From: Ken Raeburn Date: Wed, 30 Aug 2006 00:10:54 +0000 (+0000) Subject: Some mechanical changes (mostly whitespace, like indentation levels) X-Git-Tag: krb5-1.6-alpha1~157 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f86959ef30fabc17e6759968f63e06832853d8cc;p=krb5.git Some mechanical changes (mostly whitespace, like indentation levels) to match up better with MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c index 733b7ab81..835b2350b 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c @@ -5,28 +5,28 @@ /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ /* @@ -44,10 +44,10 @@ int list_count_str_array(char **list) int i = 0; if (list == NULL) - return 0; + return 0; for (i = 0; *list != NULL; list++) { - i++; + i++; } return i; @@ -62,10 +62,10 @@ int list_count_int_array(int *list) int i = 0; if (list == NULL) - return 0; + return 0; for (i = 0; *list != END_OF_LIST; list++) { - i++; + i++; } return i; @@ -79,10 +79,10 @@ void krb5_free_list_entries(list) char **list; { if (list == NULL) - return; - for(; *list != NULL; list++) { - free(*list); - *list = NULL; + return; + for (; *list != NULL; list++) { + free(*list); + *list = NULL; } return; @@ -90,10 +90,10 @@ void krb5_free_list_entries(list) /* - * Tokenize the given string based on the delimiter provided + * Tokenize the given string based on the delimiter provided * and return the result as a list */ -krb5_error_code +krb5_error_code krb5_parse_list(buffer, delimiter, list) char *buffer; char *delimiter; @@ -107,32 +107,32 @@ krb5_parse_list(buffer, delimiter, list) int count = 0; if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) { - return EINVAL; + return EINVAL; } str = strdup(buffer); if (str == NULL) - return ENOMEM; + return ENOMEM; token = strtok_r(str, delimiter, &ptrptr); - for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES)); - plist++, count++) { - *plist = strdup(token); - if (*plist == NULL) { - retval = ENOMEM; - goto cleanup; - } - token = strtok_r(NULL, delimiter, &ptrptr); + for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES)); + plist++, count++) { + *plist = strdup(token); + if (*plist == NULL) { + retval = ENOMEM; + goto cleanup; + } + token = strtok_r(NULL, delimiter, &ptrptr); } *plist = NULL; cleanup: - if(str) { - free(str); - str = NULL; + if (str) { + free(str); + str = NULL; } if (retval) - krb5_free_list_entries(list); + krb5_free_list_entries(list); return retval; } @@ -151,7 +151,7 @@ int compare_int(m1, m2) /* * Modifies the destination list to contain or not to contain the - * entries present in the source list, depending on the mode + * entries present in the source list, depending on the mode * (ADD or DELETE). */ void list_modify_str_array(destlist, sourcelist, mode) @@ -165,53 +165,52 @@ void list_modify_str_array(destlist, sourcelist, mode) int found = 0; if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL)) - return; + return; - /* We need to add every entry present in the source list to + /* We need to add every entry present in the source list to * the destination list */ if (mode == LIST_MODE_ADD) { - /* Traverse throught the end of destlist for appending */ - for(dlist = *destlist, dcount = 0; *dlist != NULL; - dlist++, dcount++) { - ; /* NULL statement */ - } - /* Count the number of entries in the source list */ - for(slist = sourcelist, scount = 0; *slist != NULL; - slist++, scount++) { - ; /* NULL statement */ - } - /* Reset the slist pointer to the start of source list */ - slist = sourcelist; - - /* Now append the source list to the existing destlist */ - if ((dcount + scount) < MAX_LIST_ENTRIES) - copycount = scount; - else - /* Leave the last entry for list terminator(=NULL) */ - copycount = (MAX_LIST_ENTRIES -1) - dcount; - - memcpy(dlist, slist, (sizeof(char *) * copycount)); - dlist += copycount; - *dlist = NULL; - } - else if (mode == LIST_MODE_DELETE) { - /* We need to delete every entry present in the source list - * from the destination list */ - for(slist = sourcelist; *slist != NULL; slist++) { - for(dlist = *destlist; *dlist != NULL; dlist++) { + /* Traverse throught the end of destlist for appending */ + for (dlist = *destlist, dcount = 0; *dlist != NULL; + dlist++, dcount++) { + ; /* NULL statement */ + } + /* Count the number of entries in the source list */ + for (slist = sourcelist, scount = 0; *slist != NULL; + slist++, scount++) { + ; /* NULL statement */ + } + /* Reset the slist pointer to the start of source list */ + slist = sourcelist; + + /* Now append the source list to the existing destlist */ + if ((dcount + scount) < MAX_LIST_ENTRIES) + copycount = scount; + else + /* Leave the last entry for list terminator(=NULL) */ + copycount = (MAX_LIST_ENTRIES -1) - dcount; + + memcpy(dlist, slist, (sizeof(char *) * copycount)); + dlist += copycount; + *dlist = NULL; + } else if (mode == LIST_MODE_DELETE) { + /* We need to delete every entry present in the source list + * from the destination list */ + for (slist = sourcelist; *slist != NULL; slist++) { + for (dlist = *destlist; *dlist != NULL; dlist++) { found = 0; /* value not found */ - /* DN is case insensitive string */ - if (strcasecmp(*dlist, *slist) == 0) { + /* DN is case insensitive string */ + if (strcasecmp(*dlist, *slist) == 0) { found = 1; - free(*dlist); - /* Advance the rest of the entries by one */ - for(tmplist = dlist; *tmplist != NULL; tmplist++) { - *tmplist = *(tmplist+1); - } - break; - } - } - } + free(*dlist); + /* Advance the rest of the entries by one */ + for (tmplist = dlist; *tmplist != NULL; tmplist++) { + *tmplist = *(tmplist+1); + } + break; + } + } + } } return; @@ -220,7 +219,7 @@ void list_modify_str_array(destlist, sourcelist, mode) /* * Modifies the destination list to contain or not to contain the - * entries present in the source list, depending on the mode + * entries present in the source list, depending on the mode * (ADD or DELETE). where the list is array of integers. */ int list_modify_int_array(destlist, sourcelist, mode) @@ -234,54 +233,53 @@ int list_modify_int_array(destlist, sourcelist, mode) int tcount = 0; if ((destlist == NULL) || (sourcelist == NULL)) - return 0; + return 0; - /* We need to add every entry present in the source list to the + /* We need to add every entry present in the source list to the * destination list */ if (mode == LIST_MODE_ADD) { - /* Traverse throught the end of destlist for appending */ - for(dlist = destlist, dcount = 0; *dlist != END_OF_LIST; - dlist++, dcount++) - ; /* NULL statement */ - - /* Count the number of entries in the source list */ - for(slist = sourcelist, scount = 0; *slist != END_OF_LIST; - slist++, scount++) - ; /* NULL statement */ - - /* Reset the slist pointer to the start of source list */ - slist = sourcelist; - - /* Now append the source list to the existing destlist */ - if ((dcount + scount) < MAX_LIST_ENTRIES) - copycount = scount; - else - /* Leave the last entry for list terminator(=NULL) */ - copycount = (MAX_LIST_ENTRIES -1) - dcount; - - memcpy(dlist, slist, (sizeof(int) * copycount)); - dlist += copycount; - *dlist = END_OF_LIST; - tcount = dcount + copycount; - } - else if (mode == LIST_MODE_DELETE) { - /* We need to delete every entry present in the source list from - * the destination list */ - for(slist = sourcelist; *slist != END_OF_LIST; slist++) { - for(dlist = destlist; *dlist != END_OF_LIST; dlist++) { - if (*dlist == *slist) { - /* Advance the rest of the entries by one */ - for(tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) { - *tmplist = *(tmplist+1); - } - break; - } - } - } - /* count the number of entries */ - for(dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) { - tcount++; - } + /* Traverse throught the end of destlist for appending */ + for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST; + dlist++, dcount++) + ; /* NULL statement */ + + /* Count the number of entries in the source list */ + for (slist = sourcelist, scount = 0; *slist != END_OF_LIST; + slist++, scount++) + ; /* NULL statement */ + + /* Reset the slist pointer to the start of source list */ + slist = sourcelist; + + /* Now append the source list to the existing destlist */ + if ((dcount + scount) < MAX_LIST_ENTRIES) + copycount = scount; + else + /* Leave the last entry for list terminator(=NULL) */ + copycount = (MAX_LIST_ENTRIES -1) - dcount; + + memcpy(dlist, slist, (sizeof(int) * copycount)); + dlist += copycount; + *dlist = END_OF_LIST; + tcount = dcount + copycount; + } else if (mode == LIST_MODE_DELETE) { + /* We need to delete every entry present in the source list from + * the destination list */ + for (slist = sourcelist; *slist != END_OF_LIST; slist++) { + for (dlist = destlist; *dlist != END_OF_LIST; dlist++) { + if (*dlist == *slist) { + /* Advance the rest of the entries by one */ + for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) { + *tmplist = *(tmplist+1); + } + break; + } + } + } + /* count the number of entries */ + for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) { + tcount++; + } } return tcount; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c index 71d4863aa..7bcac41a6 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c @@ -5,28 +5,28 @@ /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ /* @@ -49,13 +49,13 @@ extern char *yes; /* - * This function will create a ticket policy object with the + * This function will create a ticket policy object with the * specified attributes. */ void kdb5_ldap_create_policy(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { char *me = argv[0]; krb5_error_code retval = 0; @@ -75,8 +75,8 @@ kdb5_ldap_create_policy(argc, argv) /* Allocate memory for policy parameters structure */ policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params)); if (policyparams == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } /* Get current time */ @@ -84,179 +84,165 @@ kdb5_ldap_create_policy(argc, argv) /* Parse all arguments */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-maxtktlife")) { - if (++i > argc - 1) - goto err_usage; - - date = get_date(argv[i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - - policyparams->maxtktlife = date - now; - - mask |= LDAP_POLICY_MAXTKTLIFE; - } - else if (!strcmp(argv[i], "-maxrenewlife")) { - if (++i > argc - 1) - goto err_usage; - - date = get_date(argv[i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - - policyparams->maxrenewlife = date - now; - - mask |= LDAP_POLICY_MAXRENEWLIFE; - } - else if (!strcmp((argv[i] + 1), "allow_postdated")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_forwardable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_renewable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_proxiable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_dup_skey")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "requires_preauth")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "requires_hwauth")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_svr")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_tgs_req")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_tix")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "needchange")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "password_changing_service")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); - else - goto err_usage; - - mask |= LDAP_POLICY_TKTFLAGS; - } - else { /* Any other argument must be policy DN */ - /* First check if policy DN is already provided -- - if so, there's a usage error */ - if (policyparams->policydn != NULL) - goto err_usage; - - /* If not present already, fill up policy DN */ - policyparams->policydn = strdup(argv[i]); - if (policyparams->policydn == NULL) { - retval = ENOMEM; - com_err(me, retval, "while creating policy object"); - goto err_nomsg; - } - } + if (!strcmp(argv[i], "-maxtktlife")) { + if (++i > argc - 1) + goto err_usage; + + date = get_date(argv[i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; + } + + policyparams->maxtktlife = date - now; + + mask |= LDAP_POLICY_MAXTKTLIFE; + } else if (!strcmp(argv[i], "-maxrenewlife")) { + if (++i > argc - 1) + goto err_usage; + + date = get_date(argv[i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; + } + + policyparams->maxrenewlife = date - now; + + mask |= LDAP_POLICY_MAXRENEWLIFE; + } else if (!strcmp((argv[i] + 1), "allow_postdated")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_forwardable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_renewable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_proxiable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "requires_preauth")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "requires_hwauth")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_svr")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_tix")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "needchange")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "password_changing_service")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); + else + goto err_usage; + + mask |= LDAP_POLICY_TKTFLAGS; + } else { /* Any other argument must be policy DN */ + /* First check if policy DN is already provided -- + if so, there's a usage error */ + if (policyparams->policydn != NULL) + goto err_usage; + + /* If not present already, fill up policy DN */ + policyparams->policydn = strdup(argv[i]); + if (policyparams->policydn == NULL) { + retval = ENOMEM; + com_err(me, retval, "while creating policy object"); + goto err_nomsg; + } + } } /* policy DN is a mandatory argument. If not provided, print usage */ if (policyparams->policydn == NULL) - goto err_usage; + goto err_usage; /* Create object with all attributes provided */ if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0) - goto cleanup; + goto cleanup; goto cleanup; @@ -271,13 +257,13 @@ cleanup: krb5_ldap_free_policy (util_context, policyparams); if (print_usage) - db_usage(CREATE_POLICY); + db_usage(CREATE_POLICY); if (retval) { - if (!no_msg) - com_err(me, retval, "while creating policy object"); + if (!no_msg) + com_err(me, retval, "while creating policy object"); - exit_status++; + exit_status++; } return; @@ -285,7 +271,7 @@ cleanup: /* - * This function will destroy the specified ticket policy + * This function will destroy the specified ticket policy * object interactively, unless forced through an option. */ void @@ -311,31 +297,30 @@ kdb5_ldap_destroy_policy(argc, argv) for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-force") == 0) { force++; + } else { /* Any other argument must be policy DN */ + /* First check if policy DN is already provided -- + if so, there's a usage error */ + if (policydn != NULL) + goto err_usage; + + /* If not present already, fill up policy DN */ + policydn = strdup(argv[i]); + if (policydn == NULL) { + retval = ENOMEM; + com_err(me, retval, "while destroying policy object"); + goto err_nomsg; + } } - else { /* Any other argument must be policy DN */ - /* First check if policy DN is already provided -- - if so, there's a usage error */ - if (policydn != NULL) - goto err_usage; - - /* If not present already, fill up policy DN */ - policydn = strdup(argv[i]); - if (policydn == NULL) { - retval = ENOMEM; - com_err(me, retval, "while destroying policy object"); - goto err_nomsg; - } - } } if (policydn == NULL) - goto err_usage; + goto err_usage; if (!force) { - printf("This will delete the policy object '%s', are you sure?\n", policydn); - printf("(type 'yes' to confirm)? "); + printf("This will delete the policy object '%s', are you sure?\n", policydn); + printf("(type 'yes' to confirm)? "); - if (fgets(buf, sizeof(buf), stdin) == NULL) { + if (fgets(buf, sizeof(buf), stdin) == NULL) { retval = EINVAL; goto cleanup; } @@ -348,21 +333,21 @@ kdb5_ldap_destroy_policy(argc, argv) if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask))) goto cleanup; - - + + if ((retval = krb5_ldap_delete_policy(util_context, policydn, policyparams,&mask))) goto cleanup; printf("** policy object '%s' deleted.\n", policydn); goto cleanup; - - + + err_usage: print_usage = TRUE; err_nomsg: no_msg = TRUE; - + cleanup: /* Clean-up structure */ krb5_ldap_free_policy (util_context, policyparams); @@ -370,16 +355,16 @@ cleanup: if (policydn) { free (policydn); } - + if (print_usage) { db_usage(DESTROY_POLICY); } if (retval) { - if (!no_msg) - com_err(me, retval, "while destroying policy object"); + if (!no_msg) + com_err(me, retval, "while destroying policy object"); - exit_status++; + exit_status++; } return; @@ -392,8 +377,8 @@ cleanup: */ void kdb5_ldap_modify_policy(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { char *me = argv[0]; krb5_error_code retval = 0; @@ -415,51 +400,49 @@ kdb5_ldap_modify_policy(argc, argv) /* Parse all arguments, only to pick up policy DN (Pass 1) */ for (i = 1; i < argc; i++) { - /* Skip arguments next to 'maxtktlife' - and 'maxrenewlife' arguments */ - if (!strcmp(argv[i], "-maxtktlife")) { - ++i; - } - else if (!strcmp(argv[i], "-maxrenewlife")) { - ++i; - } - /* Do nothing for ticket flag arguments */ - else if (!strcmp((argv[i] + 1), "allow_postdated") || - !strcmp((argv[i] + 1), "allow_forwardable") || - !strcmp((argv[i] + 1), "allow_renewable") || - !strcmp((argv[i] + 1), "allow_proxiable") || - !strcmp((argv[i] + 1), "allow_dup_skey") || - !strcmp((argv[i] + 1), "requires_preauth") || - !strcmp((argv[i] + 1), "requires_hwauth") || - !strcmp((argv[i] + 1), "allow_svr") || - !strcmp((argv[i] + 1), "allow_tgs_req") || - !strcmp((argv[i] + 1), "allow_tix") || - !strcmp((argv[i] + 1), "needchange") || - !strcmp((argv[i] + 1), "password_changing_service")) { - } - else { /* Any other argument must be policy DN */ - /* First check if policy DN is already provided -- - if so, there's a usage error */ - if (policydn != NULL) - goto err_usage; - - /* If not present already, fill up policy DN */ - policydn = strdup(argv[i]); - if (policydn == NULL) { - retval = ENOMEM; - com_err(me, retval, "while modifying policy object"); - goto err_nomsg; - } + /* Skip arguments next to 'maxtktlife' + and 'maxrenewlife' arguments */ + if (!strcmp(argv[i], "-maxtktlife")) { + ++i; + } else if (!strcmp(argv[i], "-maxrenewlife")) { + ++i; + } + /* Do nothing for ticket flag arguments */ + else if (!strcmp((argv[i] + 1), "allow_postdated") || + !strcmp((argv[i] + 1), "allow_forwardable") || + !strcmp((argv[i] + 1), "allow_renewable") || + !strcmp((argv[i] + 1), "allow_proxiable") || + !strcmp((argv[i] + 1), "allow_dup_skey") || + !strcmp((argv[i] + 1), "requires_preauth") || + !strcmp((argv[i] + 1), "requires_hwauth") || + !strcmp((argv[i] + 1), "allow_svr") || + !strcmp((argv[i] + 1), "allow_tgs_req") || + !strcmp((argv[i] + 1), "allow_tix") || + !strcmp((argv[i] + 1), "needchange") || + !strcmp((argv[i] + 1), "password_changing_service")) { + } else { /* Any other argument must be policy DN */ + /* First check if policy DN is already provided -- + if so, there's a usage error */ + if (policydn != NULL) + goto err_usage; + + /* If not present already, fill up policy DN */ + policydn = strdup(argv[i]); + if (policydn == NULL) { + retval = ENOMEM; + com_err(me, retval, "while modifying policy object"); + goto err_nomsg; + } } } if (policydn == NULL) - goto err_usage; + goto err_usage; retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &in_mask); if (retval) { - com_err(me, retval, "while reading information of policy '%s'", policydn); - goto err_nomsg; + com_err(me, retval, "while reading information of policy '%s'", policydn); + goto err_nomsg; } /* Get current time */ @@ -467,165 +450,151 @@ kdb5_ldap_modify_policy(argc, argv) /* Parse all arguments, but skip policy DN (Pass 2) */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-maxtktlife")) { - if (++i > argc - 1) - goto err_usage; - - date = get_date(argv[i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - - policyparams->maxtktlife = date - now; - - out_mask |= LDAP_POLICY_MAXTKTLIFE; - } - else if (!strcmp(argv[i], "-maxrenewlife")) { - if (++i > argc - 1) - goto err_usage; - - date = get_date(argv[i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - - policyparams->maxrenewlife = date - now; - - out_mask |= LDAP_POLICY_MAXRENEWLIFE; - } - else if (!strcmp((argv[i] + 1), "allow_postdated")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_forwardable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_renewable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_proxiable")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_dup_skey")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "requires_preauth")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "requires_hwauth")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_svr")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_tgs_req")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "allow_tix")) { - if (*(argv[i]) == '+') - policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); - else if (*(argv[i]) == '-') - policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "needchange")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else if (!strcmp((argv[i] + 1), "password_changing_service")) { - if (*(argv[i]) == '+') - policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; - else if (*(argv[i]) == '-') - policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); - else - goto err_usage; - - out_mask |= LDAP_POLICY_TKTFLAGS; - } - else { - /* Any other argument must be policy DN - -- skip it */ - } + if (!strcmp(argv[i], "-maxtktlife")) { + if (++i > argc - 1) + goto err_usage; + + date = get_date(argv[i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; + } + + policyparams->maxtktlife = date - now; + + out_mask |= LDAP_POLICY_MAXTKTLIFE; + } else if (!strcmp(argv[i], "-maxrenewlife")) { + if (++i > argc - 1) + goto err_usage; + + date = get_date(argv[i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; + } + + policyparams->maxrenewlife = date - now; + + out_mask |= LDAP_POLICY_MAXRENEWLIFE; + } else if (!strcmp((argv[i] + 1), "allow_postdated")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_forwardable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_renewable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_proxiable")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "requires_preauth")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "requires_hwauth")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_svr")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "allow_tix")) { + if (*(argv[i]) == '+') + policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); + else if (*(argv[i]) == '-') + policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "needchange")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else if (!strcmp((argv[i] + 1), "password_changing_service")) { + if (*(argv[i]) == '+') + policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; + else if (*(argv[i]) == '-') + policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); + else + goto err_usage; + + out_mask |= LDAP_POLICY_TKTFLAGS; + } else { + /* Any other argument must be policy DN + -- skip it */ + } } /* Modify attributes of object */ if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask))) - goto cleanup; + goto cleanup; goto cleanup; @@ -640,23 +609,23 @@ cleanup: krb5_ldap_free_policy (util_context, policyparams); if (policydn) - free (policydn); + free (policydn); if (print_usage) - db_usage(MODIFY_POLICY); + db_usage(MODIFY_POLICY); if (retval) { - if (!no_msg) - com_err(me, retval, "while modifying policy object"); + if (!no_msg) + com_err(me, retval, "while modifying policy