summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/hdb/common.c
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/hdb/common.c')
-rw-r--r--third_party/heimdal/lib/hdb/common.c1745
1 files changed, 1745 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/hdb/common.c b/third_party/heimdal/lib/hdb/common.c
new file mode 100644
index 0000000..a92cc13
--- /dev/null
+++ b/third_party/heimdal/lib/hdb/common.c
@@ -0,0 +1,1745 @@
+/*
+ * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include "hdb_locl.h"
+
+int
+hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
+{
+ Principal new;
+ size_t len = 0;
+ int ret;
+
+ ret = copy_Principal(p, &new);
+ if(ret)
+ return ret;
+ new.name.name_type = 0;
+
+ ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
+ if (ret == 0 && key->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ free_Principal(&new);
+ return ret;
+}
+
+int
+hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
+{
+ return decode_Principal(key->data, key->length, p, NULL);
+}
+
+int
+hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
+{
+ size_t len = 0;
+ int ret;
+
+ ASN1_MALLOC_ENCODE(HDB_entry, value->data, value->length, ent, &len, ret);
+ if (ret == 0 && value->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ return ret;
+}
+
+int
+hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
+{
+ return decode_HDB_entry(value->data, value->length, ent, NULL);
+}
+
+int
+hdb_entry_alias2value(krb5_context context,
+ const hdb_entry_alias *alias,
+ krb5_data *value)
+{
+ size_t len = 0;
+ int ret;
+
+ ASN1_MALLOC_ENCODE(HDB_entry_alias, value->data, value->length,
+ alias, &len, ret);
+ if (ret == 0 && value->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ return ret;
+}
+
+int
+hdb_value2entry_alias(krb5_context context, krb5_data *value,
+ hdb_entry_alias *ent)
+{
+ return decode_HDB_entry_alias(value->data, value->length, ent, NULL);
+}
+
+/*
+ * Some old databases may not have stored the salt with each key, which will
+ * break clients when aliases or canonicalization are used. Generate a
+ * default salt based on the real principal name in the entry to handle
+ * this case.
+ */
+static krb5_error_code
+add_default_salts(krb5_context context, HDB *db, hdb_entry *entry)
+{
+ krb5_error_code ret;
+ size_t i;
+ krb5_salt pwsalt;
+
+ ret = krb5_get_pw_salt(context, entry->principal, &pwsalt);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < entry->keys.len; i++) {
+ Key *key = &entry->keys.val[i];
+
+ if (key->salt != NULL ||
+ _krb5_enctype_requires_random_salt(context, key->key.keytype))
+ continue;
+
+ key->salt = calloc(1, sizeof(*key->salt));
+ if (key->salt == NULL) {
+ ret = krb5_enomem(context);
+ break;
+ }
+
+ key->salt->type = KRB5_PADATA_PW_SALT;
+
+ ret = krb5_data_copy(&key->salt->salt,
+ pwsalt.saltvalue.data,
+ pwsalt.saltvalue.length);
+ if (ret)
+ break;
+ }
+
+ krb5_free_salt(context, pwsalt);
+
+ return ret;
+}
+
+static krb5_error_code
+fetch_entry_or_alias(krb5_context context,
+ HDB *db,
+ krb5_const_principal principal,
+ unsigned flags,
+ hdb_entry *entry)
+{
+ HDB_EntryOrAlias eoa;
+ krb5_principal enterprise_principal = NULL;
+ krb5_data key, value;
+ krb5_error_code ret;
+
+ value.length = 0;
+ value.data = 0;
+ key = value;
+
+ if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ if (principal->name.name_string.len != 1) {
+ ret = KRB5_PARSE_MALFORMED;
+ krb5_set_error_message(context, ret, "malformed principal: "
+ "enterprise name with %d name components",
+ principal->name.name_string.len);
+ return ret;
+ }
+ ret = krb5_parse_name(context, principal->name.name_string.val[0],
+ &enterprise_principal);
+ if (ret)
+ return ret;
+ principal = enterprise_principal;
+ }
+
+ ret = hdb_principal2key(context, principal, &key);
+ if (ret == 0)
+ ret = db->hdb__get(context, db, key, &value);
+ if (ret == 0)
+ ret = decode_HDB_EntryOrAlias(value.data, value.length, &eoa, NULL);
+ if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_entry) {
+ *entry = eoa.u.entry;
+ } else if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_alias) {
+ krb5_data_free(&key);
+ ret = hdb_principal2key(context, eoa.u.alias.principal, &key);
+ if (ret == 0) {
+ krb5_data_free(&value);
+ ret = db->hdb__get(context, db, key, &value);
+ }
+ if (ret == 0)
+ /* No alias chaining */
+ ret = hdb_value2entry(context, &value, entry);
+ krb5_free_principal(context, eoa.u.alias.principal);
+ } else if (ret == 0)
+ ret = ENOTSUP;
+ if (ret == 0 && enterprise_principal) {
+ /*
+ * Whilst Windows does not canonicalize enterprise principal names if
+ * the canonicalize flag is unset, the original specification in
+ * draft-ietf-krb-wg-kerberos-referrals-03.txt says we should.
+ */
+ entry->flags.force_canonicalize = 1;
+ }
+
+ /* HDB_F_GET_ANY indicates request originated from KDC (not kadmin) */
+ if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_alias &&
+ (flags & (HDB_F_CANON|HDB_F_GET_ANY)) == 0) {
+
+ /* `principal' was alias but canon not req'd */
+ free_HDB_entry(entry);
+ ret = HDB_ERR_NOENTRY;
+ }
+
+ krb5_free_principal(context, enterprise_principal);
+ krb5_data_free(&value);
+ krb5_data_free(&key);
+ principal = enterprise_principal = NULL;
+ return ret;
+}
+
+krb5_error_code
+_hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
+ unsigned flags, krb5_kvno kvno, hdb_entry *entry)
+{
+ krb5_error_code ret;
+
+ ret = fetch_entry_or_alias(context, db, principal, flags, entry);
+ if (ret)
+ return ret;
+
+ if ((flags & HDB_F_DECRYPT) && (flags & HDB_F_ALL_KVNOS)) {
+ /* Decrypt the current keys */
+ ret = hdb_unseal_keys(context, db, entry);
+ if (ret) {
+ hdb_free_entry(context, db, entry);
+ return ret;
+ }
+ /* Decrypt the key history too */
+ ret = hdb_unseal_keys_kvno(context, db, 0, flags, entry);
+ if (ret) {
+ hdb_free_entry(context, db, entry);
+ return ret;
+ }
+ } else if ((flags & HDB_F_DECRYPT)) {
+ if ((flags & HDB_F_KVNO_SPECIFIED) == 0 || kvno == entry->kvno) {
+ /* Decrypt the current keys */
+ ret = hdb_unseal_keys(context, db, entry);
+ if (ret) {
+ hdb_free_entry(context, db, entry);
+ return ret;
+ }
+ } else {
+ if ((flags & HDB_F_ALL_KVNOS))
+ kvno = 0;
+ /*
+ * Find and decrypt the keys from the history that we want,
+ * and swap them with the current keys
+ */
+ ret = hdb_unseal_keys_kvno(context, db, kvno, flags, entry);
+ if (ret) {
+ hdb_free_entry(context, db, entry);
+ return ret;
+ }
+ }
+ }
+ if ((flags & HDB_F_FOR_AS_REQ) && (flags & HDB_F_GET_CLIENT)) {
+ /*
+ * Generate default salt for any principals missing one; note such
+ * principals could include those for which a random (non-password)
+ * key was generated, but given the salt will be ignored by a keytab
+ * client it doesn't hurt to include the default salt.
