
# This might look like a com_err file, but is not
#
id $Id$
error_table kadm5 ovk
prefix KADM5
error_code FAILURE, "Operation failed for unspecified reason"
error_code AUTH_GET, "Operation requires ``get'' privilege"
error_code AUTH_ADD, "Operation requires ``add'' privilege"
error_code AUTH_MODIFY, "Operation requires ``modify'' privilege"
error_code AUTH_DELETE, "Operation requires ``delete'' privilege"
error_code AUTH_INSUFFICIENT, "Insufficient authorization for operation"
error_code BAD_DB, "Database inconsistency detected"
error_code DUP, "Principal or policy already exists"
error_code RPC_ERROR, "Communication failure with server"
error_code NO_SRV, "No administration server found for realm"
error_code BAD_HIST_KEY, "Password history principal key version mismatch"
error_code NOT_INIT, "Connection to server not initialized"
error_code UNK_PRINC, "Principal does not exist"
error_code UNK_POLICY, "Policy does not exist"
error_code BAD_MASK, "Invalid field mask for operation"
error_code BAD_CLASS, "Invalid number of character classes"
error_code BAD_LENGTH, "Invalid password length"
error_code BAD_POLICY, "Illegal policy name"
error_code BAD_PRINCIPAL, "Illegal principal name."
error_code BAD_AUX_ATTR, "Invalid auxillary attributes"
error_code BAD_HISTORY, "Invalid password history count"
error_code BAD_MIN_PASS_LIFE, "Password minimum life is greater then password maximum life"
error_code PASS_Q_TOOSHORT, "Password is too short"
error_code PASS_Q_CLASS, "Password does not contain enough character classes"
error_code PASS_Q_DICT, "Password is in the password dictionary"
error_code PASS_REUSE, "Cannot resuse password"
error_code PASS_TOOSOON, "Current password's minimum life has not expired"
error_code POLICY_REF, "Policy is in use"
error_code INIT, "Connection to server already initialized"
error_code BAD_PASSWORD, "Incorrect password"
error_code PROTECT_PRINCIPAL, "Cannot change protected principal"
error_code BAD_SERVER_HANDLE, "Programmer error! Bad Admin server handle"
error_code BAD_STRUCT_VERSION, "Programmer error! Bad API structure version"
error_code OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported"
error_code NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries"
error_code BAD_API_VERSION, "Programmer error! Bad API version"
error_code OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries"
error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
error_code NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries"
error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
error_code NO_RENAME_SALT, "The salt type of the specified principal does not support renaming"
error_code BAD_CLIENT_PARAMS, "Illegal configuration parameter for remote KADM5 client"
error_code BAD_SERVER_PARAMS, "Illegal configuration parameter for local KADM5 client."
error_code AUTH_LIST, "Operation requires ``list'' privilege"
error_code AUTH_CHANGEPW, "Operation requires ``change-password'' privilege"
error_code BAD_TL_TYPE, "Programmer error! Illegal tagged data list element type"
error_code MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
error_code BAD_SERVER_NAME, "Bad krb5 admin server hostname"

83
lib/kadm5/kadm5_locl.h Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __KADM5_LOCL_H__
#define __KADM5_LOCL_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include "admin.h"
#include "kadm5_err.h"
#include <hdb.h>
typedef struct kadm5_server_context {
krb5_context context;
kadm5_config_params config;
HDB *db;
krb5_principal caller;
}kadm5_server_context;
kadm5_ret_t
_kadm5_s_init_context __P((
kadm5_server_context **ctx,
kadm5_config_params *params));
kadm5_ret_t
_kadm5_set_modifier __P((
kadm5_server_context *context,
hdb_entry *ent));
kadm5_ret_t
_kadm5_setup_entry __P((
hdb_entry *ent,
kadm5_principal_ent_t princ,
u_int32_t mask));
#endif /* __KADM5_LOCL_H__ */

81
lib/kadm5/modify_s.c Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_KEY_DATA)
kadm5_ret_t
kadm5_s_modify_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
kadm5_ret_t ret;
if((mask & FORBIDDEN_MASK))
return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
return KADM5_UNK_POLICY;
ent.principal = princ->principal;
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->fetch(context->context, context->db, &ent);
if(ret)
goto out;
ret = _kadm5_setup_entry(&ent, princ, mask);
if(ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out2;
ret = context->db->store(context->context, context->db, 1, &ent);
out2:
hdb_free_entry(context->context, &ent);
out:
context->db->close(context->context, context->db);
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
return ret;
}

