add support for add,get,delete,chrand for the MIT kadmin protocol

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24240 ec53bebd-3082-4978-b11e-865c3cabbd6b

kadmin/Makefile.am

@@ -47,10 +47,10 @@ kadmin-commands.c kadmin-commands.h: kadmin-commands.in
 	$(SLC) $(srcdir)/kadmin-commands.in
 
 kadmind_SOURCES =				\
-	kadmind.c				\
+	rpc.c					\
 	server.c				\
+	kadmind.c				\
 	kadmin_locl.h				\
-	$(version4_c)				\
 	kadm_conn.c
 
 add_random_users_SOURCES = add-random-users.c
@@ -71,6 +71,7 @@ LDADD_common = \
 	$(DBLIB)
 
 kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+	../lib/gssapi/libgssapi.la \
 	$(LDADD_common) \
 	$(LIB_pidfile) \
 	$(LIB_dlopen)

kadmin/kadmin_locl.h

@@ -132,11 +132,6 @@ foreach_principal(const char *, int (*)(krb5_principal, void*),
 
 int parse_des_key (const char *, krb5_key_data *, const char **);
 
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
 /* random_password.c */
 
 void
@@ -152,6 +147,12 @@ int start_server(krb5_context);
 /* server.c */
 
 krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
+kadmind_loop (krb5_context, krb5_keytab, int);
+
+/* rpc.c */
+
+int
+handle_mit(krb5_context, void *, size_t, int);
+
 
 #endif /* __ADMIN_LOCL_H__ */

kadmin/kadmind.c

@@ -158,30 +158,37 @@ main(int argc, char **argv)
     if (ret)
 	krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 
-    {
+    if(debug_flag) {
-	int fd = 0;
-	struct sockaddr_storage __ss;
-	struct sockaddr *sa = (struct sockaddr *)&__ss;
-	socklen_t sa_size = sizeof(__ss);
-	krb5_auth_context ac = NULL;
 	int debug_port;
 	
-	if(debug_flag) {
 	if(port_str == NULL)
 	    debug_port = krb5_getportbyname (context, "kerberos-adm",
 					     "tcp", 749);
 	else
 	    debug_port = htons(atoi(port_str));
 	mini_inetd(debug_port);
-	} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
+    } else {
+	struct sockaddr_storage __ss;
+	struct sockaddr *sa = (struct sockaddr *)&__ss;
+	socklen_t sa_size = sizeof(__ss);
+
+	/*
+	 * Check if we are running inside inetd or not, if not, start
+	 * our own server.
+	 */
+	
+	if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
 	       errno == ENOTSOCK) {
 	    parse_ports(context, port_str ? port_str : "+");
 	    pidfile(NULL);
 	    start_server(context);
 	}
+    }
+    
     if(realm)
 	krb5_set_default_realm(context, realm); /* XXX */
-	kadmind_loop(context, ac, keytab, fd);
+
-    }
+    kadmind_loop(context, keytab, STDIN_FILENO);
+
     return 0;
 }

kadmin/server.c

@@ -367,6 +367,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
 		krb5_store_keyblock(sp, new_keys[i]);
 		krb5_free_keyblock_contents(context->context, &new_keys[i]);
 	    }
+	    free(new_keys);
 	}
 	break;
     }
@@ -471,33 +472,20 @@ match_appl_version(const void *data, const char *appl_version)
 
 static void
 handle_v5(krb5_context context,
-	  krb5_auth_context ac,
 	  krb5_keytab keytab,
-	  int len,
 	  int fd)
 {
     krb5_error_code ret;
-    u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
     krb5_ticket *ticket;
     char *server_name;
     char *client;
     void *kadm_handle;
-    ssize_t n;
     krb5_boolean initial;
+    krb5_auth_context ac = NULL;
 
     unsigned kadm_version;
     kadm5_config_params realm_params;
 
-    if (len != sizeof(KRB5_SENDAUTH_VERSION))
-	krb5_errx(context, 1, "bad sendauth len %d", len);
-    n = krb5_net_read(context, &fd, version, len);
-    if (n < 0)
-	krb5_err (context, 1, errno, "reading sendauth version");
-    if (n == 0)
-	krb5_errx (context, 1, "EOF reading sendauth version");
-    if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
-	krb5_errx(context, 1, "bad sendauth version %.8s", version);
-	
     ret = krb5_recvauth_match_version(context, &ac, &fd,
 				      match_appl_version, &kadm_version,
 				      NULL, KRB5_RECVAUTH_IGNORE_VERSION,
@@ -547,31 +535,37 @@ handle_v5(krb5_context context,
 
 krb5_error_code
 kadmind_loop(krb5_context context,
-	     krb5_auth_context ac,
 	     krb5_keytab keytab,
 	     int fd)
 {
-    unsigned char tmp[4];
+    u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4];
     ssize_t n;
     unsigned long len;
 
-    n = krb5_net_read(context, &fd, tmp, 4);
+    n = krb5_net_read(context, &fd, buf, 4);
     if(n == 0)
 	exit(0);
     if(n < 0)
 	krb5_err(context, 1, errno, "read");
-    _krb5_get_int(tmp, &len, 4);
+    _krb5_get_int(buf, &len, 4);
-    /* this v4 test could probably also go away */
+
-    if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
+    if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
-	unsigned char v4reply[] = {
+
-	    0x00, 0x0c,
+	n = krb5_net_read(context, &fd, buf + 4, len);
-	    'K', 'Y', 'O', 'U', 'L', 'O', 'S', 'E',
+	if (n < 0)
-	    0x95, 0xb7, 0xa7, 0x08 /* KADM_BAD_VER */
+	    krb5_err (context, 1, errno, "reading sendauth version");
-	};
+	if (n == 0)
-	krb5_net_write(context, &fd, v4reply, sizeof(v4reply));
+	    krb5_errx (context, 1, "EOF reading sendauth version");
-	krb5_errx(context, 1, "packet appears to be version 4");
+
-    } else {
+	if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
-	handle_v5(context, ac, keytab, len, fd);
+	    handle_v5(context, keytab, fd);
+	    return 0;
 	}
+	len += 4;
+    } else
+	len = 4;
+
+    handle_mit(context, buf, len, fd);
+
     return 0;
 }