xref: /titanic_50/usr/src/cmd/krb5/kadmin/server/misc.c (revision 661b8ac7d0f039c645db17e87130c2c1eebeda1c) 
13125ebfcSsemery /*
2*661b8ac7SPeter Shoults  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
33125ebfcSsemery  */
43125ebfcSsemery 
57c478bd9Sstevel@tonic-gate /*
67c478bd9Sstevel@tonic-gate  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  *	Openvision retains the copyright to derivative works of
97c478bd9Sstevel@tonic-gate  *	this source code.  Do *NOT* create a derivative of this
107c478bd9Sstevel@tonic-gate  *	source code before consulting with your legal department.
117c478bd9Sstevel@tonic-gate  *	Do *NOT* integrate *ANY* of this source code into another
127c478bd9Sstevel@tonic-gate  *	product before consulting with your legal department.
137c478bd9Sstevel@tonic-gate  *
147c478bd9Sstevel@tonic-gate  *	For further information, read the top-level Openvision
157c478bd9Sstevel@tonic-gate  *	copyright which is contained in the top-level MIT Kerberos
167c478bd9Sstevel@tonic-gate  *	copyright.
177c478bd9Sstevel@tonic-gate  *
187c478bd9Sstevel@tonic-gate  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
197c478bd9Sstevel@tonic-gate  *
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate 
227c478bd9Sstevel@tonic-gate /*
237c478bd9Sstevel@tonic-gate  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
247c478bd9Sstevel@tonic-gate  *
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
2754925bf6Swillf #include    <k5-int.h>
287c478bd9Sstevel@tonic-gate #include    <krb5/kdb.h>
2954925bf6Swillf #include    <kadm5/server_internal.h>
30*661b8ac7SPeter Shoults #include    <kadm5/admin.h>
317c478bd9Sstevel@tonic-gate #include    "misc.h"
327c478bd9Sstevel@tonic-gate 
337c478bd9Sstevel@tonic-gate /*
3456a424ccSmp153739  * Function: chpass_principal_wrapper_3
357c478bd9Sstevel@tonic-gate  *
367c478bd9Sstevel@tonic-gate  * Purpose: wrapper to kadm5_chpass_principal that checks to see if
377c478bd9Sstevel@tonic-gate  *	    pw_min_life has been reached. if not it returns an error.
387c478bd9Sstevel@tonic-gate  *	    otherwise it calls kadm5_chpass_principal
397c478bd9Sstevel@tonic-gate  *
407c478bd9Sstevel@tonic-gate  * Arguments:
417c478bd9Sstevel@tonic-gate  *	principal	(input) krb5_principals whose password we are
427c478bd9Sstevel@tonic-gate  *				changing
4356a424ccSmp153739  *	keepold 	(input) whether to preserve old keys
4456a424ccSmp153739  *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
4556a424ccSmp153739  *	ks_tuple	(input) array of tuples indicating the caller's
4656a424ccSmp153739  *				requested enctypes/salttypes
4756a424ccSmp153739  *	password	(input) password we are going to change to.
4856a424ccSmp153739  * 	<return value>	0 on success error code on failure.
497c478bd9Sstevel@tonic-gate  *
507c478bd9Sstevel@tonic-gate  * Requires:
517c478bd9Sstevel@tonic-gate  *	kadm5_init to have been run.
527c478bd9Sstevel@tonic-gate  *
537c478bd9Sstevel@tonic-gate  * Effects:
547c478bd9Sstevel@tonic-gate  *	calls kadm5_chpass_principal which changes the kdb and the
557c478bd9Sstevel@tonic-gate  *	the admin db.
567c478bd9Sstevel@tonic-gate  *
577c478bd9Sstevel@tonic-gate  */
587c478bd9Sstevel@tonic-gate kadm5_ret_t
chpass_principal_wrapper_3(void * server_handle,krb5_principal principal,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,char * password)5956a424ccSmp153739 chpass_principal_wrapper_3(void *server_handle,
6056a424ccSmp153739 			   krb5_principal principal,
6156a424ccSmp153739 			   krb5_boolean keepold,
6256a424ccSmp153739 			   int n_ks_tuple,
6356a424ccSmp153739 			   krb5_key_salt_tuple *ks_tuple,
6456a424ccSmp153739 			   char *password)
657c478bd9Sstevel@tonic-gate {
667c478bd9Sstevel@tonic-gate     kadm5_ret_t			ret;
677c478bd9Sstevel@tonic-gate 
68*661b8ac7SPeter Shoults     /* Solaris Kerberos */
69*661b8ac7SPeter Shoults     ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
7056a424ccSmp153739     if (ret)
7156a424ccSmp153739 	 return ret;
727c478bd9Sstevel@tonic-gate 
7356a424ccSmp153739     return kadm5_chpass_principal_3(server_handle, principal,
7456a424ccSmp153739 				    keepold, n_ks_tuple, ks_tuple,
7556a424ccSmp153739 				    password);
767c478bd9Sstevel@tonic-gate }
777c478bd9Sstevel@tonic-gate 
787c478bd9Sstevel@tonic-gate 
797c478bd9Sstevel@tonic-gate /*
8056a424ccSmp153739  * Function: randkey_principal_wrapper_3
817c478bd9Sstevel@tonic-gate  *
827c478bd9Sstevel@tonic-gate  * Purpose: wrapper to kadm5_randkey_principal which checks the
8356a424ccSmp153739  *	    password's min. life.
