search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / krb5 / kadmin / ktutil / ktutil_funcs.c
blob89859da78edac32b09e87165a0a23737d2fbed55
1 /*
2 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "%Z%%M% %I% %E% SMI"
7
8
9 /*
10 * kadmin/ktutil/ktutil_funcs.c
11 *
12 *(C) Copyright 1995, 1996 by the Massachusetts Institute of Technology.
13 * All Rights Reserved.
14 *
15 * Export of this software from the United States of America may
16 * require a specific license from the United States Government.
17 * It is the responsibility of any person or organization contemplating
18 * export to obtain such a license before exporting.
19 *
20 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
21 * distribute this software and its documentation for any purpose and
22 * without fee is hereby granted, provided that the above copyright
23 * notice appear in all copies and that both that copyright notice and
24 * this permission notice appear in supporting documentation, and that
25 * the name of M.I.T. not be used in advertising or publicity pertaining
26 * to distribution of the software without specific, written prior
27 * permission. Furthermore if you modify this software you must label
28 * your software as modified software and not distribute it in such a
29 * fashion that it might be confused with the original M.I.T. software.
30 * M.I.T. makes no representations about the suitability of
31 * this software for any purpose. It is provided "as is" without express
32 * or implied warranty.
33 *
34 * Utility functions for ktutil.
35 */
36
37 #include "k5-int.h"
38 #include "ktutil.h"
39 #ifdef KRB5_KRB4_COMPAT
40 #include "kerberosIV/krb.h"
41 #include <stdio.h>
42 #endif
43 #include <string.h>
44 #include <ctype.h>
45 #include <libintl.h>
46
47 /*
48 * Free a kt_list
49 */
50 krb5_error_code ktutil_free_kt_list(context, list)
51 krb5_context context;
52 krb5_kt_list list;
53 {
54 krb5_kt_list lp, prev;
55 krb5_error_code retval = 0;
56
57 for (lp = list; lp;) {
58 retval = krb5_kt_free_entry(context, lp->entry);
59 free((char *)lp->entry);
60 if (retval)
61 break;
62 prev = lp;
63 lp = lp->next;
64 free((char *)prev);
65 }
66 return retval;
67 }
68
69 /*
70 * Delete a numbered entry in a kt_list. Takes a pointer to a kt_list
71 * in case head gets deleted.
72 */
73 krb5_error_code ktutil_delete(context, list, idx)
74 krb5_context context;
75 krb5_kt_list *list;
76 int idx;
77 {
78 krb5_kt_list lp, prev;
79 int i;
80
81 for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
82 if (i == idx) {
83 if (i == 1)
84 *list = lp->next;
85 else
86 prev->next = lp->next;
87 lp->next = NULL;
88 return ktutil_free_kt_list(context, lp);
89 }
90 }
91 return EINVAL;
92 }
93
94 /*
95 * Create a new keytab entry and add it to the keytab list.
96 * Based on the value of use_pass, either prompt the user for a
97 * password or key. If the keytab list is NULL, allocate a new
98 * one first.
99 */
100 krb5_error_code ktutil_add(context, list, princ_str, kvno,
101 enctype_str, use_pass)
102 krb5_context context;
103 krb5_kt_list *list;
104 char *princ_str;
105 krb5_kvno kvno;
106 char *enctype_str;
107 int use_pass;
108 {
109 krb5_keytab_entry *entry;
110 krb5_kt_list lp = NULL, prev = NULL;
111 krb5_principal princ;
112 krb5_enctype enctype;
113 krb5_timestamp now;
114 krb5_error_code retval;
115 krb5_data password, salt;
116 krb5_keyblock key;
117 char buf[BUFSIZ];
118 char promptstr[1024];
119
120 char *cp;
121 int i, tmp;
122 unsigned int pwsize = BUFSIZ;
123
124 retval = krb5_parse_name(context, princ_str, &princ);
125 if (retval)
126 return retval;
127 /* now unparse in order to get the default realm appended
128 to princ_str, if no realm was specified */
129 retval = krb5_unparse_name(context, princ, &princ_str);
130 if (retval)
131 return retval;
132 retval = krb5_string_to_enctype(enctype_str, &enctype);
133 if (retval)
134 return KRB5_BAD_ENCTYPE;
135 retval = krb5_timeofday(context, &now);
136 if (retval)
137 return retval;
138
139 if (*list) {
140 /* point lp at the tail of the list */
141 for (lp = *list; lp->next; lp = lp->next);
142 }
143 entry = (krb5_keytab_entry *) malloc(sizeof(krb5_keytab_entry));
144 if (!entry) {
145 return ENOMEM;
146 }
147 memset((char *) entry, 0, sizeof(*entry));
148
149 if (!lp) { /* if list is empty, start one */
