search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drop RCSID
[heimdal.git] / lib / hdb / common.c
blobcc0c81e307019ee4555fa73e6d32d44d2e82e0c7
1 /*
2 * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hdb_locl.h"
35
36 int
37 hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
38 {
39 Principal new;
40 size_t len;
41 int ret;
42
43 ret = copy_Principal(p, &new);
44 if(ret)
45 return ret;
46 new.name.name_type = 0;
47
48 ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
49 if (ret == 0 && key->length != len)
50 krb5_abortx(context, "internal asn.1 encoder error");
51 free_Principal(&new);
52 return ret;
53 }
54
55 int
56 hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
57 {
58 return decode_Principal(key->data, key->length, p, NULL);
59 }
60
61 int
62 hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
63 {
64 size_t len;
65 int ret;
66
67 ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
68 if (ret == 0 && value->length != len)
69 krb5_abortx(context, "internal asn.1 encoder error");
70 return ret;
71 }
72
73 int
74 hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
75 {
76 return decode_hdb_entry(value->data, value->length, ent, NULL);
77 }
78
79 int
80 hdb_entry_alias2value(krb5_context context,
81 const hdb_entry_alias *alias,
82 krb5_data *value)
83 {
84 size_t len;
85 int ret;
86
87 ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length,
88 alias, &len, ret);
89 if (ret == 0 && value->length != len)
90 krb5_abortx(context, "internal asn.1 encoder error");
91 return ret;
92 }
93
94 int
95 hdb_value2entry_alias(krb5_context context, krb5_data *value,
96 hdb_entry_alias *ent)
97 {
98 return decode_hdb_entry_alias(value->data, value->length, ent, NULL);
99 }
100
101 krb5_error_code
102 _hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal,
103 unsigned flags, hdb_entry_ex *entry)
104 {
105 krb5_principal enterprise_principal = NULL;
106 krb5_data key, value;
107 int code;
108
109 if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
110 if (principal->name.name_string.len != 1) {
111 ret = KRB5_PARSE_MALFORMED;
112 krb5_set_error_message(context, ret, "malformed principal: "
113 "enterprise name with %d name components",
114 principal->name.name_string.len);
115 return ret;
116 }
117 ret = krb5_parse_name(context, principal->name.name_string.val[0],
118 &enterprise_principal);
119 if (ret)
120 return ret;
121 principal = enterprise_principal;
122 }
123
124 hdb_principal2key(context, principal, &key);
125 if (enterprise_principal)
126 krb5_free_principal(context, principal);
127 code = db->hdb__get(context, db, key, &value);
128 krb5_data_free(&key);
129 if(code)
130 return code;
131 code = hdb_value2entry(context, &value, &entry->entry);
132 if (code == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) {
133 krb5_data_free(&value);
134 return HDB_ERR_NOENTRY;
135 } else if (code == ASN1_BAD_ID) {
136 hdb_entry_alias alias;
137
138 code = hdb_value2entry_alias(context, &value, &alias);
139 if (code) {
140 krb5_data_free(&value);
141 return code;
142 }
143 hdb_principal2key(context, alias.principal, &key);
144 krb5_data_free(&value);
145 free_hdb_entry_alias(&alias);
146
147 code = db->hdb__get(context, db, key, &value);
148 krb5_data_free(&key);
149 if (code)
150 return code;
151 code = hdb_value2entry(context, &value, &entry->entry);
152 if (code) {
153 krb5_data_free(&value);
154 return code;
155 }
156 }
157 krb5_data_free(&value);
158 if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
159 code = hdb_unseal_keys (context, db, &entry->entry);
160 if (code)
161 hdb_free_entry(context, entry);
162 }
163 return code;
164 }
165
166 static krb5_error_code
167 hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
168 {
169 const HDB_Ext_Aliases *aliases;
170 krb5_error_code code;
171 hdb_entry oldentry;
172 krb5_data value;
173 int i;
174
175 code = db->hdb__get(context, db, *key, &value);
176 if (code == HDB_ERR_NOENTRY)
177 return 0;
178 else if (code)
179 return code;
180
181 code = hdb_value2entry(context, &value, &oldentry);
182 krb5_data_free(&value);
183 if (code)
