make bind principal a common function
[heimdal.git] / kadmin / mod.c
blob48c999007fd74287222b43a90cfb8174e2535d6e
1 /*
2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
37 static void
38 add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
40 krb5_tl_data *tl, **ptl;
42 tl = ecalloc(1, sizeof(*tl));
43 tl->tl_data_next = NULL;
44 tl->tl_data_type = type;
45 tl->tl_data_length = data->length;
46 tl->tl_data_contents = data->data;
48 princ->n_tl_data++;
49 ptl = &princ->tl_data;
50 while (*ptl != NULL)
51 ptl = &(*ptl)->tl_data_next;
52 *ptl = tl;
54 return;
57 static void
58 add_constrained_delegation(krb5_context contextp,
59 kadm5_principal_ent_rec *princ,
60 struct getarg_strings *strings)
62 krb5_error_code ret;
63 HDB_extension ext;
64 krb5_data buf;
65 size_t size = 0;
67 memset(&ext, 0, sizeof(ext));
68 ext.mandatory = FALSE;
69 ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
71 if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
72 ext.data.u.allowed_to_delegate_to.val = NULL;
73 ext.data.u.allowed_to_delegate_to.len = 0;
74 } else {
75 krb5_principal p;
76 int i;
78 ext.data.u.allowed_to_delegate_to.val =
79 calloc(strings->num_strings,
80 sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
81 ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
83 for (i = 0; i < strings->num_strings; i++) {
84 ret = krb5_parse_name(contextp, strings->strings[i], &p);
85 if (ret)
86 abort();
87 ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
88 if (ret)
89 abort();
90 krb5_free_principal(contextp, p);
94 ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
95 &ext, &size, ret);
96 free_HDB_extension(&ext);
97 if (ret)
98 abort();
99 if (buf.length != size)
100 abort();
102 add_tl(princ, KRB5_TL_EXTENSION, &buf);
105 static void
106 add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
107 struct getarg_strings *strings)
109 krb5_error_code ret;
110 HDB_extension ext;
111 krb5_data buf;
112 krb5_principal p;
113 size_t size = 0;
114 int i;
116 memset(&ext, 0, sizeof(ext));
117 ext.mandatory = FALSE;
118 ext.data.element = choice_HDB_extension_data_aliases;
119 ext.data.u.aliases.case_insensitive = 0;
121 if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
122 ext.data.u.aliases.aliases.val = NULL;
123 ext.data.u.aliases.aliases.len = 0;
124 } else {
125 ext.data.u.aliases.aliases.val =
126 calloc(strings->num_strings,
127 sizeof(ext.data.u.aliases.aliases.val[0]));
128 ext.data.u.aliases.aliases.len = strings->num_strings;
130 for (i = 0; i < strings->num_strings; i++) {
131 ret = krb5_parse_name(contextp, strings->strings[i], &p);
132 ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
133 krb5_free_principal(contextp, p);
137 ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
138 &ext, &size, ret);
139 free_HDB_extension(&ext);
140 if (ret)
141 abort();
142 if (buf.length != size)
143 abort();
145 add_tl(princ, KRB5_TL_EXTENSION, &buf);
148 static void
149 add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
150 struct getarg_strings *strings)
152 krb5_error_code ret;
153 HDB_extension ext;
154 krb5_data buf;
155 size_t size = 0;
156 int i;
158 memset(&ext, 0, sizeof(ext));
159 ext.mandatory = FALSE;
160 ext.data.element = choice_HDB_extension_data_pkinit_acl;
161 ext.data.u.aliases.case_insensitive = 0;
163 if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
164 ext.data.u.pkinit_acl.val = NULL;
165 ext.data.u.pkinit_acl.len = 0;
166 } else {
167 ext.data.u.pkinit_acl.val =
168 calloc(strings->num_strings,
169 sizeof(ext.data.u.pkinit_acl.val[0]));
170 ext.data.u.pkinit_acl.len = strings->num_strings;
