17c478bd9Sstevel@tonic-gate /*
2e49962a0Ssemery  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
37c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate  */
57c478bd9Sstevel@tonic-gate 
67c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
77c478bd9Sstevel@tonic-gate 
8*56a424ccSmp 
97c478bd9Sstevel@tonic-gate /*
107c478bd9Sstevel@tonic-gate  * kadmin/ktutil/ktutil_funcs.c
117c478bd9Sstevel@tonic-gate  *
127c478bd9Sstevel@tonic-gate  *(C) Copyright 1995, 1996 by the Massachusetts Institute of Technology.
137c478bd9Sstevel@tonic-gate  * All Rights Reserved.
147c478bd9Sstevel@tonic-gate  *
157c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
167c478bd9Sstevel@tonic-gate  *   require a specific license from the United States Government.
177c478bd9Sstevel@tonic-gate  *   It is the responsibility of any person or organization contemplating
187c478bd9Sstevel@tonic-gate  *   export to obtain such a license before exporting.
197c478bd9Sstevel@tonic-gate  *
207c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
217c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
227c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
237c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
247c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
257c478bd9Sstevel@tonic-gate  * the name of M.I.T. not be used in advertising or publicity pertaining
267c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
277c478bd9Sstevel@tonic-gate  * permission.  Furthermore if you modify this software you must label
287c478bd9Sstevel@tonic-gate  * your software as modified software and not distribute it in such a
297c478bd9Sstevel@tonic-gate  * fashion that it might be confused with the original M.I.T. software.
307c478bd9Sstevel@tonic-gate  * M.I.T. makes no representations about the suitability of
317c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
327c478bd9Sstevel@tonic-gate  * or implied warranty.
337c478bd9Sstevel@tonic-gate  *
347c478bd9Sstevel@tonic-gate  * Utility functions for ktutil.
357c478bd9Sstevel@tonic-gate  */
367c478bd9Sstevel@tonic-gate 
377c478bd9Sstevel@tonic-gate #include "k5-int.h"
387c478bd9Sstevel@tonic-gate #include "ktutil.h"
397c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
407c478bd9Sstevel@tonic-gate #include "kerberosIV/krb.h"
417c478bd9Sstevel@tonic-gate #include <stdio.h>
427c478bd9Sstevel@tonic-gate #endif
437c478bd9Sstevel@tonic-gate #include <string.h>
447c478bd9Sstevel@tonic-gate #include <ctype.h>
457c478bd9Sstevel@tonic-gate #include <libintl.h>
467c478bd9Sstevel@tonic-gate 
477c478bd9Sstevel@tonic-gate /*
487c478bd9Sstevel@tonic-gate  * Free a kt_list
497c478bd9Sstevel@tonic-gate  */
ktutil_free_kt_list(context,list)507c478bd9Sstevel@tonic-gate krb5_error_code ktutil_free_kt_list(context, list)
517c478bd9Sstevel@tonic-gate     krb5_context context;
527c478bd9Sstevel@tonic-gate     krb5_kt_list list;
537c478bd9Sstevel@tonic-gate {
547c478bd9Sstevel@tonic-gate     krb5_kt_list lp, prev;
557c478bd9Sstevel@tonic-gate     krb5_error_code retval = 0;
567c478bd9Sstevel@tonic-gate 
577c478bd9Sstevel@tonic-gate     for (lp = list; lp;) {
587c478bd9Sstevel@tonic-gate 	retval = krb5_kt_free_entry(context, lp->entry);
597c478bd9Sstevel@tonic-gate 	free((char *)lp->entry);
607c478bd9Sstevel@tonic-gate 	if (retval)
617c478bd9Sstevel@tonic-gate 	    break;
627c478bd9Sstevel@tonic-gate 	prev = lp;
637c478bd9Sstevel@tonic-gate 	lp = lp->next;
647c478bd9Sstevel@tonic-gate 	free((char *)prev);
657c478bd9Sstevel@tonic-gate     }
667c478bd9Sstevel@tonic-gate     return retval;
677c478bd9Sstevel@tonic-gate }
687c478bd9Sstevel@tonic-gate 
697c478bd9Sstevel@tonic-gate /*
707c478bd9Sstevel@tonic-gate  * Delete a numbered entry in a kt_list.  Takes a pointer to a kt_list
717c478bd9Sstevel@tonic-gate  * in case head gets deleted.
727c478bd9Sstevel@tonic-gate  */
ktutil_delete(context,list,idx)73*56a424ccSmp krb5_error_code ktutil_delete(context, list, idx)
747c478bd9Sstevel@tonic-gate     krb5_context context;
757c478bd9Sstevel@tonic-gate     krb5_kt_list *list;
76*56a424ccSmp     int idx;
777c478bd9Sstevel@tonic-gate {
787c478bd9Sstevel@tonic-gate     krb5_kt_list lp, prev;
797c478bd9Sstevel@tonic-gate     int i;
807c478bd9Sstevel@tonic-gate 
817c478bd9Sstevel@tonic-gate     for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
82*56a424ccSmp 	if (i == idx) {
837c478bd9Sstevel@tonic-gate 	    if (i == 1)
847c478bd9Sstevel@tonic-gate 		*list = lp->next;
857c478bd9Sstevel@tonic-gate 	    else
867c478bd9Sstevel@tonic-gate 		prev->next = lp->next;
877c478bd9Sstevel@tonic-gate 	    lp->next = NULL;
887c478bd9Sstevel@tonic-gate 	    return ktutil_free_kt_list(context, lp);
897c478bd9Sstevel@tonic-gate 	}
907c478bd9Sstevel@tonic-gate     }
917c478bd9Sstevel@tonic-gate     return EINVAL;
927c478bd9Sstevel@tonic-gate }
937c478bd9Sstevel@tonic-gate 
947c478bd9Sstevel@tonic-gate /*
957c478bd9Sstevel@tonic-gate  * Create a new keytab entry and add it to the keytab list.
