summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/kadmin/v5server/kadm5_defs.h2
-rw-r--r--src/kadmin/v5server/passwd.c3
-rw-r--r--src/kadmin/v5server/srv_acl.c6
-rw-r--r--src/kadmin/v5server/srv_key.c22
-rw-r--r--src/kadmin/v5server/srv_main.c8
-rw-r--r--src/kadmin/v5server/srv_net.c9
-rw-r--r--src/kadmin/v5server/srv_output.c1
7 files changed, 40 insertions, 11 deletions
diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h
index 80f46f0206..b986d10107 100644
--- a/src/kadmin/v5server/kadm5_defs.h
+++ b/src/kadmin/v5server/kadm5_defs.h
@@ -198,7 +198,7 @@ void net_finish
KRB5_PROTOTYPE((krb5_context,
int));
krb5_error_code net_dispatch
- KRB5_PROTOTYPE((krb5_context));
+ KRB5_PROTOTYPE((krb5_context, int));
krb5_principal net_server_princ();
/* proto_serv.c */
diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c
index 632c18f951..7964e31260 100644
--- a/src/kadmin/v5server/passwd.c
+++ b/src/kadmin/v5server/passwd.c
@@ -324,7 +324,10 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata)
if (nwrite != 1)
kret = KRB5KRB_ERR_GENERIC;
+#ifdef USE_KDB5_CPW
+ /* it's only a copy under the new code, see memcpy above */
(void) krb5_db_free_principal(kcontext, &entry2write, 1);
+#endif /* USE_KDB5_CPW */
cleanup:
#ifndef USE_KDB5_CPW
diff --git a/src/kadmin/v5server/srv_acl.c b/src/kadmin/v5server/srv_acl.c
index a3ead0f114..4055d356e4 100644
--- a/src/kadmin/v5server/srv_acl.c
+++ b/src/kadmin/v5server/srv_acl.c
@@ -74,7 +74,7 @@ static int acl_debug_level = 0;
* the case where the ACL file is not present, this entry controls what can
* be done. The default is that everybody can change their own password.
*/
-static const char *acl_catchall_entry = "* o";
+static const char *acl_catchall_entry = "* o ";
static const char *acl_line2long_msg = "%s: line %d too long, truncated\n";
static const char *acl_op_bad_msg = "Unrecognized ACL operation '%c' in %s\n";
@@ -235,6 +235,7 @@ acl_free_entries()
static int
acl_load_acl_file()
{
+char tmpbuf[10];
FILE *afp;
char *alinep;
aent_t **aentpp;
@@ -261,7 +262,8 @@ acl_load_acl_file()
acl_list_tail = *aentpp;
aentpp = &(*aentpp)->ae_next;
}
- if (*aentpp = acl_parse_line(acl_catchall_entry)) {
+strcpy(tmpbuf, acl_catchall_entry);
+ if (*aentpp = acl_parse_line(tmpbuf)) {
acl_list_tail = *aentpp;
}
else {
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c
index e0910e61c2..165d371a0a 100644
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -536,7 +536,7 @@ key_init(kcontext, debug_level, key_type, master_key_name, manual,
* is none, then we want to create it. This way, kadmind5 becomes just
* a plug in and go kind of utility.
