kadmin directory being moved away to kadmin.old and kadmin.v4
authorTheodore Tso <tytso@mit.edu>
Tue, 25 Apr 1995 02:16:45 +0000 (02:16 +0000)
committerTheodore Tso <tytso@mit.edu>
Tue, 25 Apr 1995 02:16:45 +0000 (02:16 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5474 dc483132-0cff-0310-8789-dd5450dbe970

41 files changed:
src/kadmin/Makefile.in [deleted file]
src/kadmin/client/ChangeLog [deleted file]
src/kadmin/client/Makefile.in [deleted file]
src/kadmin/client/configure.in [deleted file]
src/kadmin/client/kadmin.M [deleted file]
src/kadmin/client/kadmin.c [deleted file]
src/kadmin/client/kadmin_add.c [deleted file]
src/kadmin/client/kadmin_adr.c [deleted file]
src/kadmin/client/kadmin_cpr.c [deleted file]
src/kadmin/client/kadmin_cpw.c [deleted file]
src/kadmin/client/kadmin_del.c [deleted file]
src/kadmin/client/kadmin_done.c [deleted file]
src/kadmin/client/kadmin_inq.c [deleted file]
src/kadmin/client/kadmin_mod.c [deleted file]
src/kadmin/client/kadmin_msnd.c [deleted file]
src/kadmin/configure.in [deleted file]
src/kadmin/kpasswd/ChangeLog [deleted file]
src/kadmin/kpasswd/Makefile.in [deleted file]
src/kadmin/kpasswd/configure.in [deleted file]
src/kadmin/kpasswd/kpasswd.M [deleted file]
src/kadmin/kpasswd/kpasswd.c [deleted file]
src/kadmin/kpasswd/networked.c [deleted file]
src/kadmin/server/ChangeLog [deleted file]
src/kadmin/server/adm_adm_func.c [deleted file]
src/kadmin/server/adm_check.c [deleted file]
src/kadmin/server/adm_extern.c [deleted file]
src/kadmin/server/adm_extern.h [deleted file]
src/kadmin/server/adm_fmt_inq.c [deleted file]
src/kadmin/server/adm_funcs.c [deleted file]
src/kadmin/server/adm_kadmin.c [deleted file]
src/kadmin/server/adm_kpasswd.c [deleted file]
src/kadmin/server/adm_listen.c [deleted file]
src/kadmin/server/adm_msgs.c [deleted file]
src/kadmin/server/adm_nego.c [deleted file]
src/kadmin/server/adm_network.c [deleted file]
src/kadmin/server/adm_parse.c [deleted file]
src/kadmin/server/adm_process.c [deleted file]
src/kadmin/server/adm_server.c [deleted file]
src/kadmin/server/adm_v4_pwd.c [deleted file]
src/kadmin/server/admin_acl_file [deleted file]
src/kadmin/server/kadmind.M [deleted file]

diff --git a/src/kadmin/Makefile.in b/src/kadmin/Makefile.in
deleted file mode 100644 (file)
index 534ff10..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-CFLAGS = $(CCOPTS)
-LDFLAGS = -g
-
-all::
-
diff --git a/src/kadmin/client/ChangeLog b/src/kadmin/client/ChangeLog
deleted file mode 100644 (file)
index c519612..0000000
+++ /dev/null
@@ -1,98 +0,0 @@
-Thu Apr 20 18:18:48 1995  Mark Eichin  <eichin@cygnus.com>
-
-       Changes from Ian Taylor <ian@cygnus.com> to support testsuite.
-       Support -p port argument to kadmin client.
-       * kadmin.c (main): parse -p argument.
-       (adm5_init_link): new port argument, use it in preference to
-       getservbyname.
-       (usage): document new -p argument.
-
-Thu Apr 20 11:45:10 1995    <tytso@rsx-11.mit.edu>
-
-       * kadmin.c, kadmin_add.c, kadmin_adr.c, kadmin_cpr.c kadmin_cpw.c,
-        kadmin_del.c, kadmin_done.c, kadmin_inq.c, kadmin_mod.c,
-        kadmin_msnd.c: Add include of adm_defs.h, since that's no longer
-               included by krb5.h.
-
-Fri Mar 17 15:36:07 1995  Chris Provenzano (proven@mit.edu)
-
-        * kadmin_inq.c, kadmin.c:
-               Cast malloc() return value to shut compiler up.
-
-Fri Mar 10 11:09:34 1995  Chris Provenzano (proven@mit.edu)
-
-       * kadmin.c, kadmin_adr.c, kadmin_cpw.c, kadmin_done.c, kadmin_mod.c
-       * kadmin_add.c, kadmin_cpr.c, kadmin_del.c, kadmin_inq.c, kadmin_msnd.c
-               Use new calling convention for krb5_sendauth(), krb5_mk_priv(), 
-               krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe().
-
-Thu Mar  2 12:24:25 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
-
-Wed Mar  1 16:29:19 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
-               and -lnsl with WITH_NETLIB check.
-
-Tue Feb 28 02:18:37 1995  John Gilmore  (gnu at toad.com)
-
-       * *.c:  Avoid <krb5/...> and <com_err.h> includes.
-
-Tue Feb 14 15:30:55 1995 Chris Provenzano  (proven@mit.edu)
-
-        * kadmin.c Call krb5_sendauth() with new calling convention
-
-Fri Feb 10 17:50:39 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * kadmin_msnd.c: Remove needless #include of <krb5/asn.1/encode.h>
-
-Mon Feb 06 17:19:04 1995 Chris Provenzano  (proven@mit.edu)
-
-        * kadmin.c: Removed krb5_keytype, changed krb5_enctype to
-                krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
-                for krb5_get_in_tkt_with_password() rotuine.
-
-Fri Feb  3 03:03:27 1995  John Gilmore  <gnu@cygnus.com>
-
-       * kadmin.c (main):  Real live non-kludged argument parsing.
-       Add -c option to specify ticket cache location (it really
-       should just use a cache in memory in the process, but that
-       isn't written yet).  Make some error messages more explicit!
-
-Wed Jan 25 16:54:40 1995  Chris Provenzano (proven@mit.edu)
-
-        * Removed all narrow types and references to wide.h and narrow.h
-
-Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)
-
-    * Added krb5_context to all krb5_routines
-
-Mon Oct  3 19:12:43 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: Use $(srcdir) to find manual page for make install.
-
-Thu Sep 29 22:39:10 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: relink executable if libraries change
-
-Thu Sep 15 16:49:19 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * kadm_add.c (kadm_add_user): Don't chop off last character of
-               principal if it was supplied by the caller (instead of
-               prompting the user to enter a principal).
-
-Wed Sep 14 22:20:46 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * kadmin_add.c (kadm_add_user): removed a duplicated
-               free(inbuf.data) call.
-
-Sat Jul 16 02:47:38 1994  Tom Yu  (tlyu at dragons-lair)
-
-       * kadmin.c (get_first_ticket): change error code to match
-
-Fri Jun 24 22:48:29 1994  Theodore Y. Ts'o  (tytso at tsx-11)
-
-       * kadmin_done (kadm_done): fix memory allocation bugs
-
-
diff --git a/src/kadmin/client/Makefile.in b/src/kadmin/client/Makefile.in
deleted file mode 100644 (file)
index 64140ed..0000000
+++ /dev/null
@@ -1,49 +0,0 @@
-CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
-LDFLAGS = -g
-
-COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
-SSLIB=$(BUILDTOP)/util/ss/libss.a
-DBMLIB=
-KDBLIB=$(TOPLIBD)/libkdb5.a 
-
-all::
-
-KLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB)
-DEPKLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB)
-
-SRCS = \
-       $(srcdir)/kadmin.c \
-       $(srcdir)/kadmin_add.c \
-       $(srcdir)/kadmin_adr.c \
-       $(srcdir)/kadmin_cpr.c \
-       $(srcdir)/kadmin_inq.c \
-       $(srcdir)/kadmin_msnd.c \
-       $(srcdir)/kadmin_mod.c \
-       $(srcdir)/kadmin_cpw.c \
-       $(srcdir)/kadmin_del.c \
-       $(srcdir)/kadmin_done.c
-
-OBJS = \
-       kadmin.o \
-       kadmin_add.o \
-       kadmin_adr.o \
-       kadmin_cpr.o \
-       kadmin_inq.o \
-       kadmin_msnd.o \
-       kadmin_mod.o \
-       kadmin_cpw.o \
-       kadmin_del.o \
-       kadmin_done.o
-
-all::  kadmin
-
-kadmin: $(KDBDEPLIB) $(OBJS) $(DEPKLIB)
-       $(CC) $(CFLAGS) -o kadmin $(OBJS) $(KLIB) $(LIBS)
-
-install::
-       $(INSTALL_PROGRAM) kadmin ${DESTDIR}$(CLIENT_BINDIR)/kadmin
-       $(INSTALL_DATA) $(srcdir)/kadmin.M ${DESTDIR}$(CLIENT_MANDIR)/kadmin.1
-
-clean::
-       $(RM) kadmin
-
diff --git a/src/kadmin/client/configure.in b/src/kadmin/client/configure.in
deleted file mode 100644 (file)
index 55d33a6..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-AC_INIT(kadmin.c)
-WITH_CCOPTS
-CONFIG_RULES
-AC_SET_BUILDTOP
-AC_PROG_INSTALL
-WITH_NETLIB
-ET_RULES
-KRB_INCLUDE
-WITH_KRB5ROOT
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/kadmin/client/kadmin.M b/src/kadmin/client/kadmin.M
deleted file mode 100644 (file)
index 180a1a9..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-.\" this file was somehow lost
-.\" but CVS deals badly with 0 length files.
diff --git a/src/kadmin/client/kadmin.c b/src/kadmin/client/kadmin.c
deleted file mode 100644 (file)
index 397a7df..0000000
+++ /dev/null
@@ -1,725 +0,0 @@
-/*
- * kadmin/client/kadmin.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <pwd.h>
-#include "com_err.h"
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
-#endif
-
-#include "krb5.h"
-#include "adm_defs.h"
-
-static krb5_error_code get_first_ticket 
-       PROTOTYPE((krb5_context,
-                  krb5_ccache, 
-                  krb5_principal,
-                  krb5_creds *));
-
-struct sockaddr_in local_sin, remote_sin;
-
-char cache_name[255] = "";
-
-static void get_def_princ
-       PROTOTYPE((krb5_context,
-                  krb5_principal * ));
-
-void decode_kadmind_reply();
-int print_status_message();
-extern char *optarg;
-extern int optind;
-
-
-void
-main(argc,argv)
-  int argc;
-  char *argv[];
-{
-    krb5_ccache cache = NULL;
-
-    krb5_address local_addr, foreign_addr;
-
-    krb5_principal client;
-
-    char *client_name; /* Single string representation of client id */
-
-    krb5_data *requested_realm;
-    krb5_creds my_creds;
-
-    krb5_error_code retval;    /* return code */
-
-    int local_socket;
-
-    krb5_error *err_ret;
-    krb5_ap_rep_enc_part *rep_ret;
-
-    kadmin_requests rd_priv_resp;
-
-    krb5_context context;
-    krb5_data msg_data, inbuf;
-    char buffer[255];
-    char command_type[120];
-    char princ_name[120];
-    int i, valid;
-    int option;
-    int oper_type;
-    int nflag = 0;
-    int port = 0;
-
-    krb5_auth_context * new_auth_context;
-    krb5_replay_data replaydata;
-
-    krb5_init_context(&context);
-    krb5_init_ets(context);
-
-    client_name = (char *) malloc(755);
-    memset((char *) client_name, 0, sizeof(client_name));
-
-    while ((option = getopt(argc, argv, "c:np:")) != EOF) {
-       switch (option) {
-         case 'c':
-           strcpy (cache_name, optarg);
-           break;
-         case 'n':
-           nflag++;
-           break;
-         case 'p':
-           port = htons(atoi(optarg));
-           break;
-         case '?':
-         default:
-           usage();
-           break;
-       }
-    }
-    
-    if (optind < argc) {
-       /* Admin name specified on command line */
-       strcpy(client_name, argv[optind++]);
-       if (retval = krb5_parse_name(context, client_name, &client)) {
-           fprintf(stderr, "Error Parsing %s\n", client_name);
-           usage();
-       }
-    }
-    else {
-       /* Admin name should be defaulted */
-       get_def_princ(context, &client);
-       if (retval = krb5_unparse_name(context, client, &client_name)) {
-           fprintf(stderr, "Unable to unparse default administrator name!\n");
-           usage();
-       }
-    }
-
-    /* At this point, both client and client_name are set up. */
-
-    if (!nflag) {
-       strcpy(client_name, client->data[0].data);
-       strncat(client_name, "/admin@", 7);
-       strncat(client_name, client->realm.data, client->realm.length);
-       if (retval = krb5_parse_name(context, client_name, &client)) {
-           fprintf(stderr, "Unable to Parse %s\n", client_name);
-           usage();
-       }
-    }
-
-    if (optind < argc)
-       usage();
-
-       /* Create credential cache for kadmin */
-    if (!cache_name[0])
-        (void) sprintf(cache_name, "FILE:/tmp/tkt_adm_%d", getpid());
-
-    if ((retval = krb5_cc_resolve(context, cache_name, &cache))) {
-       fprintf(stderr, "Unable to Resolve Cache: %s!\n", cache_name);
-    }
-    
-    if ((retval = krb5_cc_initialize(context, cache, client))) {
-        fprintf(stderr, "Error initializing cache: %s!\n", cache_name);
-        exit(1);
-    }
-/*
- *     Verify User by Obtaining Initial Credentials prior to Initial Link
- */
-
-    if ((retval = get_first_ticket(context, cache, client, &my_creds))) {
-        (void) krb5_cc_destroy(context, cache);
-       exit(1);
-    }
-    /* my_creds has the necessary credentials for further processing:
-       Destroy credential cache for security reasons */
-    (void) krb5_cc_destroy(context, cache);
-    
-    requested_realm = (krb5_data *) &client->realm;
-
-
-       /* Initiate Link to Server */
-    if ((retval = adm5_init_link(context, requested_realm, port,
-                                &local_socket))) {
-       (void) krb5_cc_destroy(context, cache);
-       exit(1);
-    } 
-
-#ifdef unicos61
-#define SIZEOF_INADDR  SIZEOF_in_addr
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-/* V4 kpasswd Protocol Hack
- *     Necessary for ALL kadmind clients
- */
-    {
-       int msg_length = 0;
-
-       retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2);
-       if (retval < 0) {
-           fprintf(stderr, "krb5_net_write failure!\n");
-            (void) krb5_cc_destroy(context, cache);
-           exit(1);
-       }
-    }
-
-    local_addr.addrtype = ADDRTYPE_INET;
-    local_addr.length = SIZEOF_INADDR ;
-    local_addr.contents = (krb5_octet *) &local_sin.sin_addr;
-
-    foreign_addr.addrtype = ADDRTYPE_INET;
-    foreign_addr.length = SIZEOF_INADDR ;
-    foreign_addr.contents = (krb5_octet *) &remote_sin.sin_addr;
-
-    krb5_auth_con_init(context, &new_auth_context);
-    krb5_auth_con_setflags(context, new_auth_context,
-                           KRB5_AUTH_CONTEXT_RET_SEQUENCE);
-  
-    krb5_auth_con_setaddrs(context, new_auth_context,
-                           &local_addr, &foreign_addr);
-
-    /* call Kerberos library routine to obtain an authenticator,
-       pass it over the socket to the server, and obtain mutual
-       authentication. */
-
-    inbuf.data = ADM5_ADM_VERSION;
-    inbuf.length = strlen(ADM5_ADM_VERSION);
-
-    if ((retval = krb5_sendauth(context, &new_auth_context,
-                       (krb5_pointer) &local_socket,
-                       ADM_CPW_VERSION, 
-                       my_creds.client, 
-                       my_creds.server,
-                       AP_OPTS_MUTUAL_REQUIRED,
-                       &inbuf,
-                       &my_creds,           
-                       0,
-                       &err_ret,
-                       &rep_ret, 
-                       NULL))) {
-       fprintf(stderr, "Error while performing sendauth: %s!\n",
-                       error_message(retval));
-       exit(1);
-    }
-
-       /* Read back what the server has to say ... */
-    if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-       fprintf(stderr, " Read Message Error: %s!\n",
-                       error_message(retval));
-        exit(1);
-    }
-
-    if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) ||
-                       (inbuf.data[1] != KADMSAG)){
-       fprintf(stderr, " Invalid ack from admin server.!\n");
-        exit(1);
-    }
-    free(inbuf.data);
-
-    if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) {
-       fprintf(stderr, "No memory for command!\n");
-        exit(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = 0xff;
-    inbuf.length = 2;
-
-    if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-       fprintf(stderr, "Error during First Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-        exit(1);
-    }
-    free(inbuf.data);
-
-               /* write private message to server */
-    if (krb5_write_message(context, &local_socket, &msg_data)){
-       fprintf(stderr, "Write Error During First Message Transmission!\n");
-        exit(1);
-    } 
-    free(msg_data.data);
-
-    for ( ; ; ) {
-               /* Ok Now let's get the private message */
-       if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-           fprintf(stderr, "Read Error During First Reply: %s!\n",
-                       error_message(retval));
-            exit(1);
-       }
-
-       if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf,
-                                  &msg_data, &replaydata))) {
-           fprintf(stderr, "Error during First Read Decoding: %s!\n", 
-                       error_message(retval));
-            exit(1);
-       }
-       free(inbuf.data);
-
-       valid = 0;
-       princ_name[0] = '\0';
-repeat:
-       printf("\n\nCommand (add, cpw, del, inq, mod, addrnd, cpwrnd, addv4, cpwv4, q): ");
-       fgets(buffer, sizeof(buffer), stdin);
-       buffer[strlen(buffer) -1] = '\0';
-       sscanf(buffer,"%s %s", command_type, princ_name);
-       for (i = 0; command_type[i] != '\0'; i++)
-           if (isupper(command_type[i]))
-               command_type[i] = tolower(command_type[i]);
-       
-       if (!strcmp(command_type, "add")) {
-           valid++;
-           oper_type = ADDOPER;
-           if (retval = kadm_add_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, oper_type, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "cpw")) {
-           valid++;
-           oper_type = CHGOPER;
-           if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, oper_type, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "addrnd")) {
-           valid++;
-           if (retval = kadm_add_user_rnd(context, new_auth_context, &my_creds,
-                                          &local_socket, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "cpwrnd")) {
-           valid++;
-           if (retval = kadm_cpw_user_rnd(context, new_auth_context, &my_creds, 
-                                          &local_socket, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "del")) {
-           valid++;
-           if (retval = kadm_del_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "inq")) {
-           valid++;
-           if (retval = kadm_inq_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "mod")) {
-           valid++;
-           if (retval = kadm_mod_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "addv4")) {
-           valid++;
-           oper_type = AD4OPER;
-           if (retval = kadm_add_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, oper_type, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "cpwv4")) {
-           valid++;
-           oper_type = CH4OPER;
-           if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, 
-                                      &local_socket, oper_type, princ_name)) 
-           break;
-       }
-       if (!strcmp(command_type, "q")) { 
-           valid++;
-           retval = kadm_done(context, new_auth_context, &my_creds, 
-                              &local_socket); 
-           break;
-       }
-       
-       if (!valid) {
-           fprintf(stderr, "Invalid Input - Retry\n");
-           goto repeat;
-       }
-    }
-
-    if (retval) {
-        exit(1);
-    }
-
-               /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-       fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                        error_message(retval));
-        exit(1);
-    }
-     
-    if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-       fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-                        error_message(retval));
-       free(inbuf.data);
-       exit(1);
-    }
-    free(inbuf.data);
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-    free(msg_data.data);
-    
-    if (!((rd_priv_resp.appl_code == KADMIN) &&
-         (rd_priv_resp.retn_code == KADMGOOD))) {
-       if (rd_priv_resp.message)
-           fprintf(stderr, "%s\n", rd_priv_resp.message);
-       else
-           fprintf(stderr, "Generic Error During kadmin Termination!\n");
-       retval = 1;
-    } else {
-       fprintf(stderr, "\nHave a Good Day.\n\n");
-    }
-
-    if (rd_priv_resp.message)
-       free(rd_priv_resp.message);
-
-    
-    exit(retval);
-}
-
-static krb5_error_code
-get_first_ticket(context, cache, client, my_creds)
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_principal client;
-    krb5_creds * my_creds;
-{
-    char prompt[255];                  /* for the password prompt */
-    
-    krb5_address **my_addresses;
-
-    char *client_name;
-    krb5_error_code retval;
-    char *password;
-    int  pwsize;
-    int         i;
-    
-    if ((retval = krb5_unparse_name(context, client, &client_name))) {
-       fprintf(stderr, "Unable to Unparse Client Name!\n");
-       return(1);
-    }
-
-    if ((retval = krb5_os_localaddr(&my_addresses))) {
-       fprintf(stderr, "Unable to Get Principals Address!\n");
-       return(1);
-    }
-
-    memset((char *) my_creds, 0, sizeof(krb5_creds));
-
-    my_creds->client = client;
-
-    if ((retval = krb5_build_principal_ext(context, &my_creds->server,
-                                        client->realm.length, 
-                                       client->realm.data,
-                                        strlen(CPWNAME),
-                                       CPWNAME,    /* kadmin */
-                                        client->realm.length,
-                                       client->realm.data, 
-                                          /* instance is <realm> */
-                                        0))) {
-        fprintf(stderr, "Error %s while building client name!\n",
-               error_message(retval));
-       krb5_free_addresses(context, my_addresses);
-        return(1);
-    }
-    
-    (void) sprintf(prompt,"Password for %s: ", (char *) client_name);
-
-    if ((password = (char *) calloc (1, 255)) == NULL) {
-        fprintf(stderr, "No Memory for Retrieving Admin Password!\n");
-        return(1);
-    }
-
-    pwsize = 255;
-    if ((retval = krb5_read_password(context, 
-                                prompt,
-                                0,
-                                password,
-                                &pwsize) || pwsize == 0)) {
-       fprintf(stderr, "Error while reading password for '%s'!\n",
-                                client_name);
-       free(password);
-       krb5_free_addresses(context, my_addresses);
-       return(1);
-    }
-
-       /*      Build Request for Initial Credentials */
-    retval = krb5_get_in_tkt_with_password(context, 0, /* options */
-                                       my_addresses,
-                                        NULL, /* Default encryption list */
-                                        NULL, /* Default preauth list */
-                                       password, cache, my_creds, 0);
-    
-        /* Do NOT Forget to zap password  */
-    memset((char *) password, 0, pwsize);
-    free(password);
-    krb5_free_addresses(context, my_addresses);
-    
-    if (retval) {
-            fprintf(stderr, "\nUnable to Get Initial Credentials: %s!\n",
-                        error_message(retval));
-            return(1);
-    }
-    return(0);
-}
-
-krb5_error_code
-adm5_init_link(context, realm_of_server, port, local_socket)
-    krb5_context context;
-    krb5_data *realm_of_server;
-    int port;
-    int * local_socket;
-{
-    struct servent *service_process;          /* service we will talk to */
-    struct hostent *remote_host;              /* host we will talk to */
-    char **hostlist;
-    int namelen;
-    int i;
-
-    krb5_error_code retval;
-
-    /* clear out the structure first */
-    (void) memset((char *)&remote_sin, 0, sizeof(remote_sin));
-
-    if (port != 0) {
-        remote_sin.sin_port = port;
-    } else {
-       if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) {
-           fprintf(stderr, "Unable to find Service (%s) Check services file!\n",
-                   CPW_SNAME);
-           return(1);
-       }
-
-                   /* Copy the Port Number */
-       remote_sin.sin_port = service_process->s_port;
-    }
-
-    hostlist = 0;
-
-               /* Identify all Hosts Associated with this Realm */
-    if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) {
-        fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name!\n");
-        return(retval);
-    }
-
-    if (hostlist[0] == 0) {
-        fprintf(stderr, "No hosts found!\n");
-        return KRB5_REALM_UNKNOWN;
-    }
-
-    for (i=0; hostlist[i]; i++) {
-        remote_host = gethostbyname(hostlist[i]);
-        if (remote_host != 0) {
-
-               /* set up the address of the foreign socket for connect() */
-           remote_sin.sin_family = remote_host->h_addrtype;
-           (void) memcpy((char *) &remote_sin.sin_addr, 
-                       (char *) remote_host->h_addr,
-                       sizeof(remote_host->h_addr));
-           break;      /* Only Need one */
-       }
-    }
-
-    krb5_free_krbhst(context, hostlist);
-
-    /* open a TCP socket */
-    *local_socket = socket(PF_INET, SOCK_STREAM, 0);
-    if (*local_socket < 0) {
-       retval = errno;
-       fprintf(stderr, "Cannot Open Socket!\n");
-       return retval;
-    }
-    /* connect to the server */
-    if (connect(*local_socket, &remote_sin, sizeof(remote_sin)) < 0) {
-       retval = errno;
-       fprintf(stderr, "Cannot Connect to Socket!\n");
-       close(*local_socket);
-       return retval;
-    }
-
-    /* find out who I am, now that we are connected and therefore bound */
-    namelen = sizeof(local_sin);
-    if (getsockname(*local_socket, 
-               (struct sockaddr *) &local_sin, &namelen) < 0) {
-       retval = errno;
-       fprintf(stderr, "Cannot Perform getsockname!\n");
-       close(*local_socket);
-       return retval;
-    }
-       return 0;
-}
-
-static void
-get_def_princ(context, client)
-     krb5_context context;
-     krb5_principal *client;
-{
-    krb5_ccache cache = NULL;
-    struct passwd *pw;
-    int retval;
-    char client_name[755];
-    krb5_flags cc_flags;
-
-    /* Identify Default Credentials Cache */
-    if (retval = krb5_cc_default(context, &cache)) {
-       fprintf(stderr, "Error while getting default ccache!\n");
-       exit(1);
-    }
-    
-    /*
-     *         Attempt to Modify Credentials Cache 
-     *         retval == 0 ==> ccache Exists - Use It 
-     *                 retval == ENOENT ==> No Entries, but ccache Exists 
-     *         retval != 0 ==> Assume ccache does NOT Exist 
-     */
-    cc_flags = 0;
-    if (retval = krb5_cc_set_flags(context, cache, cc_flags)) {
-       /* Search passwd file for client */
-       pw = getpwuid((int) getuid());
-       if (pw) {
-           (void) strcpy(client_name, pw->pw_name);
-           if (!strncmp("root", client_name, strlen(client_name))) {
-               fprintf(stderr,
-                       "root is not a valid Adimnistrator\n!\n");
-               usage();
-           }
-       } else {
-           fprintf(stderr, 
-                   "Unable to Identify Principal from Password File!\n");
-           retval = 1;
-           usage();
-       }
-       
-       /* Use this to get default_realm and format client_name */
-       if ((retval = krb5_parse_name(context, client_name, client))) {
-           fprintf(stderr, "Unable to Parse Client Name!\n");
-           usage();
-       }
-    } else {
-       /* Read Client from Cache */
-       if (retval = krb5_cc_get_principal(context, cache, client)) {
-           fprintf(stderr, 
-                   "Unable to Read Principal Credentials File!\n");
-           exit(1);
-       }
-       
-       if (!strncmp("root", (*client)->data[0].data, 
-                    (*client)->data[0].length)) {
-           fprintf(stderr, "root is not a valid Administrator\n!\n");
-           usage();
-       }
-       
-       (void) krb5_cc_close(context, cache);
-    }
-}
-
-usage()
-{
-    fprintf(stderr, "Usage:    ");
-    fprintf(stderr, "kadmin [-n] [-p port] [Administrator name]\n\n");
-    fprintf(stderr, "  If an Administrator name is not supplied, kadmin ");
-    fprintf(stderr, "will first\n      attempt to locate the name from ");
-    fprintf(stderr, "the default ticket file, then\n   by using the ");
-    fprintf(stderr, "username from the 'passwd' file.\n\n");
-    fprintf(stderr, "  For Cross Realm Obtain a ticket for 'Administrator ");
-    fprintf(stderr, "name' in the\n    Destination realm or ");
-    fprintf(stderr, "specify the Destination Realm\n   as part of the ");
-    fprintf(stderr, "Administrator name option.\n\n");
-    fprintf(stderr, "  Note: If the Administrator Name is not ");
-    fprintf(stderr, "supplied, then the \n");
-    fprintf(stderr, "  '/admin' instance will be appended to the ");
-    fprintf(stderr, "default name unless\n");
-    fprintf(stderr, "  the -n option is used.\n\n");
-    exit(0);
-}
-
-void decode_kadmind_reply(data, response)
-    krb5_data  data;
-    kadmin_requests    *response;
-{
-    response->appl_code = data.data[0];
-    response->oper_code = data.data[1];
-    response->retn_code = data.data[2];
-    if (data.length > 3 && data.data[3]) {
-       response->message = (char *)malloc(data.length - 2);
-       if (response->message) {
-           memcpy(response->message, data.data + 3, data.length - 3);
-           response->message[data.length - 3] = 0;
-       }
-    } else
-       response->message = NULL;
-
-    return;
-}
-
-int print_status_message(response, success_msg)
-    kadmin_requests    *response;
-    char               *success_msg;
-{
-    int        retval = 1;
-    
-    if (response->appl_code == KADMIN) {
-       if (response->retn_code == KADMGOOD) {
-           fprintf(stderr, "%s\n", success_msg);
-           retval = 0;
-       } else if (response->retn_code == KADMBAD) 
-           fprintf(stderr, "%s\n", response->message);
-       else
-           fprintf(stderr, "ERROR: unknown return code from server.\n");
-    } else
-       fprintf(stderr, "ERROR: unknown application code from server.\n");
-
-    if (response->message)
-       free(response->message);
-    
-    return retval;
-}    
diff --git a/src/kadmin/client/kadmin_add.c b/src/kadmin/client/kadmin_add.c
deleted file mode 100644 (file)
index c04eca8..0000000
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * kadmin/client/kadmin_add.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_add
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include "com_err.h"
-
-#include <sys/param.h>
-
-#include "k5-int.h"
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_add_user(context, auth_context, my_creds, local_socket, 
-             oper_type, principal)
-    krb5_context         context;
-    krb5_auth_context  * auth_context;
-    krb5_creds                 * my_creds;
-    int                * local_socket;
-    int                  oper_type;
-    char               * principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[255];
-    char *password;
-    int pwsize;
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-    
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-    
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = oper_type;
-    inbuf.data[2] = SENDDATA2;
-    
-    if (principal && principal[0] != '\0')
-       strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, "\nName of Principal to be Added: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       } while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-
-       username[strlen(username) -1] = '\0';
-    }
-    
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-    
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-    
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    
-    free(msg_data.data);
-    
-     if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Second Reply: %s!\n",
-               error_message(retval));
-        return(1);
-    }
-    
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-        fprintf(stderr, "Error during Second Read Decoding :%s!\n", 
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-    
-    if (msg_data.data[2] == KADMBAD) {
-       decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-       if (rd_priv_resp.message) {
-           fprintf(stderr, "%s\n\n", rd_priv_resp.message);
-           free(rd_priv_resp.message);
-       } else
-           fprintf(stderr, "Generic error from server.\n\n");
-        return(0);
-    }
-    
-#ifdef MACH_PASS
-    pwsize = msg_data.length;
-    if ((password = (char *) calloc (1, pwsize)) == (char *) 0) {
-       fprintf(stderr, "No Memory for allocation of password!\n");
-       retval = 1;
-       free(msg_data.data);
-       return(1);
-    }
-    
-    memcpy(password, msg_data.data, pwsize);
-    memset(msg_data.data, 0, pwsize);
-    password[pwsize] = '\0';
-    fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password);
-    memset(password, 0, pwsize);
-    free(password);
-    fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n");
-    
-    free(msg_data.data);
-    
-    if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = KADMGOOD;
-    inbuf.length = 2;
-   
-#else
-
-    if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) {
-       fprintf(stderr, "No Memory for allocation of password!\n");
-       return(1);
-    }
-
-    pwsize = ADM_MAX_PW_LENGTH+1;
-    
-    putchar('\n');
-    if (retval = krb5_read_password(context, 
-                                    DEFAULT_PWD_STRING1,
-                                    DEFAULT_PWD_STRING2,
-                                    password,
-                                    &pwsize)) {
-       fprintf(stderr, "Error while reading new password for %s: %s!\n",
-               username, error_message(retval));
-       (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1);
-       free(password);
-       return(1);
-    }
-    
-    if ((inbuf.data = (char *) calloc(1, strlen(password) + 1)) == (char *) 0) {
-       fprintf(stderr, "No Memory for allocation of buffer!\n");
-       (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1);
-       free(password);
-        return(1);
-    }
-     
-    inbuf.length = strlen(password);
-    (void) memcpy(inbuf.data, password, strlen(password));
-    free(password);
-
-#endif /* MACH_PASS */
-
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-    
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-    
-    /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-               error_message(retval));
-        retval = 1;
-    }
-    
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-    
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(msg_data.data);
-
-    retval = print_status_message(&rd_priv_resp,
-                                 "Database Addition Successful.");
-    
-    return(retval);
-}
diff --git a/src/kadmin/client/kadmin_adr.c b/src/kadmin/client/kadmin_adr.c
deleted file mode 100644 (file)
index 9a4cea7..0000000
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * kadmin/client/kadmin_adr.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_adr
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <sys/param.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_add_user_rnd(context, auth_context, my_creds, 
-                 local_socket, seqno, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    krb5_int32 *seqno;
-    char *principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[755];
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-    
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-    
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = ADROPER;
-    inbuf.data[2] = SENDDATA2;
-
-    if (principal && principal[0] != '\0')
-       strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, "\nName of Principal to be Added: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-       username[strlen(username) -1] = '\0';
-    }
-    
-    
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-    
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-    
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    
-    free(msg_data.data);
-    
-    /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-               error_message(retval));
-        retval = 1;
-    }
-    
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-               error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    retval = print_status_message(&rd_priv_resp,
-                                 "Database Addition Successful.");
-    
-    return(retval);
-}
diff --git a/src/kadmin/client/kadmin_cpr.c b/src/kadmin/client/kadmin_cpr.c
deleted file mode 100644 (file)
index ee0b946..0000000
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * kadmin/client/kadmin_cpr.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_cpr
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <sys/param.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_cpw_user_rnd(context, auth_context, my_creds, 
-                 local_socket, seqno, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    krb5_int32 *seqno;
-    char *principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[755];
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {        fprintf(stderr, "No memory for command!\n");
-        exit(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = CHROPER;
-    inbuf.data[2] = SENDDATA2;
-
-    if (principal && principal[0] != '\0')
-      strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, 
-                   "\nName of Principal Whose Password is to Change: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-       username[strlen(username) -1] = '\0';
-    }
-
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-
-       /* Transmit Principal Name */
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-
-    /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                        error_message(retval));
-        retval = 1;
-    }
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                                      &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-                        error_message(retval));
-        free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    print_status_message(&rd_priv_resp,
-                        "Password Modification Successful.");
-    
-    return(0);
-}
-
-
diff --git a/src/kadmin/client/kadmin_cpw.c b/src/kadmin/client/kadmin_cpw.c
deleted file mode 100644 (file)
index 5705b9f..0000000
+++ /dev/null
@@ -1,246 +0,0 @@
-/*
- * kadmin/client/kadmin_cpw.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_cpw
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <sys/param.h>
-
-#include <k5-int.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_cpw_user(context, auth_context, my_creds, 
-             local_socket, oper_type, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    int oper_type;
-    char *principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[255];
-    char *password;
-    int pwsize;
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {        fprintf(stderr, "No memory for command!\n");
-        exit(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = oper_type;
-    inbuf.data[2] = SENDDATA2;
-
-    if (principal && principal[0] != '\0')
-      strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, 
-                   "\nName of Principal Whose Password is to Change: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-
-       username[strlen(username) -1] = '\0';
-    }
-    
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-
-       /* Transmit Principal Name */
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-       free(msg_data.data);
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Second Reply: %s!\n",
-                       error_message(retval));
-        return(1);
-    }
-
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Read Decoding :%s!\n", 
-                       error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    if (msg_data.data[2] == KADMBAD) {
-       decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-       if (rd_priv_resp.message) {
-           fprintf(stderr, "%s\n\n", rd_priv_resp.message);
-           free(rd_priv_resp.message);
-       } else
-           fprintf(stderr, "Generic error from server.\n\n");
-       memset(msg_data.data, 0, msg_data.length);
-       free(msg_data.data);
-        return(0);
-    }
-
-    if ((oper_type == CHGOPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) ||
-       (oper_type == CH4OPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_NORMAL))
-      fprintf(stderr, "WARNING: Changing Principal Salt type to %s!\n",
-             (msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) ? 
