search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddcc...
[Samba.git] / third_party / heimdal / lib / krb5 / dcache.c
blob77ccda13e72ba7ee0491e1490ef452efe34c29b1
1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37
38 typedef struct krb5_dcache{
39 krb5_ccache fcache;
40 char *name;
41 char *dir;
42 char *sub;
43 unsigned int default_candidate:1;
44 } krb5_dcache;
45
46 #define DCACHE(X) ((krb5_dcache*)(X)->data.data)
47 #define D2FCACHE(X) ((X)->fcache)
48
49 static krb5_error_code KRB5_CALLCONV dcc_close(krb5_context, krb5_ccache);
50 static krb5_error_code KRB5_CALLCONV dcc_get_default_name(krb5_context, char **);
51 static krb5_error_code KRB5_CALLCONV dcc_set_default(krb5_context, krb5_ccache);
52
53 /*
54 * Make subsidiary filesystem safe by mapping / and : to -. If the subsidiary
55 * is longer than 128 bytes, then truncate.
56 * In all cases, "tkt." is prefixed to be compatible with the DIR requirement
57 * that subsidiary ccache files be named tkt*.
58 *
59 * Thus host/foo.bar.baz@BAR.BAZ -> tkt.host-foo.bar.baz@BAR.BAZ.
60 *
61 * In particular, no filesystem component separators will be emitted, and . and
62 * .. will never be traversed.
63 */
64 static krb5_error_code
65 fs_encode_subsidiary(krb5_context context,
66 krb5_dcache *dc,
67 const char *subsidiary,
68 char **res)
69 {
70 size_t len = strlen(subsidiary);
71 size_t i;
72
73 *res = NULL;
74 if (asprintf(res, "tkt.%s", subsidiary) == -1 || *res == NULL)
75 return krb5_enomem(context);
76 for (i = sizeof("tkt.") - 1; i < len; i++) {
77 switch ((*res)[i]) {
78 #ifdef WIN32
79 case '\\': (*res)[0] = '-'; break;
80 #endif
81 case '/': (*res)[0] = '-'; break;
82 case ':': (*res)[0] = '-'; break;
83 default: break;
84 }
85 }
86
87 /* Hopefully this will work on all filesystems */
88 if (len > 128 - sizeof("tkt.") - 1)
89 (*res)[127] = '\0';
90 return 0;
91 }
92
93 static char *
94 primary_create(krb5_dcache *dc)
95 {
96 char *primary = NULL;
97 int asprintf_ret = asprintf(&primary, "%s/primary", dc->dir);
98 if (asprintf_ret == -1 || primary == NULL) {
99 return NULL;
100 }
101
102 return primary;
103 }
104
105 static int
106 is_filename_cacheish(const char *name)
107 {
108 size_t i;
109
110 if (strncmp(name, "tkt", sizeof("tkt") - 1) != 0)
111 return 0;
112 for (i = sizeof("tkt") - 1; name[i]; i++)
113 if (ISPATHSEP(name[i]))
114 return 0;
115 return 1;
116 }
117
118 static krb5_error_code
119 set_default_cache(krb5_context context, krb5_dcache *dc, const char *residual)
120 {
121 char *path = NULL, *primary = NULL;
122 krb5_error_code ret;
123 struct iovec iov[2];
124 size_t len;
125 int fd = -1;
126 int asprintf_ret;
127
128 asprintf_ret = asprintf(&path, "%s/primary-XXXXXX", dc->dir);
129 if (asprintf_ret == -1 || path == NULL) {
130 return krb5_enomem(context);
131 }
132
133 fd = mkstemp(path);
134 if (fd < 0) {
135 ret = errno;
136 goto out;
137 }
138 rk_cloexec(fd);
139 #ifndef _WIN32
140 if (fchmod(fd, S_IRUSR | S_IWUSR) < 0) {
141 ret = errno;
142 goto out;
143 }
144 #endif
145 len = strlen(residual);
146
147 iov[0].iov_base = rk_UNCONST(residual);
148 iov[0].iov_len = len;
149 iov[1].iov_base = "\n";
150 iov[1].iov_len = 1;
151
152 if (writev(fd, iov, sizeof(iov)/sizeof(iov[0])) != len + 1) {
153 ret = errno;
