From: Theodore Tso Date: Fri, 12 Apr 1996 00:34:53 +0000 (+0000) Subject: Remove the old Sandia kadmin code X-Git-Tag: krb5-1.0-beta6~220 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a2cba160938beca6083cca233ba2573ea8bd0d89;p=krb5.git Remove the old Sandia kadmin code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7795 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin.old/.Sanitize b/src/kadmin.old/.Sanitize deleted file mode 100644 index e0be24820..000000000 --- a/src/kadmin.old/.Sanitize +++ /dev/null @@ -1,39 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -client -configure -configure.in -kpasswd -server - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/kadmin.old/.cvsignore b/src/kadmin.old/.cvsignore deleted file mode 100644 index e8c05a6b1..000000000 --- a/src/kadmin.old/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -configure diff --git a/src/kadmin.old/ChangeLog b/src/kadmin.old/ChangeLog deleted file mode 100644 index 48d2f0ac7..000000000 --- a/src/kadmin.old/ChangeLog +++ /dev/null @@ -1,14 +0,0 @@ -Thu Aug 24 19:17:20 1995 Theodore Y. Ts'o - - * .Sanitize: Update file list - -Fri Jul 7 16:02:34 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove LDFLAGS. - -Fri Jun 9 19:06:26 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. Use DO_SUBDIRS to - recurse down subdirectories. - - diff --git a/src/kadmin.old/Makefile.in b/src/kadmin.old/Makefile.in deleted file mode 100644 index 2f64b25f2..000000000 --- a/src/kadmin.old/Makefile.in +++ /dev/null @@ -1,4 +0,0 @@ -CFLAGS = $(CCOPTS) - -all:: - diff --git a/src/kadmin.old/client/.Sanitize b/src/kadmin.old/client/.Sanitize deleted file mode 100644 index 6aad222d5..000000000 --- a/src/kadmin.old/client/.Sanitize +++ /dev/null @@ -1,47 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -kadmin.M -kadmin.c -kadmin_add.c -kadmin_adr.c -kadmin_cpr.c -kadmin_cpw.c -kadmin_del.c -kadmin_done.c -kadmin_inq.c -kadmin_mod.c -kadmin_msnd.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/kadmin.old/client/.cvsignore b/src/kadmin.old/client/.cvsignore deleted file mode 100644 index e8c05a6b1..000000000 --- a/src/kadmin.old/client/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -configure diff --git a/src/kadmin.old/client/ChangeLog b/src/kadmin.old/client/ChangeLog deleted file mode 100644 index 5a36b44b3..000000000 --- a/src/kadmin.old/client/ChangeLog +++ /dev/null @@ -1,75 +0,0 @@ -Sat Oct 21 08:46:02 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) - - * Makefile.in (install): Install in ADMIN_BINDIR and not - CLIENT_BINDIR for consistency with other admin clients. - -Fri Jul 7 16:03:02 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove all explicit library handling and LDFLAGS. - * configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES. - -Thu Jul 6 17:28:26 1995 Tom Yu - - * kadmin.c (get_first_ticket): Pass context to os_localaddr. - -Fri Jun 30 14:36:35 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Add --with-dbm to select between Berkeley and DBM - KDC database format. - -Wed Jun 21 10:49:32 1995 - - * kadmin.c: Change PROTOTYPE -> KRB5_PROTOTYPE - -Tue Jun 20 19:00:32 1995 Mark Eichin - - * configure.in: switch obsolete AC_HAVE_HEADER to AC_CHECK_HEADERS. - -Tue Jun 20 12:48:06 1995 Tom Yu (tlyu@dragons-lair) - - * configure.in: add missing check for stdlib.h - -Thu Jun 15 17:49:31 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Change explicit library names to -l form, and - change target link line to use $(LD) and associated flags. - * configure.in - Add shared library usage check. - -Sat Jun 10 23:00:53 1995 Tom Yu (tlyu@dragons-lair) - - * kadmin.c, kadmin_add.c, kadmin_apr.c, kadmin_cpr.c, - kadmin_cpw.c, kadmin_del.c, kadmin_done.c, kadmin_inq.c, - kadmin_mod.c, kadmin_msnd.c: krb5_auth_context redefinitions - -Fri Jun 9 19:06:41 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Wed May 24 07:03:21 1995 Ezra Peisach - - * kadmin_del.c, kadmin_mod.c, kadmin_inq.c, kadmin_cpr.c, - kadmin_adr.c, kadmin_msnd.c, kadmin.c: Include stdlib.h or - declare malloc(), calloc() and realloc(). - -Mon May 22 09:55:54 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Install old kadmin as kadmin_old. Manpage too. - -Mon May 1 23:19:10 1995 Theodore Y. Ts'o (tytso@dcl) - - * kadmin.c (main): Fix really broken way client and client_name - were being handled. Memory was being leaked, and then - memory blocks which were allocated to small where then - overrun. - - * kadmin_add.c (kadm_add_user): Fix memory leak. - -Sat Apr 29 12:47:55 1995 Ezra Peisach - - * kadmin_done.c (kadm_done): Removed unused argument to match call - from main. - - * kadmin_cpr.c (kadm_cpw_user_rnd): Remove unsed argument to match - call from main. - - * kadmin_adr.c (kadm_add_user_rnd): Remove unused arguments to - match calling convention. - - diff --git a/src/kadmin.old/client/Makefile.in b/src/kadmin.old/client/Makefile.in deleted file mode 100644 index 7c61a7b7c..000000000 --- a/src/kadmin.old/client/Makefile.in +++ /dev/null @@ -1,40 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -all:: - -SRCS = \ - $(srcdir)/kadmin.c \ - $(srcdir)/kadmin_add.c \ - $(srcdir)/kadmin_adr.c \ - $(srcdir)/kadmin_cpr.c \ - $(srcdir)/kadmin_inq.c \ - $(srcdir)/kadmin_msnd.c \ - $(srcdir)/kadmin_mod.c \ - $(srcdir)/kadmin_cpw.c \ - $(srcdir)/kadmin_del.c \ - $(srcdir)/kadmin_done.c - -OBJS = \ - kadmin.o \ - kadmin_add.o \ - kadmin_adr.o \ - kadmin_cpr.o \ - kadmin_inq.o \ - kadmin_msnd.o \ - kadmin_mod.o \ - kadmin_cpw.o \ - kadmin_del.o \ - kadmin_done.o - -all:: kadmin - -kadmin: $(OBJS) $(DEPLIBS) - $(LD) $(LDFLAGS) $(LDARGS) -o kadmin $(OBJS) $(LIBS) - -install:: - $(INSTALL_PROGRAM) $(C)kadmin ${DESTDIR}$(ADMIN_BINDIR)$(S)kadmin_old - $(INSTALL_DATA) $(srcdir)$(S)kadmin.M ${DESTDIR}$(ADMIN_MANDIR)$(S)kadmin_old.1 - -clean:: - $(RM) kadmin - diff --git a/src/kadmin.old/client/configure.in b/src/kadmin.old/client/configure.in deleted file mode 100644 index dd3f19192..000000000 --- a/src/kadmin.old/client/configure.in +++ /dev/null @@ -1,9 +0,0 @@ -AC_INIT(kadmin.c) -CONFIG_RULES -AC_CHECK_HEADERS(stdlib.h) -AC_PROG_INSTALL -ET_RULES -USE_KDB5_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin.old/client/kadmin.M b/src/kadmin.old/client/kadmin.M deleted file mode 100644 index 180a1a958..000000000 --- a/src/kadmin.old/client/kadmin.M +++ /dev/null @@ -1,2 +0,0 @@ -.\" this file was somehow lost -.\" but CVS deals badly with 0 length files. diff --git a/src/kadmin.old/client/kadmin.c b/src/kadmin.old/client/kadmin.c deleted file mode 100644 index 6534cc304..000000000 --- a/src/kadmin.old/client/kadmin.c +++ /dev/null @@ -1,739 +0,0 @@ -/* - * kadmin/client/kadmin.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "com_err.h" - -#ifndef MAXPATHLEN -#define MAXPATHLEN 1024 -#endif - -#include "krb5.h" -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -static krb5_error_code get_first_ticket - KRB5_PROTOTYPE((krb5_context, - krb5_ccache, - krb5_principal, - krb5_creds *)); - -struct sockaddr_in local_sin, remote_sin; - -char cache_name[255] = ""; - -static void get_def_princ - KRB5_PROTOTYPE((krb5_context, - krb5_principal * )); - -void decode_kadmind_reply(); -int print_status_message(); -extern char *optarg; -extern int optind; - - -void -main(argc,argv) - int argc; - char *argv[]; -{ - krb5_ccache cache = NULL; - - krb5_address local_addr, foreign_addr; - - krb5_principal client; - - char *client_name; /* Single string representation of client id */ - - krb5_data *requested_realm; - krb5_creds my_creds; - - krb5_error_code retval; /* return code */ - - int local_socket; - - krb5_error *err_ret; - krb5_ap_rep_enc_part *rep_ret; - - kadmin_requests rd_priv_resp; - - krb5_context context; - krb5_data msg_data, inbuf; - char buffer[255]; - char command_type[120]; - char princ_name[120]; - int i, valid; - int option; - int oper_type; - int nflag = 0; - int port = 0; - - krb5_auth_context new_auth_context; - krb5_replay_data replaydata; - - krb5_init_context(&context); - krb5_init_ets(context); - - while ((option = getopt(argc, argv, "c:np:")) != EOF) { - switch (option) { - case 'c': - strcpy (cache_name, optarg); - break; - case 'n': - nflag++; - break; - case 'p': - port = htons(atoi(optarg)); - break; - case '?': - default: - usage(); - break; - } - } - - if (optind < argc) { - /* Admin name specified on command line */ - client_name = (char *) malloc(755); - memset((char *) client_name, 0, sizeof(client_name)); - strcpy(client_name, argv[optind++]); - if (retval = krb5_parse_name(context, client_name, &client)) { - fprintf(stderr, "Error Parsing %s\n", client_name); - usage(); - } - } - else { - /* Admin name should be defaulted */ - get_def_princ(context, &client); - if (retval = krb5_unparse_name(context, client, &client_name)) { - fprintf(stderr, "Unable to unparse default administrator name!\n"); - usage(); - } - } - - /* At this point, both client and client_name are set up. */ - - if (!nflag) { - free(client_name); - client_name = (char *) malloc(755); - strcpy(client_name, client->data[0].data); - strncat(client_name, "/admin@", 7); - strncat(client_name, client->realm.data, client->realm.length); - krb5_free_principal(context, client); - if (retval = krb5_parse_name(context, client_name, &client)) { - fprintf(stderr, "Unable to Parse %s\n", client_name); - usage(); - } - } - - if (optind < argc) - usage(); - - /* Create credential cache for kadmin */ - if (!cache_name[0]) - (void) sprintf(cache_name, "FILE:/tmp/tkt_adm_%d", getpid()); - - if ((retval = krb5_cc_resolve(context, cache_name, &cache))) { - fprintf(stderr, "Unable to Resolve Cache: %s!\n", cache_name); - } - - if ((retval = krb5_cc_initialize(context, cache, client))) { - fprintf(stderr, "Error initializing cache: %s!\n", cache_name); - exit(1); - } - -/* - * Verify User by Obtaining Initial Credentials prior to Initial Link - */ - - if ((retval = get_first_ticket(context, cache, client, &my_creds))) { - (void) krb5_cc_destroy(context, cache); - exit(1); - } - /* my_creds has the necessary credentials for further processing: - Destroy credential cache for security reasons */ - (void) krb5_cc_destroy(context, cache); - - requested_realm = (krb5_data *) &client->realm; - - - /* Initiate Link to Server */ - if ((retval = adm5_init_link(context, requested_realm, port, - &local_socket))) { - exit(1); - } - -#ifdef unicos61 -#define SIZEOF_INADDR SIZEOF_in_addr -#else -#define SIZEOF_INADDR sizeof(struct in_addr) -#endif - -/* V4 kpasswd Protocol Hack - * Necessary for ALL kadmind clients - */ - { - int msg_length = 0; - - retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2); - if (retval < 0) { - fprintf(stderr, "krb5_net_write failure!\n"); - (void) krb5_cc_destroy(context, cache); - exit(1); - } - } - - local_addr.addrtype = ADDRTYPE_INET; - local_addr.length = SIZEOF_INADDR ; - local_addr.contents = (krb5_octet *) &local_sin.sin_addr; - - foreign_addr.addrtype = ADDRTYPE_INET; - foreign_addr.length = SIZEOF_INADDR ; - foreign_addr.contents = (krb5_octet *) &remote_sin.sin_addr; - - krb5_auth_con_init(context, &new_auth_context); - krb5_auth_con_setflags(context, new_auth_context, - KRB5_AUTH_CONTEXT_RET_SEQUENCE); - - krb5_auth_con_setaddrs(context, new_auth_context, - &local_addr, &foreign_addr); - - /* call Kerberos library routine to obtain an authenticator, - pass it over the socket to the server, and obtain mutual - authentication. */ - - inbuf.data = ADM5_ADM_VERSION; - inbuf.length = strlen(ADM5_ADM_VERSION); - - if ((retval = krb5_sendauth(context, &new_auth_context, - (krb5_pointer) &local_socket, - ADM_CPW_VERSION, - my_creds.client, - my_creds.server, - AP_OPTS_MUTUAL_REQUIRED, - &inbuf, - &my_creds, - 0, - &err_ret, - &rep_ret, - NULL))) { - fprintf(stderr, "Error while performing sendauth: %s!\n", - error_message(retval)); - exit(1); - } - - /* Read back what the server has to say ... */ - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, " Read Message Error: %s!\n", - error_message(retval)); - exit(1); - } - - if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) || - (inbuf.data[1] != KADMSAG)){ - fprintf(stderr, " Invalid ack from admin server.!\n"); - exit(1); - } - free(inbuf.data); - - if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = 0xff; - inbuf.length = 2; - - if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during First Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - exit(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, &local_socket, &msg_data)){ - fprintf(stderr, "Write Error During First Message Transmission!\n"); - exit(1); - } - free(msg_data.data); - - for ( ; ; ) { - /* Ok Now let's get the private message */ - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, "Read Error During First Reply: %s!\n", - error_message(retval)); - exit(1); - } - - if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during First Read Decoding: %s!\n", - error_message(retval)); - exit(1); - } - free(inbuf.data); - free(msg_data.data); - - valid = 0; - princ_name[0] = '\0'; -repeat: - printf("\n\nCommand (add, cpw, del, inq, mod, addrnd, cpwrnd, addv4, cpwv4, q): "); - fgets(buffer, sizeof(buffer), stdin); - buffer[strlen(buffer) -1] = '\0'; - sscanf(buffer,"%s %s", command_type, princ_name); - for (i = 0; command_type[i] != '\0'; i++) - if (isupper(command_type[i])) - command_type[i] = tolower(command_type[i]); - - if (!strcmp(command_type, "add")) { - valid++; - oper_type = ADDOPER; - if (retval = kadm_add_user(context, new_auth_context, &my_creds, - &local_socket, oper_type, princ_name)) - break; - } - if (!strcmp(command_type, "cpw")) { - valid++; - oper_type = CHGOPER; - if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, - &local_socket, oper_type, princ_name)) - break; - } - if (!strcmp(command_type, "addrnd")) { - valid++; - if (retval = kadm_add_user_rnd(context, new_auth_context, &my_creds, - &local_socket, princ_name)) - break; - } - if (!strcmp(command_type, "cpwrnd")) { - valid++; - if (retval = kadm_cpw_user_rnd(context, new_auth_context, &my_creds, - &local_socket, princ_name)) - break; - } - if (!strcmp(command_type, "del")) { - valid++; - if (retval = kadm_del_user(context, new_auth_context, &my_creds, - &local_socket, princ_name)) - break; - } - if (!strcmp(command_type, "inq")) { - valid++; - if (retval = kadm_inq_user(context, new_auth_context, &my_creds, - &local_socket, princ_name)) - break; - } - if (!strcmp(command_type, "mod")) { - valid++; - if (retval = kadm_mod_user(context, new_auth_context, &my_creds, - &local_socket, princ_name)) - break; - } - if (!strcmp(command_type, "addv4")) { - valid++; - oper_type = AD4OPER; - if (retval = kadm_add_user(context, new_auth_context, &my_creds, - &local_socket, oper_type, princ_name)) - break; - } - if (!strcmp(command_type, "cpwv4")) { - valid++; - oper_type = CH4OPER; - if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, - &local_socket, oper_type, princ_name)) - break; - } - if (!strcmp(command_type, "q")) { - valid++; - retval = kadm_done(context, new_auth_context, &my_creds, - &local_socket); - break; - } - - if (!valid) { - fprintf(stderr, "Invalid Input - Retry\n"); - goto repeat; - } - } - - if (retval) { - exit(1); - } - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - exit(1); - } - - if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - exit(1); - } - free(inbuf.data); - - decode_kadmind_reply(msg_data, &rd_priv_resp); - free(msg_data.data); - - if (!((rd_priv_resp.appl_code == KADMIN) && - (rd_priv_resp.retn_code == KADMGOOD))) { - if (rd_priv_resp.message) - fprintf(stderr, "%s\n", rd_priv_resp.message); - else - fprintf(stderr, "Generic Error During kadmin Termination!\n"); - retval = 1; - } else { - fprintf(stderr, "\nHave a Good Day.\n\n"); - } - - if (rd_priv_resp.message) - free(rd_priv_resp.message); - - krb5_free_principal(context, client); - - exit(retval); -} - -static krb5_error_code -get_first_ticket(context, cache, client, my_creds) - krb5_context context; - krb5_ccache cache; - krb5_principal client; - krb5_creds * my_creds; -{ - char prompt[255]; /* for the password prompt */ - - krb5_address **my_addresses; - - char *client_name; - krb5_error_code retval; - char *password; - int pwsize; - int i; - - if ((retval = krb5_unparse_name(context, client, &client_name))) { - fprintf(stderr, "Unable to Unparse Client Name!\n"); - return(1); - } - - if ((retval = krb5_os_localaddr(context, &my_addresses))) { - free(client_name); - fprintf(stderr, "Unable to Get Principals Address!\n"); - return(1); - } - - memset((char *) my_creds, 0, sizeof(krb5_creds)); - - my_creds->client = client; - - if ((retval = krb5_build_principal_ext(context, &my_creds->server, - client->realm.length, - client->realm.data, - strlen(CPWNAME), - CPWNAME, /* kadmin */ - client->realm.length, - client->realm.data, - /* instance is */ - 0))) { - fprintf(stderr, "Error %s while building client name!\n", - error_message(retval)); - krb5_free_addresses(context, my_addresses); - free(client_name); - return(1); - } - - (void) sprintf(prompt,"Password for %s: ", (char *) client_name); - - if ((password = (char *) calloc (1, 255)) == NULL) { - fprintf(stderr, "No Memory for Retrieving Admin Password!\n"); - free(client_name); - return(1); - } - - pwsize = 255; - if ((retval = krb5_read_password(context, - prompt, - 0, - password, - &pwsize) || pwsize == 0)) { - fprintf(stderr, "Error while reading password for '%s'!\n", - client_name); - free(password); - krb5_free_addresses(context, my_addresses); - free(client_name); - return(1); - } - - /* Build Request for Initial Credentials */ - retval = krb5_get_in_tkt_with_password(context, 0, /* options */ - my_addresses, - NULL, /* Default encryption list */ - NULL, /* Default preauth list */ - password, cache, my_creds, 0); - - /* Do NOT Forget to zap password */ - memset((char *) password, 0, pwsize); - free(password); - krb5_free_addresses(context, my_addresses); - free(client_name); - - if (retval) { - fprintf(stderr, "\nUnable to Get Initial Credentials: %s!\n", - error_message(retval)); - return(1); - } - - return(0); -} - -krb5_error_code -adm5_init_link(context, realm_of_server, port, local_socket) - krb5_context context; - krb5_data *realm_of_server; - int port; - int * local_socket; -{ - struct servent *service_process; /* service we will talk to */ - struct hostent *remote_host; /* host we will talk to */ - char **hostlist; - int namelen; - int i; - - krb5_error_code retval; - - /* clear out the structure first */ - (void) memset((char *)&remote_sin, 0, sizeof(remote_sin)); - - if (port != 0) { - remote_sin.sin_port = port; - } else { - if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) { - fprintf(stderr, "Unable to find Service (%s) Check services file!\n", - CPW_SNAME); - return(1); - } - - /* Copy the Port Number */ - remote_sin.sin_port = service_process->s_port; - } - - hostlist = 0; - - /* Identify all Hosts Associated with this Realm */ - if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) { - fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name!\n"); - return(retval); - } - - if (hostlist[0] == 0) { - fprintf(stderr, "No hosts found!\n"); - return KRB5_REALM_UNKNOWN; - } - - for (i=0; hostlist[i]; i++) { - remote_host = gethostbyname(hostlist[i]); - if (remote_host != 0) { - - /* set up the address of the foreign socket for connect() */ - remote_sin.sin_family = remote_host->h_addrtype; - (void) memcpy((char *) &remote_sin.sin_addr, - (char *) remote_host->h_addr, - sizeof(remote_host->h_addr)); - break; /* Only Need one */ - } - } - - krb5_free_krbhst(context, hostlist); - - /* open a TCP socket */ - *local_socket = socket(PF_INET, SOCK_STREAM, 0); - if (*local_socket < 0) { - retval = errno; - fprintf(stderr, "Cannot Open Socket!\n"); - return retval; - } - /* connect to the server */ - if (connect(*local_socket, (struct sockaddr *) &remote_sin, sizeof(remote_sin)) < 0) { - retval = errno; - fprintf(stderr, "Cannot Connect to Socket!\n"); - close(*local_socket); - return retval; - } - - /* find out who I am, now that we are connected and therefore bound */ - namelen = sizeof(local_sin); - if (getsockname(*local_socket, - (struct sockaddr *) &local_sin, &namelen) < 0) { - retval = errno; - fprintf(stderr, "Cannot Perform getsockname!\n"); - close(*local_socket); - return retval; - } - return 0; -} - -static void -get_def_princ(context, client) - krb5_context context; - krb5_principal *client; -{ - krb5_ccache cache = NULL; - struct passwd *pw; - int retval; - char client_name[755]; - krb5_flags cc_flags; - - /* Identify Default Credentials Cache */ - if (retval = krb5_cc_default(context, &cache)) { - fprintf(stderr, "Error while getting default ccache!\n"); - exit(1); - } - - /* - * Attempt to Modify Credentials Cache - * retval == 0 ==> ccache Exists - Use It - * retval == ENOENT ==> No Entries, but ccache Exists - * retval != 0 ==> Assume ccache does NOT Exist - */ - cc_flags = 0; - if (retval = krb5_cc_set_flags(context, cache, cc_flags)) { - /* Search passwd file for client */ - pw = getpwuid((int) getuid()); - if (pw) { - (void) strcpy(client_name, pw->pw_name); - if (!strncmp("root", client_name, strlen(client_name))) { - fprintf(stderr, - "root is not a valid Adimnistrator\n!\n"); - usage(); - } - } else { - fprintf(stderr, - "Unable to Identify Principal from Password File!\n"); - retval = 1; - usage(); - } - - /* Use this to get default_realm and format client_name */ - if ((retval = krb5_parse_name(context, client_name, client))) { - fprintf(stderr, "Unable to Parse Client Name!\n"); - usage(); - } - } else { - /* Read Client from Cache */ - if (retval = krb5_cc_get_principal(context, cache, client)) { - fprintf(stderr, - "Unable to Read Principal Credentials File!\n"); - exit(1); - } - - if (!strncmp("root", (*client)->data[0].data, - (*client)->data[0].length)) { - fprintf(stderr, "root is not a valid Administrator\n!\n"); - usage(); - } - } - (void) krb5_cc_close(context, cache); -} - -usage() -{ - fprintf(stderr, "Usage: "); - fprintf(stderr, "kadmin [-n] [-p port] [Administrator name]\n\n"); - fprintf(stderr, " If an Administrator name is not supplied, kadmin "); - fprintf(stderr, "will first\n attempt to locate the name from "); - fprintf(stderr, "the default ticket file, then\n by using the "); - fprintf(stderr, "username from the 'passwd' file.\n\n"); - fprintf(stderr, " For Cross Realm Obtain a ticket for 'Administrator "); - fprintf(stderr, "name' in the\n Destination realm or "); - fprintf(stderr, "specify the Destination Realm\n as part of the "); - fprintf(stderr, "Administrator name option.\n\n"); - fprintf(stderr, " Note: If the Administrator Name is not "); - fprintf(stderr, "supplied, then the \n"); - fprintf(stderr, " '/admin' instance will be appended to the "); - fprintf(stderr, "default name unless\n"); - fprintf(stderr, " the -n option is used.\n\n"); - exit(0); -} - -void decode_kadmind_reply(data, response) - krb5_data data; - kadmin_requests *response; -{ - response->appl_code = data.data[0]; - response->oper_code = data.data[1]; - response->retn_code = data.data[2]; - if (data.length > 3 && data.data[3]) { - response->message = (char *)malloc(data.length - 2); - if (response->message) { - memcpy(response->message, data.data + 3, data.length - 3); - response->message[data.length - 3] = 0; - } - } else - response->message = NULL; - - return; -} - -int print_status_message(response, success_msg) - kadmin_requests *response; - char *success_msg; -{ - int retval = 1; - - if (response->appl_code == KADMIN) { - if (response->retn_code == KADMGOOD) { - fprintf(stderr, "%s\n", success_msg); - retval = 0; - } else if (response->retn_code == KADMBAD) - fprintf(stderr, "%s\n", response->message); - else - fprintf(stderr, "ERROR: unknown return code from server.\n"); - } else - fprintf(stderr, "ERROR: unknown application code from server.\n"); - - if (response->message) - free(response->message); - - return retval; -} diff --git a/src/kadmin.old/client/kadmin_add.c b/src/kadmin.old/client/kadmin_add.c deleted file mode 100644 index 083f62166..000000000 --- a/src/kadmin.old/client/kadmin_add.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * kadmin/client/kadmin_add.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_add - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include "com_err.h" - -#include - -#include "k5-int.h" -#include "adm_defs.h" - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_add_user(context, auth_context, my_creds, local_socket, - oper_type, principal) - krb5_context context; - krb5_auth_context auth_context; - krb5_creds * my_creds; - int * local_socket; - int oper_type; - char * principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[255]; - char *password; - int pwsize; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = oper_type; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, "\nName of Principal to be Added: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - - free(msg_data.data); - - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - return(1); - } - - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - if (msg_data.data[2] == KADMBAD) { - decode_kadmind_reply(msg_data, &rd_priv_resp); - - if (rd_priv_resp.message) { - fprintf(stderr, "%s\n\n", rd_priv_resp.message); - free(rd_priv_resp.message); - } else - fprintf(stderr, "Generic error from server.\n\n"); - free(msg_data.data); - return(0); - } - -#ifdef MACH_PASS - pwsize = msg_data.length; - if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { - fprintf(stderr, "No Memory for allocation of password!\n"); - retval = 1; - free(msg_data.data); - return(1); - } - - memcpy(password, msg_data.data, pwsize); - memset(msg_data.data, 0, pwsize); - password[pwsize] = '\0'; - fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); - memset(password, 0, pwsize); - free(password); - fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); - - free(msg_data.data); - - if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = KADMGOOD; - inbuf.length = 2; - -#else - - free(msg_data.data); - - if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { - fprintf(stderr, "No Memory for allocation of password!