* Makefile.in, configure.in: fix shared lib lossage by
authorTom Yu <tlyu@mit.edu>
Wed, 24 Jul 1996 22:20:03 +0000 (22:20 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 24 Jul 1996 22:20:03 +0000 (22:20 +0000)
rearrangement of subdirectories

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8804 dc483132-0cff-0310-8789-dd5450dbe970

28 files changed:
src/lib/kadm5/ChangeLog
src/lib/kadm5/Makefile.in
src/lib/kadm5/adb_free.c [deleted file]
src/lib/kadm5/adb_openclose.c [deleted file]
src/lib/kadm5/adb_policy.c [deleted file]
src/lib/kadm5/adb_principal.c [deleted file]
src/lib/kadm5/adb_xdr.c [deleted file]
src/lib/kadm5/client_handle.c [deleted file]
src/lib/kadm5/client_init.c [deleted file]
src/lib/kadm5/client_internal.h [deleted file]
src/lib/kadm5/client_principal.c [deleted file]
src/lib/kadm5/client_rpc.c [deleted file]
src/lib/kadm5/clnt_chpass_util.c [deleted file]
src/lib/kadm5/clnt_policy.c [deleted file]
src/lib/kadm5/clnt_privs.c [deleted file]
src/lib/kadm5/configure.in
src/lib/kadm5/server_acl.c [deleted file]
src/lib/kadm5/server_acl.h [deleted file]
src/lib/kadm5/server_dict.c [deleted file]
src/lib/kadm5/server_handle.c [deleted file]
src/lib/kadm5/server_init.c [deleted file]
src/lib/kadm5/server_kdb.c [deleted file]
src/lib/kadm5/server_misc.c [deleted file]
src/lib/kadm5/svr_chpass_util.c [deleted file]
src/lib/kadm5/svr_iters.c [deleted file]
src/lib/kadm5/svr_misc_free.c [deleted file]
src/lib/kadm5/svr_policy.c [deleted file]
src/lib/kadm5/svr_principal.c [deleted file]

index 7eb2c1ab4039480f26e795541a1e3d6327f0b1fa..ade62cc9824b6b5d37fc5cb2809c0681d20a2f2b 100644 (file)
@@ -1,3 +1,8 @@
+Wed Jul 24 18:18:39 1996  Tom Yu  <tlyu@voltage-multiplier.mit.edu>
+
+       * Makefile.in, configure.in: fix shared lib lossage by
+               rearrangement of subdirectories
+
 Tue Jul 23 16:49:56 1996  Tom Yu  <tlyu@voltage-multiplier.mit.edu>
 
        * Makefile.in: delete extraneous trailing backslash from GENSRCS
index 12771f156cdfa170008357c2d6d68cadbee1d96c..ab82a0385d91fd0b87340737723e0f73f19c49c7 100644 (file)
@@ -1,7 +1,6 @@
 CFLAGS = $(CCOPTS) $(DEFS)
 
 ##DOSBUILDTOP = ..\..
-##DOSLIBNAME=libkadm5srv.lib
 
 .c.o:
        $(CC) $(CFLAGS) -c $(srcdir)/$*.c
@@ -28,7 +27,7 @@ clean::
        $(RM) adb_err.c adb_err.h adb_err.o
        $(RM) chpass_util_strings.c chpass_util_strings.h chpass_util_strings.o
 
-GENSRCS = kadm_err.c \
+SRCS = kadm_err.c \
        adb_err.c \
        chpass_util_strings.c \
        $(srcdir)/ovsec_glue.c \
@@ -39,30 +38,7 @@ GENSRCS = kadm_err.c \
        $(srcdir)/str_conv.c \
        $(srcdir)/logger.c
 
-SRVSRCS = $(GENSRCS) \
-       $(srcdir)/svr_policy.c \
-       $(srcdir)/svr_principal.c \
-       $(srcdir)/server_acl.c \
-       $(srcdir)/server_kdb.c \
-       $(srcdir)/server_misc.c \
-       $(srcdir)/server_init.c \
-       $(srcdir)/server_dict.c \
-       $(srcdir)/svr_iters.c \
-       $(srcdir)/svr_chpass_util.c \
-       $(srcdir)/adb_xdr.c \
-       $(srcdir)/adb_policy.c \
-       $(srcdir)/adb_free.c \
-       $(srcdir)/adb_openclose.c
-
-CLNTSRCS = $(GENSRCS) \
-       $(srcdir)/clnt_policy.c \
-       $(srcdir)/client_rpc.c \
-       $(srcdir)/client_principal.c \
-       $(srcdir)/client_init.c \
-       $(srcdir)/clnt_privs.c \
-       $(srcdir)/clnt_chpass_util.c
-
-GENOBJS = kadm_err.$(OBJEXT) \
+OBJS = kadm_err.$(OBJEXT) \
        adb_err.$(OBJEXT) \
        chpass_util_strings.$(OBJEXT) \
        ovsec_glue.$(OBJEXT) \
@@ -73,93 +49,18 @@ GENOBJS = kadm_err.$(OBJEXT) \
        str_conv.$(OBJEXT) \
        logger.$(OBJEXT)
 
-SRVOBJS = $(GENOBJS) \
-       svr_policy.$(OBJEXT) \
-       svr_principal.$(OBJEXT) \
-       server_acl.$(OBJEXT) \
-       server_kdb.$(OBJEXT) \
-       server_misc.$(OBJEXT) \
-       server_init.$(OBJEXT) \
-       server_dict.$(OBJEXT) \
-       svr_iters.$(OBJEXT) \
-       svr_chpass_util.$(OBJEXT) \
-       adb_xdr.$(OBJEXT) \
-       adb_policy.$(OBJEXT) \
-       adb_free.$(OBJEXT) \
-       adb_openclose.$(OBJEXT)
-
-CLNTOBJS = $(GENOBJS) @LIBOBJS@ \
-       clnt_policy.$(OBJEXT) \
-       client_rpc.$(OBJEXT) \
-       client_principal.$(OBJEXT) \
-       client_init.$(OBJEXT) \
-       clnt_privs.$(OBJEXT) \
-       clnt_chpass_util.$(OBJEXT)
-
-#
-# Depends on libkdb5, libkrb5, libcrypto, libcom_err, libdyn
-#
-KDB5_VER=@KDB5_SH_VERS@
-KRB5_VER=@KRB5_SH_VERS@
-CRYPTO_VER=@CRYPTO_SH_VERS@
-COMERR_VER=@COMERR_SH_VERS@
-DYN_VER=@DYN_SH_VERS@
-DEPLIBS=$(TOPLIBD)/libkdb5.$(SHEXT).$(KDB5_VER) \
-       $(TOPLIBD)/libkrb5.$(SHEXT).$(KRB5_VER) \
-       $(TOPLIBD)/libcrypto.$(SHEXT).$(CRYPTO_VER) \
-       $(TOPLIBD)/libcom_err.$(SHEXT).$(COMERR_VER) \
-       $(TOPLIBD)/libdyn.$(SHEXT).$(DYN_VER)
-
-SHLIB_LIBS=-lkdb5 -lkrb5 -lcrypto -lcom_err -ldyn
-SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
-SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
-
-all-unix:: shared includes $(OBJS)
+all-unix:: shared includes $(OBJS) DONE
 all-mac:: $(OBJS)
 all-windows:: $(OBJS)
 
-# don't think about this very hard.  when the build system goes away,
-# so will this.
-LIBDONE = srv/DONE clnt/DONE
-LIB_SUBDIRS= 
 shared:
-       -mkdir shared srv clnt
-       ln -s ../shared srv/shared
-       ln -s ../shared clnt/shared
-
-srv/DONE: $(SRVOBJS)
-       $(RM) srv/DONE
-       echo $(SRVOBJS) > srv/DONE
-
-clnt/DONE: $(CLNTOBJS)
-       $(RM) clnt/DONE
-       echo $(CLNTOBJS) > clnt/DONE
+       mkdir shared
 
 check-windows::
 
 clean-unix::
-       $(RM) shared/* srv/* clnt/*
-       -rmdir shared srv clnt
+       $(RM) shared/*
+       -rmdir shared
 
 clean-mac::
 clean-windows::
-
-libkadm5srv.a: $(SRVOBJS)
-       $(RM) $@
-       $(ARADD) $@ $(SRVOBJS)
-       $(RANLIB) $@
-
-libkadm5clnt.a: $(CLNTOBJS)
-       $(RM) $@
-       $(ARADD) $@ $(CLNTOBJS)
-       $(RANLIB) $@
-
-install:: libkadm5srv.a libkadm5clnt.a
-       $(INSTALL_DATA) libkadm5srv.a $(DESTDIR)$(KRB5_LIBDIR)/libkadm5srv.a
-       $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libkadm5srv.a
-       $(INSTALL_DATA) libkadm5clnt.a $(DESTDIR)$(KRB5_LIBDIR)/libkadm5clnt.a
-       $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libkadm5clnt.a
-
-clean::
-       $(RM) libkadm5srv.a libkadm5srv.bak DONESRV
-       $(RM) libkadm5clnt.a libkadm5clnt.bak DONECLNT
diff --git a/src/lib/kadm5/adb_free.c b/src/lib/kadm5/adb_free.c
deleted file mode 100644 (file)
index 4c6f8a6..0000000
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- * 
- * $Log$
- * Revision 1.8  1996/07/22 20:35:16  marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches.  This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964.  before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.7.4.1  1996/07/18 03:08:07  marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.7.2.1  1996/06/20  02:16:25  marc
- * File added to the repository on a branch
- *
- * Revision 1.7  1996/05/12  06:21:57  marc
- * don't use <absolute paths> for "internal header files"
- *
- * Revision 1.6  1993/12/13  21:15:56  shanzer
- * fixed memory leak
- * .,
- *
- * Revision 1.5  1993/12/06  22:20:37  marc
- * fixup free functions to use xdr to free the underlying struct
- *
- * Revision 1.4  1993/11/15  00:29:46  shanzer
- * check to make sure pointers are somewhat vaid before freeing.
- *
- * Revision 1.3  1993/11/09  04:02:24  shanzer
- * added some includefiles
- * changed bzero to memset
- *
- * Revision 1.2  1993/11/04  01:54:24  shanzer
- * added rcs header ..
- *
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       "adb.h"
-#include       <memory.h>
-#include       <malloc.h>
-
-void
-osa_free_princ_ent(osa_princ_ent_t val)
-{
-    XDR xdrs;
-
-    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-
-    xdr_osa_princ_ent_rec(&xdrs, val);
-    free(val);
-}
-
-void
-osa_free_policy_ent(osa_policy_ent_t val)
-{
-    XDR xdrs;
-
-    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-
-    xdr_osa_policy_ent_rec(&xdrs, val);
-    free(val);
-}
-
diff --git a/src/lib/kadm5/adb_openclose.c b/src/lib/kadm5/adb_openclose.c
deleted file mode 100644 (file)
index 627a6b4..0000000
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$ 
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       <sys/file.h>
-#include       <fcntl.h>
-#include       <unistd.h>
-#include       "adb.h"
-#include       <stdlib.h>
-
-#define MAX_LOCK_TRIES 5
-
-struct _locklist {
-     osa_adb_lock_ent lockinfo;
-     struct _locklist *next;
-};
-
-osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
-                               int magic)
-{
-     FILE *lf;
-     DB *db;
-     HASHINFO info;
-     
-     lf = fopen(lockfilename, "w+");
-     if (lf == NULL)
-         return errno;
-     (void) fclose(lf);
-
-     memset(&info, 0, sizeof(info));
-     info.hash = NULL;
-     info.bsize = 256;
-     info.ffactor = 8;
-     info.nelem = 25000;
-     info.lorder = 0;
-     db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_HASH, &info);
-     if (db == NULL)
-         return errno;
-     if (db->close(db) < 0)
-         return errno;
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename,
-                                int magic)
-{
-     /* the admin databases do not contain security-critical data */
-     if (unlink(filename) < 0 ||
-        unlink(lockfilename) < 0)
-         return errno;
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-                             char *lockfilename, int magic)
-{
-     osa_adb_db_t db;
-     static struct _locklist *locklist = NULL;
-     struct _locklist *lockp;
-     krb5_error_code code;
-     
-     if (dbp == NULL || filename == NULL)
-         return EINVAL;
-
-     db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
-     if (db == NULL)
-         return ENOMEM;
-
-     memset(db, 0, sizeof(*db));
-     db->info.hash = NULL;
-     db->info.bsize = 256;
-     db->info.ffactor = 8;
-     db->info.nelem = 25000;
-     db->info.lorder = 0;
-
-     /*
-      * A process is allowed to open the same database multiple times
-      * and access it via different handles.  If the handles use
-      * distinct lockinfo structures, things get confused: lock(A),
-      * lock(B), release(B) will result in the kernel unlocking the
-      * lock file but handle A will still think the file is locked.
-      * Therefore, all handles using the same lock file must share a
-      * single lockinfo structure.
-      *
-      * It is not sufficient to have a single lockinfo structure,
-      * however, because a single process may also wish to open
-      * multiple different databases simultaneously, with different
-      * lock files.  This code used to use a single static lockinfo
-      * structure, which means that the second database opened used
-      * the first database's lock file.  This was Bad.
-      *
-      * We now maintain a linked list of lockinfo structures, keyed by
-      * lockfilename.  An entry is added when this function is called
-      * with a new lockfilename, and all subsequent calls with that
-      * lockfilename use the existing entry, updating the refcnt.
-      * When the database is closed with fini_db(), the refcnt is
-      * decremented, and when it is zero the lockinfo structure is
-      * freed and reset.  The entry in the linked list, however, is
-      * never removed; it will just be reinitialized the next time
-      * init_db is called with the right lockfilename.
-      */
-
-     /* find or create the lockinfo structure for lockfilename */
-     lockp = locklist;
-     while (lockp) {
-         if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
-              break;
-         else
-              lockp = lockp->next;
-     }
-     if (lockp == NULL) {
-         /* doesn't exist, create it, add to list */
-         lockp = (struct _locklist *) malloc(sizeof(*lockp));
-         if (lockp == NULL) {
-              free(db);
-              return ENOMEM;
-         }
-         memset(lockp, 0, sizeof(*lockp));
-         lockp->next = locklist;
-         locklist = lockp;
-     }
-
-     /* now initialize lockp->lockinfo if necessary */
-     if (lockp->lockinfo.lockfile == NULL) {
-         if (code = krb5_init_context(&lockp->lockinfo.context)) {
-              free(db);
-              return((osa_adb_ret_t) code);
-         }
-
-         /*
-          * needs be open read/write so that write locking can work with
-          * POSIX systems
-          */
-         lockp->lockinfo.filename = strdup(lockfilename);
-         if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
-              /*
-               * maybe someone took away write permission so we could only
-               * get shared locks?
-               */
-              if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
-                  == NULL) {
-                   free(db);
-                   return OSA_ADB_NOLOCKFILE;
-              }
-         }
-         lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
-     }
-
-     /* lockp is set, lockinfo is initialized, update the reference count */
-     db->lock = &lockp->lockinfo;
-     db->lock->refcnt++;
-
-     db->filename = strdup(filename);
-     db->magic = magic;
-
-     *dbp = db;
-     
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic)
-{
-     if (db->magic != magic)
-         return EINVAL;
-     if (db->lock->refcnt == 0) {
-         /* barry says this can't happen */
-         return OSA_ADB_FAILURE;
-     } else {
-         db->lock->refcnt--;
-     }
-
-     if (db->lock->refcnt == 0) {
-         /*
-          * Don't free db->lock->filename, it is used as a key to
-          * find the lockinfo entry in the linked list.  If the
-          * lockfile doesn't exist, we must be closing the database
-          * after trashing it.  This has to be allowed, so don't
-          * generate an error.
-          */
-         (void) fclose(db->lock->lockfile);
-         db->lock->lockfile = NULL;
-         krb5_free_context(db->lock->context);
-     }
-
-     db->magic = 0;
-     free(db->filename);
-     free(db);
-     return OSA_ADB_OK;
-}     
-     
-osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
-{
-     int tries, gotlock, perm, krb5_mode, ret;
-
-     if (db->lock->lockmode >= mode) {
-         /* No need to upgrade lock, just incr refcnt and return */
-         db->lock->lockcnt++;
-         return(OSA_ADB_OK);
-     }
-
-     perm = 0;
-     switch (mode) {
-       case OSA_ADB_PERMANENT:
-         perm = 1;
-       case OSA_ADB_EXCLUSIVE:
-         krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
-         break;
-       case OSA_ADB_SHARED:
-         krb5_mode = KRB5_LOCKMODE_SHARED;
-         break;
-       default:
-         return(EINVAL);
-     }
-
-     for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
-         if ((ret = krb5_lock_file(db->lock->context,
-                                   fileno(db->lock->lockfile),
-                                   krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
-              gotlock++;
-              break;
-         } else if (ret == EBADF && mode == OSA_ADB_EXCLUSIVE)
-              /* tried to exclusive-lock something we don't have */
-              /* write access to */
-              return OSA_ADB_NOEXCL_PERM;
-
-         sleep(1);
-     }
-
-     /* test for all the likely "can't get lock" error codes */
-     if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
-         return OSA_ADB_CANTLOCK_DB;
-     else if (ret != 0)
-         return ret;
-
-     /*
-      * If the file no longer exists, someone acquired a permanent
-      * lock.  If that process terminates its exclusive lock is lost,
-      * but if we already had the file open we can (probably) lock it
-      * even though it has been unlinked.  So we need to insist that
-      * it exist.
-      */
-     if (access(db->lock->filename, F_OK) < 0) {
-         (void) krb5_lock_file(db->lock->context,
-                               fileno(db->lock->lockfile),
-                               KRB5_LOCKMODE_UNLOCK);
-         return OSA_ADB_NOLOCKFILE;
-     }
-     
-     /* we have the shared/exclusive lock */
-     
-     if (perm) {
-         if (unlink(db->lock->filename) < 0) {
-              int ret;
-
-              /* somehow we can't delete the file, but we already */
-              /* have the lock, so release it and return */
-
-              ret = errno;
-              (void) krb5_lock_file(db->lock->context,
-                                    fileno(db->lock->lockfile),
-                                    KRB5_LOCKMODE_UNLOCK);
-              
-              /* maybe we should return CANTLOCK_DB.. but that would */
-              /* look just like the db was already locked */
-              return ret;
-         }
-
-         /* this releases our exclusive lock.. which is okay because */
-         /* now no one else can get one either */
-         (void) fclose(db->lock->lockfile);
-     }
-     
-     db->lock->lockmode = mode;
-     db->lock->lockcnt++;
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
-{
-     int ret;
-     
-     if (!db->lock->lockcnt)           /* lock already unlocked */
-         return OSA_ADB_NOTLOCKED;
-
-     if (--db->lock->lockcnt == 0) {
-         if (db->lock->lockmode == OSA_ADB_PERMANENT) {
-              /* now we need to create the file since it does not exist */
-              if ((db->lock->lockfile = fopen(db->lock->filename,
-                                              "w+")) == NULL)
-                   return OSA_ADB_NOLOCKFILE;
-         } else if (ret = krb5_lock_file(db->lock->context,
-                                         fileno(db->lock->lockfile),
-                                         KRB5_LOCKMODE_UNLOCK))
-              return ret;
-         
-         db->lock->lockmode = 0;
-     }
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
-{
-     int ret;
-
-     ret = osa_adb_get_lock(db, locktype);
-     if (ret != OSA_ADB_OK)
-         return ret;
-     
-     db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
-     if (db->db == NULL) {
-         (void) osa_adb_release_lock(db);
-         if(errno == EINVAL)
-              return OSA_ADB_BAD_DB;
-         return errno;
-     }
-     return OSA_ADB_OK;
-}
-
-osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db)
-{
-     int ret;
-
-     if(db->db->close(db->db) == -1) {
-         (void) osa_adb_release_lock(db);
-         return OSA_ADB_FAILURE;
-     }
-
-     db->db = NULL;
-
-     return(osa_adb_release_lock(db));
-}
-
diff --git a/src/lib/kadm5/adb_policy.c b/src/lib/kadm5/adb_policy.c
deleted file mode 100644 (file)
index ff0117b..0000000
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       <sys/file.h>
-#include       <fcntl.h>
-#include       "adb.h"
-#include       <stdlib.h>
-#include       <malloc.h>
-#include       <string.h>
-
-extern int errno;
-
-#define OPENLOCK(db, mode) \
-{ \
-       int ret; \
-           if (db == NULL) \
-                return EINVAL; \
-           else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \
-                return OSA_ADB_DBINIT; \
-           else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
-                return ret; \
-           }
-
-#define CLOSELOCK(db) \
-{ \
-     int ret; \
-     if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
-         return ret; \
-}
-
-osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params)
-{
-     return osa_adb_create_db(params->admin_dbname,
-                             params->admin_lockfile,
-                             OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_destroy_policy_db(kadm5_config_params *params)
-{
-     return osa_adb_destroy_db(params->admin_dbname,
-                              params->admin_lockfile,
-                              OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_open_policy(osa_adb_princ_t *dbp,
-                                 kadm5_config_params *rparams)
-{
-     return osa_adb_init_db(dbp, rparams->admin_dbname,
-                           rparams->admin_lockfile,
-                           OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db)
-{
-     return osa_adb_fini_db(db, OSA_ADB_POLICY_DB_MAGIC);
-}
-
-/*
- * Function: osa_adb_create_policy
- * 
- * Purpose: create a policy entry in the policy db.
- *
- * Arguments:
- *     entry           (input) pointer to the entry to be added
- *     <return value>  OSA_ADB_OK on sucsess, else error code.
- *
- * Requires:
- *     entry have a valid name.
- * 
- * Effects:
- *     creates the entry in the db
- *
- * Modifies:
- *     the policy db.
- * 
- */
-osa_adb_ret_t
-osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
-{
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-
-    if(entry->name == NULL) {
-        ret = EINVAL;
-        goto error;
-    }
-    dbkey.data = entry->name;
-    dbkey.size = (strlen(entry->name) + 1);
-               
-    switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
-    case 0:
-        ret = OSA_ADB_DUP;
-        goto error;
-    case 1:
-       break;
-    default:
-        ret = errno;
-        goto error;
-    }
-    xdralloc_create(&xdrs, XDR_ENCODE);
-    if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret = OSA_ADB_XDR_FAILURE;
-       goto error;
-    }
-    dbdata.data = xdralloc_getdata(&xdrs);
-    dbdata.size = xdr_getpos(&xdrs);
-    switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) {
-    case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret = OSA_ADB_FAILURE;
-       ret = OSA_ADB_OK;
-       break;
-    case 1:
-       ret = OSA_ADB_DUP;
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    xdr_destroy(&xdrs);
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-/*
- * Function: osa_adb_destroy_policy
- * 
- * Purpose: destroy a policy entry
- *
- * Arguments:
- *     db              (input) database handle
- *     name            (input) name of policy
- *     <return value>  OSA_ADB_OK on sucsess, or error code.
- *
- * Requires:
- *     db being valid.
- *     name being non-null.
- * Effects:
- *     deletes policy from db.
- *
- * Modifies:
- *     policy db.
- * 
- */
-osa_adb_ret_t
-osa_adb_destroy_policy(osa_adb_policy_t db, kadm5_policy_t name)
-{
-    DBT            dbkey;
-    int            status, ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-    
-    if(name == NULL) {
-        ret = EINVAL;
-        goto error;
-    }
-    dbkey.data = name;
-    dbkey.size = (strlen(name) + 1);
-
-    status = db->db->del(db->db, &dbkey, 0);
-    switch(status) {
-    case 1:
-        ret = OSA_ADB_NOENT;
-        goto error;
-    case 0:
-        if ((db->db->sync(db->db, 0)) == -1) {
-             ret = OSA_ADB_FAILURE;
-             goto error;
-        }
-        ret = OSA_ADB_OK;
-        break;
-    default:
-        ret = OSA_ADB_FAILURE;
-        goto error;
-    }
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-/*
- * Function: osa_adb_get_policy
- * 
- * Purpose: retrieve policy
- *
- * Arguments:
- *     db              (input) db handle
- *     name            (input) name of policy
- *     entry           (output) policy entry
- *     <return value>  0 on sucsess, error code on failure.
