search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upstream NetBSD libedit has readline.h in readline/ not editline/
[heimdal.git] / kadmin / server.c
bloba0a796298d7930ac9aa2b376fd44e824916dc118
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadmin_locl.h"
35 #include <krb5-private.h>
36
37 static kadm5_ret_t check_aliases(kadm5_server_context *,
38 kadm5_principal_ent_rec *,
39 kadm5_principal_ent_rec *);
40
41 static kadm5_ret_t
42 kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
43 krb5_data *in, krb5_data *out)
44 {
45 kadm5_ret_t ret;
46 int32_t cmd, mask, tmp;
47 kadm5_server_context *contextp = kadm_handlep;
48 char client[128], name[128], name2[128];
49 const char *op = "";
50 krb5_principal princ, princ2;
51 kadm5_principal_ent_rec ent, ent_prev;
52 char *password, *expression;
53 krb5_keyblock *new_keys;
54 krb5_key_salt_tuple *ks_tuple = NULL;
55 krb5_boolean keepold = FALSE;
56 int n_ks_tuple = 0;
57 int n_keys;
58 char **princs;
59 int n_princs;
60 int keys_ok = 0;
61 krb5_storage *sp;
62
63 krb5_unparse_name_fixed(contextp->context, contextp->caller,
64 client, sizeof(client));
65
66 sp = krb5_storage_from_data(in);
67 if (sp == NULL)
68 krb5_errx(contextp->context, 1, "out of memory");
69
70 krb5_ret_int32(sp, &cmd);
71 switch(cmd){
72 case kadm_get:{
73 op = "GET";
74 ret = krb5_ret_principal(sp, &princ);
75 if(ret)
76 goto fail;
77 ret = krb5_ret_int32(sp, &mask);
78 if(ret){
79 krb5_free_principal(contextp->context, princ);
80 goto fail;
81 }
82 mask |= KADM5_PRINCIPAL;
83 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
84 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
85
86 /* If the caller doesn't have KADM5_PRIV_GET, we're done. */
87 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
88 if (ret) {
89 krb5_free_principal(contextp->context, princ);
90 goto fail;
91 }
92
93 /* Then check to see if it is ok to return keys */
94 if ((mask & KADM5_KEY_DATA) != 0) {
95 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS,
96 princ);
97 if (ret == 0) {
98 keys_ok = 1;
99 } else if ((mask == (KADM5_PRINCIPAL|KADM5_KEY_DATA)) ||
100 (mask == (KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA))) {
101 /*
102 * Requests for keys will get bogus keys, which is useful if
103 * the client just wants to see what (kvno, enctype)s the
104 * principal has keys for, but terrible if the client wants to
105 * write the keys into a keytab or modify the principal and
106 * write the bogus keys back to the server.
107 *
108 * We use a heuristic to detect which case we're handling here.
109 * If the client only asks for the flags in the above
110 * condition, then it's very likely a kadmin ext_keytab,
111 * add_enctype, or other request that should not see bogus
112 * keys. We deny them.
113 *
114 * The kadmin get command can be coaxed into making a request
115 * with the same mask. But the default long and terse output
116 * modes request other things too, so in all likelihood this
117 * heuristic will not hurt any kadmin get uses.
118 */
119 krb5_free_principal(contextp->context, princ);
120 goto fail;
121 }
122 }
123
124 ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask);
125 krb5_storage_free(sp);
126 sp = krb5_storage_emem();
127 krb5_store_int32(sp, ret);
128 if (ret == 0){
129 if (keys_ok)
130 kadm5_store_principal_ent(sp, &ent);
131 else
132 kadm5_store_principal_ent_nokeys(sp, &ent);
133 kadm5_free_principal_ent(kadm_handlep, &ent);
134 }
135 krb5_free_principal(contextp->context, princ);
136 break;
137 }
138 case kadm_delete:{
139 op = "DELETE";
140 ret = krb5_ret_principal(sp, &princ);
141 if(ret)
142 goto fail;
143 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
144 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
145 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ);
146 if(ret){
147 krb5_free_principal(contextp->context, princ);
148 goto fail;
149 }
150
151 /*
152 * There's no need to check that the caller has permission to
153 * delete the victim principal's aliases.
