From b2e745bffaaa9659200c3a7907fbd8019823ca69 Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Sat, 31 Jan 2009 02:04:23 -0500 Subject: [PATCH 01/32] Fix clean --- src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index 6eab9be..f22a01f 100644 --- a/src/Makefile +++ b/src/Makefile @@ -28,7 +28,7 @@ UTIL_PROGS := config-test zfsaddhomedir $(CONFIG_PROGS) all: $(BIN_PROGS) $(LIB_PROGS) $(EXT_PROGS) clean: - rm -f $(ALL_PROGS) $(EXT_PROGS) *.o + rm -f $(BIN_PROGS) $(EXT_PROGS) *.o config-test: config-test.o parser.o From 170fe854aaf6c3b4a8de1492e6a2120a94519645 Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Tue, 17 Feb 2009 22:25:27 -0500 Subject: [PATCH 02/32] Fix lintian warnings --- debian/control | 2 +- debian/rules | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 3661733..3f0452a 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Systems Committee Build-Depends: debhelper (>= 5.0.0), python-dev (>= 2.4), python-support (>= 0.3), libkrb5-dev, libldap2-dev, libsasl2-dev -Standards-Version: 3.7.2 +Standards-Version: 3.8.0 Package: ceo Architecture: any diff --git a/debian/rules b/debian/rules index aca0a06..4a7303b 100755 --- a/debian/rules +++ b/debian/rules @@ -19,7 +19,7 @@ install: build dh_testroot dh_installdirs python setup.py -q install --no-compile -O0 --root=debian/ceo - $(MAKE) -C src DESTDIR=$(PWD)/debian/ceo PREFIX=/usr install + $(MAKE) -C src DESTDIR=$(CURDIR)/debian/ceo PREFIX=/usr install binary-arch: build install dh_testdir From 19dd9bd764e22cdf0e82a02ce02c716cc1f37e51 Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Tue, 17 Feb 2009 22:25:33 -0500 Subject: [PATCH 03/32] Build for lenny --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 26398b3..c891281 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ceo (0.4.19) stable testing; urgency=low + + * Rebuild for lenny. + + -- Michael Spang Tue, 17 Feb 2009 22:23:30 -0500 + ceo (0.4.18) stable testing; urgency=low [ Michael Gregson ] From 1b04da2d1541ae23a7d7a54bc87a416f5cd3446c Mon Sep 17 00:00:00 2001 From: David Bartley Date: Tue, 24 Feb 2009 16:02:06 -0500 Subject: [PATCH 04/32] Update kadmin headers --- include/k5-platform.h | 1 + include/kadm5/adb_err.h | 36 --- include/kadm5/admin.h | 56 ++-- include/kadm5/chpass_util_strings.h | 39 +-- include/kadm5/kadm_err.h | 21 +- include/kadm5/kadm_rpc.h | 335 ------------------- include/kdb.h | 482 +++++++++++++++++++--------- src/kadm.c | 2 +- 8 files changed, 371 insertions(+), 601 deletions(-) create mode 100644 include/k5-platform.h delete mode 100644 include/kadm5/adb_err.h delete mode 100644 include/kadm5/kadm_rpc.h diff --git a/include/k5-platform.h b/include/k5-platform.h new file mode 100644 index 0000000..affdde1 --- /dev/null +++ b/include/k5-platform.h @@ -0,0 +1 @@ +/* This file left intentionally blank. */ diff --git a/include/kadm5/adb_err.h b/include/kadm5/adb_err.h deleted file mode 100644 index e018099..0000000 --- a/include/kadm5/adb_err.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * ettmp27965.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define OSA_ADB_NOERR (28810240L) -#define OSA_ADB_DUP (28810241L) -#define OSA_ADB_NOENT (28810242L) -#define OSA_ADB_DBINIT (28810243L) -#define OSA_ADB_BAD_POLICY (28810244L) -#define OSA_ADB_BAD_PRINC (28810245L) -#define OSA_ADB_BAD_DB (28810246L) -#define OSA_ADB_XDR_FAILURE (28810247L) -#define OSA_ADB_FAILURE (28810248L) -#define OSA_ADB_BADLOCKMODE (28810249L) -#define OSA_ADB_CANTLOCK_DB (28810250L) -#define OSA_ADB_NOTLOCKED (28810251L) -#define OSA_ADB_NOLOCKFILE (28810252L) -#define OSA_ADB_NOEXCL_PERM (28810253L) -#define ERROR_TABLE_BASE_adb (28810240L) - -extern const struct error_table et_adb_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_adb_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_adb_error_table() -#endif - -#if !defined(_WIN32) -#define init_adb_err_tbl initialize_adb_error_table -#define adb_err_base ERROR_TABLE_BASE_adb -#endif diff --git a/include/kadm5/admin.h b/include/kadm5/admin.h index bde7846..99d18d4 100644 --- a/include/kadm5/admin.h +++ b/include/kadm5/admin.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved @@ -36,14 +36,13 @@ #if !defined(USE_KADM5_API_VERSION) #define USE_KADM5_API_VERSION 2 #endif - + #include #include #include #include #include #include -#include #include #define KADM5_ADMIN_SERVICE "kadmin/admin" @@ -89,9 +88,16 @@ typedef long kadm5_ret_t; #define KADM5_FAIL_AUTH_COUNT 0x010000 #define KADM5_KEY_DATA 0x020000 #define KADM5_TL_DATA 0x040000 +#ifdef notyet /* Novell */ +#define KADM5_CPW_FUNCTION 0x080000 +#define KADM5_RANDKEY_USED 0x100000 +#endif +#define KADM5_LOAD 0x200000 + /* all but KEY_DATA and TL_DATA */ #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff + /* kadm5_policy_ent_t */ #define KADM5_PW_MAX_LIFE 0x004000 #define KADM5_PW_MIN_LIFE 0x008000 @@ -113,7 +119,7 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_ENCTYPE 0x000200 #define KADM5_CONFIG_ADBNAME 0x000400 #define KADM5_CONFIG_ADB_LOCKFILE 0x000800 -#define KADM5_CONFIG_PROFILE 0x001000 +/*#define KADM5_CONFIG_PROFILE 0x001000*/ #define KADM5_CONFIG_ACL_FILE 0x002000 #define KADM5_CONFIG_KADMIND_PORT 0x004000 #define KADM5_CONFIG_ENCTYPES 0x008000 @@ -124,7 +130,9 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 #define KADM5_CONFIG_NO_AUTH 0x200000 #define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000 - +#ifdef notyet /* Novell */ +#define KADM5_CONFIG_KPASSWD_SERVER 0x800000 +#endif /* * permission bits */ @@ -204,22 +212,19 @@ typedef struct _kadm5_policy_ent_t { long policy_refcnt; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; -typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; -} krb5_key_salt_tuple; - /* * Data structure returned by kadm5_get_config_params() */ typedef struct _kadm5_config_params { long mask; char * realm; - char * profile; int kadmind_port; int kpasswd_port; char * admin_server; +#ifdef notyet /* Novell */ /* ABI change? */ + char * kpasswd_server; +#endif char * dbname; char * admin_dbname; @@ -281,11 +286,11 @@ typedef struct __krb5_realm_params { #if USE_KADM5_API_VERSION > 1 krb5_error_code kadm5_get_config_params(krb5_context context, - char *kdcprofile, char *kdcenv, + int use_kdc_config, kadm5_config_params *params_in, kadm5_config_params *params_out); -krb5_error_code kadm5_free_config_params(krb5_context context, +krb5_error_code kadm5_free_config_params(krb5_context context, kadm5_config_params *params); krb5_error_code kadm5_free_realm_params(krb5_context kcontext, @@ -304,9 +309,10 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, - char *pass, + char *pass, char *service_name, #if USE_KADM5_API_VERSION == 1 char *realm, @@ -315,6 +321,7 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -326,6 +333,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, @@ -334,6 +342,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #endif kadm5_ret_t kadm5_lock(void *server_handle); @@ -455,7 +464,7 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, + char *new_pw, char **ret_pw, char *msg_ret, unsigned int msg_len); @@ -480,9 +489,11 @@ kadm5_ret_t kadm5_free_key_data(void *server_handle, krb5_key_data *key_data); #endif -kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, +kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, int count); +krb5_error_code kadm5_init_krb5_context (krb5_context *); + #if USE_KADM5_API_VERSION == 1 /* * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time @@ -515,7 +526,7 @@ enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MO * Successful return code */ #define OVSEC_KADM_OK 0 - + /* * Create/Modify masks */ @@ -594,13 +605,15 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, - char *pass, + char *pass, char *service_name, - char *realm, + char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char ** db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, @@ -608,6 +621,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); @@ -664,7 +678,7 @@ ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, + char *new_pw, char **ret_pw, char *msg_ret); diff --git a/include/kadm5/chpass_util_strings.h b/include/kadm5/chpass_util_strings.h index cddd285..affdde1 100644 --- a/include/kadm5/chpass_util_strings.h +++ b/include/kadm5/chpass_util_strings.h @@ -1,38 +1 @@ -/* - * ettmp27966.