- *
- * Requires:
- * Effects:
- * Modifies:
- */
-osa_adb_ret_t
-osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name,
-                  osa_policy_ent_t *entry)
-{
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret;
-    char               *aligned_data;
-
-    OPENLOCK(db, OSA_ADB_SHARED);
-
-    if(name == NULL) {
-        ret = EINVAL;
-        goto error;
-    }
-    dbkey.data = name;
-    dbkey.size = (strlen(dbkey.data) + 1);
-    dbdata.data = NULL;
-    dbdata.size = 0;
-    switch((db->db->get(db->db, &dbkey, &dbdata, 0))) {
-    case 1:
-        ret = OSA_ADB_NOENT;
-        goto error;
-    case 0:
-       break;
-    default:
-        ret = OSA_ADB_FAILURE;
-        goto error;
-    }
-    if (!(*(entry) = (osa_policy_ent_t)malloc(sizeof(osa_policy_ent_rec)))) {
-        ret = ENOMEM;
-        goto error;
-    }
-    if (!(aligned_data = (char *) malloc(dbdata.size))) {
-        ret = ENOMEM;
-        goto error;
-    }
-    memcpy(aligned_data, dbdata.data, dbdata.size);    
-    memset(*entry, 0, sizeof(osa_policy_ent_rec));
-    xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-    if (!xdr_osa_policy_ent_rec(&xdrs, *entry)) 
-       ret =  OSA_ADB_FAILURE;
-    else ret = OSA_ADB_OK;
-    xdr_destroy(&xdrs);
-    free(aligned_data);
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-/*
- * Function: osa_adb_put_policy
- * 
- * Purpose: update a policy in the dababase
- *
- * Arguments:
- *     db              (input) db handle
- *     entry           (input) policy entry
- *     <return value>  0 on sucsess error code on failure.
- *
- * Requires:
- *     [requires]
- * 
- * Effects:
- *     [effects]
- *
- * Modifies:
- *     [modifies]
- * 
- */
-osa_adb_ret_t
-osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
-{
-    DBT                        dbkey;
-    DBT                        dbdata;
-    DBT                        tmpdb;
-    XDR                        xdrs;
-    int                        ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-    
-    if(entry->name == NULL) {
-        ret = EINVAL;
-        goto error;
-    }
-    dbkey.data = entry->name;
-    dbkey.size = (strlen(entry->name) + 1);
-    switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) {
-    case 0:
-       break;
-    case 1:
-       ret = OSA_ADB_NOENT;
-       goto error;
-    default:
-       ret = OSA_ADB_FAILURE;
-       goto error;
-    }
-    xdralloc_create(&xdrs, XDR_ENCODE);
-    if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret = OSA_ADB_XDR_FAILURE;
-       goto error;
-    }
-    dbdata.data = xdralloc_getdata(&xdrs);
-    dbdata.size = xdr_getpos(&xdrs);
-    switch(db->db->put(db->db, &dbkey, &dbdata, 0)) {
-    case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret = OSA_ADB_FAILURE;
-       ret = OSA_ADB_OK;
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    xdr_destroy(&xdrs);
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-/*
- * Function: osa_adb_iter_policy
- * 
- * Purpose: iterate over the policy database.
- *
- * Arguments:
- *     db              (input) db handle
- *     func            (input) fucntion pointer to call
- *     data            opaque data type
- *     <return value>  0 on sucsess error code on failure
- *
- * Requires:
- * Effects:
- * Modifies:
- */
-osa_adb_ret_t
-osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
-                   void *data)
-{
-    DBT                            dbkey,
-                           dbdata;
-    XDR                            xdrs;
-    int                            ret;
-    osa_policy_ent_t       entry;
-    char                   *aligned_data;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE); /* hmmm */
-
-    if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
-        ret = errno;
-        goto error;
-    }
-
-    while (ret == 0) {
-       if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) {
-            ret = ENOMEM;
-            goto error;
-       }
-
-       if(!(aligned_data = (char *) malloc(dbdata.size))) {
-            ret = ENOMEM;
-            goto error;
-       }
-       memcpy(aligned_data, dbdata.data, dbdata.size);
-       
-       memset(entry, 0, sizeof(osa_policy_ent_rec));
-       xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-       if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-           xdr_destroy(&xdrs);
-           free(aligned_data);
-           ret = OSA_ADB_FAILURE;
-           goto error;
-       }
-       (*func)(data, entry);
-       xdr_destroy(&xdrs);
-       free(aligned_data);     
-       osa_free_policy_ent(entry);
-       ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
-    }
-    if(ret == -1)
-        ret = errno;
-    else ret = OSA_ADB_OK;
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
diff --git a/src/lib/kadm5/adb_principal.c b/src/lib/kadm5/adb_principal.c
deleted file mode 100644 (file)
index 8ee9aab..0000000
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- * 
- * $Log$
- * Revision 1.24  1996/07/22 20:35:23  marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches.  This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964.  before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.23.4.1  1996/07/18 03:08:17  marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.23.2.1  1996/06/20  02:16:30  marc
- * File added to the repository on a branch
- *
- * Revision 1.23  1996/05/16  21:44:35  bjaspan
- * this file is no longer used, #if the whole thing out
- *
- * Revision 1.22  1996/05/08 20:51:44  bjaspan
- * marc's changes
- *
- * Revision 1.21  1995/08/24  20:23:43  bjaspan
- * marc is a bonehead
- *
- * Revision 1.20  1995/08/23  19:16:02  marc
- * check for db == NULL in OPENLOCK()
- *
- * Revision 1.19  1995/08/08  18:31:30  bjaspan
- * [secure/3394] first cut at admin db locking support
- *
- * Revision 1.18  1995/08/02  15:26:57  bjaspan
- * check db==NULL in iter
- *
- * Revision 1.17  1994/05/09  17:52:36  shanzer
- * fixed some include files
- *
- * Revision 1.16  1994/03/17  01:25:58  shanzer
- * include fcntl.h
- *
- * Revision 1.15  1993/12/17  18:54:06  jik
- * [secure-admin/1040]
- *
- * open_princ should return errno, rather than BAD_DB, if errno is
- * something other than BAD_DB.
- *
- * Revision 1.14  1993/12/13  18:55:58  marc
- * remove bogus free()'s
- *
- * Revision 1.13  1993/12/08  22:29:27  marc
- * fixed another xdrmem alignment thing]
- *
- * Revision 1.12  1993/12/06  22:22:22  bjaspan
- * fix alignment and free-memory-read bugs
- *
- * Revision 1.11  1993/12/05  04:15:16  shanzer
- * removed data size hack.
- *
- * Revision 1.10  1993/11/15  00:29:24  shanzer
- * added filenme to open
- *
- * Revision 1.9  1993/11/10  20:10:06  shanzer
- * now uses xdralloc instead of xdrmem
- *
- * Revision 1.8  1993/11/09  21:43:24  shanzer
- * added check to see if we overflowed our xdr buffer.
- *
- * Revision 1.7  1993/11/09  04:00:19  shanzer
- * changed bzero to memset
- *
- * Revision 1.6  1993/11/05  23:16:21  shanzer
- * return ENOMEM instead of ovsec_kadm_mem
- *
- * Revision 1.5  1993/11/05  22:17:03  shanzer
- * added principal db interative function
- *
- * Revision 1.4  1993/11/04  23:20:24  shanzer
- * made HASHINFO static.
- *
- * Revision 1.3  1993/11/04  01:52:30  shanzer
- * Restructred some code .. fixed some bugs/leaks
- *
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#if 0
-/* XXX THIS FILE IS NO LONGER USED, and should be deleted when we're done */
-
-#include       <sys/file.h>
-#include       <fcntl.h>
-#include       "adb.h"
-#include       <stdlib.h>
-#include       <memory.h>
-
-#define OPENLOCK(db, mode) \
-{ \
-       int ret; \
-           if (db == NULL) \
-                return EINVAL; \
-           else if (db->magic != OSA_ADB_PRINC_DB_MAGIC) \
-                return OSA_ADB_DBINIT; \
-           else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
-                return ret; \
-           }
-
-#define CLOSELOCK(db) \
-{ \
-     int ret; \
-     if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
-         return ret; \
-}
-
-osa_adb_ret_t osa_adb_open_princ(osa_adb_princ_t *dbp, char *filename)
-{
-     return osa_adb_init_db(dbp, filename, OSA_ADB_PRINC_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_close_princ(osa_adb_princ_t db)
-{
-     return osa_adb_fini_db(db, OSA_ADB_PRINC_DB_MAGIC);
-}
-
-osa_adb_ret_t
-osa_adb_create_princ(osa_adb_princ_t db, osa_princ_ent_t entry)
-{
-
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-
-    if(krb5_unparse_name(db->lock->context,
-                        entry->name, (char **) &dbkey.data)) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    if((dbkey.size = strlen(dbkey.data)) == 0) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-       
-    switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
-    case 0:
-        ret = OSA_ADB_DUP;
-        goto error;
-    case 1:
-       break;
-    default:
-        ret = OSA_ADB_FAILURE;
-        goto error;
-    }
-    xdralloc_create(&xdrs, XDR_ENCODE); 
-    if(!xdr_osa_princ_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret = OSA_ADB_XDR_FAILURE;
-       goto error;
-    }
-    dbdata.data = xdralloc_getdata(&xdrs);
-    dbdata.size = xdr_getpos(&xdrs);
-    switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) {
-    case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret =  OSA_ADB_FAILURE;
-       else
-            ret = OSA_ADB_OK;
-       break;
-    case 1:
-       ret = OSA_ADB_DUP;
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    xdralloc_release(&xdrs);
-    free(dbkey.data);
-
-error:
-    CLOSELOCK(db);
-    
-    return ret;
-}
-       
-osa_adb_ret_t
-osa_adb_destroy_princ(osa_adb_princ_t db, ovsec_kadm_princ_t name)
-{
-    DBT            dbkey;
-    int            status;
-    int            ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-
-    if(krb5_unparse_name(db->lock->context, name, (char **) &dbkey.data)) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    if ((dbkey.size = strlen(dbkey.data)) == 0) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    status = db->db->del(db->db, &dbkey, 0);
-    switch(status) {
-    case 1:
-       ret = OSA_ADB_NOENT;
-       break;
-    case 0:
-       if ((db->db->sync(db->db, 0)) == -1)
-           ret = OSA_ADB_FAILURE;
-       else 
-            ret = OSA_ADB_OK;
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    free(dbkey.data);
-
-error:
-    CLOSELOCK(db);
-    
-    return ret;
-}
-
-osa_adb_ret_t
-osa_adb_get_princ(osa_adb_princ_t db, ovsec_kadm_princ_t name,
-                 osa_princ_ent_t *entry)
-{
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret = 0;
-    char               *aligned_data;
-
-    OPENLOCK(db, OSA_ADB_SHARED);
-
-    if(krb5_unparse_name(db->lock->context, name, (char **) &dbkey.data)) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    if((dbkey.size = strlen(dbkey.data)) == 0) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    dbdata.size = 0;
-    dbdata.data = NULL;
-    switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
-    case 1:
-       ret = OSA_ADB_NOENT;
-       break;
-    case 0:
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    free(dbkey.data);
-    if (ret)
-        goto error;
-
-    if (!(*(entry) = (osa_princ_ent_t)malloc(sizeof(osa_princ_ent_rec)))) {
-        ret = ENOMEM;
-        goto error;
-    }
-
-    aligned_data = (char *) malloc(dbdata.size);
-    if (aligned_data == NULL) {
-        ret = ENOMEM;
-        goto error;
-    }
-    memcpy(aligned_data, dbdata.data, dbdata.size);
-    
-    memset(*entry, 0, sizeof(osa_princ_ent_rec));      
-    xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-    if (!xdr_osa_princ_ent_rec(&xdrs, *entry)) {
-       xdr_destroy(&xdrs);
-       free(aligned_data);
-       ret = OSA_ADB_FAILURE;
-       goto error;
-    }
-    xdr_destroy(&xdrs);
-    free(aligned_data);
-    ret = OSA_ADB_OK;
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-osa_adb_ret_t
-osa_adb_put_princ(osa_adb_princ_t db, osa_princ_ent_t entry)
-{
-    DBT                        dbkey;
-    DBT                        dbdata;
-    DBT                        tmpdb;
-    XDR                        xdrs;
-    int                        ret;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
-
-    if(krb5_unparse_name(db->lock->context,
-                        entry->name, (char **) &dbkey.data)) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-    if((dbkey.size = strlen(dbkey.data)) == 0) {
-        ret = OSA_ADB_BAD_PRINC;
-        goto error;
-    }
-       
-    switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) {
-    case 0:
-       break;
-    case 1:
-       ret = OSA_ADB_NOENT;
-       goto error;
-    default:
-       ret = OSA_ADB_FAILURE;
-       goto error;
-    }
-    xdralloc_create(&xdrs, XDR_ENCODE);
-    if(!xdr_osa_princ_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret =  OSA_ADB_XDR_FAILURE;
-       goto error;
-    }
-    dbdata.data = xdralloc_getdata(&xdrs);
-    dbdata.size = xdr_getpos(&xdrs);
-    switch(db->db->put(db->db, &dbkey, &dbdata, 0)) {
-    case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret =  OSA_ADB_FAILURE;
-       else 
-            ret =  OSA_ADB_OK;
-       break;
-    default:
-       ret = OSA_ADB_FAILURE;
-       break;
-    }
-    xdralloc_release(&xdrs);
-    free(dbkey.data);
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-osa_adb_ret_t
-osa_adb_iter_princ(osa_adb_princ_t db, osa_adb_iter_princ_func func,
-                   void *data)
-{
-    DBT                            dbkey,
-                           dbdata;
-    XDR                            xdrs;
-    int                            ret;
-    osa_princ_ent_t        entry;
-    char                   *aligned_data;
-
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE); /* hmmmm */
-    
-    if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
-        ret = errno;
-        goto error;
-    }
-    while (ret == 0) {
-        if (!(entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec)))) {
-             ret = ENOMEM;
-             goto error;
-        }
-
-       aligned_data = (char *) malloc(dbdata.size);
-        if (aligned_data == NULL) {
-             ret = ENOMEM;
-             goto error;
-        }
-       memcpy(aligned_data, dbdata.data, dbdata.size);
-
-       memset(entry, 0, sizeof(osa_princ_ent_rec));
-       xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-       if(!xdr_osa_princ_ent_rec(&xdrs, entry)) {
-           xdr_destroy(&xdrs);
-           free(aligned_data);
-           ret = OSA_ADB_FAILURE;
-           goto error;
-       }
-       (*func)(data, entry);
-       xdr_destroy(&xdrs);
-       free(aligned_data);
-       osa_free_princ_ent(entry);
-       ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
-    }
-    if(ret == -1)
-        ret = errno;
-    else
-        ret = OSA_ADB_OK;
-
-error:
-    CLOSELOCK(db);
-    return ret;
-}
-
-#endif /* 0 */
diff --git a/src/lib/kadm5/adb_xdr.c b/src/lib/kadm5/adb_xdr.c
deleted file mode 100644 (file)
index 944fb04..0000000
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include <sys/types.h>
-#include <krb5.h>
-#include <rpc/rpc.h>
-#include "adb.h"
-#include "admin_xdr.h"
-#include <memory.h>
-
-bool_t
-xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
-{
-    unsigned int tmp;
-
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_ver))
-       return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno))
-       return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
-       return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
-       return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_length[0]))
-       return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_length[1]))
-       return(FALSE);
-
-    tmp = (unsigned int) objp->key_data_length[0];
-    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
-                  &tmp, ~0))
-       return FALSE;
-
-    tmp = (unsigned int) objp->key_data_length[1];
-    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
-                  &tmp, ~0))
-       return FALSE;
-
-    /* don't need to copy tmp out, since key_data_length will be set
-       by the above encoding. */
-
-    return(TRUE);
-}
-
-bool_t
-xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp)
-{
-    if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
-                  (u_int *) &objp->n_key_data, ~0,
-                  sizeof(krb5_key_data),
-                  xdr_krb5_key_data))
-       return (FALSE);
-    return (TRUE);
-}
-
-bool_t
-xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
-{
-    switch (xdrs->x_op) {
-    case XDR_ENCODE:
-        objp->version = OSA_ADB_PRINC_VERSION_1;
-        /* fall through */
-    case XDR_FREE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        break;
-    case XDR_DECODE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        if (objp->version != OSA_ADB_PRINC_VERSION_1)
-             return FALSE;
-        break;
-    }
-    
-    if (!xdr_nullstring(xdrs, &objp->policy))
-       return (FALSE);
-    if (!xdr_long(xdrs, &objp->aux_attributes))
-       return (FALSE);
-    if (!xdr_u_int(xdrs, &objp->old_key_next))
-       return (FALSE);
-    if (!xdr_krb5_kvno(xdrs, &objp->admin_history_kvno))
-       return (FALSE);
-    if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys,
-                  (unsigned int *) &objp->old_key_len, ~0,
-                  sizeof(osa_pw_hist_ent),
-                  xdr_osa_pw_hist_ent))
-       return (FALSE);
-    return (TRUE);
-}
-
-bool_t
-xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
-{
-    switch (xdrs->x_op) {
-    case XDR_ENCODE:
-        objp->version = OSA_ADB_POLICY_VERSION_1;
-        /* fall through */
-    case XDR_FREE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        break;
-    case XDR_DECODE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        if (objp->version != OSA_ADB_POLICY_VERSION_1)
-             return FALSE;
-        break;
-    }
-    
-    if(!xdr_nullstring(xdrs, &objp->name))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_life))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_max_life))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_length))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_classes))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_history_num))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->policy_refcnt))
-       return (FALSE);
-    return (TRUE);
-}
diff --git a/src/lib/kadm5/client_handle.c b/src/lib/kadm5/client_handle.c
deleted file mode 100644 (file)
index 895777a..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include "client_internal.h"
-
-int _kadm5_check_handle(void *handle)
-{
-     CHECK_HANDLE(handle);
-     return 0;
-}
diff --git a/src/lib/kadm5/client_init.c b/src/lib/kadm5/client_init.c
deleted file mode 100644 (file)
index bfc1c3a..0000000
+++ /dev/null
@@ -1,554 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include <stdio.h>
-#include <netdb.h>
-#include <memory.h>
-#include <string.h>
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <krb5.h>
-#include <k5-int.h> /* for KRB5_ADM_DEFAULT_PORT */
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-
-#include <kadm5/admin.h>
-#include <kadm5/kadm_rpc.h>
-#include "client_internal.h"
-
-#include <rpc/rpc.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_krb5.h>
-#include <rpc/auth_gssapi.h>
-
-#define        ADM_CCACHE  "/tmp/ovsec_adm.XXXXXX"
-
-#ifndef _POSIX_SOURCE /* Perhaps this should actually say __STDC__ */
-int    setenv(const char *var, const char *val, int flag);
-void   unsetenv(const char *var);
-#endif
-
-enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
-
-static kadm5_ret_t _kadm5_init_any(char *client_name,
-                                  enum init_type init_type,
-                                  char *pass,
-                                  krb5_ccache ccache_in,
-                                  char *service_name,
-                                  kadm5_config_params *params,
-                                  krb5_ui_4 struct_version,
-                                  krb5_ui_4 api_version,
-                                  void **server_handle);
-
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
-                                 krb5_ccache ccache,
-                                 char *service_name,
-                                 kadm5_config_params *params,
-                                 krb5_ui_4 struct_version,
-                                 krb5_ui_4 api_version,
-                                 void **server_handle)
-{
-     return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
-                           service_name, params,
-                           struct_version, api_version,
-                           server_handle);
-}
-
-
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
-                                    char *service_name,
-                                    kadm5_config_params *params,
-                                    krb5_ui_4 struct_version,
-                                    krb5_ui_4 api_version,
-                                    void **server_handle)
-{
-     return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
-                           service_name, params, struct_version,
-                           api_version, server_handle);
-}
-
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
-                      char *service_name, 
-                      kadm5_config_params *params,
-                      krb5_ui_4 struct_version,
-                      krb5_ui_4 api_version,
-                      void **server_handle)
-{
-     return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
-                           service_name, params, struct_version,
-                           api_version, server_handle);
-}
-
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
-                                char *service_name,
-                                kadm5_config_params *params,
-                                krb5_ui_4 struct_version,
-                                krb5_ui_4 api_version,
-                                void **server_handle)
-{
-     return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
-                           service_name, params, struct_version,
-                           api_version, server_handle);
-}
-
-/*
- * Try no preauthentication first; then try the encrypted timestamp
- * (stolen from krb5 kinit.c)
- */
-static int preauth_search_list[] = {
-     0,                        
-     KRB5_PADATA_ENC_UNIX_TIME,
-     -1
-};
-
-static kadm5_ret_t _kadm5_init_any(char *client_name,
-                                  enum init_type init_type,
-                                  char *pass,
-                                  krb5_ccache ccache_in,
-                                  char *service_name,
-                                  kadm5_config_params *params_in,
-                                  krb5_ui_4 struct_version,
-                                  krb5_ui_4 api_version,
-                                  void **server_handle)
-{
-     struct sockaddr_in addr;
-     struct hostent *hp;
-     struct servent *srv;
-     int fd;
-     int i;
-
-     char full_service_name[BUFSIZ], host[MAXHOSTNAMELEN], *ccname_orig;
-     char *realm;
-     krb5_creds        creds;
-     krb5_ccache ccache = NULL;
-     krb5_timestamp  now;
-     
-     OM_uint32 gssstat, minor_stat;
-     gss_buffer_desc input_name;
-     gss_name_t gss_target, gss_client;
-     gss_cred_id_t gss_client_creds = GSS_C_NO_CREDENTIAL;
-
-     kadm5_server_handle_t handle;
-     kadm5_config_params params_local;
-
-     int code = 0;
-     generic_ret *r;
-
-     initialize_ovk_error_table();
-     initialize_adb_error_table();
-     initialize_ovku_error_table();
-     
-     if (! server_handle) {
-        return EINVAL;
-     }
-
-     if (! (handle = malloc(sizeof(*handle)))) {
-         return ENOMEM;
-     }
-     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
-         free(handle);
-         return ENOMEM;
-     }
-
-     handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
-     handle->struct_version = struct_version;
-     handle->api_version = api_version;
-     handle->clnt = 0;
-     handle->cache_name = 0;
-     handle->destroy_cache = 0;
-     *handle->lhandle = *handle;
-     handle->lhandle->api_version = KADM5_API_VERSION_2;
-     handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
-     handle->lhandle->lhandle = handle->lhandle;
-
-     krb5_init_context(&handle->context);
-     krb5_init_ets(handle->context);   
-
-     if(service_name == NULL || client_name == NULL) {
-       free(handle);
-       return EINVAL;
-     }
-     memset((char *) &creds, 0, sizeof(creds));
-
-     /*
-      * Verify the version numbers before proceeding; we can't use
-      * CHECK_HANDLE because not all fields are set yet.
-      */
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
-                         KADM5_NEW_LIB_API_VERSION);
-     
-     /*
-      * Acquire relevant profile entries.  In version 2, merge values
-      * in params_in with values from profile, based on
-      * params_in->mask.
-      *
-      * In version 1, we've given a realm (which may be NULL) instead
-      * of params_in.  So use that realm, make params_in contain an
-      * empty mask, and behave like version 2.
