search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:utils: Fix 'Usage:' for 'net ads enctypes'
[samba4-gss.git] / third_party / heimdal / lib / krb5 / keytab_file.c
blob61b5d6d29cf872b671e14a2f272cf5438c2b8165
1 /*
2 * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #define KRB5_KT_VNO_1 1
37 #define KRB5_KT_VNO_2 2
38 #define KRB5_KT_VNO KRB5_KT_VNO_2
39
40 #define KRB5_KT_FL_JAVA 1
41
42
43 /* file operations -------------------------------------------- */
44
45 struct fkt_data {
46 char *filename;
47 int flags;
48 };
49
50 static krb5_error_code
51 krb5_kt_ret_data(krb5_context context,
52 krb5_storage *sp,
53 krb5_data *data)
54 {
55 krb5_error_code ret;
56 krb5_ssize_t bytes;
57 int16_t size;
58
59 ret = krb5_ret_int16(sp, &size);
60 if(ret)
61 return ret;
62 data->length = size;
63 data->data = malloc(size);
64 if (data->data == NULL)
65 return krb5_enomem(context);
66 bytes = krb5_storage_read(sp, data->data, size);
67 if (bytes != size)
68 return (bytes == -1) ? errno : KRB5_KT_END;
69 return 0;
70 }
71
72 static krb5_error_code
73 krb5_kt_ret_string(krb5_context context,
74 krb5_storage *sp,
75 heim_general_string *data)
76 {
77 krb5_error_code ret;
78 krb5_ssize_t bytes;
79 int16_t size;
80
81 ret = krb5_ret_int16(sp, &size);
82 if(ret)
83 return ret;
84 *data = malloc(size + 1);
85 if (*data == NULL)
86 return krb5_enomem(context);
87 bytes = krb5_storage_read(sp, *data, size);
88 (*data)[size] = '\0';
89 if (bytes != size)
90 return (bytes == -1) ? errno : KRB5_KT_END;
91 return 0;
92 }
93
94 static krb5_error_code
95 krb5_kt_store_data(krb5_context context,
96 krb5_storage *sp,
97 krb5_data data)
98 {
99 krb5_error_code ret;
100 krb5_ssize_t bytes;
101
102 ret = krb5_store_int16(sp, data.length);
103 if (ret != 0)
104 return ret;
105 bytes = krb5_storage_write(sp, data.data, data.length);
106 if (bytes != (int)data.length)
107 return bytes == -1 ? errno : KRB5_KT_END;
108 return 0;
109 }
110
111 static krb5_error_code
112 krb5_kt_store_string(krb5_storage *sp,
113 heim_general_string data)
114 {
115 krb5_error_code ret;
116 krb5_ssize_t bytes;
117 size_t len = strlen(data);
118
119 ret = krb5_store_int16(sp, len);
120 if (ret != 0)
121 return ret;
122 bytes = krb5_storage_write(sp, data, len);
123 if (bytes != (int)len)
124 return bytes == -1 ? errno : KRB5_KT_END;
125 return 0;
126 }
127
128 static krb5_error_code
129 krb5_kt_ret_keyblock(krb5_context context,
130 struct fkt_data *fkt,
131 krb5_storage *sp,
132 krb5_keyblock *p)
133 {
134 int ret;
135 int16_t tmp;
136
137 ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
138 if(ret) {
139 krb5_set_error_message(context, ret,
140 N_("Cant read keyblock from file %s", ""),
141 fkt->filename);
142 return ret;
143 }
144 p->keytype = tmp;
145 ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
146 if (ret)
147 krb5_set_error_message(context, ret,
148 N_("Cant read keyblock from file %s", ""),
149 fkt->filename);
150 return ret;
151 }
152
153 static krb5_error_code
154 krb5_kt_store_keyblock(krb5_context context,
155 struct fkt_data *fkt,
156 krb5_storage *sp,
157 krb5_keyblock *p)
158 {
159 int ret;
160
161 ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
162 if(ret) {
163 krb5_set_error_message(context, ret,
164 N_("Cant store keyblock to file %s", ""),
165 fkt->filename);
166 return ret;
167 }
168 ret = krb5_kt_store_data(context, sp, p->keyvalue);
169 if (ret)
