From 6c177497a6d2a44fb152edd6234601e9fefaa602 Mon Sep 17 00:00:00 2001 From: Geoffrey King Date: Sun, 13 Jun 1999 09:17:33 +0000 Subject: [PATCH] Implement SRVTAB keytab type, which can read a krb4 srvtab git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11511 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ChangeLog | 5 + src/lib/krb5/Makefile.in | 10 +- src/lib/krb5/configure.in | 1 + src/lib/krb5/keytab/.Sanitize | 1 + src/lib/krb5/keytab/ChangeLog | 7 ++ src/lib/krb5/keytab/Makefile.in | 9 +- src/lib/krb5/keytab/ktbase.c | 24 ++-- src/lib/krb5/keytab/srvtab/.Sanitize | 46 ++++++++ src/lib/krb5/keytab/srvtab/ChangeLog | 4 + src/lib/krb5/keytab/srvtab/Makefile.in | 52 +++++++++ src/lib/krb5/keytab/srvtab/kts_close.c | 48 ++++++++ src/lib/krb5/keytab/srvtab/kts_endget.c | 38 ++++++ src/lib/krb5/keytab/srvtab/kts_g_ent.c | 102 ++++++++++++++++ src/lib/krb5/keytab/srvtab/kts_g_name.c | 58 +++++++++ src/lib/krb5/keytab/srvtab/kts_next.c | 48 ++++++++ src/lib/krb5/keytab/srvtab/kts_ops.c | 43 +++++++ src/lib/krb5/keytab/srvtab/kts_resolv.c | 69 +++++++++++ src/lib/krb5/keytab/srvtab/kts_ssget.c | 50 ++++++++ src/lib/krb5/keytab/srvtab/kts_util.c | 149 ++++++++++++++++++++++++ src/lib/krb5/keytab/srvtab/ktsrvtab.h | 114 ++++++++++++++++++ 20 files changed, 863 insertions(+), 15 deletions(-) create mode 100644 src/lib/krb5/keytab/srvtab/.Sanitize create mode 100644 src/lib/krb5/keytab/srvtab/ChangeLog create mode 100644 src/lib/krb5/keytab/srvtab/Makefile.in create mode 100644 src/lib/krb5/keytab/srvtab/kts_close.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_endget.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_g_ent.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_g_name.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_next.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_ops.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_resolv.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_ssget.c create mode 100644 src/lib/krb5/keytab/srvtab/kts_util.c create mode 100644 src/lib/krb5/keytab/srvtab/ktsrvtab.h diff --git a/src/lib/krb5/ChangeLog b/src/lib/krb5/ChangeLog index 796ef6586..5f181680f 100644 --- a/src/lib/krb5/ChangeLog +++ b/src/lib/krb5/ChangeLog @@ -1,3 +1,8 @@ +1999-06-13 Geoffrey King + + * Makefile.in: + * configure.in: Add new subdirectory keytab/srvtab. + Tue May 18 19:52:56 1999 Danilo Almeida * Makefile.in: Remove - from recursive Win32 make invocation. diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in index 15fd75d1c..2d9535035 100644 --- a/src/lib/krb5/Makefile.in +++ b/src/lib/krb5/Makefile.in @@ -3,7 +3,7 @@ myfulldir=lib/krb5 mydir=. BUILDTOP=$(REL)$(U)$(S)$(U) LOCAL_SUBDIRS= error_tables asn.1 ccache ccache/stdio ccache/file \ - ccache/memory keytab keytab/file krb os rcache posix + ccache/memory keytab keytab/file keytab/srvtab krb os rcache posix ##DOSBUILDTOP = ..