From: Ezra Peisach Date: Sat, 24 Aug 1996 16:00:07 +0000 (+0000) Subject: We are using kadm5 now instead of kadm X-Git-Tag: krb5-1.0-beta7~101 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2240d3c96c105f0d19ba2a197b34772f70000c7c;p=krb5.git We are using kadm5 now instead of kadm git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8981 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/kadm/.Sanitize b/src/lib/kadm/.Sanitize deleted file mode 100644 index 4f33eec41..000000000 --- a/src/lib/kadm/.Sanitize +++ /dev/null @@ -1,49 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -adm_conn.c -adm_kw_dec.c -adm_kw_enc.c -adm_kt_dec.c -adm_kt_enc.c -adm_rw.c -alt_prof.c -configure.in -configure -keysalt.c -krb5strings.M -logger.c -str_conv.c -t_dbentry.c -t_ktentry.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/lib/kadm/ChangeLog b/src/lib/kadm/ChangeLog deleted file mode 100644 index ac07e1981..000000000 --- a/src/lib/kadm/ChangeLog +++ /dev/null @@ -1,334 +0,0 @@ -Thu Jun 13 22:12:21 1996 Tom Yu - - * configure.in: remove ref to ET_RULES - -Mon Jun 10 21:42:26 1996 Theodore Ts'o - - * adm_conn.c: - * adm_kw_dec.c: - * adm_kw_enc.c: Change use of _WINDOWS to _MSDOS, and add check - for _WIN32 - -Tue May 21 20:51:06 1996 Sam Hartman - - * Makefile.in (check-unix): Use KRB5_RUN_FLAGS - -Sun May 12 00:46:57 1996 Marc Horowitz - - * alt_prof.c (krb5_read_realm_params): added "acl_file" variable - for the admin server. - -Wed Mar 13 17:37:00 1996 Ken Raeburn - - * configure.in: Use AC_HEADER_STDARG. - -Sun Dec 10 11:02:56 1995 Ezra Peisach - - * str_conv.c (krb5_input_flag_to_string): Add new routine. - -Wed Nov 8 02:46:54 1995 Theodore Y. Ts'o - - * alt_prof.c (krb5_free_realm_params): Free the realm_kdc_ports - element of the structure. - -Fri Oct 6 00:30:16 1995 Theodore Y. Ts'o - - * Makefile.in: Remove ##DOS!include of config/windows.in. - config/windows.in is now included by wconfig. - - * logger.c (klog_vsyslog): Make the logs less verbose, by omitting - the hostname, pid, etc. information. - -Thu Oct 5 19:46:40 1995 Theodore Y. Ts'o - - * alt_prof.c (krb5_read_realm_params): Remove the profile - relation, since it's really a bad idea. Removed the - "port" and "secondary_port" relations, and replaced them - with the "kdc_port" relation, which takes a list of ports. - -Mon Oct 2 15:08:53 1995 Theodore Y. Ts'o - - * logger.c (krb5_klog_init): If the log file can't be opened, - print an intelligent error message. - -Thu Oct 5 12:06:35 1995 Ezra Peisach - - * alt_prof.c (krb5_read_realm_params): If secure flag is set in - context, do not allow for environment variables to specify - configuration files. - -Tue Sep 26 02:31:38 1995 Mark Eichin - - * adm_conn.c (kadm_get_creds): zero out creds->server after - freeing it to protect later attempts. - -Fri Sep 29 17:06:18 1995 Theodore Y. Ts'o - - * logger.c: #ifdef the entire file so it's not built under Windows. - -Tue Sep 27 12:00:00 1995 - - * adm_kw_dec.c (krb5_adm_proto_to_dbent): Routine removed for - Windows and Mac to match with the prototype. - - * adm_kw_dec.c (krb5_adm_dbent_to_proto): Routine removed for - Windows and Mac to match with the prototype. - -Tue Sep 26 16:24:00 1995 - - * alt_prof.c (krb5_read_realm_params): On an error, initialize the - returned rparams pointer to NULL. - -Mon Sep 25 16:54:18 1995 Theodore Y. Ts'o - - * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the - Makefile. - -Fri Sep 22 12:00:00 1995 James Mattly - - * adm_conn.c: for sockets changed close to closesocket, sockets on - macintosh arn't files. - -Fri Sep 22 15:44:02 1995 Mark Eichin - - * logger.c (klog_com_err_proc): pass whoami in failure messages - for error log failures to match format string. - -Wed Sep 13 10:45:25 1995 Keith Vetter (keithv@fusion.com) - - * keysalt.c: 16/32 bit integer mismatch. - * str_conv.c: sftime_format_table is conditional upon HAVE_STRFTIME, - cast some constants to long so that math wouldn't overflow, - 16/32 bit integer size mismatch. - -Wed Sep 13 18:17:30 1995 Theodore Y. Ts'o - - * alt_prof.c (krb5_read_realm_params): Fix memory leak. Free the - default realm when we're done. Remove the "profile" - parameter from the kdc.conf file. This is bad idea, - architecturally. - -Tue Sep 12 13:18:42 1995 Ezra Peisach - - * adm_conn.c: For Macintosh hardwire cache name. Various casting - fixes. - -Thu Sep 7 17:50:15 1995 Theodore Y. Ts'o - - * adm_conn.c (kadm_get_creds): Use KRB5_ADM_SERVICE_INSTANCE for - the instance name, instead of KRB5_ADM_SERVICE_NAME. - -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * adm_kt_dec.c, adm_kt_enc.c, alt_prof.c, keysalt.c, str_conv.c : - s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * adm_kt_dec.c, adm_kt_enc.c, alt_prof.c, str_conv.c: - Remove krb5_enctype references, and replace - with krb5_keytype where appropriate - -Tue Aug 29 15:31:50 EDT 1995 Paul Park (pjpark@mit.edu) - * .Sanitize, krb5strings.M - Add new manpage describing string syntax - for common datatypes handled by str_conv.c. - -Thu Aug 24 18:53:32 1995 Theodore Y. Ts'o - - * .Sanitize: Update file list - -Mon Aug 21 17:07:56 EDT 1995 Paul Park (pjpark@mit.edu) - * str_conv.c - Add krb5_timestamp_to_sfstring(). This converts time - to a short string, potentially filled. Use strftime() for - krb5_timestamp_to_string() if present so that locale-dependent - time format is used. - - -Tue Aug 8 17:35:10 EDT 1995 Paul Park (pjpark@mit.edu) - * str_conv.c - Fix Purify complaint. - - -Mon Aug 7 17:38:45 EDT 1995 Paul Park (pjpark@mit.edu) - * keysalt.c(krb5_string_to_keysalt) - Don't do the silly whitespace - filling logic. If the string has imbedded whitespace, then - it's just tough rocks. Save replaced string separators and - terminators so that they string looks the same coming out as - going in. - - -Fri Aug 4 16:21:50 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in, .Sanitize, keysalt.c - Add keysalt.c modules. - - -Thu Aug 3 11:51:14 EDT 1995 Paul Park (pjpark@mit.edu) - * alt_prof.c - Actually pass back the parsed string value in krb5_aprof_ - get_deltat(). - - -Mon Jul 31 15:52:40 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_kw_{enc,dec}.c - Add support for new kadmin protocol. - * alt_prof.c - Remove string conversion routine, use the ones in str_ - conv.c. Convert krb5_read_realm_params() to use these string - conversion routines so that the KDC profile is more textual - as opposed to being numeric. - * str_conv.c - String conversion routines. - * Makefile.in, configure.in - Add support for str_conv.c - * t_dbentry.c - Test new kadmin protocol. - -Mon Jul 17 15:16:26 EDT 1995 Paul Park (pjpark@mit.edu) - * alt_prof.c - Add krb5_{read,free}_realm_params() to read in per- - realm KDC data and to free the allocated structure. - -Mon Jul 10 17:59:23 1995 Ezra Peisach - - * adm_kt_dec.c, adm_kt_enc.c, adm_kw_dec.c, adm_kw_enc.c, - alt_prof.c, logger.c: Include adm_proto.h for prototypes. - -Fri Jul 7 16:23:57 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove LDFLAGS, it's set by configure. Find com_err - library in TOPLIBD now. - -Thu Jul 6 17:34:22 1995 Tom Yu - - * adm_conn.c (kadm_get_creds): Pass kcontext to os_localaddr. - -Tue Jun 27 15:50:31 EDT 1995 Paul Park (pjpark@mit.edu) - * alt_prof.c - Change filename and hierarchy lists to be const char. - - -Thu Jun 22 11:56:15 EDT 1995 Paul Park (pjpark@mit.edu) - * alt_prof.c - New jacket routines for handling profiles. This includes - the ability to parse certain string values to appropriate types - (e.g. delta time or 32-bit integer). - * Makefile.in - Add alt_prof.c - - -Thu Jun 15 18:03:40 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove explicit copying of archive library to library - directory. - * configure.in - Create symlink for archive when we build it. - -Wed Jun 14 14:36:13 1995 Sam Hartman - - * t_dbentry.c (main): option should be an int so that comparisons - against EOF work when char unsigned. - -Tue Jun 13 14:37:25 1995 Sam Hartman - - * logger.c: Don't check to make sure unix is defined for - DEVICE_OPEN et al. Currently, there are no special cases where - special handling is required; if they are, then they should be - checked for, and the generic case taken if no special case fits. - The previous behavior broke under AIX. - - -Sun Jun 11 09:24:06 1995 Ezra Peisach - - * Makefile.in (clean-unix): Remove $(UNIX_OBJS) - -Sat Jun 10 23:05:23 1995 Tom Yu (tlyu@dragons-lair) - - * adm_conn.c, adm_rw.c: krb5_auth_context redefinitions - -Fri Jun 9 19:26:44 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Thu Jun 8 23:32:28 1995 Theodore Y. Ts'o - - * Makefile.in: $($(WHAT)_OBJS) is not accepted by all Makes! We - assume for now that libkadm.a rule is only used by Unix, - which should be a valid assumption, and build handle - $(UNIX_OBJS) there. - -Thu Jun 8 14:32:33 EDT 1995 Paul Park (pjpark@mit.edu) - * logger.c - New module to provide profile-controlled logging. This - can optionally take over control of com_err(3) output to also - direct this output to where the profile specifies. Also - includes a syslog(3) compatible interface which also follows - the profile's direction. - * Makefile.in, configure.in - update for logger.c - - -Mon Jun 5 14:15:37 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_conn.c - Rework kadm_get_ccache() and kadm_get_creds() so that - we can specify differing credentials caches and the lifetime - of obtained tickets if not using an existing ccache. This - changes the calling sequence of krb5_adm_connect(), adding - two arguments: a ccache name and a (delta) lifetime. Default - ccache name changes formats to tkt_kadm_ and default - lifetime is 10 minutes. - -Fri Jun 2 17:56:03 1995 Keith Vetter (keithv@fusion.com) - - * adm_conn.c: used SOCKET_ERRNO instead of errno and - added prototypes for the local functions. - * adm_rw.c: added prototypes for the local functions so that - ints get promoted to longs correctly on the PC. - -Wed May 31 08:10:13 1995 Ezra Peisach - - * Makefile.in (DB_OBJS): Change DBOBJS to DB_OBJS to match rest of - Makefile.in - -Tue May 30 17:36:47 1995 Keith Vetter (keithv@fusion.com) - - * adm_rw.c: removed INTERFACE from two routines. - -Tue May 30 10:35:07 1995 Keith Vetter (keithv@fusion.com) - - * adm_conn.c: used Windows specific way of creating a temp file. - * Makefile.in: PC doesn't need to compile adm_kw_*.c files. - -Thu May 25 17:49:06 1995 Keith Vetter (keithv@fusion.com) - - First pass to make the code compile cleanly on the PC. - * Makefile.in: made to work on the PC. - * adm_conn.c: used atoi instead of sscanf since it can't be - used in a windows DLL. Why not? Ask Microsoft. - * adm_kt_e.c, adm_kw_e.c, adm_rw.c: made the explicit the - cast to a char when pulling out bytes from an int. - * adm_kw_d.c: size_t != off_t on the PC. Fixed the equation. - * adm_rw.c: two parameters were declared as int but prototyped - as krb5_int32. - -Tue May 16 13:58:30 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Check for srand48, srand and srandom along with - network libraries. - * t_ktentry.c, t_dbentry.c - Use available random number generator - and also make sure memory is freed so we don't - chew up memory in tester. - - -Tue May 16 13:19:04 EDT 1995 Paul Park (pjpark@mit.edu) - * t_dbentry.c - Change isset to is_a_set to keep Ultrix happy. Also - correctly calculate the length of the standard pwd. - so that we don't overwrite the end of the malloc()ed - string. - * t_ktentry.c - Remove isset logic, no differentiation for keytabs. - - -Tue May 16 10:35:54 EDT 1995 Paul Park (pjpark@mit.edu) - * t_dbentry.c, t_ktentry.c - new test modules for encode/decode - functions. These convert to and from krb5_db_entry and - krb5_keytab_entry and verify contents. - * adm_kt_enc.c - Fix bug encoding integer values. - - -Tue May 9 15:21:49 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_conn.c - use profile information to locate the admin_server. - Also, return the correct value from krb5_adm_connect - instead of always returning zero. - * adm_{kw,kt}_{enc,dec}.c - New modules to [en/de]code administrative - protocol keyword=value pairs and keytab entries. - - -Fri Apr 28 09:47:29 EDT 1995 Paul Park (pjpark@mit.edu) - - Create a new library consisting of functions which communicate with - the administrative server here. These modules replace the originals - which used to be in libkrb5. - - adm_rw.c - Remove ntohl/htonl in favor of byte blasting. - diff --git a/src/lib/kadm/Makefile.in b/src/lib/kadm/Makefile.in deleted file mode 100644 index 62cda2cc9..000000000 --- a/src/lib/kadm/Makefile.in +++ /dev/null @@ -1,92 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) - -##DOSBUILDTOP = ..\.. -##DOSLIBNAME=kadm.lib -RUN_SETUP=@KRB5_RUN_ENV@ -BASE_OBJS= adm_conn.$(OBJEXT) \ - adm_kt_dec.$(OBJEXT) \ - adm_kt_enc.$(OBJEXT) \ - adm_rw.$(OBJEXT) \ - alt_prof.$(OBJEXT) \ - str_conv.$(OBJEXT) \ - keysalt.$(OBJEXT) - -UNIX_OBJS = logger.$(OBJEXT) - -DB_OBJS= adm_kw_dec.$(OBJEXT) \ - adm_kw_enc.$(OBJEXT) - -OBJS= $(BASE_OBJS) $(DB_OBJS) - -SRCS= $(srcdir)/adm_conn.c \ - $(srcdir)/adm_kt_dec.c \ - $(srcdir)/adm_kt_enc.c \ - $(srcdir)/adm_rw.c \ - $(srcdir)/adm_kw_dec.c \ - $(srcdir)/adm_kw_enc.c \ - $(srcdir)/logger.c \ - $(srcdir)/alt_prof.c \ - $(srcdir)/str_conv.c \ - $(srcdir)/keysalt.c - -all:: $(BASE_OBJS) - -all-unix:: $(DB_OBJS) $(UNIX_OBJS) -all-unix:: libkadm.a -all-mac:: $(DB_OBJS) -all-windows:: - -libkadm.a: $(OBJS) $(UNIX_OBJS) - $(RM) $@ - $(ARADD) $@ $(OBJS) $(UNIX_OBJS) - $(RANLIB) $@ - -install:: libkadm.a - $(INSTALL_DATA) libkadm.a $(DESTDIR)$(KRB5_LIBDIR)/libkadm.a - $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libkadm.a - -clean-unix:: - $(RM) libkadm.$(LIBEXT) $(UNIX_OBJS) -clean-mac:: - $(RM) libkadm.$(LIBEXT) -clean-windows:: - $(RM) kadm.lib kadm.bak - -# -# t_dbentry -# -T_DBENTRY_OBJS = t_dbentry.$(OBJEXT) \ - $(TOPLIBD)/libkadm.a $(TOPLIBD)/libkdb5.a \ - $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a \ - $(TOPLIBD)/libcom_err.a - -t_dbentry: $(T_DBENTRY_OBJS) - $(LD) -o t_dbentry $(T_DBENTRY_OBJS) $(LIBS) - -# -# t_ktentry -# -T_KTENTRY_OBJS = t_ktentry.$(OBJEXT) \ - $(TOPLIBD)/libkadm.a $(TOPLIBD)/libkrb5.a \ - $(TOPLIBD)/libcrypto.a $(TOPLIBD)/libcom_err.a - -t_ktentry: $(T_KTENTRY_OBJS) - $(LD) -o t_ktentry $(T_KTENTRY_OBJS) $(LIBS) - -TEST_PROGS = t_dbentry t_ktentry - -check-unix:: $(TEST_PROGS) - $(RUN_SETUP) ./t_dbentry -r 100 - $(RUN_SETUP) ./t_ktentry -r 100 - -check-mac:: - -check-windows:: - -clean-unix:: - $(RM) t_dbentry$(EXEEXT) t_dbentry.$(OBJEXT) - $(RM) t_ktentry$(EXEEXT) t_ktentry.$(OBJEXT) -clean-mac:: - $(RM) t_dbentry$(EXEEXT) t_dbentry.$(OBJEXT) - $(RM) t_ktentry$(EXEEXT) t_ktentry.$(OBJEXT) - diff --git a/src/lib/kadm/adm_conn.c b/src/lib/kadm/adm_conn.c deleted file mode 100644 index 1534b4b02..000000000 --- a/src/lib/kadm/adm_conn.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - * lib/kadm/adm_conn.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ -/* - * Routines to contact an administrative protocol server. - */ -#define NEED_SOCKETS -#define NEED_LOWLEVEL_IO -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - -#if HAVE_PWD_H -#include -#endif /* HAVE_PWD_H */ - -/* Default ticket life is 10 minutes */ -#define KADM_DEFAULT_LIFETIME (10*60) - -/* - * Strings - */ -static char *kadm_cache_name_fmt = "FILE:/tmp/tkt_kadm_%d"; - -/* - * Prototypes for local functions - */ -static krb5_error_code kadm_get_ccache - PROTOTYPE((krb5_context, - char *, - char *, - krb5_ccache *, - krb5_principal *)); -static krb5_error_code kadm_get_creds - PROTOTYPE((krb5_context, - krb5_ccache , - krb5_principal, - krb5_creds *, - char *, - char *, - krb5_timestamp)); -static krb5_error_code kadm_contact_server - PROTOTYPE((krb5_context, - krb5_data *, - int *, - krb5_address **, - krb5_address **)); -static krb5_error_code kadm_get_auth - PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_address *, - krb5_address *)); - -/* - * kadm_get_ccache() - Initialze a credentials cache. - * - * Cleanup after success by calling krb5_cc_destroy() and krb5_free_principal() - * Allocates new ccache and client. - */ -static krb5_error_code -kadm_get_ccache(kcontext, user, ccname, ccache, client) - krb5_context kcontext; - char *user; - char *ccname; - krb5_ccache *ccache; - krb5_principal *client; -{ - krb5_error_code kret; - char *name; - int did_malloc = 0; - char new_cache[MAXPATHLEN]; - krb5_principal tprinc; - - /* Initialize. */ - *client = (krb5_principal) NULL; - tprinc = (krb5_principal) NULL; - - /* - * If a name specified, then use that one, else get it from our - * current uid. - */ - if (user) { - name = user; - } - else { -#if HAVE_PWD_H - struct passwd *pw; - - pw = getpwuid(getuid()); - if (pw) { - name = (char *) malloc(strlen(pw->pw_name)+1); - did_malloc = 1; - strcpy(name, pw->pw_name); - } - else { - kret = errno; - goto cleanup; - } -#else /* HAVE_PWD_H */ - kret = ENOENT; - goto cleanup; -#endif /* HAVE_PWD_H */ - } - - /* Parse the name and form our principal */ - if (kret = krb5_parse_name(kcontext, name, client)) - goto cleanup; - - if (!ccname) { -#if defined(_MSDOS) || defined(_WIN32) - strcpy (new_cache, "FILE:"); - GetTempFileName (0, "tkt", 0, new_cache+5); -#else -#ifdef _MACINTOSH - (void) sprintf(new_cache, "STDIO:admcc"); -#else - (void) sprintf(new_cache, kadm_cache_name_fmt, getpid()); -#endif /* _MACINTOSH */ -#endif /* _MSDOS || _WIN32 */ - } - else - sprintf(new_cache, "FILE:%s", ccname); - - /* - * We only need to resolve the credentials cache if one hasn't - * been supplied to us. - */ - if (!