Merge from vendor branch HEIMDAL:

[dragonfly.git] / crypto / heimdal-0.6.3 / appl / ftp / ftpd / kauth.c

/*
 * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "ftpd_locl.h"

RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");

static KTEXT_ST cip;
static unsigned int lifetime;
static time_t local_time;

static krb_principal pr;

static int do_destroy_tickets = 1;

static int
save_tkt(const char *user,
         const char *instance,
         const char *realm,
         const void *arg, 
         key_proc_t key_proc,
         KTEXT *cipp)
{
    local_time = time(0);
    memmove(&cip, *cipp, sizeof(cip));
    return -1;
}

static int
store_ticket(KTEXT cip)
{
    char *ptr;
    des_cblock session;
    krb_principal sp;
    unsigned char kvno;
    KTEXT_ST tkt;
    int left = cip->length;
    int len;
    int kerror;
    
    ptr = (char *) cip->dat;

    /* extract session key */
    memmove(session, ptr, 8);
    ptr += 8;
    left -= 8;

    len = strnlen(ptr, left);
    if (len == left)
        return(INTK_BADPW);
    
    /* extract server's name */
    strlcpy(sp.name, ptr, sizeof(sp.name));
    ptr += len + 1;
    left -= len + 1;

    len = strnlen(ptr, left);
    if (len == left)
        return(INTK_BADPW);
    
    /* extract server's instance */
    strlcpy(sp.instance, ptr, sizeof(sp.instance));
    ptr += len + 1;
    left -= len + 1;

    len = strnlen(ptr, left);
    if (len == left)
        return(INTK_BADPW);
    
    /* extract server's realm */
    strlcpy(sp.realm, ptr, sizeof(sp.realm));
    ptr += len + 1;
    left -= len + 1;

    if(left < 3)
        return INTK_BADPW;
    /* extract ticket lifetime, server key version, ticket length */
    /* be sure to avoid sign extension on lifetime! */
    lifetime = (unsigned char) ptr[0];
    kvno = (unsigned char) ptr[1];
    tkt.length = (unsigned char) ptr[2];
    ptr += 3;
    left -= 3;
    
    if (tkt.length > left)
        return(INTK_BADPW);

    /* extract ticket itself */
    memmove(tkt.dat, ptr, tkt.length);
    ptr += tkt.length;
    left -= tkt.length;

    /* Here is where the time should be verified against the KDC.
     * Unfortunately everything is sent in host byte order (receiver
     * makes wrong) , and at this stage there is no way for us to know
     * which byteorder the KDC has. So we simply ignore the time,
     * there are no security risks with this, the only thing that can
     * happen is that we might receive a replayed ticket, which could
     * at most be useless.
     */
    
#if 0
    /* check KDC time stamp */
    {
        time_t kdc_time;

        memmove(&kdc_time, ptr, sizeof(kdc_time));
        if (swap_bytes) swap_u_long(kdc_time);

        ptr += 4;
    
        if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
            return(RD_AP_TIME);         /* XXX should probably be better
                                           code */
        }
    }
#endif

    /* initialize ticket cache */

    if (tf_create(TKT_FILE) != KSUCCESS)
        return(INTK_ERR);

    if (tf_put_pname(pr.name) != KSUCCESS ||
        tf_put_pinst(pr.instance) != KSUCCESS) {
        tf_close();
        return(INTK_ERR);
    }

    
    kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, 
                          lifetime, kvno, &tkt, local_time);
    tf_close();

    return(kerror);
}

void
kauth(char *principal, char *ticket)
{
    char *p;
    int ret;
  
    if(get_command_prot() != prot_private) {
        reply(500, "Request denied (bad protection level)");
        return;
    }
    ret = krb_parse_name(principal, &pr);
    if(ret){
        reply(500, "Bad principal: %s.", krb_get_err_text(ret));
        return;
    }
    if(pr.realm[0] == 0)
        krb_get_lrealm(pr.realm, 1);

