Add KDC profile and stash file support

author Paul Park <pjpark@mit.edu>

Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)

committer Paul Park <pjpark@mit.edu>

Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)
author Paul Park <pjpark@mit.edu>
Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)
committer Paul Park <pjpark@mit.edu>
Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)
diff --git a/src/admin/convert/ChangeLog b/src/admin/convert/ChangeLog

index 2a95d0689b705a3bec4df6df2a8fb9ffad19a393..02b81707f41f6f610c60374594f0035420e372c1 100644 (file)
--- a/src/admin/convert/ChangeLog
+++ b/src/admin/convert/ChangeLog
@@ -1,4 +1,11 @@
  
+Mon Jul 17 14:55:58 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * configure.in - Add KADM library.
+       * kdb5_convert.c - Change calling sequence to krb5_db_fetch_mkey(),
+               using the stash file.  Add KDC profile reading/handling as
+               a supplement to command line supplied arguments.
+
+
  Wed Jul 12 11:55:44 EDT 1995   Paul Park       (pjpark@mit.edu)
         * configure.in - Temporarily add --with-kdb4 option.  Default is without
                 kdb4.  Without kdb4 enables a define.  With kdb4 uses -lkdb4 and
diff --git a/src/admin/convert/configure.in b/src/admin/convert/configure.in

index e44ba56df43b2d06439001a1426cde9502e23643..444d81d74d6a0e71e02591608157e3aa17a6ca97 100644 (file)
--- a/src/admin/convert/configure.in
+++ b/src/admin/convert/configure.in
@@ -14,6 +14,7 @@ if test "$withval" = yes; then
  else
         AC_DEFINE(KDB4_DISABLE)
  fi
+USE_KADM_LIBRARY
  USE_KDB5_LIBRARY
  USE_KRB4_LIBRARY
  KRB5_LIBRARIES
diff --git a/src/admin/convert/kdb5_convert.c b/src/admin/convert/kdb5_convert.c

index b1a47cb6e98dfeab4f047eeee3c80a6cc17d7129..b4c4b8e178e5fc408c1cb480fb5ce070c7c740f2 100644 (file)
--- a/src/admin/convert/kdb5_convert.c
+++ b/src/admin/convert/kdb5_convert.c
@@ -41,6 +41,8 @@ static long master_key_version;
  
  #include "k5-int.h"
  #include "com_err.h"
+#include "adm.h"
+#include "adm_proto.h"
  #include <stdio.h>
  
  #include <netinet/in.h>                        /* ntohl */
@@ -168,6 +170,8 @@ char *argv[];
      int tempdb = 0;
      char *tempdbname;
      krb5_context context;
+    char *stash_file = (char *) NULL;
+    krb5_realm_params *rparams;
  
      krb5_enctype etype = 0xffff;
  
@@ -232,6 +236,56 @@ char *argv[];
         }
      }
  
+    /*
+     * Attempt to read the KDC profile.  If we do, then read appropriate values
+     * from it and augment values supplied on the command line.
+     */
+    if (!(retval = krb5_read_realm_params(context,
+                                         realm,
+                                         (char *) NULL,
+                                         (char *) NULL,
+                                         &rparams))) {
+       /* Get the value for the database */
+       if (rparams->realm_dbname && !dbname)
+           dbname = strdup(rparams->realm_dbname);
+
+       /* Get the value for the master key name */
+       if (rparams->realm_mkey_name && !mkey_name)
+           mkey_name = strdup(rparams->realm_mkey_name);
+
+       /* Get the value for the master key type */
+       if (rparams->realm_keytype_valid && !keytypedone) {
+           master_keyblock.keytype = rparams->realm_keytype;
+           keytypedone++;
+       }
+
+       /* Get the value for the encryption type */
+       if (rparams->realm_enctype_valid && (etype == 0xffff))
+           etype = rparams->realm_enctype;
+
+       /* Get the value for the stashfile */
+       if (rparams->realm_stash_file)
+           stash_file = strdup(rparams->realm_stash_file);
+
+       /* Get the value for maximum ticket lifetime. */
+       if (rparams->realm_max_life_valid)
+           rblock.max_life = rparams->realm_max_life;
+
+       /* Get the value for maximum renewable ticket lifetime. */
+       if (rparams->realm_max_rlife_valid)
+           rblock.max_rlife = rparams->realm_max_rlife;
+
+       /* Get the value for the default principal expiration */
+       if (rparams->realm_expiration_valid)
+           rblock.expiration = rparams->realm_expiration;
+
+       /* Get the value for the default principal flags */
+       if (rparams->realm_flags_valid)
+           rblock.flags = rparams->realm_flags;
+
+       krb5_free_realm_params(context, rparams);
+    }
+
  #if    defined(ODBM) || defined(KDB4_DISABLE)
      if (!v4dumpfile) {
         usage(PROGNAME, 1);
@@ -315,7 +369,7 @@ master key name '%s'\n",
      }
  
      if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
-                                   read_mkey, read_mkey, 0, 
+                                   read_mkey, read_mkey, stash_file, 0, 
                                     &master_keyblock)) {
         com_err(PROGNAME, retval, "while reading master key");
         exit(1);
diff --git a/src/admin/create/ChangeLog b/src/admin/create/ChangeLog

index 0ccc3886b8745f7bfc64323abdcc3e48bfcdb7de..79a305406e8d84b83a98de4d06f89ec89497501f 100644 (file)
--- a/src/admin/create/ChangeLog
+++ b/src/admin/create/ChangeLog
@@ -1,4 +1,11 @@
  