\n"); - return(1); - } - - pwsize = ADM_MAX_PW_LENGTH+1; - - putchar('\n'); - if (retval = krb5_read_password(context, - DEFAULT_PWD_STRING1, - DEFAULT_PWD_STRING2, - password, - &pwsize)) { - fprintf(stderr, "Error while reading new password for %s: %s!\n", - username, error_message(retval)); - (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); - free(password); - return(1); - } - - if ((inbuf.data = (char *) calloc(1, strlen(password) + 1)) == (char *) 0) { - fprintf(stderr, "No Memory for allocation of buffer!\n"); - (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); - free(password); - return(1); - } - - inbuf.length = strlen(password); - (void) memcpy(inbuf.data, password, strlen(password)); - free(password); - -#endif /* MACH_PASS */ - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(msg_data.data); - - retval = print_status_message(&rd_priv_resp, - "Database Addition Successful."); - - return(retval); -} diff --git a/src/kadmin.old/client/kadmin_adr.c b/src/kadmin.old/client/kadmin_adr.c deleted file mode 100644 index db4927594..000000000 --- a/src/kadmin.old/client/kadmin_adr.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * kadmin/client/kadmin_adr.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_adr - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_add_user_rnd(context, auth_context, my_creds, - local_socket, principal) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; - char *principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[755]; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = ADROPER; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, "\nName of Principal to be Added: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - username[strlen(username) -1] = '\0'; - } - - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - retval = print_status_message(&rd_priv_resp, - "Database Addition Successful."); - - return(retval); -} diff --git a/src/kadmin.old/client/kadmin_cpr.c b/src/kadmin.old/client/kadmin_cpr.c deleted file mode 100644 index a3421a801..000000000 --- a/src/kadmin.old/client/kadmin_cpr.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * kadmin/client/kadmin_cpr.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_cpr - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_cpw_user_rnd(context, auth_context, my_creds, - local_socket, principal) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; - char *principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[755]; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = CHROPER; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, - "\nName of Principal Whose Password is to Change: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - /* Transmit Principal Name */ - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - print_status_message(&rd_priv_resp, - "Password Modification Successful."); - - return(0); -} - - diff --git a/src/kadmin.old/client/kadmin_cpw.c b/src/kadmin.old/client/kadmin_cpw.c deleted file mode 100644 index 768d49cee..000000000 --- a/src/kadmin.old/client/kadmin_cpw.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * kadmin/client/kadmin_cpw.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_cpw - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include "adm_defs.h" - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_cpw_user(context, auth_context, my_creds, - local_socket, oper_type, principal) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; - int oper_type; - char *principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[255]; - char *password; - int pwsize; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = oper_type; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, - "\nName of Principal Whose Password is to Change: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - /* Transmit Principal Name */ - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - free(msg_data.data); - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - return(1); - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - if (msg_data.data[2] == KADMBAD) { - decode_kadmind_reply(msg_data, &rd_priv_resp); - - if (rd_priv_resp.message) { - fprintf(stderr, "%s\n\n", rd_priv_resp.message); - free(rd_priv_resp.message); - } else - fprintf(stderr, "Generic error from server.\n\n"); - memset(msg_data.data, 0, msg_data.length); - free(msg_data.data); - return(0); - } - - if ((oper_type == CHGOPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) || - (oper_type == CH4OPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_NORMAL)) - fprintf(stderr, "WARNING: Changing Principal Salt type to %s!\n", - (msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) ? - "Version 5 Normal" : "Version 4"); - -#ifdef MACH_PASS /* Machine-generated passwords */ - pwsize = msg_data.length; - if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { - fprintf(stderr, "No Memory for allocation of password!\n"); - memset(msg_data.data, 0, msg_data.length); - free(msg_data.data); - return(1); - } - - memcpy(password, msg_data.data, pwsize); - memset(msg_data.data, 0, pwsize); - free(msg_data.data); - password[pwsize] = '\0'; - fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); - memset(password, 0, pwsize); - free(password); - fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); - - if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = KADMGOOD; - inbuf.length = 2; - -#else - - if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { - fprintf(stderr, "No Memory for allocation of password!\n"); - return(1); - } - - pwsize = ADM_MAX_PW_LENGTH+1; - - putchar('\n'); - if ((retval = krb5_read_password(context, - DEFAULT_PWD_STRING1, - DEFAULT_PWD_STRING2, - password, - &pwsize))) { - fprintf(stderr, "Error while reading new password for %s: %s!\n", - username, error_message(retval)); - (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); - free(password); - return(1); - } - - if ((inbuf.data = (char *) calloc (1, strlen(password) + 1)) == - (char *) 0) { - fprintf(stderr, "No Memory for allocation of buffer!\n"); - (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); - free(password); - return(1); /* No Memory */ - } - - inbuf.length = strlen(password); - (void) memcpy(inbuf.data, password, strlen(password)); - free(password); - -#endif /* MACH_PASS */ - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - print_status_message(&rd_priv_resp, - "Password Modification Successful."); - - return(0); -} diff --git a/src/kadmin.old/client/kadmin_del.c b/src/kadmin.old/client/kadmin_del.c deleted file mode 100644 index 25f362eb7..000000000 --- a/src/kadmin.old/client/kadmin_del.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * kadmin/client/kadmin_del.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_del - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_del_user(context, auth_context, my_creds, local_socket, principal) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; - char *principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[755]; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = DELOPER; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, "\nName of Principal to be Deleted: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - free(msg_data.data); - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - return(1); - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Decoding :%s!\n", - error_message(retval)); - return(1); - } - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - print_status_message(&rd_priv_resp, - "Database Deletion Successful."); - - return(0); -} diff --git a/src/kadmin.old/client/kadmin_done.c b/src/kadmin.old/client/kadmin_done.c deleted file mode 100644 index 07d38909d..000000000 --- a/src/kadmin.old/client/kadmin_done.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * kadmin/client/kadmin_done.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_done - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include "adm_defs.h" - -krb5_error_code -kadm_done(context, auth_context, my_creds, local_socket) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; -{ - krb5_replay_data replaydata; - krb5_data msg_data, inbuf; - krb5_error_code retval; /* return code */ - char buf[16]; - - inbuf.data = buf; - - inbuf.data[0] = KADMIN; - inbuf.data[1] = COMPLETE; - inbuf.data[2] = SENDDATA2; - inbuf.data[3] = 0xff; - (void) memset( inbuf.data + 4, 0, 4); - inbuf.length = 16; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - return(1); - } - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)) { - free(msg_data.data); - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - return(0); -} diff --git a/src/kadmin.old/client/kadmin_inq.c b/src/kadmin.old/client/kadmin_inq.c deleted file mode 100644 index 4802de457..000000000 --- a/src/kadmin.old/client/kadmin_inq.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * kadmin/client/kadmin_inq.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_inq - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_inq_user(context, auth_context, my_creds, local_socket, principal) - krb5_context context; - krb5_auth_context auth_context; - int *local_socket; - char *principal; -{ - krb5_replay_data replaydata; - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[755]; - int count; - krb5_error_code retval; /* return code */ - char *my_data; - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = INQOPER; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, "\nName of Principal to be Displayed: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - if (retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the private message */ - if ((retval = krb5_read_message(context, local_socket, &inbuf))){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - return(1); - } - - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - if (!msg_data.data) { - fprintf(stderr, "kadm_inq_user: Error - empty message received!\n\n"); - return(0); - } - - if (msg_data.data[2] == KADMBAD) { - decode_kadmind_reply(msg_data, &rd_priv_resp); - - if (rd_priv_resp.message) { - fprintf(stderr, "%s\n\n", rd_priv_resp.message); - free(rd_priv_resp.message); - } else - fprintf(stderr, "Generic error from server.\n\n"); - return(0); - } - - my_data = (char *)malloc(msg_data.length + 1); - if (!my_data) { - fprintf(stderr, "kadmin_inq: Couldn't allocate space for my_data!\n"); - exit(1); - } - memcpy(my_data, msg_data.data, msg_data.length); - my_data[msg_data.length] = 0; - - /* Print Inquiry Information */ - fprintf(stdout, "%s\n", my_data); - free(my_data); - free(msg_data.data); - - if ((inbuf.data = (char *) calloc(1, 3)) == (char *) 0) { - fprintf(stderr, "inbuf.data allocation error!\n"); - return(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = KADMGOOD; - inbuf.length = 2; - - if (retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - free(msg_data.data); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - print_status_message(&rd_priv_resp, - "Password Inquiry Successful."); - - return(0); -} diff --git a/src/kadmin.old/client/kadmin_mod.c b/src/kadmin.old/client/kadmin_mod.c deleted file mode 100644 index 2a73030d0..000000000 --- a/src/kadmin.old/client/kadmin_mod.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * kadmin/client/kadmin_mod.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_mod - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -void decode_kadmind_reply(); -int print_status_message(); - -krb5_error_code -kadm_mod_user(context, auth_context, my_creds, local_socket, principal) - krb5_context context; - krb5_auth_context auth_context; - krb5_creds *my_creds; - int *local_socket; - char *principal; -{ - krb5_data msg_data, inbuf; - kadmin_requests rd_priv_resp; - char username[755]; - int count; - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - - if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = MODOPER; - inbuf.data[2] = SENDDATA2; - - if (principal && principal[0] != '\0') - strcpy(username, principal); - else { - count = 0; - do { - fprintf(stdout, "\nName of Principal to be Modified: "); - fgets(username, sizeof(username), stdin); - if (username[0] == '\n') - fprintf(stderr, "Invalid Principal name!\n"); - count++; - } - while (username[0] == '\n' && count < 3); - - if (username[0] == '\n') { - fprintf(stderr, "Aborting!!\n\n"); - return(1); - } - - username[strlen(username) -1] = '\0'; - } - - (void) memcpy( inbuf.data + 3, username, strlen(username)); - inbuf.length = strlen(username) + 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - return(1); - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - if (msg_data.data[2] == KADMBAD) { - decode_kadmind_reply(msg_data, &rd_priv_resp); - - if (rd_priv_resp.message) { - fprintf(stderr, "%s\n\n", rd_priv_resp.message); - free(rd_priv_resp.message); - } else - fprintf(stderr, "Generic error from server.\n\n"); - free(msg_data.data); - return(0); - } - free(msg_data.data); - - kadm_snd_mod(context, auth_context, my_creds, local_socket); - - if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - return(1); - } - - - inbuf.data[0] = KADMIN; - inbuf.data[1] = KADMGOOD; - inbuf.data[2] = SENDDATA3; - inbuf.length = 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - free(msg_data.data); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the final private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Final Reply: %s!\n", - error_message(retval)); - retval = 1; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Final Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - - - decode_kadmind_reply(msg_data, &rd_priv_resp); - - free(inbuf.data); - free(msg_data.data); - - print_status_message(&rd_priv_resp, - "Database Modification Successful."); - - return(0); -} diff --git a/src/kadmin.old/client/kadmin_msnd.c b/src/kadmin.old/client/kadmin_msnd.c deleted file mode 100644 index 2f5adae35..000000000 --- a/src/kadmin.old/client/kadmin_msnd.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * kadmin/client/kadmin_msnd.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kadmin_snd_mod - * Perform Remote Kerberos Administrative Functions - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -#ifndef MAXPATHLEN -#define MAXPATHLEN 1024 -#endif - -krb5_error_code -kadm_snd_mod(context, auth_context, my_creds, local_socket) - krb5_context context; - krb5_auth_context auth_context; - krb5_creds *my_creds; - int *local_socket; -{ - krb5_replay_data replaydata; - krb5_error_code retval; /* return code */ - krb5_data msg_data, inbuf; - char mod_type[10]; - char attrib[20]; - char version[10]; - int value; - int valid_command; - int i; - - for ( ; ; ) { - valid_command = 0; -repeat1: -#ifdef SANDIA - fprintf(stdout, "\nParameter Type to be Modified (fcnt, vno, attr, or q): "); -#else - fprintf(stdout, "\nParameter Type to be Modified (vno, attr, or q): "); -#endif - - (void) fgets(mod_type, 10, stdin); - mod_type[strlen(mod_type) - 1] = '\0'; - - if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - if (!strcmp(mod_type, "q")) { - free(inbuf.data); - goto alldone; - } -#ifdef SANDIA - if (!strcmp(mod_type, "fcnt")) { - valid_command = 1; -repeat_cnt: - fprintf(stdout, "\nFailure Count: "); - (void) fgets(version, sizeof(version), stdin); - /* Make sure version is null terminated */ - version[sizeof(version) -1] = '\0'; - /* Strip linefeed */ - if (version[strlen(version) - 1] == '\n') - version[strlen(version) - 1] = '\0'; - if (!strcmp(version, "q")) { - free(inbuf.data); - goto alldone; - } - value = -1; - sscanf(version,"%d",&value); - if (value < 0 || value > 10 ) { - fprintf(stderr, "Value must be between 0 and 10!\n"); - goto repeat_cnt; - } - inbuf.data[3] = KMODFCNT; - (void) memcpy(inbuf.data + 4, version, strlen(version)); - inbuf.length = strlen(version) + 4; - } -#endif - if (!strcmp(mod_type, "vno")) { - valid_command = 1; -repeat2: - fprintf(stdout, "\nVersion Number: "); - (void) fgets(version, sizeof(version), stdin); - /* Make sure version is null terminated */ - version[sizeof(version) -1] = '\0'; - /* Strip linefeed */ - if (version[strlen(version) - 1] == '\n') - version[strlen(version) - 1] = '\0'; - if (!strcmp(version, "q")) { - free(inbuf.data); - goto alldone; - } - value = -1; - sscanf(version,"%d",&value); - if (value < 0 || value > 255 ) { - fprintf(stderr, "Value must be between 0 and 255!\n"); - goto repeat2; - } - inbuf.data[3] = KMODVNO; - (void) memcpy(inbuf.data + 4, version, strlen(version)); - inbuf.length = strlen(version) + 4; - } - - if (!strcmp(mod_type, "attr")) { - valid_command = 1; -repeat3: - fprintf(stdout, "\nAttribute: "); - fgets(attrib, 20, stdin); - attrib[strlen(attrib) - 1] = '\0'; - for (i = 0; attrib[i] != '\0'; i++) - if (isupper(attrib[i])) - attrib[i] = tolower(attrib[i]); - - inbuf.data[3] = KMODATTR; - inbuf.data[4] = BADATTR; - inbuf.length = 5; - if (!strcmp(attrib, "post")) inbuf.data[4] = ATTRPOST; - if (!strcmp(attrib, "nopost")) inbuf.data[4] = ATTRNOPOST; - if (!strcmp(attrib, "forward")) inbuf.data[4] = ATTRFOR; - if (!strcmp(attrib, "noforward")) inbuf.data[4] = ATTRNOFOR; - if (!strcmp(attrib, "tgt")) inbuf.data[4] = ATTRTGT; - if (!strcmp(attrib, "notgt")) inbuf.data[4] = ATTRNOTGT; - if (!strcmp(attrib, "ren")) inbuf.data[4] = ATTRREN; - if (!strcmp(attrib, "noren")) inbuf.data[4] = ATTRNOREN; - if (!strcmp(attrib, "proxy")) inbuf.data[4] = ATTRPROXY; - if (!strcmp(attrib, "noproxy")) inbuf.data[4] = ATTRNOPROXY; - if (!strcmp(attrib, "dskey")) inbuf.data[4] = ATTRDSKEY; - if (!strcmp(attrib, "nodskey")) inbuf.data[4] = ATTRNODSKEY; - if (!strcmp(attrib, "lock")) inbuf.data[4] = ATTRLOCK; - if (!strcmp(attrib, "unlock")) inbuf.data[4] = ATTRUNLOCK; - if (!strcmp(attrib, "svr")) inbuf.data[4] = ATTRSVR; - if (!strcmp(attrib, "nosvr")) inbuf.data[4] = ATTRNOSVR; - -#ifdef SANDIA - if (!strcmp(attrib, "preauth")) inbuf.data[4] = ATTRPRE; - if (!strcmp(attrib, "nopreauth")) inbuf.data[4] = ATTRNOPRE; - if (!strcmp(attrib, "pwok")) inbuf.data[4] = ATTRPWOK; - if (!strcmp(attrib, "pwchange")) inbuf.data[4] = ATTRPWCHG; - if (!strcmp(attrib, "sid")) inbuf.data[4] = ATTRSID; - if (!strcmp(attrib, "nosid")) inbuf.data[4] = ATTRNOSID; -#endif - if (!strcmp(attrib, "q")){ - free(inbuf.data); - goto alldone; - } - if (inbuf.data[4] == BADATTR) { - fprintf(stderr, "Valid Responses are:\n"); - fprintf(stderr, "post/nopost - Allow/Disallow postdating\n"); - fprintf(stderr, "forward/noforward - Allow/Disallow forwarding\n"); - fprintf(stderr, "tgt/notgt - Allow/Disallow initial tickets\n"); - fprintf(stderr, "ren/noren - Allow/Disallow renewable tickets\n"); - fprintf(stderr, - "proxy/noproxy - Allow/Disallow proxiable tickets\n"); - fprintf(stderr, - "dskey/nodskey - Allow/Disallow Duplicate Session Keys\n"); - fprintf(stderr, "lock/unlock - Lock/Unlock client\n"); - fprintf(stderr, - "svr/nosvr - Allow/Disallow Use of Principal as Server\n"); -#ifdef SANDIA - fprintf(stderr, - "preauth/nopreauth - Require/Do Not Require preauthentication\n"); - fprintf(stderr, - "pwok/pwchange - Password is OK/Needs to be changed\n"); - fprintf(stderr, - "sid/nosid - Require/Do Not Require Hardware Authentication\n"); -#endif - fprintf(stderr, "q - Quit from setting attributes.\n"); - goto repeat3; - } - } - - if (!valid_command) { - free(inbuf.data); - fprintf(stderr, "Invalid command - Try Again\n"); - goto repeat1; - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = MODOPER; - inbuf.data[2] = SENDDATA3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)) { - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - /* Ok Now let's get the private message */ - if (retval = krb5_read_message(context, local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - return(1); - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - } /* for */ - -alldone: - if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { - fprintf(stderr, "No memory for command!\n"); - exit(1); - } - - inbuf.data[0] = KADMIN; - inbuf.data[1] = KADMGOOD; - inbuf.data[2] = SENDDATA3; - inbuf.length = 3; - - if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - free(inbuf.data); - return(1); - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, local_socket, &msg_data)) { - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - return(1); - } - free(msg_data.data); - - return(0); -} diff --git a/src/kadmin.old/configure.in b/src/kadmin.old/configure.in deleted file mode 100644 index a757830dd..000000000 --- a/src/kadmin.old/configure.in +++ /dev/null @@ -1,5 +0,0 @@ -AC_INIT(configure.in) -CONFIG_RULES -CONFIG_DIRS(client kpasswd server) -DO_SUBDIRS -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin.old/kpasswd/.Sanitize b/src/kadmin.old/kpasswd/.Sanitize deleted file mode 100644 index 5975c4d0a..000000000 --- a/src/kadmin.old/kpasswd/.Sanitize +++ /dev/null @@ -1,39 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -kpasswd.M -kpasswd.c -networked.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/kadmin.old/kpasswd/.cvsignore b/src/kadmin.old/kpasswd/.cvsignore deleted file mode 100644 index e8c05a6b1..000000000 --- a/src/kadmin.old/kpasswd/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -configure diff --git a/src/kadmin.old/kpasswd/ChangeLog b/src/kadmin.old/kpasswd/ChangeLog deleted file mode 100644 index b17d5415c..000000000 --- a/src/kadmin.old/kpasswd/ChangeLog +++ /dev/null @@ -1,116 +0,0 @@ -Thu Jul 6 17:29:50 1995 Tom Yu - - * kpasswd.c (get_first_ticket): Pass context to os_localaddr. - -Fri Jun 30 14:37:02 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Add --with-dbm to select between Berkeley and - DBM KDC database format. - -Wed Jun 21 10:50:33 1995 - - * kpasswd.c: Change PROTOTYPE -> KRB5_PROTOTYPE - -Tue Jun 20 12:53:59 1995 Tom Yu (tlyu@dragons-lair) - - * kpasswd.c: USE_STRING_H -> HAVE_STRING_H for consistency - * configure.in: added missing check for string.h - -Thu Jun 15 17:50:07 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Change explicit library names to -l form, and - change target link line to use $(LD) and associated flags. - * configure.in - Add shared library usage check. - -Sat Jun 10 23:02:12 1995 Tom Yu (tlyu@dragons-lair) - - * kpasswd.c: krb5_auth_context redefinitions - -Fri Jun 9 19:06:53 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Wed May 24 07:12:08 1995 Ezra Peisach - - * configure.in: Check for stdlib.h. - - * kpasswd.c, networked.c: Include stdlib.h or declare malloc() - -Mon May 22 09:56:42 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Install kpasswd as kpasswd_old. Manpage too. - -Fri Mar 17 15:36:07 1995 Chris Provenzano (proven@mit.edu) - - * kpasswd.c: Cast malloc() return value to shut compiler up. - -Fri Mar 10 11:09:34 1995 Chris Provenzano (proven@mit.edu) - - * kpasswd.c: Use new calling convention for krb5_sendauth(), - krb5_mk_priv(), and krb5_rd_priv(). - -Thu Mar 2 12:25:29 1995 Theodore Y. Ts'o - - * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). - -Wed Mar 1 16:29:34 1995 Theodore Y. Ts'o - - * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket - and -lnsl with WITH_NETLIB check. - -Tue Feb 28 02:21:41 1995 John Gilmore (gnu at toad.com) - - * kpasswd.c: Avoid includes. - -Tue Feb 14 15:30:55 1995 Chris Provenzano (proven@mit.edu) - - * kpasswd.c: Call krb5_sendauth(), krb5_get_credentials() - with new calling convention. - -Fri Feb 10 17:48:05 1995 Theodore Y. Ts'o - - * kpasswd.c: Don't include ; use . - -Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu) - - * kpasswd.c Removed krb5_keytype, changed krb5_enctype to - krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype * - for krb5_get_in_tkt_with_password() rotuine. - -Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) - - * Removed all narrow types and references to wide.h and narrow.h - -Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) - - * Added krb5_context to all krb5_routines - -Tue Dec 27 06:09:03 1994 Richard Basch (probe@tardis) - - * configure.in: - combined KRB5_UTPID, KRB5_UTTYPE, and KRB5_UTHOST - into CHECK_UTMP macro (and added additional checks) - -Fri Nov 18 01:08:39 1994 Mark Eichin - - * configure.in: use new macros KRB5_UTPID, KRB5_UTTYPE, and - KRB5_UTHOST (from epeisach). - -Wed Oct 19 12:18:26 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Look for man page in the source directory. - -Fri Sep 30 22:30:21 1994 Theodore Y. Ts'o (tytso@dcl) - - * kpasswd.c: Add placeholders for magic numbers - -Thu Sep 29 22:40:10 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: relink executable if libraries change - -Tue Aug 9 21:42:02 1994 Tom Yu (tlyu@dragons-lair) - - * networked.c: yet another utent fix - -Sat Jul 16 02:51:25 1994 Tom Yu (tlyu at dragons-lair) - - * kpasswd.c (get_first_ticket): fix error codes - diff --git a/src/kadmin.old/kpasswd/Makefile.in b/src/kadmin.old/kpasswd/Makefile.in deleted file mode 100644 index f1899a1d0..000000000 --- a/src/kadmin.old/kpasswd/Makefile.in +++ /dev/null @@ -1,26 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -all:: - -SRCS = \ - $(srcdir)/networked.c \ - $(srcdir)/kpasswd.c - -OBJS = \ - networked.o \ - kpasswd.o - - -all:: kpasswd - -kpasswd: $(OBJS) $(DEPLIBS) - $(LD) $(LDFLAGS) $(LDARGS) -o kpasswd $(OBJS) $(LIBS) - -install:: - $(INSTALL_PROGRAM) $(C)kpasswd ${DESTDIR}$(CLIENT_BINDIR)$(S)kpasswd_old - $(INSTALL_DATA) $(srcdir)$(S)kpasswd.M ${DESTDIR}$(CLIENT_MANDIR)$(S)kpasswd_old.1 - - -clean:: - $(RM) kpasswd - diff --git a/src/kadmin.old/kpasswd/configure.in b/src/kadmin.old/kpasswd/configure.in deleted file mode 100644 index ebbe1031e..000000000 --- a/src/kadmin.old/kpasswd/configure.in +++ /dev/null @@ -1,11 +0,0 @@ -AC_INIT(kpasswd.c) -CONFIG_RULES -AC_PROG_INSTALL -AC_HAVE_HEADERS(unistd.h string.h stdlib.h) -CHECK_UTMP -AC_FUNC_CHECK(getutent,AC_DEFINE(HAVE_GETUTENT)) -ET_RULES -USE_KDB5_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin.old/kpasswd/kpasswd.M b/src/kadmin.old/kpasswd/kpasswd.M deleted file mode 100644 index f4e625896..000000000 --- a/src/kadmin.old/kpasswd/kpasswd.M +++ /dev/null @@ -1 +0,0 @@ -.