lib/hdb/keytab.c

55682Smarkm/*
102644Snectar * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
55682Smarkm * (Royal Institute of Technology, Stockholm, Sweden).
55682Smarkm * All rights reserved.
55682Smarkm *
55682Smarkm * Redistribution and use in source and binary forms, with or without
55682Smarkm * modification, are permitted provided that the following conditions
55682Smarkm * are met:
55682Smarkm *
55682Smarkm * 1. Redistributions of source code must retain the above copyright
55682Smarkm *    notice, this list of conditions and the following disclaimer.
55682Smarkm *
55682Smarkm * 2. Redistributions in binary form must reproduce the above copyright
55682Smarkm *    notice, this list of conditions and the following disclaimer in the
55682Smarkm *    documentation and/or other materials provided with the distribution.
55682Smarkm *
55682Smarkm * 3. Neither the name of the Institute nor the names of its contributors
55682Smarkm *    may be used to endorse or promote products derived from this software
55682Smarkm *    without specific prior written permission.
55682Smarkm *
55682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
55682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55682Smarkm * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
55682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55682Smarkm * SUCH DAMAGE.
55682Smarkm */
55682Smarkm
55682Smarkm#include "hdb_locl.h"
55682Smarkm
55682Smarkm/* keytab backend for HDB databases */
55682Smarkm
178825SdfrRCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $");
55682Smarkm
55682Smarkmstruct hdb_data {
55682Smarkm    char *dbname;
55682Smarkm    char *mkey;
55682Smarkm};
55682Smarkm
72445Sassar/*
72445Sassar * the format for HDB keytabs is:
178825Sdfr * HDB:[database:file:mkey]
72445Sassar */
72445Sassar
55682Smarkmstatic krb5_error_code
55682Smarkmhdb_resolve(krb5_context context, const char *name, krb5_keytab id)
55682Smarkm{
55682Smarkm    struct hdb_data *d;
55682Smarkm    const char *db, *mkey;
72445Sassar
55682Smarkm    d = malloc(sizeof(*d));
90926Snectar    if(d == NULL) {
90926Snectar	krb5_set_error_string(context, "malloc: out of memory");
55682Smarkm	return ENOMEM;
90926Snectar    }
55682Smarkm    db = name;
55682Smarkm    mkey = strchr(name, ':');
55682Smarkm    if(mkey == NULL || mkey[1] == '\0') {
55682Smarkm	if(*name == '\0')
55682Smarkm	    d->dbname = NULL;
55682Smarkm	else {
55682Smarkm	    d->dbname = strdup(name);
55682Smarkm	    if(d->dbname == NULL) {
55682Smarkm		free(d);
90926Snectar		krb5_set_error_string(context, "malloc: out of memory");
55682Smarkm		return ENOMEM;
55682Smarkm	    }
55682Smarkm	}
55682Smarkm	d->mkey = NULL;
55682Smarkm    } else {
55682Smarkm	if((mkey - db) == 0) {
55682Smarkm	    d->dbname = NULL;
55682Smarkm	} else {
178825Sdfr	    d->dbname = malloc(mkey - db + 1);
55682Smarkm	    if(d->dbname == NULL) {
55682Smarkm		free(d);
90926Snectar		krb5_set_error_string(context, "malloc: out of memory");
55682Smarkm		return ENOMEM;
55682Smarkm	    }
72445Sassar	    memmove(d->dbname, db, mkey - db);
55682Smarkm	    d->dbname[mkey - db] = '\0';
55682Smarkm	}
