#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
#define KRB5_KDB_DISALLOW_SVR 0x00001000
#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
#define KRB5_KDB_NEW_PRINC 0x00008000
#include "hdb_locl.h"
static void
attr_to_flags(unsigned attr, HDBFlags *flags)
{
flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
flags->require_hwauth = !!(attr & KRB5_KDB_REQUIRES_HW_AUTH);
flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
flags->client = 1;
}
#define KDB_V1_BASE_LENGTH 38
#define CHECK(x) do { if ((x)) goto out; } while(0)
#ifdef HAVE_DB1
static krb5_error_code
mdb_principal2key(krb5_context context,
krb5_const_principal principal,
krb5_data *key)
{
krb5_error_code ret;
char *str;
ret = krb5_unparse_name(context, principal, &str);
if (ret)
return ret;
key->data = str;
key->length = strlen(str) + 1;
return 0;
}
#endif
#define KRB5_KDB_SALTTYPE_NORMAL 0
#define KRB5_KDB_SALTTYPE_V4 1
#define KRB5_KDB_SALTTYPE_NOREALM 2
#define KRB5_KDB_SALTTYPE_ONLYREALM 3
#define KRB5_KDB_SALTTYPE_SPECIAL 4
#define KRB5_KDB_SALTTYPE_AFS3 5
#define KRB5_KDB_SALTTYPE_CERTHASH 6
static krb5_error_code
fix_salt(krb5_context context, hdb_entry *ent, int key_num)
{
krb5_error_code ret;
Salt *salt = ent->keys.val[key_num].salt;
switch((int)salt->type) {
case KRB5_KDB_SALTTYPE_NORMAL:
salt->type = KRB5_PADATA_PW_SALT;
break;
case KRB5_KDB_SALTTYPE_V4:
krb5_data_free(&salt->salt);
salt->type = KRB5_PADATA_PW_SALT;
break;
case KRB5_KDB_SALTTYPE_NOREALM:
{
size_t len;
size_t i;
char *p;
len = 0;
for (i = 0; i < ent->principal->name.name_string.len; ++i)
len += strlen(ent->principal->name.name_string.val[i]);
ret = krb5_data_alloc (&salt->salt, len);
if (ret)
return ret;
p = salt->salt.data;
for (i = 0; i < ent->principal->name.name_string.len; ++i) {
memcpy (p,
ent->principal->name.name_string.val[i],
strlen(ent->principal->name.name_string.val[i]));
p += strlen(ent->principal->name.name_string.val[i]);
}
salt->type = KRB5_PADATA_PW_SALT;
break;
}
case KRB5_KDB_SALTTYPE_ONLYREALM:
krb5_data_free(&salt->salt);
ret = krb5_data_copy(&salt->salt,
ent->principal->realm,
strlen(ent->principal->realm));
if(ret)
return ret;
salt->type = KRB5_PADATA_PW_SALT;
break;
case KRB5_KDB_SALTTYPE_SPECIAL:
salt->type = KRB5_PADATA_PW_SALT;
break;
case KRB5_KDB_SALTTYPE_AFS3:
krb5_data_free(&salt->salt);
ret = krb5_data_copy(&salt->salt,
ent->principal->realm,
strlen(ent->principal->realm));
if(ret)
return ret;
salt->type = KRB5_PADATA_AFS3_SALT;
break;
case KRB5_KDB_SALTTYPE_CERTHASH:
krb5_data_free(&salt->salt);
free(ent->keys.val[key_num].salt);
ent->keys.val[key_num].salt = NULL;
break;
default:
abort();
}
return 0;
}
krb5_error_code
_hdb_mdb_value2entry(krb5_context context, krb5_data *data,
krb5_kvno kvno, hdb_entry *entry)
{
krb5_error_code ret;
krb5_storage *sp;
uint32_t u32;
uint16_t u16, num_keys, num_tl;
ssize_t sz;
size_t i, j;
char *p;
sp = krb5_storage_from_data(data);
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
CHECK(ret = krb5_ret_uint16(sp, &u16));
if (u16 != KDB_V1_BASE_LENGTH) { ret = EINVAL; goto out; }
CHECK(ret = krb5_ret_uint32(sp, &u32));
attr_to_flags(u32, &entry->flags);