-             "Version 5 Normal" : "Version 4");
-
-#ifdef MACH_PASS /* Machine-generated passwords */
-    pwsize = msg_data.length;
-    if ((password = (char *) calloc (1, pwsize)) == (char *) 0) {
-        fprintf(stderr, "No Memory for allocation of password!\n");
-       memset(msg_data.data, 0, msg_data.length);
-       free(msg_data.data);
-        return(1);
-    }
-
-    memcpy(password, msg_data.data, pwsize);
-    memset(msg_data.data, 0, pwsize);
-    free(msg_data.data);
-    password[pwsize] = '\0';
-    fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password);
-    memset(password, 0, pwsize);
-    free(password);
-    fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n");
-    if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = KADMGOOD;
-    inbuf.length = 2;
-
-#else
-
-    if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) {
-       fprintf(stderr, "No Memory for allocation of password!\n");
-       return(1);
-    }
-    
-    pwsize = ADM_MAX_PW_LENGTH+1;
-    
-    putchar('\n');
-    if ((retval = krb5_read_password(context, 
-                                    DEFAULT_PWD_STRING1,
-                                    DEFAULT_PWD_STRING2,
-                                    password,
-                                    &pwsize))) {
-       fprintf(stderr, "Error while reading new password for %s: %s!\n",
-               username, error_message(retval));
-       (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1);
-       free(password);
-       return(1);
-    }
-    
-    if ((inbuf.data = (char *) calloc (1, strlen(password) + 1)) == 
-       (char *) 0) {
-       fprintf(stderr, "No Memory for allocation of buffer!\n");
-       (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1);
-       free(password);
-       return(1);              /* No Memory */
-    }
-    
-    inbuf.length = strlen(password);
-    (void) memcpy(inbuf.data, password, strlen(password));
-    free(password);
-
-#endif /* MACH_PASS */
-
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                        error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-         /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    }
-    free(msg_data.data);
-
-    /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                        error_message(retval));
-        retval = 1;
-    }
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-                        error_message(retval));
-        free(inbuf.data);
-        return(1);
-    }
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    print_status_message(&rd_priv_resp,
-                        "Password Modification Successful.");
-    
-    return(0);
-}
diff --git a/src/kadmin/client/kadmin_del.c b/src/kadmin/client/kadmin_del.c
deleted file mode 100644 (file)
index 1753f00..0000000
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * kadmin/client/kadmin_del.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_del
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_del_user(context, auth_context, my_creds, local_socket, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    char *principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[755];
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = DELOPER;
-    inbuf.data[2] = SENDDATA2;
-
-    if (principal && principal[0] != '\0')
-       strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, "\nName of Principal to be Deleted: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-       
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-
-       username[strlen(username) -1] = '\0';
-    }
-    
-   (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-        free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-       free(msg_data.data);
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-
-         /* Ok Now let's get the final private message */ 
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                       error_message(retval));
-        return(1);
-    }
-
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Decoding :%s!\n", 
-                       error_message(retval));
-        return(1);
-    }
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    print_status_message(&rd_priv_resp,
-                        "Database Deletion Successful.");
-    
-    return(0);
-}
diff --git a/src/kadmin/client/kadmin_done.c b/src/kadmin/client/kadmin_done.c
deleted file mode 100644 (file)
index 7f3f7bb..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * kadmin/client/kadmin_done.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_done
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-krb5_error_code
-kadm_done(context, auth_context, my_creds, local_socket, seqno)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    krb5_int32 *seqno;
-{
-    krb5_replay_data replaydata;
-    krb5_data msg_data, inbuf;
-    krb5_error_code retval;     /* return code */
-    char buf[16];
-
-    inbuf.data = buf;
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = COMPLETE;
-    inbuf.data[2] = SENDDATA2;
-    inbuf.data[3] = 0xff;
-    (void) memset( inbuf.data + 4, 0, 4);
-    inbuf.length = 16;
-
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-        return(1);
-    }
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)) {
-       free(msg_data.data);
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-    return(0);
-}
diff --git a/src/kadmin/client/kadmin_inq.c b/src/kadmin/client/kadmin_inq.c
deleted file mode 100644 (file)
index 374455b..0000000
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * kadmin/client/kadmin_inq.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_inq
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_inq_user(context, auth_context, my_creds, local_socket, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    int *local_socket;
-    char *principal;
-{
-    krb5_replay_data replaydata;
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[755];
-    int count;
-    krb5_error_code retval;     /* return code */
-    char *my_data;
-
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = INQOPER;
-    inbuf.data[2] = SENDDATA2;
-    
-    if (principal && principal[0] != '\0')
-       strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, "\nName of Principal to be Displayed: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-       
-       username[strlen(username) -1] = '\0';
-    }
-    
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-    if (retval = krb5_mk_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-       return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-
-    /* Ok Now let's get the private message */
-    if ((retval = krb5_read_message(context, local_socket, &inbuf))){
-        fprintf(stderr, "Read Error During Second Reply: %s!\n",
-                       error_message(retval));
-        return(1);
-    }
-
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-        fprintf(stderr, "Error during Second Read Decoding :%s!\n", 
-                       error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    if (!msg_data.data) {
-        fprintf(stderr, "kadm_inq_user: Error - empty message received!\n\n");
-        return(0);
-    }
-       
-    if (msg_data.data[2] == KADMBAD) {
-       decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-       if (rd_priv_resp.message) {
-           fprintf(stderr, "%s\n\n", rd_priv_resp.message);
-           free(rd_priv_resp.message);
-       } else
-           fprintf(stderr, "Generic error from server.\n\n");
-        return(0);
-    }
-
-    my_data = (char *)malloc(msg_data.length + 1);
-    if (!my_data) {
-       fprintf(stderr, "kadmin_inq: Couldn't allocate space for my_data!\n");
-       exit(1);
-    }
-    memcpy(my_data, msg_data.data, msg_data.length);
-    my_data[msg_data.length] = 0;
-
-               /* Print Inquiry Information */
-    fprintf(stdout, "%s\n", my_data);
-    free(my_data);
-    free(msg_data.data);
-
-    if ((inbuf.data = (char *) calloc(1, 3)) == (char *) 0) {
-       fprintf(stderr, "inbuf.data allocation error!\n");
-       return(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = KADMGOOD;
-    inbuf.length = 2;
-    if (retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata)) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                        error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-     
-         /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        free(msg_data.data);
-        return(1);
-    }
-    free(msg_data.data);
-
-                /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                        error_message(retval));
-        retval = 1;
-    }
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata)) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-                        error_message(retval));
-        free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-     
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    print_status_message(&rd_priv_resp,
-                        "Password Inquiry Successful.");
-    
-    return(0);
-}
diff --git a/src/kadmin/client/kadmin_mod.c b/src/kadmin/client/kadmin_mod.c
deleted file mode 100644 (file)
index e7d5654..0000000
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * kadmin/client/kadmin_mod.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_mod
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-void decode_kadmind_reply();
-int print_status_message();
-
-krb5_error_code
-kadm_mod_user(context, auth_context, my_creds, local_socket, principal)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    krb5_creds *my_creds;
-    int *local_socket;
-    char *principal;
-{
-    krb5_data msg_data, inbuf;
-    kadmin_requests rd_priv_resp;
-    char username[755];
-    int count;
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-
-    if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) {        fprintf(stderr, "No memory for command!\n");
-        exit(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = MODOPER;
-    inbuf.data[2] = SENDDATA2;
-
-    if (principal && principal[0] != '\0')
-       strcpy(username, principal);
-    else {
-       count = 0;
-       do {
-           fprintf(stdout, "\nName of Principal to be Modified: ");
-           fgets(username, sizeof(username), stdin);
-           if (username[0] == '\n')
-               fprintf(stderr, "Invalid Principal name!\n");
-           count++;
-       }
-       while (username[0] == '\n' && count < 3);
-
-       if (username[0] == '\n') {
-           fprintf(stderr, "Aborting!!\n\n");
-           return(1);
-       }
-
-       username[strlen(username) -1] = '\0';
-    }
-    
-    (void) memcpy( inbuf.data + 3, username, strlen(username));
-    inbuf.length = strlen(username) + 3;
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-        return(1);
-    } 
-    free(msg_data.data);
-
-    /* Ok Now let's get the private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Second Reply: %s!\n",
-                       error_message(retval));
-        return(1);
-    }
-
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Read Decoding :%s!\n", 
-                       error_message(retval));
-        free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-
-    if (msg_data.data[2] == KADMBAD) {
-       decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-       if (rd_priv_resp.message) {
-           fprintf(stderr, "%s\n\n", rd_priv_resp.message);
-           free(rd_priv_resp.message);
-       } else
-           fprintf(stderr, "Generic error from server.\n\n");
-       free(msg_data.data);
-        return(0);
-    }
-    free(msg_data.data);
-
-    kadm_snd_mod(context, auth_context, my_creds, local_socket);
-
-    if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) {
-        fprintf(stderr, "No memory for command!\n");
-        return(1);
-    }
-
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = KADMGOOD;
-    inbuf.data[2] = SENDDATA3;
-    inbuf.length = 3;
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                        error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-    free(inbuf.data);
-     
-         /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-       free(msg_data.data);
-        return(1);
-    }
-    free(msg_data.data);
-     
-                /* Ok Now let's get the final private message */
-    if (retval = krb5_read_message(context, local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Final Reply: %s!\n",
-                        error_message(retval));
-        retval = 1;
-    }
-
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Final Read Decoding :%s!\n",
-                        error_message(retval));
-       free(inbuf.data);
-        return(1);
-    }
-
-
-    decode_kadmind_reply(msg_data, &rd_priv_resp);
-
-    free(inbuf.data);
-    free(msg_data.data);
-
-    print_status_message(&rd_priv_resp,
-                        "Database Modification Successful.");
-    
-    return(0);
-}
diff --git a/src/kadmin/client/kadmin_msnd.c b/src/kadmin/client/kadmin_msnd.c
deleted file mode 100644 (file)
index 7887e43..0000000
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * kadmin/client/kadmin_msnd.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kadmin_snd_mod
- * Perform Remote Kerberos Administrative Functions
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-#include <string.h>
-#include <com_err.h>
-
-#include <sys/param.h>
-#include <pwd.h>
-
-#include <sys/stat.h>
-
-#include <krb5.h>
-#include "adm_defs.h"
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
-#endif
-
-krb5_error_code
-kadm_snd_mod(context, auth_context, my_creds, local_socket)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    krb5_creds *my_creds;
-    int *local_socket;
-{
-    krb5_replay_data replaydata;
-    krb5_error_code retval;     /* return code */
-    krb5_data msg_data, inbuf;
-    char mod_type[10];
-    char attrib[20];
-    char version[10];
-    int value;
-    int valid_command;
-    int i;
-
-    for ( ; ; ) {
-       valid_command = 0;
-repeat1:
-#ifdef SANDIA
-       fprintf(stdout, "\nParameter Type to be Modified (fcnt, vno, attr, or q): ");
-#else
-       fprintf(stdout, "\nParameter Type to be Modified (vno, attr, or q): ");
-#endif
-                         
-       (void) fgets(mod_type, 10, stdin);
-       mod_type[strlen(mod_type) - 1] = '\0';
-
-       if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) {
-            fprintf(stderr, "No memory for command!\n");
-            exit(1);
-       }
-
-       if (!strcmp(mod_type, "q")) {
-           free(inbuf.data);
-           goto alldone;
-       }
-#ifdef SANDIA
-       if (!strcmp(mod_type, "fcnt")) {
-           valid_command = 1;
-repeat_cnt:
-           fprintf(stdout, "\nFailure Count: ");
-           (void) fgets(version, sizeof(version), stdin);
-           /* Make sure version is null terminated */
-           version[sizeof(version) -1] = '\0';
-           /* Strip linefeed */
-           if (version[strlen(version) - 1] == '\n')
-               version[strlen(version) - 1] = '\0';
-           if (!strcmp(version, "q")) {
-               free(inbuf.data);
-               goto alldone;
-            }
-           value = -1;
-           sscanf(version,"%d",&value);
-           if (value < 0 || value > 10 ) {
-               fprintf(stderr, "Value must be between 0 and 10!\n");
-               goto repeat_cnt;
-           }
-            inbuf.data[3] = KMODFCNT;
-           (void) memcpy(inbuf.data + 4, version, strlen(version));
-           inbuf.length = strlen(version) + 4;
-        }
-#endif
-       if (!strcmp(mod_type, "vno")) {
-           valid_command = 1;
-repeat2:
-           fprintf(stdout, "\nVersion Number: ");
-            (void) fgets(version, sizeof(version), stdin);
-            /* Make sure version is null terminated */
-            version[sizeof(version) -1] = '\0';
-            /* Strip linefeed */
-            if (version[strlen(version) - 1] == '\n')
-                version[strlen(version) - 1] = '\0';
-            if (!strcmp(version, "q")) {
-                free(inbuf.data);
-                goto alldone;
-            }
-            value = -1;
-            sscanf(version,"%d",&value);
-           if (value < 0 || value > 255 ) {
-               fprintf(stderr, "Value must be between 0 and 255!\n");
-               goto repeat2;
-           }
-            inbuf.data[3] = KMODVNO;
-           (void) memcpy(inbuf.data + 4, version, strlen(version));
-           inbuf.length = strlen(version) + 4;
-        }
-
-       if (!strcmp(mod_type, "attr")) {
-            valid_command = 1;
-repeat3:
-           fprintf(stdout, "\nAttribute: ");
-           fgets(attrib, 20, stdin);
-           attrib[strlen(attrib) - 1] = '\0';
-           for (i = 0; attrib[i] != '\0'; i++)
-               if (isupper(attrib[i]))
-                   attrib[i] = tolower(attrib[i]);
-
-            inbuf.data[3] = KMODATTR;
-           inbuf.data[4] = BADATTR;
-            inbuf.length = 5;
-           if (!strcmp(attrib, "post")) inbuf.data[4] = ATTRPOST;
-           if (!strcmp(attrib, "nopost")) inbuf.data[4] = ATTRNOPOST;
-           if (!strcmp(attrib, "forward")) inbuf.data[4] = ATTRFOR;
-           if (!strcmp(attrib, "noforward")) inbuf.data[4] = ATTRNOFOR;
-           if (!strcmp(attrib, "tgt")) inbuf.data[4] = ATTRTGT;
-           if (!strcmp(attrib, "notgt")) inbuf.data[4] = ATTRNOTGT;
-           if (!strcmp(attrib, "ren")) inbuf.data[4] = ATTRREN;
-           if (!strcmp(attrib, "noren")) inbuf.data[4] = ATTRNOREN;
-           if (!strcmp(attrib, "proxy")) inbuf.data[4] = ATTRPROXY;
-           if (!strcmp(attrib, "noproxy")) inbuf.data[4] = ATTRNOPROXY;
-           if (!strcmp(attrib, "dskey")) inbuf.data[4] = ATTRDSKEY;
-           if (!strcmp(attrib, "nodskey")) inbuf.data[4] = ATTRNODSKEY;
-           if (!strcmp(attrib, "lock")) inbuf.data[4] = ATTRLOCK;
-           if (!strcmp(attrib, "unlock")) inbuf.data[4] = ATTRUNLOCK;
-           if (!strcmp(attrib, "svr")) inbuf.data[4] = ATTRSVR;
-           if (!strcmp(attrib, "nosvr")) inbuf.data[4] = ATTRNOSVR;
-
-#ifdef SANDIA
-           if (!strcmp(attrib, "preauth")) inbuf.data[4] = ATTRPRE;
-           if (!strcmp(attrib, "nopreauth")) inbuf.data[4] = ATTRNOPRE;
-           if (!strcmp(attrib, "pwok")) inbuf.data[4] = ATTRPWOK;
-           if (!strcmp(attrib, "pwchange")) inbuf.data[4] = ATTRPWCHG;
-           if (!strcmp(attrib, "sid")) inbuf.data[4] = ATTRSID;
-           if (!strcmp(attrib, "nosid")) inbuf.data[4] = ATTRNOSID;
-#endif
-           if (!strcmp(attrib, "q")){
-               free(inbuf.data);
-               goto alldone;
-            }
-           if (inbuf.data[4] == BADATTR) {
-               fprintf(stderr, "Valid Responses are:\n");
-               fprintf(stderr, "post/nopost - Allow/Disallow postdating\n");
-               fprintf(stderr, "forward/noforward - Allow/Disallow forwarding\n");
-               fprintf(stderr, "tgt/notgt - Allow/Disallow initial tickets\n");
-               fprintf(stderr, "ren/noren - Allow/Disallow renewable tickets\n");
-               fprintf(stderr, 
-                   "proxy/noproxy - Allow/Disallow proxiable tickets\n");
-                   fprintf(stderr, 
-                   "dskey/nodskey - Allow/Disallow Duplicate Session Keys\n");
-               fprintf(stderr, "lock/unlock - Lock/Unlock client\n");
-               fprintf(stderr, 
-                   "svr/nosvr - Allow/Disallow Use of Principal as Server\n");
-#ifdef SANDIA
-               fprintf(stderr, 
-                   "preauth/nopreauth - Require/Do Not Require preauthentication\n");
-               fprintf(stderr, 
-                  "pwok/pwchange - Password is OK/Needs to be changed\n");
-               fprintf(stderr, 
-                   "sid/nosid - Require/Do Not Require Hardware Authentication\n");
-#endif
-               fprintf(stderr, "q - Quit from setting attributes.\n");
-               goto repeat3;
-           }
-       }
-
-       if (!valid_command) {
-           free(inbuf.data);
-           fprintf(stderr, "Invalid command - Try Again\n");
-           goto repeat1;
-       }
-
-       inbuf.data[0] = KADMIN;
-       inbuf.data[1] = MODOPER;
-       inbuf.data[2] = SENDDATA3;
-
-       if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                                  &msg_data, &replaydata))) {
-            fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-           free(inbuf.data);
-            return(1);
-       }
-       free(inbuf.data);
-
-    /* write private message to server */
-       if (krb5_write_message(context, local_socket, &msg_data)) {
-            fprintf(stderr, "Write Error During Second Message Transmission!\n");
-            return(1);
-       } 
-       free(msg_data.data);
-
-    /* Ok Now let's get the private message */
-       if (retval = krb5_read_message(context, local_socket, &inbuf)){
-            fprintf(stderr, "Read Error During Second Reply: %s!\n",
-                        error_message(retval));
-            return(1);
-       }
-
-       if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                                  &msg_data, &replaydata))) {
-            fprintf(stderr, "Error during Second Read Decoding :%s!\n",
-                        error_message(retval));
-            free(inbuf.data);
-            return(1);     
-       }
-       free(inbuf.data);
-    }  /* for */
-
-alldone:
-    if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) {
-       fprintf(stderr, "No memory for command!\n");
-       exit(1);
-    }
-
-    inbuf.data[0] = KADMIN;
-    inbuf.data[1] = KADMGOOD;
-    inbuf.data[2] = SENDDATA3;
-    inbuf.length = 3;
-
-    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-       fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-       free(inbuf.data);
-       return(1);
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, local_socket, &msg_data)) {
-       fprintf(stderr, "Write Error During Second Message Transmission!\n");
-       return(1);
-    } 
-    free(msg_data.data);
-
-    return(0);
-}
diff --git a/src/kadmin/configure.in b/src/kadmin/configure.in
deleted file mode 100644 (file)
index f9ae2bb..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-AC_INIT(configure.in)
-WITH_CCOPTS
-AC_SET_BUILDTOP
-AC_ARG_WITH([krb4],[include Kerberos V4 support],v4server=v4server,v4server=)
-CONFIG_DIRS(client kpasswd server $v4server)
-MAKE_SUBDIRS("making",all)
-MAKE_SUBDIRS("cleaning",clean)
-MAKE_SUBDIRS("installing",install)
-CONFIG_RULES
-WITH_KRB5ROOT
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/kadmin/kpasswd/ChangeLog b/src/kadmin/kpasswd/ChangeLog
deleted file mode 100644 (file)
index 506f7ff..0000000
+++ /dev/null
@@ -1,76 +0,0 @@
-Fri Mar 17 15:36:07 1995  Chris Provenzano (proven@mit.edu)
-
-       * kpasswd.c: Cast malloc() return value to shut compiler up.
-
-Fri Mar 10 11:09:34 1995  Chris Provenzano (proven@mit.edu)
-
-        * kpasswd.c: Use new calling convention for krb5_sendauth(), 
-                krb5_mk_priv(), and krb5_rd_priv().
-
-Thu Mar  2 12:25:29 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
-
-Wed Mar  1 16:29:34 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
-               and -lnsl with WITH_NETLIB check.
-
-Tue Feb 28 02:21:41 1995  John Gilmore  (gnu at toad.com)
-
-       * kpasswd.c:  Avoid <krb5/...> includes.
-
-Tue Feb 14 15:30:55 1995 Chris Provenzano  (proven@mit.edu)
-
-        * kpasswd.c: Call krb5_sendauth(), krb5_get_credentials()
-               with new calling convention.
-
-Fri Feb 10 17:48:05 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * kpasswd.c: Don't include <krb5/asn.1/encode.h>; use <krb5/asn1.h>.
-
-Mon Feb 06 17:19:04 1995 Chris Provenzano  (proven@mit.edu)
-
-        * kpasswd.c Removed krb5_keytype, changed krb5_enctype to 
-               krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
-               for krb5_get_in_tkt_with_password() rotuine.
-
-Wed Jan 25 16:54:40 1995  Chris Provenzano (proven@mit.edu)
-
-        * Removed all narrow types and references to wide.h and narrow.h
-
-Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)
-
-    * Added krb5_context to all krb5_routines
-
-Tue Dec 27 06:09:03 1994  Richard Basch  (probe@tardis)
-
-       * configure.in:
-       combined KRB5_UTPID, KRB5_UTTYPE, and KRB5_UTHOST
-       into CHECK_UTMP macro (and added additional checks)
-
-Fri Nov 18 01:08:39 1994  Mark Eichin  <eichin@cygnus.com>
-
-       * configure.in: use new macros KRB5_UTPID, KRB5_UTTYPE, and
-       KRB5_UTHOST (from epeisach).
-
-Wed Oct 19 12:18:26 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: Look for man page in the source directory.
