/* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * lib/krb5/keytab/srvtab/kts_resolv.c * * Copyright 1990,1991,2002 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #include "k5-int.h" #include /* * Constants */ #define IGNORE_VNO 0 #define IGNORE_ENCTYPE 0 #define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ #define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO /* * Types */ typedef struct _krb5_ktsrvtab_data { char *name; /* Name of the file */ FILE *openf; /* open file, if any. */ } krb5_ktsrvtab_data; /* * Macros */ #define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data) #define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name) #define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf) extern const struct _krb5_kt_ops krb5_kts_ops; static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve (krb5_context, const char *, krb5_keytab *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name (krb5_context, krb5_keytab, char *, unsigned int); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close (krb5_context, krb5_keytab); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry (krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get (krb5_context, krb5_keytab, krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next (krb5_context, krb5_keytab, krb5_keytab_entry *, krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get (krb5_context, krb5_keytab, krb5_kt_cursor *); static krb5_error_code krb5_ktsrvint_open (krb5_context, krb5_keytab); static krb5_error_code krb5_ktsrvint_close (krb5_context, krb5_keytab); static krb5_error_code krb5_ktsrvint_read_entry (krb5_context, krb5_keytab, krb5_keytab_entry *); /* * This is an implementation specific resolver. It returns a keytab id * initialized with srvtab keytab routines. */ static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) { krb5_ktsrvtab_data *data; FILE *fp; /* Make sure we can open the srvtab file for reading. */ /* Solaris Kerberos */ fp = fopen(name, "rF"); if (!fp) return(errno); fclose(fp); if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) return(ENOMEM); (*id)->ops = &krb5_kts_ops; data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data)); if (data == NULL) { krb5_xfree(*id); return(ENOMEM); } data->name = (char *)malloc(strlen(name) + 1); if (data->name == NULL) { krb5_xfree(data); krb5_xfree(*id); return(ENOMEM); } (void) strcpy(data->name, name); data->openf = 0; (*id)->data = (krb5_pointer)data; (*id)->magic = KV5M_KEYTAB; return(0); } /* * "Close" a file-based keytab and invalidate the id. This means * free memory hidden in the structures. */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close(krb5_context context, krb5_keytab id) /* * This routine is responsible for freeing all memory allocated * for this keytab. There are no system resources that need * to be freed nor are there any open files. * * This routine should undo anything done by krb5_ktsrvtab_resolve(). */ { krb5_xfree(KTFILENAME(id)); krb5_xfree(id->data); id->ops = 0; krb5_xfree(id); return (0); } /* * This is the get_entry routine for the file based keytab implementation. * It opens the keytab file, and either retrieves the entry or returns * an error. */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_keytab_entry best_entry, ent; krb5_error_code kerror = 0; int found_wrong_kvno = 0; /* Open the srvtab. */ if ((kerror = krb5_ktsrvint_open(context, id))) return(kerror); /* srvtab files only have DES_CBC_CRC keys. */ switch (enctype) { case ENCTYPE_DES_CBC_CRC: case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_RAW: case IGNORE_ENCTYPE: break; default: return KRB5_KT_NOTFOUND; } best_entry.principal = 0; best_entry.vno = 0; best_entry.key.contents = 0; while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { ent.key.enctype = enctype; if (krb5_principal_compare(context, principal, ent.principal)) { if (kvno == IGNORE_VNO) { if (!best_entry.principal || (best_entry.vno < ent.vno)) { krb5_kt_free_entry(context, &best_entry); best_entry = ent; } } else { if (ent.vno == kvno) { best_entry = ent; break; } else { found_wrong_kvno = 1; } } } else { krb5_kt_free_entry(context, &ent); } } if (kerror == KRB5_KT_END) { if (best_entry.principal) kerror = 0; else if (found_wrong_kvno) kerror = KRB5_KT_KVNONOTFOUND; else kerror = KRB5_KT_NOTFOUND; } if (kerror) { (void) krb5_ktsrvint_close(context, id); krb5_kt_free_entry(context, &best_entry); return kerror; } if ((kerror = krb5_ktsrvint_close(context, id)) != 0) { krb5_kt_free_entry(context, &best_entry); return