diff options
Diffstat (limited to 'kerberosIV')
-rw-r--r-- | kerberosIV/include/kerberosIV/kadm.h | 46 | ||||
-rw-r--r-- | kerberosIV/kadm/kadm_cli_wrap.c | 350 | ||||
-rw-r--r-- | kerberosIV/kadm/kadm_err.et | 13 | ||||
-rw-r--r-- | kerberosIV/kadm/kadm_local.h | 3 | ||||
-rw-r--r-- | kerberosIV/kadm/kadm_stream.c | 241 | ||||
-rw-r--r-- | kerberosIV/kadm/kadm_supp.c | 79 | ||||
-rw-r--r-- | kerberosIV/kadm/shlib_version | 2 |
7 files changed, 391 insertions, 343 deletions
diff --git a/kerberosIV/include/kerberosIV/kadm.h b/kerberosIV/include/kerberosIV/kadm.h index 5098c390ca2..eee13687fb5 100644 --- a/kerberosIV/include/kerberosIV/kadm.h +++ b/kerberosIV/include/kerberosIV/kadm.h @@ -1,23 +1,11 @@ -/* $Id: kadm.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ - -/*- - * Copyright 1987, 1988 by the Student Information Processing Board - * of the Massachusetts Institute of Technology - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purpose and without fee is - * hereby granted, provided that the above copyright notice - * appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, - * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be - * used in advertising or publicity pertaining to distribution - * of the software without specific, written prior permission. - * M.I.T. and the M.I.T. S.I.P.B. make no representations about - * the suitability of this software for any purpose. It is - * provided "as is" without express or implied warranty. - */ - /* + * $KTH: kadm.h,v 1.13 1997/08/17 07:30:24 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * * Definitions for Kerberos administration server & client */ @@ -30,6 +18,8 @@ * Doug Church, December 28, 1989, MIT Project Athena */ +#include <kerberosIV/krb_db.h> + /* The global structures for the client and server */ typedef struct { struct sockaddr_in admin_addr; @@ -48,6 +38,8 @@ typedef struct { /* status of the server, i.e the parameters */ /* Largest password length to be supported */ #define MAX_KPW_LEN 128 +/* Minimum allowed password length */ +#define MIN_KPW_LEN 6 /* Largest packet the admin server will ever allow itself to return */ #define KADM_RET_MAX 2048 @@ -61,6 +53,7 @@ typedef struct { /* status of the server, i.e the parameters */ /* the lookups for the server instances */ #define PWSERV_NAME "changepw" #define KADM_SNAME "kerberos_master" +#define KADM_PORT 751 #define KADM_SINST "kerberos" /* Attributes fields constants and macros */ @@ -112,7 +105,9 @@ typedef struct { enum acl_types { ADDACL, GETACL, -MODACL +MODACL, +STABACL, /* not used */ +DELACL }; /* Various opcodes for the admin server's functions */ @@ -120,19 +115,30 @@ MODACL #define ADD_ENT 3 #define MOD_ENT 4 #define GET_ENT 5 +#define CHECK_PW 6 /* not used */ +#define CHG_STAB 7 /* not used */ +#define DEL_ENT 8 void prin_vals __P((Kadm_vals *)); int stv_long __P((u_char *, u_int32_t *, int, int)); +int vts_long __P((u_int32_t, u_char **, int)); +int vts_string __P((char *, u_char **, int)); +int stv_string __P((u_char *, char *, int, int, int)); int stream_to_vals __P((u_char *, Kadm_vals *, int)); int vals_to_stream __P((Kadm_vals *, u_char **)); int kadm_init_link __P((char *, char *, char *)); int kadm_change_pw __P((unsigned char *)); +int kadm_change_pw_plain __P((unsigned char *, char *, char**)); +int kadm_change_pw2 __P((unsigned char *, char *, char**)); int kadm_mod __P((Kadm_vals *, Kadm_vals *)); int kadm_get __P((Kadm_vals *, u_char *)); int kadm_add __P((Kadm_vals *)); +int kadm_del __P((Kadm_vals *)); void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); + + #endif /* KADM_DEFS */ diff --git a/kerberosIV/kadm/kadm_cli_wrap.c b/kerberosIV/kadm/kadm_cli_wrap.c index 4a0155a54bb..214c32c0c23 100644 --- a/kerberosIV/kadm/kadm_cli_wrap.c +++ b/kerberosIV/kadm/kadm_cli_wrap.c @@ -1,25 +1,25 @@ -/* $Id: kadm_cli_wrap.c,v 1.2 