search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:torture: Adapt KDC canon test to Heimdal upstream changes
[Samba.git] / source4 / heimdal / lib / krb5 / keytab_file.c
blob595966ed38760621dbbad9de6d5017d4180c2421
1 /*
2 * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #define KRB5_KT_VNO_1 1
37 #define KRB5_KT_VNO_2 2
38 #define KRB5_KT_VNO KRB5_KT_VNO_2
39
40 #define KRB5_KT_FL_JAVA 1
41
42
43 /* file operations -------------------------------------------- */
44
45 struct fkt_data {
46 char *filename;
47 int flags;
48 };
49
50 static krb5_error_code
51 krb5_kt_ret_data(krb5_context context,
52 krb5_storage *sp,
53 krb5_data *data)
54 {
55 krb5_error_code ret;
56 krb5_ssize_t bytes;
57 int16_t size;
58
59 ret = krb5_ret_int16(sp, &size);
60 if(ret)
61 return ret;
62 data->length = size;
63 data->data = malloc(size);
64 if (data->data == NULL)
65 return krb5_enomem(context);
66 bytes = krb5_storage_read(sp, data->data, size);
67 if (bytes != size)
68 return (bytes == -1) ? errno : KRB5_KT_END;
69 return 0;
70 }
71
72 static krb5_error_code
73 krb5_kt_ret_string(krb5_context context,
74 krb5_storage *sp,
75 heim_general_string *data)
76 {
77 krb5_error_code ret;
78 krb5_ssize_t bytes;
79 int16_t size;
80
81 ret = krb5_ret_int16(sp, &size);
82 if(ret)
83 return ret;
84 *data = malloc(size + 1);
85 if (*data == NULL)
86 return krb5_enomem(context);
87 bytes = krb5_storage_read(sp, *data, size);
88 (*data)[size] = '\0';
89 if (bytes != size)
90 return (bytes == -1) ? errno : KRB5_KT_END;
91 return 0;
92 }
93
94 static krb5_error_code
95 krb5_kt_store_data(krb5_context context,
96 krb5_storage *sp,
97 krb5_data data)
98 {
99 krb5_error_code ret;
100 krb5_ssize_t bytes;
101
102 ret = krb5_store_int16(sp, data.length);
103 if (ret != 0)
104 return ret;
105 bytes = krb5_storage_write(sp, data.data, data.length);
106 if (bytes != (int)data.length)
107 return bytes == -1 ? errno : KRB5_KT_END;
108 return 0;
109 }
110
111 static krb5_error_code
112 krb5_kt_store_string(krb5_storage *sp,
113 heim_general_string data)
114 {
115 krb5_error_code ret;
116 krb5_ssize_t bytes;
117 size_t len = strlen(data);
118
119 ret = krb5_store_int16(sp, len);
120 if (ret != 0)
121 return ret;
122 bytes = krb5_storage_write(sp, data, len);
123 if (bytes != (int)len)
124 return bytes == -1 ? errno : KRB5_KT_END;
125 return 0;
126 }
127
128 static krb5_error_code
129 krb5_kt_ret_keyblock(krb5_context context,
130 struct fkt_data *fkt,
131 krb5_storage *sp,
132 krb5_keyblock *p)
133 {
134 int ret;
135 int16_t tmp;
136
137 ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
138 if(ret) {
139 krb5_set_error_message(context, ret,
140 N_("Cant read keyblock from file %s", ""),
141 fkt->filename);
142 return ret;
143 }
144 p->keytype = tmp;
145 ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
146 if (ret)
147 krb5_set_error_message(context, ret,
148 N_("Cant read keyblock from file %s", ""),
149 fkt->filename);
150 return ret;
151 }
152
153 static krb5_error_code
154 krb5_kt_store_keyblock(krb5_context context,
155 struct fkt_data *fkt,
156 krb5_storage *sp,
157 krb5_keyblock *p)
158 {
159 int ret;
160
161 ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
162 if(ret) {
163 krb5_set_error_message(context, ret,
164 N_("Cant store keyblock to file %s", ""),
165 fkt->filename);
166 return ret;
167 }
168 ret = krb5_kt_store_data(context, sp, p->keyvalue);
