search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hdb: hdb_ldap_common NULL dereference
[heimdal.git] / lib / hdb / hdb-mitdb.c
blob3eefc62bc08f499852a41e8c9724b3396212c924
1 /*
2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
37 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
38 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
39 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
40 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
41 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
42 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
43 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
44 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
45 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
46 #define KRB5_KDB_DISALLOW_SVR 0x00001000
47 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
48 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000
49 #define KRB5_KDB_NEW_PRINC 0x00008000
50
51 /*
52
53 key: krb5_unparse_name + NUL
54
55 16: baselength
56 32: attributes
57 32: max time
58 32: max renewable time
59 32: client expire
60 32: passwd expire
61 32: last successful passwd
62 32: last failed attempt
63 32: num of failed attempts
64 16: num tl data
65 16: num data data
66 16: principal length
67 length: principal
68 for num tl data times
69 16: tl data type
70 16: tl data length
71 length: length
72 for num key data times
73 16: version (num keyblocks)
74 16: kvno
75 for version times:
76 16: type
77 16: length
78 length: keydata
79
80
81 key_data_contents[0]
82
83 int16: length
84 read-of-data: key-encrypted, key-usage 0, master-key
85
86 salt:
87 version2 = salt in key_data->key_data_contents[1]
88 else default salt.
89
90 */
91
92 #include "hdb_locl.h"
93
94 static void
95 attr_to_flags(unsigned attr, HDBFlags *flags)
96 {
97 flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
98 flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
99 flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
100 flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
101 flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
102 /* DUP_SKEY */
103 flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
104 flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
105 flags->require_hwauth = !!(attr & KRB5_KDB_REQUIRES_HW_AUTH);
106 flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
107 flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
108 flags->client = 1; /* XXX */
109 }
110
111 #define KDB_V1_BASE_LENGTH 38
112
113 #define CHECK(x) do { if ((x)) goto out; } while(0)
114
115 #ifdef HAVE_DB1
116 static krb5_error_code
117 mdb_principal2key(krb5_context context,
118 krb5_const_principal principal,
119 krb5_data *key)
120 {
121 krb5_error_code ret;
122 char *str;
123
124 ret = krb5_unparse_name(context, principal, &str);
125 if (ret)
126 return ret;
127 key->data = str;
128 key->length = strlen(str) + 1;
129 return 0;
130 }
131 #endif /* HAVE_DB1 */
132
133 #define KRB5_KDB_SALTTYPE_NORMAL 0
134 #define KRB5_KDB_SALTTYPE_V4 1
135 #define KRB5_KDB_SALTTYPE_NOREALM 2
136 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
137 #define KRB5_KDB_SALTTYPE_SPECIAL 4
138 #define KRB5_KDB_SALTTYPE_AFS3 5
139 #define KRB5_KDB_SALTTYPE_CERTHASH 6
140
141 static krb5_error_code
142 fix_salt(krb5_context context, hdb_entry *ent, Key *k)
143 {
144 krb5_error_code ret;
145 Salt *salt = k->salt;
146 /* fix salt type */
147 switch((int)salt->type) {
148 case KRB5_KDB_SALTTYPE_NORMAL:
149 salt->type = KRB5_PADATA_PW_SALT;
150 break;
151 case KRB5_KDB_SALTTYPE_V4:
152 krb5_data_free(&salt->salt);
153 salt->type = KRB5_PADATA_PW_SALT;
154 break;
155 case KRB5_KDB_SALTTYPE_NOREALM:
156 {
157 size_t len;
158 size_t i;
159 char *p;
160
161 len = 0;
162 for (i = 0; i < ent->principal->name.name_string.len; ++i)
163 len += strlen(ent->principal->name.name_string.val[i]);
164 ret = krb5_data_alloc (&salt->salt, len);
165 if (ret)
166 return ret;
167 p = salt->salt.data;
168 for (i = 0; i < ent->principal->name.name_string.len; ++i) {
169 memcpy (p,
170 ent->principal->name.name_string.val[i],
171 strlen(ent->principal->name.name_string.val[i]));
172 p += strlen(ent->principal->name.name_string.val[i]);
173 }
174
175 salt->type = KRB5_PADATA_PW_SALT;
176 break;
177 }
178 case KRB5_KDB_SALTTYPE_ONLYREALM:
179 krb5_data_free(&salt->salt);
180 ret = krb5_data_copy(&salt->salt,
181 ent->principal->realm,
182 strlen(ent->principal->realm));
183 if(ret)
184 return ret;
185 salt->type = KRB5_PADATA_PW_SALT;
186 break;
187 case KRB5_KDB_SALTTYPE_SPECIAL:
188 salt->type = KRB5_PADATA_PW_SALT;
189 break;
190 case KRB5_KDB_SALTTYPE_AFS3:
191 krb5_data_free(&salt->salt);
192 ret = krb5_data_copy(&salt->salt,
193 ent->principal->realm,
194 strlen(ent->principal->realm));
195 if(ret)
196 return ret;
197 salt->type = KRB5_PADATA_AFS3_SALT;
198 break;
199 case KRB5_KDB_SALTTYPE_CERTHASH:
200 krb5_data_free(&salt->salt);
201 free(k->salt);
202 k->salt = NULL;
203 break;
204 default:
205 abort();
206 }
207 return 0;
208 }
209
210
211 /**
212 * This function takes a key from a krb5_storage from an MIT KDB encoded
213 * entry and places it in the given Key object.
