1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* 3 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 4 * 5 * $Header$ 6 */ 7 8 #include <gssrpc/rpc.h> 9 #include <kadm5/admin.h> 10 #include <kadm5/kadm_rpc.h> 11 #ifdef HAVE_MEMORY_H 12 #include <memory.h> 13 #endif 14 #include <string.h> 15 #include <errno.h> 16 #include "client_internal.h" 17 18 #ifdef DEBUG 19 #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) 20 #else 21 #define eret() do { return KADM5_RPC_ERROR; } while (0) 22 #endif 23 24 kadm5_ret_t 25 kadm5_create_principal(void *server_handle, 26 kadm5_principal_ent_t princ, long mask, 27 char *pw) 28 { 29 generic_ret r = { 0, 0 }; 30 cprinc_arg arg; 31 kadm5_server_handle_t handle = server_handle; 32 33 CHECK_HANDLE(server_handle); 34 35 memset(&arg, 0, sizeof(arg)); 36 arg.mask = mask; 37 arg.passwd = pw; 38 arg.api_version = handle->api_version; 39 40 if(princ == NULL) 41 return EINVAL; 42 43 memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); 44 arg.rec.mod_name = NULL; 45 46 if(!(mask & KADM5_POLICY)) 47 arg.rec.policy = NULL; 48 if (! (mask & KADM5_KEY_DATA)) { 49 arg.rec.n_key_data = 0; 50 arg.rec.key_data = NULL; 51 } 52 if (! (mask & KADM5_TL_DATA)) { 53 arg.rec.n_tl_data = 0; 54 arg.rec.tl_data = NULL; 55 } 56 57 if (create_principal_2(&arg, &r, handle->clnt)) 58 eret(); 59 return r.code; 60 } 61 62 kadm5_ret_t 63 kadm5_create_principal_3(void *server_handle, 64 kadm5_principal_ent_t princ, long mask, 65 int n_ks_tuple, 66 krb5_key_salt_tuple *ks_tuple, 67 char *pw) 68 { 69 generic_ret r = { 0, 0 }; 70 cprinc3_arg arg; 71 kadm5_server_handle_t handle = server_handle; 72 73 CHECK_HANDLE(server_handle); 74 75 memset(&arg, 0, sizeof(arg)); 76 arg.mask = mask; 77 arg.passwd = pw; 78 arg.api_version = handle->api_version; 79 arg.n_ks_tuple = n_ks_tuple; 80 arg.ks_tuple = ks_tuple; 81 82 if(princ == NULL) 83 return EINVAL; 84 85 memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); 86 arg.rec.mod_name = NULL; 87 88 if(!(mask & KADM5_POLICY)) 89 arg.rec.policy = NULL; 90 if (! (mask & KADM5_KEY_DATA)) { 91 arg.rec.n_key_data = 0; 92 arg.rec.key_data = NULL; 93 } 94 if (! (mask & KADM5_TL_DATA)) { 95 arg.rec.n_tl_data = 0; 96 arg.rec.tl_data = NULL; 97 } 98 99 if (create_principal3_2(&arg, &r, handle->clnt)) 100 eret(); 101 return r.code; 102 } 103 104 kadm5_ret_t 105 kadm5_delete_principal(void *server_handle, krb5_principal principal) 106 { 107 dprinc_arg arg; 108 generic_ret r = { 0, 0 }; 109 kadm5_server_handle_t handle = server_handle; 110 111 CHECK_HANDLE(server_handle); 112 113 if(principal == NULL) 114 return EINVAL; 115 arg.princ = principal; 116 arg.api_version = handle->api_version; 117 if (delete_principal_2(&arg, &r, handle->clnt)) 118 eret(); 119 return r.code; 120 } 121 122 kadm5_ret_t 123 kadm5_modify_principal(void *server_handle, 124 kadm5_principal_ent_t princ, long mask) 125 { 126 mprinc_arg arg; 127 generic_ret r = { 0, 0 }; 128 kadm5_server_handle_t handle = server_handle; 129 130 CHECK_HANDLE(server_handle); 131 132 memset(&arg, 0, sizeof(arg)); 133 arg.mask = mask; 134 arg.api_version = handle->api_version; 135 if(princ == NULL) 136 return EINVAL; 137 memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); 138 if(!