CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
[heimdal.git] / kadmin / load.c
blob01812f8090c3b1f31516637dc479238cfec46787
1 /*
2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
36 #include <kadm5/private.h>
38 struct entry {
39 char *principal;
40 char *key;
41 char *max_life;
42 char *max_renew;
43 char *created;
44 char *modified;
45 char *valid_start;
46 char *valid_end;
47 char *pw_end;
48 char *flags;
49 char *generation;
50 char *extensions;
53 static char *
54 skip_next(char *p)
56 while(*p && !isspace((unsigned char)*p))
57 p++;
58 *p++ = 0;
59 while(*p && isspace((unsigned char)*p))
60 p++;
61 return p;
65 * Parse the time in `s', returning:
66 * -1 if error parsing
67 * 0 if none present
68 * 1 if parsed ok
71 static int
72 parse_time_string(time_t *t, const char *s)
74 int year, month, date, hour, minute, second;
75 struct tm tm;
77 if(strcmp(s, "-") == 0)
78 return 0;
79 if(sscanf(s, "%04d%02d%02d%02d%02d%02d",
80 &year, &month, &date, &hour, &minute, &second) != 6)
81 return -1;
82 tm.tm_year = year - 1900;
83 tm.tm_mon = month - 1;
84 tm.tm_mday = date;
85 tm.tm_hour = hour;
86 tm.tm_min = minute;
87 tm.tm_sec = second;
88 tm.tm_isdst = 0;
89 *t = timegm(&tm);
90 return 1;
94 * parse time, allocating space in *t if it's there
97 static int
98 parse_time_string_alloc (time_t **t, const char *s)
100 time_t tmp;
101 int ret;
103 *t = NULL;
104 ret = parse_time_string (&tmp, s);
105 if (ret == 1) {
106 *t = malloc (sizeof (**t));
107 if (*t == NULL)
108 krb5_errx (context, 1, "malloc: out of memory");
109 **t = tmp;
111 return ret;
115 * see parse_time_string for calling convention
118 static int
119 parse_integer(unsigned int *u, const char *s)
121 if(strcmp(s, "-") == 0)
122 return 0;
123 if (sscanf(s, "%u", u) != 1)
124 return -1;
125 return 1;
128 static int
129 parse_integer_alloc (unsigned int **u, const char *s)
131 unsigned int tmp;
132 int ret;
134 *u = NULL;
135 ret = parse_integer (&tmp, s);
136 if (ret == 1) {
137 *u = malloc (sizeof (**u));
138 if (*u == NULL)
139 krb5_errx (context, 1, "malloc: out of memory");
140 **u = tmp;
142 return ret;
146 * Parse dumped keys in `str' and store them in `ent'
147 * return -1 if parsing failed
150 static int
151 parse_keys(hdb_entry *ent, char *str)
153 krb5_error_code ret;
154 int tmp;
155 char *p;
156 size_t i;
158 p = strsep(&str, ":");
159 if (sscanf(p, "%d", &tmp) != 1)
160 return 1;
161 ent->kvno = tmp;
162 p = strsep(&str, ":");
163 while(p){
164 Key *key;
165 key = realloc(ent->keys.val,
166 (ent->keys.len + 1) * sizeof(*ent->keys.val));
167 if(key == NULL)
168 krb5_errx (context, 1, "realloc: out of memory");
169 ent->keys.val = key;
170 key = ent->keys.val + ent->keys.len;
171 ent->keys.len++;
172 memset(key, 0, sizeof(*key));
173 if(sscanf(p, "%d", &tmp) == 1) {
174 key->mkvno = malloc(sizeof(*key->mkvno));
175 *key->mkvno = tmp;
176 } else
177 key->mkvno = NULL;
178 p = strsep(&str, ":");
179 if (sscanf(p, "%d", &tmp) != 1)
180 return 1;
181 key->key.keytype = tmp;
182 p = strsep(&str, ":");
183 ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1);
184 if (ret)
185 krb5_err (context, 1, ret, "krb5_data_alloc");
186 for(i = 0; i < strlen(p); i += 2) {
187 if(sscanf(p + i, "%02x", &tmp) != 1)
188 return 1;
189 ((u_char*)key->key.keyvalue.data)[i / 2] = tmp;
191 p = strsep(&str, ":");
192 if(strcmp(p, "-") != 0){
193 unsigned type;
194 size_t p_len;
196 if(sscanf(p, "%u/", &type) != 1)
197 return 1;
198 p = strchr(p, '/');
199 if(p == NULL)
200 return 1;
201 p++;
202 p_len = strlen(p);
204 key->salt = calloc(1, sizeof(*key->salt));
205 if (key->salt == NULL)