-      */
-     memset((char *) &params_local, 0, sizeof(params_local));
-     if (api_version == KADM5_API_VERSION_1) {
-         realm = params_local.realm = (char *) params_in;
-         if (params_in)
-              params_local.mask = KADM5_CONFIG_REALM;
-         params_in = &params_local;
-     } else {
-         if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
-              realm = params_in->realm;
-         else
-              realm = NULL;
-     }
-
-#define ILLEGAL_PARAMS (KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \
-                       KADM5_CONFIG_ADB_LOCKFILE | \
-                       KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_DICT_FILE \
-                       | KADM5_CONFIG_ADMIN_KEYTAB | \
-                       KADM5_CONFIG_STASH_FILE | \
-                       KADM5_CONFIG_MKEY_NAME | KADM5_CONFIG_ENCTYPE \
-                       | KADM5_CONFIG_MAX_LIFE | \
-                       KADM5_CONFIG_MAX_RLIFE | \
-                       KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_FLAGS | \
-                       KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
-
-     if (params_in && params_in->mask & ILLEGAL_PARAMS) {
-         free(handle);
-         return KADM5_BAD_CLIENT_PARAMS;
-     }
-                       
-     if (code = kadm5_get_config_params(handle->context,
-                                       "/etc/krb5.conf",
-                                       "KRB5_CONFIG",
-                                       params_in,
-                                       &handle->params)) {
-         krb5_free_context(handle->context);
-         free(handle);
-         return(code);
-     }
-
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \
-                        KADM5_CONFIG_ADMIN_SERVER | \
-                        KADM5_CONFIG_KADMIND_PORT) 
-
-     if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-         krb5_free_context(handle->context);
-         free(handle);
-         return KRB5_CONFIG_BADFORMAT;
-     }
-     
-     /*
-      * Acquire a service ticket for service_name@realm in the name of
-      * client_name, using password pass (which could be NULL), and
-      * create a ccache to store them in.  If INIT_CREDS, use the
-      * ccache we were provided instead.
-      */
-     
-     if ((code = krb5_parse_name(handle->context, client_name, &creds.client)))
-         goto error;
-
-     if (realm) {
-         sprintf(full_service_name, "%s@%s", service_name, realm);
-     } else {
-         /* krb5_princ_realm(creds.client) is not null terminated */
-         strcpy(full_service_name, service_name);
-         strcat(full_service_name, "@");
-         strncat(full_service_name, krb5_princ_realm(handle->context,
-                                                     creds.client)->data, 
-                 krb5_princ_realm(handle->context, creds.client)->length);
-     }
-     
-     if ((code = krb5_parse_name(handle->context, full_service_name,
-         &creds.server))) 
-         goto error;
-
-     /* XXX temporarily fix a bug in krb5_cc_get_type */
-#undef krb5_cc_get_type
-#define krb5_cc_get_type(context, cache) ((cache)->ops->prefix)
-     
-
-     if (init_type == INIT_CREDS) {
-         ccache = ccache_in;
-         handle->cache_name = (char *)
-              malloc(strlen(krb5_cc_get_type(handle->context, ccache)) +
-                     strlen(krb5_cc_get_name(handle->context, ccache)) + 2);
-         if (handle->cache_name == NULL) {
-              code = ENOMEM;
-              goto error;
-         }
-         sprintf(handle->cache_name, "%s:%s",
-                 krb5_cc_get_type(handle->context, ccache),
-                 krb5_cc_get_name(handle->context, ccache));
-     } else {
-         handle->cache_name =
-              (char *) malloc(strlen(ADM_CCACHE)+strlen("FILE:")+1);
-         if (handle->cache_name == NULL) {
-              code = ENOMEM;
-              goto error;
-         }
-         sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE);
-         mktemp(handle->cache_name + strlen("FILE:"));
-     
-         if ((code = krb5_cc_resolve(handle->context, handle->cache_name,
-                                     &ccache))) 
-              goto error;
-         
-         if ((code = krb5_cc_initialize (handle->context, ccache,
-                                         creds.client))) 
-              goto error;
-
-         handle->destroy_cache = 1;
-     }
-     handle->lhandle->cache_name = handle->cache_name;
-     
-     if ((code = krb5_timeofday(handle->context, &now)))
-         goto error;
-
-     /*
-      * Get a ticket, use the method specified in init_type.
-      */
-     
-     creds.times.starttime = 0; /* start timer at KDC */
-     creds.times.endtime = 0; /* endtime will be limited by service */
-
-     if (init_type == INIT_PASS) {
-         for (i=0; preauth_search_list[i] >= 0; i++) {
-              code = krb5_get_in_tkt_with_password(handle->context,
-                                                   0, /* no options */
-                                                   0, /* default addresses */
-                                                   NULL,
-                                                   NULL, /* XXX preauth */
-                                                   pass,
-                                                   ccache,
-                                                   &creds,
-                                                   NULL);
-              if (code != KRB5KDC_ERR_PREAUTH_FAILED &&
-                  code != KRB5KDC_ERR_PREAUTH_REQUIRED &&
-                  code != KRB5KRB_ERR_GENERIC)
-                   break;
-         }
-     } else if (init_type == INIT_SKEY) {
-         krb5_keytab kt = NULL;
-
-         if (pass && (code = krb5_kt_resolve(handle->context, pass, &kt)))
-              ;
-         else {
-              for (i=0; preauth_search_list[i] >= 0; i++) {
-                   code = krb5_get_in_tkt_with_keytab(handle->context,
-                                                      0, /* no options */
-                                                      0, /* default addrs */
-                                                      NULL,
-                                                      NULL, /* XXX preauth */
-                                                      kt,
-                                                      ccache,
-                                                      &creds,
-                                                      NULL);
-                   if (code != KRB5KDC_ERR_PREAUTH_FAILED &&
-                       code != KRB5KDC_ERR_PREAUTH_REQUIRED &&
-                       code != KRB5KRB_ERR_GENERIC)
-                        break;
-              }
-
-              if (pass) krb5_kt_close(handle->context, kt);
-         }
-     }
-
-     /* Improved error messages */
-     if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
-     if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
-         code = KADM5_SECURE_PRINC_MISSING;
-
-     if (code != 0) goto error;
-
-#ifdef ZEROPASSWD
-     if (pass != NULL)
-         memset(pass, 0, strlen(pass));
-#endif
-
-     /*
-      * We have ticket; open the RPC connection.
-      */
-
-     hp = gethostbyname(handle->params.admin_server);
-     if (hp == (struct hostent *) NULL) {
-         code = KRB5_CONFIG_BADFORMAT;
-         goto cleanup;
-     }
-
-     memset(&addr, 0, sizeof(addr));
-     addr.sin_family = hp->h_addrtype;
-     (void) memcpy((char *) &addr.sin_addr, (char *) hp->h_addr,
-                  sizeof(addr.sin_addr));
-     addr.sin_port = htons((u_short) handle->params.kadmind_port);
-     
-     fd = RPC_ANYSOCK;
-     
-     handle->clnt = clnttcp_create(&addr, KADM, KADMVERS, &fd, 0, 0);
-     if (handle->clnt == NULL) {
-         code = KADM5_RPC_ERROR;
-         goto error;
-     }
-     handle->lhandle->clnt = handle->clnt;
-
-     /* now that handle->clnt is set, we can check the handle */
-     if (code = _kadm5_check_handle((void *) handle))
-         goto error;
-
-     /*
-      * The RPC connection is open; establish the GSS-API
-      * authentication context.
-      */
-
-     /* use the kadm5 cache */
-     ccname_orig = getenv("KRB5CCNAME");
-     if (ccname_orig)
-         ccname_orig = strdup(ccname_orig);
-     
-     (void) setenv("KRB5CCNAME", handle->cache_name, 1);
-
-#ifndef INIT_TEST
-     input_name.value = full_service_name;
-     input_name.length = strlen((char *)input_name.value) + 1;
-     gssstat = gss_import_name(&minor_stat, &input_name,
-                              gss_nt_krb5_name, &gss_target);
-     if (gssstat != GSS_S_COMPLETE) {
-         code = KADM5_GSS_ERROR;
-         goto error;
-     }
-#endif /* ! INIT_TEST */
-
-     input_name.value = client_name;
-     input_name.length = strlen((char *)input_name.value) + 1;
-     gssstat = gss_import_name(&minor_stat, &input_name,
-                              gss_nt_krb5_name, &gss_client);
-     if (gssstat != GSS_S_COMPLETE) {
-         code = KADM5_GSS_ERROR;
-         goto error;
-     }
-
-     gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
-                               GSS_C_NULL_OID_SET, GSS_C_INITIATE,
-                               &gss_client_creds, NULL, NULL);
-     (void) gss_release_name(&minor_stat, &gss_client);
-     if (gssstat != GSS_S_COMPLETE) {
-         code = KADM5_GSS_ERROR;
-         goto error;
-     }
-     
-#ifndef INIT_TEST
-     handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
-                                       &gssstat,
-                                       &minor_stat,
-                                       gss_client_creds,
-                                       gss_target,
-                                       GSS_C_NULL_OID,
-                                       GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
-                                       0,
-                                       NULL,
-                                       NULL,
-                                       NULL);
-     (void) gss_release_name(&minor_stat, &gss_target);
-#endif /* ! INIT_TEST */
-
-     if (ccname_orig) {
-         (void) setenv("KRB5CCNAME", ccname_orig, 1);
-         free(ccname_orig);
-     } else
-         (void) unsetenv("KRB5CCNAME");
-
-     
-     if (handle->clnt->cl_auth == NULL) {
-         code = KADM5_GSS_ERROR;
-         goto error;
-     }
-
-     r = init_1(&handle->api_version, handle->clnt);
-     if (r == NULL) {
-         code = KADM5_RPC_ERROR;
-         goto error;
-     }
-     if (r->code) {
-         code = r->code;
-         goto error;
-     }
-
-     *server_handle = (void *) handle;
-
-     if (init_type != INIT_CREDS) 
-         krb5_cc_close(handle->context, ccache);
-
-     goto cleanup;
-     
-error:
-     /*
-      * Note that it is illegal for this code to execute if "handle"
-      * has not been allocated and initialized.  I.e., don't use "goto
-      * error" before the block of code at the top of the function
-      * that allocates and initializes "handle".
-      */
-     if (handle->cache_name)
-        free(handle->cache_name);
-     if (handle->destroy_cache && ccache)
-        krb5_cc_destroy(handle->context, ccache);
-     if(handle->clnt && handle->clnt->cl_auth)
-         AUTH_DESTROY(handle->clnt->cl_auth);
-     if(handle->clnt)
-         clnt_destroy(handle->clnt);
-
-cleanup:
-     krb5_free_cred_contents(handle->context, &creds);
-     if (gss_client_creds != GSS_C_NO_CREDENTIAL)
-         (void) gss_release_cred(&minor_stat, &gss_client_creds);
-
-     if (code)
-         free(handle);
-
-     return code;
-}
-
-kadm5_ret_t
-kadm5_destroy(void *server_handle)
-{
-     krb5_ccache           ccache = NULL;
-     int                   code = KADM5_OK;
-     kadm5_server_handle_t     handle =
-         (kadm5_server_handle_t) server_handle;
-
-     CHECK_HANDLE(server_handle);
-
-     if (handle->destroy_cache && handle->cache_name) {
-        if ((code = krb5_cc_resolve(handle->context,
-                                    handle->cache_name, &ccache)) == 0) 
-            code = krb5_cc_destroy (handle->context, ccache);
-     }
-     if (handle->cache_name)
-        free(handle->cache_name);
-     if (handle->clnt && handle->clnt->cl_auth)
-         AUTH_DESTROY(handle->clnt->cl_auth);
-     if (handle->clnt)
-         clnt_destroy(handle->clnt);
-
-     handle->magic_number = 0;
-     free(handle);
-
-     return code;
-}
-
-kadm5_ret_t kadm5_flush(void *server_handle)
-{
-     return KADM5_OK;
-}
-
-int _kadm5_check_handle(void *handle)
-{
-     CHECK_HANDLE(handle);
-     return 0;
-}
diff --git a/src/lib/kadm5/client_internal.h b/src/lib/kadm5/client_internal.h
deleted file mode 100644 (file)
index 5a24615..0000000
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- * 
- * $Log$
- * Revision 1.11  1996/07/22 20:35:46  marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches.  This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964.  before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.10.4.1  1996/07/18 03:08:37  marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.10.2.1  1996/06/20  02:16:46  marc
- * File added to the repository on a branch
- *
- * Revision 1.10  1996/06/06  20:09:16  bjaspan
- * add destroy_cache, for kadm5_init_with_creds
- *
- * Revision 1.9  1996/05/30 21:04:42  bjaspan
- * add lhandle to handle
- *
- * Revision 1.8  1996/05/28 20:33:49  bjaspan
- * rework kadm5_config
- *
- * Revision 1.7  1996/05/17 21:36:59  bjaspan
- * rename to kadm5, begin implementing version 2
- *
- * Revision 1.6  1996/05/16 21:45:07  bjaspan
- * add context
- *
- * Revision 1.5  1996/05/08 21:10:23  bjaspan
- * marc's changes
- *
- * Revision 1.4  1996/01/16  20:54:30  grier
- * secure/3570 use krb5_ui_4 not unsigned int
- *
- * Revision 1.3  1995/11/14  17:48:57  grier
- * long to int
- *
- * Revision 1.2  1994/08/16  18:53:47  jik
- * Versioning stuff.
- *
- * Revision 1.1  1994/08/09  21:14:38  jik
- * Initial revision
- *
- */
-
-/*
- * This header file is used internally by the Admin API client
- * libraries.  IF YOU THINK YOU NEED TO USE THIS FILE FOR ANYTHING,
- * YOU'RE ALMOST CERTAINLY WRONG.
- */
-
-#ifndef __KADM5_CLIENT_INTERNAL_H__
-#define __KADM5_CLIENT_INTERNAL_H__
-
-#include "admin_internal.h"
-
-typedef struct _kadm5_server_handle_t {
-       krb5_ui_4       magic_number;
-       krb5_ui_4       struct_version;
-       krb5_ui_4       api_version;
-       char *          cache_name;
-       int             destroy_cache;
-       CLIENT *        clnt;
-       krb5_context    context;
-       kadm5_config_params params;
-       struct _kadm5_server_handle_t *lhandle;
-} kadm5_server_handle_rec, *kadm5_server_handle_t;
-
-#define CLIENT_CHECK_HANDLE(handle) \
-{ \
-       kadm5_server_handle_t srvr = \
-            (kadm5_server_handle_t) handle; \
- \
-       if (! srvr->clnt) \
-            return KADM5_BAD_SERVER_HANDLE; \
-       if (! srvr->cache_name) \
-            return KADM5_BAD_SERVER_HANDLE; \
-       if (! srvr->lhandle) \
-            return KADM5_BAD_SERVER_HANDLE; \
-}
-
-#define CHECK_HANDLE(handle) \
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \
-                         KADM5_NEW_LIB_API_VERSION) \
-     CLIENT_CHECK_HANDLE(handle)
-
-#endif /* __KADM5_CLIENT_INTERNAL_H__ */
diff --git a/src/lib/kadm5/client_principal.c b/src/lib/kadm5/client_principal.c
deleted file mode 100644 (file)
index c419227..0000000
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include    <rpc/rpc.h>
-#include    <kadm5/admin.h>
-#include    <kadm5/kadm_rpc.h>
-#include    <memory.h>
-#include    "client_internal.h"
-
-kadm5_ret_t
-kadm5_create_principal(void *server_handle,
-                           kadm5_principal_ent_t princ, long mask,
-                           char *pw)
-{
-    generic_ret                *r;
-    cprinc_arg         arg;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.mask = mask;
-    arg.passwd = pw;
-    arg.api_version = handle->api_version;
-
-    if(princ == NULL)
-       return EINVAL;
-    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        /*
-         * hack hack cough cough.
-         * krb5_unparse name dumps core if we pass it in garbage
-         * or null. So, since the client is not allowed to set mod_name
-         * anyway, we just fill it in with a dummy principal. The server of
-         * course ignores this.
-         */
-        krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
-    } else
-        arg.rec.mod_name = NULL;
-    
-    if(!(mask & KADM5_POLICY))
-       arg.rec.policy = NULL;
-    if (! (mask & KADM5_KEY_DATA)) {
-        arg.rec.n_key_data = 0;
-        arg.rec.key_data = NULL;
-    }
-    if (! (mask & KADM5_TL_DATA)) {
-        arg.rec.n_tl_data = 0;
-        arg.rec.tl_data = NULL;
-    }
-        
-    r = create_principal_1(&arg, handle->clnt);
-
-    if (handle->api_version == KADM5_API_VERSION_1)
-        krb5_free_principal(handle->context, arg.rec.mod_name);
-
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_delete_principal(void *server_handle, krb5_principal principal)
-{
-    dprinc_arg         arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if(principal == NULL)
-       return EINVAL;
-    arg.princ = principal;
-    arg.api_version = handle->api_version;
-    r = delete_principal_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_modify_principal(void *server_handle,
-                           kadm5_principal_ent_t princ, long mask)
-{
-    mprinc_arg         arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.mask = mask;
-    arg.api_version = handle->api_version;
-    /*
-     * cough cough gag gag
-     * see comment in create_principal.