184 return code;
185
186 code = hdb_entry_get_aliases(&oldentry, &aliases);
187 if (code || aliases == NULL) {
188 free_hdb_entry(&oldentry);
189 return code;
190 }
191 for (i = 0; i < aliases->aliases.len; i++) {
192 krb5_data akey;
193
194 hdb_principal2key(context, &aliases->aliases.val[i], &akey);
195 code = db->hdb__del(context, db, akey);
196 krb5_data_free(&akey);
197 if (code) {
198 free_hdb_entry(&oldentry);
199 return code;
200 }
201 }
202 free_hdb_entry(&oldentry);
203 return 0;
204 }
205
206 static krb5_error_code
207 hdb_add_aliases(krb5_context context, HDB *db,
208 unsigned flags, hdb_entry_ex *entry)
209 {
210 const HDB_Ext_Aliases *aliases;
211 krb5_error_code code;
212 krb5_data key, value;
213 int i;
214
215 code = hdb_entry_get_aliases(&entry->entry, &aliases);
216 if (code || aliases == NULL)
217 return code;
218
219 for (i = 0; i < aliases->aliases.len; i++) {
220 hdb_entry_alias entryalias;
221 entryalias.principal = entry->entry.principal;
222
223 hdb_principal2key(context, &aliases->aliases.val[i], &key);
224 code = hdb_entry_alias2value(context, &entryalias, &value);
225 if (code) {
226 krb5_data_free(&key);
227 return code;
228 }
229 code = db->hdb__put(context, db, flags, key, value);
230 krb5_data_free(&key);
231 krb5_data_free(&value);
232 if (code)
233 return code;
234 }
235 return 0;
236 }
237
238 static krb5_error_code
239 hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry)
240 {
241 const HDB_Ext_Aliases *aliases;
242 int code, i;
243
244 /* check if new aliases already is used */
245
246 code = hdb_entry_get_aliases(&entry->entry, &aliases);
247 if (code)
248 return code;
249
250 for (i = 0; aliases && i < aliases->aliases.len; i++) {
251 hdb_entry_alias alias;
252 krb5_data akey, value;
253
254 hdb_principal2key(context, &aliases->aliases.val[i], &akey);
255 code = db->hdb__get(context, db, akey, &value);
256 krb5_data_free(&akey);
257 if (code == HDB_ERR_NOENTRY)
258 continue;
259 else if (code)
260 return code;
261
262 code = hdb_value2entry_alias(context, &value, &alias);
263 krb5_data_free(&value);
264
265 if (code == ASN1_BAD_ID)
266 return HDB_ERR_EXISTS;
267 else if (code)
268 return code;
269
270 code = krb5_principal_compare(context, alias.principal,
271 entry->entry.principal);
272 free_hdb_entry_alias(&alias);
273 if (code == 0)
274 return HDB_ERR_EXISTS;
275 }
276 return 0;
277 }
278
279 krb5_error_code
280 _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
281 {
282 krb5_data key, value;
283 int code;
284
285 /* check if new aliases already is used */
286 code = hdb_check_aliases(context, db, entry);
287 if (code)
288 return code;
289
290 if(entry->entry.generation == NULL) {
291 struct timeval t;
292 entry->entry.generation = malloc(sizeof(*entry->entry.generation));
293 if(entry->entry.generation == NULL) {
294 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
295 return ENOMEM;
296 }
297 gettimeofday(&t, NULL);
298 entry->entry.generation->time = t.tv_sec;
299 entry->entry.generation->usec = t.tv_usec;
300 entry->entry.generation->gen = 0;
301 } else
302 entry->entry.generation->gen++;
303
304 code = hdb_seal_keys(context, db, &entry->entry);
305 if (code)
306 return code;
307
308 hdb_principal2key(context, entry->entry.principal, &key);
309
310 /* remove aliases */
311 code = hdb_remove_aliases(context, db, &key);
312 if (code) {
313 krb5_data_free(&key);
314 return code;
315 }
316 hdb_entry2value(context, &entry->entry, &value);
317 code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
318 krb5_data_free(&value);
319 krb5_data_free(&key);
320 if (code)
321 return code;
322
323 code = hdb_add_aliases(context, db, flags, entry);
324
325 return code;
326 }
327
328 krb5_error_code
329 _hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
330 {
331 krb5_data key;
332 int code;
333
334 hdb_principal2key(context, principal, &key);
335
336 code = hdb_remove_aliases(context, db, &key);
337 if (code) {
338 krb5_data_free(&key);
339 return code;
340 }
341 code = db->hdb__del(context, db, key);
342 krb5_data_free(&key);
343 return code;
344 }
345
Heimdal