search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / lib / hdb / hdb-mitdb.c
blobe65869a667507a1ecff6d7b4562ecb0bcf0b1c32
1 /*
2 * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
37 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
38 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
39 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
40 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
41 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
42 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
43 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
44 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
45 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
46 #define KRB5_KDB_DISALLOW_SVR 0x00001000
47 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
48 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000
49 #define KRB5_KDB_NEW_PRINC 0x00008000
50
51 /*
52
53 key: krb5_unparse_name + NUL
54
55 16: baselength
56 32: attributes
57 32: max time
58 32: max renewable time
59 32: client expire
60 32: passwd expire
61 32: last successful passwd
62 32: last failed attempt
63 32: num of failed attempts
64 16: num tl data
65 16: num data data
66 16: principal length
67 length: principal
68 for num tl data times
69 16: tl data type
70 16: tl data length
71 length: length
72 for num key data times
73 16: version (num keyblocks)
74 16: kvno
75 for version times:
76 16: type
77 16: length
78 length: keydata
79
80
81 key_data_contents[0]
82
83 int16: length
84 read-of-data: key-encrypted, key-usage 0, master-key
85
86 salt:
87 version2 = salt in key_data->key_data_contents[1]
88 else default salt.
89
90 */
91
92 #include "hdb_locl.h"
93
94 typedef struct MITDB {
95 HDB db; /* Generic */
96 int do_sync; /* MITDB-specific */
97 } MITDB;
98
99 static void
100 attr_to_flags(unsigned attr, HDBFlags *flags)
101 {
102 flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
103 flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
104 flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
105 flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
106 flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
107 /* DUP_SKEY */
108 flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
109 flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
110 flags->require_hwauth = !!(attr & KRB5_KDB_REQUIRES_HW_AUTH);
111 flags->require_pwchange = !!(attr & KRB5_KDB_REQUIRES_PWCHANGE);
112 flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
113 flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
114 flags->client = 1; /* XXX */
115 }
116
117 #define KDB_V1_BASE_LENGTH 38
118
119 #define CHECK(x) do { if ((x)) goto out; } while(0)
120
121 #ifdef HAVE_MITDB
122 static krb5_error_code
123 mdb_principal2key(krb5_context context,
124 krb5_const_principal principal,
125 krb5_data *key)
126 {
127 krb5_error_code ret;
128 char *str;
129
130 ret = krb5_unparse_name(context, principal, &str);
131 if (ret)
132 return ret;
133 key->data = str;
134 key->length = strlen(str) + 1;
135 return 0;
136 }
137 #endif /* HAVE_MITDB */
138
139 #define KRB5_KDB_SALTTYPE_NORMAL 0
140 #define KRB5_KDB_SALTTYPE_V4 1
141 #define KRB5_KDB_SALTTYPE_NOREALM 2
142 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
143 #define KRB5_KDB_SALTTYPE_SPECIAL 4
144 #define KRB5_KDB_SALTTYPE_AFS3 5
145 #define KRB5_KDB_SALTTYPE_CERTHASH 6
146
147 static krb5_error_code
148 fix_salt(krb5_context context, hdb_entry *ent, Key *k)
149 {
150 krb5_error_code ret;
151 Salt *salt = k->salt;
152 /* fix salt type */
153 switch((int)salt->type) {
154 case KRB5_KDB_SALTTYPE_NORMAL:
155 salt->type = KRB5_PADATA_PW_SALT;
156 break;
157 case KRB5_KDB_SALTTYPE_V4:
158 krb5_data_free(&salt->salt);
159 salt->type = KRB5_PADATA_PW_SALT;
160 break;
161 case KRB5_KDB_SALTTYPE_NOREALM:
162 {
163 size_t len;
164 size_t i;
165 char *p;
166
167 len = 0;
168 for (i = 0; i < ent->principal->name.name_string.len; ++i)
169 len += strlen(ent->principal->name.name_string.val[i]);
170 ret = krb5_data_alloc (&salt->salt, len);
171 if (ret)
172 return ret;
173 p = salt->salt.data;
174 for (i = 0; i < ent->principal->name.name_string.len; ++i) {
175 memcpy (p,
176 ent->principal->name.name_string.val[i],
177 strlen(ent->principal->name.name_string.val[i]));
178 p += strlen(ent->principal->name.name_string.val[i]);
179 }
180
181 salt->type = KRB5_PADATA_PW_SALT;
182 break;
183 }
184 case KRB5_KDB_SALTTYPE_ONLYREALM:
185 krb5_data_free(&salt->salt);
186 ret = krb5_data_copy(&salt->salt,
187 ent->principal->realm,
188 strlen(ent->principal->realm));
189 if(ret)
190 return ret;
191 salt->type = KRB5_PADATA_PW_SALT;
192 break;
193 case KRB5_KDB_SALTTYPE_SPECIAL:
194 salt->type = KRB5_PADATA_PW_SALT;
195 break;
196 case KRB5_KDB_SALTTYPE_AFS3:
197 krb5_data_free(&salt->salt);
198 ret = krb5_data_copy(&salt->salt,
199 ent->principal->realm,
200 strlen(ent->principal->realm));
201 if(ret)
202 return ret;
203 salt->type = KRB5_PADATA_AFS3_SALT;
204 break;
205 case KRB5_KDB_SALTTYPE_CERTHASH:
206 krb5_data_free(&salt->salt);
207 free(k->salt);
208 k->salt = NULL;
209 break;
210 default:
211 abort();
212 }
213 return 0;
214 }
215
216
217 /**
218 * This function takes a key from a krb5_storage from an MIT KDB encoded
219 * entry and places it in the given Key object.
