aboutsummaryrefslogtreecommitdiffstats
path: root/kadmin
diff options
context:
space:
mode:
authorHiroki Sato <hrs@FreeBSD.org>2018-04-04 04:21:19 +0000
committerHiroki Sato <hrs@FreeBSD.org>2018-04-04 04:21:19 +0000
commitd684f11da759490a8d98d7b790796106285f4084 (patch)
tree27b7356df710fdf1440fe2c23154b8121e99f2ab /kadmin
parentf52d4664e3f68828c06f85bfc1afa271e3e04713 (diff)
downloadsrc-d684f11da759490a8d98d7b790796106285f4084.tar.gz
src-d684f11da759490a8d98d7b790796106285f4084.zip
Notes
Notes: svn path=/vendor-crypto/heimdal/dist/; revision=331978 svn path=/vendor-crypto/heimdal/7.5.0/; revision=331979; tag=vendor/heimdal/7.5.0
Diffstat (limited to 'kadmin')
-rw-r--r--kadmin/Makefile.am8
-rw-r--r--kadmin/Makefile.in1029
-rw-r--r--kadmin/add-random-users.c36
-rw-r--r--kadmin/add_enctype.c26
-rw-r--r--kadmin/ank.c31
-rw-r--r--kadmin/check.c31
-rw-r--r--kadmin/cpw.c39
-rw-r--r--kadmin/del_enctype.c15
-rw-r--r--kadmin/dump.c20
-rw-r--r--kadmin/ext.c95
-rw-r--r--kadmin/get.c36
-rw-r--r--kadmin/init.c33
-rw-r--r--kadmin/kadm_conn.c9
-rw-r--r--kadmin/kadmin-commands.in73
-rw-r--r--kadmin/kadmin.1 (renamed from kadmin/kadmin.8)23
-rw-r--r--kadmin/kadmin.c19
-rw-r--r--kadmin/kadmin.cat1 (renamed from kadmin/kadmin.cat8)30
-rw-r--r--kadmin/kadmin_locl.h5
-rw-r--r--kadmin/kadmind.89
-rw-r--r--kadmin/kadmind.c34
-rw-r--r--kadmin/kadmind.cat88
-rw-r--r--kadmin/load.c155
-rw-r--r--kadmin/mod.c50
-rw-r--r--kadmin/rpc.c4
-rw-r--r--kadmin/server.c333
-rw-r--r--kadmin/stash.c23
-rw-r--r--kadmin/util.c77
27 files changed, 1738 insertions, 513 deletions
diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am
index 38f7ddecf8bf..74a2d54921e3 100644
--- a/kadmin/Makefile.am
+++ b/kadmin/Makefile.am
@@ -2,13 +2,13 @@
include $(top_srcdir)/Makefile.am.common
-AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi
+AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_readline) -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi
-sbin_PROGRAMS = kadmin
+bin_PROGRAMS = kadmin
libexec_PROGRAMS = kadmind
-man_MANS = kadmin.8 kadmind.8
+man_MANS = kadmin.1 kadmind.8
noinst_PROGRAMS = add_random_users
@@ -65,7 +65,7 @@ LDADD_common = \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
- $(DBLIB)
+ $(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
../lib/gssapi/libgssapi.la \
diff --git a/kadmin/Makefile.in b/kadmin/Makefile.in
index 53c43d160222..f8bab1cf8871 100644
--- a/kadmin/Makefile.in
+++ b/kadmin/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -22,6 +21,61 @@
# $Id$
VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -40,10 +94,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- $(top_srcdir)/Makefile.am.common \
- $(top_srcdir)/cf/Makefile.am.common ChangeLog
-sbin_PROGRAMS = kadmin$(EXEEXT)
+bin_PROGRAMS = kadmin$(EXEEXT)
libexec_PROGRAMS = kadmind$(EXEEXT)
noinst_PROGRAMS = add_random_users$(EXEEXT)
TESTS = test_util$(EXEEXT)
@@ -63,8 +114,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/check-man.m4 \
$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
$(top_srcdir)/cf/check-type-extra.m4 \
- $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
- $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/crypto.m4 \
$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
$(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \
$(top_srcdir)/cf/find-func-no-libs.m4 \
@@ -77,6 +127,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/krb-bigendian.m4 \
$(top_srcdir)/cf/krb-func-getlogin.m4 \
$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-prog-perl.m4 \
$(top_srcdir)/cf/krb-readline.m4 \
$(top_srcdir)/cf/krb-struct-spwd.m4 \
$(top_srcdir)/cf/krb-struct-winsize.m4 \
@@ -96,25 +147,31 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/include/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
am__EXEEXT_1 = test_util$(EXEEXT)
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \
- "$(DESTDIR)$(man8dir)"
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
am__DEPENDENCIES_1 =
am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
add_random_users_DEPENDENCIES = \
$(top_builddir)/lib/kadm5/libkadm5clnt.la \
$(top_builddir)/lib/kadm5/libkadm5srv.la $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
dist_kadmin_OBJECTS = ank.$(OBJEXT) add_enctype.$(OBJEXT) \
check.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
@@ -140,23 +197,49 @@ am__DEPENDENCIES_3 = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
test_util_DEPENDENCIES = $(am__DEPENDENCIES_3)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
$(nodist_kadmin_SOURCES) $(kadmind_SOURCES) \
$(test_util_SOURCES)
DIST_SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
$(kadmind_SOURCES) $(test_util_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -178,17 +261,222 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man1dir = $(mandir)/man1
man8dir = $(mandir)/man8
MANS = $(man_MANS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-am__tty_colors = \
-red=; grn=; lgn=; blu=; std=
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__recheck_rx = ^[ ]*:recheck:[ ]*
+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+ recheck = 1; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ { \
+ if ((getline line2 < ($$0 ".log")) < 0) \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+ { \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+ { \
+ break; \
+ } \
+ }; \
+ if (recheck) \
+ print $$0; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+ print "fatal: making $@: " msg | "cat >&2"; \
+ exit 1; \
+} \
+function rst_section(header) \
+{ \
+ print header; \
+ len = length(header); \
+ for (i = 1; i <= len; i = i + 1) \
+ printf "="; \
+ printf "\n\n"; \
+} \
+{ \
+ copy_in_global_log = 1; \
+ global_test_result = "RUN"; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".trs"); \
+ if (line ~ /$(am__global_test_result_rx)/) \
+ { \
+ sub("$(am__global_test_result_rx)", "", line); \
+ sub("[ ]*$$", "", line); \
+ global_test_result = line; \
+ } \
+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+ copy_in_global_log = 0; \
+ }; \
+ if (copy_in_global_log) \
+ { \
+ rst_section(global_test_result ": " $$0); \
+ while ((rc = (getline line < ($$0 ".log"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".log"); \
+ print line; \
+ }; \
+ printf "\n"; \
+ }; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+ --color-tests "$$am__color_tests" \
+ --enable-hard-errors "$$am__enable_hard_errors" \
+ --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test. Creates the
+# directory for the log if needed. Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log. Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup); \
+$(am__vpath_adj_setup) $(am__vpath_adj) \
+$(am__tty_colors); \
+srcdir=$(srcdir); export srcdir; \
+case "$@" in \
+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
+ *) am__odir=.;; \
+esac; \
+test "x$$am__odir" = x"." || test -d "$$am__odir" \
+ || $(MKDIR_P) "$$am__odir" || exit $$?; \
+if test -f "./$$f"; then dir=./; \
+elif test -f "$$f"; then dir=; \
+else dir="$(srcdir)/"; fi; \
+tst=$$dir$$f; log='$@'; \
+if test -n '$(DISABLE_HARD_ERRORS)'; then \
+ am__enable_hard_errors=no; \
+else \
+ am__enable_hard_errors=yes; \
+fi; \
+case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
+ am__expect_failure=yes;; \
+ *) \
+ am__expect_failure=no;; \
+esac; \
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed). The result is saved in the shell variable
+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+ bases='$(TEST_LOGS)'; \
+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+ bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+ case '$@' in \
+ */*) \
+ case '$*' in \
+ */*) b='$*';; \
+ *) b=`echo '$@' | sed 's/\.log$$//'`; \
+ esac;; \
+ *) \
+ b='$*';; \
+ esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+ $(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/depcomp \
+ $(top_srcdir)/test-driver ChangeLog
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+AS = @AS@
ASN1_COMPILE = @ASN1_COMPILE@
ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@
AUTOCONF = @AUTOCONF@
@@ -207,12 +495,12 @@ COMPILE_ET = @COMPILE_ET@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
+DB1LIB = @DB1LIB@
+DB3LIB = @DB3LIB@
DBHEADER = @DBHEADER@
-DBLIB = @DBLIB@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
DIR_hdbdir = @DIR_hdbdir@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
@@ -222,17 +510,17 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ENABLE_AFS_STRING_TO_KEY = @ENABLE_AFS_STRING_TO_KEY@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCD_MIG = @GCD_MIG@
GREP = @GREP@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
INCLUDE_libedit = @INCLUDE_libedit@
INCLUDE_libintl = @INCLUDE_libintl@
INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_openssl_crypto = @INCLUDE_openssl_crypto@
INCLUDE_readline = @INCLUDE_readline@
INCLUDE_sqlite3 = @INCLUDE_sqlite3@
INSTALL = @INSTALL@
@@ -251,12 +539,9 @@ LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
LIB_bswap16 = @LIB_bswap16@
LIB_bswap32 = @LIB_bswap32@
+LIB_bswap64 = @LIB_bswap64@
LIB_com_err = @LIB_com_err@
LIB_com_err_a = @LIB_com_err_a@
LIB_com_err_so = @LIB_com_err_so@
@@ -265,6 +550,7 @@ LIB_db_create = @LIB_db_create@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dispatch_async_f = @LIB_dispatch_async_f@
+LIB_dladdr = @LIB_dladdr@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_dns_search = @LIB_dns_search@
@@ -281,10 +567,8 @@ LIB_hcrypto = @LIB_hcrypto@
LIB_hcrypto_a = @LIB_hcrypto_a@
LIB_hcrypto_appl = @LIB_hcrypto_appl@
LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
LIB_hstrerror = @LIB_hstrerror@
LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
LIB_libedit = @LIB_libedit@
LIB_libintl = @LIB_libintl@
LIB_loadquery = @LIB_loadquery@
@@ -292,6 +576,7 @@ LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_openldap = @LIB_openldap@
LIB_openpty = @LIB_openpty@
+LIB_openssl_crypto = @LIB_openssl_crypto@
LIB_otp = @LIB_otp@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
@@ -306,12 +591,15 @@ LIB_sqlite3 = @LIB_sqlite3@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIPO = @LIPO@
+LMDBLIB = @LMDBLIB@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
+NDBMLIB = @NDBMLIB@
NM = @NM@
NMEDIT = @NMEDIT@
NO_AFS = @NO_AFS@
@@ -328,6 +616,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LDADD = @PTHREAD_LDADD@
@@ -342,13 +631,7 @@ STRIP = @STRIP@
VERSION = @VERSION@
VERSIONING = @VERSIONING@
WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
+WFLAGS_LITE = @WFLAGS_LITE@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
@@ -372,6 +655,8 @@ build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
+db_type = @db_type@
+db_type_preference = @db_type_preference@
docdir = @docdir@
dpagaix_cflags = @dpagaix_cflags@
dpagaix_ldadd = @dpagaix_ldadd@
@@ -407,32 +692,39 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+SUFFIXES = .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 \
+ .cat5 .cat7 .cat8
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_libintl) $(INCLUDE_readline) \
- $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 \
- -I$(top_builddir)/include/gssapi
+ -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
AM_CFLAGS = $(WFLAGS)
CP = cp
buildinclude = $(top_builddir)/include
+LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
libexec_heimdaldir = $(libexecdir)/heimdal
NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_FALSE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_TRUE@LIB_kafs =
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-LIB_heimbase = $(top_builddir)/base/libheimbase.la
+LIB_heimbase = $(top_builddir)/lib/base/libheimbase.la
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = kadmin.8 kadmind.8
+
+#silent-rules
+heim_verbose = $(heim_verbose_$(V))
+heim_verbose_ = $(heim_verbose_$(AM_DEFAULT_VERBOSITY))
+heim_verbose_0 = @echo " GEN "$@;
+man_MANS = kadmin.1 kadmind.8
dist_kadmin_SOURCES = \
ank.c \
add_enctype.c \
