From 68d77a285f9fb253f17f03543cc16541142ad204 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sat, 25 Oct 1997 06:19:27 +0000 Subject: [PATCH] Beginning of a kadm5-library git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3662 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/kadm5/Makefile.am | 26 +++ lib/kadm5/admin.h | 395 +++++++++++++++++++++++++++++++++++++++ lib/kadm5/chpass_s.c | 95 ++++++++++ lib/kadm5/context_s.c | 95 ++++++++++ lib/kadm5/create_s.c | 116 ++++++++++++ lib/kadm5/delete_s.c | 57 ++++++ lib/kadm5/destroy_s.c | 53 ++++++ lib/kadm5/ent_setup.c | 90 +++++++++ lib/kadm5/flush.c | 53 ++++++ lib/kadm5/free.c | 83 ++++++++ lib/kadm5/get_s.c | 174 +++++++++++++++++ lib/kadm5/init_s.c | 101 ++++++++++ lib/kadm5/kadm5_err.et | 59 ++++++ lib/kadm5/kadm5_locl.h | 83 ++++++++ lib/kadm5/modify_s.c | 81 ++++++++ lib/kadm5/randkey_s.c | 105 +++++++++++ lib/kadm5/rename_s.c | 105 +++++++++++ lib/kadm5/server_glue.c | 130 +++++++++++++ lib/kadm5/set_modifier.c | 59 ++++++ 19 files changed, 1960 insertions(+) create mode 100644 lib/kadm5/Makefile.am create mode 100644 lib/kadm5/admin.h create mode 100644 lib/kadm5/chpass_s.c create mode 100644 lib/kadm5/context_s.c create mode 100644 lib/kadm5/create_s.c create mode 100644 lib/kadm5/delete_s.c create mode 100644 lib/kadm5/destroy_s.c create mode 100644 lib/kadm5/ent_setup.c create mode 100644 lib/kadm5/flush.c create mode 100644 lib/kadm5/free.c create mode 100644 lib/kadm5/get_s.c create mode 100644 lib/kadm5/init_s.c create mode 100644 lib/kadm5/kadm5_err.et create mode 100644 lib/kadm5/kadm5_locl.h create mode 100644 lib/kadm5/modify_s.c create mode 100644 lib/kadm5/randkey_s.c create mode 100644 lib/kadm5/rename_s.c create mode 100644 lib/kadm5/server_glue.c create mode 100644 lib/kadm5/set_modifier.c diff --git a/lib/kadm5/Makefile.am b/lib/kadm5/Makefile.am new file mode 100644 index 000000000..a83f5bb64 --- /dev/null +++ b/lib/kadm5/Makefile.am @@ -0,0 +1,26 @@ +# $Id$ + +AUTOMAKE_OPTIONS = no-dependencies foreign + +##INCLUDES = -I$(top_builddir)/include + +lib_LIBRARIES = libkadm5.a libkadm5srv.a + +libkadm5_a_SOURCES = \ + chpass_s.c context_s.c create_s.c delete_s.c destroy_s.c \ + ent_setup.c flush.c free.c get_s.c init_s.c kadm5_err.et \ + modify_s.c randkey_s.c rename_s.c set_modifier.c + +libkadm5srv_a_SOURCES = $(libkadm5_a_SOURCES) server_glue.c + +CLEANFILES = kadm5_err.c kadm5_err.h + +SUFFIXES = .et .h + +.et.h: + $(SHELL) ../error/compile_et $< + +.et.c: + $(SHELL) ../error/compile_et $< + +$(libkadm5_a_OBJECTS): kadm5_err.h diff --git a/lib/kadm5/admin.h b/lib/kadm5/admin.h new file mode 100644 index 000000000..9e9bc37c9 --- /dev/null +++ b/lib/kadm5/admin.h @@ -0,0 +1,395 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __KADM5_ADMIN_H__ +#define __KADM5_ADMIN_H__ + +#define KADM5_API_VERSION_1 1 +#define KADM5_API_VERSION_2 2 + +#ifndef USE_KADM5_API_VERSION +#define USE_KADM5_API_VERSION KADM5_API_VERSION_2 +#endif + +#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 +#error No support for API versions other than 2 +#endif + +#include + +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 +#define KRB5_KDB_NEW_PRINC 0x00008000 + +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 + +#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) + +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 + +#define KADM5_POLICY_NORMAL_MASK (~0) + +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_HIST_PRINCIPAL "kadmin/history" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" + +typedef struct _krb5_key_data { + int16_t key_data_ver; /* Version */ + int16_t key_data_kvno; /* Key Version */ + int16_t key_data_type[2]; /* Array of types */ + int16_t key_data_length[2]; /* Array of lengths */ + void** key_data_contents[2];/* Array of pointers */ +} krb5_key_data; + +typedef struct _krb5_tl_data { + struct _krb5_tl_data* tl_data_next; + int16_t tl_data_type; + int16_t tl_data_length; + void **tl_data_contents; +} krb5_tl_data; + +typedef struct _kadm5_principal_ent_t { + krb5_principal principal; + + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + + char * policy; + u_int32_t aux_attributes; + + krb5_deltat