(*ccache) && (kret = krb5_cc_resolve(kcontext, new_cache, ccache))) - goto cleanup; - - /* XXX assumes a file ccache */ - if ((kret = krb5_cc_get_principal(kcontext, *ccache, &tprinc)) == - KRB5_FCC_NOFILE) - kret = krb5_cc_initialize(kcontext, *ccache, *client); - - - cleanup: - if (did_malloc) - free(name); - - if (tprinc) - krb5_free_principal(kcontext, tprinc); - - if (kret) { - if (*client) - krb5_free_principal(kcontext, *client); - } - - return(kret); -} - -/* - * kadm_get_creds() - Get initial credentials. - * - * Cleanup after success by calling krb5_free_principal(). - * Allocates new principal for creds->server. - */ -static krb5_error_code -kadm_get_creds(kcontext, ccache, client, creds, prompt, oldpw, tlife) - krb5_context kcontext; - krb5_ccache ccache; - krb5_principal client; - krb5_creds *creds; - char *prompt; - char *oldpw; - krb5_timestamp tlife; -{ - char *client_name; - krb5_error_code kret; - krb5_address **my_addresses; - int old_pwsize; - krb5_creds tcreds; - - /* Initialize */ - my_addresses = (krb5_address **) NULL; - client_name = (char *) NULL; - - /* Get the string form for our principal */ - if (kret = krb5_unparse_name(kcontext, client, &client_name)) - return(kret); - - if (kret = krb5_os_localaddr(kcontext, &my_addresses)) - goto cleanup; - - creds->client = client; - /* - * Build server principal name: - * "changepw" is service - * realm name is instance - * realm name is realm name - */ - if (kret = krb5_build_principal_ext(kcontext, - &creds->server, - client->realm.length, - client->realm.data, - strlen(KRB5_ADM_SERVICE_INSTANCE), - KRB5_ADM_SERVICE_INSTANCE, - client->realm.length, - client->realm.data, - 0)) - goto cleanup; - - /* Attempt to retrieve an appropriate entry from the credentials cache. */ - if ((kret = krb5_cc_retrieve_cred(kcontext, - ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, - creds, - &tcreds)) - == KRB5_CC_NOTFOUND) { - krb5_timestamp jetzt; - - if (prompt != (char *) NULL) { - /* Read the password */ - old_pwsize = KRB5_ADM_MAX_PASSWORD_LEN; - if (kret = krb5_read_password(kcontext, - prompt, - (char *) NULL, - oldpw, - &old_pwsize)) - goto cleanup; - } - if (kret = krb5_timeofday(kcontext, &jetzt)) - goto cleanup; - if (tlife > 0) - creds->times.endtime = jetzt + tlife; - else - creds->times.endtime = jetzt + KADM_DEFAULT_LIFETIME; - - /* Get our initial ticket */ - kret = krb5_get_in_tkt_with_password(kcontext, - 0, - my_addresses, - NULL, - NULL, - oldpw, - ccache, - creds, - 0); - } - else { - krb5_principal sclient, sserver; - - if (!kret) { - /* - * We found the credentials cache entry - copy it out. - * - * We'd like to just blast tcreds on top of creds, but we cannot. - * other logic uses the client data, and rather than going and - * chasing all that logic down, might as well pretend that we just - * filled in all the other muck. - */ - sclient = creds->client; - sserver = creds->server; - memcpy((char *) creds, (char *) &tcreds, sizeof(tcreds)); - if (creds->client) - krb5_free_principal(kcontext, creds->client); - if (creds->server) - krb5_free_principal(kcontext, creds->server); - creds->client = sclient; - creds->server = sserver; - } - } - - cleanup: - if (kret) { - if (creds->server) { - krb5_free_principal(kcontext, creds->server); - creds->server = 0; - } - } - if (my_addresses) - krb5_free_addresses(kcontext, my_addresses); - if (client_name) - krb5_xfree(client_name); - return(kret); -} - -/* - * kadm_contact_server() - Establish a connection to the server. - * - * Cleanup after success by calling close() and free(). - * Opens/connects socket *sockp. Allocates address storage for local/remote. - */ -static krb5_error_code -kadm_contact_server(kcontext, realmp, sockp, local, remote) - krb5_context kcontext; - krb5_data *realmp; - int *sockp; - krb5_address **local; - krb5_address **remote; -{ - struct hostent *remote_host; - struct servent *service; - char **hostlist; - int i, count; - - krb5_error_code kret; - - struct sockaddr_in in_local; - struct sockaddr_in in_remote; - int addr_len; - - const char *realm_admin_names[4]; - char *realm_name; - krb5_boolean found; - - /* Initialize */ - hostlist = (char **) NULL; - *sockp = -1; - realm_name = (char *) NULL; - - /* - * XXX - only know ADDRTYPE_INET. - */ -#ifdef KRB5_USE_INET - *local = (krb5_address *) malloc(sizeof(krb5_address)); - *remote = (krb5_address *) malloc(sizeof(krb5_address)); - realm_name = (char *) malloc((size_t) realmp->length + 1); - if ((*local == (krb5_address *) NULL) || - (*remote == (krb5_address *) NULL) || - (realm_name == (char *) NULL)) { - kret = ENOMEM; - goto cleanup; - } - (*local)->addrtype = (*remote)->addrtype = ADDRTYPE_INET; - (*local)->length = (*remote)->length = sizeof(struct in_addr); - (*local)->contents = (krb5_octet *) malloc(sizeof(struct in_addr)); - (*remote)->contents = (krb5_octet *) malloc(sizeof(struct in_addr)); - if (((*local)->contents == NULL) || ((*remote)->contents == NULL)) { - kret = ENOMEM; - goto cleanup; - } - - /* - * First attempt to find addresses from our config file, if we cannot - * find an entry, then try getservbyname(). - */ - found = 0; -#ifndef OLD_CONFIG_FILES - strncpy(realm_name, realmp->data, (size_t) realmp->length); - realm_name[realmp->length] = '\0'; - realm_admin_names[0] = "realms"; - realm_admin_names[1] = realm_name; - realm_admin_names[2] = "admin_server"; - realm_admin_names[3] = (char *) NULL; - if (!(kret = profile_get_values(kcontext->profile, - realm_admin_names, - &hostlist))) { - int hi; - char *cport; - char *cp; - krb5_int32 pport; - - for (hi = 0; hostlist[hi]; hi++) { - /* - * This knows a little too much about the format of profile - * entries. Shouldn't it just be some sort of tuple? - * - * The form is assumed to be: - * admin_server = [:[]] - */ - cport = (char *) NULL; - pport = (u_short) KRB5_ADM_DEFAULT_PORT; - cp = strchr(hostlist[hi], ' '); - if (cp) - *cp = '\0'; - cp = strchr(hostlist[hi], '\t'); - if (cp) - *cp = '\0'; - cport = strchr(hostlist[hi], ':'); - if (cport) { - *cport = '\0'; - cport++; - - pport = atoi (cport); - if (pport == 0) { - kret = KRB5_CONFIG_BADFORMAT; - goto cleanup; - } - } - - /* - * Now that we have a host name, get the host entry. - */ - remote_host = gethostbyname(hostlist[hi]); - if (remote_host == (struct hostent *) NULL) { - kret = KRB5_CONFIG_BADFORMAT; - goto cleanup; - } - - /* - * Fill in our address values. - */ - in_remote.sin_family = remote_host->h_addrtype; - (void) memcpy((char *) &in_remote.sin_addr, - (char *) remote_host->h_addr, - sizeof(in_remote.sin_addr)); - in_remote.sin_port = htons((u_short) pport); - - /* Open a tcp socket */ - *sockp = (int) socket(PF_INET, SOCK_STREAM, 0); - if (*sockp < 0) { - kret = SOCKET_ERRNO; - goto cleanup; - } - else kret = 0; - - /* Attempt to connect to the remote address. */ - if (connect(*sockp, - (struct sockaddr *) &in_remote, - sizeof(in_remote)) < 0) { - /* Failed, go to next address */ - kret = SOCKET_ERRNO; - closesocket((SOCKET)*sockp); - *sockp = -1; - continue; - } - - /* Find out local address */ - addr_len = sizeof(in_local); - if (getsockname((SOCKET) *sockp, - (struct sockaddr *) &in_local, - &addr_len) < 0) { - /* Couldn't get our local address? */ - kret = SOCKET_ERRNO; - goto cleanup; - } - else { - /* Connection established. */ - memcpy((char *) (*remote)->contents, - (char *) &in_remote.sin_addr, - sizeof(struct in_addr)); - memcpy((char *) (*local)->contents, - (char *) &in_local.sin_addr, - sizeof(struct in_addr)); - found = 1; - break; - } - } - if (!found) { - krb5_xfree(hostlist); - hostlist = (char **) NULL; - } - } -#endif /* OLD_CONFIG_FILES */ - if (!found) { - /* - * Use the old way of finding our administrative server. - * - * This consists of looking up an entry in /etc/services and if - * we don't find it, then we are just out of luck. Then, we use - * that port number along with the address of the kdc. - */ - if ((service = getservbyname(KRB5_ADM_SERVICE_NAME, "tcp")) == NULL) { - kret = ENOENT; - goto cleanup; - } - in_remote.sin_port = service->s_port; - - if (kret = krb5_get_krbhst(kcontext, realmp, &hostlist)) - goto cleanup; - - /* Now count the number of hosts in the realm */ - count = 0; - for (i=0; hostlist[i]; i++) - count++; - if (count == 0) { - kret = ENOENT; /* something better? */ - goto cleanup; - } - - /* Now find an available host */ - for (i=0; hostlist[i]; i++) { - remote_host = gethostbyname(hostlist[i]); - if (remote_host != (struct hostent *) NULL) { - in_remote.sin_family = remote_host->h_addrtype; - (void) memcpy((char *) &in_remote.sin_addr, - (char *) remote_host->h_addr, - sizeof(in_remote.sin_addr)); - - /* Open a tcp socket */ - *sockp = (int) socket(PF_INET, SOCK_STREAM, 0); - if (*sockp < 0) { - kret = SOCKET_ERRNO; - goto cleanup; - } - else kret = 0; - - if (connect(*sockp, - (struct sockaddr *) &in_remote, - sizeof(in_remote)) < 0) { - kret = SOCKET_ERRNO; - closesocket((SOCKET)*sockp); - *sockp = -1; - continue; - } - - /* Find out local address */ - addr_len = sizeof(in_local); - if (getsockname((SOCKET)*sockp, - (struct sockaddr *) &in_local, - &addr_len) < 0) { - kret = SOCKET_ERRNO; - goto cleanup; - } - else { - memcpy((char *) (*remote)->contents, - (char *) &in_remote.sin_addr, - sizeof(struct in_addr)); - - memcpy((char *) (*local)->contents, - (char *) &in_local.sin_addr, - sizeof(struct in_addr)); - found = 1; - break; - } - } - } - if (!found) - kret = KRB5_SERVICE_UNKNOWN; - } -#else /* KRB5_USE_INET */ - kret = ENOENT; -#endif /* KRB5_USE_INET */ - - cleanup: - if (kret) { - if (*sockp >= 0) - closesocket((SOCKET)*sockp); - if (*local && (*local)->contents) - free((*local)->contents); - if (*remote && (*remote)->contents) - free((*remote)->contents); - if (*local) { - memset((char *) (*local), 0, sizeof(krb5_address)); - free(*local); - *local = (krb5_address *) NULL; - } - if (*remote) { - memset((char *) (*remote), 0, sizeof(krb5_address)); - free(*remote); - *remote = (krb5_address *) NULL; - } - } - if (realm_name) - free(realm_name); - if (hostlist) - krb5_xfree(hostlist); - return(kret); -} - -/* - * kadm_get_auth() - Get authorization context. - * - * Cleanup after success by calling krb5_xfree(). - * New krb5_auth_context allocated in *ctxp - */ -static krb5_error_code -kadm_get_auth(kcontext, ctxp, local, remote) - krb5_context kcontext; - krb5_auth_context *ctxp; - krb5_address *local; - krb5_address *remote; -{ - krb5_auth_con_init(kcontext, ctxp); - krb5_auth_con_setflags(kcontext, *ctxp, - KRB5_AUTH_CONTEXT_RET_SEQUENCE| - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - krb5_auth_con_setaddrs(kcontext, *ctxp, local, remote); - return(0); -} - -/* - * krb5_adm_connect() - Establish the connection to the service. - * - * If *ccachep is not null, then that ccache is used to establish the identity - * of the caller. (Argument list is ugly, I know) - * - * Errors are not reported by this routine. - * Cleanup after successful invocation must: - * destroy/close ccache. - * free auth_context - * close socket. - */ -krb5_error_code INTERFACE -krb5_adm_connect(kcontext, user, prompt, opassword, sockp, ctxp, - ccachep, ccname, tlife) - krb5_context kcontext; /* Context handle (In ) */ - char *user; /* User specified (In ) */ - char *prompt; /* Old password prompt (In ) */ - char *opassword; /* Old Password (I/O) */ - int *sockp; /* Socket for conn. (Out) */ - krb5_auth_context *ctxp; /* Auth context (Out) */ - krb5_ccache *ccachep; /* Credentials cache (I/O) */ - char *ccname; /* Cred cache name (In ) */ - krb5_timestamp tlife; /* Ticket lifetime (In ) */ -{ - krb5_error_code kret; - krb5_principal client; - krb5_creds creds; - krb5_data server_realm; - krb5_data request_data, suppl_data; - krb5_data response_data; - krb5_address *local_addr; - krb5_address *remote_addr; - krb5_boolean ccache_supplied; - - char *server; - - /* Initialize */ - memset((char *) &creds, 0, sizeof(krb5_creds)); - server = (char *) NULL; - *sockp = -1; - local_addr = remote_addr = (krb5_address *) NULL; - client = (krb5_principal) NULL; - *ctxp = (krb5_auth_context) NULL; - ccache_supplied = (*ccachep != (krb5_ccache) NULL); - - /* - * Find the appropriate credentials cache and set up our identity. - */ - if (kret = kadm_get_ccache(kcontext, user, ccname, ccachep, &client)) - goto cleanup; - - /* - * Get initial credentials. - */ - if (kret = kadm_get_creds(kcontext, - *ccachep, - client, - &creds, - prompt, - opassword, - tlife)) - goto cleanup; - - /* - * Establish connection to server. - */ - if ((server_realm.data = (char *) malloc(client->realm.length+1)) == - (char *) NULL) - goto cleanup; - - server_realm.length = client->realm.length; - memcpy(server_realm.data, client->realm.data, server_realm.length); - server_realm.data[server_realm.length] = '\0'; - if (kret = kadm_contact_server(kcontext, - &server_realm, - sockp, - &local_addr, - &remote_addr)) - goto cleanup; - - /* - * Obtain our authorization context - */ - if (kret = kadm_get_auth(kcontext, ctxp, local_addr, remote_addr)) - goto cleanup; - - /* - * Format, then send the KRB_AP_REQ - */ - suppl_data.data = NULL; - suppl_data.length = 0; - if (kret = krb5_mk_req_extended(kcontext, - ctxp, - AP_OPTS_MUTUAL_REQUIRED, - &suppl_data, - &creds, - &request_data)) - goto cleanup; - - if (kret = krb5_write_message(kcontext, sockp, &request_data)) - goto cleanup; - - /* - * Now read back the response. - */ - if (kret = krb5_read_message(kcontext, sockp, &response_data)) { - goto cleanup; - } - else { - krb5_ap_rep_enc_part *reply = NULL; - - kret = krb5_rd_rep(kcontext, *ctxp, &response_data, &reply); - if (reply) - krb5_free_ap_rep_enc_part(kcontext, reply); - } - cleanup: - if (server) - free(server); - if (kret) { - if (*ctxp) { - krb5_xfree(*ctxp); - *ctxp = (krb5_auth_context) NULL; - } - if (*sockp >= 0) { - closesocket((SOCKET)*sockp); - *sockp = -1; - } - if (local_addr && local_addr->contents) - free(local_addr->contents); - if (remote_addr && remote_addr->contents) - free(remote_addr->contents); - if (local_addr) - free(local_addr); - if (remote_addr) - free(remote_addr); - if (creds.server) - krb5_free_principal(kcontext, creds.server); - if (client) - krb5_free_principal(kcontext, client); - if (*ccachep && !ccache_supplied) { - krb5_cc_destroy(kcontext, *ccachep); - *ccachep = (krb5_ccache) NULL; - } - } - return(kret); - -} - -/* - * krb5_adm_disconnect() - Disconnect from the administrative service. - * - * If ccache is supplied, then it is destroyed. Otherwise, the ccache is - * the caller's responsibility to close. - */ -void INTERFACE -krb5_adm_disconnect(kcontext, socketp, auth_context, ccache) - krb5_context kcontext; - int *socketp; - krb5_auth_context auth_context; - krb5_ccache ccache; -{ - if (ccache) - krb5_cc_destroy(kcontext, ccache); - if (auth_context) - krb5_xfree(auth_context); - if (*socketp >= 0) - closesocket((SOCKET)*socketp); -} - diff --git a/src/lib/kadm/adm_kt_dec.c b/src/lib/kadm/adm_kt_dec.c deleted file mode 100644 index 7886a70da..000000000 --- a/src/lib/kadm/adm_kt_dec.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * lib/kadm/adm_kt_dec.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * adm_kt_dec.c - Decode keytab entry according to protocol. - */ -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - -/* - * krb5_adm_proto_to_ktent() - Convert a list of reply components to - * a keytab entry according to procotol. - * - * Successful callers of this routine should free ktentp->principal - * and ktentp->key.contents. - */ -krb5_error_code -krb5_adm_proto_to_ktent(kcontext, ncomp, complist, ktentp) - krb5_context kcontext; - krb5_int32 ncomp; - krb5_data *complist; - krb5_keytab_entry *ktentp; -{ - krb5_error_code kret; - char *v; - - /* - * Clear out the keytab entry. - */ - memset((char *) ktentp, 0, sizeof(krb5_keytab_entry)); - - /* - * Figure out how many components we have. We expect KRB5_ADM_KT_NCOMPS - * components. - */ - if (ncomp != KRB5_ADM_KT_NCOMPS) - return(EINVAL); - - /* Parse the supplied principal name */ - if (kret = krb5_parse_name(kcontext, - complist[KRB5_ADM_KT_PRINCIPAL].data, - &ktentp->principal)) - goto done; - - /* Parse the supplied timestamp */ - if (complist[KRB5_ADM_KT_TIMESTAMP].length < sizeof(krb5_timestamp)) { - kret = EINVAL; - goto done; - } - v = complist[KRB5_ADM_KT_TIMESTAMP].data; - ktentp->timestamp = (krb5_timestamp) - (((krb5_int32) ((unsigned char) v[0]) << 24) + - ((krb5_int32) ((unsigned char) v[1]) << 16) + - ((krb5_int32) ((unsigned char) v[2]) << 8) + - ((krb5_int32) ((unsigned char) v[3]))); - - /* Parse the supplied vno */ - if (complist[KRB5_ADM_KT_VNO].length < sizeof(krb5_kvno)) { - kret = EINVAL; - goto done; - } - v = complist[KRB5_ADM_KT_VNO].data; - ktentp->vno = (krb5_kvno) - (((krb5_int32) ((unsigned char) v[0]) << 24) + - ((krb5_int32) ((unsigned char) v[1]) << 16) + - ((krb5_int32) ((unsigned char) v[2]) << 8) + - ((krb5_int32) ((unsigned char) v[3]))); - - /* Parse the supplied key_enctype */ - if (complist[KRB5_ADM_KT_KEY_ENCTYPE].length < sizeof(krb5_enctype)) { - kret = EINVAL; - goto done; - } - v = complist[KRB5_ADM_KT_KEY_ENCTYPE].data; - ktentp->key.enctype = (krb5_enctype) - (((krb5_int32) ((unsigned char) v[0]) << 24) + - ((krb5_int32) ((unsigned char) v[1]) << 16) + - ((krb5_int32) ((unsigned char) v[2]) << 8) + - ((krb5_int32) ((unsigned char) v[3]))); - - /* Finally, shuck the key contents */ - if (ktentp->key.contents = (krb5_octet *) - malloc((size_t) complist[KRB5_ADM_KT_KEY_KEY].length)) { - ktentp->key.length = complist[KRB5_ADM_KT_KEY_KEY].length; - memcpy(ktentp->key.contents, - complist[KRB5_ADM_KT_KEY_KEY].data, - (size_t) ktentp->key.length); - kret = 0; - } - else - kret = ENOMEM; - - done: - if (kret) { - if (ktentp->principal) - krb5_free_principal(kcontext, ktentp->principal); - if (ktentp->key.contents) { - memset((char *) ktentp->key.contents, 0, - (size_t) ktentp->key.length); - krb5_xfree(ktentp->key.contents); - } - memset((char *) ktentp, 0, sizeof(krb5_keytab_entry)); - } - return(kret); -} diff --git a/src/lib/kadm/adm_kt_enc.c b/src/lib/kadm/adm_kt_enc.c deleted file mode 100644 index d7dc65af1..000000000 --- a/src/lib/kadm/adm_kt_enc.