967c478bd9Sstevel@tonic-gate  * Based on the value of use_pass, either prompt the user for a
977c478bd9Sstevel@tonic-gate  * password or key.  If the keytab list is NULL, allocate a new
987c478bd9Sstevel@tonic-gate  * one first.
997c478bd9Sstevel@tonic-gate  */
ktutil_add(context,list,princ_str,kvno,enctype_str,use_pass)1007c478bd9Sstevel@tonic-gate krb5_error_code ktutil_add(context, list, princ_str, kvno,
1017c478bd9Sstevel@tonic-gate 			   enctype_str, use_pass)
1027c478bd9Sstevel@tonic-gate     krb5_context context;
1037c478bd9Sstevel@tonic-gate     krb5_kt_list *list;
1047c478bd9Sstevel@tonic-gate     char *princ_str;
1057c478bd9Sstevel@tonic-gate     krb5_kvno kvno;
1067c478bd9Sstevel@tonic-gate     char *enctype_str;
1077c478bd9Sstevel@tonic-gate     int use_pass;
1087c478bd9Sstevel@tonic-gate {
1097c478bd9Sstevel@tonic-gate     krb5_keytab_entry *entry;
1107c478bd9Sstevel@tonic-gate     krb5_kt_list lp = NULL, prev = NULL;
1117c478bd9Sstevel@tonic-gate     krb5_principal princ;
1127c478bd9Sstevel@tonic-gate     krb5_enctype enctype;
1137c478bd9Sstevel@tonic-gate     krb5_timestamp now;
1147c478bd9Sstevel@tonic-gate     krb5_error_code retval;
1157c478bd9Sstevel@tonic-gate     krb5_data password, salt;
1167c478bd9Sstevel@tonic-gate     krb5_keyblock key;
1177c478bd9Sstevel@tonic-gate     char buf[BUFSIZ];
1187c478bd9Sstevel@tonic-gate     char promptstr[1024];
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate     char *cp;
121*56a424ccSmp     int i, tmp;
122*56a424ccSmp     unsigned int pwsize = BUFSIZ;
1237c478bd9Sstevel@tonic-gate 
1247c478bd9Sstevel@tonic-gate     retval = krb5_parse_name(context, princ_str, &princ);
1257c478bd9Sstevel@tonic-gate     if (retval)
1267c478bd9Sstevel@tonic-gate         return retval;
1277c478bd9Sstevel@tonic-gate     /* now unparse in order to get the default realm appended
1287c478bd9Sstevel@tonic-gate        to princ_str, if no realm was specified */
1297c478bd9Sstevel@tonic-gate     retval = krb5_unparse_name(context, princ, &princ_str);
1307c478bd9Sstevel@tonic-gate     if (retval)
1317c478bd9Sstevel@tonic-gate         return retval;
1327c478bd9Sstevel@tonic-gate     retval = krb5_string_to_enctype(enctype_str, &enctype);
1337c478bd9Sstevel@tonic-gate     if (retval)
1347c478bd9Sstevel@tonic-gate         return KRB5_BAD_ENCTYPE;
1357c478bd9Sstevel@tonic-gate     retval = krb5_timeofday(context, &now);
1367c478bd9Sstevel@tonic-gate     if (retval)
1377c478bd9Sstevel@tonic-gate         return retval;
1387c478bd9Sstevel@tonic-gate 
1397c478bd9Sstevel@tonic-gate     if (*list) {
1407c478bd9Sstevel@tonic-gate         /* point lp at the tail of the list */
1417c478bd9Sstevel@tonic-gate         for (lp = *list; lp->next; lp = lp->next);
1427c478bd9Sstevel@tonic-gate     }
1437c478bd9Sstevel@tonic-gate     entry = (krb5_keytab_entry *) malloc(sizeof(krb5_keytab_entry));
1447c478bd9Sstevel@tonic-gate     if (!entry) {
1457c478bd9Sstevel@tonic-gate         return ENOMEM;
1467c478bd9Sstevel@tonic-gate     }
1477c478bd9Sstevel@tonic-gate     memset((char *) entry, 0, sizeof(*entry));
1487c478bd9Sstevel@tonic-gate 
1497c478bd9Sstevel@tonic-gate     if (!lp) {		/* if list is empty, start one */
150d2ec6b54Smp         lp = (krb5_kt_list) malloc(sizeof(*lp));
1517c478bd9Sstevel@tonic-gate 	if (!lp) {
1527c478bd9Sstevel@tonic-gate 	    return ENOMEM;
1537c478bd9Sstevel@tonic-gate 	}
1547c478bd9Sstevel@tonic-gate     } else {
155d2ec6b54Smp         lp->next = (krb5_kt_list) malloc(sizeof(*lp));
1567c478bd9Sstevel@tonic-gate 	if (!lp->next) {
1577c478bd9Sstevel@tonic-gate 	    return ENOMEM;
1587c478bd9Sstevel@tonic-gate 	}
1597c478bd9Sstevel@tonic-gate 	prev = lp;
1607c478bd9Sstevel@tonic-gate 	lp = lp->next;
1617c478bd9Sstevel@tonic-gate     }
1627c478bd9Sstevel@tonic-gate     lp->next = NULL;
1637c478bd9Sstevel@tonic-gate     lp->entry = entry;
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate     if (use_pass) {
1667c478bd9Sstevel@tonic-gate         password.length = pwsize;
1677c478bd9Sstevel@tonic-gate 	password.data = (char *) malloc(pwsize);
1687c478bd9Sstevel@tonic-gate 	if (!password.data) {
1697c478bd9Sstevel@tonic-gate 	    retval = ENOMEM;
1707c478bd9Sstevel@tonic-gate 	    goto cleanup;
1717c478bd9Sstevel@tonic-gate 	}