-
-Fri Sep 30 22:30:21 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * kpasswd.c: Add placeholders for magic numbers
-
-Thu Sep 29 22:40:10 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: relink executable if libraries change
-
-Tue Aug  9 21:42:02 1994  Tom Yu  (tlyu@dragons-lair)
-
-       * networked.c: yet another utent fix
-
-Sat Jul 16 02:51:25 1994  Tom Yu  (tlyu at dragons-lair)
-
-       * kpasswd.c (get_first_ticket): fix error codes
-
diff --git a/src/kadmin/kpasswd/Makefile.in b/src/kadmin/kpasswd/Makefile.in
deleted file mode 100644 (file)
index 12e218a..0000000
+++ /dev/null
@@ -1,34 +0,0 @@
-CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
-LDFLAGS = -g
-
-COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
-SSLIB=$(BUILDTOP)/util/ss/libss.a
-DBMLIB=
-KDBLIB=$(TOPLIBD)/libkdb5.a 
-
-all::
-
-KLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB)
-DEPKLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB)
-
-SRCS = \
-       $(srcdir)/networked.c \
-       $(srcdir)/kpasswd.c
-
-OBJS = \
-       networked.o \
-       kpasswd.o
-
-
-all::  kpasswd
-
-kpasswd: $(KDBDEPLIB) $(OBJS) $(DEPKLIB)
-       $(CC) $(CFLAGS) -o kpasswd $(OBJS) $(KLIB) $(LIBS)
-
-install::
-       $(INSTALL_PROGRAM) kpasswd ${DESTDIR}$(CLIENT_BINDIR)/kpasswd
-       $(INSTALL_DATA) $(srcdir)/kpasswd.M ${DESTDIR}$(CLIENT_MANDIR)/kpasswd.1
-
-clean::
-       $(RM) kpasswd
-
diff --git a/src/kadmin/kpasswd/configure.in b/src/kadmin/kpasswd/configure.in
deleted file mode 100644 (file)
index 54b6bb7..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-AC_INIT(kpasswd.c)
-WITH_CCOPTS
-CONFIG_RULES
-AC_SET_BUILDTOP
-AC_PROG_INSTALL
-WITH_NETLIB
-AC_HAVE_HEADERS(unistd.h)
-CHECK_UTMP
-AC_FUNC_CHECK(getutent,AC_DEFINE(HAVE_GETUTENT))
-ET_RULES
-KRB_INCLUDE
-WITH_KRB5ROOT
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/kadmin/kpasswd/kpasswd.M b/src/kadmin/kpasswd/kpasswd.M
deleted file mode 100644 (file)
index f4e6258..0000000
+++ /dev/null
@@ -1 +0,0 @@
-.\" this should not be empty
diff --git a/src/kadmin/kpasswd/kpasswd.c b/src/kadmin/kpasswd/kpasswd.c
deleted file mode 100644 (file)
index 5b1a182..0000000
+++ /dev/null
@@ -1,824 +0,0 @@
-/*
- * kadmin/kpasswd/kpasswd.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * change your password with kerberos
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- * kpasswd
- * change your password with Version 5 Kerberos
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <signal.h>
-
-#include <sys/param.h>
-#include <pwd.h>
-
-#include <sys/stat.h>
-
-#include "krb5.h"
-#ifdef USE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-#include "com_err.h"
-#include "adm_defs.h"
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
-#endif
-
-static krb5_error_code adm5_init_link
-       PROTOTYPE((krb5_context, 
-                  krb5_data *,
-                  int *));
-
-static krb5_error_code get_first_ticket 
-       PROTOTYPE((krb5_context,
-                  krb5_ccache, 
-                  krb5_principal,
-                  krb5_creds *));
-
-krb5_error_code print_and_choose_password 
-       PROTOTYPE((char *, krb5_data *));
-
-struct sockaddr_in local_sin, remote_sin;
-
-
-extern char *krb5_default_pwd_prompt1;
-
-main(argc,argv)
-  int argc;
-  char *argv[];
-{
-    krb5_context context;
-    krb5_ccache cache = NULL;
-    char cache_name[255];
-    krb5_flags cc_flags;
-
-    krb5_address local_addr, foreign_addr;
-
-    struct passwd *pw;
-
-    krb5_principal client;
-
-    char default_name[256];
-    char *client_name;         /* Single string representation of client id */
-
-    krb5_data requested_realm;
-
-    char input_string[768];
-
-    krb5_error_code retval;    /* return code */
-
-    int local_socket;
-
-    krb5_error *err_ret;
-    krb5_ap_rep_enc_part *rep_ret;
-
-    kadmin_requests rd_priv_resp;
-
-    krb5_data msg_data, inbuf;
-    krb5_int32 seqno;
-
-    krb5_creds my_creds, * new_creds;
-    char *new_password;
-    int new_pwsize;
-
-    krb5_auth_context * new_auth_context;
-    krb5_replay_data replaydata;
-
-#ifdef SANDIA
-    extern int networked();
-    int krb_secure;
-    struct stat statbuf;
-#endif /* SANDIA */
-
-#ifdef SANDIA  /* Allow or Disallow Remote Clients to Modify Passwords */
-/*
- *     If a Client Modifies a Password using kpasswd on this host
- *     from a remote host or network terminal, the Password selected 
- *     is transmitted across the network in Cleartext.
- *
- *     The systems administrator can disallow "remote" kpasswd usage by
- *     creating the file "/etc/krb.secure"
- */
-
-    krb_secure = 0;
-/* 
- *     First check to see if the file /etc/krb.secure exists.
- *     If it does then krb_secure to 1.
- */
-
-    if (stat("/etc/krb.secure", &statbuf) == 0) krb_secure = 1;
-
-/*
- *     Check to see if this process is tied to a physical terminal.
- *     Network() verifies the terminal device is not a pseudo tty
- */
-    if (networked() && krb_secure) {
-        fprintf(stderr,"Sorry but you cannot %s from a\n", argv[0]);
-        fprintf(stderr,"     pseudo tty terminal!\n");
-       retval = 1;
-       goto finish;
-    }
-#endif    
-
-       /* (3 * 255) + 1 (/) + 1 (@) + 1 (NULL) */
-    if ((client_name = (char *) calloc (1, (3 * 256))) == NULL) {
-       fprintf(stderr, "No Memory for Client_name!\n");
-       retval = 1;
-       goto finish;
-    }
-
-    if ((requested_realm.data = (char *) calloc (1, 256)) == NULL) {
-       fprintf(stderr, "No Memory for realm_name!\n");
-       retval = 1;
-       free(client_name);
-       goto finish;
-    }
-
-    krb5_init_context(&context);
-    krb5_init_ets(context);
-    memset((char *) default_name, 0, sizeof(default_name));
-    
-    switch (argc) {
-       case 1:         /* No User Specified */
-
-               /* Identify Default Credentials Cache */
-           if ((retval = krb5_cc_default(context, &cache))) {
-               fprintf(stderr, "Error while getting default ccache!\n");
-               goto finish;
-           }
-
-/*
- *     Attempt to Modify Credentials Cache 
- *             retval == 0 ==> ccache Exists - Use It 
- *             retval == ENOENT ==> No Entries, but ccache Exists 
- *             retval != 0 ==> Assume ccache does NOT Exist 
- */
-           cc_flags = 0;
-           if ((retval = krb5_cc_set_flags(context, cache, cc_flags))) {
-               /* Search passwd file for client */
-               pw = getpwuid((int) getuid());
-               if (pw) {
-                   (void) strcpy(default_name, pw->pw_name);
-               } else {
-                   fprintf(stderr, 
-                       "Unable to Identify Customer from Password File!\n");
-                   retval = 1;
-                   goto finish;
-               }
-
-               /* Use this to get default_realm and format client_name */
-               if ((retval = krb5_parse_name(context,default_name, &client))) {
-                   fprintf(stderr, "Unable to Parse Client Name!\n");
-                   goto finish;
-               }
-
-               if ((retval = krb5_unparse_name(context,client,&client_name))) {
-                   fprintf(stderr, "Unable to Parse Client Name!\n");
-                   goto finish;
-               }
-
-               requested_realm.length = client->realm.length;
-               memcpy((char *) requested_realm.data, 
-                       (char *) client->realm.data,
-                       requested_realm.length);
-           } else {
-                       /* Read Client from Cache */
-               if ((retval = krb5_cc_get_principal(context, cache, 
-                       (krb5_principal *) &client))) {
-                   fprintf(stderr, 
-                           "Unable to Read Customer Credentials File!\n");
-                   goto finish;
-               }
-
-               if ((retval = krb5_unparse_name(context,client,&client_name))) {
-                   fprintf(stderr, "Unable to Parse Client Name!\n");
-                   goto finish;
-               }
-
-               requested_realm.length = client->realm.length;
-               memcpy((char *) requested_realm.data, 
-                       (char *) client->realm.data,
-                       requested_realm.length);
-
-               (void) krb5_cc_close(context, cache);
-           }
-           break;
-
-       case 2:         /* Client Gave us a Token - Use it */
-                       /* Hand Parse Entry */
-           strcpy(input_string, argv[1]);
-
-           if (retval = krb5_parse_name(context, input_string, &client)) {
-               fprintf(stderr, "Error Parsing -u option contents!\n");
-               exit(0);
-           }
-           requested_realm.length = client->realm.length;
-           memcpy((char *) requested_realm.data, 
-                  (char *) client->realm.data,
-                  requested_realm.length);
-
-           break;
-
-       default:
-           usage();
-           break;
-    }
-
-       /* Create credential cache for changepw */
-    (void) sprintf(cache_name, "FILE:/tmp/tkt_cpw_%d", getpid());
-
-    if ((retval = krb5_cc_resolve(context, cache_name, &cache))) {
-       fprintf(stderr, "Unable to Resolve Cache: %s\n", cache_name);
-    }
-    
-    if ((retval = krb5_cc_initialize(context, cache, client))) {
-        fprintf(stderr, "Error initializing cache: %s\n", cache_name);
-        goto finish;
-    }
-/*
- *     Verify User by Obtaining Initial Credentials prior to Initial Link
- */
-
-    if ((retval = get_first_ticket(context, cache, client, &my_creds))) {
-       goto finish;
-    }
-    
-       /* Initiate Link to Server */
-    if ((retval = adm5_init_link(context, &requested_realm, &local_socket))) {
-       goto finish;
-    } 
-
-#ifdef unicos61
-#define SIZEOF_INADDR  SIZEOF_in_addr
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-       /* V4 kpasswd Protocol Hack */
- {
-    int msg_length = 0;
-
-    retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2);
-    if (retval < 0) {
-        fprintf(stderr, "krb5_net_write failure!\n");
-        goto finish;
-    }
-
- }
-
-    local_addr.addrtype = ADDRTYPE_INET;
-    local_addr.length = SIZEOF_INADDR ;
-    local_addr.contents = (krb5_octet *)&local_sin.sin_addr;
-
-    foreign_addr.addrtype = ADDRTYPE_INET;
-    foreign_addr.length = SIZEOF_INADDR ;
-    foreign_addr.contents = (krb5_octet *)&remote_sin.sin_addr;
-
-    krb5_auth_con_init(context, &new_auth_context);
-    krb5_auth_con_setflags(context, new_auth_context,
-                          KRB5_AUTH_CONTEXT_RET_SEQUENCE);
-
-    krb5_auth_con_setaddrs(context, new_auth_context, 
-                          &local_addr, &foreign_addr);
-
-    /* call Kerberos library routine to obtain an authenticator,
-       pass it over the socket to the server, and obtain mutual
-       authentication. */
-
-   inbuf.data = ADM_CPW_VERSION;
-   inbuf.length = strlen(ADM_CPW_VERSION);
-
-   if ((retval = krb5_sendauth(context, &new_auth_context,
-                       (krb5_pointer) &local_socket,
-                       ADM_CPW_VERSION, 
-                       my_creds.client, 
-                       my_creds.server,
-                       AP_OPTS_MUTUAL_REQUIRED,
-                       &inbuf,
-                       NULL,
-                       cache,
-                       &err_ret,
-                       &rep_ret, NULL))) {
-       fprintf(stderr, "Error while performing sendauth: %s!\n",
-                       error_message(retval));
-        goto finish;
-    }
-
-    /* Get credentials : to use for safe and private messages */
-    /* No need to pass my_creds because it's uninizialized. */
-    if (retval = krb5_get_credentials(context,0,cache,&my_creds,&new_creds)){
-       fprintf(stderr, "Error Obtaining Credentials: %s!\n", 
-               error_message(retval));
-       goto finish;
-    }
-
-    /* Read back what the server has to say... */
-     
-    if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-       fprintf(stderr, " Read Message Error: %s!\n",
-          error_message(retval));
-        goto finish;
-    }
-    if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) ||
-       (inbuf.data[1] != KADMSAG)){
-       fprintf(stderr, " Invalid ack from admin server.\n");
-       goto finish;
-    }
-
-    inbuf.length = 2;
-    inbuf.data[0] = KPASSWD;
-    inbuf.data[1] = CHGOPER;
-    if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, 
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during First Message Encoding: %s!\n",
-                       error_message(retval));
-        goto finish;
-    }
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, &local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During First Message Transmission!\n");
-       retval = 1;
-        goto finish;
-    } 
-    free(msg_data.data);
-
-#ifdef MACH_PASS /* Machine-generated Passwords */
-    /* Ok Now let's get the private message */
-    if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During First Reply: %s!\n",
-                       error_message(retval));
-       retval = 1;
-        goto finish;
-    }
-
-    if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during First Read Decoding: %s!\n", 
-                       error_message(retval));
-        goto finish;
-    }
-    free(inbuf.data);
-#endif
-
-    if ((new_password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == NULL) {
-       fprintf(stderr, "Unable to Allocate Space for New Password!\n");
-       goto finish;
-    }
-
-#ifdef MACH_PASS /* Machine-generated passwords */
-       /* Offer Client Password Choices */
-    if ((retval = print_and_choose_password(new_password,
-                        &msg_data))) {
-       (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1);
-       free(new_password);
-        goto finish;
-    }
-#else
-    new_pwsize = ADM_MAX_PW_LENGTH+1;
-    putchar('\n');
-    if ((retval = krb5_read_password(context, 
-                                    "Enter new password: ",
-                                    "Re-enter new password for verification: ",
-                                    new_password,
-                                    &new_pwsize))) {
-       fprintf(stderr, "Error while reading new password for '%s'",
-                                client_name);
-       (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1);
-       free(new_password);
-        goto finish;
-    }
-    if (new_pwsize == 0) {
-       fprintf(stderr, "A null password is not allowed!\n");
-       free(new_password);
-       goto finish;
-    }
-#endif
-
-    inbuf.data = new_password;
-    inbuf.length = strlen(new_password);
-
-    if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, 
-                              &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Message Encoding: %s!\n",
-                       error_message(retval));
-        goto finish;
-    }
-    memset(inbuf.data,0,inbuf.length);
-    free(inbuf.data);
-
-    /* write private message to server */
-    if (krb5_write_message(context, &local_socket, &msg_data)){
-        fprintf(stderr, "Write Error During Second Message Transmission!\n");
-       retval = 1;
-        goto finish;
-    } 
-    free(msg_data.data);
-
-    /* Ok Now let's get the private message */
-    if (retval = krb5_read_message(context, &local_socket, &inbuf)){
-        fprintf(stderr, "Read Error During Second Reply: %s!\n",
-                       error_message(retval));
-       retval = 1;
-        goto finish;
-    }
-
-    if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf,
-                               &msg_data, &replaydata))) {
-        fprintf(stderr, "Error during Second Read Decoding :%s!\n", 
-                       error_message(retval));
-        goto finish;
-    }
-
-    rd_priv_resp.appl_code = msg_data.data[0];
-    rd_priv_resp.oper_code = msg_data.data[1];
-    rd_priv_resp.retn_code = msg_data.data[2];
-    if (msg_data.length > 3 && msg_data.data[3]) {
-       rd_priv_resp.message = (char *)malloc(msg_data.length - 2);
-       if (rd_priv_resp.message) {
-           memcpy(rd_priv_resp.message, msg_data.data + 3,
-                  msg_data.length - 3);
-           rd_priv_resp.message[msg_data.length - 3] = 0;
-       }
-    } else
-       rd_priv_resp.message = NULL;
-
-
-    free(inbuf.data);
-    free(msg_data.data);
-    if (rd_priv_resp.appl_code == KPASSWD) {
-       if (rd_priv_resp.retn_code == KPASSGOOD)
-           printf("\n\nPassword changed.\n\n");
-       else if (rd_priv_resp.retn_code == KPASSBAD) {
-           if (rd_priv_resp.message)
-               fprintf(stderr, "%s\n", rd_priv_resp.message);
-           else
-               fprintf(stderr, "Server returned KPASSBAD.\n");
-       } else
-           fprintf(stderr, "Server returned unknown kerberos code.\n");
-    } else
-       fprintf(stderr, "Server returned bad application code %d\n",
-               rd_priv_resp.appl_code);
-    
-    if (rd_priv_resp.message)
-       free(rd_priv_resp.message);
-
-    finish:
-
-    (void) krb5_cc_destroy(context, cache);
-
-    free(client_name);
-    free(requested_realm.data);
-
-    if (retval) {
-       fprintf(stderr, "\n\nProtocol Failure - Password NOT changed\n\n");
-       exit(1);
-    }
-
-    printf("\n\nPassword changed.\n\n");
-
-    exit(0);
-}
-
-
-
-krb5_data cpwname = {
-        0,
-       sizeof(CPWNAME)-1,
-       CPWNAME
-};
-
-static krb5_error_code
-get_first_ticket(context, cache, client, my_creds)
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_principal client;
-    krb5_creds *my_creds;
-{
-    char prompt[255];                  /* for the password prompt */
-    char pword[ADM_MAX_PW_LENGTH+1];   /* storage for the password */
-    char *old_password;
-    int  old_pwsize;
-    int         i;
-    
-    krb5_address **my_addresses;
-
-    char *client_name;
-    krb5_error_code retval;
-    
-    if ((retval = krb5_unparse_name(context, client, &client_name))) {
-       fprintf(stderr, "Unable to Unparse Client Name\n");
-       return(1);
-    }
-
-    (void) sprintf(prompt,"Old password for %s: ", (char *) client_name);
-
-    if ((retval = krb5_os_localaddr(&my_addresses))) {
-       fprintf(stderr, "Unable to Get Customers Address\n");
-       return(1);
-    }
-
-    memset((char *) my_creds, 0, sizeof(krb5_creds));
-
-    my_creds->client = client;                           
-    if ((retval = krb5_build_principal_ext(context, &my_creds->server,
-                                        client->realm.length, 
-                                       client->realm.data,
-                                        cpwname.length,                /* 6 */ 
-                                       cpwname.data,           /* "kadmin" */
-                                        client->realm.length,  
-                                          /* instance is local realm */
-                                       client->realm.data,
-                                        0))) {
-        fprintf(stderr, "Error %s while building server name\n",
-               error_message(retval));
-        return(1);
-    }
-
-
-    if ((old_password = (char *) calloc (1, 255)) == NULL) {
-       fprintf(stderr, "No Memory for Retrieving old password\n");
-       return(1);
-    }
-
-    old_pwsize = 255;
-    if ((retval = krb5_read_password(context, 
-                                prompt,
-                                0,
-                                old_password,
-                                &old_pwsize))) {
-       fprintf(stderr, "Error while reading password for '%s'",
-                                client_name);
-       return(1);
-    }
-
-    retval = krb5_get_in_tkt_with_password(context, 0,/* options */
-                                       my_addresses, 
-                                       NULL, /* Default encryption list */
-                                        NULL, /* Default preauth list */
-                                       old_password, cache, my_creds, 0);
-       
-    if (retval) {
-       fprintf(stderr, "\nUnable to Get Initial Credentials : %s %d\n",
-               error_message(retval),retval);
-    }
-
-       /* Do NOT Forget to zap password  */
-    memset((char *) old_password, 0, old_pwsize);
-    free(old_password);
-    memset((char *) pword, 0, sizeof(pword));
-    return(retval);
-}
-
-#ifdef MACH_PASS /* Machine-generated Passwords */
-krb5_error_code
-print_and_choose_password(new_password, decodable_pwd_string)
-    char * new_password;
-    krb5_data * decodable_pwd_string;
-{
-krb5_error_code retval;
-   krb5_pwd_data *pwd_data;
-   passwd_phrase_element **next_passwd_phrase_element;
-   char prompt[255];
-   int i, j, k;
-   int legit_pswd = 0; /* Assume No Legitimate Password */
-   char *password_list[ADM_MAX_PW_CHOICES];
-   char verification_passwd[ADM_MAX_PW_LENGTH+1];
-   /* char new_passwd[ADM_MAX_PW_LENGTH]; */
-   char phrase_in[ADM_MAX_PHRASE_LENGTH];
-   int new_passwd_length;
-   char *ptr;
-   int verify = 0;     /* Do Not Request Password Selection Verification */ 
-   int ok = 0;
-
-#define free_local_password_list() \
-{  for ( k = 0; k < i && k < ADM_MAX_PW_CHOICES; k++) { \
-      (void) memset(password_list[k], 0, ADM_MAX_PW_LENGTH); \
-      free(password_list[k]); } \
-}
-
-     /* Decode Password and Phrase Information Obtained from krb5_rd_priv */
-   if ((retval = decode_krb5_pwd_data(decodable_pwd_string , &pwd_data))) { 
-       fprintf(stderr, "Unable to Decode Passwords and Phrases\n");
-        fprintf(stderr, "      Notify your System Administrator or the ");
-       fprintf(stderr, "Kerberos Administrator\n");
-       return(1);
-   }
-
-   next_passwd_phrase_element = pwd_data->element;
-       /* Display List in 5 Password/Phrase Increments up to MAX Iterations */
-   memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH);
-   for ( j = 0; j <= ADM_MAX_PW_ITERATIONS; j++) {
-       if (j == ADM_MAX_PW_ITERATIONS) {
-           fprintf(stderr, "\n\nSorry - You Have Exceeded the List of ");
-           fprintf(stderr, "Choices (%d) Allowed for Password\n",
-                       ADM_MAX_PW_ITERATIONS * ADM_MAX_PW_CHOICES);
-           fprintf(stderr, "   Modification.  You Must Repeat this ");
-           fprintf(stderr, "Operation in order to Successfully\n");
-           fprintf(stderr, "   Change your Password.\n");
-           break;
-       }
-
-       display_print:
-       printf("\n\nChoose a password from the following list:\n");
-
-       printf("\n\nPassword                        Remembrance Aid\n\n\n");
-
-               /* Print Passwords and Assistance Phrases List */
-       for ( i = 0; i < ADM_MAX_PW_CHOICES; i++){
-           if ((password_list[i] = (char *) calloc (1, 
-                       ADM_MAX_PW_LENGTH + 1)) == NULL) {
-               fprintf(stderr, "Unable to Allocate Password List.\n");
-               return(1);
-           }
-
-           memcpy(password_list[i],
-               (*next_passwd_phrase_element)->passwd->data,
-               (*next_passwd_phrase_element)->passwd->length);
-           printf("%s  ", password_list[i]);
-
-           memcpy((char *) phrase_in,
-               (*next_passwd_phrase_element)->phrase->data,
-               (*next_passwd_phrase_element)->phrase->length);
-           for ( k = 0; 
-                 k < 50 && k < (*next_passwd_phrase_element)->phrase->length; 
-                 k++) {
-               printf("%c", phrase_in[k]);
-           }
-           for ( k = k;
-                 k < 70 && k < (*next_passwd_phrase_element)->phrase->length;
-                 k++) {
-               if (phrase_in[k] == ' ') {
-                   printf("\n          ");
-                   k++;
-                   break;
-               } else {
-                   printf("%c", phrase_in[k]);
-               }
-           }
-           for ( k = k;
-                 k < (*next_passwd_phrase_element)->phrase->length;
-                 k++) {
-               printf("%c", phrase_in[k]);
-           }
-           printf("\n\n");
-           memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH);
-           next_passwd_phrase_element++;
-       }
-
-           sprintf(prompt, 
-               "\n\nEnter Password Selection or a <CR> to get new list: ");
-
-           new_passwd_length = ADM_MAX_PW_LENGTH+1;
-       /* Read New Password from Terminal (Do Not Print on Screen) */
-           if ((retval = krb5_read_password(context, &prompt[0], 0, 
-                       new_password, &new_passwd_length))) {
-               fprintf(stderr, 
-                   "\nError Reading Password Input or Input Aborted\n");
-               free_local_password_list();
-               break;;
-           }
-
-       /* Check for <CR> ==> Provide a New List */
-           if (new_passwd_length == 0) continue;
-
-       /* Check that Selection is from List - Server also does this */
-           legit_pswd = 0;
-           for (i = 0; i < ADM_MAX_PW_CHOICES && !legit_pswd; i++)
-               if ((retval = memcmp(new_password, 
-                               password_list[i], 8)) == 0) {
-                   legit_pswd++;
-               }
-           free_local_password_list();
-
-           if (!(legit_pswd)) {
-               printf("\n\07\07Password must be from the specified list ");
-               printf("- Try Again!\n");
-           }
-
-           if (legit_pswd) break;      /* Exit Loop */
-       }               /* ADM_MAX_PW_CHOICES Loop */
-
-   if (!(legit_pswd)) return (1);
-
-   return(0);          /* SUCCESS */
-}
-#endif
-
-static krb5_error_code
-adm5_init_link(context, realm_of_server, local_socket)
-    krb5_context context;
-    krb5_data *realm_of_server;
-    int * local_socket;
-{
-    struct servent *service_process;          /* service we will talk to */
-    struct hostent *remote_host;              /* host we will talk to */
-
-    char **hostlist;
-
-    int host_count;
-    int namelen;
-    int i, count;
-
-    krb5_error_code retval;
-
-    /* clear out the structure first */
-    (void) memset((char *)&remote_sin, 0, sizeof(remote_sin));
-
-    if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) {
-       fprintf(stderr, "Unable to find Service (%s) Check services file\n",
-               CPW_SNAME);
-       return(1);
-    }
-
-               /* Copy the Port Number */
-    remote_sin.sin_port = service_process->s_port;
-
-    hostlist = 0;
-
-               /* Identify all Hosts Associated with this Realm */
-    if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) {
-        fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name\n");
-        return(1);
-    }
-
-    for (i=0; hostlist[i]; i++);
-    count = i;
-
-    if (count == 0) {
-        host_count = 0;
-        fprintf(stderr, "No hosts found\n");
-        return(1);
-    }
-
-    for (i=0; hostlist[i]; i++) {
-        remote_host = gethostbyname(hostlist[i]);
-        if (remote_host != 0) {
-
-               /* set up the address of the foreign socket for connect() */
-           remote_sin.sin_family = remote_host->h_addrtype;
-           (void) memcpy((char *) &remote_sin.sin_addr, 
-                       (char *) remote_host->h_addr,
-                       sizeof(remote_host->h_addr));
-           break;      /* Only Need one */
-       }
-    }
-
-    free ((char *)hostlist);
-
-    /* open a TCP socket */
-    *local_socket = socket(PF_INET, SOCK_STREAM, 0);
-    if (*local_socket < 0) {
-       fprintf(stderr, "Cannot Open Socket\n");
-       return(1);
-    }
-    /* connect to the server */
-    if (connect(*local_socket, &remote_sin, sizeof(remote_sin)) < 0) {
-       fprintf(stderr, "Cannot Connect to Socket\n");
-       close(*local_socket);
-       return(1);
-    }
-
-    /* find out who I am, now that we are connected and therefore bound */
-    namelen = sizeof(local_sin);
-    if (getsockname(*local_socket, 
-               (struct sockaddr *) &local_sin, &namelen) < 0) {
-       fprintf(stderr, "Cannot Perform getsockname\n");
-       close(*local_socket);
-       return(1);
-    }
-       return(0);
-}
-
-usage()
-{
-    fprintf(stderr, "Usage: ");
-    fprintf(stderr, "kpasswd [name]\n");
-    exit(0);
-}
diff --git a/src/kadmin/kpasswd/networked.c b/src/kadmin/kpasswd/networked.c
deleted file mode 100644 (file)
index e70e6f8..0000000
+++ /dev/null
@@ -1,222 +0,0 @@
-/*                     Networked                               */
-/*                                                             */
-/* Written by: Glenn Machin 2931                               */
-/* Originated:  Nov 12, 1990                                   */
-/* Description:                                                        */
-/*                                                             */
-/*     This program/routine exits/returns with a status 1 if   */
-/*     the terminal associated with the current process is     */
-/*     connected from a remote host, otherwise exits/returns   */
-/*     with a value of 0.                                      */
-/*                                                             */
-/*     This program/routine makes some basic assumptions about */
-/*      utmp:                                                  */
-/*             *The login process, rcmd, or window application */
-/*              makes an entry into utmp for all currents      */
-/*              users.                                         */
-/*             *For entries in which the users have logged in  */
-/*              locally. The line name is not a pseudo tty     */
-/*              device.                                        */
-/*             *For X window application in which             */
-/*              the device is a pseudo tty device but the      */
-/*               display is the local system, then the ut_host  */
-/*              has the format system_name:0.0 or :0.0.        */
-/*              All other entries will be assumed to be        */
-/*              networked.                                     */
-/*                                                             */
-/*     Changes:   11/15/90  Check for file /etc/krb.secure.    */
-/*                          If it exists then perform network  */
-/*                          check, otherwise return 0.         */
-/****************************************************************/
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifndef _TYPES_
-#include <sys/types.h>
-#ifndef _TYPES_
-#define _TYPES_
-#endif
-#endif
-#include <utmp.h>
-#include <pwd.h>
-
-#ifndef MAXHOSTNAME
-#define MAXHOSTNAME 64
-#endif
-
-#ifdef NO_UT_PID
-
-static int utfile;
-
-#include <fcntl.h>
-
-static void kadmin_setutent()
-{
-  utfile = open("/etc/utmp",O_RDONLY);
-}
-
-static struct utmp * kadmin_getutline(utmpent)
-struct utmp *utmpent;
-{
- static struct utmp tmputmpent;
- int found = 0;
- while ( read(utfile,&tmputmpent,sizeof(struct utmp)) > 0 ){
-       if ( strcmp(tmputmpent.ut_line,utmpent->ut_line) == 0){
-#ifdef NO_UT_HOST
-               if ( ( 1) &&
-#else
-               if ( (strcmp(tmputmpent.ut_host,"") == 0) && 
-#endif
-                  (strcmp(tmputmpent.ut_name,"") == 0)) continue;
-               found = 1;
-               break;
-       }
- }
- if (found) 
-       return(&tmputmpent);
- return((struct utmp *) 0);
-}
-
-static void kadmin_endutent()
-{
-  close(utfile);
-}
-#else
-#define kadmin_setutent  setutent
-#define kadmin_getutline getutline
-#define kadmin_endutent  endutent
-#endif /* defined(HAVE_GETUTENT) && !defined(NO_UT_PID) */
-
-
-int network_connected()
-{
-struct utmp utmpent;
-struct utmp retutent, *tmpptr;
-char *display_indx;
-char currenthost[MAXHOSTNAME];
-char *username,*tmpname;
-
-
-/* Macro for pseudo_tty */
-#define pseudo_tty(ut) \
-        ((strncmp((ut).ut_line, "tty", 3) == 0 && ((ut).ut_line[3] == 'p' \
-                                                || (ut).ut_line[3] == 'q' \
-                                                || (ut).ut_line[3] == 'r' \
-                                                || (ut).ut_line[3] == 's'))\
-                               || (strncmp((ut).ut_line, "pty", 3) == 0))
-
-    /* Check to see if getlogin returns proper name */
-    if ( (tmpname = (char *) getlogin()) == (char *) 0) return(1);
-    username = (char *) malloc(strlen(tmpname) + 1);
-    if ( username == (char *) 0) return(1);
-    strcpy(username,tmpname);
-    
-    /* Obtain tty device for controlling tty of current process.*/
-    strncpy(utmpent.ut_line,ttyname(0) + strlen("/dev/"),
-           sizeof(utmpent.ut_line));
-
-    /* See if this device is currently listed in /etc/utmp under
-       calling user */
-#ifndef NO_UT_TYPE
-    utmpent.ut_type = USER_PROCESS;
-#define ut_name ut_user
-#endif
-    kadmin_setutent();
-    while ( (tmpptr = (struct utmp *) kadmin_getutline(&utmpent)) 
-            != ( struct utmp *) 0) {
-
-       /* If logged out name and host will be empty */
-       if ((strcmp(tmpptr->ut_name,"") == 0) &&
-#ifdef NO_UT_HOST
-           ( 1)) continue;
-#else
-           (strcmp(tmpptr->ut_host,"") == 0)) continue;
-#endif
-       else break;
-    }
-    if (  tmpptr   == (struct utmp *) 0) {
-       kadmin_endutent();
-       return(1);
-    }
-    memcpy((char *)&retutent,(char *)tmpptr,sizeof(struct utmp));
-    kadmin_endutent();
-#ifdef DEBUG
-#ifdef NO_UT_HOST
-    printf("User %s on line %s :\n",
-               retutent.ut_name,retutent.ut_line);
-#else
-    printf("User %s on line %s connected from host :%s:\n",
-               retutent.ut_name,retutent.ut_line,retutent.ut_host);
-#endif
-#endif
-    if  (strcmp(retutent.ut_name,username) != 0) {
-        return(1);
-    }
-
-
-    /* If this is not a pseudo tty then everything is OK */
-    if (! pseudo_tty(retutent)) return(0);
-
-    /* OK now the work begins there is an entry in utmp and
-       the device is a pseudo tty. */
-
-    /* Check if : is in hostname if so this is xwindow display */
-
-    if (gethostname(currenthost,sizeof(currenthost))) return(1);
-#ifdef NO_UT_HOST
-    display_indx = (char *) 0;
-#else
-    display_indx = (char *) strchr(retutent.ut_host,':');
-#endif
-    if ( display_indx != (char *) 0) {
-        /* 
-           We have X window application here. The host field should have
-          the form => local_system_name:0.0 or :0.0  
-           if the window is being displayed on the local system.
