2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 #ifndef HEIMDAL_SMALLER
38 /* afs keyfile operations --------------------------------------- */
41 * Minimum tools to handle the AFS KeyFile.
43 * Format of the KeyFile is:
44 * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
46 * It just adds to the end of the keyfile, deleting isn't implemented.
47 * Use your favorite text/hex editor to delete keys.
51 #define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
52 #define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
62 * set `d->cell' and `d->realm'
66 get_cell_and_realm (krb5_context context, struct akf_data *d)
69 char buf[BUFSIZ], *cp;
72 f = fopen (AFS_SERVERTHISCELL, "r");
75 krb5_set_error_message (context, ret,
76 N_("Open ThisCell %s: %s", ""),
81 if (fgets (buf, sizeof(buf), f) == NULL) {
83 krb5_set_error_message (context, EINVAL,
84 N_("No cell in ThisCell file %s", ""),
88 buf[strcspn(buf, "\n")] = '\0';
91 d->cell = strdup (buf);
92 if (d->cell == NULL) {
93 krb5_set_error_message(context, ENOMEM,
94 N_("malloc: out of memory", ""));
98 f = fopen (AFS_SERVERMAGICKRBCONF, "r");
100 if (fgets (buf, sizeof(buf), f) == NULL) {
104 krb5_set_error_message (context, EINVAL,
105 N_("No realm in ThisCell file %s", ""),
106 AFS_SERVERMAGICKRBCONF);
109 buf[strcspn(buf, "\n")] = '\0';
113 for (cp = buf; *cp != '\0'; cp++)
114 *cp = toupper((unsigned char)*cp);
116 d->realm = strdup (buf);
117 if (d->realm == NULL) {
120 krb5_set_error_message(context, ENOMEM,
121 N_("malloc: out of memory", ""));
128 * init and get filename
131 static krb5_error_code KRB5_CALLCONV
132 akf_resolve(krb5_context context, const char *name, krb5_keytab id)
135 struct akf_data *d = malloc(sizeof (struct akf_data));
138 krb5_set_error_message(context, ENOMEM,
139 N_("malloc: out of memory", ""));
144 ret = get_cell_and_realm (context, d);
149 d->filename = strdup (name);
150 if (d->filename == NULL) {
154 krb5_set_error_message(context, ENOMEM,
155 N_("malloc: out of memory", ""));
167 static krb5_error_code KRB5_CALLCONV
168 akf_close(krb5_context context, krb5_keytab id)
170 struct akf_data *d = id->data;
182 static krb5_error_code KRB5_CALLCONV
183 akf_get_name(krb5_context context,
188 struct akf_data *d = id->data;
190 strlcpy (name, d->filename, name_sz);
198 static krb5_error_code KRB5_CALLCONV
199 akf_start_seq_get(krb5_context context,
204 struct akf_data *d = id->data;
206 c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
209 krb5_set_error_message(context, ret,
210 N_("keytab afs keyfile open %s failed: %s", ""),
211 d->filename, strerror(ret));
216 c->sp = krb5_storage_from_fd(c->fd);
219 krb5_clear_error_message (context);
220 return KRB5_KT_NOTFOUND;
222 krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
224 ret = krb5_ret_uint32(c->sp, &d->num_entries);
225 if(ret || d->num_entries > INT_MAX / 8) {
226 krb5_storage_free(c->sp);
228 krb5_clear_error_message (context);
229 if(ret == KRB5_KT_END)
230 return KRB5_KT_NOTFOUND;
237 static krb5_error_code KRB5_CALLCONV
238 akf_next_entry(krb5_context context,
240 krb5_keytab_entry *entry,
241 krb5_kt_cursor *cursor)
243 struct akf_data *d = id->data;
248 pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
250 if ((pos - 4) / (4 + 8) >= d->num_entries)
253 ret = krb5_make_principal (context, &entry->principal,
254 d->realm, "afs", d->cell, NULL);
258 ret = krb5_ret_int32(cursor->sp, &kvno);
260 krb5_free_principal (context, entry->principal);
267 entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
269 entry->keyblock.keytype = ETYPE_DES_CBC_CRC;
270 entry->keyblock.keyvalue.length = 8;
271 entry->keyblock.keyvalue.data = malloc (8);
272 if (entry->keyblock.keyvalue.data == NULL) {
273 krb5_free_principal (context, entry->principal);
274 krb5_set_error_message(context, ENOMEM,
275 N_("malloc: out of memory", ""));
280 ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
282 ret = (ret < 0) ? errno : KRB5_KT_END;
286 entry->timestamp = time(NULL);
288 entry->aliases = NULL;
292 krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
295 cursor->data = cursor;
299 static krb5_error_code KRB5_CALLCONV
300 akf_end_seq_get(krb5_context context,
302 krb5_kt_cursor *cursor)
304 krb5_storage_free(cursor->sp);
310 static krb5_error_code KRB5_CALLCONV
311 akf_add_entry(krb5_context context,
313 krb5_keytab_entry *entry)
315 struct akf_data *d = id->data;
322 if (entry->keyblock.keyvalue.length != 8)
324 switch(entry->keyblock.keytype) {
325 case ETYPE_DES_CBC_CRC:
326 case ETYPE_DES_CBC_MD4:
327 case ETYPE_DES_CBC_MD5:
333 fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
335 fd = open (d->filename,
336 O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600);
339 krb5_set_error_message(context, ret,
340 N_("open keyfile(%s): %s", ""),
348 sp = krb5_storage_from_fd(fd);
351 krb5_set_error_message(context, ENOMEM,
352 N_("malloc: out of memory", ""));
358 if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
360 krb5_storage_free(sp);
362 krb5_set_error_message(context, ret,
363 N_("seeking in keyfile: %s", ""),
368 ret = krb5_ret_int32(sp, &len);
370 krb5_storage_free(sp);
377 * Make sure we don't add the entry twice, assumes the DES
378 * encryption types are all the same key.
384 for (i = 0; i < len; i++) {
385 ret = krb5_ret_int32(sp, &kvno);
387 krb5_set_error_message (context, ret,
388 N_("Failed getting kvno from keyfile", ""));
391 if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
393 krb5_set_error_message (context, ret,
394 N_("Failed seeing in keyfile: %s", ""),
398 if (kvno == entry->vno) {
407 if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
409 krb5_set_error_message (context, ret,
410 N_("Failed seeing in keyfile: %s", ""),
415 ret = krb5_store_int32(sp, len);
418 krb5_set_error_message (context, ret,
419 N_("keytab keyfile failed new length", ""));
423 if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
425 krb5_set_error_message (context, ret,
426 N_("seek to end: %s", ""), strerror(ret));
430 ret = krb5_store_int32(sp, entry->vno);
432 krb5_set_error_message(context, ret,
433 N_("keytab keyfile failed store kvno", ""));
436 ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
437 entry->keyblock.keyvalue.length);
438 if(ret != entry->keyblock.keyvalue.length) {
443 krb5_set_error_message(context, ret,
444 N_("keytab keyfile failed to add key", ""));
449 krb5_storage_free(sp);
454 const krb5_kt_ops krb5_akf_ops = {
468 #endif /* HEIMDAL_SMALLER */
projects / FreeBSD / releng / 10.0.git / blob