1727c478bd9Sstevel@tonic-gate 
1737c478bd9Sstevel@tonic-gate 	(void) snprintf(promptstr, sizeof(promptstr),
174e49962a0Ssemery 		gettext("Password for %.1000s"), princ_str);
1757c478bd9Sstevel@tonic-gate         retval = krb5_read_password(context, promptstr, NULL, password.data,
1767c478bd9Sstevel@tonic-gate 				    &password.length);
1777c478bd9Sstevel@tonic-gate 	if (retval)
1787c478bd9Sstevel@tonic-gate 	    goto cleanup;
1797c478bd9Sstevel@tonic-gate 	retval = krb5_principal2salt(context, princ, &salt);
1807c478bd9Sstevel@tonic-gate 	if (retval)
1817c478bd9Sstevel@tonic-gate 	    goto cleanup;
1827c478bd9Sstevel@tonic-gate 	retval = krb5_c_string_to_key(context, enctype, &password,
1837c478bd9Sstevel@tonic-gate 				      &salt, &key);
1847c478bd9Sstevel@tonic-gate 	if (retval)
1857c478bd9Sstevel@tonic-gate 	    goto cleanup;
1867c478bd9Sstevel@tonic-gate 	memset(password.data, 0, password.length);
1877c478bd9Sstevel@tonic-gate 	password.length = 0;
1887c478bd9Sstevel@tonic-gate 	memcpy(&lp->entry->key, &key, sizeof(krb5_keyblock));
1897c478bd9Sstevel@tonic-gate     } else {
1907c478bd9Sstevel@tonic-gate         printf(gettext("Key for %s (hex): "), princ_str);
1917c478bd9Sstevel@tonic-gate 	fgets(buf, BUFSIZ, stdin);
1927c478bd9Sstevel@tonic-gate 	/*
1937c478bd9Sstevel@tonic-gate 	 * We need to get rid of the trailing '\n' from fgets.
1947c478bd9Sstevel@tonic-gate 	 * If we have an even number of hex digits (as we should),
1957c478bd9Sstevel@tonic-gate 	 * write a '\0' over the '\n'.  If for some reason we have
1967c478bd9Sstevel@tonic-gate 	 * an odd number of hex digits, force an even number of hex
1977c478bd9Sstevel@tonic-gate 	 * digits by writing a '0' into the last position (the string
1987c478bd9Sstevel@tonic-gate 	 * will still be null-terminated).
1997c478bd9Sstevel@tonic-gate 	 */
2007c478bd9Sstevel@tonic-gate 	buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
2017c478bd9Sstevel@tonic-gate 	if (strlen(buf) == 0) {
2027c478bd9Sstevel@tonic-gate 	    fprintf(stderr, "addent: %s", gettext("Error reading key.\n"));
2037c478bd9Sstevel@tonic-gate 	    retval = 0;
2047c478bd9Sstevel@tonic-gate 	    goto cleanup;
2057c478bd9Sstevel@tonic-gate 	}
2067c478bd9Sstevel@tonic-gate 
2077c478bd9Sstevel@tonic-gate         lp->entry->key.enctype = enctype;
2087c478bd9Sstevel@tonic-gate 	lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2);
2097c478bd9Sstevel@tonic-gate 	if (!lp->entry->key.contents) {
2107c478bd9Sstevel@tonic-gate 	    retval = ENOMEM;
2117c478bd9Sstevel@tonic-gate 	    goto cleanup;
2127c478bd9Sstevel@tonic-gate 	}
2137c478bd9Sstevel@tonic-gate 
2147c478bd9Sstevel@tonic-gate 	i = 0;
2157c478bd9Sstevel@tonic-gate 	for (cp = buf; *cp; cp += 2) {
216*56a424ccSmp 	    if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) {
2177c478bd9Sstevel@tonic-gate 	        fprintf(stderr, "addent: %s",
2187c478bd9Sstevel@tonic-gate 			gettext("Illegal character in key.\n"));
2197c478bd9Sstevel@tonic-gate 		retval = 0;
2207c478bd9Sstevel@tonic-gate 		goto cleanup;
2217c478bd9Sstevel@tonic-gate 	    }
2227c478bd9Sstevel@tonic-gate 	    sscanf(cp, "%02x", &tmp);
2237c478bd9Sstevel@tonic-gate 	    lp->entry->key.contents[i++] = (krb5_octet) tmp;
2247c478bd9Sstevel@tonic-gate 	}
2257c478bd9Sstevel@tonic-gate 	lp->entry->key.length = i;
2267c478bd9Sstevel@tonic-gate     }
2277c478bd9Sstevel@tonic-gate     lp->entry->principal = princ;
2287c478bd9Sstevel@tonic-gate     lp->entry->vno = kvno;
2297c478bd9Sstevel@tonic-gate     lp->entry->timestamp = now;
2307c478bd9Sstevel@tonic-gate 
2317c478bd9Sstevel@tonic-gate     if (!*list)
2327c478bd9Sstevel@tonic-gate 	*list = lp;
2337c478bd9Sstevel@tonic-gate 
2347c478bd9Sstevel@tonic-gate     return 0;
2357c478bd9Sstevel@tonic-gate 
2367c478bd9Sstevel@tonic-gate  cleanup:
2377c478bd9Sstevel@tonic-gate     if (prev)
2387c478bd9Sstevel@tonic-gate         prev->next = NULL;
2397c478bd9Sstevel@tonic-gate     ktutil_free_kt_list(context, lp);
2407c478bd9Sstevel@tonic-gate     return retval;
2417c478bd9Sstevel@tonic-gate }
2427c478bd9Sstevel@tonic-gate 
2437c478bd9Sstevel@tonic-gate /*
2447c478bd9Sstevel@tonic-gate  * Read in a keytab and append it to list.  If list starts as NULL,
2457c478bd9Sstevel@tonic-gate  * allocate a new one if necessary.