170 krb5_set_error_message(context, ret,
171 N_("Cant store keyblock to file %s", ""),
172 fkt->filename);
173 return ret;
174 }
175
176
177 static krb5_error_code
178 krb5_kt_ret_principal(krb5_context context,
179 struct fkt_data *fkt,
180 krb5_storage *sp,
181 krb5_principal *princ)
182 {
183 size_t i;
184 int ret;
185 krb5_principal p;
186 int16_t len;
187
188 ALLOC(p, 1);
189 if(p == NULL)
190 return krb5_enomem(context);
191
192 ret = krb5_ret_int16(sp, &len);
193 if(ret) {
194 krb5_set_error_message(context, ret,
195 N_("Failed decoding length of "
196 "keytab principal in keytab file %s", ""),
197 fkt->filename);
198 goto out;
199 }
200 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
201 len--;
202 if (len < 0) {
203 ret = KRB5_KT_END;
204 krb5_set_error_message(context, ret,
205 N_("Keytab principal contains "
206 "invalid length in keytab %s", ""),
207 fkt->filename);
208 goto out;
209 }
210 ret = krb5_kt_ret_string(context, sp, &p->realm);
211 if(ret) {
212 krb5_set_error_message(context, ret,
213 N_("Can't read realm from keytab: %s", ""),
214 fkt->filename);
215 goto out;
216 }
217 p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
218 if(p->name.name_string.val == NULL) {
219 ret = krb5_enomem(context);
220 goto out;
221 }
222 p->name.name_string.len = len;
223 for(i = 0; i < p->name.name_string.len; i++){
224 ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
225 if(ret) {
226 krb5_set_error_message(context, ret,
227 N_("Can't read principal from "
228 "keytab: %s", ""),
229 fkt->filename);
230 goto out;
231 }
232 }
233 if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
234 p->name.name_type = KRB5_NT_UNKNOWN;
235 else {
236 int32_t tmp32;
237 ret = krb5_ret_int32(sp, &tmp32);
238 p->name.name_type = tmp32;
239 if (ret) {
240 krb5_set_error_message(context, ret,
241 N_("Can't read name-type from "
242 "keytab: %s", ""),
243 fkt->filename);
244 goto out;
245 }
246 }
247 *princ = p;
248 return 0;
249 out:
250 krb5_free_principal(context, p);
251 return ret;
252 }
253
254 static krb5_error_code
255 krb5_kt_store_principal(krb5_context context,
256 krb5_storage *sp,
257 krb5_principal p)
258 {
259 size_t i;
260 int ret;
261
262 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
263 ret = krb5_store_int16(sp, p->name.name_string.len + 1);
264 else
265 ret = krb5_store_int16(sp, p->name.name_string.len);
266 if(ret) return ret;
267 ret = krb5_kt_store_string(sp, p->realm);
268 if(ret) return ret;
269 for(i = 0; i < p->name.name_string.len; i++){
270 ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
271 if(ret)
272 return ret;
273 }
274 if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
275 ret = krb5_store_int32(sp, p->name.name_type);
276 if(ret)
277 return ret;
278 }
279
280 return 0;
281 }
282
283 static krb5_error_code KRB5_CALLCONV
284 fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
285 {
286 struct fkt_data *d;
287
288 d = malloc(sizeof(*d));
289 if(d == NULL)
290 return krb5_enomem(context);
291 d->filename = strdup(name);
292 if(d->filename == NULL) {
293 free(d);
294 return krb5_enomem(context);
295 }
296 d->flags = 0;
297 id->data = d;
298 return 0;
299 }
300
301 static krb5_error_code KRB5_CALLCONV
302 fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
303 {
304 krb5_error_code ret;
305
306 ret = fkt_resolve(context, name, id);
307 if (ret == 0) {
308 struct fkt_data *d = id->data;