150 lp = (krb5_kt_list) malloc(sizeof(*lp));
151 if (!lp) {
152 return ENOMEM;
153 }
154 } else {
155 lp->next = (krb5_kt_list) malloc(sizeof(*lp));
156 if (!lp->next) {
157 return ENOMEM;
158 }
159 prev = lp;
160 lp = lp->next;
161 }
162 lp->next = NULL;
163 lp->entry = entry;
164
165 if (use_pass) {
166 password.length = pwsize;
167 password.data = (char *) malloc(pwsize);
168 if (!password.data) {
169 retval = ENOMEM;
170 goto cleanup;
171 }
172
173 (void) snprintf(promptstr, sizeof(promptstr),
174 gettext("Password for %.1000s"), princ_str);
175 retval = krb5_read_password(context, promptstr, NULL, password.data,
176 &password.length);
177 if (retval)
178 goto cleanup;
179 retval = krb5_principal2salt(context, princ, &salt);
180 if (retval)
181 goto cleanup;
182 retval = krb5_c_string_to_key(context, enctype, &password,
183 &salt, &key);
184 if (retval)
185 goto cleanup;
186 memset(password.data, 0, password.length);
187 password.length = 0;
188 memcpy(&lp->entry->key, &key, sizeof(krb5_keyblock));
189 } else {
190 printf(gettext("Key for %s (hex): "), princ_str);
191 fgets(buf, BUFSIZ, stdin);
192 /*
193 * We need to get rid of the trailing '\n' from fgets.
194 * If we have an even number of hex digits (as we should),
195 * write a '\0' over the '\n'. If for some reason we have
196 * an odd number of hex digits, force an even number of hex
197 * digits by writing a '0' into the last position (the string
198 * will still be null-terminated).
199 */
200 buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
201 if (strlen(buf) == 0) {
202 fprintf(stderr, "addent: %s", gettext("Error reading key.\n"));
203 retval = 0;
204 goto cleanup;
205 }
206
207 lp->entry->key.enctype = enctype;
208 lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2);
209 if (!lp->entry->key.contents) {
210 retval = ENOMEM;
211 goto cleanup;
212 }
213
214 i = 0;
215 for (cp = buf; *cp; cp += 2) {
216 if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) {
217 fprintf(stderr, "addent: %s",
218 gettext("Illegal character in key.\n"));
219 retval = 0;
220 goto cleanup;
221 }
222 sscanf(cp, "%02x", &tmp);
223 lp->entry->key.contents[i++] = (krb5_octet) tmp;
224 }
225 lp->entry->key.length = i;
226 }
227 lp->entry->principal = princ;
228 lp->entry->vno = kvno;
229 lp->entry->timestamp = now;
230
231 if (!*list)
232 *list = lp;
233
234 return 0;
235
236 cleanup:
237 if (prev)
238 prev->next = NULL;
239 ktutil_free_kt_list(context, lp);
240 return retval;
241 }
242
243 /*
244 * Read in a keytab and append it to list. If list starts as NULL,
245 * allocate a new one if necessary.
246 */
247 krb5_error_code ktutil_read_keytab(context, name, list)
248 krb5_context context;
249 char *name;
250 krb5_kt_list *list;
251 {
252 krb5_kt_list lp = NULL, tail = NULL, back = NULL;
253 krb5_keytab kt;
254 krb5_keytab_entry *entry;
255 krb5_kt_cursor cursor;
256 krb5_error_code retval = 0;
257
258 if (*list) {
259 /* point lp at the tail of the list */
260 for (lp = *list; lp->next; lp = lp->next);
261 back = lp;
262 }
263 retval = krb5_kt_resolve(context, name, &kt);
264 if (retval)
265 return retval;
266 retval = krb5_kt_start_seq_get(context, kt, &cursor);
267 if (retval)
268 goto close_kt;
269 for (;;) {
270 entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
271 if (!entry) {
272 retval = ENOMEM;
273 break;
274 }
275 memset((char *)entry, 0, sizeof (*entry));
276 retval = krb5_kt_next_entry(context, kt, entry, &cursor);
277 if (retval)
278 break;
279
280 if (!lp) { /* if list is empty, start one */
281 lp = (krb5_kt_list)malloc(sizeof (*lp));
282 if (!lp) {
283 retval = ENOMEM;
284 break;
285 }
286 } else {
287 lp->next = (krb5_kt_list)malloc(sizeof (*lp));
288 if (!lp->next) {
289 retval = ENOMEM;
290 break;
291 }
292 lp = lp->next;
293 }
294 if (!tail)
295 tail = lp;
296 lp->next = NULL;
297 lp->entry = entry;
298 }
299 if (entry)
300 free((char *)entry);
301 if (retval) {
302 if (retval == KRB5_KT_END)
303 retval = 0;
304 else {
305 ktutil_free_kt_list(context, tail);
306 tail = NULL;
307 if (back)
308 back->next = NULL;
309 }
310 }
311 if (!*list)
312 *list = tail;
313 krb5_kt_end_seq_get(context, kt, &cursor);
314 close_kt:
315 krb5_kt_close(context, kt);
316 return retval;
317 }
318
319 /*
320 * Takes a kt_list and writes it to the named keytab.
