static krb5_error_code KRB5_CALLCONV
akf_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *c)
{
int32_t ret;
struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("keytab afs keyfile open %s failed: %s", ""),
d->filename, strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_uint32(c->sp, &d->num_entries);
if(ret) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_message (context);
if(ret == KRB5_KT_END)
return KRB5_KT_NOTFOUND;
return ret;
}
return 0;
}
static struct client *
create_client(int fd, int port, const char *moniker)
{
struct client *c;
c = ecalloc(1, sizeof(*c));
if (moniker) {
c->moniker = estrdup(moniker);
} else {
char hostname[MAXHOSTNAMELEN];
gethostname(hostname, sizeof(hostname));
asprintf(&c->moniker, "gssmask: %s:%d", hostname, port);
}
{
c->salen = sizeof(c->sa);
getpeername(fd, (struct sockaddr *)&c->sa, &c->salen);
getnameinfo((struct sockaddr *)&c->sa, c->salen,
c->servername, sizeof(c->servername),
NULL, 0, NI_NUMERICHOST);
}
c->sock = krb5_storage_from_fd(fd);
if (c->sock == NULL)
errx(1, "krb5_storage_from_fd");
close(fd);
return c;
}
kadm5_ret_t
kadm5_log_foreach (kadm5_server_context *context,
void (*func)(kadm5_server_context *server_context,
u_int32_t ver,
time_t timestamp,
enum kadm_ops op,
u_int32_t len,
krb5_storage *sp))
{
int fd = context->log_context.log_fd;
krb5_storage *sp;
lseek (fd, 0, SEEK_SET);
sp = krb5_storage_from_fd (fd);
for (;;) {
int32_t ver, timestamp, op, len;
if(krb5_ret_int32 (sp, &ver) != 0)
break;
krb5_ret_int32 (sp, ×tamp);
krb5_ret_int32 (sp, &op);
krb5_ret_int32 (sp, &len);
(*func)(context, ver, timestamp, op, len, sp);
krb5_storage_seek(sp, 8, SEEK_CUR);
}
return 0;
}
static krb5_error_code
akf_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *c)
{
int32_t ret;
struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_int32(c->sp, &d->num_entries);
if(ret) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_string (context);
if(ret == KRB5_KT_END)
return KRB5_KT_NOTFOUND;
return ret;
}
return 0;
}
krb5_error_code
hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
{
krb5_error_code ret;
krb5_storage *sp;
FILE *f = data;
fflush(f);
sp = krb5_storage_from_fd(fileno(f));
if(sp == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
ret = entry2string_int(context, sp, &entry->entry);
if(ret) {
krb5_storage_free(sp);
return ret;
}
krb5_storage_write(sp, "\n", 1);
krb5_storage_free(sp);
return 0;
}
kadm5_ret_t
_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
{
krb5_data msg, out;
krb5_error_code ret;
size_t len;
krb5_storage *sock;
assert(context->sock != -1);
len = krb5_storage_seek(sp, 0, SEEK_CUR);
ret = krb5_data_alloc(&msg, len);
if (ret)
return ret;
krb5_storage_seek(sp, 0, SEEK_SET);
krb5_storage_read(sp, msg.data, msg.length);
ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
krb5_data_free(&msg);
if(ret)
return ret;
sock = krb5_storage_from_fd(context->sock);
if(sock == NULL) {
krb5_data_free(&out);
return ENOMEM;
}
ret = krb5_store_data(sock, out);
krb5_storage_free(sock);
krb5_data_free(&out);
return ret;
}
krb5_error_code
hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry,
void *data)
{
struct hdb_print_entry_arg *parg = data;
krb5_error_code ret;
krb5_storage *sp;
fflush(parg->out);
sp = krb5_storage_from_fd(fileno(parg->out));
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
switch (parg->fmt) {
case HDB_DUMP_HEIMDAL:
ret = entry2string_int(context, sp, &entry->entry);
break;
case HDB_DUMP_MIT:
ret = entry2mit_string_int(context, sp, &entry->entry);
break;
default:
heim_abort("Only two dump formats supported: Heimdal and MIT");
}
if (ret) {
krb5_storage_free(sp);
return ret;
}
krb5_storage_write(sp, "\n", 1);
krb5_storage_free(sp);
return 0;
}
kadm5_ret_t
kadm5_log_foreach (kadm5_server_context *context,
void (*func)(kadm5_server_context *server_context,
uint32_t ver,
time_t timestamp,
enum kadm_ops op,
uint32_t len,
krb5_storage *,
void *),
void *ctx)
{
int fd = context->log_context.log_fd;
krb5_storage *sp;
lseek (fd, 0, SEEK_SET);
sp = krb5_storage_from_fd (fd);
for (;;) {
int32_t ver, timestamp, op, len, len2, ver2;
if(krb5_ret_int32 (sp, &ver) != 0)
break;
krb5_ret_int32 (sp, ×tamp);
krb5_ret_int32 (sp, &op);
krb5_ret_int32 (sp, &len);
(*func)(context, ver, timestamp, op, len, sp, ctx);
krb5_ret_int32 (sp, &len2);
krb5_ret_int32 (sp, &ver2);
if (len != len2)
abort();
if (ver != ver2)
abort();
}
krb5_storage_free(sp);
return 0;
}
static krb5_error_code
fkt_start_seq_get_int(krb5_context context,
krb5_keytab id,
int flags,
int exclusive,
krb5_kt_cursor *c)
{
int8_t pvno, tag;
