From: Simo Sorce Date: Sun, 20 Dec 2015 22:01:50 +0000 (-0500) Subject: Improve libkadm5 server stubs X-Git-Tag: krb5-1.15-beta1~253 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01d2bd6ab3f39163f6185ac4c69f6f87535212b4;p=thirdparty%2Fkrb5.git Improve libkadm5 server stubs Change the server_stubs.c functions to use thread-safe signatures (as would be output by rpcgen -M). This change has no immediate impact since kadmind is single-threaded, but is cleaner because it avoids the use of static variables. Factor out some of the common initialization and cleanup code from the server functions. [ghudson@mit.edu: rename stub helper functions and reorder/rename output arguments; error out in stub setup if princ is unexpectedly null] --- diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index e325164fe3..e43ca0d578 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -61,9 +61,21 @@ void kadm_1(rqstp, transp) setkey4_arg setkey_principal4_2_arg; getpkeys_arg get_principal_keys_2_arg; } argument; - char *result; + union { + generic_ret gen_ret; + gprinc_ret get_principal_2_ret; + chrand_ret chrand_principal_2_ret; + gpol_ret get_policy_2_ret; + getprivs_ret get_privs_2_ret; + gprincs_ret get_princs_2_ret; + gpols_ret get_pols_2_ret; + chrand_ret chrand_principal3_2_ret; + gstrings_ret get_string_2_ret; + getpkeys_ret get_principal_keys_ret; + } result; + bool_t retval; bool_t (*xdr_argument)(), (*xdr_result)(); - char *(*local)(); + bool_t (*local)(); if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI && !check_rpcsec_auth(rqstp)) { @@ -83,157 +95,157 @@ void kadm_1(rqstp, transp) case CREATE_PRINCIPAL: xdr_argument = xdr_cprinc_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) create_principal_2_svc; + local = (bool_t (*)()) create_principal_2_svc; break; case DELETE_PRINCIPAL: xdr_argument = xdr_dprinc_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) delete_principal_2_svc; + local = (bool_t (*)()) delete_principal_2_svc; break; case MODIFY_PRINCIPAL: xdr_argument = xdr_mprinc_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) modify_principal_2_svc; + local = (bool_t (*)()) modify_principal_2_svc; break; case RENAME_PRINCIPAL: xdr_argument = xdr_rprinc_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) rename_principal_2_svc; + local = (bool_t (*)()) rename_principal_2_svc; break; case GET_PRINCIPAL: xdr_argument = xdr_gprinc_arg; xdr_result = xdr_gprinc_ret; - local = (char *(*)()) get_principal_2_svc; + local = (bool_t (*)()) get_principal_2_svc; break; case GET_PRINCS: xdr_argument = xdr_gprincs_arg; xdr_result = xdr_gprincs_ret; - local = (char *(*)()) get_princs_2_svc; + local = (bool_t (*)()) get_princs_2_svc; break; case CHPASS_PRINCIPAL: xdr_argument = xdr_chpass_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) chpass_principal_2_svc; + local = (bool_t (*)()) chpass_principal_2_svc; break; case SETV4KEY_PRINCIPAL: xdr_argument = xdr_setv4key_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) setv4key_principal_2_svc; + local = (bool_t (*)()) setv4key_principal_2_svc; break; case SETKEY_PRINCIPAL: xdr_argument = xdr_setkey_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) setkey_principal_2_svc; + local = (bool_t (*)()) setkey_principal_2_svc; break; case CHRAND_PRINCIPAL: xdr_argument = xdr_chrand_arg; xdr_result = xdr_chrand_ret; - local = (char *(*)()) chrand_principal_2_svc; + local = (bool_t (*)()) chrand_principal_2_svc; break; case CREATE_POLICY: xdr_argument = xdr_cpol_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) create_policy_2_svc; + local = (bool_t (*)()) create_policy_2_svc; break; case DELETE_POLICY: xdr_argument = xdr_dpol_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) delete_policy_2_svc; + local = (bool_t (*)()) delete_policy_2_svc; break; case MODIFY_POLICY: xdr_argument = xdr_mpol_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) modify_policy_2_svc; + local = (bool_t (*)()) modify_policy_2_svc; break; case GET_POLICY: xdr_argument = xdr_gpol_arg; xdr_result = xdr_gpol_ret; - local = (char *(*)()) get_policy_2_svc; + local = (bool_t (*)()) get_policy_2_svc; break; case GET_POLS: xdr_argument = xdr_gpols_arg; xdr_result = xdr_gpols_ret; - local = (char *(*)()) get_pols_2_svc; + local = (bool_t (*)()) get_pols_2_svc; break; case GET_PRIVS: xdr_argument = xdr_u_int32; xdr_result = xdr_getprivs_ret; - local = (char *(*)()) get_privs_2_svc; + local = (bool_t (*)()) get_privs_2_svc; break; case INIT: xdr_argument = xdr_u_int32; xdr_result = xdr_generic_ret; - local = (char *(*)()) init_2_svc; + local = (bool_t (*)()) init_2_svc; break; case CREATE_PRINCIPAL3: xdr_argument = xdr_cprinc3_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) create_principal3_2_svc; + local = (bool_t (*)()) create_principal3_2_svc; break; case CHPASS_PRINCIPAL3: xdr_argument = xdr_chpass3_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) chpass_principal3_2_svc; + local = (bool_t (*)()) chpass_principal3_2_svc; break; case CHRAND_PRINCIPAL3: xdr_argument = xdr_chrand3_arg; xdr_result = xdr_chrand_ret; - local = (char *(*)()) chrand_principal3_2_svc; + local = (bool_t (*)()) chrand_principal3_2_svc; break; case SETKEY_PRINCIPAL3: xdr_argument = xdr_setkey3_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) setkey_principal3_2_svc; + local = (bool_t (*)()) setkey_principal3_2_svc; break; case PURGEKEYS: xdr_argument = xdr_purgekeys_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) purgekeys_2_svc; + local = (bool_t (*)()) purgekeys_2_svc; break; case GET_STRINGS: xdr_argument = xdr_gstrings_arg; xdr_result = xdr_gstrings_ret; - local = (char *(*)()) get_strings_2_svc; + local = (bool_t (*)()) get_strings_2_svc; break; case SET_STRING: xdr_argument = xdr_sstring_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) set_string_2_svc; + local = (bool_t (*)()) set_string_2_svc; break; case SETKEY_PRINCIPAL4: xdr_argument = xdr_setkey4_arg; xdr_result = xdr_generic_ret; - local = (char *(*)()) setkey_principal4_2_svc; + local = (bool_t (*)()) setkey_principal4_2_svc; break; case EXTRACT_KEYS: xdr_argument = xdr_getpkeys_arg; xdr_result = xdr_getpkeys_ret; - local = (char *(*)()) get_principal_keys_2_svc; + local = (bool_t (*)()) get_principal_keys_2_svc; break; default: @@ -247,8 +259,9 @@ void kadm_1(rqstp, transp) svcerr_decode(transp); return; } - result = (*local)(&argument, rqstp); - if (result != NULL && !svc_sendreply(transp, xdr_result, result)) { + memset(&result, 0, sizeof(result)); + retval = (*local)(&argument, &result, rqstp); + if (retval && !svc_sendreply(transp, xdr_result, (void *)&result)) { krb5_klog_syslog(LOG_ERR, "WARNING! Unable to send function results, " "continuing."); svcerr_systemerr(transp); @@ -257,6 +270,10 @@ void kadm_1(rqstp, transp) krb5_klog_syslog(LOG_ERR, "WARNING! Unable to free arguments, " "continuing."); } + if (!svc_freeargs(transp, xdr_result, &result)) { + krb5_klog_syslog(LOG_ERR, "WARNING! Unable to free results, " + "continuing."); + } return; } diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 8d44fff8ec..86c162590e 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -270,6 +270,56 @@ gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str) return 0; } +/* + * Perform common initialization for server stub functions. A subset of the + * output arguments may be set on failure; the caller is responsible for + * initializing outputs and calling stub_cleanup() on success or failure. + * princ and princ_str_out may be NULL to omit unparsing a principal name. + */ +static kadm5_ret_t +stub_setup(krb5_ui_4 api_version, struct svc_req *rqstp, krb5_principal princ, + kadm5_server_handle_t *handle_out, krb5_ui_4 *api_version_out, + gss_buffer_t client_name_out, gss_buffer_t service_name_out, + char **princ_str_out) +{ + kadm5_ret_t ret; + + ret = new_server_handle(api_version, rqstp, handle_out); + if (ret) + return ret; + + ret = check_handle(*handle_out); + if (ret) + return ret; + + *api_version_out = (*handle_out)->api_version; + + if (setup_gss_names(rqstp, client_name_out, service_name_out) < 0) + return KADM5_FAILURE; + + if (princ_str_out != NULL) { + if (princ == NULL) + return KADM5_BAD_PRINCIPAL; + if (krb5_unparse_name((*handle_out)->context, princ, princ_str_out)) + return KADM5_BAD_PRINCIPAL; + } + + return KADM5_OK; +} + +/* Perform common cleanup for server stub functions. */ +static void +stub_cleanup(kadm5_server_handle_t handle, char *princ_str, + gss_buffer_t client_name, gss_buffer_t service_name) +{ + OM_uint32 minor_stat; + + free_server_handle(handle); + free(princ_str); + gss_release_buffer(&minor_stat, client_name); + gss_release_buffer(&minor_stat, service_name); +} + static int log_unauth( char *op, @@ -329,52 +379,37 @@ log_done( client_addr(rqstp->rq_xprt)); } -generic_ret * -create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) +bool_t +create_principal_2_svc(cprinc_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal, + &handle, &ret->api_version, &client_name, + &service_name, &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; + ret->code = KADM5_AUTH_ADD; log_unauth("kadm5_create_principal", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_principal((void *)handle, - &arg->rec, arg->mask, - arg->passwd); + ret->code = kadm5_create_principal(handle, &arg->rec, arg->mask, + arg->passwd); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_create_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -382,62 +417,43 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) +bool_t +create_principal3_2_svc(cprinc3_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal, + &handle, &ret->api_version, &client_name, + &service_name, &prime_arg); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; + ret->code = KADM5_AUTH_ADD; log_unauth("kadm5_create_principal", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_principal_3((void *)handle, - &arg->rec, arg->mask, - arg->n_ks_tuple, - arg->ks_tuple, - arg->passwd); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_create_principal_3(handle, &arg->rec, arg->mask, + arg->n_ks_tuple, arg->ks_tuple, + arg->passwd); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_create_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -445,13 +461,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } /* Return KADM5_PROTECT_KEYS if KRB5_KDB_LOCKDOWN_KEYS is set for princ. */ @@ -469,56 +482,42 @@ check_lockdown_keys(kadm5_server_handle_t handle, krb5_principal princ) return ret; } -generic_ret * -delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) +bool_t +delete_principal_2_svc(dprinc_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { - ret.code = KADM5_AUTH_DELETE; + ret->code = KADM5_AUTH_DELETE; log_unauth("kadm5_delete_principal", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_delete_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_DELETE; + ret->code = KADM5_AUTH_DELETE; } } - if (ret.code == KADM5_OK) - ret.code = kadm5_delete_principal((void *)handle, arg->princ); - if (ret.code != KADM5_AUTH_DELETE) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code == KADM5_OK) + ret->code = kadm5_delete_principal(handle, arg->princ); + if (ret->code != KADM5_AUTH_DELETE) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_delete_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -527,67 +526,51 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) +bool_t +modify_principal_2_svc(mprinc_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal, + &handle, &ret->api_version, &client_name, + &service_name, &prime_arg); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->rec.principal, &rp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_MODIFY; + ret->code = KADM5_AUTH_MODIFY; log_unauth("kadm5_modify_principal", prime_arg, &client_name, &service_name, rqstp); } else if ((arg->mask & KADM5_ATTRIBUTES) && (!