From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- third_party/heimdal/lib/kadm5/common_glue.c | 452 ++++++++++++++++++++++++++++ 1 file changed, 452 insertions(+) create mode 100644 third_party/heimdal/lib/kadm5/common_glue.c (limited to 'third_party/heimdal/lib/kadm5/common_glue.c') diff --git a/third_party/heimdal/lib/kadm5/common_glue.c b/third_party/heimdal/lib/kadm5/common_glue.c new file mode 100644 index 0000000..210bf93 --- /dev/null +++ b/third_party/heimdal/lib/kadm5/common_glue.c @@ -0,0 +1,452 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm5_locl.h" + +RCSID("$Id$"); + +#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P +#define __CALLABLE(F) (((kadm5_common_context*)server_handle)->funcs.F != 0) + +kadm5_ret_t +kadm5_dup_context(void *server_handle, void **dup_server_handle) +{ + return __CALL(dup_context, (server_handle, dup_server_handle)); +} + +kadm5_ret_t +kadm5_chpass_principal(void *server_handle, + krb5_principal princ, + const char *password) +{ + return __CALL(chpass_principal, (server_handle, princ, 0, + 0, NULL, password)); +} + +kadm5_ret_t +kadm5_chpass_principal_3(void *server_handle, + krb5_principal princ, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + const char *password) +{ + return __CALL(chpass_principal, (server_handle, princ, keepold, + n_ks_tuple, ks_tuple, password)); +} + +kadm5_ret_t +kadm5_chpass_principal_with_key(void *server_handle, + krb5_principal princ, + int n_key_data, + krb5_key_data *key_data) +{ + return __CALL(chpass_principal_with_key, + (server_handle, princ, 0, n_key_data, key_data)); +} + +kadm5_ret_t +kadm5_chpass_principal_with_key_3(void *server_handle, + krb5_principal princ, + int keepold, + int n_key_data, + krb5_key_data *key_data) +{ + return __CALL(chpass_principal_with_key, + (server_handle, princ, keepold, n_key_data, key_data)); +} + +kadm5_ret_t +kadm5_create_principal_3(void *server_handle, + kadm5_principal_ent_t princ, + uint32_t mask, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *password) +{ + return __CALL(create_principal, + (server_handle, princ, mask, n_ks_tuple, ks_tuple, password)); +} + +kadm5_ret_t +kadm5_create_principal(void *server_handle, + kadm5_principal_ent_t princ, + uint32_t mask, + const char *password) +{ + return __CALL(create_principal, + (server_handle, princ, mask, 0, NULL, password)); +} + +kadm5_ret_t +kadm5_delete_principal(void *server_handle, + krb5_principal princ) +{ + return __CALL(delete_principal, (server_handle, princ)); +} + +kadm5_ret_t +kadm5_destroy (void *server_handle) +{ + return __CALL(destroy, (server_handle)); +} + +kadm5_ret_t +kadm5_flush (void *server_handle) +{ + return __CALL(flush, (server_handle)); +} + +kadm5_ret_t +kadm5_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, + uint32_t mask) +{ + return __CALL(get_principal, (server_handle, princ, out, mask)); +} + +/** + * Extract decrypted keys from kadm5_principal_ent_t object. Mostly a + * no-op for Heimdal because we fetch the entry with decrypted keys. + * Sadly this is not fully a no-op, as we have to allocate a copy. + * + * @server_handle is the kadm5 handle + * @entry is the HDB entry for the principal in question + * @ktype is the enctype to get a key for, or -1 to get the first one + * @stype is the salttype to get a key for, or -1 to get the first match + * @kvno is the kvno to search for, or -1 to get the first match (highest kvno) + * @keyblock is where the key will be placed + * @keysalt, if not NULL, is where the salt will be placed + * @kvnop, if not NULL, is where the selected kvno will be placed + */ +kadm5_ret_t +kadm5_decrypt_key(void *server_handle, + kadm5_principal_ent_t entry, + int32_t ktype, int32_t stype, + int32_t kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop) +{ + size_t i; + kadm5_server_context *context = server_handle; + + if (kvno < 1 || stype != -1) + return KADM5_DECRYPT_USAGE_NOSUPP; + + for (i = 0; i < entry->n_key_data; i++) { + if (ktype != entry->key_data[i].key_data_kvno) + continue; + + keyblock->keytype = ktype; + keyblock->keyvalue.length = entry->key_data[i].key_data_length[0]; + keyblock->keyvalue.data = malloc(keyblock->keyvalue.length); + if (keyblock->keyvalue.data == NULL) + return krb5_enomem(context->context); + memcpy(keyblock->keyvalue.data, + entry->key_data[i].key_data_contents[0], + keyblock->keyvalue.length); + } + + return 0; +} + +kadm5_ret_t +kadm5_modify_principal(void *server_handle, + kadm5_principal_ent_t princ, + uint32_t mask) +{ + return __CALL(modify_principal, (server_handle, princ, mask)); +} + +kadm5_ret_t +kadm5_randkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock **new_keys, + int *n_keys) +{ + return __CALL(randkey_principal, (server_handle, princ, FALSE, 0, NULL, + new_keys, n_keys)); +} + +kadm5_ret_t +kadm5_randkey_principal_3(void *server_handle, + krb5_principal princ, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **new_keys, + int *n_keys) +{ + return __CALL(randkey_principal, (server_handle, princ, keepold, + n_ks_tuple, ks_tuple, new_keys, n_keys)); +} + +kadm5_ret_t +kadm5_rename_principal(void *server_handle, + krb5_principal source, + krb5_principal target) +{ + return __CALL(rename_principal, (server_handle, source, target)); +} + +kadm5_ret_t +kadm5_get_principals(void *server_handle, + const char *expression, + char ***princs, + int *count) +{ + return __CALL(get_principals, (server_handle, expression, princs, count)); +} + +kadm5_ret_t +kadm5_iter_principals(void *server_handle, + const char *expression, + int (*cb)(void *, const char *), + void *cbdata) +{ + return __CALL(iter_principals, (server_handle, expression, cb, cbdata)); +} + +kadm5_ret_t +kadm5_get_privs(void *server_handle, + uint32_t *privs) +{ + return __CALL(get_privs, (server_handle, privs)); +} + + +/** + * This function is allows the caller to set new keys for a principal. + * This is a trivial wrapper around kadm5_setkey_principal_3(). + */ +kadm5_ret_t +kadm5_setkey_principal(void *server_handle, + krb5_principal princ, + krb5_keyblock *new_keys, + int n_keys) +{ + return kadm5_setkey_principal_3(server_handle, princ, 0, 0, NULL, + new_keys, n_keys); +} + +/** + * This function is allows the caller to set new keys for a principal. + * This is a simple wrapper around kadm5_get_principal() and + * kadm5_modify_principal(). + */ +kadm5_ret_t +kadm5_setkey_principal_3(void *server_handle, + krb5_principal princ, + krb5_boolean keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + krb5_keyblock *keyblocks, + int n_keys) +{ + kadm5_principal_ent_rec princ_ent; + kadm5_ret_t ret; + krb5_key_data *new_key_data = NULL; + size_t i; + kadm5_server_context *context = server_handle; + + if (n_keys < 1) + return EINVAL; + if (n_ks_tuple > 0 && n_ks_tuple != n_keys) + return KADM5_SETKEY3_ETYPE_MISMATCH; + + /* + * If setkey_principal_3 is defined in the server handle, use that. + */ + if (__CALLABLE(setkey_principal_3)) + return __CALL(setkey_principal_3, + (server_handle, princ, keepold, n_ks_tuple, ks_tuple, + keyblocks, n_keys)); + + /* + * Otherwise, simulate it via a get, update, modify sequence. + */ + ret = kadm5_get_principal(server_handle, princ, &princ_ent, + KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA); + if (ret) + return ret; + + if (keepold) { + new_key_data = calloc((n_keys + princ_ent.n_key_data), + sizeof(*new_key_data)); + if (new_key_data == NULL) { + ret = krb5_enomem(context->context); + goto out; + } + + memcpy(&new_key_data[n_keys], &princ_ent.key_data[0], + princ_ent.n_key_data * sizeof (princ_ent.key_data[0])); + } else { + new_key_data = calloc(n_keys, sizeof(*new_key_data)); + if (new_key_data == NULL) { + ret = krb5_enomem(context->context); + goto out; + } + } + + princ_ent.kvno++; + for (i = 0; i < n_keys; i++) { + new_key_data[i].key_data_ver = 2; + + /* Key */ + new_key_data[i].key_data_kvno = princ_ent.kvno; + new_key_data[i].key_data_type[0] = keyblocks[i].keytype; + new_key_data[i].key_data_length[0] = keyblocks[i].keyvalue.length; + new_key_data[i].key_data_contents[0] = + malloc(keyblocks[i].keyvalue.length); + if (new_key_data[i].key_data_contents[0] == NULL) { + ret = krb5_enomem(context->context); + goto out; + } + memcpy(new_key_data[i].key_data_contents[0], + keyblocks[i].keyvalue.data, + keyblocks[i].keyvalue.length); + + /* + * Salt (but there's no salt, just salttype, which is kinda + * silly -- what's the point of setkey_3() then, besides + * keepold?!) + */ + new_key_data[i].key_data_type[1] = 0; + if (n_ks_tuple > 0) { + if (ks_tuple[i].ks_enctype != keyblocks[i].keytype) { + ret = KADM5_SETKEY3_ETYPE_MISMATCH; + goto out; + } + new_key_data[i].key_data_type[1] = ks_tuple[i].ks_salttype; + } + new_key_data[i].key_data_length[1] = 0; + new_key_data[i].key_data_contents[1] = NULL; + } + + /* Free old keys */ + if (!keepold) { + for (i = 0; i < princ_ent.n_key_data; i++) { + free(princ_ent.key_data[i].key_data_contents[0]); + free(princ_ent.key_data[i].key_data_contents[1]); + } + } + free(princ_ent.key_data); + princ_ent.key_data = new_key_data; + princ_ent.n_key_data = n_keys + (keepold ? princ_ent.n_key_data : 0); + new_key_data = NULL; + + /* Modify the principal */ + ret = kadm5_modify_principal(server_handle, &princ_ent, KADM5_KVNO | KADM5_KEY_DATA); + +out: + if (new_key_data != NULL) { + for (i = 0; i < n_keys; i++) { + free(new_key_data[i].key_data_contents[0]); + free(new_key_data[i].key_data_contents[1]); + } + free(new_key_data); + } + kadm5_free_principal_ent(server_handle, &princ_ent); + return ret; +} + + +kadm5_ret_t +kadm5_lock(void *server_handle) +{ + return __CALL(lock, (server_handle)); +} + +kadm5_ret_t +kadm5_unlock(void *server_handle) +{ + return __CALL(unlock, (server_handle)); +} + + +kadm5_ret_t +kadm5_create_policy(void *server_handle, + kadm5_policy_ent_t policy, long mask) +{ + return KADM5_POLICY_OP_NOSUPP; +} + +kadm5_ret_t +kadm5_delete_policy(void *server_handle, char *name) +{ + return KADM5_POLICY_OP_NOSUPP; +} + + +kadm5_ret_t +kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t policy, + uint32_t mask) +{ + return KADM5_POLICY_OP_NOSUPP; +} + +kadm5_ret_t +kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent) +{ + memset(ent, 0, sizeof (*ent)); + return KADM5_POLICY_OP_NOSUPP; +} + + +kadm5_ret_t +kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count) +{ + *count = 0; + *pols = NULL; + + return KADM5_POLICY_OP_NOSUPP; +} + +kadm5_ret_t +kadm5_free_policy_ent(kadm5_policy_ent_t ent) +{ + if (ent->policy) + free(ent->policy); + /* + * Not clear if we should free ent or not. It might be an automatic + * struct, so we don't free it for now, just in case. + */ + return 0; +} + +kadm5_ret_t +kadm5_prune_principal(void *server_handle, + krb5_principal princ, + int kvno) +{ + return __CALL(prune_principal, (server_handle, princ, kvno)); +} -- cgit v1.2.3