krb5/kdb/kdb_default.c

54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Use is subject to license terms.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#pragma ident   "%Z%%M% %I% %E% SMI"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * lib/kdb/kdb_helper.c
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright 1995 by the Massachusetts Institute of Technology.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * All Rights Reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Export of this software from the United States of America may
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   require a specific license from the United States Government.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   It is the responsibility of any person or organization contemplating
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   export to obtain such a license before exporting.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * distribute this software and its documentation for any purpose and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * without fee is hereby granted, provided that the above copyright
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * notice appear in all copies and that both that copyright notice and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this permission notice appear in supporting documentation, and that
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * the name of M.I.T. not be used in advertising or publicity pertaining
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * to distribution of the software without specific, written prior
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * permission.  Furthermore if you modify this software you must label
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * your software as modified software and not distribute it in such a
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * fashion that it might be confused with the original M.I.T. software.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * M.I.T. makes no representations about the suitability of
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this software for any purpose.  It is provided "as is" without express
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * or implied warranty.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "k5-int.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "kdb.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include <string.h>
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include <stdio.h>
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include <errno.h>
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include <libintl.h>
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Given a particular enctype and optional salttype and kvno, find the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * most appropriate krb5_key_data entry of the database entry.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * If stype or kvno is negative, it is ignored.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * If kvno is 0 get the key which is maxkvno for the princ and matches
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * the other attributes.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context    kcontext;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry   *dbentp;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_int32      *start;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_int32      ktype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_int32      stype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_int32      kvno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_key_data   **kdatap;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int         i, idx;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int         maxkvno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_key_data   *datap;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code ret;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ret = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (kvno == -1 && stype == -1 && ktype == -1)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    kvno = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (kvno == 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Get the max key version */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (i = 0; i < dbentp->n_key_data; i++) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (kvno < dbentp->key_data[i].key_data_kvno) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        kvno = dbentp->key_data[i].key_data_kvno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    maxkvno = -1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    datap = (krb5_key_data *) NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (i = *start; i < dbentp->n_key_data; i++) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        krb5_boolean    similar;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        krb5_int32      db_stype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ret = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (dbentp->key_data[i].key_data_ver > 1) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        db_stype = dbentp->key_data[i].key_data_type[1];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        db_stype = KRB5_KDB_SALTTYPE_NORMAL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf     * Filter out non-permitted enctypes.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf     */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!krb5_is_permitted_enctype(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                       dbentp->key_data[i].key_data_type[0])) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        ret = KRB5_KDB_NO_PERMITTED_KEY;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        continue;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (ktype > 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                          dbentp->key_data[i].key_data_type[0],
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                          &similar)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        return(ret);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (((ktype <= 0) || similar) &&
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        ((db_stype == stype) || (stype < 0))) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (kvno >= 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (kvno == dbentp->key_data[i].key_data_kvno) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            datap = &dbentp->key_data[i];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            idx = i;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            maxkvno = kvno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            break;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (dbentp->key_data[i].key_data_kvno > maxkvno) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            maxkvno = dbentp->key_data[i].key_data_kvno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            datap = &dbentp->key_data[i];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            idx = i;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (maxkvno < 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    *kdatap = datap;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    *start = idx+1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *  kdb default functions. Ideally, some other file should have this functions. For now, TBD.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#ifndef min
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define min(a,b) (((a) < (b)) ? (a) : (b))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_def_store_mkey(context, keyfile, mname, key, master_pwd)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char *keyfile;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_principal mname;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_keyblock *key;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char *master_pwd;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    FILE *kf;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code retval = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ui_2 enctype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char defkeyfile[MAXPATHLEN+1];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_data *realm = krb5_princ_realm(context, mname);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if HAVE_UMASK
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    mode_t oumask;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!keyfile) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) strncat(defkeyfile, realm->data,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf               min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf               realm->length));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    defkeyfile[sizeof(defkeyfile) - 1] = '\0';