-     */
-    if(princ == NULL)
-       return EINVAL;
-    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
-    if(!(mask & KADM5_POLICY))
-       arg.rec.policy = NULL;
-    if (! (mask & KADM5_KEY_DATA)) {
-        arg.rec.n_key_data = 0;
-        arg.rec.key_data = NULL;
-    }
-    if (! (mask & KADM5_TL_DATA)) {
-        arg.rec.n_tl_data = 0;
-        arg.rec.tl_data = NULL;
-    }
-
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        /*
-         * See comment in create_principal
-         */
-        krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
-    } else
-        arg.rec.mod_name = NULL;
-    
-    r = modify_principal_1(&arg, handle->clnt);
-
-    if (handle->api_version == KADM5_API_VERSION_1)
-        krb5_free_principal(handle->context, arg.rec.mod_name);    
-
-    if(r == NULL)
-       return KADM5_RPC_ERROR;    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_get_principal(void *server_handle,
-                   krb5_principal princ, kadm5_principal_ent_t ent,
-                   long mask)
-{
-    gprinc_arg arg;
-    gprinc_ret *r;
-    kadm5_server_handle_t handle = server_handle;
-    krb5_error_code retval;
-
-    CHECK_HANDLE(server_handle);
-
-    if(princ == NULL)
-       return EINVAL;
-    arg.princ = princ;
-    if (handle->api_version == KADM5_API_VERSION_1)
-       arg.mask = KADM5_PRINCIPAL_NORMAL_MASK;
-    else
-       arg.mask = mask;
-    arg.api_version = handle->api_version;
-    r = get_principal_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_principal_ent_t_v1 *entp;
-
-        entp = (kadm5_principal_ent_t_v1 *) ent;
-        if (r->code == 0) {
-             if (!(*entp = (kadm5_principal_ent_t_v1)
-                   malloc(sizeof(kadm5_principal_ent_rec_v1))))
-                  return ENOMEM;
-             /* this memcpy works because the v1 structure is an initial
-                subset of the v2 struct.  C guarantees that this will
-                result in the same layout in memory */
-             memcpy(*entp, &r->rec, sizeof(**entp));
-        } else {
-           *entp = NULL;
-        }
-    } else {
-        if (r->code == 0)
-             memcpy(ent, &r->rec, sizeof(r->rec));
-    }
-    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_get_principals(void *server_handle,
-                         char *exp, char ***princs, int *count)
-{
-    gprincs_arg        arg;
-    gprincs_ret        *r;
-    kadm5_server_handle_t handle = server_handle;
-    krb5_error_code retval;
-
-    CHECK_HANDLE(server_handle);
-
-    if(princs == NULL || count == NULL)
-       return EINVAL;
-    arg.exp = exp;
-    arg.api_version = handle->api_version;
-    r = get_princs_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    if(r->code == 0) {
-        *count = r->count;
-        *princs = r->princs;
-    } else {
-        *count = 0;
-        *princs = NULL;
-    }
-    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_rename_principal(void *server_handle,
-                           krb5_principal source, krb5_principal dest)
-{
-    rprinc_arg         arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.src = source;
-    arg.dest = dest;
-    arg.api_version = handle->api_version;
-    if (source == NULL || dest == NULL)
-       return EINVAL;
-    r = rename_principal_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;        
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_chpass_principal(void *server_handle,
-                           krb5_principal princ, char *password)
-{
-    chpass_arg         arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.princ = princ;
-    arg.pass = password;
-    arg.api_version = handle->api_version;
-
-    if(princ == NULL)
-       return EINVAL;
-    r = chpass_principal_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;        
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_randkey_principal(void *server_handle,
-                       krb5_principal princ,
-                       krb5_keyblock **key, int *n_keys)
-{
-    chrand_arg         arg;
-    chrand_ret         *r;
-    krb5_keyblock      new;
-    kadm5_server_handle_t handle = server_handle;
-    int                        i, ret;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.princ = princ;
-    arg.api_version = handle->api_version;
-
-    if(princ == NULL)
-       return EINVAL;
-    r = chrand_principal_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        if (key)
-             krb5_copy_keyblock(handle->context, &r->key, key);
-    } else {
-        if (n_keys)
-             *n_keys = r->n_keys;
-        if (key) {
-             *key = (krb5_keyblock *) malloc(r->n_keys*sizeof(krb5_keyblock));
-             if (*key == NULL)
-                  return ENOMEM;
-             for (i = 0; i < r->n_keys; i++) {
-                  ret = krb5_copy_keyblock_contents(handle->context,
-                                                    &r->keys[i],
-                                                    &(*key)[i]);
-                  if (ret) {
-                       free(*key);
-                       return ENOMEM;
-                  }
-             }
-        }
-    }
-        
-    return r->code;
-}
-
-/* not supported on client side */
-kadm5_ret_t kadm5_decrypt_key(void *server_handle,
-                             kadm5_principal_ent_t entry, krb5_int32
-                             ktype, krb5_int32 stype, krb5_int32
-                             kvno, krb5_keyblock *keyblock,
-                             krb5_keysalt *keysalt, int *kvnop)
-{
-     return EINVAL;
-}
diff --git a/src/lib/kadm5/client_rpc.c b/src/lib/kadm5/client_rpc.c
deleted file mode 100644 (file)
index 547844a..0000000
+++ /dev/null
@@ -1,221 +0,0 @@
-#include <rpc/rpc.h>
-#include <kadm5/kadm_rpc.h>
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include <memory.h>
-
-/* Default timeout can be changed using clnt_control() */
-static struct timeval TIMEOUT = { 25, 0 };
-
-generic_ret *
-create_principal_1(argp, clnt)
-       cprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, CREATE_PRINCIPAL, xdr_cprinc_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-delete_principal_1(argp, clnt)
-       dprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, DELETE_PRINCIPAL, xdr_dprinc_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-modify_principal_1(argp, clnt)
-       mprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, MODIFY_PRINCIPAL, xdr_mprinc_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-rename_principal_1(argp, clnt)
-       rprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, RENAME_PRINCIPAL, xdr_rprinc_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-gprinc_ret *
-get_principal_1(argp, clnt)
-       gprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static gprinc_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, GET_PRINCIPAL, xdr_gprinc_arg, argp, xdr_gprinc_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-gprincs_ret *
-get_princs_1(argp, clnt)
-       gprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static gprincs_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, GET_PRINCS, xdr_gprincs_arg, argp,
-                     xdr_gprincs_ret, &res, TIMEOUT) != RPC_SUCCESS) { 
-            return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-chpass_principal_1(argp, clnt)
-       chpass_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, CHPASS_PRINCIPAL, xdr_chpass_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-chrand_ret *
-chrand_principal_1(argp, clnt)
-       chrand_arg *argp;
-       CLIENT *clnt;
-{
-       static chrand_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, CHRAND_PRINCIPAL, xdr_chrand_arg, argp, xdr_chrand_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-create_policy_1(argp, clnt)
-       cpol_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, CREATE_POLICY, xdr_cpol_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-delete_policy_1(argp, clnt)
-       dpol_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, DELETE_POLICY, xdr_dpol_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-generic_ret *
-modify_policy_1(argp, clnt)
-       mpol_arg *argp;
-       CLIENT *clnt;
-{
-       static generic_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, MODIFY_POLICY, xdr_mpol_arg, argp, xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-gpol_ret *
-get_policy_1(argp, clnt)
-       gpol_arg *argp;
-       CLIENT *clnt;
-{
-       static gpol_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, GET_POLICY, xdr_gpol_arg, argp, xdr_gpol_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-               return (NULL);
-       }
-       return (&res);
-}
-
-gpols_ret *
-get_pols_1(argp, clnt)
-       gprinc_arg *argp;
-       CLIENT *clnt;
-{
-       static gpols_ret res;
-
-       memset((char *)&res, 0, sizeof(res));
-       if (clnt_call(clnt, GET_POLS, xdr_gpols_arg, argp,
-                     xdr_gpols_ret, &res, TIMEOUT) != RPC_SUCCESS) { 
-            return (NULL);
-       }
-       return (&res);
-}
-
-getprivs_ret *get_privs_1(argp, clnt)
-   void *argp;
-   CLIENT *clnt;
-{
-     static getprivs_ret res;
-
-     memset((char *)&res, 0, sizeof(res));
-     if (clnt_call(clnt, GET_PRIVS, xdr_u_int32, argp,
-                  xdr_getprivs_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-         return (NULL);
-     }
-     return (&res);
-}
-
-generic_ret *
-init_1(argp, clnt)
-   void *argp;
-   CLIENT *clnt;
-{
-     static generic_ret res;
-
-     memset((char *)&res, 0, sizeof(res));
-     if (clnt_call(clnt, INIT, xdr_u_int32, argp,
-                  xdr_generic_ret, &res, TIMEOUT) != RPC_SUCCESS) {
-         return (NULL);
-     }
-     return (&res);
-}
diff --git a/src/lib/kadm5/clnt_chpass_util.c b/src/lib/kadm5/clnt_chpass_util.c
deleted file mode 100644 (file)
index d6c7f0b..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-#include <kadm5/admin.h>
-#include "client_internal.h"
-
-kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
-                                       krb5_principal princ,
-                                       char *new_pw, 
-                                       char **ret_pw,
-                                       char *msg_ret)
-{
-  kadm5_server_handle_t handle = server_handle;
-
-  CHECK_HANDLE(server_handle);
-  return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-                                     new_pw, ret_pw, msg_ret);
-}
diff --git a/src/lib/kadm5/clnt_policy.c b/src/lib/kadm5/clnt_policy.c
deleted file mode 100644 (file)
index f81cf74..0000000
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include    <rpc/rpc.h>
-#include    <kadm5/admin.h>
-#include    <kadm5/kadm_rpc.h>
-#include    "client_internal.h"
-#include       <stdlib.h>
-#include       <string.h>
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-                        kadm5_policy_ent_t policy, long mask)
-{
-    cpol_arg           arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if(policy == (kadm5_policy_ent_t) NULL)
-       return EINVAL;
-
-    arg.mask = mask;
-    arg.api_version = handle->api_version;
-    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
-    r = create_policy_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_delete_policy(void *server_handle, char *name)
-{
-    dpol_arg           arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-        
-    CHECK_HANDLE(server_handle);
-
-    if(name == NULL)
-       return EINVAL;
-
-    arg.name = name;
-    arg.api_version = handle->api_version;
-
-    r = delete_policy_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-                        kadm5_policy_ent_t policy, long mask)
-
-{
-    mpol_arg           arg;
-    generic_ret                *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if(policy == (kadm5_policy_ent_t) NULL)
-       return EINVAL;
-       
-    arg.mask = mask;
-    arg.api_version = handle->api_version;
-
-    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
-    r = modify_policy_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;    
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
-
-{
-    gpol_arg       arg;
-    gpol_ret       *r;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.name = name;
-    arg.api_version = handle->api_version;
-
-    if(name == NULL)
-       return EINVAL;
-       
-    r = get_policy_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_policy_ent_t *entp;
-
-        entp = (kadm5_policy_ent_t *) ent;
-        if(r->code == 0) {
-             if (!(*entp = (kadm5_policy_ent_t)
-                   malloc(sizeof(kadm5_policy_ent_rec))))
-                  return ENOMEM;
-             memcpy(*entp, &r->rec, sizeof(**entp));
-        } else {
-             *entp = NULL;
-        }
-    } else {
-        if (r->code == 0)
-             memcpy(ent, &r->rec, sizeof(r->rec));
-    }
-        
-    return r->code;
-}
-
-kadm5_ret_t
-kadm5_get_policies(void *server_handle,
-                         char *exp, char ***pols, int *count)
-{
-    gpols_arg  arg;
-    gpols_ret  *r;
-    kadm5_server_handle_t handle = server_handle;
-    krb5_error_code retval;
-
-    CHECK_HANDLE(server_handle);
-
-    if(pols == NULL || count == NULL)
-       return EINVAL;
-    arg.exp = exp;
-    arg.api_version = handle->api_version;
-    r = get_pols_1(&arg, handle->clnt);
-    if(r == NULL)
-       return KADM5_RPC_ERROR;
-    if(r->code == 0) {
-        *count = r->count;
-        *pols = r->pols;
-    } else {
-        *count = 0;
-        *pols = NULL;
-    }
-    
-    return r->code;
-}
diff --git a/src/lib/kadm5/clnt_privs.c b/src/lib/kadm5/clnt_privs.c
deleted file mode 100644 (file)
index 93ea199..0000000
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Id$
- * $Source$
- * 
- * $Log$
- * Revision 1.6  1996/07/22 20:35:57  marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches.  This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964.  before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.5.4.1  1996/07/18 03:08:45  marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.5.2.1  1996/06/20  02:16:53  marc
- * File added to the repository on a branch
- *
- * Revision 1.5  1996/05/17  21:36:50  bjaspan
- * rename to kadm5, begin implementing version 2
- *
- * Revision 1.4  1996/05/16 21:45:51  bjaspan
- * u_int32 -> long, add krb5_context
- *
- * Revision 1.3  1994/09/20 16:25:05  bjaspan
- * [secure-admin/2436: API versioning fixes to various admin files]
- * [secure-releng/2502: audit secure-admin/2436: random API versioning fixes]
- *
- * Sandbox:
- *
- *  Unnecessary variable initialization removed.
- *
- * Revision 1.3  1994/09/12  20:26:39  jik
- * Unnecessary variable initialization removed.
- *
- * Revision 1.2  1994/08/16  18:52:02  jik
- * Versioning changes.
- *
- * Revision 1.1  1993/11/10  23:10:39  bjaspan
- * Initial revision
- *
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include    <rpc/rpc.h>
-#include    <kadm5/admin.h>
-#include    <kadm5/kadm_rpc.h>
-#include    "client_internal.h"
-
-kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
-{
-     getprivs_ret *r;
-     kadm5_server_handle_t handle = server_handle;
-
-     r = get_privs_1(&handle->api_version, handle->clnt);
-     if (r == NULL)
-         return KADM5_RPC_ERROR;
-     else if (r->code == KADM5_OK)
-         *privs = r->privs;
-     return r->code;
-}
index 6466673a8a830032fdc730483acfb3a317e29ed4..1f7b16344c27bbde84ac60770e0bfdf332d69a1c 100644 (file)
@@ -1,5 +1,7 @@
 AC_INIT(configure.in)
 CONFIG_RULES
+AC_CONFIG_SUBDIRS(clnt srv)
+DO_SUBDIRS
 AC_PROG_ARCHIVE
 AC_PROG_ARCHIVE_ADD
 AC_PROG_RANLIB
@@ -7,40 +9,35 @@ AC_PROG_INSTALL
 AC_PROG_LEX
 AC_PROG_AWK
 AC_CHECK_HEADERS(syslog.h)
-AC_REPLACE_FUNCS(setenv)
-save_LIBS="$LIBS"
-LIBS=-lgen
-AC_CHECK_FUNCS(compile step)
-[if test "$krb5_cv_func_compile" = true ; then
-       LIBS="$save_LIBS -lgen"
-else
-       LIBS="$save_LIBS"
-fi]
-AC_CHECK_FUNCS(re_comp re_exec regcomp regexec openlog syslog closelog strftime vsprintf)
+AC_CHECK_FUNCS(openlog syslog closelog strftime vsprintf)
 V5_SHARED_LIB_OBJS
-V5_MAKE_SHARED_LIB(libkadm5srv,1.0,.., ./kadm5,srv)
-V5_MAKE_SHARED_LIB(libkadm5clnt,1.0,.., ./kadm5,clnt)
-GSSRPC_SH_VERS=$krb5_cv_shlib_version_libgssrpc
-AC_SUBST(GSSRPC_SH_VERS)
-GSSAPI_KRB5_SH_VERS=$krb5_cv_shlib_version_libgssapi_krb5
-AC_SUBST(GSSAPI_KRB5_SH_VERS)
-KDB5_SH_VERS=$krb5_cv_shlib_version_libkdb5
-AC_SUBST(KDB5_SH_VERS)
-KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5
-AC_SUBST(KRB5_SH_VERS)
-CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto
-AC_SUBST(CRYPTO_SH_VERS)
-COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err
-AC_SUBST(COMERR_SH_VERS)
-DYN_SH_VERS=$krb5_cv_shlib_version_libdyn
-AC_SUBST(DYN_SH_VERS)
+
+dnl V5_MAKE_SHARED_LIB(libkadm5srv,1.0,.., ./kadm5,srv)
+dnl V5_MAKE_SHARED_LIB(libkadm5clnt,1.0,.., ./kadm5,clnt)
+dnl GSSRPC_SH_VERS=$krb5_cv_shlib_version_libgssrpc
+dnl AC_SUBST(GSSRPC_SH_VERS)
+dnl GSSAPI_KRB5_SH_VERS=$krb5_cv_shlib_version_libgssapi_krb5
+dnl AC_SUBST(GSSAPI_KRB5_SH_VERS)
+dnl KDB5_SH_VERS=$krb5_cv_shlib_version_libkdb5
+dnl AC_SUBST(KDB5_SH_VERS)
+dnl KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5
+dnl AC_SUBST(KRB5_SH_VERS)
+dnl CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto
+dnl AC_SUBST(CRYPTO_SH_VERS)
+dnl COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err
+dnl AC_SUBST(COMERR_SH_VERS)
+dnl DYN_SH_VERS=$krb5_cv_shlib_version_libdyn
+dnl AC_SUBST(DYN_SH_VERS)
+
+SubdirLibraryRule([$(OBJS)])
+
 CopySrcHeader(adb.h,[$](BUILDTOP)/include/kadm5)
 CopySrcHeader(admin.h,[$](BUILDTOP)/include/kadm5)
 CopySrcHeader(admin_internal.h,[$](BUILDTOP)/include/kadm5)
 CopySrcHeader(admin_xdr.h,[$](BUILDTOP)/include/kadm5)
-CopySrcHeader(client_internal.h,[$](BUILDTOP)/include/kadm5)
+dnl CopySrcHeader(client_internal.h,[$](BUILDTOP)/include/kadm5)
 CopySrcHeader(kadm_rpc.h,[$](BUILDTOP)/include/kadm5)
-CopySrcHeader(server_acl.h,[$](BUILDTOP)/include/kadm5)
+dnl CopySrcHeader(server_acl.h,[$](BUILDTOP)/include/kadm5)
 CopySrcHeader(server_internal.h,[$](BUILDTOP)/include/kadm5)
 CopyHeader(adb_err.h,[$](BUILDTOP)/include/kadm5)
 CopyHeader(chpass_util_strings.h,[$](BUILDTOP)/include/kadm5)
diff --git a/src/lib/kadm5/server_acl.c b/src/lib/kadm5/server_acl.c
deleted file mode 100644 (file)
index 16a7f4e..0000000
+++ /dev/null
@@ -1,511 +0,0 @@
-/*
- * kadmin/v5server/srv_acl.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * srv_acl.c - Handle Kerberos ACL related functions.
- */
-#include <stdio.h>
-#include <sys/param.h>
-#include <gssapi/gssapi_generic.h>
-#include "k5-int.h"
-#include "server_acl.h"
-#include <kadm5/server_internal.h>
-
-typedef struct _acl_op_table {
-    char       ao_op;
-    krb5_int32 ao_mask;
-} aop_t;
-
-typedef struct _acl_entry {
-    struct _acl_entry  *ae_next;
-    char               *ae_name;
-    krb5_boolean       ae_name_bad;
-    krb5_principal     ae_principal;
-    krb5_int32         ae_op_allowed;
-    char               *ae_target;
-    krb5_boolean       ae_target_bad;
-    krb5_principal     ae_target_princ;
-} aent_t;
-
-static const aop_t acl_op_table[] = {
-    { 'a',     ACL_ADD },
-    { 'd',     ACL_DELETE },
-    { 'm',     ACL_MODIFY },
-    { 'c',     ACL_CHANGEPW },
-    { 'i',     ACL_INQUIRE },
-    { 'l',     ACL_LIST },
-    { 'x',     ACL_ALL_MASK },
-    { '*',     ACL_ALL_MASK },
-    { '\0',    0 }
-};
-
-static aent_t  *acl_list_head = (aent_t *) NULL;
-static aent_t  *acl_list_tail = (aent_t *) NULL;
-
-static const char *acl_acl_file = (char *) NULL;
-static int acl_inited = 0;
-static int acl_debug_level = 0;
-/*
- * This is the catchall entry.  If nothing else appropriate is found, or in
- * the case where the ACL file is not present, this entry controls what can
- * be done.
- */
-static const char *acl_catchall_entry = NULL;
-
-static const char *acl_line2long_msg = "%s: line %d too long, truncated\n";
-static const char *acl_op_bad_msg = "Unrecognized ACL operation '%c' in %s\n";
-static const char *acl_syn_err_msg = "%s: syntax error at line %d <%10s...>\n";
-static const char *acl_cantopen_msg = "\007cannot open ACL file";
-\f
-/*
- * acl_get_line()      - Get a line from the ACL file.
- */
-static char *
-acl_get_line(fp, lnp)
-    FILE       *fp;
-    int                *lnp;
-{
-    int                i, domore;
-    static char acl_buf[BUFSIZ];
-
-    for (domore = 1; domore && !feof(fp); ) {
-       /* Copy in the line */
-       for (i=0;
-            ((i<BUFSIZ) &&
-             (!feof(fp)) &&
-             ((acl_buf[i] = fgetc(fp)) != '\n'));
-            i++);
-
-       /* Check if we exceeded our buffer size */
-       if ((i == BUFSIZ) && (!feof(fp)) && (acl_buf[i] != '\n')) {
-           fprintf(stderr, acl_line2long_msg, acl_acl_file, *lnp);
-           while (fgetc(fp) != '\n');
-       }
-               acl_buf[i] = '\0';
-       if (acl_buf[0] == (char) EOF)   /* ptooey */
-           acl_buf[0] = '\0';
-       else
-           (*lnp)++;
-       if ((acl_buf[0] != '#') && (acl_buf[0] != '\0'))
-           domore = 0;
-    }
-    if (domore || (strlen(acl_buf) == 0))
-       return((char *) NULL);
-    else
-       return(acl_buf);
-}
-\f
-/*
- * acl_parse_line()    - Parse the contents of an ACL line.
- */
-static aent_t *
-acl_parse_line(lp)
-    char *lp;
-{
-    static char acle_principal[BUFSIZ];
-    static char acle_ops[BUFSIZ];
-    static char acle_object[BUFSIZ];
-    aent_t     *acle;
-    char       *op;
-    int                t, found, opok, nmatch;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_parse_line(line=%20s)\n", lp));
-    /*
-     * Format is very simple:
-     * entry ::= <whitespace> <principal> <whitespace> <opstring> <whitespace>
-     *           [<target> <whitespace>]
-     */
-    acle = (aent_t *) NULL;
-    acle_object[0] = '\0';
-    nmatch = sscanf(lp, "%s %s %s", acle_principal, acle_ops, acle_object);
-    if (nmatch >= 2) {
-       acle = (aent_t *) malloc(sizeof(aent_t));
-       if (acle) {
-           acle->ae_next = (aent_t *) NULL;
-           acle->ae_op_allowed = (krb5_int32) 0;
-           acle->ae_target =
-               (nmatch >= 3) ? strdup(acle_object) : (char *) NULL;
-           acle->ae_target_bad = 0;
-           acle->ae_target_princ = (krb5_principal) NULL;
-           opok = 1;
-           for (op=acle_ops; *op; op++) {
-               char rop;
-
-               rop = (isupper(*op)) ? tolower(*op) : *op;
-               found = 0;
-               for (t=0; acl_op_table[t].ao_op; t++) {
-                   if (rop == acl_op_table[t].ao_op) {
-                       found = 1;
-                       if (rop == *op)
-                           acle->ae_op_allowed |= acl_op_table[t].ao_mask;
-                       else
-                           acle->ae_op_allowed &= ~acl_op_table[t].ao_mask;
-                   }
-               }
-               if (!found) {
-                   fprintf(stderr, acl_op_bad_msg, *op, lp);
-                   opok = 0;
-               }
-           }
-           if (opok) {
-               acle->ae_name = (char *) malloc(strlen(acle_principal)+1);
-               if (acle->ae_name) {
-                   strcpy(acle->ae_name, acle_principal);
-                   acle->ae_principal = (krb5_principal) NULL;
-                   acle->ae_name_bad = 0;
-                   DPRINT(DEBUG_ACL, acl_debug_level,
-                          ("A ACL entry %s -> opmask %x\n",
-                           acle->ae_name, acle->ae_op_allowed));
-               }
-               else {
-                   if (acle->ae_target)
-                       free(acle->ae_target);
-                   free(acle);
-                   acle = (aent_t *) NULL;
-               }
-           }
-           else {
-               if (acle->ae_target)
-                   free(acle->ae_target);
-               free(acle);
-               acle = (aent_t *) NULL;
-           }
-       }
-    }
-    DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_parse_line() = %x\n", (long) acle));
-    return(acle);
-}
-\f
-/*
- * acl_free_entries()  - Free all ACL entries.
- */
-static void
-acl_free_entries()
-{
-    aent_t     *ap;
-    aent_t     *np;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_free_entries()\n"));
-    for (ap=acl_list_head; ap; ap = np) {
-       if (ap->ae_name)
-           free(ap->ae_name);
-       if (ap->ae_principal)
-           krb5_free_principal((krb5_context) NULL, ap->ae_principal);
-       if (ap->ae_target)
-           free(ap->ae_target);
-       if (ap->ae_target_princ)
-           krb5_free_principal((krb5_context) NULL, ap->ae_target_princ);
-       np = ap->ae_next;
-       free(ap);
-    }
-    acl_list_head = acl_list_tail = (aent_t *) NULL;
-    acl_inited = 0;
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_free_entries()\n"));
-}
-\f
-/*
- * acl_load_acl_file() - Open and parse the ACL file.
- */
-static int
-acl_load_acl_file()
-{
-char tmpbuf[10];
-    FILE       *afp;
-    char       *alinep;
-    aent_t     **aentpp;
-    int                alineno;
-    int                retval = 1;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n"));
-    /* Open the ACL file for read */
-    if (afp = fopen(acl_acl_file, "r")) {
-       alineno = 1;
-       aentpp = &acl_list_head;
-
-       /* Get a non-comment line */
-       while (alinep = acl_get_line(afp, &alineno)) {
-           /* Parse it */
-           *aentpp = acl_parse_line(alinep);
-           /* If syntax error, then fall out */
-           if (!*aentpp) {
-               fprintf(stderr, acl_syn_err_msg,
-                       acl_acl_file, alineno, alinep);
-               retval = 0;
-               break;
-           }
-           acl_list_tail = *aentpp;
-           aentpp = &(*aentpp)->ae_next;
-       }
-
-       if (acl_catchall_entry) {
-            strcpy(tmpbuf, acl_catchall_entry);
-            if (*aentpp = acl_parse_line(tmpbuf)) {
-                 acl_list_tail = *aentpp;
-            }
-            else {
-                 retval = 0;
-                 DPRINT(DEBUG_OPERATION, acl_debug_level,
-                        ("> catchall acl entry (%s) load failed\n",
-                         acl_catchall_entry));
-            }
-            fclose(afp);
-       }
-    }
-    else {
-       com_err(acl_acl_file, errno, acl_cantopen_msg);
-       if (acl_list_head = acl_parse_line(acl_catchall_entry)) {
-           acl_list_tail = acl_list_head;
-       }
-       else {
-           retval = 0;
-           DPRINT(DEBUG_OPERATION, acl_debug_level,
-                  ("> catchall acl entry (%s) load failed\n",
-                   acl_catchall_entry));
-       }
-    }
-
-    if (!retval) {
-       acl_free_entries();
-    }
-    DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("X acl_load_acl_file() = %d\n", retval));
-    return(retval);
-}
-\f
-/*
- * acl_match_data()    - See if two data entries match.
- *
- * Wildcarding is only supported for a whole component.
- */
-static krb5_boolean
-acl_match_data(e1, e2)
-    krb5_data  *e1, *e2;
-{
-    krb5_boolean       retval;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, 
-          ("* acl_match_entry(%s, %s)\n", e1->data, e2->data));
-    retval = 0;
-    if (!strncmp(e1->data, "*", e1->length) ||
-       !strncmp(e2->data, "*", e2->length)) {
-       retval = 1;
-    }
-    else {
-       if ((e1->length == e2->length) &&
-           (!strncmp(e1->data, e2->data, e1->length)))
-           retval = 1;
-    }
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_match_entry()=%d\n",retval));
-    return(retval);
-}
-\f
-/*
- * acl_find_entry()    - Find a matching entry.
- */
-static aent_t *
-acl_find_entry(kcontext, principal, dest_princ)
-    krb5_context       kcontext;
-    krb5_principal     principal;
-    krb5_principal     dest_princ;
-{
-    aent_t             *entry;
-    krb5_error_code    kret;
-    int                        i;
-    int                        matchgood;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_find_entry()\n"));
-    for (entry=acl_list_head; entry; entry = entry->ae_next) {
-       if (!strcmp(entry->ae_name, "*")) {
-           DPRINT(DEBUG_ACL, acl_debug_level, ("A wildcard ACL match\n"));
-           break;
-       }
-       if (!entry->ae_principal && !entry->ae_name_bad) {
-           kret = krb5_parse_name(kcontext,
-                                  entry->ae_name,
-                                  &entry->ae_principal);
-           if (kret)
-               entry->ae_name_bad = 1;
-       }
-       if (entry->ae_name_bad) {
-           DPRINT(DEBUG_ACL, acl_debug_level,
-                  ("A Bad ACL entry %s\n", entry->ae_name));
-           continue;
-       }
-       if (entry->ae_target &&
-           !entry->ae_target_princ &&
-           !entry->ae_target_bad) {
-           kret = krb5_parse_name(kcontext,
-                                  entry->ae_target,
-                                  &entry->ae_target_princ);
-           if (kret)
-               entry->ae_target_bad = 1;
-       }
-       if (entry->ae_target_bad) {
-           DPRINT(DEBUG_ACL, acl_debug_level,
-                  ("A Bad target in an ACL entry for %s\n", entry->ae_name));
-           entry->ae_name_bad = 1;
-           continue;
-       }
-       matchgood = 0;
-       if (acl_match_data(&entry->ae_principal->realm,
-                          &principal->realm) &&
-           (entry->ae_principal->length == principal->length)) {
-           matchgood = 1;
-           for (i=0; i<principal->length; i++) {
-               if (!acl_match_data(&entry->ae_principal->data[i],
-                                   &principal->data[i])) {
-                   matchgood = 0;
-                   break;
-               }
-           }
-       }
-       if (!matchgood)
-           continue;
-
-       /* We've matched the principal.  If we have a target, then try it */
-       if (entry->ae_target && entry->ae_target_princ && dest_princ) {
-           if (acl_match_data(&entry->ae_target_princ->realm,
-                              &dest_princ->realm) &&
-               (entry->ae_target_princ->length == dest_princ->length)) {
-              for (i=0; i<dest_princ->length; i++) {
-                 if (!acl_match_data(&entry->ae_target_princ->data[i],
-                                     &dest_princ->data[i])) {
-                    matchgood = 0;
-                    break;
-                 }
-              }
-           }
-           else
-              matchgood = 0;
-       }
-
-       if (matchgood)
-           break;
-    }
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_find_entry()=%x\n",entry));
-    return(entry);
-}
-\f
-/*
- * acl_init()  - Initialize ACL context.
