2
* Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
#include "krb5_locl.h"
35
#include "store-int.h"
39
#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
40
#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
41
#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
42
#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
43
krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
45
void KRB5_LIB_FUNCTION
46
krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
51
void KRB5_LIB_FUNCTION
52
krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
57
krb5_boolean KRB5_LIB_FUNCTION
58
krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
60
return (sp->flags & flags) == flags;
63
void KRB5_LIB_FUNCTION
64
krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
66
sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
67
sp->flags |= byteorder;
70
krb5_flags KRB5_LIB_FUNCTION
71
krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
73
return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
76
off_t KRB5_LIB_FUNCTION
77
krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
79
return (*sp->seek)(sp, offset, whence);
82
krb5_ssize_t KRB5_LIB_FUNCTION
83
krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
85
return sp->fetch(sp, buf, len);
88
krb5_ssize_t KRB5_LIB_FUNCTION
89
krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
91
return sp->store(sp, buf, len);
94
void KRB5_LIB_FUNCTION
95
krb5_storage_set_eof_code(krb5_storage *sp, int code)
100
krb5_ssize_t KRB5_LIB_FUNCTION
101
_krb5_put_int(void *buffer, unsigned long value, size_t size)
103
unsigned char *p = buffer;
105
for (i = size - 1; i >= 0; i--) {
112
krb5_ssize_t KRB5_LIB_FUNCTION
113
_krb5_get_int(void *buffer, unsigned long *value, size_t size)
115
unsigned char *p = buffer;
118
for (i = 0; i < size; i++)
124
krb5_error_code KRB5_LIB_FUNCTION
125
krb5_storage_free(krb5_storage *sp)
134
krb5_error_code KRB5_LIB_FUNCTION
135
krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
141
pos = sp->seek(sp, 0, SEEK_CUR);
142
size = (size_t)sp->seek(sp, 0, SEEK_END);
143
ret = krb5_data_alloc (data, size);
145
sp->seek(sp, pos, SEEK_SET);
149
sp->seek(sp, 0, SEEK_SET);
150
sp->fetch(sp, data->data, data->length);
151
sp->seek(sp, pos, SEEK_SET);
156
static krb5_error_code
157
krb5_store_int(krb5_storage *sp,
166
_krb5_put_int(v, value, len);
167
ret = sp->store(sp, v, len);
169
return (ret<0)?errno:sp->eof_code;
173
krb5_error_code KRB5_LIB_FUNCTION
174
krb5_store_int32(krb5_storage *sp,
177
if(BYTEORDER_IS_HOST(sp))
178
value = htonl(value);
179
else if(BYTEORDER_IS_LE(sp))
180
value = bswap32(value);
181
return krb5_store_int(sp, value, 4);
184
krb5_error_code KRB5_LIB_FUNCTION
185
krb5_store_uint32(krb5_storage *sp,
188
return krb5_store_int32(sp, (int32_t)value);
191
static krb5_error_code
192
krb5_ret_int(krb5_storage *sp,
199
ret = sp->fetch(sp, v, len);
201
return (ret<0)?errno:sp->eof_code;
202
_krb5_get_int(v, &w, len);
207
krb5_error_code KRB5_LIB_FUNCTION
208
krb5_ret_int32(krb5_storage *sp,
211
krb5_error_code ret = krb5_ret_int(sp, value, 4);
214
if(BYTEORDER_IS_HOST(sp))
215
*value = htonl(*value);
216
else if(BYTEORDER_IS_LE(sp))
217
*value = bswap32(*value);
221
krb5_error_code KRB5_LIB_FUNCTION
222
krb5_ret_uint32(krb5_storage *sp,
228
ret = krb5_ret_int32(sp, &v);
230
*value = (uint32_t)v;
235
krb5_error_code KRB5_LIB_FUNCTION
236
krb5_store_int16(krb5_storage *sp,
239
if(BYTEORDER_IS_HOST(sp))
240
value = htons(value);
241
else if(BYTEORDER_IS_LE(sp))
242
value = bswap16(value);
243
return krb5_store_int(sp, value, 2);
246
krb5_error_code KRB5_LIB_FUNCTION
247
krb5_store_uint16(krb5_storage *sp,
250
return krb5_store_int16(sp, (int16_t)value);
253
krb5_error_code KRB5_LIB_FUNCTION
254
krb5_ret_int16(krb5_storage *sp,
259
ret = krb5_ret_int(sp, &v, 2);
263
if(BYTEORDER_IS_HOST(sp))
264
*value = htons(*value);
