Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/kadmin/mod.c
34884 views
1
/*

2
 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "kadmin_locl.h"

35
#include "kadmin-commands.h"

36


37
static void

38
add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)

39
{

40
    krb5_tl_data *tl, **ptl;

41


42
    tl = ecalloc(1, sizeof(*tl));

43
    tl->tl_data_next = NULL;

44
    tl->tl_data_type = KRB5_TL_EXTENSION;

45
    tl->tl_data_length = data->length;

46
    tl->tl_data_contents = data->data;

47


48
    princ->n_tl_data++;

49
    ptl = &princ->tl_data;

50
    while (*ptl != NULL)

51
	ptl = &(*ptl)->tl_data_next;

52
    *ptl = tl;

53


54
    return;

55
}

56


57
static void

58
add_constrained_delegation(krb5_context contextp,

59
			   kadm5_principal_ent_rec *princ,

60
			   struct getarg_strings *strings)

61
{

62
    krb5_error_code ret;

63
    HDB_extension ext;

64
    krb5_data buf;

65
    size_t size = 0;

66


67
    memset(&ext, 0, sizeof(ext));

68
    ext.mandatory = FALSE;

69
    ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;

70


71
    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {

72
	ext.data.u.allowed_to_delegate_to.val = NULL;

73
	ext.data.u.allowed_to_delegate_to.len = 0;

74
    } else {

75
	krb5_principal p;

76
	int i;

77


78
	ext.data.u.allowed_to_delegate_to.val =

79
	    calloc(strings->num_strings,

80
		   sizeof(ext.data.u.allowed_to_delegate_to.val[0]));

81
	ext.data.u.allowed_to_delegate_to.len = strings->num_strings;

82


83
	for (i = 0; i < strings->num_strings; i++) {

84
	    ret = krb5_parse_name(contextp, strings->strings[i], &p);

85
	    if (ret)

86
		abort();

87
	    ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);

88
	    if (ret)

89
		abort();

90
	    krb5_free_principal(contextp, p);

91
	}

92
    }

93


94
    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,

95
		       &ext, &size, ret);

96
    free_HDB_extension(&ext);

97
    if (ret)

98
	abort();

99
    if (buf.length != size)

100
	abort();

101


102
    add_tl(princ, KRB5_TL_EXTENSION, &buf);

103
}

104


105
static void

106
add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,

107
	    struct getarg_strings *strings)

108
{

109
    krb5_error_code ret = 0;

110
    HDB_extension ext;

111
    krb5_data buf;

112
    krb5_principal p;

113
    size_t size = 0;

114
    int i;

115


116
    memset(&ext, 0, sizeof(ext));

117
    ext.mandatory = FALSE;

118
    ext.data.element = choice_HDB_extension_data_aliases;

119
    ext.data.u.aliases.case_insensitive = 0;

120


121
    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {

122
	ext.data.u.aliases.aliases.val = NULL;

123
	ext.data.u.aliases.aliases.len = 0;

124
    } else {

125
	ext.data.u.aliases.aliases.val =

126
	    calloc(strings->num_strings,

127
		   sizeof(ext.data.u.aliases.aliases.val[0]));

128
	ext.data.u.aliases.aliases.len = strings->num_strings;

129


130
	for (i = 0; ret == 0 && i < strings->num_strings; i++) {

131
	    ret = krb5_parse_name(contextp, strings->strings[i], &p);

132
            if (ret)

133
                krb5_err(contextp, 1, ret, "Could not parse alias %s",

134
                         strings->strings[i]);

135
            if (ret == 0)

136
                ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);

137
            if (ret)

138
                krb5_err(contextp, 1, ret, "Could not copy parsed alias %s",

139
                         strings->strings[i]);

140
	    krb5_free_principal(contextp, p);

141
	}

142
    }

143


144
    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,

145
		       &ext, &size, ret);

146
    free_HDB_extension(&ext);

147
    if (ret)

148
	abort();

149
    if (buf.length != size)

150
	abort();

151


152
    add_tl(princ, KRB5_TL_EXTENSION, &buf);

