diff options
Diffstat (limited to 'src/kadmin')
34 files changed, 103 insertions, 3977 deletions
diff --git a/src/kadmin/Makefile.in b/src/kadmin/Makefile.in index e5b781084..f47be7295 100644 --- a/src/kadmin/Makefile.in +++ b/src/kadmin/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=.. myfulldir=kadmin mydir=kadmin BUILDTOP=$(REL).. -SUBDIRS = cli dbutil passwd ktutil server testing +SUBDIRS = cli dbutil ktutil server testing all:: diff --git a/src/kadmin/passwd/Kpasswd.res b/src/kadmin/passwd/Kpasswd.res deleted file mode 100644 index a7ec03161..000000000 --- a/src/kadmin/passwd/Kpasswd.res +++ /dev/null @@ -1,46 +0,0 @@ -*xm_ovpasswd.title: PW-CHG-GUI -*form.shadowThickness: 2 - -*foreground: black -*background: grey80 -*topShadowColor: grey95 -*bottomShadowColor: grey20 -*fontList: -*-helvetica-medium-r-*-*-14-* -*main_lbl.fontList: -*-helvetica-bold-r-*-*-14-* -*XmForm.Spacing: 5 - -*main_lbl.labelString: Changing password. -*old_lbl.labelString: Old password: -*new_lbl.labelString: New password: -*again_lbl.labelString: New password (again): -*sep.leftOffset: 0 -*sep.rightOffset: 0 -*Quit.labelString: Quit -*Help.labelString: Help - -*main_lbl.alignment: ALIGNMENT_CENTER -*lbl_form*alignment: ALIGNMENT_END -*scroll_win.shadowThickness: 0 - -*scroll_text.value: \ -Enter your old password below, and press return. You will not be able to see what you\n\ -are typing. After correctly entering your old password, you will be prompted twice for\n\ -your new password. Other messages and directions will appear in this space as necessary. -*scroll_text.rows: 5 -*scroll_text.columns: 66 -*scroll_text.scrollHorizontal: FALSE -*scroll_text.cursorPositionVisible: FALSE - -*help_dlg_popup.title: PW-CHG-GUI Help -*help_dlg.messageString: \ -Welcome to the Kerberos password changing GUI.\n\ -\n\ -In the main window, enter your old password when prompted. After verifying\n\ -your old password, the policy governing your password will be displayed, and\n\ -you will be prompted for a new password. You will then be asked to enter it\n\ -a second time, to make sure you have not made any typos. Assuming that\n\ -your new password complies with your password policy, you should receive\n\ -an acknowledgement that your password has been changed.\n\ -\n\ -If an error occurs, the process will start over from the beginning. You may\n\ -exit the application at any time by pressing the "Quit" button. diff --git a/src/kadmin/passwd/Makefile.in b/src/kadmin/passwd/Makefile.in deleted file mode 100644 index 19854c96b..000000000 --- a/src/kadmin/passwd/Makefile.in +++ /dev/null @@ -1,28 +0,0 @@ -thisconfigdir=../.. -myfulldir=kadmin/passwd -mydir=kadmin/passwd -BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I. -DEFINES = -DUSE_KADM5_API_VERSION=1 -DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) -SUBDIRS = unit-test - -PROG = kpasswd -OBJS = tty_kpasswd.o kpasswd.o kpasswd_strings.o -SRCS = tty_kpasswd.c kpasswd.c kpasswd_strings.c - -all:: $(PROG) - -kpasswd_strings.c kpasswd_strings.h: $(srcdir)/kpasswd_strings.et - -$(OBJS): kpasswd_strings.h - -$(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) - -clean:: - $(RM) kpasswd_strings.c kpasswd_strings.h $(PROG) $(OBJS) - -depend:: kpasswd_strings.h diff --git a/src/kadmin/passwd/deps b/src/kadmin/passwd/deps deleted file mode 100644 index ff09f598f..000000000 --- a/src/kadmin/passwd/deps +++ /dev/null @@ -1,26 +0,0 @@ -# -# Generated makefile dependencies follow. -# -$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kpasswd.h kpasswd_strings.h \ - tty_kpasswd.c -$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kpasswd.c kpasswd.h kpasswd_strings.h -$(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \ - kpasswd_strings.c diff --git a/src/kadmin/passwd/kpasswd.M b/src/kadmin/passwd/kpasswd.M deleted file mode 100644 index 185c1f595..000000000 --- a/src/kadmin/passwd/kpasswd.M +++ /dev/null @@ -1,70 +0,0 @@ -.\" kadmin/kpasswd/kpasswd.M -.\" -.\" Copyright 1995 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH KPASSWD 1 -.SH NAME -kpasswd \- change a user's Kerberos password -.SH SYNOPSIS -.B kpasswd -[\fIprincipal\fP] -.SH DESCRIPTION -.PP -The -.I kpasswd -command is used to change a Kerberos principal's password. -.I Kpasswd -prompts for the current Kerberos password, which is used to obtain a -.B changepw -ticket from the -.SM KDC -for the user's Kerberos realm. If -.B kpasswd -successfully obtains the -.B changepw -ticket, the user is prompted twice for the new password, and the -password is changed. -.PP -If the principal is governed by a policy that specifies the length and/or -number of character classes required in the new password, the new -password must conform to the policy. (The five character classes are -lower case, upper case, numbers, punctuation, and all other characters.) -.SH OPTIONS -.TP -.I principal -change the password for the Kerberos principal -.IR principal . -Otherwise, the principal is derived from the identity of the user -invoking the -.I kpasswd -command. -.SH FILES -.TP "\w'/tmp/tkt_kadm_[pid]'u" -/tmp/tkt_kadm_[pid] -temporary credentials cache for the lifetime of the password changing -operation. ([pid] is the process-ID of the kpasswd process.) -.SH SEE ALSO -kadmin(8), kadmind(8) -.SH BUGS -If -.B kpasswd -is suspended, the changepw tickets may not be destroyed. diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c deleted file mode 100644 index ca47fca5b..000000000 --- a/src/kadmin/passwd/kpasswd.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - * - * - */ - -static char rcsid[] = "$Id$"; - -#include <kadm5/admin.h> -#include <krb5.h> - -#include "kpasswd_strings.h" -#define string_text error_message - -#include "kpasswd.h" - -#include <stdio.h> -#include <pwd.h> -#include <string.h> - -extern char *whoami; - - -#define MISC_EXIT_STATUS 6 - -/* - * Function: kpasswd - * - * Purpose: Initialize and call lower level routines to change a password - * - * Arguments: - * - * context (r) krb5_context to use - * argc/argv (r) principal name to use, optional - * read_old_password (f) function to read old password - * read_new_password (f) function to read new and change password - * display_intro_message (f) function to display intro message - * whoami (extern) argv[0] - * - * Returns: - * exit status of 0 for success - * 1 principal unknown - * 2 old password wrong - * 3 cannot initialize admin server session - * 4 new passwd mismatch or error trying to change pw - * 5 password not typed - * 6 misc error - * 7 incorrect usage - * - * Requires: - * Passwords cannot be more than 255 characters long. - * - * Effects: - * - * If argc is 2, the password for the principal specified in argv[1] - * is changed; otherwise, the principal of the default credential - * cache or username is used. display_intro_message is called with - * the arguments KPW_STR_CHANGING_PW_FOR and the principal name. - * read_old_password is then called to prompt for the old password. - * The admin system is then initialized, the principal's policy - * retrieved and explained, if appropriate, and finally - * read_new_password is called to read the new password and change the - * principal's password (presumably ovsec_kadm_chpass_principal). - * admin system is de-initialized before the function returns. - * - * Modifies: - * - * Changes the principal's password. - * - */ -int -kpasswd(context, argc, argv) - krb5_context context; - int argc; - char *argv[]; -{ - int code; - krb5_ccache ccache = NULL; - krb5_principal princ = 0; - char *princ_str; - struct passwd *pw = 0; - unsigned int pwsize; - char password[255]; /* I don't really like 255 but that's what kinit uses */ - char msg_ret[1024], admin_realm[1024]; - ovsec_kadm_principal_ent_t principal_entry = NULL; - ovsec_kadm_policy_ent_t policy_entry = NULL; - void *server_handle; - - if (argc > 2) { - com_err(whoami, KPW_STR_USAGE, 0); - return(7); - /*NOTREACHED*/ - } - - /************************************ - * Get principal name to change * - ************************************/ - - /* Look on the command line first, followed by the default credential - cache, followed by defaulting to the Unix user name */ - - if (argc == 2) - princ_str = strdup(argv[1]); - else { - code = krb5_cc_default(context, &ccache); - /* If we succeed, find who is in the credential cache */ - if (code == 0) { - /* Get default principal from cache if one exists */ - code = krb5_cc_get_principal(context, ccache, &princ); - /* if we got a principal, unparse it, otherwise get out of the if - with an error code */ - (void) krb5_cc_close(context, ccache); - if (code == 0) { - code = krb5_unparse_name(context, princ, &princ_str); - if (code != 0) { - com_err(whoami, code, string_text(KPW_STR_UNPARSE_NAME)); - return(MISC_EXIT_STATUS); - } - } - } - - /* this is a crock.. we want to compare against */ - /* "KRB5_CC_DOESNOTEXIST" but there is no such error code, and */ - /* both the file and stdio types return FCC_NOFILE. If there is */ - /* ever another ccache type (or if the error codes are ever */ - /* fixed), this code will have to be updated. */ - if (code && code != KRB5_FCC_NOFILE) { - com_err(whoami, code, string_text(KPW_STR_WHILE_LOOKING_AT_CC)); - return(MISC_EXIT_STATUS); - } - - /* if either krb5_cc failed check the passwd file */ - if (code != 0) { - pw = getpwuid( getuid()); - if (pw == NULL) { - com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE)); - return(MISC_EXIT_STATUS); - } - princ_str = strdup(pw->pw_name); - } - } - - display_intro_message(string_text(KPW_STR_CHANGING_PW_FOR), princ_str); - - /* Need to get a krb5_principal, unless we started from with one from - the credential cache */ - - if (! princ) { - code = krb5_parse_name (context, princ_str, &princ); - if (code != 0) { - com_err(whoami, code, string_text(KPW_STR_PARSE_NAME), princ_str); - free(princ_str); - return(MISC_EXIT_STATUS); - } - } - - pwsize = sizeof(password); - code = read_old_password(context, password, &pwsize); - - if (code != 0) { - memset(password, 0, sizeof(password)); - com_err(whoami, code, string_text(KPW_STR_WHILE_READING_PASSWORD)); - krb5_free_principal(context, princ); - free(princ_str); - return(MISC_EXIT_STATUS); - } - if (pwsize == 0) { - memset(password, 0, sizeof(password)); - com_err(whoami, 0, string_text(KPW_STR_NO_PASSWORD_READ)); - krb5_free_principal(context, princ); - free(princ_str); - return(5); - } - - admin_realm[0] = '\0'; - strncat(admin_realm, krb5_princ_realm(context, princ)->data, - krb5_princ_realm(context, princ)->length); - - code = ovsec_kadm_init(princ_str, password, KADM5_CHANGEPW_SERVICE, - admin_realm /* we probably should take a -r */ - /* someday */, - OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, - NULL, - &server_handle); - if (code != 0) { - if (code == OVSEC_KADM_BAD_PASSWORD) - com_err(whoami, 0, string_text(KPW_STR_OLD_PASSWORD_INCORRECT)); - else - com_err(whoami, 0, string_text(KPW_STR_CANT_OPEN_ADMIN_SERVER), admin_realm, - error_message(code)); - krb5_free_principal(context, princ); - free(princ_str); - return((code == OVSEC_KADM_BAD_PASSWORD)?2:3); - } - - /* Explain policy restrictions on new password if any. */ - /* Note: copy of this exists in login (kverify.c/get_verified_in_tkt). */ - - code = ovsec_kadm_get_principal(server_handle, princ, &principal_entry); - if (code != 0) { - com_err(whoami, 0, - string_text((code == OVSEC_KADM_UNK_PRINC) - ? KPW_STR_PRIN_UNKNOWN : KPW_STR_CANT_GET_POLICY_INFO), - princ_str); - krb5_free_principal(context, princ); - free(princ_str); - (void) ovsec_kadm_destroy(server_handle); - return((code == OVSEC_KADM_UNK_PRINC) ? 1 : MISC_EXIT_STATUS); - } - if ((principal_entry->aux_attributes & OVSEC_KADM_POLICY) != 0) { - code = ovsec_kadm_get_policy(server_handle, - principal_entry->policy, &policy_entry); - if (code != 0) { - /* doesn't matter which error comes back, there's no nice recovery - or need to differentiate to the user */ - com_err(whoami, 0, - string_text(KPW_STR_CANT_GET_POLICY_INFO), princ_str); - (void) ovsec_kadm_free_principal_ent(server_handle, principal_entry); - krb5_free_principal(context, princ); - free(princ_str); - (void) ovsec_kadm_destroy(server_handle); - return(MISC_EXIT_STATUS); - } - com_err(whoami, 0, string_text(KPW_STR_POLICY_EXPLANATION), - princ_str, principal_entry->policy, - policy_entry->pw_min_length, policy_entry->pw_min_classes); - - code = ovsec_kadm_free_principal_ent(server_handle, principal_entry); - if (code) { - (void) ovsec_kadm_free_policy_ent(server_handle, policy_entry); - krb5_free_principal(context, princ); - free(princ_str); - com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL)); - (void) ovsec_kadm_destroy(server_handle); - return(MISC_EXIT_STATUS); - } - - code = ovsec_kadm_free_policy_ent(server_handle, policy_entry); - if (code) { - krb5_free_principal(context, princ); - free(princ_str); - com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_POLICY)); - (void) ovsec_kadm_destroy(server_handle); - return(MISC_EXIT_STATUS); - } - } - else { - /* kpasswd *COULD* output something here to encourage the choice - of good passwords, in the absence of an enforced policy. */ - code = ovsec_kadm_free_principal_ent(server_handle, principal_entry); - if (code) { - krb5_free_principal(context, princ); - free(princ_str); - com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL)); - (void) ovsec_kadm_destroy(server_handle); - return(MISC_EXIT_STATUS); - } - } - - pwsize = sizeof(password); - code = read_new_password(server_handle, password, &pwsize, msg_ret, princ); - memset(password, 0, sizeof(password)); - - if (code) - com_err(whoami, 0, msg_ret); - - krb5_free_principal(context, princ); - free(princ_str); - - (void) ovsec_kadm_destroy(server_handle); - - if (code == KRB5_LIBOS_CANTREADPWD) - return(5); - else if (code) - return(4); - else - return(0); -} diff --git a/src/kadmin/passwd/kpasswd.h b/src/kadmin/passwd/kpasswd.h deleted file mode 100644 index 577ab386f..000000000 --- a/src/kadmin/passwd/kpasswd.