CHECK(ret = krb5_ret_uint32(sp, &u32));
if (u32) {
entry->max_life = malloc(sizeof(*entry->max_life));
*entry->max_life = u32;
}
CHECK(ret = krb5_ret_uint32(sp, &u32));
if (u32) {
entry->max_renew = malloc(sizeof(*entry->max_renew));
*entry->max_renew = u32;
}
CHECK(ret = krb5_ret_uint32(sp, &u32));
if (u32) {
entry->valid_end = malloc(sizeof(*entry->valid_end));
*entry->valid_end = u32;
}
CHECK(ret = krb5_ret_uint32(sp, &u32));
if (u32) {
entry->pw_end = malloc(sizeof(*entry->pw_end));
*entry->pw_end = u32;
}
CHECK(ret = krb5_ret_uint32(sp, &u32));
CHECK(ret = krb5_ret_uint32(sp, &u32));
CHECK(ret = krb5_ret_uint32(sp, &u32));
CHECK(ret = krb5_ret_uint16(sp, &u16));
num_tl = u16;
CHECK(ret = krb5_ret_uint16(sp, &u16));
num_keys = u16;
CHECK(ret = krb5_ret_uint16(sp, &u16));
{
p = malloc(u16 + 1);
if (p == NULL) {
ret = ENOMEM;
goto out;
}
sz = krb5_storage_read(sp, p, u16);
if (sz != u16) {
ret = EINVAL;
goto out;
}
p[u16] = '\0';
CHECK(ret = krb5_parse_name(context, p, &entry->principal));
free(p);
}
#define mit_KRB5_TL_LAST_PWD_CHANGE 1
#define mit_KRB5_TL_MOD_PRINC 2
for (i = 0; i < num_tl; i++) {
int tl_type;
krb5_principal modby;
CHECK(ret = krb5_ret_uint16(sp, &u16));
tl_type = u16;
CHECK(ret = krb5_ret_uint16(sp, &u16));
switch (tl_type) {
case mit_KRB5_TL_LAST_PWD_CHANGE:
CHECK(ret = krb5_ret_uint32(sp, &u32));
CHECK(ret = hdb_entry_set_pw_change_time(context, entry, u32));
break;
case mit_KRB5_TL_MOD_PRINC:
if (u16 < 5) {
ret = EINVAL;
goto out;
}
CHECK(ret = krb5_ret_uint32(sp, &u32));
p = malloc(u16 - 4 + 1);
if (!p) {
ret = ENOMEM;
goto out;
}
p[u16 - 4] = '\0';
sz = krb5_storage_read(sp, p, u16 - 4);
if (sz != u16 - 4) {
ret = EINVAL;
goto out;
}
CHECK(ret = krb5_parse_name(context, p, &modby));
ret = hdb_set_last_modified_by(context, entry, modby, u32);
krb5_free_principal(context, modby);
free(p);
break;
default:
krb5_storage_seek(sp, u16, SEEK_CUR);
break;
}
}
for (i = 0; i < num_keys; i++) {
int keep = 0;
uint16_t version;
void *ptr;
CHECK(ret = krb5_ret_uint16(sp, &u16));
version = u16;
CHECK(ret = krb5_ret_uint16(sp, &u16));
if ((entry->kvno < u16) && (kvno == 0 || kvno == u16)) {
keep = 1;
entry->kvno = u16;
for (j = 0; j < entry->keys.len; j++)
free_Key(&entry->keys.val[j]);
free(entry->keys.val);
entry->keys.len = 0;
entry->keys.val = NULL;
} else if (entry->kvno == u16)
keep = 1;
if (keep) {
Key *k;
ptr = realloc(entry->keys.val, sizeof(entry->keys.val[0]) * (entry->keys.len + 1));
if (ptr == NULL) {
ret = ENOMEM;
goto out;
}
entry->keys.val = ptr;
k = &entry->keys.val[entry->keys.len];
memset(k, 0, sizeof(*k));
entry->keys.len += 1;
k->mkvno = malloc(sizeof(*k->mkvno));
if (k->mkvno == NULL) {
ret = ENOMEM;
goto out;
}
*k->mkvno = 1;
for (j = 0; j < version; j++) {
uint16_t type;
CHECK(ret = krb5_ret_uint16(sp, &type));
CHECK(ret = krb5_ret_uint16(sp, &u16));
if (j == 0) {
k->key.keytype = type;
if (u16 < 2) {
ret = EINVAL;
goto out;
}
krb5_storage_seek(sp, 2, SEEK_CUR);
k->key.keyvalue.length = u16 - 2;
k->key.keyvalue.data = malloc(k->key.keyvalue.length);
krb5_storage_read(sp, k->key.keyvalue.data,
k->key.keyvalue.length);
} else if (j == 1) {