+ */
+ ret = add_default_salts(context, db, entry);
+ if (ret) {
+ hdb_free_entry(context, db, entry);
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
+{
+ const HDB_Ext_Aliases *aliases;
+ krb5_error_code code;
+ hdb_entry oldentry;
+ krb5_data value;
+ size_t i;
+
+ code = db->hdb__get(context, db, *key, &value);
+ if (code == HDB_ERR_NOENTRY)
+ return 0;
+ else if (code)
+ return code;
+
+ code = hdb_value2entry(context, &value, &oldentry);
+ krb5_data_free(&value);
+ if (code)
+ return code;
+
+ code = hdb_entry_get_aliases(&oldentry, &aliases);
+ if (code || aliases == NULL) {
+ free_HDB_entry(&oldentry);
+ return code;
+ }
+ for (i = 0; i < aliases->aliases.len; i++) {
+ krb5_data akey;
+
+ code = hdb_principal2key(context, &aliases->aliases.val[i], &akey);
+ if (code == 0) {
+ code = db->hdb__del(context, db, akey);
+ krb5_data_free(&akey);
+ }
+ if (code) {
+ free_HDB_entry(&oldentry);
+ return code;
+ }
+ }
+ free_HDB_entry(&oldentry);
+ return 0;
+}
+
+static krb5_error_code
+hdb_add_aliases(krb5_context context, HDB *db,
+ unsigned flags, hdb_entry *entry)
+{
+ const HDB_Ext_Aliases *aliases;
+ krb5_error_code code;
+ krb5_data key, value;
+ size_t i;
+
+ code = hdb_entry_get_aliases(entry, &aliases);
+ if (code || aliases == NULL)
+ return code;
+
+ for (i = 0; i < aliases->aliases.len; i++) {
+ hdb_entry_alias entryalias;
+ entryalias.principal = entry->principal;
+
+ code = hdb_entry_alias2value(context, &entryalias, &value);
+ if (code)
+ return code;
+
+ code = hdb_principal2key(context, &aliases->aliases.val[i], &key);
+ if (code == 0) {
+ code = db->hdb__put(context, db, flags, key, value);
+ krb5_data_free(&key);
+ }
+ krb5_data_free(&value);
+ if (code)
+ return code;
+ }
+ return 0;
+}
+
+/* Check if new aliases are already used for other entries */
+static krb5_error_code
+hdb_check_aliases(krb5_context context, HDB *db, hdb_entry *entry)
+{
+ const HDB_Ext_Aliases *aliases = NULL;
+ HDB_EntryOrAlias eoa;
+ krb5_data akey, value;
+ size_t i;
+ int ret;
+
+ memset(&eoa, 0, sizeof(eoa));
+ krb5_data_zero(&value);
+ akey = value;
+
+ ret = hdb_entry_get_aliases(entry, &aliases);
+ for (i = 0; ret == 0 && aliases && i < aliases->aliases.len; i++) {
+ ret = hdb_principal2key(context, &aliases->aliases.val[i], &akey);
+ if (ret == 0)
+ ret = db->hdb__get(context, db, akey, &value);
+ if (ret == 0)
+ ret = decode_HDB_EntryOrAlias(value.data, value.length, &eoa, NULL);
+ if (ret == 0 && eoa.element != choice_HDB_EntryOrAlias_entry &&
+ eoa.element != choice_HDB_EntryOrAlias_alias)
+ ret = ENOTSUP;
+ if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_entry)
+ /* New alias names an existing non-alias entry in the HDB */
+ ret = HDB_ERR_EXISTS;
+ if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_alias &&
+ !krb5_principal_compare(context, eoa.u.alias.principal,
+ entry->principal))
+ /* New alias names an existing alias of a different entry */
+ ret = HDB_ERR_EXISTS;
+ if (ret == HDB_ERR_NOENTRY) /* from db->hdb__get */
+ /* New alias is a name that doesn't exist in the HDB */
+ ret = 0;
+
+ free_HDB_EntryOrAlias(&eoa);
+ krb5_data_free(&value);
+ krb5_data_free(&akey);
+ }
+ return ret;
+}
+
+/*
+ * Many HDB entries don't have `etypes' setup. Historically we use the
+ * enctypes of the selected keyset as the entry's supported enctypes, but that
+ * is problematic. By doing this at store time and, if need be, at fetch time,
+ * we can make sure to stop deriving supported etypes from keys in the long
+ * run. We also need kadm5/kadmin support for etypes. We'll use this function
+ * there to derive etypes when using a kadm5_principal_ent_t that lacks the new
+ * TL data for etypes.
+ */
+krb5_error_code
+hdb_derive_etypes(krb5_context context, hdb_entry *e, HDB_Ext_KeySet *base_keys)
+{
+ krb5_error_code ret = 0;
+ size_t i, k, netypes;
+ HDB_extension *ext;
+
+ if (!base_keys &&
+ (ext = hdb_find_extension(e, choice_HDB_extension_data_hist_keys)))
+ base_keys = &ext->data.u.hist_keys;
+
+ netypes = e->keys.len;
+ if (netypes == 0 && base_keys) {
+ /* There's no way that base_keys->val[i].keys.len == 0, but hey */
+ for (i = 0; netypes == 0 && i < base_keys->len; i++)
+ netypes = base_keys->val[i].keys.len;
+ }
+
+ if (netypes == 0)
+ return 0;
+
+ if (e->etypes != NULL) {
+ free(e->etypes->val);
+ e->etypes->len = 0;
+ e->etypes->val = 0;
+ } else if ((e->etypes = calloc(1, sizeof(e->etypes[0]))) == NULL) {
+ ret = krb5_enomem(context);
+ }
+ if (ret == 0 &&
+ (e->etypes->val = calloc(netypes, sizeof(e->etypes->val[0]))) == NULL)
+ ret = krb5_enomem(context);
+ if (ret) {
+ free(e->etypes);
+ e->etypes = 0;
+ return ret;
+ }
+ e->etypes->len = netypes;
+ for (i = 0; i < e->keys.len && i < netypes; i++)
+ e->etypes->val[i] = e->keys.val[i].key.keytype;
+ if (!base_keys || i)
+ return 0;
+ for (k = 0; i == 0 && k < base_keys->len; k++) {
+ if (!base_keys->val[k].keys.len)
+ continue;
+ for (; i < base_keys->val[k].keys.len; i++)
+ e->etypes->val[i] = base_keys->val[k].keys.val[i].key.keytype;
+ }
+ return 0;
+}
+
+krb5_error_code
+_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+{
+ krb5_data key, value;
+ int code;
+
+ if (entry->flags.do_not_store ||
+ entry->flags.force_canonicalize)
+ return HDB_ERR_MISUSE;
+ /* check if new aliases already is used */
+ code = hdb_check_aliases(context, db, entry);
+ if (code)
+ return code;
+
+ if ((flags & HDB_F_PRECHECK) && (flags & HDB_F_REPLACE))
+ return 0;
+
+ if ((flags & HDB_F_PRECHECK)) {
+ code = hdb_principal2key(context, entry->principal, &key);
+ if (code)
+ return code;
+ code = db->hdb__get(context, db, key, &value);
+ krb5_data_free(&key);
+ if (code == 0)
+ krb5_data_free(&value);
+ if (code == HDB_ERR_NOENTRY)
+ return 0;
+ return code ? code : HDB_ERR_EXISTS;
+ }
+
+ if ((entry->etypes == NULL || entry->etypes->len == 0) &&
+ (code = hdb_derive_etypes(context, entry, NULL)))
+ return code;
+
+ if (entry->generation == NULL) {
+ struct timeval t;
+ entry->generation = malloc(sizeof(*entry->generation));
+ if(entry->generation == NULL) {
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ return ENOMEM;
+ }
+ gettimeofday(&t, NULL);
+ entry->generation->time = t.tv_sec;
+ entry->generation->usec = t.tv_usec;
+ entry->generation->gen = 0;
+ } else
+ entry->generation->gen++;
+
+ code = hdb_seal_keys(context, db, entry);
+ if (code)
+ return code;
+
+ code = hdb_principal2key(context, entry->principal, &key);
+ if (code)
+ return code;
+
+ /* remove aliases */
+ code = hdb_remove_aliases(context, db, &key);
+ if (code) {
+ krb5_data_free(&key);
+ return code;
+ }
+ code = hdb_entry2value(context, entry, &value);
+ if (code == 0)
+ code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
+ krb5_data_free(&value);
+ krb5_data_free(&key);
+ if (code)
+ return code;
+
+ code = hdb_add_aliases(context, db, flags, entry);
+
+ return code;
+}
+
+krb5_error_code
+_hdb_remove(krb5_context context, HDB *db,
+ unsigned flags, krb5_const_principal principal)
+{
+ krb5_data key, value;
+ HDB_EntryOrAlias eoa;
+ int is_alias = -1;
+ int code;
+
+ /*
+ * We only allow deletion of entries by canonical name. To remove an
+ * alias use kadm5_modify_principal().