object"); - exit_status++; + exit_status++; } return; } -/* +/* * This function will display information about the given policy object, * fetching the information from the LDAP Server. */ @@ -673,20 +642,20 @@ kdb5_ldap_view_policy(argc, argv) int mask = 0; if (argc != 2) { - goto err_usage; + goto err_usage; } policydn = strdup(argv[1]); if (policydn == NULL) { - com_err(me, ENOMEM, "while viewing policy"); - exit_status++; - goto cleanup; + com_err(me, ENOMEM, "while viewing policy"); + exit_status++; + goto cleanup; } if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask))) { - com_err(me, retval, "while viewing policy '%s'", policydn ); - exit_status++; - goto cleanup; + com_err(me, retval, "while viewing policy '%s'", policydn); + exit_status++; + goto cleanup; } print_policy_params (policyparams, mask); @@ -703,15 +672,15 @@ cleanup: free (policydn); if (print_usage) { - db_usage(VIEW_POLICY); + db_usage(VIEW_POLICY); } return; } -/* - * This function will print the policy object information to the +/* + * This function will print the policy object information to the * standard output. */ static void @@ -724,59 +693,59 @@ print_policy_params(policyparams, mask) /* Print max. ticket life and max. renewable life, if present */ if (mask & LDAP_POLICY_MAXTKTLIFE) - printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife)); + printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife)); if (mask & LDAP_POLICY_MAXRENEWLIFE) - printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife)); + printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife)); /* Service flags are printed */ printf("%25s: ", "Ticket flags"); if (mask & LDAP_POLICY_TKTFLAGS) { - int ticketflags = policyparams->tktflags; - - if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED) - printf("%s ","DISALLOW_POSTDATED"); - - if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE) - printf("%s ","DISALLOW_FORWARDABLE"); - - if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE) - printf("%s ","DISALLOW_RENEWABLE"); - - if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE) - printf("%s ","DISALLOW_PROXIABLE"); - - if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY) - printf("%s ","DISALLOW_DUP_SKEY"); - - if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH) - printf("%s ","REQUIRES_PRE_AUTH"); - - if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH) - printf("%s ","REQUIRES_HW_AUTH"); - - if (ticketflags & KRB5_KDB_DISALLOW_SVR) - printf("%s ","DISALLOW_SVR"); - - if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED) - printf("%s ","DISALLOW_TGT_BASED"); - - if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX) - printf("%s ","DISALLOW_ALL_TIX"); - - if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE) - printf("%s ","REQUIRES_PWCHANGE"); - - if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE) - printf("%s ","PWCHANGE_SERVICE"); + int ticketflags = policyparams->tktflags; + + if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED) + printf("%s ","DISALLOW_POSTDATED"); + + if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE) + printf("%s ","DISALLOW_FORWARDABLE"); + + if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE) + printf("%s ","DISALLOW_RENEWABLE"); + + if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE) + printf("%s ","DISALLOW_PROXIABLE"); + + if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY) + printf("%s ","DISALLOW_DUP_SKEY"); + + if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH) + printf("%s ","REQUIRES_PRE_AUTH"); + + if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH) + printf("%s ","REQUIRES_HW_AUTH"); + + if (ticketflags & KRB5_KDB_DISALLOW_SVR) + printf("%s ","DISALLOW_SVR"); + + if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED) + printf("%s ","DISALLOW_TGT_BASED"); + + if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX) + printf("%s ","DISALLOW_ALL_TIX"); + + if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE) + printf("%s ","REQUIRES_PWCHANGE"); + + if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE) + printf("%s ","PWCHANGE_SERVICE"); } printf("\n"); - + return; } -/* - * This function will list the DNs of policy objects under a specific +/* + * This function will list the DNs of policy objects under a specific * sub-tree (entire tree by default) */ void kdb5_ldap_list_policies(argc, argv) @@ -797,22 +766,22 @@ void kdb5_ldap_list_policies(argc, argv) /* Parse base DN argument if present */ if (argc == 3) { - if (strcmp(argv[1], "-basedn")) - goto err_usage; - - basedn = strdup(argv[2]); - if (basedn == NULL) { - retval = ENOMEM; - goto cleanup; - } + if (strcmp(argv[1], "-basedn")) + goto err_usage; + + basedn = strdup(argv[2]); + if (basedn == NULL) { + retval = ENOMEM; + goto cleanup; + } } retval = krb5_ldap_list_policy(util_context, basedn, &list); if ((retval != 0) || (list == NULL)) - goto cleanup; + goto cleanup; for (plist = list; *plist != NULL; plist++) { - printf("%s\n", *plist); + printf("%s\n", *plist); } goto cleanup; @@ -822,20 +791,20 @@ err_usage: cleanup: if (list != NULL) { - krb5_free_list_entries (list); - free (list); + krb5_free_list_entries (list); + free (list); } if (basedn) free (basedn); if (print_usage) { - db_usage(LIST_POLICY); + db_usage(LIST_POLICY); } if (retval) { - com_err(me, retval, "while listing policy objects"); - exit_status++; + com_err(me, retval, "while listing policy objects"); + exit_status++; } return; @@ -867,4 +836,3 @@ static char *strdur(duration) hours, minutes, seconds); return out; } - diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 55b0690ec..b0c1f6ed5 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -26,14 +26,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -44,7 +44,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -53,28 +53,28 @@ /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ /* @@ -102,19 +102,19 @@ struct realm_info rblock = { }; krb5_data tgt_princ_entries[] = { - {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, - {0, 0, 0} }; + {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, + {0, 0, 0} }; krb5_data db_creator_entries[] = { - {0, sizeof("db_creation")-1, "db_creation"} }; + {0, sizeof("db_creation")-1, "db_creation"} }; static krb5_principal_data db_create_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - db_creator_entries, /* krb5_data *data */ - 1, /* int length */ - KRB5_NT_SRV_INST /* int type */ + 0, /* magic number */ + {0, 0, 0}, /* krb5_data realm */ + db_creator_entries, /* krb5_data *data */ + 1, /* int length */ + KRB5_NT_SRV_INST /* int type */ }; extern char *mkey_password; @@ -123,7 +123,7 @@ extern kadm5_config_params global_params; static void print_realm_params(krb5_ldap_realm_params *rparams, int mask); static int kdb_ldap_create_principal (krb5_context context, krb5_principal - princ, enum ap_op op, struct realm_info *pblock); + princ, enum ap_op op, struct realm_info *pblock); static char *strdur(time_t duration); @@ -131,185 +131,174 @@ static int get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv static int get_ticket_policy(rparams,i,argv,argc) - krb5_ldap_realm_params *rparams; - int *i; - char *argv[]; - int argc; + krb5_ldap_realm_params *rparams; + int *i; + char *argv[]; + int argc; { - time_t date; - time_t now; - time(&now); - int mask = 0; - krb5_error_code retval = 0; - krb5_boolean no_msg = FALSE; - - krb5_boolean print_usage = FALSE; - char *me = argv[0]; - if (!strcmp(argv[*i], "-maxtktlife")) { - if (++(*i) > argc-1) - goto err_usage; - date = get_date(argv[*i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - rparams->max_life = date-now; - mask |= LDAP_REALM_MAXTICKETLIFE; - } - - - else if (!strcmp(argv[*i], "-maxrenewlife")) { - if (++(*i) > argc-1) - goto err_usage; - - date = get_date(argv[*i], NULL); - if (date == (time_t)(-1)) { - retval = EINVAL; - com_err (me, retval, "while providing time specification"); - goto err_nomsg; - } - rparams->max_renewable_life = date-now; - mask |= LDAP_REALM_MAXRENEWLIFE; - } - else if (!strcmp((argv[*i] + 1), "allow_postdated")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_forwardable")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); - - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_renewable")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_proxiable")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - - else if (!strcmp((argv[*i] + 1), "requires_preauth")) { - if (*(argv[*i]) == '+') - rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; - else if (*(argv[*i]) == '-') - rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "requires_hwauth")) { - if (*(argv[*i]) == '+') - rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; - else if (*(argv[*i]) == '-') - rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); - else - goto err_usage; - - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_svr")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_SVR; - else - goto err_usage; + time_t date; + time_t now; + time(&now); + int mask = 0; + krb5_error_code retval = 0; + krb5_boolean no_msg = FALSE; - mask |= LDAP_REALM_KRBTICKETFLAGS; + krb5_boolean print_usage = FALSE; + char *me = argv[0]; + if (!strcmp(argv[*i], "-maxtktlife")) { + if (++(*i) > argc-1) + goto err_usage; + date = get_date(argv[*i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; } - else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; - else - goto err_usage; + rparams->max_life = date-now; + mask |= LDAP_REALM_MAXTICKETLIFE; + } - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "allow_tix")) { - if (*(argv[*i]) == '+') - rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); - else if (*(argv[*i]) == '-') - rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; - else - goto err_usage; - mask |= LDAP_REALM_KRBTICKETFLAGS; - } - else if (!strcmp((argv[*i] + 1), "needchange")) { - if (*(argv[*i]) == '+') - rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; - else if (*(argv[*i]) == '-') - rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); - else - goto err_usage; + else if (!strcmp(argv[*i], "-maxrenewlife")) { + if (++(*i) > argc-1) + goto err_usage; - mask |= LDAP_REALM_KRBTICKETFLAGS; + date = get_date(argv[*i], NULL); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err (me, retval, "while providing time specification"); + goto err_nomsg; } - else if (!strcmp((argv[*i] + 1), "password_changing_service")) { - if (*(argv[*i]) == '+') - rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; - else if (*(argv[*i]) == '-') - rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); - else - goto err_usage; + rparams->max_renewable_life = date-now; + mask |= LDAP_REALM_MAXRENEWLIFE; + } else if (!strcmp((argv[*i] + 1), "allow_postdated")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE); + + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_renewable")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } - mask |=LDAP_REALM_KRBTICKETFLAGS; - } + else if (!strcmp((argv[*i] + 1), "requires_preauth")) { + if (*(argv[*i]) == '+') + rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH; + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) { + if (*(argv[*i]) == '+') + rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH; + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_svr")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_SVR; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_tix")) { + if (*(argv[*i]) == '+') + rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX); + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "needchange")) { + if (*(argv[*i]) == '+') + rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE; + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); + else + goto err_usage; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "password_changing_service")) { + if (*(argv[*i]) == '+') + rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE; + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); + else + goto err_usage; + + mask |=LDAP_REALM_KRBTICKETFLAGS; + } err_usage: - print_usage = TRUE; + print_usage = TRUE; err_nomsg: - no_msg = TRUE; + no_msg = TRUE; - return mask; + return mask; } /* - * This function will create a realm on the LDAP Server, with + * This function will create a realm on the LDAP Server, with * the specified attributes. */ void kdb5_ldap_create(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { krb5_error_code retval = 0; krb5_keyblock master_keyblock; @@ -334,114 +323,107 @@ void kdb5_ldap_create(argc, argv) memset(&master_keyblock, 0, sizeof(master_keyblock)); rparams = (krb5_ldap_realm_params *)malloc( - sizeof(krb5_ldap_realm_params)); + sizeof(krb5_ldap_realm_params)); if (rparams == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } memset(rparams, 0, sizeof(krb5_ldap_realm_params)); /* Parse the arguments */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-subtree")) { - if (++i > argc-1) - goto err_usage; - rparams->subtree = strdup(argv[i]); - if (rparams->subtree == NULL) { - retval = ENOMEM; - goto cleanup; - } - mask |= LDAP_REALM_SUBTREE; - } - else if (!strcmp(argv[i], "-sscope")) { - if (++i > argc-1) - goto err_usage; - /* Possible values for search scope are - * one (or 1) and sub (or 2) - */ - if (!strcasecmp(argv[i], "one")) { - rparams->search_scope = 1; - } - else if (!strcasecmp(argv[i], "sub")) { - rparams->search_scope = 2; - } - else { - rparams->search_scope = atoi(argv[i]); - if ((rparams->search_scope != 1) && - (rparams->search_scope != 2)) { - com_err(argv[0], EINVAL, - "invalid search scope while creating realm '%s'", - global_params.realm); - goto err_nomsg; - } - } - mask |= LDAP_REALM_SEARCHSCOPE; - } + if (!strcmp(argv[i], "-subtree")) { + if (++i > argc-1) + goto err_usage; + rparams->subtree = strdup(argv[i]); + if (rparams->subtree == NULL) { + retval = ENOMEM; + goto cleanup; + } + mask |= LDAP_REALM_SUBTREE; + } else if (!strcmp(argv[i], "-sscope")) { + if (++i > argc-1) + goto err_usage; + /* Possible values for search scope are + * one (or 1) and sub (or 2) + */ + if (!strcasecmp(argv[i], "one")) { + rparams->search_scope = 1; + } else if (!strcasecmp(argv[i], "sub")) { + rparams->search_scope = 2; + } else { + rparams->search_scope = atoi(argv[i]); + if ((rparams->search_scope != 1) && + (rparams->search_scope != 2)) { + com_err(argv[0], EINVAL, + "invalid search scope while creating realm '%s'", + global_params.realm); + goto err_nomsg; + } + } + mask |= LDAP_REALM_SEARCHSCOPE; + } #ifdef HAVE_EDIRECTORY - else if (!strcmp(argv[i], "-kdcdn")) { - if (++i > argc-1) - goto err_usage; - rparams->kdcservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->kdcservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->kdcservers))) { - goto cleanup; - } - mask |= LDAP_REALM_KDCSERVERS; - } - else if (!strcmp(argv[i], "-admindn")) { - if (++i > argc-1) - goto err_usage; - rparams->adminservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->adminservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->adminservers))) { - goto cleanup; - } - mask |= LDAP_REALM_ADMINSERVERS; - } - else if (!strcmp(argv[i], "-pwddn")) { - if (++i > argc-1) - goto err_usage; - rparams->passwdservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->passwdservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->passwdservers))) { - goto cleanup; - } - mask |= LDAP_REALM_PASSWDSERVERS; - } + else if (!strcmp(argv[i], "-kdcdn")) { + if (++i > argc-1) + goto err_usage; + rparams->kdcservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->kdcservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->kdcservers))) { + goto cleanup; + } + mask |= LDAP_REALM_KDCSERVERS; + } else if (!strcmp(argv[i], "-admindn")) { + if (++i > argc-1) + goto err_usage; + rparams->adminservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->adminservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->adminservers))) { + goto cleanup; + } + mask |= LDAP_REALM_ADMINSERVERS; + } else if (!strcmp(argv[i], "-pwddn")) { + if (++i > argc-1) + goto err_usage; + rparams->passwdservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->passwdservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->passwdservers))) { + goto cleanup; + } + mask |= LDAP_REALM_PASSWDSERVERS; + } #endif - else if (!strcmp(argv[i], "-s")) { - do_stash = 1; - } - else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) - { - mask|=ret_mask; - } - - else { - printf("'%s' is an invalid option\n", argv[i]); - goto err_usage; - } + else if (!strcmp(argv[i], "-s")) { + do_stash = 1; + } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) { + mask|=ret_mask; + } + + else { + printf("'%s' is an invalid option\n", argv[i]); + goto err_usage; + } } - /* If the default enctype/salttype is not provided, use the + /* If the default enctype/salttype is not provided, use the * default values and also add to the list of supported * enctypes/salttype */ @@ -471,7 +453,7 @@ void kdb5_ldap_create(argc, argv) pw_str, &pw_size); if (retval) { com_err(argv[0], retval, "while reading master key from keyboard"); - goto err_nomsg; + goto err_nomsg; } mkey_password = pw_str; } @@ -481,124 +463,122 @@ void kdb5_ldap_create(argc, argv) rparams->mkey.length = strlen(mkey_password) + 1; rparams->mkey.contents = (krb5_octet *)strdup(mkey_password); if (rparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } rparams->realm_name = strdup(global_params.realm); if (rparams->realm_name == NULL) { - retval = ENOMEM; - com_err(argv[0], ENOMEM, "while creating realm '%s'", - global_params.realm); - goto err_nomsg; + retval = ENOMEM; + com_err(argv[0], ENOMEM, "while creating realm '%s'", + global_params.realm); + goto err_nomsg; } dal_handle = (kdb5_dal_handle *) util_context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!ldap_context) { - retval = EINVAL; - goto cleanup; + retval = EINVAL; + goto cleanup; } /* read the kerberos container */ - if ((retval=krb5_ldap_read_krbcontainer_params (util_context, - &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) { - /* Prompt the user for entering the DN of Kerberos container */ - char krb_location[MAX_KRB_CONTAINER_LEN]; - krb5_ldap_krbcontainer_params kparams; - int krb_location_len = 0; - memset(&kparams, 0, sizeof(kparams)); + if ((retval=krb5_ldap_read_krbcontainer_params (util_context, + &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) { + /* Prompt the user for entering the DN of Kerberos container */ + char krb_location[MAX_KRB_CONTAINER_LEN]; + krb5_ldap_krbcontainer_params kparams; + int krb_location_len = 0; + memset(&kparams, 0, sizeof(kparams)); /* Read the kerberos container location from configuration file */ - if (ldap_context->conf_section) { - if ((retval=profile_get_string(util_context->profile, - KDB_MODULE_SECTION, ldap_context->conf_section, - "ldap_kerberos_container_dn", NULL, - &kparams.DN)) != 0) { - goto cleanup; - } - } - if (kparams.DN == NULL) { - if ((retval=profile_get_string(util_context->profile, - KDB_MODULE_DEF_SECTION, - "ldap_kerberos_container_dn", NULL, - NULL, &kparams.DN)) != 0) { - goto cleanup; - } - } - - printf("\nKerberos container is missing. Creating now...\n"); - if (kparams.DN == NULL) { + if (ldap_context->conf_section) { + if ((retval=profile_get_string(util_context->profile, + KDB_MODULE_SECTION, ldap_context->conf_section, + "ldap_kerberos_container_dn", NULL, + &kparams.DN)) != 0) { + goto cleanup; + } + } + if (kparams.DN == NULL) { + if ((retval=profile_get_string(util_context->profile, + KDB_MODULE_DEF_SECTION, + "ldap_kerberos_container_dn", NULL, + NULL, &kparams.DN)) != 0) { + goto cleanup; + } + } + + printf("\nKerberos container is missing. Creating now...\n"); + if (kparams.DN == NULL) { #ifdef HAVE_EDIRECTORY - printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: "); + printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: "); #else - printf("Enter DN of Kerberos container: "); + printf("Enter DN of Kerberos container: "); #endif - if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) { - /* Remove the newline character at the end */ - krb_location_len = strlen(krb_location); - if ((krb_location[krb_location_len - 1] == '\n') || - (krb_location[krb_location_len - 1] == '\r')) { - krb_location[krb_location_len - 1] = '\0'; - krb_location_len--; - } - /* If the user has not given any input, take the default location */ - else if (krb_location[0] == '\0') - kparams.DN = NULL; - else - kparams.DN = krb_location; - } - else - kparams.DN = NULL; + if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) { + /* Remove the newline character at the end */ + krb_location_len = strlen(krb_location); + if ((krb_location[krb_location_len - 1] == '\n') || + (krb_location[krb_location_len - 1] == '\r')) { + krb_location[krb_location_len - 1] = '\0'; + krb_location_len--; + } + /* If the user has not given any input, take the default location */ + else if (krb_location[0] == '\0') + kparams.DN = NULL; + else + kparams.DN = krb_location; + } else + kparams.DN = NULL; } - /* create the kerberos container */ - retval = krb5_ldap_create_krbcontainer(util_context, - ((kparams.DN != NULL) ? &kparams : NULL)); - if (retval) - goto cleanup; - - retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)); - if (retval) { - com_err(argv[0], retval, "while reading kerberos container information"); - goto cleanup; - } - } - else if (retval) { - com_err(argv[0], retval, "while reading kerberos container information"); - goto cleanup; + /* create the kerberos container */ + retval = krb5_ldap_create_krbcontainer(util_context, + ((kparams.DN != NULL) ? &kparams : NULL)); + if (retval) + goto cleanup; + + retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer)); + if (retval) { + com_err(argv[0], retval, "while reading kerberos container information"); + goto cleanup; + } + } else if (retval) { + com_err(argv[0], retval, "while reading kerberos container information"); + goto cleanup; } if ((retval = krb5_ldap_create_realm(util_context, - /* global_params.realm, */ rparams, mask))) { - goto cleanup; + /* global_params.realm, */ rparams, mask))) { + goto cleanup; } /* We just created the Realm container. Here starts our transaction tracking */ realm_obj_created = TRUE; - if ((retval = krb5_ldap_read_realm_params(util_context, - global_params.realm, - &(ldap_context->lrparams), + if ((retval = krb5_ldap_read_realm_params(util_context, + global_params.realm, + &(ldap_context->lrparams), &mask))) { - com_err(argv[0], retval, "while reading information of realm '%s'", + com_err(argv[0], retval, "while reading information of realm '%s'", global_params.realm); - goto err_nomsg; + goto err_nomsg; } ldap_context->lrparams->realm_name = strdup(global_params.realm); if (ldap_context->lrparams->realm_name == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - 0, &master_princ))) { - com_err(argv[0], retval, "while setting up master key name"); - goto err_nomsg; + global_params.mkey_name, + global_params.realm, + 0, &master_princ))) { + com_err(argv[0], retval, "while setting up master key name"); + goto err_nomsg; } /* Obtain master key from master password */ @@ -613,8 +593,8 @@ void kdb5_ldap_create(argc, argv) goto err_nomsg; } - retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype, - &pwd, &master_salt, &master_keyblock); + retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype, + &pwd, &master_salt, &master_keyblock); if (master_salt.data) free(master_salt.data); @@ -631,15 +611,15 @@ void kdb5_ldap_create(argc, argv) ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc (master_keyblock.length); if (ldap_context->lrparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents, - master_keyblock.length); + master_keyblock.length); /* Create special principals inside the realm subtree */ { - char princ_name[MAX_PRINC_SIZE]; + char princ_name[MAX_PRINC_SIZE]; struct hostent *hp = NULL; krb5_principal_data tgt_princ = { 0, /* magic number */ @@ -691,7 +671,7 @@ void kdb5_ldap_create(argc, argv) krb5_free_principal(util_context, p); /* Create 'kadmin/changepw' ... */ - snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm); if ((retval = krb5_parse_name(util_context, princ_name, &p))) { com_err(argv[0], retval, "while adding entries to the database"); goto err_nomsg; @@ -706,7 +686,7 @@ void kdb5_ldap_create(argc, argv) krb5_free_principal(util_context, p); /* Create 'kadmin/history' ... */ - snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm); if ((retval = krb5_parse_name(util_context, princ_name, &p))) { com_err(argv[0], retval, "while adding entries to the database"); goto err_nomsg; @@ -721,22 +701,22 @@ void kdb5_ldap_create(argc, argv) /* Create 'kadmin/' ... */ if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) { - com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database"); - goto err_nomsg; + com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database"); + goto err_nomsg; } - if((retval=krb5_copy_principal(util_context, p, &temp_p))) { - com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database"); - goto err_nomsg; + if ((retval=krb5_copy_principal(util_context, p, &temp_p))) { + com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database"); + goto err_nomsg; } - + /* change the realm portion to the default realm */ - free( temp_p->realm.data ); - temp_p->realm.length = strlen( util_context->default_realm ); - temp_p->realm.data = strdup( util_context->default_realm ); - if( temp_p->realm.data == NULL ) { - com_err(argv[0], ENOMEM, "while adding entries to the database"); - goto err_nomsg; + free(temp_p->realm.data); + temp_p->realm.length = strlen(util_context->default_realm); + temp_p->realm.data = strdup(util_context->default_realm); + if (temp_p->realm.data == NULL) { + com_err(argv[0], ENOMEM, "while adding entries to the database"); + goto err_nomsg; } rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED; @@ -755,55 +735,55 @@ void kdb5_ldap_create(argc, argv) } #ifdef HAVE_EDIRECTORY - if( (mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || - (mask & LDAP_REALM_PASSWDSERVERS) ) { - + if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || + (mask & LDAP_REALM_PASSWDSERVERS)) { + printf("Changing rights for the service object. Please wait ... "); fflush(stdout); rightsmask =0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) { - for ( i=0; (rparams->kdcservers[i] != NULL); i++) { - if((retval=krb5_ldap_add_service_rights( util_context, - LDAP_KDC_SERVICE, rparams->kdcservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->kdcservers != NULL)) { + for (i=0; (rparams->kdcservers[i] != NULL); i++) { + if ((retval=krb5_ldap_add_service_rights(util_context, + LDAP_KDC_SERVICE, rparams->kdcservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } } - + rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if ( (rparams != NULL) && (rparams->adminservers != NULL) ) { - for ( i=0; (rparams->adminservers[i] != NULL); i++) { - if((retval=krb5_ldap_add_service_rights( util_context, - LDAP_ADMIN_SERVICE, rparams->adminservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->adminservers != NULL)) { + for (i=0; (rparams->adminservers[i] != NULL); i++) { + if ((retval=krb5_ldap_add_service_rights(util_context, + LDAP_ADMIN_SERVICE, rparams->adminservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } } - + rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if( (rparams != NULL) && (rparams->passwdservers != NULL) ) { - for ( i=0; (rparams->passwdservers[i] != NULL); i++) { - if((retval=krb5_ldap_add_service_rights( util_context, - LDAP_PASSWD_SERVICE, rparams->passwdservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->passwdservers != NULL)) { + for (i=0; (rparams->passwdservers[i] != NULL); i++) { + if ((retval=krb5_ldap_add_service_rights(util_context, + LDAP_PASSWD_SERVICE, rparams->passwdservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } @@ -817,14 +797,14 @@ void kdb5_ldap_create(argc, argv) /* Stash the master key only if '-s' option is specified */ if (do_stash || global_params.mask & KADM5_CONFIG_STASH_FILE) { - retval = krb5_def_store_mkey(util_context, - global_params.stash_file, - master_princ, - &master_keyblock, NULL); - if (retval) { + retval = krb5_def_store_mkey(util_context, + global_params.stash_file, + master_princ, + &master_keyblock, NULL); + if (retval) { com_err(argv[0], errno, "while storing key"); printf("Warning: couldn't stash master key.\n"); - } + } } goto cleanup; @@ -839,10 +819,10 @@ err_nomsg: cleanup: /* If the Realm creation is not complete, do the roll-back here */ if ((realm_obj_created) && (!create_complete)) - krb5_ldap_delete_realm(util_context, global_params.realm); + krb5_ldap_delete_realm(util_context, global_params.realm); if (rparams) - krb5_ldap_free_realm_params(rparams); + krb5_ldap_free_realm_params(rparams); memset (pw_str, 0, sizeof (pw_str)); @@ -850,14 +830,14 @@ cleanup: ldap_context->lrparams->subtree = oldsubtree; if (print_usage) - db_usage(CREATE_REALM); + db_usage(CREATE_REALM); if (retval) { - if (!no_msg) { - com_err(argv[0], retval, "while creating realm '%s'", - global_params.realm); - } - exit_status++; + if (!no_msg) { + com_err(argv[0], retval, "while creating realm '%s'", + global_params.realm); + } + exit_status++; } return; @@ -901,32 +881,32 @@ void kdb5_ldap_modify(argc, argv) dal_handle = (kdb5_dal_handle *) util_context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!(ldap_context)) { - retval = EINVAL; - goto cleanup; + retval = EINVAL; + goto cleanup; } - if((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)))) { - com_err(argv[0], retval, "while reading Kerberos container information"); - goto err_nomsg; + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer)))) { + com_err(argv[0], retval, "while reading Kerberos container information"); + goto err_nomsg; } - retval = krb5_ldap_read_realm_params(util_context, - global_params.realm, &rparams, &rmask); + retval = krb5_ldap_read_realm_params(util_context, + global_params.realm, &rparams, &rmask); if (retval) - goto cleanup; + goto cleanup; /* Parse the arguments */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-subtree")) { - if (++i > argc-1) - goto err_usage; + if (!strcmp(argv[i], "-subtree")) { + if (++i > argc-1) + goto err_usage; if (rmask & LDAP_REALM_SUBTREE) { - if( rparams->subtree ) { + if (rparams->subtree) { #ifdef HAVE_EDIRECTORY oldsubtree = strdup(rparams->subtree); - if( oldsubtree == NULL ) { + if (oldsubtree == NULL) { retval = ENOMEM; goto cleanup; } @@ -934,472 +914,456 @@ void kdb5_ldap_modify(argc, argv) free(rparams->subtree); } } - rparams->subtree = strdup(argv[i]); - if (rparams->subtree == NULL) { - retval = ENOMEM; - goto cleanup; - } - mask |= LDAP_REALM_SUBTREE; - } - else if (!strcmp(argv[i], "-sscope")) { - if (++i > argc-1) - goto err_usage; - /* Possible values for search scope are - * one (or 1) and sub (or 2) - */ - if (strcasecmp(argv[i], "one") == 0) { - rparams->search_scope = 1; - } - else if (strcasecmp(argv[i], "sub") == 0) { - rparams->search_scope = 2; - } - else { - rparams->search_scope = atoi(argv[i]); - if ((rparams->search_scope != 1) && - (rparams->search_scope != 2)) { - retval = EINVAL; - com_err(argv[0], retval, - "specified for search scope while modifying information of realm '%s'", - global_params.realm); - goto err_nomsg; - } - } - mask |= LDAP_REALM_SEARCHSCOPE; - } + rparams->subtree = strdup(argv[i]); + if (rparams->subtree == NULL) { + retval = ENOMEM; + goto cleanup; + } + mask |= LDAP_REALM_SUBTREE; + } else if (!strcmp(argv[i], "-sscope")) { + if (++i > argc-1) + goto err_usage; + /* Possible values for search scope are + * one (or 1) and sub (or 2) + */ + if (strcasecmp(argv[i], "one") == 0) { + rparams->search_scope = 1; + } else if (strcasecmp(argv[i], "sub") == 0) { + rparams->search_scope = 2; + } else { + rparams->search_scope = atoi(argv[i]); + if ((rparams->search_scope != 1) && + (rparams->search_scope != 2)) { + retval = EINVAL; + com_err(argv[0], retval, + "specified for search scope while modifying information of realm '%s'", + global_params.realm); + goto err_nomsg; + } + } + mask |= LDAP_REALM_SEARCHSCOPE; + } #ifdef HAVE_EDIRECTORY - else if (!strcmp(argv[i], "-kdcdn")) { - if (++i > argc-1) - goto err_usage; + else if (!strcmp(argv[i], "-kdcdn")) { + if (++i > argc-1) + goto err_usage; if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) { if (!oldkdcdns) { - /* Store the old kdc dns list for removing rights */ - oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldkdcdns == NULL) { - retval = ENOMEM; - goto cleanup; - } - - for (j=0; rparams->kdcservers[j] != NULL; j++) { - oldkdcdns[j] = strdup(rparams->kdcservers[j]); - if (oldkdcdns[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } - } - oldkdcdns[j] = NULL; - } - - krb5_free_list_entries(rparams->kdcservers); - free(rparams->kdcservers); - } - - rparams->kdcservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->kdcservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->kdcservers))) { - goto cleanup; - } - mask |= LDAP_REALM_KDCSERVERS; - /* Going to replace the existing value by this new value. Hence - * setting flag indicating that add or clear options will be ignored - */ - newkdcdn = 1; - } - else if (!strcmp(argv[i], "-clearkdcdn")) { - if (++i > argc-1) - goto err_usage; - if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) { + /* Store the old kdc dns list for removing rights */ + oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldkdcdns == NULL) { + retval = ENOMEM; + goto cleanup; + } + + for (j=0; rparams->kdcservers[j] != NULL; j++) { + oldkdcdns[j] = strdup(rparams->kdcservers[j]); + if (oldkdcdns[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } + } + oldkdcdns[j] = NULL; + } + + krb5_free_list_entries(rparams->kdcservers); + free(rparams->kdcservers); + } + + rparams->kdcservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->kdcservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->kdcservers))) { + goto cleanup; + } + mask |= LDAP_REALM_KDCSERVERS; + /* Going to replace the existing value by this new value. Hence + * setting flag indicating that add or clear options will be ignored + */ + newkdcdn = 1; + } else if (!strcmp(argv[i], "-clearkdcdn")) { + if (++i > argc-1) + goto err_usage; + if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) { if (!oldkdcdns) { /* Store the old kdc dns list for removing rights */ oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldkdcdns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + for (j=0; rparams->kdcservers[j] != NULL; j++) { - oldkdcdns[j] = strdup(rparams->kdcservers[j]); - if (oldkdcdns[j] == NULL) { + oldkdcdns[j] = strdup(rparams->kdcservers[j]); + if (oldkdcdns[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldkdcdns[j] = NULL; - } + } memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - list_modify_str_array(&rparams->kdcservers, (const char **)list, - LIST_MODE_DELETE); - mask |= LDAP_REALM_KDCSERVERS; - krb5_free_list_entries(list); - } - } - else if (!strcmp(argv[i], "-addkdcdn")) { - if (++i > argc-1) - goto err_usage; - if (!newkdcdn) { - if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) { + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + list_modify_str_array(&rparams->kdcservers, (const char **)list, + LIST_MODE_DELETE); + mask |= LDAP_REALM_KDCSERVERS; + krb5_free_list_entries(list); + } + } else if (!strcmp(argv[i], "-addkdcdn")) { + if (++i > argc-1) + goto err_usage; + if (!newkdcdn) { + if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) { /* Store the old kdc dns list for removing rights */ oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldkdcdns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; + } + + for (j = 0; rparams->kdcservers[j] != NULL; j++) { + oldkdcdns[j] = strdup(rparams->kdcservers[j]); + if (oldkdcdns[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } } - - for (j = 0; rparams->kdcservers[j] != NULL; j++) { - oldkdcdns[j] = strdup(rparams->kdcservers[j]); - if (oldkdcdns[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } - } - oldkdcdns[j] = NULL; - } + oldkdcdns[j] = NULL; + } memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - existing_entries = list_count_str_array(rparams->kdcservers); - list_entries = list_count_str_array(list); - if (rmask & LDAP_REALM_KDCSERVERS) { - tempstr = (char **)realloc( - rparams->kdcservers, - sizeof(char *) * (existing_entries+list_entries+1)); - if (tempstr == NULL) { - retval = ENOMEM; - goto cleanup; - } - rparams->kdcservers = tempstr; - } - else { - rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1)); - if (rparams->kdcservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1)); - } - list_modify_str_array(&rparams->kdcservers, (const char **)list, - LIST_MODE_ADD); - mask |= LDAP_REALM_KDCSERVERS; - } - } - else if (!strcmp(argv[i], "-admindn")) { - if (++i > argc-1) - goto err_usage; - - if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) { - if (!oldadmindns) { - /* Store the old admin dns list for removing rights */ - oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldadmindns == NULL) { - retval = ENOMEM; - goto cleanup; - } - - for (j=0; rparams->adminservers[j] != NULL; j++) { - oldadmindns[j] = strdup(rparams->adminservers[j]); - if (oldadmindns[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } - } - oldadmindns[j] = NULL; - } - - krb5_free_list_entries(rparams->adminservers); - free(rparams->adminservers); - } - - rparams->adminservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->adminservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->adminservers))) { - goto cleanup; - } - mask |= LDAP_REALM_ADMINSERVERS; - /* Going to replace the existing value by this new value. Hence - * setting flag indicating that add or clear options will be ignored - */ - newadmindn = 1; - } - else if (!strcmp(argv[i], "-clearadmindn")) { - if (++i > argc-1) - goto err_usage; - - if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) { + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + existing_entries = list_count_str_array(rparams->kdcservers); + list_entries = list_count_str_array(list); + if (rmask & LDAP_REALM_KDCSERVERS) { + tempstr = (char **)realloc( + rparams->kdcservers, + sizeof(char *) * (existing_entries+list_entries+1)); + if (tempstr == NULL) { + retval = ENOMEM; + goto cleanup; + } + rparams->kdcservers = tempstr; + } else { + rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1)); + if (rparams->kdcservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1)); + } + list_modify_str_array(&rparams->kdcservers, (const char **)list, + LIST_MODE_ADD); + mask |= LDAP_REALM_KDCSERVERS; + } + } else if (!strcmp(argv[i], "-admindn")) { + if (++i > argc-1) + goto err_usage; + + if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) { if (!oldadmindns) { - /* Store the old admin dns list for removing rights */ + /* Store the old admin dns list for removing rights */ oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldadmindns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + for (j=0; rparams->adminservers[j] != NULL; j++) { - oldadmindns[j] = strdup(rparams->adminservers[j]); - if (oldadmindns[j] == NULL) { + oldadmindns[j] = strdup(rparams->adminservers[j]); + if (oldadmindns[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldadmindns[j] = NULL; - } - - memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - list_modify_str_array(&rparams->adminservers, (const char **)list, - LIST_MODE_DELETE); - mask |= LDAP_REALM_ADMINSERVERS; - krb5_free_list_entries(list); - } - } - else if (!strcmp(argv[i], "-addadmindn")) { - if (++i > argc-1) - goto err_usage; - if (!newadmindn) { + } + + krb5_free_list_entries(rparams->adminservers); + free(rparams->adminservers); + } + + rparams->adminservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->adminservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->adminservers))) { + goto cleanup; + } + mask |= LDAP_REALM_ADMINSERVERS; + /* Going to replace the existing value by this new value. Hence + * setting flag indicating that add or clear options will be ignored + */ + newadmindn = 1; + } else if (!strcmp(argv[i], "-clearadmindn")) { + if (++i > argc-1) + goto err_usage; + + if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) { + if (!oldadmindns) { + /* Store the old admin dns list for removing rights */ + oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldadmindns == NULL) { + retval = ENOMEM; + goto cleanup; + } + + for (j=0; rparams->adminservers[j] != NULL; j++) { + oldadmindns[j] = strdup(rparams->adminservers[j]); + if (oldadmindns[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } + } + oldadmindns[j] = NULL; + } + + memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + list_modify_str_array(&rparams->adminservers, (const char **)list, + LIST_MODE_DELETE); + mask |= LDAP_REALM_ADMINSERVERS; + krb5_free_list_entries(list); + } + } else if (!strcmp(argv[i], "-addadmindn")) { + if (++i > argc-1) + goto err_usage; + if (!newadmindn) { if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) { /* Store the old admin dns list for removing rights */ oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldadmindns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + for (j=0; rparams->adminservers[j] != NULL; j++) { - oldadmindns[j] = strdup(rparams->adminservers[j]); - if (oldadmindns[j] == NULL) { + oldadmindns[j] = strdup(rparams->adminservers[j]); + if (oldadmindns[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldadmindns[j] = NULL; - } - - memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - existing_entries = list_count_str_array(rparams->adminservers); - list_entries = list_count_str_array(list); - if (rmask & LDAP_REALM_ADMINSERVERS) { - tempstr = (char **)realloc( - rparams->adminservers, - sizeof(char *) * (existing_entries+list_entries+1)); - if (tempstr == NULL) { - retval = ENOMEM; - goto cleanup; - } - rparams->adminservers = tempstr; - } - else { - rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1)); - if (rparams->adminservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1)); - } - list_modify_str_array(&rparams->adminservers, (const char **)list, - LIST_MODE_ADD); - mask |= LDAP_REALM_ADMINSERVERS; - } - } - else if (!strcmp(argv[i], "-pwddn")) { - if (++i > argc-1) - goto err_usage; - - if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) { - if (!oldpwddns) { - /* Store the old pwd dns list for removing rights */ - oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldpwddns == NULL) { - retval = ENOMEM; - goto cleanup; - } - - for (j=0; rparams->passwdservers[j] != NULL; j++) { - oldpwddns[j] = strdup(rparams->passwdservers[j]); - if (oldpwddns[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } - } - oldpwddns[j] = NULL; - } - - krb5_free_list_entries(rparams->passwdservers); - free(rparams->passwdservers); - } - - rparams->passwdservers = (char **)malloc( - sizeof(char *) * MAX_LIST_ENTRIES); - if (rparams->passwdservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - rparams->passwdservers))) { - goto cleanup; - } - mask |= LDAP_REALM_PASSWDSERVERS; - /* Going to replace the existing value by this new value. Hence - * setting flag indicating that add or clear options will be ignored - */ - newpwddn = 1; - } - else if (!strcmp(argv[i], "-clearpwddn")) { - if (++i > argc-1) - goto err_usage; - - if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) { - if (!oldpwddns) { + } + + memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + existing_entries = list_count_str_array(rparams->adminservers); + list_entries = list_count_str_array(list); + if (rmask & LDAP_REALM_ADMINSERVERS) { + tempstr = (char **)realloc( + rparams->adminservers, + sizeof(char *) * (existing_entries+list_entries+1)); + if (tempstr == NULL) { + retval = ENOMEM; + goto cleanup; + } + rparams->adminservers = tempstr; + } else { + rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1)); + if (rparams->adminservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1)); + } + list_modify_str_array(&rparams->adminservers, (const char **)list, + LIST_MODE_ADD); + mask |= LDAP_REALM_ADMINSERVERS; + } + } else if (!strcmp(argv[i], "-pwddn")) { + if (++i > argc-1) + goto err_usage; + + if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) { + if (!oldpwddns) { /* Store the old pwd dns list for removing rights */ oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldpwddns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + for (j=0; rparams->passwdservers[j] != NULL; j++) { - oldpwddns[j] = strdup(rparams->passwdservers[j]); - if (oldpwddns[j] == NULL) { + oldpwddns[j] = strdup(rparams->passwdservers[j]); + if (oldpwddns[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldpwddns[j] = NULL; - } - - memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - list_modify_str_array(&rparams->passwdservers, (const char**)list, - LIST_MODE_DELETE); - mask |= LDAP_REALM_PASSWDSERVERS; - krb5_free_list_entries(list); - } - } - else if (!strcmp(argv[i], "-addpwddn")) { - if (++i > argc-1) - goto err_usage; - if (!newpwddn) { - if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) { + } + + krb5_free_list_entries(rparams->passwdservers); + free(rparams->passwdservers); + } + + rparams->passwdservers = (char **)malloc( + sizeof(char *) * MAX_LIST_ENTRIES); + if (rparams->passwdservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + rparams->passwdservers))) { + goto cleanup; + } + mask |= LDAP_REALM_PASSWDSERVERS; + /* Going to replace the existing value by this new value. Hence + * setting flag indicating that add or clear options will be ignored + */ + newpwddn = 1; + } else if (!strcmp(argv[i], "-clearpwddn")) { + if (++i > argc-1) + goto err_usage; + + if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) { + if (!oldpwddns) { + /* Store the old pwd dns list for removing rights */ + oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldpwddns == NULL) { + retval = ENOMEM; + goto cleanup; + } + + for (j=0; rparams->passwdservers[j] != NULL; j++) { + oldpwddns[j] = strdup(rparams->passwdservers[j]); + if (oldpwddns[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } + } + oldpwddns[j] = NULL; + } + + memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + list_modify_str_array(&rparams->passwdservers, (const char**)list, + LIST_MODE_DELETE); + mask |= LDAP_REALM_PASSWDSERVERS; + krb5_free_list_entries(list); + } + } else if (!strcmp(argv[i], "-addpwddn")) { + if (++i > argc-1) + goto err_usage; + if (!newpwddn) { + if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) { /* Store the old pwd dns list for removing rights */ oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (oldpwddns == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + for (j=0; rparams->passwdservers[j] != NULL; j++) { - oldpwddns[j] = strdup(rparams->passwdservers[j]); - if (oldpwddns[j] == NULL) { + oldpwddns[j] = strdup(rparams->passwdservers[j]); + if (oldpwddns[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldpwddns[j] = NULL; - } - - memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { - goto cleanup; - } - existing_entries = list_count_str_array(rparams->passwdservers); - list_entries = list_count_str_array(list); - if (rmask & LDAP_REALM_PASSWDSERVERS) { - tempstr = (char **)realloc( - rparams->passwdservers, - sizeof(char *) * (existing_entries+list_entries+1)); - if (tempstr == NULL) { - retval = ENOMEM; - goto cleanup; - } - rparams->passwdservers = tempstr; - } - else { - rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1)); - if (rparams->passwdservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1)); - } - list_modify_str_array(&rparams->passwdservers, (const char**)list, - LIST_MODE_ADD); - mask |= LDAP_REALM_PASSWDSERVERS; - } - } + } + + memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES); + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) { + goto cleanup; + } + existing_entries = list_count_str_array(rparams->passwdservers); + list_entries = list_count_str_array(list); + if (rmask & LDAP_REALM_PASSWDSERVERS) { + tempstr = (char **)realloc( + rparams->passwdservers, + sizeof(char *) * (existing_entries+list_entries+1)); + if (tempstr == NULL) { + retval = ENOMEM; + goto cleanup; + } + rparams->passwdservers = tempstr; + } else { + rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1)); + if (rparams->passwdservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1)); + } + list_modify_str_array(&rparams->passwdservers, (const char**)list, + LIST_MODE_ADD); + mask |= LDAP_REALM_PASSWDSERVERS; + } + } #endif - else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) - { - mask|=ret_mask; + else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) { + mask|=ret_mask; + } else { + printf("'%s' is an invalid option\n", argv[i]); + goto err_usage; } - else { - printf("'%s' is an invalid option\n", argv[i]); - goto err_usage; - } } - if ((retval = krb5_ldap_modify_realm(util_context, - /* global_params.realm, */ rparams, mask))) { - goto cleanup; + if ((retval = krb5_ldap_modify_realm(util_context, + /* global_params.realm, */ rparams, mask))) { + goto cleanup; } #ifdef HAVE_EDIRECTORY - if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) || + if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) { printf("Changing rights for the service object. Please wait ... "); - fflush(stdout); - - if( !