Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

transited.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 12.4 KB

Line
1	/*
2	* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* 3. Neither the name of the Institute nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#include "krb5_locl.h"
35
36	/* this is an attempt at one of the most horrible `compression'
37	schemes that has ever been invented; it's so amazingly brain-dead
38	that words can not describe it, and all this just to save a few
39	silly bytes */
40
41	struct tr_realm {
42	char *realm;
43	unsigned leading_space:1;
44	unsigned leading_slash:1;
45	unsigned trailing_dot:1;
46	struct tr_realm *next;
47	};
48
49	static void
50	free_realms(struct tr_realm *r)
51	{
52	struct tr_realm *p;
53	while(r){
54	p = r;
55	r = r->next;
56	free(p->realm);
57	free(p);
58	}
59	}
60
61	static int
62	make_path(krb5_context context, struct tr_realm *r,
63	const char from, const char to)
64	{
65	struct tr_realm *tmp;
66	const char *p;
67
68	if(strlen(from) < strlen(to)){
69	const char *str;
70	str = from;
71	from = to;
72	to = str;
73	}
74
75	if(strcmp(from + strlen(from) - strlen(to), to) == 0){
76	p = from;
77	while(1){
78	p = strchr(p, '.');
79	if(p == NULL) {
80	krb5_clear_error_message (context);
81	return KRB5KDC_ERR_POLICY;
82	}
83	p++;
84	if(strcmp(p, to) == 0)
85	break;
86	tmp = calloc(1, sizeof(*tmp));
87	if(tmp == NULL){
88	krb5_set_error_message(context, ENOMEM,
89	N_("malloc: out of memory", ""));
90	return ENOMEM;
91	}
92	tmp->next = r->next;
93	r->next = tmp;
94	tmp->realm = strdup(p);
95	if(tmp->realm == NULL){
96	r->next = tmp->next;
97	free(tmp);
98	krb5_set_error_message(context, ENOMEM,
99	N_("malloc: out of memory", ""));
100	return ENOMEM;;
101	}
102	}
103	}else if(strncmp(from, to, strlen(to)) == 0){
104	p = from + strlen(from);
105	while(1){
106	while(p >= from && *p != '/') p--;
107	if(p == from)
108	return KRB5KDC_ERR_POLICY;
109
110	if(strncmp(to, from, p - from) == 0)
111	break;
112	tmp = calloc(1, sizeof(*tmp));
113	if(tmp == NULL){
114	krb5_set_error_message(context, ENOMEM,
115	N_("malloc: out of memory", ""));
116	return ENOMEM;
117	}
118	tmp->next = r->next;
119	r->next = tmp;
120	tmp->realm = malloc(p - from + 1);
121	if(tmp->realm == NULL){
122	r->next = tmp->next;
123	free(tmp);
124	krb5_set_error_message(context, ENOMEM,
125	N_("malloc: out of memory", ""));
126	return ENOMEM;
127	}
128	memcpy(tmp->realm, from, p - from);
129	tmp->realm[p - from] = '\0';
130	p--;
131	}
132	} else {
133	krb5_clear_error_message (context);
134	return KRB5KDC_ERR_POLICY;
135	}
136
137	return 0;
138	}
139
140	static int
141	make_paths(krb5_context context,
142	struct tr_realm realms, const char client_realm,
143	const char *server_realm)
144	{
145	struct tr_realm *r;
146	int ret;
147	const char *prev_realm = client_realm;
148	const char *next_realm = NULL;
149	for(r = realms; r; r = r->next){
150	/* it might be that you can have more than one empty
151	component in a row, at least that's how I interpret the
152	"," exception in 1510 */
153	if(r->realm[0] == '\0'){
154	while(r->next && r->next->realm[0] == '\0')
155	r = r->next;
156	if(r->next)
157	next_realm = r->next->realm;
158	else
159	next_realm = server_realm;
160	ret = make_path(context, r, prev_realm, next_realm);
161	if(ret){
162	free_realms(realms);
163	return ret;
164	}
165	}
166	prev_realm = r->realm;
167	}
168	return 0;
169	}
170
171	static int
172	expand_realms(krb5_context context,
173	struct tr_realm realms, const char client_realm)
174	{
175	struct tr_realm *r;
176	const char *prev_realm = NULL;
177	for(r = realms; r; r = r->next){
178	if(r->trailing_dot){
179	char *tmp;
180	size_t len;
181
182	if(prev_realm == NULL)
183	prev_realm = client_realm;
