Line data Source code
1 : /*
2 : * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 : #include <vis.h>
36 :
37 : struct krb5_rcache_data {
38 : char *name;
39 : };
40 :
41 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
42 0 : krb5_rc_resolve(krb5_context context,
43 : krb5_rcache id,
44 : const char *name)
45 : {
46 0 : id->name = strdup(name);
47 0 : if(id->name == NULL) {
48 0 : krb5_set_error_message(context, KRB5_RC_MALLOC,
49 0 : N_("malloc: out of memory", ""));
50 0 : return KRB5_RC_MALLOC;
51 : }
52 0 : return 0;
53 : }
54 :
55 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
56 0 : krb5_rc_resolve_type(krb5_context context,
57 : krb5_rcache *id,
58 : const char *type)
59 : {
60 0 : *id = NULL;
61 0 : if (strcmp(type, "FILE") != 0) {
62 0 : krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
63 0 : N_("replay cache type %s not supported", ""),
64 : type);
65 0 : return KRB5_RC_TYPE_NOTFOUND;
66 : }
67 0 : *id = calloc(1, sizeof(**id));
68 0 : if(*id == NULL) {
69 0 : krb5_set_error_message(context, KRB5_RC_MALLOC,
70 0 : N_("malloc: out of memory", ""));
71 0 : return KRB5_RC_MALLOC;
72 : }
73 0 : return 0;
74 : }
75 :
76 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
77 0 : krb5_rc_resolve_full(krb5_context context,
78 : krb5_rcache *id,
79 : const char *string_name)
80 : {
81 0 : krb5_error_code ret;
82 :
83 0 : *id = NULL;
84 :
85 0 : if (strncmp(string_name, "FILE:", 5) != 0) {
86 0 : krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
87 0 : N_("replay cache type %s not supported", ""),
88 : string_name);
89 0 : return KRB5_RC_TYPE_NOTFOUND;
90 : }
91 0 : ret = krb5_rc_resolve_type(context, id, "FILE");
92 0 : if(ret)
93 0 : return ret;
94 0 : ret = krb5_rc_resolve(context, *id, string_name + 5);
95 0 : if (ret) {
96 0 : krb5_rc_close(context, *id);
97 0 : *id = NULL;
98 : }
99 0 : return ret;
100 : }
101 :
102 : KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
103 0 : krb5_rc_default_name(krb5_context context)
104 : {
105 0 : return "FILE:/var/run/default_rcache";
106 : }
107 :
108 : KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
109 0 : krb5_rc_default_type(krb5_context context)
110 : {
111 0 : return "FILE";
112 : }
113 :
114 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
115 0 : krb5_rc_default(krb5_context context,
116 : krb5_rcache *id)
117 : {
118 0 : return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
119 : }
120 :
121 : struct rc_entry{
122 : time_t stamp;
123 : unsigned char data[16];
124 : };
125 :
126 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
127 0 : krb5_rc_initialize(krb5_context context,
128 : krb5_rcache id,
129 : krb5_deltat auth_lifespan)
130 : {
131 0 : FILE *f = fopen(id->name, "w");
132 0 : struct rc_entry tmp;
133 0 : int ret;
134 :
135 0 : if(f == NULL) {
136 0 : char buf[128];
137 0 : ret = errno;
138 0 : rk_strerror_r(ret, buf, sizeof(buf));
139 0 : krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
140 0 : return ret;
141 : }
142 0 : memset(&tmp, 0, sizeof(tmp));
143 0 : tmp.stamp = auth_lifespan;
144 0 : fwrite(&tmp, 1, sizeof(tmp), f);
145 0 : fclose(f);
146 0 : return 0;
147 : }
148 :
149 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
150 0 : krb5_rc_recover(krb5_context context,
151 : krb5_rcache id)
152 : {
153 0 : return 0;
154 : }
155 :
156 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
157 0 : krb5_rc_destroy(krb5_context context,
158 : krb5_rcache id)
159 : {
160 0 : int ret;
161 :
162 0 : if(remove(id->name) < 0) {
163 0 : char buf[128];
164 0 : ret = errno;
165 0 : rk_strerror_r(ret, buf, sizeof(buf));
166 0 : krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
167 0 : return ret;
168 : }
169 0 : return krb5_rc_close(context, id);
170 : }
171 :
172 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
173 0 : krb5_rc_close(krb5_context context,
174 : krb5_rcache id)
175 : {
176 0 : free(id->name);
177 0 : free(id);
178 0 : return 0;
179 : }
180 :
181 : static void
182 0 : checksum_authenticator(Authenticator *auth, void *data)
183 : {
184 0 : EVP_MD_CTX *m = EVP_MD_CTX_create();
