307  * get a client handle to use for future RPCSEC calls.
313 _kadm5_initialize_rpcsec_gss_handle(kadm5_server_handle_t handle,
360 	addr.sin_port = htons((ushort_t)handle->params.kadmind_port);
363 	printf("kadmin_port %d\n", handle->params.kadmind_port);
425 		handle->clnt = clnt_tli_create(fd, nconf, NULL,
429 		handle->clnt = clnt_tli_create(fd, nconf, NULL,
435 	if (handle->clnt == NULL) {
443 	 * The rpc-handle was created on an fd opened and connected
446 	if (clnt_control(handle->clnt, CLSET_FD_CLOSE, NULL) != TRUE) {
455 	handle->lhandle->clnt = handle->clnt;
457 	/* now that handle->clnt is set, we can check the handle */
458 	if (code = _kadm5_check_handle((void *) handle))
470 	(void) krb5_setenv("KRB5CCNAME", handle->cache_name, 1);
496 	handle->my_cred = gss_client_creds;
502 	handle->clnt->cl_auth = rpc_gss_seccreate(handle->clnt,
517 	if (handle->clnt->cl_auth == NULL) {
536 	r = init_2(&handle->api_version, handle->clnt);
545             handle->api_version == KADM5_API_VERSION_3) {
546             handle->api_version = KADM5_API_VERSION_2;
547             r = init_2(&handle->api_version, handle->clnt);
569 	 * my_cred member in the auth handle's private data structure.
579 clean_up(kadm5_server_handle_t handle,
588         krb5_cc_close(handle->context, *ccache);
590     } else if (handle->destroy_cache && *ccache) {
591         krb5_cc_destroy(handle->context, *ccache);
594     if (handle->cache_name) {
595         free(handle->cache_name);
596         handle->cache_name = NULL;
598     if(handle->clnt && handle->clnt->cl_auth)
599         AUTH_DESTROY(handle->clnt->cl_auth);
600     if(handle->clnt) {
601         clnt_destroy(handle->clnt);
602         handle->clnt = NULL;
610             krb5_free_principal(handle->context, *clientp);
615             krb5_free_principal(handle->context, *serverp);
618     krb5_free_cred_contents(handle->context, creds);
638     kadm5_server_handle_t handle;
654     if (! (handle = malloc(sizeof(*handle)))) {
657     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
658         free(handle);
662     handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
663     handle->struct_version = struct_version;
664     handle->api_version = api_version;
665     handle->clnt = 0;
666     handle->cache_name = 0;
667     handle->destroy_cache = 0;
668     *handle->lhandle = *handle;
669     handle->lhandle->api_version = KADM5_API_VERSION_3;
670     handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
671     handle->lhandle->lhandle = handle->lhandle;
673     handle->context = context;
677         free(handle->lhandle);
678         free(handle);
688     GENERIC_CHECK_HANDLE_WITH_RET(handle, KADM5_OLD_LIB_API_VERSION,
691         free(handle->lhandle);
692         free(handle);
722         free(handle);
727     if ((code = kadm5_get_config_params(handle->context, 0,
728                                         params_in, &handle->params))) {
729         free(handle->lhandle);
730         free(handle);
741     if (((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) &&
742         ((handle->params.mask & KPW_REQUIRED_PARAMS) != KPW_REQUIRED_PARAMS)) {
743         (void) kadm5_free_config_params(handle->context,
744                                         &handle->params);
745         free(handle->lhandle);
746         free(handle);
765      * for dealing with multiple admin_servers) or a rpcsec gss handle is
771         if ((code = krb5_parse_name(handle->context, client_name,
778             handle->params.kpasswd_protocol == KRB5_CHGPWD_CHANGEPW_V2 &&
791                                 strlen(handle->params.realm) + 2);
797                     handle->params.realm);
799             if ((code = krb5_parse_name(handle->context, newsvcname,
833             handle->cache_name =
834                 malloc(strlen(krb5_cc_get_type(handle->context, ccache)) +
835                        strlen(krb5_cc_get_name(handle->context, ccache)) + 2);
836             if (handle->cache_name == NULL) {
840             sprintf(handle->cache_name, "%s:%s",
