xref: /titanic_41/usr/src/lib/krb5/kadm5/str_conv.c (revision 159d09a20817016f09b3ea28d1bdada4a336bb91) 
17c478bd9Sstevel@tonic-gate /*
2*159d09a2SMark Phalan  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
37c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate  */
57c478bd9Sstevel@tonic-gate 
67c478bd9Sstevel@tonic-gate 
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
97c478bd9Sstevel@tonic-gate  *
107c478bd9Sstevel@tonic-gate  *	Openvision retains the copyright to derivative works of
117c478bd9Sstevel@tonic-gate  *	this source code.  Do *NOT* create a derivative of this
127c478bd9Sstevel@tonic-gate  *	source code before consulting with your legal department.
137c478bd9Sstevel@tonic-gate  *	Do *NOT* integrate *ANY* of this source code into another
147c478bd9Sstevel@tonic-gate  *	product before consulting with your legal department.
157c478bd9Sstevel@tonic-gate  *
167c478bd9Sstevel@tonic-gate  *	For further information, read the top-level Openvision
177c478bd9Sstevel@tonic-gate  *	copyright which is contained in the top-level MIT Kerberos
187c478bd9Sstevel@tonic-gate  *	copyright.
197c478bd9Sstevel@tonic-gate  *
207c478bd9Sstevel@tonic-gate  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
217c478bd9Sstevel@tonic-gate  *
227c478bd9Sstevel@tonic-gate  */
237c478bd9Sstevel@tonic-gate 
247c478bd9Sstevel@tonic-gate 
257c478bd9Sstevel@tonic-gate /*
267c478bd9Sstevel@tonic-gate  * lib/kadm/str_conv.c
277c478bd9Sstevel@tonic-gate  *
287c478bd9Sstevel@tonic-gate  * Copyright 1995 by the Massachusetts Institute of Technology.
297c478bd9Sstevel@tonic-gate  * All Rights Reserved.
307c478bd9Sstevel@tonic-gate  *
317c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
327c478bd9Sstevel@tonic-gate  *   require a specific license from the United States Government.
337c478bd9Sstevel@tonic-gate  *   It is the responsibility of any person or organization contemplating
347c478bd9Sstevel@tonic-gate  *   export to obtain such a license before exporting.
357c478bd9Sstevel@tonic-gate  *
367c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
377c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
387c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
397c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
407c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
417c478bd9Sstevel@tonic-gate  * the name of M.I.T. not be used in advertising or publicity pertaining
427c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
437c478bd9Sstevel@tonic-gate  * permission.  Furthermore if you modify this software you must label
447c478bd9Sstevel@tonic-gate  * your software as modified software and not distribute it in such a
457c478bd9Sstevel@tonic-gate  * fashion that it might be confused with the original M.I.T. software.
467c478bd9Sstevel@tonic-gate  * M.I.T. makes no representations about the suitability of
477c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
487c478bd9Sstevel@tonic-gate  * or implied warranty.
497c478bd9Sstevel@tonic-gate  *
507c478bd9Sstevel@tonic-gate  */
517c478bd9Sstevel@tonic-gate 
527c478bd9Sstevel@tonic-gate /*
537c478bd9Sstevel@tonic-gate  * str_conv.c - Convert between strings and Kerberos internal data.
547c478bd9Sstevel@tonic-gate  */
557c478bd9Sstevel@tonic-gate 
567c478bd9Sstevel@tonic-gate /*
577c478bd9Sstevel@tonic-gate  * Table of contents:
587c478bd9Sstevel@tonic-gate  *
597c478bd9Sstevel@tonic-gate  * String decoding:
607c478bd9Sstevel@tonic-gate  * ----------------
617c478bd9Sstevel@tonic-gate  * krb5_string_to_flags()	- Convert string to krb5_flags.
627c478bd9Sstevel@tonic-gate  *
637c478bd9Sstevel@tonic-gate  * String encoding:
647c478bd9Sstevel@tonic-gate  * ----------------
657c478bd9Sstevel@tonic-gate  * krb5_flags_to_string()	- Convert krb5_flags to string.
667c478bd9Sstevel@tonic-gate  */
677c478bd9Sstevel@tonic-gate 
687c478bd9Sstevel@tonic-gate #include "k5-int.h"
697c478bd9Sstevel@tonic-gate #include "admin_internal.h"
7056a424ccSmp153739 #include "adm_proto.h"
717c478bd9Sstevel@tonic-gate 
727c478bd9Sstevel@tonic-gate /*
737c478bd9Sstevel@tonic-gate  * Local data structures.
