diff options
| -rw-r--r-- | src/kadmin/v5server/kadm5_defs.h | 2 | ||||
| -rw-r--r-- | src/kadmin/v5server/passwd.c | 3 | ||||
| -rw-r--r-- | src/kadmin/v5server/srv_acl.c | 6 | ||||
| -rw-r--r-- | src/kadmin/v5server/srv_key.c | 22 | ||||
| -rw-r--r-- | src/kadmin/v5server/srv_main.c | 8 | ||||
| -rw-r--r-- | src/kadmin/v5server/srv_net.c | 9 | ||||
| -rw-r--r-- | src/kadmin/v5server/srv_output.c | 1 |
7 files changed, 40 insertions, 11 deletions
diff --git a/src/kadmin/v5server/kadm5_defs.h b/src/kadmin/v5server/kadm5_defs.h index 80f46f0206..b986d10107 100644 --- a/src/kadmin/v5server/kadm5_defs.h +++ b/src/kadmin/v5server/kadm5_defs.h @@ -198,7 +198,7 @@ void net_finish KRB5_PROTOTYPE((krb5_context, int)); krb5_error_code net_dispatch - KRB5_PROTOTYPE((krb5_context)); + KRB5_PROTOTYPE((krb5_context, int)); krb5_principal net_server_princ(); /* proto_serv.c */ diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c index 632c18f951..7964e31260 100644 --- a/src/kadmin/v5server/passwd.c +++ b/src/kadmin/v5server/passwd.c @@ -324,7 +324,10 @@ passwd_set_npass(kcontext, debug_level, princ, dbentp, pwdata) if (nwrite != 1) kret = KRB5KRB_ERR_GENERIC; +#ifdef USE_KDB5_CPW + /* it's only a copy under the new code, see memcpy above */ (void) krb5_db_free_principal(kcontext, &entry2write, 1); +#endif /* USE_KDB5_CPW */ cleanup: #ifndef USE_KDB5_CPW diff --git a/src/kadmin/v5server/srv_acl.c b/src/kadmin/v5server/srv_acl.c index a3ead0f114..4055d356e4 100644 --- a/src/kadmin/v5server/srv_acl.c +++ b/src/kadmin/v5server/srv_acl.c @@ -74,7 +74,7 @@ static int acl_debug_level = 0; * the case where the ACL file is not present, this entry controls what can * be done. The default is that everybody can change their own password. */ -static const char *acl_catchall_entry = "* o"; +static const char *acl_catchall_entry = "* o "; static const char *acl_line2long_msg = "%s: line %d too long, truncated\n"; static const char *acl_op_bad_msg = "Unrecognized ACL operation '%c' in %s\n"; @@ -235,6 +235,7 @@ acl_free_entries() static int acl_load_acl_file() { +char tmpbuf[10]; FILE *afp; char *alinep; aent_t **aentpp; @@ -261,7 +262,8 @@ acl_load_acl_file() acl_list_tail = *aentpp; aentpp = &(*aentpp)->ae_next; } - if (*aentpp = acl_parse_line(acl_catchall_entry)) { +strcpy(tmpbuf, acl_catchall_entry); + if (*aentpp = acl_parse_line(tmpbuf)) { acl_list_tail = *aentpp; } else { diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c index e0910e61c2..165d371a0a 100644 --- a/src/kadmin/v5server/srv_key.c +++ b/src/kadmin/v5server/srv_key.c @@ -536,7 +536,7 @@ key_init(kcontext, debug_level, key_type, master_key_name, manual, * is none, then we want to create it. This way, kadmind5 becomes just * a plug in and go kind of utility. */ - kret = key_get_admin_entry(kcontext, debug_level); + kret = key_get_admin_entry(kcontext); cleanup: if (kret) { @@ -726,6 +726,23 @@ key_string2key_keysalt(ksent, ptr) krb5_xfree(xsalt); } break; + case KRB5_KDB_SALTTYPE_AFS3: + { + /* use KDC-supplied realm for TransArc AFS style salt */ + /* malloc and copy