/*
 * Implementation of keytab handling for the wallet client.
 *
 * Written by Russ Allbery <rra@stanford.edu>
 * Copyright 2007, 2008, 2010, 2013
 *     The Board of Trustees of the Leland Stanford Junior University
 *
 * See LICENSE for licensing terms.
 */

#include <config.h>
#include <portable/krb5.h>
#include <portable/system.h>

#include <remctl.h>

#include <client/internal.h>
#include <util/messages-krb5.h>
#include <util/messages.h>
#include <util/xmalloc.h>

/* List of principals we have already encountered. */
struct principal_name {
    char *princ;
    struct principal_name *next;
};


/*
 * Given a context, a keytab file, and a realm, return a list of all
 * principals in that file.
 */
static struct principal_name *
keytab_principals(krb5_context ctx, const char *file, char *realm)
{
    char *princname = NULL, *princrealm = NULL;
    bool found;
    krb5_keytab keytab = NULL;
    krb5_kt_cursor cursor;
    krb5_keytab_entry entry;
    krb5_error_code status;
    struct principal_name *names = NULL, *current = NULL, *last = NULL;

    memset(&entry, 0, sizeof(entry));
    status = krb5_kt_resolve(ctx, file, &keytab);
    if (status != 0)
        die_krb5(ctx, status, "cannot open keytab %s", file);
    status = krb5_kt_start_seq_get(ctx, keytab, &cursor);
    if (status != 0)
        die_krb5(ctx, status, "cannot read keytab %s", file);
    while ((status = krb5_kt_next_entry(ctx, keytab, &entry, &cursor)) == 0) {
        status = krb5_unparse_name(ctx, entry.principal, &princname);
        if (status != 0)
            die_krb5(ctx, status, "cannot unparse name for a principal");

        /* Separate into principal and realm. */
        princrealm = strchr(princname, '@');
        if (princrealm != NULL) {
            *princrealm = '\0';
            princrealm++;
        }
        if (princrealm == NULL || strcmp(princrealm, realm) != 0)
            continue;

        /* Check to see if the principal has already been listed. */
        found = false;
        for (current = names; current != NULL; current = current->next) {
            if (strcmp(current->princ, princname) == 0) {
                found = true;
                break;
            }
            last = current;
        }
        if (found == false) {
            current = xmalloc(sizeof(struct principal_name));
            current->princ = xstrdup(princname);
            current->next = NULL;
            if (last == NULL)
                names = current;
            else
                last->next = current;
        }
        krb5_kt_free_entry(ctx, &entry);
        free(princname);
    }
    if (status != KRB5_KT_END)
        die_krb5(ctx, status, "error reading keytab %s", file);
    krb5_kt_end_seq_get(ctx, keytab, &cursor);
    krb5_kt_close(ctx, keytab);
    return names;
}


/*
 * Given two files containing keytab data, second keytab, merge the keys into
 * the new file.  Currently, this doesn't do any cleanup of old kvnos and
 * doesn't handle duplicate kvnos correctly.  Dies on any error.
 */
static void
merge_keytab(krb5_context ctx, const char *newfile, const char *file)
{
    char *oldfile;
    krb5_keytab old = NULL, temp = NULL;
    krb5_kt_cursor cursor;
    krb5_keytab_entry entry;
    krb5_error_code status;

    memset(&entry, 0, sizeof(entry));
    xasprintf(&oldfile, "WRFILE:%s", file);
    status = krb5_kt_resolve(ctx, oldfile, &old);
    if (status != 0)
        die_krb5(ctx, status, "cannot open keytab %s", file);
    free(oldfile);
    status = krb5_kt_resolve(ctx, newfile, &temp);
    if (status != 0)
        die_krb5(ctx, status, "cannot open temporary keytab %s", newfile);
    status = krb5_kt_start_seq_get(ctx, temp, &cursor);
    if (status != 0)
        die_krb5(ctx, status, "cannot read temporary keytab %s", newfile);
    while ((status = krb5_kt_next_entry(ctx, temp, &entry, &cursor)) == 0) {
        status = krb5_kt_add_entry(ctx, old, &entry);
        if (status != 0)
            die_krb5(ctx, status, "cannot write to keytab %s", file);
        krb5_kt_free_entry(ctx, &entry);
    }
    if (status != KRB5_KT_END)
        die_krb5(ctx, status, "error reading temporary keytab %s", newfile);
    krb5_kt_end_seq_get(ctx, temp, &cursor);
    if (old != NULL)
        krb5_kt_close(ctx, old);
    if (temp != NULL)
        krb5_kt_close(ctx, temp);
}


