static void
log_as_req(krb5_context context,
krb5_kdc_configuration *config,
krb5_enctype cetype,
krb5_enctype setype,
const KDC_REQ_BODY *b)
{
krb5_error_code ret;
struct rk_strpool *p = NULL;
char *str;
int i;
for (i = 0; i < b->etype.len; i++) {
ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
if (ret == 0) {
p = rk_strpoolprintf(p, "%s", str);
free(str);
} else
p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
if (p && i + 1 < b->etype.len)
p = rk_strpoolprintf(p, ", ");
if (p == NULL) {
kdc_log(context, config, 0, "out of memory");
return;
}
}
if (p == NULL)
p = rk_strpoolprintf(p, "no encryption types");
str = rk_strpoolcollect(p);
kdc_log(context, config, 0, "Client supported enctypes: %s", str);
free(str);
{
char *cet;
char *set;
ret = krb5_enctype_to_string(context, cetype, &cet);
if(ret == 0) {
ret = krb5_enctype_to_string(context, setype, &set);
if (ret == 0) {
kdc_log(context, config, 5, "Using %s/%s", cet, set);
free(set);
}
free(cet);
}
if (ret != 0)
kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype);
}
{
char fixedstr[128];
unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
fixedstr, sizeof(fixedstr));
if(*fixedstr)
kdc_log(context, config, 2, "Requested flags: %s", fixedstr);
}
}
char *
hx509_get_error_string(hx509_context context, int error_code)
{
struct rk_strpool *p = NULL;
hx509_error msg = context->error;
if (msg == NULL || msg->code != error_code) {
const char *cstr;
char *str;
cstr = com_right(context->et_list, error_code);
if (cstr)
return strdup(cstr);
cstr = strerror(error_code);
if (cstr)
return strdup(cstr);
if (asprintf(&str, "<unknown error: %d>", error_code) == -1)
return NULL;
return str;
}
for (msg = context->error; msg; msg = msg->next)
p = rk_strpoolprintf(p, "%s%s", msg->msg,
msg->next != NULL ? "; " : "");
return rk_strpoolcollect(p);
}
int
der_print_heim_oid (const heim_oid *oid, char delim, char **str)
{
struct rk_strpool *p = NULL;
int i;
if (oid->length == 0)
return EINVAL;
for (i = 0; i < oid->length ; i++) {
p = rk_strpoolprintf(p, "%d", oid->components[i]);
if (p && i < oid->length - 1)
p = rk_strpoolprintf(p, "%c", delim);
if (p == NULL) {
*str = NULL;
return ENOMEM;
}
}
*str = rk_strpoolcollect(p);
if (*str == NULL)
return ENOMEM;
return 0;
}
int
der_print_heim_oid (const heim_oid *oid, char delim, char **str)
{
struct rk_strpool *p = NULL;
int i;
for (i = 0; i < oid->length ; i++) {
p = rk_strpoolprintf(p, "%d%s",
oid->components[i],
i < oid->length - 1 ? " " : "");
if (p == NULL) {
*str = NULL;
return ENOMEM;
}
}
*str = rk_strpoolcollect(p);
if (*str == NULL)
return ENOMEM;
return 0;
}
static void
log_patypes(krb5_context context,
krb5_kdc_configuration *config,
METHOD_DATA *padata)
{
struct rk_strpool *p = NULL;
char *str;
size_t i;
for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) {
case KRB5_PADATA_PK_AS_REQ:
p = rk_strpoolprintf(p, "PK-INIT(ietf)");
break;
case KRB5_PADATA_PK_AS_REQ_WIN:
p = rk_strpoolprintf(p, "PK-INIT(win2k)");
break;
case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
p = rk_strpoolprintf(p, "OCSP");
break;
case KRB5_PADATA_ENC_TIMESTAMP:
p = rk_strpoolprintf(p, "encrypted-timestamp");
break;
default:
p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
break;
}
if (p && i + 1 < padata->len)
p = rk_strpoolprintf(p, ", ");
if (p == NULL) {
kdc_log(context, config, 0, "out of memory");
return;
}
}
if (p == NULL)
