Print this page
8485 Remove set but unused variables in usr/src/cmd
   1 /*

   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 
   6 /*
   7  * kadmin/ldap_util/kdb5_ldap_realm.c
   8  *
   9  * Copyright 1990,1991,2001, 2002 by the Massachusetts Institute of Technology.
  10  * All Rights Reserved.
  11  *
  12  * Export of this software from the United States of America may
  13  *   require a specific license from the United States Government.
  14  *   It is the responsibility of any person or organization contemplating
  15  *   export to obtain such a license before exporting.
  16  *
  17  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  18  * distribute this software and its documentation for any purpose and
  19  * without fee is hereby granted, provided that the above copyright
  20  * notice appear in all copies and that both that copyright notice and
  21  * this permission notice appear in supporting documentation, and that


 139 
 140 
 141 static char *strdur(time_t duration);
 142 static int get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],int argc);
 143 static krb5_error_code krb5_dbe_update_mod_princ_data_new (krb5_context context, krb5_db_entry *entry, krb5_timestamp mod_date, krb5_const_principal mod_princ);
 144 static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_db_entry *entry, krb5_tl_data *new_tl_data);
 145 
 146 #define ADMIN_LIFETIME 60*60*3 /* 3 hours */
 147 #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
 148 
 149 static int get_ticket_policy(rparams,i,argv,argc)
 150     krb5_ldap_realm_params *rparams;
 151     int *i;
 152     char *argv[];
 153     int argc;
 154 {
 155     time_t date;
 156     time_t now;
 157     int mask = 0;
 158     krb5_error_code retval = 0;
 159     krb5_boolean no_msg = FALSE;
 160 
 161     krb5_boolean print_usage = FALSE;
 162     /* Solaris Kerberos */
 163     char *me = progname;
 164 
 165     time(&now);
 166     if (!strcmp(argv[*i], "-maxtktlife")) {
 167         if (++(*i) > argc-1)
 168             goto err_usage;
 169         date = get_date(argv[*i]);
 170         if (date == (time_t)(-1)) {
 171             retval = EINVAL;
 172             com_err (me, retval, gettext("while providing time specification"));
 173             goto err_nomsg;
 174         }
 175         rparams->max_life = date-now;
 176         mask |= LDAP_REALM_MAXTICKETLIFE;
 177     }
 178 
 179 
 180     else if (!strcmp(argv[*i], "-maxrenewlife")) {
 181         if (++(*i) > argc-1)
 182             goto err_usage;
 183 
 184         date = get_date(argv[*i]);
 185         if (date == (time_t)(-1)) {
 186             retval = EINVAL;
 187             com_err (me, retval, gettext("while providing time specification"));
 188             goto err_nomsg;
 189         }
 190         rparams->max_renewable_life = date-now;
 191         mask |= LDAP_REALM_MAXRENEWLIFE;
 192     } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
 193         if (*(argv[*i]) == '+')
 194             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
 195         else if (*(argv[*i]) == '-')
 196             rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
 197         else
 198             goto err_usage;
 199 
 200         mask |= LDAP_REALM_KRBTICKETFLAGS;
 201     } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
 202         if (*(argv[*i]) == '+')
 203             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
 204 
 205         else if (*(argv[*i]) == '-')
 206             rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
 207         else
 208             goto err_usage;
 209 
 210         mask |= LDAP_REALM_KRBTICKETFLAGS;
 211     } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
 212         if (*(argv[*i]) == '+')
 213             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
 214         else if (*(argv[*i]) == '-')
 215             rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
 216         else
 217             goto err_usage;
 218 
 219         mask |= LDAP_REALM_KRBTICKETFLAGS;
 220     } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
 221         if (*(argv[*i]) == '+')
 222             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
 223         else if (*(argv[*i]) == '-')
 224             rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
 225         else
 226             goto err_usage;
 227 
 228         mask |= LDAP_REALM_KRBTICKETFLAGS;
 229     } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
 230         if (*(argv[*i]) == '+')
 231             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
 232         else if (*(argv[*i]) == '-')
 233             rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
 234         else
 235             goto err_usage;
 236 
 237         mask |= LDAP_REALM_KRBTICKETFLAGS;
 238     }
 239 
 240     else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
 241         if (*(argv[*i]) == '+')
 242             rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
 243         else if (*(argv[*i]) == '-')
 244             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
 245         else
 246             goto err_usage;
 247 
 248         mask |= LDAP_REALM_KRBTICKETFLAGS;
 249     } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
 250         if (*(argv[*i]) == '+')
 251             rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
 252         else if (*(argv[*i]) == '-')
 253             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
 254         else
 255             goto err_usage;
 256 
 257         mask |= LDAP_REALM_KRBTICKETFLAGS;
 258     } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
 259         if (*(argv[*i]) == '+')
 260             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
 261         else if (*(argv[*i]) == '-')
 262             rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
 263         else
 264             goto err_usage;
 265 
 266         mask |= LDAP_REALM_KRBTICKETFLAGS;
 267     } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
 268         if (*(argv[*i]) == '+')
 269             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
 270         else if (*(argv[*i]) == '-')
 271             rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
 272         else
 273             goto err_usage;
 274 
 275         mask |= LDAP_REALM_KRBTICKETFLAGS;
 276     } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
 277         if (*(argv[*i]) == '+')
 278             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
 279         else if (*(argv[*i]) == '-')
 280             rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
 281         else
 282             goto err_usage;
 283 
 284         mask |= LDAP_REALM_KRBTICKETFLAGS;
 285     } else if (!strcmp((argv[*i] + 1), "needchange")) {
 286         if (*(argv[*i]) == '+')
 287             rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
 288         else if (*(argv[*i]) == '-')
 289             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
 290         else
 291             goto err_usage;
 292 
 293         mask |= LDAP_REALM_KRBTICKETFLAGS;
 294     } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
 295         if (*(argv[*i]) == '+')
 296             rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
 297         else if (*(argv[*i]) == '-')
 298             rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
 299         else
 300             goto err_usage;
 301 
 302         mask |=LDAP_REALM_KRBTICKETFLAGS;
 303     }
 304 err_usage:
 305     print_usage = TRUE;
 306 
 307 err_nomsg:
 308     no_msg = TRUE;
 309 
 310     return mask;
 311 }
 312 
 313 /*
 314  * This function will create a realm on the LDAP Server, with
 315  * the specified attributes.
 316  */
 317 void kdb5_ldap_create(argc, argv)
 318     int argc;
 319     char *argv[];
 320 {
 321     krb5_error_code retval = 0;
 322     krb5_keyblock master_keyblock;
 323     krb5_ldap_realm_params *rparams = NULL;
 324     krb5_principal master_princ = NULL;
 325     kdb5_dal_handle *dal_handle = NULL;
 326     krb5_ldap_context *ldap_context=NULL;
 327     krb5_boolean realm_obj_created = FALSE;
 328     krb5_boolean create_complete = FALSE;


