Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/lib/kadm5/create_s.c
34878 views
1
/*

2
 * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "kadm5_locl.h"

35


36
RCSID("$Id$");

37


38
static kadm5_ret_t

39
get_default(kadm5_server_context *context, krb5_principal princ,

40
	    kadm5_principal_ent_t def)

41
{

42
    kadm5_ret_t ret;

43
    krb5_principal def_principal;

44
    krb5_const_realm realm = krb5_principal_get_realm(context->context, princ);

45


46
    ret = krb5_make_principal(context->context, &def_principal,

47
			      realm, "default", NULL);

48
    if (ret)

49
	return ret;

50
    ret = kadm5_s_get_principal(context, def_principal, def,

51
				KADM5_PRINCIPAL_NORMAL_MASK);

52
    krb5_free_principal (context->context, def_principal);

53
    return ret;

54
}

55


56
static kadm5_ret_t

57
create_principal(kadm5_server_context *context,

58
		 kadm5_principal_ent_t princ,

59
		 uint32_t mask,

60
		 hdb_entry_ex *ent,

61
		 uint32_t required_mask,

62
		 uint32_t forbidden_mask)

63
{

64
    kadm5_ret_t ret;

65
    kadm5_principal_ent_rec defrec, *defent;

66
    uint32_t def_mask;

67


68
    memset(ent, 0, sizeof(*ent));

69
    if((mask & required_mask) != required_mask)

70
	return KADM5_BAD_MASK;

71
    if((mask & forbidden_mask))

72
	return KADM5_BAD_MASK;

73
    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))

74
	/* XXX no real policies for now */

75
	return KADM5_UNK_POLICY;

76
    ret  = krb5_copy_principal(context->context, princ->principal,

77
			       &ent->entry.principal);

78
    if(ret)

79
	return ret;

80


81
    defent = &defrec;

82
    ret = get_default(context, princ->principal, defent);

83
    if(ret) {

84
	defent   = NULL;

85
	def_mask = 0;

86
    } else {

87
	def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;

88
    }

89


90
    ret = _kadm5_setup_entry(context,

91
			     ent, mask | def_mask,

92
			     princ, mask,

93
			     defent, def_mask);

94
    if(defent)

95
	kadm5_free_principal_ent(context, defent);

96
    if (ret)

97
	return ret;

98


99
    ent->entry.created_by.time = time(NULL);

100


101
    return krb5_copy_principal(context->context, context->caller,

102
			       &ent->entry.created_by.principal);

103
}

104


105
kadm5_ret_t

106
kadm5_s_create_principal_with_key(void *server_handle,

107
				  kadm5_principal_ent_t princ,

108
				  uint32_t mask)

109
{

110
    kadm5_ret_t ret;

111
    hdb_entry_ex ent;

112
    kadm5_server_context *context = server_handle;

113


114
    ret = create_principal(context, princ, mask, &ent,

115
			   KADM5_PRINCIPAL | KADM5_KEY_DATA,

116
			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME

117
			   | KADM5_MOD_NAME | KADM5_MKVNO

118
			   | KADM5_AUX_ATTRIBUTES

119
			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS

120
			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);

121
    if(ret)

122
	goto out;

123


124
    if ((mask & KADM5_KVNO) == 0)

125
	ent.entry.kvno = 1;

126


127
    ret = hdb_seal_keys(context->context, context->db, &ent.entry);

128
    if (ret)

129
	goto out;

130


131
    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);

132
    if(ret)

133
	goto out;

134
    ret = context->db->hdb_store(context->context, context->db, 0, &ent);

135
    context->db->hdb_close(context->context, context->db);

136
    if (ret)

137
	goto out;

138
    kadm5_log_create (context, &ent.entry);

139


140
out:

141
    hdb_free_entry(context->context, &ent);

142
    return _kadm5_error_code(ret);

143
}

144


145


146
kadm5_ret_t

147
kadm5_s_create_principal(void *server_handle,

148
			 kadm5_principal_ent_t princ,

149
			 uint32_t mask,

150
			 const char *password)

151
{

152
    kadm5_ret_t ret;

153
    hdb_entry_ex ent;

154
    kadm5_server_context *context = server_handle;

155


156
    ret = create_principal(context, princ, mask, &ent,

157
			   KADM5_PRINCIPAL,

158
			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME

159
			   | KADM5_MOD_NAME | KADM5_MKVNO

160
			   | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA

161
			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS

162
			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);

163
    if(ret)

164
	goto out;

165


166
    if ((mask & KADM5_KVNO) == 0)

167
	ent.entry.kvno = 1;

168


169
    ent.entry.keys.len = 0;

170
    ent.entry.keys.val = NULL;

171


172
    ret = fbsd_ossl_provider_load();

173
    if (ret)

174
	goto out;

175


176
    ret = _kadm5_set_keys(context, &ent.entry, password);

177
    if (ret)

178
	goto out;

179


180
    ret = hdb_seal_keys(context->context, context->db, &ent.entry);

181
    if (ret)

182
	goto out;

183


184
    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);

185
    if(ret)

186
	goto out;

187
    ret = context->db->hdb_store(context->context, context->db, 0, &ent);

188
    context->db->hdb_close(context->context, context->db);

189
    if (ret)

190
	goto out;

191


192
    kadm5_log_create (context, &ent.entry);

193


194
 out:

195
    hdb_free_entry(context->context, &ent);

196
    return _kadm5_error_code(ret);

197
}

198


199


200