321 */
322 krb5_error_code ktutil_write_keytab(context, list, name)
323 krb5_context context;
324 krb5_kt_list list;
325 char *name;
326 {
327 krb5_kt_list lp;
328 krb5_keytab kt;
329 char ktname[MAXPATHLEN+sizeof("WRFILE:")+1];
330 krb5_error_code retval = 0;
331
332 strcpy(ktname, "WRFILE:");
333 if (strlen (name) >= MAXPATHLEN)
334 return ENAMETOOLONG;
335 strncat (ktname, name, MAXPATHLEN);
336 retval = krb5_kt_resolve(context, ktname, &kt);
337 if (retval)
338 return retval;
339 for (lp = list; lp; lp = lp->next) {
340 retval = krb5_kt_add_entry(context, kt, lp->entry);
341 if (retval)
342 break;
343 }
344 krb5_kt_close(context, kt);
345 return retval;
346 }
347
348 #ifdef KRB5_KRB4_COMPAT
349 /*
350 * getstr() takes a file pointer, a string and a count. It reads from
351 * the file until either it has read "count" characters, or until it
352 * reads a null byte. When finished, what has been read exists in the
353 * given string "s". If "count" characters were actually read, the
354 * last is changed to a null, so the returned string is always null-
355 * terminated. getstr() returns the number of characters read,
356 * including the null terminator.
357 */
358
359 static int getstr(fp, s, n)
360 FILE *fp;
361 register char *s;
362 int n;
363 {
364 register int count = n;
365 while (fread(s, 1, 1, fp) > 0 && --count)
366 if (*s++ == '\0')
367 return (n - count);
368 *s = '\0';
369 return (n - count);
370 }
371
372 /*
373 * Read in a named krb4 srvtab and append to list. Allocate new list
374 * if needed.
375 */
376 krb5_error_code ktutil_read_srvtab(context, name, list)
377 krb5_context context;
378 char *name;
379 krb5_kt_list *list;
380 {
381 krb5_kt_list lp = NULL, tail = NULL, back = NULL;
382 krb5_keytab_entry *entry;
383 krb5_error_code retval = 0;
384 char sname[SNAME_SZ]; /* name of service */
385 char sinst[INST_SZ]; /* instance of service */
386 char srealm[REALM_SZ]; /* realm of service */
387 unsigned char kvno; /* key version number */
388 des_cblock key;
389 FILE *fp;
390
391 if (*list) {
392 /* point lp at the tail of the list */
393 for (lp = *list; lp->next; lp = lp->next);
394 back = lp;
395 }
396 fp = fopen(name, "r");
397 if (!fp)
398 return EIO;
399 for (;;) {
400 entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
401 if (!entry) {
402 retval = ENOMEM;
403 break;
404 }
405 memset((char *)entry, 0, sizeof (*entry));
406 memset(sname, 0, sizeof (sname));
407 memset(sinst, 0, sizeof (sinst));
408 memset(srealm, 0, sizeof (srealm));
409 if (!(getstr(fp, sname, SNAME_SZ) > 0 &&
410 getstr(fp, sinst, INST_SZ) > 0 &&
411 getstr(fp, srealm, REALM_SZ) > 0 &&
412 fread(&kvno, 1, 1, fp) > 0 &&
413 fread((char *)key, sizeof (key), 1, fp) > 0))
414 break;
415 entry->magic = KV5M_KEYTAB_ENTRY;
416 entry->timestamp = 0; /* XXX */
417 entry->vno = kvno;
418 retval = krb5_425_conv_principal(context,
419 sname, sinst, srealm,
420 &entry->principal);
421 if (retval)
422 break;
423 entry->key.magic = KV5M_KEYBLOCK;
424 entry->key.enctype = ENCTYPE_DES_CBC_CRC;
425 entry->key.length = sizeof (key);
426 entry->key.contents = (krb5_octet *)malloc(sizeof (key));
427 if (!entry->key.contents) {
428 retval = ENOMEM;
429 break;
430 }
431 memcpy((char *)entry->key.contents, (char *)key, sizeof (key));
432 if (!lp) { /* if list is empty, start one */
433 lp = (krb5_kt_list)malloc(sizeof (*lp));
434 if (!lp) {
435 retval = ENOMEM;
436 break;
437 }
438 } else {
439 lp->next = (krb5_kt_list)malloc(sizeof (*lp));
440 if (!lp->next) {
441 retval = ENOMEM;
442 break;
443 }
444 lp = lp->next;
445 }
446 lp->next = NULL;
447 lp->entry = entry;
448 if (!tail)
449 tail = lp;
450 }
451 if (entry) {
452 if (entry->magic == KV5M_KEYTAB_ENTRY)
453 krb5_kt_free_entry(context, entry);
454 free((char *)entry);
455 }
456 if (retval) {
457 ktutil_free_kt_list(context, tail);
458 tail = NULL;
459 if (back)
460 back->next = NULL;
461 }
462 if (!*list)
463 *list = tail;
464 fclose(fp);
465 return retval;
466 }
467
468 /*
469 * Writes a kt_list out to a krb4 srvtab file. Note that it first
470 * prunes the kt_list so that it won't contain any keys that are not
471 * the most recent, and ignores keys that are not ENCTYPE_DES.
