Line data Source code
1 : /*
2 : * Copyright (c) 2009 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 : *
8 : * Redistribution and use in source and binary forms, with or without
9 : * modification, are permitted provided that the following conditions
10 : * are met:
11 : *
12 : * 1. Redistributions of source code must retain the above copyright
13 : * notice, this list of conditions and the following disclaimer.
14 : *
15 : * 2. Redistributions in binary form must reproduce the above copyright
16 : * notice, this list of conditions and the following disclaimer in the
17 : * documentation and/or other materials provided with the distribution.
18 : *
19 : * 3. Neither the name of the Institute nor the names of its contributors
20 : * may be used to endorse or promote products derived from this software
21 : * without specific prior written permission.
22 : *
23 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 : * SUCH DAMAGE.
34 : */
35 :
36 : #include "hdb_locl.h"
37 : #include <assert.h>
38 :
39 : typedef struct {
40 : char *path;
41 : krb5_keytab keytab;
42 : } *hdb_keytab;
43 :
44 : /*
45 : *
46 : */
47 :
48 : static krb5_error_code
49 0 : hkt_close(krb5_context context, HDB *db)
50 : {
51 0 : hdb_keytab k = (hdb_keytab)db->hdb_db;
52 0 : krb5_error_code ret;
53 :
54 0 : assert(k->keytab);
55 :
56 0 : ret = krb5_kt_close(context, k->keytab);
57 0 : k->keytab = NULL;
58 :
59 0 : return ret;
60 : }
61 :
62 : static krb5_error_code
63 0 : hkt_destroy(krb5_context context, HDB *db)
64 : {
65 0 : hdb_keytab k = (hdb_keytab)db->hdb_db;
66 0 : krb5_error_code ret;
67 :
68 0 : ret = hdb_clear_master_key(context, db);
69 0 : krb5_config_free_strings(db->virtual_hostbased_princ_svcs);
70 :
71 0 : free(k->path);
72 0 : free(k);
73 :
74 0 : free(db->hdb_name);
75 0 : free(db);
76 0 : return ret;
77 : }
78 :
79 : static krb5_error_code
80 0 : hkt_lock(krb5_context context, HDB *db, int operation)
81 : {
82 0 : return 0;
83 : }
84 :
85 : static krb5_error_code
86 0 : hkt_unlock(krb5_context context, HDB *db)
87 : {
88 0 : return 0;
89 : }
90 :
91 : static krb5_error_code
92 0 : hkt_firstkey(krb5_context context, HDB *db,
93 : unsigned flags, hdb_entry *entry)
94 : {
95 0 : return HDB_ERR_DB_INUSE;
96 : }
97 :
98 : static krb5_error_code
99 0 : hkt_nextkey(krb5_context context, HDB * db, unsigned flags,
100 : hdb_entry * entry)
101 : {
102 0 : return HDB_ERR_DB_INUSE;
103 : }
104 :
105 : static krb5_error_code
106 0 : hkt_open(krb5_context context, HDB * db, int flags, mode_t mode)
107 : {
108 0 : hdb_keytab k = (hdb_keytab)db->hdb_db;
109 0 : krb5_error_code ret;
110 :
111 0 : assert(k->keytab == NULL);
112 :
113 0 : ret = krb5_kt_resolve(context, k->path, &k->keytab);
114 0 : if (ret)
115 0 : return ret;
116 :
117 0 : return 0;
118 : }
119 :
120 : static krb5_error_code
121 0 : hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
122 : unsigned flags, krb5_kvno kvno, hdb_entry * entry)
123 : {
124 0 : hdb_keytab k = (hdb_keytab)db->hdb_db;
125 0 : krb5_error_code ret;
126 0 : krb5_keytab_entry ktentry;
127 :
128 0 : if (!(flags & HDB_F_KVNO_SPECIFIED)) {
129 : /* Preserve previous behaviour if no kvno specified */
130 0 : kvno = 0;
131 : }
132 :
133 0 : memset(&ktentry, 0, sizeof(ktentry));
134 :
135 0 : entry->flags.server = 1;
136 0 : entry->flags.forwardable = 1;
137 0 : entry->flags.renewable = 1;
138 :
139 : /* Not recorded in the OD backend, make something up */
140 0 : ret = krb5_parse_name(context, "hdb/keytab@WELL-KNOWN:KEYTAB-BACKEND",
141 0 : &entry->created_by.principal);
142 0 : if (ret)
143 0 : goto out;
144 :
145 : /*
146 : * XXX really needs to try all enctypes and just not pick the
147 : * first one, even if that happens to be des3-cbc-sha1 (ie best
148 : * enctype) in the Apple case. A while loop over all known
149 : * enctypes should work.
