get_s.c revision 72445
1176771Sraj/* 2176771Sraj * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan 3176771Sraj * (Royal Institute of Technology, Stockholm, Sweden). 4176771Sraj * All rights reserved. 5176771Sraj * 6176771Sraj * Redistribution and use in source and binary forms, with or without 7176771Sraj * modification, are permitted provided that the following conditions 8176771Sraj * are met: 9176771Sraj * 10176771Sraj * 1. Redistributions of source code must retain the above copyright 11176771Sraj * notice, this list of conditions and the following disclaimer. 12176771Sraj * 13176771Sraj * 2. Redistributions in binary form must reproduce the above copyright 14176771Sraj * notice, this list of conditions and the following disclaimer in the 15176771Sraj * documentation and/or other materials provided with the distribution. 16176771Sraj * 17176771Sraj * 3. Neither the name of the Institute nor the names of its contributors 18176771Sraj * may be used to endorse or promote products derived from this software 19176771Sraj * without specific prior written permission. 20176771Sraj * 21176771Sraj * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22176771Sraj * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23176771Sraj * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24176771Sraj * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25176771Sraj * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26176771Sraj * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27176771Sraj * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28176771Sraj * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29176771Sraj * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30176771Sraj * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31176771Sraj * SUCH DAMAGE. 32176771Sraj */ 33176771Sraj 34176771Sraj#include "kadm5_locl.h" 35176771Sraj 36176771SrajRCSID("$Id: get_s.c,v 1.13 2000/06/19 16:11:31 joda Exp $"); 37176771Sraj 38176771Srajkadm5_ret_t 39176771Srajkadm5_s_get_principal(void *server_handle, 40176771Sraj krb5_principal princ, 41176771Sraj kadm5_principal_ent_t out, 42176771Sraj u_int32_t mask) 43176771Sraj{ 44176771Sraj kadm5_server_context *context = server_handle; 45176771Sraj kadm5_ret_t ret; 46176771Sraj hdb_entry ent; 47176771Sraj 48176771Sraj ent.principal = princ; 49176771Sraj ret = context->db->open(context->context, context->db, O_RDONLY, 0); 50176771Sraj if(ret) 51176771Sraj return ret; 52176771Sraj ret = context->db->fetch(context->context, context->db, 53176771Sraj HDB_F_DECRYPT, &ent); 54176771Sraj context->db->close(context->context, context->db); 55176771Sraj if(ret) 56176771Sraj return _kadm5_error_code(ret); 57176771Sraj 58176771Sraj memset(out, 0, sizeof(*out)); 59176771Sraj if(mask & KADM5_PRINCIPAL) 60176771Sraj ret = krb5_copy_principal(context->context, ent.principal, 61176771Sraj &out->principal); 62176771Sraj if(ret) 63176771Sraj goto out; 64176771Sraj if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end) 65176771Sraj out->princ_expire_time = *ent.valid_end; 66176771Sraj if(mask & KADM5_PW_EXPIRATION && ent.pw_end) 67176771Sraj out->pw_expiration = *ent.pw_end; 68176771Sraj if(mask & KADM5_LAST_PWD_CHANGE) 69176771Sraj /* XXX implement */; 70176771Sraj if(mask & KADM5_ATTRIBUTES){ 71176771Sraj out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; 72176771Sraj out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; 73176771Sraj out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; 74176771Sraj out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; 75176771Sraj out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; 76176771Sraj out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; 77176771Sraj out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; 78176771Sraj out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; 79176771Sraj out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; 80176771Sraj } 81176771Sraj if(mask & KADM5_MAX_LIFE) { 82176771Sraj if(ent.max_life) 83176771Sraj out->max_life = *ent.max_life; 