get_s.c revision 72445
133965Sjdp/* 2218822Sdim * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan 3218822Sdim * (Royal Institute of Technology, Stockholm, Sweden). 433965Sjdp * All rights reserved. 533965Sjdp * 633965Sjdp * Redistribution and use in source and binary forms, with or without 733965Sjdp * modification, are permitted provided that the following conditions 833965Sjdp * are met: 933965Sjdp * 1033965Sjdp * 1. Redistributions of source code must retain the above copyright 1133965Sjdp * notice, this list of conditions and the following disclaimer. 1233965Sjdp * 1333965Sjdp * 2. Redistributions in binary form must reproduce the above copyright 1433965Sjdp * notice, this list of conditions and the following disclaimer in the 1533965Sjdp * documentation and/or other materials provided with the distribution. 1633965Sjdp * 1733965Sjdp * 3. Neither the name of the Institute nor the names of its contributors 1833965Sjdp * may be used to endorse or promote products derived from this software 1933965Sjdp * without specific prior written permission. 20218822Sdim * 21218822Sdim * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2233965Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2333965Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2433965Sjdp * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25218822Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2633965Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2733965Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2833965Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2933965Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3033965Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3133965Sjdp * SUCH DAMAGE. 3261843Sobrien */ 3333965Sjdp 3433965Sjdp#include "kadm5_locl.h" 3533965Sjdp 3633965SjdpRCSID("$Id: get_s.c,v 1.13 2000/06/19 16:11:31 joda Exp $"); 3733965Sjdp 3833965Sjdpkadm5_ret_t 3933965Sjdpkadm5_s_get_principal(void *server_handle, 4033965Sjdp krb5_principal princ, 4133965Sjdp kadm5_principal_ent_t out, 4233965Sjdp u_int32_t mask) 4333965Sjdp{ 44130561Sobrien kadm5_server_context *context = server_handle; 45130561Sobrien kadm5_ret_t ret; 4633965Sjdp hdb_entry ent; 4733965Sjdp 4833965Sjdp ent.principal = princ; 4933965Sjdp ret = context->db->open(context->context, context->db, O_RDONLY, 0); 5033965Sjdp if(ret) 5133965Sjdp return ret; 5233965Sjdp ret = context->db->fetch(context->context, context->db, 5333965Sjdp HDB_F_DECRYPT, &ent); 5433965Sjdp context->db->close(context->context, context->db); 5533965Sjdp if(ret) 5633965Sjdp return _kadm5_error_code(ret); 5733965Sjdp 5833965Sjdp memset(out, 0, sizeof(*out)); 5933965Sjdp if(mask & KADM5_PRINCIPAL) 6033965Sjdp ret = krb5_copy_principal(context->context, ent.principal, 6133965Sjdp &out->principal); 6233965Sjdp if(ret) 6333965Sjdp goto out; 6433965Sjdp if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end) 6533965Sjdp out->princ_expire_time = *ent.valid_end; 6633965Sjdp if(mask & KADM5_PW_EXPIRATION && ent.pw_end) 6733965Sjdp out->pw_expiration = *ent.pw_end; 6833965Sjdp if(mask & KADM5_LAST_PWD_CHANGE) 6933965Sjdp /* XXX implement */; 7033965Sjdp if(mask & KADM5_ATTRIBUTES){ 7133965Sjdp out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED; 7233965Sjdp out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE; 7333965Sjdp out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0; 7433965Sjdp out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE; 7533965Sjdp out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE; 7633965Sjdp out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0; 7733965Sjdp out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0; 7833965Sjdp out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR; 7933965Sjdp out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0; 8033965Sjdp } 8133965Sjdp if(mask & KADM5_MAX_LIFE) { 8233965Sjdp if(ent.max_life) 8333965Sjdp out->max_life = *ent.max_life; 