xref: /illumos-gate/usr/src/lib/krb5/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c (revision 1da57d55)

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "kdb_ldap.h"
#include "ldap_principal.h"
#include "princ_xdr.h"
#include <kadm5/admin.h>

bool_t
ldap_xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
{
    unsigned int tmp;

    tmp = (unsigned int) *objp;

    if (!xdr_u_int(xdrs, &tmp))
	return(FALSE);

    *objp = (krb5_ui_2) tmp;
    return(TRUE);
}

bool_t
ldap_xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
{
    int tmp;

    tmp = (int) *objp;

    if (!xdr_int(xdrs, &tmp))
	return(FALSE);

    *objp = (krb5_int16) tmp;
    return(TRUE);
}

bool_t
ldap_xdr_nullstring(XDR *xdrs, char **objp)
{
    u_int size;

    if (xdrs->x_op == XDR_ENCODE) {
	if (*objp == NULL)
	    size = 0;
	else
	    size = strlen(*objp) + 1;
    }
    if (! xdr_u_int(xdrs, &size)) {
	return FALSE;
    }
    switch (xdrs->x_op) {
    case XDR_DECODE:
	if (size == 0) {
	    *objp = NULL;
	    return TRUE;
	} else if (*objp == NULL) {
	    *objp = (char *) mem_alloc(size);
	    if (*objp == NULL) {
		/*errno = ENOMEM;*/
		return FALSE;
	    }
	}
	return (xdr_opaque(xdrs, *objp, size));

    case XDR_ENCODE:
	if (size != 0)
	    return (xdr_opaque(xdrs, *objp, size));
	return TRUE;

    case XDR_FREE:
	if (*objp != NULL)
	    mem_free(*objp, size);
	*objp = NULL;
	return TRUE;
    }
    return FALSE;
}

bool_t
ldap_xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp)
{
    unsigned char tmp;

    tmp = '\0'; /* for purify, else xdr_u_char performs a umr */

    if (xdrs->x_op == XDR_ENCODE)
	tmp = (unsigned char) *objp;

    if (!xdr_u_char(xdrs, &tmp))
	return (FALSE);

    if (xdrs->x_op == XDR_DECODE)
	*objp = (krb5_kvno) tmp;
    return (TRUE);
}

bool_t
ldap_xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
{
    unsigned int tmp;

    if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_ver))
	return(FALSE);
    if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_kvno))
	return(FALSE);
    if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
	return(FALSE);
    if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
	return(FALSE);
    /*
     * Solaris kerberos: need this cast for now, should go away when kdb.h is
     * resynced.
     */
    if (!ldap_xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[0]))
	return(FALSE);
    if (!ldap_xdr_krb5_ui_2(xdrs, (krb5_ui_2 *)&objp->key_data_length[1]))
	return(FALSE);

    tmp = (unsigned int) objp->key_data_length[0];
    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
		   &tmp, (unsigned int) ~0))
	return FALSE;

    tmp = (unsigned int) objp->key_data_length[1];
    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
		   &tmp, (unsigned int) ~0))
	return FALSE;

    /* don't need to copy tmp out, since key_data_length will be set
       by the above encoding. */
    return(TRUE);
}

bool_t
ldap_xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp)
{
    if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
		   (u_int *) &objp->n_key_data, (unsigned int) ~0,
		   sizeof(krb5_key_data),
		   ldap_xdr_krb5_key_data))
	return (FALSE);
    return (TRUE);
}

bool_t
ldap_xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
{
    switch (xdrs->x_op) {
    case XDR_ENCODE:
	objp->version = OSA_ADB_PRINC_VERSION_1;
	/* fall through */
    /*LINTED*/
    case XDR_FREE:
	if (!xdr_int(xdrs, &objp->version))
	    return FALSE;
	break;
    case XDR_DECODE:
	if (!xdr_int(xdrs, &objp->version))
	    return FALSE;
	if (objp->version != OSA_ADB_PRINC_VERSION_1)
	    return FALSE;
	break;
    }

    if (!ldap_xdr_nullstring(xdrs, &objp->policy))
	return (FALSE);
    if (!xdr_long(xdrs, &objp->aux_attributes))
	return (FALSE);
    if (!xdr_u_int(xdrs, &objp->old_key_next))
	return (FALSE);
    if (!ldap_xdr_krb5_kvno(xdrs, &objp->admin_history_kvno))
	return (FALSE);
    if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys,
		   (unsigned int *) &objp->old_key_len, (unsigned int) ~0,
		   sizeof(osa_pw_hist_ent),
		   ldap_xdr_osa_pw_hist_ent))
	return (FALSE);
    return (TRUE);
}

void
ldap_osa_free_princ_ent(osa_princ_ent_t val)
{
    XDR xdrs;

    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);

    ldap_xdr_osa_princ_ent_rec(&xdrs, val);
    free(val);
}

krb5_error_code
krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry)
{

    XDR xdrs;

    xdrmem_create(&xdrs, (const caddr_t)tl_data->tl_data_contents,
		  tl_data->tl_data_length, XDR_DECODE);
    if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
	xdr_destroy(&xdrs);
	return(KADM5_XDR_FAILURE);
    }
    xdr_destroy(&xdrs);

    return 0;

}

krb5_error_code
krb5_update_tl_kadm_data(policy_dn, new_tl_data, old_tl_data)
    char	        * policy_dn;
    krb5_tl_data        * new_tl_data;
    /* Solaris Kerberos: adding support for key history in LDAP KDB */
    krb5_tl_data        * old_tl_data;
{
    XDR xdrs;
    osa_princ_ent_t princ_entry;
    /* Solaris Kerberos: added the next line to fix a memleak. */
    char *tmpbuf;

    if ((princ_entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
	return ENOMEM;

    memset(princ_entry, 0, sizeof(osa_princ_ent_rec));
    princ_entry->aux_attributes = KADM5_POLICY;

    /* Solaris Kerberos: adding support for key history in LDAP KDB */
    if (old_tl_data != NULL) {
	/* get the key history from the old tl_data */
	xdrmem_create(&xdrs, (caddr_t)old_tl_data->tl_data_contents,
	    old_tl_data->tl_data_length, XDR_DECODE);
	if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
	    xdr_destroy(&xdrs);
	    free(princ_entry);
	    return(KADM5_XDR_FAILURE);
	}
	xdr_destroy(&xdrs);
	/* will set the policy field further down, avoid mem leak */
	free(princ_entry->policy);
    } else {
	princ_entry->admin_history_kvno = 2;
    }
    princ_entry->policy = policy_dn;

    xdralloc_create(&xdrs, XDR_ENCODE);
    if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
	xdr_destroy(&xdrs);
	free(princ_entry);
	return(KADM5_XDR_FAILURE);
    }
    new_tl_data->tl_data_type = KRB5_TL_KADM_DATA;
    new_tl_data->tl_data_length = xdr_getpos(&xdrs);
    /* Solaris Kerberos: added the next line to fix a memleak. */
    if ((tmpbuf = (char *) malloc(new_tl_data->tl_data_length)) == NULL)
	return ENOMEM;
    memcpy(tmpbuf, xdralloc_getdata(&xdrs), new_tl_data->tl_data_length);
    new_tl_data->tl_data_contents = (krb5_octet *)tmpbuf;

    /* Solaris Kerberos: added the next lines to fix a memleak. */
    free(princ_entry);
    xdr_destroy(&xdrs);

    return(0);
}