1*0a6a1f1dSLionel Sambuc /* $NetBSD: mit_dump.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc /*
4ebfedea0SLionel Sambuc * Copyright (c) 2000 Kungliga Tekniska Högskolan
5ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden).
6ebfedea0SLionel Sambuc * All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc * are met:
11ebfedea0SLionel Sambuc *
12ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
13ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
14ebfedea0SLionel Sambuc *
15ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
16ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
17ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
18ebfedea0SLionel Sambuc *
19ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors
20ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software
21ebfedea0SLionel Sambuc * without specific prior written permission.
22ebfedea0SLionel Sambuc *
23ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33ebfedea0SLionel Sambuc * SUCH DAMAGE.
34ebfedea0SLionel Sambuc */
35ebfedea0SLionel Sambuc
36ebfedea0SLionel Sambuc #include "hprop.h"
37ebfedea0SLionel Sambuc
38ebfedea0SLionel Sambuc /*
39ebfedea0SLionel Sambuc can have any number of princ stanzas.
40ebfedea0SLionel Sambuc format is as follows (only \n indicates newlines)
41ebfedea0SLionel Sambuc princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
42ebfedea0SLionel Sambuc %d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU)
43ebfedea0SLionel Sambuc %d\t (number of tl_data)
44ebfedea0SLionel Sambuc %d\t (number of key data, e.g. how many keys for this user)
45ebfedea0SLionel Sambuc %d\t (extra data length)
46ebfedea0SLionel Sambuc %s\t (principal name)
47ebfedea0SLionel Sambuc %d\t (attributes)
48ebfedea0SLionel Sambuc %d\t (max lifetime, seconds)
49ebfedea0SLionel Sambuc %d\t (max renewable life, seconds)
50ebfedea0SLionel Sambuc %d\t (expiration, seconds since epoch or 2145830400 for never)
51ebfedea0SLionel Sambuc %d\t (password expiration, seconds, 0 for never)
52ebfedea0SLionel Sambuc %d\t (last successful auth, seconds since epoch)
53ebfedea0SLionel Sambuc %d\t (last failed auth, per above)
54ebfedea0SLionel Sambuc %d\t (failed auth count)
55ebfedea0SLionel Sambuc foreach tl_data 0 to number of tl_data - 1 as above
56ebfedea0SLionel Sambuc %d\t%d\t (data type, data length)
57ebfedea0SLionel Sambuc foreach tl_data 0 to length-1
58ebfedea0SLionel Sambuc %02x (tl data contents[element n])
59ebfedea0SLionel Sambuc except if tl_data length is 0
60ebfedea0SLionel Sambuc %d (always -1)
61ebfedea0SLionel Sambuc \t
62ebfedea0SLionel Sambuc foreach key 0 to number of keys - 1 as above
63ebfedea0SLionel Sambuc %d\t%d\t (key data version, kvno)
64ebfedea0SLionel Sambuc foreach version 0 to key data version - 1 (a key or a salt)
65ebfedea0SLionel Sambuc %d\t%d\t(data type for this key, data length for this key)
66ebfedea0SLionel Sambuc foreach key data length 0 to length-1
67ebfedea0SLionel Sambuc %02x (key data contents[element n])