220 *
221 * @param context Context
222 * @param entry HDB entry
223 * @param sp krb5_storage with current offset set to the beginning of a
224 * key
225 * @param version See comments in caller body for the backstory on this
226 * @param k Key * to load the key into
227 */
228 static krb5_error_code
229 mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint16_t version, Key *k)
230 {
231 size_t i;
232 uint16_t u16, type;
233 krb5_error_code ret;
234
235 k->mkvno = malloc(sizeof(*k->mkvno));
236 if (k->mkvno == NULL) {
237 ret = ENOMEM;
238 goto out;
239 }
240 *k->mkvno = 1;
241
242 for (i = 0; i < version; i++) {
243 CHECK(ret = krb5_ret_uint16(sp, &type));
244 CHECK(ret = krb5_ret_uint16(sp, &u16));
245 if (i == 0) {
246 /* This "version" means we have a key */
247 k->key.keytype = type;
248 /*
249 * MIT stores keys encrypted keys as {16-bit length
250 * of plaintext key, {encrypted key}}. The reason
251 * for this is that the Kerberos cryptosystem is not
252 * length-preserving. Heimdal's approach is to
253 * truncate the plaintext to the expected length of
254 * the key given its enctype, so we ignore this
255 * 16-bit length-of-plaintext-key field.
256 */
257 if (u16 > 2) {
258 krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */
259 k->key.keyvalue.length = u16 - 2; /* adjust cipher len */
260 k->key.keyvalue.data = malloc(k->key.keyvalue.length);
261 krb5_storage_read(sp, k->key.keyvalue.data,
262 k->key.keyvalue.length);
263 } else {
264 /* We'll ignore this key; see our caller */
265 k->key.keyvalue.length = 0;
266 k->key.keyvalue.data = NULL;
267 krb5_storage_seek(sp, u16, SEEK_CUR); /* skip real length */
268 }
269 } else if (i == 1) {
270 /* This "version" means we have a salt */
271 k->salt = calloc(1, sizeof(*k->salt));
272 if (k->salt == NULL) {
273 ret = ENOMEM;
274 goto out;
275 }
276 k->salt->type = type;
277 if (u16 != 0) {
278 k->salt->salt.data = malloc(u16);
279 if (k->salt->salt.data == NULL) {
280 ret = ENOMEM;
281 goto out;
282 }
283 k->salt->salt.length = u16;
284 krb5_storage_read(sp, k->salt->salt.data, k->salt->salt.length);
285 }
286 fix_salt(context, entry, k);
287 } else {
288 /*
289 * Whatever this "version" might be, we skip it
290 *
291 * XXX A krb5.conf parameter requesting that we log
292 * about strangeness like this, or return an error
293 * from here, might be nice.
294 */
295 krb5_storage_seek(sp, u16, SEEK_CUR);
296 }
297 }
298
299 return 0;
300
301 out:
302 free_Key(k);
303 return ret;
304 }
305
306
307 static krb5_error_code
308 add_1des_dup(krb5_context context, Keys *keys, Key *key, krb5_keytype keytype)
309 {
310 key->key.keytype = keytype;
311 return add_Keys(keys, key);
312 }
313
314 /*
315 * This monstrosity is here so we can avoid having to do enctype
316 * similarity checking in the KDC. This helper function dups 1DES keys
317 * in a keyset for all the similar 1DES enctypes for which keys are
318 * missing. And, of course, we do this only if there's any 1DES keys in
319 * the keyset to begin with.
320 */
321 static krb5_error_code
322 dup_similar_keys_in_keyset(krb5_context context, Keys *keys)
323 {
324 krb5_error_code ret;
325 size_t i, k;
326 Key key;
327 int keyset_has_1des_crc = 0;
328 int keyset_has_1des_md4 = 0;
329 int keyset_has_1des_md5 = 0;
330
331 memset(&key, 0, sizeof (key));
332 k = keys->len;
333 for (i = 0; i < keys->len; i++) {
334 if (keys->val[i].key.keytype == ETYPE_DES_CBC_CRC) {
335 keyset_has_1des_crc = 1;
336 if (k == keys->len)
337 k = i;
338 } else if (keys->val[i].key.keytype == ETYPE_DES_CBC_MD4) {
339 keyset_has_1des_crc = 1;
340 if (k == keys->len)
341 k = i;
342 } else if (keys->val[i].key.keytype == ETYPE_DES_CBC_MD5) {
343 keyset_has_1des_crc = 1;
344 if (k == keys->len)
345 k = i;
346 }
347 }
348 if (k == keys->len)
349 return 0;
350
351 ret = copy_Key(&keys->val[k], &key);
352 if (ret)
353 return ret;
354 if (!keyset_has_1des_crc) {
355 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_CRC);
356 if (ret)
357 goto out;
358 }
359 if (!keyset_has_1des_md4) {
360 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_MD4);
361 if (ret)
362 goto out;
363 }
364 if (!keyset_has_1des_md5) {
365 ret = add_1des_dup(context, keys, &key, ETYPE_DES_CBC_MD5);
366 if (ret)
367 goto out;
368 }
369
370 out:
371 free_Key(&key);
372 return ret;
373 }
374
375
376 static krb5_error_code
377 dup_similar_keys(krb5_context context, hdb_entry *entry)
378 {
379 krb5_error_code ret;
380 HDB_Ext_KeySet *hist_keys;
381 HDB_extension *extp;
382 size_t i;
383
384 ret = dup_similar_keys_in_keyset(context, &entry->keys);
385 if (ret)
386 return ret;
387 extp = hdb_find_extension(entry, choice_HDB_extension_data_hist_keys);
388 if (extp == NULL)
389 return 0;
390
391 hist_keys = &extp->data.u.hist_keys;
392 for (i = 0; i < hist_keys->len; i++) {
393 ret = dup_similar_keys_in_keyset(context, &hist_keys->val[i].keys);
394 if (ret)
395 return ret;
396 }
397 return 0;
398 }
399
400
401 /**
402 * This function parses an MIT krb5 encoded KDB entry and fills in the
403 * given HDB entry with it.