+ *
+ * We need to determine if this is an alias. We decode as a
+ * HDB_EntryOrAlias, which is expensive -- we could decode as a
+ * HDB_entry_alias instead and assume it's an entry if decoding fails...
+ */
+
+ code = hdb_principal2key(context, principal, &key);
+ if (code == 0)
+ code = db->hdb__get(context, db, key, &value);
+ if (code == 0) {
+ code = decode_HDB_EntryOrAlias(value.data, value.length, &eoa, NULL);
+ krb5_data_free(&value);
+ }
+ if (code == 0) {
+ is_alias = eoa.element == choice_HDB_EntryOrAlias_entry ? 0 : 1;
+ free_HDB_EntryOrAlias(&eoa);
+ }
+
+ if ((flags & HDB_F_PRECHECK)) {
+ if (code == 0 && is_alias)
+ krb5_set_error_message(context, code = HDB_ERR_NOENTRY,
+ "Cannot delete alias of principal");
+ krb5_data_free(&key);
+ return code;
+ }
+
+ if (code == 0)
+ code = hdb_remove_aliases(context, db, &key);
+ if (code == 0)
+ code = db->hdb__del(context, db, key);
+ krb5_data_free(&key);
+ return code;
+}
+
+/* PRF+(K_base, pad, keylen(etype)) */
+static krb5_error_code
+derive_Key1(krb5_context context,
+ krb5_data *pad,
+ EncryptionKey *base,
+ krb5int32 etype,
+ EncryptionKey *nk)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto = NULL;
+ krb5_data out;
+ size_t len;
+
+ out.data = 0;
+ out.length = 0;
+
+ ret = krb5_enctype_keysize(context, base->keytype, &len);
+ if (ret == 0)
+ ret = krb5_crypto_init(context, base, 0, &crypto);
+ if (ret == 0)
+ ret = krb5_crypto_prfplus(context, crypto, pad, len, &out);
+ if (crypto)
+ krb5_crypto_destroy(context, crypto);
+ if (ret == 0)
+ ret = krb5_random_to_key(context, etype, out.data, out.length, nk);
+ krb5_data_free(&out);
+ return ret;
+}
+
+/* PRF+(PRF+(K_base, princ, keylen(etype)), kvno, keylen(etype)) */
+/* XXX Make it PRF+(PRF+(K_base, princ, keylen(K_base.etype)), and lift it, kvno, keylen(etype)) */
+static krb5_error_code
+derive_Key(krb5_context context,
+ const char *princ,
+ krb5uint32 kvno,
+ EncryptionKey *base,
+ krb5int32 etype,
+ Key *nk)
+{
+ krb5_error_code ret = 0;
+ EncryptionKey intermediate;
+ krb5_data pad;
+
+ nk->salt = NULL;
+ nk->mkvno = NULL;
+ nk->key.keytype = 0;
+ nk->key.keyvalue.data = 0;
+ nk->key.keyvalue.length = 0;
+
+ intermediate.keytype = 0;
+ intermediate.keyvalue.data = 0;
+ intermediate.keyvalue.length = 0;
+ if (princ) {
+ /* Derive intermediate key for the given principal */
+ /* XXX Lift to optimize? */
+ pad.data = (void *)(uintptr_t)princ;
+ pad.length = strlen(princ);
+ ret = derive_Key1(context, &pad, base, etype, &intermediate);
+ if (ret == 0)
+ base = &intermediate;
+ } /* else `base' is already an intermediate key for the desired princ */
+
+ /* Derive final key for `kvno' from intermediate key */
+ kvno = htonl(kvno);
+ pad.data = &kvno;
+ pad.length = sizeof(kvno);
+ if (ret == 0)
+ ret = derive_Key1(context, &pad, base, etype, &nk->key);
+ free_EncryptionKey(&intermediate);
+ return ret;
+}
+
+/*
+ * PRF+(PRF+(K_base, princ, keylen(etype)), kvno, keylen(etype)) for one
+ * enctype.
+ */
+static krb5_error_code
+derive_Keys(krb5_context context,
+ const char *princ,
+ krb5uint32 kvno,
+ krb5int32 etype,
+ const Keys *base,
+ Keys *dk)
+
+{
+ krb5_error_code ret = 0;
+ size_t i;
+ Key nk;
+
+ dk->len = 0;
+ dk->val = 0;
+
+ /*
+ * The enctypes of the base keys is the list of enctypes to derive keys
+ * for. Still, we derive all keys from the first base key.
+ */
+ for (i = 0; ret == 0 && i < base->len; i++) {
+ if (etype != KRB5_ENCTYPE_NULL && etype != base->val[i].key.keytype)
+ continue;
+ ret = derive_Key(context, princ, kvno, &base->val[0].key,
+ base->val[i].key.keytype, &nk);
+ if (ret)
+ break;
+ ret = add_Keys(dk, &nk);
+ free_Key(&nk);
+ /*
+ * FIXME We need to finish kdc/kadm5/kadmin support for the `etypes' so
+ * we can reduce the number of keys in keytabs to just those in current
+ * use and only of *one* enctype.
+ *
+ * What we could do is derive *one* key and for the others output a
+ * one-byte key of the intended enctype (which will never work).
+ *
+ * We'll never need any keys but the first one...
+ */
+ }
+
+ if (ret)
+ free_Keys(dk);
+ return ret;
+}
+
+/* Helper for derive_keys_for_kr() */
+static krb5_error_code
+derive_keyset(krb5_context context,
+ const Keys *base_keys,
+ const char *princ,
+ krb5int32 etype,
+ krb5uint32 kvno,
+ KerberosTime set_time, /* "now" */
+ hdb_keyset *dks)
+{
+ dks->kvno = kvno;
+ dks->keys.val = 0;
+ dks->set_time = malloc(sizeof(*(dks->set_time)));
+ if (dks->set_time == NULL)
+ return krb5_enomem(context);
+ *dks->set_time = set_time;
+ return derive_Keys(context, princ, kvno, etype, base_keys, &dks->keys);
+}
+
+/* Possibly derive and install in `h' a keyset identified by `t' */
+static krb5_error_code
+derive_keys_for_kr(krb5_context context,
+ hdb_entry *h,
+ HDB_Ext_KeySet *base_keys,
+ int is_current_keyset,
+ int rotation_period_offset,
+ const char *princ,
+ krb5int32 etype,
+ krb5uint32 kvno_wanted,
+ KerberosTime t,
+ struct KeyRotation *krp)
+{
+ krb5_error_code ret;
+ hdb_keyset dks;
+ KerberosTime set_time, n;
+ krb5uint32 kvno;
+ size_t i;
+
+ if (rotation_period_offset < -1 || rotation_period_offset > 1)
+ return EINVAL; /* wat */
+
+ /*
+ * Compute `kvno' and `set_time' given `t' and `krp'.