172 for (i = 0; i < strings->num_strings; i++) {
173 ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
177 ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
178 &ext, &size, ret);
179 free_HDB_extension(&ext);
180 if (ret)
181 abort();
182 if (buf.length != size)
183 abort();
185 add_tl(princ, KRB5_TL_EXTENSION, &buf);
188 static void
189 add_kvno_diff(krb5_context contextp, kadm5_principal_ent_rec *princ,
190 int is_svc_diff, krb5_kvno kvno_diff)
192 krb5_error_code ret;
193 HDB_extension ext;
194 krb5_data buf;
195 size_t size = 0;
197 if (kvno_diff < 0)
198 return;
199 if (kvno_diff > 2048)
200 kvno_diff = 2048;
202 if (is_svc_diff) {
203 ext.data.element = choice_HDB_extension_data_hist_kvno_diff_svc;
204 ext.data.u.hist_kvno_diff_svc = (unsigned int)kvno_diff;
205 } else {
206 ext.data.element = choice_HDB_extension_data_hist_kvno_diff_clnt;
207 ext.data.u.hist_kvno_diff_clnt = (unsigned int)kvno_diff;
209 ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
210 &ext, &size, ret);
211 if (ret)
212 abort();
213 if (buf.length != size)
214 abort();
216 add_tl(princ, KRB5_TL_EXTENSION, &buf);
219 static int
220 do_mod_entry(krb5_principal principal, void *data)
222 krb5_error_code ret;
223 kadm5_principal_ent_rec princ;
224 int mask = 0;
225 struct modify_options *e = data;
227 memset (&princ, 0, sizeof(princ));
228 ret = kadm5_get_principal(kadm_handle, principal, &princ,
229 KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
230 KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
231 KADM5_PRINC_EXPIRE_TIME |
232 KADM5_PW_EXPIRATION);
233 if(ret)
234 return ret;
236 if(e->max_ticket_life_string ||
237 e->max_renewable_life_string ||
238 e->expiration_time_string ||
239 e->pw_expiration_time_string ||
240 e->attributes_string ||
241 e->policy_string ||
242 e->kvno_integer != -1 ||
243 e->constrained_delegation_strings.num_strings ||
244 e->alias_strings.num_strings ||
245 e->pkinit_acl_strings.num_strings ||
246 e->hist_kvno_diff_clnt_integer != -1 ||
247 e->hist_kvno_diff_svc_integer != -1) {
248 ret = set_entry(context, &princ, &mask,
249 e->max_ticket_life_string,
250 e->max_renewable_life_string,
251 e->expiration_time_string,
252 e->pw_expiration_time_string,
253 e->attributes_string,
254 e->policy_string);
255 if(e->kvno_integer != -1) {
256 princ.kvno = e->kvno_integer;
257 mask |= KADM5_KVNO;
259 if (e->constrained_delegation_strings.num_strings) {
260 add_constrained_delegation(context, &princ,
261 &e->constrained_delegation_strings);
262 mask |= KADM5_TL_DATA;
264 if (e->alias_strings.num_strings) {
265 add_aliases(context, &princ, &e->alias_strings);
266 mask |= KADM5_TL_DATA;
268 if (e->pkinit_acl_strings.num_strings) {
269 add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
270 mask |= KADM5_TL_DATA;
272 if (e->hist_kvno_diff_clnt_integer != -1) {
273 add_kvno_diff(context, &princ, 0, e->hist_kvno_diff_clnt_integer);
274 mask |= KADM5_TL_DATA;
276 if (e->hist_kvno_diff_svc_integer != -1) {
277 add_kvno_diff(context, &princ, 1, e->hist_kvno_diff_clnt_integer);
278 mask |= KADM5_TL_DATA;
280 } else
281 ret = edit_entry(&princ, &mask, NULL, 0);
282 if(ret == 0) {
283 ret = kadm5_modify_principal(kadm_handle, &princ, mask);
284 if(ret)
285 krb5_warn(context, ret, "kadm5_modify_principal");
288 kadm5_free_principal_ent(kadm_handle, &princ);
289 return ret;
293 mod_entry(struct modify_options *opt, int argc, char **argv)
295 krb5_error_code ret = 0;
296 int i;
298 for(i = 0; i < argc; i++) {
299 ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
300 if (ret)
301 break;
303 return ret != 0;