search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MFC r1.6 r1.15 (HEAD)
[dragonfly.git] / crypto / heimdal-0.6.3 / kadmin / util.c
blobb25bf2a60ca2294b0005f50690a36faa81cfcc6c
1 /*
2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadmin_locl.h"
35 #include <parse_units.h>
36
37 RCSID("$Id: util.c,v 1.39 2003/04/14 11:55:27 lha Exp $");
38
39 /*
40 * util.c - functions for parsing, unparsing, and editing different
41 * types of data used in kadmin.
42 */
43
44 static int
45 get_response(const char *prompt, const char *def, char *buf, size_t len);
46
47 /*
48 * attributes
49 */
50
51 struct units kdb_attrs[] = {
52 { "new-princ", KRB5_KDB_NEW_PRINC },
53 { "support-desmd5", KRB5_KDB_SUPPORT_DESMD5 },
54 { "pwchange-service", KRB5_KDB_PWCHANGE_SERVICE },
55 { "disallow-svr", KRB5_KDB_DISALLOW_SVR },
56 { "requires-pw-change", KRB5_KDB_REQUIRES_PWCHANGE },
57 { "requires-hw-auth", KRB5_KDB_REQUIRES_HW_AUTH },
58 { "requires-pre-auth", KRB5_KDB_REQUIRES_PRE_AUTH },
59 { "disallow-all-tix", KRB5_KDB_DISALLOW_ALL_TIX },
60 { "disallow-dup-skey", KRB5_KDB_DISALLOW_DUP_SKEY },
61 { "disallow-proxiable", KRB5_KDB_DISALLOW_PROXIABLE },
62 { "disallow-renewable", KRB5_KDB_DISALLOW_RENEWABLE },
63 { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED },
64 { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE },
65 { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED },
66 { NULL }
67 };
68
69 /*
70 * convert the attributes in `attributes' into a printable string
71 * in `str, len'
72 */
73
74 void
75 attributes2str(krb5_flags attributes, char *str, size_t len)
76 {
77 unparse_flags (attributes, kdb_attrs, str, len);
78 }
79
80 /*
81 * convert the string in `str' into attributes in `flags'
82 * return 0 if parsed ok, else -1.
83 */
84
85 int
86 str2attributes(const char *str, krb5_flags *flags)
87 {
88 int res;
89
90 res = parse_flags (str, kdb_attrs, *flags);
91 if (res < 0)
92 return res;
93 else {
94 *flags = res;
95 return 0;
96 }
97 }
98
99 /*
100 * try to parse the string `resp' into attributes in `attr', also
101 * setting the `bit' in `mask' if attributes are given and valid.
102 */
103
104 int
105 parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit)
106 {
107 krb5_flags tmp = *attr;
108
109 if (str2attributes(resp, &tmp) == 0) {
110 *attr = tmp;
111 if (mask)
112 *mask |= bit;
113 return 0;
114 } else if(*resp == '?') {
115 print_flags_table (kdb_attrs, stderr);
116 } else {
117 fprintf (stderr, "Unable to parse '%s'\n", resp);
118 }
119 return -1;
120 }
121
122 /*
123 * allow the user to edit the attributes in `attr', prompting with `prompt'
124 */
125
126 int
127 edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
128 {
129 char buf[1024], resp[1024];
130
131 if (mask && (*mask & bit))
132 return 0;
133
134 attributes2str(*attr, buf, sizeof(buf));
135 for (;;) {
136 if(get_response("Attributes", buf, resp, sizeof(resp)) != 0)
137 return 1;
138 if (resp[0] == '\0')
139 break;
140 if (parse_attributes (resp, attr, mask, bit) == 0)
141 break;
142 }
143 return 0;
144 }
145
146 /*
147 * time_t
148 * the special value 0 means ``never''
149 */
150
151 /*
152 * Convert the time `t' to a string representation in `str' (of max
153 * size `len'). If include_time also include time, otherwise just
154 * date.
155 */
156
157 void
158 time_t2str(time_t t, char *str, size_t len, int include_time)
159 {
160 if(t) {
161 if(include_time)
162 strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
163 else
164 strftime(str, len, "%Y-%m-%d", gmtime(&t));
165 } else
166 snprintf(str, len, "never");
167 }
168
169 /*
170 * Convert the time representation in `str' to a time in `time'.
171 * Return 0 if succesful, else -1.
