Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Samba KDB plugin for MIT Kerberos
5 :
6 : Copyright (c) 2010 Simo Sorce <idra@samba.org>.
7 : Copyright (c) 2014 Andreas Schneider <asn@samba.org>
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 :
25 : #include "system/kerberos.h"
26 :
27 : #include <profile.h>
28 : #include <kdb.h>
29 :
30 : #include "kdc/mit_samba.h"
31 : #include "kdb_samba.h"
32 :
33 : #undef DBGC_CLASS
34 : #define DBGC_CLASS DBGC_KERBEROS
35 :
36 36 : struct mit_samba_context *ks_get_context(krb5_context kcontext)
37 : {
38 36 : struct mit_samba_context *mit_ctx = NULL;
39 36 : void *db_ctx = NULL;
40 : krb5_error_code code;
41 :
42 36 : code = krb5_db_get_context(kcontext, &db_ctx);
43 36 : if (code != 0) {
44 0 : return NULL;
45 : }
46 :
47 36 : mit_ctx = talloc_get_type_abort(db_ctx, struct mit_samba_context);
48 :
49 : /*
50 : * This is nomrally the starting point for Kerberos operations in
51 : * MIT KRB5, so reset errno to 0 for possible com_err debug messages.
52 : */
53 36 : errno = 0;
54 :
55 36 : return mit_ctx;
56 : }
57 :
58 84 : bool ks_data_eq_string(krb5_data d, const char *s)
59 : {
60 : int rc;
61 :
62 84 : if (d.length != strlen(s) || d.length == 0) {
63 36 : return false;
64 : }
65 :
66 48 : rc = memcmp(d.data, s, d.length);
67 48 : if (rc != 0) {
68 0 : return false;
69 : }
70 :
71 48 : return true;
72 : }
73 :
74 0 : krb5_data ks_make_data(void *data, unsigned int len)
75 : {
76 : krb5_data d;
77 :
78 0 : d.magic = KV5M_DATA;
79 0 : d.data = data;
80 0 : d.length = len;
81 :
82 0 : return d;
83 : }
84 :
85 0 : krb5_boolean ks_is_kadmin(krb5_context context,
86 : krb5_const_principal princ)
87 : {
88 0 : return krb5_princ_size(context, princ) >= 1 &&
89 0 : ks_data_eq_string(princ->data[0], "kadmin");
90 : }
91 :
92 12 : krb5_boolean ks_is_kadmin_history(krb5_context context,
93 : krb5_const_principal princ)
94 : {
95 12 : return krb5_princ_size(context, princ) == 2 &&
96 24 : ks_data_eq_string(princ->data[0], "kadmin") &&
97 12 : ks_data_eq_string(princ->data[1], "history");
98 : }
99 :
100 12 : krb5_boolean ks_is_kadmin_changepw(krb5_context context,
101 : krb5_const_principal princ)
102 : {
103 12 : return krb5_princ_size(context, princ) == 2 &&
104 24 : ks_data_eq_string(princ->data[0], "kadmin") &&
105 12 : ks_data_eq_string(princ->data[1], "changepw");
106 : }
107 :
108 12 : krb5_boolean ks_is_kadmin_admin(krb5_context context,
109 : krb5_const_principal princ)
110 : {
111 12 : return krb5_princ_size(context, princ) == 2 &&
112 24 : ks_data_eq_string(princ->data[0], "kadmin") &&
113 12 : ks_data_eq_string(princ->data[1], "admin");
114 : }
|
