summaryrefslogtreecommitdiffstats
path: root/src/kadmin/v5passwdd
diff options
context:
space:
mode:
authorSam Hartman <hartmans@mit.edu>2003-12-11 23:14:06 +0000
committerSam Hartman <hartmans@mit.edu>2003-12-11 23:14:06 +0000
commitb2b4e89cd2d41731ac62df6551b50f935d11d9fb (patch)
tree1a6589b2304db232ae55d12dc6ef21011036ca44 /src/kadmin/v5passwdd
parent4b94a2e754b34b9a17c44ba9a71a8660dff57786 (diff)
Remove kadmind4 and v5passwdd
Per email to kerberos-announce remove kadmind4 and v5passwdd from the distribution. Ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15880 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/v5passwdd')
-rw-r--r--src/kadmin/v5passwdd/ChangeLog193
-rw-r--r--src/kadmin/v5passwdd/Makefile.in93
-rw-r--r--src/kadmin/v5passwdd/adm_conn.c768
-rw-r--r--src/kadmin/v5passwdd/adm_rw.c543
-rw-r--r--src/kadmin/v5passwdd/kadm5_defs.h367
-rw-r--r--src/kadmin/v5passwdd/kpasswd.c599
-rw-r--r--src/kadmin/v5passwdd/main.c324
-rw-r--r--src/kadmin/v5passwdd/proto_serv.c864
-rw-r--r--src/kadmin/v5passwdd/srv_net.c867
-rw-r--r--src/kadmin/v5passwdd/v5passwd.M65
10 files changed, 0 insertions, 4683 deletions
diff --git a/src/kadmin/v5passwdd/ChangeLog b/src/kadmin/v5passwdd/ChangeLog
deleted file mode 100644
index dc3a7b010..000000000
--- a/src/kadmin/v5passwdd/ChangeLog
+++ /dev/null
@@ -1,193 +0,0 @@
-2003-08-29 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (SERV_OBJS): Use @LIBOBJS@.
-
-2003-01-09 Ken Raeburn <raeburn@mit.edu>
-
- * adm_conn.c (kadm_contact_server): Use socklen_t when passing
- address to socket functions.
-
-2002-11-05 Tom Yu <tlyu@mit.edu>
-
- * kpasswd.c (kpwd_change_prompt_1, kpwd_change_prompt_2)
- (kpwd_old_password_prompt, kpwd_old_pwd_name_fmt): Remove trailing
- colon, as new implementation of krb5_read_password() appends it.
-
-2002-08-29 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in: Revert $(S)=>/ change, for Windows support.
-
-2002-08-23 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
-
-2002-06-19 Ezra Peisach <epeisach@bu.edu>
-
- * srv_net.c: Conditionalize debugging variables inside DEBUG
- conditional.
-
- * kpasswd.c (main): Conditionalize local variables inside
- definition of LANGUAGES_SUPPORTED to avoid a variable being set
- with out use warning.
-
-2001-10-09 Ken Raeburn <raeburn@mit.edu>
-
- * adm_conn.c, adm_rw.c, kadm5_defs.h: Make prototypes
- unconditional.
-
-2001-10-05 Ken Raeburn <raeburn@mit.edu>
-
- * adm_conn.c: Drop _MSDOS support.
-
-2001-09-01 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (COMMON_SRCS, SERV_SRCS, CLI_SRCS): All live in
- srcdir.
-
-2001-06-22 Ezra Peisach <epeisach@mit.edu>
-
- * adm_conn.c (kadm_get_ccache): Cast return from getpid() to int
- to match format.
-
-2001-06-21 Ken Raeburn <raeburn@mit.edu>
-
- * adm_conn.c, kpasswd.c, srv_net.c: Changed various char string
- variables into macros, for better format/argument checking under
- gcc.
-
- * main.c (pwd_change): Use strncpy instead of sprintf to copy
- error message text into buffer. Use goto rather than repeated
- code.
- (main): Use %lx for params.mask. Make debug_level volatile.
-
- * srv_net.c (net_find_slave): Initialize "found".
- (net_dispatch): Make "kret" volatile, so longjmp won't clobber
- it.
- (net_slaves_active): Variable deleted.
-
-2001-06-21 Ezra Peisach <epeisach@mit.edu>
-
- * main.c: Add prototype for daemon if needed.
-
-Mon Feb 26 15:22:44 2001 Ezra Peisach <epeisach@mit.edu>
-
- *adm_conn.c, adm_rw.c, kadm5_defs.h, kpasswd.c, main.c,
- proto_serv.c, srv_net.c: Warnings cleanup including assignments in
- conditionals, shadowed variables, unused variables, prototypes.
-
-2000-10-17 Ezra Peisach <epeisach@mit.edu>
-
- * adm_conn.c, kpasswd.c: Argument to krb5_read_password
- takes an unsigned int.
-
- * kadm5_defs.h, main.c (pwd_change): Argument err_str_len changed
- to unsigned int. (Argument to kadm5_chpass_principal_util()).
-
-2000-07-03 Ezra Peisach <epeisach@mit.edu>
-
- * Makefile.in: v5passwd does not depend on the kadm5
- libraries. This is the older protocol.
-
-2000-05-24 Ken Raeburn <raeburn@mit.edu>
- Ezra Peisach <epeisach@mit.edu>
-
- * proto_serv.c (proto_serv): Don't overflow err_str. Pass data
- pointer and not a krb5_data to sprintf. Remove unused variable
- adm_errmsg. Remove unused label done. Declare variable
- mime_setting only if MIME_SUPPORTED is defined. Make variables
- db_opened and kret volatile.
- (proto_fmt_reply_msg): Unused variable deleted.
-
-2000-05-23 Tom Yu <tlyu@mit.edu>
-
- * kadm5_defs.h: Add argument for length of error string.
-
- * main.c (pwd_change): Add argument for length of error string.
-
- * proto_serv.c (proto_serv): Fix up call to pwd_change().
-
-2000-02-28 Ezra Peisach <epeisach@mit.edu>
-
- * proto_serv.c (proto_serv): For error return,strdup the returned
- value from error_message to maintain its const status.
-
-1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
-
- * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
- LOCAL_INCLUDES such that one can override CFLAGS from the command
- line without losing CPP search patchs and defines. Some associated
- Makefile cleanup.
-
-Tue May 11 11:39:36 1999 Ezra Peisach <epeisach@mit.edu>
-
- * main.c: Remove include of gssapi_krb5.h - no longer needed.
-
-1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Set the myfulldir and mydir variables (which are
- relative to buildtop and thisconfigdir, respectively.)
-
-1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * kpasswd.c (main): POSIX states that getopt returns -1
- when it is done parsing options, not EOF.
-
-Fri Feb 27 23:32:38 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Changed thisconfigdir to point at the kadmin
- directory, since we've moved all of the configure.in
- tests to the toplevel kadmin configure.in
-
-Wed Feb 18 16:02:27 1998 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
- BUILDTOP for new conventions. Fix up usage of $(C).
-
-Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
-
-Thu Sep 25 21:17:00 1997 Tom Yu <tlyu@mit.edu>
-
- * srv_net.c (net_init): Replace KRB5_USE_INET with something more
- sane.
-
- * adm_conn.c (kadm_contact_server): Replace KRB5_USE_INET with
- something more sane.
-
-Thu Sep 18 17:54:40 1997 Tom Yu <tlyu@mit.edu>
-
- * kpasswd.c: Replace USE_STRING_H with something more sane.
-
-Thu Feb 6 00:28:54 1997 Richard Basch <basch@lehman.com>
-
- * adm_conn.c adm_rw.c:
- Replace the INTERFACE keyword with KRB5_CALLCONV
-
-Tue Feb 4 21:28:57 1997 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in:
- * configure.in: Update to new program build procedcure.
-
-Thu Oct 31 11:20:22 1996 Ezra Peisach <epeisach@mit.edu>
-
- * main.c (main): Add -T keyfile and -D debug_level
- options. [krb5-admin/42]
-
-Tue Sep 10 14:37:23 1996 Tom Yu <tlyu@mit.edu>
-
- * v5passwd.M: remove extra args to .TH
-
-Sun Aug 18 18:29:39 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * Makefile.in: Compile v5passwd - the old passwd changing client.
-
- * adm_conn.c, kpasswd.c, v5passwd.M: Added the pieces required to
- build a v5b6 simple password changing client.
-
-Thu Jul 25 17:01:32 1996 Marc Horowitz <marc@mit.edu>
-
- * Makefile.in, configure.in, adm_rw.c, kadm5_defs.h, main.c,
- proto_serv.c, srv_net.c: combined pieces of the old v5server and
- kadm libraries with calls to the new kadm5srv library to produce a
- daemon which handles the v5b6 "simple" password changing protocol.
diff --git a/src/kadmin/v5passwdd/Makefile.in b/src/kadmin/v5passwdd/Makefile.in
deleted file mode 100644
index c9c7672f8..000000000
--- a/src/kadmin/v5passwdd/Makefile.in
+++ /dev/null
@@ -1,93 +0,0 @@
-thisconfigdir=./..
-myfulldir=kadmin/v5passwdd
-mydir=v5passwdd
-BUILDTOP=$(REL)..$(S)..
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-COMMON_SRCS = $(srcdir)/adm_rw.c
-COMMON_OBJS = adm_rw.o
-SERV_SRCS = $(srcdir)/main.c $(srcdir)/srv_net.c $(srcdir)/proto_serv.c
-SERV_OBJS = main.o srv_net.o proto_serv.o @LIBOBJS@
-CLI_SRCS = $(srcdir)/kpasswd.c $(srcdir)/adm_conn.c
-CLI_OBJS = kpasswd.o adm_conn.o
-
-SRCS=$(SERV_SRCS) $(COMMON_SRCS) $(CLI_SRCS)
-OBJS=$(SERV_OBJS) $(COMMON_OBJS) $(CLI_OBJS)
-
-SERV = v5passwdd
-CLI = v5passwd
-
-all:: $(SERV) $(CLI)
-
-$(SERV): $(SERV_OBJS) $(COMMON_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $(SERV) $(SERV_OBJS) $(COMMON_OBJS) \
- $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
-
-
-$(CLI): $(CLI_OBJS) $(COMMON_OBJS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $(CLI) $(CLI_OBJS) $(COMMON_OBJS) \
- $(KRB5_BASE_LIBS)
-
-install::
- for f in v5passwd; do \
- $(INSTALL_PROGRAM) $$f \
- $(DESTDIR)$(CLIENT_BINDIR)$(S)`echo $$f|sed '$(transform)'`; \
- $(INSTALL_DATA) $(srcdir)$(S)$$f.M \
- ${DESTDIR}$(CLIENT_MANDIR)$(S)`echo $$f|sed '$(transform)'`.1; \
- done
- for f in v5passwdd; do \
- $(INSTALL_PROGRAM) $$f \
- $(DESTDIR)$(SERVER_BINDIR)$(S)`echo $$f|sed '$(transform)'`; \
- done
-
-clean::
- $(RM) $(SERV) $(CLI)
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-$(OUTPRE)main.$(OBJEXT): main.c $(SRCTOP)/include/syslog.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
- $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
- $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
- $(BUILDTOP)/include/gssrpc/svc.h $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
- kadm5_defs.h
-$(OUTPRE)srv_net.$(OBJEXT): srv_net.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h kadm5_defs.h $(SRCTOP)/include/krb5/adm.h
-$(OUTPRE)proto_serv.$(OBJEXT): proto_serv.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h kadm5_defs.h $(SRCTOP)/include/krb5/adm.h \
- $(SRCTOP)/include/krb5/adm_proto.h
-$(OUTPRE)adm_rw.$(OBJEXT): adm_rw.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/adm_proto.h
-$(OUTPRE)kpasswd.$(OBJEXT): kpasswd.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/adm_defs.h \
- $(SRCTOP)/include/krb5/adm.h $(SRCTOP)/include/krb5/adm_proto.h
-$(OUTPRE)adm_conn.$(OBJEXT): adm_conn.c $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/adm.h \
- $(SRCTOP)/include/krb5/adm_proto.h
-
diff --git a/src/kadmin/v5passwdd/adm_conn.c b/src/kadmin/v5passwdd/adm_conn.c
deleted file mode 100644
index 17028c738..000000000
--- a/src/kadmin/v5passwdd/adm_conn.c
+++ /dev/null
@@ -1,768 +0,0 @@
-/*
- * lib/kadm/adm_conn.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-/*
- * Routines to contact an administrative protocol server.
- */
-#define NEED_SOCKETS
-#define NEED_LOWLEVEL_IO
-#include "k5-int.h"
-#include "adm.h"
-#include "adm_proto.h"
-
-#if HAVE_PWD_H
-#include <pwd.h>
-#endif /* HAVE_PWD_H */
-
-/* Default ticket life is 10 minutes */
-#define KADM_DEFAULT_LIFETIME (10*60)
-
-/*
- * Strings
- */
-#define kadm_cache_name_fmt "FILE:/tmp/tkt_kadm_%d"
-
-/*
- * Prototypes for local functions
- */
-static krb5_error_code kadm_get_ccache
- (krb5_context,
- char *,
- char *,
- krb5_ccache *,
- krb5_principal *);
-static krb5_error_code kadm_get_creds
- (krb5_context,
- krb5_ccache ,
- krb5_principal,
- krb5_creds *,
- const char *,
- char *,
- krb5_timestamp);
-static krb5_error_code kadm_contact_server
- (krb5_context,
- krb5_data *,
- int *,
- krb5_address **,
- krb5_address **);
-static krb5_error_code kadm_get_auth
- (krb5_context,
- krb5_auth_context *,
- krb5_address *,
- krb5_address *);
-
-/*
- * kadm_get_ccache() - Initialze a credentials cache.
- *
- * Cleanup after success by calling krb5_cc_destroy() and krb5_free_principal()
- * Allocates new ccache and client.
- */
-static krb5_error_code
-kadm_get_ccache(kcontext, user, ccname, ccache, client)
- krb5_context kcontext;
- char *user;
- char *ccname;
- krb5_ccache *ccache;
- krb5_principal *client;
-{
- krb5_error_code kret;
- char *name;
- int did_malloc = 0;
- char new_cache[MAXPATHLEN];
- krb5_principal tprinc;
-
- /* Initialize. */
- *client = (krb5_principal) NULL;
- tprinc = (krb5_principal) NULL;
-
- /*
- * If a name specified, then use that one, else get it from our
- * current uid.
- */
- if (user) {
- name = user;
- }
- else {
-#if HAVE_PWD_H
- struct passwd *pw;
-
- pw = getpwuid(getuid());
- if (pw) {
- name = (char *) malloc(strlen(pw->pw_name)+1);
- did_malloc = 1;
- strcpy(name, pw->pw_name);
- }
- else {
- kret = errno;
- goto cleanup;
- }
-#else /* HAVE_PWD_H */
- kret = ENOENT;
- goto cleanup;
-#endif /* HAVE_PWD_H */
- }
-
- /* Parse the name and form our principal */
- kret = krb5_parse_name(kcontext, name, client);
- if (kret)
- goto cleanup;
-
- if (!ccname) {
-#if defined(_WIN32)
- strcpy (new_cache, "FILE:");
- GetTempFileName (0, "tkt", 0, new_cache+5);
-#else
-#ifdef _MACINTOSH
- (void) sprintf(new_cache, "STDIO:admcc");
-#else
- (void) sprintf(new_cache, kadm_cache_name_fmt, (int) getpid());
-#endif /* _MACINTOSH */
-#endif /* _WIN32 */
- }
- else
- sprintf(new_cache, "FILE:%s", ccname);
-
- /*
- * We only need to resolve the credentials cache if one hasn't
- * been supplied to us.
- */
- if (!(*ccache) && (kret = krb5_cc_resolve(kcontext, new_cache, ccache)))
- goto cleanup;
-
- /* XXX assumes a file ccache */
- if ((kret = krb5_cc_get_principal(kcontext, *ccache, &tprinc)) ==
- KRB5_FCC_NOFILE)
- kret = krb5_cc_initialize(kcontext, *ccache, *client);
-
-
- cleanup:
- if (did_malloc)
- free(name);
-
- if (tprinc)
- krb5_free_principal(kcontext, tprinc);
-
- if (kret) {
- if (*client)
- krb5_free_principal(kcontext, *client);
- }
-
- return(kret);
-}
-
-/*
- * kadm_get_creds() - Get initial credentials.
- *
- * Cleanup after success by calling krb5_free_principal().
- * Allocates new principal for creds->server.