/*
 * Given a remctl object, the type and name of a keytab object, and
 * references to keytab data and data length, call the correct wallet
 * commands to download a keytab and return the keytab data.  Returns the
 * status of the remctl command.
 */
static int
download_keytab(struct remctl *r, const char *type, const char *name,
                char **data, size_t *length)
{
    const char *command[5];
    int status;

    command[0] = type;
    command[1] = "get";
    command[2] = "keytab";
    command[3] = name;
    command[4] = NULL;
    status = run_command(r, command, data, length);
    if (*data == NULL && status == 0) {
        warn("no data returned by wallet server");
        return 255;
    }
    return status;
}


/*
 * Given a remctl object, the Kerberos context, the name of a keytab object,
 * and a file name, call the correct wallet commands to download a keytab and
 * write it to that file.  Returns the status or 255 on an internal error.
 */
int
get_keytab(struct remctl *r, krb5_context ctx, const char *type,
           const char *name, const char *file, const char *srvtab)
{
    const char *command[5];
    char *tempfile;
    char *data = NULL;
    size_t length = 0;
    int status;

    command[0] = type;
    command[1] = "get";
    command[2] = "keytab";
    command[3] = name;
    command[4] = NULL;
    status = run_command(r, command, &data, &length);
    if (status != 0)
        return status;
    if (data == NULL) {
        warn("no data returned by wallet server");
        return 255;
    }
    if (access(file, F_OK) == 0) {
        xasprintf(&tempfile, "%s.new", file);
        overwrite_file(tempfile, data, length);
        if (srvtab != NULL)
            write_srvtab(ctx, srvtab, name, tempfile);
        merge_keytab(ctx, tempfile, file);
        if (unlink(tempfile) < 0)
            sysdie("unlink of temporary keytab file %s failed", tempfile);
        free(tempfile);
    } else {
        write_file(file, data, length);
        if (srvtab != NULL)
            write_srvtab(ctx, srvtab, name, file);
    }
    return 0;
}


/*
 * Given a remctl object, the Kerberos context, the type for the wallet
 * interface, and a file name of a keytab, iterate through every existing
 * principal in the keytab in the local realm, get fresh keys for those
 * principals, and save the old and new keys to that file.  Returns true on
 * success and false on partial failure to retrieve all the keys.
 */
bool
rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
             const char *file)
{
    char *realm = NULL;
    char *data = NULL;
    char *tempfile, *backupfile;
    size_t length = 0;
    int status;
    bool error = false, rekeyed = false;
    struct principal_name *names, *current;

    xasprintf(&tempfile, "%s.new", file);
    krb5_get_default_realm(ctx, &realm);
    names = keytab_principals(ctx, file, realm);
    for (current = names; current != NULL; current = current->next) {
        status = download_keytab(r, type, current->princ, &data, &length);
        if (status != 0) {
            warn("error rekeying for principal %s", current->princ);
            if (!rekeyed)
                die("aborting, keytab unchanged");
            error = true;
        } else if (data != NULL) {
            if (access(tempfile, F_OK) == 0)
                append_file(tempfile, data, length);
            else
                write_file(tempfile, data, length);
            rekeyed = true;
        }
    }

    /* If no new keytab data, then leave the keytab as-is. */
    if (!rekeyed)
        die("no rekeyable principals found");

    /*
     * Now merge the original keytab file with the one containing the new
     * keys.  If there is an error, first make a backup of the current keytab
     * file as keytab.old.
     */
    if (access(file, F_OK) != 0) {
        if (link(tempfile, file) < 0)
            sysdie("rename of temporary keytab %s to %s failed", tempfile,
                   file);
    } else {
        if (error) {
            data = read_file(file, &length);
            xasprintf(&backupfile, "%s.old", file);
            overwrite_file(backupfile, data, length);
            warn("partial failure to rekey keytab %s, old keytab left in %s",
                 file, backupfile);
            free(backupfile);
        }
        merge_keytab(ctx, tempfile, file);
    }
    if (unlink(tempfile) < 0)
        sysdie("unlink of temporary keytab file %s failed", tempfile);
    free(tempfile);
    return !error;
}