kadm5/srv/svr_principal.c

7c478bd9Sstevel@tonic-gate/*
*661b8ac7SPeter Shoults * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	Openvision retains the copyright to derivative works of
7c478bd9Sstevel@tonic-gate *	this source code.  Do *NOT* create a derivative of this
7c478bd9Sstevel@tonic-gate *	source code before consulting with your legal department.
7c478bd9Sstevel@tonic-gate *	Do *NOT* integrate *ANY* of this source code into another
7c478bd9Sstevel@tonic-gate *	product before consulting with your legal department.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	For further information, read the top-level Openvision
7c478bd9Sstevel@tonic-gate *	copyright which is contained in the top-level MIT Kerberos
7c478bd9Sstevel@tonic-gate *	copyright.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
7c478bd9Sstevel@tonic-gate *
159d09a2SMark Phalan * $Header$
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#if !defined(lint) && !defined(__CODECENTER__)
159d09a2SMark Phalanstatic char *rcsid = "$Header$";
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#include	<sys/types.h>
7c478bd9Sstevel@tonic-gate#include	<sys/time.h>
159d09a2SMark Phalan#include	<errno.h>
159d09a2SMark Phalan#include	"server_internal.h"
7c478bd9Sstevel@tonic-gate#include	<kadm5/admin.h>
54925bf6Swillf#include	<kdb.h>
7c478bd9Sstevel@tonic-gate#include	<stdio.h>
7c478bd9Sstevel@tonic-gate#include	<string.h>
7c478bd9Sstevel@tonic-gate#include	<stdarg.h>
7c478bd9Sstevel@tonic-gate#include	<stdlib.h>
*661b8ac7SPeter Shoults#include	<k5-int.h>
*661b8ac7SPeter Shoults#include	<kadm5/server_internal.h>
*661b8ac7SPeter Shoults#include	<kadm5/admin.h>
56a424ccSmp153739#ifdef USE_PASSWORD_SERVER
56a424ccSmp153739#include	<sys/wait.h>
56a424ccSmp153739#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateextern	krb5_principal	    master_princ;
7c478bd9Sstevel@tonic-gateextern	krb5_principal	    hist_princ;
7c478bd9Sstevel@tonic-gateextern	krb5_keyblock	    hist_key;
7c478bd9Sstevel@tonic-gateextern	krb5_db_entry	    master_db;
7c478bd9Sstevel@tonic-gateextern	krb5_db_entry	    hist_db;
7c478bd9Sstevel@tonic-gateextern  krb5_kvno	    hist_kvno;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestatic int decrypt_key_data(krb5_context context,
7c478bd9Sstevel@tonic-gate			    krb5_keyblock *, int n_key_data, krb5_key_data *key_data,
7c478bd9Sstevel@tonic-gate			    krb5_keyblock **keyblocks, int *n_keys);
7c478bd9Sstevel@tonic-gate
54925bf6Swillfstatic krb5_error_code
54925bf6Swillfkadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)
54925bf6Swillf{
54925bf6Swillf    register krb5_principal tempprinc;
54925bf6Swillf    register int i, nelems;
54925bf6Swillf
54925bf6Swillf    tempprinc = (krb5_principal)krb5_db_alloc(context, NULL, sizeof(krb5_principal_data));
54925bf6Swillf
54925bf6Swillf    if (tempprinc == 0)
54925bf6Swillf        return ENOMEM;
54925bf6Swillf
54925bf6Swillf    memcpy(tempprinc, inprinc, sizeof(krb5_principal_data));
54925bf6Swillf
54925bf6Swillf    nelems = (int) krb5_princ_size(context, inprinc);
54925bf6Swillf    tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data));
54925bf6Swillf
54925bf6Swillf    if (tempprinc->data == 0) {
54925bf6Swillf	krb5_db_free(context, (char *)tempprinc);
54925bf6Swillf        return ENOMEM;
54925bf6Swillf    }
54925bf6Swillf
54925bf6Swillf    for (i = 0; i < nelems; i++) {
54925bf6Swillf        unsigned int len = krb5_princ_component(context, inprinc, i)->length;
54925bf6Swillf        krb5_princ_component(context, tempprinc, i)->length = len;
54925bf6Swillf        if (((krb5_princ_component(context, tempprinc, i)->data =
54925bf6Swillf              krb5_db_alloc(context, NULL, len)) == 0) && len) {
54925bf6Swillf            while (--i >= 0)
54925bf6Swillf                krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
54925bf6Swillf            krb5_db_free (context, tempprinc->data);
54925bf6Swillf            krb5_db_free (context, tempprinc);
54925bf6Swillf            return ENOMEM;
54925bf6Swillf        }
54925bf6Swillf        if (len)
54925bf6Swillf            memcpy(krb5_princ_component(context, tempprinc, i)->data,
54925bf6Swillf                   krb5_princ_component(context, inprinc, i)->data, len);
54925bf6Swillf    }
54925bf6Swillf
54925bf6Swillf    tempprinc->realm.data =
54925bf6Swillf	krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length);
54925bf6Swillf    if (!tempprinc->realm.data && tempprinc->realm.length) {
54925bf6Swillf            for (i = 0; i < nelems; i++)
54925bf6Swillf		krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
54925bf6Swillf            krb5_db_free(context, tempprinc->data);
54925bf6Swillf            krb5_db_free(context, tempprinc);
54925bf6Swillf            return ENOMEM;
54925bf6Swillf    }
54925bf6Swillf    if (tempprinc->realm.length)
54925bf6Swillf        memcpy(tempprinc->realm.data, inprinc->realm.data,
54925bf6Swillf               inprinc->realm.length);
54925bf6Swillf
54925bf6Swillf    *outprinc = tempprinc;
54925bf6Swillf    return 0;
54925bf6Swillf}
54925bf6Swillf
54925bf6Swillfstatic void
54925bf6Swillfkadm5_free_principal(krb5_context context, krb5_principal val)
54925bf6Swillf{
54925bf6Swillf    register krb5_int32 i;
54925bf6Swillf
54925bf6Swillf    if (!val)
54925bf6Swillf        return;
54925bf6Swillf
54925bf6Swillf    if (val->data) {
54925bf6Swillf        i = krb5_princ_size(context, val);
54925bf6Swillf        while(--i >= 0)
54925bf6Swillf            krb5_db_free(context, krb5_princ_component(context, val, i)->data);
54925bf6Swillf        krb5_db_free(context, val->data);
54925bf6Swillf    }
54925bf6Swillf    if (val->realm.data)
54925bf6Swillf        krb5_db_free(context, val->realm.data);
54925bf6Swillf    krb5_db_free(context, val);
54925bf6Swillf}
54925bf6Swillf
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * XXX Functions that ought to be in libkrb5.a, but aren't.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatekadm5_ret_t krb5_copy_key_data_contents(context, from, to)
7c478bd9Sstevel@tonic-gate   krb5_context context;
7c478bd9Sstevel@tonic-gate   krb5_key_data *from, *to;
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     int i, idx;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     *to = *from;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     idx = (from->key_data_ver == 1 ? 1 : 2);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     for (i = 0; i < idx; i++) {
7c478bd9Sstevel@tonic-gate       if ( from->key_data_length[i] ) {
7c478bd9Sstevel@tonic-gate	 to->key_data_contents[i] = malloc(from->key_data_length[i]);
7c478bd9Sstevel@tonic-gate	 if (to->key_data_contents[i] == NULL) {
7c478bd9Sstevel@tonic-gate	   for (i = 0; i < idx; i++) {
7c478bd9Sstevel@tonic-gate	     if (to->key_data_contents[i]) {
7c478bd9Sstevel@tonic-gate	       memset(to->key_data_contents[i], 0,
7c478bd9Sstevel@tonic-gate		      to->key_data_length[i]);
7c478bd9Sstevel@tonic-gate	       free(to->key_data_contents[i]);
7c478bd9Sstevel@tonic-gate	     }
7c478bd9Sstevel@tonic-gate	   }
7c478bd9Sstevel@tonic-gate	   return ENOMEM;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate	 memcpy(to->key_data_contents[i], from->key_data_contents[i],
7c478bd9Sstevel@tonic-gate		from->key_data_length[i]);
7c478bd9Sstevel@tonic-gate       }
7c478bd9Sstevel@tonic-gate     }
7c478bd9Sstevel@tonic-gate     return 0;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestatic krb5_tl_data *dup_tl_data(krb5_tl_data *tl)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     krb5_tl_data *n;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
7c478bd9Sstevel@tonic-gate     if (n == NULL)
7c478bd9Sstevel@tonic-gate	  return NULL;
7c478bd9Sstevel@tonic-gate     n->tl_data_contents = malloc(tl->tl_data_length);
7c478bd9Sstevel@tonic-gate     if (n->tl_data_contents == NULL) {
7c478bd9Sstevel@tonic-gate	  free(n);
7c478bd9Sstevel@tonic-gate	  return NULL;
7c478bd9Sstevel@tonic-gate     }
7c478bd9Sstevel@tonic-gate     memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
7c478bd9Sstevel@tonic-gate     n->tl_data_type = tl->tl_data_type;
7c478bd9Sstevel@tonic-gate     n->tl_data_length = tl->tl_data_length;
7c478bd9Sstevel@tonic-gate     n->tl_data_next = NULL;
7c478bd9Sstevel@tonic-gate     return n;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* This is in lib/kdb/kdb_cpw.c, but is static */
7c478bd9Sstevel@tonic-gatestatic void cleanup_key_data(context, count, data)
7c478bd9Sstevel@tonic-gate   krb5_context	  context;
7c478bd9Sstevel@tonic-gate   int			  count;
7c478bd9Sstevel@tonic-gate   krb5_key_data	* data;
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     int i, j;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     for (i = 0; i < count; i++)
7c478bd9Sstevel@tonic-gate	  for (j = 0; j < data[i].key_data_ver; j++)
7c478bd9Sstevel@tonic-gate	       if (data[i].key_data_length[j])
54925bf6Swillf		   krb5_db_free(context, data[i].key_data_contents[j]);
54925bf6Swillf     krb5_db_free(context, data);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_create_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate			    kadm5_principal_ent_t entry, long mask,
7c478bd9Sstevel@tonic-gate			    char *password)
7c478bd9Sstevel@tonic-gate{
56a424ccSmp153739    return
56a424ccSmp153739	kadm5_create_principal_3(server_handle, entry, mask,
56a424ccSmp153739				 0, NULL, password);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_create_principal_3(void *server_handle,
7c478bd9Sstevel@tonic-gate			 kadm5_principal_ent_t entry, long mask,
7c478bd9Sstevel@tonic-gate			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
7c478bd9Sstevel@tonic-gate			 char *password)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec	polent;
7c478bd9Sstevel@tonic-gate    krb5_int32			now;
7c478bd9Sstevel@tonic-gate    krb5_tl_data		*tl_data_orig, *tl_data_tail;
7c478bd9Sstevel@tonic-gate    unsigned int		ret;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * Argument sanity checking, and opening up the DB
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_MKVNO) || (mask & KADM5_POLICY_CLR) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_FAIL_AUTH_COUNT))
7c478bd9Sstevel@tonic-gate	return KADM5_BAD_MASK;
7c478bd9Sstevel@tonic-gate    if((mask & ~ALL_PRINC_MASK))
7c478bd9Sstevel@tonic-gate	return KADM5_BAD_MASK;
7c478bd9Sstevel@tonic-gate    if (entry == (kadm5_principal_ent_t) NULL || password == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * Check to see if the principal exists
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    switch(ret) {
7c478bd9Sstevel@tonic-gate    case KADM5_UNK_PRINC:
159d09a2SMark Phalan	/* Solaris Kerberos */
54925bf6Swillf	memset(&kdb, 0, sizeof(krb5_db_entry));
54925bf6Swillf	memset(&adb, 0, sizeof(osa_princ_ent_rec));
7c478bd9Sstevel@tonic-gate	break;
7c478bd9Sstevel@tonic-gate    case 0:
54925bf6Swillf	/*
54925bf6Swillf	 * Solaris Kerberos: this allows an addprinc to be done on a mix-in
54925bf6Swillf	 * princ which has no keys initially.
54925bf6Swillf	 */
54925bf6Swillf	if (kdb.n_key_data != 0) {
54925bf6Swillf		/* have a princ with keys, return dupe princ error */
7c478bd9Sstevel@tonic-gate		kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate		return KADM5_DUP;
54925bf6Swillf	} else {
54925bf6Swillf		/*
54925bf6Swillf		 * have a princ with no keys, let's replace it.  Note, want to
54925bf6Swillf		 * keep the existing kdb tl_data (specifically the LDAP plugin
54925bf6Swillf		 * adds the DN to the tl_data which is needed to locate the dir.
54925bf6Swillf		 * entry).
54925bf6Swillf		 */
54925bf6Swillf		kdb_free_entry(handle, NULL, &adb);
54925bf6Swillf		memset(&adb, 0, sizeof(osa_princ_ent_rec));
54925bf6Swillf	}
54925bf6Swillf	break;
7c478bd9Sstevel@tonic-gate    default:
7c478bd9Sstevel@tonic-gate	return ret;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * If a policy was specified, load it.