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * lib/kadm/adm_kt_enc.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * adm_kt_enc.c - Encode keytab entry according to protocol. - */ -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - - -/* - * krb5_adm_ktent_to_proto() - Convert a keytab entry into an external - * list of reply components. - * - * Successful callers must free the storage for complistp and complistp->data - * either manually or by using krb5_free_adm_data(). - */ -krb5_error_code -krb5_adm_ktent_to_proto(kcontext, ktentp, ncompp, complistp) - krb5_context kcontext; - krb5_keytab_entry *ktentp; - krb5_int32 *ncompp; - krb5_data **complistp; -{ - krb5_error_code kret; - krb5_data *clist; - krb5_int32 nents; - - kret = ENOMEM; - nents = 0; - if (clist = (krb5_data *) malloc((size_t) KRB5_ADM_KT_NCOMPS * - sizeof(krb5_data))) { - memset((char *) clist, 0, ((size_t) KRB5_ADM_KT_NCOMPS * - sizeof(krb5_data))); - /* - * Fill in the principal field. - */ - if (kret = krb5_unparse_name(kcontext, - ktentp->principal, - &clist[KRB5_ADM_KT_PRINCIPAL].data)) - goto done; - clist[KRB5_ADM_KT_PRINCIPAL].length = - strlen(clist[KRB5_ADM_KT_PRINCIPAL].data); - nents++; - - /* - * Fill in timestamp. - */ - if (kret = krb5_timeofday(kcontext, &ktentp->timestamp)) - goto done; - if (clist[KRB5_ADM_KT_TIMESTAMP].data = - (char *) malloc(sizeof(krb5_ui_4))) { - clist[KRB5_ADM_KT_TIMESTAMP].length = sizeof(krb5_ui_4); - clist[KRB5_ADM_KT_TIMESTAMP].data[0] = - (char) ((ktentp->timestamp >> 24) & 0xff); - clist[KRB5_ADM_KT_TIMESTAMP].data[1] = - (char) ((ktentp->timestamp >> 16) & 0xff); - clist[KRB5_ADM_KT_TIMESTAMP].data[2] = - (char) ((ktentp->timestamp >> 8) & 0xff); - clist[KRB5_ADM_KT_TIMESTAMP].data[3] = - (char) (ktentp->timestamp & 0xff); - nents++; - } - else { - kret = ENOMEM; - goto done; - } - - /* - * Fill in vno. - */ - if (clist[KRB5_ADM_KT_VNO].data = - (char *) malloc(sizeof(krb5_ui_4))) { - clist[KRB5_ADM_KT_VNO].length = sizeof(krb5_ui_4); - clist[KRB5_ADM_KT_VNO].data[0] = (ktentp->vno >> 24) & 0xff; - clist[KRB5_ADM_KT_VNO].data[1] = (ktentp->vno >> 16) & 0xff; - clist[KRB5_ADM_KT_VNO].data[2] = (ktentp->vno >> 8) & 0xff; - clist[KRB5_ADM_KT_VNO].data[3] = ktentp->vno & 0xff; - nents++; - } - else { - kret = ENOMEM; - goto done; - } - - /* - * Fill in key_enctype. - */ - if (clist[KRB5_ADM_KT_KEY_ENCTYPE].data = - (char *) malloc(sizeof(krb5_ui_4))) { - clist[KRB5_ADM_KT_KEY_ENCTYPE].length = sizeof(krb5_ui_4); - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[0] = - (ktentp->key.enctype >> 24) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[1] = - (ktentp->key.enctype >> 16) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[2] = - (ktentp->key.enctype >> 8) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[3] = - ktentp->key.enctype & 0xff; - nents++; - } - else { - kret = ENOMEM; - goto done; - } - - /* - * Fill in key_key. - */ - if (clist[KRB5_ADM_KT_KEY_KEY].data = - (char *) malloc((size_t) ktentp->key.length)) { - memcpy(clist[KRB5_ADM_KT_KEY_KEY].data, - ktentp->key.contents, - (size_t) ktentp->key.length); - clist[KRB5_ADM_KT_KEY_KEY].length = ktentp->key.length; - nents++; - kret = 0; - } - else - kret = ENOMEM; - } - done: - if (kret) { - if (clist) { - int i; - for (i=0; ilength >= len_req) && - (!strncmp(dataentp->data, keyword, strlen(keyword))) && - (!value_req || (dataentp->data[strlen(keyword)] == '='))) - return(len_req); - else - return(-1); -} - -/* - * decode_kw_string() - Decode a keyword= pair and return the - * string value if the pair is present. - * - * Note: successful callers must free the string storage. - */ -static krb5_error_code -decode_kw_string(dataentp, keyword, stringp) - krb5_data *dataentp; - char *keyword; - char **stringp; -{ - krb5_error_code kret; - off_t valueoff; - size_t len2copy; - - kret = ENOENT; - if ((valueoff = keyword_value(dataentp, keyword, 1)) >= 0) { - kret = ENOMEM; - len2copy = (size_t) ((off_t) dataentp->length - valueoff); - *stringp = (char *) malloc(len2copy+1); - if (*stringp) { - strncpy(*stringp, &dataentp->data[valueoff], len2copy); - (*stringp)[len2copy] = '\0'; - kret = 0; - } - } - return(kret); -} - -/* - * decode_kw_integer() - Decode a keyword= pair and return the value - * if the pair is present. - */ -static krb5_error_code -decode_kw_integer(dataentp, keyword, uintp) - krb5_data *dataentp; - char *keyword; - krb5_ui_4 *uintp; -{ - krb5_error_code kret; - off_t voff; - size_t len2copy; - - kret = ENOENT; - if ((voff = keyword_value(dataentp, keyword, 1)) >= 0) { - kret = EINVAL; - len2copy = (size_t) ((off_t) dataentp->length - voff); - if (len2copy == sizeof(krb5_ui_4)) { - *uintp = (((krb5_int32) ((unsigned char) dataentp->data[voff]) - << 24) + - ((krb5_int32) ((unsigned char) dataentp->data[voff+1]) - << 16) + - ((krb5_int32) ((unsigned char) dataentp->data[voff+2]) - << 8) + - ((krb5_int32) ((unsigned char) dataentp->data[voff+3]))); - kret = 0; - } - } - return(kret); -} - -/* - * decode_kw_gentime() - Decode a keyword= pair and return the - * time result if the pair is present. - * - * XXX - this knows too much about how Kerberos time is encoded. - */ -static krb5_error_code -decode_kw_gentime(dataentp, keyword, gtimep) - krb5_data *dataentp; - char *keyword; - krb5_timestamp *gtimep; -{ - krb5_error_code kret; - char *timestring; - struct tm tval; - time_t temp_time; - - memset((char *) &tval, 0, sizeof(tval)); - timestring = (char *) NULL; - if (!(kret = decode_kw_string(dataentp, keyword, ×tring))) { - kret = EINVAL; - if ((strlen(timestring) == 15) && - (timestring[14] == 'Z')) { - tval.tm_year = 1000*char2int(timestring[0]) + - 100*char2int(timestring[1]) + - 10*char2int(timestring[2]) + - char2int(timestring[3]) - 1900; - tval.tm_mon = 10*char2int(timestring[4]) + - char2int(timestring[5]) - 1; - tval.tm_mday = 10*char2int(timestring[6]) + - char2int(timestring[7]); - tval.tm_hour = 10*char2int(timestring[8]) + - char2int(timestring[9]); - tval.tm_min = 10*char2int(timestring[10]) + - char2int(timestring[11]); - tval.tm_sec = 10*char2int(timestring[12]) + - char2int(timestring[13]); - tval.tm_isdst = -1; - temp_time = gmt_mktime(&tval); - if (temp_time >= 0) { - kret = 0; - *gtimep = (krb5_timestamp) temp_time; - } - } - free(timestring); - } - return(kret); -} - -/* - * decode_kw_tagged() - Decode a keyword=... list and return - * the values of the tags and the data if the list is - * present. - */ -static krb5_error_code -decode_kw_tagged(dataentp, keyword, ntags, taglist, lenp, datap) - krb5_data *dataentp; - char *keyword; - krb5_int32 ntags; - krb5_int32 *taglist; - size_t *lenp; - krb5_octet **datap; -{ - krb5_error_code kret; - off_t valueoff; - size_t len2copy; - unsigned char *cp, *ep; - int i; - - kret = ENOENT; - if ((valueoff = keyword_value(dataentp, keyword, 1)) >= 0) { - /* - * Blast through the tags. - */ - kret = 0; - cp = (unsigned char *) &dataentp->data[valueoff]; - ep = (unsigned char *) &dataentp->data[dataentp->length]; - for (i=0; i ep) { - kret = EINVAL; - break; - } - taglist[i] = (((krb5_int32) ((unsigned char) cp[0]) << 24) + - ((krb5_int32) ((unsigned char) cp[1]) << 16) + - ((krb5_int32) ((unsigned char) cp[2]) << 8) + - ((krb5_int32) ((unsigned char) cp[3]))); - cp += sizeof(krb5_int32); - } - if (!kret) { - /* - * If we were successful, copy out the remaining bytes for value. - */ - len2copy = (size_t) (ep - cp); - if (len2copy && - (*datap = (krb5_octet *) malloc(len2copy+1))) { - memcpy(*datap, cp, len2copy); - (*datap)[len2copy] = '\0'; - } - if (len2copy && !*datap) - kret = ENOMEM; - else - *lenp = len2copy; - } - } - return(kret); -} - -#if !defined(_MSDOS) && !defined(_WIN32) && !defined(_MACINTOSH) -/* - * krb5_adm_proto_to_dbent() - Convert external attribute list into a - * database entry. - * - * Scan through the keyword=value pairs in "data" until either the end of - * the list (as determined from "nent") is reached, or an error occurs. - * Return a mask of attributes which are set in "validp", the actual - * attribute values in "dbentp" and "pwordp" if a password is specified. - * - * Successful callers must allocate the storage for "validp", "dbentp" and - * must free the storage allocated for "pwordp" if a password is specified - * and free the storage allocated for "validp->mod_name" if a modifier name - * is specified. - */ -krb5_error_code -krb5_adm_proto_to_dbent(kcontext, nent, data, validp, dbentp, pwordp) - krb5_context kcontext; /* Kerberos context */ /* In */ - krb5_int32 nent; /* Number of components */ /* In */ - krb5_data *data; /* Component list */ /* In */ - krb5_ui_4 *validp; /* Valid bitmask */ /* Out */ - krb5_db_entry *dbentp; /* Database entry */ /* Out */ - char **pwordp; /* Password string */ /* Out */ -{ - int i; - krb5_error_code retval; - krb5_ui_4 parsed_mask; - krb5_int32 taglist[4]; - size_t data_length; - krb5_octet *tagged_data; - struct key_tag_correlator { - krb5_int32 key_tag; - int key_data_index; - } *correlators, *correlation; - int ncorrelations; - - /* Initialize */ - retval = 0; - parsed_mask = 0; - *pwordp = (char *) NULL; - correlators = (struct key_tag_correlator *) NULL; - ncorrelations = 0; - - /* Loop through all the specified keyword=value pairs. */ - for (i=0; imax_life))) { - parsed_mask |= KRB5_ADM_M_MAXLIFE; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for maximum renewable lifetime */ - if (!(retval = decode_kw_integer(&data[i], - KRB5_ADM_KW_MAXRENEWLIFE, - (krb5_ui_4 *) - &dbentp->max_renewable_life))) { - parsed_mask |= KRB5_ADM_M_MAXRENEWLIFE; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for principal expiration */ - if (!(retval = decode_kw_gentime(&data[i], - KRB5_ADM_KW_EXPIRATION, - &dbentp->expiration))) { - parsed_mask |= KRB5_ADM_M_EXPIRATION; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for password expiration */ - if (!(retval = decode_kw_gentime(&data[i], - KRB5_ADM_KW_PWEXPIRATION, - &dbentp->pw_expiration))) { - parsed_mask |= KRB5_ADM_M_PWEXPIRATION; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* random key - value optional */ - if (keyword_value(&data[i], - KRB5_ADM_KW_RANDOMKEY, - 0) >= 0) { - krb5_ui_4 value; - - if (retval = decode_kw_integer(&data[i], - KRB5_ADM_KW_RANDOMKEY, - &value)) { - value = 1; - retval = 0; - } - if (value) - parsed_mask |= KRB5_ADM_M_RANDOMKEY; - else - parsed_mask &= ~KRB5_ADM_M_RANDOMKEY; - continue; - } - - /* Check for flags */ - if (!(retval = decode_kw_integer(&data[i], - KRB5_ADM_KW_FLAGS, - (krb5_ui_4 *) &dbentp->attributes))) { - parsed_mask |= KRB5_ADM_M_FLAGS; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for last successful password entry */ - if (!(retval = decode_kw_gentime(&data[i], - KRB5_ADM_KW_LASTSUCCESS, - &dbentp->last_success))) { - parsed_mask |= KRB5_ADM_M_LASTSUCCESS; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for last failed entry */ - if (!(retval = decode_kw_gentime(&data[i], - KRB5_ADM_KW_LASTFAILED, - &dbentp->last_failed))) { - parsed_mask |= KRB5_ADM_M_LASTFAILED; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for failure count */ - if (!(retval = decode_kw_integer(&data[i], - KRB5_ADM_KW_FAILCOUNT, - (krb5_ui_4 *) - &dbentp->fail_auth_count))) { - parsed_mask |= KRB5_ADM_M_FAILCOUNT; - continue; - } - else { - if (retval != ENOENT) - break; - } - - /* Check for auxiliary data */ - if (!(retval = decode_kw_tagged(&data[i], - KRB5_ADM_KW_AUXDATA, - 1, - taglist, - &data_length, - &tagged_data))) { - krb5_tl_data **fixupp; - krb5_tl_data *tl_data, *new_tl; - - /* - * We've got a tagged data value here. We've got to do a little - * work to put it in the right place. First, find the right place. - */ - fixupp = &dbentp->tl_data; - for (tl_data = dbentp->tl_data; - tl_data; - tl_data = tl_data->tl_data_next) - fixupp = &tl_data->tl_data_next; - - /* Get memory */ - if (new_tl = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) { - /* Fill in the supplied values */ - new_tl->tl_data_type = (krb5_int16) taglist[0]; - new_tl->tl_data_length = (krb5_int16) data_length; - new_tl->tl_data_contents = tagged_data; - - /* Link in the right place */ - new_tl->tl_data_next= *fixupp; - *fixupp = new_tl; - - /* Update counters and flags */ - dbentp->n_tl_data++; - parsed_mask |= KRB5_ADM_M_AUXDATA; - } - else { - retval = ENOMEM; - break; - } - continue; - } - else { - if ((retval != ENOENT) && (retval != EINVAL)) - break; - } - - /* Check for key data */ - if (!(retval = decode_kw_tagged(&data[i], - KRB5_ADM_KW_KEYDATA, - 3, - taglist, - &data_length, - &tagged_data))) { - krb5_boolean corr_found; - int cindex, kindex; - krb5_key_data *kdata; - - /* - * See if we already have a correlation betwen our key-tag and - * an index into the key table. - */ - corr_found = 0; - for (cindex = 0; cindex < ncorrelations; cindex++) { - if (correlators[cindex].key_tag == taglist[0]) { - correlation = &correlators[cindex]; - corr_found = 1; - break; - } - } - - /* If not, then we had better make one up */ - if (!corr_found) { - /* Get a new list */ - if (correlation = (struct key_tag_correlator *) - malloc((ncorrelations+1)* - sizeof(struct key_tag_correlator))) { - /* Save the contents of the old one. */ - if (ncorrelations) { - memcpy(correlation, correlators, - ncorrelations* - sizeof(struct key_tag_correlator)); - /* Free the old one */ - free(correlators); - } - /* Point us at the new relation */ - correlators = correlation; - correlation = &correlators[ncorrelations]; - ncorrelations++; - correlation->key_tag = taglist[0]; - /* Make a new key data entry */ - if (kdata = (krb5_key_data *) - malloc((dbentp->n_key_data+1)*sizeof(krb5_key_data))) { - /* Copy the old list */ - if (dbentp->n_key_data) { - memcpy(kdata, dbentp->key_data, - dbentp->n_key_data*sizeof(krb5_key_data)); - free(dbentp->key_data); - } - dbentp->key_data = kdata; - correlation->key_data_index = dbentp->n_key_data; - memset(&kdata[dbentp->n_key_data], 0, - sizeof(krb5_key_data)); - kdata[dbentp->n_key_data].key_data_ver = 1; - dbentp->n_key_data++; - corr_found = 1; - } - else - retval = ENOMEM; - } - else - retval = ENOMEM; - } - - /* Check to see if we either found a correlation or made one */ - if (corr_found) { - /* Special case for key version number */ - if (taglist[1] == -1) { - dbentp->key_data[correlation->key_data_index]. - key_data_kvno = taglist[2]; - } - else { - dbentp->key_data[correlation->key_data_index]. - key_data_type[taglist[1]] = taglist[2]; - dbentp->key_data[correlation->key_data_index]. - key_data_length[taglist[1]] = (krb5_int16) data_length; - dbentp->key_data[correlation->key_data_index]. - key_data_contents[taglist[1]] = tagged_data; - } - parsed_mask |= KRB5_ADM_M_KEYDATA; - } - else - break; - continue; - } - else { - if ((retval != ENOENT) && (retval != EINVAL)) - break; - } - - /* Check for extra data */ - if (!(retval = decode_kw_tagged(&data[i], - KRB5_ADM_KW_EXTRADATA, - 0, - taglist, - &data_length, - &dbentp->e_data))) { - dbentp->e_length = (krb5_int16) data_length; - parsed_mask |= KRB5_ADM_M_EXTRADATA; - continue; - } - else { - if ((retval != ENOENT) && (retval != EINVAL)) - break; - } - - /* If we fall through here, we've got something unrecognized */ - if (retval) { - retval = EINVAL; - break; - } - } - - if (retval) { - if (*pwordp) { - memset(*pwordp, 0, strlen(*pwordp)); - free(*pwordp); - *pwordp = (char *) NULL; - } - parsed_mask = 0; - } - if (correlators) - free(correlators); - *validp |= parsed_mask; - return(retval); -} -#endif diff --git a/src/lib/kadm/adm_kw_enc.c b/src/lib/kadm/adm_kw_enc.c deleted file mode 100644 index b98725f91..000000000 --- a/src/lib/kadm/adm_kw_enc.c +++ /dev/null @@ -1,433 +0,0 @@ -/* - * lib/kadm/adm_kw_enc.