2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
38 do_del_entry(krb5_principal principal
, void *data
)
40 return kadm5_delete_principal(kadm_handle
, principal
);
44 del_entry(void *opt
, int argc
, char **argv
)
47 krb5_error_code ret
= 0;
49 for(i
= 0; i
< argc
; i
++) {
50 ret
= foreach_principal(argv
[i
], do_del_entry
, "del", NULL
);
58 do_del_ns_entry(krb5_principal nsp
, void *data
)
61 krb5_principal p
= NULL
;
62 const char *comp0
= krb5_principal_get_comp_string(context
, nsp
, 0);
63 const char *comp1
= krb5_principal_get_comp_string(context
, nsp
, 1);
66 if (krb5_principal_get_num_comp(context
, nsp
) != 2) {
67 (void) krb5_unparse_name(context
, nsp
, &unsp
);
68 krb5_warn(context
, ret
= EINVAL
, "Not a valid namespace name %s",
69 unsp
? unsp
: "<Out of memory>");
73 ret
= krb5_make_principal(context
, &p
,
74 krb5_principal_get_realm(context
, nsp
),
75 "WELLKNOWN", HDB_WK_NAMESPACE
, NULL
);
77 ret
= krb5_principal_set_comp_string(context
, p
, 2, comp0
);
79 ret
= krb5_principal_set_comp_string(context
, p
, 3, comp1
);
81 ret
= kadm5_delete_principal(kadm_handle
, p
);
82 krb5_free_principal(context
, p
);
88 del_namespace(void *opt
, int argc
, char **argv
)
91 krb5_error_code ret
= 0;
93 for(i
= 0; i
< argc
; i
++) {
94 ret
= foreach_principal(argv
[i
], do_del_ns_entry
, "del_ns", NULL
);
102 del_alias(void *opt
, int argc
, char **argv
)
109 krb5_warnx(context
, "No aliases given");
113 for (; argc
; argc
--, argv
++) {
114 kadm5_principal_ent_rec princ
;
121 if ((ret
= krb5_parse_name(context
, argv
[0], &p
))) {
122 krb5_warn(context
, ret
, "Invalid principal: %s", argv
[0]);
126 memset(&princ
, 0, sizeof(princ
));
127 ret
= kadm5_get_principal(kadm_handle
, p
, &princ
,
128 KADM5_PRINCIPAL_NORMAL_MASK
| KADM5_TL_DATA
);
130 krb5_warn(context
, ret
, "Principal alias not found %s", argv
[0]);
134 if (krb5_principal_compare(context
, p
, princ
.principal
)) {
135 krb5_warn(context
, ret
, "Not deleting principal %s because it is "
136 "not an alias; use 'delete' to delete the principal",
141 a
= &ext
.data
.u
.aliases
;
142 a
->case_insensitive
= 0;
145 if ((tl
= get_tl(&princ
, KRB5_TL_ALIASES
)) == NULL
) {
146 krb5_warnx(context
, "kadm5_get_principal() found principal %s but "
147 "not its aliases", argv
[0]);
148 kadm5_free_principal_ent(kadm_handle
, &princ
);
149 krb5_free_principal(context
, p
);
153 ret
= decode_HDB_Ext_Aliases(tl
->tl_data_contents
, tl
->tl_data_length
,
156 krb5_warn(context
, ret
, "Principal alias list could not be decoded");
157 kadm5_free_principal_ent(kadm_handle
, &princ
);
158 krb5_free_principal(context
, p
);
163 * Remove alias, but also, don't assume it appears only once in aliases
167 while (i
< a
->aliases
.len
) {
168 if (!krb5_principal_compare(context
, p
, &a
->aliases
.val
[i
])) {
172 free_Principal(&a
->aliases
.val
[i
]);
173 if (i
+ 1 < a
->aliases
.len
)
174 memmove(&a
->aliases
.val
[i
],
175 &a
->aliases
.val
[i
+ 1],
176 sizeof(a
->aliases
.val
[i
]) * (a
->aliases
.len
- (i
+ 1)));
183 ext
.data
.element
= choice_HDB_extension_data_aliases
;
186 ASN1_MALLOC_ENCODE(HDB_extension
, d
.data
, d
.length
, &ext
, &i
, ret
);
187 free_HDB_Ext_Aliases(a
);
189 int16_t len
= d
.length
;
191 if (len
< 0 || d
.length
!= (size_t)len
) {
192 krb5_warnx(context
, "Too many aliases; does not fit in 32767 bytes");
195 add_tl(&princ
, KRB5_TL_EXTENSION
, &d
);
200 ret
= kadm5_modify_principal(kadm_handle
, &princ
,
201 KADM5_PRINCIPAL
| KADM5_TL_DATA
);
203 krb5_warn(context
, ret
, "kadm5_modify_principal");
206 kadm5_free_principal_ent(kadm_handle
, &princ
);
207 krb5_free_principal(context
, p
);
212 return ret
== 0 ? 0 : 1;