17c478bd9Sstevel@tonic-gate /*
2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
8*55fea89dSDan Cross * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
97c478bd9Sstevel@tonic-gate *
107c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
117c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
127c478bd9Sstevel@tonic-gate * source code before consulting with your legal department.
137c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
147c478bd9Sstevel@tonic-gate * product before consulting with your legal department.
157c478bd9Sstevel@tonic-gate *
167c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision
177c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
187c478bd9Sstevel@tonic-gate * copyright.
197c478bd9Sstevel@tonic-gate *
207c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
217c478bd9Sstevel@tonic-gate *
227c478bd9Sstevel@tonic-gate */
237c478bd9Sstevel@tonic-gate
247c478bd9Sstevel@tonic-gate
257c478bd9Sstevel@tonic-gate /*
267c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
277c478bd9Sstevel@tonic-gate *
28159d09a2SMark Phalan * $Header$
297c478bd9Sstevel@tonic-gate */
307c478bd9Sstevel@tonic-gate
317c478bd9Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__)
32159d09a2SMark Phalan static char *rcsid = "$Header$";
337c478bd9Sstevel@tonic-gate #endif
347c478bd9Sstevel@tonic-gate
357c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> /* SUNWresync121 XXX */
367c478bd9Sstevel@tonic-gate #include <kadm5/admin.h>
377c478bd9Sstevel@tonic-gate #include <kadm5/kadm_rpc.h>
3856a424ccSmp #ifdef HAVE_MEMORY_H
397c478bd9Sstevel@tonic-gate #include <memory.h>
4056a424ccSmp #endif
41159d09a2SMark Phalan #include <errno.h>
427c478bd9Sstevel@tonic-gate #include "client_internal.h"
437c478bd9Sstevel@tonic-gate
4456a424ccSmp #ifdef DEBUG /* SUNWresync14 XXX */
45c54c769dSwillf #define eret() {clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR;}
4656a424ccSmp #else
47c54c769dSwillf #define eret() return KADM5_RPC_ERROR
4856a424ccSmp #endif
4956a424ccSmp
507c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_create_principal(void * server_handle,kadm5_principal_ent_t princ,long mask,char * pw)517c478bd9Sstevel@tonic-gate kadm5_create_principal(void *server_handle,
527c478bd9Sstevel@tonic-gate kadm5_principal_ent_t princ, long mask,
537c478bd9Sstevel@tonic-gate char *pw)
547c478bd9Sstevel@tonic-gate {
557c478bd9Sstevel@tonic-gate generic_ret *r;
567c478bd9Sstevel@tonic-gate cprinc_arg arg;
577c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
587c478bd9Sstevel@tonic-gate
597c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
607c478bd9Sstevel@tonic-gate
617c478bd9Sstevel@tonic-gate memset(&arg, 0, sizeof(arg));
627c478bd9Sstevel@tonic-gate arg.mask = mask;
637c478bd9Sstevel@tonic-gate arg.passwd = pw;
647c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
657c478bd9Sstevel@tonic-gate
667c478bd9Sstevel@tonic-gate if(princ == NULL)
677c478bd9Sstevel@tonic-gate return EINVAL;
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
707c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
717c478bd9Sstevel@tonic-gate } else {
727c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
737c478bd9Sstevel@tonic-gate }
747c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
757c478bd9Sstevel@tonic-gate /*
767c478bd9Sstevel@tonic-gate * hack hack cough cough.
777c478bd9Sstevel@tonic-gate * krb5_unparse name dumps core if we pass it in garbage
787c478bd9Sstevel@tonic-gate * or null. So, since the client is not allowed to set mod_name
797c478bd9Sstevel@tonic-gate * anyway, we just fill it in with a dummy principal. The server of
807c478bd9Sstevel@tonic-gate * course ignores this.