184
185	len = strlen(r->realm) + strlen(prev_realm) + 1;
186
187	tmp = realloc(r->realm, len);
188	if(tmp == NULL){
189	free_realms(realms);
190	krb5_set_error_message(context, ENOMEM,
191	N_("malloc: out of memory", ""));
192	return ENOMEM;
193	}
194	r->realm = tmp;
195	strlcat(r->realm, prev_realm, len);
196	}else if(r->leading_slash && !r->leading_space && prev_realm){
197	/* yet another exception: if you use x500-names, the
198	leading realm doesn't have to be "quoted" with a space */
199	char *tmp;
200	size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
201
202	tmp = malloc(len);
203	if(tmp == NULL){
204	free_realms(realms);
205	krb5_set_error_message(context, ENOMEM,
206	N_("malloc: out of memory", ""));
207	return ENOMEM;
208	}
209	strlcpy(tmp, prev_realm, len);
210	strlcat(tmp, r->realm, len);
211	free(r->realm);
212	r->realm = tmp;
213	}
214	prev_realm = r->realm;
215	}
216	return 0;
217	}
218
219	static struct tr_realm *
220	make_realm(char *realm)
221	{
222	struct tr_realm *r;
223	char p, q;
224	int quote = 0;
225	r = calloc(1, sizeof(*r));
226	if(r == NULL){
227	free(realm);
228	return NULL;
229	}
230	r->realm = realm;
231	for(p = q = r->realm; *p; p++){
232	if(p == r->realm && *p == ' '){
233	r->leading_space = 1;
234	continue;
235	}
236	if(q == r->realm && *p == '/')
237	r->leading_slash = 1;
238	if(quote){
239	q++ = p;
240	quote = 0;
241	continue;
242	}
243	if(*p == '\\'){
244	quote = 1;
245	continue;
246	}
247	if(p[0] == '.' && p[1] == '\0')
248	r->trailing_dot = 1;
249	q++ = p;
250	}
251	*q = '\0';
252	return r;
253	}
254
255	static struct tr_realm*
256	append_realm(struct tr_realm head, struct tr_realm r)
257	{
258	struct tr_realm *p;
259	if(head == NULL){
260	r->next = NULL;
261	return r;
262	}
263	p = head;
264	while(p->next) p = p->next;
265	p->next = r;
266	return head;
267	}
268
269	static int
270	decode_realms(krb5_context context,
271	const char tr, int length, struct tr_realm *realms)
272	{
273	struct tr_realm *r = NULL;
274
275	char *tmp;
276	int quote = 0;
277	const char *start = tr;
278	int i;
279
280	for(i = 0; i < length; i++){
281	if(quote){
282	quote = 0;
283	continue;
284	}
285	if(tr[i] == '\\'){
286	quote = 1;
287	continue;
288	}
289	if(tr[i] == ','){
290	tmp = malloc(tr + i - start + 1);
291	if(tmp == NULL){
292	krb5_set_error_message(context, ENOMEM,
293	N_("malloc: out of memory", ""));
294	return ENOMEM;
295	}
296	memcpy(tmp, start, tr + i - start);
297	tmp[tr + i - start] = '\0';
298	r = make_realm(tmp);
299	if(r == NULL){
300	free_realms(*realms);
301	krb5_set_error_message(context, ENOMEM,
302	N_("malloc: out of memory", ""));
303	return ENOMEM;
304	}
305	realms = append_realm(realms, r);
306	start = tr + i + 1;
307	}
308	}
309	tmp = malloc(tr + i - start + 1);
310	if(tmp == NULL){
311	free(*realms);
312	krb5_set_error_message(context, ENOMEM,
313	N_("malloc: out of memory", ""));
314	return ENOMEM;
315	}
316	memcpy(tmp, start, tr + i - start);
317	tmp[tr + i - start] = '\0';
318	r = make_realm(tmp);
319	if(r == NULL){
320	free_realms(*realms);
321	krb5_set_error_message(context, ENOMEM,
322	N_("malloc: out of memory", ""));
323	return ENOMEM;
324	}
325	realms = append_realm(realms, r);
326
327	return 0;
328	}
329
330
331	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
332	krb5_domain_x500_decode(krb5_context context,
333	krb5_data tr, char **realms, unsigned int num_realms,
334	const char client_realm, const char server_realm)
335	{
336	struct tr_realm *r = NULL;
337	struct tr_realm p, *q;
338	int ret;
339
340	if(tr.length == 0) {
341	*realms = NULL;
342	*num_realms = 0;
343	return 0;
344	}
345
346	/* split string in components */
347	ret = decode_realms(context, tr.data, tr.length, &r);
348	if(ret)
349	return ret;
350