+ *
+ * There be signed 32-bit time_t dragons here.
+ *
+ * (t - krp->epoch < 0) is better than (krp->epoch < t), making us more
+ * tolerant of signed 32-bit time_t here near 2038. Of course, we have
+ * signed 32-bit time_t dragons elsewhere.
+ */
+ if (t - krp->epoch < 0)
+ return 0; /* This KR is not relevant yet */
+ n = (t - krp->epoch) / krp->period;
+ n += rotation_period_offset;
+ set_time = krp->epoch + krp->period * n;
+ kvno = krp->base_kvno + n;
+
+
+ /*
+ * Do not waste cycles computing keys not wanted or needed.
+ * A past kvno is too old if its set_time + rotation period is in the past
+ * by more than half a rotation period, since then no service ticket
+ * encrypted with keys of that kvno can still be extant.
+ *
+ * A future kvno is not coming up soon enough if we're more than a quarter
+ * of the rotation period away from it.
+ *
+ * Recall: the assumption for virtually-keyed principals is that services
+ * fetch their future keys frequently enough that they'll never miss having
+ * the keys they need.
+ */
+ if (!is_current_keyset || rotation_period_offset != 0) {
+ if ((kvno_wanted && kvno != kvno_wanted) ||
+ t - (set_time + krp->period + (krp->period >> 1)) > 0 ||
+ (set_time - t > 0 && (set_time - t) > (krp->period >> 2)))
+ return 0;
+ }
+
+ for (i = 0; i < base_keys->len; i++) {
+ if (base_keys->val[i].kvno == krp->base_key_kvno)
+ break;
+ }
+ if (i == base_keys->len) {
+ /* Base key not found! */
+ if (kvno_wanted || is_current_keyset) {
+ krb5_set_error_message(context, ret = HDB_ERR_KVNO_NOT_FOUND,
+ "Base key version %u not found for %s",
+ krp->base_key_kvno, princ);
+ return ret;
+ }
+ return 0;
+ }
+
+ ret = derive_keyset(context, &base_keys->val[i].keys, princ, etype, kvno,
+ set_time, &dks);
+ if (ret == 0)
+ ret = hdb_install_keyset(context, h, is_current_keyset, &dks);
+
+ free_HDB_keyset(&dks);
+ return ret;
+}
+
+/* Derive and install current keys, and possibly preceding or next keys */
+static krb5_error_code
+derive_keys_for_current_kr(krb5_context context,
+ hdb_entry *h,
+ HDB_Ext_KeySet *base_keys,
+ const char *princ,
+ unsigned int flags,
+ krb5int32 etype,
+ krb5uint32 kvno_wanted,
+ KerberosTime t,
+ struct KeyRotation *krp,
+ KerberosTime future_epoch)
+{
+ krb5_error_code ret;
+
+ /* derive_keys_for_kr() for current kvno and install as the current keys */
+ ret = derive_keys_for_kr(context, h, base_keys, 1, 0, princ, etype,
+ kvno_wanted, t, krp);
+ if (!(flags & HDB_F_ALL_KVNOS))
+ return ret;
+
+ /* */
+
+
+ /*
+ * derive_keys_for_kr() for prev kvno if still needed -- it can only be
+ * needed if the prev kvno's start time is within this KR's epoch.
+ *
+ * Note that derive_keys_for_kr() can return without doing anything if this
+ * is isn't the current keyset. So these conditions need not be
+ * sufficiently narrow.
+ */
+ if (ret == 0 && t - krp->epoch >= krp->period)
+ ret = derive_keys_for_kr(context, h, base_keys, 0, -1, princ, etype,
+ kvno_wanted, t, krp);
+ /*
+ * derive_keys_for_kr() for next kvno if near enough, but only if it
+ * doesn't start after the next KR's epoch.
+ */
+ if (future_epoch &&
+ t - krp->epoch >= 0 /* We know! Hint to the compiler */) {
+ KerberosTime next_kvno_start, n;
+
+ n = (t - krp->epoch) / krp->period;
+ next_kvno_start = krp->epoch + krp->period * (n + 1);
+ if (future_epoch - next_kvno_start <= 0)
+ return ret;
+ }
+ if (ret == 0)
+ ret = derive_keys_for_kr(context, h, base_keys, 0, 1, princ, etype,
+ kvno_wanted, t, krp);
+ return ret;
+}
+
+/*
+ * Derive and install all keysets in `h' that `princ' needs at time `now'.
+ *
+ * This mutates the entry `h' to
+ *
+ * a) not have base keys,
+ * b) have keys derived from the base keys according to
+ * c) the key rotation periods for the base principal (possibly the same
+ * principal if it's a concrete principal with virtual keys), and the
+ * requested time, enctype, and kvno (all of which are optional, with zero
+ * implying some default).
+ *
+ * Arguments:
+ *
+ * - `flags' is the flags passed to `hdb_fetch_kvno()'
+ * - `princ' is the name of the principal we'll end up with in `entry'
+ * - `h_is_namespace' indicates whether `h' is for a namespace or a concrete
+ * principal (that might nonetheless have virtual/derived keys)
+ * - `t' is the time such that the derived keys are for kvnos needed at `t'
+ * - `etype' indicates what enctype to derive keys for (0 for all enctypes in
+ * `entry->etypes')
+ * - `kvno' requests a particular kvno, or all if zero
+ *
+ * The caller doesn't know if the principal needs key derivation -- we make
+ * that determination in this function.
+ *
+ * Note that this function is fully deterministic for any given set of
+ * arguments and HDB contents.
+ *
+ * Definitions:
+ *
+ * - A keyset is a set of keys for a single kvno.
+ * - A keyset is relevant IFF:
+ * - it is the keyset for a time period identified by `t' in a
+ * corresponding KR
+ * - it is a keyset for a past time period for which there may be extant,
+ * not-yet-expired tickets that a service may need to decrypt
+ * - it is a keyset for an upcoming time period that a service will need to
+ * fetch before that time period becomes current, that way the service
+ * can have keytab entries for those keys in time for when the KDC starts
+ * encrypting service tickets to those keys
+ *
+ * This function derives the keyset(s) for the current KR first. The idea is
+ * to optimize the order of resulting keytabs so that the most likely keys to
+ * be used come first.
+ *
+ * Invariants:
+ *
+ * - KR metadata is sane because sanity is checked for when storing HDB
+ * entries
+ * - KRs are sorted by epoch in descending order; KR #0's epoch is the most
+ * recent
+ * - KR periods are non-zero (we divide by period)
+ * - kvnos are numerically ordered and correspond to time periods
+ * - within each KR, the kvnos for larger times are larger than (or equal
+ * to) the kvnos of earlier times
+ * - at KR boundaries, the first kvno of the newer boundary is larger than
+ * the kvno of the last time period of the previous KR
+ * - the time `t' must fall into exactly one KR period
+ * - the time `t' must fall into exactly one period within a KR period
+ * - at most two kvnos will be relevant from the KR that `t' falls into
+ * (the current kvno for `t', and possibly either the preceding, or the
+ * next)
+ * - at most one kvno from non-current KRs will be derived: possibly one for a
+ * preceding KR, and possibly one from an upcoming KR
+ *
+ * There can be:
+ *
+ * - no KR extension (not a namespace principal, and no virtual keys)
+ * - 1, 2, or 3 KRs (see above)
+ * - the newest KR may have the `deleted' flag, meaning "does not exist after
+ * this epoch"
+ *
+ * Note that the last time period in any older KR can be partial.
