xref: /freebsd/crypto/heimdal/kdc/misc.c (revision 271c3a9060f2ee55607ebe146523f888e1db2654)
1 /*
2  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "kdc_locl.h"
35 
36 RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $");
37 
38 struct timeval _kdc_now;
39 
40 krb5_error_code
41 _kdc_db_fetch(krb5_context context,
42 	      krb5_kdc_configuration *config,
43 	      krb5_const_principal principal,
44 	      unsigned flags,
45 	      HDB **db,
46 	      hdb_entry_ex **h)
47 {
48     hdb_entry_ex *ent;
49     krb5_error_code ret;
50     int i;
51 
52     ent = calloc (1, sizeof (*ent));
53     if (ent == NULL) {
54 	krb5_set_error_string(context, "out of memory");
55 	return ENOMEM;
56     }
57 
58     for(i = 0; i < config->num_db; i++) {
59 	ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
60 	if (ret) {
61 	    kdc_log(context, config, 0, "Failed to open database: %s",
62 		    krb5_get_err_text(context, ret));
63 	    continue;
64 	}
65 	ret = config->db[i]->hdb_fetch(context,
66 				       config->db[i],
67 				       principal,
68 				       flags | HDB_F_DECRYPT,
69 				       ent);
70 	config->db[i]->hdb_close(context, config->db[i]);
71 	if(ret == 0) {
72 	    if (db)
73 		*db = config->db[i];
74 	    *h = ent;
75 	    return 0;
76 	}
77     }
78     free(ent);
79     krb5_set_error_string(context, "no such entry found in hdb");
80     return  HDB_ERR_NOENTRY;
81 }
82 
83 void
84 _kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
85 {
86     hdb_free_entry (context, ent);
87     free (ent);
88 }
89 
90 /*
91  * Use the order list of preferred encryption types and sort the
92  * available keys and return the most preferred key.
93  */
94 
95 krb5_error_code
96 _kdc_get_preferred_key(krb5_context context,
97 		       krb5_kdc_configuration *config,
98 		       hdb_entry_ex *h,
99 		       const char *name,
100 		       krb5_enctype *enctype,
101 		       Key **key)
102 {
103     const krb5_enctype *p;
104     krb5_error_code ret;
105     int i;
106 
107     p = krb5_kerberos_enctypes(context);
108 
109     for (i = 0; p[i] != ETYPE_NULL; i++) {
110 	if (krb5_enctype_valid(context, p[i]) != 0)
111 	    continue;
112 	ret = hdb_enctype2key(context, &h->entry, p[i], key);
113 	if (ret == 0) {
114 	    *enctype = p[i];
115 	    return 0;
116 	}
117     }
118 
119     krb5_set_error_string(context, "No valid kerberos key found for %s", name);
120     return EINVAL;
121 }
122 
123