2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: keytab_file.c,v 1.18 2005/05/31 21:50:43 lha Exp $");
38 #define KRB5_KT_VNO_1 1
39 #define KRB5_KT_VNO_2 2
40 #define KRB5_KT_VNO KRB5_KT_VNO_2
42 #define KRB5_KT_FL_JAVA 1
45 /* file operations -------------------------------------------- */
52 static krb5_error_code
53 krb5_kt_ret_data(krb5_context context,
59 ret = krb5_ret_int16(sp, &size);
63 data->data = malloc(size);
64 if (data->data == NULL) {
65 krb5_set_error_string (context, "malloc: out of memory");
68 ret = krb5_storage_read(sp, data->data, size);
70 return (ret < 0)? errno : KRB5_KT_END;
74 static krb5_error_code
75 krb5_kt_ret_string(krb5_context context,
77 heim_general_string *data)
81 ret = krb5_ret_int16(sp, &size);
84 *data = malloc(size + 1);
86 krb5_set_error_string (context, "malloc: out of memory");
89 ret = krb5_storage_read(sp, *data, size);
92 return (ret < 0)? errno : KRB5_KT_END;
96 static krb5_error_code
97 krb5_kt_store_data(krb5_context context,
102 ret = krb5_store_int16(sp, data.length);
105 ret = krb5_storage_write(sp, data.data, data.length);
106 if(ret != data.length){
114 static krb5_error_code
115 krb5_kt_store_string(krb5_storage *sp,
116 heim_general_string data)
119 size_t len = strlen(data);
120 ret = krb5_store_int16(sp, len);
123 ret = krb5_storage_write(sp, data, len);
132 static krb5_error_code
133 krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
138 ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
141 ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
145 static krb5_error_code
146 krb5_kt_store_keyblock(krb5_context context,
152 ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
154 ret = krb5_kt_store_data(context, sp, p->keyvalue);
159 static krb5_error_code
160 krb5_kt_ret_principal(krb5_context context,
162 krb5_principal *princ)
171 krb5_set_error_string (context, "malloc: out of memory");
175 ret = krb5_ret_int16(sp, &tmp);
178 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
180 p->name.name_string.len = tmp;
181 ret = krb5_kt_ret_string(context, sp, &p->realm);
184 p->name.name_string.val = calloc(p->name.name_string.len,
185 sizeof(*p->name.name_string.val));
186 if(p->name.name_string.val == NULL) {
187 krb5_set_error_string (context, "malloc: out of memory");
190 for(i = 0; i < p->name.name_string.len; i++){
191 ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
195 if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
196 p->name.name_type = KRB5_NT_UNKNOWN;
199 ret = krb5_ret_int32(sp, &tmp32);
200 p->name.name_type = tmp32;
208 static krb5_error_code
209 krb5_kt_store_principal(krb5_context context,
216 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
217 ret = krb5_store_int16(sp, p->name.name_string.len + 1);
219 ret = krb5_store_int16(sp, p->name.name_string.len);
221 ret = krb5_kt_store_string(sp, p->realm);
223 for(i = 0; i < p->name.name_string.len; i++){
224 ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
228 if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
229 ret = krb5_store_int32(sp, p->name.name_type);
237 static krb5_error_code
238 fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
242 d = malloc(sizeof(*d));
244 krb5_set_error_string (context, "malloc: out of memory");
247 d->filename = strdup(name);
248 if(d->filename == NULL) {
250 krb5_set_error_string (context, "malloc: out of memory");
258 static krb5_error_code
259 fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
263 ret = fkt_resolve(context, name, id);
265 struct fkt_data *d = id->data;
266 d->flags |= KRB5_KT_FL_JAVA;
271 static krb5_error_code
272 fkt_close(krb5_context context, krb5_keytab id)
274 struct fkt_data *d = id->data;
280 static krb5_error_code
281 fkt_get_name(krb5_context context,
286 /* This function is XXX */
287 struct fkt_data *d = id->data;
288 strlcpy(name, d->filename, namesize);
293 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
298 flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
299 flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
300 flags |= KRB5_STORAGE_HOST_BYTEORDER;
306 "storage_set_flags called with bad vno (%d)", vno);
308 krb5_storage_set_flags(sp, flags);
311 static krb5_error_code
312 fkt_start_seq_get_int(krb5_context context,
320 struct fkt_data *d = id->data;
322 c->fd = open (d->filename, flags);
325 krb5_set_error_string(context, "%s: %s", d->filename,
329 ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
334 c->sp = krb5_storage_from_fd(c->fd);
335 krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
336 ret = krb5_ret_int8(c->sp, &pvno);
338 krb5_storage_free(c->sp);
339 _krb5_xunlock(context, c->fd);
341 krb5_clear_error_string(context);
345 krb5_storage_free(c->sp);
346 _krb5_xunlock(context, c->fd);
348 krb5_clear_error_string (context);
349 return KRB5_KEYTAB_BADVNO;
351 ret = krb5_ret_int8(c->sp, &tag);
353 krb5_storage_free(c->sp);
354 _krb5_xunlock(context, c->fd);
356 krb5_clear_error_string(context);