max_renewable_life; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; + int16_t n_key_data; + int16_t n_tl_data; + krb5_tl_data *tl_data; + krb5_key_data *key_data; +} kadm5_principal_ent_rec, *kadm5_principal_ent_t; + +typedef struct _kadm5_policy_ent_t { + char *policy; + + u_int32_t pw_min_life; + u_int32_t pw_max_life; + u_int32_t pw_min_length; + u_int32_t pw_min_classes; + u_int32_t pw_history_num; + u_int32_t policy_refcnt; +} kadm5_policy_ent_rec, *kadm5_policy_ent_t; + +#define KADM5_CONFIG_REALM (1 << 0) +#define KADM5_CONFIG_PROFILE (1 << 1) +#define KADM5_CONFIG_KADMIND_PORT (1 << 2) +#define KADM5_CONFIG_ADMIN_SERVER (1 << 3) +#define KADM5_CONFIG_DBNAME (1 << 4) +#define KADM5_CONFIG_ADBNAME (1 << 5) +#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) +#define KADM5_CONFIG_ACL_FILE (1 << 7) +#define KADM5_CONFIG_DICT_FILE (1 << 8) +#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) +#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) +#define KADM5_CONFIG_STASH_FILE (1 << 11) +#define KADM5_CONFIG_MKEY_NAME (1 << 12) +#define KADM5_CONFIG_ENCTYPE (1 << 13) +#define KADM5_CONFIG_MAX_LIFE (1 << 14) +#define KADM5_CONFIG_MAX_RLIFE (1 << 15) +#define KADM5_CONFIG_EXPIRATION (1 << 16) +#define KADM5_CONFIG_FLAGS (1 << 17) +#define KADM5_CONFIG_ENCTYPES (1 << 18) + +typedef struct { + int XXX; +}krb5_key_salt_tuple; + +typedef struct _kadm5_config_params { + u_int32_t mask; + + /* Client and server fields */ + char *realm; + char *profile; + int kadmind_port; + + /* client fields */ + char *admin_server; + + /* server fields */ + char *dbname; + char *admin_dbname; + char *admin_lockfile; + char *acl_file; + char *dict_file; + char *admin_keytab; + + /* server library (database) fields */ + int mkey_from_kbd; + char *stash_file; + char *mkey_name; + krb5_enctype enctype; + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_key_salt_tuple *keysalts; + int32_t num_keysalts; +} kadm5_config_params; + +typedef krb5_error_code kadm5_ret_t; + +kadm5_ret_t +kadm5_c_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_flush __P((void *server_handle)); + +void +kadm5_free_key_data __P(( + void *server_handle, + int16_t *n_key_data, + krb5_key_data *key_data)); + +void +kadm5_free_principal_ent __P(( + void *server_handle, + kadm5_principal_ent_t princ)); + +kadm5_ret_t +kadm5_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_init_with_password __P(( + char *client_name, + char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +kadm5_ret_t +kadm5_s_chpass_principal __P(( + void *server_handle, + krb5_principal princ, + char *password)); + +kadm5_ret_t +kadm5_s_create_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password)); + +kadm5_ret_t +kadm5_s_delete_principal __P(( + void *server_handle, + krb5_principal princ)); + +kadm5_ret_t +kadm5_s_destroy __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_flush __P((void *server_handle)); + +kadm5_ret_t +kadm5_s_get_principal __P(( + void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_init_with_password __P(( + char *client_name, + char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle)); + +kadm5_ret_t +kadm5_s_modify_principal __P(( + void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +kadm5_ret_t +kadm5_s_randkey_principal __P(( + void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys)); + +kadm5_ret_t +kadm5_s_rename_principal __P(( + void *server_handle, + krb5_principal source, + krb5_principal target)); + +#if 0 +/* unimplemented functions */ +kadm5_ret_t +kadm5_decrypt_key(void *server_handle, + kadm5_principal_ent_t entry, int32_t + ktype, int32_t stype, int32_t + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop); + +kadm5_ret_t +kadm5_get_principals(void *server_handle, char *exp, + char ***princs, int *count); + +kadm5_ret_t +kadm5_create_policy(void *server_handle, + kadm5_policy_ent_t policy, u_int32_t mask); + +kadm5_ret_t +kadm5_delete_policy(void *server_handle, char *policy); + + +kadm5_ret_t +kadm5_modify_policy(void *server_handle, + kadm5_policy_ent_t policy, + u_int32_t mask); + +kadm5_ret_t +kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); + +kadm5_ret_t +kadm5_get_policies(void *server_handle, char *exp, + char ***pols, int *count); + +void +kadm5_free_policy_ent(kadm5_policy_ent_t policy); + +void +kadm5_free_name_list(void *server_handle, + char **names, + int *count); + +kadm5_ret_t +kadm5_get_privs(void *server_handle, u_int32_t *privs); + +#endif + +#endif /* __KADM5_ADMIN_H__ */ diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c new file mode 100644 index 000000000..749db6b1d --- /dev/null +++ b/lib/kadm5/chpass_s.