oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add setting and displaying aliases

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20239 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-02-17 00:00:41 +00:00
parent 40b0371ec5
commit ea6db777a0
3 changed files with 115 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
kadmin/get.c
View File

@@ -65,6 +65,7 @@ static struct field_name {
{ "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
{ "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
{ "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
{ "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
{ NULL }
};
@@ -246,7 +247,7 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
if (tl->tl_data_type == subfield)
break;
if (tl == NULL) {
strlcpy(buf, "no stored value", buf_len);
strlcpy(buf, "", buf_len);
break;
}
@@ -272,22 +273,49 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
buf[0] = '\0';
for (i = 0; i < acl.len; i++) {
strlcpy(buf, "subject: ", buf_len);
strlcpy(buf, acl.val[i].subject, buf_len);
strlcat(buf, "subject: ", buf_len);
strlcat(buf, acl.val[i].subject, buf_len);
if (acl.val[i].issuer) {
strlcpy(buf, " issuer:", buf_len);
strlcpy(buf, *acl.val[i].issuer, buf_len);
strlcat(buf, " issuer:", buf_len);
strlcat(buf, *acl.val[i].issuer, buf_len);
}
if (acl.val[i].anchor) {
strlcpy(buf, " anchor:", buf_len);
strlcpy(buf, *acl.val[i].anchor, buf_len);
strlcat(buf, " anchor:", buf_len);
strlcat(buf, *acl.val[i].anchor, buf_len);
}
if (i + 1 < acl.len)
strlcpy(buf, ", ", buf_len);
strlcat(buf, ", ", buf_len);
}
free_HDB_Ext_PKINIT_acl(&acl);
break;
}
case KRB5_TL_ALIASES: {
HDB_Ext_Aliases alias;
size_t size;
int i, ret;
ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
tl->tl_data_length,
&alias,
&size);
if (ret) {
snprintf(buf, buf_len, "failed to decode alias");
break;
}
buf[0] = '\0';
for (i = 0; i < alias.aliases.len; i++) {
char *p;
ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
if (ret)
break;
if (i < 0)
strlcat(buf, " ", buf_len);
strlcat(buf, p, buf_len);
free(p);
}
free_HDB_Ext_Aliases(&alias);
break;
}
default:
snprintf(buf, buf_len, "unknown type %d", subfield);
break;
@@ -391,7 +419,7 @@ setup_columns(struct get_entry_data *data, const char *column_info)
}
#define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes"
#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
#define DEFAULT_COLUMNS_TERSE "principal="
static int

6
kadmin/kadmin-commands.in
View File

@@ -319,6 +319,12 @@ command = {
argument = "principal"
help = "allowed target principal"
}
option = {
long = "alias"
type = "strings"
argument = "principal"
help = "aliases"
}
argument = "principal"
min_args = "1"
max_args = "1"

85
kadmin/mod.c
View File

@@ -36,6 +36,70 @@
RCSID("$Id$");
static void
add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
{
krb5_tl_data *tl, **ptl;
tl = ecalloc(1, sizeof(*tl));
tl->tl_data_next = NULL;
tl->tl_data_type = KRB5_TL_EXTENSION;
tl->tl_data_length = data->length;
tl->tl_data_contents = data->data;
princ->n_tl_data++;
ptl = &princ->tl_data;
while (*ptl != NULL)
ptl = &(*ptl)->tl_data_next;
*ptl = tl;
return;
}
static void
add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
krb5_error_code ret;
HDB_extension ext;
krb5_data buf;
krb5_principal p;
size_t size;
int i;
memset(&ext, 0, sizeof(ext));
ext.mandatory = FALSE;
ext.data.element = choice_HDB_extension_data_aliases;
ext.data.u.aliases.case_insensitive = 0;
if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
ext.data.u.aliases.aliases.val = NULL;
ext.data.u.aliases.aliases.len = 0;
} else {
ext.data.u.aliases.aliases.val =
calloc(strings->num_strings,
sizeof(ext.data.u.aliases.aliases.val[0]));
ext.data.u.aliases.aliases.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) {
ret = krb5_parse_name(context, strings->strings[i], &p);
ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
krb5_free_principal(context, p);
}
}
ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
&ext, &size, ret);
free_HDB_extension(&ext);
if (ret)
abort();
if (buf.length != size)
abort();
add_tl(princ, KRB5_TL_EXTENSION, &buf);
}
static int
do_mod_entry(krb5_principal principal, void *data)
{
@@ -59,7 +123,8 @@ do_mod_entry(krb5_principal principal, void *data)
e->pw_expiration_time_string ||
e->attributes_string ||
e->kvno_integer != -1 ||
e->constrained_delegation_string) {
e->constrained_delegation_string ||
e->alias_strings.num_strings) {
ret = set_entry(context, &princ, &mask,
e->max_ticket_life_string,
e->max_renewable_life_string,
@@ -72,7 +137,6 @@ do_mod_entry(krb5_principal principal, void *data)
}
if (e->constrained_delegation_string) {
HDB_extension ext;
krb5_tl_data *tl, **ptl;
krb5_data buf;
krb5_principal p;
size_t size;
@@ -97,20 +161,15 @@ do_mod_entry(krb5_principal principal, void *data)
if (buf.length != size)
abort();
tl = ecalloc(1, sizeof(*tl));
tl->tl_data_next = NULL;
tl->tl_data_type = KRB5_TL_EXTENSION;
tl->tl_data_length = buf.length;
tl->tl_data_contents = buf.data;
princ.n_tl_data++;
ptl = &princ.tl_data;
while (*ptl != NULL)
ptl = &(*ptl)->tl_data_next;
*ptl = tl;
add_tl(&princ, KRB5_TL_EXTENSION, &buf);
mask |= KADM5_TL_DATA;
}
if (e->alias_strings.num_strings) {
add_aliases(context, &princ, &e->alias_strings);
mask |= KADM5_TL_DATA;
}
} else
ret = edit_entry(&princ, &mask, NULL, 0);
if(ret == 0) {