lib/keytab.c

   1 /* keys.c --- Functions for reading /etc/krb5.keytab style key files.
   2  * Copyright (C) 2002, 2003, 2004, 2006  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  */
  21
  22 #include "internal.h"
  23
  24 /**
  25  * shishi_keys_add_keytab_mem:
  26  * @handle: shishi handle as allocated by shishi_init().
  27  * @data: constant memory buffer with keytab of @len size.
  28  * @len: size of memory buffer with keytab data.
  29  * @keys: allocated key set to store keys in.
  30  *
  31  * Read keys from a MIT keytab data structure, and add them to the key
  32  * set.
  33  *
  34  * The format of keytab's is proprietary, and this function support
  35  * the 0x0501 and 0x0502 formats.  See the section The MIT Kerberos
  36  * Keytab Binary File Format in the Shishi manual for a description of
  37  * the reverse-engineered format.
  38  *
  39  * Returns: Returns %SHISHI_KEYTAB_ERROR if the data does not
  40  *   represent a valid keytab structure, and %SHISHI_OK on success.
  41  **/
  42 int
  43 shishi_keys_add_keytab_mem (Shishi * handle,
  44                             const char *data, size_t len,
  45                             Shishi_keys *keys)
  46 {
  47   int rc;
  48   uint16_t file_format_version;
  49   size_t entrystartpos;
  50   uint16_t num_components;    /* sub 1 if version 0x501 */
  51   char *principal;
  52   size_t i, l;
  53   Shishi_key *key;
  54
  55   if (VERBOSENOISE (handle))
  56     {
  57       printf ("keytab len %d (0x%x)\n", len, len);
  58       _shishi_hexprint (data, len);
  59     }
  60
  61   /* Check file format. */
  62   file_format_version = (data[0] << 8) | data[1];
  63
  64   if (VERBOSENOISE (handle))
  65     printf ("keytab file_format_version %04X\n", file_format_version);
  66
  67   if (file_format_version != 0x0501 && file_format_version != 0x0502)
  68     return SHISHI_KEYTAB_ERROR;
  69
  70   /* Check file integrity first, to avoid error-checking below. */
  71   entrystartpos = 2;
  72   while (entrystartpos < len)
  73     {
  74       int32_t size = data[entrystartpos] << 24 | data[entrystartpos+1] << 16
  75         | data[entrystartpos+2] << 8 | data[entrystartpos+3];
  76       entrystartpos += 4;
  77
  78       if (VERBOSENOISE (handle))
  79         {
  80           printf ("keytab size %d (%x)\n", size, size);
  81           printf ("keytab pos %d < %d\n", entrystartpos + size, len);
  82         }
  83
  84       if (entrystartpos + size > len)
  85         return SHISHI_KEYTAB_ERROR;
  86
  87       /* Go to next entry... */
  88       entrystartpos += size;
  89     }
  90   if (entrystartpos != len)
  91     return SHISHI_KEYTAB_ERROR;
  92
  93   rc = shishi_key (handle, &key);
  94   if (rc != SHISHI_OK)
  95     return rc;
  96
  97   entrystartpos = 2;
  98   while (entrystartpos < len)
  99     {
 100       size_t pos = entrystartpos;
 101       uint16_t size = data[pos] << 24 | data[pos+1] << 16
 102         | data[pos+2] << 8 | data[pos+3];
 103       pos += 4;
 104
 105       if (VERBOSENOISE (handle))
 106         printf ("keytab size %d (%x)\n", size, size);
 107
 108       /* Num_components */
 109       num_components = data[pos] << 8 | data[pos+1];
 110       pos += 2;
 111
 112       if (file_format_version == 0x0501)
 113         num_components--;
 114
 115       /* Realm */
 116       {
 117         uint16_t realmlen = data[pos] << 8 | data[pos+1];
 118         char *realm = xstrndup (&data[pos + 2], realmlen);;
 119
 120         pos += 2 + realmlen;
 121
 122         shishi_key_realm_set (key, realm);
 123         free (realm);
 124       }
 125