+ *
+ * Timeline diagram:
+ *
+ * .......|--+--+...+--|---+---+---+...+--|----+...
+ * T20 T10 T11 RT12 T1n T01
+ * ^ ^ ^ ^ ^ ^ ^ T00
+ * | | | T22 T2n | | ^
+ * ^ | T21 | | |
+ * princ | | epoch of | epoch of
+ * did | | middle KR | newest epoch
+ * not | | |
+ * exist! | start of Note that T1n
+ * | second kvno is shown as shorter
+ * | in 1st epoch than preceding periods
+ * |
+ * ^
+ * first KR's
+ * epoch, and start
+ * of its first kvno
+ *
+ * Tmn == the start of the Mth KR's Nth time period.
+ * (higher M -> older KR; lower M -> newer KR)
+ * (N is the reverse: lower N -> older time period in KR)
+ * T20 == start of oldest KR -- no keys before this time will be derived.
+ * T2n == last time period in oldest KR
+ * T10 == start of middle KR
+ * T1n == last time period in middle KR
+ * T00 == start of newest KR
+ * T0n == current time period in newest KR for wall clock time
+ */
+static krb5_error_code
+derive_keys(krb5_context context,
+ unsigned flags,
+ krb5_const_principal princ,
+ int h_is_namespace,
+ krb5_timestamp t,
+ krb5int32 etype,
+ krb5uint32 kvno,
+ hdb_entry *h)
+{
+ HDB_Ext_KeyRotation kr;
+ HDB_Ext_KeySet base_keys;
+ krb5_error_code ret = 0;
+ size_t current_kr, future_kr, past_kr, i;
+ char *p = NULL;
+ int valid = 1;
+
+ if (!h_is_namespace && !h->flags.virtual_keys)
+ return 0;
+ h->flags.virtual = 1;
+
+ kr.len = 0;
+ kr.val = 0;
+ if (ret == 0) {
+ const HDB_Ext_KeyRotation *ckr;
+
+ /* Installing keys invalidates `ckr', so we copy it */
+ ret = hdb_entry_get_key_rotation(context, h, &ckr);
+ if (!ckr)
+ return ret;
+ if (ret == 0)
+ ret = copy_HDB_Ext_KeyRotation(ckr, &kr);
+ }
+
+ /* Get the base keys from the entry, and remove them */
+ base_keys.val = 0;
+ base_keys.len = 0;
+ if (ret == 0)
+ ret = _hdb_remove_base_keys(context, h, &base_keys, &kr);
+
+ /* Make sure we have h->etypes */
+ if (ret == 0 && !h->etypes)
+ ret = hdb_derive_etypes(context, h, &base_keys);
+
+ /* Keys not desired? Don't derive them! */
+ if (ret || !(flags & HDB_F_DECRYPT)) {
+ free_HDB_Ext_KeyRotation(&kr);
+ free_HDB_Ext_KeySet(&base_keys);
+ return ret;
+ }
+
+ /* The principal name will be used in key derivation and error messages */
+ if (ret == 0)
+ ret = krb5_unparse_name(context, princ, &p);
+
+ /* Sanity check key rotations, determine current & last kr */
+ if (ret == 0 && kr.len < 1)
+ krb5_set_error_message(context, ret = HDB_ERR_NOENTRY,
+ "no key rotation periods for %s", p);
+ if (ret == 0)
+ current_kr = future_kr = past_kr = kr.len;
+ else
+ current_kr = future_kr = past_kr = 1;
+
+ /*
+ * Identify a current, next, and previous KRs if there are any.
+ *
+ * There can be up to three KRs, ordered by epoch, descending, making up a
+ * timeline like:
+ *
+ * ...|---------|--------|------>
+ * ^ | | |
+ * | | | |
+ * | | | Newest KR (kr.val[0])
+ * | | Middle KR (kr.val[1])
+ * | Oldest (last) KR (kr.val[2])
+ * |
+ * Before the begging of time for this namespace
+ *
+ * We step through these from future towards past looking for the best
+ * future, current, and past KRs. The best current KR is one that has its
+ * epoch nearest to `t' but in the past of `t'.
+ *
+ * We validate KRs before storing HDB entries with the KR extension, so we
+ * can assume they are valid here. However, we do some validity checking,
+ * and if they're not valid, we pick the best current KR and ignore the
+ * others.
+ *
+ * In principle there cannot be two future KRs, but this function is
+ * deterministic and takes a time value, so it should not enforce this just
+ * so we can test. Enforcement of such rules should be done at store time.
+ */
+ for (i = 0; ret == 0 && i < kr.len; i++) {
+ /* Minimal validation: order and period */
+ if (i && kr.val[i - 1].epoch - kr.val[i].epoch <= 0) {
+ future_kr = past_kr = kr.len;
+ valid = 0;
+ }
+ if (!kr.val[i].period) {
+ future_kr = past_kr = kr.len;
+ valid = 0;
+ continue;
+ }
+ if (t - kr.val[i].epoch >= 0) {
+ /*
+ * `t' is in the future of this KR's epoch, so it's a candidate for
+ * either current or past KR.
+ */
+ if (current_kr == kr.len)
+ current_kr = i; /* First curr KR candidate; should be best */
+ else if (kr.val[current_kr].epoch - kr.val[i].epoch < 0)
+ current_kr = i; /* Invalid KRs, but better curr KR cand. */
+ else if (valid && past_kr == kr.len)
+ past_kr = i;
+ } else if (valid) {
+ /* This KR is in the future of `t', a candidate for next KR */
+ future_kr = i;
+ }
+ }
+ if (ret == 0 && current_kr == kr.len)
+ /* No current KR -> too soon */
+ krb5_set_error_message(context, ret = HDB_ERR_NOENTRY,
+ "Too soon for virtual principal to exist");
+
+ /* Check that the principal has not been marked deleted */
+ if (ret == 0 && current_kr < kr.len && kr.val[current_kr].flags.deleted)
+ krb5_set_error_message(context, ret = HDB_ERR_NOENTRY,
+ "virtual principal %s does not exist "
+ "because last key rotation period "
+ "marks deletion", p);
+
+ /*
+ * Derive and set in `h' its current kvno and current keys.
+ *
+ * This will set h->kvno as well.
+ *
+ * This may set up to TWO keysets for the current key rotation period:
+ * - current keys (h->keys and h->kvno)
+ * - possibly one future
+ * OR
+ * possibly one past keyset in hist_keys for the current_kr
+ */
+ if (ret == 0 && current_kr < kr.len)
+ ret = derive_keys_for_current_kr(context, h, &base_keys, p, flags,
+ etype, kvno, t, &kr.val[current_kr],
+ current_kr ? kr.val[0].epoch : 0);
+
+ /*
+ * Derive and set in `h' its future keys for next KR if it is soon to be
+ * current.
+ *
+ * We want to derive keys for the first kvno of the next (future) KR if
+ * it's sufficiently close to `t', meaning within 1 period of the current
+ * KR, but we want these keys to be available sooner, so 1.5 of the current
+ * period.