154 goto out;
155 }
156
157 primary = primary_create(dc);
158 if (primary == NULL) {
159 ret = krb5_enomem(context);
160 goto out;
161 }
162
163 if (rename(path, primary) < 0) {
164 ret = errno;
165 goto out;
166 }
167
168 close(fd);
169 fd = -1;
170
171 ret = 0;
172 out:
173 if (fd >= 0) {
174 (void)unlink(path);
175 close(fd);
176 }
177 if (path)
178 free(path);
179 if (primary)
180 free(primary);
181
182 return ret;
183 }
184
185 static krb5_error_code
186 get_default_cache(krb5_context context, krb5_dcache *dc,
187 const char *subsidiary, char **residual)
188 {
189 krb5_error_code ret;
190 char buf[MAXPATHLEN];
191 char *primary = NULL;
192 FILE *f;
193
194 *residual = NULL;
195 if (subsidiary)
196 return fs_encode_subsidiary(context, dc, subsidiary, residual);
197
198 primary = primary_create(dc);
199 if (primary == NULL)
200 return krb5_enomem(context);
201
202 f = fopen(primary, "r");
203 if (f == NULL) {
204 if (errno == ENOENT) {
205 free(primary);
206 *residual = strdup("tkt");
207 if (*residual == NULL)
208 return krb5_enomem(context);
209 return 0;
210 }
211 ret = errno;
212 krb5_set_error_message(context, ret, "failed to open %s", primary);
213 free(primary);
214 return ret;
215 }
216
217 if (fgets(buf, sizeof(buf), f) == NULL) {
218 ret = ferror(f);
219 fclose(f);
220 krb5_set_error_message(context, ret, "read file %s", primary);
221 free(primary);
222 return ret;
223 }
224 fclose(f);
225
226 buf[strcspn(buf, "\r\n")] = '\0';
227
228 if (!is_filename_cacheish(buf)) {
229 krb5_set_error_message(context, KRB5_CC_FORMAT,
230 "name in %s is not a cache (doesn't start with tkt)", primary);
231 free(primary);
232 return KRB5_CC_FORMAT;
233 }
234
235 free(primary);
236
237 *residual = strdup(buf);
238 if (*residual == NULL)
239 return krb5_enomem(context);
240
241 return 0;
242 }
243
244
245
246 static krb5_error_code KRB5_CALLCONV
247 dcc_get_name_2(krb5_context context,
248 krb5_ccache id,
249 const char **name,
250 const char **dir,
251 const char **sub)
252 {
253 krb5_dcache *dc = DCACHE(id);
254
255 if (name)
256 *name = dc->name;
257 if (dir)
258 *dir = dc->dir;
259 if (sub)
260 *sub = dc->sub;
261 return 0;
262 }
263
264
265 static krb5_error_code
266 verify_directory(krb5_context context, const char *path)
267 {
268 struct stat sb;
269
270 if (!path[0]) {
271 krb5_set_error_message(context, EINVAL,
272 N_("DIR empty directory component", ""));
273 return EINVAL;
274 }
275
276 /* XXX should use mkdirx_np() */
277 if (rk_mkdir(path, S_IRWXU) == 0)
278 return 0;
279
280 if (stat(path, &sb) != 0) {
281 if (errno == ENOENT) {
282 krb5_set_error_message(context, ENOENT,
283 N_("DIR directory %s doesn't exists", ""), path);
284 return ENOENT;
285 } else {
286 krb5_set_error_message(context, errno,
287 N_("DIR directory %s is bad: %s", ""), path, strerror(errno));
288 return errno;
289 }
290 }
291 if (!S_ISDIR(sb.st_mode)) {
292 krb5_set_error_message(context, KRB5_CC_BADNAME,
293 N_("DIR directory %s is not a directory", ""), path);
294 return KRB5_CC_BADNAME;
295 }
296
297 return 0;
298 }
299
300 static void
301 dcc_release(krb5_context context, krb5_dcache *dc)
302 {
303 if (dc->fcache)
304 krb5_cc_close(context, dc->fcache);
305 free(dc->sub);
306 free(dc->dir);