krb5_error_code ret;
struct fkt_data *d = id->data;
c->fd = open (d->filename, flags);
if (c->fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("keytab %s open failed: %s", ""),
d->filename, strerror(ret));
return ret;
}
rk_cloexec(c->fd);
ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
if (ret) {
close(c->fd);
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
if (c->sp == NULL) {
_krb5_xunlock(context, c->fd);
close(c->fd);
return krb5_enomem(context);
}
krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
ret = krb5_ret_int8(c->sp, &pvno);
if(ret) {
krb5_storage_free(c->sp);
_krb5_xunlock(context, c->fd);
close(c->fd);
krb5_clear_error_message(context);
return ret;
}
if(pvno != 5) {
krb5_storage_free(c->sp);
_krb5_xunlock(context, c->fd);
close(c->fd);
krb5_clear_error_message (context);
return KRB5_KEYTAB_BADVNO;
}
ret = krb5_ret_int8(c->sp, &tag);
if (ret) {
krb5_storage_free(c->sp);
_krb5_xunlock(context, c->fd);
close(c->fd);
krb5_clear_error_message(context);
return ret;
}
id->version = tag;
storage_set_flags(context, c->sp, id->version);
return 0;
}
krb5_storage *
kadm5_log_goto_end (int fd)
{
krb5_storage *sp;
sp = krb5_storage_from_fd (fd);
krb5_storage_seek(sp, 0, SEEK_END);
return sp;
}
kadm5_ret_t
_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply)
{
krb5_error_code ret;
krb5_data data;
krb5_storage *sock;
sock = krb5_storage_from_fd(context->sock);
if(sock == NULL)
return ENOMEM;
ret = krb5_ret_data(sock, &data);
krb5_storage_free(sock);
if(ret == KRB5_CC_END)
return KADM5_RPC_ERROR;
else if(ret)
return ret;
ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL);
krb5_data_free(&data);
return ret;
}
int
dovecot_server(void *argptr, int argc, char **argv)
{
krb5_storage *sp;
int fd = 0;
sp = krb5_storage_from_fd(fd);
if (sp == NULL)
errx(1, "krb5_storage_from_fd");
krb5_store_stringnl(sp, "MECH\tGSSAPI");
krb5_store_stringnl(sp, "VERSION\t1\t0");
krb5_store_stringnl(sp, "DONE");
while (1) {
char *cmd;
if (krb5_ret_stringnl(sp, &cmd) != 0)
break;
printf("cmd: %s\n", cmd);
free(cmd);
}
return 0;
}
kadm5_ret_t
kadm5_log_get_version_fd (int fd,
u_int32_t *ver)
{
int ret;
krb5_storage *sp;
int32_t old_version;
ret = lseek (fd, 0, SEEK_END);
if(ret < 0)
return errno;
if(ret == 0) {
*ver = 0;
return 0;
}
sp = krb5_storage_from_fd (fd);
krb5_storage_seek(sp, -4, SEEK_CUR);
krb5_ret_int32 (sp, &old_version);
*ver = old_version;
krb5_storage_free(sp);
lseek (fd, 0, SEEK_END);
return 0;
}
static int
HandleOP(SetLoggingSocket)
{
int32_t portnum;
int fd, ret;
ret32(c, portnum);
logmessage(c, __FILE__, __LINE__, 0,
"logging port on peer is: %d", (int)portnum);
socket_set_port((struct sockaddr *)(&c->sa), htons(portnum));
fd = socket(((struct sockaddr *)&c->sa)->sa_family, SOCK_STREAM, 0);
if (fd < 0)
return 0;
ret = connect(fd, (struct sockaddr *)&c->sa, c->salen);
if (ret < 0) {
logmessage(c, __FILE__, __LINE__, 0, "failed connect to log port: %s",
strerror(errno));
close(fd);
return 0;
}
if (c->logging)
krb5_storage_free(c->logging);
c->logging = krb5_storage_from_fd(fd);
close(fd);
krb5_store_int32(c->logging, eLogSetMoniker);
store_string(c->logging, c->moniker);
logmessage(c, __FILE__, __LINE__, 0, "logging turned on");
return 0;
}
static void
connect_client(const char *slave)
{
char *name, *port;
struct client *c = ecalloc(1, sizeof(*c));
struct addrinfo hints, *res0, *res;
int ret, fd;
name = estrdup(slave);
port = strchr(name, ':');
if (port == NULL)
errx(1, "port missing from %s", name);
*port++ = 0;
c->name = estrdup(slave);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
ret = getaddrinfo(name, port, &hints, &res0);
if (ret)
errx(1, "error resolving %s", name);
for (res = res0, fd = -1; res; res = res->ai_next) {
fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (fd < 0)
continue;
if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
close(fd);
fd = -1;
continue;
}
c->sa = ecalloc(1, res->ai_addrlen);
memcpy(c->sa, res->ai_addr, res->ai_addrlen);
c->salen = res->ai_addrlen;
break; /* okay we got one */
}
if (fd < 0)
err(1, "connect to host: %s", name);
freeaddrinfo(res);
c->sock = krb5_storage_from_fd(fd);
close(fd);
if (c->sock == NULL)
errx(1, "krb5_storage_from_fd");
{
int32_t version;
char *str = NULL;
get_version_capa(c, &version, &c->capabilities, &str);
if (str) {
free(str);
}
if (c->capabilities & HAS_MONIKER)
get_moniker(c, &c->moniker);
else
c->moniker = c->name;
if (c->capabilities & ISSERVER)
get_targetname(c, &c->target_name);
}
if (logfile) {
int fd;
printf("starting log socket to client %s\n", c->moniker);
fd = wait_log(c);