\" this should not be empty diff --git a/src/kadmin.old/kpasswd/kpasswd.c b/src/kadmin.old/kpasswd/kpasswd.c deleted file mode 100644 index c18fa3e46..000000000 --- a/src/kadmin.old/kpasswd/kpasswd.c +++ /dev/null @@ -1,830 +0,0 @@ -/* - * kadmin/kpasswd/kpasswd.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * change your password with kerberos - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * kpasswd - * change your password with Version 5 Kerberos - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "krb5.h" -#ifdef HAVE_STRING_H -#include -#else -#include -#endif -#include "com_err.h" -#include "adm_defs.h" - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -#ifndef MAXPATHLEN -#define MAXPATHLEN 1024 -#endif - -static krb5_error_code adm5_init_link - KRB5_PROTOTYPE((krb5_context, - krb5_data *, - int *)); - -static krb5_error_code get_first_ticket - KRB5_PROTOTYPE((krb5_context, - krb5_ccache, - krb5_principal, - krb5_creds *)); - -krb5_error_code print_and_choose_password - KRB5_PROTOTYPE((char *, krb5_data *)); - -struct sockaddr_in local_sin, remote_sin; - - -extern char *krb5_default_pwd_prompt1; - -main(argc,argv) - int argc; - char *argv[]; -{ - krb5_context context; - krb5_ccache cache = NULL; - char cache_name[255]; - krb5_flags cc_flags; - - krb5_address local_addr, foreign_addr; - - struct passwd *pw; - - krb5_principal client; - - char default_name[256]; - char *client_name; /* Single string representation of client id */ - - krb5_data requested_realm; - - char input_string[768]; - - krb5_error_code retval; /* return code */ - - int local_socket; - - krb5_error *err_ret; - krb5_ap_rep_enc_part *rep_ret; - - kadmin_requests rd_priv_resp; - - krb5_data msg_data, inbuf; - krb5_int32 seqno; - - krb5_creds my_creds, * new_creds; - char *new_password; - int new_pwsize; - - krb5_auth_context new_auth_context; - krb5_replay_data replaydata; - -#ifdef SANDIA - extern int networked(); - int krb_secure; - struct stat statbuf; -#endif /* SANDIA */ - -#ifdef SANDIA /* Allow or Disallow Remote Clients to Modify Passwords */ -/* - * If a Client Modifies a Password using kpasswd on this host - * from a remote host or network terminal, the Password selected - * is transmitted across the network in Cleartext. - * - * The systems administrator can disallow "remote" kpasswd usage by - * creating the file "/etc/krb.secure" - */ - - krb_secure = 0; -/* - * First check to see if the file /etc/krb.secure exists. - * If it does then krb_secure to 1. - */ - - if (stat("/etc/krb.secure", &statbuf) == 0) krb_secure = 1; - -/* - * Check to see if this process is tied to a physical terminal. - * Network() verifies the terminal device is not a pseudo tty - */ - if (networked() && krb_secure) { - fprintf(stderr,"Sorry but you cannot %s from a\n", argv[0]); - fprintf(stderr," pseudo tty terminal!\n"); - retval = 1; - goto finish; - } -#endif - - /* (3 * 255) + 1 (/) + 1 (@) + 1 (NULL) */ - if ((client_name = (char *) calloc (1, (3 * 256))) == NULL) { - fprintf(stderr, "No Memory for Client_name!\n"); - retval = 1; - goto finish; - } - - if ((requested_realm.data = (char *) calloc (1, 256)) == NULL) { - fprintf(stderr, "No Memory for realm_name!\n"); - retval = 1; - free(client_name); - goto finish; - } - - krb5_init_context(&context); - krb5_init_ets(context); - memset((char *) default_name, 0, sizeof(default_name)); - - switch (argc) { - case 1: /* No User Specified */ - - /* Identify Default Credentials Cache */ - if ((retval = krb5_cc_default(context, &cache))) { - fprintf(stderr, "Error while getting default ccache!\n"); - goto finish; - } - -/* - * Attempt to Modify Credentials Cache - * retval == 0 ==> ccache Exists - Use It - * retval == ENOENT ==> No Entries, but ccache Exists - * retval != 0 ==> Assume ccache does NOT Exist - */ - cc_flags = 0; - if ((retval = krb5_cc_set_flags(context, cache, cc_flags))) { - /* Search passwd file for client */ - pw = getpwuid((int) getuid()); - if (pw) { - (void) strcpy(default_name, pw->pw_name); - } else { - fprintf(stderr, - "Unable to Identify Customer from Password File!\n"); - retval = 1; - goto finish; - } - - /* Use this to get default_realm and format client_name */ - if ((retval = krb5_parse_name(context,default_name, &client))) { - fprintf(stderr, "Unable to Parse Client Name!\n"); - goto finish; - } - - if ((retval = krb5_unparse_name(context,client,&client_name))) { - fprintf(stderr, "Unable to Parse Client Name!\n"); - goto finish; - } - - requested_realm.length = client->realm.length; - memcpy((char *) requested_realm.data, - (char *) client->realm.data, - requested_realm.length); - } else { - /* Read Client from Cache */ - if ((retval = krb5_cc_get_principal(context, cache, - (krb5_principal *) &client))) { - fprintf(stderr, - "Unable to Read Customer Credentials File!\n"); - goto finish; - } - - if ((retval = krb5_unparse_name(context,client,&client_name))) { - fprintf(stderr, "Unable to Parse Client Name!\n"); - goto finish; - } - - requested_realm.length = client->realm.length; - memcpy((char *) requested_realm.data, - (char *) client->realm.data, - requested_realm.length); - - (void) krb5_cc_close(context, cache); - } - break; - - case 2: /* Client Gave us a Token - Use it */ - /* Hand Parse Entry */ - strcpy(input_string, argv[1]); - - if (retval = krb5_parse_name(context, input_string, &client)) { - fprintf(stderr, "Error Parsing -u option contents!\n"); - exit(0); - } - requested_realm.length = client->realm.length; - memcpy((char *) requested_realm.data, - (char *) client->realm.data, - requested_realm.length); - - break; - - default: - usage(); - break; - } - - /* Create credential cache for changepw */ - (void) sprintf(cache_name, "FILE:/tmp/tkt_cpw_%d", getpid()); - - if ((retval = krb5_cc_resolve(context, cache_name, &cache))) { - fprintf(stderr, "Unable to Resolve Cache: %s\n", cache_name); - } - - if ((retval = krb5_cc_initialize(context, cache, client))) { - fprintf(stderr, "Error initializing cache: %s\n", cache_name); - goto finish; - } - -/* - * Verify User by Obtaining Initial Credentials prior to Initial Link - */ - - if ((retval = get_first_ticket(context, cache, client, &my_creds))) { - goto finish; - } - - /* Initiate Link to Server */ - if ((retval = adm5_init_link(context, &requested_realm, &local_socket))) { - goto finish; - } - -#ifdef unicos61 -#define SIZEOF_INADDR SIZEOF_in_addr -#else -#define SIZEOF_INADDR sizeof(struct in_addr) -#endif - - /* V4 kpasswd Protocol Hack */ - { - int msg_length = 0; - - retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2); - if (retval < 0) { - fprintf(stderr, "krb5_net_write failure!\n"); - goto finish; - } - - } - - local_addr.addrtype = ADDRTYPE_INET; - local_addr.length = SIZEOF_INADDR ; - local_addr.contents = (krb5_octet *)&local_sin.sin_addr; - - foreign_addr.addrtype = ADDRTYPE_INET; - foreign_addr.length = SIZEOF_INADDR ; - foreign_addr.contents = (krb5_octet *)&remote_sin.sin_addr; - - krb5_auth_con_init(context, &new_auth_context); - krb5_auth_con_setflags(context, new_auth_context, - KRB5_AUTH_CONTEXT_RET_SEQUENCE); - - krb5_auth_con_setaddrs(context, new_auth_context, - &local_addr, &foreign_addr); - - /* call Kerberos library routine to obtain an authenticator, - pass it over the socket to the server, and obtain mutual - authentication. */ - - inbuf.data = ADM_CPW_VERSION; - inbuf.length = strlen(ADM_CPW_VERSION); - - if ((retval = krb5_sendauth(context, &new_auth_context, - (krb5_pointer) &local_socket, - ADM_CPW_VERSION, - my_creds.client, - my_creds.server, - AP_OPTS_MUTUAL_REQUIRED, - &inbuf, - NULL, - cache, - &err_ret, - &rep_ret, NULL))) { - fprintf(stderr, "Error while performing sendauth: %s!\n", - error_message(retval)); - goto finish; - } - - /* Get credentials : to use for safe and private messages */ - /* No need to pass my_creds because it's uninizialized. */ - if (retval = krb5_get_credentials(context,0,cache,&my_creds,&new_creds)){ - fprintf(stderr, "Error Obtaining Credentials: %s!\n", - error_message(retval)); - goto finish; - } - - /* Read back what the server has to say... */ - - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, " Read Message Error: %s!\n", - error_message(retval)); - goto finish; - } - if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) || - (inbuf.data[1] != KADMSAG)){ - fprintf(stderr, " Invalid ack from admin server.\n"); - goto finish; - } - - inbuf.length = 2; - inbuf.data[0] = KPASSWD; - inbuf.data[1] = CHGOPER; - if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during First Message Encoding: %s!\n", - error_message(retval)); - goto finish; - } - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, &local_socket, &msg_data)){ - fprintf(stderr, "Write Error During First Message Transmission!\n"); - retval = 1; - goto finish; - } - free(msg_data.data); - -#ifdef MACH_PASS /* Machine-generated Passwords */ - /* Ok Now let's get the private message */ - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, "Read Error During First Reply: %s!\n", - error_message(retval)); - retval = 1; - goto finish; - } - - if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during First Read Decoding: %s!\n", - error_message(retval)); - goto finish; - } - free(inbuf.data); -#endif - - if ((new_password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == NULL) { - fprintf(stderr, "Unable to Allocate Space for New Password!\n"); - goto finish; - } - -#ifdef MACH_PASS /* Machine-generated passwords */ - /* Offer Client Password Choices */ - if ((retval = print_and_choose_password(new_password, - &msg_data))) { - (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1); - free(new_password); - goto finish; - } -#else - new_pwsize = ADM_MAX_PW_LENGTH+1; - putchar('\n'); - if ((retval = krb5_read_password(context, - "Enter new password: ", - "Re-enter new password for verification: ", - new_password, - &new_pwsize))) { - fprintf(stderr, "Error while reading new password for '%s'", - client_name); - (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1); - free(new_password); - goto finish; - } - if (new_pwsize == 0) { - fprintf(stderr, "A null password is not allowed!\n"); - free(new_password); - goto finish; - } -#endif - - inbuf.data = new_password; - inbuf.length = strlen(new_password); - - if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Message Encoding: %s!\n", - error_message(retval)); - goto finish; - } - memset(inbuf.data,0,inbuf.length); - free(inbuf.data); - - /* write private message to server */ - if (krb5_write_message(context, &local_socket, &msg_data)){ - fprintf(stderr, "Write Error During Second Message Transmission!\n"); - retval = 1; - goto finish; - } - free(msg_data.data); - - /* Ok Now let's get the private message */ - if (retval = krb5_read_message(context, &local_socket, &inbuf)){ - fprintf(stderr, "Read Error During Second Reply: %s!\n", - error_message(retval)); - retval = 1; - goto finish; - } - - if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, - &msg_data, &replaydata))) { - fprintf(stderr, "Error during Second Read Decoding :%s!\n", - error_message(retval)); - goto finish; - } - - rd_priv_resp.appl_code = msg_data.data[0]; - rd_priv_resp.oper_code = msg_data.data[1]; - rd_priv_resp.retn_code = msg_data.data[2]; - if (msg_data.length > 3 && msg_data.data[3]) { - rd_priv_resp.message = (char *)malloc(msg_data.length - 2); - if (rd_priv_resp.message) { - memcpy(rd_priv_resp.message, msg_data.data + 3, - msg_data.length - 3); - rd_priv_resp.message[msg_data.length - 3] = 0; - } - } else - rd_priv_resp.message = NULL; - - - free(inbuf.data); - free(msg_data.data); - if (rd_priv_resp.appl_code == KPASSWD) { - if (rd_priv_resp.retn_code == KPASSGOOD) - printf("\n\nPassword changed.\n\n"); - else if (rd_priv_resp.retn_code == KPASSBAD) { - if (rd_priv_resp.message) - fprintf(stderr, "%s\n", rd_priv_resp.message); - else - fprintf(stderr, "Server returned KPASSBAD.\n"); - } else - fprintf(stderr, "Server returned unknown kerberos code.\n"); - } else - fprintf(stderr, "Server returned bad application code %d\n", - rd_priv_resp.appl_code); - - if (rd_priv_resp.message) - free(rd_priv_resp.message); - - finish: - - (void) krb5_cc_destroy(context, cache); - - free(client_name); - free(requested_realm.data); - - if (retval) { - fprintf(stderr, "\n\nProtocol Failure - Password NOT changed\n\n"); - exit(1); - } - - printf("\n\nPassword changed.\n\n"); - - exit(0); -} - - - -krb5_data cpwname = { - 0, - sizeof(CPWNAME)-1, - CPWNAME -}; - -static krb5_error_code -get_first_ticket(context, cache, client, my_creds) - krb5_context context; - krb5_ccache cache; - krb5_principal client; - krb5_creds *my_creds; -{ - char prompt[255]; /* for the password prompt */ - char pword[ADM_MAX_PW_LENGTH+1]; /* storage for the password */ - char *old_password; - int old_pwsize; - int i; - - krb5_address **my_addresses; - - char *client_name; - krb5_error_code retval; - - if ((retval = krb5_unparse_name(context, client, &client_name))) { - fprintf(stderr, "Unable to Unparse Client Name\n"); - return(1); - } - - (void) sprintf(prompt,"Old password for %s: ", (char *) client_name); - - if ((retval = krb5_os_localaddr(context, &my_addresses))) { - fprintf(stderr, "Unable to Get Customers Address\n"); - return(1); - } - - memset((char *) my_creds, 0, sizeof(krb5_creds)); - - my_creds->client = client; - - if ((retval = krb5_build_principal_ext(context, &my_creds->server, - client->realm.length, - client->realm.data, - cpwname.length, /* 6 */ - cpwname.data, /* "kadmin" */ - client->realm.length, - /* instance is local realm */ - client->realm.data, - 0))) { - fprintf(stderr, "Error %s while building server name\n", - error_message(retval)); - return(1); - } - - - if ((old_password = (char *) calloc (1, 255)) == NULL) { - fprintf(stderr, "No Memory for Retrieving old password\n"); - return(1); - } - - old_pwsize = 255; - if ((retval = krb5_read_password(context, - prompt, - 0, - old_password, - &old_pwsize))) { - fprintf(stderr, "Error while reading password for '%s'", - client_name); - return(1); - } - - retval = krb5_get_in_tkt_with_password(context, 0,/* options */ - my_addresses, - NULL, /* Default encryption list */ - NULL, /* Default preauth list */ - old_password, cache, my_creds, 0); - - if (retval) { - fprintf(stderr, "\nUnable to Get Initial Credentials : %s %d\n", - error_message(retval),retval); - } - - /* Do NOT Forget to zap password */ - memset((char *) old_password, 0, old_pwsize); - free(old_password); - memset((char *) pword, 0, sizeof(pword)); - return(retval); -} - -#ifdef MACH_PASS /* Machine-generated Passwords */ -krb5_error_code -print_and_choose_password(new_password, decodable_pwd_string) - char * new_password; - krb5_data * decodable_pwd_string; -{ -krb5_error_code retval; - krb5_pwd_data *pwd_data; - passwd_phrase_element **next_passwd_phrase_element; - char prompt[255]; - int i, j, k; - int legit_pswd = 0; /* Assume No Legitimate Password */ - char *password_list[ADM_MAX_PW_CHOICES]; - char verification_passwd[ADM_MAX_PW_LENGTH+1]; - /* char new_passwd[ADM_MAX_PW_LENGTH]; */ - char phrase_in[ADM_MAX_PHRASE_LENGTH]; - int new_passwd_length; - char *ptr; - int verify = 0; /* Do Not Request Password Selection Verification */ - int ok = 0; - -#define free_local_password_list() \ -{ for ( k = 0; k < i && k < ADM_MAX_PW_CHOICES; k++) { \ - (void) memset(password_list[k], 0, ADM_MAX_PW_LENGTH); \ - free(password_list[k]); } \ -} - - /* Decode Password and Phrase Information Obtained from krb5_rd_priv */ - if ((retval = decode_krb5_pwd_data(decodable_pwd_string , &pwd_data))) { - fprintf(stderr, "Unable to Decode Passwords and Phrases\n"); - fprintf(stderr, " Notify your System Administrator or the "); - fprintf(stderr, "Kerberos Administrator\n"); - return(1); - } - - next_passwd_phrase_element = pwd_data->element; - /* Display List in 5 Password/Phrase Increments up to MAX Iterations */ - memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH); - for ( j = 0; j <= ADM_MAX_PW_ITERATIONS; j++) { - if (j == ADM_MAX_PW_ITERATIONS) { - fprintf(stderr, "\n\nSorry - You Have Exceeded the List of "); - fprintf(stderr, "Choices (%d) Allowed for Password\n", - ADM_MAX_PW_ITERATIONS * ADM_MAX_PW_CHOICES); - fprintf(stderr, " Modification. You Must Repeat this "); - fprintf(stderr, "Operation in order to Successfully\n"); - fprintf(stderr, " Change your Password.\n"); - break; - } - - display_print: - printf("\n\nChoose a password from the following list:\n"); - - printf("\n\nPassword Remembrance Aid\n\n\n"); - - /* Print Passwords and Assistance Phrases List */ - for ( i = 0; i < ADM_MAX_PW_CHOICES; i++){ - if ((password_list[i] = (char *) calloc (1, - ADM_MAX_PW_LENGTH + 1)) == NULL) { - fprintf(stderr, "Unable to Allocate Password List.\n"); - return(1); - } - - memcpy(password_list[i], - (*next_passwd_phrase_element)->passwd->data, - (*next_passwd_phrase_element)->passwd->length); - printf("%s ", password_list[i]); - - memcpy((char *) phrase_in, - (*next_passwd_phrase_element)->phrase->data, - (*next_passwd_phrase_element)->phrase->length); - for ( k = 0; - k < 50 && k < (*next_passwd_phrase_element)->phrase->length; - k++) { - printf("%c", phrase_in[k]); - } - for ( k = k; - k < 70 && k < (*next_passwd_phrase_element)->phrase->length; - k++) { - if (phrase_in[k] == ' ') { - printf("\n "); - k++; - break; - } else { - printf("%c", phrase_in[k]); - } - } - for ( k = k; - k < (*next_passwd_phrase_element)->phrase->length; - k++) { - printf("%c", phrase_in[k]); - } - printf("\n\n"); - memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH); - next_passwd_phrase_element++; - } - - sprintf(prompt, - "\n\nEnter Password Selection or a to get new list: "); - - new_passwd_length = ADM_MAX_PW_LENGTH+1; - /* Read New Password from Terminal (Do Not Print on Screen) */ - if ((retval = krb5_read_password(context, &prompt[0], 0, - new_password, &new_passwd_length))) { - fprintf(stderr, - "\nError Reading Password Input or Input Aborted\n"); - free_local_password_list(); - break;; - } - - /* Check for ==> Provide a New List */ - if (new_passwd_length == 0) continue; - - /* Check that Selection is from List - Server also does this */ - legit_pswd = 0; - for (i = 0; i < ADM_MAX_PW_CHOICES && !legit_pswd; i++) - if ((retval = memcmp(new_password, - password_list[i], 8)) == 0) { - legit_pswd++; - } - free_local_password_list(); - - if (!(legit_pswd)) { - printf("\n\07\07Password must be from the specified list "); - printf("- Try Again!\n"); - } - - if (legit_pswd) break; /* Exit Loop */ - } /* ADM_MAX_PW_CHOICES Loop */ - - if (!(legit_pswd)) return (1); - - return(0); /* SUCCESS */ -} -#endif - -static krb5_error_code -adm5_init_link(context, realm_of_server, local_socket) - krb5_context context; - krb5_data *realm_of_server; - int * local_socket; -{ - struct servent *service_process; /* service we will talk to */ - struct hostent *remote_host; /* host we will talk to */ - - char **hostlist; - - int host_count; - int namelen; - int i, count; - - krb5_error_code retval; - - /* clear out the structure first */ - (void) memset((char *)&remote_sin, 0, sizeof(remote_sin)); - - if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) { - fprintf(stderr, "Unable to find Service (%s) Check services file\n", - CPW_SNAME); - return(1); - } - - /* Copy the Port Number */ - remote_sin.sin_port = service_process->s_port; - - hostlist = 0; - - /* Identify all Hosts Associated with this Realm */ - if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) { - fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name\n"); - return(1); - } - - for (i=0; hostlist[i]; i++); - - count = i; - - if (count == 0) { - host_count = 0; - fprintf(stderr, "No hosts found\n"); - return(1); - } - - for (i=0; hostlist[i]; i++) { - remote_host = gethostbyname(hostlist[i]); - if (remote_host != 0) { - - /* set up the address of the foreign socket for connect() */ - remote_sin.sin_family = remote_host->h_addrtype; - (void) memcpy((char *) &remote_sin.sin_addr, - (char *) remote_host->h_addr, - sizeof(remote_host->h_addr)); - break; /* Only Need one */ - } - } - - free ((char *)hostlist); - - /* open a TCP socket */ - *local_socket = socket(PF_INET, SOCK_STREAM, 0); - if (*local_socket < 0) { - fprintf(stderr, "Cannot Open Socket\n"); - return(1); - } - /* connect to the server */ - if (connect(*local_socket, (struct sockaddr *) &remote_sin, sizeof(remote_sin)) < 0) { - fprintf(stderr, "Cannot Connect to Socket\n"); - close(*local_socket); - return(1); - } - - /* find out who I am, now that we are connected and therefore bound */ - namelen = sizeof(local_sin); - if (getsockname(*local_socket, - (struct sockaddr *) &local_sin, &namelen) < 0) { - fprintf(stderr, "Cannot Perform getsockname\n"); - close(*local_socket); - return(1); - } - return(0); -} - -usage() -{ - fprintf(stderr, "Usage: "); - fprintf(stderr, "kpasswd [name]\n"); - exit(0); -} diff --git a/src/kadmin.old/kpasswd/networked.c b/src/kadmin.old/kpasswd/networked.c deleted file mode 100644 index be2aa8491..000000000 --- a/src/kadmin.old/kpasswd/networked.c +++ /dev/null @@ -1,228 +0,0 @@ -/* Networked */ -/* */ -/* Written by: Glenn Machin 2931 */ -/* Originated: Nov 12, 1990 */ -/* Description: */ -/* */ -/* This program/routine exits/returns with a status 1 if */ -/* the terminal associated with the current process is */ -/* connected from a remote host, otherwise exits/returns */ -/* with a value of 0. */ -/* */ -/* This program/routine makes some basic assumptions about */ -/* utmp: */ -/* *The login process, rcmd, or window application */ -/* makes an entry into utmp for all currents */ -/* users. */ -/* *For entries in which the users have logged in */ -/* locally. The line name is not a pseudo tty */ -/* device. */ -/* *For X window application in which */ -/* the device is a pseudo tty device but the */ -/* display is the local system, then the ut_host */ -/* has the format system_name:0.0 or :0.0. */ -/* All other entries will be assumed to be */ -/* networked. */ -/* */ -/* Changes: 11/15/90 Check for file /etc/krb.secure. */ -/* If it exists then perform network */ -/* check, otherwise return 0. */ -/****************************************************************/ -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#ifndef _TYPES_ -#include -#ifndef _TYPES_ -#define _TYPES_ -#endif -#endif -#include -#include - -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -#ifndef MAXHOSTNAME -#define MAXHOSTNAME 64 -#endif - -#ifdef NO_UT_PID - -static int utfile; - -#include - -static void kadmin_setutent() -{ - utfile = open("/etc/utmp",O_RDONLY); -} - -static struct utmp * kadmin_getutline(utmpent) -struct utmp *utmpent; -{ - static struct utmp tmputmpent; - int found = 0; - while ( read(utfile,&tmputmpent,sizeof(struct utmp)) > 0 ){ - if ( strcmp(tmputmpent.ut_line,utmpent->ut_line) == 0){ -#ifdef NO_UT_HOST - if ( ( 1) && -#else - if ( (strcmp(tmputmpent.ut_host,"") == 0) && -#endif - (strcmp(tmputmpent.ut_name,"") == 0)) continue; - found = 1; - break; - } - } - if (found) - return(&tmputmpent); - return((struct utmp *) 0); -} - -static void kadmin_endutent() -{ - close(utfile); -} -#else -#define kadmin_setutent setutent -#define kadmin_getutline getutline -#define kadmin_endutent endutent -#endif /* defined(HAVE_GETUTENT) && !defined(NO_UT_PID) */ - - -int network_connected() -{ -struct utmp utmpent; -struct utmp retutent, *tmpptr; -char *display_indx; -char currenthost[MAXHOSTNAME]; -char *username,*tmpname; - - -/* Macro for pseudo_tty */ -#define pseudo_tty(ut) \ - ((strncmp((ut).ut_line, "tty", 3) == 0 && ((ut).ut_line[3] == 'p' \ - || (ut).ut_line[3] == 'q' \ - || (ut).ut_line[3] == 'r' \ - || (ut).ut_line[3] == 's'))\ - || (strncmp((ut).ut_line, "pty", 3) == 0)) - - /* Check to see if getlogin returns proper name */ - if ( (tmpname = (char *) getlogin()) == (char *) 0) return(1); - username = (char *) malloc(strlen(tmpname) + 1); - if ( username == (char *) 0) return(1); - strcpy(username,tmpname); - - /* Obtain tty device for controlling tty of current process.