(arg->rec.attributes & KRB5_KDB_LOCKDOWN_KEYS))) { - ret.code = check_lockdown_keys(handle, arg->rec.principal); - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->rec.principal); + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_modify_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_MODIFY; + ret->code = KADM5_AUTH_MODIFY; } } - if (ret.code == KADM5_OK) { - ret.code = kadm5_modify_principal((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code == KADM5_OK) { + ret->code = kadm5_modify_principal(handle, &arg->rec, arg->mask); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_modify_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -595,43 +578,34 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) +bool_t +rename_principal_2_svc(rprinc_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; char *prime_arg1 = NULL, *prime_arg2 = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; size_t tlen1, tlen2, clen, slen; char *tdots1, *tdots2, *cdots, *sdots; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) || krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) { - ret.code = KADM5_BAD_PRINCIPAL; + ret->code = KADM5_BAD_PRINCIPAL; goto exit_func; } tlen1 = strlen(prime_arg1); @@ -643,30 +617,30 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) slen = service_name.length; trunc_name(&slen, &sdots); - ret.code = KADM5_OK; + ret->code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->src, NULL)) - ret.code = KADM5_AUTH_DELETE; + ret->code = KADM5_AUTH_DELETE; /* any restrictions at all on the ADD kills the RENAME */ if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->dest, &rp) || rp) { - if (ret.code == KADM5_AUTH_DELETE) - ret.code = KADM5_AUTH_INSUFFICIENT; + if (ret->code == KADM5_AUTH_DELETE) + ret->code = KADM5_AUTH_INSUFFICIENT; else - ret.code = KADM5_AUTH_ADD; + ret->code = KADM5_AUTH_ADD; } - if (ret.code == KADM5_OK) { - ret.code = check_lockdown_keys(handle, arg->src); - if (ret.code == KADM5_PROTECT_KEYS) { + if (ret->code == KADM5_OK) { + ret->code = check_lockdown_keys(handle, arg->src); + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_rename_principal", prime_arg1, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_DELETE; + ret->code = KADM5_AUTH_DELETE; } } } else - ret.code = KADM5_AUTH_INSUFFICIENT; - if (ret.code != KADM5_OK) { + ret->code = KADM5_AUTH_INSUFFICIENT; + if (ret->code != KADM5_OK) { /* okay to cast lengths to int because trunc_name limits max value */ krb5_klog_syslog(LOG_NOTICE, _("Unauthorized request: kadm5_rename_principal, " @@ -678,10 +652,9 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) (int)slen, (char *)service_name.value, sdots, client_addr(rqstp->rq_xprt)); } else { - ret.code = kadm5_rename_principal((void *)handle, arg->src, - arg->dest); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_rename_principal(handle, arg->src, arg->dest); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); /* okay to cast lengths to int because trunc_name limits max value */ krb5_klog_syslog(LOG_NOTICE, @@ -702,59 +675,42 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) exit_func: free(prime_arg1); free(prime_arg2); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -gprinc_ret * -get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) +bool_t +get_principal_2_svc(gprinc_arg *arg, gprinc_ret *ret, struct svc_req *rqstp) { - static gprinc_ret ret; - char *prime_arg, *funcname; + char *funcname, *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_gprinc_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - funcname = "kadm5_get_principal"; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, arg->princ, NULL))) { - ret.code = KADM5_AUTH_GET; + ret->code = KADM5_AUTH_GET; log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec, - arg->mask); + ret->code = kadm5_get_principal(handle, arg->princ, &ret->rec, + arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -762,39 +718,27 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -gprincs_ret * -get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) +bool_t +get_princs_2_svc(gprincs_arg *arg, gprincs_ret *ret, struct svc_req *rqstp) { - static gprincs_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_gprincs_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->exp; if (prime_arg == NULL) prime_arg = "*"; @@ -804,15 +748,14 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) ACL_LIST, NULL, NULL)) { - ret.code = KADM5_AUTH_LIST; + ret->code = KADM5_AUTH_LIST; log_unauth("kadm5_get_principals", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_principals((void *)handle, - arg->exp, &ret.princs, - &ret.count); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_get_principals(handle, arg->exp, &ret->princs, + &ret->count); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_get_principals", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -821,67 +764,51 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -generic_ret * -chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) +bool_t +chpass_principal_2_svc(chpass_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_chpass_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } } else if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, - FALSE, 0, NULL, arg->pass); + ret->code = chpass_principal_wrapper_3(handle, arg->princ, FALSE, 0, + NULL, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_chpass_principal((void *)handle, arg->princ, - arg->pass); + ret->code = kadm5_chpass_principal(handle, arg->princ, arg->pass); } else { log_unauth("kadm5_chpass_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } - if (ret.code != KADM5_AUTH_CHANGEPW) { - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_CHANGEPW) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_chpass_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -890,74 +817,53 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) +bool_t +chpass_principal3_2_svc(chpass3_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - } - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_chpass_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } } else if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->pass); + ret->code = chpass_principal_wrapper_3(handle, arg->princ, + arg->keepold, arg->n_ks_tuple, + arg->ks_tuple, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->pass); + ret->code = kadm5_chpass_principal_3(handle, arg->princ, arg->keepold, + arg->n_ks_tuple, arg->ks_tuple, + arg->pass); } else { log_unauth("kadm5_chpass_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } - if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_CHANGEPW) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_chpass_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -966,65 +872,48 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) +bool_t +setv4key_principal_2_svc(setv4key_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - } - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_setv4key_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, - arg->keyblock); + ret->code = kadm5_setv4key_principal(handle, arg->princ, + arg->keyblock); } else { log_unauth("kadm5_setv4key_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } - if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_SETKEY) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_setv4key_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1033,65 +922,49 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) + +bool_t +setkey_principal_2_svc(setkey_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - } - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setkey_principal((void *)handle, arg->princ, - arg->keyblocks, arg->n_keys); + ret->code = kadm5_setkey_principal(handle, arg->princ, arg->keyblocks, + arg->n_keys); } else { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } - if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_SETKEY) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_setkey_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1100,68 +973,49 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) +bool_t +setkey_principal3_2_svc(setkey3_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { - ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - arg->keyblocks, arg->n_keys); + ret->code = kadm5_setkey_principal_3(handle, arg->princ, arg->keepold, + arg->n_ks_tuple, arg->ks_tuple, + arg->keyblocks, arg->n_keys); } else { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } - if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_SETKEY) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_setkey_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1170,66 +1024,48 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -setkey_principal4_2_svc(setkey4_arg *arg, struct svc_req *rqstp) +bool_t +setkey_principal4_2_svc(setkey4_arg *arg, generic_ret *ret, + struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - if (ret.code == KADM5_PROTECT_KEYS) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } } else if (!(CHANGEPW_SERVICE(rqstp)) && - kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, - arg->princ, NULL)) { - ret.code = kadm5_setkey_principal_4((void *)handle, arg->princ, - arg->keepold, arg->key_data, - arg->n_key_data); + kadm5int_acl_check(handle->context, rqst2name(rqstp), + ACL_SETKEY, arg->princ, NULL)) { + ret->code = kadm5_setkey_principal_4(handle, arg->princ, arg->keepold, + arg->key_data, arg->n_key_data); } else { log_unauth("kadm5_setkey_principal", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; + ret->code = KADM5_AUTH_SETKEY; } - if (ret.code != KADM5_AUTH_SETKEY) { - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_SETKEY) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_setkey_principal", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1238,12 +1074,9 @@ setkey_principal4_2_svc(setkey4_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } /* Empty out *keys/*nkeys if princ is protected with the lockdown attribute, or @@ -1267,64 +1100,49 @@ chrand_check_lockdown(kadm5_server_handle_t handle, krb5_principal princ, return (ret == KADM5_PROTECT_KEYS) ? KADM5_OK : ret; } -chrand_ret * -chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) +bool_t +chrand_principal_2_svc(chrand_arg *arg, chrand_ret *ret, struct svc_req *rqstp) { - static chrand_ret ret; - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; + char *funcname, *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; + krb5_keyblock *k; + int nkeys; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_chrand_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - funcname = "kadm5_randkey_principal"; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, - FALSE, 0, NULL, &k, &nkeys); + ret->code = randkey_principal_wrapper_3(handle, arg->princ, FALSE, 0, + NULL, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_randkey_principal((void *)handle, arg->princ, - &k, &nkeys); + ret->code = kadm5_randkey_principal(handle, arg->princ, &k, &nkeys); } else { log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } - if(ret.code == KADM5_OK) { - ret.code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys); - ret.keys = k; - ret.n_keys = nkeys; + if (ret->code == KADM5_OK) { + ret->code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys); + if (ret->code == KADM5_PROTECT_KEYS) + ret->code = KADM5_OK; + ret->keys = k; + ret->n_keys = nkeys; } - if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_CHANGEPW) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1332,77 +1150,59 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -chrand_ret * -chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) +bool_t +chrand_principal3_2_svc(chrand3_arg *arg, chrand_ret *ret, + struct svc_req *rqstp) { - static chrand_ret ret; - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; + char *funcname, *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; + krb5_keyblock *k; + int nkeys; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_chrand_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - funcname = "kadm5_randkey_principal"; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { - ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - &k, &nkeys); + ret->code = randkey_principal_wrapper_3(handle, arg->princ, + arg->keepold, arg->n_ks_tuple, + arg->ks_tuple, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { - ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ, - arg->keepold, - arg->n_ks_tuple, - arg->ks_tuple, - &k, &nkeys); + ret->code = kadm5_randkey_principal_3(handle, arg->princ, arg->keepold, + arg->n_ks_tuple, arg->ks_tuple, + &k, &nkeys); } else { log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; + ret->code = KADM5_AUTH_CHANGEPW; } - if(ret.code == KADM5_OK) { - ret.code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys); - ret.keys = k; - ret.n_keys = nkeys; + if (ret->code == KADM5_OK) { + ret->code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys); + if (ret->code == KADM5_PROTECT_KEYS) + ret->code = KADM5_OK; + ret->keys = k; + ret->n_keys = nkeys; } - if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_CHANGEPW) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1410,53 +1210,40 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) +bool_t +create_policy_2_svc(cpol_arg *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, NULL, NULL)) { - ret.code = KADM5_AUTH_ADD; + ret->code = KADM5_AUTH_ADD; log_unauth("kadm5_create_policy", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_create_policy((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_create_policy(handle, &arg->rec, arg->mask); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_create_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, @@ -1465,38 +1252,27 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -generic_ret * -delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) +bool_t +delete_policy_2_svc(dpol_arg *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->name; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, @@ -1504,11 +1280,11 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) ACL_DELETE, NULL, NULL)) { log_unauth("kadm5_delete_policy", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_DELETE; + ret->code = KADM5_AUTH_DELETE; } else { - ret.code = kadm5_delete_policy((void *)handle, arg->name); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_delete_policy(handle, arg->name); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_delete_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, @@ -1517,38 +1293,27 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -generic_ret * -modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) +bool_t +modify_policy_2_svc(mpol_arg *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, @@ -1556,12 +1321,11 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) ACL_MODIFY, NULL, NULL)) { log_unauth("kadm5_modify_policy", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_MODIFY; + ret->code = KADM5_AUTH_MODIFY; } else { - ret.code = kadm5_modify_policy((void *)handle, &arg->rec, - arg->mask); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_modify_policy(handle, &arg->rec, arg->mask); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_modify_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, @@ -1570,70 +1334,60 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -gpol_ret * -get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) +bool_t +get_policy_2_svc(gpol_arg *arg, gpol_ret *ret, struct svc_req *rqstp) { - static gpol_ret ret; - kadm5_ret_t ret2; - char *prime_arg, *funcname; + char *funcname, *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; + kadm5_ret_t ret2; kadm5_principal_ent_rec caller_ent; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_gpol_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - funcname = "kadm5_get_policy"; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->name; - ret.code = KADM5_AUTH_GET; + ret->code = KADM5_AUTH_GET; if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, NULL, NULL)) - ret.code = KADM5_OK; + ret->code = KADM5_OK; else { - ret.code = kadm5_get_principal(handle->lhandle, - handle->current_caller, - &caller_ent, - KADM5_PRINCIPAL_NORMAL_MASK); - if (ret.code == KADM5_OK) { + ret->code = kadm5_get_principal(handle->lhandle, + handle->current_caller, &caller_ent, + KADM5_PRINCIPAL_NORMAL_MASK); + if (ret->code == KADM5_OK) { if (caller_ent.aux_attributes & KADM5_POLICY && strcmp(caller_ent.policy, arg->name) == 0) { - ret.code = KADM5_OK; - } else ret.code = KADM5_AUTH_GET; + ret->code = KADM5_OK; + } else { + ret->code = KADM5_AUTH_GET; + } ret2 = kadm5_free_principal_ent(handle->lhandle, &caller_ent); - ret.code = ret.code ? ret.code : ret2; + ret->code = ret->code ? ret->code : ret2; } } - if (ret.code == KADM5_OK) { - ret.code = kadm5_get_policy(handle, arg->name, &ret.rec); + if (ret->code == KADM5_OK) { + ret->code = kadm5_get_policy(handle, arg->name, &ret->rec); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done(funcname, ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, @@ -1645,39 +1399,27 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } -exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; +exit_func: + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -gpols_ret * -get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) +bool_t +get_pols_2_svc(gpols_arg *arg, gpols_ret *ret, struct svc_req *rqstp) { - static gpols_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_gpols_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle, + &ret->api_version, &client_name, &service_name, + NULL); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } prime_arg = arg->exp; if (prime_arg == NULL) prime_arg = "*"; @@ -1685,15 +1427,14 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_LIST, NULL, NULL)) { - ret.code = KADM5_AUTH_LIST; + ret->code = KADM5_AUTH_LIST; log_unauth("kadm5_get_policies", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_policies((void *)handle, - arg->exp, &ret.pols, - &ret.count); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_get_policies(handle, arg->exp, &ret->pols, + &ret->count); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_get_policies", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1701,40 +1442,28 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) +bool_t +get_privs_2_svc(krb5_ui_4 *arg, getprivs_ret *ret, struct svc_req *rqstp) { - static getprivs_ret ret; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_getprivs_ret, &ret); - - if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; + ret->code = stub_setup(*arg, rqstp, NULL, &handle, &ret->api_version, + &client_name, &service_name, NULL); + if (ret->code) goto exit_func; - } - ret.code = kadm5_get_privs((void *)handle, &ret.privs); - if( ret.code != 0 ) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_get_privs(handle, &ret->privs); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_get_privs", client_name.value, errmsg, &client_name, &service_name, rqstp); @@ -1743,56 +1472,38 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } -generic_ret * -purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) +bool_t +purgekeys_2_svc(purgekeys_arg *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg, *funcname; + char *funcname, *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - funcname = "kadm5_purgekeys"; - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (!cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->princ, NULL))) { - ret.code = KADM5_AUTH_MODIFY; + ret->code = KADM5_AUTH_MODIFY; log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_purgekeys((void *)handle, arg->princ, - arg->keepkvno); - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_purgekeys(handle, arg->princ, arg->keepkvno); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1800,58 +1511,41 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -gstrings_ret * -get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) +bool_t +get_strings_2_svc(gstrings_arg *arg, gstrings_ret *ret, struct svc_req *rqstp) { - static gstrings_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_gstrings_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, arg->princ, NULL))) { - ret.code = KADM5_AUTH_GET; + ret->code = KADM5_AUTH_GET; log_unauth("kadm5_get_strings", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_get_strings((void *)handle, arg->princ, &ret.strings, - &ret.count); - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_get_strings(handle, arg->princ, &ret->strings, + &ret->count); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_get_strings", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1859,55 +1553,37 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret * -set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) +bool_t +set_string_2_svc(sstring_arg *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - goto exit_func; - - if ((ret.code = check_handle((void *)handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->princ, NULL)) { - ret.code = KADM5_AUTH_MODIFY; + ret->code = KADM5_AUTH_MODIFY; log_unauth("kadm5_mod_strings", prime_arg, &client_name, &service_name, rqstp); } else { - ret.code = kadm5_set_string((void *)handle, arg->princ, arg->key, - arg->value); - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + ret->code = kadm5_set_string(handle, arg->princ, arg->key, arg->value); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_mod_strings", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -1915,42 +1591,29 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); + exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } -generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) +bool_t +init_2_svc(krb5_ui_4 *arg, generic_ret *ret, struct svc_req *rqstp) { - static