68ebfedea0SLionel Sambuc except if key_data length is 0
69ebfedea0SLionel Sambuc %d (always -1)
70ebfedea0SLionel Sambuc \t
71ebfedea0SLionel Sambuc foreach extra data length 0 to length - 1
72ebfedea0SLionel Sambuc %02x (extra data part)
73ebfedea0SLionel Sambuc unless no extra data
74ebfedea0SLionel Sambuc %d (always -1)
75ebfedea0SLionel Sambuc ;\n
76ebfedea0SLionel Sambuc
77ebfedea0SLionel Sambuc */
78ebfedea0SLionel Sambuc
79ebfedea0SLionel Sambuc static int
hex_to_octet_string(const char * ptr,krb5_data * data)80ebfedea0SLionel Sambuc hex_to_octet_string(const char *ptr, krb5_data *data)
81ebfedea0SLionel Sambuc {
82*0a6a1f1dSLionel Sambuc size_t i;
83ebfedea0SLionel Sambuc unsigned int v;
84ebfedea0SLionel Sambuc for(i = 0; i < data->length; i++) {
85ebfedea0SLionel Sambuc if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
86ebfedea0SLionel Sambuc return -1;
87ebfedea0SLionel Sambuc ((unsigned char*)data->data)[i] = v;
88ebfedea0SLionel Sambuc }
89ebfedea0SLionel Sambuc return 2 * i;
90ebfedea0SLionel Sambuc }
91ebfedea0SLionel Sambuc
92ebfedea0SLionel Sambuc static char *
nexttoken(char ** p)93ebfedea0SLionel Sambuc nexttoken(char **p)
94ebfedea0SLionel Sambuc {
95ebfedea0SLionel Sambuc char *q;
96ebfedea0SLionel Sambuc do {
97ebfedea0SLionel Sambuc q = strsep(p, " \t");
98ebfedea0SLionel Sambuc } while(q && *q == '\0');
99ebfedea0SLionel Sambuc return q;
100ebfedea0SLionel Sambuc }
101ebfedea0SLionel Sambuc
102ebfedea0SLionel Sambuc static size_t
getdata(char ** p,unsigned char * buf,size_t len)103ebfedea0SLionel Sambuc getdata(char **p, unsigned char *buf, size_t len)
104ebfedea0SLionel Sambuc {
105ebfedea0SLionel Sambuc size_t i;
106ebfedea0SLionel Sambuc int v;
107ebfedea0SLionel Sambuc char *q = nexttoken(p);
108ebfedea0SLionel Sambuc i = 0;
109ebfedea0SLionel Sambuc while(*q && i < len) {
110ebfedea0SLionel Sambuc if(sscanf(q, "%02x", &v) != 1)
111ebfedea0SLionel Sambuc break;
112ebfedea0SLionel Sambuc buf[i++] = v;
113ebfedea0SLionel Sambuc q += 2;
114ebfedea0SLionel Sambuc }
115ebfedea0SLionel Sambuc return i;
116ebfedea0SLionel Sambuc }
117ebfedea0SLionel Sambuc
118ebfedea0SLionel Sambuc static int
getint(char ** p)119ebfedea0SLionel Sambuc getint(char **p)
120ebfedea0SLionel Sambuc {
121ebfedea0SLionel Sambuc int val;
122ebfedea0SLionel Sambuc char *q = nexttoken(p);
123ebfedea0SLionel Sambuc sscanf(q, "%d", &val);
124ebfedea0SLionel Sambuc return val;
125ebfedea0SLionel Sambuc }
126ebfedea0SLionel Sambuc
127ebfedea0SLionel Sambuc #include <kadm5/admin.h>
128ebfedea0SLionel Sambuc
129ebfedea0SLionel Sambuc static void
attr_to_flags(unsigned attr,HDBFlags * flags)130ebfedea0SLionel Sambuc attr_to_flags(unsigned attr, HDBFlags *flags)
131ebfedea0SLionel Sambuc {
132ebfedea0SLionel Sambuc flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
133ebfedea0SLionel Sambuc flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
134ebfedea0SLionel Sambuc flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
