#include "k5-int.h"
#include "kdb.h"
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include <arpa/inet.h>
krb5_error_code
krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
krb5_context kcontext;
krb5_db_entry *dbentp;
krb5_int32 *start;
krb5_int32 ktype;
krb5_int32 stype;
krb5_int32 kvno;
krb5_key_data **kdatap;
{
int i, idx;
int maxkvno;
krb5_key_data *datap;
krb5_error_code ret;
ret = 0;
if (kvno == -1 && stype == -1 && ktype == -1)
kvno = 0;
if (kvno == 0) {
for (i = 0; i < dbentp->n_key_data; i++) {
if (kvno < dbentp->key_data[i].key_data_kvno) {
kvno = dbentp->key_data[i].key_data_kvno;
}
}
}
maxkvno = -1;
datap = (krb5_key_data *) NULL;
for (i = *start; i < dbentp->n_key_data; i++) {
krb5_boolean similar;
krb5_int32 db_stype;
ret = 0;
if (dbentp->key_data[i].key_data_ver > 1) {
db_stype = dbentp->key_data[i].key_data_type[1];
} else {
db_stype = KRB5_KDB_SALTTYPE_NORMAL;
}
if (!krb5_is_permitted_enctype(kcontext,
dbentp->key_data[i].key_data_type[0])) {
ret = KRB5_KDB_NO_PERMITTED_KEY;
continue;
}
if (ktype > 0) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
return(ret);
}
if (((ktype <= 0) || similar) &&
((db_stype == stype) || (stype < 0))) {
if (kvno >= 0) {
if (kvno == dbentp->key_data[i].key_data_kvno) {
datap = &dbentp->key_data[i];
idx = i;
maxkvno = kvno;
break;
}
} else {
if (dbentp->key_data[i].key_data_kvno > maxkvno) {
maxkvno = dbentp->key_data[i].key_data_kvno;
datap = &dbentp->key_data[i];
idx = i;
}
}
}
}
if (maxkvno < 0)
return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
*kdatap = datap;
*start = idx+1;
return 0;
}
#ifndef min
#define min(a,b) (((a) < (b)) ? (a) : (b))
#endif
krb5_error_code
krb5_def_store_mkey(context, keyfile, mname, key, master_pwd)
krb5_context context;
char *keyfile;
krb5_principal mname;
krb5_keyblock *key;
char *master_pwd;
{
FILE *kf;
krb5_error_code retval = 0;
krb5_ui_2 enctype;
unsigned long nl_length;
char defkeyfile[MAXPATHLEN+1];
krb5_data *realm = krb5_princ_realm(context, mname);
#if HAVE_UMASK
mode_t oumask;
#endif
if (!keyfile) {
(void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
(void) strncat(defkeyfile, realm->data,
min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
realm->length));
defkeyfile[sizeof(defkeyfile) - 1] = '\0';
keyfile = defkeyfile;
}
#if HAVE_UMASK
oumask = umask(077);
#endif
#ifdef ANSI_STDIO
if (!(kf = fopen(keyfile, "wb")))
#else
if (!(kf = fopen(keyfile, "w")))
#endif
{
int e = errno;
#if HAVE_UMASK
(void) umask(oumask);
#endif
krb5_set_error_message (context, e,
"%s accessing file '%s'",
error_message (e), keyfile);
return e;
}
enctype = htons(key->enctype);
nl_length = htonl(key->length);
if ((fwrite((krb5_pointer) &enctype,
2, 1, kf) != 1) ||
(fwrite((krb5_pointer) &nl_length,
sizeof(nl_length), 1, kf) != 1) ||
(fwrite((krb5_pointer) key->contents,
sizeof(key->contents[0]), (unsigned) key->length,
kf) != key->length)) {
retval = errno;
(void) fclose(kf);
}
if (fclose(kf) == EOF)
retval = errno;
#if HAVE_UMASK
(void) umask(oumask);
#endif
return retval;
}
krb5_error_code
krb5_db_def_fetch_mkey( krb5_context context,
krb5_principal mname,
krb5_keyblock *key,
int *kvno,
char *db_args)
{
krb5_error_code retval;
krb5_ui_2 enctype;
char defkeyfile[MAXPATHLEN+1];
krb5_data *realm = krb5_princ_realm(context, mname);
FILE *kf = NULL;
retval = 0;
key->magic = KV5M_KEYBLOCK;
(void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
(void) strncat(defkeyfile, realm->data,
min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
realm->length));
defkeyfile[sizeof(defkeyfile) - 1] = '\0';
#ifdef ANSI_STDIO
if (!(kf = fopen((db_args) ? db_args : defkeyfile, "rb")))
#else
if (!(kf = fopen((db_args) ? db_args : defkeyfile, "r")))
#endif
return KRB5_KDB_CANTREAD_STORED;
if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
retval = KRB5_KDB_CANTREAD_STORED;
goto errout;
}
enctype = ntohs(enctype);
if (key->enctype == ENCTYPE_UNKNOWN)
key->enctype = enctype;
else if (enctype != key->enctype) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
}
if (fread((krb5_pointer) &key->length,
sizeof(key->length), 1, kf) != 1) {
retval = KRB5_KDB_CANTREAD_STORED;
goto errout;
}
key->length = ntohl(key->length);
if (!key->length || ((int) key->length) < 0) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
}
if (!(key->contents = (krb5_octet *)malloc(key->length))) {
retval = ENOMEM;
goto errout;
}
if (fread((krb5_pointer) key->contents,
sizeof(key->contents[0]), key->length, kf)
!= key->length) {
retval = KRB5_KDB_CANTREAD_STORED;
memset(key->contents, 0, key->length);
free(key->contents);
key->contents = 0;
} else
retval = 0;
*kvno = 0;
errout:
(void) fclose(kf);
return retval;
}
krb5_error_code
krb5_def_verify_master_key(context, mprinc, mkey)
krb5_context context;
krb5_principal mprinc;
krb5_keyblock *mkey;
{
krb5_error_code retval;
krb5_db_entry master_entry;
int nprinc;
krb5_boolean more;
krb5_keyblock tempkey;
nprinc = 1;
if ((retval = krb5_db_get_principal(context, mprinc,
&master_entry, &nprinc, &more)))
return(retval);
if (nprinc != 1) {
if (nprinc)
krb5_db_free_principal(context, &master_entry, nprinc);
return(KRB5_KDB_NOMASTERKEY);
} else if (more) {
krb5_db_free_principal(context, &master_entry, nprinc);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
}
if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
&master_entry.key_data[0],
&tempkey, NULL))) {
krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
if (mkey->length != tempkey.length ||
memcmp((char *)mkey->contents,
(char *)tempkey.contents,mkey->length)) {
retval = KRB5_KDB_BADMASTERKEY;
}
memset((char *)tempkey.contents, 0, tempkey.length);
krb5_xfree(tempkey.contents);
krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
char *pwd,
krb5_keyblock *key )
{
return 0;
}
krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
krb5_keyblock **key )
{
return 0;
}
krb5_error_code krb5_def_promote_db (krb5_context kcontext,
char *s, char **args)
{
return KRB5_PLUGIN_OP_NOTSUPP;
}