- */
-static krb5_error_code
-kadm_get_creds(kcontext, ccache, client, creds, prompt, oldpw, tlife)
- krb5_context kcontext;
- krb5_ccache ccache;
- krb5_principal client;
- krb5_creds *creds;
- const char *prompt;
- char *oldpw;
- krb5_timestamp tlife;
-{
- char *client_name;
- krb5_error_code kret;
- krb5_address **my_addresses;
- unsigned int old_pwsize;
- krb5_creds tcreds;
-
- /* Initialize */
- my_addresses = (krb5_address **) NULL;
- client_name = (char *) NULL;
-
- /* Get the string form for our principal */
- kret = krb5_unparse_name(kcontext, client, &client_name);
- if (kret)
- return(kret);
-
- kret = krb5_os_localaddr(kcontext, &my_addresses);
- if (kret)
- goto cleanup;
-
- creds->client = client;
- /*
- * Build server principal name:
- * "changepw" is service
- * realm name is instance
- * realm name is realm name
- */
- kret = krb5_build_principal_ext(kcontext,
- &creds->server,
- client->realm.length,
- client->realm.data,
- strlen(KRB5_ADM_SERVICE_INSTANCE),
- KRB5_ADM_SERVICE_INSTANCE,
- client->realm.length,
- client->realm.data,
- 0);
- if (kret)
- goto cleanup;
-
- /* Attempt to retrieve an appropriate entry from the credentials cache. */
- if ((kret = krb5_cc_retrieve_cred(kcontext,
- ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
- creds,
- &tcreds))
- == KRB5_CC_NOTFOUND) {
- krb5_timestamp jetzt;
-
- if (prompt != (char *) NULL) {
- /* Read the password */
- old_pwsize = KRB5_ADM_MAX_PASSWORD_LEN;
- kret = krb5_read_password(kcontext, prompt, (char *) NULL,
- oldpw, &old_pwsize);
- if (kret)
- goto cleanup;
- }
-
- kret = krb5_timeofday(kcontext, &jetzt);
- if (kret)
- goto cleanup;
-
- if (tlife > 0)
- creds->times.endtime = jetzt + tlife;
- else
- creds->times.endtime = jetzt + KADM_DEFAULT_LIFETIME;
-
- /* Get our initial ticket */
- kret = krb5_get_in_tkt_with_password(kcontext,
- 0,
- my_addresses,
- NULL,
- NULL,
- oldpw,
- ccache,
- creds,
- 0);
- }
- else {
- krb5_principal sclient, sserver;
-
- if (!kret) {
- /*
- * We found the credentials cache entry - copy it out.
- *
- * We'd like to just blast tcreds on top of creds, but we cannot.
- * other logic uses the client data, and rather than going and
- * chasing all that logic down, might as well pretend that we just
- * filled in all the other muck.
- */
- sclient = creds->client;
- sserver = creds->server;
- memcpy((char *) creds, (char *) &tcreds, sizeof(tcreds));
- if (creds->client)
- krb5_free_principal(kcontext, creds->client);
- if (creds->server)
- krb5_free_principal(kcontext, creds->server);
- creds->client = sclient;
- creds->server = sserver;
- }
- }
-
- cleanup:
- if (kret) {
- if (creds->server) {
- krb5_free_principal(kcontext, creds->server);
- creds->server = 0;
- }
- }
- if (my_addresses)
- krb5_free_addresses(kcontext, my_addresses);
- if (client_name)
- krb5_xfree(client_name);
- return(kret);
-}
-
-/*
- * kadm_contact_server() - Establish a connection to the server.
- *
- * Cleanup after success by calling close() and free().
- * Opens/connects socket *sockp. Allocates address storage for local/remote.
- */
-static krb5_error_code
-kadm_contact_server(kcontext, realmp, sockp, local, remote)
- krb5_context kcontext;
- krb5_data *realmp;
- int *sockp;
- krb5_address **local;
- krb5_address **remote;
-{
- struct hostent *remote_host;
- struct servent *service;
- char **hostlist;
- int i, count;
-
- krb5_error_code kret;
-
- struct sockaddr_in in_local;
- struct sockaddr_in in_remote;
- socklen_t addr_len;
-
- const char *realm_admin_names[4];
- char *realm_name;
- krb5_boolean found;
-
- /* Initialize */
- hostlist = (char **) NULL;
- *sockp = -1;
- realm_name = (char *) NULL;
-
- /*
- * XXX - only know ADDRTYPE_INET.
- */
-#ifdef HAVE_NETINET_IN_H
- *local = (krb5_address *) malloc(sizeof(krb5_address));
- *remote = (krb5_address *) malloc(sizeof(krb5_address));
- realm_name = (char *) malloc((size_t) realmp->length + 1);
- if ((*local == (krb5_address *) NULL) ||
- (*remote == (krb5_address *) NULL) ||
- (realm_name == (char *) NULL)) {
- kret = ENOMEM;
- goto cleanup;
- }
- (*local)->addrtype = (*remote)->addrtype = ADDRTYPE_INET;
- (*local)->length = (*remote)->length = sizeof(struct in_addr);
- (*local)->contents = (krb5_octet *) malloc(sizeof(struct in_addr));
- (*remote)->contents = (krb5_octet *) malloc(sizeof(struct in_addr));
- if (((*local)->contents == NULL) || ((*remote)->contents == NULL)) {
- kret = ENOMEM;
- goto cleanup;
- }
-
- /*
- * First attempt to find addresses from our config file, if we cannot
- * find an entry, then try getservbyname().
- */
- found = 0;
-#ifndef OLD_CONFIG_FILES
- strncpy(realm_name, realmp->data, (size_t) realmp->length);
- realm_name[realmp->length] = '\0';
- realm_admin_names[0] = "realms";
- realm_admin_names[1] = realm_name;
- realm_admin_names[2] = "admin_server";
- realm_admin_names[3] = (char *) NULL;
- if (!(kret = profile_get_values(kcontext->profile,
- realm_admin_names,
- &hostlist))) {
- int hi;
- char *cport;
- char *cp;
- krb5_int32 pport;
-
- for (hi = 0; hostlist[hi]; hi++) {
- /*
- * This knows a little too much about the format of profile
- * entries. Shouldn't it just be some sort of tuple?
- *
- * The form is assumed to be:
- * admin_server = <hostname>[:<portname>[<whitespace>]]
- */
- cport = (char *) NULL;
- pport = (u_short) KRB5_ADM_DEFAULT_PORT;
- cp = strchr(hostlist[hi], ' ');
- if (cp)
- *cp = '\0';
- cp = strchr(hostlist[hi], '\t');
- if (cp)
- *cp = '\0';
- cport = strchr(hostlist[hi], ':');
- if (cport) {
- *cport = '\0';
- cport++;
-
- pport = atoi (cport);
- if (pport == 0) {
- kret = KRB5_CONFIG_BADFORMAT;
- goto cleanup;
- }
- }
-
- /*
- * Now that we have a host name, get the host entry.
- */
- remote_host = gethostbyname(hostlist[hi]);
- if (remote_host == (struct hostent *) NULL) {
- kret = KRB5_CONFIG_BADFORMAT;
- goto cleanup;
- }
-
- /*
- * Fill in our address values.
- */
- in_remote.sin_family = remote_host->h_addrtype;
- (void) memcpy((char *) &in_remote.sin_addr,
- (char *) remote_host->h_addr,
- sizeof(in_remote.sin_addr));
- in_remote.sin_port = htons((u_short) pport);
-
- /* Open a tcp socket */
- *sockp = (int) socket(PF_INET, SOCK_STREAM, 0);
- if (*sockp < 0) {
- kret = SOCKET_ERRNO;
- goto cleanup;
- }
- else kret = 0;
-
- /* Attempt to connect to the remote address. */
- if (connect(*sockp,
- (struct sockaddr *) &in_remote,
- sizeof(in_remote)) < 0) {
- /* Failed, go to next address */
- kret = SOCKET_ERRNO;
- closesocket((SOCKET)*sockp);
- *sockp = -1;
- continue;
- }
-
- /* Find out local address */
- addr_len = sizeof(in_local);
- if (getsockname((SOCKET) *sockp,
- (struct sockaddr *) &in_local,
- &addr_len) < 0) {
- /* Couldn't get our local address? */
- kret = SOCKET_ERRNO;
- goto cleanup;
- }
- else {
- /* Connection established. */
- memcpy((char *) (*remote)->contents,
- (char *) &in_remote.sin_addr,
- sizeof(struct in_addr));
- memcpy((char *) (*local)->contents,
- (char *) &in_local.sin_addr,
- sizeof(struct in_addr));
- found = 1;
- break;
- }
- }
- if (!found) {
- krb5_xfree(hostlist);
- hostlist = (char **) NULL;
- }
- }
-#endif /* OLD_CONFIG_FILES */
- if (!found) {
- /*
- * Use the old way of finding our administrative server.
- *
- * This consists of looking up an entry in /etc/services and if
- * we don't find it, then we are just out of luck. Then, we use
- * that port number along with the address of the kdc.
- */
- if ((service = getservbyname(KRB5_ADM_SERVICE_NAME, "tcp")) == NULL) {
- kret = ENOENT;
- goto cleanup;
- }
- in_remote.sin_port = service->s_port;
-
- kret = krb5_get_krbhst(kcontext, realmp, &hostlist);
- if (kret)
- goto cleanup;
-
- /* Now count the number of hosts in the realm */
- count = 0;
- for (i=0; hostlist[i]; i++)
- count++;
- if (count == 0) {
- kret = ENOENT; /* something better? */
- goto cleanup;
- }
-
- /* Now find an available host */
- for (i=0; hostlist[i]; i++) {
- remote_host = gethostbyname(hostlist[i]);
- if (remote_host != (struct hostent *) NULL) {
- in_remote.sin_family = remote_host->h_addrtype;
- (void) memcpy((char *) &in_remote.sin_addr,
- (char *) remote_host->h_addr,
- sizeof(in_remote.sin_addr));
-
- /* Open a tcp socket */
- *sockp = (int) socket(PF_INET, SOCK_STREAM, 0);
- if (*sockp < 0) {
- kret = SOCKET_ERRNO;
- goto cleanup;
- }
- else kret = 0;
-
- if (connect(*sockp,
- (struct sockaddr *) &in_remote,
- sizeof(in_remote)) < 0) {
- kret = SOCKET_ERRNO;
- closesocket((SOCKET)*sockp);
- *sockp = -1;
- continue;
- }
-
- /* Find out local address */
- addr_len = sizeof(in_local);
- if (getsockname((SOCKET)*sockp,
- (struct sockaddr *) &in_local,
- &addr_len) < 0) {
- kret = SOCKET_ERRNO;
- goto cleanup;
- }
- else {
- memcpy((char *) (*remote)->contents,
- (char *) &in_remote.sin_addr,
- sizeof(struct in_addr));
-
- memcpy((char *) (*local)->contents,
- (char *) &in_local.sin_addr,
- sizeof(struct in_addr));
- found = 1;
- break;
- }
- }
- }
- if (!found)
- kret = KRB5_SERVICE_UNKNOWN;
- }
-#else /* HAVE_NETINET_IN_H */
- kret = ENOENT;
-#endif /* HAVE_NETINET_IN_H */
-
- cleanup:
- if (kret) {
- if (*sockp >= 0)
- closesocket((SOCKET)*sockp);
- if (*local && (*local)->contents)
- free((*local)->contents);
- if (*remote && (*remote)->contents)
- free((*remote)->contents);
- if (*local) {
- memset((char *) (*local), 0, sizeof(krb5_address));
- free(*local);
- *local = (krb5_address *) NULL;
- }
- if (*remote) {
- memset((char *) (*remote), 0, sizeof(krb5_address));
- free(*remote);
- *remote = (krb5_address *) NULL;
- }
- }
- if (realm_name)
- free(realm_name);
- if (hostlist)
- krb5_xfree(hostlist);
- return(kret);
-}
-
-/*
- * kadm_get_auth() - Get authorization context.
- *
- * Cleanup after success by calling krb5_xfree().
- * New krb5_auth_context allocated in *ctxp
- */
-static krb5_error_code
-kadm_get_auth(kcontext, ctxp, local, remote)
- krb5_context kcontext;
- krb5_auth_context *ctxp;
- krb5_address *local;
- krb5_address *remote;
-{
- krb5_auth_con_init(kcontext, ctxp);
- krb5_auth_con_setflags(kcontext, *ctxp,
- KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- krb5_auth_con_setaddrs(kcontext, *ctxp, local, remote);
- return(0);
-}
-
-/*
- * krb5_adm_connect() - Establish the connection to the service.
- *
- * If *ccachep is not null, then that ccache is used to establish the identity
- * of the caller. (Argument list is ugly, I know)
- *
- * Errors are not reported by this routine.
- * Cleanup after successful invocation must:
- * destroy/close ccache.
- * free auth_context
- * close socket.
- */
-krb5_error_code KRB5_CALLCONV
-krb5_adm_connect(kcontext, user, prompt, opassword, sockp, ctxp,
- ccachep, ccname, tlife)
- krb5_context kcontext; /* Context handle (In ) */
- char *user; /* User specified (In ) */
- const char *prompt; /* Old password prompt (In ) */
- char *opassword; /* Old Password (I/O) */
- int *sockp; /* Socket for conn. (Out) */
- krb5_auth_context *ctxp; /* Auth context (Out) */
- krb5_ccache *ccachep; /* Credentials cache (I/O) */
- char *ccname; /* Cred cache name (In ) */
- krb5_timestamp tlife; /* Ticket lifetime (In ) */
-{
- krb5_error_code kret;
- krb5_principal client;
- krb5_creds creds;
- krb5_data server_realm;
- krb5_data request_data, suppl_data;
- krb5_data response_data;
- krb5_address *local_addr;
- krb5_address *remote_addr;
- krb5_boolean ccache_supplied;
-
- char *server;
-
- /* Initialize */
- memset((char *) &creds, 0, sizeof(krb5_creds));
- server = (char *) NULL;
- *sockp = -1;
- local_addr = remote_addr = (krb5_address *) NULL;
- client = (krb5_principal) NULL;
- *ctxp = (krb5_auth_context) NULL;
- ccache_supplied = (*ccachep != (krb5_ccache) NULL);
-
- /*
- * Find the appropriate credentials cache and set up our identity.
- */
- kret = kadm_get_ccache(kcontext, user, ccname, ccachep, &client);
- if (kret)
- goto cleanup;
-
- /*
- * Get initial credentials.
- */
- kret = kadm_get_creds(kcontext, *ccachep, client, &creds,
- prompt, opassword, tlife);
- if (kret)
- goto cleanup;
-
- /*
- * Establish connection to server.
- */
- if ((server_realm.data = (char *) malloc(client->realm.length+1)) ==
- (char *) NULL)
- goto cleanup;
-
- server_realm.length = client->realm.length;
- memcpy(server_realm.data, client->realm.data, server_realm.length);
- server_realm.data[server_realm.length] = '\0';
-
- kret = kadm_contact_server(kcontext, &server_realm, sockp,
- &local_addr, &remote_addr);
- if (kret)
- goto cleanup;
-
- /*
- * Obtain our authorization context
- */
- kret = kadm_get_auth(kcontext, ctxp, local_addr, remote_addr);
- if (kret)
- goto cleanup;
-
- /*
- * Format, then send the KRB_AP_REQ
- */
- suppl_data.data = NULL;
- suppl_data.length = 0;
-
- kret = krb5_mk_req_extended(kcontext, ctxp, AP_OPTS_MUTUAL_REQUIRED,
- &suppl_data, &creds, &request_data);
- if (kret)
- goto cleanup;
-
- kret = krb5_write_message(kcontext, sockp, &request_data);
- if (kret)
- goto cleanup;
-
- /*
- * Now read back the response.
- */
- kret = krb5_read_message(kcontext, sockp, &response_data);
- if (kret) {
- goto cleanup;
- }
- else {
- krb5_ap_rep_enc_part *reply = NULL;
-
- kret = krb5_rd_rep(kcontext, *ctxp, &response_data, &reply);
- if (reply)
- krb5_free_ap_rep_enc_part(kcontext, reply);
- }
- cleanup:
- if (server)
- free(server);
- if (kret) {
- if (*ctxp) {
- krb5_xfree(*ctxp);
- *ctxp = (krb5_auth_context) NULL;
- }
- if (*sockp >= 0) {
- closesocket((SOCKET)*sockp);
- *sockp = -1;
- }
- if (local_addr && local_addr->contents)
- free(local_addr->contents);
- if (remote_addr && remote_addr->contents)
- free(remote_addr->contents);
- if (local_addr)
- free(local_addr);
- if (remote_addr)
- free(remote_addr);
- if (creds.server)
- krb5_free_principal(kcontext, creds.server);
- if (client)
- krb5_free_principal(kcontext, client);
- if (*ccachep && !ccache_supplied) {
- krb5_cc_destroy(kcontext, *ccachep);
- *ccachep = (krb5_ccache) NULL;
- }
- }
- return(kret);
-
-}
-
-/*
- * krb5_adm_disconnect() - Disconnect from the administrative service.
- *
- * If ccache is supplied, then it is destroyed. Otherwise, the ccache is
- * the caller's responsibility to close.
- */
-void KRB5_CALLCONV
-krb5_adm_disconnect(kcontext, socketp, auth_context, ccache)
- krb5_context kcontext;
- int *socketp;
- krb5_auth_context auth_context;
- krb5_ccache ccache;
-{
- if (ccache)
- krb5_cc_destroy(kcontext, ccache);
- if (auth_context)
- krb5_xfree(auth_context);
- if (*socketp >= 0)
- closesocket((SOCKET)*socketp);
-}
-
diff --git a/src/kadmin/v5passwdd/adm_rw.c b/src/kadmin/v5passwdd/adm_rw.c
deleted file mode 100644
index 8b5c71a8d..000000000
--- a/src/kadmin/v5passwdd/adm_rw.c
+++ /dev/null
@@ -1,543 +0,0 @@
-/*
- * lib/kadm/adm_rw.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Routines to engage in the administrative (password changing) protocol.
