renamed acl_* functions to kadm5int_acl_*
authorAlexandra Ellwood <lxs@mit.edu>
Fri, 20 Aug 2004 18:45:30 +0000 (18:45 +0000)
committerAlexandra Ellwood <lxs@mit.edu>
Fri, 20 Aug 2004 18:45:30 +0000 (18:45 +0000)
ticket: 2674

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16673 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/server/ChangeLog
src/kadmin/server/ovsec_kadmd.c
src/kadmin/server/server_stubs.c
src/lib/kadm5/srv/ChangeLog
src/lib/kadm5/srv/server_acl.c
src/lib/kadm5/srv/server_acl.h

index 69faee85c2497ad90a0b03a0624f5d8d6819d410..5b5464565614adef75eea55e25201a2939727bf1 100644 (file)
@@ -1,3 +1,8 @@
+2004-08-20  Alexandra Ellwood <lxs@mit.edu>
+
+        * ovsec_kadmd.c (main), server_stubs.c (*): 
+        renamed acl_* functions to kadm5int_acl_*
+
 2004-06-26  Tom Yu  <tlyu@mit.edu>
 
        * ovsec_kadmd.c (log_badverf): Fix a missed rpc_u_int32.
index e4ae5377a7549cc0405fb64ea5560ccc408b10ea..a880360e3458a7c40553202226ecf8f6dcf5e9a1 100644 (file)
@@ -580,7 +580,7 @@ kterr:
         exit(1);
      }
 
-     if ((ret = acl_init(context, 0, params.acl_file))) {
+     if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) {
          krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s",
                 error_message(ret));
          fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
@@ -611,7 +611,7 @@ kterr:
      svcauth_gssapi_unset_names();
      kadm5_destroy(global_server_handle);
      close(s);
-     acl_finish(context, 0);
+     kadm5int_acl_finish(context, 0);
      if(gss_changepw_name) {
           (void) gss_release_name(&OMret, &gss_changepw_name);
      }
index 62e5daac725a74dd286ef0fa4c0cb2f1c52dd548..579498fc179df40feecfae7d79c429c4ae70e887 100644 (file)
@@ -269,9 +269,9 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-       || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
+       || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
                      arg->rec.principal, &rp)
-       || acl_impose_restrictions(handle->context,
+       || kadm5int_acl_impose_restrictions(handle->context,
                                   &arg->rec, &arg->mask, rp)) {
         ret.code = KADM5_AUTH_ADD;
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
@@ -326,9 +326,9 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-       || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
+       || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
                      arg->rec.principal, &rp)
-       || acl_impose_restrictions(handle->context,
+       || kadm5int_acl_impose_restrictions(handle->context,
                                   &arg->rec, &arg->mask, rp)) {
         ret.code = KADM5_AUTH_ADD;
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
@@ -385,7 +385,7 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
     }
     
     if (CHANGEPW_SERVICE(rqstp)
-       || !acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
+       || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
                      arg->princ, NULL)) {
         ret.code = KADM5_AUTH_DELETE;
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
@@ -436,9 +436,9 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-       || !acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
+       || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
                      arg->rec.principal, &rp)
-       || acl_impose_restrictions(handle->context,
+       || kadm5int_acl_impose_restrictions(handle->context,
                                   &arg->rec, &arg->mask, rp)) {
         ret.code = KADM5_AUTH_MODIFY;
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal",
@@ -496,11 +496,11 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
 
     ret.code = KADM5_OK;
     if (! CHANGEPW_SERVICE(rqstp)) {
-        if (!acl_check(handle->context, rqst2name(rqstp),
+        if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
                        ACL_DELETE, arg->src, NULL))
              ret.code = KADM5_AUTH_DELETE;
         /* any restrictions at all on the ADD kills the RENAME */
-        if (!acl_check(handle->context, rqst2name(rqstp),
+        if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
                        ACL_ADD, arg->dest, &rp) || rp) {
              if (ret.code == KADM5_AUTH_DELETE)
                   ret.code = KADM5_AUTH_INSUFFICIENT;
@@ -566,7 +566,7 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
     }
 
     if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) &&
-       (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+       (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                               rqst2name(rqstp),
                                               ACL_INQUIRE,
                                               arg->princ,
@@ -632,7 +632,7 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
     if (prime_arg == NULL)
         prime_arg = "*";
 