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * adm_kw_enc.c - routines to encode principal attributes in keyword-value - * pairs. - */ -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - - -/* - * format_kw_string() - Format a keyword= pair. - * - * Work routine for other string-based formatters also. - */ -static krb5_error_code -format_kw_string(datap, kwordp, valp) - krb5_data *datap; - char *kwordp; - char *valp; -{ - krb5_error_code retval; - char fbuffer[BUFSIZ]; - - retval = ENOMEM; - sprintf(fbuffer,"%s=%s", kwordp, valp); - datap->data = (char *) malloc(strlen(fbuffer)+1); - if (datap->data) { - datap->length = strlen(fbuffer); - strcpy(datap->data, fbuffer); - retval = 0; - } - return(retval); -} - -/* - * format_kw_integer() - Format a keyword= pair. - */ -static krb5_error_code -format_kw_integer(datap, kwordp, val) - krb5_data *datap; - char *kwordp; - krb5_ui_4 val; -{ - krb5_error_code retval; - char fbuffer[BUFSIZ]; - - retval = ENOMEM; - sprintf(fbuffer,"%s=", kwordp); - datap->data = (char *) malloc(strlen(fbuffer)+sizeof(krb5_ui_4)); - if (datap->data) { - datap->length = strlen(fbuffer); - strcpy(datap->data, fbuffer); - datap->data[datap->length] = (unsigned char) ((val >> 24) & 0xff); - datap->data[datap->length+1] = (unsigned char) ((val >> 16) & 0xff); - datap->data[datap->length+2] = (unsigned char) ((val >> 8) & 0xff); - datap->data[datap->length+3] = (unsigned char) (val & 0xff); - datap->length += sizeof(krb5_ui_4); - retval = 0; - } - return(retval); -} - -/* - * format_kw_gentime() - Format a keyword= pair. - * - * XXX - should this routine know so much about how generaltime is encoded? - */ -static krb5_error_code -format_kw_gentime(datap, kwordp, timep) - krb5_data *datap; - char *kwordp; - krb5_timestamp *timep; -{ - krb5_error_code retval; - char fbuffer[BUFSIZ]; - time_t tval; - struct tm *time_gmt; - - retval = EINVAL; - tval = (time_t) *timep; - time_gmt = gmtime(&tval); - if (time_gmt) { - sprintf(fbuffer,"%04d%02d%02d%02d%02d%02dZ", - time_gmt->tm_year+1900, - time_gmt->tm_mon+1, - time_gmt->tm_mday, - time_gmt->tm_hour, - time_gmt->tm_min, - time_gmt->tm_sec); - retval = format_kw_string(datap, kwordp, fbuffer); - } - return(retval); -} - -/* - * format_kw_tagged() - Format a =... list. - */ -static krb5_error_code -format_kw_tagged(datap, kwordp, ntags, taglist, vallen, val) - krb5_data *datap; - char *kwordp; - const int ntags; - krb5_int32 *taglist; - krb5_int32 vallen; - krb5_octet *val; -{ - krb5_error_code retval; - unsigned char *cp; - int i; - - /* Calculate the size required: - * strlen(kwordp) + 1 for "kword"= - * 4 * ntags for tags - * vallen for value; - */ - datap->data = (char *) malloc(strlen(kwordp)+ - 1+ - (ntags*sizeof(krb5_int32))+ - vallen+1); - if (datap->data) { - datap->length = strlen(kwordp)+1+(ntags*sizeof(krb5_int32))+vallen; - cp = (unsigned char *) datap->data; - cp[datap->length] = '\0'; - sprintf((char *) cp, "%s=", kwordp); - cp += strlen((char *) cp); - for (i=0; i> 24) & 0xff); - cp[1] = (unsigned char) ((taglist[i] >> 16) & 0xff); - cp[2] = (unsigned char) ((taglist[i] >> 8) & 0xff); - cp[3] = (unsigned char) (taglist[i] & 0xff); - cp += sizeof(krb5_int32); - } - if (val && vallen) - memcpy(cp, val, vallen); - retval = 0; - } - return(retval); -} - -#if !defined(_MSDOS) && !defined(_WIN32) && !defined(_MACINTOSH) -/* - * krb5_adm_dbent_to_proto() - Convert database a database entry into - * an external attribute list. - * - * "valid" controls the generation of "datap" and "nentp". For each - * corresponding bit in "valid" a keyword-value pair is generated from - * values in "dbentp" or "password" and put into "datap". The number of - * generated pairs is returned in "nentp". Additionally, the KRB5_ADM_M_SET - * and KRB5_ADM_M_GET bits control whether we are generating attribute lists - * for a "set" operation or a "get" operation. One of these bits must be - * specified. - * - * Successful callers must free the storage for datap and datap->data - * either manually or using krb5_free_adm_data(). - */ -krb5_error_code -krb5_adm_dbent_to_proto(kcontext, valid, dbentp, password, nentp, datap) - krb5_context kcontext; /* Kerberos context */ /* In */ - krb5_ui_4 valid; /* Valid bitmask */ /* In */ - krb5_db_entry *dbentp; /* Database entry */ /* In */ - char *password; /* New password for set */ /* In */ - krb5_int32 *nentp; /* Number of components */ /* Out */ - krb5_data **datap; /* Output list */ /* Out */ -{ - krb5_error_code kret; - krb5_data *outlist; - size_t n2alloc; - int outindex; - krb5_boolean is_set; - krb5_ui_4 tmp; - krb5_int32 taglist[4]; - krb5_tl_data *tl_data; - int keyind, attrind; - - kret = 0; - /* First check out whether this is a set or get and the mask */ - is_set = ((valid & KRB5_ADM_M_SET) == KRB5_ADM_M_SET); - if ((is_set && ((valid & ~KRB5_ADM_M_SET_VALID) != 0)) || - (!is_set && ((valid & ~KRB5_ADM_M_GET_VALID) != 0)) || - (!is_set && ((valid & KRB5_ADM_M_GET) == 0))) - return(EINVAL); - - /* - * Compute the number of elements to allocate. First count set bits. - */ - n2alloc = 0; - for (tmp = valid & ~(KRB5_ADM_M_SET|KRB5_ADM_M_GET); - tmp; - tmp >>= 1) { - if (tmp & 1) - n2alloc++; - } - if (valid & KRB5_ADM_M_AUXDATA) - n2alloc += (dbentp->n_tl_data - 1); - /* - * NOTE: If the number of per-key attributes increases, you must increase - * the 3 below. The 3 represents 1 for key version, 1 for key type and - * one for salt type. - */ - if (valid & KRB5_ADM_M_KEYDATA) - n2alloc += ((dbentp->n_key_data*3)-1); - - n2alloc *= sizeof(krb5_data); - outindex = 0; - outlist = (krb5_data *) malloc(n2alloc); - if (outlist) { - /* Clear out the output data list */ - memset((char *) outlist, 0, n2alloc); - - /* Handle password only for set request */ - if (is_set && - ((valid & KRB5_ADM_M_PASSWORD) != 0) && - password) { - if (kret = format_kw_string(&outlist[outindex], - KRB5_ADM_KW_PASSWORD, - password)) - goto choke; - else - outindex++; - } - /* Handle maximum ticket lifetime */ - if ((valid & KRB5_ADM_M_MAXLIFE) != 0) { - if (kret = format_kw_integer(&outlist[outindex], - KRB5_ADM_KW_MAXLIFE, - (krb5_ui_4) dbentp->max_life)) - goto choke; - else - outindex++; - } - /* Handle maximum renewable ticket lifetime */ - if ((valid & KRB5_ADM_M_MAXRENEWLIFE) != 0) { - if (kret = - format_kw_integer(&outlist[outindex], - KRB5_ADM_KW_MAXRENEWLIFE, - (krb5_ui_4) dbentp->max_renewable_life)) - goto choke; - else - outindex++; - } - /* Handle principal expiration */ - if ((valid & KRB5_ADM_M_EXPIRATION) != 0) { - if (kret = format_kw_gentime(&outlist[outindex], - KRB5_ADM_KW_EXPIRATION, - &dbentp->expiration)) - goto choke; - else - outindex++; - } - /* Handle password expiration */ - if ((valid & KRB5_ADM_M_PWEXPIRATION) != 0) { - if (kret = format_kw_gentime(&outlist[outindex], - KRB5_ADM_KW_PWEXPIRATION, - &dbentp->pw_expiration)) - goto choke; - else - outindex++; - } - /* Random key */ - if ((valid & KRB5_ADM_M_RANDOMKEY) != 0) { - if (kret = format_kw_integer(&outlist[outindex], - KRB5_ADM_KW_RANDOMKEY, - 1)) - goto choke; - else - outindex++; - } - /* Handle flags */ - if ((valid & KRB5_ADM_M_FLAGS) != 0) { - if (kret = format_kw_integer(&outlist[outindex], - KRB5_ADM_KW_FLAGS, - (krb5_ui_4) dbentp->attributes)) - goto choke; - else - outindex++; - } - /* Handle last successful password entry */ - if (!is_set && - ((valid & KRB5_ADM_M_LASTSUCCESS) != 0)) { - if (kret = format_kw_gentime(&outlist[outindex], - KRB5_ADM_KW_LASTSUCCESS, - &dbentp->last_success)) - goto choke; - else - outindex++; - } - /* Handle last failed password attempt */ - if (!is_set && - ((valid & KRB5_ADM_M_LASTFAILED) != 0)) { - if (kret = format_kw_gentime(&outlist[outindex], - KRB5_ADM_KW_LASTFAILED, - &dbentp->last_failed)) - goto choke; - else - outindex++; - } - /* Handle number of failed password attempts */ - if (!is_set && - ((valid & KRB5_ADM_M_FAILCOUNT) != 0)) { - if (kret = format_kw_integer(&outlist[outindex], - KRB5_ADM_KW_FAILCOUNT, - (krb5_ui_4) dbentp->fail_auth_count)) - goto choke; - else - outindex++; - } - - /* Handle the auxiliary data */ - if ((valid & KRB5_ADM_M_AUXDATA) != 0) { - for (tl_data = dbentp->tl_data; tl_data; tl_data = - tl_data->tl_data_next) { - taglist[0] = (krb5_int32) tl_data->tl_data_type; - if (kret = format_kw_tagged(&outlist[outindex], - KRB5_ADM_KW_AUXDATA, - 1, - taglist, - (krb5_int32) tl_data-> - tl_data_length, - tl_data->tl_data_contents)) - goto choke; - else - outindex++; - } - } - - /* Handle the key data */ - if (!is_set && - ((valid & KRB5_ADM_M_KEYDATA) != 0)) { - for (keyind = 0; keyind < dbentp->n_key_data; keyind++) { - /* - * First handle kvno - */ - taglist[0] = (krb5_int32) keyind; - taglist[1] = (krb5_int32) -1; - taglist[2] = (krb5_int32) dbentp->key_data[keyind]. - key_data_kvno; - if (kret = format_kw_tagged(&outlist[outindex], - KRB5_ADM_KW_KEYDATA, - 3, - taglist, - 0, - (krb5_octet *) NULL)) - goto choke; - else - outindex++; - - /* - * Then each attribute as supported. - */ - for (attrind = 0; - attrind < KRB5_KDB_V1_KEY_DATA_ARRAY; - attrind++) { - taglist[1] = (krb5_int32) attrind; - taglist[2] = (krb5_int32) dbentp->key_data[keyind]. - key_data_type[attrind]; - if (kret = format_kw_tagged(&outlist[outindex], - KRB5_ADM_KW_KEYDATA, - 3, - taglist, - (krb5_int32) dbentp-> - key_data[keyind]. - key_data_length[attrind], - dbentp->key_data[keyind]. - key_data_contents[attrind]) - ) - goto choke; - else - outindex++; - } - } - } - - /* Finally, handle the extra data */ - if ((valid & KRB5_ADM_M_EXTRADATA) != 0) { - if (kret = format_kw_tagged(&outlist[outindex], - KRB5_ADM_KW_EXTRADATA, - 0, - (krb5_int32 *) NULL, - (krb5_int32) dbentp->e_length, - dbentp->e_data)) - goto choke; - else - outindex++; - } - } - else { - if (n2alloc) - kret = ENOMEM; - } - choke: - if (kret) { - if (outlist) { - int i; - for (i=0; i> 24) & 0xff); - cp[1] = (char) ((outint >> 16) & 0xff); - cp[2] = (char) ((outint >> 8) & 0xff); - cp[3] = (char) (outint & 0xff); -} - -/* - * krb5_free_adm_data() - Free data blocks allocated by read_adm... routines. - */ -void INTERFACE -krb5_free_adm_data(kcontext, ncomp, datap) - krb5_context kcontext; - krb5_int32 ncomp; - krb5_data *datap; -{ - int i; - - if (datap) { - for (i=0; i 0)) - krb5_xfree(datap[i].data); - - krb5_xfree(datap); - } -} - -/* - * krb5_send_adm_cmd() - Send an administrative command. - * - * Send a list of data in a KRB_PRIV message. Data takes the format: - * nargs (4 octets in network order) - * arg size 1 (4 octets in network order) - * arg data 1 ("arg size 1" octets) - * . - * . - * . - */ -krb5_error_code INTERFACE -krb5_send_adm_cmd(kcontext, sock, ctx, nargs, arglist) - krb5_context kcontext; /* Context handle (In ) */ - krb5_pointer sock; /* Socket to write to (In ) */ - krb5_auth_context ctx; /* Auth context (In ) */ - krb5_int32 nargs; /* Number of arguments (In ) */ - krb5_data *arglist; /* Components to write (In ) */ -{ - int writebufsize; - int i; - char *writebuf; - krb5_error_code ret; - krb5_int32 ac_flags; - - /* - * First check that our auth context has the right flags in it. - */ - if (ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags)) - return(ret); - - if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE| - KRB5_AUTH_CONTEXT_DO_SEQUENCE)) != - (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) { - /* XXX - need a better error */ - return(KRB5KRB_AP_ERR_MSG_TYPE); - } - - ret = 0; - /* Calculate write buffer size */ - writebufsize = sizeof(krb5_int32); - for (i=0; i= sizeof(krb5_int32)) { - curr = msg_data.data; - kadm_copyin_int32(curr, nargs); - curr += sizeof(krb5_int32); - - /* Are there any components to copy? */ - if (*nargs > 0) { - - /* Get the memory for the list */ - if (*arglist = (krb5_data *) - malloc((size_t) (*nargs) * sizeof(krb5_data))) { - krb5_data *xarglist; - - xarglist = *arglist; - memset((char *) (xarglist), 0, - (size_t) (*nargs) * sizeof(krb5_data)); - - replyok = 1; - /* Copy out each list entry */ - for (i=0; i<*nargs; i++) { - - /* First get the length of the reply component */ - if (curr + sizeof(krb5_int32) - msg_data.data <= - msg_data.length) { - - kadm_copyin_int32(curr, &len32); - xarglist[i].length = (int) len32; - curr += sizeof(krb5_int32); - - /* Then get the memory for the actual data */ - if ((curr + xarglist[i].length - - msg_data.data <= msg_data.length) && - (xarglist[i].data = (char *) - malloc(xarglist[i].length+1))) { - - /* Then copy it out */ - memcpy(xarglist[i].data, - curr, - xarglist[i].length); - curr += xarglist[i].length; - - /* Null terminate for convenience */ - xarglist[i].data[xarglist[i].length] - = '\0'; - } - else { - /* Not enough remaining data. */ - replyok = 0; - break; - } - } - else { - /* Not enough remaining data */ - replyok = 0; - break; - } - } - if (!replyok) - krb5_free_adm_data(kcontext, *nargs, *arglist); - } - } - else { - if (*nargs == 0) { - *arglist = (krb5_data *) NULL; - replyok = 1; - } - } - } - if (!replyok) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; /* syntax error */ - } - memset(msg_data.data, 0, msg_data.length); - krb5_xfree(msg_data.data); - } - krb5_xfree(read_data.data); - } - return(ret); -} - -/* - * krb5_read_adm_reply() - Read an administrative protocol response. - * - * Expect to read them out in the same format as send_adm_reply shoots them - * in. - * - * It is the caller's responsibility to free the memory allocated for - * the read in component list. - */ -krb5_error_code INTERFACE -krb5_read_adm_reply(kcontext, sock, ctx, cmd_stat, ncomps, complist) - krb5_context kcontext; /* Context handle (In ) */ - krb5_pointer sock; /* Socket to read from (In ) */ - krb5_auth_context ctx; /* Auth context (In ) */ - krb5_int32 *cmd_stat; /* Command status (Out) */ - krb5_int32 *ncomps; /* # of reply components(Out) */ - krb5_data **complist; /* List of components (Out) */ -{ - krb5_data read_data; - krb5_error_code ret; - krb5_data msg_data; - krb5_replay_data replay_data; - krb5_int32 ac_flags; - krb5_int32 len32; - - /* - * First check that our auth context has the right flags in it. - */ - if (ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags)) - return(ret); - - if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE| - KRB5_AUTH_CONTEXT_DO_SEQUENCE)) != - (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) { - /* XXX - need a better error */ - return(KRB5KRB_AP_ERR_MSG_TYPE); - } - - if (!(ret = krb5_read_message(kcontext, sock, &read_data))) { - if (!(ret = krb5_rd_priv(kcontext, - ctx, - &read_data, - &msg_data, - &replay_data))) { - char *curr; - int replyok; - int i; - - replyok = 0; - /* We'd better have at least two reply components */ - if (msg_data.length >= (2*sizeof(krb5_int32))) { - curr = msg_data.data; - kadm_copyin_int32(curr, cmd_stat); - curr += sizeof(krb5_int32); - kadm_copyin_int32(curr, ncomps); - curr += sizeof(krb5_int32); - - /* Are there any components to copy? */ - if (*ncomps > 0) { - - /* Get the memory for the list */ - if (*complist = (krb5_data *) - malloc((size_t) ((*ncomps) * sizeof(krb5_data)))) { - krb5_data *xcomplist; - - xcomplist = *complist; - memset((char *) (xcomplist), 0, - (size_t) ((*ncomps) * sizeof(krb5_data))); - - replyok = 1; - /* Copy out each list entry */ - for (i=0; i<*ncomps; i++) { - - /* First get the length of the reply component */ - if (curr + sizeof(krb5_int32) - msg_data.data <= - msg_data.length) { - kadm_copyin_int32(curr, &len32); - xcomplist[i].length = (int) len32; - curr += sizeof(krb5_int32); - - /* Then get the memory for the actual data */ - if ((curr + xcomplist[i].length - - msg_data.data <= msg_data.length) && - (xcomplist[i].data = (char *) - malloc(xcomplist[i].length+1))) { - - /* Then copy it out */ - memcpy(xcomplist[i].data, - curr, - xcomplist[i].length); - curr += xcomplist[i].length; - - /* Null terminate for convenience */ - xcomplist[i].data[xcomplist[i].length] - = '\0'; - } - else { - /* Not enough remaining data. */ - replyok = 0; - break; - } - } - else { - /* Not enough remaining data */ - replyok = 0; - break; - } - } - if (!replyok) - krb5_free_adm_data(kcontext, *ncomps, *complist); - } - } - else { - if (*ncomps == 0) { - *complist = (krb5_data *) NULL; - replyok = 1; - } - } - } - if (!replyok) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; /* syntax error */ - } - memset(msg_data.data, 0, msg_data.length); - krb5_xfree(msg_data.data); - } - krb5_xfree(read_data.data); - } - return(ret); -} diff --git a/src/lib/kadm/alt_prof.c b/src/lib/kadm/alt_prof.c deleted file mode 100644 index 9556ac450..000000000 --- a/src/lib/kadm/alt_prof.c +++ /dev/null @@ -1,447 +0,0 @@ -/* - * lib/kadm/alt_prof.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * alt_prof.c - Implement alternate profile file handling. - */ -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" -#include -#include - -/* - * krb5_aprof_init() - Initialize alternate profile context. - * - * Parameters: - * fname - default file name of the profile. - * envname - environment variable name which can override fname. - * acontextp - Pointer to opaque context for alternate profile. - * - * Returns: - * error codes from profile_init() - */ -krb5_error_code -krb5_aprof_init(fname, envname, acontextp) - char *fname; - char *envname; - krb5_pointer *acontextp; -{ - krb5_error_code kret; - const char *namelist[2]; - profile_t profile; - - namelist[1] = (char *) NULL; - profile = (profile_t) NULL; - if (envname) { - if ((namelist[0] = getenv(envname))) { - if (!(kret = profile_init(namelist, &profile))) { - *acontextp = (krb5_pointer) profile; - return(0); - } - } - } - namelist[0] = fname; - profile = (profile_t) NULL; - if (!