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define CHPASS_UTIL_GET_POLICY_INFO (-1492553984L) -#define CHPASS_UTIL_GET_PRINC_INFO (-1492553983L) -#define CHPASS_UTIL_NEW_PASSWORD_MISMATCH (-1492553982L) -#define CHPASS_UTIL_NEW_PASSWORD_PROMPT (-1492553981L) -#define CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT (-1492553980L) -#define CHPASS_UTIL_NO_PASSWORD_READ (-1492553979L) -#define CHPASS_UTIL_NO_POLICY_YET_Q_ERROR (-1492553978L) -#define CHPASS_UTIL_PASSWORD_CHANGED (-1492553977L) -#define CHPASS_UTIL_PASSWORD_IN_DICTIONARY (-1492553976L) -#define CHPASS_UTIL_PASSWORD_NOT_CHANGED (-1492553975L) -#define CHPASS_UTIL_PASSWORD_TOO_SHORT (-1492553974L) -#define CHPASS_UTIL_TOO_FEW_CLASSES (-1492553973L) -#define CHPASS_UTIL_PASSWORD_TOO_SOON (-1492553972L) -#define CHPASS_UTIL_PASSWORD_REUSE (-1492553971L) -#define CHPASS_UTIL_WHILE_TRYING_TO_CHANGE (-1492553970L) -#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L) -#define ERROR_TABLE_BASE_ovku (-1492553984L) - -extern const struct error_table et_ovku_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_ovku_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_ovku_error_table() -#endif - -#if !defined(_WIN32) -#define init_ovku_err_tbl initialize_ovku_error_table -#define ovku_err_base ERROR_TABLE_BASE_ovku -#endif +/* This file left intentionally blank. */ diff --git a/include/kadm5/kadm_err.h b/include/kadm5/kadm_err.h index 050ffca..54aa52d 100644 --- a/include/kadm5/kadm_err.h +++ b/include/kadm5/kadm_err.h @@ -1,9 +1,9 @@ /* - * ettmp27967.h: + * ettmp11037.h: * This file is automatically generated; please do not edit it. */ -#include +#include #define KADM5_FAILURE (43787520L) #define KADM5_AUTH_GET (43787521L) @@ -60,18 +60,15 @@ #define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L) #define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L) #define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L) +#define KADM5_XDR_FAILURE (43787575L) +extern const struct error_table et_ovk_error_table; +extern void initialize_ovk_error_table(void); + +/* For compatibility with Heimdal */ +extern void initialize_ovk_error_table_r(struct et_list **list); + #define ERROR_TABLE_BASE_ovk (43787520L) -extern const struct error_table et_ovk_error_table; - -#if !defined(_WIN32) /* for compatibility with older versions... */ -extern void initialize_ovk_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_ovk_error_table() -#endif - -#if !defined(_WIN32) #define init_ovk_err_tbl initialize_ovk_error_table #define ovk_err_base ERROR_TABLE_BASE_ovk -#endif diff --git a/include/kadm5/kadm_rpc.h b/include/kadm5/kadm_rpc.h deleted file mode 100644 index 07ffb3a..0000000 --- a/include/kadm5/kadm_rpc.h +++ /dev/null @@ -1,335 +0,0 @@ -#ifndef __KADM_RPC_H__ -#define __KADM_RPC_H__ - -#include - -#include -#include - -struct cprinc_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; - char *passwd; -}; -typedef struct cprinc_arg cprinc_arg; -bool_t xdr_cprinc_arg(); - -struct cprinc3_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - char *passwd; -}; -typedef struct cprinc3_arg cprinc3_arg; -bool_t xdr_cprinc3_arg(); - -struct generic_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; -}; -typedef struct generic_ret generic_ret; -bool_t xdr_generic_ret(); - -struct dprinc_arg { - krb5_ui_4 api_version; - krb5_principal princ; -}; -typedef struct dprinc_arg dprinc_arg; -bool_t xdr_dprinc_arg(); - -struct mprinc_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; -}; -typedef struct mprinc_arg mprinc_arg; -bool_t xdr_mprinc_arg(); - -struct rprinc_arg { - krb5_ui_4 api_version; - krb5_principal src; - krb5_principal dest; -}; -typedef struct rprinc_arg rprinc_arg; -bool_t xdr_rprinc_arg(); - -struct gprincs_arg { - krb5_ui_4 api_version; - char *exp; -}; -typedef struct gprincs_arg gprincs_arg; -bool_t xdr_gprincs_arg(); - -struct gprincs_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - char **princs; - int count; -}; -typedef struct gprincs_ret gprincs_ret; -bool_t xdr_gprincs_ret(); - -struct chpass_arg { - krb5_ui_4 api_version; - krb5_principal princ; - char *pass; -}; -typedef struct chpass_arg chpass_arg; -bool_t xdr_chpass_arg(); - -struct chpass3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - char *pass; -}; -typedef struct chpass3_arg chpass3_arg; -bool_t xdr_chpass3_arg(); - -struct setv4key_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_keyblock *keyblock; -}; -typedef struct setv4key_arg setv4key_arg; -bool_t xdr_setv4key_arg(); - -struct setkey_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_keyblock *keyblocks; - int n_keys; -}; -typedef struct setkey_arg setkey_arg; -bool_t xdr_setkey_arg(); - -struct setkey3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - krb5_keyblock *keyblocks; - int n_keys; -}; -typedef struct setkey3_arg setkey3_arg; -bool_t xdr_setkey3_arg(); - -struct chrand_arg { - krb5_ui_4 api_version; - krb5_principal princ; -}; -typedef struct chrand_arg chrand_arg; -bool_t xdr_chrand_arg(); - -struct chrand3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; -}; -typedef struct chrand3_arg chrand3_arg; -bool_t xdr_chrand3_arg(); - -struct chrand_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - krb5_keyblock key; - krb5_keyblock *keys; - int n_keys; -}; -typedef struct chrand_ret chrand_ret; -bool_t xdr_chrand_ret(); - -struct gprinc_arg { - krb5_ui_4 api_version; - krb5_principal princ; - long mask; -}; -typedef struct gprinc_arg gprinc_arg; -bool_t xdr_gprinc_arg(); - -struct gprinc_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - kadm5_principal_ent_rec rec; -}; -typedef struct gprinc_ret gprinc_ret; -bool_t xdr_gprinc_ret(); -bool_t xdr_kadm5_ret_t(); -bool_t xdr_kadm5_principal_ent_rec(); -bool_t xdr_kadm5_policy_ent_rec(); -bool_t xdr_krb5_keyblock(); -bool_t xdr_krb5_principal(); -bool_t xdr_krb5_enctype(); -bool_t xdr_krb5_octet(); -bool_t xdr_krb5_int32(); -bool_t xdr_u_int32(); - -struct cpol_arg { - krb5_ui_4 api_version; - kadm5_policy_ent_rec rec; - long mask; -}; -typedef struct cpol_arg cpol_arg; -bool_t xdr_cpol_arg(); - -struct dpol_arg { - krb5_ui_4 api_version; - char *name; -}; -typedef struct dpol_arg dpol_arg; -bool_t xdr_dpol_arg(); - -struct mpol_arg { - krb5_ui_4 api_version; - kadm5_policy_ent_rec rec; - long mask; -}; -typedef struct mpol_arg mpol_arg; -bool_t xdr_mpol_arg(); - -struct gpol_arg { - krb5_ui_4 api_version; - char *name; -}; -typedef struct gpol_arg gpol_arg; -bool_t xdr_gpol_arg(); - -struct gpol_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - kadm5_policy_ent_rec rec; -}; -typedef struct gpol_ret gpol_ret; -bool_t xdr_gpol_ret(); - -struct gpols_arg { - krb5_ui_4 api_version; - char *exp; -}; -typedef struct gpols_arg gpols_arg; -bool_t xdr_gpols_arg(); - -struct gpols_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - char **pols; - int count; -}; -typedef struct gpols_ret gpols_ret; -bool_t xdr_gpols_ret(); - -struct getprivs_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - long privs; -}; -typedef struct getprivs_ret getprivs_ret; -bool_t xdr_getprivs_ret(); - -#define KADM ((krb5_ui_4)2112) -#define KADMVERS ((krb5_ui_4)2) -#define CREATE_PRINCIPAL ((krb5_ui_4)1) -extern generic_ret *create_principal_1_svc(cprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt); - -#define DELETE_PRINCIPAL ((krb5_ui_4)2) -extern generic_ret *delete_principal_1_svc(dprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt); - -#define MODIFY_PRINCIPAL ((krb5_ui_4)3) -extern generic_ret *modify_principal_1_svc(mprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt); - -#define RENAME_PRINCIPAL ((krb5_ui_4)4) -extern generic_ret *rename_principal_1_svc(rprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt); - -#define GET_PRINCIPAL ((krb5_ui_4)5) -extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp); -extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt); - -#define CHPASS_PRINCIPAL ((krb5_ui_4)6) -extern generic_ret *chpass_principal_1_svc(chpass_arg *arg, - struct svc_req *rqstp); -extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt); - -#define CHRAND_PRINCIPAL ((krb5_ui_4)7) -extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg, - struct svc_req *rqstp); -extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt); - -#define CREATE_POLICY ((krb5_ui_4)8) -extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt); - -#define DELETE_POLICY ((krb5_ui_4)9) -extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt); - -#define MODIFY_POLICY ((krb5_ui_4)10) -extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt); - -#define GET_POLICY ((krb5_ui_4)11) -extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp); -extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt); - -#define GET_PRIVS ((krb5_ui_4)12) -extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); -extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt); - -#define INIT ((krb5_ui_4)13) -extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); -extern generic_ret *init_1(void *argp, CLIENT *clnt); - -#define GET_PRINCS ((krb5_ui_4) 14) -extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp); -extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt); - -#define GET_POLS ((krb5_ui_4) 15) -extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp); -extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt); - -#define SETKEY_PRINCIPAL ((krb5_ui_4) 16) -extern generic_ret *setkey_principal_1_svc(setkey_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt); - -#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17) -extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt); - -#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18) -extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt); - -#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19) -extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt); - -#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20) -extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg, - struct svc_req *rqstp); -extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt); - -#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21) -extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt); - -#endif /* __KADM_RPC_H__ */ diff --git a/include/kdb.h b/include/kdb.h index e704908..e8a5878 100644 --- a/include/kdb.h +++ b/include/kdb.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * KDC Database interface definitions. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -84,8 +84,6 @@ #define KRB5_KDB_CREATE_BTREE 0x00000001 #define KRB5_KDB_CREATE_HASH 0x00000002 -#if !defined(_WIN32) - /* * Note --- these structures cannot be modified without changing the * database version number in libkdb.a, but should be expandable by @@ -93,12 +91,12 @@ */ typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; /* NOT saved */ - krb5_int16 tl_data_type; - krb5_ui_2 tl_data_length; - krb5_octet * tl_data_contents; + krb5_int16 tl_data_type; + krb5_ui_2 tl_data_length; + krb5_octet * tl_data_contents; } krb5_tl_data; -/* +/* * If this ever changes up the version number and make the arrays be as * big as necessary. * @@ -115,13 +113,14 @@ typedef struct _krb5_key_data { #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ typedef struct _krb5_keysalt { - krb5_int16 type; + krb5_int16 type; krb5_data data; /* Length, data */ } krb5_keysalt; typedef struct _krb5_db_entry_new { krb5_magic magic; /* NOT saved */ - krb5_ui_2 len; + krb5_ui_2 len; + krb5_ui_4 mask; /* members currently changed/set */ krb5_flags attributes; krb5_deltat max_life; krb5_deltat max_renewable_life; @@ -135,14 +134,32 @@ typedef struct _krb5_db_entry_new { krb5_ui_2 e_length; /* Length of extra data */ krb5_octet * e_data; /* Extra data to be saved */ - krb5_principal princ; /* Length, data */ + krb5_principal princ; /* Length, data */ krb5_tl_data * tl_data; /* Linked list */ krb5_key_data * key_data; /* Array */ } krb5_db_entry; +typedef struct _osa_policy_ent_t { + int version; + char *name; + krb5_ui_4 pw_min_life; + krb5_ui_4 pw_max_life; + krb5_ui_4 pw_min_length; + krb5_ui_4 pw_min_classes; + krb5_ui_4 pw_history_num; + krb5_ui_4 policy_refcnt; +} osa_policy_ent_rec, *osa_policy_ent_t; + +typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); + +typedef struct __krb5_key_salt_tuple { + krb5_enctype ks_enctype; + krb5_int32 ks_salttype; +} krb5_key_salt_tuple; + #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 - + #define KRB5_TL_LAST_PWD_CHANGE 0x0001 #define KRB5_TL_MOD_PRINC 0x0002 #define KRB5_TL_KADM_DATA 0x0003 @@ -150,8 +167,10 @@ typedef struct _krb5_db_entry_new { #define KRB5_TL_RB1_CHALLENGE 0x0005 #ifdef SECURID #define KRB5_TL_SECURID_STATE 0x0006 +#define KRB5_TL_DB_ARGS 0x7fff #endif /* SECURID */ - +#define KRB5_TL_USER_CERTIFICATE 0x0007 + /* * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set * on the principal. @@ -165,6 +184,7 @@ typedef struct _krb5_db_entry_new { #define KRB5_KDC_MKEY_1 "Enter KDC database master key" #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" + extern char *krb5_mkey_pwd_prompt1; extern char *krb5_mkey_pwd_prompt2; @@ -173,162 +193,308 @@ extern char *krb5_mkey_pwd_prompt2; * * Data encoding is little-endian. */ +#include "k5-platform.h" #define krb5_kdb_decode_int16(cp, i16) \ - *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \ - ((krb5_int16) ((unsigned char) (cp)[1]) << 8)) + *((krb5_int16 *) &(i16)) = load_16_le(cp) #define krb5_kdb_decode_int32(cp, i32) \ - *((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \ - ((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \ - ((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \ - ((krb5_int32) ((unsigned char) (cp)[3]) << 24)) -#define krb5_kdb_encode_int16(i16, cp) \ - { \ - (cp)[0] = (unsigned char) ((i16) & 0xff); \ - (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \ - } -#define krb5_kdb_encode_int32(i32, cp) \ - { \ - (cp)[0] = (unsigned char) ((i32) & 0xff); \ - (cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \ - (cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \ - (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \ - } + *((krb5_int32 *) &(i32)) = load_32_le(cp) +#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp) +#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp) + +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 + +#ifndef KRB5_KDB_SRV_TYPE_KDC +#define KRB5_KDB_SRV_TYPE_KDC 0x0100 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_ADMIN +#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_PASSWD +#define KRB5_KDB_SRV_TYPE_PASSWD 0x0300 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_OTHER +#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 +#endif + +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 + +#define KRB5_DB_LOCKMODE_SHARED 0x0001 +#define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002 +#define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004 +#define KRB5_DB_LOCKMODE_PERMANENT 0x0008 /* libkdb.spec */ -krb5_error_code krb5_db_set_name (krb5_context, char * ); -krb5_error_code krb5_db_init (krb5_context); -krb5_error_code krb5_db_fini (krb5_context); -krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * ); -krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 ); -krb5_error_code krb5_db_rename (krb5_context, char *, char * ); -krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal , - krb5_db_entry *, int *, - krb5_boolean * ); -void krb5_db_free_principal (krb5_context, krb5_db_entry *, int ); -krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * ); -krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal, - int * ); -krb5_error_code krb5_db_iterate (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer); -krb5_error_code krb5_db_iterate_ext (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer, int, int); -krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, - krb5_keyblock *); -krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal, - krb5_keyblock *); +krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode ); +krb5_error_code krb5_db_init ( krb5_context kcontext ); +krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_inited ( krb5_context kcontext ); +krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_fini ( krb5_context kcontext ); +const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code ); +krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t ); +krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value ); +krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ); +krb5_error_code krb5_db_unlock ( krb5_context kcontext ); +krb5_error_code krb5_db_get_principal ( krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); +krb5_error_code krb5_db_free_principal ( krb5_context kcontext, + krb5_db_entry *entry, + int count ); +krb5_error_code krb5_db_put_principal ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries); +krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, + krb5_principal search_for, + int *nentries ); +krb5_error_code krb5_db_iterate ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); +krb5_error_code krb5_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); +krb5_error_code krb5_db_set_mkey ( krb5_context context, + krb5_keyblock *key); +krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); +krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, + krb5_keyblock *key ); +krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); +krb5_error_code krb5_db_fetch_mkey ( krb5_context context, + krb5_principal mname, + krb5_enctype etype, + krb5_boolean fromkeyboard, + krb5_boolean twice, + char *db_args, + krb5_data *salt, + krb5_keyblock *key); +krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, + krb5_principal mprinc, + krb5_keyblock *mkey ); +krb5_error_code +krb5_dbe_find_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); -krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *, - const char *, char **, - krb5_principal *); -krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *); +krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); -krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **); -krb5_error_code krb5_db_destroy (krb5_context, char * ); -krb5_error_code krb5_db_lock (krb5_context, int ); -krb5_error_code krb5_db_unlock (krb5_context); -krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean, - krb5_boolean * ); -krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean); -krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype, - krb5_boolean, krb5_boolean, char *, - krb5_data *, - krb5_keyblock * ); +krb5_error_code +krb5_db_setup_mkey_name ( krb5_context context, + const char *keyname, + const char *realm, + char **fullname, + krb5_principal *principal); -krb5_error_code krb5_db_open_database (krb5_context); -krb5_error_code krb5_db_close_database (krb5_context); +krb5_error_code +krb5_dbekd_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); -krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_keyblock *, - const krb5_keysalt *, - int, - krb5_key_data *); -krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_key_data *, - krb5_keyblock *, - krb5_keysalt *); -krb5_error_code krb5_dbe_create_key_data (krb5_context, - krb5_db_entry *); -krb5_error_code krb5_dbe_update_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_lookup_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp); -krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp *); -krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp, - krb5_const_principal); -krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp *, - krb5_principal *); -int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal); -void krb5_free_princ_dbkey (krb5_context, krb5_data *); -krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_free_princ_contents (krb5_context, krb5_data *); -krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_dbe_free_contents (krb5_context, krb5_db_entry *); +krb5_error_code +krb5_dbekd_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); -krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); +krb5_error_code +krb5_dbe_lookup_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * mod_time, + krb5_principal * mod_princ); + -krb5_error_code krb5_dbe_search_enctype (krb5_context, - krb5_db_entry *, - krb5_int32 *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); -struct __krb5_key_salt_tuple; +krb5_error_code +krb5_dbe_lookup_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * ret_tl_data); -krb5_error_code krb5_dbe_cpw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_apw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - krb5_db_entry *); -krb5_error_code krb5_dbe_crk (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_ark (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_db_entry *); +krb5_error_code +krb5_dbe_create_key_data( krb5_context context, + krb5_db_entry * entry); -krb5_error_code krb5_ser_db_context_init (krb5_context); + +krb5_error_code +krb5_dbe_update_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp mod_date, + krb5_const_principal mod_princ); + +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); + +void *krb5_db_alloc( krb5_context kcontext, + void *ptr, + size_t size ); + +void krb5_db_free( krb5_context kcontext, + void *ptr); + + +krb5_error_code +krb5_dbe_lookup_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * stamp); + +krb5_error_code +krb5_dbe_update_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * new_tl_data); + +krb5_error_code +krb5_dbe_cpw( krb5_context kcontext, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + + +krb5_error_code +krb5_dbe_ark( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_crk( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_apw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + krb5_db_entry * db_entry); + +/* default functions. Should not be directly called */ +/* + * Default functions prototype + */ + +krb5_error_code +krb5_dbe_def_search_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + +krb5_error_code +krb5_def_store_mkey( krb5_context context, + char *keyfile, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); + + +krb5_error_code +krb5_db_def_fetch_mkey( krb5_context context, + krb5_principal mname, + krb5_keyblock *key, + int *kvno, + char *db_args); + +krb5_error_code +krb5_def_verify_master_key( krb5_context context, + krb5_principal mprinc, + krb5_keyblock *mkey); + +krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); + +krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); + +krb5_error_code +krb5_dbe_def_cpw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_def_promote_db(krb5_context, char *, char **); + +krb5_error_code +krb5_db_create_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *nentries); + +krb5_error_code +krb5_db_put_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_iter_policy( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data); + +krb5_error_code +krb5_db_delete_policy( krb5_context kcontext, + char *policy); + +void +krb5_db_free_policy( krb5_context kcontext, + osa_policy_ent_t policy); #define KRB5_KDB_DEF_FLAGS 0 -#endif /* !defined(_WIN32) */ #endif /* KRB5_KDB5__ */ diff --git a/src/kadm.c b/src/kadm.c index 0fd05b6..fed6888 100644 --- a/src/kadm.c +++ b/src/kadm.c @@ -16,7 +16,7 @@ void ceo_kadm_init() { retval = kadm5_init_with_skey(admin_principal, admin_keytab, KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION, - KADM5_API_VERSION_2, &handle); + KADM5_API_VERSION_2, NULL, &handle); if (retval) { com_err(prog, retval, "while initializing kadm5"); exit(1); From a5451d8e4aa57714953958126d59b1671bf41091 Mon Sep 17 00:00:00 2001 From: David Bartley Date: Tue, 24 Feb 2009 16:08:55 -0500 Subject: [PATCH 05/32] Release 0.4.20 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index c891281..0c60d95 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ceo (0.4.20) stable testing; urgency=low + + * Update kadmin headers + + -- David Bartley Tue, 24 Feb 2009 16:08:12 -0500 + ceo (0.4.19) stable testing; urgency=low * Rebuild for lenny. From a609eb07987184984b7c3ff31d26f1c5113a1a48 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:33:25 -0400 Subject: [PATCH 06/32] Patches to library for adding books. .cf are ignored now too. --- .gitignore | 1 + ceo/urwid/library.py | 57 ++++++++++++++++++++++++++++++++++++++++++ etc/library.cf.example | 5 ++++ 3 files changed, 63 insertions(+) create mode 100644 etc/library.cf.example diff --git a/.gitignore b/.gitignore index 307fdb4..c8b62c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /build-stamp /build *.pyc +*.cf \ No newline at end of file diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 3cc02e8..20b7d55 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -5,12 +5,24 @@ from ceo.urwid.widgets import * from ceo.urwid.window import * from sqlobject.sqlbuilder import * from datetime import datetime, timedelta +from pymazon import PyMazon from ceo import terms import ceo.library as lib +CONFIG_FILE = "/etc/csc/library.cf" +cfg = {} + +def configure(): + """ + Load configuration + """ + cfg_fields = [ "aws_account_key" ] + temp_cfg = conf.read(CONFIG_FILE) + conf.check_string_fields(CONFIG_FILE, cfg_fields, temp_cfg) + cfg.update(temp_cfg) def library(data): """ @@ -35,6 +47,12 @@ def search_books(data): ]) push_window(menu, "Book Search") +def add_book(data): + """ + Add book to library. Also stab Sapphyre. + """ + push_wizard("Add Book", [BookAddPage]) + def overdue_books(data): """ Display a list of all books that are overdue. @@ -83,6 +101,45 @@ def return_book(data): """ push_wizard("Checkout", [CheckinPage, ConfirmPage]) +class BookAddPage(WizardPanel): + """ + Thingy for going on screen to add books. + """ + def init_widgets(self): + """ + Make some widgets. + """ + self.isbn = SingleEdit("ISBN: ") + + self.widgets = [ + urwid.Text("Adding New Book"), + urwid.Divider(), + self.isbn + ] + + def check(self): + """ + Do black magic. + """ + isbn = self.isbn.get_edit_text() + + try: + pymazon = PyMazon(cfg["aws_account_key"]) + book = pymazon.lookup(isbn) + + currents = lib.Book.select(lib.Book.q.isbn==isbn) + if len(currents) == 0: + lib.Book(isbn=isbn, title=book.title, + year=book.year, publisher=book.publisher) + else: + sys.stderr.write("Fuck you.