search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / krb5 / kadm5 / srv / svr_policy.c
blob7a0ecc65a9f3b4c68f32da52b8594216d1ec8963
1 /*
2 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
3 *
4 * Openvision retains the copyright to derivative works of
5 * this source code. Do *NOT* create a derivative of this
6 * source code before consulting with your legal department.
7 * Do *NOT* integrate *ANY* of this source code into another
8 * product before consulting with your legal department.
9 *
10 * For further information, read the top-level Openvision
11 * copyright which is contained in the top-level MIT Kerberos
12 * copyright.
13 *
14 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
15 *
16 */
17
18
19 /*
20 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
21 *
22 * $Header$
23 */
24
25 static char *rcsid = "$Header$";
26
27 #include "server_internal.h"
28 #include <sys/types.h>
29 #include <kadm5/admin.h>
30 #include <stdlib.h>
31 #include <errno.h>
32
33 #define MAX_PW_HISTORY 10
34 #define MIN_PW_HISTORY 1
35 #define MIN_PW_CLASSES 1
36 #define MAX_PW_CLASSES 5
37 #define MIN_PW_LENGTH 1
38
39 /*
40 * Function: kadm5_create_policy
41 *
42 * Purpose: Create Policies in the policy DB.
43 *
44 * Arguments:
45 * entry (input) The policy entry to be written out to the DB.
46 * mask (input) Specifies which fields in entry are to ge written out
47 * and which get default values.
48 * <return value> 0 if successful otherwise an error code is returned.
49 *
50 * Requires:
51 * Entry must be a valid principal entry, and mask have a valid value.
52 *
53 * Effects:
54 * Verifies that mask does not specify that the refcount should
55 * be set as part of the creation, and calls
56 * kadm5_create_policy_internal. If the refcount *is*
57 * specified, returns KADM5_BAD_MASK.
58 */
59
60 kadm5_ret_t
61 kadm5_create_policy(void *server_handle,
62 kadm5_policy_ent_t entry, long mask)
63 {
64 CHECK_HANDLE(server_handle);
65
66 krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
67
68 if (mask & KADM5_REF_COUNT)
69 return KADM5_BAD_MASK;
70 else
71 return kadm5_create_policy_internal(server_handle, entry, mask);
72 }
73
74 /*
75 * Function: kadm5_create_policy_internal
76 *
77 * Purpose: Create Policies in the policy DB.
78 *
79 * Arguments:
80 * entry (input) The policy entry to be written out to the DB.
81 * mask (input) Specifies which fields in entry are to ge written out
82 * and which get default values.
83 * <return value> 0 if successful otherwise an error code is returned.
84 *
85 * Requires:
86 * Entry must be a valid principal entry, and mask have a valid value.
87 *
88 * Effects:
89 * Writes the data to the database, and does a database sync if
90 * successful.
91 *
92 */
93
94 kadm5_ret_t
95 kadm5_create_policy_internal(void *server_handle,
96 kadm5_policy_ent_t entry, long mask)
97 {
98 kadm5_server_handle_t handle = server_handle;
99 osa_policy_ent_rec pent;
100 int ret;
101 char *p;
102
103 CHECK_HANDLE(server_handle);
104
105 if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
106 return EINVAL;
107 if(strlen(entry->policy) == 0)
108 return KADM5_BAD_POLICY;
109 if (!(mask & KADM5_POLICY))
110 return KADM5_BAD_MASK;
111
112 pent.name = entry->policy;
113 p = entry->policy;
114 while(*p != '\0') {
115 if(*p < ' ' || *p > '~')
116 return KADM5_BAD_POLICY;
117 else
118 p++;
119 }
120 if (!(mask & KADM5_PW_MAX_LIFE))
121 pent.pw_max_life = 0;
122 else
123 pent.pw_max_life = entry->pw_max_life;
124 if (!(mask & KADM5_PW_MIN_LIFE))
125 pent.pw_min_life = 0;
126 else {
127 if((mask & KADM5_PW_MAX_LIFE)) {
128 if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
129 return KADM5_BAD_MIN_PASS_LIFE;
130 }
131 pent.pw_min_life = entry->pw_min_life;
132 }
133 if (!(mask & KADM5_PW_MIN_LENGTH))
134 pent.pw_min_length = MIN_PW_LENGTH;
135 else {
136 if(entry->pw_min_length < MIN_PW_LENGTH)
137 return KADM5_BAD_LENGTH;
138 pent.pw_min_length = entry->pw_min_length;
139 }
140 if (!(mask & KADM5_PW_MIN_CLASSES))
141 pent.pw_min_classes = MIN_PW_CLASSES;
142 else {
143 if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
144 return KADM5_BAD_CLASS;
145 pent.pw_min_classes = entry->pw_min_classes;
146 }
147 if (!(mask & KADM5_PW_HISTORY_NUM))
148 pent.pw_history_num = MIN_PW_HISTORY;
149 else {
150 if(entry->pw_history_num < MIN_PW_HISTORY ||
151 entry->pw_history_num > MAX_PW_HISTORY)
152 return KADM5_BAD_HISTORY;
153 else
154 pent.pw_history_num = entry->pw_history_num;
155 }
156 if (!(mask & KADM5_REF_COUNT))
157 pent.policy_refcnt = 0;
158 else
159 pent.policy_refcnt = entry->policy_refcnt;
160 if ((ret = krb5_db_create_policy(handle->context, &pent)))
161 return ret;
162 else
163 return KADM5_OK;
164 }
165
166 kadm5_ret_t