@@ -474,7 +766,7 @@ LDADD_common = \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken) \
- $(DBLIB)
+ $(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
../lib/gssapi/libgssapi.la \
@@ -507,7 +799,7 @@ EXTRA_DIST = \
all: all-am
.SUFFIXES:
-.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 .cat5 .cat7 .cat8 .c .lo .log .o .obj .test .test$(EXEEXT) .trs
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -520,7 +812,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign kadmin/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -529,6 +820,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
+$(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -538,25 +830,21 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
-
-clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
+install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
- @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p || test -f $$p1; \
- then echo "$$p"; echo "$$p"; else :; fi; \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
done | \
- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@@ -567,23 +855,24 @@ install-libexecPROGRAMS: $(libexec_PROGRAMS)
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
} \
; done
-uninstall-libexecPROGRAMS:
+uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' `; \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
-clean-libexecPROGRAMS:
- @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
@@ -591,24 +880,29 @@ clean-libexecPROGRAMS:
echo " rm -f" $$list; \
rm -f $$list
-clean-noinstPROGRAMS:
- @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libexecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libexecdir)" || exit 1; \
+ fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p || test -f $$p1; \
- then echo "$$p"; echo "$$p"; else :; fi; \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
done | \
- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@@ -619,41 +913,55 @@ install-sbinPROGRAMS: $(sbin_PROGRAMS)
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
} \
; done
-uninstall-sbinPROGRAMS:
+uninstall-libexecPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' `; \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
-clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
-add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) $(EXTRA_add_random_users_DEPENDENCIES)
@rm -f add_random_users$(EXEEXT)
- $(LINK) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
-kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
+
+kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES) $(EXTRA_kadmin_DEPENDENCIES)
@rm -f kadmin$(EXEEXT)
- $(LINK) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
-kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
+
+kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) $(EXTRA_kadmind_DEPENDENCIES)
@rm -f kadmind$(EXEEXT)
- $(LINK) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
-test_util$(EXEEXT): $(test_util_OBJECTS) $(test_util_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
+
+test_util$(EXEEXT): $(test_util_OBJECTS) $(test_util_DEPENDENCIES) $(EXTRA_test_util_DEPENDENCIES)
@rm -f test_util$(EXEEXT)
- $(LINK) $(test_util_OBJECTS) $(test_util_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(test_util_OBJECTS) $(test_util_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -688,38 +996,88 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man1: $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list=''; test -n "$(man8dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@@ -748,30 +1106,17 @@ uninstall-man8:
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- mkid -fID $$unique
-tags: TAGS
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ $(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
@@ -783,15 +1128,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$$unique; \
fi; \
fi
-ctags: CTAGS
-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
@@ -800,116 +1141,189 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-check-TESTS: $(TESTS)
- @failed=0; all=0; xfail=0; xpass=0; skip=0; \
- srcdir=$(srcdir); export srcdir; \
- list=' $(TESTS) '; \
- $(am__tty_colors); \
- if test -n "$$list"; then \
- for tst in $$list; do \
- if test -f ./$$tst; then dir=./; \
- elif test -f $$tst; then dir=; \
- else dir="$(srcdir)/"; fi; \
- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xpass=`expr $$xpass + 1`; \
- failed=`expr $$failed + 1`; \
- col=$$red; res=XPASS; \
- ;; \
- *) \
- col=$$grn; res=PASS; \
- ;; \
- esac; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xfail=`expr $$xfail + 1`; \
- col=$$lgn; res=XFAIL; \
- ;; \
- *) \
- failed=`expr $$failed + 1`; \
- col=$$red; res=FAIL; \
- ;; \
- esac; \
- else \
- skip=`expr $$skip + 1`; \
- col=$$blu; res=SKIP; \
- fi; \
- echo "$${col}$$res$${std}: $$tst"; \
- done; \
- if test "$$all" -eq 1; then \
- tests="test"; \
- All=""; \
- else \
- tests="tests"; \
- All="All "; \
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+ rm -f $< $@
+ $(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+ @:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+ @$(am__set_TESTS_bases); \
+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+ redo_bases=`for i in $$bases; do \
+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+ done`; \
+ if test -n "$$redo_bases"; then \
+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+ if $(am__make_dryrun); then :; else \
+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
fi; \
- if test "$$failed" -eq 0; then \
- if test "$$xfail" -eq 0; then \
- banner="$$All$$all $$tests passed"; \
- else \
- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
- fi; \
- else \
- if test "$$xpass" -eq 0; then \
- banner="$$failed of $$all $$tests failed"; \
+ fi; \
+ if test -n "$$am__remaking_logs"; then \
+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+ "recursion detected" >&2; \
+ elif test -n "$$redo_logs"; then \
+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+ fi; \
+ if $(am__make_dryrun); then :; else \
+ st=0; \
+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+ for i in $$redo_bases; do \
+ test -f $$i.trs && test -r $$i.trs \
+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+ test -f $$i.log && test -r $$i.log \
+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+ done; \
+ test $$st -eq 0 || exit 1; \
+ fi
+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+ ws='[ ]'; \
+ results=`for b in $$bases; do echo $$b.trs; done`; \
+ test -n "$$results" || results=/dev/null; \
+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+ success=true; \
+ else \
+ success=false; \
+ fi; \
+ br='==================='; br=$$br$$br$$br$$br; \
+ result_count () \
+ { \
+ if test x"$$1" = x"--maybe-color"; then \
+ maybe_colorize=yes; \
+ elif test x"$$1" = x"--no-color"; then \
+ maybe_colorize=no; \
else \
- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \
fi; \
- fi; \
- dashes="$$banner"; \
- skipped=""; \
- if test "$$skip" -ne 0; then \
- if test "$$skip" -eq 1; then \
- skipped="($$skip test was not run)"; \
+ shift; \
+ desc=$$1 count=$$2; \
+ if test $$maybe_colorize = yes && test $$count -gt 0; then \
+ color_start=$$3 color_end=$$std; \
else \
- skipped="($$skip tests were not run)"; \
+ color_start= color_end=; \
fi; \
- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$skipped"; \
- fi; \
- report=""; \
- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
- report="Please report to $(PACKAGE_BUGREPORT)"; \
- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$report"; \
- fi; \
- dashes=`echo "$$dashes" | sed s/./=/g`; \
- if test "$$failed" -eq 0; then \
- echo "$$grn$$dashes"; \
- else \
- echo "$$red$$dashes"; \
- fi; \
- echo "$$banner"; \
- test -z "$$skipped" || echo "$$skipped"; \
- test -z "$$report" || echo "$$report"; \
- echo "$$dashes$$std"; \
- test "$$failed" -eq 0; \
- else :; fi
+ echo "$${color_start}# $$desc $$count$${color_end}"; \
+ }; \
+ create_testsuite_report () \
+ { \
+ result_count $$1 "TOTAL:" $$all "$$brg"; \
+ result_count $$1 "PASS: " $$pass "$$grn"; \
+ result_count $$1 "SKIP: " $$skip "$$blu"; \
+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+ result_count $$1 "FAIL: " $$fail "$$red"; \
+ result_count $$1 "XPASS:" $$xpass "$$red"; \
+ result_count $$1 "ERROR:" $$error "$$mgn"; \
+ }; \
+ { \
+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
+ $(am__rst_title); \
+ create_testsuite_report --no-color; \
+ echo; \
+ echo ".. contents:: :depth: 2"; \
+ echo; \
+ for b in $$bases; do echo $$b; done \
+ | $(am__create_global_log); \
+ } >$(TEST_SUITE_LOG).tmp || exit 1; \
+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
+ if $$success; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
+ fi; \
+ echo "$${col}$$br$${std}"; \
+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}$$br$${std}"; \
+ create_testsuite_report --maybe-color; \
+ echo "$$col$$br$$std"; \
+ if $$success; then :; else \
+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
+ if test -n "$(PACKAGE_BUGREPORT)"; then \
+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
+ fi; \
+ echo "$$col$$br$$std"; \
+ fi; \
+ $$success || exit 1
+
+check-TESTS:
+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+ exit $$?;
+recheck: all $(check_PROGRAMS)
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ bases=`for i in $$bases; do echo $$i; done \
+ | $(am__list_recheck_tests)` || exit 1; \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ log_list=`echo $$log_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+ am__force_recheck=am--force-recheck \
+ TEST_LOGS="$$log_list"; \
+ exit $$?
+test_util.log: test_util$(EXEEXT)
+ @p='test_util$(EXEEXT)'; \
+ b='test_util'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+ @p='$<'; \
+ $(am__set_b); \
+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@ @p='$<'; \
+@am__EXEEXT_TRUE@ $(am__set_b); \
+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
distdir: $(DISTFILES)
- @list='$(MANS)'; if test -n "$$list"; then \
- list=`for p in $$list; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
- if test -n "$$list" && \
- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
- echo " typically \`make maintainer-clean' will remove them" >&2; \
- exit 1; \
- else :; fi; \
- else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -948,7 +1362,7 @@ check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(MANS) all-local
installdirs:
- for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -961,11 +1375,19 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
@@ -979,8 +1401,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
- clean-libtool clean-noinstPROGRAMS clean-sbinPROGRAMS \
+clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
+ clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
mostlyclean-am
distclean: distclean-am
@@ -1008,9 +1430,9 @@ install-dvi: install-dvi-am
install-dvi-am:
-install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec-am: install-binPROGRAMS install-exec-local \
+ install-libexecPROGRAMS
+
install-html: install-html-am
install-html-am:
@@ -1019,7 +1441,7 @@ install-info: install-info-am
install-info-am:
-install-man: install-man8
+install-man: install-man1 install-man8
install-pdf: install-pdf-am
@@ -1049,48 +1471,64 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-libexecPROGRAMS uninstall-man \
- uninstall-sbinPROGRAMS
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-uninstall-man: uninstall-man8
+uninstall-man: uninstall-man1 uninstall-man8
-.MAKE: check-am install-am install-data-am install-exec-am \
- install-strip uninstall-am
+.MAKE: check-am install-am install-data-am install-strip uninstall-am
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
- check-local clean clean-checkPROGRAMS clean-generic \
- clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
- clean-sbinPROGRAMS ctags dist-hook distclean distclean-compile \
+.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-TESTS \
+ check-am check-local clean clean-binPROGRAMS \
+ clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS cscopelist-am ctags \
+ ctags-am dist-hook distclean distclean-compile \
distclean-generic distclean-libtool distclean-tags distdir dvi \
dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-data-hook install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-hook \
- install-html install-html-am install-info install-info-am \
- install-libexecPROGRAMS install-man install-man8 install-pdf \
- install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-local install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man1 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
- uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
- uninstall-sbinPROGRAMS
+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
+ uninstall-man8
+
+.PRECIOUS: Makefile
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
- x=$(DESTDIR)$(bindir)/$$file; \
- if chown 0:0 $$x && chmod u+s $$x; then :; else \
- echo "*"; \
- echo "* Failed to install $$x setuid root"; \
- echo "*"; \
- fi; done
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; \
+ done
+
+install-exec-local: install-suid-programs
+
+codesign-all:
+ @if [ X"$$CODE_SIGN_IDENTITY" != X ] ; then \
+ foo='$(bin_PROGRAMS) $(sbin_PROGRAMS) $(libexec_PROGRAMS)' ; \
+ for file in $$foo ; do \
+ echo "CODESIGN $$file" ; \
+ codesign -f -s "$$CODE_SIGN_IDENTITY" $$file || exit 1 ; \
+ done ; \
+ fi
-install-exec-hook: install-suid-programs
+all-local: codesign-all
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
- @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) $(noinst_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(noinst_HEADERS)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -1098,7 +1536,7 @@ install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_incl
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f; \
+ $(CP) $$file $(buildinclude)/$$f || true; \
fi ; \
done ; \
foo='$(nobase_include_HEADERS)'; \
@@ -1155,6 +1593,8 @@ check-local::
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
+.7.cat7:
+ $(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
@@ -1197,6 +1637,19 @@ dist-cat5-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
+dist-cat7-mans:
+ @foo='$(man7_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.7) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat7/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
@@ -1210,13 +1663,13 @@ dist-cat8-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat7-mans dist-cat8-mans
install-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
uninstall-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
install-data-hook: install-cat-mans
uninstall-hook: uninstall-cat-mans
diff --git a/kadmin/add-random-users.c b/kadmin/add-random-users.c
index c3beaf206a6d..b3d6d581d9b3 100644
--- a/kadmin/add-random-users.c
+++ b/kadmin/add-random-users.c
@@ -77,8 +77,7 @@ read_words (const char *filename, char ***ret_w)
}
static void
-add_user (krb5_context context, void *kadm_handle,
- unsigned nwords, char **words)
+add_user (krb5_context ctx, void *hndl, unsigned nwords, char **words)
{
kadm5_principal_ent_rec princ;
char name[64];
@@ -94,14 +93,14 @@ add_user (krb5_context context, void *kadm_handle,
mask = KADM5_PRINCIPAL;
memset(&princ, 0, sizeof(princ));
- ret = krb5_parse_name(context, name, &princ.principal);
+ ret = krb5_parse_name(ctx, name, &princ.principal);
if (ret)
- krb5_err(context, 1, ret, "krb5_parse_name");
+ krb5_err(ctx, 1, ret, "krb5_parse_name");
- ret = kadm5_create_principal (kadm_handle, &princ, mask, name);
+ ret = kadm5_create_principal (hndl, &princ, mask, name);
if (ret)
- krb5_err (context, 1, ret, "kadm5_create_principal");
- kadm5_free_principal_ent(kadm_handle, &princ);
+ krb5_err (ctx, 1, ret, "kadm5_create_principal");
+ kadm5_free_principal_ent(hndl, &princ);
printf ("%s\n", name);
}
@@ -110,37 +109,38 @@ add_users (const char *filename, unsigned n)
{
krb5_error_code ret;
int i;
- void *kadm_handle;
- krb5_context context;
+ void *hndl;
+ krb5_context ctx;
unsigned nwords;
char **words;
- ret = krb5_init_context(&context);
+ ret = krb5_init_context(&ctx);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
- ret = kadm5_s_init_with_password_ctx(context,
+ ret = kadm5_s_init_with_password_ctx(ctx,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
NULL, 0, 0,
- &kadm_handle);
+ &hndl);
if(ret)
- krb5_err(context, 1, ret, "kadm5_init_with_password");
+ krb5_err(ctx, 1, ret, "kadm5_init_with_password");
nwords = read_words (filename, &words);
for (i = 0; i < n; ++i)
- add_user (context, kadm_handle, nwords, words);
- kadm5_destroy(kadm_handle);
- krb5_free_context(context);
+ add_user (ctx, hndl, nwords, words);
+ kadm5_destroy(hndl);
+ krb5_free_context(ctx);
+ free(words);
}
static int version_flag = 0;
static int help_flag = 0;
static struct getargs args[] = {
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
+ { "version", 0, arg_flag, &version_flag, NULL, NULL },
+ { "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void
diff --git a/kadmin/add_enctype.c b/kadmin/add_enctype.c
index 233c4ab9498f..0ababf4f1976 100644
--- a/kadmin/add_enctype.c
+++ b/kadmin/add_enctype.c
@@ -55,7 +55,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
return 0;
}
- memset (&princ, 0, sizeof(princ));
+ memset(&princ, 0, sizeof(princ));
princ_name = argv[0];
n_etypes = argc - 1;
etypes = malloc (n_etypes * sizeof(*etypes));
@@ -65,7 +65,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
}
argv++;
for (i = 0; i < n_etypes; ++i) {
- ret = krb5_string_to_enctype (context, argv[i], &etypes[i]);
+ ret = krb5_string_to_enctype(context, argv[i], &etypes[i]);
if (ret) {
krb5_warnx (context, "bad enctype \"%s\"", argv[i]);
goto out2;
@@ -74,20 +74,27 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
ret = krb5_parse_name(context, princ_name, &princ_ent);
if (ret) {
- krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
+ krb5_warn(context, ret, "krb5_parse_name %s", princ_name);
goto out2;
}
+ /* The principal might have zero keys, but it will still have a kvno! */
ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
- KADM5_PRINCIPAL | KADM5_KEY_DATA);
+ KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA);
if (ret) {
- krb5_free_principal (context, princ_ent);
- krb5_warnx (context, "no such principal: %s", princ_name);
+ krb5_free_principal(context, princ_ent);
+ krb5_warnx(context, "no such principal: %s", princ_name);
goto out2;
}
- new_key_data = malloc((princ.n_key_data + n_etypes)
- * sizeof(*new_key_data));
+ /* Check that we got key data */
+ if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
+ krb5_warnx(context, "user lacks get-keys privilege");
+ goto out;
+ }
+
+ new_key_data = calloc(princ.n_key_data + n_etypes,
+ sizeof(*new_key_data));
if (new_key_data == NULL) {
krb5_warnx (context, "out of memory");
goto out;
@@ -98,6 +105,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
for (j = 0; j < n_etypes; ++j) {
if (etypes[j] == key->key_data_type[0]) {
+ /* XXX Should this be an error? The admin can del_enctype... */
krb5_warnx(context, "enctype %d already exists",
(int)etypes[j]);
free(new_key_data);
@@ -113,7 +121,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
memset(&new_key_data[n], 0, sizeof(new_key_data[n]));
new_key_data[n].key_data_ver = 2;
- new_key_data[n].key_data_kvno = 0;
+ new_key_data[n].key_data_kvno = princ.kvno;
ret = krb5_generate_random_keyblock (context, etypes[i], &keyblock);
if (ret) {
diff --git a/kadmin/ank.c b/kadmin/ank.c
index 0b7ebc027434..ffa5b7439fc0 100644
--- a/kadmin/ank.c
+++ b/kadmin/ank.c
@@ -68,6 +68,7 @@ add_one_principal (const char *name,
int rand_password,
int use_defaults,
char *password,
+ char *policy,
krb5_key_data *key_data,
const char *max_ticket_life,
const char *max_renewable_life,
@@ -94,7 +95,7 @@ add_one_principal (const char *name,
ret = set_entry(context, &princ, &mask,
max_ticket_life, max_renewable_life,
- expiration, pw_expiration, attributes);
+ expiration, pw_expiration, attributes, policy);
if (ret)
goto out;
@@ -124,10 +125,18 @@ add_one_principal (const char *name,
} else if(password == NULL) {
char *princ_name;
char *prompt;
+ int aret;
- krb5_unparse_name(context, princ_ent, &princ_name);
- asprintf (&prompt, "%s's Password: ", princ_name);
+ ret = krb5_unparse_name(context, princ_ent, &princ_name);
+ if (ret)
+ goto out;
+ aret = asprintf (&prompt, "%s's Password: ", princ_name);
free (princ_name);
+ if (aret == -1) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret, "out of memory");
+ goto out;
+ }
ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
free (prompt);
if (ret) {
@@ -158,11 +167,18 @@ add_one_principal (const char *name,
free(new_keys);
kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
+ krb5_free_principal(context, princ_ent);
+ princ_ent = princ.principal;
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ /*
+ * Updating kvno w/o key data and vice-versa gives _kadm5_setup_entry()
+ * and _kadm5_set_keys2() headaches. But we used to, so we handle
+ * this in in those two functions. Might as well leave this code as
+ * it was then.
+ */
princ.kvno = 1;
kadm5_modify_principal(kadm_handle, &princ,
KADM5_ATTRIBUTES | KADM5_KVNO);
- kadm5_free_principal_ent(kadm_handle, &princ);
} else if (key_data) {
ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
3, key_data);
@@ -171,9 +187,10 @@ add_one_principal (const char *name,
}
kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
+ krb5_free_principal(context, princ_ent);
+ princ_ent = princ.principal;
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
- kadm5_free_principal_ent(kadm_handle, &princ);
} else if (rand_password) {
char *princ_name;
@@ -182,8 +199,7 @@ add_one_principal (const char *name,
free (princ_name);
}
out:
- if (princ_ent)
- krb5_free_principal (context, princ_ent);
+ kadm5_free_principal_ent(kadm_handle, &princ); /* frees princ_ent */
if(default_ent)
kadm5_free_principal_ent (kadm_handle, default_ent);
if (password != NULL)
@@ -245,6 +261,7 @@ add_new_key(struct add_options *opt, int argc, char **argv)
opt->random_password_flag,
opt->use_defaults_flag,
opt->password_string,
+ opt->policy_string,
kdp,
opt->max_ticket_life_string,
opt->max_renewable_life_string,
diff --git a/kadmin/check.c b/kadmin/check.c
index b5a03854ab72..f4f2034dcdd7 100644
--- a/kadmin/check.c
+++ b/kadmin/check.c
@@ -51,7 +51,7 @@ get_check_entry(const char *name, kadm5_principal_ent_rec *ent)
}
memset(ent, 0, sizeof(*ent));
- ret = kadm5_get_principal(kadm_handle, principal, ent, 0);
+ ret = kadm5_get_principal(kadm_handle, principal, ent, KADM5_ATTRIBUTES);
krb5_free_principal(context, principal);
if(ret)
return 1;
@@ -185,6 +185,35 @@ check(void *opt, int argc, char **argv)
kadm5_free_principal_ent(kadm_handle, &ent);
/*
+ * Check default@REALM
+ *
+ * Check that disallow-all-tix is set on the default principal
+ * (or that the entry doesn't exists)
+ */
+
+ if (asprintf(&p, "default@%s", realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ goto fail;
+ }
+
+ ret = get_check_entry(p, &ent);
+ if (ret == 0) {
+ if ((ent.attributes & KRB5_KDB_DISALLOW_ALL_TIX) == 0) {
+ printf("default template entry is not disabled\n");
+ ret = EINVAL;
+ }
+ kadm5_free_principal_ent(kadm_handle, &ent);
+
+ } else {
+ ret = 0;
+ }
+
+ free(p);
+
+ if (ret)
+ goto fail;
+
+ /*
* Check for duplicate afs keys
*/
diff --git a/kadmin/cpw.c b/kadmin/cpw.c
index c5a2eb87e9f1..425575d8953c 100644
--- a/kadmin/cpw.c
+++ b/kadmin/cpw.c
@@ -35,6 +35,7 @@
#include "kadmin-commands.h"
struct cpw_entry_data {
+ int keepold;
int random_key;
int random_password;
char *password;
@@ -42,14 +43,15 @@ struct cpw_entry_data {
};
static int
-set_random_key (krb5_principal principal)
+set_random_key (krb5_principal principal, int keepold)
{
krb5_error_code ret;
int i;
krb5_keyblock *keys;
int num_keys;
- ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
+ ret = kadm5_randkey_principal_3(kadm_handle, principal, keepold, 0, NULL,