172 */
173
174 int
175 str2time_t (const char *str, time_t *t)
176 {
177 const char *p;
178 struct tm tm, tm2;
179
180 memset (&tm, 0, sizeof (tm));
181
182 if(strcasecmp(str, "never") == 0) {
183 *t = 0;
184 return 0;
185 }
186
187 if(strcasecmp(str, "now") == 0) {
188 *t = time(NULL);
189 return 0;
190 }
191
192 p = strptime (str, "%Y-%m-%d", &tm);
193
194 if (p == NULL)
195 return -1;
196
197 /* Do it on the end of the day */
198 tm2.tm_hour = 23;
199 tm2.tm_min = 59;
200 tm2.tm_sec = 59;
201
202 if(strptime (p, "%H:%M:%S", &tm2) != NULL) {
203 tm.tm_hour = tm2.tm_hour;
204 tm.tm_min = tm2.tm_min;
205 tm.tm_sec = tm2.tm_sec;
206 }
207
208 *t = tm2time (tm, 0);
209 return 0;
210 }
211
212 /*
213 * try to parse the time in `resp' storing it in `value'
214 */
215
216 int
217 parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit)
218 {
219 time_t tmp;
220
221 if (str2time_t(resp, &tmp) == 0) {
222 *value = tmp;
223 if(mask)
224 *mask |= bit;
225 return 0;
226 } else if(*resp == '?') {
227 printf ("Print date on format YYYY-mm-dd [hh:mm:ss]\n");
228 } else {
229 fprintf (stderr, "Unable to parse time '%s'\n", resp);
230 }
231 return -1;
232 }
233
234 /*
235 * allow the user to edit the time in `value'
236 */
237
238 int
239 edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit)
240 {
241 char buf[1024], resp[1024];
242
243 if (mask && (*mask & bit))
244 return 0;
245
246 time_t2str (*value, buf, sizeof (buf), 0);
247
248 for (;;) {
249 if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
250 return 1;
251 if (parse_timet (resp, value, mask, bit) == 0)
252 break;
253 }
254 return 0;
255 }
256
257 /*
258 * deltat
259 * the special value 0 means ``unlimited''
260 */
261
262 /*
263 * convert the delta_t value in `t' into a printable form in `str, len'
264 */
265
266 void
267 deltat2str(unsigned t, char *str, size_t len)
268 {
269 if(t == 0 || t == INT_MAX)
270 snprintf(str, len, "unlimited");
271 else
272 unparse_time(t, str, len);
273 }
274
275 /*
276 * parse the delta value in `str', storing result in `*delta'
277 * return 0 if ok, else -1
278 */
279
280 int
281 str2deltat(const char *str, krb5_deltat *delta)
282 {
283 int res;
284
285 if(strcasecmp(str, "unlimited") == 0) {
286 *delta = 0;
287 return 0;
288 }
289 res = parse_time(str, "day");
290 if (res < 0)
291 return res;
292 else {
293 *delta = res;
294 return 0;
295 }
296 }
297
298 /*
299 * try to parse the string in `resp' into a deltad in `value'
300 * `mask' will get the bit `bit' set if a value was given.
301 */
302
303 int
304 parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit)
305 {
306 krb5_deltat tmp;
307
308 if (str2deltat(resp, &tmp) == 0) {
309 *value = tmp;
310 if (mask)
311 *mask |= bit;
312 return 0;
313 } else if(*resp == '?') {
314 print_time_table (stderr);
315 } else {
316 fprintf (stderr, "Unable to parse time '%s'\n", resp);
317 }
318 return -1;
319 }
320
321 /*
322 * allow the user to edit the deltat in `value'
323 */
324
325 int
326 edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit)
327 {
328 char buf[1024], resp[1024];
329
330 if (mask && (*mask & bit))
331 return 0;
332
333 deltat2str(*value, buf, sizeof(buf));
334 for (;;) {
335 if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
336 return 1;
337 if (parse_deltat (resp, value, mask, bit) == 0)
338 break;
339 }
340 return 0;
