10Sstevel@tonic-gate /* 2*2881Smp153739 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 70Sstevel@tonic-gate 80Sstevel@tonic-gate /* 90Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 100Sstevel@tonic-gate * 110Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 120Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 130Sstevel@tonic-gate * source code before consulting with your legal department. 140Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 150Sstevel@tonic-gate * product before consulting with your legal department. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * For further information, read the top-level Openvision 180Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 190Sstevel@tonic-gate * copyright. 200Sstevel@tonic-gate * 210Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 220Sstevel@tonic-gate * 230Sstevel@tonic-gate */ 240Sstevel@tonic-gate 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * lib/kadm/str_conv.c 280Sstevel@tonic-gate * 290Sstevel@tonic-gate * Copyright 1995 by the Massachusetts Institute of Technology. 300Sstevel@tonic-gate * All Rights Reserved. 310Sstevel@tonic-gate * 320Sstevel@tonic-gate * Export of this software from the United States of America may 330Sstevel@tonic-gate * require a specific license from the United States Government. 340Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 350Sstevel@tonic-gate * export to obtain such a license before exporting. 360Sstevel@tonic-gate * 370Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 380Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 390Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 400Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 410Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 420Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 430Sstevel@tonic-gate * to distribution of the software without specific, written prior 440Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 450Sstevel@tonic-gate * your software as modified software and not distribute it in such a 460Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 470Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 480Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 490Sstevel@tonic-gate * or implied warranty. 500Sstevel@tonic-gate * 510Sstevel@tonic-gate */ 520Sstevel@tonic-gate 530Sstevel@tonic-gate /* 540Sstevel@tonic-gate * str_conv.c - Convert between strings and Kerberos internal data. 550Sstevel@tonic-gate */ 560Sstevel@tonic-gate 570Sstevel@tonic-gate /* 580Sstevel@tonic-gate * Table of contents: 590Sstevel@tonic-gate * 600Sstevel@tonic-gate * String decoding: 610Sstevel@tonic-gate * ---------------- 620Sstevel@tonic-gate * krb5_string_to_flags() - Convert string to krb5_flags. 630Sstevel@tonic-gate * 640Sstevel@tonic-gate * String encoding: 650Sstevel@tonic-gate * ---------------- 660Sstevel@tonic-gate * krb5_flags_to_string() - Convert krb5_flags to string. 670Sstevel@tonic-gate */ 680Sstevel@tonic-gate 690Sstevel@tonic-gate #include "k5-int.h" 700Sstevel@tonic-gate #include "admin_internal.h" 71*2881Smp153739 #include "adm_proto.h" 720Sstevel@tonic-gate 730Sstevel@tonic-gate /* 740Sstevel@tonic-gate * Local data structures. 