105
lib/kadm5/randkey_s.c Normal file
View File

@@ -0,0 +1,105 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_randkey_principal(void *server_handle,
krb5_principal princ,
krb5_keyblock **new_keys,
int *n_keys)
{
kadm5_server_context *context = server_handle;
hdb_entry ent;
kadm5_ret_t ret;
ent.principal = princ;
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->fetch(context->context, context->db, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
{
int i;
Key *key;
*new_keys = malloc(ent.keys.len * sizeof(**new_keys));
for(i = 0; i < ent.keys.len; i++){
key = &ent.keys.val[i];
if(key->salt){
/* zap any salt */
free_Salt(key->salt);
key->salt = NULL;
}
krb5_free_keyblock(context->context, &key->key);
ret = krb5_generate_random_keyblock(context->context,
key->key.keytype,
&key->key);
if(ret)
break;
ret = krb5_copy_keyblock(context->context, &key->key, &new_keys[i]);
if(ret)
break;
*n_keys = i + 1;
}
}
if(ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out2;
ret = context->db->store(context->context, context->db, 1, &ent);
out2:
hdb_free_entry(context->context, &ent);
out:
context->db->close(context->context, context->db);
if(ret){
int i;
for(i = 0; i < *n_keys; i++)
krb5_free_keyblock(context->context, &(*new_keys)[i]);
free(*new_keys);
*n_keys = 0;
}
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
return ret;
}

105
lib/kadm5/rename_s.c Normal file
View File

@@ -0,0 +1,105 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_s_rename_principal(void *server_handle,
krb5_principal source,
krb5_principal target)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent, ent2;
ent.principal = source;
if(krb5_principal_compare(context->context, source, target))
return KADM5_DUP; /* XXX is this right? */
if(!krb5_realm_compare(context->context, source, target))
return KADM5_FAILURE; /* XXX better code */
ret = context->db->open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->fetch(context->context, context->db, &ent);
if(ret){
context->db->close(context->context, context->db);
goto out;
}
ret = _kadm5_set_modifier(context, &ent);
if(ret)
goto out2;
{
/* fix salt */
int i;
krb5_data salt;
krb5_get_salt(target, &salt);
for(i = 0; i < ent.keys.len; i++){
if(ent.keys.val[i].salt == NULL){
ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt));
ent.keys.val[i].salt->type = hdb_pw_salt;
ret = krb5_data_copy(&ent.keys.val[i].salt->salt,
salt.data, salt.length);
if(ret)
break;
}
}
krb5_data_free(&salt);
}
if(ret)
goto out2;
ent2.principal = ent.principal;
ent.principal = target;
ret = context->db->store(context->context, context->db, 0, &ent);
if(ret){
ent.principal = ent2.principal;
goto out2;
}
ret = context->db->delete(context->context, context->db, &ent2);
ent.principal = ent2.principal;
out2:
context->db->close(context->context, context->db);
hdb_free_entry(context->context, &ent);
out:
if(ret == HDB_ERR_NOENTRY)
return KADM5_UNK_PRINC;
if(ret == HDB_ERR_INUSE)
return KADM5_DUP;
return ret;
}

130
lib/kadm5/server_glue.c Normal file
View File

@@ -0,0 +1,130 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
kadm5_chpass_principal(void *server_handle,
krb5_principal princ,
char *password)
{
return kadm5_s_chpass_principal(server_handle, princ, password);
}
kadm5_ret_t
kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask,
char *password)
{
return kadm5_s_create_principal(server_handle, princ, mask, password);
}
kadm5_ret_t
kadm5_delete_principal(void *server_handle,
krb5_principal princ)
{
return kadm5_s_delete_principal(server_handle, princ);
}
kadm5_ret_t
kadm5_destroy (void *server_handle)
{
return kadm5_s_destroy(server_handle);
}
kadm5_ret_t
kadm5_flush (void *server_handle)
{
return kadm5_s_flush(server_handle);
}
kadm5_ret_t
kadm5_get_principal(void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
u_int32_t mask)
{
return kadm5_s_get_principal(server_handle, princ, out, mask);
}
kadm5_ret_t
kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
return kadm5_s_init_with_password(client_name,
pass,
service_name,
realm_params,
struct_version,
api_version,
server_handle);
}
kadm5_ret_t
kadm5_modify_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask)
{
return kadm5_s_modify_principal(server_handle, princ, mask);
}
kadm5_ret_t
kadm5_randkey_principal(void *server_handle,
krb5_principal princ,
krb5_keyblock **new_keys,
int *n_keys)
{
return kadm5_s_randkey_principal(server_handle, princ, new_keys, n_keys);
}
kadm5_ret_t
kadm5_rename_principal(void *server_handle,
krb5_principal source,
krb5_principal target)
{
return kadm5_s_rename_principal(server_handle, source, target);
}

59
lib/kadm5/set_modifier.c Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* H<>gskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadm5_locl.h"
RCSID("$Id$");
kadm5_ret_t
_kadm5_set_modifier(kadm5_server_context *context,
hdb_entry *ent)
{
kadm5_ret_t ret;
if(ent->modified_by == NULL){
ent->modified_by = malloc(sizeof(*ent->modified_by));
if(ent->modified_by == NULL)
return ENOMEM;
} else
free_Event(ent->modified_by);
ent->modified_by->time = time(NULL);
ret = krb5_copy_principal(context->context, context->caller,
&ent->modified_by->principal);
return ret;
}