search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use anon realm for anonymous PKINIT
[heimdal.git] / lib / kadm5 / marshall.c
blob4a726dbaf76c5406c46b2e403c38a853ffbe8809
1 /*
2 * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 RCSID("$Id$");
37
38 kadm5_ret_t
39 kadm5_store_key_data(krb5_storage *sp,
40 krb5_key_data *key)
41 {
42 krb5_data c;
43 krb5_store_int32(sp, key->key_data_ver);
44 krb5_store_int32(sp, key->key_data_kvno);
45 krb5_store_int32(sp, key->key_data_type[0]);
46 c.length = key->key_data_length[0];
47 c.data = key->key_data_contents[0];
48 krb5_store_data(sp, c);
49 krb5_store_int32(sp, key->key_data_type[1]);
50 c.length = key->key_data_length[1];
51 c.data = key->key_data_contents[1];
52 krb5_store_data(sp, c);
53 return 0;
54 }
55
56 kadm5_ret_t
57 kadm5_store_fake_key_data(krb5_storage *sp,
58 krb5_key_data *key)
59 {
60 krb5_data c;
61
62 krb5_store_int32(sp, key->key_data_ver);
63 krb5_store_int32(sp, key->key_data_kvno);
64 krb5_store_int32(sp, key->key_data_type[0]);
65
66 /*
67 * This is the key contents. We want it to be obvious to the client
68 * (if it really did want the keys) that the key won't work.
69 * 32-bit keys are no good for any enctype, so that should do.
70 * Clients that didn't need keys will ignore this, and clients that
71 * did want keys will either fail or they'll, say, create bogus
72 * keytab entries that will subsequently fail to be useful.
73 */
74 c.length = sizeof (KADM5_BOGUS_KEY_DATA) - 1;
75 c.data = KADM5_BOGUS_KEY_DATA;
76 krb5_store_data(sp, c);
77
78 /* This is the salt -- no need to send garbage */
79 krb5_store_int32(sp, key->key_data_type[1]);
80 c.length = key->key_data_length[1];
81 c.data = key->key_data_contents[1];
82 krb5_store_data(sp, c);
83 return 0;
84 }
85
86 kadm5_ret_t
87 kadm5_ret_key_data(krb5_storage *sp,
88 krb5_key_data *key)
89 {
90 krb5_data c;
91 int32_t tmp;
92 krb5_ret_int32(sp, &tmp);
93 key->key_data_ver = tmp;
94 krb5_ret_int32(sp, &tmp);
95 key->key_data_kvno = tmp;
96 krb5_ret_int32(sp, &tmp);
97 key->key_data_type[0] = tmp;
98 krb5_ret_data(sp, &c);
99 key->key_data_length[0] = c.length;
100 key->key_data_contents[0] = c.data;
101 krb5_ret_int32(sp, &tmp);
102 key->key_data_type[1] = tmp;
103 krb5_ret_data(sp, &c);
104 key->key_data_length[1] = c.length;
105 key->key_data_contents[1] = c.data;
106 return 0;
107 }
108
109 kadm5_ret_t
110 kadm5_store_tl_data(krb5_storage *sp,
111 krb5_tl_data *tl)
112 {
113 krb5_data c;
114 krb5_store_int32(sp, tl->tl_data_type);
115 c.length = tl->tl_data_length;
116 c.data = tl->tl_data_contents;
117 krb5_store_data(sp, c);
118 return 0;
119 }
120
121 kadm5_ret_t
122 kadm5_ret_tl_data(krb5_storage *sp,
123 krb5_tl_data *tl)
124 {
125 krb5_data c;
126 int32_t tmp;
127 krb5_ret_int32(sp, &tmp);
128 tl->tl_data_type = tmp;
129 krb5_ret_data(sp, &c);
130 tl->tl_data_length = c.length;
131 tl->tl_data_contents = c.data;
132 return 0;
133 }
134
135 static kadm5_ret_t
136 store_principal_ent(krb5_storage *sp,
137 kadm5_principal_ent_t princ,
138 uint32_t mask, int wkeys)
139 {
140 int i;
141
142 if (mask & KADM5_PRINCIPAL)
143 krb5_store_principal(sp, princ->principal);
