Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Database Glue between Samba and the KDC
5 :
6 : Copyright (C) Guenther Deschner <gd@samba.org> 2014
7 : Copyright (C) Andreas Schneider <asn@samba.org> 2014
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include <hdb.h>
26 : #include "sdb.h"
27 : #include "sdb_hdb.h"
28 : #include "lib/krb5_wrap/krb5_samba.h"
29 : #include "librpc/gen_ndr/security.h"
30 : #include "kdc/samba_kdc.h"
31 :
32 : #undef DBGC_CLASS
33 : #define DBGC_CLASS DBGC_KERBEROS
34 :
35 301629 : static void sdb_flags_to_hdb_flags(const struct SDBFlags *s,
36 : HDBFlags *h)
37 : {
38 10142 : SMB_ASSERT(sizeof(struct SDBFlags) == sizeof(HDBFlags));
39 :
40 301629 : h->initial = s->initial;
41 301629 : h->forwardable = s->forwardable;
42 301629 : h->proxiable = s->proxiable;
43 301629 : h->renewable = s->renewable;
44 301629 : h->postdate = s->postdate;
45 301629 : h->server = s->server;
46 301629 : h->client = s->client;
47 301629 : h->invalid = s->invalid;
48 301629 : h->require_preauth = s->require_preauth;
49 301629 : h->change_pw = s->change_pw;
50 301629 : h->require_hwauth = s->require_hwauth;
51 301629 : h->ok_as_delegate = s->ok_as_delegate;
52 301629 : h->user_to_user = s->user_to_user;
53 301629 : h->immutable = s->immutable;
54 301629 : h->trusted_for_delegation = s->trusted_for_delegation;
55 301629 : h->allow_kerberos4 = s->allow_kerberos4;
56 301629 : h->allow_digest = s->allow_digest;
57 301629 : h->locked_out = s->locked_out;
58 301629 : h->require_pwchange = s->require_pwchange;
59 301629 : h->materialize = s->materialize;
60 301629 : h->virtual_keys = s->virtual_keys;
61 301629 : h->virtual = s->virtual;
62 301629 : h->synthetic = s->synthetic;
63 301629 : h->no_auth_data_reqd = s->no_auth_data_reqd;
64 301629 : h->auth_data_reqd = s->auth_data_reqd;
65 301629 : h->_unused25 = s->_unused25;
66 301629 : h->_unused26 = s->_unused26;
67 301629 : h->_unused27 = s->_unused27;
68 301629 : h->_unused28 = s->_unused28;
69 301629 : h->_unused29 = s->_unused29;
70 301629 : h->force_canonicalize = s->force_canonicalize;
71 301629 : h->do_not_store = s->do_not_store;
72 301629 : }
73 :
74 387027 : static int sdb_salt_to_Salt(const struct sdb_salt *s, Salt *h)
75 : {
76 14140 : int ret;
77 :
78 387027 : *h = (struct Salt) {};
79 :
80 387027 : h->type = s->type;
81 387027 : ret = smb_krb5_copy_data_contents(&h->salt, s->salt.data, s->salt.length);
82 387027 : if (ret != 0) {
83 0 : free_Salt(h);
84 0 : return ENOMEM;
85 : }
86 :
87 372887 : return 0;
88 : }
89 :
90 524312 : static int sdb_key_to_Key(const struct sdb_key *s, Key *h)
91 : {
92 18212 : int rc;
93 :
94 524312 : *h = (struct Key) {};
95 :
96 524312 : h->key.keytype = s->key.keytype;
97 542524 : rc = smb_krb5_copy_data_contents(&h->key.keyvalue,
98 524312 : s->key.keyvalue.data,
99 524312 : s->key.keyvalue.length);
100 524312 : if (rc != 0) {
101 0 : goto error_nomem;
102 : }
103 :
104 524312 : if (s->salt != NULL) {
105 387027 : h->salt = malloc(sizeof(Salt));
106 387027 : if (h->salt == NULL) {
