+2001-06-07 Ezra Peisach <epeisach@mit.edu>
+
+ * acl_files.c, admin_server.c, kadm_funcs.c, kadm_ser_wrap.c:
+ Explicitly declare function return types and cleanup assignments
+ in conditionals.
+
+ * kadm_server.c: Include kadm_server.h and cleanup assignments in
+ conditionals.
+
+ * kadm_server.h: Include kadm5/admin.h, kadm.h, krb_db.h for
+ structure defintions so that many prototypes may be added to this
+ file.
+
+ * kadm_stream.c: Include kadm_server.h for prototypes. Explicitly
+ declare functions as ints.
+ (stream_to_vals) Assumption made that pointer to long the same
+ size as krb5_ui_4 fixed.
+
+ * kadm_supp.c: Include sys/param.h early so that MAXHOSTNAMELEN is
+ not defined by kadm.h and later redefined. In prin_vals(),
+ key_high and key_low elements of the Kadm_vals structure are longs
+ - use an appropriate format to printf.
+
+2001-06-04 Ezra Peisach <epeisach@rna.mit.edu>
+
+ * kadm_ser_wrap.c, kadm_server.c: Cleanup assignments in conditionals.
+
2000-10-23 Tom Yu <tlyu@mit.edu>
* kadm_ser_wrap.c (kadm_ser_in): Update call to mk_priv().
/* Eliminate all whitespace character in buf */
/* Modifies its argument */
-static nuke_whitespace(buf)
+static void nuke_whitespace(buf)
char *buf;
{
register char *pin, *pout;
}
/* Destroy a hash table */
-static destroy_hash(h)
+static void destroy_hash(h)
struct hashtbl *h;
{
int i;
}
/* Add an element to a hash table */
-static add_hash(h, el)
+static void add_hash(h, el)
struct hashtbl *h;
char *el;
{
}
/* Returns nonzero if el is in h */
-static check_hash(h, el)
+static int check_hash(h, el)
struct hashtbl *h;
char *el;
{
/* Returns nonzero if it can be determined that acl contains principal */
/* Principal is not canonicalized, and no wildcarding is done */
+int
acl_exact_match(acl, principal)
char *acl;
char *principal;
/* Returns nonzero if it can be determined that acl contains principal */
/* Recognizes wildcards in acl of the form
name.*@realm, *.*@realm, and *.*@* */
+int
acl_check(acl, principal)
char *acl;
char *principal;
/* Adds principal to acl */
/* Wildcards are interpreted literally */
+int
acl_add(acl, principal)
char *acl;
char *principal;
/* Removes principal from acl */
/* Wildcards are interpreted literally */
+int
acl_delete(acl, principal)
char *acl;
char *principal;
krb5_context kadm_context;
int debug;
+static void cleanexit(int);
+static int kadm_listen(void);
+
+
/* close the system log file */
void close_syslog()
{
** Main does the logical thing, it sets up the database and RPC interface,
** as well as handling the creation and maintenance of the syslog file...
*/
+int
main(argc, argv) /* admin_server main routine */
int argc;
char *argv[];
}
if (krbrlm[0] == 0) {
- if (errval = krb5_get_default_realm(kadm_context, &lrealm)) {
+ errval = krb5_get_default_realm(kadm_context, &lrealm);
+ if (errval) {
com_err(argv[0], errval, "while attempting to get local realm");
exit(1);
}
paramsin.realm = krbrlm;
paramsin.mask |= KADM5_CONFIG_REALM;
- if (errval = kadm5_get_config_params(kadm_context, NULL, NULL,
- ¶msin, ¶msout)) {
+ errval = kadm5_get_config_params(kadm_context, NULL, NULL,
+ ¶msin, ¶msout);
+ if (errval) {
com_err(argv[0], errval, "while retrieving kadm5 params");
exit(1);
}
- if (errval = krb5_db_set_name(kadm_context, paramsout.dbname)) {
+
+ errval = krb5_db_set_name(kadm_context, paramsout.dbname);
+ if (errval) {
com_err(argv[0], errval, "while setting dbname");
exit(1);
}
printf("regular kill instead\n\n");
#ifdef KADM5
- printf("KADM Server starting in the KADM5 mode (%sprocess id %d).\n",
- debug ? "" : "parent ", getpid());