(kret = profile_init(namelist, &profile))) { - *acontextp = (krb5_pointer) profile; - return(0); - } - return(kret); -} - -/* - * krb5_aprof_getvals() - Get values from alternate profile. - * - * Parameters: - * acontext - opaque context for alternate profile. - * hierarchy - hierarchy of value to retrieve. - * retdata - Returned data values. - * - * Returns: - * error codes from profile_get_values() - */ -krb5_error_code -krb5_aprof_getvals(acontext, hierarchy, retdata) - krb5_pointer acontext; - const char **hierarchy; - char ***retdata; -{ - return(profile_get_values((profile_t) acontext, - hierarchy, - retdata)); -} - -/* - * krb5_aprof_get_deltat() - Get a delta time value from the alternate - * profile. - * - * Parameters: - * acontext - opaque context for alternate profile. - * hierarchy - hierarchy of value to retrieve. - * uselast - if true, use last value, otherwise use - * first value found. - * deltatp - returned delta time value. - * - * Returns: - * error codes from profile_get_values() - * error codes from krb5_string_to_deltat() - */ -krb5_error_code -krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp) - krb5_pointer acontext; - const char **hierarchy; - krb5_boolean uselast; - krb5_deltat *deltatp; -{ - krb5_error_code kret; - char **values; - char *valp; - int index; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index=0; values[index]; index++); - index--; - } - valp = values[index]; - kret = krb5_string_to_deltat(valp, deltatp); - - /* Free the string storage */ - for (index=0; values[index]; index++) - krb5_xfree(values[index]); - krb5_xfree(values); - } - return(kret); -} - -/* - * krb5_aprof_get_string() - Get a string value from the alternate - * profile. - * - * Parameters: - * acontext - opaque context for alternate profile. - * hierarchy - hierarchy of value to retrieve. - * uselast - if true, use last value, otherwise use - * first value found. - * stringp - returned string value. - * - * Returns: - * error codes from profile_get_values() - */ -krb5_error_code -krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) - krb5_pointer acontext; - const char **hierarchy; - krb5_boolean uselast; - char **stringp; -{ - krb5_error_code kret; - char **values; - int index, i; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index=0; values[index]; index++); - index--; - } - - *stringp = values[index]; - - /* Free the string storage */ - for (i=0; values[i]; i++) - if (i != index) - krb5_xfree(values[i]); - krb5_xfree(values); - } - return(kret); -} - -/* - * krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate - * profile. - * - * Parameters: - * acontext - opaque context for alternate profile. - * hierarchy - hierarchy of value to retrieve. - * uselast - if true, use last value, otherwise use - * first value found. - * intp - returned 32-bit integer value. - * - * Returns: - * error codes from profile_get_values() - * EINVAL - value is not an integer - */ -krb5_error_code -krb5_aprof_get_int32(acontext, hierarchy, uselast, intp) - krb5_pointer acontext; - const char **hierarchy; - krb5_boolean uselast; - krb5_int32 *intp; -{ - krb5_error_code kret; - char **values; - int index; - - if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - index = 0; - if (uselast) { - for (index=0; values[index]; index++); - index--; - } - - if (sscanf(values[index], "%d", intp) != 1) - kret = EINVAL; - - /* Free the string storage */ - for (index=0; values[index]; index++) - krb5_xfree(values[index]); - krb5_xfree(values); - } - return(kret); -} - -/* - * krb5_aprof_finish() - Finish alternate profile context. - * - * Parameter: - * acontext - opaque context for alternate profile. - * - * Returns: - * 0 on success, something else on failure. - */ -krb5_error_code -krb5_aprof_finish(acontext) - krb5_pointer acontext; -{ - profile_release(acontext); - return(0); -} - -/* - * krb5_read_realm_params() - Read per-realm parameters from KDC - * alternate profile. - */ -krb5_error_code -krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) - krb5_context kcontext; - char *realm; - char *kdcprofile; - char *kdcenv; - krb5_realm_params **rparamp; -{ - char *filename; - char *envname; - char *lrealm; - krb5_pointer aprofile = 0; - krb5_realm_params *rparams; - const char *hierarchy[4]; - char *svalue; - krb5_int32 ivalue; - krb5_deltat dtvalue; - - krb5_error_code kret; - - filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; - envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; - - if (kcontext->profile_secure == TRUE) envname = 0; - - rparams = (krb5_realm_params *) NULL; - if (realm) - lrealm = strdup(realm); - else { - kret = krb5_get_default_realm(kcontext, &lrealm); - if (kret) - goto cleanup; - } - - kret = krb5_aprof_init(filename, envname, &aprofile); - if (kret) - goto cleanup; - - rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params)); - if (rparams == 0) { - kret = ENOMEM; - goto cleanup; - } - - /* Initialize realm parameters */ - memset((char *) rparams, 0, sizeof(krb5_realm_params)); - - /* Get the value for the database */ - hierarchy[0] = "realms"; - hierarchy[1] = lrealm; - hierarchy[2] = "database_name"; - hierarchy[3] = (char *) NULL; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_dbname = svalue; - - /* Get the value for the KDC port list */ - hierarchy[2] = "kdc_ports"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_kdc_ports = svalue; - - /* Get the name of the acl file */ - hierarchy[2] = "acl_file"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_acl_file = svalue; - - /* Get the value for the kadmind port */ - hierarchy[2] = "kadmind_port"; - if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { - rparams->realm_kadmind_port = ivalue; - rparams->realm_kadmind_port_valid = 1; - } - - /* Get the value for the master key name */ - hierarchy[2] = "master_key_name"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_mkey_name = svalue; - - /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) - rparams->realm_enctype_valid = 1; - krb5_xfree(svalue); - } - - /* Get the value for the stashfile */ - hierarchy[2] = "key_stash_file"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) - rparams->realm_stash_file = svalue; - - /* Get the value for maximum ticket lifetime. */ - hierarchy[2] = "max_life"; - if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { - rparams->realm_max_life = dtvalue; - rparams->realm_max_life_valid = 1; - } - - /* Get the value for maximum renewable ticket lifetime. */ - hierarchy[2] = "max_renewable_life"; - if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { - rparams->realm_max_rlife = dtvalue; - rparams->realm_max_rlife_valid = 1; - } - - /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_timestamp(svalue, - &rparams->realm_expiration)) - rparams->realm_expiration_valid = 1; - krb5_xfree(svalue); - } - - /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - char *sp, *ep, *tp; - - sp = svalue; - rparams->realm_flags = 0; - while (sp) { - if ((ep = strchr(sp, (int) ',')) || - (ep = strchr(sp, (int) ' ')) || - (ep = strchr(sp, (int) '\t'))) { - /* Fill in trailing whitespace of sp */ - tp = ep - 1; - while (isspace(*tp) && (tp < sp)) { - *tp = '\0'; - tp--; - } - *ep = '\0'; - ep++; - /* Skip over trailing whitespace of ep */ - while (isspace(*ep) && (*ep)) ep++; - } - /* Convert this flag */ - if (krb5_string_to_flags(sp, - "+", - "-", - &rparams->realm_flags)) - break; - sp = ep; - } - if (!sp) - rparams->realm_flags_valid = 1; - krb5_xfree(svalue); - } - - /* Get the value for the supported enctype/salttype matrix */ - hierarchy[2] = "supported_enctypes"; - if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - krb5_string_to_keysalts(svalue, - ", \t", /* Tuple separators */ - ":.-", /* Key/salt separators */ - 0, /* No duplicates */ - &rparams->realm_keysalts, - &rparams->realm_num_keysalts); - krb5_xfree(svalue); - } - -cleanup: - if (aprofile) - krb5_aprof_finish(aprofile); - if (lrealm) - free(lrealm); - if (kret) { - if (rparams) - krb5_free_realm_params(kcontext, rparams); - rparams = 0; - } - *rparamp = rparams; - return(kret); -} - -/* - * krb5_free_realm_params() - Free data allocated by above. - */ -krb5_error_code -krb5_free_realm_params(kcontext, rparams) - krb5_context kcontext; - krb5_realm_params *rparams; -{ - if (rparams) { - if (rparams->realm_profile) - krb5_xfree(rparams->realm_profile); - if (rparams->realm_dbname) - krb5_xfree(rparams->realm_dbname); - if (rparams->realm_mkey_name) - krb5_xfree(rparams->realm_mkey_name); - if (rparams->realm_stash_file) - krb5_xfree(rparams->realm_stash_file); - if (rparams->realm_keysalts) - krb5_xfree(rparams->realm_keysalts); - if (rparams->realm_kdc_ports) - krb5_xfree(rparams->realm_kdc_ports); - krb5_xfree(rparams); - } - return(0); -} - diff --git a/src/lib/kadm/configure.in b/src/lib/kadm/configure.in deleted file mode 100644 index a3d4ab55e..000000000 --- a/src/lib/kadm/configure.in +++ /dev/null @@ -1,16 +0,0 @@ -AC_INIT(configure.in) -CONFIG_RULES -AC_PROG_ARCHIVE -AC_PROG_ARCHIVE_ADD -AC_PROG_RANLIB -AC_PROG_INSTALL -AC_HEADER_STDARG -AC_HAVE_HEADERS(pwd.h syslog.h) -AC_HAVE_FUNCS(srand48 srand srandom syslog openlog closelog) -AC_FUNC_CHECK(vsprintf,AC_DEFINE(HAVE_VSPRINTF)) -AC_PROG_AWK -KRB5_RUN_FLAGS -LinkFileDir(../libkadm.a, libkadm.a, ./kadm) -AppendRule([all-unix:: ../libkadm.a]) -AppendRule([all:: all-$(WHAT)]) -V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/kadm/keysalt.c b/src/lib/kadm/keysalt.c deleted file mode 100644 index e8b9b4a33..000000000 --- a/src/lib/kadm/keysalt.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * lib/kadm/keysalt.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * keysalt.c - Routines to handle key/salt tuples. - */ -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - -static const char default_tupleseps[] = ", \t"; -static const char default_ksaltseps[] = ":."; - -/* - * krb5_keysalt_is_present() - Determine if a key/salt pair is present - * in a list of key/salt tuples. - * - * Salttype may be negative to indicate a search for only a enctype. - */ -krb5_boolean -krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) - krb5_key_salt_tuple *ksaltlist; - krb5_int32 nksalts; - krb5_enctype enctype; - krb5_int32 salttype; -{ - krb5_boolean foundit; - int i; - - foundit = 0; - if (ksaltlist) { - for (i=0; i - * or - * - */ - sp = (char *) NULL; - /* Attempt to find a separator */ - septmp = ksseplist; - for (sp = strchr(kp, (int) *septmp); - *(++septmp) && !sp; - ep = strchr(kp, (int) *septmp)); - - if (sp) { - /* Separate enctype from salttype */ - sepchar = *sp; - *sp = '\0'; - sp++; - } - else - stype = -1; - - /* - * Attempt to parse enctype and salttype. If we parse well - * then make sure that it specifies a unique key/salt combo - */ - if (!krb5_string_to_enctype(kp, &ktype) && - (!sp || !krb5_string_to_salttype(sp, &stype)) && - (dups || - !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { - - /* Squirrel away old keysalt array */ - savep = *ksaltp; - len = (size_t) *nksaltp; - - /* Get new keysalt array */ - if (*ksaltp = (krb5_key_salt_tuple *) - malloc((len + 1) * sizeof(krb5_key_salt_tuple))) { - - /* Copy old keysalt if appropriate */ - if (savep) { - memcpy(*ksaltp, savep, - len * sizeof(krb5_key_salt_tuple)); - krb5_xfree(savep); - } - - /* Save our values */ - (*ksaltp)[(*nksaltp)].ks_enctype = ktype; - (*ksaltp)[(*nksaltp)].ks_salttype = stype; - (*nksaltp)++; - } - else { - *ksaltp = savep; - break; - } - } - if (sp) - sp[-1] = sepchar; - if (ep) - ep[-1] = trailchar; - kp = ep; - } - return(kret); -} - - diff --git a/src/lib/kadm/krb5strings.M b/src/lib/kadm/krb5strings.M deleted file mode 100644 index de118ba8e..000000000 --- a/src/lib/kadm/krb5strings.M +++ /dev/null @@ -1,250 +0,0 @@ -.\" lib/kadm/krb5strings.M -.\" Copyright 1995 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" -.\" -.TH KRB5STRINGS 3 "Kerberos Version 5.0" "MIT Project Athena" -.SH NAME -krb5strings \- String representations of Kerberos V5 internal data. -.SH KEY TYPES -The following strings specify valid key types for use by Kerberos V5. -.TP 2i -.I null -Specifies KEYTYPE_NULL. -.TP 2i -.I des -Specifies KEYTYPE_DES. - -.SH SALT TYPES -The following strings specify valid salt types for use by Kerberos V5. -.TP 2i -.I normal -Specifies KRB5_KDB_SALTTYPE_NORMAL. -.TP 2i -.I v4 -Specifies KRB5_KDB_SALTTYPE_V4. -.TP 2i -.I norealm -Specifies KRB5_KDB_SALTTYPE_NOREALM. -.TP 2i -.I onlyrealm -Specifies KRB5_KDB_SALTTYPE_ONLYREALM. -.TP 2i -.I afs3 -Specifies KRB5_KDB_SALTTYPE_AFS3. -.TP 2i -.I special -Specifies KRB5_KDB_SALTTYPE_SPECIAL. - -.SH ENCRYPTION TYPES -The following strings specify valid encryption types for use by Kerberos V5. -.TP 2i -.I null -Specifies ETYPE_NULL. -.TP 2i -.I des-cbc-crc -Specifies ETYPE_DES_CBC_CRC. -.TP 2i -.I des-cbc-md4 -Specifies ETYPE_DES_CBC_MD4. -.TP 2i -.I des-cbc-md5 -Specifies ETYPE_DES_CBC_MD5. -.TP 2i -.I raw-des-cbc -Specifies ETYPE_RAW_DES_CBC. - -.SH CHECKSUM TYPES -The following strings specify valid checksum types for use by Kerberos V5. -.TP 2i -.I crc32 -Specifies CKSUMTYPE_CRC32. -.TP 2i -.I md4 -Specifies CKSUMTYPE_RSA_MD4. -.TP 2i -.I md4-des -Specifies CKSUMTYPE_RSA_MD4_DES. -.TP 2i -.I des-cbc -Specifies CKSUMTYPE_DESCBC. -.TP 2i -.I md5 -Specifies CKSUMTYPE_RSA_MD5. -.TP 2i -.I md5-des -Specifies CKSUMTYPE_RSA_MD5_DES. - -.SH PRINCIPAL FLAGS -The following strings specify particular principal attributes for use by -Kerberos V5. -.TP 2i -.I postdateable -In the negative sense, specifies KRB5_KDB_DISALLOW_POSTDATED. -.TP 2i -.I forwardable -In the negative sense, specifies KRB5_KDB_DISALLOW_FORWARDABLE. -.TP 2i -.I tgt-based -In the negative sense, specifies KRB5_KDB_DISALLOW_TGT_BASED. -.TP 2i -.I renewable -In the negative sense, specifies KRB5_KDB_DISALLOW_RENEWABLE. -.TP 2i -.I proxiable -In the negative sense, specifies KRB5_KDB_DISALLOW_PROXIABLE. -.TP 2i -.I dup-skey -In the negative sense, specifies KRB5_KDB_DISALLOW_DUP_SKEY. -.TP 2i -.I allow-tickets -In the negative sense, specifies KRB5_KDB_DISALLOW_ALL_TIX. -.TP 2i -.I preauth -Specifies KRB5_KDB_REQUIRES_PRE_AUTH. -.TP 2i -.I hwauth -Specifies KRB5_KDB_REQUIRES_HW_AUTH. -.TP 2i -.I pwchange -Specifies KRB5_KDB_REQUIRES_PWCHANGE. -.TP 2i -.I service -In the negative sense, specifies KRB5_KDB_DISALLOW_SVR. -.TP 2i -.I pwservice -Specifies KRB5_KDB_PWCHANGE_SERVICE. -.TP 2i -.I md5 -Specifies KRB5_KDB_SUPPORT_DESMD5. - -.SH ABSOLUTE TIME -The following formats specify valid absolute time strings for use by Kerberos -V5. In the description the following abbreviations are used: -.in +1i -.B yy -denotes the last two digits of the year. - -.B mm -denotes the two digits representing the month (01 = January, 12 = December). - -.B dd -denotes the two digits representing the day of the month. - -.B HH -denotes the two digits representing the hour of the day (24-hour format). - -.B MM -denotes the two digits representing the minute of the hour. - -.B SS -denotes the two digits representing the second of the minute. -.in -1i - -.TP 2i -.I yymmddHHMMSS -e.g. 951225093023 specifies 9:30:23 a.m. on 25 December 1995. -.TP 2i -.I yy.mm.dd.HH.MM.SS -e.g. 95.12.25.09.30.23 specifies 9:30:23 a.m. on 25 December 1995. -.TP 2i -.I yymmddHHMM -e.g. 9512250930 specifies 9:30 a.m. on 25 December 1995. -.TP 2i -.I HHMMSS -e.g. 123056 specifies 12:30:56 p.m. today. -.TP 2i -.I HHMM -e.g. 2130 specifies 9:30 p.m. today. -.TP 2i -.I HH:MM:SS -e.g. 12:30:56 specifies 12:30:56 p.m. today. -.TP 2i -.I HH:MM -e.g. 21:30 specifies 9:30 p.m. today. -.PP -The following formats are recognized if the target operating system supports -the -.B strptime(3) -function. See the -.B strptime(3) -manual page for a description of the format fields: -.TP 2i -.I %x:%X -Specifies the locale-dependent short date format concatenated by a colon with -the locale-dependent short time format. -.TP 2i -.I %d-%b-%Y:%T -e.g. 10-January-1995:16:42:23 in U.S. locales. -.TP 2i -.I %d-%b-%Y:%R -e.g. 10-January-1995:16:42 in U.S. locales. - -.SH DELTA TIME -The following formats specify valid delta time strings for use by Kerberos -V5. In the description the following abbreviations are used: -.in +1i -.B d -denotes a number of days. - -.B h[h] -denotes one or two digits representing a number of hours. - -.B m[m] -denotes one or two digits representing a number of minutes. - -.B s[s] -denotes one or two digits representing a number of seconds. -.in -1i -.TP 2i -.I d-hh:mm:ss -e.g. 7-04:30:01 specifies seven days, four hours 30 minutes and one second. -.TP 2i -.I ddhhmmss -e.g. 7d4h30m1s specifies seven days, four hours 30 minutes and one second. -.TP 2i -.I h:mm:ss -e.g. 6:23:16 specifies six hours, 23 minutes and 16 seconds. -.TP 2i -.I hhmmss -e.g. 6h23m16s specifies six hours 23 minutes and 16 seconds. -.TP 2i -.I h:mm -e.g. 2:30 specifies two hours and 30 minutes. -.TP 2i -.I hhmm -e.g. 2h30m specifies two hours and 30 minutes. -.TP 2i -.I dd -e.g. 2d specifies two days. -.TP 2i -.I hh -e.g. 4h specifies four hours. -.TP 2i -.I mm -e.g. 30m specifies 30 minutes. -.TP 2i -.I ss -e.g. 3600s specifies 3600 seconds. - -.SH SEE ALSO -kdc.conf(5), krb5kdc(8), kdb5_edit(8), kadmin5(8), strptime(3) - - - - diff --git a/src/lib/kadm/logger.c b/src/lib/kadm/logger.c deleted file mode 100644 index 425c1ccc7..000000000 --- a/src/lib/kadm/logger.c +++ /dev/null @@ -1,940 +0,0 @@ -/* - * lib/kadm/logger.