summaryrefslogtreecommitdiff
path: root/crypto/heimdal/kadmin
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin')
-rw-r--r--crypto/heimdal/kadmin/ChangeLog592
-rw-r--r--crypto/heimdal/kadmin/Makefile.am74
-rw-r--r--crypto/heimdal/kadmin/Makefile.in771
-rw-r--r--crypto/heimdal/kadmin/add-random-users.c184
-rw-r--r--crypto/heimdal/kadmin/ank.c313
-rw-r--r--crypto/heimdal/kadmin/cpw.c213
-rw-r--r--crypto/heimdal/kadmin/del.c80
-rw-r--r--crypto/heimdal/kadmin/del_enctype.c148
-rw-r--r--crypto/heimdal/kadmin/dump.c80
-rw-r--r--crypto/heimdal/kadmin/ext.c116
-rw-r--r--crypto/heimdal/kadmin/get.c290
-rw-r--r--crypto/heimdal/kadmin/init.c227
-rw-r--r--crypto/heimdal/kadmin/kadm_conn.c292
-rw-r--r--crypto/heimdal/kadmin/kadmin.8255
-rw-r--r--crypto/heimdal/kadmin/kadmin.c322
-rw-r--r--crypto/heimdal/kadmin/kadmin.cat8121
-rw-r--r--crypto/heimdal/kadmin/kadmin_locl.h193
-rw-r--r--crypto/heimdal/kadmin/kadmind.8155
-rw-r--r--crypto/heimdal/kadmin/kadmind.c178
-rw-r--r--crypto/heimdal/kadmin/kadmind.cat893
-rw-r--r--crypto/heimdal/kadmin/load.c540
-rw-r--r--crypto/heimdal/kadmin/mod.c149
-rw-r--r--crypto/heimdal/kadmin/random_password.c157
-rw-r--r--crypto/heimdal/kadmin/rename.c88
-rw-r--r--crypto/heimdal/kadmin/server.c567
-rw-r--r--crypto/heimdal/kadmin/util.c640
-rw-r--r--crypto/heimdal/kadmin/version4.c1013
27 files changed, 0 insertions, 7851 deletions
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog
deleted file mode 100644
index a4577537efcb..000000000000
--- a/crypto/heimdal/kadmin/ChangeLog
+++ /dev/null
@@ -1,592 +0,0 @@
-2002-10-21 Johan Danielsson <joda@pdc.kth.se>
-
- * version4.c: pull up 1.27; check size of rlen
-
-2002-09-10 Johan Danielsson <joda@pdc.kth.se>
-
- * server.c: constify match_appl_version()
-
- * version4.c: change some lingering krb_err_base
-
-2002-09-09 Jacques Vidrine <nectar@kth.se>
-
- * server.c (kadmind_dispatch): while decoding arguments for
- kadm_chpass_with_key, sanity check the number of keys given.
- Potential problem pointed out by
- Sebastian Krahmer <krahmer@suse.de>.
-
-2002-09-04 Johan Danielsson <joda@pdc.kth.se>
-
- * load.c (parse_generation): return if there is no generation
- (spotted by Daniel Kouril)
-
-2002-06-07 Jacques Vidrine <n@nectar.com>
-
- * ank.c: do not attempt to free uninitialized pointer when
- kadm5_randkey_principal fails.
-
-2002-06-07 Johan Danielsson <joda@pdc.kth.se>
-
- * util.c: remove unused variable; reported by Hans Insulander
-
-2002-03-05 Johan Danielsson <joda@pdc.kth.se>
-
- * kadmind.8: clarify some acl wording, and add an example file
-
-2002-02-11 Johan Danielsson <joda@pdc.kth.se>
-
- * ext.c: no need to use the "modify" keytab anymore
-
-2001-09-20 Assar Westerlund <assar@sics.se>
-
- * add-random-users.c: allocate several buffers for the list of
- words, instead of one strdup per word (running under efence does
- not work very well otherwise)
-
-2001-09-13 Assar Westerlund <assar@sics.se>
-
- * add-random-users.c: allow specifying the number of users to
- create
-
-2001-08-24 Assar Westerlund <assar@sics.se>
-
- * Makefile.am: rename variable name to avoid error from current
- automake
-
-2001-08-22 Assar Westerlund <assar@sics.se>
-
- * kadmin_locl.h: include libutil.h if it exists
-
-2001-08-10 Johan Danielsson <joda@pdc.kth.se>
-
- * util.c: do something to handle C-c in prompts
-
- * load.c: remove unused etypes code, and add parsing of the
- generation field
-
- * ank.c: add a --use-defaults option to just use default values
- without questions
-
- * kadmin.c: add "del" alias for delete
-
- * cpw.c: call this operation "passwd" in usage
-
- * kadmin_locl.h: prototype for set_defaults
-
- * util.c (edit_entry): move setting of default values to a
- separate function, set_defaults
-
-2001-08-01 Johan Danielsson <joda@pdc.kth.se>
-
- * kadmin.c: print help message on bad options
-
-2001-07-31 Assar Westerlund <assar@sics.se>
-
- * add-random-users.c (main): handle --version
-
-2001-07-30 Johan Danielsson <joda@pdc.kth.se>
-
- * load.c: increase line buffer to 8k
-
-2001-06-12 Assar Westerlund <assar@sics.se>
-
- * ext.c (ext_keytab): use the default modify keytab per default
-
-2001-05-17 Assar Westerlund <assar@sics.se>
-
- * kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
-
-2001-05-15 Assar Westerlund <assar@sics.se>
-
- * kadmin.c (main): some error cleaning required
-
-2001-05-14 Assar Westerlund <assar@sics.se>
-
- * kadmind.c: new krb5_config_parse_file
- * kadmin.c: new krb5_config_parse_file
- * kadm_conn.c: update to new krb5_sockaddr2address
-
-2001-05-07 Assar Westerlund <assar@sics.se>
-
- * kadmin_locl.h (foreach_principal): update prototype
- * get.c (getit): new foreach_principal
- * ext.c (ext_keytab): new foreach_principal
- * del.c (del_entry): new foreach_principal
- * cpw.c (cpw_entry): new foreach_principal
- * util.c (foreach_principal): add `funcname' and try printing the
- error string
-
-2001-05-04 Johan Danielsson <joda@pdc.kth.se>
-
- * rename.c: fix argument number test
-
-2001-04-19 Johan Danielsson <joda@pdc.kth.se>
-
- * del_enctype.c: fix argument count check after getarg change;
- spotted by mark@MCS.VUW.AC.NZ
-
-2001-02-15 Assar Westerlund <assar@sics.se>
-
- * kadmind.c (main): use a `struct sockaddr_storage' to be able to
- store all types of addresses
-
-2001-02-07 Assar Westerlund <assar@sics.se>
-
- * kadmin.c: add --keytab / _K, from Leif Johansson
- <leifj@it.su.se>
-
-2001-01-29 Assar Westerlund <assar@sics.se>
-
- * kadm_conn.c (spawn_child): close the newly created socket in the
- packet, it's not used. from <shadow@dementia.org>
- * version4.c (decode_packet): check success of
- krb5_425_conv_principal. from <shadow@dementia.org>
-
-2001-01-12 Assar Westerlund <assar@sics.se>
-
- * util.c (parse_attributes): make empty string mean no attributes,
- specifying the empty string at the command line should give you no
- attributes, but just pressing return at the prompt gives you
- default attributes
- (edit_entry): only pick up values from the default principal if they
- aren't set in the principal being edited
-
-2001-01-04 Assar Westerlund <assar@sics.se>
-
- * load.c (doit): print an error and bail out if storing an entry
- in the database fails. The most likely reason for it failing is
- out-of-space.
-
-2000-12-31 Assar Westerlund <assar@sics.se>
-
- * kadmind.c (main): handle krb5_init_context failure consistently
- * kadmin.c (main): handle krb5_init_context failure consistently
- * add-random-users.c (add_user): handle krb5_init_context failure
- consistently
-
- * kadm_conn.c (spawn_child): use a struct sockaddr_storage
-
-2000-12-15 Johan Danielsson <joda@pdc.kth.se>
-
- * get.c: avoid asprintf'ing NULL strings
-
-2000-12-14 Johan Danielsson <joda@pdc.kth.se>
-
- * load.c: fix option parsing
-
-2000-11-16 Assar Westerlund <assar@sics.se>
-
- * kadm_conn.c (wait_for_connection): check for fd's being too
- large to select on
-
-2000-11-09 Johan Danielsson <joda@pdc.kth.se>
-
- * get.c: don't try to print modifier name if it isn't set (from
- Jacques A. Vidrine" <n@nectar.com>)
-
-2000-09-19 Assar Westerlund <assar@sics.se>
-
- * server.c (kadmind_loop): send in keytab to v4 handling function
- * version4.c: allow the specification of what keytab to use
-
- * get.c (print_entry_long): actually print the actual saltvalue
- used if it's not the default
-
-2000-09-10 Johan Danielsson <joda@pdc.kth.se>
-
- * kadmin.c: add option parsing, and add `privs' as an alias for
- `privileges'
-
- * init.c: complain if there's no realm name specified
-
- * rename.c: add option parsing
-
- * load.c: add option parsing
-
- * get.c: make `get' and `list' aliases to each other, but with
- different defaults
-
- * del_enctype.c: add option parsing
-
- * del.c: add option parsing
-
- * ank.c: calling the command `add' make more sense from an english
- pov
-
- * Makefile.am: add kadmin manpage
-
- * kadmin.8: short manpage
-
- * kadmin.c: `quit' should be a alias for `exit', not `help'
-
-2000-08-27 Assar Westerlund <assar@sics.se>
-
- * server.c (handle_v5): do not try to perform stupid stunts when
- printing errors
-
-2000-08-19 Assar Westerlund <assar@sics.se>
-
- * util.c (str2time_t): add alias for `now'.
-
-2000-08-18 Assar Westerlund <assar@sics.se>
-
- * server.c (handle_v5): accept any kadmin/admin@* principal as the
- server
- * kadmind.c: remove extra prototype of kadmind_loop
- * kadmin_locl.h (kadmind_loop): add prototype
-
- * init.c (usage): print init-usage and not add-dito
-
-2000-08-07 Johan Danielsson <joda@pdc.kth.se>
-
- * kadmind.c: use roken_getsockname
-
-2000-08-07 Assar Westerlund <assar@sics.se>
-
- * kadmind.c, kadm_conn.c: use socklen_t instead of int where
- appropriate. From <thorpej@netbsd.org>
-
-2000-08-04 Johan Danielsson <joda@pdc.kth.se>
-
- * Makefile.am: link with pidfile library
-
- * kadmind.c: write a pid file, and setup password quality
- functions
-
- * kadmin_locl.h: util.h
-
-2000-07-27 Assar Westerlund <assar@sics.se>
-
- * version4.c (decode_packet): be totally consistent with the
- prototype of des_cbc_cksum
- * kadmind.c: use sa_size instead of sa_len, some systems define
- this to emulate anonymous unions
- * kadm_conn.c: use sa_size instead of sa_len, some systems define
- this to emulate anonymous unions
-
-2000-07-24 Assar Westerlund <assar@sics.se>
-
- * kadmin.c (commands): add quit
- * load.c (doit): truncate the log since there's no way of knowing
- what changes are going to be added
-
-2000-07-23 Assar Westerlund <assar@sics.se>
-
- * util.c (str2time_t): be more careful with strptime that might
- zero out the `struct tm'
-
-2000-07-22 Johan Danielsson <joda@pdc.kth.se>
-
- * kadm_conn.c: make the parent process wait for children and
- terminate after receiving a signal, also terminate on SIGINT
-
-2000-07-22 Assar Westerlund <assar@sics.se>
-
- * version4.c: map both princ_expire_time and pw_expiration to v4
- principal expiration
-
-2000-07-22 Johan Danielsson <joda@pdc.kth.se>
-
- * version4.c (handle_v4): check for termination
-
- * server.c (v5_loop): check for termination
-
- * kadm_conn.c (wait_term): if we're doing something, set just set
- a flag otherwise exit rightaway
-
- * server.c: use krb5_read_priv_message; (v5_loop): check for EOF
-
-2000-07-21 Assar Westerlund <assar@sics.se>
-
- * kadm_conn.c: remove sys/select.h. make signal handlers
- type-correct and static
-
- * kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-20 Assar Westerlund <assar@sics.se>
-
- * init.c (init): also create `kadmin/hprop'
- * kadmind.c: ports is a string argument
- * kadm_conn.c (start_server): fix printf format
-
- * kadmin_locl.h: add <sys/select.h>
- * kadm_conn.c: remove sys/select.h. make signal handlers
- type-correct and static
-
- * kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-17 Johan Danielsson <joda@pdc.kth.se>
-
- * kadm_conn.c: put all processes in a new process group
-
- * server.c (v5_loop): use krb5_{read,write}_priv_message
-
-2000-07-11 Johan Danielsson <joda@pdc.kth.se>
-
- * version4.c: change log strings to match the v5 counterparts
-
- * mod.c: allow setting kvno
-
- * kadmind.c: if stdin is not a socket create and listen to sockets
-
- * kadm_conn.c: socket creation functions
-
- * util.c (deltat2str): treat 0 and INT_MAX as never
-
-2000-07-08 Assar Westerlund <assar@sics.se>
-
- * Makefile.am (INCLUDES): add ../lib/krb5
- * kadmin_locl.h: add krb5_locl.h (since we just use some stuff
- from there)
-
-2000-06-07 Assar Westerlund <assar@sics.se>
-
- * add-random-users.c: new testing program that adds a number of
- randomly generated users
-
-2000-04-12 Assar Westerlund <assar@sics.se>
-
- * cpw.c (do_cpw_entry): call set_password if no argument is given,
- it will prompt for the password.
- * kadmin.c: make help only print the commands that are actually
- available.
-
-2000-04-03 Assar Westerlund <assar@sics.se>
-
- * del_enctype.c (del_enctype): set ignore correctly
-
-2000-04-02 Assar Westerlund <assar@sics.se>
-
- * kadmin.c (main): make parse errors a fatal error
- * init.c (init): create changepw/kerberos with disallow-tgt and
- pwchange attributes
-
-2000-03-23 Assar Westerlund <assar@sics.se>
-
- * util.c (hex2n, parse_des_key): add
- * server.c (kadmind_dispatch): add kadm_chpass_with_key
- * cpw.c: add --key
- * ank.c: add --key
-
-2000-02-16 Assar Westerlund <assar@sics.se>
-
- * load.c (doit): check return value from parse_hdbflags2int
- correctly
-
-2000-01-25 Assar Westerlund <assar@sics.se>
-
- * load.c: checking all parsing for errors and all memory
- allocations also
-
-2000-01-02 Assar Westerlund <assar@sics.se>
-
- * server.c: check initial flag in ticket and allow users to change
- their own password if it's set
- * ext.c (do_ext_keytab): set timestamp
-
-1999-12-14 Assar Westerlund <assar@sics.se>
-
- * del_enctype.c (usage): don't use arg_printusage
-
-1999-11-25 Assar Westerlund <assar@sics.se>
-
- * del_enctype.c (del_enctype): try not to leak memory
-
- * version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
- _with_key)
-
- * kadmin.c: add `del_enctype'
-
- * del_enctype.c (del_enctype): new function for deleting enctypes
- from a principal
-
- * Makefile.am (kadmin_SOURCES): add del_enctype.c
-
-1999-11-09 Johan Danielsson <joda@pdc.kth.se>
-
- * server.c: cope with old clients
-
- * kadmin_locl.h: remove version string
-
-1999-10-17 Assar Westerlund <assar@sics.se>
-
- * Makefile.am (kadmin_LDADD): add LIB_dlopen
-
-1999-10-01 Assar Westerlund <assar@sics.se>
-
- * ank.c (add_one_principal): `password' can cactually be NULL in
- the overwrite code, check for it.
-
-1999-09-20 Assar Westerlund <assar@sics.se>
-
- * mod.c (mod_entry): print the correct principal name in error
- messages. From Love <lha@e.kth.se>
-
-1999-09-10 Assar Westerlund <assar@sics.se>
-
- * init.c (init): also create `changepw/kerberos'
-
- * version4.c: only create you loose packets when we fail decoding
- and not when an operation is not performed for some reason
- (decode_packet): read the service key from the hdb
- (dispatch, decode_packet): return proper error messages
-
- * version4.c (kadm_ser_cpw): add password quality functions
-
-1999-08-27 Johan Danielsson <joda@pdc.kth.se>
-
- * server.c (handle_v5): give more informative message if
- KRB5_KT_NOTFOUND
-
-1999-08-26 Johan Danielsson <joda@pdc.kth.se>
-
- * kadmind.c: use HDB keytabs
-
-1999-08-25 Assar Westerlund <assar@sics.se>
-
- * cpw.c (set_password): use correct variable. From Love
- <lha@e.kth.se>
-
- * server.c (v5_loop): use correct error code
-
- * ank.c (add_one_principal): initialize `default_ent'
-
-1999-08-21 Assar Westerlund <assar@sics.se>
-
- * random_password.c: new file, stolen from krb4
-
- * kadmin_locl.h: add prototype for random_password
-
- * cpw.c: add support for --random-password
-
- * ank.c: add support for --random-password
-
- * Makefile.am (kadmin_SOURCES): add random_password.c
-
-1999-08-19 Assar Westerlund <assar@sics.se>
-
- * util.c (edit_timet): break when we manage to parse the time not
- the inverse.
-
- * mod.c: add parsing of lots of options. From Love
- <lha@stacken.kth.se>
-
- * ank.c: add setting of expiration and password expiration
-
- * kadmin_locl.h: update util.c prototypes
-
- * util.c: move-around. clean-up, rename, make consistent (and
- some other weird stuff). based on patches from Love
- <lha@stacken.kth.se>
-
- * version4.c (kadm_ser_cpw): initialize password
- (handle_v4): remove unused variable `ret'
-
-1999-08-16 Assar Westerlund <assar@sics.se>
-
- * version4.c (handle_v4): more error checking and more correct
- error messages
-
- * server.c (v5_loop, kadmind_loop): more error checking and more
- correct error messages
-
-1999-07-24 Assar Westerlund <assar@sics.se>
-
- * util.c (str2timeval, edit_time): functions for parsing and
- editing times. Based on patches from Love <lha@stacken.kth.se>.
- (edit_entry): call new functions
-
- * mod.c (mod_entry): allow modifying expiration times
-
- * kadmin_locl.h (str2timeval): add prototype
-
- * ank.c (add_one_principal): allow setting expiration times
-
-1999-07-03 Assar Westerlund <assar@sics.se>
-
- * server.c (v5_loop): handle data allocation with krb5_data_alloc
- and check return value
-
-1999-06-23 Assar Westerlund <assar@sics.se>
-
- * version4.c (kadm_ser_cpw): read the key in the strange order
- it's sent
-
- * util.c (edit_entry): look at default
- (edit_time): always set mask even if value == 0
-
- * kadmin_locl.h (edit_entry): update
-
- * ank.c: make ank use the values of the default principal for
- prompting
-
- * version4.c (values_to_ent): convert key data correctly
-
-1999-05-23 Assar Westerlund <assar@sics.se>
-
- * init.c (create_random_entry): more correct setting of mask
-
-1999-05-21 Assar Westerlund <assar@sics.se>
-
- * server.c (handle_v5): read sendauth version correctly.