7c478bd9Sstevel@tonic-gate     * If we can not find the one specified return an error
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	 if ((ret = kadm5_get_policy(handle->lhandle, entry->policy,
7c478bd9Sstevel@tonic-gate				     &polent)) != KADM5_OK) {
7c478bd9Sstevel@tonic-gate	    if(ret == EINVAL)
7c478bd9Sstevel@tonic-gate		return KADM5_BAD_POLICY;
7c478bd9Sstevel@tonic-gate	    else
7c478bd9Sstevel@tonic-gate		return ret;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate    }
56a424ccSmp153739    if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY),
56a424ccSmp153739			    &polent, entry->principal))) {
7c478bd9Sstevel@tonic-gate	if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	return ret;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * Start populating the various DB fields, using the
7c478bd9Sstevel@tonic-gate     * "defaults" for fields that were not specified by the
7c478bd9Sstevel@tonic-gate     * mask.
7c478bd9Sstevel@tonic-gate     */
56a424ccSmp153739    if ((ret = krb5_timeofday(handle->context, &now))) {
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	      (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	 return ret;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb.magic = KRB5_KDB_MAGIC_NUMBER;
7c478bd9Sstevel@tonic-gate    kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
159d09a2SMark Phalan     * Solaris Kerberos:
7c478bd9Sstevel@tonic-gate     * If KADM5_ATTRIBUTES is set, we want to rope in not only
7c478bd9Sstevel@tonic-gate     * entry->attributes, but also the generic params.flags
7c478bd9Sstevel@tonic-gate     * obtained previously via kadm5_get_config_params.
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_ATTRIBUTES)) {
7c478bd9Sstevel@tonic-gate	kdb.attributes = handle->params.flags;
7c478bd9Sstevel@tonic-gate	kdb.attributes |= entry->attributes;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	kdb.attributes = handle->params.flags;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_MAX_LIFE))
7c478bd9Sstevel@tonic-gate	kdb.max_life = entry->max_life;
7c478bd9Sstevel@tonic-gate    else
7c478bd9Sstevel@tonic-gate	kdb.max_life = handle->params.max_life;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_MAX_RLIFE)
7c478bd9Sstevel@tonic-gate	 kdb.max_renewable_life = entry->max_renewable_life;
7c478bd9Sstevel@tonic-gate    else
7c478bd9Sstevel@tonic-gate	 kdb.max_renewable_life = handle->params.max_rlife;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_PRINC_EXPIRE_TIME))
7c478bd9Sstevel@tonic-gate	kdb.expiration = entry->princ_expire_time;
7c478bd9Sstevel@tonic-gate    else
7c478bd9Sstevel@tonic-gate	kdb.expiration = handle->params.expiration;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if(polent.pw_max_life)
7c478bd9Sstevel@tonic-gate	    kdb.pw_expiration = now + polent.pw_max_life;
7c478bd9Sstevel@tonic-gate	else
7c478bd9Sstevel@tonic-gate	    kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_PW_EXPIRATION))
7c478bd9Sstevel@tonic-gate	 kdb.pw_expiration = entry->pw_expiration;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb.last_success = 0;
7c478bd9Sstevel@tonic-gate    kdb.last_failed = 0;
7c478bd9Sstevel@tonic-gate    kdb.fail_auth_count = 0;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* this is kind of gross, but in order to free the tl data, I need
7c478bd9Sstevel@tonic-gate       to free the entire kdb entry, and that will try to free the
7c478bd9Sstevel@tonic-gate       principal. */
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    if ((ret = kadm5_copy_principal(handle->context,
56a424ccSmp153739				    entry->principal, &(kdb.princ)))) {
7c478bd9Sstevel@tonic-gate	if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	return(ret);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
54925bf6Swillf         krb5_db_free_principal(handle->context, &kdb, 1);
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	 return(ret);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    if (mask & KADM5_TL_DATA) {
54925bf6Swillf	/* splice entry->tl_data onto the front of kdb.tl_data */
54925bf6Swillf	tl_data_orig = kdb.tl_data;
54925bf6Swillf	for (tl_data_tail = entry->tl_data; tl_data_tail;
54925bf6Swillf	     tl_data_tail = tl_data_tail->tl_data_next)
54925bf6Swillf	{
54925bf6Swillf	    ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail);
54925bf6Swillf	    if( ret )
54925bf6Swillf	    {
54925bf6Swillf		krb5_db_free_principal(handle->context, &kdb, 1);
54925bf6Swillf		if (mask & KADM5_POLICY)
54925bf6Swillf		    (void) kadm5_free_policy_ent(handle->lhandle, &polent);
54925bf6Swillf		return ret;
54925bf6Swillf	    }
54925bf6Swillf	}
54925bf6Swillf    }
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    /* initialize the keys */
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate			    n_ks_tuple?ks_tuple:handle->params.keysalts,
7c478bd9Sstevel@tonic-gate			    n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
7c478bd9Sstevel@tonic-gate			    password,
7c478bd9Sstevel@tonic-gate			    (mask & KADM5_KVNO)?entry->kvno:1,
56a424ccSmp153739			    FALSE, &kdb))) {
54925bf6Swillf	krb5_db_free_principal(handle->context, &kdb, 1);
7c478bd9Sstevel@tonic-gate	if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	return(ret);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* populate the admin-server-specific fields.  In the OV server,
7c478bd9Sstevel@tonic-gate       this used to be in a separate database.  Since there's already
7c478bd9Sstevel@tonic-gate       marshalling code for the admin fields, to keep things simple,
7c478bd9Sstevel@tonic-gate       I'm going to keep it, and make all the admin stuff occupy a
7c478bd9Sstevel@tonic-gate       single tl_data record, */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    adb.admin_history_kvno = hist_kvno;
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	adb.aux_attributes = KADM5_POLICY;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/* this does *not* need to be strdup'ed, because adb is xdr */
7c478bd9Sstevel@tonic-gate	/* encoded in osa_adb_create_princ, and not ever freed */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	adb.policy = entry->policy;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* increment the policy ref count, if any */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	polent.policy_refcnt++;
7c478bd9Sstevel@tonic-gate	if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
7c478bd9Sstevel@tonic-gate						    KADM5_REF_COUNT))
7c478bd9Sstevel@tonic-gate	    != KADM5_OK) {
54925bf6Swillf	    krb5_db_free_principal(handle->context, &kdb, 1);
7c478bd9Sstevel@tonic-gate	    if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate		 (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	    return(ret);
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    /* In all cases key and the principal data is set, let the database provider know */
54925bf6Swillf    kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* store the new db entry */
7c478bd9Sstevel@tonic-gate    ret = kdb_put_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_db_free_principal(handle->context, &kdb, 1);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (ret) {
7c478bd9Sstevel@tonic-gate	if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	    /* decrement the policy ref count */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	    polent.policy_refcnt--;
7c478bd9Sstevel@tonic-gate	    /*
7c478bd9Sstevel@tonic-gate	     * if this fails, there's nothing we can do anyway.  the
7c478bd9Sstevel@tonic-gate	     * policy refcount wil be too high.
7c478bd9Sstevel@tonic-gate	     */
7c478bd9Sstevel@tonic-gate	    (void) kadm5_modify_policy_internal(handle->lhandle, &polent,
7c478bd9Sstevel@tonic-gate						     KADM5_REF_COUNT);
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate	return(ret);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_POLICY)
7c478bd9Sstevel@tonic-gate	 (void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return KADM5_OK;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_delete_principal(void *server_handle, krb5_principal principal)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    unsigned int		ret;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec	polent;
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if (principal == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	return(ret);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if ((ret = kadm5_get_policy(handle->lhandle,
7c478bd9Sstevel@tonic-gate				    adb.policy, &polent))
7c478bd9Sstevel@tonic-gate	    == KADM5_OK) {
7c478bd9Sstevel@tonic-gate	    polent.policy_refcnt--;
7c478bd9Sstevel@tonic-gate	    if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
7c478bd9Sstevel@tonic-gate							 KADM5_REF_COUNT))
7c478bd9Sstevel@tonic-gate		!= KADM5_OK) {
7c478bd9Sstevel@tonic-gate		(void) kadm5_free_policy_ent(handle->lhandle, &polent);
7c478bd9Sstevel@tonic-gate		kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate		return(ret);
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate	}
56a424ccSmp153739	if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
7c478bd9Sstevel@tonic-gate	     kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate	     return ret;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = kdb_delete_entry(handle, principal);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_modify_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate			    kadm5_principal_ent_t entry, long mask)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    int			    ret, ret2, i;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec    npol, opol;
7c478bd9Sstevel@tonic-gate    int			    have_npol = 0, have_opol = 0;
7c478bd9Sstevel@tonic-gate    krb5_db_entry	    kdb;
56a424ccSmp153739    krb5_tl_data	    *tl_data_orig;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec	    adb;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
7c478bd9Sstevel@tonic-gate       (mask & KADM5_LAST_FAILED))
7c478bd9Sstevel@tonic-gate	return KADM5_BAD_MASK;
7c478bd9Sstevel@tonic-gate    if((mask & ~ALL_PRINC_MASK))
7c478bd9Sstevel@tonic-gate	return KADM5_BAD_MASK;
7c478bd9Sstevel@tonic-gate    if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
7c478bd9Sstevel@tonic-gate	return KADM5_BAD_MASK;
7c478bd9Sstevel@tonic-gate    if(entry == (kadm5_principal_ent_t) NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_TL_DATA) {
7c478bd9Sstevel@tonic-gate	 tl_data_orig = entry->tl_data;
7c478bd9Sstevel@tonic-gate	 while (tl_data_orig) {
7c478bd9Sstevel@tonic-gate	      if (tl_data_orig->tl_data_type < 256)
7c478bd9Sstevel@tonic-gate		   return KADM5_BAD_TL_TYPE;
7c478bd9Sstevel@tonic-gate	      tl_data_orig = tl_data_orig->tl_data_next;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	return(ret);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * This is pretty much the same as create ...