309 d->flags |= KRB5_KT_FL_JAVA;
310 }
311 return ret;
312 }
313
314 static krb5_error_code KRB5_CALLCONV
315 fkt_close(krb5_context context, krb5_keytab id)
316 {
317 struct fkt_data *d = id->data;
318 free(d->filename);
319 free(d);
320 return 0;
321 }
322
323 static krb5_error_code KRB5_CALLCONV
324 fkt_destroy(krb5_context context, krb5_keytab id)
325 {
326 struct fkt_data *d = id->data;
327 _krb5_erase_file(context, d->filename);
328 return 0;
329 }
330
331 static krb5_error_code KRB5_CALLCONV
332 fkt_get_name(krb5_context context,
333 krb5_keytab id,
334 char *name,
335 size_t namesize)
336 {
337 /* This function is XXX */
338 struct fkt_data *d = id->data;
339 strlcpy(name, d->filename, namesize);
340 return 0;
341 }
342
343 static void
344 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
345 {
346 int flags = 0;
347 switch(vno) {
348 case KRB5_KT_VNO_1:
349 flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
350 flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
351 flags |= KRB5_STORAGE_HOST_BYTEORDER;
352 break;
353 case KRB5_KT_VNO_2:
354 break;
355 default:
356 krb5_warnx(context,
357 "storage_set_flags called with bad vno (%d)", vno);
358 }
359 krb5_storage_set_flags(sp, flags);
360 }
361
362 static krb5_error_code
363 fkt_start_seq_get_int(krb5_context context,
364 krb5_keytab id,
365 int flags,
366 int exclusive,
367 krb5_kt_cursor *c)
368 {
369 int8_t pvno, tag;
370 krb5_error_code ret;
371 struct fkt_data *d = id->data;
372 const char *stdio_mode = "rb";
373
374 memset(c, 0, sizeof(*c));
375 c->fd = open (d->filename, flags);
376 if (c->fd < 0) {
377 ret = errno;
378 krb5_set_error_message(context, ret,
379 N_("keytab %s open failed: %s", ""),
380 d->filename, strerror(ret));
381 return ret;
382 }
383 rk_cloexec(c->fd);
384 ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
385 if (ret) {
386 close(c->fd);
387 return ret;
388 }
389 if ((flags & O_ACCMODE) == O_RDWR && (flags & O_APPEND))
390 stdio_mode = "ab+";
391 else if ((flags & O_ACCMODE) == O_RDWR)
392 stdio_mode = "rb+";
393 else if ((flags & O_ACCMODE) == O_WRONLY)
394 stdio_mode = "wb";
395 c->sp = krb5_storage_stdio_from_fd(c->fd, stdio_mode);
396 if (c->sp == NULL) {
397 close(c->fd);
398 return krb5_enomem(context);
399 }
400 krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
401 ret = krb5_ret_int8(c->sp, &pvno);
402 if(ret) {
403 krb5_storage_free(c->sp);
404 close(c->fd);
405 krb5_clear_error_message(context);
406 return ret;
407 }
408 if(pvno != 5) {
409 krb5_storage_free(c->sp);
410 close(c->fd);
411 krb5_clear_error_message (context);
412 return KRB5_KEYTAB_BADVNO;
413 }
414 ret = krb5_ret_int8(c->sp, &tag);
415 if (ret) {
416 krb5_storage_free(c->sp);
417 close(c->fd);
418 krb5_clear_error_message(context);
419 return ret;
420 }
421 id->version = tag;
422 storage_set_flags(context, c->sp, id->version);
423 return 0;
424 }
425
426 static krb5_error_code KRB5_CALLCONV
427 fkt_start_seq_get(krb5_context context,
428 krb5_keytab id,
429 krb5_kt_cursor *c)
430 {
431 return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c);
432 }
433
434 static krb5_error_code
435 fkt_next_entry_int(krb5_context context,
436 krb5_keytab id,
437 krb5_keytab_entry *entry,
438 krb5_kt_cursor *cursor,
439 off_t *start,
440 off_t *end)
441 {
442 struct fkt_data *d = id->data;
443 int32_t len;
444 int ret;
445 int8_t tmp8;
446 int32_t tmp32;
447 uint32_t utmp32;
