search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / kadm5 / ent_setup.c
blobcc9e13f6772a0304f887302be51da3d934b533cc
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 __RCSID("$Heimdal: ent_setup.c 18823 2006-10-22 10:15:53Z lha $"
37 "$NetBSD$");
38
39 #define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
40 #define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
41
42 static void
43 attr_to_flags(unsigned attr, HDBFlags *flags)
44 {
45 flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
46 flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
47 flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
48 flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
49 flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
50 /* DUP_SKEY */
51 flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
52 flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
53 /* HW_AUTH */
54 flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
55 flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
56 flags->client = 1; /* XXX */
57 flags->ok_as_delegate = !!(attr & KRB5_KDB_OK_AS_DELEGATE);
58 flags->trusted_for_delegation = !!(attr & KRB5_KDB_TRUSTED_FOR_DELEGATION);
59 flags->allow_kerberos4 = !!(attr & KRB5_KDB_ALLOW_KERBEROS4);
60 flags->allow_digest = !!(attr & KRB5_KDB_ALLOW_DIGEST);
61 }
62
63 /*
64 * Modify the `ent' according to `tl_data'.
65 */
66
67 static kadm5_ret_t
68 perform_tl_data(krb5_context context,
69 HDB *db,
70 hdb_entry_ex *ent,
71 const krb5_tl_data *tl_data)
72 {
73 kadm5_ret_t ret = 0;
74
75 if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
76 heim_utf8_string pw = tl_data->tl_data_contents;
77
78 if (pw[tl_data->tl_data_length] != '\0')
79 return KADM5_BAD_TL_TYPE;
80
81 ret = hdb_entry_set_password(context, db, &ent->entry, pw);
82
83 } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
84 unsigned char *s;
85 time_t t;
86
87 if (tl_data->tl_data_length != 4)
88 return KADM5_BAD_TL_TYPE;
89
90 s = tl_data->tl_data_contents;
91
92 t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
93
94 ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
95
96 } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
97 HDB_extension ext;
98
99 ret = decode_HDB_extension(tl_data->tl_data_contents,
100 tl_data->tl_data_length,
101 &ext,
102 NULL);
103 if (ret)
104 return KADM5_BAD_TL_TYPE;
105
106 ret = hdb_replace_extension(context, &ent->entry, &ext);
107 free_HDB_extension(&ext);
108 } else {
109 return KADM5_BAD_TL_TYPE;
110 }
111 return ret;
112 }
113
114
115 /*
116 * Create the hdb entry `ent' based on data from `princ' with
117 * `princ_mask' specifying what fields to be gotten from there and
118 * `mask' specifying what fields we want filled in.
119 */
120
121 kadm5_ret_t
122 _kadm5_setup_entry(kadm5_server_context *context,
123 hdb_entry_ex *ent,
124 uint32_t mask,
125 kadm5_principal_ent_t princ,
126 uint32_t princ_mask,
127 kadm5_principal_ent_t def,
128 uint32_t def_mask)
129 {
130 if(mask & KADM5_PRINC_EXPIRE_TIME
131 && princ_mask & KADM5_PRINC_EXPIRE_TIME) {
132 if (princ->princ_expire_time)
133 set_value(ent->entry.valid_end, princ->princ_expire_time);
134 else
135 set_null(ent->entry.valid_end);
136 }
137 if(mask & KADM5_PW_EXPIRATION
138 && princ_mask & KADM5_PW_EXPIRATION) {
139 if (princ->pw_expiration)
140 set_value(ent->entry.pw_end, princ->pw_expiration);
141 else
142 set_null(ent->entry.pw_end);
143 }
144 if(mask & KADM5_ATTRIBUTES) {
145 if (princ_mask & KADM5_ATTRIBUTES) {
146 attr_to_flags(princ->attributes, &ent->entry.flags);
147 } else if(def_mask & KADM5_ATTRIBUTES) {
148 attr_to_flags(def->attributes, &ent->entry.flags);
149 ent->entry.flags.invalid = 0;
150 } else {
151 ent->entry.flags.client = 1;
152 ent->entry.flags.server = 1;
153 ent->entry.flags.forwardable = 1;
154 ent->entry.flags.proxiable = 1;
155 ent->entry.flags.renewable = 1;
156 ent->entry.flags.postdate = 1;
157 }
158 }
159 if(mask & KADM5_MAX_LIFE) {
160 if(princ_mask & KADM5_MAX_LIFE) {
161 if(princ->max_life)
162 set_value(ent->entry.max_life, princ->max_life);
163 else
164 set_null(ent->entry.max_life);
165 } else if(def_mask & KADM5_MAX_LIFE) {
166 if(def->max_life)
167 set_value(ent->entry.max_life, def->max_life);
168 else
169 set_null(ent->entry.max_life);
170 }
171 }
172 if(mask & KADM5_KVNO
173 && princ_mask & KADM5_KVNO)
174 ent->entry.kvno = princ->kvno;
175 if(mask & KADM5_MAX_RLIFE) {
176 if(princ_mask & KADM5_MAX_RLIFE) {
177 if(princ->max_renewable_life)
178 set_value(ent->entry.max_renew, princ->max_renewable_life);
179 else
180 set_null(ent->entry.max_renew);
181 } else if(def_mask & KADM5_MAX_RLIFE) {
182 if(def->max_renewable_life)
183 set_value(ent->entry.max_renew, def->max_renewable_life);
184 else
185 set_null(ent->entry.max_renew);
186 }
187 }
188 if(mask & KADM5_KEY_DATA
189 && princ_mask & KADM5_KEY_DATA) {
190 _kadm5_set_keys2(context, &ent->entry,
191 princ->n_key_data, princ->key_data);
192 }
193 if(mask & KADM5_TL_DATA) {
194 krb5_tl_data *tl;
195
196 for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
197 kadm5_ret_t ret;
198 ret = perform_tl_data(context->context, context->db, ent, tl);
199 if (ret)
200 return ret;
201 }
202 }
203 if(mask & KADM5_FAIL_AUTH_COUNT) {
204 /* XXX */
205 }
206 return 0;
207 }
NetBSD on the FriendlyARM MINI2440