169 if (ret)
170 krb5_set_error_message(context, ret,
171 N_("Cant store keyblock to file %s", ""),
172 fkt->filename);
173 return ret;
174 }
175
176
177 static krb5_error_code
178 krb5_kt_ret_principal(krb5_context context,
179 struct fkt_data *fkt,
180 krb5_storage *sp,
181 krb5_principal *princ)
182 {
183 size_t i;
184 int ret;
185 krb5_principal p;
186 int16_t len;
187
188 ALLOC(p, 1);
189 if(p == NULL)
190 return krb5_enomem(context);
191
192 ret = krb5_ret_int16(sp, &len);
193 if(ret) {
194 krb5_set_error_message(context, ret,
195 N_("Failed decoding length of "
196 "keytab principal in keytab file %s", ""),
197 fkt->filename);
198 goto out;
199 }
200 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
201 len--;
202 if (len < 0) {
203 ret = KRB5_KT_END;
204 krb5_set_error_message(context, ret,
205 N_("Keytab principal contains "
206 "invalid length in keytab %s", ""),
207 fkt->filename);
208 goto out;
209 }
210 ret = krb5_kt_ret_string(context, sp, &p->realm);
211 if(ret) {
212 krb5_set_error_message(context, ret,
213 N_("Can't read realm from keytab: %s", ""),
214 fkt->filename);
215 goto out;
216 }
217 p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
218 if(p->name.name_string.val == NULL) {
219 ret = krb5_enomem(context);
220 goto out;
221 }
222 p->name.name_string.len = len;
223 for(i = 0; i < p->name.name_string.len; i++){
224 ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
225 if(ret) {
226 krb5_set_error_message(context, ret,
227 N_("Can't read principal from "
228 "keytab: %s", ""),
229 fkt->filename);
230 goto out;
231 }
232 }
233 if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
234 p->name.name_type = KRB5_NT_UNKNOWN;
235 else {
236 int32_t tmp32;
237 ret = krb5_ret_int32(sp, &tmp32);
238 p->name.name_type = tmp32;
239 if (ret) {
240 krb5_set_error_message(context, ret,
241 N_("Can't read name-type from "
242 "keytab: %s", ""),
243 fkt->filename);
244 goto out;
245 }
246 }
247 *princ = p;
248 return 0;
249 out:
250 krb5_free_principal(context, p);
251 return ret;
252 }
253
254 static krb5_error_code
255 krb5_kt_store_principal(krb5_context context,
256 krb5_storage *sp,
257 krb5_principal p)
258 {
259 size_t i;
260 int ret;
261
262 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
263 ret = krb5_store_int16(sp, p->name.name_string.len + 1);
264 else
265 ret = krb5_store_int16(sp, p->name.name_string.len);
266 if(ret) return ret;
267 ret = krb5_kt_store_string(sp, p->realm);
268 if(ret) return ret;
269 for(i = 0; i < p->name.name_string.len; i++){
270 ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
271 if(ret)
272 return ret;
273 }
274 if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
275 ret = krb5_store_int32(sp, p->name.name_type);
276 if(ret)
277 return ret;
278 }
279
280 return 0;
281 }
282
283 static krb5_error_code KRB5_CALLCONV
284 fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
285 {
286 struct fkt_data *d;
287
288 d = malloc(sizeof(*d));
289 if(d == NULL)
290 return krb5_enomem(context);
291 d->filename = strdup(name);
292 if(d->filename == NULL) {
293 free(d);
294 return krb5_enomem(context);
295 }
296 d->flags = 0;
297 id->data = d;
298 return 0;
299 }
300
301 static krb5_error_code KRB5_CALLCONV
302 fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
303 {
304 krb5_error_code ret;
305
306 ret = fkt_resolve(context, name, id);
307 if (ret == 0) {
308 struct fkt_data *d = id->data;