+ */
+ if (ret == 0 && future_kr < kr.len && (flags & HDB_F_ALL_KVNOS))
+ ret = derive_keys_for_kr(context, h, &base_keys, 0, 0, p, etype, kvno,
+ kr.val[future_kr].epoch, &kr.val[future_kr]);
+
+ /*
+ * Derive and set in `h' its past keys for the previous KR if its last time
+ * period could still have extant, unexpired service tickets encrypted in
+ * its keys.
+ */
+ if (ret == 0 && past_kr < kr.len && (flags & HDB_F_ALL_KVNOS))
+ ret = derive_keys_for_kr(context, h, &base_keys, 0, 0, p, etype, kvno,
+ kr.val[current_kr].epoch - 1, &kr.val[past_kr]);
+
+ /*
+ * Impose a bound on h->max_life so that [when the KDC is the caller]
+ * the KDC won't issue tickets longer lived than this.
+ */
+ if (ret == 0 && !h->max_life &&
+ (h->max_life = calloc(1, sizeof(h->max_life[0]))) == NULL)
+ ret = krb5_enomem(context);
+ if (ret == 0 && *h->max_life > kr.val[current_kr].period >> 1)
+ *h->max_life = kr.val[current_kr].period >> 1;
+
+ free_HDB_Ext_KeyRotation(&kr);
+ free_HDB_Ext_KeySet(&base_keys);
+ free(p);
+ return ret;
+}
+
+/*
+ * Pick a best kvno for the given principal at the given time.
+ *
+ * Implements the [hdb] new_service_key_delay configuration parameter.
+ *
+ * In order for disparate keytab provisioning systems such as OSKT and our own
+ * kadmin ext_keytab and httpkadmind's get-keys to coexist, we need to be able
+ * to force keys set by the former to not become current keys until users of
+ * the latter have had a chance to fetch those keys into their keytabs. To do
+ * this we have to search the list of keys in the entry looking for the newest
+ * keys older than `now - db->new_service_key_delay'.
+ *
+ * The context is that OSKT's krb5_keytab is very happy to change keys in a way
+ * that requires all members of a cluster to rekey together. If one also
+ * wishes to have cluster members that opt out of this and just fetch current,
+ * past, and future keys periodically, then the keys set by OSKT must not come
+ * into effect until all the opt-out members have had a chance to fetch the new
+ * keys.
+ *
+ * The assumption is that services will fetch new keys periodically, say, every
+ * four hours. Then one can set `[hdb] new_service_key_delay = 8h' in the
+ * configuration and new keys set by OSKT will not be used until 8h after they
+ * are set.
+ *
+ * Naturally, this applies only to concrete principals with concrete keys.
+ */
+static krb5_error_code
+pick_kvno(krb5_context context,
+ HDB *db,
+ unsigned flags,
+ krb5_timestamp now,
+ krb5uint32 kvno,
+ hdb_entry *h)
+{
+ HDB_extension *ext;
+ HDB_Ext_KeySet keys;
+ time_t current = 0;
+ time_t best;
+ size_t i;
+
+ /*
+ * If we want a specific kvno, or if the caller doesn't want new keys
+ * delayed, or if there's no new-key delay configured, or we're not
+ * fetching for use as a service principal, then we're out.
+ */
+ if (!(flags & HDB_F_DELAY_NEW_KEYS) || kvno || h->flags.virtual ||
+ h->flags.virtual_keys || db->new_service_key_delay <= 0)
+ return 0;
+
+ /* No history -> current keyset is the only one and therefore the best */
+ ext = hdb_find_extension(h, choice_HDB_extension_data_hist_keys);
+ if (!ext)
+ return 0;
+
+ /* Assume the current keyset is the best to start with */
+ (void) hdb_entry_get_pw_change_time(h, &current);
+ if (current == 0 && h->modified_by)
+ current = h->modified_by->time;
+ if (current == 0)
+ current = h->created_by.time;
+
+ /* Current keyset starts out as best */
+ best = current;
+ kvno = h->kvno;
+
+ /* Look for a better keyset in the history */
+ keys = ext->data.u.hist_keys;
+ for (i = 0; i < keys.len; i++) {
+ /* No set_time? Ignore. Too new? Ignore */
+ if (!keys.val[i].set_time ||
+ keys.val[i].set_time[0] + db->new_service_key_delay > now)
+ continue;
+
+ /*
+ * Ignore the keyset with kvno 1 when the entry has better kvnos
+ * because kadmin's `ank -r' command immediately changes the keys.
+ */
+ if (kvno > 1 && keys.val[i].kvno == 1)
+ continue;
+
+ /*
+ * This keyset's set_time older than the previous best? Ignore.
+ * However, if the current best is the entry's current and that one
+ * is too new, then don't ignore this one.
+ */
+ if (keys.val[i].set_time[0] < best &&
+ (best != current || current + db->new_service_key_delay < now))
+ continue;
+
+ /*
+ * If two good enough keysets have the same set_time, take the keyset
+ * with the highest kvno.
+ */
+ if (keys.val[i].set_time[0] == best && keys.val[i].kvno <= kvno)
+ continue;
+
+ /*
+ * This keyset is clearly more current than the previous best keyset
+ * but still old enough to use for encrypting tickets with.
+ */
+ best = keys.val[i].set_time[0];
+ kvno = keys.val[i].kvno;
+ }
+ return hdb_change_kvno(context, kvno, h);
+}
+
+/*
+ * Make a WELLKNOWN/HOSTBASED-NAMESPACE/${svc}/${hostname} or
+ * WELLKNOWN/HOSTBASED-NAMESPACE/${svc}/${hostname}/${domainname} principal
+ * object, with the service and hostname components take from `wanted', but if
+ * the service name is not in the list `db->virtual_hostbased_princ_svcs[]'
+ * then use "_" (wildcard) instead. This way we can have different attributes
+ * for different services in the same namespaces.
+ *
+ * For example, virtual hostbased service names for the "host" service might
+ * have ok-as-delegate set, but ones for the "HTTP" service might not.
