2c2
< * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
---
> * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
34a35
> #include "kadmin-commands.h"
36c37
< RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $");
---
> RCSID("$Id: mod.c 21968 2007-10-18 18:50:33Z lha $");
38,45c39,40
< static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
< int argc, char **argv, int *optind, char *name,
< int *mask);
<
< static int
< parse_args(krb5_context context, kadm5_principal_ent_t ent,
< int argc, char **argv, int *optind, char *name,
< int *mask)
---
> static void
> add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
47,53c42
< char *attr_str = NULL;
< char *max_life_str = NULL;
< char *max_rlife_str = NULL;
< char *expiration_str = NULL;
< char *pw_expiration_str = NULL;
< int new_kvno = -1;
< int ret, i;
---
> krb5_tl_data *tl, **ptl;
55,68c44,54
< struct getargs args[] = {
< {"attributes", 'a', arg_string, NULL, "Attributies",
< "attributes"},
< {"max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
< "lifetime"},
< {"max-renewable-life", 0, arg_string, NULL,
< "max renewable lifetime", "lifetime" },
< {"expiration-time", 0, arg_string,
< NULL, "Expiration time", "time"},
< {"pw-expiration-time", 0, arg_string,
< NULL, "Password expiration time", "time"},
< {"kvno", 0, arg_integer,
< NULL, "Key version number", "number"},
< };
---
> tl = ecalloc(1, sizeof(*tl));
> tl->tl_data_next = NULL;
> tl->tl_data_type = KRB5_TL_EXTENSION;
> tl->tl_data_length = data->length;
> tl->tl_data_contents = data->data;
>
> princ->n_tl_data++;
> ptl = &princ->tl_data;
> while (*ptl != NULL)
> ptl = &(*ptl)->tl_data_next;
> *ptl = tl;
70,76c56,57
< i = 0;
< args[i++].value = &attr_str;
< args[i++].value = &max_life_str;
< args[i++].value = &max_rlife_str;
< args[i++].value = &expiration_str;
< args[i++].value = &pw_expiration_str;
< args[i++].value = &new_kvno;
---
> return;
> }
78c59,71
< *optind = 0; /* XXX */
---
> static void
> add_constrained_delegation(krb5_context context,
> kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
> {
> krb5_error_code ret;
> HDB_extension ext;
> krb5_data buf;
> size_t size;
>
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
80,86c73,89
< if(getarg(args, sizeof(args) / sizeof(args[0]),
< argc, argv, optind)){
< arg_printusage(args,
< sizeof(args) / sizeof(args[0]),
< name ? name : "",
< "principal");
< return -1;
---
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.allowed_to_delegate_to.val = NULL;
> ext.data.u.allowed_to_delegate_to.len = 0;
> } else {
> krb5_principal p;
> int i;
>
> ext.data.u.allowed_to_delegate_to.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
> ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ret = krb5_parse_name(context, strings->strings[i], &p);
> ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
> krb5_free_principal(context, p);
> }
88,90c91,94
<
< ret = set_entry(context, ent, mask, max_life_str, max_rlife_str,
< expiration_str, pw_expiration_str, attr_str);
---
>
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
92c96,98
< return ret;
---
> abort();
> if (buf.length != size)
> abort();
94,98c100
< if(new_kvno != -1) {
< ent->kvno = new_kvno;
< *mask |= KADM5_KVNO;
< }
< return 0;
---
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
101,102c103,105
< int
< mod_entry(int argc, char **argv)
---
> static void
> add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
104,105d106
< kadm5_principal_ent_rec princ;
< int mask = 0;
107,108c108,117
< krb5_principal princ_ent = NULL;
< int optind;
---
> HDB_extension ext;
> krb5_data buf;
> krb5_principal p;
> size_t size;
> int i;
>
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_aliases;
> ext.data.u.aliases.case_insensitive = 0;
110c119,133
< memset (&princ, 0, sizeof(princ));
---
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.aliases.aliases.val = NULL;
> ext.data.u.aliases.aliases.len = 0;
> } else {
> ext.data.u.aliases.aliases.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.aliases.aliases.val[0]));
> ext.data.u.aliases.aliases.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ret = krb5_parse_name(context, strings->strings[i], &p);
> ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
> krb5_free_principal(context, p);
> }
> }
112,113c135,137
< ret = parse_args (context, &princ, argc, argv,
< &optind, "mod", &mask);
---
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
115c139,144
< return 0;
---
> abort();
> if (buf.length != size)
> abort();
>
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
> }
117,118c146,154
< argc -= optind;
< argv += optind;
---
> static void
> add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
> {
> krb5_error_code ret;
> HDB_extension ext;
> krb5_data buf;
> size_t size;
> int i;
120,122c156,172
< if (argc != 1) {
< printf ("Usage: mod [options] principal\n");
< return 0;
---
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_pkinit_acl;
> ext.data.u.aliases.case_insensitive = 0;
>
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.pkinit_acl.val = NULL;
> ext.data.u.pkinit_acl.len = 0;
> } else {
> ext.data.u.pkinit_acl.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.pkinit_acl.val[0]));
> ext.data.u.pkinit_acl.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
> }
125c175,184
< krb5_parse_name(context, argv[0], &princ_ent);
---
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
> if (ret)
> abort();
> if (buf.length != size)
> abort();
>
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
> }
127,137c186,220
< if (mask == 0) {
< memset(&princ, 0, sizeof(princ));
< ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
< KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
< KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
< KADM5_PRINC_EXPIRE_TIME |
< KADM5_PW_EXPIRATION);
< krb5_free_principal (context, princ_ent);
< if (ret) {
< printf ("no such principal: %s\n", argv[0]);
< return 0;
---
> static int
> do_mod_entry(krb5_principal principal, void *data)
> {
> krb5_error_code ret;
> kadm5_principal_ent_rec princ;
> int mask = 0;
> struct modify_options *e = data;
>
> memset (&princ, 0, sizeof(princ));
> ret = kadm5_get_principal(kadm_handle, principal, &princ,
> KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
> KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
> KADM5_PRINC_EXPIRE_TIME |
> KADM5_PW_EXPIRATION);
> if(ret)
> return ret;
>
> if(e->max_ticket_life_string ||
> e->max_renewable_life_string ||
> e->expiration_time_string ||
> e->pw_expiration_time_string ||
> e->attributes_string ||
> e->kvno_integer != -1 ||
> e->constrained_delegation_strings.num_strings ||
> e->alias_strings.num_strings ||
> e->pkinit_acl_strings.num_strings) {
> ret = set_entry(context, &princ, &mask,
> e->max_ticket_life_string,
> e->max_renewable_life_string,
> e->expiration_time_string,
> e->pw_expiration_time_string,
> e->attributes_string);
> if(e->kvno_integer != -1) {
> princ.kvno = e->kvno_integer;
> mask |= KADM5_KVNO;
139,143c222,234
< if(edit_entry(&princ, &mask, NULL, 0))
< goto out;
< } else {
< princ.principal = princ_ent;
< }
---
> if (e->constrained_delegation_strings.num_strings) {
> add_constrained_delegation(context, &princ,
> &e->constrained_delegation_strings);
> mask |= KADM5_TL_DATA;
> }
> if (e->alias_strings.num_strings) {
> add_aliases(context, &princ, &e->alias_strings);
> mask |= KADM5_TL_DATA;
> }
> if (e->pkinit_acl_strings.num_strings) {
> add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
> mask |= KADM5_TL_DATA;
> }
145,148c236,243
< ret = kadm5_modify_principal(kadm_handle, &princ, mask);
< if(ret)
< krb5_warn(context, ret, "kadm5_modify_principal");
< out:
---
> } else
> ret = edit_entry(&princ, &mask, NULL, 0);
> if(ret == 0) {
> ret = kadm5_modify_principal(kadm_handle, &princ, mask);
> if(ret)
> krb5_warn(context, ret, "kadm5_modify_principal");
> }
>
150c245
< return 0;
---
> return ret;
151a247,261
>
> int
> mod_entry(struct modify_options *opt, int argc, char **argv)
> {
> krb5_error_code ret = 0;
> int i;
>
> for(i = 0; i < argc; i++) {
> ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
> if (ret)
> break;
> }
> return ret != 0;
> }
>
< * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
---
> * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