-         */
-#ifdef NO_UT_HOST
-       return(1);
-#else
-        if (strncmp(currenthost,retutent.ut_host,
-                (display_indx - retutent.ut_host)) != 0) return(1);
-        else return(0);
-#endif
-    }
-    
-    /* Host field is empty or is not X window entry. At this point
-       we can't trust that the pseudo tty is not connected to a 
-       networked process so let's return 1.
-     */
-    return(1);
-}
-
-#ifdef NOTKERBEROS
-main(argc,argv)
-int argc;
-char **argv;
-{
-  if (network_connected()){
-#ifdef DEBUG
-        printf("Networked\n");
-#endif
-       exit(1);
-  }
-  else {
-#ifdef DEBUG
-       printf("Not networked\n");
-#endif
-       exit(0);
-  }
-}
-#else
-int networked()
-{
-  return(network_connected());
-}
-#endif
diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
deleted file mode 100644 (file)
index 6ffcb95..0000000
+++ /dev/null
@@ -1,166 +0,0 @@
-Fri Apr 21 13:11:00 1995  Mark Eichin  <eichin@cygnus.com>
-
-       From Ian Taylor <ian@cygnus.com>. Makes kadmind use -r for both
-       the database name and the service name, eliminating an
-       installation hassle.
-       * adm_extern.h: declare realm.
-       * adm_server.c: define realm.
-       (process_args): change db_realm to realm.
-       * adm_network.c (setup_network): use the preset realm, not the
-       default realm.
-
-Thu Apr 20 18:05:00 1995  Mark Eichin  <eichin@cygnus.com>
-
-       Changes from Ian Taylor <ian@cygnus.com> to support testsuite.
-       * adm_extern.h: declare admin_port.
-       * adm_extern.c: define admin_port.
-       * adm_server.c (process_args): set admin_port from -p command line
-       argument.
-       (usage): document -p port option.
-       * adm_network.c (setup_network): use admin_port if set.
-
-Thu Apr 20 11:47:53 1995    <tytso@rsx-11.mit.edu>
-
-       * adm_extern.h: #include adm_defs.h, since that's no longer
-               included by krb5.h
-
-Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
-
-        * adm_process.c, adm_kadmin.c, adm_adm_func.c, adm_kpasswd.c, 
-       * adm_funcs, adm_nego.c adm_extern.c and adm_listen.c
-                Use new calling convention for krb5_recvauth(), krb5_mk_priv(),
-                krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe().
-               (Redid many of the internal functions to accomidate new a
-               uth_context structure and remove old unnecessary structures.)
-
-Fri Mar 24 14:38:06 1995    <tytso@rsx-11.mit.edu>
-
-       * adm_network.c (setup_network): If /etc/services doesn't have the
-               administration port, use a compiled in port.
-
-Thu Mar  2 12:24:50 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
-
-Wed Mar  1 16:29:53 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-       * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
-               and -lnsl with WITH_NETLIB check.
-
-Tue Feb 28 02:23:46 1995  John Gilmore  (gnu at toad.com)
-
-       * *.c:  Avoid <krb5/...> and <com_err.h> includes.
-
-Fri Feb  3 07:50:14 1995  Theodore Y. Ts'o  (tytso@dcl)
-
-       * adm_v4_pwd.c: Don't use BITS64, use SIZEOF_LONG
-
-Wed Feb 01 22:05:35 1995  Chris Provenzano (proven@mit.edu)
-
-       * adm_process.c, adm_extern.h (cpw_keyproc()) Added 
-               krb5_keytype arg.
-
-Wed Jan 25 16:54:40 1995  Chris Provenzano (proven@mit.edu)
-
-        * Removed all narrow types and references to wide.h and narrow.h
-
-Wed Jan 18 10:26:30 1995    <tytso@rsx-11.mit.edu>
-
-       * adm_server.c (process_args): Modify getopt args so that the 'M'
-               option takes an argument.  (krb5 bugs 984)
-
-Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)
-
-    * Added krb5_context to all krb5_routines
-
-Mon Dec 19 18:12:18 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * adm_listen.c (kill_children): Use syslog instead of krb_log.
-
-Tue Nov  1 18:19:36 1994  Mark Eichin  (eichin@cygnus.com)
-
-       * adm_listen.c (kill_children): use sigprocmask if available.
-
-Wed Oct 19 17:40:22 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * adm_server.c (main): Select the cryptosystem to be used using
-               krb5_use_cstype() instead of using a implementation
-               specific assignment.  Also, allow the encryption type to
-               be specified using a command line option.
-
-Tue Oct  4 17:08:25 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * adm_process.c (cpw_keyproc): Add widen.h and narrow.h around
-               declaration so that argument types to keyproc are widened.
-
-Mon Oct  3 19:13:03 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: Use $(srcdir) to find manual page for make install.
-
-Thu Sep 29 22:41:08 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * Makefile.in: relink executable if libraries change
-
-Wed Sep 14 22:33:23 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-       * adm_server (init_db): Save a copy of the master key database
-               entry in the master_entry global variable.
-
-       * adm_process.c (process_client): Removed calls to
-               free(final_msg.data), where final_msg.data was pointing to
-               an automatic variable.
-
-       * adm_process.c (cpw_keyproc): In the case where the
-               keyprocarg->key is set, copy the keyblock instead of
-               passing a pointer down --- more pointer aliasing problems!
-
-       * adm_funcs.c (adm_modify_kdb): Added calls to krb5_copy_principal
-               instead of merely assigning pointers to one another and
-               causing pointer aliasing problems.  Make sure the master
-               key version number is propagated correctly.
-
-Thu Aug  4 03:38:58 1994  Tom Yu  (tlyu@dragons-lair)
-
-       * Makefile.in: whoops install manpage as kadmin.8, not kadmin.1
-
-       * Makefile.in: install kadmind in the right place
-
-Sat Jul 16 09:22:19 1994  Tom Yu  (tlyu at dragons-lair)
-
-       * configure.in: another attempt to make dbm libs dtrt
-
-Fri Jul  1 16:01:02 1994  Mark Eichin  (eichin@cygnus.com)
-
-       * adm_listen.c: if USE_SIGPROCMASK, replace sigblock et al.
-       configure.in: CHECK_SIGPROCMASK.
-
-Wed Jun 29 00:25:29 1994  Tom Yu  (tlyu at dragons-lair)
-
-       * adm_server.c: fixed error table calls to use krb5_init_ets
-
-Fri Jun 24 20:39:37 1994  Theodore Y. Ts'o  (tytso at tsx-11)
-
-       * adm_process.c (cpw_keyproc): return error codes on failure
-
-       * adm_nego.c (adm_negotiate_key): added return on memory
-       allocation error
-
-       * adm_fmt_inq.c (adm_fmt_prt, adm_print_exp_time,
-         adm_print_attributes): Sanitized error return strategies.
-
-       * adm_kadmin.c (adm5_kadmin): Plug memory leaks, fix double
-         free's, fix message in error syslog.
-
-       * adm_process.c (process_client): Plug memory leaks
-
-       * adm_adm_func. (adm_inq_old_key): Plug memory leaks, return error
-         when adm_fmt_prt returns an error
-
-       * adm_adm_func.c (adm_mod_old_key): Plug memory leaks, report error
-         if put_principal returns an error.
-
-       * adm_adm_func.c (adm_change_pwd_rnd): Fix syslog information
-
-       * adm_adm_func.c (adm_build_key): Plug memory leak
-
-
diff --git a/src/kadmin/server/adm_adm_func.c b/src/kadmin/server/adm_adm_func.c
deleted file mode 100644 (file)
index 8fd57b6..0000000
+++ /dev/null
@@ -1,831 +0,0 @@
-/*
- * kadmin/server/adm_adm_func.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- * 
- * Modify the Kerberos Database
- */
-
-
-#include <sys/types.h>
-#include <syslog.h>
-#include "com_err.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include "k5-int.h"
-#include "adm_extern.h"
-
-#ifdef SANDIA
-extern int classification;
-#endif
-
-krb5_error_code
-adm_build_key (context, auth_context, new_passwd, oper_type, entry)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *new_passwd;
-    int oper_type;
-    krb5_db_entry entry;
-{
-    krb5_replay_data replaydata;
-    krb5_data outbuf;
-    int retval;
-#if defined(MACH_PASS) || defined(SANDIA)
-    char *tmp_phrase;
-    char *tmp_passwd;
-    int pwd_length, phrase_length;
-#endif
-
-#if defined(MACH_PASS) || defined(SANDIA)
-    
-    if ((tmp_passwd = (char *) calloc (1, 120)) == (char *) 0) {
-       com_err("adm_build_key", ENOMEM, "for tmp_passwd");
-       return(3);              /* No Memory */
-    }
-    
-    if ((tmp_phrase = (char *) calloc (1, 120)) == (char *) 0) {
-       free(tmp_passwd);
-       com_err("adm_build_key", ENOMEM, "for tmp_phrase");
-       return(3);              /* No Memory */
-    }
-    
-    if (retval = get_pwd_and_phrase("adm_build_key", &tmp_passwd, 
-                                   &tmp_phrase)) {
-       free(tmp_passwd);
-       free(tmp_phrase);
-       return(4);              /* Unable to get Password */
-    }
-    
-    if ((outbuf.data = (char *) calloc (1, strlen(tmp_passwd) + 1)) == 
-       (char *) 0) {
-       com_err("adm_build_key", ENOMEM, "for outbuf.data");
-       free(tmp_passwd);
-       free(tmp_phrase);
-       return(3);              /* No Memory */
-    }
-    
-    outbuf.length = strlen(tmp_passwd);
-    (void) memcpy(outbuf.data, tmp_passwd, strlen(tmp_passwd));
-    
-#else 
-    
-    if ((outbuf.data = (char *) calloc (1, 3)) == 
-       (char *) 0) {
-       com_err("adm_build_key", ENOMEM, "for outbuf.data");
-       return(3);              /* No Memory */
-    }
-
-    outbuf.data[0] = KADMIN;
-    outbuf.data[1] = oper_type;
-    outbuf.data[2] = KADMGOOD;
-    outbuf.length = 3;
-    
-    if (oper_type == CHGOPER || oper_type == CH4OPER) {
-       outbuf.data[3] = entry.salt_type;
-       outbuf.length = 4;
-    }
-    
-#endif
-
-    /* Encrypt Password and Phrase */
-    if (retval = krb5_mk_priv(context, auth_context, &outbuf,
-                             &msg_data, &replaydata)) {
-       com_err("adm_build_key", retval, "during mk_priv");
-#if defined(MACH_PASS) || defined(SANDIA)
-       free(tmp_passwd);
-       free(tmp_phrase);
-#endif
-       free(outbuf.data);
-       return(5);              /* Protocol Failure */
-    }
-    
-#if defined(MACH_PASS) || defined(SANDIA)
-    (void) memcpy(new_passwd, tmp_passwd, strlen(tmp_passwd));
-    new_passwd[strlen(tmp_passwd)] = '\0';
-    
-    free(tmp_phrase);
-    free(tmp_passwd);
-#endif
-    free(outbuf.data);
-    
-    /* Send private message to Client */
-    if (krb5_write_message(context, &client_server_info.client_socket, 
-                          &msg_data)){
-       free(msg_data.data);
-       com_err("adm_build_key", 0, "Error Performing Password Write");
-       return(5);              /* Protocol Failure */
-    }
-    
-    free(msg_data.data);
-    
-    /* Read Client Response */
-    if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-       syslog(LOG_ERR | LOG_INFO, "Error Performing Password Read");
-       return(5);              /* Protocol Failure */
-    }
-    
-    /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-       syslog(LOG_ERR | LOG_INFO, "adm_build_key krb5_rd_priv error");
-       free(inbuf.data);
-       return(5);              /* Protocol Failure */
-    }
-    free(inbuf.data);
-    
-#if !defined(MACH_PASS) && !defined(SANDIA)
-    memcpy(new_passwd, msg_data.data, msg_data.length);
-#endif
-    
-    free(msg_data.data);
-    return(0);
-}
-
-/*     kadmin change password request  */
-krb5_error_code
-adm_change_pwd(context, auth_context, prog, customer_name, salttype)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *prog;
-    char *customer_name;
-    int salttype;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-    
-    krb5_error_code retval;
-    krb5_principal newprinc;
-    char *composite_name;
-    char *new_passwd;
-    int oper_type;
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Password Change Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       syslog(LOG_ERR | LOG_INFO, "parse failure while parsing '%s'", 
-              customer_name);
-       return(5);              /* Protocol Failure */
-    }
-    
-    if (!(adm_princ_exists(context, "adm_change_pwd", newprinc,
-                          &entry, &nprincs))) {
-       com_err("adm_change_pwd", 0, "Principal does not exist!");
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(1);              /* Principal Unknown */
-    }
-    
-    if ((new_passwd = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) {
-       com_err("adm_change_pwd", ENOMEM, "while allocating new_passwd!");
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(3);              /* No Memory */
-    }
-    
-    oper_type = (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? CHGOPER : CH4OPER;
-
-    if (retval = adm_build_key(context, auth_context, new_passwd, 
-                              oper_type, entry)) {
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       free(new_passwd);
-       return(retval);
-    }
-    
-    retval = krb5_unparse_name(context, newprinc, &composite_name);
-
-    entry.salt_type = (krb5_int32) salttype;
-
-    if (retval = adm_enter_pwd_key(context, "adm_change_pwd",              
-                                  composite_name,
-                                  newprinc,
-                                  newprinc,
-                                  1,           /* chg_entry */
-                                  salttype,
-                                  new_passwd,
-                                  &entry)) retval = 8;
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    free(composite_name);
-    
-    (void) memset(new_passwd, 0, strlen(new_passwd));
-    free(new_passwd);
-    return(0);
-}
-
-/* kadmin add new random key function */
-krb5_error_code
-adm_change_pwd_rnd(context, cmdname, customer_name)
-    krb5_context context;
-    char *cmdname;
-    char *customer_name;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-    krb5_error_code retval;
-    krb5_principal newprinc;
-
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Random Password Change Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       com_err("adm_change_pwd_rnd", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-#ifdef SANDIA       
-    if (!(newprinc[2])) {
-       if (retval = check_security(newprinc, classification)) {
-           krb5_free_principal(context, newprinc);
-           syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level",
-                  customer_name);
-           return(6);
-       }
-    }
-#endif
-    if (!(adm_princ_exists(context, "adm_change_pwd_rnd", newprinc,
-                          &entry, &nprincs))) {
-       com_err("adm_change_pwd_rnd", 0, "Principal does not exist!");
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(1);              /* Principal Unknown */
-    }
-    
-    if (retval = adm_enter_rnd_pwd_key(context, "adm_change_pwd_rnd",
-                                      newprinc,
-                                      1, /* change existing entry */
-                                      &entry))
-      retval = 8;
-       
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    return(retval);
-}
-
-/* kadmin add new key function */
-krb5_error_code
-adm_add_new_key(context, auth_context, cmdname, customer_name, salttype)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    char *cmdname;
-    char *customer_name;
-    int salttype;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-    
-    krb5_error_code retval;
-    krb5_principal newprinc;
-    char *new_passwd;
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Addition Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       com_err("adm_add_new_key", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-#ifdef SANDIA       
-    if (!(newprinc[2])) {
-       if (retval = check_security(newprinc, classification)) {
-           krb5_free_principal(context, newprinc);
-           syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level",
-                  customer_name);
-           return(6);
-       }
-    }
-#endif
-    if (adm_princ_exists(context, "adm_add_new_key",newprinc,&entry,&nprincs)) {
-       com_err("adm_add_new_key", 0, 
-               "principal '%s' already exists", customer_name);
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(2);              /* Principal Already Exists */
-    }
-    
-    if ((new_passwd = (char *) calloc (1, 255)) == (char *) 0) {
-       com_err("adm_add_new_key", ENOMEM, "for new_passwd");
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(3);              /* No Memory */
-    }
-    
-    if (retval = adm_build_key(context, auth_context, new_passwd, 
-                              ADDOPER, entry)) {
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       free(new_passwd);
-       return(retval);
-    }
-    
-    if (retval = adm_enter_pwd_key(context, "adm_add_new_key", 
-                                  customer_name,
-                                  newprinc, 
-                                  newprinc,
-                                  0,           /* new_entry */
-                                  salttype,
-                                  new_passwd,
-                                  &entry)) 
-      retval = 8;
-    (void) memset(new_passwd, 0, strlen(new_passwd));
-    free(new_passwd);
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    return(retval);
-}
-
-/* kadmin add new random key function */
-krb5_error_code
-adm_add_new_key_rnd(context, cmdname, customer_name)
-    krb5_context context;
-    char *cmdname;
-    char *customer_name;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-    krb5_error_code retval;
-    krb5_principal newprinc;
-
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Addition Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       com_err("adm_add_new_key_rnd", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-#ifdef SANDIA       
-    if (!(newprinc[2])) {
-       if (retval = check_security(newprinc, classification)) {
-           krb5_free_principal(context, newprinc);
-           syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level",
-                  customer_name);
-           return(6);
-       }
-    }
-#endif
-    if (adm_princ_exists(context, "adm_add_new_key_rnd", newprinc, 
-                        &entry, &nprincs)) {
-       com_err("adm_add_new_key_rnd", 0, 
-               "principal '%s' already exists", customer_name);
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(2);              /* Principal Already Exists */
-    }
-    
-    if (retval = adm_enter_rnd_pwd_key(context, "adm_add_new_key_rnd",
-                                      newprinc,
-                                      0, /* new entry */
-                                      &entry))
-      retval = 8;
-       
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    return(retval);
-}
-
-/* kadmin delete old key function */
-krb5_error_code
-adm_del_old_key(context, cmdname, customer_name)
-    krb5_context context;
-    char *cmdname;
-    char *customer_name;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-    
-    krb5_error_code retval;
-    krb5_principal newprinc;
-    int one = 1;
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Deletion Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       com_err("adm_del_old_key", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-    
-    if (!adm_princ_exists(context, "adm_del_old_key", newprinc,
-                         &entry, &nprincs)) {
-       com_err("adm_del_old_key", 0, "principal '%s' is not in the database", 
-               customer_name);
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(1);
-    }
-    
-    if (retval = krb5_db_delete_principal(context, newprinc, &one)) {
-       com_err("adm_del_old_key", retval, 
-               "while deleting '%s'", customer_name);
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(8);
-    } else if (one != 1) {
-       com_err("adm_del_old_key", 0, 
-               "no principal deleted - unknown error");
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return(8);
-    }
-    
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    return(0);
-}
-
-/* kadmin modify existing Principal function */
-krb5_error_code
-adm_mod_old_key(context, auth_context, cmdname, customer_name)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *cmdname;
-    char *customer_name;
-{
-    krb5_replay_data replaydata;
-    krb5_db_entry entry;
-    int nprincs = 1;
-    extern int errno;
-    
-    krb5_error_code retval;
-    krb5_principal newprinc;
-    
-    krb5_data outbuf;
-    char tempstr[20];
-    
-    int one = 1;
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Modification Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-       com_err("adm_mod_old_key", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-    
-    for ( ; ; ) {
-       
-       if (!adm_princ_exists(context, "adm_mod_old_key", newprinc,
-                             &entry, &nprincs)) {
-           krb5_db_free_principal(context, &entry, nprincs);
-           com_err("adm_mod_old_key", 0, 
-                   "principal '%s' is not in the database", 
-                   customer_name);
-           krb5_free_principal(context, newprinc);
-           return(1);
-       }
-       
-       /* Send Acknowledgement */
-       if ((outbuf.data = (char *) calloc (1, 255)) == (char *) 0) {
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           com_err("adm_mod_old_key", ENOMEM, "for outbuf.data");
-           return(3);          /* No Memory */
-       }
-       
-       outbuf.length = 3;
-       outbuf.data[0] = KADMIND;
-       outbuf.data[1] = MODOPER;
-       outbuf.data[2] = SENDDATA3;
-       
-       if (retval = krb5_mk_priv(context, auth_context, &outbuf,
-                                 &msg_data, &replaydata)) {
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           com_err("adm_mod_old_key", retval, "during mk_priv");
-           free(outbuf.data);
-           return(5);          /* Protocol Failure */
-       }
-       free(outbuf.data);
-       
-       if (krb5_write_message(context, &client_server_info.client_socket, 
-                              &msg_data)){
-           free(msg_data.data);
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           com_err("adm_mod_old_key", 0, 
-                   "Error Performing Modification Write");
-           return(5);          /* Protocol Failure */
-       }
-       free(msg_data.data);
-       
-       /* Read Client Response */
-       if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           com_err("adm_mod_old_key", errno, 
-                   "Error Performing Modification Read");
-            return(5);         /* Protocol Failure */
-       }
-       
-       /* Decrypt Client Response */
-       if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                                 &msg_data, &replaydata)) {
-           com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
-                   error_message(retval));
-           free(inbuf.data);
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           return(5);          /* Protocol Failure */
-       }
-       
-       free(inbuf.data);
-       
-       if (msg_data.data[1] == KADMGOOD) break;
-       
-       /* Decode Message - Modify Database */
-       if (msg_data.data[2] != SENDDATA3) {
-           free(msg_data.data);
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           return(5);          /* Protocol Failure */
-       }
-#ifdef SANDIA
-       if (msg_data.data[3] == KMODFCNT) {
-           (void) memcpy(tempstr, (char *) msg_data.data + 4,
-                         msg_data.length - 4);
-           entry.fail_auth_count = atoi(tempstr);
-       }
-#endif
-       if (msg_data.data[3] == KMODVNO) {
-           (void) memcpy(tempstr, (char *) msg_data.data + 4,
-                         msg_data.length - 4);
-           entry.kvno = atoi(tempstr);
-       }
-       
-       if (msg_data.data[3] == KMODATTR) {
-           if (msg_data.data[4] == ATTRPOST)
-             entry.attributes &= ~KRB5_KDB_DISALLOW_POSTDATED;
-           if (msg_data.data[4] == ATTRNOPOST)
-             entry.attributes |= KRB5_KDB_DISALLOW_POSTDATED;
-           if (msg_data.data[4] == ATTRFOR) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_FORWARDABLE;
-           if (msg_data.data[4] == ATTRNOFOR) 
-             entry.attributes |= KRB5_KDB_DISALLOW_FORWARDABLE;
-           if (msg_data.data[4] == ATTRTGT) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_TGT_BASED;
-           if (msg_data.data[4] == ATTRNOTGT) 
-             entry.attributes |= KRB5_KDB_DISALLOW_TGT_BASED;
-           if (msg_data.data[4] == ATTRREN) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_RENEWABLE;
-           if (msg_data.data[4] == ATTRNOREN) 
-             entry.attributes |= KRB5_KDB_DISALLOW_RENEWABLE;
-           if (msg_data.data[4] == ATTRPROXY) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_PROXIABLE;
-           if (msg_data.data[4] == ATTRNOPROXY) 
-             entry.attributes |= KRB5_KDB_DISALLOW_PROXIABLE;
-           if (msg_data.data[4] == ATTRDSKEY) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_DUP_SKEY;
-           if (msg_data.data[4] == ATTRNODSKEY) 
-             entry.attributes |= KRB5_KDB_DISALLOW_DUP_SKEY;
-           if (msg_data.data[4] == ATTRLOCK) 
-             entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-           if (msg_data.data[4] == ATTRUNLOCK) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
-           if (msg_data.data[4] == ATTRNOSVR) 
-             entry.attributes |= KRB5_KDB_DISALLOW_SVR;
-           if (msg_data.data[4] == ATTRSVR) 
-             entry.attributes &= ~KRB5_KDB_DISALLOW_SVR;
-#ifdef SANDIA
-           if (msg_data.data[4] == ATTRPRE) 
-             entry.attributes &= ~KRB5_KDB_REQUIRES_PRE_AUTH;
-           if (msg_data.data[4] == ATTRNOPRE) 
-             entry.attributes |= KRB5_KDB_REQUIRES_PRE_AUTH;
-           if (msg_data.data[4] == ATTRPWOK) 
-             entry.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-           if (msg_data.data[4] == ATTRPWCHG) 
-             entry.attributes |= KRB5_KDB_REQUIRES_PWCHANGE;
-           if (msg_data.data[4] == ATTRSID) 
-             entry.attributes &= ~KRB5_KDB_REQUIRES_SECUREID;
-           if (msg_data.data[4] == ATTRNOSID) 
-             entry.attributes |= KRB5_KDB_REQUIRES_SECUREID;
-#endif
-        }
-       
-       free(msg_data.data);
-       entry.mod_name = client_server_info.client;
-       if (retval = krb5_timeofday(context, &entry.mod_date)) {
-           com_err("adm_mod_old_key", retval, "while fetching date");
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           return(5);          /* Protocol Failure */
-       }
-       
-       retval = krb5_db_put_principal(context, &entry, &one);
-       if (retval) {
-           com_err("adm_mod_old_key", retval, "while storing principal");
-           krb5_free_principal(context, newprinc);
-           krb5_db_free_principal(context, &entry, nprincs);
-           return(8);          /* Update failed */
-       }
-       one = 1;
-    }  /* for */
-    
-    krb5_db_free_principal(context, &entry, nprincs);
-    krb5_free_principal(context, newprinc);
-    
-    /* Read Client Response */
-    if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-       com_err("adm_mod_old_key", errno, "Error Performing Read");
-       return(5);              /* Protocol Failure */
-    }
-    
-    /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-       com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
-               error_message(retval));
-       free(inbuf.data);
-       return(5);              /* Protocol Failure */
-    }
-    
-    free(msg_data.data);
-    free(inbuf.data);
-    
-    return(0);
-}
-
-/* kadmin inquire existing Principal function */
-krb5_error_code
-adm_inq_old_key(context, auth_context, cmdname, customer_name)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *cmdname;
-    char *customer_name;
-{
-    krb5_replay_data replaydata;
-    krb5_db_entry entry;
-    int nprincs = 1;
-    
-    krb5_data outbuf;
-    krb5_error_code retval;
-    krb5_principal newprinc;
-    char *fullname;
-    
-    syslog(LOG_AUTH | LOG_INFO, 
-          "Remote Administrative Inquiry Request for %s by %s", 
-          customer_name, client_server_info.name_of_client);
-    
-    if (retval = krb5_parse_name(context, customer_name, &newprinc)) {
-        com_err("adm_inq_old_key", retval, "while parsing '%s'", customer_name);
-       return(5);              /* Protocol Failure */
-    }
-    
-    if (retval = krb5_unparse_name(context, newprinc, &fullname)) {
-       krb5_free_principal(context, newprinc);
-       com_err("adm_inq_old_key", retval, "while unparsing");
-        return(5);             /* Protocol Failure */
-    }
-    
-    if (!adm_princ_exists(context, "adm_inq_old_key", newprinc,
-                         &entry, &nprincs)) {
-       krb5_db_free_principal(context, &entry, nprincs);
-       krb5_free_principal(context, newprinc);
-       free(fullname);
-       com_err("adm_inq_old_key", 0, "principal '%s' is not in the database", 
-               customer_name);
-       return(1);
-    }
-    
-    if ((outbuf.data = (char *) calloc (1, 2048)) == (char *) 0) {
-       krb5_db_free_principal(context, &entry, nprincs);
-       krb5_free_principal(context, newprinc);
-       free(fullname);
-       com_err("adm_inq_old_key", ENOMEM, "for outbuf.data");
-       return(3);              /* No Memory */
-    }
-    
-    /* Format Inquiry Data */
-    if ((retval = adm_fmt_prt(context, &entry, fullname, outbuf.data))) {
-       krb5_db_free_principal(context, &entry, nprincs);
-       krb5_free_principal(context, newprinc);
-       free(fullname);
-       com_err("adm_inq_old_key", 0, "Unable to Format Inquiry Data");
