Upgrades, sanity checks, cleanup, etc.

1 files changed, 93 insertions, 46 deletions

diff --git a/kerberosIV/kadmind/kadm_server.c b/kerberosIV/kadmind/kadm_server.c
index 7412b607c06..a18c2398a39 100644
--- a/kerberosIV/kadmind/kadm_server.c
+++ b/kerberosIV/kadmind/kadm_server.c
@@ -1,7 +1,8 @@
-/*	$Id: kadm_server.c,v 1.1 1995/12/14 06:52:48 tholo Exp $	*/
+/*	$OpenBSD: kadm_server.c,v 1.2 1997/12/15 17:56:22 art Exp $	*/
+/* $KTH: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $ */
 
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
+/* 
+ *  Copyright (C) 1989 by the Massachusetts Institute of Technology
  *
  * Export of this software from the United States of America is assumed
  * to require a specific license from the United States Government.
@@ -18,57 +19,85 @@
  * permission.  M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
+ *
  */
 
 /*
  * Kerberos administration server-side subroutines
  */
 
-#include <kadm_locl.h>
+#include "kadm_locl.h"
 
 /* 
-kadm_ser_cpw - the server side of the change_password routine
-  recieves    : KTEXT, {key}
-  returns     : CKSUM, RETCODE
-  acl         : caller can change only own password
-
-Replaces the password (i.e. des key) of the caller with that specified in key.
-Returns no actual data from the master server, since this is called by a user
-*/
+ *kadm_ser_cpw - the server side of the change_password routine
+ * recieves    : KTEXT, {key}
+ * returns     : CKSUM, RETCODE
+ * acl         : caller can change only own password
+ *
+ * Replaces the password (i.e. des key) of the caller with that specified in 
+ * key. Returns no actual data from the master server, since this is called
+ * by a user
+ */
 int
 kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
 {
     u_int32_t keylow, keyhigh;
     des_cblock newkey;
-    int stvlen;
+    int status;
+    int stvlen=0;
+    char *pw_msg;
+    char pword[MAX_KPW_LEN];
+    char *strings[4];
 
     /* take key off the stream, and change the database */
 
-    if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0)
+    if ((status = stv_long(dat, &keyhigh, 0, len)) < 0)
 	return(KADM_LENGTH_ERROR);
-    if (stv_long(dat, &keylow, stvlen, len) < 0)
+    stvlen=status;
+    if ((status = stv_long(dat, &keylow, stvlen, len)) < 0)
 	return(KADM_LENGTH_ERROR);
+    stvlen+=status;
+
+    if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0)
+      pword[0]=0;
 
     keylow = ntohl(keylow);
     keyhigh = ntohl(keyhigh);
-    bcopy((char *)&keyhigh, (char *)(((int32_t *)newkey) + 1), 4);
-    bcopy((char *)&keylow, (char *)newkey, 4);
-    *datout = 0;
-    *outlen = 0;
+    memcpy(((char *)newkey) + 4, &keyhigh, 4);
+    memcpy(newkey, &keylow, 4);
+
+    strings[0] = ad->pname;
+    strings[1] = ad->pinst;
+    strings[2] = ad->prealm;
+    strings[3] = NULL;
+    status = kadm_pw_check(pword, &newkey, &pw_msg, strings);
+    
+    memset(pword, 0, sizeof(pword));
+    memset(dat, 0, len);
+
+    if(status != KADM_SUCCESS){
+      *datout=malloc(0);
+      *outlen=vts_string(pw_msg, datout, 0);
+      return status;
+    }
+    *datout=0;
+    *outlen=0;
 
     return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey));
 }
 
+
 /*
-kadm_ser_add - the server side of the add_entry routine
-  recieves    : KTEXT, {values}
-  returns     : CKSUM, RETCODE, {values}
-  acl         : su, sms (as alloc)
-
-Adds and entry containing values to the database
-returns the values of the entry, so if you leave certain fields blank you will
-   be able to determine the default values they are set to
-*/
+ * kadm_ser_add - the server side of the add_entry routine
+ *   recieves    : KTEXT, {values}
+ *   returns     : CKSUM, RETCODE, {values}
+ *   acl         : su, sms (as alloc)
+ *
+ * Adds and entry containing values to the database
+ * returns the values of the entry, so if you leave certain fields blank 
+ * you will be able to determine the default values they are set to
+ *
+ */
 int
 kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
 {
@@ -88,15 +117,15 @@ kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
 }
 
 /*
-kadm_ser_mod - the server side of the mod_entry routine
-  recieves    : KTEXT, {values, values}
-  returns     : CKSUM, RETCODE, {values}
-  acl         : su, sms (as register or dealloc)
-
-Modifies all entries corresponding to the first values so they match the
-   second values.
-returns the values for the changed entries
-*/
+ * kadm_ser_mod - the server side of the mod_entry routine
+ *   recieves    : KTEXT, {values, values}
+ *   returns     : CKSUM, RETCODE, {values}
+ *   acl         : su, sms (as register or dealloc)
+ *
+ * Modifies all entries corresponding to the first values so they match the
+ * second values.
+ * returns the values for the changed entries
+ */
 int
 kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
 {
@@ -118,16 +147,34 @@ kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
   }
 }
 
+int
+kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad, 
+		u_char **datout, int *outlen)
+{
+    Kadm_vals values;
+    int wh;
+    int status;
+    
+    if((wh = stream_to_vals(dat, &values, len)) < 0)
+	return KADM_LENGTH_ERROR;
+    if(wh != len)
+	return KADM_LENGTH_ERROR;
+    status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm, 
+			       &values);
+    *outlen = 0;
+    return status;
+}
+
 /*
-kadm_ser_get
-  recieves   : KTEXT, {values, flags}
-  returns    : CKSUM, RETCODE, {count, values, values, values}
-  acl        : su
-
-gets the fields requested by flags from all entries matching values
-returns this data for each matching recipient, after a count of how many such
-  matches there were
-*/
+ * kadm_ser_get
+ *   recieves   : KTEXT, {values, flags}
+ *   returns    : CKSUM, RETCODE, {count, values, values, values}
+ *   acl        : su
+ *
+ * gets the fields requested by flags from all entries matching values
+ * returns this data for each matching recipient, after a count of how many 
+ * such matches there were
+ */
 int
 kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
 {