2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "krb5_locl.h"
38 typedef struct krb5_fcache{
48 #define KRB5_FCC_FVNO_1 1
49 #define KRB5_FCC_FVNO_2 2
50 #define KRB5_FCC_FVNO_3 3
51 #define KRB5_FCC_FVNO_4 4
53 #define FCC_TAG_DELTATIME 1
55 #define FCACHE(X) ((krb5_fcache*)(X)->data.data)
57 #define FILENAME(X) (FCACHE(X)->filename)
59 #define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
61 static const char* KRB5_CALLCONV
62 fcc_get_name(krb5_context context,
69 _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
78 l.l_type = exclusive ? F_WRLCK : F_RDLCK;
79 l.l_whence = SEEK_SET;
80 ret = fcntl(fd, F_SETLKW, &l);
82 ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
86 if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
92 case EINVAL: /* filesystem doesn't support locking, let the user have it */
96 krb5_set_error_message(context, ret,
97 N_("timed out locking cache file %s", "file"),
102 rk_strerror_r(ret, buf, sizeof(buf));
103 krb5_set_error_message(context, ret,
104 N_("error locking cache file %s: %s",
105 "file, error"), filename, buf);
113 _krb5_xunlock(krb5_context context, int fd)
121 l.l_whence = SEEK_SET;
122 ret = fcntl(fd, F_SETLKW, &l);
124 ret = flock(fd, LOCK_UN);
131 case EINVAL: /* filesystem doesn't support locking, let the user have it */
136 rk_strerror_r(ret, buf, sizeof(buf));
137 krb5_set_error_message(context, ret,
138 N_("Failed to unlock file: %s", ""), buf);
145 static krb5_error_code
146 write_storage(krb5_context context, krb5_storage *sp, int fd)
152 ret = krb5_storage_to_data(sp, &data);
154 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
157 sret = write(fd, data.data, data.length);
158 ret = (sret != data.length);
159 krb5_data_free(&data);
162 krb5_set_error_message(context, ret,
163 N_("Failed to write FILE credential data", ""));
170 static krb5_error_code KRB5_CALLCONV
171 fcc_lock(krb5_context context, krb5_ccache id,
172 int fd, krb5_boolean exclusive)
174 return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
177 static krb5_error_code KRB5_CALLCONV
178 fcc_unlock(krb5_context context, int fd)
180 return _krb5_xunlock(context, fd);
183 static krb5_error_code KRB5_CALLCONV
184 fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
187 f = malloc(sizeof(*f));
189 krb5_set_error_message(context, KRB5_CC_NOMEM,
190 N_("malloc: out of memory", ""));
191 return KRB5_CC_NOMEM;
193 f->filename = strdup(res);
194 if(f->filename == NULL){
196 krb5_set_error_message(context, KRB5_CC_NOMEM,
197 N_("malloc: out of memory", ""));
198 return KRB5_CC_NOMEM;
201 (*id)->data.data = f;
202 (*id)->data.length = sizeof(*f);
207 * Try to scrub the contents of `filename' safely.
216 pos = lseek(fd, 0, SEEK_END);
219 if (lseek(fd, 0, SEEK_SET) < 0)
221 memset(buf, 0, sizeof(buf));
223 ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
238 * Erase `filename' if it exists, trying to remove the contents if
239 * it's `safe'. We always try to remove the file, it it exists. It's
240 * only overwritten if it's a regular file (not a symlink and not a
245 _krb5_erase_file(krb5_context context, const char *filename)
248 struct stat sb1, sb2;
251 ret = lstat (filename, &sb1);
255 fd = open(filename, O_RDWR | O_BINARY);
263 ret = _krb5_xlock(context, fd, 1, filename);
268 if (unlink(filename) < 0) {
269 _krb5_xunlock(context, fd);
273 ret = fstat (fd, &sb2);
275 _krb5_xunlock(context, fd);
280 /* check if someone was playing with symlinks */
282 if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
283 _krb5_xunlock(context, fd);
288 /* there are still hard links to this file */
290 if (sb2.st_nlink != 0) {
291 _krb5_xunlock(context, fd);
296 ret = scrub_file (fd);
298 _krb5_xunlock(context, fd);
302 ret = _krb5_xunlock(context, fd);
307 static krb5_error_code KRB5_CALLCONV
308 fcc_gen_new(krb5_context context, krb5_ccache *id)
310 char *file = NULL, *exp_file = NULL;
315 f = malloc(sizeof(*f));
317 krb5_set_error_message(context, KRB5_CC_NOMEM,
318 N_("malloc: out of memory", ""));
319 return KRB5_CC_NOMEM;
321 ret = asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