+Mon Jul 17 14:58:00 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * configure.in - Add KADM library.
+       * kdb5_create.c - Add KDC profile reading/handling as a supplement to
+               command line supplied arguments.  Change calling sequence to
+               krb5_db_fetch_mkey().
+
+
  Fri Jul 7 15:36:00 EDT 1995    Paul Park       (pjpark@mit.edu)
         * Makefile.in - Remove all explicit library handling and LDFLAGS.
         * configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES.
diff --git a/src/admin/create/configure.in b/src/admin/create/configure.in

index 7defabde6074fe090f10c84a2fd7b0414d811a8a..09e936347ae70f445e0be75d3c7f9959cd53bcab 100644 (file)
--- a/src/admin/create/configure.in
+++ b/src/admin/create/configure.in
@@ -15,6 +15,7 @@ else
  fi
  AC_SUBST(DBFLAGS)dnl
  dnl
+USE_KADM_LIBRARY
  USE_KDB5_LIBRARY
  KRB5_LIBRARIES
  V5_USE_SHARED_LIB
diff --git a/src/admin/create/kdb5_create.c b/src/admin/create/kdb5_create.c

index eaaf248a90fc3ec4e2d623490a415a01fffcda8b..07d724130e5d665d0d79822fcf1469211153625f 100644 (file)
--- a/src/admin/create/kdb5_create.c
+++ b/src/admin/create/kdb5_create.c
@@ -26,6 +26,8 @@
  
  #include "k5-int.h"
  #include "com_err.h"
+#include "adm.h"
+#include "adm_proto.h"
  #include <stdio.h>
  
  enum ap_op {
@@ -118,7 +120,7 @@ char *argv[];
      int optchar;
  
      krb5_error_code retval;
-    char *dbname = DEFAULT_KDB_FILE;
+    char *dbname = (char *) NULL;
      char *realm = 0;
      char *mkey_name = 0;
      char *mkey_fullname;
@@ -128,6 +130,7 @@ char *argv[];
      krb5_enctype etype = 0xffff;
      krb5_data scratch, pwd;
      krb5_context context;
+    krb5_realm_params *rparams;
  
      krb5_init_context(&context);
      krb5_init_ets(context);
@@ -163,6 +166,55 @@ char *argv[];
         }
      }
  
+    /*
+     * Attempt to read the KDC profile.  If we do, then read appropriate values
+     * from it and augment values supplied on the command line.
+     */
+    if (!(retval = krb5_read_realm_params(context,
+                                         realm,
+                                         (char *) NULL,
+                                         (char *) NULL,
+                                         &rparams))) {
+       /* Get the value for the database */
+       if (rparams->realm_dbname && !dbname)
+           dbname = strdup(rparams->realm_dbname);
+
+       /* Get the value for the master key name */
+       if (rparams->realm_mkey_name && !mkey_name)
+           mkey_name = strdup(rparams->realm_mkey_name);
+
+       /* Get the value for the master key type */
+       if (rparams->realm_keytype_valid && !keytypedone) {
+           master_keyblock.keytype = rparams->realm_keytype;
+           keytypedone++;
+       }
+
+       /* Get the value for the encryption type */
+       if (rparams->realm_enctype_valid && (etype == 0xffff))
+           etype = rparams->realm_enctype;
+
+       /* Get the value for maximum ticket lifetime. */
+       if (rparams->realm_max_life_valid)
+           rblock.max_life = rparams->realm_max_life;
+
+       /* Get the value for maximum renewable ticket lifetime. */
+       if (rparams->realm_max_rlife_valid)
+           rblock.max_rlife = rparams->realm_max_rlife;
+
+       /* Get the value for the default principal expiration */
+       if (rparams->realm_expiration_valid)
+           rblock.expiration = rparams->realm_expiration;
+
+       /* Get the value for the default principal flags */
+       if (rparams->realm_flags_valid)
+           rblock.flags = rparams->realm_flags;
+
+       krb5_free_realm_params(context, rparams);
+    }
+
+    if (!dbname)
+       dbname = DEFAULT_KDB_FILE;
+
      if (!keytypedone)
         master_keyblock.keytype = DEFAULT_KDC_KEYTYPE;
  
@@ -241,8 +293,10 @@ master key name '%s'\n",
         fflush(stdout);
  
         /* TRUE here means read the keyboard, and do it twice */
-       if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
-                                       TRUE, TRUE, 0, &master_keyblock)) {
+       if (retval = krb5_db_fetch_mkey(context, master_princ,
+                                       &master_encblock,
+                                       TRUE, TRUE, (char *) NULL,
+                                       0, &master_keyblock)) {
             com_err(argv[0], retval, "while reading master key");
             exit(1);
         }
diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog

index 4cfb5dd3b1061424fbb0fc02cab02cac25b3b3f7..8faff7c7b1a5afefe85a37d2846ab6ee6a6d9617 100644 (file)
--- a/src/admin/edit/ChangeLog
+++ b/src/admin/edit/ChangeLog
@@ -1,4 +1,12 @@
  
