diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2004-08-20 18:45:30 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2004-08-20 18:45:30 +0000 |
| commit | 4d2d74fe1044368725b0e594c2690d1d642d4158 (patch) | |
| tree | e9ced5b302d8c7ad49f7309055b985e79fc88e49 /src | |
| parent | 34ce676f89fb1554ced2a6e83551cbda082012e6 (diff) | |
| download | krb5-4d2d74fe1044368725b0e594c2690d1d642d4158.tar.gz krb5-4d2d74fe1044368725b0e594c2690d1d642d4158.tar.xz krb5-4d2d74fe1044368725b0e594c2690d1d642d4158.zip | |
renamed acl_* functions to kadm5int_acl_*
ticket: 2674
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16673 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kadmin/server/ChangeLog | 5 | ||||
| -rw-r--r-- | src/kadmin/server/ovsec_kadmd.c | 4 | ||||
| -rw-r--r-- | src/kadmin/server/server_stubs.c | 46 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/ChangeLog | 4 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_acl.c | 106 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_acl.h | 12 |
6 files changed, 93 insertions, 84 deletions
diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 69faee85c..5b5464565 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,8 @@ +2004-08-20 Alexandra Ellwood <lxs@mit.edu> + + * ovsec_kadmd.c (main), server_stubs.c (*): + renamed acl_* functions to kadm5int_acl_* + 2004-06-26 Tom Yu <tlyu@mit.edu> * ovsec_kadmd.c (log_badverf): Fix a missed rpc_u_int32. diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index e4ae5377a..a880360e3 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -580,7 +580,7 @@ kterr: exit(1); } - if ((ret = acl_init(context, 0, params.acl_file))) { + if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) { krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", error_message(ret)); fprintf(stderr, "%s: Cannot initialize acl file: %s\n", @@ -611,7 +611,7 @@ kterr: svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); close(s); - acl_finish(context, 0); + kadm5int_acl_finish(context, 0); if(gss_changepw_name) { (void) gss_release_name(&OMret, &gss_changepw_name); } diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 62e5daac7..579498fc1 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -269,9 +269,9 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD, + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) - || acl_impose_restrictions(handle->context, + || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", @@ -326,9 +326,9 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqst2name(rqstp), ACL_ADD, + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) - || acl_impose_restrictions(handle->context, + || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", @@ -385,7 +385,7 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { ret.code = KADM5_AUTH_DELETE; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", @@ -436,9 +436,9 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) } if (CHANGEPW_SERVICE(rqstp) - || !acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, + || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->rec.principal, &rp) - || acl_impose_restrictions(handle->context, + || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_MODIFY; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", @@ -496,11 +496,11 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { - if (!acl_check(handle->context, rqst2name(rqstp), + if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->src, NULL)) ret.code = KADM5_AUTH_DELETE; /* any restrictions at all on the ADD kills the RENAME */ - if (!acl_check(handle->context, rqst2name(rqstp), + if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->dest, &rp) || rp) { if (ret.code == KADM5_AUTH_DELETE) ret.code = KADM5_AUTH_INSUFFICIENT; @@ -566,7 +566,7 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && - (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, arg->princ, @@ -632,7 +632,7 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) if (prime_arg == NULL) prime_arg = "*"; - if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_LIST, NULL, @@ -692,7 +692,7 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, FALSE, 0, NULL, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_chpass_principal((void *)handle, arg->princ, arg->pass); @@ -756,7 +756,7 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, arg->keepold, @@ -817,7 +817,7 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); @@ -875,7 +875,7 