2 * Copyright (c) 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "kadm5_locl.h"
44 kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
48 kadm5_server_context *context = kadm_handle;
49 char client[128], name[128], name2[128];
51 krb5_principal princ, princ2;
52 kadm5_principal_ent_rec ent;
55 krb5_keyblock *new_keys;
58 krb5_unparse_name_fixed(context->context, context->caller,
59 client, sizeof(client));
61 krb5_ret_int32(sp, &cmd);
65 ret = krb5_ret_principal(sp, &princ);
68 ret = krb5_ret_int32(sp, &mask);
70 krb5_free_principal(context->context, princ);
73 krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
74 krb5_warnx(context->context, "%s: %s %s", client, op, name);
75 ret = _kadm5_acl_check_permission(context, KADM5_ACL_GET);
77 krb5_free_principal(context->context, princ);
80 ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
81 sp->seek(sp, 0, SEEK_SET);
82 krb5_store_int32(sp, ret);
84 kadm5_store_principal_ent(sp, &ent);
85 kadm5_free_principal_ent(kadm_handle, &ent);
87 krb5_free_principal(context->context, princ);
92 ret = krb5_ret_principal(sp, &princ);
95 krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
96 krb5_warnx(context->context, "%s: %s %s", client, op, name);
97 ret = _kadm5_acl_check_permission(context, KADM5_ACL_DELETE);
99 krb5_free_principal(context->context, princ);
102 ret = kadm5_delete_principal(kadm_handle, princ);
103 krb5_free_principal(context->context, princ);
104 sp->seek(sp, 0, SEEK_SET);
105 krb5_store_int32(sp, ret);
110 ret = kadm5_ret_principal_ent(sp, &ent);
113 ret = krb5_ret_int32(sp, &mask);
115 kadm5_free_principal_ent(context->context, &ent);
118 ret = krb5_ret_string(sp, &password);
120 kadm5_free_principal_ent(context->context, &ent);
123 krb5_unparse_name_fixed(context->context, ent.principal,
125 krb5_warnx(context->context, "%s: %s %s", client, op, name);
126 ret = _kadm5_acl_check_permission(context, KADM5_ACL_CREATE);
128 kadm5_free_principal_ent(context->context, &ent);
129 memset(password, 0, strlen(password));
133 ret = kadm5_create_principal(kadm_handle, &ent,
135 kadm5_free_principal_ent(kadm_handle, &ent);
136 memset(password, 0, strlen(password));
138 sp->seek(sp, 0, SEEK_SET);
139 krb5_store_int32(sp, ret);
144 ret = kadm5_ret_principal_ent(sp, &ent);
147 ret = krb5_ret_int32(sp, &mask);
149 kadm5_free_principal_ent(context, &ent);
152 krb5_unparse_name_fixed(context->context, ent.principal,
154 krb5_warnx(context->context, "%s: %s %s", client, op, name);
155 ret = _kadm5_acl_check_permission(context, KADM5_ACL_MODIFY);
157 kadm5_free_principal_ent(context, &ent);
160 ret = kadm5_modify_principal(kadm_handle, &ent, mask);
161 kadm5_free_principal_ent(kadm_handle, &ent);
162 sp->seek(sp, 0, SEEK_SET);
163 krb5_store_int32(sp, ret);
168 ret = krb5_ret_principal(sp, &princ);
171 ret = krb5_ret_principal(sp, &princ2);
173 krb5_free_principal(context->context, princ);
176 krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
177 krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
178 krb5_warnx(context->context, "%s: %s %s -> %s",
179 client, op, name, name2);
180 ret = _kadm5_acl_check_permission(context,
181 KADM5_ACL_CREATE|KADM5_ACL_DELETE);
183 krb5_free_principal(context->context, princ);
186 ret = kadm5_rename_principal(kadm_handle, princ, princ2);
187 krb5_free_principal(context->context, princ);
188 krb5_free_principal(context->context, princ2);
189 sp->seek(sp, 0, SEEK_SET);
190 krb5_store_int32(sp, ret);
195 ret = krb5_ret_principal(sp, &princ);
198 ret = krb5_ret_string(sp, &password);
200 krb5_free_principal(context->context, princ);
203 krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
204 krb5_warnx(context->context, "%s: %s %s", client, op, name);
205 ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
207 krb5_free_principal(context->context, princ);
210 ret = kadm5_chpass_principal(kadm_handle, princ, password);
211 krb5_free_principal(context->context, princ);
212 memset(password, 0, strlen(password));
214 sp->seek(sp, 0, SEEK_SET);
215 krb5_store_int32(sp, ret);
220 ret = krb5_ret_principal(sp, &princ);
223 krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
224 krb5_warnx(context->context, "%s: %s %s", client, op, name);
225 ret = _kadm5_acl_check_permission(context, KADM5_ACL_CHPASS);
227 krb5_free_principal(context->context, princ);
230 ret = kadm5_randkey_principal(kadm_handle, princ,
232 krb5_free_principal(context->context, princ);
233 sp->seek(sp, 0, SEEK_SET);
234 krb5_store_int32(sp, ret);
237 krb5_store_int32(sp, n_keys);
238 for(i = 0; i < n_keys; i++){
239 krb5_store_keyblock(sp, new_keys[i]);
240 krb5_free_keyblock(context->context, &new_keys[i]);
246 krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
247 sp->seek(sp, 0, SEEK_SET);
248 krb5_store_int32(sp, KADM5_FAILURE);
253 krb5_warnx(context->context, "%s", op);
254 sp->seek(sp, 0, SEEK_SET);
255 krb5_store_int32(sp, ret);