2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright 1990,1991,1995,2007,2008 by the Massachusetts Institute of Technology. 2N/A * All Rights Reserved. 2N/A * Export of this software from the United States of America may 2N/A * require a specific license from the United States Government. 2N/A * It is the responsibility of any person or organization contemplating 2N/A * export to obtain such a license before exporting. 2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 2N/A * distribute this software and its documentation for any purpose and 2N/A * without fee is hereby granted, provided that the above copyright 2N/A * notice appear in all copies and that both that copyright notice and 2N/A * this permission notice appear in supporting documentation, and that 2N/A * the name of M.I.T. not be used in advertising or publicity pertaining 2N/A * to distribution of the software without specific, written prior 2N/A * permission. Furthermore if you modify this software you must label 2N/A * your software as modified software and not distribute it in such a 2N/A * fashion that it might be confused with the original M.I.T. software. 2N/A * M.I.T. makes no representations about the suitability of 2N/A * this software for any purpose. It is provided "as is" without express 2N/A * or implied warranty. 2N/A * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A/* Solaris Kerberos */ 2N/A * Information needed by internal routines of the file-based ticket 2N/A * cache implementation. 2N/A * If the file OPENF is left open between calls, we have an iterator 2N/A * active, and OPENF is opened in read-only mode. So, no changes 2N/A * can be made via that handle. 2N/A * An advisory file lock is used while the file is open. Thus, 2N/A * multiple handles on the same underlying file cannot be used without 2N/A * disrupting the locking in effect. 2N/A * The start_offset field is only valid if the file is open. It will 2N/A * almost certainly always be the same constant. It's used so that 2N/A * if an iterator is active, and we start another one, we don't have 2N/A * to seek back to the start and re-read the version number to set 2N/A * the position for the iterator. 2N/A/* Solaris Kerberos */ 2N/A/* routines to be included on extended version (write routines) */ 2N/A/* Solaris Kerberos */ 2N/A/* Solaris Kerberos */ 2N/A/* Solaris Kerberos */ 2N/A * This is an implementation specific resolver. It returns a keytab id 2N/A * initialized with file keytab routines. 2N/A * "Close" a file-based keytab and invalidate the id. This means 2N/A * free memory hidden in the structures. 2N/A * This routine is responsible for freeing all memory allocated 2N/A * for this keytab. There are no system resources that need 2N/A * to be freed nor are there any open files. 2N/A * This routine should undo anything done by krb5_ktfile_resolve(). 2N/A * This is the get_entry routine for the file based keytab implementation. 2N/A * It opens the keytab file, and either retrieves the entry or returns 2N/A /* Open the keyfile for reading */ 2N/A * For efficiency and simplicity, we'll use a while true that 2N/A * is exited with a break statement. 2N/A /* by the time this loop exits, it must either free cur_entry, 2N/A and copy new_entry there, or free new_entry. Otherwise, it 2N/A /* if the principal isn't the one requested, free new_entry 2N/A and continue to the next. */ 2N/A * Solaris Kerberos: MS Interop requires that case insensitive 2N/A * comparisons of service and host components are performed for key 2N/A * table lookup, etc. Only called if the private environment variable 2N/A * MS_INTEROP is defined. 2N/A /* if the enctype is not ignored and doesn't match, free new_entry 2N/A and continue to the next */ 2N/A * Coerce the enctype of the output keyblock in case we 2N/A * got an inexact match on the enctype. 2N/A /* if this is the first match, or if the new vno is 2N/A bigger, free the current and keep the new. Otherwise, 2N/A /* A 1.2.x keytab contains only the low 8 bits of the key 2N/A version number. Since it can be much bigger, and thus 2N/A the 8-bit value can wrap, we need some heuristics to 2N/A figure out the "highest" numbered key if some numbers 2N/A close to 255 and some near 0 are used. 2N/A If we have any keys with versions over 240, then assume 2N/A that all version numbers 0-127 refer to 256+N instead. 