|
Packit Service |
99d1c0 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
99d1c0 |
/* lib/kadm5/str_conv.c */
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright (C) 1995-2015 by the Massachusetts Institute of Technology.
|
|
Packit Service |
99d1c0 |
* All rights reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
99d1c0 |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
99d1c0 |
* are met:
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* * Redistributions of source code must retain the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* * Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer in
|
|
Packit Service |
99d1c0 |
* the documentation and/or other materials provided with the
|
|
Packit Service |
99d1c0 |
* distribution.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
Packit Service |
99d1c0 |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
Packit Service |
99d1c0 |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
Packit Service |
99d1c0 |
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
Packit Service |
99d1c0 |
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
Packit Service |
99d1c0 |
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
Packit Service |
99d1c0 |
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
Packit Service |
99d1c0 |
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit Service |
99d1c0 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
Packit Service |
99d1c0 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
Packit Service |
99d1c0 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
Packit Service |
99d1c0 |
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Convert between strings and Kerberos internal data. */
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include "k5-int.h"
|
|
Packit Service |
99d1c0 |
#include "admin_internal.h"
|
|
Packit Service |
99d1c0 |
#include "adm_proto.h"
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include <ctype.h>
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static const char default_tupleseps[] = ", \t";
|
|
Packit Service |
99d1c0 |
static const char default_ksaltseps[] = ":";
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
struct flag_table_row {
|
|
Packit Service |
99d1c0 |
const char *spec; /* Input specifier string */
|
|
Packit Service |
99d1c0 |
krb5_flags flag; /* Flag */
|
|
Packit Service |
99d1c0 |
int invert; /* Whether to invert the sense */
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static const struct flag_table_row ftbl[] = {
|
|
Packit Service |
99d1c0 |
{"allow_postdated", KRB5_KDB_DISALLOW_POSTDATED, 1},
|
|
Packit Service |
99d1c0 |
{"postdateable", KRB5_KDB_DISALLOW_POSTDATED, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_postdated", KRB5_KDB_DISALLOW_POSTDATED, 0},
|
|
Packit Service |
99d1c0 |
{"allow_forwardable", KRB5_KDB_DISALLOW_FORWARDABLE, 1},
|
|
Packit Service |
99d1c0 |
{"forwardable", KRB5_KDB_DISALLOW_FORWARDABLE, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_forwardable", KRB5_KDB_DISALLOW_FORWARDABLE, 0},
|
|
Packit Service |
99d1c0 |
{"allow_tgs_req", KRB5_KDB_DISALLOW_TGT_BASED, 1},
|
|
Packit Service |
99d1c0 |
{"tgt_based", KRB5_KDB_DISALLOW_TGT_BASED, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_tgt_based", KRB5_KDB_DISALLOW_TGT_BASED, 0},
|
|
Packit Service |
99d1c0 |
{"allow_renewable", KRB5_KDB_DISALLOW_RENEWABLE, 1},
|
|
Packit Service |
99d1c0 |
{"renewable", KRB5_KDB_DISALLOW_RENEWABLE, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_renewable", KRB5_KDB_DISALLOW_RENEWABLE, 0},
|
|
Packit Service |
99d1c0 |
{"allow_proxiable", KRB5_KDB_DISALLOW_PROXIABLE, 1},
|
|
Packit Service |
99d1c0 |
{"proxiable", KRB5_KDB_DISALLOW_PROXIABLE, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_proxiable", KRB5_KDB_DISALLOW_PROXIABLE, 0},
|
|
Packit Service |
99d1c0 |
{"allow_dup_skey", KRB5_KDB_DISALLOW_DUP_SKEY, 1},
|
|
Packit Service |
99d1c0 |
{"dup_skey", KRB5_KDB_DISALLOW_DUP_SKEY, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_dup_skey", KRB5_KDB_DISALLOW_DUP_SKEY, 0},
|
|
Packit Service |
99d1c0 |