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	 /* get the new policy */
7c478bd9Sstevel@tonic-gate	 ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
7c478bd9Sstevel@tonic-gate	 if (ret) {
7c478bd9Sstevel@tonic-gate	      switch (ret) {
7c478bd9Sstevel@tonic-gate	      case EINVAL:
7c478bd9Sstevel@tonic-gate		   ret = KADM5_BAD_POLICY;
7c478bd9Sstevel@tonic-gate		   break;
7c478bd9Sstevel@tonic-gate	      case KADM5_UNK_POLICY:
7c478bd9Sstevel@tonic-gate	      case KADM5_BAD_POLICY:
7c478bd9Sstevel@tonic-gate		   ret =  KADM5_UNK_POLICY;
7c478bd9Sstevel@tonic-gate		   break;
7c478bd9Sstevel@tonic-gate	      }
7c478bd9Sstevel@tonic-gate	      goto done;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate	 have_npol = 1;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 /* if we already have a policy, get it to decrement the refcnt */
7c478bd9Sstevel@tonic-gate	 if(adb.aux_attributes & KADM5_POLICY) {
7c478bd9Sstevel@tonic-gate	      /* ... but not if the old and new are the same */
7c478bd9Sstevel@tonic-gate	      if(strcmp(adb.policy, entry->policy)) {
7c478bd9Sstevel@tonic-gate		   ret = kadm5_get_policy(handle->lhandle,
7c478bd9Sstevel@tonic-gate					  adb.policy, &opol);
7c478bd9Sstevel@tonic-gate		   switch(ret) {
7c478bd9Sstevel@tonic-gate		   case EINVAL:
7c478bd9Sstevel@tonic-gate		   case KADM5_BAD_POLICY:
7c478bd9Sstevel@tonic-gate		   case KADM5_UNK_POLICY:
7c478bd9Sstevel@tonic-gate			break;
7c478bd9Sstevel@tonic-gate		   case KADM5_OK:
7c478bd9Sstevel@tonic-gate			have_opol = 1;
7c478bd9Sstevel@tonic-gate			opol.policy_refcnt--;
7c478bd9Sstevel@tonic-gate			break;
7c478bd9Sstevel@tonic-gate		   default:
7c478bd9Sstevel@tonic-gate			goto done;
56a424ccSmp153739			break;
7c478bd9Sstevel@tonic-gate		   }
7c478bd9Sstevel@tonic-gate		   npol.policy_refcnt++;
7c478bd9Sstevel@tonic-gate	      }
7c478bd9Sstevel@tonic-gate	 } else npol.policy_refcnt++;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 /* set us up to use the new policy */
7c478bd9Sstevel@tonic-gate	 adb.aux_attributes |= KADM5_POLICY;
7c478bd9Sstevel@tonic-gate	 if (adb.policy)
7c478bd9Sstevel@tonic-gate	      free(adb.policy);
7c478bd9Sstevel@tonic-gate	 adb.policy = strdup(entry->policy);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 /* set pw_max_life based on new policy */
7c478bd9Sstevel@tonic-gate	 if (npol.pw_max_life) {
56a424ccSmp153739	     ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
56a424ccSmp153739						   &(kdb.pw_expiration));
56a424ccSmp153739	     if (ret)
7c478bd9Sstevel@tonic-gate		 goto done;
7c478bd9Sstevel@tonic-gate	     kdb.pw_expiration += npol.pw_max_life;
7c478bd9Sstevel@tonic-gate	 } else {
7c478bd9Sstevel@tonic-gate	     kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY_CLR) &&
7c478bd9Sstevel@tonic-gate	(adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	 ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
7c478bd9Sstevel@tonic-gate	 switch(ret) {
7c478bd9Sstevel@tonic-gate	 case EINVAL:
7c478bd9Sstevel@tonic-gate	 case KADM5_BAD_POLICY:
7c478bd9Sstevel@tonic-gate	 case KADM5_UNK_POLICY:
7c478bd9Sstevel@tonic-gate	      ret = KADM5_BAD_DB;
7c478bd9Sstevel@tonic-gate	      goto done;
56a424ccSmp153739	      break;
7c478bd9Sstevel@tonic-gate	 case KADM5_OK:
7c478bd9Sstevel@tonic-gate	      have_opol = 1;
7c478bd9Sstevel@tonic-gate	      if (adb.policy)
7c478bd9Sstevel@tonic-gate		   free(adb.policy);
7c478bd9Sstevel@tonic-gate	      adb.policy = NULL;
7c478bd9Sstevel@tonic-gate	      adb.aux_attributes &= ~KADM5_POLICY;
7c478bd9Sstevel@tonic-gate	      kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate	      opol.policy_refcnt--;
7c478bd9Sstevel@tonic-gate	      break;
7c478bd9Sstevel@tonic-gate	 default:
7c478bd9Sstevel@tonic-gate	      goto done;
56a424ccSmp153739	      break;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (((mask & KADM5_POLICY) || (mask & KADM5_POLICY_CLR)) &&
7c478bd9Sstevel@tonic-gate	(((have_opol) &&
7c478bd9Sstevel@tonic-gate	  (ret =
7c478bd9Sstevel@tonic-gate	   kadm5_modify_policy_internal(handle->lhandle, &opol,
7c478bd9Sstevel@tonic-gate					     KADM5_REF_COUNT))) ||
7c478bd9Sstevel@tonic-gate	 ((have_npol) &&
7c478bd9Sstevel@tonic-gate	  (ret =
7c478bd9Sstevel@tonic-gate	   kadm5_modify_policy_internal(handle->lhandle, &npol,
7c478bd9Sstevel@tonic-gate					     KADM5_REF_COUNT)))))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_ATTRIBUTES))
7c478bd9Sstevel@tonic-gate	kdb.attributes = entry->attributes;
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_MAX_LIFE))
7c478bd9Sstevel@tonic-gate	kdb.max_life = entry->max_life;
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_PRINC_EXPIRE_TIME))
7c478bd9Sstevel@tonic-gate	kdb.expiration = entry->princ_expire_time;
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_PW_EXPIRATION)
7c478bd9Sstevel@tonic-gate	 kdb.pw_expiration = entry->pw_expiration;
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_MAX_RLIFE)
7c478bd9Sstevel@tonic-gate	 kdb.max_renewable_life = entry->max_renewable_life;
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_FAIL_AUTH_COUNT)
7c478bd9Sstevel@tonic-gate	 kdb.fail_auth_count = entry->fail_auth_count;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if((mask & KADM5_KVNO)) {
7c478bd9Sstevel@tonic-gate	 for (i = 0; i < kdb.n_key_data; i++)
7c478bd9Sstevel@tonic-gate	      kdb.key_data[i].key_data_kvno = entry->kvno;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_TL_DATA) {
54925bf6Swillf	 krb5_tl_data *tl;
54925bf6Swillf
54925bf6Swillf	 /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
54925bf6Swillf
54925bf6Swillf	 for (tl = entry->tl_data; tl;
54925bf6Swillf	      tl = tl->tl_data_next)
54925bf6Swillf	 {
54925bf6Swillf	     ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl);
54925bf6Swillf	     if( ret )
54925bf6Swillf	     {
54925bf6Swillf		 goto done;
54925bf6Swillf	     }
54925bf6Swillf	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    /* let the mask propagate to the database provider */
54925bf6Swillf    kdb.mask = mask;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = kdb_put_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    if (ret) goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = KADM5_OK;
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    if (have_opol) {
7c478bd9Sstevel@tonic-gate	 ret2 = kadm5_free_policy_ent(handle->lhandle, &opol);
7c478bd9Sstevel@tonic-gate	 ret = ret ? ret : ret2;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate    if (have_npol) {
7c478bd9Sstevel@tonic-gate	 ret2 = kadm5_free_policy_ent(handle->lhandle, &npol);
7c478bd9Sstevel@tonic-gate	 ret = ret ? ret : ret2;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_rename_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate			    krb5_principal source, krb5_principal target)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_db_entry	kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec	adb;
7c478bd9Sstevel@tonic-gate    int			ret, i;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if (source == NULL || target == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) {
7c478bd9Sstevel@tonic-gate	kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate	return(KADM5_DUP);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, source, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	return ret;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* this is kinda gross, but unavoidable */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    for (i=0; i<kdb.n_key_data; i++) {
7c478bd9Sstevel@tonic-gate	if ((kdb.key_data[i].key_data_ver == 1) ||
7c478bd9Sstevel@tonic-gate	    (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
7c478bd9Sstevel@tonic-gate	    ret = KADM5_NO_RENAME_SALT;
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    kadm5_free_principal(handle->context, kdb.princ);
54925bf6Swillf    ret = kadm5_copy_principal(handle->context, target, &kdb.princ);
56a424ccSmp153739    if (ret) {
7c478bd9Sstevel@tonic-gate	kdb.princ = NULL; /* so freeing the dbe doesn't lose */
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = kdb_delete_entry(handle, source);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_get_principal(void *server_handle, krb5_principal principal,
7c478bd9Sstevel@tonic-gate		    kadm5_principal_ent_t entry,
7c478bd9Sstevel@tonic-gate		    long in_mask)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
54925bf6Swillf    krb5_error_code		ret = 0;
7c478bd9Sstevel@tonic-gate    long			mask;
7c478bd9Sstevel@tonic-gate    int i;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate    kadm5_principal_ent_rec	entry_local, *entry_orig;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * In version 1, all the defined fields are always returned.
7c478bd9Sstevel@tonic-gate     * entry is a pointer to a kadm5_principal_ent_t_v1 that should be
7c478bd9Sstevel@tonic-gate     * filled with allocated memory.
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if (handle->api_version == KADM5_API_VERSION_1) {
7c478bd9Sstevel@tonic-gate	 mask = KADM5_PRINCIPAL_NORMAL_MASK;
7c478bd9Sstevel@tonic-gate	 entry_orig = entry;
7c478bd9Sstevel@tonic-gate	 entry = &entry_local;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	 mask = in_mask;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    memset((char *) entry, 0, sizeof(*entry));
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (principal == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	return ret;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_POLICY) &&
7c478bd9Sstevel@tonic-gate	adb.policy && (adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if ((entry->policy = (char *) malloc(strlen(adb.policy) + 1)) == NULL) {
7c478bd9Sstevel@tonic-gate	    ret = ENOMEM;
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate	strcpy(entry->policy, adb.policy);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_AUX_ATTRIBUTES)
7c478bd9Sstevel@tonic-gate	 entry->aux_attributes = adb.aux_attributes;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_PRINCIPAL) &&
7c478bd9Sstevel@tonic-gate	(ret = krb5_copy_principal(handle->context, principal,
7c478bd9Sstevel@tonic-gate				   &entry->principal))) {
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_PRINC_EXPIRE_TIME)
7c478bd9Sstevel@tonic-gate	 entry->princ_expire_time = kdb.expiration;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_LAST_PWD_CHANGE) &&
7c478bd9Sstevel@tonic-gate	(ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
7c478bd9Sstevel@tonic-gate					       &(entry->last_pwd_change)))) {
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_PW_EXPIRATION)
7c478bd9Sstevel@tonic-gate	 entry->pw_expiration = kdb.pw_expiration;
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_MAX_LIFE)
7c478bd9Sstevel@tonic-gate	 entry->max_life = kdb.max_life;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* this is a little non-sensical because the function returns two */
7c478bd9Sstevel@tonic-gate    /* values that must be checked separately against the mask */
7c478bd9Sstevel@tonic-gate    if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
56a424ccSmp153739	ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
7c478bd9Sstevel@tonic-gate					     &(entry->mod_date),
56a424ccSmp153739					     &(entry->mod_name));
56a424ccSmp153739	if (ret) {
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate	}
56a424ccSmp153739
7c478bd9Sstevel@tonic-gate	if (! (mask & KADM5_MOD_TIME))
7c478bd9Sstevel@tonic-gate	    entry->mod_date = 0;
7c478bd9Sstevel@tonic-gate	if (! (mask & KADM5_MOD_NAME)) {
7c478bd9Sstevel@tonic-gate	    krb5_free_principal(handle->context, entry->principal);
7c478bd9Sstevel@tonic-gate	    entry->principal = NULL;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_ATTRIBUTES)
7c478bd9Sstevel@tonic-gate	 entry->attributes = kdb.attributes;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (mask & KADM5_KVNO)
7c478bd9Sstevel@tonic-gate	 for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++)
7c478bd9Sstevel@tonic-gate	      if (kdb.key_data[i].key_data_kvno > entry->kvno)
7c478bd9Sstevel@tonic-gate		   entry->kvno = kdb.key_data[i].key_data_kvno;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (handle->api_version == KADM5_API_VERSION_2)
7c478bd9Sstevel@tonic-gate	 entry->mkvno = 0;
7c478bd9Sstevel@tonic-gate    else {
7c478bd9Sstevel@tonic-gate	 /* XXX I'll be damned if I know how to deal with this one --marc */
7c478bd9Sstevel@tonic-gate	 entry->mkvno = 1;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * The new fields that only exist in version 2 start here
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if (handle->api_version == KADM5_API_VERSION_2) {
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_MAX_RLIFE)
7c478bd9Sstevel@tonic-gate	      entry->max_renewable_life = kdb.max_renewable_life;
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_LAST_SUCCESS)
7c478bd9Sstevel@tonic-gate	      entry->last_success = kdb.last_success;
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_LAST_FAILED)
7c478bd9Sstevel@tonic-gate	      entry->last_failed = kdb.last_failed;
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_FAIL_AUTH_COUNT)
7c478bd9Sstevel@tonic-gate	      entry->fail_auth_count = kdb.fail_auth_count;
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_TL_DATA) {
56a424ccSmp153739	      krb5_tl_data *tl, *tl2;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	      entry->tl_data = NULL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	      tl = kdb.tl_data;
7c478bd9Sstevel@tonic-gate	      while (tl) {
7c478bd9Sstevel@tonic-gate		   if (tl->tl_data_type > 255) {
7c478bd9Sstevel@tonic-gate			if ((tl2 = dup_tl_data(tl)) == NULL) {
7c478bd9Sstevel@tonic-gate			     ret = ENOMEM;
7c478bd9Sstevel@tonic-gate			     goto done;
7c478bd9Sstevel@tonic-gate			}
7c478bd9Sstevel@tonic-gate			tl2->tl_data_next = entry->tl_data;
7c478bd9Sstevel@tonic-gate			entry->tl_data = tl2;
7c478bd9Sstevel@tonic-gate			entry->n_tl_data++;
7c478bd9Sstevel@tonic-gate		   }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate		   tl = tl->tl_data_next;
7c478bd9Sstevel@tonic-gate	      }
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate	 if (mask & KADM5_KEY_DATA) {
7c478bd9Sstevel@tonic-gate	      entry->n_key_data = kdb.n_key_data;
7c478bd9Sstevel@tonic-gate	      if(entry->n_key_data) {
7c478bd9Sstevel@tonic-gate		      entry->key_data = (krb5_key_data *)
7c478bd9Sstevel@tonic-gate			      malloc(entry->n_key_data*sizeof(krb5_key_data));
7c478bd9Sstevel@tonic-gate		      if (entry->key_data == NULL) {
7c478bd9Sstevel@tonic-gate			      ret = ENOMEM;
7c478bd9Sstevel@tonic-gate			      goto done;
7c478bd9Sstevel@tonic-gate		      }
7c478bd9Sstevel@tonic-gate	      } else
7c478bd9Sstevel@tonic-gate		      entry->key_data = NULL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	      for (i = 0; i < entry->n_key_data; i++)
56a424ccSmp153739		  ret = krb5_copy_key_data_contents(handle->context,
7c478bd9Sstevel@tonic-gate						    &kdb.key_data[i],
56a424ccSmp153739						    &entry->key_data[i]);
56a424ccSmp153739		   if (ret)
7c478bd9Sstevel@tonic-gate			goto done;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /*
7c478bd9Sstevel@tonic-gate     * If KADM5_API_VERSION_1, we return an allocated structure, and
7c478bd9Sstevel@tonic-gate     * we need to convert the new structure back into the format the
7c478bd9Sstevel@tonic-gate     * caller is expecting.