-       return(5);              /* XXX protocol failure --- not right, but.. */
-    }
-    outbuf.length = strlen(outbuf.data);
-    krb5_db_free_principal(context, &entry, nprincs);
-    krb5_free_principal(context, newprinc);
-    free(fullname);
-    
-    /* Encrypt Inquiry Data */
-    if (retval = krb5_mk_priv(context, auth_context, &outbuf,
-                             &msg_data, &replaydata)) {
-       com_err("adm_inq_old_key", retval, "during mk_priv");
-       free(outbuf.data);
-       return(5);              /* Protocol Failure */
-    }
-    free(outbuf.data);
-    
-    /* Send Inquiry Information */
-    if (krb5_write_message(context, &client_server_info.client_socket, 
-                          &msg_data)){
-       free(msg_data.data);
-       com_err("adm_inq_old_key", 0, "Error Performing Write");
-       return(5);              /* Protocol Failure */
-    }
-    
-    free(msg_data.data);
-    
-    /* Read Client Response */
-    if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-       com_err("adm_inq_old_key", errno, "Error Performing Read");
-       syslog(LOG_ERR, "adm_inq sock %d", client_server_info.client_socket);
-       return(5);              /* Protocol Failure */
-    }
-    
-    /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
-                             &msg_data, &replaydata)) {
-       com_err("adm_inq_old_key", retval, "krb5_rd_priv error %s",
-               error_message(retval));
-       free(inbuf.data);
-       return(5);              /* Protocol Failure */
-    }
-    
-    /* XXX Decrypt client response.... and we don't use it?!? */
-    
-    free(msg_data.data);
-    free(inbuf.data);
-    return(retval);
-}
-
-#ifdef SANDIA
-krb5_error_code
-  check_security(princ, class)
-krb5_principal princ;
-int class;
-{
-    char *input_name;
-    
-    if ((input_name = (char *) calloc (1, 255)) == 0) {
-       com_err("check_security", 
-               ENOMEM, "while allocating memory for class check");
-       return(3);
-    }
-    
-    memcpy((char *) input_name, princ->data[0].data, princ->data[0].length);
-    
-    if (class) {
-       /* Must be Classified Principal */
-       if (strlen(input_name) == 8) {
-           if (!(strcmp(&input_name[7], "s") == 0) &&
-               !(strcmp(&input_name[7], "c") == 0)) {
-               free(input_name);
-               return(6);
-           }
-       }  else {
-           if (!((strncmp(&input_name[strlen(input_name) - 2], 
-                          "_s", 2) == 0) ||
-                 (strncmp(&input_name[strlen(input_name) - 2], "_c", 2) == 0))) {
-               free(input_name);
-               return(6);
-           }
-       }
-    } else {
-       /* Must be Unclassified Principal */
-       if ((strlen(input_name) >= 8) ||
-           ((strncmp(&input_name[strlen(input_name) - 2], "_s", 2) == 0) ||
-            (strncmp(&input_name[strlen(input_name) - 2], "_c", 2) == 0))) {
-           free(input_name);
-           return(6);
-       }
-    }
-    
-    free(input_name);
-    return(0);
-}
-#endif
diff --git a/src/kadmin/server/adm_check.c b/src/kadmin/server/adm_check.c
deleted file mode 100644 (file)
index 67cd24b..0000000
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * kadmin/server/adm_check.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- * 
- */
-
-
-#include <sys/types.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <syslog.h>
-#include "com_err.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include "k5-int.h"
-#include "adm_err.h"
-#include "adm_extern.h"
-
-krb5_error_code
-adm_check_acl(name_of_client, acl_type)
-    char *name_of_client;
-    char *acl_type;
-{
-    FILE *acl_file;
-    char input_string[255];
-    char admin_name[255];
-#define num_of_privs   5
-    char priv[num_of_privs];
-    extern char *acl_file_name;
-    char *lcl_acl_file;
-    int i, j;
-
-    if ((lcl_acl_file = (char *) calloc(1, 80)) == (char *) 0) {
-       com_err("adm_check_acl", ENOMEM, "allocating acl file name");
-       return(KADM_ENOMEM);            /* No Memory */
-    }
-
-    (void) sprintf(lcl_acl_file, "%s", acl_file_name);
-
-    if ((acl_file = fopen(lcl_acl_file, "r")) == NULL) {
-       syslog(LOG_ERR, "Cannot open acl file (%s)", acl_file_name);
-       free(lcl_acl_file);
-       return(KADM_EPERM);
-    }
-
-    for ( ;; ) {
-
-       if ((fgets(input_string, sizeof(input_string), acl_file)) == NULL) {
-           syslog(LOG_ERR, "Administrator (%s) not in ACL file (%s)",
-               name_of_client, lcl_acl_file);
-           break;              /* Not Found */
-       }
-
-       if (input_string[0] == '#') continue;
-
-       i = 0;
-       while (!isspace(input_string[i]) && i < strlen(input_string)) {
-           admin_name[i] = input_string[i];
-           i++;
-       }
-
-       while (isspace(input_string[i]) && i < strlen(input_string)) {
-           i++;
-       }
-
-       priv[0] = priv[1] = priv[2] = priv[3] = priv[4] = '\0';
-
-       j = 0;
-       while ((i < strlen(input_string)) && (j < num_of_privs) &&
-               (!isspace(input_string[i]))) {
-           priv[j] = input_string[i];
-           i++; j++;
-       }
-
-       if (priv[0] == '*') {
-           priv[0] = 'a';              /* Add Priv */
-           priv[1] = 'c';              /* Changepw Priv */
-           priv[2] = 'd';              /* Delete Priv */
-           priv[3] = 'i';              /* Inquire Priv */
-           priv[4] = 'm';              /* Modify Priv */
-       }
-
-       if (!strncmp(admin_name, name_of_client, 
-               strlen(name_of_client))) {
-           switch(acl_type[0]) {
-               case 'a':
-               case 'c':
-               case 'd':
-               case 'i':
-               case 'm':
-                   for (i = 0; i < num_of_privs; i++) {
-                       if (priv[i] == acl_type[0]) {
-                           fclose(acl_file);
-                           free(lcl_acl_file);
-                           return(0);          /* Found */                     
-                       }
-                   }
-                   break;
-
-               default:
-                   break;
-           }
-       }
-    }
-
-    fclose(acl_file);
-    free(lcl_acl_file);
-    return(KADM_EPERM);
-}
diff --git a/src/kadmin/server/adm_extern.c b/src/kadmin/server/adm_extern.c
deleted file mode 100644 (file)
index 24b2b39..0000000
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * kadmin/server/adm_extern.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- *
- * allocations of adm_extern stuff
- */
-
-#include "k5-int.h"
-
-/* real declarations of KDC's externs */
-krb5_encrypt_block master_encblock;
-krb5_keyblock master_keyblock;
-krb5_principal master_princ;
-
-volatile int signal_requests_exit = 0; /* gets set when signal hits */
-
-char *dbm_db_name = DEFAULT_KDB_FILE;
-char *realm = NULL;
-
-krb5_keyblock tgs_key;
-krb5_kvno tgs_kvno;
-
-krb5_data inbuf;
-krb5_data msg_data;
-
-int send_seqno;
-
-/*
-static krb5_data tgs_name = {KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME};
-krb5_data *tgs_server[4] = {0, &tgs_name, 0, 0};
-*/
-
-krb5_principal tgs_server;
-
-short admin_port = 0;
diff --git a/src/kadmin/server/adm_extern.h b/src/kadmin/server/adm_extern.h
deleted file mode 100644 (file)
index 0176896..0000000
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * kadmin/server/adm_extern.h
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- *
- * <<< Description >>>
- */
-
-#ifndef __ADM_EXTERN__
-#define __ADM_EXTERN__
-
-#include "adm_defs.h"
-
-typedef struct {
-       /* Client Info */
-  struct sockaddr_in client_name;
-  krb5_address client_addr;
-  krb5_principal client;
-  char *name_of_client;
-       /* Server Info */
-  struct sockaddr_in server_name;
-  krb5_address server_addr;
-  krb5_principal server;
-  char *name_of_service;
-       /* Miscellaneous */
-  int server_socket;
-  int client_socket;
-} global_client_server_info;
-/* various externs for KDC */
-extern krb5_encrypt_block master_encblock;
-extern krb5_keyblock master_keyblock;
-extern krb5_principal master_princ;
-extern krb5_db_entry master_entry;
-
-extern volatile int signal_requests_exit;
-extern char *dbm_db_name;
-extern char *realm;
-
-extern krb5_keyblock tgs_key;
-extern krb5_kvno tgs_kvno;
-extern krb5_principal tgs_server;
-
-extern global_client_server_info client_server_info;
-extern char *adm5_tcp_portname;
-extern int adm5_tcp_port_fd;
-
-extern unsigned pidarraysize;
-extern int *pidarray;
-
-extern char *adm5_ver_str;
-extern int adm5_ver_len;
-
-extern int adm_debug_flag;
-
-extern int send_seqno;
-
-extern int exit_now;
-
-extern short admin_port;
-
-extern krb5_data inbuf;
-extern krb5_data msg_data;
-
-extern char *oper_type[];
-extern char *ksrvutil_message[];
-extern char *kadmind_general_response[];
-extern char *kadmind_kpasswd_response[];
-extern char *kadmind_ksrvutil_response[];
-extern char *kadmind_kadmin_response[];
-
-/* PROTOTYPES */
-
-krb5_error_code adm_build_key
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  int,
-                  krb5_db_entry));
-
-krb5_error_code adm_change_pwd
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  char *,
-                  int));
-
-krb5_error_code adm_change_pwd_rnd
-       PROTOTYPE((krb5_context,
-                  char *,
-                  char *));
-
-krb5_error_code adm_add_new_key
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  char *,
-                  int));
-
-krb5_error_code adm_add_new_key_rnd
-       PROTOTYPE((krb5_context, 
-                  char *,
-                  char *));
-
-krb5_error_code adm_del_old_key
-       PROTOTYPE((krb5_context,
-                  char *,
-                  char *));
-
-krb5_error_code adm_mod_old_key
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  char *));
-
-krb5_error_code adm_inq_old_key
-       PROTOTYPE((krb5_context, 
-                  krb5_auth_context *,
-                  char *,
-                  char *));
-
-krb5_error_code adm_print_exp_time
-       PROTOTYPE((krb5_context, 
-                  char *,
-                  krb5_timestamp));
-
-krb5_kvno adm_princ_exists
-       PROTOTYPE((krb5_context, 
-                  char *,
-                  krb5_principal,
-                  krb5_db_entry *,
-                  int *));
-
-krb5_error_code adm_enter_rnd_pwd_key
-       PROTOTYPE((krb5_context,
-                  char *,
-                  krb5_principal,
-                  int,
-                  krb5_db_entry *));
-
-krb5_error_code adm5_kadmin
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,  
-                  char *,
-                  int *));
-
-krb5_error_code adm_negotiate_key
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char const *,
-                  char *));
-
-krb5_error_code setup_network
-       PROTOTYPE((krb5_context,
-                  const char *));
-
-krb5_error_code process_client
-       PROTOTYPE((krb5_context, 
-                  char *));
-
-krb5_error_code cleanexit
-       PROTOTYPE((krb5_context,
-                  int));
-
-krb5_error_code closedown_db
-       PROTOTYPE((krb5_context));
-
-krb5_error_code process_args
-       PROTOTYPE((krb5_context, 
-                  int,
-                  char **));
-
-krb5_error_code init_db
-       PROTOTYPE((krb5_context,
-                  char *,
-                  krb5_principal,
-                  krb5_keyblock *));
-
-void setup_com_err
-       PROTOTYPE((krb5_context));
-
-krb5_error_code princ_exists
-       PROTOTYPE((krb5_context, 
-                  krb5_principal, 
-                  krb5_db_entry *));
-
-krb5_error_code adm_enter_pwd_key
-       PROTOTYPE((krb5_context,
-                  char * ,
-                  char * ,
-                  krb5_const_principal ,
-                  krb5_const_principal ,
-                  int ,
-                  int ,
-                  char * ,
-                  krb5_db_entry * ));
-
-krb5_error_code adm5_change
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  krb5_principal));
-
-int adm5_listen_and_process
-       PROTOTYPE((krb5_context,
-                  const char *));
-
-krb5_error_code adm5_kpasswd
-       PROTOTYPE((krb5_context,
-                  krb5_auth_context *,
-                  char *,
-                  kadmin_requests *,
-                  char *,
-                  int *));
-
-#endif /* __ADM_EXTERN__ */
diff --git a/src/kadmin/server/adm_fmt_inq.c b/src/kadmin/server/adm_fmt_inq.c
deleted file mode 100644 (file)
index 40c79a1..0000000
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * kadmin/server/adm_fmt_inq.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- *
- *     Administrative Display Routine
- */
-
-#include "k5-int.h"
-#include <stdio.h>
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#include <time.h>
-#endif
-
-#define REALM_SEP      '@'
-#define REALM_SEP_STR  "@"
-
-krb5_error_code
-adm_print_attributes(ret_data, attribs)
-char *ret_data;
-krb5_flags attribs;
-{
-    char *my_data;
-
-    if ((my_data = (char *) calloc (1,255)) == (char *) 0)
-       return ENOMEM;
-
-    sprintf(my_data, "Principal Attributes (PA): ");
-    if (attribs & KRB5_KDB_DISALLOW_POSTDATED)
-        strcat(my_data, "NOPOST ");
-    else
-        strcat(my_data, "POST ");
-    if (attribs & KRB5_KDB_DISALLOW_FORWARDABLE)
-        strcat(my_data, "NOFOR ");
-    else
-        strcat(my_data, "FOR ");
-    if (attribs & KRB5_KDB_DISALLOW_TGT_BASED)
-        strcat(my_data, "NOTGT ");
-    else
-        strcat(my_data, "TGT ");
-    if (attribs & KRB5_KDB_DISALLOW_RENEWABLE)
-        strcat(my_data, "NOREN ");
-    else
-        strcat(my_data, "REN ");
-    if (attribs & KRB5_KDB_DISALLOW_PROXIABLE)
-        strcat(my_data, "NOPROXY\n");
-    else
-        strcat(my_data, "PROXY\n");
-    strcat(my_data, "                           ");
-    if (attribs & KRB5_KDB_DISALLOW_DUP_SKEY)
-        strcat(my_data, "NODUPSKEY ");
-    else
-        strcat(my_data, "DUPSKEY ");
-    if (attribs & KRB5_KDB_DISALLOW_ALL_TIX)
-        strcat(my_data, "LOCKED ");
-    else
-        strcat(my_data, "UNLOCKED ");
-    if (attribs & KRB5_KDB_DISALLOW_SVR)
-        strcat(my_data, "NOSVR\n");
-    else
-        strcat(my_data, "SVR\n");
-    
-#ifdef SANDIA
-    strcat(my_data, "                           ");
-    if (attribs & KRB5_KDB_REQUIRES_PRE_AUTH)
-        strcat(my_data, "PREAUTH ");
-    else
-        strcat(my_data, "NOPREAUTH ");
-    if (attribs & KRB5_KDB_REQUIRES_PWCHANGE)
-        strcat(my_data, "PWCHG ");
-    else
-        strcat(my_data, "PWOK ");
-    if (attribs & KRB5_KDB_REQUIRES_HW_AUTH)
-        strcat(my_data, "SID\n");
-    else
-        strcat(my_data, "NOSID\n");
-#endif
-    (void) strcat(ret_data, my_data);
-    free(my_data);
-    return(0);
-}
-
-krb5_error_code
-adm_print_exp_time(context, ret_data, time_input)
-    krb5_context context;
-    char *ret_data;
-    krb5_timestamp *time_input;
-{
-    char *my_data;
-    struct tm *exp_time;
-
-    if ((my_data = (char *) calloc (1,255)) == (char *) 0)
-       return ENOMEM;
-
-    exp_time = localtime((time_t *) time_input);
-    sprintf(my_data, 
-       "Principal Expiration Date (PED): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
-       (exp_time->tm_year >= 100) ? 20 : 19,
-       (exp_time->tm_year >= 100) ? exp_time->tm_year - 100 : exp_time->tm_year,
-       exp_time->tm_mon + 1,
-       exp_time->tm_mday,
-       exp_time->tm_hour,
-       exp_time->tm_min,
-       exp_time->tm_sec);
-    (void) strcat(ret_data, my_data);
-    free(my_data);
-    return(0);
-}
-
-krb5_error_code
-adm_fmt_prt(context, entry, Principal_name, ret_data)
-    krb5_context context;
-    krb5_db_entry *entry;
-    char *Principal_name;
-    char *ret_data;
-{
-    struct tm *mod_time;
-    krb5_error_code retval;
-#ifdef SANDIA
-    struct tm *exp_time;
-    int pwd_expire;
-    krb5_timestamp now;
-#endif
-
-    char *my_data;
-    char thisline[80];
-
-    if ((my_data = (char *) calloc (1, 2048)) == (char *) 0)
-       return ENOMEM;
-
-    (void) sprintf(my_data, "\n\nPrincipal: %s\n\n", Principal_name);
-    sprintf(thisline,
-       "Maximum Ticket Lifetime (MTL) = %d (seconds)\n", entry->max_life);
-    strcat(my_data, thisline);
-    sprintf(thisline, "Maximum Renewal Lifetime (MRL) = %d (seconds)\n", 
-                       entry->max_renewable_life);
-    strcat(my_data, thisline);
-    sprintf(thisline, "Principal Key Version (PKV) = %d\n", entry->kvno);
-    strcat(my_data, thisline);
-    if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) {
-       free(my_data);
-       return retval;
-    }
-    mod_time = localtime((time_t *) &entry->mod_date);
-    sprintf(thisline, 
-       "Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
-           (mod_time->tm_year >= 100) ? 20 : 19,
-           (mod_time->tm_year >= 100) ? mod_time->tm_year - 100 : mod_time->tm_year,
-           mod_time->tm_mon + 1,
-           mod_time->tm_mday,
-           mod_time->tm_hour,
-           mod_time->tm_min,
-           mod_time->tm_sec);
-    strcat(my_data, thisline);
-    if (retval = adm_print_attributes(my_data, entry->attributes)) {
-       free(my_data);
-       return retval;
-    }
-    switch (entry->salt_type & 0xff) {
-           case 0 : strcat(my_data,
-                       "Principal Salt Type (PST) = Version 5 Normal\n");
-                   break;
-           case 1 : strcat(my_data, "Principal Salt Type (PST) = Version 4\n");
-                   break;
-           case 2 : strcat(my_data, "Principal Salt Type (PST) = NOREALM\n");
-                   break;
-           case 3 : strcat(my_data, "Principal Salt Type (PST) = ONLYREALM\n");
-                   break;
-           case 4 : strcat(my_data, "Principal Salt Type (PST) = Special\n");
-                   break;
-           } 
-#ifdef SANDIA
-    sprintf(thisline,
-       "Invalid Authentication Count (FCNT) = %d\n", entry->fail_auth_count);
-    strcat(my_data, thisline);
-    retval = krb5_timeofday(context, &now);
-    pwd_expire = (now - entry->last_pwd_change) / 86400;
-    sprintf(thisline, "Password Age is %d Days\n", pwd_expire);
-    strcat(my_data, thisline);
-#endif
-    (void) strcat(ret_data, my_data);
-    free(my_data);
-    return(0);
-}
diff --git a/src/kadmin/server/adm_funcs.c b/src/kadmin/server/adm_funcs.c
deleted file mode 100644 (file)
index 7d61c7e..0000000
+++ /dev/null
@@ -1,574 +0,0 @@
-/*
- * kadmin/server/adm_funcs.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- * 
- * Modify the Kerberos Database
- */
-
-#include "com_err.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include "k5-int.h"
-#include "adm_err.h"
-#include "adm_extern.h"
-
-struct saltblock {
-    int salttype;
-    krb5_data saltdata;
-};
-
-extern krb5_encrypt_block master_encblock;
-extern krb5_keyblock master_keyblock;
-
-typedef unsigned char des_cblock[8];
-
-krb5_error_code adm_get_rnd_key PROTOTYPE((char *,
-                       krb5_ticket *,
-                       krb5_authenticator *,
-                       krb5_principal,
-                       int,
-                       krb5_db_entry *));
-
-static krb5_error_code adm_modify_kdb 
-       PROTOTYPE((krb5_context,
-                  char const *, 
-                  char const *, 
-                  krb5_const_principal,
-                  const krb5_keyblock *,  
-                  const krb5_keyblock *,
-                  int, 
-                  struct saltblock *,
-                  struct saltblock *,
-                  krb5_db_entry *));
-
-
-krb5_kvno
-adm_princ_exists(context, cmdname, principal, entry, nprincs)
-    krb5_context context;
-    char *cmdname;
-    krb5_principal principal;
-    krb5_db_entry *entry;
-    int *nprincs;
-{
-    krb5_boolean more;
-    krb5_error_code retval;
-
-    if (retval = krb5_db_get_principal(context, principal, entry, 
-                                      nprincs, &more)) {
-       com_err("adm_princ_exists", retval, 
-               "while attempting to verify principal's existence");
-       return(0);
-    }
-
-    if (! *nprincs) return(0);
-
-    return(*nprincs);
-}
-
-static krb5_error_code
-adm_modify_kdb(context, cmdname, newprinc, principal, key, alt_key, req_type,
-               salt, altsalt, entry)
-    krb5_context context;
-    char const * cmdname;
-    char const * newprinc;
-    krb5_const_principal principal;
-    const krb5_keyblock * key;
-    const krb5_keyblock * alt_key;
-    int req_type;
-    struct saltblock * salt;
-    struct saltblock * altsalt;
-    krb5_db_entry * entry;
-{
-    krb5_error_code retval;
-    int one = 1;
-
-    krb5_kvno KDB5_VERSION_NUM = 1;
-    extern krb5_flags NEW_ATTRIBUTES;
-
-    if (!req_type) { /* New entry - initialize */
-       memset((char *) entry, 0, sizeof(krb5_db_entry));
-       retval = krb5_copy_principal(context, principal, &entry->principal);
-       if (retval)
-               return retval;
-        entry->kvno = KDB5_VERSION_NUM;
-        entry->max_life = master_entry.max_life;
-        entry->max_renewable_life = master_entry.max_renewable_life;
-        entry->mkvno = master_entry.mkvno;
-        entry->expiration = master_entry.expiration;
-       retval = krb5_copy_principal(context, master_princ, &entry->mod_name);
-       if (retval) {
-           krb5_free_principal(context, entry->principal);
-           entry->principal = 0;
-           return retval;
-       }
-    } else { /* Modify existing entry */
-       entry->kvno++;
-#ifdef SANDIA
-       entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-#endif
-       retval = krb5_copy_principal(context, principal, &entry->mod_name);
-       if (retval)
-               return retval;
-    }
-
-    if (key && key->length) {
-       retval = krb5_kdb_encrypt_key(context, &master_encblock,
-                                     key,
-                                     &entry->key);
-       if (retval) {
-           com_err("adm_modify_kdb", retval, 
-                   "while encrypting key for '%s'", newprinc);
-           return(KADM_NO_ENCRYPT);
-       }
-    }
-
-    if (alt_key && alt_key->length) {
-       retval = krb5_kdb_encrypt_key(context, &master_encblock,
-                                     alt_key,
-                                     &entry->alt_key);
-       if (retval) {
-           if (entry->key.contents) {
-               memset((char *) entry->key.contents, 0, entry->key.length);
-               krb5_xfree(entry->key.contents);
-               entry->key.contents = 0;
-           }
-           com_err("adm_modify_kdb", retval, 
-                   "while encrypting alt_key for '%s'", newprinc);
-           return(KADM_NO_ENCRYPT);
-       }
-    }
-
-    if (retval = krb5_timeofday(context, &entry->mod_date)) {
-       com_err("adm_modify_kdb", retval, "while fetching date");
-       if (entry->key.contents) {
-           memset((char *) entry->key.contents, 0, entry->key.length);
-           krb5_xfree(entry->key.contents);
-           entry->key.contents = 0;
-       }
-       if (entry->alt_key.contents) {
-           krb5_xfree(entry->alt_key.contents);
-           memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
-           entry->alt_key.contents = 0;
-       }
-       return(KRB_ERR_GENERIC);
-    }
-
-    if (!req_type) {
-        if (salt->salttype == KRB5_KDB_SALTTYPE_V4) {
-            entry->attributes = (KRB5_KDB_DISALLOW_DUP_SKEY | NEW_ATTRIBUTES)
-#ifdef SANDIA
-             & ~KRB5_KDB_REQUIRES_PRE_AUTH & ~KRB5_KDB_REQUIRES_HW_AUTH
-#endif
-               ;
-        } else {
-            entry->attributes = NEW_ATTRIBUTES;
-        }
-#ifdef SANDIA
-        entry->last_pwd_change = entry->mod_date;
-        entry->last_success = entry->mod_date;
-        entry->fail_auth_count = 0;
-#endif
-       
-       if (salt) {
-           entry->salt_type = salt->salttype;
-           entry->salt_length = salt->saltdata.length;
-           entry->salt = (krb5_octet *) salt->saltdata.data;
-       } else {
-           entry->salt_type = KRB5_KDB_SALTTYPE_NORMAL;
-           entry->salt_length = 0;
-           entry->salt = 0;
-       }
-       
-       /* Set up version 4 alt key and alt salt info.....*/
-       if (altsalt) {
-           entry->alt_salt_type = altsalt->salttype;
-           entry->alt_salt_length = altsalt->saltdata.length;
-           entry->alt_salt = (krb5_octet *) altsalt->saltdata.data;
-       } else {
-           entry->alt_salt_type = KRB5_KDB_SALTTYPE_NORMAL;
-           entry->alt_salt_length = 0;
-           entry->alt_salt = 0;
-       }
-    } else {
-       if (retval = krb5_timeofday(context, &entry->last_pwd_change)) {
-           com_err("adm_modify_kdb", retval, "while fetching date");
-           if (entry->key.contents) {
-               memset((char *) entry->key.contents, 0, entry->key.length);
-               krb5_xfree(entry->key.contents);
-               entry->key.contents = 0;
-           }
-           if (entry->alt_key.contents) {
-               memset((char *) entry->alt_key.contents, 0,
-                      entry->alt_key.length);
-               krb5_xfree(entry->alt_key.contents);
-               entry->alt_key.contents = 0;
-           }
-           return(5);
-       }
-    }
-
-    retval = krb5_db_put_principal(context, entry, &one);
-
-    if (entry->key.contents) {
-       memset((char *) entry->key.contents, 0, entry->key.length);
-       krb5_xfree(entry->key.contents);
-       entry->key.contents = 0;
-    }
-
-    if (entry->alt_key.contents) {
-       memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
-       krb5_xfree(entry->alt_key.contents);
-       entry->alt_key.contents = 0;
-    }
-
-    if (retval) {
-       com_err("adm_modify_kdb", retval, 
-               "while storing entry for '%s'\n", newprinc);
-       return(kdb5_err_base + retval);
-    }
-
-    if (one != 1)
-       com_err("adm_modify_kdb", 0, "entry not stored in database (unknown failure)");
-    return(0);
-}
-
-krb5_error_code
-adm_enter_pwd_key(context, cmdname, newprinc, princ, string_princ, req_type,
-                 salttype, new_password, entry)
-    krb5_context context;
-    char * cmdname;
-    char * newprinc;
-    krb5_const_principal princ;
-    krb5_const_principal string_princ;
-    int req_type;
-    int salttype;
-    char * new_password;
-    krb5_db_entry * entry;
-{
-    krb5_error_code retval;
-    krb5_keyblock tempkey;
-    krb5_data pwd;
-    struct saltblock salt;
-    struct saltblock altsalt;
-    krb5_keyblock alttempkey;
-
-    pwd.data = new_password;
-    pwd.length = strlen((char *) new_password);
-
-    salt.salttype = salttype;
-
-    tempkey.contents = alttempkey.contents = 0;
-    retval = KRB_ERR_GENERIC;
-
-    switch (salttype) {
-    case KRB5_KDB_SALTTYPE_NORMAL:
-       if (retval = krb5_principal2salt(context,string_princ,&salt.saltdata)) {
-           com_err("adm_enter_pwd_key", retval,
-                   "while converting principal to salt for '%s'", newprinc);
-           goto cleanup;
-       }
-
-       altsalt.salttype = KRB5_KDB_SALTTYPE_V4;
-       altsalt.saltdata.data = 0;
-       altsalt.saltdata.length = 0;
-       break;
-
-    case KRB5_KDB_SALTTYPE_V4:
-       salt.saltdata.data = 0;
-       salt.saltdata.length = 0;
-        if (retval = krb5_principal2salt(context, string_princ, 
-                                        &altsalt.saltdata)) {
-            com_err("adm_enter_pwd_key", retval,
-                    "while converting principal to altsalt for '%s'", newprinc);
-           goto cleanup;
-        }
-
-       altsalt.salttype = KRB5_KDB_SALTTYPE_NORMAL;
-       break;
-
-    case KRB5_KDB_SALTTYPE_NOREALM:
-       if (retval = krb5_principal2salt_norealm(context, string_princ,
-                                                &salt.saltdata)) {
-           com_err("adm_enter_pwd_key", retval,
-                   "while converting principal to salt for '%s'", newprinc);
-           goto cleanup;
-       }
-
-       altsalt.salttype = KRB5_KDB_SALTTYPE_V4;
-       altsalt.saltdata.data = 0;
-       altsalt.saltdata.length = 0;
-       break;
-
-    case KRB5_KDB_SALTTYPE_ONLYREALM:
-    {
-       krb5_data *foo;
-       if (retval = krb5_copy_data(context, 
-                                   krb5_princ_realm(context, string_princ),
-                                   &foo)) {
-           com_err("adm_enter_pwd_key", retval,
-                   "while converting principal to salt for '%s'", newprinc);
-           goto cleanup;
-       }
-
-       salt.saltdata = *foo;
-       krb5_xfree(foo);
-       altsalt.salttype = KRB5_KDB_SALTTYPE_V4;
-       altsalt.saltdata.data = 0;
-       altsalt.saltdata.length = 0;
-       break;
-    }
-
-    default:
-       com_err("adm_enter_pwd_key", 0, 
-               "Don't know how to enter salt type %d", salttype);
-       goto cleanup;
-    }
-
-    if (retval = krb5_string_to_key(context, &master_encblock, 
-                               master_keyblock.keytype,
-                                &tempkey,
-                                &pwd,
-                                &salt.saltdata)) {
-       com_err("adm_enter_pwd_key", retval, 
-               "while converting password to key for '%s'", newprinc);
-       goto cleanup;
-    }
-
-    if (retval = krb5_string_to_key(context, &master_encblock, 
-                               master_keyblock.keytype,
-                                &alttempkey,
-                                &pwd,
-                                &altsalt.saltdata)) {
-       com_err("adm_enter_pwd_key", retval, 
-               "while converting password to alt_key for '%s'", newprinc);
-       goto cleanup;
-    }
-
-    memset((char *) new_password, 0, sizeof(new_password)); /* erase it */
-
-    retval = adm_modify_kdb(context, "adm_enter_pwd_key", 
-                       newprinc, 
-                       princ, 
-                       &tempkey,
-                       &alttempkey, 
-                       req_type, 
-                       &salt, 
-                       &altsalt,
-                       entry);
-
-cleanup:
-    if (salt.saltdata.data)
-       krb5_xfree(salt.saltdata.data);
-    if (altsalt.saltdata.data)
-       krb5_xfree(altsalt.saltdata.data);
-    if (tempkey.contents) {
-       memset((char *) tempkey.contents, 0, tempkey.length);
-       krb5_xfree(tempkey.contents);
-    }
-    if (alttempkey.contents) {
-       memset((char *) alttempkey.contents, 0, alttempkey.length);
-       krb5_xfree(alttempkey.contents);
-    }
-    memset((char *) new_password, 0, pwd.length); /* erase password */
-    return(retval);
-}
-
-krb5_error_code
-adm5_change(context, auth_context, prog, newprinc)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *prog;
-    krb5_principal newprinc;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-
-    krb5_error_code retval;
-    char *composite_name;
-    char new_passwd[ADM_MAX_PW_LENGTH + 1];
-
-    if (!(adm_princ_exists(context, "adm5_change", newprinc,
-               &entry, &nprincs))) {
-       com_err("adm5_change", 0, "No principal exists!");
-       krb5_free_principal(context, newprinc);
-       return(1);
-    }
-
-    memset((char *) new_passwd, 0, ADM_MAX_PW_LENGTH + 1);
-
-               /* Negotiate for New Key */
-    if (retval = adm_negotiate_key(context, auth_context, "adm5_change", 
-                                  new_passwd)) {
-       krb5_db_free_principal(context, &entry, nprincs);
-       krb5_free_principal(context, newprinc);
-       return(1);
-    }
-
-    if (retval = krb5_unparse_name(context, newprinc, &composite_name)) {
-       krb5_free_principal(context, newprinc);
-       krb5_db_free_principal(context, &entry, nprincs);
-       return retval;
-    }
-
-    if (entry.salt_type == KRB5_KDB_SALTTYPE_V4) {
-       entry.salt_type = KRB5_KDB_SALTTYPE_NORMAL;
-       entry.alt_salt_type = KRB5_KDB_SALTTYPE_V4;
-       com_err("adm5_change", 0, "Converting v4user to v5user");
-    }
-    retval = adm_enter_pwd_key(context, "adm5_change",              
-                                composite_name,
-                                newprinc,
-                                newprinc,
-                                1,     /* change */
-                                KRB5_KDB_SALTTYPE_NORMAL,
-                                new_passwd,
-                               &entry);
-    (void) memset(new_passwd, 0, strlen(new_passwd));
-    krb5_free_principal(context, newprinc);
-    krb5_db_free_principal(context, &entry, nprincs);
-    free(composite_name);
-    return(retval);
-}
-
-#ifdef SANDIA
-krb5_error_code
-adm5_create_rnd(prog, change_princ, client_auth_data, client_creds)
-char *prog;
-krb5_principal change_princ;
-krb5_authenticator *client_auth_data;
-krb5_ticket *client_creds;
-{
-    krb5_db_entry entry;
-    int nprincs = 1;
-
-    krb5_error_code retval;
-
-    if (!(adm_princ_exists("adm5_create_rnd", 
-                       change_princ,
-                       &entry, 
-                       &nprincs))) {
-        com_err("adm5_create_rnd", 0, "No principal exists!");
-        krb5_free_principal(change_princ);
-        return(1);
-    }   
-
-    if (retval = adm_get_rnd_key("adm5_create_rnd", 
-                       client_creds, 
-                       client_auth_data, 
-                       change_princ, 
-                       1,      /* change */
-                       &entry)) {
-       krb5_db_free_principal(&entry, nprincs);
-        krb5_free_principal(change_princ);
-        return(retval);
-    }
-
-    krb5_free_principal(change_princ);
-    krb5_db_free_principal(&entry, nprincs);
-    return(0);
-}
-#endif
-#define MAXMSGSZ       255
-
-krb5_error_code
-adm_enter_rnd_pwd_key(context, cmdname, change_princ, req_type, entry)
-    krb5_context context;
-    char * cmdname;
-    krb5_principal change_princ;
-    int req_type;
-    krb5_db_entry * entry;
-{
-    krb5_error_code retval;
-    krb5_keyblock *tempkey;
-    krb5_pointer master_random;
-    int salttype = KRB5_KDB_SALTTYPE_NORMAL;
-    struct saltblock salt;
-    char       *principal_name; 
-     
-    salt.salttype = salttype;
-    entry->salt_type = salttype;
-
-    if (retval = krb5_init_random_key(context, &master_encblock,
-                                      &master_keyblock,
-                                      &master_random)) {
-        com_err("adm_enter_rnd_pwd_key", 0, "Unable to Initialize Random Key");
-        (void) krb5_finish_key(context, &master_encblock);
-        memset((char *)master_keyblock.contents, 0, master_keyblock.length);
-        krb5_xfree(master_keyblock.contents);
-        goto finish;
-    }
-
-       /* Get Random Key */
-    if (retval = krb5_random_key(context, &master_encblock, 
-                                master_random, 
-                                &tempkey)) {
-        com_err("adm_enter_rnd_pwd_key", 0, "Unable to Obtain Random Key");
-        goto finish;
-    }
-
-       /* Tie the Random Key to the Principal */
-    if (retval = krb5_principal2salt(context, change_princ, &salt.saltdata)) {
-        com_err("adm_enter_rnd_pwd_key", 0, "Principal2salt Failure");
-        goto finish;
-    }
-
-    if (retval = krb5_unparse_name(context, change_princ, &principal_name))
-       goto finish;
-    
-               /* Modify Database */
-    retval = adm_modify_kdb(context, "adm_enter_rnd_pwd_key", 
-                           principal_name, 
-                           change_princ, 
-                           tempkey,
-                           tempkey,
-                           req_type, 
-                           &salt, 
-                           &salt,
-                           entry);
-    free(principal_name);
-    
-    if (retval) {
-        com_err("adm_enter_rnd_pwd_key", 0, "Database Modification Failure");
-       retval = 2;
-        goto finish;
-    }
-
-    finish:
-
-    if (tempkey->contents) {
-       memset((char *) tempkey->contents, 0, tempkey->length);
-       krb5_free_keyblock(context, tempkey);
-    }
-
-    return(retval);
-}
diff --git a/src/kadmin/server/adm_kadmin.c b/src/kadmin/server/adm_kadmin.c
deleted file mode 100644 (file)
index 556c357..0000000
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * kadmin/server/adm_kadmin.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/*
- * Sandia National Laboratories also makes no representations about the
- * suitability of the modifications, or additions to this software for
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
-  adm_kadmin.c
-*/
-
-#include <sys/types.h>
-#include <syslog.h>
-#include "com_err.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-#include "k5-int.h"
-#include "adm_extern.h"
-krb5_error_code
-adm5_kadmin(context, auth_context, prog, retbuf, otype)
-    krb5_context context;
-    krb5_auth_context * auth_context;
-    char *prog;
-    char *retbuf;              /* Allocated in Calling Routine */
-    int *otype;
-{
-    krb5_replay_data replaydata;
-    krb5_error_code retval;
-    kadmin_requests request_type;
-    krb5_data msg_data, outbuf, inbuf;
-
-    char *customer_name;
-    char *completion_msg;
-    int length_of_name;
-
-    int salttype;
-
-    outbuf.data = retbuf;      /* Do NOT free outbuf.data */
-
-    for ( ; ; ) {              /* Use "return", "break", or "goto" 
-                                  to exit for loop */
-
-               /* Encode Acknowledgement Message */
-       retbuf[0] = KADMIND;
-       retbuf[1] = KADMSAG;
-       retbuf[2] = SENDDATA2;
-       outbuf.length = 3;
-
-       retval = krb5_mk_priv(context, auth_context, &outbuf,
-                             &msg_data, &replaydata);
-       if (retval ) {
-           syslog(LOG_ERR, 
-               "adm5_kadmin - Error Performing Acknowledgement mk_priv");
-           return(5);          /* Protocol Failure */
-       }
-
-               /* Send Acknowledgement Reply to Client */
-       if (retval = krb5_write_message(context, &client_server_info.client_socket,
-                               &msg_data)){
-           free(msg_data.data);
-           syslog(LOG_ERR,
-               "adm5_kadmin - Error Performing Acknowledgement Write: %s",
-               error_message(retval));
-           return(5);          /* Protocol Failure */
-       }
-       free(msg_data.data);
-
-                       /* Read Username */
-       if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-           syslog(LOG_ERR | LOG_INFO, "Error Performing Username Read");
-           return(5);          /* Protocol Failure */
-       }
-
-                /* Decrypt Client Response */
-       if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                                  &msg_data, &replaydata))) {
-           free(inbuf.data);
-           syslog(LOG_ERR | LOG_INFO, "Error decoding Username - rd_priv");
-           return(5);          /* Protocol Failure */
-       }
-       free(inbuf.data);
-
-       request_type.appl_code = msg_data.data[0];
-       request_type.oper_code = msg_data.data[1];
-       if (msg_data.data[2] != SENDDATA2) {
-           syslog(LOG_ERR | LOG_INFO, 
-               "Invalid Protocol String - Response not SENDDATA2");
-           free(msg_data.data);
-           return(5);          /* Protocol Failure */
-       }
-
-       length_of_name = msg_data.length - 3;
-
-       if (request_type.oper_code == COMPLETE) {
-           *otype = 0;
-           free(msg_data.data);
-           retval = 0;
-           goto finish_req;
-       }
-
-       if (!length_of_name) {
-           syslog(LOG_ERR,
-               "adm5_kadmin error: Invalid KADMIN request - No Customer");
-           free(msg_data.data);
-           return(5);          /* Protocol Error */
-       }
-
-       if ((customer_name = (char *) calloc(1, length_of_name + 1)) == 
-                               (char *) 0) {
-           syslog(LOG_ERR, "adm5_kadmin error: No Memory for Customer Name");
-           free(msg_data.data);
-           return(3);          /* No Memory */
-       }
-
-       (void) memcpy(customer_name, (char *) msg_data.data + 3, 
-                       length_of_name);
-       customer_name[length_of_name] = '\0';
-
-       free(msg_data.data);
-
-       if ((completion_msg = (char *) calloc (1,512)) == (char *) 0) {
-           syslog(LOG_ERR, "adm5_kadmin - No Memory for completion_msg");
-           free(customer_name);
-           return(3);          /* No Memory */
-       }
-
-       switch(request_type.oper_code) {
-           case ADDOPER:
-                       /* Check for Add Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "a")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 1;
-               salttype = KRB5_KDB_SALTTYPE_NORMAL;
-               retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
-                                        customer_name, salttype);
-               goto process_retval;
-
-           case CHGOPER:
-                       /* Check for Password Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "c")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 2;
-               salttype = KRB5_KDB_SALTTYPE_NORMAL;
-               retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
-                                       customer_name, salttype);
-               goto process_retval;
-
-           case ADROPER:
-                       /* Check for Add Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "a")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 3;
-               retval = adm_add_new_key_rnd(context, "adm5_kadmin", 
-                                            customer_name);
-               goto process_retval;
-
-           case CHROPER:
-                       /* Check for Password Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "c")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 4;
-               retval = adm_change_pwd_rnd(context, "adm5_kadmin", 
-                                           customer_name);
-               goto process_retval;
-
-           case DELOPER:
-                       /* Check for Delete Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "d")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 5;
-               retval = adm_del_old_key(context, "adm5_kadmin", customer_name);
-               goto process_retval;
-
-           case MODOPER:
-               /* Check for Modify Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "m")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 6;
-               retval = adm_mod_old_key(context, auth_context, "adm5_kadmin",
-                                        customer_name);
-               goto process_retval;
-
-           case INQOPER:
-                       /* Check for Inquiry Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "i")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 7;
-               retval = adm_inq_old_key(context, auth_context, "adm5_kadmin",
-                                        customer_name);
-               goto process_retval;
-
-           case AD4OPER:
-                       /* Check for Add Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "a")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 8;
-               salttype = KRB5_KDB_SALTTYPE_V4;
-               retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
-                                        customer_name, salttype);
-               goto process_retval;
-
-           case CH4OPER:
-                       /* Check for Password Privilege */
-               if (retval = adm_check_acl(client_server_info.name_of_client,
-                                          "c")) {
-                   retval = 7;
-                   goto process_retval;
-               }
-               *otype = 9;
-               salttype = KRB5_KDB_SALTTYPE_V4;
-               retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
-                                       customer_name, salttype);
-               goto process_retval;
-
-           default:
-               retbuf[0] = KADMIN;
-               retbuf[1] = KUNKNOWNOPER;
-               retbuf[2] = '\0';
-               sprintf(completion_msg, "%s %s from %s FAILED",
-                       "kadmin", 
-                       "Unknown or Non-Implemented Operation Type!",
-                       inet_ntoa(client_server_info.client_name.sin_addr));
-               syslog(LOG_AUTH | LOG_INFO, completion_msg);
-               retval = 255;
-               goto send_last;
-       }                       /* switch (request_type.oper_code) */
-
-process_retval:
-       switch (retval) {
-           case 0:
-               retbuf[0] = KADMIN;
-               retbuf[1] = request_type.oper_code;
-               retbuf[2] = KADMGOOD;
-               retbuf[3] = '\0';
-               goto send_last;
-
-           case 1:     /* Principal Unknown */
-           case 2:     /* Principal Already Exists */
-           case 3:     /* ENOMEM */
-           case 4:     /* Password Failure */
-           case 5:     /* Protocol Failure */
-           case 6:     /* Security Failure */
-           case 7:     /* Admin Client Not in ACL List */
-           case 8:     /* Database Update Failure */
-               retbuf[0] = KADMIN;
-               retbuf[1] = request_type.oper_code;
-               retbuf[2] = KADMBAD;
-               retbuf[3] = '\0';
-               sprintf((char *)retbuf +3, "%s",
-                       kadmind_kadmin_response[retval]);
-               sprintf(completion_msg, 
-                       "%s %s from %s FAILED - %s", 
-                       "kadmin",
-                       oper_type[request_type.oper_code],
-                       inet_ntoa(client_server_info.client_name.sin_addr),
-                       kadmind_kadmin_response[retval]);
-               syslog(LOG_AUTH | LOG_INFO, completion_msg);
-               goto send_last;
-
-           default:
-               retbuf[0] = KADMIN;
-               retbuf[1] = request_type.oper_code;
-               retbuf[2] = KUNKNOWNERR;
-               retbuf[3] = '\0';
-               sprintf(completion_msg, "%s %s from %s FAILED", 
-                   "kadmin",
-                   oper_type[1],
-                   inet_ntoa( client_server_info.client_name.sin_addr));
-               syslog(LOG_AUTH | LOG_INFO, completion_msg);
-               retval = 255;
-               goto send_last;
-       }               /* switch(retval) */
-
-send_last:
-       free(customer_name);
-       free(completion_msg);
-       outbuf.data = retbuf;
-       outbuf.length = strlen(retbuf) + 1;
-
-               /* Send Completion Message */
-       if (retval = krb5_mk_priv(context, auth_context, &outbuf,
-                                 &msg_data, &replaydata)) {
-           syslog(LOG_ERR, "adm5_kadmin - Error Performing Final mk_priv");
-           return(1);
-       }
-
-                       /* Send Final Reply to Client */
-       if (retval = krb5_write_message(context, 
-                                       &client_server_info.client_socket,
-                                       &msg_data)){
-           free(msg_data.data);
-           syslog(LOG_ERR, "adm5_kadmin - Error Performing Final Write: %s",
-                       error_message(retval));
-           return(1);
-       }
-       free(msg_data.data);
-    }          /* for */
-
-finish_req:
-    return(retval);
-}
diff --git a/src/kadmin/server/adm_kpasswd.c b/src/kadmin/server/adm_kpasswd.c
deleted file mode 100644 (file)
index 5ab7c74..0000000
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * kadmin/server/adm_kpasswd.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/*
- * Sandia National Laboratories also makes no representations about the
- * suitability of the modifications, or additions to this software for
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
-  adm_kpasswd.c
-*/
-
-#include <sys/types.h>
-#include <syslog.h>
-#include <sys/wait.h>
-#include <stdio.h>
-#include "com_err.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-#include "k5-int.h"
-#include "adm_extern.h"
-extern krb5_encrypt_block master_encblock;
-extern krb5_keyblock master_keyblock;
-struct cpw_keyproc_arg {
-    krb5_keyblock *key;
-};
-krb5_error_code
-adm5_kpasswd(context, auth_context, prog, request_type, retbuf, otype)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    char *prog;
-    kadmin_requests *request_type;
-    char *retbuf;
-    int *otype;
-{
-    char completion_msg[520];
-    krb5_error_code retval;
-
-    switch (request_type->oper_code) {
-    case CHGOPER:
-       *otype = 3;
-       syslog(LOG_AUTH | LOG_INFO,
-              "adm_kpasswd: kpasswd change received");
-       retval = adm5_change(context, auth_context, "adm5_kpasswd", 
-                            client_server_info.client);
-
-       switch(retval) {
-       case 0:
-           retbuf[0] = KPASSWD;
-           retbuf[1] = CHGOPER;
-           retbuf[2] = KPASSGOOD;
-           retbuf[3] = '\0';
-           break;
-
-       case 1:
-           retbuf[0] = KPASSWD;
-           retbuf[1] = CHGOPER;
-           retbuf[2] = KPASSBAD;
-           retbuf[3] = '\0';
-           sprintf((char *)retbuf +3, "%s", 
-                   kadmind_kpasswd_response[retval]);
-           sprintf(completion_msg,
-                   "kpasswd change from %s FAILED: %s", 
-                   inet_ntoa(client_server_info.client_name.sin_addr),
-                   kadmind_kpasswd_response[retval]);
-           syslog(LOG_AUTH | LOG_INFO, completion_msg);
-           goto finish;
-
-       default:
-           retbuf[0] = KPASSWD;
-           retbuf[1] = CHGOPER;
-           retbuf[2] = KUNKNOWNERR;
-           retbuf[3] = '\0';
-           sprintf(completion_msg, "kpasswd change from %s FAILED", 
-                   inet_ntoa(client_server_info.client_name.sin_addr));
-           syslog(LOG_AUTH | LOG_INFO, completion_msg);
-           retval = 255;
-           goto finish;
-       }               /* switch (retval) */
-       break;
-
-    default:
-       retbuf[0] = KPASSWD;
-       retbuf[1] = KUNKNOWNOPER;
-       retbuf[2] = '\0';
-       sprintf(completion_msg, "kpasswd %s from %s FAILED", 
-               "Unknown or Non-Implemented Operation Type!",
-               inet_ntoa(client_server_info.client_name.sin_addr ));
-       syslog(LOG_AUTH | LOG_INFO, completion_msg);
-       retval = 255;
-       goto finish;
-    }                  /* switch (request_type->oper_code) */
-    
-finish:
-       return(retval);
-}
diff --git a/src/kadmin/server/adm_listen.c b/src/kadmin/server/adm_listen.c
deleted file mode 100644 (file)
index a784b30..0000000
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * kadmin/server/adm_listen.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Network Listen Loop for the Kerberos Version 5 Administration server
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
-  adm_listen.c
-*/
-
-#ifdef _AIX
-#include <sys/select.h>
-#endif
-
-#include "k5-int.h"
-
-#include <syslog.h>
-#include <signal.h>
-#include "com_err.h"
-
-#ifndef sigmask
-#define sigmask(m)    (1 <<((m)-1))
-#endif
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include "adm_extern.h"
-
-int adm_debug_flag = 0;
-
-#ifdef USE_SIGPROCMASK
-/* just do it right */
-void
-kill_children()
-{
-    int i;
-    sigset_t old, new;
-
-    sigemptyset(&old);
-    sigemptyset(&new);
-    sigaddset(&new,SIGCHLD);
-    sigprocmask(SIG_BLOCK, &new, &old);
-
-    for (i = 0; i < pidarraysize; i++) {
-       kill(pidarray[i], SIGINT);
-       syslog(LOG_AUTH | LOG_INFO, "Killing Admin Child %d", pidarray[i]);
-    }
-
-    sigprocmask(SIG_SETMASK, &old, NULL);
-}
-
-#else
-
-#ifdef USE_SIGPROCMASK
-/* fake sigmask, sigblock, sigsetmask */
-#include <signal.h>
-#define sigmask(x) (1L<<(x)-1)
-#define sigsetmask(x) sigprocmask(SIG_SETMASK,&x,NULL)
-static int _fake_sigstore;
-#define sigblock(x) (_fake_sigstore=x,sigprocmask(SIG_BLOCK,&_fake_sigstore,0))
-#endif
-
-void
-kill_children()
-{
-    register int i;
-    int osigmask;
-
-    osigmask = sigblock(sigmask(SIGCHLD));
-
-    for (i = 0; i < pidarraysize; i++) {
-       kill(pidarray[i], SIGINT);
-       syslog(LOG_AUTH | LOG_INFO, "Killing Admin Child %d", pidarray[i]);
-    }
-
-    sigsetmask(osigmask);
-    return;
-}
-#endif /* HAVE_SIGSET */
-
-/* adm5_listen_and_process - listen on the admin servers port for a request */
-
-int
-adm5_listen_and_process(context, prog)
-    krb5_context context;
-    const char *prog;
-{
-    extern int errno;
-    int found;
-    fd_set mask, readfds;
-    int addrlen;
-    krb5_error_code process_client();
-    krb5_error_code retval;
-    void kill_children();
-    int pid;
-
-    (void) listen(client_server_info.server_socket, 1);
-
-    FD_ZERO(&mask);
-    FD_SET(client_server_info.server_socket, &mask);
-
-    for (;;) {                         /* loop nearly forever */
-       if (exit_now) {
-               kill_children();
-               return(0);
-       }
-
-       readfds = mask;
-       if ((found = select(client_server_info.server_socket + 1,
-                               &readfds,
-                               (fd_set *)0,
-                               (fd_set *)0, 
-                               (struct timeval *)0)) == 0)
-               continue;                       /* no things read */
-
-       if (found < 0) {
-               if (errno != EINTR)
-                       syslog(LOG_AUTH | LOG_INFO, 
-                               "%s: select: %s", "adm5_listen_and_process", 
-                               error_message(errno));
-               continue;
-       }      
-
-       if (FD_ISSET(client_server_info.server_socket, &readfds)) {
-               /* accept the conn */
-               addrlen = sizeof(client_server_info.client_name);
-               if ((client_server_info.client_socket = 
-                       accept(client_server_info.server_socket, 
-                       (struct sockaddr *) &client_server_info.client_name,
-                       &addrlen)) < 0) {
-                   syslog(LOG_AUTH | LOG_INFO, "%s: accept: %s", 
-                               "adm5_listen_and_process", 
-                               error_message(errno));
-                   continue;
-               }
-               
-               if (adm_debug_flag) {
-                       retval = process_client(context, 
-                                               "adm5_listen_and_process");
-                       exit(retval);
-               }
-                       
-               /* if you want a sep daemon for each server */
-               if (!(pid = fork())) { 
-                       /* child */
-                       (void) close(client_server_info.server_socket);
-
-                       retval = process_client(context, 
-                                               "adm5_listen_and_process");
-                       exit(retval);
-               } else {
-                       /* parent */
-                       if (pid < 0) {
-                               syslog(LOG_AUTH | LOG_INFO, "%s: fork: %s",
-                                       "adm5_listen_and_process", 
-                                       error_message(errno));
-                               (void) close(client_server_info.client_socket);
-                               continue;
-                       }
-
-                       /* fork succeded: keep tabs on child */
-
-                       (void) close(client_server_info.client_socket);
-                       if (pidarray) {
-                               pidarray = (int *) realloc((char *)pidarray, 
-                                       (++pidarraysize) * sizeof(int));
-                               pidarray[pidarraysize - 1] = pid;
-                       } else {
-                               pidarraysize = 1;
-                               pidarray = 
-                                 (int *) malloc(pidarraysize *sizeof(int));
-                               pidarray[0] = pid;
-                       }
-               }
-       } else {
-               syslog(LOG_AUTH | LOG_INFO, "%s: something else woke me up!",
-                       "adm5_listen_and_process");
-               return(0);
-       }
-    }
-}
diff --git a/src/kadmin/server/adm_msgs.c b/src/kadmin/server/adm_msgs.c
deleted file mode 100644 (file)
index 3a350f1..0000000
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * kadmin/server/adm_msgs.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Top-level loop of the Kerberos Version 5 Administration server
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-char *oper_type[] = {
-       "complete",                                     /* 0 */
-       "addition",                                     /* 1 */
-       "deletion",                                     /* 2 */
-       "change",                                       /* 3 */
-       "modification",                                 /* 4 */
-       "inquiry"                                       /* 5 */
-};
-
-char *ksrvutil_message[] = {
-       "Service Key Changed",                          /* 0 */
-       "New Key and Version Received"                  /* 1 */
-};
-
-char *kadmind_general_response[] = {
-       "Success",                                      /* 0 */
-       "Service Access Granted"                        /* 1 */
-};
-
-char *kadmind_kpasswd_response[] = {
-       "Password Changed",                             /* 0 */
-       "Password NOT Changed!"                         /* 1 */
-};
-
-char *kadmind_ksrvutil_response[] = {
-       "Service Password Change Complete",             /* 0 */
-       "One or More Service Password Change(s) Failed!",       /* 1 */
-       "Database Update Failure - Possible Catastrophe!!"      /* 2 */
-};
-
-char *kadmind_kadmin_response[] = {
-       "Administrative Service Completed",             /* 0 */
-       "Principal Unknown!",                           /* 1 */
-       "Principal Already Exists!",                    /* 2 */
-       "Allocation Failure!",                          /* 3 */
-       "Password Failure!",                            /* 4 */
-       "Protocol Failure!",                            /* 5 */
-       "Security Failure!",                            /* 6 */
-       "Admin Client Not in ACL List!",                        /* 7 */
-       "Database Update Failure - Possible Catastrophe!!"      /* 8 */
-};
diff --git a/src/kadmin/server/adm_nego.c b/src/kadmin/server/adm_nego.c
deleted file mode 100644 (file)
index abde341..0000000
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- * kadmin/server/adm_nego.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- * 
- * Modify the Kerberos Database
- */
-
-
-#include "com_err.h"
-#include <sys/types.h>
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include <stdio.h>
-
-#include "k5-int.h"
-#include "adm_extern.h"
-
-krb5_error_code
-adm_negotiate_key(context, auth_context, prog, new_passwd)
-    krb5_context context;
-    krb5_auth_context *auth_context;
-    char const * prog;
-    char * new_passwd;
-{
-   krb5_replay_data replaydata;
-   krb5_data msg_data, inbuf;
-   krb5_error_code retval;
-#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */
-   krb5_pwd_data *pwd_data;
-   krb5_pwd_data encodable_data;
-   krb5_data *encoded_pw_string;
-   passwd_phrase_element **next_passwd_phrase_element;
-   char *tmp_passwd, *tmp_phrase;
-   krb5_authenticator *client_auth_data;
-   int count, i, j, k;
-   int legit_passwd = 0;
-#endif
-   extern int errno;
-
-#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */
-
-#define clear_encodable_data() \
-{ encodable_data.sequence_count = 0; \
-  encodable_data.element = 0; \
-}
-
