server_stubs.c revision 46736d35df047bb400483364f76bfcb08cdcbb25
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
*/
#include <gssapi_krb5.h> /* for gss_nt_krb5_name */
#include <krb5.h>
#include <kadm5/kadm_rpc.h>
#include <kadm5/server_internal.h>
#include <security/pam_appl.h>
#include <syslog.h>
#include <libintl.h>
#include "misc.h"
"client=%s, service=%s, addr=%s")
"service=%s, addr=%s")
extern gss_name_t gss_changepw_name;
extern gss_name_t gss_oldchangepw_name;
extern void * global_server_handle;
extern short l_port;
char buf[33];
#define CHANGEPW_SERVICE(rqstp) \
(gss_oldchangepw_name && \
kadm5_get_priv(void *server_handle,
{
void *cookie;
if (maj_stat != GSS_S_COMPLETE) {
return (NULL);
}
return (name);
}
char *
{
u_char *b;
char *frontspace = " ";
/*
* Convert the caller's IP address to a dotted string
*/
b[0] & 0xFF, b[1] & 0xFF, b[2] & 0xFF, b[3] & 0xFF);
} else {
/*
* No IP address to print. If there was a host name
* printed, then we print a space.
*/
}
return (buf);
}
{
int equal;
return(0);
return(equal);
}
/* Does a comparison of the names and then releases the first entity */
/* For use above in CHANGEPW_SERVICE */
{
int ret;
return ret;
}
/*
* Function check_handle
*
* Purpose: Check a server handle and return a com_err code if it is
* invalid or 0 if it is valid.
*
* Arguments:
*
* handle The server handle.
*/
static int check_handle(void *handle)
{
return 0;
}
/*
* Function: new_server_handle
*
* Purpose: Constructs a server handle suitable for passing into the
* server library API functions, by folding the client's API version
* and calling principal into the server handle returned by
* kadm5_init.
*
* Arguments:
* api_version (input) The API version specified by the client
* rqstp (input) The RPC request
* handle (output) The returned handle
* <return value> (output) An error code, or 0 if no error occurred
*
* Effects:
* Returns a pointer to allocated storage containing the server
* handle. If an error occurs, then no allocated storage is
* returned, and the return value of the function will be a
* non-zero com_err code.
*
* The allocated storage for the handle should be freed with
* free_server_handle (see below) when it is no longer needed.
*/
{
if (! (handle = (kadm5_server_handle_t)
return ENOMEM;
return KADM5_FAILURE;
}
return KADM5_FAILURE;
}
*out_handle = handle;
return 0;
}
/*
* Function: free_server_handle
*
* Purpose: Free handle memory allocated by new_server_handle
*
* Arguments:
*/
{
}
/*
* Function: setup_gss_names
*
* Purpose: Create printable representations of the client and server
* names.
*
* Arguments:
* rqstp (r) the RPC request
* client_name (w) pointer to client_name string
* server_name (w) pointer to server_name string
*
* Effects:
*
* Unparses the client and server names into client_name and
* server_name, both of which must be freed by the caller. Returns 0
* on success and -1 on failure. On failure client_name and server_name
* will point to null.
*/
/* SUNW14resync */
char **client_name, char **server_name)
{
*client_name = NULL;
/* Return a copy of the service principal from the raw_cred */
if (*server_name == NULL)
return (-1);
free(*server_name);
*server_name = NULL;
return (-1);
}
if (maj_stat != GSS_S_COMPLETE) {
free(*server_name);
*server_name = NULL;
return (-1);
}
/*
* Allocate space to copy the client principal. We allocate an
* extra byte to make the string null terminated if we need to.
*/
/* len is the length including the null terminating byte. */
if (tmp) {
} else {
free(*server_name);
*server_name = NULL;
}
/* Were done with the GSS buffer */
*client_name = tmp;
return (tmp ? 0 : -1);
}
{
void *cookie;
if (maj_stat != GSS_S_COMPLETE) {
return (NULL);
}
if (maj_stat != GSS_S_COMPLETE) {
return (NULL);
}
return name;
}
{
int status;
return 0;
return status;
}
/*
* This routine primarily validates the username and password
* of the principal to be created, if a prior acl check for
* the 'u' privilege succeeds. Validation is done using
* the PAM `k5migrate' service. k5migrate normally stacks
* pam_unix_auth.so and pam_unix_account.so in its auth and
* account stacks respectively.
*
* Returns 1 (true), if validation is successful,
* else returns 0 (false).