2N/A Not perfect, but maybe good enough? */ 2N/A /* if this kvno matches, free the current (will there ever 2N/A be one?), keep the new, and break out. Otherwise, remember 2N/A that we were here so we can return the right error, and 2N/A /* Yuck. The krb5-1.2.x keytab format only stores one byte 2N/A for the kvno, so we're toast if the kvno requested is 2N/A higher than that. Short-term workaround: only compare 2N/A * Get the name of the file containing a file-based keytab. 2N/A * This routine returns the name of the name of the file associated with 2N/A * this file-based keytab. name is zeroed and the filename is truncated 2N/A * to fit in name if necessary. The name is prefixed with PREFIX:, so that 2N/A * trt will happen if the name is passed back to resolve. 2N/A * krb5_ktfile_start_seq_get() 2N/A "Too many keytab iterators active");
2N/A * krb5_ktfile_get_next() 2N/A * krb5_ktfile_end_get() 2N/A * ser_ktf.c - Serialize keytab file context for subsequent reopen. 2N/A * Routines to deal with externalizing krb5_keytab for [WR]FILE: variants. 2N/A * krb5_ktf_keytab_size(); 2N/A * krb5_ktf_keytab_externalize(); 2N/A * krb5_ktf_keytab_internalize(); 2N/A * Serialization entry for this type. 2N/A * krb5_ktf_keytab_size() - Determine the size required to externalize 2N/A * this krb5_keytab variant. 2N/A * Saving FILE: variants of krb5_keytab requires at minimum: 2N/A * krb5_int32 for KV5M_KEYTAB 2N/A * krb5_int32 for length of keytab name. 2N/A * krb5_int32 for file status. 2N/A * krb5_int32 for file position. 2N/A * krb5_int32 for file position. 2N/A * krb5_int32 for version. 2N/A * krb5_int32 for KV5M_KEYTAB 2N/A * The keytab name is formed as follows: 2N/A * If there's no name, we use a default name so that we have something 2N/A * to call krb5_keytab_resolve with. 2N/A * krb5_ktf_keytab_externalize() - Externalize the krb5_keytab. 2N/A /* Our identifier */ 2N/A /* Calculate the length of the name */ 2N/A /* Fill in the file-specific keytab information. */ 2N/A /* Put the length of the file name */ 2N/A /* Put the file open flag */ 2N/A /* Put the file position */ 2N/A /* Put the version */ 2N/A /* Put the trailer */ 2N/A * krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab. 2N/A /* Read our magic number */ 2N/A /* Read the keytab name */ 2N/A /* Resolve the keytab. */ 2N/A * This is an implementation specific resolver. It returns a keytab id 2N/A * initialized with file keytab routines. 2N/A /* Iterator(s) active -- no changes. */ 2N/A "Cannot change keytab with keytab iterators active");
2N/A * krb5_ktfile_remove() 2N/A /* Iterator(s) active -- no changes. */ 2N/A "Cannot change keytab with keytab iterators active");
2N/A * For efficiency and simplicity, we'll use a while true that 2N/A * is exited with a break statement. 2N/A "FILE",
/* Prefix -- this string should not appear anywhere else! */ 2N/A * krb5_ktf_writable_ops 2N/A "WRFILE",
/* Prefix -- this string should not appear anywhere else! */ 2N/A "FILE",
/* Prefix -- this string should not appear anywhere else! */ 2N/A * Copyright (c) Hewlett-Packard Company 1991 2N/A * Released to the Massachusetts Institute of Technology for inclusion 2N/A * in the Kerberos source code distribution. 2N/A * Copyright 1990,1991 by the Massachusetts Institute of Technology. 2N/A * All Rights Reserved. 2N/A * Export of this software from the United States of America may 2N/A * require a specific license from the United States Government. 2N/A * It is the responsibility of any person or organization contemplating 2N/A * export to obtain such a license before exporting. 2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 2N/A * distribute this software and its documentation for any purpose and 2N/A * without fee is hereby granted, provided that the above copyright 2N/A * notice appear in all copies and that both that copyright notice and 2N/A * this permission notice appear in supporting documentation, and that 2N/A * the name of M.I.T. not be used in advertising or publicity pertaining 2N/A * to distribution of the software without specific, written prior 2N/A * permission. Furthermore if you modify this software you must label 2N/A * your software as modified software and not distribute it in such a 2N/A * fashion that it might be confused with the original M.I.T. software. 2N/A * M.I.T. makes no representations about the suitability of 2N/A * this software for any purpose. It is provided "as is" without express 2N/A * or implied warranty. 