search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Save ticket pointers.
[shishi.git] / lib / ccache.c
blob6a62620a4e7eeba2663155ec2ca1b1c09fa3e6f1
1 /* ccache.c --- Read MIT style Kerberos Credential Cache file.
2 * Copyright (C) 2006 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 *
20 */
21
22 #include "ccache.h"
23 #include <stdio.h>
24
25 /* See ccache.txt for a description of the file format. */
26
27 static int
28 get_uint8 (const void **data, size_t * len, uint8_t * i)
29 {
30 const char *p = *data;
31 if (*len < 1)
32 return -1;
33 *i = p[0];
34 *data += 1;
35 *len -= 1;
36 return 0;
37 }
38
39 static int
40 get_uint16 (const void **data, size_t * len, uint16_t * i)
41 {
42 const char *p = *data;
43 if (*len < 2)
44 return -1;
45 *i = p[0] << 8 | p[1];
46 *data += 2;
47 *len -= 2;
48 return 0;
49 }
50
51 static int
52 get_uint32 (const void **data, size_t * len, uint32_t * i)
53 {
54 const char *p = *data;
55 if (*len < 4)
56 return -1;
57 *i = ((p[0] << 24) & 0xFF000000)
58 | ((p[1] << 16) & 0xFF0000) | ((p[2] << 8) & 0xFF00) | (p[3] & 0xFF);
59 *data += 4;
60 *len -= 4;
61 return 0;
62 }
63
64 static int
65 parse_principal (const void **data, size_t * len,
66 struct ccache_principal *out)
67 {
68 size_t n;
69 int rc;
70
71 rc = get_uint32 (data, len, &out->name_type);
72 if (rc < 0)
73 return rc;
74
75 rc = get_uint32 (data, len, &out->num_components);
76 if (rc < 0)
77 return rc;
78
79 if (out->num_components >= CCACHE_MAX_COMPONENTS)
80 return -1;
81
82 rc = get_uint32 (data, len, &out->realm.length);
83 if (rc < 0)
84 return rc;
85
86 if (*len < out->realm.length)
87 return -1;
88 out->realm.data = *data;
89 *data += out->realm.length;
90 *len -= out->realm.length;
91
92 for (n = 0; n < out->num_components; n++)
93 {
94 rc = get_uint32 (data, len, &out->components[n].length);
95 if (rc < 0)
96 return rc;
97
98 if (*len < out->components[n].length)
99 return -1;
100 out->components[n].data = *data;
101 *data += out->components[n].length;
102 *len -= out->components[n].length;
103 }
104
105 return 0;
106 }
107
108 static int
109 skip_address (const void **data, size_t * len)
110 {
111 uint16_t addrtype;
112 uint32_t addrlen;
113 int rc;
114
115 rc = get_uint16 (data, len, &addrtype);
116 if (rc < 0)
117 return rc;
118
119 rc = get_uint32 (data, len, &addrlen);
120 if (rc < 0)
121 return rc;
122
123 if (*len < addrlen)
124 return -1;
125 *data += addrlen;
126 *len -= addrlen;
127
128 return 0;
129 }
130
131 static int
132 skip_authdata (const void **data, size_t * len)
133 {
134 uint16_t authdatatype;
135 uint32_t authdatalen;
136 int rc;
137
138 rc = get_uint16 (data, len, &authdatatype);
139 if (rc < 0)
140 return rc;
141
142 rc = get_uint32 (data, len, &authdatalen);
143 if (rc < 0)
144 return rc;
145
146 if (*len < authdatalen)
147 return -1;
148 *data += authdatalen;
149 *len -= authdatalen;
150
151 return 0;
152 }
153
154 static int
155 parse_credential (const void **data, size_t * len,
156 struct ccache_credential *out)
157 {
158 struct ccache_principal princ;
159 uint32_t num_address;
160 uint32_t num_authdata;
161 int rc;
