summaryrefslogtreecommitdiffstats
path: root/src/kadmin/testing/util
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2009-08-13 21:25:54 +0000
committerGreg Hudson <ghudson@mit.edu>2009-08-13 21:25:54 +0000
commit1ddf7efda0fa665d86431dfc2a57e90e892b81ab (patch)
tree141ed4abf608f1143e4344aaae0f244dc62d578b /src/kadmin/testing/util
parent45eefd6a6fa51ccf67aaf073c0237bbbd142ae81 (diff)
downloadkrb5-1ddf7efda0fa665d86431dfc2a57e90e892b81ab.tar.gz
krb5-1ddf7efda0fa665d86431dfc2a57e90e892b81ab.tar.xz
krb5-1ddf7efda0fa665d86431dfc2a57e90e892b81ab.zip
Remove kadmin v1 API support
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/testing/util')
-rw-r--r--src/kadmin/testing/util/Makefile.in8
-rw-r--r--src/kadmin/testing/util/deps11
-rw-r--r--src/kadmin/testing/util/tcl_kadm5.c15
-rw-r--r--src/kadmin/testing/util/tcl_kadm5.h1
-rw-r--r--src/kadmin/testing/util/tcl_kadm5_syntax (renamed from src/kadmin/testing/util/tcl_ovsec_kadm_syntax)2
-rw-r--r--src/kadmin/testing/util/tcl_ovsec_kadm.c2036
-rw-r--r--src/kadmin/testing/util/test.c1
7 files changed, 6 insertions, 2068 deletions
diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in
index ec09047cb..b1b61d998 100644
--- a/src/kadmin/testing/util/Makefile.in
+++ b/src/kadmin/testing/util/Makefile.in
@@ -12,11 +12,11 @@ KRB5_PTHREAD_LIB=$(THREAD_LINKOPTS)
PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
-SRCS = $(srcdir)/tcl_ovsec_kadm.c $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
-OBJS = tcl_ovsec_kadm.o tcl_kadm5.o test.o
+SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
+OBJS = tcl_kadm5.o test.o
-CLNTPROG= ovsec_kadm_clnt_tcl
-SRVPROG = ovsec_kadm_srv_tcl
+CLNTPROG= kadm5_clnt_tcl
+SRVPROG = kadm5_srv_tcl
DO_ALL=@DO_ALL@
diff --git a/src/kadmin/testing/util/deps b/src/kadmin/testing/util/deps
index c822ad27b..d4491623d 100644
--- a/src/kadmin/testing/util/deps
+++ b/src/kadmin/testing/util/deps
@@ -1,17 +1,6 @@
#
# Generated makefile dependencies follow.
#
-$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
- $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
- $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
- $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
- $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c
$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
$(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c
index aeffdb167..8de05e5e5 100644
--- a/src/kadmin/testing/util/tcl_kadm5.c
+++ b/src/kadmin/testing/util/tcl_kadm5.c
@@ -123,13 +123,6 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
}
do {
- /*
- * Handles from ovsec_kadm_init() and kadm5_init() should not
- * be mixed during unit tests, but the API would happily
- * accept them. Making the hash entry names different in
- * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
- * will fail if presented a handle from the other API.
- */
sprintf(buf, "kadm5_handle%d", i);
entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
i++;
@@ -152,11 +145,7 @@ static int get_server_handle(Tcl_Interp *interp, const char *name,
else {
if (! (struct_table &&
(entry = Tcl_FindHashEntry(struct_table, name)))) {
- if (strncmp(name, "ovsec_kadm_handle", 17) == 0)
- Tcl_AppendResult(interp, "ovsec_kadm handle "
- "specified for kadm5 api: ", name, 0);
- else
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+ Tcl_AppendResult(interp, "unknown server handle ", name, 0);
return TCL_ERROR;
}
*handle = (void *) Tcl_GetHashValue(entry);
@@ -2497,8 +2486,6 @@ void Tcl_kadm5_init(Tcl_Interp *interp)
KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_1);
- Tcl_SetVar(interp, "KADM5_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_2);
Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
diff --git a/src/kadmin/testing/util/tcl_kadm5.h b/src/kadmin/testing/util/tcl_kadm5.h
index 7e237753a..d2fdd1d03 100644
--- a/src/kadmin/testing/util/tcl_kadm5.h
+++ b/src/kadmin/testing/util/tcl_kadm5.h
