diff options
Diffstat (limited to 'src/kadmin')
24 files changed, 1075 insertions, 416 deletions
diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 1e2ef44f0..d94a55835 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * kadmin.c: + 2005-02-11 Tom Yu <tlyu@mit.edu> * kadmin.c (kadmin_startup): New flag "-N" to prevent fallback to diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index d1b9b9bf0..992f6ef73 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -4,6 +4,7 @@ mydir=cli BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread PROG = kadmin OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o @@ -13,7 +14,7 @@ LOCALINCLUDES=-I$(srcdir) all:: $(PROG).local $(PROG) $(PROG).local: $(OBJS) $(SS_DEPLIB) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(PROG): $(OBJS) $(SS_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(PROG) $(OBJS) $(SS_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 957659dad..b4a0ee708 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -26,6 +26,7 @@ */ #include <krb5.h> +#include <k5-int.h> #include <kadm5/admin.h> #include <krb5/adm_proto.h> #include <stdio.h> @@ -96,9 +97,12 @@ int locked = 0; static void usage() { fprintf(stderr, - "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" - "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" - "\tlocal args: [-d dbname] [-e \"enc:salt ...\"] [-m]\n", whoami); + "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" + "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" + "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n" + "where,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n", + whoami); exit(1); } @@ -183,6 +187,9 @@ char *kadmin_startup(argc, argv) krb5_ccache cc; krb5_principal princ; kadm5_config_params params; + char **db_args = NULL; + int db_args_size = 0; + char *db_name = NULL; char *svcname; memset((char *) ¶ms, 0, sizeof(params)); @@ -193,8 +200,25 @@ char *kadmin_startup(argc, argv) exit(1); } - while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { + while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { switch (optchar) { + case 'x': + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = optarg; + db_args[db_args_size] = NULL; + break; + case 'r': def_realm = optarg; break; @@ -217,8 +241,33 @@ char *kadmin_startup(argc, argv) query = optarg; break; case 'd': - params.dbname = optarg; - params.mask |= KADM5_CONFIG_DBNAME; + /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ + if( !db_name ) + { + db_name = malloc( strlen(optarg) + sizeof("dbname=")); + } + else + { + db_name = realloc( db_name, strlen(optarg) + sizeof("dbname=")); + } + + strcpy( db_name, "dbname="); + strcat( db_name, optarg ); + + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = db_name; + db_args[db_args_size] = NULL; break; case 's': params.admin_server = optarg; @@ -417,6 +466,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } else if (use_keytab) { if (keytab_name) @@ -430,6 +480,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } else { printf("Authenticating as principal %s with password.\n", @@ -439,6 +490,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } if (retval) { @@ -451,6 +503,12 @@ char *kadmin_startup(argc, argv) if (freeprinc) free(princstr); + if( db_name ) + free(db_name), db_name=NULL; + + if( db_args ) + free(db_args), db_args=NULL; + if ((retval = krb5_cc_close(context, cc))) { com_err(whoami, retval, "while closing ccache %s", ccache_name); @@ -588,11 +646,36 @@ void kadmin_cpw(argc, argv) krb5_boolean keepold = FALSE; krb5_key_salt_tuple *ks_tuple = NULL; krb5_principal princ; + char **db_args = NULL; + int db_args_size = 0; + if (argc < 2) { goto usage; } for (argv++, argc--; argc > 1; argc--, argv++) { + if (!strcmp("-x", *argv)) { + argc--; + if( argc < 1 ) { + fprintf( stderr, "change_password: missing db argument\n"); + goto usage; + } + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"change_password: Not enough memory\n"); + free( db_args ), db_args = NULL; + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = *++argv; + db_args[db_args_size] = NULL; + continue; + } if (!strcmp("-pw", *argv)) { argc--; if (argc < 1) { @@ -633,6 +716,7 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while parsing principal name"); if (ks_tuple != NULL) free(ks_tuple); + if( db_args ) free(db_args); return; } retval = krb5_unparse_name(context, princ, &canon); @@ -641,6 +725,7 @@ void kadmin_cpw(argc, argv) krb5_free_principal(context, princ); if (ks_tuple != NULL) free(ks_tuple); + if( db_args ) free(db_args); return; } if (pwarg != NULL) { @@ -657,10 +742,12 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while changing password for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Password for \"%s\" changed.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else if (randkey) { if (keepold || ks_tuple != NULL) { @@ -677,10 +764,12 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while randomizing key for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Key for \"%s\" randomized.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else if (argc == 1) { unsigned int i = sizeof (newpw) - 1; @@ -699,6 +788,7 @@ void kadmin_cpw(argc, argv) if (ks_tuple != NULL) free(ks_tuple); krb5_free_principal(context, princ); + if( db_args ) free(db_args); return; } if (keepold || ks_tuple != NULL) { @@ -716,15 +806,18 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while changing password for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Password for \"%s\" changed.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else { free(canon); krb5_free_principal(context, princ); usage: + if( db_args ) free(db_args); if (ks_tuple != NULL) free(ks_tuple); fprintf(stderr, @@ -735,6 +828,27 @@ void kadmin_cpw(argc, argv) } } +static void +kadmin_free_tl_data( kadm5_principal_ent_t princ ) +{ + krb5_tl_data *tl_data = princ->tl_data; + int n_tl_data = princ->n_tl_data; + int i; + + princ->n_tl_data = 0; + princ->tl_data = NULL; + + for( i = 0; tl_data && (i < n_tl_data); i++ ) + { + krb5_tl_data *next = tl_data->tl_data_next; + if( tl_data->tl_data_contents ) + free( tl_data->tl_data_contents ); + free( tl_data ); + tl_data = next; + } +} + +#define KRB5_TL_DB_ARGS 0x7fff static int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, ks_tuple, n_ks_tuple, caller) @@ -752,6 +866,7 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, time_t date; time_t now; krb5_error_code retval; + krb5_tl_data *tl_data, *tail = NULL; *mask = 0; *pass = NULL; @@ -761,6 +876,42 