k->salt = calloc(1, sizeof(*k->salt));
if (k->salt == NULL) {
ret = ENOMEM;
goto out;
}
k->salt->type = type;
if (u16 != 0) {
k->salt->salt.data = malloc(u16);
if (k->salt->salt.data == NULL) {
ret = ENOMEM;
goto out;
}
k->salt->salt.length = u16;
krb5_storage_read(sp, k->salt->salt.data, k->salt->salt.length);
}
fix_salt(context, entry, entry->keys.len - 1);
} else {
krb5_storage_seek(sp, u16, SEEK_CUR);
}
}
} else {
for (j = 0; j < version; j++) {
CHECK(ret = krb5_ret_uint16(sp, &u16));
CHECK(ret = krb5_ret_uint16(sp, &u16));
krb5_storage_seek(sp, u16, SEEK_CUR);
}
}
}
if (entry->kvno == 0 && kvno != 0) {
ret = HDB_ERR_NOT_FOUND_HERE;
goto out;
}
return 0;
out:
if (ret == HEIM_ERR_EOF)
ret = HEIM_ERR_BAD_HDBENT_ENCODING;
return ret;
}
#if 0
static krb5_error_code
mdb_entry2value(krb5_context context, hdb_entry *entry, krb5_data *data)
{
return EINVAL;
}
#endif
#if HAVE_DB1
#if defined(HAVE_DB_185_H)
#include <db_185.h>
#elif defined(HAVE_DB_H)
#include <db.h>
#endif
static krb5_error_code
mdb_close(krb5_context context, HDB *db)
{
DB *d = (DB*)db->hdb_db;
(*d->close)(d);
return 0;
}
static krb5_error_code
mdb_destroy(krb5_context context, HDB *db)
{
krb5_error_code ret;
ret = hdb_clear_master_key (context, db);
free(db->hdb_name);
free(db);
return ret;
}
static krb5_error_code
mdb_lock(krb5_context context, HDB *db, int operation)
{
DB *d = (DB*)db->hdb_db;
int fd = (*d->fd)(d);
if(fd < 0) {
krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
"Can't lock database: %s", db->hdb_name);
return HDB_ERR_CANT_LOCK_DB;
}
return hdb_lock(fd, operation);
}
static krb5_error_code
mdb_unlock(krb5_context context, HDB *db)
{
DB *d = (DB*)db->hdb_db;
int fd = (*d->fd)(d);
if(fd < 0) {
krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
"Can't unlock database: %s", db->hdb_name);
return HDB_ERR_CANT_LOCK_DB;
}
return hdb_unlock(fd);
}
static krb5_error_code
mdb_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry_ex *entry, int flag)
{
DB *d = (DB*)db->hdb_db;
DBT key, value;
krb5_data key_data, data;
int code;
code = db->hdb_lock(context, db, HDB_RLOCK);
if(code == -1) {
krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name);
return HDB_ERR_DB_INUSE;
}
code = (*d->seq)(d, &key, &value, flag);
db->hdb_unlock(context, db);
if(code == -1) {
code = errno;
krb5_set_error_message(context, code, "Database %s seq error: %s",
db->hdb_name, strerror(code));
return code;
}
if(code == 1) {
krb5_clear_error_message(context);
return HDB_ERR_NOENTRY;
}
key_data.data = key.data;
key_data.length = key.size;
data.data = value.data;
data.length = value.size;
memset(entry, 0, sizeof(*entry));
if (_hdb_mdb_value2entry(context, &data, 0, &entry->entry))
return mdb_seq(context, db, flags, entry, R_NEXT);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
}
return code;
}
static krb5_error_code
mdb_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return mdb_seq(context, db, flags, entry, R_FIRST);
}
static krb5_error_code
mdb_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return mdb_seq(context, db, flags, entry, R_NEXT);
}
static krb5_error_code
mdb_rename(krb5_context context, HDB *db, const char *new_name)