 126       /* Principal components. */
 127       {
 128         char *name = NULL;
 129         size_t namelen = 0;
 130
 131         for (i = 0; i < num_components; i++)
 132           {
 133             size_t l;
 134
 135             l = data[pos] << 8 | data[pos+1];
 136             pos += 2;
 137
 138             name = xrealloc (name, namelen + l + 1);
 139             memcpy (name + namelen, &data[pos], l);
 140             name[namelen + l] = '/';
 141
 142             namelen += l + 1;
 143             pos += l;
 144
 145           }
 146         name[namelen - 1] = '\0';
 147         shishi_key_principal_set (key, name);
 148         free (name);
 149       }
 150
 151       /* Name_type */
 152       {
 153         uint32_t name_type   /* not present if version 0x501 */
 154           = data[pos] << 24 | data[pos+1] << 16
 155           | data[pos+2] << 8 | data[pos+3];
 156         pos += 4;
 157
 158         if (VERBOSENOISE (handle))
 159           printf ("keytab nametype %d (0x%08x)\n", name_type, name_type);
 160       }
 161
 162       /* Timestamp */
 163       {
 164         uint32_t timestamp = data[pos] << 24 | data[pos+1] << 16
 165           | data[pos+2] << 8 | data[pos+3];
 166         pos += 4;
 167
 168         if (VERBOSENOISE (handle))
 169           printf ("keytab timestamp %u (0x%08ux)\n", timestamp, timestamp);
 170       }
 171
 172       /* keyvno8 */
 173       {
 174         uint8_t vno8 = data[pos++];
 175
 176         if (VERBOSENOISE (handle))
 177           printf ("keytab kvno8 %d (0x%02x)\n", vno8, vno8);
 178
 179         shishi_key_version_set (key, vno8);
 180       }
 181
 182       /* key, keytype */
 183       {
 184         uint32_t keytype = data[pos] << 8 | data[pos+1];
 185         pos += 2;
 186
 187         if (VERBOSENOISE (handle))
 188           printf ("keytab keytype %d (0x%x)\n", keytype, keytype);
 189
 190         shishi_key_type_set (key, keytype);
 191       }
 192
 193       /* key, length and data */
 194       {
 195         uint16_t keylen = data[pos] << 8 | data[pos+1];
 196         pos += 2;
 197
 198         if (VERBOSENOISE (handle))
 199           printf ("keytab keylen %d (0x%x) eq? %d\n", keylen, keylen,
 200                   shishi_key_length (key));
 201
 202         if (VERBOSENOISE (handle))
 203           _shishi_hexprint (data + pos, keylen);
 204
 205         shishi_key_value_set (key, data + pos);
 206         pos += keylen;
 207       }
 208
 209       if (pos - entrystartpos < size + 4)
 210         {
 211           uint32_t vno /* only present if >= 4 bytes left in entry */
 212             = data[pos] << 24 | data[pos+1] << 16
 213             | data[pos+2] << 8 | data[pos+3];
 214           pos += 4;
 215
 216           if (VERBOSENOISE (handle))
 217             printf ("keytab kvno %d (0x%08x)\n", vno, vno);
 218
 219           shishi_key_version_set (key, vno);
 220         }
 221
 222       if (VERBOSECRYPTONOISE (handle))
 223         shishi_key_print (handle, stdout, key);
 224
 225       rc = shishi_keys_add (keys, key);
 226       if (rc != SHISHI_OK)
 227         goto done;
 228
 229       /* Go to next entry... */
 230       entrystartpos += size + 4;
 231     }
 232
 233   rc = SHISHI_OK;
 234
 235  done:
 236   shishi_key_done (key);
 237
 238   return rc;
 239 }
 240
 241 /**
 242  * shishi_keys_add_keytab_file:
 243  * @handle: shishi handle as allocated by shishi_init().
 244  * @filename: name of file to read.
 245  * @keys: allocated key set to store keys in.
 246  *
 247  * Read keys from a MIT keytab data structure from a file, and add the
 248  * keys to the key set.
