Ken's acl and hangup fixes

AFS3 salt support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7764 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h
index 80f46f0206068239bedfe3e9dfadc7182060f60f..b986d101076493f20eef2f9cf824092ca23c3245 100644 (file)
--- a/src/kadmin/v5server/kadm5_defs.h
+++ b/src/kadmin/v5server/kadm5_defs.h
@@ -198,7 +198,7 @@ void net_finish
        KRB5_PROTOTYPE((krb5_context,
                   int));
 krb5_error_code net_dispatch
-       KRB5_PROTOTYPE((krb5_context));
+       KRB5_PROTOTYPE((krb5_context, int));
 krb5_principal net_server_princ();
 
 /* proto_serv.c */

diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c
index 632c18f951bcbb083f48b38e65c6e376eefa5fb6..7964e312600478327274d688ec665f41bb75b435 100644 (file)
--- a/src/kadmin/v5server/passwd.c
+++ b/src/kadmin/v5server/passwd.c
@@ -324,7 +324,10 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
     if (nwrite != 1)
        kret = KRB5KRB_ERR_GENERIC;
 
+#ifdef USE_KDB5_CPW
+    /* it's only a copy under the new code, see memcpy above */
     (void) krb5_db_free_principal(kcontext, &entry2write, 1);
+#endif /* USE_KDB5_CPW */
 
  cleanup:
 #ifndef        USE_KDB5_CPW

diff --git a/src/kadmin/v5server/srv_acl.c b/src/kadmin/v5server/srv_acl.c
index a3ead0f114d1d1eff67305c05fb0c36d01a007b4..4055d356e45bad30b5089c3eb32b6c8567a75975 100644 (file)
--- a/src/kadmin/v5server/srv_acl.c
+++ b/src/kadmin/v5server/srv_acl.c
@@ -74,7 +74,7 @@ static int acl_debug_level = 0;
  * the case where the ACL file is not present, this entry controls what can
  * be done.  The default is that everybody can change their own password.
  */
-static const char *acl_catchall_entry = "* o";
+static const char *acl_catchall_entry = "* o ";
 
 static const char *acl_line2long_msg = "%s: line %d too long, truncated\n";
 static const char *acl_op_bad_msg = "Unrecognized ACL operation '%c' in %s\n";
@@ -235,6 +235,7 @@ acl_free_entries()
 static int
 acl_load_acl_file()
 {
+char tmpbuf[10];
     FILE       *afp;
     char       *alinep;
     aent_t     **aentpp;
@@ -261,7 +262,8 @@ acl_load_acl_file()
            acl_list_tail = *aentpp;
            aentpp = &(*aentpp)->ae_next;
        }
-       if (*aentpp = acl_parse_line(acl_catchall_entry)) {
+strcpy(tmpbuf, acl_catchall_entry);
+       if (*aentpp = acl_parse_line(tmpbuf)) {
            acl_list_tail = *aentpp;
        }
        else {

diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c
index e0910e61c211b3cf33e4e5e1268601ab77f21b69..165d371a0a8b2e7fd446b05fb1696841efba9833 100644 (file)
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -536,7 +536,7 @@ key_init(kcontext, debug_level, key_type, master_key_name, manual,
      * is none, then we want to create it.  This way, kadmind5 becomes just
      * a plug in and go kind of utility.
      */
-    kret = key_get_admin_entry(kcontext, debug_level);
+    kret = key_get_admin_entry(kcontext);
 
  cleanup:
     if (kret) {
@@ -726,6 +726,23 @@ key_string2key_keysalt(ksent, ptr)
                krb5_xfree(xsalt);
            }
                break;
+             case KRB5_KDB_SALTTYPE_AFS3:
+               {
+                 /* use KDC-supplied realm for TransArc AFS style salt */
+                 /* malloc and copy to cover trailing 0, mit_afs_string_to_key
+                    takes care of free'ing it. */
+                 char *dat;
+                 int len;
+                 len = krb5_princ_realm(argp->context, argp->dbentry->princ)->length;
+                 dat = malloc(1+len);
+                 if (!dat) 
+                   goto done;
+                 strncpy(dat, krb5_princ_realm(argp->context, argp->dbentry->princ)->data, len);
+                 dat[len] = 0;
+                 salt.data = dat;
+                 salt.length = -1; /* in order to get around API change */
+                 break;
+               }
            default:
                goto done;
            }
@@ -750,6 +767,9 @@ key_string2key_keysalt(ksent, ptr)
                                       argp->string,
                                       &salt)))
            goto done;
+
+       if (salt.length == -1)
+         salt.length = strlen (salt.data);
        