322 if(ret < 0 || file == NULL) {
324 krb5_set_error_message(context, KRB5_CC_NOMEM,
325 N_("malloc: out of memory", ""));
326 return KRB5_CC_NOMEM;
328 ret = _krb5_expand_path_tokens(context, file, &exp_file);
335 fd = mkstemp(exp_file);
338 krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file);
344 f->filename = exp_file;
346 (*id)->data.data = f;
347 (*id)->data.length = sizeof(*f);
352 storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
356 case KRB5_FCC_FVNO_1:
357 flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
358 flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
359 flags |= KRB5_STORAGE_HOST_BYTEORDER;
361 case KRB5_FCC_FVNO_2:
362 flags |= KRB5_STORAGE_HOST_BYTEORDER;
364 case KRB5_FCC_FVNO_3:
365 flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
367 case KRB5_FCC_FVNO_4:
371 "storage_set_flags called with bad vno (%x)", vno);
373 krb5_storage_set_flags(sp, flags);
376 static krb5_error_code KRB5_CALLCONV
377 fcc_open(krb5_context context,
383 krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
384 (flags | O_RDWR) == flags);
386 const char *filename = FILENAME(id);
388 fd = open(filename, flags, mode);
392 rk_strerror_r(ret, buf, sizeof(buf));
393 krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
399 if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
407 static krb5_error_code KRB5_CALLCONV
408 fcc_initialize(krb5_context context,
410 krb5_principal primary_principal)
412 krb5_fcache *f = FCACHE(id);
415 char *filename = f->filename;
419 ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
424 sp = krb5_storage_emem();
425 krb5_storage_set_eof_code(sp, KRB5_CC_END);
426 if(context->fcache_vno != 0)
427 f->version = context->fcache_vno;
429 f->version = KRB5_FCC_FVNO_4;
430 ret |= krb5_store_int8(sp, 5);
431 ret |= krb5_store_int8(sp, f->version);
432 storage_set_flags(context, sp, f->version);
433 if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
435 if (context->kdc_sec_offset) {
436 ret |= krb5_store_int16 (sp, 12); /* length */
437 ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
438 ret |= krb5_store_int16 (sp, 8); /* length of data */
439 ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
440 ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
442 ret |= krb5_store_int16 (sp, 0);
445 ret |= krb5_store_principal(sp, primary_principal);
447 ret |= write_storage(context, sp, fd);
449 krb5_storage_free(sp);
451 fcc_unlock(context, fd);
456 rk_strerror_r(ret, buf, sizeof(buf));
457 krb5_set_error_message (context, ret, N_("close %s: %s", ""),
463 static krb5_error_code KRB5_CALLCONV
464 fcc_close(krb5_context context,
468 krb5_data_free(&id->data);
472 static krb5_error_code KRB5_CALLCONV
473 fcc_destroy(krb5_context context,
476 _krb5_erase_file(context, FILENAME(id));
480 static krb5_error_code KRB5_CALLCONV
481 fcc_store_cred(krb5_context context,
488 ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0);
494 sp = krb5_storage_emem();
495 krb5_storage_set_eof_code(sp, KRB5_CC_END);
496 storage_set_flags(context, sp, FCACHE(id)->version);
497 if (!krb5_config_get_bool_default(context, NULL, TRUE,
499 "fcc-mit-ticketflags",
501 krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
502 ret = krb5_store_creds(sp, creds);
504 ret = write_storage(context, sp, fd);
505 krb5_storage_free(sp);
507 fcc_unlock(context, fd);
511 rk_strerror_r(ret, buf, sizeof(buf));
513 krb5_set_error_message (context, ret, N_("close %s: %s", ""),
520 static krb5_error_code
521 init_fcc (krb5_context context,
523 krb5_storage **ret_sp,
525 krb5_deltat *kdc_offset)
535 ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
539 sp = krb5_storage_from_fd(fd);
541 krb5_clear_error_message(context);
545 krb5_storage_set_eof_code(sp, KRB5_CC_END);
546 ret = krb5_ret_int8(sp, &pvno);
548 if(ret == KRB5_CC_END) {
550 krb5_set_error_message(context, ret,
551 N_("Empty credential cache file: %s", ""),
554 krb5_set_error_message(context, ret, N_("Error reading pvno "
555 "in cache file: %s", ""),
560 ret = KRB5_CCACHE_BADVNO;
561 krb5_set_error_message(context, ret, N_("Bad version number in credential "