1996/09/16 03:16:27 tholo Exp $ */ +/* $KTH: kadm_cli_wrap.c,v 1.22 1997/08/17 07:30:04 assar Exp $ */ -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ /* * Kerberos administration server client-side routines @@ -29,7 +29,7 @@ * kadm_cli_wrap.c the client side wrapping of the calls to the admin server */ -#include "kadm_local.h" +#include "kadm_locl.h" #ifndef NULL #define NULL 0 @@ -45,20 +45,20 @@ static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ static des_key_schedule sess_sched; static void -clear_secrets() +clear_secrets(void) { - bzero((char *)sess_key, sizeof(sess_key)); - bzero((char *)sess_sched, sizeof(sess_sched)); + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); return; } static void (*opipe)(); static void -kadm_cli_disconn() +kadm_cli_disconn(void) { - (void) close(client_parm.admin_fd); - (void) signal(SIGPIPE, opipe); + close(client_parm.admin_fd); + signal(SIGPIPE, opipe); return; } @@ -70,43 +70,37 @@ kadm_cli_disconn() * data about the connection between the server and client, the services * used, the locations and other fun things */ + int -kadm_init_link(n, i, r) - char *n; - char *i; - char *r; +kadm_init_link(char *n, char *i, char *r) { - struct servent *sep; /* service we will talk to */ struct hostent *hop; /* host we will talk to */ char adm_hostname[MAXHOSTNAMELEN]; - (void) init_kadm_err_tbl(); - (void) init_krb_err_tbl(); - (void) strcpy(client_parm.sname, n); - (void) strcpy(client_parm.sinst, i); - (void) strcpy(client_parm.krbrlm, r); + init_kadm_err_tbl(); + init_krb_err_tbl(); + strcpy(client_parm.sname, n); + strcpy(client_parm.sinst, i); + strcpy(client_parm.krbrlm, r); client_parm.admin_fd = -1; /* set up the admin_addr - fetch name of admin host */ if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) return KADM_NO_HOST; if ((hop = gethostbyname(adm_hostname)) == NULL) - return KADM_UNK_HOST; /* couldnt find the admin servers - * address */ - if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) - return KADM_NO_SERV; /* couldnt find the admin service */ - bzero((char *) &client_parm.admin_addr, - sizeof(client_parm.admin_addr)); + return KADM_UNK_HOST; + memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_port = + k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT)); client_parm.admin_addr.sin_family = hop->h_addrtype; - bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr, - hop->h_length); - client_parm.admin_addr.sin_port = sep->s_port; + memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr, + sizeof(client_parm.admin_addr.sin_addr)); return KADM_SUCCESS; -} /* procedure kadm_init_link */ +} static int -kadm_cli_conn() +kadm_cli_conn(void) { /* this connects and sets my_addr */ int on = 1; @@ -116,7 +110,7 @@ kadm_cli_conn() if (connect(client_parm.admin_fd, (struct sockaddr *) & client_parm.admin_addr, sizeof(client_parm.admin_addr))) { - (void) close(client_parm.admin_fd); + close(client_parm.admin_fd); client_parm.admin_fd = -1; return KADM_NO_CONN; /* couldnt get the connect */ } @@ -125,16 +119,17 @@ kadm_cli_conn() if (getsockname(client_parm.admin_fd, (struct sockaddr *) & client_parm.my_addr, &client_parm.my_addr_len) < 0) { - (void) close(client_parm.admin_fd); + close(client_parm.admin_fd); client_parm.admin_fd = -1; - (void) signal(SIGPIPE, opipe); + signal(SIGPIPE, opipe); return KADM_NO_HERE; /* couldnt find out who we are */ } - if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on, + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, sizeof(on)) < 0) { - (void) close(client_parm.admin_fd); + close(client_parm.admin_fd); client_parm.admin_fd = -1; - (void) signal(SIGPIPE, opipe); + signal(SIGPIPE, opipe); return KADM_NO_CONN; /* XXX */ } return KADM_SUCCESS; @@ -142,9 +137,9 @@ kadm_cli_conn() /* takes in the sess_key and key_schedule and sets them appropriately */ static