lib/krb5/keytab_file.c

   1 /*
   2  * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5_locl.h"
  35
  36 RCSID("$Id$");
  37
  38 #define KRB5_KT_VNO_1 1
  39 #define KRB5_KT_VNO_2 2
  40 #define KRB5_KT_VNO   KRB5_KT_VNO_2
  41
  42 /* file operations -------------------------------------------- */
  43
  44 struct fkt_data {
  45     char *filename;
  46 };
  47
  48 static krb5_error_code
  49 krb5_kt_ret_data(krb5_context context,
  50                  krb5_storage *sp,
  51                  krb5_data *data)
  52 {
  53     int ret;
  54     int16_t size;
  55     ret = krb5_ret_int16(sp, &size);
  56     if(ret)
  57         return ret;
  58     data->length = size;
  59     data->data = malloc(size);
  60     if (data->data == NULL) {
  61         krb5_set_error_string (context, "malloc: out of memory");
  62         return ENOMEM;
  63     }
  64     ret = krb5_storage_read(sp, data->data, size);
  65     if(ret != size)
  66         return (ret < 0)? errno : KRB5_KT_END;
  67     return 0;
  68 }
  69
  70 static krb5_error_code
  71 krb5_kt_ret_string(krb5_context context,
  72                    krb5_storage *sp,
  73                    general_string *data)
  74 {
  75     int ret;
  76     int16_t size;
  77     ret = krb5_ret_int16(sp, &size);
  78     if(ret)
  79         return ret;
  80     *data = malloc(size + 1);
  81     if (*data == NULL) {
  82         krb5_set_error_string (context, "malloc: out of memory");
  83         return ENOMEM;
  84     }
  85     ret = krb5_storage_read(sp, *data, size);
  86     (*data)[size] = '\0';
  87     if(ret != size)
  88         return (ret < 0)? errno : KRB5_KT_END;
  89     return 0;
  90 }
  91
  92 static krb5_error_code
  93 krb5_kt_store_data(krb5_context context,
  94                    krb5_storage *sp,
  95                    krb5_data data)
  96 {
  97     int ret;
  98     ret = krb5_store_int16(sp, data.length);
  99     if(ret < 0)
 100         return ret;
 101     ret = krb5_storage_write(sp, data.data, data.length);
 102     if(ret != data.length){
 103         if(ret < 0)
 104             return errno;
 105         return KRB5_KT_END;
 106     }
 107     return 0;
 108 }
 109
 110 static krb5_error_code
 111 krb5_kt_store_string(krb5_storage *sp,
 112                      general_string data)
 113 {
 114     int ret;
 115     size_t len = strlen(data);
 116     ret = krb5_store_int16(sp, len);
 117     if(ret < 0)
 118         return ret;
 119     ret = krb5_storage_write(sp, data, len);
 120     if(ret != len){
 121         if(ret < 0)
 122             return errno;
 123         return KRB5_KT_END;
 124     }
 125     return 0;
 126 }
 127
 128 static krb5_error_code
 129 krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
 130 {
 131     int ret;
 132     int16_t tmp;
 133
 134     ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
 135     if(ret) return ret;
 136     p->keytype = tmp;
 137     ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
 138     return ret;
 139 }
 140
 141 static krb5_error_code
 142 krb5_kt_store_keyblock(krb5_context context,
 143                        krb5_storage *sp,
 144                        krb5_keyblock *p)
 145 {
 146     int ret;
 147
 148     ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
 149     if(ret) return ret;
 150     ret = krb5_kt_store_data(context, sp, p->keyvalue);
 151     return ret;
 152 }
 153
 154
 155 static krb5_error_code
 156 krb5_kt_ret_principal(krb5_context context,
 157                       krb5_storage *sp,
 158                       krb5_principal *princ)
 159 {
 160     int i;
 161     int ret;
 162     krb5_principal p;
 163     int16_t tmp;
 164
 165     ALLOC(p, 1);
 166     if(p == NULL) {
 167         krb5_set_error_string (context, "malloc: out of memory");
 168         return ENOMEM;
 169     }
 170
 171     ret = krb5_ret_int16(sp, &tmp);
 172     if(ret)
 173         return ret;
 174     if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
 175         tmp--;
 176     p->name.name_string.len = tmp;
 177     ret = krb5_kt_ret_string(context, sp, &p->realm);
 178     if(ret)
 179         return ret;
 180     p->name.name_string.val = calloc(p->name.name_string.len,
 181                                      sizeof(*p->name.name_string.val));
 182     if(p->name.name_string.val == NULL) {
 183         krb5_set_error_string (context, "malloc: out of memory");
 184         return ENOMEM;
 185     }
 186     for(i = 0; i < p->name.name_string.len; i++){
 187         ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
 188         if(ret)