817c478bd9Sstevel@tonic-gate */
827c478bd9Sstevel@tonic-gate /* krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name); */
837c478bd9Sstevel@tonic-gate arg.rec.mod_name = NULL;
847c478bd9Sstevel@tonic-gate } else
857c478bd9Sstevel@tonic-gate arg.rec.mod_name = NULL;
86*55fea89dSDan Cross
877c478bd9Sstevel@tonic-gate if(!(mask & KADM5_POLICY))
887c478bd9Sstevel@tonic-gate arg.rec.policy = NULL;
897c478bd9Sstevel@tonic-gate if (! (mask & KADM5_KEY_DATA)) {
907c478bd9Sstevel@tonic-gate arg.rec.n_key_data = 0;
917c478bd9Sstevel@tonic-gate arg.rec.key_data = NULL;
927c478bd9Sstevel@tonic-gate }
937c478bd9Sstevel@tonic-gate if (! (mask & KADM5_TL_DATA)) {
947c478bd9Sstevel@tonic-gate arg.rec.n_tl_data = 0;
957c478bd9Sstevel@tonic-gate arg.rec.tl_data = NULL;
967c478bd9Sstevel@tonic-gate }
97*55fea89dSDan Cross
98159d09a2SMark Phalan r = create_principal_2(&arg, handle->clnt);
997c478bd9Sstevel@tonic-gate
1007c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1)
1017c478bd9Sstevel@tonic-gate krb5_free_principal(handle->context, arg.rec.mod_name);
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate if(r == NULL)
10456a424ccSmp eret();
1057c478bd9Sstevel@tonic-gate return r->code;
1067c478bd9Sstevel@tonic-gate }
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_create_principal_3(void * server_handle,kadm5_principal_ent_t princ,long mask,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,char * pw)1097c478bd9Sstevel@tonic-gate kadm5_create_principal_3(void *server_handle,
1107c478bd9Sstevel@tonic-gate kadm5_principal_ent_t princ, long mask,
1117c478bd9Sstevel@tonic-gate int n_ks_tuple,
1127c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple,
1137c478bd9Sstevel@tonic-gate char *pw)
1147c478bd9Sstevel@tonic-gate {
1157c478bd9Sstevel@tonic-gate generic_ret *r;
1167c478bd9Sstevel@tonic-gate cprinc3_arg arg;
1177c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
1187c478bd9Sstevel@tonic-gate
1197c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
1207c478bd9Sstevel@tonic-gate
1217c478bd9Sstevel@tonic-gate memset(&arg, 0, sizeof(arg));
1227c478bd9Sstevel@tonic-gate arg.mask = mask;
1237c478bd9Sstevel@tonic-gate arg.passwd = pw;
1247c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
1257c478bd9Sstevel@tonic-gate arg.n_ks_tuple = n_ks_tuple;
1267c478bd9Sstevel@tonic-gate arg.ks_tuple = ks_tuple;
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate if(princ == NULL)
1297c478bd9Sstevel@tonic-gate return EINVAL;
1307c478bd9Sstevel@tonic-gate
1317c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
1327c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
1337c478bd9Sstevel@tonic-gate } else {
1347c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
1357c478bd9Sstevel@tonic-gate }
1367c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
1377c478bd9Sstevel@tonic-gate /*
1387c478bd9Sstevel@tonic-gate * hack hack cough cough.
1397c478bd9Sstevel@tonic-gate * krb5_unparse name dumps core if we pass it in garbage
1407c478bd9Sstevel@tonic-gate * or null. So, since the client is not allowed to set mod_name
1417c478bd9Sstevel@tonic-gate * anyway, we just fill it in with a dummy principal. The server of
1427c478bd9Sstevel@tonic-gate * course ignores this.
1437c478bd9Sstevel@tonic-gate */
1447c478bd9Sstevel@tonic-gate krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
1457c478bd9Sstevel@tonic-gate } else
1467c478bd9Sstevel@tonic-gate arg.rec.mod_name = NULL;
147*55fea89dSDan Cross
1487c478bd9Sstevel@tonic-gate if(!(mask & KADM5_POLICY))
1497c478bd9Sstevel@tonic-gate arg.rec.policy = NULL;
1507c478bd9Sstevel@tonic-gate if (! (mask & KADM5_KEY_DATA)) {
1517c478bd9Sstevel@tonic-gate arg.rec.n_key_data = 0;
1527c478bd9Sstevel@tonic-gate arg.rec.key_data = NULL;
1537c478bd9Sstevel@tonic-gate }
1547c478bd9Sstevel@tonic-gate if (! (mask & KADM5_TL_DATA)) {
1557c478bd9Sstevel@tonic-gate arg.rec.n_tl_data = 0;
1567c478bd9Sstevel@tonic-gate arg.rec.tl_data = NULL;
1577c478bd9Sstevel@tonic-gate }
158*55fea89dSDan Cross
159159d09a2SMark Phalan r = create_principal3_2(&arg, handle->clnt);
1607c478bd9Sstevel@tonic-gate
1617c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1)
1627c478bd9Sstevel@tonic-gate krb5_free_principal(handle->context, arg.rec.mod_name);
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate if(r == NULL)
16556a424ccSmp eret();
1667c478bd9Sstevel@tonic-gate return r->code;
1677c478bd9Sstevel@tonic-gate }
1687c478bd9Sstevel@tonic-gate
1697c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_delete_principal(void * server_handle,krb5_principal principal)1707c478bd9Sstevel@tonic-gate kadm5_delete_principal(void *server_handle, krb5_principal principal)
1717c478bd9Sstevel@tonic-gate {
1727c478bd9Sstevel@tonic-gate dprinc_arg arg;
1737c478bd9Sstevel@tonic-gate generic_ret *r;
1747c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
1757c478bd9Sstevel@tonic-gate
1767c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
1777c478bd9Sstevel@tonic-gate
1787c478bd9Sstevel@tonic-gate if(principal == NULL)
1797c478bd9Sstevel@tonic-gate return EINVAL;
1807c478bd9Sstevel@tonic-gate arg.princ = principal;
1817c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
182159d09a2SMark Phalan r = delete_principal_2(&arg, handle->clnt);
1837c478bd9Sstevel@tonic-gate if(r == NULL)
184*55fea89dSDan Cross eret();
1857c478bd9Sstevel@tonic-gate return r->code;
1867c478bd9Sstevel@tonic-gate }
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_modify_principal(void * server_handle,kadm5_principal_ent_t princ,long mask)1897c478bd9Sstevel@tonic-gate kadm5_modify_principal(void *server_handle,
1907c478bd9Sstevel@tonic-gate kadm5_principal_ent_t princ, long mask)
1917c478bd9Sstevel@tonic-gate {
1927c478bd9Sstevel@tonic-gate mprinc_arg arg;
1937c478bd9Sstevel@tonic-gate generic_ret *r;
1947c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
1977c478bd9Sstevel@tonic-gate
1987c478bd9Sstevel@tonic-gate memset(&arg, 0, sizeof(arg));
1997c478bd9Sstevel@tonic-gate arg.mask = mask;
2007c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
2017c478bd9Sstevel@tonic-gate /*
2027c478bd9Sstevel@tonic-gate * cough cough gag gag
2037c478bd9Sstevel@tonic-gate * see comment in create_principal.