341 }
342
343 /*
344 * allow the user to edit `ent'
345 */
346
347 void
348 set_defaults(kadm5_principal_ent_t ent, int *mask,
349 kadm5_principal_ent_t default_ent, int default_mask)
350 {
351 if (default_ent
352 && (default_mask & KADM5_MAX_LIFE)
353 && !(*mask & KADM5_MAX_LIFE))
354 ent->max_life = default_ent->max_life;
355
356 if (default_ent
357 && (default_mask & KADM5_MAX_RLIFE)
358 && !(*mask & KADM5_MAX_RLIFE))
359 ent->max_renewable_life = default_ent->max_renewable_life;
360
361 if (default_ent
362 && (default_mask & KADM5_PRINC_EXPIRE_TIME)
363 && !(*mask & KADM5_PRINC_EXPIRE_TIME))
364 ent->princ_expire_time = default_ent->princ_expire_time;
365
366 if (default_ent
367 && (default_mask & KADM5_PW_EXPIRATION)
368 && !(*mask & KADM5_PW_EXPIRATION))
369 ent->pw_expiration = default_ent->pw_expiration;
370
371 if (default_ent
372 && (default_mask & KADM5_ATTRIBUTES)
373 && !(*mask & KADM5_ATTRIBUTES))
374 ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
375 }
376
377 int
378 edit_entry(kadm5_principal_ent_t ent, int *mask,
379 kadm5_principal_ent_t default_ent, int default_mask)
380 {
381
382 set_defaults(ent, mask, default_ent, default_mask);
383
384 if(edit_deltat ("Max ticket life", &ent->max_life, mask,
385 KADM5_MAX_LIFE) != 0)
386 return 1;
387
388 if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask,
389 KADM5_MAX_RLIFE) != 0)
390 return 1;
391
392 if(edit_timet ("Principal expiration time", &ent->princ_expire_time, mask,
393 KADM5_PRINC_EXPIRE_TIME) != 0)
394 return 1;
395
396 if(edit_timet ("Password expiration time", &ent->pw_expiration, mask,
397 KADM5_PW_EXPIRATION) != 0)
398 return 1;
399
400 if(edit_attributes ("Attributes", &ent->attributes, mask,
401 KADM5_ATTRIBUTES) != 0)
402 return 1;
403
404 return 0;
405 }
406
407 /*
408 * Parse the arguments, set the fields in `ent' and the `mask' for the
409 * entries having been set.
410 * Return 1 on failure and 0 on success.
411 */
412
413 int
414 set_entry(krb5_context context,
415 kadm5_principal_ent_t ent,
416 int *mask,
417 const char *max_ticket_life,
418 const char *max_renewable_life,
419 const char *expiration,
420 const char *pw_expiration,
421 const char *attributes)
422 {
423 if (max_ticket_life != NULL) {
424 if (parse_deltat (max_ticket_life, &ent->max_life,
425 mask, KADM5_MAX_LIFE)) {
426 krb5_warnx (context, "unable to parse `%s'", max_ticket_life);
427 return 1;
428 }
429 }
430 if (max_renewable_life != NULL) {
431 if (parse_deltat (max_renewable_life, &ent->max_renewable_life,
432 mask, KADM5_MAX_RLIFE)) {
433 krb5_warnx (context, "unable to parse `%s'", max_renewable_life);
434 return 1;
435 }
436 }
437
438 if (expiration) {
439 if (parse_timet (expiration, &ent->princ_expire_time,
440 mask, KADM5_PRINC_EXPIRE_TIME)) {
441 krb5_warnx (context, "unable to parse `%s'", expiration);
442 return 1;
443 }
444 }
445 if (pw_expiration) {
446 if (parse_timet (pw_expiration, &ent->pw_expiration,
447 mask, KADM5_PW_EXPIRATION)) {
448 krb5_warnx (context, "unable to parse `%s'", pw_expiration);
449 return 1;
450 }
451 }
452 if (attributes != NULL) {
453 if (parse_attributes (attributes, &ent->attributes,
454 mask, KADM5_ATTRIBUTES)) {
455 krb5_warnx (context, "unable to parse `%s'", attributes);
456 return 1;
457 }
458 }
459 return 0;
460 }
461
462 /*
463 * Does `string' contain any globing characters?