*/
- kret = key_get_admin_entry(kcontext, debug_level);
+ kret = key_get_admin_entry(kcontext);
cleanup:
if (kret) {
@@ -726,6 +726,23 @@ key_string2key_keysalt(ksent, ptr)
krb5_xfree(xsalt);
}
break;
+ case KRB5_KDB_SALTTYPE_AFS3:
+ {
+ /* use KDC-supplied realm for TransArc AFS style salt */
+ /* malloc and copy to cover trailing 0, mit_afs_string_to_key
+ takes care of free'ing it. */
+ char *dat;
+ int len;
+ len = krb5_princ_realm(argp->context, argp->dbentry->princ)->length;
+ dat = malloc(1+len);
+ if (!dat)
+ goto done;
+ strncpy(dat, krb5_princ_realm(argp->context, argp->dbentry->princ)->data, len);
+ dat[len] = 0;
+ salt.data = dat;
+ salt.length = -1; /* in order to get around API change */
+ break;
+ }
default:
goto done;
}
@@ -750,6 +767,9 @@ key_string2key_keysalt(ksent, ptr)
argp->string,
&salt)))
goto done;
+
+ if (salt.length == -1)
+ salt.length = strlen (salt.data);
/*
* Now, salt contains the salt and key contains the decrypted
diff --git a/src/kadmin/v5server/srv_main.c b/src/kadmin/v5server/srv_main.c
index a640c0f08d..770db0f41c 100644
--- a/src/kadmin/v5server/srv_main.c
+++ b/src/kadmin/v5server/srv_main.c
@@ -148,8 +148,8 @@ main(argc, argv)
int manual_entry = 0;
krb5_boolean mime_enabled = 0;
int debug_level = 0;
- int timeout = -1;
int nofork = 0;
+ int timeout = -1;
krb5_int32 service_port = -1;
char *acl_file = (char *) NULL;
char *db_file = (char *) NULL;
@@ -160,8 +160,8 @@ main(argc, argv)
char *stash_name = (char *) NULL;
krb5_deltat maxlife = -1;
krb5_deltat maxrlife = -1;
- krb5_timestamp def_expiration;
- krb5_flags def_flags;
+ krb5_timestamp def_expiration = 0;
+ krb5_flags def_flags = 0;
krb5_boolean exp_valid, flags_valid;
krb5_realm_params *rparams;
krb5_int32 realm_num_keysalts;
@@ -450,7 +450,7 @@ main(argc, argv)
/*
* net_dispatch() only returns when we're done for some reason.
*/
- error = net_dispatch(kcontext);
+ error = net_dispatch(kcontext, !nofork);
com_err(programname, error,
((error) ? disp_err_fmt : happy_exit_fmt));
diff --git a/src/kadmin/v5server/srv_net.c b/src/kadmin/v5server/srv_net.c
index 75ce3beb39..e0fcedc4d7 100644
--- a/src/kadmin/v5server/srv_net.c
+++ b/src/kadmin/v5server/srv_net.c
@@ -703,8 +703,9 @@ net_finish(kcontext, debug_level)
* comes in, dispatch to net_client_connect().
*/
krb5_error_code
-net_dispatch(kcontext)
+net_dispatch(kcontext, detached)
krb5_context kcontext;
+ int detached;
{
krb5_error_code kret;
fd_set mask, readfds;
@@ -729,14 +730,18 @@ net_dispatch(kcontext)
#ifdef DEBUG
(void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
#endif /* DEBUG */
+ if (!detached)
+ (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
#else /* POSIX_SIGNALS */
/*
- * SIGTERM (or SIGINT, if debug) shuts us down.
+ * SIGTERM (or SIGINT, if debug, or SIGHUP if not detached) shuts us down.
*/
signal(SIGTERM, net_shutdown);
#ifdef DEBUG
signal(SIGINT, net_shutdown);
#endif /* DEBUG */
+ if (!detached)
+ signal(SIGHUP, net_shutdown);
#endif /* POSIX_SIGNALS */
#if !USE_PTHREADS
diff --git a/src/kadmin/v5server/srv_output.c b/src/kadmin/v5server/srv_output.c
index 06e129f8c4..5d6cf04cf1 100644
--- a/src/kadmin/v5server/srv_output.c
+++ b/src/kadmin/v5server/srv_output.c
@@ -384,7 +384,6 @@ output_krb5_errmsg(lang, mime, kval)
{
char *ret;
char *ermsg;
- int alen;
DPRINT(DEBUG_CALLS, output_debug_level,
("* output_krb5_errmsg(v=%d, lang=%s, mime=%d)\n",