309 d->flags |= KRB5_KT_FL_JAVA;
310 }
311 return ret;
312 }
313
314 static krb5_error_code KRB5_CALLCONV
315 fkt_close(krb5_context context, krb5_keytab id)
316 {
317 struct fkt_data *d = id->data;
318 free(d->filename);
319 free(d);
320 return 0;
321 }
322
323 static krb5_error_code KRB5_CALLCONV
324 fkt_destroy(krb5_context context, krb5_keytab id)
325 {
326 struct fkt_data *d = id->data;
327 _krb5_erase_file(context, d->filename);
328 return 0;
329 }
330
331 static krb5_error_code KRB5_CALLCONV
332 fkt_get_name(krb5_context context,
333 krb5_keytab id,
334 char *name,
335 size_t namesize)
336 {
337 /* This function is XXX */
338 struct fkt_data *d = id->data;
339 strlcpy(name, d->filename, namesize);
340 return 0;
341 }
342
343 static void
344 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
345 {
346 int flags = 0;
347 switch(vno) {
348 case KRB5_KT_VNO_1:
349 flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
350 flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
351 flags |= KRB5_STORAGE_HOST_BYTEORDER;
352 break;
353 case KRB5_KT_VNO_2:
354 break;
355 default:
356 krb5_warnx(context,
357 "storage_set_flags called with bad vno (%d)", vno);
358 }
359 krb5_storage_set_flags(sp, flags);
360 }
361
362 static krb5_error_code
363 fkt_start_seq_get_int(krb5_context context,
364 krb5_keytab id,
365 int flags,
366 int exclusive,
367 krb5_kt_cursor *c)
368 {
369 int8_t pvno, tag;
370 krb5_error_code ret;
371 struct fkt_data *d = id->data;
372 const char *stdio_mode = "rb";
373
374 c->fd = open (d->filename, flags);
375 if (c->fd < 0) {
376 ret = errno;
377 krb5_set_error_message(context, ret,
378 N_("keytab %s open failed: %s", ""),
379 d->filename, strerror(ret));
380 return ret;
381 }
382 rk_cloexec(c->fd);
383 ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
384 if (ret) {
385 close(c->fd);
386 return ret;
387 }
388 if ((flags & O_ACCMODE) == O_RDWR && (flags & O_APPEND))
389 stdio_mode = "ab+";
390 else if ((flags & O_ACCMODE) == O_RDWR)
391 stdio_mode = "rb+";
392 else if ((flags & O_ACCMODE) == O_WRONLY)
393 stdio_mode = "wb";
394 c->sp = krb5_storage_stdio_from_fd(c->fd, stdio_mode);
395 if (c->sp == NULL) {
396 close(c->fd);
397 return krb5_enomem(context);
398 }
399 krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
400 ret = krb5_ret_int8(c->sp, &pvno);
401 if(ret) {
402 krb5_storage_free(c->sp);
403 close(c->fd);
404 krb5_clear_error_message(context);
405 return ret;
406 }
407 if(pvno != 5) {
408 krb5_storage_free(c->sp);
409 close(c->fd);
410 krb5_clear_error_message (context);
411 return KRB5_KEYTAB_BADVNO;
412 }
413 ret = krb5_ret_int8(c->sp, &tag);
414 if (ret) {
415 krb5_storage_free(c->sp);
416 close(c->fd);
417 krb5_clear_error_message(context);
418 return ret;
419 }
420 id->version = tag;
421 storage_set_flags(context, c->sp, id->version);
422 return 0;
423 }
424
425 static krb5_error_code KRB5_CALLCONV
426 fkt_start_seq_get(krb5_context context,
427 krb5_keytab id,
428 krb5_kt_cursor *c)
429 {
430 return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c);
431 }
432
433 static krb5_error_code
434 fkt_next_entry_int(krb5_context context,
435 krb5_keytab id,
436 krb5_keytab_entry *entry,
437 krb5_kt_cursor *cursor,
438 off_t *start,
439 off_t *end)
440 {
441 struct fkt_data *d = id->data;
442 int32_t len;
443 int ret;
444 int8_t tmp8;
445 int32_t tmp32;
446 uint32_t utmp32;
447 off_t pos, curpos;