+ printf("KADM Server starting in the KADM5 mode (%sprocess id %ld).\n",
+ debug ? "" : "parent ", (long) getpid());
#else
printf("KADM Server starting in %s mode for the purposes for password changing\n\n", fascist_cpw ? "fascist" : "NON-FASCIST");
#endif
byebye();
exit(1);
}
- if (errval = krb5_db_set_lockmode(kadm_context, TRUE)) {
+
+ errval = krb5_db_set_lockmode(kadm_context, TRUE);
+ if (errval) {
com_err(argv[0], errval, "while setting db to nonblocking");
close_syslog();
krb5_db_fini(kadm_context);
return;
}
-static exit_now = 0;
+static int exit_now = 0;
krb5_sigtype
doexit(sig)
kadm_listen
listen on the admin servers port for a request
*/
+static int
kadm_listen()
{
extern int errno;
if (debug) {
process_client(peer_fd, &peer);
- } else if (pid = fork()) {
+ } else if ((pid = fork())) {
/* parent */
if (pid < 0) {
syslog(LOG_ERR, "fork: %s", error_message(errno));
cleanexit(1);
}
free(service_name);
- if (retval = krb5_db_set_name(kadm_context, paramsout.dbname)) {
+
+ retval = krb5_db_set_name(kadm_context, paramsout.dbname);
+ if (retval) {
syslog(LOG_ERR, "%s while setting dbname", error_message(retval));
cleanexit(1);
}
server_parm.recv_addr = *who;
- if (retval = krb5_db_init(kadm_context)) { /* Open as client */
+ retval = krb5_db_init(kadm_context);
+ if (retval) { /* Open as client */
syslog(LOG_ERR, "can't open krb db: %s", error_message(retval));
cleanexit(1);
}
SIGNAL_RETURN;
}
-cleanexit(val)
+static
+void cleanexit(val)
+ int val;
{
krb5_db_fini(kadm_context);
clear_secrets();
#ifndef KADM5
#define faildel(code) { (void) syslog(LOG_ERR, "FAILED deleting '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; }
+krb5_error_code
kadm_del_entry (rname, rinstance, rrealm, valsin, valsout)
char *rname; /* requestors name */
char *rinstance; /* requestors instance */
#ifndef KADM5
#define failchange(code) { syslog(LOG_ERR, "FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; }
+krb5_error_code
kadm_change (rname, rinstance, rrealm, newpw)
char *rname;
char *rinstance;
#undef failchange
#endif /* !KADM5 */
+int
check_pw(newpw, checkstr)
des_cblock newpw;
char *checkstr;
return(effect);
}
+int
des_check_gecos(gecos, newpw)
char *gecos;
des_cblock newpw;
return(0);
}
+int
str_check_gecos(gecos, pwstr)
char *gecos;
char *pwstr;
}
+krb5_error_code
kadm_approve_pw(rname, rinstance, rrealm, newpw, pwstring)
char *rname;
char *rinstance;
kadm_ser_in
unwrap the data stored in dat, process, and return it.
*/
+int
kadm_ser_in(dat,dat_len)
u_char **dat;
int *dat_len;
memcpy((char *)authent.dat, (char *)(*dat) + in_len, authent.length);
authent.mbz = 0;
/* service key should be set before here */
- if (retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
- server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0))
+ retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
+ server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0);
+ if (retc)
{
errpkt(dat, dat_len,retc + krb_err_base);
return retc + krb_err_base;
#else
des_key_sched(ad.session, sess_sched);
#endif
- if (retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session,
- &server_parm.recv_addr,
- &server_parm.admin_addr, &msg_st)) {
+
+ retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session,
+ &server_parm.recv_addr,
+ &server_parm.admin_addr, &msg_st);
+ if (retc) {
clr_cli_secrets();
errpkt(dat, dat_len,retc + krb_err_base);
return retc + krb_err_base;
#include <kadm.h>
#include <kadm_err.h>
+#include "kadm_server.h"
extern krb5_context kadm_context;
int fascist_cpw = 0; /* Be fascist about insecure passwords? */
Replaces the password (i.e. des key) of the caller with that specified in key.
