summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/kadm5/ent_setup.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/kadm5/ent_setup.c')
-rw-r--r--crypto/heimdal/lib/kadm5/ent_setup.c122
1 files changed, 93 insertions, 29 deletions
diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c
index 29fab74..dfc4a9b 100644
--- a/crypto/heimdal/lib/kadm5/ent_setup.c
+++ b/crypto/heimdal/lib/kadm5/ent_setup.c
@@ -33,7 +33,7 @@
#include "kadm5_locl.h"
-RCSID("$Id: ent_setup.c,v 1.12 2000/03/23 23:02:35 assar Exp $");
+RCSID("$Id: ent_setup.c 18823 2006-10-22 10:15:53Z lha $");
#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
#define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
@@ -53,9 +53,65 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
flags->client = 1; /* XXX */
+ flags->ok_as_delegate = !!(attr & KRB5_KDB_OK_AS_DELEGATE);
+ flags->trusted_for_delegation = !!(attr & KRB5_KDB_TRUSTED_FOR_DELEGATION);
+ flags->allow_kerberos4 = !!(attr & KRB5_KDB_ALLOW_KERBEROS4);
+ flags->allow_digest = !!(attr & KRB5_KDB_ALLOW_DIGEST);
}
/*
+ * Modify the `ent' according to `tl_data'.
+ */
+
+static kadm5_ret_t
+perform_tl_data(krb5_context context,
+ HDB *db,
+ hdb_entry_ex *ent,
+ const krb5_tl_data *tl_data)
+{
+ kadm5_ret_t ret = 0;
+
+ if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
+ heim_utf8_string pw = tl_data->tl_data_contents;
+
+ if (pw[tl_data->tl_data_length] != '\0')
+ return KADM5_BAD_TL_TYPE;
+
+ ret = hdb_entry_set_password(context, db, &ent->entry, pw);
+
+ } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
+ unsigned char *s;
+ time_t t;
+
+ if (tl_data->tl_data_length != 4)
+ return KADM5_BAD_TL_TYPE;
+
+ s = tl_data->tl_data_contents;
+
+ t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
+
+ ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
+
+ } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
+ HDB_extension ext;
+
+ ret = decode_HDB_extension(tl_data->tl_data_contents,
+ tl_data->tl_data_length,
+ &ext,
+ NULL);
+ if (ret)
+ return KADM5_BAD_TL_TYPE;
+
+ ret = hdb_replace_extension(context, &ent->entry, &ext);
+ free_HDB_extension(&ext);
+ } else {
+ return KADM5_BAD_TL_TYPE;
+ }
+ return ret;
+}
+
+
+/*
* Create the hdb entry `ent' based on data from `princ' with
* `princ_mask' specifying what fields to be gotten from there and
* `mask' specifying what fields we want filled in.
@@ -63,77 +119,85 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
kadm5_ret_t
_kadm5_setup_entry(kadm5_server_context *context,
- hdb_entry *ent,
- u_int32_t mask,
+ hdb_entry_ex *ent,
+ uint32_t mask,
kadm5_principal_ent_t princ,
- u_int32_t princ_mask,
+ uint32_t princ_mask,
kadm5_principal_ent_t def,
- u_int32_t def_mask)
+ uint32_t def_mask)
{
if(mask & KADM5_PRINC_EXPIRE_TIME
&& princ_mask & KADM5_PRINC_EXPIRE_TIME) {
if (princ->princ_expire_time)
- set_value(ent->valid_end, princ->princ_expire_time);
+ set_value(ent->entry.valid_end, princ->princ_expire_time);
else
- set_null(ent->valid_end);
+ set_null(ent->entry.valid_end);
}
if(mask & KADM5_PW_EXPIRATION
&& princ_mask & KADM5_PW_EXPIRATION) {
if (princ->pw_expiration)
- set_value(ent->pw_end, princ->pw_expiration);
+ set_value(ent->entry.pw_end, princ->pw_expiration);
else
- set_null(ent->pw_end);
+ set_null(ent->entry.pw_end);
}
if(mask & KADM5_ATTRIBUTES) {
if (princ_mask & KADM5_ATTRIBUTES) {
- attr_to_flags(princ->attributes, &ent->flags);
+ attr_to_flags(princ->attributes, &ent->entry.flags);
} else if(def_mask & KADM5_ATTRIBUTES) {
- attr_to_flags(def->attributes, &ent->flags);
- ent->flags.invalid = 0;
+ attr_to_flags(def->attributes, &ent->entry.flags);
+ ent->entry.flags.invalid = 0;
} else {
- ent->flags.client = 1;
- ent->flags.server = 1;
- ent->flags.forwardable = 1;
- ent->flags.proxiable = 1;
- ent->flags.renewable = 1;
- ent->flags.postdate = 1;
+ ent->entry.flags.client = 1;
+ ent->entry.flags.server = 1;
+ ent->entry.flags.forwardable = 1;
+ ent->entry.flags.proxiable = 1;
+ ent->entry.flags.renewable = 1;
+ ent->entry.flags.postdate = 1;
}
}
if(mask & KADM5_MAX_LIFE) {
if(princ_mask & KADM5_MAX_LIFE) {
if(princ->max_life)
- set_value(ent->max_life, princ->max_life);
+ set_value(ent->entry.max_life, princ->max_life);
else
- set_null(ent->max_life);
+ set_null(ent->entry.max_life);
} else if(def_mask & KADM5_MAX_LIFE) {
if(def->max_life)
- set_value(ent->max_life, def->max_life);
+ set_value(ent->entry.max_life, def->max_life);
else
- set_null(ent->max_life);
+ set_null(ent->entry.max_life);
}
}
if(mask & KADM5_KVNO
&& princ_mask & KADM5_KVNO)
- ent->kvno = princ->kvno;
+ ent->entry.kvno = princ->kvno;
if(mask & KADM5_MAX_RLIFE) {
if(princ_mask & KADM5_MAX_RLIFE) {
if(princ->max_renewable_life)
- set_value(ent->max_renew, princ->max_renewable_life);
+ set_value(ent->entry.max_renew, princ->max_renewable_life);
else
- set_null(ent->max_renew);
+ set_null(ent->entry.max_renew);
} else if(def_mask & KADM5_MAX_RLIFE) {
if(def->max_renewable_life)
- set_value(ent->max_renew, def->max_renewable_life);
+ set_value(ent->entry.max_renew, def->max_renewable_life);
else
- set_null(ent->max_renew);
+ set_null(ent->entry.max_renew);
}
}
if(mask & KADM5_KEY_DATA
&& princ_mask & KADM5_KEY_DATA) {
- _kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data);
+ _kadm5_set_keys2(context, &ent->entry,
+ princ->n_key_data, princ->key_data);
}
if(mask & KADM5_TL_DATA) {
- /* XXX */
+ krb5_tl_data *tl;
+
+ for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
+ kadm5_ret_t ret;
+ ret = perform_tl_data(context->context, context->db, ent, tl);
+ if (ret)
+ return ret;
+ }
}
if(mask & KADM5_FAIL_AUTH_COUNT) {
/* XXX */
OpenPOWER on IntegriCloud