17c478bd9Sstevel@tonic-gate /* 2*159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate /* 87c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 97c478bd9Sstevel@tonic-gate * 107c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 117c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 127c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 137c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 147c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 157c478bd9Sstevel@tonic-gate * 167c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 177c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 187c478bd9Sstevel@tonic-gate * copyright. 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 217c478bd9Sstevel@tonic-gate * 227c478bd9Sstevel@tonic-gate */ 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate /* 267c478bd9Sstevel@tonic-gate * lib/kadm/str_conv.c 277c478bd9Sstevel@tonic-gate * 287c478bd9Sstevel@tonic-gate * Copyright 1995 by the Massachusetts Institute of Technology. 297c478bd9Sstevel@tonic-gate * All Rights Reserved. 307c478bd9Sstevel@tonic-gate * 317c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 327c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 337c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 347c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 357c478bd9Sstevel@tonic-gate * 367c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 377c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 387c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 397c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 407c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 417c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 427c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 437c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 447c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 457c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 467c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 477c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 487c478bd9Sstevel@tonic-gate * or implied warranty. 497c478bd9Sstevel@tonic-gate * 507c478bd9Sstevel@tonic-gate */ 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate /* 537c478bd9Sstevel@tonic-gate * str_conv.c - Convert between strings and Kerberos internal data. 547c478bd9Sstevel@tonic-gate */ 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate /* 577c478bd9Sstevel@tonic-gate * Table of contents: 587c478bd9Sstevel@tonic-gate * 597c478bd9Sstevel@tonic-gate * String decoding: 607c478bd9Sstevel@tonic-gate * ---------------- 617c478bd9Sstevel@tonic-gate * krb5_string_to_flags() - Convert string to krb5_flags. 627c478bd9Sstevel@tonic-gate * 637c478bd9Sstevel@tonic-gate * String encoding: 647c478bd9Sstevel@tonic-gate * ---------------- 657c478bd9Sstevel@tonic-gate * krb5_flags_to_string() - Convert krb5_flags to string. 667c478bd9Sstevel@tonic-gate */ 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate #include "k5-int.h" 697c478bd9Sstevel@tonic-gate #include "admin_internal.h" 7056a424ccSmp153739 #include "adm_proto.h" 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate /* 737c478bd9Sstevel@tonic-gate * Local data structures. 