265
else if(BYTEORDER_IS_LE(sp))
266
*value = bswap16(*value);
270
krb5_error_code KRB5_LIB_FUNCTION
271
krb5_ret_uint16(krb5_storage *sp,
277
ret = krb5_ret_int16(sp, &v);
279
*value = (uint16_t)v;
284
krb5_error_code KRB5_LIB_FUNCTION
285
krb5_store_int8(krb5_storage *sp,
290
ret = sp->store(sp, &value, sizeof(value));
291
if (ret != sizeof(value))
292
return (ret<0)?errno:sp->eof_code;
296
krb5_error_code KRB5_LIB_FUNCTION
297
krb5_store_uint8(krb5_storage *sp,
300
return krb5_store_int8(sp, (int8_t)value);
303
krb5_error_code KRB5_LIB_FUNCTION
304
krb5_ret_int8(krb5_storage *sp,
309
ret = sp->fetch(sp, value, sizeof(*value));
310
if (ret != sizeof(*value))
311
return (ret<0)?errno:sp->eof_code;
315
krb5_error_code KRB5_LIB_FUNCTION
316
krb5_ret_uint8(krb5_storage *sp,
322
ret = krb5_ret_int8(sp, &v);
329
krb5_error_code KRB5_LIB_FUNCTION
330
krb5_store_data(krb5_storage *sp,
334
ret = krb5_store_int32(sp, data.length);
337
ret = sp->store(sp, data.data, data.length);
338
if(ret != data.length){
346
krb5_error_code KRB5_LIB_FUNCTION
347
krb5_ret_data(krb5_storage *sp,
353
ret = krb5_ret_int32(sp, &size);
356
ret = krb5_data_alloc (data, size);
360
ret = sp->fetch(sp, data->data, size);
362
return (ret < 0)? errno : sp->eof_code;
367
krb5_error_code KRB5_LIB_FUNCTION
368
krb5_store_string(krb5_storage *sp, const char *s)
371
data.length = strlen(s);
372
data.data = rk_UNCONST(s);
373
return krb5_store_data(sp, data);
376
krb5_error_code KRB5_LIB_FUNCTION
377
krb5_ret_string(krb5_storage *sp,
382
ret = krb5_ret_data(sp, &data);
385
*string = realloc(data.data, data.length + 1);
390
(*string)[data.length] = 0;
394
krb5_error_code KRB5_LIB_FUNCTION
395
krb5_store_stringz(krb5_storage *sp, const char *s)
397
size_t len = strlen(s) + 1;
400
ret = sp->store(sp, s, len);
410
krb5_error_code KRB5_LIB_FUNCTION
411
krb5_ret_stringz(krb5_storage *sp,
419
while((ret = sp->fetch(sp, &c, 1)) == 1){
423
tmp = realloc (s, len);
443
krb5_error_code KRB5_LIB_FUNCTION
444
krb5_store_stringnl(krb5_storage *sp, const char *s)
446
size_t len = strlen(s);
449
ret = sp->store(sp, s, len);
456
ret = sp->store(sp, "\n", 1);
468
krb5_error_code KRB5_LIB_FUNCTION
469
krb5_ret_stringnl(krb5_storage *sp,
478
while((ret = sp->fetch(sp, &c, 1)) == 1){
485
if (expect_nl && c != '\n') {
487
return KRB5_BADMSGTYPE;
491
tmp = realloc (s, len);
514
krb5_error_code KRB5_LIB_FUNCTION
515
krb5_store_principal(krb5_storage *sp,
516
krb5_const_principal p)
521
if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
522
ret = krb5_store_int32(sp, p->name.name_type);
525
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
526
ret = krb5_store_int32(sp, p->name.name_string.len + 1);
528
ret = krb5_store_int32(sp, p->name.name_string.len);
531
ret = krb5_store_string(sp, p->realm);
533
for(i = 0; i < p->name.name_string.len; i++){
534
ret = krb5_store_string(sp, p->name.name_string.val[i]);
540
krb5_error_code KRB5_LIB_FUNCTION
541
krb5_ret_principal(krb5_storage *sp,
542
krb5_principal *princ)
550
p = calloc(1, sizeof(*p));
554
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
555
type = KRB5_NT_UNKNOWN;
556
else if((ret = krb5_ret_int32(sp, &type))){
560
if((ret = krb5_ret_int32(sp, &ncomp))){
564
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
570
p->name.name_type = type;
571
p->name.name_string.len = ncomp;
572
ret = krb5_ret_string(sp, &p->realm);
577
p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
578
if(p->name.name_string.val == NULL && ncomp != 0){
583
for(i = 0; i < ncomp; i++){
584
ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
587
free(p->name.name_string.val[i--]);
597
krb5_error_code KRB5_LIB_FUNCTION
598
krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
601
ret = krb5_store_int16(sp, p.keytype);
604
if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
605
/* this should really be enctype, but it is the same as