kerror; } *entry = best_entry; return 0; } /* * Get the name of the file containing a srvtab-based keytab. */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) /* * This routine returns the name of the name of the file associated with * this srvtab-based keytab. The name is prefixed with PREFIX:, so that * trt will happen if the name is passed back to resolve. */ { memset(name, 0, len); if (len < strlen(id->ops->prefix)+2) return(KRB5_KT_NAME_TOOLONG); strcpy(name, id->ops->prefix); name += strlen(id->ops->prefix); name[0] = ':'; name++; len -= strlen(id->ops->prefix)+1; /* Solaris Kerberos */ if (len < strlen(KTFILENAME(id))+1) return(KRB5_KT_NAME_TOOLONG); strcpy(name, KTFILENAME(id)); /* strcpy will NUL-terminate the destination */ return(0); } /* * krb5_ktsrvtab_start_seq_get() */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp) { krb5_error_code retval; long *fileoff; if ((retval = krb5_ktsrvint_open(context, id))) return retval; if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { krb5_ktsrvint_close(context, id); return ENOMEM; } *fileoff = ftell(KTFILEP(id)); *cursorp = (krb5_kt_cursor)fileoff; return 0; } /* * krb5_ktsrvtab_get_next() */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { long *fileoff = (long *)*cursor; krb5_keytab_entry cur_entry; krb5_error_code kerror; if (fseek(KTFILEP(id), *fileoff, 0) == -1) return KRB5_KT_END; if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry))) return kerror; *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; return 0; } /* * krb5_ktsrvtab_end_get() */ krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { krb5_xfree(*cursor); return krb5_ktsrvint_close(context, id); } /* * krb5_kts_ops */ const struct _krb5_kt_ops krb5_kts_ops = { 0, "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ krb5_ktsrvtab_resolve, krb5_ktsrvtab_get_name, krb5_ktsrvtab_close, krb5_ktsrvtab_get_entry, krb5_ktsrvtab_start_seq_get, krb5_ktsrvtab_get_next, krb5_ktsrvtab_end_get, 0, 0, 0 }; /* * formerly: lib/krb5/keytab/srvtab/kts_util.c * * Copyright (c) Hewlett-Packard Company 1991 * Released to the Massachusetts Institute of Technology for inclusion * in the Kerberos source code distribution. * * Copyright 1990,1991 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * This function contains utilities for the srvtab based implementation * of the keytab. There are no public functions in this file. */ #include #ifdef ANSI_STDIO /* Solaris Kerberos */ #define READ_MODE "rbF" #else /* Solaris Kerberos */ #define READ_MODE "rF" #endif /* The maximum sizes for V4 aname, realm, sname, and instance +1 */ /* Taken from krb.h */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 static krb5_error_code read_field(FILE *fp, char *s, int len) { int c; while ((c = getc(fp)) != 0) { if (c == EOF || len <= 1) return KRB5_KT_END; *s = c; s++; len--; } *s = 0; return 0; } krb5_error_code krb5_ktsrvint_open(krb5_context context, krb5_keytab id) { KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) return errno; return 0; } krb5_error_code krb5_ktsrvint_close(krb5_context context, krb5_keytab id) { if (!KTFILEP(id)) return 0; (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; return 0; } krb5_error_code krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry) { FILE *fp; char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ]; unsigned char key[8]; int vno; krb5_error_code kerror; /* Read in an entry from the srvtab file. */ fp = KTFILEP(id); kerror = read_field(fp, name, sizeof(name)); if (kerror != 0) return kerror; kerror = read_field(fp, instance, sizeof(instance)); if (kerror != 0) return kerror; kerror = read_field(fp, realm, sizeof(realm)); if (kerror != 0) return kerror; vno = getc(fp); if (vno == EOF) return KRB5_KT_END; if (fread(key, 1, sizeof(key), fp) != sizeof(key)) return KRB5_KT_END; /* Fill in ret_entry with the data we read. Everything maps well * except for the timestamp, which we don't have a value for. For * now we just set it to 0. */ memset(ret_entry, 0, sizeof(*ret_entry)); ret_entry->magic = KV5M_KEYTAB_ENTRY; kerror = krb5_425_conv_principal(context, name, instance, realm, &ret_entry->principal); if (kerror != 0) return kerror; ret_entry->vno = vno; ret_entry->timestamp = 0; ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC; ret_entry->key.magic = KV5M_KEYBLOCK; ret_entry->key.length = sizeof(key); ret_entry->key.contents = malloc(sizeof(key)); if (!ret_entry->key.contents) { krb5_free_principal(context, ret_entry->principal); return ENOMEM; } memcpy(ret_entry->key.contents, key, sizeof(key)); return 0; }