747c478bd9Sstevel@tonic-gate */ 757c478bd9Sstevel@tonic-gate struct flags_lookup_entry { 767c478bd9Sstevel@tonic-gate krb5_flags fl_flags; /* Flag */ 777c478bd9Sstevel@tonic-gate krb5_boolean fl_sense; /* Sense of the flag */ 787c478bd9Sstevel@tonic-gate const char * fl_specifier; /* How to recognize it */ 797c478bd9Sstevel@tonic-gate const char * fl_output; /* How to spit it out */ 807c478bd9Sstevel@tonic-gate }; 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate /* 837c478bd9Sstevel@tonic-gate * Local strings 847c478bd9Sstevel@tonic-gate */ 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate static const char default_tupleseps[] = ", \t"; 877c478bd9Sstevel@tonic-gate static const char default_ksaltseps[] = ":."; 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate /* Keytype strings */ 907c478bd9Sstevel@tonic-gate /* Flags strings */ 917c478bd9Sstevel@tonic-gate static const char flags_pdate_in[] = "postdateable"; 927c478bd9Sstevel@tonic-gate static const char flags_fwd_in[] = "forwardable"; 937c478bd9Sstevel@tonic-gate static const char flags_tgtbased_in[] = "tgt-based"; 947c478bd9Sstevel@tonic-gate static const char flags_renew_in[] = "renewable"; 957c478bd9Sstevel@tonic-gate static const char flags_proxy_in[] = "proxiable"; 967c478bd9Sstevel@tonic-gate static const char flags_dup_skey_in[] = "dup-skey"; 977c478bd9Sstevel@tonic-gate static const char flags_tickets_in[] = "allow-tickets"; 987c478bd9Sstevel@tonic-gate static const char flags_preauth_in[] = "preauth"; 997c478bd9Sstevel@tonic-gate static const char flags_hwauth_in[] = "hwauth"; 1007c478bd9Sstevel@tonic-gate static const char flags_pwchange_in[] = "pwchange"; 1017c478bd9Sstevel@tonic-gate static const char flags_service_in[] = "service"; 1027c478bd9Sstevel@tonic-gate static const char flags_pwsvc_in[] = "pwservice"; 1037c478bd9Sstevel@tonic-gate static const char flags_md5_in[] = "md5"; 1047c478bd9Sstevel@tonic-gate static const char flags_pdate_out[] = "Not Postdateable"; 1057c478bd9Sstevel@tonic-gate static const char flags_fwd_out[] = "Not Forwardable"; 1067c478bd9Sstevel@tonic-gate static const char flags_tgtbased_out[] = "No TGT-based requests"; 1077c478bd9Sstevel@tonic-gate static const char flags_renew_out[] = "Not renewable"; 1087c478bd9Sstevel@tonic-gate static const char flags_proxy_out[] = "Not proxiable"; 1097c478bd9Sstevel@tonic-gate static const char flags_dup_skey_out[] = "No DUP_SKEY requests"; 1107c478bd9Sstevel@tonic-gate static const char flags_tickets_out[] = "All Tickets Disallowed"; 1117c478bd9Sstevel@tonic-gate static const char flags_preauth_out[] = "Preauthorization required"; 1127c478bd9Sstevel@tonic-gate static const char flags_hwauth_out[] = "HW Authorization required"; 1137c478bd9Sstevel@tonic-gate static const char flags_pwchange_out[] = "Password Change required"; 1147c478bd9Sstevel@tonic-gate static const char flags_service_out[] = "Service Disabled"; 1157c478bd9Sstevel@tonic-gate static const char flags_pwsvc_out[] = "Password Changing Service"; 1167c478bd9Sstevel@tonic-gate static const char flags_md5_out[] = "RSA-MD5 supported"; 1177c478bd9Sstevel@tonic-gate static const char flags_default_neg[] = "-"; 1187c478bd9Sstevel@tonic-gate static const char flags_default_sep[] = " "; 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* 1217c478bd9Sstevel@tonic-gate * Lookup tables. 