   1 /*
   2  * Copyright 2017 Gary Mills
   3  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   4  * Use is subject to license terms.
   5  */
   6 
   7 /*
   8  * kadmin/ldap_util/kdb5_ldap_realm.c
   9  *
  10  * Copyright 1990,1991,2001, 2002 by the Massachusetts Institute of Technology.
  11  * All Rights Reserved.
  12  *
  13  * Export of this software from the United States of America may
  14  *   require a specific license from the United States Government.
  15  *   It is the responsibility of any person or organization contemplating
  16  *   export to obtain such a license before exporting.
  17  *
  18  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  19  * distribute this software and its documentation for any purpose and
  20  * without fee is hereby granted, provided that the above copyright
  21  * notice appear in all copies and that both that copyright notice and
  22  * this permission notice appear in supporting documentation, and that


 140 
 141 
 142 static char *strdur(time_t duration);
 143 static int get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],int argc);
 144 static krb5_error_code krb5_dbe_update_mod_princ_data_new (krb5_context context, krb5_db_entry *entry, krb5_timestamp mod_date, krb5_const_principal mod_princ);
 145 static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_db_entry *entry, krb5_tl_data *new_tl_data);
 146 
 147 #define ADMIN_LIFETIME 60*60*3 /* 3 hours */
 148 #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
 149 
 150 static int get_ticket_policy(rparams,i,argv,argc)
 151     krb5_ldap_realm_params *rparams;
 152     int *i;
 153     char *argv[];
 154     int argc;
 155 {
 156     time_t date;
 157     time_t now;
 158     int mask = 0;
 159     krb5_error_code retval = 0;

