2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
38 do_del_entry(krb5_principal principal
, void *data
)
40 return kadm5_delete_principal(kadm_handle
, principal
);
44 del_entry(void *opt
, int argc
, char **argv
)
47 krb5_error_code ret
= 0;
49 for(i
= 0; i
< argc
; i
++) {
50 ret
= foreach_principal(argv
[i
], do_del_entry
, "del", NULL
);
58 do_del_ns_entry(krb5_principal nsp
, void *data
)
61 krb5_principal p
= NULL
;
62 const char *comp0
= krb5_principal_get_comp_string(context
, nsp
, 0);
63 const char *comp1
= krb5_principal_get_comp_string(context
, nsp
, 1);
65 if (krb5_principal_get_num_comp(context
, nsp
) != 2) {
68 ret
= krb5_unparse_name(context
, nsp
, &unsp
);
69 krb5_warn(context
, ret
,
70 "Not a valid namespace name (component count is not 2): %s",
71 unsp
? unsp
: "<out of memory>");
76 ret
= krb5_make_principal(context
, &p
,
77 krb5_principal_get_realm(context
, nsp
),
78 "WELLKNOWN", HDB_WK_NAMESPACE
, NULL
);
80 ret
= krb5_principal_set_comp_string(context
, p
, 2, comp0
);
82 ret
= krb5_principal_set_comp_string(context
, p
, 3, comp1
);
84 ret
= kadm5_delete_principal(kadm_handle
, p
);
85 krb5_free_principal(context
, p
);
90 del_namespace(void *opt
, int argc
, char **argv
)
93 krb5_error_code ret
= 0;
95 for(i
= 0; i
< argc
; i
++) {
96 ret
= foreach_principal(argv
[i
], do_del_ns_entry
, "del_ns", NULL
);
104 del_alias(void *opt
, int argc
, char **argv
)
111 krb5_warnx(context
, "No aliases given");
115 for (; argc
; argc
--, argv
++) {
116 kadm5_principal_ent_rec princ
;
123 if ((ret
= krb5_parse_name(context
, argv
[0], &p
))) {
124 krb5_warn(context
, ret
, "Invalid principal: %s", argv
[0]);
128 memset(&princ
, 0, sizeof(princ
));
129 ret
= kadm5_get_principal(kadm_handle
, p
, &princ
,
130 KADM5_PRINCIPAL_NORMAL_MASK
| KADM5_TL_DATA
);
132 krb5_warn(context
, ret
, "Principal alias not found %s", argv
[0]);
136 if (krb5_principal_compare(context
, p
, princ
.principal
)) {
137 krb5_warn(context
, ret
, "Not deleting principal %s because it is "
138 "not an alias; use 'delete' to delete the principal",
143 a
= &ext
.data
.u
.aliases
;
144 a
->case_insensitive
= 0;
147 if ((tl
= get_tl(&princ
, KRB5_TL_ALIASES
)) == NULL
) {
148 krb5_warnx(context
, "kadm5_get_principal() found principal %s but "
149 "not its aliases", argv
[0]);
150 kadm5_free_principal_ent(kadm_handle
, &princ
);
151 krb5_free_principal(context
, p
);
155 ret
= decode_HDB_Ext_Aliases(tl
->tl_data_contents
, tl
->tl_data_length
,
158 krb5_warn(context
, ret
, "Principal alias list could not be decoded");
159 kadm5_free_principal_ent(kadm_handle
, &princ
);
160 krb5_free_principal(context
, p
);
165 * Remove alias, but also, don't assume it appears only once in aliases
169 while (i
< a
->aliases
.len
) {
170 if (!krb5_principal_compare(context
, p
, &a
->aliases
.val
[i
])) {
174 free_Principal(&a
->aliases
.val
[i
]);
175 if (i
+ 1 < a
->aliases
.len
)
176 memmove(&a
->aliases
.val
[i
],
177 &a
->aliases
.val
[i
+ 1],
178 sizeof(a
->aliases
.val
[i
]) * (a
->aliases
.len
- (i
+ 1)));
185 ext
.data
.element
= choice_HDB_extension_data_aliases
;
188 ASN1_MALLOC_ENCODE(HDB_extension
, d
.data
, d
.length
, &ext
, &i
, ret
);
189 free_HDB_Ext_Aliases(a
);
191 int16_t len
= d
.length
;
193 if (len
< 0 || d
.length
!= (size_t)len
) {
194 krb5_warnx(context
, "Too many aliases; does not fit in 32767 bytes");
197 add_tl(&princ
, KRB5_TL_EXTENSION
, &d
);
202 ret
= kadm5_modify_principal(kadm_handle
, &princ
,
203 KADM5_PRINCIPAL
| KADM5_TL_DATA
);
205 krb5_warn(context
, ret
, "kadm5_modify_principal");
208 kadm5_free_principal_ent(kadm_handle
, &princ
);
209 krb5_free_principal(context
, p
);
214 return ret
== 0 ? 0 : 1;