2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 struct timeval _kdc_now
;
39 _kdc_db_fetch(krb5_context context
,
40 krb5_kdc_configuration
*config
,
41 krb5_const_principal principal
,
48 krb5_error_code ret
= HDB_ERR_NOENTRY
;
51 krb5_principal enterprise_principal
= NULL
;
52 krb5_const_principal princ
;
58 flags
|= HDB_F_KVNO_SPECIFIED
;
61 ent
= calloc(1, sizeof (*ent
));
63 return krb5_enomem(context
);
65 if (principal
->name
.name_type
== KRB5_NT_ENTERPRISE_PRINCIPAL
) {
66 if (principal
->name
.name_string
.len
!= 1) {
67 ret
= KRB5_PARSE_MALFORMED
;
68 krb5_set_error_message(context
, ret
,
70 "enterprise name with %d name components",
71 principal
->name
.name_string
.len
);
74 ret
= krb5_parse_name(context
, principal
->name
.name_string
.val
[0],
75 &enterprise_principal
);
80 for (i
= 0; i
< config
->num_db
; i
++) {
81 ret
= config
->db
[i
]->hdb_open(context
, config
->db
[i
], O_RDONLY
, 0);
83 const char *msg
= krb5_get_error_message(context
, ret
);
84 kdc_log(context
, config
, 0, "Failed to open database: %s", msg
);
85 krb5_free_error_message(context
, msg
);
89 if (config
->db
[i
]->hdb_capability_flags
& HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL
)
91 else if (enterprise_principal
)
92 princ
= enterprise_principal
;
94 ret
= config
->db
[i
]->hdb_fetch_kvno(context
,
97 flags
| HDB_F_DECRYPT
,
100 config
->db
[i
]->hdb_close(context
, config
->db
[i
]);
111 ret
= HDB_ERR_NOENTRY
;
112 krb5_set_error_message(context
, ret
, "no such entry found in hdb");
115 krb5_free_principal(context
, enterprise_principal
);
121 _kdc_free_ent(krb5_context context
, hdb_entry_ex
*ent
)
123 hdb_free_entry (context
, ent
);
128 * Use the order list of preferred encryption types and sort the
129 * available keys and return the most preferred key.
133 _kdc_get_preferred_key(krb5_context context
,
134 krb5_kdc_configuration
*config
,
137 krb5_enctype
*enctype
,
143 if (config
->use_strongest_server_key
) {
144 const krb5_enctype
*p
= krb5_kerberos_enctypes(context
);
146 for (i
= 0; p
[i
] != ETYPE_NULL
; i
++) {
147 if (krb5_enctype_valid(context
, p
[i
]) != 0)
149 ret
= hdb_enctype2key(context
, &h
->entry
, p
[i
], key
);
159 for (i
= 0; i
< h
->entry
.keys
.len
; i
++) {
160 if (krb5_enctype_valid(context
, h
->entry
.keys
.val
[i
].key
.keytype
)
163 ret
= hdb_enctype2key(context
, &h
->entry
,
164 h
->entry
.keys
.val
[i
].key
.keytype
, key
);
168 *enctype
= (*key
)->key
.keytype
;
173 krb5_set_error_message(context
, EINVAL
,
174 "No valid kerberos key found for %s", name
);
175 return EINVAL
; /* XXX */