847c478bd9Sstevel@tonic-gate  *
857c478bd9Sstevel@tonic-gate  * Arguments:
867c478bd9Sstevel@tonic-gate  *	principal	    (input) krb5_principal whose password we are
877c478bd9Sstevel@tonic-gate  *				    changing
8856a424ccSmp153739  *	keepold 	(input) whether to preserve old keys
8956a424ccSmp153739  *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
9056a424ccSmp153739  *	ks_tuple	(input) array of tuples indicating the caller's
9156a424ccSmp153739  *				requested enctypes/salttypes
927c478bd9Sstevel@tonic-gate  *	key		    (output) new random key
937c478bd9Sstevel@tonic-gate  * 	<return value>	    0, error code on error.
947c478bd9Sstevel@tonic-gate  *
957c478bd9Sstevel@tonic-gate  * Requires:
967c478bd9Sstevel@tonic-gate  *	kadm5_init	 needs to be run
977c478bd9Sstevel@tonic-gate  *
987c478bd9Sstevel@tonic-gate  * Effects:
997c478bd9Sstevel@tonic-gate  *	calls kadm5_randkey_principal
1007c478bd9Sstevel@tonic-gate  *
1017c478bd9Sstevel@tonic-gate  */
1027c478bd9Sstevel@tonic-gate kadm5_ret_t
randkey_principal_wrapper_3(void * server_handle,krb5_principal principal,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,krb5_keyblock ** keys,int * n_keys)10356a424ccSmp153739 randkey_principal_wrapper_3(void *server_handle,
1047c478bd9Sstevel@tonic-gate 			    krb5_principal principal,
10556a424ccSmp153739 			    krb5_boolean keepold,
10656a424ccSmp153739 			    int n_ks_tuple,
10756a424ccSmp153739 			    krb5_key_salt_tuple *ks_tuple,
1087c478bd9Sstevel@tonic-gate 			    krb5_keyblock **keys, int *n_keys)
1097c478bd9Sstevel@tonic-gate {
11056a424ccSmp153739     kadm5_ret_t			ret;
1117c478bd9Sstevel@tonic-gate 
112*661b8ac7SPeter Shoults     /* Solaris Kerberos */
113*661b8ac7SPeter Shoults     ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
11456a424ccSmp153739     if (ret)
11556a424ccSmp153739 	 return ret;
11656a424ccSmp153739     return kadm5_randkey_principal_3(server_handle, principal,
11756a424ccSmp153739 				     keepold, n_ks_tuple, ks_tuple,
11856a424ccSmp153739 				     keys, n_keys);
11956a424ccSmp153739 }
12056a424ccSmp153739 
12156a424ccSmp153739 kadm5_ret_t
schpw_util_wrapper(void * server_handle,krb5_principal princ,char * new_pw,char ** ret_pw,char * msg_ret,unsigned int msg_len)122159d09a2SMark Phalan schpw_util_wrapper(void *server_handle, krb5_principal princ,
12356a424ccSmp153739 		   char *new_pw, char **ret_pw,
12456a424ccSmp153739 		   char *msg_ret, unsigned int msg_len)
12556a424ccSmp153739 {
12656a424ccSmp153739     kadm5_ret_t ret;
12756a424ccSmp153739 
128*661b8ac7SPeter Shoults     /* Solaris Kerberos */
129*661b8ac7SPeter Shoults     ret = kadm5_check_min_life(server_handle, princ, msg_ret, msg_len);
13056a424ccSmp153739     if (ret)
13156a424ccSmp153739 	return ret;
13256a424ccSmp153739 
13356a424ccSmp153739     return kadm5_chpass_principal_util(server_handle, princ,
13456a424ccSmp153739 				       new_pw, ret_pw,
13556a424ccSmp153739 				       msg_ret, msg_len);
13656a424ccSmp153739 }
13756a424ccSmp153739 
13856a424ccSmp153739 kadm5_ret_t
randkey_principal_wrapper(void * server_handle,krb5_principal princ,krb5_keyblock ** keys,int * n_keys)1393125ebfcSsemery randkey_principal_wrapper(void *server_handle, krb5_principal princ,
1403125ebfcSsemery 			  krb5_keyblock ** keys, int *n_keys)
1413125ebfcSsemery {
1423125ebfcSsemery     kadm5_ret_t ret;
1433125ebfcSsemery 
144*661b8ac7SPeter Shoults     /* Solaris Kerberos */
145*661b8ac7SPeter Shoults     ret = kadm5_check_min_life(server_handle, princ, NULL, 0);
1463125ebfcSsemery 	if (ret)
1473125ebfcSsemery 	    return ret;
1483125ebfcSsemery 
1493125ebfcSsemery     return kadm5_randkey_principal(server_handle, princ, keys, n_keys);
1503125ebfcSsemery }
151