404 *
405 * @param context krb5_context
406 * @param data Encoded MIT KDB entry
407 * @param target_kvno Desired kvno, or 0 for the entry's current kvno
408 * @param entry Desired kvno, or 0 for the entry's current kvno
409 */
410 krb5_error_code
411 _hdb_mdb_value2entry(krb5_context context, krb5_data *data,
412 krb5_kvno target_kvno, hdb_entry *entry)
413 {
414 krb5_error_code ret;
415 krb5_storage *sp;
416 Key k;
417 krb5_kvno key_kvno;
418 uint32_t u32;
419 uint16_t u16, num_keys, num_tl;
420 ssize_t sz;
421 size_t i;
422 char *p;
423
424 memset(&k, 0, sizeof (k));
425 memset(entry, 0, sizeof(*entry));
426
427 sp = krb5_storage_from_data(data);
428 if (sp == NULL) {
429 krb5_set_error_message(context, ENOMEM, "out of memory");
430 return ENOMEM;
431 }
432
433 krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
434
435 /*
436 * 16: baselength
437 *
438 * The story here is that these 16 bits have to be a constant:
439 * KDB_V1_BASE_LENGTH. Once upon a time a different value here
440 * would have been used to indicate the presence of "extra data"
441 * between the "base" contents and the {principal name, TL data,
442 * keys} that follow it. Nothing supports such "extra data"
443 * nowadays, so neither do we here.
444 *
445 * XXX But... surely we ought to log about this extra data, or skip
446 * it, or something, in case anyone has MIT KDBs with ancient
447 * entries in them... Logging would allow the admin to know which
448 * entries to dump with MIT krb5's kdb5_util. But logging would be
449 * noisy. For now we do nothing.
450 */
451 CHECK(ret = krb5_ret_uint16(sp, &u16));
452 if (u16 != KDB_V1_BASE_LENGTH) { ret = EINVAL; goto out; }
453 /* 32: attributes */
454 CHECK(ret = krb5_ret_uint32(sp, &u32));
455 attr_to_flags(u32, &entry->flags);
456
457 /* 32: max time */
458 CHECK(ret = krb5_ret_uint32(sp, &u32));
459 if (u32) {
460 entry->max_life = malloc(sizeof(*entry->max_life));
461 *entry->max_life = u32;
462 }
463 /* 32: max renewable time */
464 CHECK(ret = krb5_ret_uint32(sp, &u32));
465 if (u32) {
466 entry->max_renew = malloc(sizeof(*entry->max_renew));
467 *entry->max_renew = u32;
468 }
469 /* 32: client expire */
470 CHECK(ret = krb5_ret_uint32(sp, &u32));
471 if (u32) {
472 entry->valid_end = malloc(sizeof(*entry->valid_end));
473 *entry->valid_end = u32;
474 }
475 /* 32: passwd expire */
476 CHECK(ret = krb5_ret_uint32(sp, &u32));
477 if (u32) {
478 entry->pw_end = malloc(sizeof(*entry->pw_end));
479 *entry->pw_end = u32;
480 }
481 /* 32: last successful passwd */
482 CHECK(ret = krb5_ret_uint32(sp, &u32));
483 /* 32: last failed attempt */
484 CHECK(ret = krb5_ret_uint32(sp, &u32));
485 /* 32: num of failed attempts */
486 CHECK(ret = krb5_ret_uint32(sp, &u32));
487 /* 16: num tl data */
488 CHECK(ret = krb5_ret_uint16(sp, &u16));
489 num_tl = u16;
490 /* 16: num key data */
491 CHECK(ret = krb5_ret_uint16(sp, &u16));
492 num_keys = u16;
493 /* 16: principal length */
494 CHECK(ret = krb5_ret_uint16(sp, &u16));
495 /* length: principal */
496 {
497 /*
498 * Note that the principal name includes the NUL in the entry,
499 * but we don't want to take chances, so we add an extra NUL.
500 */
501 p = malloc(u16 + 1);
502 if (p == NULL) {
503 ret = ENOMEM;
504 goto out;
505 }
506 sz = krb5_storage_read(sp, p, u16);
507 if (sz != u16) {
508 ret = EINVAL; /* XXX */
509 goto out;
510 }
511 p[u16] = '\0';
512 CHECK(ret = krb5_parse_name(context, p, &entry->principal));
513 free(p);
514 }
515 /* for num tl data times
516 16: tl data type
517 16: tl data length
518 length: length */
519 #define mit_KRB5_TL_LAST_PWD_CHANGE 1
520 #define mit_KRB5_TL_MOD_PRINC 2
521 for (i = 0; i < num_tl; i++) {
522 int tl_type;
523 krb5_principal modby;
524 /* 16: TL data type */
525 CHECK(ret = krb5_ret_uint16(sp, &u16));
526 tl_type = u16;
527 /* 16: TL data length */
528 CHECK(ret = krb5_ret_uint16(sp, &u16));
529 /*
530 * For rollback to MIT purposes we really must understand some
531 * TL data!
532 *
533 * XXX Move all this to separate functions, one per-TL type.
534 */
535 switch (tl_type) {
536 case mit_KRB5_TL_LAST_PWD_CHANGE:
537 CHECK(ret = krb5_ret_uint32(sp, &u32));
538 CHECK(ret = hdb_entry_set_pw_change_time(context, entry, u32));
539 break;
540 case mit_KRB5_TL_MOD_PRINC:
541 if (u16 < 5) {
542 ret = EINVAL; /* XXX */
543 goto out;
544 }
545 CHECK(ret = krb5_ret_uint32(sp, &u32)); /* mod time */
546 p = malloc(u16 - 4 + 1);
547 if (!p) {
548 ret = ENOMEM;
549 goto out;
550 }
551 p[u16 - 4] = '\0';
552 sz = krb5_storage_read(sp, p, u16 - 4);
553 if (sz != u16 - 4) {
554 ret = EINVAL; /* XXX */
555 goto out;
556 }
557 CHECK(ret = krb5_parse_name(context, p, &modby));
558 CHECK(ret = hdb_set_last_modified_by(context, entry, modby, u32));
559 krb5_free_principal(context, modby);
560 free(p);
561 break;
562 default:
563 krb5_storage_seek(sp, u16, SEEK_CUR);
564 break;
565 }
566 }
567 /*
568 * for num key data times
569 * 16: "version"
570 * 16: kvno
571 * for version times:
572 * 16: type
573 * 16: length
574 * length: keydata
575 *
576 * "version" here is really 1 or 2, the first meaning there's only
577 * keys for this kvno, the second meaning there's keys and salt[s?].
578 * That's right... hold that gag reflex, you can do it.