747c478bd9Sstevel@tonic-gate  */
757c478bd9Sstevel@tonic-gate struct flags_lookup_entry {
767c478bd9Sstevel@tonic-gate     krb5_flags		fl_flags;		/* Flag			*/
777c478bd9Sstevel@tonic-gate     krb5_boolean	fl_sense;		/* Sense of the flag	*/
787c478bd9Sstevel@tonic-gate     const char *	fl_specifier;		/* How to recognize it	*/
797c478bd9Sstevel@tonic-gate     const char *	fl_output;		/* How to spit it out	*/
807c478bd9Sstevel@tonic-gate };
817c478bd9Sstevel@tonic-gate 
827c478bd9Sstevel@tonic-gate /*
837c478bd9Sstevel@tonic-gate  * Local strings
847c478bd9Sstevel@tonic-gate  */
857c478bd9Sstevel@tonic-gate 
867c478bd9Sstevel@tonic-gate static const char default_tupleseps[]   = ", \t";
877c478bd9Sstevel@tonic-gate static const char default_ksaltseps[]   = ":.";
887c478bd9Sstevel@tonic-gate 
897c478bd9Sstevel@tonic-gate /* Keytype strings */
907c478bd9Sstevel@tonic-gate /* Flags strings */
917c478bd9Sstevel@tonic-gate static const char flags_pdate_in[]	= "postdateable";
927c478bd9Sstevel@tonic-gate static const char flags_fwd_in[]	= "forwardable";
937c478bd9Sstevel@tonic-gate static const char flags_tgtbased_in[]	= "tgt-based";
947c478bd9Sstevel@tonic-gate static const char flags_renew_in[]	= "renewable";
957c478bd9Sstevel@tonic-gate static const char flags_proxy_in[]	= "proxiable";
967c478bd9Sstevel@tonic-gate static const char flags_dup_skey_in[]	= "dup-skey";
977c478bd9Sstevel@tonic-gate static const char flags_tickets_in[]	= "allow-tickets";
987c478bd9Sstevel@tonic-gate static const char flags_preauth_in[]	= "preauth";
997c478bd9Sstevel@tonic-gate static const char flags_hwauth_in[]	= "hwauth";
1007c478bd9Sstevel@tonic-gate static const char flags_pwchange_in[]	= "pwchange";
1017c478bd9Sstevel@tonic-gate static const char flags_service_in[]	= "service";
1027c478bd9Sstevel@tonic-gate static const char flags_pwsvc_in[]	= "pwservice";
1037c478bd9Sstevel@tonic-gate static const char flags_md5_in[]	= "md5";
1047c478bd9Sstevel@tonic-gate static const char flags_pdate_out[]	= "Not Postdateable";
1057c478bd9Sstevel@tonic-gate static const char flags_fwd_out[]	= "Not Forwardable";
1067c478bd9Sstevel@tonic-gate static const char flags_tgtbased_out[]	= "No TGT-based requests";
1077c478bd9Sstevel@tonic-gate static const char flags_renew_out[]	= "Not renewable";
1087c478bd9Sstevel@tonic-gate static const char flags_proxy_out[]	= "Not proxiable";
1097c478bd9Sstevel@tonic-gate static const char flags_dup_skey_out[]	= "No DUP_SKEY requests";
1107c478bd9Sstevel@tonic-gate static const char flags_tickets_out[]	= "All Tickets Disallowed";
1117c478bd9Sstevel@tonic-gate static const char flags_preauth_out[]	= "Preauthorization required";
1127c478bd9Sstevel@tonic-gate static const char flags_hwauth_out[]	= "HW Authorization required";
1137c478bd9Sstevel@tonic-gate static const char flags_pwchange_out[]	= "Password Change required";
1147c478bd9Sstevel@tonic-gate static const char flags_service_out[]	= "Service Disabled";
1157c478bd9Sstevel@tonic-gate static const char flags_pwsvc_out[]	= "Password Changing Service";
1167c478bd9Sstevel@tonic-gate static const char flags_md5_out[]	= "RSA-MD5 supported";
1177c478bd9Sstevel@tonic-gate static const char flags_default_neg[]	= "-";
1187c478bd9Sstevel@tonic-gate static const char flags_default_sep[]	= " ";
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate /*
1217c478bd9Sstevel@tonic-gate  * Lookup tables.