@@ -1,4 +1,3 @@
void Tcl_kadm5_init(Tcl_Interp *interp);
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp);
diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm_syntax b/src/kadmin/testing/util/tcl_kadm5_syntax
index 3fc77fbcb..5f16e58e0 100644
--- a/src/kadmin/testing/util/tcl_ovsec_kadm_syntax
+++ b/src/kadmin/testing/util/tcl_kadm5_syntax
@@ -1,5 +1,5 @@
Here's a brief summary of the syntax of the tcl versions of the
-ovsec_kadm commands:
+kadm5 functions:
string Can be a string or "null" which will turn into a null pointer
principal_ent A 12-field list in the order of the principal_ent
diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c
deleted file mode 100644
index 936e028f5..000000000
--- a/src/kadmin/testing/util/tcl_ovsec_kadm.c
+++ /dev/null
@@ -1,2036 +0,0 @@
-#include "autoconf.h"
-#include <stdio.h>
-#include <string.h>
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "tcl_kadm5.h"
-#include <adb_err.h>
-
-struct flagval {
- char *name;
- krb5_flags val;
-};
-
-/* XXX This should probably be in the hash table like server_handle */
-static krb5_context context;
-
-struct flagval krb5_flags_array[] = {
- {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
- {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
- {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
- {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
- {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
- {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
- {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
- {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
- {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
- {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
- {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
- {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
-};
-
-struct flagval aux_attributes[] = {
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY}
-};
-
-struct flagval principal_mask_flags[] = {
- {"OVSEC_KADM_PRINCIPAL", OVSEC_KADM_PRINCIPAL},
- {"OVSEC_KADM_PRINC_EXPIRE_TIME", OVSEC_KADM_PRINC_EXPIRE_TIME},
- {"OVSEC_KADM_PW_EXPIRATION", OVSEC_KADM_PW_EXPIRATION},
- {"OVSEC_KADM_LAST_PWD_CHANGE", OVSEC_KADM_LAST_PWD_CHANGE},
- {"OVSEC_KADM_ATTRIBUTES", OVSEC_KADM_ATTRIBUTES},
- {"OVSEC_KADM_MAX_LIFE", OVSEC_KADM_MAX_LIFE},
- {"OVSEC_KADM_MOD_TIME", OVSEC_KADM_MOD_TIME},
- {"OVSEC_KADM_MOD_NAME", OVSEC_KADM_MOD_NAME},
- {"OVSEC_KADM_KVNO", OVSEC_KADM_KVNO},
- {"OVSEC_KADM_MKVNO", OVSEC_KADM_MKVNO},
- {"OVSEC_KADM_AUX_ATTRIBUTES", OVSEC_KADM_AUX_ATTRIBUTES},
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
- {"OVSEC_KADM_POLICY_CLR", OVSEC_KADM_POLICY_CLR}
-};
-
-struct flagval policy_mask_flags[] = {
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
- {"OVSEC_KADM_PW_MAX_LIFE", OVSEC_KADM_PW_MAX_LIFE},
- {"OVSEC_KADM_PW_MIN_LIFE", OVSEC_KADM_PW_MIN_LIFE},
- {"OVSEC_KADM_PW_MIN_LENGTH", OVSEC_KADM_PW_MIN_LENGTH},
- {"OVSEC_KADM_PW_MIN_CLASSES", OVSEC_KADM_PW_MIN_CLASSES},
- {"OVSEC_KADM_PW_HISTORY_NUM", OVSEC_KADM_PW_HISTORY_NUM},
- {"OVSEC_KADM_REF_COUNT", OVSEC_KADM_REF_COUNT}
-};
-
-struct flagval priv_flags[] = {
- {"OVSEC_KADM_PRIV_GET", OVSEC_KADM_PRIV_GET},
- {"OVSEC_KADM_PRIV_ADD", OVSEC_KADM_PRIV_ADD},
- {"OVSEC_KADM_PRIV_MODIFY", OVSEC_KADM_PRIV_MODIFY},
- {"OVSEC_KADM_PRIV_DELETE", OVSEC_KADM_PRIV_DELETE}
-};
-
-
-static char *arg_error = "wrong # args";
-
-static Tcl_HashTable *struct_table = 0;
-
-static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
-{
- int i = 1, newPtr = 0;
- static char buf[20];
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- /*
- * Handles from ovsec_kadm_init() and kadm5_init() should not
- * be mixed during unit tests, but the API would happily
- * accept them. Making the hash entry names different in
- * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
- * will fail if presented a handle from the other API.