84176771Sraj else 85176771Sraj out->max_life = INT_MAX; 86176771Sraj } 87176771Sraj if(mask & KADM5_MOD_TIME) { 88176771Sraj if(ent.modified_by) 89176771Sraj out->mod_date = ent.modified_by->time; 90176771Sraj else 91176771Sraj out->mod_date = ent.created_by.time; 92176771Sraj } 93176771Sraj if(mask & KADM5_MOD_NAME) { 94176771Sraj if(ent.modified_by) { 95176771Sraj if (ent.modified_by->principal != NULL) 96176771Sraj ret = krb5_copy_principal(context->context, 97176771Sraj ent.modified_by->principal, 98176771Sraj &out->mod_name); 99176771Sraj } else if(ent.created_by.principal != NULL) 100176771Sraj ret = krb5_copy_principal(context->context, 101176771Sraj ent.created_by.principal, 102176771Sraj &out->mod_name); 103176771Sraj else 104176771Sraj out->mod_name = NULL; 105176771Sraj } 106176771Sraj if(ret) 107176771Sraj goto out; 108176771Sraj 109176771Sraj if(mask & KADM5_KVNO) 110176771Sraj out->kvno = ent.kvno; 111176771Sraj if(mask & KADM5_MKVNO) { 112176771Sraj int n; 113176771Sraj out->mkvno = 0; /* XXX */ 114176771Sraj for(n = 0; n < ent.keys.len; n++) 115176771Sraj if(ent.keys.val[n].mkvno) { 116176771Sraj out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */ 117176771Sraj break; 118176771Sraj } 119176771Sraj } 120176771Sraj if(mask & KADM5_AUX_ATTRIBUTES) 121176771Sraj /* XXX implement */; 122176771Sraj if(mask & KADM5_POLICY) 123176771Sraj out->policy = NULL; 124176771Sraj if(mask & KADM5_MAX_RLIFE) { 125176771Sraj if(ent.max_renew) 126176771Sraj out->max_renewable_life = *ent.max_renew; 127176771Sraj else 128176771Sraj out->max_renewable_life = INT_MAX; 129176771Sraj } 130176771Sraj if(mask & KADM5_LAST_SUCCESS) 131176771Sraj /* XXX implement */; 132176771Sraj if(mask & KADM5_LAST_FAILED) 133176771Sraj /* XXX implement */; 134176771Sraj if(mask & KADM5_FAIL_AUTH_COUNT) 135176771Sraj /* XXX implement */; 136176771Sraj if(mask & KADM5_KEY_DATA){ 137176771Sraj int i; 138176771Sraj Key *key; 139176771Sraj krb5_key_data *kd; 140176771Sraj krb5_salt salt; 141176771Sraj krb5_data *sp; 142176771Sraj krb5_get_pw_salt(context->context, ent.principal, &salt); 143176771Sraj out->key_data = malloc(ent.keys.len * sizeof(*out->key_data)); 144176771Sraj for(i = 0; i < ent.keys.len; i++){ 145176771Sraj key = &ent.keys.val[i]; 146176771Sraj kd = &out->key_data[i]; 147176771Sraj kd->key_data_ver = 2; 148176771Sraj kd->key_data_kvno = ent.kvno; 149176771Sraj kd->key_data_type[0] = key->key.keytype; 150176771Sraj if(key->salt) 151176771Sraj kd->key_data_type[1] = key->salt->type; 152176771Sraj else 153176771Sraj kd->key_data_type[1] = KRB5_PADATA_PW_SALT; 154176771Sraj /* setup key */ 155176771Sraj kd->key_data_length[0] = key->key.keyvalue.length; 156176771Sraj kd->key_data_contents[0] = malloc(kd->key_data_length[0]); 157176771Sraj if(kd->key_data_contents[0] == NULL){ 158176771Sraj ret = ENOMEM; 159176771Sraj break; 160176771Sraj } 161176928Smarcel memcpy(kd->key_data_contents[0], key->key.keyvalue.data, 162176928Smarcel kd->key_data_length[0]); 163176928Smarcel /* setup salt */ 164176928Smarcel if(key->salt) 165176928Smarcel sp = &key->salt->salt; 166176771Sraj else 167176771Sraj sp = &salt.saltvalue; 168176771Sraj kd->key_data_length[1] = sp->length; 169176771Sraj kd->key_data_contents[1] = malloc(kd->key_data_length[1]); 170176771Sraj if(kd->key_data_length[1] != 0 171176771Sraj && kd->key_data_contents[1] == NULL) { 172176771Sraj memset(kd->key_data_contents[0], 0, kd->key_data_length[0]); 173176771Sraj ret = ENOMEM; 174176771Sraj break; 175176771Sraj } 176176771Sraj memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]); 177176771Sraj out->n_key_data = i + 1; 178176771Sraj } 179176771Sraj krb5_free_salt(context->context, salt); 180176771Sraj } 181176771Sraj if(ret){ 182176771Sraj kadm5_free_principal_ent(context, out); 183176771Sraj goto out; 184176771Sraj } 185176771Sraj if(mask & KADM5_TL_DATA) 186176771Sraj /* XXX implement */; 187176771Srajout: 188176771Sraj hdb_free_entry(context->context, &ent); 189176771Sraj 190176771Sraj return _kadm5_error_code(ret); 191176771Sraj} 192176771Sraj