{
int ret;
char *old, *new;
asprintf(&old, "%s.db", db->hdb_name);
asprintf(&new, "%s.db", new_name);
ret = rename(old, new);
free(old);
free(new);
if(ret)
return errno;
free(db->hdb_name);
db->hdb_name = strdup(new_name);
return 0;
}
static krb5_error_code
mdb__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
{
DB *d = (DB*)db->hdb_db;
DBT k, v;
int code;
k.data = key.data;
k.size = key.length;
code = db->hdb_lock(context, db, HDB_RLOCK);
if(code)
return code;
code = (*d->get)(d, &k, &v, 0);
db->hdb_unlock(context, db);
if(code < 0) {
code = errno;
krb5_set_error_message(context, code, "Database %s get error: %s",
db->hdb_name, strerror(code));
return code;
}
if(code == 1) {
krb5_clear_error_message(context);
return HDB_ERR_NOENTRY;
}
krb5_data_copy(reply, v.data, v.size);
return 0;
}
static krb5_error_code
mdb__put(krb5_context context, HDB *db, int replace,
krb5_data key, krb5_data value)
{
DB *d = (DB*)db->hdb_db;
DBT k, v;
int code;
k.data = key.data;
k.size = key.length;
v.data = value.data;
v.size = value.length;
code = db->hdb_lock(context, db, HDB_WLOCK);
if(code)
return code;
code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
db->hdb_unlock(context, db);
if(code < 0) {
code = errno;
krb5_set_error_message(context, code, "Database %s put error: %s",
db->hdb_name, strerror(code));
return code;
}
if(code == 1) {
krb5_clear_error_message(context);
return HDB_ERR_EXISTS;
}
return 0;
}
static krb5_error_code
mdb__del(krb5_context context, HDB *db, krb5_data key)
{
DB *d = (DB*)db->hdb_db;
DBT k;
krb5_error_code code;
k.data = key.data;
k.size = key.length;
code = db->hdb_lock(context, db, HDB_WLOCK);
if(code)
return code;
code = (*d->del)(d, &k, 0);
db->hdb_unlock(context, db);
if(code == 1) {
code = errno;
krb5_set_error_message(context, code, "Database %s put error: %s",
db->hdb_name, strerror(code));
return code;
}
if(code < 0)
return errno;
return 0;
}
static krb5_error_code
mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry)
{
krb5_data key, value;
krb5_error_code ret;
ret = mdb_principal2key(context, principal, &key);
if (ret)
return ret;
ret = db->hdb__get(context, db, key, &value);
krb5_data_free(&key);
if(ret)
return ret;
ret = _hdb_mdb_value2entry(context, &value, kvno, &entry->entry);
krb5_data_free(&value);
if (ret)
return ret;
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
return ret;
}
}
return 0;
}
static krb5_error_code
mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
krb5_storage *sp = NULL;
krb5_storage *spent = NULL;
krb5_data line = { 0, 0 };
krb5_data kdb_ent = { 0, 0 };
krb5_data key = { 0, 0 };
ssize_t sz;
sp = krb5_storage_emem();
if (!sp) return ENOMEM;
ret = _hdb_set_master_key_usage(context, db, 0);
ret = hdb_seal_keys(context, db, &entry->entry);
if (ret) return ret;
ret = entry2mit_string_int(context, sp, &entry->entry);
if (ret) goto out;
sz = krb5_storage_write(sp, "\n", 2);
ret = ENOMEM;
if (sz == -1) goto out;
ret = krb5_storage_to_data(sp, &line);
if (ret) goto out;
ret = ENOMEM;
spent = krb5_storage_emem();
if (!spent) goto out;
ret = _hdb_mit_dump2mitdb_entry(context, line.data, spent);