144 if (mask & KADM5_PRINC_EXPIRE_TIME)
145 krb5_store_int32(sp, princ->princ_expire_time);
146 if (mask & KADM5_PW_EXPIRATION)
147 krb5_store_int32(sp, princ->pw_expiration);
148 if (mask & KADM5_LAST_PWD_CHANGE)
149 krb5_store_int32(sp, princ->last_pwd_change);
150 if (mask & KADM5_MAX_LIFE)
151 krb5_store_int32(sp, princ->max_life);
152 if (mask & KADM5_MOD_NAME) {
153 krb5_store_int32(sp, princ->mod_name != NULL);
154 if(princ->mod_name)
155 krb5_store_principal(sp, princ->mod_name);
156 }
157 if (mask & KADM5_MOD_TIME)
158 krb5_store_int32(sp, princ->mod_date);
159 if (mask & KADM5_ATTRIBUTES)
160 krb5_store_int32(sp, princ->attributes);
161 if (mask & KADM5_KVNO)
162 krb5_store_int32(sp, princ->kvno);
163 if (mask & KADM5_MKVNO)
164 krb5_store_int32(sp, princ->mkvno);
165 if (mask & KADM5_POLICY) {
166 krb5_store_int32(sp, princ->policy != NULL);
167 if(princ->policy)
168 krb5_store_string(sp, princ->policy);
169 }
170 if (mask & KADM5_AUX_ATTRIBUTES)
171 krb5_store_int32(sp, princ->aux_attributes);
172 if (mask & KADM5_MAX_RLIFE)
173 krb5_store_int32(sp, princ->max_renewable_life);
174 if (mask & KADM5_LAST_SUCCESS)
175 krb5_store_int32(sp, princ->last_success);
176 if (mask & KADM5_LAST_FAILED)
177 krb5_store_int32(sp, princ->last_failed);
178 if (mask & KADM5_FAIL_AUTH_COUNT)
179 krb5_store_int32(sp, princ->fail_auth_count);
180 if (mask & KADM5_KEY_DATA) {
181 krb5_store_int32(sp, princ->n_key_data);
182 for(i = 0; i < princ->n_key_data; i++) {
183 if (wkeys)
184 kadm5_store_key_data(sp, &princ->key_data[i]);
185 else
186 kadm5_store_fake_key_data(sp, &princ->key_data[i]);
187 }
188 }
189 if (mask & KADM5_TL_DATA) {
190 krb5_tl_data *tp;
191
192 krb5_store_int32(sp, princ->n_tl_data);
193 for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
194 kadm5_store_tl_data(sp, tp);
195 }
196 return 0;
197 }
198
199
200 kadm5_ret_t
201 kadm5_store_principal_ent(krb5_storage *sp,
202 kadm5_principal_ent_t princ)
203 {
204 return store_principal_ent (sp, princ, ~0, 1);
205 }
206
207 kadm5_ret_t
208 kadm5_store_principal_ent_nokeys(krb5_storage *sp,
209 kadm5_principal_ent_t princ)
210 {
211 return store_principal_ent (sp, princ, ~0, 0);
212 }
213
214 kadm5_ret_t
215 kadm5_store_principal_ent_mask(krb5_storage *sp,
216 kadm5_principal_ent_t princ,
217 uint32_t mask)
218 {
219 krb5_store_int32(sp, mask);
220 return store_principal_ent (sp, princ, mask, 1);
221 }
222
223 static kadm5_ret_t
224 ret_principal_ent(krb5_storage *sp,
225 kadm5_principal_ent_t princ,
226 uint32_t mask)
227 {
228 int i;
229 int32_t tmp;
230
231 if (mask & KADM5_PRINCIPAL)
232 krb5_ret_principal(sp, &princ->principal);
233
234 if (mask & KADM5_PRINC_EXPIRE_TIME) {
235 krb5_ret_int32(sp, &tmp);
236 princ->princ_expire_time = tmp;
237 }
238 if (mask & KADM5_PW_EXPIRATION) {
239 krb5_ret_int32(sp, &tmp);
240 princ->pw_expiration = tmp;
241 }
242 if (mask & KADM5_LAST_PWD_CHANGE) {
243 krb5_ret_int32(sp, &tmp);
244 princ->last_pwd_change = tmp;
245 }
246 if (mask & KADM5_MAX_LIFE) {
247 krb5_ret_int32(sp, &tmp);
248 princ->max_life = tmp;
249 }
250 if (mask & KADM5_MOD_NAME) {
251 krb5_ret_int32(sp, &tmp);
252 if(tmp)
253 krb5_ret_principal(sp, &princ->mod_name);