579 */
580 for (i = 0; i < num_keys; i++) {
581 uint16_t version;
582
583 CHECK(ret = krb5_ret_uint16(sp, &u16));
584 version = u16;
585 CHECK(ret = krb5_ret_uint16(sp, &u16));
586 key_kvno = u16;
587
588 ret = mdb_keyvalue2key(context, entry, sp, version, &k);
589 if (ret)
590 goto out;
591 if (k.key.keytype == 0 || k.key.keyvalue.length == 0) {
592 /*
593 * Older MIT KDBs may have enctype 0 / length 0 keys. We
594 * ignore these.
595 */
596 free_Key(&k);
597 continue;
598 }
599
600 if ((target_kvno == 0 && entry->kvno < key_kvno) ||
601 (target_kvno == key_kvno && entry->kvno != target_kvno)) {
602 /*
603 * MIT's KDB doesn't keep track of kvno. The highest kvno
604 * is the current kvno, and we just found a new highest
605 * kvno or the desired kvno.
606 *
607 * Note that there's no guarantee of any key ordering, but
608 * generally MIT KDB entries have keys in strictly
609 * descending kvno order.
610 *
611 * XXX We do assume that keys are clustered by kvno. If
612 * not, then bad. It might be possible to construct
613 * non-clustered keys via the kadm5 API. It wouldn't be
614 * hard to cope with this, since if it happens the worst
615 * that will happen is that some of the current keys can be
616 * found in the history extension, and we could just pull
617 * them back out in that case.
618 */
619 ret = hdb_add_current_keys_to_history(context, entry);
620 if (ret)
621 goto out;
622 free_Keys(&entry->keys);
623 ret = add_Keys(&entry->keys, &k);
624 free_Key(&k);
625 if (ret)
626 goto out;
627 entry->kvno = key_kvno;
628 continue;
629 }
630
631 if (entry->kvno == key_kvno) {
632 /*
633 * Note that if key_kvno == 0 and target_kvno == 0 then we
634 * end up adding those keys here. Yeah, kvno 0 is very
635 * special for us, but just in case, we keep such keys.
636 */
637 ret = add_Keys(&entry->keys, &k);
638 free_Key(&k);
639 if (ret)
640 goto out;
641 entry->kvno = key_kvno;
642 } else {
643 ret = hdb_add_history_key(context, entry, key_kvno, &k);
644 if (ret)
645 goto out;
646 free_Key(&k);
647 }
648 }
649
650 if (target_kvno != 0 && entry->kvno != target_kvno) {
651 ret = HDB_ERR_KVNO_NOT_FOUND;
652 goto out;
653 }
654
655 krb5_storage_free(sp);
656
657 return dup_similar_keys(context, entry);
658
659 out:
660 krb5_storage_free(sp);
661
662 if (ret == HEIM_ERR_EOF)
663 /* Better error code than "end of file" */
664 ret = HEIM_ERR_BAD_HDBENT_ENCODING;
665 free_HDB_entry(entry);
666 free_Key(&k);
667 return ret;
668 }
669
670 #if 0
671 static krb5_error_code
672 mdb_entry2value(krb5_context context, hdb_entry *entry, krb5_data *data)
673 {
674 return EINVAL;
675 }
676 #endif
677
678 #ifdef HAVE_MITDB
679
680 #if defined(HAVE_DB_185_H)
681 #include <db_185.h>
682 #else
683 #include <db.h>
684 #endif
685
686
687 static krb5_error_code
688 mdb_close(krb5_context context, HDB *db)
689 {
690 DB *d = (DB*)db->hdb_db;
691 (*d->close)(d);
692 return 0;
693 }
694
695 static krb5_error_code
696 mdb_destroy(krb5_context context, HDB *db)
697 {
698 krb5_error_code ret;
699
700 ret = hdb_clear_master_key(context, db);
701 krb5_config_free_strings(db->virtual_hostbased_princ_svcs);
702 free(db->hdb_name);
703 free(db);
704 return ret;
705 }
706
707 static krb5_error_code
708 mdb_set_sync(krb5_context context, HDB *db, int on)
709 {
710 MITDB *mdb = (MITDB *)db;
711 DB *d = (DB*)db->hdb_db;
712
713 mdb->do_sync = on;
714 if (on)
715 return fsync((*d->fd)(d));
716 return 0;
717 }
718
719 static krb5_error_code
720 mdb_lock(krb5_context context, HDB *db, int operation)
721 {
722 DB *d = (DB*)db->hdb_db;
723 int fd = (*d->fd)(d);
724 krb5_error_code ret;
725
726 if (db->lock_count > 1) {
727 db->lock_count++;
728 if (db->lock_type == HDB_WLOCK || db->lock_count == operation)
729 return 0;
730 }
731
732 if(fd < 0) {
733 krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
734 "Can't lock database: %s", db->hdb_name);
735 return HDB_ERR_CANT_LOCK_DB;
736 }
737 ret = hdb_lock(fd, operation);
738 if (ret)
739 return ret;
740 db->lock_count++;
741 return 0;
742 }
743
744 static krb5_error_code
745 mdb_unlock(krb5_context context, HDB *db)
746 {
747 DB *d = (DB*)db->hdb_db;
748 int fd = (*d->fd)(d);
749
750 if (db->lock_count > 1) {
751 db->lock_count--;
752 return 0;
753 }
754 heim_assert(db->lock_count == 1, "HDB lock/unlock sequence does not match");
755 db->lock_count--;
756
757 if(fd < 0) {
758 krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
759 "Can't unlock database: %s", db->hdb_name);
760 return HDB_ERR_CANT_LOCK_DB;
761 }
762 return hdb_unlock(fd);
763 }
764
765
766 static krb5_error_code
767 mdb_seq(krb5_context context, HDB *db,
768 unsigned flags, hdb_entry *entry, int flag)
769 {
770 DB *d = (DB*)db->hdb_db;
771 DBT key, value;
772 krb5_data data;
773 int code;
774
775 code = db->hdb_lock(context, db, HDB_RLOCK);
776 if(code == -1) {
777 krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name);
778 return HDB_ERR_DB_INUSE;
