search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hx509/hxtool.c: ensure parse_bytes() result does not overflow
[heimdal.git] / kadmin / init.c
blob8a3725e3c49c430b4e78cb041e8cbaab5e1e3602
1 /*
2 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kadmin_locl.h"
37 #include "kadmin-commands.h"
38 #include <kadm5/private.h>
39
40 #define CRE_DUP_OK 1
41
42 static kadm5_ret_t
43 create_random_entry(krb5_principal princ,
44 unsigned max_life,
45 unsigned max_rlife,
46 uint32_t attributes,
47 unsigned flags)
48 {
49 kadm5_principal_ent_rec ent;
50 kadm5_ret_t ret;
51 int mask = 0;
52 krb5_keyblock *keys;
53 int n_keys, i;
54 char *name;
55
56 ret = krb5_unparse_name(context, princ, &name);
57 if (ret) {
58 krb5_warn(context, ret, "failed to unparse principal name");
59 return ret;
60 }
61
62 memset(&ent, 0, sizeof(ent));
63 ent.principal = princ;
64 mask |= KADM5_PRINCIPAL;
65 if (max_life) {
66 ent.max_life = max_life;
67 mask |= KADM5_MAX_LIFE;
68 }
69 if (max_rlife) {
70 ent.max_renewable_life = max_rlife;
71 mask |= KADM5_MAX_RLIFE;
72 }
73 ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
74 mask |= KADM5_ATTRIBUTES | KADM5_KEY_DATA;
75
76 /*
77 * Create the entry with no keys or password.
78 *
79 * XXX Note that using kadm5_s_*() here means that `kadmin init` must
80 * always be local (`kadmin -l init`). This might seem like a very
81 * obvious thing, but since our KDC daemons support multiple realms
82 * there is no reason that `init SOME.REALM.EXAMPLE` couldn't be
83 * remoted.
84 *
85 * Granted, one might want all such operations to be local anyways --
86 * perhaps for authorization reasons, since we don't really have that
87 * great a story for authorization in kadmind at this time, especially
88 * for realm creation.
89 */
90 ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
91 if(ret) {
92 if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
93 goto out;
94 krb5_warn(context, ret, "create_random_entry(%s): create failed",
95 name);
96 goto out;
97 }
98
99 /* Replace the string2key based keys with real random bytes */
100 ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
101 if(ret) {
102 krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
103 name);
104 goto out;
105 }
106 for(i = 0; i < n_keys; i++)
107 krb5_free_keyblock_contents(context, &keys[i]);
108 free(keys);
109 ret = kadm5_get_principal(kadm_handle, princ, &ent,
110 KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
111 if(ret) {
112 krb5_warn(context, ret, "create_random_entry(%s): "
113 "unable to get principal", name);
114 goto out;
115 }
116 ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
117 ent.kvno = 1;
118 ret = kadm5_modify_principal(kadm_handle, &ent,
119 KADM5_ATTRIBUTES|KADM5_KVNO);
120 kadm5_free_principal_ent (kadm_handle, &ent);
121 if(ret) {
122 krb5_warn(context, ret, "create_random_entry(%s): "
123 "unable to modify principal", name);
124 goto out;
125 }
126 out:
127 free(name);
128 return ret;
129 }
130
131 extern int local_flag;
132
133 int
134 init(struct init_options *opt, int argc, char **argv)
135 {
136 kadm5_ret_t ret;
137 int i;
138 HDB *db;
139 krb5_deltat max_life = 0, max_rlife = 0;