2467c478bd9Sstevel@tonic-gate  */
ktutil_read_keytab(context,name,list)2477c478bd9Sstevel@tonic-gate krb5_error_code ktutil_read_keytab(context, name, list)
2487c478bd9Sstevel@tonic-gate     krb5_context context;
2497c478bd9Sstevel@tonic-gate     char *name;
2507c478bd9Sstevel@tonic-gate     krb5_kt_list *list;
2517c478bd9Sstevel@tonic-gate {
2527c478bd9Sstevel@tonic-gate     krb5_kt_list lp = NULL, tail = NULL, back = NULL;
2537c478bd9Sstevel@tonic-gate     krb5_keytab kt;
2547c478bd9Sstevel@tonic-gate     krb5_keytab_entry *entry;
2557c478bd9Sstevel@tonic-gate     krb5_kt_cursor cursor;
2567c478bd9Sstevel@tonic-gate     krb5_error_code retval = 0;
2577c478bd9Sstevel@tonic-gate 
2587c478bd9Sstevel@tonic-gate     if (*list) {
2597c478bd9Sstevel@tonic-gate 	/* point lp at the tail of the list */
2607c478bd9Sstevel@tonic-gate 	for (lp = *list; lp->next; lp = lp->next);
2617c478bd9Sstevel@tonic-gate 	back = lp;
2627c478bd9Sstevel@tonic-gate     }
2637c478bd9Sstevel@tonic-gate     retval = krb5_kt_resolve(context, name, &kt);
2647c478bd9Sstevel@tonic-gate     if (retval)
2657c478bd9Sstevel@tonic-gate 	return retval;
2667c478bd9Sstevel@tonic-gate     retval = krb5_kt_start_seq_get(context, kt, &cursor);
2677c478bd9Sstevel@tonic-gate     if (retval)
2687c478bd9Sstevel@tonic-gate 	goto close_kt;
2697c478bd9Sstevel@tonic-gate     for (;;) {
2707c478bd9Sstevel@tonic-gate 	entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
2717c478bd9Sstevel@tonic-gate 	if (!entry) {
2727c478bd9Sstevel@tonic-gate 	    retval = ENOMEM;
2737c478bd9Sstevel@tonic-gate 	    break;
2747c478bd9Sstevel@tonic-gate 	}
2757c478bd9Sstevel@tonic-gate 	memset((char *)entry, 0, sizeof (*entry));
2767c478bd9Sstevel@tonic-gate 	retval = krb5_kt_next_entry(context, kt, entry, &cursor);
2777c478bd9Sstevel@tonic-gate 	if (retval)
2787c478bd9Sstevel@tonic-gate 	    break;
2797c478bd9Sstevel@tonic-gate 
2807c478bd9Sstevel@tonic-gate 	if (!lp) {		/* if list is empty, start one */
2817c478bd9Sstevel@tonic-gate 	    lp = (krb5_kt_list)malloc(sizeof (*lp));
2827c478bd9Sstevel@tonic-gate 	    if (!lp) {
2837c478bd9Sstevel@tonic-gate 		retval = ENOMEM;
2847c478bd9Sstevel@tonic-gate 		break;
2857c478bd9Sstevel@tonic-gate 	    }
2867c478bd9Sstevel@tonic-gate 	} else {
2877c478bd9Sstevel@tonic-gate 	    lp->next = (krb5_kt_list)malloc(sizeof (*lp));
2887c478bd9Sstevel@tonic-gate 	    if (!lp->next) {
2897c478bd9Sstevel@tonic-gate 		retval = ENOMEM;
2907c478bd9Sstevel@tonic-gate 		break;
2917c478bd9Sstevel@tonic-gate 	    }
2927c478bd9Sstevel@tonic-gate 	    lp = lp->next;
2937c478bd9Sstevel@tonic-gate 	}
2947c478bd9Sstevel@tonic-gate 	if (!tail)
2957c478bd9Sstevel@tonic-gate 	    tail = lp;
2967c478bd9Sstevel@tonic-gate 	lp->next = NULL;
2977c478bd9Sstevel@tonic-gate 	lp->entry = entry;
2987c478bd9Sstevel@tonic-gate     }
2997c478bd9Sstevel@tonic-gate     if (entry)
3007c478bd9Sstevel@tonic-gate 	free((char *)entry);
301*56a424ccSmp     if (retval) {
3027c478bd9Sstevel@tonic-gate 	if (retval == KRB5_KT_END)
3037c478bd9Sstevel@tonic-gate 	    retval = 0;
3047c478bd9Sstevel@tonic-gate 	else {
3057c478bd9Sstevel@tonic-gate 	    ktutil_free_kt_list(context, tail);
3067c478bd9Sstevel@tonic-gate 	    tail = NULL;
3077c478bd9Sstevel@tonic-gate 	    if (back)
3087c478bd9Sstevel@tonic-gate 		back->next = NULL;
3097c478bd9Sstevel@tonic-gate 	}
310*56a424ccSmp     }
3117c478bd9Sstevel@tonic-gate     if (!*list)
3127c478bd9Sstevel@tonic-gate 	*list = tail;
3137c478bd9Sstevel@tonic-gate     krb5_kt_end_seq_get(context, kt, &cursor);
3147c478bd9Sstevel@tonic-gate  close_kt:
3157c478bd9Sstevel@tonic-gate     krb5_kt_close(context, kt);
3167c478bd9Sstevel@tonic-gate     return retval;
3177c478bd9Sstevel@tonic-gate }
3187c478bd9Sstevel@tonic-gate 
3197c478bd9Sstevel@tonic-gate /*
3207c478bd9Sstevel@tonic-gate  * Takes a kt_list and writes it to the named keytab.
