hdb-keytab.c revision 1.1.1.1.6.1
1 1.1.1.1.6.1 snj /* $NetBSD: hdb-keytab.c,v 1.1.1.1.6.1 2017/08/30 07:10:58 snj Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1 elric * Copyright (c) 2009 Kungliga Tekniska Hgskolan 5 1.1 elric * (Royal Institute of Technology, Stockholm, Sweden). 6 1.1 elric * All rights reserved. 7 1.1 elric * 8 1.1 elric * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 9 1.1 elric * 10 1.1 elric * Redistribution and use in source and binary forms, with or without 11 1.1 elric * modification, are permitted provided that the following conditions 12 1.1 elric * are met: 13 1.1 elric * 14 1.1 elric * 1. Redistributions of source code must retain the above copyright 15 1.1 elric * notice, this list of conditions and the following disclaimer. 16 1.1 elric * 17 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 18 1.1 elric * notice, this list of conditions and the following disclaimer in the 19 1.1 elric * documentation and/or other materials provided with the distribution. 20 1.1 elric * 21 1.1 elric * 3. Neither the name of the Institute nor the names of its contributors 22 1.1 elric * may be used to endorse or promote products derived from this software 23 1.1 elric * without specific prior written permission. 24 1.1 elric * 25 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 26 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 29 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 1.1 elric * SUCH DAMAGE. 36 1.1 elric */ 37 1.1 elric 38 1.1 elric #include "hdb_locl.h" 39 1.1 elric #include <assert.h> 40 1.1 elric 41 1.1 elric typedef struct { 42 1.1 elric char *path; 43 1.1 elric krb5_keytab keytab; 44 1.1 elric } *hdb_keytab; 45 1.1 elric 46 1.1 elric /* 47 1.1 elric * 48 1.1 elric */ 49 1.1 elric 50 1.1 elric static krb5_error_code 51 1.1 elric hkt_close(krb5_context context, HDB *db) 52 1.1 elric { 53 1.1 elric hdb_keytab k = (hdb_keytab)db->hdb_db; 54 1.1 elric krb5_error_code ret; 55 1.1 elric 56 1.1 elric assert(k->keytab); 57 1.1 elric 58 1.1 elric ret = krb5_kt_close(context, k->keytab); 59 1.1 elric k->keytab = NULL; 60 1.1 elric 61 1.1 elric return ret; 62 1.1 elric } 63 1.1 elric 64 1.1 elric static krb5_error_code 65 1.1 elric hkt_destroy(krb5_context context, HDB *db) 66 1.1 elric { 67 1.1 elric hdb_keytab k = (hdb_keytab)db->hdb_db; 68 1.1 elric krb5_error_code ret; 69 1.1 elric 70 1.1 elric ret = hdb_clear_master_key (context, db); 71 1.1 elric 72 1.1 elric free(k->path); 73 1.1 elric free(k); 74 1.1 elric 75 1.1 elric free(db->hdb_name); 76 1.1 elric free(db); 77 1.1 elric return ret; 78 1.1 elric } 79 1.1 elric 80 1.1 elric static krb5_error_code 81 1.1 elric hkt_lock(krb5_context context, HDB *db, int operation) 82 1.1 elric { 83 1.1 elric return 0; 84 1.1 elric } 85 1.1 elric 86 1.1 elric static krb5_error_code 87 1.1 elric hkt_unlock(krb5_context context, HDB *db) 88 1.1 elric { 89 1.1 elric return 0; 90 1.1 elric } 91 1.1 elric 92 1.1 elric static krb5_error_code 93 1.1 elric hkt_firstkey(krb5_context context, HDB *db, 94 1.1 elric unsigned flags, hdb_entry_ex *entry) 95 1.1 elric { 96 1.1 elric return HDB_ERR_DB_INUSE; 97 1.1 elric } 98 1.1 elric 99 1.1 elric static krb5_error_code 100 1.1 elric hkt_nextkey(krb5_context context, HDB * db, unsigned flags, 101 1.1 elric hdb_entry_ex * entry) 102 1.1 elric { 103 1.1 elric return HDB_ERR_DB_INUSE; 104 1.1 elric } 105 1.1 elric 106 1.1 elric static krb5_error_code 107 1.1 elric hkt_open(krb5_context context, HDB * db, int flags, mode_t mode) 108 1.1 elric { 109 1.1 elric hdb_keytab k = (hdb_keytab)db->hdb_db; 110 1.1 elric krb5_error_code ret; 111 1.1 elric 112 1.1 elric assert(k->keytab == NULL); 113 1.1 elric 114 1.1 elric ret = krb5_kt_resolve(context, k->path, &k->keytab); 115 1.1 elric if (ret) 116 1.1 elric return ret; 117 1.1 elric 118 1.1 elric return 0; 119 1.1 elric } 120 1.1 elric 121 1.1 elric static krb5_error_code 122 1.1 elric hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, 123 1.1 elric unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry) 124 1.1 elric { 125 1.1 elric hdb_keytab k = (hdb_keytab)db->hdb_db; 126 1.1 elric krb5_error_code ret; 127 1.1 elric krb5_keytab_entry ktentry; 128 1.1 elric 129 1.1 elric if (!