+Mon Jul 17 15:00:08 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * configure.in - Add KADM library.
+       * dumpv4.c - Change calling sequence to krb5_db_fetch_mkey().
+       * kdb5_edit.c - Change calling sequence to krb5_db_fetch_mkey() which
+               uses the stash file.  Add KDC profile reading/handling as a
+               supplement to command line supplied arguments.
+
+
  Wed Jul 12 12:01:04 EDT 1995   Paul Park       (pjpark@mit.edu)
         * configure.in - Temporarily add --with-kdb4 option.  Default is without
                 kdb4.  Without kdb4 enables a define.  With kdb4 uses -lkdb4 and
diff --git a/src/admin/edit/configure.in b/src/admin/edit/configure.in

index 10896bdf545b6d6878a7cd332da8b345a3a68ef8..208b6fba84b860071b988c52a44630f6648b84b2 100644 (file)
--- a/src/admin/edit/configure.in
+++ b/src/admin/edit/configure.in
@@ -21,6 +21,7 @@ if test "$withval" = yes; then
  else
         AC_DEFINE(KDB4_DISABLE)
  fi
+USE_KADM_LIBRARY
  USE_KDB5_LIBRARY
  USE_KRB4_LIBRARY
  USE_SS_LIBRARY
diff --git a/src/admin/edit/dumpv4.c b/src/admin/edit/dumpv4.c

index 70a6ebc7a4768f82dff4b8946c53f44e05bc7ed9..50b081f62ddbc20b7a31c7a0034d5059620ee723 100644 (file)
--- a/src/admin/edit/dumpv4.c
+++ b/src/admin/edit/dumpv4.c
@@ -322,7 +322,7 @@ int handle_keys(arg)
      master_keyblock.keytype = DEFAULT_KDC_KEYTYPE;
      if (retval = krb5_db_fetch_mkey(edit_context, master_princ, 
                                     &master_encblock, 0,
-                                   0, 0, &master_keyblock)) {
+                                   0, (char *) NULL, 0, &master_keyblock)) {
         com_err(arg->comerr_name, retval, "while reading master key");
         exit(1);
      }
diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c

index 52596c67b2703300a85eae813a0393938d51f9cf..39b0d516576677f863fa45e142c2034c5e237042 100644 (file)
--- a/src/admin/edit/kdb5_edit.c
+++ b/src/admin/edit/kdb5_edit.c
@@ -26,6 +26,8 @@
  
  #include "k5-int.h"
  #include "com_err.h"
+#include "adm.h"
+#include "adm_proto.h"
  #include <stdio.h>
  #include <time.h>
  /* timeb is part of the interface to get_date. */
@@ -78,6 +80,7 @@ static char search_instance[40];
  static int num_instance_tokens;
  static int must_be_first[2];
  static char *mkey_password = 0;
+static char *stash_file = (char *) NULL;
  
  /*
   * I can't figure out any way for this not to be global, given how ss
@@ -123,12 +126,14 @@ char *kdb5_edit_Init(argc, argv)
      int optchar;
  
      krb5_error_code retval;
-    char *dbname = DEFAULT_KDB_FILE;
+    char *dbname = (char *) NULL;
      char *defrealm;
      int keytypedone = 0;
+    int etypedone = 0;
      krb5_enctype etype = DEFAULT_KDC_ETYPE;
      extern krb5_kt_ops krb5_ktf_writable_ops;
      char       *request = NULL;
+    krb5_realm_params *rparams;
  
      retval = krb5_init_context(&edit_context);
      if (retval) {
@@ -173,6 +178,7 @@ char *kdb5_edit_Init(argc, argv)
             break;
         case 'e':
             etype = atoi(optarg);
+           etypedone++;
             break;
         case 'm':
             manual_mkey = TRUE;
@@ -184,6 +190,56 @@ char *kdb5_edit_Init(argc, argv)
         }
      }
  
+    /*
+     * Attempt to read the KDC profile.  If we do, then read appropriate values
+     * from it and augment values supplied on the command line.
+     */
+    if (!(retval = krb5_read_realm_params(edit_context,
+                                         cur_realm,
+                                         (char *) NULL,
+                                         (char *) NULL,
+                                         &rparams))) {
+       /* Get the value for the database */
+       if (rparams->realm_dbname && !dbname)
+           dbname = strdup(rparams->realm_dbname);
+
+       /* Get the value for the master key name */
+       if (rparams->realm_mkey_name && !mkey_name)
+           mkey_name = strdup(rparams->realm_mkey_name);
+
+       /* Get the value for the master key type */
+       if (rparams->realm_keytype_valid && !keytypedone) {
+           master_keyblock.keytype = rparams->realm_keytype;
+           keytypedone++;
+       }
+
+       /* Get the value for the encryption type */
+       if (rparams->realm_enctype_valid && !etypedone)
+           etype = rparams->realm_enctype;
+
+       /* Get the value for the stashfile */
+       if (rparams->realm_stash_file)
+           stash_file = strdup(rparams->realm_stash_file);
+
+       /* Get the value for maximum ticket lifetime. */
+       if (rparams->realm_max_life_valid)
+           mblock.max_life = rparams->realm_max_life;
+
+       /* Get the value for maximum renewable ticket lifetime. */
+       if (rparams->realm_max_rlife_valid)
+           mblock.max_rlife = rparams->realm_max_rlife;
+
+       /* Get the value for the default principal expiration */
+       if (rparams->realm_expiration_valid)
+           mblock.expiration = rparams->realm_expiration;
+
+       /* Get the value for the default principal flags */
+       if (rparams->realm_flags_valid)
+           mblock.flags = rparams->realm_flags;
+
+       krb5_free_realm_params(edit_context, rparams);
+    }
+
      /* Dump creates files which should not be world-readable.  It is easiest
         to do a single umask call here; any shells run by the ss command
         interface will have umask = 77 but that is not a serious problem. */
@@ -195,6 +251,10 @@ char *kdb5_edit_Init(argc, argv)
         exit(1);
      }
  