- */
-#define NEED_SOCKETS
-#include "k5-int.h"
-#include "adm_proto.h"
-
-/*
- * Local prototypes (needed or else the PC will pass fail).
- */
-static void kadm_copyin_int32 (char *, krb5_int32 *);
-static void kadm_copyout_int32 (krb5_int32, char *);
-
-/*
- * Routines to [de]serialize integers.
- *
- * kadm_copyin_int32 - Move a 32-bit integer fron network byte order to
- * host byte order.
- * kadm_copyout_int32 - Move a 32-bit integer from host byte order to
- * network byte order.
- */
-static void
-kadm_copyin_int32(cp, ip)
- char *cp;
- krb5_int32 *ip;
-{
- *ip = (((krb5_int32) ((unsigned char) cp[0]) << 24) +
- ((krb5_int32) ((unsigned char) cp[1]) << 16) +
- ((krb5_int32) ((unsigned char) cp[2]) << 8) +
- ((krb5_int32) ((unsigned char) cp[3])));
-}
-
-static void
-kadm_copyout_int32(outint, cp)
- krb5_int32 outint;
- char *cp;
-{
- cp[0] = (char) ((outint >> 24) & 0xff);
- cp[1] = (char) ((outint >> 16) & 0xff);
- cp[2] = (char) ((outint >> 8) & 0xff);
- cp[3] = (char) (outint & 0xff);
-}
-
-/*
- * krb5_free_adm_data() - Free data blocks allocated by read_adm... routines.
- */
-void KRB5_CALLCONV
-krb5_free_adm_data(kcontext, ncomp, datap)
- krb5_context kcontext;
- krb5_int32 ncomp;
- krb5_data *datap;
-{
- int i;
-
- if (datap) {
- for (i=0; i<ncomp; i++)
- if (datap[i].data && (datap[i].length > 0))
- krb5_xfree(datap[i].data);
-
- krb5_xfree(datap);
- }
-}
-
-/*
- * krb5_send_adm_cmd() - Send an administrative command.
- *
- * Send a list of data in a KRB_PRIV message. Data takes the format:
- * nargs (4 octets in network order)
- * arg size 1 (4 octets in network order)
- * arg data 1 ("arg size 1" octets)
- * .
- * .
- * .
- */
-krb5_error_code KRB5_CALLCONV
-krb5_send_adm_cmd(kcontext, sock, ctx, nargs, arglist)
- krb5_context kcontext; /* Context handle (In ) */
- krb5_pointer sock; /* Socket to write to (In ) */
- krb5_auth_context ctx; /* Auth context (In ) */
- krb5_int32 nargs; /* Number of arguments (In ) */
- krb5_data *arglist; /* Components to write (In ) */
-{
- size_t writebufsize;
- int i;
- char *writebuf;
- krb5_error_code ret;
- krb5_int32 ac_flags;
-
- /*
- * First check that our auth context has the right flags in it.
- */
- ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags);
- if (ret)
- return(ret);
-
- if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) !=
- (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- /* XXX - need a better error */
- return(KRB5KRB_AP_ERR_MSG_TYPE);
- }
-
- ret = 0;
- /* Calculate write buffer size */
- writebufsize = sizeof(krb5_int32);
- for (i=0; i<nargs; i++) {
- writebufsize += sizeof(krb5_int32); /* for argument size */
- writebufsize += arglist[i].length; /* for actual arg */
- }
-
- writebuf = (char *) malloc(writebufsize);
- if (writebuf != NULL) {
- char *curr;
- krb5_data write_data, out_data;
- krb5_replay_data replay_data;
-
- /* Serialize into write buffer - first number of arguments */
- curr = writebuf;
- kadm_copyout_int32(nargs, curr);
- curr += sizeof(krb5_int32);
-
- /* Then the arguments */
- for (i=0; i<nargs; i++) {
- kadm_copyout_int32(arglist[i].length, curr);
- curr += sizeof(krb5_int32);
- memcpy(curr, arglist[i].data, arglist[i].length);
- curr += arglist[i].length;
- }
-
- /* Set up the message */
- write_data.length = writebufsize;
- write_data.data = writebuf;
-
- /* Generate the message */
- ret = krb5_mk_priv(kcontext, ctx, &write_data,
- &out_data, &replay_data);
- if (!ret) {
- /* Write the message */
- ret = krb5_write_message(kcontext, sock, &out_data);
- krb5_free_data_contents(kcontext, &out_data);
- if (ret)
- goto cleanup;
- }
-
- cleanup:
- /* Paranoia */
- memset(writebuf, 0, writebufsize);
- free(writebuf);
- }
- else {
- /* error */
- ret = ENOMEM;
- }
- return(ret);
-}
-
-/*
- * krb5_send_adm_reply() - Send an administrative reply.
- *
- * Send a reply in a KRB_PRIV message. Data takes the format:
- * status (4 octets in network order)
- * ncomps (4 octets in network order)
- * comp size 1 (4 octets in network order)
- * comp data 1 ("comp size 1" octets)
- * .
- * .
- * .
- */
-krb5_error_code
-krb5_send_adm_reply(kcontext, sock, ctx, cmd_stat, ncomps, complist)
- krb5_context kcontext; /* Context handle (In ) */
- krb5_pointer sock; /* Socket to write to (In ) */
- krb5_auth_context ctx; /* Auth context (In ) */
- krb5_int32 cmd_stat; /* Command status (In ) */
- krb5_int32 ncomps; /* Number of arguments (In ) */
- krb5_data *complist; /* Components to write (In ) */
-{
- size_t writebufsize;
- int i;
- char *writebuf;
- krb5_error_code ret;
- krb5_int32 ac_flags;
-
- /*
- * First check that our auth context has the right flags in it.
- */
- ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags);
- if (ret)
- return(ret);
-
- if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) !=
- (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- /* XXX - need a better error */
- return(KRB5KRB_AP_ERR_MSG_TYPE);
- }
-
- ret = 0;
- /* Calculate write buffer size */
- writebufsize = 2 * sizeof(krb5_int32);
- for (i=0; i<ncomps; i++) {
- writebufsize += sizeof(krb5_int32); /* for argument size */
- writebufsize += complist[i].length; /* for actual arg */
- }
-
- writebuf = (char *) malloc(writebufsize);
- if (writebuf != NULL) {
- char *curr;
- krb5_data write_data, out_data;
- krb5_replay_data replay_data;
-
- /* Serialize into write buffer - first command status */
- curr = writebuf;
- kadm_copyout_int32(cmd_stat, curr);
- curr += sizeof(krb5_int32);
-
- /* Now number of reply components */
- kadm_copyout_int32(ncomps, curr);
- curr += sizeof(krb5_int32);
-
- /* Then the arguments */
- for (i=0; i<ncomps; i++) {
- kadm_copyout_int32(complist[i].length, curr);
- curr += sizeof(krb5_int32);
- memcpy(curr, complist[i].data, complist[i].length);
- curr += complist[i].length;
- }
-
- /* Set up the message */
- write_data.length = writebufsize;
- write_data.data = writebuf;
-
- /* Generate the message */
- ret = krb5_mk_priv(kcontext, ctx, &write_data, &out_data,
- &replay_data);
- if (!ret) {
- /* Write the message */
- ret = krb5_write_message(kcontext, sock, &out_data);
- krb5_free_data_contents(kcontext, &out_data);
- if (ret)
- goto cleanup;
- }
-
- cleanup:
- /* Paranoia */
- memset(writebuf, 0, writebufsize);
- free(writebuf);
- }
- else {
- /* error */
- ret = ENOMEM;
- }
- return(ret);
-}
-
-/*
- * krb5_read_adm_cmd() - Read an administrative protocol command.
- *
- * Read an administrative command from the socket. Expect data in the
- * same format as send_adm_cmd shoots them out in.
- *
- * It is the caller's responsibility to free the memory allocated for
- * the read in argument list.
- */
-krb5_error_code
-krb5_read_adm_cmd(kcontext, sock, ctx, nargs, arglist)
- krb5_context kcontext; /* Context handle (In ) */
- krb5_pointer sock; /* Socket to read from (In ) */
- krb5_auth_context ctx; /* Auth context (In ) */
- krb5_int32 *nargs; /* Number of arguments (Out) */
- krb5_data **arglist; /* List of arguments (Out) */
-{
- krb5_data read_data;
- krb5_error_code ret;
- krb5_data msg_data;
- krb5_replay_data replay_data;
- krb5_int32 ac_flags;
- krb5_int32 len32;
-
- /*
- * First check that our auth context has the right flags in it.
- */
- ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags);
- if (ret)
- return(ret);
-
- if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) !=
- (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- /* XXX - need a better error */
- return(KRB5KRB_AP_ERR_MSG_TYPE);
- }
-
- if (!(ret = krb5_read_message(kcontext, sock, &read_data))) {
- if (!(ret = krb5_rd_priv(kcontext,
- ctx,
- &read_data,
- &msg_data,
- &replay_data))) {
- char *curr;
- int replyok;
- int i;
-
- replyok = 0;
- /* We'd better have at least one reply component */
- if (msg_data.length >= sizeof(krb5_int32)) {
- curr = msg_data.data;
- kadm_copyin_int32(curr, nargs);
- curr += sizeof(krb5_int32);
-
- /* Are there any components to copy? */
- if (*nargs > 0) {
-
- /* Get the memory for the list */
- *arglist = (krb5_data *)
- malloc((size_t) (*nargs) * sizeof(krb5_data));
- if (*arglist != NULL) {
- krb5_data *xarglist;
-
- xarglist = *arglist;
- memset((char *) (xarglist), 0,
- (size_t) (*nargs) * sizeof(krb5_data));
-
- replyok = 1;
- /* Copy out each list entry */
- for (i=0; i<*nargs; i++) {
-
- /* First get the length of the reply component */
- if (curr + sizeof(krb5_int32) - msg_data.data <=
- msg_data.length) {
-
- kadm_copyin_int32(curr, &len32);
- xarglist[i].length = (int) len32;
- curr += sizeof(krb5_int32);
-
- /* Then get the memory for the actual data */
- if ((curr + xarglist[i].length -
- msg_data.data <= msg_data.length) &&
- (xarglist[i].data = (char *)
- malloc(xarglist[i].length+1))) {
-
- /* Then copy it out */
- memcpy(xarglist[i].data,
- curr,
- xarglist[i].length);
- curr += xarglist[i].length;
-
- /* Null terminate for convenience */
- xarglist[i].data[xarglist[i].length]
- = '\0';
- }
- else {
- /* Not enough remaining data. */
- replyok = 0;
- break;
- }
- }
- else {
- /* Not enough remaining data */
- replyok = 0;
- break;
- }
- }
- if (!replyok)
- krb5_free_adm_data(kcontext, *nargs, *arglist);
- }
- }
- else {
- if (*nargs == 0) {
- *arglist = (krb5_data *) NULL;
- replyok = 1;
- }
- }
- }
- if (!replyok) {
- ret = KRB5KRB_AP_ERR_MSG_TYPE; /* syntax error */
- }
- memset(msg_data.data, 0, msg_data.length);
- krb5_xfree(msg_data.data);
- }
- krb5_xfree(read_data.data);
- }
- return(ret);
-}
-
-/*
- * krb5_read_adm_reply() - Read an administrative protocol response.
- *
- * Expect to read them out in the same format as send_adm_reply shoots them
- * in.
- *
- * It is the caller's responsibility to free the memory allocated for
- * the read in component list.
- */
-krb5_error_code KRB5_CALLCONV
-krb5_read_adm_reply(kcontext, sock, ctx, cmd_stat, ncomps, complist)
- krb5_context kcontext; /* Context handle (In ) */
- krb5_pointer sock; /* Socket to read from (In ) */
- krb5_auth_context ctx; /* Auth context (In ) */
- krb5_int32 *cmd_stat; /* Command status (Out) */
- krb5_int32 *ncomps; /* # of reply components(Out) */
- krb5_data **complist; /* List of components (Out) */
-{
- krb5_data read_data;
- krb5_error_code ret;
- krb5_data msg_data;
- krb5_replay_data replay_data;
- krb5_int32 ac_flags;
- krb5_int32 len32;
-
- /*
- * First check that our auth context has the right flags in it.
- */
- ret = krb5_auth_con_getflags(kcontext, ctx, &ac_flags);
- if (ret)
- return(ret);
-
- if ((ac_flags & (KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) !=
- (KRB5_AUTH_CONTEXT_RET_SEQUENCE|KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- /* XXX - need a better error */
- return(KRB5KRB_AP_ERR_MSG_TYPE);
- }
-
- if (!(ret = krb5_read_message(kcontext, sock, &read_data))) {
- if (!(ret = krb5_rd_priv(kcontext,
- ctx,
- &read_data,
- &msg_data,
- &replay_data))) {
- char *curr;
- int replyok;
- int i;
-
- replyok = 0;
- /* We'd better have at least two reply components */
- if (msg_data.length >= (2*sizeof(krb5_int32))) {
- curr = msg_data.data;
- kadm_copyin_int32(curr, cmd_stat);
- curr += sizeof(krb5_int32);
- kadm_copyin_int32(curr, ncomps);
- curr += sizeof(krb5_int32);
-
- /* Are there any components to copy? */
- if (*ncomps > 0) {
-
- /* Get the memory for the list */
- *complist = (krb5_data *)
- malloc((size_t) ((*ncomps) * sizeof(krb5_data)));
- if (*complist) {
- krb5_data *xcomplist;
-
- xcomplist = *complist;
- memset((char *) (xcomplist), 0,
- (size_t) ((*ncomps) * sizeof(krb5_data)));
-
- replyok = 1;
- /* Copy out each list entry */
- for (i=0; i<*ncomps; i++) {
-
- /* First get the length of the reply component */
- if (curr + sizeof(krb5_int32) - msg_data.data <=
- msg_data.length) {
- kadm_copyin_int32(curr, &len32);
- xcomplist[i].length = (int) len32;
- curr += sizeof(krb5_int32);
-
- /* Then get the memory for the actual data */
- if ((curr + xcomplist[i].length -
- msg_data.data <= msg_data.length) &&
- (xcomplist[i].data = (char *)
- malloc(xcomplist[i].length+1))) {
-
- /* Then copy it out */
- memcpy(xcomplist[i].data,
- curr,
- xcomplist[i].length);
- curr += xcomplist[i].length;
-
- /* Null terminate for convenience */
- xcomplist[i].data[xcomplist[i].length]
- = '\0';
- }
- else {
- /* Not enough remaining data. */
- replyok = 0;
- break;
- }
- }
- else {
- /* Not enough remaining data */
- replyok = 0;
- break;
- }
- }
- if (!replyok)
- krb5_free_adm_data(kcontext, *ncomps, *complist);
- }
- }
- else {
- if (*ncomps == 0) {
- *complist = (krb5_data *) NULL;
- replyok = 1;
- }
- }
- }
- if (!replyok) {
- ret = KRB5KRB_AP_ERR_MSG_TYPE; /* syntax error */
- }
- memset(msg_data.data, 0, msg_data.length);
- krb5_xfree(msg_data.data);
- }
- krb5_xfree(read_data.data);
- }
- return(ret);
-}
diff --git a/src/kadmin/v5passwdd/kadm5_defs.h b/src/kadmin/v5passwdd/kadm5_defs.h
deleted file mode 100644
index 3f587eaf3..000000000
--- a/src/kadmin/v5passwdd/kadm5_defs.h
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * kadmin/v5server/kadm5_defs.h
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * kadmind5
- * Version 5 administrative daemon.
- */
-#ifndef KADM5_DEFS_H__
-#define KADM5_DEFS_H__
-
-/*
- * Debug definitions.
- */
-#define DEBUG_SPROC 1
-#define DEBUG_OPERATION 2
-#define DEBUG_HOST 4
-#define DEBUG_REALM 8
-#define DEBUG_REQUESTS 16
-#define DEBUG_ACL 32
-#define DEBUG_PROTO 64
-#define DEBUG_CALLS 128
-#define DEBUG_NOSLAVES 256
-#ifdef DEBUG
-#define DPRINT(l1, cl, al) if ((cl & l1) != 0) xprintf al
-#else /* DEBUG */
-#define DPRINT(l1, cl, al)
-#endif /* DEBUG */
-#define DLOG(l1, cl, msg) if ((cl & l1) != 0) \
- com_err(programname, 0, msg)
-
-/*
- * Access control bits.
- */
-#define ACL_ADD_PRINCIPAL 1
-#define ACL_DELETE_PRINCIPAL 2
-#define ACL_MODIFY_PRINCIPAL 4
-#define ACL_CHANGEPW 8
-#define ACL_CHANGE_OWN_PW 16
-#define ACL_INQUIRE 32
-#define ACL_EXTRACT 64
-#define ACL_RENAME_PRINCIPAL (ACL_ADD_PRINCIPAL+ACL_DELETE_PRINCIPAL)
-
-#define ACL_PRINCIPAL_MASK (ACL_ADD_PRINCIPAL|ACL_DELETE_PRINCIPAL|\
- ACL_MODIFY_PRINCIPAL)
-#define ACL_PASSWD_MASK (ACL_CHANGEPW|ACL_CHANGE_OWN_PW)
-#define ACL_ALL_MASK (ACL_ADD_PRINCIPAL | \
- ACL_DELETE_PRINCIPAL | \
- ACL_MODIFY_PRINCIPAL | \
- ACL_CHANGEPW | \
- ACL_CHANGE_OWN_PW | \
- ACL_INQUIRE | \
- ACL_EXTRACT)
-/*
- * Subcodes.