 189             return ret;
 190     }
 191     if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
 192         p->name.name_type = KRB5_NT_UNKNOWN;
 193     else {
 194         int32_t tmp32;
 195         ret = krb5_ret_int32(sp, &tmp32);
 196         p->name.name_type = tmp32;
 197         if (ret)
 198             return ret;
 199     }
 200     *princ = p;
 201     return 0;
 202 }
 203
 204 static krb5_error_code
 205 krb5_kt_store_principal(krb5_context context,
 206                         krb5_storage *sp,
 207                         krb5_principal p)
 208 {
 209     int i;
 210     int ret;
 211
 212     if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
 213         ret = krb5_store_int16(sp, p->name.name_string.len + 1);
 214     else
 215         ret = krb5_store_int16(sp, p->name.name_string.len);
 216     if(ret) return ret;
 217     ret = krb5_kt_store_string(sp, p->realm);
 218     if(ret) return ret;
 219     for(i = 0; i < p->name.name_string.len; i++){
 220         ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
 221         if(ret)
 222             return ret;
 223     }
 224     if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
 225         ret = krb5_store_int32(sp, p->name.name_type);
 226         if(ret)
 227             return ret;
 228     }
 229
 230     return 0;
 231 }
 232
 233 static krb5_error_code
 234 fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
 235 {
 236     struct fkt_data *d;
 237
 238     d = malloc(sizeof(*d));
 239     if(d == NULL) {
 240         krb5_set_error_string (context, "malloc: out of memory");
 241         return ENOMEM;
 242     }
 243     d->filename = strdup(name);
 244     if(d->filename == NULL) {
 245         free(d);
 246         krb5_set_error_string (context, "malloc: out of memory");
 247         return ENOMEM;
 248     }
 249     id->data = d;
 250     return 0;
 251 }
 252
 253 static krb5_error_code
 254 fkt_close(krb5_context context, krb5_keytab id)
 255 {
 256     struct fkt_data *d = id->data;
 257     free(d->filename);
 258     free(d);
 259     return 0;
 260 }
 261
 262 static krb5_error_code
 263 fkt_get_name(krb5_context context,
 264              krb5_keytab id,
 265              char *name,
 266              size_t namesize)
 267 {
 268     /* This function is XXX */
 269     struct fkt_data *d = id->data;
 270     strlcpy(name, d->filename, namesize);
 271     return 0;
 272 }
 273
 274 static void
 275 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
 276 {
 277     int flags = 0;
 278     switch(vno) {
 279     case KRB5_KT_VNO_1:
 280         flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
 281         flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
 282         flags |= KRB5_STORAGE_HOST_BYTEORDER;
 283         break;
 284     case KRB5_KT_VNO_2:
 285         break;
 286     default:
 287         krb5_warnx(context,
 288                    "storage_set_flags called with bad vno (%d)", vno);
 289     }
 290     krb5_storage_set_flags(sp, flags);
 291 }
 292
 293 static krb5_error_code
 294 fkt_start_seq_get_int(krb5_context context,
 295                       krb5_keytab id,
 296                       int flags,
 297                       krb5_kt_cursor *c)
 298 {
 299     int8_t pvno, tag;
 300     krb5_error_code ret;
 301     struct fkt_data *d = id->data;
 302
 303     c->fd = open (d->filename, flags);
 304     if (c->fd < 0) {
 305         ret = errno;
 306         krb5_set_error_string(context, "%s: %s", d->filename,
 307                               strerror(ret));
 308         return ret;
 309     }
 310     c->sp = krb5_storage_from_fd(c->fd);
 311     krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
 312     ret = krb5_ret_int8(c->sp, &pvno);
 313     if(ret) {
 314         krb5_storage_free(c->sp);
 315         close(c->fd);
 316         return ret;
 317     }
 318     if(pvno != 5) {
 319         krb5_storage_free(c->sp);
 320         close(c->fd);
 321         krb5_clear_error_string (context);
 322         return KRB5_KEYTAB_BADVNO;
 323     }
 324     ret = krb5_ret_int8(c->sp, &tag);
 325     if (ret) {
 326         krb5_storage_free(c->sp);
 327         close(c->fd);
 328         return ret;
 329     }
 330     id->version = tag;
 331     storage_set_flags(context, c->sp, id->version);
 332     return 0;
 333 }
 334
 335 static krb5_error_code
 336 fkt_start_seq_get(krb5_context context,
 337                   krb5_keytab id,
 338                   krb5_kt_cursor *c)
 339 {
 340     return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, c);
 341 }
 342