135ebfedea0SLionel Sambuc flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
136ebfedea0SLionel Sambuc flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
137ebfedea0SLionel Sambuc /* DUP_SKEY */
138ebfedea0SLionel Sambuc flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
139ebfedea0SLionel Sambuc flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
140ebfedea0SLionel Sambuc flags->require_hwauth = !!(attr & KRB5_KDB_REQUIRES_HW_AUTH);
141ebfedea0SLionel Sambuc flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
142ebfedea0SLionel Sambuc flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
143ebfedea0SLionel Sambuc flags->client = 1; /* XXX */
144ebfedea0SLionel Sambuc }
145ebfedea0SLionel Sambuc
146ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_NORMAL 0
147ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_V4 1
148ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_NOREALM 2
149ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_ONLYREALM 3
150ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_SPECIAL 4
151ebfedea0SLionel Sambuc #define KRB5_KDB_SALTTYPE_AFS3 5
152ebfedea0SLionel Sambuc
153ebfedea0SLionel Sambuc static krb5_error_code
fix_salt(krb5_context context,hdb_entry * ent,int key_num)154ebfedea0SLionel Sambuc fix_salt(krb5_context context, hdb_entry *ent, int key_num)
155ebfedea0SLionel Sambuc {
156ebfedea0SLionel Sambuc krb5_error_code ret;
157ebfedea0SLionel Sambuc Salt *salt = ent->keys.val[key_num].salt;
158ebfedea0SLionel Sambuc /* fix salt type */
159ebfedea0SLionel Sambuc switch((int)salt->type) {
160ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_NORMAL:
161ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_PW_SALT;
162ebfedea0SLionel Sambuc break;
163ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_V4:
164ebfedea0SLionel Sambuc krb5_data_free(&salt->salt);
165ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_PW_SALT;
166ebfedea0SLionel Sambuc break;
167ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_NOREALM:
168ebfedea0SLionel Sambuc {
169ebfedea0SLionel Sambuc size_t len;
170*0a6a1f1dSLionel Sambuc size_t i;
171ebfedea0SLionel Sambuc char *p;
172ebfedea0SLionel Sambuc
173ebfedea0SLionel Sambuc len = 0;
174ebfedea0SLionel Sambuc for (i = 0; i < ent->principal->name.name_string.len; ++i)
175ebfedea0SLionel Sambuc len += strlen(ent->principal->name.name_string.val[i]);
176ebfedea0SLionel Sambuc ret = krb5_data_alloc (&salt->salt, len);
177ebfedea0SLionel Sambuc if (ret)
178ebfedea0SLionel Sambuc return ret;
179ebfedea0SLionel Sambuc p = salt->salt.data;
180ebfedea0SLionel Sambuc for (i = 0; i < ent->principal->name.name_string.len; ++i) {
181ebfedea0SLionel Sambuc memcpy (p,
182ebfedea0SLionel Sambuc ent->principal->name.name_string.val[i],
183ebfedea0SLionel Sambuc strlen(ent->principal->name.name_string.val[i]));
184ebfedea0SLionel Sambuc p += strlen(ent->principal->name.name_string.val[i]);
185ebfedea0SLionel Sambuc }
186ebfedea0SLionel Sambuc
187ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_PW_SALT;