464 */
465
466 static int
467 is_expression(const char *string)
468 {
469 const char *p;
470 int quote = 0;
471
472 for(p = string; *p; p++) {
473 if(quote) {
474 quote = 0;
475 continue;
476 }
477 if(*p == '\\')
478 quote++;
479 else if(strchr("[]*?", *p) != NULL)
480 return 1;
481 }
482 return 0;
483 }
484
485 /* loop over all principals matching exp */
486 int
487 foreach_principal(const char *exp,
488 int (*func)(krb5_principal, void*),
489 const char *funcname,
490 void *data)
491 {
492 char **princs;
493 int num_princs;
494 int i;
495 krb5_error_code ret;
496 krb5_principal princ_ent;
497 int is_expr;
498
499 /* if this isn't an expression, there is no point in wading
500 through the whole database looking for matches */
501 is_expr = is_expression(exp);
502 if(is_expr)
503 ret = kadm5_get_principals(kadm_handle, exp, &princs, &num_princs);
504 if(!is_expr || ret == KADM5_AUTH_LIST) {
505 /* we might be able to perform the requested opreration even
506 if we're not allowed to list principals */
507 num_princs = 1;
508 princs = malloc(sizeof(*princs));
509 if(princs == NULL)
510 return ENOMEM;
511 princs[0] = strdup(exp);
512 if(princs[0] == NULL){
513 free(princs);
514 return ENOMEM;
515 }
516 } else if(ret) {
517 krb5_warn(context, ret, "kadm5_get_principals");
518 return ret;
519 }
520 for(i = 0; i < num_princs; i++) {
521 ret = krb5_parse_name(context, princs[i], &princ_ent);
522 if(ret){
523 krb5_warn(context, ret, "krb5_parse_name(%s)", princs[i]);
524 continue;
525 }
526 ret = (*func)(princ_ent, data);
527 if(ret)
528 krb5_warn(context, ret, "%s %s", funcname, princs[i]);
529 krb5_free_principal(context, princ_ent);
530 }
531 kadm5_free_name_list(kadm_handle, princs, &num_princs);
532 return 0;
533 }
534
535 /*
536 * prompt with `prompt' and default value `def', and store the reply
537 * in `buf, len'
538 */
539
540 #include <setjmp.h>
541
542 static jmp_buf jmpbuf;
543
544 static void
545 interrupt(int sig)
546 {
547 longjmp(jmpbuf, 1);
548 }
549
550 static int
551 get_response(const char *prompt, const char *def, char *buf, size_t len)
552 {
553 char *p;
554 void (*osig)(int);
555
556 osig = signal(SIGINT, interrupt);
557 if(setjmp(jmpbuf)) {
558 signal(SIGINT, osig);
559 printf("\n");
560 return 1;
561 }
562
563 printf("%s [%s]:", prompt, def);
564 if(fgets(buf, len, stdin) == NULL) {
565 int save_errno = errno;
566 if(ferror(stdin))
567 krb5_err(context, 1, save_errno, "<stdin>");
568 signal(SIGINT, osig);
569 return 1;
570 }
571 p = strchr(buf, '\n');
572 if(p)
573 *p = '\0';
574 if(strcmp(buf, "") == 0)
575 strlcpy(buf, def, len);
576 signal(SIGINT, osig);
577 return 0;
578 }
579
580 /*
581 * return [0, 16) or -1
582 */
583
584 static int
585 hex2n (char c)
586 {
587 static char hexdigits[] = "0123456789abcdef";
588 const char *p;
589
590 p = strchr (hexdigits, tolower((unsigned char)c));
591 if (p == NULL)
592 return -1;
593 else
594 return p - hexdigits;
595 }
596
597 /*
598 * convert a key in a readable format into a keyblock.
599 * return 0 iff succesful, otherwise `err' should point to an error message
600 */
601
602 int
603 parse_des_key (const char *key_string, krb5_key_data *key_data,
604 const char **err)
605 {
606 const char *p = key_string;
607 unsigned char bits[8];
608 int i;
609
610 if (strlen (key_string) != 16) {
611 *err = "bad length, should be 16 for DES key";
612 return 1;
613 }
614 for (i = 0; i < 8; ++i) {
615 int d1, d2;
616
617 d1 = hex2n(p[2 * i]);
618 d2 = hex2n(p[2 * i + 1]);
619 if (d1 < 0 || d2 < 0) {
620 *err = "non-hex character";
621 return 1;
622 }
623 bits[i] = (d1 << 4) | d2;
624 }
625 for (i = 0; i < 3; ++i) {
626 key_data[i].key_data_ver = 2;
627 key_data[i].key_data_kvno = 0;
628 /* key */
629 key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
630 key_data[i].key_data_length[0] = 8;
631 key_data[i].key_data_contents[0] = malloc(8);
632 memcpy (key_data[i].key_data_contents[0], bits, 8);
633 /* salt */
634 key_data[i].key_data_type[1] = KRB5_PW_SALT;
635 key_data[i].key_data_length[1] = 0;
636 key_data[i].key_data_contents[1] = NULL;
637 }
638 key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
639 key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
640 return 0;
641 }
DragonFly BSD