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, &ent); + if(ret == HDB_ERR_NOENTRY) + goto out; + { + int i; + krb5_data salt; + Key *key; + krb5_get_salt(princ, &salt); + for(i = 0; i < ent.keys.len; i++){ + key = &ent.keys.val[i]; + if(key->salt && key->salt->type == hdb_pw_salt && + key->salt->salt.length != 0){ + /* zap old salt, but not v4 salts */ + free_Salt(key->salt); + key->salt = NULL; + } + krb5_free_keyblock(context->context, &key->key); + ret = krb5_string_to_key(password, + key->salt ? &key->salt->salt : &salt, + key->key.keytype, + &key->key); + if(ret) + break; + } + krb5_data_free(&salt); + } + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + + ret = context->db->store(context->context, context->db, 1, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + return ret; +} diff --git a/lib/kadm5/context_s.c b/lib/kadm5/context_s.c new file mode 100644 index 000000000..ceccb0344 --- /dev/null +++ b/lib/kadm5/context_s.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +_kadm5_s_init_context(kadm5_server_context **ctx, + kadm5_config_params *params) +{ + *ctx = malloc(sizeof(**ctx)); + if(*ctx == NULL) + return ENOMEM; + memset(*ctx, 0, sizeof(**ctx)); + krb5_init_context(&(*ctx)->context); +#if 0 +#define is_set(M) (params->mask & KADM5_CONFIG_ ## M) + if(is_set(REALM)) + ctx->config.realm = strdup(params->realm); + else + krb5_get_default_realm(ctx->context, &ctx->config.realm); + if(is_set(PROFILE)) + ctx->config.params = strdup(params->profile); + + if(is_set(KADMIND_PORT)) + ctx->config.kadmind_port = params->kadmind_port; + else + ctx->config.kadmind_port = 749; + if(is_set(ADMIN_SERVER)) + ctx->config.admin_server = strdup(params->admin_server); + if(is_set(DBNAME)) + ctx->config.dbname = strdup(params->dbname); + if(is_set(ADBNAME)) + ctx->config.adbname = strdup(params->adbname); + if(is_set(ADB_LOCKFILE)) + ctx->config.adb_lockfile = strdup(params->adb_lockfile); + if(is_set(ACL_FILE)) + ctx->config.acl_file = strdup(params->acl_file); + if(is_set(DICT_FILE)) + ctx->config.dict_file = strdup(params->dict_file); + if(is_set(ADMIN_KEYTAB)) + ctx->config.admin_keytab = strdup(params->admin_keytab); + if(is_set(MKEY_FROM_KEYBOARD)) + ctx->config.mkey_from_keyboard = params->mkey_from_keyboard; + if(is_set(STASH_FILE)) + ctx->config.stash_file = strdup(params->stash_file); + if(is_set(MKEY_NAME)) + ctx->config.mkey_name = strdup(params->mkey_name); + + krb5_enctype enctype; + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_key_salt_tuple *keysalts; + krb5_int32 num_keysalts; +#endif + return 0; +} diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c new file mode 100644 index 000000000..aac94cbf6 --- /dev/null +++ b/lib/kadm5/create_s.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +#define REQUIRED_MASK (KADM5_PRINCIPAL) +#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT | KADM5_KEY_DATA) + +#define set_value(X, V) do { (X) = malloc(sizeof(*X)); *(X) = V; } while(0) + +kadm5_ret_t +kadm5_s_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password) +{ + kadm5_server_context *context; + hdb_entry ent; + kadm5_ret_t ret; + context = server_handle; + if((mask & REQUIRED_MASK) != REQUIRED_MASK) + return KADM5_BAD_MASK; + if((mask & FORBIDDEN_MASK)) + return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) + /* XXX no real policies for now */ + return KADM5_UNK_POLICY; + memset(&ent, 0, sizeof(ent)); + ret = krb5_copy_principal(context->context, princ->principal, + &ent.principal); + if(ret) + return ret; + /* set defaults */ + ent.flags.postdate = 1; + ent.flags.forwardable = 1; + ent.flags.initial = 0; + ent.flags.renewable = 1; + ent.flags.proxiable = 1; + ent.flags.require_preauth = 