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#if !defined(_MSDOS) - -/* - * logger.c - Handle logging functions for those who want it. - */ -#include "k5-int.h" -#include "adm_proto.h" -#include "com_err.h" -#include -#if HAVE_SYSLOG_H -#include -#endif /* HAVE_SYSLOG_H */ -#if HAVE_STDARG_H -#include -#else /* HAVE_STDARG_H */ -#include -#endif /* HAVE_STDARG_H */ - -#define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 256 -#endif /* MAXHOSTNAMELEN */ - -/* This is to assure that we have at least one match in the syslog stuff */ -#ifndef LOG_AUTH -#define LOG_AUTH 0 -#endif /* LOG_AUTH */ -#ifndef LOG_ERR -#define LOG_ERR 0 -#endif /* LOG_ERR */ - -static const char lspec_parse_err_1[] = "%s: cannot parse <%s>\n"; -static const char lspec_parse_err_2[] = "%s: warning - logging entry syntax error\n"; -static const char log_file_err[] = "%s: error writing to %s\n"; -static const char log_device_err[] = "%s: error writing to %s device\n"; -static const char log_ufo_string[] = "???"; -static const char log_emerg_string[] = "EMERGENCY"; -static const char log_alert_string[] = "ALERT"; -static const char log_crit_string[] = "CRITICAL"; -static const char log_err_string[] = "Error"; -static const char log_warning_string[] = "Warning"; -static const char log_notice_string[] = "Notice"; -static const char log_info_string[] = "info"; -static const char log_debug_string[] = "debug"; - -/* - * Output logging. - * - * Output logging is now controlled by the configuration file. We can specify - * the following syntaxes under the [logging]->entity specification. - * FILE - * SYSLOG[=[:]] - * STDERR - * CONSOLE - * DEVICE= - * - * Where: - * is ":" for open/append, "=" for open/create. - * is a valid path name. - * is one of: (default = ERR) - * EMERG - * ALERT - * CRIT - * ERR - * WARNING - * NOTICE - * INFO - * DEBUG - * is one of: (default = AUTH) - * KERN - * USER - * MAIL - * DAEMON - * AUTH - * LPR - * NEWS - * UUCP - * CRON - * LOCAL0..LOCAL7 - * is a valid device specification. - */ -struct log_entry { - enum log_type { K_LOG_FILE, - K_LOG_SYSLOG, - K_LOG_STDERR, - K_LOG_CONSOLE, - K_LOG_DEVICE, - K_LOG_NONE } log_type; - krb5_pointer log_2free; - union log_union { - struct log_file { - FILE *lf_filep; - char *lf_fname; - } log_file; - struct log_syslog { - int ls_facility; - int ls_severity; - } log_syslog; - struct log_device { - FILE *ld_filep; - char *ld_devname; - } log_device; - } log_union; -}; -#define lfu_filep log_union.log_file.lf_filep -#define lfu_fname log_union.log_file.lf_fname -#define lsu_facility log_union.log_syslog.ls_facility -#define lsu_severity log_union.log_syslog.ls_severity -#define ldu_filep log_union.log_device.ld_filep -#define ldu_devname log_union.log_device.ld_devname - -struct log_control { - struct log_entry *log_entries; - int log_nentries; - char *log_whoami; - char *log_hostname; - krb5_boolean log_opened; -}; - -static struct log_control log_control = { - (struct log_entry *) NULL, - 0, - (char *) NULL, - (char *) NULL, - 0 -}; -static struct log_entry def_log_entry; - -/* - * These macros define any special processing that needs to happen for - * devices. For unix, of course, this is hardly anything. - */ -#define DEVICE_OPEN(d, m) fopen(d, m) -#define CONSOLE_OPEN(m) fopen("/dev/console", m) -#define DEVICE_PRINT(f, m) ((fprintf(f, m) >= 0) ? \ - (fprintf(f, "\r\n"), fflush(f), 0) : \ - -1) -#define DEVICE_CLOSE(d) fclose(d) - - -/* - * klog_com_err_proc() - Handle com_err(3) messages as specified by the - * profile. - */ -static void -klog_com_err_proc(whoami, code, format, ap) - const char *whoami; - long code; - const char *format; - va_list ap; -{ - char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; - int lindex; - char *actual_format; -#if HAVE_SYSLOG - int log_pri = -1; -#endif /* HAVE_SYSLOG */ - char *cp; - char *syslogp; - - /* Make the header */ - sprintf(outbuf, "%s: ", whoami); - /* - * Squirrel away address after header for syslog since syslog makes - * a header - */ - syslogp = &outbuf[strlen(outbuf)]; - - /* If reporting an error message, separate it. */ - if (code) { - strcat(outbuf, error_message(code)); - strcat(outbuf, " - "); - } - cp = &outbuf[strlen(outbuf)]; - - actual_format = (char *) format; -#if HAVE_SYSLOG - /* - * This is an unpleasant hack. If the first character is less than - * 8, then we assume that it is a priority. - * - * Since it is not guaranteed that there is a direct mapping between - * syslog priorities (e.g. Ultrix and old BSD), we resort to this - * intermediate representation. - */ - if ((((unsigned char) *format) > 0) && (((unsigned char) *format) <= 8)) { - actual_format = (char *) (format + 1); - switch ((unsigned char) *format) { -#ifdef LOG_EMERG - case 1: - log_pri = LOG_EMERG; - break; -#endif /* LOG_EMERG */ -#ifdef LOG_ALERT - case 2: - log_pri = LOG_ALERT; - break; -#endif /* LOG_ALERT */ -#ifdef LOG_CRIT - case 3: - log_pri = LOG_CRIT; - break; -#endif /* LOG_CRIT */ - default: - case 4: - log_pri = LOG_ERR; - break; -#ifdef LOG_WARNING - case 5: - log_pri = LOG_WARNING; - break; -#endif /* LOG_WARNING */ -#ifdef LOG_NOTICE - case 6: - log_pri = LOG_NOTICE; - break; -#endif /* LOG_NOTICE */ -#ifdef LOG_INFO - case 7: - log_pri = LOG_INFO; - break; -#endif /* LOG_INFO */ -#ifdef LOG_DEBUG - case 8: - log_pri = LOG_DEBUG; - break; -#endif /* LOG_DEBUG */ - } - } -#endif /* HAVE_SYSLOG */ - - /* Now format the actual message */ -#if HAVE_VSPRINTF - vsprintf(cp, actual_format, ap); -#else /* HAVE_VSPRINTF */ - sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], - ((int *) ap)[2], ((int *) ap)[3], - ((int *) ap)[4], ((int *) ap)[5]); -#endif /* HAVE_VSPRINTF */ - - /* - * Now that we have the message formatted, perform the output to each - * logging specification. - */ - for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - if (fprintf(log_control.log_entries[lindex].lfu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_file_err, whoami, - log_control.log_entries[lindex].lfu_fname); - } - else { - fprintf(log_control.log_entries[lindex].lfu_filep, "\n"); - fflush(log_control.log_entries[lindex].lfu_filep); - } - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_device_err, whoami, - log_control.log_entries[lindex].ldu_devname); - } - break; -#if HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - /* - * If we have specified a priority through our hackery, then - * use it, otherwise use the default. - */ - if (log_pri >= 0) - log_pri |= log_control.log_entries[lindex].lsu_facility; - else - log_pri = log_control.log_entries[lindex].lsu_facility | - log_control.log_entries[lindex].lsu_severity; - - /* Log the message with our header trimmed off */ - syslog(log_pri, syslogp); - break; -#endif /* HAVE_SYSLOG */ - default: - break; - } - } -} - -/* - * krb5_klog_init() - Initialize logging. - * - * This routine parses the syntax described above to specify destinations for - * com_err(3) or krb5_klog_syslog() messages generated by the caller. - * - * Parameters: - * kcontext - Kerberos context. - * ename - Entity name as it is to appear in the profile. - * whoami - Entity name as it is to appear in error output. - * do_com_err - Take over com_err(3) processing. - * - * Implicit inputs: - * stderr - This is where STDERR output goes. - * - * Implicit outputs: - * log_nentries - Number of log entries, both valid and invalid. - * log_control - List of entries (log_nentries long) which contains - * data for klog_com_err_proc() to use to determine - * where/how to send output. - */ -krb5_error_code -krb5_klog_init(kcontext, ename, whoami, do_com_err) - krb5_context kcontext; - char *ename; - char *whoami; - krb5_boolean do_com_err; -{ - const char *logging_profent[3]; - const char *logging_defent[3]; - char **logging_specs; - int i, ngood; - char *cp, *cp2; - char savec; - int error; - int do_openlog, log_facility; - FILE *f; - - /* Initialize */ - do_openlog = 0; - log_facility = 0; - - /* - * Look up [logging]-> in the profile. If that doesn't - * succeed, then look for [logging]->default. - */ - logging_profent[0] = "logging"; - logging_profent[1] = ename; - logging_profent[2] = (char *) NULL; - logging_defent[0] = "logging"; - logging_defent[1] = "default"; - logging_defent[2] = (char *) NULL; - logging_specs = (char **) NULL; - ngood = 0; - log_control.log_nentries = 0; - if (!profile_get_values(kcontext->profile, - logging_profent, - &logging_specs) || - !profile_get_values(kcontext->profile, - logging_defent, - &logging_specs)) { - /* - * We have a match, so we first count the number of elements - */ - for (log_control.log_nentries = 0; - logging_specs[log_control.log_nentries]; - log_control.log_nentries++); - - /* - * Now allocate our structure. - */ - log_control.log_entries = (struct log_entry *) - malloc(log_control.log_nentries * sizeof(struct log_entry)); - if (log_control.log_entries) { - /* - * Scan through the list. - */ - for (i=0; i - * so, trim off the leading and trailing whitespace here. - */ - for (cp = logging_specs[i]; isspace(*cp); cp++); - for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1]; - isspace(*cp2); cp2--); - cp2++; - *cp2 = '\0'; - /* - * Is this a file? - */ - if (!strncasecmp(cp, "FILE", 4)) { - /* - * Check for append/overwrite, then open the file. - */ - if (cp[4] == ':' || cp[4] == '=') { - f = fopen(&cp[5], (cp[4] == ':') ? "a+" : "w"); - if (f) { - log_control.log_entries[i].lfu_filep = f; - log_control.log_entries[i].log_type = K_LOG_FILE; - log_control.log_entries[i].lfu_fname = &cp[5]; - } else { - fprintf(stderr,"Couldn't open log file %s: %s\n", - &cp[5], error_message(errno)); - continue; - } - } - } -#if HAVE_SYSLOG - /* - * Is this a syslog? - */ - else if (!strncasecmp(cp, "SYSLOG", 6)) { - error = 0; - log_control.log_entries[i].lsu_facility = LOG_AUTH; - log_control.log_entries[i].lsu_severity = LOG_ERR; - /* - * Is there a severify specified? - */ - if (cp[6] == ':') { - /* - * Find the end of the severity. - */ - if (cp2 = strchr(&cp[7], ':')) { - savec = *cp2; - *cp2 = '\0'; - cp2++; - } - - /* - * Match a severity. - */ - if (!strcasecmp(&cp[7], "ERR")) { - log_control.log_entries[i].lsu_severity = LOG_ERR; - } -#ifdef LOG_EMERG - else if (!strcasecmp(&cp[7], "EMERG")) { - log_control.log_entries[i].lsu_severity = - LOG_EMERG; - } -#endif /* LOG_EMERG */ -#ifdef LOG_ALERT - else if (!strcasecmp(&cp[7], "ALERT")) { - log_control.log_entries[i].lsu_severity = - LOG_ALERT; - } -#endif /* LOG_ALERT */ -#ifdef LOG_CRIT - else if (!strcasecmp(&cp[7], "CRIT")) { - log_control.log_entries[i].lsu_severity = LOG_CRIT; - } -#endif /* LOG_CRIT */ -#ifdef LOG_WARNING - else if (!strcasecmp(&cp[7], "WARNING")) { - log_control.log_entries[i].lsu_severity = - LOG_WARNING; - } -#endif /* LOG_WARNING */ -#ifdef LOG_NOTICE - else if (!strcasecmp(&cp[7], "NOTICE")) { - log_control.log_entries[i].lsu_severity = - LOG_NOTICE; - } -#endif /* LOG_NOTICE */ -#ifdef LOG_INFO - else if (!strcasecmp(&cp[7], "INFO")) { - log_control.log_entries[i].lsu_severity = LOG_INFO; - } -#endif /* LOG_INFO */ -#ifdef LOG_DEBUG - else if (!strcasecmp(&cp[7], "DEBUG")) { - log_control.log_entries[i].lsu_severity = - LOG_DEBUG; - } -#endif /* LOG_DEBUG */ - else - error = 1; - - /* - * If there is a facility present, then parse that. - */ - if (cp2) { - if (!strcasecmp(cp2, "AUTH")) { - log_control.log_entries[i].lsu_facility = LOG_AUTH; - } -#ifdef LOG_KERN - else if (!strcasecmp(cp2, "KERN")) { - log_control.log_entries[i].lsu_facility = LOG_KERN; - } -#endif /* LOG_KERN */ -#ifdef LOG_USER - else if (!strcasecmp(cp2, "USER")) { - log_control.log_entries[i].lsu_facility = LOG_USER; - } -#endif /* LOG_USER */ -#ifdef LOG_MAIL - else if (!strcasecmp(cp2, "MAIL")) { - log_control.log_entries[i].lsu_facility = LOG_MAIL; - } -#endif /* LOG_MAIL */ -#ifdef LOG_DAEMON - else if (!strcasecmp(cp2, "DAEMON")) { - log_control.log_entries[i].lsu_facility = LOG_DAEMON; - } -#endif /* LOG_DAEMON */ -#ifdef LOG_LPR - else if (!strcasecmp(cp2, "LPR")) { - log_control.log_entries[i].lsu_facility = LOG_LPR; - } -#endif /* LOG_LPR */ -#ifdef LOG_NEWS - else if (!strcasecmp(cp2, "NEWS")) { - log_control.log_entries[i].lsu_facility = LOG_NEWS; - } -#endif /* LOG_NEWS */ -#ifdef LOG_UUCP - else if (!strcasecmp(cp2, "UUCP")) { - log_control.log_entries[i].lsu_facility = LOG_UUCP; - } -#endif /* LOG_UUCP */ -#ifdef LOG_CRON - else if (!strcasecmp(cp2, "CRON")) { - log_control.log_entries[i].lsu_facility = LOG_CRON; - } -#endif /* LOG_CRON */ -#ifdef LOG_LOCAL0 - else if (!strcasecmp(cp2, "LOCAL0")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL0; - } -#endif /* LOG_LOCAL0 */ -#ifdef LOG_LOCAL1 - else if (!strcasecmp(cp2, "LOCAL1")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL1; - } -#endif /* LOG_LOCAL1 */ -#ifdef LOG_LOCAL2 - else if (!strcasecmp(cp2, "LOCAL2")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL2; - } -#endif /* LOG_LOCAL2 */ -#ifdef LOG_LOCAL3 - else if (!strcasecmp(cp2, "LOCAL3")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL3; - } -#endif /* LOG_LOCAL3 */ -#ifdef LOG_LOCAL4 - else if (!strcasecmp(cp2, "LOCAL4")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL4; - } -#endif /* LOG_LOCAL4 */ -#ifdef LOG_LOCAL5 - else if (!strcasecmp(cp2, "LOCAL5")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL5; - } -#endif /* LOG_LOCAL5 */ -#ifdef LOG_LOCAL6 - else if (!strcasecmp(cp2, "LOCAL6")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL6; - } -#endif /* LOG_LOCAL6 */ -#ifdef LOG_LOCAL7 - else if (!strcasecmp(cp2, "LOCAL7")) { - log_control.log_entries[i].lsu_facility = LOG_LOCAL7; - } -#endif /* LOG_LOCAL7 */ - cp2--; - *cp2 = savec; - } - } - if (!error) { - log_control.log_entries[i].log_type = K_LOG_SYSLOG; - do_openlog = 1; - log_facility = log_control.log_entries[i].lsu_facility; - } - } -#endif /* HAVE_SYSLOG */ - /* - * Is this a standard error specification? - */ - else if (!strcasecmp(cp, "STDERR")) { - if (log_control.log_entries[i].lfu_filep = - fdopen(fileno(stderr), "a+")) { - log_control.log_entries[i].log_type = K_LOG_STDERR; - log_control.log_entries[i].lfu_fname = - "standard error"; - } - } - /* - * Is this a specification of the console? - */ - else if (!strcasecmp(cp, "CONSOLE")) { - if (log_control.log_entries[i].ldu_filep = - CONSOLE_OPEN("a+")) { - log_control.log_entries[i].log_type = K_LOG_CONSOLE; - log_control.log_entries[i].ldu_devname = "console"; - } - } - /* - * Is this a specification of a device? - */ - else if (!strncasecmp(cp, "DEVICE", 6)) { - /* - * We handle devices very similarly to files. - */ - if (cp[6] == '=') { - if (log_control.log_entries[i].ldu_filep = - DEVICE_OPEN(&cp[7], "w")) { - log_control.log_entries[i].log_type = K_LOG_DEVICE; - log_control.log_entries[i].ldu_devname = &cp[7]; - } - } - } - /* - * See if we successfully parsed this specification. - */ - if (log_control.log_entries[i].log_type == K_LOG_NONE) { - fprintf(stderr, lspec_parse_err_1, whoami, cp); - fprintf(stderr, lspec_parse_err_2, whoami); - } - else - ngood++; - } - } - /* - * If we didn't find anything, then free our lists. - */ - if (ngood == 0) { - for (i=0; ilog_type = K_LOG_SYSLOG; - log_control.log_entries->log_2free = (krb5_pointer) NULL; - log_control.log_entries->lsu_facility = LOG_AUTH; - log_control.log_entries->lsu_severity = LOG_ERR; - log_control.log_nentries = 1; - } - if (log_control.log_nentries) { - if (log_control.log_whoami = (char *) malloc(strlen(whoami)+1)) - strcpy(log_control.log_whoami, whoami); - if (log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN)) - gethostname(log_control.log_hostname, MAXHOSTNAMELEN); -#if HAVE_OPENLOG - if (do_openlog) { - openlog(whoami, LOG_NDELAY|LOG_PID, log_facility); - log_control.log_opened = 1; - } -#endif /* HAVE_OPENLOG */ - if (do_com_err) - (void) set_com_err_hook(klog_com_err_proc); - } - return((log_control.log_nentries) ? 0 : ENOENT); -} - -/* - * krb5_klog_close() - Close the logging context and free all data. - */ -void -krb5_klog_close(kcontext) - krb5_context kcontext; -{ - int lindex; - (void) reset_com_err_hook(); - for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - fclose(log_control.log_entries[lindex].lfu_filep); - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep); - break; -#if HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - break; -#endif /* HAVE_SYSLOG */ - default: - break; - } - if (log_control.log_entries[lindex].log_2free) - free(log_control.log_entries[lindex].log_2free); - } - if (log_control.log_entries != &def_log_entry) - free(log_control.log_entries); - log_control.log_entries = (struct log_entry *) NULL; - log_control.log_nentries = 0; - if (log_control.log_whoami) - free(log_control.log_whoami); - log_control.log_whoami = (char *) NULL; - if (log_control.log_hostname) - free(log_control.log_hostname); - log_control.log_hostname = (char *) NULL; -#if HAVE_CLOSELOG - if (log_control.log_opened) - closelog(); -#endif /* HAVE_CLOSELOG */ -} - -/* - * severity2string() - Convert a severity to a string. - */ -static char * -severity2string(severity) - int severity; -{ - int s; - const char *ss; - - s = severity & LOG_PRIMASK; - ss = log_ufo_string; - switch (s) { -#ifdef LOG_EMERG - case LOG_EMERG: - ss = log_emerg_string; - break; -#endif /* LOG_EMERG */ -#ifdef LOG_ALERT - case LOG_ALERT: - ss = log_alert_string; - break; -#endif /* LOG_ALERT */ -#ifdef LOG_CRIT - case LOG_CRIT: - ss = log_crit_string; - break; -#endif /* LOG_CRIT */ - case LOG_ERR: - ss = log_err_string; - break; -#ifdef LOG_WARNING - case LOG_WARNING: - ss = log_warning_string; - break; -#endif /* LOG_WARNING */ -#ifdef LOG_NOTICE - case LOG_NOTICE: - ss = log_notice_string; - break; -#endif /* LOG_NOTICE */ -#ifdef LOG_INFO - case LOG_INFO: - ss = log_info_string; - break; -#endif /* LOG_INFO */ -#ifdef LOG_DEBUG - case LOG_DEBUG: - ss = log_debug_string; - break; -#endif /* LOG_DEBUG */ - } - return((char *) ss); -} - -/* - * krb5_klog_syslog() - Simulate the calling sequence of syslog(3), while - * also performing the logging redirection as specified - * by krb5_klog_init(). - */ -static int -klog_vsyslog(priority, format, arglist) - int priority; - const char *format; - va_list arglist; -{ - char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; - int lindex; - char *syslogp; - char *cp; - time_t now; -#if HAVE_STRFTIME - size_t soff; -#endif /* HAVE_STRFTIME */ - - /* - * Format a syslog-esque message of the format: - * - * (verbose form) - * [](): - * - * (short form) - * - */ - cp = outbuf; - (void) time(&now); -#if HAVE_STRFTIME - /* - * Format the date: mon dd hh:mm:ss - */ - soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", localtime(&now)); - if (soff > 0) - cp += soff; - else - return(-1); -#else /* HAVE_STRFTIME */ - /* - * Format the date: - * We ASSUME here that the output of ctime is of the format: - * dow mon dd hh:mm:ss tzs yyyy\n - * 012345678901234567890123456789 - */ - strncpy(outbuf, ctime(&now) + 4, 15); - cp += 15; -#endif /* HAVE_STRFTIME */ -#ifdef VERBOSE_LOGS - sprintf(cp, " %s %s[%d](%s): ", - log_control.log_hostname, log_control.log_whoami, getpid(), - severity2string(priority)); -#else - sprintf(cp, " "); -#endif - syslogp = &outbuf[strlen(outbuf)]; - - /* Now format the actual message */ -#if HAVE_VSPRINTF - vsprintf(syslogp, format, arglist); -#else /* HAVE_VSPRINTF */ - sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1], - ((int *) arglist)[2], ((int *) arglist)[3], - ((int *) arglist)[4], ((int *) arglist)[5]); -#endif /* HAVE_VSPRINTF */ - - /* - * Now that we have the message formatted, perform the output to each - * logging specification. - */ - for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - if (fprintf(log_control.log_entries[lindex].lfu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_file_err, - log_control.log_entries[lindex].lfu_fname); - } - else { - fprintf(log_control.log_entries[lindex].lfu_filep, "\n"); - fflush(log_control.log_entries[lindex].lfu_filep); - } - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_device_err, - log_control.log_entries[lindex].ldu_devname); - } - break; -#if HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - - /* Log the message with our header trimmed off */ - syslog(priority, syslogp); - break; -#endif /* HAVE_SYSLOG */ - default: - break; - } - } - return(0); -} - -#if HAVE_STDARG_H -int -krb5_klog_syslog(int priority, const char *format, ...) -#else /* HAVE_STDARG_H */ -int -krb5_klog_syslog(priority, format, va_alist) - int priority; - const char *format; - va_dcl -#endif /* HAVE_STDARG_H */ -{ - int retval; - va_list pvar; - -#if HAVE_STDARG_H - va_start(pvar, format); -#else /* HAVE_STDARG_H */ - va_start(pvar); -#endif /* HAVE_STDARG_H */ - retval = klog_vsyslog(priority, format, pvar); - va_end(pvar); - return(retval); -} -#endif /* !defined(_MSDOS) */ diff --git a/src/lib/kadm/str_conv.c b/src/lib/kadm/str_conv.c deleted file mode 100644 index ccd0da030..000000000 --- a/src/lib/kadm/str_conv.