search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #174 from abhinav-upadhyay/fix-krb5.conf.5
[heimdal.git] / lib / kadm5 / common_glue.c
blob79e12d072431e9f43ed240d920dafc2a4a48022b
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 RCSID("$Id$");
37
38 #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P
39 #define __CALLABLE(F) (((kadm5_common_context*)server_handle)->funcs.F != 0)
40
41 kadm5_ret_t
42 kadm5_chpass_principal(void *server_handle,
43 krb5_principal princ,
44 const char *password)
45 {
46 return __CALL(chpass_principal, (server_handle, princ, 0,
47 0, NULL, password));
48 }
49
50 kadm5_ret_t
51 kadm5_chpass_principal_3(void *server_handle,
52 krb5_principal princ,
53 krb5_boolean keepold,
54 int n_ks_tuple,
55 krb5_key_salt_tuple *ks_tuple,
56 const char *password)
57 {
58 return __CALL(chpass_principal, (server_handle, princ, keepold,
59 n_ks_tuple, ks_tuple, password));
60 }
61
62 kadm5_ret_t
63 kadm5_chpass_principal_with_key(void *server_handle,
64 krb5_principal princ,
65 int n_key_data,
66 krb5_key_data *key_data)
67 {
68 return __CALL(chpass_principal_with_key,
69 (server_handle, princ, 0, n_key_data, key_data));
70 }
71
72 kadm5_ret_t
73 kadm5_chpass_principal_with_key_3(void *server_handle,
74 krb5_principal princ,
75 int keepold,
76 int n_key_data,
77 krb5_key_data *key_data)
78 {
79 return __CALL(chpass_principal_with_key,
80 (server_handle, princ, keepold, n_key_data, key_data));
81 }
82
83 kadm5_ret_t
84 kadm5_create_principal_3(void *server_handle,
85 kadm5_principal_ent_t princ,
86 uint32_t mask,
87 int n_ks_tuple,
88 krb5_key_salt_tuple *ks_tuple,
89 char *password)
90 {
91 return __CALL(create_principal,
92 (server_handle, princ, mask, n_ks_tuple, ks_tuple, password));
93 }
94
95 kadm5_ret_t
96 kadm5_create_principal(void *server_handle,
97 kadm5_principal_ent_t princ,
98 uint32_t mask,
99 const char *password)
100 {
101 return __CALL(create_principal,
102 (server_handle, princ, mask, 0, NULL, password));
103 }
104
105 kadm5_ret_t
106 kadm5_delete_principal(void *server_handle,
107 krb5_principal princ)
108 {
109 return __CALL(delete_principal, (server_handle, princ));
110 }
111
112 kadm5_ret_t
113 kadm5_destroy (void *server_handle)
114 {
115 return __CALL(destroy, (server_handle));
116 }
117
118 kadm5_ret_t
119 kadm5_flush (void *server_handle)
120 {
121 return __CALL(flush, (server_handle));
122 }
123
124 kadm5_ret_t
125 kadm5_get_principal(void *server_handle,
126 krb5_principal princ,
127 kadm5_principal_ent_t out,
128 uint32_t mask)
129 {
130 return __CALL(get_principal, (server_handle, princ, out, mask));
131 }
132
133 /**
134 * Extract decrypted keys from kadm5_principal_ent_t object. Mostly a
135 * no-op for Heimdal because we fetch the entry with decrypted keys.
136 * Sadly this is not fully a no-op, as we have to allocate a copy.