(mask & KADM5_POLICY)) 139 arg.rec.policy = NULL; 140 if (! (mask & KADM5_KEY_DATA)) { 141 arg.rec.n_key_data = 0; 142 arg.rec.key_data = NULL; 143 } 144 if (! (mask & KADM5_TL_DATA)) { 145 arg.rec.n_tl_data = 0; 146 arg.rec.tl_data = NULL; 147 } 148 149 arg.rec.mod_name = NULL; 150 151 if (modify_principal_2(&arg, &r, handle->clnt)) 152 eret(); 153 return r.code; 154 } 155 156 kadm5_ret_t 157 kadm5_get_principal(void *server_handle, 158 krb5_principal princ, kadm5_principal_ent_t ent, 159 long mask) 160 { 161 gprinc_arg arg; 162 gprinc_ret r; 163 kadm5_server_handle_t handle = server_handle; 164 165 CHECK_HANDLE(server_handle); 166 167 if(princ == NULL) 168 return EINVAL; 169 arg.princ = princ; 170 arg.mask = mask; 171 arg.api_version = handle->api_version; 172 memset(&r, 0, sizeof(gprinc_ret)); 173 if (get_principal_2(&arg, &r, handle->clnt)) 174 eret(); 175 if (r.code == 0) 176 memcpy(ent, &r.rec, sizeof(r.rec)); 177 178 return r.code; 179 } 180 181 kadm5_ret_t 182 kadm5_get_principals(void *server_handle, 183 char *exp, char ***princs, int *count) 184 { 185 gprincs_arg arg; 186 gprincs_ret r; 187 kadm5_server_handle_t handle = server_handle; 188 189 CHECK_HANDLE(server_handle); 190 191 if(princs == NULL || count == NULL) 192 return EINVAL; 193 arg.exp = exp; 194 arg.api_version = handle->api_version; 195 memset(&r, 0, sizeof(gprincs_ret)); 196 if (get_princs_2(&arg, &r, handle->clnt)) 197 eret(); 198 if (r.code == 0) { 199 *count = r.count; 200 *princs = r.princs; 201 } else { 202 *count = 0; 203 *princs = NULL; 204 } 205 206 return r.code; 207 } 208 209 kadm5_ret_t 210 kadm5_rename_principal(void *server_handle, 211 krb5_principal source, krb5_principal dest) 212 { 213 rprinc_arg arg; 214 generic_ret r = { 0, 0 }; 215 kadm5_server_handle_t handle = server_handle; 216 217 CHECK_HANDLE(server_handle); 218 219 arg.src = source; 220 arg.dest = dest; 221 arg.api_version = handle->api_version; 222 if (source == NULL || dest == NULL) 223 return EINVAL; 224 if (rename_principal_2(&arg, &r, handle->clnt)) 225 eret(); 226 return r.code; 227 } 228 229 kadm5_ret_t 230 kadm5_chpass_principal(void *server_handle, 231 krb5_principal princ, char *password) 232 { 233 chpass_arg arg; 234 generic_ret r = { 0, 0 }; 235 kadm5_server_handle_t handle = server_handle; 236 237 CHECK_HANDLE(server_handle); 238 239 arg.princ = princ; 240 arg.pass = password; 241 arg.api_version = handle->api_version; 242 243 if(princ == NULL) 244 return EINVAL; 245 if (chpass_principal_2(&arg, &r, handle->clnt)) 246 eret(); 247 return r.code; 248 } 249 250 kadm5_ret_t 251 kadm5_chpass_principal_3(void *server_handle, 252 krb5_principal princ, krb5_boolean keepold, 253 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, 254 char *password) 255 { 256 chpass3_arg arg; 257 generic_ret r = { 0, 0 }; 258 kadm5_server_handle_t handle = server_handle; 259 260 CHECK_HANDLE(server_handle); 261 262 arg.princ = princ; 263 arg.pass = password; 264 arg.api_version = handle->api_version; 265 arg.keepold = keepold; 266 arg.n_ks_tuple = n_ks_tuple; 267 arg.ks_tuple = ks_tuple; 268 269 if(princ == NULL) 