214 *
215 * @param context Context
216 * @param entry HDB entry
217 * @param sp krb5_storage with current offset set to the beginning of a
218 * key
219 * @param version See comments in caller body for the backstory on this
220 * @param k Key * to load the key into
221 */
222 static krb5_error_code
223 mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint16_t version, Key *k)
224 {
225 size_t i;
226 uint16_t u16, type;
227 krb5_error_code ret;
228
229 k->mkvno = malloc(sizeof(*k->mkvno));
230 if (k->mkvno == NULL) {
231 ret = ENOMEM;
232 goto out;
233 }
234 *k->mkvno = 1;
235
236 for (i = 0; i < version; i++) {
237 CHECK(ret = krb5_ret_uint16(sp, &type));
238 CHECK(ret = krb5_ret_uint16(sp, &u16));
239 if (i == 0) {
240 /* This "version" means we have a key */
241 k->key.keytype = type;
242 /*
243 * MIT stores keys encrypted keys as {16-bit length
244 * of plaintext key, {encrypted key}}. The reason
245 * for this is that the Kerberos cryptosystem is not
246 * length-preserving. Heimdal's approach is to
247 * truncate the plaintext to the expected length of
248 * the key given its enctype, so we ignore this
249 * 16-bit length-of-plaintext-key field.
250 */
251 if (u16 > 2) {
252 krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */
253 k->key.keyvalue.length = u16 - 2; /* adjust cipher len */
254 k->key.keyvalue.data = malloc(k->key.keyvalue.length);
255 krb5_storage_read(sp, k->key.keyvalue.data,
256 k->key.keyvalue.length);
257 } else {
258 /* We'll ignore this key; see our caller */
259 k->key.keyvalue.length = 0;
260 k->key.keyvalue.data = NULL;
261 krb5_storage_seek(sp, u16, SEEK_CUR); /* skip real length */
262 }
263 } else if (i == 1) {
264 /* This "version" means we have a salt */
265 k->salt = calloc(1, sizeof(*k->salt));
266 if (k->salt == NULL) {
267 ret = ENOMEM;
268 goto out;
269 }
270 k->salt->type = type;
271 if (u16 != 0) {
272 k->salt->salt.data = malloc(u16);
273 if (k->salt->salt.data == NULL) {
274 ret = ENOMEM;
275 goto out;
276 }
277 k->salt->salt.length = u16;
278 krb5_storage_read(sp, k->salt->salt.data, k->salt->salt.length);
279 }
280 fix_salt(context, entry, k);
281 } else {
282 /*
283 * Whatever this "version" might be, we skip it
284 *
285 * XXX A krb5.conf parameter requesting that we log
286 * about strangeness like this, or return an error
287 * from here, might be nice.
288 */
289 krb5_storage_seek(sp, u16, SEEK_CUR);
290 }
291 }
292
293 return 0;
294
295 out:
296 free_Key(k);
297 return ret;
298 }
299
300
301 static krb5_error_code
302 add_1des_dup(krb5_context context, Keys *keys, Key *key, krb5_keytype keytype)
303 {
304 key->key.keytype = keytype;
305 return add_Keys(keys, key);
306 }
307
308 /*
309 * This monstrosity is here so we can avoid having to do enctype
310 * similarity checking in the KDC. This helper function dups 1DES keys
311 * in a keyset for all the similar 1DES enctypes for which keys are
312 * missing. And, of course, we do this only if there's any 1DES keys in
313 * the keyset to begin with.
314 */
315 static krb5_error_code
316 dup_similar_keys_in_keyset(krb5_context context, Keys *keys)
317 {
318 krb5_error_code ret;
319 size_t i, k;
320 Key key;
321 int keyset_has_1des_crc = 0;
322 int keyset_has_1des_md4 = 0;
323 int keyset_has_1des_md5 = 0;
324
325 memset(&key, 0, sizeof (key));
326 k = keys->len;
327 for (i = 0; i < keys->len; i++) {
328 if (keys->val[i].key.keytype == ETYPE_DES_CBC_CRC) {
329 keyset_has_1des_crc = 1;
330 if (k == keys->len)
331 k = i;
332 } else if (keys->val[i].key.keytype == ETYPE_DES_CBC_MD4) {
333 keyset_has_1des_crc = 1;
334 if (k == keys->len)
335 k = i;
336 } else if (keys->val[i].key.keytype == ETYPE_DES_CBC_MD5) {
337 keyset_has_1des_crc = 1;
338 if (k == keys->len)
339 k = i;
340 }
341 }
342 if (k == keys->len)
343 return 0;
344
345 ret = copy_Key(&keys->val[k], &key);
346 if (ret)
347 return ret;
348 if (!keyset_has_1des_crc) {
349 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_CRC);
350 if (ret)
351 goto out;
352 }
353 if (!keyset_has_1des_md4) {
354 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_MD4);
355 if (ret)
356 goto out;
357 }
358 if (!keyset_has_1des_md5) {
359 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_MD5);
360 if (ret)
361 goto out;
362 }
363
364 out:
365 free_Key(&key);
366 return ret;
367 }
368
369
370 static krb5_error_code
371 dup_similar_keys(krb5_context context, hdb_entry *entry)
372 {
373 krb5_error_code ret;
374 HDB_Ext_KeySet *hist_keys;
375 HDB_extension *extp;
376 size_t i;
377
378 ret = dup_similar_keys_in_keyset(context, &entry->keys);
379 if (ret)
380 return ret;
381 extp = hdb_find_extension(entry, choice_HDB_extension_data_hist_keys);
382 if (extp == NULL)
383 return 0;
384
385 hist_keys = &extp->data.u.hist_keys;
386 for (i = 0; i < hist_keys->len; i++) {
387 ret = dup_similar_keys_in_keyset(context, &hist_keys->val[i].keys);
388 if (ret)
389 return ret;
390 }
391 return 0;
392 }
393
394
395 /**
396 * This function parses an MIT krb5 encoded KDB entry and fills in the
397 * given HDB entry with it.