154 */
155
156 ret = kadm5_delete_principal(kadm_handlep, princ);
157 krb5_free_principal(contextp->context, princ);
158 krb5_storage_free(sp);
159 sp = krb5_storage_emem();
160 krb5_store_int32(sp, ret);
161 break;
162 }
163 case kadm_create:{
164 op = "CREATE";
165 ret = kadm5_ret_principal_ent(sp, &ent);
166 if(ret)
167 goto fail;
168 ret = krb5_ret_int32(sp, &mask);
169 if(ret){
170 kadm5_free_principal_ent(kadm_handlep, &ent);
171 goto fail;
172 }
173 ret = krb5_ret_string(sp, &password);
174 if(ret){
175 kadm5_free_principal_ent(kadm_handlep, &ent);
176 goto fail;
177 }
178 krb5_unparse_name_fixed(contextp->context, ent.principal,
179 name, sizeof(name));
180 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
181 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD,
182 ent.principal);
183 if(ret){
184 kadm5_free_principal_ent(kadm_handlep, &ent);
185 memset(password, 0, strlen(password));
186 free(password);
187 goto fail;
188 }
189 if ((mask & KADM5_TL_DATA)) {
190 /*
191 * Also check that the caller can create the aliases, if the
192 * new principal has any.
193 */
194 ret = check_aliases(contextp, &ent, NULL);
195 if (ret) {
196 kadm5_free_principal_ent(kadm_handlep, &ent);
197 memset(password, 0, strlen(password));
198 free(password);
199 goto fail;
200 }
201 }
202 ret = kadm5_create_principal(kadm_handlep, &ent,
203 mask, password);
204 kadm5_free_principal_ent(kadm_handlep, &ent);
205 memset(password, 0, strlen(password));
206 free(password);
207 krb5_storage_free(sp);
208 sp = krb5_storage_emem();
209 krb5_store_int32(sp, ret);
210 break;
211 }
212 case kadm_modify:{
213 op = "MODIFY";
214 ret = kadm5_ret_principal_ent(sp, &ent);
215 if(ret)
216 goto fail;
217 ret = krb5_ret_int32(sp, &mask);
218 if(ret){
219 kadm5_free_principal_ent(contextp, &ent);
220 goto fail;
221 }
222 krb5_unparse_name_fixed(contextp->context, ent.principal,
223 name, sizeof(name));
224 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
225 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_MODIFY,
226 ent.principal);
227 if(ret){
228 kadm5_free_principal_ent(contextp, &ent);
229 goto fail;
230 }
231 if ((mask & KADM5_TL_DATA)) {
232 /*
233 * Also check that the caller can create aliases that are in
234 * the new entry but not the old one. There's no need to
235 * check that the caller can delete aliases it wants to
236 * drop. See also handling of rename.
237 */
238 ret = kadm5_get_principal(kadm_handlep, ent.principal, &ent_prev, mask);
239 if (ret) {
240 kadm5_free_principal_ent(contextp, &ent);
241 goto fail;
242 }
243 ret = check_aliases(contextp, &ent, &ent_prev);
244 kadm5_free_principal_ent(contextp, &ent_prev);
245 if (ret) {
246 kadm5_free_principal_ent(contextp, &ent);
247 goto fail;
248 }
249 }
250 ret = kadm5_modify_principal(kadm_handlep, &ent, mask);
251 kadm5_free_principal_ent(kadm_handlep, &ent);
252 krb5_storage_free(sp);
253 sp = krb5_storage_emem();
254 krb5_store_int32(sp, ret);
255 break;
256 }
257 case kadm_rename:{
258 op = "RENAME";
259 ret = krb5_ret_principal(sp, &princ);
260 if(ret)
261 goto fail;
262 ret = krb5_ret_principal(sp, &princ2);
263 if(ret){
264 krb5_free_principal(contextp->context, princ);
265 goto fail;
266 }
267 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
268 krb5_unparse_name_fixed(contextp->context, princ2,
269 name2, sizeof(name2));
270 krb5_warnx(contextp->context, "%s: %s %s -> %s",
271 client, op, name, name2);
272 ret = _kadm5_acl_check_permission(contextp,
273 KADM5_PRIV_ADD,
274 princ2);
275 if (ret == 0) {
276 /*
277 * Also require modify for the principal. For backwards
278 * compatibility, allow delete permission on the old name to
279 * cure lack of modify permission on the old name.