- */
-krb5_error_code
-acl_init(kcontext, debug_level, acl_file)
-    krb5_context       kcontext;
-    int                        debug_level;
-    char               *acl_file;
-{
-    krb5_error_code    kret;
-
-    kret = 0;
-    acl_debug_level = debug_level;
-    DPRINT(DEBUG_CALLS, acl_debug_level,
-          ("* acl_init(afile=%s)\n",
-           ((acl_file) ? acl_file : "(null)")));
-    acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL;
-    acl_inited = acl_load_acl_file();
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_init() = %d\n", kret));
-    return(kret);
-}
-\f
-/*
- * acl_finish  - Terminate ACL context.
- */
-void
-acl_finish(kcontext, debug_level)
-    krb5_context       kcontext;
-    int                        debug_level;
-{
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_finish()\n"));
-    acl_free_entries();
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_finish()\n"));
-}
-\f
-/*
- * acl_op_permitted()  - Is this operation permitted for this principal?
- *                     this code used not to be based on gssapi.  In order
- *                     to minimize porting hassles, I've put all the
- *                     gssapi hair in this function.  This might not be
- *                     the best medium-term solution.  (The best long-term
- *                     solution is, of course, a real authorization service.)
- */
-krb5_boolean
-acl_check(kcontext, caller, opmask, principal)
-    krb5_context       kcontext;
-    gss_name_t         caller;
-    krb5_int32         opmask;
-    krb5_principal     principal;
-{
-    krb5_boolean       retval;
-    aent_t             *aentry;
-    gss_buffer_desc    caller_buf;
-    gss_OID            caller_oid;
-    OM_uint32          emaj, emin;
-    krb5_error_code    code;
-    krb5_principal     caller_princ;
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_op_permitted()\n"));
-
-    if (GSS_ERROR(emaj = gss_display_name(&emin, caller, &caller_buf,
-                                         &caller_oid)))
-       return(0);
-
-    code = krb5_parse_name(kcontext, (char *) caller_buf.value,
-                          &caller_princ);
-
-    gss_release_buffer(&emin, &caller_buf);
-
-    if (code)
-       return(code);
-
-    retval = 0;
-    if (aentry = acl_find_entry(kcontext, caller_princ, principal)) {
-       if ((aentry->ae_op_allowed & opmask) == opmask)
-           retval = 1;
-    }
-
-    krb5_free_principal(kcontext, caller_princ);
-
-    DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_op_permitted()=%d\n",
-                                         retval));
-    return(retval);
-}
-
-kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
-{
-     kadm5_server_handle_t handle = server_handle;
-
-     CHECK_HANDLE(server_handle);
-
-     /* this is impossible to do with the current interface.  For now,
-       return all privs, which will confuse some clients, but not
-       deny any access to users of "smart" clients which try to cache */
-
-     *privs = ~0;
-
-     return KADM5_OK;
-}
diff --git a/src/lib/kadm5/server_acl.h b/src/lib/kadm5/server_acl.h
deleted file mode 100644 (file)
index 9dfc8da..0000000
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * kadmin/v5server/kadm5_defs.h
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef        SERVER_ACL_H__
-#define        SERVER_ACL_H__
-
-/*
- * Debug definitions.
- */
-#define        DEBUG_SPROC     1
-#define        DEBUG_OPERATION 2
-#define        DEBUG_HOST      4
-#define        DEBUG_REALM     8
-#define        DEBUG_REQUESTS  16
-#define        DEBUG_ACL       32
-#define        DEBUG_PROTO     64
-#define        DEBUG_CALLS     128
-#define        DEBUG_NOSLAVES  256
-#ifdef DEBUG
-#define        DPRINT(l1, cl, al)      if ((cl & l1) != 0) xprintf al
-#else  /* DEBUG */
-#define        DPRINT(l1, cl, al)
-#endif /* DEBUG */
-#define        DLOG(l1, cl, msg)       if ((cl & l1) != 0)     \
-                                       com_err(programname, 0, msg)
-
-/*
- * Access control bits.
- */
-#define        ACL_ADD                 1
-#define        ACL_DELETE              2
-#define        ACL_MODIFY              4
-#define        ACL_CHANGEPW            8
-/* #define ACL_CHANGE_OWN_PW   16 */
-#define        ACL_INQUIRE             32
-/* #define ACL_EXTRACT         64 */
-#define        ACL_LIST                128
-#define        ACL_RENAME              (ACL_ADD+ACL_DELETE)
-
-#define        ACL_ALL_MASK            (ACL_ADD        | \
-                                ACL_DELETE     | \
-                                ACL_MODIFY     | \
-                                ACL_CHANGEPW   | \
-                                ACL_INQUIRE    | \
-                                ACL_LIST)
-
-krb5_error_code acl_init
-       KRB5_PROTOTYPE((krb5_context,
-                  int,
-                  char *));
-void acl_finish
-       KRB5_PROTOTYPE((krb5_context,
-                  int));
-krb5_boolean acl_check
-       KRB5_PROTOTYPE((krb5_context,
-                  gss_name_t,
-                  krb5_int32,
-                  krb5_principal));
-
-#endif /* SERVER_ACL_H__ */
diff --git a/src/lib/kadm5/server_dict.c b/src/lib/kadm5/server_dict.c
deleted file mode 100644 (file)
index 6c0bcef..0000000
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include    <sys/types.h>
-#include    <sys/file.h>
-#include    <fcntl.h>
-#include    <sys/stat.h>
-#include    <unistd.h>
-#include    <kadm5/admin.h>
-#include    <stdlib.h>
-#include    <stdio.h>
-#include    <string.h>
-#include    <malloc.h>
-#include    <memory.h>
-#include    <syslog.h>
-#include    "server_internal.h"
-
-static char        **word_list = NULL;     /* list of word pointers */
-static char        *word_block = NULL;     /* actual word data */
-static int         word_count = 0;         /* number of words */
-extern int         errno;
-
-/*
- * Function: word_compare
- * 
- * Purpose: compare two words in the dictionary.
- *
- * Arguments:
- *     w1              (input) pointer to first word
- *     w2              (input) pointer to second word
- *     <return value>  result of strcmp
- *
- * Requires:
- *     w1 and w2 to point to valid memory
- * 
- */
-
-static int
-word_compare(const void *s1, const void *s2)
-{
-    return (strcasecmp(*(char **)s1, *(char **)s2));
-}
-
-/*
- * Function: init-dict
- * 
- * Purpose: Initialize in memory word dictionary
- *
- * Arguments:
- *         none
- *         <return value> KADM5_OK on sucsess errno on failure;
- *                        (but success on ENOENT)
- *
- * Requires:
- *     If WORDFILE exists, it must contain a list of words,
- *     one word per-line.
- * 
- * Effects:
- *     If WORDFILE exists, it is read into memory sorted for future
- * use.  If it does not exist, it syslogs an error message and returns
- * success.
- *
- * Modifies:
- *     word_list to point to a chunck of allocated memory containing
- *     pointers to words
- *     word_block to contain the dictionary.
- * 
- */
-
-int init_dict(kadm5_config_params *params)
-{
-    int                    fd,
-                   len,
-                   i;
-    char           *p,
-                   *t;
-    struct  stat    sb;
-    
-    if(word_list != NULL && word_block != NULL)
-       return KADM5_OK;
-    if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
-        syslog(LOG_INFO, "No dictionary file specified, continuing "
-               "without one.");
-        return KADM5_OK;
-    }
-    if ((fd = open(params->dict_file, O_RDONLY)) == -1) {
-        if (errno == ENOENT) {
-             syslog(LOG_ERR, "WARNING!  Cannot find dictionary file %s, "
-                    "continuing without one.", params->dict_file);
-             return KADM5_OK;
-        } else
-             return errno;
-    }
-    if (fstat(fd, &sb) == -1) 
-       return errno;
-    if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL)
-       return errno;
-    if (read(fd, word_block, sb.st_size) != sb.st_size)
-       return errno;
-    (void) close(fd);
-    word_block[sb.st_size] = '\0';
-
-    p = word_block;
-    len = sb.st_size;
-    while(len > 0 && (t = memchr(p, '\n', len)) != NULL) {
-       *t = '\0';
-       len -= t - p + 1;       
-       p = t + 1;
-       word_count++;
-    }
-    if ((word_list = (char **) malloc(word_count * sizeof(char *))) == NULL)
-       return errno;
-    p = word_block;
-    for (i = 0; i < word_count; i++) {
-       word_list[i] = p;
-       p += strlen(p) + 1;
-    }
-    qsort(word_list, word_count, sizeof(char *), word_compare);
-    return KADM5_OK;
-}
-
-/*
- * Function: find_word
- * 
- * Purpose: See if the specified word exists in the in-core dictionary
- *
- * Arguments:
- *     word            (input) word to search for.
- *     <return value>  WORD_NOT_FOUND if not in dictionary,
- *                     KADM5_OK if if found word
- *                     errno if init needs to be called and returns an
- *                     error
- *
- * Requires:
- *     word to be a null terminated string.
- *     That word_list and word_block besetup
- * 
- * Effects:
- *     finds word in dictionary.
- * Modifies:
- *     nothing.
- * 
- */
-
-int
-find_word(const char *word)
-{
-    char    **value;
-
-    if(word_list == NULL || word_block == NULL) 
-           return WORD_NOT_FOUND;
-    if ((value = (char **) bsearch(&word, word_list, word_count, sizeof(char *),
-                                  word_compare)) == NULL)
-       return WORD_NOT_FOUND;
-    else
-       return KADM5_OK;
-}
-
-/*
- * Function: destroy_dict
- * 
- * Purpose: destroy in-core copy of dictionary.
- *
- * Arguments:
- *         none
- *         <return value>  none
- * Requires:
- *         nothing
- * Effects:
- *     frees up memory occupied by word_list and word_block
- *     sets count back to 0, and resets the pointers to NULL
- *
- * Modifies:
- *     word_list, word_block, and word_count.
- * 
- */
-
-void
-destroy_dict(void)
-{
-    if(word_list) {
-       free(word_list);
-       word_list = NULL;
-    }
-    if(word_block) {
-       free(word_block);
-       word_block = NULL;
-    }
-    if(word_count)
-       word_count = 0;
-    return;
-}
diff --git a/src/lib/kadm5/server_handle.c b/src/lib/kadm5/server_handle.c
deleted file mode 100644 (file)
index 53abe94..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include "server_internal.h"
-
-int _kadm5_check_handle(void *handle)
-{
-     CHECK_HANDLE(handle);
-     return 0;
-}
diff --git a/src/lib/kadm5/server_init.c b/src/lib/kadm5/server_init.c
deleted file mode 100644 (file)
index 653f6d8..0000000
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Id$
- * $Source$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <com_err.h>
-#include <kadm5/admin.h>
-#include <krb5.h>
-#include "server_internal.h"
-
-/*
- * Function check_handle
- *
- * Purpose: Check a server handle and return a com_err code if it is
- * invalid or 0 if it is valid.
- *
- * Arguments:
- *
- *     handle          The server handle.
- */
-
-static int check_handle(void *handle)
-{
-     CHECK_HANDLE(handle);
-     return 0;
-}
-
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
-                                    char *service_name,
-                                    kadm5_config_params *params,
-                                    krb5_ui_4 struct_version,
-                                    krb5_ui_4 api_version,
-                                    void **server_handle)
-{
-     return kadm5_init(client_name, pass, service_name, params,
-                      struct_version, api_version,
-                      server_handle);
-}
-
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
-                                 krb5_ccache ccache,
-                                 char *service_name,
-                                 kadm5_config_params *params,
-                                 krb5_ui_4 struct_version,
-                                 krb5_ui_4 api_version,
-                                 void **server_handle)
-{
-     /*
-      * A program calling init_with_creds *never* expects to prompt the
-      * user.  Therefore, always pass a dummy password in case this is
-      * KADM5_API_VERSION_1.  If this is KADM5_API_VERSION_2 and
-      * MKEY_FROM_KBD is non-zero, return an error.
-      */
-     if (api_version == KADM5_API_VERSION_2 && params &&
-        (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
-        params->mkey_from_kbd)
-         return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(client_name, NULL, service_name, params,
-                      struct_version, api_version,
-                      server_handle);
-}
-
-
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
-                                char *service_name,
-                                kadm5_config_params *params,
-                                krb5_ui_4 struct_version,
-                                krb5_ui_4 api_version,
-                                void **server_handle)
-{
-     /*
-      * A program calling init_with_skey *never* expects to prompt the
-      * user.  Therefore, always pass a dummy password in case this is
-      * KADM5_API_VERSION_1.  If this is KADM5_API_VERSION_2 and
-      * MKEY_FROM_KBD is non-zero, return an error.
-      */
-     if (api_version == KADM5_API_VERSION_2 && params &&
-        (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
-        params->mkey_from_kbd)
-         return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(client_name, NULL, service_name, params,
-                      struct_version, api_version,
-                      server_handle);
-}
-
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
-                      char *service_name,
-                      kadm5_config_params *params_in,
-                      krb5_ui_4 struct_version,
-                      krb5_ui_4 api_version,
-                      void **server_handle)
-{
-     int ret;
-     kadm5_server_handle_t handle;
-     kadm5_config_params params_local; /* for v1 compat */
-
-    if (! server_handle)
-        return EINVAL;
-
-    if (! client_name)
-        return EINVAL;
-    
-    if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle)))
-        return ENOMEM;
-    memset(handle, 0, sizeof(*handle));
-
-    if (ret = (int) krb5_init_context(&(handle->context))) {
-        free(handle);
-        return(ret);
-    }
-     
-    initialize_ovk_error_table();
-    initialize_adb_error_table();
-    initialize_ovku_error_table();
-    krb5_init_ets(handle->context);
-
-    handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
-    handle->struct_version = struct_version;
-    handle->api_version = api_version;
-
-     /*
-      * Verify the version numbers before proceeding; we can't use
-      * CHECK_HANDLE because not all fields are set yet.
-      */
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,
-                         KADM5_NEW_SERVER_API_VERSION);
-     
-     /*
-      * Acquire relevant profile entries.  In version 2, merge values
-      * in params_in with values from profile, based on
-      * params_in->mask.
-      *
-      * In version 1, we've given a realm (which may be NULL) instead
-      * of params_in.  So use that realm, make params_in contain an
-      * empty mask, and behave like version 2.
-      */
-     memset((char *) &params_local, 0, sizeof(params_local));
-     if (api_version == KADM5_API_VERSION_1) {
-         params_local.realm = (char *) params_in;
-         if (params_in)
-              params_local.mask = KADM5_CONFIG_REALM;
-         params_in = &params_local;
-     }
-
-#define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
-     if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
-         krb5_free_context(handle->context);
-         free(handle);
-         return KADM5_BAD_SERVER_PARAMS;
-     }
-
-     if (ret = kadm5_get_config_params(handle->context,
-                                      (char *) NULL,
-                                      (char *) NULL,
-                                      params_in,
-                                      &handle->params)) {
-         krb5_free_context(handle->context);
-         free(handle);
-         return(ret);
-     }
-
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \
-                        KADM5_CONFIG_ADBNAME | \
-                        KADM5_CONFIG_ADB_LOCKFILE | \
-                        KADM5_CONFIG_ENCTYPE | \
-                        KADM5_CONFIG_FLAGS | \
-                        KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
-                        KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) 
-
-     if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-         krb5_free_context(handle->context);
-         free(handle);
-         return KRB5_CONFIG_BADFORMAT;
-     }
-
-    /*
-     * Set the db_name based on configuration before calling
-     * krb5_db_init, so it will get used.
-     */
-    if (ret = krb5_dbm_db_set_name(handle->context,
-                                  handle->params.dbname)) {
-        free(handle);
-        return(ret);
-    }
-
-    if (ret = krb5_db_init(handle->context)) {
-        krb5_free_context(handle->context);
-        free(handle);
-        return(ret);
-    }
-
-    if ((ret = krb5_parse_name(handle->context, client_name,
-                              &handle->current_caller))) {
-        krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-
-     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
-         krb5_db_fini(handle->context);
-         krb5_free_context(handle->context);
-         free(handle);
-         return ENOMEM;
-     }
-     *handle->lhandle = *handle;
-     handle->lhandle->api_version = KADM5_API_VERSION_2;
-     handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
-     handle->lhandle->lhandle = handle->lhandle;
-
-     /* can't check the handle until current_caller is set */
-    if (ret = check_handle((void *) handle)) {
-        free(handle);
-        return ret;
-    }
-
-     /*
-      * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
-      * or an empty string, reads the master password from [the stash
-      * file].  Otherwise, the non-NULL password is ignored and the
-      * user is prompted for it via the tty."  However, the code was
-      * implemented the other way: when a non-NULL password was
-      * provided, the stash file was used.  This is somewhat more
-      * sensible, as then a local or remote client that provides a
-      * password does not prompt the user.  This code maintains the
-      * previous actual behavior, and not the old spec behavior,
-      * because that is how the unit tests are written.
-      *
-      * In KADM5_API_VERSION_2, this decision is controlled by
-      * params.
-      *
-      * kdb_init_master's third argument is "from_keyboard".
-      */ 
-    if (ret = kdb_init_master(handle, handle->params.realm,
-                             (handle->api_version == KADM5_API_VERSION_1 ?
-                              ((pass == NULL) || !(strlen(pass))) :
-                              ((handle->params.mask &
-                                KADM5_CONFIG_MKEY_FROM_KBD) &&
-                               handle->params.mkey_from_kbd))
-                             )) {
-        krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-
-    if ((ret = kdb_init_hist(handle, handle->params.realm))) {
-        krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-
-    if (ret = init_dict(&handle->params)) {
-        krb5_db_fini(handle->context);
-        krb5_free_principal(handle->context, handle->current_caller);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-    
-    if (ret = adb_policy_init(handle)) {
-        krb5_db_fini(handle->context);
-        krb5_free_principal(handle->context, handle->current_caller);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-    handle->lhandle->policy_db = handle->policy_db;
-
-    *server_handle = (void *) handle;
-    
-    return KADM5_OK;
-}
-
-kadm5_ret_t kadm5_destroy(void *server_handle)
-{
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    destroy_dict();
-
-    adb_policy_close(handle);
-    krb5_db_fini(handle->context);
-    krb5_free_principal(handle->context, handle->current_caller);
-    krb5_free_context(handle->context);
-    handle->magic_number = 0;
-    free(handle->lhandle);
-    free(handle);
-    return KADM5_OK;
-}
-
-kadm5_ret_t kadm5_flush(void *server_handle)
-{
-     kadm5_server_handle_t handle = server_handle;
-     kadm5_ret_t ret;
-
-     CHECK_HANDLE(server_handle);
-
-     if ((ret = krb5_db_fini(handle->context)) ||
-        /*
-         * Set the db_name based on configuration before calling
-         * krb5_db_init, so it will get used.
-         */
-        (ret = krb5_dbm_db_set_name(handle->context,
-                                    handle->params.dbname)) ||
-        (ret = krb5_db_init(handle->context)) ||
-        (ret = adb_policy_close(handle)) ||
-        (ret = adb_policy_init(handle))) {
-         (void) kadm5_destroy(server_handle);
-         return ret;
-     }
-     return KADM5_OK;
-}
-
-int _kadm5_check_handle(void *handle)
-{
-     CHECK_HANDLE(handle);
-     return 0;
-}
diff --git a/src/lib/kadm5/server_kdb.c b/src/lib/kadm5/server_kdb.c
deleted file mode 100644 (file)
index 1a900a3..0000000
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "k5-int.h"
-#include <kadm5/admin.h>
-#include "server_internal.h"
-
-krb5_principal     master_princ;
-krb5_encrypt_block  master_encblock;
-krb5_keyblock      master_keyblock;
-krb5_db_entry      master_db;
-
-krb5_principal     hist_princ;
-krb5_encrypt_block  hist_encblock;
-krb5_keyblock      hist_key;
-krb5_db_entry      hist_db;
-krb5_kvno          hist_kvno;
-
-/* much of this code is stolen from the kdc.  there should be some
-   library code to deal with this. */
-
-krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
-                               char *r, int from_keyboard)
-{
-    int                   ret = 0;
-    char          *realm;
-    krb5_keyblock  tmk;
-
-    if (r == NULL)  {
-       if ((ret = krb5_get_default_realm(handle->context, &realm)))
-           return ret;
-    } else {
-       realm = r;
-    }
-           
-    if ((ret = krb5_db_setup_mkey_name(handle->context,
-                                      handle->params.mkey_name,
-                                      realm, NULL, &master_princ)))
-       goto done;
-
-    master_keyblock.enctype = handle->params.enctype;
-
-    krb5_use_enctype(handle->context, &master_encblock,
-                    master_keyblock.enctype);
-
-    if (ret = krb5_db_fetch_mkey(handle->context, master_princ,
-                                &master_encblock, from_keyboard,
-                                FALSE /* only prompt once */,
-                                handle->params.stash_file,
-                                NULL /* I'm not sure about this,
-                                        but it's what the kdc does --marc */,
-                                &master_keyblock))
-       goto done;
-                                
-    if ((ret = krb5_db_init(handle->context)) != KSUCCESS)
-       goto done;
-
-    if ((ret = krb5_db_verify_master_key(handle->context, master_princ,
-                                        &master_keyblock,
-                                        &master_encblock))) {
-         krb5_db_fini(handle->context);
-         return ret;
-    }
-
-    /* the kdc gets the db mkvno here.  The admin server never uses this
-       bit of information, so there's no reason to retrieve it. */
-
-    if ((ret = krb5_process_key(handle->context, &master_encblock,
-                               &master_keyblock))) {
-          krb5_db_fini(handle->context);
-         goto done;
-    }
-
-done:
-    if (r == NULL)
-       free(realm);
-
-    return(ret);
-}
-
-/*
- * Function: kdb_init_hist
- *
- * Purpose: Initializes the global history variables.
- *
- * Arguments:
- *
- *     handle          (r) kadm5 api server handle
- *     r               (r) realm of history principal to use, or NULL
- *
- * Effects: This function sets the value of the following global
- * variables:
- *
- *     hist_princ      krb5_principal holding the history principal
- *     hist_db         krb5_db_entry of the history principal
- *     hist_key        krb5_keyblock holding the history principal's key
- *     hist_encblock   krb5_encrypt_block holding the procssed hist_key
- *     hist_kvno       the version number of the history key
- *
- * If the history principal does not already exist, this function
- * attempts to create it with kadm5_create_principal.  WARNING!
- * If the history principal is deleted and this function is executed
- * (by kadmind, or kadmin.local, or anything else with permission),
- * the principal will be assigned a new random key and all existing
- * password history information will become useless.