55682Smarkm	d->mkey = strdup(mkey + 1);
55682Smarkm	if(d->mkey == NULL) {
55682Smarkm	    free(d->dbname);
55682Smarkm	    free(d);
90926Snectar	    krb5_set_error_string(context, "malloc: out of memory");
55682Smarkm	    return ENOMEM;
55682Smarkm	}
55682Smarkm    }
55682Smarkm    id->data = d;
55682Smarkm    return 0;
55682Smarkm}
55682Smarkm
55682Smarkmstatic krb5_error_code
55682Smarkmhdb_close(krb5_context context, krb5_keytab id)
55682Smarkm{
55682Smarkm    struct hdb_data *d = id->data;
72445Sassar
72445Sassar    free(d->dbname);
72445Sassar    free(d->mkey);
55682Smarkm    free(d);
55682Smarkm    return 0;
55682Smarkm}
55682Smarkm
55682Smarkmstatic krb5_error_code
55682Smarkmhdb_get_name(krb5_context context,
55682Smarkm	     krb5_keytab id,
55682Smarkm	     char *name,
55682Smarkm	     size_t namesize)
55682Smarkm{
55682Smarkm    struct hdb_data *d = id->data;
72445Sassar
55682Smarkm    snprintf(name, namesize, "%s%s%s",
55682Smarkm	     d->dbname ? d->dbname : "",
55682Smarkm	     (d->dbname || d->mkey) ? ":" : "",
55682Smarkm	     d->mkey ? d->mkey : "");
55682Smarkm    return 0;
55682Smarkm}
55682Smarkm
72445Sassarstatic void
72445Sassarset_config (krb5_context context,
178825Sdfr	    const krb5_config_binding *binding,
72445Sassar	    const char **dbname,
72445Sassar	    const char **mkey)
72445Sassar{
72445Sassar    *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
72445Sassar    *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
72445Sassar}
72445Sassar
72445Sassar/*
72445Sassar * try to figure out the database (`dbname') and master-key (`mkey')
72445Sassar * that should be used for `principal'.
72445Sassar */
72445Sassar
72445Sassarstatic void
72445Sassarfind_db (krb5_context context,
72445Sassar	 const char **dbname,
72445Sassar	 const char **mkey,
72445Sassar	 krb5_const_principal principal)
72445Sassar{
102644Snectar    const krb5_config_binding *top_bind = NULL;
178825Sdfr    const krb5_config_binding *default_binding = NULL;
178825Sdfr    const krb5_config_binding *db;
178825Sdfr    krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal));
72445Sassar
72445Sassar    *dbname = *mkey = NULL;
72445Sassar
178825Sdfr    while ((db =
72445Sassar	    krb5_config_get_next(context,
72445Sassar				 NULL,
72445Sassar				 &top_bind,
72445Sassar				 krb5_config_list,
72445Sassar				 "kdc",
72445Sassar				 "database",
72445Sassar				 NULL)) != NULL) {
72445Sassar	const char *p;
72445Sassar
72445Sassar	p = krb5_config_get_string (context, db, "realm", NULL);
72445Sassar	if (p == NULL) {
72445Sassar	    if(default_binding) {
72445Sassar		krb5_warnx(context, "WARNING: more than one realm-less "
72445Sassar			   "database specification");
72445Sassar		krb5_warnx(context, "WARNING: using the first encountered");
72445Sassar	    } else
72445Sassar		default_binding = db;
72445Sassar	} else if (strcmp (*prealm, p) == 0) {
72445Sassar	    set_config (context, db, dbname, mkey);
72445Sassar	    break;
72445Sassar	}
72445Sassar    }
72445Sassar    if (*dbname == NULL && default_binding != NULL)
72445Sassar	set_config (context, default_binding, dbname, mkey);
72445Sassar    if (*dbname == NULL)
