2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: keytab_krb4.c,v 1.10 2002/04/18 14:04:46 joda Exp $");
42 static krb5_error_code
43 krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
45 struct krb4_kt_data *d;
47 d = malloc (sizeof(*d));
49 krb5_set_error_string (context, "malloc: out of memory");
52 d->filename = strdup (name);
53 if (d->filename == NULL) {
55 krb5_set_error_string (context, "malloc: out of memory");
62 static krb5_error_code
63 krb4_kt_get_name (krb5_context context,
68 struct krb4_kt_data *d = id->data;
70 strlcpy (name, d->filename, name_sz);
74 static krb5_error_code
75 krb4_kt_close (krb5_context context,
78 struct krb4_kt_data *d = id->data;
85 struct krb4_cursor_extra_data {
86 krb5_keytab_entry entry;
91 open_flock(const char *filename, int flags, int mode)
95 int fd = open(filename, flags, mode);
98 if((flags & O_ACCMODE) == O_RDONLY)
99 lock_mode = LOCK_SH | LOCK_NB;
101 lock_mode = LOCK_EX | LOCK_NB;
102 while(flock(fd, lock_mode) < 0) {
115 static krb5_error_code
116 krb4_kt_start_seq_get_int (krb5_context context,
121 struct krb4_kt_data *d = id->data;
122 struct krb4_cursor_extra_data *ed;
125 ed = malloc (sizeof(*ed));
127 krb5_set_error_string (context, "malloc: out of memory");
130 ed->entry.principal = NULL;
133 c->fd = open_flock (d->filename, flags, 0);
137 krb5_set_error_string(context, "open(%s): %s", d->filename,
141 c->sp = krb5_storage_from_fd(c->fd);
142 krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
146 static krb5_error_code
147 krb4_kt_start_seq_get (krb5_context context,
151 return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c);
154 static krb5_error_code
155 read_v4_entry (krb5_context context,
156 struct krb4_kt_data *d,
158 struct krb4_cursor_extra_data *ed)
161 char *service, *instance, *realm;
165 ret = krb5_ret_stringz(c->sp, &service);
168 ret = krb5_ret_stringz(c->sp, &instance);
173 ret = krb5_ret_stringz(c->sp, &realm);
179 ret = krb5_425_conv_principal (context, service, instance, realm,
180 &ed->entry.principal);
186 ret = krb5_ret_int8(c->sp, &kvno);
188 krb5_free_principal (context, ed->entry.principal);
191 ret = krb5_storage_read(c->sp, key, 8);
193 krb5_free_principal(context, ed->entry.principal);
197 krb5_free_principal(context, ed->entry.principal);
200 ed->entry.vno = kvno;
201 ret = krb5_data_copy (&ed->entry.keyblock.keyvalue,
205 ed->entry.timestamp = time(NULL);
210 static krb5_error_code
211 krb4_kt_next_entry (krb5_context context,
213 krb5_keytab_entry *entry,
217 struct krb4_kt_data *d = id->data;
218 struct krb4_cursor_extra_data *ed = c->data;
219 const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5,
224 ret = read_v4_entry (context, d, c, ed);
228 ret = krb5_kt_copy_entry_contents (context,
233 entry->keyblock.keytype = keytypes[ed->num];
234 if (++ed->num == 3) {
235 krb5_kt_free_entry (context, &ed->entry);
241 static krb5_error_code
242 krb4_kt_end_seq_get (krb5_context context,
246 struct krb4_cursor_extra_data *ed = c->data;
248 krb5_storage_free (c->sp);
250 krb5_kt_free_entry (context, &ed->entry);
256 static krb5_error_code
257 krb4_store_keytab_entry(krb5_context context,
258 krb5_keytab_entry *entry,
265 char service[ANAME_SZ];
266 char instance[INST_SZ];
267 char realm[REALM_SZ];
268 ret = krb5_524_conv_principal (context, entry->principal,
269 service, instance, realm);
272 if (entry->keyblock.keyvalue.length == 8
273 && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
274 ret = krb5_store_stringz(sp, service);
275 ret = krb5_store_stringz(sp, instance);
276 ret = krb5_store_stringz(sp, realm);
277 ret = krb5_store_int8(sp, entry->vno);
278 ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8);
283 static krb5_error_code
284 krb4_kt_add_entry (krb5_context context,
286 krb5_keytab_entry *entry)
288 struct krb4_kt_data *d = id->data;
293 fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0);
295 fd = open_flock (d->filename,
296 O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
299 krb5_set_error_string(context, "open(%s): %s", d->filename,
304 sp = krb5_storage_from_fd(fd);
305 krb5_storage_set_eof_code(sp, KRB5_KT_END);
310 ret = krb4_store_keytab_entry(context, entry, sp);
311 krb5_storage_free(sp);
317 static krb5_error_code
318 krb4_kt_remove_entry(krb5_context context,
320 krb5_keytab_entry *entry)
322 struct krb4_kt_data *d = id->data;
325 krb5_kt_cursor cursor;
329 sp = krb5_storage_emem();
330 ret = krb5_kt_start_seq_get(context, id, &cursor);
331 while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) {
332 if(!krb5_kt_compare(context, &e, entry->principal,
333 entry->vno, entry->keyblock.keytype)) {
334 ret = krb4_store_keytab_entry(context, &e, sp);
336 krb5_storage_free(sp);
342 krb5_kt_end_seq_get(context, id, &cursor);
345 unsigned char buf[1024];
350 krb5_storage_to_data(sp, &data);
351 krb5_storage_free(sp);
353 fd = open_flock (d->filename, O_RDWR | O_BINARY, 0);
355 memset(data.data, 0, data.length);
356 krb5_data_free(&data);
357 if(errno == EACCES || errno == EROFS)
358 return KRB5_KT_NOWRITE;
362 if(write(fd, data.data, data.length) != data.length) {
363 memset(data.data, 0, data.length);
365 krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
368 memset(data.data, 0, data.length);
369 if(fstat(fd, &st) < 0) {
371 krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename);
374 st.st_size -= data.length;
375 memset(buf, 0, sizeof(buf));
376 while(st.st_size > 0) {
377 n = min(st.st_size, sizeof(buf));
378 n = write(fd, buf, n);
381 krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
387 if(ftruncate(fd, data.length) < 0) {
389 krb5_set_error_string(context, "failed truncating \"%s\"", d->filename);
392 krb5_data_free(&data);
394 krb5_set_error_string(context, "error closing \"%s\"", d->filename);
399 return KRB5_KT_NOTFOUND;
403 const krb5_kt_ops krb4_fkt_ops = {
409 krb4_kt_start_seq_get,
412 krb4_kt_add_entry, /* add_entry */
413 krb4_kt_remove_entry /* remove_entry */
416 const krb5_kt_ops krb5_srvtab_fkt_ops = {
422 krb4_kt_start_seq_get,
425 krb4_kt_add_entry, /* add_entry */
426 krb4_kt_remove_entry /* remove_entry */
lentferj's projects / dragonfly.git / blob