280 */
281 ret = _kadm5_acl_check_permission(contextp,
282 KADM5_PRIV_MODIFY,
283 princ);
284 if (ret) {
285 ret = _kadm5_acl_check_permission(contextp,
286 KADM5_PRIV_DELETE,
287 princ);
288 }
289 }
290 if(ret){
291 krb5_free_principal(contextp->context, princ);
292 krb5_free_principal(contextp->context, princ2);
293 goto fail;
294 }
295 ret = kadm5_rename_principal(kadm_handlep, princ, princ2);
296 krb5_free_principal(contextp->context, princ);
297 krb5_free_principal(contextp->context, princ2);
298 krb5_storage_free(sp);
299 sp = krb5_storage_emem();
300 krb5_store_int32(sp, ret);
301 break;
302 }
303 case kadm_chpass:{
304 op = "CHPASS";
305 ret = krb5_ret_principal(sp, &princ);
306 if (ret)
307 goto fail;
308 ret = krb5_ret_string(sp, &password);
309 if (ret) {
310 krb5_free_principal(contextp->context, princ);
311 goto fail;
312 }
313 ret = krb5_ret_int32(sp, &keepold);
314 if (ret && ret != HEIM_ERR_EOF) {
315 krb5_free_principal(contextp->context, princ);
316 goto fail;
317 }
318 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
319 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
320
321 /*
322 * The change is allowed if at least one of:
323 *
324 * a) allowed by sysadmin
325 * b) it's for the principal him/herself and this was an
326 * initial ticket, but then, check with the password quality
327 * function.
328 * c) the user is on the CPW ACL.
329 */
330
331 if (krb5_config_get_bool_default(contextp->context, NULL, TRUE,
332 "kadmin", "allow_self_change_password", NULL)
333 && initial
334 && krb5_principal_compare (contextp->context, contextp->caller,
335 princ))
336 {
337 krb5_data pwd_data;
338 const char *pwd_reason;
339
340 pwd_data.data = password;
341 pwd_data.length = strlen(password);
342
343 pwd_reason = kadm5_check_password_quality (contextp->context,
344 princ, &pwd_data);
345 if (pwd_reason != NULL)
346 ret = KADM5_PASS_Q_DICT;
347 else
348 ret = 0;
349 } else
350 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
351
352 if(ret) {
353 krb5_free_principal(contextp->context, princ);
354 memset(password, 0, strlen(password));
355 free(password);
356 goto fail;
357 }
358 ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL,
359 password);
360 krb5_free_principal(contextp->context, princ);
361 memset(password, 0, strlen(password));
362 free(password);
363 krb5_storage_free(sp);
364 sp = krb5_storage_emem();
365 krb5_store_int32(sp, ret);
366 break;
367 }
368 case kadm_chpass_with_key:{
369 int i;
370 krb5_key_data *key_data;
371 int n_key_data;
372
373 op = "CHPASS_WITH_KEY";
374 ret = krb5_ret_principal(sp, &princ);
375 if(ret)
376 goto fail;
377 ret = krb5_ret_int32(sp, &n_key_data);
378 if (ret) {
379 krb5_free_principal(contextp->context, princ);
380 goto fail;
381 }
382 ret = krb5_ret_int32(sp, &keepold);
383 if (ret && ret != HEIM_ERR_EOF) {
384 krb5_free_principal(contextp->context, princ);
385 goto fail;
386 }
387 /* n_key_data will be squeezed into an int16_t below. */
388 if (n_key_data < 0 || n_key_data >= 1 << 16 ||
389 (size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
390 ret = ERANGE;
391 krb5_free_principal(contextp->context, princ);
392 goto fail;
393 }
394
395 key_data = malloc (n_key_data * sizeof(*key_data));
396 if (key_data == NULL && n_key_data != 0) {
397 ret = ENOMEM;
398 krb5_free_principal(contextp->context, princ);
399 goto fail;
400 }
401
402 for (i = 0; i < n_key_data; ++i) {
403 ret = kadm5_ret_key_data (sp, &key_data[i]);
404 if (ret) {
405 int16_t dummy = i;
406
407 kadm5_free_key_data (contextp, &dummy, key_data);
408 free (key_data);
409 krb5_free_principal(contextp->context, princ);
410 goto fail;
411 }
412 }
413
414 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
415 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
416
417 /*
418 * The change is only allowed if the user is on the CPW ACL,
419 * this it to force password quality check on the user.
