search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add UPN support to sqlite HDB backend
[heimdal.git] / lib / kadm5 / common_glue.c
blob3270197b41a5c5ffb197000a9a5124ea8f6c97fe
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 RCSID("$Id$");
37
38 #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
39
40 kadm5_ret_t
41 kadm5_chpass_principal(void *server_handle,
42 krb5_principal princ,
43 const char *password)
44 {
45 return __CALL(chpass_principal, (server_handle, princ, 0,
46 0, NULL, password));
47 }
48
49 kadm5_ret_t
50 kadm5_chpass_principal_3(void *server_handle,
51 krb5_principal princ,
52 krb5_boolean keepold,
53 int n_ks_tuple,
54 krb5_key_salt_tuple *ks_tuple,
55 const char *password)
56 {
57 return __CALL(chpass_principal, (server_handle, princ, keepold,
58 n_ks_tuple, ks_tuple, password));
59 }
60
61 kadm5_ret_t
62 kadm5_chpass_principal_with_key(void *server_handle,
63 krb5_principal princ,
64 int n_key_data,
65 krb5_key_data *key_data)
66 {
67 return __CALL(chpass_principal_with_key,
68 (server_handle, princ, 0, n_key_data, key_data));
69 }
70
71 kadm5_ret_t
72 kadm5_chpass_principal_with_key_3(void *server_handle,
73 krb5_principal princ,
74 int keepold,
75 int n_key_data,
76 krb5_key_data *key_data)
77 {
78 return __CALL(chpass_principal_with_key,
79 (server_handle, princ, keepold, n_key_data, key_data));
80 }
81
82 kadm5_ret_t
83 kadm5_create_principal_3(void *server_handle,
84 kadm5_principal_ent_t princ,
85 uint32_t mask,
86 int n_ks_tuple,
87 krb5_key_salt_tuple *ks_tuple,
88 char *password)
89 {
90 return __CALL(create_principal,
91 (server_handle, princ, mask, n_ks_tuple, ks_tuple, password));
92 }
93
94 kadm5_ret_t
95 kadm5_create_principal(void *server_handle,
96 kadm5_principal_ent_t princ,
97 uint32_t mask,
98 const char *password)
99 {
100 return __CALL(create_principal,
101 (server_handle, princ, mask, 0, NULL, password));
102 }
103
104 kadm5_ret_t
105 kadm5_delete_principal(void *server_handle,
106 krb5_principal princ)
107 {
108 return __CALL(delete_principal, (server_handle, princ));
109 }
110
111 kadm5_ret_t
112 kadm5_destroy (void *server_handle)
113 {
114 return __CALL(destroy, (server_handle));
115 }
116
117 kadm5_ret_t
118 kadm5_flush (void *server_handle)
119 {
120 return __CALL(flush, (server_handle));
121 }
122
123 kadm5_ret_t
124 kadm5_get_principal(void *server_handle,
125 krb5_principal princ,
126 kadm5_principal_ent_t out,
127 uint32_t mask)
128 {
129 return __CALL(get_principal, (server_handle, princ, out, mask));
130 }
131
132 /**
133 * Extract decrypted keys from kadm5_principal_ent_t object. Mostly a
134 * no-op for Heimdal because we fetch the entry with decrypted keys.
135 * Sadly this is not fully a no-op, as we have to allocate a copy.