(mask & LDAP_REALM_SUBTREE) ) { - if( rparams->subtree != NULL ) { + fflush(stdout); + + if (!(mask & LDAP_REALM_SUBTREE)) { + if (rparams->subtree != NULL) { oldsubtree = strdup(rparams->subtree); - if( oldsubtree == NULL ) { + if (oldsubtree == NULL) { retval = ENOMEM; goto cleanup; } } } - if( (mask & LDAP_REALM_SUBTREE) ) { - if( (oldsubtree && !rparams->subtree) || - (!oldsubtree && rparams->subtree) || - (strcmp( oldsubtree, rparams->subtree) != 0) ) { + if ((mask & LDAP_REALM_SUBTREE)) { + if ((oldsubtree && !rparams->subtree) || + (!oldsubtree && rparams->subtree) || + (strcmp(oldsubtree, rparams->subtree) != 0)) { subtree_changed = 1; - } + } } - if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ) { + if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS)) { newkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (newkdcdns == NULL) { retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) { + + if ((rparams != NULL) && (rparams->kdcservers != NULL)) { for (j=0; rparams->kdcservers[j]!= NULL; j++) { newkdcdns[j] = strdup(rparams->kdcservers[j]); if (newkdcdns[j] == NULL) { @@ -1409,11 +1373,10 @@ void kdb5_ldap_modify(argc, argv) } newkdcdns[j] = NULL; } - - if( !subtree_changed ) { - disjoint_members( oldkdcdns, newkdcdns); - } - else { /* Only the subtree was changed. Remove the rights on the old subtree. */ + + if (!subtree_changed) { + disjoint_members(oldkdcdns, newkdcdns); + } else { /* Only the subtree was changed. Remove the rights on the old subtree. */ if (!(mask & LDAP_REALM_KDCSERVERS)) { oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); @@ -1421,8 +1384,8 @@ void kdb5_ldap_modify(argc, argv) retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) { + + if ((rparams != NULL) && (rparams->kdcservers != NULL)) { for (j=0; rparams->kdcservers[j]!= NULL; j++) { oldkdcdns[j] = strdup(rparams->kdcservers[j]); if (oldkdcdns[j] == NULL) { @@ -1431,54 +1394,54 @@ void kdb5_ldap_modify(argc, argv) } } oldkdcdns[j] = NULL; - } + } } } - + rightsmask =0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; /* Remove the rights on the old subtree */ - if ( oldkdcdns ) { - for ( i=0; (oldkdcdns[i] != NULL); i++) { - if((retval=krb5_ldap_delete_service_rights(util_context, - LDAP_KDC_SERVICE, oldkdcdns[i], - rparams->realm_name, oldsubtree, rightsmask )) != 0) { + if (oldkdcdns) { + for (i=0; (oldkdcdns[i] != NULL); i++) { + if ((retval=krb5_ldap_delete_service_rights(util_context, + LDAP_KDC_SERVICE, oldkdcdns[i], + rparams->realm_name, oldsubtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } } - + rightsmask =0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if ( newkdcdns ) { - for ( i=0; (newkdcdns[i] != NULL); i++) { - - if((retval=krb5_ldap_add_service_rights(util_context, - LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name, - rparams->subtree, rightsmask )) != 0) { + if (newkdcdns) { + for (i=0; (newkdcdns[i] != NULL); i++) { + + if ((retval=krb5_ldap_add_service_rights(util_context, + LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name, + rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } } } - if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS) ) { + if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS)) { newadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (newadmindns == NULL) { retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->adminservers != NULL) ) { + + if ((rparams != NULL) && (rparams->adminservers != NULL)) { for (j=0; rparams->adminservers[j]!= NULL; j++) { newadmindns[j] = strdup(rparams->adminservers[j]); if (newadmindns[j] == NULL) { @@ -1488,11 +1451,10 @@ void kdb5_ldap_modify(argc, argv) } newadmindns[j] = NULL; } - - if( !subtree_changed ) { - disjoint_members( oldadmindns, newadmindns); - } - else { /* Only the subtree was changed. Remove the rights on the old subtree. */ + + if (!subtree_changed) { + disjoint_members(oldadmindns, newadmindns); + } else { /* Only the subtree was changed. Remove the rights on the old subtree. */ if (!(mask & LDAP_REALM_ADMINSERVERS)) { oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); @@ -1500,8 +1462,8 @@ void kdb5_ldap_modify(argc, argv) retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->adminservers != NULL) ) { + + if ((rparams != NULL) && (rparams->adminservers != NULL)) { for (j=0; rparams->adminservers[j]!= NULL; j++) { oldadmindns[j] = strdup(rparams->adminservers[j]); if (oldadmindns[j] == NULL) { @@ -1510,7 +1472,7 @@ void kdb5_ldap_modify(argc, argv) } } oldadmindns[j] = NULL; - } + } } } @@ -1518,17 +1480,17 @@ void kdb5_ldap_modify(argc, argv) rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; /* Remove the rights on the old subtree */ - if ( oldadmindns ) { - for ( i=0; (oldadmindns[i] != NULL); i++) { - - if((retval=krb5_ldap_delete_service_rights( util_context, - LDAP_ADMIN_SERVICE, oldadmindns[i], - rparams->realm_name, oldsubtree, rightsmask )) != 0) { + if (oldadmindns) { + for (i=0; (oldadmindns[i] != NULL); i++) { + + if ((retval=krb5_ldap_delete_service_rights(util_context, + LDAP_ADMIN_SERVICE, oldadmindns[i], + rparams->realm_name, oldsubtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; - } + } } } @@ -1536,15 +1498,15 @@ void kdb5_ldap_modify(argc, argv) rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; /* Add rights on the new subtree for all the kdc dns */ - if ( newadmindns ) { - for ( i=0; (newadmindns[i] != NULL); i++) { - - if((retval=krb5_ldap_add_service_rights( util_context, - LDAP_ADMIN_SERVICE, newadmindns[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if (newadmindns) { + for (i=0; (newadmindns[i] != NULL); i++) { + + if ((retval=krb5_ldap_add_service_rights(util_context, + LDAP_ADMIN_SERVICE, newadmindns[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } @@ -1552,15 +1514,15 @@ void kdb5_ldap_modify(argc, argv) } - if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS) ) { + if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS)) { newpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (newpwddns == NULL) { retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) { + + if ((rparams != NULL) && (rparams->passwdservers != NULL)) { for (j=0; rparams->passwdservers[j]!= NULL; j++) { newpwddns[j] = strdup(rparams->passwdservers[j]); if (newpwddns[j] == NULL) { @@ -1570,11 +1532,10 @@ void kdb5_ldap_modify(argc, argv) } newpwddns[j] = NULL; } - - if( !subtree_changed ) { - disjoint_members( oldpwddns, newpwddns); - } - else { /* Only the subtree was changed. Remove the rights on the old subtree. */ + + if (!subtree_changed) { + disjoint_members(oldpwddns, newpwddns); + } else { /* Only the subtree was changed. Remove the rights on the old subtree. */ if (!(mask & LDAP_REALM_ADMINSERVERS)) { oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); @@ -1582,8 +1543,8 @@ void kdb5_ldap_modify(argc, argv) retval = ENOMEM; goto cleanup; } - - if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) { + + if ((rparams != NULL) && (rparams->passwdservers != NULL)) { for (j=0; rparams->passwdservers[j]!= NULL; j++) { oldpwddns[j] = strdup(rparams->passwdservers[j]); if (oldpwddns[j] == NULL) { @@ -1600,14 +1561,14 @@ void kdb5_ldap_modify(argc, argv) rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; /* Remove the rights on the old subtree */ - if ( oldpwddns ) { - for ( i=0; (oldpwddns[i] != NULL); i++) { - if((retval = krb5_ldap_delete_service_rights( util_context, - LDAP_PASSWD_SERVICE, oldpwddns[i], - rparams->realm_name, oldsubtree, rightsmask))) { + if (oldpwddns) { + for (i=0; (oldpwddns[i] != NULL); i++) { + if ((retval = krb5_ldap_delete_service_rights(util_context, + LDAP_PASSWD_SERVICE, oldpwddns[i], + rparams->realm_name, oldsubtree, rightsmask))) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } @@ -1617,78 +1578,78 @@ void kdb5_ldap_modify(argc, argv) rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; /* Add rights on the new subtree for all the kdc dns */ - if ( newpwddns ) { - for ( i=0; (newpwddns[i] != NULL); i++) { - if((retval = krb5_ldap_add_service_rights( util_context, - LDAP_PASSWD_SERVICE, newpwddns[i], - rparams->realm_name, rparams->subtree, rightsmask))) { + if (newpwddns) { + for (i=0; (newpwddns[i] != NULL); i++) { + if ((retval = krb5_ldap_add_service_rights(util_context, + LDAP_PASSWD_SERVICE, newpwddns[i], + rparams->realm_name, rparams->subtree, rightsmask))) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); goto err_nomsg; } } } } - + printf("done\n"); } #endif - + goto cleanup; err_usage: print_usage = TRUE; - + err_nomsg: no_msg = TRUE; - + cleanup: krb5_ldap_free_realm_params(rparams); #ifdef HAVE_EDIRECTORY if (oldkdcdns) { - for ( i=0; oldkdcdns[i] != NULL; i++) + for (i=0; oldkdcdns[i] != NULL; i++) free(oldkdcdns[i]); free(oldkdcdns); } if (oldpwddns) { - for ( i=0; oldpwddns[i] != NULL; i++) + for (i=0; oldpwddns[i] != NULL; i++) free(oldpwddns[i]); - free(oldpwddns); + free(oldpwddns); } if (oldadmindns) { - for ( i=0; oldadmindns[i] != NULL; i++) + for (i=0; oldadmindns[i] != NULL; i++) free(oldadmindns[i]); - free(oldadmindns); + free(oldadmindns); } if (newkdcdns) { - for ( i=0; newkdcdns[i] != NULL; i++) + for (i=0; newkdcdns[i] != NULL; i++) free(newkdcdns[i]); free(newkdcdns); } if (newpwddns) { - for ( i=0; newpwddns[i] != NULL; i++) + for (i=0; newpwddns[i] != NULL; i++) free(newpwddns[i]); - free(newpwddns); + free(newpwddns); } if (newadmindns) { - for ( i=0; newadmindns[i] != NULL; i++) + for (i=0; newadmindns[i] != NULL; i++) free(newadmindns[i]); - free(newadmindns); + free(newadmindns); } if (oldsubtree) free(oldsubtree); #endif if (print_usage) { - db_usage(MODIFY_REALM); + db_usage(MODIFY_REALM); } if (retval) { - if (!no_msg) - com_err(argv[0], retval, "while modifying information of realm '%s'", - global_params.realm); - exit_status++; + if (!no_msg) + com_err(argv[0], retval, "while modifying information of realm '%s'", + global_params.realm); + exit_status++; } return; @@ -1712,26 +1673,26 @@ void kdb5_ldap_view(argc, argv) dal_handle = (kdb5_dal_handle *) util_context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!(ldap_context)) { - retval = EINVAL; - com_err(argv[0], retval, "while initializing database"); - exit_status++; - return; + retval = EINVAL; + com_err(argv[0], retval, "while initializing database"); + exit_status++; + return; } /* Read the kerberos container information */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { - com_err(argv[0], retval, "while reading kerberos container information"); - exit_status++; - return; + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer))) != 0) { + com_err(argv[0], retval, "while reading kerberos container information"); + exit_status++; + return; } if ((retval = krb5_ldap_read_realm_params(util_context, - global_params.realm, &rparams, &mask)) || (!rparams)) { - com_err(argv[0], retval, "while reading information of realm '%s'", - global_params.realm); - exit_status++; - return; + global_params.realm, &rparams, &mask)) || (!rparams)) { + com_err(argv[0], retval, "while reading information of realm '%s'", + global_params.realm); + exit_status++; + return; } print_realm_params(rparams, mask); krb5_ldap_free_realm_params(rparams); @@ -1740,27 +1701,27 @@ void kdb5_ldap_view(argc, argv) } static char *strdur(duration) - time_t duration; + time_t duration; { - static char out[50]; - int neg, days, hours, minutes, seconds; - - if (duration < 0) { - duration *= -1; - neg = 1; - } else - neg = 0; - days = duration / (24 * 3600); - duration %= 24 * 3600; - hours = duration / 3600; - duration %= 3600; - minutes = duration / 60; - duration %= 60; - seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); - return out; + static char out[50]; + int neg, days, hours, minutes, seconds; + + if (duration < 0) { + duration *= -1; + neg = 1; + } else + neg = 0; + days = duration / (24 * 3600); + duration %= 24 * 3600; + hours = duration / 3600; + duration %= 3600; + minutes = duration / 60; + duration %= 60; + seconds = duration; + sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", + hours, minutes, seconds); + return out; } /* @@ -1778,113 +1739,112 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask) /* Print the Realm Attributes on the standard output */ printf("%25s: %-50s\n", "Realm Name", global_params.realm); if (mask & LDAP_REALM_SUBTREE) - printf("%25s: %-50s\n", "Subtree", rparams->subtree); + printf("%25s: %-50s\n", "Subtree", rparams->subtree); if (mask & LDAP_REALM_SEARCHSCOPE) { - if ((rparams->search_scope != 1) && - (rparams->search_scope != 2)) { - printf("%25s: %-50s\n", "SearchScope", "Invalid !"); - } - else { - printf("%25s: %-50s\n", "SearchScope", - (rparams->search_scope == 1) ? "ONE" : "SUB"); - } + if ((rparams->search_scope != 1) && + (rparams->search_scope != 2)) { + printf("%25s: %-50s\n", "SearchScope", "Invalid !"); + } else { + printf("%25s: %-50s\n", "SearchScope", + (rparams->search_scope == 1) ? "ONE" : "SUB"); + } } if (mask & LDAP_REALM_KDCSERVERS) { - printf("%25s:", "KDC Services"); - if (rparams->kdcservers != NULL) { - num_entry_printed = 0; - for(slist = rparams->kdcservers; *slist != NULL; slist++) { - if (num_entry_printed) - printf(" %25s %-50s\n", " ", *slist); - else - printf(" %-50s\n", *slist); - num_entry_printed++; - } - } - if (num_entry_printed == 0) - printf("\n"); + printf("%25s:", "KDC Services"); + if (rparams->kdcservers != NULL) { + num_entry_printed = 0; + for (slist = rparams->kdcservers; *slist != NULL; slist++) { + if (num_entry_printed) + printf(" %25s %-50s\n", " ", *slist); + else + printf(" %-50s\n", *slist); + num_entry_printed++; + } + } + if (num_entry_printed == 0) + printf("\n"); } if (mask & LDAP_REALM_ADMINSERVERS) { - printf("%25s:", "Admin Services"); - if (rparams->adminservers != NULL) { - num_entry_printed = 0; - for(slist = rparams->adminservers; *slist != NULL; slist++) { - if (num_entry_printed) - printf(" %25s %-50s\n", " ", *slist); - else - printf(" %-50s\n", *slist); - num_entry_printed++; - } - } - if (num_entry_printed == 0) - printf("\n"); + printf("%25s:", "Admin Services"); + if (rparams->adminservers != NULL) { + num_entry_printed = 0; + for (slist = rparams->adminservers; *slist != NULL; slist++) { + if (num_entry_printed) + printf(" %25s %-50s\n", " ", *slist); + else + printf(" %-50s\n", *slist); + num_entry_printed++; + } + } + if (num_entry_printed == 0) + printf("\n"); } if (mask & LDAP_REALM_PASSWDSERVERS) { - printf("%25s:", "Passwd Services"); - if (rparams->passwdservers != NULL) { - num_entry_printed = 0; - for(slist = rparams->passwdservers; *slist != NULL; slist++) { - if (num_entry_printed) - printf(" %25s %-50s\n", " ", *slist); - else - printf(" %-50s\n", *slist); - num_entry_printed++; - } - } - if (num_entry_printed == 0) - printf("\n"); + printf("%25s:", "Passwd Services"); + if (rparams->passwdservers != NULL) { + num_entry_printed = 0; + for (slist = rparams->passwdservers; *slist != NULL; slist++) { + if (num_entry_printed) + printf(" %25s %-50s\n", " ", *slist); + else + printf(" %-50s\n", *slist); + num_entry_printed++; + } + } + if (num_entry_printed == 0) + printf("\n"); } if (mask & LDAP_REALM_MAXTICKETLIFE) { - printf("%25s:", "Maximum Ticket Life"); - printf(" %s \n", strdur(rparams->max_life)); + printf("%25s:", "Maximum Ticket Life"); + printf(" %s \n", strdur(rparams->max_life)); } if (mask & LDAP_REALM_MAXRENEWLIFE) { - printf("%25s:", "Maximum Renewable Life"); - printf(" %s \n", strdur(rparams->max_renewable_life)); + printf("%25s:", "Maximum Renewable Life"); + printf(" %s \n", strdur(rparams->max_renewable_life)); } if (mask & LDAP_REALM_KRBTICKETFLAGS) { - int ticketflags = rparams->tktflags; + int ticketflags = rparams->tktflags; - printf("%25s: ", "Ticket flags"); - if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED) - printf("%s ","DISALLOW_POSTDATED"); + printf("%25s: ", "Ticket flags"); + if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED) + printf("%s ","DISALLOW_POSTDATED"); - if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE) - printf("%s ","DISALLOW_FORWARDABLE"); + if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE) + printf("%s ","DISALLOW_FORWARDABLE"); - if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE) - printf("%s ","DISALLOW_RENEWABLE"); + if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE) + printf("%s ","DISALLOW_RENEWABLE"); - if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE) - printf("%s ","DISALLOW_PROXIABLE"); + if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE) + printf("%s ","DISALLOW_PROXIABLE"); - if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY) - printf("%s ","DISALLOW_DUP_SKEY"); + if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY) + printf("%s ","DISALLOW_DUP_SKEY"); - if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH) - printf("%s ","REQUIRES_PRE_AUTH"); + if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH) + printf("%s ","REQUIRES_PRE_AUTH"); - if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH) - printf("%s ","REQUIRES_HW_AUTH"); + if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH) + printf("%s ","REQUIRES_HW_AUTH"); - if (ticketflags & KRB5_KDB_DISALLOW_SVR) - printf("%s ","DISALLOW_SVR"); + if (ticketflags & KRB5_KDB_DISALLOW_SVR) + printf("%s ","DISALLOW_SVR"); - if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED) - printf("%s ","DISALLOW_TGT_BASED"); + if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED) + printf("%s ","DISALLOW_TGT_BASED"); - if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX) - printf("%s ","DISALLOW_ALL_TIX"); + if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX) + printf("%s ","DISALLOW_ALL_TIX"); - if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE) - printf("%s ","REQUIRES_PWCHANGE"); + if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE) + printf("%s ","REQUIRES_PWCHANGE"); - if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE) - printf("%s ","PWCHANGE_SERVICE"); + if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE) + printf("%s ","PWCHANGE_SERVICE"); - printf("\n"); + printf("\n"); } @@ -1910,36 +1870,36 @@ void kdb5_ldap_list(argc, argv) dal_handle = (kdb5_dal_handle *)util_context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!(ldap_context)) { - retval = EINVAL; - exit_status++; - return; + retval = EINVAL; + exit_status++; + return; } /* Read the kerberos container information */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { - com_err(argv[0], retval, "while reading kerberos container information"); - exit_status++; - return; + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer))) != 0) { + com_err(argv[0], retval, "while reading kerberos container information"); + exit_status++; + return; } - + retval = krb5_ldap_list_realm(util_context, &list); if (retval != 0) { - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); + krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); ldap_context->krbcontainer = NULL; - com_err (argv[0], retval, "while listing realms"); - exit_status++; - return; + com_err (argv[0], retval, "while listing realms"); + exit_status++; + return; } /* This is to handle the case of realm not present */ if (list == NULL) { - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); + krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); ldap_context->krbcontainer = NULL; - return; + return; } - - for(plist = list; *plist != NULL; plist++) { - printf("%s\n", *plist); + + for (plist = list; *plist != NULL; plist++) { + printf("%s\n", *plist); } krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); ldap_context->krbcontainer = NULL; @@ -1951,7 +1911,7 @@ void kdb5_ldap_list(argc, argv) /* - * This function creates service principals when + * This function creates service principals when * creating the realm object. */ static int @@ -1973,32 +1933,32 @@ kdb_ldap_create_principal (context, princ, op, pblock) krb5_ldap_context *ldap_context=NULL; if ((pblock == NULL) || (context == NULL)) { - retval = EINVAL; - goto cleanup; + retval = EINVAL; + goto cleanup; } dal_handle = (kdb5_dal_handle *) context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!