254 else
255 princ->mod_name = NULL;
256 }
257 if (mask & KADM5_MOD_TIME) {
258 krb5_ret_int32(sp, &tmp);
259 princ->mod_date = tmp;
260 }
261 if (mask & KADM5_ATTRIBUTES) {
262 krb5_ret_int32(sp, &tmp);
263 princ->attributes = tmp;
264 }
265 if (mask & KADM5_KVNO) {
266 krb5_ret_int32(sp, &tmp);
267 princ->kvno = tmp;
268 }
269 if (mask & KADM5_MKVNO) {
270 krb5_ret_int32(sp, &tmp);
271 princ->mkvno = tmp;
272 }
273 if (mask & KADM5_POLICY) {
274 krb5_ret_int32(sp, &tmp);
275 if(tmp)
276 krb5_ret_string(sp, &princ->policy);
277 else
278 princ->policy = NULL;
279 }
280 if (mask & KADM5_AUX_ATTRIBUTES) {
281 krb5_ret_int32(sp, &tmp);
282 princ->aux_attributes = tmp;
283 }
284 if (mask & KADM5_MAX_RLIFE) {
285 krb5_ret_int32(sp, &tmp);
286 princ->max_renewable_life = tmp;
287 }
288 if (mask & KADM5_LAST_SUCCESS) {
289 krb5_ret_int32(sp, &tmp);
290 princ->last_success = tmp;
291 }
292 if (mask & KADM5_LAST_FAILED) {
293 krb5_ret_int32(sp, &tmp);
294 princ->last_failed = tmp;
295 }
296 if (mask & KADM5_FAIL_AUTH_COUNT) {
297 krb5_ret_int32(sp, &tmp);
298 princ->fail_auth_count = tmp;
299 }
300 if (mask & KADM5_KEY_DATA) {
301 krb5_ret_int32(sp, &tmp);
302 princ->n_key_data = tmp;
303 princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
304 if (princ->key_data == NULL && princ->n_key_data != 0)
305 return ENOMEM;
306 for(i = 0; i < princ->n_key_data; i++)
307 kadm5_ret_key_data(sp, &princ->key_data[i]);
308 }
309 if (mask & KADM5_TL_DATA) {
310 krb5_ret_int32(sp, &tmp);
311 princ->n_tl_data = tmp;
312 princ->tl_data = NULL;
313 for(i = 0; i < princ->n_tl_data; i++){
314 krb5_tl_data *tp = malloc(sizeof(*tp));
315 if (tp == NULL)
316 return ENOMEM;
317 kadm5_ret_tl_data(sp, tp);
318 tp->tl_data_next = princ->tl_data;
319 princ->tl_data = tp;
320 }
321 }
322 return 0;
323 }
324
325 kadm5_ret_t
326 kadm5_ret_principal_ent(krb5_storage *sp,
327 kadm5_principal_ent_t princ)
328 {
329 return ret_principal_ent (sp, princ, ~0);
330 }
331
332 kadm5_ret_t
333 kadm5_ret_principal_ent_mask(krb5_storage *sp,
334 kadm5_principal_ent_t princ,
335 uint32_t *mask)
336 {
337 int32_t tmp;
338
339 krb5_ret_int32 (sp, &tmp);
340 *mask = tmp;
341 return ret_principal_ent (sp, princ, *mask);
342 }
343
344 kadm5_ret_t
345 _kadm5_marshal_params(krb5_context context,
346 kadm5_config_params *params,
347 krb5_data *out)
348 {
349 krb5_storage *sp = krb5_storage_emem();
350
351 krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
352
353 if(params->mask & KADM5_CONFIG_REALM)
354 krb5_store_string(sp, params->realm);
355 krb5_storage_to_data(sp, out);
356 krb5_storage_free(sp);
357
358 return 0;
359 }
360
361 kadm5_ret_t
362 _kadm5_unmarshal_params(krb5_context context,
363 krb5_data *in,
364 kadm5_config_params *params)
365 {
366 krb5_error_code ret;
367 krb5_storage *sp;
368 int32_t mask;
369
370 sp = krb5_storage_from_data(in);
371 if (sp == NULL)
372 return ENOMEM;
373
374 ret = krb5_ret_int32(sp, &mask);
375 if (ret)
376 goto out;
377 params->mask = mask;
378
379 if(params->mask & KADM5_CONFIG_REALM)
380 ret = krb5_ret_string(sp, &params->realm);
381 out:
382 krb5_storage_free(sp);
383
384 return ret;
385 }
Heimdal