1227c478bd9Sstevel@tonic-gate  */
1237c478bd9Sstevel@tonic-gate 
1247c478bd9Sstevel@tonic-gate static const struct flags_lookup_entry flags_table[] = {
1257c478bd9Sstevel@tonic-gate /* flag				sense	input specifier	   output string     */
1267c478bd9Sstevel@tonic-gate /*----------------------------- -------	------------------ ------------------*/
1277c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_POSTDATED,	0,	flags_pdate_in,	   flags_pdate_out   },
1287c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_FORWARDABLE,0,	flags_fwd_in,	   flags_fwd_out     },
1297c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_TGT_BASED,	0,	flags_tgtbased_in, flags_tgtbased_out},
1307c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_RENEWABLE,	0,	flags_renew_in,	   flags_renew_out   },
1317c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_PROXIABLE,	0,	flags_proxy_in,	   flags_proxy_out   },
1327c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_DUP_SKEY,	0,	flags_dup_skey_in, flags_dup_skey_out},
1337c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_ALL_TIX,	0,	flags_tickets_in,  flags_tickets_out },
1347c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PRE_AUTH,	1,	flags_preauth_in,  flags_preauth_out },
1357c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_HW_AUTH,	1,	flags_hwauth_in,   flags_hwauth_out  },
1367c478bd9Sstevel@tonic-gate { KRB5_KDB_REQUIRES_PWCHANGE,	1,	flags_pwchange_in, flags_pwchange_out},
1377c478bd9Sstevel@tonic-gate { KRB5_KDB_DISALLOW_SVR,	0,	flags_service_in,  flags_service_out },
1387c478bd9Sstevel@tonic-gate { KRB5_KDB_PWCHANGE_SERVICE,	1,	flags_pwsvc_in,	   flags_pwsvc_out   },
1397c478bd9Sstevel@tonic-gate { KRB5_KDB_SUPPORT_DESMD5,	1,	flags_md5_in,	   flags_md5_out     }
1407c478bd9Sstevel@tonic-gate };
1417c478bd9Sstevel@tonic-gate static const int flags_table_nents = sizeof(flags_table)/
1427c478bd9Sstevel@tonic-gate 				     sizeof(flags_table[0]);
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate 
1457c478bd9Sstevel@tonic-gate krb5_error_code
krb5_string_to_flags(string,positive,negative,flagsp)1467c478bd9Sstevel@tonic-gate krb5_string_to_flags(string, positive, negative, flagsp)
1477c478bd9Sstevel@tonic-gate     char	* string;
1487c478bd9Sstevel@tonic-gate     const char	* positive;
1497c478bd9Sstevel@tonic-gate     const char	* negative;
1507c478bd9Sstevel@tonic-gate     krb5_flags	* flagsp;
1517c478bd9Sstevel@tonic-gate {
1527c478bd9Sstevel@tonic-gate     int 	i;
1537c478bd9Sstevel@tonic-gate     int 	found;
1547c478bd9Sstevel@tonic-gate     const char	*neg;
1557c478bd9Sstevel@tonic-gate     size_t	nsize, psize;
1567c478bd9Sstevel@tonic-gate     int		cpos;
1577c478bd9Sstevel@tonic-gate     int		sense;
1587c478bd9Sstevel@tonic-gate 
1597c478bd9Sstevel@tonic-gate     found = 0;
1607c478bd9Sstevel@tonic-gate     /* We need to have a way to negate it. */
1617c478bd9Sstevel@tonic-gate     neg = (negative) ? negative : flags_default_neg;
1627c478bd9Sstevel@tonic-gate     nsize = strlen(neg);
1637c478bd9Sstevel@tonic-gate     psize = (positive) ? strlen(positive) : 0;
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate     cpos = 0;
1667c478bd9Sstevel@tonic-gate     sense = 1;