\.. ##DOSLIBNAME=$(OUTPRE)krb5.lib @@ -15,13 +15,13 @@ TST=if test -n "`cat DONE`" ; then MAC_SUBDIRS = error_tables asn.1 ccache keytab krb rcache os posix LIB_SUBDIRS= error_tables asn.1 ccache ccache/stdio ccache/file ccache/memory \ - keytab keytab/file krb rcache os posix \ + keytab keytab/file keytab/srvtab krb rcache os posix \ $(BUILDTOP)/util/profile LIBUPDATE= $(BUILDTOP)/util/libupdate LIBDONE= error_tables/DONE asn.1/DONE ccache/DONE ccache/stdio/DONE \ ccache/file/DONE ccache/memory/DONE keytab/DONE \ - keytab/file/DONE krb/DONE rcache/DONE os/DONE \ - posix/DONE $(BUILDTOP)/util/profile/DONE + keytab/file/DONE keytab/srvtab/DONE krb/DONE rcache/DONE \ + os/DONE posix/DONE $(BUILDTOP)/util/profile/DONE # #SHLIB_LIBS=-lcrypto -lcom_err @SHLIB_GEN@ @@ -38,7 +38,7 @@ STOBJLISTS= \ asn.1/OBJS.ST \ ccache/OBJS.ST ccache/stdio/OBJS.ST ccache/file/OBJS.ST \ ccache/memory/OBJS.ST \ - keytab/OBJS.ST keytab/file/OBJS.ST \ + keytab/OBJS.ST keytab/file/OBJS.ST keytab/srvtab/OBJS.ST \ krb/OBJS.ST \ rcache/OBJS.ST \ os/OBJS.ST \ diff --git a/src/lib/krb5/configure.in b/src/lib/krb5/configure.in index 8f469e5d0..15bf36c88 100644 --- a/src/lib/krb5/configure.in +++ b/src/lib/krb5/configure.in @@ -27,6 +27,7 @@ K5_GEN_MAKEFILE(ccache/file, libobj) K5_GEN_MAKEFILE(ccache/memory, libobj) K5_GEN_MAKEFILE(keytab, libobj) K5_GEN_MAKEFILE(keytab/file, libobj) +K5_GEN_MAKEFILE(keytab/srvtab, libobj) K5_GEN_MAKEFILE(keytab/db, libobj) K5_GEN_MAKEFILE(krb, libobj) K5_GEN_MAKEFILE(rcache, libobj) diff --git a/src/lib/krb5/keytab/.Sanitize b/src/lib/krb5/keytab/.Sanitize index f204a7e8b..4f7dada30 100644 --- a/src/lib/krb5/keytab/.Sanitize +++ b/src/lib/krb5/keytab/.Sanitize @@ -30,6 +30,7 @@ configure configure.in db file +srvtab ktadd.c ktbase.c ktdefault.c diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog index 9e4cf4c74..9b6d81a95 100644 --- a/src/lib/krb5/keytab/ChangeLog +++ b/src/lib/krb5/keytab/ChangeLog @@ -1,3 +1,10 @@ +1999-06-13 Geoffrey King + + * Makefile.in: Add new subdirectory srvtab. + + * ktbase.c: Support FILE and SRVTAB types by default. Use + krb5_ktf_ops instead of krb5_dfl_ops. + Tue May 18 19:52:56 1999 Danilo Almeida * Makefile.in: Remove - from recursive Win32 make invocation. diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in index 890e6d5aa..03b2ec5cc 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=./.. myfulldir=lib/krb5/keytab mydir=keytab BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -LOCAL_SUBDIRS = file +LOCAL_SUBDIRS = file srvtab CFLAGS = $(CCOPTS) $(DEFS) @@ -11,7 +11,7 @@ CFLAGS = $(CCOPTS) $(DEFS) ##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst ##WIN16##LIBNAME=..\krb5.lib -MAC_SUBDIRS = file +MAC_SUBDIRS = file srvtab STLIBOBJS= \ ktadd.o \ @@ -39,11 +39,14 @@ SRCS= \ all-windows:: subdirs $(OBJFILE) -##DOSsubdirs:: file\$(OUTPRE)file.lst +##DOSsubdirs:: file\$(OUTPRE)file.lst srvtab\$(OUTPRE)srvtab.lst ##DOSfile\$(OUTPRE)file.lst:: ##DOS cd file ##DOS @echo Making in krb5\keytab\file ##DOS $(MAKE) -$(MFLAGS) +##DOS cd ..\srvtab +##DOS @echo Making in krb5\keytab\srvtab +##DOS $(MAKE) -$(MFLAGS) ##DOS cd .. ##DOS$(OBJFILE): $(OBJS) file\$(OUTPRE)file.lst diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index 3e821edc7..c65ee4483 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -26,13 +26,23 @@ #include "k5-int.h" -struct krb5_kt_typelist - { - krb5_kt_ops *ops; - struct krb5_kt_typelist *next; - }; -static struct krb5_kt_typelist krb5_kt_typelist_dfl = { &krb5_kt_dfl_ops, 0 }; -static struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_dfl; +extern krb5_kt_ops krb5_ktf_ops; +extern krb5_kt_ops krb5_kts_ops; + +struct krb5_kt_typelist { + krb5_kt_ops *ops; + struct krb5_kt_typelist *next; +}; +static struct krb5_kt_typelist krb5_kt_typelist_file = { + &krb5_ktf_ops, + 0 +}; +static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { + &krb5_kts_ops, + &krb5_kt_typelist_file +}; +static struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab; + /* * Register a new key table type diff --git a/src/lib/krb5/keytab/srvtab/.Sanitize b/src/lib/krb5/keytab/srvtab/.Sanitize new file mode 100644 index 000000000..afa237aa3 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/.Sanitize @@ -0,0 +1,46 @@ +# Sanitize.in for Kerberos V5 + +# Each directory to survive it's way into a release will need a file +# like this one called "./.Sanitize". All keyword lines must exist, +# and must exist in the order specified by this file. Each directory +# in the tree will be processed, top down, in the following order. + +# Hash started lines like this one are comments and will be deleted +# before anything else is done. Blank lines will also be squashed +# out. + +# The lines between the "Do-first:" line and the "Things-to-keep:" +# line are executed as a /bin/sh shell script before anything else is +# done in this + +Do-first: + +# All files listed between the "Things-to-keep:" line and the +# "Files-to-sed:" line will be kept. All other files will be removed. +# Directories listed in this section will have their own Sanitize +# called. Directories not listed will be removed in their entirety +# with rm -rf. + +Things-to-keep: + +.cvsignore +ChangeLog +Makefile.in +configure +configure.in +kts_close.c +kts_endget.c +kts_g_ent.c +kts_g_name.c +kts_next.c +kts_ops.c +kts_resolv.c +kts_ssget.c +kts_util.c +ktsrvtab.h + +Things-to-lose: + +Do-last: + +# End of file. diff --git a/src/lib/krb5/keytab/srvtab/ChangeLog b/src/lib/krb5/keytab/srvtab/ChangeLog new file mode 100644 index 000000000..678056252 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/ChangeLog @@ -0,0 +1,4 @@ +1999-06-13 Geoffrey King + + * Initial checkin of ghudson's code to implement the SRVTAB keytab + type, which can read a krb4 srvtab. \ No newline at end of file diff --git a/src/lib/krb5/keytab/srvtab/Makefile.in b/src/lib/krb5/keytab/srvtab/Makefile.in new file mode 100644 index 000000000..5ac97f551 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/Makefile.in @@ -0,0 +1,52 @@ +thisconfigdir=./../.. +myfulldir=lib/krb5/keytab/srvtab +mydir=keytab/srvtab +BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)$(S)$(U) + +CFLAGS = $(CCOPTS) $(DEFS) + +##DOS##BUILDTOP = ..\..\..\.. +##DOS##PREFIXDIR=keytab\srvtab +##DOS##OBJFILE=$(OUTPRE)file.lst +##WIN16##LIBNAME=..\..\krb5.lib + +STLIBOBJS= \ + kts_close.o \ + kts_endget.o \ + kts_g_ent.o \ + kts_g_name.o \ + kts_next.o \ + kts_ops.o \ + kts_resolv.o \ + kts_ssget.o \ + kts_util.o + +OBJS= \ + $(OUTPRE)kts_close.$(OBJEXT) \ + $(OUTPRE)kts_endget.$(OBJEXT) \ + $(OUTPRE)kts_g_ent.$(OBJEXT) \ + $(OUTPRE)kts_g_name.$(OBJEXT) \ + $(OUTPRE)kts_next.$(OBJEXT) \ + $(OUTPRE)kts_ops.$(OBJEXT) \ + $(OUTPRE)kts_resolv.$(OBJEXT) \ + $(OUTPRE)kts_ssget.$(OBJEXT) \ + $(OUTPRE)kts_util.$(OBJEXT) + + +SRCS= \ + $(srcdir)/kts_close.c \ + $(srcdir)/kts_endget.c \ + $(srcdir)/kts_g_ent.c \ + $(srcdir)/kts_g_name.c \ + $(srcdir)/kts_next.c \ + $(srcdir)/kts_ops.c \ + $(srcdir)/kts_resolv.c \ + $(srcdir)/kts_ssget.c \ + $(srcdir)/kts_util.c + +all-windows:: subdirs $(OBJFILE) + +##DOS##LIBOBJS = $(OBJS) + +all-unix:: all-libobjs +clean-unix:: clean-libobjs diff --git a/src/lib/krb5/keytab/srvtab/kts_close.c b/src/lib/krb5/keytab/srvtab/kts_close.c new file mode 100644 index 000000000..091444028 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_close.c @@ -0,0 +1,48 @@ +/* + * lib/krb5/keytab/srvtab/kts_close.