*/ - strncpy(utmpent.ut_line,ttyname(0) + strlen("/dev/"), - sizeof(utmpent.ut_line)); - - /* See if this device is currently listed in /etc/utmp under - calling user */ -#ifndef NO_UT_TYPE - utmpent.ut_type = USER_PROCESS; -#define ut_name ut_user -#endif - kadmin_setutent(); - while ( (tmpptr = (struct utmp *) kadmin_getutline(&utmpent)) - != ( struct utmp *) 0) { - - /* If logged out name and host will be empty */ - if ((strcmp(tmpptr->ut_name,"") == 0) && -#ifdef NO_UT_HOST - ( 1)) continue; -#else - (strcmp(tmpptr->ut_host,"") == 0)) continue; -#endif - else break; - } - if ( tmpptr == (struct utmp *) 0) { - kadmin_endutent(); - return(1); - } - memcpy((char *)&retutent,(char *)tmpptr,sizeof(struct utmp)); - kadmin_endutent(); -#ifdef DEBUG -#ifdef NO_UT_HOST - printf("User %s on line %s :\n", - retutent.ut_name,retutent.ut_line); -#else - printf("User %s on line %s connected from host :%s:\n", - retutent.ut_name,retutent.ut_line,retutent.ut_host); -#endif -#endif - if (strcmp(retutent.ut_name,username) != 0) { - return(1); - } - - - /* If this is not a pseudo tty then everything is OK */ - if (! pseudo_tty(retutent)) return(0); - - /* OK now the work begins there is an entry in utmp and - the device is a pseudo tty. */ - - /* Check if : is in hostname if so this is xwindow display */ - - if (gethostname(currenthost,sizeof(currenthost))) return(1); -#ifdef NO_UT_HOST - display_indx = (char *) 0; -#else - display_indx = (char *) strchr(retutent.ut_host,':'); -#endif - if ( display_indx != (char *) 0) { - /* - We have X window application here. The host field should have - the form => local_system_name:0.0 or :0.0 - if the window is being displayed on the local system. - */ -#ifdef NO_UT_HOST - return(1); -#else - if (strncmp(currenthost,retutent.ut_host, - (display_indx - retutent.ut_host)) != 0) return(1); - else return(0); -#endif - } - - /* Host field is empty or is not X window entry. At this point - we can't trust that the pseudo tty is not connected to a - networked process so let's return 1. - */ - return(1); -} - -#ifdef NOTKERBEROS -main(argc,argv) -int argc; -char **argv; -{ - if (network_connected()){ -#ifdef DEBUG - printf("Networked\n"); -#endif - exit(1); - } - else { -#ifdef DEBUG - printf("Not networked\n"); -#endif - exit(0); - } -} -#else -int networked() -{ - return(network_connected()); -} -#endif diff --git a/src/kadmin.old/server/.Sanitize b/src/kadmin.old/server/.Sanitize deleted file mode 100644 index 637718506..000000000 --- a/src/kadmin.old/server/.Sanitize +++ /dev/null @@ -1,54 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -adm_adm_func.c -adm_check.c -adm_extern.c -adm_extern.h -adm_fmt_inq.c -adm_funcs.c -adm_kadmin.c -adm_kpasswd.c -adm_listen.c -adm_msgs.c -adm_nego.c -adm_network.c -adm_parse.c -adm_process.c -adm_server.c -adm_v4_pwd.c -admin_acl_file -configure -configure.in -kadmind.M - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/kadmin.old/server/.cvsignore b/src/kadmin.old/server/.cvsignore deleted file mode 100644 index e8c05a6b1..000000000 --- a/src/kadmin.old/server/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -configure diff --git a/src/kadmin.old/server/ChangeLog b/src/kadmin.old/server/ChangeLog deleted file mode 100644 index 988b23219..000000000 --- a/src/kadmin.old/server/ChangeLog +++ /dev/null @@ -1,302 +0,0 @@ -Tue Dec 19 17:24:13 1995 Theodore Y. Ts'o - - * adm_server.c (kdc_com_err_proc): Don't use vsyslog; use syslog - instead. Fixed lint flames. - -Wed Dec 13 03:51:53 1995 Chris Provenzano (proven@mit.edu) - - * adm_funcs.c : Remove mkvno for krb5_db_entry - -Mon Oct 2 14:50:57 1995 Ezra Peisach - - * adm_v4_pwd.c: Changes to work under OSF/1. - -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * adm_adm_func.c, adm_fmt_inq.c, adm_funcs.c, adm_process.c, - * adm_server.c adm_v4_pwd.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * adm_adm_func.c, adm_fmt_inq.c, adm_funcs.c, adm_process.c, - * adm_server.c, adm_v4_pwd.c adm_v4_pwd.c: Remove krb5_enctype - references, and replace with krb5_keytype where appropriate. - -Mon Aug 21 17:05:18 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_server.c - Change dbm_db_set_name to db_set_name. Interpret -k - and -e arguments as strings instead of string representations - of integers (e.g. des-cbc-md5). Fix gcc -Wall. - * adm_extern.h - Add prototype of closedown_network() for gcc -Wall. - - -Tue Aug 15 14:29:26 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_{adm_func,fmt_inq,funcs,process,server}.c, adm_extern.h - Replace - adm_find_keytype() with krb5_dbe_find_keytype(). - - -Thu Aug 10 14:38:14 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_funcs.c - Rework adm_modify_kdb() to use kdb5's change-password - interfaces. Gut callers of adm_modify_kdb() because most of - the work is done in kdb_cpw.c. Add adm_find_keytype and adm_ - update_tl_attrs. - * adm_extern.h - Add prototypes for adm_find_keytype() and adm_update_ - tl_attrs(). - * adm_adm_func, adm_fmt_inq.c - Use adm_find_keytype() to locate the - key_data entry for a particular key/salt type instead of - assuming that it's always in the first slot. Actually handle - mod_name and mod_date now. - * adm_process, adm_server.c - Find the latest DES key for use instead - of assuming that it's in the first slot. - -Thu Aug 3 11:46:10 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_{adm_func,fmt_inq,funcs,process,server}.c - In order to get - things to compile, replace "salt_type" with "key_data[0]. - key_data_type[1]", "kvno" with "key_data[0].key_data_kvno" - blindly. Also #ifdef out anything having to do with mod_name - mod_date and last_pwd_change. Change "principal" to "princ" - and remove or replace references to "key" and "alt_key". - - -Mon Jul 17 15:11:40 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_server.c - Add NULL stash file argument to krb5_db_fetch_mkey(). - - -Fri Jul 7 16:03:56 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove all explicit library handling and LDFLAGS. - * configure.in - Add USE_ and KRB5_LIBRARIES. - - -Fri Jun 30 14:37:32 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Add --with-dbm to select between Berkeley and DBM - KDC database format. - - -Tue Jun 27 16:10:19 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_parse.c - Give compiler something to compile if SANDIA is not - defined. Some compilers choke when nothing to compile. - * adm_process.c - Cast 4th argument of setsockopt(2) to be const char * - - -Thu Jun 22 11:54:31 EDT 1995 Paul Park (pjpark@mit.edu) - * adm_server.c - Change KDB_CONVERT_KEY_OUTOF_DB to decrypt_key call. - - -Thu Jun 15 17:51:04 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Change explicit library names to -l form, and - change target link line to use $(LD) and associated flags. - Also, remove DBMLIB, it was not used. - * configure.in - Remove dbm library checks, these are no longer needed - with the Berkeley database code. Also, add shared library - usage check. - -Sat Jun 10 23:02:30 1995 Tom Yu (tlyu@dragons-lair) - - * adm_adm_func.c, adm_extern.h, adm_funcs.c, adm_kadmin.c, - adm_kpasswd.c, adm_nego.c, adm_process.c: krb5_auth_context - redefinitions - -Fri Jun 9 19:06:45 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Wed May 24 07:22:10 1995 Ezra Peisach - - * adm_network.c (setup_network): Cast sockaddr_in * to sockaddr * - in call to bind. - -Mon May 22 09:57:08 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Install kadmind as kadmind_old. Manpage too. - -Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu) - - * adm_process.c: (krb5_recvauth()): No longer needs the rc_type arg. - -Sat Apr 29 00:24:48 1995 Theodore Y. Ts'o - - * adm_network.c (setup_network): Use sigaction() instead of - signal() to setup the signal handlers. This means we - don't need to worry about System V signal semantics. - -Fri Apr 28 21:16:10 1995 Theodore Y. Ts'o - - * adm_server.c (kdc_com_err_proc): Free nfmt after done using it. - - * Makefile.in (kadmind): Use $(LD) instead of $(CC) so that we can - do purify checking. - -Thu Apr 27 12:21:38 1995 Mark Eichin - - * Makefile.in (kadmind): don't reference K4LIB since we don't set - or use it. - -Wed Apr 26 11:29:07 1995 Mark Eichin - - * configure.in: need HAS_ANSI_VOLATILE for signal_requests_exit. - -Fri Apr 21 13:11:00 1995 Mark Eichin - - From Ian Taylor . Makes kadmind use -r for both - the database name and the service name, eliminating an - installation hassle. - * adm_extern.h: declare realm. - * adm_server.c: define realm. - (process_args): change db_realm to realm. - * adm_network.c (setup_network): use the preset realm, not the - default realm. - -Thu Apr 20 18:05:00 1995 Mark Eichin - - Changes from Ian Taylor to support testsuite. - * adm_extern.h: declare admin_port. - * adm_extern.c: define admin_port. - * adm_server.c (process_args): set admin_port from -p command line - argument. - (usage): document -p port option. - * adm_network.c (setup_network): use admin_port if set. - -Thu Apr 20 11:47:53 1995 - - * adm_extern.h: #include adm_defs.h, since that's no longer - included by krb5.h - -Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) - - * adm_process.c, adm_kadmin.c, adm_adm_func.c, adm_kpasswd.c, - * adm_funcs, adm_nego.c adm_extern.c and adm_listen.c - Use new calling convention for krb5_recvauth(), krb5_mk_priv(), - krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe(). - (Redid many of the internal functions to accomidate new a - uth_context structure and remove old unnecessary structures.) - -Fri Mar 24 14:38:06 1995 - - * adm_network.c (setup_network): If /etc/services doesn't have the - administration port, use a compiled in port. - -Thu Mar 2 12:24:50 1995 Theodore Y. Ts'o - - * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). - -Wed Mar 1 16:29:53 1995 Theodore Y. Ts'o - - * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket - and -lnsl with WITH_NETLIB check. - -Tue Feb 28 02:23:46 1995 John Gilmore (gnu at toad.com) - - * *.c: Avoid and includes. - -Fri Feb 3 07:50:14 1995 Theodore Y. Ts'o (tytso@dcl) - - * adm_v4_pwd.c: Don't use BITS64, use SIZEOF_LONG - -Wed Feb 01 22:05:35 1995 Chris Provenzano (proven@mit.edu) - - * adm_process.c, adm_extern.h (cpw_keyproc()) Added - krb5_keytype arg. - -Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) - - * Removed all narrow types and references to wide.h and narrow.h - -Wed Jan 18 10:26:30 1995 - - * adm_server.c (process_args): Modify getopt args so that the 'M' - option takes an argument. (krb5 bugs 984) - -Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) - - * Added krb5_context to all krb5_routines - -Mon Dec 19 18:12:18 1994 Theodore Y. Ts'o (tytso@dcl) - - * adm_listen.c (kill_children): Use syslog instead of krb_log. - -Tue Nov 1 18:19:36 1994 Mark Eichin (eichin@cygnus.com) - - * adm_listen.c (kill_children): use sigprocmask if available. - -Wed Oct 19 17:40:22 1994 Theodore Y. Ts'o (tytso@dcl) - - * adm_server.c (main): Select the cryptosystem to be used using - krb5_use_cstype() instead of using a implementation - specific assignment. Also, allow the encryption type to - be specified using a command line option. - -Tue Oct 4 17:08:25 1994 Theodore Y. Ts'o (tytso@dcl) - - * adm_process.c (cpw_keyproc): Add widen.h and narrow.h around - declaration so that argument types to keyproc are widened. - -Mon Oct 3 19:13:03 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Use $(srcdir) to find manual page for make install. - -Thu Sep 29 22:41:08 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: relink executable if libraries change - -Wed Sep 14 22:33:23 1994 Theodore Y. Ts'o (tytso@dcl) - - * adm_server (init_db): Save a copy of the master key database - entry in the master_entry global variable. - - * adm_process.c (process_client): Removed calls to - free(final_msg.data), where final_msg.data was pointing to - an automatic variable. - - * adm_process.c (cpw_keyproc): In the case where the - keyprocarg->key is set, copy the keyblock instead of - passing a pointer down --- more pointer aliasing problems! - - * adm_funcs.c (adm_modify_kdb): Added calls to krb5_copy_principal - instead of merely assigning pointers to one another and - causing pointer aliasing problems. Make sure the master - key version number is propagated correctly. - -Thu Aug 4 03:38:58 1994 Tom Yu (tlyu@dragons-lair) - - * Makefile.in: whoops install manpage as kadmin.8, not kadmin.1 - - * Makefile.in: install kadmind in the right place - -Sat Jul 16 09:22:19 1994 Tom Yu (tlyu at dragons-lair) - - * configure.in: another attempt to make dbm libs dtrt - -Fri Jul 1 16:01:02 1994 Mark Eichin (eichin@cygnus.com) - - * adm_listen.c: if USE_SIGPROCMASK, replace sigblock et al. - configure.in: CHECK_SIGPROCMASK. - -Wed Jun 29 00:25:29 1994 Tom Yu (tlyu at dragons-lair) - - * adm_server.c: fixed error table calls to use krb5_init_ets - -Fri Jun 24 20:39:37 1994 Theodore Y. Ts'o (tytso at tsx-11) - - * adm_process.c (cpw_keyproc): return error codes on failure - - * adm_nego.c (adm_negotiate_key): added return on memory - allocation error - - * adm_fmt_inq.c (adm_fmt_prt, adm_print_exp_time, - adm_print_attributes): Sanitized error return strategies. - - * adm_kadmin.c (adm5_kadmin): Plug memory leaks, fix double - free's, fix message in error syslog. - - * adm_process.c (process_client): Plug memory leaks - - * adm_adm_func. (adm_inq_old_key): Plug memory leaks, return error - when adm_fmt_prt returns an error - - * adm_adm_func.c (adm_mod_old_key): Plug memory leaks, report error - if put_principal returns an error. - - * adm_adm_func.c (adm_change_pwd_rnd): Fix syslog information - - * adm_adm_func.c (adm_build_key): Plug memory leak - - diff --git a/src/kadmin.old/server/Makefile.in b/src/kadmin.old/server/Makefile.in deleted file mode 100644 index 6163ccfd3..000000000 --- a/src/kadmin.old/server/Makefile.in +++ /dev/null @@ -1,48 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -all:: - -SRCS = \ - $(srcdir)/adm_server.c \ - $(srcdir)/adm_parse.c \ - $(srcdir)/adm_network.c \ - $(srcdir)/adm_listen.c \ - $(srcdir)/adm_process.c \ - $(srcdir)/adm_nego.c \ - $(srcdir)/adm_kpasswd.c \ - $(srcdir)/adm_kadmin.c \ - $(srcdir)/adm_fmt_inq.c \ - $(srcdir)/adm_adm_func.c \ - $(srcdir)/adm_funcs.c \ - $(srcdir)/adm_check.c \ - $(srcdir)/adm_extern.c \ - $(srcdir)/adm_msgs.c - -OBJS = \ - adm_server.o \ - adm_parse.o \ - adm_network.o \ - adm_listen.o \ - adm_process.o \ - adm_nego.o \ - adm_kpasswd.o \ - adm_kadmin.o \ - adm_fmt_inq.o \ - adm_adm_func.o \ - adm_funcs.o \ - adm_check.o \ - adm_extern.o \ - adm_msgs.o - -all:: kadmind - -kadmind: $(OBJS) $(DEPLIBS) - $(LD) $(LDFLAGS) $(LDARGS) -o kadmind $(OBJS) $(LIBS) - -install:: - $(INSTALL_PROGRAM) $(C)kadmind ${DESTDIR}$(SERVER_BINDIR)$(S)kadmind_old - $(INSTALL_DATA) $(srcdir)$(S)kadmind.M ${DESTDIR}$(SERVER_MANDIR)$(S)kadmind_old.8 - -clean:: - $(RM) kadmind - diff --git a/src/kadmin.old/server/adm_adm_func.c b/src/kadmin.old/server/adm_adm_func.c deleted file mode 100644 index e3583c429..000000000 --- a/src/kadmin.old/server/adm_adm_func.c +++ /dev/null @@ -1,886 +0,0 @@ -/* - * kadmin/server/adm_adm_func.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * Modify the Kerberos Database - */ - - -#include -#include -#include "com_err.h" - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_extern.h" - -#ifdef SANDIA -extern int classification; -#endif - -krb5_error_code -adm_build_key (context, auth_context, new_passwd, oper_type, entry) - krb5_context context; - krb5_auth_context auth_context; - char *new_passwd; - int oper_type; - krb5_db_entry entry; -{ - krb5_replay_data replaydata; - krb5_data outbuf; - int retval; - krb5_key_data *key_data; -#if defined(MACH_PASS) || defined(SANDIA) - char *tmp_phrase; - char *tmp_passwd; - int pwd_length, phrase_length; -#endif - -#if defined(MACH_PASS) || defined(SANDIA) - - if ((tmp_passwd = (char *) calloc (1, 120)) == (char *) 0) { - com_err("adm_build_key", ENOMEM, "for tmp_passwd"); - return(3); /* No Memory */ - } - - if ((tmp_phrase = (char *) calloc (1, 120)) == (char *) 0) { - free(tmp_passwd); - com_err("adm_build_key", ENOMEM, "for tmp_phrase"); - return(3); /* No Memory */ - } - - if (retval = get_pwd_and_phrase("adm_build_key", &tmp_passwd, - &tmp_phrase)) { - free(tmp_passwd); - free(tmp_phrase); - return(4); /* Unable to get Password */ - } - - if ((outbuf.data = (char *) calloc (1, strlen(tmp_passwd) + 1)) == - (char *) 0) { - com_err("adm_build_key", ENOMEM, "for outbuf.data"); - free(tmp_passwd); - free(tmp_phrase); - return(3); /* No Memory */ - } - - outbuf.length = strlen(tmp_passwd); - (void) memcpy(outbuf.data, tmp_passwd, strlen(tmp_passwd)); - -#else - - if ((outbuf.data = (char *) calloc (1, 3)) == - (char *) 0) { - com_err("adm_build_key", ENOMEM, "for outbuf.data"); - return(3); /* No Memory */ - } - - outbuf.data[0] = KADMIN; - outbuf.data[1] = oper_type; - outbuf.data[2] = KADMGOOD; - outbuf.length = 3; - - if (oper_type == CHGOPER || oper_type == CH4OPER) { - key_data = (krb5_key_data *) NULL; - if (krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_MD5, - ((oper_type == CHGOPER) ? - KRB5_KDB_SALTTYPE_NORMAL : - KRB5_KDB_SALTTYPE_V4), - -1, - &key_data)) { - com_err("adm_build_key", ENOENT, "finding key data"); - return(4); /* Unable to get password */ - } - outbuf.data[3] = key_data->key_data_type[1]; - outbuf.length = 4; - } - -#endif - - /* Encrypt Password and Phrase */ - if (retval = krb5_mk_priv(context, auth_context, &outbuf, - &msg_data, &replaydata)) { - com_err("adm_build_key", retval, "during mk_priv"); -#if defined(MACH_PASS) || defined(SANDIA) - free(tmp_passwd); - free(tmp_phrase); -#endif - free(outbuf.data); - return(5); /* Protocol Failure */ - } - -#if defined(MACH_PASS) || defined(SANDIA) - (void) memcpy(new_passwd, tmp_passwd, strlen(tmp_passwd)); - new_passwd[strlen(tmp_passwd)] = '\0'; - - free(tmp_phrase); - free(tmp_passwd); -#endif - free(outbuf.data); - - /* Send private message to Client */ - if (krb5_write_message(context, &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - com_err("adm_build_key", 0, "Error Performing Password Write"); - return(5); /* Protocol Failure */ - } - - free(msg_data.data); - - /* Read Client Response */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ - syslog(LOG_ERR | LOG_INFO, "Error Performing Password Read"); - return(5); /* Protocol Failure */ - } - - /* Decrypt Client Response */ - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - syslog(LOG_ERR | LOG_INFO, "adm_build_key krb5_rd_priv error"); - free(inbuf.data); - return(5); /* Protocol Failure */ - } - free(inbuf.data); - -#if !defined(MACH_PASS) && !defined(SANDIA) - memcpy(new_passwd, msg_data.data, msg_data.length); -#endif - - free(msg_data.data); - return(0); -} - -/* kadmin change password request */ -krb5_error_code -adm_change_pwd(context, auth_context, prog, customer_name, salttype) - krb5_context context; - krb5_auth_context auth_context; - char *prog; - char *customer_name; - int salttype; -{ - krb5_db_entry entry; - int nprincs = 1; - - krb5_error_code retval; - krb5_principal newprinc; - char *composite_name; - char *new_passwd; - int oper_type; - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Password Change Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - syslog(LOG_ERR | LOG_INFO, "parse failure while parsing '%s'", - customer_name); - return(5); /* Protocol Failure */ - } - - if (!(adm_princ_exists(context, "adm_change_pwd", newprinc, - &entry, &nprincs))) { - com_err("adm_change_pwd", 0, "Principal does not exist!"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(1); /* Principal Unknown */ - } - - if ((new_passwd = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { - com_err("adm_change_pwd", ENOMEM, "while allocating new_passwd!"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(3); /* No Memory */ - } - - oper_type = (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? CHGOPER : CH4OPER; - - if (retval = adm_build_key(context, auth_context, new_passwd, - oper_type, entry)) { - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - free(new_passwd); - return(retval); - } - - retval = krb5_unparse_name(context, newprinc, &composite_name); - - if (retval = adm_enter_pwd_key(context, "adm_change_pwd", - composite_name, - newprinc, - newprinc, - 1, /* chg_entry */ - salttype, - new_passwd, - &entry)) retval = 8; - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - free(composite_name); - - (void) memset(new_passwd, 0, strlen(new_passwd)); - free(new_passwd); - return(0); -} - -/* kadmin add new random key function */ -krb5_error_code -adm_change_pwd_rnd(context, cmdname, customer_name) - krb5_context context; - char *cmdname; - char *customer_name; -{ - krb5_db_entry entry; - int nprincs = 1; - krb5_error_code retval; - krb5_principal newprinc; - - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Random Password Change Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_change_pwd_rnd", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } -#ifdef SANDIA - if (!(newprinc[2])) { - if (retval = check_security(newprinc, classification)) { - krb5_free_principal(context, newprinc); - syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", - customer_name); - return(6); - } - } -#endif - if (!(adm_princ_exists(context, "adm_change_pwd_rnd", newprinc, - &entry, &nprincs))) { - com_err("adm_change_pwd_rnd", 0, "Principal does not exist!"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(1); /* Principal Unknown */ - } - - if (retval = adm_enter_rnd_pwd_key(context, "adm_change_pwd_rnd", - newprinc, - 1, /* change existing entry */ - &entry)) - retval = 8; - - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(retval); -} - -/* kadmin add new key function */ -krb5_error_code -adm_add_new_key(context, auth_context, cmdname, customer_name, salttype) - krb5_context context; - krb5_auth_context auth_context; - char *cmdname; - char *customer_name; - int salttype; -{ - krb5_db_entry entry; - int nprincs = 1; - - krb5_error_code retval; - krb5_principal newprinc; - char *new_passwd; - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Addition Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_add_new_key", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } -#ifdef SANDIA - if (!(newprinc[2])) { - if (retval = check_security(newprinc, classification)) { - krb5_free_principal(context, newprinc); - syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", - customer_name); - return(6); - } - } -#endif - if (adm_princ_exists(context, "adm_add_new_key",newprinc,&entry,&nprincs)) { - com_err("adm_add_new_key", 0, - "principal '%s' already exists", customer_name); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(2); /* Principal Already Exists */ - } - - if ((new_passwd = (char *) calloc (1, 255)) == (char *) 0) { - com_err("adm_add_new_key", ENOMEM, "for new_passwd"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(3); /* No Memory */ - } - - if (retval = adm_build_key(context, auth_context, new_passwd, - ADDOPER, entry)) { - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - free(new_passwd); - return(retval); - } - - if (retval = adm_enter_pwd_key(context, "adm_add_new_key", - customer_name, - newprinc, - newprinc, - 0, /* new_entry */ - salttype, - new_passwd, - &entry)) - retval = 8; - (void) memset(new_passwd, 0, strlen(new_passwd)); - free(new_passwd); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(retval); -} - -/* kadmin add new random key function */ -krb5_error_code -adm_add_new_key_rnd(context, cmdname, customer_name) - krb5_context context; - char *cmdname; - char *customer_name; -{ - krb5_db_entry entry; - int nprincs = 1; - krb5_error_code retval; - krb5_principal newprinc; - - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Addition Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_add_new_key_rnd", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } -#ifdef SANDIA - if (!(newprinc[2])) { - if (retval = check_security(newprinc, classification)) { - krb5_free_principal(context, newprinc); - syslog(LOG_ERR, "Principal (%s) - Incorrect Classification level", - customer_name); - return(6); - } - } -#endif - if (adm_princ_exists(context, "adm_add_new_key_rnd", newprinc, - &entry, &nprincs)) { - com_err("adm_add_new_key_rnd", 0, - "principal '%s' already exists", customer_name); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(2); /* Principal Already Exists */ - } - - if (retval = adm_enter_rnd_pwd_key(context, "adm_add_new_key_rnd", - newprinc, - 0, /* new entry */ - &entry)) - retval = 8; - - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(retval); -} - -/* kadmin delete old key function */ -krb5_error_code -adm_del_old_key(context, cmdname, customer_name) - krb5_context context; - char *cmdname; - char *customer_name; -{ - krb5_db_entry entry; - int nprincs = 1; - - krb5_error_code retval; - krb5_principal newprinc; - int one = 1; - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Deletion Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_del_old_key", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } - - if (!adm_princ_exists(context, "adm_del_old_key", newprinc, - &entry, &nprincs)) { - com_err("adm_del_old_key", 0, "principal '%s' is not in the database", - customer_name); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(1); - } - - if (retval = krb5_db_delete_principal(context, newprinc, &one)) { - com_err("adm_del_old_key", retval, - "while deleting '%s'", customer_name); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(8); - } else if (one != 1) { - com_err("adm_del_old_key", 0, - "no principal deleted - unknown error"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(8); - } - - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(0); -} - -/* kadmin modify existing Principal function */ -krb5_error_code -adm_mod_old_key(context, auth_context, cmdname, customer_name) - krb5_context context; - krb5_auth_context auth_context; - char *cmdname; - char *customer_name; -{ - krb5_replay_data replaydata; - krb5_db_entry entry; - int nprincs = 1; - extern int errno; - - krb5_error_code retval; - krb5_principal newprinc; - - krb5_data outbuf; - char tempstr[20]; - - int one = 1; - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Modification Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_mod_old_key", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } - - for ( ; ; ) { - - if (!adm_princ_exists(context, "adm_mod_old_key", newprinc, - &entry, &nprincs)) { - krb5_db_free_principal(context, &entry, nprincs); - com_err("adm_mod_old_key", 0, - "principal '%s' is not in the database", - customer_name); - krb5_free_principal(context, newprinc); - return(1); - } - - /* Send Acknowledgement */ - if ((outbuf.data = (char *) calloc (1, 255)) == (char *) 0) { - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - com_err("adm_mod_old_key", ENOMEM, "for outbuf.data"); - return(3); /* No Memory */ - } - - outbuf.length = 3; - outbuf.data[0] = KADMIND; - outbuf.data[1] = MODOPER; - outbuf.data[2] = SENDDATA3; - - if (retval = krb5_mk_priv(context, auth_context, &outbuf, - &msg_data, &replaydata)) { - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - com_err("adm_mod_old_key", retval, "during mk_priv"); - free(outbuf.data); - return(5); /* Protocol Failure */ - } - free(outbuf.data); - - if (krb5_write_message(context, &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - com_err("adm_mod_old_key", 0, - "Error Performing Modification Write"); - return(5); /* Protocol Failure */ - } - free(msg_data.data); - - /* Read Client Response */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - com_err("adm_mod_old_key", errno, - "Error Performing Modification Read"); - return(5); /* Protocol Failure */ - } - - /* Decrypt Client Response */ - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s", - error_message(retval)); - free(inbuf.data); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(5); /* Protocol Failure */ - } - - free(inbuf.data); - - if (msg_data.data[1] == KADMGOOD) break; - - /* Decode Message - Modify Database */ - if (msg_data.data[2] != SENDDATA3) { - free(msg_data.data); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(5); /* Protocol Failure */ - } -#ifdef SANDIA - if (msg_data.data[3] == KMODFCNT) { - (void) memcpy(tempstr, (char *) msg_data.data + 4, - msg_data.length - 4); - entry.fail_auth_count = atoi(tempstr); - } -#endif - - if (msg_data.data[3] == KMODVNO) { - krb5_key_data *kdata; - - (void) memcpy(tempstr, (char *) msg_data.data + 4, - msg_data.length - 4); - /* - * We could loop through all the supported key/salt types, but - * we don't have that technology yet. - */ - if (!krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_MD5, - KRB5_KDB_SALTTYPE_NORMAL, - -1, - &kdata)) - kdata->key_data_kvno = atoi(tempstr); - if (!krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, - -1, - &kdata)) - kdata->key_data_kvno = atoi(tempstr); - if (!krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_MD5, - KRB5_KDB_SALTTYPE_NOREALM, - -1, - &kdata)) - kdata->key_data_kvno = atoi(tempstr); - if (!krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_MD5, - KRB5_KDB_SALTTYPE_ONLYREALM, - -1, - &kdata)) - kdata->key_data_kvno = atoi(tempstr); - if (!krb5_dbe_find_enctype(context, - &entry, - ENCTYPE_DES_CBC_MD5, - KRB5_KDB_SALTTYPE_AFS3, - -1, - &kdata)) - kdata->key_data_kvno = atoi(tempstr); - } - - if (msg_data.data[3] == KMODATTR) { - if (msg_data.data[4] == ATTRPOST) - entry.attributes &= ~KRB5_KDB_DISALLOW_POSTDATED; - if (msg_data.data[4] == ATTRNOPOST) - entry.attributes |= KRB5_KDB_DISALLOW_POSTDATED; - if (msg_data.data[4] == ATTRFOR) - entry.attributes &= ~KRB5_KDB_DISALLOW_FORWARDABLE; - if (msg_data.data[4] == ATTRNOFOR) - entry.attributes |= KRB5_KDB_DISALLOW_FORWARDABLE; - if (msg_data.data[4] == ATTRTGT) - entry.attributes &= ~KRB5_KDB_DISALLOW_TGT_BASED; - if (msg_data.data[4] == ATTRNOTGT) - entry.attributes |= KRB5_KDB_DISALLOW_TGT_BASED; - if (msg_data.data[4] == ATTRREN) - entry.attributes &= ~KRB5_KDB_DISALLOW_RENEWABLE; - if (msg_data.data[4] == ATTRNOREN) - entry.attributes |= KRB5_KDB_DISALLOW_RENEWABLE; - if (msg_data.data[4] == ATTRPROXY) - entry.attributes &= ~KRB5_KDB_DISALLOW_PROXIABLE; - if (msg_data.data[4] == ATTRNOPROXY) - entry.attributes |= KRB5_KDB_DISALLOW_PROXIABLE; - if (msg_data.data[4] == ATTRDSKEY) - entry.attributes &= ~KRB5_KDB_DISALLOW_DUP_SKEY; - if (msg_data.data[4] == ATTRNODSKEY) - entry.attributes |= KRB5_KDB_DISALLOW_DUP_SKEY; - if (msg_data.data[4] == ATTRLOCK) - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - if (msg_data.data[4] == ATTRUNLOCK) - entry.