svr_policy.c revision 2881:ea6360e7e1c5 
1#pragma ident	"%Z%%M%	%I%	%E% SMI"
2
3/*
4 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
5 *
6 *	Openvision retains the copyright to derivative works of
7 *	this source code.  Do *NOT* create a derivative of this
8 *	source code before consulting with your legal department.
9 *	Do *NOT* integrate *ANY* of this source code into another
10 *	product before consulting with your legal department.
11 *
12 *	For further information, read the top-level Openvision
13 *	copyright which is contained in the top-level MIT Kerberos
14 *	copyright.
15 *
16 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
17 *
18 */
19
20
21/*
22 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
23 *
24 * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $
25 */
26
27#if !defined(lint) && !defined(__CODECENTER__)
28static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_policy.c,v 1.2 2001/06/20 05:01:37 mitchb Exp $";
29#endif
30
31#include	<sys/types.h>
32#include	<kadm5/admin.h>
33#include	"adb.h"
34#include	"server_internal.h"
35#include	<stdlib.h>
36
37#define MAX_PW_HISTORY	10
38#define MIN_PW_HISTORY	1
39#define	MIN_PW_CLASSES	1
40#define MAX_PW_CLASSES	5
41#define	MIN_PW_LENGTH	1
42
43/*
44 * Function: kadm5_create_policy
45 *
46 * Purpose: Create Policies in the policy DB.
47 *
48 * Arguments:
49 *	entry	(input) The policy entry to be written out to the DB.
50 *	mask	(input)	Specifies which fields in entry are to ge written out
51 *			and which get default values.
52 *	<return value> 0 if successful otherwise an error code is returned.
53 *
54 * Requires:
55 *	Entry must be a valid principal entry, and mask have a valid value.
56 *
57 * Effects:
58 *	Verifies that mask does not specify that the refcount should
59 *	be set as part of the creation, and calls
60 *	kadm5_create_policy_internal.  If the refcount *is*
61 *	specified, returns KADM5_BAD_MASK.
62 */
63
64kadm5_ret_t
65kadm5_create_policy(void *server_handle,
66			 kadm5_policy_ent_t entry, long mask)
67{
68    CHECK_HANDLE(server_handle);
69
70    if (mask & KADM5_REF_COUNT)
71	return KADM5_BAD_MASK;
72    else
73	return kadm5_create_policy_internal(server_handle, entry, mask);
74}
75
76/*
77 * Function: kadm5_create_policy_internal
78 *
79 * Purpose: Create Policies in the policy DB.
80 *
81 * Arguments:
82 *	entry	(input) The policy entry to be written out to the DB.
83 *	mask	(input)	Specifies which fields in entry are to ge written out
84 *			and which get default values.
85 *	<return value> 0 if successful otherwise an error code is returned.
86 *
87 * Requires:
88 *	Entry must be a valid principal entry, and mask have a valid value.
89 *
90 * Effects:
91 *	Writes the data to the database, and does a database sync if
92 *	successful.