420 */
421
422 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
423 if(ret) {
424 int16_t dummy = n_key_data;
425
426 kadm5_free_key_data (contextp, &dummy, key_data);
427 free (key_data);
428 krb5_free_principal(contextp->context, princ);
429 goto fail;
430 }
431 ret = kadm5_chpass_principal_with_key_3(kadm_handlep, princ, keepold,
432 n_key_data, key_data);
433 {
434 int16_t dummy = n_key_data;
435 kadm5_free_key_data (contextp, &dummy, key_data);
436 }
437 free (key_data);
438 krb5_free_principal(contextp->context, princ);
439 krb5_storage_free(sp);
440 sp = krb5_storage_emem();
441 krb5_store_int32(sp, ret);
442 break;
443 }
444 case kadm_randkey:{
445 op = "RANDKEY";
446 ret = krb5_ret_principal(sp, &princ);
447 if(ret)
448 goto fail;
449 krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
450 krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
451 /*
452 * The change is allowed if at least one of:
453 * a) it's for the principal him/herself and this was an initial ticket
454 * b) the user is on the CPW ACL.
455 */
456
457 if (initial
458 && krb5_principal_compare (contextp->context, contextp->caller,
459 princ))
460 ret = 0;
461 else
462 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
463
464 if(ret) {
465 krb5_free_principal(contextp->context, princ);
466 goto fail;
467 }
468
469 /*
470 * See comments in kadm5_c_randkey_principal() regarding the
471 * protocol.
472 */
473 ret = krb5_ret_int32(sp, &keepold);
474 if (ret != 0 && ret != HEIM_ERR_EOF) {
475 krb5_free_principal(contextp->context, princ);
476 goto fail;
477 }
478
479 ret = krb5_ret_int32(sp, &n_ks_tuple);
480 if (ret != 0 && ret != HEIM_ERR_EOF) {
481 krb5_free_principal(contextp->context, princ);
482 goto fail;
483 } else if (ret == 0) {
484 size_t i;
485
486 if (n_ks_tuple < 0) {
487 ret = EOVERFLOW;
488 krb5_free_principal(contextp->context, princ);
489 goto fail;
490 }
491
492 if ((ks_tuple = calloc(n_ks_tuple, sizeof (*ks_tuple))) == NULL) {
493 ret = errno;
494 krb5_free_principal(contextp->context, princ);
495 goto fail;
496 }
497
498 for (i = 0; i < n_ks_tuple; i++) {
499 ret = krb5_ret_int32(sp, &ks_tuple[i].ks_enctype);
500 if (ret != 0) {
501 krb5_free_principal(contextp->context, princ);
502 free(ks_tuple);
503 goto fail;
504 }
505 ret = krb5_ret_int32(sp, &ks_tuple[i].ks_salttype);
506 if (ret != 0) {
507 krb5_free_principal(contextp->context, princ);
508 free(ks_tuple);
509 goto fail;
510 }
511 }
512 }
513 ret = kadm5_randkey_principal_3(kadm_handlep, princ, keepold,
514 n_ks_tuple, ks_tuple, &new_keys,
515 &n_keys);
516 krb5_free_principal(contextp->context, princ);
517 free(ks_tuple);
518
519 krb5_storage_free(sp);
520 sp = krb5_storage_emem();
521 krb5_store_int32(sp, ret);
522 if(ret == 0){
523 int i;
524 krb5_store_int32(sp, n_keys);
525 for(i = 0; i < n_keys; i++){
526 krb5_store_keyblock(sp, new_keys[i]);
527 krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
528 }
529 free(new_keys);
530 }
531 break;
532 }
533 case kadm_get_privs:{
534 uint32_t privs;
535 ret = kadm5_get_privs(kadm_handlep, &privs);
536 krb5_storage_free(sp);
537 sp = krb5_storage_emem();
538 krb5_store_int32(sp, ret);
539 if(ret == 0)
540 krb5_store_uint32(sp, privs);
541 break;
542 }
543 case kadm_get_princs:{
544 op = "LIST";
545 ret = krb5_ret_int32(sp, &tmp);
546 if(ret)
547 goto fail;
548 if(tmp){