162
163 rc = parse_principal (data, len, &out->client);
164 if (rc < 0)
165 return rc;
166
167 rc = parse_principal (data, len, &out->server);
168 if (rc < 0)
169 return rc;
170
171 rc = get_uint16 (data, len, &out->key.keytype);
172 if (rc < 0)
173 return rc;
174
175 rc = get_uint16 (data, len, &out->key.etype);
176 if (rc < 0)
177 return rc;
178
179 rc = get_uint16 (data, len, &out->key.keylen);
180 if (rc < 0)
181 return rc;
182
183 if (*len < out->key.keylen)
184 return -1;
185
186 out->key.keyvalue = *data;
187
188 *data += out->key.keylen;
189 *len -= out->key.keylen;
190
191 rc = get_uint32 (data, len, &out->authtime);
192 if (rc < 0)
193 return rc;
194
195 rc = get_uint32 (data, len, &out->starttime);
196 if (rc < 0)
197 return rc;
198
199 rc = get_uint32 (data, len, &out->endtime);
200 if (rc < 0)
201 return rc;
202
203 rc = get_uint32 (data, len, &out->renew_till);
204 if (rc < 0)
205 return rc;
206
207 rc = get_uint8 (data, len, &out->is_skey);
208 if (rc < 0)
209 return rc;
210
211 rc = get_uint32 (data, len, &out->tktflags);
212 if (rc < 0)
213 return rc;
214
215 rc = get_uint32 (data, len, &num_address);
216 if (rc < 0)
217 return rc;
218
219 for (; num_address; num_address--)
220 {
221 /* XXX Don't just skip data. */
222 rc = skip_address (data, len);
223 if (rc < 0)
224 return rc;
225 }
226
227 rc = get_uint32 (data, len, &num_authdata);
228 if (rc < 0)
229 return rc;
230
231 for (; num_authdata; num_authdata--)
232 {
233 /* XXX Don't just skip data. */
234 rc = skip_authdata (data, len);
235 if (rc < 0)
236 return rc;
237 }
238
239 rc = get_uint32 (data, len, &out->ticket.length);
240 if (rc < 0)
241 return rc;
242
243 if (*len < out->ticket.length)
244 return -1;
245 out->ticket.data = *data;
246 *data += out->ticket.length;
247 *len -= out->ticket.length;
248
249 rc = get_uint32 (data, len, &out->second_ticket.length);
250 if (rc < 0)
251 return rc;
252
253 if (*len < out->second_ticket.length)
254 return -1;
255 out->second_ticket.data = *data;
256 *data += out->second_ticket.length;
257 *len -= out->second_ticket.length;
258
259 return 0;
260 }
261
262 int
263 ccache_parse (const void *data, size_t len, struct ccache *out)
264 {
265 size_t pos = 0;
266 int rc;
267
268 rc = get_uint16 (&data, &len, &out->file_format_version);
269 if (rc < 0)
270 return rc;
271
272 rc = get_uint16 (&data, &len, &out->headerlen);
273 if (rc < 0)
274 return rc;
275
276 out->header = data;
277
278 if (len < out->headerlen)
279 return -1;
280 data += out->headerlen;
281 len -= out->headerlen;
282
283 rc = parse_principal (&data, &len, &out->default_principal);
284 if (rc < 0)
285 return rc;
286
287 out->credentials = data;
288 out->credentialslen = len;
289
290 return 0;
291 }
292
293 int
294 ccache_parse_credential (const void *data, size_t len,
295 struct ccache_credential *out, size_t * n)
296 {
297 size_t savelen = len;
298 int rc = parse_credential (&data, &len, out);
299
300 if (rc < 0)
301 return rc;
302
303 *n = savelen - len;
304 return 0;
305 }
306
307 void
308 ccache_print (struct ccache *ccache)
309 {
310 size_t n;
311
