From ad081120c452c3e281c041a7e76735ee5c5dab2c Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Wed, 7 Jun 2000 11:14:44 +0000 Subject: [PATCH] adapt to new acl stuff git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8352 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/server.c | 24 +++++++++++++++--------- kadmin/version4.c | 17 ++++++++++------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/kadmin/server.c b/kadmin/server.c index 5d5359353..17166d057 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -73,7 +73,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, } krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -96,7 +96,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -126,7 +126,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_unparse_name_fixed(context->context, ent.principal, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, + ent.principal); if(ret){ kadm5_free_principal_ent(context->context, &ent); memset(password, 0, strlen(password)); @@ -156,7 +157,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_unparse_name_fixed(context->context, ent.principal, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY, + ent.principal); if(ret){ kadm5_free_principal_ent(context, &ent); goto fail; @@ -183,7 +185,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_warnx(context->context, "%s: %s %s -> %s", client, op, name, name2); ret = _kadm5_acl_check_permission(context, - KADM5_PRIV_ADD|KADM5_PRIV_DELETE); + KADM5_PRIV_ADD, + princ2) + || _kadm5_acl_check_permission(context, + KADM5_PRIV_DELETE, + princ); if(ret){ krb5_free_principal(context->context, princ); goto fail; @@ -220,7 +226,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { krb5_free_principal(context->context, princ); @@ -283,7 +289,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { int16_t dummy = n_key_data; @@ -324,7 +330,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { krb5_free_principal(context->context, princ); @@ -367,7 +373,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, }else exp = NULL; krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*"); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST); + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL); if(ret){ free(exp); goto fail; diff --git a/kadmin/version4.c b/kadmin/version4.c index d2ce17930..edf32f38a 100644 --- a/kadmin/version4.c +++ b/kadmin/version4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -543,7 +543,8 @@ kadm_ser_add(krb5_context context, krb5_warnx(context, "v4-compat %s: add %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD, + ent.principal); if (ret) goto fail; @@ -597,7 +598,8 @@ kadm_ser_get(krb5_context context, krb5_warnx(context, "v4-compat %s: get %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET, + ent.principal); if (ret) goto fail; @@ -647,7 +649,8 @@ kadm_ser_mod(krb5_context context, krb5_warnx(context, "v4-compat %s: mod %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY, + ent.principal); if (ret) goto fail; @@ -701,7 +704,8 @@ kadm_ser_del(krb5_context context, krb5_warnx(context, "v4-compat %s: del %s", principal_string, name); - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE); + ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE, + ent.principal); if (ret) goto fail; @@ -878,8 +882,7 @@ decode_packet(krb5_context context, goto out; } - checksum = des_quad_cksum((des_cblock*)(msg + off), NULL, rlen, - 0, &ad.session); + checksum = des_quad_cksum(msg + off, NULL, rlen, 0, &ad.session); if(checksum != ad.checksum) { krb5_warnx(context, "decode_packet: bad checksum"); make_you_loose_packet (KADM_BAD_CHK, reply);