/src/samba/third_party/heimdal/lib/krb5/dcache.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan |
3 | | * (Royal Institute of Technology, Stockholm, Sweden). |
4 | | * All rights reserved. |
5 | | * |
6 | | * Portions Copyright (c) 2009 Apple Inc. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions |
10 | | * are met: |
11 | | * |
12 | | * 1. Redistributions of source code must retain the above copyright |
13 | | * notice, this list of conditions and the following disclaimer. |
14 | | * |
15 | | * 2. Redistributions in binary form must reproduce the above copyright |
16 | | * notice, this list of conditions and the following disclaimer in the |
17 | | * documentation and/or other materials provided with the distribution. |
18 | | * |
19 | | * 3. Neither the name of the Institute nor the names of its contributors |
20 | | * may be used to endorse or promote products derived from this software |
21 | | * without specific prior written permission. |
22 | | * |
23 | | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
24 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
25 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
26 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
27 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
28 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
29 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
30 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
31 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
32 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
33 | | * SUCH DAMAGE. |
34 | | */ |
35 | | |
36 | | #include "krb5_locl.h" |
37 | | |
38 | | typedef struct krb5_dcache{ |
39 | | krb5_ccache fcache; |
40 | | char *name; |
41 | | char *dir; |
42 | | char *sub; |
43 | | unsigned int default_candidate:1; |
44 | | } krb5_dcache; |
45 | | |
46 | 0 | #define DCACHE(X) ((krb5_dcache*)(X)->data.data) |
47 | 0 | #define D2FCACHE(X) ((X)->fcache) |
48 | | |
49 | | static krb5_error_code KRB5_CALLCONV dcc_close(krb5_context, krb5_ccache); |
50 | | static krb5_error_code KRB5_CALLCONV dcc_get_default_name(krb5_context, char **); |
51 | | static krb5_error_code KRB5_CALLCONV dcc_set_default(krb5_context, krb5_ccache); |
52 | | |
53 | | /* |
54 | | * Make subsidiary filesystem safe by mapping / and : to -. If the subsidiary |
55 | | * is longer than 128 bytes, then truncate. |
56 | | * In all cases, "tkt." is prefixed to be compatible with the DIR requirement |
57 | | * that subsidiary ccache files be named tkt*. |
58 | | * |
59 | | * Thus host/foo.bar.baz@BAR.BAZ -> tkt.host-foo.bar.baz@BAR.BAZ. |
60 | | * |
61 | | * In particular, no filesystem component separators will be emitted, and . and |
62 | | * .. will never be traversed. |
63 | | */ |
64 | | static krb5_error_code |
65 | | fs_encode_subsidiary(krb5_context context, |
66 | | krb5_dcache *dc, |
67 | | const char *subsidiary, |
68 | | char **res) |
69 | 0 | { |
70 | 0 | size_t len = strlen(subsidiary); |
71 | 0 | size_t i; |
72 | |
|
73 | 0 | *res = NULL; |
74 | 0 | if (asprintf(res, "tkt.%s", subsidiary) == -1 || *res == NULL) |
75 | 0 | return krb5_enomem(context); |
76 | 0 | for (i = sizeof("tkt.") - 1; i < len; i++) { |
77 | 0 | switch ((*res)[i]) { |
78 | | #ifdef WIN32 |
79 | | case '\\': (*res)[0] = '-'; break; |
80 | | #endif |
81 | 0 | case '/': (*res)[0] = '-'; break; |
82 | 0 | case ':': (*res)[0] = '-'; break; |
83 | 0 | default: break; |
84 | 0 | } |
85 | 0 | } |
86 | | |
87 | | /* Hopefully this will work on all filesystems */ |
88 | 0 | if (len > 128 - sizeof("tkt.") - 1) |
89 | 0 | (*res)[127] = '\0'; |