188ebfedea0SLionel Sambuc break;
189ebfedea0SLionel Sambuc }
190ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_ONLYREALM:
191ebfedea0SLionel Sambuc krb5_data_free(&salt->salt);
192ebfedea0SLionel Sambuc ret = krb5_data_copy(&salt->salt,
193ebfedea0SLionel Sambuc ent->principal->realm,
194ebfedea0SLionel Sambuc strlen(ent->principal->realm));
195ebfedea0SLionel Sambuc if(ret)
196ebfedea0SLionel Sambuc return ret;
197ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_PW_SALT;
198ebfedea0SLionel Sambuc break;
199ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_SPECIAL:
200ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_PW_SALT;
201ebfedea0SLionel Sambuc break;
202ebfedea0SLionel Sambuc case KRB5_KDB_SALTTYPE_AFS3:
203ebfedea0SLionel Sambuc krb5_data_free(&salt->salt);
204ebfedea0SLionel Sambuc ret = krb5_data_copy(&salt->salt,
205ebfedea0SLionel Sambuc ent->principal->realm,
206ebfedea0SLionel Sambuc strlen(ent->principal->realm));
207ebfedea0SLionel Sambuc if(ret)
208ebfedea0SLionel Sambuc return ret;
209ebfedea0SLionel Sambuc salt->type = KRB5_PADATA_AFS3_SALT;
210ebfedea0SLionel Sambuc break;
211ebfedea0SLionel Sambuc default:
212ebfedea0SLionel Sambuc abort();
213ebfedea0SLionel Sambuc }
214ebfedea0SLionel Sambuc return 0;
215ebfedea0SLionel Sambuc }
216ebfedea0SLionel Sambuc
217ebfedea0SLionel Sambuc int
mit_prop_dump(void * arg,const char * file)218ebfedea0SLionel Sambuc mit_prop_dump(void *arg, const char *file)
219ebfedea0SLionel Sambuc {
220ebfedea0SLionel Sambuc krb5_error_code ret;
221ebfedea0SLionel Sambuc char line [2048];
222ebfedea0SLionel Sambuc FILE *f;
223ebfedea0SLionel Sambuc int lineno = 0;
224ebfedea0SLionel Sambuc struct hdb_entry_ex ent;
225ebfedea0SLionel Sambuc
226ebfedea0SLionel Sambuc struct prop_data *pd = arg;
227ebfedea0SLionel Sambuc
228ebfedea0SLionel Sambuc f = fopen(file, "r");
229ebfedea0SLionel Sambuc if(f == NULL)
230ebfedea0SLionel Sambuc return errno;
231ebfedea0SLionel Sambuc
232ebfedea0SLionel Sambuc while(fgets(line, sizeof(line), f)) {
233ebfedea0SLionel Sambuc char *p = line, *q;
234ebfedea0SLionel Sambuc
235ebfedea0SLionel Sambuc int i;
236ebfedea0SLionel Sambuc
237ebfedea0SLionel Sambuc int num_tl_data;
238ebfedea0SLionel Sambuc int num_key_data;
239ebfedea0SLionel Sambuc int high_kvno;
240ebfedea0SLionel Sambuc int attributes;
241ebfedea0SLionel Sambuc
242ebfedea0SLionel Sambuc int tmp;
243ebfedea0SLionel Sambuc
244ebfedea0SLionel Sambuc lineno++;
245ebfedea0SLionel Sambuc
246ebfedea0SLionel Sambuc memset(&ent, 0, sizeof(ent));
247ebfedea0SLionel Sambuc
248ebfedea0SLionel Sambuc q = nexttoken(&p);
249ebfedea0SLionel Sambuc if(strcmp(q, "kdb5_util") == 0) {
250ebfedea0SLionel Sambuc int major;
251ebfedea0SLionel Sambuc q = nexttoken(&p); /* load_dump */
252ebfedea0SLionel Sambuc if(strcmp(q, "load_dump"))
253ebfedea0SLionel Sambuc errx(1, "line %d: unknown version", lineno);
254ebfedea0SLionel Sambuc q = nexttoken(&p); /* load_dump */
255ebfedea0SLionel Sambuc if(strcmp(q, "version"))