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    keyfile = defkeyfile;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if HAVE_UMASK
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    oumask = umask(077);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#ifdef ANSI_STDIO
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Solaris Kerberos: using F to deal with 256 open file limit */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!(kf = fopen(keyfile, "wbF")))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#else
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!(kf = fopen(keyfile, "wF")))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int e = errno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if HAVE_UMASK
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) umask(oumask);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_set_error_message (context, e,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                gettext("%s accessing file '%s'"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                error_message (e), keyfile);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return e;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    enctype = key->enctype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((fwrite((krb5_pointer) &enctype,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        2, 1, kf) != 1) ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (fwrite((krb5_pointer) &key->length,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        sizeof(key->length), 1, kf) != 1) ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (fwrite((krb5_pointer) key->contents,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        sizeof(key->contents[0]), (unsigned) key->length,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        kf) != key->length)) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = errno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) fclose(kf);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (fclose(kf) == EOF)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = errno;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if HAVE_UMASK
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) umask(oumask);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_def_fetch_mkey( krb5_context   context,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            krb5_principal mname,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            krb5_keyblock *key,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            int           *kvno,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            char          *db_args)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ui_2 enctype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char defkeyfile[MAXPATHLEN+1];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_data *realm = krb5_princ_realm(context, mname);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    FILE *kf = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    key->magic = KV5M_KEYBLOCK;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) strncat(defkeyfile, realm->data,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf           min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf               realm->length));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    defkeyfile[sizeof(defkeyfile) - 1] = '\0';
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#ifdef ANSI_STDIO
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Solaris Kerberos: using F to deal with 256 open file limit */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!(kf = fopen((db_args) ? db_args : defkeyfile, "rbF")))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#else
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!(kf = fopen((db_args) ? db_args : defkeyfile, "rF")))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return KRB5_KDB_CANTREAD_STORED;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_CANTREAD_STORED;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto errout;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (key->enctype == ENCTYPE_UNKNOWN)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    key->enctype = enctype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    else if (enctype != key->enctype) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_BADSTORED_MKEY;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto errout;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (fread((krb5_pointer) &key->length,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf          sizeof(key->length), 1, kf) != 1) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_CANTREAD_STORED;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto errout;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!key->length || ((int) key->length) < 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_BADSTORED_MKEY;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto errout;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!(key->contents = (krb5_octet *)malloc(key->length))) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto errout;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (fread((krb5_pointer) key->contents,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf          sizeof(key->contents[0]), key->length, kf)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    != key->length) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_CANTREAD_STORED;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(key->contents, 0,  key->length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(key->contents);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    key->contents = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    *kvno = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf errout:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    (void) fclose(kf);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_def_verify_master_key(context, mprinc, mkey)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_principal mprinc;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_keyblock *mkey;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry master_entry;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int nprinc;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_boolean more;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_keyblock tempkey;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    nprinc = 1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((retval = krb5_db_get_principal(context, mprinc,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                    &master_entry, &nprinc, &more)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return(retval);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (nprinc != 1) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (nprinc)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        krb5_db_free_principal(context, &master_entry, nprinc);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return(KRB5_KDB_NOMASTERKEY);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else if (more) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_free_principal(context, &master_entry, nprinc);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                          &master_entry.key_data[0],
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                          &tempkey, NULL))) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_free_principal(context, &master_entry, nprinc);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (mkey->length != tempkey.length ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memcmp((char *)mkey->contents,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf           (char *)tempkey.contents,mkey->length)) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    retval = KRB5_KDB_BADMASTERKEY;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset((char *)tempkey.contents, 0, tempkey.length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_xfree(tempkey.contents);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_free_principal(context, &master_entry, nprinc);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return retval;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                   char *pwd,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                   krb5_keyblock *key )
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* printf("default set master key\n"); */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                   krb5_keyblock **key )
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* printf("default get master key\n"); */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code krb5_def_promote_db (krb5_context kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     char *s, char **args)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* printf("default promote_db\n"); */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return KRB5_PLUGIN_OP_NOTSUPP;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}