1227c478bd9Sstevel@tonic-gate */ 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate static const struct flags_lookup_entry flags_table[] = { 1257c478bd9Sstevel@tonic-gate /* flag sense input specifier output string */ 1267c478bd9Sstevel@tonic-gate /*----------------------------- ------- ------------------ ------------------*/ 1277c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_POSTDATED, 0, flags_pdate_in, flags_pdate_out }, 1287c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_FORWARDABLE,0, flags_fwd_in, flags_fwd_out }, 1297c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_TGT_BASED, 0, flags_tgtbased_in, flags_tgtbased_out}, 1307c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_RENEWABLE, 0, flags_renew_in, flags_renew_out }, 1317c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_PROXIABLE, 0, flags_proxy_in, flags_proxy_out }, 1327c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_DUP_SKEY, 0, flags_dup_skey_in, flags_dup_skey_out}, 1337c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_ALL_TIX, 0, flags_tickets_in, flags_tickets_out }, 1347c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PRE_AUTH, 1, flags_preauth_in, flags_preauth_out }, 1357c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_HW_AUTH, 1, flags_hwauth_in, flags_hwauth_out }, 1367c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PWCHANGE, 1, flags_pwchange_in, flags_pwchange_out}, 1377c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_SVR, 0, flags_service_in, flags_service_out }, 1387c478bd9Sstevel@tonic-gate { KRB5_KDB_PWCHANGE_SERVICE, 1, flags_pwsvc_in, flags_pwsvc_out }, 1397c478bd9Sstevel@tonic-gate { KRB5_KDB_SUPPORT_DESMD5, 1, flags_md5_in, flags_md5_out } 1407c478bd9Sstevel@tonic-gate }; 1417c478bd9Sstevel@tonic-gate static const int flags_table_nents = sizeof(flags_table)/ 1427c478bd9Sstevel@tonic-gate sizeof(flags_table[0]); 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate 1457c478bd9Sstevel@tonic-gate krb5_error_code 1467c478bd9Sstevel@tonic-gate krb5_string_to_flags(string, positive, negative, flagsp) 1477c478bd9Sstevel@tonic-gate char * string; 1487c478bd9Sstevel@tonic-gate const char * positive; 1497c478bd9Sstevel@tonic-gate const char * negative; 1507c478bd9Sstevel@tonic-gate krb5_flags * flagsp; 1517c478bd9Sstevel@tonic-gate { 1527c478bd9Sstevel@tonic-gate int i; 1537c478bd9Sstevel@tonic-gate int found; 1547c478bd9Sstevel@tonic-gate const char *neg; 1557c478bd9Sstevel@tonic-gate size_t nsize, psize; 1567c478bd9Sstevel@tonic-gate int cpos; 1577c478bd9Sstevel@tonic-gate int sense; 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate found = 0; 1607c478bd9Sstevel@tonic-gate /* We need to have a way to negate it. */ 1617c478bd9Sstevel@tonic-gate neg = (negative) ? negative : flags_default_neg; 1627c478bd9Sstevel@tonic-gate nsize = strlen(neg); 1637c478bd9Sstevel@tonic-gate psize = (positive) ? strlen(positive) : 0; 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate cpos = 0; 1667c478bd9Sstevel@tonic-gate sense = 1; 1677c478bd9Sstevel@tonic-gate /* First check for positive or negative sense */ 1687c478bd9Sstevel@tonic-gate if (!strncasecmp(neg, string, nsize)) { 1697c478bd9Sstevel@tonic-gate sense = 0; 1707c478bd9Sstevel@tonic-gate cpos += (int) nsize; 1717c478bd9Sstevel@tonic-gate } 1727c478bd9Sstevel@tonic-gate else if (psize && !strncasecmp(positive, string, psize)) { 1737c478bd9Sstevel@tonic-gate cpos += (int) psize; 1747c478bd9Sstevel@tonic-gate } 1757c478bd9Sstevel@tonic-gate 1767c478bd9Sstevel@tonic-gate