+ &keys, &num_keys);
if(ret)
return ret;
for(i = 0; i < num_keys; i++)
@@ -59,13 +61,13 @@ set_random_key (krb5_principal principal)
}
static int
-set_random_password (krb5_principal principal)
+set_random_password (krb5_principal principal, int keepold)
{
krb5_error_code ret;
char pw[128];
random_password (pw, sizeof(pw));
- ret = kadm5_chpass_principal(kadm_handle, principal, pw);
+ ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL, pw);
if (ret == 0) {
char *princ_name;
@@ -79,18 +81,23 @@ set_random_password (krb5_principal principal)
}
static int
-set_password (krb5_principal principal, char *password)
+set_password (krb5_principal principal, char *password, int keepold)
{
krb5_error_code ret = 0;
char pwbuf[128];
+ int aret;
if(password == NULL) {
char *princ_name;
char *prompt;
- krb5_unparse_name(context, principal, &princ_name);
- asprintf(&prompt, "%s's Password: ", princ_name);
+ ret = krb5_unparse_name(context, principal, &princ_name);
+ if (ret)
+ return ret;
+ aret = asprintf(&prompt, "%s's Password: ", princ_name);
free (princ_name);
+ if (aret == -1)
+ return ENOMEM;
ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
free (prompt);
if(ret){
@@ -99,18 +106,19 @@ set_password (krb5_principal principal, char *password)
password = pwbuf;
}
if(ret == 0)
- ret = kadm5_chpass_principal(kadm_handle, principal, password);
+ ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
+ password);
memset(pwbuf, 0, sizeof(pwbuf));
return ret;
}
static int
-set_key_data (krb5_principal principal, krb5_key_data *key_data)
+set_key_data (krb5_principal principal, krb5_key_data *key_data, int keepold)
{
krb5_error_code ret;
- ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
- 3, key_data);
+ ret = kadm5_chpass_principal_with_key_3(kadm_handle, principal, keepold,
+ 3, key_data);
return ret;
}
@@ -120,13 +128,13 @@ do_cpw_entry(krb5_principal principal, void *data)
struct cpw_entry_data *e = data;
if (e->random_key)
- return set_random_key (principal);
+ return set_random_key (principal, e->keepold);
else if (e->random_password)
- return set_random_password (principal);
+ return set_random_password (principal, e->keepold);
else if (e->key_data)
- return set_key_data (principal, e->key_data);
+ return set_key_data (principal, e->key_data, e->keepold);
else
- return set_password (principal, e->password);
+ return set_password (principal, e->password, e->keepold);
}
int
@@ -138,6 +146,7 @@ cpw_entry(struct passwd_options *opt, int argc, char **argv)
int num;
krb5_key_data key_data[3];
+ data.keepold = opt->keepold_flag;
data.random_key = opt->random_key_flag;
data.random_password = opt->random_password_flag;
data.password = opt->password_string;
diff --git a/kadmin/del_enctype.c b/kadmin/del_enctype.c
index 01d2036a45c8..c32ce14c11cf 100644
--- a/kadmin/del_enctype.c
+++ b/kadmin/del_enctype.c
@@ -49,6 +49,7 @@ del_enctype(void *opt, int argc, char **argv)
krb5_key_data *new_key_data;
int n_etypes;
krb5_enctype *etypes;
+ krb5_key_data *key;
memset (&princ, 0, sizeof(princ));
princ_name = argv[0];
@@ -81,6 +82,11 @@ del_enctype(void *opt, int argc, char **argv)
goto out2;
}
+ if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
+ krb5_warnx(context, "user lacks get-keys privilege");
+ goto out;
+ }
+
new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data));
if (new_key_data == NULL && princ.n_key_data != 0) {
krb5_warnx (context, "out of memory");
@@ -88,14 +94,15 @@ del_enctype(void *opt, int argc, char **argv)
}
for (i = 0, j = 0; i < princ.n_key_data; ++i) {
- krb5_key_data *key = &princ.key_data[i];
int docopy = 1;
+ key = &princ.key_data[i];
- for (k = 0; k < n_etypes; ++k)
+ for (k = 0; k < n_etypes; ++k) {
if (etypes[k] == key->key_data_type[0]) {
docopy = 0;
break;
}
+ }
if (docopy) {
new_key_data[j++] = *key;
} else {
@@ -106,6 +113,10 @@ del_enctype(void *opt, int argc, char **argv)
}
free (princ.key_data);
+ if (j == 0) {
+ free(new_key_data);
+ new_key_data = NULL;
+ }
princ.n_key_data = j;
princ.key_data = new_key_data;
diff --git a/kadmin/dump.c b/kadmin/dump.c
index 91a5ada86607..0f2ed7445126 100644
--- a/kadmin/dump.c
+++ b/kadmin/dump.c
@@ -42,32 +42,42 @@ dump(struct dump_options *opt, int argc, char **argv)
{
krb5_error_code ret;
FILE *f;
+ struct hdb_print_entry_arg parg;
HDB *db = NULL;
- if(!local_flag) {
+ if (!local_flag) {
krb5_warnx(context, "dump is only available in local (-l) mode");
return 0;
}
db = _kadm5_s_get_db(kadm_handle);
- if(argc == 0)
+ if (argc == 0)
f = stdout;
else
f = fopen(argv[0], "w");
- if(f == NULL) {
+ if (f == NULL) {
krb5_warn(context, errno, "open: %s", argv[0]);
goto out;
}
ret = db->hdb_open(context, db, O_RDONLY, 0600);
- if(ret) {
+ if (ret) {
krb5_warn(context, ret, "hdb_open");
goto out;
}
+ if (!opt->format_string || strcmp(opt->format_string, "Heimdal") == 0) {
+ parg.fmt = HDB_DUMP_HEIMDAL;
+ } else if (opt->format_string && strcmp(opt->format_string, "MIT") == 0) {
+ parg.fmt = HDB_DUMP_MIT;
+ fprintf(f, "kdb5_util load_dump version 5\n"); /* 5||6, either way */
+ } else {
+ krb5_errx(context, 1, "Supported dump formats: Heimdal and MIT");
+ }
+ parg.out = f;
hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0,
- hdb_print_entry, f);
+ hdb_print_entry, &parg);
db->hdb_close(context, db);
out:
diff --git a/kadmin/ext.c b/kadmin/ext.c
index cce38bc175f6..32e3a12f69b7 100644
--- a/kadmin/ext.c
+++ b/kadmin/ext.c
@@ -36,6 +36,7 @@
struct ext_keytab_data {
krb5_keytab keytab;
+ int random_key_flag;
};
static int
@@ -46,43 +47,76 @@ do_ext_keytab(krb5_principal principal, void *data)
struct ext_keytab_data *e = data;
krb5_keytab_entry *keys = NULL;
krb5_keyblock *k = NULL;
- int i, n_k;
+ size_t i;
+ int n_k = 0;
+ uint32_t mask;
+ char *unparsed = NULL;
- ret = kadm5_get_principal(kadm_handle, principal, &princ,
- KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
- if(ret)
+ mask = KADM5_PRINCIPAL;
+ if (!e->random_key_flag)
+ mask |= KADM5_KVNO | KADM5_KEY_DATA;
+
+ ret = kadm5_get_principal(kadm_handle, principal, &princ, mask);
+ if (ret)
return ret;
- if (princ.n_key_data) {
- keys = malloc(sizeof(*keys) * princ.n_key_data);
+ ret = krb5_unparse_name(context, principal, &unparsed);
+ if (ret)
+ goto out;
+
+ if (!e->random_key_flag) {
+ if (princ.n_key_data == 0) {
+ krb5_warnx(context, "principal has no keys, or user lacks "
+ "get-keys privilege for %s", unparsed);
+ goto out;
+ }
+ /*
+ * kadmin clients and servers from master between 1.5 and 1.6
+ * can have corrupted a principal's keys in the HDB. If some
+ * are bogus but not all are, then that must have happened.
+ *
+ * If all keys are bogus then the server may be a pre-1.6,
+ * post-1.5 server and the client lacks get-keys privilege, or
+ * the keys are corrupted. We can't tell here.
+ */
+ if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
+ krb5_warnx(context, "user lacks get-keys privilege for %s",
+ unparsed);
+ goto out;
+ }
+ if (kadm5_some_keys_are_bogus(princ.n_key_data, princ.key_data)) {
+ krb5_warnx(context, "some keys for %s are corrupted in the HDB",
+ unparsed);
+ }
+ keys = calloc(sizeof(*keys), princ.n_key_data);
if (keys == NULL) {
- kadm5_free_principal_ent(kadm_handle, &princ);
- krb5_clear_error_message(context);
- return ENOMEM;
+ ret = krb5_enomem(context);
+ goto out;
}
for (i = 0; i < princ.n_key_data; i++) {
krb5_key_data *kd = &princ.key_data[i];
+ /* Don't extract bogus keys */
+ if (kadm5_all_keys_are_bogus(1, kd))
+ continue;
+
keys[i].principal = princ.principal;
keys[i].vno = kd->key_data_kvno;
keys[i].keyblock.keytype = kd->key_data_type[0];
keys[i].keyblock.keyvalue.length = kd->key_data_length[0];
keys[i].keyblock.keyvalue.data = kd->key_data_contents[0];
keys[i].timestamp = time(NULL);
+ n_k++;
}
-
- n_k = princ.n_key_data;
- } else {
+ } else if (e->random_key_flag) {
ret = kadm5_randkey_principal(kadm_handle, principal, &k, &n_k);
- if (ret) {
- kadm5_free_principal_ent(kadm_handle, &princ);
- return ret;
- }
- keys = malloc(sizeof(*keys) * n_k);
+ if (ret)
+ goto out;
+
+ keys = calloc(sizeof(*keys), n_k);
if (keys == NULL) {
- kadm5_free_principal_ent(kadm_handle, &princ);
- krb5_clear_error_message(context);
- return ENOMEM;
+ ret = krb5_enomem(context);
+ goto out;
}
for (i = 0; i < n_k; i++) {
keys[i].principal = principal;
@@ -92,19 +126,24 @@ do_ext_keytab(krb5_principal principal, void *data)
}
}
- for(i = 0; i < n_k; i++) {
+ if (n_k == 0)
+ krb5_warn(context, ret, "no keys written to keytab for %s", unparsed);
+
+ for (i = 0; i < n_k; i++) {
ret = krb5_kt_add_entry(context, e->keytab, &keys[i]);
- if(ret)
- krb5_warn(context, ret, "krb5_kt_add_entry(%d)", i);
+ if (ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry(%lu)", (unsigned long)i);
}
+ out:
+ kadm5_free_principal_ent(kadm_handle, &princ);
if (k) {
- memset(k, 0, n_k * sizeof(*k));
+ for (i = 0; i < n_k; i++)
+ memset(k[i].keyvalue.data, 0, k[i].keyvalue.length);
free(k);
}
- if (keys)
- free(keys);
- kadm5_free_principal_ent(kadm_handle, &princ);
+ free(unparsed);
+ free(keys);
return 0;
}
@@ -125,6 +164,8 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
return 1;
}
+ data.random_key_flag = opt->random_key_flag;
+
for(i = 0; i < argc; i++) {
ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data);
if (ret)
diff --git a/kadmin/get.c b/kadmin/get.c
index 0895b53ccba2..802b65dc5e8f 100644
--- a/kadmin/get.c
+++ b/kadmin/get.c
@@ -60,11 +60,13 @@ static struct field_name {
{ "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
{ "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
{ "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
- { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
+ { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL | KADM5_KVNO, "Keytypes", "Keytypes", 0 },
{ "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
{ "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
{ "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
- { NULL }
+ { "hist-kvno-diff-clnt", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_CLNT, 0, "Clnt hist keys", "Historic keys allowed for client", 0 },
+ { "hist-kvno-diff-svc", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_SVC, 0, "Svc hist keys", "Historic keys allowed for service", 0 },
+ { NULL, 0, 0, 0, NULL, NULL, 0 }
};
struct field_info {
@@ -123,12 +125,17 @@ format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
{
krb5_error_code ret;
char *s;
+ int aret;
+ buf[0] = '\0';
ret = krb5_enctype_to_string (context,
k->key_data_type[0],
&s);
- if (ret)
- asprintf (&s, "unknown(%d)", k->key_data_type[0]);
+ if (ret) {
+ aret = asprintf (&s, "unknown(%d)", k->key_data_type[0]);
+ if (aret == -1)
+ return; /* Nothing to do here, we have no way to pass the err */
+ }
strlcpy(buf, s, buf_len);
free(s);
@@ -138,22 +145,33 @@ format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
k->key_data_type[0],
k->key_data_type[1],
&s);
- if (ret)
- asprintf (&s, "unknown(%d)", k->key_data_type[1]);
+ if (ret) {
+ aret = asprintf (&s, "unknown(%d)", k->key_data_type[1]);
+ if (aret == -1)
+ return; /* Again, nothing else to do... */
+ }
strlcat(buf, s, buf_len);
free(s);
+ aret = 0;
if (cmp_salt(def_salt, k) == 0)
s = strdup("");
else if(k->key_data_length[1] == 0)
s = strdup("()");
else
- asprintf (&s, "(%.*s)", k->key_data_length[1],
- (char *)k->key_data_contents[1]);
+ aret = asprintf (&s, "(%.*s)", k->key_data_length[1],
+ (char *)k->key_data_contents[1]);
+ if (aret == -1 || s == NULL)
+ return; /* Again, nothing else we can do... */
strlcat(buf, s, buf_len);
free(s);
-
+ aret = asprintf (&s, "[%d]", k->key_data_kvno);
+ if (aret == -1)
+ return;
strlcat(buf, ")", buf_len);
+
+ strlcat(buf, s, buf_len);
+ free(s);
}
static void
diff --git a/kadmin/init.c b/kadmin/init.c
index 19f7328fc17c..20ed93216f9b 100644
--- a/kadmin/init.c
+++ b/kadmin/init.c
@@ -37,11 +37,14 @@
#include "kadmin-commands.h"
#include <kadm5/private.h>
+#define CRE_DUP_OK 1
+
static kadm5_ret_t
create_random_entry(krb5_principal princ,
unsigned max_life,
unsigned max_rlife,
- uint32_t attributes)