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * lib/kadm/str_conv.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * str_conv.c - Convert between strings and Kerberos internal data. - */ - -/* - * Table of contents: - * - * String decoding: - * ---------------- - * krb5_string_to_flags() - Convert string to krb5_flags. - * - * String encoding: - * ---------------- - * krb5_flags_to_string() - Convert krb5_flags to string. - */ - -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - -/* - * Local data structures. - */ -struct flags_lookup_entry { - krb5_flags fl_flags; /* Flag */ - krb5_boolean fl_sense; /* Sense of the flag */ - const char * fl_specifier; /* How to recognize it */ - const char * fl_output; /* How to spit it out */ -}; - -/* - * Local strings - */ - -/* Keytype strings */ -/* Flags strings */ -static const char flags_pdate_in[] = "postdateable"; -static const char flags_fwd_in[] = "forwardable"; -static const char flags_tgtbased_in[] = "tgt-based"; -static const char flags_renew_in[] = "renewable"; -static const char flags_proxy_in[] = "proxiable"; -static const char flags_dup_skey_in[] = "dup-skey"; -static const char flags_tickets_in[] = "allow-tickets"; -static const char flags_preauth_in[] = "preauth"; -static const char flags_hwauth_in[] = "hwauth"; -static const char flags_pwchange_in[] = "pwchange"; -static const char flags_service_in[] = "service"; -static const char flags_pwsvc_in[] = "pwservice"; -static const char flags_md5_in[] = "md5"; -static const char flags_pdate_out[] = "Not Postdateable"; -static const char flags_fwd_out[] = "Not Forwardable"; -static const char flags_tgtbased_out[] = "No TGT-based requests"; -static const char flags_renew_out[] = "Not renewable"; -static const char flags_proxy_out[] = "Not proxiable"; -static const char flags_dup_skey_out[] = "No DUP_SKEY requests"; -static const char flags_tickets_out[] = "All Tickets Disallowed"; -static const char flags_preauth_out[] = "Preauthorization required"; -static const char flags_hwauth_out[] = "HW Authorization required"; -static const char flags_pwchange_out[] = "Password Change required"; -static const char flags_service_out[] = "Service Disabled"; -static const char flags_pwsvc_out[] = "Password Changing Service"; -static const char flags_md5_out[] = "RSA-MD5 supported"; -static const char flags_default_neg[] = "-"; -static const char flags_default_sep[] = " "; - -/* - * Lookup tables. - */ - -static const struct flags_lookup_entry flags_table[] = { -/* flag sense input specifier output string */ -/*----------------------------- ------- ------------------ ------------------*/ -{ KRB5_KDB_DISALLOW_POSTDATED, 0, flags_pdate_in, flags_pdate_out }, -{ KRB5_KDB_DISALLOW_FORWARDABLE,0, flags_fwd_in, flags_fwd_out }, -{ KRB5_KDB_DISALLOW_TGT_BASED, 0, flags_tgtbased_in, flags_tgtbased_out}, -{ KRB5_KDB_DISALLOW_RENEWABLE, 0, flags_renew_in, flags_renew_out }, -{ KRB5_KDB_DISALLOW_PROXIABLE, 0, flags_proxy_in, flags_proxy_out }, -{ KRB5_KDB_DISALLOW_DUP_SKEY, 0, flags_dup_skey_in, flags_dup_skey_out}, -{ KRB5_KDB_DISALLOW_ALL_TIX, 0, flags_tickets_in, flags_tickets_out }, -{ KRB5_KDB_REQUIRES_PRE_AUTH, 1, flags_preauth_in, flags_preauth_out }, -{ KRB5_KDB_REQUIRES_HW_AUTH, 1, flags_hwauth_in, flags_hwauth_out }, -{ KRB5_KDB_REQUIRES_PWCHANGE, 1, flags_pwchange_in, flags_pwchange_out}, -{ KRB5_KDB_DISALLOW_SVR, 0, flags_service_in, flags_service_out }, -{ KRB5_KDB_PWCHANGE_SERVICE, 1, flags_pwsvc_in, flags_pwsvc_out }, -{ KRB5_KDB_SUPPORT_DESMD5, 1, flags_md5_in, flags_md5_out } -}; -static const int flags_table_nents = sizeof(flags_table)/ - sizeof(flags_table[0]); - - -krb5_error_code -krb5_string_to_flags(string, positive, negative, flagsp) - char * string; - const char * positive; - const char * negative; - krb5_flags * flagsp; -{ - int i; - int found; - const char *neg; - size_t nsize, psize; - int cpos; - int sense; - - found = 0; - /* We need to have a way to negate it. */ - neg = (negative) ? negative : flags_default_neg; - nsize = strlen(neg); - psize = (positive) ? strlen(positive) : 0; - - cpos = 0; - sense = 1; - /* First check for positive or negative sense */ - if (!strncasecmp(neg, string, nsize)) { - sense = 0; - cpos += (int) nsize; - } - else if (psize && !strncasecmp(positive, string, psize)) { - cpos += (int) psize; - } - - for (i=0; i= flags_table_nents) return ENOENT; /* End of list */ - if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM; - strcpy(buffer, flags_table[flag].fl_specifier); - return 0; -} diff --git a/src/lib/kadm/t_dbentry.c b/src/lib/kadm/t_dbentry.c deleted file mode 100644 index 6c71234b3..000000000 --- a/src/lib/kadm/t_dbentry.c +++ /dev/null @@ -1,965 +0,0 @@ -/* - * lib/kadm/t_dbentry.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * t_dbentry.c - Test function of krb5_adm_{proto_to_dbent,dbent_to_proto}. - */ - -#include "k5-int.h" -#include "adm.h" -#include "adm_proto.h" - -#if HAVE_SRAND48 -#define SRAND srand48 -#define RAND lrand48 -#define RAND_TYPE long -#endif /* HAVE_SRAND48 */ - -#if !defined(RAND_TYPE) && defined(HAVE_SRAND) -#define SRAND srand -#define RAND rand -#define RAND_TYPE int -#endif /* !defined(RAND_TYPE) && defined(HAVE_SRAND) */ - -#if !defined(RAND_TYPE) && defined(HAVE_SRANDOM) -#define SRAND srandom -#define RAND random -#define RAND_TYPE long -#endif /* !defined(RAND_TYPE) && defined(HAVE_SRANDOM) */ - -#if !defined(RAND_TYPE) -There is no random number generator. -#endif /* !defined(RAND_TYPE) */ - -/* - * Generate a random event that has an a/b chance of succeeding - */ -#define RANDOM_EVENT(a,b) ((RAND() % b) < a) -/* Define probabilities of generating each attribute type */ -#define PASSWORD_EVENT RANDOM_EVENT(3,5) -#define KVNO_EVENT RANDOM_EVENT(2,5) -#define MAXLIFE_EVENT RANDOM_EVENT(1,4) -#define MAXRENEWLIFE_EVENT RANDOM_EVENT(1,4) -#define EXPIRATION_EVENT RANDOM_EVENT(1,3) -#define PWEXPIRATION_EVENT RANDOM_EVENT(1,3) -#define RANDOMKEY_EVENT RANDOM_EVENT(1,8) -#define FLAGS_EVENT RANDOM_EVENT(9,10) -#define SALT_EVENT RANDOM_EVENT(7,16) -#define MKVNO_EVENT RANDOM_EVENT(2,5) -#define LASTPWCHANGE_EVENT RANDOM_EVENT(2,5) -#define LASTSUCCESS_EVENT RANDOM_EVENT(2,5) -#define LASTFAILED_EVENT RANDOM_EVENT(2,5) -#define FAILCOUNT_EVENT RANDOM_EVENT(2,5) -#define MODNAME_EVENT RANDOM_EVENT(2,5) -#define MODDATE_EVENT RANDOM_EVENT(2,5) -#define EXTRA_EVENT RANDOM_EVENT(1,5) -#define SET_EVENT RANDOM_EVENT(1,4) - -/* - * Convert a time value to a string for output messages. - */ -static char * -time2string(ts) - krb5_timestamp ts; -{ - static char buf[1024]; - - strcpy(buf, ctime((time_t *) &ts)); - /* Remove trailing \n */ - buf[strlen(buf)-1] = '\0'; - return(buf); -} - -static krb5_boolean -aux_data_inequal(in, out) - krb5_db_entry *in, *out; -{ - krb5_tl_data *intl, *outtl; - krb5_boolean found; - - if (in->n_tl_data != out->n_tl_data) - return(1); - found = 1; - for (intl = in->tl_data; intl; intl = intl->tl_data_next) { - found = 0; - for (outtl = out->tl_data; outtl; outtl = outtl->tl_data_next) { - if ((intl->tl_data_type == outtl->tl_data_type) && - (intl->tl_data_length == outtl->tl_data_length) && - !memcmp(intl->tl_data_contents, - outtl->tl_data_contents, - intl->tl_data_length)) { - outtl->tl_data_length = -outtl->tl_data_length; - found = 1; - } - } - if (!found) - break; - } - for (outtl = out->tl_data; outtl; outtl = outtl->tl_data_next) { - if (outtl->tl_data_length < 0) - outtl->tl_data_length = -outtl->tl_data_length; - } - return(!found); -} - -static void -print_auxdata(entp) - krb5_db_entry *entp; -{ - krb5_tl_data *tl; - int i; - - for (tl = entp->tl_data; tl; tl = tl->tl_data_next) { - printf("tl_data(%d)[len=%d] ", tl->tl_data_type, tl->tl_data_length); - for (i=0; itl_data_length; i++) - printf("%02x ", tl->tl_data_contents[i]); - printf("\n"); - } -} - -static krb5_boolean -key_data_inequal(in, out) - krb5_db_entry *in, *out; -{ - krb5_boolean found; - int i, j; - - if (in->n_key_data != out->n_key_data) - return(1); - found = 1; - for (i=0; in_key_data; i++) { - found = 0; - for (j=0; jn_key_data; j++) { - if ((in->key_data[i].key_data_kvno == - out->key_data[j].key_data_kvno) && - (in->key_data[i].key_data_type[0] == - out->key_data[j].key_data_type[0]) && - (in->key_data[i].key_data_type[1] == - out->key_data[j].key_data_type[1]) && - (in->key_data[i].key_data_length[0] == - out->key_data[j].key_data_length[0]) && - (in->key_data[i].key_data_length[1] == - out->key_data[j].key_data_length[1]) && - !memcmp(in->key_data[i].key_data_contents[0], - out->key_data[j].key_data_contents[0], - in->key_data[i].key_data_length[0]) && - (!in->key_data[i].key_data_length[1] || - !memcmp(in->key_data[i].key_data_contents[1], - out->key_data[j].key_data_contents[1], - in->key_data[i].key_data_length[1]))) { - out->key_data[j].key_data_length[0] = - -out->key_data[j].key_data_length[0]; - found = 1; - } - } - if (!found) - break; - } - for (j=0; jn_key_data; j++) { - if (out->key_data[j].key_data_length[0] < 0) - out->key_data[j].key_data_length[0] = - -out->key_data[j].key_data_length[0]; - } - return(!found); -} - -static void -print_keydata(entp) - krb5_db_entry *entp; -{ - int i, j; - - for (j=0; jn_key_data; j++) { - printf("key(vno=%d):key(type=%d)[contents= ", - entp->key_data[j].key_data_kvno, - entp->key_data[j].key_data_type[0]); - for (i=0; ikey_data[j].key_data_length[0]; i++) - printf("%02x ", entp->key_data[j].key_data_contents[0][i]); - printf("] salt(type=%d)", entp->key_data[j].key_data_type[1]); - if (entp->key_data[j].key_data_length[1]) { - printf("[contents= "); - for (i=0; ikey_data[j].key_data_length[1]; i++) - printf("%02x ", entp->key_data[j].key_data_contents[1][i]); - printf("]"); - } - printf("\n"); - } -} - -static krb5_boolean -extra_data_inequal(in, out) - krb5_db_entry *in, *out; -{ - if (in->e_length != out->e_length) - return(1); - if (in->e_length && memcmp(in->e_data, out->e_data, (size_t) in->e_length)) - return(1); - return(0); -} - -static void -print_extradata(entp) - krb5_db_entry *entp; -{ - int i; - - printf("extra:"); - for (i=0; ie_length; i++) - printf("%02x ", entp->e_data[i]); - printf("\n"); -} - -/* - * Generate a database entry, either randomly, or using well known values. - */ -static void -gen_dbent(kcontext, dbentp, isrand, validp, pwdp, expectp) - krb5_context kcontext; - krb5_db_entry *dbentp; - krb5_boolean isrand; - krb5_ui_4 *validp; - char **pwdp; - krb5_boolean *expectp; -{ - time_t now; - krb5_boolean is_set; - size_t pwlen; - int i; - static char *defpass = "testpassword"; - static char *defprinc = "testprinc/instance@realm"; - - now = time((time_t *) NULL); - is_set = ((*validp & KRB5_ADM_M_SET) != 0); - - /* Do password on set */ - if (isrand) { - if (PASSWORD_EVENT) { - pwlen = 9 + (RAND() % 56); - *pwdp = (char *) malloc(pwlen); - for (i=0; imax_life = RAND(); - *validp |= KRB5_ADM_M_MAXLIFE; - } - } - else { - dbentp->max_life = KRB5_KDB_MAX_LIFE; - *validp |= KRB5_ADM_M_MAXLIFE; - } - - /* Do maxrenewlife */ - if (isrand) { - if (MAXRENEWLIFE_EVENT) { - dbentp->max_renewable_life = RAND(); - *validp |= KRB5_ADM_M_MAXRENEWLIFE; - } - } - else { - dbentp->max_renewable_life = KRB5_KDB_MAX_RLIFE; - *validp |= KRB5_ADM_M_MAXRENEWLIFE; - } - - /* Do expiration */ - if (isrand) { - if (EXPIRATION_EVENT) { - dbentp->expiration = RAND(); - *validp |= KRB5_ADM_M_EXPIRATION; - } - } - else { - dbentp->expiration = KRB5_KDB_EXPIRATION; - *validp |= KRB5_ADM_M_EXPIRATION; - } - - /* Do pw_expiration */ - if (isrand) { - if (PWEXPIRATION_EVENT) { - dbentp->pw_expiration = RAND(); - *validp |= KRB5_ADM_M_PWEXPIRATION; - } - } - else { - dbentp->pw_expiration = (krb5_timestamp) now + 3600; - *validp |= KRB5_ADM_M_PWEXPIRATION; - } - - /* Do randomkey - 1/8 probability of doing randomkey */ - if (isrand && (RANDOMKEY_EVENT)) { - *validp |= KRB5_ADM_M_RANDOMKEY; - } - - /* Do flags */ - if (isrand) { - if (FLAGS_EVENT) { - dbentp->attributes = RAND(); - *validp |= KRB5_ADM_M_FLAGS; - } - } - else { - dbentp->attributes = KRB5_KDB_DEF_FLAGS; - *validp |= KRB5_ADM_M_FLAGS; - } - - /* Do lastsuccess */ - if (isrand) { - if (LASTSUCCESS_EVENT) { - dbentp->last_success = RAND(); - *validp |= KRB5_ADM_M_LASTSUCCESS; - } - } - else { - if (!is_set) { - dbentp->last_success = (krb5_timestamp) now - 3600; - *validp |= KRB5_ADM_M_LASTSUCCESS; - } - } - - /* Do lastfailed */ - if (isrand) { - if (LASTFAILED_EVENT) { - dbentp->last_failed = RAND(); - *validp |= KRB5_ADM_M_LASTFAILED; - } - } - else { - if (!is_set) { - dbentp->last_failed = (krb5_timestamp) now - 3600; - *validp |= KRB5_ADM_M_LASTFAILED; - } - } - - /* Do failcount */ - if (isrand) { - if (FAILCOUNT_EVENT) { - dbentp->fail_auth_count = RAND(); - *validp |= KRB5_ADM_M_FAILCOUNT; - } - } - else { - if (!is_set) { - dbentp->fail_auth_count = 0; - *validp |= KRB5_ADM_M_FAILCOUNT; - } - } - - /* - * Generate auxiliary data. - */ - if (isrand) { - krb5_octet *lpw_change; - krb5_tl_data *tldata; - krb5_timestamp lpw; - krb5_tl_mod_princ mprinc; - int didone; - - didone = 0; - if (LASTPWCHANGE_EVENT) { - if ((tldata = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) && - (lpw_change = (krb5_octet *) malloc(sizeof(krb5_timestamp)))) { - lpw = (krb5_timestamp) RAND(); - lpw_change[0] = (unsigned char) ((lpw >> 24) & 0xff); - lpw_change[1] = (unsigned char) ((lpw >> 16) & 0xff); - lpw_change[2] = (unsigned char) ((lpw >> 8) & 0xff); - lpw_change[3] = (unsigned char) (lpw & 0xff); - tldata->tl_data_next = (krb5_tl_data *) NULL; - tldata->tl_data_type = KRB5_TL_LAST_PWD_CHANGE; - tldata->tl_data_length = sizeof(krb5_timestamp); - tldata->tl_data_contents = lpw_change; - dbentp->n_tl_data = 1; - dbentp->tl_data = tldata; - didone++; - } - } - if (MODNAME_EVENT || MODDATE_EVENT) { - mprinc.mod_date = (krb5_timestamp) RAND(); - if (!krb5_parse_name(kcontext, defprinc, &mprinc.mod_princ)) { - if (!krb5_dbe_encode_mod_princ_data(kcontext, &mprinc, dbentp)) - didone++; - } - } - if (didone) - *validp |= KRB5_ADM_M_AUXDATA; - } - else { - krb5_octet *lpw_change; - krb5_tl_data *tldata; - krb5_timestamp lpw; - krb5_tl_mod_princ mprinc; - - if ((tldata = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) && - (lpw_change = (krb5_octet *) malloc(sizeof(krb5_timestamp)))) { - lpw = (krb5_timestamp) now - 3600; - lpw_change[0] = (unsigned char) ((lpw >> 24) & 0xff); - lpw_change[1] = (unsigned char) ((lpw >> 16) & 0xff); - lpw_change[2] = (unsigned char) ((lpw >> 8) & 0xff); - lpw_change[3] = (unsigned char) (lpw & 0xff); - tldata->tl_data_next = (krb5_tl_data *) NULL; - tldata->tl_data_type = KRB5_TL_LAST_PWD_CHANGE; - tldata->tl_data_length = sizeof(krb5_timestamp); - tldata->tl_data_contents = lpw_change; - dbentp->n_tl_data = 1; - dbentp->tl_data = tldata; - } - mprinc.mod_date = (krb5_timestamp) now; - if (!krb5_parse_name(kcontext, defprinc, &mprinc.mod_princ)) - krb5_dbe_encode_mod_princ_data(kcontext, &mprinc, dbentp); - *validp |= KRB5_ADM_M_AUXDATA; - } - - /* Make key data */ - if (isrand) { - int i, j, kl, sl; - - if (!is_set) { - for (i=0; i<(1+(RAND()%8)); i++) { - if (!krb5_dbe_create_key_data(kcontext, dbentp)) { - dbentp->key_data[i].key_data_kvno = RAND() % 32768; - dbentp->key_data[i].key_data_type[0] = RAND() % 32768; - dbentp->key_data[i].key_data_type[1] = RAND() % 32768; - kl = dbentp->key_data[i].key_data_length[0] = - 8 + (RAND() % 128); - sl = dbentp->key_data[i].key_data_length[1] = - 0 + (RAND() % 128); - if (dbentp->key_data[i].key_data_contents[0] = - (krb5_octet *) malloc(kl)) { - for (j=0; jkey_data[i].key_data_contents[0][j] = - RAND() % 256; - } - } - if (dbentp->key_data[i].key_data_contents[1] = - (krb5_octet *) malloc(sl)) { - for (j=0; jkey_data[i].key_data_contents[1][j] = - RAND() % 256; - } - } - *validp |= KRB5_ADM_M_KEYDATA; - } - } - } - } - else { - if (!is_set) { - if (!krb5_dbe_create_key_data(kcontext, dbentp)) { - int i; - - dbentp->key_data[0].key_data_kvno = 1; - dbentp->key_data[0].key_data_type[0] = 1; - dbentp->key_data[0].key_data_type[1] = 0; - dbentp->key_data[0].key_data_length[0] = 24; - dbentp->key_data[0].key_data_length[1] = 0; - if (dbentp->key_data[0].key_data_contents[0] = - (krb5_octet *) malloc(24)) { - for (i=0; i<24; i++) - dbentp->key_data[0].key_data_contents[0][i] = RAND() % 256; - } - dbentp->key_data[0].key_data_contents[1] = (krb5_octet *) NULL; - *validp |= KRB5_ADM_M_KEYDATA; - } - } - } - - /* Make extra data */ - if (isrand && EXTRA_EVENT) { - dbentp->e_length = 8 + (RAND() % 504); - if (dbentp->e_data = (krb5_octet *) - malloc((size_t) dbentp->e_length)) { - int j; - for (j=0; je_length; j++) { - dbentp->e_data[j] = RAND() % 256; - } - *validp |= KRB5_ADM_M_EXTRADATA; - } - else - dbentp->e_length = 0; - } - - if (is_set) { - /* Only 25% may fail at most */ - if (isrand && ((RAND() % 100) < 75)) { - *validp &= KRB5_ADM_M_SET_VALID; - } -#ifdef notdef - if ((*validp & KRB5_ADM_M_PASSWORD) != 0) - *validp &= ~KRB5_ADM_M_RANDOMKEY; -#endif /* notdef */ - *expectp = ((*validp & ~KRB5_ADM_M_SET_VALID) != 0) ? 