p = rk_strpoolprintf(p, "none");
str = rk_strpoolcollect(p);
kdc_log(context, config, 0, "Client sent patypes: %s", str);
free(str);
}
int
hx509_general_name_unparse(GeneralName *name, char **str)
{
struct rk_strpool *strpool = NULL;
*str = NULL;
switch (name->element) {
case choice_GeneralName_otherName: {
char *str;
hx509_oid_sprint(&name->u.otherName.type_id, &str);
if (str == NULL)
return ENOMEM;
strpool = rk_strpoolprintf(strpool, "otherName: %s", str);
free(str);
break;
}
case choice_GeneralName_rfc822Name:
strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n",
name->u.rfc822Name);
break;
case choice_GeneralName_dNSName:
strpool = rk_strpoolprintf(strpool, "dNSName: %s\n",
name->u.dNSName);
break;
case choice_GeneralName_directoryName: {
Name dir;
char *s;
int ret;
memset(&dir, 0, sizeof(dir));
dir.element = name->u.directoryName.element;
dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
ret = _hx509_unparse_Name(&dir, &s);
if (ret)
return ret;
strpool = rk_strpoolprintf(strpool, "directoryName: %s", s);
free(s);
break;
}
case choice_GeneralName_uniformResourceIdentifier:
strpool = rk_strpoolprintf(strpool, "URI: %s",
name->u.uniformResourceIdentifier);
break;
case choice_GeneralName_iPAddress: {
unsigned char *a = name->u.iPAddress.data;
strpool = rk_strpoolprintf(strpool, "IPAddress: ");
if (strpool == NULL)
break;
if (name->u.iPAddress.length == 4)
strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d",
a[0], a[1], a[2], a[3]);
else if (name->u.iPAddress.length == 16)
strpool = rk_strpoolprintf(strpool,
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X",
a[0], a[1], a[2], a[3],
a[4], a[5], a[6], a[7],
a[8], a[9], a[10], a[11],
a[12], a[13], a[14], a[15]);
else
strpool = rk_strpoolprintf(strpool,
"unknown IP address of length %lu",
(unsigned long)name->u.iPAddress.length);
break;
}
case choice_GeneralName_registeredID: {
char *str;
hx509_oid_sprint(&name->u.registeredID, &str);
if (str == NULL)
return ENOMEM;
strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);
free(str);
break;
}
default:
return EINVAL;
}
if (strpool == NULL)
return ENOMEM;
*str = rk_strpoolcollect(strpool);
return 0;
}
int
hx509_name_expand(hx509_context context,
hx509_name name,
hx509_env env)
{
Name *n = &name->der_name;
int i, j;
if (env == NULL)
return 0;
if (n->element != choice_Name_rdnSequence) {
hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type");
return EINVAL;
}
for (i = 0 ; i < n->u.rdnSequence.len; i++) {
for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
/** Only UTF8String rdnSequence names are allowed */
/*
THIS SHOULD REALLY BE:
COMP = n->u.rdnSequence.val[i].val[j];
normalize COMP to utf8
check if there are variables
expand variables
convert back to orignal format, store in COMP
free normalized utf8 string
*/
DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
char *p, *p2;
struct rk_strpool *strpool = NULL;
if (ds->element != choice_DirectoryString_utf8String) {
hx509_set_error_string(context, 0, EINVAL, "unsupported type");
return EINVAL;
}
p = strstr(ds->u.utf8String, "${");
if (p) {
strpool = rk_strpoolprintf(strpool, "%.*s",
(int)(p - ds->u.utf8String),
ds->u.utf8String);
if (strpool == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
}
while (p != NULL) {
/* expand variables */
const char *value;
p2 = strchr(p, '}');
if (p2 == NULL) {
hx509_set_error_string(context, 0, EINVAL, "missing }");