\n") + set_status("Book already exists, fucker.") + + except PyMazonError, e: + sys.stderr.write("Book not added: " + e.message + "\n") + set_status("Amazon thinks this is not a book. Take it up with them.") + + class BookSearchPage(WizardPanel): """ The page used when searching for books. diff --git a/etc/library.cf.example b/etc/library.cf.example new file mode 100644 index 0000000..030a0f1 --- /dev/null +++ b/etc/library.cf.example @@ -0,0 +1,5 @@ +# /etc/csc/library.cf: Library Config + +library_db_path = /users/office/library.db +library_connect_string = "sqlite:///home/mgregson/csc/pyceo/test.db" +aws_account_key = "1TNCT5S0RNDV13CJJCG2" \ No newline at end of file From 70916783d0b9edbf86688643083bacfb855f5fc4 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:40:20 -0400 Subject: [PATCH 07/32] Adding pymazon. --- ceo/pymazon.py | 134 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 ceo/pymazon.py diff --git a/ceo/pymazon.py b/ceo/pymazon.py new file mode 100644 index 0000000..47fe6df --- /dev/null +++ b/ceo/pymazon.py @@ -0,0 +1,134 @@ +#!/usr/bin/python + +from xml.dom import minidom, Node +import urllib +import time + +class PyMazonError(Exception): + """Holds information about an error that occured during a pymazon request""" + def __init__(self, messages): + self.__message = '\n'.join(messages) + + def __get_message(self): + return self.__message + + def __str__(self): + return repr(self.__message) + + message = property(fget=__get_message) + + +class PyMazonBook: + """Stores information about a book retrieved via PyMazon.""" + def __init__(self, title, authors, publisher, year, isbn10, isbn13, edition): + self.__title = title + self.__authors = authors + self.__publisher = publisher + self.__year = year + self.__isbn10 = isbn10 + self.__isbn13 = isbn13 + self.__edition = edition + + def __str__(self): + return 'Title: ' + self.title + '\n' + \ + 'Author(s): ' + ', '.join(self.authors) + '\n' \ + 'Publisher: ' + self.publisher + '\n' + \ + 'Year: ' + self.year + '\n' + \ + 'ISBN-10: ' + self.isbn10 + '\n' + \ + 'ISBN-13: ' + self.isbn13 + '\n' + \ + 'Edition: ' + self.edition + + def __get_title(self): + return self.__title + + def __get_authors(self): + return self.__authors + + def __get_publisher(self): + return self.__publisher + + def __get_year(self): + return self.__year + + def __get_isbn10(self): + return self.__isbn10 + + def __get_isbn13(self): + return self.__isbn13 + + def __get_edition(self): + return self.__edition + + title = property(fget=__get_title) + authors = property(fget=__get_authors) + publisher = property(fget=__get_publisher) + year = property(fget=__get_year) + isbn10 = property(fget=__get_isbn10) + isbn13 = property(fget=__get_isbn13) + edition = property(fget=__get_edition) + + +class PyMazon: + """A method of looking up book information on Amazon.""" + def __init__(self, accesskey): + self.__key = accesskey + self.__last_query_time = 0 + + def __form_request(self, isbn): + return 'http://webservices.amazon.com/onca/xml?' + \ + 'Service=AWSECommerceService' + \ + '&Version=2008-08-19' + \ + '&AWSAccessKeyId=' + self.__key + \ + '&Operation=ItemLookup' + \ + '&ResponseGroup=ItemAttributes' + \ + '&IdType=ISBN' + \ + '&SearchIndex=Books' + \ + '&ItemId=' + isbn + + def __elements_text(self, element, name): + result = [] + matching = element.getElementsByTagName(name) + for match in matching: + if len(match.childNodes) != 1: + continue + child = match.firstChild + if child.nodeType != Node.TEXT_NODE: + continue + result.append(child.nodeValue.strip()) + return result + + def __format_errors(self, errors): + error_list = [] + for error in errors: + error_list.extend(self.__elements_text(error, 'Message')) + return error_list + + def __extract_single(self, element, name): + matches = self.__elements_text(element, name) + if len(matches) == 0: + return '' + return matches[0] + + def lookup(self, isbn): + file = urllib.urlretrieve(self.__form_request(isbn))[0] + xmldoc = minidom.parse(file) + + cur_time = time.time() + while cur_time - self.__last_query_time < 1.0: + sleep(cur_time - self.__last_query_time) + cur_time = time.time() + self.__last_query_time = cur_time + + errors = xmldoc.getElementsByTagName('Errors') + if len(errors) != 0: + raise PyMazonError, self.__format_errors(errors) + + title = self.__extract_single(xmldoc, 'Title') + authors = self.__elements_text(xmldoc, 'Author') + publisher = self.__extract_single(xmldoc, 'Publisher') + year = self.__extract_single(xmldoc, 'PublicationDate')[0:4] + isbn10 = self.__extract_single(xmldoc, 'ISBN') + isbn13 = self.__extract_single(xmldoc, 'EAN') + edition = self.__extract_single(xmldoc, 'Edition') + + return PyMazonBook(title, authors, publisher, year, isbn10, isbn13, edition) From 7354142badc046d1d669bfe150a27a93bdca1542 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:41:27 -0400 Subject: [PATCH 08/32] Fixing imports. --- ceo/urwid/library.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 20b7d55..ba4a15e 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -5,7 +5,7 @@ from ceo.urwid.widgets import * from ceo.urwid.window import * from sqlobject.sqlbuilder import * from datetime import datetime, timedelta -from pymazon import PyMazon +from ceo.pymazon import PyMazon from ceo import terms From 256d897e7e8ac06020102400366a1f044ec85e81 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:47:54 -0400 Subject: [PATCH 09/32] Now have uncomment add book menu item. --- ceo/urwid/library.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index ba4a15e..65d1a08 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -32,7 +32,7 @@ def library(data): ("Checkout Book", checkout_book, None), ("Return Book", return_book, None), ("Search Books", search_books, None), -# ("Add Book", add_book, None), + ("Add Book", add_book, None), ("Back", raise_back, None), ]) push_window(menu, "Library") From a213655bd5de5c12e80dced88c312e14ef92c0e0 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:50:09 -0400 Subject: [PATCH 10/32] Maybe now? --- ceo/urwid/library.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 65d1a08..bd5483c 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -6,6 +6,7 @@ from ceo.urwid.window import * from sqlobject.sqlbuilder import * from datetime import datetime, timedelta from ceo.pymazon import PyMazon +from ceo.pymazon import PyMazonError from ceo import terms From 4aab4468582a3cbc8d7d2ef1890eab3ed1372387 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:53:48 -0400 Subject: [PATCH 11/32] Maybe? --- ceo/urwid/library.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index bd5483c..4a2fcdf 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -122,6 +122,7 @@ class BookAddPage(WizardPanel): """ Do black magic. """ + configure() isbn = self.isbn.get_edit_text() try: From bf98adc0346001db4414b163eac5070abf3db993 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 01:57:04 -0400 Subject: [PATCH 12/32] Wee! Conf should work? --- ceo/urwid/library.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 4a2fcdf..85e609b 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -7,6 +7,7 @@ from sqlobject.sqlbuilder import * from datetime import datetime, timedelta from ceo.pymazon import PyMazon from ceo.pymazon import PyMazonError +from ceo import conf from ceo import terms From 1d7f7396315aa1abc47bf711f630b4f3fa81db88 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 02:02:17 -0400 Subject: [PATCH 13/32] Correct book counting. --- ceo/urwid/library.