search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Round #2 of scan-build warnings cleanup
[heimdal.git] / lib / kadm5 / iprop-log.c
blob9c18f832e132207aa6dd9213823f6c59a4b09dcc
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "iprop.h"
35 #include <sl.h>
36 #include <parse_time.h>
37 #include "iprop-commands.h"
38
39 RCSID("$Id$");
40
41 static krb5_context context;
42
43 static kadm5_server_context *
44 get_kadmin_context(const char *config_file, char *realm)
45 {
46 kadm5_config_params conf;
47 krb5_error_code ret;
48 void *kadm_handle;
49 char *file = NULL;
50 char **files;
51 int aret;
52
53 if (config_file == NULL) {
54 aret = asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
55 if (aret == -1 || file == NULL)
56 errx(1, "out of memory");
57 config_file = file;
58 }
59
60 ret = krb5_prepend_config_files_default(config_file, &files);
61 free(file);
62 if (ret)
63 krb5_err(context, 1, ret, "getting configuration files");
64
65 ret = krb5_set_config_files(context, files);
66 krb5_free_config_files(files);
67 if (ret)
68 krb5_err(context, 1, ret, "reading configuration files");
69
70 memset(&conf, 0, sizeof(conf));
71 if(realm) {
72 conf.mask |= KADM5_CONFIG_REALM;
73 conf.realm = realm;
74 }
75
76 ret = kadm5_init_with_password_ctx (context,
77 KADM5_ADMIN_SERVICE,
78 NULL,
79 KADM5_ADMIN_SERVICE,
80 &conf, 0, 0,
81 &kadm_handle);
82 if (ret)
83 krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
84
85 return (kadm5_server_context *)kadm_handle;
86 }
87
88 /*
89 * dump log
90 */
91
92 static const char *op_names[] = {
93 "get",
94 "delete",
95 "create",
96 "rename",
97 "chpass",
98 "modify",
99 "randkey",
100 "get_privs",
101 "get_princs",
102 "chpass_with_key",
103 "nop"
104 };
105
106 static kadm5_ret_t
107 print_entry(kadm5_server_context *server_context,
108 uint32_t ver,
109 time_t timestamp,
110 enum kadm_ops op,
111 uint32_t len,
112 krb5_storage *sp,
113 void *ctx)
114 {
115 char t[256];
116 const char *entry_kind = ctx;
117 int32_t mask;
118 int32_t nop_time;
119 uint32_t nop_ver;
120 hdb_entry ent;
121 krb5_principal source;
122 char *name1, *name2;
123 krb5_data data;
124 krb5_context scontext = server_context->context;
125 krb5_error_code ret;
126
127 krb5_data_zero(&data);
128
129 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
130
131 if((int)op < (int)kadm_get || (int)op > (int)kadm_nop) {
132 printf("unknown op: %d\n", op);
133 return 0;
134 }
135
136 printf ("%s%s: ver = %u, timestamp = %s, len = %u\n",
137 entry_kind, op_names[op], ver, t, len);
138 switch(op) {
139 case kadm_delete:
140 krb5_ret_principal(sp, &source);
141 krb5_unparse_name(scontext, source, &name1);
142 printf(" %s\n", name1);
143 free(name1);
144 krb5_free_principal(scontext, source);
145 break;
146 case kadm_rename:
147 ret = krb5_data_alloc(&data, len);
148 if (ret)
149 krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
150 krb5_ret_principal(sp, &source);
151 krb5_storage_read(sp, data.data, data.length);
152 hdb_value2entry(scontext, &data, &ent);
153 krb5_unparse_name(scontext, source, &name1);
154 krb5_unparse_name(scontext, ent.principal, &name2);
155 printf(" %s -> %s\n", name1, name2);