-
-1999-05-14 Assar Westerlund <assar@sics.se>
-
- * version4.c (error_code): try to handle really old krb4
- distributions
-
-1999-05-11 Assar Westerlund <assar@sics.se>
-
- * init.c (init): initialize realm_max_life and realm_max_rlife
-
-1999-05-07 Assar Westerlund <assar@sics.se>
-
- * ank.c (add_new_key): initialize more variables
-
-1999-05-04 Assar Westerlund <assar@sics.se>
-
- * version4.c (kadm_ser_cpw): always allow a user to change her
- password
- (kadm_ser_*): make logging work
- clean-up and restructure
-
- * kadmin_locl.h (set_entry): add prototype
-
- * kadmin.c (usage): update usage string
-
- * init.c (init): new arguments realm-max-ticket-life and
- realm-max-renewable-life
-
- * util.c (edit_time, edit_attributes): don't do anything if it's
- already set
- (set_entry): new function
-
- * ank.c (add_new_key): new options for setting max-ticket-life,
- max-renewable-life, and attributes
-
- * server.c (v5_loop): remove unused variable
-
- * kadmin_locl.h: add prototypes
-
- * version4.c: re-insert krb_err.h and other miss
-
- * server.c (kadmind_loop): break-up and restructure
-
- * version4.c: add ACL checks more error code checks restructure
-
-1999-05-03 Johan Danielsson <joda@pdc.kth.se>
-
- * load.c: check for (un-)encrypted keys
-
- * dump.c: use hdb_print_entry
-
- * version4.c: version 4 support
-
- * Makefile.am: link with krb4
-
- * kadmin_locl.h: include <sys/un.h>
-
- * server.c: move from lib/kadm5, and add basic support for krb4
- kadmin protocol
-
- * kadmind.c: move recvauth to kadmind_loop()
diff --git a/crypto/heimdal/kadmin/Makefile.am b/crypto/heimdal/kadmin/Makefile.am
deleted file mode 100644
index 3e9e4066fb6a..000000000000
--- a/crypto/heimdal/kadmin/Makefile.am
+++ /dev/null
@@ -1,74 +0,0 @@
-# $Id: Makefile.am,v 1.34 2001/08/28 08:31:26 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-kadmin_SOURCES = \
- ank.c \
- cpw.c \
- del.c \
- del_enctype.c \
- dump.c \
- ext.c \
- get.c \
- init.c \
- kadmin.c \
- load.c \
- mod.c \
- rename.c \
- util.c \
- random_password.c \
- kadmin_locl.h
-
-if KRB4
-KRB4LIB = $(LIB_krb4)
-version4_c = version4.c
-endif
-
-kadmind_SOURCES = \
- kadmind.c \
- server.c \
- kadmin_locl.h \
- $(version4_c) \
- kadm_conn.c
-
-EXTRA_kadmind_SOURCES = version4.c
-
-add_random_users_SOURCES = add-random-users.c
-
-LDADD_common = \
- $(top_builddir)/lib/hdb/libhdb.la \
- $(LIB_openldap) \
- $(top_builddir)/lib/krb5/libkrb5.la \
- $(LIB_des) \
- $(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken) \
- $(DBLIB)
-
-kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(LDADD_common) \
- $(LIB_pidfile) \
- $(LIB_dlopen)
-
-kadmin_LDADD = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(top_builddir)/lib/sl/libsl.la \
- $(LIB_readline) \
- $(LDADD_common) \
- $(LIB_dlopen)
-
-add_random_users_LDADD = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(LDADD_common) \
- $(LIB_dlopen)
diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in
deleted file mode 100644
index d2578f5df9b8..000000000000
--- a/crypto/heimdal/kadmin/Makefile.in
+++ /dev/null
@@ -1,771 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.34 2001/08/28 08:31:26 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-kadmin_SOURCES = \
- ank.c \
- cpw.c \
- del.c \
- del_enctype.c \
- dump.c \
- ext.c \
- get.c \
- init.c \
- kadmin.c \
- load.c \
- mod.c \
- rename.c \
- util.c \
- random_password.c \
- kadmin_locl.h
-
-
-@KRB4_TRUE@KRB4LIB = $(LIB_krb4)
-@KRB4_TRUE@version4_c = version4.c
-
-kadmind_SOURCES = \
- kadmind.c \
- server.c \
- kadmin_locl.h \
- $(version4_c) \
- kadm_conn.c
-
-
-EXTRA_kadmind_SOURCES = version4.c
-
-add_random_users_SOURCES = add-random-users.c
-
-LDADD_common = \
- $(top_builddir)/lib/hdb/libhdb.la \
- $(LIB_openldap) \
- $(top_builddir)/lib/krb5/libkrb5.la \
- $(LIB_des) \
- $(top_builddir)/lib/asn1/libasn1.la \
- $(LIB_roken) \
- $(DBLIB)
-
-
-kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(LDADD_common) \
- $(LIB_pidfile) \
- $(LIB_dlopen)
-
-
-kadmin_LDADD = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(top_builddir)/lib/sl/libsl.la \
- $(LIB_readline) \
- $(LDADD_common) \
- $(LIB_dlopen)
-
-
-add_random_users_LDADD = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(LDADD_common) \
- $(LIB_dlopen)
-
-subdir = kadmin
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = kadmind$(EXEEXT)
-noinst_PROGRAMS = add_random_users$(EXEEXT)
-sbin_PROGRAMS = kadmin$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-
-am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
-add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
-add_random_users_DEPENDENCIES = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(top_builddir)/lib/hdb/libhdb.la \
- $(top_builddir)/lib/krb5/libkrb5.la \
- $(top_builddir)/lib/asn1/libasn1.la
-add_random_users_LDFLAGS =
-am_kadmin_OBJECTS = ank.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
- del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
- get.$(OBJEXT) init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) \
- mod.$(OBJEXT) rename.$(OBJEXT) util.$(OBJEXT) \
- random_password.$(OBJEXT)
-kadmin_OBJECTS = $(am_kadmin_OBJECTS)
-kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/kadm5/libkadm5srv.la \
- $(top_builddir)/lib/sl/libsl.la \
- $(top_builddir)/lib/hdb/libhdb.la \
- $(top_builddir)/lib/krb5/libkrb5.la \
- $(top_builddir)/lib/asn1/libasn1.la
-kadmin_LDFLAGS =
-@KRB4_TRUE@am__objects_4 = version4.$(OBJEXT)
-am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) $(am__objects_4) \
- kadm_conn.$(OBJEXT)
-kadmind_OBJECTS = $(am_kadmind_OBJECTS)
-@KRB4_TRUE@kadmind_DEPENDENCIES = \
-@KRB4_TRUE@ $(top_builddir)/lib/kadm5/libkadm5srv.la \
-@KRB4_TRUE@ $(top_builddir)/lib/hdb/libhdb.la \
-@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@kadmind_DEPENDENCIES = \
-@KRB4_FALSE@ $(top_builddir)/lib/kadm5/libkadm5srv.la \
-@KRB4_FALSE@ $(top_builddir)/lib/hdb/libhdb.la \
-@KRB4_FALSE@ $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la
-kadmind_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
- $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) \
- $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
- cd $(top_srcdir) && \
- $(AUTOMAKE) --foreign kadmin/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
- @$(NORMAL_INSTALL)
- $(mkinstalldirs) $(DESTDIR)$(libexecdir)
- @list='$(libexec_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
- f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
- else :; fi; \
- done
-
-uninstall-libexecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(libexec_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- f=`echo "$$f" | sed -e 's,^.*/,,'`; \
- echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
- rm -f $(DESTDIR)$(libexecdir)/$$f; \
- done
-
-clean-libexecPROGRAMS:
- -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-
-clean-noinstPROGRAMS:
- -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
- @$(NORMAL_INSTALL)
- $(mkinstalldirs) $(DESTDIR)$(sbindir)
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
- f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
- else :; fi; \
- done
-
-uninstall-sbinPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- f=`echo "$$f" | sed -e 's,^.*/,,'`; \
- echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
- rm -f $(DESTDIR)$(sbindir)/$$f; \
- done
-
-clean-sbinPROGRAMS:
- -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
-add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES)
- @rm -f add_random_users$(EXEEXT)
- $(LINK) $(add_random_users_LDFLAGS) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
-kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES)
- @rm -f kadmin$(EXEEXT)
- $(LINK) $(kadmin_LDFLAGS) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
-kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES)
- @rm -f kadmind$(EXEEXT)
- $(LINK) $(kadmind_LDFLAGS) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
- -rm -f *.tab.c
-
-.c.o:
- $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
- $(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
- $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-distclean-libtool:
- -rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
- @$(NORMAL_INSTALL)
- $(mkinstalldirs) $(DESTDIR)$(man8dir)
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
- $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
- done
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
- rm -f $(DESTDIR)$(man8dir)/$$inst; \
- done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) ' { files[$$0] = 1; } \
- END { for (i in files) print i; }'`; \
- mkid -fID $$unique
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- tags=; \
- here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) ' { files[$$0] = 1; } \
- END { for (i in files) print i; }'`; \
- test -z "$(ETAGS_ARGS)$$tags$$unique" \
- || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
- @for file in $(DISTFILES); do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test "$$dir" != "$$file" && test "$$dir" != "."; then \
- dir="/$$dir"; \
- $(mkinstalldirs) "$(distdir)$$dir"; \
- else \
- dir=''; \
- fi; \
- if test -d $$d/$$file; then \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
- fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
- else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
- || exit 1; \
- fi; \
- done
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="${top_distdir}" distdir="$(distdir)" \
- dist-hook
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
- $(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
- clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
- uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
- clean-generic clean-libexecPROGRAMS clean-libtool \
- clean-noinstPROGRAMS clean-sbinPROGRAMS distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am info info-am install \
- install-am install-data install-data-am install-data-local \
- install-exec install-exec-am install-info install-info-am \
- install-libexecPROGRAMS install-man install-man8 \
- install-sbinPROGRAMS install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool tags uninstall uninstall-am \
- uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
- uninstall-man8 uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
- @foo='$(bin_SUIDS)'; \
- for file in $$foo; do \
- x=$(DESTDIR)$(bindir)/$$file; \
- if chown 0:0 $$x && chmod u+s $$x; then :; else \
- echo "*"; \
- echo "* Failed to install $$x setuid root"; \
- echo "*"; \
- fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
- @foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
- for f in $$foo; do \
- f=`basename $$f`; \
- if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
- else file="$$f"; fi; \
- if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
- : ; else \
- echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f; \
- fi ; \
- done
-
-all-local: install-build-headers
-
-check-local::
- @if test '$(CHECK_LOCAL)'; then \
- foo='$(CHECK_LOCAL)'; else \
- foo='$(PROGRAMS)'; fi; \
- if test "$$foo"; then \
- failed=0; all=0; \
- for i in $$foo; do \
- all=`expr $$all + 1`; \
- if ./$$i --version > /dev/null 2>&1; then \
- echo "PASS: $$i"; \
- else \
- echo "FAIL: $$i"; \
- failed=`expr $$failed + 1`; \
- fi; \
- done; \
- if test "$$failed" -eq 0; then \
- banner="All $$all tests passed"; \
- else \
- banner="$$failed of $$all tests failed"; \
- fi; \
- dashes=`echo "$$banner" | sed s/./=/g`; \
- echo "$$dashes"; \
- echo "$$banner"; \
- echo "$$dashes"; \
- test "$$failed" -eq 0; \
- fi
-
-.x.c:
- @cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
- $(NROFF_MAN) $< > $@
-.3.cat3:
- $(NROFF_MAN) $< > $@
-.5.cat5:
- $(NROFF_MAN) $< > $@
-.8.cat8:
- $(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
- @foo='$(man1_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.1) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat3-mans:
- @foo='$(man3_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.3) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat5-mans:
- @foo='$(man5_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.5) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat8-mans:
- @foo='$(man8_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.8) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
- $(COMPILE_ET) $<
-.et.c:
- $(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c
deleted file mode 100644
index ebd114945d60..000000000000
--- a/crypto/heimdal/kadmin/add-random-users.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: add-random-users.c,v 1.6 2001/09/20 09:17:33 assar Exp $");
-
-#define WORDS_FILENAME "/usr/share/dict/words"
-
-#define NUSERS 1000
-
-#define WORDBUF_SIZE 65535
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
- unsigned n, alloc;
- FILE *f;
- char buf[256];
- char **w = NULL;
- char *wbuf = NULL, *wptr = NULL, *wend = NULL;
-
- f = fopen (filename, "r");
- if (f == NULL)
- err (1, "cannot open %s", filename);
- alloc = n = 0;
- while (fgets (buf, sizeof(buf), f) != NULL) {
- size_t len;
-
- if (buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
- if (n >= alloc) {
- alloc = max(alloc + 16, alloc * 2);
- w = erealloc (w, alloc * sizeof(char **));
- }
- len = strlen(buf);
- if (wptr + len + 1 >= wend) {
- wptr = wbuf = emalloc (WORDBUF_SIZE);
- wend = wbuf + WORDBUF_SIZE;
- }
- memmove (wptr, buf, len + 1);
- w[n++] = wptr;
- wptr += len + 1;
- }
- *ret_w = w;
- return n;
-}
-
-static void
-add_user (krb5_context context, void *kadm_handle,
- unsigned nwords, char **words)
-{
- kadm5_principal_ent_rec princ;
- char name[64];
- int r1, r2;
- krb5_error_code ret;
- int mask;
-
- r1 = rand();
- r2 = rand();
-
- snprintf (name, sizeof(name), "%s%d", words[r1 % nwords], r2 % 1000);
-
- mask = KADM5_PRINCIPAL;
-
- memset(&princ, 0, sizeof(princ));
- ret = krb5_parse_name(context, name, &princ.principal);
- if (ret)
- krb5_err(context, 1, ret, "krb5_parse_name");
-
- ret = kadm5_create_principal (kadm_handle, &princ, mask, name);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_create_principal");
- kadm5_free_principal_ent(kadm_handle, &princ);
- printf ("%s\n", name);
-}
-
-static void
-add_users (const char *filename, unsigned n)
-{
- krb5_error_code ret;
- int i;
- void *kadm_handle;
- krb5_context context;
- unsigned nwords;
- char **words;
-
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
- ret = kadm5_s_init_with_password_ctx(context,
- KADM5_ADMIN_SERVICE,
- NULL,
- KADM5_ADMIN_SERVICE,
- NULL, 0, 0,
- &kadm_handle);
- if(ret)
- krb5_err(context, 1, ret, "kadm5_init_with_password");
-
- nwords = read_words (filename, &words);
-
- for (i = 0; i < n; ++i)
- add_user (context, kadm_handle, nwords, words);
- kadm5_destroy(kadm_handle);
- krb5_free_context(context);
-}
-
-static int version_flag = 0;
-static int help_flag = 0;
-
-static struct getargs args[] = {
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
- arg_printusage (args,
- sizeof(args)/sizeof(*args),
- NULL,
- "[filename [n]]");
- exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
- int optind = 0;
- int n = NUSERS;
- const char *filename = WORDS_FILENAME;
-
- setprogname(argv[0]);
- if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
- usage(1);
- if (help_flag)
- usage (0);
- if (version_flag) {
- print_version(NULL);
- return 0;
- }
- srand (0);
- argc -= optind;
- argv += optind;
-
- if (argc > 0) {
- if (argc > 1)
- n = atoi(argv[1]);
- filename = argv[0];
- }
-
- add_users (filename, n);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c
deleted file mode 100644
index 0dfdfad06375..000000000000
--- a/crypto/heimdal/kadmin/ank.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: ank.c,v 1.23 2002/06/07 19:05:38 nectar Exp $");
-
-/*
- * fetch the default principal corresponding to `princ'
- */
-
-static krb5_error_code
-get_default (kadm5_server_context *context,
- krb5_principal princ,
- kadm5_principal_ent_t default_ent)
-{
- krb5_error_code ret;
- krb5_principal def_principal;
- krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
- ret = krb5_make_principal (context->context, &def_principal,
- *realm, "default", NULL);
- if (ret)
- return ret;
- ret = kadm5_get_principal (context, def_principal, default_ent,
- KADM5_PRINCIPAL_NORMAL_MASK);
- krb5_free_principal (context->context, def_principal);
- return ret;
-}
-
-/*
- * Add the principal `name' to the database.
- * Prompt for all data not given by the input parameters.
- */
-
-static krb5_error_code
-add_one_principal (const char *name,
- int rand_key,
- int rand_password,
- int use_defaults,
- char *password,
- krb5_key_data *key_data,
- const char *max_ticket_life,
- const char *max_renewable_life,
- const char *attributes,
- const char *expiration,
- const char *pw_expiration)
-{
- krb5_error_code ret;
- kadm5_principal_ent_rec princ, defrec;
- kadm5_principal_ent_rec *default_ent = NULL;
- krb5_principal princ_ent = NULL;
- int mask = 0;
- int default_mask = 0;
- char pwbuf[1024];
-
- memset(&princ, 0, sizeof(princ));
- ret = krb5_parse_name(context, name, &princ_ent);
- if (ret) {
- krb5_warn(context, ret, "krb5_parse_name");
- return ret;
- }
- princ.principal = princ_ent;
- mask |= KADM5_PRINCIPAL;
-
- ret = set_entry(context, &princ, &mask,
- max_ticket_life, max_renewable_life,
- expiration, pw_expiration, attributes);
- if (ret)
- goto out;
-
- default_ent = &defrec;
- ret = get_default (kadm_handle, princ_ent, default_ent);
- if (ret) {
- default_ent = NULL;
- default_mask = 0;
- } else {
- default_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
- KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION;
- }
-
- if(use_defaults)
- set_defaults(&princ, &mask, default_ent, default_mask);
- else
- edit_entry(&princ, &mask, default_ent, default_mask);
- if(rand_key || key_data) {
- princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- mask |= KADM5_ATTRIBUTES;
- strlcpy (pwbuf, "hemlig", sizeof(pwbuf));
- password = pwbuf;
- } else if (rand_password) {
- random_password (pwbuf, sizeof(pwbuf));
- password = pwbuf;
- } else if(password == NULL) {
- char *princ_name;
- char *prompt;
-
- krb5_unparse_name(context, princ_ent, &princ_name);
- asprintf (&prompt, "%s's Password: ", princ_name);
- free (princ_name);
- ret = des_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
- free (prompt);
- if (ret)
- goto out;
- password = pwbuf;
- }
-
- ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
- if(ret)
- krb5_warn(context, ret, "kadm5_create_principal");
- if(rand_key) {
- krb5_keyblock *new_keys;
- int n_keys, i;
- ret = kadm5_randkey_principal(kadm_handle, princ_ent,
- &new_keys, &n_keys);
- if(ret){
- krb5_warn(context, ret, "kadm5_randkey_principal");
- n_keys = 0;
- }
- for(i = 0; i < n_keys; i++)
- krb5_free_keyblock_contents(context, &new_keys[i]);
- if (n_keys > 0)
- free(new_keys);
- kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
- princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
- princ.kvno = 1;
- kadm5_modify_principal(kadm_handle, &princ,
- KADM5_ATTRIBUTES | KADM5_KVNO);
- kadm5_free_principal_ent(kadm_handle, &princ);
- } else if (key_data) {
- ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
- 3, key_data);
- if (ret) {
- krb5_warn(context, ret, "kadm5_chpass_principal_with_key");
- }
- kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
- princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
- kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
- kadm5_free_principal_ent(kadm_handle, &princ);
- } else if (rand_password) {
- char *princ_name;
-
- krb5_unparse_name(context, princ_ent, &princ_name);
- printf ("added %s with password `%s'\n", princ_name, password);
- free (princ_name);
- }
-out:
- if (princ_ent)
- krb5_free_principal (context, princ_ent);
- if(default_ent)
- kadm5_free_principal_ent (context, default_ent);
- if (password != NULL)
- memset (password, 0, strlen(password));
- return ret;
-}
-
-/*
- * parse the string `key_string' into `key', returning 0 iff succesful.
- */
-
-/*
- * the ank command
- */
-
-static struct getargs args[] = {
- { "random-key", 'r', arg_flag, NULL, "set random key" },
- { "random-password", 0, arg_flag, NULL, "set random password" },
- { "password", 'p', arg_string, NULL, "princial's password" },
- { "key", 0, arg_string, NULL, "DES-key in hex" },
- { "max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
- "lifetime"},
- { "max-renewable-life", 0, arg_string, NULL,
- "max renewable lifetime", "lifetime" },
- { "attributes", 0, arg_string, NULL, "principal attributes",
- "attributes"},
- { "expiration-time",0, arg_string, NULL, "expiration time",
- "time"},
- { "pw-expiration-time", 0, arg_string, NULL,
- "password expiration time", "time"},
- { "use-defaults", 0, arg_flag, NULL, "use default values" }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage (args, num_args, "add", "principal...");
-}
-
-/*
- * Parse arguments and add all the principals.