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, *randkey = 0; for (i = 1; i < argc - 1; i++) { attrib_set = 0; + if (strlen(argv[i]) == 2 && + !strcmp("-x",argv[i])) { + if (++i > argc - 2) + return -1; + + tl_data = malloc( sizeof(krb5_tl_data) ); + if( tl_data == NULL ) + { + fprintf(stderr, "Not enough memory\n"); + return ENOMEM; + } + + memset( tl_data, 0, sizeof(krb5_tl_data)); + tl_data->tl_data_type = KRB5_TL_DB_ARGS; + tl_data->tl_data_length = strlen(argv[i])+1; + tl_data->tl_data_contents = strdup(argv[i]); + + if( tail ) + { + tail->tl_data_next = tl_data; + } + else + { + oprinc->tl_data = tl_data; + } + tail = tl_data; + oprinc->n_tl_data++; + + if( tl_data->tl_data_contents == NULL ) + { + fprintf(stderr, "Not enough memory\n"); + return ENOMEM; + } + *mask |= KADM5_TL_DATA; + continue; + } if (strlen(argv[i]) == 7 && !strcmp("-expire", argv[i])) { if (++i > argc - 2) @@ -920,12 +1071,14 @@ kadmin_addprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n", - "\t\trequires_hwauth needchange allow_svr password_changing_service\n"); + "\t\trequires_hwauth needchange allow_svr password_changing_service\n" + "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n"); } static void @@ -934,12 +1087,15 @@ kadmin_modprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n", - "\t\trequires_hwauth needchange allow_svr password_changing_service\n"); + "\t\trequires_hwauth needchange allow_svr password_changing_service\n" + "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n" + ); } void kadmin_addprinc(argc, argv) @@ -970,7 +1126,8 @@ void kadmin_addprinc(argc, argv) &princ, &mask, &pass, &randkey, &ks_tuple, &n_ks_tuple, "add_principal")) { - kadmin_addprinc_usage("add_principal"); + kadmin_addprinc_usage("add_principal"); + kadmin_free_tl_data( &princ ); /* need to free ks_tuple also??? */ return; } @@ -981,6 +1138,7 @@ void kadmin_addprinc(argc, argv) krb5_free_principal(context, princ.principal); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } @@ -1025,6 +1183,7 @@ void kadmin_addprinc(argc, argv) "while reading password for \"%s\".", canon); free(canon); krb5_free_principal(context, princ.principal); + kadmin_free_tl_data( &princ ); return; } pass = newpw; @@ -1043,6 +1202,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } if (randkey) { /* more special stuff for -randkey */ @@ -1062,6 +1222,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */ @@ -1074,6 +1235,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } } @@ -1082,6 +1244,8 @@ void kadmin_addprinc(argc, argv) if (ks_tuple != NULL) free(ks_tuple); free(canon); + kadmin_free_tl_data( &princ ); + } void kadmin_modprinc(argc, argv) @@ -1137,17 +1301,20 @@ void kadmin_modprinc(argc, argv) free(ks_tuple); kadmin_modprinc_usage("modify_principal"); free(canon); + kadmin_free_tl_data(&princ); return; } if (retval) { kadmin_modprinc_usage("modify_principal"); free(canon); + kadmin_free_tl_data(&princ); return; } if (randkey) { fprintf(stderr, "modify_principal: -randkey not allowed\n"); krb5_free_principal(context, princ.principal); free(canon); + kadmin_free_tl_data(&princ); return; } if (pass) { @@ -1155,6 +1322,7 @@ void kadmin_modprinc(argc, argv) "modify_principal: -pw not allowed; use change_password\n"); krb5_free_principal(context, princ.principal); free(canon); + kadmin_free_tl_data(&princ); return; } retval = kadm5_modify_principal(handle, &princ, mask); @@ -1163,9 +1331,11 @@ void kadmin_modprinc(argc, argv) com_err("modify_principal", retval, "while modifying \"%s\".", canon); free(canon); + kadmin_free_tl_data(&princ); return; } printf("Principal \"%s\" modified.\n", canon); + kadmin_free_tl_data(&princ); free(canon); } diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index 374052d4f..dae3be477 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,16 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * dump.c: + * kadm5_create.c: + * kdb5_create.c: + * kdb5_destroy.c: + * kdb5_stash.c: + * kdb5_util.c: + * kdb5_util.h: + * ovload.c: + 2004-08-27 Ken Raeburn <raeburn@mit.edu> * loadv4.c (enter_in_v5_db): Terminate argument list of diff --git a/src/kadmin/dbutil/Makefile.in b/src/kadmin/dbutil/Makefile.in index 34569f23d..6f1fae627 100644 --- a/src/kadmin/dbutil/Makefile.in +++ b/src/kadmin/dbutil/Makefile.in @@ -6,16 +6,20 @@ DEFINES = -DKDB4_DISABLE LOCALINCLUDES = -I. @KRB4_INCLUDES@ PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread PROG = kdb5_util -OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ - kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ - kdb5_destroy.o ovload.o import_err.o strtok.o +###OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ +### kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ +### kdb5_destroy.o ovload.o import_err.o strtok.o +### + +OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o all:: $(PROG) $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) import_err.c import_err.h: $(srcdir)/import_err.et diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 8dee427c7..74f2cde68 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -30,7 +30,8 @@ #include <stdio.h> #include <k5-int.h> #include <kadm5/admin.h> -#include <kadm5/adb.h> +#include <kadm5/server_internal.h> +#include <krb5/kdb.h> #include <com_err.h> #include "kdb5_util.h" #if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP) @@ -91,15 +92,15 @@ typedef krb5_error_code (*dump_func)(krb5_pointer, krb5_db_entry *); static int process_k5beta_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_k5beta6_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_k5beta7_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_ov_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); typedef krb5_error_code (*load_func)(char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); typedef struct _dump_version { char *name; @@ -145,7 +146,7 @@ dump_version ov_version = { 1, dump_ov_princ, dump_k5beta7_policy, - process_ov_record, + process_ov_record }; dump_version r1_3_version = { @@ -960,7 +961,7 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb) tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) { xdr_destroy(&xdrs); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); @@ -1021,7 +1022,6 @@ dump_db(argc, argv) dump_version *dump; int aindex; krb5_boolean locked; - extern osa_adb_policy_t policy_db; char *new_mkey_file = 0; /* @@ -1080,7 +1080,7 @@ dump_db(argc, argv) * Make sure the database is open. The policy database only has * to be opened if we try a dump that uses it. */ - if (!dbactive || (dump->dump_policy != NULL && policy_db == NULL)) { + if (!dbactive) { com_err(argv[0], 0, Err_no_database); exit_status++; return; @@ -1174,17 +1174,17 @@ dump_db(argc, argv) if (dump->header[strlen(dump->header)-1] != '\n') fputc('\n', arglist.ofile); - if ((kret = krb5_db_iterate_ext(util_context, - dump->dump_princ, - (krb5_pointer) &arglist, - backwards, recursive))) { + if ((kret = krb5_db_iterate(util_context, + NULL, + dump->dump_princ, + (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */ fprintf(stderr, dumprec_err, programname, dump->name, error_message(kret)); exit_status++; } if (dump->dump_policy && - (kret = osa_adb_iter_policy(policy_db, dump->dump_policy, - &arglist))) { + (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy, + &arglist))) { fprintf(stderr, dumprec_err, programname, dump->name, error_message(kret)); exit_status++; @@ -1363,13 +1363,12 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nmatched; int retval; @@ -1664,13 +1663,12 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta6_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int retval; krb5_db_entry dbentry; @@ -1948,9 +1946,9 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db) return 1; } - if ((ret = osa_adb_create_policy(pol_db, &rec))) { - if (ret == OSA_ADB_DUP && - ((ret = osa_adb_put_policy(pol_db, &rec)))) { + if ((ret = krb5_db_create_policy(kcontext, &rec))) { + if (ret && + ((ret = krb5_db_put_policy(kcontext, &rec)))) { fprintf(stderr, "cannot create policy on line %d: %s\n", *linenop, error_message(ret)); return 1; @@ -1968,13 +1966,12 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta7_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nread; char rectype[100]; @@ -1986,10 +1983,10 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) return 1; if (strcmp(rectype, "princ") == 0) process_k5beta6_record(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "policy") == 0) process_k5beta7_policy(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else { fprintf(stderr, "unknown record type \"%s\" on line %d\n", rectype, *linenop); @@ -2005,13 +2002,12 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_ov_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nread; char rectype[100]; @@ -2023,10 +2019,10 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) return 1; if (strcmp(rectype, "princ") == 0) process_ov_principal(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "policy") == 0) process_k5beta7_policy(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "End") == 0) return -1; else { @@ -2042,14 +2038,13 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) * restore_dump() - Restore the database from any version dump file. */ static int -restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db) +restore_dump(programname, kcontext, dumpfile, f, verbose, dump) char *programname; krb5_context kcontext; char *dumpfile; FILE *f; int verbose; dump_version *dump; - osa_adb_policy_t pol_db; { int error; int lineno; @@ -2064,8 +2059,7 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db) kcontext, f, verbose, - &lineno, - pol_db))) + &lineno))) ; if (error != -1) fprintf(stderr, err_line_fmt, programname, lineno, dumpfile); @@ -2085,7 +2079,6 @@ load_db(argc, argv) char **argv; { kadm5_config_params newparams; - osa_adb_policy_t tmppol_db; krb5_error_code kret; krb5_context kcontext; FILE *f; @@ -2115,7 +2108,6 @@ load_db(argc, argv) crflags = KRB5_KDB_CREATE_BTREE; exit_status = 0; dbname_tmp = (char *) NULL; - tmppol_db = NULL; for (aindex = 1; aindex < argc; aindex++) { if (!strcmp(argv[aindex], oldoption)) load = &old_version; @@ -2130,7 +2122,21 @@ load_db(argc, argv) else if (!strcmp(argv[aindex], updateoption)) update = 1; else if (!strcmp(argv[aindex], hashoption)) - crflags = KRB5_KDB_CREATE_HASH; + { + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = "hash=true"; + db5util_db_args[db5util_db_args_size] = NULL; + } else break; } @@ -2159,6 +2165,14 @@ load_db(argc, argv) return; } + if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) ) + { + fprintf(stderr, "%s: Unable to set the default realm\n", programname); + free(dbname_tmp); + exit_status++; + return; + } + /* * Open the dumpfile */ @@ -2221,7 +2235,7 @@ load_db(argc, argv) /* * Cons up params for the new databases. If we are not in update - * mode use a temp name that we'll rename later. + * mode, we dont create tmp file and then move it to final place. As it is dependent on DB type, this is not done */ newparams = global_params; if (! update) { @@ -2238,105 +2252,67 @@ load_db(argc, argv) } /* - * If not an update restoration, create the temp database. Always - * create a temp policy db, even if we are not loading a dump file - * with policy info, because they may be loading an old dump - * intending to use it with the new kadm5 system. + * If not an update restoration, create the database. otherwise open */ - if (!update && ((kret = krb5_db_create(kcontext, dbname_tmp, crflags)))) { - fprintf(stderr, dbcreaterr_fmt, - programname, dbname_tmp, error_message(kret)); - exit_status++; - kadm5_free_config_params(kcontext, &newparams); - if (dumpfile) fclose(f); - return; - } - if (!update && (kret = osa_adb_create_policy_db(&newparams))) { - fprintf(stderr, "%s: %s while creating policy database\n", - programname, error_message(kret)); - exit_status++; - kadm5_free_config_params(kcontext, &newparams); - if (dumpfile) fclose(f); - return; + if (!update) { + if((kret = krb5_db_create(kcontext, db5util_db_args))) { + fprintf(stderr, dbcreaterr_fmt, + programname, dbname, error_message(kret)); + exit_status++; + kadm5_free_config_params(kcontext, &newparams); + if (dumpfile) fclose(f); + return; + } } - + else /* - * Point ourselves at the new databases. + * Initialize the database. */ - if ((kret = krb5_db_set_name(kcontext, - (update) ? dbname : dbname_tmp))) { - fprintf(stderr, dbname_err_fmt, - programname, - (update) ? dbname : dbname_tmp, error_message(kret)); - exit_status++; - goto error; - } - if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) { - fprintf(stderr, "%s: %s while opening policy database\n", - programname, error_message(kret)); - exit_status++; - goto error; + if ((kret = krb5_db_open(kcontext, db5util_db_args, KRB5_KDB_OPEN_RW))) { + fprintf(stderr, dbinit_err_fmt, + programname, error_message(kret)); + exit_status++; + goto error; } + + /* * If an update restoration, make sure the db is left unusable if * the update fails. */ - if (update) { - if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) { - fprintf(stderr, "%s: %s while permanently locking database\n", - programname, error_message(kret)); - exit_status++; - goto