int -kadm_cli_keyd(s_k, s_s) - des_cblock *s_k; /* session key */ - struct des_ks_struct *s_s; /* session key schedule */ +kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s) + /* session key */ + /* session key schedule */ { CREDENTIALS cred; /* to get key data */ int stat; @@ -153,10 +148,10 @@ kadm_cli_keyd(s_k, s_s) if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, client_parm.krbrlm, &cred))) return stat + krb_err_base; - bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock)); - bzero((char *) cred.session, sizeof(des_cblock)); + memcpy(s_k, cred.session, sizeof(des_cblock)); + memset(cred.session, 0, sizeof(des_cblock)); #ifdef NOENCRYPTION - bzero(s_s, sizeof(des_key_schedule)); + memset(s_s, 0, sizeof(des_key_schedule)); #else if ((stat = des_key_sched(s_k,s_s))) return(stat+krb_err_base); @@ -165,43 +160,40 @@ kadm_cli_keyd(s_k, s_s) } /* This code "works" */ static int -kadm_cli_out(dat, dat_len, ret_dat, ret_siz) - u_char *dat; - int dat_len; - u_char **ret_dat; - int *ret_siz; +kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz) { - u_short dlen; + u_int16_t dlen; int retval; + char tmp[4]; - dlen = (u_short) dat_len; + dlen = (u_int16_t) dat_len; if (dat_len != (int)dlen) return (KADM_NO_ROOM); - dlen = htons(dlen); - if (krb_net_write(client_parm.admin_fd, (char *) &dlen, - sizeof(u_short)) < 0) - return (errno); /* XXX */ + tmp[0] = (dlen >> 8) & 0xff; + tmp[1] = dlen & 0xff; + if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2) + return (errno); /* XXX */ if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) return (errno); /* XXX */ - if ((retval = krb_net_read(client_parm.admin_fd, (char *) &dlen, - sizeof(u_short)) != sizeof(u_short))) { + + if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){ if (retval < 0) return(errno); /* XXX */ else return(EPIPE); /* short read ! */ } + dlen = (tmp[0] << 8) | tmp[1]; - dlen = ntohs(dlen); *ret_dat = (u_char *)malloc((unsigned)dlen); if (!*ret_dat) return(KADM_NOMEM); - if ((retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat, - (int) dlen) != dlen)) { + if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat, + dlen) != dlen)) { if (retval < 0) return(errno); /* XXX */ else @@ -230,11 +222,11 @@ kadm_cli_out(dat, dat_len, ret_dat, ret_siz) * then it sends the data and waits for a reply. */ static int -kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) - u_char *st_dat; /* the actual data */ - int st_siz; /* length of said data */ - u_char **ret_dat; /* to give return info */ - int *ret_siz; /* length of returned info */ +kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz) + /* the actual data */ + /* length of said data */ + /* to give return info */ + /* length of returned info */ { int act_len, retdat; /* current offset into packet, return * data */ @@ -247,11 +239,11 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) u_char *return_dat; act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ - (void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); act_len = KADM_VERSIZE; - if ((retdat = kadm_cli_keyd((des_cblock *)&sess_key, sess_sched)) != KADM_SUCCESS) { - free((char *)act_st); + if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); return retdat; /* couldnt get key working */ } priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); @@ -273,40 +265,37 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) &sess_key); #endif if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, - client_parm.krbrlm, (long)cksum))) { + client_parm.krbrlm, cksum))) { /* authenticator? */ RET_N_FREE(retdat + krb_err_base); } - act_st = (u_char *) realloc((char *) act_st, - (unsigned) (act_len + authent.length - + priv_len)); + act_st = (u_char *) realloc(act_st, + act_len + authent.length + priv_len); if (!act_st) { clear_secrets(); - free((char *)priv_pak); + free(priv_pak); return(KADM_NOMEM); } - bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length); - bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length, - priv_len); - free((char *)priv_pak); + memcpy((char *)act_st + act_len, authent.dat, authent.length); + memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); if ((retdat = kadm_cli_out(act_st, act_len + authent.length + priv_len, ret_dat, ret_siz)) != KADM_SUCCESS) RET_N_FREE(retdat); - free((char *)act_st); -#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);} + free(act_st); +#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);} /* first see if it's a YOULOUSE */ if ((*ret_siz >= KADM_VERSIZE) && !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { - u_int32_t errcode; + unsigned char *p; /* it's a youlose packet */ - if (*ret_siz < KADM_VERSIZE + sizeof(u_int32_t)) + if (*ret_siz < KADM_VERSIZE + 4) RET_N_FREE2(KADM_BAD_VER); - bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode, - sizeof(u_int32_t)); - retdat = (int) ntohl(errcode); + p = (*ret_dat)+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; RET_N_FREE2(retdat); } /* need to decode the ret_dat */ @@ -320,39 +309,42 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) /* bad version */ RET_N_FREE2(KADM_BAD_VER); - bcopy((char *)mdat.app_data+KADM_VERSIZE, - (char *)&retdat, sizeof(u_int32_t)); - retdat = ntohl((u_int32_t)retdat); - if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length - - KADM_VERSIZE - sizeof(u_int32_t))))) + { + unsigned char *p = mdat.app_data+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + } + { + int s=mdat.app_length - KADM_VERSIZE - 4; + if(s<=0) s=1; + if (!(return_dat = (u_char *)malloc(s))) RET_N_FREE2(KADM_NOMEM); - bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_int32_t), - (char *)return_dat, - (int)mdat.app_length - KADM_VERSIZE - sizeof(u_int32_t)); - free((char *)*ret_dat); + } + memcpy(return_dat, + (char *) mdat.app_data + KADM_VERSIZE + 4, + mdat.app_length - KADM_VERSIZE - 4); + free(*ret_dat); clear_secrets(); *ret_dat = return_dat; - *ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_int32_t); + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; return retdat; } -/* - * kadm_change_pw - * recieves : key + + +/* + * kadm_change_pw_plain + * + * see kadm_change_pw * - * Replaces the password (i.e. des key) of the caller with that specified in - * key. Returns no actual data from the master server, since this is called - * by a user */ -int -kadm_change_pw(newkey) - unsigned char *newkey; /* The DES form of the users key */ +int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg) { int stsize, retc; /* stream size and return code */ u_char *send_st; /* send stream */ u_char *ret_st; int ret_sz; - u_int32_t keytmp; + int status; + static char msg[128]; if ((retc = kadm_cli_conn()) != KADM_SUCCESS) return(retc); @@ -364,24 +356,57 @@ kadm_change_pw(newkey) /* change key to stream */ - bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4); - keytmp = htonl(keytmp); - stsize += vts_long(keytmp, &send_st, stsize); - - bcopy((char *) newkey, (char *) &keytmp, 4); - keytmp = htonl(keytmp); - stsize += vts_long(keytmp, &send_st, stsize); + send_st = realloc(send_st, stsize + 8); + memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */ + memcpy(send_st + stsize, newkey + 4, 4); + stsize += 8; + if(password && *password) + stsize += vts_string(password, &send_st, stsize); + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); - free((char *)send_st); - if (retc == KADM_SUCCESS) { - free((char *)ret_st); + free(send_st); + + if(retc != KADM_SUCCESS){ + status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz); + if(status<0) + msg[0]=0; + *pw_msg=msg; } + + if (ret_st) + free(ret_st); + kadm_cli_disconn(); return(retc); } /* + * This function is here for compatibility