34a35
> #include "kadmin-commands.h"
36c37
< RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $");
---
> RCSID("$Id: mod.c 21968 2007-10-18 18:50:33Z lha $");
38,45c39,40
< static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
< int argc, char **argv, int *optind, char *name,
< int *mask);
<
< static int
< parse_args(krb5_context context, kadm5_principal_ent_t ent,
< int argc, char **argv, int *optind, char *name,
< int *mask)
---
> static void
> add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
47,53c42
< char *attr_str = NULL;
< char *max_life_str = NULL;
< char *max_rlife_str = NULL;
< char *expiration_str = NULL;
< char *pw_expiration_str = NULL;
< int new_kvno = -1;
< int ret, i;
---
> krb5_tl_data *tl, **ptl;
55,68c44,54
< struct getargs args[] = {
< {"attributes", 'a', arg_string, NULL, "Attributies",
< "attributes"},
< {"max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
< "lifetime"},
< {"max-renewable-life", 0, arg_string, NULL,
< "max renewable lifetime", "lifetime" },
< {"expiration-time", 0, arg_string,
< NULL, "Expiration time", "time"},
< {"pw-expiration-time", 0, arg_string,
< NULL, "Password expiration time", "time"},
< {"kvno", 0, arg_integer,
< NULL, "Key version number", "number"},
< };
---
> tl = ecalloc(1, sizeof(*tl));
> tl->tl_data_next = NULL;
> tl->tl_data_type = KRB5_TL_EXTENSION;
> tl->tl_data_length = data->length;
> tl->tl_data_contents = data->data;
>
> princ->n_tl_data++;
> ptl = &princ->tl_data;
> while (*ptl != NULL)
> ptl = &(*ptl)->tl_data_next;
> *ptl = tl;
70,76c56,57
< i = 0;
< args[i++].value = &attr_str;
< args[i++].value = &max_life_str;
< args[i++].value = &max_rlife_str;
< args[i++].value = &expiration_str;
< args[i++].value = &pw_expiration_str;
< args[i++].value = &new_kvno;
---
> return;
> }
78c59,71
< *optind = 0; /* XXX */
---
> static void
> add_constrained_delegation(krb5_context context,
> kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
> {
> krb5_error_code ret;
> HDB_extension ext;
> krb5_data buf;
> size_t size;
>
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
80,86c73,89
< if(getarg(args, sizeof(args) / sizeof(args[0]),
< argc, argv, optind)){
< arg_printusage(args,
< sizeof(args) / sizeof(args[0]),
< name ? name : "",
< "principal");
< return -1;
---
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.allowed_to_delegate_to.val = NULL;
> ext.data.u.allowed_to_delegate_to.len = 0;
> } else {
> krb5_principal p;
> int i;
>
> ext.data.u.allowed_to_delegate_to.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
> ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ret = krb5_parse_name(context, strings->strings[i], &p);
> ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
> krb5_free_principal(context, p);
> }
88,90c91,94
<
< ret = set_entry(context, ent, mask, max_life_str, max_rlife_str,
< expiration_str, pw_expiration_str, attr_str);
---
>
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
92c96,98
< return ret;
---
> abort();
> if (buf.length != size)
> abort();
94,98c100
< if(new_kvno != -1) {
< ent->kvno = new_kvno;
< *mask |= KADM5_KVNO;
< }
< return 0;
---
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
101,102c103,105
< int
< mod_entry(int argc, char **argv)
---
> static void
> add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
104,105d106
< kadm5_principal_ent_rec princ;
< int mask = 0;
107,108c108,117
< krb5_principal princ_ent = NULL;
< int optind;
---
> HDB_extension ext;
> krb5_data buf;
> krb5_principal p;
> size_t size;
> int i;
>
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_aliases;
> ext.data.u.aliases.case_insensitive = 0;
110c119,133
< memset (&princ, 0, sizeof(princ));
---
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.aliases.aliases.val = NULL;
> ext.data.u.aliases.aliases.len = 0;
> } else {
> ext.data.u.aliases.aliases.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.aliases.aliases.val[0]));
> ext.data.u.aliases.aliases.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ret = krb5_parse_name(context, strings->strings[i], &p);
> ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
> krb5_free_principal(context, p);