+ */
+static krb5_error_code
+make_namespace_princ(krb5_context context,
+ HDB *db,
+ krb5_const_principal wanted,
+ krb5_principal *namespace)
+{
+ krb5_error_code ret = 0;
+ const char *realm = krb5_principal_get_realm(context, wanted);
+ const char *comp0 = krb5_principal_get_comp_string(context, wanted, 0);
+ const char *comp1 = krb5_principal_get_comp_string(context, wanted, 1);
+ const char *comp2 = krb5_principal_get_comp_string(context, wanted, 2);
+ char * const *svcs = db->virtual_hostbased_princ_svcs;
+ size_t i;
+
+ *namespace = NULL;
+ if (comp0 == NULL || comp1 == NULL)
+ return EINVAL;
+ if (strcmp(comp0, "krbtgt") == 0)
+ return 0;
+
+ for (i = 0; svcs && svcs[i]; i++) {
+ if (strcmp(comp0, svcs[i]) == 0) {
+ comp0 = svcs[i];
+ break;
+ }
+ }
+ if (!svcs || !svcs[i])
+ comp0 = "_";
+
+ /* First go around, need a namespace princ. Make it! */
+ ret = krb5_build_principal(context, namespace, strlen(realm),
+ realm, KRB5_WELLKNOWN_NAME,
+ HDB_WK_NAMESPACE, comp0, NULL);
+ if (ret == 0)
+ ret = krb5_principal_set_comp_string(context, *namespace, 3, comp1);
+ if (ret == 0 && comp2)
+ /* Support domain-based names */
+ ret = krb5_principal_set_comp_string(context, *namespace, 4, comp2);
+ /* Caller frees `*namespace' on error */
+ return ret;
+}
+
+static int
+is_namespace_princ_p(krb5_context context,
+ krb5_const_principal princ)
+{
+ return
+ krb5_principal_get_num_comp(context, princ) >= 4
+ && strcmp(krb5_principal_get_comp_string(context, princ, 0),
+ KRB5_WELLKNOWN_NAME) == 0
+ && strcmp(krb5_principal_get_comp_string(context, princ, 1),
+ HDB_WK_NAMESPACE) == 0;
+}
+
+/* See call site */
+static krb5_error_code
+rewrite_hostname(krb5_context context,
+ krb5_const_principal wanted_princ,
+ krb5_const_principal ns_princ,
+ krb5_const_principal found_ns_princ,
+ char **s)
+{
+ const char *ns_host_part, *wanted_host_part, *found_host_part;
+ const char *p, *r;
+ size_t ns_host_part_len, wanted_host_part_len;
+
+ wanted_host_part = krb5_principal_get_comp_string(context, wanted_princ, 1);
+ wanted_host_part_len = strlen(wanted_host_part);
+ if (wanted_host_part_len > 256) {
+ krb5_set_error_message(context, HDB_ERR_NOENTRY,
+ "Aliases of host-based principals longer than "
+ "256 bytes not supported");
+ return HDB_ERR_NOENTRY;
+ }
+
+ ns_host_part = krb5_principal_get_comp_string(context, ns_princ, 3);
+ ns_host_part_len = strlen(ns_host_part);
+
+ /* Find `ns_host_part' as the tail of `wanted_host_part' */
+ for (r = p = strstr(wanted_host_part, ns_host_part);
+ r && strnlen(r, ns_host_part_len + 1) > ns_host_part_len;
+ p = (r = strstr(r, ns_host_part)) ? r : p)
+ ;
+ if (!p || strnlen(p, ns_host_part_len + 1) != ns_host_part_len)
+ return HDB_ERR_NOENTRY; /* Can't happen */
+ if (p == wanted_host_part || p[-1] != '.')
+ return HDB_ERR_NOENTRY;
+
+ found_host_part =
+ krb5_principal_get_comp_string(context, found_ns_princ, 3);
+ return
+ asprintf(s, "%.*s%s", (int)(p - wanted_host_part), wanted_host_part,
+ found_host_part) < 0 ||
+ *s == NULL ? krb5_enomem(context) : 0;
+}
+
+/*
+ * Fix `h->principal' to match the desired `princ' in the namespace
+ * `nsprinc' (which is either the same as `h->principal' or an alias
+ * of it).
+ */
+static krb5_error_code
+fix_princ_name(krb5_context context,
+ krb5_const_principal princ,
+ krb5_const_principal nsprinc,
+ hdb_entry *h)
+{
+ krb5_error_code ret = 0;
+ char *s = NULL;
+
+ if (!nsprinc)
+ return 0;
+ if (krb5_principal_get_num_comp(context, princ) < 2)
+ return HDB_ERR_NOENTRY;
+
+ /* `nsprinc' must be a namespace principal */
+
+ if (krb5_principal_compare(context, nsprinc, h->principal)) {
+ /*
+ * `h' is the HDB entry for `nsprinc', and `nsprinc' is its canonical
+ * name.
+ *
+ * Set the entry's principal name to the desired name. The keys will
+ * be fixed next (upstairs, but don't forget to!).
+ */
+ free_Principal(h->principal);
+ return copy_Principal(princ, h->principal);
+ }
+
+ if (!is_namespace_princ_p(context, h->principal)) {
+ /*
+ * The alias is a namespace, but the canonical name is not. WAT.
+ *
+ * Well, the KDC will just issue a referral anyways, so we can leave
+ * `h->principal' as is...
+ *
+ * Remove all of `h's keys just in case, and leave
+ * `h->principal' as-is.
+ */
+ free_Keys(&h->keys);
+ (void) hdb_entry_clear_password(context, h);
+ return hdb_clear_extension(context, h,
+ choice_HDB_extension_data_hist_keys);
+ }
+
+ /*
+ * A namespace alias of a namespace entry.
+ *
+ * We'll want to rewrite the original principal accordingly.
+ *
+ * E.g., if the caller wanted host/foo.ns.test.h5l.se and we
+ * found WELLKNOWN/HOSTBASED-NAMESPACE/ns.test.h5l.se is an
+ * alias of WELLKNOWN/HOSTBASED-NAMESPACE/ns.example.org, then
+ * we'll want to treat host/foo.ns.test.h5l.se as an alias of
+ * host/foo.ns.example.org.
+ */
+ if (krb5_principal_get_num_comp(context, h->principal) !=
+ 2 + krb5_principal_get_num_comp(context, princ))
+ ret = HDB_ERR_NOENTRY; /* Only host-based services for now */
+ if (ret == 0)
+ ret = rewrite_hostname(context, princ, nsprinc, h->principal, &s);
+ if (ret == 0) {
+ krb5_free_principal(context, h->principal);
+ h->principal = NULL;
+ ret = krb5_make_principal(context, &h->principal,
+ krb5_principal_get_realm(context, princ),
+ krb5_principal_get_comp_string(context,
+ princ, 0),
+ s,
+ NULL);
+ }
+ return ret;
+}
+
+/* Wrapper around db->hdb_fetch_kvno() that implements virtual princs/keys */
+static krb5_error_code
+fetch_it(krb5_context context,
+ HDB *db,
+ krb5_const_principal princ,
+ unsigned flags,
+ krb5_timestamp t,
+ krb5int32 etype,
+ krb5uint32 kvno,
+ hdb_entry *ent)
+{
+ krb5_const_principal tmpprinc = princ;
+ krb5_principal nsprinc = NULL;
+ krb5_error_code ret = 0;
+ const char *comp0 = krb5_principal_get_comp_string(context, princ, 0);
+ const char *comp1 = krb5_principal_get_comp_string(context, princ, 1);
+ const char *tmp;
+ size_t mindots = db->virtual_hostbased_princ_ndots;
+ size_t maxdots = db->virtual_hostbased_princ_maxdots;
+ size_t hdots = 0;
+ char *host = NULL;
+ int do_search = 0;
+
+ if (!db->enable_virtual_hostbased_princs)
+ maxdots = mindots = 0;
+ if (db->enable_virtual_hostbased_princs && comp1 &&
+ strcmp("krbtgt", comp0) != 0 && strcmp(KRB5_WELLKNOWN_NAME, comp0) != 0) {
+ char *htmp;
+
+ if ((host = strdup(comp1)) == NULL)
+ return krb5_enomem(context);
+
+ /* Strip out any :port */
+ htmp = strchr(host, ':');
+ if (htmp) {
+ if (strchr(htmp + 1, ':')) {
+ /* Extra ':'s? No virtualization for you! */
+ free(host);
+ host = NULL;
+ htmp = NULL;
+ } else {
+ *htmp = '\0';
+ }
+ }
+ /* Count dots in `host' */
+ for (hdots = 0, htmp = host; htmp && *htmp; htmp++)
+ if (*htmp == '.')
+ hdots++;
+
+ do_search = 1;
+ }
+
+ tmp = host ? host : comp1;
+ for (ret = HDB_ERR_NOENTRY; ret == HDB_ERR_NOENTRY; tmpprinc = nsprinc) {
+ krb5_error_code ret2 = 0;
+
+ /*
+ * We break out of this loop with ret == 0 only if we found the HDB
+ * entry we were looking for or the HDB entry for a matching namespace.
+ *
+ * Otherwise we break out with ret != 0, typically HDB_ERR_NOENTRY.
+ *
+ * First time through we lookup the principal as given.
+ *
+ * Next we lookup a namespace principal, stripping off hostname labels
+ * from the left until we find one or get tired of looking or run out
+ * of labels.