562 "cache file: %s", ""),
566 ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
568 ret = KRB5_CC_FORMAT;
569 krb5_set_error_message(context, ret, "Error reading tag in "
570 "cache file: %s", FILENAME(id));
573 FCACHE(id)->version = tag;
574 storage_set_flags(context, sp, FCACHE(id)->version);
576 case KRB5_FCC_FVNO_4: {
579 ret = krb5_ret_int16 (sp, &length);
581 ret = KRB5_CC_FORMAT;
582 krb5_set_error_message(context, ret,
583 N_("Error reading tag length in "
584 "cache file: %s", ""), FILENAME(id));
588 int16_t dtag, data_len;
592 ret = krb5_ret_int16 (sp, &dtag);
594 ret = KRB5_CC_FORMAT;
595 krb5_set_error_message(context, ret, N_("Error reading dtag in "
596 "cache file: %s", ""),
600 ret = krb5_ret_int16 (sp, &data_len);
602 ret = KRB5_CC_FORMAT;
603 krb5_set_error_message(context, ret,
604 N_("Error reading dlength "
605 "in cache file: %s",""),
610 case FCC_TAG_DELTATIME : {
613 ret = krb5_ret_int32 (sp, &offset);
614 ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
616 ret = KRB5_CC_FORMAT;
617 krb5_set_error_message(context, ret,
618 N_("Error reading kdc_sec in "
619 "cache file: %s", ""),
623 context->kdc_sec_offset = offset;
625 *kdc_offset = offset;
629 for (i = 0; i < data_len; ++i) {
630 ret = krb5_ret_int8 (sp, &dummy);
632 ret = KRB5_CC_FORMAT;
633 krb5_set_error_message(context, ret,
634 N_("Error reading unknown "
635 "tag in cache file: %s", ""),
642 length -= 4 + data_len;
646 case KRB5_FCC_FVNO_3:
647 case KRB5_FCC_FVNO_2:
648 case KRB5_FCC_FVNO_1:
651 ret = KRB5_CCACHE_BADVNO;
652 krb5_set_error_message(context, ret,
653 N_("Unknown version number (%d) in "
654 "credential cache file: %s", ""),
655 (int)tag, FILENAME(id));
664 krb5_storage_free(sp);
665 fcc_unlock(context, fd);
670 static krb5_error_code KRB5_CALLCONV
671 fcc_get_principal(krb5_context context,
673 krb5_principal *principal)
679 ret = init_fcc (context, id, &sp, &fd, NULL);
682 ret = krb5_ret_principal(sp, principal);
684 krb5_clear_error_message(context);
685 krb5_storage_free(sp);
686 fcc_unlock(context, fd);
691 static krb5_error_code KRB5_CALLCONV
692 fcc_end_get (krb5_context context,
694 krb5_cc_cursor *cursor);
696 static krb5_error_code KRB5_CALLCONV
697 fcc_get_first (krb5_context context,
699 krb5_cc_cursor *cursor)
702 krb5_principal principal;
704 *cursor = malloc(sizeof(struct fcc_cursor));
705 if (*cursor == NULL) {
706 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
709 memset(*cursor, 0, sizeof(struct fcc_cursor));
711 ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
712 &FCC_CURSOR(*cursor)->fd, NULL);
718 ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
720 krb5_clear_error_message(context);
721 fcc_end_get(context, id, cursor);
724 krb5_free_principal (context, principal);
725 fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
729 static krb5_error_code KRB5_CALLCONV
730 fcc_get_next (krb5_context context,
732 krb5_cc_cursor *cursor,
736 if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
739 ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
741 krb5_clear_error_message(context);
743 fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
747 static krb5_error_code KRB5_CALLCONV
748 fcc_end_get (krb5_context context,
750 krb5_cc_cursor *cursor)
752 krb5_storage_free(FCC_CURSOR(*cursor)->sp);
753 close (FCC_CURSOR(*cursor)->fd);
759 static krb5_error_code KRB5_CALLCONV
760 fcc_remove_cred(krb5_context context,
766 krb5_ccache copy, newfile;
767 char *newname = NULL;
770 ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, ©);
774 ret = krb5_cc_copy_cache(context, id, copy);
776 krb5_cc_destroy(context, copy);
780 ret = krb5_cc_remove_cred(context, copy, which, cred);
782 krb5_cc_destroy(context, copy);
786 ret = asprintf(&newname, "FILE:%s.XXXXXX", FILENAME(id));
787 if (ret < 0 || newname == NULL) {
788 krb5_cc_destroy(context, copy);
792 fd = mkstemp(&newname[5]);
795 krb5_cc_destroy(context, copy);
800 ret = krb5_cc_resolve(context, newname, &newfile);
804 krb5_cc_destroy(context, copy);
808 ret = krb5_cc_copy_cache(context, copy, newfile);
809 krb5_cc_destroy(context, copy);