-    if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+    if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_LIST,
                                              NULL,
@@ -692,7 +692,7 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
         ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
                                               FALSE, 0, NULL, arg->pass);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_CHANGEPW, arg->princ, NULL)) {
         ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
                                                arg->pass);
@@ -756,7 +756,7 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
                                               arg->ks_tuple,
                                               arg->pass);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_CHANGEPW, arg->princ, NULL)) {
         ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ,
                                             arg->keepold,
@@ -817,7 +817,7 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_SETKEY, arg->princ, NULL)) {
         ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
                                             arg->keyblock);
@@ -875,7 +875,7 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_SETKEY, arg->princ, NULL)) {
         ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
                                           arg->keyblocks, arg->n_keys);
@@ -933,7 +933,7 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_SETKEY, arg->princ, NULL)) {
         ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ,
                                             arg->keepold,
@@ -1003,7 +1003,7 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
         ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
                                                FALSE, 0, NULL, &k, &nkeys);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_CHANGEPW, arg->princ, NULL)) {
         ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
                                            &k, &nkeys);
@@ -1082,7 +1082,7 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
                                                arg->ks_tuple,
                                                &k, &nkeys);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-              acl_check(handle->context, rqst2name(rqstp),
+              kadm5int_acl_check(handle->context, rqst2name(rqstp),
                         ACL_CHANGEPW, arg->princ, NULL)) {
         ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ,
                                              arg->keepold,
@@ -1148,7 +1148,7 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
     }
     prime_arg = arg->rec.policy;
 
-    if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+    if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_ADD, NULL, NULL)) {
         ret.code = KADM5_AUTH_ADD;
@@ -1199,7 +1199,7 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
     }
     prime_arg = arg->name;
     
-    if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+    if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_DELETE, NULL, NULL)) {
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
@@ -1248,7 +1248,7 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
     }
     prime_arg = arg->rec.policy;
 
-    if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+    if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_MODIFY, NULL, NULL)) {
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
@@ -1305,7 +1305,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
     prime_arg = arg->name;
 
     ret.code = KADM5_AUTH_GET;
-    if (!CHANGEPW_SERVICE(rqstp) && acl_check(handle->context,
+    if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_INQUIRE, NULL, NULL))
         ret.code = KADM5_OK;
@@ -1384,7 +1384,7 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
     if (prime_arg == NULL)
         prime_arg = "*";
 
-    if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context,
+    if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
                                              rqst2name(rqstp),
                                              ACL_LIST, NULL, NULL)) {
         ret.code = KADM5_AUTH_LIST;
index fb47623b3be5c5bcc7d260312e95925052fc1869..d0d9c368464e9b4befd6f734aa7d264985947d0f 100644 (file)
@@ -1,3 +1,7 @@
+2004-08-20  Alexandra Ellwood <lxs@mit.edu>
+
+        * server_acl.[ch]: renamed acl_* functions to kadm5int_acl_*
+
 2004-06-16  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (clean-mac): Target deleted.
index b2ebaaa3647553a7244d63bfe533585de265caa1..fa63027f7cbfacba975385d3058ab7db1c842d34 100644 (file)
@@ -1,7 +1,7 @@
 /*
- * kadmin/v5server/srv_acl.c
+ * lib/kadm5/srv/server_acl.c
  *
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995-2004 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -97,11 +97,11 @@ static const char *acl_cantopen_msg = "%s while opening ACL file %s";
 
 \f
 /*
- * acl_get_line()      - Get a line from the ACL file.
+ * kadm5int_acl_get_line() - Get a line from the ACL file.
  *                     Lines ending with \ are continued on the next line
  */
 static char *
-acl_get_line(fp, lnp)
+kadm5int_acl_get_line(fp, lnp)
     FILE       *fp;
     int                *lnp;           /* caller should set to 1 before first call */
 {
@@ -158,10 +158,10 @@ acl_get_line(fp, lnp)
 }
 \f
 /*
- * acl_parse_line()    - Parse the contents of an ACL line.
+ * kadm5int_acl_parse_line() - Parse the contents of an ACL line.
  */
 static aent_t *
-acl_parse_line(lp)
+kadm5int_acl_parse_line(lp)
     const char *lp;
 {
     static char acle_principal[BUFSIZ];
@@ -173,7 +173,7 @@ acl_parse_line(lp)
     int                t, found, opok, nmatch;
 