7c478bd9Sstevel@tonic-gate     */
7c478bd9Sstevel@tonic-gate    if (handle->api_version == KADM5_API_VERSION_1) {
7c478bd9Sstevel@tonic-gate	 kadm5_principal_ent_t_v1 newv1;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 newv1 = ((kadm5_principal_ent_t_v1) calloc(1, sizeof(*newv1)));
7c478bd9Sstevel@tonic-gate	 if (newv1 == NULL) {
7c478bd9Sstevel@tonic-gate	      ret = ENOMEM;
7c478bd9Sstevel@tonic-gate	      goto done;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 newv1->principal = entry->principal;
7c478bd9Sstevel@tonic-gate	 newv1->princ_expire_time = entry->princ_expire_time;
7c478bd9Sstevel@tonic-gate	 newv1->last_pwd_change = entry->last_pwd_change;
7c478bd9Sstevel@tonic-gate	 newv1->pw_expiration = entry->pw_expiration;
7c478bd9Sstevel@tonic-gate	 newv1->max_life = entry->max_life;
7c478bd9Sstevel@tonic-gate	 newv1->mod_name = entry->mod_name;
7c478bd9Sstevel@tonic-gate	 newv1->mod_date = entry->mod_date;
7c478bd9Sstevel@tonic-gate	 newv1->attributes = entry->attributes;
7c478bd9Sstevel@tonic-gate	 newv1->kvno = entry->kvno;
7c478bd9Sstevel@tonic-gate	 newv1->mkvno = entry->mkvno;
7c478bd9Sstevel@tonic-gate	 newv1->policy = entry->policy;
7c478bd9Sstevel@tonic-gate	 newv1->aux_attributes = entry->aux_attributes;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	 *((kadm5_principal_ent_t_v1 *) entry_orig) = newv1;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = KADM5_OK;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    if (ret && entry->principal)
7c478bd9Sstevel@tonic-gate	 krb5_free_principal(handle->context, entry->principal);
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Function: check_pw_reuse
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Purpose: Check if a key appears in a list of keys, in order to
7c478bd9Sstevel@tonic-gate * enforce password history.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Arguments:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	context			(r) the krb5 context
7c478bd9Sstevel@tonic-gate *	hist_keyblock		(r) the key that hist_key_data is
7c478bd9Sstevel@tonic-gate *				encrypted in
7c478bd9Sstevel@tonic-gate *	n_new_key_data		(r) length of new_key_data
7c478bd9Sstevel@tonic-gate *	new_key_data		(r) keys to check against
7c478bd9Sstevel@tonic-gate *				pw_hist_data, encrypted in hist_keyblock
7c478bd9Sstevel@tonic-gate *	n_pw_hist_data		(r) length of pw_hist_data
7c478bd9Sstevel@tonic-gate *	pw_hist_data		(r) passwords to check new_key_data against
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Effects:
7c478bd9Sstevel@tonic-gate * For each new_key in new_key_data:
7c478bd9Sstevel@tonic-gate * 	decrypt new_key with the master_keyblock
7c478bd9Sstevel@tonic-gate * 	for each password in pw_hist_data:
7c478bd9Sstevel@tonic-gate *		for each hist_key in password:
7c478bd9Sstevel@tonic-gate *			decrypt hist_key with hist_keyblock
7c478bd9Sstevel@tonic-gate *			compare the new_key and hist_key
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Returns krb5 errors, KADM5_PASS_RESUSE if a key in
7c478bd9Sstevel@tonic-gate * new_key_data is the same as a key in pw_hist_data, or 0.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatestatic kadm5_ret_t
7c478bd9Sstevel@tonic-gatecheck_pw_reuse(krb5_context context,
7c478bd9Sstevel@tonic-gate	       krb5_keyblock *master_keyblock,
7c478bd9Sstevel@tonic-gate	       krb5_keyblock *hist_keyblock,
7c478bd9Sstevel@tonic-gate	       int n_new_key_data, krb5_key_data *new_key_data,
56a424ccSmp153739	       unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    int x, y, z;
7c478bd9Sstevel@tonic-gate    krb5_keyblock newkey, histkey;
7c478bd9Sstevel@tonic-gate    krb5_error_code ret;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    for (x = 0; x < n_new_key_data; x++) {
56a424ccSmp153739	ret = krb5_dbekd_decrypt_key_data(context,
7c478bd9Sstevel@tonic-gate					  master_keyblock,
7c478bd9Sstevel@tonic-gate					  &(new_key_data[x]),
56a424ccSmp153739					  &newkey, NULL);
56a424ccSmp153739	if (ret)
7c478bd9Sstevel@tonic-gate	    return(ret);
7c478bd9Sstevel@tonic-gate	for (y = 0; y < n_pw_hist_data; y++) {
7c478bd9Sstevel@tonic-gate	     for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
56a424ccSmp153739		 ret = krb5_dbekd_decrypt_key_data(context,
7c478bd9Sstevel@tonic-gate						   hist_keyblock,
7c478bd9Sstevel@tonic-gate						   &pw_hist_data[y].key_data[z],
56a424ccSmp153739						   &histkey, NULL);
56a424ccSmp153739		 if (ret)
7c478bd9Sstevel@tonic-gate		     return(ret);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate		 if ((newkey.length == histkey.length) &&
7c478bd9Sstevel@tonic-gate		     (newkey.enctype == histkey.enctype) &&
7c478bd9Sstevel@tonic-gate		     (memcmp(newkey.contents, histkey.contents,
7c478bd9Sstevel@tonic-gate			     histkey.length) == 0)) {
7c478bd9Sstevel@tonic-gate		     krb5_free_keyblock_contents(context, &histkey);
7c478bd9Sstevel@tonic-gate		     krb5_free_keyblock_contents(context, &newkey);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate		     return(KADM5_PASS_REUSE);
7c478bd9Sstevel@tonic-gate		 }
7c478bd9Sstevel@tonic-gate		 krb5_free_keyblock_contents(context, &histkey);
7c478bd9Sstevel@tonic-gate	     }
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate	krb5_free_keyblock_contents(context, &newkey);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return(0);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Function: create_history_entry
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Purpose: Creates a password history entry from an array of
7c478bd9Sstevel@tonic-gate * key_data.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Arguments:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	context		(r) krb5_context to use
7c478bd9Sstevel@tonic-gate *      master_keyblcok (r) master key block
7c478bd9Sstevel@tonic-gate *	n_key_data	(r) number of elements in key_data
7c478bd9Sstevel@tonic-gate *	key_data	(r) keys to add to the history entry
7c478bd9Sstevel@tonic-gate *	hist		(w) history entry to fill in
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Effects:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * hist->key_data is allocated to store n_key_data key_datas.  Each
7c478bd9Sstevel@tonic-gate * element of key_data is decrypted with master_keyblock, re-encrypted
7c478bd9Sstevel@tonic-gate * in hist_key, and added to hist->key_data.  hist->n_key_data is
7c478bd9Sstevel@tonic-gate * set to n_key_data.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatestatic
7c478bd9Sstevel@tonic-gateint create_history_entry(krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_keyblock *master_keyblock,	int n_key_data,
7c478bd9Sstevel@tonic-gate	krb5_key_data *key_data, osa_pw_hist_ent *hist)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     int i, ret;
7c478bd9Sstevel@tonic-gate     krb5_keyblock key;
7c478bd9Sstevel@tonic-gate     krb5_keysalt salt;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data));
7c478bd9Sstevel@tonic-gate     if (hist->key_data == NULL)
7c478bd9Sstevel@tonic-gate	  return ENOMEM;
7c478bd9Sstevel@tonic-gate     memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     for (i = 0; i < n_key_data; i++) {
56a424ccSmp153739	 ret = krb5_dbekd_decrypt_key_data(context,
7c478bd9Sstevel@tonic-gate					   master_keyblock,
7c478bd9Sstevel@tonic-gate					   &key_data[i],
56a424ccSmp153739					   &key, &salt);
56a424ccSmp153739	 if (ret)
7c478bd9Sstevel@tonic-gate	     return ret;
56a424ccSmp153739
56a424ccSmp153739	 ret = krb5_dbekd_encrypt_key_data(context, &hist_key,
7c478bd9Sstevel@tonic-gate					   &key, &salt,
7c478bd9Sstevel@tonic-gate					   key_data[i].key_data_kvno,
56a424ccSmp153739					   &hist->key_data[i]);
56a424ccSmp153739	 if (ret)
7c478bd9Sstevel@tonic-gate	     return ret;
56a424ccSmp153739
7c478bd9Sstevel@tonic-gate	 krb5_free_keyblock_contents(context, &key);
7c478bd9Sstevel@tonic-gate	 /* krb5_free_keysalt(context, &salt); */
7c478bd9Sstevel@tonic-gate     }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     hist->n_key_data = n_key_data;
7c478bd9Sstevel@tonic-gate     return 0;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739static
7c478bd9Sstevel@tonic-gatevoid free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     int i;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     for (i = 0; i < hist->n_key_data; i++)
7c478bd9Sstevel@tonic-gate	  krb5_free_key_data_contents(context, &hist->key_data[i]);
7c478bd9Sstevel@tonic-gate     free(hist->key_data);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Function: add_to_history
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Purpose: Adds a password to a principal's password history.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Arguments:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	context		(r) krb5_context to use
7c478bd9Sstevel@tonic-gate *	adb		(r/w) admin principal entry to add keys to
7c478bd9Sstevel@tonic-gate *	pol		(r) adb's policy
7c478bd9Sstevel@tonic-gate *	pw		(r) keys for the password to add to adb's key history
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Effects:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * add_to_history adds a single password to adb's password history.
7c478bd9Sstevel@tonic-gate * pw contains n_key_data keys in its key_data, in storage should be
7c478bd9Sstevel@tonic-gate * allocated but not freed by the caller (XXX blech!).
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * This function maintains adb->old_keys as a circular queue.  It
7c478bd9Sstevel@tonic-gate * starts empty, and grows each time this function is called until it
7c478bd9Sstevel@tonic-gate * is pol->pw_history_num items long.  adb->old_key_len holds the
7c478bd9Sstevel@tonic-gate * number of allocated entries in the array, and must therefore be [0,
7c478bd9Sstevel@tonic-gate * pol->pw_history_num).  adb->old_key_next is the index into the
7c478bd9Sstevel@tonic-gate * array where the next element should be written, and must be [0,
7c478bd9Sstevel@tonic-gate * adb->old_key_len).
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define	KADM_MOD(x)	(x + adb->old_key_next) % adb->old_key_len
56a424ccSmp153739static kadm5_ret_t add_to_history(krb5_context context,
7c478bd9Sstevel@tonic-gate				  osa_princ_ent_t adb,
7c478bd9Sstevel@tonic-gate				  kadm5_policy_ent_t pol,
7c478bd9Sstevel@tonic-gate				  osa_pw_hist_ent *pw)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     osa_pw_hist_ent *histp;
159d09a2SMark Phalan     uint32_t nhist;
159d09a2SMark Phalan     unsigned int i, knext, nkeys;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan     nhist = pol->pw_history_num;
7c478bd9Sstevel@tonic-gate     /* A history of 1 means just check the current password */
159d09a2SMark Phalan     if (nhist <= 1)
159d09a2SMark Phalan	  return 0;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan     nkeys = adb->old_key_len;
159d09a2SMark Phalan     knext = adb->old_key_next;
7c478bd9Sstevel@tonic-gate     /* resize the adb->old_keys array if necessary */
159d09a2SMark Phalan     if (nkeys + 1 < nhist) {
7c478bd9Sstevel@tonic-gate	  if (adb->old_keys == NULL) {
7c478bd9Sstevel@tonic-gate	       adb->old_keys = (osa_pw_hist_ent *)
159d09a2SMark Phalan		    malloc((nkeys + 1) * sizeof (osa_pw_hist_ent));
7c478bd9Sstevel@tonic-gate	  } else {
7c478bd9Sstevel@tonic-gate	       adb->old_keys = (osa_pw_hist_ent *)
7c478bd9Sstevel@tonic-gate		    realloc(adb->old_keys,
159d09a2SMark Phalan			    (nkeys + 1) * sizeof (osa_pw_hist_ent));
7c478bd9Sstevel@tonic-gate	  }
7c478bd9Sstevel@tonic-gate	  if (adb->old_keys == NULL)
7c478bd9Sstevel@tonic-gate	       return(ENOMEM);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan	  memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent));
159d09a2SMark Phalan     	  nkeys = ++adb->old_key_len;
159d09a2SMark Phalan	  /*
159d09a2SMark Phalan	   * To avoid losing old keys, shift forward each entry after
159d09a2SMark Phalan	   * knext.
159d09a2SMark Phalan	   */
159d09a2SMark Phalan	  for (i = nkeys - 1; i > knext; i--) {
7c478bd9Sstevel@tonic-gate	      adb->old_keys[i] = adb->old_keys[i - 1];
159d09a2SMark Phalan	  }
159d09a2SMark Phalan	  memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));
159d09a2SMark Phalan     } else if (nkeys + 1 > nhist) {
7c478bd9Sstevel@tonic-gate	 /*
7c478bd9Sstevel@tonic-gate	  * The policy must have changed!  Shrink the array.
7c478bd9Sstevel@tonic-gate	  * Can't simply realloc() down, since it might be wrapped.
7c478bd9Sstevel@tonic-gate	  * To understand the arithmetic below, note that we are
7c478bd9Sstevel@tonic-gate	  * copying into new positions 0 .. N-1 from old positions
7c478bd9Sstevel@tonic-gate	  * old_key_next-N .. old_key_next-1, modulo old_key_len,
7c478bd9Sstevel@tonic-gate	  * where N = pw_history_num - 1 is the length of the
7c478bd9Sstevel@tonic-gate	  * shortened list.        Matt Crawford, FNAL
7c478bd9Sstevel@tonic-gate	  */
7c478bd9Sstevel@tonic-gate	 /*
159d09a2SMark Phalan	  * M = adb->old_key_len, N = pol->pw_history_num - 1
159d09a2SMark Phalan	  *
159d09a2SMark Phalan	  * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M]
7c478bd9Sstevel@tonic-gate	  */
159d09a2SMark Phalan	 int j;
159d09a2SMark Phalan	 osa_pw_hist_t tmp;
159d09a2SMark Phalan
159d09a2SMark Phalan	 tmp = (osa_pw_hist_ent *)
159d09a2SMark Phalan	     malloc((nhist - 1) * sizeof (osa_pw_hist_ent));
159d09a2SMark Phalan	 if (tmp == NULL)
159d09a2SMark Phalan	     return ENOMEM;
159d09a2SMark Phalan	 for (i = 0; i < nhist - 1; i++) {
159d09a2SMark Phalan	     /*
159d09a2SMark Phalan	      * Add nkeys once before taking remainder to avoid
159d09a2SMark Phalan	      * negative values.