for (i=0; i<flags_table_nents; i++) { 1777c478bd9Sstevel@tonic-gate if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) { 1787c478bd9Sstevel@tonic-gate found = 1; 1797c478bd9Sstevel@tonic-gate if (sense == (int) flags_table[i].fl_sense) 1807c478bd9Sstevel@tonic-gate *flagsp |= flags_table[i].fl_flags; 1817c478bd9Sstevel@tonic-gate else 1827c478bd9Sstevel@tonic-gate *flagsp &= ~flags_table[i].fl_flags; 1837c478bd9Sstevel@tonic-gate 1847c478bd9Sstevel@tonic-gate break; 1857c478bd9Sstevel@tonic-gate } 1867c478bd9Sstevel@tonic-gate } 1877c478bd9Sstevel@tonic-gate return((found) ? 0 : EINVAL); 1887c478bd9Sstevel@tonic-gate } 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate krb5_error_code 1917c478bd9Sstevel@tonic-gate krb5_flags_to_string(flags, sep, buffer, buflen) 1927c478bd9Sstevel@tonic-gate krb5_flags flags; 1937c478bd9Sstevel@tonic-gate const char * sep; 1947c478bd9Sstevel@tonic-gate char * buffer; 1957c478bd9Sstevel@tonic-gate size_t buflen; 1967c478bd9Sstevel@tonic-gate { 1977c478bd9Sstevel@tonic-gate int i; 1987c478bd9Sstevel@tonic-gate krb5_flags pflags; 1997c478bd9Sstevel@tonic-gate const char *sepstring; 2007c478bd9Sstevel@tonic-gate char *op; 2017c478bd9Sstevel@tonic-gate int initial; 2027c478bd9Sstevel@tonic-gate krb5_error_code retval; 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate retval = 0; 2057c478bd9Sstevel@tonic-gate op = buffer; 2067c478bd9Sstevel@tonic-gate pflags = 0; 2077c478bd9Sstevel@tonic-gate initial = 1; 2087c478bd9Sstevel@tonic-gate sepstring = (sep) ? sep : flags_default_sep; 2097c478bd9Sstevel@tonic-gate /* Blast through the table matching all we can */ 2107c478bd9Sstevel@tonic-gate for (i=0; i<flags_table_nents; i++) { 2117c478bd9Sstevel@tonic-gate if (flags & flags_table[i].fl_flags) { 2127c478bd9Sstevel@tonic-gate /* Found a match, see if it'll fit into the output buffer */ 2137c478bd9Sstevel@tonic-gate if ((op+strlen(flags_table[i].fl_output)+strlen(sepstring)) < 2147c478bd9Sstevel@tonic-gate (buffer + buflen)) { 2157c478bd9Sstevel@tonic-gate if (!initial) { 2167c478bd9Sstevel@tonic-gate strcpy(op, sep); 2177c478bd9Sstevel@tonic-gate op += strlen(sep); 2187c478bd9Sstevel@tonic-gate } 2197c478bd9Sstevel@tonic-gate initial = 0; 2207c478bd9Sstevel@tonic-gate strcpy(op, flags_table[i].fl_output); 2217c478bd9Sstevel@tonic-gate op += strlen(flags_table[i].fl_output); 2227c478bd9Sstevel@tonic-gate } 2237c478bd9Sstevel@tonic-gate else { 2247c478bd9Sstevel@tonic-gate retval = ENOMEM; 2257c478bd9Sstevel@tonic-gate break; 2267c478bd9Sstevel@tonic-gate } 2277c478bd9Sstevel@tonic-gate /* Keep track of what we matched */ 2287c478bd9Sstevel@tonic-gate pflags |= flags_table[i].fl_flags; 2297c478bd9Sstevel@tonic-gate } 2307c478bd9Sstevel@tonic-gate } 2317c478bd9Sstevel@tonic-gate if (!retval) { 2327c478bd9Sstevel@tonic-gate /* See if there's any leftovers */ 2337c478bd9Sstevel@tonic-gate if (flags & ~pflags) 2347c478bd9Sstevel@tonic-gate retval = EINVAL; 2357c478bd9Sstevel@tonic-gate else if (initial) 2367c478bd9Sstevel@tonic-gate *buffer = '\0'; 2377c478bd9Sstevel@tonic-gate } 2387c478bd9Sstevel@tonic-gate return(retval); 2397c478bd9Sstevel@tonic-gate } 2407c478bd9Sstevel@tonic-gate 2417c478bd9Sstevel@tonic-gate krb5_error_code 2427c478bd9Sstevel@tonic-gate krb5_input_flag_to_string(flag, buffer, buflen) 2437c478bd9Sstevel@tonic-gate int flag; 