+    /* Handle defaults */
+    if (!dbname)
+       dbname = DEFAULT_KDB_FILE;
+
      if (!keytypedone)
         master_keyblock.keytype = DEFAULT_KDC_KEYTYPE;
  
@@ -456,9 +516,11 @@ set_dbname_help(pname, dbname)
         (void) krb5_db_fini(edit_context);
         return(1);
      }
+#ifdef notdef
      mblock.max_life = master_entry.max_life;
      mblock.max_rlife = master_entry.max_renewable_life;
      mblock.expiration = master_entry.expiration;
+#endif /* notdef */
      /* don't set flags, master has some extra restrictions */
      mblock.mkvno = master_entry.kvno;
  
@@ -483,7 +545,8 @@ set_dbname_help(pname, dbname)
         mkey_password = 0;
      } else if (retval = krb5_db_fetch_mkey(edit_context, master_princ, 
                                            &master_encblock, manual_mkey, 
-                                          FALSE, 0, &master_keyblock)) {
+                                          FALSE, stash_file,
+                                          0, &master_keyblock)) {
         com_err(pname, retval, "while reading master key");
         com_err(pname, 0, "Warning: proceeding without master key");
         exit_status++;
@@ -550,7 +613,8 @@ void enter_master_key(argc, argv)
                 master_keyblock.contents = NULL;
         }
         if (retval = krb5_db_fetch_mkey(edit_context, master_princ, &master_encblock,
-                                       TRUE, FALSE, 0, &master_keyblock)) {
+                                       TRUE, FALSE, (char *) NULL,
+                                       0, &master_keyblock)) {
                 com_err(pname, retval, "while reading master key");
                 exit_status++;
                 return;
diff --git a/src/admin/stash/ChangeLog b/src/admin/stash/ChangeLog

index 65ca88b7426025cffca9067c19fbb88512d5f996..f0f9a9603cd2014406f654c426d887872bc4630a 100644 (file)
--- a/src/admin/stash/ChangeLog
+++ b/src/admin/stash/ChangeLog
@@ -1,4 +1,11 @@
  
+Mon Jul 17 15:02:29 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * configure.in - Add KADM library.
+       * kdb5_stash.c - Change calling sequence to krb5_db_fetch_mkey().  Add
+               KDC profile reading/handling as a supplement to command line
+               arguments.
+
+
  Fri Jul 7 15:38:50 EDT 1995    Paul Park       (pjpark@mit.edu)
         * Makefile.in - Remove all explicit library handling and LDFLAGS.
         * configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES.
diff --git a/src/admin/stash/configure.in b/src/admin/stash/configure.in

index eb8220e6d0a455e842dcd6c119f374b733d7f561..c37cbcf82e009f8f79c0adbb505881934c588a2c 100644 (file)
--- a/src/admin/stash/configure.in
+++ b/src/admin/stash/configure.in
@@ -15,6 +15,7 @@ else
  fi
  AC_SUBST(DBFLAGS)dnl
  dnl
+USE_KADM_LIBRARY
  USE_KDB5_LIBRARY
  KRB5_LIBRARIES
  V5_USE_SHARED_LIB
diff --git a/src/admin/stash/kdb5_stash.c b/src/admin/stash/kdb5_stash.c

index 1cc87def0d6901b7d82be6d48588789b6c88ecc2..6d5157316f4b5bc0f4b294e3906450080bd535a7 100644 (file)
--- a/src/admin/stash/kdb5_stash.c
+++ b/src/admin/stash/kdb5_stash.c
@@ -26,6 +26,8 @@
  
  #include "k5-int.h"
  #include "com_err.h"
+#include "adm.h"
+#include "adm_proto.h"
  #include <stdio.h>
  
  extern int errno;
@@ -54,12 +56,13 @@ char *argv[];
      extern char *optarg;
      int optchar;
      krb5_error_code retval;
-    char *dbname = DEFAULT_KDB_FILE;
+    char *dbname = (char *) NULL;
      char *realm = 0;
      char *mkey_name = 0;
      char *mkey_fullname;
      char *keyfile = 0;
      krb5_context context;
+    krb5_realm_params *rparams;
  
      int keytypedone = 0;
      krb5_enctype etype = 0xffff;
@@ -98,6 +101,43 @@ char *argv[];
         }
      }
  
