re-write to delay the opening of the database till it's known which

principal is being sought, thereby allowing the usage of multiple databases, however they need to be specified in /etc/krb5.conf since all the programs using this keytab do not read kdc.conf git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9008 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-08-27 04:31:42 +00:00
parent a8197629ca
commit 36d4a902d5
1 changed files with 96 additions and 24 deletions
--- a/lib/hdb/keytab.c
+++ b/lib/hdb/keytab.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
 * (Royal Institute of Technology, Stockholm, Sweden). 
 * All rights reserved. 
 *
@@ -40,15 +40,19 @@ RCSID("$Id$");
 struct hdb_data {
    char *dbname;
    char *mkey;
-    HDB *db;
 };

+/*
+ * the format for HDB keytabs is:
+ * HDB:[database:mkey]
+ */
+
 static krb5_error_code
 hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
 {
-    krb5_error_code ret;
    struct hdb_data *d;
    const char *db, *mkey;
+
    d = malloc(sizeof(*d));
    if(d == NULL)
 	return ENOMEM;
@@ -74,7 +78,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
 		free(d);
 		return ENOMEM;
 	    }
-	    strncpy(d->dbname, db, mkey - db);
+	    memmove(d->dbname, db, mkey - db);
 	    d->dbname[mkey - db] = '\0';
 	}
 	d->mkey = strdup(mkey + 1);
@@ -84,21 +88,6 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
 	    return ENOMEM;
 	}
    }
-    ret = hdb_create(context, &d->db, d->dbname);
-    if(ret) {
-	free(d->dbname);
-	free(d->mkey);
-	free(d);
-	return ret;
-    }
-    ret = hdb_set_master_keyfile (context, d->db, d->mkey);
-    if(ret) {
-	(*d->db->destroy)(context, d->db);
-	free(d->dbname);
-	free(d->mkey);
-	free(d);
-	return ret;
-    }
    id->data = d;
    return 0;
 }
@@ -107,7 +96,9 @@ static krb5_error_code
 hdb_close(krb5_context context, krb5_keytab id)
 {
    struct hdb_data *d = id->data;
-    (*d->db->destroy)(context, d->db);
+
+    free(d->dbname);
+    free(d->mkey);
    free(d);
    return 0;
 }
@@ -119,6 +110,7 @@ hdb_get_name(krb5_context context,
 	     size_t namesize)
 {
    struct hdb_data *d = id->data;
+
    snprintf(name, namesize, "%s%s%s", 
 	     d->dbname ? d->dbname : "",
 	     (d->dbname || d->mkey) ? ":" : "",
@@ -126,6 +118,68 @@ hdb_get_name(krb5_context context,
    return 0;
 }

+static void
+set_config (krb5_context context,
+	    krb5_config_binding *binding,
+	    const char **dbname,
+	    const char **mkey)
+{
+    *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
+    *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
+}
+
+/*
+ * try to figure out the database (`dbname') and master-key (`mkey')
+ * that should be used for `principal'.
+ */
+
+static void
+find_db (krb5_context context,
+	 const char **dbname,
+	 const char **mkey,
+	 krb5_const_principal principal)
+{
+    krb5_config_binding *top_bind = NULL;
+    krb5_config_binding *default_binding = NULL;
+    krb5_config_binding *db;
+    krb5_realm *prealm = krb5_princ_realm(context, (krb5_principal)principal);
+
+    *dbname = *mkey = NULL;
+
+    while ((db = (krb5_config_binding *)
+	    krb5_config_get_next(context,
+				 NULL,
+				 &top_bind,
+				 krb5_config_list,
+				 "kdc",
+				 "database",
+				 NULL)) != NULL) {
+	const char *p;
+	
+	p = krb5_config_get_string (context, db, "realm", NULL);
+	if (p == NULL) {
+	    if(default_binding) {
+		krb5_warnx(context, "WARNING: more than one realm-less "
+			   "database specification");
+		krb5_warnx(context, "WARNING: using the first encountered");
+	    } else
+		default_binding = db;
+	} else if (strcmp (*prealm, p) == 0) {
+	    set_config (context, db, dbname, mkey);
+	    break;
+	}
+    }
+    if (*dbname == NULL && default_binding != NULL)
+	set_config (context, default_binding, dbname, mkey);
+    if (*dbname == NULL)
+	*dbname = HDB_DEFAULT_DB;
+}
+
+/*
+ * find the keytab entry in `id' for `principal, kvno, enctype' and return
+ * it in `entry'.  return 0 or an error code
+ */
+
 static krb5_error_code
 hdb_get_entry(krb5_context context,
 	      krb5_keytab id,
@@ -138,13 +192,32 @@ hdb_get_entry(krb5_context context,
    krb5_error_code ret;
    struct hdb_data *d = id->data;
    int i;
+    HDB *db;
+    const char *dbname = d->dbname;
+    const char *mkey   = d->mkey;

-    ret = (*d->db->open)(context, d->db, O_RDONLY, 0);
+    if (dbname == NULL)
+	find_db (context, &dbname, &mkey, principal);
+
+    ret = hdb_create (context, &db, dbname);
    if (ret)
 	return ret;
+    ret = hdb_set_master_keyfile (context, db, mkey);
+    if (ret) {
+	(*db->destroy)(context, db);
+	return ret;
+    }
+	
+    ret = (*db->open)(context, db, O_RDONLY, 0);
+    if (ret) {
+	(*db->destroy)(context, db);
+	return ret;
+    }
    ent.principal = (krb5_principal)principal;
-    ret = (*d->db->fetch)(context, d->db, HDB_F_DECRYPT, &ent);
-    (*d->db->close)(context, d->db);
+    ret = (*db->fetch)(context, db, HDB_F_DECRYPT, &ent);
+    (*db->close)(context, db);
+    (*db->destroy)(context, db);
+
    if(ret == HDB_ERR_NOENTRY)
 	return KRB5_KT_NOTFOUND;
    else if(ret)
@@ -184,4 +257,3 @@ krb5_kt_ops hdb_kt_ops = {
    NULL,		/* add */
    NULL		/* remove */
 };
-