156 free(name1);
157 free(name2);
158 krb5_free_principal(scontext, source);
159 free_hdb_entry(&ent);
160 break;
161 case kadm_create:
162 ret = krb5_data_alloc(&data, len);
163 if (ret)
164 krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
165 krb5_storage_read(sp, data.data, data.length);
166 ret = hdb_value2entry(scontext, &data, &ent);
167 if(ret)
168 abort();
169 mask = ~0;
170 goto foo;
171 case kadm_modify:
172 ret = krb5_data_alloc(&data, len);
173 if (ret)
174 krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
175 krb5_ret_int32(sp, &mask);
176 krb5_storage_read(sp, data.data, data.length);
177 ret = hdb_value2entry(scontext, &data, &ent);
178 if(ret)
179 abort();
180 foo:
181 if(ent.principal /* mask & KADM5_PRINCIPAL */) {
182 krb5_unparse_name(scontext, ent.principal, &name1);
183 printf(" principal = %s\n", name1);
184 free(name1);
185 }
186 if(mask & KADM5_PRINC_EXPIRE_TIME) {
187 if(ent.valid_end == NULL) {
188 strlcpy(t, "never", sizeof(t));
189 } else {
190 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
191 localtime(ent.valid_end));
192 }
193 printf(" expires = %s\n", t);
194 }
195 if(mask & KADM5_PW_EXPIRATION) {
196 if(ent.pw_end == NULL) {
197 strlcpy(t, "never", sizeof(t));
198 } else {
199 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
200 localtime(ent.pw_end));
201 }
202 printf(" password exp = %s\n", t);
203 }
204 if(mask & KADM5_LAST_PWD_CHANGE) {
205 }
206 if(mask & KADM5_ATTRIBUTES) {
207 unparse_flags(HDBFlags2int(ent.flags),
208 asn1_HDBFlags_units(), t, sizeof(t));
209 printf(" attributes = %s\n", t);
210 }
211 if(mask & KADM5_MAX_LIFE) {
212 if(ent.max_life == NULL)
213 strlcpy(t, "for ever", sizeof(t));
214 else
215 unparse_time(*ent.max_life, t, sizeof(t));
216 printf(" max life = %s\n", t);
217 }
218 if(mask & KADM5_MAX_RLIFE) {
219 if(ent.max_renew == NULL)
220 strlcpy(t, "for ever", sizeof(t));
221 else
222 unparse_time(*ent.max_renew, t, sizeof(t));
223 printf(" max rlife = %s\n", t);
224 }
225 if(mask & KADM5_MOD_TIME) {
226 printf(" mod time\n");
227 }
228 if(mask & KADM5_MOD_NAME) {
229 printf(" mod name\n");
230 }
231 if(mask & KADM5_KVNO) {
232 printf(" kvno = %d\n", ent.kvno);
233 }
234 if(mask & KADM5_MKVNO) {
235 printf(" mkvno\n");
236 }
237 if(mask & KADM5_AUX_ATTRIBUTES) {
238 printf(" aux attributes\n");
239 }
240 if(mask & KADM5_POLICY) {
241 printf(" policy\n");
242 }
243 if(mask & KADM5_POLICY_CLR) {
244 printf(" mod time\n");
245 }
246 if(mask & KADM5_LAST_SUCCESS) {
247 printf(" last success\n");
248 }
249 if(mask & KADM5_LAST_FAILED) {
250 printf(" last failed\n");
251 }
252 if(mask & KADM5_FAIL_AUTH_COUNT) {
253 printf(" fail auth count\n");
254 }
255 if(mask & KADM5_KEY_DATA) {
256 printf(" key data\n");
257 }
258 if(mask & KADM5_TL_DATA) {
259 printf(" tl data\n");
260 }
261 free_hdb_entry(&ent);
262 break;
263 case kadm_nop :
264 if (len == 16) {
265 uint64_t off;
266 krb5_ret_uint64(sp, &off);
267 printf("uberblock offset %llu ", (unsigned long long)off);
268 } else {
269 printf("nop");
270 }
271 if (len == 16 || len == 8) {
272 krb5_ret_int32(sp, &nop_time);
273 krb5_ret_uint32(sp, &nop_ver);
274
275 timestamp = nop_time;