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; - if (msg_data.data[4] == ATTRNOSVR) - entry.attributes |= KRB5_KDB_DISALLOW_SVR; - if (msg_data.data[4] == ATTRSVR) - entry.attributes &= ~KRB5_KDB_DISALLOW_SVR; -#ifdef SANDIA - if (msg_data.data[4] == ATTRPRE) - entry.attributes &= ~KRB5_KDB_REQUIRES_PRE_AUTH; - if (msg_data.data[4] == ATTRNOPRE) - entry.attributes |= KRB5_KDB_REQUIRES_PRE_AUTH; - if (msg_data.data[4] == ATTRPWOK) - entry.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; - if (msg_data.data[4] == ATTRPWCHG) - entry.attributes |= KRB5_KDB_REQUIRES_PWCHANGE; - if (msg_data.data[4] == ATTRSID) - entry.attributes &= ~KRB5_KDB_REQUIRES_SECUREID; - if (msg_data.data[4] == ATTRNOSID) - entry.attributes |= KRB5_KDB_REQUIRES_SECUREID; -#endif - } - - free(msg_data.data); - if (adm_update_tl_attrs(context, - &entry, - client_server_info.client, - 0)) { - com_err("adm_mod_old_key", retval, - "while updating modification attributes"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(5); /* Protocol Failure */ - } - - retval = krb5_db_put_principal(context, &entry, &one); - if (retval) { - com_err("adm_mod_old_key", retval, "while storing principal"); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return(8); /* Update failed */ - } - one = 1; - } /* for */ - - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - - /* Read Client Response */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ - com_err("adm_mod_old_key", errno, "Error Performing Read"); - return(5); /* Protocol Failure */ - } - - /* Decrypt Client Response */ - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s", - error_message(retval)); - free(inbuf.data); - return(5); /* Protocol Failure */ - } - - free(msg_data.data); - free(inbuf.data); - - return(0); -} - -/* kadmin inquire existing Principal function */ -krb5_error_code -adm_inq_old_key(context, auth_context, cmdname, customer_name) - krb5_context context; - krb5_auth_context auth_context; - char *cmdname; - char *customer_name; -{ - krb5_replay_data replaydata; - krb5_db_entry entry; - int nprincs = 1; - - krb5_data outbuf; - krb5_error_code retval; - krb5_principal newprinc; - char *fullname; - - syslog(LOG_AUTH | LOG_INFO, - "Remote Administrative Inquiry Request for %s by %s", - customer_name, client_server_info.name_of_client); - - if (retval = krb5_parse_name(context, customer_name, &newprinc)) { - com_err("adm_inq_old_key", retval, "while parsing '%s'", customer_name); - return(5); /* Protocol Failure */ - } - - if (retval = krb5_unparse_name(context, newprinc, &fullname)) { - krb5_free_principal(context, newprinc); - com_err("adm_inq_old_key", retval, "while unparsing"); - return(5); /* Protocol Failure */ - } - - if (!adm_princ_exists(context, "adm_inq_old_key", newprinc, - &entry, &nprincs)) { - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - free(fullname); - com_err("adm_inq_old_key", 0, "principal '%s' is not in the database", - customer_name); - return(1); - } - - if ((outbuf.data = (char *) calloc (1, 2048)) == (char *) 0) { - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - free(fullname); - com_err("adm_inq_old_key", ENOMEM, "for outbuf.data"); - return(3); /* No Memory */ - } - - /* Format Inquiry Data */ - if ((retval = adm_fmt_prt(context, &entry, fullname, outbuf.data))) { - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - free(fullname); - com_err("adm_inq_old_key", 0, "Unable to Format Inquiry Data"); - return(5); /* XXX protocol failure --- not right, but.. */ - } - outbuf.length = strlen(outbuf.data); - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - free(fullname); - - /* Encrypt Inquiry Data */ - if (retval = krb5_mk_priv(context, auth_context, &outbuf, - &msg_data, &replaydata)) { - com_err("adm_inq_old_key", retval, "during mk_priv"); - free(outbuf.data); - return(5); /* Protocol Failure */ - } - free(outbuf.data); - - /* Send Inquiry Information */ - if (krb5_write_message(context, &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - com_err("adm_inq_old_key", 0, "Error Performing Write"); - return(5); /* Protocol Failure */ - } - - free(msg_data.data); - - /* Read Client Response */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ - com_err("adm_inq_old_key", errno, "Error Performing Read"); - syslog(LOG_ERR, "adm_inq sock %d", client_server_info.client_socket); - return(5); /* Protocol Failure */ - } - - /* Decrypt Client Response */ - if (retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata)) { - com_err("adm_inq_old_key", retval, "krb5_rd_priv error %s", - error_message(retval)); - free(inbuf.data); - return(5); /* Protocol Failure */ - } - - /* XXX Decrypt client response.... and we don't use it?!? */ - - free(msg_data.data); - free(inbuf.data); - return(retval); -} - -#ifdef SANDIA -krb5_error_code - check_security(princ, class) -krb5_principal princ; -int class; -{ - char *input_name; - - if ((input_name = (char *) calloc (1, 255)) == 0) { - com_err("check_security", - ENOMEM, "while allocating memory for class check"); - return(3); - } - - memcpy((char *) input_name, princ->data[0].data, princ->data[0].length); - - if (class) { - /* Must be Classified Principal */ - if (strlen(input_name) == 8) { - if (!(strcmp(&input_name[7], "s") == 0) && - !(strcmp(&input_name[7], "c") == 0)) { - free(input_name); - return(6); - } - } else { - if (!((strncmp(&input_name[strlen(input_name) - 2], - "_s", 2) == 0) || - (strncmp(&input_name[strlen(input_name) - 2], "_c", 2) == 0))) { - free(input_name); - return(6); - } - } - } else { - /* Must be Unclassified Principal */ - if ((strlen(input_name) >= 8) || - ((strncmp(&input_name[strlen(input_name) - 2], "_s", 2) == 0) || - (strncmp(&input_name[strlen(input_name) - 2], "_c", 2) == 0))) { - free(input_name); - return(6); - } - } - - free(input_name); - return(0); -} -#endif diff --git a/src/kadmin.old/server/adm_check.c b/src/kadmin.old/server/adm_check.c deleted file mode 100644 index 67cd24bde..000000000 --- a/src/kadmin.old/server/adm_check.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * kadmin/server/adm_check.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - */ - - -#include -#include -#include -#include -#include "com_err.h" - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_err.h" -#include "adm_extern.h" - -krb5_error_code -adm_check_acl(name_of_client, acl_type) - char *name_of_client; - char *acl_type; -{ - FILE *acl_file; - char input_string[255]; - char admin_name[255]; -#define num_of_privs 5 - char priv[num_of_privs]; - extern char *acl_file_name; - char *lcl_acl_file; - int i, j; - - if ((lcl_acl_file = (char *) calloc(1, 80)) == (char *) 0) { - com_err("adm_check_acl", ENOMEM, "allocating acl file name"); - return(KADM_ENOMEM); /* No Memory */ - } - - (void) sprintf(lcl_acl_file, "%s", acl_file_name); - - if ((acl_file = fopen(lcl_acl_file, "r")) == NULL) { - syslog(LOG_ERR, "Cannot open acl file (%s)", acl_file_name); - free(lcl_acl_file); - return(KADM_EPERM); - } - - for ( ;; ) { - - if ((fgets(input_string, sizeof(input_string), acl_file)) == NULL) { - syslog(LOG_ERR, "Administrator (%s) not in ACL file (%s)", - name_of_client, lcl_acl_file); - break; /* Not Found */ - } - - if (input_string[0] == '#') continue; - - i = 0; - while (!isspace(input_string[i]) && i < strlen(input_string)) { - admin_name[i] = input_string[i]; - i++; - } - - while (isspace(input_string[i]) && i < strlen(input_string)) { - i++; - } - - priv[0] = priv[1] = priv[2] = priv[3] = priv[4] = '\0'; - - j = 0; - while ((i < strlen(input_string)) && (j < num_of_privs) && - (!isspace(input_string[i]))) { - priv[j] = input_string[i]; - i++; j++; - } - - if (priv[0] == '*') { - priv[0] = 'a'; /* Add Priv */ - priv[1] = 'c'; /* Changepw Priv */ - priv[2] = 'd'; /* Delete Priv */ - priv[3] = 'i'; /* Inquire Priv */ - priv[4] = 'm'; /* Modify Priv */ - } - - if (!strncmp(admin_name, name_of_client, - strlen(name_of_client))) { - switch(acl_type[0]) { - case 'a': - case 'c': - case 'd': - case 'i': - case 'm': - for (i = 0; i < num_of_privs; i++) { - if (priv[i] == acl_type[0]) { - fclose(acl_file); - free(lcl_acl_file); - return(0); /* Found */ - } - } - break; - - default: - break; - } - } - } - - fclose(acl_file); - free(lcl_acl_file); - return(KADM_EPERM); -} diff --git a/src/kadmin.old/server/adm_extern.c b/src/kadmin.old/server/adm_extern.c deleted file mode 100644 index 24b2b39a9..000000000 --- a/src/kadmin.old/server/adm_extern.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * kadmin/server/adm_extern.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * allocations of adm_extern stuff - */ - -#include "k5-int.h" - -/* real declarations of KDC's externs */ -krb5_encrypt_block master_encblock; -krb5_keyblock master_keyblock; -krb5_principal master_princ; - -volatile int signal_requests_exit = 0; /* gets set when signal hits */ - -char *dbm_db_name = DEFAULT_KDB_FILE; -char *realm = NULL; - -krb5_keyblock tgs_key; -krb5_kvno tgs_kvno; - -krb5_data inbuf; -krb5_data msg_data; - -int send_seqno; - -/* -static krb5_data tgs_name = {KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}; -krb5_data *tgs_server[4] = {0, &tgs_name, 0, 0}; -*/ - -krb5_principal tgs_server; - -short admin_port = 0; diff --git a/src/kadmin.old/server/adm_extern.h b/src/kadmin.old/server/adm_extern.h deleted file mode 100644 index 4a630e90d..000000000 --- a/src/kadmin.old/server/adm_extern.h +++ /dev/null @@ -1,244 +0,0 @@ -/* - * kadmin/server/adm_extern.h - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * <<< Description >>> - */ - -#ifndef __ADM_EXTERN__ -#define __ADM_EXTERN__ - -#include "adm_defs.h" - -typedef struct { - /* Client Info */ - struct sockaddr_in client_name; - krb5_address client_addr; - krb5_principal client; - char *name_of_client; - /* Server Info */ - struct sockaddr_in server_name; - krb5_address server_addr; - krb5_principal server; - char *name_of_service; - /* Miscellaneous */ - int server_socket; - int client_socket; -} global_client_server_info; - -/* various externs for KDC */ -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; -extern krb5_principal master_princ; -extern krb5_db_entry master_entry; - -extern volatile int signal_requests_exit; -extern char *dbm_db_name; -extern char *realm; - -extern krb5_keyblock tgs_key; -extern krb5_kvno tgs_kvno; -extern krb5_principal tgs_server; - -extern global_client_server_info client_server_info; -extern char *adm5_tcp_portname; -extern int adm5_tcp_port_fd; - -extern unsigned pidarraysize; -extern int *pidarray; - -extern char *adm5_ver_str; -extern int adm5_ver_len; - -extern int adm_debug_flag; - -extern int send_seqno; - -extern int exit_now; - -extern short admin_port; - -extern krb5_data inbuf; -extern krb5_data msg_data; - -extern char *oper_type[]; -extern char *ksrvutil_message[]; -extern char *kadmind_general_response[]; -extern char *kadmind_kpasswd_response[]; -extern char *kadmind_ksrvutil_response[]; -extern char *kadmind_kadmin_response[]; - -/* PROTOTYPES */ - -krb5_error_code adm_build_key - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - int, - krb5_db_entry)); - -krb5_error_code adm_change_pwd - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - char *, - int)); - -krb5_error_code adm_change_pwd_rnd - PROTOTYPE((krb5_context, - char *, - char *)); - -krb5_error_code adm_add_new_key - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - char *, - int)); - -krb5_error_code adm_add_new_key_rnd - PROTOTYPE((krb5_context, - char *, - char *)); - -krb5_error_code adm_del_old_key - PROTOTYPE((krb5_context, - char *, - char *)); - -krb5_error_code adm_mod_old_key - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - char *)); - -krb5_error_code adm_inq_old_key - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - char *)); - -krb5_error_code adm_print_exp_time - PROTOTYPE((krb5_context, - char *, - krb5_timestamp)); - -krb5_kvno adm_princ_exists - PROTOTYPE((krb5_context, - char *, - krb5_principal, - krb5_db_entry *, - int *)); - -krb5_error_code adm_enter_rnd_pwd_key - PROTOTYPE((krb5_context, - char *, - krb5_principal, - int, - krb5_db_entry *)); - -krb5_error_code adm_update_tl_attrs - PROTOTYPE((krb5_context, - krb5_db_entry *, - krb5_principal, - krb5_boolean)); - -krb5_error_code adm5_kadmin - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - char *, - int *)); - -krb5_error_code adm_negotiate_key - PROTOTYPE((krb5_context, - krb5_auth_context, - char const *, - char *)); - -krb5_error_code closedown_network PROTOTYPE((const char *)); -krb5_error_code setup_network - PROTOTYPE((krb5_context, - const char *)); - -krb5_error_code process_client - PROTOTYPE((krb5_context, - char *)); - -krb5_error_code cleanexit - PROTOTYPE((krb5_context, - int)); - -krb5_error_code closedown_db - PROTOTYPE((krb5_context)); - -krb5_error_code process_args - PROTOTYPE((krb5_context, - int, - char **)); - -krb5_error_code init_db - PROTOTYPE((krb5_context, - char *, - krb5_principal, - krb5_keyblock *)); - -void setup_com_err - PROTOTYPE((krb5_context)); - -krb5_error_code princ_exists - PROTOTYPE((krb5_context, - krb5_principal, - krb5_db_entry *)); - -krb5_error_code adm_enter_pwd_key - PROTOTYPE((krb5_context, - char * , - char * , - krb5_const_principal , - krb5_const_principal , - int , - int , - char * , - krb5_db_entry * )); - -krb5_error_code adm5_change - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - krb5_principal)); - -int adm5_listen_and_process - PROTOTYPE((krb5_context, - const char *)); - -krb5_error_code adm5_kpasswd - PROTOTYPE((krb5_context, - krb5_auth_context, - char *, - kadmin_requests *, - char *, - int *)); - -#endif /* __ADM_EXTERN__ */ diff --git a/src/kadmin.old/server/adm_fmt_inq.c b/src/kadmin.old/server/adm_fmt_inq.c deleted file mode 100644 index 9b4ac542f..000000000 --- a/src/kadmin.old/server/adm_fmt_inq.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * kadmin/server/adm_fmt_inq.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * Administrative Display Routine - */ - -#include "k5-int.h" -#include - -#ifdef HAVE_SYS_TIME_H -#include -#ifdef TIME_WITH_SYS_TIME -#include -#endif -#else -#include -#endif - -#define REALM_SEP '@' -#define REALM_SEP_STR "@" - -krb5_error_code -adm_print_attributes(ret_data, attribs) -char *ret_data; -krb5_flags attribs; -{ - char *my_data; - - if ((my_data = (char *) calloc (1,255)) == (char *) 0) - return ENOMEM; - - sprintf(my_data, "Principal Attributes (PA): "); - if (attribs & KRB5_KDB_DISALLOW_POSTDATED) - strcat(my_data, "NOPOST "); - else - strcat(my_data, "POST "); - if (attribs & KRB5_KDB_DISALLOW_FORWARDABLE) - strcat(my_data, "NOFOR "); - else - strcat(my_data, "FOR "); - if (attribs & KRB5_KDB_DISALLOW_TGT_BASED) - strcat(my_data, "NOTGT "); - else - strcat(my_data, "TGT "); - if (attribs & KRB5_KDB_DISALLOW_RENEWABLE) - strcat(my_data, "NOREN "); - else - strcat(my_data, "REN "); - if (attribs & KRB5_KDB_DISALLOW_PROXIABLE) - strcat(my_data, "NOPROXY\n"); - else - strcat(my_data, "PROXY\n"); - strcat(my_data, " "); - if (attribs & KRB5_KDB_DISALLOW_DUP_SKEY) - strcat(my_data, "NODUPSKEY "); - else - strcat(my_data, "DUPSKEY "); - if (attribs & KRB5_KDB_DISALLOW_ALL_TIX) - strcat(my_data, "LOCKED "); - else - strcat(my_data, "UNLOCKED "); - if (attribs & KRB5_KDB_DISALLOW_SVR) - strcat(my_data, "NOSVR\n"); - else - strcat(my_data, "SVR\n"); - -#ifdef SANDIA - strcat(my_data, " "); - if (attribs & KRB5_KDB_REQUIRES_PRE_AUTH) - strcat(my_data, "PREAUTH "); - else - strcat(my_data, "NOPREAUTH "); - if (attribs & KRB5_KDB_REQUIRES_PWCHANGE) - strcat(my_data, "PWCHG "); - else - strcat(my_data, "PWOK "); - if (attribs & KRB5_KDB_REQUIRES_HW_AUTH) - strcat(my_data, "SID\n"); - else - strcat(my_data, "NOSID\n"); -#endif - (void) strcat(ret_data, my_data); - free(my_data); - return(0); -} - -krb5_error_code -adm_print_exp_time(context, ret_data, time_input) - krb5_context context; - char *ret_data; - krb5_timestamp *time_input; -{ - char *my_data; - struct tm *exp_time; - - if ((my_data = (char *) calloc (1,255)) == (char *) 0) - return ENOMEM; - - exp_time = localtime((time_t *) time_input); - sprintf(my_data, - "Principal Expiration Date (PED): %02d%02d/%02d/%02d:%02d:%02d:%02d\n", - (exp_time->tm_year >= 100) ? 20 : 19, - (exp_time->tm_year >= 100) ? exp_time->tm_year - 100 : exp_time->tm_year, - exp_time->tm_mon + 1, - exp_time->tm_mday, - exp_time->tm_hour, - exp_time->tm_min, - exp_time->tm_sec); - (void) strcat(ret_data, my_data); - free(my_data); - return(0); -} - -/* - * With the new database format, we assume that a database entry always has a - * key which is des:normal - */ -krb5_error_code -adm_fmt_prt(context, entry, Principal_name, ret_data) - krb5_context context; - krb5_db_entry *entry; - char *Principal_name; - char *ret_data; -{ - struct tm *mod_time; - krb5_error_code retval; - krb5_key_data *pkey; - krb5_tl_mod_princ *mprinc_data; -#ifdef SANDIA - struct tm *exp_time; - int pwd_expire; - krb5_timestamp now; -#endif - - char *my_data; - char thisline[80]; - - if ((my_data = (char *) calloc (1, 2048)) == (char *) 0) - return ENOMEM; - - (void) sprintf(my_data, "\n\nPrincipal: %s\n\n", Principal_name); - sprintf(thisline, - "Maximum Ticket Lifetime (MTL) = %d (seconds)\n", entry->max_life); - strcat(my_data, thisline); - sprintf(thisline, "Maximum Renewal Lifetime (MRL) = %d (seconds)\n", - entry->max_renewable_life); - strcat(my_data, thisline); - pkey = (krb5_key_data *) NULL; - if (retval = krb5_dbe_find_enctype(context, - entry, - ENCTYPE_DES_CBC_MD5, - KRB5_KDB_SALTTYPE_NORMAL, - -1, - &pkey)) { - free(my_data); - return retval; - } - sprintf(thisline, "Principal Key Version (PKV) = %d\n", - pkey->key_data_kvno); - strcat(my_data, thisline); - if (retval = adm_print_exp_time(context, my_data, &entry->expiration)) { - free(my_data); - return retval; - } - - /* - * Find the modification tagged entry. - */ - if (krb5_dbe_decode_mod_princ_data(context, entry, &mprinc_data)) { - free(my_data); - return retval; - } - mod_time = localtime((time_t *) &mprinc_data->mod_date); - sprintf(thisline, - "Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n", - (mod_time->tm_year >= 100) ? 20 : 19, - (mod_time->tm_year >= 100) ? mod_time->tm_year - 100 : mod_time->tm_year, - mod_time->tm_mon + 1, - mod_time->tm_mday, - mod_time->tm_hour, - mod_time->tm_min, - mod_time->tm_sec); - strcat(my_data, thisline); - krb5_free_principal(context, mprinc_data->mod_princ); - krb5_xfree(mprinc_data); - if (retval = adm_print_attributes(my_data, entry->attributes)) { - free(my_data); - return retval; - } - switch (pkey->key_data_type[1] & 0xff) { - case 0 : strcat(my_data, - "Principal Salt Type (PST) = Version 5 Normal\n"); - break; - case 1 : strcat(my_data, "Principal Salt Type (PST) = Version 4\n"); - break; - case 2 : strcat(my_data, "Principal Salt Type (PST) = NOREALM\n"); - break; - case 3 : strcat(my_data, "Principal Salt Type (PST) = ONLYREALM\n"); - break; - case 4 : strcat(my_data, "Principal Salt Type (PST) = Special\n"); - break; - } -#ifdef SANDIA - sprintf(thisline, - "Invalid Authentication Count (FCNT) = %d\n", entry->fail_auth_count); - strcat(my_data, thisline); - retval = krb5_timeofday(context, &now); - pwd_expire = (now - entry->last_pwd_change) / 86400; - sprintf(thisline, "Password Age is %d Days\n", pwd_expire); - strcat(my_data, thisline); -#endif - (void) strcat(ret_data, my_data); - free(my_data); - return(0); -} diff --git a/src/kadmin.old/server/adm_funcs.c b/src/kadmin.old/server/adm_funcs.c deleted file mode 100644 index bcc68cfdf..000000000 --- a/src/kadmin.old/server/adm_funcs.c +++ /dev/null @@ -1,430 +0,0 @@ -/* - * kadmin/server/adm_funcs.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * Modify the Kerberos Database - */ - -#include "com_err.h" -#include - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_err.h" -#include "adm_extern.h" -#include "adm.h" - -struct saltblock { - int salttype; - krb5_data saltdata; -}; - -static const krb5_key_salt_tuple keysalts[] = { -{ ENCTYPE_DES_CBC_MD5, KRB5_KDB_SALTTYPE_NORMAL }, -{ ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_V4 } -}; -static const krb5_int32 n_keysalts = - sizeof(keysalts) / sizeof(keysalts[0]); - -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; - -typedef unsigned char des_cblock[8]; - -krb5_error_code adm_get_rnd_key PROTOTYPE((char *, - krb5_ticket *, - krb5_authenticator *, - krb5_principal, - int, - krb5_db_entry *)); - -static krb5_error_code adm_modify_kdb - PROTOTYPE((krb5_context, - char const *, - char const *, - krb5_const_principal, - int, - krb5_boolean, - char *, - krb5_db_entry *)); - - -krb5_kvno -adm_princ_exists(context, cmdname, principal, entry, nprincs) - krb5_context context; - char *cmdname; - krb5_principal principal; - krb5_db_entry *entry; - int *nprincs; -{ - krb5_boolean more; - krb5_error_code retval; - - if (retval = krb5_db_get_principal(context, principal, entry, - nprincs, &more)) { - com_err("adm_princ_exists", retval, - "while attempting to verify principal's existence"); - return(0); - } - - if (! *nprincs) return(0); - - return(*nprincs); -} - -static krb5_error_code -adm_modify_kdb(context, cmdname, newprinc, principal, req_type, is_rand, - pwd, entry) - krb5_context context; - char const * cmdname; - char const * newprinc; - krb5_const_principal principal; - int req_type; - krb5_boolean is_rand; - char * pwd; - krb5_db_entry * entry; -{ - krb5_error_code retval; - int one = 1; - - krb5_kvno KDB5_VERSION_NUM = 1; - extern krb5_flags NEW_ATTRIBUTES; - - if (!req_type) { /* New entry - initialize */ - memset((char *) entry, 0, sizeof(krb5_db_entry)); - retval = krb5_copy_principal(context, principal, &entry->princ); - if (retval) - return retval; - entry->max_life = master_entry.max_life; - entry->max_renewable_life = master_entry.max_renewable_life; - entry->expiration = master_entry.expiration; - } else { /* Modify existing entry */ -#ifdef SANDIA - entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; -#endif - } - - if (adm_update_tl_attrs(context, entry, master_princ, 1)) { - krb5_free_principal(context, entry->princ); - entry->princ = 0; - return retval; - } - - /* - * Do the change or add password operation. - */ - if (!is_rand) { - retval = (req_type) - ? krb5_dbe_cpw(context, - &master_encblock, - (krb5_key_salt_tuple *) keysalts, - n_keysalts, - pwd, - entry) - : krb5_dbe_apw(context, - &master_encblock, - (krb5_key_salt_tuple *) keysalts, - n_keysalts, - pwd, - entry); - } - else { - retval = (req_type) - ? krb5_dbe_crk(context, - &master_encblock, - (krb5_key_salt_tuple *) keysalts, - n_keysalts, - entry) - : krb5_dbe_ark(context, - &master_encblock, - (krb5_key_salt_tuple *) keysalts, - n_keysalts, - entry); - } - if (retval) { - com_err("adm_modify_kdb", retval, - "updating keys for '%s'\n", newprinc); - krb5_free_principal(context, entry->princ); - entry->princ = (krb5_principal) NULL; - return retval; - } - - entry->len = KRB5_KDB_V1_BASE_LENGTH; - retval = krb5_db_put_principal(context, entry, &one); - - if (retval) { - com_err("adm_modify_kdb", retval, - "while storing entry for '%s'\n", newprinc); - return(kdb5_err_base + retval); - } - - if (one != 1) - com_err("adm_modify_kdb", 0, "entry not stored in database (unknown failure)"); - return(0); -} - -krb5_error_code -adm_enter_pwd_key(context, cmdname, newprinc, princ, string_princ, req_type, - salttype, new_password, entry) - krb5_context context; - char * cmdname; - char * newprinc; - krb5_const_principal princ; - krb5_const_principal string_princ; - int req_type; - int salttype; - char * new_password; - krb5_db_entry * entry; -{ - krb5_error_code retval; - retval = adm_modify_kdb(context, "adm_enter_pwd_key", - newprinc, - princ, - req_type, - 0, - new_password, - entry); - - memset((char *) new_password, 0, strlen(new_password)); - return(retval); -} - -krb5_error_code -adm5_change(context, auth_context, prog, newprinc) - krb5_context context; - krb5_auth_context auth_context; - char *prog; - krb5_principal newprinc; -{ - krb5_db_entry entry; - int nprincs = 1; - - krb5_error_code retval; - char *composite_name; - char new_passwd[ADM_MAX_PW_LENGTH + 1]; - - if (!