2047c478bd9Sstevel@tonic-gate */
2057c478bd9Sstevel@tonic-gate if(princ == NULL)
2067c478bd9Sstevel@tonic-gate return EINVAL;
2077c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
2087c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
2097c478bd9Sstevel@tonic-gate } else {
2107c478bd9Sstevel@tonic-gate memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
2117c478bd9Sstevel@tonic-gate }
2127c478bd9Sstevel@tonic-gate if(!(mask & KADM5_POLICY))
2137c478bd9Sstevel@tonic-gate arg.rec.policy = NULL;
2147c478bd9Sstevel@tonic-gate if (! (mask & KADM5_KEY_DATA)) {
2157c478bd9Sstevel@tonic-gate arg.rec.n_key_data = 0;
2167c478bd9Sstevel@tonic-gate arg.rec.key_data = NULL;
2177c478bd9Sstevel@tonic-gate }
2187c478bd9Sstevel@tonic-gate if (! (mask & KADM5_TL_DATA)) {
2197c478bd9Sstevel@tonic-gate arg.rec.n_tl_data = 0;
2207c478bd9Sstevel@tonic-gate arg.rec.tl_data = NULL;
2217c478bd9Sstevel@tonic-gate }
2227c478bd9Sstevel@tonic-gate
2237c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
2247c478bd9Sstevel@tonic-gate /*
2257c478bd9Sstevel@tonic-gate * See comment in create_principal
2267c478bd9Sstevel@tonic-gate */
2277c478bd9Sstevel@tonic-gate krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
2287c478bd9Sstevel@tonic-gate } else
2297c478bd9Sstevel@tonic-gate arg.rec.mod_name = NULL;
230*55fea89dSDan Cross
231159d09a2SMark Phalan r = modify_principal_2(&arg, handle->clnt);
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1)
234*55fea89dSDan Cross krb5_free_principal(handle->context, arg.rec.mod_name);
2357c478bd9Sstevel@tonic-gate
2367c478bd9Sstevel@tonic-gate if(r == NULL)
237*55fea89dSDan Cross eret();
2387c478bd9Sstevel@tonic-gate return r->code;
2397c478bd9Sstevel@tonic-gate }
2407c478bd9Sstevel@tonic-gate
2417c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_get_principal(void * server_handle,krb5_principal princ,kadm5_principal_ent_t ent,long mask)2427c478bd9Sstevel@tonic-gate kadm5_get_principal(void *server_handle,
2437c478bd9Sstevel@tonic-gate krb5_principal princ, kadm5_principal_ent_t ent,
2447c478bd9Sstevel@tonic-gate long mask)
2457c478bd9Sstevel@tonic-gate {
2467c478bd9Sstevel@tonic-gate gprinc_arg arg;
2477c478bd9Sstevel@tonic-gate gprinc_ret *r;
2487c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
2517c478bd9Sstevel@tonic-gate
2527c478bd9Sstevel@tonic-gate if(princ == NULL)
2537c478bd9Sstevel@tonic-gate return EINVAL;
2547c478bd9Sstevel@tonic-gate arg.princ = princ;
2557c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1)
2567c478bd9Sstevel@tonic-gate arg.mask = KADM5_PRINCIPAL_NORMAL_MASK;
2577c478bd9Sstevel@tonic-gate else
2587c478bd9Sstevel@tonic-gate arg.mask = mask;
2597c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
260159d09a2SMark Phalan r = get_principal_2(&arg, handle->clnt);
2617c478bd9Sstevel@tonic-gate if(r == NULL)
26256a424ccSmp eret();
2637c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
2647c478bd9Sstevel@tonic-gate kadm5_principal_ent_t_v1 *entp;
2657c478bd9Sstevel@tonic-gate
2667c478bd9Sstevel@tonic-gate entp = (kadm5_principal_ent_t_v1 *) ent;
2677c478bd9Sstevel@tonic-gate if (r->code == 0) {
2687c478bd9Sstevel@tonic-gate if (!(*entp = (kadm5_principal_ent_t_v1)
2697c478bd9Sstevel@tonic-gate malloc(sizeof(kadm5_principal_ent_rec_v1))))
2707c478bd9Sstevel@tonic-gate return ENOMEM;
2717c478bd9Sstevel@tonic-gate /* this memcpy works because the v1 structure is an initial
2727c478bd9Sstevel@tonic-gate subset of the v2 struct. C guarantees that this will
2737c478bd9Sstevel@tonic-gate result in the same layout in memory */
2747c478bd9Sstevel@tonic-gate memcpy(*entp, &r->rec, sizeof(**entp));
2757c478bd9Sstevel@tonic-gate } else {
2767c478bd9Sstevel@tonic-gate *entp = NULL;
2777c478bd9Sstevel@tonic-gate }
2787c478bd9Sstevel@tonic-gate } else {
2797c478bd9Sstevel@tonic-gate if (r->code == 0)
2807c478bd9Sstevel@tonic-gate memcpy(ent, &r->rec, sizeof(r->rec));
2817c478bd9Sstevel@tonic-gate }
282*55fea89dSDan Cross
2837c478bd9Sstevel@tonic-gate return r->code;
2847c478bd9Sstevel@tonic-gate }
2857c478bd9Sstevel@tonic-gate
2867c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_get_principals(void * server_handle,char * exp,char *** princs,int * count)2877c478bd9Sstevel@tonic-gate kadm5_get_principals(void *server_handle,
2887c478bd9Sstevel@tonic-gate char *exp, char ***princs, int *count)
2897c478bd9Sstevel@tonic-gate {
2907c478bd9Sstevel@tonic-gate gprincs_arg arg;
2917c478bd9Sstevel@tonic-gate gprincs_ret *r;
2927c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
2937c478bd9Sstevel@tonic-gate
2947c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
2957c478bd9Sstevel@tonic-gate
2967c478bd9Sstevel@tonic-gate if(princs == NULL || count == NULL)
2977c478bd9Sstevel@tonic-gate return EINVAL;
2987c478bd9Sstevel@tonic-gate arg.exp = exp;
2997c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
300159d09a2SMark Phalan r = get_princs_2(&arg, handle->clnt);
3017c478bd9Sstevel@tonic-gate if(r == NULL)
30256a424ccSmp eret();
3037c478bd9Sstevel@tonic-gate if(r->code == 0) {
3047c478bd9Sstevel@tonic-gate *count = r->count;
3057c478bd9Sstevel@tonic-gate *princs = r->princs;
3067c478bd9Sstevel@tonic-gate } else {
3077c478bd9Sstevel@tonic-gate *count = 0;
3087c478bd9Sstevel@tonic-gate *princs = NULL;
3097c478bd9Sstevel@tonic-gate }
310*55fea89dSDan Cross
3117c478bd9Sstevel@tonic-gate return r->code;
3127c478bd9Sstevel@tonic-gate }
3137c478bd9Sstevel@tonic-gate
3147c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_rename_principal(void * server_handle,krb5_principal source,krb5_principal dest)3157c478bd9Sstevel@tonic-gate kadm5_rename_principal(void *server_handle,
3167c478bd9Sstevel@tonic-gate krb5_principal source, krb5_principal dest)
3177c478bd9Sstevel@tonic-gate {
3187c478bd9Sstevel@tonic-gate rprinc_arg arg;
3197c478bd9Sstevel@tonic-gate generic_ret *r;
3207c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
3217c478bd9Sstevel@tonic-gate
3227c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
3237c478bd9Sstevel@tonic-gate
3247c478bd9Sstevel@tonic-gate arg.src = source;
3257c478bd9Sstevel@tonic-gate arg.dest = dest;
3267c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
3277c478bd9Sstevel@tonic-gate if (source == NULL || dest == NULL)
3287c478bd9Sstevel@tonic-gate return EINVAL;
329159d09a2SMark Phalan r = rename_principal_2(&arg, handle->clnt);
3307c478bd9Sstevel@tonic-gate if(r == NULL)
331*55fea89dSDan Cross eret();
3327c478bd9Sstevel@tonic-gate return r->code;
3337c478bd9Sstevel@tonic-gate }
3347c478bd9Sstevel@tonic-gate
3357c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_chpass_principal(void * server_handle,krb5_principal princ,char * password)3367c478bd9Sstevel@tonic-gate kadm5_chpass_principal(void *server_handle,
3377c478bd9Sstevel@tonic-gate krb5_principal princ, char *password)
3387c478bd9Sstevel@tonic-gate {
3397c478bd9Sstevel@tonic-gate chpass_arg arg;
3407c478bd9Sstevel@tonic-gate generic_ret *r;
3417c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
3427c478bd9Sstevel@tonic-gate
3437c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gate arg.princ = princ;
3467c478bd9Sstevel@tonic-gate arg.pass = password;