+ uint32_t attributes,
+ unsigned flags)
{
kadm5_principal_ent_rec ent;
kadm5_ret_t ret;
@@ -78,6 +81,8 @@ create_random_entry(krb5_principal princ,
/* Create the entry with a random password */
ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
if(ret) {
+ if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
+ goto out;
krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
name);
goto out;
@@ -152,6 +157,10 @@ init(struct init_options *opt, int argc, char **argv)
krb5_warn(context, ret, "hdb_open");
return 0;
}
+ ret = kadm5_log_reinit(kadm_handle, 0);
+ if (ret)
+ krb5_err(context, 1, ret, "Failed iprop log initialization");
+ kadm5_log_end(kadm_handle);
db->hdb_close(context, db);
for(i = 0; i < argc; i++){
krb5_principal princ;
@@ -177,7 +186,7 @@ init(struct init_options *opt, int argc, char **argv)
if(ret)
return 0;
- create_random_entry(princ, max_life, max_rlife, 0);
+ create_random_entry(princ, max_life, max_rlife, 0, 0);
krb5_free_principal(context, princ);
if (opt->bare_flag)
@@ -198,13 +207,14 @@ init(struct init_options *opt, int argc, char **argv)
KRB5_KDB_DISALLOW_POSTDATED|
KRB5_KDB_DISALLOW_RENEWABLE|
KRB5_KDB_DISALLOW_PROXIABLE|
- KRB5_KDB_REQUIRES_PRE_AUTH);
+ KRB5_KDB_REQUIRES_PRE_AUTH,
+ 0);
krb5_free_principal(context, princ);
/* Create `kadmin/admin' */
krb5_make_principal(context, &princ, realm,
"kadmin", "admin", NULL);
- create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
+ create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH, 0);
krb5_free_principal(context, princ);
/* Create `changepw/kerberos' (for v4 compat) */
@@ -212,7 +222,7 @@ init(struct init_options *opt, int argc, char **argv)
"changepw", "kerberos", NULL);
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_DISALLOW_TGT_BASED|
- KRB5_KDB_PWCHANGE_SERVICE);
+ KRB5_KDB_PWCHANGE_SERVICE, 0);
krb5_free_principal(context, princ);
@@ -221,17 +231,26 @@ init(struct init_options *opt, int argc, char **argv)
"kadmin", "hprop", NULL);
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_REQUIRES_PRE_AUTH|
- KRB5_KDB_DISALLOW_TGT_BASED);
+ KRB5_KDB_DISALLOW_TGT_BASED, 0);
krb5_free_principal(context, princ);
/* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */
krb5_make_principal(context, &princ, realm,
KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL);
create_random_entry(princ, 60*60, 60*60,
- KRB5_KDB_REQUIRES_PRE_AUTH);
+ KRB5_KDB_REQUIRES_PRE_AUTH, 0);
krb5_free_principal(context, princ);
+ /* Create `WELLKNONW/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L' for FAST cookie */
+ krb5_make_principal(context, &princ, KRB5_WELLKNOWN_ORG_H5L_REALM,
+ KRB5_WELLKNOWN_NAME, "org.h5l.fast-cookie", NULL);
+ create_random_entry(princ, 60*60, 60*60,
+ KRB5_KDB_REQUIRES_PRE_AUTH|
+ KRB5_KDB_DISALLOW_TGT_BASED|
+ KRB5_KDB_DISALLOW_ALL_TIX, CRE_DUP_OK);
+ krb5_free_principal(context, princ);
+
/* Create `default' */
{
kadm5_principal_ent_rec ent;
diff --git a/kadmin/kadm_conn.c b/kadmin/kadm_conn.c
index e959d0362ff3..d29864ad2f8e 100644
--- a/kadmin/kadm_conn.c
+++ b/kadmin/kadm_conn.c
@@ -36,6 +36,8 @@
#include <sys/wait.h>
#endif
+extern int daemon_child;
+
struct kadm_port {
char *port;
unsigned short def_port;
@@ -189,7 +191,8 @@ wait_for_connection(krb5_context contextp,
pgrp = getpid();
- if(setpgid(0, pgrp) < 0)
+ /* systemd may cause setpgid to fail with EPERM */
+ if(setpgid(0, pgrp) < 0 && errno != EPERM)
err(1, "setpgid");
signal(SIGTERM, terminate);
@@ -261,6 +264,7 @@ start_server(krb5_context contextp, const char *port_str)
if(tmp == NULL) {
krb5_warnx(contextp, "failed to reallocate %lu bytes",
(unsigned long)(num_socks + i) * sizeof(*socks));
+ freeaddrinfo(ai);
continue;
}
socks = tmp;
@@ -291,5 +295,8 @@ start_server(krb5_context contextp, const char *port_str)
if(num_socks == 0)
krb5_errx(contextp, 1, "no sockets to listen to - exiting");
+ roken_detach_finish(NULL, daemon_child);
+
wait_for_connection(contextp, socks, num_socks);
+ free(socks);
}
diff --git a/kadmin/kadmin-commands.in b/kadmin/kadmin-commands.in
index 4396ff800441..63bd7f9b9fd8 100644
--- a/kadmin/kadmin-commands.in
+++ b/kadmin/kadmin-commands.in
@@ -76,6 +76,12 @@ command = {
type = "flag"
help = "decrypt keys"
}
+ option = {
+ long = "format"
+ short = "f"
+ type = "string"
+ help = "dump format, mit or heimdal (default: heimdal)"
+ }
argument = "[dump-file]"
min_args = "0"
max_args = "1"
@@ -175,10 +181,30 @@ command = {
help = "password expiration time"
}
option = {
+ long = "hist-kvno-diff-clnt"
+ type = "integer"
+ argument = "kvno diff"
+ help = "historic keys allowed for client"
+ default = "-1"
+ }
+ option = {
+ long = "hist-kvno-diff-svc"
+ type = "integer"
+ argument = "kvno diff"
+ help = "historic keys allowed for service"
+ default = "-1"
+ }
+ option = {
long = "use-defaults"
type = "flag"
help = "use default values"
}
+ option = {
+ long = "policy"
+ type = "string"
+ argument = "policy"
+ help = "policy name"
+ }
argument = "principal..."
min_args = "1"
help = "Adds a principal to the database."
@@ -210,6 +236,11 @@ command = {
type = "string"
help = "DES key in hex"
}
+ option = {
+ long = "keepold"
+ type = "flag"
+ help = "keep old keys/password"
+ }
argument = "principal..."
min_args = "1"
help = "Changes the password of one or more principals matching the expressions."
@@ -249,6 +280,12 @@ command = {
type = "string"
help = "keytab to use"
}
+ option = {
+ long = "random-key"
+ short = "r"
+ type = "flag"
+ help = "set random key"
+ }
argument = "principal..."
min_args = "1"
help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
@@ -353,6 +390,26 @@ command = {
argument = "subject dn"
help = "aliases"
}
+ option = {
+ long = "policy"
+ type = "string"
+ argument = "policy"
+ help = "policy name"
+ }
+ option = {
+ long = "hist-kvno-diff-clnt"
+ type = "integer"
+ argument = "kvno diff"
+ help = "historic keys allowed for client"
+ default = "-1"
+ }
+ option = {
+ long = "hist-kvno-diff-svc"
+ type = "integer"
+ argument = "kvno diff"
+ help = "historic keys allowed for service"
+ default = "-1"
+ }
argument = "principal"
min_args = "1"
max_args = "1"
@@ -415,6 +472,22 @@ command = {
help = "Check the realm (if not given, the default realm) for configuration errors."
}
command = {
+ name = "lock"
+ function = "lock"
+ argument = ""
+ min_args = "0"
+ max_args = "0"
+ help = "Lock the database for writing (use with care)."
+}
+command = {
+ name = "unlock"
+ function = "unlock"
+ argument = ""
+ min_args = "0"
+ max_args = "0"
+ help = "Unlock the database."
+}
+command = {
name = "help"
name = "?"
argument = "[command]"
diff --git a/kadmin/kadmin.8 b/kadmin/kadmin.1
index bd2fd4e7363f..ef5c87e434c1 100644
--- a/kadmin/kadmin.8
+++ b/kadmin/kadmin.1
@@ -32,7 +32,7 @@
.\" $Id$
.\"
.Dd Feb 22, 2007
-.Dt KADMIN 8
+.Dt KADMIN 1
.Os HEIMDAL
.Sh NAME
.Nm kadmin
@@ -110,10 +110,13 @@ Commands include:
.Op Fl Fl attributes= Ns Ar attributes
.Op Fl Fl expiration-time= Ns Ar time
.Op Fl Fl pw-expiration-time= Ns Ar time
+.Op Fl Fl policy= Ns Ar policy-name
.Ar principal...
.Bd -ragged -offset indent
Adds a new principal to the database. The options not passed on the
command line will be promped for.
+The only policy supported by Heimdal servers is
+.Ql default .
.Ed
.Pp
.Nm add_enctype
@@ -146,7 +149,9 @@ enctypes.
.Oc
.Ar principal...
.Bd -ragged -offset indent
-Creates a keytab with the keys of the specified principals.
+Creates a keytab with the keys of the specified principals. Requires
+get-keys rights, otherwise the principal's keys are changed and saved in
+the keytab.
.Ed
.Pp
.Nm get
@@ -200,12 +205,16 @@ and
.Op Fl Fl expiration-time= Ns Ar time
.Op Fl Fl pw-expiration-time= Ns Ar time
.Op Fl Fl kvno= Ns Ar number
+.Op Fl Fl policy= Ns Ar policy-name
.Ar principal...
.Bd -ragged -offset indent
Modifies certain attributes of a principal. If run without command
line options, you will be prompted. With command line options, it will
only change the ones specified.
.Pp
+Only policy supported by Heimdal is
+.Ql default .
+.Pp
Possible attributes are:
.Li new-princ ,
.Li support-desmd5 ,
@@ -228,6 +237,7 @@ kadmin -l modify -a -disallow-proxiable user
.Ed
.Pp
.Nm passwd
+.Op Fl Fl keepold
.Op Fl r | Fl Fl random-key
.Op Fl Fl random-password
.Oo Fl p Ar string \*(Ba Xo
@@ -260,6 +270,7 @@ Lists the operations you are allowed to perform. These include
.Li delete ,
.Li del_enctype ,
.Li get ,
+.Li get-keys ,
.Li list ,
and
.Li modify .
@@ -286,14 +297,18 @@ When running in local mode, the following commands can also be used:
.Pp
.Nm dump
.Op Fl d | Fl Fl decrypt
+.Op Fl f Ns Ar format | Fl Fl format= Ns Ar format
.Op Ar dump-file
.Bd -ragged -offset indent
Writes the database in
-.Dq human readable
+.Dq machine readable text
form to the specified file, or standard out. If the database is
encrypted, the dump will also have encrypted keys, unless
.Fl Fl decrypt
-is used.
+is used. If
+.Fl Fl format=MIT
+is used then the dump will be in MIT format. Otherwise it will be in
+Heimdal format.
.Ed
.Pp
.Nm init
diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c
index 6e31828afa16..602ef91a5fc2 100644
--- a/kadmin/kadmin.c
+++ b/kadmin/kadmin.c
@@ -112,6 +112,18 @@ exit_kadmin (void *opt, int argc, char **argv)
return 0;
}
+int
+lock(void *opt, int argc, char **argv)
+{
+ return kadm5_lock(kadm_handle);
+}
+
+int
+unlock(void *opt, int argc, char **argv)
+{
+ return kadm5_unlock(kadm_handle);
+}
+
static void
usage(int ret)
{
@@ -147,6 +159,7 @@ main(int argc, char **argv)
kadm5_config_params conf;
int optidx = 0;
int exit_status = 0;
+ int aret;
setprogname(argv[0]);
@@ -169,8 +182,8 @@ main(int argc, char **argv)
argv += optidx;
if (config_file == NULL) {
- asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
- if (config_file == NULL)
+ aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (aret == -1)
errx(1, "out of memory");
}
@@ -265,7 +278,7 @@ main(int argc, char **argv)
if (argc != 0) {
ret = sl_command (commands, argc, argv);
if(ret == -1)
- krb5_warnx (context, "unrecognized command: %s", argv[0]);
+ sl_did_you_mean(commands, argv[0]);
else if (ret == -2)
ret = 0;
if(ret != 0)
diff --git a/kadmin/kadmin.cat8 b/kadmin/kadmin.cat1
index 03865678bc79..0c6c0405cfd1 100644
--- a/kadmin/kadmin.cat8
+++ b/kadmin/kadmin.cat1
@@ -1,5 +1,5 @@
-KADMIN(8) BSD System Manager's Manual KADMIN(8)
+KADMIN(1) BSD General Commands Manual KADMIN(1)
NNAAMMEE
kkaaddmmiinn -- Kerberos administration utility
@@ -53,10 +53,12 @@ DDEESSCCRRIIPPTTIIOONN
aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
[----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
- [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
+ [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
+ [----ppoolliiccyy==_p_o_l_i_c_y_-_n_a_m_e] _p_r_i_n_c_i_p_a_l_._._.
Adds a new principal to the database. The options not passed on the
- command line will be promped for.
+ command line will be promped for. The only policy supported by
+ Heimdal servers is `default'.
aadddd__eennccttyyppee [--rr | ----rraannddoomm--kkeeyy] _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
@@ -76,6 +78,8 @@ DDEESSCCRRIIPPTTIIOONN
eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
Creates a keytab with the keys of the specified principals.
+ Requires get-keys rights, otherwise the principal's keys are
+ changed and saved in the keytab.
ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] [--oo _s_t_r_i_n_g |
----ccoolluummnn--iinnffoo==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
@@ -98,12 +102,14 @@ DDEESSCCRRIIPPTTIIOONN
mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
[----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
[----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----kkvvnnoo==_n_u_m_b_e_r]
- _p_r_i_n_c_i_p_a_l_._._.
+ [----ppoolliiccyy==_p_o_l_i_c_y_-_n_a_m_e] _p_r_i_n_c_i_p_a_l_._._.
Modifies certain attributes of a principal. If run without command
line options, you will be prompted. With command line options, it
will only change the ones specified.
+ Only policy supported by Heimdal is `default'.