307 free(dc->name);
308 memset(dc, 0, sizeof(*dc));
309 free(dc);
310 }
311
312 static krb5_error_code
313 get_default_dir(krb5_context context, char **res)
314 {
315 krb5_error_code ret;
316 char *s;
317
318 if ((ret = dcc_get_default_name(context, &s)))
319 return ret;
320 if (strncmp(s, "DIR:", sizeof("DIR:") - 1) != 0) {
321 *res = s;
322 s = NULL;
323 } else if ((*res = strdup(s + sizeof("DIR:") - 1)) == NULL) {
324 ret = krb5_enomem(context);
325 }
326 free(s);
327 return ret;
328 }
329
330 static krb5_error_code KRB5_CALLCONV
331 dcc_resolve_2(krb5_context context,
332 krb5_ccache *id,
333 const char *res,
334 const char *sub)
335 {
336 krb5_error_code ret;
337 krb5_dcache *dc = NULL;
338 char *filename = NULL;
339 size_t len;
340 int has_pathsep = 0;
341
342 if (sub) {
343 /*
344 * Here `res' has the directory name (or, if NULL, refers to the
345 * default DIR cccol), and `sub' has the "subsidiary" name, to which
346 * we'll prefix "tkt." (though we will insist only on "tkt" later).
347 */
348 if ((dc = calloc(1, sizeof(*dc))) == NULL ||
349 asprintf(&dc->sub, "tkt.%s", sub) == -1 || dc->sub == NULL) {
350 free(dc);
351 return krb5_enomem(context);
352 }
353 if (res && res[0] && (dc->dir = strdup(res)) == NULL) {
354 free(dc->sub);
355 free(dc);
356 return krb5_enomem(context);
357 } else if ((!res || !res[0]) && (ret = get_default_dir(context, &dc->dir))) {
358 free(dc->sub);
359 free(dc);
360 return ret;
361 }
362 } else {
363 const char *p;
364 int is_drive_letter_colon = 0;
365
366 /*
367 * Here `res' has whatever string followed "DIR:", and we need to parse
368 * it into `dc->dir' and `dc->sub'.
369 *
370 * Conventions we support for DIR cache naming:
371 *
372 * - DIR:path:NAME ---> FILE:path/tktNAME
373 * - DIR::path/tktNAME ---> FILE:path/tktNAME
374 * - DIR::NAME ---> FILE:${default_DIR_cccol_path}/tktNAME
375 * \-> FILE:/tmp/krb5cc_${uid}_dir/tktNAME
376 * - DIR:path ---> FILE:path/$(cat primary) or FILE:path/tkt
377 *
378 */
379
380 if (res == NULL || *res == '\0' || (res[0] == ':' && res[1] == '\0')) {
381 /* XXX Why not? */
382 krb5_set_error_message(context, KRB5_CC_FORMAT,
383 N_("\"DIR:\" is not a valid ccache name", ""));
384 return KRB5_CC_FORMAT;
385 }
386
387 #ifdef WIN32
388 has_pathsep = strchr(res, '\\') != NULL;
389 #endif
390 has_pathsep |= strchr(res, '/') != NULL;
391
392 if ((dc = calloc(1, sizeof(*dc))) == NULL)
393 return krb5_enomem(context);
394
395 p = strrchr(res, ':');
396 #ifdef WIN32
397 is_drive_letter_colon =
398 p && ((res[0] == ':' && res[1] != ':' && p - res == 2) ||
399 (res[0] != ':' && p - res == 1));
400 #endif
401
402 if (res[0] != ':' && p && !is_drive_letter_colon) {
403 /* DIR:path:NAME */
404 if ((dc->dir = strndup(res, (p - res))) == NULL ||
405 asprintf(&dc->sub, "tkt.%s", p + 1) < 0 || dc->sub == NULL) {
406 dcc_release(context, dc);
407 return krb5_enomem(context);
408 }
409 } else if (res[0] == ':' && has_pathsep) {
410 char *q;
411
412 /* DIR::path/tktNAME (the "tkt" must be there; we'll check) */
413 if ((dc->dir = strdup(&res[1])) == NULL) {
414 dcc_release(context, dc);
415 return krb5_enomem(context);
416 }
417 #ifdef _WIN32
418 q = strrchr(dc->dir, '\\');
419 if (q == NULL || ((p = strrchr(dc->dir, '/')) && q < p))
420 #endif
