2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "krb5_locl.h"
38 typedef struct krb5_fcache
{
50 #define KRB5_FCC_FVNO_1 1
51 #define KRB5_FCC_FVNO_2 2
52 #define KRB5_FCC_FVNO_3 3
53 #define KRB5_FCC_FVNO_4 4
55 #define FCC_TAG_DELTATIME 1
57 #define FCACHE(X) ((krb5_fcache*)(X)->data.data)
59 #define FILENAME(X) (FCACHE(X)->filename)
61 #define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
63 static const char* KRB5_CALLCONV
64 fcc_get_name(krb5_context context
,
67 if (FCACHE(id
) == NULL
)
73 KRB5_LIB_FUNCTION
int KRB5_LIB_CALL
74 _krb5_xlock(krb5_context context
, int fd
, krb5_boolean exclusive
,
83 l
.l_type
= exclusive
? F_WRLCK
: F_RDLCK
;
84 l
.l_whence
= SEEK_SET
;
85 ret
= fcntl(fd
, F_SETLKW
, &l
);
87 ret
= flock(fd
, exclusive
? LOCK_EX
: LOCK_SH
);
91 if(ret
== EACCES
) /* fcntl can return EACCES instead of EAGAIN */
97 case EINVAL
: /* filesystem doesn't support locking, let the user have it */
101 krb5_set_error_message(context
, ret
,
102 N_("timed out locking cache file %s", "file"),
107 rk_strerror_r(ret
, buf
, sizeof(buf
));
108 krb5_set_error_message(context
, ret
,
109 N_("error locking cache file %s: %s",
110 "file, error"), filename
, buf
);
117 KRB5_LIB_FUNCTION
int KRB5_LIB_CALL
118 _krb5_xunlock(krb5_context context
, int fd
)
126 l
.l_whence
= SEEK_SET
;
127 ret
= fcntl(fd
, F_SETLKW
, &l
);
129 ret
= flock(fd
, LOCK_UN
);
136 case EINVAL
: /* filesystem doesn't support locking, let the user have it */
141 rk_strerror_r(ret
, buf
, sizeof(buf
));
142 krb5_set_error_message(context
, ret
,
143 N_("Failed to unlock file: %s", ""), buf
);
150 static krb5_error_code
151 write_storage(krb5_context context
, krb5_storage
*sp
, int fd
)
157 ret
= krb5_storage_to_data(sp
, &data
);
159 krb5_set_error_message(context
, ret
, N_("malloc: out of memory", ""));
162 sret
= write(fd
, data
.data
, data
.length
);
163 ret
= (sret
!= (ssize_t
)data
.length
);
164 krb5_data_free(&data
);
167 krb5_set_error_message(context
, ret
,
168 N_("Failed to write FILE credential data", ""));
175 static krb5_error_code KRB5_CALLCONV
176 fcc_lock(krb5_context context
, krb5_ccache id
,
177 int fd
, krb5_boolean exclusive
)
179 return _krb5_xlock(context
, fd
, exclusive
, fcc_get_name(context
, id
));
182 static krb5_error_code KRB5_CALLCONV
183 fcc_unlock(krb5_context context
, int fd
)
185 return _krb5_xunlock(context
, fd
);
188 static krb5_error_code KRB5_CALLCONV
189 fcc_resolve(krb5_context context
, krb5_ccache
*id
, const char *res
)
192 f
= malloc(sizeof(*f
));
194 krb5_set_error_message(context
, KRB5_CC_NOMEM
,
195 N_("malloc: out of memory", ""));
196 return KRB5_CC_NOMEM
;
198 f
->filename
= strdup(res
);
199 if(f
->filename
== NULL
){
201 krb5_set_error_message(context
, KRB5_CC_NOMEM
,
202 N_("malloc: out of memory", ""));
203 return KRB5_CC_NOMEM
;
206 (*id
)->data
.data
= f
;
207 (*id
)->data
.length
= sizeof(*f
);
212 * Try to scrub the contents of `filename' safely.
