Scott Baker | ed4efab | 2020-01-13 19:12:25 -0800 | [diff] [blame] | 1 | // Package keytab implements Kerberos keytabs: https://web.mit.edu/kerberos/krb5-devel/doc/formats/keytab_file_format.html. |
| 2 | package keytab |
| 3 | |
| 4 | import ( |
| 5 | "bytes" |
| 6 | "encoding/binary" |
| 7 | "errors" |
| 8 | "fmt" |
| 9 | "io" |
| 10 | "io/ioutil" |
| 11 | "time" |
| 12 | "unsafe" |
| 13 | |
| 14 | "gopkg.in/jcmturner/gokrb5.v7/types" |
| 15 | ) |
| 16 | |
| 17 | const ( |
| 18 | keytabFirstByte byte = 05 |
| 19 | ) |
| 20 | |
| 21 | // Keytab struct. |
| 22 | type Keytab struct { |
| 23 | version uint8 |
| 24 | Entries []entry |
| 25 | } |
| 26 | |
| 27 | // Keytab entry struct. |
| 28 | type entry struct { |
| 29 | Principal principal |
| 30 | Timestamp time.Time |
| 31 | KVNO8 uint8 |
| 32 | Key types.EncryptionKey |
| 33 | KVNO uint32 |
| 34 | } |
| 35 | |
| 36 | // Keytab entry principal struct. |
| 37 | type principal struct { |
| 38 | NumComponents int16 |
| 39 | Realm string |
| 40 | Components []string |
| 41 | NameType int32 |
| 42 | } |
| 43 | |
| 44 | // New creates new, empty Keytab type. |
| 45 | func New() *Keytab { |
| 46 | var e []entry |
| 47 | return &Keytab{ |
| 48 | version: 0, |
| 49 | Entries: e, |
| 50 | } |
| 51 | } |
| 52 | |
| 53 | // GetEncryptionKey returns the EncryptionKey from the Keytab for the newest entry with the required kvno, etype and matching principal. |
| 54 | func (kt *Keytab) GetEncryptionKey(princName types.PrincipalName, realm string, kvno int, etype int32) (types.EncryptionKey, error) { |
| 55 | //TODO (theme: KVNO from keytab) this function should return the kvno too |
| 56 | var key types.EncryptionKey |
| 57 | var t time.Time |
| 58 | for _, k := range kt.Entries { |
| 59 | if k.Principal.Realm == realm && len(k.Principal.Components) == len(princName.NameString) && |
| 60 | k.Key.KeyType == etype && |
| 61 | (k.KVNO == uint32(kvno) || kvno == 0) && |
| 62 | k.Timestamp.After(t) { |
| 63 | p := true |
| 64 | for i, n := range k.Principal.Components { |
| 65 | if princName.NameString[i] != n { |
| 66 | p = false |
| 67 | break |
| 68 | } |
| 69 | } |
| 70 | if p { |
| 71 | key = k.Key |
| 72 | t = k.Timestamp |
| 73 | } |
| 74 | } |
| 75 | } |
| 76 | if len(key.KeyValue) < 1 { |
| 77 | return key, fmt.Errorf("matching key not found in keytab. Looking for %v realm: %v kvno: %v etype: %v", princName.NameString, realm, kvno, etype) |
| 78 | } |
| 79 | return key, nil |
| 80 | } |
| 81 | |
| 82 | // Create a new Keytab entry. |
| 83 | func newKeytabEntry() entry { |
| 84 | var b []byte |
| 85 | return entry{ |
| 86 | Principal: newPrincipal(), |
| 87 | Timestamp: time.Time{}, |
| 88 | KVNO8: 0, |
| 89 | Key: types.EncryptionKey{ |
| 90 | KeyType: 0, |
| 91 | KeyValue: b, |
| 92 | }, |
| 93 | KVNO: 0, |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | // Create a new principal. |
| 98 | func newPrincipal() principal { |
| 99 | var c []string |
| 100 | return principal{ |
| 101 | NumComponents: 0, |
| 102 | Realm: "", |
| 103 | Components: c, |
| 104 | NameType: 0, |
| 105 | } |
| 106 | } |
| 107 | |
| 108 | // Load a Keytab file into a Keytab type. |
