search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drop RCSID
[heimdal.git] / lib / hdb / keytab.c
blob8afba3ad2da73a4f7e8fb8751b2a35fadfdead2c
1 /*
2 * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hdb_locl.h"
35
36 /* keytab backend for HDB databases */
37
38 struct hdb_data {
39 char *dbname;
40 char *mkey;
41 };
42
43 /*
44 * the format for HDB keytabs is:
45 * HDB:[database:file:mkey]
46 */
47
48 static krb5_error_code
49 hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
50 {
51 struct hdb_data *d;
52 const char *db, *mkey;
53
54 d = malloc(sizeof(*d));
55 if(d == NULL) {
56 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
57 return ENOMEM;
58 }
59 db = name;
60 mkey = strchr(name, ':');
61 if(mkey == NULL || mkey[1] == '\0') {
62 if(*name == '\0')
63 d->dbname = NULL;
64 else {
65 d->dbname = strdup(name);
66 if(d->dbname == NULL) {
67 free(d);
68 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
69 return ENOMEM;
70 }
71 }
72 d->mkey = NULL;
73 } else {
74 if((mkey - db) == 0) {
75 d->dbname = NULL;
76 } else {
77 d->dbname = malloc(mkey - db + 1);
78 if(d->dbname == NULL) {
79 free(d);
80 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
81 return ENOMEM;
82 }
83 memmove(d->dbname, db, mkey - db);
84 d->dbname[mkey - db] = '\0';
85 }
86 d->mkey = strdup(mkey + 1);
87 if(d->mkey == NULL) {
88 free(d->dbname);
89 free(d);
90 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
91 return ENOMEM;
92 }
93 }
94 id->data = d;
95 return 0;
96 }
97
98 static krb5_error_code
99 hdb_close(krb5_context context, krb5_keytab id)
100 {
101 struct hdb_data *d = id->data;
102
103 free(d->dbname);
104 free(d->mkey);
105 free(d);
106 return 0;
107 }
108
109 static krb5_error_code
110 hdb_get_name(krb5_context context,
111 krb5_keytab id,
112 char *name,
113 size_t namesize)
114 {
115 struct hdb_data *d = id->data;
116
117 snprintf(name, namesize, "%s%s%s",
118 d->dbname ? d->dbname : "",
119 (d->dbname || d->mkey) ? ":" : "",
120 d->mkey ? d->mkey : "");
121 return 0;
122 }
123
124 static void
125 set_config (krb5_context context,
126 const krb5_config_binding *binding,
127 const char **dbname,
128 const char **mkey)
129 {
130 *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
131 *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL);
132 }
133
134 /*
135 * try to figure out the database (`dbname') and master-key (`mkey')
136 * that should be used for `principal'.
137 */
138
139 static void
140 find_db (krb5_context context,
141 const char **dbname,
142 const char **mkey,
143 krb5_const_principal principal)
144 {
145 const krb5_config_binding *top_bind = NULL;
146 const krb5_config_binding *default_binding = NULL;
147 const krb5_config_binding *db;
148 krb5_const_realm realm = krb5_principal_get_realm(context, principal);
149
150 *dbname = *mkey = NULL;
151
152 while ((db =
153 krb5_config_get_next(context,
154 NULL,
155 &top_bind,
156 krb5_config_list,
157 "kdc",
158 "database",
159 NULL)) != NULL) {
160 const char *p;
161
162 p = krb5_config_get_string (context, db, "realm", NULL);
163 if (p == NULL) {
164 if(default_binding) {
165 krb5_warnx(context, "WARNING: more than one realm-less "
166 "database specification");
167 krb5_warnx(context, "WARNING: using the first encountered");
168 } else
169 default_binding = db;
170 } else if (strcmp (realm, p) == 0) {
171 set_config (context, db, dbname, mkey);
172 break;
173 }
174 }
175 if (*dbname == NULL && default_binding != NULL)
176 set_config (context, default_binding, dbname, mkey);
177 if (*dbname == NULL)
178 *dbname = HDB_DEFAULT_DB;
179 }
180
181 /*
182 * find the keytab entry in `id' for `principal, kvno, enctype' and return
183 * it in `entry'. return 0 or an error code
184 */
185
186 static krb5_error_code
187 hdb_get_entry(krb5_context context,
188 krb5_keytab id,
189 krb5_const_principal principal,
190 krb5_kvno kvno,
191 krb5_enctype enctype,
192 krb5_keytab_entry *entry)
193 {
194 hdb_entry_ex ent;
195 krb5_error_code ret;
196 struct hdb_data *d = id->data;
197 int i;
198 HDB *db;
199 const char *dbname = d->dbname;
200 const char *mkey = d->mkey;
201
202 memset(&ent, 0, sizeof(ent));
203
204 if (dbname == NULL)
205 find_db (context, &dbname, &mkey, principal);
206
207 ret = hdb_create (context, &db, dbname);
208 if (ret)
209 return ret;
210 ret = hdb_set_master_keyfile (context, db, mkey);
211 if (ret) {
212 (*db->hdb_destroy)(context, db);
213 return ret;
214 }
215
216 ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
217 if (ret) {
218 (*db->hdb_destroy)(context, db);
219 return ret;
220 }
221 ret = (*db->hdb_fetch)(context, db, principal,
222 HDB_F_DECRYPT|
223 HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
224 &ent);
225
226 if(ret == HDB_ERR_NOENTRY) {
227 ret = KRB5_KT_NOTFOUND;
228 goto out;
229 }else if(ret)
230 goto out;
231
232 if(kvno && ent.entry.kvno != kvno) {
233 hdb_free_entry(context, &ent);
234 ret = KRB5_KT_NOTFOUND;
235 goto out;
236 }
237 if(enctype == 0)
238 if(ent.entry.keys.len > 0)
239 enctype = ent.entry.keys.val[0].key.keytype;
240 ret = KRB5_KT_NOTFOUND;
241 for(i = 0; i < ent.entry.keys.len; i++) {
242 if(ent.entry.keys.val[i].key.keytype == enctype) {
243 krb5_copy_principal(context, principal, &entry->principal);
244 entry->vno = ent.entry.kvno;
245 krb5_copy_keyblock_contents(context,
246 &ent.entry.keys.val[i].key,
247 &entry->keyblock);
248 ret = 0;
249 break;
250 }
251 }
252 hdb_free_entry(context, &ent);
253 out:
254 (*db->hdb_close)(context, db);
255 (*db->hdb_destroy)(context, db);
256 return ret;
257 }
258
259 krb5_kt_ops hdb_kt_ops = {
260 "HDB",
261 hdb_resolve,
262 hdb_get_name,
263 hdb_close,
264 NULL, /* destroy */
265 hdb_get_entry,
266 NULL, /* start_seq_get */
267 NULL, /* next_entry */
268 NULL, /* end_seq_get */
269 NULL, /* add */
270 NULL /* remove */
271 };
Heimdal