- */
-
-int
-add_new_key(int argc, char **argv)
-{
- char *password = NULL;
- char *key = NULL;
- int random_key = 0;
- int random_password = 0;
- int optind = 0;
- krb5_error_code ret;
- char *max_ticket_life = NULL;
- char *max_renewable_life = NULL;
- char *attributes = NULL;
- char *expiration = NULL;
- char *pw_expiration = NULL;
- int use_defaults = 0;
- int i;
- int num;
- krb5_key_data key_data[3];
- krb5_key_data *kdp = NULL;
-
- args[0].value = &random_key;
- args[1].value = &random_password;
- args[2].value = &password;
- args[3].value = &key;
- args[4].value = &max_ticket_life;
- args[5].value = &max_renewable_life;
- args[6].value = &attributes;
- args[7].value = &expiration;
- args[8].value = &pw_expiration;
- args[9].value = &use_defaults;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ();
- return 0;
- }
- if(optind == argc) {
- usage ();
- return 0;
- }
-
- num = 0;
- if (random_key)
- ++num;
- if (random_password)
- ++num;
- if (password)
- ++num;
- if (key)
- ++num;
-
- if (num > 1) {
- printf ("give only one of "
- "--random-key, --random-password, --password, --key\n");
- return 0;
- }
-
- if (key) {
- const char *error;
-
- if (parse_des_key (key, key_data, &error)) {
- printf ("failed parsing key `%s': %s\n", key, error);
- return 0;
- }
- kdp = key_data;
- }
-
- for (i = optind; i < argc; ++i) {
- ret = add_one_principal (argv[i], random_key, random_password,
- use_defaults,
- password,
- kdp,
- max_ticket_life,
- max_renewable_life,
- attributes,
- expiration,
- pw_expiration);
- if (ret) {
- krb5_warn (context, ret, "adding %s", argv[i]);
- break;
- }
- }
- if (kdp) {
- int16_t dummy = 3;
- kadm5_free_key_data (kadm_handle, &dummy, key_data);
- }
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c
deleted file mode 100644
index 50c1cb27ebd8..000000000000
--- a/crypto/heimdal/kadmin/cpw.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: cpw.c,v 1.13 2001/08/10 08:05:35 joda Exp $");
-
-struct cpw_entry_data {
- int random_key;
- int random_password;
- char *password;
- krb5_key_data *key_data;
-};
-
-static struct getargs args[] = {
- { "random-key", 'r', arg_flag, NULL, "set random key" },
- { "random-password", 0, arg_flag, NULL, "set random password" },
- { "password", 'p', arg_string, NULL, "princial's password" },
- { "key", 0, arg_string, NULL, "DES key in hex" }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage(args, num_args, "passwd", "principal...");
-}
-
-static int
-set_random_key (krb5_principal principal)
-{
- krb5_error_code ret;
- int i;
- krb5_keyblock *keys;
- int num_keys;
-
- ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
- if(ret)
- return ret;
- for(i = 0; i < num_keys; i++)
- krb5_free_keyblock_contents(context, &keys[i]);
- free(keys);
- return 0;
-}
-
-static int
-set_random_password (krb5_principal principal)
-{
- krb5_error_code ret;
- char pw[128];
-
- random_password (pw, sizeof(pw));
- ret = kadm5_chpass_principal(kadm_handle, principal, pw);
- if (ret == 0) {
- char *princ_name;
-
- krb5_unparse_name(context, principal, &princ_name);
-
- printf ("%s's password set to `%s'\n", princ_name, pw);
- free (princ_name);
- }
- memset (pw, 0, sizeof(pw));
- return ret;
-}
-
-static int
-set_password (krb5_principal principal, char *password)
-{
- krb5_error_code ret = 0;
- char pwbuf[128];
-
- if(password == NULL) {
- char *princ_name;
- char *prompt;
-
- krb5_unparse_name(context, principal, &princ_name);
- asprintf(&prompt, "%s's Password: ", princ_name);
- free (princ_name);
- ret = des_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
- free (prompt);
- if(ret){
- return 0; /* XXX error code? */
- }
- password = pwbuf;
- }
- if(ret == 0)
- ret = kadm5_chpass_principal(kadm_handle, principal, password);
- memset(pwbuf, 0, sizeof(pwbuf));
- return ret;
-}
-
-static int
-set_key_data (krb5_principal principal, krb5_key_data *key_data)
-{
- krb5_error_code ret;
-
- ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
- 3, key_data);
- return ret;
-}
-
-static int
-do_cpw_entry(krb5_principal principal, void *data)
-{
- struct cpw_entry_data *e = data;
-
- if (e->random_key)
- return set_random_key (principal);
- else if (e->random_password)
- return set_random_password (principal);
- else if (e->key_data)
- return set_key_data (principal, e->key_data);
- else
- return set_password (principal, e->password);
-}
-
-int
-cpw_entry(int argc, char **argv)
-{
- krb5_error_code ret;
- int i;
- int optind = 0;
- struct cpw_entry_data data;
- int num;
- char *key_string;
- krb5_key_data key_data[3];
-
- data.random_key = 0;
- data.random_password = 0;
- data.password = NULL;
- data.key_data = NULL;
-
- key_string = NULL;
-
- args[0].value = &data.random_key;
- args[1].value = &data.random_password;
- args[2].value = &data.password;
- args[3].value = &key_string;
- if(getarg(args, num_args, argc, argv, &optind)){
- usage();
- return 0;
- }
-
- num = 0;
- if (data.random_key)
- ++num;
- if (data.random_password)
- ++num;
- if (data.password)
- ++num;
- if (key_string)
- ++num;
-
- if (num > 1) {
- printf ("give only one of "
- "--random-key, --random-password, --password, --key\n");
- return 0;
- }
-
- if (key_string) {
- const char *error;
-
- if (parse_des_key (key_string, key_data, &error)) {
- printf ("failed parsing key `%s': %s\n", key_string, error);
- return 0;
- }
- data.key_data = key_data;
- }
-
- argc -= optind;
- argv += optind;
-
- for(i = 0; i < argc; i++)
- ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
-
- if (data.key_data) {
- int16_t dummy;
- kadm5_free_key_data (kadm_handle, &dummy, key_data);
- }
-
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c
deleted file mode 100644
index 1697656de2db..000000000000
--- a/crypto/heimdal/kadmin/del.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: del.c,v 1.6 2001/05/07 05:30:50 assar Exp $");
-
-static int
-do_del_entry(krb5_principal principal, void *data)
-{
- return kadm5_delete_principal(kadm_handle, principal);
-}
-
-static struct getargs args[] = {
- { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage (args, num_args, "delete", "principal...");
-}
-
-
-int
-del_entry(int argc, char **argv)
-{
- int optind = 0;
- int help_flag = 0;
-
- int i;
- krb5_error_code ret;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ();
- return 0;
- }
- if(optind == argc || help_flag) {
- usage ();
- return 0;
- }
-
- for(i = 1; i < argc; i++)
- ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c
deleted file mode 100644
index 985cc84f37a5..000000000000
--- a/crypto/heimdal/kadmin/del_enctype.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1999-2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: del_enctype.c,v 1.7 2001/04/19 07:26:52 joda Exp $");
-
-/*
- * del_enctype principal enctypes...
- */
-
-static struct getargs args[] = {
- { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage (args, num_args, "del_enctype", "principal enctypes...");
-}
-
-
-int
-del_enctype(int argc, char **argv)
-{
- int optind = 0;
- int help_flag = 0;
-
- kadm5_principal_ent_rec princ;
- krb5_principal princ_ent = NULL;
- krb5_error_code ret;
- const char *princ_name;
- int i, j, k;
- krb5_key_data *new_key_data;
- int n_etypes;
- krb5_enctype *etypes;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ();
- return 0;
- }
- if(argc - optind < 2 || help_flag) {
- usage ();
- return 0;
- }
-
- memset (&princ, 0, sizeof(princ));
- princ_name = argv[1];
- n_etypes = argc - 2;
- etypes = malloc (n_etypes * sizeof(*etypes));
- if (etypes == NULL) {
- krb5_warnx (context, "out of memory");
- return 0;
- }
- for (i = 0; i < n_etypes; ++i) {
- ret = krb5_string_to_enctype (context, argv[i + 2], &etypes[i]);
- if (ret) {
- krb5_warnx (context, "bad enctype `%s'", argv[i + 2]);
- goto out2;
- }
- }
-
- ret = krb5_parse_name(context, princ_name, &princ_ent);
- if (ret) {
- krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
- goto out2;
- }
-
- ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_KEY_DATA);
- if (ret) {
- krb5_free_principal (context, princ_ent);
- krb5_warnx (context, "no such principal: %s", princ_name);
- goto out2;
- }
-
- new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data));
- if (new_key_data == NULL) {
- krb5_warnx (context, "out of memory");
- goto out;
- }
-
- for (i = 0, j = 0; i < princ.n_key_data; ++i) {
- krb5_key_data *key = &princ.key_data[i];
- int docopy = 1;
-
- for (k = 0; k < n_etypes; ++k)
- if (etypes[k] == key->key_data_type[0]) {
- docopy = 0;
- break;
- }
- if (docopy) {
- new_key_data[j++] = *key;
- } else {
- int16_t ignore = 1;
-
- kadm5_free_key_data (kadm_handle, &ignore, key);
- }
- }
-
- free (princ.key_data);
- princ.n_key_data = j;
- princ.key_data = new_key_data;
-
- ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
- if (ret)
- krb5_warn(context, ret, "kadm5_modify_principal");
-out:
- krb5_free_principal (context, princ_ent);
- kadm5_free_principal_ent(kadm_handle, &princ);
-out2:
- free (etypes);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/dump.c b/crypto/heimdal/kadmin/dump.c
deleted file mode 100644
index a57309c593c3..000000000000
--- a/crypto/heimdal/kadmin/dump.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: dump.c,v 1.26 1999/12/02 17:04:58 joda Exp $");
-
-int
-dump(int argc, char **argv)
-{
- krb5_error_code ret;
- FILE *f;
- HDB *db = _kadm5_s_get_db(kadm_handle);
- int decrypt = 0;
- int optind = 0;
-
- struct getargs args[] = {
- { "decrypt", 'd', arg_flag, NULL, "decrypt keys" }
- };
- args[0].value = &decrypt;
-
- if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) {
- arg_printusage(args, sizeof(args) / sizeof(args[0]), "kadmin dump",
- "[dump-file]");
- return 0;
- }
-
- argc -= optind;
- argv += optind;
- if(argc < 1)
- f = stdout;
- else
- f = fopen(argv[0], "w");
-
- ret = db->open(context, db, O_RDONLY, 0600);
- if(ret){
- krb5_warn(context, ret, "hdb_open");
- if(f != stdout)
- fclose(f);
- return 0;
- }
-
- hdb_foreach(context, db, decrypt ? HDB_F_DECRYPT : 0, hdb_print_entry, f);
-
- if(f != stdout)
- fclose(f);
- db->close(context, db);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c
deleted file mode 100644
index c945fea4c44c..000000000000
--- a/crypto/heimdal/kadmin/ext.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: ext.c,v 1.8 2002/02/11 14:29:52 joda Exp $");
-
-struct ext_keytab_data {
- krb5_keytab keytab;
-};
-
-static struct getargs args[] = {
- { "keytab", 'k', arg_string, NULL, "keytab to use" },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage(args, num_args, "ext", "principal...");
-}
-
-static int
-do_ext_keytab(krb5_principal principal, void *data)
-{
- krb5_error_code ret;
- int i;
- kadm5_principal_ent_rec princ;
- struct ext_keytab_data *e = data;
-
- ret = kadm5_get_principal(kadm_handle, principal, &princ,
- KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
- if(ret)
- return ret;
- for(i = 0; i < princ.n_key_data; i++){
- krb5_keytab_entry key;
- krb5_key_data *k = &princ.key_data[i];
- key.principal = princ.principal;
- key.vno = k->key_data_kvno;
- key.keyblock.keytype = k->key_data_type[0];
- key.keyblock.keyvalue.length = k->key_data_length[0];
- key.keyblock.keyvalue.data = k->key_data_contents[0];
- key.timestamp = time(NULL);
- ret = krb5_kt_add_entry(context, e->keytab, &key);
- if(ret)
- krb5_warn(context, ret, "krb5_kt_add_entry");
- }
- kadm5_free_principal_ent(kadm_handle, &princ);
- return 0;
-}
-
-int
-ext_keytab(int argc, char **argv)
-{
- krb5_error_code ret;
- int i;
- int optind = 0;
- char *keytab = NULL;
- struct ext_keytab_data data;
-
- args[0].value = &keytab;
- if(getarg(args, num_args, argc, argv, &optind)){
- usage();
- return 0;
- }
- if (keytab == NULL)
- ret = krb5_kt_default(context, &data.keytab);
- else
- ret = krb5_kt_resolve(context, keytab, &data.keytab);
-
- if(ret){
- krb5_warn(context, ret, "krb5_kt_resolve");
- return 0;
- }
-
- argc -= optind;
- argv += optind;
-
- for(i = 0; i < argc; i++)
- foreach_principal(argv[i], do_ext_keytab, "ext", &data);
-
- krb5_kt_close(context, data.keytab);
-
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
deleted file mode 100644
index 30eea9dfcfc6..000000000000
--- a/crypto/heimdal/kadmin/get.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <parse_units.h>
-
-RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $");
-
-struct get_entry_data {
- void (*header)(void);
- void (*format)(kadm5_principal_ent_t);
-};
-
-static void
-print_entry_terse(kadm5_principal_ent_t princ)
-{
- char *p;
- krb5_unparse_name(context, princ->principal, &p);
- printf(" %s\n", p);
- free(p);
-}
-
-static void
-print_header_short(void)
-{
- printf("%-20s ", "Principal");
-
- printf("%-10s ", "Expires");
-
- printf("%-10s ", "PW-exp");
-
- printf("%-10s ", "PW-change");
-
- printf("%-9s ", "Max life");
-
- printf("%-9s ", "Max renew");
-
- printf("\n");
-}
-
-static void
-print_entry_short(kadm5_principal_ent_t princ)
-{
- char buf[1024];
-
- krb5_unparse_name_fixed_short(context, princ->principal, buf, sizeof(buf));
- printf("%-20s ", buf);
-
- time_t2str(princ->princ_expire_time, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- time_t2str(princ->pw_expiration, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- time_t2str(princ->last_pwd_change, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- deltat2str(princ->max_life, buf, sizeof(buf));
- printf("%-9s ", buf);
-
- deltat2str(princ->max_renewable_life, buf, sizeof(buf));
- printf("%-9s ", buf);
-
-#if 0
- time_t2str(princ->mod_date, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
- printf("%-24s", buf);
-#endif
-
- printf("\n");
-}
-
-/*
- * return 0 iff `salt' actually is the same as the current salt in `k'
- */
-
-static int
-cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
-{
- if (salt->salttype != k->key_data_type[1])
- return 1;
- if (salt->saltvalue.length != k->key_data_length[1])
- return 1;
- return memcmp (salt->saltvalue.data, k->key_data_contents[1],
- salt->saltvalue.length);
-}
-
-static void
-print_entry_long(kadm5_principal_ent_t princ)
-{
- char buf[1024];
- int i;
- krb5_salt def_salt;
-
- krb5_unparse_name_fixed(context, princ->principal, buf, sizeof(buf));
- printf("%24s: %s\n", "Principal", buf);
- time_t2str(princ->princ_expire_time, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Principal expires", buf);
-
- time_t2str(princ->pw_expiration, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Password expires", buf);
-
- time_t2str(princ->last_pwd_change, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last password change", buf);
-
- deltat2str(princ->max_life, buf, sizeof(buf));
- printf("%24s: %s\n", "Max ticket life", buf);
-
- deltat2str(princ->max_renewable_life, buf, sizeof(buf));
- printf("%24s: %s\n", "Max renewable life", buf);
- printf("%24s: %d\n", "Kvno", princ->kvno);
- printf("%24s: %d\n", "Mkvno", princ->mkvno);
- printf("%24s: %s\n", "Policy", princ->policy ? princ->policy : "none");
- time_t2str(princ->last_success, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last successful login", buf);
- time_t2str(princ->last_failed, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last failed login", buf);
- printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
- time_t2str(princ->mod_date, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last modified", buf);
- if(princ->mod_name != NULL) {
- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
- printf("%24s: %s\n", "Modifier", buf);
- }
- attributes2str (princ->attributes, buf, sizeof(buf));
- printf("%24s: %s\n", "Attributes", buf);
-
- printf("%24s: ", "Keytypes(salttype[(salt-value)])");
-
- krb5_get_pw_salt (context, princ->principal, &def_salt);
-
- for (i = 0; i < princ->n_key_data; ++i) {
- krb5_key_data *k = &princ->key_data[i];
- krb5_error_code ret;
- char *e_string, *s_string, *salt;
-
- ret = krb5_enctype_to_string (context,
- k->key_data_type[0],
- &e_string);
- if (ret)
- asprintf (&e_string, "unknown(%d)", k->key_data_type[0]);
-
- ret = krb5_salttype_to_string (context,
- k->key_data_type[0],
- k->key_data_type[1],
- &s_string);
- if (ret)
- asprintf (&s_string, "unknown(%d)", k->key_data_type[1]);
-
- if (cmp_salt(&def_salt, k) == 0)
- salt = strdup("");
- else if(k->key_data_length[1] == 0)
- salt = strdup("()");
- else
- asprintf (&salt, "(%.*s)", k->key_data_length[1],
- (char *)k->key_data_contents[1]);
-
-
- printf ("%s%s(%s%s)", (i != 0) ? ", " : "", e_string, s_string, salt);
- free (e_string);
- free (s_string);
- free (salt);
- }
- krb5_free_salt (context, def_salt);
- printf("\n\n");
-}
-
-static int
-do_get_entry(krb5_principal principal, void *data)
-{
- kadm5_principal_ent_rec princ;
- krb5_error_code ret;
- struct get_entry_data *e = data;
-
- memset(&princ, 0, sizeof(princ));
- ret = kadm5_get_principal(kadm_handle, principal,
- &princ,
- KADM5_PRINCIPAL_NORMAL_MASK|KADM5_KEY_DATA);
- if(ret)
- return ret;
- else {
- if(e->header) {
- (*e->header)();
- e->header = NULL; /* XXX only once */
- }
- (e->format)(&princ);
- kadm5_free_principal_ent(kadm_handle, &princ);
- }
- return 0;
-}
-
-static int
-getit(const char *name, int terse_flag, int argc, char **argv)
-{
- int i;
- krb5_error_code ret;
- struct get_entry_data data;
- struct getargs args[] = {
- { "long", 'l', arg_flag, NULL, "long format" },
- { "short", 's', arg_flag, NULL, "short format" },
- { "terse", 't', arg_flag, NULL, "terse format" },
- };
- int num_args = sizeof(args) / sizeof(args[0]);
- int optind = 0;
- int long_flag = -1;
- int short_flag = -1;
-
- args[0].value = &long_flag;
- args[1].value = &short_flag;
- args[2].value = &terse_flag;
-
- if(getarg(args, num_args, argc, argv, &optind))
- goto usage;
- if(optind == argc)
- goto usage;
-
- if(long_flag == -1 && (short_flag == 1 || terse_flag == 1))
- long_flag = 0;
- if(short_flag == -1 && (long_flag == 1 || terse_flag == 1))
- short_flag = 0;
- if(terse_flag == -1 && (long_flag == 1 || short_flag == 1))
- terse_flag = 0;
- if(long_flag == 0 && short_flag == 0 && terse_flag == 0)
- short_flag = 1;
-
- if(long_flag) {
- data.format = print_entry_long;
- data.header = NULL;
- } else if(short_flag){
- data.format = print_entry_short;
- data.header = print_header_short;
- } else if(terse_flag) {
- data.format = print_entry_terse;
- data.header = NULL;
- }
-
- argc -= optind;
- argv += optind;
-
- for(i = 0; i < argc; i++)
- ret = foreach_principal(argv[i], do_get_entry, "get", &data);
- return 0;
-usage:
- arg_printusage (args, num_args, name, "principal...");
- return 0;
-}
-
-int
-get_entry(int argc, char **argv)
-{
- return getit("get", 0, argc, argv);
-}
-
-int
-list_princs(int argc, char **argv)
-{
- return getit("list", 1, argc, argv);
-}
diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c
deleted file mode 100644
index 2391a084543f..000000000000
--- a/crypto/heimdal/kadmin/init.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: init.c,v 1.27 2000/09/10 19:20:16 joda Exp $");
-
-static kadm5_ret_t
-create_random_entry(krb5_principal princ,
- unsigned max_life,
- unsigned max_rlife,
- u_int32_t attributes)
-{
- kadm5_principal_ent_rec ent;
- kadm5_ret_t ret;
- int mask = 0;
- krb5_keyblock *keys;
- int n_keys, i;
-
- memset(&ent, 0, sizeof(ent));
- ent.principal = princ;
- mask |= KADM5_PRINCIPAL;
- if (max_life) {
- ent.max_life = max_life;
- mask |= KADM5_MAX_LIFE;
- }
- if (max_rlife) {
- ent.max_renewable_life = max_rlife;
- mask |= KADM5_MAX_RLIFE;
- }
- ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
- mask |= KADM5_ATTRIBUTES;
-
- ret = kadm5_create_principal(kadm_handle, &ent, mask, "hemlig");
- if(ret)
- return ret;
- ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
- if(ret)
- return ret;
- for(i = 0; i < n_keys; i++)
- krb5_free_keyblock_contents(context, &keys[i]);
- free(keys);
- ret = kadm5_get_principal(kadm_handle, princ, &ent,
- KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
- if(ret)
- return ret;
- ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
- ent.kvno = 1;
- ret = kadm5_modify_principal(kadm_handle, &ent,
- KADM5_ATTRIBUTES|KADM5_KVNO);
- kadm5_free_principal_ent (kadm_handle, &ent);
- if(ret)
- return ret;
- return 0;
-}
-
-static struct getargs args[] = {
- { "realm-max-ticket-life", 0, arg_string, NULL,
- "realm max ticket lifetime" },
- { "realm-max-renewable-life", 0, arg_string, NULL,
- "realm max renewable lifetime" },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage (args, num_args, "init", "realm...");
-}
-
-int
-init(int argc, char **argv)
-{
- kadm5_ret_t ret;
- int i;
- char *realm_max_life = NULL;
- char *realm_max_rlife = NULL;
- HDB *db;
- int optind = 0;
- krb5_deltat max_life, max_rlife;
-
- args[0].value = &realm_max_life;
- args[1].value = &realm_max_rlife;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage();
- return 0;
- }
-
- if(argc - optind < 1) {
- usage();
- return 0;
- }
-
- if (realm_max_life) {
- if (str2deltat (realm_max_life, &max_life) != 0) {
- krb5_warnx (context, "unable to parse `%s'", realm_max_life);
- return 0;
- }
- }
- if (realm_max_rlife) {
- if (str2deltat (realm_max_rlife, &max_rlife) != 0) {
- krb5_warnx (context, "unable to parse `%s'", realm_max_rlife);
- return 0;
- }
- }
-
- db = _kadm5_s_get_db(kadm_handle);
-
- ret = db->open(context, db, O_RDWR | O_CREAT, 0600);
- if(ret){
- krb5_warn(context, ret, "hdb_open");
- return 0;
- }
- db->close(context, db);
- for(i = optind; i < argc; i++){
- krb5_principal princ;
- const char *realm = argv[i];
-
- /* Create `krbtgt/REALM' */
- krb5_make_principal(context, &princ, realm,
- KRB5_TGS_NAME, realm, NULL);
- if (realm_max_life == NULL) {
- max_life = 0;
- edit_deltat ("Realm max ticket life", &max_life, NULL, 0);
- }
- if (realm_max_rlife == NULL) {
- max_rlife = 0;
- edit_deltat("Realm max renewable ticket life", &max_rlife,
- NULL, 0);
- }
- create_random_entry(princ, max_life, max_rlife, 0);
- krb5_free_principal(context, princ);
-
- /* Create `kadmin/changepw' */
- krb5_make_principal(context, &princ, realm,
- "kadmin", "changepw", NULL);
- create_random_entry(princ, 5*60, 5*60,
- KRB5_KDB_DISALLOW_TGT_BASED|
- KRB5_KDB_PWCHANGE_SERVICE|
- KRB5_KDB_DISALLOW_POSTDATED|
- KRB5_KDB_DISALLOW_FORWARDABLE|
- KRB5_KDB_DISALLOW_RENEWABLE|
- KRB5_KDB_DISALLOW_PROXIABLE|
- KRB5_KDB_REQUIRES_PRE_AUTH);
- krb5_free_principal(context, princ);
-
- /* Create `kadmin/admin' */
- krb5_make_principal(context, &princ, realm,
- "kadmin", "admin", NULL);
- create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
- krb5_free_principal(context, princ);
-
- /* Create `changepw/kerberos' (for v4 compat) */
- krb5_make_principal(context, &princ, realm,
- "changepw", "kerberos", NULL);
- create_random_entry(princ, 60*60, 60*60,
- KRB5_KDB_DISALLOW_TGT_BASED|
- KRB5_KDB_PWCHANGE_SERVICE);
-
- krb5_free_principal(context, princ);
-
- /* Create `kadmin/hprop' for database propagation */
- krb5_make_principal(context, &princ, realm,
- "kadmin", "hprop", NULL);
- create_random_entry(princ, 60*60, 60*60,
- KRB5_KDB_REQUIRES_PRE_AUTH|
- KRB5_KDB_DISALLOW_TGT_BASED);
- krb5_free_principal(context, princ);
-
- /* Create `default' */
- {
- kadm5_principal_ent_rec ent;
- int mask = 0;
-
- memset (&ent, 0, sizeof(ent));
- mask |= KADM5_PRINCIPAL;
- krb5_make_principal(context, &ent.principal, realm,
- "default", NULL);
- mask |= KADM5_MAX_LIFE;
- ent.max_life = 24 * 60 * 60;
- mask |= KADM5_MAX_RLIFE;
- ent.max_renewable_life = 7 * ent.max_life;
- ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
- mask |= KADM5_ATTRIBUTES;
-
- ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
- if (ret)
- krb5_err (context, 1, ret, "kadm5_create_principal");
-
- krb5_free_principal(context, ent.principal);
- }
- }
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c
deleted file mode 100644
index f2b54de29abc..000000000000
--- a/crypto/heimdal/kadmin/kadm_conn.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-RCSID("$Id: kadm_conn.c,v 1.13.6.1 2002/10/21 14:53:39 joda Exp $");
-
-struct kadm_port {
- char *port;
- unsigned short def_port;
- struct kadm_port *next;
-} *kadm_ports;
-
-static void
-add_kadm_port(krb5_context context, const char *service, unsigned int port)
-{
- struct kadm_port *p;
- p = malloc(sizeof(*p));
- if(p == NULL) {
- krb5_warnx(context, "failed to allocate %lu bytes\n",
- (unsigned long)sizeof(*p));
- return;
- }
-
- p->port = strdup(service);
- p->def_port = port;
-
- p->next = kadm_ports;
- kadm_ports = p;
-}
-
-extern int do_kerberos4;
-
-static void
-add_standard_ports (krb5_context context)
-{
- add_kadm_port(context, "kerberos-adm", 749);
-#ifdef KRB4
- if(do_kerberos4)
- add_kadm_port(context, "kerberos-master", 751);
-#endif
-}
-
-/*
- * parse the set of space-delimited ports in `str' and add them.