448 off_t pos, curpos;
449
450 pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
451 loop:
452 ret = krb5_ret_int32(cursor->sp, &len);
453 if (ret)
454 return ret;
455 if(len < 0) {
456 pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
457 goto loop;
458 }
459 ret = krb5_kt_ret_principal (context, d, cursor->sp, &entry->principal);
460 if (ret)
461 goto out;
462 ret = krb5_ret_uint32(cursor->sp, &utmp32);
463 entry->timestamp = utmp32;
464 if (ret)
465 goto out;
466 ret = krb5_ret_int8(cursor->sp, &tmp8);
467 if (ret)
468 goto out;
469 entry->vno = tmp8;
470 ret = krb5_kt_ret_keyblock (context, d, cursor->sp, &entry->keyblock);
471 if (ret)
472 goto out;
473 /* there might be a 32 bit kvno here
474 * if it's zero, assume that the 8bit one was right,
475 * otherwise trust the new value */
476 curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
477 if(len + 4 + pos - curpos >= 4) {
478 ret = krb5_ret_int32(cursor->sp, &tmp32);
479 if (ret == 0 && tmp32 != 0)
480 entry->vno = tmp32;
481 }
482 /* there might be a flags field here */
483 if(len + 4 + pos - curpos >= 8) {
484 ret = krb5_ret_uint32(cursor->sp, &utmp32);
485 if (ret == 0)
486 entry->flags = utmp32;
487 } else
488 entry->flags = 0;
489
490 entry->aliases = NULL;
491
492 if(start) *start = pos;
493 if(end) *end = pos + 4 + len;
494 out:
495 if (ret)
496 krb5_kt_free_entry(context, entry);
497 krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
498 return ret;
499 }
500
501 static krb5_error_code KRB5_CALLCONV
502 fkt_next_entry(krb5_context context,
503 krb5_keytab id,
504 krb5_keytab_entry *entry,
505 krb5_kt_cursor *cursor)
506 {
507 return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
508 }
509
510 static krb5_error_code KRB5_CALLCONV
511 fkt_end_seq_get(krb5_context context,
512 krb5_keytab id,
513 krb5_kt_cursor *cursor)
514 {
515 krb5_storage_free(cursor->sp);
516 close(cursor->fd);
517 return 0;
518 }
519
520 static krb5_error_code KRB5_CALLCONV
521 fkt_setup_keytab(krb5_context context,
522 krb5_keytab id,
523 krb5_storage *sp)
524 {
525 krb5_error_code ret;
526 ret = krb5_store_int8(sp, 5);
527 if(ret)
528 return ret;
529 if(id->version == 0)
530 id->version = KRB5_KT_VNO;
531 return krb5_store_int8 (sp, id->version);
532 }
533
534 static krb5_error_code KRB5_CALLCONV
535 fkt_add_entry(krb5_context context,
536 krb5_keytab id,
537 krb5_keytab_entry *entry)
538 {
539 int ret;
540 int fd;
541 krb5_storage *sp;
542 krb5_ssize_t bytes;
543 struct fkt_data *d = id->data;
544 krb5_data keytab;
545 int32_t len;
546
547 fd = open(d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
548 if (fd < 0) {
549 fd = open(d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
550 if (fd < 0) {
551 ret = errno;
552 krb5_set_error_message(context, ret,
553 N_("open(%s): %s", ""), d->filename,
554 strerror(ret));
555 return ret;
556 }
557 rk_cloexec(fd);
558
559 ret = _krb5_xlock(context, fd, 1, d->filename);
560 if (ret) {
561 close(fd);
562 return ret;
563 }
564 sp = krb5_storage_stdio_from_fd(fd, "wb+");
565 if (sp == NULL) {
566 close(fd);
567 return krb5_enomem(context);
568 }
569 krb5_storage_set_eof_code(sp, KRB5_KT_END);
570 ret = fkt_setup_keytab(context, id, sp);
571 if (ret) {
572 goto out;
573 }
574 storage_set_flags(context, sp, id->version);
575 } else {
576 int8_t pvno, tag;
577
578 rk_cloexec(fd);
579
580 ret = _krb5_xlock(context, fd, 1, d->filename);