221 pos
= lseek(fd
, 0, SEEK_END
);
224 if (lseek(fd
, 0, SEEK_SET
) < 0)
226 memset(buf
, 0, sizeof(buf
));
229 size_t wr
= sizeof(buf
);
232 tmp
= write(fd
, buf
, wr
);
247 * Erase `filename' if it exists, trying to remove the contents if
248 * it's `safe'. We always try to remove the file, it it exists. It's
249 * only overwritten if it's a regular file (not a symlink and not a
253 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
254 _krb5_erase_file(krb5_context context
, const char *filename
)
257 struct stat sb1
, sb2
;
260 ret
= lstat (filename
, &sb1
);
264 fd
= open(filename
, O_RDWR
| O_BINARY
);
272 ret
= _krb5_xlock(context
, fd
, 1, filename
);
277 if (unlink(filename
) < 0) {
278 _krb5_xunlock(context
, fd
);
282 ret
= fstat(fd
, &sb2
);
284 _krb5_xunlock(context
, fd
);
289 /* check if someone was playing with symlinks */
291 if (sb1
.st_dev
!= sb2
.st_dev
|| sb1
.st_ino
!= sb2
.st_ino
) {
292 _krb5_xunlock(context
, fd
);
297 /* there are still hard links to this file */
299 if (sb2
.st_nlink
!= 0) {
300 _krb5_xunlock(context
, fd
);
305 ret
= scrub_file(fd
);
307 _krb5_xunlock(context
, fd
);
311 ret
= _krb5_xunlock(context
, fd
);
316 static krb5_error_code KRB5_CALLCONV
317 fcc_gen_new(krb5_context context
, krb5_ccache
*id
)
319 char *file
= NULL
, *exp_file
= NULL
;
324 f
= malloc(sizeof(*f
));
326 krb5_set_error_message(context
, KRB5_CC_NOMEM
,
327 N_("malloc: out of memory", ""));
328 return KRB5_CC_NOMEM
;
330 ret
= asprintf(&file
, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT
);
331 if(ret
< 0 || file
== NULL
) {
333 krb5_set_error_message(context
, KRB5_CC_NOMEM
,
334 N_("malloc: out of memory", ""));
335 return KRB5_CC_NOMEM
;
337 ret
= _krb5_expand_path_tokens(context
, file
, &exp_file
);
346 fd
= mkstemp(exp_file
);
348 ret
= (krb5_error_code
)errno
;
349 krb5_set_error_message(context
, ret
, N_("mkstemp %s failed", ""), exp_file
);
355 f
->filename
= exp_file
;
357 (*id
)->data
.data
= f
;
358 (*id
)->data
.length
= sizeof(*f
);
363 storage_set_flags(krb5_context context
, krb5_storage
*sp
, int vno
)
367 case KRB5_FCC_FVNO_1
:
368 flags
|= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS
;
369 flags
|= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE
;
370 flags
|= KRB5_STORAGE_HOST_BYTEORDER
;
372 case KRB5_FCC_FVNO_2
:
373 flags
|= KRB5_STORAGE_HOST_BYTEORDER
;
375 case KRB5_FCC_FVNO_3
:
376 flags
|= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE
;
378 case KRB5_FCC_FVNO_4
:
382 "storage_set_flags called with bad vno (%x)", vno
);
384 krb5_storage_set_flags(sp
, flags
);
387 static krb5_error_code KRB5_CALLCONV
388 fcc_open(krb5_context context
,
390 const char *operation
,
395 krb5_boolean exclusive
= ((flags
| O_WRONLY
) == flags
||
396 (flags
| O_RDWR
) == flags
);
398 const char *filename
;
399 struct stat sb1
, sb2
, sb3
;
406 if (FCACHE(id
) == NULL
)
407 return krb5_einval(context
, 2);
409 filename
= FILENAME(id
);
411 strict_checking
= (flags
& O_CREAT
) == 0 &&
412 (context
->flags
& KRB5_CTX_F_FCACHE_STRICT_CHECKING
) != 0;
415 if (strict_checking
) {
416 ret
= lstat(filename
, &sb1
);
418 krb5_set_error_message(context