+    /*
+     * Attempt to read the KDC profile.  If we do, then read appropriate values
+     * from it and augment values supplied on the command line.
+     */
+    if (!(retval = krb5_read_realm_params(context,
+                                         realm,
+                                         (char *) NULL,
+                                         (char *) NULL,
+                                         &rparams))) {
+       /* Get the value for the database */
+       if (rparams->realm_dbname && !dbname)
+           dbname = strdup(rparams->realm_dbname);
+
+       /* Get the value for the master key name */
+       if (rparams->realm_mkey_name && !mkey_name)
+           mkey_name = strdup(rparams->realm_mkey_name);
+
+       /* Get the value for the master key type */
+       if (rparams->realm_keytype_valid && !keytypedone) {
+           master_keyblock.keytype = rparams->realm_keytype;
+           keytypedone++;
+       }
+
+       /* Get the value for the stash file */
+       if (rparams->realm_stash_file && !keyfile)
+           keyfile = strdup(rparams->realm_stash_file);
+
+       /* Get the value for the encryption type */
+       if (rparams->realm_enctype_valid && (etype == 0xffff))
+           etype = rparams->realm_enctype;
+
+       krb5_free_realm_params(context, rparams);
+    }
+
+    if (!dbname)
+       dbname = DEFAULT_KDB_FILE;
+
      if (!keytypedone)
         master_keyblock.keytype = DEFAULT_KDC_KEYTYPE;
  
@@ -146,7 +186,8 @@ char *argv[];
  
      /* TRUE here means read the keyboard, but only once */
      if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
-                                   TRUE, FALSE, 0, &master_keyblock)) {
+                                   TRUE, FALSE, (char *) NULL,
+                                   0, &master_keyblock)) {
         com_err(argv[0], retval, "while reading master key");
         (void) krb5_db_fini(context);
         exit(1);
diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog

index 0f8e1c60c5b9e879413445219fa331d690367f63..3aeab5aeaca2e7bbe7f5717f9341c615fc4ac3a2 100644 (file)
--- a/src/kadmin/v5server/ChangeLog
+++ b/src/kadmin/v5server/ChangeLog
@@ -1,4 +1,17 @@
  
+Mon Jul 17 15:07:08 EDT 1995   Paul Park       (pjpark@mit.edu)
+       * srv_main.c - Add stash-file handling and supply appropriate value to
+               krb5_db_fetch_mkey().  Add KDC profile reading/handling to
+               supercede any values supplied on the command line.  Add call
+               to new admin_init() which initializes the admin module.
+       * srv_key.c - Add stash-file handling.
+       * admin.c - Add admin_init() which takes supplied per-realm defaults to
+               initialize the default database entry.
+       * kadm5_defs.h - Change PROTOTYPE to KRB5_PROTOTYPE.  Update prototype
+               for key_init and add admin_init.
+       * kadmind5.M - Add description of -s stashfile.
+
+
  Fri Jul 7 16:01:37 EDT 1995    Paul Park       (pjpark@mit.edu)
         * Makefile.in - Remove all explicit library handling and LDFLAGS.
         * configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
diff --git a/src/kadmin/v5server/admin.c b/src/kadmin/v5server/admin.c

index 5a746fe727285741e9fbd51dd55e2747747406b7..5aed8b706517123e8080addcbdc943f542a3aa17 100644 (file)
--- a/src/kadmin/v5server/admin.c
+++ b/src/kadmin/v5server/admin.c
@@ -28,8 +28,8 @@
  
  #include "k5-int.h"
  #include "kadm5_defs.h"
-#include "adm_proto.h"
  #include "adm.h"
+#include "adm_proto.h"
  \f
  /*
   * Data structure used to pass information in and out of krb5_db_iterate.
@@ -45,7 +45,6 @@ struct inq_context {
  };
  
  static krb5_db_entry admin_def_dbent;
-static krb5_boolean admin_def_dbent_inited = 0;
  
  static const char *admin_perm_denied_fmt = "\004ACL entry prevents %s operation by %s";
  static const char *admin_db_write_err_fmt = "\004database write failed during %s operation by %s";
@@ -71,16 +70,22 @@ extern char *programname;
   * admin_init_def_dbent()      - Initialize the default database entry.
   */
  static void
-admin_init_def_dbent()
+admin_init_def_dbent(mlife, mrlife, evalid, e, fvalid, f)
+    krb5_deltat                mlife;
+    krb5_deltat                mrlife;
+    krb5_boolean       evalid;
+    krb5_timestamp     e;
+    krb5_boolean       fvalid;
+    krb5_flags         f;
  {
      /* Zero it all out, and fill in non-zero defaults */
      memset((char *) &admin_def_dbent, 0, sizeof(admin_def_dbent));
      admin_def_dbent.kvno = 1;
-    admin_def_dbent.max_life = KRB5_KDB_MAX_LIFE;
-    admin_def_dbent.max_renewable_life = KRB5_KDB_MAX_RLIFE;
-    admin_def_dbent.expiration = KRB5_KDB_EXPIRATION;
-    admin_def_dbent.attributes = KRB5_KDB_DEF_FLAGS;
-    admin_def_dbent_inited = 1;
+    admin_def_dbent.max_life = (mlife > 0) ? mlife : KRB5_KDB_MAX_LIFE;
+    admin_def_dbent.max_renewable_life = 
+       (mrlife > 0) ? mrlife : KRB5_KDB_MAX_RLIFE;
+    admin_def_dbent.expiration = (evalid) ? e : KRB5_KDB_EXPIRATION;
+    admin_def_dbent.attributes = (fvalid) ? f : KRB5_KDB_DEF_FLAGS;
  }
  \f
  /*
@@ -442,10 +447,6 @@ admin_add_modify(kcontext, debug_level, ticket, nargs, arglist,
                                                     &temp)))) {
                             krb5_db_entry       *merge;
  
-                           /* Check if the default is initialized */
-                           if (!admin_def_dbent_inited)
-                               admin_init_def_dbent();
-
                             merge = (should_exist) ?
                                 &cur_dbentry : &admin_def_dbent;
  
