1/* 2 * Copyright (c) 1997-2001 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "krb5_locl.h" 35#include <vis.h> 36 37struct krb5_rcache_data { 38 char *name; 39}; 40 41krb5_error_code KRB5_LIB_FUNCTION 42krb5_rc_resolve(krb5_context context, 43 krb5_rcache id, 44 const char *name) 45{ 46 id->name = strdup(name); 47 if(id->name == NULL) { 48 krb5_set_error_message(context, KRB5_RC_MALLOC, 49 N_("malloc: out of memory", "")); 50 return KRB5_RC_MALLOC; 51 } 52 return 0; 53} 54 55krb5_error_code KRB5_LIB_FUNCTION 56krb5_rc_resolve_type(krb5_context context, 57 krb5_rcache *id, 58 const char *type) 59{ 60 *id = NULL; 61 if(strcmp(type, "FILE")) { 62 krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND, 63 N_("replay cache type %s not supported", ""), 64 type); 65 return KRB5_RC_TYPE_NOTFOUND; 66 } 67 *id = calloc(1, sizeof(**id)); 68 if(*id == NULL) { 69 krb5_set_error_message(context, KRB5_RC_MALLOC, 70 N_("malloc: out of memory", "")); 71 return KRB5_RC_MALLOC; 72 } 73 return 0; 74} 75 76krb5_error_code KRB5_LIB_FUNCTION 77krb5_rc_resolve_full(krb5_context context, 78 krb5_rcache *id, 79 const char *string_name) 80{ 81 krb5_error_code ret; 82 83 *id = NULL; 84 85 if(strncmp(string_name, "FILE:", 5)) { 86 krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND, 87 N_("replay cache type %s not supported", ""), 88 string_name); 89 return KRB5_RC_TYPE_NOTFOUND; 90 } 91 ret = krb5_rc_resolve_type(context, id, "FILE"); 92 if(ret) 93 return ret; 94 ret = krb5_rc_resolve(context, *id, string_name + 5); 95 if (ret) { 96 krb5_rc_close(context, *id); 97 *id = NULL; 98 } 99 return ret; 100} 101 102const char* KRB5_LIB_FUNCTION 103krb5_rc_default_name(krb5_context context) 104{ 105 return "FILE:/var/run/default_rcache"; 106} 107 108const char* KRB5_LIB_FUNCTION 109krb5_rc_default_type(krb5_context context) 110{ 111 return "FILE"; 112} 113 114krb5_error_code KRB5_LIB_FUNCTION 115krb5_rc_default(krb5_context context, 116 krb5_rcache *id) 117{ 118 return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context)); 119} 120 121struct rc_entry{ 122 time_t stamp; 123 unsigned char data[16]; 124}; 125 126krb5_error_code KRB5_LIB_FUNCTION 127krb5_rc_initialize(krb5_context context, 128 krb5_rcache id, 129 krb5_deltat auth_lifespan) 130{ 131 FILE *f = fopen(id->name, "w"); 132 struct rc_entry tmp; 133 int ret; 134 135 if(f == NULL) { 136 ret = errno; 137 krb5_set_error_message(context, ret, "open(%s): %s", id->name, 138 strerror(ret)); 139 return ret; 140 } 141 tmp.stamp = auth_lifespan; 142 fwrite(&tmp, 1, sizeof(tmp), f); 143 fclose(f); 144 return 0; 145} 146 147krb5_error_code KRB5_LIB_FUNCTION 148krb5_rc_recover(krb5_context context, 149 krb5_rcache id) 150{ 151 return 0; 152} 153 154krb5_error_code KRB5_LIB_FUNCTION 155krb5_rc_destroy(krb5_context context, 156 krb5_rcache id) 157{ 158 int ret; 159 160 if(remove(id->name) < 0) { 161 ret = errno; 162 krb5_set_error_message(context, ret, "remove(%s): %s", id->name, 163 strerror(ret)); 164 return ret; 165 } 166 return krb5_rc_close(context, id); 167} 168 169krb5_error_code KRB5_LIB_FUNCTION 170krb5_rc_close(krb5_context context, 171 krb5_rcache id) 172{ 173 free(id->name); 174 free(id); 175 return 0; 176} 177 178static void 179checksum_authenticator(Authenticator *auth, void *data) 180{ 181 MD5_CTX md5; 