- */
-#define KADM_BAD_ARGS 10
-#define KADM_BAD_CMD 11
-#define KADM_NO_CMD 12
-#define KADM_BAD_PRINC 20
-#define KADM_PWD_TOO_SHORT 21
-#define KADM_PWD_WEAK 22
-#define KADM_NOT_ALLOWED 100
-
-/*
- * Reply status values.
- */
-#define KRB5_ADM_SUCCESS 0
-#define KRB5_ADM_CMD_UNKNOWN 1
-#define KRB5_ADM_PW_UNACCEPT 2
-#define KRB5_ADM_BAD_PW 3
-#define KRB5_ADM_NOT_IN_TKT 4
-#define KRB5_ADM_CANT_CHANGE 5
-#define KRB5_ADM_LANG_NOT_SUPPORTED 6
-
-#define KRB5_ADM_P_ALREADY_EXISTS 64
-#define KRB5_ADM_P_DOES_NOT_EXIST 65
-#define KRB5_ADM_NOT_AUTHORIZED 66
-#define KRB5_ADM_BAD_OPTION 67
-#define KRB5_ADM_VALUE_REQUIRED 68
-#define KRB5_ADM_SYSTEM_ERROR 69
-#define KRB5_ADM_KEY_DOES_NOT_EXIST 70
-#define KRB5_ADM_KEY_ALREADY_EXISTS 71
-#define KRB5_ADM_BAD_DESKEY 72
-
-/*
- * Inter-module function prototypes
- */
-
-krb5_keytab key_keytab_id (void);
-krb5_error_code key_open_db (krb5_context);
-krb5_error_code key_close_db (krb5_context);
-
-#if 0
-/* srv_key.c */
-krb5_error_code key_init
- (krb5_context,
- int,
- int,
- char *,
- int,
- char *,
- char *,
- char *,
- char *,
- krb5_int32,
- krb5_key_salt_tuple *);
-void key_finish
- (krb5_context,
- int);
-krb5_error_code key_string_to_keys
- (krb5_context,
- krb5_db_entry *,
- krb5_data *,
- krb5_int32,
- krb5_key_salt_tuple *,
- krb5_int32 *,
- krb5_key_data **);
-krb5_error_code key_random_key
- (krb5_context,
- krb5_db_entry *,
- krb5_int32 *,
- krb5_key_data **);
-krb5_error_code key_encrypt_keys
- (krb5_context,
- krb5_db_entry *,
- krb5_int32 *,
- krb5_key_data *,
- krb5_key_data **);
-krb5_error_code key_decrypt_keys
- (krb5_context,
- krb5_db_entry *,
- krb5_int32 *,
- krb5_key_data *,
- krb5_key_data **);
-krb5_boolean key_pwd_is_weak
- (krb5_context,
- krb5_db_entry *,
- krb5_data *);
-krb5_db_entry *key_master_entry();
-char *key_master_realm();
-krb5_keyblock *key_admin_key();
-krb5_encrypt_block *key_master_encblock();
-void key_free_key_data (krb5_key_data *,
- krb5_int32);
-krb5_error_code key_dbent_to_keysalts
- (krb5_db_entry *,
- krb5_int32 *,
- krb5_key_salt_tuple **);
-krb5_error_code key_update_tl_attrs
- (krb5_context,
- krb5_db_entry *,
- krb5_principal,
- krb5_boolean);
-
-/* srv_acl.c */
-krb5_error_code acl_init
- (krb5_context,
- int,
- char *);
-void acl_finish
- (krb5_context,
- int);
-krb5_boolean acl_op_permitted
- (krb5_context,
- krb5_principal,
- krb5_int32,
- char *);
-
-#endif
-
-/* srv_output.c */
-krb5_error_code output_init
- (krb5_context,
- int,
- char *,
- krb5_boolean);
-void output_finish
- (krb5_context,
- int);
-krb5_boolean output_lang_supported
- (char *);
-char *output_krb5_errmsg
- (char *,
- krb5_boolean,
- krb5_int32);
-char *output_adm_error
- (char *,
- krb5_boolean,
- krb5_int32,
- krb5_int32,
- krb5_int32,
- krb5_data *);
-
-/* srv_net.c */
-krb5_error_code net_init
- (krb5_context,
- char *,
- int,
- krb5_int32);
-void net_finish
- (krb5_context,
- int);
-krb5_error_code net_dispatch
- (krb5_context, int);
-krb5_principal net_server_princ (void);
-
-/* proto_serv.c */
-krb5_error_code proto_init
- (krb5_context,
- int,
- int);
-void proto_finish
- (krb5_context,
- int);
-krb5_error_code proto_serv
- (krb5_context,
- krb5_int32,
- int,
- void *,
- void *);
-
-krb5_int32 passwd_change
- (krb5_context,
- int,
- krb5_auth_context,
- krb5_ticket *,
- krb5_data *,
- krb5_data *,
- krb5_int32 *);
-
-krb5_int32 pwd_change
- (krb5_context,
- int,
- krb5_auth_context,
- krb5_ticket *,
- krb5_data *,
- krb5_data *,
- char [],
- unsigned int);
-
-#if 0
-
-/* passwd.c */
-krb5_int32 passwd_check
- (krb5_context,
- int,
- krb5_auth_context,
- krb5_ticket *,
- krb5_data *,
- krb5_int32 *);
-krb5_int32 passwd_change
- (krb5_context,
- int,
- krb5_auth_context,
- krb5_ticket *,
- krb5_data *,
- krb5_data *,
- krb5_int32 *);
-krb5_boolean passwd_check_npass_ok
- (krb5_context,
- int,
- krb5_principal,
- krb5_db_entry *,
- krb5_data *,
- krb5_int32 *);
-krb5_boolean passwd_check_opass_ok
- (krb5_context,
- int,
- krb5_principal,
- krb5_db_entry *,
- krb5_data *);
-
-/* admin.c */
-krb5_error_code admin_add_principal
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_int32,
- krb5_data *);
-krb5_error_code admin_delete_principal
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *);
-krb5_error_code admin_rename_principal
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *,
- krb5_data *);
-krb5_error_code admin_modify_principal
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_int32,
- krb5_data *);
-krb5_error_code admin_change_opw
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *,
- krb5_data *);
-krb5_error_code admin_change_orandpw
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *);
-krb5_error_code admin_inquire
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *,
- krb5_int32 *,
- krb5_data **);
-krb5_error_code admin_extract_key
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_data *,
- krb5_data *,
- krb5_int32 *,
- krb5_data **);
-krb5_error_code admin_add_key
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_int32,
- krb5_data *);
-krb5_error_code admin_delete_key
- (krb5_context,
- int,
- krb5_ticket *,
- krb5_int32,
- krb5_data *);
-void admin_init (krb5_deltat,
- krb5_deltat,
- krb5_boolean,
- krb5_timestamp,
- krb5_boolean,
- krb5_flags);
-#endif
-
-#endif /* KADM5_DEFS_H__ */
diff --git a/src/kadmin/v5passwdd/kpasswd.c b/src/kadmin/v5passwdd/kpasswd.c
deleted file mode 100644
index 9a9318044..000000000
--- a/src/kadmin/v5passwdd/kpasswd.c
+++ /dev/null
@@ -1,599 +0,0 @@
-/*
- * kadmin/kpasswd/kpasswd.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * kpasswd
- * change your password with Version 5 Kerberos using the new password
- * changing protocol.
- */
-
-/*
- * Include files.
- */
-#include "k5-int.h"
-#include "adm_defs.h"
-#include "adm.h"
-#include "krb5/adm_proto.h"
-
-#ifdef HAVE_STRING_H
-#include <string.h>
-#else /* HAVE_STRING_H */
-#include <strings.h>
-#endif /* HAVE_STRING_H */
-
-
-/*
- * Local definitions.
- */
-#define KPWD_MAX_TRIES 4
-
-/*
- * Local data.
- */
-#define kpwd_serror_head "server"
-#define kpwd_change_prompt_1 " Enter new password"
-#define kpwd_change_prompt_2 "Re-enter new password"
-#define kpwd_old_password_prompt " Enter old password"
-#define kpwd_old_pwd_name_fmt "Enter old password for %s"
-
-#ifdef LANGUAGES_SUPPORTED
-#define kpwd_usage_error_fmt "%s: usage is %s [-u user] [-l language]\n"
-#define kpwd_getoptstring "l:u:"
-#else /* LANGUAGES_SUPPORTED */
-#define kpwd_usage_error_fmt "%s: usage is %s [-u user]\n"
-#define kpwd_getoptstring "u:"
-#endif /* LANGUAGES_SUPPORTED */
-#define kpwd_extra_args "extra arguments"
-#if 0
-#define kpwd_bad_option_fmt "%s: unrecognized option -%c.\n"
-#endif
-#define kpwd_no_memory_fmt "%s: not enough resources to allocate %d bytes for %s.\n"
-#define kpwd_bad_client_fmt "%s: %s%s%s %s not recognized by the server.\n"
-#define kpwd_no_server_fmt "%s: cannot find server for %s.\n"
-#define kpwd_incorrect_fmt "%s: incorrect password\n"
-#define kpwd_cant_connect_fmt "%s: cannot contact server (%s).\n"
-#define kpwd_proto_error_fmt "%s: protocol error during %s request (%s).\n"
-#define kpwd_pwproto_unsupp_fmt "%s: %s request not supported by server.\n"
-#define kpwd_pwproto_error "%s: server error (%s) during %s request.\n"
-#define kpwd_pwd_unacceptable "%s: your new password is unacceptable to the server, %s.\n"
-#define kpwd_read_pass_error "%s: error (%s) reading passwords.\n"
-
-static const char *kpwd_password_text = "passwords";
-#if 0
-static const char *kpwd_realm_text = "realm name";
-#endif
-static const char *kpwd_args_text = "arguments";
-
-static const char *kpwd_try_again_text = "try again";
-static const char *kpwd_seeyalater_text = "password not changed";
-
-#if 0
-static const char *kpwd_mime_text = "MIME-enable";
-static const char *kpwd_language_text = "set language";
-#endif
-static const char *kpwd_check_pwd_text = "check password";
-static const char *kpwd_change_pwd_text = "change password";
-static const char *kpwd_quit_text = "quit";
-
-static const char *kpwd_you = "you";
-static const char *kpwd_is_second = "are";
-static const char *kpwd_is_third = "is";
-static const char *kpwd_quote = "'";
-static const char *kpwd_null = "";
-
-static const char *kpwd_this_realm = "this realm";
-
-static const char *kpwd_replies[] = {
- "Operation successful", /* KRB5_ADM_SUCCESS */
- "Command not recognized", /* KRB5_ADM_CMD_UNKNOWN */
- "Password unacceptable to server", /* KRB5_ADM_PW_UNACCEPT */
- "Old password incorrect", /* KRB5_ADM_BAD_PW */
- "Invalid ticket (TKT_FLAG_INITIAL not set)",/* KRB5_ADM_NOT_IN_TKT */
- "Server refused password change", /* KRB5_ADM_CANT_CHANGE */
- "Language not supported", /* KRB5_ADM_LANG_NOT_SUPPORTED */
-};
-static const char *kpwd_replies_unknown = "UNKNOWN ERROR";
-
-static void
-usage(invocation, more_info)
- char *invocation;
- char *more_info;
-{
- if (more_info)
- fprintf(stderr, "%s: %s\n", invocation, more_info);
- fprintf(stderr, kpwd_usage_error_fmt, invocation, invocation);
-}
-
-static const char *
-kpwd_reply_to_string(status)
- krb5_int32 status;
-{
- int idx;
- const char *rval;
-
- switch (status) {
- case KRB5_ADM_SUCCESS:
- case KRB5_ADM_CMD_UNKNOWN:
- case KRB5_ADM_PW_UNACCEPT:
- case KRB5_ADM_BAD_PW:
- case KRB5_ADM_NOT_IN_TKT:
- case KRB5_ADM_CANT_CHANGE:
- case KRB5_ADM_LANG_NOT_SUPPORTED:
- idx = (int) status;
- rval = kpwd_replies[idx];
- break;
- default:
- rval = kpwd_replies_unknown;
- break;
- }
- return(rval);
-}
-
-static void
-kpwd_print_sreply(progname, ncomps, complist)
- char *progname;
- krb5_int32 ncomps;
- krb5_data *complist;
-{
- krb5_int32 i;
- /*
- * If language/mime suporrt enabled, need to have mime-decoder here.
- */
- if (ncomps > 0) {
- fprintf(stderr, "%s - %s: %s\n", progname, kpwd_serror_head,
- complist[0].data);
- for (i=1; i<ncomps; i++)
- fprintf(stderr, "\t%s\n", complist[i].data);
- }
-}
-
-int
-main(argc, argv)
- int argc;
- char *argv[];
-{
- int option;
- extern int optind;
- extern char *optarg;
- int error;
-
- char *name;
-#ifdef LANGUAGES_SUPPORTED
- int mflag;
- int lflag;
-#endif
- char *language;
-
- krb5_error_code kret;
- krb5_context kcontext;
- krb5_auth_context auth_context;
- krb5_ccache ccache;
- char *opassword;
- char *npassword;
- char *opwd_prompt;
-
- int conn_socket = -1;
-
- int npass_tries;
- int send_quit;
-
- /*
- * Initialize.
- */
- language = name = opwd_prompt = (char *) NULL;
- error = 0;
-#ifdef LANGUAGES_SUPPORTED
- mflag = lflag = 0;
-#endif
- send_quit = 0;
- ccache = (krb5_ccache) NULL;
-
- /*
- * Usage is:
- * kpasswd [-u user] [-l language]
- */
- while ((option = getopt(argc, argv, kpwd_getoptstring)) != -1) {
- switch (option) {
- case 'u':
- if ((name = (char *) malloc(strlen(optarg)+1)) == NULL) {
- fprintf(stderr, kpwd_no_memory_fmt, argv[0],
- strlen(optarg)+1, kpwd_args_text);
- error = ENOMEM;
- break;
- }
- strcpy(name, optarg);
- break;
-#ifdef LANGUAGES_SUPPORTED
- case 'l':
- lflag++;
- mflag++;
- if ((language = (char *) malloc(strlen(optarg)+1)) == NULL) {
- fprintf(stderr, kpwd_no_memory_fmt, argv[0],
- strlen(optarg)+1, kpwd_args_text);
- error = ENOMEM;
- break;
- }
- strcpy(language, optarg);
- break;
-#endif /* LANGUAGES_SUPPORTED */
- default:
- error++;
- break;
- }
- if (error)
- break;
- }
- if (error || ((argc - optind) > 0)) {
- usage(argv[0], (error) ? (char *) NULL: kpwd_extra_args);
- error++;
- if (name)
- free(name);
- if (language)
- free(language);
- return(error);
- }
-
- /*
- * Initialize Kerberos
- */
- kret = krb5_init_context(&kcontext);
- if (kret) {
- com_err(argv[0], kret, "while initializing krb5");
- exit(1);
- }
-
- /* Get space for passwords */
- if (
- ((npassword = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN))
- == (char *) NULL) ||
- ((opassword = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN))
- == (char *) NULL))
- {
- fprintf(stderr, kpwd_no_memory_fmt, argv[0], KRB5_ADM_MAX_PASSWORD_LEN,
- kpwd_password_text);
- if (npassword)
- free(npassword);
- krb5_free_context(kcontext);
- return(ENOMEM);
- }
-
- /* From now on, all error legs via 'goto cleanup' */
-
- if (name) {
- size_t prompt_len;
-
- prompt_len = strlen(kpwd_old_pwd_name_fmt) - 2 + strlen(name) + 1;
- opwd_prompt = (char *) malloc(prompt_len);
- if (opwd_prompt)
- sprintf(opwd_prompt, kpwd_old_pwd_name_fmt, name);
- }
- /*
- * Establish the connection.
- */
- kret = krb5_adm_connect(kcontext, name,
- (opwd_prompt) ?
- opwd_prompt : kpwd_old_password_prompt,
- opassword, &conn_socket, &auth_context,
- &ccache, (char *) NULL, 0);
- if (kret) {
- switch (kret) {
- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
- fprintf(stderr, kpwd_bad_client_fmt, argv[0],
- (name) ? kpwd_quote : kpwd_null,
- (name) ? name : kpwd_you,
- (name) ? kpwd_quote : kpwd_null,
- (name) ? kpwd_is_third : kpwd_is_second);
- break;
- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
- fprintf(stderr, kpwd_no_server_fmt, argv[0],
- (name) ? name : kpwd_this_realm);
- break;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
- fprintf(stderr, kpwd_incorrect_fmt, argv[0]);
- break;
- default:
- fprintf(stderr, kpwd_cant_connect_fmt, argv[0],
- error_message(kret));
- break;
- }
- goto cleanup;
- }
-
- if (opwd_prompt)
- free(opwd_prompt);
- send_quit = 1;
-
-#ifdef LANGUAGES_SUPPORTED
- /*
- * We have the connection - see if we have to send some precursory data.