398 *
399 * @param context krb5_context
400 * @param data Encoded MIT KDB entry
401 * @param target_kvno Desired kvno, or 0 for the entry's current kvno
402 * @param entry Desired kvno, or 0 for the entry's current kvno
403 */
404 krb5_error_code
405 _hdb_mdb_value2entry(krb5_context context, krb5_data *data,
406 krb5_kvno target_kvno, hdb_entry *entry)
407 {
408 krb5_error_code ret;
409 krb5_storage *sp;
410 Key k;
411 krb5_kvno key_kvno;
412 uint32_t u32;
413 uint16_t u16, num_keys, num_tl;
414 ssize_t sz;
415 size_t i;
416 char *p;
417
418 memset(&k, 0, sizeof (k));
419 memset(entry, 0, sizeof(*entry));
420
421 sp = krb5_storage_from_data(data);
422 if (sp == NULL) {
423 krb5_set_error_message(context, ENOMEM, "out of memory");
424 return ENOMEM;
425 }
426
427 krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
428
429 /*
430 * 16: baselength
431 *
432 * The story here is that these 16 bits have to be a constant:
433 * KDB_V1_BASE_LENGTH. Once upon a time a different value here
434 * would have been used to indicate the presence of "extra data"
435 * between the "base" contents and the {principal name, TL data,
436 * keys} that follow it. Nothing supports such "extra data"
437 * nowadays, so neither do we here.
438 *
439 * XXX But... surely we ought to log about this extra data, or skip
440 * it, or something, in case anyone has MIT KDBs with ancient
441 * entries in them... Logging would allow the admin to know which
442 * entries to dump with MIT krb5's kdb5_util. But logging would be
443 * noisy. For now we do nothing.
444 */
445 CHECK(ret = krb5_ret_uint16(sp, &u16));
446 if (u16 != KDB_V1_BASE_LENGTH) { ret = EINVAL; goto out; }
447 /* 32: attributes */
448 CHECK(ret = krb5_ret_uint32(sp, &u32));
449 attr_to_flags(u32, &entry->flags);
450
451 /* 32: max time */
452 CHECK(ret = krb5_ret_uint32(sp, &u32));
453 if (u32) {
454 entry->max_life = malloc(sizeof(*entry->max_life));
455 *entry->max_life = u32;
456 }
457 /* 32: max renewable time */
458 CHECK(ret = krb5_ret_uint32(sp, &u32));
459 if (u32) {
460 entry->max_renew = malloc(sizeof(*entry->max_renew));
461 *entry->max_renew = u32;
462 }
463 /* 32: client expire */
464 CHECK(ret = krb5_ret_uint32(sp, &u32));
465 if (u32) {
466 entry->valid_end = malloc(sizeof(*entry->valid_end));
467 *entry->valid_end = u32;
468 }
469 /* 32: passwd expire */
470 CHECK(ret = krb5_ret_uint32(sp, &u32));
471 if (u32) {
472 entry->pw_end = malloc(sizeof(*entry->pw_end));
473 *entry->pw_end = u32;
474 }
475 /* 32: last successful passwd */
476 CHECK(ret = krb5_ret_uint32(sp, &u32));
477 /* 32: last failed attempt */
478 CHECK(ret = krb5_ret_uint32(sp, &u32));
479 /* 32: num of failed attempts */
480 CHECK(ret = krb5_ret_uint32(sp, &u32));
481 /* 16: num tl data */
482 CHECK(ret = krb5_ret_uint16(sp, &u16));
483 num_tl = u16;
484 /* 16: num key data */
485 CHECK(ret = krb5_ret_uint16(sp, &u16));
486 num_keys = u16;
487 /* 16: principal length */
488 CHECK(ret = krb5_ret_uint16(sp, &u16));
489 /* length: principal */
490 {
491 /*
492 * Note that the principal name includes the NUL in the entry,
493 * but we don't want to take chances, so we add an extra NUL.
494 */
495 p = malloc(u16 + 1);
496 if (p == NULL) {
497 ret = ENOMEM;
498 goto out;
499 }
500 sz = krb5_storage_read(sp, p, u16);
501 if (sz != u16) {
502 ret = EINVAL; /* XXX */
503 goto out;
504 }
505 p[u16] = '\0';
506 CHECK(ret = krb5_parse_name(context, p, &entry->principal));
507 free(p);
508 }
509 /* for num tl data times
510 16: tl data type
511 16: tl data length
512 length: length */
513 #define mit_KRB5_TL_LAST_PWD_CHANGE 1
514 #define mit_KRB5_TL_MOD_PRINC 2
515 for (i = 0; i < num_tl; i++) {
516 int tl_type;
517 krb5_principal modby;
518 /* 16: TL data type */
519 CHECK(ret = krb5_ret_uint16(sp, &u16));
520 tl_type = u16;
521 /* 16: TL data length */
522 CHECK(ret = krb5_ret_uint16(sp, &u16));
523 /*
524 * For rollback to MIT purposes we really must understand some
525 * TL data!
526 *
527 * XXX Move all this to separate functions, one per-TL type.
528 */
529 switch (tl_type) {
530 case mit_KRB5_TL_LAST_PWD_CHANGE:
531 CHECK(ret = krb5_ret_uint32(sp, &u32));
532 CHECK(ret = hdb_entry_set_pw_change_time(context, entry, u32));
533 break;
534 case mit_KRB5_TL_MOD_PRINC:
535 if (u16 < 5) {
536 ret = EINVAL; /* XXX */
537 goto out;
538 }
539 CHECK(ret = krb5_ret_uint32(sp, &u32)); /* mod time */
540 p = malloc(u16 - 4 + 1);
541 if (!p) {
542 ret = ENOMEM;
543 goto out;
544 }
545 p[u16 - 4] = '\0';
546 sz = krb5_storage_read(sp, p, u16 - 4);
547 if (sz != u16 - 4) {
548 ret = EINVAL; /* XXX */
549 goto out;
550 }
551 CHECK(ret = krb5_parse_name(context, p, &modby));
552 ret = hdb_set_last_modified_by(context, entry, modby, u32);
553 krb5_free_principal(context, modby);
554 free(p);
555 break;
556 default:
557 krb5_storage_seek(sp, u16, SEEK_CUR);
558 break;
559 }
560 }
561 /*
562 * for num key data times
563 * 16: "version"
564 * 16: kvno
565 * for version times:
566 * 16: type
567 * 16: length
568 * length: keydata
569 *
570 * "version" here is really 1 or 2, the first meaning there's only
571 * keys for this kvno, the second meaning there's keys and salt[s?].
572 * That's right... hold that gag reflex, you can do it.