90 | 0 | return 0; |
91 | 0 | } |
92 | | |
93 | | static char * |
94 | | primary_create(krb5_dcache *dc) |
95 | 0 | { |
96 | 0 | char *primary = NULL; |
97 | 0 | int asprintf_ret = asprintf(&primary, "%s/primary", dc->dir); |
98 | 0 | if (asprintf_ret == -1 || primary == NULL) { |
99 | 0 | return NULL; |
100 | 0 | } |
101 | | |
102 | 0 | return primary; |
103 | 0 | } |
104 | | |
105 | | static int |
106 | | is_filename_cacheish(const char *name) |
107 | 0 | { |
108 | 0 | size_t i; |
109 | |
|
110 | 0 | if (strncmp(name, "tkt", sizeof("tkt") - 1) != 0) |
111 | 0 | return 0; |
112 | 0 | for (i = sizeof("tkt") - 1; name[i]; i++) |
113 | 0 | if (ISPATHSEP(name[i])) |
114 | 0 | return 0; |
115 | 0 | return 1; |
116 | 0 | } |
117 | | |
118 | | static krb5_error_code |
119 | | set_default_cache(krb5_context context, krb5_dcache *dc, const char *residual) |
120 | 0 | { |
121 | 0 | char *path = NULL, *primary = NULL; |
122 | 0 | krb5_error_code ret; |
123 | 0 | struct iovec iov[2]; |
124 | 0 | size_t len; |
125 | 0 | int fd = -1; |
126 | 0 | int asprintf_ret; |
127 | |
|
128 | 0 | asprintf_ret = asprintf(&path, "%s/primary-XXXXXX", dc->dir); |
129 | 0 | if (asprintf_ret == -1 || path == NULL) { |
130 | 0 | return krb5_enomem(context); |
131 | 0 | } |
132 | | |
133 | 0 | fd = mkstemp(path); |
134 | 0 | if (fd < 0) { |
135 | 0 | ret = errno; |
136 | 0 | goto out; |
137 | 0 | } |
138 | 0 | rk_cloexec(fd); |
139 | 0 | #ifndef _WIN32 |
140 | 0 | if (fchmod(fd, S_IRUSR | S_IWUSR) < 0) { |
141 | 0 | ret = errno; |
142 | 0 | goto out; |
143 | 0 | } |
144 | 0 | #endif |
145 | 0 | len = strlen(residual); |
146 | |
|
147 | 0 | iov[0].iov_base = rk_UNCONST(residual); |
148 | 0 | iov[0].iov_len = len; |
149 | 0 | iov[1].iov_base = "\n"; |
150 | 0 | iov[1].iov_len = 1; |
151 | |
|
152 | 0 | if (writev(fd, iov, sizeof(iov)/sizeof(iov[0])) != len + 1) { |
153 | 0 | ret = errno; |
154 | 0 | goto out; |
155 | 0 | } |
156 | | |
157 | 0 | primary = primary_create(dc); |
158 | 0 | if (primary == NULL) { |
159 | 0 | ret = krb5_enomem(context); |
160 | 0 | goto out; |
161 | 0 | } |
162 | | |
163 | 0 | if (rename(path, primary) < 0) { |
164 | 0 | ret = errno; |
165 | 0 | goto out; |
166 | 0 | } |
167 | | |
168 | 0 | close(fd); |
169 | 0 | fd = -1; |
170 | |
|
171 | 0 | ret = 0; |
172 | 0 | out: |
173 | 0 | if (fd >= 0) { |
174 | 0 | (void)unlink(path); |
175 | 0 | close(fd); |
176 | 0 | } |
177 | 0 | if (path) |
178 | 0 | free(path); |
179 | 0 | if (primary) |
180 | 0 | free(primary); |
181 | |
|
182 | 0 | return ret; |
183 | 0 | } |
184 | | |
185 | | static krb5_error_code |
186 | | get_default_cache(krb5_context context, krb5_dcache *dc, |
187 | | const char *subsidiary, char **residual) |
188 | 0 | { |
189 | 0 | krb5_error_code ret; |
190 | 0 | char buf[MAXPATHLEN]; |
191 | 0 | char *primary = NULL; |
192 | 0 | FILE *f; |
193 | |
|
194 | 0 | *residual = NULL; |
195 | 0 | if (subsidiary) |
196 | 0 | return fs_encode_subsidiary(context, dc, subsidiary, residual); |
197 | | |
198 | 0 | primary = primary_create(dc); |
199 | 0 | if (primary == NULL) |
200 | 0 | return krb5_enomem(context); |
201 | | |
202 | 0 | f = fopen(primary, "r"); |
203 | 0 | if (f == NULL) { |
204 | 0 | if (errno == ENOENT) { |
205 | 0 | free(primary); |
206 | 0 | *residual = strdup("tkt"); |
207 | 0 | if (*residual == NULL) |
208 | 0 | return krb5_enomem(context); |
209 | 0 | return 0; |
210 | 0 | } |
211 | 0 | ret = errno; |
212 | 0 | krb5_set_error_message(context, ret, "failed to open %s", primary); |
213 | 0 | free(primary); |
214 | 0 | return ret; |
215 | 0 | } |
216 | | |