(adm_princ_exists(context, "adm5_change", newprinc, - &entry, &nprincs))) { - com_err("adm5_change", 0, "No principal exists!"); - krb5_free_principal(context, newprinc); - return(1); - } - - memset((char *) new_passwd, 0, ADM_MAX_PW_LENGTH + 1); - - /* Negotiate for New Key */ - if (retval = adm_negotiate_key(context, auth_context, "adm5_change", - new_passwd)) { - krb5_db_free_principal(context, &entry, nprincs); - krb5_free_principal(context, newprinc); - return(1); - } - - if (retval = krb5_unparse_name(context, newprinc, &composite_name)) { - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - return retval; - } - - retval = adm_enter_pwd_key(context, "adm5_change", - composite_name, - newprinc, - newprinc, - 1, /* change */ - KRB5_KDB_SALTTYPE_NORMAL, - new_passwd, - &entry); - (void) memset(new_passwd, 0, strlen(new_passwd)); - krb5_free_principal(context, newprinc); - krb5_db_free_principal(context, &entry, nprincs); - free(composite_name); - return(retval); -} - -#ifdef SANDIA -krb5_error_code -adm5_create_rnd(prog, change_princ, client_auth_data, client_creds) -char *prog; -krb5_principal change_princ; -krb5_authenticator *client_auth_data; -krb5_ticket *client_creds; -{ - krb5_db_entry entry; - int nprincs = 1; - - krb5_error_code retval; - - if (!(adm_princ_exists("adm5_create_rnd", - change_princ, - &entry, - &nprincs))) { - com_err("adm5_create_rnd", 0, "No principal exists!"); - krb5_free_principal(change_princ); - return(1); - } - - if (retval = adm_get_rnd_key("adm5_create_rnd", - client_creds, - client_auth_data, - change_princ, - 1, /* change */ - &entry)) { - krb5_db_free_principal(&entry, nprincs); - krb5_free_principal(change_princ); - return(retval); - } - - krb5_free_principal(change_princ); - krb5_db_free_principal(&entry, nprincs); - return(0); -} -#endif -#define MAXMSGSZ 255 - -krb5_error_code -adm_enter_rnd_pwd_key(context, cmdname, change_princ, req_type, entry) - krb5_context context; - char * cmdname; - krb5_principal change_princ; - int req_type; - krb5_db_entry * entry; -{ - krb5_error_code retval; - char *principal_name; - - - if (retval = krb5_unparse_name(context, change_princ, &principal_name)) - goto finish; - - /* Modify Database */ - retval = adm_modify_kdb(context, "adm_enter_rnd_pwd_key", - principal_name, - change_princ, - req_type, - 1, - (char *) NULL, - entry); - free(principal_name); - - if (retval) { - com_err("adm_enter_rnd_pwd_key", 0, "Database Modification Failure"); - retval = 2; - goto finish; - } - - finish: - - return(retval); -} - -krb5_error_code -adm_update_tl_attrs(kcontext, dbentp, mod_name, is_pwchg) - krb5_context kcontext; - krb5_db_entry *dbentp; - krb5_principal mod_name; - krb5_boolean is_pwchg; -{ - krb5_error_code kret; - - kret = 0 ; - - /* - * Handle modification principal. - */ - if (mod_name) { - krb5_tl_mod_princ mprinc; - - memset(&mprinc, 0, sizeof(mprinc)); - if (!(kret = krb5_copy_principal(kcontext, - mod_name, - &mprinc.mod_princ)) && - !(kret = krb5_timeofday(kcontext, &mprinc.mod_date))) - kret = krb5_dbe_encode_mod_princ_data(kcontext, - &mprinc, - dbentp); - if (mprinc.mod_princ) - krb5_free_principal(kcontext, mprinc.mod_princ); - } - - /* - * Handle last password change. - */ - if (!kret && is_pwchg) { - krb5_tl_data *pwchg; - krb5_timestamp now; - krb5_boolean linked; - - /* Find a previously existing entry */ - for (pwchg = dbentp->tl_data; - (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE); - pwchg = pwchg->tl_data_next); - - /* Check to see if we found one. */ - linked = 0; - if (!pwchg) { - /* No, allocate a new one */ - if (pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data))) { - memset(pwchg, 0, sizeof(krb5_tl_data)); - if (!(pwchg->tl_data_contents = - (krb5_octet *) malloc(sizeof(krb5_timestamp)))) { - free(pwchg); - pwchg = (krb5_tl_data *) NULL; - } - else { - pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE; - pwchg->tl_data_length = - (krb5_int16) sizeof(krb5_timestamp); - } - } - } - else - linked = 1; - - /* Do we have an entry? */ - if (pwchg && pwchg->tl_data_contents) { - /* Yes, do the timestamp */ - if (!(kret = krb5_timeofday(kcontext, &now))) { - /* Encode it */ - krb5_kdb_encode_int32(now, pwchg->tl_data_contents); - /* Link it in if necessary */ - if (!linked) { - pwchg->tl_data_next = dbentp->tl_data; - dbentp->tl_data = pwchg; - dbentp->n_tl_data++; - } - } - } - else - kret = ENOMEM; - } - - return(kret); -} - diff --git a/src/kadmin.old/server/adm_kadmin.c b/src/kadmin.old/server/adm_kadmin.c deleted file mode 100644 index 171516d0f..000000000 --- a/src/kadmin.old/server/adm_kadmin.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * kadmin/server/adm_kadmin.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - adm_kadmin.c -*/ - -#include -#include -#include "com_err.h" - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_extern.h" - -krb5_error_code -adm5_kadmin(context, auth_context, prog, retbuf, otype) - krb5_context context; - krb5_auth_context auth_context; - char *prog; - char *retbuf; /* Allocated in Calling Routine */ - int *otype; -{ - krb5_replay_data replaydata; - krb5_error_code retval; - kadmin_requests request_type; - krb5_data msg_data, outbuf, inbuf; - - char *customer_name; - char *completion_msg; - int length_of_name; - - int salttype; - - outbuf.data = retbuf; /* Do NOT free outbuf.data */ - - for ( ; ; ) { /* Use "return", "break", or "goto" - to exit for loop */ - - /* Encode Acknowledgement Message */ - retbuf[0] = KADMIND; - retbuf[1] = KADMSAG; - retbuf[2] = SENDDATA2; - outbuf.length = 3; - - retval = krb5_mk_priv(context, auth_context, &outbuf, - &msg_data, &replaydata); - if (retval ) { - syslog(LOG_ERR, - "adm5_kadmin - Error Performing Acknowledgement mk_priv"); - return(5); /* Protocol Failure */ - } - - /* Send Acknowledgement Reply to Client */ - if (retval = krb5_write_message(context, &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - syslog(LOG_ERR, - "adm5_kadmin - Error Performing Acknowledgement Write: %s", - error_message(retval)); - return(5); /* Protocol Failure */ - } - free(msg_data.data); - - /* Read Username */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ - syslog(LOG_ERR | LOG_INFO, "Error Performing Username Read"); - return(5); /* Protocol Failure */ - } - - /* Decrypt Client Response */ - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - free(inbuf.data); - syslog(LOG_ERR | LOG_INFO, "Error decoding Username - rd_priv"); - return(5); /* Protocol Failure */ - } - free(inbuf.data); - - request_type.appl_code = msg_data.data[0]; - request_type.oper_code = msg_data.data[1]; - if (msg_data.data[2] != SENDDATA2) { - syslog(LOG_ERR | LOG_INFO, - "Invalid Protocol String - Response not SENDDATA2"); - free(msg_data.data); - return(5); /* Protocol Failure */ - } - - length_of_name = msg_data.length - 3; - - if (request_type.oper_code == COMPLETE) { - *otype = 0; - free(msg_data.data); - retval = 0; - goto finish_req; - } - - if (!length_of_name) { - syslog(LOG_ERR, - "adm5_kadmin error: Invalid KADMIN request - No Customer"); - free(msg_data.data); - return(5); /* Protocol Error */ - } - - if ((customer_name = (char *) calloc(1, length_of_name + 1)) == - (char *) 0) { - syslog(LOG_ERR, "adm5_kadmin error: No Memory for Customer Name"); - free(msg_data.data); - return(3); /* No Memory */ - } - - (void) memcpy(customer_name, (char *) msg_data.data + 3, - length_of_name); - customer_name[length_of_name] = '\0'; - - free(msg_data.data); - - if ((completion_msg = (char *) calloc (1,512)) == (char *) 0) { - syslog(LOG_ERR, "adm5_kadmin - No Memory for completion_msg"); - free(customer_name); - return(3); /* No Memory */ - } - - switch(request_type.oper_code) { - case ADDOPER: - /* Check for Add Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "a")) { - retval = 7; - goto process_retval; - } - *otype = 1; - salttype = KRB5_KDB_SALTTYPE_NORMAL; - retval = adm_add_new_key(context, auth_context, "adm5_kadmin", - customer_name, salttype); - goto process_retval; - - case CHGOPER: - /* Check for Password Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "c")) { - retval = 7; - goto process_retval; - } - *otype = 2; - salttype = KRB5_KDB_SALTTYPE_NORMAL; - retval = adm_change_pwd(context, auth_context, "adm5_kadmin", - customer_name, salttype); - goto process_retval; - - case ADROPER: - /* Check for Add Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "a")) { - retval = 7; - goto process_retval; - } - *otype = 3; - retval = adm_add_new_key_rnd(context, "adm5_kadmin", - customer_name); - goto process_retval; - - case CHROPER: - /* Check for Password Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "c")) { - retval = 7; - goto process_retval; - } - *otype = 4; - retval = adm_change_pwd_rnd(context, "adm5_kadmin", - customer_name); - goto process_retval; - - case DELOPER: - /* Check for Delete Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "d")) { - retval = 7; - goto process_retval; - } - *otype = 5; - retval = adm_del_old_key(context, "adm5_kadmin", customer_name); - goto process_retval; - - case MODOPER: - /* Check for Modify Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "m")) { - retval = 7; - goto process_retval; - } - *otype = 6; - retval = adm_mod_old_key(context, auth_context, "adm5_kadmin", - customer_name); - goto process_retval; - - case INQOPER: - /* Check for Inquiry Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "i")) { - retval = 7; - goto process_retval; - } - *otype = 7; - retval = adm_inq_old_key(context, auth_context, "adm5_kadmin", - customer_name); - goto process_retval; - - case AD4OPER: - /* Check for Add Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "a")) { - retval = 7; - goto process_retval; - } - *otype = 8; - salttype = KRB5_KDB_SALTTYPE_V4; - retval = adm_add_new_key(context, auth_context, "adm5_kadmin", - customer_name, salttype); - goto process_retval; - - case CH4OPER: - /* Check for Password Privilege */ - if (retval = adm_check_acl(client_server_info.name_of_client, - "c")) { - retval = 7; - goto process_retval; - } - *otype = 9; - salttype = KRB5_KDB_SALTTYPE_V4; - retval = adm_change_pwd(context, auth_context, "adm5_kadmin", - customer_name, salttype); - goto process_retval; - - default: - retbuf[0] = KADMIN; - retbuf[1] = KUNKNOWNOPER; - retbuf[2] = '\0'; - sprintf(completion_msg, "%s %s from %s FAILED", - "kadmin", - "Unknown or Non-Implemented Operation Type!", - inet_ntoa(client_server_info.client_name.sin_addr)); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - retval = 255; - goto send_last; - } /* switch (request_type.oper_code) */ - -process_retval: - switch (retval) { - case 0: - retbuf[0] = KADMIN; - retbuf[1] = request_type.oper_code; - retbuf[2] = KADMGOOD; - retbuf[3] = '\0'; - goto send_last; - - case 1: /* Principal Unknown */ - case 2: /* Principal Already Exists */ - case 3: /* ENOMEM */ - case 4: /* Password Failure */ - case 5: /* Protocol Failure */ - case 6: /* Security Failure */ - case 7: /* Admin Client Not in ACL List */ - case 8: /* Database Update Failure */ - retbuf[0] = KADMIN; - retbuf[1] = request_type.oper_code; - retbuf[2] = KADMBAD; - retbuf[3] = '\0'; - sprintf((char *)retbuf +3, "%s", - kadmind_kadmin_response[retval]); - sprintf(completion_msg, - "%s %s from %s FAILED - %s", - "kadmin", - oper_type[request_type.oper_code], - inet_ntoa(client_server_info.client_name.sin_addr), - kadmind_kadmin_response[retval]); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - goto send_last; - - default: - retbuf[0] = KADMIN; - retbuf[1] = request_type.oper_code; - retbuf[2] = KUNKNOWNERR; - retbuf[3] = '\0'; - sprintf(completion_msg, "%s %s from %s FAILED", - "kadmin", - oper_type[1], - inet_ntoa( client_server_info.client_name.sin_addr)); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - retval = 255; - goto send_last; - } /* switch(retval) */ - -send_last: - free(customer_name); - free(completion_msg); - outbuf.data = retbuf; - outbuf.length = strlen(retbuf) + 1; - - /* Send Completion Message */ - if (retval = krb5_mk_priv(context, auth_context, &outbuf, - &msg_data, &replaydata)) { - syslog(LOG_ERR, "adm5_kadmin - Error Performing Final mk_priv"); - return(1); - } - - /* Send Final Reply to Client */ - if (retval = krb5_write_message(context, - &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - syslog(LOG_ERR, "adm5_kadmin - Error Performing Final Write: %s", - error_message(retval)); - return(1); - } - free(msg_data.data); - } /* for */ - -finish_req: - return(retval); -} diff --git a/src/kadmin.old/server/adm_kpasswd.c b/src/kadmin.old/server/adm_kpasswd.c deleted file mode 100644 index 7149654d1..000000000 --- a/src/kadmin.old/server/adm_kpasswd.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * kadmin/server/adm_kpasswd.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - adm_kpasswd.c -*/ - -#include -#include -#include -#include -#include "com_err.h" - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_extern.h" - -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; - -struct cpw_keyproc_arg { - krb5_keyblock *key; -}; - -krb5_error_code -adm5_kpasswd(context, auth_context, prog, request_type, retbuf, otype) - krb5_context context; - krb5_auth_context auth_context; - char *prog; - kadmin_requests *request_type; - char *retbuf; - int *otype; -{ - char completion_msg[520]; - krb5_error_code retval; - - switch (request_type->oper_code) { - case CHGOPER: - *otype = 3; - syslog(LOG_AUTH | LOG_INFO, - "adm_kpasswd: kpasswd change received"); - retval = adm5_change(context, auth_context, "adm5_kpasswd", - client_server_info.client); - - switch(retval) { - case 0: - retbuf[0] = KPASSWD; - retbuf[1] = CHGOPER; - retbuf[2] = KPASSGOOD; - retbuf[3] = '\0'; - break; - - case 1: - retbuf[0] = KPASSWD; - retbuf[1] = CHGOPER; - retbuf[2] = KPASSBAD; - retbuf[3] = '\0'; - sprintf((char *)retbuf +3, "%s", - kadmind_kpasswd_response[retval]); - sprintf(completion_msg, - "kpasswd change from %s FAILED: %s", - inet_ntoa(client_server_info.client_name.sin_addr), - kadmind_kpasswd_response[retval]); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - goto finish; - - default: - retbuf[0] = KPASSWD; - retbuf[1] = CHGOPER; - retbuf[2] = KUNKNOWNERR; - retbuf[3] = '\0'; - sprintf(completion_msg, "kpasswd change from %s FAILED", - inet_ntoa(client_server_info.client_name.sin_addr)); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - retval = 255; - goto finish; - } /* switch (retval) */ - break; - - default: - retbuf[0] = KPASSWD; - retbuf[1] = KUNKNOWNOPER; - retbuf[2] = '\0'; - sprintf(completion_msg, "kpasswd %s from %s FAILED", - "Unknown or Non-Implemented Operation Type!", - inet_ntoa(client_server_info.client_name.sin_addr )); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - retval = 255; - goto finish; - } /* switch (request_type->oper_code) */ - -finish: - return(retval); -} diff --git a/src/kadmin.old/server/adm_listen.c b/src/kadmin.old/server/adm_listen.c deleted file mode 100644 index a784b306b..000000000 --- a/src/kadmin.old/server/adm_listen.c +++ /dev/null @@ -1,197 +0,0 @@ -/* - * kadmin/server/adm_listen.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Network Listen Loop for the Kerberos Version 5 Administration server - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - adm_listen.c -*/ - -#ifdef _AIX -#include -#endif - -#include "k5-int.h" - -#include -#include -#include "com_err.h" - -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif - -#include -#include -#ifndef hpux -#include -#endif - -#include "adm_extern.h" - -int adm_debug_flag = 0; - -#ifdef USE_SIGPROCMASK -/* just do it right */ -void -kill_children() -{ - int i; - sigset_t old, new; - - sigemptyset(&old); - sigemptyset(&new); - sigaddset(&new,SIGCHLD); - sigprocmask(SIG_BLOCK, &new, &old); - - for (i = 0; i < pidarraysize; i++) { - kill(pidarray[i], SIGINT); - syslog(LOG_AUTH | LOG_INFO, "Killing Admin Child %d", pidarray[i]); - } - - sigprocmask(SIG_SETMASK, &old, NULL); -} - -#else - -#ifdef USE_SIGPROCMASK -/* fake sigmask, sigblock, sigsetmask */ -#include -#define sigmask(x) (1L<<(x)-1) -#define sigsetmask(x) sigprocmask(SIG_SETMASK,&x,NULL) -static int _fake_sigstore; -#define sigblock(x) (_fake_sigstore=x,sigprocmask(SIG_BLOCK,&_fake_sigstore,0)) -#endif - -void -kill_children() -{ - register int i; - int osigmask; - - osigmask = sigblock(sigmask(SIGCHLD)); - - for (i = 0; i < pidarraysize; i++) { - kill(pidarray[i], SIGINT); - syslog(LOG_AUTH | LOG_INFO, "Killing Admin Child %d", pidarray[i]); - } - - sigsetmask(osigmask); - return; -} -#endif /* HAVE_SIGSET */ - -/* adm5_listen_and_process - listen on the admin servers port for a request */ - -int -adm5_listen_and_process(context, prog) - krb5_context context; - const char *prog; -{ - extern int errno; - int found; - fd_set mask, readfds; - int addrlen; - krb5_error_code process_client(); - krb5_error_code retval; - void kill_children(); - int pid; - - (void) listen(client_server_info.server_socket, 1); - - FD_ZERO(&mask); - FD_SET(client_server_info.server_socket, &mask); - - for (;;) { /* loop nearly forever */ - if (exit_now) { - kill_children(); - return(0); - } - - readfds = mask; - if ((found = select(client_server_info.server_socket + 1, - &readfds, - (fd_set *)0, - (fd_set *)0, - (struct timeval *)0)) == 0) - continue; /* no things read */ - - if (found < 0) { - if (errno != EINTR) - syslog(LOG_AUTH | LOG_INFO, - "%s: select: %s", "adm5_listen_and_process", - error_message(errno)); - continue; - } - - if (FD_ISSET(client_server_info.server_socket, &readfds)) { - /* accept the conn */ - addrlen = sizeof(client_server_info.client_name); - if ((client_server_info.client_socket = - accept(client_server_info.server_socket, - (struct sockaddr *) &client_server_info.client_name, - &addrlen)) < 0) { - syslog(LOG_AUTH | LOG_INFO, "%s: accept: %s", - "adm5_listen_and_process", - error_message(errno)); - continue; - } - - if (adm_debug_flag) { - retval = process_client(context, - "adm5_listen_and_process"); - exit(retval); - } - - /* if you want a sep daemon for each server */ - if (!(pid = fork())) { - /* child */ - (void) close(client_server_info.server_socket); - - retval = process_client(context, - "adm5_listen_and_process"); - exit(retval); - } else { - /* parent */ - if (pid < 0) { - syslog(LOG_AUTH | LOG_INFO, "%s: fork: %s", - "adm5_listen_and_process", - error_message(errno)); - (void) close(client_server_info.client_socket); - continue; - } - - /* fork succeded: keep tabs on child */ - - (void) close(client_server_info.client_socket); - if (pidarray) { - pidarray = (int *) realloc((char *)pidarray, - (++pidarraysize) * sizeof(int)); - pidarray[pidarraysize - 1] = pid; - } else { - pidarraysize = 1; - pidarray = - (int *) malloc(pidarraysize *sizeof(int)); - pidarray[0] = pid; - } - } - } else { - syslog(LOG_AUTH | LOG_INFO, "%s: something else woke me up!", - "adm5_listen_and_process"); - return(0); - } - } -} diff --git a/src/kadmin.old/server/adm_msgs.c b/src/kadmin.old/server/adm_msgs.c deleted file mode 100644 index 3a350f116..000000000 --- a/src/kadmin.old/server/adm_msgs.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * kadmin/server/adm_msgs.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Top-level loop of the Kerberos Version 5 Administration server - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -char *oper_type[] = { - "complete", /* 0 */ - "addition", /* 1 */ - "deletion", /* 2 */ - "change", /* 3 */ - "modification", /* 4 */ - "inquiry" /* 5 */ -}; - -char *ksrvutil_message[] = { - "Service Key Changed", /* 0 */ - "New Key and Version Received" /* 1 */ -}; - -char *kadmind_general_response[] = { - "Success", /* 0 */ - "Service Access Granted" /* 1 */ -}; - -char *kadmind_kpasswd_response[] = { - "Password Changed", /* 0 */ - "Password NOT Changed!" /* 1 */ -}; - -char *kadmind_ksrvutil_response[] = { - "Service Password Change Complete", /* 0 */ - "One or More Service Password Change(s) Failed!", /* 1 */ - "Database Update Failure - Possible Catastrophe!!" /* 2 */ -}; - -char *kadmind_kadmin_response[] = { - "Administrative Service Completed", /* 0 */ - "Principal Unknown!", /* 1 */ - "Principal Already Exists!", /* 2 */ - "Allocation Failure!", /* 3 */ - "Password Failure!", /* 4 */ - "Protocol Failure!", /* 5 */ - "Security Failure!", /* 6 */ - "Admin Client Not in ACL List!", /* 7 */ - "Database Update Failure - Possible Catastrophe!!" /* 8 */ -}; diff --git a/src/kadmin.old/server/adm_nego.c b/src/kadmin.old/server/adm_nego.c deleted file mode 100644 index 331e8f52a..000000000 --- a/src/kadmin.old/server/adm_nego.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * kadmin/server/adm_nego.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * Modify the Kerberos Database - */ - - -#include "com_err.h" -#include - -#include -#include -#ifndef hpux -#include -#endif - -#include - -#include "k5-int.h" -#include "adm_extern.h" - -krb5_error_code -adm_negotiate_key(context, auth_context, prog, new_passwd) - krb5_context context; - krb5_auth_context auth_context; - char const * prog; - char * new_passwd; -{ - krb5_replay_data replaydata; - krb5_data msg_data, inbuf; - krb5_error_code retval; -#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */ - krb5_pwd_data *pwd_data; - krb5_pwd_data encodable_data; - krb5_data *encoded_pw_string; - passwd_phrase_element **next_passwd_phrase_element; - char *tmp_passwd, *tmp_phrase; - krb5_authenticator *client_auth_data; - int count, i, j, k; - int legit_passwd = 0; -#endif - extern int errno; - -#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */ - -#define clear_encodable_data() \ -{ encodable_data.sequence_count = 0; \ - encodable_data.element = 0; \ -} - -#define free_seq_list() \ -{ free(encodable_data.element); \ -} - -#define free_pwd_and_phrase_structures() \ -{ next_passwd_phrase_element = encodable_data.element; \ - for (k = 0; \ - *next_passwd_phrase_element != 0 && k < encodable_data.sequence_count; \ - k++) { \ - free(*next_passwd_phrase_element); \ - *next_passwd_phrase_element = 0; \ - next_passwd_phrase_element++; } \ -} - -#define free_passwds() \ -{ next_passwd_phrase_element = encodable_data.element; \ - for (k = 0; \ - *next_passwd_phrase_element != 0 && k < encodable_data.sequence_count; \ - k++) { \ - memset((char *) (*next_passwd_phrase_element)->passwd->data, \ - 0, (*next_passwd_phrase_element)->passwd->length); \ - free((*next_passwd_phrase_element)->passwd->data); \ - next_passwd_phrase_element++; } \ -} - -#define free_phrases() \ -{ next_passwd_phrase_element = encodable_data.element; \ - for (k = 0; \ - *next_passwd_phrase_element != 0 && k < encodable_data.sequence_count; \ - k++) { \ - memset((char *) (*next_passwd_phrase_element)->phrase->data, \ - 0, (*next_passwd_phrase_element)->phrase->length); \ - free((*next_passwd_phrase_element)->phrase->data); \ - next_passwd_phrase_element++; } \ -} - - encodable_data.sequence_count = - ADM_MAX_PW_CHOICES * ADM_MAX_PW_ITERATIONS; - - /* Allocate List of Password and Phrase Addresses Pointers */ - if ((encodable_data.element = (passwd_phrase_element **) calloc( - encodable_data.sequence_count + 1, - sizeof(passwd_phrase_element *))) == - (passwd_phrase_element **) 0) { - clear_encodable_data(); - com_err("adm_negotiate_key", 0, - "No Memory for Password and Phrase List"); - return(1); - } - - next_passwd_phrase_element = encodable_data.element; - - /* Allow for ADM_MAX_PW_ITERATIONS Sets of Five Passwords/Phrases */ - for ( i = 0; i < ADM_MAX_PW_ITERATIONS; i++) { - if ( i == ADM_MAX_PW_ITERATIONS ) { - com_err("adm_negotiate_key", 0, - "Excessive Password List Requests"); - return(1); - } - - /* Allocate passwd_phrase_element structures */ - for (j = 0; j < ADM_MAX_PW_CHOICES; j++) { - if ((*next_passwd_phrase_element = - (passwd_phrase_element *) calloc(1, - sizeof(passwd_phrase_element))) == - (passwd_phrase_element *) 0) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", 0, - "No Memory for Additional Password and Phrase Structures"); - return(1); - } - - if ((retval = get_pwd_and_phrase("adm_negotiate_key", - &tmp_passwd, &tmp_phrase))) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", 0, "Unable to get_pwd_and_phrase"); - return(1); - } - - if (((*next_passwd_phrase_element)->passwd = - (krb5_data *) calloc(1, - sizeof(krb5_data))) == (krb5_data *) 0) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", 0, - "No Memory for Additional Password and Phrase Structures"); - return(1); - } - - if (((*next_passwd_phrase_element)->passwd->data = - (char *) calloc (1, - strlen(tmp_passwd))) == (char *) 0) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", ENOMEM, - "for Additional Passwords"); - } - - strcpy((*next_passwd_phrase_element)->passwd->data, tmp_passwd); - (*next_passwd_phrase_element)->passwd->length = strlen(tmp_passwd); - - if (((*next_passwd_phrase_element)->phrase = - (krb5_data *) calloc(1, - sizeof(krb5_data))) == (krb5_data *) 0) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", 0, - "No Memory for Additional Password and Phrase Structures"); - return(1); - } - - if (((*next_passwd_phrase_element)->phrase->data = - (char *) calloc (1, - strlen(tmp_phrase))) == (char *) 0) { - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", ENOMEM, - "for Additional Passwords"); - return(1); - } - - strcpy((*next_passwd_phrase_element)->phrase->data, tmp_phrase); - (*next_passwd_phrase_element)->phrase->length = strlen(tmp_phrase); - - free(tmp_passwd); - free(tmp_phrase); - - next_passwd_phrase_element++; - } - } /* for i <= KADM_MAX_PW_CHOICES */ - - /* Asn.1 Encode the Passwords and Phrases */ - if ((retval = encode_krb5_pwd_data(&encodable_data, - &encoded_pw_string))) { - com_err("adm_negotiate_key", 0, - "Unable to encode Password and Phrase Data"); - return(1); - } - - /* Free Phrases But Hold onto Passwds for Awhile*/ - free_phrases(); - - /* Encrypt Password/Phrases Encoding */ - retval = krb5_mk_priv(context, auth_context, encoded_pw_string, - &msg_data, &replaydata); - if (retval ) { - free_passwds(); - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", retval, "during mk_priv"); - return(1); - } - - /* Send Encrypted/Encoded Passwords and Phrases to Client */ - if (krb5_write_message(context, &client_server_info.client_socket, &msg_data)){ - free(msg_data.data); - free_passwds(); - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); - com_err("adm_negotiate_key", 0, "Error Performing Password Write"); - return(1); - } - free(msg_data.data); - -#endif /* MACH_PASS - Machine-gen. passwords */ - /* Read Client Response */ - if (krb5_read_message(context, &client_server_info.client_socket, &inbuf)){ -#if defined(MACH_PASS) || defined(SANDIA) - free_passwds(); - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); -#endif - com_err("adm_negotiate_key", errno, "Error Performing Password Read"); - return(1); - } - - /* Decrypt Client Response */ - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - free(inbuf.data); -#if defined(MACH_PASS) || defined(SANDIA) - free_passwds(); - free_pwd_and_phrase_structures(); - free_seq_list(); - clear_encodable_data(); -#endif - com_err("adm_negotiate_key", retval, "krb5_rd_priv error %s", - error_message(retval)); - return(1); - } - free(inbuf.data); - -#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords */ - legit_passwd = 0; - next_passwd_phrase_element = encodable_data.element; - /* Compare Response with Acceptable Passwords */ - for (j = 0; - j < ADM_MAX_PW_CHOICES * ADM_MAX_PW_ITERATIONS; - j++) { - if ((retval = memcmp(msg_data.data, - (*next_passwd_phrase_element)->passwd->data, - strlen((*next_passwd_phrase_element)->passwd->data))) == 0) { - legit_passwd++; - break; /* Exit Loop - Match Found */ - } - next_passwd_phrase_element++; - } - /* Now Free Passwds */ - free_passwds(); - - /* free password_and_phrase structures */ - free_pwd_and_phrase_structures(); - - /* free passwd_phrase_element list */ - free_seq_list(); - - /* clear krb5_pwd_data */ - clear_encodable_data(); - - if (!