573 */
574 for (i = 0; i < num_keys; i++) {
575 uint16_t version;
576
577 CHECK(ret = krb5_ret_uint16(sp, &u16));
578 version = u16;
579 CHECK(ret = krb5_ret_uint16(sp, &u16));
580 key_kvno = u16;
581
582 ret = mdb_keyvalue2key(context, entry, sp, version, &k);
583 if (ret)
584 goto out;
585 if (k.key.keytype == 0 || k.key.keyvalue.length == 0) {
586 /*
587 * Older MIT KDBs may have enctype 0 / length 0 keys. We
588 * ignore these.
589 */
590 free_Key(&k);
591 continue;
592 }
593
594 if ((target_kvno == 0 && entry->kvno < key_kvno) ||
595 (target_kvno == key_kvno && entry->kvno != target_kvno)) {
596 /*
597 * MIT's KDB doesn't keep track of kvno. The highest kvno
598 * is the current kvno, and we just found a new highest
599 * kvno or the desired kvno.
600 *
601 * Note that there's no guarantee of any key ordering, but
602 * generally MIT KDB entries have keys in strictly
603 * descending kvno order.
604 *
605 * XXX We do assume that keys are clustered by kvno. If
606 * not, then bad. It might be possible to construct
607 * non-clustered keys via the kadm5 API. It wouldn't be
608 * hard to cope with this, since if it happens the worst
609 * that will happen is that some of the current keys can be
610 * found in the history extension, and we could just pull
611 * them back out in that case.
612 */
613 ret = hdb_add_current_keys_to_history(context, entry);
614 if (ret)
615 goto out;
616 free_Keys(&entry->keys);
617 ret = add_Keys(&entry->keys, &k);
618 free_Key(&k);
619 if (ret)
620 goto out;
621 entry->kvno = key_kvno;
622 continue;
623 }
624
625 if (entry->kvno == key_kvno) {
626 /*
627 * Note that if key_kvno == 0 and target_kvno == 0 then we
628 * end up adding those keys here. Yeah, kvno 0 is very
629 * special for us, but just in case, we keep such keys.
630 */
631 ret = add_Keys(&entry->keys, &k);
632 free_Key(&k);
633 if (ret)
634 goto out;
635 entry->kvno = key_kvno;
636 } else {
637 ret = hdb_add_history_key(context, entry, key_kvno, &k);
638 if (ret)
639 goto out;
640 free_Key(&k);
641 }
642 }
643
644 if (target_kvno != 0 && entry->kvno != target_kvno) {
645 ret = HDB_ERR_KVNO_NOT_FOUND;
646 goto out;
647 }
648
649 krb5_storage_free(sp);
650
651 return dup_similar_keys(context, entry);
652
653 out:
654 krb5_storage_free(sp);
655
656 if (ret == HEIM_ERR_EOF)
657 /* Better error code than "end of file" */
658 ret = HEIM_ERR_BAD_HDBENT_ENCODING;
659 free_hdb_entry(entry);
660 free_Key(&k);
661 return ret;
662 }
663
664 #if 0
665 static krb5_error_code
666 mdb_entry2value(krb5_context context, hdb_entry *entry, krb5_data *data)
667 {
668 return EINVAL;
669 }
670 #endif
671
672 #if HAVE_DB1
673
674 #if defined(HAVE_DB_185_H)
675 #include <db_185.h>
676 #elif defined(HAVE_DB_H)
677 #include <db.h>
678 #endif
679
680
681 static krb5_error_code
682 mdb_close(krb5_context context, HDB *db)
683 {
684 DB *d = (DB*)db->hdb_db;
685 (*d->close)(d);
686 return 0;
687 }
688
689 static krb5_error_code
690 mdb_destroy(krb5_context context, HDB *db)
691 {
692 krb5_error_code ret;
693
694 ret = hdb_clear_master_key (context, db);
695 free(db->hdb_name);
696 free(db);
697 return ret;
698 }
699
700 static krb5_error_code
701 mdb_lock(krb5_context context, HDB *db, int operation)
702 {
703 DB *d = (DB*)db->hdb_db;
704 int fd = (*d->fd)(d);
705 krb5_error_code ret;
706
707 if (db->lock_count > 1) {
708 db->lock_count++;
709 if (db->lock_type == HDB_WLOCK || db->lock_count == operation)
710 return 0;
711 }
712
713 if(fd < 0) {
714 krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
715 "Can't lock database: %s", db->hdb_name);
716 return HDB_ERR_CANT_LOCK_DB;
717 }
718 ret = hdb_lock(fd, operation);
719 if (ret)
720 return ret;
721 db->lock_count++;
722 return 0;
723 }
724
725 static krb5_error_code
726 mdb_unlock(krb5_context context, HDB *db)
727 {
728 DB *d = (DB*)db->hdb_db;
729 int fd = (*d->fd)(d);
730
731 if (db->lock_count > 1) {
732 db->lock_count--;
733 return 0;
734 }
735 heim_assert(db->lock_count == 1, "HDB lock/unlock sequence does not match");
736 db->lock_count--;
737
738 if(fd < 0) {
739 krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
740 "Can't unlock database: %s", db->hdb_name);
741 return HDB_ERR_CANT_LOCK_DB;
742 }
743 return hdb_unlock(fd);
744 }
745
746
747 static krb5_error_code
748 mdb_seq(krb5_context context, HDB *db,
749 unsigned flags, hdb_entry_ex *entry, int flag)
750 {
751 DB *d = (DB*)db->hdb_db;
752 DBT key, value;
753 krb5_data key_data, data;
754 int code;
755
756 code = db->hdb_lock(context, db, HDB_RLOCK);
757 if(code == -1) {
758 krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name);
759 return HDB_ERR_DB_INUSE;
760 }
761 code = (*d->seq)(d, &key, &value, flag);
762 db->hdb_unlock(context, db); /* XXX check value */
