Remove building with NOCRYPTO option
[minix.git] / crypto / external / bsd / heimdal / dist / kdc / misc.c
blobb03c72bb7cc219aa0fa9209de09658c91ec079d9
1 /* $NetBSD: misc.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $ */
3 /*
4 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
36 #include "kdc_locl.h"
38 struct timeval _kdc_now;
40 krb5_error_code
41 _kdc_db_fetch(krb5_context context,
42 krb5_kdc_configuration *config,
43 krb5_const_principal principal,
44 unsigned flags,
45 krb5uint32 *kvno_ptr,
46 HDB **db,
47 hdb_entry_ex **h)
49 hdb_entry_ex *ent;
50 krb5_error_code ret = HDB_ERR_NOENTRY;
51 int i;
52 unsigned kvno = 0;
54 if (kvno_ptr) {
55 kvno = *kvno_ptr;
56 flags |= HDB_F_KVNO_SPECIFIED;
59 ent = calloc (1, sizeof (*ent));
60 if (ent == NULL) {
61 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
62 return ENOMEM;
65 for(i = 0; i < config->num_db; i++) {
66 krb5_principal enterprise_principal = NULL;
67 if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
68 && principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
69 if (principal->name.name_string.len != 1) {
70 ret = KRB5_PARSE_MALFORMED;
71 krb5_set_error_message(context, ret,
72 "malformed request: "
73 "enterprise name with %d name components",
74 principal->name.name_string.len);
75 free(ent);
76 return ret;
78 ret = krb5_parse_name(context, principal->name.name_string.val[0],
79 &enterprise_principal);
80 if (ret) {
81 free(ent);
82 return ret;
85 principal = enterprise_principal;
88 ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
89 if (ret) {
90 const char *msg = krb5_get_error_message(context, ret);
91 kdc_log(context, config, 0, "Failed to open database: %s", msg);
92 krb5_free_error_message(context, msg);
93 continue;
96 ret = config->db[i]->hdb_fetch_kvno(context,
97 config->db[i],
98 principal,
99 flags | HDB_F_DECRYPT,
100 kvno,
101 ent);
103 krb5_free_principal(context, enterprise_principal);
105 config->db[i]->hdb_close(context, config->db[i]);
106 if(ret == 0) {
107 if (db)
108 *db = config->db[i];
109 *h = ent;
110 return 0;
113 free(ent);
114 krb5_set_error_message(context, ret,
115 "no such entry found in hdb");
116 return ret;
119 void
120 _kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
122 hdb_free_entry (context, ent);
123 free (ent);
127 * Use the order list of preferred encryption types and sort the
128 * available keys and return the most preferred key.
131 krb5_error_code
132 _kdc_get_preferred_key(krb5_context context,
133 krb5_kdc_configuration *config,
134 hdb_entry_ex *h,
135 const char *name,
136 krb5_enctype *enctype,
137 Key **key)
139 krb5_error_code ret;
140 int i;
142 if (config->use_strongest_server_key) {
143 const krb5_enctype *p = krb5_kerberos_enctypes(context);
145 for (i = 0; p[i] != (krb5_enctype)ETYPE_NULL; i++) {
146 if (krb5_enctype_valid(context, p[i]) != 0 &&
147 !_kdc_is_weak_exception(h->entry.principal, p[i]))
148 continue;
149 ret = hdb_enctype2key(context, &h->entry, p[i], key);
150 if (ret != 0)
151 continue;
152 if (enctype != NULL)
153 *enctype = p[i];
154 return 0;
156 } else {
157 *key = NULL;
159 for (i = 0; i < h->entry.keys.len; i++) {
160 if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype) != 0 &&
161 !_kdc_is_weak_exception(h->entry.principal, h->entry.keys.val[i].key.keytype))
162 continue;
163 ret = hdb_enctype2key(context, &h->entry,
164 h->entry.keys.val[i].key.keytype, key);
165 if (ret != 0)
166 continue;
167 if (enctype != NULL)
168 *enctype = (*key)->key.keytype;
169 return 0;
173 krb5_set_error_message(context, EINVAL,
174 "No valid kerberos key found for %s", name);
175 return EINVAL; /* XXX */