159d09a2SMark Phalan	      */
159d09a2SMark Phalan	     j = (i + nkeys + knext - (nhist - 1)) % nkeys;
159d09a2SMark Phalan	     tmp[i] = adb->old_keys[j];
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate	 /* Now free the ones we don't keep (the oldest ones) */
159d09a2SMark Phalan	 for (i = 0; i < nkeys - (nhist - 1); i++) {
159d09a2SMark Phalan	     j = (i + nkeys + knext) % nkeys;
159d09a2SMark Phalan	     histp = &adb->old_keys[j];
159d09a2SMark Phalan	     for (j = 0; j < histp->n_key_data; j++) {
159d09a2SMark Phalan		 krb5_free_key_data_contents(context, &histp->key_data[j]);
159d09a2SMark Phalan	     }
159d09a2SMark Phalan	     free(histp->key_data);
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate	 free((void *)adb->old_keys);
159d09a2SMark Phalan	 adb->old_keys = tmp;
159d09a2SMark Phalan	 nkeys = adb->old_key_len = nhist - 1;
159d09a2SMark Phalan	 knext = adb->old_key_next = 0;
7c478bd9Sstevel@tonic-gate     }
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan     /*
159d09a2SMark Phalan      * If nhist decreased since the last password change, and nkeys+1
159d09a2SMark Phalan      * is less than the previous nhist, it is possible for knext to
159d09a2SMark Phalan      * index into unallocated space.  This condition would not be
159d09a2SMark Phalan      * caught by the resizing code above.
159d09a2SMark Phalan      */
159d09a2SMark Phalan     if (knext + 1 > nkeys)
159d09a2SMark Phalan	 knext = adb->old_key_next = 0;
7c478bd9Sstevel@tonic-gate     /* free the old pw history entry if it contains data */
159d09a2SMark Phalan     histp = &adb->old_keys[knext];
7c478bd9Sstevel@tonic-gate     for (i = 0; i < histp->n_key_data; i++)
7c478bd9Sstevel@tonic-gate	  krb5_free_key_data_contents(context, &histp->key_data[i]);
7c478bd9Sstevel@tonic-gate     free(histp->key_data);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     /* store the new entry */
159d09a2SMark Phalan     adb->old_keys[knext] = *pw;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     /* update the next pointer */
159d09a2SMark Phalan     if (++adb->old_key_next == nhist - 1)
7c478bd9Sstevel@tonic-gate	 adb->old_key_next = 0;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     return(0);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate#undef KADM_MOD
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#ifdef USE_PASSWORD_SERVER
159d09a2SMark Phalan/* FIXME: don't use global variable for this */
159d09a2SMark Phalankrb5_boolean use_password_server = 0;
159d09a2SMark Phalan
159d09a2SMark Phalanstatic krb5_boolean
159d09a2SMark Phalankadm5_use_password_server (void)
159d09a2SMark Phalan{
159d09a2SMark Phalan    return use_password_server;
159d09a2SMark Phalan}
159d09a2SMark Phalan
159d09a2SMark Phalanvoid
159d09a2SMark Phalankadm5_set_use_password_server (void)
159d09a2SMark Phalan{
159d09a2SMark Phalan    use_password_server = 1;
159d09a2SMark Phalan}
159d09a2SMark Phalan#endif
159d09a2SMark Phalan
159d09a2SMark Phalan#ifdef USE_PASSWORD_SERVER
159d09a2SMark Phalan
159d09a2SMark Phalan/*
159d09a2SMark Phalan * kadm5_launch_task () runs a program (task_path) to synchronize the
159d09a2SMark Phalan * Apple password server with the Kerberos database.  Password server
159d09a2SMark Phalan * programs can receive arguments on the command line (task_argv)
159d09a2SMark Phalan * and a block of data via stdin (data_buffer).
159d09a2SMark Phalan *
159d09a2SMark Phalan * Because a failure to communicate with the tool results in the
159d09a2SMark Phalan * password server falling out of sync with the database,
159d09a2SMark Phalan * kadm5_launch_task() always fails if it can't talk to the tool.
159d09a2SMark Phalan */
159d09a2SMark Phalan
159d09a2SMark Phalanstatic kadm5_ret_t
159d09a2SMark Phalankadm5_launch_task (krb5_context context,
159d09a2SMark Phalan                   const char *task_path, char * const task_argv[],
159d09a2SMark Phalan                   const char *data_buffer)
159d09a2SMark Phalan{
159d09a2SMark Phalan    kadm5_ret_t ret = 0;
159d09a2SMark Phalan    int data_pipe[2];
159d09a2SMark Phalan
159d09a2SMark Phalan    if (data_buffer != NULL) {
159d09a2SMark Phalan        ret = pipe (data_pipe);
159d09a2SMark Phalan        if (ret) { ret = errno; }
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan    if (!ret) {
159d09a2SMark Phalan        pid_t pid = fork ();
159d09a2SMark Phalan        if (pid == -1) {
159d09a2SMark Phalan            ret = errno;
159d09a2SMark Phalan        } else if (pid == 0) {
159d09a2SMark Phalan            /* The child: */
159d09a2SMark Phalan
159d09a2SMark Phalan            if (data_buffer != NULL) {
159d09a2SMark Phalan                if (dup2 (data_pipe[0], STDIN_FILENO) == -1) {
159d09a2SMark Phalan                    _exit (1);
159d09a2SMark Phalan                }
159d09a2SMark Phalan            } else {
159d09a2SMark Phalan                close (data_pipe[0]);
159d09a2SMark Phalan            }
159d09a2SMark Phalan
159d09a2SMark Phalan            close (data_pipe[1]);
159d09a2SMark Phalan
159d09a2SMark Phalan            execv (task_path, task_argv);
159d09a2SMark Phalan
159d09a2SMark Phalan            _exit (1); /* Fail if execv fails */
159d09a2SMark Phalan        } else {
159d09a2SMark Phalan            /* The parent: */
159d09a2SMark Phalan            int status;
159d09a2SMark Phalan
159d09a2SMark Phalan            if (data_buffer != NULL) {
159d09a2SMark Phalan                /* Write out the buffer to the child */
159d09a2SMark Phalan                if (krb5_net_write (context, data_pipe[1],
159d09a2SMark Phalan                                    data_buffer, strlen (data_buffer)) < 0) {
159d09a2SMark Phalan                    /* kill the child to make sure waitpid() won't hang later */
159d09a2SMark Phalan                    ret = errno;
159d09a2SMark Phalan                    kill (pid, SIGKILL);
159d09a2SMark Phalan                }
159d09a2SMark Phalan            }
159d09a2SMark Phalan
159d09a2SMark Phalan            close (data_buffer[0]);
159d09a2SMark Phalan            close (data_buffer[1]);
159d09a2SMark Phalan
159d09a2SMark Phalan            waitpid (pid, &status, 0);
159d09a2SMark Phalan
159d09a2SMark Phalan            if (!ret) {
159d09a2SMark Phalan                if (WIFEXITED (status)) {
159d09a2SMark Phalan                    /* child read password and exited.  Check the return value. */
159d09a2SMark Phalan                    if ((WEXITSTATUS (status) != 0) && (WEXITSTATUS (status) != 252)) {
159d09a2SMark Phalan                       ret = KRB5KDC_ERR_POLICY; /* password change rejected */
159d09a2SMark Phalan                    }
159d09a2SMark Phalan                } else {
159d09a2SMark Phalan                    /* child read password but crashed or was killed */
159d09a2SMark Phalan                    ret = KRB5KRB_ERR_GENERIC; /* FIXME: better error */
159d09a2SMark Phalan                }
159d09a2SMark Phalan            }
159d09a2SMark Phalan        }
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan    return ret;
159d09a2SMark Phalan}
159d09a2SMark Phalan
159d09a2SMark Phalan#endif
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_chpass_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate			    krb5_principal principal, char *password)
7c478bd9Sstevel@tonic-gate{
56a424ccSmp153739    return
56a424ccSmp153739	kadm5_chpass_principal_3(server_handle, principal, FALSE,
56a424ccSmp153739				 0, NULL, password);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_chpass_principal_3(void *server_handle,
7c478bd9Sstevel@tonic-gate			 krb5_principal principal, krb5_boolean keepold,
7c478bd9Sstevel@tonic-gate			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
7c478bd9Sstevel@tonic-gate			 char *password)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_int32			now;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec	pol;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb, kdb_save;
56a424ccSmp153739    int				ret, ret2, last_pwd, hist_added;
7c478bd9Sstevel@tonic-gate    int				have_pol = 0;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t	handle = server_handle;
7c478bd9Sstevel@tonic-gate    osa_pw_hist_ent		hist;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
*661b8ac7SPeter Shoults    /* Solaris Kerberos - kadm5_check_min_life checks for null principal. */
*661b8ac7SPeter Shoults    ret = kadm5_check_min_life(server_handle,principal,NULL,0);
*661b8ac7SPeter Shoults    if (ret)
*661b8ac7SPeter Shoults	return (ret);
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    hist_added = 0;
7c478bd9Sstevel@tonic-gate    memset(&hist, 0, sizeof(hist));
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (principal == NULL || password == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate    if ((krb5_principal_compare(handle->context,
7c478bd9Sstevel@tonic-gate				principal, hist_princ)) == TRUE)
7c478bd9Sstevel@tonic-gate	return KADM5_PROTECT_PRINCIPAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate       return(ret);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* we are going to need the current keys after the new keys are set */
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) {
7c478bd9Sstevel@tonic-gate	 kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate	 return(ret);
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol)))
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate	have_pol = 1;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = passwd_check(handle, password, adb.aux_attributes &
7c478bd9Sstevel@tonic-gate			    KADM5_POLICY, &pol, principal)))
7c478bd9Sstevel@tonic-gate	 goto done;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = krb5_dbe_cpw(handle->context, &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate		       n_ks_tuple?ks_tuple:handle->params.keysalts,
7c478bd9Sstevel@tonic-gate		       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
7c478bd9Sstevel@tonic-gate		       password, 0 /* increment kvno */,
56a424ccSmp153739		       keepold, &kdb);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = krb5_timeofday(handle->context, &now);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	 goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate       /* the policy was loaded before */
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	ret = krb5_dbe_lookup_last_pwd_change(handle->context,
56a424ccSmp153739					      &kdb, &last_pwd);
56a424ccSmp153739	if (ret)
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#if 0
7c478bd9Sstevel@tonic-gate	 /*
7c478bd9Sstevel@tonic-gate	  * The spec says this check is overridden if the caller has
7c478bd9Sstevel@tonic-gate	  * modify privilege.  The admin server therefore makes this
7c478bd9Sstevel@tonic-gate	  * check itself (in chpass_principal_wrapper, misc.c). A
7c478bd9Sstevel@tonic-gate	  * local caller implicitly has all authorization bits.
