kadm5: Add functions to check for bogus keys

Introduce kadm5_all_keys_are_bogus() and kadm5_some_keys_are_bogus()
which will be used in later changes.

Change-Id: I3a07ffe07bee7d6eb17c3d2eae91c107e0bac255

lib/kadm5/libkadm5srv-exports.def

@@ -2,6 +2,7 @@ EXPORTS
 ;!	kadm5_ad_init_with_password
 ;!	kadm5_ad_init_with_password_ctx
 	kadm5_add_passwd_quality_verifier
+	kadm5_all_keys_are_bogus
 	kadm5_check_password_quality
 	kadm5_chpass_principal
 	kadm5_chpass_principal_3
@@ -43,6 +44,7 @@ EXPORTS
         kadm5_setkey_principal
         kadm5_setkey_principal_3
 	kadm5_setup_passwd_quality_check
+	kadm5_some_keys_are_bogus
 	kadm5_store_key_data
 	kadm5_store_principal_ent
 	kadm5_store_principal_ent_mask

lib/kadm5/marshall.c

@@ -35,6 +35,39 @@
 
 RCSID("$Id$");
 
+int
+kadm5_some_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
+{
+    size_t i;
+
+    for (i = 0; i < n_keys; i++) {
+	krb5_key_data *key = &keys[i];
+	if (key->key_data_length[0] == sizeof(KADM5_BOGUS_KEY_DATA) - 1 &&
+	    ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
+		      key->key_data_length[0]) == 0)
+	    return 1;
+    }
+    return 0;
+}
+
+int
+kadm5_all_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
+{
+    size_t i;
+
+    if (n_keys == 0)
+	return 0;
+
+    for (i = 0; i < n_keys; i++) {
+	krb5_key_data *key = &keys[i];
+	if (key->key_data_length[0] != sizeof(KADM5_BOGUS_KEY_DATA) - 1 ||
+	    ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
+		      key->key_data_length[0]) != 0)
+	    return 0;
+    }
+    return 1;
+}
+
 kadm5_ret_t
 kadm5_store_key_data(krb5_storage *sp,
 		     krb5_key_data *key)

lib/kadm5/version-script-client.map

@@ -5,6 +5,7 @@ HEIMDAL_KADM5_CLIENT_1.0 {
 		initialize_kadm5_error_table_r;
 		kadm5_ad_init_with_password;
 		kadm5_ad_init_with_password_ctx;
+		kadm5_all_keys_are_bogus;
 		kadm5_c_chpass_principal;
 		kadm5_c_chpass_principal_with_key;
 		kadm5_c_create_principal;
@@ -48,6 +49,7 @@ HEIMDAL_KADM5_CLIENT_1.0 {
 		kadm5_ret_principal_ent;
 		kadm5_ret_principal_ent_mask;
 		kadm5_ret_tl_data;
+		kadm5_some_keys_are_bogus;
 		kadm5_store_key_data;
 		kadm5_store_principal_ent;
 		kadm5_store_principal_ent_mask;

lib/kadm5/version-script.map

@@ -4,6 +4,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 	global:
 		kadm5_ad_init_with_password;
 		kadm5_ad_init_with_password_ctx;
+		kadm5_all_keys_are_bogus;
 		kadm5_add_passwd_quality_verifier;
 		kadm5_check_password_quality;
 		kadm5_chpass_principal;
@@ -46,6 +47,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 		kadm5_setup_passwd_quality_check;
 		kadm5_setkey_principal;
 		kadm5_setkey_principal_3;
+		kadm5_some_keys_are_bogus;
 		kadm5_store_key_data;
 		kadm5_store_principal_ent;
 		kadm5_store_principal_ent_mask;