763 if(code == -1) {
764 code = errno;
765 krb5_set_error_message(context, code, "Database %s seq error: %s",
766 db->hdb_name, strerror(code));
767 return code;
768 }
769 if(code == 1) {
770 krb5_clear_error_message(context);
771 return HDB_ERR_NOENTRY;
772 }
773
774 key_data.data = key.data;
775 key_data.length = key.size;
776 data.data = value.data;
777 data.length = value.size;
778 memset(entry, 0, sizeof(*entry));
779
780 if (_hdb_mdb_value2entry(context, &data, 0, &entry->entry))
781 return mdb_seq(context, db, flags, entry, R_NEXT);
782
783 if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
784 code = hdb_unseal_keys (context, db, &entry->entry);
785 if (code)
786 hdb_free_entry (context, entry);
787 }
788
789 return code;
790 }
791
792
793 static krb5_error_code
794 mdb_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
795 {
796 return mdb_seq(context, db, flags, entry, R_FIRST);
797 }
798
799
800 static krb5_error_code
801 mdb_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
802 {
803 return mdb_seq(context, db, flags, entry, R_NEXT);
804 }
805
806 static krb5_error_code
807 mdb_rename(krb5_context context, HDB *db, const char *new_name)
808 {
809 int ret;
810 char *old = NULL;
811 char *new = NULL;
812
813 if (asprintf(&old, "%s.db", db->hdb_name) < 0)
814 goto out;
815 if (asprintf(&new, "%s.db", new_name) < 0)
816 goto out;
817 ret = rename(old, new);
818 if(ret)
819 goto out;
820
821 free(db->hdb_name);
822 db->hdb_name = strdup(new_name);
823 errno = 0;
824
825 out:
826 free(old);
827 free(new);
828 return errno;
829 }
830
831 static krb5_error_code
832 mdb__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
833 {
834 DB *d = (DB*)db->hdb_db;
835 DBT k, v;
836 int code;
837
838 k.data = key.data;
839 k.size = key.length;
840 code = db->hdb_lock(context, db, HDB_RLOCK);
841 if(code)
842 return code;
843 code = (*d->get)(d, &k, &v, 0);
844 db->hdb_unlock(context, db);
845 if(code < 0) {
846 code = errno;
847 krb5_set_error_message(context, code, "Database %s get error: %s",
848 db->hdb_name, strerror(code));
849 return code;
850 }
851 if(code == 1) {
852 krb5_clear_error_message(context);
853 return HDB_ERR_NOENTRY;
854 }
855
856 krb5_data_copy(reply, v.data, v.size);
857 return 0;
858 }
859
860 static krb5_error_code
861 mdb__put(krb5_context context, HDB *db, int replace,
862 krb5_data key, krb5_data value)
863 {
864 DB *d = (DB*)db->hdb_db;
865 DBT k, v;
866 int code;
867
868 k.data = key.data;
869 k.size = key.length;
870 v.data = value.data;
871 v.size = value.length;
872 code = db->hdb_lock(context, db, HDB_WLOCK);
873 if(code)
874 return code;
875 code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
876 db->hdb_unlock(context, db);
877 if(code < 0) {
878 code = errno;
879 krb5_set_error_message(context, code, "Database %s put error: %s",
880 db->hdb_name, strerror(code));
881 return code;
882 }
883 if(code == 1) {
884 krb5_clear_error_message(context);
885 return HDB_ERR_EXISTS;
886 }
887 return 0;
888 }
889
890 static krb5_error_code
891 mdb__del(krb5_context context, HDB *db, krb5_data key)
892 {
893 DB *d = (DB*)db->hdb_db;
894 DBT k;
895 krb5_error_code code;
896 k.data = key.data;
897 k.size = key.length;
898 code = db->hdb_lock(context, db, HDB_WLOCK);
899 if(code)
900 return code;
901 code = (*d->del)(d, &k, 0);
902 db->hdb_unlock(context, db);
903 if(code == 1) {
904 code = errno;
905 krb5_set_error_message(context, code, "Database %s put error: %s",
906 db->hdb_name, strerror(code));
907 return code;
908 }
909 if(code < 0)
910 return errno;
911 return 0;
912 }
913
914 static krb5_error_code
915 mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
916 unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry)
917 {
918 krb5_data key, value;
919 krb5_error_code ret;
920
921 ret = mdb_principal2key(context, principal, &key);
922 if (ret)
923 return ret;
924 ret = db->hdb__get(context, db, key, &value);
925 krb5_data_free(&key);
926 if(ret)
927 return ret;
928 ret = _hdb_mdb_value2entry(context, &value, kvno, &entry->entry);
929 krb5_data_free(&value);
930 if (ret)
931 return ret;
932
933 if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
934 ret = hdb_unseal_keys (context, db, &entry->entry);
935 if (ret) {
936 hdb_free_entry(context, entry);
937 return ret;
938 }
939 }
940
941 return 0;
942 }
943
944 static krb5_error_code
945 mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
946 {
947 krb5_error_code ret;
948 krb5_storage *sp = NULL;
949 krb5_storage *spent = NULL;
950 krb5_data line = { 0, 0 };
951 krb5_data kdb_ent = { 0, 0 };
952 krb5_data key = { 0, 0 };
953 krb5_data value = { 0, 0 };
954 ssize_t sz;
955
956 if ((flags & HDB_F_PRECHECK) && (flags & HDB_F_REPLACE))