- */
- sprintf(buf, "ovsec_kadm_handle%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, handle);
-
- *name = buf;
-
- return TCL_OK;
-}
-
-static int get_server_handle(Tcl_Interp *interp, const char *name,
- void **handle)
-{
- Tcl_HashEntry *entry;
-
- if(!strcasecmp(name, "null"))
- *handle = 0;
- else {
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- if (strncmp(name, "kadm5_handle", 12) == 0)
- Tcl_AppendResult(interp, "kadm5 handle specified "
- "for ovsec_kadm api: ", name, 0);
- else
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
- *handle = (void *) Tcl_GetHashValue(entry);
- }
- return TCL_OK;
-}
-
-static int remove_server_handle(Tcl_Interp *interp, const char *name)
-{
- Tcl_HashEntry *entry;
-
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
-
- Tcl_DeleteHashEntry(entry);
- return TCL_OK;
-}
-
-#define GET_HANDLE(num_args, do_dostruct) \
- void *server_handle; \
- int dostruct = 0; \
- const char *whoami = argv[0]; \
- argv++, argc--; \
- if ((argc > 0) && (! strcmp(argv[0], "-struct"))) { \
- if (! do_dostruct) { \
- Tcl_AppendResult(interp, "-struct isn't a valid option for ", \
- whoami, 0); \
- return TCL_ERROR; \
- } \
- dostruct++; \
- argv++, argc--; \
- } \
- if (argc != num_args + 1) { \
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \
- return TCL_ERROR; \
- } \
- { \
- int htcl_ret; \
- if ((htcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
- != TCL_OK) { \
- return htcl_ret; \
- } \
- } \
- argv++, argc--;
-
-static Tcl_HashTable *create_flag_table(struct flagval *flags, int size)
-{
- Tcl_HashTable *table;
- Tcl_HashEntry *entry;
- int i;
-
- if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_InitHashTable(table, TCL_STRING_KEYS);
-
- for (i = 0; i < size; i++) {
- int newPtr;
-
- if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_SetHashValue(entry, &flags[i].val);
- }
-
- return table;
-}
-
-
-static Tcl_DString *unparse_str(char *in_str)
-{
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- if (! in_str) {
- Tcl_DStringAppend(str, "null", -1);
- }
- else {
- Tcl_DStringAppend(str, in_str, -1);
- }
-
- return str;
-}
-
-
-
-static int parse_str(Tcl_Interp *interp, const char *in_str,
- char **out_str)
-{
- if (! in_str) {
- *out_str = 0;
- }
- else if (! strcasecmp(in_str, "null")) {
- *out_str = 0;
- }
- else {
- *out_str = (char *) in_str;
- }
- return TCL_OK;
-}
-
-
-static void set_ok(Tcl_Interp *interp, char *string)
-{
- Tcl_SetResult(interp, "OK", TCL_STATIC);
- Tcl_AppendElement(interp, "OVSEC_KADM_OK");
- Tcl_AppendElement(interp, string);
-}
-
-
-
-static Tcl_DString *unparse_err(ovsec_kadm_ret_t code)
-{
- char *code_string;
- const char *error_string;
- Tcl_DString *dstring;
-
- switch (code) {
- case OVSEC_KADM_FAILURE: code_string = "OVSEC_KADM_FAILURE"; break;
- case OVSEC_KADM_AUTH_GET: code_string = "OVSEC_KADM_AUTH_GET"; break;
- case OVSEC_KADM_AUTH_ADD: code_string = "OVSEC_KADM_AUTH_ADD"; break;
- case OVSEC_KADM_AUTH_MODIFY:
- code_string = "OVSEC_KADM_AUTH_MODIFY"; break;
- case OVSEC_KADM_AUTH_DELETE:
- code_string = "OVSEC_KADM_AUTH_DELETE"; break;
- case OVSEC_KADM_AUTH_INSUFFICIENT:
- code_string = "OVSEC_KADM_AUTH_INSUFFICIENT"; break;
- case OVSEC_KADM_BAD_DB: code_string = "OVSEC_KADM_BAD_DB"; break;
- case OVSEC_KADM_DUP: code_string = "OVSEC_KADM_DUP"; break;
- case OVSEC_KADM_RPC_ERROR: code_string = "OVSEC_KADM_RPC_ERROR"; break;
- case OVSEC_KADM_NO_SRV: code_string = "OVSEC_KADM_NO_SRV"; break;
- case OVSEC_KADM_BAD_HIST_KEY:
- code_string = "OVSEC_KADM_BAD_HIST_KEY"; break;
- case OVSEC_KADM_NOT_INIT: code_string = "OVSEC_KADM_NOT_INIT"; break;
- case OVSEC_KADM_INIT: code_string = "OVSEC_KADM_INIT"; break;
- case OVSEC_KADM_BAD_PASSWORD:
- code_string = "OVSEC_KADM_BAD_PASSWORD"; break;
- case OVSEC_KADM_UNK_PRINC: code_string = "OVSEC_KADM_UNK_PRINC"; break;
- case OVSEC_KADM_UNK_POLICY: code_string = "OVSEC_KADM_UNK_POLICY"; break;
- case OVSEC_KADM_BAD_MASK: code_string = "OVSEC_KADM_BAD_MASK"; break;
- case OVSEC_KADM_BAD_CLASS: code_string = "OVSEC_KADM_BAD_CLASS"; break;
- case OVSEC_KADM_BAD_LENGTH: code_string = "OVSEC_KADM_BAD_LENGTH"; break;
- case OVSEC_KADM_BAD_POLICY: code_string = "OVSEC_KADM_BAD_POLICY"; break;
- case OVSEC_KADM_BAD_HISTORY: code_string = "OVSEC_KADM_BAD_HISTORY"; break;
- case OVSEC_KADM_BAD_PRINCIPAL:
- code_string = "OVSEC_KADM_BAD_PRINCIPAL"; break;
- case OVSEC_KADM_BAD_AUX_ATTR:
- code_string = "OVSEC_KADM_BAD_AUX_ATTR"; break;
- case OVSEC_KADM_PASS_Q_TOOSHORT:
- code_string = "OVSEC_KADM_PASS_Q_TOOSHORT"; break;
- case OVSEC_KADM_PASS_Q_CLASS:
- code_string = "OVSEC_KADM_PASS_Q_CLASS"; break;
- case OVSEC_KADM_PASS_Q_DICT:
- code_string = "OVSEC_KADM_PASS_Q_DICT"; break;
- case OVSEC_KADM_PASS_REUSE: code_string = "OVSEC_KADM_PASS_REUSE"; break;
- case OVSEC_KADM_PASS_TOOSOON:
- code_string = "OVSEC_KADM_PASS_TOOSOON"; break;
- case OVSEC_KADM_POLICY_REF:
- code_string = "OVSEC_KADM_POLICY_REF"; break;
- case OVSEC_KADM_PROTECT_PRINCIPAL:
- code_string = "OVSEC_KADM_PROTECT_PRINCIPAL"; break;
- case OVSEC_KADM_BAD_SERVER_HANDLE:
- code_string = "OVSEC_KADM_BAD_SERVER_HANDLE"; break;
- case OVSEC_KADM_BAD_STRUCT_VERSION:
- code_string = "OVSEC_KADM_BAD_STRUCT_VERSION"; break;
- case OVSEC_KADM_OLD_STRUCT_VERSION:
- code_string = "OVSEC_KADM_OLD_STRUCT_VERSION"; break;
- case OVSEC_KADM_NEW_STRUCT_VERSION:
- code_string = "OVSEC_KADM_NEW_STRUCT_VERSION"; break;
- case OVSEC_KADM_BAD_API_VERSION:
- code_string = "OVSEC_KADM_BAD_API_VERSION"; break;