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * kadmin/passwd/kpasswd.h - * - * Copyright 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Prototypes for the kpasswd program callback functions. - */ - -#ifndef __KPASSWD_H__ -#define __KPASSWD_H__ - -int kpasswd(krb5_context context, int argc, char *argv[]); - -long read_old_password(krb5_context context, char *password, - unsigned int *pwsize); - -long read_new_password(void *server_handle, char *password, - unsigned int *pwsize, char *msg_ret, - krb5_principal princ); - -void display_intro_message(const char *fmt_string, const char *arg_string); - -#endif /* __KPASSWD_H__ */ - - diff --git a/src/kadmin/passwd/kpasswd_strings.et b/src/kadmin/passwd/kpasswd_strings.et deleted file mode 100644 index 7e826d270..000000000 --- a/src/kadmin/passwd/kpasswd_strings.et +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved. -# -# String table of messages for kpasswd - - -error_table kpws - -# /* M1 */ -error_code KPW_STR_USAGE, "Usage: kpasswd [principal_name]." - -error_code KPW_STR_PRIN_UNKNOWN, - "Kerberos principal name %s is not recognized." -# /* <name> */ - -# /* M2 */ -error_code KPW_STR_WHILE_LOOKING_AT_CC, - "while reading principal name from credential cache." - -# /* M4 */ -error_code KPW_STR_OLD_PASSWORD_INCORRECT, - "Old Kerberos password is incorrect. Please try again." - -# /* M5 */ -error_code KPW_STR_CANT_OPEN_ADMIN_SERVER, -"Cannot establish a session with the Kerberos administrative server for\n\ -realm %s. %s." -# /* <realm-name>, <Specific error message from admin server library>. */ - -# /* M6 */ -error_code KPW_STR_NEW_PASSWORD_MISMATCH, - "New passwords do not match - password not changed.\n" - -# /* M7 */ -error_code KPW_STR_PASSWORD_CHANGED, "Kerberos password changed.\n" - -# /* M13 */ -error_code KPW_STR_PASSWORD_NOT_CHANGED, "Password not changed." - -error_code KPW_STR_PARSE_NAME, "when parsing name %s." -error_code KPW_STR_UNPARSE_NAME, "when unparsing name." -error_code KPW_STR_NOT_IN_PASSWD_FILE, "Unable to identify user from password file." - -# /* M3 */ -error_code KPW_STR_CHANGING_PW_FOR, "Changing password for %s." -# /* principal@realm */ - -error_code KPW_STR_OLD_PASSWORD_PROMPT, "Old password" -error_code KPW_STR_WHILE_READING_PASSWORD, "while reading new password." - -# /* M4 */ -error_code KPW_STR_NO_PASSWORD_READ, -"You must type a password. Passwords must be at least one character long." - -# /* M14 */ -error_code KPW_STR_WHILE_TRYING_TO_CHANGE, "while trying to change password." - -error_code KPW_STR_WHILE_DESTROYING_ADMIN_SESSION, -"while closing session with admin server and destroying tickets." - -error_code KPW_STR_WHILE_FREEING_PRINCIPAL, -"while freeing admin principal entry" - -error_code KPW_STR_WHILE_FREEING_POLICY, -"while freeing admin policy entry" - -error_code KPW_STR_CANT_GET_POLICY_INFO, -"Could not get password policy information for principal %s." -# /* principal@realm */ - -error_code KPW_STR_POLICY_EXPLANATION, -"%s's password is controlled by the policy %s, which\nrequires a minimum of %u characters from at least %u classes (the five classes\nare lowercase, uppercase, numbers, punctuation, and all other characters)." -# /* principal_name policy_name min_length min_classes */ - -end - diff --git a/src/kadmin/passwd/tty_kpasswd.c b/src/kadmin/passwd/tty_kpasswd.c deleted file mode 100644 index 189409140..000000000 --- a/src/kadmin/passwd/tty_kpasswd.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - * - * - */ - -static char rcsid[] = "$Id$"; - -#include <kadm5/admin.h> -#include <krb5.h> - -#include "kpasswd_strings.h" -#define string_text error_message - -#include "kpasswd.h" -#include <stdio.h> -#include <pwd.h> -#include <string.h> - -char *whoami; - -void display_intro_message(fmt_string, arg_string) - const char *fmt_string; - const char *arg_string; -{ - com_err(whoami, 0, fmt_string, arg_string); -} - -long read_old_password(context, password, pwsize) - krb5_context context; - char *password; - unsigned int *pwsize; -{ - long code = krb5_read_password(context, - string_text(KPW_STR_OLD_PASSWORD_PROMPT), - 0, password, pwsize); - return code; -} - -long read_new_password(server_handle, password, pwsize, msg_ret, princ) - void *server_handle; - char *password; - unsigned int *pwsize; - char *msg_ret; - krb5_principal princ; -{ - return (ovsec_kadm_chpass_principal_util(server_handle, princ, NULL, - NULL /* don't need new pw back */, - msg_ret)); -} - - -/* - * main() for tty version of kpasswd.c - */ -int -main(argc, argv) - int argc; - char *argv[]; -{ - krb5_context context; - int retval; - - whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]; - - retval = krb5_init_context(&context); - if (retval) { - com_err(whoami, retval, "initializing krb5 context"); - exit(retval); - } - initialize_kpws_error_table(); - - retval = kpasswd(context, argc, argv); - - if (!retval) - printf(string_text(KPW_STR_PASSWORD_CHANGED)); - - exit(retval); -} diff --git a/src/kadmin/passwd/unit-test/Makefile.in b/src/kadmin/passwd/unit-test/Makefile.in deleted file mode 100644 index 37dfaca33..000000000 --- a/src/kadmin/passwd/unit-test/Makefile.in +++ /dev/null @@ -1,27 +0,0 @@ -thisconfigdir=../../.. -myfulldir=kadmin/passwd/unit-test -mydir=kadmin/passwd/unit-test -BUILDTOP=$(REL)..$(S)..$(S).. -check unit-test:: unit-test-@DO_TEST@ - -unit-test-: - @echo "+++" - @echo "+++ WARNING: kpasswd unit tests not run." - @echo "+++ Either tcl, runtest, or Perl is unavailable." - @echo "+++" - -unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup - -unit-test-body:: - $(ENV_SETUP) $(RUNTEST) --tool kpasswd KPASSWD=../kpasswd \ - KINIT=$(BUILDTOP)/clients/kinit/kinit \ - KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \ - PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" - -unit-test-setup:: - $(ENV_SETUP) $(VALGRIND) $(START_SERVERS) - -unit-test-cleanup:: - $(ENV_SETUP) $(STOP_SERVERS) -clean:: - $(RM) dbg.log kpasswd.sum kpasswd.log diff --git a/src/kadmin/passwd/unit-test/config/unix.exp b/src/kadmin/passwd/unit-test/config/unix.exp deleted file mode 100644 index 479d77243..000000000 --- a/src/kadmin/passwd/unit-test/config/unix.exp +++ /dev/null @@ -1,115 +0,0 @@ -if { [string length $VALGRIND] } { - rename spawn valgrind_aux_spawn - proc spawn { args } { - global VALGRIND - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - # Only run valgrind for local programs, not - # system ones. -#&&![string match "/bin/sh" $arg] sh is used to start kadmind! - if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] { - set newargs [concat $newargs $VALGRIND] - } - } - lappend newargs $arg - } - set pid [eval valgrind_aux_spawn $newargs] - return $pid - } -} - -# Hack around Solaris 9 kernel race condition that causes last output -# from a pty to get dropped. -if { $PRIOCNTL_HACK } { - catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]} - rename spawn oldspawn - proc spawn { args } { - upvar 1 spawn_id spawn_id - set newargs {} - set inflags 1 - set eatnext 0 - foreach arg $args { - if { $arg == "-ignore" \ - || $arg == "-open" \ - || $arg == "-leaveopen" } { - lappend newargs $arg - set eatnext 1 - continue - } - if [string match "-*" $arg] { - lappend newargs $arg - continue - } - if { $eatnext } { - set eatnext 0 - lappend newargs $arg - continue - } - if { $inflags } { - set inflags 0 - set newargs [concat $newargs {priocntl -e -c FX -p 0}] - } - lappend newargs $arg - } - set pid [eval oldspawn $newargs] - return $pid - } -} - -# -# kpasswd_version -- extract and print the version number of kpasswd -# - -proc kpasswd_version {} { - global KPASSWD - catch "exec ident $KPASSWD" tmp - if [regexp {Id: kpasswd.c,v ([0-9]+\.[0-9]+)} $tmp \ - dummy version] then { - clone_output "$KPASSWD version $version\n" - } else { - clone_output "$KPASSWD version <unknown>\n" - } -} -# -# kpasswd_load -- loads the program -# -proc kpasswd_load {} { - # -} - -# kpasswd_exit -- clean up and exit -proc kpasswd_exit {} { - # -} - -# -# kpasswd_start -- start kpasswd running -# -proc kpasswd_start { args } { - global KPASSWD - global spawn_id - - verbose "% $KPASSWD $args" 1 - eval spawn $KPASSWD $args -} diff --git a/src/kadmin/passwd/unit-test/deps b/src/kadmin/passwd/unit-test/deps deleted file mode 100644 index 2feac3c9d..000000000 --- a/src/kadmin/passwd/unit-test/deps +++ /dev/null @@ -1 +0,0 @@ -# No dependencies here. diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp b/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp deleted file mode 100644 index 3d7dc4bfd..000000000 --- a/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp +++ /dev/null @@ -1,113 +0,0 @@ -# -# $Id$ -# - -set timeout 15 - -load_lib "helpers.exp" - -if [info exist env(DEBUG)] { debug 1 } - -# -# Here are the tests -# - -set pol2_time [timestamp] - -test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \ - 4 {New passwords do not match - password not changed.} - -test_3pass {test2} {D.7.5: empty/empty} test2 test2 {} {} \ - 5 {You must type a password. Passwords must be at least one character long.} - -test_3pass {test2} {D.6: empty/non-empty} test2 test2 {} test2 \ - 4 {New passwords do not match - password not changed.} - -test_3pass {test2} {D.7: non-empty/empty} test2 test2 test2 {} \ - 4 {New passwords do not match - password not changed.} - - -test_win {test1} {D.8: change password} test1 test1 newpass - -test_win {test1} {D.9: test changed password} test1 newpass test1 - -mytest "D.22: No policy description was shown" test1 4 { - -re "Changing password for test1.*\\.$s+Old password:\[^\n\]*$" - { send "test1\n" } -} { - -re "$s+.*$s+.*$s+.*char.*classes.*" - { myfail "policy description displayed" } - timeout { mypass } -} { - -re "^$s+New password:\[^\n\]*$" - { send "newpass\n" } -} { - -re "^$s+New password \\(again\\):\[^\n\]*\$" - { send "ssapwen\n" } -} { - -re "$s+New passwords do not match - password not changed." - { mypass } -} - -test_3pass {pol1} {D.10: new password too short} pol1 pol111111 que que \ - 4 {New password is too short. Please choose a password which is at least [0-9]+ characters long.} - -test_3pass {pol1} {D.13: too few char classes in new password} pol1 \ - pol111111 123456789 123456789 \ - 4 {New password does not have enough character classes. The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters \(e.g., control characters\). Please choose a password with at least [0-9]+ character classes.} - -test_3pass {pol1} {D.14: new password in dictionary} pol1 \ - pol111111 Discordianism Discordianism \ - 4 {New password was found in a dictionary of possible passwords and therefore may be easily guessed. Please choose another password. See the kpasswd man page for help in choosing a good password.} - -test_win {pol1} {successful change} pol1 pol111111 polAAAAAA -# fail "successful change: XXXX password history is majorly broken" - -test_3pass {pol1} {D.11: new password same as old} pol1 \ - polAAAAAA polAAAAAA polAAAAAA \ - 4 {New password was used previously. Please choose a different password.} - -test_3pass {pol1} {D.12: new password in history} pol1 \ - polAAAAAA pol111111 pol111111 \ - 4 {New password was used previously. Please choose a different password.} - -mytest "D.18: Policy description was shown" pol1 4 { - -re "Changing password for pol1.*\\.$s+Old password:\[^\n\]*$" - { send "polAAAAAA\n" } -} { - -re "$s+.*$s+.*$s+.*8 char.*2 classes.*$s+New password:\[^\n\]*$" - { send "newpass1234\n" } -} { - -re "^$s+New password \\(again\\):\[^\n\]*$" - { send "newpass4321\n" } -} { - -re "$s+New passwords do not match - password not changed." - { mypass } -} - -# restore pol1's password to its initial value; see discussion in -# secure-kpasswd/2204 about secure-releng/2191 if you are confused -test_win {pol1} {successful change} pol1 polAAAAAA polBBBBBB -test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC -test_win {pol1} {successful change} pol1 polCCCCCC pol111111 - -# Under "make check", init_db will just have been run and we could -# jump right into the too-soon test. But if someone is working with -# the test suite manually, init_db may have been run a while ago. -# So, force some known state, first. -set delay [expr $pol2_time + 11 - [timestamp]] -verbose "(sleeping $delay seconds so pol2 password can be changed)" -sleep $delay - -test_win {pol2} {successful change} pol2 pol222222 polbbbbbb - -test_3pass {pol2} {D.15: too soon to change password} pol2 \ - polbbbbbb pol222222 pol222222 \ - 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} - -# Now delay a little longer (if needed) and try changing pol2's -# password again. -verbose "(sleeping 10 seconds)" -sleep 10 - -test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222 diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp b/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp deleted file mode 100644 index 2cda17a6a..000000000 --- a/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp +++ /dev/null @@ -1,29 +0,0 @@ -# -# $Id$ -# - -set timeout 15 - -load_lib "helpers.exp" - -if [info exist env(DEBUG)] { debug 1 } - -# -# Here are the tests -# - -test_initerr {test2} {C.4: empty old password (XXXX)} test2 {} \ - 5 {You must type a password. Passwords must be at least one character long.} - -test_initerr {test2} {C.5: incorrect old password} test2 foobar \ - 2 "Old Kerberos password is incorrect. Please try again." - -# set timeout 60 -# -#test_initerr {test2@SECURE-TEST-DEAD.OV.COM} {C.8: server up, daemon down} \ -# test2 test2 \ -# 3 "" -# -#test_initerr {test2@SECURE-TEST-DOWN.OV.COM} {C.8.5: server down} \ -# test2 test2 \ -# 3 "${initerr_str}Cannot contact any KDC for requested realm" diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp b/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp deleted file mode 100644 index 01b2296fc..000000000 --- a/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp +++ /dev/null @@ -1,87 +0,0 @@ -# -# $Id$ -# - -set timeout 15 - -load_lib "helpers.exp" - -if [info exist env(DEBUG)] { debug 1 } - -# -# Here are the tests -# - -if {[info exists env(KRB5CCNAME)]} { - unset env(KRB5CCNAME) -} - -# Apple (in Mac OS X 10.5.4) is shipping a tcl in which -# unsetting env-array values seems not to work! -if {[info exists env(KRB5CCNAME)]} { - untested {B.7: default nonexisting ccache(1) (unset failed, tcl defective!)