- */
-krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
-{
-    int            ret = 0;
-    char    *realm, *hist_name;
-    krb5_key_data *key_data;
-
-    if (r == NULL)  {
-       if ((ret = krb5_get_default_realm(handle->context, &realm)))
-           return ret;
-    } else {
-       realm = r;
-    }
-
-    if ((hist_name = (char *) malloc(strlen(KADM5_HIST_PRINCIPAL) +
-                                    strlen(realm) + 2)) == NULL)
-       goto done;
-
-    (void) sprintf(hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm);
-
-    if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ)))
-       goto done;
-
-    if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL))) {
-       kadm5_principal_ent_rec ent;
-
-       if (ret != KADM5_UNK_PRINC)
-           goto done;
-
-       /* try to create the principal */
-
-       memset(&ent, 0, sizeof(ent));
-
-       ent.principal = hist_princ;
-       ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;
-       ent.attributes = 0;
-
-       /* this uses hist_kvno.  So we set it to 2, which will be the
-          correct value once the principal is created and randomized.
-          Of course, it doesn't make sense to keep a history for the
-          history principal, anyway. */
-
-       hist_kvno = 2;
-
-       if (ret = kadm5_create_principal(handle, &ent,
-                                             (KADM5_PRINCIPAL |
-                                              KADM5_MAX_LIFE |
-                                              KADM5_ATTRIBUTES),
-                                             "to-be-random"))
-           goto done;
-
-       /* this won't let us randomize the hist_princ.  So we cheat. */
-
-       hist_princ = NULL;
-
-       ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
-
-       hist_princ = ent.principal;
-
-       if (ret)
-           goto done;
-
-       /* now read the newly-created kdb record out of the
-          database. */
-
-       if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL)))
-           goto done;
-
-    }
-
-    if (ret = krb5_dbe_find_enctype(handle->context,
-                                   &hist_db,
-                                   handle->params.enctype,
-                                   -1,
-                                   -1,
-                                   &key_data))
-       goto done;
-
-    if (ret = krb5_dbekd_decrypt_key_data(handle->context, &master_encblock,
-                                         key_data, &hist_key, NULL))
-       goto done;
-
-    krb5_use_enctype(handle->context, &hist_encblock, hist_key.enctype);
-
-    if ((ret = krb5_process_key(handle->context, &hist_encblock,
-                               &hist_key)) != KSUCCESS)
-       goto done;
-    
-    hist_kvno = key_data->key_data_kvno;
-
-done:
-    free(hist_name);
-    if (r == NULL)
-       free(realm);
-    return ret;
-}
-
-/*
- * Function: kdb_get_entry
- *
- * Purpose: Gets an entry from the kerberos database and breaks
- * it out into a krb5_db_entry and an osa_princ_ent_t.
- *
- * Arguments:
- *
- *             handle          (r) the server_handle
- *             principal       (r) the principal to get
- *             kdb             (w) krb5_db_entry to fill in
- *             adb             (w) osa_princ_ent_rec to fill in
- *
- * when the caller is done with kdb and adb, kdb_free_entry must be
- * called to release them.  The adb record is filled in with the
- * contents of the KRB5_TL_KADM_DATA record; if that record doesn't
- * exist, an empty but valid adb record is returned.
- */
-krb5_error_code
-kdb_get_entry(kadm5_server_handle_t handle,
-             krb5_principal principal, krb5_db_entry *kdb,
-             osa_princ_ent_rec *adb)
-{
-    krb5_error_code ret;
-    int nprincs;
-    krb5_boolean more;
-    krb5_tl_data tl_data;
-    XDR xdrs;
-
-    if (ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
-                                   &more))
-       return(ret);
-
-    if (more) {
-       krb5_db_free_principal(handle->context, kdb, nprincs);
-       return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    } else if (nprincs != 1) {
-       krb5_db_free_principal(handle->context, kdb, nprincs);
-       return(KADM5_UNK_PRINC);
-    }
-
-    if (adb) {
-       memset(adb, 0, sizeof(*adb));
-
-       tl_data.tl_data_type = KRB5_TL_KADM_DATA;
-       /*
-        * XXX Currently, lookup_tl_data always returns zero; it sets
-        * tl_data->tl_data_length to zero if the type isn't found.
-        * This should be fixed...
-        */
-       if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data))
-           || (tl_data.tl_data_length == 0)) {
-           /* there's no admin data.  this can happen, if the admin
-              server is put into production after some principals
-              are created.  In this case, return valid admin
-              data (which is all zeros with the hist_kvno filled
-              in), and when the entry is written, the admin
-              data will get stored correctly. */
-
-           adb->admin_history_kvno = hist_kvno;
-
-           return(ret);
-       }
-
-       xdrmem_create(&xdrs, tl_data.tl_data_contents,
-                     tl_data.tl_data_length, XDR_DECODE);
-       if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
-          xdr_destroy(&xdrs);
-          krb5_db_free_principal(handle->context, kdb, 1);
-          return(OSA_ADB_XDR_FAILURE);
-       }
-       xdr_destroy(&xdrs);
-    }
-
-    return(0);
-}
-
-/*
- * Function: kdb_free_entry
- *
- * Purpose: frees the resources allocated by kdb_get_entry
- *
- * Arguments:
- *
- *             handle          (r) the server_handle
- *             kdb             (w) krb5_db_entry to fill in
- *             adb             (w) osa_princ_ent_rec to fill in
- *
- * when the caller is done with kdb and adb, kdb_free_entry must be
- * called to release them.
- */
-
-krb5_error_code
-kdb_free_entry(kadm5_server_handle_t handle,
-              krb5_db_entry *kdb, osa_princ_ent_rec *adb)
-{
-    XDR xdrs;
-
-
-    if (kdb)
-       krb5_db_free_principal(handle->context, kdb, 1);
-
-    if (adb) {
-       xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-       xdr_osa_princ_ent_rec(&xdrs, adb);
-       xdr_destroy(&xdrs);
-    }
-
-    return(0);
-}
-
-/*
- * Function: kdb_put_entry
- *
- * Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to
- * database.
- *
- * Arguments:
- *
- *             handle  (r) the server_handle
- *             kdb     (r/w) the krb5_db_entry to store
- *             adb     (r) the osa_princ_db_ent to store
- *
- * Effects:
- *
- * The last modifier field of the kdb is set to the caller at now.
- * adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as
- * KRB5_TL_KADM_DATA.  kdb is then written to the database.
- */
-krb5_error_code
-kdb_put_entry(kadm5_server_handle_t handle,
-             krb5_db_entry *kdb, osa_princ_ent_rec *adb)
-{
-    krb5_error_code ret;
-    krb5_int32 now;
-    XDR xdrs;
-    krb5_tl_data tl_data;
-    int one;
-
-    if (ret = krb5_timeofday(handle->context, &now))
-       return(ret);
-
-    if (ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
-                                            handle->current_caller))
-       return(ret);
-    
-    xdralloc_create(&xdrs, XDR_ENCODE); 
-    if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
-       xdr_destroy(&xdrs);
-       return(OSA_ADB_XDR_FAILURE);
-    }
-    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
-    tl_data.tl_data_length = xdr_getpos(&xdrs);
-    tl_data.tl_data_contents = xdralloc_getdata(&xdrs);
-
-    ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
-
-    xdr_destroy(&xdrs);
-
-    if (ret)
-       return(ret);
-
-    one = 1;
-
-    if (ret = krb5_db_put_principal(handle->context, kdb, &one))
-       return(ret);
-
-    return(0);
-}
-
-krb5_error_code
-kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name)
-{
-    int one = 1;
-    krb5_error_code ret;
-    
-    ret = krb5_db_delete_principal(handle->context, name, &one);
-
-    return ret;
-}
-
-typedef struct _iter_data {
-    void (*func)(void *, krb5_principal);
-    void *data;
-} iter_data;
-
-static krb5_error_code
-kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb)
-{
-    iter_data *id = (iter_data *) data;
-
-    (*(id->func))(id->data, kdb->princ);
-
-    return(0);
-}
-
-krb5_error_code
-kdb_iter_entry(kadm5_server_handle_t handle,
-              void (*iter_fct)(void *, krb5_principal), void *data)
-{
-    iter_data id;
-    krb5_error_code ret;
-
-    id.func = iter_fct;
-    id.data = data;
-
-    if (ret = krb5_db_iterate(handle->context, kdb_iter_func, &id))
-       return(ret);
-
-    return(0);
-}
-
-
diff --git a/src/lib/kadm5/server_misc.c b/src/lib/kadm5/server_misc.c
deleted file mode 100644 (file)
index 24f101c..0000000
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include    "k5-int.h"
-#include    <krb5/kdb.h>
-#include    <ctype.h>
-#include    "adb.h"
-
-/* for strcasecmp */
-#include    <string.h>
-
-#include    "server_internal.h"
-
-kadm5_ret_t
-adb_policy_init(kadm5_server_handle_t handle)
-{
-    osa_adb_ret_t   ret;
-    if(handle->policy_db == (osa_adb_policy_t) NULL)
-       if((ret = osa_adb_open_policy(&handle->policy_db,
-                                     &handle->params)) != OSA_ADB_OK)
-            return ret;
-    return KADM5_OK;
-}
-
-kadm5_ret_t
-adb_policy_close(kadm5_server_handle_t handle)
-{
-    osa_adb_ret_t   ret;
-    if(handle->policy_db != (osa_adb_policy_t) NULL)
-       if((ret = osa_adb_close_policy(handle->policy_db)) != OSA_ADB_OK)
-           return ret;
-    handle->policy_db = NULL;
-    return KADM5_OK;
-}
-
-/* some of this is stolen from gatekeeper ... */
-kadm5_ret_t
-passwd_check(kadm5_server_handle_t handle,
-            char *password, int use_policy, kadm5_policy_ent_t pol,
-            krb5_principal principal)
-{
-    int            nupper = 0,
-           nlower = 0,
-           ndigit = 0, 
-           npunct = 0,
-           nspec = 0;
-    char    c, *s;
-    
-    if(use_policy) {
-       if(strlen(password) < pol->pw_min_length)
-           return KADM5_PASS_Q_TOOSHORT;
-       s = password;
-       while ((c = *s++)) {
-           if (islower(c)) {
-               nlower = 1;
-               continue;
-           }
-           else if (isupper(c)) {
-               nupper = 1;
-               continue;
-           } else if (isdigit(c)) {
-               ndigit = 1;
-               continue;
-           } else if (ispunct(c)) {
-               npunct = 1;
-               continue;
-           } else {
-               nspec = 1;
-               continue;
-           }
-       }
-       if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes) 
-           return KADM5_PASS_Q_CLASS;
-       if((find_word(password) == KADM5_OK))
-           return KADM5_PASS_Q_DICT;
-       else { 
-           char        *cp;
-           int c, n = krb5_princ_size(handle->context, principal);
-           cp = krb5_princ_realm(handle->context, principal)->data;
-           if (strcasecmp(cp, password) == 0)
-               return KADM5_PASS_Q_DICT;
-           for (c = 0; c < n ; c++) {
-               cp = krb5_princ_component(handle->context, principal, c)->data;
-               if (strcasecmp(cp, password) == 0)
-                   return KADM5_PASS_Q_DICT;
-           }
-           return KADM5_OK;
-       }
-    } else {
-       if (strlen(password) < 1)
-           return KADM5_PASS_Q_TOOSHORT;
-    }
-    return KADM5_OK;    
-}
diff --git a/src/lib/kadm5/svr_chpass_util.c b/src/lib/kadm5/svr_chpass_util.c
deleted file mode 100644 (file)
index df2bf4c..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-#include <kadm5/admin.h>
-#include "server_internal.h"
-
-kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
-                                       krb5_principal princ,
-                                       char *new_pw, 
-                                       char **ret_pw,
-                                       char *msg_ret)
-{
-  kadm5_server_handle_t handle = server_handle;
-
-  CHECK_HANDLE(server_handle);
-  return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-                                     new_pw, ret_pw, msg_ret);
-}
diff --git a/src/lib/kadm5/svr_iters.c b/src/lib/kadm5/svr_iters.c
deleted file mode 100644 (file)
index 19c9000..0000000
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#if defined(HAVE_COMPILE) && defined(HAVE_STEP)
-#define SOLARIS_REGEXPS
-#elif defined(HAVE_REGCOMP) && defined(HAVE_REGEXEC)
-#define POSIX_REGEXPS
-#elif defined(HAVE_RE_COMP) && defined(HAVE_RE_EXEC)
-#define BSD_REGEXPS
-#else
-#error I cannot find any regexp functions
-#endif
-
-#include       <sys/types.h>
-#include       <string.h>
-#include       <kadm5/admin.h>
-#include       "adb.h"
-#include       <dyn.h>
-#ifdef SOLARIS_REGEXPS
-#include       <regexpr.h>
-#endif
-#ifdef POSIX_REGEXPS
-#include       <regex.h>
-#endif
-#include <stdlib.h>
-
-#include       "server_internal.h"
-
-struct iter_data {
-     krb5_context context;
-     DynObject matches;
-     char *exp;
-#ifdef SOLARIS_REGEXPS
-     char *expbuf;
-#endif
-#ifdef POSIX_REGEXPS
-     regex_t preg;
-#endif
-};
-
-/*
- * Function: glob_to_regexp
- *
- * Arguments:
- *
- *     glob    (r) the shell-style glob (?*[]) to convert
- *     realm   (r) the default realm to append, or NULL
- *     regexp  (w) the ed-style regexp created from glob
- *
- * Effects:
- *
- * regexp is filled in with allocated memory contained a regular
- * expression to be used with re_comp/compile that matches what the
- * shell-style glob would match.  If glob does not contain an "@"
- * character and realm is not NULL, "@<realm>" is appended to the regexp.
- *
- * Conversion algorithm:
- *
- *     quoted characters are copied quoted
- *     ? is converted to .
- *     * is converted to .*
- *     active characters are quoted: ^, $, .
- *     [ and ] are active but supported and have the same meaning, so
- *             they are copied
- *     other characters are copied
- *     regexp is anchored with ^ and $
- */
-kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
-{
-     int append_realm;
-     char *p;
-
-     /* validate the glob */
-     if (glob[strlen(glob)-1] == '\\')
-         return EINVAL;
-
-     /* A character of glob can turn into two in regexp, plus ^ and $ */
-     /* and trailing null.  If glob has no @, also allocate space for */
-     /* the realm. */
-     append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
-     p = (char *) malloc(strlen(glob)*2+ 3 +
-                        (append_realm ? (strlen(realm)+1) : 0));
-     if (p == NULL)
-         return ENOMEM;
-     *regexp = p;
-
-     *p++ = '^';
-     while (*glob) {
-         switch (*glob) {
-         case '?':
-              *p++ = '.';
-              break;
-         case '*':
-              *p++ = '.';
-              *p++ = '*';
-              break;
-         case '.':
-         case '^':
-         case '$':
-              *p++ = '\\';
-              *p++ = *glob;
-              break;
-         case '\\':
-              *p++ = '\\';
-              *p++ = ++*glob;
-              break;
-         default:
-              *p++ = *glob;
-              break;
-         }
-         glob++;
-     }
-
-     if (append_realm) {
-         *p++ = '@';
-         strcpy(p, realm);
-         p += strlen(realm);
-     }
-
-     *p++ = '$';
-     *p++ = '\0';
-     return KADM5_OK;
-}
-
-void get_either_iter(struct iter_data *data, char *name)
-{
-     if (
-#ifdef SOLARIS_REGEXPS
-        (step(name, data->expbuf) != 0)
-#endif
-#ifdef POSIX_REGEXPS
-        (regexec(&data->preg, name, 0, NULL, 0) == 0)
-#endif
-#ifdef BSD_REGEXPS
-        (re_exec(name) != 0)
-#endif
-        )
-     {
-         (void) DynAdd(data->matches, &name);
-     } else
-         free(name);
-}
-
-void get_pols_iter(void *data, osa_policy_ent_t entry)
-{
-     char *name;
-
-     if ((name = strdup(entry->name)) == NULL)
-         return;
-     get_either_iter(data, name);
-}
-
-void get_princs_iter(void *data, krb5_principal princ)
-{
-     struct iter_data *id = (struct iter_data *) data;
-     char *name;
-     
-     if (krb5_unparse_name(id->context, princ, &name) != 0)
-         return;
-     get_either_iter(data, name);
-}
-
-kadm5_ret_t kadm5_get_either(int princ,
-                                      void *server_handle,
-                                      char *exp,
-                                      char ***princs,
-                                      int *count)
-{
-     struct iter_data data;
-     char *msg, *regexp;
-     int ret;
-     kadm5_server_handle_t handle = server_handle;
-     
-     *count = 0;
-     if (exp == NULL)
-         exp = "*";
-
-     CHECK_HANDLE(server_handle);
-
-     if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
-                              &regexp)) != KADM5_OK)
-         return ret;
-
-     if (
-#ifdef SOLARIS_REGEXPS
-        ((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
-#endif
-#ifdef POSIX_REGEXPS
-        ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0)
-#endif
-#ifdef BSD_REGEXPS
-        ((msg = (char *) re_comp(regexp)) != NULL)
-#endif
-        )
-     {
-         /* XXX syslog msg or regerr(regerrno) */
-         free(regexp);
-         return EINVAL;
-     }
-
-     if ((data.matches = DynCreate(sizeof(char *), -4)) == NULL) {
-         free(regexp);
-         return ENOMEM;
-     }
-
-     if (princ) {
-         data.context = handle->context;
-         ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data);
-     } else {
-         ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data);
-     }
-     
-     if (ret != OSA_ADB_OK) {
-         free(regexp);
-         DynDestroy(data.matches);
-         return ret;
-     }
-
-     (*princs) = (char **) DynArray(data.matches);
-     *count = DynSize(data.matches);
-     DynRelease(data.matches);
-     free(regexp);
-     return KADM5_OK;
-}
-
-kadm5_ret_t kadm5_get_principals(void *server_handle,
-                                          char *exp,
-                                          char ***princs,
-                                          int *count)
-{
-     return kadm5_get_either(1, server_handle, exp, princs, count);
-}
-
-kadm5_ret_t kadm5_get_policies(void *server_handle,
-                                          char *exp,
-                                          char ***pols,
-                                          int *count)
-{
-     return kadm5_get_either(0, server_handle, exp, pols, count);
-}
-
diff --git a/src/lib/kadm5/svr_misc_free.c b/src/lib/kadm5/svr_misc_free.c
deleted file mode 100644 (file)
index 5c76a1e..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- * 
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-#include       <kadm5/admin.h>
-#include       <malloc.h>
-#include       "server_internal.h"
-
-kadm5_ret_t
-kadm5_free_principal_ent(void *server_handle,
-                             kadm5_principal_ent_t val)
-{
-    kadm5_server_handle_t      handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if(val) {
-       if(val->principal) 
-           krb5_free_principal(handle->context, val->principal);
-       if(val->mod_name)
-           krb5_free_principal(handle->context, val->mod_name);
-       if(val->policy)
-           free(val->policy);
-
-       /* XXX free key_data and tl_data */
-
-       if (handle->api_version == KADM5_API_VERSION_1)
-            free(val);
-    }
-    return KADM5_OK;
-}
diff --git a/src/lib/kadm5/svr_policy.c b/src/lib/kadm5/svr_policy.c
deleted file mode 100644 (file)
index 74e2521..0000000
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       <sys/types.h>
-#include       <kadm5/admin.h>
-#include       "adb.h"
-#include       "server_internal.h"
-#include       <stdlib.h>
-
-#define MAX_PW_HISTORY 10
-#define MIN_PW_HISTORY 1
-#define        MIN_PW_CLASSES  1
-#define MAX_PW_CLASSES 5
-#define        MIN_PW_LENGTH   1
-
-/*
- * Function: kadm5_create_policy
- * 
- * Purpose: Create Policies in the policy DB.
- *
- * Arguments:
- *     entry   (input) The policy entry to be written out to the DB.
- *     mask    (input) Specifies which fields in entry are to ge written out
- *                     and which get default values.
- *     <return value> 0 if sucsessfull otherwise an error code is returned.
- *
- * Requires:
- *     Entry must be a valid principal entry, and mask have a valid value.
- * 
- * Effects:
- *     Verifies that mask does not specify that the refcount should
- *     be set as part of the creation, and calls
- *     kadm5_create_policy_internal.  If the refcount *is*
- *     specified, returns KADM5_BAD_MASK.
- */
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-                        kadm5_policy_ent_t entry, long mask)
-{
-    CHECK_HANDLE(server_handle);
-
-    if (mask & KADM5_REF_COUNT)
-       return KADM5_BAD_MASK;
-    else
-       return kadm5_create_policy_internal(server_handle, entry, mask);
-}
-
-/*
- * Function: kadm5_create_policy_internal
- * 
- * Purpose: Create Policies in the policy DB.
- *
- * Arguments:
- *     entry   (input) The policy entry to be written out to the DB.
- *     mask    (input) Specifies which fields in entry are to ge written out
- *                     and which get default values.
- *     <return value> 0 if sucsessfull otherwise an error code is returned.
- *
- * Requires:
- *     Entry must be a valid principal entry, and mask have a valid value.
- * 
- * Effects:
- *     Writes the data to the database, and does a database sync if
- *     sucsessfull.