rk_strpoolfree(strpool);
return EINVAL;
}
p += 2;
value = hx509_env_lfind(context, env, p, p2 - p);
if (value == NULL) {
hx509_set_error_string(context, 0, EINVAL,
"variable %.*s missing",
(int)(p2 - p), p);
rk_strpoolfree(strpool);
return EINVAL;
}
strpool = rk_strpoolprintf(strpool, "%s", value);
if (strpool == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
p2++;
p = strstr(p2, "${");
if (p)
strpool = rk_strpoolprintf(strpool, "%.*s",
(int)(p - p2), p2);
else
strpool = rk_strpoolprintf(strpool, "%s", p2);
if (strpool == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
}
if (strpool) {
free(ds->u.utf8String);
ds->u.utf8String = rk_strpoolcollect(strpool);
if (ds->u.utf8String == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
}
}
}
return 0;
}
static int
do_list(struct list_options *opt, const char *keytab_str)
{
krb5_error_code ret;
krb5_keytab keytab;
krb5_keytab_entry entry;
krb5_kt_cursor cursor;
rtbl_t table;
/* XXX specialcase the ANY type */
if(strncasecmp(keytab_str, "ANY:", 4) == 0) {
int flag = 0;
char buf[1024];
keytab_str += 4;
ret = 0;
while (strsep_copy((const char**)&keytab_str, ",",
buf, sizeof(buf)) != -1) {
if(flag)
printf("\n");
if(do_list(opt, buf))
ret = 1;
flag = 1;
}
return ret;
}
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_str);
return ret;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret) {
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str);
krb5_kt_close(context, keytab);
return ret;
}
printf ("%s:\n\n", keytab_str);
table = rtbl_create();
rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT);
rtbl_add_column_by_id(table, 1, "Type", 0);
rtbl_add_column_by_id(table, 2, "Principal", 0);
if (opt->timestamp_flag)
rtbl_add_column_by_id(table, 3, "Date", 0);
if(opt->keys_flag)
rtbl_add_column_by_id(table, 4, "Key", 0);
rtbl_add_column_by_id(table, 5, "Aliases", 0);
rtbl_set_separator(table, " ");
while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) {
char buf[1024], *s;
snprintf(buf, sizeof(buf), "%d", entry.vno);
rtbl_add_column_entry_by_id(table, 0, buf);
ret = krb5_enctype_to_string(context,
entry.keyblock.keytype, &s);
if (ret != 0) {
snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype);
rtbl_add_column_entry_by_id(table, 1, buf);
} else {
rtbl_add_column_entry_by_id(table, 1, s);
free(s);
}
krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
rtbl_add_column_entry_by_id(table, 2, buf);
if (opt->timestamp_flag) {
krb5_format_time(context, entry.timestamp, buf,
sizeof(buf), FALSE);
rtbl_add_column_entry_by_id(table, 3, buf);
}
if(opt->keys_flag) {
size_t i;
s = malloc(2 * entry.keyblock.keyvalue.length + 1);
if (s == NULL) {
krb5_warnx(context, "malloc failed");
ret = ENOMEM;
goto out;
}
for(i = 0; i < entry.keyblock.keyvalue.length; i++)
snprintf(s + 2 * i, 3, "%02x",
((unsigned char*)entry.keyblock.keyvalue.data)[i]);
rtbl_add_column_entry_by_id(table, 4, s);
free(s);
}
if (entry.aliases) {
unsigned int i;
struct rk_strpool *p = NULL;
for (i = 0; i< entry.aliases->len; i++) {
krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
rk_strpoolprintf(p, "%s%s", buf,
i + 1 < entry.aliases->len ? ", " : "");
}
rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p));
}
krb5_kt_free_entry(context, &entry);
}
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
rtbl_format(table, stdout);
out:
rtbl_destroy(table);
krb5_kt_close(context, keytab);
return ret;
}