140
141 if (!local_flag) {
142 krb5_warnx(context, "init is only available in local (-l) mode");
143 return 1;
144 }
145
146 if (opt->realm_max_ticket_life_string) {
147 if (str2deltat (opt->realm_max_ticket_life_string, &max_life) != 0) {
148 krb5_warnx (context, "unable to parse \"%s\"",
149 opt->realm_max_ticket_life_string);
150 return 1;
151 }
152 }
153 if (opt->realm_max_renewable_life_string) {
154 if (str2deltat (opt->realm_max_renewable_life_string, &max_rlife) != 0) {
155 krb5_warnx (context, "unable to parse \"%s\"",
156 opt->realm_max_renewable_life_string);
157 return 1;
158 }
159 }
160
161 db = _kadm5_s_get_db(kadm_handle);
162
163 ret = db->hdb_open(context, db, O_RDWR | O_CREAT, 0600);
164 if(ret){
165 krb5_warn(context, ret, "hdb_open");
166 return 1;
167 }
168 ret = kadm5_log_reinit(kadm_handle, 0);
169 if (ret) {
170 krb5_warn(context, ret, "Failed iprop log initialization");
171 return 1;
172 }
173 ret = kadm5_log_end(kadm_handle);
174 db->hdb_close(context, db);
175 if (ret) {
176 krb5_warn(context, ret, "Failed iprop log initialization");
177 return 1;
178 }
179
180 for(i = 0; i < argc; i++){
181 krb5_principal princ = NULL;
182 const char *realm = argv[i];
183
184 if (opt->realm_max_ticket_life_string == NULL) {
185 max_life = 0;
186 if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
187 return 1;
188 }
189 }
190 if (opt->realm_max_renewable_life_string == NULL) {
191 max_rlife = 0;
192 if(edit_deltat("Realm max renewable ticket life", &max_rlife,
193 NULL, 0)) {
194 return 1;
195 }
196 }
197
198 /* Create `krbtgt/REALM' */
199 ret = krb5_make_principal(context, &princ, realm,
200 KRB5_TGS_NAME, realm, NULL);
201 if (ret == 0)
202 ret = create_random_entry(princ, max_life, max_rlife, 0, 0);
203 krb5_free_principal(context, princ);
204 if (ret) {
205 krb5_warn(context, ret, "Failed to create %s@%s", KRB5_TGS_NAME,
206 realm);
207 return 1;
208 }
209
210 if (opt->bare_flag)
211 continue;
212
213 /* Create `kadmin/changepw' */
214 ret = krb5_make_principal(context, &princ, realm, "kadmin",
215 "changepw", NULL);
216 /*
217 * The Windows XP (at least) password changing protocol
218 * request the `kadmin/changepw' ticket with `renewable_ok,
219 * renewable, forwardable' and so fails if we disallow
220 * forwardable here.
221 */
222 if (ret == 0)
223 ret = create_random_entry(princ, 5*60, 5*60,
224 KRB5_KDB_DISALLOW_TGT_BASED|
225 KRB5_KDB_PWCHANGE_SERVICE|
226 KRB5_KDB_DISALLOW_POSTDATED|
227 KRB5_KDB_DISALLOW_RENEWABLE|
228 KRB5_KDB_DISALLOW_PROXIABLE|
229 KRB5_KDB_REQUIRES_PRE_AUTH,
230 0);
231 krb5_free_principal(context, princ);
232 if (ret) {
233 krb5_warn(context, ret, "Failed to create kadmin/changepw@%s",
234 realm);
235 return 1;
236 }
237
238 /* Create `kadmin/admin' */
239 ret = krb5_make_principal(context, &princ, realm,
240 "kadmin", "admin", NULL);
241 if (ret == 0)
242 ret = create_random_entry(princ, 60*60, 60*60,
243 KRB5_KDB_REQUIRES_PRE_AUTH, 0);
244 krb5_free_principal(context, princ);
245 if (ret) {
246 krb5_warn(context, ret, "Failed to create kadmin/admin@%s", realm);
247 return 1;
248 }
249
250 /* Create `changepw/kerberos' (for v4 compat) */
