2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadm5_locl.h"
36 RCSID("$Id: get_s.c,v 1.13 2000/06/19 16:11:31 joda Exp $");
39 kadm5_s_get_principal(void *server_handle
,
41 kadm5_principal_ent_t out
,
44 kadm5_server_context
*context
= server_handle
;
48 ent
.principal
= princ
;
49 ret
= context
->db
->open(context
->context
, context
->db
, O_RDONLY
, 0);
52 ret
= context
->db
->fetch(context
->context
, context
->db
,
54 context
->db
->close(context
->context
, context
->db
);
56 return _kadm5_error_code(ret
);
58 memset(out
, 0, sizeof(*out
));
59 if(mask
& KADM5_PRINCIPAL
)
60 ret
= krb5_copy_principal(context
->context
, ent
.principal
,
64 if(mask
& KADM5_PRINC_EXPIRE_TIME
&& ent
.valid_end
)
65 out
->princ_expire_time
= *ent
.valid_end
;
66 if(mask
& KADM5_PW_EXPIRATION
&& ent
.pw_end
)
67 out
->pw_expiration
= *ent
.pw_end
;
68 if(mask
& KADM5_LAST_PWD_CHANGE
)
70 if(mask
& KADM5_ATTRIBUTES
){
71 out
->attributes
|= ent
.flags
.postdate
? 0 : KRB5_KDB_DISALLOW_POSTDATED
;
72 out
->attributes
|= ent
.flags
.forwardable
? 0 : KRB5_KDB_DISALLOW_FORWARDABLE
;
73 out
->attributes
|= ent
.flags
.initial
? KRB5_KDB_DISALLOW_TGT_BASED
: 0;
74 out
->attributes
|= ent
.flags
.renewable
? 0 : KRB5_KDB_DISALLOW_RENEWABLE
;
75 out
->attributes
|= ent
.flags
.proxiable
? 0 : KRB5_KDB_DISALLOW_PROXIABLE
;
76 out
->attributes
|= ent
.flags
.invalid
? KRB5_KDB_DISALLOW_ALL_TIX
: 0;
77 out
->attributes
|= ent
.flags
.require_preauth
? KRB5_KDB_REQUIRES_PRE_AUTH
: 0;
78 out
->attributes
|= ent
.flags
.server
? 0 : KRB5_KDB_DISALLOW_SVR
;
79 out
->attributes
|= ent
.flags
.change_pw
? KRB5_KDB_PWCHANGE_SERVICE
: 0;
81 if(mask
& KADM5_MAX_LIFE
) {
83 out
->max_life
= *ent
.max_life
;
85 out
->max_life
= INT_MAX
;
87 if(mask
& KADM5_MOD_TIME
) {
89 out
->mod_date
= ent
.modified_by
->time
;
91 out
->mod_date
= ent
.created_by
.time
;
93 if(mask
& KADM5_MOD_NAME
) {
95 if (ent
.modified_by
->principal
!= NULL
)
96 ret
= krb5_copy_principal(context
->context
,
97 ent
.modified_by
->principal
,
99 } else if(ent
.created_by
.principal
!= NULL
)
100 ret
= krb5_copy_principal(context
->context
,
101 ent
.created_by
.principal
,
104 out
->mod_name
= NULL
;
109 if(mask
& KADM5_KVNO
)
110 out
->kvno
= ent
.kvno
;
111 if(mask
& KADM5_MKVNO
) {
113 out
->mkvno
= 0; /* XXX */
114 for(n
= 0; n
< ent
.keys
.len
; n
++)
115 if(ent
.keys
.val
[n
].mkvno
) {
116 out
->mkvno
= *ent
.keys
.val
[n
].mkvno
; /* XXX this isn't right */
120 if(mask
& KADM5_AUX_ATTRIBUTES
)
122 if(mask
& KADM5_POLICY
)
124 if(mask
& KADM5_MAX_RLIFE
) {
126 out
->max_renewable_life
= *ent
.max_renew
;
128 out
->max_renewable_life
= INT_MAX
;
130 if(mask
& KADM5_LAST_SUCCESS
)
132 if(mask
& KADM5_LAST_FAILED
)
134 if(mask
& KADM5_FAIL_AUTH_COUNT
)
136 if(mask
& KADM5_KEY_DATA
){
142 krb5_get_pw_salt(context
->context
, ent
.principal
, &salt
);
143 out
->key_data
= malloc(ent
.keys
.len
* sizeof(*out
->key_data
));
144 for(i
= 0; i
< ent
.keys
.len
; i
++){
145 key
= &ent
.keys
.val
[i
];
146 kd
= &out
->key_data
[i
];
147 kd
->key_data_ver
= 2;
148 kd
->key_data_kvno
= ent
.kvno
;
149 kd
->key_data_type
[0] = key
->key
.keytype
;
151 kd
->key_data_type
[1] = key
->salt
->type
;
153 kd
->key_data_type
[1] = KRB5_PADATA_PW_SALT
;
155 kd
->key_data_length
[0] = key
->key
.keyvalue
.length
;
156 kd
->key_data_contents
[0] = malloc(kd
->key_data_length
[0]);
157 if(kd
->key_data_contents
[0] == NULL
){
161 memcpy(kd
->key_data_contents
[0], key
->key
.keyvalue
.data
,
162 kd
->key_data_length
[0]);
165 sp
= &key
->salt
->salt
;
167 sp
= &salt
.saltvalue
;
168 kd
->key_data_length
[1] = sp
->length
;
169 kd
->key_data_contents
[1] = malloc(kd
->key_data_length
[1]);
170 if(kd
->key_data_length
[1] != 0
171 && kd
->key_data_contents
[1] == NULL
) {
172 memset(kd
->key_data_contents
[0], 0, kd
->key_data_length
[0]);
176 memcpy(kd
->key_data_contents
[1], sp
->data
, kd
->key_data_length
[1]);
177 out
->n_key_data
= i
+ 1;
179 krb5_free_salt(context
->context
, salt
);
182 kadm5_free_principal_ent(context
, out
);
185 if(mask
& KADM5_TL_DATA
)
188 hdb_free_entry(context
->context
, &ent
);
190 return _kadm5_error_code(ret
);