/* Convert a JSON value to a keyblock, filling in keyblock. */
static int
json_to_keyblock(k5_json_value v, krb5_keyblock *keyblock)
{
k5_json_array array;
k5_json_number n;
k5_json_string s;
size_t len;
memset(keyblock, 0, sizeof(*keyblock));
if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
return -1;
array = v;
if (k5_json_array_length(array) != 2)
return -1;
n = check_element(array, 0, K5_JSON_TID_NUMBER);
if (n == NULL)
return -1;
keyblock->enctype = k5_json_number_value(n);
s = check_element(array, 1, K5_JSON_TID_STRING);
if (s == NULL)
return -1;
if (k5_json_string_unbase64(s, &keyblock->contents, &len))
return -1;
keyblock->length = len;
keyblock->magic = KV5M_KEYBLOCK;
return 0;
}
/* Convert a JSON value to a zero-terminated enctypes list or to NULL. */
static int
json_to_etypes(k5_json_value v, krb5_enctype **etypes_out)
{
krb5_enctype *etypes = NULL;
k5_json_array array;
k5_json_number n;
size_t len, i;
*etypes_out = NULL;
if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
return 0;
if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
return -1;
array = v;
len = k5_json_array_length(array);
etypes = calloc(len + 1, sizeof(*etypes));
for (i = 0; i < len; i++) {
n = check_element(array, i, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
etypes[i] = k5_json_number_value(n);
}
*etypes_out = etypes;
return 0;
invalid:
free(etypes);
return -1;
}
/*
* @description:
* Checks if a mask, portraying a plane, is correct.
* Correct in this context means, that all members of the plane
* bitwise are DONTCARE or == id
*/
static char check_mask(const char *db, const char *basemask, \
const int id, const int bits)
{
// Nr of free axis
unsigned int n_dc = amount_in_ar(basemask, bits, 2);
unsigned int constmask; // A mask that is fixed
unsigned int db_size = 1 << bits;
// varmask is xored with constmask, to give address to check
// n_dc_der is a derivate of n_dc. n_dc_der cannot be 0 =>
unsigned int n_dc_der = (n_dc > 0) ? n_dc : 1;
unsigned int varmask[n_dc_der];
unsigned int i; // local counter
// Make the masks
constmask = get_const_mask(basemask, bits);
for (i = 0; i < n_dc; i++) {
varmask[i] = get_var_mask(basemask, bits, i + 1);
}
// Now start checking all the addresses
unsigned int times = 1 << n_dc; // How many times the loop is exec.
for (i = 0; i < times; i++) {
assert(constmask < db_size); // If otherwise, out of bound db
if (!check_element(*(db + constmask), id)) return 0;
// Alter constmask with the right varmask
// The right varmask is given by th log2.. func
// Sadly, the log2xorseq(times-1) is equal to n_dc, so I have to %
constmask ^= varmask[log2xorseq(i) % n_dc_der];
}
// The mask appears to be valid
return 1;
}
void Parent::toggle_remove(int id){
check_element(gui::GUI_TYPE::TOGGLE,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(tog,gui::Toggle,gui::GUI_TYPE::TOGGLE,id);
child_elements.erase(it);
tog.parent_id = -1;
}
}
void Parent::button_remove(int id){
check_element(gui::GUI_TYPE::BUTTON,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(but,gui::Button,gui::GUI_TYPE::BUTTON,id);
child_elements.erase(it);
but.parent_id = -1;
}
}
void Parent::textbox_remove(int id){
check_element(gui::GUI_TYPE::TEXTBOX,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(tex,gui::Textbox,gui::GUI_TYPE::TEXTBOX,id);
child_elements.erase(it);
tex.parent_id = -1;
}
}
static void *remove_element(mempool_t *pool)
{
void *element = pool->elements[--pool->curr_nr];
BUG_ON(pool->curr_nr < 0);
check_element(pool, element);
kasan_unpoison_element(pool, element);
return element;
}
void Parent::label_remove(int id){