Returns no actual data from the master server, since this is called by a user
*/
+int
kadm_ser_cpw(dat, len, ad, datout, outlen)
u_char *dat;
int len;
memcpy((char *)(((krb5_int32 *)newkey) + 1), (char *)&keyhigh, 4);
memcpy((char *)newkey, (char *)&keylow, 4);
- if (retval = kadm_approve_pw(ad->pname, ad->pinst, ad->prealm,
- newkey, no_pword ? 0 : pword)) {
+ retval = kadm_approve_pw(ad->pname, ad->pinst, ad->prealm,
+ newkey, no_pword ? 0 : pword);
+ if (retval) {
if (retval == KADM_PW_MISMATCH) {
/*
* Very strange!!! This means that the cleartext
}
if (fascist_cpw) {
*outlen = strlen(bad_pw_err)+strlen(pw_blurb)+1;
- if (*datout = (u_char *) malloc(*outlen)) {
+ *datout = (u_char *) malloc(*outlen);
+ if (*datout) {
strcpy((char *) *datout, bad_pw_err);
strcat((char *) *datout, pw_blurb);
} else
return(retval);
} else {
*outlen = strlen(bad_pw_warn) + strlen(pw_blurb)+1;
- if (*datout = (u_char *) malloc(*outlen)) {
+ *datout = (u_char *) malloc(*outlen);
+ if (*datout) {
strcpy((char *) *datout, bad_pw_warn);
strcat((char *) *datout, pw_blurb);
} else
*outlen = 0;
- if (retval = krb5_timeofday(kadm_context, &now)) {
+ retval = krb5_timeofday(kadm_context, &now);
+ if (retval) {
msg_ptr = error_message(retval);
goto send_response;
}
/* don't send message on success because kpasswd.v4 will */
/* print "password changed" too */
*outlen = strlen(msg_ptr)+2;
- if (*datout = (u_char *) malloc(*outlen)) {
+ *datout = (u_char *) malloc(*outlen);
+ if (*datout) {
strcpy(*datout, msg_ptr);
strcat(*datout, "\n");
} else
second values.
returns the values for the changed entries
*/
+int
kadm_ser_mod(dat,len,ad, datout, outlen)
u_char *dat;
int len;
returns this data for each matching recipient, after a count of how many such
matches there were
*/
+int
kadm_ser_get(dat,len,ad, datout, outlen)
u_char *dat;
int len;
Checks to see if the des key passed from the caller is a "secure" password.
*/
+int
kadm_ser_ckpw(dat, len, ad, datout, outlen)
u_char *dat;
int len;
memset(newkey, 0, sizeof(newkey));
if (retval) {
*outlen = strlen(check_pw_msg)+strlen(pw_blurb)+1;
- if (*datout = (u_char *) malloc(*outlen)) {
+ *datout = (u_char *) malloc(*outlen);
+ if (*datout) {
strcpy((char *) *datout, check_pw_msg);
strcat((char *) *datout, pw_blurb);
} else
the max_life field of the values structure. It's a hack, but it's a
backwards compatible hack....
*/
+int
kadm_ser_stab(dat, len, ad, datout, outlen)
u_char *dat;
int len;
#include <krb.h>
#include <des.h>
#include "k5-int.h"
+#ifdef KADM5
+#include <kadm5/admin.h>
+#endif
+#include "kadm.h"
+#include "krb_db.h"
typedef struct {
struct sockaddr_in admin_addr;
extern krb5_context kadm_context;
+/* kadm_ser_wrap.c */
+#ifdef KADM5
+extern int kadm_ser_init(int, char *, kadm5_config_params *);
+#else
+extern int kadm_ser_init(int, char *);
+#endif
+extern int kadm_ser_in(u_char **, int *);
+
+/* kadm_server.c */
+int kadm_ser_cpw(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_add(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_del(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_mod(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_get(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_ckpw(u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_stab(u_char *, int, AUTH_DAT *, u_char **, int *);
+
+/* kadm_funcs.c */
+krb5_error_code kadm_add_entry(char *, char *, char *,
+ Kadm_vals *, Kadm_vals *);
+krb5_error_code kadm_del_entry(char *, char *, char *,
+ Kadm_vals *, Kadm_vals *);
+krb5_error_code kadm_get_entry(char *, char *, char *,
+ Kadm_vals *, u_char *, Kadm_vals *);
+krb5_error_code kadm_mod_entry(char *, char *, char *,
+ Kadm_vals *, Kadm_vals *, Kadm_vals *);
+krb5_error_code kadm_change (char *, char *, char *, des_cblock);
+krb5_error_code kadm_approve_pw(char *, char *, char *, des_cblock, char *);
+krb5_error_code kadm_chg_srvtab(char *, char *, char *, Kadm_vals *);
+
+/* kadm_supp.c */
+void prin_vals(Kadm_vals *);
+void kadm_prin_to_vals(u_char *, Kadm_vals *, Principal *);
+void kadm_vals_to_prin(u_char *, Principal *, Kadm_vals *);
+
+/* kadm_stream.c */
+int stv_char(u_char *, u_char *, int, int);
+int stv_short(u_char *, u_short *, int, int);
+int stv_long(u_char *, krb5_ui_4 *, int, int);