@@ -1384,3 +1385,14 @@ admin_extract_key(kcontext, debug_level, ticket,
      return(retval);
  }
  
+void
+admin_init(max_life, max_renew_life, e_valid, e, f_valid, f)
+    krb5_deltat                max_life;
+    krb5_deltat                max_renew_life;
+    krb5_boolean       e_valid;
+    krb5_timestamp     e;
+    krb5_boolean       f_valid;
+    krb5_flags         f;
+{
+    admin_init_def_dbent(max_life, max_renew_life, e_valid, e, f_valid, f);
+}
diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h

index 7d3d4d095f3228c7a75337f6c627b2707bb48181..3ac067de733ac8da423b418f51238fb982c64664 100644 (file)
--- a/src/kadmin/v5server/kadm5_defs.h
+++ b/src/kadmin/v5server/kadm5_defs.h
@@ -88,7 +88,7 @@
  
  /* srv_key.c */
  krb5_error_code key_init
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    int,
                    int,
@@ -96,12 +96,13 @@ krb5_error_code key_init
                    int,
                    char *,
                    char *,
+                  char *,
                    char *));
  void key_finish
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int));
  krb5_error_code key_string_to_keys
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_principal,
                    krb5_data *,
                    krb5_int32,
@@ -111,24 +112,24 @@ krb5_error_code key_string_to_keys
                    krb5_data *,
                    krb5_data *));
  krb5_error_code key_random_key
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_keyblock *));
  krb5_error_code key_encrypt_keys
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_principal,
                    krb5_keyblock *,
                    krb5_keyblock *,
                    krb5_encrypted_keyblock *,
                    krb5_encrypted_keyblock *));
  krb5_error_code key_decrypt_keys
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_principal,
                    krb5_encrypted_keyblock *,
                    krb5_encrypted_keyblock *,
                    krb5_keyblock *,
                    krb5_keyblock *));
  krb5_boolean key_pwd_is_weak
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_principal,
                    krb5_data *,
                    krb5_int32,
@@ -140,34 +141,34 @@ krb5_keyblock *key_admin_key();
  
  /* srv_acl.c */
  krb5_error_code acl_init
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    char *));
  void acl_finish
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int));
  krb5_boolean acl_op_permitted
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_principal,
                    krb5_int32));
  
  /* srv_output.c */
  krb5_error_code output_init
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    char *,
                    krb5_boolean));
  void output_finish
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int));
  krb5_boolean output_lang_supported
-       PROTOTYPE((char *));
+       KRB5_PROTOTYPE((char *));
  char *output_krb5_errmsg
-       PROTOTYPE((char *,
+       KRB5_PROTOTYPE((char *,
                    krb5_boolean,
                    krb5_int32));
  char *output_adm_error
-       PROTOTYPE((char *,
+       KRB5_PROTOTYPE((char *,
                    krb5_boolean,
                    krb5_int32,
                    krb5_int32,
@@ -176,26 +177,26 @@ char *output_adm_error
  
  /* srv_net.c */
  krb5_error_code net_init
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_int32));
  void net_finish
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int));
  krb5_error_code net_dispatch
-       PROTOTYPE((krb5_context));
+       KRB5_PROTOTYPE((krb5_context));
  krb5_principal net_server_princ();
  
  /* proto_serv.c */
  krb5_error_code proto_init
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    int));
  void proto_finish
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int));
  krb5_error_code proto_serv
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    krb5_int32,
                    int,
                    void *,
@@ -203,14 +204,14 @@ krb5_error_code proto_serv
  
  /* passwd.c */
  krb5_int32 passwd_check
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_auth_context,
                    krb5_ticket *,
                    krb5_data *,
                    krb5_int32 *));
  krb5_int32 passwd_change
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_auth_context,
                    krb5_ticket *,
@@ -218,7 +219,7 @@ krb5_int32 passwd_change
                    krb5_data *,
                    krb5_int32 *));
  krb5_boolean passwd_check_npass_ok
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_principal,
                    krb5_db_entry *,
@@ -227,52 +228,58 @@ krb5_boolean passwd_check_npass_ok
  
  /* admin.c */
  krb5_error_code admin_add_principal
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_int32,
                    krb5_data *));
  krb5_error_code admin_delete_principal
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *));
  krb5_error_code admin_rename_principal
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *,
                    krb5_data *));
  krb5_error_code admin_modify_principal
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_int32,
                    krb5_data *));
  krb5_error_code admin_change_opw
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *,
                    krb5_data *));
  krb5_error_code admin_change_orandpw
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *));
  krb5_error_code admin_inquire
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *,
                    krb5_int32 *,
                    krb5_data **));
  krb5_error_code admin_extract_key
-       PROTOTYPE((krb5_context,
+       KRB5_PROTOTYPE((krb5_context,
                    int,
                    krb5_ticket *,
                    krb5_data *,
                    krb5_data *,
                    krb5_int32 *,
                    krb5_data **));
+void admin_init KRB5_PROTOTYPE((krb5_deltat,
+                               krb5_deltat,
+                               krb5_boolean,
+                               krb5_timestamp,
+                               krb5_boolean,
+                               krb5_flags));
  #endif /* KADM5_DEFS_H__ */
diff --git a/src/kadmin/v5server/kadmind5.M b/src/kadmin/v5server/kadmind5.M