421 q = strrchr(dc->dir, '/');
422 *q++ = '\0';
423 if ((dc->sub = strdup(q)) == NULL) {
424 dcc_release(context, dc);
425 return krb5_enomem(context);
426 }
427 } else if (res[0] == ':') {
428 /* DIR::NAME -- no path component separators in NAME */
429 if ((ret = get_default_dir(context, &dc->dir))) {
430 dcc_release(context, dc);
431 return ret;
432 }
433 if (asprintf(&dc->sub, "tkt.%s", res + 1) < 0 || dc->sub == NULL) {
434 dcc_release(context, dc);
435 return krb5_enomem(context);
436 }
437 } else {
438 /* DIR:path */
439 if ((dc->dir = strdup(res)) == NULL) {
440 dcc_release(context, dc);
441 return krb5_enomem(context);
442 }
443
444 if ((ret = get_default_cache(context, dc, NULL, &dc->sub))) {
445 dcc_release(context, dc);
446 return ret;
447 }
448 }
449 }
450
451 /* Strip off extra slashes on the end */
452 for (len = strlen(dc->dir);
453 len && ISPATHSEP(dc->dir[len - 1]);
454 len--)
455 dc->dir[len - 1] = '\0';
456
457 /* If we got here then `dc->dir' and `dc->sub' must both be set */
458
459 if ((ret = verify_directory(context, dc->dir))) {
460 dcc_release(context, dc);
461 return ret;
462 }
463 if (!is_filename_cacheish(dc->sub)) {
464 krb5_set_error_message(context, KRB5_CC_FORMAT,
465 N_("Name %s is not a cache "
466 "(doesn't start with tkt)", ""), dc->sub);
467 dcc_release(context, dc);
468 return KRB5_CC_FORMAT;
469 }
470 if (asprintf(&dc->name, ":%s/%s", dc->dir, dc->sub) == -1 ||
471 dc->name == NULL ||
472 asprintf(&filename, "FILE%s", dc->name) == -1 || filename == NULL) {
473 dcc_release(context, dc);
474 return krb5_enomem(context);
475 }
476
477 ret = krb5_cc_resolve(context, filename, &dc->fcache);
478 free(filename);
479 if (ret) {
480 dcc_release(context, dc);
481 return ret;
482 }
483
484 dc->default_candidate = 1;
485 (*id)->data.data = dc;
486 (*id)->data.length = sizeof(*dc);
487 return 0;
488 }
489
490 static krb5_error_code KRB5_CALLCONV
491 dcc_gen_new(krb5_context context, krb5_ccache *id)
492 {
493 krb5_error_code ret;
494 char *def_dir = NULL;
495 char *name = NULL;
496 int fd = -1;
497
498 ret = get_default_dir(context, &def_dir);
499 if (ret == 0)
500 ret = verify_directory(context, def_dir);
501 if (ret == 0 &&
502 (asprintf(&name, "DIR::%s/tktXXXXXX", def_dir) == -1 || name == NULL))
503 ret = krb5_enomem(context);
504 if (ret == 0 && (fd = mkstemp(name + sizeof("DIR::") - 1)) == -1)
505 ret = errno;
506 if (ret == 0)
507 ret = dcc_resolve_2(context, id, name + sizeof("DIR:") - 1, NULL);
508
509 free(def_dir);
510 free(name);
511 if (fd != -1)
512 close(fd);
513 return ret;
514 }
515
516 static krb5_error_code KRB5_CALLCONV
517 dcc_initialize(krb5_context context,
518 krb5_ccache id,
519 krb5_principal primary_principal)
520 {
521 krb5_dcache *dc = DCACHE(id);
522 return krb5_cc_initialize(context, D2FCACHE(dc), primary_principal);
523 }
524
525 static krb5_error_code KRB5_CALLCONV
526 dcc_close(krb5_context context,
527 krb5_ccache id)
528 {
529 krb5_dcache *dc = DCACHE(id);
530 krb5_principal p = NULL;
531 struct stat st;
532 char *primary = NULL;
533
534 /*
535 * If there's no default cache, but we're closing one, and the one we're
536 * closing has been initialized, then make it the default. This makes the
537 * first cache created the default.