    if(ticket){
        cip.length = base64_decode(ticket, &cip.dat);
        if(cip.length == -1){
            reply(500, "Failed to decode data.");
            return;
        }
        ret = store_ticket(&cip);
        if(ret){
            reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
            memset(&cip, 0, sizeof(cip));
            return;
        }
        do_destroy_tickets = 1;

        if(k_hasafs())
            krb_afslog(0, 0);
        reply(200, "Tickets will be destroyed on exit.");
        return;
    }
    
    ret = krb_get_in_tkt (pr.name,
                          pr.instance,
                          pr.realm,
                          KRB_TICKET_GRANTING_TICKET,
                          pr.realm,
                          DEFAULT_TKT_LIFE,
                          NULL, save_tkt, NULL);
    if(ret != INTK_BADPW){
        reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
        return;
    }
    if(base64_encode(cip.dat, cip.length, &p) < 0) {
        reply(500, "Out of memory while base64-encoding.");
        return;
    }
    reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
    free(p);
    memset(&cip, 0, sizeof(cip));
}


static char *
short_date(int32_t dp)
{
    char *cp;
    time_t t = (time_t)dp;

    if (t == (time_t)(-1L)) return "***  Never  *** ";
    cp = ctime(&t) + 4;
    cp[15] = '\0';
    return (cp);
}

void
klist(void)
{
    int err;

    char *file = tkt_string();

    krb_principal pr;
    
    char buf1[128], buf2[128];
    int header = 1;
    CREDENTIALS c;

    

    err = tf_init(file, R_TKT_FIL);
    if(err != KSUCCESS){
        reply(500, "%s", krb_get_err_text(err));
        return;
    }
    tf_close();

    /* 
     * We must find the realm of the ticket file here before calling
     * tf_init because since the realm of the ticket file is not
     * really stored in the principal section of the file, the
     * routine we use must itself call tf_init and tf_close.
     */
    err = krb_get_tf_realm(file, pr.realm);
    if(err != KSUCCESS){
        reply(500, "%s", krb_get_err_text(err));
        return;
    }

    err = tf_init(file, R_TKT_FIL);
    if(err != KSUCCESS){
        reply(500, "%s", krb_get_err_text(err));
        return;
    }

    err = tf_get_pname(pr.name);
    if(err != KSUCCESS){
        reply(500, "%s", krb_get_err_text(err));
        return;
    }
    err = tf_get_pinst(pr.instance);
    if(err != KSUCCESS){
        reply(500, "%s", krb_get_err_text(err));
        return;
    }

    /* 
     * You may think that this is the obvious place to get the
     * realm of the ticket file, but it can't be done here as the
     * routine to do this must open the ticket file.  This is why 
     * it was done before tf_init.
     */
       
    lreply(200, "Ticket file: %s", tkt_string());

    lreply(200, "Principal: %s", krb_unparse_name(&pr));
    while ((err = tf_get_cred(&c)) == KSUCCESS) {
        if (header) {
            lreply(200, "%-15s  %-15s  %s",
                   "  Issued", "  Expires", "  Principal (kvno)");
            header = 0;
        }
        strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
        c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
        if (time(0) < (unsigned long) c.issue_date)
            strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
        else
            strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
        lreply(200, "%s  %s  %s (%d)", buf1, buf2,
               krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); 
    }
    if (header && err == EOF) {
        lreply(200, "No tickets in file.");
    }
    reply(200, " ");
}

/*
 * Only destroy if we created the tickets
 */

void
cond_kdestroy(void)
{
    if (do_destroy_tickets)
        dest_tkt();
    afsunlog();
}

void
kdestroy(void)
{
    dest_tkt();
    afsunlog();
    reply(200, "Tickets destroyed");
}

void
krbtkfile(const char *tkfile)
{
    do_destroy_tickets = 0;
    krb_set_tkt_string(tkfile);
    reply(200, "Using ticket file %s", tkfile);
}

void
afslog(const char *cell)
{
    if(k_hasafs()) {
        krb_afslog(cell, 0);
        reply(200, "afslog done");
    } else {
        reply(200, "no AFS present");
    }
}

void
afsunlog(void)
{
    if(k_hasafs())
        k_unlog();
}