lib/krb5/replay.c

   1 /*
   2  * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5_locl.h"
  35 #include <vis.h>
  36
  37 struct krb5_rcache_data {
  38     char *name;
  39 };
  40
  41 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  42 krb5_rc_resolve(krb5_context context,
  43                 krb5_rcache id,
  44                 const char *name)
  45 {
  46     id->name = strdup(name);
  47     if(id->name == NULL) {
  48         krb5_set_error_message(context, KRB5_RC_MALLOC,
  49                                N_("malloc: out of memory", ""));
  50         return KRB5_RC_MALLOC;
  51     }
  52     return 0;
  53 }
  54
  55 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  56 krb5_rc_resolve_type(krb5_context context,
  57                      krb5_rcache *id,
  58                      const char *type)
  59 {
  60     *id = NULL;
  61     if (strcmp(type, "FILE") != 0) {
  62         krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
  63                                 N_("replay cache type %s not supported", ""),
  64                                 type);
  65         return KRB5_RC_TYPE_NOTFOUND;
  66     }
  67     *id = calloc(1, sizeof(**id));
  68     if(*id == NULL) {
  69         krb5_set_error_message(context, KRB5_RC_MALLOC,
  70                                N_("malloc: out of memory", ""));
  71         return KRB5_RC_MALLOC;
  72     }
  73     return 0;
  74 }
  75
  76 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
  77 krb5_rc_resolve_full(krb5_context context,
  78                      krb5_rcache *id,
  79                      const char *string_name)
  80 {
  81     krb5_error_code ret;
  82
  83     *id = NULL;
  84
  85     if (strncmp(string_name, "FILE:", 5) != 0) {
  86         krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
  87                                N_("replay cache type %s not supported", ""),
  88                                string_name);
  89         return KRB5_RC_TYPE_NOTFOUND;
  90     }
  91     ret = krb5_rc_resolve_type(context, id, "FILE");
  92     if(ret)
  93         return ret;
  94     ret = krb5_rc_resolve(context, *id, string_name + 5);
  95     if (ret) {
  96         krb5_rc_close(context, *id);
  97         *id = NULL;
  98     }
  99     return ret;
 100 }
 101
 102 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
 103 krb5_rc_default_name(krb5_context context)
 104 {
 105     return "FILE:/var/run/default_rcache";
 106 }
 107
 108 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
 109 krb5_rc_default_type(krb5_context context)
 110 {
 111     return "FILE";
 112 }
 113
 114 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 115 krb5_rc_default(krb5_context context,
 116                 krb5_rcache *id)
 117 {
 118     return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
 119 }
 120
 121 struct rc_entry{
 122     time_t stamp;
 123     unsigned char data[16];
 124 };
 125
 126 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 127 krb5_rc_initialize(krb5_context context,
 128                    krb5_rcache id,
 129                    krb5_deltat auth_lifespan)
 130 {
 131     FILE *f = fopen(id->name, "w");
 132     struct rc_entry tmp;
 133     int ret;
 134
 135     if(f == NULL) {
 136         char buf[128];
 137         ret = errno;
 138         rk_strerror_r(ret, buf, sizeof(buf));
 139         krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
 140         return ret;
 141     }
 142     memset(&tmp, 0, sizeof(tmp));
 143     tmp.stamp = auth_lifespan;
 144     fwrite(&tmp, 1, sizeof(tmp), f);
 145     fclose(f);
 146     return 0;
 147 }
 148
 149 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 150 krb5_rc_recover(krb5_context context,
 151                 krb5_rcache id)
 152 {
 153     return 0;
 154 }
 155
 156 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 157 krb5_rc_destroy(krb5_context context,
 158                 krb5_rcache id)
 159 {
 160     int ret;
 161
 162     if(remove(id->name) < 0) {
 163         char buf[128];
 164         ret = errno;
 165         rk_strerror_r(ret, buf, sizeof(buf));
 166         krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
 167         return ret;
 168     }
 169     return krb5_rc_close(context, id);
 170 }
 171
 172 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 173 krb5_rc_close(krb5_context context,
 174               krb5_rcache id)
 175 {
 176     free(id->name);
 177     free(id);
 178     return 0;
 179 }
 180
 181 static void
 182 checksum_authenticator(Authenticator *auth, void *data)