538 *
539 * FIXME We should check if `D2FCACHE(dc)' has live credentials.
540 */
541 if (dc->default_candidate && D2FCACHE(dc) &&
542 krb5_cc_get_principal(context, D2FCACHE(dc), &p) == 0 &&
543 (primary = primary_create(dc)) &&
544 (stat(primary, &st) == -1 || !S_ISREG(st.st_mode) || st.st_size == 0))
545 dcc_set_default(context, id);
546 krb5_free_principal(context, p);
547 free(primary);
548 dcc_release(context, DCACHE(id));
549 return 0;
550 }
551
552 static krb5_error_code KRB5_CALLCONV
553 dcc_destroy(krb5_context context,
554 krb5_ccache id)
555 {
556 krb5_dcache *dc = DCACHE(id);
557 krb5_ccache fcache = D2FCACHE(dc);
558 dc->fcache = NULL;
559 return krb5_cc_destroy(context, fcache);
560 }
561
562 static krb5_error_code KRB5_CALLCONV
563 dcc_store_cred(krb5_context context,
564 krb5_ccache id,
565 krb5_creds *creds)
566 {
567 krb5_dcache *dc = DCACHE(id);
568 return krb5_cc_store_cred(context, D2FCACHE(dc), creds);
569 }
570
571 static krb5_error_code KRB5_CALLCONV
572 dcc_get_principal(krb5_context context,
573 krb5_ccache id,
574 krb5_principal *principal)
575 {
576 krb5_dcache *dc = DCACHE(id);
577 return krb5_cc_get_principal(context, D2FCACHE(dc), principal);
578 }
579
580 static krb5_error_code KRB5_CALLCONV
581 dcc_get_first (krb5_context context,
582 krb5_ccache id,
583 krb5_cc_cursor *cursor)
584 {
585 krb5_dcache *dc = DCACHE(id);
586 return krb5_cc_start_seq_get(context, D2FCACHE(dc), cursor);
587 }
588
589 static krb5_error_code KRB5_CALLCONV
590 dcc_get_next (krb5_context context,
591 krb5_ccache id,
592 krb5_cc_cursor *cursor,
593 krb5_creds *creds)
594 {
595 krb5_dcache *dc = DCACHE(id);
596 return krb5_cc_next_cred(context, D2FCACHE(dc), cursor, creds);
597 }
598
599 static krb5_error_code KRB5_CALLCONV
600 dcc_end_get (krb5_context context,
601 krb5_ccache id,
602 krb5_cc_cursor *cursor)
603 {
604 krb5_dcache *dc = DCACHE(id);
605 return krb5_cc_end_seq_get(context, D2FCACHE(dc), cursor);
606 }
607
608 static krb5_error_code KRB5_CALLCONV
609 dcc_remove_cred(krb5_context context,
610 krb5_ccache id,
611 krb5_flags which,
612 krb5_creds *cred)
613 {
614 krb5_dcache *dc = DCACHE(id);
615 return krb5_cc_remove_cred(context, D2FCACHE(dc), which, cred);
616 }
617
618 static krb5_error_code KRB5_CALLCONV
619 dcc_set_flags(krb5_context context,
620 krb5_ccache id,
621 krb5_flags flags)
622 {
623 krb5_dcache *dc = DCACHE(id);
624 return krb5_cc_set_flags(context, D2FCACHE(dc), flags);
625 }
626
627 static int KRB5_CALLCONV
628 dcc_get_version(krb5_context context,
629 krb5_ccache id)
630 {
631 krb5_dcache *dc = DCACHE(id);
632 return krb5_cc_get_version(context, D2FCACHE(dc));
633 }
634
635 struct dcache_iter {
636 char *primary;
637 krb5_dcache *dc;
638 DIR *d;
639 unsigned int first:1;
640 };
641
642 static krb5_error_code KRB5_CALLCONV
643 dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