with CNS + */ + +int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg) +{ + return kadm_change_pw_plain (newkey, password, pw_msg); +} + + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ + +int kadm_change_pw(unsigned char *newkey) +{ + char *pw_msg; + return kadm_change_pw_plain(newkey, "", &pw_msg); +} + +/* * kadm_add * receives : vals * returns : vals @@ -391,8 +416,7 @@ kadm_change_pw(newkey) * the default values they are set to */ int -kadm_add(vals) - Kadm_vals *vals; +kadm_add(Kadm_vals *vals) { u_char *st, *st2; /* st will hold the stream of values */ int st_len; /* st2 the final stream with opcode */ @@ -405,15 +429,15 @@ kadm_add(vals) st_len = vals_to_stream(vals, &st); st2 = (u_char *) malloc((unsigned)(1 + st_len)); *st2 = (u_char) ADD_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + memcpy((char *) st2 + 1, st, st_len); /* append st on */ retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); + free(st); + free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals, ret_sz) < 0) retc = KADM_LENGTH_ERROR; - free((char *)ret_st); + free(ret_st); } kadm_cli_disconn(); return(retc); @@ -429,9 +453,7 @@ kadm_add(vals) * second values. returns the values for the changed entries in vals2 */ int -kadm_mod(vals1, vals2) - Kadm_vals *vals1; - Kadm_vals *vals2; +kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2) { u_char *st, *st2; /* st will hold the stream of values */ int st_len, nlen; /* st2 the final stream with opcode */ @@ -447,24 +469,48 @@ kadm_mod(vals1, vals2) st_len = vals_to_stream(vals1, &st); st2 = (u_char *) malloc((unsigned)(1 + st_len)); *st2 = (u_char) MOD_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len++); /* append st on */ - free((char *)st); + memcpy((char *)st2 + 1, st, st_len++); /* append st on */ + free(st); nlen = vals_to_stream(vals2, &st); st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); - bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */ + memcpy((char *) st2 + st_len, st, nlen); /* append st on */ retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); + free(st); + free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals2, ret_sz) < 0) retc = KADM_LENGTH_ERROR; - free((char *)ret_st); + free(ret_st); } kadm_cli_disconn(); return(retc); } + +int +kadm_del(Kadm_vals *vals) +{ + unsigned char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (unsigned char *) malloc(st_len + 1); + *st2 = DEL_ENT; /* here's the opcode */ + memcpy(st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + kadm_cli_disconn(); + return(retc); +} + + /* * kadm_get * receives : KTEXT, {values, flags} @@ -476,9 +522,7 @@ kadm_mod(vals1, vals2) * matches there were */ int -kadm_get(vals, fl) - Kadm_vals *vals; - u_char *fl; +kadm_get(Kadm_vals *vals, u_char *fl) { int loop; /* for copying the fields data */ u_char *st, *st2; /* st will hold the stream of values */ @@ -492,17 +536,17 @@ kadm_get(vals, fl) st_len = vals_to_stream(vals, &st); st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); *st2 = (u_char) GET_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + memcpy((char *)st2 + 1, st, st_len); /* append st on */ for (loop = FLDSZ - 1; loop >= 0; loop--) *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); + free(st); + free(st2); if (retc == KADM_SUCCESS) { /* ret_st has vals */ if (stream_to_vals(ret_st, vals, ret_sz) < 0) retc = KADM_LENGTH_ERROR; - free((char *)ret_st); + free(ret_st); } kadm_cli_disconn(); return(retc); diff --git a/kerberosIV/kadm/kadm_err.et b/kerberosIV/kadm/kadm_err.et index fb1c47dbdf6..450d2f6e5db 100644 --- a/kerberosIV/kadm/kadm_err.et +++ b/kerberosIV/kadm/kadm_err.et @@ -1,5 +1,6 @@ -# $Id: kadm_err.et,v 1.1 1995/12/14 06:52:45 tholo Exp $ - +# $OpenBSD: kadm_err.et,v 1.2 1997/12/01 04:46:58 art Exp $ +# $KTH: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $ +# # Copyright 