7c478bd9Sstevel@tonic-gate	  */
7c478bd9Sstevel@tonic-gate	if ((now - last_pwd) < pol.pw_min_life &&
7c478bd9Sstevel@tonic-gate	    !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
7c478bd9Sstevel@tonic-gate	     ret = KADM5_PASS_TOOSOON;
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	ret = create_history_entry(handle->context,
7c478bd9Sstevel@tonic-gate				   &handle->master_keyblock, kdb_save.n_key_data,
56a424ccSmp153739				   kdb_save.key_data, &hist);
56a424ccSmp153739	if (ret)
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	ret = check_pw_reuse(handle->context,
7c478bd9Sstevel@tonic-gate			     &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate			     &hist_key,
7c478bd9Sstevel@tonic-gate			     kdb.n_key_data, kdb.key_data,
56a424ccSmp153739			     1, &hist);
56a424ccSmp153739	if (ret)
7c478bd9Sstevel@tonic-gate	    goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if (pol.pw_history_num > 1) {
7c478bd9Sstevel@tonic-gate	    if (adb.admin_history_kvno != hist_kvno) {
7c478bd9Sstevel@tonic-gate		ret = KADM5_BAD_HIST_KEY;
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	    ret = check_pw_reuse(handle->context,
7c478bd9Sstevel@tonic-gate				&handle->master_keyblock,
7c478bd9Sstevel@tonic-gate				     &hist_key,
7c478bd9Sstevel@tonic-gate				 kdb.n_key_data, kdb.key_data,
56a424ccSmp153739				 adb.old_key_len, adb.old_keys);
56a424ccSmp153739	    if (ret)
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	    ret = add_to_history(handle->context, &adb, &pol, &hist);
56a424ccSmp153739	    if (ret)
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	    hist_added = 1;
7c478bd9Sstevel@tonic-gate       }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if (pol.pw_max_life)
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = now + pol.pw_max_life;
7c478bd9Sstevel@tonic-gate	else
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#ifdef USE_PASSWORD_SERVER
159d09a2SMark Phalan    if (kadm5_use_password_server () &&
159d09a2SMark Phalan        (krb5_princ_size (handle->context, principal) == 1)) {
159d09a2SMark Phalan        krb5_data *princ = krb5_princ_component (handle->context, principal, 0);
159d09a2SMark Phalan        const char *path = "/usr/sbin/mkpassdb";
159d09a2SMark Phalan        char *argv[] = { "mkpassdb", "-setpassword", NULL, NULL };
159d09a2SMark Phalan        char *pstring = NULL;
159d09a2SMark Phalan        char pwbuf[256];
159d09a2SMark Phalan        int pwlen = strlen (password);
159d09a2SMark Phalan
159d09a2SMark Phalan        if (pwlen > 254) pwlen = 254;
159d09a2SMark Phalan        strncpy (pwbuf, password, pwlen);
159d09a2SMark Phalan        pwbuf[pwlen] = '\n';
159d09a2SMark Phalan        pwbuf[pwlen + 1] = '\0';
159d09a2SMark Phalan
159d09a2SMark Phalan        if (!ret) {
159d09a2SMark Phalan            pstring = malloc ((princ->length + 1) * sizeof (char));
159d09a2SMark Phalan            if (pstring == NULL) { ret = errno; }
159d09a2SMark Phalan        }
159d09a2SMark Phalan
159d09a2SMark Phalan        if (!ret) {
159d09a2SMark Phalan            memcpy (pstring, princ->data, princ->length);
159d09a2SMark Phalan            pstring [princ->length] = '\0';
159d09a2SMark Phalan            argv[2] = pstring;
159d09a2SMark Phalan
159d09a2SMark Phalan            ret = kadm5_launch_task (handle->context, path, argv, pwbuf);
159d09a2SMark Phalan        }
159d09a2SMark Phalan
159d09a2SMark Phalan        if (pstring != NULL)
159d09a2SMark Phalan            free (pstring);
159d09a2SMark Phalan
159d09a2SMark Phalan        if (ret)
159d09a2SMark Phalan            goto done;
159d09a2SMark Phalan    }
159d09a2SMark Phalan#endif
159d09a2SMark Phalan
56a424ccSmp153739    ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    /* key data and attributes changed, let the database provider know */
2dd2efa5Swillf    /* Solaris Kerberos: adding support for key history in LDAP KDB */
2dd2efa5Swillf    if (hist_added == 1)
2dd2efa5Swillf	kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | KADM5_KEY_HIST
2dd2efa5Swillf	    /* | KADM5_CPW_FUNCTION */;
2dd2efa5Swillf    else
54925bf6Swillf	kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */;
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = KADM5_OK;
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    if (!hist_added && hist.key_data)
7c478bd9Sstevel@tonic-gate	 free_history_entry(handle->context, &hist);
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb_save, NULL);
54925bf6Swillf    krb5_db_free_principal(handle->context, &kdb, 1);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
7c478bd9Sstevel@tonic-gate	&& !ret)
7c478bd9Sstevel@tonic-gate	 ret = ret2;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_randkey_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate			krb5_principal principal,
7c478bd9Sstevel@tonic-gate			krb5_keyblock **keyblocks,
7c478bd9Sstevel@tonic-gate			int *n_keys)
7c478bd9Sstevel@tonic-gate{
159d09a2SMark Phalan	 /* Solaris Kerberos: */
7c478bd9Sstevel@tonic-gate	krb5_key_salt_tuple keysalts[2];
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/*
7c478bd9Sstevel@tonic-gate	 * Anyone calling this routine is forced to use only DES
7c478bd9Sstevel@tonic-gate	 * enctypes to be compatible with earlier releases that
7c478bd9Sstevel@tonic-gate	 * did not support stronger crypto.
7c478bd9Sstevel@tonic-gate	 *
7c478bd9Sstevel@tonic-gate	 * S10 (and later) kadmin clients will not use this API,
7c478bd9Sstevel@tonic-gate	 * so we can assume the request is from an older version.
7c478bd9Sstevel@tonic-gate	 */
7c478bd9Sstevel@tonic-gate	keysalts[0].ks_enctype = ENCTYPE_DES_CBC_MD5;
7c478bd9Sstevel@tonic-gate	keysalts[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
7c478bd9Sstevel@tonic-gate	keysalts[1].ks_enctype = ENCTYPE_DES_CBC_CRC;
7c478bd9Sstevel@tonic-gate	keysalts[1].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	return (kadm5_randkey_principal_3(server_handle, principal,
7c478bd9Sstevel@tonic-gate			FALSE, 2, keysalts, keyblocks, n_keys));
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_randkey_principal_3(void *server_handle,
7c478bd9Sstevel@tonic-gate			krb5_principal principal,
7c478bd9Sstevel@tonic-gate			krb5_boolean keepold,
7c478bd9Sstevel@tonic-gate			int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
7c478bd9Sstevel@tonic-gate			krb5_keyblock **keyblocks,
7c478bd9Sstevel@tonic-gate			int *n_keys)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
7c478bd9Sstevel@tonic-gate    krb5_int32			now;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec	pol;
7c478bd9Sstevel@tonic-gate    krb5_key_data		*key_data;
7c478bd9Sstevel@tonic-gate    int				ret, last_pwd, have_pol = 0;
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t	handle = server_handle;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (keyblocks)
7c478bd9Sstevel@tonic-gate	 *keyblocks = NULL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if (principal == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate    if (hist_princ && /* this will be NULL when initializing the databse */
7c478bd9Sstevel@tonic-gate	((krb5_principal_compare(handle->context,
7c478bd9Sstevel@tonic-gate				 principal, hist_princ)) == TRUE))
7c478bd9Sstevel@tonic-gate	return KADM5_PROTECT_PRINCIPAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate       return(ret);
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = krb5_dbe_crk(handle->context, &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate		       n_ks_tuple?ks_tuple:handle->params.keysalts,
7c478bd9Sstevel@tonic-gate		       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
7c478bd9Sstevel@tonic-gate		       keepold,
56a424ccSmp153739		       &kdb);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = krb5_timeofday(handle->context, &now);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
7c478bd9Sstevel@tonic-gate				    &pol)) != KADM5_OK)
7c478bd9Sstevel@tonic-gate	   goto done;
7c478bd9Sstevel@tonic-gate	have_pol = 1;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	ret = krb5_dbe_lookup_last_pwd_change(handle->context,
56a424ccSmp153739					      &kdb, &last_pwd);
56a424ccSmp153739	if (ret)
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#if 0
7c478bd9Sstevel@tonic-gate	 /*
7c478bd9Sstevel@tonic-gate	  * The spec says this check is overridden if the caller has
7c478bd9Sstevel@tonic-gate	  * modify privilege.  The admin server therefore makes this
7c478bd9Sstevel@tonic-gate	  * check itself (in chpass_principal_wrapper, misc.c).  A
7c478bd9Sstevel@tonic-gate	  * local caller implicitly has all authorization bits.
7c478bd9Sstevel@tonic-gate	  */
7c478bd9Sstevel@tonic-gate	if((now - last_pwd) < pol.pw_min_life &&
7c478bd9Sstevel@tonic-gate	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
7c478bd9Sstevel@tonic-gate	     ret = KADM5_PASS_TOOSOON;
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if(pol.pw_history_num > 1) {
7c478bd9Sstevel@tonic-gate	    if(adb.admin_history_kvno != hist_kvno) {
7c478bd9Sstevel@tonic-gate		ret = KADM5_BAD_HIST_KEY;
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	    ret = check_pw_reuse(handle->context,
7c478bd9Sstevel@tonic-gate				 &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate				 &hist_key,
7c478bd9Sstevel@tonic-gate				 kdb.n_key_data, kdb.key_data,
56a424ccSmp153739				 adb.old_key_len, adb.old_keys);
56a424ccSmp153739	    if (ret)
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate	if (pol.pw_max_life)
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = now + pol.pw_max_life;
7c478bd9Sstevel@tonic-gate	else
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
56a424ccSmp153739    if (ret)
7c478bd9Sstevel@tonic-gate	 goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (keyblocks) {
7c478bd9Sstevel@tonic-gate	 if (handle->api_version == KADM5_API_VERSION_1) {
7c478bd9Sstevel@tonic-gate	      /* Version 1 clients will expect to see a DES_CRC enctype. */
56a424ccSmp153739	     ret = krb5_dbe_find_enctype(handle->context, &kdb,
7c478bd9Sstevel@tonic-gate					 ENCTYPE_DES_CBC_CRC,
56a424ccSmp153739					 -1, -1, &key_data);
56a424ccSmp153739	     if (ret)
7c478bd9Sstevel@tonic-gate		 goto done;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739	     ret = decrypt_key_data(handle->context,
7c478bd9Sstevel@tonic-gate				&handle->master_keyblock, 1, key_data,
56a424ccSmp153739				     keyblocks, NULL);
56a424ccSmp153739	     if (ret)
7c478bd9Sstevel@tonic-gate		 goto done;
7c478bd9Sstevel@tonic-gate	 } else {
7c478bd9Sstevel@tonic-gate	     ret = decrypt_key_data(handle->context,
7c478bd9Sstevel@tonic-gate				     &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate				     kdb.n_key_data, kdb.key_data,
7c478bd9Sstevel@tonic-gate				     keyblocks, n_keys);
7c478bd9Sstevel@tonic-gate	     if (ret)
7c478bd9Sstevel@tonic-gate		 goto done;
7c478bd9Sstevel@tonic-gate	 }
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    /* key data changed, let the database provider know */
54925bf6Swillf    kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */;
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = KADM5_OK;
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    if (have_pol)
7c478bd9Sstevel@tonic-gate	 kadm5_free_policy_ent(handle->lhandle, &pol);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#if 0 /* Solaris Kerberos */
159d09a2SMark Phalan/*
159d09a2SMark Phalan * kadm5_setv4key_principal:
159d09a2SMark Phalan *
159d09a2SMark Phalan * Set only ONE key of the principal, removing all others.  This key
159d09a2SMark Phalan * must have the DES_CBC_CRC enctype and is entered as having the
159d09a2SMark Phalan * krb4 salttype.  This is to enable things like kadmind4 to work.
159d09a2SMark Phalan */
159d09a2SMark Phalankadm5_ret_t
159d09a2SMark Phalankadm5_setv4key_principal(void *server_handle,
159d09a2SMark Phalan		       krb5_principal principal,
159d09a2SMark Phalan		       krb5_keyblock *keyblock)
159d09a2SMark Phalan{
159d09a2SMark Phalan    krb5_db_entry		kdb;
159d09a2SMark Phalan    osa_princ_ent_rec		adb;
159d09a2SMark Phalan    krb5_int32			now;
159d09a2SMark Phalan    kadm5_policy_ent_rec	pol;
159d09a2SMark Phalan    krb5_keysalt		keysalt;
159d09a2SMark Phalan    int				i, k, kvno, ret, have_pol = 0;
159d09a2SMark Phalan#if 0
159d09a2SMark Phalan    int                         last_pwd;
159d09a2SMark Phalan#endif
159d09a2SMark Phalan    kadm5_server_handle_t	handle = server_handle;
159d09a2SMark Phalan    krb5_key_data               tmp_key_data;
159d09a2SMark Phalan
159d09a2SMark Phalan    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
159d09a2SMark Phalan
159d09a2SMark Phalan    CHECK_HANDLE(server_handle);
159d09a2SMark Phalan
159d09a2SMark Phalan    krb5_clear_error_message(handle->context);
159d09a2SMark Phalan
159d09a2SMark Phalan    if (principal == NULL || keyblock == NULL)
159d09a2SMark Phalan	return EINVAL;
159d09a2SMark Phalan    if (hist_princ && /* this will be NULL when initializing the databse */
159d09a2SMark Phalan	((krb5_principal_compare(handle->context,
159d09a2SMark Phalan				 principal, hist_princ)) == TRUE))
159d09a2SMark Phalan	return KADM5_PROTECT_PRINCIPAL;
159d09a2SMark Phalan
159d09a2SMark Phalan    if (keyblock->enctype != ENCTYPE_DES_CBC_CRC)
159d09a2SMark Phalan	return KADM5_SETV4KEY_INVAL_ENCTYPE;
159d09a2SMark Phalan
159d09a2SMark Phalan    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
159d09a2SMark Phalan       return(ret);
159d09a2SMark Phalan
159d09a2SMark Phalan    for (kvno = 0, i=0; i<kdb.n_key_data; i++)
159d09a2SMark Phalan	 if (kdb.key_data[i].key_data_kvno > kvno)
159d09a2SMark Phalan	      kvno = kdb.key_data[i].key_data_kvno;
159d09a2SMark Phalan
159d09a2SMark Phalan    if (kdb.key_data != NULL)
159d09a2SMark Phalan	 cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
159d09a2SMark Phalan
159d09a2SMark Phalan    kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data));
159d09a2SMark Phalan    if (kdb.key_data == NULL)
159d09a2SMark Phalan	 return ENOMEM;
159d09a2SMark Phalan    memset(kdb.key_data, 0, sizeof(krb5_key_data));
159d09a2SMark Phalan    kdb.n_key_data = 1;
159d09a2SMark Phalan    keysalt.type = KRB5_KDB_SALTTYPE_V4;
159d09a2SMark Phalan    /* XXX data.magic? */
159d09a2SMark Phalan    keysalt.data.length = 0;
159d09a2SMark Phalan    keysalt.data.data = NULL;
159d09a2SMark Phalan
159d09a2SMark Phalan    /* use tmp_key_data as temporary location and reallocate later */
159d09a2SMark Phalan    ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock,
159d09a2SMark Phalan				      keyblock, &keysalt, kvno + 1,
159d09a2SMark Phalan				      &tmp_key_data);
159d09a2SMark Phalan    if (ret) {
159d09a2SMark Phalan	goto done;
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan    for (k = 0; k < tmp_key_data.key_data_ver; k++) {
159d09a2SMark Phalan	kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
159d09a2SMark Phalan	kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
159d09a2SMark Phalan	if (tmp_key_data.key_data_contents[k]) {
159d09a2SMark Phalan	    kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
159d09a2SMark Phalan	    if (kdb.key_data->key_data_contents[k] == NULL) {
159d09a2SMark Phalan		cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
159d09a2SMark Phalan		kdb.key_data = NULL;
159d09a2SMark Phalan		kdb.n_key_data = 0;
159d09a2SMark Phalan		ret = ENOMEM;
159d09a2SMark Phalan		goto done;
159d09a2SMark Phalan	    }
159d09a2SMark Phalan	    memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
159d09a2SMark Phalan
159d09a2SMark Phalan	    memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
159d09a2SMark Phalan	    free (tmp_key_data.key_data_contents[k]);
159d09a2SMark Phalan	    tmp_key_data.key_data_contents[k] = NULL;
159d09a2SMark Phalan	}
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan
159d09a2SMark Phalan
159d09a2SMark Phalan    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
159d09a2SMark Phalan
159d09a2SMark Phalan    ret = krb5_timeofday(handle->context, &now);
159d09a2SMark Phalan    if (ret)
159d09a2SMark Phalan	goto done;
159d09a2SMark Phalan
159d09a2SMark Phalan    if ((adb.aux_attributes & KADM5_POLICY)) {
159d09a2SMark Phalan	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
159d09a2SMark Phalan				    &pol)) != KADM5_OK)
159d09a2SMark Phalan	   goto done;
159d09a2SMark Phalan	have_pol = 1;
159d09a2SMark Phalan
159d09a2SMark Phalan#if 0
159d09a2SMark Phalan	/*
159d09a2SMark Phalan	  * The spec says this check is overridden if the caller has
159d09a2SMark Phalan	  * modify privilege.  The admin server therefore makes this
159d09a2SMark Phalan	  * check itself (in chpass_principal_wrapper, misc.c).  A
159d09a2SMark Phalan	  * local caller implicitly has all authorization bits.
