2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 struct timeval _kdc_now;
39 _kdc_db_fetch(krb5_context context,
40 krb5_kdc_configuration *config,
41 krb5_const_principal principal,
48 krb5_error_code ret = HDB_ERR_NOENTRY;
54 flags |= HDB_F_KVNO_SPECIFIED;
57 ent = calloc (1, sizeof (*ent));
59 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
63 for(i = 0; i < config->num_db; i++) {
64 krb5_principal enterprise_principal = NULL;
65 if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
66 && principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
67 if (principal->name.name_string.len != 1) {
68 ret = KRB5_PARSE_MALFORMED;
69 krb5_set_error_message(context, ret,
71 "enterprise name with %d name components",
72 principal->name.name_string.len);
76 ret = krb5_parse_name(context, principal->name.name_string.val[0],
77 &enterprise_principal);
83 principal = enterprise_principal;
86 ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
88 const char *msg = krb5_get_error_message(context, ret);
89 kdc_log(context, config, 0, "Failed to open database: %s", msg);
90 krb5_free_error_message(context, msg);
94 ret = config->db[i]->hdb_fetch_kvno(context,
97 flags | HDB_F_DECRYPT,
101 krb5_free_principal(context, enterprise_principal);
103 config->db[i]->hdb_close(context, config->db[i]);
112 krb5_set_error_message(context, ret,
113 "no such entry found in hdb");
118 _kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
120 hdb_free_entry (context, ent);
125 * Use the order list of preferred encryption types and sort the
126 * available keys and return the most preferred key.
130 _kdc_get_preferred_key(krb5_context context,
131 krb5_kdc_configuration *config,
134 krb5_enctype *enctype,
140 if (config->use_strongest_server_key) {
141 const krb5_enctype *p = krb5_kerberos_enctypes(context);
143 for (i = 0; p[i] != ETYPE_NULL; i++) {
144 if (krb5_enctype_valid(context, p[i]) != 0)
146 ret = hdb_enctype2key(context, &h->entry, p[i], key);
156 for (i = 0; i < h->entry.keys.len; i++) {
157 if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
160 ret = hdb_enctype2key(context, &h->entry,
161 h->entry.keys.val[i].key.keytype, key);
165 *enctype = (*key)->key.keytype;
170 krb5_set_error_message(context, EINVAL,
171 "No valid kerberos key found for %s", name);
172 return EINVAL; /* XXX */