-/* $Id: acl_files.c,v 1.1.1.1 1995/12/14 06:52:36 tholo Exp $ */
+/* $Id: acl_files.c,v 1.2 1995/12/14 08:43:39 tholo Exp $ */
/*-
* Copyright (C) 1989 by the Massachusetts Institute of Technology
/* If realm is missing, it becomes the local realm */
/* Canonicalized form is put in canon, which must be big enough to hold
MAX_PRINCIPAL_SIZE characters */
-void
+int
acl_canonicalize_principal(principal, canon)
char *principal;
char *canon;
/* Copy into canon */
strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
canon[MAX_PRINCIPAL_SIZE-1] = '\0';
- return;
+ return(0);
} else {
/* Nope, it's part of the realm */
dot = NULL;
canon += len;
*canon++ = '\0';
} else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
- strcpy(canon, KRB_REALM);
+ return(-1);
}
+ return(0);
}
/* Get a lock to modify acl_file */
acl_cache[i].acl = make_hash(ACL_LEN);
while(fgets(buf, sizeof(buf), f) != NULL) {
nuke_whitespace(buf);
- acl_canonicalize_principal(buf, canon);
+ if (acl_canonicalize_principal(buf, canon) < 0)
+ return(-1);
add_hash(acl_cache[i].acl, canon);
}
fclose(f);
char canon[MAX_PRINCIPAL_SIZE];
char *realm;
- acl_canonicalize_principal(principal, canon);
+ if (acl_canonicalize_principal(principal, canon) < 0)
+ return(0);
/* Is it there? */
if(acl_exact_match(acl, canon)) return(1);
FILE *new;
char canon[MAX_PRINCIPAL_SIZE];
- acl_canonicalize_principal(principal, canon);
+ if (acl_canonicalize_principal(principal, canon) < 0)
+ return(-1);
if((new = acl_lock_file(acl)) == NULL) return(-1);
if((acl_exact_match(acl, canon))
FILE *new;
char canon[MAX_PRINCIPAL_SIZE];
- acl_canonicalize_principal(principal, canon);
+ if (acl_canonicalize_principal(principal, canon) < 0)
+ return(-1);
if((new = acl_lock_file(acl)) == NULL) return(-1);
if((!acl_exact_match(acl, canon))
-/* $Id: acl.h,v 1.1.1.1 1995/12/14 06:52:34 tholo Exp $ */
+/* $Id: acl.h,v 1.2 1995/12/14 08:43:41 tholo Exp $ */
#ifndef __ACL_H
#define __ACL_H
#include <sys/cdefs.h>
-void acl_canonicalize_principal __P((char *principal, char *canon));
+int acl_canonicalize_principal __P((char *principal, char *canon));
int acl_initialize __P((char *acl_file, int perm));
int acl_exact_match __P((char *acl, char *principal));
int acl_check __P((char *acl, char *principal));
-/* $Id: krb.h,v 1.1.1.1 1995/12/14 06:52:34 tholo Exp $ */
+/* $Id: krb.h,v 1.2 1995/12/14 08:43:42 tholo Exp $ */
/*-
* Copyright 1987, 1988 by the Student Information Processing Board
*
* KRBLOG is the log file for the kerberos master server. KRB_CONF is
* the configuration file where different host machines running master
- * and slave servers can be found. KRB_MASTER is the name of the
- * machine with the master database. The admin_server runs on this
- * machine, and all changes to the db (as opposed to read-only
- * requests, which can go to slaves) must go to it. KRB_HOST is the
- * default machine * when looking for a kerberos slave server. Other
- * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
- * the realm.
+ * and slave servers can be found.
*/
/* The maximum sizes for aname, realm, sname, and instance +1 */
-/* $Id: site.h,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $ */
+/* $Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $ */
/*
* Site-specific definitions.