(legit_passwd)) { - com_err("adm_negotiate_key", 0, "Invalid Password Entered"); - return(1); - } -#endif - strncpy(new_passwd, msg_data.data, msg_data.length); - free(msg_data.data); - - return(0); -} - diff --git a/src/kadmin.old/server/adm_network.c b/src/kadmin.old/server/adm_network.c deleted file mode 100644 index 3ce8ac13e..000000000 --- a/src/kadmin.old/server/adm_network.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * kadmin/server/adm_network.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Network Initialization/Shutdown Component of the - * Version 5 Administration network - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - * adm_network.c - */ - -#include -#include "com_err.h" -#include -#include -#include -#include - -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif - -#include -#include -#ifndef hpux -#include -#endif -#include - -#include "k5-int.h" -#include "adm_extern.h" - -extern int errno; - -#ifdef POSIX_SIGTYPE -#define SIGNAL_RETURN return -#else -#define SIGNAL_RETURN return(0) -#endif - -krb5_error_code -closedown_network(prog) -const char *prog; -{ - if (client_server_info.server_socket == -1) return(1); - - (void) close(client_server_info.server_socket); - client_server_info.server_socket = -1; - return(0); -} - -krb5_sigtype -doexit() -{ - exit_now = 1; - SIGNAL_RETURN; -} - -/* - * SIGCHLD brings us here - */ -krb5_sigtype -do_child() -{ - /* - * has been included, so BSD will be defined on - * BSD systems - */ -#if BSD > 0 && BSD <= 43 -#ifndef WEXITSTATUS -#define WEXITSTATUS(w) (w).w_retcode -#define WTERMSIG(w) (w).w_termsig -#endif - union wait status; -#else - int status; -#endif - int pid, i, j; - -#ifdef OLD_SIGNALS - signal(SIGCHLD, do_child); -#endif - - pid = wait(&status); - if (pid < 0) - SIGNAL_RETURN; - - for (i = 0; i < pidarraysize; i++) - if (pidarray[i] == pid) { - /* found it */ - for (j = i; j < pidarraysize-1; j++) - /* copy others down */ - pidarray[j] = pidarray[j+1]; - pidarraysize--; - if ( !WIFEXITED(status) ) { - com_err("adm_network", 0, "child %d: termsig %d", - pid, WTERMSIG(status) ); - com_err("adm_network", 0, "retcode %d", - WEXITSTATUS(status)); - } - - SIGNAL_RETURN; - } - - com_err("adm_network", 0, - "child %d not in list: termsig %d, retcode %d", pid, - WTERMSIG(status), WEXITSTATUS(status)); - - SIGNAL_RETURN; -} - -krb5_error_code -setup_network(context, prog) - krb5_context context; - const char *prog; -{ - krb5_error_code retval; - char server_host_name[MAXHOSTNAMELEN]; - krb5_sigtype doexit(), do_child(); - struct servent *service_servent; - struct hostent *service_hostent; - int on = 1; -#ifndef OLD_SIGNALS - struct sigaction new_act; - - new_act.sa_handler = doexit; - sigemptyset(&new_act.sa_mask); - sigaction(SIGINT, &new_act, 0); - sigaction(SIGTERM, &new_act, 0); - sigaction(SIGHUP, &new_act, 0); - sigaction(SIGQUIT, &new_act, 0); - sigaction(SIGALRM, &new_act, 0); - new_act.sa_handler = SIG_IGN; - sigaction(SIGPIPE, &new_act, 0); - new_act.sa_handler = do_child; - sigaction(SIGCHLD, &new_act, 0); -#else - signal(SIGINT, doexit); - signal(SIGTERM, doexit); - signal(SIGHUP, doexit); - signal(SIGQUIT, doexit); - signal(SIGPIPE, SIG_IGN); /* get errors on write() */ - signal(SIGALRM, doexit); - signal(SIGCHLD, do_child); -#endif - - client_server_info.name_of_service = malloc(768); - if (!client_server_info.name_of_service) { - com_err("setup_network", 0, - "adm_network: No Memory for name_of_service"); - return ENOMEM; - } - - (void) sprintf(client_server_info.name_of_service, "%s%s%s%s%s", - CPWNAME, "/", realm, "@", realm); - -#ifdef DEBUG - fprintf(stderr, "client_server_info.name_of_service = %s\n", - client_server_info.name_of_service); -#endif /* DEBUG */ - - if ((retval = krb5_parse_name(context, client_server_info.name_of_service, - &client_server_info.server))) { - free(client_server_info.name_of_service); - com_err( "setup_network", retval, - "adm_network: Unable to Parse Server Name"); - return retval; - } - - if (gethostname(server_host_name, sizeof(server_host_name))) { - retval = errno; - krb5_free_principal(context, client_server_info.server); - free(client_server_info.name_of_service); - com_err( "setup_network", retval, - "adm_network: Unable to Identify Who I am"); - return retval; - } - - service_hostent = gethostbyname(server_host_name); - if (!service_hostent) { - retval = errno; - free(client_server_info.name_of_service); - com_err("setup_network", retval, "adm_network: Failed gethostname"); - return retval; - } - -#ifdef DEBUG - fprintf(stderr, "Official host name = %s\n", service_hostent->h_name); -#endif /* DEBUG */ - - client_server_info.server_name.sin_family = AF_INET; - -#ifdef unicos61 - memcpy((char *) &client_server_info.server_name.sin_addr, - (char *) service_hostent->h_addr, service_hostent->h_length); -#else - memcpy((char *) &client_server_info.server_name.sin_addr.s_addr, - (char *) service_hostent->h_addr, service_hostent->h_length); -#endif /* unicos61 */ - - client_server_info.server_socket = -1; - -#ifdef DEBUG - fprintf(stderr, "adm5_tcp_portname = %s\n", adm5_tcp_portname); -#endif /* DEBUG */ - - service_servent = getservbyname(adm5_tcp_portname, "tcp"); - if (admin_port) { - client_server_info.server_name.sin_port = admin_port; - } else if (service_servent) { - client_server_info.server_name.sin_port = service_servent->s_port; -#ifdef DEBUG - fprintf(stderr, "Official service name = %s\n", service_servent->s_name); -#endif /* DEBUG */ - } else { -#ifdef ADM5_DEFAULT_PORT - client_server_info.server_name.sin_port = htons(ADM5_DEFAULT_PORT); - com_err("setup_network", 0, "adm_network: using default port %d", - ADM5_DEFAULT_PORT); -#else - krb5_free_principal(client_server_info.server); - free(client_server_info.name_of_service); - com_err("setup_network", 0, "adm_network: %s/tcp service unknown", - adm5_tcp_portname); - return(1); -#endif - } - - - if ((client_server_info.server_socket = - socket(AF_INET, SOCK_STREAM, 0)) < 0) { - retval = errno; - krb5_free_principal(context, client_server_info.server); - free(client_server_info.name_of_service); - com_err("setup_network", retval, - "adm_network: Cannot create server socket."); - return(1); - } - -#ifdef DEBUG - fprintf(stderr, "Socket File Descriptor = %d\n", - client_server_info.server_socket); - fprintf(stderr, "sin_family = %d\n", - client_server_info.server_name.sin_family); - fprintf(stderr, "sin_port = %d\n", - client_server_info.server_name.sin_port); - fprintf(stderr, "in_addr.s_addr = %s\n", - inet_ntoa( client_server_info.server_name.sin_addr )); -#endif /* DEBUG */ - - if (admin_port && admin_port != htons(ADM5_DEFAULT_PORT)) { - (void) setsockopt(client_server_info.server_socket, SOL_SOCKET, - SO_REUSEADDR, (char *)&on, sizeof(on)); - } - - if (bind(client_server_info.server_socket, - (struct sockaddr *) &client_server_info.server_name, - sizeof(client_server_info.server_name)) < 0) { - retval = errno; - krb5_free_principal(context, client_server_info.server); - free(client_server_info.name_of_service); - com_err("setup_network", retval, - "adm_network: Cannot bind server socket."); - return(1); - } - - return(0); -} diff --git a/src/kadmin.old/server/adm_parse.c b/src/kadmin.old/server/adm_parse.c deleted file mode 100644 index a548d737a..000000000 --- a/src/kadmin.old/server/adm_parse.c +++ /dev/null @@ -1,265 +0,0 @@ -#ifdef SANDIA -/* - * kadmin/server/adm_parse.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - * Edit a KDC database. - */ - -#include -#include - -#if defined (unicos61) || (defined(mips) && defined(SYSTYPE_BSD43)) || defined(sysvimp) -#include -#else -#include -#endif /* unicos61 */ -#if defined(aux20) -#include -#endif /* aux20 */ - -#include "k5-int.h" - -void -kadmin_parse_and_set(input_string) -char *input_string; -{ - extern int classification; - extern krb5_kvno KDB5_VERSION_NUM; - extern krb5_deltat KDB5_MAX_TKT_LIFE; - extern krb5_deltat KDB5_MAX_REN_LIFE; - extern krb5_timestamp KDB5_EXP_DATE; - extern krb5_flags NEW_ATTRIBUTES; - - int num_args; - char parameter[40]; - char first_token[40]; - char second_token[40]; - - int bypass = 0; - - struct tm exp_date; - long todays_date; - int year; - int month; - int mday; - - first_token[0] = second_token[0] = '\0'; - num_args = sscanf(input_string, "%s %s %s", parameter, - first_token, second_token); - - if (strcmp(parameter, "BYPASS") == 0) { - bypass++; - syslog(LOG_ERR, - "CAUTION: Classified and Unclassified Principals will be allowed"); - return; - } - - if (strcmp(parameter, "CLASSIFICATION") == 0) { - if (strcmp(first_token, "CLASS") == 0) { - classification = 1; - if (bypass) classification = 0; - } - return; - } - - if (strcmp(parameter, "VERSION_NUM") == 0) { - if (num_args < 2) { - KDB5_VERSION_NUM = 1; - } else { - KDB5_VERSION_NUM = atoi(first_token); - } - return; - } - - if (strcmp(parameter, "MAX_TKT_LIFE") == 0) { - if (num_args < 2) { - KDB5_MAX_TKT_LIFE = KRB5_KDB_MAX_LIFE; - } else { - switch (second_token[0]) { - case 's': - KDB5_MAX_TKT_LIFE = atoi(first_token); - break; - case 'm': - KDB5_MAX_TKT_LIFE = atoi(first_token) * 60; - break; - case 'h': - KDB5_MAX_TKT_LIFE = atoi(first_token) * 3600; - break; - case 'd': - KDB5_MAX_TKT_LIFE = atoi(first_token) * 86400; - break; - case 'w': - KDB5_MAX_TKT_LIFE = atoi(first_token) * 604800; - break; - case 'M': /* 30 days */ - KDB5_MAX_TKT_LIFE = atoi(first_token) * 18144000; - break; - case 'y': /* 365 days */ - KDB5_MAX_TKT_LIFE = atoi(first_token) * 220752000; - break; - case 'e': /* eternity */ - KDB5_MAX_TKT_LIFE = 2145830400; - break; - default: - break; - } - } - return; - } - - if (strcmp(parameter, "MAX_REN_LIFE") == 0) { - if (num_args < 2) { - KDB5_MAX_REN_LIFE = KRB5_KDB_MAX_RLIFE; - } else { - switch (second_token[0]) { - case 's': - KDB5_MAX_REN_LIFE = atoi(first_token); - break; - case 'm': - KDB5_MAX_REN_LIFE = atoi(first_token) * 60; - break; - case 'h': - KDB5_MAX_REN_LIFE = atoi(first_token) * 3600; - break; - case 'd': - KDB5_MAX_REN_LIFE = atoi(first_token) * 86400; - break; - case 'w': - KDB5_MAX_REN_LIFE = atoi(first_token) * 604800; - break; - case 'M': /* 30 days */ - KDB5_MAX_REN_LIFE = atoi(first_token) * 18144000; - break; - case 'y': /* 365 days */ - KDB5_MAX_REN_LIFE = atoi(first_token) * 220752000; - break; - case 'e': /* eternity */ - KDB5_MAX_REN_LIFE = 2145830400; - break; - default: - break; - } - } - return; - } - - - if (strcmp(parameter, "SET_EXP_DATE") == 0) { - (void) time(&todays_date); - switch (first_token[0]) { - case 'e': /* eternity */ - KDB5_EXP_DATE = 2145830400; - year = 2037; - month = 12; - mday = 30; - sprintf(first_token, "%s", "eternity"); - break; - case 'y': /* yesterday */ - KDB5_EXP_DATE = todays_date - 86400; - year = 1970; - month = 01; - mday = 01; - sprintf(first_token, "%s", "yesterday"); - break; - case '0': - case '1': - case '2': - case '3': - case '9': - sscanf(first_token, "%d/%d/%d", &year, &month, &mday); - year = (year > 1900) ? year - 1900 : year; - year = (year > 137) ? year - 100 : year; - year = (year > 137) ? 137 : year; - exp_date.tm_year = - ((year >= 00 && year < 38) || - (year >= 70 && year <= 138)) ? year : 137; - exp_date.tm_mon = - (month >= 1 && - month <= 12) ? month - 1 : 0; - exp_date.tm_mday = - (mday >= 1 && - mday <= 31) ? mday : 1; - exp_date.tm_hour = 0; - exp_date.tm_min = 1; - exp_date.tm_sec = 0; - KDB5_EXP_DATE = convert_tm_to_sec(&exp_date); - break; - default: - KDB5_EXP_DATE = KRB5_KDB_EXPIRATION; - sprintf(first_token, "%s", "Default KDB Expiration"); - break; - } - if (year < 1900) year += 1900; - if (year < 1938) year += 100; - return; - } - - if (strcmp(parameter, "SET_PWCHG") == 0) { - if (num_args < 2) { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PWCHANGE; - } else { - if (first_token[0] == 'y' || first_token[0] == 'Y') { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PWCHANGE; - } else { - NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_PWCHANGE; - KDB5_VERSION_NUM = 1; - } - } - return; - } - - if (strcmp(parameter, "SET_PREAUTH") == 0) { - if (num_args < 2) { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PRE_AUTH; - } else { - if (first_token[0] == 'y' || first_token[0] == 'Y') { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_PRE_AUTH; - } else { - NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_PRE_AUTH; - } - } - return; - } - - if (strcmp(parameter, "SET_SECUREID") == 0) { - if (num_args < 2) { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_HW_AUTH | - KRB5_KDB_REQUIRES_PRE_AUTH; - } else { - if (first_token[0] == 'y' || first_token[0] == 'Y') { - NEW_ATTRIBUTES = NEW_ATTRIBUTES | KRB5_KDB_REQUIRES_HW_AUTH | - KRB5_KDB_REQUIRES_PRE_AUTH; - } else { - NEW_ATTRIBUTES = NEW_ATTRIBUTES & ~KRB5_KDB_REQUIRES_HW_AUTH; - } - } - return; - } -} -#else -/* Need something to compile. */ -#include -#endif diff --git a/src/kadmin.old/server/adm_process.c b/src/kadmin.old/server/adm_process.c deleted file mode 100644 index 35d0bc99f..000000000 --- a/src/kadmin.old/server/adm_process.c +++ /dev/null @@ -1,461 +0,0 @@ -/* - * kadmin/server/adm_process.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - adm_process.c -*/ - -#include -#include -#include -#include -#include "com_err.h" - -#include -#include -#ifndef hpux -#include -#endif - -#include "k5-int.h" -#include "adm_extern.h" - -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; - -static krb5_error_code -cpw_keyproc(context, keyblock) - krb5_context context; - krb5_keyblock ** keyblock; -{ - krb5_error_code retval; - krb5_db_entry cpw_entry; - krb5_principal cpw_krb; - krb5_keyblock *realkey; - krb5_boolean more; - int nprincs = 1; - krb5_keysalt salt; - krb5_key_data *kdatap; - - if (*keyblock == NULL) { - if (retval = krb5_parse_name(context, - client_server_info.name_of_service, - &cpw_krb)) { - syslog(LOG_ERR, - "cpw_keyproc %d while attempting to parse \"%s\"", - client_server_info.name_of_service, retval); - return(retval); - } - - if (retval = krb5_db_get_principal(context, cpw_krb, &cpw_entry, - &nprincs, &more)) { - syslog(LOG_ERR, - "cpw_keyproc %d while extracting %s entry", - client_server_info.name_of_service, retval); - return(retval); - } - - if (!nprincs) return(0); - - if ((realkey = (krb5_keyblock *) calloc (1, - sizeof(krb5_keyblock))) == (krb5_keyblock * ) 0) { - krb5_db_free_principal(context, &cpw_entry, nprincs); - syslog(LOG_ERR, "cpw_keyproc: No Memory for server key"); - close(client_server_info.client_socket); - return(ENOMEM); - } - - /* Find our key */ - if (retval = krb5_dbe_find_enctype(context, - &cpw_entry, - ENCTYPE_DES_CBC_MD5, - -1, - -1, - &kdatap)) { - krb5_db_free_principal(context, &cpw_entry, nprincs); - syslog(LOG_ERR, "cpw_keyproc: cannot find server DES key"); - close(client_server_info.client_socket); - return(retval); - } - - /* Extract the real kadmin/ keyblock */ - if (retval = krb5_dbekd_decrypt_key_data(context, - &master_encblock, - kdatap, - realkey, - &salt)) { - krb5_db_free_principal(context, &cpw_entry, nprincs); - free(realkey); - syslog(LOG_ERR, - "cpw_keyproc: Cannot extract %s from master key", - client_server_info.name_of_service); - exit(retval); - } - - *keyblock = realkey; - } - return(0); -} - -krb5_error_code -process_client(context, prog) - krb5_context context; - char *prog; -{ - krb5_error_code retval; - - krb5_keyblock * cpw_keyblock = NULL; - - int on = 1; - krb5_db_entry server_entry; - - char retbuf[512]; - - krb5_data final_msg; - char completion_msg[520]; - kadmin_requests request_type; - krb5_auth_context auth_context = NULL; - krb5_ticket * client_ticket = NULL; - krb5_replay_data replaydata; - - int number_of_entries; - krb5_boolean more; - int namelen; - - char *req_type = ""; - int otype; - - u_short data_len; - krb5_data outbuf; - krb5_data inbuf, msg_data; - extern int errno; - krb5_keysalt salt; - - krb5_timestamp adm_time; - krb5_key_data *kdatap; - - outbuf.data = retbuf; - if (setsockopt(client_server_info.client_socket, - SOL_SOCKET, SO_KEEPALIVE, - (const char *) &on, sizeof(on)) < 0) { - syslog(LOG_ERR, "adm_process: setsockopt keepalive: %d", errno); - } - - /* V4 kpasswd Protocol Hack */ - /* Read Length of Data */ - retval = krb5_net_read(context, client_server_info.client_socket, - (char *) &data_len, 2); - if (retval < 0) { - syslog(LOG_ERR, "kadmind error: net_read Length Failure"); - (void) sprintf(retbuf, "kadmind error during net_read for Length\n"); - exit(0); - } - - if (retval = krb5_db_init(context)) { /* Open as client */ - syslog(LOG_ERR, "adm_process: Can't Open Database"); - close(client_server_info.client_socket); - exit(0); - } - -/* Get Server Credentials for Mutual Authentication and Private - * Messages Note: Here client is the kadmin/ server - */ - number_of_entries = 1; - if ((retval = krb5_db_get_principal(context, client_server_info.server, - &server_entry, - &number_of_entries, - &more))) { - syslog(LOG_ERR, - "kadmind error: krb5_db_get_principal error: %d", retval); - close(client_server_info.client_socket); - exit(0); - } - - if (more) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - syslog(LOG_ERR, "kadmind error: kadmin/ service not unique"); - exit(1); - } - - if (number_of_entries != 1) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - syslog(LOG_ERR, "kadmind error: kadmin/ service UNKNOWN"); - close(client_server_info.client_socket); - exit(0); - } - - if ((cpw_keyblock = (krb5_keyblock *) calloc (1, - sizeof(krb5_keyblock))) == (krb5_keyblock *) 0) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - syslog(LOG_ERR, - "kadmind error: No Memory for server key"); - close(client_server_info.client_socket); - exit(0); - } - - /* Find our key */ - if (retval = krb5_dbe_find_enctype(context, - &server_entry, - ENCTYPE_DES_CBC_MD5, - -1, - -1, - &kdatap)) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - syslog(LOG_ERR, - "kadmind error: cannot find server DES key"); - close(client_server_info.client_socket); - exit(0); - } - - /* Extract the real kadmin/ keyblock */ - if (retval = krb5_dbekd_decrypt_key_data(context, - &master_encblock, - kdatap, - cpw_keyblock, - &salt)) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - free(cpw_keyblock); - syslog(LOG_ERR, - "kadmind error: Cannot extract kadmin/ from master key"); - close(client_server_info.client_socket); - exit(0); - } - -/* - * To verify authenticity, we need to know the address of the - * client. - */ - - namelen = sizeof(client_server_info.client_addr); - if (getpeername(client_server_info.client_socket, - (struct sockaddr *) &client_server_info.client_addr, - &namelen) < 0) { - syslog(LOG_ERR, "kadmind error: Unable to Obtain Client Name."); - close(client_server_info.client_socket); - exit(0); - } - - /* we use mutual authentication */ - client_server_info.client_addr.addrtype = - client_server_info.client_name.sin_family; - client_server_info.client_addr.length = SIZEOF_INADDR; - client_server_info.client_addr.contents = - (krb5_octet *) &client_server_info.client_name.sin_addr; - - client_server_info.server_addr.addrtype = - client_server_info.server_name.sin_family; - client_server_info.server_addr.length = SIZEOF_INADDR; - client_server_info.server_addr.contents = - (krb5_octet *) &client_server_info.server_name.sin_addr; - - krb5_init_ets(context); - - syslog(LOG_AUTH | LOG_INFO, - "Request for Administrative Service Received from %s - Authenticating.", - inet_ntoa( client_server_info.client_name.sin_addr )); - - cpw_keyproc(context, &cpw_keyblock); - - if (krb5_auth_con_init(context, &auth_context)) - exit(1); - - krb5_auth_con_setflags(context,auth_context,KRB5_AUTH_CONTEXT_RET_SEQUENCE); - - krb5_auth_con_setaddrs(context, auth_context, - &client_server_info.server_addr, - &client_server_info.client_addr); - - if (krb5_auth_con_setuseruserkey(context, auth_context, cpw_keyblock)) - exit(1); - - if ((retval = krb5_recvauth(context, &auth_context, - (krb5_pointer) &client_server_info.client_socket, - ADM5_CPW_VERSION, - client_server_info.server, - 0, - NULL, - &client_ticket - ))) { - syslog(LOG_ERR, "kadmind error: %s during recvauth\n", - error_message(retval)); - (void) sprintf(retbuf, "kadmind error during recvauth: %s\n", - error_message(retval)); - krb5_free_keyblock(context, cpw_keyblock); - goto finish; - } - krb5_free_keyblock(context, cpw_keyblock); - - if (retval = krb5_copy_principal(context, client_ticket->enc_part2->client, - &client_server_info.client)) - goto finish; - - /* Check if ticket was issued using password (and not tgt) - * within the last 5 minutes - */ - - if (!(client_ticket->enc_part2->flags & TKT_FLG_INITIAL)) { - syslog(LOG_ERR, "Client ticket not initial"); - close(client_server_info.client_socket); - exit(0); - } - - if (retval = krb5_timeofday(context, &adm_time)) { - syslog(LOG_ERR, "Can't get time of day"); - close(client_server_info.client_socket); - exit(0); - } - - if ((adm_time - client_ticket->enc_part2->times.authtime) > 60*5) { - syslog(LOG_ERR, "Client ticket not recent"); - close(client_server_info.client_socket); - exit(0); - } - - if ((client_server_info.name_of_client = - (char *) calloc (1, 3 * 255)) == (char *) 0) { - syslog(LOG_ERR, "kadmind error: No Memory for name_of_client"); - close(client_server_info.client_socket); - exit(0); - } - - if ((retval = krb5_unparse_name(context, client_server_info.client, - &client_server_info.name_of_client))) { - syslog(LOG_ERR, "kadmind error: unparse failed.", - error_message(retval)); - goto finish; - } - - syslog(LOG_AUTH | LOG_INFO, - "Request for Administrative Service Received from %s at %s.", - client_server_info.name_of_client, - inet_ntoa( client_server_info.client_name.sin_addr )); - - /* compose the reply */ - outbuf.data[0] = KADMIND; - outbuf.data[1] = KADMSAG; - outbuf.length = 2; - - /* write back the response */ - if ((retval = krb5_write_message(context, &client_server_info.client_socket, - &outbuf))){ - syslog(LOG_ERR, "kadmind error: Write Message Failure: %s", - error_message(retval)); - retval = 1; - goto finish; - } - - /* Ok Now let's get the first private message and respond */ - if (retval = krb5_read_message(context, &client_server_info.client_socket, - &inbuf)){ - syslog(LOG_ERR, "kadmind error: read First Message Failure: %s", - error_message(retval)); - retval = 1; - goto finish; - } - - if ((retval = krb5_rd_priv(context, auth_context, &inbuf, - &msg_data, &replaydata))) { - free(inbuf.data); - syslog(LOG_ERR, "kadmind error: rd_priv:%s\n", error_message(retval)); - goto finish; - } - free(inbuf.data); - - request_type.appl_code = msg_data.data[0]; - request_type.oper_code = msg_data.data[1]; - - free(msg_data.data); - - switch (request_type.appl_code) { - case KPASSWD: - req_type = "kpasswd"; - if (retval = adm5_kpasswd(context, auth_context, "process_client", - &request_type, retbuf, &otype)) { - goto finish; - } - break; - - case KADMIN: - req_type = "kadmin"; - if (retval = adm5_kadmin(context, auth_context, "process_client", - retbuf, &otype)) { - goto finish; - } - retbuf[0] = KADMIN; - retbuf[2] = KADMGOOD; - retbuf[3] = '\0'; - otype = 0; - break; - - - default: - retbuf[0] = KUNKNOWNAPPL; - retbuf[1] = '\0'; - sprintf(completion_msg, "%s from %s (%02x) FAILED", - "Unknown Application Type!", - inet_ntoa(client_server_info.client_name.sin_addr), - request_type.appl_code); - /* Service Not Supported */ - retval = 255; - syslog(LOG_AUTH | LOG_INFO, completion_msg); - goto finish; - } /* switch(request_type.appl_code) */ - - if ((final_msg.data = (char *) calloc(1,10)) == (char *) 0) { - syslog(LOG_ERR | LOG_INFO, "no Memory while allocating final_msg.data"); - return ENOMEM; - } - final_msg.data = retbuf; - final_msg.length = strlen(retbuf) + 1; - - /* Send Completion Message */ - if (retval = krb5_mk_priv(context, auth_context, &final_msg, - &msg_data, &replaydata)) { - syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv"); - goto finish; - } - - /* Send Final Reply to Client */ - if (retval = krb5_write_message(context, &client_server_info.client_socket, - &msg_data)){ - free(msg_data.data); - syslog(LOG_ERR, "Error Performing Final Write: %s", - error_message(retval)); - retval = 1; - goto finish; - } - free(msg_data.data); - -finish: - - if (retval) { - free (client_server_info.name_of_client); - close(client_server_info.client_socket); - exit(1); - } - - sprintf(completion_msg, - "%s %s for %s at %s - Completed Successfully", - req_type, - oper_type[otype], - client_server_info.name_of_client, - inet_ntoa( client_server_info.client_name.sin_addr )); - syslog(LOG_AUTH | LOG_INFO, completion_msg); - free (client_server_info.name_of_client); - close(client_server_info.client_socket); - return 0; -} diff --git a/src/kadmin.old/server/adm_server.c b/src/kadmin.old/server/adm_server.c deleted file mode 100644 index 938bd843f..000000000 --- a/src/kadmin.old/server/adm_server.c +++ /dev/null @@ -1,537 +0,0 @@ -/* - * kadmin/server/adm_server.