1 /* 2 * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "kadmin_locl.h" 35 #include <kadm5/private.h> 36 37 RCSID("$Id: load.c,v 1.43 2001/08/10 13:52:22 joda Exp $"); 38 39 struct entry { 40 char *principal; 41 char *key; 42 char *max_life; 43 char *max_renew; 44 char *created; 45 char *modified; 46 char *valid_start; 47 char *valid_end; 48 char *pw_end; 49 char *flags; 50 char *generation; 51 }; 52 53 static char * 54 skip_next(char *p) 55 { 56 while(*p && !isspace((unsigned char)*p)) 57 p++; 58 *p++ = 0; 59 while(*p && isspace((unsigned char)*p)) 60 p++; 61 return p; 62 } 63 64 /* 65 * Parse the time in `s', returning: 66 * -1 if error parsing 67 * 0 if none present 68 * 1 if parsed ok 69 */ 70 71 static int 72 parse_time_string(time_t *t, const char *s) 73 { 74 int year, month, date, hour, minute, second; 75 struct tm tm; 76 77 if(strcmp(s, "-") == 0) 78 return 0; 79 if(sscanf(s, "%04d%02d%02d%02d%02d%02d", 80 &year, &month, &date, &hour, &minute, &second) != 6) 81 return -1; 82 tm.tm_year = year - 1900; 83 tm.tm_mon = month - 1; 84 tm.tm_mday = date; 85 tm.tm_hour = hour; 86 tm.tm_min = minute; 87 tm.tm_sec = second; 88 tm.tm_isdst = 0; 89 *t = timegm(&tm); 90 return 1; 91 } 92 93 /* 94 * parse time, allocating space in *t if it's there 95 */ 96 97 static int 98 parse_time_string_alloc (time_t **t, const char *s) 99 { 100 time_t tmp; 101 int ret; 102 103 *t = NULL; 104 ret = parse_time_string (&tmp, s); 105 if (ret == 1) { 106 *t = malloc (sizeof (**t)); 107 if (*t == NULL) 108 krb5_errx (context, 1, "malloc: out of memory"); 109 **t = tmp; 110 } 111 return ret; 112 } 113 114 /* 115 * see parse_time_string for calling convention 116 */ 117 118 static int 119 parse_integer(unsigned *u, const char *s) 120 { 121 if(strcmp(s, "-") == 0) 122 return 0; 123 if (sscanf(s, "%u", u) != 1) 124 return -1; 125 return 1; 126 } 127 128 static int 129 parse_integer_alloc (int **u, const char *s) 130 { 131 unsigned tmp; 132 int ret; 133 134 *u = NULL; 135 ret = parse_integer (&tmp, s); 136 if (ret == 1) { 137 *u = malloc (sizeof (**u)); 138 if (*u == NULL) 139 krb5_errx (context, 1, "malloc: out of memory"); 140 **u = tmp; 141 } 142 return ret; 143 } 144 145 /* 146 * Parse dumped keys in `str' and store them in `ent' 147 * return -1 if parsing failed 148 */ 149 150 static int 151 parse_keys(hdb_entry *ent, char *str) 152 { 153 krb5_error_code ret; 154 int tmp; 155 char *p; 156 int i; 157 158 p = strsep(&str, ":"); 159 if (sscanf(p, "%d", &tmp) != 1) 160 return 1; 161 ent->kvno = tmp; 162 p = strsep(&str, ":"); 163 while(p){ 164 Key *key; 165 key = realloc(ent->keys.val, 166 (ent->keys.len + 1) * sizeof(*ent->keys.val)); 167 if(key == NULL) 168 krb5_errx (context, 1, "realloc: out of memory"); 169 ent->keys.val = key; 170 key = ent->keys.val + ent->keys.len; 171 ent->keys.len++; 172 memset(key, 0, sizeof(*key)); 173 if(sscanf(p, "%d", &tmp) == 1) { 174 key->mkvno = malloc(sizeof(*key->mkvno)); 175 *key->mkvno = tmp; 176 } else 177 key->mkvno = NULL; 178 p = strsep(&str, ":"); 179 if (sscanf(p, "%d", &tmp) != 1) 180 return 1; 181 key->key.keytype = tmp; 182 p = strsep(&str, ":"); 183 ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1); 184 if (ret) 185 krb5_err (context, 1, ret, "krb5_data_alloc"); 186 for(i = 0; i < strlen(p); i += 2) { 187 if(sscanf(p + i, "%02x", &tmp) != 1) 188 return 1; 189 ((u_char*)key->key.keyvalue.data)[i / 2] = tmp; 190 } 191 p = strsep(&str, ":"); 192 if(strcmp(p, "-") != 0){ 193 unsigned type; 194 size_t p_len; 195 196 if(sscanf(p, "%u/", &type) != 1) 197 return 1; 198 p = strchr(p, '/'); 199 if(p == NULL) 200 return 1; 201 p++; 202 p_len = strlen(p); 203 204 key->salt = malloc(sizeof(*key->salt)); 205 if (key->salt == NULL) 206 krb5_errx (context, 1, "malloc: out of memory"); 207 key->salt->type = type; 208 209 if (p_len) { 210 if(*p == '\"') { 211 ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2); 212 if (ret) 213 krb5_err (context, 1, ret, "krb5_data_copy"); 214 } else { 215 ret = krb5_data_alloc(&key->salt->salt, 216 (p_len - 1) / 2 + 1); 217 if (ret) 218 krb5_err (context, 1, ret, "krb5_data_alloc"); 219 for(i = 0; i < p_len; i += 2){ 220 if (sscanf(p + i, "%02x", &tmp) != 1) 221 return 1; 222 ((u_char*)key->salt->salt.data)[i / 2] = tmp; 223 } 224 } 225 } else 226 krb5_data_zero (&key->salt->salt); 227 } 228 p = strsep(&str, ":"); 229 } 230 return 0; 231 } 232 233 /* 234 * see parse_time_string for calling convention 235 */ 236 237 static int 238 parse_event(Event *ev, char *s) 239 { 240 krb5_error_code ret; 241 char *p; 242 243 if(strcmp(s, "-") == 0) 244 return 0; 245 memset(ev, 0, sizeof(*ev)); 246 p = strsep(&s, ":"); 247 if(parse_time_string(&ev->time, p) != 1) 248 return -1; 249 p = strsep(&s, ":"); 250 ret = krb5_parse_name(context, p, &ev->principal); 251 if (ret) 252 return -1; 253 return 1; 254 } 255 256 static int 257 parse_event_alloc (Event **ev, char *s) 258 { 259 Event tmp; 260 int ret; 261 262 *ev = NULL; 263 ret = parse_event (&tmp, s); 264 if (ret == 1) { 265 *ev = malloc (sizeof (**ev)); 266 if (*ev == NULL) 267 krb5_errx (context, 1, "malloc: out of memory"); 268 **ev = tmp; 269 } 270 return ret; 271 } 272 273 static int 274 parse_hdbflags2int(HDBFlags *f, const char *s) 275 { 276 int ret; 277 unsigned tmp; 278 279 ret = parse_integer (&tmp, s); 280 if (ret == 1) 281 *f = int2HDBFlags (tmp); 282 return ret; 283 } 284 285 static int 286 parse_generation(char *str, GENERATION **gen) 287 { 288 char *p; 289 int v; 290 291 if(strcmp(str, "-") == 0 || *str == '\0') 292 *gen = NULL; 293 *gen = calloc(1, sizeof(**gen)); 294 295 p = strsep(&str, ":"); 296 if(parse_time_string(&(*gen)->time, p) != 1) 297 return -1; 298 p = strsep(&str, ":"); 299 if(sscanf(p, "%d", &v) != 1) 300 return -1; 301 (*gen)->usec = v; 302 p = strsep(&str, ":"); 303 if(sscanf(p, "%d", &v) != 1) 304 return -1; 305 (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */ 306 return 0; 307 } 308 309 310 /* 311 * Parse the dump file in `filename' and create the database (merging 312 * iff merge) 313 */ 314 315 static int 316 doit(const char *filename, int merge) 317 { 318 krb5_error_code ret; 319 FILE *f; 320 char s[8192]; /* XXX should fix this properly */ 321 char *p; 322 int line; 323 int flags = O_RDWR; 324 struct entry e; 325 hdb_entry ent; 326 HDB *db = _kadm5_s_get_db(kadm_handle); 327 328 f = fopen(filename, "r"); 329 if(f == NULL){ 330 krb5_warn(context, errno, "fopen(%s)", filename); 331 return 1; 332 } 333 ret = kadm5_log_truncate (kadm_handle); 334 if (ret) { 335 fclose (f); 336 krb5_warn(context, ret, "kadm5_log_truncate"); 337 return 1; 338 } 339 340 if(!merge) 341 flags |= O_CREAT | O_TRUNC; 342 ret = db->open(context, db, flags, 0600); 343 if(ret){ 344 krb5_warn(context, ret, "hdb_open"); 345 fclose(f); 346 return 1; 347 } 348 line = 0; 349 ret = 0; 350 while(fgets(s, sizeof(s), f) != NULL) { 351 ret = 0; 352 line++; 353 e.principal = s; 354 for(p = s; *p; p++){ 355 if(*p == '\\') 356 p++; 357 else if(isspace((unsigned char)*p)) { 358 *p = 0; 359 break; 360 } 361 } 362 p = skip_next(p); 363 364 e.key = p; 365 p = skip_next(p); 366 367 e.created = p; 368 p = skip_next(p); 369 370 e.modified = p; 371 p = skip_next(p); 372 373 e.valid_start = p; 374 p = skip_next(p); 375 376 e.valid_end = p; 377 p = skip_next(p); 378 379 e.pw_end = p; 380 p = skip_next(p); 381 382 e.max_life = p; 383 p = skip_next(p); 384 385 e.max_renew = p; 386 p = skip_next(p); 