if (ret) goto out;
ret = krb5_storage_to_data(spent, &kdb_ent);
if (ret) goto out;
ret = mdb_principal2key(context, entry->entry.principal, &key);
if (ret) goto out;
ret = mdb__put(context, db, 1, key, kdb_ent);
out:
if (sp)
krb5_storage_free(sp);
if (spent)
krb5_storage_free(spent);
krb5_data_free(&line);
krb5_data_free(&kdb_ent);
krb5_data_free(&key);
return ret;
}
static krb5_error_code
mdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
{
krb5_error_code code;
krb5_data key;
code = db->hdb__del(context, db, key);
krb5_data_free(&key);
return code;
}
static krb5_error_code
mdb_open(krb5_context context, HDB *db, int flags, mode_t mode)
{
char *fn;
char *actual_fn;
krb5_error_code ret;
struct stat st;
asprintf(&fn, "%s.db", db->hdb_name);
if (fn == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
if (stat(fn, &st) == 0)
actual_fn = fn;
else
actual_fn = db->hdb_name;
db->hdb_db = dbopen(actual_fn, flags, mode, DB_BTREE, NULL);
if (db->hdb_db == NULL) {
switch (errno) {
#ifdef EFTYPE
case EFTYPE:
#endif
case EINVAL:
db->hdb_db = dbopen(actual_fn, flags, mode, DB_BTREE, NULL);
}
}
free(fn);
if(db->hdb_db == NULL && errno == ENOENT)
db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL);
if(db->hdb_db == NULL) {
ret = errno;
krb5_set_error_message(context, ret, "dbopen (%s): %s",
db->hdb_name, strerror(ret));
return ret;
}
#if 0
if ((flags & O_ACCMODE) != O_RDONLY)
ret = hdb_init_db(context, db);
#endif
ret = hdb_check_db_format(context, db);
if (ret == HDB_ERR_NOENTRY) {
krb5_clear_error_message(context);
return 0;
}
if (ret) {
mdb_close(context, db);
krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
(flags & O_ACCMODE) == O_RDONLY ?
"checking format of" : "initialize",
db->hdb_name);
}
return ret;
}
krb5_error_code
hdb_mdb_create(krb5_context context, HDB **db,
const char *filename)
{
*db = calloc(1, sizeof(**db));
if (*db == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
(*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) {
free(*db);
*db = NULL;
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
(*db)->hdb_master_key_set = 0;
(*db)->hdb_openp = 0;
(*db)->hdb_capability_flags = 0;
(*db)->hdb_open = mdb_open;
(*db)->hdb_close = mdb_close;
(*db)->hdb_fetch_kvno = mdb_fetch_kvno;
(*db)->hdb_store = mdb_store;
(*db)->hdb_remove = mdb_remove;
(*db)->hdb_firstkey = mdb_firstkey;
(*db)->hdb_nextkey= mdb_nextkey;
(*db)->hdb_lock = mdb_lock;
(*db)->hdb_unlock = mdb_unlock;
(*db)->hdb_rename = mdb_rename;
(*db)->hdb__get = mdb__get;
(*db)->hdb__put = mdb__put;
(*db)->hdb__del = mdb__del;
(*db)->hdb_destroy = mdb_destroy;
return 0;
}
#endif
static char *
nexttoken(char **p)
{
char *q;
do {
q = strsep(p, " \t");
} while(q && *q == '\0');
return q;
}
static size_t
getdata(char **p, unsigned char *buf, size_t len)
{
size_t i;
int v;
char *q = nexttoken(p);
i = 0;
while(*q && i < len) {
if(sscanf(q, "%02x", &v) != 1)
break;
buf[i++] = v;
q += 2;
}
return i;
}
static int
getint(char **p)
{
int val;
char *q = nexttoken(p);
sscanf(q, "%d", &val);
return val;
}
static unsigned int
getuint(char **p)
{
int val;
char *q = nexttoken(p);
sscanf(q, "%u", &val);
return val;
