Mercurial > illumos > illumos-gate
changeset 3375:65ec6109bc5b
6225779 kadmin.local -q listprincs should not output warnings to stdout
6251822 klist will core dump if KRB5CCNAME is set to empty string("export KRB5CCNAME=")
6396614 kadmin's Usage output is incomplete, missing [-w password]]
6460287 kadmin should use pager for listpols
| author | mp153739 |
|---|---|
| date | Mon, 08 Jan 2007 02:05:59 -0800 |
| parents | bc7c8ae749e7 |
| children | 15d24e91f408 |
| files | usr/src/cmd/krb5/kadmin/cli/kadmin.c usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c usr/src/lib/gss_mechs/mech_krb5/krb5/ccache/ccbase.c |
| diffstat | 3 files changed, 114 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/krb5/kadmin/cli/kadmin.c Sun Jan 07 08:10:47 2007 -0800 +++ b/usr/src/cmd/krb5/kadmin/cli/kadmin.c Mon Jan 08 02:05:59 2007 -0800 @@ -1,5 +1,5 @@ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -441,8 +441,12 @@ * Initialize the kadm5 connection. If we were given a ccache, * use it. Otherwise, use/prompt for the password. */ + + /* Solaris Kerberos: + * Send warnings to stderr + */ if (ccache_name) { - printf(gettext( + fprintf(stderr, gettext( "Authenticating as principal %s with existing credentials.\n"), princstr); retval = kadm5_init_with_creds(princstr, cc, @@ -453,10 +457,10 @@ &handle); } else if (use_keytab) { if (keytab_name) - printf(gettext("Authenticating as principal %s with keytab %s.\n"), + fprintf(stderr, gettext("Authenticating as principal %s with keytab %s.\n"), princstr, keytab_name); else - printf(gettext( + fprintf(stderr, gettext( "Authenticating as principal %s with default keytab.\n"), princstr); retval = kadm5_init_with_skey(princstr, keytab_name, @@ -466,7 +470,7 @@ KADM5_API_VERSION_2, &handle); } else { - printf(gettext("Authenticating as principal %s with password.\n"), + fprintf(stderr, gettext("Authenticating as principal %s with password.\n"), princstr); retval = kadm5_init_with_password(princstr, password, svcname, @@ -1521,6 +1525,13 @@ wait(&waitb); + /* Solaris Kerberos: + * Restore the original handler for SIGINT + */ + if (sigaction(SIGINT, &osig, (struct sigaction *)0) == -1) { + perror("sigaction"); + } + kadm5_free_name_list(handle, names, count); } @@ -1781,6 +1792,15 @@ char *expr, **names; int i, count; + /* Solaris Kerberos: + * Use a pager for listing policies (similar to listing princs) + */ + FILE *output = NULL; + int fd; + struct sigaction nsig, osig; + sigset_t nmask, omask; + int waitb; + expr = NULL; if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) { fprintf(stderr, "%s: get_policies %s\n", @@ -1793,8 +1813,81 @@ gettext("while retrieving list.")); return; } - for (i = 0; i < count; i++) - printf("%s\n", names[i]); + + if (sigemptyset(&nmask) == -1) { + perror("sigemptyset"); + kadm5_free_name_list(handle, names, count); + return; + } + + if (sigaddset(&nmask, SIGINT) == -1) { + perror("sigaddset"); + kadm5_free_name_list(handle, names, count); + return; + } + + if (sigemptyset(&nsig.sa_mask) == -1) { + perror("sigemptyset"); + kadm5_free_name_list(handle, names, count); + return; + } + + if (sigprocmask(SIG_BLOCK, &nmask, &omask) == -1) { + perror("sigprocmask"); + kadm5_free_name_list(handle, names, count); + return; + } + + nsig.sa_handler = SIG_IGN; + nsig.sa_flags = 0; + if (sigaction(SIGINT, &nsig, &osig) == -1) { + perror("sigaction"); + if (sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0) == -1) { + perror("sigprocmask"); + } + kadm5_free_name_list(handle, names, count); + return; + } + + fd = ss_pager_create(); + if (fd == -1) { + fprintf(stderr, "%s: failed to create pager\n", whoami); + if (sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0) == -1) { + perror("sigprocmask"); + } + + if (sigaction(SIGINT, &osig, (struct sigaction *)0) == -1) { + perror("sigaction"); + } + + kadm5_free_name_list(handle, names, count); + return; + } + + output = fdopen(fd, "w"); + if (output == NULL) { + perror("fdopen"); + } + + if (sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0) == -1) { + perror("sigprocmask"); + } + + if (output != NULL) { + for (i = 0; i < count; i++) + fprintf(output, "%s\n", names[i]); + } + + if (output != NULL && fclose(output) != 0) { + perror("fclose"); + } + + if (wait(&waitb) == -1) { + perror("wait"); + } + + if (sigaction(SIGINT, &osig, (struct sigaction *)0) == -1) { + perror("sigaction"); + } kadm5_free_name_list(handle, names, count); } -
--- a/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c Sun Jan 07 08:10:47 2007 -0800 +++ b/usr/src/cmd/krb5/kadmin/cli/kadmin_rmt.c Mon Jan 08 02:05:59 2007 -0800 @@ -1,5 +1,5 @@ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -22,7 +22,8 @@ { fprintf(stderr, "%s: %s [-r realm] [-p principal] [-q query] " - "[-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n", + "[-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]" + "|[-w password]]\n", gettext("Usage"), whoami); exit(1); }
--- a/usr/src/lib/gss_mechs/mech_krb5/krb5/ccache/ccbase.c Sun Jan 07 08:10:47 2007 -0800 +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/ccache/ccbase.c Mon Jan 08 02:05:59 2007 -0800 @@ -29,6 +29,12 @@ * Registration functions for ccache. */ +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + + #include "k5-int.h" #include "k5-thread.h" @@ -143,6 +149,10 @@ unsigned int pfxlen; krb5_error_code err; + /* Solaris Kerberos */ + if (!name) + return KRB5_CC_BADNAME; + cp = strchr (name, ':'); if (!cp) { if (krb5_cc_dfl_ops)