72445Sassar	*dbname = HDB_DEFAULT_DB;
72445Sassar}
72445Sassar
72445Sassar/*
72445Sassar * find the keytab entry in `id' for `principal, kvno, enctype' and return
72445Sassar * it in `entry'.  return 0 or an error code
72445Sassar */
72445Sassar
55682Smarkmstatic krb5_error_code
55682Smarkmhdb_get_entry(krb5_context context,
55682Smarkm	      krb5_keytab id,
55682Smarkm	      krb5_const_principal principal,
55682Smarkm	      krb5_kvno kvno,
55682Smarkm	      krb5_enctype enctype,
55682Smarkm	      krb5_keytab_entry *entry)
55682Smarkm{
178825Sdfr    hdb_entry_ex ent;
55682Smarkm    krb5_error_code ret;
55682Smarkm    struct hdb_data *d = id->data;
55682Smarkm    int i;
72445Sassar    HDB *db;
72445Sassar    const char *dbname = d->dbname;
72445Sassar    const char *mkey   = d->mkey;
55682Smarkm
178825Sdfr    memset(&ent, 0, sizeof(ent));
178825Sdfr
72445Sassar    if (dbname == NULL)
72445Sassar	find_db (context, &dbname, &mkey, principal);
72445Sassar
72445Sassar    ret = hdb_create (context, &db, dbname);
55682Smarkm    if (ret)
55682Smarkm	return ret;
72445Sassar    ret = hdb_set_master_keyfile (context, db, mkey);
72445Sassar    if (ret) {
178825Sdfr	(*db->hdb_destroy)(context, db);
72445Sassar	return ret;
72445Sassar    }
72445Sassar
178825Sdfr    ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
72445Sassar    if (ret) {
178825Sdfr	(*db->hdb_destroy)(context, db);
72445Sassar	return ret;
72445Sassar    }
178825Sdfr    ret = (*db->hdb_fetch)(context, db, principal,
178825Sdfr			   HDB_F_DECRYPT|
178825Sdfr			   HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
178825Sdfr			   &ent);
72445Sassar
178825Sdfr    if(ret == HDB_ERR_NOENTRY) {
178825Sdfr	ret = KRB5_KT_NOTFOUND;
178825Sdfr	goto out;
178825Sdfr    }else if(ret)
178825Sdfr	goto out;
178825Sdfr
178825Sdfr    if(kvno && ent.entry.kvno != kvno) {
55682Smarkm	hdb_free_entry(context, &ent);
178825Sdfr 	ret = KRB5_KT_NOTFOUND;
178825Sdfr	goto out;
55682Smarkm    }
55682Smarkm    if(enctype == 0)
178825Sdfr	if(ent.entry.keys.len > 0)
178825Sdfr	    enctype = ent.entry.keys.val[0].key.keytype;
55682Smarkm    ret = KRB5_KT_NOTFOUND;
178825Sdfr    for(i = 0; i < ent.entry.keys.len; i++) {
178825Sdfr	if(ent.entry.keys.val[i].key.keytype == enctype) {
55682Smarkm	    krb5_copy_principal(context, principal, &entry->principal);
178825Sdfr	    entry->vno = ent.entry.kvno;
55682Smarkm	    krb5_copy_keyblock_contents(context,
178825Sdfr					&ent.entry.keys.val[i].key,
55682Smarkm					&entry->keyblock);
55682Smarkm	    ret = 0;
55682Smarkm	    break;
55682Smarkm	}
55682Smarkm    }
55682Smarkm    hdb_free_entry(context, &ent);
178825Sdfrout:
178825Sdfr    (*db->hdb_close)(context, db);
178825Sdfr    (*db->hdb_destroy)(context, db);
55682Smarkm    return ret;
55682Smarkm}
55682Smarkm
55682Smarkmkrb5_kt_ops hdb_kt_ops = {
55682Smarkm    "HDB",
55682Smarkm    hdb_resolve,
55682Smarkm    hdb_get_name,
55682Smarkm    hdb_close,
55682Smarkm    hdb_get_entry,
55682Smarkm    NULL,		/* start_seq_get */
55682Smarkm    NULL,		/* next_entry */
55682Smarkm    NULL,		/* end_seq_get */
55682Smarkm    NULL,		/* add */
55682Smarkm    NULL		/* remove */
55682Smarkm};