0; + ent.flags.server = 1; + ent.flags.client = 1; + ent.flags.change_pw = 0; + ent.flags.invalid = 0; + + ent.kvno = 1; + + ret = _kadm5_setup_entry(&ent, princ, mask); + + { + krb5_data salt; + ent.keys.len = 1; + ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val)); + ent.keys.val[0].mkvno = 0; + ret = krb5_get_salt (ent.principal, &salt); + krb5_string_to_key(password, + &salt, + KEYTYPE_DES, + &ent.keys.val[0].key); + krb5_data_free(&salt); + ent.keys.val[0].salt = NULL; + } + + ent.created_by.time = time(NULL); + ret = krb5_copy_principal(context->context, context->caller, + &ent.created_by.principal); + if(ret) + goto out; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + goto out; + ret = context->db->store(context->context, context->db, 0, &ent); + context->db->close(context->context, context->db); +out: + hdb_free_entry(context->context, &ent); + if(ret == HDB_ERR_INUSE) + return KADM5_DUP; + return ret; +} + diff --git a/lib/kadm5/delete_s.c b/lib/kadm5/delete_s.c new file mode 100644 index 000000000..5c28418dd --- /dev/null +++ b/lib/kadm5/delete_s.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_delete_principal(void *server_handle, krb5_principal princ) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent; + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) return ret; + ret = context->db->delete(context->context, context->db, &ent); + context->db->close(context->context, context->db); + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + return ret; +} diff --git a/lib/kadm5/destroy_s.c b/lib/kadm5/destroy_s.c new file mode 100644 index 000000000..25da1ca5e --- /dev/null +++ b/lib/kadm5/destroy_s.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_destroy(void *server_handle) +{ + kadm5_ret_t ret; + kadm5_server_context *context = server_handle; + ret = context->db->destroy(context->context, context->db); + krb5_free_context(context->context); + free(context->config.realm); + return ret; +} + diff --git a/lib/kadm5/ent_setup.c b/lib/kadm5/ent_setup.c new file mode 100644 index 000000000..ca5b2ed55 --- /dev/null +++ b/lib/kadm5/ent_setup.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0); + +kadm5_ret_t +_kadm5_setup_entry(hdb_entry *ent, kadm5_principal_ent_t princ, u_int32_t mask) +{ + if(mask & KADM5_PRINC_EXPIRE_TIME) + set_value(ent->valid_end, princ->princ_expire_time); + if(mask & KADM5_PW_EXPIRATION) + set_value(ent->pw_end, princ->pw_expiration); + if(mask & KADM5_ATTRIBUTES){ + ent->flags.postdate = + !(princ->attributes & KRB5_KDB_DISALLOW_POSTDATED); + ent->flags.forwardable = + !(princ->attributes & KRB5_KDB_DISALLOW_FORWARDABLE); + ent->flags.initial = + !!(princ->attributes & KRB5_KDB_DISALLOW_TGT_BASED); + ent->flags.renewable = + !(princ->attributes & KRB5_KDB_DISALLOW_RENEWABLE); + ent->flags.proxiable = + !(princ->attributes & KRB5_KDB_DISALLOW_PROXIABLE); + /* DUP_SKEY */ + ent->flags.invalid = + !!(princ->attributes & KRB5_KDB_DISALLOW_ALL_TIX); + ent->flags.require_preauth = + !!(princ->attributes & KRB5_KDB_REQUIRES_PRE_AUTH); + /* HW_AUTH */ + ent->flags.server = + !(princ->attributes & KRB5_KDB_DISALLOW_SVR); + ent->flags.change_pw = + !!(princ->attributes & KRB5_KDB_PWCHANGE_SERVICE); + /* SUPPPORT_DESMD5 */ + /* NEW_PRINC */ + + } + if(mask & KADM5_MAX_LIFE) + set_value(ent->max_life, princ->max_life); + if(mask & KADM5_KVNO) + ent->kvno = princ->kvno; + if(mask & KADM5_MAX_RLIFE) + set_value(ent->max_renew, princ->max_renewable_life); + if(mask & KADM5_TL_DATA){ + /* XXX */ + } + if(mask & KADM5_FAIL_AUTH_COUNT){ + /* XXX */ + } + return 0; +} diff --git a/lib/kadm5/flush.c b/lib/kadm5/flush.c new file mode 100644 index 000000000..53dd10c50 --- /dev/null +++ b/lib/kadm5/flush.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_flush(void *server_handle) +{ + return 0; +} + +kadm5_ret_t +kadm5_c_flush(void *server_handle) +{ + return 0; +} diff --git a/lib/kadm5/free.c b/lib/kadm5/free.c new file mode 100644 index 000000000..d8f619910 --- /dev/null +++ b/lib/kadm5/free.