2 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
35 #include "store-int.h"
37 RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $");
39 #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
40 #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
41 #define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
42 #define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
43 krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
45 void KRB5_LIB_FUNCTION
46 krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
51 void KRB5_LIB_FUNCTION
52 krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
57 krb5_boolean KRB5_LIB_FUNCTION
58 krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
60 return (sp->flags & flags) == flags;
63 void KRB5_LIB_FUNCTION
64 krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
66 sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
67 sp->flags |= byteorder;
70 krb5_flags KRB5_LIB_FUNCTION
71 krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
73 return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
76 off_t KRB5_LIB_FUNCTION
77 krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
79 return (*sp->seek)(sp, offset, whence);
82 krb5_ssize_t KRB5_LIB_FUNCTION
83 krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
85 return sp->fetch(sp, buf, len);
88 krb5_ssize_t KRB5_LIB_FUNCTION
89 krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
91 return sp->store(sp, buf, len);
94 void KRB5_LIB_FUNCTION
95 krb5_storage_set_eof_code(krb5_storage *sp, int code)
100 krb5_ssize_t KRB5_LIB_FUNCTION
101 _krb5_put_int(void *buffer, unsigned long value, size_t size)
103 unsigned char *p = buffer;
105 for (i = size - 1; i >= 0; i--) {
112 krb5_ssize_t KRB5_LIB_FUNCTION
113 _krb5_get_int(void *buffer, unsigned long *value, size_t size)
115 unsigned char *p = buffer;
118 for (i = 0; i < size; i++)
124 krb5_error_code KRB5_LIB_FUNCTION
125 krb5_storage_free(krb5_storage *sp)
134 krb5_error_code KRB5_LIB_FUNCTION
135 krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
141 pos = sp->seek(sp, 0, SEEK_CUR);
142 size = (size_t)sp->seek(sp, 0, SEEK_END);
143 ret = krb5_data_alloc (data, size);
145 sp->seek(sp, pos, SEEK_SET);
149 sp->seek(sp, 0, SEEK_SET);
150 sp->fetch(sp, data->data, data->length);
151 sp->seek(sp, pos, SEEK_SET);
156 static krb5_error_code
157 krb5_store_int(krb5_storage *sp,
166 _krb5_put_int(v, value, len);
167 ret = sp->store(sp, v, len);
169 return (ret<0)?errno:sp->eof_code;
173 krb5_error_code KRB5_LIB_FUNCTION
174 krb5_store_int32(krb5_storage *sp,
177 if(BYTEORDER_IS_HOST(sp))
178 value = htonl(value);
179 else if(BYTEORDER_IS_LE(sp))
180 value = bswap32(value);
181 return krb5_store_int(sp, value, 4);
184 krb5_error_code KRB5_LIB_FUNCTION
185 krb5_store_uint32(krb5_storage *sp,
188 return krb5_store_int32(sp, (int32_t)value);
191 static krb5_error_code
192 krb5_ret_int(krb5_storage *sp,
199 ret = sp->fetch(sp, v, len);
201 return (ret<0)?errno:sp->eof_code;
202 _krb5_get_int(v, &w, len);
207 krb5_error_code KRB5_LIB_FUNCTION
208 krb5_ret_int32(krb5_storage *sp,
211 krb5_error_code ret = krb5_ret_int(sp, value, 4);
214 if(BYTEORDER_IS_HOST(sp))
215 *value = htonl(*value);
216 else if(BYTEORDER_IS_LE(sp))
217 *value = bswap32(*value);
221 krb5_error_code KRB5_LIB_FUNCTION
222 krb5_ret_uint32(krb5_storage *sp,
228 ret = krb5_ret_int32(sp, &v);
230 *value = (uint32_t)v;
235 krb5_error_code KRB5_LIB_FUNCTION
236 krb5_store_int16(krb5_storage *sp,
239 if(BYTEORDER_IS_HOST(sp))
240 value = htons(value);
241 else if(BYTEORDER_IS_LE(sp))
242 value = bswap16(value);
243 return krb5_store_int(sp, value, 2);
246 krb5_error_code KRB5_LIB_FUNCTION
247 krb5_store_uint16(krb5_storage *sp,
250 return krb5_store_int16(sp, (int16_t)value);
253 krb5_error_code KRB5_LIB_FUNCTION
254 krb5_ret_int16(krb5_storage *sp,
259 ret = krb5_ret_int(sp, &v, 2);
263 if(BYTEORDER_IS_HOST(sp))