185 0 : unsigned i;
186 :
187 0 : EVP_DigestInit_ex(m, EVP_md5(), NULL);
188 :
189 0 : EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm));
190 0 : for(i = 0; i < auth->cname.name_string.len; i++)
191 0 : EVP_DigestUpdate(m, auth->cname.name_string.val[i],
192 0 : strlen(auth->cname.name_string.val[i]));
193 0 : EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime));
194 0 : EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec));
195 :
196 0 : EVP_DigestFinal_ex(m, data, NULL);
197 0 : EVP_MD_CTX_destroy(m);
198 0 : }
199 :
200 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
201 0 : krb5_rc_store(krb5_context context,
202 : krb5_rcache id,
203 : krb5_donot_replay *rep)
204 : {
205 0 : struct rc_entry ent, tmp;
206 0 : time_t t;
207 0 : FILE *f;
208 0 : int ret;
209 0 : size_t count;
210 :
211 0 : ent.stamp = time(NULL);
212 0 : checksum_authenticator(rep, ent.data);
213 0 : f = fopen(id->name, "r");
214 0 : if(f == NULL) {
215 0 : char buf[128];
216 0 : ret = errno;
217 0 : rk_strerror_r(ret, buf, sizeof(buf));
218 0 : krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
219 0 : return ret;
220 : }
221 0 : rk_cloexec_file(f);
222 0 : count = fread(&tmp, sizeof(ent), 1, f);
223 0 : if (count != 1) {
224 0 : fclose(f);
225 0 : return KRB5_RC_IO_UNKNOWN;
226 : }
227 0 : t = ent.stamp - tmp.stamp;
228 0 : while(fread(&tmp, sizeof(ent), 1, f)){
229 0 : if(tmp.stamp < t)
230 0 : continue;
231 0 : if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
232 0 : fclose(f);
233 0 : krb5_clear_error_message (context);
234 0 : return KRB5_RC_REPLAY;
235 : }
236 : }
237 0 : if(ferror(f)){
238 0 : char buf[128];
239 0 : ret = errno;
240 0 : fclose(f);
241 0 : rk_strerror_r(ret, buf, sizeof(buf));
242 0 : krb5_set_error_message(context, ret, "%s: %s",
243 : id->name, buf);
244 0 : return ret;
245 : }
246 0 : fclose(f);
247 0 : f = fopen(id->name, "a");
248 0 : if(f == NULL) {
249 0 : char buf[128];
250 0 : rk_strerror_r(errno, buf, sizeof(buf));
251 0 : krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
252 : "open(%s): %s", id->name, buf);
253 0 : return KRB5_RC_IO_UNKNOWN;
254 : }
255 0 : fwrite(&ent, 1, sizeof(ent), f);
256 0 : fclose(f);
257 0 : return 0;
258 : }
259 :
260 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
261 0 : krb5_rc_expunge(krb5_context context,
262 : krb5_rcache id)
263 : {
264 0 : return 0;
265 : }
266 :
267 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
268 0 : krb5_rc_get_lifespan(krb5_context context,
269 : krb5_rcache id,
270 : krb5_deltat *auth_lifespan)
271 : {
272 0 : FILE *f = fopen(id->name, "r");
273 0 : int r;
274 0 : struct rc_entry ent;
275 0 : r = fread(&ent, sizeof(ent), 1, f);
276 0 : fclose(f);
277 0 : if(r){
278 0 : *auth_lifespan = ent.stamp;
279 0 : return 0;
280 : }
281 0 : krb5_clear_error_message (context);
282 0 : return KRB5_RC_IO_UNKNOWN;
283 : }
284 :
285 : KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
286 0 : krb5_rc_get_name(krb5_context context,
287 : krb5_rcache id)
288 : {
289 0 : return id->name;
290 : }
291 :
292 : KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
293 0 : krb5_rc_get_type(krb5_context context,
294 : krb5_rcache id)
295 : {
296 0 : return "FILE";
297 : }
298 :
299 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
300 0 : krb5_get_server_rcache(krb5_context context,
301 : const krb5_data *piece,
302 : krb5_rcache *id)
303 : {
304 0 : krb5_rcache rcache;
305 0 : krb5_error_code ret;
306 :
307 0 : char *tmp = malloc(4 * piece->length + 1);
308 0 : char *name;
309 :
310 0 : if (tmp == NULL)
311 0 : return krb5_enomem(context);
312 0 : strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
313 : #ifdef HAVE_GETEUID
314 : ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
315 : #else
316 0 : ret = asprintf(&name, "FILE:rc_%s", tmp);
317 : #endif
318 0 : free(tmp);
319 0 : if (ret < 0 || name == NULL)
320 0 : return krb5_enomem(context);
321 :
322 0 : ret = krb5_rc_resolve_full(context, &rcache, name);
323 0 : free(name);
324 0 : if(ret)
325 0 : return ret;
326 0 : *id = rcache;
327 0 : return ret;
328 : }
|