182 int i; 183 184 MD5_Init (&md5); 185 MD5_Update (&md5, auth->crealm, strlen(auth->crealm)); 186 for(i = 0; i < auth->cname.name_string.len; i++) 187 MD5_Update(&md5, auth->cname.name_string.val[i], 188 strlen(auth->cname.name_string.val[i])); 189 MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime)); 190 MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec)); 191 MD5_Final (data, &md5); 192} 193 194krb5_error_code KRB5_LIB_FUNCTION 195krb5_rc_store(krb5_context context, 196 krb5_rcache id, 197 krb5_donot_replay *rep) 198{ 199 struct rc_entry ent, tmp; 200 time_t t; 201 FILE *f; 202 int ret; 203 204 ent.stamp = time(NULL); 205 checksum_authenticator(rep, ent.data); 206 f = fopen(id->name, "r"); 207 if(f == NULL) { 208 ret = errno; 209 krb5_set_error_message(context, ret, "open(%s): %s", id->name, 210 strerror(ret)); 211 return ret; 212 } 213 rk_cloexec_file(f); 214 fread(&tmp, sizeof(ent), 1, f); 215 t = ent.stamp - tmp.stamp; 216 while(fread(&tmp, sizeof(ent), 1, f)){ 217 if(tmp.stamp < t) 218 continue; 219 if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ 220 fclose(f); 221 krb5_clear_error_message (context); 222 return KRB5_RC_REPLAY; 223 } 224 } 225 if(ferror(f)){ 226 ret = errno; 227 fclose(f); 228 krb5_set_error_message(context, ret, "%s: %s", 229 id->name, strerror(ret)); 230 return ret; 231 } 232 fclose(f); 233 f = fopen(id->name, "a"); 234 if(f == NULL) { 235 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, 236 "open(%s): %s", id->name, 237 strerror(errno)); 238 return KRB5_RC_IO_UNKNOWN; 239 } 240 fwrite(&ent, 1, sizeof(ent), f); 241 fclose(f); 242 return 0; 243} 244 245krb5_error_code KRB5_LIB_FUNCTION 246krb5_rc_expunge(krb5_context context, 247 krb5_rcache id) 248{ 249 return 0; 250} 251 252krb5_error_code KRB5_LIB_FUNCTION 253krb5_rc_get_lifespan(krb5_context context, 254 krb5_rcache id, 255 krb5_deltat *auth_lifespan) 256{ 257 FILE *f = fopen(id->name, "r"); 258 int r; 259 struct rc_entry ent; 260 r = fread(&ent, sizeof(ent), 1, f); 261 fclose(f); 262 if(r){ 263 *auth_lifespan = ent.stamp; 264 return 0; 265 } 266 krb5_clear_error_message (context); 267 return KRB5_RC_IO_UNKNOWN; 268} 269 270const char* KRB5_LIB_FUNCTION 271krb5_rc_get_name(krb5_context context, 272 krb5_rcache id) 273{ 274 return id->name; 275} 276 277const char* KRB5_LIB_FUNCTION 278krb5_rc_get_type(krb5_context context, 279 krb5_rcache id) 280{ 281 return "FILE"; 282} 283 284krb5_error_code KRB5_LIB_FUNCTION 285krb5_get_server_rcache(krb5_context context, 286 const krb5_data *piece, 287 krb5_rcache *id) 288{ 289 krb5_rcache rcache; 290 krb5_error_code ret; 291 292 char *tmp = malloc(4 * piece->length + 1); 293 char *name; 294 295 if(tmp == NULL) { 296 krb5_set_error_message(context, ENOMEM, 297 N_("malloc: out of memory", "")); 298 return ENOMEM; 299 } 300 strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); 301#ifdef HAVE_GETEUID 302 asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); 303#else 304 asprintf(&name, "FILE:rc_%s", tmp); 305#endif 306 free(tmp); 307 if(name == NULL) { 308 krb5_set_error_message(context, ENOMEM, 309 N_("malloc: out of memory", "")); 310 return ENOMEM; 311 } 312 313 ret = krb5_rc_resolve_full(context, &rcache, name); 314 free(name); 315 if(ret) 316 return ret; 317 *id = rcache; 318 return ret; 319} 320