upstream/oracle/userland-gate: components/krb5/patches/027-add_admin_sname

5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	1	#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	2	# This patch modifies add_admin_princ() to call krb5_sname_to_princ() instead
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	3	# of querying naming and constructing the service principal names directly.
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	4	#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	5	# Patch offered upstream:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	6	# https://github.com/krb5/krb5/pull/333
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	7	# Patch source: in-house
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	8	#
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	9	--- a/src/kadmin/dbutil/kadm5_create.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	10	+++ b/src/kadmin/dbutil/kadm5_create.c
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	11	@@ -44,8 +44,14 @@
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	12	#include <kdb.h>
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	13	#include "kdb5_util.h"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	14
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	15	-static int add_admin_princ(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	16	- char name, char realm, int attrs, int lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	17	+static int add_admin_princ_common(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	18	+ krb5_principal principal, int attrs,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	19	+ int lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	20	+static int add_admin_princ(void handle, krb5_context context, char name,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	21	+ char *realm, int attrs, int lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	22	+static int add_admin_sname_princ(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	23	+ char sname, char realm, int attrs,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	24	+ int lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	25	static int add_admin_princs(void handle, krb5_context context, char realm);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	26
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	27	#define ERR 1
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	28	@@ -145,64 +151,11 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	29	static int add_admin_princs(void handle, krb5_context context, char realm)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	30	{
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	31	krb5_error_code ret = 0;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	32	- char service_name = 0, kiprop_name = 0, *p;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	33	- char localname[MAXHOSTNAMELEN];
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	34	- struct addrinfo *ai, ai_hints;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	35	- int gai_error;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	36	-
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	37	- if (gethostname(localname, MAXHOSTNAMELEN)) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	38	- ret = errno;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	39	- perror("gethostname");
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	40	- goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	41	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	42	- memset(&ai_hints, 0, sizeof(ai_hints));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	43	- ai_hints.ai_flags = AI_CANONNAME \| AI_ADDRCONFIG;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	44	- gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	45	- if (gai_error) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	46	- ret = EINVAL;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	47	- fprintf(stderr, "getaddrinfo(%s): %s\n", localname,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	48	- gai_strerror(gai_error));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	49	- goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	50	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	51	- if (ai->ai_canonname == NULL) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	52	- ret = EINVAL;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	53	- fprintf(stderr, _("getaddrinfo(%s): Cannot determine canonical "
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	54	- "hostname.\n"), localname);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	55	- freeaddrinfo(ai);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	56	- goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	57	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	58	- for (p = ai->ai_canonname; *p; p++) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	59	-#ifdef isascii
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	60	- if (!isascii(*p))
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	61	- continue;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	62	-#else
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	63	- if (*p < ' ')
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	64	- continue;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	65	- if (*p > '~')
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	66	- continue;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	67	-#endif
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	68	- if (!isupper(*p))
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	69	- continue;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	70	- p = tolower(p);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	71	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	72	- if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	73	- ret = ENOMEM;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	74	- fprintf(stderr, _("Out of memory\n"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	75	- freeaddrinfo(ai);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	76	- goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	77	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	78	- if (asprintf(&kiprop_name, "kiprop/%s", ai->ai_canonname) < 0) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	79	- ret = ENOMEM;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	80	- fprintf(stderr, _("Out of memory\n"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	81	- freeaddrinfo(ai);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	82	- goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	83	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	84	- freeaddrinfo(ai);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	85
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	86	- if ((ret = add_admin_princ(handle, context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	87	- service_name, realm,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	88	- KRB5_KDB_DISALLOW_TGT_BASED,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	89	- ADMIN_LIFETIME)))
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	90	+ if ((ret = add_admin_sname_princ(handle, context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	91	+ KADM5_ADMIN_HOST_SERVICE, realm,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	92	+ KRB5_KDB_DISALLOW_TGT_BASED,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	93	+ ADMIN_LIFETIME)))
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	94	goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	95
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	96	if ((ret = add_admin_princ(handle, context,
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	97	@@ -218,17 +171,60 @@ static int add_admin_princs(void handle, krb5_context context, char realm)
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	98	CHANGEPW_LIFETIME)))
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	99	goto clean_and_exit;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	100
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	101	- ret = add_admin_princ(handle, context, kiprop_name, realm, 0, 0);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	102	+ ret = add_admin_sname_princ(handle, context, KADM5_KIPROP_HOST_SERVICE,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	103	+ realm, 0, 0);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	104
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	105	clean_and_exit:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	106	- free(service_name);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	107	- free(kiprop_name);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	108	-
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	109	return ret;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	110	}
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	111
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	112	+static int add_admin_princ(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	113	+ char name, char realm, int attrs, int lifetime)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	114	+{