- * "+" => all the standard ones
- * otherwise it's port|service[/protocol]
- */
-
-void
-parse_ports(krb5_context context, const char *str)
-{
- char p[128];
-
- while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
- if(strcmp(p, "+") == 0)
- add_standard_ports(context);
- else
- add_kadm_port(context, p, 0);
- }
-}
-
-static pid_t pgrp;
-sig_atomic_t term_flag, doing_useful_work;
-
-static RETSIGTYPE
-sigchld(int sig)
-{
- int status;
- waitpid(-1, &status, 0);
- SIGRETURN(0);
-}
-
-static RETSIGTYPE
-terminate(int sig)
-{
- if(getpid() == pgrp) {
- /* parent */
- term_flag = 1;
- signal(sig, SIG_IGN);
- killpg(pgrp, sig);
- } else {
- /* child */
- if(doing_useful_work)
- term_flag = 1;
- else
- exit(0);
- }
- SIGRETURN(0);
-}
-
-static int
-spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
-{
- int e, i;
- struct sockaddr_storage __ss;
- struct sockaddr *sa = (struct sockaddr *)&__ss;
- socklen_t sa_size = sizeof(__ss);
- int s;
- pid_t pid;
- krb5_address addr;
- char buf[128];
- size_t buf_len;
-
- s = accept(socks[this_sock], sa, &sa_size);
- if(s < 0) {
- krb5_warn(context, errno, "accept");
- return 1;
- }
- e = krb5_sockaddr2address(context, sa, &addr);
- if(e)
- krb5_warn(context, e, "krb5_sockaddr2address");
- else {
- e = krb5_print_address (&addr, buf, sizeof(buf),
- &buf_len);
- if(e)
- krb5_warn(context, e, "krb5_print_address");
- else
- krb5_warnx(context, "connection from %s", buf);
- krb5_free_address(context, &addr);
- }
-
- pid = fork();
- if(pid == 0) {
- for(i = 0; i < num_socks; i++)
- close(socks[i]);
- dup2(s, STDIN_FILENO);
- dup2(s, STDOUT_FILENO);
- if(s != STDIN_FILENO && s != STDOUT_FILENO)
- close(s);
- return 0;
- } else {
- close(s);
- }
- return 1;
-}
-
-static int
-wait_for_connection(krb5_context context,
- int *socks, int num_socks)
-{
- int i, e;
- fd_set orig_read_set, read_set;
- int max_fd = -1;
-
- FD_ZERO(&orig_read_set);
-
- for(i = 0; i < num_socks; i++) {
- if (socks[i] >= FD_SETSIZE)
- errx (1, "fd too large");
- FD_SET(socks[i], &orig_read_set);
- max_fd = max(max_fd, socks[i]);
- }
-
- pgrp = getpid();
-
- if(setpgid(0, pgrp) < 0)
- err(1, "setpgid");
-
- signal(SIGTERM, terminate);
- signal(SIGINT, terminate);
- signal(SIGCHLD, sigchld);
-
- while (term_flag == 0) {
- read_set = orig_read_set;
- e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
- if(e < 0) {
- if(errno != EINTR)
- krb5_warn(context, errno, "select");
- } else if(e == 0)
- krb5_warnx(context, "select returned 0");
- else {
- for(i = 0; i < num_socks; i++) {
- if(FD_ISSET(socks[i], &read_set))
- if(spawn_child(context, socks, num_socks, i) == 0)
- return 0;
- }
- }
- }
- signal(SIGCHLD, SIG_IGN);
- while(1) {
- int status;
- pid_t pid;
- pid = waitpid(-1, &status, 0);
- if(pid == -1 && errno == ECHILD)
- break;
- }
- exit(0);
-}
-
-
-int
-start_server(krb5_context context)
-{
- int e;
- struct kadm_port *p;
-
- int *socks = NULL, *tmp;
- int num_socks = 0;
- int i;
-
- for(p = kadm_ports; p; p = p->next) {
- struct addrinfo hints, *ai, *ap;
- char portstr[32];
- memset (&hints, 0, sizeof(hints));
- hints.ai_flags = AI_PASSIVE;
- hints.ai_socktype = SOCK_STREAM;
-
- e = getaddrinfo(NULL, p->port, &hints, &ai);
- if(e) {
- snprintf(portstr, sizeof(portstr), "%u", p->def_port);
- e = getaddrinfo(NULL, portstr, &hints, &ai);
- }
-
- if(e) {
- krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
- "%s", portstr);
- continue;
- }
- i = 0;
- for(ap = ai; ap; ap = ap->ai_next)
- i++;
- tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
- if(tmp == NULL) {
- krb5_warnx(context, "failed to reallocate %lu bytes",
- (unsigned long)(num_socks + i) * sizeof(*socks));
- continue;
- }
- socks = tmp;
- for(ap = ai; ap; ap = ap->ai_next) {
- int one = 1;
- int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
- if(s < 0) {
- krb5_warn(context, errno, "socket");
- continue;
- }
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
- if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
- sizeof(one)) < 0)
- krb5_warn(context, errno, "setsockopt");
-#endif
- if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
- krb5_warn(context, errno, "bind");
- close(s);
- continue;
- }
- if (listen (s, SOMAXCONN) < 0) {
- krb5_warn(context, errno, "listen");
- close(s);
- continue;
- }
- socks[num_socks++] = s;
- }
- freeaddrinfo (ai);
- }
- if(num_socks == 0)
- krb5_errx(context, 1, "no sockets to listen to - exiting");
- return wait_for_connection(context, socks, num_socks);
-}
diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8
deleted file mode 100644
index 66880f39943a..000000000000
--- a/crypto/heimdal/kadmin/kadmin.8
+++ /dev/null
@@ -1,255 +0,0 @@
-.\" $Id: kadmin.8,v 1.7 2002/08/20 17:07:11 joda Exp $
-.\"
-.Dd September 10, 2000
-.Dt KADMIN 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmin
-.Nd Kerberos administration utility
-.Sh SYNOPSIS
-.Nm
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string
-.Xc
-.Oc
-.Oo Fl K Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host
-.Xc
-.Oc
-.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number
-.Xc
-.Oc
-.Op Fl l | Fl -local
-.Op Fl h | Fl -help
-.Op Fl v | Fl -version
-.Op Ar command
-.Sh DESCRIPTION
-The
-.Nm
-program is used to make modification to the Kerberos database, either remotely via the
-.Xr kadmind 8
-daemon, or locally (with the
-.Fl l
-option).
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl p Ar string ,
-.Fl -principal= Ns Ar string
-.Xc
-principal to authenticate as
-.It Xo
-.Fl K Ar string ,
-.Fl -keytab= Ns Ar string
-.Xc
-keytab for authentication pricipal
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl a Ar host ,
-.Fl -admin-server= Ns Ar host
-.Xc
-server to contact
-.It Xo
-.Fl s Ar port number ,
-.Fl -server-port= Ns Ar port number
-.Xc
-port to use
-.It Xo
-.Fl l ,
-.Fl -local
-.Xc
-local admin mode
-.El
-.Pp
-If no
-.Ar command
-is given on the command line,
-.Nm
-will prompt for commands to process. Commands include:
-.\" not using a list here, since groff apparently gets confused
-.\" with nested Xo/Xc
-.Bd -ragged -offset indent
-.Nm add
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -attributes= Ns Ar attributes
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-creates a new principal
-.Ed
-.Pp
-.Nm passwd
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-changes the password of an existing principal
-.Ed
-.Pp
-.Nm delete
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-removes a principal
-.Ed
-.Pp
-.Nm del_enctype
-.Ar principal enctypes...
-.Pp
-.Bd -ragged -offset indent
-removes some enctypes from a principal, this can be useful the service
-belonging to the principal is known to not handle certain enctypes
-.Ed
-.Pp
-.Nm ext_keytab
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-creates a keytab with the keys of the specified principals
-.Ed
-.Pp
-.Nm get
-.Op Fl l | Fl -long
-.Op Fl s | Fl -short
-.Op Fl t | Fl -terse
-.Ar expression...
-.Pp
-.Bd -ragged -offset indent
-lists the principals that match the expressions (which are shell glob
-like), long format gives more information, and terse just prints the
-names
-.Ed
-.Pp
-.Nm rename
-.Ar from to
-.Pp
-.Bd -ragged -offset indent
-renames a principal
-.Ed
-.Pp
-.Nm modify
-.Oo Fl a Ar attributes \*(Ba Xo
-.Fl -attributes= Ns Ar attributes
-.Xc
-.Oc
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Op Fl -kvno= Ns Ar number
-.Ar principal
-.Pp
-.Bd -ragged -offset indent
-modifies certain attributes of a principal
-.Ed
-.Pp
-.Nm privileges
-.Pp
-.Bd -ragged -offset indent
-lists the operations you are allowd to perform
-.Ed
-.Pp
-.Ed
-.Pp
-When running in local mode, the following commands can also be used.
-.Bd -ragged -offset indent
-.Nm dump
-.Op Fl d | Fl -decrypt
-.Op Ar dump-file
-.Pp
-.Bd -ragged -offset indent
-writes the database in
-.Dq human readable
-form to the specified file, or standard out
-.Ed
-.Pp
-.Nm init
-.Op Fl -realm-max-ticket-life= Ns Ar string
-.Op Fl -realm-max-renewable-life= Ns Ar string
-.Ar realm
-.Pp
-.Bd -ragged -offset indent
-initialises the Kerberos database with entries for a new realm, it's
-possible to have more than one realm served by one server
-.Ed
-.Pp
-.Nm load
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-reads a previously dumped database, and re-creates that database from scratch
-.Ed
-.Pp
-.Nm merge
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-similar to
-.Nm list
-but just modifies the database with the entries in the dump file
-.Ed
-.Pp
-.Ed
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kadmind 8 ,
-.Xr kdc 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c
deleted file mode 100644
index ff2eec9407c8..000000000000
--- a/crypto/heimdal/kadmin/kadmin.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <sl.h>
-
-RCSID("$Id: kadmin.c,v 1.41 2001/08/10 08:06:13 joda Exp $");
-
-static char *config_file;
-static char *keyfile;
-static int local_flag;
-static int help_flag;
-static int version_flag;
-static char *realm;
-static char *admin_server;
-static int server_port = 0;
-static char *client_name;
-static char *keytab;
-
-static struct getargs args[] = {
- { "principal", 'p', arg_string, &client_name,
- "principal to authenticate as" },
- { "keytab", 'K', arg_string, &keytab,
- "keytab for authentication pricipal" },
- {
- "config-file", 'c', arg_string, &config_file,
- "location of config file", "file"
- },
- {
- "key-file", 'k', arg_string, &keyfile,
- "location of master key file", "file"
- },
- {
- "realm", 'r', arg_string, &realm,
- "realm to use", "realm"
- },
- {
- "admin-server", 'a', arg_string, &admin_server,
- "server to contact", "host"
- },
- {
- "server-port", 's', arg_integer, &server_port,
- "port to use", "port number"
- },
- { "local", 'l', arg_flag, &local_flag, "local admin mode" },
- { "help", 'h', arg_flag, &help_flag },
- { "version", 'v', arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static SL_cmd commands[] = {
- /* commands that are only available with `-l' */
- {
- "dump", dump, "dump [file]",
- "Dumps the database in a human readable format to the\n"
- "specified file, or the standard out."
- },
- {
- "load", load, "load file",
- "Loads a previously dumped file."
- },
- {
- "merge", merge, "merge file" ,
- "Merges the contents of a dump file into the database."
- },
- {
- "init", init, "init realm...",
- "Initializes the default principals for a realm.\n"
- "Creates the database if necessary."
- },
- /* common commands */
- {
- "add", add_new_key, "add principal" ,
- "Adds a principal to the database."
- },
- { "add_new_key"},
- { "ank"},
- {
- "passwd", cpw_entry, "passwd expression..." ,
- "Changes the password of one or more principals\n"
- "matching the expressions."
- },
- { "change_password"},
- { "cpw"},
- {
- "delete", del_entry, "delete expression...",
- "Deletes all principals matching the expressions."
- },
- { "del_entry" },
- { "del" },
- {
- "del_enctype", del_enctype, "del_enctype principal enctype...",
- "Delete all the mentioned enctypes for principal."
- },
- {
- "ext_keytab", ext_keytab, "ext_keytab expression...",
- "Extracts the keys of all principals matching the expressions,\n"
- "and stores them in a keytab."
- },
- {
- "get", get_entry, "get expression...",
- "Shows information about principals matching the expressions."
- },
- { "get_entry" },
- {
- "rename", rename_entry, "rename source target",
- "Renames `source' to `target'."
- },
- {
- "modify", mod_entry, "modify principal",
- "Modifies some attributes of the specified principal."
- },
- {
- "privileges", get_privs, "privileges",
- "Shows which kinds of operations you are allowed to perform."
- },
- { "privs" },
- {
- "list", list_princs, "list expression...",
- "Lists principals in a terse format. The same as `get -t'."
- },
- { "help", help, "help"},
- { "?"},
- { "exit", exit_kadmin, "exit"},
- { "quit" },
- { NULL}
-};
-
-krb5_context context;
-void *kadm_handle;
-
-static SL_cmd *actual_cmds;
-
-int
-help(int argc, char **argv)
-{
- sl_help(actual_cmds, argc, argv);
- return 0;
-}
-
-int
-exit_kadmin (int argc, char **argv)
-{
- return 1;
-}
-
-static void
-usage(int ret)
-{
- arg_printusage (args, num_args, NULL, "[command]");
- exit (ret);
-}
-
-int
-get_privs(int argc, char **argv)
-{
- u_int32_t privs;
- char str[128];
- kadm5_ret_t ret;
-
- int help_flag = 0;
- struct getargs args[] = {
- { "help", 'h', arg_flag, NULL }
- };
- int num_args = sizeof(args) / sizeof(args[0]);
- int optind = 0;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- arg_printusage (args, num_args, "privileges", NULL);
- return 0;
- }
- if(help_flag) {
- arg_printusage (args, num_args, "privileges", NULL);
- return 0;
- }
-
- ret = kadm5_get_privs(kadm_handle, &privs);
- if(ret)
- krb5_warn(context, ret, "kadm5_get_privs");
- else{
- ret =_kadm5_privs_to_string(privs, str, sizeof(str));
- printf("%s\n", str);
- }
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- krb5_error_code ret;
- krb5_config_section *cf = NULL;
- kadm5_config_params conf;
- int optind = 0;
-
- setprogname(argv[0]);
-
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
-
- if(getarg(args, num_args, argc, argv, &optind))
- usage(1);
-
- if (help_flag)
- usage (0);
-
- if (version_flag) {
- print_version(NULL);
- exit(0);
- }
-
- argc -= optind;
- argv += optind;
-
- if (config_file == NULL)
- config_file = HDB_DB_DIR "/kdc.conf";
-
- if(krb5_config_parse_file(context, config_file, &cf) == 0) {
- const char *p = krb5_config_get_string (context, cf,
- "kdc", "key-file", NULL);
- if (p)
- keyfile = strdup(p);
- }
- krb5_clear_error_string (context);
-
- memset(&conf, 0, sizeof(conf));
- if(realm) {
- krb5_set_default_realm(context, realm); /* XXX should be fixed
- some other way */
- conf.realm = realm;
- conf.mask |= KADM5_CONFIG_REALM;
- }
-
- if (admin_server) {
- conf.admin_server = admin_server;
- conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
- }
-
- if (server_port) {
- conf.kadmind_port = htons(server_port);
- conf.mask |= KADM5_CONFIG_KADMIND_PORT;
- }
-
- if(local_flag){
- ret = kadm5_s_init_with_password_ctx(context,
- KADM5_ADMIN_SERVICE,
- NULL,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- actual_cmds = commands;
- } else if (keytab) {
- ret = kadm5_c_init_with_skey_ctx(context,
- client_name,
- keytab,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- actual_cmds = commands + 4; /* XXX */
- } else {
- ret = kadm5_c_init_with_password_ctx(context,
- client_name,
- NULL,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- actual_cmds = commands + 4; /* XXX */
- }
-
- if(ret)
- krb5_err(context, 1, ret, "kadm5_init_with_password");
-
- signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
- parser will handle SIGINT its own way;
- we should really take care of this in
- each function, f.i `get' might be
- interruptable, but not `create' */
- if (argc != 0) {
- ret = sl_command (actual_cmds, argc, argv);
- if(ret == -1)
- krb5_warnx (context, "unrecognized command: %s", argv[0]);
- } else
- ret = sl_loop (actual_cmds, "kadmin> ") != 0;
-
- kadm5_destroy(kadm_handle);
- krb5_config_file_free (context, cf);
- krb5_free_context(context);
- return ret;
-}
diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8
deleted file mode 100644
index 215553393033..000000000000
--- a/crypto/heimdal/kadmin/kadmin.cat8
+++ /dev/null
@@ -1,121 +0,0 @@
-KADMIN(8) NetBSD System Manager's Manual KADMIN(8)
-
-NNAAMMEE
- kkaaddmmiinn - Kerberos administration utility
-
-SSYYNNOOPPSSIISS
- kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
- _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
- ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
- ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
- [_c_o_m_m_a_n_d]
-
-DDEESSCCRRIIPPTTIIOONN
- The kkaaddmmiinn program is used to make modification to the Kerberos database,
- either remotely via the kadmind(8) daemon, or locally (with the --ll op-
- tion).
-
- Supported options:
-
- --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
- principal to authenticate as
-
- --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
- keytab for authentication pricipal
-
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
- location of config file
-
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
- location of master key file
-
- --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
- realm to use
-
- --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
- server to contact
-
- --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
- port to use
-
- --ll, ----llooccaall
- local admin mode
-
- If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
- mands to process. Commands include:
-
- aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
- ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
- [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
- [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
-
- creates a new principal
-
- ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
- ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
-
- changes the password of an existing principal
-
- ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
-
- removes a principal
-
- ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
-
- removes some enctypes from a principal, this can be useful
- the service belonging to the principal is known to not handle
- certain enctypes
-
- eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
-
- creates a keytab with the keys of the specified principals
-
- ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
-
- lists the principals that match the expressions (which are
- shell glob like), long format gives more information, and
- terse just prints the names
-
- rreennaammee _f_r_o_m _t_o
-
- renames a principal
-
- mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
- [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
- [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
- [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
-
- modifies certain attributes of a principal
-
- pprriivviilleeggeess
-
- lists the operations you are allowd to perform
-
- When running in local mode, the following commands can also be used.