137 *
138 * @server_handle is the kadm5 handle
139 * @entry is the HDB entry for the principal in question
140 * @ktype is the enctype to get a key for, or -1 to get the first one
141 * @stype is the salttype to get a key for, or -1 to get the first match
142 * @kvno is the kvno to search for, or -1 to get the first match (highest kvno)
143 * @keyblock is where the key will be placed
144 * @keysalt, if not NULL, is where the salt will be placed
145 * @kvnop, if not NULL, is where the selected kvno will be placed
146 */
147 kadm5_ret_t
148 kadm5_decrypt_key(void *server_handle,
149 kadm5_principal_ent_t entry,
150 int32_t ktype, int32_t stype,
151 int32_t kvno, krb5_keyblock *keyblock,
152 krb5_keysalt *keysalt, int *kvnop)
153 {
154 size_t i;
155
156 if (kvno < 1 || stype != -1)
157 return KADM5_DECRYPT_USAGE_NOSUPP;
158
159 for (i = 0; i < entry->n_key_data; i++) {
160 if (ktype != entry->key_data[i].key_data_kvno)
161 continue;
162
163 keyblock->keytype = ktype;
164 keyblock->keyvalue.length = entry->key_data[i].key_data_length[0];
165 keyblock->keyvalue.data = malloc(keyblock->keyvalue.length);
166 if (keyblock->keyvalue.data == NULL)
167 return ENOMEM;
168 memcpy(keyblock->keyvalue.data,
169 entry->key_data[i].key_data_contents[0],
170 keyblock->keyvalue.length);
171 }
172
173 return 0;
174 }
175
176 kadm5_ret_t
177 kadm5_modify_principal(void *server_handle,
178 kadm5_principal_ent_t princ,
179 uint32_t mask)
180 {
181 return __CALL(modify_principal, (server_handle, princ, mask));
182 }
183
184 kadm5_ret_t
185 kadm5_randkey_principal(void *server_handle,
186 krb5_principal princ,
187 krb5_keyblock **new_keys,
188 int *n_keys)
189 {
190 return __CALL(randkey_principal, (server_handle, princ, FALSE, 0, NULL,
191 new_keys, n_keys));
192 }
193
194 kadm5_ret_t
195 kadm5_randkey_principal_3(void *server_handle,
196 krb5_principal princ,
197 krb5_boolean keepold,
198 int n_ks_tuple,
199 krb5_key_salt_tuple *ks_tuple,
200 krb5_keyblock **new_keys,
201 int *n_keys)
202 {
203 return __CALL(randkey_principal, (server_handle, princ, keepold,
204 n_ks_tuple, ks_tuple, new_keys, n_keys));
205 }
206
207 kadm5_ret_t
208 kadm5_rename_principal(void *server_handle,
209 krb5_principal source,
210 krb5_principal target)
211 {
212 return __CALL(rename_principal, (server_handle, source, target));
213 }
214
215 kadm5_ret_t
216 kadm5_get_principals(void *server_handle,
217 const char *expression,
218 char ***princs,
219 int *count)
220 {
221 return __CALL(get_principals, (server_handle, expression, princs, count));
222 }
223
224 kadm5_ret_t
225 kadm5_get_privs(void *server_handle,
226 uint32_t *privs)
227 {
228 return __CALL(get_privs, (server_handle, privs));
229 }
230
231
232 /**
233 * This function is allows the caller to set new keys for a principal.
234 * This is a trivial wrapper around kadm5_setkey_principal_3().
235 */
236 kadm5_ret_t
237 kadm5_setkey_principal(void *server_handle,
238 krb5_principal princ,
239 krb5_keyblock *new_keys,
240 int n_keys)
241 {
242 return kadm5_setkey_principal_3(server_handle, princ, 0, 0, NULL,
243 new_keys, n_keys);
244 }
245
246 /**
247 * This function is allows the caller to set new keys for a principal.
248 * This is a simple wrapper around kadm5_get_principal() and
249 * kadm5_modify_principal().
250 */
251 kadm5_ret_t
252 kadm5_setkey_principal_3(void *server_handle,
253 krb5_principal princ,
254 krb5_boolean keepold,
255 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
256 krb5_keyblock *keyblocks,
257 int n_keys)
258 {
259 kadm5_principal_ent_rec princ_ent;
260 kadm5_ret_t ret;
261 krb5_key_data *new_key_data = NULL;
262 size_t i;
263
264 if (n_keys < 1)
265 return EINVAL;
266 if (n_ks_tuple > 0 && n_ks_tuple != n_keys)
267 return KADM5_SETKEY3_ETYPE_MISMATCH;
268
269 /*
270 * If setkey_principal_3 is defined in the server handle, use that.
271 */
272 if (__CALLABLE(setkey_principal_3))
273 return __CALL(setkey_principal_3,
274 (server_handle, princ, keepold, n_ks_tuple, ks_tuple,
275 keyblocks, n_keys));
276
277 /*
278 * Otherwise, simulate it via a get, update, modify sequence.