841                     krb5_cc_get_type(handle->context, ccache),
842                     krb5_cc_get_name(handle->context, ccache));
845             handle->cache_name =
847             if (handle->cache_name == NULL) {
851             sprintf(handle->cache_name, "FILE:%s", ADM_CCACHE);
852             mktemp(handle->cache_name + strlen("FILE:"));
856                 handle->cache_name = malloc(sizeof("MEMORY:kadm5_")
858                 sprintf(handle->cache_name, "MEMORY:kadm5_%u", counter++);
861             if ((code = krb5_cc_resolve(handle->context, handle->cache_name,
865             if ((code = krb5_cc_initialize (handle->context, ccache,
869             handle->destroy_cache = 1;
871         handle->lhandle->cache_name = handle->cache_name;
873         if ((code = krb5_timeofday(handle->context, &now)))
895         code = krb5_unparse_name(handle->context, creds.server, &server);
904         code = krb5_copy_principal(handle->context, creds.server, &saved_server);
909             code = krb5_get_init_creds_password(handle->context,
916             if (!(pass && (code = krb5_kt_resolve(handle->context,
919                 code = krb5_get_init_creds_keytab(handle->context,
924                 if (pass) krb5_kt_close(handle->context, kt);
933             clean_up(handle, init_type, &server, &creds, &clientp, &serverp, &ccache);
934             krb5_free_principal(handle->context, saved_server);
940             krb5_free_principal(handle->context, saved_server);
953             krb5_free_principal(handle->context, creds.server);
961             code = krb5_cc_store_cred(handle->context, ccache, &creds);
971             handle->params.kpasswd_protocol == KRB5_CHGPWD_RPCSEC ||
973             code = _kadm5_initialize_rpcsec_gss_handle(handle,
986                 clean_up(handle, init_type, &server, &creds, &clientp, &serverp, &ccache);
988                 /* inited the rpcsec_gss handle, can stop looping now */
992             /* if not initing the rpcsec_gss handle no reason to loop */
998         /* wasn't able to setup a handle so bail */
1002     *server_handle = (void *) handle;
1005         krb5_cc_close(handle->context, ccache);
1011      * Note that it is illegal for this code to execute if "handle"
1014      * that allocates and initializes "handle".
1016     if (handle->cache_name)
1017         free(handle->cache_name);
1018     if (handle->destroy_cache && ccache)
1019         krb5_cc_destroy(handle->context, ccache);
1020     if(handle->clnt && handle->clnt->cl_auth)
1021         AUTH_DESTROY(handle->clnt->cl_auth);
1022     if(handle->clnt)
1023         clnt_destroy(handle->clnt);
1024     (void) kadm5_free_config_params(handle->context, &handle->params);
1037         krb5_free_principal(handle->context, clientp);
1040         krb5_free_principal(handle->context, serverp);
1042     krb5_free_cred_contents(handle->context, &creds);
1045      * Dont clean up the handle if the code is OK (code==0)
1050         free(handle->lhandle);
1051         free(handle);
1062      kadm5_server_handle_t	handle =
1069  * handle->my_cred points to. If the ccache is a MEMORY ccache then 
1075      if (handle->destroy_cache && handle->cache_name) {
1076 	 if ((code = krb5_cc_resolve(handle->context,
1077 				     handle->cache_name, &ccache)) == 0) 
1078 	     code = krb5_cc_destroy (handle->context, ccache);
1081      if (handle->cache_name)
1082 	 free(handle->cache_name);
1083      if (handle->clnt && handle->clnt->cl_auth) {
1088 		if (handle->my_cred != GSS_C_NO_CREDENTIAL)
1089 			(void) gss_release_cred(&min_stat, &handle->my_cred);
1090 	  AUTH_DESTROY(handle->clnt->cl_auth);
1092      if (handle->clnt)
1093 	  clnt_destroy(handle->clnt);
1094      if (handle->lhandle)
1095           free (handle->lhandle);
1097      kadm5_free_config_params(handle->context, &handle->params);
1099      handle->magic_number = 0;
1100      free(handle);
1121 int _kadm5_check_handle(void *handle)
1123     CHECK_HANDLE(handle);
1137 kadm5_init_iprop(void *handle, char **db_args)

Indexes created Tue Jul 24 14:28:13 CEST 2018