check_element(gui::GUI_TYPE::LABEL,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(lab,gui::Label,gui::GUI_TYPE::LABEL,id);
child_elements.erase(it);
lab.parent_id = -1;
}
}
void Parent::window_remove(int id){
check_element(gui::GUI_TYPE::WINDOW,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(win,gui::Window,gui::GUI_TYPE::WINDOW,id);
child_elements.erase(it);
win.parent_id = -1;
}
}
void Parent::slider_remove(int id){
check_element(gui::GUI_TYPE::SLIDER,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(sli,gui::Slider,gui::GUI_TYPE::SLIDER,id);
child_elements.erase(it);
sli.parent_id = -1;
}
}
void Parent::scrollbar_remove(int id){
check_element(gui::GUI_TYPE::SCROLLBAR,id);
auto it = find(child_elements.begin(), child_elements.end(), id);
if (it != child_elements.end()){
get_element(scr,gui::Scrollbar,gui::GUI_TYPE::SCROLLBAR,id);
child_elements.erase(it);
scr.parent_id = -1;
}
}
OM_uint32 KRB5_CALLCONV
krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
gss_cred_id_t *cred_handle)
{
OM_uint32 status = GSS_S_COMPLETE;
krb5_context context;
krb5_error_code ret;
krb5_gss_cred_id_t cred;
k5_json_value v = NULL;
k5_json_array array;
k5_json_string str;
char *copy = NULL;
ret = krb5_gss_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
/* Decode token. */
copy = k5memdup0(token->value, token->length, &ret);
if (copy == NULL) {
status = GSS_S_FAILURE;
*minor_status = ret;
goto cleanup;
}
if (k5_json_decode(copy, &v))
goto invalid;
/* Decode the CRED_EXPORT_MAGIC array wrapper. */
if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
goto invalid;
array = v;
if (k5_json_array_length(array) != 2)
goto invalid;
str = check_element(array, 0, K5_JSON_TID_STRING);
if (str == NULL ||
strcmp(k5_json_string_utf8(str), CRED_EXPORT_MAGIC) != 0)
goto invalid;
if (json_to_kgcred(context, k5_json_array_get(array, 1), &cred))
goto invalid;
*cred_handle = (gss_cred_id_t)cred;
cleanup:
free(copy);
k5_json_release(v);
krb5_free_context(context);
return status;
invalid:
status = GSS_S_DEFECTIVE_TOKEN;
goto cleanup;
}
/* Convert a JSON value to an authdata element. */
static int
json_to_authdata_element(k5_json_value v, krb5_authdata **ad_out)
{
k5_json_array array;
krb5_authdata *ad = NULL;
k5_json_number n;
k5_json_string s;
size_t len;
*ad_out = NULL;
if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
return -1;
array = v;
if (k5_json_array_length(array) != 2)
return -1;
n = check_element(array, 0, K5_JSON_TID_NUMBER);
if (n == NULL)
return -1;
s = check_element(array, 1, K5_JSON_TID_STRING);
if (s == NULL)
return -1;
ad = malloc(sizeof(*ad));
if (ad == NULL)
return -1;
ad->ad_type = k5_json_number_value(n);
if (k5_json_string_unbase64(s, &ad->contents, &len)) {
free(ad);
return -1;
}
ad->length = len;
ad->magic = KV5M_AUTHDATA;
*ad_out = ad;
return 0;
}
bool searchMatrix(vector<vector<int>>& matrix, int target) {
int no_of_rows_check, len, column;
len = matrix.size();
if (len==0)
return false;
no_of_rows_check = give_row(matrix, target);
if (no_of_rows_check==-1)
return false;
for (int i=0;i<=no_of_rows_check;i++) {
column = matrix[i].size();
if(matrix[i][0]<=target && target<=matrix[i][column-1]) {
return check_element(matrix[i], target);
}
}
return false;
}
void scan_owners(char *owner, char *user, char *instance)
{
DIR *dirh;
struct stat tmpstat;
char tmpfile[500];
char filename[400];
struct dirent *fh;
sprintf(filename, DATADIR DIRSEP "keys");
dirh = opendir(filename);
if (!dirh) {
return;
}
while ((fh = readdir(dirh))) {
char *fn = fh->d_name;
if (!fn)
continue;
/* if owner doesn't match, skip it */
if (owner && strcmp(owner, fn))
continue;
/* skip anything that couldn't be a valid owner */
if (!strcmp(fn, ".") || !strcmp(fn, ".."))