+
Possible attributes are: new-princ, support-desmd5,
pwchange-service, disallow-svr, requires-pw-change,
requires-hw-auth, requires-pre-auth, disallow-all-tix,
@@ -114,7 +120,7 @@ DDEESSCCRRIIPPTTIIOONN
kadmin -l modify -a -disallow-proxiable user
- ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+ ppaasssswwdd [----kkeeeeppoolldd] [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
Changes the password of an existing principal.
@@ -130,8 +136,8 @@ DDEESSCCRRIIPPTTIIOONN
pprriivviilleeggeess
Lists the operations you are allowed to perform. These include add,
- add_enctype, change-password, delete, del_enctype, get, list, and
- modify.
+ add_enctype, change-password, delete, del_enctype, get, get-keys,
+ list, and modify.
rreennaammee _f_r_o_m _t_o
@@ -147,11 +153,13 @@ DDEESSCCRRIIPPTTIIOONN
When running in local mode, the following commands can also be used:
- dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
+ dduummpp [--dd | ----ddeeccrryypptt] [--ff_f_o_r_m_a_t | ----ffoorrmmaatt==_f_o_r_m_a_t] [_d_u_m_p_-_f_i_l_e]
- Writes the database in ``human readable'' form to the specified
- file, or standard out. If the database is encrypted, the dump will
- also have encrypted keys, unless ----ddeeccrryypptt is used.
+ Writes the database in ``machine readable text'' form to the speci-
+ fied file, or standard out. If the database is encrypted, the dump
+ will also have encrypted keys, unless ----ddeeccrryypptt is used. If
+ ----ffoorrmmaatt==MMIITT is used then the dump will be in MIT format. Other-
+ wise it will be in Heimdal format.
iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g] [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g]
_r_e_a_l_m
diff --git a/kadmin/kadmin_locl.h b/kadmin/kadmin_locl.h
index bd92d9fbe9fd..924af78dc220 100644
--- a/kadmin/kadmin_locl.h
+++ b/kadmin/kadmin_locl.h
@@ -109,6 +109,9 @@ int str2attributes(const char *, krb5_flags *);
int parse_attributes (const char *, krb5_flags *, int *, int);
int edit_attributes (const char *, krb5_flags *, int *, int);
+int parse_policy (const char *, char **, int *, int);
+int edit_policy (const char *, char **, int *, int);
+
void time_t2str(time_t, char *, size_t, int);
int str2time_t (const char *, time_t *);
int parse_timet (const char *, krb5_timestamp *, int *, int);
@@ -124,7 +127,7 @@ int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
int set_entry(krb5_context, kadm5_principal_ent_t, int *,
const char *, const char *, const char *,
- const char *, const char *);
+ const char *, const char *, const char *);
int
foreach_principal(const char *, int (*)(krb5_principal, void*),
const char *, void *);
diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8
index 894340c24951..f66615932c3a 100644
--- a/kadmin/kadmind.8
+++ b/kadmin/kadmind.8
@@ -107,6 +107,8 @@ add
.It
get
.It
+get-keys
+.It
all
.El
.Pp
@@ -147,14 +149,15 @@ compiled in defaults:
.D1 Nm Fl Fl ports Ns Li "=\*[q]+ 4711\*[q] &"
.Pp
This acl file will grant Joe all rights, and allow Mallory to view and
-add host principals.
+add host principals, as well as extract host principal keys (e.g., into
+keytabs).
.Bd -literal -offset indent
joe/admin@EXAMPLE.COM all
-mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
+mallory/admin@EXAMPLE.COM add,get-keys host/*@EXAMPLE.COM
.Ed
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
.Xr kpasswd 1 ,
-.Xr kadmin 8 ,
+.Xr kadmin 1 ,
.Xr kdc 8 ,
.Xr kpasswdd 8
diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c
index f99f9572334a..12abaa598262 100644
--- a/kadmin/kadmind.c
+++ b/kadmin/kadmind.c
@@ -37,7 +37,7 @@ static char *check_library = NULL;
static char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL };
static char *config_file;
-static char sHDB[] = "HDB:";
+static char sHDB[] = "HDBGET:";
static char *keytab_str = sHDB;
static int help_flag;
static int version_flag;
@@ -45,6 +45,9 @@ static int debug_flag;
static char *port_str;
char *realm;
+static int detach_from_console = -1;
+int daemon_child = -1;
+
static struct getargs args[] = {
{
"config-file", 'c', arg_string, &config_file,
@@ -68,6 +71,14 @@ static struct getargs args[] = {
{ "debug", 'd', arg_flag, &debug_flag,
"enable debugging", NULL
},
+ {
+ "detach", 0 , arg_flag, &detach_from_console,
+ "detach from console", NULL
+ },
+ {
+ "daemon-child", 0 , arg_integer, &daemon_child,
+ "private argument, do not use", NULL
+ },
{ "ports", 'p', arg_string, &port_str,
"ports to listen to", "port" },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
@@ -98,10 +109,6 @@ main(int argc, char **argv)
setprogname(argv[0]);
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
-
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
@@ -115,12 +122,21 @@ main(int argc, char **argv)
exit(0);
}
+ if (detach_from_console > 0 && daemon_child == -1)
+ roken_detach_prep(argc, argv, "--daemon-child");
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
- asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
- if (config_file == NULL)
+ int aret;
+
+ aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (aret == -1)
errx(1, "out of memory");
}
@@ -140,7 +156,7 @@ main(int argc, char **argv)
if (ret)
krb5_err(context, 1, ret, "krb5_set_warn_dest");
- ret = krb5_kt_register(context, &hdb_kt_ops);
+ ret = krb5_kt_register(context, &hdb_get_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
@@ -171,7 +187,6 @@ main(int argc, char **argv)
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
- pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
@@ -185,7 +200,6 @@ main(int argc, char **argv)
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
- pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
diff --git a/kadmin/kadmind.cat8 b/kadmin/kadmind.cat8
index 7f3565c687b8..d1607c9a4e4c 100644
--- a/kadmin/kadmind.cat8
+++ b/kadmin/kadmind.cat8
@@ -37,6 +37,7 @@ DDEESSCCRRIIPPTTIIOONN
++oo modify
++oo add
++oo get
+ ++oo get-keys
++oo all
And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
@@ -76,12 +77,13 @@ EEXXAAMMPPLLEESS
kkaaddmmiinndd ----ppoorrttss="+ 4711" &
This acl file will grant Joe all rights, and allow Mallory to view and
- add host principals.
+ add host principals, as well as extract host principal keys (e.g., into
+ keytabs).
joe/admin@EXAMPLE.COM all
- mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
+ mallory/admin@EXAMPLE.COM add,get-keys host/*@EXAMPLE.COM
SSEEEE AALLSSOO
- kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
+ kpasswd(1), kadmin(1), kdc(8), kpasswdd(8)
HEIMDAL December 8, 2004 HEIMDAL
diff --git a/kadmin/load.c b/kadmin/load.c
index eb33be77ac5f..f448710b8646 100644
--- a/kadmin/load.c
+++ b/kadmin/load.c
@@ -31,6 +31,8 @@
* SUCH DAMAGE.
*/
+#include <limits.h>
+
#include "kadmin_locl.h"
#include "kadmin-commands.h"
#include <kadm5/private.h>
@@ -308,9 +310,11 @@ parse_generation(char *str, GENERATION **gen)
return 0;
}
+/* On error modify strp to point to the problem element */
static int
-parse_extensions(char *str, HDB_extensions **e)
+parse_extensions(char **strp, HDB_extensions **e)
{
+ char *str = *strp;
char *p;
int ret;
@@ -328,18 +332,21 @@ parse_extensions(char *str, HDB_extensions **e)
void *d;
len = strlen(p);
- d = malloc(len);
+ d = emalloc(len);
len = hex_decode(p, d, len);
if (len < 0) {
free(d);
+ *strp = p;
return -1;
}
ret = decode_HDB_extension(d, len, &ext, NULL);
free(d);
- if (ret)
+ if (ret) {
+ *strp = p;
return -1;
+ }
d = realloc((*e)->val, ((*e)->len + 1) * sizeof((*e)->val[0]));
if (d == NULL)
abort();
@@ -353,6 +360,45 @@ parse_extensions(char *str, HDB_extensions **e)
return 0;
}
+/* XXX: Principal names with '\n' cannot be dumped or loaded */
+static int
+my_fgetln(FILE *f, char **bufp, size_t *szp, size_t *lenp)
+{
+ size_t len;
+ size_t sz = *szp;
+ char *buf = *bufp;
+ char *p, *n;
+
+ if (!buf) {
+ buf = malloc(sz ? sz : 8192);
+ if (!buf)
+ return ENOMEM;
+ if (!sz)
+ sz = 8192;
+ }
+
+ len = 0;
+ while ((p = fgets(&buf[len], sz-len, f)) != NULL) {
+ len += strlen(&buf[len]);
+ if (buf[len-1] == '\n')
+ break;
+ if (feof(f))
+ break;
+ if (sz > SIZE_MAX/2 ||
+ (n = realloc(buf, sz += 1 + (sz >> 1))) == NULL) {
+ free(buf);
+ *bufp = NULL;
+ *szp = 0;
+ *lenp = 0;
+ return ENOMEM;
+ }
+ buf = n;
+ }
+ *bufp = buf;
+ *szp = sz;
+ *lenp = len;
+ return 0; /* *len == 0 || no EOL -> EOF */
+}
/*
* Parse the dump file in `filename' and create the database (merging
@@ -362,50 +408,63 @@ parse_extensions(char *str, HDB_extensions **e)
static int
doit(const char *filename, int mergep)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
+ krb5_error_code ret2 = 0;
FILE *f;
- char s[8192]; /* XXX should fix this properly */
+ char *line = NULL;
+ size_t linesz = 0;
+ size_t linelen = 0;
char *p;
- int line;
+ int lineno;
int flags = O_RDWR;
struct entry e;
hdb_entry_ex ent;
HDB *db = _kadm5_s_get_db(kadm_handle);
f = fopen(filename, "r");
- if(f == NULL){
+ if (f == NULL) {
krb5_warn(context, errno, "fopen(%s)", filename);
return 1;
}
- ret = kadm5_log_truncate (kadm_handle);
+ /*
+ * We don't have a version number in the dump, so we don't know which iprop
+ * log entries to keep, if any. We throw the log away.
+ *
+ * We could merge the ipropd-master/slave dump/load here as an option, in
+ * which case we would first load the dump.
+ *
+ * If we're merging, first recover unconfirmed records in the existing log.