| 109 | func Load(ktPath string) (*Keytab, error) { |
| 110 | kt := new(Keytab) |
| 111 | b, err := ioutil.ReadFile(ktPath) |
| 112 | if err != nil { |
| 113 | return kt, err |
| 114 | } |
| 115 | err = kt.Unmarshal(b) |
| 116 | return kt, err |
| 117 | } |
| 118 | |
| 119 | // Marshal keytab into byte slice |
| 120 | func (kt *Keytab) Marshal() ([]byte, error) { |
| 121 | b := []byte{keytabFirstByte, kt.version} |
| 122 | for _, e := range kt.Entries { |
| 123 | eb, err := e.marshal(int(kt.version)) |
| 124 | if err != nil { |
| 125 | return b, err |
| 126 | } |
| 127 | b = append(b, eb...) |
| 128 | } |
| 129 | return b, nil |
| 130 | } |
| 131 | |
| 132 | // Write the keytab bytes to io.Writer. |
| 133 | // Returns the number of bytes written |
| 134 | func (kt *Keytab) Write(w io.Writer) (int, error) { |
| 135 | b, err := kt.Marshal() |
| 136 | if err != nil { |
| 137 | return 0, fmt.Errorf("error marshaling keytab: %v", err) |
| 138 | } |
| 139 | return w.Write(b) |
| 140 | } |
| 141 | |
| 142 | // Unmarshal byte slice of Keytab data into Keytab type. |
| 143 | func (kt *Keytab) Unmarshal(b []byte) error { |
| 144 | //The first byte of the file always has the value 5 |
| 145 | if b[0] != keytabFirstByte { |
| 146 | return errors.New("invalid keytab data. First byte does not equal 5") |
| 147 | } |
| 148 | //Get keytab version |
| 149 | //The 2nd byte contains the version number (1 or 2) |
| 150 | kt.version = b[1] |
| 151 | if kt.version != 1 && kt.version != 2 { |
| 152 | return errors.New("invalid keytab data. Keytab version is neither 1 nor 2") |
| 153 | } |
| 154 | //Version 1 of the file format uses native byte order for integer representations. Version 2 always uses big-endian byte order |
| 155 | var endian binary.ByteOrder |
| 156 | endian = binary.BigEndian |
| 157 | if kt.version == 1 && isNativeEndianLittle() { |
| 158 | endian = binary.LittleEndian |
| 159 | } |
| 160 | /* |
| 161 | After the two-byte version indicator, the file contains a sequence of signed 32-bit record lengths followed by key records or holes. |
| 162 | A positive record length indicates a valid key entry whose size is equal to or less than the record length. |
| 163 | A negative length indicates a zero-filled hole whose size is the inverse of the length. |
| 164 | A length of 0 indicates the end of the file. |
| 165 | */ |
| 166 | // n tracks position in the byte array |
| 167 | n := 2 |
| 168 | l := readInt32(b, &n, &endian) |
| 169 | for l != 0 { |
| 170 | if l < 0 { |
| 171 | //Zero padded so skip over |
| 172 | l = l * -1 |
| 173 | n = n + int(l) |
| 174 | } else { |
| 175 | //fmt.Printf("Bytes for entry: %v\n", b[n:n+int(l)]) |
| 176 | eb := b[n : n+int(l)] |
| 177 | n = n + int(l) |
| 178 | ke := newKeytabEntry() |
| 179 | // p keeps track as to where we are in the byte stream |
| 180 | var p int |
| 181 | parsePrincipal(eb, &p, kt, &ke, &endian) |
| 182 | ke.Timestamp = readTimestamp(eb, &p, &endian) |
| 183 | ke.KVNO8 = uint8(readInt8(eb, &p, &endian)) |
| 184 | ke.Key.KeyType = int32(readInt16(eb, &p, &endian)) |
| 185 | kl := int(readInt16(eb, &p, &endian)) |
| 186 | ke.Key.KeyValue = readBytes(eb, &p, kl, &endian) |