, ret
, N_("%s lstat(%s)", "file, error"),
419 operation
, filename
);
424 if (!S_ISREG(sb1
.st_mode
)) {
425 krb5_set_error_message(context
, EPERM
426 N_("Refuses to open symlinks for "
427 "caches FILE:%s", ""), filename
);
431 fd
= open(filename
, flags
, mode
);
435 rk_strerror_r(ret
, buf
, sizeof(buf
));
436 krb5_set_error_message(context
, ret
, N_("%s open(%s): %s", "file, error"),
437 operation
, filename
, buf
);
442 if (strict_checking
) {
444 ret
= fstat(fd
, &sb2
);
446 krb5_clear_error_message(context
);
450 if (!S_ISREG(sb2
.st_mode
)) {
451 krb5_set_error_message(context
, EPERM
, N_("Refuses to open non files caches: FILE:%s", ""), filename
);
457 /* All of the following could be #ifndef O_NOFOLLOW, FYI */
458 if (sb1
.st_dev
!= sb2
.st_dev
|| sb1
.st_ino
!= sb2
.st_ino
) {
460 * Perhaps we raced with a rename(). To complain about
461 * symlinks in that case would cause unnecessary concern, so
462 * we check for that possibility and loop. This has no
463 * TOCTOU problems because we redo the open() (and if we
464 * have O_NOFOLLOW we could even avoid that too).
467 ret
= lstat(filename
, &sb3
);
468 if (ret
|| sb1
.st_dev
!= sb2
.st_dev
||
469 sb3
.st_dev
!= sb2
.st_dev
|| sb3
.st_ino
!= sb2
.st_ino
) {
470 krb5_set_error_message(context
, EPERM
, N_("Refuses to open possible symlink for caches: FILE:%s", ""), filename
);
474 krb5_set_error_message(context
, EPERM
, N_("Raced too many times with renames of FILE:%s", ""), filename
);
481 if (sb2
.st_nlink
!= 1) {
482 krb5_set_error_message(context
, EPERM
, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename
);
488 * XXX Should probably add options to improve control over this
489 * check. We might want strict checking of everything except
490 * this, and we might want st_uid == getuid() || st_uid == geteuid()
493 if (sb2
.st_uid
!= getuid()) {
494 krb5_set_error_message(context
, EPERM
, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename
, (int)sb2
.st_uid
);
498 if ((sb2
.st_mode
& 077) != 0) {
499 krb5_set_error_message(context
, EPERM
,
500 N_("Refuses to open group/other readable files FILE:%s", ""), filename
);
507 if((ret
= fcc_lock(context
, id
, fd
, exclusive
)) != 0) {
515 static krb5_error_code KRB5_CALLCONV
516 fcc_initialize(krb5_context context
,
518 krb5_principal primary_principal
)
520 krb5_fcache
*f
= FCACHE(id
);
525 return krb5_einval(context
, 2);
527 unlink (f
->filename
);
529 ret
= fcc_open(context
, id
, "initialize", &fd
, O_RDWR
| O_CREAT
| O_EXCL
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0600);
534 sp
= krb5_storage_emem();
535 krb5_storage_set_eof_code(sp
, KRB5_CC_END
);
536 if(context
->fcache_vno
!= 0)
537 f
->version
= context
->fcache_vno
;
539 f
->version
= KRB5_FCC_FVNO_4
;
540 ret
|= krb5_store_int8(sp
, 5);
541 ret
|= krb5_store_int8(sp
, f
->version
);
542 storage_set_flags(context
, sp
, f
->version
);
543 if(f
->version
== KRB5_FCC_FVNO_4
&& ret
== 0) {
545 if (context
->kdc_sec_offset
) {
546 ret
|= krb5_store_int16 (sp
, 12); /* length */
547 ret
|= krb5_store_int16 (sp
, FCC_TAG_DELTATIME
); /* Tag */
548 ret
|= krb5_store_int16 (sp