3217c478bd9Sstevel@tonic-gate  */
ktutil_write_keytab(context,list,name)3227c478bd9Sstevel@tonic-gate krb5_error_code ktutil_write_keytab(context, list, name)
3237c478bd9Sstevel@tonic-gate     krb5_context context;
3247c478bd9Sstevel@tonic-gate     krb5_kt_list list;
3257c478bd9Sstevel@tonic-gate     char *name;
3267c478bd9Sstevel@tonic-gate {
3277c478bd9Sstevel@tonic-gate     krb5_kt_list lp;
3287c478bd9Sstevel@tonic-gate     krb5_keytab kt;
3297c478bd9Sstevel@tonic-gate     char ktname[MAXPATHLEN+sizeof("WRFILE:")+1];
3307c478bd9Sstevel@tonic-gate     krb5_error_code retval = 0;
3317c478bd9Sstevel@tonic-gate 
3327c478bd9Sstevel@tonic-gate     strcpy(ktname, "WRFILE:");
3337c478bd9Sstevel@tonic-gate     if (strlen (name) >= MAXPATHLEN)
3347c478bd9Sstevel@tonic-gate 	return ENAMETOOLONG;
3357c478bd9Sstevel@tonic-gate     strncat (ktname, name, MAXPATHLEN);
3367c478bd9Sstevel@tonic-gate     retval = krb5_kt_resolve(context, ktname, &kt);
3377c478bd9Sstevel@tonic-gate     if (retval)
3387c478bd9Sstevel@tonic-gate 	return retval;
3397c478bd9Sstevel@tonic-gate     for (lp = list; lp; lp = lp->next) {
3407c478bd9Sstevel@tonic-gate 	retval = krb5_kt_add_entry(context, kt, lp->entry);
3417c478bd9Sstevel@tonic-gate 	if (retval)
3427c478bd9Sstevel@tonic-gate 	    break;
3437c478bd9Sstevel@tonic-gate     }
3447c478bd9Sstevel@tonic-gate     krb5_kt_close(context, kt);
3457c478bd9Sstevel@tonic-gate     return retval;
3467c478bd9Sstevel@tonic-gate }
3477c478bd9Sstevel@tonic-gate 
3487c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
3497c478bd9Sstevel@tonic-gate /*
3507c478bd9Sstevel@tonic-gate  * getstr() takes a file pointer, a string and a count.  It reads from
3517c478bd9Sstevel@tonic-gate  * the file until either it has read "count" characters, or until it
3527c478bd9Sstevel@tonic-gate  * reads a null byte.  When finished, what has been read exists in the
3537c478bd9Sstevel@tonic-gate  * given string "s".  If "count" characters were actually read, the
3547c478bd9Sstevel@tonic-gate  * last is changed to a null, so the returned string is always null-
3557c478bd9Sstevel@tonic-gate  * terminated.  getstr() returns the number of characters read,
3567c478bd9Sstevel@tonic-gate  * including the null terminator.
3577c478bd9Sstevel@tonic-gate  */
3587c478bd9Sstevel@tonic-gate 
getstr(fp,s,n)359*56a424ccSmp static int getstr(fp, s, n)
3607c478bd9Sstevel@tonic-gate     FILE *fp;
3617c478bd9Sstevel@tonic-gate     register char *s;
3627c478bd9Sstevel@tonic-gate     int n;
3637c478bd9Sstevel@tonic-gate {
364*56a424ccSmp     register int count = n;
3657c478bd9Sstevel@tonic-gate     while (fread(s, 1, 1, fp) > 0 && --count)
3667c478bd9Sstevel@tonic-gate         if (*s++ == '\0')
3677c478bd9Sstevel@tonic-gate             return (n - count);
3687c478bd9Sstevel@tonic-gate     *s = '\0';
3697c478bd9Sstevel@tonic-gate     return (n - count);
3707c478bd9Sstevel@tonic-gate }
3717c478bd9Sstevel@tonic-gate 
3727c478bd9Sstevel@tonic-gate /*
3737c478bd9Sstevel@tonic-gate  * Read in a named krb4 srvtab and append to list.  Allocate new list
3747c478bd9Sstevel@tonic-gate  * if needed.