- */
- if (mflag) {
- /*
- * Need to engage in protocol for MIME setting
- */
- krb5_data mime_data;
- krb5_int32 mime_status;
- krb5_int32 mime_ncomps;
- krb5_data *mime_reply;
-
- mime_data.data = KRB5_ADM_MIME_CMD;
- mime_data.length = strlen(mime_data.data);
- if ((kret = krb5_send_adm_cmd(kcontext,
- &conn_socket,
- auth_context,
- 1,
- &mime_data)) ||
- (kret = krb5_read_adm_reply(kcontext,
- &conn_socket,
- auth_context,
- &mime_status,
- &mime_ncomps,
- &mime_reply))) {
- fprintf(stderr, kpwd_proto_error_fmt, argv[0], kpwd_mime_text,
- error_message(kret));
- send_quit = 0;
- goto cleanup;
- }
- switch (mime_status) {
- case KRB5_ADM_SUCCESS:
- break;
- case KRB5_ADM_CMD_UNKNOWN:
- fprintf(stderr, kpwd_pwproto_unsupp_fmt, argv[0], kpwd_mime_text);
- if (mime_ncomps > 0)
- kpwd_print_sreply(argv[0], mime_ncomps, mime_reply);
- break;
- default:
- fprintf(stderr, kpwd_pwproto_error, argv[0],
- kpwd_reply_to_string(mime_status), kpwd_mime_text);
- if (mime_ncomps > 0)
- kpwd_print_sreply(argv[0], mime_ncomps, mime_reply);
- goto cleanup;
- }
- krb5_free_adm_data(kcontext, mime_ncomps, mime_reply);
- }
- if (lflag && language) {
- /*
- * Need to engage in protocol for language setting
- */
- krb5_data lang_data[2];
- krb5_int32 lang_status;
- krb5_int32 lang_ncomps;
- krb5_data *lang_reply;
-
- lang_data[0].data = KRB5_ADM_LANGUAGE_CMD;
- lang_data[0].length = strlen(lang_data[0].data);
- lang_data[1].data = language;
- lang_data[1].length = strlen(language);
- if ((kret = krb5_send_adm_cmd(kcontext,
- &conn_socket,
- auth_context,
- 2,
- lang_data)) ||
- (kret = krb5_read_adm_reply(kcontext,
- &conn_socket,
- auth_context,
- &lang_status,
- &lang_ncomps,
- &lang_reply))) {
- fprintf(stderr, kpwd_proto_error_fmt, argv[0], kpwd_language_text,
- error_message(kret));
- send_quit = 0;
- goto cleanup;
- }
- switch (lang_status) {
- case KRB5_ADM_SUCCESS:
- break;
- case KRB5_ADM_CMD_UNKNOWN:
- fprintf(stderr, kpwd_pwproto_unsupp_fmt, argv[0],
- kpwd_language_text);
- if (lang_ncomps > 0)
- kpwd_print_sreply(argv[0], lang_ncomps, lang_reply);
- break;
- default:
- fprintf(stderr, kpwd_pwproto_error, argv[0],
- kpwd_reply_to_string(lang_status), kpwd_language_text);
- if (lang_ncomps > 0)
- kpwd_print_sreply(argv[0], lang_ncomps, lang_reply);
- goto cleanup;
- }
- krb5_free_adm_data(kcontext, lang_ncomps, lang_reply);
- }
-#endif /* LANGUAGES_SUPPORTED */
-
- /* Now - Actually change the password. */
- for (npass_tries = 1; npass_tries <= KPWD_MAX_TRIES; npass_tries++) {
- unsigned int npass_len;
-
- npass_len = KRB5_ADM_MAX_PASSWORD_LEN;
- if (!(kret = krb5_read_password(kcontext,
- kpwd_change_prompt_1,
- kpwd_change_prompt_2,
- npassword,
- &npass_len))) {
- krb5_data check_data[2];
- krb5_int32 check_status;
- krb5_int32 check_ncomps;
- krb5_data *check_reply;
- krb5_data set_data[3];
- krb5_int32 set_status;
- krb5_int32 set_ncomps;
- krb5_data *set_reply;
-
- check_data[0].data = KRB5_ADM_CHECKPW_CMD;
- check_data[0].length = strlen(check_data[0].data);
- check_data[1].data = npassword;
- check_data[1].length = npass_len;
- if ((kret = krb5_send_adm_cmd(kcontext,
- &conn_socket,
- auth_context,
- 2,
- check_data)) ||
- (kret = krb5_read_adm_reply(kcontext,
- &conn_socket,
- auth_context,
- &check_status,
- &check_ncomps,
- &check_reply))) {
- fprintf(stderr, kpwd_proto_error_fmt, argv[0],
- kpwd_check_pwd_text, error_message(kret));
- send_quit = 0;
- error++;
- break;
- }
- if ((check_status != KRB5_ADM_SUCCESS) &&
- (check_status != KRB5_ADM_PW_UNACCEPT)) {
- error++;
- fprintf(stderr, kpwd_pwproto_error, argv[0],
- kpwd_reply_to_string(check_status),
- kpwd_check_pwd_text);
- if (check_ncomps > 0)
- kpwd_print_sreply(argv[0], check_ncomps, check_reply);
- }
-
- if (check_status == KRB5_ADM_PW_UNACCEPT) {
- fprintf(stderr, kpwd_pwd_unacceptable, argv[0],
- (npass_tries < KPWD_MAX_TRIES) ?
- kpwd_try_again_text : kpwd_seeyalater_text);
- if (check_ncomps > 0)
- kpwd_print_sreply(argv[0], check_ncomps, check_reply);
- if (npass_tries == KPWD_MAX_TRIES)
- kret = check_status;
- continue;
- }
- krb5_free_adm_data(kcontext, check_ncomps, check_reply);
- if (error)
- break;
-
- /* Now actually change the password */
- set_data[0].data = KRB5_ADM_CHANGEPW_CMD;
- set_data[0].length = strlen(set_data[0].data);
- set_data[1].data = opassword;
- set_data[1].length = strlen(opassword);
- set_data[2].data = npassword;
- set_data[2].length = npass_len;
- if ((kret = krb5_send_adm_cmd(kcontext,
- &conn_socket,
- auth_context,
- 3,
- set_data)) ||
- (kret = krb5_read_adm_reply(kcontext,
- &conn_socket,
- auth_context,
- &set_status,
- &set_ncomps,
- &set_reply))) {
- fprintf(stderr, kpwd_proto_error_fmt, argv[0],
- kpwd_change_pwd_text, error_message(kret));
- send_quit = 0;
- error++;
- break;
- }
- if (set_status != KRB5_ADM_SUCCESS) {
- fprintf(stderr, kpwd_pwproto_error, argv[0],
- kpwd_reply_to_string(set_status),
- kpwd_change_pwd_text);
- if (set_ncomps > 0)
- kpwd_print_sreply(argv[0], set_ncomps, set_reply);
- error++;
- }
- krb5_free_adm_data(kcontext, set_ncomps, set_reply);
- break;
- }
- else {
- fprintf(stderr, kpwd_read_pass_error, argv[0],
- error_message(kret));
- error++;
- break;
- }
- }
-
- cleanup:
- if (kret)
- error = kret;
- if (language)
- free(language);
- if (name)
- free(name);
-
- /* Clear and free password storage */
- if (opassword) {
- memset(opassword, 0, KRB5_ADM_MAX_PASSWORD_LEN);
- free(opassword);
- }
- if (npassword) {
- memset(npassword, 0, KRB5_ADM_MAX_PASSWORD_LEN);
- free(npassword);
- }
-
- if (send_quit) {
- /*
- * Need to send quit command.
- */
- krb5_data quit_data;
- krb5_int32 quit_status;
- krb5_int32 quit_ncomps;
- krb5_data *quit_reply;
-
- quit_data.data = KRB5_ADM_QUIT_CMD;
- quit_data.length = strlen(quit_data.data);
- if ((kret = krb5_send_adm_cmd(kcontext,
- &conn_socket,
- auth_context,
- 1,
- &quit_data)) ||
- (kret = krb5_read_adm_reply(kcontext,
- &conn_socket,
- auth_context,
- &quit_status,
- &quit_ncomps,
- &quit_reply))) {
- fprintf(stderr, kpwd_proto_error_fmt, argv[0], kpwd_quit_text,
- error_message(kret));
- goto done;
- }
- switch (quit_status) {
- case KRB5_ADM_SUCCESS:
- break;
- case KRB5_ADM_CMD_UNKNOWN:
- fprintf(stderr, kpwd_pwproto_unsupp_fmt, argv[0], kpwd_quit_text);
- if (quit_ncomps > 0)
- kpwd_print_sreply(argv[0], quit_ncomps, quit_reply);
- break;
- default:
- fprintf(stderr, kpwd_pwproto_error, argv[0],
- kpwd_reply_to_string(quit_status), kpwd_quit_text);
- if (quit_ncomps > 0)
- kpwd_print_sreply(argv[0], quit_ncomps, quit_reply);
- }
- krb5_free_adm_data(kcontext, quit_ncomps, quit_reply);
- }
-
- done:
- krb5_adm_disconnect(kcontext, &conn_socket, auth_context, ccache);
- krb5_free_context(kcontext);
- return(error);
-}
diff --git a/src/kadmin/v5passwdd/main.c b/src/kadmin/v5passwdd/main.c
deleted file mode 100644
index ae6824726..000000000
--- a/src/kadmin/v5passwdd/main.c
+++ /dev/null
@@ -1,324 +0,0 @@
-#include <stdio.h>
-#include <signal.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <string.h>
-#include <setjmp.h>
-
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include <krb5/adm_proto.h>
-#include "kadm5_defs.h"
-
-#if defined(NEED_DAEMON_PROTO)
-extern int daemon(int, int);
-#endif
-
-static krb5_keytab keytab;
-char *programname;
-kadm5_config_params params;
-void *global_server_handle;
-#if POSIX_SETJMP
-static sigjmp_buf terminal_jmp;
-#else /* POSIX_SETJMP */
-static jmp_buf terminal_jmp;
-#endif /* POSIX_SETJMP */
-
-krb5_keytab key_keytab_id()
-{
- return(keytab);
-}
-
-static krb5_sigtype
-unhandled_signal(signo)
- int signo;
-{
-#if POSIX_SETJMP
- siglongjmp(terminal_jmp, signo);
-#else /* POSIX_SETJMP */
- longjmp(terminal_jmp, signo);
-#endif /* POSIX_SETJMP */
- /* NOTREACHED */
-}
-
-static void usage()
-{
- fprintf(stderr, "Usage: kadmind [-r realm] [-m] [-nofork] "
- "[-D debuglevel] [-T keytable] [-port port-number]\n");
- exit(1);
-}
-
-int main(int argc, char *argv[])
-{
- int ret;
- volatile int nofork;
- int timeout = -1;
- krb5_error_code code;
- volatile int debug_level = 0;
-#if POSIX_SIGNALS
- struct sigaction s_action;
-#endif /* POSIX_SIGNALS */
- krb5_context context;
-
- programname = argv[0];
-
- nofork = 0;
-
- memset((char *) &params, 0, sizeof(params));
-
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "-r") == 0) {
- argc--; argv++;
- if (!argc)
- usage();
- params.realm = *argv;
- params.mask |= KADM5_CONFIG_REALM;
- argc--; argv++;
- continue;
- } else if (strcmp(*argv, "-m") == 0) {
- params.mkey_from_kbd = 1;
- params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
- } else if (strcmp(*argv, "-nofork") == 0) {
- nofork = 1;
- } else if(strcmp(*argv, "-port") == 0) {
- argc--; argv++;
- if(!argc)
- usage();
- params.kadmind_port = atoi(*argv);
- params.mask |= KADM5_CONFIG_KADMIND_PORT;
- } else if (strcmp(*argv, "-T") == 0) {
- argc--; argv++;
- if (!argc)
- usage();
- params.admin_keytab = *argv;
- params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
- argc--; argv++;
- continue;
- } else if (strcmp(*argv, "-D") == 0) {
- if (!argc)
- usage();
- argc--; argv++;
- debug_level = atoi(*argv);
- } else
- break;
- argc--; argv++;
- }
-
- if (argc != 0)
- usage();
-
- ret = krb5_init_context(&context);
- if (ret) {
- fprintf(stderr, "%s: %s while initializing context, aborting\n",
- programname, error_message(ret));
- exit(1);
- }
-
- krb5_klog_init(context, "admin_server", programname, 1);
-
- ret = kadm5_get_config_params(context, NULL, NULL, &params,
- &params);
- if (ret) {
- krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting\n",
- programname, error_message(ret));
- fprintf(stderr, "%s: %s while initializing, aborting\n",
- programname, error_message(ret));
- krb5_klog_close(context);
- exit(1);
- }
-
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_ACL_FILE | \
- KADM5_CONFIG_ADMIN_KEYTAB)
-
- if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
- krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values "
- "(%x) while initializing, aborting\n", programname,
- (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
- fprintf(stderr, "%s: Missing required configuration values "
- "(%lx) while initializing, aborting\n", programname,
- (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
- krb5_klog_close(context);
- exit(1);
- }
-
- if ((code = krb5_kt_resolve(context, params.admin_keytab, &keytab))) {
- fprintf(stderr, "%s: cannot resolve keytab %s (%s).\n",
- programname, params.admin_keytab, error_message(code));
- exit(1);
- }
-
- if (!nofork &&
- daemon(0, ((params.mask&KADM5_CONFIG_MKEY_FROM_KBD)?
- params.mkey_from_kbd:0))) {
- fprintf(stderr, "%s: cannot spawn and detach.\n", argv[0]);
- perror(argv[0]);
- return(2);
- }
-
-#if POSIX_SIGNALS
- (void) sigemptyset(&s_action.sa_mask);
- s_action.sa_flags = 0;
- s_action.sa_handler = unhandled_signal;
- (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGALRM, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- signal(SIGINT, unhandled_signal);
- signal(SIGTERM, unhandled_signal);
- signal(SIGHUP, unhandled_signal);
- signal(SIGQUIT, unhandled_signal);
- signal(SIGPIPE, unhandled_signal);
- signal(SIGALRM, unhandled_signal);
- signal(SIGCHLD, unhandled_signal);
-#endif /* POSIX_SIGNALS */
-
- krb5_klog_syslog(LOG_INFO, "starting");
-
- code = net_init(context, params.realm, debug_level,
- (params.mask&KADM5_CONFIG_KADMIND_PORT)?
- params.kadmind_port:0);
- if (code) {
- krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network",
- programname, error_message(code));
- fprintf(stderr, "%s: %s while initializing network\n",
- programname, error_message(code));
-
- exit(1);
- }
-
- code = proto_init(context, debug_level, timeout);
- if (code) {
- krb5_klog_syslog(LOG_ERR, "%s: %s while initializing proto",
- programname, error_message(code));
- fprintf(stderr, "%s: %s while initializing proto\n",
- programname, error_message(code));
- }
-
- if (
-#if POSIX_SETJMP
- sigsetjmp(terminal_jmp, 1) == 0
-#else /* POSIX_SETJMP */
- setjmp(terminal_jmp) == 0
-#endif /* POSIX_SETJMP */
- )
- {
- code = net_dispatch(context, !nofork);
- if (code) {
- krb5_klog_syslog(LOG_ERR, "%s: %s while dispatching requests",
- programname, error_message(code));
- fprintf(stderr, "%s: %s while dispatching requests\n",
- programname, error_message(code));
-
- exit(1);
- }
- }
-
- net_finish(context, debug_level);
-
- krb5_klog_syslog(LOG_INFO, "finished, exiting");
- krb5_klog_close(context);
- exit(2);
-}
-
-krb5_error_code key_open_db(krb5_context context)
-{
- return(kadm5_init("kadmind", NULL,
- NULL, &params,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- &global_server_handle));
-}
-
-krb5_error_code key_close_db(krb5_context context)
-{
- kadm5_destroy(global_server_handle);
- return(0);
-}
-
-krb5_int32
-pwd_change(kcontext, debug_level, auth_context, ticket,
- olddata, newdata, err_str, err_str_len)
- krb5_context kcontext;
- int debug_level;
- krb5_auth_context auth_context;
- krb5_ticket *ticket;
- krb5_data *olddata;
- krb5_data *newdata;
- char err_str[];
- unsigned int err_str_len;
-{
- kadm5_ret_t ret;
- krb5_int32 now;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- krb5_principal principal;
-
- /* Make sure the ticket is initial, otherwise don't trust it */
- if ((ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) {
- return(KRB5_ADM_NOT_IN_TKT);
- }
-
- /* a principal can always change its own password, so there's no
- acl check to do here */
-
- principal = ticket->enc_part2->client;
-
- /* check to see if the min_time has passed. this is stolen
- from chpass_principal_wrapper */
-
- ret = krb5_timeofday(kcontext, &now);
- if (ret) {
- /* XXX - The only caller is known to use a 1K buffer. */
- system_error:
- strncpy(err_str, error_message(ret), 1024);
- return(KRB5_ADM_SYSTEM_ERROR);
- }
-
- if((ret = kadm5_get_principal(global_server_handle, principal,
- &princ,
- KADM5_PRINCIPAL_NORMAL_MASK)) !=
- KADM5_OK) {
- goto system_error;
- }
- if(princ.aux_attributes & KADM5_POLICY) {
- if((ret=kadm5_get_policy(global_server_handle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(global_server_handle, &princ);
- goto system_error;
- }
- if((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- (void) kadm5_free_policy_ent(global_server_handle, &pol);
- (void) kadm5_free_principal_ent(global_server_handle, &princ);
- /* XXX - The only caller is known to use a 1K buffer. */
- strncpy(err_str, error_message(ret), 1024);
- return(KRB5_ADM_PW_UNACCEPT);
- }
-
- ret = kadm5_free_policy_ent(global_server_handle, &pol);
- if (ret) {
- (void) kadm5_free_principal_ent(global_server_handle, &princ);
- goto system_error;
- }
- }
-
- ret = kadm5_free_principal_ent(global_server_handle, &princ);
- if (ret) {
- goto system_error;
- }
-
- /* ok, it's not too early to change the password. change it. */
-
- ret = kadm5_chpass_principal_util(global_server_handle,
- principal, newdata->data,
- NULL, err_str, err_str_len);
- if (ret)
- return(KRB5_ADM_PW_UNACCEPT);
-
- return(KRB5_ADM_SUCCESS);
-}
diff --git a/src/kadmin/v5passwdd/proto_serv.c b/src/kadmin/v5passwdd/proto_serv.c
deleted file mode 100644
index 013d8fb40..000000000
--- a/src/kadmin/v5passwdd/proto_serv.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- * kadmin/v5server/proto_serv.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * proto_serv.c - Engage in protocol. This module reflects the connection
- * protocol as implemented in lib/krb5/os/adm_conn.c. Any changes
- * in one module must be reflected in the other.