256ebfedea0SLionel Sambuc errx(1, "line %d: unknown version", lineno);
257ebfedea0SLionel Sambuc q = nexttoken(&p); /* x.0 */
258ebfedea0SLionel Sambuc if(sscanf(q, "%d", &major) != 1)
259ebfedea0SLionel Sambuc errx(1, "line %d: unknown version", lineno);
260ebfedea0SLionel Sambuc if(major != 4 && major != 5 && major != 6)
261ebfedea0SLionel Sambuc errx(1, "unknown dump file format, got %d, expected 4-6",
262ebfedea0SLionel Sambuc major);
263ebfedea0SLionel Sambuc continue;
264ebfedea0SLionel Sambuc } else if(strcmp(q, "policy") == 0) {
265ebfedea0SLionel Sambuc continue;
266ebfedea0SLionel Sambuc } else if(strcmp(q, "princ") != 0) {
267ebfedea0SLionel Sambuc warnx("line %d: not a principal", lineno);
268ebfedea0SLionel Sambuc continue;
269ebfedea0SLionel Sambuc }
270ebfedea0SLionel Sambuc tmp = getint(&p);
271ebfedea0SLionel Sambuc if(tmp != 38) {
272ebfedea0SLionel Sambuc warnx("line %d: bad base length %d != 38", lineno, tmp);
273ebfedea0SLionel Sambuc continue;
274ebfedea0SLionel Sambuc }
275ebfedea0SLionel Sambuc nexttoken(&p); /* length of principal */
276ebfedea0SLionel Sambuc num_tl_data = getint(&p); /* number of tl-data */
277ebfedea0SLionel Sambuc num_key_data = getint(&p); /* number of key-data */
278ebfedea0SLionel Sambuc getint(&p); /* length of extra data */
279ebfedea0SLionel Sambuc q = nexttoken(&p); /* principal name */
280ebfedea0SLionel Sambuc krb5_parse_name(pd->context, q, &ent.entry.principal);
281ebfedea0SLionel Sambuc attributes = getint(&p); /* attributes */
282ebfedea0SLionel Sambuc attr_to_flags(attributes, &ent.entry.flags);
283ebfedea0SLionel Sambuc tmp = getint(&p); /* max life */
284ebfedea0SLionel Sambuc if(tmp != 0) {
285ebfedea0SLionel Sambuc ALLOC(ent.entry.max_life);
286ebfedea0SLionel Sambuc *ent.entry.max_life = tmp;
287ebfedea0SLionel Sambuc }
288ebfedea0SLionel Sambuc tmp = getint(&p); /* max renewable life */
289ebfedea0SLionel Sambuc if(tmp != 0) {
290ebfedea0SLionel Sambuc ALLOC(ent.entry.max_renew);
291ebfedea0SLionel Sambuc *ent.entry.max_renew = tmp;
292ebfedea0SLionel Sambuc }
293ebfedea0SLionel Sambuc tmp = getint(&p); /* expiration */
294ebfedea0SLionel Sambuc if(tmp != 0 && tmp != 2145830400) {
295ebfedea0SLionel Sambuc ALLOC(ent.entry.valid_end);
296ebfedea0SLionel Sambuc *ent.entry.valid_end = tmp;
297ebfedea0SLionel Sambuc }
298ebfedea0SLionel Sambuc tmp = getint(&p); /* pw expiration */
299ebfedea0SLionel Sambuc if(tmp != 0) {
300ebfedea0SLionel Sambuc ALLOC(ent.entry.pw_end);
301ebfedea0SLionel Sambuc *ent.entry.pw_end = tmp;
302ebfedea0SLionel Sambuc }
303ebfedea0SLionel Sambuc nexttoken(&p); /* last auth */
304ebfedea0SLionel Sambuc nexttoken(&p); /* last failed auth */
305ebfedea0SLionel Sambuc nexttoken(&p); /* fail auth count */
306ebfedea0SLionel Sambuc for(i = 0; i < num_tl_data; i++) {
307ebfedea0SLionel Sambuc unsigned long val;
308ebfedea0SLionel Sambuc int tl_type, tl_length;
309ebfedea0SLionel Sambuc unsigned char *buf;
310ebfedea0SLionel Sambuc krb5_principal princ;