3477c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate if(princ == NULL)
3507c478bd9Sstevel@tonic-gate return EINVAL;
351159d09a2SMark Phalan r = chpass_principal_2(&arg, handle->clnt);
3527c478bd9Sstevel@tonic-gate if(r == NULL)
353*55fea89dSDan Cross eret();
3547c478bd9Sstevel@tonic-gate return r->code;
3557c478bd9Sstevel@tonic-gate }
3567c478bd9Sstevel@tonic-gate
3577c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_chpass_principal_3(void * server_handle,krb5_principal princ,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,char * password)3587c478bd9Sstevel@tonic-gate kadm5_chpass_principal_3(void *server_handle,
3597c478bd9Sstevel@tonic-gate krb5_principal princ, krb5_boolean keepold,
3607c478bd9Sstevel@tonic-gate int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
3617c478bd9Sstevel@tonic-gate char *password)
3627c478bd9Sstevel@tonic-gate {
3637c478bd9Sstevel@tonic-gate chpass3_arg arg;
3647c478bd9Sstevel@tonic-gate generic_ret *r;
3657c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
3667c478bd9Sstevel@tonic-gate
3677c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
3687c478bd9Sstevel@tonic-gate
3697c478bd9Sstevel@tonic-gate arg.princ = princ;
3707c478bd9Sstevel@tonic-gate arg.pass = password;
3717c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
3727c478bd9Sstevel@tonic-gate arg.keepold = keepold;
3737c478bd9Sstevel@tonic-gate arg.n_ks_tuple = n_ks_tuple;
3747c478bd9Sstevel@tonic-gate arg.ks_tuple = ks_tuple;
3757c478bd9Sstevel@tonic-gate
3767c478bd9Sstevel@tonic-gate if(princ == NULL)
3777c478bd9Sstevel@tonic-gate return EINVAL;
378159d09a2SMark Phalan r = chpass_principal3_2(&arg, handle->clnt);
3797c478bd9Sstevel@tonic-gate if(r == NULL)
380*55fea89dSDan Cross eret();
3817c478bd9Sstevel@tonic-gate return r->code;
3827c478bd9Sstevel@tonic-gate }
3837c478bd9Sstevel@tonic-gate
3847c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_setv4key_principal(void * server_handle,krb5_principal princ,krb5_keyblock * keyblock)3857c478bd9Sstevel@tonic-gate kadm5_setv4key_principal(void *server_handle,
3867c478bd9Sstevel@tonic-gate krb5_principal princ,
3877c478bd9Sstevel@tonic-gate krb5_keyblock *keyblock)
3887c478bd9Sstevel@tonic-gate {
3897c478bd9Sstevel@tonic-gate setv4key_arg arg;
3907c478bd9Sstevel@tonic-gate generic_ret *r;
3917c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
3927c478bd9Sstevel@tonic-gate
3937c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
3947c478bd9Sstevel@tonic-gate
3957c478bd9Sstevel@tonic-gate arg.princ = princ;
3967c478bd9Sstevel@tonic-gate arg.keyblock = keyblock;
3977c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
3987c478bd9Sstevel@tonic-gate
3997c478bd9Sstevel@tonic-gate if(princ == NULL || keyblock == NULL)
4007c478bd9Sstevel@tonic-gate return EINVAL;
401159d09a2SMark Phalan r = setv4key_principal_2(&arg, handle->clnt);
4027c478bd9Sstevel@tonic-gate if(r == NULL)
403*55fea89dSDan Cross eret();
4047c478bd9Sstevel@tonic-gate return r->code;
4057c478bd9Sstevel@tonic-gate }
4067c478bd9Sstevel@tonic-gate
4077c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_setkey_principal(void * server_handle,krb5_principal princ,krb5_keyblock * keyblocks,int n_keys)4087c478bd9Sstevel@tonic-gate kadm5_setkey_principal(void *server_handle,
4097c478bd9Sstevel@tonic-gate krb5_principal princ,
4107c478bd9Sstevel@tonic-gate krb5_keyblock *keyblocks,
4117c478bd9Sstevel@tonic-gate int n_keys)
4127c478bd9Sstevel@tonic-gate {
4137c478bd9Sstevel@tonic-gate setkey_arg arg;
4147c478bd9Sstevel@tonic-gate generic_ret *r;