        /*
         * Now, salt contains the salt and key contains the decrypted

diff --git a/src/kadmin/v5server/srv_main.c b/src/kadmin/v5server/srv_main.c
index a640c0f08d42b7807df97ba25e7f95ab9a4a5959..770db0f41cb4e1c06a2cf9d71679432ddd22da88 100644 (file)
--- a/src/kadmin/v5server/srv_main.c
+++ b/src/kadmin/v5server/srv_main.c
@@ -148,8 +148,8 @@ main(argc, argv)
     int                        manual_entry = 0;
     krb5_boolean       mime_enabled = 0;
     int                        debug_level = 0;
-    int                        timeout = -1;
     int                        nofork = 0;
+    int                        timeout = -1;
     krb5_int32         service_port = -1;
     char               *acl_file = (char *) NULL;
     char               *db_file = (char *) NULL;
@@ -160,8 +160,8 @@ main(argc, argv)
     char               *stash_name = (char *) NULL;
     krb5_deltat                maxlife = -1;
     krb5_deltat                maxrlife = -1;
-    krb5_timestamp     def_expiration;
-    krb5_flags         def_flags;
+    krb5_timestamp     def_expiration = 0;
+    krb5_flags         def_flags = 0;
     krb5_boolean       exp_valid, flags_valid;
     krb5_realm_params  *rparams;
     krb5_int32         realm_num_keysalts;
@@ -450,7 +450,7 @@ main(argc, argv)
            /*
             * net_dispatch() only returns when we're done for some reason.
             */
-           error = net_dispatch(kcontext);
+           error = net_dispatch(kcontext, !nofork);
 
            com_err(programname, error,
                    ((error) ? disp_err_fmt : happy_exit_fmt));

diff --git a/src/kadmin/v5server/srv_net.c b/src/kadmin/v5server/srv_net.c
index 75ce3beb3925a5c3ef6d8bd47365290aa30666d5..e0fcedc4d797ad7ff95d83f71cdad0ed5e8a2d5b 100644 (file)
--- a/src/kadmin/v5server/srv_net.c
+++ b/src/kadmin/v5server/srv_net.c
@@ -703,8 +703,9 @@ net_finish(kcontext, debug_level)
  * comes in, dispatch to net_client_connect().
  */
 krb5_error_code
-net_dispatch(kcontext)
+net_dispatch(kcontext, detached)
     krb5_context       kcontext;
+    int                        detached;
 {
     krb5_error_code    kret;
     fd_set             mask, readfds;
@@ -729,14 +730,18 @@ net_dispatch(kcontext)
 #ifdef DEBUG
     (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
 #endif /* DEBUG */
+    if (!detached)
+      (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
 #else  /* POSIX_SIGNALS */
     /*
-     * SIGTERM (or SIGINT, if debug) shuts us down.
+     * SIGTERM (or SIGINT, if debug, or SIGHUP if not detached) shuts us down.
      */
     signal(SIGTERM, net_shutdown);
 #ifdef DEBUG
     signal(SIGINT, net_shutdown);
 #endif /* DEBUG */
+    if (!detached)
+      signal(SIGHUP, net_shutdown);
 #endif /* POSIX_SIGNALS */
 
 #if    !USE_PTHREADS

diff --git a/src/kadmin/v5server/srv_output.c b/src/kadmin/v5server/srv_output.c
index 06e129f8c42aa915cda42fc194cd27454f341d3c..5d6cf04cf1b96fb33ee8fbd965ba8ddc4f351a04 100644 (file)
--- a/src/kadmin/v5server/srv_output.c
+++ b/src/kadmin/v5server/srv_output.c
@@ -384,7 +384,6 @@ output_krb5_errmsg(lang, mime, kval)
 {
     char *ret;
     char *ermsg;
-    int alen;
 
     DPRINT(DEBUG_CALLS, output_debug_level,
           ("* output_krb5_errmsg(v=%d, lang=%s, mime=%d)\n",