150 : */
151 :
152 0 : ret = krb5_kt_get_entry(context, k->keytab, principal, kvno, 0, &ktentry);
153 0 : if (ret) {
154 0 : ret = HDB_ERR_NOENTRY;
155 0 : goto out;
156 : }
157 :
158 0 : ret = krb5_copy_principal(context, principal, &entry->principal);
159 0 : if (ret)
160 0 : goto out;
161 :
162 0 : ret = _hdb_keytab2hdb_entry(context, &ktentry, entry);
163 :
164 0 : out:
165 0 : if (ret) {
166 0 : free_HDB_entry(entry);
167 0 : memset(entry, 0, sizeof(*entry));
168 : }
169 0 : krb5_kt_free_entry(context, &ktentry);
170 :
171 0 : return ret;
172 : }
173 :
174 : static krb5_error_code
175 0 : hkt_store(krb5_context context, HDB * db, unsigned flags,
176 : hdb_entry * entry)
177 : {
178 0 : return HDB_ERR_DB_INUSE;
179 : }
180 :
181 :
182 : krb5_error_code
183 0 : hdb_keytab_create(krb5_context context, HDB ** db, const char *arg)
184 : {
185 0 : hdb_keytab k;
186 :
187 0 : *db = calloc(1, sizeof(**db));
188 0 : if (*db == NULL) {
189 0 : krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
190 0 : return ENOMEM;
191 : }
192 0 : memset(*db, 0, sizeof(**db));
193 :
194 0 : k = calloc(1, sizeof(*k));
195 0 : if (k == NULL) {
196 0 : free(*db);
197 0 : *db = NULL;
198 0 : krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
199 0 : return ENOMEM;
200 : }
201 :
202 0 : k->path = strdup(arg);
203 0 : if (k->path == NULL) {
204 0 : free(k);
205 0 : free(*db);
206 0 : *db = NULL;
207 0 : krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
208 0 : return ENOMEM;
209 : }
210 :
211 :
212 0 : (*db)->hdb_db = k;
213 :
214 0 : (*db)->hdb_master_key_set = 0;
215 0 : (*db)->hdb_openp = 0;
216 0 : (*db)->hdb_open = hkt_open;
217 0 : (*db)->hdb_close = hkt_close;
218 0 : (*db)->hdb_fetch_kvno = hkt_fetch_kvno;
219 0 : (*db)->hdb_store = hkt_store;
220 0 : (*db)->hdb_remove = NULL;
221 0 : (*db)->hdb_firstkey = hkt_firstkey;
222 0 : (*db)->hdb_nextkey = hkt_nextkey;
223 0 : (*db)->hdb_lock = hkt_lock;
224 0 : (*db)->hdb_unlock = hkt_unlock;
225 0 : (*db)->hdb_rename = NULL;
226 0 : (*db)->hdb__get = NULL;
227 0 : (*db)->hdb__put = NULL;
228 0 : (*db)->hdb__del = NULL;
229 0 : (*db)->hdb_destroy = hkt_destroy;
230 :
231 0 : return 0;
232 : }
|