continue;
/* skip anything we don't consider valid */
if (check_element(fn))
continue;
/* stat it and skip if not a directory */
sprintf(tmpfile, DATADIR DIRSEP "keys" DIRSEP "%s", fn);
if (lstat(tmpfile, &tmpstat))
continue;
if (!S_ISDIR(tmpstat.st_mode))
continue;
scan_users(fn, user, instance);
}
closedir(dirh);
}
/* Convert a JSON array value to a krb5 GSS credential. */
static int
json_to_kgcred(krb5_context context, k5_json_array array,
krb5_gss_cred_id_t *cred_out)
{
krb5_gss_cred_id_t cred;
k5_json_number n;
k5_json_bool b;
krb5_boolean is_new;
OM_uint32 tmp;
*cred_out = NULL;
if (k5_json_array_length(array) != 14)
return -1;
cred = calloc(1, sizeof(*cred));
if (cred == NULL)
return -1;
if (k5_mutex_init(&cred->lock)) {
free(cred);
return -1;
}
n = check_element(array, 0, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
cred->usage = k5_json_number_value(n);
if (json_to_kgname(context, k5_json_array_get(array, 1), &cred->name))
goto invalid;
if (json_to_principal(context, k5_json_array_get(array, 2),
&cred->impersonator))
goto invalid;
b = check_element(array, 3, K5_JSON_TID_BOOL);
if (b == NULL)
goto invalid;
cred->default_identity = k5_json_bool_value(b);
b = check_element(array, 4, K5_JSON_TID_BOOL);
if (b == NULL)
goto invalid;
cred->iakerb_mech = k5_json_bool_value(b);
if (json_to_keytab(context, k5_json_array_get(array, 5), &cred->keytab))
goto invalid;
if (json_to_rcache(context, k5_json_array_get(array, 6), &cred->rcache))
goto invalid;
if (json_to_ccache(context, k5_json_array_get(array, 7), &cred->ccache,
&is_new))
goto invalid;
cred->destroy_ccache = is_new;
if (json_to_keytab(context, k5_json_array_get(array, 8),
&cred->client_keytab))
goto invalid;
b = check_element(array, 9, K5_JSON_TID_BOOL);
if (b == NULL)
goto invalid;
cred->have_tgt = k5_json_bool_value(b);
n = check_element(array, 10, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
cred->expire = k5_json_number_value(n);
n = check_element(array, 11, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
cred->refresh_time = k5_json_number_value(n);
if (json_to_etypes(k5_json_array_get(array, 12), &cred->req_enctypes))
goto invalid;
if (json_to_optional_string(k5_json_array_get(array, 13), &cred->password))
goto invalid;
*cred_out = cred;
return 0;
invalid:
(void)krb5_gss_release_cred(&tmp, (gss_cred_id_t *)&cred);
return -1;
}
/* Convert a JSON value to a krb5 credential structure, filling in creds. */
static int
json_to_creds(krb5_context context, k5_json_value v, krb5_creds *creds)
{
k5_json_array array;
k5_json_number n;
k5_json_bool b;
k5_json_string s;
unsigned char *data;
size_t len;
memset(creds, 0, sizeof(*creds));
if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
return -1;
array = v;
if (k5_json_array_length(array) != 13)
return -1;
if (json_to_principal(context, k5_json_array_get(array, 0),
&creds->client))
goto invalid;
if (json_to_principal(context, k5_json_array_get(array, 1),
&creds->server))
goto invalid;
if (json_to_keyblock(k5_json_array_get(array, 2), &creds->keyblock))
goto invalid;
n = check_element(array, 3, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
creds->times.authtime = k5_json_number_value(n);
n = check_element(array, 4, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
creds->times.starttime = k5_json_number_value(n);
n = check_element(array, 5, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
creds->times.endtime = k5_json_number_value(n);
n = check_element(array, 6, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
creds->times.renew_till = k5_json_number_value(n);
b = check_element(array, 7, K5_JSON_TID_BOOL);
if (b == NULL)
goto invalid;
creds->is_skey = k5_json_bool_value(b);
n = check_element(array, 8, K5_JSON_TID_NUMBER);
if (n == NULL)
goto invalid;
creds->ticket_flags = k5_json_number_value(n);