 343 static krb5_error_code
 344 fkt_next_entry_int(krb5_context context,
 345                    krb5_keytab id,
 346                    krb5_keytab_entry *entry,
 347                    krb5_kt_cursor *cursor,
 348                    off_t *start,
 349                    off_t *end)
 350 {
 351     int32_t len;
 352     int ret;
 353     int8_t tmp8;
 354     int32_t tmp32;
 355     off_t pos, curpos;
 356
 357     pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
 358 loop:
 359     ret = krb5_ret_int32(cursor->sp, &len);
 360     if (ret)
 361         return ret;
 362     if(len < 0) {
 363         pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
 364         goto loop;
 365     }
 366     ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
 367     if (ret)
 368         goto out;
 369     ret = krb5_ret_int32(cursor->sp, &tmp32);
 370     entry->timestamp = tmp32;
 371     if (ret)
 372         goto out;
 373     ret = krb5_ret_int8(cursor->sp, &tmp8);
 374     if (ret)
 375         goto out;
 376     entry->vno = tmp8;
 377     ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
 378     if (ret)
 379         goto out;
 380     /* there might be a 32 bit kvno here
 381      * if it's zero, assume that the 8bit one was right,
 382      * otherwise trust the new value */
 383     curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
 384     if(len + 4 + pos - curpos == 4) {
 385         ret = krb5_ret_int32(cursor->sp, &tmp32);
 386         if (ret == 0 && tmp32 != 0) {
 387             entry->vno = tmp32;
 388         }
 389     }
 390     if(start) *start = pos;
 391     if(end) *end = *start + 4 + len;
 392  out:
 393     krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
 394     return ret;
 395 }
 396
 397 static krb5_error_code
 398 fkt_next_entry(krb5_context context,
 399                krb5_keytab id,
 400                krb5_keytab_entry *entry,
 401                krb5_kt_cursor *cursor)
 402 {
 403     return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
 404 }
 405
 406 static krb5_error_code
 407 fkt_end_seq_get(krb5_context context,
 408                 krb5_keytab id,
 409                 krb5_kt_cursor *cursor)
 410 {
 411     krb5_storage_free(cursor->sp);
 412     close(cursor->fd);
 413     return 0;
 414 }
 415
 416 static krb5_error_code
 417 fkt_setup_keytab(krb5_context context,
 418                  krb5_keytab id,
 419                  krb5_storage *sp)
 420 {
 421     krb5_error_code ret;
 422     ret = krb5_store_int8(sp, 5);
 423     if(ret)
 424         return ret;
 425     if(id->version == 0)
 426         id->version = KRB5_KT_VNO;
 427     return krb5_store_int8 (sp, id->version);
 428 }
 429
 430 static krb5_error_code
 431 fkt_add_entry(krb5_context context,
 432               krb5_keytab id,
 433               krb5_keytab_entry *entry)
 434 {
 435     int ret;
 436     int fd;
 437     krb5_storage *sp;
 438     struct fkt_data *d = id->data;
 439     krb5_data keytab;
 440     int32_t len;
 441
 442     fd = open (d->filename, O_RDWR | O_BINARY);
 443     if (fd < 0) {
 444         fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
 445         if (fd < 0) {
 446             ret = errno;
 447             krb5_set_error_string(context, "open(%s): %s", d->filename,
 448                                   strerror(ret));
 449             return ret;
 450         }
 451         sp = krb5_storage_from_fd(fd);
 452         krb5_storage_set_eof_code(sp, KRB5_KT_END);
 453         ret = fkt_setup_keytab(context, id, sp);
 454         if(ret) {
 455             krb5_storage_free(sp);
 456             close(fd);
 457             return ret;
 458         }
 459         storage_set_flags(context, sp, id->version);
 460     } else {
 461         int8_t pvno, tag;
 462         sp = krb5_storage_from_fd(fd);
 463         krb5_storage_set_eof_code(sp, KRB5_KT_END);
 464         ret = krb5_ret_int8(sp, &pvno);
 465         if(ret) {
 466             /* we probably have a zero byte file, so try to set it up
 467                properly */
 468             ret = fkt_setup_keytab(context, id, sp);
 469             if(ret) {
 470                 krb5_set_error_string(context, "%s: keytab is corrupted: %s",
 471                                       d->filename, strerror(ret));
 472                 krb5_storage_free(sp);
 473                 close(fd);
 474                 return ret;
 475             }
 476             storage_set_flags(context, sp, id->version);
 477         } else {
 478             if(pvno != 5) {
 479                 krb5_storage_free(sp);