957 return 0;
958
959 if ((flags & HDB_F_PRECHECK)) {
960 ret = mdb_principal2key(context, entry->entry.principal, &key);
961 if (ret) return ret;
962 ret = db->hdb__get(context, db, key, &value);
963 krb5_data_free(&key);
964 if (ret == 0)
965 krb5_data_free(&value);
966 if (ret == HDB_ERR_NOENTRY)
967 return 0;
968 return ret ? ret : HDB_ERR_EXISTS;
969 }
970
971 sp = krb5_storage_emem();
972 if (!sp) return ENOMEM;
973 ret = _hdb_set_master_key_usage(context, db, 0); /* MIT KDB uses KU 0 */
974 ret = hdb_seal_keys(context, db, &entry->entry);
975 if (ret) return ret;
976 ret = entry2mit_string_int(context, sp, &entry->entry);
977 if (ret) goto out;
978 sz = krb5_storage_write(sp, "\n", 2); /* NUL-terminate */
979 ret = ENOMEM;
980 if (sz == -1) goto out;
981 ret = krb5_storage_to_data(sp, &line);
982 if (ret) goto out;
983
984 ret = ENOMEM;
985 spent = krb5_storage_emem();
986 if (!spent) goto out;
987 ret = _hdb_mit_dump2mitdb_entry(context, line.data, spent);
988 if (ret) goto out;
989 ret = krb5_storage_to_data(spent, &kdb_ent);
990 if (ret) goto out;
991 ret = mdb_principal2key(context, entry->entry.principal, &key);
992 if (ret) goto out;
993 ret = mdb__put(context, db, 1, key, kdb_ent);
994
995 out:
996 if (sp)
997 krb5_storage_free(sp);
998 if (spent)
999 krb5_storage_free(spent);
1000 krb5_data_free(&line);
1001 krb5_data_free(&kdb_ent);
1002 krb5_data_free(&key);
1003
1004 return ret;
1005 }
1006
1007 static krb5_error_code
1008 mdb_remove(krb5_context context, HDB *db,
1009 unsigned flags, krb5_const_principal principal)
1010 {
1011 krb5_error_code code;
1012 krb5_data key;
1013 krb5_data value = { 0, 0 };
1014
1015 if ((flags & HDB_F_PRECHECK)) {
1016 code = db->hdb__get(context, db, key, &value);
1017 krb5_data_free(&key);
1018 if (code == 0) {
1019 krb5_data_free(&value);
1020 return 0;
1021 }
1022 return code;
1023 }
1024
1025 mdb_principal2key(context, principal, &key);
1026 code = db->hdb__del(context, db, key);
1027 krb5_data_free(&key);
1028 return code;
1029 }
1030
1031 static krb5_error_code
1032 mdb_open(krb5_context context, HDB *db, int flags, mode_t mode)
1033 {
1034 char *fn;
1035 char *actual_fn;
1036 krb5_error_code ret;
1037 struct stat st;
1038
1039 if (asprintf(&fn, "%s.db", db->hdb_name) < 0) {
1040 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1041 return ENOMEM;
1042 }
1043
1044 if (stat(fn, &st) == 0)
1045 actual_fn = fn;
1046 else
1047 actual_fn = db->hdb_name;
1048 db->hdb_db = dbopen(actual_fn, flags, mode, DB_BTREE, NULL);
1049 if (db->hdb_db == NULL) {
1050 switch (errno) {
1051 #ifdef EFTYPE
1052 case EFTYPE:
1053 #endif
1054 case EINVAL:
1055 db->hdb_db = dbopen(actual_fn, flags, mode, DB_HASH, NULL);
1056 }
1057 }
1058 free(fn);
1059
1060 if (db->hdb_db == NULL) {
1061 ret = errno;
1062 krb5_set_error_message(context, ret, "dbopen (%s): %s",
1063 db->hdb_name, strerror(ret));
1064 return ret;
1065 }
1066 #if 0
1067 /*
1068 * Don't do this -- MIT won't be able to handle the
1069 * HDB_DB_FORMAT_ENTRY key.
1070 */
1071 if ((flags & O_ACCMODE) != O_RDONLY)
1072 ret = hdb_init_db(context, db);
1073 #endif
1074 ret = hdb_check_db_format(context, db);
1075 if (ret == HDB_ERR_NOENTRY) {
1076 krb5_clear_error_message(context);
1077 return 0;
1078 }
1079 if (ret) {
1080 mdb_close(context, db);
1081 krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
1082 (flags & O_ACCMODE) == O_RDONLY ?
1083 "checking format of" : "initialize",
1084 db->hdb_name);
1085 }
1086 return ret;
1087 }
1088
1089 krb5_error_code
1090 hdb_mitdb_create(krb5_context context, HDB **db,
1091 const char *filename)
1092 {
1093 *db = calloc(1, sizeof(**db));
1094 if (*db == NULL) {
1095 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1096 return ENOMEM;
1097 }
1098
1099 (*db)->hdb_db = NULL;
1100 (*db)->hdb_name = strdup(filename);
1101 if ((*db)->hdb_name == NULL) {
1102 free(*db);
1103 *db = NULL;
1104 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1105 return ENOMEM;
1106 }
1107 (*db)->hdb_master_key_set = 0;
1108 (*db)->hdb_openp = 0;
1109 (*db)->hdb_capability_flags = 0;
1110 (*db)->hdb_open = mdb_open;
1111 (*db)->hdb_close = mdb_close;
1112 (*db)->hdb_fetch_kvno = mdb_fetch_kvno;
1113 (*db)->hdb_store = mdb_store;
1114 (*db)->hdb_remove = mdb_remove;
1115 (*db)->hdb_firstkey = mdb_firstkey;
1116 (*db)->hdb_nextkey= mdb_nextkey;
1117 (*db)->hdb_lock = mdb_lock;
1118 (*db)->hdb_unlock = mdb_unlock;
1119 (*db)->hdb_rename = mdb_rename;
1120 (*db)->hdb__get = mdb__get;
1121 (*db)->hdb__put = mdb__put;
1122 (*db)->hdb__del = mdb__del;
1123 (*db)->hdb_destroy = mdb_destroy;
1124 return 0;
1125 }
1126
1127 #endif /* HAVE_DB1 */
1128
1129 /*
1130 can have any number of princ stanzas.