 249  *
 250  * The format of keytab's is proprietary, and this function support
 251  * the 0x0501 and 0x0502 formats.  See the section The MIT Kerberos
 252  * Keytab Binary File Format in the Shishi manual for a description of
 253  * the reverse-engineered format.
 254  *
 255  * Returns: Returns %SHISHI_IO_ERROR if the file cannot be read,
 256  *   %SHISHI_KEYTAB_ERROR if the data cannot be parsed as a valid keytab
 257  *   structure, and %SHISHI_OK on success.
 258  **/
 259 int
 260 shishi_keys_add_keytab_file (Shishi * handle,
 261                              const char *filename,
 262                              Shishi_keys *keys)
 263 {
 264   size_t len;
 265   char *keytab = read_file (filename, &len);
 266   int rc;
 267
 268   if (!keytab)
 269     return SHISHI_IO_ERROR;
 270
 271   rc = shishi_keys_add_keytab_mem (handle, keytab, len, keys);
 272
 273   free (keytab);
 274
 275   return rc;
 276 }
 277
 278 /**
 279  * shishi_keys_from_keytab_mem:
 280  * @handle: shishi handle as allocated by shishi_init().
 281  * @data: constant memory buffer with keytab of @len size.
 282  * @len: size of memory buffer with keytab data.
 283  * @outkeys: pointer to key set that will be allocated and populated,
 284  *   must be deallocated by caller on succes.
 285  *
 286  * Create a new key set populated with keys from a MIT keytab data
 287  * structure read from a memory block.
 288  *
 289  * The format of keytab's is proprietary, and this function support
 290  * the 0x0501 and 0x0502 formats.  See the section The MIT Kerberos
 291  * Keytab Binary File Format in the Shishi manual for a description of
 292  * the reverse-engineered format.
 293  *
 294  * Returns: Returns %SHISHI_KEYTAB_ERROR if the data does not
 295  *   represent a valid keytab structure, and %SHISHI_OK on success.
 296  **/
 297 int
 298 shishi_keys_from_keytab_mem (Shishi * handle,
 299                              const char *data, size_t len,
 300                              Shishi_keys **outkeys)
 301 {
 302   int rc;
 303
 304   rc = shishi_keys (handle, outkeys);
 305   if (rc != SHISHI_OK)
 306     return rc;
 307
 308   rc = shishi_keys_add_keytab_mem (handle, data, len, *outkeys);
 309   if (rc != SHISHI_OK)
 310     {
 311       shishi_keys_done (outkeys);
 312       return rc;
 313     }
 314
 315   return SHISHI_OK;
 316 }
 317
 318 /**
 319  * shishi_keys_from_keytab_file:
 320  * @handle: shishi handle as allocated by shishi_init().
 321  * @filename: name of file to read.
 322  * @outkeys: pointer to key set that will be allocated and populated,
 323  *   must be deallocated by caller on succes.
 324  *
 325  * Create a new key set populated with keys from a MIT keytab data
 326  * structure read from a file.
 327  *
 328  * The format of keytab's is proprietary, and this function support
 329  * the 0x0501 and 0x0502 formats.  See the section The MIT Kerberos
 330  * Keytab Binary File Format in the Shishi manual for a description of
 331  * the reverse-engineered format.
 332  *
 333  * Returns: Returns %SHISHI_IO_ERROR if the file cannot be read,
 334  *   %SHISHI_KEYTAB_ERROR if the data cannot be parsed as a valid keytab
 335  *   structure, and %SHISHI_OK on success.
 336  **/
 337 int
 338 shishi_keys_from_keytab_file (Shishi * handle,
 339                               const char *filename,
 340                               Shishi_keys **outkeys)
 341 {
 342   int rc;
 343
 344   rc = shishi_keys (handle, outkeys);
 345   if (rc != SHISHI_OK)
 346     return rc;
 347
 348   rc = shishi_keys_add_keytab_file (handle, filename, *outkeys);
 349   if (rc != SHISHI_OK)
 350     {
 351       shishi_keys_done (outkeys);
 352       return rc;
 353     }
 354
 355   return SHISHI_OK;
 356 }