if (json_to_addresses(context, k5_json_array_get(array, 9),
&creds->addresses))
goto invalid;
s = check_element(array, 10, K5_JSON_TID_STRING);
if (s == NULL)
goto invalid;
if (k5_json_string_unbase64(s, &data, &len))
goto invalid;
creds->ticket.data = (char *)data;
creds->ticket.length = len;
s = check_element(array, 11, K5_JSON_TID_STRING);
if (s == NULL)
goto invalid;
if (k5_json_string_unbase64(s, &data, &len))
goto invalid;
creds->second_ticket.data = (char *)data;
creds->second_ticket.length = len;
if (json_to_authdata(context, k5_json_array_get(array, 12),
&creds->authdata))
goto invalid;
creds->magic = KV5M_CREDS;
return 0;
invalid:
krb5_free_cred_contents(context, creds);
memset(creds, 0, sizeof(*creds));
return -1;
}
int main(int argc, char *argv[])
{
char *user, *instance, *owner = NULL;
char filename[400];
#ifndef WINDOWS
struct passwd *userpw;
#endif
struct DataBlock *encrypted, *decrypted, *hk;
if (argc != 3 && argc != 4) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t%s [<owner>] <user> <instance>\n", argv[0]);
fprintf(stderr, "\t<owner> is the owning userid\n");
fprintf(stderr, "\t<user> is the userid\n");
fprintf(stderr, "\t<instance> is the instance\n");
exit(1);
}
if (argc == 3) {
user = argv[1];
instance = argv[2];
} else {
owner = argv[1];
user = argv[2];
instance = argv[3];
}
#ifndef WINDOWS
if (!(userpw = getpwuid(getuid()))) {
Log("error-realuser", owner, user, instance);
OUTPUT_ERROR("couldn't get real username\n");
exit(1);
}
if (!owner) {
owner = strdup(userpw->pw_name);
} else if (getuid() != 0 && strcmp(owner, userpw->pw_name)) {
Log("error-mismatch", owner, user, instance);
OUTPUT_ERROR("owner does not match and you are not root\n");
exit(1);
}
#else
/* No security on windows! Force owner to 'common' */
owner = strdup("common");
#endif
if (check_element(owner)) {
Log("error-owner", owner, user, instance);
OUTPUT_ERROR("error on owner: %s\n", check_element(owner));
exit(1);
}
if (check_element(user)) {
Log("error-user", owner, user, instance);
OUTPUT_ERROR("error on user: %s\n", check_element(user));
exit(1);
}
if (check_element(instance)) {
Log("error-instance", owner, user, instance);
OUTPUT_ERROR("error on instance: %s\n", check_element(instance));
exit(1);
}
Log("decrypt", owner, user, instance);
sprintf(filename, DATADIR DIRSEP "keys" DIRSEP "%s" DIRSEP "%s" DIRSEP "%s", owner, user, instance);
encrypted = FileToDataBlock(filename);
hk = FetchHostKey();
decrypted = wrap_blowfish(hk, encrypted, BF_DECRYPT);
FreeDataBlock(hk);
printf("%s\n", decrypted->data);
FreeDataBlock(decrypted);
FreeDataBlock(encrypted);
exit(0);
}
int main(int argc, char *argv[])
{
char *user = NULL, *instance = NULL, *owner = NULL;
#ifndef WINDOWS
struct passwd *userpw;
#endif
if ((argc == 2 || argc > 4) && !strcmp(argv[1], "-h")) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t%s <owner> <user> <instance>\n", argv[0]);
fprintf(stderr, "\t<owner> is the owner to list (optional)\n");
fprintf(stderr, "\t<user> is the user to list (optional)\n");
fprintf(stderr, "\t<instance> is the instance to list (optional)\n");
exit(1);
}
#ifndef WINDOWS
if (!(userpw = getpwuid(getuid()))) {
OUTPUT_ERROR("couldn't get real username\n");
exit(1);
}
#endif
if (argc > 1) {
owner = argv[1];
}
if (argc > 2) {
user = argv[2];
}
if (argc > 3) {
instance = argv[3];
}
#ifndef WINDOWS
if (getuid() != 0 && !owner) {
owner = strdup(userpw->pw_name);
}
if (getuid() != 0 && owner && strcmp(owner, userpw->pw_name)) {
Log("error-mismatch", owner, user, instance);
OUTPUT_ERROR("owner does not match and you are not root\n");
exit(1);
}
#else
/* owner forced to 'common' on windows */
owner = strdup("common");
#endif
if (owner && check_element(owner)) {
Log("error-owner", owner, user, instance);