, 8); /* length of data */
549 ret
|= krb5_store_int32 (sp
, context
->kdc_sec_offset
);
550 ret
|= krb5_store_int32 (sp
, context
->kdc_usec_offset
);
552 ret
|= krb5_store_int16 (sp
, 0);
555 ret
|= krb5_store_principal(sp
, primary_principal
);
557 ret
|= write_storage(context
, sp
, fd
);
559 krb5_storage_free(sp
);
561 fcc_unlock(context
, fd
);
566 rk_strerror_r(ret
, buf
, sizeof(buf
));
567 krb5_set_error_message (context
, ret
, N_("close %s: %s", ""),
573 static krb5_error_code KRB5_CALLCONV
574 fcc_close(krb5_context context
,
577 if (FCACHE(id
) == NULL
)
578 return krb5_einval(context
, 2);
581 krb5_data_free(&id
->data
);
585 static krb5_error_code KRB5_CALLCONV
586 fcc_destroy(krb5_context context
,
589 if (FCACHE(id
) == NULL
)
590 return krb5_einval(context
, 2);
592 _krb5_erase_file(context
, FILENAME(id
));
596 static krb5_error_code KRB5_CALLCONV
597 fcc_store_cred(krb5_context context
,
604 ret
= fcc_open(context
, id
, "store", &fd
, O_WRONLY
| O_APPEND
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0);
610 sp
= krb5_storage_emem();
611 krb5_storage_set_eof_code(sp
, KRB5_CC_END
);
612 storage_set_flags(context
, sp
, FCACHE(id
)->version
);
613 if (!krb5_config_get_bool_default(context
, NULL
, TRUE
,
615 "fcc-mit-ticketflags",
617 krb5_storage_set_flags(sp
, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
);
618 ret
= krb5_store_creds(sp
, creds
);
620 ret
= write_storage(context
, sp
, fd
);
621 krb5_storage_free(sp
);
623 fcc_unlock(context
, fd
);
627 rk_strerror_r(ret
, buf
, sizeof(buf
));
629 krb5_set_error_message (context
, ret
, N_("close %s: %s", ""),
636 static krb5_error_code
637 init_fcc(krb5_context context
,
639 const char *operation
,
640 krb5_storage
**ret_sp
,
642 krb5_deltat
*kdc_offset
)
652 ret
= fcc_open(context
, id
, operation
, &fd
, O_RDONLY
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0);
656 sp
= krb5_storage_from_fd(fd
);
658 krb5_clear_error_message(context
);
662 krb5_storage_set_eof_code(sp
, KRB5_CC_END
);
663 ret
= krb5_ret_int8(sp
, &pvno
);
665 if(ret
== KRB5_CC_END
) {
667 krb5_set_error_message(context
, ret
,
668 N_("Empty credential cache file: %s", ""),
671 krb5_set_error_message(context
, ret
, N_("Error reading pvno "
672 "in cache file: %s", ""),
677 ret
= KRB5_CCACHE_BADVNO
;
678 krb5_set_error_message(context
, ret
, N_("Bad version number in credential "
679 "cache file: %s", ""),
683 ret
= krb5_ret_int8(sp
, &tag
); /* should not be host byte order */
685 ret
= KRB5_CC_FORMAT
;
686 krb5_set_error_message(context
, ret
, "Error reading tag in "
687 "cache file: %s", FILENAME(id
));
690 FCACHE(id
)->version
= tag
;
691 storage_set_flags(context
, sp
, FCACHE(id
)->version
);
693 case KRB5_FCC_FVNO_4
: {
696 ret
= krb5_ret_int16 (sp
, &length
);
698 ret
= KRB5_CC_FORMAT
;
699 krb5_set_error_message(context
, ret
,
700 N_("Error reading tag length in "
701 "cache file: %s", ""), FILENAME(id
));
705 int16_t dtag
, data_len
;
709 ret
= krb5_ret_int16 (sp
, &dtag
);
711 ret
= KRB5_CC_FORMAT
;
712 krb5_set_error_message(context
, ret
, N_("Error reading dtag in "
713 "cache file: %s", ""),
717 ret
= krb5_ret_int16 (sp