750Sstevel@tonic-gate */ 760Sstevel@tonic-gate struct flags_lookup_entry { 770Sstevel@tonic-gate krb5_flags fl_flags; /* Flag */ 780Sstevel@tonic-gate krb5_boolean fl_sense; /* Sense of the flag */ 790Sstevel@tonic-gate const char * fl_specifier; /* How to recognize it */ 800Sstevel@tonic-gate const char * fl_output; /* How to spit it out */ 810Sstevel@tonic-gate }; 820Sstevel@tonic-gate 830Sstevel@tonic-gate /* 840Sstevel@tonic-gate * Local strings 850Sstevel@tonic-gate */ 860Sstevel@tonic-gate 870Sstevel@tonic-gate static const char default_tupleseps[] = ", \t"; 880Sstevel@tonic-gate static const char default_ksaltseps[] = ":."; 890Sstevel@tonic-gate 900Sstevel@tonic-gate /* Keytype strings */ 910Sstevel@tonic-gate /* Flags strings */ 920Sstevel@tonic-gate static const char flags_pdate_in[] = "postdateable"; 930Sstevel@tonic-gate static const char flags_fwd_in[] = "forwardable"; 940Sstevel@tonic-gate static const char flags_tgtbased_in[] = "tgt-based"; 950Sstevel@tonic-gate static const char flags_renew_in[] = "renewable"; 960Sstevel@tonic-gate static const char flags_proxy_in[] = "proxiable"; 970Sstevel@tonic-gate static const char flags_dup_skey_in[] = "dup-skey"; 980Sstevel@tonic-gate static const char flags_tickets_in[] = "allow-tickets"; 990Sstevel@tonic-gate static const char flags_preauth_in[] = "preauth"; 1000Sstevel@tonic-gate static const char flags_hwauth_in[] = "hwauth"; 1010Sstevel@tonic-gate static const char flags_pwchange_in[] = "pwchange"; 1020Sstevel@tonic-gate static const char flags_service_in[] = "service"; 1030Sstevel@tonic-gate static const char flags_pwsvc_in[] = "pwservice"; 1040Sstevel@tonic-gate static const char flags_md5_in[] = "md5"; 1050Sstevel@tonic-gate static const char flags_pdate_out[] = "Not Postdateable"; 1060Sstevel@tonic-gate static const char flags_fwd_out[] = "Not Forwardable"; 1070Sstevel@tonic-gate static const char flags_tgtbased_out[] = "No TGT-based requests"; 1080Sstevel@tonic-gate static const char flags_renew_out[] = "Not renewable"; 1090Sstevel@tonic-gate static const char flags_proxy_out[] = "Not proxiable"; 1100Sstevel@tonic-gate static const char flags_dup_skey_out[] = "No DUP_SKEY requests"; 1110Sstevel@tonic-gate static const char flags_tickets_out[] = "All Tickets Disallowed"; 1120Sstevel@tonic-gate static const char flags_preauth_out[] = "Preauthorization required"; 1130Sstevel@tonic-gate static const char flags_hwauth_out[] = "HW Authorization required"; 1140Sstevel@tonic-gate static const char flags_pwchange_out[] = "Password Change required"; 1150Sstevel@tonic-gate static const char flags_service_out[] = "Service Disabled"; 1160Sstevel@tonic-gate static const char flags_pwsvc_out[] = "Password Changing Service"; 1170Sstevel@tonic-gate static const char flags_md5_out[] = "RSA-MD5 supported"; 1180Sstevel@tonic-gate static const char flags_default_neg[] = "-"; 1190Sstevel@tonic-gate static const char flags_default_sep[] = " "; 1200Sstevel@tonic-gate 1210Sstevel@tonic-gate /* 1220Sstevel@tonic-gate * Lookup tables. 1230Sstevel@tonic-gate */ 1240Sstevel@tonic-gate 1250Sstevel@tonic-gate static const struct flags_lookup_entry flags_table[] = { 1260Sstevel@tonic-gate /* flag sense input specifier output string */ 1270Sstevel@tonic-gate /*----------------------------- ------- ------------------ ------------------*/ 1280Sstevel@tonic-gate { KRB5_KDB_DISALLOW_POSTDATED, 0, flags_pdate_in, flags_pdate_out }, 1290Sstevel@tonic-gate { KRB5_KDB_DISALLOW_FORWARDABLE,0, flags_fwd_in, flags_fwd_out }, 1300Sstevel@tonic-gate { KRB5_KDB_DISALLOW_TGT_BASED, 0, flags_tgtbased_in, flags_tgtbased_out}, 1310Sstevel@tonic-gate { KRB5_KDB_DISALLOW_RENEWABLE, 0, flags_renew_in, flags_renew_out }, 1320Sstevel@tonic-gate { KRB5_KDB_DISALLOW_PROXIABLE, 