549 ret = krb5_ret_string(sp, &expression);
550 if(ret)
551 goto fail;
552 }else
553 expression = NULL;
554 krb5_warnx(contextp->context, "%s: %s %s", client, op,
555 expression ? expression : "*");
556 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_LIST, NULL);
557 if(ret){
558 free(expression);
559 goto fail;
560 }
561 ret = kadm5_get_principals(kadm_handlep, expression, &princs, &n_princs);
562 free(expression);
563 krb5_storage_free(sp);
564 sp = krb5_storage_emem();
565 krb5_store_int32(sp, ret);
566 if(ret == 0){
567 int i;
568 krb5_store_int32(sp, n_princs);
569 for(i = 0; i < n_princs; i++)
570 krb5_store_string(sp, princs[i]);
571 kadm5_free_name_list(kadm_handlep, princs, &n_princs);
572 }
573 break;
574 }
575 default:
576 krb5_warnx(contextp->context, "%s: UNKNOWN OP %d", client, cmd);
577 krb5_storage_free(sp);
578 sp = krb5_storage_emem();
579 krb5_store_int32(sp, KADM5_FAILURE);
580 break;
581 }
582 krb5_storage_to_data(sp, out);
583 krb5_storage_free(sp);
584 return 0;
585 fail:
586 krb5_warn(contextp->context, ret, "%s", op);
587 krb5_storage_seek(sp, 0, SEEK_SET);
588 krb5_store_int32(sp, ret);
589 krb5_storage_to_data(sp, out);
590 krb5_storage_free(sp);
591 return 0;
592 }
593
594 struct iter_aliases_ctx {
595 HDB_Ext_Aliases aliases;
596 krb5_tl_data *tl;
597 int alias_idx;
598 int done;
599 };
600
601 static kadm5_ret_t
602 iter_aliases(kadm5_principal_ent_rec *from,
603 struct iter_aliases_ctx *ctx,
604 krb5_principal *out)
605 {
606 HDB_extension ext;
607 kadm5_ret_t ret;
608 size_t size;
609
610 *out = NULL;
611
612 if (ctx->done > 0)
613 return 0;
614
615 if (ctx->done == 0) {
616 if (ctx->alias_idx < ctx->aliases.aliases.len) {
617 *out = &ctx->aliases.aliases.val[ctx->alias_idx++];
618 return 0;
619 }
620 /* Out of aliases in this TL, step to next TL */
621 ctx->tl = ctx->tl->tl_data_next;
622 } else if (ctx->done < 0) {
623 /* Setup iteration context */
624 memset(ctx, 0, sizeof(*ctx));
625 ctx->done = 0;
626 ctx->aliases.aliases.val = NULL;
627 ctx->aliases.aliases.len = 0;
628 ctx->tl = from->tl_data;
629 }
630
631 free_HDB_Ext_Aliases(&ctx->aliases);
632 ctx->alias_idx = 0;
633
634 /* Find TL with aliases */
635 for (; ctx->tl != NULL; ctx->tl = ctx->tl->tl_data_next) {
636 if (ctx->tl->tl_data_type != KRB5_TL_EXTENSION)
637 continue;
638
639 ret = decode_HDB_extension(ctx->tl->tl_data_contents,
640 ctx->tl->tl_data_length,
641 &ext, &size);
642 if (ret)
643 return ret;
644 if (ext.data.element == choice_HDB_extension_data_aliases &&
645 ext.data.u.aliases.aliases.len > 0) {
646 ctx->aliases = ext.data.u.aliases;
647 break;
648 }
649 free_HDB_extension(&ext);
650 }
651
652 if (ctx->tl != NULL && ctx->aliases.aliases.len > 0) {
653 *out = &ctx->aliases.aliases.val[ctx->alias_idx++];
654 return 0;
655 }
656
657 ctx->done = 1;
658 return 0;
659 }
660
661 static kadm5_ret_t
662 check_aliases(kadm5_server_context *contextp,
663 kadm5_principal_ent_rec *add_princ,
664 kadm5_principal_ent_rec *del_princ)
665 {
666 kadm5_ret_t ret;
667 struct iter_aliases_ctx iter;
668 struct iter_aliases_ctx iter_del;
669 krb5_principal new_name, old_name;
670 int match;
671
672 /*
673 * Yeah, this is O(N^2). Gathering and sorting all the aliases
674 * would be a bit of a pain; if we ever have principals with enough
675 * aliases for this to be a problem, we can fix it then.