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * "Close" a file-based keytab and invalidate the id. This means + * free memory hidden in the structures. + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_close(context, id) + krb5_context context; + krb5_keytab id; + /* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktsrvtab_resolve(). + */ +{ + krb5_xfree(KTFILENAME(id)); + krb5_xfree(id->data); + id->ops = 0; + krb5_xfree(id); + return (0); +} diff --git a/src/lib/krb5/keytab/srvtab/kts_endget.c b/src/lib/krb5/keytab/srvtab/kts_endget.c new file mode 100644 index 000000000..c58dc543e --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_endget.c @@ -0,0 +1,38 @@ +/* + * lib/krb5/keytab/srvtab/kts_endget.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_ktsrvtab_end_get() + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_end_get(context, id, cursor) + krb5_context context; + krb5_keytab id; + krb5_kt_cursor *cursor; +{ + krb5_xfree(*cursor); + return krb5_ktsrvint_close(context, id); +} diff --git a/src/lib/krb5/keytab/srvtab/kts_g_ent.c b/src/lib/krb5/keytab/srvtab/kts_g_ent.c new file mode 100644 index 000000000..ac3e9487d --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_g_ent.c @@ -0,0 +1,102 @@ +/* + * lib/krb5/keytab/file/kts_g_ent.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * This is the get_entry routine for the file based keytab implementation. + * It opens the keytab file, and either retrieves the entry or returns + * an error. + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_get_entry(context, id, principal, kvno, enctype, entry) + krb5_context context; + krb5_keytab id; + krb5_principal principal; + krb5_kvno kvno; + krb5_enctype enctype; + krb5_keytab_entry * entry; +{ + krb5_keytab_entry best_entry, ent; + krb5_error_code kerror = 0; + int found_wrong_kvno = 0; + + /* Open the srvtab. */ + if ((kerror = krb5_ktsrvint_open(context, id))) + return(kerror); + + /* srvtab files only have DES_CBC_CRC keys. */ + switch (enctype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_MD4: + case ENCTYPE_DES_CBC_RAW: + case IGNORE_ENCTYPE: + break; + default: + return KRB5_KT_NOTFOUND; + } + + best_entry.principal = 0; + best_entry.vno = 0; + best_entry.key.contents = 0; + while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { + if (krb5_principal_compare(context, principal, ent.principal)) { + if (kvno == IGNORE_VNO) { + if (!best_entry.principal || (best_entry.vno < ent.vno)) { + krb5_kt_free_entry(context, &best_entry); + best_entry = ent; + } + } else { + if (ent.vno == kvno) { + best_entry = ent; + break; + } else { + found_wrong_kvno = 1; + } + } + } else { + krb5_kt_free_entry(context, &ent); + } + } + if (kerror == KRB5_KT_END) { + if (best_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; + } + if (kerror) { + (void) krb5_ktsrvint_close(context, id); + krb5_kt_free_entry(context, &best_entry); + return kerror; + } + if ((kerror = krb5_ktsrvint_close(context, id)) != 0) { + krb5_kt_free_entry(context, &best_entry); + return kerror; + } + *entry = best_entry; + return 0; +} diff --git a/src/lib/krb5/keytab/srvtab/kts_g_name.c b/src/lib/krb5/keytab/srvtab/kts_g_name.c new file mode 100644 index 000000000..4bc759abb --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_g_name.c @@ -0,0 +1,58 @@ +/* + * lib/krb5/keytab/srvtab/kts_g_name.