264 *value = htons(*value);
265 else if(BYTEORDER_IS_LE(sp))
266 *value = bswap16(*value);
270 krb5_error_code KRB5_LIB_FUNCTION
271 krb5_ret_uint16(krb5_storage *sp,
277 ret = krb5_ret_int16(sp, &v);
279 *value = (uint16_t)v;
284 krb5_error_code KRB5_LIB_FUNCTION
285 krb5_store_int8(krb5_storage *sp,
290 ret = sp->store(sp, &value, sizeof(value));
291 if (ret != sizeof(value))
292 return (ret<0)?errno:sp->eof_code;
296 krb5_error_code KRB5_LIB_FUNCTION
297 krb5_store_uint8(krb5_storage *sp,
300 return krb5_store_int8(sp, (int8_t)value);
303 krb5_error_code KRB5_LIB_FUNCTION
304 krb5_ret_int8(krb5_storage *sp,
309 ret = sp->fetch(sp, value, sizeof(*value));
310 if (ret != sizeof(*value))
311 return (ret<0)?errno:sp->eof_code;
315 krb5_error_code KRB5_LIB_FUNCTION
316 krb5_ret_uint8(krb5_storage *sp,
322 ret = krb5_ret_int8(sp, &v);
329 krb5_error_code KRB5_LIB_FUNCTION
330 krb5_store_data(krb5_storage *sp,
334 ret = krb5_store_int32(sp, data.length);
337 ret = sp->store(sp, data.data, data.length);
338 if(ret != data.length){
346 krb5_error_code KRB5_LIB_FUNCTION
347 krb5_ret_data(krb5_storage *sp,
353 ret = krb5_ret_int32(sp, &size);
356 ret = krb5_data_alloc (data, size);
360 ret = sp->fetch(sp, data->data, size);
362 return (ret < 0)? errno : sp->eof_code;
367 krb5_error_code KRB5_LIB_FUNCTION
368 krb5_store_string(krb5_storage *sp, const char *s)
371 data.length = strlen(s);
372 data.data = rk_UNCONST(s);
373 return krb5_store_data(sp, data);
376 krb5_error_code KRB5_LIB_FUNCTION
377 krb5_ret_string(krb5_storage *sp,
382 ret = krb5_ret_data(sp, &data);
385 *string = realloc(data.data, data.length + 1);
390 (*string)[data.length] = 0;
394 krb5_error_code KRB5_LIB_FUNCTION
395 krb5_store_stringz(krb5_storage *sp, const char *s)
397 size_t len = strlen(s) + 1;
400 ret = sp->store(sp, s, len);
410 krb5_error_code KRB5_LIB_FUNCTION
411 krb5_ret_stringz(krb5_storage *sp,
419 while((ret = sp->fetch(sp, &c, 1)) == 1){
423 tmp = realloc (s, len);
443 krb5_error_code KRB5_LIB_FUNCTION
444 krb5_store_stringnl(krb5_storage *sp, const char *s)
446 size_t len = strlen(s);
449 ret = sp->store(sp, s, len);
456 ret = sp->store(sp, "\n", 1);
468 krb5_error_code KRB5_LIB_FUNCTION
469 krb5_ret_stringnl(krb5_storage *sp,
478 while((ret = sp->fetch(sp, &c, 1)) == 1){
485 if (expect_nl && c != '\n') {
487 return KRB5_BADMSGTYPE;
491 tmp = realloc (s, len);
514 krb5_error_code KRB5_LIB_FUNCTION
515 krb5_store_principal(krb5_storage *sp,
516 krb5_const_principal p)
521 if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
522 ret = krb5_store_int32(sp, p->name.name_type);
525 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
526 ret = krb5_store_int32(sp, p->name.name_string.len + 1);
528 ret = krb5_store_int32(sp, p->name.name_string.len);
531 ret = krb5_store_string(sp, p->realm);
533 for(i = 0; i < p->name.name_string.len; i++){
534 ret = krb5_store_string(sp, p->name.name_string.val[i]);
540 krb5_error_code KRB5_LIB_FUNCTION
541 krb5_ret_principal(krb5_storage *sp,
542 krb5_principal *princ)
550 p = calloc(1, sizeof(*p));
554 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
555 type = KRB5_NT_UNKNOWN;
556 else if((ret = krb5_ret_int32(sp, &type))){
560 if((ret = krb5_ret_int32(sp, &ncomp))){
564 if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
570 p->name.name_type = type;
571 p->name.name_string.len = ncomp;
572 ret = krb5_ret_string(sp, &p->realm);
577 p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
578 if(p->name.name_string.val == NULL && ncomp != 0){
583 for(i = 0; i < ncomp; i++){
584 ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
587 free(p->name.name_string.val[i--]);
597 krb5_error_code KRB5_LIB_FUNCTION
598 krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
601 ret = krb5_store_int16(sp, p.keytype);
604 if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