3757c478bd9Sstevel@tonic-gate  */
ktutil_read_srvtab(context,name,list)3767c478bd9Sstevel@tonic-gate krb5_error_code ktutil_read_srvtab(context, name, list)
3777c478bd9Sstevel@tonic-gate     krb5_context context;
3787c478bd9Sstevel@tonic-gate     char *name;
3797c478bd9Sstevel@tonic-gate     krb5_kt_list *list;
3807c478bd9Sstevel@tonic-gate {
3817c478bd9Sstevel@tonic-gate     krb5_kt_list lp = NULL, tail = NULL, back = NULL;
3827c478bd9Sstevel@tonic-gate     krb5_keytab_entry *entry;
3837c478bd9Sstevel@tonic-gate     krb5_error_code retval = 0;
3847c478bd9Sstevel@tonic-gate     char sname[SNAME_SZ];	/* name of service */
3857c478bd9Sstevel@tonic-gate     char sinst[INST_SZ];	/* instance of service */
3867c478bd9Sstevel@tonic-gate     char srealm[REALM_SZ];	/* realm of service */
3877c478bd9Sstevel@tonic-gate     unsigned char kvno;		/* key version number */
3887c478bd9Sstevel@tonic-gate     des_cblock key;
3897c478bd9Sstevel@tonic-gate     FILE *fp;
3907c478bd9Sstevel@tonic-gate 
3917c478bd9Sstevel@tonic-gate     if (*list) {
3927c478bd9Sstevel@tonic-gate 	/* point lp at the tail of the list */
3937c478bd9Sstevel@tonic-gate 	for (lp = *list; lp->next; lp = lp->next);
3947c478bd9Sstevel@tonic-gate 	back = lp;
3957c478bd9Sstevel@tonic-gate     }
3967c478bd9Sstevel@tonic-gate     fp = fopen(name, "r");
3977c478bd9Sstevel@tonic-gate     if (!fp)
3987c478bd9Sstevel@tonic-gate 	return EIO;
3997c478bd9Sstevel@tonic-gate     for (;;) {
4007c478bd9Sstevel@tonic-gate 	entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
4017c478bd9Sstevel@tonic-gate 	if (!entry) {
4027c478bd9Sstevel@tonic-gate 	    retval = ENOMEM;
4037c478bd9Sstevel@tonic-gate 	    break;
4047c478bd9Sstevel@tonic-gate 	}
4057c478bd9Sstevel@tonic-gate 	memset((char *)entry, 0, sizeof (*entry));
4067c478bd9Sstevel@tonic-gate 	memset(sname, 0, sizeof (sname));
4077c478bd9Sstevel@tonic-gate 	memset(sinst, 0, sizeof (sinst));
4087c478bd9Sstevel@tonic-gate 	memset(srealm, 0, sizeof (srealm));
4097c478bd9Sstevel@tonic-gate 	if (!(getstr(fp, sname, SNAME_SZ) > 0 &&
4107c478bd9Sstevel@tonic-gate 	      getstr(fp, sinst, INST_SZ) > 0 &&
4117c478bd9Sstevel@tonic-gate 	      getstr(fp, srealm, REALM_SZ) > 0 &&
4127c478bd9Sstevel@tonic-gate 	      fread(&kvno, 1, 1, fp) > 0 &&
4137c478bd9Sstevel@tonic-gate 	      fread((char *)key, sizeof (key), 1, fp) > 0))
4147c478bd9Sstevel@tonic-gate 	    break;
4157c478bd9Sstevel@tonic-gate 	entry->magic = KV5M_KEYTAB_ENTRY;
4167c478bd9Sstevel@tonic-gate 	entry->timestamp = 0;	/* XXX */
4177c478bd9Sstevel@tonic-gate 	entry->vno = kvno;
4187c478bd9Sstevel@tonic-gate 	retval = krb5_425_conv_principal(context,
4197c478bd9Sstevel@tonic-gate 					 sname, sinst, srealm,
4207c478bd9Sstevel@tonic-gate 					 &entry->principal);
4217c478bd9Sstevel@tonic-gate 	if (retval)
4227c478bd9Sstevel@tonic-gate 	    break;
4237c478bd9Sstevel@tonic-gate 	entry->key.magic = KV5M_KEYBLOCK;
4247c478bd9Sstevel@tonic-gate 	entry->key.enctype = ENCTYPE_DES_CBC_CRC;
4257c478bd9Sstevel@tonic-gate 	entry->key.length = sizeof (key);
4267c478bd9Sstevel@tonic-gate 	entry->key.contents = (krb5_octet *)malloc(sizeof (key));
4277c478bd9Sstevel@tonic-gate 	if (!entry->key.contents) {
4287c478bd9Sstevel@tonic-gate 	    retval = ENOMEM;
4297c478bd9Sstevel@tonic-gate 	    break;
4307c478bd9Sstevel@tonic-gate 	}
4317c478bd9Sstevel@tonic-gate 	memcpy((char *)entry->key.contents, (char *)key, sizeof (key));
4327c478bd9Sstevel@tonic-gate 	if (!lp) {		/* if list is empty, start one */
4337c478bd9Sstevel@tonic-gate 	    lp = (krb5_kt_list)malloc(sizeof (*lp));
4347c478bd9Sstevel@tonic-gate 	    if (!lp) {
4357c478bd9Sstevel@tonic-gate 		retval = ENOMEM;
