From bjaspan@MIT.EDU Tue Nov 12 13:05:45 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id NAA27364 for <bugs@RT-11.MIT.EDU>; Tue, 12 Nov 1996 13:05:45 -0500
Received: from DUN-DUN-NOODLES.MIT.EDU by MIT.EDU with SMTP
id AA07007; Tue, 12 Nov 96 13:05:31 EST
Received: by DUN-DUN-NOODLES.MIT.EDU (5.x/4.7) id AA17393; Tue, 12 Nov 1996 13:05:05 -0500
Message-Id: <9611121805.AA17393@DUN-DUN-NOODLES.MIT.EDU>
Date: Tue, 12 Nov 1996 13:05:05 -0500
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: glob vs. regexp in kadm5 library
X-Send-Pr-Version: 3.99
System: SunOS DUN-DUN-NOODLES 5.4 Generic_101945-37 sun4m sparc
This is a feature change proposed for after the 1.0 release.
The kadm5 library currently supports the use of shell-style globs (?,
*, []) instead of regular expressions for the functions that list
matching principal and policy names. I originally made this decision
on the theory that system administrators (at the time, OV's customers)
did not necessarily understand regular expressions and in any case
would rarely have use for the extra flexibility they could provide.
Thus, I went for a simpler interface instead of more flexibility.
I no longer think I made the right decision. Except in cases of
security decisions where application programmers should not be
trusted, the kadm5 api should provide mechanism and not enforce
policy. In this case, "providing mechanism" means offering the most
flexible search capability possible, and clearly regexps win over
globs. There is no security advantage to limiting the expression.
The concern about interface complexity is still valid. However, I
know see that the glob/regexp decision should be made in the
application program, not the api, since then the application can
provide either interface (perhaps glob by defaut, and regexp if you
specify "-re <exp>"). The api already contains a (currently internal)
function to convert globs to regexps, so it can simply expose that
function for applications to use.
I therefore propose the following change. kadm5_get_principals and
kadm5_get_policies will be declared obsolete. Two new functions,
kadm5_list_principals and kadm5_list_policies, will be created that
accept regexps instead of globs. A new function kadm5_glob_to_regexp
will be created as a convenience function for callers wishing to
support glob syntax. The kadmin client will continue to accept globs,
but will also be changed to accept -re regexp anywhere it currently
accepts a glob.
Alternatives to the proposal:
(1) The get_* to list_* change could be accomplished quite trivially
with a new API version number instead of new functions. But I think
list_principals is a better name for the function that get_principals,
since it is returning an array of principal names and not principal
structures, anyway.
(2) The list functions could accept a char * and a boolean indicating
whether it the char * is a glob or a regexp. This would keep the
conversion code inside the api instead of having every client know how
to call kadm5_glob_to_regexp.
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: bjaspan@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/176: glob vs. regexp in kadm5 library
Date: Thu, 5 Dec 1996 21:44:52 GMT
Here are diffs against 1.0 to implement glob or regexp matching as in
alternative (2) listed above. The diffs are for the library and
kadmin.local, but not the server or client library (yet; those would
not be hard to write, just a little tedious).
Having gone this far, I'm dubious as to whether this change is worth
the extra complexity. I don't think it buys much. I suspect the
original decision to use globs was fine.
Index: lib/kadm5/admin.h
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/admin.h,v
retrieving revision 1.36
diff -c -r1.36 admin.h
*** admin.h 1996/08/28 20:12:44 1.36
--- admin.h 1996/12/05 21:20:51
***************
*** 34,39 ****
--- 34,45 ----
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
+ * Expression type constants.