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +void +kadm5_free_key_data(void *server_handle, + int16_t *n_key_data, + krb5_key_data *key_data) +{ + int i; + for(i = 0; i < *n_key_data; i++){ + if(key_data[i].key_data_contents[0]){ + memset(key_data[i].key_data_contents[0], + 0, + key_data[i].key_data_length[0]); + free(key_data[i].key_data_contents[0]); + } + if(key_data[i].key_data_contents[1]) + free(key_data[i].key_data_contents[1]); + } + *n_key_data = 0; +} + + +void +kadm5_free_principal_ent(void *server_handle, + kadm5_principal_ent_t princ) +{ + kadm5_server_context *context = server_handle; + if(princ->principal) + krb5_free_principal(context->context, princ->principal); + if(princ->mod_name) + krb5_free_principal(context->context, princ->mod_name); + kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data); + while(princ->n_tl_data && princ->tl_data){ + krb5_tl_data *tp; + tp = princ->tl_data; + princ->tl_data = tp->tl_data_next; + princ->n_tl_data--; + memset(tp->tl_data_contents, 0, tp->tl_data_length); + free(tp->tl_data_contents); + free(tp); + } +} + diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c new file mode 100644 index 000000000..b7dae5cb3 --- /dev/null +++ b/lib/kadm5/get_s.c @@ -0,0 +1,174 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent; + + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDONLY, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, &ent); + context->db->close(context->context, context->db); + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + + + memset(out, 0, sizeof(*out)); + if(mask & KADM5_PRINCIPAL) + ret = krb5_copy_principal(context->context, ent.principal, + &out->principal); + if(ret) + goto out; + if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end) + out->princ_expire_time = *ent.valid_end; + if(mask & KADM5_PW_EXPIRATION && ent.pw_end) + out->pw_expiration = *ent.pw_end; + if(mask & KADM5_LAST_PWD_CHANGE) + /* XXX implement */; + if(mask & KADM5_ATTRIBUTES){ + out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; + out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; + out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; + out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; + out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; + out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; + out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; + out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; + out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; + } + if(mask & KADM5_MAX_LIFE && ent.max_life) + out->max_life = *ent.max_life; + if(mask & KADM5_MOD_TIME) + if(ent.modified_by) + out->mod_date = ent.modified_by->time; + else + out->mod_date = ent.created_by.time; + if(mask & KADM5_MOD_NAME) + if(ent.modified_by) + ret = krb5_copy_principal(context->context, + ent.modified_by->principal, + &out->mod_name); + else + ret = krb5_copy_principal(context->context, + ent.created_by.principal, + &out->mod_name); + if(ret) + goto out; + + if(mask & KADM5_KVNO) + out->kvno = ent.kvno; + if(mask & KADM5_MKVNO && ent.keys.len) + out->mkvno = ent.keys.val[0].mkvno; /* XXX this is not right */ + if(mask & KADM5_AUX_ATTRIBUTES) + /* XXX implement */; + if(mask & KADM5_POLICY) + out->policy = NULL; + if(mask & KADM5_MAX_RLIFE && ent.max_renew) + out->max_renewable_life = *ent.max_renew; + if(mask & KADM5_LAST_SUCCESS) + /* XXX implement */; + if(mask & KADM5_LAST_FAILED) + /* XXX implement */; + if(mask & KADM5_FAIL_AUTH_COUNT) + /* XXX implement */; + if(mask & KADM5_KEY_DATA){ + int i; + Key *key; + krb5_key_data *kd; + krb5_data salt, *sp; + krb5_get_salt(ent.principal, &salt); + out->key_data = malloc(ent.keys.len * sizeof(*out->key_data)); + for(i = 0; i < ent.keys.len; i++){ + key = &ent.keys.val[i]; + kd = &out->key_data[i]; + kd->key_data_ver = 2; + kd->key_data_kvno = ent.kvno; + kd->key_data_type[0] = key->key.keytype; + if(key->salt) + kd->key_data_type[1] = key->salt->type; + else + kd->key_data_type[1] = pa_pw_salt; + /* setup key */ + kd->key_data_length[0] = key->key.keyvalue.length; + kd->key_data_contents[0] = malloc(kd->key_data_length[0]); + if(kd->key_data_contents[0] == NULL){ + ret = ENOMEM; + break; + } + memcpy(kd->key_data_contents[0], key->key.keyvalue.data, + kd->key_data_length[0]); + /* setup salt */ + if(key->salt) + sp = &key->salt->salt; + else + sp = &salt; + kd->key_data_length[1] = sp->length; + kd->key_data_contents[1] = malloc(kd->key_data_length[1]); + if(kd->key_data_contents[1] == NULL){ + memset(kd->key_data_contents[0], 0, kd->key_data_length[0]); + ret = ENOMEM; + break; + } + memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]); + out->n_key_data = i; + } + krb5_data_free(&salt); + } + if(ret){ + kadm5_free_principal_ent(context, out); + goto out; + } + if(mask & KADM5_TL_DATA) + /* XXX implement */; +out: + hdb_free_entry(context->context, &ent); + + return ret; +} diff --git a/lib/kadm5/init_s.c b/lib/kadm5/init_s.c new file mode 100644 index 000000000..7ead108a7 --- /dev/null +++ b/lib/kadm5/init_s.c @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_init_with_password(char *client_name, + char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + kadm5_ret_t ret; + kadm5_server_context *context; + ret = _kadm5_s_init_context(&context, realm_params); + if(ret) + return ret; + ret = hdb_create(context->context, &context->db, NULL); + if(ret) + return ret; + ret = krb5_parse_name(context->context, service_name, &context->caller); + if(ret) + return ret; + + *server_handle = context; + return 0; +} + +#if 0 +kadm5_ret_t +kadm5_init_with_skey(char *client_name, char *keytab, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ +} + +kadm5_ret_t +kadm5_init(char *client_name, char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ +} + +kadm5_ret_t +kadm5_init_with_creds(char *client_name, + krb5_ccache ccache, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle) +{ +} + + +#endif diff --git a/lib/kadm5/kadm5_err.et b/lib/kadm5/kadm5_err.et new file mode 100644 index 000000000..72f1566db --- /dev/null +++ b/lib/kadm5/kadm5_err.et @@ -0,0 +1,59 @@ +# +# Error messages for the kadm5 library +# +# This might look like a com_err file, but is not +# +id $Id$ + +error_table kadm5 ovk + +prefix KADM5 +error_code FAILURE, "Operation failed for unspecified reason" +error_code AUTH_GET, "Operation requires ``get'' privilege" +error_code AUTH_ADD, "Operation requires ``add'' privilege" +error_code AUTH_MODIFY, "Operation requires ``modify'' privilege" +error_code AUTH_DELETE, "Operation requires ``delete'' privilege" +error_code AUTH_INSUFFICIENT, "Insufficient authorization for operation" +error_code BAD_DB, "Database inconsistency detected" +error_code DUP, "Principal or policy already exists" +error_code RPC_ERROR, "Communication failure with server" +error_code NO_SRV, "No administration server found for realm" +error_code BAD_HIST_KEY, "Password history principal key version mismatch" +error_code NOT_INIT, "Connection to server not initialized" +error_code UNK_PRINC, "Principal does not exist" +error_code UNK_POLICY, "Policy does not exist" +error_code BAD_MASK, "Invalid field mask for operation" +error_code BAD_CLASS, "Invalid number of character classes" +error_code BAD_LENGTH, "Invalid password length" +error_code BAD_POLICY, "Illegal policy name" +error_code BAD_PRINCIPAL, "Illegal principal name." +error_code BAD_AUX_ATTR, "Invalid auxillary attributes" +error_code BAD_HISTORY, "Invalid password history count" +error_code BAD_MIN_PASS_LIFE, "Password minimum life is greater then password maximum life" +error_code PASS_Q_TOOSHORT, "Password is too short" +error_code PASS_Q_CLASS, "Password does not contain enough character classes" +error_code PASS_Q_DICT, "Password is in the password dictionary" +error_code PASS_REUSE, "Cannot resuse password" +error_code PASS_TOOSOON, "Current password's minimum life has not expired" +error_code POLICY_REF, "Policy is in use" +error_code INIT, "Connection to server already initialized" +error_code BAD_PASSWORD, "Incorrect password" +error_code PROTECT_PRINCIPAL, "Cannot change protected principal" +error_code BAD_SERVER_HANDLE, "Programmer error! Bad Admin server handle" +error_code BAD_STRUCT_VERSION, "Programmer error! Bad API structure version" +error_code OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported" +error_code NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries" +error_code BAD_API_VERSION, "Programmer error! Bad API version" +error_code OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries" +error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server" +error_code NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries" +error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server" +error_code SECURE_PRINC_MISSING,"Database error! Required principal missing" +error_code NO_RENAME_SALT, "The salt type of the specified principal does not support renaming" +error_code BAD_CLIENT_PARAMS, "Illegal configuration parameter for remote KADM5 client" +error_code BAD_SERVER_PARAMS, "Illegal configuration parameter for local KADM5 client." +error_code AUTH_LIST, "Operation requires ``list'' privilege" +error_code AUTH_CHANGEPW, "Operation requires ``change-password'' privilege" +error_code BAD_TL_TYPE, "Programmer error! Illegal tagged data list element type" +error_code MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing" +error_code BAD_SERVER_NAME, "Bad krb5 admin server hostname" diff --git a/lib/kadm5/kadm5_locl.h b/lib/kadm5/kadm5_locl.h new file mode 100644 index 000000000..5f4ce188a --- /dev/null +++ b/lib/kadm5/kadm5_locl.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __KADM5_LOCL_H__ +#define __KADM5_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include "admin.h" +#include "kadm5_err.h" +#include + +typedef struct kadm5_server_context { + krb5_context context; + kadm5_config_params config; + HDB *db; + krb5_principal caller; +}kadm5_server_context; + +kadm5_ret_t +_kadm5_s_init_context __P(( + kadm5_server_context **ctx, + kadm5_config_params *params)); + +kadm5_ret_t +_kadm5_set_modifier __P(( + kadm5_server_context *context, + hdb_entry *ent)); + +kadm5_ret_t +_kadm5_setup_entry __P(( + hdb_entry *ent, + kadm5_principal_ent_t princ, + u_int32_t mask)); + +#endif /* __KADM5_LOCL_H__ */ diff --git a/lib/kadm5/modify_s.c b/lib/kadm5/modify_s.c new file mode 100644 index 000000000..d01993b60 --- /dev/null +++ b/lib/kadm5/modify_s.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +#define FORBIDDEN_MASK (KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_KEY_DATA) + + +kadm5_ret_t +kadm5_s_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + if((mask & FORBIDDEN_MASK)) + return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) + return KADM5_UNK_POLICY; + + ent.principal = princ->principal; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, &ent); + if(ret) + goto out; + ret = _kadm5_setup_entry(&ent, princ, mask); + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + ret = context->db->store(context->context, context->db, 1, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + return ret; +} + diff --git a/lib/kadm5/randkey_s.c b/lib/kadm5/randkey_s.c new file mode 100644 index 000000000..fe2654e08 --- /dev/null +++ b/lib/kadm5/randkey_s.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + kadm5_server_context *context = server_handle; + hdb_entry ent; + kadm5_ret_t ret; + ent.principal = princ; + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, &ent); + if(ret == HDB_ERR_NOENTRY) + goto out; + { + int i; + Key *key; + *new_keys = malloc(ent.keys.len * sizeof(**new_keys)); + for(i = 0; i < ent.keys.len; i++){ + key = &ent.keys.val[i]; + if(key->salt){ + /* zap any salt */ + free_Salt(key->salt); + key->salt = NULL; + } + krb5_free_keyblock(context->context, &key->key); + ret = krb5_generate_random_keyblock(context->context, + key->key.keytype, + &key->key); + + if(ret) + break; + ret = krb5_copy_keyblock(context->context, &key->key, &new_keys[i]); + if(ret) + break; + *n_keys = i + 1; + } + } + if(ret) + goto out2; + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + + ret = context->db->store(context->context, context->db, 1, &ent); +out2: + hdb_free_entry(context->context, &ent); +out: + context->db->close(context->context, context->db); + if(ret){ + int i; + for(i = 0; i < *n_keys; i++) + krb5_free_keyblock(context->context, &(*new_keys)[i]); + free(*new_keys); + *n_keys = 0; + } + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + return ret; +} + diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c new file mode 100644 index 000000000..664346531 --- /dev/null +++ b/lib/kadm5/rename_s.