1677c478bd9Sstevel@tonic-gate     /* First check for positive or negative sense */
1687c478bd9Sstevel@tonic-gate     if (!strncasecmp(neg, string, nsize)) {
1697c478bd9Sstevel@tonic-gate 	sense = 0;
1707c478bd9Sstevel@tonic-gate 	cpos += (int) nsize;
1717c478bd9Sstevel@tonic-gate     }
1727c478bd9Sstevel@tonic-gate     else if (psize && !strncasecmp(positive, string, psize)) {
1737c478bd9Sstevel@tonic-gate 	cpos += (int) psize;
1747c478bd9Sstevel@tonic-gate     }
1757c478bd9Sstevel@tonic-gate 
1767c478bd9Sstevel@tonic-gate     for (i=0; i<flags_table_nents; i++) {
1777c478bd9Sstevel@tonic-gate 	if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) {
1787c478bd9Sstevel@tonic-gate 	    found = 1;
1797c478bd9Sstevel@tonic-gate 	    if (sense == (int) flags_table[i].fl_sense)
1807c478bd9Sstevel@tonic-gate 		*flagsp |= flags_table[i].fl_flags;
1817c478bd9Sstevel@tonic-gate 	    else
1827c478bd9Sstevel@tonic-gate 		*flagsp &= ~flags_table[i].fl_flags;
1837c478bd9Sstevel@tonic-gate 
1847c478bd9Sstevel@tonic-gate 	    break;
1857c478bd9Sstevel@tonic-gate 	}
1867c478bd9Sstevel@tonic-gate     }
1877c478bd9Sstevel@tonic-gate     return((found) ? 0 : EINVAL);
1887c478bd9Sstevel@tonic-gate }
1897c478bd9Sstevel@tonic-gate 
1907c478bd9Sstevel@tonic-gate krb5_error_code
krb5_flags_to_string(flags,sep,buffer,buflen)1917c478bd9Sstevel@tonic-gate krb5_flags_to_string(flags, sep, buffer, buflen)
1927c478bd9Sstevel@tonic-gate     krb5_flags	flags;
1937c478bd9Sstevel@tonic-gate     const char	* sep;
1947c478bd9Sstevel@tonic-gate     char	* buffer;
1957c478bd9Sstevel@tonic-gate     size_t	buflen;
1967c478bd9Sstevel@tonic-gate {
1977c478bd9Sstevel@tonic-gate     int			i;
1987c478bd9Sstevel@tonic-gate     krb5_flags		pflags;
1997c478bd9Sstevel@tonic-gate     const char		*sepstring;
2007c478bd9Sstevel@tonic-gate     char		*op;
2017c478bd9Sstevel@tonic-gate     int			initial;
2027c478bd9Sstevel@tonic-gate     krb5_error_code	retval;
2037c478bd9Sstevel@tonic-gate 
2047c478bd9Sstevel@tonic-gate     retval = 0;
2057c478bd9Sstevel@tonic-gate     op = buffer;
2067c478bd9Sstevel@tonic-gate     pflags = 0;
2077c478bd9Sstevel@tonic-gate     initial = 1;
2087c478bd9Sstevel@tonic-gate     sepstring = (sep) ? sep : flags_default_sep;
2097c478bd9Sstevel@tonic-gate     /* Blast through the table matching all we can */
2107c478bd9Sstevel@tonic-gate     for (i=0; i<flags_table_nents; i++) {
2117c478bd9Sstevel@tonic-gate 	if (flags & flags_table[i].fl_flags) {
2127c478bd9Sstevel@tonic-gate 	    /* Found a match, see if it'll fit into the output buffer */
2137c478bd9Sstevel@tonic-gate 	    if ((op+strlen(flags_table[i].fl_output)+strlen(sepstring)) <
2147c478bd9Sstevel@tonic-gate 		(buffer + buflen)) {
2157c478bd9Sstevel@tonic-gate 		if (!initial) {
2167c478bd9Sstevel@tonic-gate 		    strcpy(op, sep);
2177c478bd9Sstevel@tonic-gate 		    op += strlen(sep);
2187c478bd9Sstevel@tonic-gate 		}
2197c478bd9Sstevel@tonic-gate 		initial = 0;
2207c478bd9Sstevel@tonic-gate 		strcpy(op, flags_table[i].fl_output);
2217c478bd9Sstevel@tonic-gate 		op += strlen(flags_table[i].fl_output);
2227c478bd9Sstevel@tonic-gate 	    }
2237c478bd9Sstevel@tonic-gate 	    else {
2247c478bd9Sstevel@tonic-gate 		retval = ENOMEM;
2257c478bd9Sstevel@tonic-gate 		break;