- case OVSEC_KADM_OLD_LIB_API_VERSION:
- code_string = "OVSEC_KADM_OLD_LIB_API_VERSION"; break;
- case OVSEC_KADM_OLD_SERVER_API_VERSION:
- code_string = "OVSEC_KADM_OLD_SERVER_API_VERSION"; break;
- case OVSEC_KADM_NEW_LIB_API_VERSION:
- code_string = "OVSEC_KADM_NEW_LIB_API_VERSION"; break;
- case OVSEC_KADM_NEW_SERVER_API_VERSION:
- code_string = "OVSEC_KADM_NEW_SERVER_API_VERSION"; break;
- case OVSEC_KADM_SECURE_PRINC_MISSING:
- code_string = "OVSEC_KADM_SECURE_PRINC_MISSING"; break;
- case KADM5_NO_RENAME_SALT:
- code_string = "KADM5_NO_RENAME_SALT"; break;
- case KADM5_BAD_CLIENT_PARAMS:
- code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
- case KADM5_BAD_SERVER_PARAMS:
- code_string = "KADM5_BAD_SERVER_PARAMS"; break;
- case KADM5_AUTH_LIST:
- code_string = "KADM5_AUTH_LIST"; break;
- case KADM5_AUTH_CHANGEPW:
- code_string = "KADM5_AUTH_CHANGEPW"; break;
- case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
- case OSA_ADB_NOENT: code_string = "ENOENT"; break;
- case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
- case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
- case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
- case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
- case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
- case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
- case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
- case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
- case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
- case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
- case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
- case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
- case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
- case KRB5_KDB_TRUNCATED_RECORD:
- code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
- case KRB5_KDB_RECURSIVELOCK:
- code_string = "KRB5_KDB_RECURSIVELOCK"; break;
- case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
- case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
- case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
- case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
- case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
- case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
- case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
- case KRB5_KDB_INVALIDKEYSIZE:
- code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
- case KRB5_KDB_CANTREAD_STORED:
- code_string = "KRB5_KDB_CANTREAD_STORED"; break;
- case KRB5_KDB_BADSTORED_MKEY:
- code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
- case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
- case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
- case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
- case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
- case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
- case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
- case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
- case EINVAL: code_string = "EINVAL"; break;
- case ENOENT: code_string = "ENOENT"; break;
- default:
- fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
- error_message (code));
- code_string = "UNKNOWN";
- break;
- }
-
- error_string = error_message(code);
-
- if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX Do we really want to exit? Ok if this is */
- /* just a test program, but what about if it gets */
- /* used for other things later? */
- }
-
- Tcl_DStringInit(dstring);
-
- if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
- Tcl_DStringAppendElement(dstring, code_string) &&
- Tcl_DStringAppendElement(dstring, error_string))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- return dstring;
-}
-
-
-
-static void stash_error(Tcl_Interp *interp, krb5_error_code code)
-{
- Tcl_DString *dstring = unparse_err(code);
- Tcl_DStringResult(interp, dstring);
- Tcl_DStringFree(dstring);
- free(dstring);
-}
-
-
-
-static Tcl_DString *unparse_flags(struct flagval *array, int size,
- krb5_int32 flags)
-{
- int i;
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- for (i = 0; i < size; i++) {
- if (flags & array[i].val) {
- Tcl_DStringAppendElement(str, array[i].name);
- }
- }
-
- return str;
-}
-
-
-static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table,
- struct flagval *array, int size, const char *str,
- krb5_flags *flags)
-{
- int tmp, argc, i, retcode = TCL_OK;
- const char **argv;
- Tcl_HashEntry *entry;
-
- if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
- *flags = tmp;
- return TCL_OK;
- }
- Tcl_ResetResult(interp);
-
- if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
- return TCL_ERROR;
- }
-
- if (! table) {
- table = create_flag_table(array, size);
- }
-
- *flags = 0;
-
- for (i = 0; i < argc; i++) {
- if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
- Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
- retcode = TCL_ERROR;
- break;
- }
- *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
- }
-
- Tcl_Free((char *) argv);
- return(retcode);
-}
-
-static Tcl_DString *unparse_privs(krb5_flags flags)
-{
- return unparse_flags(priv_flags, sizeof(priv_flags) /
- sizeof(struct flagval), flags);
-}
-
-
-static Tcl_DString *unparse_krb5_flags(krb5_flags flags)
-{
- return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
- sizeof(struct flagval), flags);
-}
-
-static int parse_krb5_flags(Tcl_Interp *interp, const char *str,
