1 /* 2 * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "kdc_locl.h" 35 36 RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $"); 37 38 struct timeval _kdc_now; 39 40 krb5_error_code 41 _kdc_db_fetch(krb5_context context, 42 krb5_kdc_configuration *config, 43 krb5_const_principal principal, 44 unsigned flags, 45 HDB **db, 46 hdb_entry_ex **h) 47 { 48 hdb_entry_ex *ent; 49 krb5_error_code ret; 50 int i; 51 52 ent = calloc (1, sizeof (*ent)); 53 if (ent == NULL) { 54 krb5_set_error_string(context, "out of memory"); 55 return ENOMEM; 56 } 57 58 for(i = 0; i < config->num_db; i++) { 59 ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); 60 if (ret) { 61 kdc_log(context, config, 0, "Failed to open database: %s", 62 krb5_get_err_text(context, ret)); 63 continue; 64 } 65 ret = config->db[i]->hdb_fetch(context, 66 config->db[i], 67 principal, 68 flags | HDB_F_DECRYPT, 69 ent); 70 config->db[i]->hdb_close(context, config->db[i]); 71 if(ret == 0) { 72 if (db) 73 *db = config->db[i]; 74 *h = ent; 75 return 0; 76 } 77 } 78 free(ent); 79 krb5_set_error_string(context, "no such entry found in hdb"); 80 return HDB_ERR_NOENTRY; 81 } 82 83 void 84 _kdc_free_ent(krb5_context context, hdb_entry_ex *ent) 85 { 86 hdb_free_entry (context, ent); 87 free (ent); 88 } 89 90 /* 91 * Use the order list of preferred encryption types and sort the 92 * available keys and return the most preferred key. 93 */ 94 95 krb5_error_code 96 _kdc_get_preferred_key(krb5_context context, 97 krb5_kdc_configuration *config, 98 hdb_entry_ex *h, 99 const char *name, 100 krb5_enctype *enctype, 101 Key **key) 102 { 103 const krb5_enctype *p; 104 krb5_error_code ret; 105 int i; 106 107 p = krb5_kerberos_enctypes(context); 108 109 for (i = 0; p[i] != ETYPE_NULL; i++) { 110 if (krb5_enctype_valid(context, p[i]) != 0) 111 continue; 112 ret = hdb_enctype2key(context, &h->entry, p[i], key); 113 if (ret == 0) { 114 *enctype = p[i]; 115 return 0; 116 } 117 } 118 119 krb5_set_error_string(context, "No valid kerberos key found for %s", name); 120 return EINVAL; 121 } 122 123