2267c478bd9Sstevel@tonic-gate 	    }
2277c478bd9Sstevel@tonic-gate 	    /* Keep track of what we matched */
2287c478bd9Sstevel@tonic-gate 	    pflags |= flags_table[i].fl_flags;
2297c478bd9Sstevel@tonic-gate 	}
2307c478bd9Sstevel@tonic-gate     }
2317c478bd9Sstevel@tonic-gate     if (!retval) {
2327c478bd9Sstevel@tonic-gate 	/* See if there's any leftovers */
2337c478bd9Sstevel@tonic-gate 	if (flags & ~pflags)
2347c478bd9Sstevel@tonic-gate 	    retval = EINVAL;
2357c478bd9Sstevel@tonic-gate 	else if (initial)
2367c478bd9Sstevel@tonic-gate 	    *buffer = '\0';
2377c478bd9Sstevel@tonic-gate     }
2387c478bd9Sstevel@tonic-gate     return(retval);
2397c478bd9Sstevel@tonic-gate }
2407c478bd9Sstevel@tonic-gate 
2417c478bd9Sstevel@tonic-gate krb5_error_code
krb5_input_flag_to_string(flag,buffer,buflen)2427c478bd9Sstevel@tonic-gate krb5_input_flag_to_string(flag, buffer, buflen)
2437c478bd9Sstevel@tonic-gate     int		flag;
2447c478bd9Sstevel@tonic-gate     char	* buffer;
2457c478bd9Sstevel@tonic-gate     size_t	buflen;
2467c478bd9Sstevel@tonic-gate {
2477c478bd9Sstevel@tonic-gate     if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */
2487c478bd9Sstevel@tonic-gate     if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM;
2497c478bd9Sstevel@tonic-gate     strcpy(buffer, flags_table[flag].fl_specifier);
2507c478bd9Sstevel@tonic-gate     return  0;
2517c478bd9Sstevel@tonic-gate }
2527c478bd9Sstevel@tonic-gate 
2537c478bd9Sstevel@tonic-gate /*
2547c478bd9Sstevel@tonic-gate  * krb5_keysalt_is_present()	- Determine if a key/salt pair is present
2557c478bd9Sstevel@tonic-gate  *				  in a list of key/salt tuples.
2567c478bd9Sstevel@tonic-gate  *
2577c478bd9Sstevel@tonic-gate  *	Salttype may be negative to indicate a search for only a enctype.
2587c478bd9Sstevel@tonic-gate  */
2597c478bd9Sstevel@tonic-gate krb5_boolean
krb5_keysalt_is_present(ksaltlist,nksalts,enctype,salttype)2607c478bd9Sstevel@tonic-gate krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype)
2617c478bd9Sstevel@tonic-gate     krb5_key_salt_tuple	*ksaltlist;
2627c478bd9Sstevel@tonic-gate     krb5_int32		nksalts;
2637c478bd9Sstevel@tonic-gate     krb5_enctype	enctype;
2647c478bd9Sstevel@tonic-gate     krb5_int32		salttype;
2657c478bd9Sstevel@tonic-gate {
2667c478bd9Sstevel@tonic-gate     krb5_boolean	foundit;
2677c478bd9Sstevel@tonic-gate     int			i;
2687c478bd9Sstevel@tonic-gate 
2697c478bd9Sstevel@tonic-gate     foundit = 0;
2707c478bd9Sstevel@tonic-gate     if (ksaltlist) {
2717c478bd9Sstevel@tonic-gate 	for (i=0; i<nksalts; i++) {
2727c478bd9Sstevel@tonic-gate 	    if ((ksaltlist[i].ks_enctype == enctype) &&
2737c478bd9Sstevel@tonic-gate 		((ksaltlist[i].ks_salttype == salttype) ||
2747c478bd9Sstevel@tonic-gate 		 (salttype < 0))) {
2757c478bd9Sstevel@tonic-gate 		foundit = 1;
2767c478bd9Sstevel@tonic-gate 		break;
2777c478bd9Sstevel@tonic-gate 	    }
2787c478bd9Sstevel@tonic-gate 	}
2797c478bd9Sstevel@tonic-gate     }
2807c478bd9Sstevel@tonic-gate     return(foundit);
2817c478bd9Sstevel@tonic-gate }
2827c478bd9Sstevel@tonic-gate 
2837c478bd9Sstevel@tonic-gate /*
2847c478bd9Sstevel@tonic-gate  * krb5_string_to_keysalts()	- Convert a string representation to a list
2857c478bd9Sstevel@tonic-gate  *				  of key/salt tuples.