581 if (ret) {
582 close(fd);
583 return ret;
584 }
585 sp = krb5_storage_stdio_from_fd(fd, "wb+");
586 if (sp == NULL) {
587 (void) close(fd);
588 return ret;
589 }
590 krb5_storage_set_eof_code(sp, KRB5_KT_END);
591 ret = krb5_ret_int8(sp, &pvno);
592 if(ret) {
593 /* we probably have a zero byte file, so try to set it up
594 properly */
595 ret = fkt_setup_keytab(context, id, sp);
596 if(ret) {
597 krb5_set_error_message(context, ret,
598 N_("%s: keytab is corrupted: %s", ""),
599 d->filename, strerror(ret));
600 goto out;
601 }
602 storage_set_flags(context, sp, id->version);
603 } else {
604 if(pvno != 5) {
605 ret = KRB5_KEYTAB_BADVNO;
606 krb5_set_error_message(context, ret,
607 N_("Bad version in keytab %s", ""),
608 d->filename);
609 goto out;
610 }
611 ret = krb5_ret_int8 (sp, &tag);
612 if (ret) {
613 krb5_set_error_message(context, ret,
614 N_("failed reading tag from "
615 "keytab %s", ""),
616 d->filename);
617 goto out;
618 }
619 id->version = tag;
620 storage_set_flags(context, sp, id->version);
621 }
622 }
623
624 {
625 krb5_storage *emem;
626 emem = krb5_storage_emem();
627 if(emem == NULL) {
628 ret = krb5_enomem(context);
629 goto out;
630 }
631 ret = krb5_kt_store_principal(context, emem, entry->principal);
632 if(ret) {
633 krb5_set_error_message(context, ret,
634 N_("Failed storing principal "
635 "in keytab %s", ""),
636 d->filename);
637 krb5_storage_free(emem);
638 goto out;
639 }
640 ret = krb5_store_int32 (emem, entry->timestamp);
641 if(ret) {
642 krb5_set_error_message(context, ret,
643 N_("Failed storing timpstamp "
644 "in keytab %s", ""),
645 d->filename);
646 krb5_storage_free(emem);
647 goto out;
648 }
649 ret = krb5_store_int8 (emem, entry->vno % 256);
650 if(ret) {
651 krb5_set_error_message(context, ret,
652 N_("Failed storing kvno "
653 "in keytab %s", ""),
654 d->filename);
655 krb5_storage_free(emem);
656 goto out;
657 }
658 ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock);
659 if(ret) {
660 krb5_storage_free(emem);
661 goto out;
662 }
663 if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
664 ret = krb5_store_int32 (emem, entry->vno);
665 if (ret) {
666 krb5_set_error_message(context, ret,
667 N_("Failed storing extended kvno "
668 "in keytab %s", ""),
669 d->filename);
670 krb5_storage_free(emem);
671 goto out;
672 }
673 ret = krb5_store_uint32 (emem, entry->flags);
674 if (ret) {
675 krb5_set_error_message(context, ret,
676 N_("Failed storing extended kvno "
677 "in keytab %s", ""),
678 d->filename);
679 krb5_storage_free(emem);
680 goto out;
681 }
682 }
683
684 ret = krb5_storage_to_data(emem, &keytab);
685 krb5_storage_free(emem);
686 if(ret) {
687 krb5_set_error_message(context, ret,
688 N_("Failed converting keytab entry "
689 "to memory block for keytab %s", ""),
690 d->filename);
691 goto out;
692 }
693 }
694
695 while(1) {
696 off_t here;
697
698 here = krb5_storage_seek(sp, 0, SEEK_CUR);
699 if (here == -1) {
700 ret = errno;
701 krb5_set_error_message(context, ret,
702 N_("Failed writing keytab block "
703 "in keytab %s: %s", ""),
704 d->filename, strerror(ret));
705 goto out;
706 }
707 ret = krb5_ret_int32(sp, &len);
708 if (ret) {
709 /* There could have been a partial length. Recover! */
710 (void) krb5_storage_truncate(sp, here);
711 len = keytab.length;
712 break;
713 }
714 if(len < 0) {
715 len = -len;
716 if(len >= (int)keytab.length) {
717 krb5_storage_seek(sp, -4, SEEK_CUR);