+ */
+ #define KADM5_EXP_GLOB 17
+ #define KADM5_EXP_REGEXP 18
+
+ /*
* Succsessfull return code
*/
#define KADM5_OK 0
***************
*** 388,393 ****
--- 394,408 ----
kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
+ #if USE_KADM5_API_VERSION > 1
+ kadm5_ret_t kadm5_list_principals(void *server_handle,
+ char *exp, int exptype,
+ char ***princs, int *count);
+
+ kadm5_ret_t kadm5_list_policies(void *server_handle,
+ char *exp, int exptype,
+ char ***pols, int *count);
+ #endif
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
Index: lib/kadm5/kadm_err.et
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/kadm_err.et,v
retrieving revision 1.23
diff -c -r1.23 kadm_err.et
*** kadm_err.et 1996/11/07 17:14:53 1.23
--- kadm_err.et 1996/12/05 21:09:19
***************
*** 54,57 ****
--- 54,59 ----
error_code KADM5_BAD_TL_TYPE, "Programmer error! Illegal tagged data list type"
error_code KADM5_MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
error_code KADM5_BAD_SERVER_NAME, "Bad krb5 admin server hostname"
+ error_code KADM5_BAD_EXPTYPE, "Programmer error! Invalid expression type"
+ error_code KADM5_UNSUPPORTED_EXPTYPE, "Unsupported expression type"
end
Index: lib/kadm5/srv/svr_iters.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v
retrieving revision 1.2
diff -c -r1.2 svr_iters.c
*** svr_iters.c 1996/11/07 21:43:14 1.2
--- svr_iters.c 1996/12/05 21:19:52
***************
*** 127,133 ****
return KADM5_OK;
}
! void get_either_iter(struct iter_data *data, char *name)
{
if (
#ifdef SOLARIS_REGEXPS
--- 127,133 ----
return KADM5_OK;
}
! void list_either_iter(struct iter_data *data, char *name)
{
if (
#ifdef SOLARIS_REGEXPS
***************
*** 146,175 ****
free(name);
}
! void get_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
if ((name = strdup(entry->name)) == NULL)
return;
! get_either_iter(data, name);
}
! void get_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
if (krb5_unparse_name(id->context, princ, &name) != 0)
return;
! get_either_iter(data, name);
}
! kadm5_ret_t kadm5_get_either(int princ,
! void *server_handle,
! char *exp,
! char ***princs,
! int *count)
{
struct iter_data data;
char *msg, *regexp;
--- 146,176 ----
free(name);
}
! void list_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
if ((name = strdup(entry->name)) == NULL)
return;
! list_either_iter(data, name);
}
! void list_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
if (krb5_unparse_name(id->context, princ, &name) != 0)
return;
! list_either_iter(data, name);
}
! static kadm5_ret_t kadm5_list_either(int princ,
! void *server_handle,
! char *exp,
! int exptype,
! char ***princs,
! int *count)
{
struct iter_data data;
char *msg, *regexp;
***************
*** 177,191 ****
kadm5_server_handle_t handle = server_handle;
*count = 0;
! if (exp == NULL)
! exp = "*";
!
CHECK_HANDLE(server_handle);
! if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
! ®exp)) != KADM5_OK)
! return ret;
!
if (
#ifdef SOLARIS_REGEXPS
((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
--- 178,200 ----
kadm5_server_handle_t handle = server_handle;
*count = 0;
! if (exp == NULL) {
! exp = ".*";
! exptype = KADM5_EXP_REGEXP;
! }
!
CHECK_HANDLE(server_handle);
! if (exptype == KADM5_EXP_GLOB) {
! if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
! ®exp)) != KADM5_OK)
! return ret;
! } else if (exptype == KADM5_EXP_REGEXP) {
! regexp = strdup(exp);
! if (! regexp) return ENOMEM;
! } else
! return KADM5_BAD_EXPTYPE;
!
