10Sstevel@tonic-gate /*
2*7934SMark.Phalan@Sun.COM * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
30Sstevel@tonic-gate * Use is subject to license terms.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate
60Sstevel@tonic-gate
70Sstevel@tonic-gate /*
80Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
90Sstevel@tonic-gate *
100Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
110Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
120Sstevel@tonic-gate * source code before consulting with your legal department.
130Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
140Sstevel@tonic-gate * product before consulting with your legal department.
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * For further information, read the top-level Openvision
170Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
180Sstevel@tonic-gate * copyright.
190Sstevel@tonic-gate *
200Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
210Sstevel@tonic-gate *
220Sstevel@tonic-gate */
230Sstevel@tonic-gate
240Sstevel@tonic-gate
250Sstevel@tonic-gate /*
260Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
270Sstevel@tonic-gate *
280Sstevel@tonic-gate */
290Sstevel@tonic-gate
30*7934SMark.Phalan@Sun.COM #include <kadm5/admin.h>
310Sstevel@tonic-gate #include <stdio.h>
320Sstevel@tonic-gate #include <rpc/rpc.h> /* SUNWresync 121 XXX */
332881Smp153739 #include <gssapi_krb5.h> /* for gss_nt_krb5_name */
340Sstevel@tonic-gate #include <syslog.h>
352881Smp153739 #ifdef HAVE_MEMORY_H
360Sstevel@tonic-gate #include <memory.h>
372881Smp153739 #endif
380Sstevel@tonic-gate #include <rpc/rpcsec_gss.h>
390Sstevel@tonic-gate #include <kadm5/kadm_rpc.h>
400Sstevel@tonic-gate #include <krb5.h>
410Sstevel@tonic-gate #include <libintl.h>
422881Smp153739 #include <krb5/adm_proto.h>
432881Smp153739 #ifdef HAVE_ARPA_INET_H
442881Smp153739 #include <arpa/inet.h>
452881Smp153739 #endif
462881Smp153739 #include "misc.h"
472881Smp153739 #include "kadm5/server_internal.h"
480Sstevel@tonic-gate
492881Smp153739 extern void *global_server_handle;
502881Smp153739
512881Smp153739 void log_badauth(OM_uint32 major, OM_uint32 minor,
522881Smp153739 struct sockaddr_in *addr, char *data);
530Sstevel@tonic-gate /*
540Sstevel@tonic-gate * Function: kadm_1
550Sstevel@tonic-gate *
560Sstevel@tonic-gate * Purpose: RPC proccessing procedure.
570Sstevel@tonic-gate * originally generated from rpcgen
580Sstevel@tonic-gate *
590Sstevel@tonic-gate * Arguments:
600Sstevel@tonic-gate * rqstp (input) rpc request structure
610Sstevel@tonic-gate * transp (input) rpc transport structure
620Sstevel@tonic-gate * (input/output)
630Sstevel@tonic-gate * <return value>
640Sstevel@tonic-gate *
650Sstevel@tonic-gate * Requires:
660Sstevel@tonic-gate * Effects:
670Sstevel@tonic-gate * Modifies:
680Sstevel@tonic-gate */
690Sstevel@tonic-gate
kadm_1(rqstp,transp)702881Smp153739 void kadm_1(rqstp, transp)
710Sstevel@tonic-gate struct svc_req *rqstp;
720Sstevel@tonic-gate register SVCXPRT *transp;
730Sstevel@tonic-gate {