error; - } - } - - /* - * Initialize the database. - */ - if ((kret = krb5_db_init(kcontext))) { - fprintf(stderr, dbinit_err_fmt, - programname, error_message(kret)); - exit_status++; - goto error; - } - /* - * grab an extra lock, since there are no other users - */ - if (!update) { - kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); - if (kret) { - fprintf(stderr, dblock_err_fmt, - programname, error_message(kret)); - exit_status++; - goto error; - } + if ((kret = krb5_db_lock(kcontext, update?KRB5_DB_LOCKMODE_PERMANENT: KRB5_DB_LOCKMODE_EXCLUSIVE))) { + fprintf(stderr, "%s: %s while permanently locking database\n", + programname, error_message(kret)); + exit_status++; + goto error; } if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name, - f, verbose, load, tmppol_db)) { + f, verbose, load)) { fprintf(stderr, restfail_fmt, programname, load->name); exit_status++; } - if (!update && (kret = krb5_db_unlock(kcontext))) { + if (!update && load->create_kadm5 && + ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { + /* error message printed by create_magic_princs */ + exit_status++; + } + + if ((kret = krb5_db_unlock(kcontext))) { /* change this error? */ fprintf(stderr, dbunlockerr_fmt, - programname, dbname_tmp, error_message(kret)); + programname, dbname, error_message(kret)); exit_status++; } + if ((kret = krb5_db_fini(kcontext))) { fprintf(stderr, close_err_fmt, programname, error_message(kret)); exit_status++; } - if (!update && load->create_kadm5 && - ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { - /* error message printed by create_magic_princs */ - exit_status++; - } - /* close policy db below */ error: @@ -2348,54 +2324,11 @@ error: */ if (!update) { if (exit_status) { - if ((kret = krb5_db_destroy(kcontext, dbname_tmp))) { + if ((kret = krb5_db_destroy(kcontext, db5util_db_args))) { fprintf(stderr, dbdelerr_fmt, - programname, dbname_tmp, error_message(kret)); - exit_status++; - } - if ((kret = osa_adb_destroy_policy_db(&newparams))) { - fprintf(stderr, "%s: %s while destroying policy database\n", - programname, error_message(kret)); - exit_status++; - } - } - else { - if ((kret = krb5_db_rename(kcontext, - dbname_tmp, - dbname))) { - fprintf(stderr, dbrenerr_fmt, - programname, dbname_tmp, dbname, - error_message(kret)); - exit_status++; - } - - if ((kret = osa_adb_close_policy(tmppol_db))) { - fprintf(stderr, close_err_fmt, - programname, error_message(kret)); + programname, dbname, error_message(kret)); exit_status++; } - - if ((kret = osa_adb_rename_policy_db(&newparams, - &global_params))) { - fprintf(stderr, - "%s: %s while renaming policy db %s to %s\n", - programname, error_message(kret), - newparams.admin_dbname, - global_params.admin_dbname); - exit_status++; - } - } - } else /* update */ { - if (! exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) { - fprintf(stderr, "%s: %s while releasing permanent lock\n", - programname, error_message(kret)); - exit_status++; - } - - if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) { - fprintf(stderr, close_err_fmt, - programname, error_message(kret)); - exit_status++; } } diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index 9ed6459e0..a9a9df0cd 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -35,7 +35,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <kadm5/adb.h> +#include <k5-int.h> +#include <krb5/kdb.h> #include <kadm5/admin.h> #include <krb5/adm_proto.h> @@ -85,11 +86,6 @@ int kadm5_create(kadm5_config_params *params) return 1; } - if ((retval = osa_adb_create_policy_db(&lparams))) { - com_err(progname, retval, str_CREATING_POLICY_DB); - return 1; - } - retval = kadm5_create_magic_princs(&lparams, context); kadm5_free_config_params(context, &lparams); @@ -110,6 +106,7 @@ int kadm5_create_magic_princs(kadm5_config_params *params, if ((retval = kadm5_init(progname, NULL, NULL, params, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db5util_db_args, &handle))) { com_err(progname, retval, "while initializing the Kerberos admin interface"); return retval; diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 2c05c2744..5bd337e47 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -55,8 +55,9 @@ #include <stdio.h> #include <k5-int.h> +#include <krb5/kdb.h> +#include <kadm5/server_internal.h> #include <kadm5/admin.h> -#include <kadm5/adb.h> #include <krb5/adm_proto.h> #include "kdb5_util.h" @@ -145,7 +146,6 @@ extern char *mkey_password; extern char *progname; extern int exit_status; -extern osa_adb_policy_t policy_db; extern kadm5_config_params global_params; extern krb5_context util_context; @@ -160,7 +160,6 @@ void kdb5_create(argc, argv) char *pw_str = 0; unsigned int pw_size = 0; int do_stash = 0; - krb5_int32 crflags = KRB5_KDB_CREATE_BTREE; krb5_data pwd, seed; if (strrchr(argv[0], '/')) @@ -172,7 +171,19 @@ void kdb5_create(argc, argv) do_stash++; break; case 'h': - crflags = KRB5_KDB_CREATE_HASH; + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = "hash=true"; + db5util_db_args[db5util_db_args_size] = NULL; case '?': default: usage(); @@ -187,16 +198,6 @@ void kdb5_create(argc, argv) rblock.nkslist = global_params.num_keysalts; rblock.kslist = global_params.keysalts; - retval = krb5_db_set_name(util_context, global_params.dbname); - if (!retval) retval = EEXIST; - - if (retval == EEXIST || retval == EACCES || retval == EPERM) { - /* it exists ! */ - com_err(argv[0], 0, "The database '%s' appears to already exist", - global_params.dbname); - exit_status++; return; - } - printf ("Loading random data\n"); retval = krb5_c_random_os_entropy (util_context, 1, NULL); if (retval) { @@ -267,26 +268,20 @@ master key name '%s'\n", exit_status++; return; } if ((retval = krb5_db_create(util_context, - global_params.dbname, crflags))) { + db5util_db_args))) { com_err(argv[0], retval, "while creating database '%s'", global_params.dbname); exit_status++; return; } - if ((retval = krb5_db_fini(util_context))) { - com_err(argv[0], retval, "while closing current database"); - exit_status++; return; - } - if ((retval = krb5_db_set_name(util_context, global_params.dbname))) { - com_err(argv[0], retval, "while setting active database to '%s'", - global_params.dbname); - exit_status++; return; - } - if ((retval = krb5_db_init(util_context))) { - com_err(argv[0], retval, "while initializing the database '%s'", - global_params.dbname); - exit_status++; return; - } - +/* if ((retval = krb5_db_fini(util_context))) { */ +/* com_err(argv[0], retval, "while closing current database"); */ +/* exit_status++; return; */ +/* } */ +/* if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */ +/* com_err(argv[0], retval, "while initializing the database '%s'", */ +/* global_params.dbname); */ +/* exit_status++; return; */ +/* } */ if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) || (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { (void) krb5_db_fini(util_context); @@ -298,10 +293,11 @@ master key name '%s'\n", * it; delete the file below if it was not requested. DO NOT EXIT * BEFORE DELETING THE KEYFILE if do_stash is not set. */ - retval = krb5_db_store_mkey(util_context, - global_params.stash_file, - master_princ, - &master_keyblock); + retval = krb5_db_store_master_key(util_context, + global_params.stash_file, + master_princ, + &master_keyblock, + mkey_password); if (retval) { com_err(argv[0], errno, "while storing key"); printf("Warning: couldn't stash master key.