360 storage_set_flags(context, c->sp, id->version);
364 static krb5_error_code
365 fkt_start_seq_get(krb5_context context,
369 return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
372 static krb5_error_code
373 fkt_next_entry_int(krb5_context context,
375 krb5_keytab_entry *entry,
376 krb5_kt_cursor *cursor,
386 pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
388 ret = krb5_ret_int32(cursor->sp, &len);
392 pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
395 ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
398 ret = krb5_ret_int32(cursor->sp, &tmp32);
399 entry->timestamp = tmp32;
402 ret = krb5_ret_int8(cursor->sp, &tmp8);
406 ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
409 /* there might be a 32 bit kvno here
410 * if it's zero, assume that the 8bit one was right,
411 * otherwise trust the new value */
412 curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
413 if(len + 4 + pos - curpos == 4) {
414 ret = krb5_ret_int32(cursor->sp, &tmp32);
415 if (ret == 0 && tmp32 != 0) {
419 if(start) *start = pos;
420 if(end) *end = *start + 4 + len;
422 krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
426 static krb5_error_code
427 fkt_next_entry(krb5_context context,
429 krb5_keytab_entry *entry,
430 krb5_kt_cursor *cursor)
432 return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
435 static krb5_error_code
436 fkt_end_seq_get(krb5_context context,
438 krb5_kt_cursor *cursor)
440 krb5_storage_free(cursor->sp);
441 _krb5_xunlock(context, cursor->fd);
446 static krb5_error_code
447 fkt_setup_keytab(krb5_context context,
452 ret = krb5_store_int8(sp, 5);
456 id->version = KRB5_KT_VNO;
457 return krb5_store_int8 (sp, id->version);
460 static krb5_error_code
461 fkt_add_entry(krb5_context context,
463 krb5_keytab_entry *entry)
468 struct fkt_data *d = id->data;
472 fd = open (d->filename, O_RDWR | O_BINARY);
474 fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
477 krb5_set_error_string(context, "open(%s): %s", d->filename,
481 ret = _krb5_xlock(context, fd, 1, d->filename);
486 sp = krb5_storage_from_fd(fd);
487 krb5_storage_set_eof_code(sp, KRB5_KT_END);
488 ret = fkt_setup_keytab(context, id, sp);
492 storage_set_flags(context, sp, id->version);
495 ret = _krb5_xlock(context, fd, 1, d->filename);
500 sp = krb5_storage_from_fd(fd);
501 krb5_storage_set_eof_code(sp, KRB5_KT_END);
502 ret = krb5_ret_int8(sp, &pvno);
504 /* we probably have a zero byte file, so try to set it up
506 ret = fkt_setup_keytab(context, id, sp);
508 krb5_set_error_string(context, "%s: keytab is corrupted: %s",
509 d->filename, strerror(ret));
512 storage_set_flags(context, sp, id->version);
515 ret = KRB5_KEYTAB_BADVNO;
516 krb5_set_error_string(context, "%s: %s",
517 d->filename, strerror(ret));
520 ret = krb5_ret_int8 (sp, &tag);
522 krb5_set_error_string(context, "%s: reading tag: %s",
523 d->filename, strerror(ret));
527 storage_set_flags(context, sp, id->version);
533 emem = krb5_storage_emem();
536 krb5_set_error_string (context, "malloc: out of memory");
539 ret = krb5_kt_store_principal(context, emem, entry->principal);
541 krb5_storage_free(emem);
544 ret = krb5_store_int32 (emem, entry->timestamp);
546 krb5_storage_free(emem);
549 ret = krb5_store_int8 (emem, entry->vno % 256);
551 krb5_storage_free(emem);
554 ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
556 krb5_storage_free(emem);
559 if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
560 ret = krb5_store_int32 (emem, entry->vno);
562 krb5_storage_free(emem);
567 ret = krb5_storage_to_data(emem, &keytab);
568 krb5_storage_free(emem);
574 ret = krb5_ret_int32(sp, &len);
575 if(ret == KRB5_KT_END) {
581 if(len >= keytab.length) {
582 krb5_storage_seek(sp, -4, SEEK_CUR);
586 krb5_storage_seek(sp, len, SEEK_CUR);
588 ret = krb5_store_int32(sp, len);
589 if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
591 memset(keytab.data, 0, keytab.length);
592 krb5_data_free(&keytab);
594 krb5_storage_free(sp);
595 _krb5_xunlock(context, fd);
600 static krb5_error_code
601 fkt_remove_entry(krb5_context context,
603 krb5_keytab_entry *entry)
606 krb5_kt_cursor cursor;
607 off_t pos_start, pos_end;
611 ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
613 goto out; /* return other error here? */
614 while(fkt_next_entry_int(context, id, &e, &cursor,
615 &pos_start, &pos_end) == 0) {
616 if(krb5_kt_compare(context, &e, entry->principal,
617 entry->vno, entry->keyblock.keytype)) {
619 unsigned char buf[128];
621 krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
622 len = pos_end - pos_start - 4;
623 krb5_store_int32(cursor.sp, -len);
624 memset(buf, 0, sizeof(buf));
626 krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
627 len -= min(len, sizeof(buf));
630 krb5_kt_free_entry(context, &e);
632 krb5_kt_end_seq_get(context, id, &cursor);
635 krb5_clear_error_string (context);
636 return KRB5_KT_NOTFOUND;
641 const krb5_kt_ops krb5_fkt_ops = {
654 const krb5_kt_ops krb5_wrfkt_ops = {
667 const krb5_kt_ops krb5_javakt_ops = {