-
- dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
-
- writes the database in ``human readable'' form to the speci-
- fied file, or standard out
-
- iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
- [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
-
- initialises the Kerberos database with entries for a new
- realm, it's possible to have more than one realm served by
- one server
-
- llooaadd _f_i_l_e
-
- reads a previously dumped database, and re-creates that
- database from scratch
-
- mmeerrggee _f_i_l_e
-
- similar to lliisstt but just modifies the database with the en-
- tries in the dump file
-
-SSEEEE AALLSSOO
- kadmind(8), kdc(8)
-
- HEIMDAL September 10, 2000 2
diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h
deleted file mode 100644
index 0b36127db0d5..000000000000
--- a/crypto/heimdal/kadmin/kadmin_locl.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
- * $FreeBSD$
- */
-
-#ifndef __ADMIN_LOCL_H__
-#define __ADMIN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-#include <hdb.h>
-#include <hdb_err.h>
-#include <kadm5/admin.h>
-#include <kadm5/private.h>
-#include <kadm5/kadm5_err.h>
-#include <parse_time.h>
-#include <getarg.h>
-
-
-extern krb5_context context;
-extern void * kadm_handle;
-
-#define DECL(X) int X(int, char **)
-
-DECL(add_new_key);
-DECL(cpw_entry);
-DECL(del_entry);
-DECL(del_enctype);
-DECL(exit_kadmin);
-DECL(ext_keytab);
-DECL(get_entry);
-DECL(get_privs);
-DECL(help);
-DECL(list_princs);
-DECL(mod_entry);
-DECL(rename_entry);
-DECL(init);
-DECL(dump);
-DECL(load);
-DECL(merge);
-
-#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
-
-/* util.c */
-
-void attributes2str(krb5_flags attributes, char *str, size_t len);
-int str2attributes(const char *str, krb5_flags *flags);
-int parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit);
-int edit_attributes (const char *prompt, krb5_flags *attr, int *mask,
- int bit);
-
-void time_t2str(time_t t, char *str, size_t len, int include_time);
-int str2time_t (const char *str, time_t *time);
-int parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit);
-int edit_timet (const char *prompt, krb5_timestamp *value, int *mask,
- int bit);
-
-void deltat2str(unsigned t, char *str, size_t len);
-int str2deltat(const char *str, krb5_deltat *delta);
-int parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit);
-int edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit);
-
-int edit_entry(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask);
-void set_defaults(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask);
-int set_entry(krb5_context context,
- kadm5_principal_ent_t ent,
- int *mask,
- const char *max_ticket_life,
- const char *max_renewable_life,
- const char *expiration,
- const char *pw_expiration,
- const char *attributes);
-int
-foreach_principal(const char *exp,
- int (*func)(krb5_principal, void*),
- const char *funcname,
- void *data);
-
-int parse_des_key (const char *key_string,
- krb5_key_data *key_data, const char **err);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-/* version4.c */
-
-void
-handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd);
-
-/* random_password.c */
-
-void
-random_password(char *pw, size_t len);
-
-/* kadm_conn.c */
-
-extern sig_atomic_t term_flag, doing_useful_work;
-
-void parse_ports(krb5_context, const char*);
-int start_server(krb5_context);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-#endif /* __ADMIN_LOCL_H__ */
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8
deleted file mode 100644
index ac1fcd25a108..000000000000
--- a/crypto/heimdal/kadmin/kadmind.8
+++ /dev/null
@@ -1,155 +0,0 @@
-.\" $Id: kadmind.8,v 1.10.2.1 2002/10/21 14:53:39 joda Exp $
-.\"
-.Dd March 5, 2002
-.Dt KADMIND 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmind
-.Nd "server for administrative access to kerberos database"
-.Sh SYNOPSIS
-.Nm
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl -keytab= Ns Ar keytab
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Op Fl d | Fl -debug
-.Oo Fl p Ar port \*(Ba Xo
-.Fl -ports= Ns Ar port
-.Xc
-.Oc
-.Op Fl -no-kerberos4
-.Sh DESCRIPTION
-.Nm
-listens for requests for changes to the Kerberos database and performs
-these, subject to permissions. When starting, if stdin is a socket it
-assumes that it has been started by
-.Xr inetd 8 ,
-otherwise it behaves as a daemon, forking processes for each new
-connection. The
-.Fl -debug
-option causes
-.Nm
-to accept exactly one connection, which is useful for debugging.
-.Pp
-If built with krb4 support, it implements both the Heimdal Kerberos 5
-administrative protocol and the Kerberos 4 protocol. Password changes
-via the Kerberos 4 protocol are also performed by
-.Nm kadmind ,
-but the
-.Xr kpasswdd 8
-daemon is responsible for the Kerberos 5 password changing protocol
-(used by
-.Xr kpasswd 1 )
-.
-.Pp
-This daemon should only be run on ther master server, and not on any
-slaves.
-.Pp
-Principals are always allowed to change their own password and list
-their own principal. Apart from that, doing any operation requires
-permission explicitly added in the ACL file
-.Pa /var/heimdal/kadmind.acl .
-The format of this file is:
-.Bd -ragged
-.Va principal
-.Va rights
-.Op Va principal-pattern
-.Ed
-.Pp
-Where rights is any (comma separated) combination of:
-.Bl -bullet -compact
-.It
-change-password or cpw
-.It
-list
-.It
-delete
-.It
-modify
-.It
-add
-.It
-get
-.It
-all
-.El
-.Pp
-And the optional
-.Ar principal-pattern
-restricts the rights to operations on principals that match the
-glob-style pattern.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-what keytab to use
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
-enable debugging
-.It Xo
-.Fl p Ar port ,
-.Fl -ports= Ns Ar port
-.Xc
-ports to listen to. By default, if run as a daemon, it listen to ports
-749, and 751 (if Kerberos 4 support is built and enabled), but you can
-add any number of ports with this option. The port string is a
-whitespace separated list of port specifications, with the special
-string
-.Dq +
-representing the default set of ports.
-.It Fl -no-kerberos4
-make
-.Nm
-ignore Kerberos 4 kadmin requests.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Pa /var/heimdal/kadmind.acl
-.Sh EXAMPLES
-This will cause
-.Nm
-to listen to port 4711 in addition to any
-compiled in defaults:
-.Pp
-.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &"
-.Pp
-This acl file will grant Joe all rights, and allow Mallory to view and
-add host principals.
-.Bd -literal -offset indent
-joe/admin@EXAMPLE.COM all
-mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kpasswd 1 ,
-.Xr kadmin 8 ,
-.Xr kdc 8 ,
-.Xr kpasswdd 8
diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c
deleted file mode 100644
index 5ef63497496e..000000000000
--- a/crypto/heimdal/kadmin/kadmind.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: kadmind.c,v 1.27.6.1 2002/10/21 14:53:39 joda Exp $");
-
-static char *check_library = NULL;
-static char *check_function = NULL;
-static char *config_file;
-static char *keyfile;
-static char *keytab_str = "HDB:";
-static int help_flag;
-static int version_flag;
-static int debug_flag;
-static char *port_str;
-char *realm;
-#ifdef KRB4
-int do_kerberos4 = 1;
-#endif
-
-static struct getargs args[] = {
- {
- "config-file", 'c', arg_string, &config_file,
- "location of config file", "file"
- },
- {
- "key-file", 'k', arg_string, &keyfile,
- "location of master key file", "file"
- },
- {
- "keytab", 0, arg_string, &keytab_str,
- "what keytab to use", "keytab"
- },
- { "realm", 'r', arg_string, &realm,
- "realm to use", "realm"
- },
-#ifdef HAVE_DLOPEN
- { "check-library", 0, arg_string, &check_library,
- "library to load password check function from", "library" },
- { "check-function", 0, arg_string, &check_function,
- "password check function to load", "function" },
-#endif
- { "debug", 'd', arg_flag, &debug_flag,
- "enable debugging"
- },
-#ifdef KRB4
- { "kerberos4", 0, arg_negative_flag, &do_kerberos4,
- "don't respond to kerberos 4 requests"
- },
-#endif
- { "ports", 'p', arg_string, &port_str,
- "ports to listen to", "port" },
- { "help", 'h', arg_flag, &help_flag },
- { "version", 'v', arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-krb5_context context;
-
-static void
-usage(int ret)
-{
- arg_printusage (args, num_args, NULL, "");
- exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
- krb5_error_code ret;
- krb5_config_section *cf;
- int optind = 0;
- int e;
- krb5_log_facility *logf;
- krb5_keytab keytab;
-
- setprogname(argv[0]);
-
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
-
- ret = krb5_openlog(context, "kadmind", &logf);
- ret = krb5_set_warn_dest(context, logf);
-
- while((e = getarg(args, num_args, argc, argv, &optind)))
- warnx("error at argument `%s'", argv[optind]);
-
- if (help_flag)
- usage (0);
-
- if (version_flag) {
- print_version(NULL);
- exit(0);
- }
-
- argc -= optind;
- argv += optind;
-
- ret = krb5_kt_register(context, &hdb_kt_ops);
- if(ret)
- krb5_err(context, 1, ret, "krb5_kt_register");
-
- if (config_file == NULL)
- config_file = HDB_DB_DIR "/kdc.conf";
-
- if(krb5_config_parse_file(context, config_file, &cf) == 0) {
- const char *p = krb5_config_get_string (context, cf,
- "kdc", "key-file", NULL);
- if (p)
- keyfile = strdup(p);
- }
-
- ret = krb5_kt_resolve(context, keytab_str, &keytab);
- if(ret)
- krb5_err(context, 1, ret, "krb5_kt_resolve");
-
- kadm5_setup_passwd_quality_check (context, check_library, check_function);
-
- {
- int fd = 0;
- struct sockaddr_storage __ss;
- struct sockaddr *sa = (struct sockaddr *)&__ss;
- socklen_t sa_size = sizeof(__ss);
- krb5_auth_context ac = NULL;
- int debug_port;
-
- if(debug_flag) {
- if(port_str == NULL)
- debug_port = krb5_getportbyname (context, "kerberos-adm",
- "tcp", 749);
- else
- debug_port = htons(atoi(port_str));
- mini_inetd(debug_port);
- } else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
- errno == ENOTSOCK) {
- parse_ports(context, port_str ? port_str : "+");
- pidfile(NULL);
- start_server(context);
- }
- if(realm)
- krb5_set_default_realm(context, realm); /* XXX */
- kadmind_loop(context, ac, keytab, fd);
- }
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
deleted file mode 100644
index b7172bcaab82..000000000000
--- a/crypto/heimdal/kadmin/kadmind.cat8
+++ /dev/null
@@ -1,93 +0,0 @@
-KADMIND(8) NetBSD System Manager's Manual KADMIND(8)
-
-NNAAMMEE
- kkaaddmmiinndd - server for administrative access to kerberos database
-
-SSYYNNOOPPSSIISS
- kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
- [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
- ----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44]
-
-DDEESSCCRRIIPPTTIIOONN
- kkaaddmmiinndd listens for requests for changes to the Kerberos database and
- performs these, subject to permissions. When starting, if stdin is a
- socket it assumes that it has been started by inetd(8), otherwise it be-
- haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
- option causes kkaaddmmiinndd to accept exactly one connection, which is useful
- for debugging.
-
- If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
- ministrative protocol and the Kerberos 4 protocol. Password changes via
- the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the
- kpasswdd(8) daemon is responsible for the Kerberos 5 password changing
- protocol (used by kpasswd(1))
-
- This daemon should only be run on ther master server, and not on any
- slaves.
-
- Principals are always allowed to change their own password and list their
- own principal. Apart from that, doing any operation requires permission
- explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
- this file is:
-
- _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
-
- Where rights is any (comma separated) combination of:
- ++oo change-password or cpw
- ++oo list
- ++oo delete
- ++oo modify
- ++oo add
- ++oo get
- ++oo all
-
- And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
- principals that match the glob-style pattern.
-
- Supported options:
-
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
- location of config file
-
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
- location of master key file
-
- ----kkeeyyttaabb==_k_e_y_t_a_b
- what keytab to use
-
- --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
- realm to use
-
- --dd, ----ddeebbuugg
- enable debugging
-
- --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
- ports to listen to. By default, if run as a daemon, it listen to
- ports 749, and 751 (if Kerberos 4 support is built and enabled),
- but you can add any number of ports with this option. The port
- string is a whitespace separated list of port specifications,
- with the special string ``+'' representing the default set of
- ports.
-
- ----nnoo--kkeerrbbeerrooss44
- make kkaaddmmiinndd ignore Kerberos 4 kadmin requests.
-
-FFIILLEESS
- _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
-
-EEXXAAMMPPLLEESS
- This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
- piled in defaults:
-
- kkaaddmmiinndd----ppoorrttss="+ 4711" &
-
- This acl file will grant Joe all rights, and allow Mallory to view and
- add host principals.
-
- joe/admin@EXAMPLE.COM all
- mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
-
-SSEEEE AALLSSOO
- kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
-
- HEIMDAL March 5, 2002 2
diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c
deleted file mode 100644
index 3635023cbb19..000000000000
--- a/crypto/heimdal/kadmin/load.c
+++ /dev/null
@@ -1,540 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $");
-
-struct entry {
- char *principal;
- char *key;
- char *max_life;
- char *max_renew;
- char *created;
- char *modified;
- char *valid_start;
- char *valid_end;
- char *pw_end;
- char *flags;
- char *generation;
-};
-
-static char *
-skip_next(char *p)
-{
- while(*p && !isspace((unsigned char)*p))
- p++;
- *p++ = 0;
- while(*p && isspace((unsigned char)*p))
- p++;
- return p;
-}
-
-/*
- * Parse the time in `s', returning:
- * -1 if error parsing
- * 0 if none present
- * 1 if parsed ok
- */
-
-static int
-parse_time_string(time_t *t, const char *s)
-{
- int year, month, date, hour, minute, second;
- struct tm tm;
-
- if(strcmp(s, "-") == 0)
- return 0;
- if(sscanf(s, "%04d%02d%02d%02d%02d%02d",
- &year, &month, &date, &hour, &minute, &second) != 6)
- return -1;
- tm.tm_year = year - 1900;
- tm.tm_mon = month - 1;
- tm.tm_mday = date;
- tm.tm_hour = hour;
- tm.tm_min = minute;
- tm.tm_sec = second;
- tm.tm_isdst = 0;
- *t = timegm(&tm);
- return 1;
-}
-
-/*
- * parse time, allocating space in *t if it's there
- */
-
-static int
-parse_time_string_alloc (time_t **t, const char *s)
-{
- time_t tmp;
- int ret;
-
- *t = NULL;
- ret = parse_time_string (&tmp, s);
- if (ret == 1) {
- *t = malloc (sizeof (**t));
- if (*t == NULL)
- krb5_errx (context, 1, "malloc: out of memory");
- **t = tmp;
- }
- return ret;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_integer(unsigned *u, const char *s)
-{
- if(strcmp(s, "-") == 0)
- return 0;
- if (sscanf(s, "%u", u) != 1)
- return -1;
- return 1;
-}
-
-static int
-parse_integer_alloc (int **u, const char *s)
-{
- unsigned tmp;
- int ret;
-
- *u = NULL;
- ret = parse_integer (&tmp, s);
- if (ret == 1) {
- *u = malloc (sizeof (**u));
- if (*u == NULL)
- krb5_errx (context, 1, "malloc: out of memory");
- **u = tmp;
- }
- return ret;
-}
-
-/*
- * Parse dumped keys in `str' and store them in `ent'
- * return -1 if parsing failed
- */
-
-static int
-parse_keys(hdb_entry *ent, char *str)
-{
- krb5_error_code ret;
- int tmp;
- char *p;
- int i;
-
- p = strsep(&str, ":");
- if (sscanf(p, "%d", &tmp) != 1)
- return 1;
- ent->kvno = tmp;
- p = strsep(&str, ":");
- while(p){
- Key *key;
- key = realloc(ent->keys.val,
- (ent->keys.len + 1) * sizeof(*ent->keys.val));
- if(key == NULL)
- krb5_errx (context, 1, "realloc: out of memory");
- ent->keys.val = key;
- key = ent->keys.val + ent->keys.len;
- ent->keys.len++;
- memset(key, 0, sizeof(*key));
- if(sscanf(p, "%d", &tmp) == 1) {
- key->mkvno = malloc(sizeof(*key->mkvno));
- *key->mkvno = tmp;
- } else
- key->mkvno = NULL;
- p = strsep(&str, ":");
- if (sscanf(p, "%d", &tmp) != 1)
- return 1;
- key->key.keytype = tmp;
- p = strsep(&str, ":");
- ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1);
- if (ret)
- krb5_err (context, 1, ret, "krb5_data_alloc");
- for(i = 0; i < strlen(p); i += 2) {
- if(sscanf(p + i, "%02x", &tmp) != 1)
- return 1;
- ((u_char*)key->key.keyvalue.data)[i / 2] = tmp;
- }
- p = strsep(&str, ":");
- if(strcmp(p, "-") != 0){
- unsigned type;
- size_t p_len;
-
- if(sscanf(p, "%u/", &type) != 1)
- return 1;
- p = strchr(p, '/');
- if(p == NULL)
- return 1;
- p++;
- p_len = strlen(p);
-
- key->salt = malloc(sizeof(*key->salt));
- if (key->salt == NULL)
- krb5_errx (context, 1, "malloc: out of memory");
- key->salt->type = type;
-
- if (p_len) {
- if(*p == '\"') {
- ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2);
- if (ret)
- krb5_err (context, 1, ret, "krb5_data_copy");
- } else {
- ret = krb5_data_alloc(&key->salt->salt,
- (p_len - 1) / 2 + 1);
- if (ret)
- krb5_err (context, 1, ret, "krb5_data_alloc");
- for(i = 0; i < p_len; i += 2){
- if (sscanf(p + i, "%02x", &tmp) != 1)
- return 1;
- ((u_char*)key->salt->salt.data)[i / 2] = tmp;
- }
- }
- } else
- krb5_data_zero (&key->salt->salt);
- }
- p = strsep(&str, ":");
- }
- return 0;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_event(Event *ev, char *s)
-{
- krb5_error_code ret;
- char *p;
-
- if(strcmp(s, "-") == 0)
- return 0;
- memset(ev, 0, sizeof(*ev));
- p = strsep(&s, ":");
- if(parse_time_string(&ev->time, p) != 1)
- return -1;
- p = strsep(&s, ":");
- ret = krb5_parse_name(context, p, &ev->principal);
- if (ret)
- return -1;
- return 1;
-}
-
-static int
-parse_event_alloc (Event **ev, char *s)
-{
- Event tmp;
- int ret;
-
- *ev = NULL;
- ret = parse_event (&tmp, s);
- if (ret == 1) {
- *ev = malloc (sizeof (**ev));
- if (*ev == NULL)
- krb5_errx (context, 1, "malloc: out of memory");
- **ev = tmp;
- }
- return ret;
-}
-
-static int
-parse_hdbflags2int(HDBFlags *f, const char *s)
-{
- int ret;
- unsigned tmp;
-
- ret = parse_integer (&tmp, s);
- if (ret == 1)
- *f = int2HDBFlags (tmp);
- return ret;
-}
-
-static int
-parse_generation(char *str, GENERATION **gen)
-{
- char *p;
- int v;
-
- if(strcmp(str, "-") == 0 || *str == '\0') {
- *gen = NULL;
- return 0;
- }
- *gen = calloc(1, sizeof(**gen));
-
- p = strsep(&str, ":");
- if(parse_time_string(&(*gen)->time, p) != 1)
- return -1;
- p = strsep(&str, ":");
- if(sscanf(p, "%d", &v) != 1)
- return -1;
- (*gen)->usec = v;
- p = strsep(&str, ":");
- if(sscanf(p, "%d", &v) != 1)
- return -1;
- (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */
- return 0;
-}
-
-
-/*
- * Parse the dump file in `filename' and create the database (merging
- * iff merge)
- */
-
-static int
-doit(const char *filename, int merge)
-{
- krb5_error_code ret;
- FILE *f;
- char s[8192]; /* XXX should fix this properly */
- char *p;
- int line;
- int flags = O_RDWR;
- struct entry e;
- hdb_entry ent;
- HDB *db = _kadm5_s_get_db(kadm_handle);
-
- f = fopen(filename, "r");
- if(f == NULL){
- krb5_warn(context, errno, "fopen(%s)", filename);
- return 1;
- }
- ret = kadm5_log_truncate (kadm_handle);
- if (ret) {
- fclose (f);
- krb5_warn(context, ret, "kadm5_log_truncate");
- return 1;
- }
-
- if(!merge)
- flags |= O_CREAT | O_TRUNC;
- ret = db->open(context, db, flags, 0600);
- if(ret){
- krb5_warn(context, ret, "hdb_open");
- fclose(f);
- return 1;
- }
- line = 0;
- ret = 0;
- while(fgets(s, sizeof(s), f) != NULL) {
- ret = 0;
- line++;
- e.principal = s;
- for(p = s; *p; p++){
- if(*p == '\\')
- p++;
- else if(isspace((unsigned char)*p)) {
- *p = 0;
- break;
- }
- }
- p = skip_next(p);
-
- e.key = p;
- p = skip_next(p);
-
- e.created = p;
- p = skip_next(p);
-
- e.modified = p;
- p = skip_next(p);
-
- e.valid_start = p;
- p = skip_next(p);
-
- e.valid_end = p;
- p = skip_next(p);
-
- e.pw_end = p;
- p = skip_next(p);
-
- e.max_life = p;
- p = skip_next(p);
-
- e.max_renew = p;
- p = skip_next(p);
-
- e.flags = p;
- p = skip_next(p);
-
- e.generation = p;
- p = skip_next(p);
-
- memset(&ent, 0, sizeof(ent));
- ret = krb5_parse_name(context, e.principal, &ent.principal);
- if(ret) {
- fprintf(stderr, "%s:%d:%s (%s)\n",
- filename,
- line,
- krb5_get_err_text(context, ret),
- e.principal);
- continue;
- }
-
- if (parse_keys(&ent, e.key)) {
- fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
- filename, line, e.key);
- hdb_free_entry (context, &ent);
- continue;
- }
-
- if (parse_event(&ent.created_by, e.created) == -1) {
- fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
- filename, line, e.created);
- hdb_free_entry (context, &ent);
- continue;
- }
- if (parse_event_alloc (&ent.modified_by, e.modified) == -1) {
- fprintf (stderr, "%s:%d:error parsing event (%s)\n",
- filename, line, e.modified);
- hdb_free_entry (context, &ent);
- continue;
- }
- if (parse_time_string_alloc (&ent.valid_start, e.valid_start) == -1) {
- fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.valid_start);
- hdb_free_entry (context, &ent);
- continue;
- }
- if (parse_time_string_alloc (&ent.valid_end, e.valid_end) == -1) {
- fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.valid_end);
- hdb_free_entry (context, &ent);
- continue;
- }
- if (parse_time_string_alloc (&ent.pw_end, e.pw_end) == -1) {
- fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.pw_end);
- hdb_free_entry (context, &ent);