if (
#ifdef SOLARIS_REGEXPS
((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
***************
*** 210,218 ****
if (princ) {
data.context = handle->context;
! ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data);
} else {
! ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data);
}
if (ret != OSA_ADB_OK) {
--- 219,227 ----
if (princ) {
data.context = handle->context;
! ret = kdb_iter_entry(handle, list_princs_iter, (void *) &data);
} else {
! ret = osa_adb_iter_policy(handle->policy_db, list_pols_iter, (void *)&data);
}
if (ret != OSA_ADB_OK) {
***************
*** 228,239 ****
return KADM5_OK;
}
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp,
char ***princs,
int *count)
{
! return kadm5_get_either(1, server_handle, exp, princs, count);
}
kadm5_ret_t kadm5_get_policies(void *server_handle,
--- 237,267 ----
return KADM5_OK;
}
+ kadm5_ret_t kadm5_list_principals(void *server_handle,
+ char *exp, int exptype,
+ char ***princs,
+ int *count)
+ {
+ return kadm5_list_either(1, server_handle, exp, exptype,
+ princs, count);
+ }
+
+ kadm5_ret_t kadm5_list_policies(void *server_handle,
+ char *exp, int exptype,
+ char ***pols,
+ int *count)
+ {
+ return kadm5_list_either(0, server_handle, exp, exptype,
+ pols, count);
+ }
+
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp,
char ***princs,
int *count)
{
! return kadm5_list_either(1, server_handle, exp, KADM5_EXP_GLOB,
! princs, count);
}
kadm5_ret_t kadm5_get_policies(void *server_handle,
***************
*** 241,246 ****
char ***pols,
int *count)
{
! return kadm5_get_either(0, server_handle, exp, pols, count);
}
--- 269,275 ----
char ***pols,
int *count)
{
! return kadm5_list_either(0, server_handle, exp, KADM5_EXP_GLOB,
! pols, count);
}
Index: lib/kadmin/cli/kadmin.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/kadmin/cli/kadmin.c,v
retrieving revision 1.39
diff -c -r1.39 kadmin.c
*** kadmin.c 1996/12/03 20:40:42 1.39
--- kadmin.c 1996/12/05 21:28:35
***************
*** 1088,1098 ****
int i, count;
exp = NULL;
! if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
! fprintf(stderr, "usage: get_principals [expression]\n");
return;
}
! retval = kadm5_get_principals(handle, exp, &names, &count);
if (retval) {
com_err("get_principals", retval, "while retrieving list.");
return;
--- 1088,1102 ----
int i, count;
exp = NULL;
! if (! (argc == 1 ||
! (argc == 2 && (exp = argv[1])) ||
! (argc == 3 && (strcmp(argv[1], "-re") == 0) && (exp = argv[2])))) {
! fprintf(stderr, "usage: get_principals [[-re] expression]\n");
return;
}
! retval = kadm5_list_principals(handle, exp,
! argc==2 ? KADM5_EXP_GLOB : KADM5_EXP_REGEXP,
! &names, &count);
if (retval) {
com_err("get_principals", retval, "while retrieving list.");
return;
***************
*** 1317,1327 ****
int i, count;
exp = NULL;
! if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
! fprintf(stderr, "usage: get_policies [expression]\n");
return;
}
! retval = kadm5_get_policies(handle, exp, &names, &count);
if (retval) {
com_err("get_policies", retval, "while retrieving list.");
return;
--- 1321,1335 ----
int i, count;
exp = NULL;
! if (! (argc == 1 ||
! (argc == 2 && (exp = argv[1])) ||
! (argc == 3 && (strcmp(argv[1], "-re") == 0) && (exp = argv[2])))) {
! fprintf(stderr, "usage: list_policies [[-re] expression]\n");
return;
}
! retval = kadm5_list_policies(handle, exp,
! argc==2 ? KADM5_EXP_GLOB : KADM5_EXP_REGEXP,
! &names, &count);
if (retval) {
com_err("get_policies", retval, "while retrieving list.");
return;
Index: lib/kadmin/cli/keytab.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/kadmin/cli/keytab.c,v
retrieving revision 1.22
diff -c -r1.22 keytab.c
*** keytab.c 1996/11/13 21:04:45 1.22
--- keytab.c 1996/12/05 21:40:43