2867c478bd9Sstevel@tonic-gate  */
2877c478bd9Sstevel@tonic-gate krb5_error_code
krb5_string_to_keysalts(string,tupleseps,ksaltseps,dups,ksaltp,nksaltp)2887c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp)
2897c478bd9Sstevel@tonic-gate     char		*string;
2907c478bd9Sstevel@tonic-gate     const char		*tupleseps;
2917c478bd9Sstevel@tonic-gate     const char		*ksaltseps;
2927c478bd9Sstevel@tonic-gate     krb5_boolean	dups;
2937c478bd9Sstevel@tonic-gate     krb5_key_salt_tuple	**ksaltp;
2947c478bd9Sstevel@tonic-gate     krb5_int32		*nksaltp;
2957c478bd9Sstevel@tonic-gate {
2967c478bd9Sstevel@tonic-gate     krb5_error_code	kret;
2977c478bd9Sstevel@tonic-gate     char 		*kp, *sp, *ep;
2987c478bd9Sstevel@tonic-gate     char		sepchar, trailchar;
2997c478bd9Sstevel@tonic-gate     krb5_enctype	ktype;
3007c478bd9Sstevel@tonic-gate     krb5_int32		stype;
3017c478bd9Sstevel@tonic-gate     krb5_key_salt_tuple	*savep;
3027c478bd9Sstevel@tonic-gate     const char		*tseplist;
3037c478bd9Sstevel@tonic-gate     const char		*ksseplist;
3047c478bd9Sstevel@tonic-gate     const char		*septmp;
3057c478bd9Sstevel@tonic-gate     size_t		len;
3067c478bd9Sstevel@tonic-gate 
3077c478bd9Sstevel@tonic-gate     kret = 0;
3087c478bd9Sstevel@tonic-gate     kp = string;
3097c478bd9Sstevel@tonic-gate     tseplist = (tupleseps) ? tupleseps : default_tupleseps;
3107c478bd9Sstevel@tonic-gate     ksseplist = (ksaltseps) ? ksaltseps : default_ksaltseps;
3117c478bd9Sstevel@tonic-gate     while (kp) {
3127c478bd9Sstevel@tonic-gate 	/* Attempt to find a separator */
3137c478bd9Sstevel@tonic-gate 	ep = (char *) NULL;
3147c478bd9Sstevel@tonic-gate 	if (*tseplist) {
3157c478bd9Sstevel@tonic-gate 	    septmp = tseplist;
3167c478bd9Sstevel@tonic-gate 	    for (ep = strchr(kp, (int) *septmp);
3177c478bd9Sstevel@tonic-gate 		 *(++septmp) && !ep;
3187c478bd9Sstevel@tonic-gate 		 ep = strchr(kp, (int) *septmp));
3197c478bd9Sstevel@tonic-gate 	}
3207c478bd9Sstevel@tonic-gate 
3217c478bd9Sstevel@tonic-gate 	if (ep) {
3227c478bd9Sstevel@tonic-gate 	    trailchar = *ep;
3237c478bd9Sstevel@tonic-gate 	    *ep = '\0';
3247c478bd9Sstevel@tonic-gate 	    ep++;
3257c478bd9Sstevel@tonic-gate 	}
3267c478bd9Sstevel@tonic-gate 	/*
3277c478bd9Sstevel@tonic-gate 	 * kp points to something (hopefully) of the form:
3287c478bd9Sstevel@tonic-gate 	 *	<enctype><ksseplist><salttype>
3297c478bd9Sstevel@tonic-gate 	 *	or
3307c478bd9Sstevel@tonic-gate 	 *	<enctype>
3317c478bd9Sstevel@tonic-gate 	 */
3327c478bd9Sstevel@tonic-gate 	sp = (char *) NULL;
3337c478bd9Sstevel@tonic-gate 	/* Attempt to find a separator */
3347c478bd9Sstevel@tonic-gate 	septmp = ksseplist;
3357c478bd9Sstevel@tonic-gate 	for (sp = strchr(kp, (int) *septmp);
3367c478bd9Sstevel@tonic-gate 	     *(++septmp) && !sp;