4157c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
4167c478bd9Sstevel@tonic-gate
4177c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
4187c478bd9Sstevel@tonic-gate
4197c478bd9Sstevel@tonic-gate arg.princ = princ;
4207c478bd9Sstevel@tonic-gate arg.keyblocks = keyblocks;
4217c478bd9Sstevel@tonic-gate arg.n_keys = n_keys;
4227c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
4237c478bd9Sstevel@tonic-gate
4247c478bd9Sstevel@tonic-gate if(princ == NULL || keyblocks == NULL)
4257c478bd9Sstevel@tonic-gate return EINVAL;
426159d09a2SMark Phalan r = setkey_principal_2(&arg, handle->clnt);
4277c478bd9Sstevel@tonic-gate if(r == NULL)
428*55fea89dSDan Cross eret();
4297c478bd9Sstevel@tonic-gate return r->code;
4307c478bd9Sstevel@tonic-gate }
4317c478bd9Sstevel@tonic-gate
4327c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_setkey_principal_3(void * server_handle,krb5_principal princ,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,krb5_keyblock * keyblocks,int n_keys)4337c478bd9Sstevel@tonic-gate kadm5_setkey_principal_3(void *server_handle,
4347c478bd9Sstevel@tonic-gate krb5_principal princ,
4357c478bd9Sstevel@tonic-gate krb5_boolean keepold, int n_ks_tuple,
4367c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple,
4377c478bd9Sstevel@tonic-gate krb5_keyblock *keyblocks,
4387c478bd9Sstevel@tonic-gate int n_keys)
4397c478bd9Sstevel@tonic-gate {
4407c478bd9Sstevel@tonic-gate setkey3_arg arg;
4417c478bd9Sstevel@tonic-gate generic_ret *r;
4427c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
4437c478bd9Sstevel@tonic-gate
4447c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
4457c478bd9Sstevel@tonic-gate
4467c478bd9Sstevel@tonic-gate arg.princ = princ;
4477c478bd9Sstevel@tonic-gate arg.keyblocks = keyblocks;
4487c478bd9Sstevel@tonic-gate arg.n_keys = n_keys;
4497c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
4507c478bd9Sstevel@tonic-gate arg.keepold = keepold;
4517c478bd9Sstevel@tonic-gate arg.n_ks_tuple = n_ks_tuple;
4527c478bd9Sstevel@tonic-gate arg.ks_tuple = ks_tuple;
4537c478bd9Sstevel@tonic-gate
4547c478bd9Sstevel@tonic-gate if(princ == NULL || keyblocks == NULL)
4557c478bd9Sstevel@tonic-gate return EINVAL;
456159d09a2SMark Phalan r = setkey_principal3_2(&arg, handle->clnt);
4577c478bd9Sstevel@tonic-gate if(r == NULL)
458*55fea89dSDan Cross eret();
4597c478bd9Sstevel@tonic-gate return r->code;
4607c478bd9Sstevel@tonic-gate }
4617c478bd9Sstevel@tonic-gate
4627c478bd9Sstevel@tonic-gate /*
4637c478bd9Sstevel@tonic-gate * Solaris Kerberos:
4647c478bd9Sstevel@tonic-gate * This routine implements just the "old" randkey_principal code.
4657c478bd9Sstevel@tonic-gate * The code in the kadmin client sometimes needs to call this
466*55fea89dSDan Cross * directly when the kadm5_randkey_principal_3 call fails.
4677c478bd9Sstevel@tonic-gate *
4687c478bd9Sstevel@tonic-gate * The kadmin client utility uses a specific set of key/salt tuples,
4697c478bd9Sstevel@tonic-gate * so the standard fallback in kadm5_randkey_principal (see below)
4707c478bd9Sstevel@tonic-gate * will not work because it would result in kadm5_randkey_principal_3
4717c478bd9Sstevel@tonic-gate * being called twice - once with the specific key/salts specified by
4727c478bd9Sstevel@tonic-gate * kadmin and once with the NULL set (used to indicate that the server
4737c478bd9Sstevel@tonic-gate * should use the full set of supported enctypes). Making this
4747c478bd9Sstevel@tonic-gate * routine separate makes the code simpler and avoids making the
4757c478bd9Sstevel@tonic-gate * kadm5_randkey_principal_3 twice from kadmin.
4767c478bd9Sstevel@tonic-gate */
4777c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_randkey_principal_old(void * server_handle,krb5_principal princ,krb5_keyblock ** key,int * n_keys)4787c478bd9Sstevel@tonic-gate kadm5_randkey_principal_old(void *server_handle,
4797c478bd9Sstevel@tonic-gate krb5_principal princ,
4807c478bd9Sstevel@tonic-gate krb5_keyblock **key,
4817c478bd9Sstevel@tonic-gate int *n_keys)
4827c478bd9Sstevel@tonic-gate {
4837c478bd9Sstevel@tonic-gate chrand_arg arg;
4847c478bd9Sstevel@tonic-gate chrand_ret *r;
4857c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
4867c478bd9Sstevel@tonic-gate int i, ret;
4877c478bd9Sstevel@tonic-gate
4887c478bd9Sstevel@tonic-gate /* For safety */
4897c478bd9Sstevel@tonic-gate if (n_keys)
4907c478bd9Sstevel@tonic-gate *n_keys = 0;
4917c478bd9Sstevel@tonic-gate if (key)
4927c478bd9Sstevel@tonic-gate *key = NULL;
4937c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
4947c478bd9Sstevel@tonic-gate
4957c478bd9Sstevel@tonic-gate arg.princ = princ;
4967c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
4977c478bd9Sstevel@tonic-gate
4987c478bd9Sstevel@tonic-gate if(princ == NULL)
4997c478bd9Sstevel@tonic-gate return EINVAL;
500159d09a2SMark Phalan r = chrand_principal_2(&arg, handle->clnt);
5017c478bd9Sstevel@tonic-gate if (r == NULL)
5027c478bd9Sstevel@tonic-gate return KADM5_RPC_ERROR;
5037c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
5047c478bd9Sstevel@tonic-gate if (key)
5057c478bd9Sstevel@tonic-gate krb5_copy_keyblock(handle->context, &r->key, key);
5067c478bd9Sstevel@tonic-gate } else if (key && (r->n_keys > 0)) {
5077c478bd9Sstevel@tonic-gate *key = (krb5_keyblock *) malloc(
5087c478bd9Sstevel@tonic-gate r->n_keys*sizeof(krb5_keyblock));
5097c478bd9Sstevel@tonic-gate if (*key == NULL)
5107c478bd9Sstevel@tonic-gate return ENOMEM;
5117c478bd9Sstevel@tonic-gate for (i = 0; i < r->n_keys; i++) {
5127c478bd9Sstevel@tonic-gate ret = krb5_copy_keyblock_contents(
5137c478bd9Sstevel@tonic-gate handle->context,
5147c478bd9Sstevel@tonic-gate &r->keys[i],
5157c478bd9Sstevel@tonic-gate &(*key)[i]);
5167c478bd9Sstevel@tonic-gate if (ret) {
5177c478bd9Sstevel@tonic-gate free(*key);
5187c478bd9Sstevel@tonic-gate *key = NULL;
5197c478bd9Sstevel@tonic-gate return ENOMEM;
5207c478bd9Sstevel@tonic-gate }
5217c478bd9Sstevel@tonic-gate }
5227c478bd9Sstevel@tonic-gate if (n_keys)
5237c478bd9Sstevel@tonic-gate *n_keys = r->n_keys;
5247c478bd9Sstevel@tonic-gate }
5257c478bd9Sstevel@tonic-gate return (r->code);
5267c478bd9Sstevel@tonic-gate }
5277c478bd9Sstevel@tonic-gate
5287c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_randkey_principal_3(void * server_handle,krb5_principal princ,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,krb5_keyblock ** key,int * n_keys)5297c478bd9Sstevel@tonic-gate kadm5_randkey_principal_3(void *server_handle,
5307c478bd9Sstevel@tonic-gate krb5_principal princ,
5317c478bd9Sstevel@tonic-gate krb5_boolean keepold, int n_ks_tuple,
5327c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple,
5337c478bd9Sstevel@tonic-gate krb5_keyblock **key, int *n_keys)
5347c478bd9Sstevel@tonic-gate {
5357c478bd9Sstevel@tonic-gate chrand3_arg arg;
5367c478bd9Sstevel@tonic-gate chrand_ret *r;
5377c478bd9Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
5387c478bd9Sstevel@tonic-gate int i, ret;
5397c478bd9Sstevel@tonic-gate
540159d09a2SMark Phalan /* Solaris Kerberos - For safety */
5417c478bd9Sstevel@tonic-gate if (n_keys)
5427c478bd9Sstevel@tonic-gate *n_keys = 0;
5437c478bd9Sstevel@tonic-gate if (key)
5447c478bd9Sstevel@tonic-gate *key = NULL;
5457c478bd9Sstevel@tonic-gate
5467c478bd9Sstevel@tonic-gate CHECK_HANDLE(server_handle);
5477c478bd9Sstevel@tonic-gate
5487c478bd9Sstevel@tonic-gate arg.princ = princ;
5497c478bd9Sstevel@tonic-gate arg.api_version = handle->api_version;
5507c478bd9Sstevel@tonic-gate arg.keepold = keepold;
5517c478bd9Sstevel@tonic-gate arg.n_ks_tuple = n_ks_tuple;
5527c478bd9Sstevel@tonic-gate arg.ks_tuple = ks_tuple;
5537c478bd9Sstevel@tonic-gate
5547c478bd9Sstevel@tonic-gate if(princ == NULL)
5557c478bd9Sstevel@tonic-gate return EINVAL;
556159d09a2SMark Phalan r = chrand_principal3_2(&arg, handle->clnt);
5577c478bd9Sstevel@tonic-gate if(r == NULL)
55856a424ccSmp eret();
5597c478bd9Sstevel@tonic-gate if (handle->api_version == KADM5_API_VERSION_1) {
5607c478bd9Sstevel@tonic-gate if (key)
5617c478bd9Sstevel@tonic-gate krb5_copy_keyblock(handle->context, &r->key, key);
56256a424ccSmp } else {
56356a424ccSmp if (n_keys)
56456a424ccSmp *n_keys = r->n_keys;
56556a424ccSmp if (key) {
56656a424ccSmp if(r->n_keys) {
567*55fea89dSDan Cross *key = (krb5_keyblock *)
56856a424ccSmp malloc(r->n_keys*sizeof(krb5_keyblock));
56956a424ccSmp if (*key == NULL)
57056a424ccSmp return ENOMEM;
57156a424ccSmp for (i = 0; i < r->n_keys; i++) {
57256a424ccSmp ret = krb5_copy_keyblock_contents(handle->context,
57356a424ccSmp &r->keys[i],
57456a424ccSmp &(*key)[i]);
57556a424ccSmp if (ret) {
57656a424ccSmp free(*key);
57756a424ccSmp return ENOMEM;
57856a424ccSmp }
57956a424ccSmp }
58056a424ccSmp } else *key = NULL;
58156a424ccSmp }
5827c478bd9Sstevel@tonic-gate }
5837c478bd9Sstevel@tonic-gate
5847c478bd9Sstevel@tonic-gate return r->code;
5857c478bd9Sstevel@tonic-gate }
5867c478bd9Sstevel@tonic-gate
5877c478bd9Sstevel@tonic-gate kadm5_ret_t
kadm5_randkey_principal(void * server_handle,krb5_principal princ,krb5_keyblock ** key,int * n_keys)5887c478bd9Sstevel@tonic-gate kadm5_randkey_principal(void *server_handle,
5897c478bd9Sstevel@tonic-gate krb5_principal princ,
5907c478bd9Sstevel@tonic-gate krb5_keyblock **key, int *n_keys)
5917c478bd9Sstevel@tonic-gate {
592159d09a2SMark Phalan /* Solaris Kerberos */
5937c478bd9Sstevel@tonic-gate kadm5_ret_t kret;
5947c478bd9Sstevel@tonic-gate
5957c478bd9Sstevel@tonic-gate /*
5967c478bd9Sstevel@tonic-gate * Default to trying the newest API to insure that the full
5977c478bd9Sstevel@tonic-gate * set of enctypes is created.
5987c478bd9Sstevel@tonic-gate */
5997c478bd9Sstevel@tonic-gate kret = kadm5_randkey_principal_3(server_handle, princ, FALSE,
6007c478bd9Sstevel@tonic-gate 0, NULL, key, n_keys);
601*55fea89dSDan Cross
6027c478bd9Sstevel@tonic-gate /*
6037c478bd9Sstevel@tonic-gate * We will get an RPC error if the RPC call failed which
6047c478bd9Sstevel@tonic-gate * will normally indicate that the remote procedure did not
6057c478bd9Sstevel@tonic-gate * exist on the server, so try the older API.
6067c478bd9Sstevel@tonic-gate */
6077c478bd9Sstevel@tonic-gate if (kret == KADM5_RPC_ERROR) {
6087c478bd9Sstevel@tonic-gate kret = kadm5_randkey_principal_old(server_handle, princ,
6097c478bd9Sstevel@tonic-gate key, n_keys);
6107c478bd9Sstevel@tonic-gate }
6117c478bd9Sstevel@tonic-gate return (kret);
6127c478bd9Sstevel@tonic-gate }
6137c478bd9Sstevel@tonic-gate
6147c478bd9Sstevel@tonic-gate /* not supported on client side */
kadm5_decrypt_key(void * server_handle,kadm5_principal_ent_t entry,krb5_int32 ktype,krb5_int32 stype,krb5_int32 kvno,krb5_keyblock * keyblock,krb5_keysalt * keysalt,int * kvnop)6157c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_decrypt_key(void *server_handle,
6167c478bd9Sstevel@tonic-gate kadm5_principal_ent_t entry, krb5_int32
6177c478bd9Sstevel@tonic-gate ktype, krb5_int32 stype, krb5_int32
6187c478bd9Sstevel@tonic-gate kvno, krb5_keyblock *keyblock,
6197c478bd9Sstevel@tonic-gate krb5_keysalt *keysalt, int *kvnop)
6207c478bd9Sstevel@tonic-gate {
6217c478bd9Sstevel@tonic-gate return EINVAL;
6227c478bd9Sstevel@tonic-gate }
623