312 printf ("file_format_version %04x\n", ccache->file_format_version);
313 printf ("headerlen %04x\n", ccache->headerlen);
314 printf ("default_principal\n");
315 ccache_print_principal (&ccache->default_principal);
316 }
317
318 void
319 ccache_print_principal (struct ccache_principal *princ)
320 {
321 size_t n;
322
323 printf ("\tname_type %04x\n", princ->name_type);
324 printf ("\tnum_components %04x\n", princ->num_components);
325 printf ("\trealmlen %04x\n", princ->realm.length);
326 printf ("\trealm %.*s\n", princ->realm.length, princ->realm.data);
327
328 for (n = 0; n < princ->num_components; n++)
329 {
330 printf ("\t\tcomponentlen %04x\n", princ->components[n].length);
331 printf ("\t\tcomponent %.*s\n", princ->components[n].length,
332 princ->components[n].data);
333 }
334 }
335
336 void
337 ccache_print_credential (struct ccache_credential *cred)
338 {
339 size_t i;
340 printf ("\tclient:\n");
341 ccache_print_principal (&cred->client);
342 printf ("\tserver:\n");
343 ccache_print_principal (&cred->server);
344 printf ("\tkey:\n");
345 printf ("\t\tkeytype %04x\n", cred->key.keytype);
346 printf ("\t\tetype %04x\n", cred->key.etype);
347 printf ("\t\tkeylen %04x\n", cred->key.keylen);
348 printf ("\t\tkey value: ");
349 for (i = 0; i < cred->key.keylen; i++)
350 printf ("%02x", ((char *) cred->key.keyvalue)[i] & 0xFF);
351 printf ("\n");
352 printf ("\ttimes:\n");
353 printf ("\t\tauthtime %04x\n", cred->authtime);
354 printf ("\t\tstarttime %04x\n", cred->starttime);
355 printf ("\t\tendtime %04x\n", cred->endtime);
356 printf ("\t\trenew_till %04x\n", cred->renew_till);
357 printf ("\tis_skey %04x\n", cred->is_skey);
358 printf ("\ttktflags_skey %04x\n", cred->tktflags);
359 printf ("\tticketlen %04x\n", cred->ticket.length);
360 printf ("\tsecond_ticketlen %04x\n", cred->second_ticket.length);
361 }
362
363 #ifdef TEST
364 int
365 main (int argc, char *argv[])
366 {
367 char buf[10240];
368 size_t len;
369 FILE *fh;
370 int rc;
371 struct ccache ccache;
372 struct ccache_credential cred;
373 size_t i = 0;
374
375 if (argc <= 1)
376 {
377 printf ("Usage: %s <krb5ccache-file>\n", argv[0]);
378 return 1;
379 }
380
381 fh = fopen (argv[1], "rb");
382 if (!fh)
383 {
384 puts ("Error: cannot open file");
385 return 1;
386 }
387
388 len = fread (buf, 1, sizeof (buf), fh);
389
390 if (len >= sizeof (buf))
391 {
392 puts ("Error: file too large");
393 return 1;
394 }
395
396 rc = ccache_parse (buf, len, &ccache);
397 if (rc < 0)
398 {
399 puts ("Error: syntax error");
400 return 1;
401 }
402
403 ccache_print (&ccache);
404
405 while (ccache.credentialslen)
406 {
407 size_t n;
408
409 rc = ccache_parse_credential (ccache.credentials,
410 ccache.credentialslen, &cred, &n);
411 if (rc < 0)
412 {
413 printf ("Error: cannot parse credential %d\n", i);
414 return rc;
415 }
416
417 printf ("\nCredential %d:\n", i++);
418
419 ccache_print_credential (&cred);
420
421 ccache.credentials += n;
422 ccache.credentialslen -= n;
423 }
424
425 if (fclose (fh))
426 {
427 puts ("Error: cannot close file");
428 return 1;
429 }
430
431 return 0;
432 }
433 #endif
Free Kerberos V5 implementation