206 krb5_errx (context, 1, "malloc: out of memory");
207 key->salt->type = type;
209 if (p_len) {
210 if(*p == '\"') {
211 ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2);
212 if (ret)
213 krb5_err (context, 1, ret, "krb5_data_copy");
214 } else {
215 ret = krb5_data_alloc(&key->salt->salt,
216 (p_len - 1) / 2 + 1);
217 if (ret)
218 krb5_err (context, 1, ret, "krb5_data_alloc");
219 for(i = 0; i < p_len; i += 2){
220 if (sscanf(p + i, "%02x", &tmp) != 1)
221 return 1;
222 ((u_char*)key->salt->salt.data)[i / 2] = tmp;
225 } else
226 krb5_data_zero (&key->salt->salt);
228 p = strsep(&str, ":");
230 return 0;
234 * see parse_time_string for calling convention
237 static int
238 parse_event(Event *ev, char *s)
240 krb5_error_code ret;
241 char *p;
243 if(strcmp(s, "-") == 0)
244 return 0;
245 memset(ev, 0, sizeof(*ev));
246 p = strsep(&s, ":");
247 if(parse_time_string(&ev->time, p) != 1)
248 return -1;
249 p = strsep(&s, ":");
250 ret = krb5_parse_name(context, p, &ev->principal);
251 if (ret)
252 return -1;
253 return 1;
256 static int
257 parse_event_alloc (Event **ev, char *s)
259 Event tmp;
260 int ret;
262 *ev = NULL;
263 ret = parse_event (&tmp, s);
264 if (ret == 1) {
265 *ev = malloc (sizeof (**ev));
266 if (*ev == NULL)
267 krb5_errx (context, 1, "malloc: out of memory");
268 **ev = tmp;
270 return ret;
273 static int
274 parse_hdbflags2int(HDBFlags *f, const char *s)
276 int ret;
277 unsigned int tmp;
279 ret = parse_integer (&tmp, s);
280 if (ret == 1)
281 *f = int2HDBFlags (tmp);
282 return ret;
285 static int
286 parse_generation(char *str, GENERATION **gen)
288 char *p;
289 int v;
291 if(strcmp(str, "-") == 0 || *str == '\0') {
292 *gen = NULL;
293 return 0;
295 *gen = calloc(1, sizeof(**gen));
297 p = strsep(&str, ":");
298 if(parse_time_string(&(*gen)->time, p) != 1)
299 return -1;
300 p = strsep(&str, ":");
301 if(sscanf(p, "%d", &v) != 1)
302 return -1;
303 (*gen)->usec = v;
304 p = strsep(&str, ":");
305 if(sscanf(p, "%d", &v) != 1)
306 return -1;
307 (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */
308 return 0;
311 static int
312 parse_extensions(char *str, HDB_extensions **e)
314 char *p;
315 int ret;
317 if(strcmp(str, "-") == 0 || *str == '\0') {
318 *e = NULL;
319 return 0;
321 *e = calloc(1, sizeof(**e));
323 p = strsep(&str, ":");
325 while (p) {
326 HDB_extension ext;
327 ssize_t len;
328 void *d;
330 len = strlen(p);
331 d = malloc(len);
333 len = hex_decode(p, d, len);
334 if (len < 0) {
335 free(d);
336 return -1;
339 ret = decode_HDB_extension(d, len, &ext, NULL);
340 free(d);
341 if (ret)
342 return -1;
343 d = realloc((*e)->val, ((*e)->len + 1) * sizeof((*e)->val[0]));
344 if (d == NULL)
345 abort();
346 (*e)->val = d;
347 (*e)->val[(*e)->len] = ext;
348 (*e)->len++;
350 p = strsep(&str, ":");
353 return 0;
358 * Parse the dump file in `filename' and create the database (merging
359 * iff merge)
362 static int
363 doit(const char *filename, int mergep)
365 krb5_error_code ret = 0;
366 FILE *f;
367 char s[8192]; /* XXX should fix this properly */
368 char *p;
369 int line;
370 int flags = O_RDWR;
371 struct entry e;
372 hdb_entry_ex ent;
373 HDB *db = _kadm5_s_get_db(kadm_handle);
375 f = fopen(filename, "r");
376 if(f == NULL){
377 krb5_warn(context, errno, "fopen(%s)", filename);
378 return 1;
381 * We don't have a version number in the dump, so we don't know which iprop
382 * log entries to keep, if any. We throw the log away.
384 * We could merge the ipropd-master/slave dump/load here as an option, in
385 * which case we would first load the dump.
387 * If we're merging, first recover unconfirmed records in the existing log.
