Policy extensions + new policy: allowed ks types

This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
author: Nicolas Williams <nico@cryptonector.com> 2012-07-18 16:27:35 -0500
committer: Greg Hudson <ghudson@mit.edu> 2012-07-30 19:11:28 -0400
commit: 5829ca2b348974e52a67b553afc7f7491007c33a (patch)
tree: 3fdbcdfc56a26445c2f2fce9fb72b6deddb28d0f /src/plugins/kdb
parent: 796366a03ea170efb937913acae36a2083a5329e (diff)
download: krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.gz
krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.xz
krb5-5829ca2b348974e52a67b553afc7f7491007c33a.zip
2 files changed, 27 insertions, 49 deletions
diff --git a/src/plugins/kdb/db2/pol_xdr.c b/src/plugins/kdb/db2/pol_xdr.c
index 315d0d1c5..e8576337c 100644
--- a/src/plugins/kdb/db2/pol_xdr.c
+++ b/src/plugins/kdb/db2/pol_xdr.c
@@ -2,68 +2,29 @@
 #include <krb5.h>
 #include <gssrpc/rpc.h>
 #include <kdb.h>
+#include <kadm5/admin_xdr.h>
 #include "policy_db.h"
 #ifdef HAVE_MEMORY_H
 #include <memory.h>
 #endif
 #include <string.h>
 
-static
-bool_t xdr_nullstring(XDR *xdrs, char **objp)
-{
-     u_int size;
-
-     if (xdrs->x_op == XDR_ENCODE) {
-          if (*objp == NULL)
-               size = 0;
-          else
-               size = strlen(*objp) + 1;
-     }
-     if (! xdr_u_int(xdrs, &size)) {
-          return FALSE;
-        }
-     switch (xdrs->x_op) {
-     case XDR_DECODE:
-          if (size == 0) {
-               *objp = NULL;
-               return TRUE;
-          } else if (*objp == NULL) {
-               *objp = (char *) mem_alloc(size);
-               if (*objp == NULL) {
-                    errno = ENOMEM;
-                    return FALSE;
-               }
-          }
-          return (xdr_opaque(xdrs, *objp, size));
-
-     case XDR_ENCODE:
-          if (size != 0)
-               return (xdr_opaque(xdrs, *objp, size));
-          return TRUE;
-
-     case XDR_FREE:
-          if (*objp != NULL)
-               mem_free(*objp, size);
-          *objp = NULL;
-          return TRUE;
-     }
-
-     return FALSE;
-}
-
 static int
 osa_policy_min_vers(osa_policy_ent_t objp)
 {
-    int vers;
+    if (objp->attributes ||
+        objp->max_life ||
+        objp->max_renewable_life ||
+        objp->allowed_keysalts ||
+        objp->n_tl_data)
+        return OSA_ADB_POLICY_VERSION_3;
 
     if (objp->pw_max_fail ||
         objp->pw_failcnt_interval ||
         objp->pw_lockout_duration)
-        vers = OSA_ADB_POLICY_VERSION_2;
-    else
-        vers = OSA_ADB_POLICY_VERSION_1;
+        return OSA_ADB_POLICY_VERSION_2;
 
-    return vers;
+    return OSA_ADB_POLICY_VERSION_1;
 }
 
 bool_t
@@ -81,7 +42,8 @@ xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
 	 if (!xdr_int(xdrs, &objp->version))
 	      return FALSE;
 	 if (objp->version != OSA_ADB_POLICY_VERSION_1 &&
-             objp->version != OSA_ADB_POLICY_VERSION_2)
+             objp->version != OSA_ADB_POLICY_VERSION_2 &&
+             objp->version != OSA_ADB_POLICY_VERSION_3)
 	      return FALSE;
 	 break;
     }
@@ -108,5 +70,20 @@ xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
         if (!xdr_u_int32(xdrs, &objp->pw_lockout_duration))
 	    return (FALSE);
     }
+    if (objp->version > OSA_ADB_POLICY_VERSION_2) {
+        if (!xdr_u_int32(xdrs, &objp->attributes))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->max_life))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->max_renewable_life))
+	    return (FALSE);
+        if (!xdr_nullstring(xdrs, &objp->allowed_keysalts))
+	    return (FALSE);
+        if (!xdr_short(xdrs, &objp->n_tl_data))
+            return (FALSE);
+        if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+                          xdr_krb5_tl_data))
+            return FALSE;
+    }
     return (TRUE);
 }
diff --git a/src/plugins/kdb/db2/policy_db.h b/src/plugins/kdb/db2/policy_db.h
index 6c920bc44..07026e35a 100644
--- a/src/plugins/kdb/db2/policy_db.h
+++ b/src/plugins/kdb/db2/policy_db.h
@@ -41,6 +41,7 @@ typedef long            osa_adb_ret_t;
 #define OSA_ADB_POLICY_VERSION_MASK     0x12345D00
 #define OSA_ADB_POLICY_VERSION_1        0x12345D01
 #define OSA_ADB_POLICY_VERSION_2        0x12345D02
+#define OSA_ADB_POLICY_VERSION_3        0x12345D03
author	Nicolas Williams <nico@cryptonector.com>	2012-07-18 16:27:35 -0500
committer	Greg Hudson <ghudson@mit.edu>	2012-07-30 19:11:28 -0400
commit	5829ca2b348974e52a67b553afc7f7491007c33a (patch)
tree	3fdbcdfc56a26445c2f2fce9fb72b6deddb28d0f /src/plugins/kdb
parent	796366a03ea170efb937913acae36a2083a5329e (diff)
download	krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.gz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.xz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.zip