676 */
677 for (iter.done = -1; iter.done != 1;) {
678 match = 0;
679 ret = iter_aliases(add_princ, &iter, &new_name);
680 if (ret)
681 return ret;
682 if (iter.done == 1)
683 break;
684 for (iter_del.done = -1; iter_del.done != 1;) {
685 ret = iter_aliases(del_princ, &iter_del, &old_name);
686 if (ret)
687 return ret;
688 if (iter_del.done == 1)
689 break;
690 if (!krb5_principal_compare(contextp->context, new_name, old_name))
691 continue;
692 free_HDB_Ext_Aliases(&iter_del.aliases);
693 match = 1;
694 break;
695 }
696 if (match)
697 continue;
698 ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, new_name);
699 if (ret) {
700 free_HDB_Ext_Aliases(&iter.aliases);
701 return ret;
702 }
703 }
704
705 return 0;
706 }
707
708 static void
709 v5_loop (krb5_context contextp,
710 krb5_auth_context ac,
711 krb5_boolean initial,
712 void *kadm_handlep,
713 krb5_socket_t fd)
714 {
715 krb5_error_code ret;
716 krb5_data in, out;
717
718 for (;;) {
719 doing_useful_work = 0;
720 if(term_flag)
721 exit(0);
722 ret = krb5_read_priv_message(contextp, ac, &fd, &in);
723 if(ret == HEIM_ERR_EOF)
724 exit(0);
725 if(ret)
726 krb5_err(contextp, 1, ret, "krb5_read_priv_message");
727 doing_useful_work = 1;
728 kadmind_dispatch(kadm_handlep, initial, &in, &out);
729 krb5_data_free(&in);
730 ret = krb5_write_priv_message(contextp, ac, &fd, &out);
731 if(ret)
732 krb5_err(contextp, 1, ret, "krb5_write_priv_message");
733 }
734 }
735
736 static krb5_boolean
737 match_appl_version(const void *data, const char *appl_version)
738 {
739 unsigned minor;
740 if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
741 return 0;
742 /*XXX*/
743 *(unsigned*)(intptr_t)data = minor;
744 return 1;
745 }
746
747 static void
748 handle_v5(krb5_context contextp,
749 krb5_keytab keytab,
750 krb5_socket_t fd)
751 {
752 krb5_error_code ret;
753 krb5_ticket *ticket;
754 char *server_name;
755 char *client;
756 void *kadm_handlep;
757 krb5_boolean initial;
758 krb5_auth_context ac = NULL;
759
760 unsigned kadm_version;
761 kadm5_config_params realm_params;
762
763 ret = krb5_recvauth_match_version(contextp, &ac, &fd,
764 match_appl_version, &kadm_version,
765 NULL, KRB5_RECVAUTH_IGNORE_VERSION,
766 keytab, &ticket);
767 if (ret)
768 krb5_err(contextp, 1, ret, "krb5_recvauth");
769
770 ret = krb5_unparse_name (contextp, ticket->server, &server_name);
771 if (ret)
772 krb5_err (contextp, 1, ret, "krb5_unparse_name");
773
774 if (strncmp (server_name, KADM5_ADMIN_SERVICE,
775 strlen(KADM5_ADMIN_SERVICE)) != 0)
776 krb5_errx (contextp, 1, "ticket for strange principal (%s)",
777 server_name);
778
779 free (server_name);
780
781 memset(&realm_params, 0, sizeof(realm_params));
782
783 if(kadm_version == 1) {
784 krb5_data params;
785 ret = krb5_read_priv_message(contextp, ac, &fd, &params);
786 if(ret)
787 krb5_err(contextp, 1, ret, "krb5_read_priv_message");
788 _kadm5_unmarshal_params(contextp, &params, &realm_params);
789 }
790
791 initial = ticket->ticket.flags.initial;
792 ret = krb5_unparse_name(contextp, ticket->client, &client);
793 if (ret)
794 krb5_err (contextp, 1, ret, "krb5_unparse_name");
795 krb5_free_ticket (contextp, ticket);
796 ret = kadm5_s_init_with_password_ctx(contextp,
797 client,
798 NULL,
799 KADM5_ADMIN_SERVICE,
800 &realm_params,
801 0, 0,
802 &kadm_handlep);
803 if(ret)
804 krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx");
805 v5_loop (contextp, ac, initial, kadm_handlep, fd);
806 }
807
808 krb5_error_code
809 kadmind_loop(krb5_context contextp,
810 krb5_keytab keytab,
811 krb5_socket_t sock)
812 {
813 u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4];
814 ssize_t n;
815 unsigned long len;
816
817 n = krb5_net_read(contextp, &sock, buf, 4);
818 if(n == 0)
819 exit(0);
820 if(n < 0)
821 krb5_err(contextp, 1, errno, "read");
822 _krb5_get_int(buf, &len, 4);
823
824 if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
825
826 n = krb5_net_read(contextp, &sock, buf + 4, len);
827 if (n < 0)
828 krb5_err (contextp, 1, errno, "reading sendauth version");
829 if (n == 0)
830 krb5_errx (contextp, 1, "EOF reading sendauth version");
831
832 if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
833 handle_v5(contextp, keytab, sock);
834 return 0;
835 }
836 len += 4;
837 } else
838 len = 4;
839
840 handle_mit(contextp, buf, len, sock);
841
842 return 0;
843 }
Heimdal