270 return EINVAL; 271 if (chpass_principal3_2(&arg, &r, handle->clnt)) 272 eret(); 273 return r.code; 274 } 275 276 kadm5_ret_t 277 kadm5_setkey_principal(void *server_handle, 278 krb5_principal princ, 279 krb5_keyblock *keyblocks, 280 int n_keys) 281 { 282 setkey_arg arg; 283 generic_ret r = { 0, 0 }; 284 kadm5_server_handle_t handle = server_handle; 285 286 CHECK_HANDLE(server_handle); 287 288 arg.princ = princ; 289 arg.keyblocks = keyblocks; 290 arg.n_keys = n_keys; 291 arg.api_version = handle->api_version; 292 293 if(princ == NULL || keyblocks == NULL) 294 return EINVAL; 295 if (setkey_principal_2(&arg, &r, handle->clnt)) 296 eret(); 297 return r.code; 298 } 299 300 kadm5_ret_t 301 kadm5_setkey_principal_3(void *server_handle, 302 krb5_principal princ, 303 krb5_boolean keepold, int n_ks_tuple, 304 krb5_key_salt_tuple *ks_tuple, 305 krb5_keyblock *keyblocks, 306 int n_keys) 307 { 308 setkey3_arg arg; 309 generic_ret r = { 0, 0 }; 310 kadm5_server_handle_t handle = server_handle; 311 312 CHECK_HANDLE(server_handle); 313 314 arg.princ = princ; 315 arg.keyblocks = keyblocks; 316 arg.n_keys = n_keys; 317 arg.api_version = handle->api_version; 318 arg.keepold = keepold; 319 arg.n_ks_tuple = n_ks_tuple; 320 arg.ks_tuple = ks_tuple; 321 322 if(princ == NULL || keyblocks == NULL) 323 return EINVAL; 324 if (setkey_principal3_2(&arg, &r, handle->clnt)) 325 eret(); 326 return r.code; 327 } 328 329 kadm5_ret_t 330 kadm5_setkey_principal_4(void *server_handle, 331 krb5_principal princ, 332 krb5_boolean keepold, 333 kadm5_key_data *key_data, 334 int n_key_data) 335 { 336 setkey4_arg arg; 337 generic_ret r = { 0, 0 }; 338 kadm5_server_handle_t handle = server_handle; 339 340 CHECK_HANDLE(server_handle); 341 342 arg.api_version = handle->api_version; 343 arg.princ = princ; 344 arg.keepold = keepold; 345 arg.key_data = key_data; 346 arg.n_key_data = n_key_data; 347 348 if (princ == NULL || key_data == NULL || n_key_data == 0) 349 return EINVAL; 350 if (setkey_principal4_2(&arg, &r, handle->clnt)) 351 eret(); 352 return r.code; 353 } 354 355 kadm5_ret_t 356 kadm5_randkey_principal_3(void *server_handle, 357 krb5_principal princ, 358 krb5_boolean keepold, int n_ks_tuple, 359 krb5_key_salt_tuple *ks_tuple, 360 krb5_keyblock **key, int *n_keys) 361 { 362 chrand3_arg arg; 363 chrand_ret r; 364 kadm5_server_handle_t handle = server_handle; 365 int i; 366 367 CHECK_HANDLE(server_handle); 368 369 arg.princ = princ; 370 arg.api_version = handle->api_version; 371 arg.keepold = keepold; 372 arg.n_ks_tuple = n_ks_tuple; 373 arg.ks_tuple = ks_tuple; 374 375 if(princ == NULL) 376 return EINVAL; 377 memset(&r, 0, sizeof(chrand_ret)); 378 if (chrand_principal3_2(&arg, &r, handle->clnt)) 379 eret(); 380 if (n_keys) 381 *n_keys = r.n_keys; 382 if (key) { 383 *key = r.keys; 384 } else { 385 for (i = 0; i < r.n_keys; i++) 386 krb5_free_keyblock_contents(handle->context, &r.keys[i]); 387 free(r.keys); 388 } 389 return r.code; 390 } 391 392 kadm5_ret_t 393 kadm5_randkey_principal(void *server_handle, 394 krb5_principal princ, 395 krb5_keyblock **key, int *n_keys) 396 { 397 chrand_arg arg; 398 chrand_ret r; 399 kadm5_server_handle_t handle = server_handle; 400 int i; 401 402 CHECK_HANDLE(server_handle); 403 404 arg.princ = princ; 405 arg.api_version = handle->api_version; 406 407 if(princ == NULL) 408 return EINVAL; 409 memset(&r, 0, sizeof(chrand_ret)); 410 if (chrand_principal_2(&arg, &r, handle->clnt)) 411 eret(); 412 if (n_keys) 413 *n_keys = r.n_keys; 414 if (key) { 415 *key = r.keys; 416 } else { 417 for (i = 0; i < r.n_keys; i++) 418 krb5_free_keyblock_contents(handle->context, &r.keys[i]); 419 free(r.keys); 420 } 421 return r.code; 422 } 423 424 /* not supported on client side */ 425 kadm5_ret_t kadm5_decrypt_key(void *server_handle, 426 kadm5_principal_ent_t entry, krb5_int32 427 ktype, krb5_int32 stype, krb5_int32 428 kvno, krb5_keyblock *keyblock, 429 krb5_keysalt *keysalt, int *kvnop) 430 { 431 return EINVAL; 432 } 433 434 kadm5_ret_t 435 kadm5_purgekeys(void *server_handle, 436 krb5_principal princ, 437 int keepkvno) 438 { 439 purgekeys_arg arg; 440 generic_ret r = { 0, 0 }; 441 kadm5_server_handle_t handle = server_handle; 442 443 CHECK_HANDLE(server_handle); 444 445 arg.princ = princ; 446 arg.keepkvno = keepkvno; 447 arg.api_version = handle->api_version; 448 449 if (princ == NULL) 450 return EINVAL; 451 if (purgekeys_2(&arg, &r, handle->clnt)) 452 eret(); 453 return r.code; 454 } 455 456 kadm5_ret_t 457 kadm5_get_strings(void *server_handle, krb5_principal principal, 458 krb5_string_attr **strings_out, int *count_out) 459 { 460 gstrings_arg arg; 461 gstrings_ret r; 462 kadm5_server_handle_t handle = server_handle; 463 464 *strings_out = NULL; 465 *count_out = 0; 466 CHECK_HANDLE(server_handle); 467 if (principal == NULL) 468 return EINVAL; 469 470 arg.princ = principal; 471 arg.api_version = handle->api_version; 472 memset(&r, 0, sizeof(gstrings_ret)); 473 if (get_strings_2(&arg, &r, handle->clnt)) 474 eret(); 475 if (r.code == 0) { 476 *strings_out = r.strings; 477 *count_out = r.count; 478 } 479 return r.code; 480 } 481 482 kadm5_ret_t 483 kadm5_set_string(void *server_handle, krb5_principal principal, 484 const char *key, const char *value) 485 { 486 sstring_arg arg; 487 generic_ret r = { 0, 0 }; 488 kadm5_server_handle_t handle = server_handle; 489 490 CHECK_HANDLE(server_handle); 491 if (principal == NULL || key == NULL) 492 return EINVAL; 493 494 arg.princ = principal; 495 arg.key = (char *)key; 496 arg.value = (char *)value; 497 arg.api_version = handle->api_version; 498 if (set_string_2(&arg, &r, handle->clnt)) 499 eret(); 500 return r.code; 501 } 502 503 kadm5_ret_t 504 kadm5_get_principal_keys(void *server_handle, krb5_principal princ, 505 krb5_kvno kvno, kadm5_key_data **key_data, 506 int *n_key_data) 507 { 508 getpkeys_arg arg; 509 getpkeys_ret r; 510 kadm5_server_handle_t handle = server_handle; 511 512 CHECK_HANDLE(server_handle); 513 514 arg.api_version = handle->api_version; 515 arg.princ = princ; 516 arg.kvno = kvno; 517 518 if (princ == NULL || key_data == NULL || n_key_data == 0) 519 return EINVAL; 520 memset(&r, 0, sizeof(getpkeys_ret)); 521 if (get_principal_keys_2(&arg, &r, handle->clnt)) 522 eret(); 523 if (r.code == 0) { 524 *key_data = r.key_data; 525 *n_key_data = r.n_key_data; 526 } 527 return r.code; 528 } 529