2447c478bd9Sstevel@tonic-gate char * buffer; 2457c478bd9Sstevel@tonic-gate size_t buflen; 2467c478bd9Sstevel@tonic-gate { 2477c478bd9Sstevel@tonic-gate if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */ 2487c478bd9Sstevel@tonic-gate if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM; 2497c478bd9Sstevel@tonic-gate strcpy(buffer, flags_table[flag].fl_specifier); 2507c478bd9Sstevel@tonic-gate return 0; 2517c478bd9Sstevel@tonic-gate } 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate /* 2547c478bd9Sstevel@tonic-gate * krb5_keysalt_is_present() - Determine if a key/salt pair is present 2557c478bd9Sstevel@tonic-gate * in a list of key/salt tuples. 2567c478bd9Sstevel@tonic-gate * 2577c478bd9Sstevel@tonic-gate * Salttype may be negative to indicate a search for only a enctype. 2587c478bd9Sstevel@tonic-gate */ 2597c478bd9Sstevel@tonic-gate krb5_boolean 2607c478bd9Sstevel@tonic-gate krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) 2617c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ksaltlist; 2627c478bd9Sstevel@tonic-gate krb5_int32 nksalts; 2637c478bd9Sstevel@tonic-gate krb5_enctype enctype; 2647c478bd9Sstevel@tonic-gate krb5_int32 salttype; 2657c478bd9Sstevel@tonic-gate { 2667c478bd9Sstevel@tonic-gate krb5_boolean foundit; 2677c478bd9Sstevel@tonic-gate int i; 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate foundit = 0; 2707c478bd9Sstevel@tonic-gate if (ksaltlist) { 2717c478bd9Sstevel@tonic-gate for (i=0; i<nksalts; i++) { 2727c478bd9Sstevel@tonic-gate if ((ksaltlist[i].ks_enctype == enctype) && 2737c478bd9Sstevel@tonic-gate ((ksaltlist[i].ks_salttype == salttype) || 2747c478bd9Sstevel@tonic-gate (salttype < 0))) { 2757c478bd9Sstevel@tonic-gate foundit = 1; 2767c478bd9Sstevel@tonic-gate break; 2777c478bd9Sstevel@tonic-gate } 2787c478bd9Sstevel@tonic-gate } 2797c478bd9Sstevel@tonic-gate } 2807c478bd9Sstevel@tonic-gate return(foundit); 2817c478bd9Sstevel@tonic-gate } 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate /* 2847c478bd9Sstevel@tonic-gate * krb5_string_to_keysalts() - Convert a string representation to a list 2857c478bd9Sstevel@tonic-gate * of key/salt tuples. 2867c478bd9Sstevel@tonic-gate */ 2877c478bd9Sstevel@tonic-gate krb5_error_code 2887c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) 2897c478bd9Sstevel@tonic-gate char *string; 2907c478bd9Sstevel@tonic-gate const char *tupleseps; 2917c478bd9Sstevel@tonic-gate const char *ksaltseps; 2927c478bd9Sstevel@tonic-gate krb5_boolean dups; 2937c478bd9Sstevel@tonic-gate krb5_key_salt_tuple **ksaltp; 2947c478bd9Sstevel@tonic-gate krb5_int32 *nksaltp; 2957c478bd9Sstevel@tonic-gate { 2967c478bd9Sstevel@tonic-gate krb5_error_code kret; 2977c478bd9Sstevel@tonic-gate char *kp, *sp, *ep; 2987c478bd9Sstevel@tonic-gate char sepchar, trailchar; 2997c478bd9Sstevel@tonic-gate krb5_enctype ktype; 3007c478bd9Sstevel@tonic-gate krb5_int32 stype; 3017c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *savep; 3027c478bd9Sstevel@tonic-gate const char *tseplist; 3037c478bd9Sstevel@tonic-gate const char *ksseplist; 3047c478bd9Sstevel@tonic-gate const char *septmp; 3057c478bd9Sstevel@tonic-gate size_t len; 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate kret = 0; 3087c478bd9Sstevel@tonic-gate kp = string; 3097c478bd9Sstevel@tonic-gate tseplist = (tupleseps) ? tupleseps : default_tupleseps; 3107c478bd9Sstevel@tonic-gate