311ebfedea0SLionel Sambuc
312ebfedea0SLionel Sambuc tl_type = getint(&p); /* data type */
313ebfedea0SLionel Sambuc tl_length = getint(&p); /* data length */
314ebfedea0SLionel Sambuc
315ebfedea0SLionel Sambuc #define mit_KRB5_TL_LAST_PWD_CHANGE 1
316ebfedea0SLionel Sambuc #define mit_KRB5_TL_MOD_PRINC 2
317ebfedea0SLionel Sambuc switch(tl_type) {
318ebfedea0SLionel Sambuc case mit_KRB5_TL_LAST_PWD_CHANGE:
319ebfedea0SLionel Sambuc buf = malloc(tl_length);
320ebfedea0SLionel Sambuc if (buf == NULL)
321ebfedea0SLionel Sambuc errx(ENOMEM, "malloc");
322ebfedea0SLionel Sambuc getdata(&p, buf, tl_length); /* data itself */
323ebfedea0SLionel Sambuc val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
324ebfedea0SLionel Sambuc free(buf);
325ebfedea0SLionel Sambuc ALLOC(ent.entry.extensions);
326ebfedea0SLionel Sambuc ALLOC_SEQ(ent.entry.extensions, 1);
327ebfedea0SLionel Sambuc ent.entry.extensions->val[0].mandatory = 0;
328ebfedea0SLionel Sambuc ent.entry.extensions->val[0].data.element
329ebfedea0SLionel Sambuc = choice_HDB_extension_data_last_pw_change;
330ebfedea0SLionel Sambuc ent.entry.extensions->val[0].data.u.last_pw_change = val;
331ebfedea0SLionel Sambuc break;
332ebfedea0SLionel Sambuc case mit_KRB5_TL_MOD_PRINC:
333ebfedea0SLionel Sambuc buf = malloc(tl_length);
334ebfedea0SLionel Sambuc if (buf == NULL)
335ebfedea0SLionel Sambuc errx(ENOMEM, "malloc");
336ebfedea0SLionel Sambuc getdata(&p, buf, tl_length); /* data itself */
337ebfedea0SLionel Sambuc val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
338ebfedea0SLionel Sambuc ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ);
339ebfedea0SLionel Sambuc if (ret)
340ebfedea0SLionel Sambuc krb5_err(pd->context, 1, ret,
341ebfedea0SLionel Sambuc "parse_name: %s", (char *)buf + 4);
342ebfedea0SLionel Sambuc free(buf);
343ebfedea0SLionel Sambuc ALLOC(ent.entry.modified_by);
344ebfedea0SLionel Sambuc ent.entry.modified_by->time = val;
345ebfedea0SLionel Sambuc ent.entry.modified_by->principal = princ;
346ebfedea0SLionel Sambuc break;
347ebfedea0SLionel Sambuc default:
348ebfedea0SLionel Sambuc nexttoken(&p);
349ebfedea0SLionel Sambuc break;
350ebfedea0SLionel Sambuc }
351ebfedea0SLionel Sambuc }
352ebfedea0SLionel Sambuc ALLOC_SEQ(&ent.entry.keys, num_key_data);
353ebfedea0SLionel Sambuc high_kvno = -1;
354ebfedea0SLionel Sambuc for(i = 0; i < num_key_data; i++) {
355ebfedea0SLionel Sambuc int key_versions;
356ebfedea0SLionel Sambuc int kvno;
357ebfedea0SLionel Sambuc key_versions = getint(&p); /* key data version */
358ebfedea0SLionel Sambuc kvno = getint(&p);
359ebfedea0SLionel Sambuc
360ebfedea0SLionel Sambuc /*
361ebfedea0SLionel Sambuc * An MIT dump file may contain multiple sets of keys with
362ebfedea0SLionel Sambuc * different kvnos. Since the Heimdal database can only represent
363ebfedea0SLionel Sambuc * one kvno per principal, we only want the highest set. Assume
364ebfedea0SLionel Sambuc * that set will be given first, and discard all keys with lower
365ebfedea0SLionel Sambuc * kvnos.