(ldap_context)) { - retval = EINVAL; - goto cleanup; + retval = EINVAL; + goto cleanup; } memset(&entry, 0, sizeof(entry)); - + tl_data = malloc(sizeof(*tl_data)); if (tl_data == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } memset(tl_data, 0, sizeof(*tl_data)); tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4; tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */ curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length); if (tl_data->tl_data_contents == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } - + memset(curr, 1, 1); /* Passing the mask as principal type */ curr += 1; currlen = 2; @@ -2006,7 +1966,7 @@ kdb_ldap_create_principal (context, princ, op, pblock) curr += currlen; STORE16_INT(curr, princtype); curr += currlen; - + mask |= KDB_PRINCIPAL; mask |= KDB_ATTRIBUTES ; mask |= KDB_MAX_LIFE ; @@ -2025,29 +1985,28 @@ kdb_ldap_create_principal (context, princ, op, pblock) goto cleanup; /* Allocate memory for storing the key */ - if ((entry.key_data = (krb5_key_data *) malloc( - (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) { - retval = ENOMEM; - goto cleanup; + if ((entry.key_data = (krb5_key_data *) malloc( + (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) { + retval = ENOMEM; + goto cleanup; } - + memset(entry.key_data + entry.n_key_data, 0, sizeof(krb5_key_data)); entry.n_key_data++; - switch (op) - { + switch (op) { case TGT_KEY: retval = krb5_c_make_random_key(context, 16, &key) ; - if( retval ) { + if (retval) { goto cleanup; } - + kvno = 1; /* New key is getting set */ - retval = krb5_dbekd_encrypt_key_data(context, - &ldap_context->lrparams->mkey, - &key, NULL, kvno, - &entry.key_data[entry.n_key_data - 1]); - if( retval ) { + retval = krb5_dbekd_encrypt_key_data(context, + &ldap_context->lrparams->mkey, + &key, NULL, kvno, + &entry.key_data[entry.n_key_data - 1]); + if (retval) { goto cleanup; } krb5_free_keyblock_contents(context, &key); @@ -2056,9 +2015,9 @@ kdb_ldap_create_principal (context, princ, op, pblock) case MASTER_KEY: kvno = 1; /* New key is getting set */ retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &ldap_context->lrparams->mkey, NULL, kvno, - &entry.key_data[entry.n_key_data - 1]); - if( retval ) { + &ldap_context->lrparams->mkey, NULL, kvno, + &entry.key_data[entry.n_key_data - 1]); + if (retval) { goto cleanup; } break; @@ -2067,15 +2026,15 @@ kdb_ldap_create_principal (context, princ, op, pblock) default: break; } /* end of switch */ - + retval = krb5_ldap_put_principal(context, &entry, &nentry, NULL); - if( retval ) { - com_err(NULL, retval, "while adding entries to database"); - goto cleanup; + if (retval) { + com_err(NULL, retval, "while adding entries to database"); + goto cleanup; } - - cleanup: - krb5_dbe_free_contents( context, &entry); + +cleanup: + krb5_dbe_free_contents(context, &entry); return retval; } @@ -2097,14 +2056,14 @@ kdb5_ldap_destroy(argc, argv) int mask = 0; kdb5_dal_handle *dal_handle = NULL; krb5_ldap_context *ldap_context = NULL; -#ifdef HAVE_EDIRECTORY +#ifdef HAVE_EDIRECTORY int i = 0, rightsmask = 0; krb5_ldap_realm_params *rparams = NULL; #endif optind = 1; while ((optchar = getopt(argc, argv, "f")) != -1) { - switch(optchar) { + switch (optchar) { case 'f': force++; break; @@ -2133,31 +2092,31 @@ kdb5_ldap_destroy(argc, argv) dal_handle = (kdb5_dal_handle *)util_context->db_context; ldap_context = (krb5_ldap_context *) dal_handle->db_context; if (!(ldap_context)) { - com_err(argv[0], EINVAL, "while initializing database"); - exit_status++; - return; + com_err(argv[0], EINVAL, "while initializing database"); + exit_status++; + return; } - + /* Read the kerberos container from the LDAP Server */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { - com_err(argv[0], retval, "while reading kerberos container information"); - exit_status++; - return; + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer))) != 0) { + com_err(argv[0], retval, "while reading kerberos container information"); + exit_status++; + return; } /* Read the Realm information from the LDAP Server */ if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm, - &(ldap_context->lrparams), &mask)) != 0) { - com_err(argv[0], retval, "while reading realm information"); - exit_status++; - return; + &(ldap_context->lrparams), &mask)) != 0) { + com_err(argv[0], retval, "while reading realm information"); + exit_status++; + return; } #ifdef HAVE_EDIRECTORY - if( (mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || - (mask & LDAP_REALM_PASSWDSERVERS) ) { - + if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || + (mask & LDAP_REALM_PASSWDSERVERS)) { + printf("Changing rights for the service object. Please wait ... "); fflush(stdout); @@ -2165,14 +2124,14 @@ kdb5_ldap_destroy(argc, argv) rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) { - for ( i=0; (rparams->kdcservers[i] != NULL); i++) { - if((retval = krb5_ldap_delete_service_rights( util_context, - LDAP_KDC_SERVICE, rparams->kdcservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->kdcservers != NULL)) { + for (i=0; (rparams->kdcservers[i] != NULL); i++) { + if ((retval = krb5_ldap_delete_service_rights(util_context, + LDAP_KDC_SERVICE, rparams->kdcservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); return; } } @@ -2180,14 +2139,14 @@ kdb5_ldap_destroy(argc, argv) rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if ( (rparams != NULL) && (rparams->adminservers != NULL) ) { - for ( i=0; (rparams->adminservers[i] != NULL); i++) { - if((retval = krb5_ldap_delete_service_rights( util_context, - LDAP_ADMIN_SERVICE, rparams->adminservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->adminservers != NULL)) { + for (i=0; (rparams->adminservers[i] != NULL); i++) { + if ((retval = krb5_ldap_delete_service_rights(util_context, + LDAP_ADMIN_SERVICE, rparams->adminservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); return; } } @@ -2195,14 +2154,14 @@ kdb5_ldap_destroy(argc, argv) rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if( (rparams != NULL) && (rparams->passwdservers != NULL) ) { - for ( i=0; (rparams->passwdservers[i] != NULL); i++) { - if((retval = krb5_ldap_delete_service_rights( util_context, - LDAP_PASSWD_SERVICE, rparams->passwdservers[i], - rparams->realm_name, rparams->subtree, rightsmask )) != 0) { + if ((rparams != NULL) && (rparams->passwdservers != NULL)) { + for (i=0; (rparams->passwdservers[i] != NULL); i++) { + if ((retval = krb5_ldap_delete_service_rights(util_context, + LDAP_PASSWD_SERVICE, rparams->passwdservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { printf("failed\n"); com_err(argv[0], retval, "while assigning rights to '%s'", - rparams->realm_name); + rparams->realm_name); return; } } @@ -2213,9 +2172,9 @@ kdb5_ldap_destroy(argc, argv) /* Delete the realm container and all the associated principals */ retval = krb5_ldap_delete_realm(util_context, global_params.realm); if (retval) { - com_err(argv[0], retval, "deleting database of '%s'", global_params.realm); - exit_status++; - return; + com_err(argv[0], retval, "deleting database of '%s'", global_params.realm); + exit_status++; + return; } printf("** Database of '%s' destroyed.\n", global_params.realm); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h index 1a0ea9ccb..59b684beb 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h @@ -1,32 +1,32 @@ /* * kadmin/ldap_util/kdb5_ldap_realm.h */ - + /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ #define MAX_KRB_CONTAINER_LEN 256 diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 1ce08feb2..783b44d68 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -5,28 +5,28 @@ /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ /* @@ -46,10 +46,10 @@ #ifdef HAVE_EDIRECTORY krb5_error_code -rem_service_entry_from_file( int argc, - char *argv[], - char *file_name, - char *service_object ); +rem_service_entry_from_file(int argc, + char *argv[], + char *file_name, + char *service_object); extern char *yes; extern krb5_boolean db_inited; @@ -63,90 +63,86 @@ static int process_host_list(char **host_list, int servicetype) /* Protocol and port number processing */ for (j = 0; host_list[j]; j++) { - /* Look for one hash */ - if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) { - unsigned int hostname_len = pchr - host_list[j]; - - /* Check input for buffer overflow */ - if (hostname_len >= MAX_LEN_LIST_ENTRY) { - retval = EINVAL; - goto cleanup; - } - - /* First copy off the host name portion */ - strncpy (host_str, host_list[j], hostname_len); - - /* Parse for the protocol string and translate to number */ - strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN); - if (!strcmp(proto_str, "udp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_UDP); - else if (!strcmp(proto_str, "tcp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_TCP); - else - proto_str[0] = '\0'; /* Make the string null if invalid */ - - /* Look for one more hash */ - if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) { - /* Parse for the port string and check if it is numeric */ - strncpy (port_str, pchr + 1, PORT_STR_LEN); - if (!strtol(port_str, NULL, 10)) /* Not a valid number */ - port_str[0] = '\0'; - } - else - port_str[0] = '\0'; - } - else { /* We have only host name */ - strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1); - proto_str[0] = '\0'; - port_str[0] = '\0'; - } - - /* Now, based on service type, fill in suitable protocol - and port values if they are absent or not matching */ - if (servicetype == LDAP_KDC_SERVICE) { - if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC); - - if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_KDC); - } - else if (servicetype == LDAP_ADMIN_SERVICE) { - if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); - else if (strcmp(proto_str, "1")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); - - /* Print warning message */ - printf ("Admin Server supports only TCP protocol, hence setting that\n"); - } - - if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_ADM); - } - else if (servicetype == LDAP_PASSWD_SERVICE) { - if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); - else if (strcmp(proto_str, "0")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); - - /* Print warning message */ - printf ("Password Server supports only UDP protocol, hence setting that\n"); - } - - if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_PWD); - } - - /* Finally form back the string */ - free (host_list[j]); - host_list[j] = (char*) malloc(sizeof(char) * - (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1)); - if (host_list[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } - snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1, - "%s#%s#%s", host_str, proto_str, port_str); + /* Look for one hash */ + if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) { + unsigned int hostname_len = pchr - host_list[j]; + + /* Check input for buffer overflow */ + if (hostname_len >= MAX_LEN_LIST_ENTRY) { + retval = EINVAL; + goto cleanup; + } + + /* First copy off the host name portion */ + strncpy (host_str, host_list[j], hostname_len); + + /* Parse for the protocol string and translate to number */ + strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN); + if (!strcmp(proto_str, "udp")) + sprintf (proto_str, "%d", PROTOCOL_NUM_UDP); + else if (!strcmp(proto_str, "tcp")) + sprintf (proto_str, "%d", PROTOCOL_NUM_TCP); + else + proto_str[0] = '\0'; /* Make the string null if invalid */ + + /* Look for one more hash */ + if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) { + /* Parse for the port string and check if it is numeric */ + strncpy (port_str, pchr + 1, PORT_STR_LEN); + if (!strtol(port_str, NULL, 10)) /* Not a valid number */ + port_str[0] = '\0'; + } else + port_str[0] = '\0'; + } else { /* We have only host name */ + strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1); + proto_str[0] = '\0'; + port_str[0] = '\0'; + } + + /* Now, based on service type, fill in suitable protocol + and port values if they are absent or not matching */ + if (servicetype == LDAP_KDC_SERVICE) { + if (proto_str[0] == '\0') + sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC); + + if (port_str[0] == '\0') + sprintf (port_str, "%d", PORT_DEFAULT_KDC); + } else if (servicetype == LDAP_ADMIN_SERVICE) { + if (proto_str[0] == '\0') + sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + else if (strcmp(proto_str, "1")) { + sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + + /* Print warning message */ + printf ("Admin Server supports only TCP protocol, hence setting that\n"); + } + + if (port_str[0] == '\0') + sprintf (port_str, "%d", PORT_DEFAULT_ADM); + } else if (servicetype == LDAP_PASSWD_SERVICE) { + if (proto_str[0] == '\0') + sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + else if (strcmp(proto_str, "0")) { + sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + + /* Print warning message */ + printf ("Password Server supports only UDP protocol, hence setting that\n"); + } + + if (port_str[0] == '\0') + sprintf (port_str, "%d", PORT_DEFAULT_PWD); + } + + /* Finally form back the string */ + free (host_list[j]); + host_list[j] = (char*) malloc(sizeof(char) * + (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1)); + if (host_list[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } + snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1, + "%s#%s#%s", host_str, proto_str, port_str); } cleanup: @@ -158,7 +154,7 @@ cleanup: * Given a realm name, this function will convert it to a DN by appending the * Kerberos container location. */ -static krb5_error_code +static krb5_error_code convert_realm_name2dn_list(list, krbcontainer_loc) char **list; const char *krbcontainer_loc; @@ -169,24 +165,24 @@ convert_realm_name2dn_list(list, krbcontainer_loc) int i = 0; if (list == NULL) { - return EINVAL; + return EINVAL; } for (i = 0; (list[i] != NULL) && (i < MAX_LIST_ENTRIES); i++) { - /* Restrict copying to max. length to avoid buffer overflow */ - snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc); + /* Restrict copying to max. length to avoid buffer overflow */ + snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc); - /* Make copy of string to temporary node */ - temp_node = strdup(temp_str); - if (list[i] == NULL) { - retval = ENOMEM; - goto cleanup; - } + /* Make copy of string to temporary node */ + temp_node = strdup(temp_str); + if (list[i] == NULL) { + retval = ENOMEM; + goto cleanup; + } - /* On success, free list node and attach new one */ - free (list[i]); - list[i] = temp_node; - temp_node = NULL; + /* On success, free list node and attach new one */ + free (list[i]); + list[i] = temp_node; + temp_node = NULL; } cleanup: @@ -195,16 +191,16 @@ cleanup: /* - * This function will create a service object on the LDAP Server, with the + * This function will create a service object on the LDAP Server, with the * specified attributes. */ void kdb5_ldap_create_service(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { char *me = argv[0]; krb5_error_code retval = 0; - krb5_ldap_service_params *srvparams = NULL; + krb5_ldap_service_params *srvparams = NULL; krb5_boolean print_usage = FALSE; krb5_boolean no_msg = FALSE; int mask = 0; @@ -222,15 +218,15 @@ void kdb5_ldap_create_service(argc, argv) /* Check for number of arguments */ if ((argc < 3) || (argc > 10)) { - exit_status++; + exit_status++; goto err_usage; } /* Allocate memory for service parameters structure */ srvparams = (krb5_ldap_service_params*) calloc(1, sizeof(krb5_ldap_service_params)); if (srvparams == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } dal_handle = (kdb5_dal_handle *) util_context->db_context; @@ -241,168 +237,160 @@ void kdb5_ldap_create_service(argc, argv) of arguments */ extra_argv = (char **) calloc((unsigned int)argc, sizeof(char*)); if (extra_argv == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } /* Set first of the extra arguments as the program name */ extra_argv[0] = me; extra_argc++; - /* Read Kerberos container info, to construct realm DN from name + /* Read Kerberos container info, to construct realm DN from name * and for assigning rights */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)))) { - com_err(me, retval, "while reading Kerberos container information"); - goto cleanup; + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer)))) { + com_err(me, retval, "while reading Kerberos container information"); + goto cleanup; } /* Parse all arguments */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-kdc")) { - srvparams->servicetype = LDAP_KDC_SERVICE; - } - else if (!strcmp(argv[i], "-admin")) { - srvparams->servicetype = LDAP_ADMIN_SERVICE; - } - else if (!strcmp(argv[i], "-pwd")) { - srvparams->servicetype = LDAP_PASSWD_SERVICE; - } - else if (!strcmp(argv[i], "-servicehost")) { - if (++i > argc - 1) - goto err_usage; - - srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES, - sizeof(char *)); - if (srvparams->krbhostservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - srvparams->krbhostservers))) { - goto cleanup; - } - - if ((retval = process_host_list (srvparams->krbhostservers, - srvparams->servicetype))) { - goto cleanup; - } - - mask |= LDAP_SERVICE_HOSTSERVER; - } - else if (!strcmp(argv[i], "-realm")) { - if (++i > argc - 1) - goto err_usage; - - srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES, - sizeof(char *)); - if (srvparams->krbrealmreferences == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - srvparams->krbrealmreferences))) { - goto cleanup; - } - - /* Convert realm names to realm DNs */ - if ((retval = convert_realm_name2dn_list( - srvparams->krbrealmreferences, - ldap_context->krbcontainer->DN))) { - goto cleanup; - } - - mask |= LDAP_SERVICE_REALMREFERENCE; - } - /* If argument is none of the above and beginning with '-', - * it must be related to password -- collect it - * to pass onto kdb5_ldap_set_service_password() - */ - else if (*(argv[i]) == '-') { - /* Checking for options of setting the password for the - * service (by using 'setsrvpw') is not modular. --need to - * have a common function that can be shared with 'setsrvpw' - */ - if (!strcmp(argv[i], "-randpw")) { - extra_argv[extra_argc] = argv[i]; - extra_argc++; - } - else if (!strcmp(argv[i], "-fileonly")) { - extra_argv[extra_argc] = argv[i]; - extra_argc++; - } - /* For '-f' option alone, pick up the following argument too */ - else if (!strcmp(argv[i], "-f")) { - extra_argv[extra_argc] = argv[i]; - extra_argc++; - - if (++i > argc - 1) - goto err_usage; - - extra_argv[extra_argc] = argv[i]; - extra_argc++; - } - else { /* Any other option is invalid */ - exit_status++; - goto err_usage; - } - } - else { /* Any other argument must be service DN */ - /* First check if service DN is already provided -- - * if so, there's a usage error - */ - if (srvparams->servicedn != NULL) { - com_err(me, EINVAL, "while creating service object"); - goto err_usage; - } - - /* If not present already, fill up service DN */ - srvparams->servicedn = strdup(argv[i]); - if (srvparams->servicedn == NULL) { - com_err(me, ENOMEM, "while creating service object"); - goto err_nomsg; - } - } + if (!strcmp(argv[i], "-kdc")) { + srvparams->servicetype = LDAP_KDC_SERVICE; + } else if (!strcmp(argv[i], "-admin")) { + srvparams->servicetype = LDAP_ADMIN_SERVICE; + } else if (!strcmp(argv[i], "-pwd")) { + srvparams->servicetype = LDAP_PASSWD_SERVICE; + } else if (!strcmp(argv[i], "-servicehost")) { + if (++i > argc - 1) + goto err_usage; + + srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES, + sizeof(char *)); + if (srvparams->krbhostservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + srvparams->krbhostservers))) { + goto cleanup; + } + + if ((retval = process_host_list (srvparams->krbhostservers, + srvparams->servicetype))) { + goto cleanup; + } + + mask |= LDAP_SERVICE_HOSTSERVER; + } else if (!strcmp(argv[i], "-realm")) { + if (++i > argc - 1) + goto err_usage; + + srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES, + sizeof(char *)); + if (srvparams->krbrealmreferences == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + srvparams->krbrealmreferences))) { + goto cleanup; + } + + /* Convert realm names to realm DNs */ + if ((retval = convert_realm_name2dn_list( + srvparams->krbrealmreferences, + ldap_context->krbcontainer->DN))) { + goto cleanup; + } + + mask |= LDAP_SERVICE_REALMREFERENCE; + } + /* If argument is none of the above and beginning with '-', + * it must be related to password -- collect it + * to pass onto kdb5_ldap_set_service_password() + */ + else if (*(argv[i]) == '-') { + /* Checking for options of setting the password for the + * service (by using 'setsrvpw') is not modular. --need to + * have a common function that can be shared with 'setsrvpw' + */ + if (!strcmp(argv[i], "-randpw")) { + extra_argv[extra_argc] = argv[i]; + extra_argc++; + } else if (!strcmp(argv[i], "-fileonly")) { + extra_argv[extra_argc] = argv[i]; + extra_argc++; + } + /* For '-f' option alone, pick up the following argument too */ + else if (!strcmp(argv[i], "-f")) { + extra_argv[extra_argc] = argv[i]; + extra_argc++; + + if (++i > argc - 1) + goto err_usage; + + extra_argv[extra_argc] = argv[i]; + extra_argc++; + } else { /* Any other option is invalid */ + exit_status++; + goto err_usage; + } + } else { /* Any other argument must be service DN */ + /* First check if service DN is already provided -- + * if so, there's a usage error + */ + if (srvparams->servicedn != NULL) { + com_err(me, EINVAL, "while creating service object"); + goto err_usage; + } + + /* If not present already, fill up service DN */ + srvparams->servicedn = strdup(argv[i]); + if (srvparams->servicedn == NULL) { + com_err(me, ENOMEM, "while creating service object"); + goto err_nomsg; + } + } } /* No point in proceeding further if service DN value is not available */ if (srvparams->servicedn == NULL) { com_err(me, EINVAL, "while creating service object"); - goto err_usage; + goto err_usage; } if (srvparams->servicetype == 0) { /* Not provided and hence not set */ com_err(me, EINVAL, "while creating service object"); - goto err_usage; + goto err_usage; } /* Create object with all attributes provided */ if ((retval = krb5_ldap_create_service(util_context, srvparams, mask))) - goto cleanup; + goto cleanup; service_obj_created = TRUE; - /* ** NOTE ** srvparams structure should not be modified, as it is + /* ** NOTE ** srvparams structure should not be modified, as it is * used for deletion of the service object in case of any failures * from now on. */ /* Set password too */ if (extra_argc >= 1) { - /* Set service DN as the last argument */ - extra_argv[extra_argc] = strdup(srvparams->servicedn); - extra_argc++; - - if( (retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0 ) - { - goto err_nomsg; + /* Set service DN as the last argument */ + extra_argv[extra_argc] = strdup(srvparams->servicedn); + extra_argc++; + + if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) { + goto err_nomsg; } } /* Rights assignment */ - if( mask & LDAP_SERVICE_REALMREFERENCE ) { + if (mask & LDAP_SERVICE_REALMREFERENCE) { printf("%s","Changing rights for the service object. Please wait ... "); fflush(stdout); @@ -411,40 +399,40 @@ void kdb5_ldap_create_service(argc, argv) rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - if( (srvparams != NULL) && (srvparams->krbrealmreferences != NULL) ) { - for ( i=0; (srvparams->krbrealmreferences[i] != NULL); i++) { - + if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) { + for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) { + /* Get the realm name, not the dn */ temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1); - - if( temprdns[0] == NULL ) { + + if (temprdns[0] == NULL) { retval = EINVAL; goto cleanup; } - + realmName = strdup(temprdns[0]); - if( realmName == NULL ) { + if (realmName == NULL) { retval = ENOMEM; goto cleanup; } - if((retval = krb5_ldap_read_realm_params(util_context, - realmName, &rparams, &rmask))) { + if ((retval = krb5_ldap_read_realm_params(util_context, + realmName, &rparams, &rmask))) { com_err(me, retval, "while reading information of realm '%s'", - realmName); + realmName); goto cleanup; } - - if((retval = krb5_ldap_add_service_rights(util_context, - srvparams->servicetype, srvparams->servicedn, - realmName, rparams->subtree, rightsmask))) { + + if ((retval = krb5_ldap_add_service_rights(util_context, + srvparams->servicetype, srvparams->servicedn, + realmName, rparams->subtree, rightsmask))) { printf("failed\n"); com_err(me, retval, "while assigning rights '%s'", - srvparams->servicedn); + srvparams->servicedn); goto cleanup; } - - if( rparams ) + + if (rparams) krb5_ldap_free_realm_params(rparams); } } @@ -460,37 +448,36 @@ err_nomsg: cleanup: - if ((retval != 0) && (service_obj_created == TRUE)) - { - /* This is for deleting the service object if something goes - * wrong in creating the service object - */ + if ((retval != 0) && (service_obj_created == TRUE)) { + /* This is for deleting the service object if something goes + * wrong in creating the service object + */ - /* srvparams is populated from the user input and should be correct as - * we were successful in creating a service object. Reusing the same - */ - krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn); + /* srvparams is populated from the user input and should be correct as + * we were successful in creating a service object. Reusing the same + */ + krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn); } - + /* Clean-up structure */ krb5_ldap_free_service (util_context, srvparams); if (extra_argv) { - free (extra_argv); - extra_argv = NULL; + free (extra_argv); + extra_argv = NULL; } - if ( realmName ) { + if (realmName) { free(realmName); realmName = NULL; } if (print_usage) - db_usage (CREATE_SERVICE); + db_usage (CREATE_SERVICE); if (retval) { - if (!no_msg) - com_err(me, retval, "while creating service object"); + if (!no_msg) + com_err(me, retval, "while creating service object"); - exit_status++; + exit_status++; } return; @@ -502,8 +489,8 @@ cleanup: * object on the LDAP Server */ void kdb5_ldap_modify_service(argc, argv) - int argc; - char *argv[]; + int argc; + char *argv[]; { char *me = argv[0]; krb5_error_code retval = 0; @@ -530,8 +517,8 @@ void kdb5_ldap_modify_service(argc, argv) /* Check for number of arguments */ if ((argc < 3) || (argc > 10)) { - exit_status++; - goto err_usage; + exit_status++; + goto err_usage; } dal_handle = (kdb5_dal_handle *) util_context->db_context; @@ -539,380 +526,366 @@ void kdb5_ldap_modify_service(argc, argv) /* Parse all arguments, only to pick up service DN (Pass 1) */ for (i = 1; i < argc; i++) { - /* Skip arguments next to 'servicehost' - and 'realmdn' arguments */ - if (!strcmp(argv[i], "-servicehost")) { - ++i; - } - else if (!strcmp(argv[i], "-clearservicehost")) { - ++i; - } - else if (!strcmp(argv[i], "-addservicehost")) { - ++i; - } - else if (!strcmp(argv[i], "-realm")) { - ++i; - } - else if (!strcmp(argv[i], "-clearrealm")) { - ++i; - } - else if (!strcmp(argv[i], "-addrealm")) { - ++i; - } - else { /* Any other argument must be service DN */ - /* First check if service DN is already provided -- - if so, there's a usage error */ - if (servicedn != NULL) { - com_err(me, EINVAL, "while modifying service object"); - goto err_usage; - } - - /* If not present already, fill up service DN */ - servicedn = strdup(argv[i]); - if (servicedn == NULL) { - com_err(me, ENOMEM, "while modifying service object"); - goto err_nomsg; - } + /* Skip arguments next to 'servicehost' + and 'realmdn' arguments */ + if (!strcmp(argv[i], "-servicehost")) { + ++i; + } else if (!strcmp(argv[i], "-clearservicehost")) { + ++i; + } else if (!strcmp(argv[i], "-addservicehost")) { + ++i; + } else if (!strcmp(argv[i], "-realm")) { + ++i; + } else if (!strcmp(argv[i], "-clearrealm")) { + ++i; + } else if (!strcmp(argv[i], "-addrealm")) { + ++i; + } else { /* Any other argument must be service DN */ + /* First check if service DN is already provided -- + if so, there's a usage error */ + if (servicedn != NULL) { + com_err(me, EINVAL, "while modifying service object"); + goto err_usage; + } + + /* If not present already, fill up service DN */ + servicedn = strdup(argv[i]); + if (servicedn == NULL) { + com_err(me, ENOMEM, "while modifying service object"); + goto err_nomsg; + } } } /* No point in proceeding further if service DN value is not available */ if (servicedn == NULL) { com_err(me, EINVAL, "while modifying service object"); - goto err_usage; + goto err_usage; } retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask); if (retval) { - com_err(argv[0], retval, "while reading information of service '%s'", + com_err(argv[0], retval, "while reading information of service '%s'", servicedn); - goto err_nomsg; + goto err_nomsg; } /* Read Kerberos container info, to construct realm DN from name * and for assigning rights */ if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)))) { - com_err(me, retval, "while reading Kerberos container information"); - goto cleanup; + &(ldap_context->krbcontainer)))) { + com_err(me, retval, "while reading Kerberos container information"); + goto cleanup; } /* Parse all arguments, but skip the service DN (Pass 2) */ for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-servicehost")) { - if (++i > argc - 1) - goto err_usage; - - /* Free the old list if available */ - if (srvparams->krbhostservers) { - krb5_free_list_entries (srvparams->krbhostservers); - free (srvparams->krbhostservers); - } - - srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES, - sizeof(char *)); - if (srvparams->krbhostservers == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - srvparams->krbhostservers))) { - goto cleanup; - } - - if ((retval = process_host_list (srvparams->krbhostservers, - srvparams->servicetype))) { - goto cleanup; - } - - out_mask |= LDAP_SERVICE_HOSTSERVER; - - /* Set flag to ignore 'add' and 'clear' */ - srvhost_flag = 1; - } - else if (!strcmp(argv[i], "-clearservicehost")) { - if (++i > argc - 1) - goto err_usage; - - if (!srvhost_flag) { - /* If attribute doesn't exist, don't permit 'clear' option */ - if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) { - /* Send out some proper error message here */ + if (!strcmp(argv[i], "-servicehost")) { + if (++i > argc - 1) + goto err_usage; + + /* Free the old list if available */ + if (srvparams->krbhostservers) { + krb5_free_list_entries (srvparams->krbhostservers); + free (srvparams->krbhostservers); + } + + srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES, + sizeof(char *)); + if (srvparams->krbhostservers == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + srvparams->krbhostservers))) { + goto cleanup; + } + + if ((retval = process_host_list (srvparams->krbhostservers, + srvparams->servicetype))) { + goto cleanup; + } + + out_mask |= LDAP_SERVICE_HOSTSERVER; + + /* Set flag to ignore 'add' and 'clear' */ + srvhost_flag = 1; + } else if (!strcmp(argv[i], "-clearservicehost")) { + if (++i > argc - 1) + goto err_usage; + + if (!srvhost_flag) { + /* If attribute doesn't exist, don't permit 'clear' option */ + if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) { + /* Send out some proper error message here */ com_err(me, EINVAL, "service host list is empty\n"); - goto err_nomsg; - } - - /* Allocate list for processing */ - list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (list == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) - goto cleanup; - - if ((retval = process_host_list (list, srvparams->servicetype))) { - goto cleanup; - } - - list_modify_str_array(&(srvparams->krbhostservers), - (const char**)list, LIST_MODE_DELETE); - - out_mask |= LDAP_SERVICE_HOSTSERVER; - - /* Clean up */ - free (list); - list = NULL; - } - } - else if (!strcmp(argv[i], "-addservicehost")) { - if (++i > argc - 1) - goto err_usage; - - if (!srvhost_flag) { - /* Allocate list for processing */ - list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (list == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) - goto cleanup; - - if ((retval = process_host_list (list, srvparams->servicetype))) { - goto cleanup; - } - - /* Call list_modify_str_array() only if host server attribute - * exists already --Actually, it's better to handle this + goto err_nomsg; + } + + /* Allocate list for processing */ + list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (list == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) + goto cleanup; + + if ((retval = process_host_list (list, srvparams->servicetype))) { + goto cleanup; + } + + list_modify_str_array(&(srvparams->krbhostservers), + (const char**)list, LIST_MODE_DELETE); + + out_mask |= LDAP_SERVICE_HOSTSERVER; + + /* Clean up */ + free (list); + list = NULL; + } + } else if (!strcmp(argv[i], "-addservicehost")) { + if (++i > argc - 1) + goto err_usage; + + if (!srvhost_flag) { + /* Allocate list for processing */ + list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (list == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) + goto cleanup; + + if ((retval = process_host_list (list, srvparams->servicetype))) { + goto cleanup; + } + + /* Call list_modify_str_array() only if host server attribute + * exists already --Actually, it's better to handle this * within list_modify_str_array() */ - if (in_mask & LDAP_SERVICE_HOSTSERVER) { - /* Re-size existing list */ - existing_entries = list_count_str_array(srvparams->krbhostservers); - new_entries = list_count_str_array(list); - temp_ptr = (char **) realloc(srvparams->krbhostservers, - sizeof(char *) * (existing_entries + new_entries + 1)); - if (temp_ptr == NULL) { - retval = ENOMEM; - goto cleanup; - } - srvparams->krbhostservers = temp_ptr; - - list_modify_str_array(&(srvparams->krbhostservers), - (const char**)list, LIST_MODE_ADD); - - /* Clean up */ - free (list); - list = NULL; - } - else - srvparams->krbhostservers = list; - - out_mask |= LDAP_SERVICE_HOSTSERVER; - } - } - else if (!strcmp(argv[i], "-realm")) { - if (++i > argc - 1) - goto err_usage; - - if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) { - if (!oldrealmrefs) { - /* Store the old realm list for removing rights */ - oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldrealmrefs == NULL) { - retval = ENOMEM; - goto cleanup; - } - + if (in_mask & LDAP_SERVICE_HOSTSERVER) { + /* Re-size existing list */ + existing_entries = list_count_str_array(srvparams->krbhostservers); + new_entries = list_count_str_array(list); + temp_ptr = (char **) realloc(srvparams->krbhostservers, + sizeof(char *) * (existing_entries + new_entries + 1)); + if (temp_ptr == NULL) { + retval = ENOMEM; + goto cleanup; + } + srvparams->krbhostservers = temp_ptr; + + list_modify_str_array(&(srvparams->krbhostservers), + (const char**)list, LIST_MODE_ADD); + + /* Clean up */ + free (list); + list = NULL; + } else + srvparams->krbhostservers = list; + + out_mask |= LDAP_SERVICE_HOSTSERVER; + } + } else if (!strcmp(argv[i], "-realm")) { + if (++i > argc - 1) + goto err_usage; + + if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) { + if (!oldrealmrefs) { + /* Store the old realm list for removing rights */ + oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldrealmrefs == NULL) { + retval = ENOMEM; + goto cleanup; + } + for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) { - oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); - if (oldrealmrefs[j] == NULL) { + oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); + if (oldrealmrefs[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldrealmrefs[j] = NULL; - } - - /* Free the old list if available */ - krb5_free_list_entries (srvparams->krbrealmreferences); - free (srvparams->krbrealmreferences); - } - - srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES, - sizeof(char *)); - if (srvparams->krbrealmreferences == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, - srvparams->krbrealmreferences))) { - goto cleanup; - } - - /* Convert realm names to realm DNs */ - if ((retval = convert_realm_name2dn_list( - srvparams->krbrealmreferences, - ldap_context->krbcontainer->DN))) { - goto cleanup; - } - - out_mask |= LDAP_SERVICE_REALMREFERENCE; - - /* Set flag to ignore 'add' and 'clear' */ - realmdn_flag = 1; - } - else if (!strcmp(argv[i], "-clearrealm")) { - if (++i > argc - 1) - goto err_usage; - - if (!realmdn_flag) { - /* If attribute doesn't exist, don't permit 'clear' option */ - if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) { - /* Send out some proper error message here */ - goto err_nomsg; - } - - if (!oldrealmrefs) { + } + + /* Free the old list if available */ + krb5_free_list_entries (srvparams->krbrealmreferences); + free (srvparams->krbrealmreferences); + } + + srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES, + sizeof(char *)); + if (srvparams->krbrealmreferences == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, + srvparams->krbrealmreferences))) { + goto cleanup; + } + + /* Convert realm names to realm DNs */ + if ((retval = convert_realm_name2dn_list( + srvparams->krbrealmreferences, + ldap_context->krbcontainer->DN))) { + goto cleanup; + } + + out_mask |= LDAP_SERVICE_REALMREFERENCE; + + /* Set flag to ignore 'add' and 'clear' */ + realmdn_flag = 1; + } else if (!strcmp(argv[i], "-clearrealm")) { + if (++i > argc - 1) + goto err_usage; + + if (!realmdn_flag) { + /* If attribute doesn't exist, don't permit 'clear' option */ + if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) { + /* Send out some proper error message here */ + goto err_nomsg; + } + + if (!oldrealmrefs) { /* Store the old realm list for removing rights */ - oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldrealmrefs == NULL) { - retval = ENOMEM; - goto cleanup; - } + oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldrealmrefs == NULL) { + retval = ENOMEM; + goto cleanup; + } for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) { - oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); - if (oldrealmrefs[j] == NULL) { - retval = ENOMEM; - goto cleanup; - } + oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); + if (oldrealmrefs[j] == NULL) { + retval = ENOMEM; + goto cleanup; + } } oldrealmrefs[j] = NULL; - } - - /* Allocate list for processing */ - list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (list == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) - goto cleanup; - - /* Convert realm names to realm DNs */ - if ((retval = convert_realm_name2dn_list(list, - ldap_context->krbcontainer->DN))) { - goto cleanup; - } - - list_modify_str_array(&(srvparams->krbrealmreferences), - (const char**)list, LIST_MODE_DELETE); - - out_mask |= LDAP_SERVICE_REALMREFERENCE; - - /* Clean up */ - free (list); - list = NULL; - } - } - else if (!strcmp(argv[i], "-addrealm")) { - if (++i > argc - 1) - goto err_usage; - - if (!realmdn_flag) { - /* Allocate list for processing */ - list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (list == NULL) { - retval = ENOMEM; - goto cleanup; - } - - if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) - goto cleanup; - - /* Convert realm names to realm DNs */ - if ((retval = convert_realm_name2dn_list(list, - ldap_context->krbcontainer->DN))) { - goto cleanup; - } - - if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) { + } + + /* Allocate list for processing */ + list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (list == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) + goto cleanup; + + /* Convert realm names to realm DNs */ + if ((retval = convert_realm_name2dn_list(list, + ldap_context->krbcontainer->DN))) { + goto cleanup; + } + + list_modify_str_array(&(srvparams->krbrealmreferences), + (const char**)list, LIST_MODE_DELETE); + + out_mask |= LDAP_SERVICE_REALMREFERENCE; + + /* Clean up */ + free (list); + list = NULL; + } + } else if (!strcmp(argv[i], "-addrealm")) { + if (++i > argc - 1) + goto err_usage; + + if (!realmdn_flag) { + /* Allocate list for processing */ + list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (list == NULL) { + retval = ENOMEM; + goto cleanup; + } + + if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) + goto cleanup; + + /* Convert realm names to realm DNs */ + if ((retval = convert_realm_name2dn_list(list, + ldap_context->krbcontainer->DN))) { + goto cleanup; + } + + if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) { /* Store the old realm list for removing rights */ - oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); - if (oldrealmrefs == NULL) { - retval = ENOMEM; - goto cleanup; - } + oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); + if (oldrealmrefs == NULL) { + retval = ENOMEM; + goto cleanup; + } for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) { - oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); - if (oldrealmrefs[j] == NULL) { + oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); + if (oldrealmrefs[j] == NULL) { retval = ENOMEM; goto cleanup; - } + } } oldrealmrefs[j] = NULL; - } + } - /* Call list_modify_str_array() only if realm DN attribute - * exists already -- Actually, it's better to handle this + /* Call list_modify_str_array() only if realm DN attribute + * exists already -- Actually, it's better to handle this * within list_modify_str_array() */ - if (in_mask & LDAP_SERVICE_REALMREFERENCE) { - /* Re-size existing list */ - existing_entries = list_count_str_array( - srvparams->krbrealmreferences); - new_entries = list_count_str_array(list); - temp_ptr = (char **) realloc(srvparams->krbrealmreferences, - sizeof(char *) * (existing_entries + new_entries + 1)); - if (temp_ptr == NULL) { - retval = ENOMEM; - goto cleanup; - } - srvparams->krbrealmreferences = temp_ptr; - - list_modify_str_array(&(srvparams->krbrealmreferences), - (const char**)list, LIST_MODE_ADD); - - /* Clean up */ - free (list); - list = NULL; - } - else - srvparams->krbrealmreferences = list; - - out_mask |= LDAP_SERVICE_REALMREFERENCE; - } - } - else { - /* Any other argument must be service DN - -- skip it */ - } + if (in_mask & LDAP_SERVICE_REALMREFERENCE) { + /* Re-size existing list */ + existing_entries = list_count_str_array( + srvparams->krbrealmreferences); + new_entries = list_count_str_array(list); + temp_ptr = (char **) realloc(srvparams->krbrealmreferences, + sizeof(char *) * (existing_entries + new_entries + 1)); + if (temp_ptr == NULL) { + retval = ENOMEM; + goto cleanup; + } + srvparams->krbrealmreferences = temp_ptr; + + list_modify_str_array(&(srvparams->krbrealmreferences), + (const char**)list, LIST_MODE_ADD); + + /* Clean up */ + free (list); + list = NULL; + } else + srvparams->krbrealmreferences = list; + + out_mask |= LDAP_SERVICE_REALMREFERENCE; + } + } else { + /* Any other argument must be service DN + -- skip it */ + } } /* Modify attributes of object */ if ((retval = krb5_ldap_modify_service(util_context, srvparams, out_mask))) - goto cleanup; + goto cleanup; /* Service rights modification code */ if (out_mask & LDAP_SERVICE_REALMREFERENCE) { printf("%s","Changing rights for the service object. Please wait ... "); fflush(stdout); - + newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*)); if (newrealmrefs == NULL) { retval = ENOMEM; goto cleanup; } - + if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) { for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) { newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]); @@ -924,9 +897,9 @@ void kdb5_ldap_modify_service(argc, argv) newrealmrefs[j] = NULL; } disjoint_members(oldrealmrefs, newrealmrefs); - - /* Delete the rights for the given service, on each of the realm - * container & subtree in the old realm reference list. + + /* Delete the rights for the given service, on each of the realm + * container & subtree in the old realm reference list. */ if (oldrealmrefs) { rightsmask = 0; @@ -936,89 +909,89 @@ void kdb5_ldap_modify_service(argc, argv) for (i = 0; (oldrealmrefs[i] != NULL); i++) { /* Get the realm name, not the dn */ temprdns = ldap_explode_dn(oldrealmrefs[i], 1); - + if (temprdns[0] == NULL) { retval = EINVAL; goto cleanup; } - + realmName = strdup(temprdns[0]); if (realmName == NULL) { retval = ENOMEM; goto cleanup; } - if ((retval = krb5_ldap_read_realm_params(util_context, - realmName, &rparams, &rmask))) { + if ((retval = krb5_ldap_read_realm_params(util_context, + realmName, &rparams, &rmask))) { com_err(me, retval, "while reading information of realm '%s'", - realmName); + realmName); goto err_nomsg; } - + if ((retval = krb5_ldap_delete_service_rights(util_context, - srvparams->servicetype, srvparams->servicedn, - realmName, rparams->subtree, rightsmask))) { + srvparams->servicetype, srvparams->servicedn, + realmName, rparams->subtree, rightsmask))) { printf("failed\n"); com_err(me, retval, "while assigning rights '%s'", - srvparams->servicedn); + srvparams->servicedn); goto err_nomsg; } - + if (rparams) krb5_ldap_free_realm_params(rparams); } } - - /* Add the rights for the given service, on each of the realm + + /* Add the rights for the given service, on each of the realm * container & subtree in the new realm reference list. */ if (newrealmrefs) { rightsmask = 0; rightsmask |= LDAP_REALM_RIGHTS; rightsmask |= LDAP_SUBTREE_RIGHTS; - + for (i = 0; (newrealmrefs[i] != NULL); i++) { /* Get the realm name, not the dn */ temprdns = ldap_explode_dn(newrealmrefs[i], 1); - + if (temprdns[0] == NULL) { retval = EINVAL; goto cleanup; } - + realmName = strdup(temprdns[0]); if (realmName == NULL) { retval = ENOMEM; goto cleanup; } - - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)))) { - com_err(me, retval, - "while reading Kerberos container information"); + + if ((retval = krb5_ldap_read_krbcontainer_params(util_context, + &(ldap_context->krbcontainer)))) { + com_err(me, retval, + "while reading Kerberos container information"); goto cleanup; } - if ((retval = krb5_ldap_read_realm_params(util_context, - realmName, &rparams, &rmask))) { + if ((retval = krb5_ldap_read_realm_params(util_context, + realmName, &rparams, &rmask))) { com_err(me, retval, "while reading information of realm '%s'", - realmName); + realmName); goto err_nomsg; } - - if ((retval = krb5_ldap_add_service_rights(util_context, - srvparams->servicetype, srvparams->servicedn, - realmName, rparams->subtree, rightsmask))) { + + if ((retval = krb5_ldap_add_service_rights(util_context, + srvparams->servicetype, srvparams->servicedn, + realmName, rparams->subtree, rightsmask))) { printf("failed\n"); - com_err(me, retval, "while assigning rights '%s'", - srvparams->servicedn); + com_err(me, retval, "while assigning rights '%s'", + srvparams->servicedn); goto err_nomsg; } - + if (rparams) { krb5_ldap_free_realm_params(rparams); - rparams = NULL; - } + rparams = NULL; + } } printf("done\n"); } @@ -1036,11 +1009,11 @@ cleanup: krb5_ldap_free_service(util_context, srvparams); if (servicedn) - free(servicedn); + free(servicedn); if (list) { - free(list); - list = NULL; + free(list); + list = NULL; } if (oldrealmrefs) { @@ -1055,17 +1028,17 @@ cleanup: free(newrealmrefs); } if (realmName) { - free(realmName); - realmName = NULL; + free(realmName); + realmName = NULL; } if (print_usage) - db_usage(MODIFY_SERVICE); + db_usage(MODIFY_SERVICE); if (retval) { - if (!no_msg) - com_err(me, retval, "while modifying service object"); - exit_status++; + if (!no_msg) + com_err(me, retval, "while modifying service object"); + exit_status++; } return; @@ -1078,10 +1051,10 @@ cleanup: */ static krb5_error_code rem_service_entry_from_file(argc, argv, file_name, service_object) -int argc; -char *argv[]; -char *file_name; -char *service_object; + int argc; + char *argv[]; + char *file_name; + char *service_object; { int st = EINVAL; char *me = argv[0]; @@ -1095,17 +1068,16 @@ char *service_object; /* Check for permissions on the password file */ if (access(file_name, W_OK) == -1) { /* If the specified file itself is not there, no need to show error */ - if (errno == ENOENT) { + if (errno == ENOENT) { st=0; goto cleanup; - } - else { + } else { com_err(me, errno, "while deleting entry from file %s", file_name); goto cleanup; } } - - /* Create a temporary file which contains all the entries except the + + /* Create a temporary file which contains all the entries except the entry for the given service dn */ pfile = fopen(file_name, "r+"); if (pfile == NULL) { @@ -1121,7 +1093,7 @@ char *service_object; goto cleanup; } snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp"); - + tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR); umask(omask); @@ -1130,14 +1102,13 @@ char *service_object; fclose(pfile); goto cleanup; } - + /* Copy only those lines which donot have the specified service dn */ - while(fgets(line, MAX_LEN, pfile) != NULL) { - if (( strstr(line, service_object) != NULL ) && - ( line[strlen(service_object)] == '#')) { + while (fgets(line, MAX_LEN, pfile) != NULL) { + if ((strstr(line, service_object) != NULL) && + (line[strlen(service_object)] == '#')) { continue; - } - else { + } else { len = strlen(line); if (write(tmpfd, line, len) != len) { com_err(me, errno, "while deleting entry from file\n"); @@ -1148,21 +1119,20 @@ char *service_object; } } } - + fclose(pfile); if (unlink(file_name) == 0) { link(tmp_file, file_name); - } - else { + } else { com_err(me, errno, "while deleting entry from file\n"); } unlink(tmp_file); - + st=0; - cleanup: - - if(tmp_file) +cleanup: + + if (tmp_file) free(tmp_file); return st; @@ -1173,7 +1143,7 @@ char *service_object; * This function will delete the service object from the LDAP Server * and unlink the references to the Realm objects (if any) */ -void +void kdb5_ldap_destroy_service(argc, argv) int argc; char *argv[]; @@ -1189,47 +1159,43 @@ kdb5_ldap_destroy_service(argc, argv) krb5_boolean print_usage = FALSE; if ((argc < 2) || (argc > 5)) { - exit_status++; + exit_status++; goto err_usage; } - for( i=1; i < argc; i++) { - - if(strcmp(argv[i],"-force")==0) { + for (i=1; i < argc; i++) { + + if (strcmp(argv[i],"-force")==0) { force++; - } - else if(strcmp(argv[i],"-f")==0) { - if(argv[i+1]) { + } else if (strcmp(argv[i],"-f")==0) { + if (argv[i+1]) { stashfilename=strdup(argv[i+1]); - if(stashfilename == NULL) { + if (stashfilename == NULL) { com_err(argv[0], ENOMEM, "while destroying service"); exit_status++; goto cleanup; } i++; - } - else { + } else { exit_status++; goto err_usage; } - } - else { - if((argv[i]) && ( servicedn == NULL) ){ + } else { + if ((argv[i]) && (servicedn == NULL)) { servicedn=strdup(argv[i]); - if(servicedn == NULL) { + if (servicedn == NULL) { com_err(argv[0], ENOMEM, "while destroying service"); exit_status++; goto cleanup; } - } - else { + } else { exit_status++; goto err_usage; } } } - if(!servicedn) { + if (!servicedn) { exit_status++; goto err_usage; } @@ -1238,66 +1204,66 @@ kdb5_ldap_destroy_service(argc, argv) printf("This will delete the service object '%s', are you sure?