- continue;
- }
-
- if (parse_integer_alloc (&ent.max_life, e.max_life) == -1) {
- fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
- filename, line, e.max_life);
- hdb_free_entry (context, &ent);
- continue;
-
- }
- if (parse_integer_alloc (&ent.max_renew, e.max_renew) == -1) {
- fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
- filename, line, e.max_renew);
- hdb_free_entry (context, &ent);
- continue;
- }
-
- if (parse_hdbflags2int (&ent.flags, e.flags) != 1) {
- fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
- filename, line, e.flags);
- hdb_free_entry (context, &ent);
- continue;
- }
-
- if(parse_generation(e.generation, &ent.generation) == -1) {
- fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
- filename, line, e.generation);
- hdb_free_entry (context, &ent);
- continue;
- }
-
- ret = db->store(context, db, HDB_F_REPLACE, &ent);
- hdb_free_entry (context, &ent);
- if (ret) {
- krb5_warn(context, ret, "db_store");
- break;
- }
- }
- db->close(context, db);
- fclose(f);
- return ret != 0;
-}
-
-
-static struct getargs args[] = {
- { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(const char *name)
-{
- arg_printusage (args, num_args, name, "file");
-}
-
-
-
-int
-load(int argc, char **argv)
-{
- int optind = 0;
- int help_flag = 0;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ("load");
- return 0;
- }
- if(argc - optind != 1 || help_flag) {
- usage ("load");
- return 0;
- }
-
- doit(argv[optind], 0);
- return 0;
-}
-
-int
-merge(int argc, char **argv)
-{
- int optind = 0;
- int help_flag = 0;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ("merge");
- return 0;
- }
- if(argc - optind != 1 || help_flag) {
- usage ("merge");
- return 0;
- }
-
- doit(argv[optind], 1);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c
deleted file mode 100644
index 1ea9c8653537..000000000000
--- a/crypto/heimdal/kadmin/mod.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: mod.c,v 1.10 2000/07/11 14:34:56 joda Exp $");
-
-static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
- int argc, char **argv, int *optind, char *name,
- int *mask);
-
-static int
-parse_args(krb5_context context, kadm5_principal_ent_t ent,
- int argc, char **argv, int *optind, char *name,
- int *mask)
-{
- char *attr_str = NULL;
- char *max_life_str = NULL;
- char *max_rlife_str = NULL;
- char *expiration_str = NULL;
- char *pw_expiration_str = NULL;
- int new_kvno = -1;
- int ret, i;
-
- struct getargs args[] = {
- {"attributes", 'a', arg_string, NULL, "Attributies",
- "attributes"},
- {"max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
- "lifetime"},
- {"max-renewable-life", 0, arg_string, NULL,
- "max renewable lifetime", "lifetime" },
- {"expiration-time", 0, arg_string,
- NULL, "Expiration time", "time"},
- {"pw-expiration-time", 0, arg_string,
- NULL, "Password expiration time", "time"},
- {"kvno", 0, arg_integer,
- NULL, "Key version number", "number"},
- };
-
- i = 0;
- args[i++].value = &attr_str;
- args[i++].value = &max_life_str;
- args[i++].value = &max_rlife_str;
- args[i++].value = &expiration_str;
- args[i++].value = &pw_expiration_str;
- args[i++].value = &new_kvno;
-
- *optind = 0; /* XXX */
-
- if(getarg(args, sizeof(args) / sizeof(args[0]),
- argc, argv, optind)){
- arg_printusage(args,
- sizeof(args) / sizeof(args[0]),
- name ? name : "",
- "principal");
- return -1;
- }
-
- ret = set_entry(context, ent, mask, max_life_str, max_rlife_str,
- expiration_str, pw_expiration_str, attr_str);
- if (ret)
- return ret;
-
- if(new_kvno != -1) {
- ent->kvno = new_kvno;
- *mask |= KADM5_KVNO;
- }
- return 0;
-}
-
-int
-mod_entry(int argc, char **argv)
-{
- kadm5_principal_ent_rec princ;
- int mask = 0;
- krb5_error_code ret;
- krb5_principal princ_ent = NULL;
- int optind;
-
- memset (&princ, 0, sizeof(princ));
-
- ret = parse_args (context, &princ, argc, argv,
- &optind, "mod", &mask);
- if (ret)
- return 0;
-
- argc -= optind;
- argv += optind;
-
- if (argc != 1) {
- printf ("Usage: mod [options] principal\n");
- return 0;
- }
-
- krb5_parse_name(context, argv[0], &princ_ent);
-
- if (mask == 0) {
- memset(&princ, 0, sizeof(princ));
- ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
- KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
- KADM5_PRINC_EXPIRE_TIME |
- KADM5_PW_EXPIRATION);
- krb5_free_principal (context, princ_ent);
- if (ret) {
- printf ("no such principal: %s\n", argv[0]);
- return 0;
- }
- edit_entry(&princ, &mask, NULL, 0);
- } else {
- princ.principal = princ_ent;
- }
-
- ret = kadm5_modify_principal(kadm_handle, &princ, mask);
- if(ret)
- krb5_warn(context, ret, "kadm5_modify_principal");
- kadm5_free_principal_ent(kadm_handle, &princ);
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c
deleted file mode 100644
index 92fb2fcddb97..000000000000
--- a/crypto/heimdal/kadmin/random_password.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: random_password.c,v 1.4 2001/02/15 04:20:53 assar Exp $");
-
-/* This file defines some a function that generates a random password,
- that can be used when creating a large amount of principals (such
- as for a batch of students). Since this is a political matter, you
- should think about how secure generated passwords has to be.
-
- Both methods defined here will give you at least 55 bits of
- entropy.
- */
-
-/* If you want OTP-style passwords, define OTP_STYLE */
-
-#ifdef OTP_STYLE
-#include <otp.h>
-#else
-static void generate_password(char **pw, int num_classes, ...);
-#endif
-
-void
-random_password(char *pw, size_t len)
-{
-#ifdef OTP_STYLE
- {
- OtpKey newkey;
-
- krb5_generate_random_block(&newkey, sizeof(newkey));
- otp_print_stddict (newkey, pw, len);
- strlwr(pw);
- }
-#else
- char *pass;
- generate_password(&pass, 3,
- "abcdefghijklmnopqrstuvwxyz", 7,
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,
- "@$%&*()-+=:,/<>1234567890", 1);
- strlcpy(pw, pass, len);
- memset(pass, 0, strlen(pass));
- free(pass);
-#endif
-}
-
-/* some helper functions */
-
-#ifndef OTP_STYLE
-/* return a random value in range 0-127 */
-static int
-RND(unsigned char *key, int keylen, int *left)
-{
- if(*left == 0){
- krb5_generate_random_block(key, keylen);
- *left = keylen;
- }
- (*left)--;
- return ((unsigned char*)key)[*left];
-}
-
-/* This a helper function that generates a random password with a
- number of characters from a set of character classes.
-
- If there are n classes, and the size of each class is Pi, and the
- number of characters from each class is Ni, the number of possible
- passwords are (given that the character classes are disjoint):
-
- n n
- ----- / ---- \
- | | Ni | \ |
- | | Pi | \ Ni| !
- | | ---- * | / |
- | | Ni! | /___ |
- i=1 \ i=1 /
-
- Since it uses the RND function above, neither the size of each
- class, nor the total length of the generated password should be
- larger than 127 (without fixing RND).
-
- */
-static void
-generate_password(char **pw, int num_classes, ...)
-{
- struct {
- const char *str;
- int len;
- int freq;
- } *classes;
- va_list ap;
- int len, i;
- unsigned char rbuf[8]; /* random buffer */
- int rleft = 0;
-
- classes = malloc(num_classes * sizeof(*classes));
- va_start(ap, num_classes);
- len = 0;
- for(i = 0; i < num_classes; i++){
- classes[i].str = va_arg(ap, const char*);
- classes[i].len = strlen(classes[i].str);
- classes[i].freq = va_arg(ap, int);
- len += classes[i].freq;
- }
- va_end(ap);
- *pw = malloc(len + 1);
- if(*pw == NULL)
- return;
- for(i = 0; i < len; i++) {
- int j;
- int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
- int t = 0;
- for(j = 0; j < num_classes; j++) {
- if(x < t + classes[j].freq) {
- (*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
- % classes[j].len];
- classes[j].freq--;
- break;
- }
- t += classes[j].freq;
- }
- }
- (*pw)[len] = '\0';
- memset(rbuf, 0, sizeof(rbuf));
- free(classes);
-}
-#endif
diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c
deleted file mode 100644
index ac5f4d699d64..000000000000
--- a/crypto/heimdal/kadmin/rename.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: rename.c,v 1.4 2001/05/04 13:07:03 joda Exp $");
-
-static struct getargs args[] = {
- { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
- arg_printusage (args, num_args, "rename", "from to");
-}
-
-int
-rename_entry(int argc, char **argv)
-{
- int optind = 0;
- int help_flag = 0;
-
- krb5_error_code ret;
- krb5_principal princ1, princ2;
-
- args[0].value = &help_flag;
-
- if(getarg(args, num_args, argc, argv, &optind)) {
- usage ();
- return 0;
- }
- if(argc - optind != 2 || help_flag) {
- usage ();
- return 0;
- }
-
- ret = krb5_parse_name(context, argv[1], &princ1);
- if(ret){
- krb5_warn(context, ret, "krb5_parse_name(%s)", argv[1]);
- return 0;
- }
- ret = krb5_parse_name(context, argv[2], &princ2);
- if(ret){
- krb5_free_principal(context, princ2);
- krb5_warn(context, ret, "krb5_parse_name(%s)", argv[2]);
- return 0;
- }
- ret = kadm5_rename_principal(kadm_handle, princ1, princ2);
- if(ret)
- krb5_warn(context, ret, "rename");
- krb5_free_principal(context, princ1);
- krb5_free_principal(context, princ2);
- return 0;
-}
-
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
deleted file mode 100644
index 82050bb78294..000000000000
--- a/crypto/heimdal/kadmin/server.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-RCSID("$Id: server.c,v 1.36.2.1 2002/10/21 14:53:39 joda Exp $");
-
-static kadm5_ret_t
-kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
- krb5_data *in, krb5_data *out)
-{
- kadm5_ret_t ret;
- int32_t cmd, mask, tmp;
- kadm5_server_context *context = kadm_handle;
- char client[128], name[128], name2[128];
- char *op = "";
- krb5_principal princ, princ2;
- kadm5_principal_ent_rec ent;
- char *password, *exp;
- krb5_keyblock *new_keys;
- int n_keys;
- char **princs;
- int n_princs;
- krb5_storage *sp;
-
- krb5_unparse_name_fixed(context->context, context->caller,
- client, sizeof(client));
-
- sp = krb5_storage_from_data(in);
-
- krb5_ret_int32(sp, &cmd);
- switch(cmd){
- case kadm_get:{
- op = "GET";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- ret = krb5_ret_int32(sp, &mask);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- if(ret == 0){
- kadm5_store_principal_ent(sp, &ent);
- kadm5_free_principal_ent(kadm_handle, &ent);
- }
- krb5_free_principal(context->context, princ);
- break;
- }
- case kadm_delete:{
- op = "DELETE";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_delete_principal(kadm_handle, princ);
- krb5_free_principal(context->context, princ);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_create:{
- op = "CREATE";
- ret = kadm5_ret_principal_ent(sp, &ent);
- if(ret)
- goto fail;
- ret = krb5_ret_int32(sp, &mask);
- if(ret){
- kadm5_free_principal_ent(context->context, &ent);
- goto fail;
- }
- ret = krb5_ret_string(sp, &password);
- if(ret){
- kadm5_free_principal_ent(context->context, &ent);
- goto fail;
- }
- krb5_unparse_name_fixed(context->context, ent.principal,
- name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD,
- ent.principal);
- if(ret){
- kadm5_free_principal_ent(context->context, &ent);
- memset(password, 0, strlen(password));
- free(password);
- goto fail;
- }
- ret = kadm5_create_principal(kadm_handle, &ent,
- mask, password);
- kadm5_free_principal_ent(kadm_handle, &ent);
- memset(password, 0, strlen(password));
- free(password);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_modify:{
- op = "MODIFY";
- ret = kadm5_ret_principal_ent(sp, &ent);
- if(ret)
- goto fail;
- ret = krb5_ret_int32(sp, &mask);
- if(ret){
- kadm5_free_principal_ent(context, &ent);
- goto fail;
- }
- krb5_unparse_name_fixed(context->context, ent.principal,
- name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY,
- ent.principal);
- if(ret){
- kadm5_free_principal_ent(context, &ent);
- goto fail;
- }
- ret = kadm5_modify_principal(kadm_handle, &ent, mask);
- kadm5_free_principal_ent(kadm_handle, &ent);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_rename:{
- op = "RENAME";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- ret = krb5_ret_principal(sp, &princ2);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
- krb5_warnx(context->context, "%s: %s %s -> %s",
- client, op, name, name2);
- ret = _kadm5_acl_check_permission(context,
- KADM5_PRIV_ADD,
- princ2)
- || _kadm5_acl_check_permission(context,
- KADM5_PRIV_DELETE,
- princ);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_rename_principal(kadm_handle, princ, princ2);
- krb5_free_principal(context->context, princ);
- krb5_free_principal(context->context, princ2);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_chpass:{
- op = "CHPASS";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- ret = krb5_ret_string(sp, &password);
- if(ret){
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
- /*
- * The change is allowed if at least one of:
- * a) it's for the principal him/herself and this was an initial ticket
- * b) the user is on the CPW ACL.
- */
-
- if (initial
- && krb5_principal_compare (context->context, context->caller,
- princ))
- ret = 0;
- else
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
- if(ret) {
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_chpass_principal(kadm_handle, princ, password);
- krb5_free_principal(context->context, princ);
- memset(password, 0, strlen(password));
- free(password);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_chpass_with_key:{
- int i;
- krb5_key_data *key_data;
- int n_key_data;
-
- op = "CHPASS_WITH_KEY";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- ret = krb5_ret_int32(sp, &n_key_data);
- if (ret) {
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- /* n_key_data will be squeezed into an int16_t below. */
- if (n_key_data < 0 || n_key_data >= 1 << 16 ||
- n_key_data > UINT_MAX/sizeof(*key_data)) {
- ret = ERANGE;
- krb5_free_principal(context->context, princ);
- goto fail;
- }
-
- key_data = malloc (n_key_data * sizeof(*key_data));
- if (key_data == NULL) {
- ret = ENOMEM;
- krb5_free_principal(context->context, princ);
- goto fail;
- }
-
- for (i = 0; i < n_key_data; ++i) {
- ret = kadm5_ret_key_data (sp, &key_data[i]);
- if (ret) {
- int16_t dummy = i;
-
- kadm5_free_key_data (context, &dummy, key_data);
- free (key_data);
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- }
-
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
- /*
- * The change is allowed if at least one of:
- * a) it's for the principal him/herself and this was an initial ticket
- * b) the user is on the CPW ACL.
- */
-
- if (initial
- && krb5_principal_compare (context->context, context->caller,
- princ))
- ret = 0;
- else
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
- if(ret) {
- int16_t dummy = n_key_data;
-
- kadm5_free_key_data (context, &dummy, key_data);
- free (key_data);
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_chpass_principal_with_key(kadm_handle, princ,
- n_key_data, key_data);
- {
- int16_t dummy = n_key_data;
- kadm5_free_key_data (context, &dummy, key_data);
- }
- free (key_data);
- krb5_free_principal(context->context, princ);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- break;
- }
- case kadm_randkey:{
- op = "RANDKEY";
- ret = krb5_ret_principal(sp, &princ);
- if(ret)
- goto fail;
- krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
- krb5_warnx(context->context, "%s: %s %s", client, op, name);
- /*
- * The change is allowed if at least one of:
- * a) it's for the principal him/herself and this was an initial ticket
- * b) the user is on the CPW ACL.
- */
-
- if (initial
- && krb5_principal_compare (context->context, context->caller,
- princ))
- ret = 0;
- else
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
- if(ret) {
- krb5_free_principal(context->context, princ);
- goto fail;
- }
- ret = kadm5_randkey_principal(kadm_handle, princ,
- &new_keys, &n_keys);
- krb5_free_principal(context->context, princ);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- if(ret == 0){
- int i;
- krb5_store_int32(sp, n_keys);
- for(i = 0; i < n_keys; i++){
- krb5_store_keyblock(sp, new_keys[i]);
- krb5_free_keyblock_contents(context->context, &new_keys[i]);
- }
- }
- break;
- }
- case kadm_get_privs:{
- ret = kadm5_get_privs(kadm_handle, &mask);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- if(ret == 0)
- krb5_store_int32(sp, mask);
- break;
- }
- case kadm_get_princs:{
- op = "LIST";
- ret = krb5_ret_int32(sp, &tmp);
- if(ret)
- goto fail;
- if(tmp){
- ret = krb5_ret_string(sp, &exp);
- if(ret)
- goto fail;
- }else
- exp = NULL;
- krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*");
- ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL);
- if(ret){
- free(exp);
- goto fail;
- }
- ret = kadm5_get_principals(kadm_handle, exp, &princs, &n_princs);
- free(exp);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, ret);
- if(ret == 0){
- int i;
- krb5_store_int32(sp, n_princs);
- for(i = 0; i < n_princs; i++)
- krb5_store_string(sp, princs[i]);
- kadm5_free_name_list(kadm_handle, princs, &n_princs);
- }
- break;
- }
- default:
- krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
- krb5_storage_free(sp);
- sp = krb5_storage_emem();
- krb5_store_int32(sp, KADM5_FAILURE);
- break;
- }
- krb5_storage_to_data(sp, out);
- krb5_storage_free(sp);
- return 0;
-fail:
- krb5_warn(context->context, ret, "%s", op);
- krb5_storage_seek(sp, 0, SEEK_SET);
- krb5_store_int32(sp, ret);
- krb5_storage_to_data(sp, out);
- krb5_storage_free(sp);
- return 0;
-}
-
-static void
-v5_loop (krb5_context context,
- krb5_auth_context ac,
- krb5_boolean initial,
- void *kadm_handle,
- int fd)
-{
- krb5_error_code ret;
- krb5_data in, out;
-
- for (;;) {
- doing_useful_work = 0;
- if(term_flag)
- exit(0);
- ret = krb5_read_priv_message(context, ac, &fd, &in);
- if(ret == HEIM_ERR_EOF)
- exit(0);
- if(ret)
- krb5_err(context, 1, ret, "krb5_read_priv_message");
- doing_useful_work = 1;
- kadmind_dispatch(kadm_handle, initial, &in, &out);
- krb5_data_free(&in);
- ret = krb5_write_priv_message(context, ac, &fd, &out);
- if(ret)
- krb5_err(context, 1, ret, "krb5_write_priv_message");
- }
-}
-
-static krb5_boolean
-match_appl_version(const void *data, const char *appl_version)
-{
- unsigned minor;
- if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
- return 0;
- *(unsigned*)data = minor;
- return 1;
-}
-
-static void
-handle_v5(krb5_context context,
- krb5_auth_context ac,
- krb5_keytab keytab,
- int len,
- int fd)
-{
- krb5_error_code ret;
- u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
- krb5_ticket *ticket;
- char *server_name;
- char *client;
- void *kadm_handle;
- ssize_t n;
- krb5_boolean initial;
-
- unsigned kadm_version;
- kadm5_config_params realm_params;
-
- if (len != sizeof(KRB5_SENDAUTH_VERSION))
- krb5_errx(context, 1, "bad sendauth len %d", len);
- n = krb5_net_read(context, &fd, version, len);
- if (n < 0)
- krb5_err (context, 1, errno, "reading sendauth version");
- if (n == 0)
- krb5_errx (context, 1, "EOF reading sendauth version");
- if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
- krb5_errx(context, 1, "bad sendauth version %.8s", version);
-
- ret = krb5_recvauth_match_version(context, &ac, &fd,
- match_appl_version, &kadm_version,
- NULL, KRB5_RECVAUTH_IGNORE_VERSION,
- keytab, &ticket);
- if(ret == KRB5_KT_NOTFOUND)
- krb5_errx(context, 1, "krb5_recvauth: key not found");
- if(ret)
- krb5_err(context, 1, ret, "krb5_recvauth");
-
- ret = krb5_unparse_name (context, ticket->server, &server_name);
- if (ret)
- krb5_err (context, 1, ret, "krb5_unparse_name");
-
- if (strncmp (server_name, KADM5_ADMIN_SERVICE,
- strlen(KADM5_ADMIN_SERVICE)) != 0)
- krb5_errx (context, 1, "ticket for strange principal (%s)",
- server_name);
-
- free (server_name);
-
- memset(&realm_params, 0, sizeof(realm_params));
-
- if(kadm_version == 1) {
- krb5_data params;
- ret = krb5_read_priv_message(context, ac, &fd, &params);
- if(ret)
- krb5_err(context, 1, ret, "krb5_read_priv_message");
- _kadm5_unmarshal_params(context, &params, &realm_params);
- }
-
- initial = ticket->ticket.flags.initial;
- ret = krb5_unparse_name(context, ticket->client, &client);
- if (ret)
- krb5_err (context, 1, ret, "krb5_unparse_name");
- krb5_free_ticket (context, ticket);
- ret = kadm5_init_with_password_ctx(context,
- client,
- NULL,
- KADM5_ADMIN_SERVICE,
- &realm_params,
- 0, 0,
- &kadm_handle);
- if(ret)
- krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
- v5_loop (context, ac, initial, kadm_handle, fd);
-}
-
-extern int do_kerberos4;
-
-krb5_error_code
-kadmind_loop(krb5_context context,
- krb5_auth_context ac,
- krb5_keytab keytab,
- int fd)
-{
- unsigned char tmp[4];
- ssize_t n;
- unsigned long len;
-
- n = krb5_net_read(context, &fd, tmp, 4);
- if(n == 0)
- exit(0);
- if(n < 0)
- krb5_err(context, 1, errno, "read");
- _krb5_get_int(tmp, &len, 4);
- if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
- len >>= 16;
-#ifdef KRB4
- if(do_kerberos4)
- handle_v4(context, keytab, len, fd);
- else
- krb5_errx(context, 1, "version 4 kadmin is disabled");
-#else
- krb5_errx(context, 1, "packet appears to be version 4");
-#endif
- } else {
- handle_v5(context, ac, keytab, len, fd);
- }
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c
deleted file mode 100644
index f1b976453b6c..000000000000
--- a/crypto/heimdal/kadmin/util.c
+++ /dev/null
@@ -1,640 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadmin_locl.h"
-#include <parse_units.h>
-
-RCSID("$Id: util.c,v 1.37 2002/06/07 18:28:46 joda Exp $");
-
-/*
- * util.c - functions for parsing, unparsing, and editing different
- * types of data used in kadmin.