472 */
473 krb5_error_code ktutil_write_srvtab(context, list, name)
474 krb5_context context;
475 krb5_kt_list list;
476 char *name;
477 {
478 krb5_kt_list lp, lp1, prev, pruned = NULL;
479 krb5_error_code retval = 0;
480 FILE *fp;
481 char sname[SNAME_SZ];
482 char sinst[INST_SZ];
483 char srealm[REALM_SZ];
484
485 /* First do heinous stuff to prune the list. */
486 for (lp = list; lp; lp = lp->next) {
487 if ((lp->entry->key.enctype != ENCTYPE_DES_CBC_CRC) &&
488 (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD5) &&
489 (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD4) &&
490 (lp->entry->key.enctype != ENCTYPE_DES_CBC_RAW))
491 continue;
492
493 for (lp1 = pruned; lp1; prev = lp1, lp1 = lp1->next) {
494 /* Hunt for the current principal in the pruned list */
495 if (krb5_principal_compare(context,
496 lp->entry->principal,
497 lp1->entry->principal))
498 break;
499 }
500 if (!lp1) { /* need to add entry to tail of pruned list */
501 if (!pruned) {
502 pruned = (krb5_kt_list) malloc(sizeof (*pruned));
503 if (!pruned)
504 return ENOMEM;
505 memset((char *) pruned, 0, sizeof(*pruned));
506 lp1 = pruned;
507 } else {
508 prev->next
509 = (krb5_kt_list) malloc(sizeof (*pruned));
510 if (!prev->next) {
511 retval = ENOMEM;
512 goto free_pruned;
513 }
514 memset((char *) prev->next, 0, sizeof(*pruned));
515 lp1 = prev->next;
516 }
517 lp1->entry = lp->entry;
518 } else {
519 /* This heuristic should be roughly the same as in the
520 keytab-reading code in libkrb5. */
521 int offset = 0;
522 if (lp1->entry->vno > 240 || lp->entry->vno > 240) {
523 offset = 128;
524 }
525 #define M(X) (((X) + offset) % 256)
526 if (M(lp1->entry->vno) < M(lp->entry->vno))
527 /* Check if lp->entry is newer kvno; if so, update */
528 lp1->entry = lp->entry;
529 }
530 }
531 umask(0077); /*Changing umask for all of ktutil is OK
532 * We don't ever write out anything that should use
533 * default umask.*/
534 fp = fopen(name, "w");
535 if (!fp) {
536 retval = EIO;
537 goto free_pruned;
538 }
539 for (lp = pruned; lp; lp = lp->next) {
540 unsigned char kvno;
541 kvno = (unsigned char) lp->entry->vno;
542 retval = krb5_524_conv_principal(context,
543 lp->entry->principal,
544 sname, sinst, srealm);
545 if (retval)
546 break;
547 fwrite(sname, strlen(sname) + 1, 1, fp);
548 fwrite(sinst, strlen(sinst) + 1, 1, fp);
549 fwrite(srealm, strlen(srealm) + 1, 1, fp);
550 fwrite((char *)&kvno, 1, 1, fp);
551 fwrite((char *)lp->entry->key.contents,
552 sizeof (des_cblock), 1, fp);
553 }
554 fclose(fp);
555 free_pruned:
556 /*
557 * Loop over and free the pruned list; don't use free_kt_list
558 * because that kills the entries.
559 */
560 for (lp = pruned; lp;) {
561 prev = lp;
562 lp = lp->next;
563 free((char *)prev);
564 }
565 return retval;
566 }
567 #endif /* KRB5_KRB4_COMPAT */
unleashed repo fork