| 187 | //The 32-bit key version overrides the 8-bit key version. |
| 188 | // To determine if it is present, the implementation must check that at least 4 bytes remain in the record after the other fields are read, |
| 189 | // and that the value of the 32-bit integer contained in those bytes is non-zero. |
| 190 | if len(eb)-p >= 4 { |
| 191 | // The 32-bit key may be present |
| 192 | ke.KVNO = uint32(readInt32(eb, &p, &endian)) |
| 193 | } |
| 194 | if ke.KVNO == 0 { |
| 195 | // Handles if the value from the last 4 bytes was zero and also if there are not the 4 bytes present. Makes sense to put the same value here as KVNO8 |
| 196 | ke.KVNO = uint32(ke.KVNO8) |
| 197 | } |
| 198 | // Add the entry to the keytab |
| 199 | kt.Entries = append(kt.Entries, ke) |
| 200 | } |
| 201 | // Check if there are still 4 bytes left to read |
| 202 | if n > len(b) || len(b[n:]) < 4 { |
| 203 | break |
| 204 | } |
| 205 | // Read the size of the next entry |
| 206 | l = readInt32(b, &n, &endian) |
| 207 | } |
| 208 | return nil |
| 209 | } |
| 210 | |
| 211 | func (e entry) marshal(v int) ([]byte, error) { |
| 212 | var b []byte |
| 213 | pb, err := e.Principal.marshal(v) |
| 214 | if err != nil { |
| 215 | return b, err |
| 216 | } |
| 217 | b = append(b, pb...) |
| 218 | |
| 219 | var endian binary.ByteOrder |
| 220 | endian = binary.BigEndian |
| 221 | if v == 1 && isNativeEndianLittle() { |
| 222 | endian = binary.LittleEndian |
| 223 | } |
| 224 | |
| 225 | t := make([]byte, 9) |
| 226 | endian.PutUint32(t[0:4], uint32(e.Timestamp.Unix())) |
| 227 | t[4] = e.KVNO8 |
| 228 | endian.PutUint16(t[5:7], uint16(e.Key.KeyType)) |
| 229 | endian.PutUint16(t[7:9], uint16(len(e.Key.KeyValue))) |
| 230 | b = append(b, t...) |
| 231 | |
| 232 | buf := new(bytes.Buffer) |
| 233 | err = binary.Write(buf, endian, e.Key.KeyValue) |
| 234 | if err != nil { |
| 235 | return b, err |
| 236 | } |
| 237 | b = append(b, buf.Bytes()...) |
| 238 | |
| 239 | t = make([]byte, 4) |
| 240 | endian.PutUint32(t, e.KVNO) |
| 241 | b = append(b, t...) |
| 242 | |
| 243 | // Add the length header |
| 244 | t = make([]byte, 4) |
| 245 | endian.PutUint32(t, uint32(len(b))) |
| 246 | b = append(t, b...) |
| 247 | return b, nil |
| 248 | } |
| 249 | |
| 250 | // Parse the Keytab bytes of a principal into a Keytab entry's principal. |
| 251 | func parsePrincipal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) error { |
| 252 | ke.Principal.NumComponents = readInt16(b, p, e) |
| 253 | if kt.version == 1 { |
| 254 | //In version 1 the number of components includes the realm. Minus 1 to make consistent with version 2 |
| 255 | ke.Principal.NumComponents-- |
| 256 | } |
| 257 | lenRealm := readInt16(b, p, e) |
| 258 | ke.Principal.Realm = string(readBytes(b, p, int(lenRealm), e)) |
| 259 | for i := 0; i < int(ke.Principal.NumComponents); i++ { |
| 260 | l := readInt16(b, p, e) |
| 261 | ke.Principal.Components = append(ke.Principal.Components, string(readBytes(b, p, int(l), e))) |
| 262 | } |
| 263 | if kt.version != 1 { |
| 264 | //Name Type is omitted in version 1 |
| 265 | ke.Principal.NameType = readInt32(b, p, e) |
| 266 | } |
| 267 | return nil |
| 268 | } |