c->logsock = krb5_storage_from_fd(fd);
close(fd);
if (c->logsock == NULL)
errx(1, "failed to create log krb5_storage");
#ifdef ENABLE_PTHREAD_SUPPORT
pthread_create(&c->thr, NULL, log_function, c);
#else
c->child = fork();
if (c->child == -1)
errx(1, "failed to fork");
else if (c->child == 0) {
log_function(c);
fclose(logfile);
exit(0);
}
#endif
}
clients = erealloc(clients, (num_clients + 1) * sizeof(*clients));
clients[num_clients] = c;
num_clients++;
free(name);
}
static krb5_error_code
akf_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
{
struct akf_data *d = id->data;
int fd, created = 0;
krb5_error_code ret;
int32_t len;
krb5_storage *sp;
if (entry->keyblock.keyvalue.length != 8
|| entry->keyblock.keytype != ETYPE_DES_CBC_MD5)
return 0;
fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) {
fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
created = 1;
}
sp = krb5_storage_from_fd(fd);
if(sp == NULL) {
close(fd);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
if (created)
len = 0;
else {
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_ret_int32(sp, &len);
if(ret) {
krb5_storage_free(sp);
close(fd);
return ret;
}
}
len++;
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_store_int32(sp, len);
if(ret) {
krb5_storage_free(sp);
close(fd);
return ret;
}
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_store_int32(sp, entry->vno);
if(ret) {
krb5_storage_free(sp);
close(fd);
return ret;
}
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
entry->keyblock.keyvalue.length);
if(ret != entry->keyblock.keyvalue.length) {
krb5_storage_free(sp);
close(fd);
if(ret < 0)
return errno;
return ENOTTY;
}
krb5_storage_free(sp);
close (fd);
return 0;
}
static krb5_error_code KRB5_CALLCONV
akf_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
{
struct akf_data *d = id->data;
int fd, created = 0;
krb5_error_code ret;
int32_t len;
krb5_storage *sp;
if (entry->keyblock.keyvalue.length != 8)
return 0;
switch(entry->keyblock.keytype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
break;
default:
return 0;
}
fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
if (fd < 0) {
fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("open keyfile(%s): %s", ""),
d->filename,
strerror(ret));
return ret;
}
created = 1;
}
sp = krb5_storage_from_fd(fd);
if(sp == NULL) {
close(fd);
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
if (created)
len = 0;
else {
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_message(context, ret,
N_("seeking in keyfile: %s", ""),
strerror(ret));
return ret;
}
ret = krb5_ret_int32(sp, &len);
if(ret) {
krb5_storage_free(sp);
close(fd);
return ret;
}
}
/*
* Make sure we don't add the entry twice, assumes the DES
* encryption types are all the same key.
*/
if (len > 0) {
int32_t kvno;
int i;
for (i = 0; i < len; i++) {
ret = krb5_ret_int32(sp, &kvno);
if (ret) {
krb5_set_error_message (context, ret,
N_("Failed getting kvno from keyfile", ""));
goto out;
}
if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
ret = errno;
krb5_set_error_message (context, ret,
N_("Failed seeing in keyfile: %s", ""),
strerror(ret));
goto out;
}
if (kvno == entry->vno) {
ret = 0;
goto out;
}
}
}
len++;
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_set_error_message (context, ret,
N_("Failed seeing in keyfile: %s", ""),
strerror(ret));
goto out;
}
ret = krb5_store_int32(sp, len);
if(ret) {
ret = errno;
krb5_set_error_message (context, ret,
N_("keytab keyfile failed new length", ""));
return ret;
}
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno;
krb5_set_error_message (context, ret,
N_("seek to end: %s", ""), strerror(ret));
goto out;
}
ret = krb5_store_int32(sp, entry->vno);
if(ret) {
krb5_set_error_message(context, ret,
N_("keytab keyfile failed store kvno", ""));
goto out;
}
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
entry->keyblock.keyvalue.length);
if(ret != entry->keyblock.keyvalue.length) {
if (ret < 0)
ret = errno;
else
ret = ENOTTY;
krb5_set_error_message(context, ret,
N_("keytab keyfile failed to add key", ""));
goto out;
}
ret = 0;
out:
krb5_storage_free(sp);
close (fd);
return ret;
}
static krb5_error_code KRB5_CALLCONV
fkt_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
{
int ret;
int fd;
krb5_storage *sp;
struct fkt_data *d = id->data;
krb5_data keytab;
int32_t len;
fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
if (fd < 0) {
fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("open(%s): %s", ""), d->filename,
strerror(ret));
return ret;
}
rk_cloexec(fd);
ret = _krb5_xlock(context, fd, 1, d->filename);
if (ret) {
close(fd);