-#define free_seq_list() \
-{ free(encodable_data.element); \
-}
-
-#define free_pwd_and_phrase_structures() \
-{ next_passwd_phrase_element = encodable_data.element; \
-  for (k = 0; \
-       *next_passwd_phrase_element != 0 &&  k < encodable_data.sequence_count; \
-       k++) { \
-     free(*next_passwd_phrase_element); \
-     *next_passwd_phrase_element = 0; \
-     next_passwd_phrase_element++; } \
-}
-
-#define free_passwds() \
-{ next_passwd_phrase_element = encodable_data.element; \
-  for (k = 0; \
-       *next_passwd_phrase_element != 0 && k < encodable_data.sequence_count; \
-       k++) { \
-     memset((char *) (*next_passwd_phrase_element)->passwd->data, \
-       0, (*next_passwd_phrase_element)->passwd->length); \
-     free((*next_passwd_phrase_element)->passwd->data); \
-     next_passwd_phrase_element++; } \
-}
-
-#define free_phrases() \
-{ next_passwd_phrase_element = encodable_data.element; \
-  for (k = 0; \
-       *next_passwd_phrase_element != 0 && k < encodable_data.sequence_count; \
-       k++) { \
-     memset((char *) (*next_passwd_phrase_element)->phrase->data, \
-       0, (*next_passwd_phrase_element)->phrase->length); \
-     free((*next_passwd_phrase_element)->phrase->data); \
-     next_passwd_phrase_element++; } \
-}
-
-   encodable_data.sequence_count = 
-               ADM_MAX_PW_CHOICES * ADM_MAX_PW_ITERATIONS;
-
-           /* Allocate List of Password and Phrase Addresses Pointers */
-   if ((encodable_data.element = (passwd_phrase_element **) calloc(
-                   encodable_data.sequence_count + 1, 
-                   sizeof(passwd_phrase_element *))) == 
-                       (passwd_phrase_element **) 0) {
-               clear_encodable_data();
-               com_err("adm_negotiate_key", 0, 
-                       "No Memory for Password and Phrase List");
-               return(1);
-       }
-
-   next_passwd_phrase_element = encodable_data.element;
-
-       /* Allow for ADM_MAX_PW_ITERATIONS Sets of Five Passwords/Phrases */
-   for ( i = 0; i < ADM_MAX_PW_ITERATIONS; i++) {
-       if ( i == ADM_MAX_PW_ITERATIONS ) {
-               com_err("adm_negotiate_key", 0, 
-                       "Excessive Password List Requests");
-               return(1);
-       }
-
-               /* Allocate passwd_phrase_element structures */
-        for (j = 0; j < ADM_MAX_PW_CHOICES; j++) {
-           if ((*next_passwd_phrase_element = 
-                   (passwd_phrase_element *) calloc(1, 
-                   sizeof(passwd_phrase_element))) == 
-                               (passwd_phrase_element *) 0) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", 0, 
-                   "No Memory for Additional Password and Phrase Structures");
-               return(1);
-           }
-
-           if ((retval = get_pwd_and_phrase("adm_negotiate_key",
-                       &tmp_passwd, &tmp_phrase))) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", 0, "Unable to get_pwd_and_phrase");
-               return(1);
-           }
-
-           if (((*next_passwd_phrase_element)->passwd = 
-                   (krb5_data *) calloc(1, 
-                   sizeof(krb5_data))) == (krb5_data *) 0) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", 0, 
-                   "No Memory for Additional Password and Phrase Structures");
-               return(1);
-           }
-
-           if (((*next_passwd_phrase_element)->passwd->data = 
-                       (char *) calloc (1, 
-                       strlen(tmp_passwd))) == (char *) 0) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", ENOMEM, 
-                       "for Additional Passwords");
-           }
-
-           strcpy((*next_passwd_phrase_element)->passwd->data, tmp_passwd);
-           (*next_passwd_phrase_element)->passwd->length = strlen(tmp_passwd);
-
-           if (((*next_passwd_phrase_element)->phrase = 
-                   (krb5_data *) calloc(1, 
-                   sizeof(krb5_data))) == (krb5_data *) 0) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", 0, 
-                   "No Memory for Additional Password and Phrase Structures");
-               return(1);
-           }
-
-           if (((*next_passwd_phrase_element)->phrase->data = 
-                       (char *) calloc (1, 
-                       strlen(tmp_phrase))) == (char *) 0) {
-               free_pwd_and_phrase_structures();
-               free_seq_list();
-               clear_encodable_data();
-               com_err("adm_negotiate_key", ENOMEM, 
-                       "for Additional Passwords");
-               return(1);
-           }
-
-           strcpy((*next_passwd_phrase_element)->phrase->data, tmp_phrase);
-           (*next_passwd_phrase_element)->phrase->length = strlen(tmp_phrase);
-
-           free(tmp_passwd);
-           free(tmp_phrase);
-
-           next_passwd_phrase_element++;
-       }
-    }  /* for i <= KADM_MAX_PW_CHOICES */
-
-               /* Asn.1 Encode the Passwords and Phrases */
-    if ((retval = encode_krb5_pwd_data(&encodable_data, 
-                       &encoded_pw_string))) {
-       com_err("adm_negotiate_key", 0, 
-                       "Unable to encode Password and Phrase Data");
-       return(1);
-    }
-
-               /* Free Phrases But Hold onto Passwds for Awhile*/
-    free_phrases();
-
-               /* Encrypt Password/Phrases Encoding */
-    retval = krb5_mk_priv(context, auth_context, encoded_pw_string,
-                         &msg_data, &replaydata);
-    if (retval ) {
-       free_passwds();
-       free_pwd_and_phrase_structures();
-       free_seq_list();
-       clear_encodable_data();
-       com_err("adm_negotiate_key", retval, "during mk_priv");
-       return(1);  
-    }
-
-       /* Send Encrypted/Encoded Passwords and Phrases to Client */
-    if (krb5_write_message(context, &client_server_info.client_socket, &msg_data)){
-       free(msg_data.data);
-       free_passwds();
-       free_pwd_and_phrase_structures();
-       free_seq_list();
-       clear_encodable_data();
-       com_err("adm_negotiate_key", 0, "Error Performing Password Write");
-       return(1);  
-    } 
-    free(msg_data.data);
-
-#endif /* MACH_PASS - Machine-gen. passwords */
-               /* Read Client Response */
-    if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){
-#if defined(MACH_PASS) || defined(SANDIA)
-       free_passwds();
-       free_pwd_and_phrase_structures();
-       free_seq_list();
-       clear_encodable_data();
-#endif
-       com_err("adm_negotiate_key", errno, "Error Performing Password Read");
-       return(1);
-    }
-
-               /* Decrypt Client Response */
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
-                              &msg_data, &replaydata))) {
-       free(inbuf.data);
-#if defined(MACH_PASS) || defined(SANDIA)
-       free_passwds();
-       free_pwd_and_phrase_structures();
-       free_seq_list();
-       clear_encodable_data();
-#endif
-       com_err("adm_negotiate_key", retval, "krb5_rd_priv error %s",
-                               error_message(retval));
-       return(1);
-    }
-    free(inbuf.data);
-
-#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords */
-    legit_passwd = 0;
-    next_passwd_phrase_element = encodable_data.element;
-               /* Compare Response with Acceptable Passwords */
-    for (j = 0; 
-       j < ADM_MAX_PW_CHOICES * ADM_MAX_PW_ITERATIONS; 
-       j++) {
-       if ((retval = memcmp(msg_data.data, 
-                  (*next_passwd_phrase_element)->passwd->data, 
-                  strlen((*next_passwd_phrase_element)->passwd->data))) == 0) {
-           legit_passwd++;
-           break; /* Exit Loop - Match Found */
-       }
-       next_passwd_phrase_element++;
-    }
-               /* Now Free Passwds */
-    free_passwds();
-
-       /* free password_and_phrase structures */
-    free_pwd_and_phrase_structures();
-
-       /* free passwd_phrase_element list */
-    free_seq_list();
-
-       /* clear krb5_pwd_data */
-    clear_encodable_data();
-
-    if (!(legit_passwd)) {
-       com_err("adm_negotiate_key", 0, "Invalid Password Entered");
-       return(1);
-    }
-#endif
-    strncpy(new_passwd, msg_data.data, msg_data.length);
-    free(msg_data.data);
-
-    return(0);
-}
-
diff --git a/src/kadmin/server/adm_network.c b/src/kadmin/server/adm_network.c
deleted file mode 100644 (file)
index 545784f..0000000
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * kadmin/server/adm_network.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Network Initialization/Shutdown Component of the 
- * Version 5 Administration network
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
- *   adm_network.c
- */
-
-#include <stdio.h>
-#include "com_err.h"
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/param.h>
-#include <signal.h>
-
-#ifndef sigmask
-#define sigmask(m)    (1 <<((m)-1))
-#endif
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-#include <netdb.h>
-
-#include "k5-int.h"
-#include "adm_extern.h"
-
-extern int errno;
-
-#ifdef POSIX_SIGTYPE
-#define SIGNAL_RETURN return
-#else
-#define SIGNAL_RETURN return(0)
-#endif
-
-krb5_error_code
-closedown_network(prog)
-const char *prog;
-{
-    if (client_server_info.server_socket == -1) return(1);
-
-    (void) close(client_server_info.server_socket);
-    client_server_info.server_socket = -1;
-    return(0);
-}
-
-krb5_sigtype
-doexit()
-{
-    exit_now = 1;
-    SIGNAL_RETURN;
-}
-
-/*
- *  SIGCHLD brings us here
- */
-krb5_sigtype
-do_child()
-{
-    /*
-     *  <sys/param.h> has been included, so BSD will be defined on
-     * BSD systems
-     */
-#if BSD > 0 && BSD <= 43
-#ifndef WEXITSTATUS
-#define        WEXITSTATUS(w)  (w).w_retcode
-#define WTERMSIG(w)    (w).w_termsig
-#endif
-    union wait status;
-#else
-    int        status;
-#endif
-    int pid, i, j;
-
-    signal(SIGCHLD, do_child);
-    
-    pid = wait(&status);
-    if (pid < 0)
-       SIGNAL_RETURN;
-    for (i = 0; i < pidarraysize; i++)
-       if (pidarray[i] == pid) {
-                       /* found it */
-               for (j = i; j < pidarraysize-1; j++)
-                       /* copy others down */
-                       pidarray[j] = pidarray[j+1];
-               pidarraysize--;
-               if ( !WIFEXITED(status) ) {
-                       com_err("adm_network", 0, "child %d: termsig %d", 
-                               pid, WTERMSIG(status) );
-                       com_err("adm_network", 0, "retcode %d", 
-                               WEXITSTATUS(status));
-               }
-
-               SIGNAL_RETURN;
-       }
-
-    com_err("adm_network", 0, 
-       "child %d not in list: termsig %d, retcode %d", pid,
-       WTERMSIG(status), WEXITSTATUS(status));
-
-    SIGNAL_RETURN;
-}
-
-krb5_error_code
-setup_network(context, prog)
-    krb5_context context;
-    const char *prog;
-{
-    krb5_error_code retval;
-    char server_host_name[MAXHOSTNAMELEN];
-    krb5_sigtype     doexit(), do_child();
-    struct servent *service_servent;
-    struct hostent *service_hostent;
-
-    signal(SIGINT, doexit);
-    signal(SIGTERM, doexit);
-    signal(SIGHUP, doexit);
-    signal(SIGQUIT, doexit);
-    signal(SIGPIPE, SIG_IGN); /* get errors on write() */
-    signal(SIGALRM, doexit);
-    signal(SIGCHLD, do_child);
-    client_server_info.name_of_service = malloc(768);
-    if (!client_server_info.name_of_service) {
-        com_err("setup_network", 0, 
-               "adm_network: No Memory for name_of_service");
-        return ENOMEM;
-    }
-
-    (void) sprintf(client_server_info.name_of_service, "%s%s%s%s%s",
-                        CPWNAME, "/", realm, "@", realm);
-
-#ifdef DEBUG
-    fprintf(stderr, "client_server_info.name_of_service = %s\n",
-               client_server_info.name_of_service);
-#endif /* DEBUG */
-
-    if ((retval = krb5_parse_name(context, client_server_info.name_of_service,
-                        &client_server_info.server))) {
-        free(client_server_info.name_of_service);
-       com_err( "setup_network", retval, 
-               "adm_network: Unable to Parse Server Name");
-       return retval;
-    }
-
-    if (gethostname(server_host_name, sizeof(server_host_name))) {
-       retval = errno;
-        krb5_free_principal(context, client_server_info.server);
-        free(client_server_info.name_of_service);
-       com_err( "setup_network", retval,
-               "adm_network: Unable to Identify Who I am");
-       return retval;
-    }
-
-    service_hostent = gethostbyname(server_host_name);
-    if (!service_hostent) {
-       retval = errno;
-        free(client_server_info.name_of_service);
-       com_err("setup_network", retval, "adm_network: Failed gethostname");
-       return retval;
-    }
-
-#ifdef DEBUG
-    fprintf(stderr, "Official host name = %s\n", service_hostent->h_name);
-#endif /* DEBUG */
-
-    client_server_info.server_name.sin_family = AF_INET;
-
-#ifdef unicos61
-    memcpy((char *) &client_server_info.server_name.sin_addr,
-               (char *) service_hostent->h_addr, service_hostent->h_length);
-#else
-    memcpy((char *) &client_server_info.server_name.sin_addr.s_addr,
-               (char *) service_hostent->h_addr, service_hostent->h_length);
-#endif /* unicos61 */
-
-    client_server_info.server_socket = -1;
-
-#ifdef DEBUG
-    fprintf(stderr, "adm5_tcp_portname = %s\n", adm5_tcp_portname);
-#endif /* DEBUG */
-
-    service_servent = getservbyname(adm5_tcp_portname, "tcp");
-    if (admin_port) {
-      client_server_info.server_name.sin_port = admin_port;
-    } else if (service_servent) {
-      client_server_info.server_name.sin_port = service_servent->s_port;
-#ifdef DEBUG
-      fprintf(stderr, "Official service name = %s\n", service_servent->s_name);
-#endif /* DEBUG */
-    } else {
-#ifdef ADM5_DEFAULT_PORT
-      client_server_info.server_name.sin_port = htons(ADM5_DEFAULT_PORT);
-      com_err("setup_network", 0, "adm_network: using default port %d",
-             ADM5_DEFAULT_PORT);
-#else
-      krb5_free_principal(client_server_info.server);
-      free(client_server_info.name_of_service);
-      com_err("setup_network", 0, "adm_network: %s/tcp service unknown", 
-             adm5_tcp_portname);
-      return(1);
-#endif
-    }
-
-
-    if ((client_server_info.server_socket = 
-               socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-       retval = errno;
-        krb5_free_principal(context, client_server_info.server);
-        free(client_server_info.name_of_service);
-       com_err("setup_network", retval, 
-               "adm_network: Cannot create server socket.");
-       return(1);
-    }
-
-#ifdef DEBUG
-    fprintf(stderr, "Socket File Descriptor = %d\n", 
-               client_server_info.server_socket);
-    fprintf(stderr, "sin_family = %d\n", 
-               client_server_info.server_name.sin_family);
-    fprintf(stderr, "sin_port = %d\n", 
-               client_server_info.server_name.sin_port);
-    fprintf(stderr, "in_addr.s_addr = %s\n", 
-               inet_ntoa( client_server_info.server_name.sin_addr ));
-#endif /* DEBUG */
-
-    if (bind(client_server_info.server_socket,
-               &client_server_info.server_name, 
-               sizeof(client_server_info.server_name)) < 0) {
-       retval = errno;
-        krb5_free_principal(context, client_server_info.server);
-        free(client_server_info.name_of_service);
-       com_err("setup_network", retval, 
-               "adm_network: Cannot bind server socket.");
-       return(1);
-    }
-
-    return(0);
-}
diff --git a/src/kadmin/server/adm_parse.c b/src/kadmin/server/adm_parse.c
deleted file mode 100644 (file)
index 305807b..0000000
+++ /dev/null
@@ -1,262 +0,0 @@
-#ifdef SANDIA
-/*
- * kadmin/server/adm_parse.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * Sandia National Laboratories also makes no representations about the
- * suitability of the modifications, or additions to this software for
- * any purpose.  It is provided "as is" without express or implied warranty.
- *
- * Edit a KDC database.
- */
-#include <syslog.h>
-#include <stdio.h>
-
-#if defined (unicos61) || (defined(mips) && defined(SYSTYPE_BSD43)) || defined(sysvimp)
-#include <time.h>
-#else
-#include <sys/time.h>
-#endif  /* unicos61 */
-#if defined(aux20)
-#include <time.h>
-#endif  /* aux20 */
-
-#include "k5-int.h"
-
-void
-kadmin_parse_and_set(input_string)
-char *input_string;
-{
-    extern int classification;
-    extern krb5_kvno KDB5_VERSION_NUM;
-    extern krb5_deltat KDB5_MAX_TKT_LIFE;
-    extern krb5_deltat KDB5_MAX_REN_LIFE;
-    extern krb5_timestamp KDB5_EXP_DATE;
-    extern krb5_flags NEW_ATTRIBUTES;
-
-    int num_args;
-    char parameter[40];
-    char first_token[40];
-    char second_token[40];
-    int bypass = 0;
-
-    struct tm exp_date;
-    long todays_date;
-    int year;
-    int month;
-    int mday;
-
-    first_token[0] = second_token[0] = '\0';
-    num_args = sscanf(input_string, "%s %s %s", parameter,
-                        first_token, second_token);
-
-    if (strcmp(parameter, "BYPASS") == 0) {
-        bypass++;
-        syslog(LOG_ERR,
-         "CAUTION: Classified and  Unclassified Principals will be allowed");
-       return;
-    }
-    if (strcmp(parameter, "CLASSIFICATION") == 0) {
-        if (strcmp(first_token, "CLASS") == 0) {
-            classification = 1;
-            if (bypass) classification = 0;
-       }
-       return;
-    }
-
-    if (strcmp(parameter, "VERSION_NUM") == 0) {
-        if (num_args < 2) {
-                KDB5_VERSION_NUM  = 1;
-        } else {
-                KDB5_VERSION_NUM = atoi(first_token);
-        }
-        return;
-    }    
-
-    if (strcmp(parameter, "MAX_TKT_LIFE") == 0) {
-        if (num_args < 2) {
-                KDB5_MAX_TKT_LIFE = KRB5_KDB_MAX_LIFE;
-        } else {
-            switch (second_token[0]) {
-                case 's':
-                        KDB5_MAX_TKT_LIFE = atoi(first_token);
-                        break;
-                case 'm':
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 60;
-                        break;
-                case 'h':
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 3600;
-                        break;
-                case 'd':
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 86400;
-                        break;
-                case 'w':
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 604800;
-                        break;
-                case 'M':               /* 30 days */
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 18144000;
-                        break;
-                case 'y':               /* 365 days */
-                        KDB5_MAX_TKT_LIFE = atoi(first_token) * 220752000;
-                        break;
-                case 'e':               /* eternity */
-                        KDB5_MAX_TKT_LIFE = 2145830400;
-                        break;
-                default:
-                        break;
-            }            
-        }
-        return;
-    }    
-
-    if (strcmp(parameter, "MAX_REN_LIFE") == 0) {
-        if (num_args < 2) {
-                KDB5_MAX_REN_LIFE = KRB5_KDB_MAX_RLIFE;
-        } else {
-            switch (second_token[0]) {
-                case 's':
-                        KDB5_MAX_REN_LIFE = atoi(first_token);
-                        break;
-                case 'm':
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 60;
-                        break;
-                case 'h':
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 3600;
-                        break;
-                case 'd':
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 86400;
-                        break;
-                case 'w':
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 604800;
-                        break;
-                case 'M':               /* 30 days */
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 18144000;
-                        break;
-                case 'y':               /* 365 days */
-                        KDB5_MAX_REN_LIFE = atoi(first_token) * 220752000;
-                        break;
-                case 'e':               /* eternity */
-                        KDB5_MAX_REN_LIFE = 2145830400;
-                        break;
-                default:
-                        break;
-            }
-        }
-        return;
-    }    
-    if (strcmp(parameter, "SET_EXP_DATE") == 0) {
-        (void) time(&todays_date);
-        switch (first_token[0]) {
-              case 'e':               /* eternity */
-                      KDB5_EXP_DATE = 2145830400;
-                      year = 2037;
-                      month = 12;
-                      mday = 30;
-                      sprintf(first_token, "%s", "eternity");
-                      break;
-              case 'y':               /* yesterday */
-                      KDB5_EXP_DATE = todays_date - 86400;
-                      year = 1970;
-                      month = 01;
-                      mday = 01;
-                      sprintf(first_token, "%s", "yesterday");
-                      break;
-              case '0':
-              case '1':
-              case '2':
-              case '3':
-              case '9':
-                sscanf(first_token, "%d/%d/%d", &year, &month, &mday);
-                      year = (year > 1900) ? year - 1900 : year;
-                      year = (year > 137) ? year - 100 : year;
-                      year = (year > 137) ? 137 : year;
-                      exp_date.tm_year =
-                         ((year >= 00 && year < 38) ||
-                          (year >= 70 && year <= 138)) ? year : 137;
-                      exp_date.tm_mon =
-                          (month >= 1 &&
-                           month <= 12) ? month - 1 : 0;
-                      exp_date.tm_mday =
-                          (mday >= 1 &&
-                           mday <= 31) ? mday : 1;
-                      exp_date.tm_hour = 0;
-                      exp_date.tm_min = 1;
-                      exp_date.tm_sec = 0;
-                      KDB5_EXP_DATE = convert_tm_to_sec(&exp_date);
-                      break;
-              default:
-                      KDB5_EXP_DATE = KRB5_KDB_EXPIRATION;
-                      sprintf(first_token, "%s", "Default KDB Expiration");
-                      break;
-        }
-        if (year < 1900) year += 1900;
-        if (year < 1938) year += 100;
-        return;
-    }
-    if (strcmp(parameter, "SET_PWCHG") == 0) {
-        if (num_args < 2) {
-           NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PWCHANGE;
-        } else {
-            if (first_token[0] == 'y' || first_token[0] == 'Y') {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PWCHANGE;
-            } else {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_PWCHANGE;
-                KDB5_VERSION_NUM  = 1;
-            }
-        }
-        return;
-    }    
-
-    if (strcmp(parameter, "SET_PREAUTH") == 0) {
-        if (num_args < 2) {
-           NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PRE_AUTH;
-        } else {
-            if (first_token[0] == 'y' || first_token[0] == 'Y') {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PRE_AUTH;
-            } else {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_PRE_AUTH;
-            }
-        }
-        return;
-    }    
-
-    if (strcmp(parameter, "SET_SECUREID") == 0) {
-        if (num_args < 2) {
-           NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_HW_AUTH |
-                KRB5_KDB_REQUIRES_PRE_AUTH;
-        } else {
-            if (first_token[0] == 'y' || first_token[0] == 'Y') {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_HW_AUTH |
-                        KRB5_KDB_REQUIRES_PRE_AUTH;
-            } else {
-                NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_HW_AUTH;
-            }
-        }
-        return;
-    }
-}
-#endif
diff --git a/src/kadmin/server/adm_process.c b/src/kadmin/server/adm_process.c
deleted file mode 100644 (file)
index ab9add4..0000000
+++ /dev/null
@@ -1,428 +0,0 @@
-/*
- * kadmin/server/adm_process.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
-  adm_process.c
-*/
-
-#include <sys/types.h>
-#include <syslog.h>
-#include <sys/wait.h>
-#include <stdio.h>
-#include "com_err.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#include "k5-int.h"
-#include "adm_extern.h"
-
-extern krb5_encrypt_block master_encblock;
-extern krb5_keyblock master_keyblock;
-
-static krb5_error_code
-cpw_keyproc(context, keyblock)
-    krb5_context context;
-    krb5_keyblock ** keyblock;
-{
-    krb5_error_code retval;
-    krb5_db_entry cpw_entry;
-    krb5_principal cpw_krb;
-    krb5_keyblock *realkey;
-    krb5_boolean more;
-    int nprincs = 1;
-
-    if (*keyblock == NULL) {
-       if (retval = krb5_parse_name(context, 
-                                    client_server_info.name_of_service, 
-                                    &cpw_krb)) {
-            syslog(LOG_ERR, 
-                  "cpw_keyproc %d while attempting to parse \"%s\"",
-                  client_server_info.name_of_service, retval);
-            return(retval);
-       }
-
-       if (retval = krb5_db_get_principal(context, cpw_krb, &cpw_entry, 
-                                          &nprincs, &more)) {
-            syslog(LOG_ERR, 
-                  "cpw_keyproc %d while extracting %s entry",
-                  client_server_info.name_of_service, retval);
-            return(retval);
-       }
-
-       if (!nprincs) return(0);
-
-       if ((realkey = (krb5_keyblock *) calloc (1, 
-               sizeof(krb5_keyblock))) == (krb5_keyblock * ) 0) {
-           krb5_db_free_principal(context, &cpw_entry, nprincs);
-           syslog(LOG_ERR, "cpw_keyproc: No Memory for server key");
-           close(client_server_info.client_socket);
-           return(ENOMEM);
-       }
-
-       /* Extract the real kadmin/<realm> keyblock */
-       if (retval = krb5_kdb_decrypt_key(context, 
-                               &master_encblock,
-                               &cpw_entry.key,
-                               realkey)) {
-           krb5_db_free_principal(context, &cpw_entry, nprincs);
-           free(realkey);
-           syslog(LOG_ERR, 
-                  "cpw_keyproc: Cannot extract %s from master key",
-                  client_server_info.name_of_service);
-           exit(retval);
-       }
-
-       *keyblock = realkey;
-    }
-    return(0);
-}
-
-krb5_error_code
-process_client(context, prog)
-    krb5_context context;
-    char *prog;
-{
-    krb5_error_code retval;
-
-    krb5_keyblock  * cpw_keyblock = NULL;
-
-    int on = 1;
-    krb5_db_entry server_entry;
-
-    char retbuf[512];
-
-    krb5_data final_msg;
-    char completion_msg[520];
-    kadmin_requests request_type;
-    krb5_auth_context *auth_context = NULL;
-    krb5_ticket * client_ticket = NULL;
-    krb5_replay_data replaydata;
-
-    int number_of_entries;
-    krb5_boolean more;
-    int namelen;
-
-    char *req_type = "";
-    int otype;
-
-    u_short data_len;
-    krb5_data outbuf;
-    krb5_data inbuf, msg_data;
-    extern int errno;
-    
-    krb5_timestamp adm_time;
-
-    outbuf.data = retbuf;
-    if (setsockopt(client_server_info.client_socket, 
-                       SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) {
-       syslog(LOG_ERR, "adm_process: setsockopt keepalive: %d", errno);
-    }
-
-               /* V4 kpasswd Protocol Hack */
-               /* Read Length of Data */
-    retval = krb5_net_read(context, client_server_info.client_socket,
-               (char *) &data_len, 2);
-    if (retval < 0) {
-       syslog(LOG_ERR, "kadmind error: net_read Length Failure");
-       (void) sprintf(retbuf, "kadmind error during net_read for Length\n");
-       exit(0);
-    }
-
-    if (retval = krb5_db_init(context)) {              /* Open as client */
-       syslog(LOG_ERR, "adm_process: Can't Open Database");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-/*     Get Server Credentials for Mutual Authentication and Private
- *     Messages  Note: Here client is the kadmin/<realm> server
- */
-    number_of_entries = 1;
-    if ((retval = krb5_db_get_principal(context, client_server_info.server,
-                       &server_entry,
-                       &number_of_entries,
-                       &more))) {
-       syslog(LOG_ERR, 
-               "kadmind error: krb5_db_get_principal error: %d", retval);
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    if (more) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       syslog(LOG_ERR, "kadmind error: kadmin/<realm> service not unique");
-       exit(1);
-    }
-
-    if (number_of_entries != 1) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       syslog(LOG_ERR, "kadmind error: kadmin/<realm> service UNKNOWN");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    if ((cpw_keyblock = (krb5_keyblock *) calloc (1, 
-               sizeof(krb5_keyblock))) == (krb5_keyblock *) 0) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       syslog(LOG_ERR, 
-              "kadmind error: No Memory for server key");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    /* Extract the real kadmin/<realm> keyblock */
-    if (retval = krb5_kdb_decrypt_key(context, 
-                                     &master_encblock,
-                                     &server_entry.key,
-                                     cpw_keyblock)) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       free(cpw_keyblock);
-       syslog(LOG_ERR,  
-              "kadmind error: Cannot extract kadmin/<realm> from master key");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-/*
- *     To verify authenticity, we need to know the address of the
- *     client.