448
449 pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
450 loop:
451 ret = krb5_ret_int32(cursor->sp, &len);
452 if (ret)
453 return ret;
454 if(len < 0) {
455 pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
456 goto loop;
457 }
458 ret = krb5_kt_ret_principal (context, d, cursor->sp, &entry->principal);
459 if (ret)
460 goto out;
461 ret = krb5_ret_uint32(cursor->sp, &utmp32);
462 entry->timestamp = utmp32;
463 if (ret)
464 goto out;
465 ret = krb5_ret_int8(cursor->sp, &tmp8);
466 if (ret)
467 goto out;
468 entry->vno = tmp8;
469 ret = krb5_kt_ret_keyblock (context, d, cursor->sp, &entry->keyblock);
470 if (ret)
471 goto out;
472 /* there might be a 32 bit kvno here
473 * if it's zero, assume that the 8bit one was right,
474 * otherwise trust the new value */
475 curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
476 if(len + 4 + pos - curpos >= 4) {
477 ret = krb5_ret_int32(cursor->sp, &tmp32);
478 if (ret == 0 && tmp32 != 0)
479 entry->vno = tmp32;
480 }
481 /* there might be a flags field here */
482 if(len + 4 + pos - curpos >= 8) {
483 ret = krb5_ret_uint32(cursor->sp, &utmp32);
484 if (ret == 0)
485 entry->flags = utmp32;
486 } else
487 entry->flags = 0;
488
489 entry->aliases = NULL;
490
491 if(start) *start = pos;
492 if(end) *end = pos + 4 + len;
493 out:
494 if (ret)
495 krb5_kt_free_entry(context, entry);
496 krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
497 return ret;
498 }
499
500 static krb5_error_code KRB5_CALLCONV
501 fkt_next_entry(krb5_context context,
502 krb5_keytab id,
503 krb5_keytab_entry *entry,
504 krb5_kt_cursor *cursor)
505 {
506 return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
507 }
508
509 static krb5_error_code KRB5_CALLCONV
510 fkt_end_seq_get(krb5_context context,
511 krb5_keytab id,
512 krb5_kt_cursor *cursor)
513 {
514 krb5_storage_free(cursor->sp);
515 close(cursor->fd);
516 return 0;
517 }
518
519 static krb5_error_code KRB5_CALLCONV
520 fkt_setup_keytab(krb5_context context,
521 krb5_keytab id,
522 krb5_storage *sp)
523 {
524 krb5_error_code ret;
525 ret = krb5_store_int8(sp, 5);
526 if(ret)
527 return ret;
528 if(id->version == 0)
529 id->version = KRB5_KT_VNO;
530 return krb5_store_int8 (sp, id->version);
531 }
532
533 static krb5_error_code KRB5_CALLCONV
534 fkt_add_entry(krb5_context context,
535 krb5_keytab id,
536 krb5_keytab_entry *entry)
537 {
538 int ret;
539 int fd;
540 krb5_storage *sp;
541 krb5_ssize_t bytes;
542 struct fkt_data *d = id->data;
543 krb5_data keytab;
544 int32_t len;
545
546 fd = open(d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
547 if (fd < 0) {
548 fd = open(d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
549 if (fd < 0) {
550 ret = errno;
551 krb5_set_error_message(context, ret,
552 N_("open(%s): %s", ""), d->filename,
553 strerror(ret));
554 return ret;
555 }
556 rk_cloexec(fd);
557
558 ret = _krb5_xlock(context, fd, 1, d->filename);
559 if (ret) {
560 close(fd);
561 return ret;
562 }
563 sp = krb5_storage_stdio_from_fd(fd, "wb+");
564 if (sp == NULL) {
565 close(fd);
566 return krb5_enomem(context);
567 }
568 krb5_storage_set_eof_code(sp, KRB5_KT_END);
569 ret = fkt_setup_keytab(context, id, sp);
570 if (ret) {
571 goto out;
572 }
573 storage_set_flags(context, sp, id->version);
574 } else {
575 int8_t pvno, tag;
576
577 rk_cloexec(fd);
578
579 ret = _krb5_xlock(context, fd, 1, d->filename);
580 if (ret) {