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 85e609b..4f777ea 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -131,7 +131,7 @@ class BookAddPage(WizardPanel): book = pymazon.lookup(isbn) currents = lib.Book.select(lib.Book.q.isbn==isbn) - if len(currents) == 0: + if currents.count() == 0: lib.Book(isbn=isbn, title=book.title, year=book.year, publisher=book.publisher) else: From 29913099b83a03b85a05aafa4d2d010c0a85041c Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 02:08:25 -0400 Subject: [PATCH 14/32] Magic! Shit works. Books can be added. --- ceo/urwid/library.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 4f777ea..3848ba8 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -135,12 +135,11 @@ class BookAddPage(WizardPanel): lib.Book(isbn=isbn, title=book.title, year=book.year, publisher=book.publisher) else: - sys.stderr.write("Fuck you.\n") set_status("Book already exists, fucker.") except PyMazonError, e: - sys.stderr.write("Book not added: " + e.message + "\n") set_status("Amazon thinks this is not a book. Take it up with them.") + return False class BookSearchPage(WizardPanel): From d230578ff9a93e836fba3389beac1d9f9c13f7de Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 02:10:29 -0400 Subject: [PATCH 15/32] Updating changelog. --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0c60d95..a4eec96 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ceo (0.4.21) stable testing; urgency=low + + * CEO Library can now add boox. + + -- Michael Gregson Wed, 11 Mar 2009 02:09:01 -0500 + ceo (0.4.20) stable testing; urgency=low * Update kadmin headers From 370b446414459c4753185471f37dbdaf0fdb2ed9 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 02:24:57 -0400 Subject: [PATCH 16/32] Window now goes away, hopefully. --- ceo/urwid/library.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index 3848ba8..b68c562 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -134,9 +134,9 @@ class BookAddPage(WizardPanel): if currents.count() == 0: lib.Book(isbn=isbn, title=book.title, year=book.year, publisher=book.publisher) + pop_window() else: set_status("Book already exists, fucker.") - except PyMazonError, e: set_status("Amazon thinks this is not a book. Take it up with them.") return False From 9da9dbc920bd2dd5ad24c061e7ee9d4e353729a8 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 02:26:05 -0400 Subject: [PATCH 17/32] Ooops --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index a4eec96..011e25f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ceo (0.4.22) stable testing; urgency=low + + * CEO now closes window when it should. (Sorry) + + -- Michael Gregson Wed, 11 Mar 2009 02:25:01 -0500 + ceo (0.4.21) stable testing; urgency=low * CEO Library can now add boox. From 1f9607b3a07498ce3f88ecfda3d06fc1022e0d03 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 03:15:48 -0400 Subject: [PATCH 18/32] Fixing library search shit. --- ceo/urwid/library.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index b68c562..ce7016c 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -275,10 +275,14 @@ class SearchPage(urwid.WidgetWrap): books = lib.Book.select(LIKE(lib.Book.q.title, "%" + title + "%")) elif not isbn is None and not isbn=="": books = lib.Book.select(lib.Book.q.isbn==isbn) - elif not user is None and not user=="": + elif (not (user is None)) and (not (user=="")): st = lib.Signout.select(AND(lib.Signout.q.username==user, lib.Signout.q.indate==None)) for s in st: books.append(s.book) + else: + st = lib.Signout.select(lib.Signout.q.indate==None) + for s in st: + books.append(s.book) for b in books: widgets.append(urwid.AttrWrap(ButtonText(self.select, b, str(b)), From 8805756a5e602940ba67d05cb49368bb863ca584 Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 11 Mar 2009 03:20:12 -0400 Subject: [PATCH 19/32] Fixing overdue check. --- ceo/urwid/library.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ceo/urwid/library.py b/ceo/urwid/library.py index ce7016c..4d6118f 100644 --- a/ceo/urwid/library.py +++ b/ceo/urwid/library.py @@ -60,7 +60,7 @@ def overdue_books(data): Display a list of all books that are overdue. """ oldest = datetime.today() - timedelta(weeks=2) - overdue = lib.Signout.select(lib.Signout.q.outdate Date: Wed, 11 Mar 2009 03:30:34 -0400 Subject: [PATCH 20/32] Wee! New version of CEO --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 011e25f..32101cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ceo (0.4.23) stable testing; urgency=low + + * CEO library now only finds books that are signed out as being overdue. + + -- Michael Gregson Wed, 11 Mar 2009 03:30:01 -0500 + ceo (0.4.22) stable testing; urgency=low * CEO now closes window when it should. (Sorry) From 1394f9a1c8f59ea82660bc77cd930308bb1b6613 Mon Sep 17 00:00:00 2001 From: David Bartley Date: Fri, 12 Jun 2009 18:49:52 -0400 Subject: [PATCH 21/32] A bit better error handling --- src/zfsaddhomedir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/zfsaddhomedir.c b/src/zfsaddhomedir.c index 67de691..6b219e4 100644 --- a/src/zfsaddhomedir.c +++ b/src/zfsaddhomedir.c @@ -43,10 +43,11 @@ int main(int argc, char *argv[]) { if (chown(homedir, uid, gid)) { errorpe("failed to chown %s", homedir); - return -1; + return 1; } if(seteuid(uid) != 0 || setegid(gid) != 0) + errorpe("failed to seteuid(%d) or setegid(%d)", uid, gid); return 1; if(spawnv(rsync_bin, rsync_argv)) return 1; From 4e1bc7fc4159f3faf3bf75dc01563c003c137a6d Mon Sep 17 00:00:00 2001 From: David Bartley Date: Fri, 12 Jun 2009 19:16:37 -0400 Subject: [PATCH 22/32] Get rid of compile warning --- src/zfsaddhomedir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zfsaddhomedir.c b/src/zfsaddhomedir.c index 6b219e4..5f65c07 100644 --- a/src/zfsaddhomedir.c +++ b/src/zfsaddhomedir.c @@ -47,7 +47,7 @@ int main(int argc, char *argv[]) { } if(seteuid(uid) != 0 || setegid(gid) != 0) - errorpe("failed to seteuid(%d) or setegid(%d)", uid, gid); + errorpe("failed to seteuid(%d) or setegid(%d)", (int)uid, (int)gid); return 1; if(spawnv(rsync_bin, rsync_argv)) return 1; From 4720fcd2521750f2112f1c65fb42e45eb54e029d Mon Sep 17 00:00:00 2001 From: Michael Gregson Date: Wed, 17 Jun 2009 20:33:42 -0600 Subject: [PATCH 23/32] Added comments containing code to add new members to a mailing list using listadmin. Left to do: - create mailing list - create and publish listadmin config file - update code to use listadmin config file - uncomment code - ponder implications of listadmin config file (security) --- ceo/members.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ceo/members.py b/ceo/members.py index d78f04d..87494c1 100644 --- a/ceo/members.py +++ b/ceo/members.py @@ -152,6 +152,12 @@ def create_member(username, password, name, program): addmember = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = addmember.communicate(password) status = addmember.wait() + + # # If the user was created, consider adding them to the mailing list + # if not status: + # listadmin_cfg_file = "/path/to/the/listadmin/config/file" + # mail = subprocess.Popen(["/usr/bin/listadmin", "-f", listadmin_cfg_file, "--add-member", username + "@csclub.uwaterloo.ca"]) + # status2 = mail.wait() # Fuck if I care about errors! except OSError, e: raise MemberException(e) From 70ee21540b94bec28e893b06e2472f9b869f5520 Mon Sep 17 00:00:00 2001 From: "Anthony \"Hat Guy\" Brennan" Date: Thu, 25 Jun 2009 20:36:41 -0400 Subject: [PATCH 24/32] Updated the dependencies list to include all necessary python packages. --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 3f0452a..51b6625 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,8 @@ Standards-Version: 3.8.0 Package: ceo Architecture: any -Depends: python-ldap, python-urwid, ${python:Depends}, ${shlibs:Depends} +Depends: python-sqlobject python-psycopg python-ldap, +python-urwid, ${python:Depends}, ${shlibs:Depends} Description: Computer Science Club Administrative Utilities This package contains the CSC Electronic Office and other Computer Science Club administrative From 7766bddccb852e42897bb6b467583fb06b84caed Mon Sep 17 00:00:00 2001 From: David Bartley Date: Fri, 26 Jun 2009 00:49:50 -0400 Subject: [PATCH 25/32] Fix typo in debian/control --- debian/control | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 51b6625..5be34d8 100644 --- a/debian/control +++ b/debian/control @@ -7,8 +7,7 @@ Standards-Version: 3.8.0 