ksseplist = (ksaltseps) ? ksaltseps : default_ksaltseps; 3117c478bd9Sstevel@tonic-gate while (kp) { 3127c478bd9Sstevel@tonic-gate /* Attempt to find a separator */ 3137c478bd9Sstevel@tonic-gate ep = (char *) NULL; 3147c478bd9Sstevel@tonic-gate if (*tseplist) { 3157c478bd9Sstevel@tonic-gate septmp = tseplist; 3167c478bd9Sstevel@tonic-gate for (ep = strchr(kp, (int) *septmp); 3177c478bd9Sstevel@tonic-gate *(++septmp) && !ep; 3187c478bd9Sstevel@tonic-gate ep = strchr(kp, (int) *septmp)); 3197c478bd9Sstevel@tonic-gate } 3207c478bd9Sstevel@tonic-gate 3217c478bd9Sstevel@tonic-gate if (ep) { 3227c478bd9Sstevel@tonic-gate trailchar = *ep; 3237c478bd9Sstevel@tonic-gate *ep = '\0'; 3247c478bd9Sstevel@tonic-gate ep++; 3257c478bd9Sstevel@tonic-gate } 3267c478bd9Sstevel@tonic-gate /* 3277c478bd9Sstevel@tonic-gate * kp points to something (hopefully) of the form: 3287c478bd9Sstevel@tonic-gate * <enctype><ksseplist><salttype> 3297c478bd9Sstevel@tonic-gate * or 3307c478bd9Sstevel@tonic-gate * <enctype> 3317c478bd9Sstevel@tonic-gate */ 3327c478bd9Sstevel@tonic-gate sp = (char *) NULL; 3337c478bd9Sstevel@tonic-gate /* Attempt to find a separator */ 3347c478bd9Sstevel@tonic-gate septmp = ksseplist; 3357c478bd9Sstevel@tonic-gate for (sp = strchr(kp, (int) *septmp); 3367c478bd9Sstevel@tonic-gate *(++septmp) && !sp; 337*159d09a2SMark Phalan sp = strchr(kp, (int)*septmp)); /* Solaris Kerberos */ 3387c478bd9Sstevel@tonic-gate 3397c478bd9Sstevel@tonic-gate if (sp) { 3407c478bd9Sstevel@tonic-gate /* Separate enctype from salttype */ 3417c478bd9Sstevel@tonic-gate sepchar = *sp; 3427c478bd9Sstevel@tonic-gate *sp = '\0'; 3437c478bd9Sstevel@tonic-gate sp++; 3447c478bd9Sstevel@tonic-gate } 3457c478bd9Sstevel@tonic-gate else 3467c478bd9Sstevel@tonic-gate stype = -1; 3477c478bd9Sstevel@tonic-gate 3487c478bd9Sstevel@tonic-gate /* 3497c478bd9Sstevel@tonic-gate * Attempt to parse enctype and salttype. If we parse well 3507c478bd9Sstevel@tonic-gate * then make sure that it specifies a unique key/salt combo 3517c478bd9Sstevel@tonic-gate */ 3527c478bd9Sstevel@tonic-gate if (!(kret = krb5_string_to_enctype(kp, &ktype)) && 3537c478bd9Sstevel@tonic-gate (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) && 3547c478bd9Sstevel@tonic-gate (dups || 3557c478bd9Sstevel@tonic-gate !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { 3567c478bd9Sstevel@tonic-gate 3577c478bd9Sstevel@tonic-gate /* Squirrel away old keysalt array */ 3587c478bd9Sstevel@tonic-gate savep = *ksaltp; 3597c478bd9Sstevel@tonic-gate len = (size_t) *nksaltp; 3607c478bd9Sstevel@tonic-gate 3617c478bd9Sstevel@tonic-gate /* Get new keysalt array */ 36256a424ccSmp153739 *ksaltp = (krb5_key_salt_tuple *) 36356a424ccSmp153739 malloc((len + 1) * sizeof(krb5_key_salt_tuple)); 36456a424ccSmp153739 if (*ksaltp) { 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gate /* Copy old keysalt if appropriate */ 3677c478bd9Sstevel@tonic-gate if (savep) { 3687c478bd9Sstevel@tonic-gate memcpy(*ksaltp, savep, 3697c478bd9Sstevel@tonic-gate len * sizeof(krb5_key_salt_tuple)); 3707c478bd9Sstevel@tonic-gate krb5_xfree(savep); 3717c478bd9Sstevel@tonic-gate } 3727c478bd9Sstevel@tonic-gate 3737c478bd9Sstevel@tonic-gate /* Save our values */ 3747c478bd9Sstevel@tonic-gate (*ksaltp)[(*nksaltp)].ks_enctype = ktype; 3757c478bd9Sstevel@tonic-gate (*ksaltp)[(*nksaltp)].ks_salttype = stype; 