581 close(fd);
582 return ret;
583 }
584 sp = krb5_storage_stdio_from_fd(fd, "wb+");
585 if (sp == NULL) {
586 (void) close(fd);
587 return ret;
588 }
589 krb5_storage_set_eof_code(sp, KRB5_KT_END);
590 ret = krb5_ret_int8(sp, &pvno);
591 if(ret) {
592 /* we probably have a zero byte file, so try to set it up
593 properly */
594 ret = fkt_setup_keytab(context, id, sp);
595 if(ret) {
596 krb5_set_error_message(context, ret,
597 N_("%s: keytab is corrupted: %s", ""),
598 d->filename, strerror(ret));
599 goto out;
600 }
601 storage_set_flags(context, sp, id->version);
602 } else {
603 if(pvno != 5) {
604 ret = KRB5_KEYTAB_BADVNO;
605 krb5_set_error_message(context, ret,
606 N_("Bad version in keytab %s", ""),
607 d->filename);
608 goto out;
609 }
610 ret = krb5_ret_int8 (sp, &tag);
611 if (ret) {
612 krb5_set_error_message(context, ret,
613 N_("failed reading tag from "
614 "keytab %s", ""),
615 d->filename);
616 goto out;
617 }
618 id->version = tag;
619 storage_set_flags(context, sp, id->version);
620 }
621 }
622
623 {
624 krb5_storage *emem;
625 emem = krb5_storage_emem();
626 if(emem == NULL) {
627 ret = krb5_enomem(context);
628 goto out;
629 }
630 ret = krb5_kt_store_principal(context, emem, entry->principal);
631 if(ret) {
632 krb5_set_error_message(context, ret,
633 N_("Failed storing principal "
634 "in keytab %s", ""),
635 d->filename);
636 krb5_storage_free(emem);
637 goto out;
638 }
639 ret = krb5_store_int32 (emem, entry->timestamp);
640 if(ret) {
641 krb5_set_error_message(context, ret,
642 N_("Failed storing timpstamp "
643 "in keytab %s", ""),
644 d->filename);
645 krb5_storage_free(emem);
646 goto out;
647 }
648 ret = krb5_store_int8 (emem, entry->vno % 256);
649 if(ret) {
650 krb5_set_error_message(context, ret,
651 N_("Failed storing kvno "
652 "in keytab %s", ""),
653 d->filename);
654 krb5_storage_free(emem);
655 goto out;
656 }
657 ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock);
658 if(ret) {
659 krb5_storage_free(emem);
660 goto out;
661 }
662 if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
663 ret = krb5_store_int32 (emem, entry->vno);
664 if (ret) {
665 krb5_set_error_message(context, ret,
666 N_("Failed storing extended kvno "
667 "in keytab %s", ""),
668 d->filename);
669 krb5_storage_free(emem);
670 goto out;
671 }
672 ret = krb5_store_uint32 (emem, entry->flags);
673 if (ret) {
674 krb5_set_error_message(context, ret,
675 N_("Failed storing extended kvno "
676 "in keytab %s", ""),
677 d->filename);
678 krb5_storage_free(emem);
679 goto out;
680 }
681 }
682
683 ret = krb5_storage_to_data(emem, &keytab);
684 krb5_storage_free(emem);
685 if(ret) {
686 krb5_set_error_message(context, ret,
687 N_("Failed converting keytab entry "
688 "to memory block for keytab %s", ""),
689 d->filename);
690 goto out;
691 }
692 }
693
694 while(1) {
695 off_t here;
696
697 here = krb5_storage_seek(sp, 0, SEEK_CUR);
698 if (here == -1) {
699 ret = errno;
700 krb5_set_error_message(context, ret,
701 N_("Failed writing keytab block "
702 "in keytab %s: %s", ""),
703 d->filename, strerror(ret));
704 goto out;
705 }
706 ret = krb5_ret_int32(sp, &len);
707 if (ret) {
708 /* There could have been a partial length. Recover! */
709 (void) krb5_storage_truncate(sp, here);
710 len = keytab.length;
711 break;
712 }
713 if(len < 0) {
714 len = -len;
715 if(len >= (int)keytab.length) {
716 krb5_storage_seek(sp, -4, SEEK_CUR);
717 break;
718 }