{"allow_tickets", KRB5_KDB_DISALLOW_ALL_TIX, 1},
|
|
Packit Service |
99d1c0 |
{"allow_tix", KRB5_KDB_DISALLOW_ALL_TIX, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_all_tix", KRB5_KDB_DISALLOW_ALL_TIX, 0},
|
|
Packit Service |
99d1c0 |
{"preauth", KRB5_KDB_REQUIRES_PRE_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"requires_pre_auth", KRB5_KDB_REQUIRES_PRE_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"requires_preauth", KRB5_KDB_REQUIRES_PRE_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"hwauth", KRB5_KDB_REQUIRES_HW_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"requires_hw_auth", KRB5_KDB_REQUIRES_HW_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"requires_hwauth", KRB5_KDB_REQUIRES_HW_AUTH, 0},
|
|
Packit Service |
99d1c0 |
{"needchange", KRB5_KDB_REQUIRES_PWCHANGE, 0},
|
|
Packit Service |
99d1c0 |
{"pwchange", KRB5_KDB_REQUIRES_PWCHANGE, 0},
|
|
Packit Service |
99d1c0 |
{"requires_pwchange", KRB5_KDB_REQUIRES_PWCHANGE, 0},
|
|
Packit Service |
99d1c0 |
{"allow_svr", KRB5_KDB_DISALLOW_SVR, 1},
|
|
Packit Service |
99d1c0 |
{"service", KRB5_KDB_DISALLOW_SVR, 1},
|
|
Packit Service |
99d1c0 |
{"disallow_svr", KRB5_KDB_DISALLOW_SVR, 0},
|
|
Packit Service |
99d1c0 |
{"password_changing_service", KRB5_KDB_PWCHANGE_SERVICE, 0},
|
|
Packit Service |
99d1c0 |
{"pwchange_service", KRB5_KDB_PWCHANGE_SERVICE, 0},
|
|
Packit Service |
99d1c0 |
{"pwservice", KRB5_KDB_PWCHANGE_SERVICE, 0},
|
|
Packit Service |
99d1c0 |
{"md5", KRB5_KDB_SUPPORT_DESMD5, 0},
|
|
Packit Service |
99d1c0 |
{"support_desmd5", KRB5_KDB_SUPPORT_DESMD5, 0},
|
|
Packit Service |
99d1c0 |
{"new_princ", KRB5_KDB_NEW_PRINC, 0},
|
|
Packit Service |
99d1c0 |
{"ok_as_delegate", KRB5_KDB_OK_AS_DELEGATE, 0},
|
|
Packit Service |
99d1c0 |
{"ok_to_auth_as_delegate", KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0},
|
|
Packit Service |
99d1c0 |
{"no_auth_data_required", KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0},
|
|
Packit Service |
99d1c0 |
{"lockdown_keys", KRB5_KDB_LOCKDOWN_KEYS, 0},
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
#define NFTBL (sizeof(ftbl) / sizeof(ftbl[0]))
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static const char *outflags[] = {
|
|
Packit Service |
99d1c0 |
"DISALLOW_POSTDATED", /* 0x00000001 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_FORWARDABLE", /* 0x00000002 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_TGT_BASED", /* 0x00000004 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_RENEWABLE", /* 0x00000008 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_PROXIABLE", /* 0x00000010 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_DUP_SKEY", /* 0x00000020 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_ALL_TIX", /* 0x00000040 */
|
|
Packit Service |
99d1c0 |
"REQUIRES_PRE_AUTH", /* 0x00000080 */
|
|
Packit Service |
99d1c0 |
"REQUIRES_HW_AUTH", /* 0x00000100 */
|
|
Packit Service |
99d1c0 |
"REQUIRES_PWCHANGE", /* 0x00000200 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00000400 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00000800 */
|
|
Packit Service |
99d1c0 |
"DISALLOW_SVR", /* 0x00001000 */
|
|
Packit Service |
99d1c0 |
"PWCHANGE_SERVICE", /* 0x00002000 */
|
|
Packit Service |
99d1c0 |
"SUPPORT_DESMD5", /* 0x00004000 */
|
|
Packit Service |
99d1c0 |
"NEW_PRINC", /* 0x00008000 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00010000 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00020000 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00040000 */
|
|
Packit Service |
99d1c0 |
NULL, /* 0x00080000 */
|
|
Packit Service |
99d1c0 |
"OK_AS_DELEGATE", /* 0x00100000 */
|
|
Packit Service |
99d1c0 |
"OK_TO_AUTH_AS_DELEGATE", /* 0x00200000 */
|
|
Packit Service |
99d1c0 |
"NO_AUTH_DATA_REQUIRED", /* 0x00400000 */
|
|
Packit Service |
99d1c0 |
"LOCKDOWN_KEYS", /* 0x00800000 */
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
#define NOUTFLAGS (sizeof(outflags) / sizeof(outflags[0]))
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Given s, which is a normalized flagspec with the prefix stripped off, and
|