366ebfedea0SLionel Sambuc */
367ebfedea0SLionel Sambuc if (kvno > high_kvno && high_kvno != -1)
368ebfedea0SLionel Sambuc errx(1, "line %d: high kvno keys given after low kvno keys",
369ebfedea0SLionel Sambuc lineno);
370ebfedea0SLionel Sambuc else if (kvno < high_kvno) {
371ebfedea0SLionel Sambuc nexttoken(&p); /* key type */
372ebfedea0SLionel Sambuc nexttoken(&p); /* key length */
373ebfedea0SLionel Sambuc nexttoken(&p); /* key */
374ebfedea0SLionel Sambuc if (key_versions > 1) {
375ebfedea0SLionel Sambuc nexttoken(&p); /* salt type */
376ebfedea0SLionel Sambuc nexttoken(&p); /* salt length */
377ebfedea0SLionel Sambuc nexttoken(&p); /* salt */
378ebfedea0SLionel Sambuc }
379ebfedea0SLionel Sambuc ent.entry.keys.len--;
380ebfedea0SLionel Sambuc continue;
381ebfedea0SLionel Sambuc }
382ebfedea0SLionel Sambuc ent.entry.kvno = kvno;
383ebfedea0SLionel Sambuc high_kvno = kvno;
384ebfedea0SLionel Sambuc ALLOC(ent.entry.keys.val[i].mkvno);
385ebfedea0SLionel Sambuc *ent.entry.keys.val[i].mkvno = 1;
386ebfedea0SLionel Sambuc
387ebfedea0SLionel Sambuc /* key version 0 -- actual key */
388ebfedea0SLionel Sambuc ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */
389ebfedea0SLionel Sambuc tmp = getint(&p); /* key length */
390ebfedea0SLionel Sambuc /* the first two bytes of the key is the key length --
391ebfedea0SLionel Sambuc skip it */
392ebfedea0SLionel Sambuc krb5_data_alloc(&ent.entry.keys.val[i].key.keyvalue, tmp - 2);
393ebfedea0SLionel Sambuc q = nexttoken(&p); /* key itself */
394ebfedea0SLionel Sambuc hex_to_octet_string(q + 4, &ent.entry.keys.val[i].key.keyvalue);
395ebfedea0SLionel Sambuc
396ebfedea0SLionel Sambuc if(key_versions > 1) {
397ebfedea0SLionel Sambuc /* key version 1 -- optional salt */
398ebfedea0SLionel Sambuc ALLOC(ent.entry.keys.val[i].salt);
399ebfedea0SLionel Sambuc ent.entry.keys.val[i].salt->type = getint(&p); /* salt type */
400ebfedea0SLionel Sambuc tmp = getint(&p); /* salt length */
401ebfedea0SLionel Sambuc if(tmp > 0) {
402ebfedea0SLionel Sambuc krb5_data_alloc(&ent.entry.keys.val[i].salt->salt, tmp - 2);
403ebfedea0SLionel Sambuc q = nexttoken(&p); /* salt itself */
404ebfedea0SLionel Sambuc hex_to_octet_string(q + 4,
405ebfedea0SLionel Sambuc &ent.entry.keys.val[i].salt->salt);
406ebfedea0SLionel Sambuc } else {
407ebfedea0SLionel Sambuc ent.entry.keys.val[i].salt->salt.length = 0;
408ebfedea0SLionel Sambuc ent.entry.keys.val[i].salt->salt.data = NULL;
409ebfedea0SLionel Sambuc getint(&p); /* -1, if no data. */
410ebfedea0SLionel Sambuc }
411ebfedea0SLionel Sambuc fix_salt(pd->context, &ent.entry, i);
412ebfedea0SLionel Sambuc }
413ebfedea0SLionel Sambuc }
414ebfedea0SLionel Sambuc nexttoken(&p); /* extra data */
415ebfedea0SLionel Sambuc v5_prop(pd->context, NULL, &ent, arg);
416ebfedea0SLionel Sambuc }
417ebfedea0SLionel Sambuc fclose(f);
418ebfedea0SLionel Sambuc return 0;
419ebfedea0SLionel Sambuc }
420