root/source4/heimdal/lib/hdb/keytab.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. hdb_resolve
  2. hdb_close
  3. hdb_get_name
  4. set_config
  5. find_db
  6. hdb_get_entry

   1 /*
   2  * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 #include "hdb_locl.h"
  35 
  36 /* keytab backend for HDB databases */
  37 
  38 RCSID("$Id$");
  39 
  40 struct hdb_data {
  41     char *dbname;
  42     char *mkey;
  43 };
  44 
  45 /*
  46  * the format for HDB keytabs is:
  47  * HDB:[database:file:mkey]
  48  */
  49 
  50 static krb5_error_code
  51 hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
     /* [<][>][^][v][top][bottom][index][help] */
  52 {
  53     struct hdb_data *d;
  54     const char *db, *mkey;
  55 
  56     d = malloc(sizeof(*d));
  57     if(d == NULL) {
  58         krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
  59         return ENOMEM;
  60     }
  61     db = name;
  62     mkey = strrchr(name, ':');
  63     if(mkey == NULL || mkey[1] == '\0') {
  64         if(*name == '\0')
  65             d->dbname = NULL;
  66         else {
  67             d->dbname = strdup(name);
  68             if(d->dbname == NULL) {
  69                 free(d);
  70                 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
  71                 return ENOMEM;
  72             }
  73         }
  74         d->mkey = NULL;
  75     } else {
  76         if((mkey - db) == 0) {
  77             d->dbname = NULL;
  78         } else {
  79             d->dbname = malloc(mkey - db + 1);
  80             if(d->dbname == NULL) {
  81                 free(d);
  82                 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
  83                 return ENOMEM;
  84             }
  85             memmove(d->dbname, db, mkey - db);
  86             d->dbname[mkey - db] = '\0';
  87         }
  88         d->mkey = strdup(mkey + 1);
  89         if(d->mkey == NULL) {
  90             free(d->dbname);
  91             free(d);
  92             krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
  93             return ENOMEM;
  94         }
  95     }
  96     id->data = d;
  97     return 0;
  98 }
  99 
 100 static krb5_error_code
 101 hdb_close(krb5_context context, krb5_keytab id)
     /* [<][>][^][v][top][bottom][index][help] */
 102 {
 103     struct hdb_data *d = id->data;
 104 
 105     free(d->dbname);
 106     free(d->mkey);
 107     free(d);
 108     return 0;
 109 }
 110 
 111 static krb5_error_code
 112 hdb_get_name(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 113              krb5_keytab id,
 114              char *name,
 115              size_t namesize)
 116 {
 117     struct hdb_data *d = id->data;
 118 
 119     snprintf(name, namesize, "%s%s%s",
 120              d->dbname ? d->dbname : "",
 121              (d->dbname || d->mkey) ? ":" : "",
 122              d->mkey ? d->mkey : "");
 123     return 0;
 124 }
 125 
 126 static void
 127 set_config (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 128             const krb5_config_binding *binding,
 129             const char **dbname,
 130             const char **mkey)
 131 {
 132     *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
 133     *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
 134 }
 135 
 136 /*
 137  * try to figure out the database (`dbname') and master-key (`mkey')
 138  * that should be used for `principal'.
