154925bf6Swillf /*
22dd2efa5Swillf * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
354925bf6Swillf * Use is subject to license terms.
454925bf6Swillf */
554925bf6Swillf
654925bf6Swillf #include "kdb_ldap.h"
754925bf6Swillf #include "ldap_principal.h"
854925bf6Swillf #include "princ_xdr.h"
954925bf6Swillf #include <kadm5/admin.h>
1054925bf6Swillf
1154925bf6Swillf bool_t
ldap_xdr_krb5_ui_2(XDR * xdrs,krb5_ui_2 * objp)1254925bf6Swillf ldap_xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
1354925bf6Swillf {
1454925bf6Swillf unsigned int tmp;
1554925bf6Swillf
1654925bf6Swillf tmp = (unsigned int) *objp;
1754925bf6Swillf
1854925bf6Swillf if (!xdr_u_int(xdrs, &tmp))
1954925bf6Swillf return(FALSE);
2054925bf6Swillf
2154925bf6Swillf *objp = (krb5_ui_2) tmp;
2254925bf6Swillf return(TRUE);
2354925bf6Swillf }
2454925bf6Swillf
2554925bf6Swillf bool_t
ldap_xdr_krb5_int16(XDR * xdrs,krb5_int16 * objp)2654925bf6Swillf ldap_xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
2754925bf6Swillf {
2854925bf6Swillf int tmp;
2954925bf6Swillf
3054925bf6Swillf tmp = (int) *objp;
3154925bf6Swillf
3254925bf6Swillf if (!xdr_int(xdrs, &tmp))
3354925bf6Swillf return(FALSE);
3454925bf6Swillf
3554925bf6Swillf *objp = (krb5_int16) tmp;
3654925bf6Swillf return(TRUE);
3754925bf6Swillf }
3854925bf6Swillf
3954925bf6Swillf bool_t
ldap_xdr_nullstring(XDR * xdrs,char ** objp)4054925bf6Swillf ldap_xdr_nullstring(XDR *xdrs, char **objp)
4154925bf6Swillf {
4254925bf6Swillf u_int size;
4354925bf6Swillf
4454925bf6Swillf if (xdrs->x_op == XDR_ENCODE) {
4554925bf6Swillf if (*objp == NULL)
4654925bf6Swillf size = 0;
4754925bf6Swillf else
4854925bf6Swillf size = strlen(*objp) + 1;
4954925bf6Swillf }
5054925bf6Swillf if (! xdr_u_int(xdrs, &size)) {
5154925bf6Swillf return FALSE;
5254925bf6Swillf }
5354925bf6Swillf switch (xdrs->x_op) {
5454925bf6Swillf case XDR_DECODE:
5554925bf6Swillf if (size == 0) {
5654925bf6Swillf *objp = NULL;
5754925bf6Swillf return TRUE;
5854925bf6Swillf } else if (*objp == NULL) {
5954925bf6Swillf *objp = (char *) mem_alloc(size);
6054925bf6Swillf if (*objp == NULL) {
6154925bf6Swillf /*errno = ENOMEM;*/
6254925bf6Swillf return FALSE;
6354925bf6Swillf }
6454925bf6Swillf }
6554925bf6Swillf return (xdr_opaque(xdrs, *objp, size));
6654925bf6Swillf
6754925bf6Swillf case XDR_ENCODE:
6854925bf6Swillf if (size != 0)
6954925bf6Swillf return (xdr_opaque(xdrs, *objp, size));
7054925bf6Swillf return TRUE;
7154925bf6Swillf
7254925bf6Swillf case XDR_FREE:
7354925bf6Swillf if (*objp != NULL)
7454925bf6Swillf mem_free(*objp, size);
7554925bf6Swillf *objp = NULL;
7654925bf6Swillf return TRUE;
7754925bf6Swillf }
7854925bf6Swillf return FALSE;
7954925bf6Swillf }
8054925bf6Swillf
8154925bf6Swillf bool_t
ldap_xdr_krb5_kvno(XDR * xdrs,krb5_kvno * objp)8254925bf6Swillf ldap_xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp)
8354925bf6Swillf {
8454925bf6Swillf unsigned char tmp;
8554925bf6Swillf
8654925bf6Swillf tmp = '\0'; /* for purify, else xdr_u_char performs a umr */
8754925bf6Swillf
8854925bf6Swillf if (xdrs->x_op == XDR_ENCODE)
8954925bf6Swillf tmp = (unsigned char) *objp;
9054925bf6Swillf
9154925bf6Swillf if (!xdr_u_char(xdrs, &tmp))
9254925bf6Swillf return (FALSE);
9354925bf6Swillf
9454925bf6Swillf if (xdrs->x_op == XDR_DECODE)
9554925bf6Swillf *objp = (krb5_kvno) tmp;
9654925bf6Swillf return (TRUE);
9754925bf6Swillf }
9854925bf6Swillf
9954925bf6Swillf bool_t
ldap_xdr_krb5_key_data(XDR * xdrs,krb5_key_data * objp)10054925bf6Swillf ldap_xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
10154925bf6Swillf {
10254925bf6Swillf unsigned int tmp;
10354925bf6Swillf
10454925bf6Swillf if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_ver))
10554925bf6Swillf return(FALSE);
10654925bf6Swillf if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_kvno))
10754925bf6Swillf return(FALSE);
10854925bf6Swillf if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
10954925bf6Swillf return(FALSE);
11054925bf6Swillf if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
11154925bf6Swillf return(FALSE);
112*1da57d55SToomas Soome /*
11354925bf6Swillf * Solaris kerberos: need this cast for now, should go away when kdb.h is
11454925bf6Swillf * resynced.