return ret;
}
sp = krb5_storage_from_fd(fd);
krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = fkt_setup_keytab(context, id, sp);
if(ret) {
goto out;
}
storage_set_flags(context, sp, id->version);
} else {
int8_t pvno, tag;
rk_cloexec(fd);
ret = _krb5_xlock(context, fd, 1, d->filename);
if (ret) {
close(fd);
return ret;
}
sp = krb5_storage_from_fd(fd);
krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = krb5_ret_int8(sp, &pvno);
if(ret) {
/* we probably have a zero byte file, so try to set it up
properly */
ret = fkt_setup_keytab(context, id, sp);
if(ret) {
krb5_set_error_message(context, ret,
N_("%s: keytab is corrupted: %s", ""),
d->filename, strerror(ret));
goto out;
}
storage_set_flags(context, sp, id->version);
} else {
if(pvno != 5) {
ret = KRB5_KEYTAB_BADVNO;
krb5_set_error_message(context, ret,
N_("Bad version in keytab %s", ""),
d->filename);
goto out;
}
ret = krb5_ret_int8 (sp, &tag);
if (ret) {
krb5_set_error_message(context, ret,
N_("failed reading tag from "
"keytab %s", ""),
d->filename);
goto out;
}
id->version = tag;
storage_set_flags(context, sp, id->version);
}
}
{
krb5_storage *emem;
emem = krb5_storage_emem();
if(emem == NULL) {
ret = krb5_enomem(context);
goto out;
}
ret = krb5_kt_store_principal(context, emem, entry->principal);
if(ret) {
krb5_set_error_message(context, ret,
N_("Failed storing principal "
"in keytab %s", ""),
d->filename);
krb5_storage_free(emem);
goto out;
}
ret = krb5_store_int32 (emem, entry->timestamp);
if(ret) {
krb5_set_error_message(context, ret,
N_("Failed storing timpstamp "
"in keytab %s", ""),
d->filename);
krb5_storage_free(emem);
goto out;
}
ret = krb5_store_int8 (emem, entry->vno % 256);
if(ret) {
krb5_set_error_message(context, ret,
N_("Failed storing kvno "
"in keytab %s", ""),
d->filename);
krb5_storage_free(emem);
goto out;
}
ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock);
if(ret) {
krb5_storage_free(emem);
goto out;
}
if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
ret = krb5_store_int32 (emem, entry->vno);
if (ret) {
krb5_set_error_message(context, ret,
N_("Failed storing extended kvno "
"in keytab %s", ""),
d->filename);
krb5_storage_free(emem);
goto out;
}
ret = krb5_store_uint32 (emem, entry->flags);
if (ret) {
krb5_set_error_message(context, ret,
N_("Failed storing extended kvno "
"in keytab %s", ""),
d->filename);
krb5_storage_free(emem);
goto out;
}
}
ret = krb5_storage_to_data(emem, &keytab);
krb5_storage_free(emem);
if(ret) {
krb5_set_error_message(context, ret,
N_("Failed converting keytab entry "
"to memory block for keytab %s", ""),
d->filename);
goto out;
}
}
while(1) {
ret = krb5_ret_int32(sp, &len);
if(ret == KRB5_KT_END) {
len = keytab.length;
break;
}
if(len < 0) {
len = -len;
if(len >= (int)keytab.length) {
krb5_storage_seek(sp, -4, SEEK_CUR);
break;
}
}
krb5_storage_seek(sp, len, SEEK_CUR);
}
ret = krb5_store_int32(sp, len);
if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("Failed writing keytab block "
"in keytab %s: %s", ""),
d->filename, strerror(ret));
}
memset(keytab.data, 0, keytab.length);
krb5_data_free(&keytab);
out:
krb5_storage_free(sp);
_krb5_xunlock(context, fd);
close(fd);
return ret;
}
static krb5_error_code
fkt_add_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
{
int ret;
int fd;
krb5_storage *sp;
struct fkt_data *d = id->data;
krb5_data keytab;
int32_t len;
fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) {
fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
ret = _krb5_xlock(context, fd, 1, d->filename);
if (ret) {
close(fd);
return ret;
}
sp = krb5_storage_from_fd(fd);
krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = fkt_setup_keytab(context, id, sp);
if(ret) {
goto out;
}
storage_set_flags(context, sp, id->version);
} else {
int8_t pvno, tag;
ret = _krb5_xlock(context, fd, 1, d->filename);
if (ret) {
close(fd);
return ret;
}
sp = krb5_storage_from_fd(fd);
krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = krb5_ret_int8(sp, &pvno);
if(ret) {
/* we probably have a zero byte file, so try to set it up
properly */
ret = fkt_setup_keytab(context, id, sp);
if(ret) {
krb5_set_error_string(context, "%s: keytab is corrupted: %s",
d->filename, strerror(ret));
goto out;
}
storage_set_flags(context, sp, id->version);
} else {
if(pvno != 5) {
ret = KRB5_KEYTAB_BADVNO;
krb5_set_error_string(context, "%s: %s",
d->filename, strerror(ret));
goto out;
}
ret = krb5_ret_int8 (sp, &tag);
if (ret) {
krb5_set_error_string(context, "%s: reading tag: %s",
d->filename, strerror(ret));
goto out;
}
id->version = tag;
storage_set_flags(context, sp, id->version);
}
}