605 /* this should really be enctype, but it is the same as
607 ret = krb5_store_int16(sp, p.keytype);
611 ret = krb5_store_data(sp, p.keyvalue);
615 krb5_error_code KRB5_LIB_FUNCTION
616 krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
621 ret = krb5_ret_int16(sp, &tmp);
625 if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
626 ret = krb5_ret_int16(sp, &tmp);
630 ret = krb5_ret_data(sp, &p->keyvalue);
634 krb5_error_code KRB5_LIB_FUNCTION
635 krb5_store_times(krb5_storage *sp, krb5_times times)
638 ret = krb5_store_int32(sp, times.authtime);
640 ret = krb5_store_int32(sp, times.starttime);
642 ret = krb5_store_int32(sp, times.endtime);
644 ret = krb5_store_int32(sp, times.renew_till);
648 krb5_error_code KRB5_LIB_FUNCTION
649 krb5_ret_times(krb5_storage *sp, krb5_times *times)
653 ret = krb5_ret_int32(sp, &tmp);
654 times->authtime = tmp;
656 ret = krb5_ret_int32(sp, &tmp);
657 times->starttime = tmp;
659 ret = krb5_ret_int32(sp, &tmp);
660 times->endtime = tmp;
662 ret = krb5_ret_int32(sp, &tmp);
663 times->renew_till = tmp;
667 krb5_error_code KRB5_LIB_FUNCTION
668 krb5_store_address(krb5_storage *sp, krb5_address p)
671 ret = krb5_store_int16(sp, p.addr_type);
673 ret = krb5_store_data(sp, p.address);
677 krb5_error_code KRB5_LIB_FUNCTION
678 krb5_ret_address(krb5_storage *sp, krb5_address *adr)
682 ret = krb5_ret_int16(sp, &t);
685 ret = krb5_ret_data(sp, &adr->address);
689 krb5_error_code KRB5_LIB_FUNCTION
690 krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
694 ret = krb5_store_int32(sp, p.len);
696 for(i = 0; i<p.len; i++){
697 ret = krb5_store_address(sp, p.val[i]);
703 krb5_error_code KRB5_LIB_FUNCTION
704 krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
710 ret = krb5_ret_int32(sp, &tmp);
713 ALLOC(adr->val, adr->len);
714 if (adr->val == NULL && adr->len != 0)
716 for(i = 0; i < adr->len; i++){
717 ret = krb5_ret_address(sp, &adr->val[i]);
723 krb5_error_code KRB5_LIB_FUNCTION
724 krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
728 ret = krb5_store_int32(sp, auth.len);
730 for(i = 0; i < auth.len; i++){
731 ret = krb5_store_int16(sp, auth.val[i].ad_type);
733 ret = krb5_store_data(sp, auth.val[i].ad_data);
739 krb5_error_code KRB5_LIB_FUNCTION
740 krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
746 ret = krb5_ret_int32(sp, &tmp);
748 ALLOC_SEQ(auth, tmp);
749 if (auth->val == NULL && tmp != 0)
751 for(i = 0; i < tmp; i++){
752 ret = krb5_ret_int16(sp, &tmp2);
754 auth->val[i].ad_type = tmp2;
755 ret = krb5_ret_data(sp, &auth->val[i].ad_data);
766 for (i = 0; i < 32; i++) {
767 r = r << 1 | (b & 1);
778 krb5_error_code KRB5_LIB_FUNCTION
779 krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
783 ret = krb5_store_principal(sp, creds->client);
786 ret = krb5_store_principal(sp, creds->server);
789 ret = krb5_store_keyblock(sp, creds->session);
792 ret = krb5_store_times(sp, creds->times);
795 ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
799 if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
800 ret = krb5_store_int32(sp, creds->flags.i);
802 ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
806 ret = krb5_store_addrs(sp, creds->addresses);
809 ret = krb5_store_authdata(sp, creds->authdata);
812 ret = krb5_store_data(sp, creds->ticket);
815 ret = krb5_store_data(sp, creds->second_ticket);
819 krb5_error_code KRB5_LIB_FUNCTION
820 krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
826 memset(creds, 0, sizeof(*creds));
827 ret = krb5_ret_principal (sp, &creds->client);
828 if(ret) goto cleanup;
829 ret = krb5_ret_principal (sp, &creds->server);
830 if(ret) goto cleanup;
831 ret = krb5_ret_keyblock (sp, &creds->session);
832 if(ret) goto cleanup;
833 ret = krb5_ret_times (sp, &creds->times);
834 if(ret) goto cleanup;
835 ret = krb5_ret_int8 (sp, &dummy8);
836 if(ret) goto cleanup;
837 ret = krb5_ret_int32 (sp, &dummy32);
838 if(ret) goto cleanup;