- *
- */
-
-kadm5_ret_t
-kadm5_create_policy_internal(void *server_handle,
-                                 kadm5_policy_ent_t entry, long mask)
-{
-    kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_rec pent;
-    int                        ret;
-    char               *p;
-
-    CHECK_HANDLE(server_handle);
-
-    if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
-       return EINVAL;
-    if(strlen(entry->policy) == 0)
-       return KADM5_BAD_POLICY;
-    if (!(mask & KADM5_POLICY))
-       return KADM5_BAD_MASK;
-       
-    pent.name = entry->policy;
-    p = entry->policy;
-    while(*p != '\0') {
-       if(*p < ' ' || *p > '~')
-           return KADM5_BAD_POLICY;
-       else
-           p++;
-    }
-    if (!(mask & KADM5_PW_MAX_LIFE))
-       pent.pw_max_life = 0;
-    else
-       pent.pw_max_life = entry->pw_max_life;
-    if (!(mask & KADM5_PW_MIN_LIFE))
-       pent.pw_min_life = 0;
-    else {
-       if((mask & KADM5_PW_MAX_LIFE)) {
-           if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
-               return KADM5_BAD_MIN_PASS_LIFE;
-       }
-       pent.pw_min_life = entry->pw_min_life;
-    }
-    if (!(mask & KADM5_PW_MIN_LENGTH))
-       pent.pw_min_length = MIN_PW_LENGTH;
-    else {
-       if(entry->pw_min_length < MIN_PW_LENGTH)
-           return KADM5_BAD_LENGTH;
-       pent.pw_min_length = entry->pw_min_length;
-    }
-    if (!(mask & KADM5_PW_MIN_CLASSES))
-       pent.pw_min_classes = MIN_PW_CLASSES;
-    else {
-       if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
-           return KADM5_BAD_CLASS;
-       pent.pw_min_classes = entry->pw_min_classes;
-    }
-    if (!(mask & KADM5_PW_HISTORY_NUM))
-       pent.pw_history_num = MIN_PW_HISTORY;
-    else {
-       if(entry->pw_history_num < MIN_PW_HISTORY ||
-          entry->pw_history_num > MAX_PW_HISTORY)
-           return KADM5_BAD_HISTORY;
-       else
-           pent.pw_history_num = entry->pw_history_num;
-    }
-    if (!(mask & KADM5_REF_COUNT))
-       pent.policy_refcnt = 0;
-    else
-       pent.policy_refcnt = entry->policy_refcnt;
-    if ((ret = osa_adb_create_policy(handle->policy_db, &pent)) == OSA_ADB_OK)
-       return KADM5_OK;
-    else
-       return ret;
-}
-         
-kadm5_ret_t
-kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
-{
-    kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_t           entry;
-    int                                ret;
-
-    CHECK_HANDLE(server_handle);
-
-    if(name == (kadm5_policy_t) NULL)
-       return EINVAL;
-    if(strlen(name) == 0)
-       return KADM5_BAD_POLICY;
-    if ((ret = osa_adb_get_policy(handle->policy_db, name, &entry)) != OSA_ADB_OK)
-       return ret;
-    if(entry->policy_refcnt != 0) {
-       osa_free_policy_ent(entry);
-       return KADM5_POLICY_REF;
-    }
-    osa_free_policy_ent(entry);
-    if ((ret = osa_adb_destroy_policy(handle->policy_db, name)) == OSA_ADB_OK)
-       return KADM5_OK;
-    else
-       return ret;
-}
-
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-                        kadm5_policy_ent_t entry, long mask)
-{
-    CHECK_HANDLE(server_handle);
-
-    if (mask & KADM5_REF_COUNT)
-       return KADM5_BAD_MASK;
-    else
-       return kadm5_modify_policy_internal(server_handle, entry, mask);
-}
-
-kadm5_ret_t
-kadm5_modify_policy_internal(void *server_handle,
-                                 kadm5_policy_ent_t entry, long mask)
-{
-    kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_t   p;
-    int                        ret;
-
-    CHECK_HANDLE(server_handle);
-
-    if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
-       return EINVAL;
-    if(strlen(entry->policy) == 0)
-       return KADM5_BAD_POLICY;
-    if((mask & KADM5_POLICY))
-       return KADM5_BAD_MASK;
-               
-    switch ((ret = osa_adb_get_policy(handle->policy_db, entry->policy, &p))) {
-    case OSA_ADB_OK:
-       break;
-    case OSA_ADB_NOENT:
-       return KADM5_UNK_POLICY;
-    default:
-       break;
-    }
-    if ((mask & KADM5_PW_MAX_LIFE))
-       p->pw_max_life = entry->pw_max_life;
-    if ((mask & KADM5_PW_MIN_LIFE)) {
-       if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)  {
-            osa_free_policy_ent(p);
-            return KADM5_BAD_MIN_PASS_LIFE;
-       }
-       p->pw_min_life = entry->pw_min_life;
-    }
-    if ((mask & KADM5_PW_MIN_LENGTH)) {
-       if(entry->pw_min_length < MIN_PW_LENGTH) {
-             osa_free_policy_ent(p);
-             return KADM5_BAD_LENGTH;
-        }
-       p->pw_min_length = entry->pw_min_length;
-    }
-    if ((mask & KADM5_PW_MIN_CLASSES)) {
-       if(entry->pw_min_classes > MAX_PW_CLASSES ||
-          entry->pw_min_classes < MIN_PW_CLASSES) {
-            osa_free_policy_ent(p);
-            return KADM5_BAD_CLASS;
-       }
-       p->pw_min_classes = entry->pw_min_classes;
-    }
-    if ((mask & KADM5_PW_HISTORY_NUM)) {
-       if(entry->pw_history_num < MIN_PW_HISTORY ||
-          entry->pw_history_num > MAX_PW_HISTORY) {
-            osa_free_policy_ent(p);
-            return KADM5_BAD_HISTORY;
-       }
-       p->pw_history_num = entry->pw_history_num;
-    }
-    if ((mask & KADM5_REF_COUNT))
-       p->policy_refcnt = entry->policy_refcnt;
-    switch ((ret = osa_adb_put_policy(handle->policy_db, p))) {
-    case OSA_ADB_OK:
-       ret = KADM5_OK;
-       break;
-    case OSA_ADB_NOENT:        /* this should not happen here ... */
-       ret = KADM5_UNK_POLICY;
-       break;
-    }
-    osa_free_policy_ent(p);
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_get_policy(void *server_handle, kadm5_policy_t name,
-                kadm5_policy_ent_t entry) 
-{
-    osa_policy_ent_t           t;
-    kadm5_policy_ent_rec       entry_local, **entry_orig, *new;
-    int                                ret;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    /*
-     * In version 1, entry is a pointer to a kadm5_policy_ent_t that
-     * should be filled with allocated memory.
-     */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        entry_orig = (kadm5_policy_ent_rec **) entry;
-        *entry_orig = NULL;
-        entry = &entry_local;
-    }
-    
-    if (name == (kadm5_policy_t) NULL)
-       return EINVAL;
-    if(strlen(name) == 0)
-       return KADM5_BAD_POLICY;
-    switch((ret = osa_adb_get_policy(handle->policy_db, name, &t))) {
-    case OSA_ADB_OK:
-       break;
-    case OSA_ADB_NOENT:
-       return KADM5_UNK_POLICY;
-    default:
-       return ret;
-    }
-    if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) {
-        osa_free_policy_ent(t);
-        return ENOMEM;
-    }
-    strcpy(entry->policy, t->name);
-    entry->pw_min_life = t->pw_min_life;
-    entry->pw_max_life = t->pw_max_life;
-    entry->pw_min_length = t->pw_min_length;
-    entry->pw_min_classes = t->pw_min_classes;
-    entry->pw_history_num = t->pw_history_num;
-    entry->policy_refcnt = t->policy_refcnt;
-    osa_free_policy_ent(t);
-
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
-        if (new == NULL) {
-             free(entry->policy);
-             osa_free_policy_ent(t);
-             return ENOMEM;
-        }
-        *new = *entry;
-        *entry_orig = new;
-    }
-    
-    return KADM5_OK;
-}
diff --git a/src/lib/kadm5/svr_principal.c b/src/lib/kadm5/svr_principal.c
deleted file mode 100644 (file)
index 6f9671f..0000000
+++ /dev/null
@@ -1,1350 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       <sys/types.h>
-#include       <sys/time.h>
-#include       <kadm5/admin.h>
-#include       "adb.h"
-#include       "k5-int.h"
-#include       <krb5/kdb.h>
-#include       <stdio.h>
-#include       <string.h>
-#include       "server_internal.h"
-#include       <stdarg.h>
-#include       <stdlib.h>
-
-extern krb5_principal      master_princ;
-extern krb5_principal      hist_princ;
-extern krb5_encrypt_block  master_encblock;
-extern krb5_encrypt_block  hist_encblock;
-extern krb5_keyblock       master_keyblock;
-extern krb5_keyblock       hist_key;
-extern krb5_db_entry       master_db;
-extern krb5_db_entry       hist_db;
-extern  krb5_kvno          hist_kvno;
-
-static int decrypt_key_data(krb5_context context,
-                           int n_key_data, krb5_key_data *key_data,
-                           krb5_keyblock **keyblocks, int *n_keys);
-
-/*
- * XXX Functions that ought to be in libkrb5.a, but aren't.
- */
-int krb5_free_keyblock_contents(context, key)
-     krb5_context context;
-     krb5_keyblock *key;
-{
-     memset(key->contents, 0, key->length);
-     krb5_xfree(key->contents);
-     return 0;
-}
-
-kadm5_ret_t krb5_copy_key_data_contents(context, from, to)
-   krb5_context context;
-   krb5_key_data *from, *to;
-{
-     int i, idx;
-     
-     *to = *from;
-
-     idx = (from->key_data_ver == 1 ? 1 : 2);
-
-     for (i = 0; i < idx; i++) {
-         to->key_data_contents[i] = malloc(from->key_data_length[i]);
-         if (to->key_data_contents[i] == NULL) {
-              for (i = 0; i < idx; i++) {
-                   if (to->key_data_contents[i]) {
-                        memset(to->key_data_contents[i], 0,
-                               to->key_data_length[i]);
-                        free(to->key_data_contents[i]);
-                   }
-              }
-              return ENOMEM;
-         }
-         memcpy(to->key_data_contents[i], from->key_data_contents[i],
-                from->key_data_length[i]);
-     }
-     return 0;
-}
-
-static krb5_tl_data *dup_tl_data(krb5_tl_data *tl)
-{
-     krb5_tl_data *n;
-
-     n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
-     if (n == NULL)
-         return NULL;
-     n->tl_data_contents = malloc(tl->tl_data_length);
-     if (n->tl_data_contents == NULL) {
-         free(n);
-         return NULL;
-     }
-     memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
-     n->tl_data_type = tl->tl_data_type;
-     n->tl_data_length = tl->tl_data_length;
-     n->tl_data_next = NULL;
-     return n;
-}
-
-kadm5_ret_t
-kadm5_create_principal(void *server_handle,
-                           kadm5_principal_ent_t entry, long mask,
-                           char *password)
-{
-    krb5_db_entry              kdb;
-    osa_princ_ent_rec          adb;
-    kadm5_policy_ent_rec       polent;
-    krb5_int32                 now;
-    krb5_tl_data               *tl_data_orig, *tl_data_tail;
-    unsigned int               ret;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    /*
-     * Argument sanity checking, and opening up the DB
-     */
-    if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
-       (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
-       (mask & KADM5_MKVNO) || (mask & KADM5_POLICY_CLR) ||
-       (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) ||
-       (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
-       (mask & KADM5_FAIL_AUTH_COUNT))
-       return KADM5_BAD_MASK;
-    if((mask & ~ALL_PRINC_MASK))
-       return KADM5_BAD_MASK;
-    if (entry == (kadm5_principal_ent_t) NULL || password == NULL)
-       return EINVAL;
-
-    /*
-     * Check to see if the principal exists
-     */
-    ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
-
-    switch(ret) {
-    case KADM5_UNK_PRINC:
-       break;
-    case 0:
-       kdb_free_entry(handle, &kdb, &adb);
-       return KADM5_DUP;
-    default:
-       return ret;
-    }
-
-    memset(&kdb, 0, sizeof(krb5_db_entry));
-    memset(&adb, 0, sizeof(osa_princ_ent_rec));
-
-    /*
-     * If a policy was specified, load it.
-     * If we can not find the one specified return an error
-     */
-    if ((mask & KADM5_POLICY)) {
-        if ((ret = kadm5_get_policy(handle->lhandle, entry->policy,
-                                    &polent)) != KADM5_OK) {
-           if(ret == EINVAL) 
-               return KADM5_BAD_POLICY;
-           else
-               return ret;
-       }
-    }
-    if (ret = passwd_check(handle, password, (mask & KADM5_POLICY),
-                          &polent, entry->principal)) {
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return ret;
-    }
-    /*
-     * Start populating the various DB fields, using the
-     * "defaults" for fields that were not specified by the
-     * mask.
-     */
-    if (ret = krb5_timeofday(handle->context, &now)) {
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return ret;
-    }
-
-    kdb.magic = KRB5_KDB_MAGIC_NUMBER;
-    kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
-
-    if ((mask & KADM5_ATTRIBUTES)) 
-       kdb.attributes = entry->attributes;
-    else
-       kdb.attributes = handle->params.flags;
-
-    if ((mask & KADM5_MAX_LIFE))
-       kdb.max_life = entry->max_life; 
-    else 
-       kdb.max_life = handle->params.max_life;
-
-    if (mask & KADM5_MAX_RLIFE)
-        kdb.max_renewable_life = entry->max_renewable_life;
-    else
-        kdb.max_renewable_life = handle->params.max_rlife;
-
-    if ((mask & KADM5_PRINC_EXPIRE_TIME))
-       kdb.expiration = entry->princ_expire_time;
-    else
-       kdb.expiration = handle->params.expiration;
-
-    kdb.pw_expiration = 0;
-    if ((mask & KADM5_POLICY)) {
-       if(polent.pw_max_life)
-           kdb.pw_expiration = now + polent.pw_max_life;
-       else
-           kdb.pw_expiration = 0;
-    }
-    if ((mask & KADM5_PW_EXPIRATION)) {
-       if(!kdb.pw_expiration)
-           kdb.pw_expiration = entry->pw_expiration;
-       else {
-           if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                   entry->pw_expiration : kdb.pw_expiration;
-       }
-    }
-
-    kdb.last_success = 0;
-    kdb.last_failed = 0;
-    kdb.fail_auth_count = 0;
-
-    /* this is kind of gross, but in order to free the tl data, I need
-       to free the entire kdb entry, and that will try to free the
-       principal. */
-
-    if (ret = krb5_copy_principal(handle->context,
-                                 entry->principal, &(kdb.princ))) {
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return(ret);
-    }
-
-    if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) {
-       krb5_dbe_free_contents(handle->context, &kdb);
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return(ret);
-    }
-
-    /* initialize the keys */
-
-    if (ret = krb5_dbe_cpw(handle->context, &master_encblock,
-                          handle->params.keysalts,
-                          handle->params.num_keysalts,
-                          password,
-                          (mask & KADM5_KVNO)?entry->kvno:1, &kdb)) {
-       krb5_dbe_free_contents(handle->context, &kdb);
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return(ret);
-    }
-
-    /* populate the admin-server-specific fields.  In the OV server,
-       this used to be in a separate database.  Since there's already
-       marshalling code for the admin fields, to keep things simple,
-       I'm going to keep it, and make all the admin stuff occupy a
-       single tl_data record, */
-
-    adb.admin_history_kvno = hist_kvno;
-    if ((mask & KADM5_POLICY)) {
-       adb.aux_attributes = KADM5_POLICY;
-
-       /* this does *not* need to be strdup'ed, because adb is xdr */
-       /* encoded in osa_adb_create_princ, and not ever freed */
-
-       adb.policy = entry->policy;
-    }
-
-    /* increment the policy ref count, if any */
-
-    if ((mask & KADM5_POLICY)) {
-       polent.policy_refcnt++;
-       if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
-                                                   KADM5_REF_COUNT))
-           != KADM5_OK) {
-           krb5_dbe_free_contents(handle->context, &kdb);
-           if (mask & KADM5_POLICY)
-                (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-           return(ret);
-       }
-    }
-
-    if (mask & KADM5_TL_DATA) {
-        /* splice entry->tl_data onto the front of kdb.tl_data */
-        tl_data_orig = kdb.tl_data;
-        for (tl_data_tail = entry->tl_data; tl_data_tail->tl_data_next;
-             tl_data_tail = tl_data_tail->tl_data_next)
-             ;
-        tl_data_tail->tl_data_next = kdb.tl_data;
-        kdb.tl_data = entry->tl_data;
-    }
-
-    /* store the new db entry */
-    ret = kdb_put_entry(handle, &kdb, &adb);
-
-    if (mask & KADM5_TL_DATA) {
-        /* remove entry->tl_data from the front of kdb.tl_data */
-        tl_data_tail->tl_data_next = NULL;
-        kdb.tl_data = tl_data_orig;
-    }
-
-    krb5_dbe_free_contents(handle->context, &kdb);
-
-    if (ret) {
-       if ((mask & KADM5_POLICY)) {
-           /* decrement the policy ref count */
-
-           polent.policy_refcnt--;
-           /*
-            * if this fails, there's nothing we can do anyway.  the
-            * policy refcount wil be too high.
-            */
-           (void) kadm5_modify_policy_internal(handle->lhandle, &polent,
-                                                    KADM5_REF_COUNT);
-       }
-
-       if (mask & KADM5_POLICY)
-            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-       return(ret);
-    }
-
-    if (mask & KADM5_POLICY)
-        (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-
-    return KADM5_OK;
-}
-
-       
-kadm5_ret_t
-kadm5_delete_principal(void *server_handle, krb5_principal principal)
-{
-    unsigned int               ret;
-    kadm5_policy_ent_rec       polent;
-    krb5_db_entry              kdb;
-    osa_princ_ent_rec          adb;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if (principal == NULL)
-       return EINVAL;
-
-    if (ret = kdb_get_entry(handle, principal, &kdb, &adb))
-       return(ret);
-
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-       if ((ret = kadm5_get_policy(handle->lhandle,
-                                   adb.policy, &polent))
-           == KADM5_OK) {
-           polent.policy_refcnt--;
-           if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
-                                                        KADM5_REF_COUNT))
-               != KADM5_OK) {
-               (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-               kdb_free_entry(handle, &kdb, &adb);
-               return(ret);
-           }
-       }
-       if (ret = kadm5_free_policy_ent(handle->lhandle, &polent)) {
-           kdb_free_entry(handle, &kdb, &adb);
-           return ret;
-       }
-    }
-
-    ret = kdb_delete_entry(handle, principal);
-
-    kdb_free_entry(handle, &kdb, &adb);
-
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_modify_principal(void *server_handle,
-                           kadm5_principal_ent_t entry, long mask)
-{
-    int                            ret, ret2, i;
-    kadm5_policy_ent_rec    npol, opol;
-    int                            have_npol = 0, have_opol = 0;
-    krb5_db_entry          kdb;
-    krb5_tl_data           *tl_data_orig, *tl_data_tail;
-    osa_princ_ent_rec      adb;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
-       (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
-       (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-       (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
-       (mask & KADM5_LAST_FAILED))
-       return KADM5_BAD_MASK;
-    if((mask & ~ALL_PRINC_MASK))
-       return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-       return KADM5_BAD_MASK;
-    if(entry == (kadm5_principal_ent_t) NULL)
-       return EINVAL;
-
-    if (ret = kdb_get_entry(handle, entry->principal, &kdb, &adb))
-       return(ret);
-
-    /*
-     * This is pretty much the same as create ...
-     */
-
-    if ((mask & KADM5_POLICY)) {
-       ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
-       switch(ret) {
-       case EINVAL:
-           ret = KADM5_BAD_POLICY;
-           break;
-       case KADM5_UNK_POLICY:
-       case KADM5_BAD_POLICY:
-           ret =  KADM5_UNK_POLICY;
-           goto done;
-           break;
-       case KADM5_OK:
-           have_npol = 1;
-           if(adb.aux_attributes & KADM5_POLICY) {
-               if(strcmp(adb.policy, entry->policy)) {
-                   ret = kadm5_get_policy(handle->lhandle,
-                                          adb.policy, &opol);
-                   switch(ret) {
-                   case EINVAL:
-                   case KADM5_BAD_POLICY:
-                   case KADM5_UNK_POLICY:
-                       break;
-                   case KADM5_OK:
-                       have_opol = 1;
-                       opol.policy_refcnt--;
-                       break;
-                   default:
-                       goto done;
-                       break;
-                   }
-                   npol.policy_refcnt++;
-               }
-           } else npol.policy_refcnt++;
-           adb.aux_attributes |= KADM5_POLICY;
-           if (adb.policy)
-                free(adb.policy);
-           adb.policy = strdup(entry->policy);
-           if (npol.pw_max_life) {
-               if (ret =
-                   krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
-                                                   &(kdb.pw_expiration)))
-                   goto done;
-               kdb.pw_expiration += npol.pw_max_life;
-           } else {
-               kdb.pw_expiration = 0;
-           }
-           break;
-       default:
-           goto done;
-       }
-       if ((mask & KADM5_PW_EXPIRATION)) {
-           if(kdb.pw_expiration == 0)
-               kdb.pw_expiration = entry->pw_expiration;
-           else if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                                   entry->pw_expiration : kdb.pw_expiration;
-       }
-    }
-    if ((mask & KADM5_PW_EXPIRATION) && !(mask & KADM5_POLICY)) {
-           if(kdb.pw_expiration == 0)
-               kdb.pw_expiration = entry->pw_expiration;
-           else if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                                   entry->pw_expiration : kdb.pw_expiration;
-    }
-
-    if ((mask & KADM5_POLICY_CLR)) {
-       if (adb.aux_attributes & KADM5_POLICY) {
-           adb.aux_attributes &= ~KADM5_POLICY;
-           kdb.pw_expiration = 0;
-           ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
-           switch(ret) {
-           case EINVAL:
-           case KADM5_BAD_POLICY:
-           case KADM5_UNK_POLICY:
-               ret = KADM5_BAD_DB;
-               goto done;
-               break;
-           case KADM5_OK:
-               have_opol = 1;
-               if (adb.policy)
-                    free(adb.policy);
-               adb.policy = NULL;
-               opol.policy_refcnt--;
-               break;
-           default:
-               goto done;
-               break;
-           }
-       }
-    }
-    if (((mask & KADM5_POLICY) ||
-        (mask & KADM5_POLICY_CLR)) &&
-       (((have_opol) &&
-         (ret =
-          kadm5_modify_policy_internal(handle->lhandle, &opol,
-                                            KADM5_REF_COUNT))) ||
-        ((have_npol) &&
-         (ret =
-          kadm5_modify_policy_internal(handle->lhandle, &npol,
-                                            KADM5_REF_COUNT)))))
-       goto done;
-
-    if ((mask & KADM5_ATTRIBUTES)) 
-       kdb.attributes = entry->attributes;
-    if ((mask & KADM5_MAX_LIFE))
-       kdb.max_life = entry->max_life;
-    if ((mask & KADM5_PRINC_EXPIRE_TIME))
-       kdb.expiration = entry->princ_expire_time;
-    /* the pw_expiration logic would go here if it wasn't spread
-       all over the policy code */
-    if (mask & KADM5_MAX_RLIFE)
-        kdb.max_renewable_life = entry->max_renewable_life;
-    if (mask & KADM5_FAIL_AUTH_COUNT)
-        kdb.fail_auth_count = entry->fail_auth_count;
-    
-    if((mask & KADM5_KVNO)) {
-        for (i = 0; i < kdb.n_key_data; i++)
-             kdb.key_data[i].key_data_kvno = entry->kvno;
-    }
-
-    if (mask & KADM5_TL_DATA) {
-        /* splice entry->tl_data onto the front of kdb.tl_data */
-        tl_data_orig = kdb.tl_data;
-        for (tl_data_tail = entry->tl_data; tl_data_tail->tl_data_next;
-             tl_data_tail = tl_data_tail->tl_data_next)
-             ;
-        tl_data_tail->tl_data_next = kdb.tl_data;
-        kdb.tl_data = entry->tl_data;
-    }
-
-    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-       goto done;
-
-    if (mask & KADM5_TL_DATA) {
-        /* remove entry->tl_data from the front of kdb.tl_data */
-        tl_data_tail->tl_data_next = NULL;
-        kdb.tl_data = tl_data_orig;
-    }
-    
-    ret = KADM5_OK;
-done:
-    if (have_opol) {
-        ret2 = kadm5_free_policy_ent(handle->lhandle, &opol);
-        ret = ret ? ret : ret2;
-    }
-    if (have_npol) {
-        ret2 = kadm5_free_policy_ent(handle->lhandle, &npol);
-        ret = ret ? ret : ret2;
-    }
-    kdb_free_entry(handle, &kdb, &adb);
-    return ret;
-}
-    
-kadm5_ret_t
-kadm5_rename_principal(void *server_handle,
-                           krb5_principal source, krb5_principal target)
-{
-    krb5_db_entry      kdb;
-    osa_princ_ent_rec  adb;
-    int                        ret, i;
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    if (source == NULL || target == NULL)
-       return EINVAL;
-
-    if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) {
-       kdb_free_entry(handle, &kdb, &adb);
-       return(KADM5_DUP);
-    }
-
-    if ((ret = kdb_get_entry(handle, source, &kdb, &adb)))
-       return ret;
-
-    /* this is kinda gross, but unavoidable */
-
-    for (i=0; i<kdb.n_key_data; i++) {
-       if ((kdb.key_data[i].key_data_ver == 1) ||
-           (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
-           ret = KADM5_NO_RENAME_SALT;
-           goto done;
-       }
-    }
-
-    krb5_free_principal(handle->context, kdb.princ);
-    if (ret = krb5_copy_principal(handle->context, target, &kdb.princ)) {
-       kdb.princ = NULL; /* so freeing the dbe doesn't lose */
-       goto done;
-    }
-
-    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-       goto done;
-
-    ret = kdb_delete_entry(handle, source);
-
-done:
-    kdb_free_entry(handle, &kdb, &adb);
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_get_principal(void *server_handle, krb5_principal principal,
-                   kadm5_principal_ent_t entry,
-                   long in_mask)
-{
-    krb5_db_entry              kdb;
-    osa_princ_ent_rec          adb;
-    osa_adb_ret_t              ret = 0;
-    long                       mask;
-    int i;
-    kadm5_server_handle_t handle = server_handle;
-    kadm5_principal_ent_rec    entry_local, *entry_orig;
-
-    CHECK_HANDLE(server_handle);
-
-    /*
-     * In version 1, all the defined fields are always returned.