0, flags_proxy_in, flags_proxy_out }, 1330Sstevel@tonic-gate { KRB5_KDB_DISALLOW_DUP_SKEY, 0, flags_dup_skey_in, flags_dup_skey_out}, 1340Sstevel@tonic-gate { KRB5_KDB_DISALLOW_ALL_TIX, 0, flags_tickets_in, flags_tickets_out }, 1350Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PRE_AUTH, 1, flags_preauth_in, flags_preauth_out }, 1360Sstevel@tonic-gate { KRB5_KDB_REQUIRES_HW_AUTH, 1, flags_hwauth_in, flags_hwauth_out }, 1370Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PWCHANGE, 1, flags_pwchange_in, flags_pwchange_out}, 1380Sstevel@tonic-gate { KRB5_KDB_DISALLOW_SVR, 0, flags_service_in, flags_service_out }, 1390Sstevel@tonic-gate { KRB5_KDB_PWCHANGE_SERVICE, 1, flags_pwsvc_in, flags_pwsvc_out }, 1400Sstevel@tonic-gate { KRB5_KDB_SUPPORT_DESMD5, 1, flags_md5_in, flags_md5_out } 1410Sstevel@tonic-gate }; 1420Sstevel@tonic-gate static const int flags_table_nents = sizeof(flags_table)/ 1430Sstevel@tonic-gate sizeof(flags_table[0]); 1440Sstevel@tonic-gate 1450Sstevel@tonic-gate 1460Sstevel@tonic-gate krb5_error_code 1470Sstevel@tonic-gate krb5_string_to_flags(string, positive, negative, flagsp) 1480Sstevel@tonic-gate char * string; 1490Sstevel@tonic-gate const char * positive; 1500Sstevel@tonic-gate const char * negative; 1510Sstevel@tonic-gate krb5_flags * flagsp; 1520Sstevel@tonic-gate { 1530Sstevel@tonic-gate int i; 1540Sstevel@tonic-gate int found; 1550Sstevel@tonic-gate const char *neg; 1560Sstevel@tonic-gate size_t nsize, psize; 1570Sstevel@tonic-gate int cpos; 1580Sstevel@tonic-gate int sense; 1590Sstevel@tonic-gate 1600Sstevel@tonic-gate found = 0; 1610Sstevel@tonic-gate /* We need to have a way to negate it. */ 1620Sstevel@tonic-gate neg = (negative) ? negative : flags_default_neg; 1630Sstevel@tonic-gate nsize = strlen(neg); 1640Sstevel@tonic-gate psize = (positive) ? strlen(positive) : 0; 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate cpos = 0; 1670Sstevel@tonic-gate sense = 1; 1680Sstevel@tonic-gate /* First check for positive or negative sense */ 1690Sstevel@tonic-gate if (!strncasecmp(neg, string, nsize)) { 1700Sstevel@tonic-gate sense = 0; 1710Sstevel@tonic-gate cpos += (int) nsize; 1720Sstevel@tonic-gate } 1730Sstevel@tonic-gate else if (psize && !strncasecmp(positive, string, psize)) { 1740Sstevel@tonic-gate cpos += (int) psize; 1750Sstevel@tonic-gate } 1760Sstevel@tonic-gate 1770Sstevel@tonic-gate for (i=0; i<flags_table_nents; i++) { 1780Sstevel@tonic-gate if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) { 1790Sstevel@tonic-gate found = 1; 1800Sstevel@tonic-gate if (sense == (int) flags_table[i].fl_sense) 1810Sstevel@tonic-gate *flagsp |= flags_table[i].fl_flags; 1820Sstevel@tonic-gate else 1830Sstevel@tonic-gate *flagsp &= ~flags_table[i].fl_flags; 1840Sstevel@tonic-gate 1850Sstevel@tonic-gate break; 1860Sstevel@tonic-gate } 1870Sstevel@tonic-gate } 1880Sstevel@tonic-gate return((found) ? 0 : EINVAL); 1890Sstevel@tonic-gate } 1900Sstevel@tonic-gate 1910Sstevel@tonic-gate krb5_error_code 1920Sstevel@tonic-gate krb5_flags_to_string(flags, sep, buffer, buflen) 1930Sstevel@tonic-gate krb5_flags flags; 1940Sstevel@tonic-gate const char * sep; 1950Sstevel@tonic-gate char * buffer; 1960Sstevel@tonic-gate size_t buflen; 1970Sstevel@tonic-gate { 1980Sstevel@tonic-gate int i; 1990Sstevel@tonic-gate krb5_flags pflags; 2000Sstevel@tonic-gate const char *sepstring; 2010Sstevel@tonic-gate char *op; 2020Sstevel@tonic-gate int initial; 2030Sstevel@tonic-gate krb5_error_code retval; 2040Sstevel@tonic-gate 