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_s_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + kadm5_server_context *context = server_handle; + kadm5_ret_t ret; + hdb_entry ent, ent2; + ent.principal = source; + if(krb5_principal_compare(context->context, source, target)) + return KADM5_DUP; /* XXX is this right? */ + if(!krb5_realm_compare(context->context, source, target)) + return KADM5_FAILURE; /* XXX better code */ + ret = context->db->open(context->context, context->db, O_RDWR, 0); + if(ret) + return ret; + ret = context->db->fetch(context->context, context->db, &ent); + if(ret){ + context->db->close(context->context, context->db); + goto out; + } + ret = _kadm5_set_modifier(context, &ent); + if(ret) + goto out2; + { + /* fix salt */ + int i; + krb5_data salt; + krb5_get_salt(target, &salt); + for(i = 0; i < ent.keys.len; i++){ + if(ent.keys.val[i].salt == NULL){ + ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt)); + ent.keys.val[i].salt->type = hdb_pw_salt; + ret = krb5_data_copy(&ent.keys.val[i].salt->salt, + salt.data, salt.length); + if(ret) + break; + } + } + krb5_data_free(&salt); + } + if(ret) + goto out2; + ent2.principal = ent.principal; + ent.principal = target; + ret = context->db->store(context->context, context->db, 0, &ent); + if(ret){ + ent.principal = ent2.principal; + goto out2; + } + ret = context->db->delete(context->context, context->db, &ent2); + ent.principal = ent2.principal; +out2: + context->db->close(context->context, context->db); + hdb_free_entry(context->context, &ent); +out: + if(ret == HDB_ERR_NOENTRY) + return KADM5_UNK_PRINC; + if(ret == HDB_ERR_INUSE) + return KADM5_DUP; + return ret; +} + diff --git a/lib/kadm5/server_glue.c b/lib/kadm5/server_glue.c new file mode 100644 index 000000000..164892509 --- /dev/null +++ b/lib/kadm5/server_glue.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +kadm5_chpass_principal(void *server_handle, + krb5_principal princ, + char *password) +{ + return kadm5_s_chpass_principal(server_handle, princ, password); +} + +kadm5_ret_t +kadm5_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask, + char *password) +{ + return kadm5_s_create_principal(server_handle, princ, mask, password); +} + +kadm5_ret_t +kadm5_delete_principal(void *server_handle, + krb5_principal princ) +{ + return kadm5_s_delete_principal(server_handle, princ); +} + +kadm5_ret_t +kadm5_destroy (void *server_handle) +{ + return kadm5_s_destroy(server_handle); +} + +kadm5_ret_t +kadm5_flush (void *server_handle) +{ + return kadm5_s_flush(server_handle); +} + +kadm5_ret_t +kadm5_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + u_int32_t mask) +{ + return kadm5_s_get_principal(server_handle, princ, out, mask); +} + +kadm5_ret_t +kadm5_init_with_password(char *client_name, + char *pass, + char *service_name, + kadm5_config_params *realm_params, + unsigned long struct_version, + unsigned long api_version, + void **server_handle) +{ + return kadm5_s_init_with_password(client_name, + pass, + service_name, + realm_params, + struct_version, + api_version, + server_handle); +} + +kadm5_ret_t +kadm5_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + u_int32_t mask) +{ + return kadm5_s_modify_principal(server_handle, princ, mask); +} + +kadm5_ret_t +kadm5_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + return kadm5_s_randkey_principal(server_handle, princ, new_keys, n_keys); +} + +kadm5_ret_t +kadm5_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + return kadm5_s_rename_principal(server_handle, source, target); +} + diff --git a/lib/kadm5/set_modifier.c b/lib/kadm5/set_modifier.c new file mode 100644 index 000000000..d01a544c3 --- /dev/null +++ b/lib/kadm5/set_modifier.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +kadm5_ret_t +_kadm5_set_modifier(kadm5_server_context *context, + hdb_entry *ent) +{ + kadm5_ret_t ret; + if(ent->modified_by == NULL){ + ent->modified_by = malloc(sizeof(*ent->modified_by)); + if(ent->modified_by == NULL) + return ENOMEM; + } else + free_Event(ent->modified_by); + ent->modified_by->time = time(NULL); + ret = krb5_copy_principal(context->context, context->caller, + &ent->modified_by->principal); + return ret; +} +