2 * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadm5_locl.h"
39 kadm5_some_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
43 for (i = 0; i < n_keys; i++) {
44 krb5_key_data *key = &keys[i];
45 if (key->key_data_length[0] == sizeof(KADM5_BOGUS_KEY_DATA) - 1 &&
46 ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
47 key->key_data_length[0]) == 0)
54 kadm5_all_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
61 for (i = 0; i < n_keys; i++) {
62 krb5_key_data *key = &keys[i];
63 if (key->key_data_length[0] != sizeof(KADM5_BOGUS_KEY_DATA) - 1 ||
64 ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
65 key->key_data_length[0]) != 0)
72 kadm5_store_key_data(krb5_storage *sp,
76 krb5_store_int32(sp, key->key_data_ver);
77 krb5_store_int32(sp, key->key_data_kvno);
78 krb5_store_int32(sp, key->key_data_type[0]);
79 c.length = key->key_data_length[0];
80 c.data = key->key_data_contents[0];
81 krb5_store_data(sp, c);
82 krb5_store_int32(sp, key->key_data_type[1]);
83 c.length = key->key_data_length[1];
84 c.data = key->key_data_contents[1];
85 krb5_store_data(sp, c);
90 kadm5_store_fake_key_data(krb5_storage *sp,
95 krb5_store_int32(sp, key->key_data_ver);
96 krb5_store_int32(sp, key->key_data_kvno);
97 krb5_store_int32(sp, key->key_data_type[0]);
100 * This is the key contents. We want it to be obvious to the client
101 * (if it really did want the keys) that the key won't work.
102 * 32-bit keys are no good for any enctype, so that should do.
103 * Clients that didn't need keys will ignore this, and clients that
104 * did want keys will either fail or they'll, say, create bogus
105 * keytab entries that will subsequently fail to be useful.
107 c.length = sizeof (KADM5_BOGUS_KEY_DATA) - 1;
108 c.data = KADM5_BOGUS_KEY_DATA;
109 krb5_store_data(sp, c);
111 /* This is the salt -- no need to send garbage */
112 krb5_store_int32(sp, key->key_data_type[1]);
113 c.length = key->key_data_length[1];
114 c.data = key->key_data_contents[1];
115 krb5_store_data(sp, c);
120 kadm5_ret_key_data(krb5_storage *sp,
125 krb5_ret_int32(sp, &tmp);
126 key->key_data_ver = tmp;
127 krb5_ret_int32(sp, &tmp);
128 key->key_data_kvno = tmp;
129 krb5_ret_int32(sp, &tmp);
130 key->key_data_type[0] = tmp;
131 krb5_ret_data(sp, &c);
132 key->key_data_length[0] = c.length;
133 key->key_data_contents[0] = c.data;
134 krb5_ret_int32(sp, &tmp);
135 key->key_data_type[1] = tmp;
136 krb5_ret_data(sp, &c);
137 key->key_data_length[1] = c.length;
138 key->key_data_contents[1] = c.data;
143 kadm5_store_tl_data(krb5_storage *sp,
147 krb5_store_int32(sp, tl->tl_data_type);
148 c.length = tl->tl_data_length;
149 c.data = tl->tl_data_contents;
150 krb5_store_data(sp, c);
155 kadm5_ret_tl_data(krb5_storage *sp,
160 krb5_ret_int32(sp, &tmp);
161 tl->tl_data_type = tmp;
162 krb5_ret_data(sp, &c);
163 tl->tl_data_length = c.length;
164 tl->tl_data_contents = c.data;
169 store_principal_ent(krb5_storage *sp,
170 kadm5_principal_ent_t princ,
171 uint32_t mask, int wkeys)
175 if (mask & KADM5_PRINCIPAL)
176 krb5_store_principal(sp, princ->principal);
177 if (mask & KADM5_PRINC_EXPIRE_TIME)
178 krb5_store_int32(sp, princ->princ_expire_time);
179 if (mask & KADM5_PW_EXPIRATION)
180 krb5_store_int32(sp, princ->pw_expiration);
181 if (mask & KADM5_LAST_PWD_CHANGE)
182 krb5_store_int32(sp, princ->last_pwd_change);
183 if (mask & KADM5_MAX_LIFE)
184 krb5_store_int32(sp, princ->max_life);
185 if (mask & KADM5_MOD_NAME) {
186 krb5_store_int32(sp, princ->mod_name != NULL);
188 krb5_store_principal(sp, princ->mod_name);
190 if (mask & KADM5_MOD_TIME)
191 krb5_store_int32(sp, princ->mod_date);
192 if (mask & KADM5_ATTRIBUTES)
193 krb5_store_int32(sp, princ->attributes);
194 if (mask & KADM5_KVNO)
195 krb5_store_int32(sp, princ->kvno);
196 if (mask & KADM5_MKVNO)
197 krb5_store_int32(sp, princ->mkvno);
198 if (mask & KADM5_POLICY) {
199 krb5_store_int32(sp, princ->policy != NULL);
201 krb5_store_string(sp, princ->policy);
203 if (mask & KADM5_AUX_ATTRIBUTES)
204 krb5_store_int32(sp, princ->aux_attributes);
205 if (mask & KADM5_MAX_RLIFE)
206 krb5_store_int32(sp, princ->max_renewable_life);
207 if (mask & KADM5_LAST_SUCCESS)