, &data_len
);
719 ret
= KRB5_CC_FORMAT
;
720 krb5_set_error_message(context
, ret
,
721 N_("Error reading dlength "
722 "in cache file: %s",""),
727 case FCC_TAG_DELTATIME
: {
730 ret
= krb5_ret_int32 (sp
, &offset
);
731 ret
|= krb5_ret_int32 (sp
, &context
->kdc_usec_offset
);
733 ret
= KRB5_CC_FORMAT
;
734 krb5_set_error_message(context
, ret
,
735 N_("Error reading kdc_sec in "
736 "cache file: %s", ""),
740 context
->kdc_sec_offset
= offset
;
742 *kdc_offset
= offset
;
746 for (i
= 0; i
< data_len
; ++i
) {
747 ret
= krb5_ret_int8 (sp
, &dummy
);
749 ret
= KRB5_CC_FORMAT
;
750 krb5_set_error_message(context
, ret
,
751 N_("Error reading unknown "
752 "tag in cache file: %s", ""),
759 length
-= 4 + data_len
;
763 case KRB5_FCC_FVNO_3
:
764 case KRB5_FCC_FVNO_2
:
765 case KRB5_FCC_FVNO_1
:
768 ret
= KRB5_CCACHE_BADVNO
;
769 krb5_set_error_message(context
, ret
,
770 N_("Unknown version number (%d) in "
771 "credential cache file: %s", ""),
772 (int)tag
, FILENAME(id
));
781 krb5_storage_free(sp
);
782 fcc_unlock(context
, fd
);
787 static krb5_error_code KRB5_CALLCONV
788 fcc_get_principal(krb5_context context
,
790 krb5_principal
*principal
)
796 ret
= init_fcc (context
, id
, "get-pricipal", &sp
, &fd
, NULL
);
799 ret
= krb5_ret_principal(sp
, principal
);
801 krb5_clear_error_message(context
);
802 krb5_storage_free(sp
);
803 fcc_unlock(context
, fd
);
808 static krb5_error_code KRB5_CALLCONV
809 fcc_end_get (krb5_context context
,
811 krb5_cc_cursor
*cursor
);
813 static krb5_error_code KRB5_CALLCONV
814 fcc_get_first (krb5_context context
,
816 krb5_cc_cursor
*cursor
)
819 krb5_principal principal
;
821 if (FCACHE(id
) == NULL
)
822 return krb5_einval(context
, 2);
824 *cursor
= malloc(sizeof(struct fcc_cursor
));
825 if (*cursor
== NULL
) {
826 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
829 memset(*cursor
, 0, sizeof(struct fcc_cursor
));
831 ret
= init_fcc(context
, id
, "get-frist", &FCC_CURSOR(*cursor
)->sp
,
832 &FCC_CURSOR(*cursor
)->fd
, NULL
);
838 ret
= krb5_ret_principal (FCC_CURSOR(*cursor
)->sp
, &principal
);
840 krb5_clear_error_message(context
);
841 fcc_end_get(context
, id
, cursor
);
844 krb5_free_principal (context
, principal
);
845 fcc_unlock(context
, FCC_CURSOR(*cursor
)->fd
);
849 static krb5_error_code KRB5_CALLCONV
850 fcc_get_next (krb5_context context
,
852 krb5_cc_cursor
*cursor
,
857 if (FCACHE(id
) == NULL
)
858 return krb5_einval(context
, 2);
860 if (FCC_CURSOR(*cursor
) == NULL
)
861 return krb5_einval(context
, 3);
863 if((ret
= fcc_lock(context
, id
, FCC_CURSOR(*cursor
)->fd
, FALSE
)) != 0)
865 FCC_CURSOR(*cursor
)->cred_start
= lseek(FCC_CURSOR(*cursor
)->fd
,
868 ret
= krb5_ret_creds(FCC_CURSOR(*cursor
)->sp
, creds
);
870 krb5_clear_error_message(context
);
872 FCC_CURSOR(*cursor
)->cred_end
= lseek(FCC_CURSOR(*cursor
)->fd
,
875 fcc_unlock(context
, FCC_CURSOR(*cursor
)->fd
);
879 static krb5_error_code KRB5_CALLCONV
880 fcc_end_get (krb5_context context
,
882 krb5_cc_cursor
*cursor
)
885 if (FCACHE(id
) == NULL
)
886 return krb5_einval(context
, 2);
888 if (FCC_CURSOR(*cursor
) == NULL
)
889 return krb5_einval(context