136 *
137 * @server_handle is the kadm5 handle
138 * @entry is the HDB entry for the principal in question
139 * @ktype is the enctype to get a key for, or -1 to get the first one
140 * @stype is the salttype to get a key for, or -1 to get the first match
141 * @kvno is the kvno to search for, or -1 to get the first match (highest kvno)
142 * @keyblock is where the key will be placed
143 * @keysalt, if not NULL, is where the salt will be placed
144 * @kvnop, if not NULL, is where the selected kvno will be placed
145 */
146 kadm5_ret_t
147 kadm5_decrypt_key(void *server_handle,
148 kadm5_principal_ent_t entry,
149 int32_t ktype, int32_t stype,
150 int32_t kvno, krb5_keyblock *keyblock,
151 krb5_keysalt *keysalt, int *kvnop)
152 {
153 size_t i;
154
155 if (kvno < 1 || stype != -1)
156 return KADM5_DECRYPT_USAGE_NOSUPP;
157
158 for (i = 0; i < entry->n_key_data; i++) {
159 if (ktype != entry->key_data[i].key_data_kvno)
160 continue;
161
162 keyblock->keytype = ktype;
163 keyblock->keyvalue.length = entry->key_data[i].key_data_length[0];
164 keyblock->keyvalue.data = malloc(keyblock->keyvalue.length);
165 if (keyblock->keyvalue.data == NULL)
166 return ENOMEM;
167 memcpy(keyblock->keyvalue.data,
168 entry->key_data[i].key_data_contents[0],
169 keyblock->keyvalue.length);
170 }
171
172 return 0;
173 }
174
175 kadm5_ret_t
176 kadm5_modify_principal(void *server_handle,
177 kadm5_principal_ent_t princ,
178 uint32_t mask)
179 {
180 return __CALL(modify_principal, (server_handle, princ, mask));
181 }
182
183 kadm5_ret_t
184 kadm5_randkey_principal(void *server_handle,
185 krb5_principal princ,
186 krb5_keyblock **new_keys,
187 int *n_keys)
188 {
189 return __CALL(randkey_principal, (server_handle, princ, FALSE, 0, NULL,
190 new_keys, n_keys));
191 }
192
193 kadm5_ret_t
194 kadm5_randkey_principal_3(void *server_handle,
195 krb5_principal princ,
196 krb5_boolean keepold,
197 int n_ks_tuple,
198 krb5_key_salt_tuple *ks_tuple,
199 krb5_keyblock **new_keys,
200 int *n_keys)
201 {
202 return __CALL(randkey_principal, (server_handle, princ, keepold,
203 n_ks_tuple, ks_tuple, new_keys, n_keys));
204 }
205
206 kadm5_ret_t
207 kadm5_rename_principal(void *server_handle,
208 krb5_principal source,
209 krb5_principal target)
210 {
211 return __CALL(rename_principal, (server_handle, source, target));
212 }
213
214 kadm5_ret_t
215 kadm5_get_principals(void *server_handle,
216 const char *expression,
217 char ***princs,
218 int *count)
219 {
220 return __CALL(get_principals, (server_handle, expression, princs, count));
221 }
222
223 kadm5_ret_t
224 kadm5_get_privs(void *server_handle,
225 uint32_t *privs)
226 {
227 return __CALL(get_privs, (server_handle, privs));
228 }
229
230
231 /**
232 * This function is allows the caller to set new keys for a principal.
233 * This is a trivial wrapper around kadm5_setkey_principal_3().
234 */
235 kadm5_ret_t
236 kadm5_setkey_principal(void *server_handle,
237 krb5_principal princ,
238 krb5_keyblock *new_keys,
239 int n_keys)
240 {
241 return kadm5_setkey_principal_3(server_handle, princ, 0, 0, NULL,
242 new_keys, n_keys);
243 }
244
245 /**
246 * This function is allows the caller to set new keys for a principal.
247 * This is a simple wrapper around kadm5_get_principal() and
248 * kadm5_modify_principal().
249 */
250 kadm5_ret_t
251 kadm5_setkey_principal_3(void *server_handle,
252 krb5_principal princ,
253 krb5_boolean keepold,
254 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
255 krb5_keyblock *keyblocks,
256 int n_keys)
257 {
258 kadm5_principal_ent_rec princ_ent;
259 kadm5_ret_t ret;
260 krb5_key_data *new_key_data = NULL;
261 size_t i;
262
263 if (n_keys < 1)
264 return EINVAL;
265 if (n_ks_tuple > 0 && n_ks_tuple != n_keys)
266 return KADM5_SETKEY3_ETYPE_MISMATCH;
267
268 ret = kadm5_get_principal(server_handle, princ, &princ_ent,
269 KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA);
270 if (ret)
271 return ret;
272
273 if (keepold) {
274 new_key_data = malloc((n_keys + princ_ent.n_key_data) * sizeof(*new_key_data));
275 if (new_key_data == NULL) {
276 ret = ENOMEM;
277 goto out;
278 }
279
280 memcpy(&new_key_data[n_keys], &princ_ent.key_data[0],
281 princ_ent.n_key_data * sizeof (princ_ent.key_data[0]));
282 } else {
283 new_key_data = malloc(n_keys * sizeof(*new_key_data));
284 if (new_key_data == NULL) {
285 ret = ENOMEM;
286 goto out;
287 }
288 }
289
290 princ_ent.kvno++;
291 for (i = 0; i < n_keys; i++) {
292 new_key_data[i].key_data_ver = 2;
293
294 /* Key */
295 new_key_data[i].key_data_kvno = princ_ent.kvno;
296 new_key_data[i].key_data_type[0] = keyblocks[i].keytype;
297 new_key_data[i].key_data_length[0] = keyblocks[i].keyvalue.length;
298 new_key_data[i].key_data_contents[0] =
299 malloc(keyblocks[i].keyvalue.length);
300 if (new_key_data[i].key_data_contents[0] == NULL) {
301 ret = ENOMEM;
302 goto out;
303 }
304 memcpy(new_key_data[i].key_data_contents[0],
305 keyblocks[i].keyvalue.data,
306 keyblocks[i].keyvalue.length);
307
308 /*
309 * Salt (but there's no salt, just salttype, which is kinda
310 * silly -- what's the point of setkey_3() then, besides
311 * keepold?!)
312 */
313 new_key_data[i].key_data_type[1] = 0;
314 if (n_ks_tuple > 0) {
315 if (ks_tuple[i].ks_enctype != keyblocks[i].keytype)
316 return KADM5_SETKEY3_ETYPE_MISMATCH;
317 new_key_data[i].key_data_type[1] = ks_tuple[i].ks_salttype;
318 }
319 new_key_data[i].key_data_length[1] = 0;
320 new_key_data[i].key_data_contents[1] = NULL;
321 }
322
323 /* Free old keys */
324 if (!keepold) {
325 for (i = 0; i < princ_ent.n_key_data; i++) {
326 free(princ_ent.key_data[i].key_data_contents[0]);
327 free(princ_ent.key_data[i].key_data_contents[1]);
328 }
329 }
330 free(princ_ent.key_data);
331 princ_ent.key_data = new_key_data;
332 princ_ent.n_key_data = n_keys + (keepold ? princ_ent.n_key_data : 0);
333 new_key_data = NULL;
334
335 /* Modify the principal */
336 ret = kadm5_modify_principal(server_handle, &princ_ent, KADM5_KVNO | KADM5_KEY_DATA);
337
338 out:
339 if (new_key_data != NULL) {
340 for (i = 0; i < n_keys; i++) {
341 free(new_key_data[i].key_data_contents[0]);
342 free(new_key_data[i].key_data_contents[1]);
343 }
344 free(new_key_data);
345 }
346 kadm5_free_principal_ent(server_handle, &princ_ent);
347 return ret;
348 }
349
350
351 kadm5_ret_t
352 kadm5_lock(void *server_handle)
353 {
354 return __CALL(lock, (server_handle));
355 }
356
357 kadm5_ret_t
358 kadm5_unlock(void *server_handle)
359 {
360 return __CALL(unlock, (server_handle));
361 }
362
363
364 kadm5_ret_t
365 kadm5_create_policy(void *server_handle,
366 kadm5_policy_ent_t policy, long mask)
367 {
368 return KADM5_POLICY_OP_NOSUPP;
369 }
370
371 kadm5_ret_t
372 kadm5_delete_policy(void *server_handle, char *name)
373 {
374 return KADM5_POLICY_OP_NOSUPP;
375 }
376
377
378 kadm5_ret_t
379 kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t policy,
380 uint32_t mask)
381 {
382 return KADM5_POLICY_OP_NOSUPP;
383 }
384
385 kadm5_ret_t
386 kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent)
387 {
388 memset(ent, 0, sizeof (*ent));
389 return KADM5_POLICY_OP_NOSUPP;
390 }
391
392
393 kadm5_ret_t
394 kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count)
395 {
396 *count = 0;
397 *pols = NULL;
398
399 return KADM5_POLICY_OP_NOSUPP;
400 }
401
402 kadm5_ret_t
403 kadm5_free_policy_ent(kadm5_policy_ent_t ent)
404 {
405 if (ent->policy)
406 free(ent->policy);
407 /*
408 * Not clear if we should free ent or not. It might be an automatic
409 * struct, so we don't free it for now, just in case.
410 */
411 return 0;
412 }
413
Heimdal