- krb5_flags *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
- sizeof(krb5_flags_array) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static Tcl_DString *unparse_aux_attributes(krb5_int32 flags)
-{
- return unparse_flags(aux_attributes, sizeof(aux_attributes) /
- sizeof(struct flagval), flags);
-}
-
-
-static int parse_aux_attributes(Tcl_Interp *interp, const char *str,
- long *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, aux_attributes,
- sizeof(aux_attributes) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static int parse_principal_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
- sizeof(principal_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-
-static int parse_policy_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
- sizeof(policy_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-
-static Tcl_DString *unparse_principal_ent(ovsec_kadm_principal_ent_t princ)
-{
- Tcl_DString *str, *tmp_dstring;
- char *tmp;
- char buf[20];
- krb5_error_code krb5_ret;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp = 0; /* It looks to me from looking at the library source */
- /* code for krb5_parse_name that the pointer passed into */
- /* it should be initialized to 0 if I want it do be */
- /* allocated automatically. */
- krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
- if (krb5_ret) {
- /* XXX Do we want to return an error? Not sure. */
- Tcl_DStringAppendElement(str, "[unparseable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
-
- sprintf(buf, "%d", princ->princ_expire_time);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->last_pwd_change);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->pw_expiration);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->max_life);
- Tcl_DStringAppendElement(str, buf);
-
- tmp = 0;
- krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp);
- if (krb5_ret) {
- /* XXX */
- Tcl_DStringAppendElement(str, "[unparseable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
-
- sprintf(buf, "%d", princ->mod_date);
- Tcl_DStringAppendElement(str, buf);
-
- tmp_dstring = unparse_krb5_flags(princ->attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%d", princ->kvno);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->mkvno);
- Tcl_DStringAppendElement(str, buf);
-
- /* XXX This may be dangerous, because the contents of the policy */
- /* field are undefined if the POLICY bit isn't set. However, I */
- /* think it's a bug for the field not to be null in that case */
- /* anyway, so we should assume that it will be null so that we'll */
- /* catch it if it isn't. */
-
- tmp_dstring = unparse_str(princ->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- return str;
-}
-
-
-
-static int parse_principal_ent(Tcl_Interp *interp, const char *list,
- ovsec_kadm_principal_ent_t *out_princ)
-{
- ovsec_kadm_principal_ent_t princ = 0;
- krb5_error_code krb5_ret;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 12) {
- sprintf(interp->result, "wrong # args in principal structure (%d should be 12)",
- argc);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (princ = malloc(sizeof *princ))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing princ_expire_time");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->princ_expire_time = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing last_pwd_change");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->last_pwd_change = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_expiration");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->pw_expiration = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->max_life = tmp;
-
- if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing mod_name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mod_date");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mod_date = tmp;
-
- if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing kvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->kvno = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mkvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mkvno = tmp;
-
- if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- retcode = TCL_ERROR;
- goto finished;
- }
- if(princ->policy != NULL) {
- if(!(princ->policy = strdup(princ->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1);
- }
- }
-
- if ((tcl_ret = parse_aux_attributes(interp, argv[11],
- &princ->aux_attributes)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing aux_attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-finished:
- Tcl_Free((char *) argv);
- *out_princ = princ;
- return retcode;
-}
-
-
-static void free_principal_ent(ovsec_kadm_principal_ent_t *princ)
-{
- krb5_free_principal(context, (*princ)->principal);
- krb5_free_principal(context, (*princ)->mod_name);
- free(*princ);
- *princ = 0;
-}
-
-static Tcl_DString *unparse_policy_ent(ovsec_kadm_policy_ent_t policy)
-{
- Tcl_DString *str, *tmp_dstring;
- char buf[20];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp_dstring = unparse_str(policy->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%ld", policy->pw_min_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_max_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_length);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_classes);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_history_num);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->policy_refcnt);
- Tcl_DStringAppendElement(str, buf);
-
- return str;
-}
-
-
-