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Get the name of the file containing a srvtab-based keytab. + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_get_name(context, id, name, len) + krb5_context context; + krb5_keytab id; + char *name; + int len; + /* + * This routine returns the name of the name of the file associated with + * this srvtab-based keytab. The name is prefixed with PREFIX:, so that + * trt will happen if the name is passed back to resolve. + */ +{ + memset(name, 0, len); + + if (len < strlen(id->ops->prefix)+2) + return(KRB5_KT_NAME_TOOLONG); + strcpy(name, id->ops->prefix); + name += strlen(id->ops->prefix); + name[0] = ':'; + name++; + len -= strlen(id->ops->prefix)+1; + + if (len < strlen(KTFILENAME(id)+1)) + return(KRB5_KT_NAME_TOOLONG); + strcpy(name, KTFILENAME(id)); + /* strcpy will NUL-terminate the destination */ + + return(0); +} diff --git a/src/lib/krb5/keytab/srvtab/kts_next.c b/src/lib/krb5/keytab/srvtab/kts_next.c new file mode 100644 index 000000000..db1b9a931 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_next.c @@ -0,0 +1,48 @@ +/* + * lib/krb5/keytab/srvtab/kts_next.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_ktsrvtab_get_next() + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_get_next(context, id, entry, cursor) + krb5_context context; + krb5_keytab id; + krb5_keytab_entry *entry; + krb5_kt_cursor *cursor; +{ + long *fileoff = (long *)*cursor; + krb5_keytab_entry cur_entry; + krb5_error_code kerror; + + if (fseek(KTFILEP(id), *fileoff, 0) == -1) + return KRB5_KT_END; + if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry))) + return kerror; + *fileoff = ftell(KTFILEP(id)); + *entry = cur_entry; + return 0; +} diff --git a/src/lib/krb5/keytab/srvtab/kts_ops.c b/src/lib/krb5/keytab/srvtab/kts_ops.c new file mode 100644 index 000000000..c63402102 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_ops.c @@ -0,0 +1,43 @@ +/* + * lib/krb5/keytab/srvtab/kts_ops.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_kts_ops + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +struct _krb5_kt_ops krb5_kts_ops = { + 0, + "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ + krb5_ktsrvtab_resolve, + krb5_ktsrvtab_get_name, + krb5_ktsrvtab_close, + krb5_ktsrvtab_get_entry, + krb5_ktsrvtab_start_seq_get, + krb5_ktsrvtab_get_next, + krb5_ktsrvtab_end_get, + 0, + 0, + 0 +}; diff --git a/src/lib/krb5/keytab/srvtab/kts_resolv.c b/src/lib/krb5/keytab/srvtab/kts_resolv.c new file mode 100644 index 000000000..76009bc19 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_resolv.c @@ -0,0 +1,69 @@ +/* + * lib/krb5/keytab/srvtab/kts_resolv.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * This is an implementation specific resolver. It returns a keytab id + * initialized with srvtab keytab routines. + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_resolve(context, name, id) + krb5_context context; + const char *name; + krb5_keytab *id; +{ + krb5_ktsrvtab_data *data; + FILE *fp; + + /* Make sure we can open the srvtab file for reading. */ + fp = fopen(name, "r"); + if (!fp) + return(errno); + fclose(fp); + + if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) + return(ENOMEM); + + (*id)->ops = &krb5_kts_ops; + data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data)); + if (data == NULL) { + krb5_xfree(*id); + return(ENOMEM); + } + + data->name = (char *)malloc(strlen(name) + 1); + if (data->name == NULL) { + krb5_xfree(data); + krb5_xfree(*id); + return(ENOMEM); + } + + (void) strcpy(data->name, name); + data->openf = 0; + + (*id)->data = (krb5_pointer)data; + (*id)->magic = KV5M_KEYTAB; + return(0); +} diff --git a/src/lib/krb5/keytab/srvtab/kts_ssget.c b/src/lib/krb5/keytab/srvtab/kts_ssget.c new file mode 100644 index 000000000..21b88ccc0 --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_ssget.c @@ -0,0 +1,50 @@ +/* + * lib/krb5/keytab/srvtab/kts_ssget.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_ktsrvtab_start_seq_get() + */ + +#include "k5-int.h" +#include "ktsrvtab.h" + +krb5_error_code +krb5_ktsrvtab_start_seq_get(context, id, cursorp) + krb5_context context; + krb5_keytab id; + krb5_kt_cursor *cursorp; +{ + krb5_error_code retval; + long *fileoff; + + if ((retval = krb5_ktsrvint_open(context, id))) + return retval; + + if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { + krb5_ktsrvint_close(context, id); + return ENOMEM; + } + *fileoff = ftell(KTFILEP(id)); + *cursorp = (krb5_kt_cursor)fileoff; + + return 0; +} diff --git a/src/lib/krb5/keytab/srvtab/kts_util.c b/src/lib/krb5/keytab/srvtab/kts_util.c new file mode 100644 index 000000000..7e7a4d04c --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/kts_util.c @@ -0,0 +1,149 @@ +/* + * lib/krb5/keytab/srvtab/kts_util.c + * + * Copyright (c) Hewlett-Packard Company 1991 + * Released to the Massachusetts Institute of Technology for inclusion + * in the Kerberos source code distribution. + * + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * This function contains utilities for the srvtab based implementation + * of the keytab. There are no public functions in this file. + */ + +#define NEED_SOCKETS +#include "krb5.h" +#include "k5-int.h" +#include + +#include "ktsrvtab.h" + +#ifdef ANSI_STDIO +#define READ_MODE "rb" +#else +#define READ_MODE "r" +#endif + +/* The maximum sizes for V4 aname, realm, sname, and instance +1 */ +/* Taken from krb.h */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 + +#ifndef HAVE_ERRNO +extern int errno; +#endif + +static krb5_error_code +read_field(fp, s, len) + FILE *fp; + char *s; + int len; +{ + int c, n = 0; + + while ((c = getc(fp)) != 0) { + if (c == EOF || len <= 1) + return KRB5_KT_END; + *s = c; + s++; + len--; + } + *s = 0; + return 0; +} + +krb5_error_code +krb5_ktsrvint_open(context, id) + krb5_context context; + krb5_keytab id; +{ + KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); + if (!KTFILEP(id)) + return errno; + return 0; +} + +krb5_error_code +krb5_ktsrvint_close(context, id) + krb5_context context; + krb5_keytab id; +{ + if (!KTFILEP(id)) + return 0; + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return 0; +} + +krb5_error_code +krb5_ktsrvint_read_entry(context, id, ret_entry) + krb5_context context; + krb5_keytab id; + krb5_keytab_entry *ret_entry; +{ + FILE *fp; + char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ]; + unsigned char key[8]; + int vno; + krb5_error_code kerror; + + /* Read in an entry from the srvtab file. */ + fp = KTFILEP(id); + kerror = read_field(fp, name, sizeof(name)); + if (kerror != 0) + return