719 }
720 krb5_storage_seek(sp, len, SEEK_CUR);
721 }
722 ret = krb5_store_int32(sp, len);
723 if (ret != 0)
724 goto out;
725 bytes = krb5_storage_write(sp, keytab.data, keytab.length);
726 if (bytes != keytab.length) {
727 ret = bytes == -1 ? errno : KRB5_KT_END;
728 krb5_set_error_message(context, ret,
729 N_("Failed writing keytab block "
730 "in keytab %s: %s", ""),
731 d->filename, strerror(ret));
732 }
733 memset(keytab.data, 0, keytab.length);
734 krb5_data_free(&keytab);
735 out:
736 if (ret == 0)
737 ret = krb5_storage_fsync(sp);
738 krb5_storage_free(sp);
739 close(fd);
740 return ret;
741 }
742
743 static krb5_error_code KRB5_CALLCONV
744 fkt_remove_entry(krb5_context context,
745 krb5_keytab id,
746 krb5_keytab_entry *entry)
747 {
748 struct fkt_data *fkt = id->data;
749 krb5_ssize_t bytes;
750 krb5_keytab_entry e;
751 krb5_kt_cursor cursor;
752 off_t pos_start, pos_end;
753 int found = 0;
754 krb5_error_code ret;
755
756 ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor);
757 if (ret != 0) {
758 const char *emsg = krb5_get_error_message(context, ret);
759
760 krb5_set_error_message(context, ret,
761 N_("Could not open keytab file for write: %s: %s", ""),
762 fkt->filename,
763 emsg);
764 krb5_free_error_message(context, emsg);
765 return ret;
766 }
767 while (ret == 0 &&
768 (ret = fkt_next_entry_int(context, id, &e, &cursor,
769 &pos_start, &pos_end)) == 0) {
770 if (krb5_kt_compare(context, &e, entry->principal,
771 entry->vno, entry->keyblock.keytype)) {
772 int32_t len;
773 unsigned char buf[128];
774 found = 1;
775 krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
776 len = pos_end - pos_start - 4;
777 ret = krb5_store_int32(cursor.sp, -len);
778 memset(buf, 0, sizeof(buf));
779 while (ret == 0 && len > 0) {
780 bytes = krb5_storage_write(cursor.sp, buf,
781 min((size_t)len, sizeof(buf)));
782 if (bytes != min((size_t)len, sizeof(buf))) {
783 ret = bytes == -1 ? errno : KRB5_KT_END;
784 break;
785 }
786 len -= min((size_t)len, sizeof(buf));
787 }
788 }
789 krb5_kt_free_entry(context, &e);
790 }
791 (void) krb5_kt_end_seq_get(context, id, &cursor);
792 if (ret == KRB5_KT_END)
793 ret = 0;
794 if (ret) {
795 const char *emsg = krb5_get_error_message(context, ret);
796
797 krb5_set_error_message(context, ret,
798 N_("Could not remove keytab entry from %s: %s", ""),
799 fkt->filename,
800 krb5_get_error_message(context, ret));
801 krb5_free_error_message(context, emsg);
802 } else if (!found) {
803 krb5_clear_error_message(context);
804 return KRB5_KT_NOTFOUND;
805 }
806 return ret;
807 }
808
809 const krb5_kt_ops krb5_fkt_ops = {
810 "FILE",
811 fkt_resolve,
812 fkt_get_name,
813 fkt_close,
814 fkt_destroy,
815 NULL, /* get */
816 fkt_start_seq_get,
817 fkt_next_entry,
818 fkt_end_seq_get,
819 fkt_add_entry,
820 fkt_remove_entry,
821 NULL,
822 0
823 };
824
825 const krb5_kt_ops krb5_wrfkt_ops = {
826 "WRFILE",
827 fkt_resolve,
828 fkt_get_name,
829 fkt_close,
830 fkt_destroy,
831 NULL, /* get */
832 fkt_start_seq_get,
833 fkt_next_entry,
834 fkt_end_seq_get,
835 fkt_add_entry,
836 fkt_remove_entry,
837 NULL,
838 0
839 };
840
841 const krb5_kt_ops krb5_javakt_ops = {
842 "JAVA14",
843 fkt_resolve_java14,
844 fkt_get_name,
845 fkt_close,
846 fkt_destroy,
847 NULL, /* get */
848 fkt_start_seq_get,
849 fkt_next_entry,
850 fkt_end_seq_get,
851 fkt_add_entry,
852 fkt_remove_entry,
853 NULL,
854 0
855 };
Samba GIT mirror