107 0 : goto error_nomem;
108 : }
109 :
110 387027 : rc = sdb_salt_to_Salt(s->salt,
111 : h->salt);
112 387027 : if (rc != 0) {
113 0 : goto error_nomem;
114 : }
115 : }
116 :
117 506100 : return 0;
118 :
119 0 : error_nomem:
120 0 : free_Key(h);
121 0 : return ENOMEM;
122 : }
123 :
124 301629 : static int sdb_keys_to_Keys(const struct sdb_keys *s, Keys *h)
125 : {
126 10142 : int ret, i;
127 :
128 301629 : *h = (struct Keys) {};
129 :
130 301629 : if (s->val != NULL) {
131 300767 : h->val = malloc(s->len * sizeof(Key));
132 300767 : if (h->val == NULL) {
133 0 : return ENOMEM;
134 : }
135 819767 : for (i = 0; i < s->len; i++) {
136 537140 : ret = sdb_key_to_Key(&s->val[i],
137 519000 : &h->val[i]);
138 519000 : if (ret != 0) {
139 0 : free_Keys(h);
140 0 : return ENOMEM;
141 : }
142 :
143 519000 : ++h->len;
144 : }
145 : }
146 :
147 291487 : return 0;
148 : }
149 :
150 64520 : static int sdb_keys_to_HistKeys(krb5_context context,
151 : const struct sdb_keys *s,
152 : krb5_kvno kvno,
153 : hdb_entry *h)
154 : {
155 661 : unsigned int i;
156 :
157 69832 : for (i = 0; i < s->len; i++) {
158 5312 : Key k = { 0, };
159 72 : int ret;
160 :
161 5312 : ret = sdb_key_to_Key(&s->val[i], &k);
162 5312 : if (ret != 0) {
163 0 : return ENOMEM;
164 : }
165 5312 : ret = hdb_add_history_key(context, h, kvno, &k);
166 5312 : free_Key(&k);
167 5312 : if (ret != 0) {
168 0 : return ENOMEM;
169 : }
170 : }
171 :
172 63859 : return 0;
173 : }
174 :
175 301629 : static int sdb_event_to_Event(krb5_context context,
176 : const struct sdb_event *s, Event *h)
177 : {
178 10142 : int ret;
179 :
180 301629 : *h = (struct Event) {};
181 :
182 301629 : if (s->principal != NULL) {
183 1149 : ret = krb5_copy_principal(context,
184 1149 : s->principal,
185 1149 : &h->principal);
186 1149 : if (ret != 0) {
187 0 : free_Event(h);
188 0 : return ret;
189 : }
190 : }
191 301629 : h->time = s->time;
192 :
193 301629 : return 0;
194 : }
195 :
196 301629 : int sdb_entry_to_hdb_entry(krb5_context context,
197 : const struct sdb_entry *s,
198 : hdb_entry *h)
199 : {
200 301629 : struct samba_kdc_entry *ske = s->skdc_entry;
201 10142 : unsigned int i;
202 10142 : int rc;
203 :
204 301629 : *h = (hdb_entry) {};
205 :
206 301629 : if (s->principal != NULL) {
207 311771 : rc = krb5_copy_principal(context,
208 291487 : s->principal,
209 301629 : &h->principal);
210 301629 : if (rc != 0) {
211 0 : return rc;
212 : }
213 : }
214 :
215 301629 : h->kvno = s->kvno;
216 :
217 301629 : rc = sdb_keys_to_Keys(&s->keys, &h->keys);
218 301629 : if (rc != 0) {
219 0 : goto error;
220 : }
221 :
222 301629 : if (h->kvno > 1) {
223 42871 : rc = sdb_keys_to_HistKeys(context,
224 : &s->old_keys,
225 42262 : h->kvno - 1,
226 : h);
227 42262 : if (rc != 0) {
228 0 : goto error;
229 : }
230 : }
231 :
232 301629 : if (h->kvno > 2) {
233 22310 : rc = sdb_keys_to_HistKeys(context,
234 : &s->older_keys,
235 22258 : h->kvno - 2,
236 : h);
237 22258 : if (rc != 0) {
238 0 : goto error;
239 : }
240 : }
241 :
242 301629 : rc = sdb_event_to_Event(context,
243 : &s->created_by,