kerror; + kerror = read_field(fp, instance, sizeof(instance)); + if (kerror != 0) + return kerror; + kerror = read_field(fp, realm, sizeof(realm)); + if (kerror != 0) + return kerror; + vno = getc(fp); + if (vno == EOF) + return KRB5_KT_END; + if (fread(key, 1, sizeof(key), fp) != sizeof(key)) + return KRB5_KT_END; + + /* Fill in ret_entry with the data we read. Everything maps well + * except for the timestamp, which we don't have a value for. For + * now we just set it to 0. */ + memset(ret_entry, 0, sizeof(*ret_entry)); + ret_entry->magic = KV5M_KEYTAB_ENTRY; + kerror = krb5_425_conv_principal(context, name, instance, realm, + &ret_entry->principal); + if (kerror != 0) + return kerror; + ret_entry->vno = vno; + ret_entry->timestamp = 0; + ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC; + ret_entry->key.magic = KV5M_KEYBLOCK; + ret_entry->key.length = sizeof(key); + ret_entry->key.contents = malloc(sizeof(key)); + if (!ret_entry->key.contents) { + krb5_free_principal(context, ret_entry->principal); + return ENOMEM; + } + memcpy(ret_entry->key.contents, key, sizeof(key)); + + return 0; +} diff --git a/src/lib/krb5/keytab/srvtab/ktsrvtab.h b/src/lib/krb5/keytab/srvtab/ktsrvtab.h new file mode 100644 index 000000000..4c274e0ae --- /dev/null +++ b/src/lib/krb5/keytab/srvtab/ktsrvtab.h @@ -0,0 +1,114 @@ +/* + * lib/krb5/keytab/srvtab/ktsrvtab.h + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * This header file contains information needed by internal routines + * of the file-based ticket cache implementation. + */ + + +#ifndef KRB5_KTSRVTAB__ +#define KRB5_KTSRVTAB__ + +#include + +/* + * Constants + */ +#define IGNORE_VNO 0 +#define IGNORE_ENCTYPE 0 + +#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ +#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ + +#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO + +/* + * Types + */ +typedef struct _krb5_ktsrvtab_data { + char *name; /* Name of the file */ + FILE *openf; /* open file, if any. */ +} krb5_ktsrvtab_data; + +/* + * Macros + */ +#define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data) +#define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name) +#define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf) + +extern struct _krb5_kt_ops krb5_kts_ops; + +krb5_error_code krb5_ktsrvtab_resolve + PROTOTYPE((krb5_context, + const char *, + krb5_keytab *)); + +krb5_error_code krb5_ktsrvtab_get_name + PROTOTYPE((krb5_context, + krb5_keytab, + char *, + int)); + +krb5_error_code krb5_ktsrvtab_close + PROTOTYPE((krb5_context, + krb5_keytab)); + +krb5_error_code krb5_ktsrvtab_get_entry + PROTOTYPE((krb5_context, + krb5_keytab, + krb5_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *)); + +krb5_error_code krb5_ktsrvtab_start_seq_get + PROTOTYPE((krb5_context, + krb5_keytab, + krb5_kt_cursor *)); + +krb5_error_code krb5_ktsrvtab_get_next + PROTOTYPE((krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *)); + +krb5_error_code krb5_ktsrvtab_end_get + PROTOTYPE((krb5_context, + krb5_keytab, + krb5_kt_cursor *)); + +krb5_error_code krb5_ktsrvint_open + PROTOTYPE((krb5_context, + krb5_keytab)); + +krb5_error_code krb5_ktsrvint_close + PROTOTYPE((krb5_context, + krb5_keytab)); + +krb5_error_code krb5_ktsrvint_read_entry + PROTOTYPE((krb5_context, + krb5_keytab, + krb5_keytab_entry *)); + +#endif /* KRB5_KTSRVTAB__ */ -- 2.26.2