4367c478bd9Sstevel@tonic-gate 		break;
4377c478bd9Sstevel@tonic-gate 	    }
4387c478bd9Sstevel@tonic-gate 	} else {
4397c478bd9Sstevel@tonic-gate 	    lp->next = (krb5_kt_list)malloc(sizeof (*lp));
4407c478bd9Sstevel@tonic-gate 	    if (!lp->next) {
4417c478bd9Sstevel@tonic-gate 		retval = ENOMEM;
4427c478bd9Sstevel@tonic-gate 		break;
4437c478bd9Sstevel@tonic-gate 	    }
4447c478bd9Sstevel@tonic-gate 	    lp = lp->next;
4457c478bd9Sstevel@tonic-gate 	}
4467c478bd9Sstevel@tonic-gate 	lp->next = NULL;
4477c478bd9Sstevel@tonic-gate 	lp->entry = entry;
4487c478bd9Sstevel@tonic-gate 	if (!tail)
4497c478bd9Sstevel@tonic-gate 	    tail = lp;
4507c478bd9Sstevel@tonic-gate     }
4517c478bd9Sstevel@tonic-gate     if (entry) {
4527c478bd9Sstevel@tonic-gate 	if (entry->magic == KV5M_KEYTAB_ENTRY)
4537c478bd9Sstevel@tonic-gate 	    krb5_kt_free_entry(context, entry);
4547c478bd9Sstevel@tonic-gate 	free((char *)entry);
4557c478bd9Sstevel@tonic-gate     }
4567c478bd9Sstevel@tonic-gate     if (retval) {
4577c478bd9Sstevel@tonic-gate 	ktutil_free_kt_list(context, tail);
4587c478bd9Sstevel@tonic-gate 	tail = NULL;
4597c478bd9Sstevel@tonic-gate 	if (back)
4607c478bd9Sstevel@tonic-gate 	    back->next = NULL;
4617c478bd9Sstevel@tonic-gate     }
4627c478bd9Sstevel@tonic-gate     if (!*list)
4637c478bd9Sstevel@tonic-gate 	*list = tail;
4647c478bd9Sstevel@tonic-gate     fclose(fp);
4657c478bd9Sstevel@tonic-gate     return retval;
4667c478bd9Sstevel@tonic-gate }
4677c478bd9Sstevel@tonic-gate 
4687c478bd9Sstevel@tonic-gate /*
4697c478bd9Sstevel@tonic-gate  * Writes a kt_list out to a krb4 srvtab file.  Note that it first
4707c478bd9Sstevel@tonic-gate  * prunes the kt_list so that it won't contain any keys that are not
4717c478bd9Sstevel@tonic-gate  * the most recent, and ignores keys that are not ENCTYPE_DES.
4727c478bd9Sstevel@tonic-gate  */
ktutil_write_srvtab(context,list,name)4737c478bd9Sstevel@tonic-gate krb5_error_code ktutil_write_srvtab(context, list, name)
4747c478bd9Sstevel@tonic-gate     krb5_context context;
4757c478bd9Sstevel@tonic-gate     krb5_kt_list list;
4767c478bd9Sstevel@tonic-gate     char *name;
4777c478bd9Sstevel@tonic-gate {
4787c478bd9Sstevel@tonic-gate     krb5_kt_list lp, lp1, prev, pruned = NULL;
4797c478bd9Sstevel@tonic-gate     krb5_error_code retval = 0;
4807c478bd9Sstevel@tonic-gate     FILE *fp;
4817c478bd9Sstevel@tonic-gate     char sname[SNAME_SZ];
4827c478bd9Sstevel@tonic-gate     char sinst[INST_SZ];
4837c478bd9Sstevel@tonic-gate     char srealm[REALM_SZ];
4847c478bd9Sstevel@tonic-gate 
4857c478bd9Sstevel@tonic-gate     /* First do heinous stuff to prune the list. */
4867c478bd9Sstevel@tonic-gate     for (lp = list; lp; lp = lp->next) {
4877c478bd9Sstevel@tonic-gate 	if ((lp->entry->key.enctype != ENCTYPE_DES_CBC_CRC) &&
4887c478bd9Sstevel@tonic-gate 	    (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD5) &&
4897c478bd9Sstevel@tonic-gate 	    (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD4) &&
4907c478bd9Sstevel@tonic-gate 	    (lp->entry->key.enctype != ENCTYPE_DES_CBC_RAW))
4917c478bd9Sstevel@tonic-gate 	    continue;
4927c478bd9Sstevel@tonic-gate 
4937c478bd9Sstevel@tonic-gate 	for (lp1 = pruned; lp1; prev = lp1, lp1 = lp1->next) {
4947c478bd9Sstevel@tonic-gate 	    /* Hunt for the current principal in the pruned list */
4957c478bd9Sstevel@tonic-gate 	    if (krb5_principal_compare(context,
4967c478bd9Sstevel@tonic-gate 				       lp->entry->principal,
4977c478bd9Sstevel@tonic-gate 				       lp1->entry->principal))
4987c478bd9Sstevel@tonic-gate 		    break;
4997c478bd9Sstevel@tonic-gate 	}