*/
int err = 0;
int result = 1;
} else {
}
if (err != PAM_SUCCESS) {
if (user)
return (0);
}
if (user)
if (err != PAM_SUCCESS) {
return (0);
}
if (err != PAM_SUCCESS) {
return (0);
}
if (err != PAM_SUCCESS) {
return (0);
}
return (result);
}
{
int success;
return 0;
return success;
}
static int
{
return 1;
return 0;
}
static int
char *op,
char *target,
char *client,
char *server,
char *addr)
{
return krb5_klog_syslog(LOG_NOTICE,
"Unauthorized request: %s, %.*s%s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
addr);
}
static int
char *op,
char *target,
const char *errmsg,
char *client,
char *server,
char *addr)
{
return krb5_klog_syslog(LOG_NOTICE,
"Request: %s, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
addr);
}
{
static generic_ret ret;
int policy_migrate = 0;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
policy_migrate = 1;
}
if (CHANGEPW_SERVICE(rqstp)
!(policy_migrate))
"kadm5_create_principal",
} else {
"kadm5_create_principal",
} else {
}
log_done("kadm5_modify_principal",
}
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return (&ret);
}
{
static generic_ret ret;
int policy_migrate = 0;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
policy_migrate = 1;
}
if (CHANGEPW_SERVICE(rqstp)
!(policy_migrate))
} else {
} else {
}
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return &ret;
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (CHANGEPW_SERVICE(rqstp)
"kadm5_delete_principal",
} else {
"kadm5_delete_principal",
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return &ret;
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (CHANGEPW_SERVICE(rqstp)
"kadm5_modify_principal",
} else {
"kadm5_modify_principal",
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return &ret;
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (! CHANGEPW_SERVICE(rqstp)) {
/* any restrictions at all on the ADD kills the RENAME */
else
}
} else
"kadm5_rename_principal",
} else {
"kadm5_rename_principal",
}
if (name)
if (prime_arg1)
if (prime_arg2)
if (client_name)
if (service_name)
return &ret;
}
{
static gprinc_ret ret;
return &ret;
goto error;
"kadm5_get_principal (V1)" : "kadm5_get_principal";
goto error;
}
goto error;
}
goto error;
}
name,
NULL))) {
} else {
free(e);
}
} else {
}
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return &ret;
}
{
static gprincs_ret ret;
return &ret;
goto error;
goto error;
}
prime_arg = "*";
goto error;
}
name,
NULL,
NULL)) {
"kadm5_get_principals",
} else {
"kadm5_get_principals",
}
if (name)
if (client_name)
if (service_name)
return (&ret);
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
} else {
"kadm5_chpass_principal",
}
"kadm5_chpass_principal",
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return (&ret);
}
{
static generic_ret ret;
char *client_name = NULL,
*service_name = NULL;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
} else {
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return (&ret);
}
#ifdef SUNWOFF
{
static generic_ret ret;
char *client_name = NULL,
*service_name = NULL;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
} else {
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return (&ret);
}
#endif
{
static generic_ret ret;
char *prime_arg;
char *client_name,
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
} else {
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return (&ret);
}
{
static generic_ret ret;
char *client_name = NULL,
*service_name = NULL;
return &ret;
goto error;
goto error;
}
goto error;
}
goto error;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
} else {
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return &ret;
}
{
static chrand_ret ret;
krb5_keyblock *k;
int nkeys;
return &ret;
goto error;
"kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
goto error;
}
goto error;
}
goto error;
}
&nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
&k, &nkeys);
} else {
}
} else {
}
}
}
if (name)
if (prime_arg)
if (client_name)
if (service_name)
return &ret;
}
{
static chrand_ret ret;
krb5_keyblock *k;
int nkeys;
char *client_name = NULL,
*service_name = NULL;
return &ret;
goto error;
"kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
goto error;
}
goto error;
}
goto error;
}
&k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
&k, &nkeys);
} else {
}
} else {
}
}
}
if (name)
if (client_name)
if (service_name)
if (prime_arg)
return (&ret);
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
name,
"kadm5_create_policy",
} else {
"kadm5_create_policy",
log_done("kadm5_create_policy",
}
if (name)
if (client_name)
if (service_name)
return &ret;
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
name,
"kadm5_delete_policy",
} else {
"kadm5_delete_policy",
log_done("kadm5_delete_policy",
}
if (name)
if (client_name)
if (service_name)
return &ret;
}
{
static generic_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
name,
"kadm5_modify_policy",
} else {
"kadm5_modify_policy",
log_done("kadm5_modify_policy",
}
if (name)
if (client_name)
if (service_name)
return (&ret);
}
gpol_ret *
{
return &ret;
goto error;
"kadm5_get_policy (V1)" : "kadm5_get_policy";
goto error;
}
goto error;
}
name,
else {
&caller_ent);
}
}
free(e);
}
} else {
}
} else {
}
if (name)
if (client_name)
if (service_name)
return (&ret);
}
{
return &ret;
goto error;
goto error;
}
prime_arg = "*";
goto error;
}
name,
"kadm5_get_policies",
} else {
"kadm5_get_policies",
}
if (name)
if (client_name)
if (service_name)
return (&ret);
}
{
static getprivs_ret ret;
return &ret;
goto error;
goto error;
}
goto error;
}
if (name)
if (client_name)
if (service_name)
return (&ret);
}
{
static generic_ret ret;
char *client_name, *service_name;
return &ret;
}
return &ret;
}
"kadm5_init (V1)" : "kadm5_init"),
"client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
"kadm5_init (V1)" : "kadm5_init"),
return (&ret);
}