11554925bf6Swillf */
11654925bf6Swillf if (!ldap_xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[0]))
11754925bf6Swillf return(FALSE);
11854925bf6Swillf if (!ldap_xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[1]))
11954925bf6Swillf return(FALSE);
12054925bf6Swillf
12154925bf6Swillf tmp = (unsigned int) objp->key_data_length[0];
12254925bf6Swillf if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
12354925bf6Swillf &tmp, (unsigned int) ~0))
12454925bf6Swillf return FALSE;
12554925bf6Swillf
12654925bf6Swillf tmp = (unsigned int) objp->key_data_length[1];
12754925bf6Swillf if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
12854925bf6Swillf &tmp, (unsigned int) ~0))
12954925bf6Swillf return FALSE;
13054925bf6Swillf
13154925bf6Swillf /* don't need to copy tmp out, since key_data_length will be set
13254925bf6Swillf by the above encoding. */
13354925bf6Swillf return(TRUE);
13454925bf6Swillf }
13554925bf6Swillf
13654925bf6Swillf bool_t
ldap_xdr_osa_pw_hist_ent(XDR * xdrs,osa_pw_hist_ent * objp)13754925bf6Swillf ldap_xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp)
13854925bf6Swillf {
13954925bf6Swillf if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
14054925bf6Swillf (u_int *) &objp->n_key_data, (unsigned int) ~0,
14154925bf6Swillf sizeof(krb5_key_data),
14254925bf6Swillf ldap_xdr_krb5_key_data))
14354925bf6Swillf return (FALSE);
14454925bf6Swillf return (TRUE);
14554925bf6Swillf }
14654925bf6Swillf
14754925bf6Swillf bool_t
ldap_xdr_osa_princ_ent_rec(XDR * xdrs,osa_princ_ent_t objp)14854925bf6Swillf ldap_xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
14954925bf6Swillf {
15054925bf6Swillf switch (xdrs->x_op) {
15154925bf6Swillf case XDR_ENCODE:
15254925bf6Swillf objp->version = OSA_ADB_PRINC_VERSION_1;
15354925bf6Swillf /* fall through */
15454925bf6Swillf /*LINTED*/
15554925bf6Swillf case XDR_FREE:
15654925bf6Swillf if (!xdr_int(xdrs, &objp->version))
15754925bf6Swillf return FALSE;
15854925bf6Swillf break;
15954925bf6Swillf case XDR_DECODE:
16054925bf6Swillf if (!xdr_int(xdrs, &objp->version))
16154925bf6Swillf return FALSE;
16254925bf6Swillf if (objp->version != OSA_ADB_PRINC_VERSION_1)
16354925bf6Swillf return FALSE;
16454925bf6Swillf break;
16554925bf6Swillf }
16654925bf6Swillf
16754925bf6Swillf if (!ldap_xdr_nullstring(xdrs, &objp->policy))
16854925bf6Swillf return (FALSE);
16954925bf6Swillf if (!xdr_long(xdrs, &objp->aux_attributes))
17054925bf6Swillf return (FALSE);
17154925bf6Swillf if (!xdr_u_int(xdrs, &objp->old_key_next))
17254925bf6Swillf return (FALSE);
17354925bf6Swillf if (!ldap_xdr_krb5_kvno(xdrs, &objp->admin_history_kvno))
17454925bf6Swillf return (FALSE);
17554925bf6Swillf if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys,
17654925bf6Swillf (unsigned int *) &objp->old_key_len, (unsigned int) ~0,
17754925bf6Swillf sizeof(osa_pw_hist_ent),
17854925bf6Swillf ldap_xdr_osa_pw_hist_ent))
17954925bf6Swillf return (FALSE);
18054925bf6Swillf return (TRUE);
18154925bf6Swillf }
18254925bf6Swillf
18354925bf6Swillf void
ldap_osa_free_princ_ent(osa_princ_ent_t val)18454925bf6Swillf ldap_osa_free_princ_ent(osa_princ_ent_t val)
18554925bf6Swillf {
18654925bf6Swillf XDR xdrs;
18754925bf6Swillf
18854925bf6Swillf xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
18954925bf6Swillf
19054925bf6Swillf ldap_xdr_osa_princ_ent_rec(&xdrs, val);
19154925bf6Swillf free(val);
19254925bf6Swillf }
19354925bf6Swillf
19454925bf6Swillf krb5_error_code
krb5_lookup_tl_kadm_data(krb5_tl_data * tl_data,osa_princ_ent_rec * princ_entry)19554925bf6Swillf krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry)
19654925bf6Swillf {
19754925bf6Swillf
19854925bf6Swillf XDR xdrs;
19954925bf6Swillf
20054925bf6Swillf xdrmem_create(&xdrs, (const caddr_t)tl_data->tl_data_contents,
20154925bf6Swillf tl_data->tl_data_length, XDR_DECODE);
20254925bf6Swillf if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
20354925bf6Swillf xdr_destroy(&xdrs);
20454925bf6Swillf return(KADM5_XDR_FAILURE);
20554925bf6Swillf }
20654925bf6Swillf xdr_destroy(&xdrs);
20754925bf6Swillf
20854925bf6Swillf return 0;
20954925bf6Swillf
21054925bf6Swillf }
21154925bf6Swillf
21254925bf6Swillf krb5_error_code
krb5_update_tl_kadm_data(policy_dn,new_tl_data,old_tl_data)2132dd2efa5Swillf krb5_update_tl_kadm_data(policy_dn, new_tl_data, old_tl_data)
21454925bf6Swillf char * policy_dn;
21554925bf6Swillf krb5_tl_data * new_tl_data;
2162dd2efa5Swillf /* Solaris Kerberos: adding support for key history in LDAP KDB */
2172dd2efa5Swillf krb5_tl_data * old_tl_data;
21854925bf6Swillf {
21954925bf6Swillf XDR xdrs;
22054925bf6Swillf osa_princ_ent_t princ_entry;
22154925bf6Swillf /* Solaris Kerberos: added the next line to fix a memleak. */
22254925bf6Swillf char *tmpbuf;
22354925bf6Swillf
22454925bf6Swillf if ((princ_entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
22554925bf6Swillf return ENOMEM;
22654925bf6Swillf
22754925bf6Swillf memset(princ_entry, 0, sizeof(osa_princ_ent_rec));
22854925bf6Swillf princ_entry->aux_attributes = KADM5_POLICY;
2292dd2efa5Swillf
2302dd2efa5Swillf /* Solaris Kerberos: adding support for key history in LDAP KDB */
2312dd2efa5Swillf if (old_tl_data != NULL) {
2322dd2efa5Swillf /* get the key history from the old tl_data */
2332dd2efa5Swillf xdrmem_create(&xdrs, (caddr_t)old_tl_data->tl_data_contents,
2342dd2efa5Swillf old_tl_data->tl_data_length, XDR_DECODE);
2352dd2efa5Swillf if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
2362dd2efa5Swillf xdr_destroy(&xdrs);
2372dd2efa5Swillf free(princ_entry);
2382dd2efa5Swillf return(KADM5_XDR_FAILURE);
2392dd2efa5Swillf }
2402dd2efa5Swillf xdr_destroy(&xdrs);
2412dd2efa5Swillf /* will set the policy field further down, avoid mem leak */
2422dd2efa5Swillf free(princ_entry->policy);
2432dd2efa5Swillf } else {
2442dd2efa5Swillf princ_entry->admin_history_kvno = 2;
2452dd2efa5Swillf }
24654925bf6Swillf princ_entry->policy = policy_dn;
24754925bf6Swillf
24854925bf6Swillf xdralloc_create(&xdrs, XDR_ENCODE);
24954925bf6Swillf if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
25054925bf6Swillf xdr_destroy(&xdrs);
25154925bf6Swillf free(princ_entry);
25254925bf6Swillf return(KADM5_XDR_FAILURE);
25354925bf6Swillf }
25454925bf6Swillf new_tl_data->tl_data_type = KRB5_TL_KADM_DATA;
25554925bf6Swillf new_tl_data->tl_data_length = xdr_getpos(&xdrs);
25654925bf6Swillf /* Solaris Kerberos: added the next line to fix a memleak. */
25754925bf6Swillf if ((tmpbuf = (char *) malloc(new_tl_data->tl_data_length)) == NULL)
25854925bf6Swillf return ENOMEM;
25954925bf6Swillf memcpy(tmpbuf, xdralloc_getdata(&xdrs), new_tl_data->tl_data_length);
26054925bf6Swillf new_tl_data->tl_data_contents = (krb5_octet *)tmpbuf;
26154925bf6Swillf
26254925bf6Swillf /* Solaris Kerberos: added the next lines to fix a memleak. */
26354925bf6Swillf free(princ_entry);
26454925bf6Swillf xdr_destroy(&xdrs);
26554925bf6Swillf
26654925bf6Swillf return(0);
26754925bf6Swillf }
268