| blob | 281822a30fc08d941a4cf7b6d67405822e98ed09 |
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
35 #include <krb5-private.h>
38 kadm5_principal_ent_rec *,
39 kadm5_principal_ent_rec *);
41 /*
42 * All the iter_cb stuff is about online listing of principals via
43 * kadm5_iter_principals(). Search for "LIST" to see more commentary.
44 */
46 krb5_context context;
47 krb5_auth_context ac;
49 kadm5_ret_t ret;
55 };
57 /*
58 * This function sends the current chunk of principal listing and checks if the
59 * client requested that the listing stop.
60 */
61 static int
63 {
65 krb5_data out;
70 fd_set fds;
73 /*
74 * The client can send us one message to interrupt the iteration.
75 *
76 * TODO: Maybe we should have the client send a message every N chunks
77 * so we can clock the listing and have a chance to receive any
78 * interrupt message from the client?
79 */
88 /*
89 * And it did. We'll throw this message away. It should be a NOP
90 * call, which we'd throw away anyways. If the client's stop
91 * message arrives after we're done anyways, well, it will be
92 * processed as a NOP and thrown away.
93 */
99 }
100 }
110 }
112 static int
114 {
119 /* Convince the compiler that `-(int)d->n' is defined */
125 /* Every chunk starts with a result code */
131 }
133 /*
134 * We'll send up to `d->n' entries per-write. We send a negative
135 * number to indicate we accepted the client's proposal that we speak
136 * the online LIST protocol.
137 *
138 * Note that if we're here then we've already placed a result code in
139 * this reply (see above).
140 */
147 /*
148 * Now that we've sent the acceptance reply, put a result code as the
149 * first thing in the next reply, which will have the first chunk of
150 * the listing.
151 */
157 }
163 /*
164 * We get called with `p == NULL' when the listing is done. This
165 * forces us to iter_cb_send_now(d) below, but also forces us to have a
166 * properly formed reply (i.e., that we have a result code as the first
167 * item), even if the chunk is otherwise empty (`d->i == 0').
168 */
170 }
177 }
179 static kadm5_ret_t
183 {
217 }
226 }
230 /*
231 * In the future we could use this for versioning.
232 *
233 * We used to respond to NOPs with KADM5_FAILURE. Now we respond with
234 * zero. In the future we could send back a protocol version number
235 * and use NOPs for protocol version negotiation.
236 *
237 * In the meantime, this gets called only if a client wants to
238 * interrupt a long-running LIST operation.
239 */
243 /*
244 * Reply not wanted. This would be a LIST interrupt request.
245 */
249 }
252 }
259 }
264 }
270 /* If the caller doesn't have KADM5_PRIV_GET, we're done. */
275 }
277 /* Then check to see if it is ok to return keys */
280 princ);
285 /*
286 * Requests for keys will get bogus keys, which is useful if
287 * the client just wants to see what (kvno, enctype)s the
288 * principal has keys for, but terrible if the client wants to
289 * write the keys into a keytab or modify the principal and
290 * write the bogus keys back to the server.
291 *
292 * We use a heuristic to detect which case we're handling here.
293 * If the client only asks for the flags in the above
294 * condition, then it's very likely a kadmin ext_keytab,
295 * add_enctype, or other request that should not see bogus
296 * keys. We deny them.
297 *
298 * The kadmin get command can be coaxed into making a request
299 * with the same mask. But the default long and terse output
300 * modes request other things too, so in all likelihood this
301 * heuristic will not hurt any kadmin get uses.
302 */
305 }
306 }
315 }
318 }
324 }
332 }
334 /*
335 * There's no need to check that the caller has permission to
336 * delete the victim principal's aliases.
337 */
342 }
348 }
353 }
359 }
365 }
375 }
377 /*
378 * Also check that the caller can create the aliases, if the
379 * new principal has any.
380 */
386 }
387 }
393 }
399 }
404 }
410 }
420 }
422 /*
423 * Also check that the caller can create aliases that are in
424 * the new entry but not the old one. There's no need to
425 * check that the caller can delete aliases it wants to
426 * drop. See also handling of rename.