index d494ec4362f7304d9407da36b62cd176facf9c8f..88eafc01ad41d05cd5ac68fcf3c1012871e1de22 100644 (file)
--- a/src/kadmin/v5server/kadmind5.M
+++ b/src/kadmin/v5server/kadmind5.M
@@ -49,6 +49,9 @@ port
  .B \-r
  realm
  ] [
+.B \-s
+keystash
+] [
  .B \-t
  timeout
  ] [
@@ -87,6 +90,11 @@ Indicates that the master key name is to be entered manually.
  .IP \-e
  .B enctype
  specifies the encryption type which is to be used.
+.IP \-s
+.B keystash
+specifies the key stash file ( created by
+.I kdb5_stash(8)
+) used for automatic restart.
  .IP \-T
  .B keytab
  specifies the name of the service key table. 
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c

index 768b55b9dbd100438e51ac0964bbfc95cedefa18..08453f0c0c29bc4bbc75bdded7a1cf6db7b60f2e 100644 (file)
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -298,7 +298,7 @@ key_get_admin_entry(kcontext)
   */
  krb5_error_code
  key_init(kcontext, debug_level, enc_type, key_type, master_key_name, manual,
-        db_file, db_realm, kt_name)
+        db_file, db_realm, kt_name, sf_name)
      krb5_context       kcontext;
      int                        debug_level;
      int                        enc_type;
@@ -308,6 +308,7 @@ key_init(kcontext, debug_level, enc_type, key_type, master_key_name, manual,
      char               *db_file;
      char               *db_realm;
      char               *kt_name;
+    char               *sf_name;
  {
      krb5_enctype       kdc_etype;
      char               *mkey_name;
@@ -439,6 +440,7 @@ key_init(kcontext, debug_level, enc_type, key_type, master_key_name, manual,
                               &master_encblock,
                               manual,
                               FALSE,            /* Only read once if manual */
+                             sf_name,          /* stash file */
                               0,                /* No salt */
                               &master_keyblock);
      if (kret) {
diff --git a/src/kadmin/v5server/srv_main.c b/src/kadmin/v5server/srv_main.c

index 866e064fec2a8c639be2c24bdd45662abaee15ed..ba906e3650aee4f48825314333591da5e0577002 100644 (file)
--- a/src/kadmin/v5server/srv_main.c
+++ b/src/kadmin/v5server/srv_main.c
@@ -33,18 +33,21 @@
  #include <setjmp.h>
  #include "k5-int.h"
  #include "com_err.h"
+#include "adm.h"
  #include "adm_proto.h"
  
  #ifdef LANGUAGES_SUPPORTED
-static const char *usage_format =      "%s: usage is %s [-a aclfile] [-d database] [-e enctype] [-m]\n\t[-k mkeytype] [-l langlist] [-p portnum] [-r realm] [-t timeout] [-n]\n\t[-D dbg] [-M mkeyname] [-T ktabname].\n";
+static const char *usage_format =      "%s: usage is %s [-a aclfile] [-d database] [-e enctype] [-m]\n\t[-k mkeytype] [-l langlist] [-p portnum] [-r realm] [-s stash] [-t timeout] [-n]\n\t[-D dbg] [-M mkeyname] [-T ktabname].\n";
  static const char *getopt_string =     "a:d:e:k:l:mnp:r:t:D:M:T:";
  #else  /* LANGUAGES_SUPPORTED */
-static const char *usage_format =      "%s: usage is %s [-a aclfile] [-d database] [-e enctype] [-m]\n\t[-k mkeytype] [-p portnum] [-r realm] [-t timeout] [-n]\n\t[-D dbg] [-M mkeyname] [-T ktabname].\n";
+static const char *usage_format =      "%s: usage is %s [-a aclfile] [-d database] [-e enctype] [-m]\n\t[-k mkeytype] [-p portnum] [-r realm] [-s stash] [-t timeout] [-n]\n\t[-D dbg] [-M mkeyname] [-T ktabname].\n";
  static const char *getopt_string =     "a:d:e:k:mnp:r:t:D:M:T:";
  #endif /* LANGUAGES_SUPPORTED */
  static const char *fval_not_number =   "%s: value (%s) specified for -%c is not numeric.\n";
  static const char *extra_params =      "%s extra paramters beginning with %s... \n";
  static const char *daemon_err =                "%s: cannot spawn and detach.\n";
+static const char *grealm_err =                "%s: cannot get default realm.\n";
+static const char *pinit_err =                 "%s: cannot open configuration file %s.\n";
  static const char *no_memory_fmt =     "%s: cannot allocate %d bytes for %s.\n";
  static const char *begin_op_msg =      "\007%s starting.";
  static const char *disp_err_fmt =      "\004dispatch error.";
@@ -108,6 +111,13 @@ main(argc, argv)
      char               *db_realm = (char *) NULL;
      char               *master_key_name = (char *) NULL;
      char               *keytab_name = (char *) NULL;
+    char               *stash_name = (char *) NULL;
+    krb5_deltat                maxlife = -1;
+    krb5_deltat                maxrlife = -1;
+    krb5_timestamp     def_expiration;
+    krb5_flags         def_flags;
+    krb5_boolean       exp_valid, flags_valid;
+    krb5_realm_params  *rparams;
  