812 krb5_cc_destroy(context, newfile);
816 ret = rename(&newname[5], FILENAME(id));
817 #ifdef RENAME_DOES_NOT_UNLINK
818 if (ret && (errno == EEXIST || errno == EACCES)) {
819 ret = unlink(FILENAME(id));
821 ret = rename(&newname[5], FILENAME(id));
828 krb5_cc_close(context, newfile);
833 static krb5_error_code KRB5_CALLCONV
834 fcc_set_flags(krb5_context context,
841 static int KRB5_CALLCONV
842 fcc_get_version(krb5_context context,
845 return FCACHE(id)->version;
852 static krb5_error_code KRB5_CALLCONV
853 fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
855 struct fcache_iter *iter;
857 iter = calloc(1, sizeof(*iter));
859 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
867 static krb5_error_code KRB5_CALLCONV
868 fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
870 struct fcache_iter *iter = cursor;
873 char *expandedfn = NULL;
876 krb5_clear_error_message(context);
881 fn = krb5_cc_default_name(context);
882 if (fn == NULL || strncasecmp(fn, "FILE:", 5) != 0) {
883 ret = _krb5_expand_default_cc_name(context,
884 KRB5_DEFAULT_CCNAME_FILE,
890 /* check if file exists, don't return a non existant "next" */
891 if (strncasecmp(fn, "FILE:", 5) == 0) {
893 ret = stat(fn + 5, &sb);
899 ret = krb5_cc_resolve(context, fn, id);
907 static krb5_error_code KRB5_CALLCONV
908 fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
910 struct fcache_iter *iter = cursor;
915 static krb5_error_code KRB5_CALLCONV
916 fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
918 krb5_error_code ret = 0;
920 ret = rename(FILENAME(from), FILENAME(to));
921 #ifdef RENAME_DOES_NOT_UNLINK
922 if (ret && (errno == EEXIST || errno == EACCES)) {
923 ret = unlink(FILENAME(to));
925 ret = rename(FILENAME(from), FILENAME(to));
930 if (ret && errno != EXDEV) {
933 rk_strerror_r(ret, buf, sizeof(buf));
934 krb5_set_error_message(context, ret,
935 N_("Rename of file from %s "
936 "to %s failed: %s", ""),
937 FILENAME(from), FILENAME(to), buf);
939 } else if (ret && errno == EXDEV) {
940 /* make a copy and delete the orignal */
941 krb5_ssize_t sz1, sz2;
945 ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
949 unlink(FILENAME(to));
951 ret = fcc_open(context, to, &fd2,
952 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
956 while((sz1 = read(fd1, buf, sizeof(buf))) > 0) {
957 sz2 = write(fd2, buf, sz1);
960 krb5_set_error_message(context, ret,
961 N_("Failed to write data from one file "
962 "credential cache to the other", ""));
968 krb5_set_error_message(context, ret,
969 N_("Failed to read data from one file "
970 "credential cache to the other", ""));
974 fcc_unlock(context, fd2);
978 fcc_unlock(context, fd1);
981 _krb5_erase_file(context, FILENAME(from));
984 _krb5_erase_file(context, FILENAME(to));
989 /* make sure ->version is uptodate */
993 if ((ret = init_fcc (context, to, &sp, &fd, NULL)) == 0) {
995 krb5_storage_free(sp);
996 fcc_unlock(context, fd);
1001 fcc_close(context, from);
1006 static krb5_error_code KRB5_CALLCONV
1007 fcc_get_default_name(krb5_context context, char **str)
1009 return _krb5_expand_default_cc_name(context,
1010 KRB5_DEFAULT_CCNAME_FILE,
1014 static krb5_error_code KRB5_CALLCONV
1015 fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
1017 krb5_error_code ret;
1021 ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
1024 ret = fstat(fd, &sb);
1028 krb5_set_error_message(context, ret, N_("Failed to stat cache file", ""));
1031 *mtime = sb.st_mtime;
1035 static krb5_error_code KRB5_CALLCONV
1036 fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
1041 static krb5_error_code KRB5_CALLCONV
1042 fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
1044 krb5_error_code ret;
1045 krb5_storage *sp = NULL;
1047 ret = init_fcc(context, id, &sp, &fd, kdc_offset);
1049 krb5_storage_free(sp);
1050 fcc_unlock(context, fd);
1058 * Variable containing the FILE based credential cache implemention.
1060 * @ingroup krb5_ccache
1063 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
1064 KRB5_CC_OPS_VERSION,
1073 NULL, /* fcc_retrieve */
1081 fcc_get_cache_first,
1085 fcc_get_default_name,