389 if (mergep)
390 ret = kadm5_log_init(kadm_handle);
391 if (ret == 0)
392 ret = kadm5_log_reinit(kadm_handle, 0);
393 if (ret) {
394 fclose (f);
395 krb5_warn(context, ret, "kadm5_log_reinit");
396 return 1;
399 if(!mergep)
400 flags |= O_CREAT | O_TRUNC;
401 ret = db->hdb_open(context, db, flags, 0600);
402 if(ret){
403 krb5_warn(context, ret, "hdb_open");
404 fclose(f);
405 return 1;
407 line = 0;
408 ret = 0;
409 while(fgets(s, sizeof(s), f) != NULL) {
410 line++;
412 p = s;
413 while (isspace((unsigned char)*p))
414 p++;
416 e.principal = p;
417 for(p = s; *p; p++){
418 if(*p == '\\')
419 p++;
420 else if(isspace((unsigned char)*p)) {
421 *p = 0;
422 break;
425 p = skip_next(p);
427 e.key = p;
428 p = skip_next(p);
430 e.created = p;
431 p = skip_next(p);
433 e.modified = p;
434 p = skip_next(p);
436 e.valid_start = p;
437 p = skip_next(p);
439 e.valid_end = p;
440 p = skip_next(p);
442 e.pw_end = p;
443 p = skip_next(p);
445 e.max_life = p;
446 p = skip_next(p);
448 e.max_renew = p;
449 p = skip_next(p);
451 e.flags = p;
452 p = skip_next(p);
454 e.generation = p;
455 p = skip_next(p);
457 e.extensions = p;
458 skip_next(p);
460 memset(&ent, 0, sizeof(ent));
461 ret = krb5_parse_name(context, e.principal, &ent.entry.principal);
462 if(ret) {
463 const char *msg = krb5_get_error_message(context, ret);
464 fprintf(stderr, "%s:%d:%s (%s)\n",
465 filename, line, msg, e.principal);
466 krb5_free_error_message(context, msg);
467 continue;
470 if (parse_keys(&ent.entry, e.key)) {
471 fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
472 filename, line, e.key);
473 hdb_free_entry (context, &ent);
474 continue;
477 if (parse_event(&ent.entry.created_by, e.created) == -1) {
478 fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
479 filename, line, e.created);
480 hdb_free_entry (context, &ent);
481 continue;
483 if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) {
484 fprintf (stderr, "%s:%d:error parsing event (%s)\n",
485 filename, line, e.modified);
486 hdb_free_entry (context, &ent);
487 continue;
489 if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) {
490 fprintf (stderr, "%s:%d:error parsing time (%s)\n",
491 filename, line, e.valid_start);
492 hdb_free_entry (context, &ent);
493 continue;
495 if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) {
496 fprintf (stderr, "%s:%d:error parsing time (%s)\n",
497 filename, line, e.valid_end);
498 hdb_free_entry (context, &ent);
499 continue;
501 if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) {
502 fprintf (stderr, "%s:%d:error parsing time (%s)\n",
503 filename, line, e.pw_end);
504 hdb_free_entry (context, &ent);
505 continue;
508 if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) {
509 fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
510 filename, line, e.max_life);
511 hdb_free_entry (context, &ent);
512 continue;
515 if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) {
516 fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
517 filename, line, e.max_renew);
518 hdb_free_entry (context, &ent);
519 continue;
522 if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) {
523 fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
524 filename, line, e.flags);
525 hdb_free_entry (context, &ent);
526 continue;
529 if(parse_generation(e.generation, &ent.entry.generation) == -1) {
530 fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
531 filename, line, e.generation);
532 hdb_free_entry (context, &ent);
533 continue;
536 if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) {
537 fprintf (stderr, "%s:%d:error parsing extension (%s)\n",
538 filename, line, e.extensions);
539 hdb_free_entry (context, &ent);
540 continue;
543 ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
544 hdb_free_entry (context, &ent);
545 if (ret) {
546 krb5_warn(context, ret, "db_store");
547 break;
550 (void) kadm5_log_end(kadm_handle);
551 db->hdb_close(context, db);
552 fclose(f);
553 return ret != 0;
557 extern int local_flag;
559 static int
560 loadit(int mergep, const char *name, int argc, char **argv)
562 if(!local_flag) {
563 krb5_warnx(context, "%s is only available in local (-l) mode", name);
564 return 0;
567 return doit(argv[0], mergep);
571 load(void *opt, int argc, char **argv)
573 return loadit(0, "load", argc, argv);
577 merge(void *opt, int argc, char **argv)
579 return loadit(1, "merge", argc, argv);