source: heimdal/trunk/lib/kadm5/create_s.c

Last change on this file was 1, checked in by Paul Smedley, 10 years ago

Initial commit of Heimdal 1.5.3
File size: 5.7 KB
Line 
1/*
2 * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kadm5_locl.h"
35
36RCSID("$Id$");
37
38static kadm5_ret_t
39get_default(kadm5_server_context *context, krb5_principal princ,
40 kadm5_principal_ent_t def)
41{
42 kadm5_ret_t ret;
43 krb5_principal def_principal;
44 krb5_const_realm realm = krb5_principal_get_realm(context->context, princ);
45
46 ret = krb5_make_principal(context->context, &def_principal,
47 realm, "default", NULL);
48 if (ret)
49 return ret;
50 ret = kadm5_s_get_principal(context, def_principal, def,
51 KADM5_PRINCIPAL_NORMAL_MASK);
52 krb5_free_principal (context->context, def_principal);
53 return ret;
54}
55
56static kadm5_ret_t
57create_principal(kadm5_server_context *context,
58 kadm5_principal_ent_t princ,
59 uint32_t mask,
60 hdb_entry_ex *ent,
61 uint32_t required_mask,
62 uint32_t forbidden_mask)
63{
64 kadm5_ret_t ret;
65 kadm5_principal_ent_rec defrec, *defent;
66 uint32_t def_mask;
67
68 if((mask & required_mask) != required_mask)
69 return KADM5_BAD_MASK;
70 if((mask & forbidden_mask))
71 return KADM5_BAD_MASK;
72 if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
73 /* XXX no real policies for now */
74 return KADM5_UNK_POLICY;
75 memset(ent, 0, sizeof(*ent));
76 ret = krb5_copy_principal(context->context, princ->principal,
77 &ent->entry.principal);
78 if(ret)
79 return ret;
80
81 defent = &defrec;
82 ret = get_default(context, princ->principal, defent);
83 if(ret) {
84 defent = NULL;
85 def_mask = 0;
86 } else {
87 def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;
88 }
89
90 ret = _kadm5_setup_entry(context,
91 ent, mask | def_mask,
92 princ, mask,
93 defent, def_mask);
94 if(defent)
95 kadm5_free_principal_ent(context, defent);
96 if (ret)
97 return ret;
98
99 ent->entry.created_by.time = time(NULL);
100
101 return krb5_copy_principal(context->context, context->caller,
102 &ent->entry.created_by.principal);
103}
104
105kadm5_ret_t
106kadm5_s_create_principal_with_key(void *server_handle,
107 kadm5_principal_ent_t princ,
108 uint32_t mask)
109{
110 kadm5_ret_t ret;
111 hdb_entry_ex ent;
112 kadm5_server_context *context = server_handle;
113
114 ret = create_principal(context, princ, mask, &ent,
115 KADM5_PRINCIPAL | KADM5_KEY_DATA,
116 KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
117 | KADM5_MOD_NAME | KADM5_MKVNO
118 | KADM5_AUX_ATTRIBUTES
119 | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
120 | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
121 if(ret)
122 goto out;
123
124 if ((mask & KADM5_KVNO) == 0)
125 ent.entry.kvno = 1;
126
127 ret = hdb_seal_keys(context->context, context->db, &ent.entry);
128 if (ret)
129 goto out;
130
131 ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
132 if(ret)
133 goto out;
134 ret = context->db->hdb_store(context->context, context->db, 0, &ent);
135 context->db->hdb_close(context->context, context->db);
136 if (ret)
137 goto out;
138 kadm5_log_create (context, &ent.entry);
139
140out:
141 hdb_free_entry(context->context, &ent);
142 return _kadm5_error_code(ret);
143}
144
145
146kadm5_ret_t
147kadm5_s_create_principal(void *server_handle,
148 kadm5_principal_ent_t princ,
149 uint32_t mask,
150 const char *password)
151{
152 kadm5_ret_t ret;
153 hdb_entry_ex ent;
154 kadm5_server_context *context = server_handle;
155
156 ret = create_principal(context, princ, mask, &ent,
157 KADM5_PRINCIPAL,
158 KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
159 | KADM5_MOD_NAME | KADM5_MKVNO
160 | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
161 | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
162 | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
163 if(ret)
164 goto out;
165
166 if ((mask & KADM5_KVNO) == 0)
167 ent.entry.kvno = 1;
168
169 ent.entry.keys.len = 0;
170 ent.entry.keys.val = NULL;
171
172 ret = _kadm5_set_keys(context, &ent.entry, password);
173 if (ret)
174 goto out;
175
176 ret = hdb_seal_keys(context->context, context->db, &ent.entry);
177 if (ret)
178 goto out;
179
180 ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
181 if(ret)
182 goto out;
183 ret = context->db->hdb_store(context->context, context->db, 0, &ent);
184 context->db->hdb_close(context->context, context->db);
185 if (ret)
186 goto out;
187
188 kadm5_log_create (context, &ent.entry);
189
190 out:
191 hdb_free_entry(context->context, &ent);
192 return _kadm5_error_code(ret);
193}
194
Note: See TracBrowser for help on using the repository browser.