607
ret = krb5_store_int16(sp, p.keytype);
611
ret = krb5_store_data(sp, p.keyvalue);
615
krb5_error_code KRB5_LIB_FUNCTION
616
krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
621
ret = krb5_ret_int16(sp, &tmp);
625
if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
626
ret = krb5_ret_int16(sp, &tmp);
630
ret = krb5_ret_data(sp, &p->keyvalue);
634
krb5_error_code KRB5_LIB_FUNCTION
635
krb5_store_times(krb5_storage *sp, krb5_times times)
638
ret = krb5_store_int32(sp, times.authtime);
640
ret = krb5_store_int32(sp, times.starttime);
642
ret = krb5_store_int32(sp, times.endtime);
644
ret = krb5_store_int32(sp, times.renew_till);
648
krb5_error_code KRB5_LIB_FUNCTION
649
krb5_ret_times(krb5_storage *sp, krb5_times *times)
653
ret = krb5_ret_int32(sp, &tmp);
654
times->authtime = tmp;
656
ret = krb5_ret_int32(sp, &tmp);
657
times->starttime = tmp;
659
ret = krb5_ret_int32(sp, &tmp);
660
times->endtime = tmp;
662
ret = krb5_ret_int32(sp, &tmp);
663
times->renew_till = tmp;
667
krb5_error_code KRB5_LIB_FUNCTION
668
krb5_store_address(krb5_storage *sp, krb5_address p)
671
ret = krb5_store_int16(sp, p.addr_type);
673
ret = krb5_store_data(sp, p.address);
677
krb5_error_code KRB5_LIB_FUNCTION
678
krb5_ret_address(krb5_storage *sp, krb5_address *adr)
682
ret = krb5_ret_int16(sp, &t);
685
ret = krb5_ret_data(sp, &adr->address);
689
krb5_error_code KRB5_LIB_FUNCTION
690
krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
694
ret = krb5_store_int32(sp, p.len);
696
for(i = 0; i<p.len; i++){
697
ret = krb5_store_address(sp, p.val[i]);
703
krb5_error_code KRB5_LIB_FUNCTION
704
krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
710
ret = krb5_ret_int32(sp, &tmp);
713
ALLOC(adr->val, adr->len);
714
if (adr->val == NULL && adr->len != 0)
716
for(i = 0; i < adr->len; i++){
717
ret = krb5_ret_address(sp, &adr->val[i]);
723
krb5_error_code KRB5_LIB_FUNCTION
724
krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
728
ret = krb5_store_int32(sp, auth.len);
730
for(i = 0; i < auth.len; i++){
731
ret = krb5_store_int16(sp, auth.val[i].ad_type);
733
ret = krb5_store_data(sp, auth.val[i].ad_data);
739
krb5_error_code KRB5_LIB_FUNCTION
740
krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
746
ret = krb5_ret_int32(sp, &tmp);
748
ALLOC_SEQ(auth, tmp);
749
if (auth->val == NULL && tmp != 0)
751
for(i = 0; i < tmp; i++){
752
ret = krb5_ret_int16(sp, &tmp2);
754
auth->val[i].ad_type = tmp2;
755
ret = krb5_ret_data(sp, &auth->val[i].ad_data);
766
for (i = 0; i < 32; i++) {
767
r = r << 1 | (b & 1);
778
krb5_error_code KRB5_LIB_FUNCTION
779
krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
783
ret = krb5_store_principal(sp, creds->client);
786
ret = krb5_store_principal(sp, creds->server);
789
ret = krb5_store_keyblock(sp, creds->session);
792
ret = krb5_store_times(sp, creds->times);
795
ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
799
if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
800
ret = krb5_store_int32(sp, creds->flags.i);
802
ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
806
ret = krb5_store_addrs(sp, creds->addresses);
809
ret = krb5_store_authdata(sp, creds->authdata);
812
ret = krb5_store_data(sp, creds->ticket);
815
ret = krb5_store_data(sp, creds->second_ticket);
819
krb5_error_code KRB5_LIB_FUNCTION
820
krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
826
memset(creds, 0, sizeof(*creds));
827
ret = krb5_ret_principal (sp, &creds->client);
828
if(ret) goto cleanup;
829
ret = krb5_ret_principal (sp, &creds->server);
830
if(ret) goto cleanup;
831
ret = krb5_ret_keyblock (sp, &creds->session);
832
if(ret) goto cleanup;
833
ret = krb5_ret_times (sp, &creds->times);
834
if(ret) goto cleanup;
835
ret = krb5_ret_int8 (sp, &dummy8);
836
if(ret) goto cleanup;
837
ret = krb5_ret_int32 (sp, &dummy32);
838
if(ret) goto cleanup;
840