279 */
280 ret = kadm5_get_principal(server_handle, princ, &princ_ent,
281 KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA);
282 if (ret)
283 return ret;
284
285 if (keepold) {
286 new_key_data = malloc((n_keys + princ_ent.n_key_data) * sizeof(*new_key_data));
287 if (new_key_data == NULL) {
288 ret = ENOMEM;
289 goto out;
290 }
291
292 memcpy(&new_key_data[n_keys], &princ_ent.key_data[0],
293 princ_ent.n_key_data * sizeof (princ_ent.key_data[0]));
294 } else {
295 new_key_data = malloc(n_keys * sizeof(*new_key_data));
296 if (new_key_data == NULL) {
297 ret = ENOMEM;
298 goto out;
299 }
300 }
301
302 princ_ent.kvno++;
303 for (i = 0; i < n_keys; i++) {
304 new_key_data[i].key_data_ver = 2;
305
306 /* Key */
307 new_key_data[i].key_data_kvno = princ_ent.kvno;
308 new_key_data[i].key_data_type[0] = keyblocks[i].keytype;
309 new_key_data[i].key_data_length[0] = keyblocks[i].keyvalue.length;
310 new_key_data[i].key_data_contents[0] =
311 malloc(keyblocks[i].keyvalue.length);
312 if (new_key_data[i].key_data_contents[0] == NULL) {
313 ret = ENOMEM;
314 goto out;
315 }
316 memcpy(new_key_data[i].key_data_contents[0],
317 keyblocks[i].keyvalue.data,
318 keyblocks[i].keyvalue.length);
319
320 /*
321 * Salt (but there's no salt, just salttype, which is kinda
322 * silly -- what's the point of setkey_3() then, besides
323 * keepold?!)
324 */
325 new_key_data[i].key_data_type[1] = 0;
326 if (n_ks_tuple > 0) {
327 if (ks_tuple[i].ks_enctype != keyblocks[i].keytype)
328 return KADM5_SETKEY3_ETYPE_MISMATCH;
329 new_key_data[i].key_data_type[1] = ks_tuple[i].ks_salttype;
330 }
331 new_key_data[i].key_data_length[1] = 0;
332 new_key_data[i].key_data_contents[1] = NULL;
333 }
334
335 /* Free old keys */
336 if (!keepold) {
337 for (i = 0; i < princ_ent.n_key_data; i++) {
338 free(princ_ent.key_data[i].key_data_contents[0]);
339 free(princ_ent.key_data[i].key_data_contents[1]);
340 }
341 }
342 free(princ_ent.key_data);
343 princ_ent.key_data = new_key_data;
344 princ_ent.n_key_data = n_keys + (keepold ? princ_ent.n_key_data : 0);
345 new_key_data = NULL;
346
347 /* Modify the principal */
348 ret = kadm5_modify_principal(server_handle, &princ_ent, KADM5_KVNO | KADM5_KEY_DATA);
349
350 out:
351 if (new_key_data != NULL) {
352 for (i = 0; i < n_keys; i++) {
353 free(new_key_data[i].key_data_contents[0]);
354 free(new_key_data[i].key_data_contents[1]);
355 }
356 free(new_key_data);
357 }
358 kadm5_free_principal_ent(server_handle, &princ_ent);
359 return ret;
360 }
361
362
363 kadm5_ret_t
364 kadm5_lock(void *server_handle)
365 {
366 return __CALL(lock, (server_handle));
367 }
368
369 kadm5_ret_t
370 kadm5_unlock(void *server_handle)
371 {
372 return __CALL(unlock, (server_handle));
373 }
374
375
376 kadm5_ret_t
377 kadm5_create_policy(void *server_handle,
378 kadm5_policy_ent_t policy, long mask)
379 {
380 return KADM5_POLICY_OP_NOSUPP;
381 }
382
383 kadm5_ret_t
384 kadm5_delete_policy(void *server_handle, char *name)
385 {
386 return KADM5_POLICY_OP_NOSUPP;
387 }
388
389
390 kadm5_ret_t
391 kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t policy,
392 uint32_t mask)
393 {
394 return KADM5_POLICY_OP_NOSUPP;
395 }
396
397 kadm5_ret_t
398 kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent)
399 {
400 memset(ent, 0, sizeof (*ent));
401 return KADM5_POLICY_OP_NOSUPP;
402 }
403
404
405 kadm5_ret_t
406 kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count)
407 {
408 *count = 0;
409 *pols = NULL;
410
411 return KADM5_POLICY_OP_NOSUPP;
412 }
413
414 kadm5_ret_t
415 kadm5_free_policy_ent(kadm5_policy_ent_t ent)
416 {
417 if (ent->policy)
418 free(ent->policy);
419 /*
420 * Not clear if we should free ent or not. It might be an automatic
421 * struct, so we don't free it for now, just in case.
422 */
423 return 0;
424 }
425
Heimdal