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_parse_line(line=%20s)\n", lp));
+          ("* kadm5int_acl_parse_line(line=%20s)\n", lp));
     /*
      * Format is still simple:
      *  entry ::= [<whitespace>] <principal> <whitespace> <opstring>
@@ -253,12 +253,12 @@ acl_parse_line(lp)
        }
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_parse_line() = %x\n", (long) acle));
+          ("X kadm5int_acl_parse_line() = %x\n", (long) acle));
     return(acle);
 }
 \f
 /*
- * acl_parse_restrictions()    - Parse optional restrictions field
+ * kadm5int_acl_parse_restrictions() - Parse optional restrictions field
  *
  * Allowed restrictions are:
  *     [+-]flagname            (recognized by krb5_string_to_flags)
@@ -272,7 +272,7 @@ acl_parse_line(lp)
  * Returns: 0 on success, or system errors
  */
 static krb5_error_code
-acl_parse_restrictions(s, rpp)
+kadm5int_acl_parse_restrictions(s, rpp)
     char               *s;
     restriction_t      **rpp;
 {
@@ -283,7 +283,7 @@ acl_parse_restrictions(s, rpp)
     krb5_error_code    code;
 
    DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
+          ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
 
     *rpp = (restriction_t *) NULL;
     code = 0;
@@ -355,19 +355,19 @@ acl_parse_restrictions(s, rpp)
        *rpp = (restriction_t *) NULL;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_parse_restrictions() = %d, mask=0x%08x\n",
+          ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n",
            code, (*rpp) ? (*rpp)->mask : 0));
     return code;
 }
 \f
 /*
- * acl_impose_restrictions()   - impose restrictions, modifying *recp, *maskp
+ * kadm5int_acl_impose_restrictions()  - impose restrictions, modifying *recp, *maskp
  *
  * Returns: 0 on success;
  *         malloc or timeofday errors
  */
 krb5_error_code
-acl_impose_restrictions(kcontext, recp, maskp, rp)
+kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp)
      krb5_context              kcontext;
      kadm5_principal_ent_rec   *recp;
      long                      *maskp;
@@ -377,7 +377,7 @@ acl_impose_restrictions(kcontext, recp, maskp, rp)
     krb5_int32         now;
 
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
+          ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
            *maskp, (long)rp));
     if (!rp)
        return 0;
@@ -430,20 +430,20 @@ acl_impose_restrictions(kcontext, recp, maskp, rp)
        *maskp |= KADM5_MAX_RLIFE;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
+          ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
     return 0;
 }
 \f
 /*
- * acl_free_entries()  - Free all ACL entries.
+ * kadm5int_acl_free_entries() - Free all ACL entries.
  */
 static void
-acl_free_entries()
+kadm5int_acl_free_entries()
 {
     aent_t     *ap;
     aent_t     *np;
 
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_free_entries()\n"));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n"));
     for (ap=acl_list_head; ap; ap = np) {
        if (ap->ae_name)
            free(ap->ae_name);
@@ -465,14 +465,14 @@ acl_free_entries()
     }
     acl_list_head = acl_list_tail = (aent_t *) NULL;
     acl_inited = 0;
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_free_entries()\n"));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_free_entries()\n"));
 }
 \f
 /*
- * acl_load_acl_file() - Open and parse the ACL file.
+ * kadm5int_acl_load_acl_file()        - Open and parse the ACL file.
  */
 static int
-acl_load_acl_file()
+kadm5int_acl_load_acl_file()
 {
     FILE       *afp;
     char       *alinep;
@@ -480,7 +480,7 @@ acl_load_acl_file()
     int                alineno;
     int                retval = 1;
 
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n"));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n"));
     /* Open the ACL file for read */
     afp = fopen(acl_acl_file, "r");
     if (afp) {
@@ -488,9 +488,9 @@ acl_load_acl_file()
        aentpp = &acl_list_head;
 