2050Sstevel@tonic-gate retval = 0; 2060Sstevel@tonic-gate op = buffer; 2070Sstevel@tonic-gate pflags = 0; 2080Sstevel@tonic-gate initial = 1; 2090Sstevel@tonic-gate sepstring = (sep) ? sep : flags_default_sep; 2100Sstevel@tonic-gate /* Blast through the table matching all we can */ 2110Sstevel@tonic-gate for (i=0; i<flags_table_nents; i++) { 2120Sstevel@tonic-gate if (flags & flags_table[i].fl_flags) { 2130Sstevel@tonic-gate /* Found a match, see if it'll fit into the output buffer */ 2140Sstevel@tonic-gate if ((op+strlen(flags_table[i].fl_output)+strlen(sepstring)) < 2150Sstevel@tonic-gate (buffer + buflen)) { 2160Sstevel@tonic-gate if (!initial) { 2170Sstevel@tonic-gate strcpy(op, sep); 2180Sstevel@tonic-gate op += strlen(sep); 2190Sstevel@tonic-gate } 2200Sstevel@tonic-gate initial = 0; 2210Sstevel@tonic-gate strcpy(op, flags_table[i].fl_output); 2220Sstevel@tonic-gate op += strlen(flags_table[i].fl_output); 2230Sstevel@tonic-gate } 2240Sstevel@tonic-gate else { 2250Sstevel@tonic-gate retval = ENOMEM; 2260Sstevel@tonic-gate break; 2270Sstevel@tonic-gate } 2280Sstevel@tonic-gate /* Keep track of what we matched */ 2290Sstevel@tonic-gate pflags |= flags_table[i].fl_flags; 2300Sstevel@tonic-gate } 2310Sstevel@tonic-gate } 2320Sstevel@tonic-gate if (!retval) { 2330Sstevel@tonic-gate /* See if there's any leftovers */ 2340Sstevel@tonic-gate if (flags & ~pflags) 2350Sstevel@tonic-gate retval = EINVAL; 2360Sstevel@tonic-gate else if (initial) 2370Sstevel@tonic-gate *buffer = '\0'; 2380Sstevel@tonic-gate } 2390Sstevel@tonic-gate return(retval); 2400Sstevel@tonic-gate } 2410Sstevel@tonic-gate 2420Sstevel@tonic-gate krb5_error_code 2430Sstevel@tonic-gate krb5_input_flag_to_string(flag, buffer, buflen) 2440Sstevel@tonic-gate int flag; 2450Sstevel@tonic-gate char * buffer; 2460Sstevel@tonic-gate size_t buflen; 2470Sstevel@tonic-gate { 2480Sstevel@tonic-gate if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */ 2490Sstevel@tonic-gate if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM; 2500Sstevel@tonic-gate strcpy(buffer, flags_table[flag].fl_specifier); 2510Sstevel@tonic-gate return 0; 2520Sstevel@tonic-gate } 2530Sstevel@tonic-gate 2540Sstevel@tonic-gate /* 2550Sstevel@tonic-gate * krb5_keysalt_is_present() - Determine if a key/salt pair is present 2560Sstevel@tonic-gate * in a list of key/salt tuples. 2570Sstevel@tonic-gate * 2580Sstevel@tonic-gate * Salttype may be negative to indicate a search for only a enctype. 2590Sstevel@tonic-gate */ 2600Sstevel@tonic-gate krb5_boolean 2610Sstevel@tonic-gate krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) 2620Sstevel@tonic-gate krb5_key_salt_tuple *ksaltlist; 2630Sstevel@tonic-gate krb5_int32 nksalts; 2640Sstevel@tonic-gate krb5_enctype enctype; 2650Sstevel@tonic-gate krb5_int32 salttype; 2660Sstevel@tonic-gate { 2670Sstevel@tonic-gate krb5_boolean foundit; 2680Sstevel@tonic-gate int i; 2690Sstevel@tonic-gate 2700Sstevel@tonic-gate foundit = 0; 2710Sstevel@tonic-gate if (ksaltlist) { 2720Sstevel@tonic-gate for (i=0; i<nksalts; i++) { 2730Sstevel@tonic-gate if ((ksaltlist[i].ks_enctype == enctype) && 2740Sstevel@tonic-gate ((ksaltlist[i].ks_salttype == salttype) || 2750Sstevel@tonic-gate (salttype < 0))) { 2760Sstevel@tonic-gate foundit = 1; 2770Sstevel@tonic-gate break; 2780Sstevel@tonic-gate } 2790Sstevel@tonic-gate } 2800Sstevel@tonic-gate } 2810Sstevel@tonic-gate return(foundit); 2820Sstevel@tonic-gate } 2830Sstevel@tonic-gate 2840Sstevel@tonic-gate /* 2850Sstevel@tonic-gate * krb5_string_to_keysalts() - Convert a string representation to a list 2860Sstevel@tonic-gate * of key/salt tuples. 