 480                 close(fd);
 481                 krb5_clear_error_string (context);
 482                 ret = KRB5_KEYTAB_BADVNO;
 483                 krb5_set_error_string(context, "%s: %s",
 484                                       d->filename, strerror(ret));
 485                 return ret;
 486             }
 487             ret = krb5_ret_int8 (sp, &tag);
 488             if (ret) {
 489                 krb5_set_error_string(context, "%s: reading tag: %s",
 490                                       d->filename, strerror(ret));
 491                 krb5_storage_free(sp);
 492                 close(fd);
 493                 return ret;
 494             }
 495             id->version = tag;
 496             storage_set_flags(context, sp, id->version);
 497         }
 498     }
 499
 500     {
 501         krb5_storage *emem;
 502         emem = krb5_storage_emem();
 503         if(emem == NULL) {
 504             ret = ENOMEM;
 505             krb5_set_error_string (context, "malloc: out of memory");
 506             goto out;
 507         }
 508         ret = krb5_kt_store_principal(context, emem, entry->principal);
 509         if(ret) {
 510             krb5_storage_free(emem);
 511             goto out;
 512         }
 513         ret = krb5_store_int32 (emem, entry->timestamp);
 514         if(ret) {
 515             krb5_storage_free(emem);
 516             goto out;
 517         }
 518         ret = krb5_store_int8 (emem, entry->vno % 256);
 519         if(ret) {
 520             krb5_storage_free(emem);
 521             goto out;
 522         }
 523         ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
 524         if(ret) {
 525             krb5_storage_free(emem);
 526             goto out;
 527         }
 528         ret = krb5_store_int32 (emem, entry->vno);
 529         if (ret) {
 530             krb5_storage_free(emem);
 531             goto out;
 532         }
 533
 534         ret = krb5_storage_to_data(emem, &keytab);
 535         krb5_storage_free(emem);
 536         if(ret)
 537             goto out;
 538     }
 539
 540     while(1) {
 541         ret = krb5_ret_int32(sp, &len);
 542         if(ret == KRB5_KT_END) {
 543             len = keytab.length;
 544             break;
 545         }
 546         if(len < 0) {
 547             len = -len;
 548             if(len >= keytab.length) {
 549                 krb5_storage_seek(sp, -4, SEEK_CUR);
 550                 break;
 551             }
 552         }
 553         krb5_storage_seek(sp, len, SEEK_CUR);
 554     }
 555     ret = krb5_store_int32(sp, len);
 556     if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
 557         ret = errno;
 558     memset(keytab.data, 0, keytab.length);
 559     krb5_data_free(&keytab);
 560   out:
 561     krb5_storage_free(sp);
 562     close(fd);
 563     return ret;
 564 }
 565
 566 static krb5_error_code
 567 fkt_remove_entry(krb5_context context,
 568                  krb5_keytab id,
 569                  krb5_keytab_entry *entry)
 570 {
 571     krb5_keytab_entry e;
 572     krb5_kt_cursor cursor;
 573     off_t pos_start, pos_end;
 574     int found = 0;
 575     krb5_error_code ret;
 576
 577     ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, &cursor);
 578     if(ret != 0)
 579         goto out; /* return other error here? */
 580     while(fkt_next_entry_int(context, id, &e, &cursor,
 581                              &pos_start, &pos_end) == 0) {
 582         if(krb5_kt_compare(context, &e, entry->principal,
 583                            entry->vno, entry->keyblock.keytype)) {
 584             int32_t len;
 585             unsigned char buf[128];
 586             found = 1;
 587             krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
 588             len = pos_end - pos_start - 4;
 589             krb5_store_int32(cursor.sp, -len);
 590             memset(buf, 0, sizeof(buf));
 591             while(len > 0) {
 592                 krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
 593                 len -= min(len, sizeof(buf));
 594             }
 595         }
 596     }
 597     krb5_kt_end_seq_get(context, id, &cursor);
 598   out:
 599     if (!found) {
 600         krb5_clear_error_string (context);
 601         return KRB5_KT_NOTFOUND;
 602     }
 603     return 0;
 604 }
 605
 606 const krb5_kt_ops krb5_fkt_ops = {
 607     "FILE",
 608     fkt_resolve,
 609     fkt_get_name,
 610     fkt_close,
 611     NULL, /* get */
 612     fkt_start_seq_get,
 613     fkt_next_entry,
 614     fkt_end_seq_get,
 615     fkt_add_entry,
 616     fkt_remove_entry
 617 };