276 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
277 printf("timestamp %s version %u", t, nop_ver);
278 }
279 printf("\n");
280 break;
281 default:
282 abort();
283 }
284 krb5_data_free(&data);
285
286 return 0;
287 }
288
289 int
290 iprop_dump(struct dump_options *opt, int argc, char **argv)
291 {
292 kadm5_server_context *server_context;
293 krb5_error_code ret;
294 enum kadm_iter_opts iter_opts_1st = 0;
295 enum kadm_iter_opts iter_opts_2nd = 0;
296 char *desc_1st = "";
297 char *desc_2nd = "";
298
299 server_context = get_kadmin_context(opt->config_file_string,
300 opt->realm_string);
301
302 if (argc > 0) {
303 free(server_context->log_context.log_file);
304 server_context->log_context.log_file = strdup(argv[0]);
305 if (server_context->log_context.log_file == NULL)
306 krb5_err(context, 1, errno, "strdup");
307 }
308
309 if (opt->reverse_flag) {
310 iter_opts_1st = kadm_backward | kadm_unconfirmed;
311 iter_opts_2nd = kadm_backward | kadm_confirmed;
312 desc_1st = "unconfirmed ";
313 } else {
314 iter_opts_1st = kadm_forward | kadm_confirmed;
315 iter_opts_2nd = kadm_forward | kadm_unconfirmed;
316 desc_2nd = "unconfirmed";
317 }
318
319 if (opt->no_lock_flag) {
320 ret = kadm5_log_init_sharedlock(server_context, LOCK_NB);
321 if (ret == EAGAIN || ret == EWOULDBLOCK) {
322 warnx("Not locking the iprop log");
323 ret = kadm5_log_init_nolock(server_context);
324 if (ret)
325 krb5_err(context, 1, ret, "kadm5_log_init_nolock");
326 }
327 } else {
328 warnx("If this command appears to block, try the --no-lock option");
329 ret = kadm5_log_init_sharedlock(server_context, 0);
330 if (ret)
331 krb5_err(context, 1, ret, "kadm5_log_init_sharedlock");
332 }
333
334 ret = kadm5_log_foreach(server_context, iter_opts_1st,
335 NULL, print_entry, desc_1st);
336 if (ret)
337 krb5_warn(context, ret, "kadm5_log_foreach");
338
339 ret = kadm5_log_foreach(server_context, iter_opts_2nd,
340 NULL, print_entry, desc_2nd);
341 if (ret)
342 krb5_warn(context, ret, "kadm5_log_foreach");
343
344 ret = kadm5_log_end (server_context);
345 if (ret)
346 krb5_warn(context, ret, "kadm5_log_end");
347
348 kadm5_destroy(server_context);
349 return 0;
350 }
351
352 int
353 iprop_truncate(struct truncate_options *opt, int argc, char **argv)
354 {
355 kadm5_server_context *server_context;
356 krb5_error_code ret;
357
358 server_context = get_kadmin_context(opt->config_file_string,
359 opt->realm_string);
360
361 if (argc > 0) {
362 free(server_context->log_context.log_file);
363 server_context->log_context.log_file = strdup(argv[0]);
364 if (server_context->log_context.log_file == NULL)
365 krb5_err(context, 1, errno, "strdup");
366 }
367
368 if (opt->keep_entries_integer < 0 &&
369 opt->max_bytes_integer < 0) {
370 opt->keep_entries_integer = 100;
371 opt->max_bytes_integer = 0;
372 }
373 if (opt->keep_entries_integer < 0)
374 opt->keep_entries_integer = 0;
375 if (opt->max_bytes_integer < 0)
376 opt->max_bytes_integer = 0;
377
378 if (opt->reset_flag) {
379 /* First recover unconfirmed records */
380 ret = kadm5_log_init(server_context);
381 if (ret == 0)
382 ret = kadm5_log_reinit(server_context, 0);
383 } else {
384 ret = kadm5_log_init(server_context);
