From ed2b66cda75be9467f340aedd349ed619ae21f2a Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 7 May 1999 21:17:05 +0000 Subject: ovsec_kadmd.c: Remove dependency on gssapi_krb5.h by using gss_str_to_oid() to get the necessary oid for the krb5_name name type. Also added #include files to get prototypes and fixed some gcc -Wall nits. Fixed calls to krb5_klog_close() to pass the krb5_context as an argument. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11427 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ChangeLog | 8 +++ src/kadmin/server/ovsec_kadmd.c | 137 +++++++++++++++++++++++++++++----------- 2 files changed, 108 insertions(+), 37 deletions(-) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 42bef0e09..a0ecbe19f 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,11 @@ +Fri May 7 17:15:17 1999 Theodore Y. Ts'o + + * ovsec_kadmd.c: Remove dependency on gssapi_krb5.h by using + gss_str_to_oid() to get the necessary oid for the + krb5_name name type. Also added #include files to get + prototypes and fixed some gcc -Wall nits. Fixed calls to + krb5_klog_close() to pass the krb5_context as an argument. + Mon Mar 1 21:24:49 1999 Tom Yu * ovsec_kadmd.c (log_badverf): Actually make a real lookup table diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 9337fb925..8e3c5ca71 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -43,10 +43,12 @@ #include /* inet_ntoa */ #include #include -#include +#include #include #include #include +#include +#include #include #ifdef PURIFY @@ -130,6 +132,58 @@ void usage() exit(1); } +/* + * Function: display_status + * + * Purpose: displays GSS-API messages + * + * Arguments: + * + * msg a string to be displayed with the message + * maj_stat the GSS-API major status code + * min_stat the GSS-API minor status code + * + * Effects: + * + * The GSS-API messages associated with maj_stat and min_stat are + * displayed on stderr, each preceeded by "GSS-API error : " and + * followed by a newline. + */ +static void display_status_1(); + +void display_status(msg, maj_stat, min_stat) + char *msg; + OM_uint32 maj_stat; + OM_uint32 min_stat; +{ + display_status_1(msg, maj_stat, GSS_C_GSS_CODE); + display_status_1(msg, min_stat, GSS_C_MECH_CODE); +} + +static void display_status_1(m, code, type) + char *m; + OM_uint32 code; + int type; +{ + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + fprintf(stderr, "GSS-API error %s: %s\n", m, + (char *)msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } +} + + /* XXX yuck. the signal handlers need this */ static krb5_context context; @@ -139,20 +193,29 @@ int main(int argc, char *argv[]) register SVCXPRT *transp; extern char *optarg; extern int optind, opterr; - int ret, rlen, nofork, oldnames = 0; - OM_uint32 OMret; + int ret, nofork, oldnames = 0; + OM_uint32 OMret, major_status, minor_status; char *whoami; - FILE *acl_file; gss_buffer_desc in_buf; - struct servent *srv; struct sockaddr_in addr; int s; - short port = 0; auth_gssapi_name names[4]; - + gss_buffer_desc gssbuf; + gss_OID nt_krb5_name_oid; + + /* This is OID value the Krb5_Name NameType */ + gssbuf.value = "1.2.840.113554.1.2.2.1"; + gssbuf.length = strlen(gssbuf.value); + major_status = gss_str_to_oid(&minor_status, &gssbuf, &nt_krb5_name_oid); + if (major_status != GSS_S_COMPLETE) { + fprintf(stderr, "Couldn't create KRB5 Name NameType OID\n"); + display_status("str_to_oid", major_status, minor_status); + exit(1); + } + names[0].name = names[1].name = names[2].name = names[3].name = NULL; names[0].type = names[1].type = names[2].type = names[3].type = - (gss_OID) gss_nt_krb5_name; + nt_krb5_name_oid; #ifdef PURIFY purify_start_batch(); @@ -192,7 +255,7 @@ int main(int argc, char *argv[]) if (argc != 0) usage(); - if (ret = krb5_init_context(&context)) { + if ((ret = krb5_init_context(&context))) { fprintf(stderr, "%s: %s while initializing context, aborting\n", whoami, error_message(ret)); exit(1); @@ -210,18 +273,18 @@ int main(int argc, char *argv[]) error_message(ret)); fprintf(stderr, "%s: %s while initializing, aborting\n", whoami, error_message(ret)); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } - if (ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, - ¶ms)) { + if ((ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, + ¶ms))) { krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", whoami, error_message(ret)); fprintf(stderr, "%s: %s while initializing, aborting\n", whoami, error_message(ret)); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -235,7 +298,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "%s: Missing