, 3);
891 krb5_storage_free(FCC_CURSOR(*cursor
)->sp
);
892 close (FCC_CURSOR(*cursor
)->fd
);
898 static void KRB5_CALLCONV
899 cred_delete(krb5_context context
,
901 krb5_cc_cursor
*cursor
,
906 krb5_data orig_cred_data
;
907 unsigned char *cred_data_in_file
= NULL
;
909 struct stat sb1
, sb2
;
912 krb5_flags flags
= 0;
913 krb5_const_realm srealm
= krb5_principal_get_realm(context
, cred
->server
);
915 /* This is best-effort code; if we lose track of errors here it's OK */
917 heim_assert(FCC_CURSOR(*cursor
)->cred_start
< FCC_CURSOR(*cursor
)->cred_end
,
918 "fcache internal error");
920 krb5_data_zero(&orig_cred_data
);
921 if (!krb5_config_get_bool_default(context
, NULL
, TRUE
,
923 "fcc-mit-ticketflags",
925 flags
= KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
;
927 sp
= krb5_storage_emem();
930 krb5_storage_set_eof_code(sp
, KRB5_CC_END
);
931 storage_set_flags(context
, sp
, FCACHE(id
)->version
);
933 krb5_storage_set_flags(sp
, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
);
935 /* Get a copy of what the cred should look like in the file; see below */
936 ret
= krb5_store_creds(sp
, cred
);
940 ret
= krb5_storage_to_data(sp
, &orig_cred_data
);
943 krb5_storage_free(sp
);
945 cred_data_in_file
= malloc(orig_cred_data
.length
);
946 if (cred_data_in_file
== NULL
)
950 * Mark the cred expired; krb5_cc_retrieve_cred() callers should use
951 * KRB5_TC_MATCH_TIMES, so this should be good enough...
953 cred
->times
.endtime
= 0;
955 /* ...except for config creds because we don't check their endtimes */
956 if (srealm
&& strcmp(srealm
, "X-CACHECONF:") == 0) {
957 ret
= krb5_principal_set_realm(context
, cred
->server
, "X-RMED-CONF:");
962 sp
= krb5_storage_emem();
965 krb5_storage_set_eof_code(sp
, KRB5_CC_END
);
966 storage_set_flags(context
, sp
, FCACHE(id
)->version
);
968 krb5_storage_set_flags(sp
, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
);
970 ret
= krb5_store_creds(sp
, cred
);
972 /* The new cred must be the same size as the old cred */
973 new_cred_sz
= krb5_storage_seek(sp
, 0, SEEK_END
);
974 if (new_cred_sz
!= orig_cred_data
.length
|| new_cred_sz
!=
975 (FCC_CURSOR(*cursor
)->cred_end
- FCC_CURSOR(*cursor
)->cred_start
)) {
976 /* XXX This really can't happen. Assert like above? */
977 krb5_set_error_message(context
, EINVAL
,
978 N_("Credential deletion failed on ccache "
979 "FILE:%s: new credential size did not "
980 "match old credential size", ""),
985 ret
= fcc_open(context
, id
, "remove_cred", &fd
,
986 O_RDWR
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0);
991 * Check that we're updating the same file where we got the
992 * cred's offset, else we'd be corrupting a new ccache.
994 if (fstat(FCC_CURSOR(*cursor
)->fd
, &sb1
) == -1 ||
995 fstat(fd
, &sb2
) == -1)
997 if (sb1
.st_dev
!= sb2
.st_dev
|| sb1
.st_ino
!= sb2
.st_ino
)
1001 * Make sure what we overwrite is what we expected.
1003 * FIXME: We *really* need the ccache v4 tag for ccache ID. This
1004 * check that we're only overwriting something that looks exactly
1005 * like what we want to is probably good enough in practice, but
1006 * it's not guaranteed to work.