+int stv_string(u_char *, char *, int, int, int);
+int stream_to_vals(u_char *, Kadm_vals *, int);
+int vals_to_stream(Kadm_vals *, u_char **);
+int vts_string(char *, u_char **, int);
+int vts_short(u_short, u_char **, int);
+int vts_long(krb5_ui_4, u_char **, int);
+int vts_char(u_char, u_char **, int);
+
+/* acl_files.c */
+int acl_check(char *, char *);
+
+/* admin_server.c */
+#ifdef KADM5
+krb5_ui_4 convert_kadm5_to_kadm(krb5_ui_4);
+#endif
+
#endif /* KADM_SERVER_DEFS */
extern char *malloc(), *calloc(), *realloc();
#endif
+static int check_field_header(u_char *, u_char *, int);
+static int build_field_header(u_char *, u_char **);
+
+
/*
kadm_stream.c
this holds the stream support routines for the kerberos administration server
*/
#include "kadm.h"
+#include "kadm_server.h"
#define min(a,b) (((a) < (b)) ? (a) : (b))
this function creates a byte-stream representation of the kadm_vals structure
*/
+int
vals_to_stream(dt_in, dt_out)
Kadm_vals *dt_in;
u_char **dt_out;
return(stsize);
}
+static int
build_field_header(cont, st)
u_char *cont; /* container for fields data */
u_char **st; /* stream */
return 4; /* return pointer to current stream location */
}
+int
vts_string(dat, st, loc)
char *dat; /* a string to put on the stream */
u_char **st; /* base pointer to the stream */
return strlen(dat)+1;
}
+int
vts_short(dat, st, loc)
u_short dat; /* the attributes field */
u_char **st; /* a base pointer to the stream */
return sizeof(u_short);
}
+int
vts_long(dat, st, loc)
krb5_ui_4 dat; /* the attributes field */
u_char **st; /* a base pointer to the stream */
}
+int
vts_char(dat, st, loc)
u_char dat; /* the attributes field */
u_char **st; /* a base pointer to the stream */
this decodes a byte stream represntation of a vals struct into kadm_vals
*/
+int
stream_to_vals(dt_in, dt_out, maxlen)
u_char *dt_in;
Kadm_vals *dt_out;
{
register int vsloop, stsize; /* loop counter, stream size */
register int status;
+ krb5_ui_4 l_trans;
memset((char *) dt_out, 0, sizeof(*dt_out));
stsize += status;
break;
case KADM_EXPDATE:
- if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
+ if ((status = stv_long(dt_in, &l_trans, stsize,
maxlen)) < 0)
return(-1);
+ dt_out->exp_date = l_trans;
stsize += status;
break;
case KADM_ATTR:
stsize += status;
break;
case KADM_DESKEY:
- if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
+ if ((status = stv_long(dt_in, &l_trans, stsize,
maxlen)) < 0)
return(-1);
+ dt_out->key_high = l_trans;
stsize += status;
- if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
+ if ((status = stv_long(dt_in, &l_trans, stsize,
maxlen)) < 0)
return(-1);
+ dt_out->key_low = l_trans;
stsize += status;
break;
default:
return stsize;
}
+static int
check_field_header(st, cont, maxlen)
u_char *st; /* stream */
u_char *cont; /* container for fields data */
return 4; /* return pointer to current stream location */
}
+int
stv_string(st, dat, loc, stlen, maxlen)
register u_char *st; /* base pointer to the stream */
char *dat; /* a string to read from the stream */
return strlen(dat)+1;
}
+int
stv_short(st, dat, loc, maxlen)
u_char *st; /* a base pointer to the stream */
u_short *dat; /* the attributes field */
return sizeof(u_short);
}
+int
stv_long(st, dat, loc, maxlen)
u_char *st; /* a base pointer to the stream */
krb5_ui_4 *dat; /* the attributes field */
return sizeof(krb5_ui_4);
}
+int
stv_char(st, dat, loc, maxlen)
u_char *st; /* a base pointer to the stream */
u_char *dat; /* the attributes field */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
+#include <sys/param.h>
/*
kadm_supp.c
this holds the support routines for the kerberos administration server
printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
printf(" Max Life: %d Exp Date: %s\n",vals->max_life,
asctime(localtime((long *)&vals->exp_date)));
- printf(" Attribs: %.2x key: %u %u\n",vals->attributes,
+ printf(" Attribs: %.2x key: %ld %ld\n",vals->attributes,
vals->key_low, vals->key_high);
}
it copies the fields in Principal specified by fields into Kadm_vals,
i.e from old to new */
+void
kadm_prin_to_vals(fields, new, old)
u_char fields[FLDSZ];
Kadm_vals *new;
}
}
+void
kadm_vals_to_prin(fields, new, old)
u_char fields[FLDSZ];
Principal *new;
projects / krb5.git / commitdiff