Package: ceo Architecture: any -Depends: python-sqlobject python-psycopg python-ldap, -python-urwid, ${python:Depends}, ${shlibs:Depends} +Depends: python-sqlobject python-psycopg python-ldap, python-urwid, ${python:Depends}, ${shlibs:Depends} Description: Computer Science Club Administrative Utilities This package contains the CSC Electronic Office and other Computer Science Club administrative From 6977d1efd259e5b7afac1bc4c146d8a4ba951f8e Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Mon, 20 Jul 2009 00:12:59 -0400 Subject: [PATCH 26/32] Revert "Use rsync in zfsaddhomedir" This reverts commit 88952ae56a2572559a073667d9ef704087a7c479. --- src/zfsaddhomedir.c | 97 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 89 insertions(+), 8 deletions(-) diff --git a/src/zfsaddhomedir.c b/src/zfsaddhomedir.c index 5f65c07..e3c3271 100644 --- a/src/zfsaddhomedir.c +++ b/src/zfsaddhomedir.c @@ -10,6 +10,7 @@ int main(int argc, char *argv[]) { return 1; } + // TODO: check return of spawnv { char *homedir = argv[1]; char *skeldir = argv[3]; @@ -19,13 +20,13 @@ int main(int argc, char *argv[]) { uid_t uid, gid; char *zfs_bin = "/usr/sbin/zfs"; char *chmod_bin = "/usr/bin/chmod"; - char *rsync_bin = "/usr/bin/rsync"; char *dataset = homedir + 1; char *create_argv[] = { "zfs", "create", dataset, NULL }; char *quota_argv[] = { "zfs", "set", refquota, dataset, NULL }; char *mode_argv[] = { "chmod", mode, homedir, NULL }; char *acl_argv[] = { "chmod", acl, homedir, NULL }; - char *rsync_argv[] = { "rsync", "-avH", skeldir, homedir, NULL }; + DIR *skel; + struct dirent *skelent; assert(homedir[0]); uid = atol(argv[4]); @@ -41,16 +42,96 @@ int main(int argc, char *argv[]) { if(acl && spawnv(chmod_bin, acl_argv)) return 1; + skel = opendir(skeldir); + if (!skel) { + errorpe("failed to open %s", skeldir); + return -1; + } + + while ((skelent = readdir(skel))) { + struct stat sb; + char src[PATH_MAX], dest[PATH_MAX]; + + if (!strcmp(skelent->d_name, ".") || !strcmp(skelent->d_name, "..")) + continue; + + snprintf(src, sizeof(src), "%s/%s", skeldir, skelent->d_name); + snprintf(dest, sizeof(dest), "/%s/%s", homedir, skelent->d_name); + lstat(src, &sb); + + if (sb.st_uid || sb.st_gid) { + warn("not creating %s due to ownership", dest); + continue; + } + + if (S_ISREG(sb.st_mode)) { + int bytes; + char buf[4096]; + + int srcfd = open(src, O_RDONLY); + if (srcfd == -1) { + warnpe("open: %s", src); + continue; + } + + int destfd = open(dest, O_WRONLY|O_CREAT|O_EXCL, sb.st_mode & 0777); + if (destfd == -1) { + warnpe("open: %s", dest); + close(srcfd); + continue; + } + + for (;;) { + bytes = read(srcfd, buf, sizeof(buf)); + if (!bytes) + break; + if (bytes < 0) { + warnpe("read"); + break; + } + if (write(destfd, buf, bytes) < 0) { + warnpe("write"); + break; + } + } + if (fchown(destfd, uid, gid)) + errorpe("chown: %s", dest); + + close(srcfd); + close(destfd); + } else if (S_ISDIR(sb.st_mode)) { + if (mkdir(dest, sb.st_mode & 0777)) { + warnpe("mkdir: %s", dest); + continue; + } + if (chown(dest, uid, gid)) + errorpe("chown: %s", dest); + } else if (S_ISLNK(sb.st_mode)) { + char lnkdest[PATH_MAX]; + int bytes; + bytes = readlink(src, lnkdest, sizeof(lnkdest)); + lnkdest[bytes] = '\0'; + if (bytes == -1) { + warnpe("readlink: %s", src); + continue; + } + if (symlink(lnkdest, dest)) { + warnpe("symlink: %s", dest); + continue; + } + if (lchown(dest, uid, gid)) + errorpe("lchown: %s", dest); + } else { + warn("not creating %s", dest); + } + } + + closedir(skel); + if (chown(homedir, uid, gid)) { errorpe("failed to chown %s", homedir); return 1; } - - if(seteuid(uid) != 0 || setegid(gid) != 0) - errorpe("failed to seteuid(%d) or setegid(%d)", (int)uid, (int)gid); - return 1; - if(spawnv(rsync_bin, rsync_argv)) - return 1; } return 0; From 4ebea28c59df3b024d26d5ac8b7a4193b5c5b3dd Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Sat, 31 Jan 2009 18:43:19 -0500 Subject: [PATCH 27/32] Revert "I bet this speeds up the compilation" This reverts commit 6055aecb27e433b0de738f870085a9bf11323ab9. --- src/zfsaddhomedir.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/zfsaddhomedir.c b/src/zfsaddhomedir.c index e3c3271..fda4339 100644 --- a/src/zfsaddhomedir.c +++ b/src/zfsaddhomedir.c @@ -1,6 +1,10 @@ #include -#include #include +#include +#include +#include +#include +#include #include #include "util.h" From 5f99987916c7848972f3c18e0cee996bfa67a638 Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Mon, 20 Jul 2009 00:13:37 -0400 Subject: [PATCH 28/32] Remove pointless indentation --- src/zfsaddhomedir.c | 213 ++++++++++++++++++++++---------------------- 1 file changed, 105 insertions(+), 108 deletions(-) diff --git a/src/zfsaddhomedir.c b/src/zfsaddhomedir.c index fda4339..ae556f6 100644 --- a/src/zfsaddhomedir.c +++ b/src/zfsaddhomedir.c @@ -14,129 +14,126 @@ int main(int argc, char *argv[]) { return 1; } - // TODO: check return of spawnv - { - char *homedir = argv[1]; - char *skeldir = argv[3]; - char refquota[32]; - char *mode = argv[6]; - char *acl = (argc >= 8) ? argv[7] : NULL; - uid_t uid, gid; - char *zfs_bin = "/usr/sbin/zfs"; - char *chmod_bin = "/usr/bin/chmod"; - char *dataset = homedir + 1; - char *create_argv[] = { "zfs", "create", dataset, NULL }; - char *quota_argv[] = { "zfs", "set", refquota, dataset, NULL }; - char *mode_argv[] = { "chmod", mode, homedir, NULL }; - char *acl_argv[] = { "chmod", acl, homedir, NULL }; - DIR *skel; - struct dirent *skelent; + char *homedir = argv[1]; + char *skeldir = argv[3]; + char refquota[32]; + char *mode = argv[6]; + char *acl = (argc >= 8) ? argv[7] : NULL; + uid_t uid, gid; + char *zfs_bin = "/usr/sbin/zfs"; + char *chmod_bin = "/usr/bin/chmod"; + char *dataset = homedir + 1; + char *create_argv[] = { "zfs", "create", dataset, NULL }; + char *quota_argv[] = { "zfs", "set", refquota, dataset, NULL }; + char *mode_argv[] = { "chmod", mode, homedir, NULL }; + char *acl_argv[] = { "chmod", acl, homedir, NULL }; + DIR *skel; + struct dirent *skelent; - assert(homedir[0]); - uid = atol(argv[4]); - gid = atol(argv[5]); - snprintf(refquota, sizeof(refquota), "refquota=%s", argv[2]); + assert(homedir[0]); + uid = atol(argv[4]); + gid = atol(argv[5]); + snprintf(refquota, sizeof(refquota), "refquota=%s", argv[2]); - if(spawnv(zfs_bin, create_argv)) - return 1; - if(spawnv(zfs_bin, quota_argv)) - return 1; - if(spawnv(chmod_bin, mode_argv)) - return 1; - if(acl && spawnv(chmod_bin, acl_argv)) - return 1; + if(spawnv(zfs_bin, create_argv)) + return 1; + if(spawnv(zfs_bin, quota_argv)) + return 1; + if(spawnv(chmod_bin, mode_argv)) + return 1; + if(acl && spawnv(chmod_bin, acl_argv)) + return 1; - skel = opendir(skeldir); - if (!skel) { - errorpe("failed to open %s", skeldir); - return -1; + skel = opendir(skeldir); + if (!skel) { + errorpe("failed to open %s", skeldir); + return -1; + } + + while ((skelent = readdir(skel))) { + struct stat sb; + char src[PATH_MAX], dest[PATH_MAX]; + + if (!strcmp(skelent->d_name, ".") || !strcmp(skelent->d_name, "..")) + continue; + + snprintf(src, sizeof(src), "%s/%s", skeldir, skelent->d_name); + snprintf(dest, sizeof(dest), "/%s/%s", homedir, skelent->d_name); + lstat(src, &sb); + + if (sb.st_uid || sb.st_gid) { + warn("not creating %s due to ownership", dest); + continue; } - while ((skelent = readdir(skel))) { - struct stat sb; - char src[PATH_MAX], dest[PATH_MAX]; + if (S_ISREG(sb.st_mode)) { + int bytes; + char buf[4096]; - if (!strcmp(skelent->d_name, ".") || !strcmp(skelent->d_name, "..")) - continue; - - snprintf(src, sizeof(src), "%s/%s", skeldir, skelent->d_name); - snprintf(dest, sizeof(dest), "/%s/%s", homedir, skelent->d_name); - lstat(src, &sb); - - if (sb.st_uid || sb.st_gid) { - warn("not creating %s due to ownership", dest); + int srcfd = open(src, O_RDONLY); + if (srcfd == -1) { + warnpe("open: %s", src); continue; } - if (S_ISREG(sb.st_mode)) { - int bytes; - char buf[4096]; - - int srcfd = open(src, O_RDONLY); - if (srcfd == -1) { - warnpe("open: %s", src); - continue; - } - - int destfd = open(dest, O_WRONLY|O_CREAT|O_EXCL, sb.st_mode & 0777); - if (destfd == -1) { - warnpe("open: %s", dest); - close(srcfd); - continue; - } - - for (;;) { - bytes = read(srcfd, buf, sizeof(buf)); - if (!bytes) - break; - if (bytes < 0) { - warnpe("read"); - break; - } - if (write(destfd, buf, bytes) < 0) { - warnpe("write"); - break; - } - } - if (fchown(destfd, uid, gid)) - errorpe("chown: %s", dest); - + int