337*159d09a2SMark Phalan 	     sp = strchr(kp, (int)*septmp)); /* Solaris Kerberos */
3387c478bd9Sstevel@tonic-gate 
3397c478bd9Sstevel@tonic-gate 	if (sp) {
3407c478bd9Sstevel@tonic-gate 	    /* Separate enctype from salttype */
3417c478bd9Sstevel@tonic-gate 	    sepchar = *sp;
3427c478bd9Sstevel@tonic-gate 	    *sp = '\0';
3437c478bd9Sstevel@tonic-gate 	    sp++;
3447c478bd9Sstevel@tonic-gate 	}
3457c478bd9Sstevel@tonic-gate 	else
3467c478bd9Sstevel@tonic-gate 	    stype = -1;
3477c478bd9Sstevel@tonic-gate 
3487c478bd9Sstevel@tonic-gate 	/*
3497c478bd9Sstevel@tonic-gate 	 * Attempt to parse enctype and salttype.  If we parse well
3507c478bd9Sstevel@tonic-gate 	 * then make sure that it specifies a unique key/salt combo
3517c478bd9Sstevel@tonic-gate 	 */
3527c478bd9Sstevel@tonic-gate 	if (!(kret = krb5_string_to_enctype(kp, &ktype)) &&
3537c478bd9Sstevel@tonic-gate 	    (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) &&
3547c478bd9Sstevel@tonic-gate 	    (dups ||
3557c478bd9Sstevel@tonic-gate 	     !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) {
3567c478bd9Sstevel@tonic-gate 
3577c478bd9Sstevel@tonic-gate 	    /* Squirrel away old keysalt array */
3587c478bd9Sstevel@tonic-gate 	    savep = *ksaltp;
3597c478bd9Sstevel@tonic-gate 	    len = (size_t) *nksaltp;
3607c478bd9Sstevel@tonic-gate 
3617c478bd9Sstevel@tonic-gate 	    /* Get new keysalt array */
36256a424ccSmp153739 	    *ksaltp = (krb5_key_salt_tuple *)
36356a424ccSmp153739 		malloc((len + 1) * sizeof(krb5_key_salt_tuple));
36456a424ccSmp153739 	    if (*ksaltp) {
3657c478bd9Sstevel@tonic-gate 
3667c478bd9Sstevel@tonic-gate 		/* Copy old keysalt if appropriate */
3677c478bd9Sstevel@tonic-gate 		if (savep) {
3687c478bd9Sstevel@tonic-gate 		    memcpy(*ksaltp, savep,
3697c478bd9Sstevel@tonic-gate 			   len * sizeof(krb5_key_salt_tuple));
3707c478bd9Sstevel@tonic-gate 		    krb5_xfree(savep);
3717c478bd9Sstevel@tonic-gate 		}
3727c478bd9Sstevel@tonic-gate 
3737c478bd9Sstevel@tonic-gate 		/* Save our values */
3747c478bd9Sstevel@tonic-gate 		(*ksaltp)[(*nksaltp)].ks_enctype = ktype;
3757c478bd9Sstevel@tonic-gate 		(*ksaltp)[(*nksaltp)].ks_salttype = stype;
3767c478bd9Sstevel@tonic-gate 		(*nksaltp)++;
3777c478bd9Sstevel@tonic-gate 	    }
3787c478bd9Sstevel@tonic-gate 	    else {
3797c478bd9Sstevel@tonic-gate 		*ksaltp = savep;
3807c478bd9Sstevel@tonic-gate 		break;
3817c478bd9Sstevel@tonic-gate 	    }
3827c478bd9Sstevel@tonic-gate 	}
3837c478bd9Sstevel@tonic-gate 	/*
3847c478bd9Sstevel@tonic-gate 	 * Solaris Kerberos
3857c478bd9Sstevel@tonic-gate 	 * If the string did not yield a valid enctype/keysalt
3867c478bd9Sstevel@tonic-gate 	 * just ignore it and continue on.  MIT kerberos stops
3877c478bd9Sstevel@tonic-gate 	 * searching when if finds an unknown string.
