2
* Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
#include "krb5_locl.h"
38
#ifndef HEIMDAL_SMALLER
40
/* afs keyfile operations --------------------------------------- */
43
* Minimum tools to handle the AFS KeyFile.
45
* Format of the KeyFile is:
46
* <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
48
* It just adds to the end of the keyfile, deleting isn't implemented.
49
* Use your favorite text/hex editor to delete keys.
53
#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
54
#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
64
* set `d->cell' and `d->realm'
68
get_cell_and_realm (krb5_context context, struct akf_data *d)
71
char buf[BUFSIZ], *cp;
74
f = fopen (AFS_SERVERTHISCELL, "r");
77
krb5_set_error_message (context, ret,
78
N_("Open ThisCell %s: %s", ""),
83
if (fgets (buf, sizeof(buf), f) == NULL) {
85
krb5_set_error_message (context, EINVAL,
86
N_("No cell in ThisCell file %s", ""),
90
buf[strcspn(buf, "\n")] = '\0';
93
d->cell = strdup (buf);
94
if (d->cell == NULL) {
95
krb5_set_error_message(context, ENOMEM,
96
N_("malloc: out of memory", ""));
100
f = fopen (AFS_SERVERMAGICKRBCONF, "r");
102
if (fgets (buf, sizeof(buf), f) == NULL) {
106
krb5_set_error_message (context, EINVAL,
107
N_("No realm in ThisCell file %s", ""),
108
AFS_SERVERMAGICKRBCONF);
111
buf[strcspn(buf, "\n")] = '\0';
115
for (cp = buf; *cp != '\0'; cp++)
116
*cp = toupper((unsigned char)*cp);
118
d->realm = strdup (buf);
119
if (d->realm == NULL) {
122
krb5_set_error_message(context, ENOMEM,
123
N_("malloc: out of memory", ""));
130
* init and get filename
133
static krb5_error_code
134
akf_resolve(krb5_context context, const char *name, krb5_keytab id)
137
struct akf_data *d = malloc(sizeof (struct akf_data));
140
krb5_set_error_message(context, ENOMEM,
141
N_("malloc: out of memory", ""));
146
ret = get_cell_and_realm (context, d);
151
d->filename = strdup (name);
152
if (d->filename == NULL) {
156
krb5_set_error_message(context, ENOMEM,
157
N_("malloc: out of memory", ""));
169
static krb5_error_code
170
akf_close(krb5_context context, krb5_keytab id)
172
struct akf_data *d = id->data;
184
static krb5_error_code
185
akf_get_name(krb5_context context,
190
struct akf_data *d = id->data;
192
strlcpy (name, d->filename, name_sz);
200
static krb5_error_code
201
akf_start_seq_get(krb5_context context,
206
struct akf_data *d = id->data;
208
c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
211
krb5_set_error_message(context, ret,
212
N_("keytab afs keyfile open %s failed: %s", ""),
213
d->filename, strerror(ret));
217
c->sp = krb5_storage_from_fd(c->fd);
218
ret = krb5_ret_uint32(c->sp, &d->num_entries);
220
krb5_storage_free(c->sp);
222
krb5_clear_error_message (context);
223
if(ret == KRB5_KT_END)
224
return KRB5_KT_NOTFOUND;
231
static krb5_error_code
232
akf_next_entry(krb5_context context,
234
krb5_keytab_entry *entry,
235
krb5_kt_cursor *cursor)
237
struct akf_data *d = id->data;
242
pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
244
if ((pos - 4) / (4 + 8) >= d->num_entries)
247
ret = krb5_make_principal (context, &entry->principal,
248
d->realm, "afs", d->cell, NULL);
252
ret = krb5_ret_int32(cursor->sp, &kvno);
254
krb5_free_principal (context, entry->principal);
260
entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
261
entry->keyblock.keyvalue.length = 8;
262
entry->keyblock.keyvalue.data = malloc (8);
263
if (entry->keyblock.keyvalue.data == NULL) {
264
krb5_free_principal (context, entry->principal);
265
krb5_set_error_message(context, ENOMEM,
266
N_("malloc: out of memory", ""));
271
ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
273
ret = (ret < 0) ? errno : KRB5_KT_END;
277
entry->timestamp = time(NULL);
280
krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
284
static krb5_error_code
285
akf_end_seq_get(krb5_context context,
287
krb5_kt_cursor *cursor)
289
krb5_storage_free(cursor->sp);
294
static krb5_error_code
295
akf_add_entry(krb5_context context,
297
krb5_keytab_entry *entry)
299
struct akf_data *d = id->data;
306
if (entry->keyblock.keyvalue.length != 8)
308
switch(entry->keyblock.keytype) {
309
case ETYPE_DES_CBC_CRC:
310
case ETYPE_DES_CBC_MD4:
311
case ETYPE_DES_CBC_MD5:
317
fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
319
fd = open (d->filename,
320
O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600);
323
krb5_set_error_message(context, ret,
324
N_("open keyfile(%s): %s", ""),
332
sp = krb5_storage_from_fd(fd);
335
krb5_set_error_message(context, ENOMEM,
336
N_("malloc: out of memory", ""));
342
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
344
krb5_storage_free(sp);
346
krb5_set_error_message(context, ret,
347
N_("seeking in keyfile: %s", ""),
352
ret = krb5_ret_int32(sp, &len);
354
krb5_storage_free(sp);
361
* Make sure we don't add the entry twice, assumes the DES
362
* encryption types are all the same key.
368
for (i = 0; i < len; i++) {
369
ret = krb5_ret_int32(sp, &kvno);
371
krb5_set_error_message (context, ret,
372
N_("Failed getting kvno from keyfile", ""));
375
if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
377
krb5_set_error_message (context, ret,
378
N_("Failed seeing in keyfile: %s", ""),
382
if (kvno == entry->vno) {
391
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
393
krb5_set_error_message (context, ret,
394
N_("Failed seeing in keyfile: %s", ""),
399
ret = krb5_store_int32(sp, len);
402
krb5_set_error_message (context, ret,
403
N_("keytab keyfile failed new length", ""));
407
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
409
krb5_set_error_message (context, ret,
410
N_("seek to end: %s", ""), strerror(ret));
414
ret = krb5_store_int32(sp, entry->vno);
416
krb5_set_error_message(context, ret,
417
N_("keytab keyfile failed store kvno", ""));
420
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
421
entry->keyblock.keyvalue.length);
422
if(ret != entry->keyblock.keyvalue.length) {
427
krb5_set_error_message(context, ret,
428
N_("keytab keyfile failed to add key", ""));
433
krb5_storage_free(sp);
438
const krb5_kt_ops krb5_akf_ops = {
451
#endif /* HEIMDAL_SMALLER */