destfd = open(dest, O_WRONLY|O_CREAT|O_EXCL, sb.st_mode & 0777); + if (destfd == -1) { + warnpe("open: %s", dest); close(srcfd); - close(destfd); - } else if (S_ISDIR(sb.st_mode)) { - if (mkdir(dest, sb.st_mode & 0777)) { - warnpe("mkdir: %s", dest); - continue; - } - if (chown(dest, uid, gid)) - errorpe("chown: %s", dest); - } else if (S_ISLNK(sb.st_mode)) { - char lnkdest[PATH_MAX]; - int bytes; - bytes = readlink(src, lnkdest, sizeof(lnkdest)); - lnkdest[bytes] = '\0'; - if (bytes == -1) { - warnpe("readlink: %s", src); - continue; - } - if (symlink(lnkdest, dest)) { - warnpe("symlink: %s", dest); - continue; - } - if (lchown(dest, uid, gid)) - errorpe("lchown: %s", dest); - } else { - warn("not creating %s", dest); + continue; } - } - closedir(skel); + for (;;) { + bytes = read(srcfd, buf, sizeof(buf)); + if (!bytes) + break; + if (bytes < 0) { + warnpe("read"); + break; + } + if (write(destfd, buf, bytes) < 0) { + warnpe("write"); + break; + } + } + if (fchown(destfd, uid, gid)) + errorpe("chown: %s", dest); - if (chown(homedir, uid, gid)) { - errorpe("failed to chown %s", homedir); - return 1; + close(srcfd); + close(destfd); + } else if (S_ISDIR(sb.st_mode)) { + if (mkdir(dest, sb.st_mode & 0777)) { + warnpe("mkdir: %s", dest); + continue; + } + if (chown(dest, uid, gid)) + errorpe("chown: %s", dest); + } else if (S_ISLNK(sb.st_mode)) { + char lnkdest[PATH_MAX]; + int bytes; + bytes = readlink(src, lnkdest, sizeof(lnkdest)); + lnkdest[bytes] = '\0'; + if (bytes == -1) { + warnpe("readlink: %s", src); + continue; + } + if (symlink(lnkdest, dest)) { + warnpe("symlink: %s", dest); + continue; + } + if (lchown(dest, uid, gid)) + errorpe("lchown: %s", dest); + } else { + warn("not creating %s", dest); } } + closedir(skel); + + if (chown(homedir, uid, gid)) { + errorpe("failed to chown %s", homedir); + return -1; + } + return 0; } From c57902dfd064da6f1c7265bbf9fb186fba28eaf3 Mon Sep 17 00:00:00 2001 From: mgregson Date: Tue, 28 Jul 2009 15:38:19 -0600 Subject: [PATCH 29/32] Modifying zfsaddhomedir to operate on not-zfs stuff. Ignores quotas and ACLs. --- src/simpleaddhomedir.c | 137 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 src/simpleaddhomedir.c diff --git a/src/simpleaddhomedir.c b/src/simpleaddhomedir.c new file mode 100644 index 0000000..5671454 --- /dev/null +++ b/src/simpleaddhomedir.c @@ -0,0 +1,137 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include "util.h" + +int main(int argc, char *argv[]) { + if(argc < 7) { + fprintf(stderr, "Usage: simpleaddhomedir homedir skeldir uid gid mode\n"); + return 1; + } + + char *homedir = argv[1]; + char *skeldir = argv[2]; + char *mode = argv[5]; + uid_t uid, gid; + char *zfs_bin = "/usr/sbin/zfs"; + char *mkdir_bin = "/bin/mkdir"; + char *chmod_bin = "/bin/chmod"; + char *dataset = homedir + 1; + char *create_argv[] = { "mkdir", dataset, NULL }; + char *mode_argv[] = { "chmod", mode, homedir, NULL }; + DIR *skel; + struct dirent *skelent; + + assert(homedir[0]); + uid = atol(argv[3]); + gid = atol(argv[4]); + + if(spawnv(mkdir_bin, create_argv)) + return 1; + //Quotas are ignored now, or so I'm told. + /* if(spawnv(zfs_bin, quota_argv)) */ + /* return 1; */ + if(spawnv(chmod_bin, mode_argv)) + return 1; + //Fuck ACLs. The instructions I got didn't include them. + /* if(acl && spawnv(chmod_bin, acl_argv)) */ + /* return 1; */ + + skel = opendir(skeldir); + if (!skel) { + errorpe("failed to open %s", skeldir); + return -1; + } + + while ((skelent = readdir(skel))) { + struct stat sb; + char src[PATH_MAX], dest[PATH_MAX]; + + if (!strcmp(skelent->d_name, ".") || !strcmp(skelent->d_name, "..")) + continue; + + snprintf(src, sizeof(src), "%s/%s", skeldir, skelent->d_name); + snprintf(dest, sizeof(dest), "/%s/%s", homedir, skelent->d_name); + lstat(src, &sb); + + if (sb.st_uid || sb.st_gid) { + warn("not creating %s due to ownership", dest); + continue; + } + + if (S_ISREG(sb.st_mode)) { + int bytes; + char buf[4096]; + + int srcfd = open(src, O_RDONLY); + if (srcfd == -1) { + warnpe("open: %s", src); + continue; + } + + int destfd = open(dest, O_WRONLY|O_CREAT|O_EXCL, sb.st_mode & 0777); + if (destfd == -1) { + warnpe("open: %s", dest); + close(srcfd); + continue; + } + + for (;;) { + bytes = read(srcfd, buf, sizeof(buf)); + if (!bytes) + break; + if (bytes < 0) { + warnpe("read"); + break; + } + if (write(destfd, buf, bytes) < 0) { + warnpe("write"); + break; + } + } + if (fchown(destfd, uid, gid)) + errorpe("chown: %s", dest); + + close(srcfd); + close(destfd); + } else if (S_ISDIR(sb.st_mode)) { + if (mkdir(dest, sb.st_mode & 0777)) { + warnpe("mkdir: %s", dest); + continue; + } + if (chown(dest, uid, gid)) + errorpe("chown: %s", dest); + } else if (S_ISLNK(sb.st_mode)) { + char lnkdest[PATH_MAX]; + int bytes; + bytes = readlink(src, lnkdest, sizeof(lnkdest)); + lnkdest[bytes] = '\0'; + if (bytes == -1) { + warnpe("readlink: %s", src); + continue; + } + if (symlink(lnkdest, dest)) { + warnpe("symlink: %s", dest); + continue; + } + if (lchown(dest, uid, gid)) + errorpe("lchown: %s", dest); + } else { + warn("not creating %s", dest); + } + } + + closedir(skel); + + if (chown(homedir, uid, gid)) { + errorpe("failed to chown %s", homedir); + return -1; + } + + return 0; +} From 283cfd1f4981672ce15eaeba46d1965ed54b4f92 Mon Sep 17 00:00:00 2001 From: mgregson Date: Tue, 28 Jul 2009 16:02:28 -0600 Subject: [PATCH 30/32] Fixed stupid shit with incorrect arg counting. --- src/simpleaddhomedir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/simpleaddhomedir.c b/src/simpleaddhomedir.c index 5671454..a1f4617 100644 --- a/src/simpleaddhomedir.c +++ b/src/simpleaddhomedir.c @@ -9,7 +9,7 @@ #include "util.h" int main(int argc, char *argv[]) { - if(argc < 7) { + if(argc < 6) { fprintf(stderr, "Usage: simpleaddhomedir homedir skeldir uid gid mode\n"); return 1; } @@ -21,7 +21,7 @@ int main(int argc, char *argv[]) { char *zfs_bin = "/usr/sbin/zfs"; char *mkdir_bin = "/bin/mkdir"; char *chmod_bin = "/bin/chmod"; - char *dataset = homedir + 1; + char *dataset = homedir; char *create_argv[] = { "mkdir", dataset, NULL }; char *mode_argv[] = { "chmod", mode, homedir, NULL }; DIR *skel; From 597c2180b959491aa7d2d3c6d70f35af7b769d0f Mon Sep 17 00:00:00 2001 From: mgregson Date: Tue, 28 Jul 2009 16:02:59 -0600 Subject: [PATCH 31/32] Added simpleaddhomedir to makefile. --- src/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Makefile b/src/Makefile index f22a01f..02c0c81 100644 --- a/src/Makefile +++ b/src/Makefile @@ -7,7 +7,7 @@ override CFLAGS += -std=gnu99 $(INCLUDES) DESTDIR := PREFIX := /usr/local -BIN_PROGS := addmember addclub zfsaddhomedir +BIN_PROGS := addmember addclub zfsaddhomedir simpleaddhomedir EXT_PROGS := config-test LIBCEO_OBJECTS := common.o addhomedir.o @@ -23,7 +23,7 @@ CONFIG_OBJECTS := config.o parser.o CONFIG_LDFLAGS := CONFIG_PROGS := $(OLDCEO_PROGS) $(LDAP_PROGS) $(KRB5_PROGS) $(NET_PROGS) UTIL_OBJECTS := util.o strbuf.o -UTIL_PROGS := config-test zfsaddhomedir $(CONFIG_PROGS) +UTIL_PROGS := config-test zfsaddhomedir simpleaddhomedir $(CONFIG_PROGS) all: $(BIN_PROGS) $(LIB_PROGS) $(EXT_PROGS) @@ -50,4 +50,4 @@ $(UTIL_PROGS): LDFLAGS += $(UTIL_LDFLAGS) $(UTIL_PROGS): $(UTIL_OBJECTS) .PHONY: clean all -.SECONDARY: zfsaddhomedir.o addmember.o addclub.o +.SECONDARY: zfsaddhomedir.o addmember.o addclub.o simpleaddhomedir.o From d818a687fce7bceb78861b1722efd6a449da25a6 Mon Sep 17 00:00:00 2001 From: mgregson Date: Tue, 28 Jul 2009 16:03:36 -0600 Subject: [PATCH 32/32] Moving from zfsaddhomedir to simpleaddhomedir. --- src/addhomedir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/addhomedir.c b/src/addhomedir.c index c342ffe..a5cd273 100644 --- a/src/addhomedir.c +++ b/src/addhomedir.c @@ -15,7 +15,7 @@ int ceo_create_home(char *homedir, char *refquota, uid_t uid, gid_t gid, char *mode, char *acl) { char uid_str[16], gid_str[16]; - char *zfs_argv[] = { "ssh", "ceo@ginseng", "/usr/sbin/zfsaddhomedir", \ + char *zfs_argv[] = { "ssh", "ceo@ginseng", "/usr/sbin/simpleaddhomedir", \ homedir, refquota, skeleton_dir, uid_str, gid_str, mode, acl, NULL }; int ret = 0; @@ -26,7 +26,7 @@ int ceo_create_home(char *homedir, char *refquota, uid_t uid, gid_t gid, char *m ceo_krb5_auth(admin_bind_userid, admin_bind_keytab); if(spawnv("/usr/bin/ssh", zfs_argv)) { - errorpe("failed calling zfsaddhomedir for %s", homedir); + errorpe("failed calling simpleaddhomedir for %s", homedir); ret = -1; } ceo_krb5_deauth();