* Runtime detect the what is the higher bits of the bitfield. If
841
* any of the higher bits are set in the input data, it's either a
842
* new ticket flag (and this code need to be removed), or it's a
843
* MIT cache (or new Heimdal cache), lets change it to our current
847
uint32_t mask = 0xffff0000;
849
creds->flags.b.anonymous = 1;
850
if (creds->flags.i & mask)
853
dummy32 = bitswap32(dummy32);
855
creds->flags.i = dummy32;
856
ret = krb5_ret_addrs (sp, &creds->addresses);
857
if(ret) goto cleanup;
858
ret = krb5_ret_authdata (sp, &creds->authdata);
859
if(ret) goto cleanup;
860
ret = krb5_ret_data (sp, &creds->ticket);
861
if(ret) goto cleanup;
862
ret = krb5_ret_data (sp, &creds->second_ticket);
866
krb5_free_cred_contents(context, creds); /* XXX */
872
#define SC_CLIENT_PRINCIPAL 0x0001
873
#define SC_SERVER_PRINCIPAL 0x0002
874
#define SC_SESSION_KEY 0x0004
875
#define SC_TICKET 0x0008
876
#define SC_SECOND_TICKET 0x0010
877
#define SC_AUTHDATA 0x0020
878
#define SC_ADDRESSES 0x0040
884
krb5_error_code KRB5_LIB_FUNCTION
885
krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
891
header |= SC_CLIENT_PRINCIPAL;
893
header |= SC_SERVER_PRINCIPAL;
894
if (creds->session.keytype != ETYPE_NULL)
895
header |= SC_SESSION_KEY;
896
if (creds->ticket.data)
898
if (creds->second_ticket.length)
899
header |= SC_SECOND_TICKET;
900
if (creds->authdata.len)
901
header |= SC_AUTHDATA;
902
if (creds->addresses.len)
903
header |= SC_ADDRESSES;
905
ret = krb5_store_int32(sp, header);
908
ret = krb5_store_principal(sp, creds->client);
914
ret = krb5_store_principal(sp, creds->server);
919
if (creds->session.keytype != ETYPE_NULL) {
920
ret = krb5_store_keyblock(sp, creds->session);
925
ret = krb5_store_times(sp, creds->times);
928
ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
932
ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
936
if (creds->addresses.len) {
937
ret = krb5_store_addrs(sp, creds->addresses);
942
if (creds->authdata.len) {
943
ret = krb5_store_authdata(sp, creds->authdata);
948
if (creds->ticket.data) {
949
ret = krb5_store_data(sp, creds->ticket);
954
if (creds->second_ticket.data) {
955
ret = krb5_store_data(sp, creds->second_ticket);
963
krb5_error_code KRB5_LIB_FUNCTION
964
krb5_ret_creds_tag(krb5_storage *sp,
969
int32_t dummy32, header;
971
memset(creds, 0, sizeof(*creds));
973
ret = krb5_ret_int32 (sp, &header);
974
if (ret) goto cleanup;
976
if (header & SC_CLIENT_PRINCIPAL) {
977
ret = krb5_ret_principal (sp, &creds->client);
978
if(ret) goto cleanup;
980
if (header & SC_SERVER_PRINCIPAL) {
981
ret = krb5_ret_principal (sp, &creds->server);
982
if(ret) goto cleanup;
984
if (header & SC_SESSION_KEY) {
985
ret = krb5_ret_keyblock (sp, &creds->session);
986
if(ret) goto cleanup;
988
ret = krb5_ret_times (sp, &creds->times);
989
if(ret) goto cleanup;
990
ret = krb5_ret_int8 (sp, &dummy8);
991
if(ret) goto cleanup;
992
ret = krb5_ret_int32 (sp, &dummy32);
993
if(ret) goto cleanup;
995
* Runtime detect the what is the higher bits of the bitfield. If
996
* any of the higher bits are set in the input data, it's either a
997
* new ticket flag (and this code need to be removed), or it's a
998
* MIT cache (or new Heimdal cache), lets change it to our current
1002
uint32_t mask = 0xffff0000;
1004
creds->flags.b.anonymous = 1;
1005
if (creds->flags.i & mask)
1008
dummy32 = bitswap32(dummy32);
1010
creds->flags.i = dummy32;
1011
if (header & SC_ADDRESSES) {
1012
ret = krb5_ret_addrs (sp, &creds->addresses);
1013
if(ret) goto cleanup;
1015
if (header & SC_AUTHDATA) {
1016
ret = krb5_ret_authdata (sp, &creds->authdata);
1017
if(ret) goto cleanup;
1019
if (header & SC_TICKET) {
1020
ret = krb5_ret_data (sp, &creds->ticket);
1021
if(ret) goto cleanup;
1023
if (header & SC_SECOND_TICKET) {
1024
ret = krb5_ret_data (sp, &creds->second_ticket);
1025
if(ret) goto cleanup;
1031
krb5_free_cred_contents(context, creds); /* XXX */