740Sstevel@tonic-gate union {
75*7934SMark.Phalan@Sun.COM cprinc_arg create_principal_2_arg;
76*7934SMark.Phalan@Sun.COM dprinc_arg delete_principal_2_arg;
77*7934SMark.Phalan@Sun.COM mprinc_arg modify_principal_2_arg;
78*7934SMark.Phalan@Sun.COM rprinc_arg rename_principal_2_arg;
79*7934SMark.Phalan@Sun.COM gprinc_arg get_principal_2_arg;
80*7934SMark.Phalan@Sun.COM chpass_arg chpass_principal_2_arg;
81*7934SMark.Phalan@Sun.COM chrand_arg chrand_principal_2_arg;
82*7934SMark.Phalan@Sun.COM cpol_arg create_policy_2_arg;
83*7934SMark.Phalan@Sun.COM dpol_arg delete_policy_2_arg;
84*7934SMark.Phalan@Sun.COM mpol_arg modify_policy_2_arg;
85*7934SMark.Phalan@Sun.COM gpol_arg get_policy_2_arg;
86*7934SMark.Phalan@Sun.COM setkey_arg setkey_principal_2_arg;
87*7934SMark.Phalan@Sun.COM setv4key_arg setv4key_principal_2_arg;
88*7934SMark.Phalan@Sun.COM cprinc3_arg create_principal3_2_arg;
89*7934SMark.Phalan@Sun.COM chpass3_arg chpass_principal3_2_arg;
90*7934SMark.Phalan@Sun.COM chrand3_arg chrand_principal3_2_arg;
91*7934SMark.Phalan@Sun.COM setkey3_arg setkey_principal3_2_arg;
920Sstevel@tonic-gate } argument;
930Sstevel@tonic-gate char *result;
940Sstevel@tonic-gate bool_t (*xdr_argument)(), (*xdr_result)();
950Sstevel@tonic-gate char *(*local)();
960Sstevel@tonic-gate
972881Smp153739 if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) {
980Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
990Sstevel@tonic-gate gettext("Authentication attempt failed: invalid "
1000Sstevel@tonic-gate "RPC authentication flavor %d"),
1010Sstevel@tonic-gate rqstp->rq_cred.oa_flavor);
1020Sstevel@tonic-gate svcerr_weakauth(transp);
1030Sstevel@tonic-gate return;
1040Sstevel@tonic-gate }
1050Sstevel@tonic-gate
1060Sstevel@tonic-gate switch (rqstp->rq_proc) {
1070Sstevel@tonic-gate case NULLPROC:
1080Sstevel@tonic-gate (void) svc_sendreply(transp, xdr_void, (char *)NULL);
1090Sstevel@tonic-gate return;
1100Sstevel@tonic-gate
1110Sstevel@tonic-gate case CREATE_PRINCIPAL:
1120Sstevel@tonic-gate xdr_argument = xdr_cprinc_arg;
1130Sstevel@tonic-gate xdr_result = xdr_generic_ret;
114*7934SMark.Phalan@Sun.COM local = (char *(*)()) create_principal_2_svc;
1150Sstevel@tonic-gate break;
1160Sstevel@tonic-gate
1170Sstevel@tonic-gate case DELETE_PRINCIPAL:
1180Sstevel@tonic-gate xdr_argument = xdr_dprinc_arg;
1190Sstevel@tonic-gate xdr_result = xdr_generic_ret;
120*7934SMark.Phalan@Sun.COM local = (char *(*)()) delete_principal_2_svc;
1210Sstevel@tonic-gate break;
1220Sstevel@tonic-gate
1230Sstevel@tonic-gate case MODIFY_PRINCIPAL:
1240Sstevel@tonic-gate xdr_argument = xdr_mprinc_arg;
1250Sstevel@tonic-gate xdr_result = xdr_generic_ret;
126*7934SMark.Phalan@Sun.COM local = (char *(*)()) modify_principal_2_svc;
1270Sstevel@tonic-gate break;
1280Sstevel@tonic-gate
1290Sstevel@tonic-gate case RENAME_PRINCIPAL:
1300Sstevel@tonic-gate xdr_argument = xdr_rprinc_arg;
1310Sstevel@tonic-gate xdr_result = xdr_generic_ret;
132*7934SMark.Phalan@Sun.COM local = (char *(*)()) rename_principal_2_svc;
