diff options
Diffstat (limited to 'src/lib/kadm5')
-rw-r--r-- | src/lib/kadm5/ChangeLog | 9 | ||||
-rw-r--r-- | src/lib/kadm5/admin.h | 29 | ||||
-rw-r--r-- | src/lib/kadm5/alt_prof.c | 69 |
3 files changed, 104 insertions, 3 deletions
diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index 4a1184156..aef485371 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,12 @@ +2001-09-25 Ken Raeburn <raeburn@mit.edu> + + * admin.h (krb5_realm_params): Add fields realm_reject_bad_transit + and realm_reject_bad_transit_valid; delete field realm_filler. + * alt_prof.c (string_to_boolean, krb5_aprof_get_boolean): New + functions. + (krb5_read_realm_params): Parse "reject_bad_transit" value as + boolean and save it. + 2001-07-25 Ezra Peisach <epeisach@mit.edu> * kadm_rpc_xdr.c: Add xdr_krb5_ui_2. diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 5df8f8ef9..c3242c035 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -1,4 +1,30 @@ /* + * lib/kadm5/admin.h + * + * Copyright 2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ +/* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * * $Header$ @@ -234,13 +260,14 @@ typedef struct __krb5_realm_params { krb5_timestamp realm_expiration; krb5_flags realm_flags; krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; unsigned int realm_kadmind_port_valid:1; unsigned int realm_enctype_valid:1; unsigned int realm_max_life_valid:1; unsigned int realm_max_rlife_valid:1; unsigned int realm_expiration_valid:1; unsigned int realm_flags_valid:1; - unsigned int realm_filler:7; + unsigned int realm_reject_bad_transit_valid:1; krb5_int32 realm_num_keysalts; } krb5_realm_params; diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index c6156f698..2d729e938 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -1,7 +1,7 @@ /* * lib/kadm/alt_prof.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995,2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -116,6 +116,64 @@ krb5_aprof_getvals(acontext, hierarchy, retdata) } /* + * krb5_aprof_get_boolean() + * + * Parameters: + * acontext - opaque context for alternate profile + * hierarchy - hierarchy of value to retrieve + * retdata - Returned data value + * Returns: + * error codes + */ + +static krb5_error_code +string_to_boolean (const char *string, krb5_boolean *out) +{ + static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; + static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; + int i; + + for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) + if (!strcasecmp(string, yes[i])) { + *out = 1; + return 0; + } + for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) + if (!strcasecmp(string, no[i])) { + *out = 0; + return 0; + } + return PROF_BAD_BOOLEAN; +} + +krb5_error_code +krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy, + int uselast, int *retdata) +{ + krb5_error_code kret; + char **values; + char *valp; + int idx; + krb5_boolean val; + + kret = krb5_aprof_getvals (acontext, hierarchy, &values); + if (kret) + return kret; + idx = 0; + if (uselast) { + while (values[idx]) + idx++; + idx--; + } + valp = values[idx]; + kret = string_to_boolean (valp, &val); + if (kret) + return kret; + *retdata = val; + return 0; +} + +/* * krb5_aprof_get_deltat() - Get a delta time value from the alternate * profile. * @@ -736,6 +794,7 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) const char *hierarchy[4]; char *svalue; krb5_int32 ivalue; + krb5_boolean bvalue; krb5_deltat dtvalue; krb5_error_code kret; @@ -832,7 +891,13 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) rparams->realm_expiration_valid = 1; krb5_xfree(svalue); } - + + hierarchy[2] = "reject_bad_transit"; + if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { + rparams->realm_reject_bad_transit = bvalue; + rparams->realm_reject_bad_transit_valid = 1; + } + /* Get the value for the default principal flags */ hierarchy[2] = "default_principal_flags"; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { |