1 1.1 elric /* $NetBSD: randkey_s.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1 elric * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska Hgskolan 5 1.1 elric * (Royal Institute of Technology, Stockholm, Sweden). 6 1.1 elric * All rights reserved. 7 1.1 elric * 8 1.1 elric * Redistribution and use in source and binary forms, with or without 9 1.1 elric * modification, are permitted provided that the following conditions 10 1.1 elric * are met: 11 1.1 elric * 12 1.1 elric * 1. Redistributions of source code must retain the above copyright 13 1.1 elric * notice, this list of conditions and the following disclaimer. 14 1.1 elric * 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * 3. Neither the name of the Institute nor the names of its contributors 20 1.1 elric * may be used to endorse or promote products derived from this software 21 1.1 elric * without specific prior written permission. 22 1.1 elric * 23 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 elric * SUCH DAMAGE. 34 1.1 elric */ 35 1.1 elric 36 1.1 elric #include "kadm5_locl.h" 37 1.1 elric 38 1.1 elric __RCSID("$NetBSD: randkey_s.c,v 1.2 2017/01/28 21:31:49 christos Exp $"); 39 1.1 elric 40 1.1 elric /* 41 1.1 elric * Set the keys of `princ' to random values, returning the random keys 42 1.1 elric * in `new_keys', `n_keys'. 43 1.1 elric */ 44 1.1 elric 45 1.1 elric kadm5_ret_t 46 1.1 elric kadm5_s_randkey_principal(void *server_handle, 47 1.1 elric krb5_principal princ, 48 1.2 christos krb5_boolean keepold, 49 1.2 christos int n_ks_tuple, 50 1.2 christos krb5_key_salt_tuple *ks_tuple, 51 1.1 elric krb5_keyblock **new_keys, 52 1.1 elric int *n_keys) 53 1.1 elric { 54 1.1 elric kadm5_server_context *context = server_handle; 55 1.1 elric hdb_entry_ex ent; 56 1.1 elric kadm5_ret_t ret; 57 1.1 elric 58 1.1 elric memset(&ent, 0, sizeof(ent)); 59 1.2 christos if (!context->keep_open) { 60 1.2 christos ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); 61 1.2 christos if(ret) 62 1.2 christos return ret; 63 1.2 christos } 64 1.2 christos 65 1.2 christos ret = kadm5_log_init(context); 66 1.2 christos if (ret) 67 1.2 christos goto out; 68 1.2 christos 69 1.1 elric ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 70 1.1 elric HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); 71 1.1 elric if(ret) 72 1.2 christos goto out2; 73 1.2 christos 74 1.2 christos if (keepold) { 75 1.2 christos ret = hdb_add_current_keys_to_history(context->context, &ent.entry); 76 1.2 christos if (ret) 77 1.2 christos goto out3; 78 1.2 christos } 79 1.1 elric 80 1.2 christos ret = _kadm5_set_keys_randomly(context, &ent.entry, n_ks_tuple, ks_tuple, 81 1.2 christos new_keys, n_keys); 82 1.1 elric if (ret) 83 1.2 christos goto out3; 84 1.1 elric ent.entry.kvno++; 85 1.1 elric 86 1.2 christos ent.entry.flags.require_pwchange = 0; 87 1.2 christos 88 1.1 elric ret = _kadm5_set_modifier(context, &ent.entry); 89 1.1 elric if(ret) 90 1.2 christos goto out4; 91 1.1 elric ret = _kadm5_bump_pw_expire(context, &ent.entry); 92 1.1 elric if (ret) 93 1.2 christos goto out4; 94 1.1 elric 95 1.2 christos if (keepold) { 96 1.2 christos ret = hdb_seal_keys(context->context, context->db, &ent.entry); 97 1.2 christos if (ret) 98 1.2 christos goto out4; 99 1.2 christos } else { 100 1.2 christos HDB_extension ext; 101 1.2 christos 102 1.2 christos memset(&ext, 0, sizeof (ext)); 103 1.2 christos ext.mandatory = FALSE; 104 1.2 christos ext.data.element = choice_HDB_extension_data_hist_keys; 105 1.2 christos ext.data.u.hist_keys.len = 0; 106 1.2 christos ext.data.u.hist_keys.val = NULL; 107 1.2 christos hdb_replace_extension(context->context, &ent.entry, &ext); 108 1.2 christos } 109 1.1 elric 110 1.2 christos /* This logs the change for iprop and writes to the HDB */ 111 1.2 christos ret = kadm5_log_modify(context, &ent.entry, 112 1.2 christos KADM5_ATTRIBUTES | KADM5_PRINCIPAL | 113 1.2 christos KADM5_MOD_NAME | KADM5_MOD_TIME | 114 1.2 christos KADM5_KEY_DATA | KADM5_KVNO | 115 1.2 christos KADM5_PW_EXPIRATION | KADM5_TL_DATA); 116 1.1 elric 117 1.2 christos out4: 118 1.1 elric if (ret) { 119 1.1 elric int i; 120 1.1 elric 121 1.1 elric for (i = 0; i < *n_keys; ++i) 122 1.2 christos krb5_free_keyblock_contents(context->context, &(*new_keys)[i]); 123 1.1 elric free (*new_keys); 124 1.1 elric *new_keys = NULL; 125 1.1 elric *n_keys = 0; 126 1.1 elric } 127 1.2 christos out3: 128 1.1 elric hdb_free_entry(context->context, &ent); 129 1.2 christos out2: 130 1.2 christos (void) kadm5_log_end(context); 131 1.2 christos out: 132 1.2 christos if (!context->keep_open) { 133 1.2 christos kadm5_ret_t ret2; 134 1.2 christos ret2 = context->db->hdb_close(context->context, context->db); 135 1.2 christos if (ret == 0 && ret2 != 0) 136 1.2 christos ret = ret2; 137 1.2 christos } 138 1.1 elric return _kadm5_error_code(ret); 139 1.1 elric } 140