search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / kadm5 / set_keys.c
blob3c610e5c82d969f3cc422c6ac002302f6a3b3c49
1 /*
2 * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 __RCSID("$Heimdal: set_keys.c 15888 2005-08-11 13:40:35Z lha $"
37 "$NetBSD$");
38
39 /*
40 * Set the keys of `ent' to the string-to-key of `password'
41 */
42
43 kadm5_ret_t
44 _kadm5_set_keys(kadm5_server_context *context,
45 hdb_entry *ent,
46 const char *password)
47 {
48 Key *keys;
49 size_t num_keys;
50 kadm5_ret_t ret;
51
52 ret = hdb_generate_key_set_password(context->context,
53 ent->principal,
54 password, &keys, &num_keys);
55 if (ret)
56 return ret;
57
58 _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
59 ent->keys.val = keys;
60 ent->keys.len = num_keys;
61
62 hdb_entry_set_pw_change_time(context->context, ent, 0);
63
64 if (krb5_config_get_bool_default(context->context, NULL, FALSE,
65 "kadmin", "save-password", NULL))
66 {
67 ret = hdb_entry_set_password(context->context, context->db,
68 ent, password);
69 if (ret)
70 return ret;
71 }
72
73 return 0;
74 }
75
76 /*
77 * Set the keys of `ent' to (`n_key_data', `key_data')
78 */
79
80 kadm5_ret_t
81 _kadm5_set_keys2(kadm5_server_context *context,
82 hdb_entry *ent,
83 int16_t n_key_data,
84 krb5_key_data *key_data)
85 {
86 krb5_error_code ret;
87 int i;
88 unsigned len;
89 Key *keys;
90
91 len = n_key_data;
92 keys = malloc (len * sizeof(*keys));
93 if (keys == NULL)
94 return ENOMEM;
95
96 _kadm5_init_keys (keys, len);
97
98 for(i = 0; i < n_key_data; i++) {
99 keys[i].mkvno = NULL;
100 keys[i].key.keytype = key_data[i].key_data_type[0];
101 ret = krb5_data_copy(&keys[i].key.keyvalue,
102 key_data[i].key_data_contents[0],
103 key_data[i].key_data_length[0]);
104 if(ret)
105 goto out;
106 if(key_data[i].key_data_ver == 2) {
107 Salt *salt;
108
109 salt = malloc(sizeof(*salt));
110 if(salt == NULL) {
111 ret = ENOMEM;
112 goto out;
113 }
114 keys[i].salt = salt;
115 salt->type = key_data[i].key_data_type[1];
116 krb5_data_copy(&salt->salt,
117 key_data[i].key_data_contents[1],
118 key_data[i].key_data_length[1]);
119 } else
120 keys[i].salt = NULL;
121 }
122 _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
123 ent->keys.len = len;
124 ent->keys.val = keys;
125
126 hdb_entry_set_pw_change_time(context->context, ent, 0);
127 hdb_entry_clear_password(context->context, ent);
128
129 return 0;
130 out:
131 _kadm5_free_keys (context->context, len, keys);
132 return ret;
133 }
134
135 /*
136 * Set the keys of `ent' to `n_keys, keys'
137 */
138
139 kadm5_ret_t
140 _kadm5_set_keys3(kadm5_server_context *context,
141 hdb_entry *ent,
142 int n_keys,
143 krb5_keyblock *keyblocks)
144 {
145 krb5_error_code ret;
146 int i;
147 unsigned len;
148 Key *keys;
149
150 len = n_keys;
151 keys = malloc (len * sizeof(*keys));
152 if (keys == NULL)
153 return ENOMEM;
154
155 _kadm5_init_keys (keys, len);
156
157 for(i = 0; i < n_keys; i++) {
158 keys[i].mkvno = NULL;
159 ret = krb5_copy_keyblock_contents (context->context,
160 &keyblocks[i],
161 &keys[i].key);
162 if(ret)
163 goto out;
164 keys[i].salt = NULL;
165 }
166 _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
167 ent->keys.len = len;
168 ent->keys.val = keys;
169
170 hdb_entry_set_pw_change_time(context->context, ent, 0);
171 hdb_entry_clear_password(context->context, ent);
172
173 return 0;
174 out:
175 _kadm5_free_keys (context->context, len, keys);
176 return ret;
177 }
178
179 /*
180 *
181 */
182
183 static int
184 is_des_key_p(int keytype)
185 {
186 return keytype == ETYPE_DES_CBC_CRC ||
187 keytype == ETYPE_DES_CBC_MD4 ||
188 keytype == ETYPE_DES_CBC_MD5;
189 }
190
191
192 /*
193 * Set the keys of `ent' to random keys and return them in `n_keys'
194 * and `new_keys'.
195 */
196
197 kadm5_ret_t
198 _kadm5_set_keys_randomly (kadm5_server_context *context,
199 hdb_entry *ent,
200 krb5_keyblock **new_keys,
201 int *n_keys)
202 {
203 krb5_keyblock *kblock = NULL;
204 kadm5_ret_t ret = 0;
205 int i, des_keyblock;
206 size_t num_keys;
207 Key *keys;
208
209 ret = hdb_generate_key_set(context->context, ent->principal,
210 &keys, &num_keys, 1);
211 if (ret)
212 return ret;
213
214 kblock = malloc(num_keys * sizeof(kblock[0]));
215 if (kblock == NULL) {
216 ret = ENOMEM;
217 _kadm5_free_keys (context->context, num_keys, keys);
218 return ret;
219 }
220 memset(kblock, 0, num_keys * sizeof(kblock[0]));
221
222 des_keyblock = -1;
223 for (i = 0; i < num_keys; i++) {
224
225 /*
226 * To make sure all des keys are the the same we generate only
227 * the first one and then copy key to all other des keys.
228 */
229
230 if (des_keyblock != -1 && is_des_key_p(keys[i].key.keytype)) {
231 ret = krb5_copy_keyblock_contents (context->context,
232 &kblock[des_keyblock],
233 &kblock[i]);
234 if (ret)
235 goto out;
236 kblock[i].keytype = keys[i].key.keytype;
237 } else {
238 ret = krb5_generate_random_keyblock (context->context,
239 keys[i].key.keytype,
240 &kblock[i]);
241 if (ret)
242 goto out;
243
244 if (is_des_key_p(keys[i].key.keytype))
245 des_keyblock = i;
246 }
247
248 ret = krb5_copy_keyblock_contents (context->context,
249 &kblock[i],
250 &keys[i].key);
251 if (ret)
252 goto out;
253 }
254
255 out:
256 if(ret) {
257 for (i = 0; i < num_keys; ++i)
258 krb5_free_keyblock_contents (context->context, &kblock[i]);
259 free(kblock);
260 _kadm5_free_keys (context->context, num_keys, keys);
261 return ret;
262 }
263
264 _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
265 ent->keys.val = keys;
266 ent->keys.len = num_keys;
267 *new_keys = kblock;
268 *n_keys = num_keys;
269
270 hdb_entry_set_pw_change_time(context->context, ent, 0);
271 hdb_entry_clear_password(context->context, ent);
272
273 return 0;
274 }
NetBSD on the FriendlyARM MINI2440