385 if (ret)
386 krb5_err(context, 1, ret, "kadm5_log_init");
387 ret = kadm5_log_truncate(server_context, opt->keep_entries_integer,
388 opt->max_bytes_integer);
389 }
390 if (ret)
391 krb5_err(context, 1, ret, "kadm5_log_truncate");
392
393 kadm5_log_signal_master(server_context);
394
395 kadm5_destroy(server_context);
396 return 0;
397 }
398
399 int
400 last_version(struct last_version_options *opt, int argc, char **argv)
401 {
402 kadm5_server_context *server_context;
403 char *alt_argv[2] = { NULL, NULL };
404 krb5_error_code ret;
405 uint32_t version;
406 size_t i;
407
408 server_context = get_kadmin_context(opt->config_file_string,
409 opt->realm_string);
410
411 if (argc == 0) {
412 alt_argv[0] = strdup(server_context->log_context.log_file);
413 if (alt_argv[0] == NULL)
414 krb5_err(context, 1, errno, "strdup");
415 argv = alt_argv;
416 argc = 1;
417 }
418
419 for (i = 0; i < argc; i++) {
420 free(server_context->log_context.log_file);
421 server_context->log_context.log_file = strdup(argv[i]);
422 if (server_context->log_context.log_file == NULL)
423 krb5_err(context, 1, errno, "strdup");
424
425 if (opt->no_lock_flag) {
426 ret = kadm5_log_init_sharedlock(server_context, LOCK_NB);
427 if (ret == EAGAIN || ret == EWOULDBLOCK) {
428 warnx("Not locking the iprop log");
429 ret = kadm5_log_init_nolock(server_context);
430 if (ret)
431 krb5_err(context, 1, ret, "kadm5_log_init_nolock");
432 }
433 } else {
434 warnx("If this command appears to block, try the "
435 "--no-lock option");
436 ret = kadm5_log_init_sharedlock(server_context, 0);
437 if (ret)
438 krb5_err(context, 1, ret, "kadm5_log_init_sharedlock");
439 }
440
441 ret = kadm5_log_get_version (server_context, &version);
442 if (ret)
443 krb5_err (context, 1, ret, "kadm5_log_get_version");
444
445 ret = kadm5_log_end (server_context);
446 if (ret)
447 krb5_warn(context, ret, "kadm5_log_end");
448
449 printf("version: %lu\n", (unsigned long)version);
450 }
451
452 kadm5_destroy(server_context);
453 free(alt_argv[0]);
454 return 0;
455 }
456
457 int
458 signal_master(struct signal_options *opt, int argc, char **argv)
459 {
460 kadm5_server_context *server_context;
461
462 server_context = get_kadmin_context(opt->config_file_string,
463 opt->realm_string);
464
465 kadm5_log_signal_master(server_context);
466
467 kadm5_destroy(server_context);
468 return 0;
469 }
470
471 /*
472 * Replay log
473 */
474
475 int start_version = -1;
476 int end_version = -1;
477
478 static kadm5_ret_t
479 apply_entry(kadm5_server_context *server_context,
480 uint32_t ver,
481 time_t timestamp,
482 enum kadm_ops op,
483 uint32_t len,
484 krb5_storage *sp,
485 void *ctx)
486 {
487 struct replay_options *opt = ctx;
488 krb5_error_code ret;
489
490 if((opt->start_version_integer != -1 && ver < (uint32_t)opt->start_version_integer) ||
491 (opt->end_version_integer != -1 && ver > (uint32_t)opt->end_version_integer)) {
492 /* XXX skip this entry */
493 return 0;
494 }
495 printf ("ver %u... ", ver);
496 fflush (stdout);
497
498 ret = kadm5_log_replay(server_context, op, ver, len, sp);
499 if (ret)
500 krb5_warn (server_context->context, ret, "kadm5_log_replay");
501
502 printf ("done\n");