\n"); @@ -440,6 +436,6 @@ add_principal(context, princ, op, pblock) retval = krb5_db_put_principal(context, &entry, &nentries); error_out:; - krb5_dbe_free_contents(context, &entry); + krb5_db_free_principal(context, &entry, 1); return retval; } diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c index 2545bdb5d..ea1011b40 100644 --- a/src/kadmin/dbutil/kdb5_destroy.c +++ b/src/kadmin/dbutil/kdb5_destroy.c @@ -33,7 +33,7 @@ #include <stdio.h> #include "com_err.h" #include <kadm5/admin.h> -#include <kadm5/adb.h> +#include <krb5/kdb.h> #include "kdb5_util.h" extern int exit_status; @@ -53,12 +53,23 @@ kdb5_destroy(argc, argv) int optchar; char *dbname; char buf[5]; - krb5_error_code retval, retval1, retval2; + krb5_error_code retval1; krb5_context context; int force = 0; - krb5_init_context(&context); + retval1 = krb5_init_context(&context); + if( retval1 ) + { + com_err(argv[0], retval1, "while initializing krb5_context"); + exit(1); + } + if ((retval1 = krb5_set_default_realm(context, + util_context->default_realm))) { + com_err(argv[0], retval1, "while setting default realm name"); + exit(1); + } + if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -89,21 +100,11 @@ kdb5_destroy(argc, argv) printf("OK, deleting database '%s'...\n", dbname); } - retval = krb5_db_set_name(context, dbname); - if (retval) { - com_err(argv[0], retval, "'%s'",dbname); - exit_status++; return; - } - retval1 = krb5_db_destroy(context, dbname); - retval2 = osa_adb_destroy_policy_db(&global_params); + retval1 = krb5_db_destroy(context, db5util_db_args); if (retval1) { com_err(argv[0], retval1, "deleting database '%s'",dbname); exit_status++; return; } - if (retval2) { - com_err(argv[0], retval2, "destroying policy database"); - exit_status++; return; - } dbactive = FALSE; printf("** Database '%s' destroyed.\n", dbname); diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index 6d7251541..09bea2151 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -85,10 +85,18 @@ kdb5_stash(argc, argv) if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - /* Tell upwards to close the policy db cause we don't */ - close_policy_db = 1; + retval = krb5_init_context(&context); + if( retval ) + { + com_err(argv[0], retval, "while initializing krb5_context"); + exit(1); + } - krb5_init_context(&context); + if ((retval = krb5_set_default_realm(context, + util_context->default_realm))) { + com_err(argv[0], retval, "while setting default realm name"); + exit(1); + } dbname = global_params.dbname; realm = global_params.realm; @@ -118,13 +126,6 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_set_name(context, dbname); - if (retval) { - com_err(argv[0], retval, "while setting active database to '%s'", - dbname); - exit_status++; return; - } - /* assemble & parse the master key name */ retval = krb5_db_setup_mkey_name(context, mkey_name, realm, &mkey_fullname, &master_princ); @@ -133,7 +134,7 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_init(context); + retval = krb5_db_open(context, db5util_db_args, KRB5_KDB_OPEN_RW); if (retval) { com_err(argv[0], retval, "while initializing the database '%s'", dbname); @@ -159,8 +160,8 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_store_mkey(context, keyfile, master_princ, - &master_keyblock); + retval = krb5_db_store_master_key(context, keyfile, master_princ, + &master_keyblock, NULL); if (retval) { com_err(argv[0], errno, "while storing key"); memset((char *)master_keyblock.contents, 0, master_keyblock.length); diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 524976867..a95dff702 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -57,7 +57,6 @@ #include <k5-int.h> #include <kadm5/admin.h> #include <krb5/adm_proto.h> -#include <kadm5/adb.h> #include <time.h> #include "kdb5_util.h" @@ -76,13 +75,12 @@ char *mkey_password = 0; int exit_status = 0; krb5_context util_context; -osa_adb_policy_t policy_db; kadm5_config_params global_params; void usage() { fprintf(stderr, "Usage: " - "kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" + "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" "\t [-sf stashfilename] [-m] cmd [cmd_options]\n" "\tcreate [-s]\n" "\tdestroy [-f]\n" @@ -91,9 +89,9 @@ void usage() "\t [-mkey_convert] [-new_mkey_file mkey_file]\n" "\t [-rev] [-recurse] [filename [princs...]]\n" "\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n" - "\tdump_v4 [-S] [filename]\n" - "\tload_v4 [-S] [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n" - "\tark [-e etype_list] principal\n"); + "\tark [-e etype_list] principal\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n"); exit(1); } @@ -101,7 +99,6 @@ extern krb5_keyblock master_keyblock; extern krb5_principal master_princ; krb5_db_entry master_entry; int valid_master_key = 0; -int close_policy_db = 0; char *progname; krb5_boolean manual_mkey = FALSE; @@ -123,8 +120,8 @@ struct _cmd_table { {"stash", kdb5_stash, 1}, {"dump", dump_db, 1}, {"load", load_db, 0}, - {"dump_v4", dump_v4db, 1}, - {"load_v4", load_v4db, 0}, +/* {"dump_v4", dump_v4db, 1}, */ +/* {"load_v4", load_v4db, 0}, */ {"ark", add_random_key, 1}, {NULL, NULL, 0}, }; @@ -144,6 +141,9 @@ static struct _cmd_table *cmd_lookup(name) } #define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL)) + +char **db5util_db_args = NULL; +int db5util_db_args_size = 0; int main(argc, argv) int argc; @@ -151,6 +151,7 @@ int main(argc, argv) { struct _cmd_table *cmd = NULL; char *koptarg, **cmd_argv; + char *db_name_tmp = NULL; int cmd_argc; krb5_error_code retval; @@ -159,7 +160,8 @@ int main(argc, argv) com_err (progname, retval, "while initializing Kerberos code"); exit(1); } - initialize_adb_error_table(); + +/* initialize_adb_error_table(); */ progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]); @@ -179,6 +181,47 @@ int main(argc, argv) } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { global_params.dbname = koptarg; global_params.mask |= KADM5_CONFIG_DBNAME; + + db_name_tmp = malloc( strlen(global_params.dbname) + sizeof("dbname=")); + if( db_name_tmp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments"); + exit(1); + } + + strcpy( db_name_tmp, "dbname="); + strcat( db_name_tmp, global_params.dbname ); + + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = db_name_tmp; + db5util_db_args[db5util_db_args_size] = NULL; + + } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) { + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = koptarg; + db5util_db_args[db5util_db_args_size] = NULL; + } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { global_params.realm = koptarg; global_params.mask |= KADM5_CONFIG_REALM; @@ -217,6 +260,18 @@ int main(argc, argv) if (cmd_argv[0] == NULL) usage(); + if( !util_context->default_realm ) + { + char *temp = NULL; + retval = krb5_get_default_realm(util_context, &temp); + if( retval ) + { + com_err (progname, retval, "while getting default realm"); + exit(1); + } + util_context->default_realm = temp; + } + retval = kadm5_get_config_params(util_context, NULL, NULL, &global_params, &global_params); if (retval) { @@ -243,9 +298,12 @@ int main(argc, argv) (*cmd->func)(cmd_argc, cmd_argv); - if(close_policy_db) { - (void) osa_adb_close_policy(policy_db); - } + if( db_name_tmp ) + free( db_name_tmp ); + + if( db5util_db_args ) + free(db5util_db_args); + kadm5_free_config_params(util_context, &global_params); krb5_free_context(util_context); return exit_status; @@ -307,22 +365,11 @@ static int open_db_and_mkey() dbactive = FALSE; valid_master_key = 0; - if ((retval = krb5_db_set_name(util_context, global_params.dbname))) { - com_err(progname, retval, "while setting active database to '%s'", - global_params.dbname); - exit_status++; - return(1); - } - if ((retval = krb5_db_init(util_context))) { + if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { com_err(progname, retval, "while initializing database"); exit_status++; return(1); } - if ((retval = osa_adb_open_policy(&policy_db, &global_params))) { - com_err(progname, retval, "opening policy database"); - exit_status++; - return (1); - } /* assemble & parse the master key name */ @@ -497,7 +544,7 @@ add_random_key(argc, argv) } if (more) { fprintf(stderr, "principal %s not unique\n", pr_str); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } @@ -523,7 +570,7 @@ add_random_key(argc, argv) free(keysalts); if (ret) { com_err(me, ret, "while randomizing principal %s", pr_str); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } @@ -531,19 +578,19 @@ add_random_key(argc, argv) ret = krb5_timeofday(util_context, &now); if (ret) { com_err(me, ret, "while getting time"); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now); if (ret) { com_err(me, ret, "while setting changetime"); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } ret = krb5_db_put_principal(util_context, &dbent, &n); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); if (ret) { com_err(me, ret, "while saving principal %s", pr_str); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h index c63ca0371..bb6b0ac64 100644 --- a/src/kadmin/dbutil/kdb5_util.h +++ b/src/kadmin/dbutil/kdb5_util.h @@ -40,6 +40,8 @@ extern krb5_context util_context; extern kadm5_config_params global_params; extern int valid_master_key; extern krb5_db_entry master_db; +extern char **db5util_db_args; +extern int db5util_db_args_size; extern void usage(void); @@ -67,8 +69,7 @@ extern int kadm5_create_magic_princs (kadm5_config_params *params, extern int process_ov_principal (char *fname, krb5_context kcontext, FILE *filep, int verbose, - int *linenop, - void *pol_db); + int *linenop); extern void load_db (int argc, char **argv); extern void dump_db (int argc, char **argv); diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index 15978f8a3..f4338bc90 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -5,7 +5,10 @@ #include <memory.h> #endif -#include <kadm5/adb.h> +#include <k5-int.h> +#include <kadm5/admin.h> +#include <kadm5/server_internal.h> +#include <krb5/kdb.h> #include "import_err.h" #include "kdb5_util.h" #include "nstrtok.h" @@ -92,17 +95,16 @@ done: * [modifies] * */ -int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db) +int process_ov_principal(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { XDR xdrs; osa_princ_ent_t rec; - osa_adb_ret_t ret; + krb5_error_code ret; krb5_tl_data tl_data; krb5_principal princ; krb5_db_entry kdb; @@ -177,7 +179,7 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db) xdralloc_create(&xdrs, XDR_ENCODE); if (! xdr_osa_princ_ent_rec(&xdrs, rec)) { xdr_destroy(&xdrs); - ret = OSA_ADB_XDR_FAILURE; + ret = KADM5_XDR_FAILURE; goto done; } diff --git a/src/kadmin/passwd/ChangeLog b/src/kadmin/passwd/ChangeLog index 2d6427994..dec816422 100644 --- a/src/kadmin/passwd/ChangeLog +++ b/src/kadmin/passwd/ChangeLog @@ -1,3 +1,8 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * kpasswd.c: + 2003-01-07 Ken Raeburn <raeburn@mit.edu> * Makefile.ov: Deleted. diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c index 912990d2d..ca47fca5b 100644 --- a/src/kadmin/passwd/kpasswd.c +++ b/src/kadmin/passwd/kpasswd.c @@ -183,6 +183,7 @@ kpasswd(context, argc, argv) /* someday */, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, + NULL, &server_handle); if (code != 0) { if (code == OVSEC_KADM_BAD_PASSWORD) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 24694c31c..12c9bce4c 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,11 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * misc.c: + * ovsec_kadmd.c: + * server_stubs.c: + 2005-04-13 Ken Raeburn <raeburn@mit.edu> * schpw.c (NEED_SOCKETS): Don't define. diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in index 17406e77a..74a8e1bb3 100644 --- a/src/kadmin/server/Makefile.in +++ b/src/kadmin/server/Makefile.in @@ -2,6 +2,7 @@ thisconfigdir=./.. myfulldir=kadmin/server mydir=server BUILDTOP=$(REL)..