{
krb5_storage *emem;
emem = krb5_storage_emem();
if(emem == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
ret = krb5_kt_store_principal(context, emem, entry->principal);
if(ret) {
krb5_storage_free(emem);
goto out;
}
ret = krb5_store_int32 (emem, entry->timestamp);
if(ret) {
krb5_storage_free(emem);
goto out;
}
ret = krb5_store_int8 (emem, entry->vno % 256);
if(ret) {
krb5_storage_free(emem);
goto out;
}
ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
if(ret) {
krb5_storage_free(emem);
goto out;
}
if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
ret = krb5_store_int32 (emem, entry->vno);
if (ret) {
krb5_storage_free(emem);
goto out;
}
}
ret = krb5_storage_to_data(emem, &keytab);
krb5_storage_free(emem);
if(ret)
goto out;
}
while(1) {
ret = krb5_ret_int32(sp, &len);
if(ret == KRB5_KT_END) {
len = keytab.length;
break;
}
if(len < 0) {
len = -len;
if(len >= keytab.length) {
krb5_storage_seek(sp, -4, SEEK_CUR);
break;
}
}
krb5_storage_seek(sp, len, SEEK_CUR);
}
ret = krb5_store_int32(sp, len);
if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
ret = errno;
memset(keytab.data, 0, keytab.length);
krb5_data_free(&keytab);
out:
krb5_storage_free(sp);
_krb5_xunlock(context, fd);
close(fd);
return ret;
}
int
main(int argc, char **argv)
{
int i, s, done, print_body, gssapi_done, gssapi_started, optidx = 0;
const char *host, *page;
struct http_req req;
char *headers[99]; /* XXX */
int num_headers;
krb5_storage *sp;
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_name_t server = GSS_C_NO_NAME;
gss_OID mech_oid, cred_mech_oid;
OM_uint32 flags;
OM_uint32 maj_stat, min_stat;
setprogname(argv[0]);
if(getarg(http_args, num_http_args, argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
mech_oid = select_mech(mech);
if (cred_mech_str)
cred_mech_oid = select_mech(cred_mech_str);
else
cred_mech_oid = mech_oid;
if (argc != 1 && argc != 2)
errx(1, "usage: %s host [page]", getprogname());
host = argv[0];
if (argc == 2)
page = argv[1];
else
page = "/";
flags = 0;
if (delegate_flag)
flags |= GSS_C_DELEG_FLAG;
if (policy_flag)
flags |= GSS_C_DELEG_POLICY_FLAG;
if (mutual_flag)
flags |= GSS_C_MUTUAL_FLAG;
done = 0;
num_headers = 0;
gssapi_done = 0;
gssapi_started = 0;
if (client_str) {
gss_buffer_desc name_buffer;
gss_name_t name;
gss_OID_set mechset = GSS_C_NO_OID_SET;
name_buffer.value = client_str;
name_buffer.length = strlen(client_str);
maj_stat = gss_import_name(&min_stat, &name_buffer, GSS_C_NT_USER_NAME, &name);
if (maj_stat)
errx(1, "failed to import name");
if (cred_mech_oid) {
gss_create_empty_oid_set(&min_stat, &mechset);
gss_add_oid_set_member(&min_stat, cred_mech_oid, &mechset);
}
maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE,
mechset, GSS_C_INITIATE,
&client_cred, NULL, NULL);
gss_release_name(&min_stat, &name);
gss_release_oid_set(&min_stat, &mechset);
if (maj_stat)
errx(1, "failed to find cred of name %s", client_str);
}
{
gss_buffer_desc name_token;
char *name;
asprintf(&name, "%s@%s", gss_service, host);
name_token.length = strlen(name);
name_token.value = name;
maj_stat = gss_import_name(&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inport_name: %s", name);
free(name);
}
s = do_connect(host, port_str);
if (s < 0)
errx(1, "connection failed");
sp = krb5_storage_from_fd(s);
if (sp == NULL)
errx(1, "krb5_storage_from_fd");
do {
print_body = 0;
http_query(sp, host, page, headers, num_headers, &req);
for (i = 0 ; i < num_headers; i++)
free(headers[i]);
num_headers = 0;
if (strstr(req.response, " 200 ") != NULL) {
print_body = 1;
done = 1;
} else if (strstr(req.response, " 401 ") != NULL) {
if (http_find_header(&req, "WWW-Authenticate:") == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
}
if (!gssapi_done) {
const char *h = http_find_header(&req, "WWW-Authenticate:");
if (h == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
if (strncasecmp(h, "Negotiate", 9) == 0) {
gss_buffer_desc input_token, output_token;
if (verbose_flag)
printf("Negotiate found\n");
i = 9;
while(h[i] && isspace((unsigned char)h[i]))
i++;
if (h[i] != '\0') {
size_t len = strlen(&h[i]);
int slen;
if (len == 0)
errx(1, "invalid Negotiate token");
input_token.value = emalloc(len);
slen = base64_decode(&h[i], input_token.value);
if (slen < 0)
errx(1, "invalid base64 Negotiate token %s", &h[i]);
input_token.length = slen;
} else {
if (gssapi_started)
errx(1, "Negotiate already started");
gssapi_started = 1;
input_token.length = 0;
input_token.value = NULL;
}
if (strstr(req.response, " 200 ") != NULL)
sleep(1);
maj_stat =
gss_init_sec_context(&min_stat,
client_cred,
&context_hdl,