***************
*** 31,37 ****
void add_usage()
{
! fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [principal | -glob princ-exp] [...]\n");
}
void rem_usage()
--- 31,38 ----
void add_usage()
{
! fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] "
! "[principal | {-glob|-re} princ-exp] [...]\n");
}
void rem_usage()
***************
*** 120,132 ****
return;
while (*argv) {
! if (strcmp(*argv, "-glob") == 0) {
if (*++argv == NULL) {
add_usage();
break;
}
! if (code = kadm5_get_principals(handle, *argv, &princs, &num)) {
com_err(whoami, code, "while expanding expression \"%s\".",
*argv);
argv++;
--- 121,135 ----
return;
while (*argv) {
! if (strcmp(*argv, "-glob") == 0 || strcmp(*argv, "-re") == 0) {
! int exptype=strcmp(*argv,"-re")?KADM5_EXP_GLOB:KADM5_EXP_REGEXP;
if (*++argv == NULL) {
add_usage();
break;
}
! if (code = kadm5_list_principals(handle, *argv, exptype,
! &princs, &num)) {
com_err(whoami, code, "while expanding expression \"%s\".",
*argv);
argv++;
Responsible-Changed-From-To: bjaspan->krb5-unassigned
Responsible-Changed-By: mdh
Responsible-Changed-When: Wed Jun 24 00:26:59 1998
Responsible-Changed-Why:
bjaspan is no longer with the kerberos team
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id NAA27364 for <bugs@RT-11.MIT.EDU>; Tue, 12 Nov 1996 13:05:45 -0500
Received: from DUN-DUN-NOODLES.MIT.EDU by MIT.EDU with SMTP
id AA07007; Tue, 12 Nov 96 13:05:31 EST
Received: by DUN-DUN-NOODLES.MIT.EDU (5.x/4.7) id AA17393; Tue, 12 Nov 1996 13:05:05 -0500
Message-Id: <9611121805.AA17393@DUN-DUN-NOODLES.MIT.EDU>
Date: Tue, 12 Nov 1996 13:05:05 -0500
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: glob vs. regexp in kadm5 library
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 176
>Category: krb5-admin
>Synopsis: glob vs. regexp in kadm5 library
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 12 13:06:01 EST 1996
>Last-Modified: Wed Jun 24 00:27:54 EDT 1998
>Originator: Barry Jaspan
>Organization:
mit>Category: krb5-admin
>Synopsis: glob vs. regexp in kadm5 library
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 12 13:06:01 EST 1996
>Last-Modified: Wed Jun 24 00:27:54 EDT 1998
>Originator: Barry Jaspan
>Organization:
Show quoted text
>Release: 1.0-development
>Environment:
>Environment:
System: SunOS DUN-DUN-NOODLES 5.4 Generic_101945-37 sun4m sparc
Show quoted text
>Description:
This is a feature change proposed for after the 1.0 release.
The kadm5 library currently supports the use of shell-style globs (?,
*, []) instead of regular expressions for the functions that list
matching principal and policy names. I originally made this decision
on the theory that system administrators (at the time, OV's customers)
did not necessarily understand regular expressions and in any case
would rarely have use for the extra flexibility they could provide.
Thus, I went for a simpler interface instead of more flexibility.
I no longer think I made the right decision. Except in cases of
security decisions where application programmers should not be
trusted, the kadm5 api should provide mechanism and not enforce
policy. In this case, "providing mechanism" means offering the most
flexible search capability possible, and clearly regexps win over
globs. There is no security advantage to limiting the expression.
The concern about interface complexity is still valid. However, I
know see that the glob/regexp decision should be made in the
application program, not the api, since then the application can
provide either interface (perhaps glob by defaut, and regexp if you
specify "-re <exp>"). The api already contains a (currently internal)
function to convert globs to regexps, so it can simply expose that
function for applications to use.