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Top-level loop of the Kerberos Version 5 Administration server - */ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - - -/* - adm_server.c - this holds the main loop and initialization and cleanup code for the server -*/ - -#include -#include -#include -#include -#include "com_err.h" - -#include -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif - -#include -#include -#ifndef hpux -#include -#endif - -#ifndef __STDC__ -#include -#endif - -#include "k5-int.h" -#include "adm_extern.h" -#include "adm_proto.h" - -char prog[32]; -char *progname = prog; -char *acl_file_name = DEFAULT_ADMIN_ACL; -char *adm5_ver_str = ADM5_VERSTR; -int adm5_ver_len; - -char *adm5_tcp_portname = ADM5_PORTNAME; -int adm5_tcp_port_fd = -1; - -unsigned pidarraysize = 0; -int *pidarray = (int *) 0; - -int exit_now = 0; - -global_client_server_info client_server_info; - -#ifdef SANDIA -int classification; /* default = Unclassified */ -#endif - -krb5_db_entry master_entry; - -krb5_flags NEW_ATTRIBUTES; - -int -cleanexit(context, val) - krb5_context context; - int val; -{ - (void) krb5_db_fini(context); - exit(val); -} - -krb5_error_code -closedown_db(context) - krb5_context context; -{ - krb5_error_code retval; - - /* clean up master key stuff */ - retval = krb5_finish_key(context, &master_encblock); - - memset((char *)&master_encblock, 0, sizeof(master_encblock)); - memset((char *)tgs_key.contents, 0, tgs_key.length); - - /* close database */ - if (retval) { - (void) krb5_db_fini(context); - return(retval); - } else - return(krb5_db_fini(context)); -} - -void -usage(name) -char *name; -{ - fprintf(stderr, "Usage: %s\t[-a aclfile] [-d dbname] [-k masterenctype]", - name); - fprintf(stderr, "\n\t[-h] [-m] [-M masterkeyname] [-r realm] [-p port]\n"); - return; -} - -krb5_error_code -process_args(context, argc, argv) - krb5_context context; - int argc; - char **argv; -{ - krb5_error_code retval; - int c; - krb5_boolean manual = FALSE; - int enctypedone = 0; - char *mkey_name = 0; - char *local_realm; - krb5_enctype ktype; - -#ifdef SANDIA - char input_string[80]; - FILE *startup_file; -#endif - - extern char *optarg; - -#ifdef SANDIA - classification = 0; - - if ((startup_file = - fopen(DEFAULT_KDCPARM_NAME, "r")) == (FILE *) 0) { - syslog(LOG_ERR, - "Cannot open parameter file (%s) - Using default parameters", - DEFAULT_KDCPARM_NAME); - syslog(LOG_ERR, "Only Unclassified Principals will be allowed"); - } else { - for ( ;; ) { - if ((fgets(input_string, sizeof(input_string), startup_file)) == NULL) - break; - kadmin_parse_and_set(input_string); - } - fclose(startup_file); - } -#endif - while ((c = getopt(argc, argv, "hmM:a:d:k:r:De:p:")) != EOF) { - switch(c) { - case 'a': /* new acl directory */ - acl_file_name = optarg; - break; - - case 'd': - /* put code to deal with alt database place */ - dbm_db_name = optarg; - if ((retval = krb5_db_set_name(context, dbm_db_name))) { - fprintf(stderr, "opening database %s: %s", - dbm_db_name, error_message(retval)); - exit(1); - } - break; - - case 'k': /* enctype for master key */ - if (!krb5_string_to_enctype(optarg, &master_keyblock.enctype)) - enctypedone++; - else - fprintf(stderr, "%s: %s is an invalid key type\n", - argv[0], optarg); - break; - - case 'm': /* manual type-in of master key */ - manual = TRUE; - break; - - case 'M': /* master key name in DB */ - mkey_name = optarg; - break; - - case 'r': - realm = optarg; - break; - - case 'D': - adm_debug_flag = 1; - break; - - case 'p': - admin_port = htons(atoi(optarg)); - break; - - case 'h': /* get help on using adm_server */ - default: - usage(argv[0]); - exit(1); /* Failure - Exit */ - } - - } - - if (!realm) { - /* no realm specified, use default realm */ - if ((retval = krb5_get_default_realm(context, &local_realm))) { - com_err(argv[0], retval, - "while attempting to retrieve default realm"); - exit(1); - } - realm = local_realm; - } - - if (!mkey_name) { - mkey_name = KRB5_KDB_M_NAME; - } - - if (!enctypedone) { - master_keyblock.enctype = ENCTYPE_DES_CBC_MD5; - } - - /* assemble & parse the master key name */ - if ((retval = krb5_db_setup_mkey_name(context, mkey_name, - realm, - (char **) 0, - &master_princ))) { - com_err(argv[0], retval, "while setting up master key name"); - exit(1); - } - - krb5_use_enctype(context, &master_encblock, master_keyblock.enctype); - - if ((retval = krb5_db_fetch_mkey(context, - master_princ, - &master_encblock, - manual, - FALSE, /* only read it once, if at all */ - (char *) NULL, /* No stash file */ - 0, /* No salt supplied */ - &master_keyblock))) { - com_err(argv[0], retval, "while fetching master key"); - exit(1); - } - - /* initialize random key generators */ - for (ktype = 0; ktype <= krb5_max_enctype; ktype++) { - if (krb5_enctype_array[ktype]) { - if ((retval = (*krb5_enctype_array[ktype]->system-> - init_random_key)(&master_keyblock, - &krb5_enctype_array[ktype]->random_sequence))) { - com_err(argv[0], retval, - "while setting up random key generator for ktype %d--ktype disabled", - ktype); - krb5_enctype_array[ktype] = 0; - } - } - } - - return(0); -} - -krb5_error_code -init_db(context, dbname, masterkeyname, masterkeyblock) - krb5_context context; - char *dbname; - krb5_principal masterkeyname; - krb5_keyblock *masterkeyblock; -{ - krb5_error_code retval; - - krb5_db_entry server_entry; - krb5_boolean more; - int number_of_entries; - char tgs_name[255]; - krb5_keysalt salt; - krb5_key_data *kdatap; - - /* set db name if appropriate */ - if (dbname && (retval = krb5_db_set_name(context, dbname))) - return(retval); - - /* initialize database */ - if ((retval = krb5_db_init(context))) - return(retval); - - if ((retval = krb5_db_verify_master_key(context, masterkeyname, - masterkeyblock, - &master_encblock))) { - master_encblock.crypto_entry = 0; - return(retval); - } - - /* do any necessary key pre-processing */ - if ((retval = krb5_process_key(context, &master_encblock, masterkeyblock))) { - master_encblock.crypto_entry = 0; - (void) krb5_db_fini(context); - return(retval); - } - -/* - * fetch the master database entry, and hold on to it. - */ - number_of_entries = 1; - if ((retval = krb5_db_get_principal(context, masterkeyname, &master_entry, - &number_of_entries, &more))) { - return(retval); - } - if (number_of_entries != 1) { - if (number_of_entries) - krb5_db_free_principal(context, &master_entry, number_of_entries); - return(KRB5_KDB_NOMASTERKEY); - } else if (more) { - krb5_db_free_principal(context, &master_entry, number_of_entries); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } - -/* - fetch the TGS key, and hold onto it; this is an efficiency hack - the master key name here is from the master_princ global, - so we can safely share its substructure - */ - strcpy(tgs_name, KRB5_TGS_NAME); - strcat(tgs_name, "/"); - strcat(tgs_name, masterkeyname->realm.data); - strcat(tgs_name, "@"); - strcat(tgs_name, masterkeyname->realm.data); - krb5_parse_name(context, tgs_name, &tgs_server); - - tgs_server->type = KRB5_NT_SRV_INST; - - number_of_entries = 1; - if ((retval = krb5_db_get_principal(context, - tgs_server, - &server_entry, - &number_of_entries, - &more))) { - return(retval); - } - - if (more) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - (void) krb5_finish_key(context, &master_encblock); - memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(context); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } else if (number_of_entries != 1) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - (void) krb5_finish_key(context, &master_encblock); - memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(context); - return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); - } - -/* - convert server.key into a real key - (it may be encrypted in the database) - */ - if ((retval = krb5_dbe_find_enctype(context, - &server_entry, - ENCTYPE_DES_CBC_MD5, - -1, - -1, - &kdatap))) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - (void) krb5_finish_key(context, &master_encblock); - memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(context); - return(retval); - } - if ((retval = krb5_dbekd_decrypt_key_data(context,&master_encblock, - kdatap,&tgs_key, - &salt))) { - krb5_db_free_principal(context, &server_entry, number_of_entries); - (void) krb5_finish_key(context, &master_encblock); - memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(context); - return(retval); - } - - tgs_kvno = kdatap->key_data_kvno; - krb5_db_free_principal(context, &server_entry, number_of_entries); - return(0); -} - -krb5_sigtype -request_exit() -{ - signal_requests_exit = 1; - return; -} - -void -setup_signal_handlers() -{ - krb5_sigtype request_exit(); - - (void)signal(SIGINT, request_exit); - (void)signal(SIGHUP, request_exit); - (void)signal(SIGTERM, request_exit); - return; -} - -static void -kdc_com_err_proc(whoami, code, format, pvar) - const char *whoami; - long code; - const char *format; - va_list pvar; -{ -#ifndef __STDC__ - extern int vfprintf(); -#endif - char tbuf[1024]; - - if (whoami) { - fputs(whoami, stderr); - fputs(": ", stderr); - } - - if (code) { - fputs(error_message(code), stderr); - fputs(" ", stderr); - } - - if (format) { - vfprintf (stderr, format, pvar); - } - - putc('\n', stderr); - /* should do this only on a tty in raw mode */ - putc('\r', stderr); - fflush(stderr); - - if (format) { - /* now need to frob the format a bit... */ - if (code) { - char *nfmt; - nfmt = (char *) malloc( - strlen(format)+strlen(error_message(code))+2); - strcpy(nfmt, error_message(code)); - strcat(nfmt, " "); - strcat(nfmt, format); - vsprintf(tbuf, nfmt, pvar); - syslog(LOG_ERR, tbuf); - free(nfmt); - } else { - vsprintf(tbuf, format, pvar); - syslog(LOG_ERR, tbuf); - } - } else { - if (code) { - syslog(LOG_ERR, "%s", error_message(code)); - } - } - return; -} - -void -setup_com_err(context) - krb5_context context; -{ - krb5_init_ets(context); - - (void) set_com_err_hook(kdc_com_err_proc); - return; -} - -/* -** Main does the logical thing, it sets up the database and RPC interface, -** as well as handling the creation and maintenance of the syslog file... -*/ -int -main(argc, argv) /* adm_server main routine */ -int argc; -char **argv; -{ - krb5_context context; - krb5_error_code retval; - int errout = 0; - - adm5_ver_len = ADM5_VERSIZE; - - /* Get the Name of this program (adm_server) for Error Messages */ - if (strrchr(argv[0], '/')) - argv[0] = (char *)strrchr(argv[0], '/') + 1; - - krb5_init_context(&context); - setup_com_err(context); - - /* Use Syslog for Messages */ -#ifndef LOG_AUTH /* 4.2 syslog */ -#define LOG_AUTH 0 - openlog(argv[0], LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6); -#else - openlog(argv[0], LOG_AUTH|LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6); -#endif /* LOG_AUTH */ - - process_args(context, argc, argv); /* includes reading master key */ - - setup_signal_handlers(); - - if ((retval = init_db(context, dbm_db_name, master_princ, - &master_keyblock))) { - com_err(argv[0], retval, "while initializing database"); - exit(1); - } - - if ((retval = setup_network(context, argv[0]))) { - exit(1); - } - - syslog(LOG_AUTH | LOG_INFO, "Admin Server Commencing Operation"); - - if ((retval = adm5_listen_and_process(context, argv[0]))) { - krb5_free_principal(context, client_server_info.server); - com_err(argv[0], retval, "while processing network requests"); - errout++; - } - - free(client_server_info.name_of_service); - krb5_free_principal(context, client_server_info.server); - - if ((errout = closedown_network(argv[0]))) { - com_err(argv[0], retval, "while shutting down network"); - retval = retval + errout; - } - - if ((errout = closedown_db(context))) { - com_err(argv[0], retval, "while closing database"); - retval = retval + errout; - } - - syslog(LOG_AUTH | LOG_INFO, "Admin Server Shutting Down"); - - printf("Admin Server (kadmind) has completed operation.\n"); - - exit(retval); -} diff --git a/src/kadmin.old/server/adm_v4_pwd.c b/src/kadmin.old/server/adm_v4_pwd.c deleted file mode 100644 index a96e1b994..000000000 --- a/src/kadmin.old/server/adm_v4_pwd.c +++ /dev/null @@ -1,413 +0,0 @@ - -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - */ - -#include -#include -#include -#include -#include - -#define MAX_KTXT_LEN 1250 -#define ANAME_SZ 40 -#define INST_SZ 40 -#define REALM_SZ 40 -#define DATE_SZ 26 - -typedef unsigned char des_cblock[8]; /* crypto-block size */ -#define C_Block des_cblock -typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; -#define Key_schedule des_key_schedule - -int des_debug = 0; - -struct ktext { - int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - unsigned long mbz; /* zero to catch runaway strings */ -}; - -typedef struct ktext *KTEXT; -typedef struct ktext KTEXT_ST; - -struct auth_dat { - unsigned char k_flags; /* Flags from ticket */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* His Instance */ - char prealm[REALM_SZ]; /* His Realm */ - unsigned KRB4_32 checksum; /* Data checksum (opt) */ - C_Block session; /* Session Key */ - int life; /* Life of ticket */ - unsigned KRB4_32 time_sec; /* Time ticket issued */ - unsigned KRB4_32 address; /* Address in ticket */ - KTEXT_ST reply; /* Auth reply (opt) */ -}; - -typedef struct auth_dat AUTH_DAT; - -#define KADM_VERSTR "SKADM.m1" -#define KADM_VERSIZE strlen(KADM_VERSTR) - -struct msg_dat { - unsigned char *app_data; /* pointer to appl data */ - unsigned KRB4_32 app_length; /* length of appl data */ - unsigned KRB4_32 hash; /* hash to lookup replay */ - int swap; /* swap bytes? */ - KRB4_32 time_sec; /* msg timestamp seconds */ - unsigned char time_5ms; /* msg timestamp 5ms units */ -}; - -typedef struct msg_dat MSG_DAT; - - - /* V5 Definitions */ -#include "k5-int.h" -#include "adm_extern.h" - -struct saltblock { - int salttype; - krb5_data saltdata; -}; - -struct cpw_keyproc_arg { - krb5_keyblock *key; -}; - -/* -process_v4_kpasswd -unwrap the data stored in dat, process, and return it. - */ -process_v4_kpasswd(dat, dat_len, cpw_key) -u_char **dat; -int *dat_len; -struct cpw_keyproc_arg *cpw_key; - -{ - u_char *in_st; /* pointer into the sent packet */ - int in_len,retc; /* where in packet we are, for - returns */ - u_long r_len; /* length of the actual packet */ - KTEXT_ST authent; /* the authenticator */ - AUTH_DAT ad; /* who is this, klink */ - u_long ncksum; /* checksum of encrypted data */ - des_key_schedule sess_sched; /* our schedule */ - MSG_DAT msg_st; - u_char *retdat, *tmpdat; - int retval, retlen; - u_short dlen; - extern int errno; - - if (strncmp(KADM_VERSTR, (char *) *dat, KADM_VERSIZE)) { - syslog(LOG_ERR, "process_v4_kpasswd: Bad Version String"); - return(1); - } - - in_len = KADM_VERSIZE; - /* get the length */ - if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) { - syslog(LOG_AUTH | LOG_INFO, "process_v4_kpasswd: Bad Length"); - return(1); - } - - in_len += retc; - authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); - memcpy((char *) authent.dat, (char *) (*dat) + in_len, authent.length); - authent.mbz = 0; - - if (retval = krb_set_key(cpw_key->key->contents, 0) != 0) { - syslog(LOG_ERR, "process_v4_kpasswd: Bad set_key Request"); - return(1); - } - - /* service key should be set before here */ - if (retc = krb4_rd_req(&authent, - CPWNAME, - client_server_info.server->realm.data, - client_server_info.client_name.sin_addr.s_addr, - &ad, - (char *) 0)) { - syslog(LOG_AUTH | LOG_INFO, "process_v4_kpasswd: Bad Read Request"); - return(1); - } - -#define clr_cli_secrets() \ -{ \ - memset((char *) sess_sched, 0, sizeof(sess_sched)); \ - memset((char *) ad.session, 0, sizeof(ad.session)); \ -} - - in_st = *dat + *dat_len - r_len; - ncksum = des_quad_cksum(in_st, (u_long *) 0, (long) r_len, 0, ad.session); - if (ncksum!=ad.checksum) { /* yow, are we correct yet */ - clr_cli_secrets(); - syslog(LOG_ERR, "process_v4_kpasswd: Invalid Checksum"); - return(1); - } - - des_key_sched(ad.session, sess_sched); - - if (retc = (int) krb4_rd_priv(in_st, - r_len, - sess_sched, - ad.session, - &client_server_info.client_name, - &client_server_info.server_name, - &msg_st)) { - syslog(LOG_ERR, "process_v4_kpasswd: Bad Read Private Code = %d", - retc); - clr_cli_secrets(); - return(1); - } - - if (msg_st.app_data[0] != 2) { /* Only Valid Request is CHANGE_PW = 2 */ - syslog(LOG_ERR, "process_v4_kpasswd: Invalid V4 Request"); - clr_cli_secrets(); - return(1); - } - - retval = adm_v4_cpw(msg_st.app_data+1, - (int) msg_st.app_length, - &ad, - &retdat, - &retlen); - - if (retval) { - syslog(LOG_ERR, - "process_v4_kpasswd: Password Modification for %s%s%s Failed", - ad.pname, (ad.pinst[0] != '\0') ? "/" : "", - (ad.pinst[0] != '\0') ? ad.pinst : ""); - } else { - syslog(LOG_ERR, - "process_v4_kpasswd: Password Modification for %s%s%s Complete", - ad.pname, (ad.pinst[0] != '\0') ? "/" : "", - (ad.pinst[0] != '\0') ? ad.pinst : ""); - } - - /* Now seal the response back into a priv msg */ - free((char *)*dat); - tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + - sizeof(u_long))); - - (void) strncpy((char *) tmpdat, KADM_VERSTR, KADM_VERSIZE); - - retval = htonl((u_long) retval); - - memcpy((char *) tmpdat + KADM_VERSIZE, (char *) &retval, sizeof(u_long)); - - if (retlen) { - memcpy((char *) tmpdat + KADM_VERSIZE + sizeof(u_long), - (char *) retdat, retlen); - free((char *) retdat); - } - - /* slop for mk_priv stuff */ - *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + - sizeof(u_long) + 200)); - - if ((*dat_len = krb4_mk_priv(tmpdat, *dat, - (u_long) (retlen + KADM_VERSIZE + - sizeof(u_long)), - sess_sched, - ad.session, - &client_server_info.server_name, - &client_server_info.client_name)) < 0) { - clr_cli_secrets(); - syslog(LOG_ERR, "process_v4_kpasswd: Bad mk_priv"); - return(1); - } - - dlen = (u_short) *dat_len; - - dlen = htons(dlen); - - if (krb5_net_write(context, client_server_info.client_socket, - (char *) &dlen, 2) < 0) { - syslog(LOG_ERR, "process_v4_kpasswd: Error writing dlen to client"); - (void) close(client_server_info.client_socket); - } - - if (krb5_net_write(context, client_server_info.client_socket, - (char *) *dat, *dat_len) < 0) { - syslog(LOG_ERR, "writing to client: %s",error_message(errno)); - (void) close(client_server_info.client_socket); - } - - free((char *) *dat); - clr_cli_secrets(); - - return(0); -} - -krb5_kvno -princ_exists(context, principal, entry) - krb5_context context; - krb5_principal principal; - krb5_db_entry *entry; -{ - int nprincs = 1; - krb5_boolean more; - krb5_error_code retval; - krb5_kvno vno; - - nprincs = 1; - if (retval = krb5_db_get_principal(context, principal, entry, - &nprincs, &more)) { - return 0; - } - - if (!nprincs) - return 0; - - return(nprincs); -} - -/* -adm_v4_cpw - the server side of the change_password routine - recieves : KTEXT, {key} - returns : CKSUM, RETCODE - acl : caller can change only own password - -Replaces the password (i.e. des key) of the caller with that specified in key. -Returns no actual data from the master server, since this is called by a user -*/ -int -adm_v4_cpw(dat, len, ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - krb5_db_entry entry; - krb5_keyblock *v5_keyblock; - - int number_of_principals; - krb5_error_code retval; - int one = 1; - char v5_principal[255]; - - C_Block v4_clear_key; - unsigned long keylow, keyhigh; - int stvlen; - - /* Identify the Customer */ - (void) sprintf(v5_principal, "%s%s%s\0", ad->pname, - (ad->pinst[0] != '\0') ? "/" : "", - (ad->pinst[0] != '\0') ? ad->pinst : ""); - - /* take key off the stream, and change the database */ - - if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) { - syslog(LOG_ERR, "adm_v4_cpw - (keyhigh) Length Error for stv_long"); - return(1); - } - if (stv_long(dat, &keylow, stvlen, len) < 0) { - syslog(LOG_ERR, "adm_v4_cpw - (keylow) Length Error for stv_long"); - return(1); - } - - keylow = ntohl(keylow); - keyhigh = ntohl(keyhigh); - - /* Convert V4 Key to V5 Key */ - (void) memcpy(v4_clear_key, (char *) &keylow, 4); - (void) memcpy(((long *) v4_clear_key) + 1, (char *) &keyhigh, 4); - - /* Zero Next Output Entry */ - memset((char *) &entry, 0, sizeof(entry)); - - if (retval = krb5_parse_name(context, v5_principal, &entry.principal)) { - syslog(LOG_ERR, "adm_v4_cpw - Error parsing %s", - v5_principal); - return(1); - } - - if (!(number_of_principals = princ_exists(entry.principal, &entry))) { - syslog(LOG_ERR, "adm_v4_cpw - principal %s is NOT in the database", - v5_principal); - return(1); - } - - /* Allocate v5_keyblock and fill some fields */ - if (!(v5_keyblock = (krb5_keyblock *) calloc (1, - sizeof(krb5_keyblock)))) { - syslog(LOG_ERR, "adm_v4_cpw - Error Allocating krb5_keyblock"); - return(1); - } - - v5_keyblock->enctype = ENCTYPE_DES_CBC_MD5; - v5_keyblock->length = 8; - if (!(v5_keyblock->contents = (krb5_octet *) calloc (1, - 8))) { - syslog(LOG_ERR, - "adm_v4_cpw - Error Allocating krb5_keyblock->contents\n"); - free(v5_keyblock); - return(1); - } - - memcpy(v5_keyblock->contents, v4_clear_key, 8); - - if (retval = krb5_kdb_encrypt_key(context, &master_encblock, - v5_keyblock, - &entry.key)) { - syslog(LOG_ERR, - "adm_v4_cpw - Error %d while encrypting key for '%s'\n", retval, - v5_principal); - return(1); - } - entry.alt_key.length = 0; - - /* Increment Version Number */ - entry.kvno = entry.kvno + 1; -#ifdef SANDIA - entry.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; -#endif - if (retval = krb5_timeofday(context, &entry.mod_date)) { - syslog(LOG_ERR, "adm_v4_cpw - Error while fetching date"); - return(1); - } -#ifdef SANDIA - entry.last_pwd_change = entry.mod_date; -#endif - entry.mod_name = entry.principal; /* Should be Person who did Action */ - - /* Write the Modified Principal to the V5 Database */ - if (retval = krb5_db_put_principal(context, &entry, &one)) { - syslog(LOG_ERR, - "adm_v4_cpw - Error %d while Entering Principal for '%s'", - retval, v5_principal); - return(1); - } - - *datout = 0; - *outlen = 0; - - return(0); -} - -stv_long(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_long *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; /* maximum length of st */ -{ - u_long temp = 0; /* to hold the net order short */ - -#if (SIZEOF_LONG == 4) - if (loc + 4 > maxlen) - return(-1); - (void) memcpy((char *) &temp + 4, (char *) ((u_long)st + (u_long)loc), 4); - *dat = ntohl(temp); /* convert to network order */ - return(4); -#else - if (loc + sizeof(u_long) > maxlen) - return(-1); - (void) memcpy((char *) &temp, (char *) ((u_long)st + (u_long)loc), - sizeof(u_long)); - *dat = ntohl(temp); /* convert to network order */ - return(sizeof(u_long)); -#endif -} diff --git a/src/kadmin.old/server/admin_acl_file b/src/kadmin.old/server/admin_acl_file deleted file mode 100644 index 77bddccba..000000000 --- a/src/kadmin.old/server/admin_acl_file +++ /dev/null @@ -1,12 +0,0 @@ -# Administrator Access Control List -# Format: -# Name Privileges Comments -# Where Privileges is a string containing one or more of -# "a" Add New Principals -# "c" Change Passwords -# "d" Delete Current Principals -# "i" Inquire About Existing Principals -# "m" Modify Existing Principals -# "*" All Privileges -#jqsample/admin@realm * -#tomjones/admin@realm acim # Note - May Not Delete diff --git a/src/kadmin.old/server/configure.in b/src/kadmin.old/server/configure.in deleted file mode 100644 index 0ffe6d923..000000000 --- a/src/kadmin.old/server/configure.in +++ /dev/null @@ -1,12 +0,0 @@ -AC_INIT(adm_kadmin.c) -CONFIG_RULES -AC_PROG_INSTALL -HAS_ANSI_VOLATILE -AC_TIME_WITH_SYS_TIME -ET_RULES -CHECK_SIGPROCMASK -USE_KADM_LIBRARY -USE_KDB5_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin.old/server/kadmind.M b/src/kadmin.old/server/kadmind.M deleted file mode 100644 index f4e625896..000000000 --- a/src/kadmin.old/server/kadmind.M +++ /dev/null @@ -1 +0,0 @@ -.\" this should not be empty