-static int parse_policy_ent(Tcl_Interp *interp, char *list,
- ovsec_kadm_policy_ent_t *out_policy)
-{
- ovsec_kadm_policy_ent_t policy = 0;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 7) {
- sprintf(interp->result, "wrong # args in policy structure (%d should be 7)",
- argc);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (policy = malloc(sizeof *policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if(policy->policy != NULL) {
- if (! (policy->policy = strdup(policy->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_max_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_length");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_length = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_classes");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_classes = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_history_num");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_history_num = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy_refcnt");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->policy_refcnt = tmp;
-
-finished:
- Tcl_Free((char *) argv);
- *out_policy = policy;
- return retcode;
-}
-
-
-static void free_policy_ent(ovsec_kadm_policy_ent_t *policy)
-{
- free(*policy);
- *policy = 0;
-}
-
-static Tcl_DString *unparse_keytype(krb5_enctype enctype)
-{
- Tcl_DString *str;
- char buf[50];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- switch (enctype) {
- /* XXX is this right? */
- case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
- case ENCTYPE_DES_CBC_CRC:
- Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
- default:
- sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
- Tcl_DStringAppend(str, buf, -1);
- break;
- }
-
- return str;
-}
-
-
-static Tcl_DString *unparse_keyblock(krb5_keyblock *keyblock)
-{
- Tcl_DString *str;
- Tcl_DString *keytype;
- int i;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- keytype = unparse_keytype(keyblock->enctype);
- Tcl_DStringAppendElement(str, keytype->string);
- Tcl_DStringFree(keytype);
- free(keytype);
- if (keyblock->length == 0) {
- Tcl_DStringAppendElement(str, "0x00");
- }
- else {
- Tcl_DStringAppendElement(str, "0x");
- for (i = 0; i < keyblock->length; i++) {
- char buf[3];
- sprintf(buf, "%02x", (int) keyblock->contents[i]);
- Tcl_DStringAppend(str, buf, -1);
- }
- }
-
- return str;
-}
-
-
-
-static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- char *client_name, *pass, *service_name, *realm;
- int tcl_ret;
- krb5_ui_4 struct_version, api_version;
- const char *handle_var;
- void *server_handle;
- char *handle_name;
- const char *whoami = argv[0];
-
- argv++, argc--;
-
- kadm5_init_krb5_context(&context);
-
- if (argc != 7) {
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
- return TCL_ERROR;
- }
-
- if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[3], &realm)) != TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
- TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
- TCL_OK)) {
- return tcl_ret;
- }
-
- handle_var = argv[6];
-
- if (! (handle_var && *handle_var)) {
- Tcl_SetResult(interp, "must specify server handle variable name",
- TCL_STATIC);
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_init(client_name, pass, service_name, realm,
- struct_version, api_version, NULL, &server_handle);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
- != TCL_OK) {
- return tcl_ret;
- }
-
- if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
- return TCL_ERROR;
- }
-
- set_ok(interp, "OV Admin system initialized.");
- return TCL_OK;
-}
-
-
-
-static int tcl_ovsec_kadm_destroy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- int tcl_ret;
-
- GET_HANDLE(0, 0);
-
- ret = ovsec_kadm_destroy(server_handle);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
- return tcl_ret;
- }
-
- set_ok(interp, "OV Admin system deinitialized.");
- return TCL_OK;
-}
-
-static int tcl_ovsec_kadm_create_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
- char *princ_string;
- ovsec_kadm_principal_ent_t princ = 0;
- krb5_int32 mask;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
-
- GET_HANDLE(3, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#ifdef OVERRIDE
- if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
- TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#endif
-
-#ifdef OVERRIDE
- ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw,
- override_qual);
-#else
- ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw);
-#endif
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Principal created.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int tcl_ret;
- char *name;
-
- GET_HANDLE(1, 0);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- krb5_ret = krb5_parse_name(context, name, &princ);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- return TCL_ERROR;
- }
- } else princ = NULL;
- ret = ovsec_kadm_delete_principal(server_handle, princ);
-
- if(princ != NULL)
- krb5_free_principal(context, princ);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *princ_string;
- ovsec_kadm_principal_ent_t princ = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_modify_principal(server_handle, princ, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal modified.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-static int tcl_ovsec_kadm_rename_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal source, target;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 0);
-