2870Sstevel@tonic-gate */ 2880Sstevel@tonic-gate krb5_error_code 2890Sstevel@tonic-gate krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) 2900Sstevel@tonic-gate char *string; 2910Sstevel@tonic-gate const char *tupleseps; 2920Sstevel@tonic-gate const char *ksaltseps; 2930Sstevel@tonic-gate krb5_boolean dups; 2940Sstevel@tonic-gate krb5_key_salt_tuple **ksaltp; 2950Sstevel@tonic-gate krb5_int32 *nksaltp; 2960Sstevel@tonic-gate { 2970Sstevel@tonic-gate krb5_error_code kret; 2980Sstevel@tonic-gate char *kp, *sp, *ep; 2990Sstevel@tonic-gate char sepchar, trailchar; 3000Sstevel@tonic-gate krb5_enctype ktype; 3010Sstevel@tonic-gate krb5_int32 stype; 3020Sstevel@tonic-gate krb5_key_salt_tuple *savep; 3030Sstevel@tonic-gate const char *tseplist; 3040Sstevel@tonic-gate const char *ksseplist; 3050Sstevel@tonic-gate const char *septmp; 3060Sstevel@tonic-gate size_t len; 3070Sstevel@tonic-gate 3080Sstevel@tonic-gate kret = 0; 3090Sstevel@tonic-gate kp = string; 3100Sstevel@tonic-gate tseplist = (tupleseps) ? tupleseps : default_tupleseps; 3110Sstevel@tonic-gate ksseplist = (ksaltseps) ? ksaltseps : default_ksaltseps; 3120Sstevel@tonic-gate while (kp) { 3130Sstevel@tonic-gate /* Attempt to find a separator */ 3140Sstevel@tonic-gate ep = (char *) NULL; 3150Sstevel@tonic-gate if (*tseplist) { 3160Sstevel@tonic-gate septmp = tseplist; 3170Sstevel@tonic-gate for (ep = strchr(kp, (int) *septmp); 3180Sstevel@tonic-gate *(++septmp) && !ep; 3190Sstevel@tonic-gate ep = strchr(kp, (int) *septmp)); 3200Sstevel@tonic-gate } 3210Sstevel@tonic-gate 3220Sstevel@tonic-gate if (ep) { 3230Sstevel@tonic-gate trailchar = *ep; 3240Sstevel@tonic-gate *ep = '\0'; 3250Sstevel@tonic-gate ep++; 3260Sstevel@tonic-gate } 3270Sstevel@tonic-gate /* 3280Sstevel@tonic-gate * kp points to something (hopefully) of the form: 3290Sstevel@tonic-gate * <enctype><ksseplist><salttype> 3300Sstevel@tonic-gate * or 3310Sstevel@tonic-gate * <enctype> 3320Sstevel@tonic-gate */ 3330Sstevel@tonic-gate sp = (char *) NULL; 3340Sstevel@tonic-gate /* Attempt to find a separator */ 3350Sstevel@tonic-gate septmp = ksseplist; 3360Sstevel@tonic-gate for (sp = strchr(kp, (int) *septmp); 3370Sstevel@tonic-gate *(++septmp) && !sp; 3380Sstevel@tonic-gate sp = strchr(kp, (int)*septmp)); 3390Sstevel@tonic-gate 3400Sstevel@tonic-gate if (sp) { 3410Sstevel@tonic-gate /* Separate enctype from salttype */ 3420Sstevel@tonic-gate sepchar = *sp; 3430Sstevel@tonic-gate *sp = '\0'; 3440Sstevel@tonic-gate sp++; 3450Sstevel@tonic-gate } 3460Sstevel@tonic-gate else 3470Sstevel@tonic-gate stype = -1; 3480Sstevel@tonic-gate 3490Sstevel@tonic-gate /* 3500Sstevel@tonic-gate * Attempt to parse enctype and salttype. If we parse well 3510Sstevel@tonic-gate * then make sure that it specifies a unique key/salt combo 3520Sstevel@tonic-gate */ 3530Sstevel@tonic-gate if (!(kret = krb5_string_to_enctype(kp, &ktype)) && 3540Sstevel@tonic-gate (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) && 3550Sstevel@tonic-gate (dups || 3560Sstevel@tonic-gate !