- */
-
-    namelen = sizeof(client_server_info.client_addr);
-    if (getpeername(client_server_info.client_socket, 
-                       (struct sockaddr *) &client_server_info.client_addr, 
-                       &namelen) < 0) {
-       syslog(LOG_ERR,  "kadmind error: Unable to Obtain Client Name.");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-                       /* we use mutual authentication */
-    client_server_info.client_addr.addrtype = 
-               client_server_info.client_name.sin_family;
-    client_server_info.client_addr.length = SIZEOF_INADDR;
-    client_server_info.client_addr.contents = 
-               (krb5_octet *) &client_server_info.client_name.sin_addr;
-
-    client_server_info.server_addr.addrtype = 
-               client_server_info.server_name.sin_family;
-    client_server_info.server_addr.length = SIZEOF_INADDR;
-    client_server_info.server_addr.contents = 
-               (krb5_octet *) &client_server_info.server_name.sin_addr;
-
-    krb5_init_ets(context);
-
-    syslog(LOG_AUTH | LOG_INFO,
-       "Request for Administrative Service Received from %s - Authenticating.",
-       inet_ntoa( client_server_info.client_name.sin_addr ));
-
-    cpw_keyproc(context, &cpw_keyblock);
-       
-    if (krb5_auth_con_init(context, &auth_context))
-        exit(1);
-
-    krb5_auth_con_setflags(context,auth_context,KRB5_AUTH_CONTEXT_RET_SEQUENCE);
-    krb5_auth_con_setaddrs(context, auth_context, 
-                          &client_server_info.server_addr,
-                          &client_server_info.client_addr); 
-    if (krb5_auth_con_setuseruserkey(context, auth_context, cpw_keyblock))
-        exit(1);
-
-    if ((retval = krb5_recvauth(context, &auth_context,
-               (krb5_pointer) &client_server_info.client_socket,
-               ADM5_CPW_VERSION,
-               client_server_info.server,
-               NULL,
-               0,
-               NULL,
-               &client_ticket
-               ))) {
-       syslog(LOG_ERR, "kadmind error: %s during recvauth\n", 
-                       error_message(retval));
-       (void) sprintf(retbuf, "kadmind error during recvauth: %s\n", 
-                       error_message(retval));
-       krb5_free_keyblock(context, cpw_keyblock);
-       goto finish;
-    }
-    krb5_free_keyblock(context, cpw_keyblock);
-
-    if (retval = krb5_copy_principal(context, client_ticket->enc_part2->client,
-                                    &client_server_info.client))
-       goto finish;
-                                    
-    /* Check if ticket was issued using password (and not tgt)
-     * within the last 5 minutes
-     */
-       
-    if (!(client_ticket->enc_part2->flags & TKT_FLG_INITIAL)) {
-       syslog(LOG_ERR, "Client ticket not initial");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    if (retval = krb5_timeofday(context, &adm_time)) {
-       syslog(LOG_ERR, "Can't get time of day");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-       
-    if ((adm_time - client_ticket->enc_part2->times.authtime) > 60*5) {
-       syslog(LOG_ERR, "Client ticket not recent");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    if ((client_server_info.name_of_client =
-        (char *) calloc (1, 3 * 255)) == (char *) 0) {
-       syslog(LOG_ERR, "kadmind error: No Memory for name_of_client");
-       close(client_server_info.client_socket);
-       exit(0);
-    }
-
-    if ((retval = krb5_unparse_name(context, client_server_info.client, 
-                                   &client_server_info.name_of_client))) {
-       syslog(LOG_ERR, "kadmind error: unparse failed.", 
-              error_message(retval));
-       goto finish;
-    }
-
-    syslog(LOG_AUTH | LOG_INFO,
-          "Request for Administrative Service Received from %s at %s.",
-          client_server_info.name_of_client,
-          inet_ntoa( client_server_info.client_name.sin_addr ));
-       
-    /* compose the reply */
-    outbuf.data[0] = KADMIND;
-    outbuf.data[1] = KADMSAG;
-    outbuf.length = 2;
-
-               /* write back the response */
-    if ((retval = krb5_write_message(context, &client_server_info.client_socket,
-                                       &outbuf))){
-       syslog(LOG_ERR, "kadmind error: Write Message Failure: %s",
-                       error_message(retval));
-       retval = 1;
-       goto finish;
-    }
-
-       /* Ok Now let's get the first private message and respond */
-    if (retval = krb5_read_message(context, &client_server_info.client_socket,
-                                        &inbuf)){
-       syslog(LOG_ERR, "kadmind error: read First Message Failure: %s",
-               error_message(retval));
-       retval = 1;
-       goto finish;
-    }
-
-    if ((retval = krb5_rd_priv(context, auth_context, &inbuf, 
-                              &msg_data, &replaydata))) {
-       free(inbuf.data);
-       syslog(LOG_ERR, "kadmind error: rd_priv:%s\n", error_message(retval));
-       goto finish;
-    }
-    free(inbuf.data);
-
-    request_type.appl_code = msg_data.data[0];
-    request_type.oper_code = msg_data.data[1];
-
-    free(msg_data.data);
-
-    switch (request_type.appl_code) {
-       case KPASSWD:
-           req_type = "kpasswd";
-           if (retval = adm5_kpasswd(context, auth_context, "process_client",
-                                     &request_type, retbuf, &otype)) {
-               goto finish;
-           }
-           break;
-
-       case KADMIN:
-           req_type = "kadmin";
-           if (retval = adm5_kadmin(context, auth_context, "process_client", 
-                                    retbuf, &otype)) {
-               goto finish;
-           }
-           retbuf[0] = KADMIN;
-           retbuf[2] = KADMGOOD;
-           retbuf[3] = '\0';
-           otype = 0;
-           break;
-
-           
-       default:
-           retbuf[0] = KUNKNOWNAPPL;
-           retbuf[1] = '\0';
-           sprintf(completion_msg, "%s from %s (%02x) FAILED", 
-                       "Unknown Application Type!", 
-                       inet_ntoa(client_server_info.client_name.sin_addr),
-                   request_type.appl_code);
-               /* Service Not Supported */
-           retval = 255;
-           syslog(LOG_AUTH | LOG_INFO, completion_msg);
-           goto finish;
-    }                          /* switch(request_type.appl_code) */
-
-    if ((final_msg.data = (char *) calloc(1,10)) == (char *) 0) {
-       syslog(LOG_ERR | LOG_INFO, "no Memory while allocating final_msg.data");
-       return ENOMEM;
-    }
-    final_msg.data = retbuf;
-    final_msg.length = strlen(retbuf) + 1;
-
-       /* Send Completion Message */
-    if (retval = krb5_mk_priv(context, auth_context, &final_msg,
-                              &msg_data, &replaydata)) {
-       syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv");
-       goto finish;
-    }
-    
-        /* Send Final Reply to Client */
-    if (retval = krb5_write_message(context, &client_server_info.client_socket,
-                                       &msg_data)){
-       free(msg_data.data);
-       syslog(LOG_ERR, "Error Performing Final Write: %s",
-                       error_message(retval));
-       retval = 1;
-       goto finish;
-    }
-    free(msg_data.data);
-
-finish:
-
-    if (retval) {
-       free (client_server_info.name_of_client);
-       close(client_server_info.client_socket);
-       exit(1);
-    }
-    sprintf(completion_msg,
-        "%s %s for %s at %s - Completed Successfully",
-       req_type,
-       oper_type[otype],
-        client_server_info.name_of_client, 
-        inet_ntoa( client_server_info.client_name.sin_addr )); 
-    syslog(LOG_AUTH | LOG_INFO, completion_msg);
-    free (client_server_info.name_of_client);
-    close(client_server_info.client_socket);
-    return 0;
-}
diff --git a/src/kadmin/server/adm_server.c b/src/kadmin/server/adm_server.c
deleted file mode 100644 (file)
index 0b49051..0000000
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- * kadmin/server/adm_server.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Top-level loop of the Kerberos Version 5 Administration server
- */
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-
-/*
-  adm_server.c
-  this holds the main loop and initialization and cleanup code for the server
-*/
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <syslog.h>
-#include <string.h>
-#include "com_err.h"
-
-#include <signal.h>
-#ifndef sigmask
-#define sigmask(m)    (1 <<((m)-1))
-#endif
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-#ifndef __STDC__
-#include <varargs.h>
-#endif
-
-#include "k5-int.h"
-#include "adm_extern.h"
-
-char prog[32];
-char *progname = prog;
-char *acl_file_name = DEFAULT_ADMIN_ACL;
-char *adm5_ver_str = ADM5_VERSTR;
-int  adm5_ver_len;
-
-char *adm5_tcp_portname = ADM5_PORTNAME;
-int adm5_tcp_port_fd = -1;
-unsigned pidarraysize = 0;
-int *pidarray = (int *) 0;
-
-int exit_now = 0;
-
-global_client_server_info client_server_info;
-
-#ifdef SANDIA
-int classification;             /* default = Unclassified */
-#endif
-
-krb5_db_entry master_entry;
-
-krb5_flags NEW_ATTRIBUTES;
-
-cleanexit(context, val)
-    krb5_context context;
-    int        val;
-{
-    (void) krb5_db_fini(context);
-    exit(val);
-}
-
-krb5_error_code
-closedown_db(context)
-    krb5_context context;
-{
-    krb5_error_code retval;
-
-    /* clean up master key stuff */
-    retval = krb5_finish_key(context, &master_encblock);
-
-    memset((char *)&master_encblock, 0, sizeof(master_encblock));
-    memset((char *)tgs_key.contents, 0, tgs_key.length);
-
-    /* close database */
-    if (retval) {
-       (void) krb5_db_fini(context);
-       return(retval);
-    } else
-       return(krb5_db_fini(context));
-}
-void
-usage(name)
-char *name;
-{
-    fprintf(stderr, "Usage: %s\t[-a aclfile] [-d dbname] [-k masterkeytype]", 
-                       name);
-    fprintf(stderr, "\n\t[-h] [-m] [-M masterkeyname] [-r realm] [-p port]\n");
-    return;
-}
-krb5_error_code
-process_args(context, argc, argv)
-    krb5_context context;
-    int argc;
-    char **argv;
-{
-    krb5_error_code retval;
-    int c;
-    krb5_boolean manual = FALSE;
-    int keytypedone = 0;
-    char *mkey_name = 0;
-    char *local_realm;
-    krb5_enctype etype;
-    krb5_enctype kdc_etype = DEFAULT_KDC_ETYPE;
-
-#ifdef SANDIA
-    char input_string[80];
-    FILE *startup_file;
-#endif
-
-    extern char *optarg;
-
-#ifdef SANDIA
-    classification = 0;
-
-    if ((startup_file =
-        fopen(DEFAULT_KDCPARM_NAME, "r")) == (FILE *) 0) {
-        syslog(LOG_ERR, 
-               "Cannot open parameter file (%s) - Using default parameters",
-               DEFAULT_KDCPARM_NAME);
-        syslog(LOG_ERR, "Only Unclassified Principals will be allowed");
-    } else {
-        for ( ;; ) {
-            if ((fgets(input_string, sizeof(input_string), startup_file)) == NULL)
-                break;
-            kadmin_parse_and_set(input_string);
-        }
-        fclose(startup_file);
-    }
-#endif
-    while ((c = getopt(argc, argv, "hmM:a:d:k:r:De:p:")) != EOF) {
-       switch(c) {
-           case 'a':                   /* new acl directory */
-               acl_file_name = optarg;
-               break;
-
-           case 'd':
-               /* put code to deal with alt database place */
-               dbm_db_name = optarg;
-               if (retval = krb5_dbm_db_set_name(context, dbm_db_name)) {
-                       fprintf(stderr, "opening database %s: %s",
-                               dbm_db_name, error_message(retval));
-                       exit(1);
-               }
-               break;
-
-           case 'e':
-               kdc_etype = atoi(optarg);
-               break;
-               
-           case 'k':                   /* keytype for master key */
-               master_keyblock.keytype = atoi(optarg);
-               keytypedone++;
-               break;
-
-           case 'm':                   /* manual type-in of master key */
-               manual = TRUE;
-               break;
-
-           case 'M':                   /* master key name in DB */
-               mkey_name = optarg;
-               break;
-
-           case 'r':
-               realm = optarg;
-               break;
-
-           case 'D':
-               adm_debug_flag = 1;
-               break;
-
-           case 'p':
-               admin_port = htons(atoi(optarg));
-               break;
-
-           case 'h':                   /* get help on using adm_server */
-           default:
-               usage(argv[0]);
-               exit(1);                /* Failure - Exit */
-       }
-
-    }
-
-    if (!realm) {
-               /* no realm specified, use default realm */
-       if (retval = krb5_get_default_realm(context, &local_realm)) {
-               com_err(argv[0], retval,
-                       "while attempting to retrieve default realm");
-               exit(1);
-       }
-       realm = local_realm;
-    }        
-    if (!mkey_name) {
-       mkey_name = KRB5_KDB_M_NAME;
-    }
-    if (!keytypedone) {
-       master_keyblock.keytype = KEYTYPE_DES;
-    }
-    /* assemble & parse the master key name */
-    if (retval = krb5_db_setup_mkey_name(context, mkey_name, 
-                                       realm, 
-                                       (char **) 0,
-                                       &master_princ)) {
-       com_err(argv[0], retval, "while setting up master key name");
-       exit(1);
-    }
-
-    if (!valid_etype(kdc_etype)) {
-       com_err(argv[0], KRB5_PROG_ETYPE_NOSUPP,
-               "while setting up etype %d", kdc_etype);
-       exit(1);
-    }
-    krb5_use_cstype(context, &master_encblock, kdc_etype);
-    if (retval = krb5_db_fetch_mkey(context, 
-               master_princ, 
-               &master_encblock, 
-               manual,
-               FALSE,                  /* only read it once, if at all */
-               0,                      /* No salt supplied */
-               &master_keyblock)) {
-       com_err(argv[0], retval, "while fetching master key");
-       exit(1);
-    }
-
-    /* initialize random key generators */
-    for (etype = 0; etype <= krb5_max_cryptosystem; etype++) {
-       if (krb5_csarray[etype]) {
-               if (retval = (*krb5_csarray[etype]->system->
-                               init_random_key)(&master_keyblock,
-                               &krb5_csarray[etype]->random_sequence)) {
-                       com_err(argv[0], retval, 
-       "while setting up random key generator for etype %d--etype disabled", 
-                               etype);
-                       krb5_csarray[etype] = 0;
-               }
-       }
-    }
-    return(0);
-}
-
-krb5_error_code
-init_db(context, dbname, masterkeyname, masterkeyblock)
-    krb5_context context;
-    char *dbname;
-    krb5_principal masterkeyname;
-    krb5_keyblock *masterkeyblock;
-{
-    krb5_error_code retval;
-
-    krb5_db_entry server_entry;
-    krb5_boolean more;
-    int number_of_entries;
-    char tgs_name[255];
-
-    /* set db name if appropriate */
-    if (dbname && (retval = krb5_db_set_name(context, dbname)))
-        return(retval);
-
-    /* initialize database */
-    if (retval = krb5_db_init(context))
-        return(retval);
-
-    if (retval = krb5_db_verify_master_key(context, masterkeyname, 
-                                       masterkeyblock,
-                                        &master_encblock)) {
-        master_encblock.crypto_entry = 0;
-        return(retval);
-    }
-    /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(context, &master_encblock, masterkeyblock)) {
-        master_encblock.crypto_entry = 0;
-        (void) krb5_db_fini(context);
-        return(retval);
-    }
-
-/*
- * fetch the master database entry, and hold on to it.
- */
-    number_of_entries = 1;
-    if (retval = krb5_db_get_principal(context, masterkeyname, &master_entry, 
-                                      &number_of_entries, &more)) {
-       return(retval);
-    }
-    if (number_of_entries != 1) {
-       if (number_of_entries)
-           krb5_db_free_principal(context, &master_entry, number_of_entries);
-       return(KRB5_KDB_NOMASTERKEY);
-    } else if (more) {
-       krb5_db_free_principal(context, &master_entry, number_of_entries);
-       return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    }  
-
-/*
-       fetch the TGS key, and hold onto it; this is an efficiency hack 
-       the master key name here is from the master_princ global,
-       so we can safely share its substructure
- */
-    strcpy(tgs_name, KRB5_TGS_NAME);
-    strcat(tgs_name, "/");
-    strcat(tgs_name, masterkeyname->realm.data);
-    strcat(tgs_name, "@");
-    strcat(tgs_name, masterkeyname->realm.data);
-    krb5_parse_name(context, tgs_name, &tgs_server);
-
-    tgs_server->type  = KRB5_NT_SRV_INST;
-
-    number_of_entries = 1;
-    if (retval = krb5_db_get_principal(context, 
-                               tgs_server,
-                               &server_entry, 
-                               &number_of_entries,
-                               &more)) {
-       return(retval);
-    }
-
-    if (more) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       (void) krb5_finish_key(context, &master_encblock);
-       memset((char *)&master_encblock, 0, sizeof(master_encblock));
-       (void) krb5_db_fini(context);
-       return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    } else if (number_of_entries != 1) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       (void) krb5_finish_key(context, &master_encblock);
-       memset((char *)&master_encblock, 0, sizeof(master_encblock));
-       (void) krb5_db_fini(context);
-       return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
-    }
-
-/* 
-       convert server.key into a real key 
-       (it may be encrypted in the database) 
- */
-    if (retval = KDB_CONVERT_KEY_OUTOF_DB(context,&server_entry.key,&tgs_key)) {
-       krb5_db_free_principal(context, &server_entry, number_of_entries);
-       (void) krb5_finish_key(context, &master_encblock);
-       memset((char *)&master_encblock, 0, sizeof(master_encblock));
-       (void) krb5_db_fini(context);
-       return(retval);
-    }
-
-    tgs_kvno = server_entry.kvno;
-    krb5_db_free_principal(context, &server_entry, number_of_entries);
-    return(0);
-}
-krb5_sigtype
-request_exit()
-{
-    signal_requests_exit = 1;
-    return;
-}
-
-void
-setup_signal_handlers()
-{
-  krb5_sigtype     request_exit();
-
-    (void)signal(SIGINT, request_exit);
-    (void)signal(SIGHUP, request_exit);
-    (void)signal(SIGTERM, request_exit);
-    return;
-}
-static void
-kdc_com_err_proc(whoami, code, format, pvar)
-    const char *whoami;
-    long code;
-    const char *format;
-    va_list pvar;
-{
-#ifndef __STDC__
-    extern int vfprintf();
-#endif
-
-    if (whoami) {
-       fputs(whoami, stderr);
-       fputs(": ", stderr);
-    }
-
-    if (code) {
-       fputs(error_message(code), stderr);
-       fputs(" ", stderr);
-    }
-
-    if (format) {
-       vfprintf (stderr, format, pvar);
-    }
-
-    putc('\n', stderr);
-       /* should do this only on a tty in raw mode */
-    putc('\r', stderr);
-    fflush(stderr);
-
-    if (format) {
-               /* now need to frob the format a bit... */
-       if (code) {
-               char *nfmt;
-               nfmt = (char *) malloc(
-                               strlen(format)+strlen(error_message(code))+2);
-               strcpy(nfmt, error_message(code));
-               strcat(nfmt, " ");
-               strcat(nfmt, format);
-               vsyslog(LOG_ERR, nfmt, pvar);
-       } else {
-               vsyslog(LOG_ERR, format, pvar);
-       }
-    } else {
-       if (code) {
-               syslog(LOG_ERR, "%s", error_message(code));
-       }
-    }
-    return;
-}
-void
-setup_com_err(context)
-    krb5_context context;
-{
-    krb5_init_ets(context);
-
-    (void) set_com_err_hook(kdc_com_err_proc);
-    return;
-}
-
-/*
-** Main does the logical thing, it sets up the database and RPC interface,
-**  as well as handling the creation and maintenance of the syslog file...
-*/
-main(argc, argv)               /* adm_server main routine */
-int argc;
-char **argv;
-{
-    krb5_context context;
-    krb5_error_code retval;
-    int errout = 0;
-
-    adm5_ver_len = ADM5_VERSIZE;
-
-       /* Get the Name of this program (adm_server) for Error Messages */
-    if (strrchr(argv[0], '/'))
-       argv[0] = (char *)strrchr(argv[0], '/') + 1;
-
-    krb5_init_context(&context);
-    setup_com_err(context);
-
-       /* Use Syslog for Messages */
-#ifndef LOG_AUTH        /* 4.2 syslog */
-#define LOG_AUTH 0
-    openlog(argv[0], LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6);
-#else
-    openlog(argv[0], LOG_AUTH|LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6);
-#endif  /* LOG_AUTH */
-
-    process_args(context, argc, argv);           /* includes reading master key */
-
-    setup_signal_handlers();
-
-    if (retval = init_db(context, dbm_db_name, master_princ,&master_keyblock)) {
-       com_err(argv[0], retval, "while initializing database");
-       exit(1);
-    }
-
-    if (retval = setup_network(context, argv[0])) {
-       exit(1);
-    }
-
-    syslog(LOG_AUTH | LOG_INFO, "Admin Server Commencing Operation");
-
-    if (retval = adm5_listen_and_process(context, argv[0])){
-        krb5_free_principal(context, client_server_info.server);
-       com_err(argv[0], retval, "while processing network requests");
-       errout++;
-    }
-
-    free(client_server_info.name_of_service);
-    krb5_free_principal(context, client_server_info.server);
-
-    if (errout = closedown_network(argv[0])) {
-       com_err(argv[0], retval, "while shutting down network");
-       retval = retval + errout;
-    }
-
-    if (errout = closedown_db(context)) {
-       com_err(argv[0], retval, "while closing database");
-       retval = retval + errout;
-    }
-
-    syslog(LOG_AUTH | LOG_INFO, "Admin Server Shutting Down");
-
-    printf("Admin Server (kadmind) has completed operation.\n");
-
-    exit(retval);
-}
diff --git a/src/kadmin/server/adm_v4_pwd.c b/src/kadmin/server/adm_v4_pwd.c
deleted file mode 100644 (file)
index b74d923..0000000
+++ /dev/null
@@ -1,432 +0,0 @@
-
-/* 
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
- * any purpose.  It is provided "as is" without express or implied warranty.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
-#include <syslog.h>
-#include <stdio.h>
-
-#define         MAX_KTXT_LEN    1250
-#define        ANAME_SZ        40
-#define                INST_SZ         40
-#define                REALM_SZ        40
-#define                DATE_SZ         26
-
-typedef unsigned char des_cblock[8];   /* crypto-block size */
-#define C_Block des_cblock
-typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16];
-#define Key_schedule des_key_schedule
-
-int des_debug = 0;
-
-struct ktext {
-    int     length;             /* Length of the text */
-    unsigned char dat[MAX_KTXT_LEN];    /* The data itself */
-    unsigned long mbz;          /* zero to catch runaway strings */
-};
-
-typedef struct ktext *KTEXT;
-typedef struct ktext KTEXT_ST;
-
-struct auth_dat {
-    unsigned char k_flags;      /* Flags from ticket */
-    char    pname[ANAME_SZ];    /* Principal's name */
-    char    pinst[INST_SZ];     /* His Instance */
-    char    prealm[REALM_SZ];   /* His Realm */
-    unsigned long checksum;     /* Data checksum (opt) */
-    C_Block session;            /* Session Key */
-    int     life;               /* Life of ticket */
-    unsigned long time_sec;     /* Time ticket issued */
-    unsigned long address;      /* Address in ticket */
-    KTEXT_ST reply;             /* Auth reply (opt) */
-};
-
-typedef struct auth_dat AUTH_DAT;
-
-#define KADM_VERSTR    "SKADM.m1"
-#define KADM_VERSIZE strlen(KADM_VERSTR)
-
-struct msg_dat {
-    unsigned char *app_data;    /* pointer to appl data */
-    unsigned long app_length;   /* length of appl data */
-    unsigned long hash;         /* hash to lookup replay */
-    int     swap;               /* swap bytes? */
-    long    time_sec;           /* msg timestamp seconds */
-    unsigned char time_5ms;     /* msg timestamp 5ms units */
-};
-
-typedef struct msg_dat MSG_DAT;
-
-typedef struct {
-    char    name[ANAME_SZ];
-    char    instance[INST_SZ];
-    unsigned long key_low;
-    unsigned long key_high;
-    unsigned long exp_date;
-    char    exp_date_txt[DATE_SZ];
-    unsigned long mod_date;
-    char    mod_date_txt[DATE_SZ];
-    unsigned short attributes;
-    unsigned char max_life;
-    unsigned char kdc_key_ver;
-    unsigned char key_version;
-    char mod_name[ANAME_SZ];
-    char mod_instance[INST_SZ];
-    char *old;
-} V4_Principal;
-
-        /* V5 Definitions */
-#include "k5-int.h"
-#include "adm_extern.h"
-
-struct saltblock {
-    int salttype;
-    krb5_data saltdata;
-};
-
-struct cpw_keyproc_arg {
-    krb5_keyblock *key;
-};
-
-/*
-process_v4_kpasswd
-unwrap the data stored in dat, process, and return it.
- */
-process_v4_kpasswd(dat, dat_len, cpw_key)
-u_char **dat;
-int *dat_len;
-struct cpw_keyproc_arg *cpw_key;
-
-{
-    u_char *in_st;                      /* pointer into the sent packet */
-    int in_len,retc;                    /* where in packet we are, for
-                                           returns */
-    u_long r_len;                       /* length of the actual packet */
-    KTEXT_ST authent;                   /* the authenticator */
-    AUTH_DAT ad;                        /* who is this, klink */
-    u_long ncksum;                      /* checksum of encrypted data */
-    des_key_schedule sess_sched;        /* our schedule */
-    MSG_DAT msg_st;
-    u_char *retdat, *tmpdat;
-    int retval, retlen;
-    u_short dlen;
-    extern int errno;
-
-    if (strncmp(KADM_VERSTR, (char *) *dat, KADM_VERSIZE)) {
-       syslog(LOG_ERR, "process_v4_kpasswd: Bad Version String");
-        return(1);
-    }
-
-    in_len = KADM_VERSIZE;
-                       /* get the length */
-    if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) {
-       syslog(LOG_AUTH | LOG_INFO, "process_v4_kpasswd: Bad Length");
-        return(1);
-    }
-
-    in_len += retc;
-    authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long);
-    memcpy((char *) authent.dat, (char *) (*dat) + in_len, authent.length);
-    authent.mbz = 0;
-
-    if (retval = krb_set_key(cpw_key->key->contents, 0) != 0) {
-       syslog(LOG_ERR, "process_v4_kpasswd: Bad set_key Request");
-        return(1);
-    }
-
-    /* service key should be set before here */
-    if (retc = krb4_rd_req(&authent, 
-                          CPWNAME, 
-                          client_server_info.server->realm.data,
-                          client_server_info.client_name.sin_addr.s_addr,
-                          &ad, 
-                          (char *) 0)) {
-       syslog(LOG_AUTH | LOG_INFO, "process_v4_kpasswd: Bad Read Request");
-        return(1);
-    }
-
-#define clr_cli_secrets() \
-{ \
-       memset((char *) sess_sched, 0, sizeof(sess_sched)); \
-       memset((char *) ad.session, 0, sizeof(ad.session)); \
-}
-    in_st = *dat + *dat_len - r_len;
-    ncksum = des_quad_cksum(in_st, (u_long *) 0, (long) r_len, 0, ad.session);
-    if (ncksum!=ad.checksum) {          /* yow, are we correct yet */
-        clr_cli_secrets();
-       syslog(LOG_ERR, "process_v4_kpasswd: Invalid Checksum");
-        return(1);
-    }
-
-    des_key_sched(ad.session, sess_sched);
-
-    if (retc = (int) krb4_rd_priv(in_st, 
-                           r_len, 
-                           sess_sched, 
-                           ad.session,
-                           &client_server_info.client_name,
-                           &client_server_info.server_name,
-                           &msg_st)) {
-       syslog(LOG_ERR, "process_v4_kpasswd: Bad Read Private Code = %d",
-               retc);
-        clr_cli_secrets();
-        return(1);
-    }
-
-    if (msg_st.app_data[0] != 2) { /* Only Valid Request is CHANGE_PW = 2 */
-       syslog(LOG_ERR, "process_v4_kpasswd: Invalid V4 Request");
-        clr_cli_secrets();
-        return(1);
-    }
-
-    retval = adm_v4_cpw(msg_st.app_data+1,
-                   (int) msg_st.app_length,
-                   &ad,
-                   &retdat, 
-                   &retlen);
-
-    if (retval) {
-       syslog(LOG_ERR, 
-               "process_v4_kpasswd: Password Modification for %s%s%s Failed",
-               ad.pname, (ad.pinst[0] != '\0') ? "/" : "",
-               (ad.pinst[0] != '\0') ? ad.pinst : "");
-    } else {
-       syslog(LOG_ERR, 
-               "process_v4_kpasswd: Password Modification for %s%s%s Complete",
-               ad.pname, (ad.pinst[0] != '\0') ? "/" : "",
-               (ad.pinst[0] != '\0') ? ad.pinst : "");
-    }
-
-    /* Now seal the response back into a priv msg */
-    free((char *)*dat);
-    tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE +
-                                          sizeof(u_long)));
-
-    (void) strncpy((char *) tmpdat, KADM_VERSTR, KADM_VERSIZE);
-
-    retval = htonl((u_long) retval);
-
-    memcpy((char *) tmpdat + KADM_VERSIZE, (char *) &retval, sizeof(u_long));
-
-    if (retlen) {
-        memcpy((char *) tmpdat + KADM_VERSIZE + sizeof(u_long),
-              (char *) retdat, retlen);
-        free((char *) retdat);
-    }
-
-    /* slop for mk_priv stuff */
-    *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE +
-                                         sizeof(u_long) + 200));
-
-    if ((*dat_len = krb4_mk_priv(tmpdat, *dat,
-                                (u_long) (retlen + KADM_VERSIZE +
-                                          sizeof(u_long)),
-                                sess_sched,
-                                ad.session, 
-                               &client_server_info.server_name,
-                                &client_server_info.client_name)) < 0) {
-        clr_cli_secrets();
-       syslog(LOG_ERR, "process_v4_kpasswd: Bad mk_priv");
-        return(1);
-    }
-
-    dlen = (u_short) *dat_len;
-
-    dlen = htons(dlen);
-
-    if (krb5_net_write(context, client_server_info.client_socket, 
-                       (char *) &dlen, 2) < 0) {
-       syslog(LOG_ERR, "process_v4_kpasswd: Error writing dlen to client");
-       (void) close(client_server_info.client_socket);
-    }
-    
-    if (krb5_net_write(context, client_server_info.client_socket, 
-                       (char *) *dat, *dat_len) < 0) {
-       syslog(LOG_ERR, "writing to client: %s",error_message(errno));
-       (void) close(client_server_info.client_socket);
-    }
-
-    free((char *) *dat);
-    clr_cli_secrets();
-    return(0);
-}
-
-krb5_kvno
-princ_exists(context, principal, entry)
-    krb5_context context;
-    krb5_principal principal;
-    krb5_db_entry *entry;
-{
-    int nprincs = 1;
-    krb5_boolean more;
-    krb5_error_code retval;
-    krb5_kvno vno;
-
-    nprincs = 1;
-    if (retval = krb5_db_get_principal(context, principal, entry, 
-                                      &nprincs, &more)) {
-        return 0;
-    }
-
-    if (!nprincs)
-            return 0;
-
-    return(nprincs);
-}
-
-/*
-adm_v4_cpw - the server side of the change_password routine
-  recieves    : KTEXT, {key}
-  returns     : CKSUM, RETCODE
-  acl         : caller can change only own password
-
-Replaces the password (i.e. des key) of the caller with that specified in key.
-Returns no actual data from the master server, since this is called by a user
-*/
-int
-adm_v4_cpw(dat, len, ad, datout, outlen)
-u_char *dat;
-int len;
-AUTH_DAT *ad;
-u_char **datout;
-int *outlen;
-{
-    krb5_db_entry entry;
-    krb5_keyblock *v5_keyblock;
-
-    int number_of_principals;
-    krb5_error_code retval;
-    int one = 1;
-    char v5_principal[255];
-
-    C_Block  v4_clear_key;
-    unsigned long keylow, keyhigh;
-    int stvlen;
-       /* Identify the Customer */
-    (void) sprintf(v5_principal, "%s%s%s\0", ad->pname, 
-               (ad->pinst[0] != '\0') ? "/" : "", 
-               (ad->pinst[0] != '\0') ? ad->pinst : "");
-
-    /* take key off the stream, and change the database */
-    if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) {
-       syslog(LOG_ERR, "adm_v4_cpw - (keyhigh) Length Error for stv_long");
-        return(1);
-    }
-    if (stv_long(dat, &keylow, stvlen, len) < 0) {
-       syslog(LOG_ERR, "adm_v4_cpw - (keylow) Length Error for stv_long");
-        return(1);
-    }
-    keylow = ntohl(keylow);
-    keyhigh = ntohl(keyhigh);
-
-                        /* Convert V4 Key to V5 Key */
-    (void) memcpy(v4_clear_key, (char *) &keylow, 4);
-    (void) memcpy(((long *) v4_clear_key) + 1, (char *) &keyhigh, 4);
-
-                        /* Zero Next Output Entry */
-    memset((char *) &entry, 0, sizeof(entry));
-
-    if (retval = krb5_parse_name(context, v5_principal, &entry.principal)) {
-        syslog(LOG_ERR, "adm_v4_cpw - Error parsing %s",
-                v5_principal);
-        return(1);
-    }
-
-   if (!(number_of_principals = princ_exists(entry.principal, &entry))) {
-        syslog(LOG_ERR, "adm_v4_cpw - principal %s is NOT in the database",
-                v5_principal);
-        return(1);
-    }
-
-                /* Allocate v5_keyblock and fill some fields */
-    if (!(v5_keyblock = (krb5_keyblock *) calloc (1,
-                sizeof(krb5_keyblock)))) {
-        syslog(LOG_ERR, "adm_v4_cpw - Error Allocating krb5_keyblock");
-        return(1);
-    }  
-    v5_keyblock->keytype = KEYTYPE_DES;
-    v5_keyblock->length = 8;
-    if (!(v5_keyblock->contents = (krb5_octet *) calloc (1,
-                8))) {
-        syslog(LOG_ERR, 
-               "adm_v4_cpw - Error Allocating krb5_keyblock->contents\n");
-        free(v5_keyblock);
-        return(1);
-    }
-    memcpy(v5_keyblock->contents, v4_clear_key, 8);
-
-    if (retval = krb5_kdb_encrypt_key(context, &master_encblock,
-                                  v5_keyblock,
-                                  &entry.key)) {
-       syslog(LOG_ERR, 
-               "adm_v4_cpw - Error %d while encrypting key for '%s'\n", retval,
-                        v5_principal);
-       return(1);
-    }
-    entry.alt_key.length = 0;
-
-               /* Increment Version Number */
-    entry.kvno = entry.kvno + 1;
-#ifdef SANDIA
-    entry.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-#endif
-    if (retval = krb5_timeofday(context, &entry.mod_date)) {
-        syslog(LOG_ERR, "adm_v4_cpw - Error while fetching date");
-        return(1);
-    }
-#ifdef SANDIA
-    entry.last_pwd_change = entry.mod_date;
-#endif
-    entry.mod_name = entry.principal; /* Should be Person who did Action */
-
-        /* Write the Modified Principal to the V5 Database */
-    if (retval = krb5_db_put_principal(context, &entry, &one)) {
-        syslog(LOG_ERR, 
-               "adm_v4_cpw - Error %d while Entering Principal for '%s'", 
-               retval, v5_principal);
-        return(1);
-    }
-
-    *datout = 0;
-    *outlen = 0;
-    return(0);
-}
-
-stv_long(st, dat, loc, maxlen)
-u_char *st;                     /* a base pointer to the stream */
-u_long *dat;                    /* the attributes field */
-int loc;                        /* offset into the stream for current data */
-int maxlen;                     /* maximum length of st */
-{
-    u_long temp = 0;            /* to hold the net order short */
-
-#if (SIZEOF_LONG == 4)
-    if (loc + 4 > maxlen)
-       return(-1);
-    (void) memcpy((char *) &temp + 4, (char *) ((u_long)st + (u_long)loc), 4);
-    *dat = ntohl(temp);         /* convert to network order */
-    return(4);
-#else
-    if (loc + sizeof(u_long) > maxlen)
-       return(-1);
-    (void) memcpy((char *) &temp, (char *) ((u_long)st + (u_long)loc), 
-               sizeof(u_long));
-    *dat = ntohl(temp);         /* convert to network order */
-    return(sizeof(u_long));
-#endif
-}
diff --git a/src/kadmin/server/admin_acl_file b/src/kadmin/server/admin_acl_file
deleted file mode 100644 (file)
index 77bddcc..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-#      Administrator Access Control List
-#      Format:
-#      Name    Privileges      Comments
-#      Where Privileges is a string containing one or more of
-#              "a"             Add New Principals
-#              "c"             Change Passwords
-#              "d"             Delete Current Principals
-#              "i"             Inquire About Existing Principals
-#              "m"             Modify Existing Principals
-#              "*"             All Privileges
-#jqsample/admin@realm  *
-#tomjones/admin@realm  acim    # Note - May Not Delete
diff --git a/src/kadmin/server/kadmind.M b/src/kadmin/server/kadmind.M
deleted file mode 100644 (file)
index f4e6258..0000000
+++ /dev/null
@@ -1 +0,0 @@
-.\" this should not be empty