427 */
433 }
440 }
441 }
446 }
452 }
461 }
468 }
473 }
479 }
486 }
494 KADM5_PRIV_ADD,
495 princ2);
497 /*
498 * Also require modify for the principal. For backwards
499 * compatibility, allow delete permission on the old name to
500 * cure lack of modify permission on the old name.
501 */
503 KADM5_PRIV_MODIFY,
504 princ);
507 KADM5_PRIV_DELETE,
508 princ);
509 }
510 }
514 }
519 }
527 }
539 }
543 }
545 /*
546 * Change password requests are subject to ACLs unless the principal is
547 * changing their own password and the initial ticket flag is set, and
548 * the allow_self_change_password configuration option is TRUE.
549 */
550 is_self_cpw =
552 allow_self_cpw =
560 }
561 }
564 password);
567 }
577 }
585 }
589 }
591 /* n_key_data will be squeezed into an int16_t below. */
597 }
604 }
615 }
616 }
618 /*
619 * The change is only allowed if the user is on the CPW ACL,
620 * this it to force password quality check on the user.
621 */
635 }
638 {
641 }
645 }
653 }
658 }
661 /*
662 * The change is allowed if at least one of:
663 * a) it's for the principal him/herself and this was an initial ticket
664 * b) the user is on the CPW ACL.
665 */
669 princ))
671 else
677 }
679 /*
680 * See comments in kadm5_c_randkey_principal() regarding the
681 * protocol.
682 */
687 }
697 princ),
704 }
708 }
714 }
720 }
728 }
734 }
735 }
748 }
750 }
752 }
759 }
766 }
767 /* See kadm5_c_iter_principals() */
769 /* Want online iteration */
774 }
778 }
784 }
794 }
799 /*
800 * The client proposes that we speak the online variation of LIST
801 * by sending a magic value in the int32 that is meant to be a
802 * boolean for "an expression follows". The client must send an
803 * expression in this case because the server might be an old one,
804 * so even if the caller to kadm5_get/iter_principals() passed NULL
805 * for the expression, the client must send something ("*").
806 *
807 * The list of principals will be streamed in multiple replies.
808 *
809 * The first reply will have just a return code and a negative
810 * count of maximum number of names per-subsequent reply. See
811 * `iter_cb()'.
812 *
813 * The second reply, third, .., nth replies will have a return code
814 * followed by 50 names, except the last reply must have fewer than
815 * 50 names -zero if need be- so the client can deterministically
816 * notice the end of the stream.
817 */
831 }
841 /*
842 * All sending of replies will happen in iter_cb, except for the
843 * final chunk with the final result code.
844 */
847 /* Send terminating chunk */
849 /* Final result */
862 }
863 }
866 }
871 }
873 fail:
878 }
893 }
896 HDB_Ext_Aliases aliases;
900 };
902 static kadm5_ret_t
906 {
907 HDB_extension ext;
908 kadm5_ret_t ret;
918 }
924 }
925 /* Out of aliases in this TL, step to next TL */
928 /* Setup iteration context */
934 }
939 /* Find TL with aliases */
953 }
955 }
960 }
964 }
966 static kadm5_ret_t
970 {
971 kadm5_ret_t ret;
977 /*
978 * Yeah, this is O(N^2). Gathering and sorting all the aliases
979 * would be a bit of a pain; if we ever have principals with enough
980 * aliases for this to be a problem, we can fix it then.
981 */
1000 }
1007 }
1008 }
1011 }
1013 static void
1015 krb5_auth_context ac,
1016 krb5_boolean initial,
1018 krb5_socket_t fd,
1020 {
1021 krb5_error_code ret;
1035 readonly);
1044 }
1045 }
1047 static krb5_boolean
1049 {
1053 /*XXX*/
1056 }
1058 static void
1060 krb5_keytab keytab,
1061 krb5_socket_t fd,
1063 {
1064 krb5_error_code ret;
1069 krb5_boolean initial;
1072 kadm5_config_params realm_params;
1081 }
1087 }
1094 }
1100 krb5_data params;
1106 }
1113 }
1114 }
1122 }
1124 client,
1125 NULL,
1126 KADM5_ADMIN_SERVICE,
1133 }
1135 }
1137 krb5_error_code
1139 krb5_keytab keytab,
1140 krb5_socket_t sock,
1142 {
1144 ssize_t n;
1165 }
1173 }