}
#define KRB5_KDB_SALTTYPE_NORMAL 0
#define KRB5_KDB_SALTTYPE_V4 1
#define KRB5_KDB_SALTTYPE_NOREALM 2
#define KRB5_KDB_SALTTYPE_ONLYREALM 3
#define KRB5_KDB_SALTTYPE_SPECIAL 4
#define KRB5_KDB_SALTTYPE_AFS3 5
#define CHECK_UINT(num) \
if ((num) < 0 || (num) > INT_MAX) return EINVAL
#define CHECK_UINT16(num) \
if ((num) < 0 || (num) > 1<<15) return EINVAL
#define CHECK_NUM(num, maxv) \
if ((num) > (maxv)) return EINVAL
int
_hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
{
krb5_error_code ret = EINVAL;
char *p = line, *q;
char *princ;
ssize_t sz;
size_t i;
size_t princ_len;
unsigned int num_tl_data;
size_t num_key_data;
unsigned int attributes;
int tmp;
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
q = nexttoken(&p);
if (strcmp(q, "kdb5_util") == 0 || strcmp(q, "policy") == 0 ||
strcmp(q, "princ") != 0) {
return -1;
}
if (getint(&p) != 38)
return EINVAL;
#define KDB_V1_BASE_LENGTH 38
ret = krb5_store_int16(sp, KDB_V1_BASE_LENGTH);
if (ret) return ret;
nexttoken(&p);
num_tl_data = getuint(&p);
num_key_data = getuint(&p);
getint(&p);
princ = nexttoken(&p);
attributes = getuint(&p);
ret = krb5_store_uint32(sp, attributes);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
tmp = getint(&p);
CHECK_UINT(tmp);
ret = krb5_store_uint32(sp, tmp);
if (ret) return ret;
CHECK_NUM(num_tl_data, 1023);
ret = krb5_store_uint16(sp, num_tl_data);
if (ret) return ret;
CHECK_NUM(num_key_data, 1023);
ret = krb5_store_uint16(sp, num_key_data);
if (ret) return ret;
princ_len = strlen(princ);
if (princ_len > (1<<15) - 1) return EINVAL;
princ_len++;
ret = krb5_store_uint16(sp, princ_len);
if (ret) return ret;
sz = krb5_storage_write(sp, princ, princ_len);
if (sz == -1) return ENOMEM;
for (i = 0; i < num_tl_data; i++) {
int tl_type, tl_length;
unsigned char *buf;
tl_type = getint(&p);
tl_length = getint(&p);
CHECK_UINT16(tl_type);
ret = krb5_store_uint16(sp, tl_type);
if (ret) return ret;
CHECK_UINT16(tl_length);
ret = krb5_store_uint16(sp, tl_length);
if (ret) return ret;
if (tl_length) {
buf = malloc(tl_length);
if (!buf) return ENOMEM;
if (getdata(&p, buf, tl_length) != tl_length) return EINVAL;
sz = krb5_storage_write(sp, buf, tl_length);
free(buf);
if (sz == -1) return ENOMEM;
} else {
if (strcmp(nexttoken(&p), "-1") != 0) return EINVAL;
}
}
for (i = 0; i < num_key_data; i++) {
unsigned char *buf;
int key_versions;
int kvno;
int keytype;
int keylen;
size_t k;
key_versions = getint(&p);
CHECK_UINT16(key_versions);
ret = krb5_store_int16(sp, key_versions);
if (ret) return ret;
kvno = getint(&p);
CHECK_UINT16(kvno);
ret = krb5_store_int16(sp, kvno);
if (ret) return ret;
for (k = 0; k < key_versions; k++) {
keytype = getint(&p);
CHECK_UINT16(keytype);
ret = krb5_store_int16(sp, keytype);
if (ret) return ret;
keylen = getint(&p);
CHECK_UINT16(keylen);
ret = krb5_store_int16(sp, keylen);
if (ret) return ret;
if (keylen) {
buf = malloc(keylen);
if (!buf) return ENOMEM;
if (getdata(&p, buf, keylen) != keylen) return EINVAL;
sz = krb5_storage_write(sp, buf, keylen);
free(buf);
if (sz == -1) return ENOMEM;
} else {
if (strcmp(nexttoken(&p), "-1") != 0) return EINVAL;
}
}
}
return 0;
}
