#include "hdb_locl.h"
int
hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
{
Principal new;
size_t len = 0;
int ret;
ret = copy_Principal(p, &new);
if(ret)
return ret;
new.name.name_type = 0;
ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
if (ret == 0 && key->length != len)
krb5_abortx(context, "internal asn.1 encoder error");
free_Principal(&new);
return ret;
}
int
hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
{
return decode_Principal(key->data, key->length, p, NULL);
}
int
hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
{
size_t len = 0;
int ret;
ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
if (ret == 0 && value->length != len)
krb5_abortx(context, "internal asn.1 encoder error");
return ret;
}
int
hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
{
return decode_hdb_entry(value->data, value->length, ent, NULL);
}
int
hdb_entry_alias2value(krb5_context context,
const hdb_entry_alias *alias,
krb5_data *value)
{
size_t len = 0;
int ret;
ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length,
alias, &len, ret);
if (ret == 0 && value->length != len)
krb5_abortx(context, "internal asn.1 encoder error");
return ret;
}
int
hdb_value2entry_alias(krb5_context context, krb5_data *value,
hdb_entry_alias *ent)
{
return decode_hdb_entry_alias(value->data, value->length, ent, NULL);
}
krb5_error_code
_hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry)
{
krb5_principal enterprise_principal = NULL;
krb5_data key, value;
krb5_error_code ret;
if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (principal->name.name_string.len != 1) {
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret, "malformed principal: "
"enterprise name with %d name components",
principal->name.name_string.len);
return ret;
}
ret = krb5_parse_name(context, principal->name.name_string.val[0],
&enterprise_principal);
if (ret)
return ret;
principal = enterprise_principal;
}
hdb_principal2key(context, principal, &key);
if (enterprise_principal)
krb5_free_principal(context, enterprise_principal);
ret = db->hdb__get(context, db, key, &value);
krb5_data_free(&key);
if(ret)
return ret;
ret = hdb_value2entry(context, &value, &entry->entry);
if (ret == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) {
krb5_data_free(&value);
return HDB_ERR_NOENTRY;
} else if (ret == ASN1_BAD_ID) {
hdb_entry_alias alias;
ret = hdb_value2entry_alias(context, &value, &alias);
if (ret) {
krb5_data_free(&value);
return ret;
}
hdb_principal2key(context, alias.principal, &key);
krb5_data_free(&value);
free_hdb_entry_alias(&alias);
ret = db->hdb__get(context, db, key, &value);
krb5_data_free(&key);
if (ret)
return ret;
ret = hdb_value2entry(context, &value, &entry->entry);
if (ret) {
krb5_data_free(&value);
return ret;
}
}
krb5_data_free(&value);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
#ifdef notnow
if ((flags & HDB_F_KVNO_SPECIFIED) == 0 &&
(flags & HDB_F_CURRENT_KVNO) == 0) {
ret = hdb_unseal_keys_kvno(context, db, 0, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
return ret;
}
} else if ((flags & HDB_F_KVNO_SPECIFIED) != 0 &&
kvno != entry->entry.kvno &&
kvno < entry->entry.kvno &&
kvno > 0) {
ret = hdb_unseal_keys_kvno(context, db, kvno, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
return ret;
}
}
#endif
ret = hdb_unseal_keys(context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
return ret;
}
}
return ret;
}
static krb5_error_code
hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
{
const HDB_Ext_Aliases *aliases;
krb5_error_code code;
hdb_entry oldentry;
krb5_data value;
size_t i;
code = db->hdb__get(context, db, *key, &value);
if (code == HDB_ERR_NOENTRY)
return 0;
else if (code)
return code;
code = hdb_value2entry(context, &value, &oldentry);
krb5_data_free(&value);
if (code)
return code;
code = hdb_entry_get_aliases(&oldentry, &aliases);
if (code || aliases == NULL) {
free_hdb_entry(&oldentry);
return code;
}
for (i = 0; i < aliases->aliases.len; i++) {
krb5_data akey;
hdb_principal2key(context, &aliases->aliases.val[i], &akey);
code = db->hdb__del(context, db, akey);
krb5_data_free(&akey);
if (code) {
free_hdb_entry(&oldentry);
return code;
}
}
free_hdb_entry(&oldentry);
return 0;
}
static krb5_error_code
hdb_add_aliases(krb5_context context, HDB *db,
unsigned flags, hdb_entry_ex *entry)
{
const HDB_Ext_Aliases *aliases;
krb5_error_code code;
krb5_data key, value;
size_t i;
code = hdb_entry_get_aliases(&entry->entry, &aliases);
if (code || aliases == NULL)
return code;
for (i = 0; i < aliases->aliases.len; i++) {
hdb_entry_alias entryalias;
entryalias.principal = entry->entry.principal;
hdb_principal2key(context, &aliases->aliases.val[i], &key);
code = hdb_entry_alias2value(context, &entryalias, &value);
if (code) {
krb5_data_free(&key);
return code;
}
code = db->hdb__put(context, db, flags, key, value);
krb5_data_free(&key);
krb5_data_free(&value);
if (code)
return code;
}
return 0;
}
static krb5_error_code
hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry)
{
const HDB_Ext_Aliases *aliases;
int code;
size_t i;
code = hdb_entry_get_aliases(&entry->entry, &aliases);
if (code)
return code;
for (i = 0; aliases && i < aliases->aliases.len; i++) {
hdb_entry_alias alias;
krb5_data akey, value;
hdb_principal2key(context, &aliases->aliases.val[i], &akey);
code = db->hdb__get(context, db, akey, &value);
krb5_data_free(&akey);
if (code == HDB_ERR_NOENTRY)
continue;
else if (code)
return code;
code = hdb_value2entry_alias(context, &value, &alias);
krb5_data_free(&value);
if (code == ASN1_BAD_ID)
return HDB_ERR_EXISTS;
else if (code)
return code;
code = krb5_principal_compare(context, alias.principal,
entry->entry.principal);
free_hdb_entry_alias(&alias);
if (code == 0)
return HDB_ERR_EXISTS;
}
return 0;
}
krb5_error_code
_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_data key, value;
int code;
code = hdb_check_aliases(context, db, entry);
if (code)
return code;
if(entry->entry.generation == NULL) {
struct timeval t;
entry->entry.generation = malloc(sizeof(*entry->entry.generation));
if(entry->entry.generation == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
gettimeofday(&t, NULL);
entry->entry.generation->time = t.tv_sec;
entry->entry.generation->usec = t.tv_usec;
entry->entry.generation->gen = 0;
} else
entry->entry.generation->gen++;
code = hdb_seal_keys(context, db, &entry->entry);
if (code)
return code;
hdb_principal2key(context, entry->entry.principal, &key);
code = hdb_remove_aliases(context, db, &key);
if (code) {
krb5_data_free(&key);
return code;
}
hdb_entry2value(context, &entry->entry, &value);
code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
krb5_data_free(&value);
krb5_data_free(&key);
if (code)
return code;
code = hdb_add_aliases(context, db, flags, entry);
return code;
}
krb5_error_code
_hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
{
krb5_data key;
int code;
hdb_principal2key(context, principal, &key);
code = hdb_remove_aliases(context, db, &key);
if (code) {
krb5_data_free(&key);
return code;
}
code = db->hdb__del(context, db, key);
krb5_data_free(&key);
return code;
}