8433965Sjdp else 8533965Sjdp out->max_life = INT_MAX; 8633965Sjdp } 8733965Sjdp if(mask & KADM5_MOD_TIME) { 8833965Sjdp if(ent.modified_by) 8933965Sjdp out->mod_date = ent.modified_by->time; 9033965Sjdp else 9133965Sjdp out->mod_date = ent.created_by.time; 9233965Sjdp } 9333965Sjdp if(mask & KADM5_MOD_NAME) { 9433965Sjdp if(ent.modified_by) { 9533965Sjdp if (ent.modified_by->principal != NULL) 9633965Sjdp ret = krb5_copy_principal(context->context, 9733965Sjdp ent.modified_by->principal, 9833965Sjdp &out->mod_name); 9933965Sjdp } else if(ent.created_by.principal != NULL) 10033965Sjdp ret = krb5_copy_principal(context->context, 10133965Sjdp ent.created_by.principal, 10233965Sjdp &out->mod_name); 10333965Sjdp else 10433965Sjdp out->mod_name = NULL; 10533965Sjdp } 10633965Sjdp if(ret) 10733965Sjdp goto out; 10833965Sjdp 10933965Sjdp if(mask & KADM5_KVNO) 11033965Sjdp out->kvno = ent.kvno; 11133965Sjdp if(mask & KADM5_MKVNO) { 11233965Sjdp int n; 11333965Sjdp out->mkvno = 0; /* XXX */ 11433965Sjdp for(n = 0; n < ent.keys.len; n++) 11533965Sjdp if(ent.keys.val[n].mkvno) { 11633965Sjdp out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */ 11733965Sjdp break; 11833965Sjdp } 11933965Sjdp } 12033965Sjdp if(mask & KADM5_AUX_ATTRIBUTES) 12133965Sjdp /* XXX implement */; 12233965Sjdp if(mask & KADM5_POLICY) 12333965Sjdp out->policy = NULL; 12433965Sjdp if(mask & KADM5_MAX_RLIFE) { 12533965Sjdp if(ent.max_renew) 12633965Sjdp out->max_renewable_life = *ent.max_renew; 12733965Sjdp else 12833965Sjdp out->max_renewable_life = INT_MAX; 12933965Sjdp } 13033965Sjdp if(mask & KADM5_LAST_SUCCESS) 13133965Sjdp /* XXX implement */; 13233965Sjdp if(mask & KADM5_LAST_FAILED) 13333965Sjdp /* XXX implement */; 13433965Sjdp if(mask & KADM5_FAIL_AUTH_COUNT) 13533965Sjdp /* XXX implement */; 13633965Sjdp if(mask & KADM5_KEY_DATA){ 13733965Sjdp int i; 13833965Sjdp Key *key; 13933965Sjdp krb5_key_data *kd; 14033965Sjdp krb5_salt salt; 14133965Sjdp krb5_data *sp; 14233965Sjdp krb5_get_pw_salt(context->context, ent.principal, &salt); 14333965Sjdp out->key_data = malloc(ent.keys.len * sizeof(*out->key_data)); 14433965Sjdp for(i = 0; i < ent.keys.len; i++){ 14533965Sjdp key = &ent.keys.val[i]; 14633965Sjdp kd = &out->key_data[i]; 14733965Sjdp kd->key_data_ver = 2; 148130561Sobrien kd->key_data_kvno = ent.kvno; 14933965Sjdp kd->key_data_type[0] = key->key.keytype; 15033965Sjdp if(key->salt) 15133965Sjdp kd->key_data_type[1] = key->salt->type; 15233965Sjdp else 15333965Sjdp kd->key_data_type[1] = KRB5_PADATA_PW_SALT; 15433965Sjdp /* setup key */ 15533965Sjdp kd->key_data_length[0] = key->key.keyvalue.length; 15633965Sjdp kd->key_data_contents[0] = malloc(kd->key_data_length[0]); 15733965Sjdp if(kd->key_data_contents[0] == NULL){ 158130561Sobrien ret = ENOMEM; 15933965Sjdp break; 16033965Sjdp } 16133965Sjdp memcpy(kd->key_data_contents[0], key->key.keyvalue.data, 16233965Sjdp kd->key_data_length[0]); 16333965Sjdp /* setup salt */ 16433965Sjdp if(key->salt) 16533965Sjdp sp = &key->salt->salt; 16633965Sjdp else 16733965Sjdp sp = &salt.saltvalue; 16833965Sjdp kd->key_data_length[1] = sp->length; 16933965Sjdp kd->key_data_contents[1] = malloc(kd->key_data_length[1]); 17033965Sjdp if(kd->key_data_length[1] != 0 17133965Sjdp && kd->key_data_contents[1] == NULL) { 17233965Sjdp memset(kd->key_data_contents[0], 0, kd->key_data_length[0]); 17333965Sjdp ret = ENOMEM; 17433965Sjdp break; 17533965Sjdp } 17633965Sjdp memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]); 17733965Sjdp out->n_key_data = i + 1; 17833965Sjdp } 17933965Sjdp krb5_free_salt(context->context, salt); 18033965Sjdp } 18133965Sjdp if(ret){ 18233965Sjdp kadm5_free_principal_ent(context, out); 18333965Sjdp goto out; 18433965Sjdp } 18533965Sjdp if(mask & KADM5_TL_DATA) 18633965Sjdp /* XXX implement */; 18733965Sjdpout: 18833965Sjdp hdb_free_entry(context->context, &ent); 18933965Sjdp 19033965Sjdp return _kadm5_error_code(ret); 19133965Sjdp} 19233965Sjdp