add setting and displaying aliases
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20239 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
46
kadmin/get.c
46
kadmin/get.c
@@ -65,6 +65,7 @@ static struct field_name {
|
||||
{ "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
|
||||
{ "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
|
||||
{ "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
|
||||
{ "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
|
||||
{ NULL }
|
||||
};
|
||||
|
||||
@@ -246,7 +247,7 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
|
||||
if (tl->tl_data_type == subfield)
|
||||
break;
|
||||
if (tl == NULL) {
|
||||
strlcpy(buf, "no stored value", buf_len);
|
||||
strlcpy(buf, "", buf_len);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -272,22 +273,49 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
|
||||
|
||||
buf[0] = '\0';
|
||||
for (i = 0; i < acl.len; i++) {
|
||||
strlcpy(buf, "subject: ", buf_len);
|
||||
strlcpy(buf, acl.val[i].subject, buf_len);
|
||||
strlcat(buf, "subject: ", buf_len);
|
||||
strlcat(buf, acl.val[i].subject, buf_len);
|
||||
if (acl.val[i].issuer) {
|
||||
strlcpy(buf, " issuer:", buf_len);
|
||||
strlcpy(buf, *acl.val[i].issuer, buf_len);
|
||||
strlcat(buf, " issuer:", buf_len);
|
||||
strlcat(buf, *acl.val[i].issuer, buf_len);
|
||||
}
|
||||
if (acl.val[i].anchor) {
|
||||
strlcpy(buf, " anchor:", buf_len);
|
||||
strlcpy(buf, *acl.val[i].anchor, buf_len);
|
||||
strlcat(buf, " anchor:", buf_len);
|
||||
strlcat(buf, *acl.val[i].anchor, buf_len);
|
||||
}
|
||||
if (i + 1 < acl.len)
|
||||
strlcpy(buf, ", ", buf_len);
|
||||
strlcat(buf, ", ", buf_len);
|
||||
}
|
||||
free_HDB_Ext_PKINIT_acl(&acl);
|
||||
break;
|
||||
}
|
||||
case KRB5_TL_ALIASES: {
|
||||
HDB_Ext_Aliases alias;
|
||||
size_t size;
|
||||
int i, ret;
|
||||
|
||||
ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
|
||||
tl->tl_data_length,
|
||||
&alias,
|
||||
&size);
|
||||
if (ret) {
|
||||
snprintf(buf, buf_len, "failed to decode alias");
|
||||
break;
|
||||
}
|
||||
buf[0] = '\0';
|
||||
for (i = 0; i < alias.aliases.len; i++) {
|
||||
char *p;
|
||||
ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
|
||||
if (ret)
|
||||
break;
|
||||
if (i < 0)
|
||||
strlcat(buf, " ", buf_len);
|
||||
strlcat(buf, p, buf_len);
|
||||
free(p);
|
||||
}
|
||||
free_HDB_Ext_Aliases(&alias);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
snprintf(buf, buf_len, "unknown type %d", subfield);
|
||||
break;
|
||||
@@ -391,7 +419,7 @@ setup_columns(struct get_entry_data *data, const char *column_info)
|
||||
}
|
||||
|
||||
#define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
|
||||
#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes"
|
||||
#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
|
||||
#define DEFAULT_COLUMNS_TERSE "principal="
|
||||
|
||||
static int
|
||||
|
@@ -319,6 +319,12 @@ command = {
|
||||
argument = "principal"
|
||||
help = "allowed target principal"
|
||||
}
|
||||
option = {
|
||||
long = "alias"
|
||||
type = "strings"
|
||||
argument = "principal"
|
||||
help = "aliases"
|
||||
}
|
||||
argument = "principal"
|
||||
min_args = "1"
|
||||
max_args = "1"
|
||||
|
85
kadmin/mod.c
85
kadmin/mod.c
@@ -36,6 +36,70 @@
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
static void
|
||||
add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