+ */
+ ret = db->hdb_fetch_kvno(context, db, tmpprinc, flags, kvno, ent);
+ if (ret != HDB_ERR_NOENTRY || hdots == 0 || hdots < mindots || !tmp ||
+ !do_search)
+ break;
+
+ /*
+ * Breadcrumb:
+ *
+ * - if we found a concrete principal, but it's been marked
+ * as now-virtual, then we must keep going
+ *
+ * But this will be coded in the future.
+ *
+ * Maybe we can take attributes from the concrete principal...
+ */
+
+ /*
+ * The namespace's hostname will not have more labels than maxdots + 1.
+ * Thus we truncate immediately down to maxdots + 1 if we haven't yet.
+ *
+ * Example: with maxdots == 3,
+ * foo.bar.baz.app.blah.example -> baz.app.blah.example
+ */
+ while (maxdots && hdots > maxdots && tmp) {
+ tmp = strchr(tmp, '.');
+ /* tmp != NULL because maxdots > 0; we check to quiet linters */
+ if (tmp == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+ tmp++;
+ hdots--;
+ }
+
+ if (nsprinc == NULL)
+ /* First go around, need a namespace princ. Make it! */
+ ret2 = make_namespace_princ(context, db, tmpprinc, &nsprinc);
+
+ /* Update the hostname component of the namespace principal */
+ if (ret2 == 0)
+ ret2 = krb5_principal_set_comp_string(context, nsprinc, 3, tmp);
+ if (ret2)
+ ret = ret2;
+
+ if (tmp) {
+ /* Strip off left-most label for the next go-around */
+ if ((tmp = strchr(tmp, '.')))
+ tmp++;
+ hdots--;
+ } /* else we'll break out after the next db->hdb_fetch_kvno() call */
+ }
+
+ /*
+ * If unencrypted keys were requested, derive them. There may not be any
+ * key derivation to do, but that's decided in derive_keys().
+ */
+ if (ret == 0) {
+ /* Fix the principal name if namespaced */
+ ret = fix_princ_name(context, princ, nsprinc, ent);
+
+ /* Derive keys if namespaced or virtual */
+ if (ret == 0)
+ ret = derive_keys(context, flags, princ, !!nsprinc, t, etype, kvno,
+ ent);
+ /* Pick the best kvno for this principal at the given time */
+ if (ret == 0)
+ ret = pick_kvno(context, db, flags, t, kvno, ent);
+ }
+
+out:
+ if (ret != 0 && ret != HDB_ERR_WRONG_REALM)
+ hdb_free_entry(context, db, ent);
+ krb5_free_principal(context, nsprinc);
+ free(host);
+ return ret;
+}
+
+/**
+ * Fetch a principal's HDB entry, possibly generating virtual keys from base
+ * keys according to strict key rotation schedules. If a time is given, other
+ * than HDB I/O, this function is pure, thus usable for testing.
+ *
+ * HDB writers should use `db->hdb_fetch_kvno()' to avoid materializing virtual
+ * principals.
+ *
+ * HDB readers should use this function rather than `db->hdb_fetch_kvno()'
+ * unless they only want to see concrete principals and not bother generating
+ * any virtual keys.
+ *
+ * @param context Context
+ * @param db HDB
+ * @param principal Principal name
+ * @param flags Fetch flags
+ * @param t For virtual keys, use this as the point in time (use zero to mean "now")
+ * @param etype Key enctype (use KRB5_ENCTYPE_NULL to mean "preferred")
+ * @param kvno Key version number (use zero to mean "current")
+ * @param h Output HDB entry
+ *
+ * @return Zero on success, an error code otherwise.
+ */
+krb5_error_code
+hdb_fetch_kvno(krb5_context context,
+ HDB *db,
+ krb5_const_principal principal,
+ unsigned int flags,
+ krb5_timestamp t,
+ krb5int32 etype,
+ krb5uint32 kvno,
+ hdb_entry *h)
+{
+ krb5_error_code ret = HDB_ERR_NOENTRY;
+
+ flags |= kvno ? HDB_F_KVNO_SPECIFIED : 0; /* XXX is this needed */
+ if (t == 0)
+ krb5_timeofday(context, &t);
+ ret = fetch_it(context, db, principal, flags, t, etype, kvno, h);
+ if (ret == HDB_ERR_NOENTRY)
+ krb5_set_error_message(context, ret, "no such entry found in hdb");
+
+ /*
+ * This check is to support aliases in HDB; the force_canonicalize
+ * check is to allow HDB backends to support realm name canon
+ * independently of principal aliases (used by Samba).
+ */
+ if (ret == 0 && !(flags & HDB_F_ADMIN_DATA) &&
+ !h->flags.force_canonicalize &&
+ !krb5_realm_compare(context, principal, h->principal))
+ ret = HDB_ERR_WRONG_REALM;
+ return ret;
+}
+
+size_t ASN1CALL
+length_hdb_keyset(HDB_keyset *data)
+{
+ return length_HDB_keyset(data);
+}
+
+size_t ASN1CALL
+length_hdb_entry(HDB_entry *data)
+{
+ return length_HDB_entry(data);
+}
+
+size_t ASN1CALL
+length_hdb_entry_alias(HDB_entry_alias *data)
+{
+ return length_HDB_entry_alias(data);
+}
+
+void ASN1CALL
+free_hdb_keyset(HDB_keyset *data)
+{
+ free_HDB_keyset(data);
+}
+
+void ASN1CALL
+free_hdb_entry(HDB_entry *data)
+{
+ free_HDB_entry(data);
+}
+
+void ASN1CALL
+free_hdb_entry_alias(HDB_entry_alias *data)
+{
+ free_HDB_entry_alias(data);
+}
+
+size_t ASN1CALL
+copy_hdb_keyset(const HDB_keyset *from, HDB_keyset *to)
+{
+ return copy_HDB_keyset(from, to);
+}
+
+size_t ASN1CALL
+copy_hdb_entry(const HDB_entry *from, HDB_entry *to)
+{
+ return copy_HDB_entry(from, to);
+}
+
+size_t ASN1CALL
+copy_hdb_entry_alias(const HDB_entry_alias *from, HDB_entry_alias *to)
+{
+ return copy_HDB_entry_alias(from, to);
+}
+
+int ASN1CALL
+decode_hdb_keyset(const unsigned char *p,
+ size_t len,
+ HDB_keyset *data,
+ size_t *size)
+{
+ return decode_HDB_keyset(p, len, data, size);
+}
+
+int ASN1CALL
+decode_hdb_entry(const unsigned char *p,
+ size_t len,
+ HDB_entry *data,
+ size_t *size)
+{
+ return decode_HDB_entry(p, len, data, size);
+}
+
+int ASN1CALL
+decode_hdb_entry_alias(const unsigned char *p,
+ size_t len,
+ HDB_entry_alias *data,
+ size_t *size)
+{
+ return decode_HDB_entry_alias(p, len, data, size);
+}
+
+int ASN1CALL
+encode_hdb_keyset(unsigned char *p,
+ size_t len,
+ const HDB_keyset *data,
+ size_t *size)
+{
+ return encode_HDB_keyset(p, len, data, size);
+}
+
+int ASN1CALL
+encode_hdb_entry(unsigned char *p,
+ size_t len,
+ const HDB_entry *data,
+ size_t *size)
+{
+ return encode_HDB_entry(p, len, data, size);
+}
+
+int ASN1CALL
+encode_hdb_entry_alias(unsigned char *p,
+ size_t len,
+ const HDB_entry_alias *data,
+ size_t *size)
+{
+ return encode_HDB_entry_alias(p, len, data, size);
+}