I therefore propose the following change. kadm5_get_principals and
kadm5_get_policies will be declared obsolete. Two new functions,
kadm5_list_principals and kadm5_list_policies, will be created that
accept regexps instead of globs. A new function kadm5_glob_to_regexp
will be created as a convenience function for callers wishing to
support glob syntax. The kadmin client will continue to accept globs,
but will also be changed to accept -re regexp anywhere it currently
accepts a glob.
Alternatives to the proposal:
(1) The get_* to list_* change could be accomplished quite trivially
with a new API version number instead of new functions. But I think
list_principals is a better name for the function that get_principals,
since it is returning an array of principal names and not principal
structures, anyway.
(2) The list functions could accept a char * and a boolean indicating
whether it the char * is a glob or a regexp. This would keep the
conversion code inside the api instead of having every client know how
to call kadm5_glob_to_regexp.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
Show quoted text
>Audit-Trail:
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: bjaspan@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/176: glob vs. regexp in kadm5 library
Date: Thu, 5 Dec 1996 21:44:52 GMT
Here are diffs against 1.0 to implement glob or regexp matching as in
alternative (2) listed above. The diffs are for the library and
kadmin.local, but not the server or client library (yet; those would
not be hard to write, just a little tedious).
Having gone this far, I'm dubious as to whether this change is worth
the extra complexity. I don't think it buys much. I suspect the
original decision to use globs was fine.
Index: lib/kadm5/admin.h
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/admin.h,v
retrieving revision 1.36
diff -c -r1.36 admin.h
*** admin.h 1996/08/28 20:12:44 1.36
--- admin.h 1996/12/05 21:20:51
***************
*** 34,39 ****
--- 34,45 ----
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
+ * Expression type constants.
+ */
+ #define KADM5_EXP_GLOB 17
+ #define KADM5_EXP_REGEXP 18
+
+ /*
* Succsessfull return code
*/
#define KADM5_OK 0
***************
*** 388,393 ****
--- 394,408 ----
kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
+ #if USE_KADM5_API_VERSION > 1
+ kadm5_ret_t kadm5_list_principals(void *server_handle,
+ char *exp, int exptype,
+ char ***princs, int *count);
+
+ kadm5_ret_t kadm5_list_policies(void *server_handle,
+ char *exp, int exptype,
+ char ***pols, int *count);
+ #endif
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
Index: lib/kadm5/kadm_err.et
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/kadm_err.et,v
retrieving revision 1.23
diff -c -r1.23 kadm_err.et
*** kadm_err.et 1996/11/07 17:14:53 1.23
--- kadm_err.et 1996/12/05 21:09:19
***************
*** 54,57 ****
--- 54,59 ----
error_code KADM5_BAD_TL_TYPE, "Programmer error! Illegal tagged data list type"
error_code KADM5_MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
error_code KADM5_BAD_SERVER_NAME, "Bad krb5 admin server hostname"
+ error_code KADM5_BAD_EXPTYPE, "Programmer error! Invalid expression type"
+ error_code KADM5_UNSUPPORTED_EXPTYPE, "Unsupported expression type"
end
Index: lib/kadm5/srv/svr_iters.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/lib/kadm5/srv/svr_iters.c,v
retrieving revision 1.2
diff -c -r1.2 svr_iters.c
*** svr_iters.c 1996/11/07 21:43:14 1.2
--- svr_iters.c 1996/12/05 21:19:52
***************
*** 127,133 ****
return KADM5_OK;
}
! void get_either_iter(struct iter_data *data, char *name)
{
if (
#ifdef SOLARIS_REGEXPS
--- 127,133 ----
return KADM5_OK;
}
! void list_either_iter(struct iter_data *data, char *name)
{
if (
#ifdef SOLARIS_REGEXPS
***************
*** 146,175 ****
free(name);
}
! void get_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
if ((name = strdup(entry->name)) == NULL)
return;
! get_either_iter(data, name);
}
! void get_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
if (krb5_unparse_name(id->context, princ, &name) != 0)
return;
! get_either_iter(data, name);
}
! kadm5_ret_t kadm5_get_either(int princ,
! void *server_handle,
! char *exp,
! char ***princs,
! int *count)
{
struct iter_data data;
char *msg, *regexp;
--- 146,176 ----
free(name);
}
! void list_pols_iter(void *data, osa_policy_ent_t entry)
{
char *name;
if ((name = strdup(entry->name)) == NULL)
return;
! list_either_iter(data, name);
}
! void list_princs_iter(void *data, krb5_principal princ)
{
struct iter_data *id = (struct iter_data *) data;
char *name;
if (krb5_unparse_name(id->context, princ, &name) != 0)
return;
! list_either_iter(data, name);
}
! static kadm5_ret_t kadm5_list_either(int princ,
! void *server_handle,
! char *exp,
! int exptype,
! char ***princs,
! int *count)
{
struct iter_data data;
char *msg, *regexp;
***************
*** 177,191 ****
kadm5_server_handle_t handle = server_handle;
*count = 0;
! if (exp == NULL)
! exp = "*";
!