 183 {
 184     EVP_MD_CTX *m = EVP_MD_CTX_create();
 185     unsigned i;
 186
 187     EVP_DigestInit_ex(m, EVP_md5(), NULL);
 188
 189     EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm));
 190     for(i = 0; i < auth->cname.name_string.len; i++)
 191         EVP_DigestUpdate(m, auth->cname.name_string.val[i],
 192                    strlen(auth->cname.name_string.val[i]));
 193     EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime));
 194     EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec));
 195
 196     EVP_DigestFinal_ex(m, data, NULL);
 197     EVP_MD_CTX_destroy(m);
 198 }
 199
 200 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 201 krb5_rc_store(krb5_context context,
 202               krb5_rcache id,
 203               krb5_donot_replay *rep)
 204 {
 205     struct rc_entry ent, tmp;
 206     time_t t;
 207     FILE *f;
 208     int ret;
 209     size_t count;
 210
 211     ent.stamp = time(NULL);
 212     checksum_authenticator(rep, ent.data);
 213     f = fopen(id->name, "r");
 214     if(f == NULL) {
 215         char buf[128];
 216         ret = errno;
 217         rk_strerror_r(ret, buf, sizeof(buf));
 218         krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
 219         return ret;
 220     }
 221     rk_cloexec_file(f);
 222     count = fread(&tmp, sizeof(ent), 1, f);
 223     if (count != 1) {
 224         fclose(f);
 225         return KRB5_RC_IO_UNKNOWN;
 226     }
 227     t = ent.stamp - tmp.stamp;
 228     while(fread(&tmp, sizeof(ent), 1, f)){
 229         if(tmp.stamp < t)
 230             continue;
 231         if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
 232             fclose(f);
 233             krb5_clear_error_message (context);
 234             return KRB5_RC_REPLAY;
 235         }
 236     }
 237     if(ferror(f)){
 238         char buf[128];
 239         ret = errno;
 240         fclose(f);
 241         rk_strerror_r(ret, buf, sizeof(buf));
 242         krb5_set_error_message(context, ret, "%s: %s",
 243                                id->name, buf);
 244         return ret;
 245     }
 246     fclose(f);
 247     f = fopen(id->name, "a");
 248     if(f == NULL) {
 249         char buf[128];
 250         rk_strerror_r(errno, buf, sizeof(buf));
 251         krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
 252                                "open(%s): %s", id->name, buf);
 253         return KRB5_RC_IO_UNKNOWN;
 254     }
 255     fwrite(&ent, 1, sizeof(ent), f);
 256     fclose(f);
 257     return 0;
 258 }
 259
 260 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 261 krb5_rc_expunge(krb5_context context,
 262                 krb5_rcache id)
 263 {
 264     return 0;
 265 }
 266
 267 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 268 krb5_rc_get_lifespan(krb5_context context,
 269                      krb5_rcache id,
 270                      krb5_deltat *auth_lifespan)
 271 {
 272     FILE *f = fopen(id->name, "r");
 273     int r;
 274     struct rc_entry ent;
 275     r = fread(&ent, sizeof(ent), 1, f);
 276     fclose(f);
 277     if(r){
 278         *auth_lifespan = ent.stamp;
 279         return 0;
 280     }
 281     krb5_clear_error_message (context);
 282     return KRB5_RC_IO_UNKNOWN;
 283 }
 284
 285 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
 286 krb5_rc_get_name(krb5_context context,
 287                  krb5_rcache id)
 288 {
 289     return id->name;
 290 }
 291
 292 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
 293 krb5_rc_get_type(krb5_context context,
 294                  krb5_rcache id)
 295 {
 296     return "FILE";
 297 }
 298
 299 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 300 krb5_get_server_rcache(krb5_context context,
 301                        const krb5_data *piece,
 302                        krb5_rcache *id)
 303 {
 304     krb5_rcache rcache;
 305     krb5_error_code ret;
 306
 307     char *tmp = malloc(4 * piece->length + 1);
 308     char *name;
 309
 310     if (tmp == NULL)
 311         return krb5_enomem(context);
 312     strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
 313 #ifdef HAVE_GETEUID
 314     ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
 315 #else
 316     ret = asprintf(&name, "FILE:rc_%s", tmp);
 317 #endif
 318     free(tmp);
 319     if (ret < 0 || name == NULL)
 320         return krb5_enomem(context);
 321
 322     ret = krb5_rc_resolve_full(context, &rcache, name);
 323     free(name);
 324     if(ret)
 325         return ret;
 326     *id = rcache;
 327     return ret;
 328 }