xref: /illumos-gate/usr/src/cmd/krb5/kadmin/server/misc.c (revision 13b136d3061155363c62c9f6568d25b8b27da8f6)
1 /*
2  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
3  */
4 
5 /*
6  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
7  *
8  *	Openvision retains the copyright to derivative works of
9  *	this source code.  Do *NOT* create a derivative of this
10  *	source code before consulting with your legal department.
11  *	Do *NOT* integrate *ANY* of this source code into another
12  *	product before consulting with your legal department.
13  *
14  *	For further information, read the top-level Openvision
15  *	copyright which is contained in the top-level MIT Kerberos
16  *	copyright.
17  *
18  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
19  *
20  */
21 
22 /*
23  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
24  *
25  */
26 
27 #include    <k5-int.h>
28 #include    <krb5/kdb.h>
29 #include    <kadm5/server_internal.h>
30 #include    <kadm5/admin.h>
31 #include    "misc.h"
32 
33 /*
34  * Function: chpass_principal_wrapper_3
35  *
36  * Purpose: wrapper to kadm5_chpass_principal that checks to see if
37  *	    pw_min_life has been reached. if not it returns an error.
38  *	    otherwise it calls kadm5_chpass_principal
39  *
40  * Arguments:
41  *	principal	(input) krb5_principals whose password we are
42  *				changing
43  *	keepold 	(input) whether to preserve old keys
44  *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
45  *	ks_tuple	(input) array of tuples indicating the caller's
46  *				requested enctypes/salttypes
47  *	password	(input) password we are going to change to.
48  * 	<return value>	0 on success error code on failure.
49  *
50  * Requires:
51  *	kadm5_init to have been run.
52  *
53  * Effects:
54  *	calls kadm5_chpass_principal which changes the kdb and the
55  *	the admin db.
56  *
57  */
58 kadm5_ret_t
59 chpass_principal_wrapper_3(void *server_handle,
60 			   krb5_principal principal,
61 			   krb5_boolean keepold,
62 			   int n_ks_tuple,
63 			   krb5_key_salt_tuple *ks_tuple,
64 			   char *password)
65 {
66     kadm5_ret_t			ret;
67 
68     /* Solaris Kerberos */
69     ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
70     if (ret)
71 	 return ret;
72 
73     return kadm5_chpass_principal_3(server_handle, principal,
74 				    keepold, n_ks_tuple, ks_tuple,
75 				    password);
76 }
77 
78 
79 /*
80  * Function: randkey_principal_wrapper_3
81  *
82  * Purpose: wrapper to kadm5_randkey_principal which checks the
83  *	    password's min. life.
84  *
85  * Arguments:
86  *	principal	    (input) krb5_principal whose password we are
87  *				    changing
88  *	keepold 	(input) whether to preserve old keys
89  *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
90  *	ks_tuple	(input) array of tuples indicating the caller's
91  *				requested enctypes/salttypes
92  *	key		    (output) new random key
93  * 	<return value>	    0, error code on error.
94  *
95  * Requires:
96  *	kadm5_init	 needs to be run
97  *
98  * Effects:
99  *	calls kadm5_randkey_principal
100  *
101  */
102 kadm5_ret_t
103 randkey_principal_wrapper_3(void *server_handle,
104 			    krb5_principal principal,
105 			    krb5_boolean keepold,
106 			    int n_ks_tuple,
107 			    krb5_key_salt_tuple *ks_tuple,
108 			    krb5_keyblock **keys, int *n_keys)
109 {
110     kadm5_ret_t			ret;
111 
112     /* Solaris Kerberos */
113     ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
114     if (ret)
115 	 return ret;
116     return kadm5_randkey_principal_3(server_handle, principal,
117 				     keepold, n_ks_tuple, ks_tuple,
118 				     keys, n_keys);
119 }
120 
121 kadm5_ret_t
122 schpw_util_wrapper(void *server_handle, krb5_principal princ,
123 		   char *new_pw, char **ret_pw,
124 		   char *msg_ret, unsigned int msg_len)
125 {
126     kadm5_ret_t ret;
127 
128     /* Solaris Kerberos */
129     ret = kadm5_check_min_life(server_handle, princ, msg_ret, msg_len);
130     if (ret)
131 	return ret;
132 
133     return kadm5_chpass_principal_util(server_handle, princ,
134 				       new_pw, ret_pw,
135 				       msg_ret, msg_len);
136 }
137 
138 kadm5_ret_t
139 randkey_principal_wrapper(void *server_handle, krb5_principal princ,
140 			  krb5_keyblock ** keys, int *n_keys)
141 {
142     kadm5_ret_t ret;
143 
144     /* Solaris Kerberos */
145     ret = kadm5_check_min_life(server_handle, princ, NULL, 0);
146 	if (ret)
147 	    return ret;
148 
149     return kadm5_randkey_principal(server_handle, princ, keys, n_keys);
150 }
151