- */
-#define NEED_SOCKETS
-#include "k5-int.h"
-#include <signal.h>
-#include "com_err.h"
-#include "kadm5_defs.h"
-#include "adm.h"
-#include "adm_proto.h"
-#include <setjmp.h>
-
-static const char *proto_addrs_msg = "\004%d: cannot get memory for addresses";
-static const char *proto_rcache_msg = "\004%d: cannot get replay cache";
-static const char *proto_ap_req_msg = "\004%d: error reading AP_REQ message";
-static const char *proto_auth_con_msg = "\004%d: cannot get authorization context";
-static const char *proto_rd_req_msg = "\004%d: cannot decode AP_REQ message";
-static const char *proto_mk_rep_msg = "\004%d: cannot generate AP_REP message";
-static const char *proto_wr_rep_msg = "\004%d: cannot write AP_REP message";
-static const char *proto_conn_abort_msg = "\007%d: connection destroyed by client";
-static const char *proto_seq_err_msg = "\004%d: protocol sequence violation";
-static const char *proto_rd_cmd_msg = "\004%d: cannot read administrative protocol command";
-static const char *proto_db_open_msg = "\004%d: cannot open database";
-static const char *proto_db_close_msg = "\004%d: cannot close database";
-static const char *proto_wr_reply_msg = "\004%d: cannot write administrative protocol reply";
-extern char *programname;
-
-static int proto_proto_timeout = -1;
-static int proto_debug_level = 0;
-#if POSIX_SETJMP
-static sigjmp_buf timeout_jmp;
-#else /* POSIX_SETJMP */
-static jmp_buf timeout_jmp;
-#endif /* POSIX_SETJMP */
-
-static krb5_sigtype
-proto_alarmclock(signo)
- int signo;
-{
-#if POSIX_SETJMP
- siglongjmp(timeout_jmp, 1);
-#else /* POSIX_SETJMP */
- longjmp(timeout_jmp, 1);
-#endif /* POSIX_SETJMP */
- /* NOTREACHED */
-}
-
-krb5_error_code
-proto_init(kcontext, debug_level, timeo)
- krb5_context kcontext;
- int debug_level;
- int timeo;
-{
- krb5_error_code kret;
-
- proto_debug_level = debug_level;
- DPRINT(DEBUG_CALLS, proto_debug_level,
- ("* proto_init(timeo=%d)\n", timeo));
- kret = 0;
- proto_proto_timeout = timeo;
- DPRINT(DEBUG_CALLS, proto_debug_level, ("X proto_init() = %d\n", kret));
- return(kret);
-}
-
-void
-proto_finish(kcontext, debug_level)
- krb5_context kcontext;
- int debug_level;
-{
- DPRINT(DEBUG_CALLS, proto_debug_level, ("* proto_finish()\n"));
- DPRINT(DEBUG_CALLS, proto_debug_level, ("X proto_finish()\n"));
-}
-
-krb5_error_code
-proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p)
- krb5_context kcontext;
- krb5_int32 my_id;
- int cl_sock;
- void *sv_p;
- void *cl_p;
-{
- volatile krb5_error_code kret;
- struct sockaddr_in *cl_addr;
- struct sockaddr_in *sv_addr;
-
- krb5_data in_data;
- krb5_data out_data;
- krb5_rcache rcache;
- krb5_auth_context auth_context;
- krb5_flags ap_options;
- krb5_ticket *ticket;
- krb5_address *local;
- krb5_address *remote;
-
-#if POSIX_SIGNALS
- struct sigaction s_action;
-#endif /* POSIX_SIGNALS */
-
- char *curr_lang = (char *) NULL;
-#ifdef MIME_SUPPORTED
- krb5_boolean mime_setting = 0;
-#endif
-
- krb5_int32 num_args;
- krb5_data *arglist;
-
- volatile krb5_boolean db_opened;
-
- cl_addr = (struct sockaddr_in *) cl_p;
- sv_addr = (struct sockaddr_in *) sv_p;
- DPRINT(DEBUG_CALLS, proto_debug_level,
- ("* proto_serv(id=%d, sock=%d, local=%x, remote=%x)\n",
- my_id, cl_sock,
- ntohl(sv_addr->sin_addr.s_addr),
- ntohl(cl_addr->sin_addr.s_addr)));
-
- /* Initialize */
- memset((char *) &in_data, 0, sizeof(in_data));
- memset((char *) &out_data, 0, sizeof(out_data));
- num_args = 0;
- local = (krb5_address *) NULL;
- remote = (krb5_address *) NULL;
- ticket = (krb5_ticket *) NULL;
- rcache = (krb5_rcache) NULL;
-#if POSIX_SIGNALS
- (void) sigemptyset(&s_action.sa_mask);
- s_action.sa_flags = 0;
-#endif /* POSIX_SIGNALS */
- db_opened = 0;
-
- /* Get memory for addresses */
- local = (krb5_address *) malloc(sizeof(krb5_address));
- remote = (krb5_address *) malloc(sizeof(krb5_address));
- if (!local || !remote) {
- kret = ENOMEM;
- com_err(programname, kret, proto_addrs_msg, my_id);
- goto cleanup;
- }
-
- local->contents = (krb5_octet *) malloc(sizeof(struct in_addr));
- remote->contents = (krb5_octet *) malloc(sizeof(struct in_addr));
- if (!local->contents || !remote->contents) {
- kret = ENOMEM;
- com_err(programname, kret, proto_addrs_msg, my_id);
- goto cleanup;
- }
-
- /*
- * First setup the replay cache.
- */
- kret = krb5_get_server_rcache(kcontext,
- krb5_princ_component(kcontext,
- net_server_princ(),
- 0),
- &rcache);
- if (kret) {
- com_err(programname, kret, proto_rcache_msg, my_id);
- goto cleanup;
- }
-
- /* Initialize the auth context */
- kret = krb5_auth_con_init(kcontext, &auth_context);
- if (kret) {
- com_err(programname, kret, proto_auth_con_msg, my_id);
- goto cleanup;
- }
-
- krb5_auth_con_setrcache(kcontext, auth_context, rcache);
-
- /*
- * Set up addresses.
- */
- local->addrtype = remote->addrtype = ADDRTYPE_INET;
- local->length = remote->length = sizeof(struct in_addr);
- memcpy((char *) local->contents,
- (char *) &sv_addr->sin_addr,
- sizeof(struct in_addr));
- memcpy((char *) remote->contents,
- (char *) &cl_addr->sin_addr,
- sizeof(struct in_addr));
- krb5_auth_con_setflags(kcontext, auth_context,
- KRB5_AUTH_CONTEXT_RET_SEQUENCE|
- KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- krb5_auth_con_setaddrs(kcontext, auth_context, local, remote);
-
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:read message(local=%x, remote=%x)\n",
- my_id,
- ntohl(sv_addr->sin_addr.s_addr),
- ntohl(cl_addr->sin_addr.s_addr)));
- /* Now, read in the AP_REQ message and decode it. */
- kret = krb5_read_message(kcontext, (krb5_pointer) &cl_sock, &in_data);
- if (kret) {
- com_err(programname, kret, proto_ap_req_msg, my_id);
- goto cleanup;
- }
-
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:parse message(%d bytes)\n", my_id, in_data.length));
-
- /* Parse the AP_REQ message */
- kret = krb5_rd_req(kcontext, &auth_context, &in_data,
- net_server_princ(), key_keytab_id(),
- &ap_options, &ticket);
- if (kret) {
- com_err(programname, kret, proto_rd_req_msg, my_id);
- goto err_reply;
- }
-
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:check AP_REQ(options are %x)\n", my_id, ap_options));
- /* Check our options */
- if ((ap_options & AP_OPTS_MUTUAL_REQUIRED) == 0) {
- kret = KRB5KRB_AP_ERR_MSG_TYPE;
- goto err_reply;
- }
-
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:make AP_REP\n", my_id));
- kret = krb5_mk_rep(kcontext, auth_context, &out_data);
- if (kret) {
- com_err(programname, kret, proto_mk_rep_msg, my_id);
- goto cleanup;
- }
-
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:write AP_REP(%d bytes)\n", my_id, out_data.length));
- kret = krb5_write_message(kcontext, (krb5_pointer) &cl_sock,
- &out_data);
- if (kret) {
- com_err(programname, kret, proto_wr_rep_msg, my_id);
- goto cleanup;
- }
-
- /*
- * Initialization is now complete.
- *
- * If enabled, the protocol times out after proto_proto_timeout seconds.
- */
- if (
-#if POSIX_SETJMP
- sigsetjmp(timeout_jmp, 1) == 0
-#else /* POSIX_SETJMP */
- setjmp(timeout_jmp) == 0
-#endif /* POSIX_SETJMP */
- ) {
- if (proto_proto_timeout > 0) {
-#if POSIX_SIGNALS
- s_action.sa_handler = proto_alarmclock;
- (void) sigaction(SIGALRM, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- signal(SIGALRM, proto_alarmclock);
-#endif /* POSIX_SIGNALS */
- }
- /*
- * Loop forever - or until somebody puts us out of our misery.
- */
- while (1) {
- krb5_int32 cmd_error;
- /* If this size changed, change the sprintf below */
- char err_str[1024];
- krb5_int32 cmd_repl_ncomps;
- krb5_data *cmd_repl_complist;
- int do_quit;
-
- /*
- * Read a command and figure out what to do.
- */
- if (proto_proto_timeout > 0)
- alarm((unsigned) proto_proto_timeout);
- num_args = 0;
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:waiting for command\n", my_id));
- kret = krb5_read_adm_cmd(kcontext,
- (krb5_pointer) &cl_sock,
- auth_context,
- &num_args,
- &arglist);
- if (proto_proto_timeout > 0)
- alarm(0);
- if (kret) {
- /*
- * It's OK to have connections abort here.
- */
- if (kret == ECONNABORTED) {
- com_err(programname, kret, proto_conn_abort_msg, my_id);
- kret = 0;
- }
- else if (kret == KRB5KRB_AP_ERR_BADORDER) {
- com_err(programname, kret, proto_seq_err_msg, my_id);
- kret = 0;
- }
- else
- com_err(programname, kret, proto_rd_cmd_msg, my_id);
- goto cleanup;
- }
-
- cmd_error = KRB5_ADM_SUCCESS;
- do_quit = 0;
-
- /*
- * First open the database. We only have it open for the
- * lifetime of a command so that we are sure to close it after
- * performing an update. This also reduces the likelihood
- * that somebody'll have stale data lying around since we're
- * most likely going to change something here.
- */
- if ((kret = key_open_db(kcontext))) {
- com_err(programname, kret, proto_db_open_msg, my_id);
- goto cleanup;
- }
- else
- db_opened = 1;
-
- /*
- * Now check our arguments.
- */
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:parse command\n", my_id));
- cmd_repl_ncomps = 0;
- cmd_repl_complist = (krb5_data *) NULL;
- if (num_args > 0) {
- if (!strcasecmp(arglist[0].data, KRB5_ADM_QUIT_CMD)) {
- /*
- * QUIT command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:QUIT command\n", my_id));
- /* QUIT takes no arguments */
- if (num_args == 1) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:QUIT command syntax OK\n", my_id));
- do_quit = 1;
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:QUIT command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- strcpy(err_str,
- "Bad argument list format for quit command.");
- }
- }
- else if (!strcasecmp(arglist[0].data, KRB5_ADM_CHECKPW_CMD)) {
- /*
- * CHECKPW command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHECKPW command\n", my_id));
- if (num_args == 2) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHECKPW command syntax OK\n", my_id));
- cmd_error = 0;
- err_str[0] = '\0';
-#if 0
- cmd_error = pwd_check(kcontext,
- proto_debug_level,
- auth_context,
- ticket,
- &arglist[1],
- &err_str);
-#endif
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHECKPW command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
-
- strcpy(err_str,
- "Bad argument list format for checkpw command.");
- }
- }
- else if (!strcasecmp(arglist[0].data, KRB5_ADM_CHANGEPW_CMD)) {
- /*
- * CHANGEPW command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGEPW command\n", my_id));
- if (num_args == 3) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGEPW command syntax OK\n", my_id));
- cmd_error = pwd_change(kcontext,
- proto_debug_level,
- auth_context,
- ticket,
- &arglist[1],
- &arglist[2],
- err_str,
- sizeof(err_str));
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGEPW command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- strcpy(err_str,
- "Bad argument list format for changepw command.");
- }
- }
-#if 0
-#ifdef MOTD_SUPPORTED
- else if (!strcasecmp(arglist[0].data, KRB5_ADM_MOTD_CMD)) {
- /*
- * MOTD command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MOTD command\n", my_id));
- if (num_args <= 2) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MOTD command syntax OK\n", my_id));
- printf("@@@ motd command ");
- if (num_args == 2)
- printf("context is %s", arglist[2].data);
- printf("\n");
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MOTD command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
-#endif /* MOTD_SUPPORTED */
-#ifdef MIME_SUPPORTED
- else if (!strcasecmp(arglist[0].data, KRB5_ADM_MIME_CMD)) {
- /*
- * MIME command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MIME command\n", my_id));
- if (num_args == 1) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MIME command syntax OK\n", my_id));
- mime_setting = 1;
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MIME command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
-#endif /* MIME_SUPPORTED */
-#ifdef LANGUAGES_SUPPORTED
- else if (!strcasecmp(arglist[0].data, KRB5_ADM_LANGUAGE_CMD)) {
- /*
- * LANGUAGE command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:LANGUAGE command\n", my_id));
- if (num_args == 2) {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:LANGUAGE command syntax OK\n", my_id));
- if (output_lang_supported(arglist[1].data)) {
- if (curr_lang)
- free(curr_lang);
- curr_lang = (char *)
- malloc(strlen(arglist[1].data));
- if (curr_lang)
- strcpy(curr_lang, arglist[1].data);
- }
- else
- cmd_error = KRB5_ADM_LANG_NOT_SUPPORTED;
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:LANGUAGE command syntax BAD\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
-#endif /* LANGUAGES_SUPPORTED */
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_ADD_PRINC_CMD)) {
- /*
- * ADD PRINCIPAL command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:ADD PRINCIPAL command\n", my_id));
- /* At least one argument */
- if (num_args > 1) {
- cmd_error = admin_add_principal(kcontext,
- proto_debug_level,
- ticket,
- num_args-1,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:ADD PRINCIPAL command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_DEL_PRINC_CMD)) {
- /*
- * DELETE PRINCIPAL command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:DELETE PRINCIPAL command\n", my_id));
- /* Only one argument */
- if (num_args == 2) {
- cmd_error = admin_delete_principal(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:DELETE PRINCIPAL command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_REN_PRINC_CMD)) {
- /*
- * RENAME PRINCIPAL command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:RENAME PRINCIPAL command\n", my_id));
- /* Two arguments */
- if (num_args == 3) {
- cmd_error = admin_rename_principal(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1],
- &arglist[2]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:RENAME PRINCIPAL command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_MOD_PRINC_CMD)) {
- /*
- * MODIFY PRINCIPAL command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MODIFY PRINCIPAL command\n", my_id));
- /* At least one argument */
- if (num_args > 1) {
- cmd_error = admin_modify_principal(kcontext,
- proto_debug_level,
- ticket,
- num_args-1,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:MODIFY PRINCIPAL command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_CHG_OPW_CMD)) {
- /*
- * CHANGE OTHER'S PASSWORD command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGE OTHER'S PASSWORD command\n", my_id));
- /* Two arguments */
- if (num_args == 3) {
- cmd_error = admin_change_opwd(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1],
- &arglist[2]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGE OTHER'S PASSWORD command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_CHG_ORPW_CMD)) {
- /*
- * CHANGE OTHER'S RANDOM PASSWORD command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGE OTHER'S RANDOM PASSWORD command\n", my_id));
- /* One argument */
- if (num_args == 2) {
- cmd_error = admin_change_orandpwd(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:CHANGE OTHER'S RANDOM PASSWORD command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_INQ_PRINC_CMD)) {
- /*
- * INQUIRE PRINCIPAL command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:INQUIRE PRINCIPAL command\n", my_id));
- /* One argument */
- if (num_args == 2) {
- cmd_error = admin_inquire(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1],
- &cmd_repl_ncomps,
- &cmd_repl_complist);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:INQUIRE PRINCIPAL command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_EXT_KEY_CMD)) {
- /*
- * EXTRACT KEY command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:EXTRACT KEY command\n", my_id));
- /* Two arguments */
- if (num_args == 3) {
- cmd_error = admin_extract_key(kcontext,
- proto_debug_level,
- ticket,
- &arglist[1],
- &arglist[2],
- &cmd_repl_ncomps,
- &cmd_repl_complist);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:EXTRACT KEY command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_ADD_KEY_CMD)) {
- /*
- * ADD KEY command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:ADD KEY command\n", my_id));
- /* Must have at least three arguments */
- if (num_args > 3) {
- cmd_error = admin_add_key(kcontext,
- proto_debug_level,
- ticket,
- num_args-1,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:ADD KEY command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
- else if (!strcasecmp(arglist[0].data,
- KRB5_ADM_DEL_KEY_CMD)) {
- /*
- * DELETE KEY command handling here.