718 break;
719 }
720 }
721 krb5_storage_seek(sp, len, SEEK_CUR);
722 }
723 ret = krb5_store_int32(sp, len);
724 if (ret != 0)
725 goto out;
726 bytes = krb5_storage_write(sp, keytab.data, keytab.length);
727 if (bytes != keytab.length) {
728 ret = bytes == -1 ? errno : KRB5_KT_END;
729 krb5_set_error_message(context, ret,
730 N_("Failed writing keytab block "
731 "in keytab %s: %s", ""),
732 d->filename, strerror(ret));
733 }
734 memset(keytab.data, 0, keytab.length);
735 krb5_data_free(&keytab);
736 out:
737 if (ret == 0)
738 ret = krb5_storage_fsync(sp);
739 krb5_storage_free(sp);
740 close(fd);
741 return ret;
742 }
743
744 static krb5_error_code KRB5_CALLCONV
745 fkt_remove_entry(krb5_context context,
746 krb5_keytab id,
747 krb5_keytab_entry *entry)
748 {
749 struct fkt_data *fkt = id->data;
750 krb5_ssize_t bytes;
751 krb5_keytab_entry e;
752 krb5_kt_cursor cursor;
753 off_t pos_start, pos_end;
754 int found = 0;
755 krb5_error_code ret;
756
757 ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor);
758 if (ret != 0) {
759 const char *emsg = krb5_get_error_message(context, ret);
760
761 krb5_set_error_message(context, ret,
762 N_("Could not open keytab file for write: %s: %s", ""),
763 fkt->filename,
764 emsg);
765 krb5_free_error_message(context, emsg);
766 return ret;
767 }
768 while (ret == 0 &&
769 (ret = fkt_next_entry_int(context, id, &e, &cursor,
770 &pos_start, &pos_end)) == 0) {
771 if (krb5_kt_compare(context, &e, entry->principal,
772 entry->vno, entry->keyblock.keytype)) {
773 int32_t len;
774 unsigned char buf[128];
775 found = 1;
776 krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
777 len = pos_end - pos_start - 4;
778 ret = krb5_store_int32(cursor.sp, -len);
779 memset(buf, 0, sizeof(buf));
780 while (ret == 0 && len > 0) {
781 bytes = krb5_storage_write(cursor.sp, buf,
782 min((size_t)len, sizeof(buf)));
783 if (bytes != min((size_t)len, sizeof(buf))) {
784 ret = bytes == -1 ? errno : KRB5_KT_END;
785 break;
786 }
787 len -= min((size_t)len, sizeof(buf));
788 }
789 }
790 krb5_kt_free_entry(context, &e);
791 }
792 (void) krb5_kt_end_seq_get(context, id, &cursor);
793 if (ret == KRB5_KT_END)
794 ret = 0;
795 if (ret) {
796 const char *emsg = krb5_get_error_message(context, ret);
797
798 krb5_set_error_message(context, ret,
799 N_("Could not remove keytab entry from %s: %s", ""),
800 fkt->filename,
801 emsg);
802 krb5_free_error_message(context, emsg);
803 } else if (!found) {
804 krb5_clear_error_message(context);
805 return KRB5_KT_NOTFOUND;
806 }
807 return ret;
808 }
809
810 const krb5_kt_ops krb5_fkt_ops = {
811 "FILE",
812 fkt_resolve,
813 fkt_get_name,
814 fkt_close,
815 fkt_destroy,
816 NULL, /* get */
817 fkt_start_seq_get,
818 fkt_next_entry,
819 fkt_end_seq_get,
820 fkt_add_entry,
821 fkt_remove_entry,
822 NULL,
823 0
824 };
825
826 const krb5_kt_ops krb5_wrfkt_ops = {
827 "WRFILE",
828 fkt_resolve,
829 fkt_get_name,
830 fkt_close,
831 fkt_destroy,
832 NULL, /* get */
833 fkt_start_seq_get,
834 fkt_next_entry,
835 fkt_end_seq_get,
836 fkt_add_entry,
837 fkt_remove_entry,
838 NULL,
839 0
840 };
841
842 const krb5_kt_ops krb5_javakt_ops = {
843 "JAVA14",
844 fkt_resolve_java14,
845 fkt_get_name,
846 fkt_close,
847 fkt_destroy,
848 NULL, /* get */
849 fkt_start_seq_get,
850 fkt_next_entry,
851 fkt_end_seq_get,
852 fkt_add_entry,
853 fkt_remove_entry,
854 NULL,
855 0
856 };
GSS-enabled samba4