(flags & HDB_F_KVNO_SPECIFIED)) { 130 1.1 elric /* Preserve previous behaviour if no kvno specified */ 131 1.1 elric kvno = 0; 132 1.1 elric } 133 1.1 elric 134 1.1 elric memset(&ktentry, 0, sizeof(ktentry)); 135 1.1 elric 136 1.1 elric entry->entry.flags.server = 1; 137 1.1 elric entry->entry.flags.forwardable = 1; 138 1.1 elric entry->entry.flags.renewable = 1; 139 1.1 elric 140 1.1 elric /* Not recorded in the OD backend, make something up */ 141 1.1 elric ret = krb5_parse_name(context, "hdb/keytab@WELL-KNOWN:KEYTAB-BACKEND", 142 1.1 elric &entry->entry.created_by.principal); 143 1.1 elric if (ret) 144 1.1 elric goto out; 145 1.1 elric 146 1.1 elric /* 147 1.1 elric * XXX really needs to try all enctypes and just not pick the 148 1.1 elric * first one, even if that happens to be des3-cbc-sha1 (ie best 149 1.1 elric * enctype) in the Apple case. A while loop over all known 150 1.1 elric * enctypes should work. 151 1.1 elric */ 152 1.1 elric 153 1.1 elric ret = krb5_kt_get_entry(context, k->keytab, principal, kvno, 0, &ktentry); 154 1.1 elric if (ret) { 155 1.1 elric ret = HDB_ERR_NOENTRY; 156 1.1 elric goto out; 157 1.1 elric } 158 1.1 elric 159 1.1 elric ret = krb5_copy_principal(context, principal, &entry->entry.principal); 160 1.1 elric if (ret) 161 1.1 elric goto out; 162 1.1 elric 163 1.1 elric ret = _hdb_keytab2hdb_entry(context, &ktentry, entry); 164 1.1 elric 165 1.1 elric out: 166 1.1 elric if (ret) { 167 1.1 elric free_hdb_entry(&entry->entry); 168 1.1 elric memset(&entry->entry, 0, sizeof(entry->entry)); 169 1.1 elric } 170 1.1 elric krb5_kt_free_entry(context, &ktentry); 171 1.1 elric 172 1.1 elric return ret; 173 1.1 elric } 174 1.1 elric 175 1.1 elric static krb5_error_code 176 1.1 elric hkt_store(krb5_context context, HDB * db, unsigned flags, 177 1.1 elric hdb_entry_ex * entry) 178 1.1 elric { 179 1.1 elric return HDB_ERR_DB_INUSE; 180 1.1 elric } 181 1.1 elric 182 1.1 elric 183 1.1 elric krb5_error_code 184 1.1 elric hdb_keytab_create(krb5_context context, HDB ** db, const char *arg) 185 1.1 elric { 186 1.1 elric hdb_keytab k; 187 1.1 elric 188 1.1 elric *db = calloc(1, sizeof(**db)); 189 1.1 elric if (*db == NULL) { 190 1.1 elric krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); 191 1.1 elric return ENOMEM; 192 1.1 elric } 193 1.1 elric memset(*db, 0, sizeof(**db)); 194 1.1 elric 195 1.1 elric k = calloc(1, sizeof(*k)); 196 1.1 elric if (k == NULL) { 197 1.1 elric free(*db); 198 1.1 elric *db = NULL; 199 1.1 elric krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); 200 1.1 elric return ENOMEM; 201 1.1 elric } 202 1.1 elric 203 1.1 elric k->path = strdup(arg); 204 1.1 elric if (k->path == NULL) { 205 1.1 elric free(k); 206 1.1 elric free(*db); 207 1.1 elric *db = NULL; 208 1.1 elric krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); 209 1.1 elric return ENOMEM; 210 1.1 elric } 211 1.1.1.1.6.1 snj 212 1.1 elric 213 1.1 elric (*db)->hdb_db = k; 214 1.1 elric 215 1.1 elric (*db)->hdb_master_key_set = 0; 216 1.1 elric (*db)->hdb_openp = 0; 217 1.1 elric (*db)->hdb_open = hkt_open; 218 1.1 elric (*db)->hdb_close = hkt_close; 219 1.1 elric (*db)->hdb_fetch_kvno = hkt_fetch_kvno; 220 1.1 elric (*db)->hdb_store = hkt_store; 221 1.1 elric (*db)->hdb_remove = NULL; 222 1.1 elric (*db)->hdb_firstkey = hkt_firstkey; 223 1.1 elric (*db)->hdb_nextkey = hkt_nextkey; 224 1.1 elric (*db)->hdb_lock = hkt_lock; 225 1.1 elric (*db)->hdb_unlock = hkt_unlock; 226 1.1 elric (*db)->hdb_rename = NULL; 227 1.1 elric (*db)->hdb__get = NULL; 228 1.1 elric (*db)->hdb__put = NULL; 229 1.1 elric (*db)->hdb__del = NULL; 230 1.1 elric (*db)->hdb_destroy = hkt_destroy; 231 1.1 elric 232 1.1 elric return 0; 233 1.1 elric } 234
Indexes created Sat Feb 28 05:31:39 UTC 2026