1 : 0; - } - else { - /* Only 25% may fail at most */ - if (isrand && ((RAND() % 100) < 75)) - *validp &= KRB5_ADM_M_GET_VALID; - *expectp = ((*validp & ~KRB5_ADM_M_GET_VALID) != 0) ? 1 : 0; - } -} - -/* - * Compare two entries. - */ -static krb5_boolean -compare_entries(kcontext, ivalid, ientp, ipwd, ovalid, oentp, opwd) - krb5_context kcontext; - krb5_ui_4 ivalid; - krb5_db_entry *ientp; - char *ipwd; - krb5_ui_4 ovalid; - krb5_db_entry *oentp; - char *opwd; -{ - /* Handle/compare password */ - if (((ivalid & KRB5_ADM_M_PASSWORD) != 0) && - (((ovalid & KRB5_ADM_M_PASSWORD) == 0) || - strcmp(ipwd, opwd))) - return(0); - - /* Handle/compare maxlife */ - if (((ivalid & KRB5_ADM_M_MAXLIFE) != 0) && - (((ovalid & KRB5_ADM_M_MAXLIFE) == 0) || - (ientp->max_life != oentp->max_life))) - return(0); - - /* Handle/compare maxrenewlife */ - if (((ivalid & KRB5_ADM_M_MAXRENEWLIFE) != 0) && - (((ovalid & KRB5_ADM_M_MAXRENEWLIFE) == 0) || - (ientp->max_renewable_life != oentp->max_renewable_life))) - return(0); - - /* Handle/compare expiration */ - if (((ivalid & KRB5_ADM_M_EXPIRATION) != 0) && - (((ovalid & KRB5_ADM_M_EXPIRATION) == 0) || - (ientp->expiration != oentp->expiration))) - return(0); - - /* Handle/compare pwexpiration */ - if (((ivalid & KRB5_ADM_M_PWEXPIRATION) != 0) && - (((ovalid & KRB5_ADM_M_PWEXPIRATION) == 0) || - (ientp->pw_expiration != oentp->pw_expiration))) - return(0); - -#ifdef notdef - /* Handle/compare random key */ - if (((ivalid & KRB5_ADM_M_RANDOMKEY) != 0) && - ((ovalid & KRB5_ADM_M_PASSWORD) != 0)) - return(0); -#endif /* notdef */ - - /* Handle/compare flags */ - if (((ivalid & KRB5_ADM_M_FLAGS) != 0) && - (((ovalid & KRB5_ADM_M_FLAGS) == 0) || - (ientp->attributes != oentp->attributes))) - return(0); - - /* Handle/compare lastsuccess */ - if (((ivalid & KRB5_ADM_M_LASTSUCCESS) != 0) && - (((ovalid & KRB5_ADM_M_LASTSUCCESS) == 0) || - (ientp->last_success != oentp->last_success))) - return(0); - - /* Handle/compare lastfailed */ - if (((ivalid & KRB5_ADM_M_LASTFAILED) != 0) && - (((ovalid & KRB5_ADM_M_LASTFAILED) == 0) || - (ientp->last_failed != oentp->last_failed))) - return(0); - - /* Handle/compare failcount */ - if (((ivalid & KRB5_ADM_M_FAILCOUNT) != 0) && - (((ovalid & KRB5_ADM_M_FAILCOUNT) == 0) || - (ientp->fail_auth_count != oentp->fail_auth_count))) - return(0); - - /* Handle/compare auxiliary data */ - if (((ivalid & KRB5_ADM_M_AUXDATA) != 0) && - (((ovalid & KRB5_ADM_M_AUXDATA) == 0) || - aux_data_inequal(ientp, oentp))) - return(0); - - /* Handle/compare key data */ - if (((ivalid & KRB5_ADM_M_KEYDATA) != 0) && - (((ovalid & KRB5_ADM_M_KEYDATA) == 0) || - key_data_inequal(ientp, oentp))) - return(0); - - /* Handle/compare extra data */ - if (((ivalid & KRB5_ADM_M_EXTRADATA) != 0) && - (((ovalid & KRB5_ADM_M_EXTRADATA) == 0) || - extra_data_inequal(ientp, oentp))) - return(0); - - return(1); -} - -/* - * Print out an entry. - */ -static void -print_dbent(kcontext, ivalid, ientp, ipwd) - krb5_context kcontext; - krb5_ui_4 ivalid; - krb5_db_entry *ientp; - char *ipwd; -{ - printf("Valid mask:\t%08x\n", ivalid); - - /* Print password */ - if ((ivalid & KRB5_ADM_M_PASSWORD) != 0) - printf("Password:\t%s\n", ipwd); - - /* Print maxlife */ - if ((ivalid & KRB5_ADM_M_MAXLIFE) != 0) - printf("max_life:\t%8d\t%08x\n", ientp->max_life, ientp->max_life); - - /* Print maxrenewlife */ - if ((ivalid & KRB5_ADM_M_MAXRENEWLIFE) != 0) - printf("max_rlife:\t%8d\t%08x\n", ientp->max_renewable_life, - ientp->max_renewable_life); - - /* Print expiration */ - if ((ivalid & KRB5_ADM_M_EXPIRATION) != 0) - printf("expires:\t%8d\t%08x\t%s\n", ientp->expiration, - ientp->expiration, time2string(ientp->expiration)); - - /* Print pwexpiration */ - if ((ivalid & KRB5_ADM_M_PWEXPIRATION) != 0) - printf("pw expires:\t%8d\t%08x\t%s\n", ientp->pw_expiration, - ientp->pw_expiration, time2string(ientp->pw_expiration)); - - /* Print random key */ - if ((ivalid & KRB5_ADM_M_RANDOMKEY) != 0) - printf("random key\n"); - - /* Print flags */ - if ((ivalid & KRB5_ADM_M_FLAGS) != 0) - printf("flags:\t\t%8d\t%08x\n", ientp->attributes, ientp->attributes); - - /* Print lastsuccess */ - if ((ivalid & KRB5_ADM_M_LASTSUCCESS) != 0) - printf("lastsucc:\t%8d\t%08x\t%s\n", ientp->last_success, - ientp->last_success, time2string(ientp->last_success)); - - /* Print lastfailed */ - if ((ivalid & KRB5_ADM_M_LASTFAILED) != 0) - printf("lastfail:\t%8d\t%08x\t%s\n", ientp->last_failed, - ientp->last_failed, time2string(ientp->last_failed)); - - /* Print failcount */ - if ((ivalid & KRB5_ADM_M_FAILCOUNT) != 0) - printf("failcount:\t%8d\t%08x\n", ientp->fail_auth_count, - ientp->fail_auth_count); - - /* Print auxiliary data */ - if ((ivalid & KRB5_ADM_M_AUXDATA) != 0) - print_auxdata(ientp); - - /* Print key data */ - if ((ivalid & KRB5_ADM_M_KEYDATA) != 0) - print_keydata(ientp); - - /* Print extra data */ - if ((ivalid & KRB5_ADM_M_EXTRADATA) != 0) - print_extradata(ientp); -} - -/* - * Do a test case. - * - * Strategy: Generate the desired database entry type, then convert it using - * krb5_adm_dbent_to_proto, then convert it back to a database entry - * using krb5_adm_proto_to_dbent. Then verify the match. - */ -static krb5_int32 -do_test(pname, verbose, isrand, is_a_set, title, passno) - char *pname; - krb5_boolean verbose; - krb5_boolean isrand; - krb5_boolean is_a_set; - char *title; - krb5_int32 passno; -{ - krb5_context kcontext; - krb5_db_entry *in_dbent; - krb5_db_entry *out_dbent; - krb5_error_code kret; - krb5_int32 ncomps; - krb5_data *complist; - krb5_ui_4 in_validmask; - krb5_ui_4 out_validmask; - char *in_password; - char *out_password; - krb5_boolean should_fail; - - if (verbose) { - printf("* Begin %s", title); - if (isrand) - printf(" pass %d", passno); - printf("\n"); - } - - kret = 0; - krb5_init_context(&kcontext); - krb5_init_ets(kcontext); - in_dbent = (krb5_db_entry *) malloc(sizeof(krb5_db_entry)); - out_dbent = (krb5_db_entry *) malloc(sizeof(krb5_db_entry)); - if (in_dbent && out_dbent) { - /* Initialize our data */ - memset((char *) in_dbent, 0, sizeof(krb5_db_entry)); - memset((char *) out_dbent, 0, sizeof(krb5_db_entry)); - in_password = out_password = (char *) NULL; - out_validmask = 0; - ncomps = 0; - complist = (krb5_data *) NULL; - should_fail = 0; - if (!isrand) { - if (is_a_set) - in_validmask = KRB5_ADM_M_SET; - else - in_validmask = KRB5_ADM_M_GET; - } - else { - if (SET_EVENT) - in_validmask = KRB5_ADM_M_SET; - else - in_validmask = KRB5_ADM_M_GET; - } - - /* Generate the database entry. */ - gen_dbent(kcontext, - in_dbent, isrand, &in_validmask, &in_password, &should_fail); - - /* Convert it to the o-t-w protocol */ - if (!(kret = krb5_adm_dbent_to_proto(kcontext, - in_validmask, - in_dbent, - in_password, - &ncomps, - &complist))) { - /* If this should fail, then we've got a problem here */ - if (!should_fail) { - - /* Otherwise, convert it back to a database entry */ - if (!(kret = krb5_adm_proto_to_dbent(kcontext, - ncomps, - complist, - &out_validmask, - out_dbent, - &out_password))) { - /* Compare the entries */ - if (compare_entries(kcontext, - in_validmask, - in_dbent, - in_password, - out_validmask, - out_dbent, - out_password)) { - /* Success */ - if (verbose) { - printf("Successful translation"); - printf(" during %s", title); - if (isrand) - printf(" pass %d", passno); - printf(" of:\n"); - print_dbent(kcontext, - in_validmask, in_dbent, in_password); - } - } - else { - /* Failed */ - fprintf(stderr, "%s: comparison mismatch", pname); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - if (verbose) { - printf("Input entry is as follows:\n"); - print_dbent(kcontext, - in_validmask, in_dbent, in_password); - printf("Output entry is as follows:\n"); - print_dbent(kcontext, - out_validmask, - out_dbent, - out_password); - } - kret = KRB5KRB_ERR_GENERIC; - } - if (out_password) - krb5_xfree(out_password); - } - else { - /* Conversion to database entry failed */ - fprintf(stderr, "%s: protocol decode failed with %d", - pname, kret); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - } - } - else { - /* Should have failed */ - fprintf(stderr, "%s: protocol encode unexpectedly succeeded", - pname); - kret = KRB5KRB_ERR_GENERIC; - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - } - krb5_free_adm_data(kcontext, ncomps, complist); - } - else { - /* Convert to protocol failed */ - if (!should_fail) { - /* Unexpected failure */ - fprintf(stderr, "%s: protocol encode failed with %d", - pname, kret); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - } - else { - /* Success */ - if (verbose) - printf("- Expected failure OK\n"); - kret = 0; - } - } - /* Cleanup */ - if (in_password) - free(in_password); - if (in_dbent->tl_data) { - krb5_tl_data *xxx, *xxx1; - - for (xxx=in_dbent->tl_data; xxx; ) { - xxx1 = xxx; - xxx = xxx->tl_data_next; - free(xxx1); - } - } - free(in_dbent); - if (out_dbent->tl_data) { - krb5_tl_data *xxx, *xxx1; - - for (xxx=out_dbent->tl_data; xxx; ) { - xxx1 = xxx; - xxx = xxx->tl_data_next; - free(xxx1); - } - } - free(out_dbent); - } - else { - fprintf(stderr, "%s: no memory\n", pname); - kret = ENOMEM; - } - - krb5_free_context(kcontext); - if (verbose) { - printf("* End %s ", title); - if (isrand) - printf(" pass %d ", passno); - printf("%s", (kret) ? "FAILURE" : "SUCCESS"); - if (kret) - printf("%d - %s", kret, error_message(kret)); - printf("\n"); - } - return((kret) ? 1 : 0); -} - -/* - * usage is: t_dbentry [-r ] [-v] - */ -int -main(argc, argv) - int argc; - char *argv[]; -{ - krb5_boolean verbose; - krb5_int32 randompasses; - krb5_int32 error; - int option; - extern char *optarg; - char *programname; - int i; - time_t now; - - randompasses = 0; - verbose = 0; - error = 0; - programname = argv[0]; - - now = time((time_t *) NULL); - SRAND((RAND_TYPE) now); - while ((option = getopt(argc, argv, "r:v")) != EOF) { - switch (option) { - case 'r': - if (sscanf(optarg, "%d", &randompasses) != 1) { - fprintf(stderr, "%s: %s is not a number\n", argv[0], optarg); - error++; - } - break; - case 'v': - verbose = 1; - break; - default: - fprintf(stderr, "%s: usage is %s [-r number] [-v]\n", - argv[0], argv[0]); - error++; - break; - } - } - if (error) - return(error); - - error += do_test(programname, verbose, 0, 1, "Standard set test", 0); - error += do_test(programname, verbose, 0, 0, "Standard get test", 0); - for (i=0; ikey.contents = (krb5_octet *) malloc(keylen); - if (ktentp->key.contents) { - ktentp->key.length = keylen; - for (i=0; ikey.contents[i] = RAND() & 255; - } - } - else { - ktentp->key.contents = (krb5_octet *) malloc(sizeof(defkey)); - if (ktentp->key.contents) { - ktentp->key.length = 8; - memcpy(ktentp->key.contents, defkey, sizeof(defkey)); - } - } -} - -/* - * Generate a keytab entry. - */ -static void -gen_ktent(kcontext, ktentp, isrand) - krb5_context kcontext; - krb5_keytab_entry *ktentp; - krb5_boolean isrand; -{ - char *princname; - - princname = gen_princname(isrand); - if (princname && !krb5_parse_name(kcontext, - princname, - &ktentp->principal) - ) { - ktentp->vno = (isrand) ? RAND() : 1; - gen_key(ktentp, isrand); - free(princname); - } -} - -/* - * Compare two entries. - */ -static krb5_boolean -compare_entries(kcontext, ientp, oentp) - krb5_context kcontext; - krb5_keytab_entry *ientp; - krb5_keytab_entry *oentp; -{ - if (ientp->vno != oentp->vno) - return(0); - - if ((ientp->key.length != oentp->key.length) || - memcmp(ientp->key.contents, oentp->key.contents, ientp->key.length)) - return(0); - - if (!krb5_principal_compare(kcontext, ientp->principal, oentp->principal)) - return(0); - return(1); -} - -/* - * Print out an entry. - */ -static void -print_ktent(kcontext, ientp) - krb5_context kcontext; - krb5_keytab_entry *ientp; -{ - char *princname; - int i; - - if (!krb5_unparse_name(kcontext, ientp->principal, &princname)) { - printf("Principal: %s (version %d[%x])\n", princname, ientp->vno); - printf("Key:"); - for (i=0; ikey.length; i++) - printf(" %02x", ientp->key.contents[i]); - printf("\n"); - krb5_xfree(princname); - } -} - -/* - * Do a test case. - * - * Strategy: Generate the desired keytab entry type, then convert it using - * krb5_adm_ktent_to_proto, then convert it back to a keytab entry - * using krb5_adm_proto_to_ktent. Then verify the match. - */ -static krb5_int32 -do_test(pname, verbose, isrand, title, passno) - char *pname; - krb5_boolean verbose; - krb5_boolean isrand; - char *title; - krb5_int32 passno; -{ - krb5_context kcontext; - krb5_keytab_entry *in_ktent; - krb5_keytab_entry *out_ktent; - krb5_error_code kret; - krb5_int32 ncomps; - krb5_data *complist; - - if (verbose) { - printf("* Begin %s", title); - if (isrand) - printf(" pass %d", passno); - printf("\n"); - } - - kret = 0; - krb5_init_context(&kcontext); - krb5_init_ets(kcontext); - in_ktent = (krb5_keytab_entry *) malloc(sizeof(krb5_keytab_entry)); - out_ktent = (krb5_keytab_entry *) malloc(sizeof(krb5_keytab_entry)); - if (in_ktent && out_ktent) { - /* Initialize our data */ - memset((char *) in_ktent, 0, sizeof(krb5_keytab_entry)); - memset((char *) out_ktent, 0, sizeof(krb5_keytab_entry)); - ncomps = 0; - complist = (krb5_data *) NULL; - - /* Generate the keytab entry. */ - gen_ktent(kcontext, in_ktent, isrand); - - /* Convert it to the o-t-w protocol */ - if (!(kret = krb5_adm_ktent_to_proto(kcontext, - in_ktent, - &ncomps, - &complist))) { - /* Otherwise, convert it back to a keytab entry */ - if (!(kret = krb5_adm_proto_to_ktent(kcontext, - ncomps, - complist, - out_ktent))) { - /* Compare the entries */ - if (compare_entries(kcontext, - in_ktent, - out_ktent)) { - /* Success */ - if (verbose) { - printf("Successful translation"); - printf(" during %s", title); - if (isrand) - printf(" pass %d", passno); - printf(" of:\n"); - print_ktent(kcontext, in_ktent); - } - } - else { - /* Failed */ - fprintf(stderr, "%s: comparison mismatch", pname); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - if (verbose) { - printf("Input entry is as follows:\n"); - print_ktent(kcontext, in_ktent); - printf("Output entry is as follows:\n"); - print_ktent(kcontext, out_ktent); - } - kret = KRB5KRB_ERR_GENERIC; - } - } - else { - /* Conversion to keytab entry failed */ - fprintf(stderr, "%s: protocol decode failed with %d", - pname, kret); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - } - krb5_free_adm_data(kcontext, ncomps, complist); - } - else { - /* Convert to protocol failed */ - fprintf(stderr, "%s: protocol encode failed with %d", - pname, kret); - fprintf(stderr, " during %s", title); - if (isrand) - fprintf(stderr, " pass %d", passno); - fprintf(stderr, "\n"); - } - /* Cleanup */ - if (in_ktent->principal) - krb5_free_principal(kcontext, in_ktent->principal); - if (in_ktent->key.contents) - free(in_ktent->key.contents); - free(in_ktent); - if (out_ktent->principal) - krb5_free_principal(kcontext, out_ktent->principal); - if (out_ktent->key.contents) - free(out_ktent->key.contents); - free(out_ktent); - } - else { - fprintf(stderr, "%s: no memory\n", pname); - kret = ENOMEM; - } - - krb5_free_context(kcontext); - if (verbose) { - printf("* End %s ", title); - if (isrand) - printf(" pass %d ", passno); - printf("%s", (kret) ? "FAILURE" : "SUCCESS"); - if (kret) - printf("%d - %s", kret, error_message(kret)); - printf("\n"); - } - return((kret) ? 1 : 0); -} - -/* - * usage is: t_ktentry [-r ] [-v] - */ -int -main(argc, argv) - int argc; - char *argv[]; -{ - krb5_boolean verbose; - krb5_int32 randompasses; - krb5_int32 error; - int option; - extern char *optarg; - char *programname; - int i; - time_t now; - - randompasses = 0; - verbose = 0; - error = 0; - programname = argv[0]; - - now = time((time_t *) NULL); - SRAND((RAND_TYPE) now); - while ((option = getopt(argc, argv, "r:v")) != EOF) { - switch (option) { - case 'r': - if (sscanf(optarg, "%d", &randompasses) != 1) { - fprintf(stderr, "%s: %s is not a number\n", argv[0], optarg); - error++; - } - break; - case 'v': - verbose = 1; - break; - default: - fprintf(stderr, "%s: usage is %s [-r number] [-v]\n", - argv[0], argv[0]); - error++; - break; - } - } - if (error) - return(error); - - error += do_test(programname, verbose, 0, "Standard test", 0); - for (i=0; i