3887c478bd9Sstevel@tonic-gate 	 */
3897c478bd9Sstevel@tonic-gate 	if (sp)
3907c478bd9Sstevel@tonic-gate 	    sp[-1] = sepchar;
3917c478bd9Sstevel@tonic-gate 	if (ep)
3927c478bd9Sstevel@tonic-gate 	    ep[-1] = trailchar;
3937c478bd9Sstevel@tonic-gate 	kp = ep;
3947c478bd9Sstevel@tonic-gate 
3957c478bd9Sstevel@tonic-gate 	/* Skip over extra separators - like spaces */
3967c478bd9Sstevel@tonic-gate 	if (kp && *tseplist) {
3977c478bd9Sstevel@tonic-gate 	  septmp = tseplist;
3987c478bd9Sstevel@tonic-gate 	  while(*septmp && *kp) {
3997c478bd9Sstevel@tonic-gate 	    if(*septmp == *kp) {
4007c478bd9Sstevel@tonic-gate 	      /* Increment string - reset separator list */
4017c478bd9Sstevel@tonic-gate 	      kp++;
4027c478bd9Sstevel@tonic-gate 	      septmp = tseplist;
4037c478bd9Sstevel@tonic-gate 	    } else {
4047c478bd9Sstevel@tonic-gate 	      septmp++;
4057c478bd9Sstevel@tonic-gate 	    }
4067c478bd9Sstevel@tonic-gate 	  }
4077c478bd9Sstevel@tonic-gate 	  if (!*kp) kp = NULL;
4087c478bd9Sstevel@tonic-gate 	}
4097c478bd9Sstevel@tonic-gate     } /* while kp */
4107c478bd9Sstevel@tonic-gate     return(kret);
4117c478bd9Sstevel@tonic-gate }
4127c478bd9Sstevel@tonic-gate 
4137c478bd9Sstevel@tonic-gate /*
4147c478bd9Sstevel@tonic-gate  * krb5_keysalt_iterate()	- Do something for each unique key/salt
4157c478bd9Sstevel@tonic-gate  *				  combination.
4167c478bd9Sstevel@tonic-gate  *
4177c478bd9Sstevel@tonic-gate  * If ignoresalt set, then salttype is ignored.
4187c478bd9Sstevel@tonic-gate  */
4197c478bd9Sstevel@tonic-gate krb5_error_code
krb5_keysalt_iterate(ksaltlist,nksalt,ignoresalt,iterator,arg)4207c478bd9Sstevel@tonic-gate krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
4217c478bd9Sstevel@tonic-gate     krb5_key_salt_tuple	*ksaltlist;
4227c478bd9Sstevel@tonic-gate     krb5_int32		nksalt;
4237c478bd9Sstevel@tonic-gate     krb5_boolean	ignoresalt;
42456a424ccSmp153739     krb5_error_code	(*iterator) (krb5_key_salt_tuple *, krb5_pointer);
4257c478bd9Sstevel@tonic-gate     krb5_pointer	arg;
4267c478bd9Sstevel@tonic-gate {
4277c478bd9Sstevel@tonic-gate     int			i;
4287c478bd9Sstevel@tonic-gate     krb5_error_code	kret;
4297c478bd9Sstevel@tonic-gate     krb5_key_salt_tuple	scratch;
4307c478bd9Sstevel@tonic-gate 
4317c478bd9Sstevel@tonic-gate     kret = 0;
4327c478bd9Sstevel@tonic-gate     for (i=0; i<nksalt; i++) {
4337c478bd9Sstevel@tonic-gate 	scratch.ks_enctype = ksaltlist[i].ks_enctype;
4347c478bd9Sstevel@tonic-gate 	scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype;
4357c478bd9Sstevel@tonic-gate 	if (!krb5_keysalt_is_present(ksaltlist,
4367c478bd9Sstevel@tonic-gate 				     i,
4377c478bd9Sstevel@tonic-gate 				     scratch.ks_enctype,
4387c478bd9Sstevel@tonic-gate 				     scratch.ks_salttype)) {
43956a424ccSmp153739 	    kret = (*iterator)(&scratch, arg);
44056a424ccSmp153739 	    if (kret)
4417c478bd9Sstevel@tonic-gate 		break;
4427c478bd9Sstevel@tonic-gate 	}
4437c478bd9Sstevel@tonic-gate     }
4447c478bd9Sstevel@tonic-gate     return(kret);
4457c478bd9Sstevel@tonic-gate }
446