244 : &h->created_by);
245 301629 : if (rc != 0) {
246 0 : goto error;
247 : }
248 :
249 301629 : if (s->modified_by) {
250 0 : h->modified_by = malloc(sizeof(Event));
251 0 : if (h->modified_by == NULL) {
252 0 : rc = ENOMEM;
253 0 : goto error;
254 : }
255 :
256 0 : rc = sdb_event_to_Event(context,
257 0 : s->modified_by,
258 : h->modified_by);
259 0 : if (rc != 0) {
260 0 : goto error;
261 : }
262 : }
263 :
264 301629 : if (s->valid_start != NULL) {
265 0 : h->valid_start = malloc(sizeof(KerberosTime));
266 0 : if (h->valid_start == NULL) {
267 0 : rc = ENOMEM;
268 0 : goto error;
269 : }
270 0 : *h->valid_start = *s->valid_start;
271 : }
272 :
273 301629 : if (s->valid_end != NULL) {
274 0 : h->valid_end = malloc(sizeof(KerberosTime));
275 0 : if (h->valid_end == NULL) {
276 0 : rc = ENOMEM;
277 0 : goto error;
278 : }
279 0 : *h->valid_end = *s->valid_end;
280 : }
281 :
282 301629 : if (s->pw_end != NULL) {
283 82008 : h->pw_end = malloc(sizeof(KerberosTime));
284 82008 : if (h->pw_end == NULL) {
285 0 : rc = ENOMEM;
286 0 : goto error;
287 : }
288 82008 : *h->pw_end = *s->pw_end;
289 : }
290 :
291 301629 : if (s->max_life != NULL) {
292 299618 : h->max_life = malloc(sizeof(*h->max_life));
293 299618 : if (h->max_life == NULL) {
294 0 : rc = ENOMEM;
295 0 : goto error;
296 : }
297 299618 : *h->max_life = *s->max_life;
298 : }
299 :
300 301629 : if (s->max_renew != NULL) {
301 299618 : h->max_renew = malloc(sizeof(*h->max_renew));
302 299618 : if (h->max_renew == NULL) {
303 0 : rc = ENOMEM;
304 0 : goto error;
305 : }
306 299618 : *h->max_renew = *s->max_renew;
307 : }
308 :
309 301629 : sdb_flags_to_hdb_flags(&s->flags, &h->flags);
310 :
311 301629 : if (s->etypes != NULL) {
312 300767 : h->etypes = malloc(sizeof(*h->etypes));
313 300767 : if (h->etypes == NULL) {
314 0 : rc = ENOMEM;
315 0 : goto error;
316 : }
317 :
318 300767 : h->etypes->len = s->etypes->len;
319 :
320 300767 : h->etypes->val = calloc(h->etypes->len, sizeof(int));
321 300767 : if (h->etypes->val == NULL) {
322 0 : rc = ENOMEM;
323 0 : goto error;
324 : }
325 :
326 819767 : for (i = 0; i < h->etypes->len; i++) {
327 519000 : h->etypes->val[i] = s->etypes->val[i];
328 : }
329 : }
330 :
331 301629 : if (s->session_etypes != NULL) {
332 221106 : h->session_etypes = malloc(sizeof(*h->session_etypes));
333 221106 : if (h->session_etypes == NULL) {
334 0 : rc = ENOMEM;
335 0 : goto error;
336 : }
337 :
338 221106 : h->session_etypes->len = s->session_etypes->len;
339 :
340 221106 : h->session_etypes->val = calloc(h->session_etypes->len, sizeof(*h->session_etypes->val));
341 221106 : if (h->session_etypes->val == NULL) {
342 0 : rc = ENOMEM;
343 0 : goto error;
344 : }
345 :
346 856506 : for (i = 0; i < h->session_etypes->len; ++i) {
347 635400 : h->session_etypes->val[i] = s->session_etypes->val[i];
348 : }
349 : }
350 :
351 301629 : h->context = ske;
352 301629 : if (ske != NULL) {
353 300767 : ske->kdc_entry = h;
354 : }
355 291487 : return 0;
356 0 : error:
357 0 : free_hdb_entry(h);
358 0 : return rc;
359 : }
|
