add support for add,get,delete,chrand for the MIT kadmin protocol

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24240 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-01-11 21:42:02 +00:00
parent eb34718a0b
commit 8d16bb0b68
5 changed files with 1066 additions and 54 deletions
--- a/kadmin/Makefile.am
+++ b/kadmin/Makefile.am
@@ -47,10 +47,10 @@ kadmin-commands.c kadmin-commands.h: kadmin-commands.in
 	$(SLC) $(srcdir)/kadmin-commands.in

 kadmind_SOURCES =				\
-	kadmind.c				\
+	rpc.c					\
 	server.c				\
+	kadmind.c				\
 	kadmin_locl.h				\
-	$(version4_c)				\
 	kadm_conn.c

 add_random_users_SOURCES = add-random-users.c
@@ -71,6 +71,7 @@ LDADD_common = \
 	$(DBLIB)

 kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+	../lib/gssapi/libgssapi.la \
 	$(LDADD_common) \
 	$(LIB_pidfile) \
 	$(LIB_dlopen)
--- a/kadmin/kadmin_locl.h
+++ b/kadmin/kadmin_locl.h
@@ -132,11 +132,6 @@ foreach_principal(const char *, int (*)(krb5_principal, void*),

 int parse_des_key (const char *, krb5_key_data *, const char **);

-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
 /* random_password.c */

 void
@@ -152,6 +147,12 @@ int start_server(krb5_context);
 /* server.c */

 krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
+kadmind_loop (krb5_context, krb5_keytab, int);
+
+/* rpc.c */
+
+int
+handle_mit(krb5_context, void *, size_t, int);
+

 #endif /* __ADMIN_LOCL_H__ */
--- a/kadmin/kadmind.c
+++ b/kadmin/kadmind.c
@@ -158,30 +158,37 @@ main(int argc, char **argv)
    if (ret)
 	krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");

-    {
-	int fd = 0;
+    if(debug_flag) {
+	int debug_port;
+	
+	if(port_str == NULL)
+	    debug_port = krb5_getportbyname (context, "kerberos-adm",
+					     "tcp", 749);
+	else
+	    debug_port = htons(atoi(port_str));
+	mini_inetd(debug_port);
+    } else {
 	struct sockaddr_storage __ss;
 	struct sockaddr *sa = (struct sockaddr *)&__ss;
 	socklen_t sa_size = sizeof(__ss);
-	krb5_auth_context ac = NULL;
-	int debug_port;

-	if(debug_flag) {
-	    if(port_str == NULL)
-		debug_port = krb5_getportbyname (context, "kerberos-adm",
-						 "tcp", 749);
-	    else
-		debug_port = htons(atoi(port_str));
-	    mini_inetd(debug_port);
-	} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
-		   errno == ENOTSOCK) {
+	/*
+	 * Check if we are running inside inetd or not, if not, start
+	 * our own server.
+	 */
+	
+	if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
+	       errno == ENOTSOCK) {
 	    parse_ports(context, port_str ? port_str : "+");
 	    pidfile(NULL);
 	    start_server(context);
 	}
-	if(realm)
-	    krb5_set_default_realm(context, realm); /* XXX */
-	kadmind_loop(context, ac, keytab, fd);
    }
+    
+    if(realm)
+	krb5_set_default_realm(context, realm); /* XXX */
+
+    kadmind_loop(context, keytab, STDIN_FILENO);
+
    return 0;
 }
--- a/kadmin/rpc.c
+++ b/kadmin/rpc.c
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -367,6 +367,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
 		krb5_store_keyblock(sp, new_keys[i]);
 		krb5_free_keyblock_contents(context->context, &new_keys[i]);
 	    }
+	    free(new_keys);
 	}
 	break;
    }
@@ -471,33 +472,20 @@ match_appl_version(const void *data, const char *appl_version)

 static void
 handle_v5(krb5_context context,
-	  krb5_auth_context ac,
 	  krb5_keytab keytab,
-	  int len,
 	  int fd)
 {
    krb5_error_code ret;
-    u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
    krb5_ticket *ticket;
    char *server_name;
    char *client;
    void *kadm_handle;
-    ssize_t n;
    krb5_boolean initial;
+    krb5_auth_context ac = NULL;

    unsigned kadm_version;
    kadm5_config_params realm_params;

-    if (len != sizeof(KRB5_SENDAUTH_VERSION))
-	krb5_errx(context, 1, "bad sendauth len %d", len);
-    n = krb5_net_read(context, &fd, version, len);
-    if (n < 0)
-	krb5_err (context, 1, errno, "reading sendauth version");
-    if (n == 0)
-	krb5_errx (context, 1, "EOF reading sendauth version");
-    if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
-	krb5_errx(context, 1, "bad sendauth version %.8s", version);
-	
    ret = krb5_recvauth_match_version(context, &ac, &fd,
 				      match_appl_version, &kadm_version,
 				      NULL, KRB5_RECVAUTH_IGNORE_VERSION,
@@ -547,31 +535,37 @@ handle_v5(krb5_context context,

 krb5_error_code
 kadmind_loop(krb5_context context,
-	     krb5_auth_context ac,
 	     krb5_keytab keytab,
 	     int fd)
 {
-    unsigned char tmp[4];
+    u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4];
    ssize_t n;
    unsigned long len;

-    n = krb5_net_read(context, &fd, tmp, 4);
+    n = krb5_net_read(context, &fd, buf, 4);
    if(n == 0)
 	exit(0);
    if(n < 0)
 	krb5_err(context, 1, errno, "read");
-    _krb5_get_int(tmp, &len, 4);
-    /* this v4 test could probably also go away */
-    if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
-	unsigned char v4reply[] = {
-	    0x00, 0x0c,
-	    'K', 'Y', 'O', 'U', 'L', 'O', 'S', 'E',
-	    0x95, 0xb7, 0xa7, 0x08 /* KADM_BAD_VER */
-	};
-	krb5_net_write(context, &fd, v4reply, sizeof(v4reply));
-	krb5_errx(context, 1, "packet appears to be version 4");
-    } else {
-	handle_v5(context, ac, keytab, len, fd);
-    }
+    _krb5_get_int(buf, &len, 4);
+
+    if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
+
+	n = krb5_net_read(context, &fd, buf + 4, len);
+	if (n < 0)
+	    krb5_err (context, 1, errno, "reading sendauth version");
+	if (n == 0)
+	    krb5_errx (context, 1, "EOF reading sendauth version");
+
+	if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
+	    handle_v5(context, keytab, fd);
+	    return 0;
+	}
+	len += 4;
+    } else
+	len = 4;
+
+    handle_mit(context, buf, len, fd);
+
    return 0;
 }