167 kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
168 {
169 kadm5_server_handle_t handle = server_handle;
170 osa_policy_ent_t entry;
171 int ret;
172 int cnt=1;
173
174 CHECK_HANDLE(server_handle);
175
176 krb5_clear_error_message(handle->context);
177
178 if(name == (kadm5_policy_t) NULL)
179 return EINVAL;
180 if(strlen(name) == 0)
181 return KADM5_BAD_POLICY;
182 if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt)))
183 return ret;
184 if( cnt != 1 )
185 return KADM5_UNK_POLICY;
186
187 if(entry->policy_refcnt != 0) {
188 krb5_db_free_policy(handle->context, entry);
189 return KADM5_POLICY_REF;
190 }
191 krb5_db_free_policy(handle->context, entry);
192 if ((ret = krb5_db_delete_policy(handle->context, name)))
193 return ret;
194 else
195 return KADM5_OK;
196 }
197
198 kadm5_ret_t
199 kadm5_modify_policy(void *server_handle,
200 kadm5_policy_ent_t entry, long mask)
201 {
202 CHECK_HANDLE(server_handle);
203
204 krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
205
206 if (mask & KADM5_REF_COUNT)
207 return KADM5_BAD_MASK;
208 else
209 return kadm5_modify_policy_internal(server_handle, entry, mask);
210 }
211
212 kadm5_ret_t
213 kadm5_modify_policy_internal(void *server_handle,
214 kadm5_policy_ent_t entry, long mask)
215 {
216 kadm5_server_handle_t handle = server_handle;
217 osa_policy_ent_t p;
218 int ret;
219 int cnt=1;
220
221 CHECK_HANDLE(server_handle);
222
223 if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
224 return EINVAL;
225 if(strlen(entry->policy) == 0)
226 return KADM5_BAD_POLICY;
227 if((mask & KADM5_POLICY))
228 return KADM5_BAD_MASK;
229
230 if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
231 return ret;
232 if (cnt != 1)
233 return KADM5_UNK_POLICY;
234
235 if ((mask & KADM5_PW_MAX_LIFE))
236 p->pw_max_life = entry->pw_max_life;
237 if ((mask & KADM5_PW_MIN_LIFE)) {
238 if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0) {
239 krb5_db_free_policy(handle->context, p);
240 return KADM5_BAD_MIN_PASS_LIFE;
241 }
242 p->pw_min_life = entry->pw_min_life;
243 }
244 if ((mask & KADM5_PW_MIN_LENGTH)) {
245 if(entry->pw_min_length < MIN_PW_LENGTH) {
246 krb5_db_free_policy(handle->context, p);
247 return KADM5_BAD_LENGTH;
248 }
249 p->pw_min_length = entry->pw_min_length;
250 }
251 if ((mask & KADM5_PW_MIN_CLASSES)) {
252 if(entry->pw_min_classes > MAX_PW_CLASSES ||
253 entry->pw_min_classes < MIN_PW_CLASSES) {
254 krb5_db_free_policy(handle->context, p);
255 return KADM5_BAD_CLASS;
256 }
257 p->pw_min_classes = entry->pw_min_classes;
258 }
259 if ((mask & KADM5_PW_HISTORY_NUM)) {
260 if(entry->pw_history_num < MIN_PW_HISTORY ||
261 entry->pw_history_num > MAX_PW_HISTORY) {
262 krb5_db_free_policy(handle->context, p);
263 return KADM5_BAD_HISTORY;
264 }
265 p->pw_history_num = entry->pw_history_num;
266 }
267 if ((mask & KADM5_REF_COUNT))
268 p->policy_refcnt = entry->policy_refcnt;
269 ret = krb5_db_put_policy(handle->context, p);
270 krb5_db_free_policy(handle->context, p);
271 return ret;
272 }
273
274 kadm5_ret_t
275 kadm5_get_policy(void *server_handle, kadm5_policy_t name,
276 kadm5_policy_ent_t entry)
277 {
278 osa_policy_ent_t t;
279 kadm5_policy_ent_rec entry_local, **entry_orig, *new;
280 int ret;
281 kadm5_server_handle_t handle = server_handle;
282 int cnt=1;
283
284 CHECK_HANDLE(server_handle);
285
286 krb5_clear_error_message(handle->context);
287
288 /*
289 * In version 1, entry is a pointer to a kadm5_policy_ent_t that
290 * should be filled with allocated memory.
291 */
292 if (handle->api_version == KADM5_API_VERSION_1) {
293 entry_orig = (kadm5_policy_ent_rec **) entry;
294 *entry_orig = NULL;
295 entry = &entry_local;
296 }
297
298 if (name == (kadm5_policy_t) NULL)
299 return EINVAL;
300 if(strlen(name) == 0)
301 return KADM5_BAD_POLICY;
302 if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt)))
303 return ret;
304
305 if( cnt != 1 )
306 return KADM5_UNK_POLICY;
307
308 if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) {
309 krb5_db_free_policy(handle->context, t);
310 return ENOMEM;
311 }
312 strcpy(entry->policy, t->name);
313 entry->pw_min_life = t->pw_min_life;
314 entry->pw_max_life = t->pw_max_life;
315 entry->pw_min_length = t->pw_min_length;
316 entry->pw_min_classes = t->pw_min_classes;
317 entry->pw_history_num = t->pw_history_num;
318 entry->policy_refcnt = t->policy_refcnt;
319 krb5_db_free_policy(handle->context, t);
320
321 if (handle->api_version == KADM5_API_VERSION_1) {
322 new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
323 if (new == NULL) {
324 free(entry->policy);
325 krb5_db_free_policy(handle->context, t);
326 return ENOMEM;
327 }
328 *new = *entry;
329 *entry_orig = new;
330 }
331
332 return KADM5_OK;
333 }
unleashed repo fork