- */
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:DELETE KEY command\n", my_id));
- /* At least three arguments */
- if (num_args > 3) {
- cmd_error = admin_delete_key(kcontext,
- proto_debug_level,
- ticket,
- num_args-1,
- &arglist[1]);
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:DELETE KEY command syntax BAD\n",
- my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- err_aux = KADM_BAD_ARGS;
- }
- }
-#endif /* 0 */
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:UNKNOWN command %s\n", my_id,
- arglist[0].data));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- sprintf(err_str, "Command %-.900s not supported", arglist[0].data); /* XXX Knows size of err_str. */
- }
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level,
- ("> %d:NO command!\n", my_id));
- cmd_error = KRB5_ADM_CMD_UNKNOWN;
- strcpy(err_str, "No command in message.");
- }
-
- /*
- * Close the database.
- */
- if ((kret = key_close_db(kcontext))) {
- com_err(programname, kret, proto_db_close_msg, my_id);
- goto cleanup;
- }
- else
- db_opened = 0;
-
- /*
- * Now make the reply.
- */
- DPRINT(DEBUG_PROTO, proto_debug_level,
- ("= %d:sending reply(stat=%d)\n", my_id, cmd_error));
- if (cmd_error == KRB5_ADM_SUCCESS) {
- kret = krb5_send_adm_reply(kcontext,
- (krb5_pointer) &cl_sock,
- auth_context,
- cmd_error,
- cmd_repl_ncomps,
- cmd_repl_complist);
- if (kret) {
- com_err(programname, kret, proto_wr_reply_msg, my_id);
- goto cleanup;
- }
- }
- else {
- krb5_data reply_comps;
-
- reply_comps.data = err_str;
- reply_comps.length = strlen(err_str);
- kret = krb5_send_adm_reply(kcontext,
- (krb5_pointer) &cl_sock,
- auth_context,
- cmd_error,
- 1,
- &reply_comps);
- if (kret) {
- com_err(programname, kret, proto_wr_reply_msg, my_id);
- goto cleanup;
- }
- }
- if (cmd_repl_ncomps > 0)
- krb5_free_adm_data(kcontext,
- cmd_repl_ncomps,
- cmd_repl_complist);
-
- if (do_quit)
- break;
- krb5_free_adm_data(kcontext, num_args, arglist);
- }
- }
- else {
- DPRINT(DEBUG_REQUESTS, proto_debug_level, ("connection timed out"));
- }
-
-
- err_reply:
- if (kret) {
- krb5_error_code er_kret;
- krb5_error errbuf;
- char *errmsg;
- krb5_data errout;
-
- memset((char *) &errbuf, 0, sizeof(errbuf));
- krb5_us_timeofday(kcontext, &errbuf.stime, &errbuf.susec);
- errbuf.server = net_server_princ();
- errbuf.error = kret - ERROR_TABLE_BASE_krb5;
- if (errbuf.error > 127)
- errbuf.error = KRB5KRB_ERR_GENERIC;
- /* Format the error message in our language */
- errmsg = strdup(error_message(kret));
- errbuf.text.length = strlen(errmsg);
- errbuf.text.data = errmsg;
- er_kret = krb5_mk_error(kcontext, &errbuf, &errout);
- if (!er_kret)
- krb5_write_message(kcontext, (krb5_pointer) &cl_sock, &errout);
- if(errmsg) free(errmsg);
- free(errbuf.text.data);
- krb5_free_data_contents(kcontext, &errout);
- }
-
- cleanup:
- /* If the alarm was set, make sure it's cancelled */
- if (proto_proto_timeout > 0)
- alarm(0);
- if (ticket)
- krb5_free_ticket(kcontext, ticket);
- /*
- * Don't need to close the replay cache because it's attached to the
- * auth context.
- */
- if (auth_context)
- krb5_auth_con_free(kcontext, auth_context);
- if (curr_lang)
- free(curr_lang);
- if (num_args)
- krb5_free_adm_data(kcontext, num_args, arglist);
- if (in_data.data)
- krb5_free_data_contents(kcontext, &in_data);
- if (out_data.data)
- krb5_free_data_contents(kcontext, &out_data);
- if (local && local->contents)
- free(local->contents);
- if (remote && remote->contents)
- free(remote->contents);
- if (local)
- free(local);
- if (remote)
- free(remote);
- if (db_opened)
- key_close_db(kcontext);
- close(cl_sock);
-
- DPRINT(DEBUG_CALLS, proto_debug_level, ("X proto_serv() = %d\n", kret));
- return(kret);
-}
diff --git a/src/kadmin/v5passwdd/srv_net.c b/src/kadmin/v5passwdd/srv_net.c
deleted file mode 100644
index cae81fcf3..000000000
--- a/src/kadmin/v5passwdd/srv_net.c
+++ /dev/null
@@ -1,867 +0,0 @@
-/*
- * kadmin/v5server/srv_net.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * srv_net.c - handle networking functions of the administrative server.
- */
-#include <errno.h>
-#include <setjmp.h>
-#include <sys/wait.h>
-#include <signal.h>
-#ifdef USE_PTHREADS
-#include <pthread.h>
-#endif /* USE_PTHREADS */
-
-#define NEED_SOCKETS
-#include "k5-int.h"
-#include "com_err.h"
-#include "kadm5_defs.h"
-#include "adm.h"
-
-#if HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-/* linux doesn't have SOMAXCONN */
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
-/*
- * This module can use the pthreads library. To do so, define USE_PTHREADS.
- * You'll need to find out what else pthreads requires (e.g. -lmach -lc_r
- * under OSF/1).
- */
-#ifdef USE_PTHREADS
-#define net_slave_type pthread_t *
-#ifndef MAX_SLAVES
-#define MAX_SLAVES 2*SOMAXCONN
-#endif /* MAX_SLAVES */
-#else /* USE_PTHREADS */
-#define net_slave_type pid_t
-#ifndef MAX_SLAVES
-#define MAX_SLAVES 2*SOMAXCONN
-#endif /* MAX_SLAVES */
-#endif /* USE_PTHREADS */
-#define NET_SLAVE_FULL_SLEEP 2 /* seconds */
-
-/*
- * Slave information storage.
- */
-typedef struct _net_slave_info {
- int sl_inuse;
- net_slave_type sl_id;
- krb5_context sl_context;
- int sl_socket;
- struct sockaddr_in sl_local_addr; /* local address */
- struct sockaddr_in sl_remote_addr; /* remote address */
-} net_slave_info;
-
-/*
- * Error messages.
- */
-#define net_waiterr_msg "\004child wait failed - cannot reap children"
-#if 0
-#define net_def_realm_fmt "%s: cannot get default realm (%s).\n"
-#endif
-#define net_no_mem_fmt "%s: cannot get memory.\n"
-#define net_parse_srv_fmt "%s: cannot parse server name %s (%s).\n"
-#define net_no_hostname_fmt "%s: cannot get our host name (%s).\n"
-#define net_no_hostent_fmt "%s: cannot get our host entry (%s).\n"
-#define net_no_servent_fmt "%s: cannot get service entry for %s (%s).\n"
-#define net_sockerr_fmt "%s: cannot open network socket (%s).\n"
-#define net_soerr_fmt "%s: cannot set socket options (%s).\n"
-#define net_binderr_fmt "%s: cannot bind to network address (%s).\n"
-
-#define net_select_fmt "\004select failed"
-#define net_cl_disp_fmt "\004client dispatch failed"
-#define net_not_ready_fmt "\004select error - no socket to read"
-#define net_dispatch_msg "network dispatch"
-
-#ifdef DEBUG
-static int net_debug_level = 0;
-#endif
-
-static char *net_service_name = (char *) NULL;
-static int net_service_princ_init = 0;
-static krb5_principal net_service_principal = (krb5_principal) NULL;
-#if 0
-static int net_server_addr_init = 0;
-#endif
-static struct sockaddr_in net_server_addr;
-static int net_listen_socket = -1;
-static int net_max_slaves = 0;
-static net_slave_info *net_slave_table = (net_slave_info *) NULL;
-
-#if POSIX_SETJMP
-static sigjmp_buf shutdown_jmp;
-#else /* POSIX_SETJMP */
-static jmp_buf shutdown_jmp;
-#endif /* POSIX_SETJMP */
-
-extern char *programname;
-
-/*
- * net_find_free_entry() - Find a free entry in the slave table.
- */
-static net_slave_info *
-net_find_free_entry()
-{
- int i, found;
-
- /* Find a table entry */
- while (1) {
- found = 0;
- for (i=0; i<net_max_slaves; i++) {
- if (!net_slave_table[i].sl_inuse) {
- net_slave_table[i].sl_inuse = 1;
- found = 1;
- break;
- }
- }
- if (found)
- break;
- sleep(NET_SLAVE_FULL_SLEEP);
- }
- return(&net_slave_table[i]);
-}
-
-/*
- * net_find_slave() - Find a slave entry by its identity.
- */
-static net_slave_info *
-net_find_slave(id)
- net_slave_type id;
-{
- int i, found = 0;
-
- for (i=0; i<net_max_slaves; i++) {
- if (net_slave_table[i].sl_inuse &&
- (net_slave_table[i].sl_id == id)) {
- found = 1;
- break;
- }
- }
- if (found)
- return(&net_slave_table[i]);
- else
- return((net_slave_info *) NULL);
-}
-
-/*
- * net_free_slave_entry() - Mark an entry as free.
- */
-static void
-net_free_slave_entry(entp)
- net_slave_info *entp;
-{
- entp->sl_inuse = 0;
-}
-
-/*
- * net_shutdown() - Destroy all slaves on signal reception
- */
-static krb5_sigtype
-net_shutdown(signo)
- int signo;
-{
- int i;
-
- /* Loop through all slaves */
- for (i=0; i<net_max_slaves; i++) {
- if (net_slave_table[i].sl_inuse){
-#ifdef DEBUG
- /* If not us (see net_dispatch_client) */
- if (net_slave_table[i].sl_id != (net_slave_type) getpid()) {
-#endif /* DEBUG */
-#if USE_PTHREADS
- pthread_cancel(*net_slave_table[i].sl_id);
-#else /* USE_PTHREADS */
- kill(net_slave_table[i].sl_id, SIGKILL);
-#endif /* USE_PTHREADS */
-#ifdef DEBUG
- }
-#endif /* DEBUG */
- }
- }
- sleep(5); /* to allow children to die and be reaped */
-#if POSIX_SETJMP
- siglongjmp(shutdown_jmp, 1);
-#else /* POSIX_SETJMP */
- longjmp(shutdown_jmp, 1);
-#endif /* POSIX_SETJMP */
- /* NOTREACHED */
-}
-
-#if !USE_PTHREADS
-/*
- * net_reaper() - Child process termination handler.
- */
-static krb5_sigtype
-net_reaper(signo)
- int signo;
-{
-#ifdef WAIT_USES_INT
- int child_exit;
-#else /* WAIT_USES_INT */
- union wait child_exit;
-#endif /* WAIT_USES_INT */
- pid_t deadmeat;
- net_slave_info *slent;
-
- /* Reap everybody we can */
- while (
- (
-#ifdef HAVE_WAITPID
- deadmeat = waitpid((pid_t) -1, &child_exit, WNOHANG)
-#else /* HAVE_WAITPID */
- deadmeat = wait3(&child_exit, WNOHANG, (struct rusage *) NULL)
-#endif /* HAVE_WAITPID */
- ) > 0) {
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| process %d finished with %d\n", deadmeat, child_exit));
- slent = net_find_slave(deadmeat);
- if (slent) {
- net_free_slave_entry(slent);
- }
- else {
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| cannot find slave entry for %d\n", deadmeat));
- }
- }
- if ((deadmeat == -1) && (errno != ECHILD))
- com_err(programname, errno, net_waiterr_msg);
-}
-#endif /* USE_PTHREADS */
-
-#if USE_PTHREADS
-/*
- * net_slave_proto() - pthread main routine.
- */
-static krb5_error_code
-net_slave_proto(stent)
- net_slave_info *stent;
-{
- krb5_error_code kret;
-
- DPRINT(DEBUG_CALLS, net_debug_level,
- ("* net_slave_proto()\n"));
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| thread %d starting\n", stent->sl_id));
- kret = proto_serv(stent->sl_context,
- (krb5_int32) stent->sl_id,
- stent->sl_socket,
- &stent->sl_local_addr,
- &stent->sl_remote_addr);
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| thread %d finished with %d\n", stent->sl_id, kret));
- DPRINT(DEBUG_CALLS, net_debug_level,
- ("* net_slave_proto() = %d\n", kret));
- net_free_slave_entry(stent);
- return(kret);
-}
-#endif /* USE_PTHREADS */
-
-/*
- * net_dispatch_client() - Handle client dispatch.
- */
-static krb5_error_code
-net_dispatch_client(kcontext, listen_sock, conn_sock, client_addr)
- krb5_context kcontext;
- int listen_sock;
- int conn_sock;
- struct sockaddr_in *client_addr;
-{
- krb5_error_code kret;
- net_slave_info *slent;
-
- DPRINT(DEBUG_CALLS, net_debug_level,
- ("* net_dispatch_client(listen=%d)\n", listen_sock));
- kret = 0;
-
- /* Find a free entry */
- slent = net_find_free_entry();
-
- /* Initialize the slave entry */
- slent->sl_context = kcontext;
- slent->sl_socket = conn_sock;
- memcpy((char *) &slent->sl_remote_addr,
- (char *) client_addr,
- sizeof(struct sockaddr_in));
- memcpy((char *) &slent->sl_local_addr,
- (char *) &net_server_addr,
- sizeof(struct sockaddr_in));
-
-#ifdef DEBUG
- if ((net_debug_level & DEBUG_NOSLAVES) == 0) {
-#endif /* DEBUG */
- /* Do a real slave creation */
-#if USE_PTHREADS
- if (!slent->sl_id)
- slent->sl_id = (pthread_t *) malloc(sizeof(pthread_t));
- if (slent->sl_id == (pthread_t *) NULL) {
- kret = ENOMEM;
- goto done;
- }
- if (kret = pthread_create(slent->sl_id,
- pthread_attr_default,
- (pthread_startroutine_t) net_slave_proto,
- (pthread_addr_t) slent)) {
- kret = errno;
- goto done;
- }
- if (pthread_detach(slent->sl_id)) {
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| (%d) child thread %d detach failed (%d)\n",
- getpid(), slent->sl_id, errno));
- }
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| (%d) created child thread %d\n",
- getpid(), slent->sl_id));
-#else /* USE_PTHREADS */
- slent->sl_id = fork();
- if (slent->sl_id < 0) {
- kret = errno;
- slent->sl_inuse = 0;
- goto done;
- }
-
- if (slent->sl_id > 0) {
- /* parent */
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| (%d) created child process %d\n",
- getpid(), slent->sl_id));
- close(conn_sock);
- kret = 0;
- goto done;
- }
- else {
-#if POSIX_SIGNALS
- struct sigaction s_action;
-#endif /* POSIX_SIGNALS */
-
- /* child */
-#if POSIX_SIGNALS
- (void) sigemptyset(&s_action.sa_mask);
- s_action.sa_flags = 0;
- /* Ignore SIGINT, SIGTERM, SIGHUP, SIGQUIT and SIGPIPE */
- s_action.sa_handler = SIG_IGN;
- (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL);
- (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
- /* Restore to default SIGCHLD */
- s_action.sa_handler = SIG_DFL;
- (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- signal(SIGINT, SIG_IGN); /* Ignore SIGINT */
- signal(SIGTERM, SIG_IGN); /* Ignore SIGTERM */
- signal(SIGHUP, SIG_IGN); /* Ignore SIGHUP */
- signal(SIGQUIT, SIG_IGN); /* Ignore SIGQUIT */
- signal(SIGPIPE, SIG_IGN); /* Ignore SIGPIPE */
- signal(SIGCHLD, SIG_DFL); /* restore SIGCHLD handling */
-#endif /* POSIX_SIGNALS */
- close(listen_sock);
- slent->sl_id = getpid();
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| process %d starting\n", slent->sl_id));
- kret = proto_serv(slent->sl_context,
- (krb5_int32) slent->sl_id,
- slent->sl_socket,
- &slent->sl_local_addr,
- &slent->sl_remote_addr);
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| process %d exiting with %d\n", getpid(), kret));
- exit(kret);
- }
-#endif /* USE_PTHREADS */
-#ifdef DEBUG
- }
- else {
- net_slave_info *sl1;
-#if POSIX_SIGNALS
- struct sigaction s_action;
-#endif /* POSIX_SIGNALS */
-
- /*
- * Ignore SIGPIPE.