|
Packit Service |
99d1c0 |
* req_neg indicating whether the flagspec is negated, update the toset and
|
|
Packit Service |
99d1c0 |
* toclear masks.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
raw_flagspec_to_mask(const char *s, int req_neg, krb5_flags *toset,
|
|
Packit Service |
99d1c0 |
krb5_flags *toclear)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
int found = 0, invert = 0;
|
|
Packit Service |
99d1c0 |
size_t i;
|
|
Packit Service |
99d1c0 |
krb5_flags flag;
|
|
Packit Service |
99d1c0 |
unsigned long ul;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (i = 0; !found && i < NFTBL; i++) {
|
|
Packit Service |
99d1c0 |
if (strcmp(s, ftbl[i].spec) != 0)
|
|
Packit Service |
99d1c0 |
continue;
|
|
Packit Service |
99d1c0 |
/* Found a match */
|
|
Packit Service |
99d1c0 |
found = 1;
|
|
Packit Service |
99d1c0 |
invert = ftbl[i].invert;
|
|
Packit Service |
99d1c0 |
flag = ftbl[i].flag;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
/* Accept hexadecimal numbers. */
|
|
Packit Service |
99d1c0 |
if (!found && strncmp(s, "0x", 2) == 0) {
|
|
Packit Service |
99d1c0 |
/* Assume that krb5_flags are 32 bits long. */
|
|
Packit Service |
99d1c0 |
ul = strtoul(s, NULL, 16) & 0xffffffff;
|
|
Packit Service |
99d1c0 |
flag = (krb5_flags)ul;
|
|
Packit Service |
99d1c0 |
found = 1;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
if (!found)
|
|
Packit Service |
99d1c0 |
return EINVAL;
|
|
Packit Service |
99d1c0 |
if (req_neg)
|
|
Packit Service |
99d1c0 |
invert = !invert;
|
|
Packit Service |
99d1c0 |
if (invert)
|
|
Packit Service |
99d1c0 |
*toclear &= ~flag;
|
|
Packit Service |
99d1c0 |
else
|
|
Packit Service |
99d1c0 |
*toset |= flag;
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Update the toset and toclear flag masks according to flag specifier string
|
|
Packit Service |
99d1c0 |
* spec, which is of the form {+|-}flagname. toset and toclear can point to
|
|
Packit Service |
99d1c0 |
* the same flag word.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_flagspec_to_mask(const char *spec, krb5_flags *toset, krb5_flags *toclear)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
int req_neg = 0;
|
|
Packit Service |
99d1c0 |
char *copy, *cp, *s;
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
s = copy = strdup(spec);
|
|
Packit Service |
99d1c0 |
if (s == NULL)
|
|
Packit Service |
99d1c0 |
return ENOMEM;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (*s == '-') {
|
|
Packit Service |
99d1c0 |
req_neg = 1;
|
|
Packit Service |
99d1c0 |
s++;
|
|
Packit Service |
99d1c0 |
} else if (*s == '+')
|
|
Packit Service |
99d1c0 |
s++;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (cp = s; *cp != '\0'; cp++) {
|
|
Packit Service |
99d1c0 |
/* Transform hyphens to underscores.*/
|
|
Packit Service |
99d1c0 |
if (*cp == '-')
|
|
Packit Service |
99d1c0 |
*cp = '_';
|
|
Packit Service |
99d1c0 |
/* Downcase. */
|
|
Packit Service |
99d1c0 |
if (isupper((unsigned char)*cp))
|
|
Packit Service |
99d1c0 |
*cp = tolower((unsigned char)*cp);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
retval = raw_flagspec_to_mask(s, req_neg, toset, toclear);
|
|
Packit Service |
99d1c0 |
free(copy);
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copy the flag name of flagnum to outstr. On error, outstr points to a null
|
|
Packit Service |
99d1c0 |
* pointer.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_flagnum_to_string(int flagnum, char **outstr)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
const char *s = NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
*outstr = NULL;
|
|
Packit Service |
99d1c0 |
if ((unsigned int)flagnum < NOUTFLAGS)
|
|
Packit Service |
99d1c0 |
s = outflags[flagnum];
|
|
Packit Service |
99d1c0 |
if (s == NULL) {
|
|
Packit Service |
99d1c0 |
/* Assume that krb5_flags are 32 bits long. */
|
|
Packit Service |
99d1c0 |
if (asprintf(outstr, "0x%08lx", 1UL << flagnum) == -1)
|
|
Packit Service |
99d1c0 |
*outstr = NULL;
|
|
Packit Service |
99d1c0 |
} else {
|
|
Packit Service |
99d1c0 |
*outstr = strdup(s);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