1131 format is as follows (only \n indicates newlines)
1132 princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
1133 %d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU)
1134 %d\t (number of tl_data)
1135 %d\t (number of key data, e.g. how many keys for this user)
1136 %d\t (extra data length)
1137 %s\t (principal name)
1138 %d\t (attributes)
1139 %d\t (max lifetime, seconds)
1140 %d\t (max renewable life, seconds)
1141 %d\t (expiration, seconds since epoch or 2145830400 for never)
1142 %d\t (password expiration, seconds, 0 for never)
1143 %d\t (last successful auth, seconds since epoch)
1144 %d\t (last failed auth, per above)
1145 %d\t (failed auth count)
1146 foreach tl_data 0 to number of tl_data - 1 as above
1147 %d\t%d\t (data type, data length)
1148 foreach tl_data 0 to length-1
1149 %02x (tl data contents[element n])
1150 except if tl_data length is 0
1151 %d (always -1)
1152 \t
1153 foreach key 0 to number of keys - 1 as above
1154 %d\t%d\t (key data version, kvno)
1155 foreach version 0 to key data version - 1 (a key or a salt)
1156 %d\t%d\t(data type for this key, data length for this key)
1157 foreach key data length 0 to length-1
1158 %02x (key data contents[element n])
1159 except if key_data length is 0
1160 %d (always -1)
1161 \t
1162 foreach extra data length 0 to length - 1
1163 %02x (extra data part)
1164 unless no extra data
1165 %d (always -1)
1166 ;\n
1167
1168 */
1169
1170 #if 0
1171 /* Why ever did we loop? */
1172 static char *
1173 nexttoken(char **p)
1174 {
1175 char *q;
1176 do {
1177 q = strsep(p, " \t");
1178 } while(q && *q == '\0');
1179 return q;
1180 }
1181 #endif
1182
1183 static char *
1184 nexttoken(char **p, size_t len, const char *what)
1185 {
1186 char *q;
1187
1188 if (*p == NULL)
1189 return NULL;
1190
1191 q = *p;
1192 *p += len;
1193 /* Must be followed by a delimiter (right?) */
1194 if (strsep(p, " \t") != q + len) {
1195 warnx("No tokens left in dump entry while looking for %s", what);
1196 return NULL;
1197 }
1198 if (*q == '\0')
1199 warnx("Empty last token in dump entry while looking for %s", what);
1200 return q;
1201 }
1202
1203 static size_t
1204 getdata(char **p, unsigned char *buf, size_t len, const char *what)
1205 {
1206 size_t i;
1207 int v;
1208 char *q = nexttoken(p, 0, what);
1209 if (q == NULL) {
1210 warnx("Failed to find hex-encoded binary data (%s) in dump", what);
1211 return 0;
1212 }
1213 i = 0;
1214 while (*q && i < len) {
1215 if(sscanf(q, "%02x", &v) != 1)
1216 break;
1217 buf[i++] = v;
1218 q += 2;
1219 }
1220 return i;
1221 }
1222
1223 static int
1224 getint(char **p, const char *what)
1225 {
1226 int val;
1227 char *q = nexttoken(p, 0, what);
1228 if (!q) {
1229 warnx("Failed to find a signed integer (%s) in dump", what);
1230 return -1;
1231 }
1232 sscanf(q, "%d", &val);
1233 return val;
1234 }
1235
1236 static unsigned int
1237 getuint(char **p, const char *what)
1238 {
1239 int val;
1240 char *q = nexttoken(p, 0, what);
1241 if (!q) {
1242 warnx("Failed to find an unsigned integer (%s) in dump", what);
1243 return 0;
1244 }
1245 sscanf(q, "%u", &val);
1246 return val;
1247 }
1248
1249 #define KRB5_KDB_SALTTYPE_NORMAL 0
1250 #define KRB5_KDB_SALTTYPE_V4 1
1251 #define KRB5_KDB_SALTTYPE_NOREALM 2
1252 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
1253 #define KRB5_KDB_SALTTYPE_SPECIAL 4
1254 #define KRB5_KDB_SALTTYPE_AFS3 5
1255
1256 #define CHECK_UINT(num) \
1257 if ((num) < 0 || (num) > INT_MAX) return EINVAL
1258 #define CHECK_UINT16(num) \
1259 if ((num) < 0 || (num) > 1<<15) return EINVAL
1260 #define CHECK_NUM(num, maxv) \
1261 if ((num) > (maxv)) return EINVAL
1262
1263 /*
1264 * This utility function converts an MIT dump entry to an MIT on-disk
1265 * encoded entry, which can then be decoded with _hdb_mdb_value2entry().
1266 * This allows us to have a single decoding function (_hdb_mdb_value2entry),
1267 * which makes the code cleaner (less code duplication), if a bit less
1268 * efficient. It also will allow us to have a function to dump an HDB
1269 * entry in MIT format so we can dump HDB into MIT format for rollback
1270 * purposes. And that will allow us to write to MIT KDBs, again
1271 * somewhat inefficiently, also for migration/rollback purposes.