217 | 0 | if (fgets(buf, sizeof(buf), f) == NULL) { |
218 | 0 | ret = ferror(f); |
219 | 0 | fclose(f); |
220 | 0 | krb5_set_error_message(context, ret, "read file %s", primary); |
221 | 0 | free(primary); |
222 | 0 | return ret; |
223 | 0 | } |
224 | 0 | fclose(f); |
225 | | |
226 | 0 | buf[strcspn(buf, "\r\n")] = '\0'; |
227 | |
|
228 | 0 | if (!is_filename_cacheish(buf)) { |
229 | 0 | krb5_set_error_message(context, KRB5_CC_FORMAT, |
230 | 0 | "name in %s is not a cache (doesn't start with tkt)", primary); |
231 | 0 | free(primary); |
232 | 0 | return KRB5_CC_FORMAT; |
233 | 0 | } |
234 | | |
235 | 0 | free(primary); |
236 | |
|
237 | 0 | *residual = strdup(buf); |
238 | 0 | if (*residual == NULL) |
239 | 0 | return krb5_enomem(context); |
240 | | |
241 | 0 | return 0; |
242 | 0 | } |
243 | | |
244 | | |
245 | | |
246 | | static krb5_error_code KRB5_CALLCONV |
247 | | dcc_get_name_2(krb5_context context, |
248 | | krb5_ccache id, |
249 | | const char **name, |
250 | | const char **dir, |
251 | | const char **sub) |
252 | 0 | { |
253 | 0 | krb5_dcache *dc = DCACHE(id); |
254 | |
|
255 | 0 | if (name) |
256 | 0 | *name = dc->name; |
257 | 0 | if (dir) |
258 | 0 | *dir = dc->dir; |
259 | 0 | if (sub) |
260 | 0 | *sub = dc->sub; |
261 | 0 | return 0; |
262 | 0 | } |
263 | | |
264 | | |
265 | | static krb5_error_code |
266 | | verify_directory(krb5_context context, const char *path) |
267 | 0 | { |
268 | 0 | struct stat sb; |
269 | |
|
270 | 0 | if (!path[0]) { |
271 | 0 | krb5_set_error_message(context, EINVAL, |
272 | 0 | N_("DIR empty directory component", "")); |
273 | 0 | return EINVAL; |
274 | 0 | } |
275 | | |
276 | | /* XXX should use mkdirx_np() */ |
277 | 0 | if (rk_mkdir(path, S_IRWXU) == 0) |
278 | 0 | return 0; |
279 | | |
280 | 0 | if (stat(path, &sb) != 0) { |
281 | 0 | if (errno == ENOENT) { |
282 | 0 | krb5_set_error_message(context, ENOENT, |
283 | 0 | N_("DIR directory %s doesn't exists", ""), path); |
284 | 0 | return ENOENT; |
285 | 0 | } else { |
286 | 0 | krb5_set_error_message(context, errno, |
287 | 0 | N_("DIR directory %s is bad: %s", ""), path, strerror(errno)); |
288 | 0 | return errno; |
289 | 0 | } |
290 | 0 | } |
291 | 0 | if (!S_ISDIR(sb.st_mode)) { |
292 | 0 | krb5_set_error_message(context, KRB5_CC_BADNAME, |
293 | 0 | N_("DIR directory %s is not a directory", ""), path); |
294 | 0 | return KRB5_CC_BADNAME; |
295 | 0 | } |
296 | | |
297 | 0 | return 0; |
298 | 0 | } |
299 | | |
300 | | static void |
301 | | dcc_release(krb5_context context, krb5_dcache *dc) |
302 | 0 | { |
303 | 0 | if (dc->fcache) |
304 | 0 | krb5_cc_close(context, dc->fcache); |
305 | 0 | free(dc->sub); |
306 | 0 | free(dc->dir); |
307 | 0 | free(dc->name); |
308 | 0 | memset(dc, 0, sizeof(*dc)); |
309 | 0 | free(dc); |
310 | 0 | } |
311 | | |
312 | | static krb5_error_code |
313 | | get_default_dir(krb5_context context, char **res) |
314 | 0 | { |
315 | 0 | krb5_error_code ret; |
316 | 0 | char *s; |
317 | |
|
318 | 0 | if ((ret = dcc_get_default_name(context, &s))) |
319 | 0 | return ret; |
320 | 0 | if (strncmp(s, "DIR:", sizeof("DIR:") - 1) != 0) { |
321 | 0 | *res = s; |
322 | 0 | s = NULL; |
323 | 0 | } else if ((*res = strdup(s + sizeof("DIR:") - 1)) == NULL) { |
324 | 0 | ret = krb5_enomem(context); |
325 | 0 | } |
326 | 0 | free(s); |
327 | 0 | return ret; |
328 | 0 | } |
329 | | |
330 | | static krb5_error_code KRB5_CALLCONV |
331 | | dcc_resolve_2(krb5_context context, |
332 | | krb5_ccache *id, |
333 | | const char *res, |
334 | | const char *sub) |
335 | 0 | { |
336 | 0 | krb5_error_code ret; |
337 | 0 | krb5_dcache *dc = NULL; |
338 | 0 | char *filename = NULL; |
339 | 0 | size_t len; |
340 | 0 | int has_pathsep = 0; |
341 | |
|
342 | 0 | if (sub) { |
343 | | /* |
344 | | * Here `res' has the directory name (or, if NULL, refers to the |
345 | | * default DIR cccol), and `sub' has the "subsidiary" name, to which |
346 | | * we'll prefix "tkt." (though we will insist only on "tkt" later). |
347 | | */ |
348 | 0 | if ((dc = calloc(1, sizeof(*dc))) == NULL || |
349 | 0 | asprintf(&dc->sub, "tkt.%s", sub) == -1 || dc->sub == NULL) { |
350 | 0 | free(dc); |
351 | 0 | return krb5_enomem(context); |
352 | 0 | } |
353 | 0 | if (res && res[0] && (dc->dir = strdup(res)) == NULL) { |
354 | 0 | free(dc->sub); |
355 | 0 | free(dc); |
356 | 0 | return krb5_enomem(context); |
357 | 0 | } else if ((!res || !res[0]) && (ret = get_default_dir(context, &dc->dir))) { |
358 | 0 | free(dc->sub); |
359 | 0 | free(dc); |
360 | 0 | return ret; |
361 | 0 | } |
362 | 0 | } else { |
363 | 0 | const char *p; |
364 | 0 | int is_drive_letter_colon = 0; |
365 | | |
366 | | /* |
367 | | * Here `res' has whatever string followed "DIR:", and we need to parse |
368 | | * it into `dc->dir' and `dc->sub'. |
369 | | * |
370 | | * Conventions we support for DIR cache naming: |
371 | | * |
372 | | * - DIR:path:NAME ---> FILE:path/tktNAME |
373 | | * - DIR::path/tktNAME ---> FILE:path/tktNAME |
374 | | * - DIR::NAME ---> FILE:${default_DIR_cccol_path}/tktNAME |
375 | | * \-> FILE:/tmp/krb5cc_${uid}_dir/tktNAME |
376 | | * - DIR:path ---> FILE:path/$(cat primary) or FILE:path/tkt |
377 | | * |
378 | | */ |
379 | |
|
380 | 0 | if (res == NULL || *res == '\0' || (res[0] == ':' && res[1] == '\0')) { |
381 | | /* XXX Why not? */ |
382 | 0 | krb5_set_error_message(context, KRB5_CC_FORMAT, |
383 | 0 | N_("\"DIR:\" is not a valid ccache name", "")); |
384 | 0 | return KRB5_CC_FORMAT; |
385 | 0 | } |
386 | | |
387 | | #ifdef WIN32 |
388 | | has_pathsep = strchr(res, '\\') != NULL; |
389 | | #endif |
390 | 0 | has_pathsep |= strchr(res, '/') != NULL; |
391 | |
|
392 | 0 | if ((dc = calloc(1, sizeof(*dc))) == NULL) |
393 | 0 | return krb5_enomem(context); |
394 | | |
395 | 0 | p = strrchr(res, ':'); |
396 | | #ifdef WIN32 |
397 | | is_drive_letter_colon = |
398 | | p && ((res[0] == ':' && res[1] != ':' && p - res == 2) || |
399 | | (res[0] != ':' && p - res == 1)); |
400 | | #endif |
401 | |
|
402 | 0 | if (res[0] != ':' && p && !is_drive_letter_colon) { |
403 | | /* DIR:path:NAME */ |
404 | 0 | if ((dc->dir = strndup(res, (p - res))) == NULL || |
405 | 0 | asprintf(&dc->sub, "tkt.%s", p + 1) < 0 || dc->sub == NULL) { |
406 | 0 | dcc_release(context, dc); |
407 | 0 | return krb5_enomem(context); |
408 | 0 | } |
409 | 0 | } else if (res[0] == ':' && has_pathsep) { |
410 | 0 | char *q; |
411 | | |
412 | | /* DIR::path/tktNAME (the "tkt" must be there; we'll check) */ |
413 | 0 | if ((dc->dir = strdup(&res[1])) == NULL) { |
414 | 0 | dcc_release(context, dc); |
415 | 0 | return krb5_enomem(context); |
416 | 0 | } |
417 | | #ifdef _WIN32 |
418 | | q = strrchr(dc->dir, '\\'); |
419 | | if (q == NULL || ((p = strrchr(dc->dir, '/')) && q < p)) |
420 | | #endif |
421 | 0 | q = strrchr(dc->dir, '/'); |
422 | 0 | *q++ = '\0'; |
423 | 0 | if ((dc->sub = strdup(q)) == NULL) { |
424 | 0 | dcc_release(context, dc); |
425 | 0 | return krb5_enomem(context); |
426 | 0 | } |
427 | 0 | } else if (res[0] == ':') { |
428 | | /* DIR::NAME -- no path component separators in NAME */ |
429 | 0 | if ((ret = get_default_dir(context, &dc->dir))) { |
430 | 0 | dcc_release(context, dc); |
431 | 0 | return ret; |
432 | 0 | } |
433 | 0 | if (asprintf(&dc->sub, "tkt.%s", res + 1) < 0 || dc->sub == NULL) { |
434 | 0 | dcc_release(context, dc); |
435 | 0 | return krb5_enomem(context); |
436 | 0 | } |
437 | 0 | } else { |
438 | | /* DIR:path */ |
439 | 0 | if ((dc->dir = strdup(res)) == NULL) { |
440 | 0 | dcc_release(context, dc); |
441 | 0 | return krb5_enomem(context); |
442 | 0 | } |
443 | | |
444 | 0 | if ((ret = get_default_cache(context, dc, NULL, &dc->sub))) { |
445 | 0 | dcc_release(context, dc); |
446 | 0 | return ret; |
447 | 0 | } |
448 | 0 | } |
449 | 0 | } |
450 | | |
451 | | /* Strip off extra slashes on the end */ |
452 | 0 | for (len = strlen(dc->dir); |
453 | 0 | len && ISPATHSEP(dc->dir[len - 1]); |
454 | 0 | len--) |
455 | 0 | dc->dir[len - 1] = '\0'; |
456 | | |
457 | | /* If we got here then `dc->dir' and `dc->sub' must both be set */ |
458 | |
|
459 | 0 | if ((ret = verify_directory(context, dc->dir))) { |
460 | 0 | dcc_release(context, dc); |
461 | 0 | return ret; |
462 | 0 | } |
463 | 0 | if (!is_filename_cacheish(dc->sub)) { |
464 | 0 | krb5_set_error_message(context, KRB5_CC_FORMAT, |
465 | 0 | N_("Name %s is not a cache " |
466 | 0 | "(doesn't start with tkt)", ""), dc->sub); |
467 | 0 | dcc_release(context, dc); |
468 | 0 | return KRB5_CC_FORMAT; |
469 | 0 | } |
470 | 0 | if (asprintf(&dc->name, ":%s/%s", dc->dir, dc->sub) == -1 || |
471 | 0 | dc->name == NULL || |
472 | 0 | asprintf(&filename, "FILE%s", dc->name) == -1 || filename == NULL) { |
473 | 0 | dcc_release(context, dc); |
474 | 0 | return krb5_enomem(context); |
475 | 0 | } |
476 | | |
477 | 0 | ret = krb5_cc_resolve(context, filename, &dc->fcache); |
478 | 0 | free(filename); |
479 | 0 | if (ret) { |
480 | 0 | dcc_release(context, dc); |
481 | 0 | return ret; |
482 | 0 | } |
483 | | |
484 | 0 | dc->default_candidate = 1; |
485 | 0 | (*id)->data.data = dc; |
486 | 0 | (*id)->data.length = sizeof(*dc); |
487 | 0 | return 0; |
488 | 0 | } |
489 | | |
490 | | static krb5_error_code KRB5_CALLCONV |
491 | | dcc_gen_new(krb5_context context, krb5_ccache *id) |
492 | 0 | { |
493 | 0 | krb5_error_code ret; |
494 | 0 | char *def_dir = NULL; |
495 | 0 | char *name = NULL; |
496 | 0 | int fd = -1; |
497 | |
|
498 | 0 | ret = get_default_dir(context, &def_dir); |
499 | 0 | if (ret == 0) |
500 | 0 | ret = verify_directory(context, def_dir); |
501 | 0 | if (ret == 0 && |
502 | 0 | (asprintf(&name, "DIR::%s/tktXXXXXX", def_dir) == -1 || name == NULL)) |
503 | 0 | ret = krb5_enomem(context); |
504 | 0 | if (ret == 0 && (fd = mkstemp(name + sizeof("DIR::") - 1)) == -1) |
505 | 0 | ret = errno; |
506 | 0 | if (ret == 0) |
507 | 0 | ret = dcc_resolve_2(context, id, name + sizeof("DIR:") - 1, NULL); |
508 | |
|
509 | 0 | free(def_dir); |
510 | 0 | free(name); |
511 | 0 | if (fd != -1) |
512 | 0 | close(fd); |
513 | 0 | return ret; |
514 | 0 | } |
515 | | |
516 | | static krb5_error_code KRB5_CALLCONV |
517 | | dcc_initialize(krb5_context context, |
518 | | krb5_ccache id, |
519 | | krb5_principal primary_principal) |
520 | 0 | { |
521 | 0 | krb5_dcache *dc = DCACHE(id); |
522 | 0 | return krb5_cc_initialize(context, D2FCACHE(dc), primary_principal); |
523 | 0 | } |
524 | | |
525 | | static krb5_error_code KRB5_CALLCONV |
526 | | dcc_close(krb5_context context, |
527 | | krb5_ccache id) |
528 | 0 | { |
529 | 0 | krb5_dcache *dc = DCACHE(id); |
530 | 0 | krb5_principal p = NULL; |
531 | 0 | struct stat st; |
532 | 0 | char *primary = NULL; |
533 | | |
534 | | /* |
535 | | * If there's no default cache, but we're closing one, and the one we're |
536 | | * closing has been initialized, then make it the default. This makes the |
537 | | * first cache created the default. |
538 | | * |
539 | | * FIXME We should check if `D2FCACHE(dc)' has live credentials. |
540 | | */ |
541 | 0 | if (dc->default_candidate && D2FCACHE(dc) && |
542 | 0 | krb5_cc_get_principal(context, D2FCACHE(dc), &p) == 0 && |
543 | 0 | (primary = primary_create(dc)) && |
544 | 0 | (stat(primary, &st) == -1 || !S_ISREG(st.st_mode) || st.st_size == 0)) |
545 | 0 | dcc_set_default(context, id); |
546 | 0 | krb5_free_principal(context, p); |
547 | 0 | free(primary); |
548 | 0 | dcc_release(context, DCACHE(id)); |
549 | 0 | return 0; |
550 | 0 | } |
551 | | |
552 | | static krb5_error_code KRB5_CALLCONV |
553 | | dcc_destroy(krb5_context context, |
554 | | krb5_ccache id) |
555 | 0 | { |
556 | 0 | krb5_dcache *dc = DCACHE(id); |
557 | 0 | krb5_ccache fcache = D2FCACHE(dc); |
558 | 0 | dc->fcache = NULL; |
559 | 0 | return krb5_cc_destroy(context, fcache); |
560 | 0 | } |
561 | | |
562 | | static krb5_error_code KRB5_CALLCONV |
563 | | dcc_store_cred(krb5_context context, |
564 | | krb5_ccache id, |
565 | | krb5_creds *creds) |
566 | 0 | { |
567 | 0 | krb5_dcache *dc = DCACHE(id); |
568 | 0 | return krb5_cc_store_cred(context, D2FCACHE(dc), creds); |
569 | 0 | } |
570 | | |
571 | | static krb5_error_code KRB5_CALLCONV |
572 | | dcc_get_principal(krb5_context context, |
573 | | krb5_ccache id, |
574 | | krb5_principal *principal) |
575 | 0 | { |
576 | 0 | krb5_dcache *dc = DCACHE(id); |
577 | 0 | return krb5_cc_get_principal(context, D2FCACHE(dc), principal); |
578 | 0 | } |
579 | | |
580 | | static krb5_error_code KRB5_CALLCONV |
581 | | dcc_get_first (krb5_context context, |
582 | | krb5_ccache id, |
583 | | krb5_cc_cursor *cursor) |
584 | 0 | { |
585 | 0 | krb5_dcache *dc = DCACHE(id); |
586 | 0 | return krb5_cc_start_seq_get(context, D2FCACHE(dc), cursor); |
587 | 0 | } |
588 | | |
589 | | static krb5_error_code KRB5_CALLCONV |
590 | | dcc_get_next (krb5_context context, |
591 | | krb5_ccache id, |
592 | | krb5_cc_cursor *cursor, |
593 | | krb5_creds *creds) |
594 | 0 | { |
595 | 0 | krb5_dcache *dc = DCACHE(id); |
596 | 0 | return krb5_cc_next_cred(context, D2FCACHE(dc), cursor, creds); |
597 | 0 | } |
598 | | |
599 | | static krb5_error_code KRB5_CALLCONV |
600 | | dcc_end_get (krb5_context context, |
601 | | krb5_ccache id, |
602 | | krb5_cc_cursor *cursor) |
603 | 0 | { |
604 | 0 | krb5_dcache *dc = DCACHE(id); |
605 | 0 | return krb5_cc_end_seq_get(context, D2FCACHE(dc), cursor); |
606 | 0 | } |
607 | | |
608 | | static krb5_error_code KRB5_CALLCONV |
609 | | dcc_remove_cred(krb5_context context, |
610 | | krb5_ccache id, |
611 | | krb5_flags which, |
612 | | krb5_creds *cred) |
613 | 0 | { |
614 | 0 | krb5_dcache *dc = DCACHE(id); |
615 | 0 | return krb5_cc_remove_cred(context, D2FCACHE(dc), which, cred); |
616 | 0 | } |
617 | | |
618 | | static krb5_error_code KRB5_CALLCONV |
619 | | dcc_set_flags(krb5_context context, |
620 | | krb5_ccache id, |
621 | | krb5_flags flags) |
622 | 0 | { |
623 | 0 | krb5_dcache *dc = DCACHE(id); |
624 | 0 | return krb5_cc_set_flags(context, D2FCACHE(dc), flags); |
625 | 0 | } |
626 | | |
627 | | static int KRB5_CALLCONV |
628 | | dcc_get_version(krb5_context context, |
629 | | krb5_ccache id) |
630 | 0 | { |
631 | 0 | krb5_dcache *dc = DCACHE(id); |
632 | 0 | return krb5_cc_get_version(context, D2FCACHE(dc)); |
633 | 0 | } |
634 | | |
635 | | struct dcache_iter { |
636 | | char *primary; |
637 | | krb5_dcache *dc; |
638 | | DIR *d; |
639 | | unsigned int first:1; |
640 | | }; |
641 | | |
642 | | static krb5_error_code KRB5_CALLCONV |
643 | | dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) |
644 | 0 | { |
645 | 0 | struct dcache_iter *iter = NULL; |
646 | 0 | const char *name = krb5_cc_default_name(context); |
647 | 0 | size_t len; |
648 | 0 | char *p; |
649 | |
|
650 | 0 | *cursor = NULL; |
651 | |
|
652 | 0 | if (strncmp(name, "DIR:", sizeof("DIR:") - 1) != 0) { |
653 | 0 | krb5_set_error_message(context, KRB5_CC_FORMAT, |
654 | 0 | N_("Can't list DIR caches unless its the default type", "")); |
655 | 0 | return KRB5_CC_FORMAT; |
656 | 0 | } |
657 | | |
658 | 0 | if ((iter = calloc(1, sizeof(*iter))) == NULL || |
659 | 0 | (iter->dc = calloc(1, sizeof(iter->dc[0]))) == NULL || |
660 | 0 | (iter->dc->dir = strdup(name + sizeof("DIR:") - 1)) == NULL) { |
661 | 0 | if (iter) |
662 | 0 | free(iter->dc); |
663 | 0 | free(iter); |
664 | 0 | return krb5_enomem(context); |
665 | 0 | } |
666 | 0 | iter->first = 1; |
667 | 0 | p = strrchr(iter->dc->dir, ':'); |
668 | | #ifdef WIN32 |
669 | | if (p == iter->dc->dir + 1) |
670 | | p = NULL; |
671 | | #endif |
672 | 0 | if (p) |
673 | 0 | *p = '\0'; |
674 | | |
675 | | /* Strip off extra slashes on the end */ |
676 | 0 | for (len = strlen(iter->dc->dir); |
677 | 0 | len && ISPATHSEP(iter->dc->dir[len - 1]); |
678 | 0 | len--) { |
679 | 0 | iter->dc->dir[len - 1] = '\0'; |
680 | 0 | } |
681 | |
|
682 | 0 | if ((iter->d = opendir(iter->dc->dir)) == NULL) { |
683 | 0 | krb5_set_error_message(context, KRB5_CC_FORMAT, |
684 | 0 | N_("Can't open DIR %s: %s", ""), |
685 | 0 | iter->dc->dir, strerror(errno)); |
686 | 0 | free(iter->dc->dir); |
687 | 0 | free(iter->dc); |
688 | 0 | free(iter); |
689 | 0 | return KRB5_CC_FORMAT; |
690 | 0 | } |
691 | | |
692 | 0 | *cursor = iter; |
693 | 0 | return 0; |
694 | 0 | } |
695 | | |
696 | | static krb5_error_code KRB5_CALLCONV |
697 | | dcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) |
698 | 0 | { |
699 | 0 | struct dcache_iter *iter = cursor; |
700 | 0 | krb5_error_code ret; |
701 | 0 | struct stat st; |
702 | 0 | struct dirent *dentry; |
703 | 0 | char *p = NULL; |
704 | |
|
705 | 0 | *id = NULL; |
706 | 0 | if (iter == NULL) |
707 | 0 | return krb5_einval(context, 2); |
708 | | |
709 | | /* Emit primary subsidiary first */ |
710 | 0 | if (iter->first && |
711 | 0 | get_default_cache(context, iter->dc, NULL, &iter->primary) == 0 && |
712 | 0 | iter->primary && is_filename_cacheish(iter->primary)) { |
713 | 0 | iter->first = 0; |
714 | 0 | ret = KRB5_CC_END; |
715 | 0 | if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, iter->primary) > -1 && p != NULL && |
716 | 0 | stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode)) |
717 | 0 | ret = krb5_cc_resolve(context, p, id); |
718 | 0 | if (p == NULL) |
719 | 0 | return krb5_enomem(context); |
720 | 0 | free(p); |
721 | 0 | if (ret == 0) |
722 | 0 | return ret; |
723 | 0 | p = NULL; |
724 | 0 | } |
725 | | |
726 | 0 | iter->first = 0; |
727 | 0 | for (dentry = readdir(iter->d); dentry; dentry = readdir(iter->d)) { |
728 | 0 | if (!is_filename_cacheish(dentry->d_name) || |
729 | 0 | (iter->primary && strcmp(dentry->d_name, iter->primary) == 0)) |
730 | 0 | continue; |
731 | 0 | p = NULL; |
732 | 0 | ret = KRB5_CC_END; |
733 | 0 | if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, dentry->d_name) > -1 && |
734 | 0 | p != NULL && |
735 | 0 | stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode)) |
736 | 0 | ret = krb5_cc_resolve(context, p, id); |
737 | 0 | free(p); |
738 | 0 | if (p == NULL) |
739 | 0 | return krb5_enomem(context); |
740 | 0 | if (ret == 0) |
741 | 0 | return ret; |
742 | 0 | } |
743 | 0 | return KRB5_CC_END; |
744 | 0 | } |
745 | | |
746 | | static krb5_error_code KRB5_CALLCONV |
747 | | dcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) |
748 | 0 | { |
749 | 0 | struct dcache_iter *iter = cursor; |
750 | |
|
751 | 0 | if (iter == NULL) |
752 | 0 | return krb5_einval(context, 2); |
753 | | |
754 | 0 | (void) closedir(iter->d); |
755 | 0 | free(iter->dc->dir); |
756 | 0 | free(iter->dc); |
757 | 0 | free(iter->primary); |
758 | 0 | free(iter); |
759 | 0 | return 0; |
760 | 0 | } |
761 | | |
762 | | static krb5_error_code KRB5_CALLCONV |
763 | | dcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) |
764 | 0 | { |
765 | 0 | krb5_dcache *dcfrom = DCACHE(from); |
766 | 0 | krb5_dcache *dcto = DCACHE(to); |
767 | |
|
768 | 0 | dcfrom->default_candidate = 0; |
769 | 0 | dcto->default_candidate = 1; |
770 | 0 | return krb5_cc_move(context, D2FCACHE(dcfrom), D2FCACHE(dcto)); |
771 | 0 | } |
772 | | |
773 | | static krb5_error_code KRB5_CALLCONV |
774 | | dcc_get_default_name(krb5_context context, char **str) |
775 | 0 | { |
776 | 0 | const char *def_cc_colname = |
777 | 0 | krb5_config_get_string_default(context, NULL, KRB5_DEFAULT_CCNAME_DIR, |
778 | 0 | "libdefaults", "default_cc_collection", |
779 | 0 | NULL); |
780 | | |
781 | | /* [libdefaults] default_cc_collection is for testing */ |
782 | 0 | if (strncmp(def_cc_colname, "DIR:", sizeof("DIR:") - 1) != 0) |
783 | 0 | def_cc_colname = KRB5_DEFAULT_CCNAME_DIR; |
784 | 0 | return _krb5_expand_default_cc_name(context, def_cc_colname, str); |
785 | 0 | } |
786 | | |
787 | | static krb5_error_code KRB5_CALLCONV |
788 | | dcc_set_default(krb5_context context, krb5_ccache id) |
789 | 0 | { |
790 | 0 | krb5_dcache *dc = DCACHE(id); |
791 | |
|
792 | 0 | if (dc->sub == NULL) |
793 | 0 | return ENOENT; |
794 | 0 | return set_default_cache(context, dc, dc->sub); |
795 | 0 | } |
796 | | |
797 | | static krb5_error_code KRB5_CALLCONV |
798 | | dcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) |
799 | 0 | { |
800 | 0 | krb5_dcache *dc = DCACHE(id); |
801 | 0 | return krb5_cc_last_change_time(context, D2FCACHE(dc), mtime); |
802 | 0 | } |
803 | | |
804 | | static krb5_error_code KRB5_CALLCONV |
805 | | dcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) |
806 | 0 | { |
807 | 0 | krb5_dcache *dc = DCACHE(id); |
808 | 0 | return krb5_cc_set_kdc_offset(context, D2FCACHE(dc), kdc_offset); |
809 | 0 | } |
810 | | |
811 | | static krb5_error_code KRB5_CALLCONV |
812 | | dcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) |
813 | 0 | { |
814 | 0 | krb5_dcache *dc = DCACHE(id); |
815 | 0 | return krb5_cc_get_kdc_offset(context, D2FCACHE(dc), kdc_offset); |
816 | 0 | } |
817 | | |
818 | | |
819 | | /** |
820 | | * Variable containing the DIR based credential cache implementation. |
821 | | * |
822 | | * @ingroup krb5_ccache |
823 | | */ |
824 | | |
825 | | KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops = { |
826 | | KRB5_CC_OPS_VERSION_5, |
827 | | "DIR", |
828 | | NULL, |
829 | | NULL, |
830 | | dcc_gen_new, |
831 | | dcc_initialize, |
832 | | dcc_destroy, |
833 | | dcc_close, |
834 | | dcc_store_cred, |
835 | | NULL, /* dcc_retrieve */ |
836 | | dcc_get_principal, |
837 | | dcc_get_first, |
838 | | dcc_get_next, |
839 | | dcc_end_get, |
840 | | dcc_remove_cred, |
841 | | dcc_set_flags, |
842 | | dcc_get_version, |
843 | | dcc_get_cache_first, |
844 | | dcc_get_cache_next, |
845 | | dcc_end_cache_get, |
846 | | dcc_move, |
847 | | dcc_get_default_name, |
848 | | dcc_set_default, |
849 | | dcc_lastchange, |
850 | | dcc_set_kdc_offset, |
851 | | dcc_get_kdc_offset, |
852 | | dcc_get_name_2, |
853 | | dcc_resolve_2 |
854 | | }; |