2N/A * This function contains utilities for the file based implementation of 2N/A * the keytab. There are no public functions in this file. 2N/A * This file is the only one that has knowledge of the format of a 2N/A * The format is as follows: 2N/A * principal timestamp vno key 2N/A * principal timestamp vno key 2N/A * A length field (sizeof(krb5_int32)) exists between entries. When this 2N/A * length is positive it indicates an active entry, when negative a hole. 2N/A * The length indicates the size of the block in the file (this may be 2N/A * larger than the size of the next record, since we are using a first 2N/A * fit algorithm for re-using holes and the first fit may be larger than 2N/A * the entry we are writing). Another (compatible) implementation could 2N/A * break up holes when allocating them to smaller entries to minimize 2N/A * wasted space. (Such an implementation should also coalesce adjacent 2N/A * holes to reduce fragmentation). This implementation does neither. 2N/A * There are no separators between fields of an entry. 2N/A * A principal is a length-encoded array of length-encoded strings. The 2N/A * length is a krb5_int16 in each case. The specific format, then, is 2N/A * multiple entries concatinated with no separators. An entry has this 2N/A * sizeof(krb5_int16) bytes for number of components in the principal; 2N/A * then, each component listed in ordser. 2N/A * For each component, sizeof(krb5_int16) bytes for the number of bytes 2N/A * in the component, followed by the component. 2N/A * sizeof(krb5_int32) for the principal type (for KEYTAB V2 and higher) 2N/A * sizeof(krb5_int32) bytes for the timestamp 2N/A * sizeof(krb5_octet) bytes for the key version number 2N/A * sizeof(krb5_int16) bytes for the enctype 2N/A * sizeof(krb5_int32) bytes for the key length, followed by the key 2N/A/* Solaris Kerberos */ 2N/A/* Solaris Kerberos */ 2N/A /* try making it first time around */ 2N/A /* Solaris Kerberos - added dgettext */ 2N/A "Key table file '%s' not found"),
2N/A /* assume ANSI or BSD-style stdio */ 2N/A /* get the vno and verify it */ 2N/A /* gotta verify it instead... */ 2N/A/* Solaris Kerberos */ 2N/A/* Solaris Kerberos */ 2N/A /* fseek to synchronise buffered I/O on the key table. */ 2N/A /* deal with guts of parsing... */ 2N/A /* first, int16 with #princ components */ 2N/A count -=
1;
/* V1 includes the realm in the count */ 2N/A /* Now, get the realm data */ 2N/A /* termination... ``Be conservative in */ 2N/A /* what you send out'' */ 2N/A /* Solaris Kerberos - Allow for empty components */ 2N/A /* read in the principal type, if we can get it */ 2N/A /* read in the timestamp */ 2N/A /* read in the version number */ 2N/A * Reposition file pointer to the next inter-record length field. 2N/A/* Solaris Kerberos */ 2N/A /* fseek to synchronise buffered I/O on the key table. */ 2N/A /* XXX Without the weird setbuf crock, can we get rid of this now? */ 2N/A /* Solaris Kerberos - Allow for empty components */ 2N/A * Write out the principal type 2N/A * Fill in the time of day the entry was written to the keytab. 2N/A /* key version number */ 2N/A * Determine the size needed for a file entry for the given 2N/A * Find and reserve a slot in the file for an entry of the needed size. 2N/A * The commit point will be set to the position in the file where the 2N/A * the length (sizeof(krb5_int32) bytes) of this node should be written 2N/A * when commiting the write. The file position left as a result of this 2N/A * call is the position where the actual data should be written. 2N/A * The size_needed argument may be adjusted if we find a hole that is 2N/A * larger than the size needed. (Recall that size_needed will be used 2N/A * to commit the write, but that this field must indicate the size of the 2N/A * block in the file rather than the size of the actual entry) 2N/A * 183 resync - major changes from MIT so not merging in our changes. 2N/A /* Skip over file version number. */ 2N/A /* Hit the end of file, reserve this slot. */ 2N/A /* Necessary to avoid a later fseek failing on Solaris 10. */ 2N/A /* htonl(0) is 0, so no need to worry about byte order */ 2N/A /* Non-empty record; seek past it. */ 2N/A /* Empty record; use if it's big enough, seek past otherwise. */ 2N/A /* Empty record at end of file; use it. */ 2N/A /* Ensure the new record will be followed by another 0. */ 2N/A /* htonl(0) is 0, so no need to worry about byte order */ 2N/A#
endif /* LEAN_CLIENT */