93 *
94 */
95
96kadm5_ret_t
97kadm5_create_policy_internal(void *server_handle,
98				  kadm5_policy_ent_t entry, long mask)
99{
100    kadm5_server_handle_t handle = server_handle;
101    osa_policy_ent_rec	pent;
102    int			ret;
103    char		*p;
104
105    CHECK_HANDLE(server_handle);
106
107    if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
108	return EINVAL;
109    if(strlen(entry->policy) == 0)
110	return KADM5_BAD_POLICY;
111    if (!(mask & KADM5_POLICY))
112	return KADM5_BAD_MASK;
113
114    pent.name = entry->policy;
115    p = entry->policy;
116    while(*p != '\0') {
117	if(*p < ' ' || *p > '~')
118	    return KADM5_BAD_POLICY;
119	else
120	    p++;
121    }
122    if (!(mask & KADM5_PW_MAX_LIFE))
123	pent.pw_max_life = 0;
124    else
125	pent.pw_max_life = entry->pw_max_life;
126    if (!(mask & KADM5_PW_MIN_LIFE))
127	pent.pw_min_life = 0;
128    else {
129	if((mask & KADM5_PW_MAX_LIFE)) {
130	    if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
131		return KADM5_BAD_MIN_PASS_LIFE;
132	}
133	pent.pw_min_life = entry->pw_min_life;
134    }
135    if (!(mask & KADM5_PW_MIN_LENGTH))
136	pent.pw_min_length = MIN_PW_LENGTH;
137    else {
138	if(entry->pw_min_length < MIN_PW_LENGTH)
139	    return KADM5_BAD_LENGTH;
140	pent.pw_min_length = entry->pw_min_length;
141    }
142    if (!(mask & KADM5_PW_MIN_CLASSES))
143	pent.pw_min_classes = MIN_PW_CLASSES;
144    else {
145	if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
146	    return KADM5_BAD_CLASS;
147	pent.pw_min_classes = entry->pw_min_classes;
148    }
149    if (!(mask & KADM5_PW_HISTORY_NUM))
150	pent.pw_history_num = MIN_PW_HISTORY;
151    else {
152	if(entry->pw_history_num < MIN_PW_HISTORY ||
153	   entry->pw_history_num > MAX_PW_HISTORY)
154	    return KADM5_BAD_HISTORY;
155	else
156	    pent.pw_history_num = entry->pw_history_num;
157    }
158    if (!(mask & KADM5_REF_COUNT))
159	pent.policy_refcnt = 0;
160    else
161	pent.policy_refcnt = entry->policy_refcnt;
162    if ((ret = osa_adb_create_policy(handle->policy_db, &pent)) == OSA_ADB_OK)
163	return KADM5_OK;
164    else
165	return ret;
166}
167
168kadm5_ret_t
169kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
170{
171    kadm5_server_handle_t handle = server_handle;
172    osa_policy_ent_t		entry;
173    int				ret;
174
175    CHECK_HANDLE(server_handle);
176
177    if(name == (kadm5_policy_t) NULL)
178	return EINVAL;
179    if(strlen(name) == 0)
180	return KADM5_BAD_POLICY;
181    if ((ret = osa_adb_get_policy(handle->policy_db, name, &entry)) != OSA_ADB_OK)
182	return ret;
183    if(entry->policy_refcnt != 0) {
184	osa_free_policy_ent(entry);
185	return KADM5_POLICY_REF;
186    }
187    osa_free_policy_ent(entry);
188    if ((ret = osa_adb_destroy_policy(handle->policy_db, name)) == OSA_ADB_OK)
189	return KADM5_OK;
190    else
191	return ret;
192}
193
194kadm5_ret_t
195kadm5_modify_policy(void *server_handle,
196			 kadm5_policy_ent_t entry, long mask)
197{
198    CHECK_HANDLE(server_handle);
199
200    if (mask & KADM5_REF_COUNT)
201	return KADM5_BAD_MASK;
202    else
203	return kadm5_modify_policy_internal(server_handle, entry, mask);
204}
205
206kadm5_ret_t
207kadm5_modify_policy_internal(void *server_handle,
208				  kadm5_policy_ent_t entry, long mask)
209{
210    kadm5_server_handle_t handle = server_handle;
211    osa_policy_ent_t	p;
212    int			ret;
213
214    CHECK_HANDLE(server_handle);
215
216    if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
217	return EINVAL;
218    if(strlen(entry->policy) == 0)