779 }
780 code = (*d->seq)(d, &key, &value, flag);
781 db->hdb_unlock(context, db); /* XXX check value */
782 if(code == -1) {
783 code = errno;
784 krb5_set_error_message(context, code, "Database %s seq error: %s",
785 db->hdb_name, strerror(code));
786 return code;
787 }
788 if(code == 1) {
789 krb5_clear_error_message(context);
790 return HDB_ERR_NOENTRY;
791 }
792
793 data.data = value.data;
794 data.length = value.size;
795 memset(entry, 0, sizeof(*entry));
796
797 if (_hdb_mdb_value2entry(context, &data, 0, entry))
798 return mdb_seq(context, db, flags, entry, R_NEXT);
799
800 if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
801 code = hdb_unseal_keys (context, db, entry);
802 if (code)
803 hdb_free_entry (context, db, entry);
804 }
805
806 return code;
807 }
808
809
810 static krb5_error_code
811 mdb_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
812 {
813 return mdb_seq(context, db, flags, entry, R_FIRST);
814 }
815
816
817 static krb5_error_code
818 mdb_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
819 {
820 return mdb_seq(context, db, flags, entry, R_NEXT);
821 }
822
823 static krb5_error_code
824 mdb_rename(krb5_context context, HDB *db, const char *new_name)
825 {
826 int ret;
827 char *old = NULL;
828 char *new = NULL;
829
830 if (asprintf(&old, "%s.db", db->hdb_name) < 0)
831 goto out;
832 if (asprintf(&new, "%s.db", new_name) < 0)
833 goto out;
834 ret = rename(old, new);
835 if(ret)
836 goto out;
837
838 free(db->hdb_name);
839 db->hdb_name = strdup(new_name);
840 errno = 0;
841
842 out:
843 free(old);
844 free(new);
845 return errno;
846 }
847
848 static krb5_error_code
849 mdb__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
850 {
851 DB *d = (DB*)db->hdb_db;
852 DBT k, v;
853 int code;
854
855 k.data = key.data;
856 k.size = key.length;
857 code = db->hdb_lock(context, db, HDB_RLOCK);
858 if(code)
859 return code;
860 code = (*d->get)(d, &k, &v, 0);
861 db->hdb_unlock(context, db);
862 if(code < 0) {
863 code = errno;
864 krb5_set_error_message(context, code, "Database %s get error: %s",
865 db->hdb_name, strerror(code));
866 return code;
867 }
868 if(code == 1) {
869 krb5_clear_error_message(context);
870 return HDB_ERR_NOENTRY;
871 }
872
873 krb5_data_copy(reply, v.data, v.size);
874 return 0;
875 }
876
877 static krb5_error_code
878 mdb__put(krb5_context context, HDB *db, int replace,
879 krb5_data key, krb5_data value)
880 {
881 MITDB *mdb = (MITDB *)db;
882 DB *d = (DB*)db->hdb_db;
883 DBT k, v;
884 int code;
885
886 k.data = key.data;
887 k.size = key.length;
888 v.data = value.data;
889 v.size = value.length;
890 code = db->hdb_lock(context, db, HDB_WLOCK);
891 if(code)
892 return code;
893 code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
894 if (code == 0) {
895 code = mdb_set_sync(context, db, mdb->do_sync);
896 db->hdb_unlock(context, db);
897 return code;
898 }
899 db->hdb_unlock(context, db);
900 if(code < 0) {
901 code = errno;
902 krb5_set_error_message(context, code, "Database %s put error: %s",
903 db->hdb_name, strerror(code));
904 return code;
905 }
906 krb5_clear_error_message(context);
907 return HDB_ERR_EXISTS;
908 }
909
910 static krb5_error_code
911 mdb__del(krb5_context context, HDB *db, krb5_data key)
912 {
913 MITDB *mdb = (MITDB *)db;
914 DB *d = (DB*)db->hdb_db;
915 DBT k;
916 krb5_error_code code;
917 k.data = key.data;
918 k.size = key.length;
919 code = db->hdb_lock(context, db, HDB_WLOCK);
920 if(code)
921 return code;
922 code = (*d->del)(d, &k, 0);
923 if (code == 0) {
924 code = mdb_set_sync(context, db, mdb->do_sync);
925 db->hdb_unlock(context, db);
926 return code;
927 }
928 db->hdb_unlock(context, db);
929 if(code == 1) {
930 code = errno;
931 krb5_set_error_message(context, code, "Database %s put error: %s",
932 db->hdb_name, strerror(code));
933 return code;
934 }
935 if(code < 0)
936 return errno;
937 return 0;
938 }
939
940 static krb5_error_code
941 mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
942 unsigned flags, krb5_kvno kvno, hdb_entry *entry)
943 {
944 krb5_data key, value;
945 krb5_error_code ret;
946
947 ret = mdb_principal2key(context, principal, &key);
948 if (ret)
949 return ret;
950 ret = db->hdb__get(context, db, key, &value);
951 krb5_data_free(&key);
952 if(ret)
953 return ret;
954 ret = _hdb_mdb_value2entry(context, &value, kvno, entry);
955 krb5_data_free(&value);
956 if (ret)
957 return ret;
958
959 if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
960 ret = hdb_unseal_keys (context, db, entry);
961 if (ret) {
962 hdb_free_entry(context, db, entry);
963 return ret;
964 }
965 }
966
967 return 0;
968 }
969
970 static krb5_error_code
971 mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
972 {
973 krb5_error_code ret;
974 krb5_storage *sp = NULL;
975 krb5_storage *spent = NULL;
976 krb5_data line = { 0, 0 };
977 krb5_data kdb_ent = { 0, 0 };
978 krb5_data key = { 0, 0 };