- krb5_ret = krb5_parse_name(context, argv[0], &source);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing source");
- return TCL_ERROR;
- }
-
- krb5_ret = krb5_parse_name(context, argv[1], &target);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing target");
- krb5_free_principal(context, source);
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_rename_principal(server_handle, source, target);
-
- if (ret == OVSEC_KADM_OK) {
- set_ok(interp, "Principal renamed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
- krb5_free_principal(context, source);
- krb5_free_principal(context, target);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_chpass_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- krb5_error_code krb5_ret;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- krb5_ret = krb5_parse_name(context, argv[0], &princ);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing password");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_chpass_principal(server_handle,
- princ, pw, override_qual);
-#else
- ret = ovsec_kadm_chpass_principal(server_handle, princ, pw);
-#endif
-
- if (ret == OVSEC_KADM_OK) {
- set_ok(interp, "Password changed.");
- goto finished;
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_chpass_principal_util(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *new_pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- char *pw_ret, *pw_ret_var;
- char msg_ret[1024], *msg_ret_var;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(4, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing new password");
- retcode = TCL_ERROR;
- goto finished;
- }
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-#endif
- if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing msg_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_chpass_principal_util(server_handle, princ, new_pw,
-#ifdef OVERRIDE
- override_qual,
-#endif
- pw_ret_var ? &pw_ret : 0,
- msg_ret_var ? msg_ret : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (pw_ret_var &&
- (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp, "while setting pw_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- if (msg_ret_var &&
- (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp,
- "while setting msg_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Password changed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_randkey_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_keyblock *keyblock;
- char *keyblock_var;
- Tcl_DString *keyblock_dstring = 0;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing keyblock variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_randkey_principal(server_handle,
- princ, keyblock_var ? &keyblock : 0,
- override_qual);
-#else
- ret = ovsec_kadm_randkey_principal(server_handle,
- princ, keyblock_var ? &keyblock : 0);
-#endif
-
- if (ret == OVSEC_KADM_OK) {
- if (keyblock_var) {
- keyblock_dstring = unparse_keyblock(keyblock);
- if (! Tcl_SetVar(interp, keyblock_var,
- keyblock_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting keyblock variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- }
- set_ok(interp, "Key randomized.");
-
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- if (keyblock_dstring) {
- Tcl_DStringFree(keyblock_dstring);
- free(keyblock_dstring);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_get_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- ovsec_kadm_principal_ent_t ent;
- Tcl_DString *ent_dstring = 0;
- char *ent_var;
- char *name;
- krb5_error_code krb5_ret;
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 1);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
- } else princ = NULL;
-
- if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_get_principal(server_handle, princ, ent_var ? &ent : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (ent_var) {
- if (dostruct) {
- char buf[20];
- int i = 1, newPtr = 0;
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- sprintf(buf, "principal%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf,
- &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, ent);
- if (! Tcl_SetVar(interp, ent_var, buf,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- Tcl_DeleteHashEntry(entry);
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Principal structure retrieved.");
- }
- else {
- ent_dstring = unparse_principal_ent(ent);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Principal retrieved.");
- }
- }
- }
- else {
- ent = 0;
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if(princ != NULL)
- krb5_free_principal(context, princ);
- if (ent && ((! dostruct) || (retcode != TCL_OK))) {
- if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- }
- return retcode;
-}
-
-static int tcl_ovsec_kadm_create_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
- char *policy_string;
- ovsec_kadm_policy_ent_t policy = 0;
- krb5_int32 mask;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- ret = ovsec_kadm_create_policy(server_handle, policy, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Policy created.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- char *policy;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_delete_policy(server_handle, policy);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *policy_string;
- ovsec_kadm_policy_ent_t policy = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_modify_policy(server_handle, policy, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy modified.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-static int tcl_ovsec_kadm_get_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_policy_ent_t ent = NULL;