+ */
+ if (mergep)
+ ret = kadm5_log_init(kadm_handle);
+ if (ret == 0)
+ ret = kadm5_log_reinit(kadm_handle, 0);
if (ret) {
fclose (f);
- krb5_warn(context, ret, "kadm5_log_truncate");
+ krb5_warn(context, ret, "kadm5_log_reinit");
return 1;
}
- if(!mergep)
+ if (!mergep)
flags |= O_CREAT | O_TRUNC;
ret = db->hdb_open(context, db, flags, 0600);
- if(ret){
+ if (ret){
krb5_warn(context, ret, "hdb_open");
fclose(f);
return 1;
}
- line = 0;
- ret = 0;
- while(fgets(s, sizeof(s), f) != NULL) {
- line++;
-
- p = s;
+ for (lineno = 1;
+ (ret2 = my_fgetln(f, &line, &linesz, &linelen)) == 0 && linelen > 0;
+ ++lineno) {
+ p = line;
while (isspace((unsigned char)*p))
p++;
e.principal = p;
- for(p = s; *p; p++){
- if(*p == '\\')
+ for (p = line; *p; p++){
+ if (*p == '\\') /* Support '\n' escapes??? */
p++;
- else if(isspace((unsigned char)*p)) {
+ else if (isspace((unsigned char)*p)) {
*p = 0;
break;
}
@@ -446,96 +505,114 @@ doit(const char *filename, int mergep)
skip_next(p);
memset(&ent, 0, sizeof(ent));
- ret = krb5_parse_name(context, e.principal, &ent.entry.principal);
- if(ret) {
+ ret2 = krb5_parse_name(context, e.principal, &ent.entry.principal);
+ if (ret2) {
const char *msg = krb5_get_error_message(context, ret);
fprintf(stderr, "%s:%d:%s (%s)\n",
- filename, line, msg, e.principal);
+ filename, lineno, msg, e.principal);
krb5_free_error_message(context, msg);
+ ret = 1;
continue;
}
if (parse_keys(&ent.entry, e.key)) {
fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
- filename, line, e.key);
+ filename, lineno, e.key);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_event(&ent.entry.created_by, e.created) == -1) {
fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
- filename, line, e.created);
+ filename, lineno, e.created);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) {
fprintf (stderr, "%s:%d:error parsing event (%s)\n",
- filename, line, e.modified);
+ filename, lineno, e.modified);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.valid_start);
+ filename, lineno, e.valid_start);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.valid_end);
+ filename, lineno, e.valid_end);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
- filename, line, e.pw_end);
+ filename, lineno, e.pw_end);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) {
fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
- filename, line, e.max_life);
+ filename, lineno, e.max_life);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) {
fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
- filename, line, e.max_renew);
+ filename, lineno, e.max_renew);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) {
fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
- filename, line, e.flags);
+ filename, lineno, e.flags);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
if(parse_generation(e.generation, &ent.entry.generation) == -1) {
fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
- filename, line, e.generation);
+ filename, lineno, e.generation);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
- if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) {
+ if (parse_extensions(&e.extensions, &ent.entry.extensions) == -1) {
fprintf (stderr, "%s:%d:error parsing extension (%s)\n",
- filename, line, e.extensions);
+ filename, lineno, e.extensions);
hdb_free_entry (context, &ent);
+ ret = 1;
continue;
}
- ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
+ ret2 = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
hdb_free_entry (context, &ent);
- if (ret) {
- krb5_warn(context, ret, "db_store");
+ if (ret2) {
+ krb5_warn(context, ret2, "db_store");
break;
}
}
- db->hdb_close(context, db);
+ free(line);
+ if (ret2)
+ ret = ret2;
+ (void) kadm5_log_end(kadm_handle);
+ ret2 = db->hdb_close(context, db);
+ if (ret2)
+ ret = ret2;
fclose(f);
return ret != 0;
}
diff --git a/kadmin/mod.c b/kadmin/mod.c
index 940425f2a54b..4a88a85a4da8 100644
--- a/kadmin/mod.c
+++ b/kadmin/mod.c
@@ -41,7 +41,7 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
tl = ecalloc(1, sizeof(*tl));
tl->tl_data_next = NULL;
- tl->tl_data_type = KRB5_TL_EXTENSION;
+ tl->tl_data_type = type;
tl->tl_data_length = data->length;
tl->tl_data_contents = data->data;
@@ -185,6 +185,37 @@ add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
add_tl(princ, KRB5_TL_EXTENSION, &buf);
}
+static void
+add_kvno_diff(krb5_context contextp, kadm5_principal_ent_rec *princ,
+ int is_svc_diff, krb5_kvno kvno_diff)
+{
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ size_t size = 0;
+
+ if (kvno_diff < 0)
+ return;
+ if (kvno_diff > 2048)
+ kvno_diff = 2048;
+
+ if (is_svc_diff) {
+ ext.data.element = choice_HDB_extension_data_hist_kvno_diff_svc;
+ ext.data.u.hist_kvno_diff_svc = (unsigned int)kvno_diff;
+ } else {
+ ext.data.element = choice_HDB_extension_data_hist_kvno_diff_clnt;
+ ext.data.u.hist_kvno_diff_clnt = (unsigned int)kvno_diff;
+ }
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ if (ret)
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
static int
do_mod_entry(krb5_principal principal, void *data)
{
@@ -207,16 +238,20 @@ do_mod_entry(krb5_principal principal, void *data)
e->expiration_time_string ||
e->pw_expiration_time_string ||
e->attributes_string ||
+ e->policy_string ||
e->kvno_integer != -1 ||
e->constrained_delegation_strings.num_strings ||
e->alias_strings.num_strings ||
- e->pkinit_acl_strings.num_strings) {
+ e->pkinit_acl_strings.num_strings ||
+ e->hist_kvno_diff_clnt_integer != -1 ||
+ e->hist_kvno_diff_svc_integer != -1) {
ret = set_entry(context, &princ, &mask,
e->max_ticket_life_string,
e->max_renewable_life_string,
e->expiration_time_string,
e->pw_expiration_time_string,
- e->attributes_string);
+ e->attributes_string,
+ e->policy_string);
if(e->kvno_integer != -1) {
princ.kvno = e->kvno_integer;
mask |= KADM5_KVNO;
@@ -234,7 +269,14 @@ do_mod_entry(krb5_principal principal, void *data)
add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
mask |= KADM5_TL_DATA;
}
-
+ if (e->hist_kvno_diff_clnt_integer != -1) {
+ add_kvno_diff(context, &princ, 0, e->hist_kvno_diff_clnt_integer);
+ mask |= KADM5_TL_DATA;
+ }
+ if (e->hist_kvno_diff_svc_integer != -1) {
+ add_kvno_diff(context, &princ, 1, e->hist_kvno_diff_svc_integer);
+ mask |= KADM5_TL_DATA;
+ }
} else
ret = edit_entry(&princ, &mask, NULL, 0);
if(ret == 0) {
diff --git a/kadmin/rpc.c b/kadmin/rpc.c
index 445a96a54f51..770e0a0c4aff 100644
--- a/kadmin/rpc.c
+++ b/kadmin/rpc.c
@@ -463,7 +463,7 @@ ret_principal_ent(krb5_context contextp,
ent->max_life = flag;
CHECK(krb5_ret_uint32(sp, &flag));
if (flag == 0)
- ret_principal_xdr(contextp, sp, &ent->mod_name);
+ CHECK(ret_principal_xdr(contextp, sp, &ent->mod_name));
CHECK(krb5_ret_uint32(sp, &flag));
ent->mod_date = flag;
CHECK(krb5_ret_uint32(sp, &flag));
@@ -1097,7 +1097,7 @@ handle_mit(krb5_context contextp, void *buf, size_t len, krb5_socket_t sock)
dcontext = contextp;
- sp = krb5_storage_from_fd(sock);
+ sp = krb5_storage_from_socket(sock);
INSIST(sp != NULL);
process_stream(contextp, buf, len, sp);
diff --git a/kadmin/server.c b/kadmin/server.c
index 256c2bac89b7..ccb6a7a991db 100644
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -34,6 +34,10 @@
#include "kadmin_locl.h"
#include <krb5-private.h>
+static kadm5_ret_t check_aliases(kadm5_server_context *,
+ kadm5_principal_ent_rec *,
+ kadm5_principal_ent_rec *);
+
static kadm5_ret_t
kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_data *in, krb5_data *out)
@@ -44,13 +48,18 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
char client[128], name[128], name2[128];
const char *op = "";
krb5_principal princ, princ2;
- kadm5_principal_ent_rec ent;
- char *password, *expression;
+ kadm5_principal_ent_rec ent, ent_prev;
+ char *password = NULL, *expression;
krb5_keyblock *new_keys;
+ krb5_key_salt_tuple *ks_tuple = NULL;
+ krb5_boolean keepold = FALSE;
+ int n_ks_tuple = 0;
int n_keys;
char **princs;
int n_princs;
+ int keys_ok = 0;
krb5_storage *sp;
+ int len;
krb5_unparse_name_fixed(contextp->context, contextp->caller,
client, sizeof(client));
@@ -74,17 +83,54 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
mask |= KADM5_PRINCIPAL;
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
+
+ /* If the caller doesn't have KADM5_PRIV_GET, we're done. */
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
- if(ret){
+ if (ret) {
krb5_free_principal(contextp->context, princ);
goto fail;
- }
+ }
+
+ /* Then check to see if it is ok to return keys */
+ if ((mask & KADM5_KEY_DATA) != 0) {
+ ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS,
+ princ);
+ if (ret == 0) {
+ keys_ok = 1;
+ } else if ((mask == (KADM5_PRINCIPAL|KADM5_KEY_DATA)) ||
+ (mask == (KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA))) {
+ /*
+ * Requests for keys will get bogus keys, which is useful if
+ * the client just wants to see what (kvno, enctype)s the
+ * principal has keys for, but terrible if the client wants to
+ * write the keys into a keytab or modify the principal and
+ * write the bogus keys back to the server.
+ *
+ * We use a heuristic to detect which case we're handling here.
+ * If the client only asks for the flags in the above
+ * condition, then it's very likely a kadmin ext_keytab,
+ * add_enctype, or other request that should not see bogus
+ * keys. We deny them.
+ *
+ * The kadmin get command can be coaxed into making a request
+ * with the same mask. But the default long and terse output
+ * modes request other things too, so in all likelihood this
+ * heuristic will not hurt any kadmin get uses.
+ */
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+ }
+
ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
- if(ret == 0){
- kadm5_store_principal_ent(sp, &ent);
+ if (ret == 0){
+ if (keys_ok)
+ kadm5_store_principal_ent(sp, &ent);
+ else
+ kadm5_store_principal_ent_nokeys(sp, &ent);
kadm5_free_principal_ent(kadm_handlep, &ent);
}
krb5_free_principal(contextp->context, princ);
@@ -102,6 +148,12 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ);
goto fail;
}
+
+ /*
+ * There's no need to check that the caller has permission to
+ * delete the victim principal's aliases.
+ */
+
ret = kadm5_delete_principal(kadm_handlep, princ);
krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp);
@@ -116,12 +168,12 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
goto fail;
ret = krb5_ret_int32(sp, &mask);
if(ret){
- kadm5_free_principal_ent(contextp->context, &ent);
+ kadm5_free_principal_ent(kadm_handlep, &ent);
goto fail;
}
ret = krb5_ret_string(sp, &password);
if(ret){
- kadm5_free_principal_ent(contextp->context, &ent);
+ kadm5_free_principal_ent(kadm_handlep, &ent);
goto fail;
}
krb5_unparse_name_fixed(contextp->context, ent.principal,
@@ -130,16 +182,23 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD,
ent.principal);
if(ret){
- kadm5_free_principal_ent(contextp->context, &ent);
- memset(password, 0, strlen(password));
- free(password);
+ kadm5_free_principal_ent(kadm_handlep, &ent);
goto fail;
}
+ if ((mask & KADM5_TL_DATA)) {
+ /*
+ * Also check that the caller can create the aliases, if the
+ * new principal has any.
+ */
+ ret = check_aliases(contextp, &ent, NULL);
+ if (ret) {
+ kadm5_free_principal_ent(kadm_handlep, &ent);
+ goto fail;
+ }
+ }
ret = kadm5_create_principal(kadm_handlep, &ent,
mask, password);
kadm5_free_principal_ent(kadm_handlep, &ent);
- memset(password, 0, strlen(password));
- free(password);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -164,6 +223,25 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
kadm5_free_principal_ent(contextp, &ent);
goto fail;
}
+ if ((mask & KADM5_TL_DATA)) {
+ /*
+ * Also check that the caller can create aliases that are in
+ * the new entry but not the old one. There's no need to
+ * check that the caller can delete aliases it wants to
+ * drop. See also handling of rename.
+ */
+ ret = kadm5_get_principal(kadm_handlep, ent.principal, &ent_prev, mask);
+ if (ret) {
+ kadm5_free_principal_ent(contextp, &ent);
+ goto fail;
+ }
+ ret = check_aliases(contextp, &ent, &ent_prev);
+ kadm5_free_principal_ent(contextp, &ent_prev);
+ if (ret) {
+ kadm5_free_principal_ent(contextp, &ent);
+ goto fail;
+ }
+ }
ret = kadm5_modify_principal(kadm_handlep, &ent, mask);
kadm5_free_principal_ent(kadm_handlep, &ent);
krb5_storage_free(sp);
@@ -182,15 +260,28 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
goto fail;
}
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
- krb5_unparse_name_fixed(contextp->context, princ2, name2, sizeof(name2));
+ krb5_unparse_name_fixed(contextp->context, princ2,
+ name2, sizeof(name2));
krb5_warnx(contextp->context, "%s: %s %s -> %s",
client, op, name, name2);
ret = _kadm5_acl_check_permission(contextp,
KADM5_PRIV_ADD,
- princ2)
- || _kadm5_acl_check_permission(contextp,
- KADM5_PRIV_DELETE,
- princ);
+ princ2);
+ if (ret == 0) {
+ /*
+ * Also require modify for the principal. For backwards
+ * compatibility, allow delete permission on the old name to
+ * cure lack of modify permission on the old name.
