2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 hdb_next_enctype2key(krb5_context context
,
51 for (k
= *key
? *key
: e
->keys
.val
;
52 k
< e
->keys
.val
+ e
->keys
.len
;
54 if(k
->key
.keytype
== enctype
){
58 return KRB5_PROG_ETYPE_NOSUPP
; /* XXX */
62 hdb_enctype2key(krb5_context context
,
68 return hdb_next_enctype2key(context
, e
, enctype
, key
);
71 /* this is a bit ugly, but will get better when the crypto framework
75 hdb_process_master_key(krb5_context context
, EncryptionKey key
,
80 if(key
.keytype
!= ETYPE_DES_CBC_MD5
)
81 return KRB5_PROG_KEYTYPE_NOSUPP
;
83 ret
= krb5_data_alloc (schedule
, sizeof(des_key_schedule
));
87 des_set_key((des_cblock
*)key
.keyvalue
.data
, schedule
->data
);
92 hdb_read_master_key(krb5_context context
, const char *filename
,
96 unsigned char buf
[256];
100 filename
= HDB_DB_DIR
"/m-key";
101 f
= fopen(filename
, "r");
104 len
= fread(buf
, 1, sizeof(buf
), f
);
108 ret
= decode_EncryptionKey(buf
, len
, key
, &len
);
110 memset(buf
, 0, sizeof(buf
));
115 _hdb_unseal_keys_int(hdb_entry
*ent
, int key_version
, krb5_data schedule
)
118 for(i
= 0; i
< ent
->keys
.len
; i
++){
121 if(ent
->keys
.val
[i
].mkvno
== NULL
)
123 if(*ent
->keys
.val
[i
].mkvno
!= key_version
)
125 memset(&iv
, 0, sizeof(iv
));
127 des_cfb64_encrypt(ent
->keys
.val
[i
].key
.keyvalue
.data
,
128 ent
->keys
.val
[i
].key
.keyvalue
.data
,
129 ent
->keys
.val
[i
].key
.keyvalue
.length
,
130 schedule
.data
, &iv
, &num
, 0);
131 free(ent
->keys
.val
[i
].mkvno
);
132 ent
->keys
.val
[i
].mkvno
= NULL
;
137 hdb_unseal_keys(HDB
*db
, hdb_entry
*ent
)
139 if (db
->master_key_set
== 0)
141 _hdb_unseal_keys_int(ent
, db
->master_key_version
, db
->master_key
);
145 _hdb_seal_keys_int(hdb_entry
*ent
, int key_version
, krb5_data schedule
)
148 for(i
= 0; i
< ent
->keys
.len
; i
++){
152 if(ent
->keys
.val
[i
].mkvno
!= NULL
)
154 memset(&iv
, 0, sizeof(iv
));
155 des_cfb64_encrypt(ent
->keys
.val
[i
].key
.keyvalue
.data
,
156 ent
->keys
.val
[i
].key
.keyvalue
.data
,
157 ent
->keys
.val
[i
].key
.keyvalue
.length
,
158 schedule
.data
, &iv
, &num
, 1);
159 ent
->keys
.val
[i
].mkvno
= malloc(sizeof(*ent
->keys
.val
[i
].mkvno
));
160 *ent
->keys
.val
[i
].mkvno
= key_version
;
165 hdb_seal_keys(HDB
*db
, hdb_entry
*ent
)
167 if (db
->master_key_set
== 0)
170 _hdb_seal_keys_int(ent
, db
->master_key_version
, db
->master_key
);
174 hdb_free_key(Key
*key
)
176 memset(key
->key
.keyvalue
.data
,
178 key
->key
.keyvalue
.length
);
185 hdb_lock(int fd
, int operation
)
188 for(i
= 0; i
< 3; i
++){
189 code
= flock(fd
, (operation
== HDB_RLOCK
? LOCK_SH
: LOCK_EX
) | LOCK_NB
);
190 if(code
== 0 || errno
!= EWOULDBLOCK
)
196 if(errno
== EWOULDBLOCK
)
197 return HDB_ERR_DB_INUSE
;
198 return HDB_ERR_CANT_LOCK_DB
;
205 code
= flock(fd
, LOCK_UN
);
207 return 4711 /* XXX */;
212 hdb_free_entry(krb5_context context
, hdb_entry
*ent
)
216 for(i
= 0; i
< ent
->keys
.len
; ++i
) {
217 Key
*k
= &ent
->keys
.val
[i
];
219 memset (k
->key
.keyvalue
.data
, 0, k
->key
.keyvalue
.length
);
225 hdb_foreach(krb5_context context
,
228 hdb_foreach_func_t func
,
233 ret
= db
->firstkey(context
, db
, flags
, &entry
);
235 ret
= (*func
)(context
, db
, &entry
, data
);
236 hdb_free_entry(context
, &entry
);
238 ret
= db
->nextkey(context
, db
, flags
, &entry
);
240 if(ret
== HDB_ERR_NOENTRY
)
246 hdb_check_db_format(krb5_context context
, HDB
*db
)
254 tag
.data
= HDB_DB_FORMAT_ENTRY
;
255 tag
.length
= strlen(tag
.data
);
256 ret
= (*db
->_get
)(context
, db
, tag
, &version
);
259 foo
= sscanf(version
.data
, "%u", &ver
);
260 krb5_data_free (&version
);
262 return HDB_ERR_BADVERSION
;
263 if(ver
!= HDB_DB_FORMAT
)
264 return HDB_ERR_BADVERSION
;
269 hdb_init_db(krb5_context context
, HDB
*db
)
276 ret
= hdb_check_db_format(context
, db
);
277 if(ret
!= HDB_ERR_NOENTRY
)
280 tag
.data
= HDB_DB_FORMAT_ENTRY
;
281 tag
.length
= strlen(tag
.data
);
282 snprintf(ver
, sizeof(ver
), "%u", HDB_DB_FORMAT
);
284 version
.length
= strlen(version
.data
) + 1; /* zero terminated */
285 ret
= (*db
->_put
)(context
, db
, 0, tag
, version
);
290 hdb_create(krb5_context context
, HDB
**db
, const char *filename
)
292 krb5_error_code ret
= 0;
294 filename
= HDB_DEFAULT_DB
;
295 initialize_hdb_error_table_r(&context
->et_list
);
297 ret
= hdb_db_create(context
, db
, filename
);
299 ret
= hdb_ndbm_create(context
, db
, filename
);
301 krb5_errx(context
, 1, "No database support! (hdb_create)");
307 hdb_set_master_key (krb5_context context
,
313 ret
= hdb_process_master_key(context
, key
, &db
->master_key
);
316 des_set_random_generator_seed(key
.keyvalue
.data
);
317 db
->master_key_set
= 1;
318 db
->master_key_version
= 0; /* XXX */
323 hdb_set_master_keyfile (krb5_context context
,
330 ret
= hdb_read_master_key(context
, keyfile
, &key
);
336 ret
= hdb_set_master_key(context
, db
, key
);
337 memset(key
.keyvalue
.data
, 0, key
.keyvalue
.length
);
338 free_EncryptionKey(&key
);
343 hdb_clear_master_key (krb5_context context
,
346 if (db
->master_key_set
) {
347 memset(db
->master_key
.data
, 0, db
->master_key
.length
);
348 krb5_data_free(&db
->master_key
);
349 db
->master_key_set
= 0;