159d09a2SMark Phalan	  */
159d09a2SMark Phalan	if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
159d09a2SMark Phalan						  &kdb, &last_pwd))
159d09a2SMark Phalan	     goto done;
159d09a2SMark Phalan	if((now - last_pwd) < pol.pw_min_life &&
159d09a2SMark Phalan	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
159d09a2SMark Phalan	     ret = KADM5_PASS_TOOSOON;
159d09a2SMark Phalan	     goto done;
159d09a2SMark Phalan	}
159d09a2SMark Phalan#endif
159d09a2SMark Phalan#if 0
159d09a2SMark Phalan	/*
159d09a2SMark Phalan	 * Should we be checking/updating pw history here?
159d09a2SMark Phalan	 */
159d09a2SMark Phalan	if(pol.pw_history_num > 1) {
159d09a2SMark Phalan	    if(adb.admin_history_kvno != hist_kvno) {
159d09a2SMark Phalan		ret = KADM5_BAD_HIST_KEY;
159d09a2SMark Phalan		goto done;
159d09a2SMark Phalan	    }
159d09a2SMark Phalan
159d09a2SMark Phalan	    if (ret = check_pw_reuse(handle->context,
159d09a2SMark Phalan				     &hist_key,
159d09a2SMark Phalan				     kdb.n_key_data, kdb.key_data,
159d09a2SMark Phalan				     adb.old_key_len, adb.old_keys))
159d09a2SMark Phalan		goto done;
159d09a2SMark Phalan	}
159d09a2SMark Phalan#endif
159d09a2SMark Phalan
159d09a2SMark Phalan	if (pol.pw_max_life)
159d09a2SMark Phalan	   kdb.pw_expiration = now + pol.pw_max_life;
159d09a2SMark Phalan	else
159d09a2SMark Phalan	   kdb.pw_expiration = 0;
159d09a2SMark Phalan    } else {
159d09a2SMark Phalan	kdb.pw_expiration = 0;
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan    ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
159d09a2SMark Phalan    if (ret)
159d09a2SMark Phalan	 goto done;
159d09a2SMark Phalan
159d09a2SMark Phalan    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
159d09a2SMark Phalan	goto done;
159d09a2SMark Phalan
159d09a2SMark Phalan    ret = KADM5_OK;
159d09a2SMark Phalandone:
159d09a2SMark Phalan    for (i = 0; i < tmp_key_data.key_data_ver; i++) {
159d09a2SMark Phalan	if (tmp_key_data.key_data_contents[i]) {
159d09a2SMark Phalan	    memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
159d09a2SMark Phalan	    free (tmp_key_data.key_data_contents[i]);
159d09a2SMark Phalan	}
159d09a2SMark Phalan    }
159d09a2SMark Phalan
159d09a2SMark Phalan    kdb_free_entry(handle, &kdb, &adb);
159d09a2SMark Phalan    if (have_pol)
159d09a2SMark Phalan	 kadm5_free_policy_ent(handle->lhandle, &pol);
159d09a2SMark Phalan
159d09a2SMark Phalan    return ret;
159d09a2SMark Phalan}
159d09a2SMark Phalan#endif
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_setkey_principal(void *server_handle,
7c478bd9Sstevel@tonic-gate		       krb5_principal principal,
7c478bd9Sstevel@tonic-gate		       krb5_keyblock *keyblocks,
7c478bd9Sstevel@tonic-gate		       int n_keys)
7c478bd9Sstevel@tonic-gate{
56a424ccSmp153739    return
56a424ccSmp153739	kadm5_setkey_principal_3(server_handle, principal,
56a424ccSmp153739				 FALSE, 0, NULL,
56a424ccSmp153739				 keyblocks, n_keys);
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekadm5_ret_t
7c478bd9Sstevel@tonic-gatekadm5_setkey_principal_3(void *server_handle,
7c478bd9Sstevel@tonic-gate			 krb5_principal principal,
7c478bd9Sstevel@tonic-gate			 krb5_boolean keepold,
7c478bd9Sstevel@tonic-gate			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
7c478bd9Sstevel@tonic-gate			 krb5_keyblock *keyblocks,
7c478bd9Sstevel@tonic-gate			 int n_keys)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    krb5_db_entry		kdb;
7c478bd9Sstevel@tonic-gate    osa_princ_ent_rec		adb;
7c478bd9Sstevel@tonic-gate    krb5_int32			now;
7c478bd9Sstevel@tonic-gate    kadm5_policy_ent_rec	pol;
7c478bd9Sstevel@tonic-gate    krb5_key_data		*old_key_data;
7c478bd9Sstevel@tonic-gate    int				n_old_keys;
54925bf6Swillf    int				i, j, k, kvno, ret, have_pol = 0;
54925bf6Swillf#if 0
54925bf6Swillf    int                         last_pwd;
54925bf6Swillf#endif
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t	handle = server_handle;
7c478bd9Sstevel@tonic-gate    krb5_boolean		similar;
7c478bd9Sstevel@tonic-gate    krb5_keysalt		keysalt;
54925bf6Swillf    krb5_key_data         tmp_key_data;
54925bf6Swillf    krb5_key_data        *tptr;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    krb5_clear_error_message(handle->context);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    if (principal == NULL || keyblocks == NULL)
7c478bd9Sstevel@tonic-gate	return EINVAL;
7c478bd9Sstevel@tonic-gate    if (hist_princ && /* this will be NULL when initializing the databse */
7c478bd9Sstevel@tonic-gate	((krb5_principal_compare(handle->context,
7c478bd9Sstevel@tonic-gate				 principal, hist_princ)) == TRUE))
7c478bd9Sstevel@tonic-gate	return KADM5_PROTECT_PRINCIPAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    for (i = 0; i < n_keys; i++) {
7c478bd9Sstevel@tonic-gate	for (j = i+1; j < n_keys; j++) {
56a424ccSmp153739	    if ((ret = krb5_c_enctype_compare(handle->context,
7c478bd9Sstevel@tonic-gate					      keyblocks[i].enctype,
7c478bd9Sstevel@tonic-gate					      keyblocks[j].enctype,
56a424ccSmp153739					      &similar)))
7c478bd9Sstevel@tonic-gate		return(ret);
56a424ccSmp153739	    if (similar) {
7c478bd9Sstevel@tonic-gate		if (n_ks_tuple) {
7c478bd9Sstevel@tonic-gate		    if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
7c478bd9Sstevel@tonic-gate			return KADM5_SETKEY_DUP_ENCTYPES;
7c478bd9Sstevel@tonic-gate		} else
7c478bd9Sstevel@tonic-gate		    return KADM5_SETKEY_DUP_ENCTYPES;
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate	}
56a424ccSmp153739    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if (n_ks_tuple && n_ks_tuple != n_keys)
7c478bd9Sstevel@tonic-gate	return KADM5_SETKEY3_ETYPE_MISMATCH;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate       return(ret);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    for (kvno = 0, i=0; i<kdb.n_key_data; i++)
7c478bd9Sstevel@tonic-gate	 if (kdb.key_data[i].key_data_kvno > kvno)
7c478bd9Sstevel@tonic-gate	      kvno = kdb.key_data[i].key_data_kvno;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (keepold) {
7c478bd9Sstevel@tonic-gate	old_key_data = kdb.key_data;
7c478bd9Sstevel@tonic-gate	n_old_keys = kdb.n_key_data;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	if (kdb.key_data != NULL)
7c478bd9Sstevel@tonic-gate	    cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
7c478bd9Sstevel@tonic-gate	n_old_keys = 0;
7c478bd9Sstevel@tonic-gate	old_key_data = NULL;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
54925bf6Swillf    kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys)
7c478bd9Sstevel@tonic-gate						 *sizeof(krb5_key_data));
54925bf6Swillf    if (kdb.key_data == NULL) {
54925bf6Swillf	ret = ENOMEM;
54925bf6Swillf	goto done;
54925bf6Swillf    }
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data));
7c478bd9Sstevel@tonic-gate    kdb.n_key_data = 0;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    for (i = 0; i < n_keys; i++) {
7c478bd9Sstevel@tonic-gate	if (n_ks_tuple) {
7c478bd9Sstevel@tonic-gate	    keysalt.type = ks_tuple[i].ks_salttype;
7c478bd9Sstevel@tonic-gate	    keysalt.data.length = 0;
7c478bd9Sstevel@tonic-gate	    keysalt.data.data = NULL;
7c478bd9Sstevel@tonic-gate	    if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) {
54925bf6Swillf		ret = KADM5_SETKEY3_ETYPE_MISMATCH;
54925bf6Swillf		goto done;
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate	}
54925bf6Swillf	memset (&tmp_key_data, 0, sizeof(tmp_key_data));
54925bf6Swillf
7c478bd9Sstevel@tonic-gate	ret = krb5_dbekd_encrypt_key_data(handle->context,
7c478bd9Sstevel@tonic-gate					  &handle->master_keyblock,
7c478bd9Sstevel@tonic-gate					  &keyblocks[i],
7c478bd9Sstevel@tonic-gate					  n_ks_tuple ? &keysalt : NULL,
7c478bd9Sstevel@tonic-gate					  kvno + 1,
54925bf6Swillf					  &tmp_key_data);
7c478bd9Sstevel@tonic-gate	if (ret) {
54925bf6Swillf	    goto done;
54925bf6Swillf	}
54925bf6Swillf	tptr = &kdb.key_data[i];
54925bf6Swillf	for (k = 0; k < tmp_key_data.key_data_ver; k++) {
54925bf6Swillf	    tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
54925bf6Swillf	    tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
54925bf6Swillf	    if (tmp_key_data.key_data_contents[k]) {
54925bf6Swillf		tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
54925bf6Swillf		if (tptr->key_data_contents[k] == NULL) {
54925bf6Swillf		    int i1;
54925bf6Swillf		    for (i1 = k; i1 < tmp_key_data.key_data_ver; i1++) {
54925bf6Swillf			if (tmp_key_data.key_data_contents[i1]) {
54925bf6Swillf			    memset (tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]);
54925bf6Swillf			    free (tmp_key_data.key_data_contents[i1]);
54925bf6Swillf			}
54925bf6Swillf		    }
54925bf6Swillf
54925bf6Swillf		    ret =  ENOMEM;
54925bf6Swillf		    goto done;
54925bf6Swillf		}
54925bf6Swillf		memcpy (tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
54925bf6Swillf
54925bf6Swillf		memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
54925bf6Swillf		free (tmp_key_data.key_data_contents[k]);
54925bf6Swillf		tmp_key_data.key_data_contents[k] = NULL;
54925bf6Swillf	    }
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate	kdb.n_key_data++;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* copy old key data if necessary */
7c478bd9Sstevel@tonic-gate    for (i = 0; i < n_old_keys; i++) {
7c478bd9Sstevel@tonic-gate	kdb.key_data[i+n_keys] = old_key_data[i];
7c478bd9Sstevel@tonic-gate	memset(&old_key_data[i], 0, sizeof (krb5_key_data));
7c478bd9Sstevel@tonic-gate	kdb.n_key_data++;
7c478bd9Sstevel@tonic-gate    }
54925bf6Swillf
54925bf6Swillf    if (old_key_data)
54925bf6Swillf	krb5_db_free(handle->context, old_key_data);
54925bf6Swillf
7c478bd9Sstevel@tonic-gate    /* assert(kdb.n_key_data == n_keys + n_old_keys) */
7c478bd9Sstevel@tonic-gate    kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = krb5_timeofday(handle->context, &now)))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((adb.aux_attributes & KADM5_POLICY)) {
7c478bd9Sstevel@tonic-gate	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
7c478bd9Sstevel@tonic-gate				    &pol)) != KADM5_OK)
7c478bd9Sstevel@tonic-gate	   goto done;
7c478bd9Sstevel@tonic-gate	have_pol = 1;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#if 0
7c478bd9Sstevel@tonic-gate	/*
7c478bd9Sstevel@tonic-gate	  * The spec says this check is overridden if the caller has
7c478bd9Sstevel@tonic-gate	  * modify privilege.  The admin server therefore makes this
7c478bd9Sstevel@tonic-gate	  * check itself (in chpass_principal_wrapper, misc.c).  A
7c478bd9Sstevel@tonic-gate	  * local caller implicitly has all authorization bits.