1008 if (lseek(fd
, FCC_CURSOR(*cursor
)->cred_start
, SEEK_SET
) == (off_t
)-1)
1010 bytes
= read(fd
, cred_data_in_file
, orig_cred_data
.length
);
1011 if (bytes
!= orig_cred_data
.length
)
1013 if (memcmp(orig_cred_data
.data
, cred_data_in_file
, bytes
) != 0)
1015 if (lseek(fd
, FCC_CURSOR(*cursor
)->cred_start
, SEEK_SET
) == (off_t
)-1)
1017 ret
= write_storage(context
, sp
, fd
);
1020 fcc_unlock(context
, fd
);
1021 if (close(fd
) < 0 && ret
== 0) {
1024 /* This error might be useful */
1025 rk_strerror_r(ret
, buf
, sizeof(buf
));
1027 krb5_set_error_message(context
, ret
, N_("close %s: %s", ""),
1031 krb5_data_free(&orig_cred_data
);
1032 free(cred_data_in_file
);
1033 krb5_storage_free(sp
);
1037 static krb5_error_code KRB5_CALLCONV
1038 fcc_remove_cred(krb5_context context
,
1043 krb5_error_code ret
, ret2
;
1044 krb5_cc_cursor cursor
;
1045 krb5_creds found_cred
;
1047 if (FCACHE(id
) == NULL
)
1048 return krb5_einval(context
, 2);
1050 ret
= krb5_cc_start_seq_get(context
, id
, &cursor
);
1053 while ((ret
= krb5_cc_next_cred(context
, id
, &cursor
, &found_cred
)) == 0) {
1054 if (!krb5_compare_creds(context
, which
, mcred
, &found_cred
))
1056 cred_delete(context
, id
, &cursor
, &found_cred
);
1057 krb5_free_cred_contents(context
, &found_cred
);
1059 ret2
= krb5_cc_end_seq_get(context
, id
, &cursor
);
1062 if (ret
== KRB5_CC_END
)
1067 static krb5_error_code KRB5_CALLCONV
1068 fcc_set_flags(krb5_context context
,
1072 if (FCACHE(id
) == NULL
)
1073 return krb5_einval(context
, 2);
1078 static int KRB5_CALLCONV
1079 fcc_get_version(krb5_context context
,
1082 if (FCACHE(id
) == NULL
)
1085 return FCACHE(id
)->version
;
1088 struct fcache_iter
{
1092 static krb5_error_code KRB5_CALLCONV
1093 fcc_get_cache_first(krb5_context context
, krb5_cc_cursor
*cursor
)
1095 struct fcache_iter
*iter
;
1097 iter
= calloc(1, sizeof(*iter
));
1099 krb5_set_error_message(context
, ENOMEM
, N_("malloc: out of memory", ""));
1107 static krb5_error_code KRB5_CALLCONV
1108 fcc_get_cache_next(krb5_context context
, krb5_cc_cursor cursor
, krb5_ccache
*id
)
1110 struct fcache_iter
*iter
= cursor
;
1111 krb5_error_code ret
;
1113 char *expandedfn
= NULL
;
1116 return krb5_einval(context
, 2);
1119 krb5_clear_error_message(context
);
1125 * Can't call krb5_cc_default_name here since it refers back to
1126 * krb5_cc_cache_match() which will call back into this function.
1128 * Just use the default value if its set, otherwise, use the
1129 * default hardcoded value.
