1 /*
2    Unix SMB/CIFS implementation.
3 
4    Database Glue between Samba and the KDC
5 
6    Copyright (C) Guenther Deschner <gd@samba.org> 2014
7    Copyright (C) Andreas Schneider <asn@samba.org> 2014
8 
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13 
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18 
19 
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23 
24 #include "includes.h"
25 #include "system/kerberos.h"
26 #include "sdb.h"
27 #include "lib/krb5_wrap/krb5_samba.h"
28 
sdb_free_entry(struct sdb_entry_ex * ent)29 void sdb_free_entry(struct sdb_entry_ex *ent)
30 {
31 	struct sdb_key *k;
32 	size_t i;
33 
34 	if (ent->free_entry) {
35 		(*ent->free_entry)(ent);
36 	}
37 
38 	for (i = 0; i < ent->entry.keys.len; i++) {
39 		k = &ent->entry.keys.val[i];
40 
41 		/*
42 		 * Passing NULL as the Kerberos context is intentional here, as
43 		 * both Heimdal and MIT libraries don't use the context when
44 		 * clearing the keyblocks.
45 		 */
46 		krb5_free_keyblock_contents(NULL, &k->key);
47 	}
48 
49 	free_sdb_entry(&ent->entry);
50 }
51 
free_sdb_key(struct sdb_key * k)52 static void free_sdb_key(struct sdb_key *k)
53 {
54 	if (k == NULL) {
55 		return;
56 	}
57 
58 	if (k->mkvno) {
59 		free(k->mkvno);
60 	}
61 
62 	/* keyblock not alloced */
63 
64 	if (k->salt) {
65 		smb_krb5_free_data_contents(NULL, &k->salt->salt);
66 	}
67 
68 	ZERO_STRUCTP(k);
69 }
70 
free_sdb_entry(struct sdb_entry * s)71 void free_sdb_entry(struct sdb_entry *s)
72 {
73 	unsigned int i;
74 
75 	/*
76 	 * Passing NULL as the Kerberos context is intentional here, as both
77 	 * Heimdal and MIT libraries don't use the context when clearing the
78 	 * principals.
79 	 */
80 	krb5_free_principal(NULL, s->principal);
81 
82 	if (s->keys.len) {
83 		for (i=0; i < s->keys.len; i++) {
84 			free_sdb_key(&s->keys.val[i]);
85 		}
86 		free(s->keys.val);
87 	}
88 	krb5_free_principal(NULL, s->created_by.principal);
89 	if (s->modified_by) {
90 		krb5_free_principal(NULL, s->modified_by->principal);
91 	}
92 	SAFE_FREE(s->valid_start);
93 	SAFE_FREE(s->valid_end);
94 	SAFE_FREE(s->pw_end);
95 
96 	ZERO_STRUCTP(s);
97 }
98 
int2SDBFlags(unsigned n)99 struct SDBFlags int2SDBFlags(unsigned n)
100 {
101 	struct SDBFlags flags;
102 
103 	memset(&flags, 0, sizeof(flags));
104 
105 	flags.initial = (n >> 0) & 1;
106 	flags.forwardable = (n >> 1) & 1;
107 	flags.proxiable = (n >> 2) & 1;
108 	flags.renewable = (n >> 3) & 1;
109 	flags.postdate = (n >> 4) & 1;
110 	flags.server = (n >> 5) & 1;
111 	flags.client = (n >> 6) & 1;
112 	flags.invalid = (n >> 7) & 1;
113 	flags.require_preauth = (n >> 8) & 1;
114 	flags.change_pw = (n >> 9) & 1;
115 	flags.require_hwauth = (n >> 10) & 1;
116 	flags.ok_as_delegate = (n >> 11) & 1;
117 	flags.user_to_user = (n >> 12) & 1;
118 	flags.immutable = (n >> 13) & 1;
119 	flags.trusted_for_delegation = (n >> 14) & 1;
120 	flags.allow_kerberos4 = (n >> 15) & 1;
121 	flags.allow_digest = (n >> 16) & 1;
122 	flags.locked_out = (n >> 17) & 1;
123 	flags.do_not_store = (n >> 31) & 1;
124 	return flags;
125 }
126