      /* Kerberatic contexts */
      krb5_context       kcontext;
@@ -126,12 +136,14 @@ main(argc, argv)
       *                 [-n]                    <do not fork/disassociate>
       *                 [-p portnumber]         <listen on port>
       *                 [-r realmname]          <realm>
+     *                 [-s stashfile]          <stashfile>
       *                 [-t timeout]            <inactivity timeout>
       *                 [-D debugmask]          <debug mask>
       *                 [-M masterkeyname]      <name of master key>
       *                 [-T keytabname]         <key table file>
       */
      error = 0;
+    exp_valid = flags_valid = FALSE;
      while ((option = getopt(argc, argv, getopt_string)) != EOF) {
         switch (option) {
         case 'a':
@@ -173,6 +185,9 @@ main(argc, argv)
         case 'r':
             db_realm = optarg;
             break;
+       case 's':
+           stash_name = optarg;
+           break;
         case 't':
             if (sscanf(optarg, "%d", &timeout) != 1) {
                 fprintf(stderr, fval_not_number, argv[0], optarg, 't');
@@ -233,6 +248,62 @@ main(argc, argv)
      krb5_init_ets(kcontext);
      krb5_klog_init(kcontext, "admin_server", programname, 1);
  
+    /*
+     * Attempt to read the KDC profile.  If we do, then read appropriate values
+     * from it and supercede values supplied on the command line.
+     */
+    if (!(error = krb5_read_realm_params(kcontext,
+                                        db_realm,
+                                        (char *) NULL,
+                                        (char *) NULL,
+                                        &rparams))) {
+       /* Get the value for the database */
+       if (rparams->realm_dbname)
+           db_file = strdup(rparams->realm_dbname);
+
+       /* Get the value for the master key name */
+       if (rparams->realm_mkey_name)
+           master_key_name = strdup(rparams->realm_mkey_name);
+
+       /* Get the value for the master key type */
+       if (rparams->realm_keytype_valid)
+           key_type = rparams->realm_keytype;
+
+       /* Get the value for the port */
+       if (rparams->realm_kadmind_port_valid)
+           service_port = rparams->realm_kadmind_port;
+
+       /* Get the value for the encryption type */
+       if (rparams->realm_enctype_valid)
+           enc_type = rparams->realm_enctype;
+
+       /* Get the value for the stashfile */
+       if (rparams->realm_stash_file)
+           stash_name = strdup(rparams->realm_stash_file);
+
+       /* Get the value for maximum ticket lifetime. */
+       if (rparams->realm_max_life_valid)
+           maxlife = rparams->realm_max_life;
+
+       /* Get the value for maximum renewable ticket lifetime. */
+       if (rparams->realm_max_rlife_valid)
+           maxrlife = rparams->realm_max_rlife;
+
+       /* Get the value for the default principal expiration */
+       if (rparams->realm_expiration_valid) {
+           def_expiration = rparams->realm_expiration;
+           exp_valid = TRUE;
+       }
+
+       /* Get the value for the default principal flags */
+       if (rparams->realm_flags_valid) {
+           def_flags = rparams->realm_flags;
+           flags_valid = TRUE;
+       }
+
+       krb5_free_realm_params(kcontext, rparams);
+    }
+
      if ((signal_number =
  #if    POSIX_SETJMP
          sigsetjmp(terminal_jmp, 1)
@@ -273,7 +344,7 @@ main(argc, argv)
          */
         error = key_init(kcontext, debug_level, enc_type, key_type,
                          master_key_name, manual_entry, db_file, db_realm,
-                        keytab_name);
+                        keytab_name, stash_name);
         if (!error) {
             error = acl_init(kcontext, debug_level, acl_file);
             if (!error) {
@@ -283,7 +354,12 @@ main(argc, argv)
                     error = net_init(kcontext, debug_level, service_port);
                     if (!error) {
                         error = proto_init(kcontext, debug_level, timeout);
-
+                       admin_init(maxlife,
+                                  maxrlife,
+                                  exp_valid,
+                                  def_expiration,
+                                  flags_valid,
+                                  def_flags);
                         if (error)
                             errmsg = proto_msg;
                     }
author	Paul Park <pjpark@mit.edu>
	Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)
committer	Paul Park <pjpark@mit.edu>
	Mon, 17 Jul 1995 19:35:58 +0000 (19:35 +0000)
src/admin/convert/ChangeLog		patch \| blob \| history
src/admin/convert/configure.in		patch \| blob \| history
src/admin/convert/kdb5_convert.c		patch \| blob \| history
src/admin/create/ChangeLog		patch \| blob \| history
src/admin/create/configure.in		patch \| blob \| history
src/admin/create/kdb5_create.c		patch \| blob \| history
src/admin/edit/ChangeLog		patch \| blob \| history
src/admin/edit/configure.in		patch \| blob \| history
src/admin/edit/dumpv4.c		patch \| blob \| history
src/admin/edit/kdb5_edit.c		patch \| blob \| history
src/admin/stash/ChangeLog		patch \| blob \| history
src/admin/stash/configure.in		patch \| blob \| history
src/admin/stash/kdb5_stash.c		patch \| blob \| history
src/kadmin/v5server/ChangeLog		patch \| blob \| history
src/kadmin/v5server/admin.c		patch \| blob \| history
src/kadmin/v5server/kadm5_defs.h		patch \| blob \| history
src/kadmin/v5server/kadmind5.M		patch \| blob \| history
src/kadmin/v5server/srv_key.c		patch \| blob \| history
src/kadmin/v5server/srv_main.c		patch \| blob \| history