979 krb5_data value = { 0, 0 };
980 krb5_ssize_t sz;
981
982 if ((flags & HDB_F_PRECHECK) && (flags & HDB_F_REPLACE))
983 return 0;
984
985 if ((flags & HDB_F_PRECHECK)) {
986 ret = mdb_principal2key(context, entry->principal, &key);
987 if (ret) return ret;
988 ret = db->hdb__get(context, db, key, &value);
989 krb5_data_free(&key);
990 if (ret == 0)
991 krb5_data_free(&value);
992 if (ret == HDB_ERR_NOENTRY)
993 return 0;
994 return ret ? ret : HDB_ERR_EXISTS;
995 }
996
997 sp = krb5_storage_emem();
998 if (!sp) return ENOMEM;
999 ret = _hdb_set_master_key_usage(context, db, 0); /* MIT KDB uses KU 0 */
1000 ret = hdb_seal_keys(context, db, entry);
1001 if (ret) return ret;
1002 ret = entry2mit_string_int(context, sp, entry);
1003 if (ret) goto out;
1004 sz = krb5_storage_write(sp, "\n", 2); /* NUL-terminate */
1005 ret = ENOMEM;
1006 if (sz != 2) goto out;
1007 ret = krb5_storage_to_data(sp, &line);
1008 if (ret) goto out;
1009
1010 ret = ENOMEM;
1011 spent = krb5_storage_emem();
1012 if (!spent) goto out;
1013 ret = _hdb_mit_dump2mitdb_entry(context, line.data, spent);
1014 if (ret) goto out;
1015 ret = krb5_storage_to_data(spent, &kdb_ent);
1016 if (ret) goto out;
1017 ret = mdb_principal2key(context, entry->principal, &key);
1018 if (ret) goto out;
1019 ret = mdb__put(context, db, 1, key, kdb_ent);
1020
1021 out:
1022 if (sp)
1023 krb5_storage_free(sp);
1024 if (spent)
1025 krb5_storage_free(spent);
1026 krb5_data_free(&line);
1027 krb5_data_free(&kdb_ent);
1028 krb5_data_free(&key);
1029
1030 return ret;
1031 }
1032
1033 static krb5_error_code
1034 mdb_remove(krb5_context context, HDB *db,
1035 unsigned flags, krb5_const_principal principal)
1036 {
1037 krb5_error_code code;
1038 krb5_data key;
1039 krb5_data value = { 0, 0 };
1040
1041 mdb_principal2key(context, principal, &key);
1042
1043 if ((flags & HDB_F_PRECHECK)) {
1044 code = db->hdb__get(context, db, key, &value);
1045 krb5_data_free(&key);
1046 if (code == 0) {
1047 krb5_data_free(&value);
1048 return 0;
1049 }
1050 return code;
1051 }
1052
1053 code = db->hdb__del(context, db, key);
1054 krb5_data_free(&key);
1055 return code;
1056 }
1057
1058 static krb5_error_code
1059 mdb_open(krb5_context context, HDB *db, int flags, mode_t mode)
1060 {
1061 char *fn;
1062 char *actual_fn;
1063 krb5_error_code ret;
1064 struct stat st;
1065
1066 if (asprintf(&fn, "%s.db", db->hdb_name) < 0) {
1067 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1068 return ENOMEM;
1069 }
1070
1071 if (stat(fn, &st) == 0)
1072 actual_fn = fn;
1073 else
1074 actual_fn = db->hdb_name;
1075 db->hdb_db = dbopen(actual_fn, flags, mode, DB_BTREE, NULL);
1076 if (db->hdb_db == NULL) {
1077 switch (errno) {
1078 #ifdef EFTYPE
1079 case EFTYPE:
1080 #endif
1081 case EINVAL:
1082 db->hdb_db = dbopen(actual_fn, flags, mode, DB_HASH, NULL);
1083 }
1084 }
1085 free(fn);
1086
1087 if (db->hdb_db == NULL) {
1088 ret = errno;
1089 krb5_set_error_message(context, ret, "dbopen (%s): %s",
1090 db->hdb_name, strerror(ret));
1091 return ret;
1092 }
1093 #if 0
1094 /*
1095 * Don't do this -- MIT won't be able to handle the
1096 * HDB_DB_FORMAT_ENTRY key.
1097 */
1098 if ((flags & O_ACCMODE) != O_RDONLY)
1099 ret = hdb_init_db(context, db);
1100 #endif
1101 ret = hdb_check_db_format(context, db);
1102 if (ret == HDB_ERR_NOENTRY) {
1103 krb5_clear_error_message(context);
1104 return 0;
1105 }
1106 if (ret) {
1107 mdb_close(context, db);
1108 krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
1109 (flags & O_ACCMODE) == O_RDONLY ?
1110 "checking format of" : "initialize",
1111 db->hdb_name);
1112 }
1113 return ret;
1114 }
1115
1116 krb5_error_code
1117 hdb_mitdb_create(krb5_context context, HDB **db,
1118 const char *filename)
1119 {
1120 MITDB **mdb = (MITDB **)db;
1121 *mdb = calloc(1, sizeof(**mdb));
1122 if (*mdb == NULL) {
1123 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1124 return ENOMEM;
1125 }
1126
1127 (*db)->hdb_db = NULL;
1128 (*db)->hdb_name = strdup(filename);
1129 if ((*db)->hdb_name == NULL) {
1130 free(*db);
1131 *db = NULL;
1132 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1133 return ENOMEM;
1134 }
1135 (*mdb)->do_sync = 1;
1136 (*db)->hdb_master_key_set = 0;
1137 (*db)->hdb_openp = 0;
1138 (*db)->hdb_capability_flags = 0;
1139 (*db)->hdb_open = mdb_open;
1140 (*db)->hdb_close = mdb_close;
1141 (*db)->hdb_fetch_kvno = mdb_fetch_kvno;
1142 (*db)->hdb_store = mdb_store;
1143 (*db)->hdb_remove = mdb_remove;
1144 (*db)->hdb_firstkey = mdb_firstkey;
1145 (*db)->hdb_nextkey= mdb_nextkey;
1146 (*db)->hdb_lock = mdb_lock;
1147 (*db)->hdb_unlock = mdb_unlock;
1148 (*db)->hdb_rename = mdb_rename;
1149 (*db)->hdb__get = mdb__get;
1150 (*db)->hdb__put = mdb__put;
1151 (*db)->hdb__del = mdb__del;
1152 (*db)->hdb_destroy = mdb_destroy;
1153 (*db)->hdb_set_sync = mdb_set_sync;
1154 return 0;
1155 }
1156
1157 #endif /* HAVE_MITDB */
1158
1159 /*
1160 can have any number of princ stanzas.