- */
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len);
-
-/*
- * attributes
- */
-
-struct units kdb_attrs[] = {
- { "new-princ", KRB5_KDB_NEW_PRINC },
- { "support-desmd5", KRB5_KDB_SUPPORT_DESMD5 },
- { "pwchange-service", KRB5_KDB_PWCHANGE_SERVICE },
- { "disallow-svr", KRB5_KDB_DISALLOW_SVR },
- { "requires-pw-change", KRB5_KDB_REQUIRES_PWCHANGE },
- { "requires-hw-auth", KRB5_KDB_REQUIRES_HW_AUTH },
- { "requires-pre-auth", KRB5_KDB_REQUIRES_PRE_AUTH },
- { "disallow-all-tix", KRB5_KDB_DISALLOW_ALL_TIX },
- { "disallow-dup-skey", KRB5_KDB_DISALLOW_DUP_SKEY },
- { "disallow-proxiable", KRB5_KDB_DISALLOW_PROXIABLE },
- { "disallow-renewable", KRB5_KDB_DISALLOW_RENEWABLE },
- { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED },
- { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE },
- { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED },
- { NULL }
-};
-
-/*
- * convert the attributes in `attributes' into a printable string
- * in `str, len'
- */
-
-void
-attributes2str(krb5_flags attributes, char *str, size_t len)
-{
- unparse_flags (attributes, kdb_attrs, str, len);
-}
-
-/*
- * convert the string in `str' into attributes in `flags'
- * return 0 if parsed ok, else -1.
- */
-
-int
-str2attributes(const char *str, krb5_flags *flags)
-{
- int res;
-
- res = parse_flags (str, kdb_attrs, *flags);
- if (res < 0)
- return res;
- else {
- *flags = res;
- return 0;
- }
-}
-
-/*
- * try to parse the string `resp' into attributes in `attr', also
- * setting the `bit' in `mask' if attributes are given and valid.
- */
-
-int
-parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit)
-{
- krb5_flags tmp = *attr;
-
- if (str2attributes(resp, &tmp) == 0) {
- *attr = tmp;
- if (mask)
- *mask |= bit;
- return 0;
- } else if(*resp == '?') {
- print_flags_table (kdb_attrs, stderr);
- } else {
- fprintf (stderr, "Unable to parse '%s'\n", resp);
- }
- return -1;
-}
-
-/*
- * allow the user to edit the attributes in `attr', prompting with `prompt'
- */
-
-int
-edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
-{
- char buf[1024], resp[1024];
-
- if (mask && (*mask & bit))
- return 0;
-
- attributes2str(*attr, buf, sizeof(buf));
- for (;;) {
- if(get_response("Attributes", buf, resp, sizeof(resp)) != 0)
- return 1;
- if (resp[0] == '\0')
- break;
- if (parse_attributes (resp, attr, mask, bit) == 0)
- break;
- }
- return 0;
-}
-
-/*
- * time_t
- * the special value 0 means ``never''
- */
-
-/*
- * Convert the time `t' to a string representation in `str' (of max
- * size `len'). If include_time also include time, otherwise just
- * date.
- */
-
-void
-time_t2str(time_t t, char *str, size_t len, int include_time)
-{
- if(t) {
- if(include_time)
- strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
- else
- strftime(str, len, "%Y-%m-%d", gmtime(&t));
- } else
- snprintf(str, len, "never");
-}
-
-/*
- * Convert the time representation in `str' to a time in `time'.
- * Return 0 if succesful, else -1.
- */
-
-int
-str2time_t (const char *str, time_t *t)
-{
- const char *p;
- struct tm tm, tm2;
-
- memset (&tm, 0, sizeof (tm));
-
- if(strcasecmp(str, "never") == 0) {
- *t = 0;
- return 0;
- }
-
- if(strcasecmp(str, "now") == 0) {
- *t = time(NULL);
- return 0;
- }
-
- p = strptime (str, "%Y-%m-%d", &tm);
-
- if (p == NULL)
- return -1;
-
- /* Do it on the end of the day */
- tm2.tm_hour = 23;
- tm2.tm_min = 59;
- tm2.tm_sec = 59;
-
- if(strptime (p, "%H:%M:%S", &tm2) != NULL) {
- tm.tm_hour = tm2.tm_hour;
- tm.tm_min = tm2.tm_min;
- tm.tm_sec = tm2.tm_sec;
- }
-
- *t = tm2time (tm, 0);
- return 0;
-}
-
-/*
- * try to parse the time in `resp' storing it in `value'
- */
-
-int
-parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit)
-{
- time_t tmp;
-
- if (str2time_t(resp, &tmp) == 0) {
- *value = tmp;
- if(mask)
- *mask |= bit;
- return 0;
- } else if(*resp == '?') {
- printf ("Print date on format YYYY-mm-dd [hh:mm:ss]\n");
- } else {
- fprintf (stderr, "Unable to parse time '%s'\n", resp);
- }
- return -1;
-}
-
-/*
- * allow the user to edit the time in `value'
- */
-
-int
-edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit)
-{
- char buf[1024], resp[1024];
-
- if (mask && (*mask & bit))
- return 0;
-
- time_t2str (*value, buf, sizeof (buf), 0);
-
- for (;;) {
- if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
- return 1;
- if (parse_timet (resp, value, mask, bit) == 0)
- break;
- }
- return 0;
-}
-
-/*
- * deltat
- * the special value 0 means ``unlimited''
- */
-
-/*
- * convert the delta_t value in `t' into a printable form in `str, len'
- */
-
-void
-deltat2str(unsigned t, char *str, size_t len)
-{
- if(t == 0 || t == INT_MAX)
- snprintf(str, len, "unlimited");
- else
- unparse_time(t, str, len);
-}
-
-/*
- * parse the delta value in `str', storing result in `*delta'
- * return 0 if ok, else -1
- */
-
-int
-str2deltat(const char *str, krb5_deltat *delta)
-{
- int res;
-
- if(strcasecmp(str, "unlimited") == 0) {
- *delta = 0;
- return 0;
- }
- res = parse_time(str, "day");
- if (res < 0)
- return res;
- else {
- *delta = res;
- return 0;
- }
-}
-
-/*
- * try to parse the string in `resp' into a deltad in `value'
- * `mask' will get the bit `bit' set if a value was given.
- */
-
-int
-parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit)
-{
- krb5_deltat tmp;
-
- if (str2deltat(resp, &tmp) == 0) {
- *value = tmp;
- if (mask)
- *mask |= bit;
- return 0;
- } else if(*resp == '?') {
- print_time_table (stderr);
- } else {
- fprintf (stderr, "Unable to parse time '%s'\n", resp);
- }
- return -1;
-}
-
-/*
- * allow the user to edit the deltat in `value'
- */
-
-int
-edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit)
-{
- char buf[1024], resp[1024];
-
- if (mask && (*mask & bit))
- return 0;
-
- deltat2str(*value, buf, sizeof(buf));
- for (;;) {
- if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
- return 1;
- if (parse_deltat (resp, value, mask, bit) == 0)
- break;
- }
- return 0;
-}
-
-/*
- * allow the user to edit `ent'
- */
-
-void
-set_defaults(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask)
-{
- if (default_ent
- && (default_mask & KADM5_MAX_LIFE)
- && !(*mask & KADM5_MAX_LIFE))
- ent->max_life = default_ent->max_life;
-
- if (default_ent
- && (default_mask & KADM5_MAX_RLIFE)
- && !(*mask & KADM5_MAX_RLIFE))
- ent->max_renewable_life = default_ent->max_renewable_life;
-
- if (default_ent
- && (default_mask & KADM5_PRINC_EXPIRE_TIME)
- && !(*mask & KADM5_PRINC_EXPIRE_TIME))
- ent->princ_expire_time = default_ent->princ_expire_time;
-
- if (default_ent
- && (default_mask & KADM5_PW_EXPIRATION)
- && !(*mask & KADM5_PW_EXPIRATION))
- ent->pw_expiration = default_ent->pw_expiration;
-
- if (default_ent
- && (default_mask & KADM5_ATTRIBUTES)
- && !(*mask & KADM5_ATTRIBUTES))
- ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
-}
-
-int
-edit_entry(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask)
-{
-
- set_defaults(ent, mask, default_ent, default_mask);
-
- if(edit_deltat ("Max ticket life", &ent->max_life, mask,
- KADM5_MAX_LIFE) != 0)
- return 1;
-
- if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask,
- KADM5_MAX_RLIFE) != 0)
- return 1;
-
- if(edit_timet ("Principal expiration time", &ent->princ_expire_time, mask,
- KADM5_PRINC_EXPIRE_TIME) != 0)
- return 1;
-
- if(edit_timet ("Password expiration time", &ent->pw_expiration, mask,
- KADM5_PW_EXPIRATION) != 0)
- return 1;
-
- if(edit_attributes ("Attributes", &ent->attributes, mask,
- KADM5_ATTRIBUTES) != 0)
- return 1;
-
- return 0;
-}
-
-/*
- * Parse the arguments, set the fields in `ent' and the `mask' for the
- * entries having been set.
- * Return 1 on failure and 0 on success.
- */
-
-int
-set_entry(krb5_context context,
- kadm5_principal_ent_t ent,
- int *mask,
- const char *max_ticket_life,
- const char *max_renewable_life,
- const char *expiration,
- const char *pw_expiration,
- const char *attributes)
-{
- if (max_ticket_life != NULL) {
- if (parse_deltat (max_ticket_life, &ent->max_life,
- mask, KADM5_MAX_LIFE)) {
- krb5_warnx (context, "unable to parse `%s'", max_ticket_life);
- return 1;
- }
- }
- if (max_renewable_life != NULL) {
- if (parse_deltat (max_renewable_life, &ent->max_renewable_life,
- mask, KADM5_MAX_RLIFE)) {
- krb5_warnx (context, "unable to parse `%s'", max_renewable_life);
- return 1;
- }
- }
-
- if (expiration) {
- if (parse_timet (expiration, &ent->princ_expire_time,
- mask, KADM5_PRINC_EXPIRE_TIME)) {
- krb5_warnx (context, "unable to parse `%s'", expiration);
- return 1;
- }
- }
- if (pw_expiration) {
- if (parse_timet (pw_expiration, &ent->pw_expiration,
- mask, KADM5_PW_EXPIRATION)) {
- krb5_warnx (context, "unable to parse `%s'", pw_expiration);
- return 1;
- }
- }
- if (attributes != NULL) {
- if (parse_attributes (attributes, &ent->attributes,
- mask, KADM5_ATTRIBUTES)) {
- krb5_warnx (context, "unable to parse `%s'", attributes);
- return 1;
- }
- }
- return 0;
-}
-
-/*
- * Does `string' contain any globing characters?
- */
-
-static int
-is_expression(const char *string)
-{
- const char *p;
- int quote = 0;
-
- for(p = string; *p; p++) {
- if(quote) {
- quote = 0;
- continue;
- }
- if(*p == '\\')
- quote++;
- else if(strchr("[]*?", *p) != NULL)
- return 1;
- }
- return 0;
-}
-
-/* loop over all principals matching exp */
-int
-foreach_principal(const char *exp,
- int (*func)(krb5_principal, void*),
- const char *funcname,
- void *data)
-{
- char **princs;
- int num_princs;
- int i;
- krb5_error_code ret;
- krb5_principal princ_ent;
- int is_expr;
-
- /* if this isn't an expression, there is no point in wading
- through the whole database looking for matches */
- is_expr = is_expression(exp);
- if(is_expr)
- ret = kadm5_get_principals(kadm_handle, exp, &princs, &num_princs);
- if(!is_expr || ret == KADM5_AUTH_LIST) {
- /* we might be able to perform the requested opreration even
- if we're not allowed to list principals */
- num_princs = 1;
- princs = malloc(sizeof(*princs));
- if(princs == NULL)
- return ENOMEM;
- princs[0] = strdup(exp);
- if(princs[0] == NULL){
- free(princs);
- return ENOMEM;
- }
- } else if(ret) {
- krb5_warn(context, ret, "kadm5_get_principals");
- return ret;
- }
- for(i = 0; i < num_princs; i++) {
- ret = krb5_parse_name(context, princs[i], &princ_ent);
- if(ret){
- krb5_warn(context, ret, "krb5_parse_name(%s)", princs[i]);
- continue;
- }
- ret = (*func)(princ_ent, data);
- if(ret)
- krb5_warn(context, ret, "%s %s", funcname, princs[i]);
- krb5_free_principal(context, princ_ent);
- }
- kadm5_free_name_list(kadm_handle, princs, &num_princs);
- return 0;
-}
-
-/*
- * prompt with `prompt' and default value `def', and store the reply
- * in `buf, len'
- */
-
-#include <setjmp.h>
-
-static jmp_buf jmpbuf;
-
-static void
-interrupt(int sig)
-{
- longjmp(jmpbuf, 1);
-}
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len)
-{
- char *p;
- void (*osig)(int);
-
- osig = signal(SIGINT, interrupt);
- if(setjmp(jmpbuf)) {
- signal(SIGINT, osig);
- return 1;
- }
-
- printf("%s [%s]:", prompt, def);
- if(fgets(buf, len, stdin) == NULL) {
- int save_errno = errno;
- if(ferror(stdin))
- krb5_err(context, 1, save_errno, "<stdin>");
- signal(SIGINT, osig);
- return 1;
- }
- p = strchr(buf, '\n');
- if(p)
- *p = '\0';
- if(strcmp(buf, "") == 0)
- strlcpy(buf, def, len);
- signal(SIGINT, osig);
- return 0;
-}
-
-/*
- * return [0, 16) or -1
- */
-
-static int
-hex2n (char c)
-{
- static char hexdigits[] = "0123456789abcdef";
- const char *p;
-
- p = strchr (hexdigits, tolower((int)c));
- if (p == NULL)
- return -1;
- else
- return p - hexdigits;
-}
-
-/*
- * convert a key in a readable format into a keyblock.
