usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/kt_srvtab.c

root/usr/src/lib/gss_mechs/mech_krb5/krb5/keytab/kt_srvtab.c
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * lib/krb5/keytab/srvtab/kts_resolv.c
 *
 * Copyright 1990,1991,2002 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

#include "k5-int.h"
#include <stdio.h>

/*
 * Constants
 */
#define IGNORE_VNO 0
#define IGNORE_ENCTYPE 0

#define KRB5_KT_VNO_1   0x0501  /* krb v5, keytab version 1 (DCE compat) */
#define KRB5_KT_VNO     0x0502  /* krb v5, keytab version 2 (standard)  */

#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO

/*
 * Types
 */
typedef struct _krb5_ktsrvtab_data {
    char *name;                 /* Name of the file */
    FILE *openf;                /* open file, if any. */
} krb5_ktsrvtab_data;

/*
 * Macros
 */
#define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data)
#define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name)
#define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf)

extern const struct _krb5_kt_ops krb5_kts_ops;

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve
        (krb5_context,
                   const char *,
                   krb5_keytab *);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name
        (krb5_context,
                   krb5_keytab,
                   char *,
                   unsigned int);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close
        (krb5_context,
                   krb5_keytab);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry
        (krb5_context,
                   krb5_keytab,
                   krb5_const_principal,
                   krb5_kvno,
                   krb5_enctype,
                   krb5_keytab_entry *);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get
        (krb5_context,
                   krb5_keytab,
                   krb5_kt_cursor *);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next
        (krb5_context,
                   krb5_keytab,
                   krb5_keytab_entry *,
                   krb5_kt_cursor *);

static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get
        (krb5_context,
                   krb5_keytab,
                   krb5_kt_cursor *);

static krb5_error_code krb5_ktsrvint_open
        (krb5_context,
                   krb5_keytab);

static krb5_error_code krb5_ktsrvint_close
        (krb5_context,
                   krb5_keytab);

static krb5_error_code krb5_ktsrvint_read_entry
        (krb5_context,
                   krb5_keytab,
                   krb5_keytab_entry *);

/*
 * This is an implementation specific resolver.  It returns a keytab id
 * initialized with srvtab keytab routines.
 */

static krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id)
{
    krb5_ktsrvtab_data *data;
    FILE *fp;

    /* Make sure we can open the srvtab file for reading. */
    /* Solaris Kerberos */
    fp = fopen(name, "rF");
    if (!fp)
        return(errno);
    fclose(fp);

    if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
        return(ENOMEM);

    (*id)->ops = &krb5_kts_ops;
    data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data));
    if (data == NULL) {
        krb5_xfree(*id);
        return(ENOMEM);
    }

    data->name = (char *)malloc(strlen(name) + 1);
    if (data->name == NULL) {
        krb5_xfree(data);
        krb5_xfree(*id);
        return(ENOMEM);
    }

    (void) strcpy(data->name, name);
    data->openf = 0;

    (*id)->data = (krb5_pointer)data;
    (*id)->magic = KV5M_KEYTAB;
    return(0);
}

/*
 * "Close" a file-based keytab and invalidate the id.  This means
 * free memory hidden in the structures.
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_close(krb5_context context, krb5_keytab id)
  /*
   * This routine is responsible for freeing all memory allocated
   * for this keytab.  There are no system resources that need
   * to be freed nor are there any open files.
   *
   * This routine should undo anything done by krb5_ktsrvtab_resolve().
   */
{
    krb5_xfree(KTFILENAME(id));
    krb5_xfree(id->data);
    id->ops = 0;
    krb5_xfree(id);
    return (0);
}

/*
 * This is the get_entry routine for the file based keytab implementation.
 * It opens the keytab file, and either retrieves the entry or returns
 * an error.
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)
{
    krb5_keytab_entry best_entry, ent;
    krb5_error_code kerror = 0;
    int found_wrong_kvno = 0;

    /* Open the srvtab. */
    if ((kerror = krb5_ktsrvint_open(context, id)))
        return(kerror);

    /* srvtab files only have DES_CBC_CRC keys. */
    switch (enctype) {
    case ENCTYPE_DES_CBC_CRC:
    case ENCTYPE_DES_CBC_MD5:
    case ENCTYPE_DES_CBC_MD4:
    case ENCTYPE_DES_CBC_RAW:
    case IGNORE_ENCTYPE:
        break;
    default:
        return KRB5_KT_NOTFOUND;
    }

    best_entry.principal = 0;
    best_entry.vno = 0;
    best_entry.key.contents = 0;
    while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) {
        ent.key.enctype = enctype;
        if (krb5_principal_compare(context, principal, ent.principal)) {
            if (kvno == IGNORE_VNO) {
                if (!best_entry.principal || (best_entry.vno < ent.vno)) {
                    krb5_kt_free_entry(context, &best_entry);
                    best_entry = ent;
                }
            } else {
                if (ent.vno == kvno) {
                    best_entry = ent;
                    break;
                } else {
                    found_wrong_kvno = 1;
                }
            }
        } else {
            krb5_kt_free_entry(context, &ent);
        }
    }
    if (kerror == KRB5_KT_END) {
         if (best_entry.principal)
              kerror = 0;
         else if (found_wrong_kvno)
              kerror = KRB5_KT_KVNONOTFOUND;
         else
              kerror = KRB5_KT_NOTFOUND;
    }
    if (kerror) {
        (void) krb5_ktsrvint_close(context, id);
        krb5_kt_free_entry(context, &best_entry);
        return kerror;
    }
    if ((kerror = krb5_ktsrvint_close(context, id)) != 0) {
        krb5_kt_free_entry(context, &best_entry);
        return kerror;
    }
    *entry = best_entry;
    return 0;
}