1161 format is as follows (only \n indicates newlines)
1162 princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
1163 %d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU)
1164 %d\t (number of tl_data)
1165 %d\t (number of key data, e.g. how many keys for this user)
1166 %d\t (extra data length)
1167 %s\t (principal name)
1168 %d\t (attributes)
1169 %d\t (max lifetime, seconds)
1170 %d\t (max renewable life, seconds)
1171 %d\t (expiration, seconds since epoch or 2145830400 for never)
1172 %d\t (password expiration, seconds, 0 for never)
1173 %d\t (last successful auth, seconds since epoch)
1174 %d\t (last failed auth, per above)
1175 %d\t (failed auth count)
1176 foreach tl_data 0 to number of tl_data - 1 as above
1177 %d\t%d\t (data type, data length)
1178 foreach tl_data 0 to length-1
1179 %02x (tl data contents[element n])
1180 except if tl_data length is 0
1181 %d (always -1)
1182 \t
1183 foreach key 0 to number of keys - 1 as above
1184 %d\t%d\t (key data version, kvno)
1185 foreach version 0 to key data version - 1 (a key or a salt)
1186 %d\t%d\t(data type for this key, data length for this key)
1187 foreach key data length 0 to length-1
1188 %02x (key data contents[element n])
1189 except if key_data length is 0
1190 %d (always -1)
1191 \t
1192 foreach extra data length 0 to length - 1
1193 %02x (extra data part)
1194 unless no extra data
1195 %d (always -1)
1196 ;\n
1197
1198 */
1199
1200 #if 0
1201 /* Why ever did we loop? */
1202 static char *
1203 nexttoken(char **p)
1204 {
1205 char *q;
1206 do {
1207 q = strsep(p, " \t");
1208 } while(q && *q == '\0');
1209 return q;
1210 }
1211 #endif
1212
1213 static char *
1214 nexttoken(char **p, size_t len, const char *what)
1215 {
1216 char *q;
1217
1218 if (*p == NULL)
1219 return NULL;
1220
1221 q = *p;
1222 *p += len;
1223 /* Must be followed by a delimiter (right?) */
1224 if (strsep(p, " \t") != q + len) {
1225 warnx("No tokens left in dump entry while looking for %s", what);
1226 return NULL;
1227 }
1228 if (*q == '\0')
1229 warnx("Empty last token in dump entry while looking for %s", what);
1230 return q;
1231 }
1232
1233 static size_t
1234 getdata(char **p, unsigned char *buf, size_t len, const char *what)
1235 {
1236 size_t i;
1237 int v;
1238 char *q = nexttoken(p, 0, what);
1239 if (q == NULL) {
1240 warnx("Failed to find hex-encoded binary data (%s) in dump", what);
1241 return 0;
1242 }
1243 i = 0;
1244 while (*q && i < len) {
1245 if (sscanf(q, "%02x", &v) != 1)
1246 break;
1247 buf[i++] = v;
1248 q += 2;
1249 }
1250 return i;
1251 }
1252
1253 static int
1254 getint(char **p, const char *what, int *val)
1255 {
1256 char *q = nexttoken(p, 0, what);
1257 if (!q) {
1258 warnx("Failed to find a signed integer (%s) in dump", what);
1259 return 1;
1260 }
1261 if (sscanf(q, "%d", val) != 1)
1262 return 1;
1263 return 0;
1264 }
1265
1266 static unsigned int
1267 getuint(char **p, const char *what)
1268 {
1269 int val;
1270 char *q = nexttoken(p, 0, what);
1271 if (!q) {
1272 warnx("Failed to find an unsigned integer (%s) in dump", what);
1273 return 0;
1274 }
1275 if (sscanf(q, "%u", &val) != 1)
1276 return 0;
1277 return val;
1278 }
1279
1280 #define KRB5_KDB_SALTTYPE_NORMAL 0
1281 #define KRB5_KDB_SALTTYPE_V4 1
1282 #define KRB5_KDB_SALTTYPE_NOREALM 2
1283 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
1284 #define KRB5_KDB_SALTTYPE_SPECIAL 4
1285 #define KRB5_KDB_SALTTYPE_AFS3 5
1286
1287 #define CHECK_UINT(num) \
1288 if ((num) < 0 || (num) > INT_MAX) return EINVAL
1289 #define CHECK_UINT16(num) \
1290 if ((num) < 0 || (num) > 1<<15) return EINVAL
1291 #define CHECK_NUM(num, maxv) \
1292 if ((num) > (maxv)) return EINVAL
1293
1294 /*
1295 * This utility function converts an MIT dump entry to an MIT on-disk
1296 * encoded entry, which can then be decoded with _hdb_mdb_value2entry().
1297 * This allows us to have a single decoding function (_hdb_mdb_value2entry),
1298 * which makes the code cleaner (less code duplication), if a bit less
1299 * efficient. It also will allow us to have a function to dump an HDB
1300 * entry in MIT format so we can dump HDB into MIT format for rollback
1301 * purposes. And that will allow us to write to MIT KDBs, again
1302 * somewhat inefficiently, also for migration/rollback purposes.