if (*outstr == NULL)
|
|
Packit Service |
99d1c0 |
return ENOMEM;
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Create a null-terminated array of string representations of flags. Store a
|
|
Packit Service |
99d1c0 |
* null pointer into outarray if there would be no strings.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_flags_to_strings(krb5_int32 flags, char ***outarray)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
char **a = NULL, **a_new = NULL, **ap;
|
|
Packit Service |
99d1c0 |
size_t amax = 0, i;
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
*outarray = NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Assume that krb5_flags are 32 bits long. */
|
|
Packit Service |
99d1c0 |
for (i = 0; i < 32; i++) {
|
|
Packit Service |
99d1c0 |
if (!(flags & (1UL << i)))
|
|
Packit Service |
99d1c0 |
continue;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
a_new = realloc(a, (amax + 2) * sizeof(*a));
|
|
Packit Service |
99d1c0 |
if (a_new == NULL) {
|
|
Packit Service |
99d1c0 |
retval = ENOMEM;
|
|
Packit Service |
99d1c0 |
goto cleanup;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
a = a_new;
|
|
Packit Service |
99d1c0 |
retval = krb5_flagnum_to_string(i, &a[amax++]);
|
|
Packit Service |
99d1c0 |
a[amax] = NULL;
|
|
Packit Service |
99d1c0 |
if (retval)
|
|
Packit Service |
99d1c0 |
goto cleanup;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
*outarray = a;
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
cleanup:
|
|
Packit Service |
99d1c0 |
for (ap = a; ap != NULL && *ap != NULL; ap++) {
|
|
Packit Service |
99d1c0 |
free(*ap);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
free(a);
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* krb5_keysalt_is_present() - Determine if a key/salt pair is present
|
|
Packit Service |
99d1c0 |
* in a list of key/salt tuples.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Salttype may be negative to indicate a search for only a enctype.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_boolean
|
|
Packit Service |
99d1c0 |
krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype)
|
|
Packit Service |
99d1c0 |
krb5_key_salt_tuple *ksaltlist;
|
|
Packit Service |
99d1c0 |
krb5_int32 nksalts;
|
|
Packit Service |
99d1c0 |
krb5_enctype enctype;
|
|
Packit Service |
99d1c0 |
krb5_int32 salttype;
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_boolean foundit;
|
|
Packit Service |
99d1c0 |
int i;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
foundit = 0;
|
|
Packit Service |
99d1c0 |
if (ksaltlist) {
|
|
Packit Service |
99d1c0 |
for (i=0; i
|
|
Packit Service |
99d1c0 |
if ((ksaltlist[i].ks_enctype == enctype) &&
|
|
Packit Service |
99d1c0 |
((ksaltlist[i].ks_salttype == salttype) ||
|
|
Packit Service |
99d1c0 |
(salttype < 0))) {
|
|
Packit Service |
99d1c0 |
foundit = 1;
|
|
Packit Service |
99d1c0 |
break;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
return(foundit);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* NOTE: This is a destructive parser (writes NULs). */
|
|
Packit Service |
99d1c0 |
static krb5_error_code
|
|
Packit Service |
99d1c0 |
string_to_keysalt(char *s, const char *ksaltseps,
|
|
Packit Service |
99d1c0 |
krb5_enctype *etype, krb5_int32 *stype)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
char *sp;
|
|
Packit Service |
99d1c0 |
const char *ksseps = (ksaltseps != NULL) ? ksaltseps : default_ksaltseps;
|
|
Packit Service |
99d1c0 |
krb5_error_code ret = 0;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
sp = strpbrk(s, ksseps);
|
|
Packit Service |
99d1c0 |
if (sp != NULL) {
|
|
Packit Service |
99d1c0 |
*sp++ = '\0';
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
ret = krb5_string_to_enctype(s, etype);
|
|
Packit Service |
99d1c0 |
if (ret)
|
|
Packit Service |
99d1c0 |
return ret;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Default to normal salt if omitted. */
|
|
Packit Service |
99d1c0 |
*stype = KRB5_KDB_SALTTYPE_NORMAL;
|
|
Packit Service |
99d1c0 |
if (sp == NULL)
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