 139  */
 140 
 141 static void
 142 find_db (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 143          const char **dbname,
 144          const char **mkey,
 145          krb5_const_principal principal)
 146 {
 147     const krb5_config_binding *top_bind = NULL;
 148     const krb5_config_binding *default_binding = NULL;
 149     const krb5_config_binding *db;
 150     krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal));
 151 
 152     *dbname = *mkey = NULL;
 153 
 154     while ((db =
 155             krb5_config_get_next(context,
 156                                  NULL,
 157                                  &top_bind,
 158                                  krb5_config_list,
 159                                  "kdc",
 160                                  "database",
 161                                  NULL)) != NULL) {
 162         const char *p;
 163         
 164         p = krb5_config_get_string (context, db, "realm", NULL);
 165         if (p == NULL) {
 166             if(default_binding) {
 167                 krb5_warnx(context, "WARNING: more than one realm-less "
 168                            "database specification");
 169                 krb5_warnx(context, "WARNING: using the first encountered");
 170             } else
 171                 default_binding = db;
 172         } else if (strcmp (*prealm, p) == 0) {
 173             set_config (context, db, dbname, mkey);
 174             break;
 175         }
 176     }
 177     if (*dbname == NULL && default_binding != NULL)
 178         set_config (context, default_binding, dbname, mkey);
 179     if (*dbname == NULL)
 180         *dbname = HDB_DEFAULT_DB;
 181 }
 182 
 183 /*
 184  * find the keytab entry in `id' for `principal, kvno, enctype' and return
 185  * it in `entry'.  return 0 or an error code
 186  */
 187 
 188 static krb5_error_code
 189 hdb_get_entry(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 190               krb5_keytab id,
 191               krb5_const_principal principal,
 192               krb5_kvno kvno,
 193               krb5_enctype enctype,
 194               krb5_keytab_entry *entry)
 195 {
 196     hdb_entry_ex ent;
 197     krb5_error_code ret;
 198     struct hdb_data *d = id->data;
 199     int i;
 200     HDB *db;
 201     const char *dbname = d->dbname;
 202     const char *mkey   = d->mkey;
 203 
 204     memset(&ent, 0, sizeof(ent));
 205 
 206     if (dbname == NULL)
 207         find_db (context, &dbname, &mkey, principal);
 208 
 209     ret = hdb_create (context, &db, dbname);
 210     if (ret)
 211         return ret;
 212     ret = hdb_set_master_keyfile (context, db, mkey);
 213     if (ret) {
 214         (*db->hdb_destroy)(context, db);
 215         return ret;
 216     }
 217         
 218     ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
 219     if (ret) {
 220         (*db->hdb_destroy)(context, db);
 221         return ret;
 222     }
 223     ret = (*db->hdb_fetch)(context, db, principal,
 224                            HDB_F_DECRYPT|
 225                            HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
 226                            &ent);
 227 
 228     if(ret == HDB_ERR_NOENTRY) {
 229         ret = KRB5_KT_NOTFOUND;
 230         goto out;
 231     }else if(ret)
 232         goto out;
 233 
 234     if(kvno && ent.entry.kvno != kvno) {
 235         hdb_free_entry(context, &ent);
 236         ret = KRB5_KT_NOTFOUND;
 237         goto out;
 238     }
 239     if(enctype == 0)
 240         if(ent.entry.keys.len > 0)
 241             enctype = ent.entry.keys.val[0].key.keytype;
 242     ret = KRB5_KT_NOTFOUND;
 243     for(i = 0; i < ent.entry.keys.len; i++) {
 244         if(ent.entry.keys.val[i].key.keytype == enctype) {
 245             krb5_copy_principal(context, principal, &entry->principal);
 246             entry->vno = ent.entry.kvno;
 247             krb5_copy_keyblock_contents(context,
 248                                         &ent.entry.keys.val[i].key,
 249                                         &entry->keyblock);
 250             ret = 0;
 251             break;
 252         }
 253     }
 254     hdb_free_entry(context, &ent);
 255 out:
 256     (*db->hdb_close)(context, db);
 257     (*db->hdb_destroy)(context, db);
 258     return ret;
 259 }
 260 
 261 krb5_kt_ops hdb_kt_ops = {
 262     "HDB",
 263     hdb_resolve,
 264     hdb_get_name,
 265     hdb_close,
 266     hdb_get_entry,
 267     NULL,               /* start_seq_get */
 268     NULL,               /* next_entry */
 269     NULL,               /* end_seq_get */
 270     NULL,               /* add */
 271     NULL                /* remove */
 272 };

/* [<][>][^][v][top][bottom][index][help] */