1303 */
1304 int
1305 _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
1306 {
1307 krb5_error_code ret = EINVAL;
1308 char *p = line, *q;
1309 char *princ;
1310 krb5_ssize_t sz;
1311 size_t i;
1312 size_t princ_len;
1313 unsigned int num_tl_data;
1314 size_t num_key_data;
1315 unsigned int attributes;
1316 int tmp;
1317
1318 krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
1319
1320 q = nexttoken(&p, 0, "record type (princ or policy)");
1321 if (strcmp(q, "kdb5_util") == 0 || strcmp(q, "policy") == 0 ||
1322 strcmp(q, "princ") != 0) {
1323 warnx("Supposed MIT dump entry does not start with 'kdb5_util', "
1324 "'policy', nor 'princ'");
1325 return -1;
1326 }
1327 if (getint(&p, "constant '38'", &tmp) || tmp != 38) {
1328 warnx("Dump entry does not start with '38<TAB>'");
1329 return EINVAL;
1330 }
1331 #define KDB_V1_BASE_LENGTH 38
1332 ret = krb5_store_int16(sp, KDB_V1_BASE_LENGTH);
1333 if (ret) return ret;
1334
1335 princ_len = getuint(&p, "principal name length");
1336 if (princ_len > (1<<15) - 1) {
1337 warnx("Principal name in dump entry too long (%llu)",
1338 (unsigned long long)princ_len);
1339 return EINVAL;
1340 }
1341 num_tl_data = getuint(&p, "number of TL data");
1342 num_key_data = getuint(&p, "number of key data");
1343 (void) getint(&p, "5th field, length of 'extra data'", &tmp);
1344 princ = nexttoken(&p, (int)princ_len, "principal name");
1345 if (princ == NULL) {
1346 warnx("Failed to read principal name (expected length %llu)",
1347 (unsigned long long)princ_len);
1348 return -1;
1349 }
1350
1351 attributes = getuint(&p, "attributes");
1352 ret = krb5_store_uint32(sp, attributes);
1353 if (ret) return ret;
1354
1355 if (getint(&p, "max life", &tmp)) return EINVAL;
1356 ret = krb5_store_uint32(sp, tmp);
1357 if (ret) return ret;
1358
1359 if (getint(&p, "max renewable life", &tmp)) return EINVAL;
1360 ret = krb5_store_uint32(sp, tmp);
1361 if (ret) return ret;
1362
1363 if (getint(&p, "expiration", &tmp)) return EINVAL;
1364 ret = krb5_store_uint32(sp, tmp);
1365 if (ret) return ret;
1366
1367 if (getint(&p, "pw expiration", &tmp)) return EINVAL;
1368 ret = krb5_store_uint32(sp, tmp);
1369 if (ret) return ret;
1370
1371 if (getint(&p, "last auth", &tmp)) return EINVAL;
1372 ret = krb5_store_uint32(sp, tmp);
1373 if (ret) return ret;
1374
1375 if (getint(&p, "last failed auth", &tmp)) return EINVAL;
1376 ret = krb5_store_uint32(sp, tmp);
1377 if (ret) return ret;
1378
1379 if (getint(&p,"fail auth count", &tmp)) return EINVAL;
1380 ret = krb5_store_uint32(sp, tmp);
1381 if (ret) return ret;
1382
1383 /* add TL data count */
1384 CHECK_NUM(num_tl_data, 1023);
1385 ret = krb5_store_uint16(sp, num_tl_data);
1386 if (ret) return ret;
1387
1388 /* add key count */
1389 CHECK_NUM(num_key_data, 1023);
1390 ret = krb5_store_uint16(sp, num_key_data);
1391 if (ret) return ret;
1392
1393 /* add principal unparsed name length and unparsed name */
1394 princ_len = strlen(princ);
1395 princ_len++; /* must count and write the NUL in the on-disk encoding */
1396 ret = krb5_store_uint16(sp, princ_len);
1397 if (ret) return ret;
1398 sz = krb5_storage_write(sp, princ, princ_len);
1399 if (sz != princ_len) return ENOMEM;
1400
1401 /* scan and write TL data */
1402 for (i = 0; i < num_tl_data; i++) {
1403 char *reading_what;
1404 int tl_type, tl_length;
1405 unsigned char *buf;
1406
1407 if (getint(&p, "TL data type", &tl_type) ||
1408 getint(&p, "data length", &tl_length))
1409 return EINVAL;
1410
1411 if (asprintf(&reading_what, "TL data type %d (length %d)",
1412 tl_type, tl_length) < 0)
1413 return ENOMEM;
1414
1415 /*
1416 * XXX Leaking reading_what, but only on ENOMEM cases anyways,
1417 * so we don't care.
1418 */
1419 CHECK_UINT16(tl_type);
1420 ret = krb5_store_uint16(sp, tl_type);
1421 if (ret) return ret;
1422 CHECK_UINT16(tl_length);
1423 ret = krb5_store_uint16(sp, tl_length);
1424 if (ret) return ret;
1425
1426 if (tl_length) {
1427 buf = malloc(tl_length);
1428 if (!buf) return ENOMEM;
1429 if (getdata(&p, buf, tl_length, reading_what) != tl_length) {
1430 free(buf);
1431 return EINVAL;
1432 }
1433 sz = krb5_storage_write(sp, buf, tl_length);
1434 free(buf);
1435 if (sz != tl_length) return ENOMEM;
1436 } else {
1437 if (strcmp(nexttoken(&p, 0, "'-1' field"), "-1") != 0) return EINVAL;
1438 }
1439 free(reading_what);
1440 }
1441
1442 for (i = 0; i < num_key_data; i++) {
1443 unsigned char *buf;
1444 int key_versions;
1445 int kvno;
1446 int keytype;
1447 int keylen;
1448 size_t k;
1449
1450 if (getint(&p, "key data 'version'", &key_versions)) return EINVAL;
1451 CHECK_UINT16(key_versions);
1452 ret = krb5_store_int16(sp, key_versions);
1453 if (ret) return ret;
1454
1455 if (getint(&p, "kvno", &kvno)) return EINVAL;
1456 CHECK_UINT16(kvno);
1457 ret = krb5_store_int16(sp, kvno);
1458 if (ret) return ret;
1459
1460 for (k = 0; k < key_versions; k++) {
1461 if (getint(&p, "enctype", &keytype)) return EINVAL;
1462 CHECK_UINT16(keytype);
1463 ret = krb5_store_int16(sp, keytype);
1464 if (ret) return ret;
1465
1466 if (getint(&p, "encrypted key length", &keylen)) return EINVAL;
1467 CHECK_UINT16(keylen);
1468 ret = krb5_store_int16(sp, keylen);
1469 if (ret) return ret;
1470
1471 if (keylen) {
1472 buf = malloc(keylen);
1473 if (!buf) return ENOMEM;
1474 if (getdata(&p, buf, keylen, "key (or salt) data") != keylen) {
1475 free(buf);
1476 return EINVAL;
1477 }
1478 sz = krb5_storage_write(sp, buf, keylen);
1479 free(buf);
1480 if (sz != keylen) return ENOMEM;
1481 } else {
1482 if (strcmp(nexttoken(&p, 0,
1483 "'-1' zero-length key/salt field"),
1484 "-1") != 0) {
1485 warnx("Expected '-1' field because key/salt length is 0");
1486 return -1;
1487 }
1488 }
1489 }
1490 }
1491 /*
1492 * The rest is "extra data", but there's never any and we wouldn't
1493 * know what to do with it.
1494 */
1495 /* nexttoken(&p, 0, "extra data"); */
1496 return 0;
1497 }
1498
Heimdal