219	return KADM5_BAD_POLICY;
220    if((mask & KADM5_POLICY))
221	return KADM5_BAD_MASK;
222
223    switch ((ret = osa_adb_get_policy(handle->policy_db, entry->policy, &p))) {
224    case OSA_ADB_OK:
225	break;
226    case OSA_ADB_NOENT:
227	return KADM5_UNK_POLICY;
228    default:
229	break;
230    }
231    if ((mask & KADM5_PW_MAX_LIFE))
232	p->pw_max_life = entry->pw_max_life;
233    if ((mask & KADM5_PW_MIN_LIFE)) {
234	if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)	{
235	     osa_free_policy_ent(p);
236	     return KADM5_BAD_MIN_PASS_LIFE;
237	}
238	p->pw_min_life = entry->pw_min_life;
239    }
240    if ((mask & KADM5_PW_MIN_LENGTH)) {
241	if(entry->pw_min_length < MIN_PW_LENGTH) {
242	      osa_free_policy_ent(p);
243	      return KADM5_BAD_LENGTH;
244	 }
245	p->pw_min_length = entry->pw_min_length;
246    }
247    if ((mask & KADM5_PW_MIN_CLASSES)) {
248	if(entry->pw_min_classes > MAX_PW_CLASSES ||
249	   entry->pw_min_classes < MIN_PW_CLASSES) {
250	     osa_free_policy_ent(p);
251	     return KADM5_BAD_CLASS;
252	}
253	p->pw_min_classes = entry->pw_min_classes;
254    }
255    if ((mask & KADM5_PW_HISTORY_NUM)) {
256	if(entry->pw_history_num < MIN_PW_HISTORY ||
257	   entry->pw_history_num > MAX_PW_HISTORY) {
258	     osa_free_policy_ent(p);
259	     return KADM5_BAD_HISTORY;
260	}
261	p->pw_history_num = entry->pw_history_num;
262    }
263    if ((mask & KADM5_REF_COUNT))
264	p->policy_refcnt = entry->policy_refcnt;
265    switch ((ret = osa_adb_put_policy(handle->policy_db, p))) {
266    case OSA_ADB_OK:
267	ret = KADM5_OK;
268	break;
269    case OSA_ADB_NOENT:	/* this should not happen here ... */
270	ret = KADM5_UNK_POLICY;
271	break;
272    }
273    osa_free_policy_ent(p);
274    return ret;
275}
276
277kadm5_ret_t
278kadm5_get_policy(void *server_handle, kadm5_policy_t name,
279		 kadm5_policy_ent_t entry)
280{
281    osa_policy_ent_t		t;
282    kadm5_policy_ent_rec	entry_local, **entry_orig, *new;
283    int				ret;
284    kadm5_server_handle_t handle = server_handle;
285
286    CHECK_HANDLE(server_handle);
287
288    /*
289     * In version 1, entry is a pointer to a kadm5_policy_ent_t that
290     * should be filled with allocated memory.
291     */
292    if (handle->api_version == KADM5_API_VERSION_1) {
293	 entry_orig = (kadm5_policy_ent_rec **) entry;
294	 *entry_orig = NULL;
295	 entry = &entry_local;
296    }
297
298    if (name == (kadm5_policy_t) NULL)
299	return EINVAL;
300    if(strlen(name) == 0)
301	return KADM5_BAD_POLICY;
302    switch((ret = osa_adb_get_policy(handle->policy_db, name, &t))) {
303    case OSA_ADB_OK:
304	break;
305    case OSA_ADB_NOENT:
306	return KADM5_UNK_POLICY;
307    default:
308	return ret;
309    }
310    if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) {
311	 osa_free_policy_ent(t);
312	 return ENOMEM;
313    }
314    strcpy(entry->policy, t->name);
315    entry->pw_min_life = t->pw_min_life;
316    entry->pw_max_life = t->pw_max_life;
317    entry->pw_min_length = t->pw_min_length;
318    entry->pw_min_classes = t->pw_min_classes;
319    entry->pw_history_num = t->pw_history_num;
320    entry->policy_refcnt = t->policy_refcnt;
321    osa_free_policy_ent(t);
322
323    if (handle->api_version == KADM5_API_VERSION_1) {
324	 new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
325	 if (new == NULL) {
326	      free(entry->policy);
327	      osa_free_policy_ent(t);
328	      return ENOMEM;
329	 }
330	 *new = *entry;
331	 *entry_orig = new;
332    }
333
334    return KADM5_OK;
335}
336