| 269 | |
| 270 | func (p principal) marshal(v int) ([]byte, error) { |
| 271 | //var b []byte |
| 272 | b := make([]byte, 2) |
| 273 | var endian binary.ByteOrder |
| 274 | endian = binary.BigEndian |
| 275 | if v == 1 && isNativeEndianLittle() { |
| 276 | endian = binary.LittleEndian |
| 277 | } |
| 278 | endian.PutUint16(b[0:], uint16(p.NumComponents)) |
| 279 | realm, err := marshalString(p.Realm, v) |
| 280 | if err != nil { |
| 281 | return b, err |
| 282 | } |
| 283 | b = append(b, realm...) |
| 284 | for _, c := range p.Components { |
| 285 | cb, err := marshalString(c, v) |
| 286 | if err != nil { |
| 287 | return b, err |
| 288 | } |
| 289 | b = append(b, cb...) |
| 290 | } |
| 291 | if v != 1 { |
| 292 | t := make([]byte, 4) |
| 293 | endian.PutUint32(t, uint32(p.NameType)) |
| 294 | b = append(b, t...) |
| 295 | } |
| 296 | return b, nil |
| 297 | } |
| 298 | |
| 299 | func marshalString(s string, v int) ([]byte, error) { |
| 300 | sb := []byte(s) |
| 301 | b := make([]byte, 2) |
| 302 | var endian binary.ByteOrder |
| 303 | endian = binary.BigEndian |
| 304 | if v == 1 && isNativeEndianLittle() { |
| 305 | endian = binary.LittleEndian |
| 306 | } |
| 307 | endian.PutUint16(b[0:], uint16(len(sb))) |
| 308 | buf := new(bytes.Buffer) |
| 309 | err := binary.Write(buf, endian, sb) |
| 310 | if err != nil { |
| 311 | return b, err |
| 312 | } |
| 313 | b = append(b, buf.Bytes()...) |
| 314 | return b, err |
| 315 | } |
| 316 | |
| 317 | // Read bytes representing a timestamp. |
| 318 | func readTimestamp(b []byte, p *int, e *binary.ByteOrder) time.Time { |
| 319 | return time.Unix(int64(readInt32(b, p, e)), 0) |
| 320 | } |
| 321 | |
| 322 | // Read bytes representing an eight bit integer. |
| 323 | func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8) { |
| 324 | buf := bytes.NewBuffer(b[*p : *p+1]) |
| 325 | binary.Read(buf, *e, &i) |
| 326 | *p++ |
| 327 | return |
| 328 | } |
| 329 | |
| 330 | // Read bytes representing a sixteen bit integer. |
| 331 | func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16) { |
| 332 | buf := bytes.NewBuffer(b[*p : *p+2]) |
| 333 | binary.Read(buf, *e, &i) |
| 334 | *p += 2 |
| 335 | return |
| 336 | } |
| 337 | |
| 338 | // Read bytes representing a thirty two bit integer. |
| 339 | func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32) { |
| 340 | buf := bytes.NewBuffer(b[*p : *p+4]) |
| 341 | binary.Read(buf, *e, &i) |
| 342 | *p += 4 |
| 343 | return |
| 344 | } |
| 345 | |
| 346 | func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) []byte { |
| 347 | buf := bytes.NewBuffer(b[*p : *p+s]) |
| 348 | r := make([]byte, s) |
| 349 | binary.Read(buf, *e, &r) |
| 350 | *p += s |
| 351 | return r |
| 352 | } |
| 353 | |
| 354 | func isNativeEndianLittle() bool { |
| 355 | var x = 0x012345678 |
| 356 | var p = unsafe.Pointer(&x) |
| 357 | var bp = (*[4]byte)(p) |
| 358 | |
| 359 | var endian bool |
| 360 | if 0x01 == bp[0] { |
| 361 | endian = false |
| 362 | } else if (0x78 & 0xff) == (bp[0] & 0xff) { |
| 363 | endian = true |
| 364 | } else { |
| 365 | // Default to big endian |
| 366 | endian = false |
| 367 | } |
| 368 | return endian |
| 369 | } |