#define KRBLOG "/var/log/kerberos.log" /* master server */
#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* master (?) server */
-#define KRB_MASTER "kerberos"
-#define KRB_HOST "kowande.bu.oz.au"
-#define KRB_REALM "KOWANDE.BU.OZ.AU"
-
/* from: kadm_server.h */
/* the default syslog file */
#define KADM_SYSLOG "/var/log/admin_server.log"
-/* $Id: kadmin.c,v 1.1.1.1 1995/12/14 06:52:48 tholo Exp $ */
+/* $Id: kadmin.c,v 1.2 1995/12/14 08:43:44 tholo Exp $ */
/*
* Copyright (C) 1989 by the Massachusetts Institute of Technology
static void
do_init(int argc, char **argv)
{
+ char *dot, admin[MAXHOSTNAMELEN];
struct passwd *pw;
int c;
#define OPTION_STRING "u:r:m"
* This is only as a default/initial realm; we don't care
* about failure.
*/
- if (krb_get_lrealm(default_realm, 1) != KSUCCESS)
- strcpy(default_realm, KRB_REALM);
+ if (krb_get_lrealm(default_realm, 1) != KSUCCESS) {
+ fprintf(stderr,
+ "Could not determine local realm name.\n");
+ }
+
+ c = krb_get_admhst(admin, default_realm, 1);
+ if (c == KSUCCESS && (dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
/*
* If we can reach the local realm, initialize to it. Otherwise,
* don't initialize.
*/
- if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
+ if (c == KSUCCESS &&
+ kadm_init_link(PWSERV_NAME, admin, default_realm) != KADM_SUCCESS)
bzero(krbrlm, sizeof(krbrlm));
else
strcpy(krbrlm, default_realm);
static int
setvals(Kadm_vals *vals, char *string)
{
+ char *dot, admin[MAXHOSTNAMELEN];
char realm[REALM_SZ];
int status = KADM_SUCCESS;
if (!realm[0])
strcpy(realm, default_realm);
if (strcmp(realm, krbrlm)) {
+ if ((status = krb_get_admhst(admin, realm, 1)) != KSUCCESS)
+ return(status);
+ if (status == KSUCCESS && (dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
strcpy(krbrlm, realm);
- if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))
+ if ((status = kadm_init_link(PWSERV_NAME, admin, krbrlm))
!= KADM_SUCCESS)
printf("kadm error for realm %s: %s\n",
krbrlm, error_message(status));
-/* $Id: kadm_ser_wrap.c,v 1.1.1.1 1995/12/14 06:52:49 tholo Exp $ */
+/* $Id: kadm_ser_wrap.c,v 1.2 1995/12/14 08:43:45 tholo Exp $ */
/*-
* Copyright (C) 1989 by the Massachusetts Institute of Technology
{
struct servent *sep;
struct hostent *hp;
- char hostname[MAXHOSTNAMELEN];
+ char *dot, admin[MAXHOSTNAMELEN], hostname[MAXHOSTNAMELEN];
(void) init_kadm_err_tbl();
(void) init_krb_err_tbl();
return KADM_NO_HOSTNAME;
(void) strcpy(server_parm.sname, PWSERV_NAME);
- (void) strcpy(server_parm.sinst, KRB_MASTER);
+ if (krb_get_admhst(admin, realm, 1) != KSUCCESS)
+ return KADM_NO_MAST;
+ if ((dot = strchr(server_parm.sinst, '.')) != NULL)
+ *dot = '\0';
+ (void) strcpy(server_parm.sinst, admin);
(void) strcpy(server_parm.krbrlm, realm);
server_parm.admin_fd = -1;
-/* $Id: kdb_init.c,v 1.1.1.1 1995/12/14 06:52:42 tholo Exp $ */
+/* $Id: kdb_init.c,v 1.2 1995/12/14 08:43:47 tholo Exp $ */
/*-
* Copyright 1987, 1988 by the Student Information Processing Board
*/
#include <adm_locl.h>
+#include <sys/param.h>
enum ap_op {
NULL_KEY, /* setup null keys */
int
main(int argc, char **argv)
{
- char realm[REALM_SZ];
- char *cp;
+ char admin[MAXHOSTNAMELEN];
+ char realm[REALM_SZ], defrealm[REALM_SZ];
+ char *cp, *dot;
int code;
char *database;
if (argc == 2)
strncpy(realm, argv[1], REALM_SZ);
else {
- fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM);
+ if (krb_get_lrealm(defrealm, 1) != KSUCCESS)
+ strcpy(defrealm, "NONE");
+ fprintf(stderr, "Realm name [default %s ]: ", defrealm);
if (fgets(realm, sizeof(realm), stdin) == NULL) {