-     * entry is a pointer to a kadm5_principal_ent_t_v1 that should be
-     * filled with allocated memory.
-     */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        mask = KADM5_PRINCIPAL_NORMAL_MASK;
-        entry_orig = entry;
-        entry = &entry_local;
-    } else {
-        mask = in_mask;
-    }
-
-    memset((char *) entry, 0, sizeof(*entry));
-
-    if (principal == NULL)
-       return EINVAL;
-
-    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return ret;
-
-    if ((mask & KADM5_POLICY) &&
-       adb.policy && (adb.aux_attributes & KADM5_POLICY)) {
-       if ((entry->policy = (char *) malloc(strlen(adb.policy) + 1)) == NULL) {
-           ret = ENOMEM;
-           goto done;
-       }
-       strcpy(entry->policy, adb.policy);
-    }
-
-    if (mask & KADM5_AUX_ATTRIBUTES)
-        entry->aux_attributes = adb.aux_attributes;
-
-    if ((mask & KADM5_PRINCIPAL) &&
-       (ret = krb5_copy_principal(handle->context, principal,
-                                  &entry->principal))) { 
-       goto done;
-    }
-
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-        entry->princ_expire_time = kdb.expiration;
-
-    if ((mask & KADM5_LAST_PWD_CHANGE) &&
-       (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
-                                              &(entry->last_pwd_change)))) {
-       goto done;
-    }
-
-    if (mask & KADM5_PW_EXPIRATION)
-        entry->pw_expiration = kdb.pw_expiration;
-    if (mask & KADM5_MAX_LIFE)
-        entry->max_life = kdb.max_life;
-
-    /* this is a little non-sensical because the function returns two */
-    /* values that must be checked separately against the mask */
-    if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
-        if (ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
-                                                 &(entry->mod_date),
-                                                 &(entry->mod_name))) {
-             goto done;
-        }
-        if (! (mask & KADM5_MOD_TIME))
-             entry->mod_date = 0;
-        if (! (mask & KADM5_MOD_NAME)) {
-             krb5_free_principal(handle->context, entry->principal);
-             entry->principal = NULL;
-        }
-    }
-
-    if (mask & KADM5_ATTRIBUTES)
-        entry->attributes = kdb.attributes;
-
-    if (mask & KADM5_KVNO)
-        for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++)
-             if (kdb.key_data[i].key_data_kvno > entry->kvno)
-                  entry->kvno = kdb.key_data[i].key_data_kvno;
-    
-    if (handle->api_version == KADM5_API_VERSION_2)
-        entry->mkvno = 0;
-    else {
-        /* XXX I'll be damned if I know how to deal with this one --marc */
-        entry->mkvno = 1;
-    }
-
-    /*
-     * The new fields that only exist in version 2 start here
-     */
-    if (handle->api_version == KADM5_API_VERSION_2) {
-        if (mask & KADM5_MAX_RLIFE)
-             entry->max_renewable_life = kdb.max_renewable_life;
-        if (mask & KADM5_LAST_SUCCESS)
-             entry->last_success = kdb.last_success;
-        if (mask & KADM5_LAST_FAILED)
-             entry->last_failed = kdb.last_failed;
-        if (mask & KADM5_FAIL_AUTH_COUNT)
-             entry->fail_auth_count = kdb.fail_auth_count;
-        if (mask & KADM5_TL_DATA) {
-             krb5_tl_data td, *tl, *tl2;
-
-             entry->n_tl_data = kdb.n_tl_data;
-             entry->tl_data = NULL;
-             
-             tl = kdb.tl_data;
-             while (tl) {
-                  if ((tl2 = dup_tl_data(tl)) == NULL) {
-                       ret = ENOMEM;
-                       goto done;
-                  }
-                  tl2->tl_data_next = entry->tl_data;
-                  entry->tl_data = tl2;
-
-                  tl = tl->tl_data_next;
-             }
-             
-             if (kdb.e_length) {
-                  td.tl_data_type = KRB5_TL_KADM5_E_DATA;
-                  td.tl_data_length = kdb.e_length;
-                  td.tl_data_contents = kdb.e_data;
-
-                  if ((tl = dup_tl_data(&td)) == NULL) {
-                       ret = ENOMEM;
-                       goto done;
-                  }
-                  tl->tl_data_next = entry->tl_data;
-                  entry->tl_data = tl;
-             }
-        }
-        if (mask & KADM5_KEY_DATA) {
-             entry->n_key_data = kdb.n_key_data;
-             entry->key_data = (krb5_key_data *)
-                  malloc(entry->n_key_data*sizeof(krb5_key_data));
-             if (entry->key_data == NULL) {
-                  ret = ENOMEM;
-                  goto done;
-             }
-             for (i = 0; i < entry->n_key_data; i++)
-                  if (ret = krb5_copy_key_data_contents(handle->context,
-                                                        &kdb.key_data[i],
-                                                        &entry->key_data[i]))
-                       goto done;
-        }
-    }
-
-    /*
-     * If KADM5_API_VERSION_1, we return an allocated structure, and
-     * we need to convert the new structure back into the format the
-     * caller is expecting.
-     */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_principal_ent_t_v1 newv1;
-
-        newv1 = ((kadm5_principal_ent_t_v1) calloc(1, sizeof(*newv1)));
-        if (newv1 == NULL) {
-             ret = ENOMEM;
-             goto done;
-        }
-        
-        newv1->principal = entry->principal;
-        newv1->princ_expire_time = entry->princ_expire_time;
-        newv1->last_pwd_change = entry->last_pwd_change;
-        newv1->pw_expiration = entry->pw_expiration;
-        newv1->max_life = entry->max_life;
-        newv1->mod_name = entry->mod_name;
-        newv1->mod_date = entry->mod_date;
-        newv1->attributes = entry->attributes;
-        newv1->kvno = entry->kvno;
-        newv1->mkvno = entry->mkvno;
-        newv1->policy = entry->policy;
-        newv1->aux_attributes = entry->aux_attributes;
-
-        *((kadm5_principal_ent_t_v1 *) entry_orig) = newv1;
-    }
-
-    ret = KADM5_OK;
-
-done:
-    if (ret && entry->principal)
-        krb5_free_principal(handle->context, entry->principal);
-    kdb_free_entry(handle, &kdb, &adb);
-
-    return ret;
-}
-
-/*
- * Function: check_pw_reuse
- *
- * Purpose: Check if a key appears in a list of keys, in order to
- * enforce password history.
- *
- * Arguments:
- *
- *     context                 (r) the krb5 context
- *     histkey_encblock        (r) the encblock that hist_key_data is
- *                             encrypted in
- *     n_new_key_data          (r) length of new_key_data
- *     new_key_data            (r) keys to check against
- *                             pw_hist_data, encrypted in histkey_encblock
- *     n_pw_hist_data          (r) length of pw_hist_data
- *     pw_hist_data            (r) passwords to check new_key_data against
- *
- * Effects:
- * For each new_key in new_key_data:
- *     decrypt new_key with the master_encblock
- *     for each password in pw_hist_data:
- *             for each hist_key in password:
- *                     decrypt hist_key with histkey_encblock
- *                     compare the new_key and hist_key
- *
- * Returns krb5 errors, KADM5_PASS_RESUSE if a key in
- * new_key_data is the same as a key in pw_hist_data, or 0.
- */
-static kadm5_ret_t
-check_pw_reuse(krb5_context context,
-              krb5_encrypt_block *histkey_encblock,
-              int n_new_key_data, krb5_key_data *new_key_data,
-              int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
-{
-    int x, y, z;
-    krb5_keyblock newkey, histkey;
-    krb5_error_code ret;
-
-    for (x = 0; x < n_new_key_data; x++) {
-        if (ret = krb5_dbekd_decrypt_key_data(context,
-                                              &master_encblock,
-                                              &(new_key_data[x]),
-                                              &newkey, NULL))
-           return(ret);
-       for (y = 0; y < n_pw_hist_data; y++) {
-            for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
-                 if (ret =
-                     krb5_dbekd_decrypt_key_data(context,
-                                                 histkey_encblock,
-                                                 &pw_hist_data[y].key_data[z],
-                                                 &histkey, NULL))
-                      return(ret);             
-                 
-                 if ((newkey.length == histkey.length) &&
-                     (newkey.enctype == histkey.enctype) &&
-                     (memcmp(newkey.contents, histkey.contents,
-                             histkey.length) == 0)) {
-                      krb5_free_keyblock_contents(context, &histkey);
-                      krb5_free_keyblock_contents(context, &newkey);
-                      
-                      return(KADM5_PASS_REUSE);
-                 }
-                 krb5_free_keyblock_contents(context, &histkey);
-            }
-       }
-       krb5_free_keyblock_contents(context, &newkey);
-    }
-
-    return(0);
-}
-
-/*
- * Function: create_history_entry
- *
- * Purpose: Creates a password history entry from an array of
- * key_data.
- *
- * Arguments:
- *
- *     context         (r) krb5_context to use
- *     n_key_data      (r) number of elements in key_data
- *     key_data        (r) keys to add to the history entry
- *     hist            (w) history entry to fill in
- *
- * Effects:
- *
- * hist->key_data is allocated to store n_key_data key_datas.  Each
- * element of key_data is decrypted with master_encblock, re-encrypted
- * in hist_encblock, and added to hist->key_data.  hist->n_key_data is
- * set to n_key_data.
- */
-int create_history_entry(krb5_context context, int n_key_data,
-                        krb5_key_data *key_data, osa_pw_hist_ent *hist)
-{
-     int i, ret;
-     krb5_keyblock key;
-     krb5_keysalt salt;
-     
-     hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data));
-     if (hist->key_data == NULL)
-         return ENOMEM;
-     memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
-
-     for (i = 0; i < n_key_data; i++) {
-         if (ret = krb5_dbekd_decrypt_key_data(context,
-                                               &master_encblock,
-                                               &key_data[i],
-                                               &key, &salt))
-              return ret;
-         if (ret = krb5_dbekd_encrypt_key_data(context,
-                                               &hist_encblock,
-                                               &key, &salt,
-                                               key_data[i].key_data_kvno,
-                                               &hist->key_data[i]))
-              return ret;
-         krb5_free_keyblock_contents(context, &key);
-         /* krb5_free_keysalt(context, &salt); */
-     }
-
-     hist->n_key_data = n_key_data;
-     return 0;
-}
-
-int free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
-{
-     int i;
-
-     for (i = 0; i < hist->n_key_data; i++)
-         krb5_free_key_data_contents(context, &hist->key_data[i]);
-     free(hist->key_data);
-}
-
-/*
- * Function: add_to_history
- *
- * Purpose: Adds a password to a principal's password history.
- *
- * Arguments:
- *
- *     context         (r) krb5_context to use
- *     adb             (r/w) admin principal entry to add keys to
- *     pol             (r) adb's policy
- *     pw              (r) keys for the password to add to adb's key history
- *
- * Effects:
- *
- * add_to_history adds a single password to adb's password history.
- * pw contains n_key_data keys in its key_data, in storage should be
- * allocated but not freed by the caller (XXX blech!).
- *
- * This function maintains adb->old_keys as a circular queue.  It
- * starts empty, and grows each time this function is called until it
- * is pol->pw_history_num items long.  adb->old_key_len holds the
- * number of allocated entries in the array, and must therefore be [0,
- * pol->pw_history_num).  adb->old_key_next is the index into the
- * array where the next element should be written, and must be [0,
- * adb->old_key_len).
- */
-static kadm5_ret_t add_to_history(krb5_context context,
-                                 osa_princ_ent_t adb,
-                                 kadm5_policy_ent_t pol,
-                                 osa_pw_hist_ent *pw)
-{
-     osa_pw_hist_ent hist, *histp;
-     int ret, i;
-
-     /* A history of 1 means just check the current password */
-     if (pol->pw_history_num == 1)
-         return 0;
-
-     /* resize the adb->old_keys array if necessary */
-     if (adb->old_key_len < pol->pw_history_num-1) {
-         adb->old_keys = (osa_pw_hist_ent *)
-              realloc(adb->old_keys,
-                      (adb->old_key_len+1)*sizeof(osa_pw_hist_ent));
-         if (adb->old_keys == NULL)
-              return(ENOMEM);
-         
-         memset(&adb->old_keys[adb->old_key_len],0,sizeof(osa_pw_hist_ent)); 
-         adb->old_key_len++;
-     }
-
-     /* free the old pw history entry if it contains data */
-     histp = &adb->old_keys[adb->old_key_next];
-     for (i = 0; i < histp->n_key_data; i++)
-         krb5_free_key_data_contents(context, &histp->key_data[i]);
-     
-     /* store the new entry */
-     adb->old_keys[adb->old_key_next] = *pw;
-
-     /* update the next pointer */
-     if (++adb->old_key_next == pol->pw_history_num-1)
-              adb->old_key_next = 0;
-
-     return(0);
-}
-
-kadm5_ret_t
-kadm5_chpass_principal(void *server_handle,
-                           krb5_principal principal, char *password)
-{
-    krb5_int32                 now;
-    kadm5_policy_ent_rec       pol;
-    osa_princ_ent_rec          adb;
-    krb5_db_entry              kdb, kdb_save;
-    int                                ret, ret2, last_pwd, i, hist_added;
-    int                                have_pol = 0;
-    kadm5_server_handle_t      handle = server_handle;
-    osa_pw_hist_ent            hist;
-
-    CHECK_HANDLE(server_handle);
-
-    hist_added = 0;
-    memset(&hist, 0, sizeof(hist));
-
-    if (principal == NULL || password == NULL)
-       return EINVAL;
-    if ((krb5_principal_compare(handle->context,
-                               principal, hist_princ)) == TRUE)
-       return KADM5_PROTECT_PRINCIPAL;
-
-    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
-
-    /* we are going to need the current keys after the new keys are set */
-    if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) {
-        kdb_free_entry(handle, &kdb, &adb);
-        return(ret);
-    }
-    
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-       if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol)))
-            goto done;
-       have_pol = 1;
-    }
-
-    if ((ret = passwd_check(handle, password, adb.aux_attributes &
-                           KADM5_POLICY, &pol, principal)))
-        goto done;
-
-    if (ret = krb5_dbe_cpw(handle->context, &master_encblock,
-                          handle->params.keysalts,
-                          handle->params.num_keysalts,
-                          password, 0 /* increment kvno */, &kdb))
-       goto done;
-
-    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-
-    if (ret = krb5_timeofday(handle->context, &now))
-        goto done;
-    
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-       /* the policy was loaded before */
-
-       if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-                                                 &kdb, &last_pwd))
-            goto done;
-
-#if 0
-        /*
-         * The spec says this check is overridden if the caller has
-         * modify privilege.  The admin server therefore makes this
-         * check itself (in chpass_principal_wrapper, misc.c). A
-         * local caller implicitly has all authorization bits.
-         */
-       if ((now - last_pwd) < pol.pw_min_life &&
-           !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-            ret = KADM5_PASS_TOOSOON;
-            goto done;
-       }
-#endif
-
-       if (ret = create_history_entry(handle->context,
-                                      kdb_save.n_key_data,
-                                      kdb_save.key_data, &hist))
-            goto done;
-
-       if (ret = check_pw_reuse(handle->context,
-                                &hist_encblock,
-                                kdb.n_key_data, kdb.key_data,
-                                1, &hist))
-            goto done;
-        
-       if (pol.pw_history_num > 1) {
-           if (adb.admin_history_kvno != hist_kvno) {
-               ret = KADM5_BAD_HIST_KEY;
-               goto done;
-           }
-
-           if (ret = check_pw_reuse(handle->context,
-                                    &hist_encblock,
-                                    kdb.n_key_data, kdb.key_data,
-                                    adb.old_key_len, adb.old_keys))
-               goto done;
-
-           if (ret = add_to_history(handle->context, &adb, &pol, &hist))
-                goto done;
-           hist_added = 1;
-       }
-
-       if (pol.pw_max_life)
-          kdb.pw_expiration = now + pol.pw_max_life;
-       else
-          kdb.pw_expiration = 0;
-    } else {
-       kdb.pw_expiration = 0;
-    }
-
-    if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
-       goto done;
-
-    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-       goto done;
-
-    ret = KADM5_OK;
-done:
-    if (!hist_added && hist.key_data)
-        free_history_entry(handle->context, &hist);
-    kdb_free_entry(handle, &kdb, &adb);
-    kdb_free_entry(handle, &kdb_save, NULL);
-    krb5_dbe_free_contents(handle->context, &kdb);
-
-    if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
-       && !ret) 
-        ret = ret2;
-
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_randkey_principal(void *server_handle,
-                       krb5_principal principal,
-                       krb5_keyblock **keyblocks,
-                       int *n_keys)
-{
-    krb5_db_entry              kdb;
-    osa_princ_ent_rec          adb;
-    krb5_int32                 now;
-    kadm5_policy_ent_rec       pol;
-    krb5_key_data              *key_data;
-    krb5_keyblock              *keyblock;
-    int                                ret, last_pwd, have_pol = 0;
-    kadm5_server_handle_t      handle = server_handle;
-
-    if (keyblocks)
-        *keyblocks = NULL;
-
-    CHECK_HANDLE(server_handle);
-
-    if (principal == NULL)
-       return EINVAL;
-    if (hist_princ && /* this will be NULL when initializing the databse */
-       ((krb5_principal_compare(handle->context,
-                                principal, hist_princ)) == TRUE))
-       return KADM5_PROTECT_PRINCIPAL;
-
-    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
-
-    if (ret = krb5_dbe_crk(handle->context, &master_encblock,
-                          handle->params.keysalts,
-                          handle->params.num_keysalts,
-                          &kdb))
-       goto done;
-
-    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-
-    if (ret = krb5_timeofday(handle->context, &now))
-       goto done;
-
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-       if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
-                                   &pol)) != KADM5_OK) 
-          goto done;
-       have_pol = 1;
-
-       if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-                                                 &kdb, &last_pwd))
-            goto done;
-
-#if 0
-        /*
-         * The spec says this check is overridden if the caller has
-         * modify privilege.  The admin server therefore makes this
-         * check itself (in chpass_principal_wrapper, misc.c).  A
-         * local caller implicitly has all authorization bits.
-         */
-       if((now - last_pwd) < pol.pw_min_life &&
-          !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-            ret = KADM5_PASS_TOOSOON;
-            goto done;
-       }
-#endif
-
-       if(pol.pw_history_num > 1) {
-           if(adb.admin_history_kvno != hist_kvno) {
-               ret = KADM5_BAD_HIST_KEY;
-               goto done;
-           }
-
-           if (ret = check_pw_reuse(handle->context,
-                                    &hist_encblock,
-                                    kdb.n_key_data, kdb.key_data,
-                                    adb.old_key_len, adb.old_keys))
-               goto done;
-       }
-       if (pol.pw_max_life)
-          kdb.pw_expiration = now + pol.pw_max_life;
-       else
-          kdb.pw_expiration = 0;
-    } else {
-       kdb.pw_expiration = 0;
-    }
-
-    if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))
-        goto done;
-
-    if (keyblocks) {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             /* Version 1 clients will expect to see a DES_CRC enctype. */
-             if (ret = krb5_dbe_find_enctype(handle->context, &kdb,
-                                             ENCTYPE_DES_CBC_CRC,
-                                             -1, -1, &key_data))
-                  goto done;
-
-             if (ret = decrypt_key_data(handle->context, 1, key_data,
-                                        keyblocks, NULL))
-                  goto done;
-        } else {
-             ret = decrypt_key_data(handle->context,
-                                    kdb.n_key_data, kdb.key_data,
-                                    keyblocks, n_keys);
-             if (ret)
-                  goto done;
-        }
-    }   
-    
-    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-       goto done;
-
-    ret = KADM5_OK;
-done:
-    kdb_free_entry(handle, &kdb, &adb);
-    if (have_pol)
-        kadm5_free_policy_ent(handle->lhandle, &pol);
-
-    return ret;
-}
-
-/*
- * Allocate an array of n_key_data krb5_keyblocks, fill in each
- * element with the results of decrypting the nth key in key_data with
- * master_encblock, and if n_keys is not NULL fill it in with the
- * number of keys decrypted.
- */
-static int decrypt_key_data(krb5_context context,
-                           int n_key_data, krb5_key_data *key_data,
-                           krb5_keyblock **keyblocks, int *n_keys)
-{
-     krb5_keyblock *keys;
-     int ret, i;
-
-     keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock));
-     if (keys == NULL)
-         return ENOMEM;
-     memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
-
-     for (i = 0; i < n_key_data; i++) {
-         if (ret = krb5_dbekd_decrypt_key_data(context,
-                                               &master_encblock,
-                                               &key_data[i], 
-                                               &keys[i], NULL)) {
-
-              memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
-              free(keys);
-              return ret;
-         }
-     }
-
-     *keyblocks = keys;
-     if (n_keys)
-         *n_keys = n_key_data;
-
-     return 0;
-}
-
-/*
- * Function: kadm5_decrypt_key
- *
- * Purpose: Retrieves and decrypts a principal key.
- *
- * Arguments:
- *
- *     server_handle   (r) kadm5 handle
- *     entry           (r) principal retrieved with kadm5_get_principal
- *     ktype           (r) enctype to search for, or -1 to ignore
- *     stype           (r) salt type to search for, or -1 to ignore
- *     kvno            (r) kvno to search for, -1 for max, 0 for max
- *                     only if it also matches ktype and stype
- *     keyblock        (w) keyblock to fill in
- *     keysalt         (w) keysalt to fill in, or NULL
- *     kvnop           (w) kvno to fill in, or NULL
- *
- * Effects: Searches the key_data array of entry, which must have been
- * retrived with kadm5_get_principal with the KADM5_KEY_DATA mask, to
- * find a key with a specified enctype, salt type, and kvno in a
- * principal entry.  If not found, return ENOENT.  Otherwise, decrypt
- * it with the master key, and return the key in keyblock, the salt
- * in salttype, and the key version number in kvno.
- *
- * If ktype or stype is -1, it is ignored for the search.  If kvno is
- * -1, ktype and stype are ignored and the key with the max kvno is
- * returned.  If kvno is 0, only the key with the max kvno is returned
- * and only if it matches the ktype and stype; otherwise, ENOENT is
- * returned.
- */
-kadm5_ret_t kadm5_decrypt_key(void *server_handle,
-                             kadm5_principal_ent_t entry, krb5_int32
-                             ktype, krb5_int32 stype, krb5_int32
-                             kvno, krb5_keyblock *keyblock,
-                             krb5_keysalt *keysalt, int *kvnop)
-{
-    kadm5_server_handle_t handle = server_handle;
-    krb5_db_entry dbent;
-    krb5_key_data *key_data;
-    int ret;
-
-    CHECK_HANDLE(server_handle);
-
-    if (entry->n_key_data == 0 || entry->key_data == NULL)
-        return EINVAL;
-
-    /* find_enctype only uses these two fields */
-    dbent.n_key_data = entry->n_key_data;
-    dbent.key_data = entry->key_data;
-    if (ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
-                                   stype, kvno, &key_data))
-        return ret;
-
-    if (ret = krb5_dbekd_decrypt_key_data(handle->context,
-                                         &master_encblock, key_data,
-                                         keyblock, keysalt))
-        return ret;
-
-    if (kvnop)
-        *kvnop = key_data->key_data_kvno;
-
-    return KADM5_OK;
-}