1988 by the Massachusetts Institute of Technology. # # For copying and distribution information, please see the file @@ -11,7 +12,7 @@ # KADM_SUCCESS, as all success codes should be, is zero -ec KADM_RCSID, "$Header: /cvs/OpenBSD/src/kerberosIV/kadm/Attic/kadm_err.et,v 1.1 1995/12/14 06:52:45 tholo Exp $" +ec KADM_RCSID, "$Header: /cvs/OpenBSD/src/kerberosIV/kadm/Attic/kadm_err.et,v 1.2 1997/12/01 04:46:58 art Exp $" # /* Building and unbuilding the packet errors */ ec KADM_NO_REALM, "Cannot fetch local realm" ec KADM_NO_CRED, "Unable to fetch credentials" @@ -49,4 +50,10 @@ ec KADM_LENGTH_ERROR, "Length mismatch problem" ec KADM_ILL_WILDCARD, "Illegal use of wildcard" ec KADM_DB_INUSE, "Database is locked or in use--try again later" + +ec KADM_INSECURE_PW, "Insecure password rejected" +ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" + +ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_IMMUTABLE, "Attempt do delete immutable principal" end diff --git a/kerberosIV/kadm/kadm_local.h b/kerberosIV/kadm/kadm_local.h index 4c7d9fe99ac..829f43c5444 100644 --- a/kerberosIV/kadm/kadm_local.h +++ b/kerberosIV/kadm/kadm_local.h @@ -1,4 +1,4 @@ -/* $Id: kadm_local.h,v 1.2 1997/06/29 10:56:14 provos Exp $ */ +/* $Id: kadm_local.h,v 1.3 1997/12/01 04:46:59 art Exp $ */ #include <stdio.h> #include <stdlib.h> @@ -8,6 +8,7 @@ #include <time.h> #include <errno.h> +#include <sys/types.h> #include <sys/socket.h> #include <sys/param.h> #include <netinet/in.h> diff --git a/kerberosIV/kadm/kadm_stream.c b/kerberosIV/kadm/kadm_stream.c index 50aae668868..e06d0fefd0a 100644 --- a/kerberosIV/kadm/kadm_stream.c +++ b/kerberosIV/kadm/kadm_stream.c @@ -1,24 +1,25 @@ -/* $Id: kadm_stream.c,v 1.1 1995/12/14 06:52:45 tholo Exp $ */ +/* $KTH: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $ */ -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ /* * Stream conversion functions for Kerberos administration server @@ -36,96 +37,107 @@ fatal: prints out a kadm fatal error message, exits */ -#include "kadm_local.h" - -#define min(a,b) (((a) < (b)) ? (a) : (b)) +#include "kadm_locl.h" static int -build_field_header(cont, st) - u_char *cont; /* container for fields data */ - u_char **st; /* stream */ +build_field_header(u_char *cont, u_char **st) + /* container for fields data */ + /* stream */ { *st = (u_char *) malloc (4); - bcopy((char *) cont, (char *) *st, 4); + memcpy(*st, cont, 4); return 4; /* return pointer to current stream location */ } static int -check_field_header(st, cont, maxlen) - u_char *st; /* stream */ - u_char *cont; /* container for fields data */ - int maxlen; +check_field_header(u_char *st, u_char *cont, int maxlen) + /* stream */ + /* container for fields data */ + { if (4 > maxlen) return(-1); - bcopy((char *) st, (char *) cont, 4); + memcpy(cont, st, 4); return 4; /* return pointer to current stream location */ } -static int -vts_string(dat, st, loc) - char *dat; /* a string to put on the stream */ - u_char **st; /* base pointer to the stream */ - int loc; /* offset into the stream for current data */ +int +vts_string(char *dat, u_char **st, int loc) + /* a string to put on the stream */ + /* base pointer to the stream */ + /* offset into the stream for current data */ { - *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1)); - bcopy(dat, (char *)(*st + loc), strlen(dat)+1); + *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1)); + memcpy(*st + loc, dat, strlen(dat)+1); return strlen(dat)+1; } static int -vts_short(dat, st, loc) - u_int16_t dat; /* the attributes field */ - u_char **st; /* a base pointer to the stream */ - int loc; /* offset into the stream for current data */ +vts_short(u_int16_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ { - u_int16_t temp; /* to hold the net order short */ - - temp = htons(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_int16_t))); - bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_int16_t)); - return sizeof(u_int16_t); + unsigned char *p; + p = realloc(*st, loc + 2); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 8) & 0xff; + p[loc+1] = dat & 0xff; + *st = p; + return 2; } static int -vts_char(dat, st, loc) - u_char dat; /* the attributes field */ - u_char **st; /* a base pointer to the stream */ - int loc; /* offset into the stream for current data */ +vts_char(u_char dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ { - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char))); - (*st)[loc] = (u_char) dat; - return 1; + unsigned char *p = realloc(*st, loc + 1); + if(p == NULL){ + abort(); + } + p[loc] = dat; + *st = p; + return 1; } int -vts_long(dat, st, loc) - u_int32_t dat; /* the attributes field */ - u_char **st; /* a base pointer to the stream */ - int loc; /* offset into the stream for current data */ +vts_long(u_int32_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ { - u_int32_t temp; /* to hold the net order short */ - - temp = htonl(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_int32_t))); - bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_int32_t)); - return sizeof(u_int32_t); + unsigned char *p = realloc(*st, loc + 4); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 24) & 0xff; + p[loc+1] = (dat >> 16) & 0xff; + p[loc+2] = (dat >> 8) & 0xff; + p[loc+3] = dat & 0xff; + *st = p; + return 4; } -static int -stv_string(st, dat, loc, stlen, maxlen) - register u_char *st; /* base pointer to the stream */ - char *dat; /* a string to read from the stream */ - register int loc; /* offset into the stream for current data */ - int stlen; /* max length of string to copy in */ - int maxlen; /* max length of input stream */ +int +stv_string(u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ { int maxcount; /* max count of chars to copy */ maxcount = min(maxlen - loc, stlen); - (void) strncpy(dat, (char *)st + loc, maxcount); + if(maxcount <= 0) + return -1; + + strncpy(dat, (char *)st + loc, maxcount); if (dat[maxcount-1]) /* not null-term --> not enuf room */ return(-1); @@ -133,49 +145,44 @@ stv_string(st, dat, loc, stlen, maxlen) } static int -stv_short(st, dat, loc, maxlen) - u_char *st; /* a base pointer to the stream */ - u_int16_t *dat; /* the attributes field */ - int loc; /* offset into the stream for current data */ - int maxlen; +stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + { - u_int16_t temp; /* to hold the net order short */ - - if (loc + sizeof(temp) > maxlen) - return(-1); - /*bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short));*/ - bcopy(st + loc, (char *) &temp, sizeof(temp)); - *dat = ntohs(temp); /* convert to network order */ - return sizeof(temp); + if (maxlen - loc < 2) + return -1; + + *dat = (st[loc] << 8) | st[loc + 1]; + return 2; } int -stv_long(st, dat, loc, maxlen) - u_char *st; /* a base pointer to the stream */ - u_int32_t *dat; /* the attributes field */ - int loc; /* offset into the stream for current data */ - int maxlen; /* maximum length of st */ +stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + /* maximum length of st */ { - u_int32_t temp; /* to hold the net order short */ - - if (loc + sizeof(temp) > maxlen) - return(-1); - /*bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long));*/ - bcopy(st + loc, (char *) &temp, sizeof(temp)); - *dat = ntohl(temp); /* convert to network order */ - return sizeof(temp); + if (maxlen - loc < 4) + return -1; + + *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3]; + return 4; } static int -stv_char(st, dat, loc, maxlen) - u_char *st; /* a base pointer to the stream */ - u_char *dat; /* the attributes field */ - int loc; /* offset into the stream for current data */ - int maxlen; +stv_char(u_char *st, u_char *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + { - if (loc + 1 > maxlen) - return(-1); - *dat = *(st + loc); + if (maxlen - loc < 1) + return -1; + + *dat = st[loc]; return 1; } @@ -187,9 +194,7 @@ vals_to_stream this function creates a byte-stream representation of the kadm_vals structure */ int -vals_to_stream(dt_in, dt_out) - Kadm_vals *dt_in; - u_char **dt_out; +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) { int vsloop, stsize; /* loop counter, stream size */ @@ -231,15 +236,15 @@ stream_to_vals this decodes a byte stream represntation of a vals struct into kadm_vals */ int -stream_to_vals(dt_in, dt_out, maxlen) - u_char *dt_in; - Kadm_vals *dt_out; - int maxlen; /* max length to use */ +stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen) + + + /* max length to use */ { - register int vsloop, stsize; /* loop counter, stream size */ - register int status; + int vsloop, stsize; /* loop counter, stream size */ + int status; - bzero((char *) dt_out, sizeof(*dt_out)); + memset(dt_out, 0, sizeof(*dt_out)); stsize = check_field_header(dt_in, dt_out->fields, maxlen); if (stsize < 0) diff --git a/kerberosIV/kadm/kadm_supp.c b/kerberosIV/kadm/kadm_supp.c index 8882b06d422..4a771ff5fca 100644 --- a/kerberosIV/kadm/kadm_supp.c +++ b/kerberosIV/kadm/kadm_supp.c @@ -1,24 +1,25 @@ -/* $Id: kadm_supp.c,v 1.1 1995/12/14 06:52:46 tholo Exp $ */ +/* $KTH: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $ */ -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ /* * Support functions for Kerberos administration server & clients @@ -34,52 +35,39 @@ structure */ -#include "kadm_local.h" +#include "kadm_locl.h" /* prin_vals: recieves : a vals structure */ void -prin_vals(vals) - Kadm_vals *vals; +prin_vals(Kadm_vals *vals) { printf("Info in Database for %s.%s:\n", vals->name, vals->instance); printf(" Max Life: %d (%s) Exp Date: %s\n", vals->max_life, krb_life_to_atime(vals->max_life), asctime(k_localtime(&vals->exp_date))); - printf(" Attribs: %.2x key: %lu %lu\n", + printf(" Attribs: %.2x key: %#lx %#lx\n", vals->attributes, (long)vals->key_low, (long)vals->key_high); } -#ifdef notdef -nierror(s) -int s; -{ - printf("Kerberos admin server loses..... %s\n",error_message(s)); - return(s); -} -#endif - /* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, it copies the fields in Principal specified by fields into Kadm_vals, i.e from old to new */ void -kadm_prin_to_vals(fields, new, old) - u_char *fields; - Kadm_vals *new; - Principal *old; +kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old) { - bzero((char *)new, sizeof(*new)); + memset(new, 0, sizeof(*new)); if (IS_FIELD(KADM_NAME,fields)) { - (void) strncpy(new->name, old->name, ANAME_SZ); + strncpy(new->name, old->name, ANAME_SZ); SET_FIELD(KADM_NAME, new->fields); } if (IS_FIELD(KADM_INST,fields)) { - (void) strncpy(new->instance, old->instance, INST_SZ); + strncpy(new->instance, old->instance, INST_SZ); SET_FIELD(KADM_INST, new->fields); } if (IS_FIELD(KADM_EXPDATE,fields)) { @@ -102,17 +90,14 @@ kadm_prin_to_vals(fields, new, old) } void -kadm_vals_to_prin(fields, new, old) - u_char *fields; - Principal *new; - Kadm_vals *old; +kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old) { - bzero((char *)new, sizeof(*new)); + memset(new, 0, sizeof(*new)); if (IS_FIELD(KADM_NAME,fields)) - (void) strncpy(new->name, old->name, ANAME_SZ); + strncpy(new->name, old->name, ANAME_SZ); if (IS_FIELD(KADM_INST,fields)) - (void) strncpy(new->instance, old->instance, INST_SZ); + strncpy(new->instance, old->instance, INST_SZ); if (IS_FIELD(KADM_EXPDATE,fields)) new->exp_date = old->exp_date; if (IS_FIELD(KADM_ATTR,fields)) diff --git a/kerberosIV/kadm/shlib_version b/kerberosIV/kadm/shlib_version index d9961ea9fef..3066b9771e7 100644 --- a/kerberosIV/kadm/shlib_version +++ b/kerberosIV/kadm/shlib_version @@ -1,2 +1,2 @@ -major=4 +major=5 minor=0 |