required configuration values " "(%x) while initializing, aborting\n", whoami, (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); - krb5_klog_close(); + krb5_klog_close(context); kadm5_destroy(global_server_handle); exit(1); } @@ -251,7 +314,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Cannot create TCP socket: %s", error_message(errno)); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -262,7 +325,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Cannot create simple chpw socket: %s", error_message(errno)); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -289,7 +352,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Cannot set SO_REUSEADDR: %s", error_message(errno)); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR, @@ -301,7 +364,7 @@ int main(int argc, char *argv[]) "Cannot set SO_REUSEADDR on simple chpw socket: %s", error_message(errno)); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); } } @@ -341,7 +404,7 @@ int main(int argc, char *argv[]) htons(addr.sin_port)); } kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } memset(&addr, 0, sizeof(addr)); @@ -375,7 +438,7 @@ int main(int argc, char *argv[]) w, ntohs(addr.sin_port), w); } kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -384,14 +447,14 @@ int main(int argc, char *argv[]) fprintf(stderr, "%s: Cannot create RPC service.\n", whoami); krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %m"); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } if(!svc_register(transp, KADM, KADMVERS, kadm_1, 0)) { fprintf(stderr, "%s: Cannot register RPC service.\n", whoami); krb5_klog_syslog(LOG_ERR, "Cannot register RPC service, failing."); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -408,7 +471,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "%s: Cannot build GSS-API authentication names.\n", whoami); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -431,19 +494,19 @@ int main(int argc, char *argv[]) whoami); _svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } /* if set_names succeeded, this will too */ in_buf.value = names[1].name; in_buf.length = strlen(names[1].name) + 1; - (void) gss_import_name(&OMret, &in_buf, (gss_OID) gss_nt_krb5_name, + (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, &gss_changepw_name); if (oldnames) { in_buf.value = names[3].name; in_buf.length = strlen(names[3].name) + 1; - (void) gss_import_name(&OMret, &in_buf, (gss_OID) gss_nt_krb5_name, + (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, &gss_oldchangepw_name); } @@ -451,14 +514,14 @@ int main(int argc, char *argv[]) _svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); - if (ret = acl_init(context, 0, params.acl_file)) { + if ((ret = acl_init(context, 0, params.acl_file))) { krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", error_message(ret)); fprintf(stderr, "%s: Cannot initialize acl file: %s\n", whoami, error_message(ret)); _svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -469,7 +532,7 @@ int main(int argc, char *argv[]) whoami, error_message(ret)); _svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -495,7 +558,7 @@ int main(int argc, char *argv[]) } } - krb5_klog_close(); + krb5_klog_close(context); krb5_free_context(context); exit(2); } @@ -558,7 +621,7 @@ void kadm_svc_run(void) while(signal_request_exit == 0) { if (signal_request_hup) { reset_db(); - krb5_klog_reopen(); + krb5_klog_reopen(context); signal_request_hup = 0; } #ifdef PURIFY @@ -684,7 +747,7 @@ void reset_db(void) krb5_klog_syslog(LOG_ERR, "FATAL ERROR! %s while flushing databases. " "Databases may be corrupt! Aborting.", error_message(ret)); - krb5_klog_close(); + krb5_klog_close(context); exit(3); } #endif @@ -962,7 +1025,7 @@ void do_schpw(int s1, kadm5_config_params *params) return; } - if (ret = krb5_kt_resolve(context, params->admin_keytab, &kt)) { + if ((ret = krb5_kt_resolve(context, params->admin_keytab, &kt))) { krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", error_message(ret)); return; @@ -994,7 +1057,7 @@ void do_schpw(int s1, kadm5_config_params *params) error_message(errno)); _svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(context); exit(1); } @@ -1004,9 +1067,9 @@ void do_schpw(int s1, kadm5_config_params *params) goto cleanup; } - if (ret = process_chpw_request(context, global_server_handle, - params->realm, s2, kt, &from, - &reqdata, &repdata)) { + if ((ret = process_chpw_request(context, global_server_handle, + params->realm, s2, kt, &from, + &reqdata, &repdata))) { krb5_klog_syslog(LOG_ERR, "chpw: Error processing request: %s", error_message(ret)); } -- cgit