840 * Runtime detect the what is the higher bits of the bitfield. If
841 * any of the higher bits are set in the input data, it's either a
842 * new ticket flag (and this code need to be removed), or it's a
843 * MIT cache (or new Heimdal cache), lets change it to our current
847 uint32_t mask = 0xffff0000;
849 creds->flags.b.anonymous = 1;
850 if (creds->flags.i & mask)
853 dummy32 = bitswap32(dummy32);
855 creds->flags.i = dummy32;
856 ret = krb5_ret_addrs (sp, &creds->addresses);
857 if(ret) goto cleanup;
858 ret = krb5_ret_authdata (sp, &creds->authdata);
859 if(ret) goto cleanup;
860 ret = krb5_ret_data (sp, &creds->ticket);
861 if(ret) goto cleanup;
862 ret = krb5_ret_data (sp, &creds->second_ticket);
866 krb5_free_cred_contents(context, creds); /* XXX */
872 #define SC_CLIENT_PRINCIPAL 0x0001
873 #define SC_SERVER_PRINCIPAL 0x0002
874 #define SC_SESSION_KEY 0x0004
875 #define SC_TICKET 0x0008
876 #define SC_SECOND_TICKET 0x0010
877 #define SC_AUTHDATA 0x0020
878 #define SC_ADDRESSES 0x0040
884 krb5_error_code KRB5_LIB_FUNCTION
885 krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
891 header |= SC_CLIENT_PRINCIPAL;
893 header |= SC_SERVER_PRINCIPAL;
894 if (creds->session.keytype != ETYPE_NULL)
895 header |= SC_SESSION_KEY;
896 if (creds->ticket.data)
898 if (creds->second_ticket.length)
899 header |= SC_SECOND_TICKET;
900 if (creds->authdata.len)
901 header |= SC_AUTHDATA;
902 if (creds->addresses.len)
903 header |= SC_ADDRESSES;
905 ret = krb5_store_int32(sp, header);
908 ret = krb5_store_principal(sp, creds->client);
914 ret = krb5_store_principal(sp, creds->server);
919 if (creds->session.keytype != ETYPE_NULL) {
920 ret = krb5_store_keyblock(sp, creds->session);
925 ret = krb5_store_times(sp, creds->times);
928 ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
932 ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
936 if (creds->addresses.len) {
937 ret = krb5_store_addrs(sp, creds->addresses);
942 if (creds->authdata.len) {
943 ret = krb5_store_authdata(sp, creds->authdata);
948 if (creds->ticket.data) {
949 ret = krb5_store_data(sp, creds->ticket);
954 if (creds->second_ticket.data) {
955 ret = krb5_store_data(sp, creds->second_ticket);
963 krb5_error_code KRB5_LIB_FUNCTION
964 krb5_ret_creds_tag(krb5_storage *sp,
969 int32_t dummy32, header;
971 memset(creds, 0, sizeof(*creds));
973 ret = krb5_ret_int32 (sp, &header);
974 if (ret) goto cleanup;
976 if (header & SC_CLIENT_PRINCIPAL) {
977 ret = krb5_ret_principal (sp, &creds->client);
978 if(ret) goto cleanup;
980 if (header & SC_SERVER_PRINCIPAL) {
981 ret = krb5_ret_principal (sp, &creds->server);
982 if(ret) goto cleanup;
984 if (header & SC_SESSION_KEY) {
985 ret = krb5_ret_keyblock (sp, &creds->session);
986 if(ret) goto cleanup;
988 ret = krb5_ret_times (sp, &creds->times);
989 if(ret) goto cleanup;
990 ret = krb5_ret_int8 (sp, &dummy8);
991 if(ret) goto cleanup;
992 ret = krb5_ret_int32 (sp, &dummy32);
993 if(ret) goto cleanup;
995 * Runtime detect the what is the higher bits of the bitfield. If
996 * any of the higher bits are set in the input data, it's either a
997 * new ticket flag (and this code need to be removed), or it's a
998 * MIT cache (or new Heimdal cache), lets change it to our current
1002 uint32_t mask = 0xffff0000;
1004 creds->flags.b.anonymous = 1;
1005 if (creds->flags.i & mask)
1008 dummy32 = bitswap32(dummy32);
1010 creds->flags.i = dummy32;
1011 if (header & SC_ADDRESSES) {
1012 ret = krb5_ret_addrs (sp, &creds->addresses);
1013 if(ret) goto cleanup;
1015 if (header & SC_AUTHDATA) {
1016 ret = krb5_ret_authdata (sp, &creds->authdata);
1017 if(ret) goto cleanup;
1019 if (header & SC_TICKET) {
1020 ret = krb5_ret_data (sp, &creds->ticket);
1021 if(ret) goto cleanup;
1023 if (header & SC_SECOND_TICKET) {
1024 ret = krb5_ret_data (sp, &creds->second_ticket);
1025 if(ret) goto cleanup;
1031 krb5_free_cred_contents(context, creds); /* XXX */