503
504 return 0;
505 }
506
507 int
508 iprop_replay(struct replay_options *opt, int argc, char **argv)
509 {
510 kadm5_server_context *server_context;
511 krb5_error_code ret;
512
513 server_context = get_kadmin_context(opt->config_file_string,
514 opt->realm_string);
515
516 if (argc > 0) {
517 free(server_context->log_context.log_file);
518 server_context->log_context.log_file = strdup(argv[0]);
519 if (server_context->log_context.log_file == NULL)
520 krb5_err(context, 1, errno, "strdup");
521 }
522
523 ret = server_context->db->hdb_open(context,
524 server_context->db,
525 O_RDWR | O_CREAT, 0600);
526 if (ret)
527 krb5_err (context, 1, ret, "db->open");
528
529 ret = kadm5_log_init (server_context);
530 if (ret)
531 krb5_err (context, 1, ret, "kadm5_log_init");
532
533 ret = kadm5_log_foreach(server_context,
534 kadm_forward | kadm_confirmed | kadm_unconfirmed,
535 NULL, apply_entry, opt);
536 if(ret)
537 krb5_warn(context, ret, "kadm5_log_foreach");
538 ret = kadm5_log_end (server_context);
539 if (ret)
540 krb5_warn(context, ret, "kadm5_log_end");
541 ret = server_context->db->hdb_close (context, server_context->db);
542 if (ret)
543 krb5_err (context, 1, ret, "db->close");
544
545 kadm5_destroy(server_context);
546 return 0;
547 }
548
549 static int help_flag;
550 static int version_flag;
551
552 static struct getargs args[] = {
553 { "version", 0, arg_flag, &version_flag,
554 NULL, NULL
555 },
556 { "help", 'h', arg_flag, &help_flag,
557 NULL, NULL
558 }
559 };
560
561 static int num_args = sizeof(args) / sizeof(args[0]);
562
563 int
564 help(void *opt, int argc, char **argv)
565 {
566 if(argc == 0) {
567 sl_help(commands, 1, argv - 1 /* XXX */);
568 } else {
569 SL_cmd *c = sl_match (commands, argv[0], 0);
570 if(c == NULL) {
571 fprintf (stderr, "No such command: %s. "
572 "Try \"help\" for a list of commands\n",
573 argv[0]);
574 } else {
575 if(c->func) {
576 static char shelp[] = "--help";
577 char *fake[3];
578 fake[0] = argv[0];
579 fake[1] = shelp;
580 fake[2] = NULL;
581 (*c->func)(2, fake);
582 fprintf(stderr, "\n");
583 }
584 if(c->help && *c->help)
585 fprintf (stderr, "%s\n", c->help);
586 if((++c)->name && c->func == NULL) {
587 int f = 0;
588 fprintf (stderr, "Synonyms:");
589 while (c->name && c->func == NULL) {
590 fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
591 f = 1;
592 }
593 fprintf (stderr, "\n");
594 }
595 }
596 }
597 return 0;
598 }
599
600 static void
601 usage(int status)
602 {
603 arg_printusage(args, num_args, NULL, "command");
604 exit(status);
605 }
606
607 int
608 main(int argc, char **argv)
609 {
610 int optidx = 0;
611 krb5_error_code ret;
612
613 setprogname(argv[0]);
614
615 if(getarg(args, num_args, argc, argv, &optidx))
616 usage(1);
617 if(help_flag)
618 usage(0);
619 if(version_flag) {
620 print_version(NULL);
621 exit(0);
622 }
623 argc -= optidx;
624 argv += optidx;
625 if(argc == 0)
626 usage(1);
627
628 ret = krb5_init_context(&context);
629 if (ret)
630 errx(1, "krb5_init_context failed with: %d\n", ret);
631
632 ret = sl_command(commands, argc, argv);
633 if(ret == -1)
634 warnx ("unrecognized command: %s", argv[0]);
635 return ret;
636 }
Heimdal