CHECK_HANDLE(server_handle);
! if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
! ®exp)) != KADM5_OK)
! return ret;
!
if (
#ifdef SOLARIS_REGEXPS
((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
--- 178,200 ----
kadm5_server_handle_t handle = server_handle;
*count = 0;
! if (exp == NULL) {
! exp = ".*";
! exptype = KADM5_EXP_REGEXP;
! }
!
CHECK_HANDLE(server_handle);
! if (exptype == KADM5_EXP_GLOB) {
! if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
! ®exp)) != KADM5_OK)
! return ret;
! } else if (exptype == KADM5_EXP_REGEXP) {
! regexp = strdup(exp);
! if (! regexp) return ENOMEM;
! } else
! return KADM5_BAD_EXPTYPE;
!
if (
#ifdef SOLARIS_REGEXPS
((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
***************
*** 210,218 ****
if (princ) {
data.context = handle->context;
! ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data);
} else {
! ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data);
}
if (ret != OSA_ADB_OK) {
--- 219,227 ----
if (princ) {
data.context = handle->context;
! ret = kdb_iter_entry(handle, list_princs_iter, (void *) &data);
} else {
! ret = osa_adb_iter_policy(handle->policy_db, list_pols_iter, (void *)&data);
}
if (ret != OSA_ADB_OK) {
***************
*** 228,239 ****
return KADM5_OK;
}
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp,
char ***princs,
int *count)
{
! return kadm5_get_either(1, server_handle, exp, princs, count);
}
kadm5_ret_t kadm5_get_policies(void *server_handle,
--- 237,267 ----
return KADM5_OK;
}
+ kadm5_ret_t kadm5_list_principals(void *server_handle,
+ char *exp, int exptype,
+ char ***princs,
+ int *count)
+ {
+ return kadm5_list_either(1, server_handle, exp, exptype,
+ princs, count);
+ }
+
+ kadm5_ret_t kadm5_list_policies(void *server_handle,
+ char *exp, int exptype,
+ char ***pols,
+ int *count)
+ {
+ return kadm5_list_either(0, server_handle, exp, exptype,
+ pols, count);
+ }
+
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp,
char ***princs,
int *count)
{
! return kadm5_list_either(1, server_handle, exp, KADM5_EXP_GLOB,
! princs, count);
}
kadm5_ret_t kadm5_get_policies(void *server_handle,
***************
*** 241,246 ****
char ***pols,
int *count)
{
! return kadm5_get_either(0, server_handle, exp, pols, count);
}
--- 269,275 ----
char ***pols,
int *count)
{
! return kadm5_list_either(0, server_handle, exp, KADM5_EXP_GLOB,
! pols, count);
}
Index: lib/kadmin/cli/kadmin.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/kadmin/cli/kadmin.c,v
retrieving revision 1.39
diff -c -r1.39 kadmin.c
*** kadmin.c 1996/12/03 20:40:42 1.39
--- kadmin.c 1996/12/05 21:28:35
***************
*** 1088,1098 ****
int i, count;
exp = NULL;
! if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
! fprintf(stderr, "usage: get_principals [expression]\n");
return;
}
! retval = kadm5_get_principals(handle, exp, &names, &count);