fprintf(stderr, "\nEOF reading realm\n");
exit(1);
if ((cp = strchr(realm, '\n')))
*cp = '\0';
if (!*realm) /* no realm given */
- strcpy(realm, KRB_REALM);
+ strcpy(realm, defrealm);
}
if (!k_isrealm(realm)) {
fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n",
exit (-1);
}
+ if (krb_get_admhst(admin, realm, 1) != KSUCCESS) {
+ fprintf (stderr, "Couldn't get admin server.\n");
+ exit (-1);
+ }
+ if ((dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
+
/* Initialize non shared random sequence */
des_init_random_number_generator(&master_key);
add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) ||
add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) ||
add_principal("krbtgt", realm, RANDOM_KEY) ||
- add_principal("changepw", KRB_MASTER, RANDOM_KEY)
+ add_principal("changepw", admin, RANDOM_KEY)
) {
fprintf(stderr, "\n%s: couldn't initialize database.\n",
progname);
-/* $Id: kprop.c,v 1.1.1.1 1995/12/14 06:52:49 tholo Exp $ */
+/* $Id: kprop.c,v 1.2 1995/12/14 08:43:48 tholo Exp $ */
/*-
* Copyright 1987 by the Massachusetts Institute of Technology.
static int
prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
{
+ char *dot, admin[MAXHOSTNAMELEN];
char buf[KPROP_BUFSIZ];
char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ];
struct servent *sp;
/* copy it to make sure gethostbyname static doesn't
* screw us. */
strcpy (kprop_service_instance, p_my_host_name);
+
+ if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) {
+ fprintf (stderr, "Could not get admin host.\n");
+ break;
+ }
+ if ((dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME,
#if 0
kprop_service_instance,
#else
- KRB_MASTER,
+ admin,
#endif
my_realm,
TGT_SERVICE_NAME,
-/* $Id: kpropd.c,v 1.1.1.1 1995/12/14 06:52:52 tholo Exp $ */
+/* $Id: kpropd.c,v 1.2 1995/12/14 08:43:50 tholo Exp $ */
/*-
* Copyright 1987 by the Massachusetts Institute of Technology.
#include <slav_locl.h>
#include <kprop.h>
+#include <sys/param.h>
static char *kdb_util_path = "kdb_util";
char local_file[256];
char local_temp[256];
struct hostent *hp;
- char hostname[256];
+ char *dot, admin[MAXHOSTNAMELEN];
+ char hostname[MAXHOSTNAMELEN];
char from_str[128];
long kerror;
AUTH_DAT auth_dat;
/* AUTHORIZATION is done here. We might want to expand this to
* read an acl file at some point, but allowing for now
* KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ... */
+ if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) {
+ klog (L_KRB_PERR, "Unable to get admin host");
+ SlowDeath();
+ }
+ if ((dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
if ((strcmp (KPROP_SERVICE_NAME, auth_dat.pname) != 0) ||
- (strcmp (KRB_MASTER, auth_dat.pinst) != 0) ||
+ (strcmp (admin, auth_dat.pinst) != 0) ||
(strcmp (my_realm, auth_dat.prealm) != 0)) {
klog (L_KRB_PERR, "Authorization denied!");
SlowDeath();
* fills in values for its arguments.
*
* Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm (as
- * defined by KRB_REALM).
+ * then the "prealm" variable is filled in with the local realm.
*
* If the ticket byte order is different than the host's byte order
* (as indicated by the byte order bit of the "flags" field), then
(void) strcpy(prealm,ptr); /* realm */
ptr += strlen(prealm) + 1;
/* temporary hack until realms are dealt with properly */
- if (*prealm == 0)
- (void) strcpy(prealm,KRB_REALM);
+ if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS)
+ return(KFAILURE);
bcopy(ptr,(char *)paddress,4); /* net address */
ptr += 4;
* returns (in h) the nth entry from the configuration file (KRB_CONF,
* defined in "krb.h") associated with the specified realm.
*
- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
+ * On end-of-file, krb_get_krbhst returns KFAILURE. If all goes well,
+ * the routine returns KSUCCESS.
*
* The KRB_CONF file contains the name of the local realm in the first
* line (not used by this routine), followed by lines indicating realm/host
strncat(tbuf, "/krb.conf", sizeof(tbuf));
tbuf[sizeof(tbuf)-1] = 0;
if ((cnffile = fopen(tbuf,"r")) == NULL)
- if (n==1) {
- (void) strcpy(h,KRB_HOST);
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
+ return(KFAILURE);
}
if (fscanf(cnffile,"%s",tr) == EOF)
return(KFAILURE);
* krb_get_lrealm takes a pointer to a string, and a number, n. It fills
* in the string, r, with the name of the nth realm specified on the
* first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.
*
* NOTE: for archaic & compatibility reasons, this routine will only return
* valid results when n = 1.
strncat(tbuf, "/krb.conf", sizeof(tbuf));
tbuf[sizeof(tbuf)-1] = 0;
if ((cnffile = fopen(tbuf,"r")) == NULL)
- if (n == 1) {
- (void) strcpy(r, KRB_REALM);
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
+ return(KFAILURE);
}
if (fscanf(cnffile,"%s",r) != 1) {
*/
#include "krb_locl.h"
+#include <sys/param.h>
/*
* Get a ticket for the password-changing server ("changepw.KRB_MASTER").
char *realm;
char *cpw;
{
+ char *dot, admin[MAXHOSTNAMELEN];
int kerror;
+ if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS)
+ return(GT_PW_BADPW);
+ if ((dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
+
kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
- KRB_MASTER, 1, cpw);
+ admin, 1, cpw);
if (kerror == INTK_BADPW)
return(GT_PW_BADPW);
if (kerror == KDC_NULL_KEY) {
kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
- KRB_MASTER,1,"changepwkrb");
+ admin,1,"changepwkrb");
if (kerror)
return(kerror);
return(GT_PW_NULL);
-/* $Id: ksrvutil.c,v 1.1.1.1 1995/12/14 06:52:53 tholo Exp $ */
+/* $Id: ksrvutil.c,v 1.2 1995/12/14 08:43:56 tholo Exp $ */
/*-
* Copyright (C) 1989 by the Massachusetts Institute of Technology
static int
get_svc_new_key(unsigned char *new_key, char *sname, char *sinst, char *srealm, char *keyfile)
{
- int status = KADM_SUCCESS;
-
+ char *dot, admin[MAXHOSTNAMELEN];
+ int status;
+
+ if ((status = krb_get_admhst(admin, srealm, 1)) != KSUCCESS)
+ return(status);
+ if ((dot = strchr(admin, '.')) != NULL)
+ *dot = '\0';
+ status = KADM_SUCCESS;
if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME,
KADM_SINST, 1, keyfile)) == KSUCCESS) &&
- ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) ==
+ ((status = kadm_init_link("changepw", admin, srealm)) ==
KADM_SUCCESS)) {
#ifdef NOENCRYPTION
(void) bzero((char *) new_key, sizeof(des_cblock));
krb_set_tkt_string(change_tkt);
/* This is used only as a default for adding keys */
- if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
- (void) strcpy(local_realm, KRB_REALM);
+ if (krb_get_lrealm(local_realm, 1) != KSUCCESS) {
+ (void) fprintf(stderr, "%s: Unable to find local realm name\n", argv[0]);
+ exit(1);
+ }
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-i") == 0)
char local_hostname[100];
if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
- strcpy(local_realm, KRB_REALM);
+ strcpy(local_realm, "");
gethostname(local_hostname, sizeof(local_hostname));
strcpy(local_hostname, krb_get_phost(local_hostname));
do {
projects / openbsd / commitdiff