} - untested {B.7: default nonexisting ccache(2)} - untested {B.4: default existing cache containing existing principal} - set test2pass test2 - -} else { - - -kdestroy - - -#### no principal specified - -if {[info exists env(USER)]} { - set whoami $env(USER) -} else { - set whoami [exec whoami] -} - - test_win {} {B.7: default nonexisting ccache(1)} $whoami $whoami newpass - test_win {} {B.7: default nonexisting ccache(2)} $whoami newpass $whoami - - kinit test2 test2 - test_win {} {B.4: default existing cache containing existing principal} \ - test2 test2 newpass - kdestroy - set test2pass newpass -} - -set env(KRB5CCNAME) FILE:/tmp/ovsec_adm_test_ccache -kinit test2 $test2pass -test_win {} {B.3: specified existing cache containing existing principal} \ - test2 $test2pass test2 -kdestroy -unset env(KRB5CCNAME) - -# Apple (in Mac OS X 10.5.4) is shipping a tcl in which -# unsetting env-array values seems not to work! -if {[info exists env(KRB5CCNAME)]} { - untested {B.14: existing principal, no realm} - untested {B.15, C.6: non-existent principal, no realm} - untested {B.16: existing principal, with realm} - untested {B.17: non-existent principal, with realm} - -} else { - -#### principal on command line - -# -test_win {test2} {B.14: existing principal, no realm} test2 test2 newpass - -# -test_initerr {bogus} {B.15, C.6: non-existent principal, no realm} bogus bogus \ - 3 "${initerr_str}Client not found in Kerberos database" - -# -test_win {test2@SECURE-TEST.OV.COM} {B.16: existing principal, with realm} \ - test2 newpass test2 - -# -test_initerr {bogus@SECURE-TEST.OV.COM} \ - {B.17: non-existent principal, with realm} \ - bogus bogus \ - 3 "${initerr_str}Client not found in Kerberos database" - -} diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp b/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp deleted file mode 100644 index e132bab2f..000000000 --- a/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp +++ /dev/null @@ -1,26 +0,0 @@ -# -# $Id$ -# - -set timeout 15 - -load_lib "helpers.exp" - -# -# Here are the tests -# - -mytest {A.1: two args} {foo bar} 7 { - -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass } -} - -mytest {A.2: three args} {foo bar baz} 7 { - -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass } -} - -set env(KRB5CCNAME) bogus_type:bogus_ccname -mytest {B.5: malformed ccache name} {} 6 { - -re {[a-z./]+passwd: Unknown credential cache type while reading principal name from credential cache} { mypass } -} -unset env(KRB5CCNAME) - diff --git a/src/kadmin/passwd/unit-test/lib/helpers.exp b/src/kadmin/passwd/unit-test/lib/helpers.exp deleted file mode 100644 index 25b71a20e..000000000 --- a/src/kadmin/passwd/unit-test/lib/helpers.exp +++ /dev/null @@ -1,217 +0,0 @@ -# -# $Id$ -# - -global s -set s "\[\r\n\t\ \]" - -if {[info commands exp_version] != {}} { - set exp_version_4 [regexp {^4} [exp_version]] -} else { - set exp_version_4 [regexp {^4} [expect_version]] -} - -# Backward compatibility until we're using expect 5 everywhere -if {$exp_version_4} { - global wait_error_index wait_errno_index wait_status_index - set wait_error_index 0 - set wait_errno_index 1 - set wait_status_index 1 -} else { - set wait_error_index 2 - set wait_errno_index 3 - set wait_status_index 3 -} - -proc myfail { comment } { - global mytest_name - global mytest_status - wait - fail "$mytest_name: $comment" - set mytest_status 1 -} - -proc mypass {} { -} - -## -## When you expect on an id, and eof is detected, the spawn_id is closed. -## It may be waited for, but calling expect or close on this id is an ERROR! -## - -proc mytest { name kpargs status args } { - global spawn_id - global timeout - global mytest_name - global mytest_status - global wait_error_index wait_errno_index wait_status_index - - verbose "starting test: $name" - - set mytest_name "$name" - - eval kpasswd_start $kpargs - - # at the end, eof is success - - lappend args { eof { if {[regexp "\[\r\n\]$" $expect_out(buffer)] == 0} { myfail "final status message not newline-terminated" } } } - - # for each test argument.... - # rep invariant: when this foreach ends, the id is close'd, but - # not wait'ed. - - foreach test $args { - set mytest_status 0 - - # treat the arg as an expect parameter - # if failure, the process will be closed and waited. - - uplevel 1 "expect { - $test - timeout { close; myfail \"timeout\"} - eof { myfail \"eof read before expected message string\" } - }" - - if {$mytest_status == 1} { return } - } - - # at this point, the id is closed and we can wait on it. - - set ret [wait] - verbose "% Exit $ret" 1 - if {[lindex $ret $wait_error_index] == -1} { - fail "$name: wait returned error [lindex $ret $wait_errno_index]" - } else { - if { [lindex $ret $wait_status_index] == $status || - (($status<0) && ([lindex $ret $wait_status_index] == ($status+256))) } { - pass "$name" - } else { - fail "$name: unexpected return status [lindex $ret $wait_status_index], should be $status" - } - } -} - -proc kinit { princ pass } { - global env; - global KINIT - spawn -noecho $KINIT -5 $princ; - - expect { - -re "Password for .*:\[^\n\]*$" - {send "$pass\n"} - timeout {puts "Timeout waiting for prompt" ; close } - } - - # this necessary so close(1) in the child will not sleep waiting for - # the parent, which is us, to read pending data. - - expect { - eof {} - } - wait -} - -proc kdestroy {} { - global KDESTROY - global errorCode errorInfo - global env - - if {[info exists errorCode]} { - set saveErrorCode $errorCode - } - if {[info exists errorInfo]} { - set saveErrorInfo $errorInfo - } - catch "system $KDESTROY -5 2>/dev/null" - if {[info exists saveErrorCode]} { - set errorCode $saveErrorCode - } elseif {[info exists errorCode]} { - unset errorCode - } - if {[info exists saveErrorInfo]} { - set errorInfo $saveErrorInfo - } elseif {[info exists errorInfo]} { - unset errorInfo - } -} - -global initerr_str -global initerr_regexp -set initerr_str "Cannot establish a session with the Kerberos administrative server for realm \[^\r\n\]*\\. " -set initerr_regexp "Cannot establish a session with the Kerberos administrative server for$s+realm \[^\r\n\]*\\.$s+" - -proc test_win { args name princ pass1 { pass2 "\001\001" } } { - global s - global initerr_regexp - - if { $pass2 == "\001\001" } { set pass2 "$pass1" } - - mytest "$name" $args 0 { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" - { send "$pass1\n" } - } { - -re "Old Kerberos password is incorrect. Please try again." - { close; myfail "Old password incorrect" } - -re "${initerr_regexp}(.+\[^\r\n\t\ \])\r\n" - { close; myfail "init error: $expect_out(1,string)" } - -re "$s+New password:\[^\n\]*$" - { send "$pass2\n" } - -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$" - { send "$pass2\n" } - } { - -re "$s+New password \\(again\\):\[^\n\]*$" - { send "$pass2\n" } - } { - -re "$s+Kerberos password changed." - { mypass } - -re "$s+Password changed." - { close; myfail "Wrong message on success." } - } -} - -proc test_initerr { args name princ pass status err } { - global s - global initerr_regexp - - regsub -all "$s+" $err "$s+" err2 - - mytest "$name" $args $status { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" - { send "$pass\n" } - } { - -re "$err2" - { mypass } - -re "Old Kerberos password is incorrect. Please try again." - { close; myfail "Old password incorrect" } - -re "${initerr_regexp}(.+)\r\n" - { close; myfail "init error: $expect_out(1,string)" } - } -} - -proc test_3pass { args name princ pass1 pass2 pass3 status err } { - global s - global initerr_regexp - - regsub -all "$s+" $err "$s+" err2 - - mytest "$name" $args $status { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" - { send "$pass1\n" } - } { - -re "Old Kerberos password is incorrect. Please try again." - { close; myfail "Old password incorrect" } - -re "${initerr_regexp}(.+)\r\n" - { close; myfail "init error: $expect_out(1,string)" } - -re "$s+New password:\[^\n\]*$" - { send "$pass2\n" } - -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$" - { send "$pass2\n" } - } { - -re "$s+New password \\(again\\):\[^\n\]*$" - { send "$pass3\n" } - } { - -re "$s+$err2" - { mypass } - } -} - diff --git a/src/kadmin/passwd/xm_kpasswd.c b/src/kadmin/passwd/xm_kpasswd.c deleted file mode 100644 index 2f0bdf9c2..000000000 --- a/src/kadmin/passwd/xm_kpasswd.c +++ /dev/null @@ -1,445 +0,0 @@ -/* - * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - * - * - */ - -static char rcsid_2[] = "$Id$"; - -#include <kadm5/admin.h> -#include <krb5.h> - -#include "kpasswd_strings.h" -#define string_text error_message -#define initialize_kpasswd_strings initialize_kpws_error_table - -#include <stdio.h> -#include <pwd.h> -#include <string.h> - -char *whoami; - -#include <Xm/Xm.h> -#include <Xm/MessageB.h> -#include <Xm/ScrolledW.h> -#include <Xm/Form.h> -#include <Xm/Text.h> -#include <Xm/PushB.h> -#include <Xm/Label.h> -#include <Xm/Separator.h> -#include <X11/cursorfont.h> -#include <X11/Shell.h> - -Widget toplevel, scroll_text, prompt_text; -Widget quit_btn, help_btn, old_lbl, new_lbl, again_lbl, main_lbl; -XtAppContext app_con; -int looping; -int retval=0; - - -/*************************************************************************** - * - * A few utility functions for setting/unsetting the busy cursor - * (i.e. the watch cursor). - */ -static void -SetCursor(w,c) - Widget w; - Cursor c; -{ - while (XtIsSubclass(w, shellWidgetClass) != True) - w = XtParent(w); - - XDefineCursor(XtDisplay(w), XtWindow(w), c); - XFlush(XtDisplay(w)); -} - - -static void -SetStandardCursor() -{ - static Cursor ArrowCursor = (Cursor)NULL; - - if (ArrowCursor == (Cursor)NULL) - ArrowCursor = XCreateFontCursor(XtDisplay(toplevel), XC_top_left_arrow); - SetCursor(toplevel, ArrowCursor); -} - - -static void -SetWatchCursor() -{ - static Cursor WatchCursor = (Cursor)NULL; - - if (WatchCursor == (Cursor)NULL) - WatchCursor = XCreateFontCursor(XtDisplay(toplevel), XC_watch); - SetCursor(toplevel, WatchCursor); -} - - -/*************************************************************************** - * - * Set up a com_err hook, for displaying to a motif scrolling widget. - */ - -#include <stdarg.h> - -static void -#ifdef __STDC__ -motif_com_err (const char *whoami, long code, const char *fmt, va_list args) -#else -motif_com_err (whoami, code, fmt, args) - const char *whoami; - long code; - const char *fmt; - va_list args; -#endif -{ - XEvent event; - char buf[2048]; - - buf[0] = '\0'; - - if (whoami) - { - strncpy(buf, whoami, sizeof(buf) - 1); - buf[sizeof(buf) - 1] = '\0'; - strncat(buf, ": ", sizeof(buf) - 1 - strlen(buf)); - } - if (code) - { - buf[sizeof(buf) - 1] = '\0'; - strncat(buf, error_message(code), sizeof(buf) - 1 - strlen(buf)); - strncat(buf, " ", sizeof(buf) - 1 - strlen(buf)); - } - if (fmt) - { - vsnprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), fmt, args); - } - - XtVaSetValues(scroll_text, XmNvalue, buf, NULL); - - for (; XtAppPending(app_con); ) - { - XtAppNextEvent(app_con, &event); - XtDispatchEvent(&event); - } -} - - -/*************************************************************************** - * - * Function to display help widget. - */ -static void -help() -{ - static Widget help_dlg = NULL; - - if (!help_dlg) - { - help_dlg = XmCreateInformationDialog(toplevel, "help_dlg", NULL, - 0); - XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_CANCEL_BUTTON)); - XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_HELP_BUTTON)); - } - XtManageChild(help_dlg); -} - - -/*************************************************************************** - * - * Unset the global "looping" when we want to get out of reading a - * password. - */ -static void -unset_looping() -{ - looping = 0; -} - - -/*************************************************************************** - * - * Function to exit the gui. Callback on the "Exit" button. - */ -static void -quit() -{ - exit(retval); -} - - -/*************************************************************************** - * - * Set up motif widgets, callbacks, etc. - */ -static void -create_widgets(argc, argv) - int *argc; - char *argv[]; -{ - Widget form, lbl_form, - sep, - scroll_win; - Pixel bg; - - toplevel = XtAppInitialize(&app_con, "Kpasswd", NULL, 0, argc, argv, - NULL, NULL, 0); - form = XtCreateManagedWidget("form", xmFormWidgetClass, toplevel, NULL, 0); - quit_btn = XtVaCreateManagedWidget("Quit", xmPushButtonWidgetClass, - form, - XmNleftAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_FORM, - NULL); - XtAddCallback(quit_btn, XmNactivateCallback, quit, 0); - help_btn = XtVaCreateManagedWidget("Help", xmPushButtonWidgetClass, - form, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_FORM, - /* XmNshowAsDefault, TRUE, */ - NULL); - XtAddCallback(help_btn, XmNactivateCallback, help, 0); - sep = XtVaCreateManagedWidget("sep", xmSeparatorWidgetClass, - form, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_WIDGET, - XmNbottomWidget, quit_btn, - NULL); - lbl_form = XtVaCreateManagedWidget("lbl_form", xmFormWidgetClass, - form, - XmNspacing, 0, - XmNleftAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_WIDGET, - XmNbottomWidget, sep, - NULL); - old_lbl = XtVaCreateManagedWidget("old_lbl", xmLabelWidgetClass, - lbl_form, - XmNtopAttachment, XmATTACH_FORM, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_FORM, - NULL); - new_lbl = XtVaCreateManagedWidget("new_lbl", xmLabelWidgetClass, - lbl_form, - XmNtopAttachment, XmATTACH_FORM, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_FORM, - NULL); - again_lbl = XtVaCreateManagedWidget("again_lbl", xmLabelWidgetClass, - lbl_form, - XmNtopAttachment, XmATTACH_FORM, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_FORM, - NULL); - prompt_text = XtVaCreateManagedWidget("prompt_text", xmTextWidgetClass, - form, - XmNeditMode, XmSINGLE_LINE_EDIT, - XmNleftAttachment, XmATTACH_WIDGET, - XmNleftWidget, lbl_form, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_WIDGET, - XmNbottomWidget, sep, - NULL); - XtAddCallback(prompt_text, XmNactivateCallback, unset_looping, 0); - XtVaGetValues(prompt_text, XmNbackground, &bg, NULL); - XtVaSetValues(prompt_text, XmNforeground, bg, NULL); - - main_lbl = XtVaCreateWidget("main_lbl", xmLabelWidgetClass, - form, - XmNtopAttachment, XmATTACH_FORM, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - NULL); - scroll_win = XtVaCreateManagedWidget("scroll_win", - xmScrolledWindowWidgetClass, - form, - XmNscrollingPolicy, XmAPPLICATION_DEFINED, - XmNscrollBarDisplayPolicy, XmSTATIC, - XmNtopAttachment, XmATTACH_WIDGET, - XmNtopWidget, main_lbl, - XmNleftAttachment, XmATTACH_FORM, - XmNrightAttachment, XmATTACH_FORM, - XmNbottomAttachment, XmATTACH_WIDGET, - XmNbottomWidget, prompt_text, - NULL); - scroll_text = XtVaCreateManagedWidget("scroll_text", xmTextWidgetClass, - scroll_win, - XmNeditMode, XmMULTI_LINE_EDIT, - XmNeditable, FALSE, - NULL); - XtRealizeWidget(toplevel); -} - - -/*************************************************************************** - * - * - */ -static long -read_password(password, pwsize) - char *password; - int *pwsize; -{ - XEvent event; - char *text_val; - - /* OK, this next part is gross... but this is due to the fact that */ - /* this is not your traditional X program, which would be event */ - /* driven. Instead, this program is more 'CLI' in nature, so we */ - /* handle the dialogs synchronously... */ - - XtVaSetValues(prompt_text, XmNmaxLength, *pwsize, XmNvalue, "", NULL); - for (looping=1; looping; ) - { - XtAppNextEvent(app_con, &event); - XtDispatchEvent(&event); - } - XtVaGetValues(prompt_text, XmNvalue, &text_val, NULL); - *pwsize = strlen(text_val); - strcpy(password, text_val); - memset(text_val, 0, *pwsize); - XtVaSetValues(prompt_text, XmNvalue, text_val, NULL); - return(0); -} - - -/*************************************************************************** - * - * - */ -void -display_intro_message(fmt_string, arg_string) - const char *fmt_string; - const char *arg_string; -{ - XmString xmstr; - char buf[1024]; - - snprintf(buf, sizeof(buf), fmt_string, arg_string); - - xmstr = XmStringCreateLtoR(buf, XmSTRING_DEFAULT_CHARSET); - XtVaSetValues(main_lbl, XmNlabelString, xmstr, NULL); - XmStringFree(xmstr); - XtManageChild(main_lbl); -} - - -long -read_old_password(context, password, pwsize) - krb5_context context; - char *password; - unsigned int *pwsize; -{ - long code; - - XtManageChild(old_lbl); - code = read_password(password, pwsize); - SetWatchCursor(); - return code; -} - -long -read_new_password(server_handle, password, pwsize, msg_ret, princ) - void *server_handle; - char *password; - unsigned int *pwsize; - char *msg_ret; - krb5_principal princ; -{ - char *password2 = (char *) malloc(*pwsize * sizeof(char)); - int pwsize2 = *pwsize; - - SetStandardCursor(); - - if (password2 == NULL) - { - strcpy(msg_ret, error_message(ENOMEM)); - SetWatchCursor(); - return(ENOMEM); - } - - XtManageChild(new_lbl); XtUnmanageChild(old_lbl); - read_password(password, pwsize); - XtManageChild(again_lbl); XtUnmanageChild(new_lbl); - read_password(password2, &pwsize2); - - if (strcmp(password, password2)) - { - memset(password, 0, *pwsize); - - memset(password2, 0, pwsize2); - free(password2); - - strcpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH)); - SetWatchCursor(); - return(KRB5_LIBOS_BADPWDMATCH); - } - - memset(password2, 0, pwsize2); - free(password2); - - SetWatchCursor(); - return (ovsec_kadm_chpass_principal_util(server_handle, princ, password, - NULL /* don't need new pw back */, - msg_ret)); -} - - -/*************************************************************************** - * - * - */ -void -main(argc, argv) - int argc; - char *argv[]; -{ - krb5_context context; - int code; - - initialize_kpasswd_strings(); - - whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]; - - (void) set_com_err_hook(motif_com_err); - - create_widgets(&argc, argv); - XmProcessTraversal(prompt_text, XmTRAVERSE_CURRENT); - - if (retval = krb5_init_context(&context)) { - com_err(whoami, retval, "initializing krb5 context"); - exit(retval); - } - - while (1) - { - retval = kpasswd(context, argc, argv); - SetStandardCursor(); - - if (!retval) - com_err(0, 0, string_text(KPW_STR_PASSWORD_CHANGED)); - - if (retval == 0) /* 0 is success, so presumably the user */ - /* is done. */ - XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT); - - if ((retval == 1) || /* the rest are "fatal", so we should */ - (retval == 3) || /* "force" the user to quit... */ - (retval == 6) || - (retval == 7)) - { - XtSetSensitive(prompt_text, FALSE); - XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT); - XtAppMainLoop(app_con); - } - } - - /* NOTREACHED */ - exit(retval); -} diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in index 21f3e7aea..67f6ba8f7 100644 --- a/src/kadmin/server/Makefile.in +++ b/src/kadmin/server/Makefile.in @@ -13,8 +13,8 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) PROG = kadmind -OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o -SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c +OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o +SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c all:: $(PROG) diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index b8aef57f1..073f6ff10 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -45,14 +45,6 @@ schpw_util_wrapper(void *server_handle, krb5_principal client, kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal, char *msg_ret, unsigned int msg_len); -kadm5_ret_t kadm5_get_principal_v1(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t_v1 *ent); - -kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name, - kadm5_policy_ent_t *ent); - - krb5_error_code process_chpw_request(krb5_context context, void *server_handle, char *realm, diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 82ce71634..d2451f8ad 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -89,14 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; gss_name_t gss_kadmin_name = NULL; void *global_server_handle; -/* - * This is a kludge, but the server needs these constants to be - * compatible with old clients. They are defined in <kadm5/admin.h>, - * but only if USE_KADM5_API_VERSION == 1. - */ -#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin" -#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw" - extern krb5_keyblock master_keyblock; extern krb5_keylist_node *master_keylist; @@ -210,7 +202,7 @@ int main(int argc, char *argv[]) { extern char *optarg; extern int optind, opterr; - int ret, oldnames = 0; + int ret; OM_uint32 OMret, major_status, minor_status; char *whoami; gss_buffer_desc in_buf; @@ -365,11 +357,7 @@ int main(int argc, char *argv[]) names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm); names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); - names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm); - names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE, - params.realm); - if (names[0].name == NULL || names[1].name == NULL || - names[2].name == NULL || names[3].name == NULL) { + if (names[0].name == NULL || names[1].name == NULL) { krb5_klog_syslog(LOG_ERR, "Cannot build GSS-API authentication names, " "failing."); @@ -424,13 +412,7 @@ kterr: exit(1); } - /* - * Try to acquire creds for the old OV services as well as the - * new names, but if that fails just fall back on the new names. - */ - if (svcauth_gssapi_set_names(names, 4) == TRUE) - oldnames++; - if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) { + if (svcauth_gssapi_set_names(names, 2) == FALSE) { krb5_klog_syslog(LOG_ERR, "Cannot set GSS-API authentication names (keytab not present?), " "failing."); @@ -447,12 +429,6 @@ kterr: in_buf.length = strlen(names[1].name) + 1; (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, &gss_changepw_name); - if (oldnames) { - in_buf.value = names[3].name; - in_buf.length = strlen(names[3].name) + 1; - (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, - &gss_oldchangepw_name); - } svcauth_gssapi_set_log_badauth_func(log_badauth, NULL); svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); diff --git a/src/kadmin/server/server_glue_v1.c b/src/kadmin/server/server_glue_v1.c deleted file mode 100644 index dfd6430f1..000000000 --- a/src/kadmin/server/server_glue_v1.c +++ /dev/null @@ -1,32 +0,0 @@ -#define USE_KADM5_API_VERSION 1 -#include <kadm5/admin.h> -#include "misc.h" - -/* - * In server_stubs.c, kadmind has to be able to call kadm5 functions - * with the arguments appropriate for any api version. Because of the - * prototypes in admin.h, however, the compiler will only allow one - * set of arguments to be passed. This file exports the old api - * definitions with a different name, so they can be called from - * server_stubs.c, and just passes on the call to the real api - * function; it uses the old api version, however, so it can actually - * call the real api functions whereas server_stubs.c cannot. - * - * This is most useful for functions like kadm5_get_principal that - * take a different number of arguments based on API version. For - * kadm5_get_policy, the same thing could be accomplished with - * typecasts instead. - */ - -kadm5_ret_t kadm5_get_principal_v1(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t_v1 *ent) -{ - return kadm5_get_principal(server_handle, principal, ent); -} - -kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name, - kadm5_policy_ent_t *ent) -{ - return kadm5_get_policy(server_handle, name, ent); -} diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 038a4a73f..ebef752ae 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -641,7 +641,6 @@ gprinc_ret * get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) { static gprinc_ret ret; - kadm5_principal_ent_t_v1 e; char *prime_arg, *funcname; gss_buffer_desc client_name, service_name; @@ -659,8 +658,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) ret.api_version = handle->api_version; - funcname = handle->api_version == KADM5_API_VERSION_1 ? - "kadm5_get_principal (V1)" : "kadm5_get_principal"; + funcname = "kadm5_get_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -681,18 +679,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } else { - if (handle->api_version == KADM5_API_VERSION_1) { - ret.code = kadm5_get_principal_v1((void *)handle, - arg->princ, &e); - if(ret.code == KADM5_OK) { - memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1)); - free(e); - } - } else { - ret.code = kadm5_get_principal((void *)handle, - arg->princ, &ret.rec, - arg->mask); - } + ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec, + arg->mask); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); @@ -1114,8 +1102,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) ret.api_version = handle->api_version; - funcname = handle->api_version == KADM5_API_VERSION_1 ? - "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal"; + funcname = "kadm5_randkey_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -1141,13 +1128,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) } if(ret.code == KADM5_OK) { - if (handle->api_version == KADM5_API_VERSION_1) { - krb5_copy_keyblock_contents(handle->context, k, &ret.key); - krb5_free_keyblock(handle->context, k); - } else { - ret.keys = k; - ret.n_keys = nkeys; - } + ret.keys = k; + ret.n_keys = nkeys; } if(ret.code != KADM5_AUTH_CHANGEPW) { @@ -1191,8 +1173,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) ret.api_version = handle->api_version; - funcname = handle->api_version == KADM5_API_VERSION_1 ? - "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal"; + funcname = "kadm5_randkey_principal"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -1224,13 +1205,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) } if(ret.code == KADM5_OK) { - if (handle->api_version == KADM5_API_VERSION_1) { - krb5_copy_keyblock_contents(handle->context, k, &ret.key); - krb5_free_keyblock(handle->context, k); - } else { - ret.keys = k; - ret.n_keys = nkeys; - } + ret.keys = k; + ret.n_keys = nkeys; } if(ret.code != KADM5_AUTH_CHANGEPW) { @@ -1437,8 +1413,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) ret.api_version = handle->api_version; - funcname = handle->api_version == KADM5_API_VERSION_1 ? - "kadm5_get_policy (V1)" : "kadm5_get_policy"; + funcname = "kadm5_get_policy"; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -1468,16 +1443,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) } if (ret.code == KADM5_OK) { - if (handle->api_version == KADM5_API_VERSION_1) { - ret.code = kadm5_get_policy_v1((void *)handle, arg->name, &e); - if(ret.code == KADM5_OK) { - memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec)); - free(e); - } - } else { - ret.code = kadm5_get_policy((void *)handle, arg->name, - &ret.rec); - } + ret.code = kadm5_get_policy(handle, arg->name, &ret.rec); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); @@ -1632,10 +1598,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) slen = service_name.length; trunc_name(&slen, &sdots); /* okay to cast lengths to int because trunc_name limits max value */ - krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " + krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, " "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", - (ret.api_version == KADM5_API_VERSION_1 ? - "kadm5_init (V1)" : "kadm5_init"), (int)clen, (char *)client_name.value, cdots, errmsg ? errmsg : "success", (int)clen, (char *)client_name.value, cdots, diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin index 7750e5272..519b9864e 100755 --- a/src/kadmin/testing/scripts/env-setup.shin +++ b/src/kadmin/testing/scripts/env-setup.shin @@ -74,8 +74,8 @@ SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP -CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl; export CLNTTCL -SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl; export SRVTCL +CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL +SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db index 7296e1f9b..1cb96f843 100755 --- a/src/kadmin/testing/scripts/init_db +++ b/src/kadmin/testing/scripts/init_db @@ -42,7 +42,7 @@ fi DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR DUMMY=${STESTDIR=$STOP/testing} -DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL +DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} @@ -101,81 +101,82 @@ if {[info exists env(USER)]} { } set cmds { - {ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \ - $OVSEC_KADM_API_VERSION_1 server_handle} - - {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \ - {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}} - {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \ - {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}} - {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \ - {OVSEC_KADM_POLICY}} - {ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \ - {OVSEC_KADM_POLICY}} - - {ovsec_kadm_create_principal $server_handle \ - [simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \ + {kadm5_init $env(SRVTCL) mrroot null \ + [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_2 server_handle} + + {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \ + {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM}} + {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \ + {KADM5_POLICY KADM5_PW_MIN_LIFE}} + {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0" \ + {KADM5_POLICY}} + {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \ + {KADM5_POLICY}} + + {kadm5_create_principal $server_handle \ + [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena} + {kadm5_create_principal $server_handle \ + [simple_principal test1@$r] {KADM5_PRINCIPAL} test1} + {kadm5_create_principal $server_handle \ + [simple_principal test2@$r] {KADM5_PRINCIPAL} test2} + {kadm5_create_principal $server_handle \ + [simple_principal test3@$r] {KADM5_PRINCIPAL} test3} + {kadm5_create_principal $server_handle \ + [simple_principal admin@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \ admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \ + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \ admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin} - {ovsec_kadm_create_principal $server_handle \ - [princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \ - OVSEC_KADM_POLICY} pol111111} - {ovsec_kadm_create_principal $server_handle \ - [princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \ - OVSEC_KADM_POLICY} pol222222} - {ovsec_kadm_create_principal $server_handle \ - [princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \ - OVSEC_KADM_POLICY} pol333333} - {ovsec_kadm_create_principal $server_handle \ + {kadm5_create_principal $server_handle \ + [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol111111} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol222222} + {kadm5_create_principal $server_handle \ + [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \ + KADM5_POLICY} pol333333} + {kadm5_create_principal $server_handle \ [princ_w_pol admin/get-pol@$r test-pol-nopw] \ - {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin} - {ovsec_kadm_create_principal $server_handle \ - [princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \ - OVSEC_KADM_POLICY} StupidAdmin} + {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin} + {kadm5_create_principal $server_handle \ + [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \ + KADM5_POLICY} StupidAdmin} - {ovsec_kadm_create_principal $server_handle \ + {kadm5_create_principal $server_handle \ [simple_principal changepw/kerberos] \ - {OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}} + {KADM5_PRINCIPAL} {XXX THIS IS WRONG}} - {ovsec_kadm_create_principal $server_handle \ + {kadm5_create_principal $server_handle \ [simple_principal $whoami] \ - {OVSEC_KADM_PRINCIPAL} $whoami} + {KADM5_PRINCIPAL} $whoami} - {ovsec_kadm_destroy $server_handle} + {kadm5_destroy $server_handle} } foreach cmd $cmds { diff --git a/src/kadmin/testing/scripts/make-host-keytab.plin b/src/kadmin/testing/scripts/make-host-keytab.plin index ad509c35c..cf62ae797 100755 --- a/src/kadmin/testing/scripts/make-host-keytab.plin +++ b/src/kadmin/testing/scripts/make-host-keytab.plin @@ -67,7 +67,7 @@ die "Neither \$TOP nor \$TESTDIR is set, and -top not specified.\n" $top = $ENV{'TOP'} if (! $top); $TESTDIR = ($ENV{'TESTDIR'} || "$top/testing"); $MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} || "$TESTDIR/scripts/$whoami"); -$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/ovsec_kadm_srv_tcl"); +$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/kadm5_srv_tcl"); $TCLUTIL = ($ENV{'TCLUTIL'} || "$TESTDIR/tcl/util.t"); # This'll be wrong sometimes $RSH_CMD = ($ENV{'RSH_CMD'} || '/usr/ucb/rsh'); diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local index ec4dab6d9..8cd0f3a61 100755 --- a/src/kadmin/testing/scripts/start_servers_local +++ b/src/kadmin/testing/scripts/start_servers_local @@ -3,7 +3,7 @@ DUMMY=${TESTDIR=$TOP/testing} DUMMY=${STESTDIR=$STOP/testing} DUMMY=${INITDB=$STESTDIR/scripts/init_db} -DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL +DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR @@ -81,11 +81,12 @@ if { [catch { source $env(STOP)/testing/tcl/util.t set r $env(REALM) set q $env(QUALNAME) - puts stdout [ovsec_kadm_init $env(SRVTCL) mrroot null $r \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle] - puts stdout [ovsec_kadm_create_principal $server_handle \ - [simple_principal host/$q@$r] {OVSEC_KADM_PRINCIPAL} notathena] - puts stdout [ovsec_kadm_destroy $server_handle] + puts stdout [kadm5_init $env(SRVTCL) mrroot null \ + [config_params {KADM5_CONFIG_REALM} $r] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle] + puts stdout [kadm5_create_principal $server_handle \ + [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena] + puts stdout [kadm5_destroy $server_handle] } err]} { puts stderr "initialization error: $err" exit 1 diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in index ec09047cb..b1b61d998 100644 --- a/src/kadmin/testing/util/Makefile.in +++ b/src/kadmin/testing/util/Makefile.in @@ -12,11 +12,11 @@ KRB5_PTHREAD_LIB=$(THREAD_LINKOPTS) PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH) -SRCS = $(srcdir)/tcl_ovsec_kadm.c $(srcdir)/tcl_kadm5.c $(srcdir)/test.c -OBJS = tcl_ovsec_kadm.o tcl_kadm5.o test.o +SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c +OBJS = tcl_kadm5.o test.o -CLNTPROG= ovsec_kadm_clnt_tcl -SRVPROG = ovsec_kadm_srv_tcl +CLNTPROG= kadm5_clnt_tcl +SRVPROG = kadm5_srv_tcl DO_ALL=@DO_ALL@ diff --git a/src/kadmin/testing/util/deps b/src/kadmin/testing/util/deps index c822ad27b..d4491623d 100644 --- a/src/kadmin/testing/util/deps +++ b/src/kadmin/testing/util/deps @@ -1,17 +1,6 @@ # # Generated makefile dependencies follow. # -$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c $(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index aeffdb167..8de05e5e5 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -123,13 +123,6 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name) } do { - /* - * Handles from ovsec_kadm_init() and kadm5_init() should not - * be mixed during unit tests, but the API would happily - * accept them. Making the hash entry names different in - * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE - * will fail if presented a handle from the other API. - */ sprintf(buf, "kadm5_handle%d", i); entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr); i++; @@ -152,11 +145,7 @@ static int get_server_handle(Tcl_Interp *interp, const char *name, else { if (! (struct_table && (entry = Tcl_FindHashEntry(struct_table, name)))) { - if (strncmp(name, "ovsec_kadm_handle", 17) == 0) - Tcl_AppendResult(interp, "ovsec_kadm handle " - "specified for kadm5 api: ", name, 0); - else - Tcl_AppendResult(interp, "unknown server handle ", name, 0); + Tcl_AppendResult(interp, "unknown server handle ", name, 0); return TCL_ERROR; } *handle = (void *) Tcl_GetHashValue(entry); @@ -2497,8 +2486,6 @@ void Tcl_kadm5_init(Tcl_Interp *interp) KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION); Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); - (void) sprintf(buf, "%d", KADM5_API_VERSION_1); - Tcl_SetVar(interp, "KADM5_API_VERSION_1", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_2); Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK); diff --git a/src/kadmin/testing/util/tcl_kadm5.h b/src/kadmin/testing/util/tcl_kadm5.h index 7e237753a..d2fdd1d03 100644 --- a/src/kadmin/testing/util/tcl_kadm5.h +++ b/src/kadmin/testing/util/tcl_kadm5.h @@ -1,4 +1,3 @@ void Tcl_kadm5_init(Tcl_Interp *interp); -void Tcl_ovsec_kadm_init(Tcl_Interp *interp); diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm_syntax b/src/kadmin/testing/util/tcl_kadm5_syntax index 3fc77fbcb..5f16e58e0 100644 --- a/src/kadmin/testing/util/tcl_ovsec_kadm_syntax +++ b/src/kadmin/testing/util/tcl_kadm5_syntax @@ -1,5 +1,5 @@ Here's a brief summary of the syntax of the tcl versions of the -ovsec_kadm commands: +kadm5 functions: string Can be a string or "null" which will turn into a null pointer principal_ent A 12-field list in the order of the principal_ent diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c deleted file mode 100644 index 936e028f5..000000000 --- a/src/kadmin/testing/util/tcl_ovsec_kadm.c +++ /dev/null @@ -1,2036 +0,0 @@ -#include "autoconf.h" -#include <stdio.h> -#include <string.h> -#if HAVE_TCL_H -#include <tcl.h> -#elif HAVE_TCL_TCL_H -#include <tcl/tcl.h> -#endif -#define USE_KADM5_API_VERSION 1 -#include <kadm5/admin.h> -#include <com_err.h> -#include <errno.h> -#include <stdlib.h> -#include "tcl_kadm5.h" -#include <adb_err.h> - -struct flagval { - char *name; - krb5_flags val; -}; - -/* XXX This should probably be in the hash table like server_handle */ -static krb5_context context; - -struct flagval krb5_flags_array[] = { - {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED}, - {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE}, - {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED}, - {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE}, - {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE}, - {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY}, - {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX}, - {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH}, - {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH}, - {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE}, - {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR}, - {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE} -}; - -struct flagval aux_attributes[] = { - {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY} -}; - -struct flagval principal_mask_flags[] = { - {"OVSEC_KADM_PRINCIPAL", OVSEC_KADM_PRINCIPAL}, - {"OVSEC_KADM_PRINC_EXPIRE_TIME", OVSEC_KADM_PRINC_EXPIRE_TIME}, - {"OVSEC_KADM_PW_EXPIRATION", OVSEC_KADM_PW_EXPIRATION}, - {"OVSEC_KADM_LAST_PWD_CHANGE", OVSEC_KADM_LAST_PWD_CHANGE}, - {"OVSEC_KADM_ATTRIBUTES", OVSEC_KADM_ATTRIBUTES}, - {"OVSEC_KADM_MAX_LIFE", OVSEC_KADM_MAX_LIFE}, - {"OVSEC_KADM_MOD_TIME", OVSEC_KADM_MOD_TIME}, - {"OVSEC_KADM_MOD_NAME", OVSEC_KADM_MOD_NAME}, - {"OVSEC_KADM_KVNO", OVSEC_KADM_KVNO}, - {"OVSEC_KADM_MKVNO", OVSEC_KADM_MKVNO}, - {"OVSEC_KADM_AUX_ATTRIBUTES", OVSEC_KADM_AUX_ATTRIBUTES}, - {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY}, - {"OVSEC_KADM_POLICY_CLR", OVSEC_KADM_POLICY_CLR} -}; - -struct flagval policy_mask_flags[] = { - {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY}, - {"OVSEC_KADM_PW_MAX_LIFE", OVSEC_KADM_PW_MAX_LIFE}, - {"OVSEC_KADM_PW_MIN_LIFE", OVSEC_KADM_PW_MIN_LIFE}, - {"OVSEC_KADM_PW_MIN_LENGTH", OVSEC_KADM_PW_MIN_LENGTH}, - {"OVSEC_KADM_PW_MIN_CLASSES", OVSEC_KADM_PW_MIN_CLASSES}, - {"OVSEC_KADM_PW_HISTORY_NUM", OVSEC_KADM_PW_HISTORY_NUM}, - {"OVSEC_KADM_REF_COUNT", OVSEC_KADM_REF_COUNT} -}; - -struct flagval priv_flags[] = { - {"OVSEC_KADM_PRIV_GET", OVSEC_KADM_PRIV_GET}, - {"OVSEC_KADM_PRIV_ADD", OVSEC_KADM_PRIV_ADD}, - {"OVSEC_KADM_PRIV_MODIFY", OVSEC_KADM_PRIV_MODIFY}, - {"OVSEC_KADM_PRIV_DELETE", OVSEC_KADM_PRIV_DELETE} -}; - - -static char *arg_error = "wrong # args"; - -static Tcl_HashTable *struct_table = 0; - -static int put_server_handle(Tcl_Interp *interp, void *handle, char **name) -{ - int i = 1, newPtr = 0; - static char buf[20]; - Tcl_HashEntry *entry; - - if (! struct_table) { - if (! (struct_table = - malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - do { - /* - * Handles from ovsec_kadm_init() and kadm5_init() should not - * be mixed during unit tests, but the API would happily - * accept them. Making the hash entry names different in - * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE - * will fail if presented a handle from the other API. - */ - sprintf(buf, "ovsec_kadm_handle%d", i); - entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr); - i++; - } while (! newPtr); - - Tcl_SetHashValue(entry, handle); - - *name = buf; - - return TCL_OK; -} - -static int get_server_handle(Tcl_Interp *interp, const char *name, - void **handle) -{ - Tcl_HashEntry *entry; - - if(!strcasecmp(name, "null")) - *handle = 0; - else { - if (! (struct_table && - (entry = Tcl_FindHashEntry(struct_table, name)))) { - if (strncmp(name, "kadm5_handle", 12) == 0) - Tcl_AppendResult(interp, "kadm5 handle specified " - "for ovsec_kadm api: ", name, 0); - else - Tcl_AppendResult(interp, "unknown server handle ", name, 0); - return TCL_ERROR; - } - *handle = (void *) Tcl_GetHashValue(entry); - } - return TCL_OK; -} - -static int remove_server_handle(Tcl_Interp *interp, const char *name) -{ - Tcl_HashEntry *entry; - - if (! (struct_table && - (entry = Tcl_FindHashEntry(struct_table, name)))) { - Tcl_AppendResult(interp, "unknown server handle ", name, 0); - return TCL_ERROR; - } - - Tcl_DeleteHashEntry(entry); - return TCL_OK; -} - -#define GET_HANDLE(num_args, do_dostruct) \ - void *server_handle; \ - int dostruct = 0; \ - const char *whoami = argv[0]; \ - argv++, argc--; \ - if ((argc > 0) && (! strcmp(argv[0], "-struct"))) { \ - if (! do_dostruct) { \ - Tcl_AppendResult(interp, "-struct isn't a valid option for ", \ - whoami, 0); \ - return TCL_ERROR; \ - } \ - dostruct++; \ - argv++, argc--; \ - } \ - if (argc != num_args + 1) { \ - Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \ - return TCL_ERROR; \ - } \ - { \ - int htcl_ret; \ - if ((htcl_ret = get_server_handle(interp, argv[0], &server_handle)) \ - != TCL_OK) { \ - return htcl_ret; \ - } \ - } \ - argv++, argc--; - -static Tcl_HashTable *create_flag_table(struct flagval *flags, int size) -{ - Tcl_HashTable *table; - Tcl_HashEntry *entry; - int i; - - if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_InitHashTable(table, TCL_STRING_KEYS); - - for (i = 0; i < size; i++) { - int newPtr; - - if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_SetHashValue(entry, &flags[i].val); - } - - return table; -} - - -static Tcl_DString *unparse_str(char *in_str) -{ - Tcl_DString *str; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - if (! in_str) { - Tcl_DStringAppend(str, "null", -1); - } - else { - Tcl_DStringAppend(str, in_str, -1); - } - - return str; -} - - - -static int parse_str(Tcl_Interp *interp, const char *in_str, - char **out_str) -{ - if (! in_str) { - *out_str = 0; - } - else if (! strcasecmp(in_str, "null")) { - *out_str = 0; - } - else { - *out_str = (char *) in_str; - } - return TCL_OK; -} - - -static void set_ok(Tcl_Interp *interp, char *string) -{ - Tcl_SetResult(interp, "OK", TCL_STATIC); - Tcl_AppendElement(interp, "OVSEC_KADM_OK"); - Tcl_AppendElement(interp, string); -} - - - -static Tcl_DString *unparse_err(ovsec_kadm_ret_t code) -{ - char *code_string; - const char *error_string; - Tcl_DString *dstring; - - switch (code) { - case OVSEC_KADM_FAILURE: code_string = "OVSEC_KADM_FAILURE"; break; - case OVSEC_KADM_AUTH_GET: code_string = "OVSEC_KADM_AUTH_GET"; break; - case OVSEC_KADM_AUTH_ADD: code_string = "OVSEC_KADM_AUTH_ADD"; break; - case OVSEC_KADM_AUTH_MODIFY: - code_string = "OVSEC_KADM_AUTH_MODIFY"; break; - case OVSEC_KADM_AUTH_DELETE: - code_string = "OVSEC_KADM_AUTH_DELETE"; break; - case OVSEC_KADM_AUTH_INSUFFICIENT: - code_string = "OVSEC_KADM_AUTH_INSUFFICIENT"; break; - case OVSEC_KADM_BAD_DB: code_string = "OVSEC_KADM_BAD_DB"; break; - case OVSEC_KADM_DUP: code_string = "OVSEC_KADM_DUP"; break; - case OVSEC_KADM_RPC_ERROR: code_string = "OVSEC_KADM_RPC_ERROR"; break; - case OVSEC_KADM_NO_SRV: code_string = "OVSEC_KADM_NO_SRV"; break; - case OVSEC_KADM_BAD_HIST_KEY: - code_string = "OVSEC_KADM_BAD_HIST_KEY"; break; - case OVSEC_KADM_NOT_INIT: code_string = "OVSEC_KADM_NOT_INIT"; break; - case OVSEC_KADM_INIT: code_string = "OVSEC_KADM_INIT"; break; - case OVSEC_KADM_BAD_PASSWORD: - code_string = "OVSEC_KADM_BAD_PASSWORD"; break; - case OVSEC_KADM_UNK_PRINC: code_string = "OVSEC_KADM_UNK_PRINC"; break; - case OVSEC_KADM_UNK_POLICY: code_string = "OVSEC_KADM_UNK_POLICY"; break; - case OVSEC_KADM_BAD_MASK: code_string = "OVSEC_KADM_BAD_MASK"; break; - case OVSEC_KADM_BAD_CLASS: code_string = "OVSEC_KADM_BAD_CLASS"; break; - case OVSEC_KADM_BAD_LENGTH: code_string = "OVSEC_KADM_BAD_LENGTH"; break; - case OVSEC_KADM_BAD_POLICY: code_string = "OVSEC_KADM_BAD_POLICY"; break; - case OVSEC_KADM_BAD_HISTORY: code_string = "OVSEC_KADM_BAD_HISTORY"; break; - case OVSEC_KADM_BAD_PRINCIPAL: - code_string = "OVSEC_KADM_BAD_PRINCIPAL"; break; - case OVSEC_KADM_BAD_AUX_ATTR: - code_string = "OVSEC_KADM_BAD_AUX_ATTR"; break; - case OVSEC_KADM_PASS_Q_TOOSHORT: - code_string = "OVSEC_KADM_PASS_Q_TOOSHORT"; break; - case OVSEC_KADM_PASS_Q_CLASS: - code_string = "OVSEC_KADM_PASS_Q_CLASS"; break; - case OVSEC_KADM_PASS_Q_DICT: - code_string = "OVSEC_KADM_PASS_Q_DICT"; break; - case OVSEC_KADM_PASS_REUSE: code_string = "OVSEC_KADM_PASS_REUSE"; break; - case OVSEC_KADM_PASS_TOOSOON: - code_string = "OVSEC_KADM_PASS_TOOSOON"; break; - case OVSEC_KADM_POLICY_REF: - code_string = "OVSEC_KADM_POLICY_REF"; break; - case OVSEC_KADM_PROTECT_PRINCIPAL: - code_string = "OVSEC_KADM_PROTECT_PRINCIPAL"; break; - case OVSEC_KADM_BAD_SERVER_HANDLE: - code_string = "OVSEC_KADM_BAD_SERVER_HANDLE"; break; - case OVSEC_KADM_BAD_STRUCT_VERSION: - code_string = "OVSEC_KADM_BAD_STRUCT_VERSION"; break; - case OVSEC_KADM_OLD_STRUCT_VERSION: - code_string = "OVSEC_KADM_OLD_STRUCT_VERSION"; break; - case OVSEC_KADM_NEW_STRUCT_VERSION: - code_string = "OVSEC_KADM_NEW_STRUCT_VERSION"; break; - case OVSEC_KADM_BAD_API_VERSION: - code_string = "OVSEC_KADM_BAD_API_VERSION"; break; - case OVSEC_KADM_OLD_LIB_API_VERSION: - code_string = "OVSEC_KADM_OLD_LIB_API_VERSION"; break; - case OVSEC_KADM_OLD_SERVER_API_VERSION: - code_string = "OVSEC_KADM_OLD_SERVER_API_VERSION"; break; - case OVSEC_KADM_NEW_LIB_API_VERSION: - code_string = "OVSEC_KADM_NEW_LIB_API_VERSION"; break; - case OVSEC_KADM_NEW_SERVER_API_VERSION: - code_string = "OVSEC_KADM_NEW_SERVER_API_VERSION"; break; - case OVSEC_KADM_SECURE_PRINC_MISSING: - code_string = "OVSEC_KADM_SECURE_PRINC_MISSING"; break; - case KADM5_NO_RENAME_SALT: - code_string = "KADM5_NO_RENAME_SALT"; break; - case KADM5_BAD_CLIENT_PARAMS: - code_string = "KADM5_BAD_CLIENT_PARAMS"; break; - case KADM5_BAD_SERVER_PARAMS: - code_string = "KADM5_BAD_SERVER_PARAMS"; break; - case KADM5_AUTH_LIST: - code_string = "KADM5_AUTH_LIST"; break; - case KADM5_AUTH_CHANGEPW: - code_string = "KADM5_AUTH_CHANGEPW"; break; - case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break; - case OSA_ADB_NOENT: code_string = "ENOENT"; break; - case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break; - case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break; - case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break; - case OSA_ADB_BAD_DB: code_string = "Invalid database."; break; - case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break; - case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break; - case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break; - case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break; - case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break; - case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break; - case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break; - case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break; - case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break; - case KRB5_KDB_TRUNCATED_RECORD: - code_string = "KRB5_KDB_TRUNCATED_RECORD"; break; - case KRB5_KDB_RECURSIVELOCK: - code_string = "KRB5_KDB_RECURSIVELOCK"; break; - case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break; - case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break; - case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break; - case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break; - case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break; - case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break; - case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break; - case KRB5_KDB_INVALIDKEYSIZE: - code_string = "KRB5_KDB_INVALIDKEYSIZE"; break; - case KRB5_KDB_CANTREAD_STORED: - code_string = "KRB5_KDB_CANTREAD_STORED"; break; - case KRB5_KDB_BADSTORED_MKEY: - code_string = "KRB5_KDB_BADSTORED_MKEY"; break; - case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break; - case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break; - case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break; - case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break; - case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break; - case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break; - case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break; - case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break; - case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break; - case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break; - case EINVAL: code_string = "EINVAL"; break; - case ENOENT: code_string = "ENOENT"; break; - default: - fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code, - error_message (code)); - code_string = "UNKNOWN"; - break; - } - - error_string = error_message(code); - - if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX Do we really want to exit? Ok if this is */ - /* just a test program, but what about if it gets */ - /* used for other things later? */ - } - - Tcl_DStringInit(dstring); - - if (! (Tcl_DStringAppendElement(dstring, "ERROR") && - Tcl_DStringAppendElement(dstring, code_string) && - Tcl_DStringAppendElement(dstring, error_string))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - return dstring; -} - - - -static void stash_error(Tcl_Interp *interp, krb5_error_code code) -{ - Tcl_DString *dstring = unparse_err(code); - Tcl_DStringResult(interp, dstring); - Tcl_DStringFree(dstring); - free(dstring); -} - - - -static Tcl_DString *unparse_flags(struct flagval *array, int size, - krb5_int32 flags) -{ - int i; - Tcl_DString *str; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - for (i = 0; i < size; i++) { - if (flags & array[i].val) { - Tcl_DStringAppendElement(str, array[i].name); - } - } - - return str; -} - - -static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table, - struct flagval *array, int size, const char *str, - krb5_flags *flags) -{ - int tmp, argc, i, retcode = TCL_OK; - const char **argv; - Tcl_HashEntry *entry; - - if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) { - *flags = tmp; - return TCL_OK; - } - Tcl_ResetResult(interp); - - if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) { - return TCL_ERROR; - } - - if (! table) { - table = create_flag_table(array, size); - } - - *flags = 0; - - for (i = 0; i < argc; i++) { - if (! (entry = Tcl_FindHashEntry(table, argv[i]))) { - Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0); - retcode = TCL_ERROR; - break; - } - *flags |= *(krb5_flags *) Tcl_GetHashValue(entry); - } - - Tcl_Free((char *) argv); - return(retcode); -} - -static Tcl_DString *unparse_privs(krb5_flags flags) -{ - return unparse_flags(priv_flags, sizeof(priv_flags) / - sizeof(struct flagval), flags); -} - - -static Tcl_DString *unparse_krb5_flags(krb5_flags flags) -{ - return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) / - sizeof(struct flagval), flags); -} - -static int parse_krb5_flags(Tcl_Interp *interp, const char *str, - krb5_flags *flags) -{ - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, krb5_flags_array, - sizeof(krb5_flags_array) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; -} - -static Tcl_DString *unparse_aux_attributes(krb5_int32 flags) -{ - return unparse_flags(aux_attributes, sizeof(aux_attributes) / - sizeof(struct flagval), flags); -} - - -static int parse_aux_attributes(Tcl_Interp *interp, const char *str, - long *flags) -{ - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, aux_attributes, - sizeof(aux_attributes) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; -} - -static int parse_principal_mask(Tcl_Interp *interp, const char *str, - krb5_int32 *flags) -{ - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, principal_mask_flags, - sizeof(principal_mask_flags) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; -} - - -static int parse_policy_mask(Tcl_Interp *interp, const char *str, - krb5_int32 *flags) -{ - krb5_flags tmp; - static Tcl_HashTable *table = 0; - int tcl_ret; - - if ((tcl_ret = parse_flags(interp, table, policy_mask_flags, - sizeof(policy_mask_flags) / - sizeof(struct flagval), - str, &tmp)) != TCL_OK) { - return tcl_ret; - } - - *flags = tmp; - return TCL_OK; -} - - -static Tcl_DString *unparse_principal_ent(ovsec_kadm_principal_ent_t princ) -{ - Tcl_DString *str, *tmp_dstring; - char *tmp; - char buf[20]; - krb5_error_code krb5_ret; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - tmp = 0; /* It looks to me from looking at the library source */ - /* code for krb5_parse_name that the pointer passed into */ - /* it should be initialized to 0 if I want it do be */ - /* allocated automatically. */ - krb5_ret = krb5_unparse_name(context, princ->principal, &tmp); - if (krb5_ret) { - /* XXX Do we want to return an error? Not sure. */ - Tcl_DStringAppendElement(str, "[unparseable principal]"); - } - else { - Tcl_DStringAppendElement(str, tmp); - free(tmp); - } - - sprintf(buf, "%d", princ->princ_expire_time); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->last_pwd_change); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->pw_expiration); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->max_life); - Tcl_DStringAppendElement(str, buf); - - tmp = 0; - krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp); - if (krb5_ret) { - /* XXX */ - Tcl_DStringAppendElement(str, "[unparseable principal]"); - } - else { - Tcl_DStringAppendElement(str, tmp); - free(tmp); - } - - sprintf(buf, "%d", princ->mod_date); - Tcl_DStringAppendElement(str, buf); - - tmp_dstring = unparse_krb5_flags(princ->attributes); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - sprintf(buf, "%d", princ->kvno); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%d", princ->mkvno); - Tcl_DStringAppendElement(str, buf); - - /* XXX This may be dangerous, because the contents of the policy */ - /* field are undefined if the POLICY bit isn't set. However, I */ - /* think it's a bug for the field not to be null in that case */ - /* anyway, so we should assume that it will be null so that we'll */ - /* catch it if it isn't. */ - - tmp_dstring = unparse_str(princ->policy); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - tmp_dstring = unparse_aux_attributes(princ->aux_attributes); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - return str; -} - - - -static int parse_principal_ent(Tcl_Interp *interp, const char *list, - ovsec_kadm_principal_ent_t *out_princ) -{ - ovsec_kadm_principal_ent_t princ = 0; - krb5_error_code krb5_ret; - int tcl_ret; - int argc; - const char **argv; - int tmp; - int retcode = TCL_OK; - - if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return tcl_ret; - } - - if (argc != 12) { - sprintf(interp->result, "wrong # args in principal structure (%d should be 12)", - argc); - retcode = TCL_ERROR; - goto finished; - } - - if (! (princ = malloc(sizeof *princ))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal"); - retcode = TCL_ERROR; - goto finished; - } - - /* - * All of the numerical values parsed here are parsed into an - * "int" and then assigned into the structure in case the actual - * width of the field in the Kerberos structure is different from - * the width of an integer. - */ - - if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing princ_expire_time"); - retcode = TCL_ERROR; - goto finished; - } - princ->princ_expire_time = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing last_pwd_change"); - retcode = TCL_ERROR; - goto finished; - } - princ->last_pwd_change = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_expiration"); - retcode = TCL_ERROR; - goto finished; - } - princ->pw_expiration = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing max_life"); - retcode = TCL_ERROR; - goto finished; - } - princ->max_life = tmp; - - if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing mod_name"); - retcode = TCL_ERROR; - goto finished; - } - - if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mod_date"); - retcode = TCL_ERROR; - goto finished; - } - princ->mod_date = tmp; - - if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing attributes"); - retcode = TCL_ERROR; - goto finished; - } - - if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing kvno"); - retcode = TCL_ERROR; - goto finished; - } - princ->kvno = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing mkvno"); - retcode = TCL_ERROR; - goto finished; - } - princ->mkvno = tmp; - - if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - retcode = TCL_ERROR; - goto finished; - } - if(princ->policy != NULL) { - if(!(princ->policy = strdup(princ->policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); - } - } - - if ((tcl_ret = parse_aux_attributes(interp, argv[11], - &princ->aux_attributes)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing aux_attributes"); - retcode = TCL_ERROR; - goto finished; - } - -finished: - Tcl_Free((char *) argv); - *out_princ = princ; - return retcode; -} - - -static void free_principal_ent(ovsec_kadm_principal_ent_t *princ) -{ - krb5_free_principal(context, (*princ)->principal); - krb5_free_principal(context, (*princ)->mod_name); - free(*princ); - *princ = 0; -} - -static Tcl_DString *unparse_policy_ent(ovsec_kadm_policy_ent_t policy) -{ - Tcl_DString *str, *tmp_dstring; - char buf[20]; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - tmp_dstring = unparse_str(policy->policy); - Tcl_DStringAppendElement(str, tmp_dstring->string); - Tcl_DStringFree(tmp_dstring); - free(tmp_dstring); - - sprintf(buf, "%ld", policy->pw_min_life); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%ld", policy->pw_max_life); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%ld", policy->pw_min_length); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%ld", policy->pw_min_classes); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%ld", policy->pw_history_num); - Tcl_DStringAppendElement(str, buf); - - sprintf(buf, "%ld", policy->policy_refcnt); - Tcl_DStringAppendElement(str, buf); - - return str; -} - - - -static int parse_policy_ent(Tcl_Interp *interp, char *list, - ovsec_kadm_policy_ent_t *out_policy) -{ - ovsec_kadm_policy_ent_t policy = 0; - int tcl_ret; - int argc; - const char **argv; - int tmp; - int retcode = TCL_OK; - - if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { - return tcl_ret; - } - - if (argc != 7) { - sprintf(interp->result, "wrong # args in policy structure (%d should be 7)", - argc); - retcode = TCL_ERROR; - goto finished; - } - - if (! (policy = malloc(sizeof *policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - retcode = TCL_ERROR; - goto finished; - } - - if(policy->policy != NULL) { - if (! (policy->policy = strdup(policy->policy))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - } - - /* - * All of the numerical values parsed here are parsed into an - * "int" and then assigned into the structure in case the actual - * width of the field in the Kerberos structure is different from - * the width of an integer. - */ - - if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_life"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_life = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_max_life"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_max_life = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_length"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_length = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_min_classes"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_min_classes = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_history_num"); - retcode = TCL_ERROR; - goto finished; - } - policy->pw_history_num = tmp; - - if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) - != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy_refcnt"); - retcode = TCL_ERROR; - goto finished; - } - policy->policy_refcnt = tmp; - -finished: - Tcl_Free((char *) argv); - *out_policy = policy; - return retcode; -} - - -static void free_policy_ent(ovsec_kadm_policy_ent_t *policy) -{ - free(*policy); - *policy = 0; -} - -static Tcl_DString *unparse_keytype(krb5_enctype enctype) -{ - Tcl_DString *str; - char buf[50]; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - switch (enctype) { - /* XXX is this right? */ - case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break; - case ENCTYPE_DES_CBC_CRC: - Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break; - default: - sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype); - Tcl_DStringAppend(str, buf, -1); - break; - } - - return str; -} - - -static Tcl_DString *unparse_keyblock(krb5_keyblock *keyblock) -{ - Tcl_DString *str; - Tcl_DString *keytype; - int i; - - if (! (str = malloc(sizeof(*str)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - - Tcl_DStringInit(str); - - keytype = unparse_keytype(keyblock->enctype); - Tcl_DStringAppendElement(str, keytype->string); - Tcl_DStringFree(keytype); - free(keytype); - if (keyblock->length == 0) { - Tcl_DStringAppendElement(str, "0x00"); - } - else { - Tcl_DStringAppendElement(str, "0x"); - for (i = 0; i < keyblock->length; i++) { - char buf[3]; - sprintf(buf, "%02x", (int) keyblock->contents[i]); - Tcl_DStringAppend(str, buf, -1); - } - } - - return str; -} - - - -static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) -{ - ovsec_kadm_ret_t ret; - char *client_name, *pass, *service_name, *realm; - int tcl_ret; - krb5_ui_4 struct_version, api_version; - const char *handle_var; - void *server_handle; - char *handle_name; - const char *whoami = argv[0]; - - argv++, argc--; - - kadm5_init_krb5_context(&context); - - if (argc != 7) { - Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); - return TCL_ERROR; - } - - if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) || - ((tcl_ret = parse_str(interp, argv[3], &realm)) != TCL_OK) || - ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) != - TCL_OK) || - ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) != - TCL_OK)) { - return tcl_ret; - } - - handle_var = argv[6]; - - if (! (handle_var && *handle_var)) { - Tcl_SetResult(interp, "must specify server handle variable name", - TCL_STATIC); - return TCL_ERROR; - } - - ret = ovsec_kadm_init(client_name, pass, service_name, realm, - struct_version, api_version, NULL, &server_handle); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - - if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name)) - != TCL_OK) { - return tcl_ret; - } - - if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) { - return TCL_ERROR; - } - - set_ok(interp, "OV Admin system initialized."); - return TCL_OK; -} - - - -static int tcl_ovsec_kadm_destroy(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) -{ - ovsec_kadm_ret_t ret; - int tcl_ret; - - GET_HANDLE(0, 0); - - ret = ovsec_kadm_destroy(server_handle); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - - if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) { - return tcl_ret; - } - - set_ok(interp, "OV Admin system deinitialized."); - return TCL_OK; -} - -static int tcl_ovsec_kadm_create_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - int tcl_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - char *princ_string; - ovsec_kadm_principal_ent_t princ = 0; - krb5_int32 mask; - char *pw; -#ifdef OVERRIDE - int override_qual; -#endif - - GET_HANDLE(3, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing principal"); - return tcl_ret; - } - - if (princ_string && - ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } - - if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } -#ifdef OVERRIDE - if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) != - TCL_OK) { - retcode = tcl_ret; - goto finished; - } -#endif - -#ifdef OVERRIDE - ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw, - override_qual); -#else - ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw); -#endif - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - goto finished; - } - else { - set_ok(interp, "Principal created."); - } - -finished: - if (princ) { - free_principal_ent(&princ); - } - return retcode; -} - - - -static int tcl_ovsec_kadm_delete_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal princ; - krb5_error_code krb5_ret; - ovsec_kadm_ret_t ret; - int tcl_ret; - char *name; - - GET_HANDLE(1, 0); - - if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) - return tcl_ret; - if(name != NULL) { - krb5_ret = krb5_parse_name(context, name, &princ); - if (krb5_ret) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal"); - return TCL_ERROR; - } - } else princ = NULL; - ret = ovsec_kadm_delete_principal(server_handle, princ); - - if(princ != NULL) - krb5_free_principal(context, princ); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - set_ok(interp, "Principal deleted."); - return TCL_OK; - } -} - - - -static int tcl_ovsec_kadm_modify_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - char *princ_string; - ovsec_kadm_principal_ent_t princ = 0; - int tcl_ret; - krb5_int32 mask; - int retcode = TCL_OK; - ovsec_kadm_ret_t ret; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing principal"); - return tcl_ret; - } - - if (princ_string && - ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_modify_principal(server_handle, princ, mask); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - else { - set_ok(interp, "Principal modified."); - } - -finished: - if (princ) { - free_principal_ent(&princ); - } - return retcode; -} - - -static int tcl_ovsec_kadm_rename_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal source, target; - krb5_error_code krb5_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 0); - - krb5_ret = krb5_parse_name(context, argv[0], &source); - if (krb5_ret) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing source"); - return TCL_ERROR; - } - - krb5_ret = krb5_parse_name(context, argv[1], &target); - if (krb5_ret) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing target"); - krb5_free_principal(context, source); - return TCL_ERROR; - } - - ret = ovsec_kadm_rename_principal(server_handle, source, target); - - if (ret == OVSEC_KADM_OK) { - set_ok(interp, "Principal renamed."); - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - - krb5_free_principal(context, source); - krb5_free_principal(context, target); - return retcode; -} - - - -static int tcl_ovsec_kadm_chpass_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal princ; - char *pw; -#ifdef OVERRIDE - int override_qual; -#endif - krb5_error_code krb5_ret; - int retcode = TCL_OK; - ovsec_kadm_ret_t ret; - - GET_HANDLE(2, 0); - - krb5_ret = krb5_parse_name(context, argv[0], &princ); - if (krb5_ret) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &pw) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing password"); - retcode = TCL_ERROR; - goto finished; - } - -#ifdef OVERRIDE - if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing override_qual"); - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_chpass_principal(server_handle, - princ, pw, override_qual); -#else - ret = ovsec_kadm_chpass_principal(server_handle, princ, pw); -#endif - - if (ret == OVSEC_KADM_OK) { - set_ok(interp, "Password changed."); - goto finished; - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - -finished: - krb5_free_principal(context, princ); - return retcode; -} - - - -static int tcl_ovsec_kadm_chpass_principal_util(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal princ; - char *new_pw; -#ifdef OVERRIDE - int override_qual; -#endif - char *pw_ret, *pw_ret_var; - char msg_ret[1024], *msg_ret_var; - krb5_error_code krb5_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(4, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &new_pw) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing new password"); - retcode = TCL_ERROR; - goto finished; - } -#ifdef OVERRIDE - if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing override_qual"); - retcode = TCL_ERROR; - goto finished; - } -#endif - if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing pw_ret variable name"); - retcode = TCL_ERROR; - goto finished; - } - - if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing msg_ret variable name"); - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_chpass_principal_util(server_handle, princ, new_pw, -#ifdef OVERRIDE - override_qual, -#endif - pw_ret_var ? &pw_ret : 0, - msg_ret_var ? msg_ret : 0); - - if (ret == OVSEC_KADM_OK) { - if (pw_ret_var && - (! Tcl_SetVar(interp, pw_ret_var, pw_ret, - TCL_LEAVE_ERR_MSG))) { - Tcl_AppendElement(interp, "while setting pw_ret variable"); - retcode = TCL_ERROR; - goto finished; - } - if (msg_ret_var && - (! Tcl_SetVar(interp, msg_ret_var, msg_ret, - TCL_LEAVE_ERR_MSG))) { - Tcl_AppendElement(interp, - "while setting msg_ret variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Password changed."); - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - -finished: - krb5_free_principal(context, princ); - return retcode; -} - - - -static int tcl_ovsec_kadm_randkey_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal princ; - krb5_keyblock *keyblock; - char *keyblock_var; - Tcl_DString *keyblock_dstring = 0; -#ifdef OVERRIDE - int override_qual; -#endif - krb5_error_code krb5_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 0); - - if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing keyblock variable name"); - retcode = TCL_ERROR; - goto finished; - } -#ifdef OVERRIDE - if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing override_qual"); - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_randkey_principal(server_handle, - princ, keyblock_var ? &keyblock : 0, - override_qual); -#else - ret = ovsec_kadm_randkey_principal(server_handle, - princ, keyblock_var ? &keyblock : 0); -#endif - - if (ret == OVSEC_KADM_OK) { - if (keyblock_var) { - keyblock_dstring = unparse_keyblock(keyblock); - if (! Tcl_SetVar(interp, keyblock_var, - keyblock_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting keyblock variable"); - retcode = TCL_ERROR; - goto finished; - } - } - set_ok(interp, "Key randomized."); - - } - else { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - -finished: - krb5_free_principal(context, princ); - if (keyblock_dstring) { - Tcl_DStringFree(keyblock_dstring); - free(keyblock_dstring); - } - return retcode; -} - - - -static int tcl_ovsec_kadm_get_principal(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - krb5_principal princ; - ovsec_kadm_principal_ent_t ent; - Tcl_DString *ent_dstring = 0; - char *ent_var; - char *name; - krb5_error_code krb5_ret; - int tcl_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 1); - - if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) - return tcl_ret; - if(name != NULL) { - if ((krb5_ret = krb5_parse_name(context, name, &princ))) { - stash_error(interp, krb5_ret); - Tcl_AppendElement(interp, "while parsing principal name"); - return TCL_ERROR; - } - } else princ = NULL; - - if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry variable name"); - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_get_principal(server_handle, princ, ent_var ? &ent : 0); - - if (ret == OVSEC_KADM_OK) { - if (ent_var) { - if (dostruct) { - char buf[20]; - int i = 1, newPtr = 0; - Tcl_HashEntry *entry; - - if (! struct_table) { - if (! (struct_table = - malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - do { - sprintf(buf, "principal%d", i); - entry = Tcl_CreateHashEntry(struct_table, buf, - &newPtr); - i++; - } while (! newPtr); - - Tcl_SetHashValue(entry, ent); - if (! Tcl_SetVar(interp, ent_var, buf, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - Tcl_DeleteHashEntry(entry); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Principal structure retrieved."); - } - else { - ent_dstring = unparse_principal_ent(ent); - if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Principal retrieved."); - } - } - } - else { - ent = 0; - stash_error(interp, ret); - retcode = TCL_ERROR; - } - -finished: - if (ent_dstring) { - Tcl_DStringFree(ent_dstring); - free(ent_dstring); - } - if(princ != NULL) - krb5_free_principal(context, princ); - if (ent && ((! dostruct) || (retcode != TCL_OK))) { - if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent)) && - (retcode == TCL_OK)) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - } - return retcode; -} - -static int tcl_ovsec_kadm_create_policy(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - int tcl_ret; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - char *policy_string; - ovsec_kadm_policy_ent_t policy = 0; - krb5_int32 mask; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - return tcl_ret; - } - - if (policy_string && - ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = tcl_ret; - goto finished; - } - - ret = ovsec_kadm_create_policy(server_handle, policy, mask); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - goto finished; - } - else { - set_ok(interp, "Policy created."); - } - -finished: - if (policy) { - free_policy_ent(&policy); - } - return retcode; -} - - - -static int tcl_ovsec_kadm_delete_policy(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - ovsec_kadm_ret_t ret; - char *policy; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &policy) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - return TCL_ERROR; - } - - ret = ovsec_kadm_delete_policy(server_handle, policy); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - set_ok(interp, "Policy deleted."); - return TCL_OK; - } -} - - - -static int tcl_ovsec_kadm_modify_policy(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - char *policy_string; - ovsec_kadm_policy_ent_t policy = 0; - int tcl_ret; - krb5_int32 mask; - int retcode = TCL_OK; - ovsec_kadm_ret_t ret; - - GET_HANDLE(2, 0); - - if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy"); - return tcl_ret; - } - - if (policy_string && - ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) - != TCL_OK)) { - return tcl_ret; - } - - if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { - retcode = TCL_ERROR; - goto finished; - } - - ret = ovsec_kadm_modify_policy(server_handle, policy, mask); - - if (ret != OVSEC_KADM_OK) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - else { - set_ok(interp, "Policy modified."); - } - -finished: - if (policy) { - free_policy_ent(&policy); - } - return retcode; -} - - -static int tcl_ovsec_kadm_get_policy(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - ovsec_kadm_policy_ent_t ent = NULL; - Tcl_DString *ent_dstring = 0; - char *policy; - char *ent_var; - ovsec_kadm_ret_t ret; - int retcode = TCL_OK; - - GET_HANDLE(2, 1); - - if (parse_str(interp, argv[0], &policy) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing policy name"); - return TCL_ERROR; - } - - if (parse_str(interp, argv[1], &ent_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry variable name"); - return TCL_ERROR; - } - - ret = ovsec_kadm_get_policy(server_handle, policy, ent_var ? &ent : 0); - - if (ret == OVSEC_KADM_OK) { - if (ent_var) { - if (dostruct) { - char buf[20]; - int i = 1, newPtr = 0; - Tcl_HashEntry *entry; - - if (! struct_table) { - if (! (struct_table = - malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - do { - sprintf(buf, "policy%d", i); - entry = Tcl_CreateHashEntry(struct_table, buf, - &newPtr); - i++; - } while (! newPtr); - - Tcl_SetHashValue(entry, ent); - if (! Tcl_SetVar(interp, ent_var, buf, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - Tcl_DeleteHashEntry(entry); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Policy structure retrieved."); - } - else { - ent_dstring = unparse_policy_ent(ent); - if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, - TCL_LEAVE_ERR_MSG)) { - Tcl_AppendElement(interp, - "while setting entry variable"); - retcode = TCL_ERROR; - goto finished; - } - set_ok(interp, "Policy retrieved."); - } - } - } - else { - ent = 0; - stash_error(interp, ret); - retcode = TCL_ERROR; - } - -finished: - if (ent_dstring) { - Tcl_DStringFree(ent_dstring); - free(ent_dstring); - } - if (ent && ((! dostruct) || (retcode != TCL_OK))) { - if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent)) && - (retcode == TCL_OK)) { - stash_error(interp, ret); - retcode = TCL_ERROR; - } - } - return retcode; -} - - - -static int tcl_ovsec_kadm_free_principal_ent(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - char *ent_name; - ovsec_kadm_principal_ent_t ent; - ovsec_kadm_ret_t ret; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry name"); - return TCL_ERROR; - } - - if ((! ent_name) && - (ret = ovsec_kadm_free_principal_ent(server_handle, 0))) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - Tcl_HashEntry *entry; - - if (strncmp(ent_name, "principal", sizeof("principal")-1)) { - Tcl_AppendResult(interp, "invalid principal handle \"", - ent_name, "\"", 0); - return TCL_ERROR; - } - if (! struct_table) { - if (! (struct_table = malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { - Tcl_AppendResult(interp, "principal handle \"", ent_name, - "\" not found", 0); - return TCL_ERROR; - } - - ent = (ovsec_kadm_principal_ent_t) Tcl_GetHashValue(entry); - - if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent))) { - stash_error(interp, ret); - return TCL_ERROR; - } - Tcl_DeleteHashEntry(entry); - } - set_ok(interp, "Principal freed."); - return TCL_OK; -} - - -static int tcl_ovsec_kadm_free_policy_ent(ClientData clientData, - Tcl_Interp *interp, - int argc, const char *argv[]) -{ - char *ent_name; - ovsec_kadm_policy_ent_t ent; - ovsec_kadm_ret_t ret; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing entry name"); - return TCL_ERROR; - } - - if ((! ent_name) && - (ret = ovsec_kadm_free_policy_ent(server_handle, 0))) { - stash_error(interp, ret); - return TCL_ERROR; - } - else { - Tcl_HashEntry *entry; - - if (strncmp(ent_name, "policy", sizeof("policy")-1)) { - Tcl_AppendResult(interp, "invalid principal handle \"", - ent_name, "\"", 0); - return TCL_ERROR; - } - if (! struct_table) { - if (! (struct_table = malloc(sizeof(*struct_table)))) { - fprintf(stderr, "Out of memory!\n"); - exit(1); /* XXX */ - } - Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); - } - - if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { - Tcl_AppendResult(interp, "policy handle \"", ent_name, - "\" not found", 0); - return TCL_ERROR; - } - - ent = (ovsec_kadm_policy_ent_t) Tcl_GetHashValue(entry); - - if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent))) { - stash_error(interp, ret); - return TCL_ERROR; - } - Tcl_DeleteHashEntry(entry); - } - set_ok(interp, "Policy freed."); - return TCL_OK; -} - - -static int tcl_ovsec_kadm_get_privs(ClientData clientData, Tcl_Interp *interp, - int argc, const char *argv[]) -{ - const char *set_ret; - ovsec_kadm_ret_t ret; - char *priv_var; - long privs; - - GET_HANDLE(1, 0); - - if (parse_str(interp, argv[0], &priv_var) != TCL_OK) { - Tcl_AppendElement(interp, "while parsing privs variable name"); - return TCL_ERROR; - } - - ret = ovsec_kadm_get_privs(server_handle, priv_var ? &privs : 0); - - if (ret == OVSEC_KADM_OK) { - if (priv_var) { - Tcl_DString *str = unparse_privs(privs); - set_ret = Tcl_SetVar(interp, priv_var, str->string, - TCL_LEAVE_ERR_MSG); - Tcl_DStringFree(str); - free(str); - if (! set_ret) { - Tcl_AppendElement(interp, "while setting priv variable"); - return TCL_ERROR; - } - } - set_ok(interp, "Privileges retrieved."); - return TCL_OK; - } - else { - stash_error(interp, ret); - return TCL_ERROR; - } -} - - -void Tcl_ovsec_kadm_init(Tcl_Interp *interp) -{ - char buf[20]; - - Tcl_SetVar(interp, "OVSEC_KADM_ADMIN_SERVICE", - OVSEC_KADM_ADMIN_SERVICE, TCL_GLOBAL_ONLY); - Tcl_SetVar(interp, "OVSEC_KADM_CHANGEPW_SERVICE", - OVSEC_KADM_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); - (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION); - Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); - (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_1); - Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_1", buf, TCL_GLOBAL_ONLY); - (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_MASK); - Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY); - (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION_MASK); - Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION_MASK", buf, - TCL_GLOBAL_ONLY); - - Tcl_CreateCommand(interp, "ovsec_kadm_init", tcl_ovsec_kadm_init, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_destroy", tcl_ovsec_kadm_destroy, 0, - 0); - Tcl_CreateCommand(interp, "ovsec_kadm_create_principal", - tcl_ovsec_kadm_create_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_delete_principal", - tcl_ovsec_kadm_delete_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_modify_principal", - tcl_ovsec_kadm_modify_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_rename_principal", - tcl_ovsec_kadm_rename_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal", - tcl_ovsec_kadm_chpass_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal_util", - tcl_ovsec_kadm_chpass_principal_util, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_randkey_principal", - tcl_ovsec_kadm_randkey_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_get_principal", - tcl_ovsec_kadm_get_principal, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_create_policy", - tcl_ovsec_kadm_create_policy, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_delete_policy", - tcl_ovsec_kadm_delete_policy, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_modify_policy", - tcl_ovsec_kadm_modify_policy, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_get_policy", - tcl_ovsec_kadm_get_policy, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_free_principal_ent", - tcl_ovsec_kadm_free_principal_ent, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_free_policy_ent", - tcl_ovsec_kadm_free_policy_ent, 0, 0); - Tcl_CreateCommand(interp, "ovsec_kadm_get_privs", - tcl_ovsec_kadm_get_privs, 0, 0); -} diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c index ef8546deb..7f93eb460 100644 --- a/src/kadmin/testing/util/test.c +++ b/src/kadmin/testing/util/test.c @@ -31,7 +31,6 @@ int *tclDummyMainPtr = (int *) main; int Tcl_AppInit(Tcl_Interp *interp) { - Tcl_ovsec_kadm_init(interp); Tcl_kadm5_init(interp); return(TCL_OK); |