diff --git a/kadmin/server.c b/kadmin/server.c index 93e234810..2f033e8e5 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -43,17 +43,18 @@ RCSID("$Id$"); kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_storage *sp) { - int32_t cmd; kadm5_ret_t ret; + int32_t cmd, mask, tmp; kadm5_server_context *context = kadm_handle; char client[128], name[128], name2[128]; char *op = ""; krb5_principal princ, princ2; kadm5_principal_ent_rec ent; - int32_t mask; - char *password; + char *password, *exp; krb5_keyblock *new_keys; int n_keys; + char **princs; + int n_princs; krb5_unparse_name_fixed(context->context, context->caller, client, sizeof(client)); @@ -250,6 +251,36 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) krb5_store_int32(sp, mask); break; } + case kadm_get_princs:{ + op = "LIST"; + ret = krb5_ret_int32(sp, &tmp); + if(ret) + goto fail; + if(tmp){ + ret = krb5_ret_string(sp, &exp); + if(ret) + goto fail; + }else + exp = NULL; + krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*"); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST); + if(ret){ + free(exp); + goto fail; + } + ret = kadm5_get_principals(kadm_handle, exp, &princs, &n_princs); + free(exp); + sp->seek(sp, 0, SEEK_SET); + krb5_store_int32(sp, ret); + if(ret == 0){ + int i; + krb5_store_int32(sp, n_princs); + for(i = 0; i < n_princs; i++) + krb5_store_string(sp, princs[i]); + kadm5_free_name_list(kadm_handle, princs, &n_princs); + } + break; + } default: krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd); sp->seek(sp, 0, SEEK_SET); diff --git a/lib/kadm5/kadm5_locl.h b/lib/kadm5/kadm5_locl.h index c7e6be5f4..eb96a4b76 100644 --- a/lib/kadm5/kadm5_locl.h +++ b/lib/kadm5/kadm5_locl.h @@ -55,6 +55,9 @@ #ifdef HAVE_FCNTL_H #include #endif +#ifdef HAVE_FNMATCH_H +#include +#endif #include "admin.h" #include "kadm5_err.h" #include @@ -89,7 +92,8 @@ enum kadm_ops { kadm_chpass, kadm_modify, kadm_randkey, - kadm_get_privs + kadm_get_privs, + kadm_get_princs }; #define KADMIN_APPL_VERSION "KADM0.0" @@ -121,6 +125,12 @@ _kadm5_client_send __P(( kadm5_ret_t _kadm5_error_code __P((kadm5_ret_t code)); +kadm5_ret_t +_kadm5_privs_to_string __P(( + u_int32_t privs, + char *string, + size_t len)); + kadm5_ret_t _kadm5_s_init_context __P(( kadm5_server_context **ctx, @@ -147,13 +157,7 @@ _kadm5_setup_entry __P(( kadm5_ret_t _kadm5_string_to_privs __P(( - const char *s, + const char *s, u_int32_t* privs)); -kadm5_ret_t -_kadm5_privs_to_string __P(( - u_int32_t privs, - char *string, - size_t len)); - #endif /* __KADM5_LOCL_H__ */ diff --git a/lib/kadm5/server.c b/lib/kadm5/server.c index 93e234810..2f033e8e5 100644 --- a/lib/kadm5/server.c +++ b/lib/kadm5/server.c @@ -43,17 +43,18 @@ RCSID("$Id$"); kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_storage *sp) { - int32_t cmd; kadm5_ret_t ret; + int32_t cmd, mask, tmp; kadm5_server_context *context = kadm_handle; char client[128], name[128], name2[128]; char *op = ""; krb5_principal princ, princ2; kadm5_principal_ent_rec ent; - int32_t mask; - char *password; + char *password, *exp; krb5_keyblock *new_keys; int n_keys; + char **princs; + int n_princs; krb5_unparse_name_fixed(context->context, context->caller, client, sizeof(client)); @@ -250,6 +251,36 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) krb5_store_int32(sp, mask); break; } + case kadm_get_princs:{ + op = "LIST"; + ret = krb5_ret_int32(sp, &tmp); + if(ret) + goto fail; + if(tmp){ + ret = krb5_ret_string(sp, &exp); + if(ret) + goto fail; + }else + exp = NULL; + krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*"); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST); + if(ret){ + free(exp); + goto fail; + } + ret = kadm5_get_principals(kadm_handle, exp, &princs, &n_princs); + free(exp); + sp->seek(sp, 0, SEEK_SET); + krb5_store_int32(sp, ret); + if(ret == 0){ + int i; + krb5_store_int32(sp, n_princs); + for(i = 0; i < n_princs; i++) + krb5_store_string(sp, princs[i]); + kadm5_free_name_list(kadm_handle, princs, &n_princs); + } + break; + } default: krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd); sp->seek(sp, 0, SEEK_SET);