\n", servicedn); printf("(type 'yes' to confirm)? "); if (fgets(buf, sizeof(buf), stdin) == NULL) { - exit_status++; + exit_status++; goto cleanup;; } if (strcmp(buf, yes)) { - exit_status++; + exit_status++; goto cleanup; } } - if ((retval = krb5_ldap_read_service( util_context, servicedn, - &lserparams, &mask))) { - com_err(argv[0], retval, "while destroying service '%s'",servicedn ); - exit_status++; + if ((retval = krb5_ldap_read_service(util_context, servicedn, + &lserparams, &mask))) { + com_err(argv[0], retval, "while destroying service '%s'",servicedn); + exit_status++; goto cleanup; } retval = krb5_ldap_delete_service(util_context, lserparams, servicedn); if (retval) { - com_err(argv[0], retval, "while destroying service '%s'", servicedn); - exit_status++; + com_err(argv[0], retval, "while destroying service '%s'", servicedn); + exit_status++; goto cleanup; } - - if(stashfilename == NULL) { + + if (stashfilename == NULL) { stashfilename = strdup(DEF_SERVICE_PASSWD_FILE); - if(stashfilename == NULL) { + if (stashfilename == NULL) { com_err(argv[0], ENOMEM, "while destroying service"); exit_status++; goto cleanup; } } printf("** service object '%s' deleted.\n", servicedn); - retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn ); - - if(retval) + retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn); + + if (retval) printf("** error removing service object entry '%s' from password file.\n", - servicedn); - + servicedn); + goto cleanup; - - - err_usage: + + +err_usage: print_usage = TRUE; - - cleanup: - if(lserparams) { +cleanup: + + if (lserparams) { krb5_ldap_free_service(util_context, lserparams); } - if(servicedn) { + if (servicedn) { free(servicedn); } - - if(stashfilename) { + + if (stashfilename) { free(stashfilename); } - - if(print_usage) { + + if (print_usage) { db_usage(DESTROY_SERVICE); } @@ -1319,49 +1285,49 @@ void kdb5_ldap_view_service(argc, argv) krb5_boolean print_usage = FALSE; if (!(argc == 2)) { - exit_status++; + exit_status++; goto err_usage; } - + servicedn=strdup(argv[1]); - if(servicedn == NULL) { + if (servicedn == NULL) { com_err(argv[0], ENOMEM, "while viewing service"); exit_status++; goto cleanup; } - - if ((retval = krb5_ldap_read_service( util_context, servicedn, &lserparams, &mask))) { - com_err(argv[0], retval, "while viewing service '%s'",servicedn ); - exit_status++; - goto cleanup; + + if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) { + com_err(argv[0], retval, "while viewing service '%s'",servicedn); + exit_status++; + goto cleanup; } - + print_service_params(lserparams, mask); goto cleanup; - err_usage: +err_usage: print_usage = TRUE; - cleanup: +cleanup: - if(lserparams) { + if (lserparams) { krb5_ldap_free_service(util_context, lserparams); } - if(servicedn) + if (servicedn) free(servicedn); - if(print_usage) { + if (print_usage) { db_usage(VIEW_SERVICE); } - + return; } /* - * This function will list the DNs of kerberos services present on + * This function will list the DNs of kerberos services present on * the LDAP Server under a specific sub-tree (entire tree by default) */ void kdb5_ldap_list_services(argc, argv) @@ -1377,33 +1343,33 @@ void kdb5_ldap_list_services(argc, argv) /* Check for number of arguments */ if ((argc != 1) && (argc != 3)) { - exit_status++; + exit_status++; goto err_usage; } /* Parse base DN argument if present */ if (argc == 3) { - if (strcmp(argv[1], "-basedn")) { - retval = EINVAL; - goto err_usage; - } + if (strcmp(argv[1], "-basedn")) { + retval = EINVAL; + goto err_usage; + } - basedn = strdup(argv[2]); - if (basedn == NULL) { - com_err(me, ENOMEM, "while listing services"); - exit_status++; - goto cleanup; - } + basedn = strdup(argv[2]); + if (basedn == NULL) { + com_err(me, ENOMEM, "while listing services"); + exit_status++; + goto cleanup; + } } retval = krb5_ldap_list_services(util_context, basedn, &list); - if((retval != 0) || (list == NULL)) { - exit_status++; - goto cleanup; + if ((retval != 0) || (list == NULL)) { + exit_status++; + goto cleanup; } - - for(plist = list; *plist != NULL; plist++) { - printf("%s\n", *plist); + + for (plist = list; *plist != NULL; plist++) { + printf("%s\n", *plist); } goto cleanup; @@ -1413,22 +1379,22 @@ err_usage: cleanup: if (list != NULL) { - krb5_free_list_entries (list); - free (list); + krb5_free_list_entries (list); + free (list); } if (basedn) free (basedn); if (print_usage) { - db_usage(LIST_SERVICE); + db_usage(LIST_SERVICE); } if (retval) { - com_err(me, retval, "while listing policy objects"); - exit_status++; + com_err(me, retval, "while listing policy objects"); + exit_status++; } - + return; } @@ -1448,97 +1414,91 @@ print_service_params(lserparams, mask) printf("%20s%-20s\n","Service dn: ",lserparams->servicedn); /* Print the service type of the object to be read */ - if( lserparams->servicetype == LDAP_KDC_SERVICE ) { + if (lserparams->servicetype == LDAP_KDC_SERVICE) { printf("%20s%-20s\n","Service type: ","kdc"); - } - else if( lserparams->servicetype == LDAP_ADMIN_SERVICE ) { + } else if (lserparams->servicetype == LDAP_ADMIN_SERVICE) { printf("%20s%-20s\n","Service type: ","admin"); - } - else if( lserparams->servicetype == LDAP_PASSWD_SERVICE ) { + } else if (lserparams->servicetype == LDAP_PASSWD_SERVICE) { printf("%20s%-20s\n","Service type: ","pwd"); } /* Print the host server values */ printf("%20s\n","Service host list: "); - if ( mask & LDAP_SERVICE_HOSTSERVER ) { - for ( i=0; lserparams->krbhostservers[i] != NULL; ++i ) { + if (mask & LDAP_SERVICE_HOSTSERVER) { + for (i=0; lserparams->krbhostservers[i] != NULL; ++i) { printf("%20s%-50s\n","",lserparams->krbhostservers[i]); } } /* Print the realm reference dn values */ printf("%20s\n","Realm DN list: "); - if ( mask & LDAP_SERVICE_REALMREFERENCE ) { - for ( i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i ) { + if (mask & LDAP_SERVICE_REALMREFERENCE) { + for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) { printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]); } } - + return; } /* - * This function will generate random password of length(RANDOM_PASSWD_LEN) - * + * This function will generate random password of length(RANDOM_PASSWD_LEN) + * * * INPUT: * ctxt - context * * OUTPUT: - * RANDOM_PASSWD_LEN length random password + * RANDOM_PASSWD_LEN length random password */ static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned int *passlen) { - char *random_pwd = NULL; - int ret = 0; - krb5_data data; - int i=0; - /*int len = 0;*/ - - /* setting random password length in the range 16-32 */ - srand((unsigned int)(time(0) ^ getpid())); - - data.length = RANDOM_PASSWD_LEN; - random_pwd = (char *)malloc(data.length + 1); - if (random_pwd == NULL) { - com_err("setsrvpw", ENOMEM, "while generating random password"); - return ENOMEM; - } - memset(random_pwd, 0, data.length + 1); - data.data = random_pwd; - - ret = krb5_c_random_make_octets(ctxt, &data); - if(ret) { - com_err("setsrvpw", ret, "Error generating random password"); - free(random_pwd); - return ret; - } - - for (i=0; i 127) - { - random_pwd[i] = (unsigned char)random_pwd[i] % 128; - } - else if (random_pwd[i] == 0) - { - random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1; - } + char *random_pwd = NULL; + int ret = 0; + krb5_data data; + int i=0; + /*int len = 0;*/ + + /* setting random password length in the range 16-32 */ + srand((unsigned int)(time(0) ^ getpid())); + + data.length = RANDOM_PASSWD_LEN; + random_pwd = (char *)malloc(data.length + 1); + if (random_pwd == NULL) { + com_err("setsrvpw", ENOMEM, "while generating random password"); + return ENOMEM; + } + memset(random_pwd, 0, data.length + 1); + data.data = random_pwd; + + ret = krb5_c_random_make_octets(ctxt, &data); + if (ret) { + com_err("setsrvpw", ret, "Error generating random password"); + free(random_pwd); + return ret; + } + + for (i=0; i 127) { + random_pwd[i] = (unsigned char)random_pwd[i] % 128; + } else if (random_pwd[i] == 0) { + random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1; } + } - *randpwd = random_pwd; - *passlen = data.length; + *randpwd = random_pwd; + *passlen = data.length; return 0; } /* - * This function will set the password of the service object in the directory + * This function will set the password of the service object in the directory * and/or the specified service password file. - * + * * * INPUT: * argc - contains the number of arguments for this sub-command @@ -1575,8 +1535,8 @@ kdb5_ldap_set_service_password(argc, argv) kdb5_dal_handle *dal_handle = NULL; struct data encrypted_passwd = {0, NULL}; - /* The arguments for setsrv password should contain the service object DN - * and options to specify whether the password should be updated in file only + /* The arguments for setsrv password should contain the service object DN + * and options to specify whether the password should be updated in file only * or both file and directory. So the possible combination of arguments are: * setsrvpw servicedn wherein argc is 2 * setsrvpw -fileonly servicedn wherein argc is 3 @@ -1586,219 +1546,213 @@ kdb5_ldap_set_service_password(argc, argv) * setsrvpw -randpw -f filename servicedn wherein argc is 5 */ if ((argc < 2) || (argc > 5)) { - print_usage = TRUE; - goto cleanup; + print_usage = TRUE; + goto cleanup; } dal_handle = (kdb5_dal_handle *)util_context->db_context; lparams = (krb5_ldap_context *) dal_handle->db_context; if (lparams == NULL) { - printf("%s: Invalid LDAP handle\n", me); - goto cleanup; + printf("%s: Invalid LDAP handle\n", me); + goto cleanup; } - /* Parse the arguments */ - for(i = 1; i < argc -1 ; i++) { - if (strcmp(argv[i], "-randpw") == 0) { - random_passwd = 1; - } - else if (strcmp(argv[i], "-fileonly") == 0) { - set_dir_pwd = 0; - } - else if (strcmp(argv[i], "-f") == 0) { - if (argv[++i] == NULL) { - print_usage = TRUE; - goto cleanup; - } - - file_name = strdup(argv[i]); - if (file_name == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; - } - /* Verify if the file location has the proper file name - * for eg, if the file location is a directory like /home/temp/, - * we reject it. - */ - filelen = strlen(file_name); - if ((filelen == 0) || (file_name[filelen-1] == '/')) { - printf("%s: Filename not specified for setting service object password\n", me); - print_usage = TRUE; - goto cleanup; - } - } - else { - printf("%s: Invalid option specified for \"setsrvpw\" command\n", me); - print_usage = TRUE; - goto cleanup; - } + /* Parse the arguments */ + for (i = 1; i < argc -1 ; i++) { + if (strcmp(argv[i], "-randpw") == 0) { + random_passwd = 1; + } else if (strcmp(argv[i], "-fileonly") == 0) { + set_dir_pwd = 0; + } else if (strcmp(argv[i], "-f") == 0) { + if (argv[++i] == NULL) { + print_usage = TRUE; + goto cleanup; + } + + file_name = strdup(argv[i]); + if (file_name == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; + } + /* Verify if the file location has the proper file name + * for eg, if the file location is a directory like /home/temp/, + * we reject it. + */ + filelen = strlen(file_name); + if ((filelen == 0) || (file_name[filelen-1] == '/')) { + printf("%s: Filename not specified for setting service object password\n", me); + print_usage = TRUE; + goto cleanup; + } + } else { + printf("%s: Invalid option specified for \"setsrvpw\" command\n", me); + print_usage = TRUE; + goto cleanup; + } } if (i != argc-1) { - print_usage = TRUE; - goto cleanup; + print_usage = TRUE; + goto cleanup; } - + service_object = strdup(argv[i]); if (service_object == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; } if (strlen(service_object) == 0) { - printf("%s: Service object not specified for \"setsrvpw\" command\n", me); - print_usage = TRUE; - goto cleanup; + printf("%s: Service object not specified for \"setsrvpw\" command\n", me); + print_usage = TRUE; + goto cleanup; } if (service_object[0] == '-') { - print_usage = TRUE; - goto cleanup; + print_usage = TRUE; + goto cleanup; } if (file_name == NULL) { - file_name = strdup(DEF_SERVICE_PASSWD_FILE); - if (file_name == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; - } + file_name = strdup(DEF_SERVICE_PASSWD_FILE); + if (file_name == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; + } } if (set_dir_pwd) { - if ( db_inited == FALSE ) { - if ((errcode = krb5_ldap_db_init(util_context, lparams))) { - com_err(me, errcode, "while initializing database"); - goto cleanup; - } - db_init_local = TRUE; - } - } - + if (db_inited == FALSE) { + if ((errcode = krb5_ldap_db_init(util_context, lparams))) { + com_err(me, errcode, "while initializing database"); + goto cleanup; + } + db_init_local = TRUE; + } + } + if (random_passwd) { - if (!set_dir_pwd) { - printf("%s: Invalid option specified for \"setsrvpw\" command\n", me); - print_usage = TRUE; - goto cleanup; - } - else { - /* Generate random password */ - - if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) { - printf("%s: Failed to set service object password\n", me); - goto cleanup; - } - passwd_len = strlen(passwd); - } - } - else { - /* Get the service object password from the terminal */ - passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1); - if (passwd == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; - } - memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1); - passwd_len = MAX_SERVICE_PASSWD_LEN; - - len = strlen(service_object); - /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */ - prompt1 = (char *)malloc(len + 20); - if (prompt1 == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; - } - sprintf(prompt1, "Password for \"%s\"", service_object); - - /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */ - prompt2 = (char *)malloc(len + 30); - if (prompt2 == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - free(prompt1); - goto cleanup; - } - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); - - retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); - free(prompt1); - free(prompt2); - if (retval) { - com_err(me, retval, "while setting service object password"); - memset(passwd, 0, MAX_SERVICE_PASSWD_LEN); - goto cleanup; - } - if (passwd_len == 0) { - printf("%s: Invalid password\n", me); - memset(passwd, 0, MAX_SERVICE_PASSWD_LEN); - goto cleanup; - } - passwd_len = strlen(passwd); + if (!set_dir_pwd) { + printf("%s: Invalid option specified for \"setsrvpw\" command\n", me); + print_usage = TRUE; + goto cleanup; + } else { + /* Generate random password */ + + if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) { + printf("%s: Failed to set service object password\n", me); + goto cleanup; + } + passwd_len = strlen(passwd); + } + } else { + /* Get the service object password from the terminal */ + passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1); + if (passwd == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; + } + memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1); + passwd_len = MAX_SERVICE_PASSWD_LEN; + + len = strlen(service_object); + /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */ + prompt1 = (char *)malloc(len + 20); + if (prompt1 == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; + } + sprintf(prompt1, "Password for \"%s\"", service_object); + + /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */ + prompt2 = (char *)malloc(len + 30); + if (prompt2 == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + free(prompt1); + goto cleanup; + } + sprintf(prompt2, "Re-enter password for \"%s\"", service_object); + + retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); + free(prompt1); + free(prompt2); + if (retval) { + com_err(me, retval, "while setting service object password"); + memset(passwd, 0, MAX_SERVICE_PASSWD_LEN); + goto cleanup; + } + if (passwd_len == 0) { + printf("%s: Invalid password\n", me); + memset(passwd, 0, MAX_SERVICE_PASSWD_LEN); + goto cleanup; + } + passwd_len = strlen(passwd); } /* Hex the password */ { - krb5_data pwd, hex; - pwd.length = passwd_len; - pwd.data = passwd; - - errcode = tohex(pwd, &hex); - if (errcode != 0) { - if(hex.length != 0) { - memset(hex.data, 0, hex.length); - free(hex.data); - } - com_err(me, errcode, "Failed to convert the password to hex"); - memset(passwd, 0, passwd_len); - goto cleanup; - } - /* Password = {CRYPT}: */ - encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + + krb5_data pwd, hex; + pwd.length = passwd_len; + pwd.data = passwd; + + errcode = tohex(pwd, &hex); + if (errcode != 0) { + if (hex.length != 0) { + memset(hex.data, 0, hex.length); + free(hex.data); + } + com_err(me, errcode, "Failed to convert the password to hex"); + memset(passwd, 0, passwd_len); + goto cleanup; + } + /* Password = {CRYPT}: */ + encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + 1 + 5 + hex.length + 2); - if (encrypted_passwd.value == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - memset(passwd, 0, passwd_len); - memset(hex.data, 0, hex.length); - free(hex.data); - goto cleanup; - } - encrypted_passwd.value[strlen(service_object) + + if (encrypted_passwd.value == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + memset(passwd, 0, passwd_len); + memset(hex.data, 0, hex.length); + free(hex.data); + goto cleanup; + } + encrypted_passwd.value[strlen(service_object) + 1 + 5 + hex.length + 1] = '\0'; - sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data); - encrypted_passwd.len = strlen((char *)encrypted_passwd.value); - memset(hex.data, 0, hex.length); - free(hex.data); + sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data); + encrypted_passwd.len = strlen((char *)encrypted_passwd.value); + memset(hex.data, 0, hex.length); + free(hex.data); } /* We should check if the file exists and we have permission to write into that file */ if (access(file_name, W_OK) == -1) { - if (errno == ENOENT) { - mode_t omask; - int fd = -1; - - printf("File does not exist. Creating the file %s...\n", file_name ); - omask = umask(077); - fd = creat(file_name, S_IRUSR|S_IWUSR); - umask(omask); - if (fd == -1) { - com_err(me, errno, "Error creating file %s", file_name); - memset(passwd, 0, passwd_len); - goto cleanup; + if (errno == ENOENT) { + mode_t omask; + int fd = -1; + + printf("File does not exist. Creating the file %s...\n", file_name); + omask = umask(077); + fd = creat(file_name, S_IRUSR|S_IWUSR); + umask(omask); + if (fd == -1) { + com_err(me, errno, "Error creating file %s", file_name); + memset(passwd, 0, passwd_len); + goto cleanup; } - close(fd); - } - else { - com_err(me, errno, "Unable to access the file %s", file_name); - memset(passwd, 0, passwd_len); - goto cleanup; - } + close(fd); + } else { + com_err(me, errno, "Unable to access the file %s", file_name); + memset(passwd, 0, passwd_len); + goto cleanup; + } } if (set_dir_pwd) { - if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) { - com_err(me, errcode, "Failed to set password for service object %s", service_object); - memset(passwd, 0, passwd_len); - goto cleanup; - } + if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) { + com_err(me, errcode, "Failed to set password for service object %s", service_object); + memset(passwd, 0, passwd_len); + goto cleanup; + } } memset(passwd, 0, passwd_len); @@ -1808,129 +1762,125 @@ kdb5_ldap_set_service_password(argc, argv) /* set password in the file */ pfile = fopen(file_name, "r+"); if (pfile == NULL) { - com_err(me, errno, "Failed to open file %s", file_name); - goto cleanup; + com_err(me, errno, "Failed to open file %s", file_name); + goto cleanup; } - while(fgets(line, MAX_LEN, pfile) != NULL) { - if ((str = strstr(line, service_object)) != NULL) { - if(line[strlen(service_object)] == '#') { - break; - } - str = NULL; - } + while (fgets(line, MAX_LEN, pfile) != NULL) { + if ((str = strstr(line, service_object)) != NULL) { + if (line[strlen(service_object)] == '#') { + break; + } + str = NULL; + } } if (str == NULL) { - if(feof(pfile)) { - /* If the service object dn is not present in the service password file */ - if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) { - com_err(me, errno, "Failed to write service object password to file"); - goto cleanup; - } - } - else { - com_err(me, errno, "Error reading service object password file"); - goto cleanup; - } - fclose(pfile); - pfile = NULL; - } - else { - /* Password entry for the service object is already present in the file */ - /* Delete the existing entry and add the new entry */ - FILE *newfile = NULL; - mode_t omask; - - /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { - com_err(me, ENOMEM, "while setting service object password"); - goto cleanup; - } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); - - omask = umask(077); - newfile = fopen(tmp_file, "w+"); - umask(omask); - if (newfile == NULL) { - com_err(me, errno, "Error creating file %s", tmp_file); - goto cleanup; - } - - - fseek(pfile, 0, SEEK_SET); - while(fgets(line, MAX_LEN, pfile) != NULL) { - if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) { - if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) { - com_err(me, errno, "Failed to write service object password to file"); - fclose(newfile); - unlink(tmp_file); - goto cleanup; - } - } - else { - len = strlen(line); - if (fprintf(newfile, "%s", line) < 0) { - com_err(me, errno, "Failed to write service object password to file"); - fclose(newfile); - unlink(tmp_file); - goto cleanup; - } - } - } - - if(!feof(pfile)) { - com_err(me, errno, "Error reading service object password file"); - fclose(newfile); - unlink(tmp_file); - goto cleanup; - } - - /* TODO: file lock for the service password file */ - fclose(pfile); - pfile = NULL; + if (feof(pfile)) { + /* If the service object dn is not present in the service password file */ + if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) { + com_err(me, errno, "Failed to write service object password to file"); + goto cleanup; + } + } else { + com_err(me, errno, "Error reading service object password file"); + goto cleanup; + } + fclose(pfile); + pfile = NULL; + } else { + /* Password entry for the service object is already present in the file */ + /* Delete the existing entry and add the new entry */ + FILE *newfile = NULL; + mode_t omask; + + /* Create a new file with the extension .tmp */ + tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); + if (tmp_file == NULL) { + com_err(me, ENOMEM, "while setting service object password"); + goto cleanup; + } + sprintf(tmp_file,"%s.