- * return 0 iff succesful, otherwise `err' should point to an error message
- */
-
-int
-parse_des_key (const char *key_string, krb5_key_data *key_data,
- const char **err)
-{
- const char *p = key_string;
- unsigned char bits[8];
- int i;
-
- if (strlen (key_string) != 16) {
- *err = "bad length, should be 16 for DES key";
- return 1;
- }
- for (i = 0; i < 8; ++i) {
- int d1, d2;
-
- d1 = hex2n(p[2 * i]);
- d2 = hex2n(p[2 * i + 1]);
- if (d1 < 0 || d2 < 0) {
- *err = "non-hex character";
- return 1;
- }
- bits[i] = (d1 << 4) | d2;
- }
- for (i = 0; i < 3; ++i) {
- key_data[i].key_data_ver = 2;
- key_data[i].key_data_kvno = 0;
- /* key */
- key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
- key_data[i].key_data_length[0] = 8;
- key_data[i].key_data_contents[0] = malloc(8);
- memcpy (key_data[i].key_data_contents[0], bits, 8);
- /* salt */
- key_data[i].key_data_type[1] = KRB5_PW_SALT;
- key_data[i].key_data_length[1] = 0;
- key_data[i].key_data_contents[1] = NULL;
- }
- key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
- key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
- return 0;
-}
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
deleted file mode 100644
index 466ec3a4f852..000000000000
--- a/crypto/heimdal/kadmin/version4.c
+++ /dev/null
@@ -1,1013 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- * used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-#define Principal krb4_Principal
-#define kadm_get krb4_kadm_get
-#undef ALLOC
-#include <krb.h>
-#include <kadm.h>
-#include <krb_err.h>
-#include <kadm_err.h>
-
-RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $");
-
-#define KADM_NO_OPCODE -1
-#define KADM_NO_ENCRYPT -2
-
-/*
- * make an error packet if we fail encrypting
- */
-
-static void
-make_you_loose_packet(int code, krb5_data *reply)
-{
- krb5_data_alloc(reply, KADM_VERSIZE + 4);
- memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
- _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4);
-}
-
-static int
-ret_fields(krb5_storage *sp, char *fields)
-{
- return krb5_storage_read(sp, fields, FLDSZ);
-}
-
-static int
-store_fields(krb5_storage *sp, char *fields)
-{
- return krb5_storage_write(sp, fields, FLDSZ);
-}
-
-static void
-ret_vals(krb5_storage *sp, Kadm_vals *vals)
-{
- int field;
- char *tmp_string;
-
- memset(vals, 0, sizeof(*vals));
-
- ret_fields(sp, vals->fields);
-
- for(field = 31; field >= 0; field--) {
- if(IS_FIELD(field, vals->fields)) {
- switch(field) {
- case KADM_NAME:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->name, tmp_string, sizeof(vals->name));
- free(tmp_string);
- break;
- case KADM_INST:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->instance, tmp_string,
- sizeof(vals->instance));
- free(tmp_string);
- break;
- case KADM_EXPDATE:
- krb5_ret_int32(sp, &vals->exp_date);
- break;
- case KADM_ATTR:
- krb5_ret_int16(sp, &vals->attributes);
- break;
- case KADM_MAXLIFE:
- krb5_ret_int8(sp, &vals->max_life);
- break;
- case KADM_DESKEY:
- krb5_ret_int32(sp, &vals->key_high);
- krb5_ret_int32(sp, &vals->key_low);
- break;
-#ifdef EXTENDED_KADM
- case KADM_MODDATE:
- krb5_ret_int32(sp, &vals->mod_date);
- break;
- case KADM_MODNAME:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->mod_name, tmp_string,
- sizeof(vals->mod_name));
- free(tmp_string);
- break;
- case KADM_MODINST:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->mod_instance, tmp_string,
- sizeof(vals->mod_instance));
- free(tmp_string);
- break;
- case KADM_KVNO:
- krb5_ret_int8(sp, &vals->key_version);
- break;
-#endif
- default:
- break;
- }
- }
- }
-}
-
-static void
-store_vals(krb5_storage *sp, Kadm_vals *vals)
-{
- int field;
-
- store_fields(sp, vals->fields);
-
- for(field = 31; field >= 0; field--) {
- if(IS_FIELD(field, vals->fields)) {
- switch(field) {
- case KADM_NAME:
- krb5_store_stringz(sp, vals->name);
- break;
- case KADM_INST:
- krb5_store_stringz(sp, vals->instance);
- break;
- case KADM_EXPDATE:
- krb5_store_int32(sp, vals->exp_date);
- break;
- case KADM_ATTR:
- krb5_store_int16(sp, vals->attributes);
- break;
- case KADM_MAXLIFE:
- krb5_store_int8(sp, vals->max_life);
- break;
- case KADM_DESKEY:
- krb5_store_int32(sp, vals->key_high);
- krb5_store_int32(sp, vals->key_low);
- break;
-#ifdef EXTENDED_KADM
- case KADM_MODDATE:
- krb5_store_int32(sp, vals->mod_date);
- break;
- case KADM_MODNAME:
- krb5_store_stringz(sp, vals->mod_name);
- break;
- case KADM_MODINST:
- krb5_store_stringz(sp, vals->mod_instance);
- break;
- case KADM_KVNO:
- krb5_store_int8(sp, vals->key_version);
- break;
-#endif
- default:
- break;
- }
- }
- }
-}
-
-static int
-flags_4_to_5(char *flags)
-{
- int i;
- int32_t mask = 0;
- for(i = 31; i >= 0; i--) {
- if(IS_FIELD(i, flags))
- switch(i) {
- case KADM_NAME:
- case KADM_INST:
- mask |= KADM5_PRINCIPAL;
- case KADM_EXPDATE:
- mask |= KADM5_PRINC_EXPIRE_TIME;
- case KADM_MAXLIFE:
- mask |= KADM5_MAX_LIFE;
-#ifdef EXTENDED_KADM
- case KADM_KVNO:
- mask |= KADM5_KEY_DATA;
- case KADM_MODDATE:
- mask |= KADM5_MOD_TIME;
- case KADM_MODNAME:
- case KADM_MODINST:
- mask |= KADM5_MOD_NAME;
-#endif
- }
- }
- return mask;
-}
-
-static void
-ent_to_values(krb5_context context,
- kadm5_principal_ent_t ent,
- int32_t mask,
- Kadm_vals *vals)
-{
- krb5_error_code ret;
- char realm[REALM_SZ];
- time_t exp = 0;
-
- memset(vals, 0, sizeof(*vals));
- if(mask & KADM5_PRINCIPAL) {
- ret = krb5_524_conv_principal(context, ent->principal,
- vals->name, vals->instance, realm);
- SET_FIELD(KADM_NAME, vals->fields);
- SET_FIELD(KADM_INST, vals->fields);
- }
- if(mask & KADM5_PRINC_EXPIRE_TIME) {
- if(ent->princ_expire_time != 0)
- exp = ent->princ_expire_time;
- }
- if(mask & KADM5_PW_EXPIRATION) {
- if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration))
- exp = ent->pw_expiration;
- }
- if(exp) {
- vals->exp_date = exp;
- SET_FIELD(KADM_EXPDATE, vals->fields);
- }
- if(mask & KADM5_MAX_LIFE) {
- if(ent->max_life == 0)
- vals->max_life = 255;
- else
- vals->max_life = krb_time_to_life(0, ent->max_life);
- SET_FIELD(KADM_MAXLIFE, vals->fields);
- }
- if(mask & KADM5_KEY_DATA) {
- if(ent->n_key_data > 0) {
-#ifdef EXTENDED_KADM
- vals->key_version = ent->key_data[0].key_data_kvno;
- SET_FIELD(KADM_KVNO, vals->fields);
-#endif
- }
- /* XXX the key itself? */
- }
-#ifdef EXTENDED_KADM
- if(mask & KADM5_MOD_TIME) {
- vals->mod_date = ent->mod_date;
- SET_FIELD(KADM_MODDATE, vals->fields);
- }
- if(mask & KADM5_MOD_NAME) {
- krb5_524_conv_principal(context, ent->mod_name,
- vals->mod_name, vals->mod_instance, realm);
- SET_FIELD(KADM_MODNAME, vals->fields);
- SET_FIELD(KADM_MODINST, vals->fields);
- }
-#endif
-}
-
-/*
- * convert the kadm4 values in `vals' to `ent' (and `mask')
- */
-
-static krb5_error_code
-values_to_ent(krb5_context context,
- Kadm_vals *vals,
- kadm5_principal_ent_t ent,
- int32_t *mask)
-{
- krb5_error_code ret;
- *mask = 0;
- memset(ent, 0, sizeof(*ent));
-
- if(IS_FIELD(KADM_NAME, vals->fields)) {
- char *inst = NULL;
- if(IS_FIELD(KADM_INST, vals->fields))
- inst = vals->instance;
- ret = krb5_425_conv_principal(context,
- vals->name,
- inst,
- NULL,
- &ent->principal);
- if(ret)
- return ret;
- *mask |= KADM5_PRINCIPAL;
- }
- if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
- ent->princ_expire_time = vals->exp_date;
- *mask |= KADM5_PRINC_EXPIRE_TIME;
- }
- if(IS_FIELD(KADM_MAXLIFE, vals->fields)) {
- ent->max_life = krb_life_to_time(0, vals->max_life);
- *mask |= KADM5_MAX_LIFE;
- }
-
- if(IS_FIELD(KADM_DESKEY, vals->fields)) {
- int i;
- ent->key_data = calloc(3, sizeof(*ent->key_data));
- if(ent->key_data == NULL)
- return ENOMEM;
- for(i = 0; i < 3; i++) {
- u_int32_t key_low, key_high;
-
- ent->key_data[i].key_data_ver = 2;
-#ifdef EXTENDED_KADM
- if(IS_FIELD(KADM_KVNO, vals->fields))
- ent->key_data[i].key_data_kvno = vals->key_version;
-#endif
- ent->key_data[i].key_data_type[0] = ETYPE_DES_CBC_MD5;
- ent->key_data[i].key_data_length[0] = 8;
- if((ent->key_data[i].key_data_contents[0] = malloc(8)) == NULL)
- return ENOMEM;
-
- key_low = ntohl(vals->key_low);
- key_high = ntohl(vals->key_high);
- memcpy(ent->key_data[i].key_data_contents[0],
- &key_low, 4);
- memcpy((char*)ent->key_data[i].key_data_contents[0] + 4,
- &key_high, 4);
- ent->key_data[i].key_data_type[1] = KRB5_PW_SALT;
- ent->key_data[i].key_data_length[1] = 0;
- ent->key_data[i].key_data_contents[1] = NULL;
- }
- ent->key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
- ent->key_data[2].key_data_type[0] = ETYPE_DES_CBC_CRC;
- ent->n_key_data = 3;
- *mask |= KADM5_KEY_DATA;
- }
-
-#ifdef EXTENDED_KADM
- if(IS_FIELD(KADM_MODDATE, vals->fields)) {
- ent->mod_date = vals->mod_date;
- *mask |= KADM5_MOD_TIME;
- }
- if(IS_FIELD(KADM_MODNAME, vals->fields)) {
- char *inst = NULL;
- if(IS_FIELD(KADM_MODINST, vals->fields))
- inst = vals->mod_instance;
- ret = krb5_425_conv_principal(context,
- vals->mod_name,
- inst,
- NULL,
- &ent->mod_name);
- if(ret)
- return ret;
- *mask |= KADM5_MOD_NAME;
- }
-#endif
- return 0;
-}
-
-/*
- * Try to translate a KADM5 error code into a v4 kadmin one.
- */
-
-static int
-error_code(int ret)
-{
- switch (ret) {
- case 0:
- return 0;
- case KADM5_FAILURE :
- case KADM5_AUTH_GET :
- case KADM5_AUTH_ADD :
- case KADM5_AUTH_MODIFY :
- case KADM5_AUTH_DELETE :
- case KADM5_AUTH_INSUFFICIENT :
- return KADM_UNAUTH;
- case KADM5_BAD_DB :
- return KADM_UK_RERROR;
- case KADM5_DUP :
- return KADM_INUSE;
- case KADM5_RPC_ERROR :
- case KADM5_NO_SRV :
- return KADM_NO_SERV;
- case KADM5_NOT_INIT :
- return KADM_NO_CONN;
- case KADM5_UNK_PRINC :
- return KADM_NOENTRY;
- case KADM5_PASS_Q_TOOSHORT :
-#ifdef KADM_PASS_Q_TOOSHORT
- return KADM_PASS_Q_TOOSHORT;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_Q_CLASS :
-#ifdef KADM_PASS_Q_CLASS
- return KADM_PASS_Q_CLASS;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_Q_DICT :
-#ifdef KADM_PASS_Q_DICT
- return KADM_PASS_Q_DICT;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_REUSE :
- case KADM5_PASS_TOOSOON :
- case KADM5_BAD_PASSWORD :
- return KADM_INSECURE_PW;
- case KADM5_PROTECT_PRINCIPAL :
- return KADM_IMMUTABLE;
- case KADM5_POLICY_REF :
- case KADM5_INIT :
- case KADM5_BAD_HIST_KEY :
- case KADM5_UNK_POLICY :
- case KADM5_BAD_MASK :
- case KADM5_BAD_CLASS :
- case KADM5_BAD_LENGTH :
- case KADM5_BAD_POLICY :
- case KADM5_BAD_PRINCIPAL :
- case KADM5_BAD_AUX_ATTR :
- case KADM5_BAD_HISTORY :
- case KADM5_BAD_MIN_PASS_LIFE :
- case KADM5_BAD_SERVER_HANDLE :
- case KADM5_BAD_STRUCT_VERSION :
- case KADM5_OLD_STRUCT_VERSION :
- case KADM5_NEW_STRUCT_VERSION :
- case KADM5_BAD_API_VERSION :
- case KADM5_OLD_LIB_API_VERSION :
- case KADM5_OLD_SERVER_API_VERSION :
- case KADM5_NEW_LIB_API_VERSION :
- case KADM5_NEW_SERVER_API_VERSION :
- case KADM5_SECURE_PRINC_MISSING :
- case KADM5_NO_RENAME_SALT :
- case KADM5_BAD_CLIENT_PARAMS :
- case KADM5_BAD_SERVER_PARAMS :
- case KADM5_AUTH_LIST :
- case KADM5_AUTH_CHANGEPW :
- case KADM5_BAD_TL_TYPE :
- case KADM5_MISSING_CONF_PARAMS :
- case KADM5_BAD_SERVER_NAME :
- default :
- return KADM_UNAUTH; /* XXX */
- }
-}
-
-/*
- * server functions
- */
-
-static int
-kadm_ser_cpw(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- char key[8];
- char *password = NULL;
- krb5_error_code ret;
-
- krb5_warnx(context, "v4-compat %s: CHPASS %s",
- principal_string, principal_string);
-
- ret = krb5_storage_read(message, key + 4, 4);
- ret = krb5_storage_read(message, key, 4);
- ret = krb5_ret_stringz(message, &password);
-
- if(password) {
- krb5_data pwd_data;
- const char *tmp;
-
- pwd_data.data = password;
- pwd_data.length = strlen(password);
-
- tmp = kadm5_check_password_quality (context, principal, &pwd_data);
-
- if (tmp != NULL) {
- krb5_store_stringz (reply, (char *)tmp);
- ret = KADM5_PASS_Q_DICT;
- goto fail;
- }
- ret = kadm5_chpass_principal(kadm_handle, principal, password);
- } else {
- krb5_key_data key_data[3];
- int i;
- for(i = 0; i < 3; i++) {
- key_data[i].key_data_ver = 2;
- key_data[i].key_data_kvno = 0;
- /* key */
- key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
- key_data[i].key_data_length[0] = 8;
- key_data[i].key_data_contents[0] = malloc(8);
- memcpy(key_data[i].key_data_contents[0], &key, 8);
- /* salt */
- key_data[i].key_data_type[1] = KRB5_PW_SALT;
- key_data[i].key_data_length[1] = 0;
- key_data[i].key_data_contents[1] = NULL;
- }
- key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
- key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
- ret = kadm5_s_chpass_principal_with_key(kadm_handle,
- principal, 3, key_data);
- }
-
- if(ret != 0) {
- krb5_store_stringz(reply, (char*)krb5_get_err_text(context, ret));
- goto fail;
- }
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat CHPASS");
- return error_code(ret);
-}
-
-static int
-kadm_ser_add(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- int32_t mask;
- kadm5_principal_ent_rec ent, out;
- Kadm_vals values;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values);
-
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: ADD %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- goto fail;
- }
-
- mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE |
- KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME;
-
- kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- ent_to_values(context, &out, mask, &values);
- kadm5_free_principal_ent(kadm_handle, &ent);
- kadm5_free_principal_ent(kadm_handle, &out);
- store_vals(reply, &values);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat ADD");
- return error_code(ret);
-}
-
-static int
-kadm_ser_get(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- krb5_error_code ret;
- Kadm_vals values;
- kadm5_principal_ent_rec ent, out;
- int32_t mask;
- char flags[FLDSZ];
- char name[128];
-
- ret_vals(message, &values);
- /* XXX BRAIN DAMAGE! these flags are not stored in the same order
- as in the header */
- krb5_ret_int8(message, &flags[3]);
- krb5_ret_int8(message, &flags[2]);
- krb5_ret_int8(message, &flags[1]);
- krb5_ret_int8(message, &flags[0]);
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: GET %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET,
- ent.principal);
- if (ret)
- goto fail;
-
- mask = flags_4_to_5(flags);
-
- ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- kadm5_free_principal_ent(kadm_handle, &ent);
-
- if (ret)
- goto fail;
-
- ent_to_values(context, &out, mask, &values);
-
- kadm5_free_principal_ent(kadm_handle, &out);
-
- store_vals(reply, &values);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat GET");
- return error_code(ret);
-}
-
-static int
-kadm_ser_mod(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- Kadm_vals values1, values2;
- kadm5_principal_ent_rec ent, out;
- int32_t mask;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values1);
- /* why are the old values sent? is the mask the same in the old and
- the new entry? */
- ret_vals(message, &values2);
-
- ret = values_to_ent(context, &values2, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: MOD %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_s_modify_principal(kadm_handle, &ent, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- krb5_warn(context, ret, "kadm5_s_modify_principal");
- goto fail;
- }
-
- ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- krb5_warn(context, ret, "kadm5_s_modify_principal");
- goto fail;
- }
-
- ent_to_values(context, &out, mask, &values1);
-
- kadm5_free_principal_ent(kadm_handle, &ent);
- kadm5_free_principal_ent(kadm_handle, &out);
-
- store_vals(reply, &values1);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat MOD");
- return error_code(ret);
-}
-
-static int
-kadm_ser_del(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- Kadm_vals values;
- kadm5_principal_ent_rec ent;
- int32_t mask;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values);
-
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: DEL %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_delete_principal(kadm_handle, ent.principal);
-
- kadm5_free_principal_ent(kadm_handle, &ent);
-
- if (ret)
- goto fail;
-
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat ADD");
- return error_code(ret);
-}
-
-static int
-dispatch(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_data msg,
- krb5_data *reply)
-{
- int retval;
- int8_t command;
- krb5_storage *sp_in, *sp_out;
-
- sp_in = krb5_storage_from_data(&msg);
- krb5_ret_int8(sp_in, &command);
-
- sp_out = krb5_storage_emem();
- krb5_storage_write(sp_out, KADM_VERSTR, KADM_VERSIZE);
- krb5_store_int32(sp_out, 0);
-
- switch(command) {
- case CHANGE_PW:
- retval = kadm_ser_cpw(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case ADD_ENT:
- retval = kadm_ser_add(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case GET_ENT:
- retval = kadm_ser_get(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case MOD_ENT:
- retval = kadm_ser_mod(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case DEL_ENT:
- retval = kadm_ser_del(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- default:
- krb5_warnx(context, "v4-compat %s: unknown opcode: %d",
- principal_string, command);
- retval = KADM_NO_OPCODE;
- break;
- }
- krb5_storage_free(sp_in);
- if(retval) {
- krb5_storage_seek(sp_out, KADM_VERSIZE, SEEK_SET);
- krb5_store_int32(sp_out, retval);
- }
- krb5_storage_to_data(sp_out, reply);
- krb5_storage_free(sp_out);
- return retval;
-}
-
-/*
- * Decode a v4 kadmin packet in `message' and create a reply in `reply'
- */
-
-static void
-decode_packet(krb5_context context,
- krb5_keytab keytab,
- struct sockaddr_in *admin_addr,
- struct sockaddr_in *client_addr,
- krb5_data message,
- krb5_data *reply)
-{
- int ret;
- KTEXT_ST authent;
- AUTH_DAT ad;
- MSG_DAT msg_dat;
- off_t off = 0;
- unsigned long rlen;
- char sname[] = "changepw", sinst[] = "kerberos";
- unsigned long checksum;
- des_key_schedule schedule;
- char *msg = message.data;
- void *kadm_handle;
- krb5_principal client;
- char *client_str;
- krb5_keytab_entry entry;
-
- if(message.length < KADM_VERSIZE
- || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
- make_you_loose_packet (KADM_BAD_VER, reply);
- return;
- }
-
- off = KADM_VERSIZE;
- off += _krb5_get_int(msg + off, &rlen, 4);
- memset(&authent, 0, sizeof(authent));
- authent.length = message.length - rlen - KADM_VERSIZE - 4;
-
- if(authent.length >= MAX_KTXT_LEN) {
- krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
- make_you_loose_packet (KADM_LENGTH_ERROR, reply);
- return;
- }
-
- memcpy(authent.dat, (char*)msg + off, authent.length);
- off += authent.length;
-
- {
- krb5_principal principal;
- krb5_keyblock *key;
-
- ret = krb5_make_principal(context, &principal, NULL,
- "changepw", "kerberos", NULL);
- if (ret) {
- krb5_warn (context, ret, "krb5_make_principal");
- make_you_loose_packet (KADM_NOMEM, reply);
- return;
- }
- ret = krb5_kt_get_entry (context, keytab, principal, 0,
- ETYPE_DES_CBC_MD5, &entry);
- krb5_kt_close (context, keytab);
- if (ret) {
- krb5_free_principal(context, principal);
- make_you_loose_packet (KADM_NO_AUTH, reply);
- return;
- }
- ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
- krb5_kt_free_entry(context, &entry);
- krb5_free_principal(context, principal);
- if(ret) {
- if(ret == KRB5_KT_NOTFOUND)
- make_you_loose_packet(KADM_NO_AUTH, reply);
- else
- /* XXX */
- make_you_loose_packet(KADM_NO_AUTH, reply);
- krb5_warn(context, ret, "krb5_kt_read_service_key");
- return;
- }
-
- if(key->keyvalue.length != 8)
- krb5_abortx(context, "key has wrong length (%lu)",
- (unsigned long)key->keyvalue.length);
- krb_set_key(key->keyvalue.data, 0);
- krb5_free_keyblock(context, key);
- }
-
- ret = krb_rd_req(&authent, sname, sinst,
- client_addr->sin_addr.s_addr, &ad, NULL);
-
- if(ret) {
- make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply);
- krb5_warnx(context, "krb_rd_req: %d", ret);
- return;
- }
-
- ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm,
- &client);
- if (ret) {
- krb5_warnx (context, "krb5_425_conv_principal: %d", ret);
- make_you_loose_packet (KADM_NOMEM, reply);
- return;
- }
-
- krb5_unparse_name(context, client, &client_str);
-
- ret = kadm5_init_with_password_ctx(context,
- client_str,
- NULL,
- KADM5_ADMIN_SERVICE,
- NULL, 0, 0,
- &kadm_handle);
- if (ret) {
- krb5_warn (context, ret, "kadm5_init_with_password_ctx");
- make_you_loose_packet (KADM_NOMEM, reply);
- goto out;
- }
-
- checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session);
- if(checksum != ad.checksum) {
- krb5_warnx(context, "decode_packet: bad checksum");
- make_you_loose_packet (KADM_BAD_CHK, reply);
- goto out;
- }
- des_set_key(&ad.session, schedule);
- ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
- client_addr, admin_addr, &msg_dat);
- if (ret) {
- make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply);
- krb5_warnx(context, "krb_rd_priv: %d", ret);
- goto out;
- }
-
- {
- krb5_data d, r;
- int retval;
-
- d.data = msg_dat.app_data;
- d.length = msg_dat.app_length;
-
- retval = dispatch(context, kadm_handle,
- client, client_str, d, &r);
- krb5_data_alloc(reply, r.length + 26);
- reply->length = krb_mk_priv(r.data, reply->data, r.length,
- schedule, &ad.session,
- admin_addr, client_addr);
- if((ssize_t)reply->length < 0) {
- make_you_loose_packet(KADM_NO_ENCRYPT, reply);
- goto out;
- }
- }
-out:
- krb5_free_principal(context, client);
- free(client_str);
-}
-
-void
-handle_v4(krb5_context context,
- krb5_keytab keytab,
- int len,
- int fd)
-{
- int first = 1;
- struct sockaddr_in admin_addr, client_addr;
- socklen_t addr_len;
- krb5_data message, reply;
- ssize_t n;
-
- addr_len = sizeof(client_addr);
- if (getsockname(fd, (struct sockaddr*)&admin_addr, &addr_len) < 0)
- krb5_errx (context, 1, "getsockname");
- addr_len = sizeof(client_addr);
- if (getpeername(fd, (struct sockaddr*)&client_addr, &addr_len) < 0)
- krb5_errx (context, 1, "getpeername");
-
- while(1) {
- doing_useful_work = 0;
- if(term_flag)
- exit(0);
- if(first) {
- /* first time around, we have already read len, and two
- bytes of the version string */
- krb5_data_alloc(&message, len);
- memcpy(message.data, "KA", 2);
- n = krb5_net_read(context, &fd, (char*)message.data + 2,
- len - 2);
- if (n == 0)
- exit (0);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- first = 0;
- } else {
- char buf[2];
- unsigned long tmp;
- ssize_t n;
-
- n = krb5_net_read(context, &fd, buf, sizeof(2));
- if (n == 0)
- exit (0);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- _krb5_get_int(buf, &tmp, 2);
- krb5_data_alloc(&message, tmp);
- n = krb5_net_read(context, &fd, message.data, message.length);
- if (n == 0)
- krb5_errx (context, 1, "EOF in krb5_net_read");
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- }
- doing_useful_work = 1;
- decode_packet(context, keytab, &admin_addr, &client_addr,
- message, &reply);
- krb5_data_free(&message);
- {
- char buf[2];
-
- _krb5_put_int(buf, reply.length, sizeof(buf));
- n = krb5_net_write(context, &fd, buf, sizeof(buf));
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_write");
- n = krb5_net_write(context, &fd, reply.data, reply.length);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_write");
- krb5_data_free(&reply);
- }
- }
-}
generated by cgit v1.3 (git 2.53.0) at 2026-05-09 04:41:00 +0000