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { 3570Sstevel@tonic-gate 3580Sstevel@tonic-gate /* Squirrel away old keysalt array */ 3590Sstevel@tonic-gate savep = *ksaltp; 3600Sstevel@tonic-gate len = (size_t) *nksaltp; 3610Sstevel@tonic-gate 3620Sstevel@tonic-gate /* Get new keysalt array */ 363*2881Smp153739 *ksaltp = (krb5_key_salt_tuple *) 364*2881Smp153739 malloc((len + 1) * sizeof(krb5_key_salt_tuple)); 365*2881Smp153739 if (*ksaltp) { 3660Sstevel@tonic-gate 3670Sstevel@tonic-gate /* Copy old keysalt if appropriate */ 3680Sstevel@tonic-gate if (savep) { 3690Sstevel@tonic-gate memcpy(*ksaltp, savep, 3700Sstevel@tonic-gate len * sizeof(krb5_key_salt_tuple)); 3710Sstevel@tonic-gate krb5_xfree(savep); 3720Sstevel@tonic-gate } 3730Sstevel@tonic-gate 3740Sstevel@tonic-gate /* Save our values */ 3750Sstevel@tonic-gate (*ksaltp)[(*nksaltp)].ks_enctype = ktype; 3760Sstevel@tonic-gate (*ksaltp)[(*nksaltp)].ks_salttype = stype; 3770Sstevel@tonic-gate (*nksaltp)++; 3780Sstevel@tonic-gate } 3790Sstevel@tonic-gate else { 3800Sstevel@tonic-gate *ksaltp = savep; 3810Sstevel@tonic-gate break; 3820Sstevel@tonic-gate } 3830Sstevel@tonic-gate } 3840Sstevel@tonic-gate /* 3850Sstevel@tonic-gate * Solaris Kerberos 3860Sstevel@tonic-gate * If the string did not yield a valid enctype/keysalt 3870Sstevel@tonic-gate * just ignore it and continue on. MIT kerberos stops 3880Sstevel@tonic-gate * searching when if finds an unknown string. 3890Sstevel@tonic-gate */ 3900Sstevel@tonic-gate if (sp) 3910Sstevel@tonic-gate sp[-1] = sepchar; 3920Sstevel@tonic-gate if (ep) 3930Sstevel@tonic-gate ep[-1] = trailchar; 3940Sstevel@tonic-gate kp = ep; 3950Sstevel@tonic-gate 3960Sstevel@tonic-gate /* Skip over extra separators - like spaces */ 3970Sstevel@tonic-gate if (kp && *tseplist) { 3980Sstevel@tonic-gate septmp = tseplist; 3990Sstevel@tonic-gate while(*septmp && *kp) { 4000Sstevel@tonic-gate if(*septmp == *kp) { 4010Sstevel@tonic-gate /* Increment string - reset separator list */ 4020Sstevel@tonic-gate kp++; 4030Sstevel@tonic-gate septmp = tseplist; 4040Sstevel@tonic-gate } else { 4050Sstevel@tonic-gate septmp++; 4060Sstevel@tonic-gate } 4070Sstevel@tonic-gate } 4080Sstevel@tonic-gate if (!*kp) kp = NULL; 4090Sstevel@tonic-gate } 4100Sstevel@tonic-gate } /* while kp */ 4110Sstevel@tonic-gate return(kret); 4120Sstevel@tonic-gate } 4130Sstevel@tonic-gate 4140Sstevel@tonic-gate /* 4150Sstevel@tonic-gate * krb5_keysalt_iterate() - Do something for each unique key/salt 4160Sstevel@tonic-gate * combination. 4170Sstevel@tonic-gate * 4180Sstevel@tonic-gate * If ignoresalt set, then salttype is ignored. 4190Sstevel@tonic-gate */ 4200Sstevel@tonic-gate krb5_error_code 4210Sstevel@tonic-gate krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) 4220Sstevel@tonic-gate krb5_key_salt_tuple *ksaltlist; 4230Sstevel@tonic-gate krb5_int32 nksalt; 4240Sstevel@tonic-gate krb5_boolean ignoresalt; 425*2881Smp153739 krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); 4260Sstevel@tonic-gate krb5_pointer arg; 4270Sstevel@tonic-gate { 4280Sstevel@tonic-gate int i; 4290Sstevel@tonic-gate krb5_error_code kret; 4300Sstevel@tonic-gate krb5_key_salt_tuple scratch; 4310Sstevel@tonic-gate 4320Sstevel@tonic-gate kret = 0; 4330Sstevel@tonic-gate for (i=0; i<nksalt; i++) { 4340Sstevel@tonic-gate scratch.ks_enctype = ksaltlist[i].ks_enctype; 4350Sstevel@tonic-gate scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype; 4360Sstevel@tonic-gate if (!krb5_keysalt_is_present(ksaltlist, 4370Sstevel@tonic-gate i, 4380Sstevel@tonic-gate scratch.ks_enctype, 4390Sstevel@tonic-gate scratch.ks_salttype)) { 440*2881Smp153739 kret = (*iterator)(&scratch, arg); 441*2881Smp153739 if (kret) 4420Sstevel@tonic-gate break; 4430Sstevel@tonic-gate } 4440Sstevel@tonic-gate } 4450Sstevel@tonic-gate return(kret); 4460Sstevel@tonic-gate } 447