        /* Get a non-comment line */
-       while ((alinep = acl_get_line(afp, &alineno))) {
+       while ((alinep = kadm5int_acl_get_line(afp, &alineno))) {
            /* Parse it */
-           *aentpp = acl_parse_line(alinep);
+           *aentpp = kadm5int_acl_parse_line(alinep);
            /* If syntax error, then fall out */
            if (!*aentpp) {
                krb5_klog_syslog(LOG_ERR, acl_syn_err_msg,
@@ -505,7 +505,7 @@ acl_load_acl_file()
        fclose(afp);
 
        if (acl_catchall_entry) {
-            *aentpp = acl_parse_line(acl_catchall_entry);
+            *aentpp = kadm5int_acl_parse_line(acl_catchall_entry);
             if (*aentpp) {
                  acl_list_tail = *aentpp;
             }
@@ -521,7 +521,7 @@ acl_load_acl_file()
        krb5_klog_syslog(LOG_ERR, acl_cantopen_msg,
                         error_message(errno), acl_acl_file);
        if (acl_catchall_entry &&
-           (acl_list_head = acl_parse_line(acl_catchall_entry))) {
+           (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) {
            acl_list_tail = acl_list_head;
        }
        else {
@@ -533,20 +533,20 @@ acl_load_acl_file()
     }
 
     if (!retval) {
-       acl_free_entries();
+       kadm5int_acl_free_entries();
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_load_acl_file() = %d\n", retval));
+          ("X kadm5int_acl_load_acl_file() = %d\n", retval));
     return(retval);
 }
 \f
 /*
- * acl_match_data()    - See if two data entries match.
+ * kadm5int_acl_match_data()   - See if two data entries match.
  *
  * Wildcarding is only supported for a whole component.
  */
 static krb5_boolean
-acl_match_data(e1, e2, targetflag, ws)
+kadm5int_acl_match_data(e1, e2, targetflag, ws)
     krb5_data  *e1, *e2;
     int                targetflag;
     wildstate_t        *ws;
@@ -589,10 +589,10 @@ acl_match_data(e1, e2, targetflag, ws)
 }
 \f
 /*
- * acl_find_entry()    - Find a matching entry.
+ * kadm5int_acl_find_entry()   - Find a matching entry.
  */
 static aent_t *
-acl_find_entry(kcontext, principal, dest_princ)
+kadm5int_acl_find_entry(kcontext, principal, dest_princ)
     krb5_context       kcontext;
     krb5_principal     principal;
     krb5_principal     dest_princ;
@@ -603,7 +603,7 @@ acl_find_entry(kcontext, principal, dest_princ)
     int                        matchgood;
     wildstate_t                state;
 
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_find_entry()\n"));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n"));
     memset((char *)&state, 0, sizeof state);
     for (entry=acl_list_head; entry; entry = entry->ae_next) {
        if (entry->ae_name_bad)
@@ -626,12 +626,12 @@ acl_find_entry(kcontext, principal, dest_princ)
                continue;
            }
            matchgood = 0;
-           if (acl_match_data(&entry->ae_principal->realm,
+           if (kadm5int_acl_match_data(&entry->ae_principal->realm,
                               &principal->realm, 0, (wildstate_t *)0) &&
                (entry->ae_principal->length == principal->length)) {
                matchgood = 1;
                for (i=0; i<principal->length; i++) {
-                   if (!acl_match_data(&entry->ae_principal->data[i],
+                   if (!kadm5int_acl_match_data(&entry->ae_principal->data[i],
                                        &principal->data[i], 0, &state)) {
                        matchgood = 0;
                        break;
@@ -659,11 +659,11 @@ acl_find_entry(kcontext, principal, dest_princ)
            if (!dest_princ)
                matchgood = 0;
            else if (entry->ae_target_princ && dest_princ) {
-               if (acl_match_data(&entry->ae_target_princ->realm,
+               if (kadm5int_acl_match_data(&entry->ae_target_princ->realm,
                                   &dest_princ->realm, 1, (wildstate_t *)0) &&
                    (entry->ae_target_princ->length == dest_princ->length)) {
                    for (i=0; i<dest_princ->length; i++) {
-                       if (!acl_match_data(&entry->ae_target_princ->data[i],
+                       if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i],
                                            &dest_princ->data[i], 1, &state)) {
                            matchgood = 0;
                            break;
@@ -680,7 +680,7 @@ acl_find_entry(kcontext, principal, dest_princ)
        if (entry->ae_restriction_string
            && !entry->ae_restriction_bad
            && !entry->ae_restrictions
-           && acl_parse_restrictions(entry->ae_restriction_string,
+           && kadm5int_acl_parse_restrictions(entry->ae_restriction_string,
                                      &entry->ae_restrictions)) {
            DPRINT(DEBUG_ACL, acl_debug_level,
                   ("Bad restrictions in ACL entry for %s\n", entry->ae_name));
@@ -692,15 +692,15 @@ acl_find_entry(kcontext, principal, dest_princ)
        }
        break;
     }
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_find_entry()=%x\n",entry));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry));
     return(entry);
 }
 \f
 /*
- * acl_init()  - Initialize ACL context.
+ * kadm5int_acl_init() - Initialize ACL context.
  */
 krb5_error_code
-acl_init(kcontext, debug_level, acl_file)
+kadm5int_acl_init(kcontext, debug_level, acl_file)
     krb5_context       kcontext;
     int                        debug_level;
     char               *acl_file;
@@ -710,30 +710,30 @@ acl_init(kcontext, debug_level, acl_file)
     kret = 0;
     acl_debug_level = debug_level;
     DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_init(afile=%s)\n",
+          ("* kadm5int_acl_init(afile=%s)\n",
            ((acl_file) ? acl_file : "(null)")));
     acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL;
-    acl_inited = acl_load_acl_file();
+    acl_inited = kadm5int_acl_load_acl_file();
 