to cover trailing 0, mit_afs_string_to_key + takes care of free'ing it. */ + char *dat; + int len; + len = krb5_princ_realm(argp->context, argp->dbentry->princ)->length; + dat = malloc(1+len); + if (!dat) + goto done; + strncpy(dat, krb5_princ_realm(argp->context, argp->dbentry->princ)->data, len); + dat[len] = 0; + salt.data = dat; + salt.length = -1; /* in order to get around API change */ + break; + } default: goto done; } @@ -750,6 +767,9 @@ key_string2key_keysalt(ksent, ptr) argp->string, &salt))) goto done; + + if (salt.length == -1) + salt.length = strlen (salt.data); /* * Now, salt contains the salt and key contains the decrypted diff --git a/src/kadmin/v5server/srv_main.c b/src/kadmin/v5server/srv_main.c index a640c0f08d..770db0f41c 100644 --- a/src/kadmin/v5server/srv_main.c +++ b/src/kadmin/v5server/srv_main.c @@ -148,8 +148,8 @@ main(argc, argv) int manual_entry = 0; krb5_boolean mime_enabled = 0; int debug_level = 0; - int timeout = -1; int nofork = 0; + int timeout = -1; krb5_int32 service_port = -1; char *acl_file = (char *) NULL; char *db_file = (char *) NULL; @@ -160,8 +160,8 @@ main(argc, argv) char *stash_name = (char *) NULL; krb5_deltat maxlife = -1; krb5_deltat maxrlife = -1; - krb5_timestamp def_expiration; - krb5_flags def_flags; + krb5_timestamp def_expiration = 0; + krb5_flags def_flags = 0; krb5_boolean exp_valid, flags_valid; krb5_realm_params *rparams; krb5_int32 realm_num_keysalts; @@ -450,7 +450,7 @@ main(argc, argv) /* * net_dispatch() only returns when we're done for some reason. */ - error = net_dispatch(kcontext); + error = net_dispatch(kcontext, !nofork); com_err(programname, error, ((error) ? disp_err_fmt : happy_exit_fmt)); diff --git a/src/kadmin/v5server/srv_net.c b/src/kadmin/v5server/srv_net.c index 75ce3beb39..e0fcedc4d7 100644 --- a/src/kadmin/v5server/srv_net.c +++ b/src/kadmin/v5server/srv_net.c @@ -703,8 +703,9 @@ net_finish(kcontext, debug_level) * comes in, dispatch to net_client_connect(). */ krb5_error_code -net_dispatch(kcontext) +net_dispatch(kcontext, detached) krb5_context kcontext; + int detached; { krb5_error_code kret; fd_set mask, readfds; @@ -729,14 +730,18 @@ net_dispatch(kcontext) #ifdef DEBUG (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL); #endif /* DEBUG */ + if (!detached) + (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL); #else /* POSIX_SIGNALS */ /* - * SIGTERM (or SIGINT, if debug) shuts us down. + * SIGTERM (or SIGINT, if debug, or SIGHUP if not detached) shuts us down. */ signal(SIGTERM, net_shutdown); #ifdef DEBUG signal(SIGINT, net_shutdown); #endif /* DEBUG */ + if (!detached) + signal(SIGHUP, net_shutdown); #endif /* POSIX_SIGNALS */ #if !USE_PTHREADS diff --git a/src/kadmin/v5server/srv_output.c b/src/kadmin/v5server/srv_output.c index 06e129f8c4..5d6cf04cf1 100644 --- a/src/kadmin/v5server/srv_output.c +++ b/src/kadmin/v5server/srv_output.c @@ -384,7 +384,6 @@ output_krb5_errmsg(lang, mime, kval) { char *ret; char *ermsg; - int alen; DPRINT(DEBUG_CALLS, output_debug_level, ("* output_krb5_errmsg(v=%d, lang=%s, mime=%d)\n", |