3767c478bd9Sstevel@tonic-gate (*nksaltp)++; 3777c478bd9Sstevel@tonic-gate } 3787c478bd9Sstevel@tonic-gate else { 3797c478bd9Sstevel@tonic-gate *ksaltp = savep; 3807c478bd9Sstevel@tonic-gate break; 3817c478bd9Sstevel@tonic-gate } 3827c478bd9Sstevel@tonic-gate } 3837c478bd9Sstevel@tonic-gate /* 3847c478bd9Sstevel@tonic-gate * Solaris Kerberos 3857c478bd9Sstevel@tonic-gate * If the string did not yield a valid enctype/keysalt 3867c478bd9Sstevel@tonic-gate * just ignore it and continue on. MIT kerberos stops 3877c478bd9Sstevel@tonic-gate * searching when if finds an unknown string. 3887c478bd9Sstevel@tonic-gate */ 3897c478bd9Sstevel@tonic-gate if (sp) 3907c478bd9Sstevel@tonic-gate sp[-1] = sepchar; 3917c478bd9Sstevel@tonic-gate if (ep) 3927c478bd9Sstevel@tonic-gate ep[-1] = trailchar; 3937c478bd9Sstevel@tonic-gate kp = ep; 3947c478bd9Sstevel@tonic-gate 3957c478bd9Sstevel@tonic-gate /* Skip over extra separators - like spaces */ 3967c478bd9Sstevel@tonic-gate if (kp && *tseplist) { 3977c478bd9Sstevel@tonic-gate septmp = tseplist; 3987c478bd9Sstevel@tonic-gate while(*septmp && *kp) { 3997c478bd9Sstevel@tonic-gate if(*septmp == *kp) { 4007c478bd9Sstevel@tonic-gate /* Increment string - reset separator list */ 4017c478bd9Sstevel@tonic-gate kp++; 4027c478bd9Sstevel@tonic-gate septmp = tseplist; 4037c478bd9Sstevel@tonic-gate } else { 4047c478bd9Sstevel@tonic-gate septmp++; 4057c478bd9Sstevel@tonic-gate } 4067c478bd9Sstevel@tonic-gate } 4077c478bd9Sstevel@tonic-gate if (!*kp) kp = NULL; 4087c478bd9Sstevel@tonic-gate } 4097c478bd9Sstevel@tonic-gate } /* while kp */ 4107c478bd9Sstevel@tonic-gate return(kret); 4117c478bd9Sstevel@tonic-gate } 4127c478bd9Sstevel@tonic-gate 4137c478bd9Sstevel@tonic-gate /* 4147c478bd9Sstevel@tonic-gate * krb5_keysalt_iterate() - Do something for each unique key/salt 4157c478bd9Sstevel@tonic-gate * combination. 4167c478bd9Sstevel@tonic-gate * 4177c478bd9Sstevel@tonic-gate * If ignoresalt set, then salttype is ignored. 4187c478bd9Sstevel@tonic-gate */ 4197c478bd9Sstevel@tonic-gate krb5_error_code 4207c478bd9Sstevel@tonic-gate krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) 4217c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ksaltlist; 4227c478bd9Sstevel@tonic-gate krb5_int32 nksalt; 4237c478bd9Sstevel@tonic-gate krb5_boolean ignoresalt; 42456a424ccSmp153739 krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); 4257c478bd9Sstevel@tonic-gate krb5_pointer arg; 4267c478bd9Sstevel@tonic-gate { 4277c478bd9Sstevel@tonic-gate int i; 4287c478bd9Sstevel@tonic-gate krb5_error_code kret; 4297c478bd9Sstevel@tonic-gate krb5_key_salt_tuple scratch; 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate kret = 0; 4327c478bd9Sstevel@tonic-gate for (i=0; i<nksalt; i++) { 4337c478bd9Sstevel@tonic-gate scratch.ks_enctype = ksaltlist[i].ks_enctype; 4347c478bd9Sstevel@tonic-gate scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype; 4357c478bd9Sstevel@tonic-gate if (!krb5_keysalt_is_present(ksaltlist, 4367c478bd9Sstevel@tonic-gate i, 4377c478bd9Sstevel@tonic-gate scratch.ks_enctype, 4387c478bd9Sstevel@tonic-gate scratch.ks_salttype)) { 43956a424ccSmp153739 kret = (*iterator)(&scratch, arg); 44056a424ccSmp153739 if (kret) 4417c478bd9Sstevel@tonic-gate break; 4427c478bd9Sstevel@tonic-gate } 4437c478bd9Sstevel@tonic-gate } 4447c478bd9Sstevel@tonic-gate return(kret); 4457c478bd9Sstevel@tonic-gate } 446