> }
> }
112,113c135,137
< ret = parse_args (context, &princ, argc, argv,
< &optind, "mod", &mask);
---
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
115c139,144
< return 0;
---
> abort();
> if (buf.length != size)
> abort();
>
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
> }
117,118c146,154
< argc -= optind;
< argv += optind;
---
> static void
> add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
> struct getarg_strings *strings)
> {
> krb5_error_code ret;
> HDB_extension ext;
> krb5_data buf;
> size_t size;
> int i;
120,122c156,172
< if (argc != 1) {
< printf ("Usage: mod [options] principal\n");
< return 0;
---
> memset(&ext, 0, sizeof(ext));
> ext.mandatory = FALSE;
> ext.data.element = choice_HDB_extension_data_pkinit_acl;
> ext.data.u.aliases.case_insensitive = 0;
>
> if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
> ext.data.u.pkinit_acl.val = NULL;
> ext.data.u.pkinit_acl.len = 0;
> } else {
> ext.data.u.pkinit_acl.val =
> calloc(strings->num_strings,
> sizeof(ext.data.u.pkinit_acl.val[0]));
> ext.data.u.pkinit_acl.len = strings->num_strings;
>
> for (i = 0; i < strings->num_strings; i++) {
> ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
> }
125c175,184
< krb5_parse_name(context, argv[0], &princ_ent);
---
> ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
> &ext, &size, ret);
> free_HDB_extension(&ext);
> if (ret)
> abort();
> if (buf.length != size)
> abort();
>
> add_tl(princ, KRB5_TL_EXTENSION, &buf);
> }
127,137c186,220
< if (mask == 0) {
< memset(&princ, 0, sizeof(princ));
< ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
< KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
< KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
< KADM5_PRINC_EXPIRE_TIME |
< KADM5_PW_EXPIRATION);
< krb5_free_principal (context, princ_ent);
< if (ret) {
< printf ("no such principal: %s\n", argv[0]);
< return 0;
---
> static int
> do_mod_entry(krb5_principal principal, void *data)
> {
> krb5_error_code ret;
> kadm5_principal_ent_rec princ;
> int mask = 0;
> struct modify_options *e = data;
>
> memset (&princ, 0, sizeof(princ));
> ret = kadm5_get_principal(kadm_handle, principal, &princ,
> KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
> KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
> KADM5_PRINC_EXPIRE_TIME |
> KADM5_PW_EXPIRATION);
> if(ret)
> return ret;
>
> if(e->max_ticket_life_string ||
> e->max_renewable_life_string ||
> e->expiration_time_string ||
> e->pw_expiration_time_string ||
> e->attributes_string ||
> e->kvno_integer != -1 ||
> e->constrained_delegation_strings.num_strings ||
> e->alias_strings.num_strings ||
> e->pkinit_acl_strings.num_strings) {
> ret = set_entry(context, &princ, &mask,
> e->max_ticket_life_string,
> e->max_renewable_life_string,
> e->expiration_time_string,
> e->pw_expiration_time_string,
> e->attributes_string);
> if(e->kvno_integer != -1) {
> princ.kvno = e->kvno_integer;
> mask |= KADM5_KVNO;
139,143c222,234
< if(edit_entry(&princ, &mask, NULL, 0))
< goto out;
< } else {
< princ.principal = princ_ent;
< }
---
> if (e->constrained_delegation_strings.num_strings) {
> add_constrained_delegation(context, &princ,
> &e->constrained_delegation_strings);
> mask |= KADM5_TL_DATA;
> }
> if (e->alias_strings.num_strings) {
> add_aliases(context, &princ, &e->alias_strings);
> mask |= KADM5_TL_DATA;
> }
> if (e->pkinit_acl_strings.num_strings) {
> add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
> mask |= KADM5_TL_DATA;
> }
145,148c236,243
< ret = kadm5_modify_principal(kadm_handle, &princ, mask);
< if(ret)
< krb5_warn(context, ret, "kadm5_modify_principal");
< out:
---
> } else
> ret = edit_entry(&princ, &mask, NULL, 0);
> if(ret == 0) {
> ret = kadm5_modify_principal(kadm_handle, &princ, mask);
> if(ret)
> krb5_warn(context, ret, "kadm5_modify_principal");
> }
>
150c245
< return 0;
---
> return ret;
151a247,261
>
> int
> mod_entry(struct modify_options *opt, int argc, char **argv)
> {
> krb5_error_code ret = 0;
> int i;
>
> for(i = 0; i < argc; i++) {
> ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
> if (ret)
> break;
> }
> return ret != 0;
> }
>