$(S).. +KDB_DEP_LIB=-ldl -lpthread LOCALINCLUDES = -I$(SRCTOP)/lib/gssapi/generic -I$(SRCTOP)/lib/gssapi/krb5 \ -I$(BUILDTOP)/lib/gssapi/generic -I$(BUILDTOP)/lib/gssapi/krb5 @@ -15,7 +16,7 @@ OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1 all:: $(PROG) $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) install:: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG) diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index f2afd23af..fb9c3a541 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -3,9 +3,9 @@ * */ -#include <kadm5/adb.h> -#include <kadm5/server_internal.h> +#include <k5-int.h> #include <krb5/kdb.h> +#include <kadm5/server_internal.h> #include "misc.h" /* @@ -125,7 +125,7 @@ check_min_life(void *server_handle, krb5_principal principal) ret = kadm5_get_principal(handle->lhandle, principal, &princ, KADM5_PRINCIPAL_NORMAL_MASK); - if(ret != OSA_ADB_OK) + if(ret) return ret; if(princ.aux_attributes & KADM5_POLICY) { if((ret=kadm5_get_policy(handle->lhandle, diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 8709198d6..31cc25223 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -41,6 +41,7 @@ #include <unistd.h> #include <netinet/in.h> #include <arpa/inet.h> /* inet_ntoa */ +#include <netdb.h> #include <gssrpc/rpc.h> #include <gssapi/gssapi.h> #include "gssapiP_krb5.h" /* for kg_get_context */ @@ -130,11 +131,14 @@ void kadm5_set_use_password_server (void); static void usage() { - fprintf(stderr, "Usage: kadmind [-r realm] [-m] [-nofork] " + fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] " #ifdef USE_PASSWORD_SERVER "[-passwordserver] " #endif - "[-port port-number]\n"); + "[-port port-number]\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n" + ); exit(1); } @@ -210,6 +214,8 @@ int main(int argc, char *argv[]) gss_buffer_desc gssbuf; gss_OID nt_krb5_name_oid; kadm5_config_params params; + char **db_args = NULL; + int db_args_size = 0; setvbuf(stderr, NULL, _IONBF, 0); @@ -238,7 +244,24 @@ int main(int argc, char *argv[]) argc--; argv++; while (argc) { - if (strcmp(*argv, "-r") == 0) { + if (strcmp(*argv, "-x") == 0) { + argc--; argv++; + if (!argc) + usage(); + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: cannot initialize. Not enough memory\n", + whoami); + exit(1); + } + db_args = temp; + } + db_args[db_args_size-1] = *argv; + db_args[db_args_size] = NULL; + }else if (strcmp(*argv, "-r") == 0) { argc--; argv++; if (!argc) usage(); @@ -290,22 +313,30 @@ int main(int argc, char *argv[]) NULL, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &global_server_handle)) != KADM5_OK) { + const char *e_txt = error_message(ret); krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", - error_message(ret)); + e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, error_message(ret)); + whoami, e_txt); krb5_klog_close(context); exit(1); } + + if( db_args ) + { + free(db_args), db_args=NULL; + } if ((ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms))) { + const char *e_txt = error_message(ret); krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", - whoami, error_message(ret)); + whoami, e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, error_message(ret)); + whoami, e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -331,21 +362,23 @@ int main(int argc, char *argv[]) addr.sin_port = htons(params.kadmind_port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot create TCP socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "cannot create simple chpw socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot create simple chpw socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -369,22 +402,24 @@ int main(int argc, char *argv[]) SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot set SO_REUSEADDR: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "main", "cannot set SO_REUSEADDR on simple chpw socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot set SO_REUSEADDR on simple chpw socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); } @@ -398,11 +433,12 @@ int main(int argc, char *argv[]) if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) { int oerrno = errno; + const char *e_txt = error_message(errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", error_message(oerrno)); + fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", - error_message(errno)); + e_txt); if(oerrno == EADDRINUSE) { char *w = strrchr(whoami, '/'); if (w) { @@ -438,12 +474,13 @@ int main(int argc, char *argv[]) if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) { char portbuf[32]; int oerrno = errno; + const char *e_txt = error_message(errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", error_message(oerrno)); + fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; sprintf(portbuf, "%d", ntohs(addr.sin_port)); krb5_klog_syslog(LOG_ERR, "cannot bind simple chpw socket: %s", - error_message(oerrno)); + e_txt); if(oerrno == EADDRINUSE) { char *w = strrchr(whoami, '/'); if (w) { diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 579498fc1..016288773 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -250,22 +250,22 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -281,16 +281,37 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, arg->passwd); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); + + exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -307,22 +328,22 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -340,16 +361,36 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) arg->n_ks_tuple, arg->ks_tuple, arg->passwd); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -366,22 +407,22 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -393,15 +434,37 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free(prime_arg); free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); + exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } + return &ret; } @@ -419,20 +482,20 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -447,16 +510,36 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -476,21 +559,21 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) || krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); @@ -516,17 +599,37 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg1); free(prime_arg2); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -544,11 +647,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gprinc_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -558,11 +661,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && @@ -589,16 +692,37 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) arg->mask); } + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -615,18 +739,18 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gprincs_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) @@ -645,15 +769,36 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, &ret.count); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -670,22 +815,22 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -704,17 +849,37 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -731,22 +896,22 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -771,17 +936,37 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -798,22 +983,22 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -829,17 +1014,37 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -856,22 +1061,22 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -887,17 +1092,37 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -914,22 +1139,22 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -948,17 +1173,37 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -977,11 +1222,12 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; + if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -992,11 +1238,11 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; free_server_handle(handle); - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -1025,16 +1271,36 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1053,11 +1319,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -1068,11 +1334,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; free_server_handle(handle); - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -1107,16 +1373,36 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1133,18 +1419,18 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->rec.policy; @@ -1159,15 +1445,36 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1184,18 +1491,18 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->name; @@ -1208,15 +1515,36 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1233,18 +1561,18 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->rec.policy; @@ -1258,15 +1586,36 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_policy((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1286,11 +1635,11 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gpol_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -1300,7 +1649,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->name; @@ -1337,11 +1686,20 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) &ret.rec); } + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } else { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, prime_arg, client_name.value, service_name.value, @@ -1350,6 +1708,18 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1367,18 +1737,18 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gpols_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) @@ -1395,15 +1765,36 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_policies((void *)handle, arg->exp, &ret.pols, &ret.count); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1417,29 +1808,51 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) xdr_free(xdr_getprivs_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } ret.code = kadm5_get_privs((void *)handle, &ret.privs); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", client_name.value, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1454,7 +1867,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - return &ret; + goto exit_func; if (! (ret.code = check_handle((void *)handle))) { ret.api_version = handle->api_version; } @@ -1463,7 +1876,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", @@ -1477,6 +1890,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return(&ret); } diff --git a/src/kadmin/testing/util/ChangeLog b/src/kadmin/testing/util/ChangeLog index f34d8f83c..a81e3491f 100644 --- a/src/kadmin/testing/util/ChangeLog +++ b/src/kadmin/testing/util/ChangeLog @@ -1,3 +1,10 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * tcl_kadm5.c: + * tcl_ovsec_kadm.c: + 2005-02-10 Tom Yu <tlyu@mit.edu> * tcl_kadm5.c (unparse_err): Add entries for KRB5_CC_NOTFOUND and diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in index bc3e730be..f53861e21 100644 --- a/src/kadmin/testing/util/Makefile.in +++ b/src/kadmin/testing/util/Makefile.in @@ -2,10 +2,11 @@ thisconfigdir=./../.. myfulldir=kadmin/testing/util mydir=testing/util BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = $(TCL_INCLUDES) +LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/ # Force Tcl headers to use stdarg.h, because krb5 does too, and if # Tcl uses varargs.h it'll just mess things up. DEFINES= -DHAS_STDARG +KRB5_PTHREAD_LIB=-lpthread PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH) @@ -29,11 +30,11 @@ all-tcl:: $(CLNTPROG) $(SRVPROG) $(SRVPROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(SRVPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) + $(KADMSRV_LIBS) $(KRB5_PTHREAD_LIB) $(KRB5_BASE_LIBS) $(TCL_LIBS) $(CLNTPROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(CLNTPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ - $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) + $(KRB5_PTHREAD_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) bsddb_dump: bsddb_dump.o $(CC_LINK) -o bsddb_dump bsddb_dump.o $(KADMSRV_LIBS) @@ -59,8 +60,8 @@ $(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): tcl_ovsec_kadm.c \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - tcl_kadm5.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -74,6 +75,6 @@ $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/lib/kdb/adb_err.h tcl_kadm5.h $(OUTPRE)test.$(OBJEXT): test.c tcl_kadm5.h diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index a6b945277..828f207a6 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -11,6 +11,7 @@ #include <k5-int.h> #include <errno.h> #include <stdlib.h> +#include <adb_err.h> #include "tcl_kadm5.h" struct flagval { @@ -1622,12 +1623,12 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData, ret = kadm5_init_with_creds(client_name, cc, service_name, ¶ms, struct_version, - api_version, &server_handle); + api_version, NULL, &server_handle); (void) krb5_cc_close(context, cc); } else ret = kadm5_init(client_name, pass, service_name, ¶ms, - struct_version, api_version, &server_handle); + struct_version, api_version, NULL, &server_handle); if (ret != KADM5_OK) { stash_error(interp, ret); diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c index e67b84d5c..9aaa85023 100644 --- a/src/kadmin/testing/util/tcl_ovsec_kadm.c +++ b/src/kadmin/testing/util/tcl_ovsec_kadm.c @@ -12,6 +12,7 @@ #include <errno.h> #include <stdlib.h> #include "tcl_kadm5.h" +#include <adb_err.h> struct flagval { char *name; @@ -1044,7 +1045,7 @@ static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp, } ret = ovsec_kadm_init(client_name, pass, service_name, realm, - struct_version, api_version, &server_handle); + struct_version, api_version, NULL, &server_handle); if (ret != OVSEC_KADM_OK) { stash_error(interp, ret); |