153
}

154


155
static void

156
add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,

157
	       struct getarg_strings *strings)

158
{

159
    krb5_error_code ret;

160
    HDB_extension ext;

161
    krb5_data buf;

162
    size_t size = 0;

163
    int i;

164


165
    memset(&ext, 0, sizeof(ext));

166
    ext.mandatory = FALSE;

167
    ext.data.element = choice_HDB_extension_data_pkinit_acl;

168
    ext.data.u.aliases.case_insensitive = 0;

169


170
    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {

171
	ext.data.u.pkinit_acl.val = NULL;

172
	ext.data.u.pkinit_acl.len = 0;

173
    } else {

174
	ext.data.u.pkinit_acl.val =

175
	    calloc(strings->num_strings,

176
		   sizeof(ext.data.u.pkinit_acl.val[0]));

177
	ext.data.u.pkinit_acl.len = strings->num_strings;

178


179
	for (i = 0; i < strings->num_strings; i++) {

180
	    ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);

181
	}

182
    }

183


184
    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,

185
		       &ext, &size, ret);

186
    free_HDB_extension(&ext);

187
    if (ret)

188
	abort();

189
    if (buf.length != size)

190
	abort();

191


192
    add_tl(princ, KRB5_TL_EXTENSION, &buf);

193
}

194


195
static int

196
do_mod_entry(krb5_principal principal, void *data)

197
{

198
    krb5_error_code ret;

199
    kadm5_principal_ent_rec princ;

200
    int mask = 0;

201
    struct modify_options *e = data;

202


203
    memset (&princ, 0, sizeof(princ));

204
    ret = kadm5_get_principal(kadm_handle, principal, &princ,

205
			      KADM5_PRINCIPAL | KADM5_ATTRIBUTES |

206
			      KADM5_MAX_LIFE | KADM5_MAX_RLIFE |

207
			      KADM5_PRINC_EXPIRE_TIME |

208
			      KADM5_PW_EXPIRATION);

209
    if(ret)

210
	return ret;

211


212
    if(e->max_ticket_life_string ||

213
       e->max_renewable_life_string ||

214
       e->expiration_time_string ||

215
       e->pw_expiration_time_string ||

216
       e->attributes_string ||

217
       e->kvno_integer != -1 ||

218
       e->constrained_delegation_strings.num_strings ||

219
       e->alias_strings.num_strings ||

220
       e->pkinit_acl_strings.num_strings) {

221
	ret = set_entry(context, &princ, &mask,

222
			e->max_ticket_life_string,

223
			e->max_renewable_life_string,

224
			e->expiration_time_string,

225
			e->pw_expiration_time_string,

226
			e->attributes_string);

227
	if(e->kvno_integer != -1) {

228
	    princ.kvno = e->kvno_integer;

229
	    mask |= KADM5_KVNO;

230
	}

231
	if (e->constrained_delegation_strings.num_strings) {

232
	    add_constrained_delegation(context, &princ,

233
				       &e->constrained_delegation_strings);

234
	    mask |= KADM5_TL_DATA;

235
	}

236
	if (e->alias_strings.num_strings) {

237
	    add_aliases(context, &princ, &e->alias_strings);

238
	    mask |= KADM5_TL_DATA;

239
	}

240
	if (e->pkinit_acl_strings.num_strings) {

241
	    add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);

242
	    mask |= KADM5_TL_DATA;

243
	}

244


245
    } else

246
	ret = edit_entry(&princ, &mask, NULL, 0);

247
    if(ret == 0) {

248
	ret = kadm5_modify_principal(kadm_handle, &princ, mask);

249
	if(ret)

250
	    krb5_warn(context, ret, "kadm5_modify_principal");

251
    }

252


253
    kadm5_free_principal_ent(kadm_handle, &princ);

254
    return ret;

255
}

256


257
int

258
mod_entry(struct modify_options *opt, int argc, char **argv)

259
{

260
    krb5_error_code ret = 0;

261
    int i;

262


263
    for(i = 0; i < argc; i++) {

264
	ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);

265
	if (ret)

266
	    break;

267
    }

268
    return ret != 0;

269
}

270


271


272