From ea6db777a062a1c7d1f767d565be853d82c92e73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 17 Feb 2007 00:00:41 +0000
Subject: [PATCH] add setting and displaying aliases

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20239 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kadmin/get.c              | 46 ++++++++++++++++-----
 kadmin/kadmin-commands.in |  6 +++
 kadmin/mod.c              | 85 +++++++++++++++++++++++++++++++++------
 3 files changed, 115 insertions(+), 22 deletions(-)

diff --git a/kadmin/get.c b/kadmin/get.c
index edefce43e..45034988a 100644
--- a/kadmin/get.c
+++ b/kadmin/get.c
@@ -65,6 +65,7 @@ static struct field_name {
     { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
     { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
     { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
+    { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
     { NULL }
 };
 
@@ -246,7 +247,7 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
 	    if (tl->tl_data_type == subfield)
 		break;
 	if (tl == NULL) {
-	    strlcpy(buf, "no stored value", buf_len);
+	    strlcpy(buf, "", buf_len);
 	    break;
 	}
 
@@ -272,22 +273,49 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
 
 	    buf[0] = '\0';
 	    for (i = 0; i < acl.len; i++) {
-		strlcpy(buf, "subject: ", buf_len);
-		strlcpy(buf, acl.val[i].subject, buf_len);
+		strlcat(buf, "subject: ", buf_len);
+		strlcat(buf, acl.val[i].subject, buf_len);
 		if (acl.val[i].issuer) {
-		    strlcpy(buf, " issuer:", buf_len);
-		    strlcpy(buf, *acl.val[i].issuer, buf_len);
+		    strlcat(buf, " issuer:", buf_len);
+		    strlcat(buf, *acl.val[i].issuer, buf_len);
 		}
 		if (acl.val[i].anchor) {
-		    strlcpy(buf, " anchor:", buf_len);
-		    strlcpy(buf, *acl.val[i].anchor, buf_len);
+		    strlcat(buf, " anchor:", buf_len);
+		    strlcat(buf, *acl.val[i].anchor, buf_len);
 		}
 		if (i + 1 < acl.len)
-		    strlcpy(buf, ", ", buf_len);
+		    strlcat(buf, ", ", buf_len);
 	    }
 	    free_HDB_Ext_PKINIT_acl(&acl);
 	    break;
 	}
+	case KRB5_TL_ALIASES: {
+	    HDB_Ext_Aliases alias;
+	    size_t size;
+	    int i, ret;
+
+	    ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
+					 tl->tl_data_length,
+					 &alias,
+					 &size);
+	    if (ret) {
+		snprintf(buf, buf_len, "failed to decode alias");
+		break;
+	    }
+	    buf[0] = '\0';
+	    for (i = 0; i < alias.aliases.len; i++) {
+		char *p;
+		ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
+		if (ret)
+		    break;
+		if (i < 0)
+		    strlcat(buf, " ", buf_len);
+		strlcat(buf, p, buf_len);
+		free(p);
+	    }
+	    free_HDB_Ext_Aliases(&alias);
+	    break;
+	}
 	default:
 	    snprintf(buf, buf_len, "unknown type %d", subfield);
 	    break;
@@ -391,7 +419,7 @@ setup_columns(struct get_entry_data *data, const char *column_info)
 }
 
 #define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
-#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes"
+#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
 #define DEFAULT_COLUMNS_TERSE "principal="
 
 static int
diff --git a/kadmin/kadmin-commands.in b/kadmin/kadmin-commands.in
index b83160f43..9c29dd42a 100644
--- a/kadmin/kadmin-commands.in
+++ b/kadmin/kadmin-commands.in
@@ -319,6 +319,12 @@ command = {
 		argument = "principal"
 		help = "allowed target principal"
 	}
+	option = {
+		long = "alias"
+		type = "strings"
+		argument = "principal"
+		help = "aliases"
+	}
 	argument = "principal"
 	min_args = "1"
 	max_args = "1"
diff --git a/kadmin/mod.c b/kadmin/mod.c
index b37d36355..f89fd051c 100644
--- a/kadmin/mod.c
+++ b/kadmin/mod.c
@@ -36,6 +36,70 @@
 