%s",file_name,"tmp"); + + omask = umask(077); + newfile = fopen(tmp_file, "w+"); + umask(omask); + if (newfile == NULL) { + com_err(me, errno, "Error creating file %s", tmp_file); + goto cleanup; + } + + + fseek(pfile, 0, SEEK_SET); + while (fgets(line, MAX_LEN, pfile) != NULL) { + if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) { + if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) { + com_err(me, errno, "Failed to write service object password to file"); + fclose(newfile); + unlink(tmp_file); + goto cleanup; + } + } else { + len = strlen(line); + if (fprintf(newfile, "%s", line) < 0) { + com_err(me, errno, "Failed to write service object password to file"); + fclose(newfile); + unlink(tmp_file); + goto cleanup; + } + } + } + + if (!feof(pfile)) { + com_err(me, errno, "Error reading service object password file"); + fclose(newfile); + unlink(tmp_file); + goto cleanup; + } + + /* TODO: file lock for the service password file */ + fclose(pfile); + pfile = NULL; fclose(newfile); - newfile = NULL; - - if (unlink(file_name) == 0) { - link(tmp_file, file_name); - } - else { - com_err(me, errno, "Failed to write service object password to file"); - unlink(tmp_file); - goto cleanup; - } - unlink(tmp_file); + newfile = NULL; + + if (unlink(file_name) == 0) { + link(tmp_file, file_name); + } else { + com_err(me, errno, "Failed to write service object password to file"); + unlink(tmp_file); + goto cleanup; + } + unlink(tmp_file); } errcode = 0; - + cleanup: if (db_init_local) - krb5_ldap_close(util_context); + krb5_ldap_close(util_context); if (service_object) - free(service_object); - + free(service_object); + if (file_name) - free(file_name); + free(file_name); if (passwd) - free(passwd); + free(passwd); if (encrypted_passwd.value) { - memset(encrypted_passwd.value, 0, encrypted_passwd.len); - free(encrypted_passwd.value); + memset(encrypted_passwd.value, 0, encrypted_passwd.len); + free(encrypted_passwd.value); } if (pfile) - fclose(pfile); + fclose(pfile); if (tmp_file) - free(tmp_file); + free(tmp_file); if (print_usage) - db_usage(SET_SRV_PW); + db_usage(SET_SRV_PW); return errcode; } @@ -1997,13 +1947,13 @@ kdb5_ldap_stash_service_password(argc, argv) } /* Pick up the stash-file name from krb5.conf */ - profile_get_string( util_context->profile, KDB_REALM_SECTION, - util_context->default_realm, KDB_MODULE_POINTER, NULL, §ion ); + profile_get_string(util_context->profile, KDB_REALM_SECTION, + util_context->default_realm, KDB_MODULE_POINTER, NULL, §ion); - if(section == NULL) { - profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION, - KDB_MODULE_POINTER, NULL, NULL, §ion); - if(section == NULL) { + if (section == NULL) { + profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION, + KDB_MODULE_POINTER, NULL, NULL, §ion); + if (section == NULL) { /* Stash file path neither in krb5.conf nor on command line */ file_name = strdup(DEF_SERVICE_PASSWD_FILE); goto done; @@ -2011,7 +1961,7 @@ kdb5_ldap_stash_service_password(argc, argv) } profile_get_string (util_context->profile, KDB_MODULE_SECTION, section, - "ldap_service_password_file", NULL, &file_name); + "ldap_service_password_file", NULL, &file_name); } done: @@ -2025,12 +1975,12 @@ done: /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */ assert (sizeof (prompt1) > (strlen (service_object) - + sizeof ("Password for \" \""))); + + sizeof ("Password for \" \""))); sprintf(prompt1, "Password for \"%s\"", service_object); /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */ assert (sizeof (prompt2) > (strlen (service_object) - + sizeof ("Re-enter Password for \" \""))); + + sizeof ("Re-enter Password for \" \""))); sprintf(prompt2, "Re-enter password for \"%s\"", service_object); ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); @@ -2055,9 +2005,9 @@ done: pwd.data = passwd; ret = tohex(pwd, &hexpasswd); - if(ret != 0){ + if (ret != 0) { com_err(me, ret, "Failed to convert the password to hexadecimal"); - memset(passwd, 0, passwd_len); + memset(passwd, 0, passwd_len); goto cleanup; } } @@ -2086,15 +2036,14 @@ done: } if (str == NULL) { - if(feof(pfile)) { + if (feof(pfile)) { /* If the service object dn is not present in the service password file */ if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) { com_err(me, errno, "Failed to write service object password to file"); fclose(pfile); goto cleanup; } - } - else { + } else { com_err(me, errno, "Error reading service object password file"); fclose(pfile); goto cleanup; @@ -2128,9 +2077,9 @@ done: } fseek(pfile, 0, SEEK_SET); - while(fgets(line, MAX_LEN, pfile) != NULL) { + while (fgets(line, MAX_LEN, pfile) != NULL) { if (((str = strstr(line, service_object)) != NULL) && - (line[strlen(service_object)] == '#')) { + (line[strlen(service_object)] == '#')) { if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) { com_err(me, errno, "Failed to write service object password to file"); fclose(newfile); @@ -2146,10 +2095,10 @@ done: fclose(pfile); goto cleanup; } - } + } } - if(!feof(pfile)) { + if (!feof(pfile)) { com_err(me, errno, "Error reading service object password file"); fclose(newfile); unlink(tmp_file); @@ -2173,8 +2122,8 @@ done: cleanup: - if(hexpasswd.length != 0) { - memset(hexpasswd.data, 0, hexpasswd.length); + if (hexpasswd.length != 0) { + memset(hexpasswd.data, 0, hexpasswd.length); free(hexpasswd.data); } @@ -2188,7 +2137,7 @@ cleanup: free(tmp_file); if (print_usage) - usage(); + usage(); /* db_usage(STASH_SRV_PW); */ return ret; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h index e10a055bc..86f7457b6 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h @@ -5,28 +5,28 @@ /* Copyright (c) 2004-2005, Novell, Inc. * All rights reserved. * - * Redistribution and use in source and binary forms, with or without + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The copyright holder's name is not used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * POSSIBILITY OF SUCH DAMAGE. */ #include "ldap_misc.h" @@ -51,8 +51,8 @@ #define DEF_SERVICE_PASSWD_FILE "/usr/local/var/service_passwd" struct data{ - int len; - unsigned char *value; + int len; + unsigned char *value; }; extern int enc_password(struct data pwd, struct data *enc_key, struct data *enc_pass); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c index 4b07b2754..be9ae0c6f 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Edit a KDC database. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -100,13 +100,13 @@ krb5_boolean db_inited = FALSE; char *progname; krb5_boolean manual_mkey = FALSE; -/* - * This function prints the usage of kdb5_ldap_util, which is +/* + * This function prints the usage of kdb5_ldap_util, which is * the LDAP configuration utility. */ void usage() { - fprintf(stderr, "Usage: " + fprintf(stderr, "Usage: " "kdb5_ldap_util [-D user_dn [-w passwd]] [-h ldap_server] [-p ldap_port]\n" "\tcmd [cmd_options]\n" @@ -189,7 +189,7 @@ void usage() /* List policies */ "list_policy [-basedn base_dn]\n" -); + ); } void db_usage (int type) { @@ -204,31 +204,30 @@ void db_usage (int type) { * same order as listed in this table. */ static struct _cmd_table { - char *name; - cmd_func func; - int opendb; + char *name; + cmd_func func; + int opendb; } cmd_table[] = { - {"create", kdb5_ldap_create, 1}, - {"modify", kdb5_ldap_modify, 1}, - {"view", kdb5_ldap_view, 1}, - {"destroy", kdb5_ldap_destroy, 1}, - {"list", kdb5_ldap_list, 1}, + {"create", kdb5_ldap_create, 1}, + {"modify", kdb5_ldap_modify, 1}, + {"view", kdb5_ldap_view, 1}, + {"destroy", kdb5_ldap_destroy, 1}, + {"list", kdb5_ldap_list, 1}, #ifdef HAVE_EDIRECTORY - {"create_service", kdb5_ldap_create_service, 1}, - {"modify_service", kdb5_ldap_modify_service, 1}, - {"view_service", kdb5_ldap_view_service, 1}, - {"destroy_service", kdb5_ldap_destroy_service, 1}, - {"list_service",kdb5_ldap_list_services,1}, - {"setsrvpw", kdb5_ldap_set_service_password, 0}, -#else - {"stashsrvpw", kdb5_ldap_stash_service_password, 0}, + {"create_service", kdb5_ldap_create_service, 1}, + {"modify_service", kdb5_ldap_modify_service, 1}, + {"view_service", kdb5_ldap_view_service, 1}, + {"destroy_service", kdb5_ldap_destroy_service, 1}, + {"list_service",kdb5_ldap_list_services,1}, + {"setsrvpw", kdb5_ldap_set_service_password, 0}, +#else {"stashsrvpw", kdb5_ldap_stash_service_password, 0}, #endif - {"create_policy", kdb5_ldap_create_policy, 1}, - {"modify_policy", kdb5_ldap_modify_policy, 1}, - {"view_policy", kdb5_ldap_view_policy, 1}, - {"destroy_policy", kdb5_ldap_destroy_policy, 1}, - {"list_policy", kdb5_ldap_list_policies, 1}, - {NULL, NULL, 0}, + {"create_policy", kdb5_ldap_create_policy, 1}, + {"modify_policy", kdb5_ldap_modify_policy, 1}, + {"view_policy", kdb5_ldap_view_policy, 1}, + {"destroy_policy", kdb5_ldap_destroy_policy, 1}, + {"list_policy", kdb5_ldap_list_policies, 1}, + {NULL, NULL, 0}, }; @@ -237,7 +236,7 @@ static struct _cmd_table { * command name and returns NULL if nothing matches. */ static struct _cmd_table *cmd_lookup(name) - char *name; + char *name; { int i; @@ -285,7 +284,7 @@ int main(argc, argv) char *argv[]; { struct _cmd_table *cmd = NULL; - char *koptarg = NULL, **cmd_argv = NULL; + char *koptarg = NULL, **cmd_argv = NULL; int cmd_argc = 0; krb5_error_code retval; int usage_print = 0; @@ -307,7 +306,7 @@ int main(argc, argv) retval = krb5_init_context(&util_context); set_com_err_hook(extended_com_err_fn); if (retval) { - com_err (progname, retval, "while initializing Kerberos code"); + com_err (progname, retval, "while initializing Kerberos code"); exit_status++; goto cleanup; } @@ -316,24 +315,24 @@ int main(argc, argv) cmd_argv = (char **) malloc(sizeof(char *)*argc); if (cmd_argv == NULL) { - com_err(progname, ENOMEM, "while creating sub-command arguments"); - exit_status++; + com_err(progname, ENOMEM, "while creating sub-command arguments"); + exit_status++; goto cleanup; } memset(cmd_argv, 0, sizeof(char *)*argc); cmd_argc = 1; memset(&global_params, 0, sizeof(kadm5_config_params)); - + argv++; argc--; while (*argv) { - if (strcmp(*argv, "--help") == 0) { - print_help_message = TRUE; - } - if (strcmp(*argv, "-P") == 0 && ARG_VAL) { + if (strcmp(*argv, "--help") == 0) { + print_help_message = TRUE; + } + if (strcmp(*argv, "-P") == 0 && ARG_VAL) { mkey_password = koptarg; manual_mkey = TRUE; - } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { + } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { global_params.realm = koptarg; global_params.mask |= KADM5_CONFIG_REALM; /* not sure this is really necessary */ @@ -343,54 +342,54 @@ int main(argc, argv) exit_status++; goto cleanup; } - } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { + } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { if (krb5_string_to_enctype(koptarg, &global_params.enctype)) com_err(argv[0], 0, "%s is an invalid enctype", koptarg); else global_params.mask |= KADM5_CONFIG_ENCTYPE; - } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { + } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { global_params.mkey_name = koptarg; global_params.mask |= KADM5_CONFIG_MKEY_NAME; - } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) { + } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) { global_params.stash_file = koptarg; global_params.mask |= KADM5_CONFIG_STASH_FILE; - } else if (strcmp(*argv, "-m") == 0) { + } else if (strcmp(*argv, "-m") == 0) { manual_mkey = TRUE; global_params.mkey_from_kbd = 1; global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) { - bind_dn = koptarg; - if (bind_dn == NULL) { - com_err(progname, ENOMEM, "while reading ldap parameters"); - exit_status++; - goto cleanup; - } - ldapmask |= CMD_LDAP_D; - } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) { - passwd = strdup(koptarg); - if (passwd == NULL) { - com_err(progname, ENOMEM, "while reading ldap parameters"); - exit_status++; - goto cleanup; - } - ldapmask |= CMD_LDAP_W; - } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) { - ldap_server = koptarg; - if (ldap_server == NULL) { - com_err(progname, ENOMEM, "while reading ldap parameters"); - exit_status++; - goto cleanup; - } - ldapmask |= CMD_LDAP_H; - } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) { - ldap_port = koptarg; - if (ldap_port == NULL) { - com_err(progname, ENOMEM, "while reading ldap parameters"); - exit_status++; - goto cleanup; - } - ldapmask |= CMD_LDAP_P; - } else if (cmd_lookup(*argv) != NULL) { + } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) { + bind_dn = koptarg; + if (bind_dn == NULL) { + com_err(progname, ENOMEM, "while reading ldap parameters"); + exit_status++; + goto cleanup; + } + ldapmask |= CMD_LDAP_D; + } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) { + passwd = strdup(koptarg); + if (passwd == NULL) { + com_err(progname, ENOMEM, "while reading ldap parameters"); + exit_status++; + goto cleanup; + } + ldapmask |= CMD_LDAP_W; + } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) { + ldap_server = koptarg; + if (ldap_server == NULL) { + com_err(progname, ENOMEM, "while reading ldap parameters"); + exit_status++; + goto cleanup; + } + ldapmask |= CMD_LDAP_H; + } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) { + ldap_port = koptarg; + if (ldap_port == NULL) { + com_err(progname, ENOMEM, "while reading ldap parameters"); + exit_status++; + goto cleanup; + } + ldapmask |= CMD_LDAP_P; + } else if (cmd_lookup(*argv) != NULL) { if (cmd_argv[0] == NULL) cmd_argv[0] = *argv; else { @@ -399,10 +398,10 @@ int main(argc, argv) usage(); goto cleanup; } - } else { + } else { cmd_argv[cmd_argc++] = *argv; - } - argv++; argc--; + } + argv++; argc--; } if (cmd_argv[0] == NULL) { @@ -419,72 +418,69 @@ int main(argc, argv) char *cmd_name = cmd_argv[0]; free(cmd_argv); cmd_argv = NULL; - usage(); + usage(); goto cleanup; } - + /* We need to check for the presence of default realm name only in * the case of realm related operations like create, destroy etc. */ if ((strcmp(cmd_argv[0], "create") == 0) || - (strcmp(cmd_argv[0], "destroy") == 0) || - (strcmp(cmd_argv[0], "modify") == 0) || - (strcmp(cmd_argv[0], "view") == 0) - ) { - realm_name_required = TRUE; + (strcmp(cmd_argv[0], "destroy") == 0) || + (strcmp(cmd_argv[0], "modify") == 0) || + (strcmp(cmd_argv[0], "view") == 0) + ) { + realm_name_required = TRUE; } - if( !util_context->default_realm ) { + if (!util_context->default_realm) { char *temp = NULL; retval = krb5_get_default_realm(util_context, &temp); - if( retval ) { + if (retval) { if (realm_name_required) { com_err (progname, retval, "while getting default realm"); exit_status++; goto cleanup; } - } - else + } else util_context->default_realm = temp; } /* If we have the realm name, we can safely say that * realm_name is required so that we don't neglect any information. */ else - realm_name_required = TRUE; - - retval = profile_get_string( util_context->profile, KDB_REALM_SECTION, - util_context->default_realm, KDB_MODULE_POINTER, - NULL, - &value ); - - if(!(value)) { - retval = profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION, - KDB_MODULE_POINTER, NULL, - NULL, - &value ); - if(!(value)) { - if (util_context->default_realm) - conf_section = strdup( util_context->default_realm ); - } - else { + realm_name_required = TRUE; + + retval = profile_get_string(util_context->profile, KDB_REALM_SECTION, + util_context->default_realm, KDB_MODULE_POINTER, + NULL, + &value); + + if (!(value)) { + retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION, + KDB_MODULE_POINTER, NULL, + NULL, + &value); + if (!(value)) { + if (util_context->default_realm) + conf_section = strdup(util_context->default_realm); + } else { conf_section = strdup(value); free(value); - } - } - else { + } + } else { conf_section = strdup(value); free(value); } if (realm_name_required) { - retval = kadm5_get_config_params(util_context, 1, + retval = kadm5_get_config_params(util_context, 1, &global_params, &global_params); - if (retval) { - com_err(argv[0], retval, "while retreiving configuration parameters"); - exit_status++; - goto cleanup; - } + if (retval) { + com_err(argv[0], retval, "while retreiving configuration parameters"); + exit_status++; + goto cleanup; + } gp_is_static = 0; } @@ -506,109 +502,109 @@ int main(argc, argv) /* If LDAP parameters are specified, replace them with the values from config */ if (ldapmask & CMD_LDAP_D) { - /* If password is not specified, prompt for it */ - if (passwd == NULL) { - passwd = (char *)malloc(MAX_PASSWD_LEN); - if (passwd == NULL) { - com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); - exit_status++; - goto cleanup; - } - prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN); - if (prompt == NULL) { - free(passwd); + /* If password is not specified, prompt for it */ + if (passwd == NULL) { + passwd = (char *)malloc(MAX_PASSWD_LEN); + if (passwd == NULL) { + com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); + exit_status++; + goto cleanup; + } + prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN); + if (prompt == NULL) { + free(passwd); passwd = NULL; - com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); - exit_status++; - goto cleanup; - } - memset(passwd, 0, sizeof(passwd)); - passwd_len = MAX_PASSWD_LEN - 1; - snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn); - - db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len); - - if ((db_retval) || (passwd_len == 0)) { - com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); - free(passwd); + com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); + exit_status++; + goto cleanup; + } + memset(passwd, 0, sizeof(passwd)); + passwd_len = MAX_PASSWD_LEN - 1; + snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn); + + db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len); + + if ((db_retval) || (passwd_len == 0)) { + com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); + free(passwd); passwd = NULL; - exit_status++; - goto cleanup; - } - } + exit_status++; + goto cleanup; + } + } - ldap_context->bind_pwd = passwd; + ldap_context->bind_pwd = passwd; } /* If ldaphost is specified, release entry filled by configuration & use this */ if (ldapmask & CMD_LDAP_H) { - ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ; - if (ldap_context->server_info_list == NULL) { - com_err(argv[0], ENOMEM, "while initializing server list"); - exit_status++; - goto cleanup; - } - - ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info)); - if (ldap_context->server_info_list[0] == NULL) { - com_err(argv[0], ENOMEM, "while initializing server list"); - exit_status++; - goto cleanup; - } - - ldap_context->server_info_list[0]->server_status = NOTSET; - - ldap_context->server_info_list[0]->server_name = strdup(ldap_server); - if (ldap_context->server_info_list[0]->server_name == NULL) { - com_err(argv[0], ENOMEM, "while initializing server list"); - exit_status++; - goto cleanup; - } + ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ; + if (ldap_context->server_info_list == NULL) { + com_err(argv[0], ENOMEM, "while initializing server list"); + exit_status++; + goto cleanup; + } + + ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info)); + if (ldap_context->server_info_list[0] == NULL) { + com_err(argv[0], ENOMEM, "while initializing server list"); + exit_status++; + goto cleanup; + } + + ldap_context->server_info_list[0]->server_status = NOTSET; + + ldap_context->server_info_list[0]->server_name = strdup(ldap_server); + if (ldap_context->server_info_list[0]->server_name == NULL) { + com_err(argv[0], ENOMEM, "while initializing server list"); + exit_status++; + goto cleanup; + } } /* If ldapport is specified, release entry filled by configuration & use this*/ if (ldapmask & CMD_LDAP_P) { ldap_context->port = atoi(ldap_port); } if (bind_dn) { - ldap_context->bind_dn = strdup(bind_dn); + ldap_context->bind_dn = strdup(bind_dn); if (ldap_context->bind_dn == NULL) { - com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); - exit_status++; - goto cleanup; + com_err(argv[0], ENOMEM, "while retrieving ldap configuration"); + exit_status++; + goto cleanup; } } else - ldap_context->bind_dn = NULL; + ldap_context->bind_dn = NULL; ldap_context->service_type = SERVICE_DN_TYPE_CLIENT; - if(realm_name_required) { - if ((global_params.enctype != ENCTYPE_UNKNOWN) && + if (realm_name_required) { + if ((global_params.enctype != ENCTYPE_UNKNOWN) && (!krb5_c_valid_enctype(global_params.enctype))) { - com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up enctype %d", global_params.enctype); - } + com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, + "while setting up enctype %d", global_params.enctype); + } } cmd = cmd_lookup(cmd_argv[0]); /* Setup DAL handle to access the database */ - dal_handle = calloc( (size_t)1, sizeof(kdb5_dal_handle) ); - if( dal_handle == NULL ) { + dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle)); + if (dal_handle == NULL) { goto cleanup; } dal_handle->db_context = ldap_context; util_context->db_context = (void *) dal_handle; - + db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER); if (db_retval) { - com_err(argv[0], db_retval, "while reading ldap configuration"); - exit_status++; - goto cleanup; + com_err(argv[0], db_retval, "while reading ldap configuration"); + exit_status++; + goto cleanup; } - + if (cmd->opendb) { - db_retval = krb5_ldap_db_init( util_context, ldap_context); + db_retval = krb5_ldap_db_init(util_context, ldap_context); if (db_retval) { com_err(progname, db_retval, "while initializing database"); exit_status++; @@ -622,30 +618,29 @@ int main(argc, argv) cleanup: if (passwd) - memset(passwd, 0, sizeof(passwd)); + memset(passwd, 0, sizeof(passwd)); if (ldap_context && ldap_context->bind_pwd) - memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd)); + memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd)); if (util_context) { if (gp_is_static == 0) kadm5_free_config_params(util_context, &global_params); - krb5_ldap_close(util_context); - krb5_free_context(util_context); + krb5_ldap_close(util_context); + krb5_free_context(util_context); } if (cmd_argv) - free(cmd_argv); + free(cmd_argv); if (prompt) - free(prompt); + free(prompt); if (conf_section) - free(conf_section); + free(conf_section); if (dal_handle) free(dal_handle); if (usage_print) { - usage(); + usage(); } return exit_status; } -