/*
 * Get the name of the file containing a srvtab-based keytab.
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
  /*
   * This routine returns the name of the name of the file associated with
   * this srvtab-based keytab.  The name is prefixed with PREFIX:, so that
   * trt will happen if the name is passed back to resolve.
   */
{
    memset(name, 0, len);

    if (len < strlen(id->ops->prefix)+2)
        return(KRB5_KT_NAME_TOOLONG);
    strcpy(name, id->ops->prefix);
    name += strlen(id->ops->prefix);
    name[0] = ':';
    name++;
    len -= strlen(id->ops->prefix)+1;

    /* Solaris Kerberos */
    if (len < strlen(KTFILENAME(id))+1)
        return(KRB5_KT_NAME_TOOLONG);
    strcpy(name, KTFILENAME(id));
    /* strcpy will NUL-terminate the destination */

    return(0);
}

/*
 * krb5_ktsrvtab_start_seq_get()
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
{
    krb5_error_code retval;
    long *fileoff;

    if ((retval = krb5_ktsrvint_open(context, id)))
        return retval;

    if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
        krb5_ktsrvint_close(context, id);
        return ENOMEM;
    }
    *fileoff = ftell(KTFILEP(id));
    *cursorp = (krb5_kt_cursor)fileoff;

    return 0;
}

/*
 * krb5_ktsrvtab_get_next()
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
{
    long *fileoff = (long *)*cursor;
    krb5_keytab_entry cur_entry;
    krb5_error_code kerror;

    if (fseek(KTFILEP(id), *fileoff, 0) == -1)
        return KRB5_KT_END;
    if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry)))
        return kerror;
    *fileoff = ftell(KTFILEP(id));
    *entry = cur_entry;
    return 0;
}

/*
 * krb5_ktsrvtab_end_get()
 */

krb5_error_code KRB5_CALLCONV
krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
{
    krb5_xfree(*cursor);
    return krb5_ktsrvint_close(context, id);
}

/*
 * krb5_kts_ops
 */

const struct _krb5_kt_ops krb5_kts_ops = {
    0,
    "SRVTAB",   /* Prefix -- this string should not appear anywhere else! */
    krb5_ktsrvtab_resolve,
    krb5_ktsrvtab_get_name,
    krb5_ktsrvtab_close,
    krb5_ktsrvtab_get_entry,
    krb5_ktsrvtab_start_seq_get,
    krb5_ktsrvtab_get_next,
    krb5_ktsrvtab_end_get,
    0,
    0,
    0
};

/*
 * formerly: lib/krb5/keytab/srvtab/kts_util.c
 *
 * Copyright (c) Hewlett-Packard Company 1991
 * Released to the Massachusetts Institute of Technology for inclusion
 * in the Kerberos source code distribution.
 *
 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *
 * This function contains utilities for the srvtab based implementation
 * of the keytab.  There are no public functions in this file.
 */

#include <stdio.h>

#ifdef ANSI_STDIO
/* Solaris Kerberos */
#define         READ_MODE       "rbF"
#else
/* Solaris Kerberos */
#define         READ_MODE       "rF"
#endif

/* The maximum sizes for V4 aname, realm, sname, and instance +1 */
/* Taken from krb.h */
#define         ANAME_SZ        40
#define         REALM_SZ        40
#define         SNAME_SZ        40
#define         INST_SZ         40

static krb5_error_code
read_field(FILE *fp, char *s, int len)
{
    int c;

    while ((c = getc(fp)) != 0) {
        if (c == EOF || len <= 1)
            return KRB5_KT_END;
        *s = c;
        s++;
        len--;
    }
    *s = 0;
    return 0;
}

krb5_error_code
krb5_ktsrvint_open(krb5_context context, krb5_keytab id)
{
    KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE);
    if (!KTFILEP(id))
        return errno;
    return 0;
}

krb5_error_code
krb5_ktsrvint_close(krb5_context context, krb5_keytab id)
{
    if (!KTFILEP(id))
        return 0;
    (void) fclose(KTFILEP(id));
    KTFILEP(id) = 0;
    return 0;
}

krb5_error_code
krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry)
{
    FILE *fp;
    char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ];
    unsigned char key[8];
    int vno;
    krb5_error_code kerror;

    /* Read in an entry from the srvtab file. */
    fp = KTFILEP(id);
    kerror = read_field(fp, name, sizeof(name));
    if (kerror != 0)
        return kerror;
    kerror = read_field(fp, instance, sizeof(instance));
    if (kerror != 0)
        return kerror;
    kerror = read_field(fp, realm, sizeof(realm));
    if (kerror != 0)
        return kerror;
    vno = getc(fp);
    if (vno == EOF)
        return KRB5_KT_END;
    if (fread(key, 1, sizeof(key), fp) != sizeof(key))
        return KRB5_KT_END;

    /* Fill in ret_entry with the data we read.  Everything maps well
     * except for the timestamp, which we don't have a value for.  For
     * now we just set it to 0. */
    memset(ret_entry, 0, sizeof(*ret_entry));
    ret_entry->magic = KV5M_KEYTAB_ENTRY;
    kerror = krb5_425_conv_principal(context, name, instance, realm,
                                     &ret_entry->principal);
    if (kerror != 0)
        return kerror;
    ret_entry->vno = vno;
    ret_entry->timestamp = 0;
    ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
    ret_entry->key.magic = KV5M_KEYBLOCK;
    ret_entry->key.length = sizeof(key);
    ret_entry->key.contents = malloc(sizeof(key));
    if (!ret_entry->key.contents) {
        krb5_free_principal(context, ret_entry->principal);
        return ENOMEM;
    }
    memcpy(ret_entry->key.contents, key, sizeof(key));

    return 0;
}
Illumos