 160 

 161     /* Solaris Kerberos */
 162     char *me = progname;
 163 
 164     time(&now);
 165     if (!strcmp(argv[*i], "-maxtktlife")) {
 166         if (++(*i) > argc-1)
 167             goto err_nomsg;
 168         date = get_date(argv[*i]);
 169         if (date == (time_t)(-1)) {
 170             retval = EINVAL;
 171             com_err (me, retval, gettext("while providing time specification"));
 172             goto err_nomsg;
 173         }
 174         rparams->max_life = date-now;
 175         mask |= LDAP_REALM_MAXTICKETLIFE;
 176     }
 177 
 178 
 179     else if (!strcmp(argv[*i], "-maxrenewlife")) {
 180         if (++(*i) > argc-1)
 181             goto err_nomsg;
 182 
 183         date = get_date(argv[*i]);
 184         if (date == (time_t)(-1)) {
 185             retval = EINVAL;
 186             com_err (me, retval, gettext("while providing time specification"));
 187             goto err_nomsg;
 188         }
 189         rparams->max_renewable_life = date-now;
 190         mask |= LDAP_REALM_MAXRENEWLIFE;
 191     } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
 192         if (*(argv[*i]) == '+')
 193             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
 194         else if (*(argv[*i]) == '-')
 195             rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
 196         else
 197             goto err_nomsg;
 198 
 199         mask |= LDAP_REALM_KRBTICKETFLAGS;
 200     } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
 201         if (*(argv[*i]) == '+')
 202             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
 203 
 204         else if (*(argv[*i]) == '-')
 205             rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
 206         else
 207             goto err_nomsg;
 208 
 209         mask |= LDAP_REALM_KRBTICKETFLAGS;
 210     } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
 211         if (*(argv[*i]) == '+')
 212             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
 213         else if (*(argv[*i]) == '-')
 214             rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
 215         else
 216             goto err_nomsg;
 217 
 218         mask |= LDAP_REALM_KRBTICKETFLAGS;
 219     } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
 220         if (*(argv[*i]) == '+')
 221             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
 222         else if (*(argv[*i]) == '-')
 223             rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
 224         else
 225             goto err_nomsg;
 226 
 227         mask |= LDAP_REALM_KRBTICKETFLAGS;
 228     } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
 229         if (*(argv[*i]) == '+')
 230             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
 231         else if (*(argv[*i]) == '-')
 232             rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
 233         else
 234             goto err_nomsg;
 235 
 236         mask |= LDAP_REALM_KRBTICKETFLAGS;
 237     }
 238 
 239     else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
 240         if (*(argv[*i]) == '+')
 241             rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
 242         else if (*(argv[*i]) == '-')
 243             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
 244         else
 245             goto err_nomsg;
 246 
 247         mask |= LDAP_REALM_KRBTICKETFLAGS;
 248     } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
 249         if (*(argv[*i]) == '+')
 250             rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
 251         else if (*(argv[*i]) == '-')
 252             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
 253         else
 254             goto err_nomsg;
 255 
 256         mask |= LDAP_REALM_KRBTICKETFLAGS;
 257     } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
 258         if (*(argv[*i]) == '+')
 259             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
 260         else if (*(argv[*i]) == '-')
 261             rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
 262         else
 263             goto err_nomsg;
 264 
 265         mask |= LDAP_REALM_KRBTICKETFLAGS;
 266     } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
 267         if (*(argv[*i]) == '+')
 268             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
 269         else if (*(argv[*i]) == '-')
 270             rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
 271         else
 272             goto err_nomsg;
 273 
 274         mask |= LDAP_REALM_KRBTICKETFLAGS;
 275     } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
 276         if (*(argv[*i]) == '+')
 277             rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
 278         else if (*(argv[*i]) == '-')
 279             rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
 280         else
 281             goto err_nomsg;
 282 
 283         mask |= LDAP_REALM_KRBTICKETFLAGS;
 284     } else if (!strcmp((argv[*i] + 1), "needchange")) {
 285         if (*(argv[*i]) == '+')
 286             rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
 287         else if (*(argv[*i]) == '-')
 288             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
 289         else
 290             goto err_nomsg;
 291 
 292         mask |= LDAP_REALM_KRBTICKETFLAGS;
 293     } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
 294         if (*(argv[*i]) == '+')
 295             rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
 296         else if (*(argv[*i]) == '-')
 297             rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
 298         else
 299             goto err_nomsg;
 300 
 301         mask |=LDAP_REALM_KRBTICKETFLAGS;
 302     }


 303 
 304 err_nomsg:

 305 
 306     return mask;
 307 }
 308 
 309 /*
 310  * This function will create a realm on the LDAP Server, with
 311  * the specified attributes.
 312  */
 313 void kdb5_ldap_create(argc, argv)
 314     int argc;
 315     char *argv[];
 316 {
 317     krb5_error_code retval = 0;
 318     krb5_keyblock master_keyblock;
 319     krb5_ldap_realm_params *rparams = NULL;
 320     krb5_principal master_princ = NULL;
 321     kdb5_dal_handle *dal_handle = NULL;
 322     krb5_ldap_context *ldap_context=NULL;
 323     krb5_boolean realm_obj_created = FALSE;
 324     krb5_boolean create_complete = FALSE;