server,
mech_oid,
flags,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
NULL,
&output_token,
NULL,
NULL);
if (maj_stat == GSS_S_CONTINUE_NEEDED) {
} else if (maj_stat == GSS_S_COMPLETE) {
gss_name_t targ_name, src_name;
gss_buffer_desc name_buffer;
gss_OID mech_type;
gssapi_done = 1;
maj_stat = gss_inquire_context(&min_stat,
context_hdl,
&src_name,
&targ_name,
NULL,
&mech_type,
NULL,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inquire_context");
printf("Negotiate done: %s\n", mech);
maj_stat = gss_display_name(&min_stat,
src_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_print_errors(min_stat);
else
printf("Source: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_buffer(&min_stat, &name_buffer);
maj_stat = gss_display_name(&min_stat,
targ_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_print_errors(min_stat);
else
printf("Target: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_name(&min_stat, &targ_name);
gss_release_buffer(&min_stat, &name_buffer);
} else {
gss_err (1, min_stat, "gss_init_sec_context");
}
if (output_token.length) {
char *neg_token;
base64_encode(output_token.value,
(int)output_token.length,
&neg_token);
asprintf(&headers[0], "Authorization: Negotiate %s",
neg_token);
num_headers = 1;
free(neg_token);
gss_release_buffer(&min_stat, &output_token);
}
if (input_token.length)
free(input_token.value);
} else
done = 1;
} else
done = 1;
if (print_body || verbose_flag)
printf("%.*s\n", (int)req.body_size, (char *)req.body);
http_req_free(&req);
} while (!done);
if (gssapi_done == 0)
errx(1, "gssapi not done but http dance done");
krb5_storage_free(sp);
close(s);
return 0;
}
static int
send_complete (krb5_context context, slave *s, const char *database,
uint32_t current_version, uint32_t oldest_version,
uint32_t initial_log_tstamp)
{
krb5_error_code ret;
krb5_storage *dump = NULL;
uint32_t vno = 0;
krb5_data data;
int fd = -1;
struct stat st;
char *dfn;
ret = asprintf(&dfn, "%s/ipropd.dumpfile", hdb_db_dir(context));
if (ret == -1 || !dfn) {
krb5_warn(context, ENOMEM, "Cannot allocate memory");
return ENOMEM;
}
fd = open(dfn, O_CREAT|O_RDWR, 0600);
if (fd == -1) {
ret = errno;
krb5_warn(context, ret, "Cannot open/create iprop dumpfile %s", dfn);
free(dfn);
return ret;
}
free(dfn);
dump = krb5_storage_from_fd(fd);
if (!dump) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_from_fd");
goto done;
}
for (;;) {
ret = flock(fd, LOCK_SH);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "flock(fd, LOCK_SH)");
goto done;
}
if (krb5_storage_seek(dump, 0, SEEK_SET) == (off_t)-1) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_seek(dump, 0, SEEK_SET)");
goto done;
}
vno = 0;
ret = krb5_ret_uint32(dump, &vno);
if (ret && ret != HEIM_ERR_EOF) {
krb5_warn(context, ret, "krb5_ret_uint32(dump, &vno)");
goto done;
}
if (fstat(fd, &st) == -1) {
ret = errno;
krb5_warn(context, ret, "send_complete: could not stat dump file");
goto done;
}
/*
* If the current dump has an appropriate version, then we can
* break out of the loop and send the file below.
*/
if (ret == 0 && vno != 0 && st.st_mtime > initial_log_tstamp &&
vno >= oldest_version && vno <= current_version)
break;
if (verbose)
krb5_warnx(context, "send_complete: dumping HDB");
/*
* Otherwise, we may need to write a new dump file. We
* obtain an exclusive lock on the fd. Because this is
* not guaranteed to be an upgrade of our existing shared
* lock, someone else may have written a new dumpfile while
* we were waiting and so we must first check the vno of
* the dump to see if that happened. If it did, we need
* to go back to the top of the loop so that we can downgrade
* our lock to a shared one.
*/
ret = flock(fd, LOCK_EX);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "flock(fd, LOCK_EX)");
goto done;
}
ret = krb5_storage_seek(dump, 0, SEEK_SET);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_seek(dump, 0, SEEK_SET)");
goto done;
}
vno = 0;
ret = krb5_ret_uint32(dump, &vno);
if (ret && ret != HEIM_ERR_EOF) {
krb5_warn(context, ret, "krb5_ret_uint32(dump, &vno)");
goto done;
}
if (fstat(fd, &st) == -1) {
ret = errno;
krb5_warn(context, ret, "send_complete: could not stat dump file");
goto done;
}
/* check if someone wrote a better version for us */
if (ret == 0 && vno != 0 && st.st_mtime > initial_log_tstamp &&
vno >= oldest_version && vno <= current_version)
continue;
/* Now, we know that we must write a new dump file. */
ret = write_dump(context, dump, database, current_version);
if (ret)
goto done;
/*
* And we must continue to the top of the loop so that we can
* downgrade to a shared lock.