 RCSID("$Id$");
 
+static void
+add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
+{
+    krb5_tl_data *tl, **ptl;
+
+    tl = ecalloc(1, sizeof(*tl));
+    tl->tl_data_next = NULL;
+    tl->tl_data_type = KRB5_TL_EXTENSION;
+    tl->tl_data_length = data->length;
+    tl->tl_data_contents = data->data;
+    
+    princ->n_tl_data++;
+    ptl = &princ->tl_data;
+    while (*ptl != NULL)
+	ptl = &(*ptl)->tl_data_next;
+    *ptl = tl;
+
+    return;
+}
+
+static void
+add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
+	    struct getarg_strings *strings)
+{
+    krb5_error_code ret;
+    HDB_extension ext;
+    krb5_data buf;
+    krb5_principal p;
+    size_t size;
+    int i;
+    
+    memset(&ext, 0, sizeof(ext));
+    ext.mandatory = FALSE;
+    ext.data.element = choice_HDB_extension_data_aliases;
+    ext.data.u.aliases.case_insensitive = 0;
+
+    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+	ext.data.u.aliases.aliases.val = NULL;
+	ext.data.u.aliases.aliases.len = 0;
+    } else {
+	ext.data.u.aliases.aliases.val = 
+	    calloc(strings->num_strings, 
+		   sizeof(ext.data.u.aliases.aliases.val[0]));
+	ext.data.u.aliases.aliases.len = strings->num_strings;
+	
+	for (i = 0; i < strings->num_strings; i++) {
+	    ret = krb5_parse_name(context, strings->strings[i], &p);
+	    ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+	    krb5_free_principal(context, p);
+	}
+    }
+
+    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+		       &ext, &size, ret);
+    free_HDB_extension(&ext);
+    if (ret)
+	abort();
+    if (buf.length != size)
+	abort();
+    
+    add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
+
 static int
 do_mod_entry(krb5_principal principal, void *data)
 {
@@ -59,7 +123,8 @@ do_mod_entry(krb5_principal principal, void *data)
        e->pw_expiration_time_string ||
        e->attributes_string ||
        e->kvno_integer != -1 ||
-       e->constrained_delegation_string) {
+       e->constrained_delegation_string ||
+       e->alias_strings.num_strings) {
 	ret = set_entry(context, &princ, &mask, 
 			e->max_ticket_life_string, 
 			e->max_renewable_life_string, 
@@ -72,7 +137,6 @@ do_mod_entry(krb5_principal principal, void *data)
 	}
 	if (e->constrained_delegation_string) {
 	    HDB_extension ext;
-	    krb5_tl_data *tl, **ptl;
 	    krb5_data buf;
 	    krb5_principal p;
 	    size_t size;
@@ -97,20 +161,15 @@ do_mod_entry(krb5_principal principal, void *data)
 	    if (buf.length != size)
 		abort();
 
-	    tl = ecalloc(1, sizeof(*tl));
-	    tl->tl_data_next = NULL;
-	    tl->tl_data_type = KRB5_TL_EXTENSION;
-	    tl->tl_data_length = buf.length;
-	    tl->tl_data_contents = buf.data;
-
-	    princ.n_tl_data++;
-	    ptl = &princ.tl_data;
-	    while (*ptl != NULL)
-		ptl = &(*ptl)->tl_data_next;
-	    *ptl = tl;
+	    add_tl(&princ, KRB5_TL_EXTENSION, &buf);
 
 	    mask |= KADM5_TL_DATA;
 	}
+	if (e->alias_strings.num_strings) {
+	    add_aliases(context, &princ, &e->alias_strings);
+	    mask |= KADM5_TL_DATA;
+	}
+
     } else
 	ret = edit_entry(&princ, &mask, NULL, 0);
     if(ret == 0) {