- */
-#if POSIX_SIGNALS
- (void) sigemptyset(&s_action.sa_mask);
- s_action.sa_flags = 0;
- s_action.sa_handler = SIG_IGN;
- (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- signal(SIGPIPE, SIG_IGN); /* Ignore SIGPIPE */
-#endif /* POSIX_SIGNALS */
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| (%d) not doing child creation\n", getpid()));
- slent->sl_id = (net_slave_type) getpid();
- kret = proto_serv(slent->sl_context,
- (krb5_int32) slent->sl_id,
- slent->sl_socket,
- &slent->sl_local_addr,
- &slent->sl_remote_addr);
- sl1 = net_find_slave(slent->sl_id);
- if (sl1)
- net_free_slave_entry(sl1);
- DPRINT(DEBUG_SPROC, net_debug_level,
- ("| (%d) returned with %d\n", getpid(), kret));
- kret = 0;
- }
-#endif /* DEBUG */
- done:
- DPRINT(DEBUG_CALLS, net_debug_level,
- ("X net_dispatch_client() = %d\n", kret));
- return(kret);
-}
-
-/*
- * net_init() - Initialize network context.
- */
-krb5_error_code
-net_init(kcontext, realm, debug_level, port)
- krb5_context kcontext;
- char * realm;
- int debug_level;
- krb5_int32 port;
-{
- krb5_error_code kret;
- char our_host_name[MAXHOSTNAMELEN];
- struct hostent *our_hostent;
- struct servent *our_servent;
-
-#ifdef DEBUG
- net_debug_level = debug_level;
-#endif
- DPRINT(DEBUG_CALLS, net_debug_level, ("* net_init(port=%d)\n", port));
-
- /* Allocate the slave table */
- net_slave_table = (net_slave_info *)
- malloc((size_t) (MAX_SLAVES * sizeof(net_slave_info)));
- /* Make our service name */
- net_service_name = (char *) malloc(strlen(realm) +
- strlen(KRB5_ADM_SERVICE_INSTANCE) + 2);
- if ((net_service_name == (char *) NULL) ||
- (net_slave_table == (net_slave_info *) NULL)) {
- kret = ENOMEM;
- fprintf(stderr, net_no_mem_fmt, programname);
- goto done;
- }
- (void) sprintf(net_service_name, "%s%s%s",
- KRB5_ADM_SERVICE_INSTANCE, "/", realm);
- memset((char *) net_slave_table, 0,
- (size_t) (MAX_SLAVES * sizeof(net_slave_info)));
- net_max_slaves = MAX_SLAVES;
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- name of service is %s\n", net_service_name));
-
- /* Now formulate the principal name */
- kret = krb5_parse_name(kcontext, net_service_name, &net_service_principal);
- if (kret) {
- fprintf(stderr, net_parse_srv_fmt, programname, net_service_name,
- error_message(kret));
- goto done;
- }
- net_service_princ_init = 1;
-
-#ifdef HAVE_NETINET_IN_H
- /* Now get our host name/entry */
- if (gethostname(our_host_name, sizeof(our_host_name))) {
- kret = errno;
- fprintf(stderr, net_no_hostname_fmt, programname, error_message(kret));
- goto done;
- }
- if (!(our_hostent = gethostbyname(our_host_name))) {
- kret = KRB5_ERR_BAD_HOSTNAME; /* perhaps put h_errno in the msg */
- fprintf(stderr, net_no_hostent_fmt, programname, error_message(kret));
- goto done;
- }
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- name of host is %s\n", our_hostent->h_name));
-
- /* Now initialize our network address */
- net_server_addr.sin_family = AF_INET;
- memcpy((char *) &net_server_addr.sin_addr,
- (char *) our_hostent->h_addr,
- sizeof(net_server_addr.sin_addr));
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- address of host is %x\n",
- ntohl(net_server_addr.sin_addr.s_addr)));
-
- /*
- * Fill in the port address.
- * If the port is supplied by the invoker, then use that one.
- * If not, then try the profile, and if all fails, then use the service
- * entry.
- */
- if (port > 0) {
- net_server_addr.sin_port = htons(port);
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- service name (%s) is on port %d from options\n",
- KRB5_ADM_SERVICE_NAME,
- ntohs(net_server_addr.sin_port)));
- }
- else {
- char **admin_hostlist;
- const char *realm_admin_names[4]; /* XXX */
- krb5_boolean found;
-
- /*
- * Try to get the service entry out of the profile.
- */
- admin_hostlist = (char **) NULL;
- realm_admin_names[0] = "realms";
- realm_admin_names[1] = realm;
- realm_admin_names[2] = "admin_server";
- realm_admin_names[3] = (char *) NULL;
- found = 0;
-#ifndef OLD_CONFIG_FILES
- if (!(kret = profile_get_values(kcontext->profile,
- realm_admin_names,
- &admin_hostlist))) {
- int hi;
- char *cport;
- char *cp;
- krb5_int32 pport;
- int ai;
-
- cport = (char *) NULL;
- pport = KRB5_ADM_DEFAULT_PORT;
- for (hi=0; admin_hostlist[hi]; hi++) {
- /*
- * This knows a little too much about the format of profile
- * entries. Shouldn't it just be some sort of tuple?
- *
- * The form is assumed to be:
- * admin_server = <hostname>[:<portname>[<whitespace>]]
- */
- cp = strchr(admin_hostlist[hi], ' ');
- if (cp)
- *cp = '\0';
- cp = strchr(admin_hostlist[hi], '\t');
- if (cp)
- *cp = '\0';
- cport = strchr(admin_hostlist[hi], ':');
- if (cport) {
- *cport = '\0';
- cport++;
- if (sscanf(cport, "%d", &pport) != 1) {
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- profile entry for %s has bad port %s\n",
- admin_hostlist[hi],
- cport));
- pport = KRB5_ADM_DEFAULT_PORT;
- }
- }
- /*
- * We've stripped away the crud. Now check to see if the
- * profile entry matches our hostname. If so, then this
- * is the one to use. Additionally, check the host alias
- * list.
- */
- if (!strcmp(admin_hostlist[hi], our_hostent->h_name)) {
- net_server_addr.sin_port = ntohs((u_short) pport);
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- service name (%s) is on port %d from profile\n",
- KRB5_ADM_SERVICE_NAME,
- pport));
- found = 1;
- }
- else {
- for (ai=0; our_hostent->h_aliases[ai]; ai++) {
- if (!strcmp(admin_hostlist[hi],
- our_hostent->h_aliases[ai])) {
- net_server_addr.sin_port = ntohs(pport);
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- service name (%s) is on port %d from profile and alias\n",
- KRB5_ADM_SERVICE_NAME,
- pport));
- found = 1;
- break;
- }
- }
- }
- }
- krb5_xfree(admin_hostlist);
- }
-#endif /* OLD_CONFIG_FILES */
-
- /*
- * If we didn't find an entry in the profile, then as a last gasp
- * effort, attempt to find it in /etc/services.
- */
- if (!found) {
- /* Get the service entry out of /etc/services */
- if (!(our_servent = getservbyname(KRB5_ADM_SERVICE_NAME, "tcp"))) {
- kret = errno;
- fprintf(stderr, net_no_servent_fmt, programname,
- KRB5_ADM_SERVICE_NAME, error_message(kret));
- goto done;
- }
- net_server_addr.sin_port = our_servent->s_port;
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- service name (%s) is on port %d from services\n",
- our_servent->s_name,
- ntohs(our_servent->s_port)));
- }
- }
-#if 0
- net_server_addr_init = 1;
-#endif
-
- /* Now open the listen socket */
- net_listen_socket = socket(AF_INET, SOCK_STREAM, 0);
- if (net_listen_socket < 0) {
- kret = errno;
- fprintf(stderr, net_sockerr_fmt, programname, error_message(kret));
- goto done;
- }
-
- /* If we have a non-default port number, then allow reuse of address */
- if (net_server_addr.sin_port != htons(KRB5_ADM_DEFAULT_PORT)) {
- int allowed;
-
- allowed = 1;
- if (setsockopt(net_listen_socket,
- SOL_SOCKET,
- SO_REUSEADDR,
- (char *) &allowed,
- sizeof(allowed)) < 0) {
- kret = errno;
- fprintf(stderr, net_soerr_fmt, programname, error_message(kret));
- goto done;
- }
- }
-
- /* Bind socket */
- if (bind(net_listen_socket,
- (struct sockaddr *) &net_server_addr,
- sizeof(net_server_addr)) < 0) {
- kret = errno;
- fprintf(stderr, net_binderr_fmt, programname, error_message(kret));
- goto done;
- }
- else {
- DPRINT(DEBUG_HOST, net_debug_level,
- ("- bound socket %d on port\n", net_listen_socket));
- kret = 0;
- }
-#else /* HAVE_NETINET_IN_H */
- /* Don't know how to do anything else. */
- kret = ENOENT;
-#endif /* HAVE_NETINET_IN_H */
-
- done:
- DPRINT(DEBUG_CALLS, net_debug_level, ("X net_init() = %d\n", kret));
- return(kret);
-}
-
-/*
- * net_finish() - Finish network context.
- */
-void
-net_finish(kcontext, debug_level)
- krb5_context kcontext;
- int debug_level;
-{
- DPRINT(DEBUG_CALLS, net_debug_level, ("* net_finish()\n"));
- if (net_max_slaves) {
- net_max_slaves = 0;
- free(net_slave_table);
- }
- if (net_listen_socket >= 0)
- close(net_listen_socket);
- if (net_service_princ_init)
- krb5_free_principal(kcontext, net_service_principal);
- if (net_service_name)
- free(net_service_name);
- DPRINT(DEBUG_CALLS, net_debug_level, ("X net_finish()\n"));
-}
-
-/*
- * net_dispatch() - Listen and dispatch request.
- *
- * Loop forever selecting on the listen socket. When an incoming connection
- * comes in, dispatch to net_client_connect().
- */
-krb5_error_code
-net_dispatch(kcontext, detached)
- krb5_context kcontext;
- int detached;
-{
- volatile krb5_error_code kret;
- fd_set mask, readfds;
- int nready;
-#if POSIX_SIGNALS
- struct sigaction s_action;
-#endif /* POSIX_SIGNALS */
-
- DPRINT(DEBUG_CALLS, net_debug_level, ("* net_dispatch()\n"));
-
- kret = 0;
-
- /* Set up the fdset mask */
- FD_ZERO(&mask);
- FD_SET(net_listen_socket, &mask);
-
-#if POSIX_SIGNALS
- (void) sigemptyset(&s_action.sa_mask);
- s_action.sa_flags = 0;
- s_action.sa_handler = net_shutdown;
- (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
-#ifdef DEBUG
- (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
-#endif /* DEBUG */
- if (!detached)
- (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- /*
- * SIGTERM (or SIGINT, if debug, or SIGHUP if not detached) shuts us down.
- */
- signal(SIGTERM, net_shutdown);
-#ifdef DEBUG
- signal(SIGINT, net_shutdown);
-#endif /* DEBUG */
- if (!detached)
- signal(SIGHUP, net_shutdown);
-#endif /* POSIX_SIGNALS */
-
-#if !USE_PTHREADS
-#if POSIX_SIGNALS
- s_action.sa_handler = net_reaper;
- (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
-#else /* POSIX_SIGNALS */
- /*
- * SIGCHILD indicates end of child process life.
- */
- signal(SIGCHLD, net_reaper);
-#endif /* POSIX_SIGNALS */
-#endif /* !USE_PTHREADS */
-
- /* Receive connections on the socket */
- DPRINT(DEBUG_OPERATION, net_debug_level, ("+ listening on socket\n"));
- if (
-#if POSIX_SETJMP
- sigsetjmp(shutdown_jmp, 1) == 0
-#else /* POSIX_SETJMP */
- setjmp(shutdown_jmp) == 0
-#endif /* POSIX_SETJMP */
- ) {
- if (listen(net_listen_socket, SOMAXCONN) < 0)
- kret = errno;
- }
- else
- kret = EINTR;
- DPRINT(DEBUG_OPERATION, net_debug_level, ("+ listen done\n"));
-
- while (kret == 0) {
- /*
- * Prepare to catch signals.
- */
- if (
-#if POSIX_SETJMP
- sigsetjmp(shutdown_jmp, 1) == 0
-#else /* POSIX_SETJMP */
- setjmp(shutdown_jmp) == 0
-#endif /* POSIX_SETJMP */
- ) {
- readfds = mask;
- DPRINT(DEBUG_OPERATION, net_debug_level, ("+ doing select\n"));
- if ((nready = select(net_listen_socket+1,
- &readfds,
- (fd_set *) NULL,
- (fd_set *) NULL,
- (struct timeval *) NULL)) == 0) {
- DPRINT(DEBUG_OPERATION, net_debug_level, ("+ nobody ready\n"));
- continue; /* Nobody ready */
- }
-
- if ((nready < 0) && (errno != EINTR)) {
- com_err(net_dispatch_msg, errno, net_select_fmt);
- continue;
- }
-
- if (FD_ISSET(net_listen_socket, &readfds)) {
- struct sockaddr_in client_addr;
- int addrlen;
- int conn_sock;
-
- addrlen = sizeof(client_addr);
- DPRINT(DEBUG_OPERATION, net_debug_level,
- ("+ accept connection\n"));
- while (((conn_sock = accept(net_listen_socket,
- (struct sockaddr *) &client_addr,
- &addrlen)) < 0) &&
- (errno == EINTR));
-
- if (conn_sock < 0) {
- kret = errno;
- break;
- }
- DPRINT(DEBUG_OPERATION, net_debug_level,
- ("+ accepted connection\n"));
- kret = net_dispatch_client(kcontext,
- net_listen_socket,
- conn_sock,
- &client_addr);
- if (kret) {
- com_err(net_dispatch_msg, kret, net_cl_disp_fmt);
- continue;
- }
- DPRINT(DEBUG_OPERATION, net_debug_level,
- ("+ dispatch done\n"));
- }
- else {
- com_err(net_dispatch_msg, 0, net_not_ready_fmt);
- kret = EIO;
- }
- }
- else {
- DPRINT(DEBUG_OPERATION, net_debug_level,
- ("+ dispatch interrupted by SIGTERM\n"));
- kret = 0;
- break;
- }
- }
-
- DPRINT(DEBUG_CALLS, net_debug_level, ("X net_dispatch() = %d\n", kret));
- return(kret);
-}
-
-/*
- * Return our service principal.
- */
-krb5_principal
-net_server_princ()
-{
- if (net_service_princ_init)
- return(net_service_principal);
- else
- return((krb5_principal) NULL);
-}
diff --git a/src/kadmin/v5passwdd/v5passwd.M b/src/kadmin/v5passwdd/v5passwd.M
deleted file mode 100644
index bdea7784f..000000000
--- a/src/kadmin/v5passwdd/v5passwd.M
+++ /dev/null
@@ -1,65 +0,0 @@
-.\" kadmin/v5passwdd/v5passwd.M
-.\"
-.\" Copyright 1995 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\"
-.\"
-.TH V5PASSWD 1
-.SH NAME
-v5passwd \- change a user's Kerberos password
-.SH SYNOPSIS
-.B v5passwd
-[
-.B \-u
-.IR username[/instance][@realm]
-]
-.SH DESCRIPTION
-The
-.I v5passwd
-command is used to change a Kerberos principal's password using the
-older administrative protocol.
-
-If the
-.I \-u
-option is specified, a partially or fully qualified Kerberos principal may
-be supplied. Otherwise, the principal name is derived from the identity
-of the user invoking the
-.I v5passwd
-command.
-
-.PP
-The
-.I v5passwd
-command prompts for the current Kerberos password, which is verified by the
-Kerberos server. If the old password is correct, the user is prompted twice
-for the new password. Success or failure is indicated by messages printed
-out by
-.I v5passwd.
-
-
-.SH FILES
-.TP 2i
-/tmp/tkt_kpw_[uid]
-the temporary credentials cache ([uid] is the decimal UID of the user) for
-the lifetime of the password changing operation.
-.SH SEE ALSO
-kadmin(8), kadmind(8), v5passwdd(8)
-.SH BUGS
generated by cgit (git 2.34.1) at 2026-03-01 23:28:48 +0000