644 {
645 struct dcache_iter *iter = NULL;
646 const char *name = krb5_cc_default_name(context);
647 size_t len;
648 char *p;
649
650 *cursor = NULL;
651
652 if (strncmp(name, "DIR:", sizeof("DIR:") - 1) != 0) {
653 krb5_set_error_message(context, KRB5_CC_FORMAT,
654 N_("Can't list DIR caches unless its the default type", ""));
655 return KRB5_CC_FORMAT;
656 }
657
658 if ((iter = calloc(1, sizeof(*iter))) == NULL ||
659 (iter->dc = calloc(1, sizeof(iter->dc[0]))) == NULL ||
660 (iter->dc->dir = strdup(name + sizeof("DIR:") - 1)) == NULL) {
661 if (iter)
662 free(iter->dc);
663 free(iter);
664 return krb5_enomem(context);
665 }
666 iter->first = 1;
667 p = strrchr(iter->dc->dir, ':');
668 #ifdef WIN32
669 if (p == iter->dc->dir + 1)
670 p = NULL;
671 #endif
672 if (p)
673 *p = '\0';
674
675 /* Strip off extra slashes on the end */
676 for (len = strlen(iter->dc->dir);
677 len && ISPATHSEP(iter->dc->dir[len - 1]);
678 len--) {
679 iter->dc->dir[len - 1] = '\0';
680 }
681
682 if ((iter->d = opendir(iter->dc->dir)) == NULL) {
683 krb5_set_error_message(context, KRB5_CC_FORMAT,
684 N_("Can't open DIR %s: %s", ""),
685 iter->dc->dir, strerror(errno));
686 free(iter->dc->dir);
687 free(iter->dc);
688 free(iter);
689 return KRB5_CC_FORMAT;
690 }
691
692 *cursor = iter;
693 return 0;
694 }
695
696 static krb5_error_code KRB5_CALLCONV
697 dcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
698 {
699 struct dcache_iter *iter = cursor;
700 krb5_error_code ret;
701 struct stat st;
702 struct dirent *dentry;
703 char *p = NULL;
704
705 *id = NULL;
706 if (iter == NULL)
707 return krb5_einval(context, 2);
708
709 /* Emit primary subsidiary first */
710 if (iter->first &&
711 get_default_cache(context, iter->dc, NULL, &iter->primary) == 0 &&
712 iter->primary && is_filename_cacheish(iter->primary)) {
713 iter->first = 0;
714 ret = KRB5_CC_END;
715 if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, iter->primary) > -1 && p != NULL &&
716 stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode))
717 ret = krb5_cc_resolve(context, p, id);
718 if (p == NULL)
719 return krb5_enomem(context);
720 free(p);
721 if (ret == 0)
722 return ret;
723 p = NULL;
724 }
725
726 iter->first = 0;
727 for (dentry = readdir(iter->d); dentry; dentry = readdir(iter->d)) {
728 if (!is_filename_cacheish(dentry->d_name) ||
729 (iter->primary && strcmp(dentry->d_name, iter->primary) == 0))
730 continue;
731 p = NULL;
732 ret = KRB5_CC_END;
733 if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, dentry->d_name) > -1 &&
734 p != NULL &&
735 stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode))
736 ret = krb5_cc_resolve(context, p, id);
737 free(p);
738 if (p == NULL)
739 return krb5_enomem(context);
740 if (ret == 0)
741 return ret;
742 }
743 return KRB5_CC_END;
744 }
745
746 static krb5_error_code KRB5_CALLCONV