1330Sstevel@tonic-gate break;
1340Sstevel@tonic-gate
1350Sstevel@tonic-gate case GET_PRINCIPAL:
1360Sstevel@tonic-gate xdr_argument = xdr_gprinc_arg;
1370Sstevel@tonic-gate xdr_result = xdr_gprinc_ret;
138*7934SMark.Phalan@Sun.COM local = (char *(*)()) get_principal_2_svc;
1390Sstevel@tonic-gate break;
1400Sstevel@tonic-gate
1410Sstevel@tonic-gate case GET_PRINCS:
1420Sstevel@tonic-gate xdr_argument = xdr_gprincs_arg;
1430Sstevel@tonic-gate xdr_result = xdr_gprincs_ret;
144*7934SMark.Phalan@Sun.COM local = (char *(*)()) get_princs_2_svc;
1450Sstevel@tonic-gate break;
1460Sstevel@tonic-gate
1470Sstevel@tonic-gate case CHPASS_PRINCIPAL:
1480Sstevel@tonic-gate xdr_argument = xdr_chpass_arg;
1490Sstevel@tonic-gate xdr_result = xdr_generic_ret;
150*7934SMark.Phalan@Sun.COM local = (char *(*)()) chpass_principal_2_svc;
1510Sstevel@tonic-gate break;
1520Sstevel@tonic-gate
1530Sstevel@tonic-gate #ifdef SUNWOFF
1540Sstevel@tonic-gate case SETV4KEY_PRINCIPAL:
1550Sstevel@tonic-gate xdr_argument = xdr_setv4key_arg;
1560Sstevel@tonic-gate xdr_result = xdr_generic_ret;
157*7934SMark.Phalan@Sun.COM local = (char *(*)()) setv4key_principal_2_svc;
1580Sstevel@tonic-gate break;
1590Sstevel@tonic-gate #endif
1600Sstevel@tonic-gate
1610Sstevel@tonic-gate case SETKEY_PRINCIPAL:
1620Sstevel@tonic-gate xdr_argument = xdr_setkey_arg;
1630Sstevel@tonic-gate xdr_result = xdr_generic_ret;
164*7934SMark.Phalan@Sun.COM local = (char *(*)()) setkey_principal_2_svc;
1650Sstevel@tonic-gate break;
1660Sstevel@tonic-gate
1670Sstevel@tonic-gate case CHRAND_PRINCIPAL:
1680Sstevel@tonic-gate xdr_argument = xdr_chrand_arg;
1690Sstevel@tonic-gate xdr_result = xdr_chrand_ret;
170*7934SMark.Phalan@Sun.COM local = (char *(*)()) chrand_principal_2_svc;
1710Sstevel@tonic-gate break;
1720Sstevel@tonic-gate
1730Sstevel@tonic-gate case CREATE_POLICY:
1740Sstevel@tonic-gate xdr_argument = xdr_cpol_arg;
1750Sstevel@tonic-gate xdr_result = xdr_generic_ret;
176*7934SMark.Phalan@Sun.COM local = (char *(*)()) create_policy_2_svc;
1770Sstevel@tonic-gate break;
1780Sstevel@tonic-gate
1790Sstevel@tonic-gate case DELETE_POLICY:
1800Sstevel@tonic-gate xdr_argument = xdr_dpol_arg;
1810Sstevel@tonic-gate xdr_result = xdr_generic_ret;
182*7934SMark.Phalan@Sun.COM local = (char *(*)()) delete_policy_2_svc;
1830Sstevel@tonic-gate break;
1840Sstevel@tonic-gate
1850Sstevel@tonic-gate case MODIFY_POLICY:
1860Sstevel@tonic-gate xdr_argument = xdr_mpol_arg;
1870Sstevel@tonic-gate xdr_result = xdr_generic_ret;
188*7934SMark.Phalan@Sun.COM local = (char *(*)()) modify_policy_2_svc;
1890Sstevel@tonic-gate break;
1900Sstevel@tonic-gate
1910Sstevel@tonic-gate case GET_POLICY:
1920Sstevel@tonic-gate xdr_argument = xdr_gpol_arg;
1930Sstevel@tonic-gate xdr_result = xdr_gpol_ret;
194*7934SMark.Phalan@Sun.COM local = (char *(*)()) get_policy_2_svc;
1950Sstevel@tonic-gate break;
1960Sstevel@tonic-gate
1970Sstevel@tonic-gate case GET_POLS:
1980Sstevel@tonic-gate xdr_argument = xdr_gpols_arg;
1990Sstevel@tonic-gate xdr_result = xdr_gpols_ret;
