-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathk5_db.c
127 lines (95 loc) · 2.57 KB
/
k5_db.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
* k5_db.c
*
* Deal with kerberos database.
*
* $Id: k5_db.c,v 1.1.1.1 2009/11/13 09:13:02 kouril Exp $
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <krb5.h>
#include <kadm5/admin.h>
#include <com_err.h>
#include "k5_db.h"
char k5_db_error[255] = "No Error";
static void *handle;
/*
* Initialize database
*/
int
k5_db_init(char *whoami, krb5_context context, kadm5_config_params * params)
{
int retval;
/*
* kadm5_init() is sufficient to get keys out of the database, but in
* order to get whole entries (with krb5_db_get_principal()) we also
* need to call krb5_dbm_db_init(). *shrug*
*/
if ((retval = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, &handle))) {
sprintf(k5_db_error, "%s initializing kadm5 library", error_message(retval));
return -1;
}
if (retval = krb5_dbm_db_init(context)) {
sprintf(k5_db_error, "%s initializing database routines (krb5_dbm_db_init())", error_message(retval));
return -1;
}
return 0;
}
/*
* Close database
*/
void
k5_db_close(krb5_context context)
{
(void)krb5_dbm_db_fini(context);
(void)kadm5_destroy(handle);
}
/*
* Given a principal and a key type, retreive the key
*/
krb5_error_code
k5_db_get_key(krb5_context context, krb5_principal princ, krb5_keyblock ** key, krb5_enctype ktype)
{
krb5_error_code retval;
kadm5_principal_ent_rec princ_ent;
*key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock));
if (*key == NULL) {
sprintf(k5_db_error, "malloc failed");
return -1;
}
if (retval = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KEY_DATA)) {
sprintf(k5_db_error, "%s get principal information", error_message(retval));
return retval;
}
if (retval = kadm5_decrypt_key(handle, &princ_ent, ktype, -1, -1, *key, NULL, NULL))
sprintf(k5_db_error, "%s decrypting key", error_message(retval));
kadm5_free_principal_ent(handle, &princ_ent);
return retval;
}
/*
* Given a principal, retreive it's DB entry
*
* From kdc/do_as_req.c:process_as_req()
*/
krb5_error_code
k5_db_get_entry(krb5_context context, krb5_principal princ, krb5_db_entry * entry)
{
int nprincs = 1;
krb5_boolean more;
krb5_error_code retval;
if (retval = krb5_db_get_principal(context, princ, entry, &nprincs, &more)) {
sprintf(k5_db_error, "%s looking up principal", error_message(retval));
return retval;
}
if (more) {
sprintf(k5_db_error, "Non-unique principal");
return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
}
if (nprincs != 1) {
sprintf(k5_db_error, "Principal not found");
return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
}
return retval;
}