return krb5_string_to_salttype(sp, stype);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* krb5_string_to_keysalts() - Convert a string representation to a list
|
|
Packit Service |
99d1c0 |
* of key/salt tuples.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_string_to_keysalts(const char *string, const char *tupleseps,
|
|
Packit Service |
99d1c0 |
const char *ksaltseps, krb5_boolean dups,
|
|
Packit Service |
99d1c0 |
krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
char *copy, *p, *ksp;
|
|
Packit Service |
99d1c0 |
char *tlasts = NULL;
|
|
Packit Service |
99d1c0 |
const char *tseps = (tupleseps != NULL) ? tupleseps : default_tupleseps;
|
|
Packit Service |
99d1c0 |
krb5_int32 nksalts = 0;
|
|
Packit Service |
99d1c0 |
krb5_int32 stype;
|
|
Packit Service |
99d1c0 |
krb5_enctype etype;
|
|
Packit Service |
99d1c0 |
krb5_error_code ret = 0;
|
|
Packit Service |
99d1c0 |
krb5_key_salt_tuple *ksalts = NULL, *ksalts_new = NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
*ksaltp = NULL;
|
|
Packit Service |
99d1c0 |
*nksaltp = 0;
|
|
Packit Service |
99d1c0 |
p = copy = strdup(string);
|
|
Packit Service |
99d1c0 |
if (p == NULL)
|
|
Packit Service |
99d1c0 |
return ENOMEM;
|
|
Packit Service |
99d1c0 |
while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) {
|
|
Packit Service |
99d1c0 |
/* Pass a null pointer to subsequent calls to strtok_r(). */
|
|
Packit Service |
99d1c0 |
p = NULL;
|
|
rpm-build |
c72cdb |
|
|
rpm-build |
c72cdb |
/* Discard unrecognized keysalts. */
|
|
rpm-build |
c72cdb |
if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0)
|
|
rpm-build |
c72cdb |
continue;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Ignore duplicate keysalts if caller asks. */
|
|
Packit Service |
99d1c0 |
if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
|
|
Packit Service |
99d1c0 |
continue;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
|
|
Packit Service |
99d1c0 |
if (ksalts_new == NULL) {
|
|
Packit Service |
99d1c0 |
ret = ENOMEM;
|
|
Packit Service |
99d1c0 |
goto cleanup;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
ksalts = ksalts_new;
|
|
Packit Service |
99d1c0 |
ksalts[nksalts].ks_enctype = etype;
|
|
Packit Service |
99d1c0 |
ksalts[nksalts].ks_salttype = stype;
|
|
Packit Service |
99d1c0 |
nksalts++;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
*ksaltp = ksalts;
|
|
Packit Service |
99d1c0 |
*nksaltp = nksalts;
|
|
Packit Service |
99d1c0 |
cleanup:
|
|
Packit Service |
99d1c0 |
if (ret)
|
|
Packit Service |
99d1c0 |
free(ksalts);
|
|
Packit Service |
99d1c0 |
free(copy);
|
|
Packit Service |
99d1c0 |
return ret;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* krb5_keysalt_iterate() - Do something for each unique key/salt
|
|
Packit Service |
99d1c0 |
* combination.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* If ignoresalt set, then salttype is ignored.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
|
|
Packit Service |
99d1c0 |
krb5_key_salt_tuple *ksaltlist;
|
|
Packit Service |
99d1c0 |
krb5_int32 nksalt;
|
|
Packit Service |
99d1c0 |
krb5_boolean ignoresalt;
|
|
Packit Service |
99d1c0 |
krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer);
|
|
Packit Service |
99d1c0 |
krb5_pointer arg;
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
int i;
|
|
Packit Service |
99d1c0 |
krb5_error_code kret;
|
|
Packit Service |
99d1c0 |
krb5_key_salt_tuple scratch;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
kret = 0;
|
|
Packit Service |
99d1c0 |
for (i=0; i
|
|
Packit Service |
99d1c0 |
scratch.ks_enctype = ksaltlist[i].ks_enctype;
|
|
Packit Service |
99d1c0 |
scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype;
|
|
Packit Service |
99d1c0 |
if (!krb5_keysalt_is_present(ksaltlist,
|
|
Packit Service |
99d1c0 |
i,
|
|
Packit Service |
99d1c0 |
scratch.ks_enctype,
|
|
Packit Service |
99d1c0 |
scratch.ks_salttype)) {
|
|
Packit Service |
99d1c0 |
kret = (*iterator)(&scratch, arg);
|
|
Packit Service |
99d1c0 |
if (kret)
|
|
Packit Service |
99d1c0 |
break;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
return(kret);
|
|
Packit Service |
99d1c0 |
}
|