*/
}
/*
* Leaving the above loop, dump should have a ptr right after the initial
* 4 byte DB version number and we should have a shared lock on the file
* (which we may have just created), so we are reading to simply blast
* the data down the wire.
*/
for (;;) {
ret = krb5_ret_data(dump, &data);
if (ret == HEIM_ERR_EOF) {
ret = 0; /* EOF is not an error, it's success */
goto done;
}
if (ret) {
krb5_warn(context, ret, "krb5_ret_data(dump, &data)");
slave_dead(context, s);
goto done;
}
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
krb5_data_free(&data);
if (ret) {
krb5_warn (context, ret, "krb5_write_priv_message");
slave_dead(context, s);
goto done;
}
}
done:
if (!ret) {
s->version = vno;
slave_seen(s);
}
if (fd != -1)
close(fd);
if (dump)
krb5_storage_free(dump);
return ret;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_kdc_configuration *config;
krb5_storage *sp;
int fd, optidx = 0;
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed to parse configuration file");
ret = krb5_kdc_get_config(context, &config);
if (ret)
krb5_err(context, 1, ret, "krb5_kdc_default_config");
kdc_openlog(context, "kdc-replay", config);
ret = krb5_kdc_set_dbinfo(context, config);
if (ret)
krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
#ifdef PKINIT
if (config->enable_pkinit) {
if (config->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
if (config->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
krb5_kdc_pk_initialize(context, config,
config->pkinit_kdc_identity,
config->pkinit_kdc_anchors,
config->pkinit_kdc_cert_pool,
config->pkinit_kdc_revoke);
}
#endif /* PKINIT */
if (argc != 2)
errx(1, "argc != 2");
printf("kdc replay\n");
fd = open(argv[1], O_RDONLY);
if (fd < 0)
err(1, "open: %s", argv[1]);
sp = krb5_storage_from_fd(fd);
if (sp == NULL)
krb5_errx(context, 1, "krb5_storage_from_fd");
while(1) {
struct sockaddr_storage sa;
krb5_socklen_t salen = sizeof(sa);
struct timeval tv;
krb5_address a;
krb5_data d, r;
uint32_t t, clty, tag;
char astr[80];
ret = krb5_ret_uint32(sp, &t);
if (ret == HEIM_ERR_EOF)
break;
else if (ret)
krb5_errx(context, 1, "krb5_ret_uint32(version)");
if (t != 1)
krb5_errx(context, 1, "version not 1");
ret = krb5_ret_uint32(sp, &t);
if (ret)
krb5_errx(context, 1, "krb5_ret_uint32(time)");
ret = krb5_ret_address(sp, &a);
if (ret)
krb5_errx(context, 1, "krb5_ret_address");
ret = krb5_ret_data(sp, &d);
if (ret)
krb5_errx(context, 1, "krb5_ret_data");
ret = krb5_ret_uint32(sp, &clty);
if (ret)
krb5_errx(context, 1, "krb5_ret_uint32(class|type)");
ret = krb5_ret_uint32(sp, &tag);
if (ret)
krb5_errx(context, 1, "krb5_ret_uint32(tag)");
ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa,
&salen, 88);
if (ret == KRB5_PROG_ATYPE_NOSUPP)
goto out;
else if (ret)
krb5_err(context, 1, ret, "krb5_addr2sockaddr");
ret = krb5_print_address(&a, astr, sizeof(astr), NULL);
if (ret)
krb5_err(context, 1, ret, "krb5_print_address");
printf("processing request from %s, %lu bytes\n",
astr, (unsigned long)d.length);
r.length = 0;
r.data = NULL;
tv.tv_sec = t;
tv.tv_usec = 0;
krb5_kdc_update_time(&tv);
krb5_set_real_time(context, tv.tv_sec, 0);
ret = krb5_kdc_process_request(context, config, d.data, d.length,
&r, NULL, astr,
(struct sockaddr *)&sa, 0);
if (ret)
krb5_err(context, 1, ret, "krb5_kdc_process_request");
if (r.length) {
Der_class cl;
Der_type ty;
unsigned int tag2;
ret = der_get_tag (r.data, r.length,
&cl, &ty, &tag2, NULL);
if (MAKE_TAG(cl, ty, 0) != clty)
krb5_errx(context, 1, "class|type mismatch: %d != %d",
(int)MAKE_TAG(cl, ty, 0), (int)clty);
if (tag != tag2)
krb5_errx(context, 1, "tag mismatch");
krb5_data_free(&r);
} else {
if (clty != 0xffffffff)
krb5_errx(context, 1, "clty not invalid");
if (tag != 0xffffffff)
krb5_errx(context, 1, "tag not invalid");
}
out:
krb5_data_free(&d);
krb5_free_address(context, &a);
}
krb5_storage_free(sp);
krb5_free_context(context);
printf("done\n");
return 0;
}
int
main(int argc, char **argv)
{
krb5_context context;
krb5_error_code ret;
int fd, optidx = 0;
krb5_storage *sp;
const char *fn = "test-store-data";
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
/*
* Test encoding/decoding of primotive types on diffrent backends
*/
sp = krb5_storage_emem();
if (sp == NULL)
krb5_errx(context, 1, "krb5_storage_emem: no mem");
test_storage(context, sp);
check_too_large(context, sp);
krb5_storage_free(sp);
fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600);
if (fd < 0)
krb5_err(context, 1, errno, "open(%s)", fn);
sp = krb5_storage_from_fd(fd);
close(fd);
if (sp == NULL)
krb5_errx(context, 1, "krb5_storage_from_fd: %s no mem", fn);
test_storage(context, sp);
krb5_storage_free(sp);
unlink(fn);
/*
* test truncate behavior
*/
fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600);
if (fd < 0)
krb5_err(context, 1, errno, "open(%s)", fn);
sp = krb5_storage_from_fd(fd);
if (sp == NULL)
krb5_errx(context, 1, "krb5_storage_from_fd: %s no mem", fn);
test_truncate(context, sp, fd);
krb5_storage_free(sp);
close(fd);
unlink(fn);
krb5_free_context(context);
return 0;
}
static krb5_error_code
init_fcc (krb5_context context,
krb5_ccache id,
krb5_storage **ret_sp,
int *ret_fd)
{
int fd;
int8_t pvno, tag;
krb5_storage *sp;
krb5_error_code ret;
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
sp = krb5_storage_from_fd(fd);
if(sp == NULL) {
krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
krb5_storage_set_eof_code(sp, KRB5_CC_END);
ret = krb5_ret_int8(sp, &pvno);
if(ret != 0) {
if(ret == KRB5_CC_END) {
ret = ENOENT;
krb5_set_error_message(context, ret,
N_("Empty credential cache file: %s", ""),
FILENAME(id));
} else
krb5_set_error_message(context, ret, N_("Error reading pvno "
"in cache file: %s", ""),
FILENAME(id));
goto out;
}
if(pvno != 5) {
ret = KRB5_CCACHE_BADVNO;
krb5_set_error_message(context, ret, N_("Bad version number in credential "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
if(ret != 0) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret, "Error reading tag in "
"cache file: %s", FILENAME(id));
goto out;
}
FCACHE(id)->version = tag;
storage_set_flags(context, sp, FCACHE(id)->version);
switch (tag) {
case KRB5_FCC_FVNO_4: {
int16_t length;
ret = krb5_ret_int16 (sp, &length);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading tag length in "
"cache file: %s", ""), FILENAME(id));
goto out;
}
while(length > 0) {
int16_t dtag, data_len;
int i;
int8_t dummy;
ret = krb5_ret_int16 (sp, &dtag);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret, N_("Error reading dtag in "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
ret = krb5_ret_int16 (sp, &data_len);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading dlength "
"in cache file: %s",""),
FILENAME(id));
goto out;
}
switch (dtag) {
case FCC_TAG_DELTATIME :
ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading kdc_sec in "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading kdc_usec in "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
break;
default :
for (i = 0; i < data_len; ++i) {
ret = krb5_ret_int8 (sp, &dummy);
if(ret) {
ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret,
N_("Error reading unknown "
"tag in cache file: %s", ""),
FILENAME(id));
goto out;
}
}
break;
}
length -= 4 + data_len;
}
break;
}
case KRB5_FCC_FVNO_3:
case KRB5_FCC_FVNO_2:
case KRB5_FCC_FVNO_1:
break;
default :
ret = KRB5_CCACHE_BADVNO;
krb5_set_error_message(context, ret,
N_("Unknown version number (%d) in "
"credential cache file: %s", ""),
(int)tag, FILENAME(id));
goto out;
}
*ret_sp = sp;
*ret_fd = fd;
return 0;
out:
if(sp != NULL)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
return ret;
}
int
krb5_kdc_save_request(krb5_context context,
const char *fn,
const unsigned char *buf,
size_t len,
const krb5_data *reply,
const struct sockaddr *sa)
{
krb5_storage *sp;
krb5_address a;
int fd, ret;
uint32_t t;
krb5_data d;
memset(&a, 0, sizeof(a));
d.data = rk_UNCONST(buf);
d.length = len;
t = _kdc_now.tv_sec;
fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
if (fd < 0) {
int saved_errno = errno;
krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn);
return saved_errno;
}
sp = krb5_storage_from_fd(fd);
close(fd);
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, "Storage failed to open fd");
return ENOMEM;
}
ret = krb5_sockaddr2address(context, sa, &a);
if (ret)
goto out;
krb5_store_uint32(sp, 1);
krb5_store_uint32(sp, t);
krb5_store_address(sp, a);
krb5_store_data(sp, d);
{
Der_class cl;
Der_type ty;
unsigned int tag;
ret = der_get_tag (reply->data, reply->length,
&cl, &ty, &tag, NULL);
if (ret) {
krb5_store_uint32(sp, 0xffffffff);
krb5_store_uint32(sp, 0xffffffff);
} else {
krb5_store_uint32(sp, MAKE_TAG(cl, ty, 0));
krb5_store_uint32(sp, tag);
}
}
krb5_free_address(context, &a);
out:
krb5_storage_free(sp);
return 0;
}