+ */
+ ret = _kadm5_acl_check_permission(contextp,
+ KADM5_PRIV_MODIFY,
+ princ);
+ if (ret) {
+ ret = _kadm5_acl_check_permission(contextp,
+ KADM5_PRIV_DELETE,
+ princ);
+ }
+ }
if(ret){
krb5_free_principal(contextp->context, princ);
krb5_free_principal(contextp->context, princ2);
@@ -207,10 +298,15 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
case kadm_chpass:{
op = "CHPASS";
ret = krb5_ret_principal(sp, &princ);
- if(ret)
+ if (ret)
goto fail;
ret = krb5_ret_string(sp, &password);
- if(ret){
+ if (ret) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+ ret = krb5_ret_int32(sp, &keepold);
+ if (ret && ret != HEIM_ERR_EOF) {
krb5_free_principal(contextp->context, princ);
goto fail;
}
@@ -250,14 +346,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
if(ret) {
krb5_free_principal(contextp->context, princ);
- memset(password, 0, strlen(password));
- free(password);
goto fail;
}
- ret = kadm5_chpass_principal(kadm_handlep, princ, password);
+ ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL,
+ password);
krb5_free_principal(contextp->context, princ);
- memset(password, 0, strlen(password));
- free(password);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -277,6 +370,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ);
goto fail;
}
+ ret = krb5_ret_int32(sp, &keepold);
+ if (ret && ret != HEIM_ERR_EOF) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
/* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
(size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
@@ -321,8 +419,8 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ);
goto fail;
}
- ret = kadm5_chpass_principal_with_key(kadm_handlep, princ,
- n_key_data, key_data);
+ ret = kadm5_chpass_principal_with_key_3(kadm_handlep, princ, keepold,
+ n_key_data, key_data);
{
int16_t dummy = n_key_data;
kadm5_free_key_data (contextp, &dummy, key_data);
@@ -358,9 +456,57 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_free_principal(contextp->context, princ);
goto fail;
}
- ret = kadm5_randkey_principal(kadm_handlep, princ,
- &new_keys, &n_keys);
+
+ /*
+ * See comments in kadm5_c_randkey_principal() regarding the
+ * protocol.
+ */
+ ret = krb5_ret_int32(sp, &keepold);
+ if (ret != 0 && ret != HEIM_ERR_EOF) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+
+ ret = krb5_ret_int32(sp, &n_ks_tuple);
+ if (ret != 0 && ret != HEIM_ERR_EOF) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ } else if (ret == 0) {
+ size_t i;
+
+ if (n_ks_tuple < 0) {
+ ret = EOVERFLOW;
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+
+ if ((ks_tuple = calloc(n_ks_tuple, sizeof (*ks_tuple))) == NULL) {
+ ret = errno;
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+
+ for (i = 0; i < n_ks_tuple; i++) {
+ ret = krb5_ret_int32(sp, &ks_tuple[i].ks_enctype);
+ if (ret != 0) {
+ krb5_free_principal(contextp->context, princ);
+ free(ks_tuple);
+ goto fail;
+ }
+ ret = krb5_ret_int32(sp, &ks_tuple[i].ks_salttype);
+ if (ret != 0) {
+ krb5_free_principal(contextp->context, princ);
+ free(ks_tuple);
+ goto fail;
+ }
+ }
+ }
+ ret = kadm5_randkey_principal_3(kadm_handlep, princ, keepold,
+ n_ks_tuple, ks_tuple, &new_keys,
+ &n_keys);
krb5_free_principal(contextp->context, princ);
+ free(ks_tuple);
+
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -368,7 +514,8 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
int i;
krb5_store_int32(sp, n_keys);
for(i = 0; i < n_keys; i++){
- krb5_store_keyblock(sp, new_keys[i]);
+ if (ret == 0)
+ ret = krb5_store_keyblock(sp, new_keys[i]);
krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
}
free(new_keys);
@@ -424,10 +571,20 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_store_int32(sp, KADM5_FAILURE);
break;
}
+ if (password != NULL) {
+ len = strlen(password);
+ memset_s(password, len, 0, len);
+ free(password);
+ }
krb5_storage_to_data(sp, out);
krb5_storage_free(sp);
return 0;
fail:
+ if (password != NULL) {
+ len = strlen(password);
+ memset_s(password, len, 0, len);
+ free(password);
+ }
krb5_warn(contextp->context, ret, "%s", op);
krb5_storage_seek(sp, 0, SEEK_SET);
krb5_store_int32(sp, ret);
@@ -436,6 +593,120 @@ fail:
return 0;
}
+struct iter_aliases_ctx {
+ HDB_Ext_Aliases aliases;
+ krb5_tl_data *tl;
+ int alias_idx;
+ int done;
+};
+
+static kadm5_ret_t
+iter_aliases(kadm5_principal_ent_rec *from,
+ struct iter_aliases_ctx *ctx,
+ krb5_principal *out)
+{
+ HDB_extension ext;
+ kadm5_ret_t ret;
+ size_t size;
+
+ *out = NULL;
+
+ if (ctx->done > 0)
+ return 0;
+
+ if (ctx->done == 0) {
+ if (ctx->alias_idx < ctx->aliases.aliases.len) {
+ *out = &ctx->aliases.aliases.val[ctx->alias_idx++];
+ return 0;
+ }
+ /* Out of aliases in this TL, step to next TL */
+ ctx->tl = ctx->tl->tl_data_next;
+ } else if (ctx->done < 0) {
+ /* Setup iteration context */
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->done = 0;
+ ctx->aliases.aliases.val = NULL;
+ ctx->aliases.aliases.len = 0;
+ ctx->tl = from->tl_data;
+ }
+
+ free_HDB_Ext_Aliases(&ctx->aliases);
+ ctx->alias_idx = 0;
+
+ /* Find TL with aliases */
+ for (; ctx->tl != NULL; ctx->tl = ctx->tl->tl_data_next) {
+ if (ctx->tl->tl_data_type != KRB5_TL_EXTENSION)
+ continue;
+
+ ret = decode_HDB_extension(ctx->tl->tl_data_contents,
+ ctx->tl->tl_data_length,
+ &ext, &size);
+ if (ret)
+ return ret;
+ if (ext.data.element == choice_HDB_extension_data_aliases &&
+ ext.data.u.aliases.aliases.len > 0) {
+ ctx->aliases = ext.data.u.aliases;
+ break;
+ }
+ free_HDB_extension(&ext);
+ }
+
+ if (ctx->tl != NULL && ctx->aliases.aliases.len > 0) {
+ *out = &ctx->aliases.aliases.val[ctx->alias_idx++];
+ return 0;
+ }
+
+ ctx->done = 1;
+ return 0;
+}
+
+static kadm5_ret_t
+check_aliases(kadm5_server_context *contextp,
+ kadm5_principal_ent_rec *add_princ,
+ kadm5_principal_ent_rec *del_princ)
+{
+ kadm5_ret_t ret;
+ struct iter_aliases_ctx iter;
+ struct iter_aliases_ctx iter_del;
+ krb5_principal new_name, old_name;
+ int match;
+
+ /*
+ * Yeah, this is O(N^2). Gathering and sorting all the aliases
+ * would be a bit of a pain; if we ever have principals with enough
+ * aliases for this to be a problem, we can fix it then.
+ */
+ for (iter.done = -1; iter.done != 1;) {
+ match = 0;
+ ret = iter_aliases(add_princ, &iter, &new_name);
+ if (ret)
+ return ret;
+ if (iter.done == 1)
+ break;
+ for (iter_del.done = -1; iter_del.done != 1;) {
+ ret = iter_aliases(del_princ, &iter_del, &old_name);
+ if (ret)
+ return ret;
+ if (iter_del.done == 1)
+ break;
+ if (!krb5_principal_compare(contextp->context, new_name, old_name))
+ continue;
+ free_HDB_Ext_Aliases(&iter_del.aliases);
+ match = 1;
+ break;
+ }
+ if (match)
+ continue;
+ ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, new_name);
+ if (ret) {
+ free_HDB_Ext_Aliases(&iter.aliases);
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
static void
v5_loop (krb5_context contextp,
krb5_auth_context ac,
@@ -488,7 +759,7 @@ handle_v5(krb5_context contextp,
krb5_boolean initial;
krb5_auth_context ac = NULL;
- unsigned kadm_version;
+ unsigned kadm_version = 1;
kadm5_config_params realm_params;
ret = krb5_recvauth_match_version(contextp, &ac, &fd,
diff --git a/kadmin/stash.c b/kadmin/stash.c
index f9b940ac5b7d..1eb56b36fc2f 100644
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -41,10 +41,11 @@ extern int local_flag;
int
stash(struct stash_options *opt, int argc, char **argv)
{
- char buf[1024];
+ char buf[1024+1];
krb5_error_code ret;
krb5_enctype enctype;
hdb_master_key mkey;
+ int aret;
if(!local_flag) {
krb5_warnx(context, "stash is only available in local (-l) mode");
@@ -58,8 +59,8 @@ stash(struct stash_options *opt, int argc, char **argv)
}
if(opt->key_file_string == NULL) {
- asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context));
- if (opt->key_file_string == NULL)
+ aret = asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context));
+ if (aret == -1)
errx(1, "out of memory");
}
@@ -74,6 +75,7 @@ stash(struct stash_options *opt, int argc, char **argv)
if (ret)
krb5_warn(context, ret, "reading master key from %s",
opt->key_file_string);
+ hdb_free_master_key(context, mkey);
return 0;
} else {
krb5_keyblock key;
@@ -84,7 +86,7 @@ stash(struct stash_options *opt, int argc, char **argv)
salt.saltvalue.length = 0;
if(opt->master_key_fd_integer != -1) {
ssize_t n;
- n = read(opt->master_key_fd_integer, buf, sizeof(buf));
+ n = read(opt->master_key_fd_integer, buf, sizeof(buf)-1);
if(n == 0)
krb5_warnx(context, "end of file reading passphrase");
else if(n < 0) {
@@ -108,10 +110,15 @@ stash(struct stash_options *opt, int argc, char **argv)
}
{
- char *new, *old;
- asprintf(&old, "%s.old", opt->key_file_string);
- asprintf(&new, "%s.new", opt->key_file_string);
- if(old == NULL || new == NULL) {
+ char *new = NULL, *old = NULL;
+
+ aret = asprintf(&old, "%s.old", opt->key_file_string);
+ if (aret == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ aret = asprintf(&new, "%s.new", opt->key_file_string);
+ if (aret == -1) {
ret = ENOMEM;
goto out;
}
diff --git a/kadmin/util.c b/kadmin/util.c
index 480c82e7df9e..2c94dcb35e23 100644
--- a/kadmin/util.c
+++ b/kadmin/util.c
@@ -146,6 +146,61 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
}
/*
+ * try to parse the string `resp' into policy in `attr', also
+ * setting the `bit' in `mask' if attributes are given and valid.
+ */
+
+#define VALID_POLICY_NAME_CHARS \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
+
+int
+parse_policy (const char *resp, char **policy, int *mask, int bit)
+{
+ if (strspn(resp, VALID_POLICY_NAME_CHARS) == strlen(resp) &&
+ *resp != '\0') {
+
+ *policy = strdup(resp);
+ if (*policy == NULL) {
+ fprintf (stderr, "Out of memory");
+ return -1;
+ }
+ if (mask)
+ *mask |= bit;
+ return 0;
+ } else if(*resp == '?') {
+ print_flags_table (kdb_attrs, stderr);
+ } else {
+ fprintf (stderr, "Unable to parse \"%s\"\n", resp);
+ }
+ return -1;
+}
+
+/*
+ * allow the user to edit the attributes in `attr', prompting with `prompt'
+ */
+
+int
+edit_policy (const char *prompt, char **policy, int *mask, int bit)
+{
+ char buf[1024], resp[1024];
+
+ if (mask && (*mask & bit))
+ return 0;
+
+ buf[0] = '\0';
+ strlcpy(buf, "default", sizeof (buf));
+ for (;;) {
+ if(get_response("Policy", buf, resp, sizeof(resp)) != 0)
+ return 1;
+ if (resp[0] == '\0')
+ break;
+ if (parse_policy (resp, policy, mask, bit) == 0)
+ break;
+ }
+ return 0;
+}
+
+/*
* time_t
* the special value 0 means ``never''
*/
@@ -391,6 +446,14 @@ set_defaults(kadm5_principal_ent_t ent, int *mask,
&& (default_mask & KADM5_ATTRIBUTES)
&& !(*mask & KADM5_ATTRIBUTES))
ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
+
+ if (default_ent
+ && (default_mask & KADM5_POLICY)
+ && !(*mask & KADM5_POLICY)) {
+ ent->policy = strdup(default_ent->policy);
+ if (ent->policy == NULL)
+ abort();
+ }
}
int
@@ -420,6 +483,10 @@ edit_entry(kadm5_principal_ent_t ent, int *mask,
KADM5_ATTRIBUTES) != 0)
return 1;
+ if(edit_policy ("Policy", &ent->policy, mask,
+ KADM5_POLICY) != 0)
+ return 1;
+
return 0;
}
@@ -437,7 +504,8 @@ set_entry(krb5_context contextp,
const char *max_renewable_life,
const char *expiration,
const char *pw_expiration,
- const char *attributes)
+ const char *attributes,
+ const char *policy)
{
if (max_ticket_life != NULL) {
if (parse_deltat (max_ticket_life, &ent->max_life,
@@ -475,6 +543,13 @@ set_entry(krb5_context contextp,
return 1;
}
}
+ if (policy != NULL) {
+ if (parse_policy (policy, &ent->policy,
+ mask, KADM5_POLICY)) {
+ krb5_warnx (contextp, "unable to parse `%s'", attributes);
+ return 1;
+ }
+ }
return 0;
}