200*7934SMark.Phalan@Sun.COM local = (char *(*)()) get_pols_2_svc;
2010Sstevel@tonic-gate break;
2020Sstevel@tonic-gate
2030Sstevel@tonic-gate case GET_PRIVS:
2042881Smp153739 xdr_argument = xdr_u_int;
2050Sstevel@tonic-gate xdr_result = xdr_getprivs_ret;
206*7934SMark.Phalan@Sun.COM local = (char *(*)()) get_privs_2_svc;
2070Sstevel@tonic-gate break;
2080Sstevel@tonic-gate
2090Sstevel@tonic-gate case INIT:
2102881Smp153739 xdr_argument = xdr_u_int;
2110Sstevel@tonic-gate xdr_result = xdr_generic_ret;
212*7934SMark.Phalan@Sun.COM local = (char *(*)()) init_2_svc;
2130Sstevel@tonic-gate break;
2140Sstevel@tonic-gate
2150Sstevel@tonic-gate case CREATE_PRINCIPAL3:
2160Sstevel@tonic-gate xdr_argument = xdr_cprinc3_arg;
2170Sstevel@tonic-gate xdr_result = xdr_generic_ret;
218*7934SMark.Phalan@Sun.COM local = (char *(*)()) create_principal3_2_svc;
2190Sstevel@tonic-gate break;
2200Sstevel@tonic-gate
2210Sstevel@tonic-gate case CHPASS_PRINCIPAL3:
2220Sstevel@tonic-gate xdr_argument = xdr_chpass3_arg;
2230Sstevel@tonic-gate xdr_result = xdr_generic_ret;
224*7934SMark.Phalan@Sun.COM local = (char *(*)()) chpass_principal3_2_svc;
2250Sstevel@tonic-gate break;
2260Sstevel@tonic-gate
2270Sstevel@tonic-gate case CHRAND_PRINCIPAL3:
2280Sstevel@tonic-gate xdr_argument = xdr_chrand3_arg;
2290Sstevel@tonic-gate xdr_result = xdr_chrand_ret;
230*7934SMark.Phalan@Sun.COM local = (char *(*)()) chrand_principal3_2_svc;
2310Sstevel@tonic-gate break;
2320Sstevel@tonic-gate
2330Sstevel@tonic-gate case SETKEY_PRINCIPAL3:
2340Sstevel@tonic-gate xdr_argument = xdr_setkey3_arg;
2350Sstevel@tonic-gate xdr_result = xdr_generic_ret;
236*7934SMark.Phalan@Sun.COM local = (char *(*)()) setkey_principal3_2_svc;
2370Sstevel@tonic-gate break;
2380Sstevel@tonic-gate
2390Sstevel@tonic-gate default:
2402881Smp153739 krb5_klog_syslog(LOG_ERR,
2410Sstevel@tonic-gate gettext("Invalid KADM5 procedure number: %d"),
2420Sstevel@tonic-gate rqstp->rq_proc);
2430Sstevel@tonic-gate svcerr_noproc(transp);
2440Sstevel@tonic-gate return;
2450Sstevel@tonic-gate }
2460Sstevel@tonic-gate memset((char *)&argument, 0, sizeof(argument));
2472881Smp153739 if (!svc_getargs(transp, xdr_argument, (char *) &argument)) {
2480Sstevel@tonic-gate svcerr_decode(transp);
2490Sstevel@tonic-gate return;
2500Sstevel@tonic-gate }
2510Sstevel@tonic-gate result = (*local)(&argument, rqstp);
2522881Smp153739 if (result != NULL && !svc_sendreply(transp, xdr_result, (char *) result)) {
2530Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
2540Sstevel@tonic-gate gettext("WARNING! Unable to send function results, "
2550Sstevel@tonic-gate "continuing."));
2560Sstevel@tonic-gate svcerr_systemerr(transp);
2570Sstevel@tonic-gate }
2582881Smp153739 if (!svc_freeargs(transp, xdr_argument, (char *) &argument)) {
2592881Smp153739 krb5_klog_syslog(LOG_ERR,
2600Sstevel@tonic-gate gettext("WARNING! Unable to free arguments, "
2610Sstevel@tonic-gate "continuing."));
2620Sstevel@tonic-gate }
2632881Smp153739 return;
2640Sstevel@tonic-gate }
265