1131 fn
= context
->default_cc_name
;
1132 if (fn
== NULL
|| strncasecmp(fn
, "FILE:", 5) != 0) {
1133 ret
= _krb5_expand_default_cc_name(context
,
1134 KRB5_DEFAULT_CCNAME_FILE
,
1140 /* check if file exists, don't return a non existant "next" */
1141 if (strncasecmp(fn
, "FILE:", 5) == 0) {
1143 ret
= stat(fn
+ 5, &sb
);
1149 ret
= krb5_cc_resolve(context
, fn
, id
);
1157 static krb5_error_code KRB5_CALLCONV
1158 fcc_end_cache_get(krb5_context context
, krb5_cc_cursor cursor
)
1160 struct fcache_iter
*iter
= cursor
;
1163 return krb5_einval(context
, 2);
1169 static krb5_error_code KRB5_CALLCONV
1170 fcc_move(krb5_context context
, krb5_ccache from
, krb5_ccache to
)
1172 krb5_error_code ret
= 0;
1174 ret
= rk_rename(FILENAME(from
), FILENAME(to
));
1176 if (ret
&& errno
!= EXDEV
) {
1179 rk_strerror_r(ret
, buf
, sizeof(buf
));
1180 krb5_set_error_message(context
, ret
,
1181 N_("Rename of file from %s "
1182 "to %s failed: %s", ""),
1183 FILENAME(from
), FILENAME(to
), buf
);
1185 } else if (ret
&& errno
== EXDEV
) {
1186 /* make a copy and delete the orignal */
1187 krb5_ssize_t sz1
, sz2
;
1191 ret
= fcc_open(context
, from
, "move/from", &fd1
, O_RDONLY
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0);
1195 unlink(FILENAME(to
));
1197 ret
= fcc_open(context
, to
, "move/to", &fd2
,
1198 O_WRONLY
| O_CREAT
| O_EXCL
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0600);
1202 while((sz1
= read(fd1
, buf
, sizeof(buf
))) > 0) {
1203 sz2
= write(fd2
, buf
, sz1
);
1206 krb5_set_error_message(context
, ret
,
1207 N_("Failed to write data from one file "
1208 "credential cache to the other", ""));
1214 krb5_set_error_message(context
, ret
,
1215 N_("Failed to read data from one file "
1216 "credential cache to the other", ""));
1220 fcc_unlock(context
, fd2
);
1224 fcc_unlock(context
, fd1
);
1227 _krb5_erase_file(context
, FILENAME(from
));
1230 _krb5_erase_file(context
, FILENAME(to
));
1235 /* make sure ->version is uptodate */
1239 if ((ret
= init_fcc (context
, to
, "move", &sp
, &fd
, NULL
)) == 0) {
1241 krb5_storage_free(sp
);
1242 fcc_unlock(context
, fd
);
1247 fcc_close(context
, from
);
1252 static krb5_error_code KRB5_CALLCONV
1253 fcc_get_default_name(krb5_context context
, char **str
)
1255 return _krb5_expand_default_cc_name(context
,
1256 KRB5_DEFAULT_CCNAME_FILE
,
1260 static krb5_error_code KRB5_CALLCONV
1261 fcc_lastchange(krb5_context context
, krb5_ccache id
, krb5_timestamp
*mtime
)
1263 krb5_error_code ret
;
1267 ret
= fcc_open(context
, id
, "lastchange", &fd
, O_RDONLY
| O_BINARY
| O_CLOEXEC
| O_NOFOLLOW
, 0);
1270 ret
= fstat(fd
, &sb
);
1274 krb5_set_error_message(context
, ret
, N_("Failed to stat cache file", ""));
1277 *mtime
= sb
.st_mtime
;
1281 static krb5_error_code KRB5_CALLCONV
1282 fcc_set_kdc_offset(krb5_context context
, krb5_ccache id
, krb5_deltat kdc_offset
)
1287 static krb5_error_code KRB5_CALLCONV
1288 fcc_get_kdc_offset(krb5_context context
, krb5_ccache id
, krb5_deltat
*kdc_offset
)
1290 krb5_error_code ret
;
1291 krb5_storage
*sp
= NULL
;
1293 ret
= init_fcc(context
, id
, "get-kdc-offset", &sp
, &fd
, kdc_offset
);
1295 krb5_storage_free(sp
);
1296 fcc_unlock(context
, fd
);
1304 * Variable containing the FILE based credential cache implemention.
1306 * @ingroup krb5_ccache
1309 KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_fcc_ops
= {
1310 KRB5_CC_OPS_VERSION
,
1319 NULL
, /* fcc_retrieve */
1327 fcc_get_cache_first
,
1331 fcc_get_default_name
,