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	115	+ krb5_error_code ret;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	116	+ char *fullname;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	117	+ krb5_principal principal;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	118	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	119	+ if (asprintf(&fullname, "%s@%s", name, realm) < 0) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	120	+ com_err(progname, ENOMEM, _("while appending realm to principal"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	121	+ return ERR;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	122	+ }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	123	+ ret = krb5_parse_name(context, fullname, &principal);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	124	+ if (ret) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	125	+ com_err(progname, ret, _("while parsing admin principal name"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	126	+ return(ERR);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	127	+ }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	128	+ free (fullname);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	129	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	130	+ return add_admin_princ_common(handle, context, principal, attrs, lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	131	+}
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	132	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	133	+static int add_admin_sname_princ(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	134	+ char sname, char realm, int attrs,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	135	+ int lifetime)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	136	+{
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	137	+ krb5_error_code ret;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	138	+ krb5_principal principal;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	139	+ char *lrealm;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	140	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	141	+ ret = krb5_sname_to_principal(context, NULL, sname, KRB5_NT_SRV_HST,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	142	+ &principal);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	143	+ if (ret) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	144	+ com_err(progname, ret, _("while parsing admin SPN"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	145	+ return(ERR);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	146	+ }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	147	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	148	+ ret = krb5_set_principal_realm(context, principal, realm);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	149	+ if (ret) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	150	+ com_err(progname, ret, _("while supplying realm to principal"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	151	+ return ERR;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	152	+ }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	153	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	154	+ return add_admin_princ_common(handle, context, principal, attrs, lifetime);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	155	+}
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	156	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	157	/*
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	158	- * Function: add_admin_princ
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	159	+ * Function: add_admin_princ_common
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	160	*
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	161	* Arguments:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	162	*
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	163	@@ -255,9 +251,9 @@ clean_and_exit:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	164	* Otherwise, the principal is created with mod_by creator and
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	165	* attributes attrs and max life of lifetime (if not zero).
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	166	*/
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	167	-
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	168	-int add_admin_princ(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	169	- char name, char realm, int attrs, int lifetime)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	170	+static int add_admin_princ_common(void *handle, krb5_context context,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	171	+ krb5_principal principal, int attrs,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	172	+ int lifetime)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	173	{
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	174	char *fullname;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	175	krb5_error_code ret;
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	176	@@ -266,15 +262,7 @@ int add_admin_princ(void *handle, krb5_context context,
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	177
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	178	memset(&ent, 0, sizeof(ent));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	179
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	180	- if (asprintf(&fullname, "%s@%s", name, realm) < 0) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	181	- com_err(progname, ENOMEM, _("while appending realm to principal"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	182	- return ERR;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	183	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	184	- ret = krb5_parse_name(context, fullname, &ent.principal);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	185	- if (ret) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	186	- com_err(progname, ret, _("while parsing admin principal name"));
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	187	- return(ERR);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	188	- }
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	189	+ ent.principal = principal;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	190	ent.max_life = lifetime;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	191	ent.attributes = attrs;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	192
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	193	@@ -283,6 +271,7 @@ int add_admin_princ(void *handle, krb5_context context,
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	194	flags \|= KADM5_MAX_LIFE;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	195	ret = kadm5_create_principal(handle, &ent, flags, NULL);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	196	if (ret && ret != KADM5_DUP) {
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	197	+ krb5_unparse_name(context, principal, &fullname);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	198	com_err(progname, ret, _("while creating principal %s"), fullname);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	199	krb5_free_principal(context, ent.principal);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	200	free(fullname);
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	201	@@ -290,7 +279,6 @@ int add_admin_princ(void *handle, krb5_context context,
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	202	}
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	203
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	204	krb5_free_principal(context, ent.principal);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	205	- free(fullname);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	206
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	207	return OK;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	208	}
6599 1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	209	--- a/src/lib/kadm5/admin.h
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3 Shawn Emery <shawn.emery@oracle.com> parents: 5490 diff changeset	210	+++ b/src/lib/kadm5/admin.h
5490 9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	211	@@ -64,7 +64,9 @@ KADM5INT_BEGIN_DECLS
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	212	#define KADM5_ADMIN_SERVICE "kadmin/admin"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	213	#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	214	#define KADM5_HIST_PRINCIPAL "kadmin/history"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	215	-#define KADM5_KIPROP_HOST_SERVICE "kiprop"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	216	+
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	217	+#define KADM5_KIPROP_HOST_SERVICE "kiprop"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	218	+#define KADM5_ADMIN_HOST_SERVICE "kadmin"
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	219
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	220	typedef krb5_principal kadm5_princ_t;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland Will Fiveash <will.fiveash@oracle.com> parents: diff changeset	221	typedef char *kadm5_policy_t;

author	Niveditha Rau <Niveditha.Rau@Oracle.COM>
	Sun, 23 Oct 2016 23:54:15 -0700
changeset 7198	337a99283a60
parent 6978	14cbeb78966a
permissions	-rw-r--r--