|
||||
{
|
||||
krb5_tl_data *tl, **ptl;
|
||||
|
||||
tl = ecalloc(1, sizeof(*tl));
|
||||
tl->tl_data_next = NULL;
|
||||
tl->tl_data_type = KRB5_TL_EXTENSION;
|
||||
tl->tl_data_length = data->length;
|
||||
tl->tl_data_contents = data->data;
|
||||
|
||||
princ->n_tl_data++;
|
||||
ptl = &princ->tl_data;
|
||||
while (*ptl != NULL)
|
||||
ptl = &(*ptl)->tl_data_next;
|
||||
*ptl = tl;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void
|
||||
add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
|
||||
struct getarg_strings *strings)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
HDB_extension ext;
|
||||
krb5_data buf;
|
||||
krb5_principal p;
|
||||
size_t size;
|
||||
int i;
|
||||
|
||||
memset(&ext, 0, sizeof(ext));
|
||||
ext.mandatory = FALSE;
|
||||
ext.data.element = choice_HDB_extension_data_aliases;
|
||||
ext.data.u.aliases.case_insensitive = 0;
|
||||
|
||||
if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
|
||||
ext.data.u.aliases.aliases.val = NULL;
|
||||
ext.data.u.aliases.aliases.len = 0;
|
||||
} else {
|
||||
ext.data.u.aliases.aliases.val =
|
||||
calloc(strings->num_strings,
|
||||
sizeof(ext.data.u.aliases.aliases.val[0]));
|
||||
ext.data.u.aliases.aliases.len = strings->num_strings;
|
||||
|
||||
for (i = 0; i < strings->num_strings; i++) {
|
||||
ret = krb5_parse_name(context, strings->strings[i], &p);
|
||||
ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
|
||||
krb5_free_principal(context, p);
|
||||
}
|
||||
}
|
||||
|
||||
ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
|
||||
&ext, &size, ret);
|
||||
free_HDB_extension(&ext);
|
||||
if (ret)
|
||||
abort();
|
||||
if (buf.length != size)
|
||||
abort();
|
||||
|
||||
add_tl(princ, KRB5_TL_EXTENSION, &buf);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
do_mod_entry(krb5_principal principal, void *data)
|
||||
{
|
||||
@@ -59,7 +123,8 @@ do_mod_entry(krb5_principal principal, void *data)
|
||||
e->pw_expiration_time_string ||
|
||||
e->attributes_string ||
|
||||
e->kvno_integer != -1 ||
|
||||
e->constrained_delegation_string) {
|
||||
e->constrained_delegation_string ||
|
||||
e->alias_strings.num_strings) {
|
||||
ret = set_entry(context, &princ, &mask,
|
||||
e->max_ticket_life_string,
|
||||
e->max_renewable_life_string,
|
||||
@@ -72,7 +137,6 @@ do_mod_entry(krb5_principal principal, void *data)
|
||||
}
|
||||
if (e->constrained_delegation_string) {
|
||||
HDB_extension ext;
|
||||
krb5_tl_data *tl, **ptl;
|
||||
krb5_data buf;
|
||||
krb5_principal p;
|
||||
size_t size;
|
||||
@@ -97,20 +161,15 @@ do_mod_entry(krb5_principal principal, void *data)
|
||||
if (buf.length != size)
|
||||
abort();
|
||||
|
||||
tl = ecalloc(1, sizeof(*tl));
|
||||
tl->tl_data_next = NULL;
|
||||
tl->tl_data_type = KRB5_TL_EXTENSION;
|
||||
tl->tl_data_length = buf.length;
|
||||
tl->tl_data_contents = buf.data;
|
||||
|
||||
princ.n_tl_data++;
|
||||
ptl = &princ.tl_data;
|
||||
while (*ptl != NULL)
|
||||
ptl = &(*ptl)->tl_data_next;
|
||||
*ptl = tl;
|
||||
add_tl(&princ, KRB5_TL_EXTENSION, &buf);
|
||||
|
||||
mask |= KADM5_TL_DATA;
|
||||
}
|
||||
if (e->alias_strings.num_strings) {
|
||||
add_aliases(context, &princ, &e->alias_strings);
|
||||
mask |= KADM5_TL_DATA;
|
||||
}
|
||||
|
||||
} else
|
||||
ret = edit_entry(&princ, &mask, NULL, 0);
|
||||
if(ret == 0) {
|
||||
|
Reference in New Issue
Block a user