5007c478bd9Sstevel@tonic-gate 	if (!lp1) {		/* need to add entry to tail of pruned list */
5017c478bd9Sstevel@tonic-gate 	    if (!pruned) {
5027c478bd9Sstevel@tonic-gate 		pruned = (krb5_kt_list) malloc(sizeof (*pruned));
5037c478bd9Sstevel@tonic-gate 		if (!pruned)
5047c478bd9Sstevel@tonic-gate 		    return ENOMEM;
5057c478bd9Sstevel@tonic-gate 		memset((char *) pruned, 0, sizeof(*pruned));
5067c478bd9Sstevel@tonic-gate 		lp1 = pruned;
5077c478bd9Sstevel@tonic-gate 	    } else {
5087c478bd9Sstevel@tonic-gate 		prev->next
5097c478bd9Sstevel@tonic-gate 		    = (krb5_kt_list) malloc(sizeof (*pruned));
5107c478bd9Sstevel@tonic-gate 		if (!prev->next) {
5117c478bd9Sstevel@tonic-gate 		    retval = ENOMEM;
5127c478bd9Sstevel@tonic-gate 		    goto free_pruned;
5137c478bd9Sstevel@tonic-gate 		}
5147c478bd9Sstevel@tonic-gate 		memset((char *) prev->next, 0, sizeof(*pruned));
5157c478bd9Sstevel@tonic-gate 		lp1 = prev->next;
5167c478bd9Sstevel@tonic-gate 	    }
5177c478bd9Sstevel@tonic-gate 	    lp1->entry = lp->entry;
518*56a424ccSmp 	} else {
519*56a424ccSmp 	    /* This heuristic should be roughly the same as in the
520*56a424ccSmp 	       keytab-reading code in libkrb5.  */
521*56a424ccSmp 	    int offset = 0;
522*56a424ccSmp 	    if (lp1->entry->vno > 240 || lp->entry->vno > 240) {
523*56a424ccSmp 		offset = 128;
524*56a424ccSmp 	    }
525*56a424ccSmp #define M(X) (((X) + offset) % 256)
526*56a424ccSmp 	    if (M(lp1->entry->vno) < M(lp->entry->vno))
527*56a424ccSmp 		/* Check if lp->entry is newer kvno; if so, update */
528*56a424ccSmp 		lp1->entry = lp->entry;
529*56a424ccSmp 	}
5307c478bd9Sstevel@tonic-gate     }
531*56a424ccSmp     umask(0077); /*Changing umask for all of ktutil is OK
532*56a424ccSmp 		  * We don't ever write out anything that should use
533*56a424ccSmp 		  * default umask.*/
5347c478bd9Sstevel@tonic-gate     fp = fopen(name, "w");
5357c478bd9Sstevel@tonic-gate     if (!fp) {
5367c478bd9Sstevel@tonic-gate 	retval = EIO;
5377c478bd9Sstevel@tonic-gate 	goto free_pruned;
5387c478bd9Sstevel@tonic-gate     }
5397c478bd9Sstevel@tonic-gate     for (lp = pruned; lp; lp = lp->next) {
5407c478bd9Sstevel@tonic-gate 	unsigned char  kvno;
5417c478bd9Sstevel@tonic-gate 	kvno = (unsigned char) lp->entry->vno;
5427c478bd9Sstevel@tonic-gate 	retval = krb5_524_conv_principal(context,
5437c478bd9Sstevel@tonic-gate 					 lp->entry->principal,
5447c478bd9Sstevel@tonic-gate 					 sname, sinst, srealm);
5457c478bd9Sstevel@tonic-gate 	if (retval)
5467c478bd9Sstevel@tonic-gate 	    break;
5477c478bd9Sstevel@tonic-gate 	fwrite(sname, strlen(sname) + 1, 1, fp);
5487c478bd9Sstevel@tonic-gate 	fwrite(sinst, strlen(sinst) + 1, 1, fp);
5497c478bd9Sstevel@tonic-gate 	fwrite(srealm, strlen(srealm) + 1, 1, fp);
5507c478bd9Sstevel@tonic-gate 	fwrite((char *)&kvno, 1, 1, fp);
5517c478bd9Sstevel@tonic-gate 	fwrite((char *)lp->entry->key.contents,
5527c478bd9Sstevel@tonic-gate 	       sizeof (des_cblock), 1, fp);
5537c478bd9Sstevel@tonic-gate     }
5547c478bd9Sstevel@tonic-gate     fclose(fp);
5557c478bd9Sstevel@tonic-gate  free_pruned:
5567c478bd9Sstevel@tonic-gate     /*
5577c478bd9Sstevel@tonic-gate      * Loop over and free the pruned list; don't use free_kt_list
5587c478bd9Sstevel@tonic-gate      * because that kills the entries.
5597c478bd9Sstevel@tonic-gate      */
5607c478bd9Sstevel@tonic-gate     for (lp = pruned; lp;) {
5617c478bd9Sstevel@tonic-gate 	prev = lp;
5627c478bd9Sstevel@tonic-gate 	lp = lp->next;
5637c478bd9Sstevel@tonic-gate 	free((char *)prev);
5647c478bd9Sstevel@tonic-gate     }
5657c478bd9Sstevel@tonic-gate     return retval;
5667c478bd9Sstevel@tonic-gate }
5677c478bd9Sstevel@tonic-gate #endif /* KRB5_KRB4_COMPAT */
568