387 388 e.flags = p; 389 p = skip_next(p); 390 391 e.generation = p; 392 p = skip_next(p); 393 394 memset(&ent, 0, sizeof(ent)); 395 ret = krb5_parse_name(context, e.principal, &ent.principal); 396 if(ret) { 397 fprintf(stderr, "%s:%d:%s (%s)\n", 398 filename, 399 line, 400 krb5_get_err_text(context, ret), 401 e.principal); 402 continue; 403 } 404 405 if (parse_keys(&ent, e.key)) { 406 fprintf (stderr, "%s:%d:error parsing keys (%s)\n", 407 filename, line, e.key); 408 hdb_free_entry (context, &ent); 409 continue; 410 } 411 412 if (parse_event(&ent.created_by, e.created) == -1) { 413 fprintf (stderr, "%s:%d:error parsing created event (%s)\n", 414 filename, line, e.created); 415 hdb_free_entry (context, &ent); 416 continue; 417 } 418 if (parse_event_alloc (&ent.modified_by, e.modified) == -1) { 419 fprintf (stderr, "%s:%d:error parsing event (%s)\n", 420 filename, line, e.modified); 421 hdb_free_entry (context, &ent); 422 continue; 423 } 424 if (parse_time_string_alloc (&ent.valid_start, e.valid_start) == -1) { 425 fprintf (stderr, "%s:%d:error parsing time (%s)\n", 426 filename, line, e.valid_start); 427 hdb_free_entry (context, &ent); 428 continue; 429 } 430 if (parse_time_string_alloc (&ent.valid_end, e.valid_end) == -1) { 431 fprintf (stderr, "%s:%d:error parsing time (%s)\n", 432 filename, line, e.valid_end); 433 hdb_free_entry (context, &ent); 434 continue; 435 } 436 if (parse_time_string_alloc (&ent.pw_end, e.pw_end) == -1) { 437 fprintf (stderr, "%s:%d:error parsing time (%s)\n", 438 filename, line, e.pw_end); 439 hdb_free_entry (context, &ent); 440 continue; 441 } 442 443 if (parse_integer_alloc (&ent.max_life, e.max_life) == -1) { 444 fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", 445 filename, line, e.max_life); 446 hdb_free_entry (context, &ent); 447 continue; 448 449 } 450 if (parse_integer_alloc (&ent.max_renew, e.max_renew) == -1) { 451 fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", 452 filename, line, e.max_renew); 453 hdb_free_entry (context, &ent); 454 continue; 455 } 456 457 if (parse_hdbflags2int (&ent.flags, e.flags) != 1) { 458 fprintf (stderr, "%s:%d:error parsing flags (%s)\n", 459 filename, line, e.flags); 460 hdb_free_entry (context, &ent); 461 continue; 462 } 463 464 if(parse_generation(e.generation, &ent.generation) == -1) { 465 fprintf (stderr, "%s:%d:error parsing generation (%s)\n", 466 filename, line, e.generation); 467 hdb_free_entry (context, &ent); 468 continue; 469 } 470 471 ret = db->store(context, db, HDB_F_REPLACE, &ent); 472 hdb_free_entry (context, &ent); 473 if (ret) { 474 krb5_warn(context, ret, "db_store"); 475 break; 476 } 477 } 478 db->close(context, db); 479 fclose(f); 480 return ret != 0; 481 } 482 483 484 static struct getargs args[] = { 485 { "help", 'h', arg_flag, NULL } 486 }; 487 488 static int num_args = sizeof(args) / sizeof(args[0]); 489 490 static void 491 usage(const char *name) 492 { 493 arg_printusage (args, num_args, name, "file"); 494 } 495 496 497 498 int 499 load(int argc, char **argv) 500 { 501 int optind = 0; 502 int help_flag = 0; 503 504 args[0].value = &help_flag; 505 506 if(getarg(args, num_args, argc, argv, &optind)) { 507 usage ("load"); 508 return 0; 509 } 510 if(argc - optind != 1 || help_flag) { 511 usage ("load"); 512 return 0; 513 } 514 515 doit(argv[optind], 0); 516 return 0; 517 } 518 519 int 520 merge(int argc, char **argv) 521 { 522 int optind = 0; 523 int help_flag = 0; 524 525 args[0].value = &help_flag; 526 527 if(getarg(args, num_args, argc, argv, &optind)) { 528 usage ("merge"); 529 return 0; 530 } 531 if(argc - optind != 1 || help_flag) { 532 usage ("merge"); 533 return 0; 534 } 535 536 doit(argv[optind], 1); 537 return 0; 538 } 539