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); @@ -933,7 +933,7 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) } if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, arg->keepold, @@ -1003,7 +1003,7 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, FALSE, 0, NULL, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_randkey_principal((void *)handle, arg->princ, &k, &nkeys); @@ -1082,7 +1082,7 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && - acl_check(handle->context, rqst2name(rqstp), + kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ, arg->keepold, @@ -1148,7 +1148,7 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) } prime_arg = arg->rec.policy; - if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; @@ -1199,7 +1199,7 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) } prime_arg = arg->name; - if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", @@ -1248,7 +1248,7 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) } prime_arg = arg->rec.policy; - if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, NULL, NULL)) { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", @@ -1305,7 +1305,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) prime_arg = arg->name; ret.code = KADM5_AUTH_GET; - if (!CHANGEPW_SERVICE(rqstp) && acl_check(handle->context, + if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, NULL, NULL)) ret.code = KADM5_OK; @@ -1384,7 +1384,7 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) if (prime_arg == NULL) prime_arg = "*"; - if (CHANGEPW_SERVICE(rqstp) || !acl_check(handle->context, + if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index fb47623b3..d0d9c3684 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,7 @@ +2004-08-20 Alexandra Ellwood <lxs@mit.edu> + + * server_acl.[ch]: renamed acl_* functions to kadm5int_acl_* + 2004-06-16 Ken Raeburn <raeburn@mit.edu> * Makefile.in (clean-mac): Target deleted. diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index b2ebaaa36..fa63027f7 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -1,7 +1,7 @@ /* - * kadmin/v5server/srv_acl.c + * lib/kadm5/srv/server_acl.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995-2004 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -97,11 +97,11 @@ static const char *acl_cantopen_msg = "%s while opening ACL file %s"; /* - * acl_get_line() - Get a line from the ACL file. + * kadm5int_acl_get_line() - Get a line from the ACL file. * Lines ending with \ are continued on the next line */ static char * -acl_get_line(fp, lnp) +kadm5int_acl_get_line(fp, lnp) FILE *fp; int *lnp; /* caller should set to 1 before first call */ { @@ -158,10 +158,10 @@ acl_get_line(fp, lnp) } /* - * acl_parse_line() - Parse the contents of an ACL line. + * kadm5int_acl_parse_line() - Parse the contents of an ACL line. */ static aent_t * -acl_parse_line(lp) +kadm5int_acl_parse_line(lp) const char *lp; { static char acle_principal[BUFSIZ]; @@ -173,7 +173,7 @@ acl_parse_line(lp) int t, found, opok, nmatch; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_parse_line(line=%20s)\n", lp)); + ("* kadm5int_acl_parse_line(line=%20s)\n", lp)); /* * Format is still simple: * entry ::= [<whitespace>] <principal> <whitespace> <opstring> @@ -253,12 +253,12 @@ acl_parse_line(lp) } } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_parse_line() = %x\n", (long) acle)); + ("X kadm5int_acl_parse_line() = %x\n", (long) acle)); return(acle); } /* - * acl_parse_restrictions() - Parse optional restrictions field + * kadm5int_acl_parse_restrictions() - Parse optional restrictions field * * Allowed restrictions are: * [+-]flagname (recognized by krb5_string_to_flags) @@ -272,7 +272,7 @@ acl_parse_line(lp) * Returns: 0 on success, or system errors */ static krb5_error_code -acl_parse_restrictions(s, rpp) +kadm5int_acl_parse_restrictions(s, rpp) char *s; restriction_t **rpp; { @@ -283,7 +283,7 @@ acl_parse_restrictions(s, rpp) krb5_error_code code; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); + ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); *rpp = (restriction_t *) NULL; code = 0; @@ -355,19 +355,19 @@ acl_parse_restrictions(s, rpp) *rpp = (restriction_t *) NULL; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_parse_restrictions() = %d, mask=0x%08x\n", + ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n", code, (*rpp) ? (*rpp)->mask : 0)); return code; } /* - * acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp + * kadm5int_acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp * * Returns: 0 on success; * malloc or timeofday errors */ krb5_error_code -acl_impose_restrictions(kcontext, recp, maskp, rp) +kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp) krb5_context kcontext; kadm5_principal_ent_rec *recp; long *maskp; @@ -377,7 +377,7 @@ acl_impose_restrictions(kcontext, recp, maskp, rp) krb5_int32 now; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", + ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", *maskp, (long)rp)); if (!rp) return 0; @@ -430,20 +430,20 @@ acl_impose_restrictions(kcontext, recp, maskp, rp) *maskp |= KADM5_MAX_RLIFE; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); + ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); return 0; } /* - * acl_free_entries() - Free all ACL entries. + * kadm5int_acl_free_entries() - Free all ACL entries. */ static void -acl_free_entries() +kadm5int_acl_free_entries() { aent_t *ap; aent_t *np; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_free_entries()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n")); for (ap=acl_list_head; ap; ap = np) { if (ap->ae_name) free(ap->ae_name); @@ -465,14 +465,14 @@ acl_free_entries() } acl_list_head = acl_list_tail = (aent_t *) NULL; acl_inited = 0; - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_free_entries()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_free_entries()\n")); } /* - * acl_load_acl_file() - Open and parse the ACL file. + * kadm5int_acl_load_acl_file() - Open and parse the ACL file. */ static int -acl_load_acl_file() +kadm5int_acl_load_acl_file() { FILE *afp; char *alinep; @@ -480,7 +480,7 @@ acl_load_acl_file() int alineno; int retval = 1; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n")); /* Open the ACL file for read */ afp = fopen(acl_acl_file, "r"); if (afp) { @@ -488,9 +488,9 @@ acl_load_acl_file() aentpp = &acl_list_head; /* Get a non-comment line */ - while ((alinep = acl_get_line(afp, &alineno))) { + while ((alinep = kadm5int_acl_get_line(afp, &alineno))) { /* Parse it */ - *aentpp = acl_parse_line(alinep); + *aentpp = kadm5int_acl_parse_line(alinep); /* If syntax error, then fall out */ if (!*aentpp) { krb5_klog_syslog(LOG_ERR, acl_syn_err_msg, @@ -505,7 +505,7 @@ acl_load_acl_file() fclose(afp); if (acl_catchall_entry) { - *aentpp = acl_parse_line(acl_catchall_entry); + *aentpp = kadm5int_acl_parse_line(acl_catchall_entry); if (*aentpp) { acl_list_tail = *aentpp; } @@ -521,7 +521,7 @@ acl_load_acl_file() krb5_klog_syslog(LOG_ERR, acl_cantopen_msg, error_message(errno), acl_acl_file); if (acl_catchall_entry && - (acl_list_head = acl_parse_line(acl_catchall_entry))) { + (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) { acl_list_tail = acl_list_head; } else { @@ -533,20 +533,20 @@ acl_load_acl_file() } if (!retval) { - acl_free_entries(); + kadm5int_acl_free_entries(); } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X acl_load_acl_file() = %d\n", retval)); + ("X kadm5int_acl_load_acl_file() = %d\n", retval)); return(retval); } /* - * acl_match_data() - See if two data entries match. + * kadm5int_acl_match_data() - See if two data entries match. * * Wildcarding is only supported for a whole component. */ static krb5_boolean -acl_match_data(e1, e2, targetflag, ws) +kadm5int_acl_match_data(e1, e2, targetflag, ws) krb5_data *e1, *e2; int targetflag; wildstate_t *ws; @@ -589,10 +589,10 @@ acl_match_data(e1, e2, targetflag, ws) } /* - * acl_find_entry() - Find a matching entry. + * kadm5int_acl_find_entry() - Find a matching entry. */ static aent_t * -acl_find_entry(kcontext, principal, dest_princ) +kadm5int_acl_find_entry(kcontext, principal, dest_princ) krb5_context kcontext; krb5_principal principal; krb5_principal dest_princ; @@ -603,7 +603,7 @@ acl_find_entry(kcontext, principal, dest_princ) int matchgood; wildstate_t state; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_find_entry()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n")); memset((char *)&state, 0, sizeof state); for (entry=acl_list_head; entry; entry = entry->ae_next) { if (entry->ae_name_bad) @@ -626,12 +626,12 @@ acl_find_entry(kcontext, principal, dest_princ) continue; } matchgood = 0; - if (acl_match_data(&entry->ae_principal->realm, + if (kadm5int_acl_match_data(&entry->ae_principal->realm, &principal->realm, 0, (wildstate_t *)0) && (entry->ae_principal->length == principal->length)) { matchgood = 1; for (i=0; i<principal->length; i++) { - if (!acl_match_data(&entry->ae_principal->data[i], + if (!kadm5int_acl_match_data(&entry->ae_principal->data[i], &principal->data[i], 0, &state)) { matchgood = 0; break; @@ -659,11 +659,11 @@ acl_find_entry(kcontext, principal, dest_princ) if (!dest_princ) matchgood = 0; else if (entry->ae_target_princ && dest_princ) { - if (acl_match_data(&entry->ae_target_princ->realm, + if (kadm5int_acl_match_data(&entry->ae_target_princ->realm, &dest_princ->realm, 1, (wildstate_t *)0) && (entry->ae_target_princ->length == dest_princ->length)) { for (i=0; i<dest_princ->length; i++) { - if (!acl_match_data(&entry->ae_target_princ->data[i], + if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i], &dest_princ->data[i], 1, &state)) { matchgood = 0; break; @@ -680,7 +680,7 @@ acl_find_entry(kcontext, principal, dest_princ) if (entry->ae_restriction_string && !entry->ae_restriction_bad && !entry->ae_restrictions - && acl_parse_restrictions(entry->ae_restriction_string, + && kadm5int_acl_parse_restrictions(entry->ae_restriction_string, &entry->ae_restrictions)) { DPRINT(DEBUG_ACL, acl_debug_level, ("Bad restrictions in ACL entry for %s\n", entry->ae_name)); @@ -692,15 +692,15 @@ acl_find_entry(kcontext, principal, dest_princ) } break; } - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_find_entry()=%x\n",entry)); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry)); return(entry); } /* - * acl_init() - Initialize ACL context. + * kadm5int_acl_init() - Initialize ACL context. */ krb5_error_code -acl_init(kcontext, debug_level, acl_file) +kadm5int_acl_init(kcontext, debug_level, acl_file) krb5_context kcontext; int debug_level; char *acl_file; @@ -710,30 +710,30 @@ acl_init(kcontext, debug_level, acl_file) kret = 0; acl_debug_level = debug_level; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_init(afile=%s)\n", + ("* kadm5int_acl_init(afile=%s)\n", ((acl_file) ? acl_file : "(null)"))); acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL; - acl_inited = acl_load_acl_file(); + acl_inited = kadm5int_acl_load_acl_file(); - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_init() = %d\n", kret)); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_init() = %d\n", kret)); return(kret); } /* - * acl_finish - Terminate ACL context. + * kadm5int_acl_finish - Terminate ACL context. */ void -acl_finish(kcontext, debug_level) +kadm5int_acl_finish(kcontext, debug_level) krb5_context kcontext; int debug_level; { - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_finish()\n")); - acl_free_entries(); - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_finish()\n")); + DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n")); + kadm5int_acl_free_entries(); + DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_finish()\n")); } /* - * acl_check() - Is this operation permitted for this principal? + * kadm5int_acl_check() - Is this operation permitted for this principal? * this code used not to be based on gssapi. In order * to minimize porting hassles, I've put all the * gssapi hair in this function. This might not be @@ -741,7 +741,7 @@ acl_finish(kcontext, debug_level) * solution is, of course, a real authorization service.) */ krb5_boolean -acl_check(kcontext, caller, opmask, principal, restrictions) +kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions) krb5_context kcontext; gss_name_t caller; krb5_int32 opmask; @@ -772,7 +772,7 @@ acl_check(kcontext, caller, opmask, principal, restrictions) retval = 0; - aentry = acl_find_entry(kcontext, caller_princ, principal); + aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal); if (aentry) { if ((aentry->ae_op_allowed & opmask) == opmask) { retval = 1; diff --git a/src/lib/kadm5/srv/server_acl.h b/src/lib/kadm5/srv/server_acl.h index 2645b682e..3e24a6357 100644 --- a/src/lib/kadm5/srv/server_acl.h +++ b/src/lib/kadm5/srv/server_acl.h @@ -1,7 +1,7 @@ /* - * kadmin/v5server/kadm5_defs.h + * lib/kadm5/srv/server_acl.h * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995-2004 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -82,20 +82,20 @@ typedef struct _restriction { char *policy; } restriction_t; -krb5_error_code acl_init +krb5_error_code kadm5int_acl_init (krb5_context, int, char *); -void acl_finish +void kadm5int_acl_finish (krb5_context, int); -krb5_boolean acl_check +krb5_boolean kadm5int_acl_check (krb5_context, gss_name_t, krb5_int32, krb5_principal, restriction_t **); -krb5_error_code acl_impose_restrictions +krb5_error_code kadm5int_acl_impose_restrictions (krb5_context, kadm5_principal_ent_rec *, long *, |