7c478bd9Sstevel@tonic-gate	  */
7c478bd9Sstevel@tonic-gate	if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
7c478bd9Sstevel@tonic-gate						  &kdb, &last_pwd))
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate	if((now - last_pwd) < pol.pw_min_life &&
7c478bd9Sstevel@tonic-gate	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
7c478bd9Sstevel@tonic-gate	     ret = KADM5_PASS_TOOSOON;
7c478bd9Sstevel@tonic-gate	     goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#if 0
7c478bd9Sstevel@tonic-gate	/*
7c478bd9Sstevel@tonic-gate	 * Should we be checking/updating pw history here?
7c478bd9Sstevel@tonic-gate	 */
7c478bd9Sstevel@tonic-gate	if (pol.pw_history_num > 1) {
7c478bd9Sstevel@tonic-gate	    if(adb.admin_history_kvno != hist_kvno) {
7c478bd9Sstevel@tonic-gate		ret = KADM5_BAD_HIST_KEY;
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	    }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	    if (ret = check_pw_reuse(handle->context,
7c478bd9Sstevel@tonic-gate				&handle->master_keyblock,
7c478bd9Sstevel@tonic-gate				     &hist_key,
7c478bd9Sstevel@tonic-gate				     kdb.n_key_data, kdb.key_data,
7c478bd9Sstevel@tonic-gate				     adb.old_key_len, adb.old_keys))
7c478bd9Sstevel@tonic-gate		goto done;
7c478bd9Sstevel@tonic-gate	}
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if (pol.pw_max_life)
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = now + pol.pw_max_life;
7c478bd9Sstevel@tonic-gate	else
7c478bd9Sstevel@tonic-gate	   kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    } else {
7c478bd9Sstevel@tonic-gate	kdb.pw_expiration = 0;
7c478bd9Sstevel@tonic-gate    }
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
7c478bd9Sstevel@tonic-gate        goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if ((ret = kdb_put_entry(handle, &kdb, &adb)))
7c478bd9Sstevel@tonic-gate	goto done;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    ret = KADM5_OK;
7c478bd9Sstevel@tonic-gatedone:
7c478bd9Sstevel@tonic-gate    kdb_free_entry(handle, &kdb, &adb);
7c478bd9Sstevel@tonic-gate    if (have_pol)
7c478bd9Sstevel@tonic-gate	 kadm5_free_policy_ent(handle->lhandle, &pol);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return ret;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Allocate an array of n_key_data krb5_keyblocks, fill in each
7c478bd9Sstevel@tonic-gate * element with the results of decrypting the nth key in key_data with
7c478bd9Sstevel@tonic-gate * master_keyblock, and if n_keys is not NULL fill it in with the
7c478bd9Sstevel@tonic-gate * number of keys decrypted.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatestatic int decrypt_key_data(krb5_context context,
7c478bd9Sstevel@tonic-gate			    krb5_keyblock *master_keyblock,
7c478bd9Sstevel@tonic-gate			    int n_key_data, krb5_key_data *key_data,
7c478bd9Sstevel@tonic-gate			    krb5_keyblock **keyblocks, int *n_keys)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate     krb5_keyblock *keys;
7c478bd9Sstevel@tonic-gate     int ret, i;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock));
7c478bd9Sstevel@tonic-gate     if (keys == NULL)
7c478bd9Sstevel@tonic-gate	  return ENOMEM;
7c478bd9Sstevel@tonic-gate     memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     for (i = 0; i < n_key_data; i++) {
56a424ccSmp153739          ret = krb5_dbekd_decrypt_key_data(context,
56a424ccSmp153739					    master_keyblock,
56a424ccSmp153739					    &key_data[i],
56a424ccSmp153739					    &keys[i], NULL);
56a424ccSmp153739	  if (ret) {
54925bf6Swillf	       for (; i >= 0; i--) {
54925bf6Swillf		   if (keys[i].contents) {
54925bf6Swillf		       memset (keys[i].contents, 0, keys[i].length);
54925bf6Swillf		       free( keys[i].contents );
54925bf6Swillf		   }
54925bf6Swillf	       }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	       memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
7c478bd9Sstevel@tonic-gate	       free(keys);
7c478bd9Sstevel@tonic-gate	       return ret;
7c478bd9Sstevel@tonic-gate	  }
7c478bd9Sstevel@tonic-gate     }
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     *keyblocks = keys;
7c478bd9Sstevel@tonic-gate     if (n_keys)
7c478bd9Sstevel@tonic-gate	  *n_keys = n_key_data;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate     return 0;
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Function: kadm5_decrypt_key
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Purpose: Retrieves and decrypts a principal key.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Arguments:
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate *	server_handle	(r) kadm5 handle
7c478bd9Sstevel@tonic-gate *	entry		(r) principal retrieved with kadm5_get_principal
7c478bd9Sstevel@tonic-gate *	ktype		(r) enctype to search for, or -1 to ignore
7c478bd9Sstevel@tonic-gate *	stype		(r) salt type to search for, or -1 to ignore
7c478bd9Sstevel@tonic-gate *	kvno		(r) kvno to search for, -1 for max, 0 for max
7c478bd9Sstevel@tonic-gate *			only if it also matches ktype and stype
7c478bd9Sstevel@tonic-gate *	keyblock	(w) keyblock to fill in
7c478bd9Sstevel@tonic-gate *	keysalt		(w) keysalt to fill in, or NULL
7c478bd9Sstevel@tonic-gate *	kvnop		(w) kvno to fill in, or NULL
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * Effects: Searches the key_data array of entry, which must have been
7c478bd9Sstevel@tonic-gate * retrived with kadm5_get_principal with the KADM5_KEY_DATA mask, to
7c478bd9Sstevel@tonic-gate * find a key with a specified enctype, salt type, and kvno in a
7c478bd9Sstevel@tonic-gate * principal entry.  If not found, return ENOENT.  Otherwise, decrypt
7c478bd9Sstevel@tonic-gate * it with the master key, and return the key in keyblock, the salt
7c478bd9Sstevel@tonic-gate * in salttype, and the key version number in kvno.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * If ktype or stype is -1, it is ignored for the search.  If kvno is
7c478bd9Sstevel@tonic-gate * -1, ktype and stype are ignored and the key with the max kvno is
7c478bd9Sstevel@tonic-gate * returned.  If kvno is 0, only the key with the max kvno is returned
7c478bd9Sstevel@tonic-gate * and only if it matches the ktype and stype; otherwise, ENOENT is
7c478bd9Sstevel@tonic-gate * returned.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatekadm5_ret_t kadm5_decrypt_key(void *server_handle,
7c478bd9Sstevel@tonic-gate			      kadm5_principal_ent_t entry, krb5_int32
7c478bd9Sstevel@tonic-gate			      ktype, krb5_int32 stype, krb5_int32
7c478bd9Sstevel@tonic-gate			      kvno, krb5_keyblock *keyblock,
7c478bd9Sstevel@tonic-gate			      krb5_keysalt *keysalt, int *kvnop)
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate    kadm5_server_handle_t handle = server_handle;
7c478bd9Sstevel@tonic-gate    krb5_db_entry dbent;
7c478bd9Sstevel@tonic-gate    krb5_key_data *key_data;
7c478bd9Sstevel@tonic-gate    int ret;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    CHECK_HANDLE(server_handle);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    if (entry->n_key_data == 0 || entry->key_data == NULL)
7c478bd9Sstevel@tonic-gate	 return EINVAL;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* find_enctype only uses these two fields */
7c478bd9Sstevel@tonic-gate    dbent.n_key_data = entry->n_key_data;
7c478bd9Sstevel@tonic-gate    dbent.key_data = entry->key_data;
56a424ccSmp153739    if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
56a424ccSmp153739				    stype, kvno, &key_data)))
7c478bd9Sstevel@tonic-gate	 return ret;
7c478bd9Sstevel@tonic-gate
56a424ccSmp153739    if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
7c478bd9Sstevel@tonic-gate					   &handle->master_keyblock, key_data,
56a424ccSmp153739					   keyblock, keysalt)))
7c478bd9Sstevel@tonic-gate	 return ret;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan    /*
159d09a2SMark Phalan     * Coerce the enctype of the output keyblock in case we got an
159d09a2SMark Phalan     * inexact match on the enctype; this behavior will go away when
159d09a2SMark Phalan     * the key storage architecture gets redesigned for 1.3.
159d09a2SMark Phalan     */
159d09a2SMark Phalan    keyblock->enctype = ktype;
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate    if (kvnop)
7c478bd9Sstevel@tonic-gate	 *kvnop = key_data->key_data_kvno;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    return KADM5_OK;
7c478bd9Sstevel@tonic-gate}
54925bf6Swillf
*661b8ac7SPeter Shoults/* Solaris Kerberos */
*661b8ac7SPeter Shoultskadm5_ret_t
*661b8ac7SPeter Shoultskadm5_check_min_life(void *server_handle, krb5_principal principal,
*661b8ac7SPeter Shoults	       char *msg_ret, unsigned int msg_len)
*661b8ac7SPeter Shoults{
*661b8ac7SPeter Shoults    krb5_int32			now;
*661b8ac7SPeter Shoults    kadm5_ret_t			ret;
*661b8ac7SPeter Shoults    kadm5_policy_ent_rec	pol;
*661b8ac7SPeter Shoults    kadm5_principal_ent_rec	princ;
*661b8ac7SPeter Shoults    kadm5_server_handle_t	handle = server_handle;
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults    if (msg_ret != NULL)
*661b8ac7SPeter Shoults	*msg_ret = '\0';
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults    ret = krb5_timeofday(handle->context, &now);
*661b8ac7SPeter Shoults    if (ret)
*661b8ac7SPeter Shoults	return ret;
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults    ret = kadm5_get_principal(handle->lhandle, principal,
*661b8ac7SPeter Shoults			      &princ, KADM5_PRINCIPAL_NORMAL_MASK);
*661b8ac7SPeter Shoults    if(ret)
*661b8ac7SPeter Shoults	 return ret;
*661b8ac7SPeter Shoults    if(princ.aux_attributes & KADM5_POLICY) {
*661b8ac7SPeter Shoults	if((ret=kadm5_get_policy(handle->lhandle,
*661b8ac7SPeter Shoults				 princ.policy, &pol)) != KADM5_OK) {
*661b8ac7SPeter Shoults	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
*661b8ac7SPeter Shoults	    return ret;
*661b8ac7SPeter Shoults	}
*661b8ac7SPeter Shoults	if((now - princ.last_pwd_change) < pol.pw_min_life &&
*661b8ac7SPeter Shoults	   !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
*661b8ac7SPeter Shoults	    if (msg_ret != NULL) {
*661b8ac7SPeter Shoults		time_t until;
*661b8ac7SPeter Shoults		char *time_string, *ptr, *errstr;
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults		until = princ.last_pwd_change + pol.pw_min_life;
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults		time_string = ctime(&until);
*661b8ac7SPeter Shoults		errstr = (char *)error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults		if (strlen(errstr) + strlen(time_string) >= msg_len) {
*661b8ac7SPeter Shoults		    *errstr = '\0';
*661b8ac7SPeter Shoults		} else {
*661b8ac7SPeter Shoults		    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
*661b8ac7SPeter Shoults			*ptr = '\0';
*661b8ac7SPeter Shoults		    sprintf(msg_ret, errstr, time_string);
*661b8ac7SPeter Shoults		}
*661b8ac7SPeter Shoults	    }
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults	    (void) kadm5_free_policy_ent(handle->lhandle, &pol);
*661b8ac7SPeter Shoults	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
*661b8ac7SPeter Shoults	    return KADM5_PASS_TOOSOON;
*661b8ac7SPeter Shoults	}
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults	ret = kadm5_free_policy_ent(handle->lhandle, &pol);
*661b8ac7SPeter Shoults	if (ret) {
*661b8ac7SPeter Shoults	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
*661b8ac7SPeter Shoults	    return ret;
*661b8ac7SPeter Shoults        }
*661b8ac7SPeter Shoults    }
*661b8ac7SPeter Shoults
*661b8ac7SPeter Shoults    return kadm5_free_principal_ent(handle->lhandle, &princ);
*661b8ac7SPeter Shoults}