747 dcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
748 {
749 struct dcache_iter *iter = cursor;
750
751 if (iter == NULL)
752 return krb5_einval(context, 2);
753
754 (void) closedir(iter->d);
755 free(iter->dc->dir);
756 free(iter->dc);
757 free(iter->primary);
758 free(iter);
759 return 0;
760 }
761
762 static krb5_error_code KRB5_CALLCONV
763 dcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
764 {
765 krb5_dcache *dcfrom = DCACHE(from);
766 krb5_dcache *dcto = DCACHE(to);
767
768 dcfrom->default_candidate = 0;
769 dcto->default_candidate = 1;
770 return krb5_cc_move(context, D2FCACHE(dcfrom), D2FCACHE(dcto));
771 }
772
773 static krb5_error_code KRB5_CALLCONV
774 dcc_get_default_name(krb5_context context, char **str)
775 {
776 const char *def_cc_colname =
777 krb5_config_get_string_default(context, NULL, KRB5_DEFAULT_CCNAME_DIR,
778 "libdefaults", "default_cc_collection",
779 NULL);
780
781 /* [libdefaults] default_cc_collection is for testing */
782 if (strncmp(def_cc_colname, "DIR:", sizeof("DIR:") - 1) != 0)
783 def_cc_colname = KRB5_DEFAULT_CCNAME_DIR;
784 return _krb5_expand_default_cc_name(context, def_cc_colname, str);
785 }
786
787 static krb5_error_code KRB5_CALLCONV
788 dcc_set_default(krb5_context context, krb5_ccache id)
789 {
790 krb5_dcache *dc = DCACHE(id);
791
792 if (dc->sub == NULL)
793 return ENOENT;
794 return set_default_cache(context, dc, dc->sub);
795 }
796
797 static krb5_error_code KRB5_CALLCONV
798 dcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
799 {
800 krb5_dcache *dc = DCACHE(id);
801 return krb5_cc_last_change_time(context, D2FCACHE(dc), mtime);
802 }
803
804 static krb5_error_code KRB5_CALLCONV
805 dcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
806 {
807 krb5_dcache *dc = DCACHE(id);
808 return krb5_cc_set_kdc_offset(context, D2FCACHE(dc), kdc_offset);
809 }
810
811 static krb5_error_code KRB5_CALLCONV
812 dcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
813 {
814 krb5_dcache *dc = DCACHE(id);
815 return krb5_cc_get_kdc_offset(context, D2FCACHE(dc), kdc_offset);
816 }
817
818
819 /**
820 * Variable containing the DIR based credential cache implemention.
821 *
822 * @ingroup krb5_ccache
823 */
824
825 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops = {
826 KRB5_CC_OPS_VERSION_5,
827 "DIR",
828 NULL,
829 NULL,
830 dcc_gen_new,
831 dcc_initialize,
832 dcc_destroy,
833 dcc_close,
834 dcc_store_cred,
835 NULL, /* dcc_retrieve */
836 dcc_get_principal,
837 dcc_get_first,
838 dcc_get_next,
839 dcc_end_get,
840 dcc_remove_cred,
841 dcc_set_flags,
842 dcc_get_version,
843 dcc_get_cache_first,
844 dcc_get_cache_next,
845 dcc_end_cache_get,
846 dcc_move,
847 dcc_get_default_name,
848 dcc_set_default,
849 dcc_lastchange,
850 dcc_set_kdc_offset,
851 dcc_get_kdc_offset,
852 dcc_get_name_2,
853 dcc_resolve_2
854 };
Samba GIT mirror