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_init() = %d\n", kret));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_init() = %d\n", kret));
     return(kret);
 }
 \f
 /*
- * acl_finish  - Terminate ACL context.
+ * kadm5int_acl_finish - Terminate ACL context.
  */
 void
-acl_finish(kcontext, debug_level)
+kadm5int_acl_finish(kcontext, debug_level)
     krb5_context       kcontext;
     int                        debug_level;
 {
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_finish()\n"));
-    acl_free_entries();
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_finish()\n"));
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n"));
+    kadm5int_acl_free_entries();
+    DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_finish()\n"));
 }
 \f
 /*
- * acl_check() - Is this operation permitted for this principal?
+ * kadm5int_acl_check()        - Is this operation permitted for this principal?
  *                     this code used not to be based on gssapi.  In order
  *                     to minimize porting hassles, I've put all the
  *                     gssapi hair in this function.  This might not be
@@ -741,7 +741,7 @@ acl_finish(kcontext, debug_level)
  *                     solution is, of course, a real authorization service.)
  */
 krb5_boolean
-acl_check(kcontext, caller, opmask, principal, restrictions)
+kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions)
     krb5_context       kcontext;
     gss_name_t         caller;
     krb5_int32         opmask;
@@ -772,7 +772,7 @@ acl_check(kcontext, caller, opmask, principal, restrictions)
 
     retval = 0;
 
-    aentry = acl_find_entry(kcontext, caller_princ, principal);
+    aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal);
     if (aentry) {
        if ((aentry->ae_op_allowed & opmask) == opmask) {
            retval = 1;
index 2645b682e50d60c9008bf196f2fcb8871f2f2965..3e24a63577df1ba7b016a7c6aa743897a73a4700 100644 (file)
@@ -1,7 +1,7 @@
 /*
- * kadmin/v5server/kadm5_defs.h
+ * lib/kadm5/srv/server_acl.h
  *
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995-2004 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -82,20 +82,20 @@ typedef struct _restriction {
     char               *policy;
 } restriction_t;
 
-krb5_error_code acl_init
+krb5_error_code kadm5int_acl_init
        (krb5_context,
                   int,
                   char *);
-void acl_finish
+void kadm5int_acl_finish
        (krb5_context,
                   int);
-krb5_boolean acl_check
+krb5_boolean kadm5int_acl_check
        (krb5_context,
                   gss_name_t,
                   krb5_int32,
                   krb5_principal,
                   restriction_t **);
-krb5_error_code acl_impose_restrictions
+krb5_error_code kadm5int_acl_impose_restrictions
        (krb5_context,
                   kadm5_principal_ent_rec *,
                   long *,