generic_ret ret; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; kadm5_server_handle_t handle; - OM_uint32 minor_stat; const char *errmsg = NULL; size_t clen, slen; char *cdots, *sdots; - xdr_free(xdr_generic_ret, &ret); - - if ((ret.code = new_server_handle(*arg, rqstp, &handle))) + ret->code = stub_setup(*arg, rqstp, NULL, &handle, &ret->api_version, + &client_name, &service_name, NULL); + if (ret->code) goto exit_func; - if (! (ret.code = check_handle((void *)handle))) { - ret.api_version = handle->api_version; - } - - free_server_handle(handle); - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - - if (ret.code != 0) - errmsg = krb5_get_error_message(NULL, ret.code); + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); clen = client_name.length; trunc_name(&clen, &cdots); @@ -1965,15 +1628,14 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, client_addr(rqstp->rq_xprt), - ret.api_version & ~(KADM5_API_VERSION_MASK), + ret->api_version & ~(KADM5_API_VERSION_MASK), rqstp->rq_cred.oa_flavor); if (errmsg != NULL) - krb5_free_error_message(NULL, errmsg); + krb5_free_error_message(handle->context, errmsg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - return(&ret); + stub_cleanup(handle, NULL, &client_name, &service_name); + return TRUE; } gss_name_t @@ -1986,66 +1648,51 @@ rqst2name(struct svc_req *rqstp) return rqstp->rq_clntcred; } -getpkeys_ret * -get_principal_keys_2_svc(getpkeys_arg *arg, struct svc_req *rqstp) +bool_t +get_principal_keys_2_svc(getpkeys_arg *arg, getpkeys_ret *ret, + struct svc_req *rqstp) { - static getpkeys_ret ret; - char *prime_arg; + char *prime_arg = NULL; gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; - xdr_free(xdr_getpkeys_ret, &ret); - - if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) + ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle, + &ret->api_version, &client_name, &service_name, + &prime_arg); + if (ret->code) goto exit_func; - if ((ret.code = check_handle((void *)handle))) - goto exit_func; - - ret.api_version = handle->api_version; - - if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { - ret.code = KADM5_FAILURE; - goto exit_func; - } - if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { - ret.code = KADM5_BAD_PRINCIPAL; - goto exit_func; - } - if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_EXTRACT, arg->princ, NULL)) { - ret.code = kadm5_get_principal_keys((void *)handle, arg->princ, - arg->kvno, &ret.key_data, - &ret.n_key_data); + ret->code = kadm5_get_principal_keys(handle, arg->princ, arg->kvno, + &ret->key_data, &ret->n_key_data); } else { log_unauth("kadm5_get_principal_keys", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_EXTRACT; + ret->code = KADM5_AUTH_EXTRACT; } - if (ret.code == KADM5_OK) { - ret.code = check_lockdown_keys(handle, arg->princ); - if (ret.code != KADM5_OK) { - kadm5_free_kadm5_key_data(handle->context, ret.n_key_data, - ret.key_data); - ret.key_data = NULL; - ret.n_key_data = 0; + if (ret->code == KADM5_OK) { + ret->code = check_lockdown_keys(handle, arg->princ); + if (ret->code != KADM5_OK) { + kadm5_free_kadm5_key_data(handle->context, ret->n_key_data, + ret->key_data); + ret->key_data = NULL; + ret->n_key_data = 0; } - if (ret.code == KADM5_PROTECT_KEYS) { + if (ret->code == KADM5_PROTECT_KEYS) { log_unauth("kadm5_get_principal_keys", prime_arg, &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_EXTRACT; + ret->code = KADM5_AUTH_EXTRACT; } } - if (ret.code != KADM5_AUTH_EXTRACT) { - if (ret.code != 0) - errmsg = krb5_get_error_message(handle->context, ret.code); + if (ret->code != KADM5_AUTH_EXTRACT) { + if (ret->code != 0) + errmsg = krb5_get_error_message(handle->context, ret->code); log_done("kadm5_get_principal_keys", prime_arg, errmsg, &client_name, &service_name, rqstp); @@ -2054,10 +1701,7 @@ get_principal_keys_2_svc(getpkeys_arg *arg, struct svc_req *rqstp) krb5_free_error_message(handle->context, errmsg); } - free(prime_arg); exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; + stub_cleanup(handle, prime_arg, &client_name, &service_name); + return TRUE; } diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h index b51156de82..8d7cf3b36f 100644 --- a/src/lib/kadm5/kadm_rpc.h +++ b/src/lib/kadm5/kadm_rpc.h @@ -258,95 +258,117 @@ typedef struct getpkeys_ret getpkeys_ret; #define CREATE_PRINCIPAL 1 extern enum clnt_stat create_principal_2(cprinc_arg *, generic_ret *, CLIENT *); -extern generic_ret * create_principal_2_svc(cprinc_arg *, struct svc_req *); +extern bool_t create_principal_2_svc(cprinc_arg *, generic_ret *, + struct svc_req *); #define DELETE_PRINCIPAL 2 extern enum clnt_stat delete_principal_2(dprinc_arg *, generic_ret *, CLIENT *); -extern generic_ret * delete_principal_2_svc(dprinc_arg *, struct svc_req *); +extern bool_t delete_principal_2_svc(dprinc_arg *, generic_ret *, + struct svc_req *); #define MODIFY_PRINCIPAL 3 extern enum clnt_stat modify_principal_2(mprinc_arg *, generic_ret *, CLIENT *); -extern generic_ret * modify_principal_2_svc(mprinc_arg *, struct svc_req *); +extern bool_t modify_principal_2_svc(mprinc_arg *, generic_ret *, + struct svc_req *); #define RENAME_PRINCIPAL 4 extern enum clnt_stat rename_principal_2(rprinc_arg *, generic_ret *, CLIENT *); -extern generic_ret * rename_principal_2_svc(rprinc_arg *, struct svc_req *); +extern bool_t rename_principal_2_svc(rprinc_arg *, generic_ret *, + struct svc_req *); #define GET_PRINCIPAL 5 extern enum clnt_stat get_principal_2(gprinc_arg *, gprinc_ret *, CLIENT *); -extern gprinc_ret * get_principal_2_svc(gprinc_arg *, struct svc_req *); +extern bool_t get_principal_2_svc(gprinc_arg *, gprinc_ret *, + struct svc_req *); #define CHPASS_PRINCIPAL 6 extern enum clnt_stat chpass_principal_2(chpass_arg *, generic_ret *, CLIENT *); -extern generic_ret * chpass_principal_2_svc(chpass_arg *, struct svc_req *); +extern bool_t chpass_principal_2_svc(chpass_arg *, generic_ret *, + struct svc_req *); #define CHRAND_PRINCIPAL 7 extern enum clnt_stat chrand_principal_2(chrand_arg *, chrand_ret *, CLIENT *); -extern chrand_ret * chrand_principal_2_svc(chrand_arg *, struct svc_req *); +extern bool_t chrand_principal_2_svc(chrand_arg *, chrand_ret *, + struct svc_req *); #define CREATE_POLICY 8 extern enum clnt_stat create_policy_2(cpol_arg *, generic_ret *, CLIENT *); -extern generic_ret * create_policy_2_svc(cpol_arg *, struct svc_req *); +extern bool_t create_policy_2_svc(cpol_arg *, generic_ret *, + struct svc_req *); #define DELETE_POLICY 9 extern enum clnt_stat delete_policy_2(dpol_arg *, generic_ret *, CLIENT *); -extern generic_ret * delete_policy_2_svc(dpol_arg *, struct svc_req *); +extern bool_t delete_policy_2_svc(dpol_arg *, generic_ret *, + struct svc_req *); #define MODIFY_POLICY 10 extern enum clnt_stat modify_policy_2(mpol_arg *, generic_ret *, CLIENT *); -extern generic_ret * modify_policy_2_svc(mpol_arg *, struct svc_req *); +extern bool_t modify_policy_2_svc(mpol_arg *, generic_ret *, + struct svc_req *); #define GET_POLICY 11 extern enum clnt_stat get_policy_2(gpol_arg *, gpol_ret *, CLIENT *); -extern gpol_ret * get_policy_2_svc(gpol_arg *, struct svc_req *); +extern bool_t get_policy_2_svc(gpol_arg *, gpol_ret *, struct svc_req *); #define GET_PRIVS 12 extern enum clnt_stat get_privs_2(void *, getprivs_ret *, CLIENT *); -extern getprivs_ret * get_privs_2_svc(krb5_ui_4 *, struct svc_req *); +extern bool_t get_privs_2_svc(krb5_ui_4 *, getprivs_ret *, struct svc_req *); #define INIT 13 extern enum clnt_stat init_2(void *, generic_ret *, CLIENT *); -extern generic_ret * init_2_svc(krb5_ui_4 *, struct svc_req *); +extern bool_t init_2_svc(krb5_ui_4 *, generic_ret *, struct svc_req *); #define GET_PRINCS 14 extern enum clnt_stat get_princs_2(gprincs_arg *, gprincs_ret *, CLIENT *); -extern gprincs_ret * get_princs_2_svc(gprincs_arg *, struct svc_req *); +extern bool_t get_princs_2_svc(gprincs_arg *, gprincs_ret *, + struct svc_req *); #define GET_POLS 15 extern enum clnt_stat get_pols_2(gpols_arg *, gpols_ret *, CLIENT *); -extern gpols_ret * get_pols_2_svc(gpols_arg *, struct svc_req *); +extern bool_t get_pols_2_svc(gpols_arg *, gpols_ret *, struct svc_req *); #define SETKEY_PRINCIPAL 16 extern enum clnt_stat setkey_principal_2(setkey_arg *, generic_ret *, CLIENT *); -extern generic_ret * setkey_principal_2_svc(setkey_arg *, struct svc_req *); +extern bool_t setkey_principal_2_svc(setkey_arg *, generic_ret *, + struct svc_req *); #define SETV4KEY_PRINCIPAL 17 extern enum clnt_stat setv4key_principal_2(setv4key_arg *, generic_ret *, CLIENT *); -extern generic_ret * setv4key_principal_2_svc(setv4key_arg *, struct svc_req *); +extern bool_t setv4key_principal_2_svc(setv4key_arg *, generic_ret *, + struct svc_req *); #define CREATE_PRINCIPAL3 18 extern enum clnt_stat create_principal3_2(cprinc3_arg *, generic_ret *, CLIENT *); -extern generic_ret * create_principal3_2_svc(cprinc3_arg *, struct svc_req *); +extern bool_t create_principal3_2_svc(cprinc3_arg *, generic_ret *, + struct svc_req *); #define CHPASS_PRINCIPAL3 19 extern enum clnt_stat chpass_principal3_2(chpass3_arg *, generic_ret *, CLIENT *); -extern generic_ret * chpass_principal3_2_svc(chpass3_arg *, struct svc_req *); +extern bool_t chpass_principal3_2_svc(chpass3_arg *, generic_ret *, + struct svc_req *); #define CHRAND_PRINCIPAL3 20 extern enum clnt_stat chrand_principal3_2(chrand3_arg *, chrand_ret *, CLIENT *); -extern chrand_ret * chrand_principal3_2_svc(chrand3_arg *, struct svc_req *); +extern bool_t chrand_principal3_2_svc(chrand3_arg *, chrand_ret *, + struct svc_req *); #define SETKEY_PRINCIPAL3 21 extern enum clnt_stat setkey_principal3_2(setkey3_arg *, generic_ret *, CLIENT *); -extern generic_ret * setkey_principal3_2_svc(setkey3_arg *, struct svc_req *); +extern bool_t setkey_principal3_2_svc(setkey3_arg *, generic_ret *, + struct svc_req *); #define PURGEKEYS 22 extern enum clnt_stat purgekeys_2(purgekeys_arg *, generic_ret *, CLIENT *); -extern generic_ret * purgekeys_2_svc(purgekeys_arg *, struct svc_req *); +extern bool_t purgekeys_2_svc(purgekeys_arg *, generic_ret *, + struct svc_req *); #define GET_STRINGS 23 extern enum clnt_stat get_strings_2(gstrings_arg *, gstrings_ret *, CLIENT *); -extern gstrings_ret * get_strings_2_svc(gstrings_arg *, struct svc_req *); +extern bool_t get_strings_2_svc(gstrings_arg *, gstrings_ret *, + struct svc_req *); #define SET_STRING 24 extern enum clnt_stat set_string_2(sstring_arg *, generic_ret *, CLIENT *); -extern generic_ret * set_string_2_svc(sstring_arg *, struct svc_req *); +extern bool_t set_string_2_svc(sstring_arg *, generic_ret *, + struct svc_req *); #define SETKEY_PRINCIPAL4 25 extern enum clnt_stat setkey_principal4_2(setkey4_arg *, generic_ret *, CLIENT *); -extern generic_ret * setkey_principal4_2_svc(setkey4_arg *, struct svc_req *); +extern bool_t setkey_principal4_2_svc(setkey4_arg *, generic_ret *, + struct svc_req *); #define EXTRACT_KEYS 26 extern enum clnt_stat get_principal_keys_2(getpkeys_arg *, getpkeys_ret *, CLIENT *); -extern getpkeys_ret * get_principal_keys_2_svc(getpkeys_arg *, struct svc_req *); +extern bool_t get_principal_keys_2_svc(getpkeys_arg *, getpkeys_ret *, + struct svc_req *); extern bool_t xdr_cprinc_arg (); extern bool_t xdr_cprinc3_arg ();