251 ret = krb5_make_principal(context, &princ, realm,
252 "changepw", "kerberos", NULL);
253 if (ret == 0)
254 ret = create_random_entry(princ, 60*60, 60*60,
255 KRB5_KDB_DISALLOW_TGT_BASED|
256 KRB5_KDB_PWCHANGE_SERVICE, 0);
257 krb5_free_principal(context, princ);
258 if (ret) {
259 krb5_warn(context, ret, "Failed to create changepw/kerberos@%s",
260 realm);
261 return 1;
262 }
263
264 /* Create `kadmin/hprop' for database propagation */
265 ret = krb5_make_principal(context, &princ, realm,
266 "kadmin", "hprop", NULL);
267 if (ret == 0)
268 ret = create_random_entry(princ, 60*60, 60*60,
269 KRB5_KDB_REQUIRES_PRE_AUTH|
270 KRB5_KDB_DISALLOW_TGT_BASED, 0);
271 krb5_free_principal(context, princ);
272 if (ret) {
273 krb5_warn(context, ret, "Failed to create kadmin/hprop@%s", realm);
274 return 1;
275 }
276
277 /* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */
278 ret = krb5_make_principal(context, &princ, realm, KRB5_WELLKNOWN_NAME,
279 KRB5_ANON_NAME, NULL);
280 if (ret == 0)
281 ret = create_random_entry(princ, 60*60, 60*60,
282 KRB5_KDB_REQUIRES_PRE_AUTH, 0);
283 krb5_free_principal(context, princ);
284 if (ret) {
285 krb5_warn(context, ret, "Failed to create %s/%s@%s",
286 KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, realm);
287 return 1;
288 }
289
290 /* Create `WELLKNOWN/FEDERATED' for GSS preauth */
291 ret = krb5_make_principal(context, &princ, realm,
292 KRB5_WELLKNOWN_NAME, KRB5_FEDERATED_NAME, NULL);
293 if (ret == 0)
294 ret = create_random_entry(princ, 60*60, 60*60,
295 KRB5_KDB_REQUIRES_PRE_AUTH, 0);
296 krb5_free_principal(context, princ);
297 if (ret) {
298 krb5_warn(context, ret, "Failed to create %s/%s@%s",
299 KRB5_WELLKNOWN_NAME, KRB5_FEDERATED_NAME, realm);
300 return 1;
301 }
302
303 /*
304 * Create `WELLKNONW/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L' for FAST cookie.
305 *
306 * There can be only one.
307 */
308 if (i == 0) {
309 ret = krb5_make_principal(context, &princ, KRB5_WELLKNOWN_ORG_H5L_REALM,
310 KRB5_WELLKNOWN_NAME, "org.h5l.fast-cookie", NULL);
311 if (ret == 0)
312 ret = create_random_entry(princ, 60*60, 60*60,
313 KRB5_KDB_REQUIRES_PRE_AUTH|
314 KRB5_KDB_DISALLOW_TGT_BASED|
315 KRB5_KDB_DISALLOW_ALL_TIX, CRE_DUP_OK);
316 krb5_free_principal(context, princ);
317 if (ret && ret != KADM5_DUP) {
318 krb5_warn(context, ret,
319 "Failed to create %s/org.h5l.fast-cookie@%s",
320 KRB5_WELLKNOWN_NAME, KRB5_WELLKNOWN_ORG_H5L_REALM);
321 return 1;
322 }
323 }
324
325 /* Create `default' */
326 {
327 kadm5_principal_ent_rec ent;
328 int mask = 0;
329
330 memset (&ent, 0, sizeof(ent));
331 mask |= KADM5_PRINCIPAL;
332 mask |= KADM5_MAX_LIFE;
333 mask |= KADM5_MAX_RLIFE;
334 mask |= KADM5_ATTRIBUTES;
335 ent.max_life = 24 * 60 * 60;
336 ent.max_renewable_life = 7 * ent.max_life;
337 ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
338 ret = krb5_make_principal(context, &ent.principal, realm,
339 "default", NULL);
340 if (ret == 0)
341 ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
342 if (ret) {
343 krb5_warn(context, ret, "Failed to create default@%s", realm);
344 return 1;
345 }
346
347 krb5_free_principal(context, ent.principal);
348 }
349 }
350 return 0;
351 }
Heimdal