OUTPUT_ERROR("error on owner: %s\n", check_element(owner));
exit(1);
}
if (user && check_element(user)) {
Log("error-user", owner, user, instance);
OUTPUT_ERROR("error on user: %s\n", check_element(user));
exit(1);
}
if (instance && check_element(instance)) {
Log("error-instance", owner, user, instance);
OUTPUT_ERROR("error on instance: %s\n", check_element(instance));
exit(1);
}
Log("list", owner ? owner : "*", user ? user : "******", instance ? instance : "*");
scan_owners(owner, user, instance);
exit(0);
}
int main(int argc, char *argv[])
{
char *owner, *user, *instance;
char filename[400];
struct DataBlock *data, *encrypted, *hk;
#ifndef WINDOWS
struct passwd *userpw;
#endif
int curlen = 0;
char buf[MAX_DATA_LEN] = "";
char passwd[MAX_DATA_LEN] = "";
int i;
umask(077);
if (argc != 4) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t%s <owner> <user> <instance>\n", argv[0]);
fprintf(stderr, "\t<owner> is the owner userid of this userid/password\n");
#ifdef WINDOWS
fprintf(stderr, "\t<owner> is ignored on windows builds\n");
#endif
fprintf(stderr, "\t<user> is the userid for this password\n");
fprintf(stderr, "\t<instance> is the particular instance\n");
fprintf(stderr, "\t<password> is passed via stdin\n");
exit(1);
}
owner = argv[1];
user = argv[2];
instance = argv[3];
/* Check if valid */
if (!owner || !user || !instance) {
Log("error-parameters", owner, user, instance);
OUTPUT_ERROR("Invalid parameters.\n");
exit(1);
}
if (check_element(owner)) {
Log("error-owner", owner, user, instance);
OUTPUT_ERROR("error on owner: %s\n", check_element(owner));
exit(1);
}
if (check_element(user)) {
Log("error-user", owner, user, instance);
OUTPUT_ERROR("error on user: %s\n", check_element(user));
exit(1);
}
if (check_element(instance)) {
Log("error-instance", owner, user, instance);
OUTPUT_ERROR("error on instance: %s\n", check_element(instance));
exit(1);
}
#ifndef WINDOWS
if (!(userpw = getpwuid(getuid()))) {
Log("error-username", owner, user, instance);
OUTPUT_ERROR("couldn't get real username\n");
exit(1);
}
if (getuid() != 0 && strcmp(owner, userpw->pw_name)) {
Log("error-mismatch", owner, user, instance);
OUTPUT_ERROR("owner does not match and you are not root\n");
exit(1);
}
#else
/* No security on windows! Force owner to 'common' */
owner = strdup("common");
#endif
buf[0] = 0;
curlen = 0;
passwd[0] = 0;
while (curlen < (MAX_DATA_LEN - 1000)) {
i = read(fileno(stdin), buf, 1000);
if (i > 0) {
memcpy(passwd + curlen, buf, i);
curlen += i;
} else {
break;
}
}
if (curlen == 0) {
Log("error-pwlen", owner, user, instance);
OUTPUT_ERROR("error on password: must be specified\n");
exit(1);
}
if (check_content(passwd)) {
Log("error-pw", owner, user, instance);
OUTPUT_ERROR("error on password: %s\n", check_content(passwd));
exit(1);
}
data = AllocDataBlock();
data->data = (unsigned char *)passwd;
data->length = strlen(passwd) + 1;
#ifndef WINDOWS
#define MKDIR(x,y) mkdir(x,y)
#else
#define MKDIR(x,y) mkdir(x)
#endif
/* Make each directory and build the file name */
sprintf(filename, DATADIR DIRSEP "keys" DIRSEP "%s", owner);
if (MKDIR(filename, 0755) == -1 && errno != EEXIST) {
Log("error-mkdir1", owner, user, instance);
OUTPUT_ERROR("couldn't create dir (%s)\n", filename);
exit(1);
}
sprintf(filename, DATADIR DIRSEP "keys" DIRSEP "%s" DIRSEP "%s", owner, user);
if (MKDIR(filename, 0755) == -1 && errno != EEXIST) {
Log("error-mkdir2", owner, user, instance);
OUTPUT_ERROR("couldn't create dir (%s)\n", filename);
exit(1);
}
sprintf(filename, DATADIR DIRSEP "keys" DIRSEP "%s" DIRSEP "%s" DIRSEP "%s", owner, user, instance);
Log("encrypt", owner, user, instance);
hk = FetchHostKey();
encrypted = wrap_blowfish(hk, data, BF_ENCRYPT);
FreeDataBlock(hk);
DataBlockToFile(filename, encrypted);
FreeDataBlock(encrypted);
data->data = 0;
FreeDataBlock(data);
exit(0);
}