351	/* apply prefix rule */
352	ret = expand_realms(context, r, client_realm);
353	if(ret)
354	return ret;
355
356	ret = make_paths(context, r, client_realm, server_realm);
357	if(ret)
358	return ret;
359
360	/* remove empty components and count realms */
361	*num_realms = 0;
362	for(q = &r; *q; ){
363	if((*q)->realm[0] == '\0'){
364	p = *q;
365	q = (q)->next;
366	free(p->realm);
367	free(p);
368	}else{
369	q = &(*q)->next;
370	(*num_realms)++;
371	}
372	}
373	if (num_realms < 0 \|\| num_realms + 1 > UINT_MAX/sizeof(**realms))
374	return ERANGE;
375
376	{
377	char **R;
378	R = malloc((num_realms + 1) sizeof(*R));
379	if (R == NULL)
380	return ENOMEM;
381	*realms = R;
382	while(r){
383	*R++ = r->realm;
384	p = r->next;
385	free(r);
386	r = p;
387	}
388	}
389	return 0;
390	}
391
392	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
393	krb5_domain_x500_encode(char **realms, unsigned int num_realms,
394	krb5_data *encoding)
395	{
396	char *s = NULL;
397	int len = 0;
398	unsigned int i;
399	krb5_data_zero(encoding);
400	if (num_realms == 0)
401	return 0;
402	for(i = 0; i < num_realms; i++){
403	len += strlen(realms[i]);
404	if(realms[i][0] == '/')
405	len++;
406	}
407	len += num_realms - 1;
408	s = malloc(len + 1);
409	if (s == NULL)
410	return ENOMEM;
411	*s = '\0';
412	for(i = 0; i < num_realms; i++){
413	if(i && i < num_realms - 1)
414	strlcat(s, ",", len + 1);
415	if(realms[i][0] == '/')
416	strlcat(s, " ", len + 1);
417	strlcat(s, realms[i], len + 1);
418	}
419	encoding->data = s;
420	encoding->length = strlen(s);
421	return 0;
422	}
423
424	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
425	krb5_check_transited(krb5_context context,
426	krb5_const_realm client_realm,
427	krb5_const_realm server_realm,
428	krb5_realm *realms,
429	unsigned int num_realms,
430	int *bad_realm)
431	{
432	char **tr_realms;
433	char **p;
434	int i;
435
436	if(num_realms == 0)
437	return 0;
438
439	tr_realms = krb5_config_get_strings(context, NULL,
440	"capaths",
441	client_realm,
442	server_realm,
443	NULL);
444	for(i = 0; i < num_realms; i++) {
445	for(p = tr_realms; p && *p; p++) {
446	if(strcmp(*p, realms[i]) == 0)
447	break;
448	}
449	if(p == NULL \|\| *p == NULL) {
450	krb5_config_free_strings(tr_realms);
451	krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
452	N_("no transit allowed "
453	"through realm %s", ""),
454	realms[i]);
455	if(bad_realm)
456	*bad_realm = i;
457	return KRB5KRB_AP_ERR_ILL_CR_TKT;
458	}
459	}
460	krb5_config_free_strings(tr_realms);
461	return 0;
462	}
463
464	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
465	krb5_check_transited_realms(krb5_context context,
466	const char const realms,
467	unsigned int num_realms,
468	int *bad_realm)
469	{
470	int i;
471	int ret = 0;
472	char **bad_realms = krb5_config_get_strings(context, NULL,
473	"libdefaults",
474	"transited_realms_reject",
475	NULL);
476	if(bad_realms == NULL)
477	return 0;
478
479	for(i = 0; i < num_realms; i++) {
480	char **p;
481	for(p = bad_realms; *p; p++)
482	if(strcmp(*p, realms[i]) == 0) {
483	ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
484	krb5_set_error_message (context, ret,
485	N_("no transit allowed "
486	"through realm %s", ""),
487	*p);
488	if(bad_realm)
489	*bad_realm = i;
490	break;
491	}
492	}
493	krb5_config_free_strings(bad_realms);
494	return ret;
495	}
496
497	#if 0
498	int
499	main(int argc, char **argv)
500	{
501	krb5_data x;
502	char **r;
503	int num, i;
504	x.data = argv[1];
505	x.length = strlen(x.data);
506	if(domain_expand(x, &r, &num, argv[2], argv[3]))
507	exit(1);
508	for(i = 0; i < num; i++)
509	printf("%s\n", r[i]);
510	return 0;
511	}
512	#endif
513

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source4/heimdal/lib/krb5/transited.c

Download in other formats: