2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $");
38 typedef struct krb5_fcache{
48 #define KRB5_FCC_FVNO_1 1
49 #define KRB5_FCC_FVNO_2 2
50 #define KRB5_FCC_FVNO_3 3
51 #define KRB5_FCC_FVNO_4 4
53 #define FCC_TAG_DELTATIME 1
55 #define FCACHE(X) ((krb5_fcache*)(X)->data.data)
57 #define FILENAME(X) (FCACHE(X)->filename)
59 #define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
62 fcc_get_name(krb5_context context,
69 _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
78 l.l_type = exclusive ? F_WRLCK : F_RDLCK;
79 l.l_whence = SEEK_SET;
80 ret = fcntl(fd, F_SETLKW, &l);
82 ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
86 if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
92 case EINVAL: /* filesystem doesn't support locking, let the user have it */
96 krb5_set_error_message(context, ret, "timed out locking cache file %s",
100 krb5_set_error_message(context, ret, "error locking cache file %s: %s",
101 filename, strerror(ret));
108 _krb5_xunlock(krb5_context context, int fd)
116 l.l_whence = SEEK_SET;
117 ret = fcntl(fd, F_SETLKW, &l);
119 ret = flock(fd, LOCK_UN);
126 case EINVAL: /* filesystem doesn't support locking, let the user have it */
130 krb5_set_error_message(context, ret,
131 "Failed to unlock file: %s",
138 static krb5_error_code
139 write_storage(krb5_context context, krb5_storage *sp, int fd)
145 ret = krb5_storage_to_data(sp, &data);
147 krb5_set_error_message(context, ret, "malloc: out of memory");
150 sret = write(fd, data.data, data.length);
151 ret = (sret != data.length);
152 krb5_data_free(&data);
155 krb5_set_error_message(context, ret,
156 "Failed to write FILE credential data");
163 static krb5_error_code
164 fcc_lock(krb5_context context, krb5_ccache id,
165 int fd, krb5_boolean exclusive)
167 return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
170 static krb5_error_code
171 fcc_unlock(krb5_context context, int fd)
173 return _krb5_xunlock(context, fd);
176 static krb5_error_code
177 fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
180 f = malloc(sizeof(*f));
182 krb5_set_error_message(context, KRB5_CC_NOMEM,
183 "malloc: out of memory");
184 return KRB5_CC_NOMEM;
186 f->filename = strdup(res);
187 if(f->filename == NULL){
189 krb5_set_error_message(context, KRB5_CC_NOMEM,
190 "malloc: out of memory");
191 return KRB5_CC_NOMEM;
194 (*id)->data.data = f;
195 (*id)->data.length = sizeof(*f);
200 * Try to scrub the contents of `filename' safely.
209 pos = lseek(fd, 0, SEEK_END);
212 if (lseek(fd, 0, SEEK_SET) < 0)
214 memset(buf, 0, sizeof(buf));
216 ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
227 * Erase `filename' if it exists, trying to remove the contents if
228 * it's `safe'. We always try to remove the file, it it exists. It's
229 * only overwritten if it's a regular file (not a symlink and not a
233 static krb5_error_code
234 erase_file(krb5_context context, const char *filename)
237 struct stat sb1, sb2;
240 ret = lstat (filename, &sb1);
244 fd = open(filename, O_RDWR | O_BINARY);
252 ret = _krb5_xlock(context, fd, 1, filename);
257 if (unlink(filename) < 0) {
258 _krb5_xunlock(context, fd);
262 ret = fstat (fd, &sb2);
264 _krb5_xunlock(context, fd);
269 /* check if someone was playing with symlinks */
271 if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
272 _krb5_xunlock(context, fd);
277 /* there are still hard links to this file */
279 if (sb2.st_nlink != 0) {
280 _krb5_xunlock(context, fd);
285 ret = scrub_file (fd);
287 _krb5_xunlock(context, fd);
291 ret = _krb5_xunlock(context, fd);
296 static krb5_error_code
297 fcc_gen_new(krb5_context context, krb5_ccache *id)
303 f = malloc(sizeof(*f));
305 krb5_set_error_message(context, KRB5_CC_NOMEM,
306 "malloc: out of memory");
307 return KRB5_CC_NOMEM;
309 asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
312 krb5_set_error_message(context, KRB5_CC_NOMEM,
313 "malloc: out of memory");
314 return KRB5_CC_NOMEM;
319 krb5_set_error_message(context, ret, "mkstemp %s", file);
327 (*id)->data.data = f;
328 (*id)->data.length = sizeof(*f);
333 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
337 case KRB5_FCC_FVNO_1:
338 flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
339 flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
340 flags |= KRB5_STORAGE_HOST_BYTEORDER;
342 case KRB5_FCC_FVNO_2:
343 flags |= KRB5_STORAGE_HOST_BYTEORDER;
345 case KRB5_FCC_FVNO_3:
346 flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
348 case KRB5_FCC_FVNO_4:
352 "storage_set_flags called with bad vno (%x)", vno);
354 krb5_storage_set_flags(sp, flags);
357 static krb5_error_code
358 fcc_open(krb5_context context,
364 krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
365 (flags | O_RDWR) == flags);
367 const char *filename = FILENAME(id);
369 fd = open(filename, flags, mode);
372 krb5_set_error_message(context, ret, "open(%s): %s", filename,
378 if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
386 static krb5_error_code
387 fcc_initialize(krb5_context context,
389 krb5_principal primary_principal)
391 krb5_fcache *f = FCACHE(id);
394 char *filename = f->filename;
398 ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
403 sp = krb5_storage_emem();
404 krb5_storage_set_eof_code(sp, KRB5_CC_END);
405 if(context->fcache_vno != 0)
406 f->version = context->fcache_vno;
408 f->version = KRB5_FCC_FVNO_4;
409 ret |= krb5_store_int8(sp, 5);
410 ret |= krb5_store_int8(sp, f->version);
411 storage_set_flags(context, sp, f->version);
412 if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
414 if (context->kdc_sec_offset) {
415 ret |= krb5_store_int16 (sp, 12); /* length */
416 ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
417 ret |= krb5_store_int16 (sp, 8); /* length of data */
418 ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
419 ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
421 ret |= krb5_store_int16 (sp, 0);
424 ret |= krb5_store_principal(sp, primary_principal);
426 ret |= write_storage(context, sp, fd);
428 krb5_storage_free(sp);
430 fcc_unlock(context, fd);
434 krb5_set_error_message (context, ret, "close %s: %s",
435 FILENAME(id), strerror(ret));
440 static krb5_error_code
441 fcc_close(krb5_context context,
445 krb5_data_free(&id->data);
449 static krb5_error_code
450 fcc_destroy(krb5_context context,
453 erase_file(context, FILENAME(id));
457 static krb5_error_code
458 fcc_store_cred(krb5_context context,
465 ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
471 sp = krb5_storage_emem();
472 krb5_storage_set_eof_code(sp, KRB5_CC_END);
473 storage_set_flags(context, sp, FCACHE(id)->version);
474 if (!krb5_config_get_bool_default(context, NULL, TRUE,
476 "fcc-mit-ticketflags",
478 krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
479 ret = krb5_store_creds(sp, creds);
481 ret = write_storage(context, sp, fd);
482 krb5_storage_free(sp);
484 fcc_unlock(context, fd);
488 krb5_set_error_message (context, ret, "close %s: %s",
489 FILENAME(id), strerror(ret));
495 static krb5_error_code
496 init_fcc (krb5_context context,
498 krb5_storage **ret_sp,
506 ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
510 sp = krb5_storage_from_fd(fd);
512 krb5_clear_error_string(context);
516 krb5_storage_set_eof_code(sp, KRB5_CC_END);
517 ret = krb5_ret_int8(sp, &pvno);
519 if(ret == KRB5_CC_END) {
521 krb5_set_error_message(context, ret,
522 "Empty credential cache file: %s",
525 krb5_set_error_message(context, ret, "Error reading pvno in "
526 "cache file: %s", FILENAME(id));
530 ret = KRB5_CCACHE_BADVNO;
531 krb5_set_error_message(context, ret, "Bad version number in "
532 "credential cache file: %s",
536 ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
538 ret = KRB5_CC_FORMAT;
539 krb5_set_error_message(context, ret, "Error reading tag in "
540 "cache file: %s", FILENAME(id));
543 FCACHE(id)->version = tag;
544 storage_set_flags(context, sp, FCACHE(id)->version);
546 case KRB5_FCC_FVNO_4: {
549 ret = krb5_ret_int16 (sp, &length);
551 ret = KRB5_CC_FORMAT;
552 krb5_set_error_message(context, ret,
553 "Error reading tag length in "
554 "cache file: %s", FILENAME(id));
558 int16_t dtag, data_len;
562 ret = krb5_ret_int16 (sp, &dtag);
564 ret = KRB5_CC_FORMAT;
565 krb5_set_error_message(context, ret, "Error reading dtag in "
566 "cache file: %s", FILENAME(id));
569 ret = krb5_ret_int16 (sp, &data_len);
571 ret = KRB5_CC_FORMAT;
572 krb5_set_error_message(context, ret, "Error reading dlength in "
573 "cache file: %s", FILENAME(id));
577 case FCC_TAG_DELTATIME :
578 ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
580 ret = KRB5_CC_FORMAT;
581 krb5_set_error_message(context, ret, "Error reading kdc_sec in "
582 "cache file: %s", FILENAME(id));
585 ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
587 ret = KRB5_CC_FORMAT;
588 krb5_set_error_message(context, ret, "Error reading kdc_usec in "
589 "cache file: %s", FILENAME(id));
594 for (i = 0; i < data_len; ++i) {
595 ret = krb5_ret_int8 (sp, &dummy);
597 ret = KRB5_CC_FORMAT;
598 krb5_set_error_message(context, ret,
599 "Error reading unknown "
600 "tag in cache file: %s",
607 length -= 4 + data_len;
611 case KRB5_FCC_FVNO_3:
612 case KRB5_FCC_FVNO_2:
613 case KRB5_FCC_FVNO_1:
616 ret = KRB5_CCACHE_BADVNO;
617 krb5_set_error_message(context, ret, "Unknown version number (%d) in "
618 "credential cache file: %s",
619 (int)tag, FILENAME(id));
628 krb5_storage_free(sp);
629 fcc_unlock(context, fd);
634 static krb5_error_code
635 fcc_get_principal(krb5_context context,
637 krb5_principal *principal)
643 ret = init_fcc (context, id, &sp, &fd);
646 ret = krb5_ret_principal(sp, principal);
648 krb5_clear_error_string(context);
649 krb5_storage_free(sp);
650 fcc_unlock(context, fd);
655 static krb5_error_code
656 fcc_end_get (krb5_context context,
658 krb5_cc_cursor *cursor);
660 static krb5_error_code
661 fcc_get_first (krb5_context context,
663 krb5_cc_cursor *cursor)
666 krb5_principal principal;
668 *cursor = malloc(sizeof(struct fcc_cursor));
669 if (*cursor == NULL) {
670 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
673 memset(*cursor, 0, sizeof(struct fcc_cursor));
675 ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
676 &FCC_CURSOR(*cursor)->fd);
682 ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
684 krb5_clear_error_string(context);
685 fcc_end_get(context, id, cursor);
688 krb5_free_principal (context, principal);
689 fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
693 static krb5_error_code
694 fcc_get_next (krb5_context context,
696 krb5_cc_cursor *cursor,
700 if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
703 ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
705 krb5_clear_error_string(context);
707 fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
711 static krb5_error_code
712 fcc_end_get (krb5_context context,
714 krb5_cc_cursor *cursor)
716 krb5_storage_free(FCC_CURSOR(*cursor)->sp);
717 close (FCC_CURSOR(*cursor)->fd);
723 static krb5_error_code
724 fcc_remove_cred(krb5_context context,
730 krb5_ccache copy, newfile;
732 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, ©);
736 ret = krb5_cc_copy_cache(context, id, copy);
738 krb5_cc_destroy(context, copy);
742 ret = krb5_cc_remove_cred(context, copy, which, cred);
744 krb5_cc_destroy(context, copy);
748 ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &newfile);
750 krb5_cc_destroy(context, copy);
754 ret = krb5_cc_copy_cache(context, copy, newfile);
755 krb5_cc_destroy(context, copy);
757 krb5_cc_destroy(context, newfile);
761 return krb5_cc_move(context, newfile, id);
764 static krb5_error_code
765 fcc_set_flags(krb5_context context,
773 fcc_get_version(krb5_context context,
776 return FCACHE(id)->version;
783 static krb5_error_code
784 fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
786 struct fcache_iter *iter;
788 iter = calloc(1, sizeof(*iter));
790 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
798 static krb5_error_code
799 fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
801 struct fcache_iter *iter = cursor;
804 char *expandedfn = NULL;
807 krb5_clear_error_string(context);
812 fn = krb5_cc_default_name(context);
813 if (strncasecmp(fn, "FILE:", 5) != 0) {
814 ret = _krb5_expand_default_cc_name(context,
815 KRB5_DEFAULT_CCNAME_FILE,
820 ret = krb5_cc_resolve(context, fn, id);
827 static krb5_error_code
828 fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
830 struct fcache_iter *iter = cursor;
835 static krb5_error_code
836 fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
838 krb5_error_code ret = 0;
840 ret = rename(FILENAME(from), FILENAME(to));
841 if (ret && errno != EXDEV) {
843 krb5_set_error_message(context, ret,
844 "Rename of file from %s to %s failed: %s",
845 FILENAME(from), FILENAME(to),
848 } else if (ret && errno == EXDEV) {
849 /* make a copy and delete the orignal */
850 krb5_ssize_t sz1, sz2;
854 ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
858 unlink(FILENAME(to));
860 ret = fcc_open(context, to, &fd2,
861 O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
865 while((sz1 = read(fd1, buf, sizeof(buf))) > 0) {
866 sz2 = write(fd2, buf, sz1);
869 krb5_set_error_message(context, ret,
870 "Failed to write data from one file "
871 "credential cache to the other");
877 krb5_set_error_message(context, ret,
878 "Failed to read data from one file "
879 "credential cache to the other");
883 fcc_unlock(context, fd2);
887 fcc_unlock(context, fd1);
890 erase_file(context, FILENAME(from));
893 erase_file(context, FILENAME(to));
898 /* make sure ->version is uptodate */
902 ret = init_fcc (context, to, &sp, &fd);
903 krb5_storage_free(sp);
904 fcc_unlock(context, fd);
910 static krb5_error_code
911 fcc_default_name(krb5_context context, char **str)
913 return _krb5_expand_default_cc_name(context,
914 KRB5_DEFAULT_CCNAME_FILE,
919 * Variable containing the FILE based credential cache implemention.
921 * @ingroup krb5_ccache
924 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
934 NULL, /* fcc_retrieve */