- Tcl_DString *ent_dstring = 0;
- char *policy;
- char *ent_var;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 1);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_get_policy(server_handle, policy, ent_var ? &ent : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (ent_var) {
- if (dostruct) {
- char buf[20];
- int i = 1, newPtr = 0;
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- sprintf(buf, "policy%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf,
- &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, ent);
- if (! Tcl_SetVar(interp, ent_var, buf,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- Tcl_DeleteHashEntry(entry);
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Policy structure retrieved.");
- }
- else {
- ent_dstring = unparse_policy_ent(ent);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Policy retrieved.");
- }
- }
- }
- else {
- ent = 0;
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if (ent && ((! dostruct) || (retcode != TCL_OK))) {
- if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_free_principal_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- ovsec_kadm_principal_ent_t ent;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = ovsec_kadm_free_principal_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "principal handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (ovsec_kadm_principal_ent_t) Tcl_GetHashValue(entry);
-
- if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Principal freed.");
- return TCL_OK;
-}
-
-
-static int tcl_ovsec_kadm_free_policy_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- ovsec_kadm_policy_ent_t ent;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = ovsec_kadm_free_policy_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "policy handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (ovsec_kadm_policy_ent_t) Tcl_GetHashValue(entry);
-
- if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Policy freed.");
- return TCL_OK;
-}
-
-
-static int tcl_ovsec_kadm_get_privs(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- const char *set_ret;
- ovsec_kadm_ret_t ret;
- char *priv_var;
- long privs;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing privs variable name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_get_privs(server_handle, priv_var ? &privs : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (priv_var) {
- Tcl_DString *str = unparse_privs(privs);
- set_ret = Tcl_SetVar(interp, priv_var, str->string,
- TCL_LEAVE_ERR_MSG);
- Tcl_DStringFree(str);
- free(str);
- if (! set_ret) {
- Tcl_AppendElement(interp, "while setting priv variable");
- return TCL_ERROR;
- }
- }
- set_ok(interp, "Privileges retrieved.");
- return TCL_OK;
- }
- else {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-}
-
-
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp)
-{
- char buf[20];
-
- Tcl_SetVar(interp, "OVSEC_KADM_ADMIN_SERVICE",
- OVSEC_KADM_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
- Tcl_SetVar(interp, "OVSEC_KADM_CHANGEPW_SERVICE",
- OVSEC_KADM_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION);
- Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_1);
- Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_MASK);
- Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION_MASK);
- Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION_MASK", buf,
- TCL_GLOBAL_ONLY);
-
- Tcl_CreateCommand(interp, "ovsec_kadm_init", tcl_ovsec_kadm_init, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_destroy", tcl_ovsec_kadm_destroy, 0,
- 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_create_principal",
- tcl_ovsec_kadm_create_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_delete_principal",
- tcl_ovsec_kadm_delete_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_modify_principal",
- tcl_ovsec_kadm_modify_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_rename_principal",
- tcl_ovsec_kadm_rename_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal",
- tcl_ovsec_kadm_chpass_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal_util",
- tcl_ovsec_kadm_chpass_principal_util, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_randkey_principal",
- tcl_ovsec_kadm_randkey_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_principal",
- tcl_ovsec_kadm_get_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_create_policy",
- tcl_ovsec_kadm_create_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_delete_policy",
- tcl_ovsec_kadm_delete_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_modify_policy",
- tcl_ovsec_kadm_modify_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_policy",
- tcl_ovsec_kadm_get_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_free_principal_ent",
- tcl_ovsec_kadm_free_principal_ent, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_free_policy_ent",
- tcl_ovsec_kadm_free_policy_ent, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_privs",
- tcl_ovsec_kadm_get_privs, 0, 0);
-}
diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c
index ef8546deb..7f93eb460 100644
--- a/src/kadmin/testing/util/test.c
+++ b/src/kadmin/testing/util/test.c
@@ -31,7 +31,6 @@ int *tclDummyMainPtr = (int *) main;
int Tcl_AppInit(Tcl_Interp *interp)
{
- Tcl_ovsec_kadm_init(interp);
Tcl_kadm5_init(interp);
return(TCL_OK);
generated by cgit (git 2.34.1) at 2026-01-06 02:58:35 +0000