if (retval) {
com_err("get_principals", retval, "while retrieving list.");
return;
--- 1088,1102 ----
int i, count;
exp = NULL;
! if (! (argc == 1 ||
! (argc == 2 && (exp = argv[1])) ||
! (argc == 3 && (strcmp(argv[1], "-re") == 0) && (exp = argv[2])))) {
! fprintf(stderr, "usage: get_principals [[-re] expression]\n");
return;
}
! retval = kadm5_list_principals(handle, exp,
! argc==2 ? KADM5_EXP_GLOB : KADM5_EXP_REGEXP,
! &names, &count);
if (retval) {
com_err("get_principals", retval, "while retrieving list.");
return;
***************
*** 1317,1327 ****
int i, count;
exp = NULL;
! if (! (argc == 1 || (argc == 2 && (exp = argv[1])))) {
! fprintf(stderr, "usage: get_policies [expression]\n");
return;
}
! retval = kadm5_get_policies(handle, exp, &names, &count);
if (retval) {
com_err("get_policies", retval, "while retrieving list.");
return;
--- 1321,1335 ----
int i, count;
exp = NULL;
! if (! (argc == 1 ||
! (argc == 2 && (exp = argv[1])) ||
! (argc == 3 && (strcmp(argv[1], "-re") == 0) && (exp = argv[2])))) {
! fprintf(stderr, "usage: list_policies [[-re] expression]\n");
return;
}
! retval = kadm5_list_policies(handle, exp,
! argc==2 ? KADM5_EXP_GLOB : KADM5_EXP_REGEXP,
! &names, &count);
if (retval) {
com_err("get_policies", retval, "while retrieving list.");
return;
Index: lib/kadmin/cli/keytab.c
===================================================================
RCS file: /afs/athena/astaff/project/krbdev/.cvsroot/src/kadmin/cli/keytab.c,v
retrieving revision 1.22
diff -c -r1.22 keytab.c
*** keytab.c 1996/11/13 21:04:45 1.22
--- keytab.c 1996/12/05 21:40:43
***************
*** 31,37 ****
void add_usage()
{
! fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [principal | -glob princ-exp] [...]\n");
}
void rem_usage()
--- 31,38 ----
void add_usage()
{
! fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] "
! "[principal | {-glob|-re} princ-exp] [...]\n");
}
void rem_usage()
***************
*** 120,132 ****
return;
while (*argv) {
! if (strcmp(*argv, "-glob") == 0) {
if (*++argv == NULL) {
add_usage();
break;
}
! if (code = kadm5_get_principals(handle, *argv, &princs, &num)) {
com_err(whoami, code, "while expanding expression \"%s\".",
*argv);
argv++;
--- 121,135 ----
return;
while (*argv) {
! if (strcmp(*argv, "-glob") == 0 || strcmp(*argv, "-re") == 0) {
! int exptype=strcmp(*argv,"-re")?KADM5_EXP_GLOB:KADM5_EXP_REGEXP;
if (*++argv == NULL) {
add_usage();
break;
}
! if (code = kadm5_list_principals(handle, *argv, exptype,
! &princs, &num)) {
com_err(whoami, code, "while expanding expression \"%s\".",
*argv);
argv++;
Responsible-Changed-From-To: bjaspan->krb5-unassigned
Responsible-Changed-By: mdh
Responsible-Changed-When: Wed Jun 24 00:26:59 1998
Responsible-Changed-Why:
bjaspan is no longer with the kerberos team
Show quoted text
>Unformatted: