search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
quoted string tests
[heimdal.git] / lib / kadm5 / common_glue.c
blobd6e18c231b6c51b564723c87832e06bc9996dfb9
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 RCSID("$Id$");
37
38 #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
39
40 kadm5_ret_t
41 kadm5_chpass_principal(void *server_handle,
42 krb5_principal princ,
43 const char *password)
44 {
45 return __CALL(chpass_principal, (server_handle, princ, 0, password));
46 }
47
48 kadm5_ret_t
49 kadm5_chpass_principal_3(void *server_handle,
50 krb5_principal princ,
51 krb5_boolean keepold,
52 int n_ks_tuple,
53 krb5_key_salt_tuple *ks_tuple,
54 const char *password)
55 {
56 /*
57 * We should get around to implementing this... This can be useful
58 * for, e.g., x-realm principals. For now we need the _3() to get
59 * certain applications written to the kadm5 API to build and run.
60 */
61 if (n_ks_tuple > 0)
62 return KADM5_KS_TUPLE_NOSUPP;
63 return __CALL(chpass_principal, (server_handle, princ, keepold, password));
64 }
65
66 kadm5_ret_t
67 kadm5_chpass_principal_with_key(void *server_handle,
68 krb5_principal princ,
69 int n_key_data,
70 krb5_key_data *key_data)
71 {
72 return __CALL(chpass_principal_with_key,
73 (server_handle, princ, 0, n_key_data, key_data));
74 }
75
76 kadm5_ret_t
77 kadm5_chpass_principal_with_key_3(void *server_handle,
78 krb5_principal princ,
79 int keepold,
80 int n_key_data,
81 krb5_key_data *key_data)
82 {
83 return __CALL(chpass_principal_with_key,
84 (server_handle, princ, keepold, n_key_data, key_data));
85 }
86
87 kadm5_ret_t
88 kadm5_create_principal(void *server_handle,
89 kadm5_principal_ent_t princ,
90 uint32_t mask,
91 const char *password)
92 {
93 return __CALL(create_principal, (server_handle, princ, mask, password));
94 }
95
96 kadm5_ret_t
97 kadm5_delete_principal(void *server_handle,
98 krb5_principal princ)
99 {
100 return __CALL(delete_principal, (server_handle, princ));
101 }
102
103 kadm5_ret_t
104 kadm5_destroy (void *server_handle)
105 {
106 return __CALL(destroy, (server_handle));
107 }
108
109 kadm5_ret_t
110 kadm5_flush (void *server_handle)
111 {
112 return __CALL(flush, (server_handle));
113 }
114
115 kadm5_ret_t
116 kadm5_get_principal(void *server_handle,
117 krb5_principal princ,
118 kadm5_principal_ent_t out,
119 uint32_t mask)
120 {
121 return __CALL(get_principal, (server_handle, princ, out, mask));
122 }
123
124 /**
125 * Extract decrypted keys from kadm5_principal_ent_t object. Mostly a
126 * no-op for Heimdal because we fetch the entry with decrypted keys.
127 * Sadly this is not fully a no-op, as we have to allocate a copy.
128 *
129 * @server_handle is the kadm5 handle
130 * @entry is the HDB entry for the principal in question
131 * @ktype is the enctype to get a key for, or -1 to get the first one
132 * @stype is the salttype to get a key for, or -1 to get the first match
133 * @kvno is the kvno to search for, or -1 to get the first match (highest kvno)
134 * @keyblock is where the key will be placed
135 * @keysalt, if not NULL, is where the salt will be placed
136 * @kvnop, if not NULL, is where the selected kvno will be placed
137 */
138 kadm5_ret_t
139 kadm5_decrypt_key(void *server_handle,
140 kadm5_principal_ent_t entry,
141 int32_t ktype, int32_t stype,
142 int32_t kvno, krb5_keyblock *keyblock,
143 krb5_keysalt *keysalt, int *kvnop)
144 {
145 size_t i;
146
147 if (kvno < 1 || stype != -1)
148 return KADM5_DECRYPT_USAGE_NOSUPP;
149
150 for (i = 0; i < entry->n_key_data; i++) {
151 if (ktype != entry->key_data[i].key_data_kvno)
152 continue;
153
154 keyblock->keytype = ktype;
155 keyblock->keyvalue.length = entry->key_data[i].key_data_length[0];
156 keyblock->keyvalue.data = malloc(keyblock->keyvalue.length);
157 if (keyblock->keyvalue.data == NULL)
158 return ENOMEM;
159 memcpy(keyblock->keyvalue.data,
160 entry->key_data[i].key_data_contents[0],
161 keyblock->keyvalue.length);
162 }
163
164 return 0;
165 }
166
167 kadm5_ret_t
168 kadm5_modify_principal(void *server_handle,
169 kadm5_principal_ent_t princ,
170 uint32_t mask)
171 {
172 return __CALL(modify_principal, (server_handle, princ, mask));
173 }
174
175 kadm5_ret_t
176 kadm5_randkey_principal(void *server_handle,
177 krb5_principal princ,
178 krb5_keyblock **new_keys,
179 int *n_keys)
180 {
181 return __CALL(randkey_principal, (server_handle, princ, FALSE, 0, NULL,
182 new_keys, n_keys));
183 }
184
185 kadm5_ret_t
186 kadm5_randkey_principal_3(void *server_handle,
187 krb5_principal princ,
188 krb5_boolean keepold,
189 int n_ks_tuple,
190 krb5_key_salt_tuple *ks_tuple,
191 krb5_keyblock **new_keys,
192 int *n_keys)
193 {
194 return __CALL(randkey_principal, (server_handle, princ, keepold,
195 n_ks_tuple, ks_tuple, new_keys, n_keys));
196 }
197
198 kadm5_ret_t
199 kadm5_rename_principal(void *server_handle,
200 krb5_principal source,
201 krb5_principal target)
202 {
203 return __CALL(rename_principal, (server_handle, source, target));
204 }
205
206 kadm5_ret_t
207 kadm5_get_principals(void *server_handle,
208 const char *expression,
209 char ***princs,
210 int *count)
211 {
212 return __CALL(get_principals, (server_handle, expression, princs, count));
213 }
214
215 kadm5_ret_t
216 kadm5_get_privs(void *server_handle,
217 uint32_t *privs)
218 {
219 return __CALL(get_privs, (server_handle, privs));
220 }
221
222
223 /**
224 * This function is allows the caller to set new keys for a principal.
225 * This is a trivial wrapper around kadm5_setkey_principal_3().
226 */
227 kadm5_ret_t
228 kadm5_setkey_principal(void *server_handle,
229 krb5_principal princ,
230 krb5_keyblock *new_keys,
231 int n_keys)
232 {
233 return kadm5_setkey_principal_3(server_handle, princ, 0, 0, NULL,
234 new_keys, n_keys);
235 }
236
237 /**
238 * This function is allows the caller to set new keys for a principal.
239 * This is a simple wrapper around kadm5_get_principal() and
240 * kadm5_modify_principal().
241 */
242 kadm5_ret_t
243 kadm5_setkey_principal_3(void *server_handle,
244 krb5_principal princ,
245 krb5_boolean keepold,
246 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
247 krb5_keyblock *keyblocks,
248 int n_keys)
249 {
250 kadm5_principal_ent_rec princ_ent;
251 kadm5_ret_t ret;
252 krb5_key_data *new_key_data = NULL;
253 size_t i;
254
255 if (n_keys < 1)
256 return EINVAL;
257 if (n_ks_tuple > 0 && n_ks_tuple != n_keys)
258 return KADM5_SETKEY3_ETYPE_MISMATCH;
259
260 ret = kadm5_get_principal(server_handle, princ, &princ_ent,
261 KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA);
262 if (ret)
263 return ret;
264
265 if (keepold) {
266 new_key_data = malloc((n_keys + princ_ent.n_key_data) * sizeof(*new_key_data));
267 if (new_key_data == NULL) {
268 ret = ENOMEM;
269 goto out;
270 }
271
272 memcpy(&new_key_data[n_keys], &princ_ent.key_data[0],
273 princ_ent.n_key_data * sizeof (princ_ent.key_data[0]));
274 } else {
275 new_key_data = malloc(n_keys * sizeof(*new_key_data));
276 if (new_key_data == NULL) {
277 ret = ENOMEM;
278 goto out;
279 }
280 }
281
282 princ_ent.kvno++;
283 for (i = 0; i < n_keys; i++) {
284 new_key_data[i].key_data_ver = 2;
285
286 /* Key */
287 new_key_data[i].key_data_kvno = princ_ent.kvno;
288 new_key_data[i].key_data_type[0] = keyblocks[i].keytype;
289 new_key_data[i].key_data_length[0] = keyblocks[i].keyvalue.length;
290 new_key_data[i].key_data_contents[0] =
291 malloc(keyblocks[i].keyvalue.length);
292 if (new_key_data[i].key_data_contents[0] == NULL) {
293 ret = ENOMEM;
294 goto out;
295 }
296 memcpy(new_key_data[i].key_data_contents[0],
297 keyblocks[i].keyvalue.data,
298 keyblocks[i].keyvalue.length);
299
300 /*
301 * Salt (but there's no salt, just salttype, which is kinda
302 * silly -- what's the point of setkey_3() then, besides
303 * keepold?!)
304 */
305 new_key_data[i].key_data_type[1] = 0;
306 if (n_ks_tuple > 0) {
307 if (ks_tuple[i].ks_enctype != keyblocks[i].keytype)
308 return KADM5_SETKEY3_ETYPE_MISMATCH;
309 new_key_data[i].key_data_type[1] = ks_tuple[i].ks_salttype;
310 }
311 new_key_data[i].key_data_length[1] = 0;
312 new_key_data[i].key_data_contents[1] = NULL;
313 }
314
315 /* Free old keys */
316 if (!keepold) {
317 for (i = 0; i < princ_ent.n_key_data; i++) {
318 free(princ_ent.key_data[i].key_data_contents[0]);
319 free(princ_ent.key_data[i].key_data_contents[1]);
320 }
321 }
322 free(princ_ent.key_data);
323 princ_ent.key_data = new_key_data;
324 princ_ent.n_key_data = n_keys + (keepold ? princ_ent.n_key_data : 0);
325 new_key_data = NULL;
326
327 /* Modify the principal */
328 ret = kadm5_modify_principal(server_handle, &princ_ent, KADM5_KVNO | KADM5_KEY_DATA);
329
330 out:
331 if (new_key_data != NULL) {
332 for (i = 0; i < n_keys; i++) {
333 free(new_key_data[i].key_data_contents[0]);
334 free(new_key_data[i].key_data_contents[1]);
335 }
336 free(new_key_data);
337 }
338 kadm5_free_principal_ent(server_handle, &princ_ent);
339 return ret;
340 }
341
342
343 kadm5_ret_t
344 kadm5_lock(void *server_handle)
345 {
346 return __CALL(lock, (server_handle));
347 }
348
349 kadm5_ret_t
350 kadm5_unlock(void *server_handle)
351 {
352 return __CALL(unlock, (server_handle));
353 }
354
355
356 kadm5_ret_t
357 kadm5_create_policy(void *server_handle,
358 kadm5_policy_ent_t policy, long mask)
359 {
360 return KADM5_POLICY_OP_NOSUPP;
361 }
362
363 kadm5_ret_t
364 kadm5_delete_policy(void *server_handle, char *name)
365 {
366 return KADM5_POLICY_OP_NOSUPP;
367 }
368
369
370 kadm5_ret_t
371 kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t policy,
372 uint32_t mask)
373 {
374 return KADM5_POLICY_OP_NOSUPP;
375 }
376
377 kadm5_ret_t
378 kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent)
379 {
380 memset(ent, 0, sizeof (*ent));
381 return KADM5_POLICY_OP_NOSUPP;
382 }
383
384
385 kadm5_ret_t
386 kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count)
387 {
388 *count = 0;
389 *pols = NULL;
390
391 return KADM5_POLICY_OP_NOSUPP;
392 }
393
394 kadm5_ret_t
395 kadm5_free_policy_ent(kadm5_policy_ent_t ent)
396 {
397 if (ent->policy)
398 free(ent->policy);
399 /*
400 * Not clear if we should free ent or not. It might be an automatic
401 * struct, so we don't free it for now, just in case.
402 */
403 return 0;
404 }
405
Heimdal