1272 */
1273 int
1274 _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
1275 {
1276 krb5_error_code ret = EINVAL;
1277 char *p = line, *q;
1278 char *princ;
1279 ssize_t sz;
1280 size_t i;
1281 size_t princ_len;
1282 unsigned int num_tl_data;
1283 size_t num_key_data;
1284 unsigned int attributes;
1285 int tmp;
1286
1287 krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
1288
1289 q = nexttoken(&p, 0, "record type (princ or policy)");
1290 if (strcmp(q, "kdb5_util") == 0 || strcmp(q, "policy") == 0 ||
1291 strcmp(q, "princ") != 0) {
1292 warnx("Supposed MIT dump entry does not start with 'kdb5_util', "
1293 "'policy', nor 'princ'");
1294 return -1;
1295 }
1296 if (getint(&p, "constant '38'") != 38) {
1297 warnx("Dump entry does not start with '38<TAB>'");
1298 return EINVAL;
1299 }
1300 #define KDB_V1_BASE_LENGTH 38
1301 ret = krb5_store_int16(sp, KDB_V1_BASE_LENGTH);
1302 if (ret) return ret;
1303
1304 princ_len = getuint(&p, "principal name length");
1305 if (princ_len > (1<<15) - 1) {
1306 warnx("Principal name in dump entry too long (%llu)",
1307 (unsigned long long)princ_len);
1308 return EINVAL;
1309 }
1310 num_tl_data = getuint(&p, "number of TL data");
1311 num_key_data = getuint(&p, "number of key data");
1312 getint(&p, "5th field, length of 'extra data'");
1313 princ = nexttoken(&p, (int)princ_len, "principal name");
1314 if (princ == NULL) {
1315 warnx("Failed to read principal name (expected length %llu)",
1316 (unsigned long long)princ_len);
1317 return -1;
1318 }
1319
1320 attributes = getuint(&p, "attributes");
1321 ret = krb5_store_uint32(sp, attributes);
1322 if (ret) return ret;
1323
1324 tmp = getint(&p, "max life");
1325 CHECK_UINT(tmp);
1326 ret = krb5_store_uint32(sp, tmp);
1327 if (ret) return ret;
1328
1329 tmp = getint(&p, "max renewable life");
1330 CHECK_UINT(tmp);
1331 ret = krb5_store_uint32(sp, tmp);
1332 if (ret) return ret;
1333
1334 tmp = getint(&p, "expiration");
1335 CHECK_UINT(tmp);
1336 ret = krb5_store_uint32(sp, tmp);
1337 if (ret) return ret;
1338
1339 tmp = getint(&p, "pw expiration");
1340 CHECK_UINT(tmp);
1341 ret = krb5_store_uint32(sp, tmp);
1342 if (ret) return ret;
1343
1344 tmp = getint(&p, "last auth");
1345 CHECK_UINT(tmp);
1346 ret = krb5_store_uint32(sp, tmp);
1347 if (ret) return ret;
1348
1349 tmp = getint(&p, "last failed auth");
1350 CHECK_UINT(tmp);
1351 ret = krb5_store_uint32(sp, tmp);
1352 if (ret) return ret;
1353
1354 tmp = getint(&p,"fail auth count");
1355 CHECK_UINT(tmp);
1356 ret = krb5_store_uint32(sp, tmp);
1357 if (ret) return ret;
1358
1359 /* add TL data count */
1360 CHECK_NUM(num_tl_data, 1023);
1361 ret = krb5_store_uint16(sp, num_tl_data);
1362 if (ret) return ret;
1363
1364 /* add key count */
1365 CHECK_NUM(num_key_data, 1023);
1366 ret = krb5_store_uint16(sp, num_key_data);
1367 if (ret) return ret;
1368
1369 /* add principal unparsed name length and unparsed name */
1370 princ_len = strlen(princ);
1371 princ_len++; /* must count and write the NUL in the on-disk encoding */
1372 ret = krb5_store_uint16(sp, princ_len);
1373 if (ret) return ret;
1374 sz = krb5_storage_write(sp, princ, princ_len);
1375 if (sz == -1) return ENOMEM;
1376
1377 /* scan and write TL data */
1378 for (i = 0; i < num_tl_data; i++) {
1379 char *reading_what;
1380 int tl_type, tl_length;
1381 unsigned char *buf;
1382
1383 tl_type = getint(&p, "TL data type");
1384 tl_length = getint(&p, "data length");
1385
1386 if (asprintf(&reading_what, "TL data type %d (length %d)",
1387 tl_type, tl_length) < 0)
1388 return ENOMEM;
1389
1390 /*
1391 * XXX Leaking reading_what, but only on ENOMEM cases anyways,
1392 * so we don't care.
1393 */
1394 CHECK_UINT16(tl_type);
1395 ret = krb5_store_uint16(sp, tl_type);
1396 if (ret) return ret;
1397 CHECK_UINT16(tl_length);
1398 ret = krb5_store_uint16(sp, tl_length);
1399 if (ret) return ret;
1400
1401 if (tl_length) {
1402 buf = malloc(tl_length);
1403 if (!buf) return ENOMEM;
1404 if (getdata(&p, buf, tl_length, reading_what) != tl_length)
1405 return EINVAL;
1406 sz = krb5_storage_write(sp, buf, tl_length);
1407 free(buf);
1408 if (sz == -1) return ENOMEM;
1409 } else {
1410 if (strcmp(nexttoken(&p, 0, "'-1' field"), "-1") != 0) return EINVAL;
1411 }
1412 free(reading_what);
1413 }
1414
1415 for (i = 0; i < num_key_data; i++) {
1416 unsigned char *buf;
1417 int key_versions;
1418 int kvno;
1419 int keytype;
1420 int keylen;
1421 size_t k;
1422
1423 key_versions = getint(&p, "key data 'version'");
1424 CHECK_UINT16(key_versions);
1425 ret = krb5_store_int16(sp, key_versions);
1426 if (ret) return ret;
1427
1428 kvno = getint(&p, "kvno");
1429 CHECK_UINT16(kvno);
1430 ret = krb5_store_int16(sp, kvno);
1431 if (ret) return ret;
1432
1433 for (k = 0; k < key_versions; k++) {
1434 keytype = getint(&p, "enctype");
1435 CHECK_UINT16(keytype);
1436 ret = krb5_store_int16(sp, keytype);
1437 if (ret) return ret;
1438
1439 keylen = getint(&p, "encrypted key length");
1440 CHECK_UINT16(keylen);
1441 ret = krb5_store_int16(sp, keylen);
1442 if (ret) return ret;
1443
1444 if (keylen) {
1445 buf = malloc(keylen);
1446 if (!buf) return ENOMEM;
1447 if (getdata(&p, buf, keylen, "key (or salt) data") != keylen)
1448 return EINVAL;
1449 sz = krb5_storage_write(sp, buf, keylen);
1450 free(buf);
1451 if (sz == -1) return ENOMEM;
1452 } else {
1453 if (strcmp(nexttoken(&p, 0,
1454 "'-1' zero-length key/salt field"),
1455 "-1") != 0) {
1456 warnx("Expected '-1' field because key/salt length is 0");
1457 return -1;
1458 }
1459 }
1460 }
1461 }
1462 /*
1463 * The rest is "extra data", but there's never any and we wouldn't
1464 * know what to do with it.
1465 */
1466 /* nexttoken(&p, 0, "extra data"); */
1467 return 0;
1468 }
1469
Heimdal