208 krb5_store_int32(sp, princ->last_success);
209 if (mask & KADM5_LAST_FAILED)
210 krb5_store_int32(sp, princ->last_failed);
211 if (mask & KADM5_FAIL_AUTH_COUNT)
212 krb5_store_int32(sp, princ->fail_auth_count);
213 if (mask & KADM5_KEY_DATA) {
214 krb5_store_int32(sp, princ->n_key_data);
215 for(i = 0; i < princ->n_key_data; i++) {
217 kadm5_store_key_data(sp, &princ->key_data[i]);
219 kadm5_store_fake_key_data(sp, &princ->key_data[i]);
222 if (mask & KADM5_TL_DATA) {
225 krb5_store_int32(sp, princ->n_tl_data);
226 for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
227 kadm5_store_tl_data(sp, tp);
234 kadm5_store_principal_ent(krb5_storage *sp,
235 kadm5_principal_ent_t princ)
237 return store_principal_ent (sp, princ, ~0, 1);
241 kadm5_store_principal_ent_nokeys(krb5_storage *sp,
242 kadm5_principal_ent_t princ)
244 return store_principal_ent (sp, princ, ~0, 0);
248 kadm5_store_principal_ent_mask(krb5_storage *sp,
249 kadm5_principal_ent_t princ,
252 krb5_store_int32(sp, mask);
253 return store_principal_ent (sp, princ, mask, 1);
257 ret_principal_ent(krb5_storage *sp,
258 kadm5_principal_ent_t princ,
264 if (mask & KADM5_PRINCIPAL)
265 krb5_ret_principal(sp, &princ->principal);
267 if (mask & KADM5_PRINC_EXPIRE_TIME) {
268 krb5_ret_int32(sp, &tmp);
269 princ->princ_expire_time = tmp;
271 if (mask & KADM5_PW_EXPIRATION) {
272 krb5_ret_int32(sp, &tmp);
273 princ->pw_expiration = tmp;
275 if (mask & KADM5_LAST_PWD_CHANGE) {
276 krb5_ret_int32(sp, &tmp);
277 princ->last_pwd_change = tmp;
279 if (mask & KADM5_MAX_LIFE) {
280 krb5_ret_int32(sp, &tmp);
281 princ->max_life = tmp;
283 if (mask & KADM5_MOD_NAME) {
284 krb5_ret_int32(sp, &tmp);
286 krb5_ret_principal(sp, &princ->mod_name);
288 princ->mod_name = NULL;
290 if (mask & KADM5_MOD_TIME) {
291 krb5_ret_int32(sp, &tmp);
292 princ->mod_date = tmp;
294 if (mask & KADM5_ATTRIBUTES) {
295 krb5_ret_int32(sp, &tmp);
296 princ->attributes = tmp;
298 if (mask & KADM5_KVNO) {
299 krb5_ret_int32(sp, &tmp);
302 if (mask & KADM5_MKVNO) {
303 krb5_ret_int32(sp, &tmp);
306 if (mask & KADM5_POLICY) {
307 krb5_ret_int32(sp, &tmp);
309 krb5_ret_string(sp, &princ->policy);
311 princ->policy = NULL;
313 if (mask & KADM5_AUX_ATTRIBUTES) {
314 krb5_ret_int32(sp, &tmp);
315 princ->aux_attributes = tmp;
317 if (mask & KADM5_MAX_RLIFE) {
318 krb5_ret_int32(sp, &tmp);
319 princ->max_renewable_life = tmp;
321 if (mask & KADM5_LAST_SUCCESS) {
322 krb5_ret_int32(sp, &tmp);
323 princ->last_success = tmp;
325 if (mask & KADM5_LAST_FAILED) {
326 krb5_ret_int32(sp, &tmp);
327 princ->last_failed = tmp;
329 if (mask & KADM5_FAIL_AUTH_COUNT) {
330 krb5_ret_int32(sp, &tmp);
331 princ->fail_auth_count = tmp;
333 if (mask & KADM5_KEY_DATA) {
334 krb5_ret_int32(sp, &tmp);
335 princ->n_key_data = tmp;
336 princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
337 if (princ->key_data == NULL && princ->n_key_data != 0)
339 for(i = 0; i < princ->n_key_data; i++)
340 kadm5_ret_key_data(sp, &princ->key_data[i]);
342 if (mask & KADM5_TL_DATA) {
343 krb5_ret_int32(sp, &tmp);
344 princ->n_tl_data = tmp;
345 princ->tl_data = NULL;
346 for(i = 0; i < princ->n_tl_data; i++){
347 krb5_tl_data *tp = malloc(sizeof(*tp));
350 kadm5_ret_tl_data(sp, tp);
351 tp->tl_data_next = princ->tl_data;
359 kadm5_ret_principal_ent(krb5_storage *sp,
360 kadm5_principal_ent_t princ)
362 return ret_principal_ent (sp, princ, ~0);
366 kadm5_ret_principal_ent_mask(krb5_storage *sp,
367 kadm5_principal_ent_t princ,
372 krb5_ret_int32 (sp, &tmp);
374 return ret_principal_ent (sp, princ, *mask);
378 _kadm5_marshal_params(krb5_context context,
379 kadm5_config_params *params,
382 krb5_storage *sp = krb5_storage_emem();
384 return krb5_enomem(context);
386 krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
388 if(params->mask & KADM5_CONFIG_REALM)
389 krb5_store_string(sp, params->realm);
390 krb5_storage_to_data(sp, out);
391 krb5_storage_free(sp);
397 _kadm5_unmarshal_params(krb5_context context,
399 kadm5_config_params *params)
405 sp = krb5_storage_from_data(in);
409 ret = krb5_ret_int32(sp, &mask);
414 if(params->mask & KADM5_CONFIG_REALM)
415 ret = krb5_ret_string(sp, ¶ms->realm);
417 krb5_storage_free(sp);