2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "krb5_locl.h"
38 typedef struct krb5_dcache{
43 unsigned int default_candidate:1;
46 #define DCACHE(X) ((krb5_dcache*)(X)->data.data)
47 #define D2FCACHE(X) ((X)->fcache)
49 static krb5_error_code KRB5_CALLCONV dcc_close(krb5_context, krb5_ccache);
50 static krb5_error_code KRB5_CALLCONV dcc_get_default_name(krb5_context, char **);
51 static krb5_error_code KRB5_CALLCONV dcc_set_default(krb5_context, krb5_ccache);
54 * Make subsidiary filesystem safe by mapping / and : to -. If the subsidiary
55 * is longer than 128 bytes, then truncate.
56 * In all cases, "tkt." is prefixed to be compatible with the DIR requirement
57 * that subsidiary ccache files be named tkt*.
59 * Thus host/foo.bar.baz@BAR.BAZ -> tkt.host-foo.bar.baz@BAR.BAZ.
61 * In particular, no filesystem component separators will be emitted, and . and
62 * .. will never be traversed.
64 static krb5_error_code
65 fs_encode_subsidiary(krb5_context context,
67 const char *subsidiary,
70 size_t len = strlen(subsidiary);
74 if (asprintf(res, "tkt.%s", subsidiary) == -1 || *res == NULL)
75 return krb5_enomem(context);
76 for (i = sizeof("tkt.") - 1; i < len; i++) {
79 case '\\': (*res)[0] = '-'; break;
81 case '/': (*res)[0] = '-'; break;
82 case ':': (*res)[0] = '-'; break;
87 /* Hopefully this will work on all filesystems */
88 if (len > 128 - sizeof("tkt.") - 1)
94 primary_create(krb5_dcache *dc)
97 int asprintf_ret = asprintf(&primary, "%s/primary", dc->dir);
98 if (asprintf_ret == -1 || primary == NULL) {
106 is_filename_cacheish(const char *name)
110 if (strncmp(name, "tkt", sizeof("tkt") - 1) != 0)
112 for (i = sizeof("tkt") - 1; name[i]; i++)
113 if (ISPATHSEP(name[i]))
118 static krb5_error_code
119 set_default_cache(krb5_context context, krb5_dcache *dc, const char *residual)
121 char *path = NULL, *primary = NULL;
128 asprintf_ret = asprintf(&path, "%s/primary-XXXXXX", dc->dir);
129 if (asprintf_ret == -1 || path == NULL) {
130 return krb5_enomem(context);
140 if (fchmod(fd, S_IRUSR | S_IWUSR) < 0) {
145 len = strlen(residual);
147 iov[0].iov_base = rk_UNCONST(residual);
148 iov[0].iov_len = len;
149 iov[1].iov_base = "\n";
152 if (writev(fd, iov, sizeof(iov)/sizeof(iov[0])) != len + 1) {
157 primary = primary_create(dc);
158 if (primary == NULL) {
159 ret = krb5_enomem(context);
163 if (rename(path, primary) < 0) {
185 static krb5_error_code
186 get_default_cache(krb5_context context, krb5_dcache *dc,
187 const char *subsidiary, char **residual)
190 char buf[MAXPATHLEN];
191 char *primary = NULL;
196 return fs_encode_subsidiary(context, dc, subsidiary, residual);
198 primary = primary_create(dc);
200 return krb5_enomem(context);
202 f = fopen(primary, "r");
204 if (errno == ENOENT) {
206 *residual = strdup("tkt");
207 if (*residual == NULL)
208 return krb5_enomem(context);
212 krb5_set_error_message(context, ret, "failed to open %s", primary);
217 if (fgets(buf, sizeof(buf), f) == NULL) {
220 krb5_set_error_message(context, ret, "read file %s", primary);
226 buf[strcspn(buf, "\r\n")] = '\0';
228 if (!is_filename_cacheish(buf)) {
229 krb5_set_error_message(context, KRB5_CC_FORMAT,
230 "name in %s is not a cache (doesn't start with tkt)", primary);
232 return KRB5_CC_FORMAT;
237 *residual = strdup(buf);
238 if (*residual == NULL)
239 return krb5_enomem(context);
246 static krb5_error_code KRB5_CALLCONV
247 dcc_get_name_2(krb5_context context,
253 krb5_dcache *dc = DCACHE(id);
265 static krb5_error_code
266 verify_directory(krb5_context context, const char *path)
271 krb5_set_error_message(context, EINVAL,
272 N_("DIR empty directory component", ""));
276 if (stat(path, &sb) != 0) {
277 if (errno == ENOENT) {
278 /* XXX should use mkdirx_np() */
279 if (rk_mkdir(path, S_IRWXU) == 0)
282 krb5_set_error_message(context, ENOENT,
283 N_("DIR directory %s doesn't exists", ""), path);
287 krb5_set_error_message(context, ret,
288 N_("DIR directory %s is bad: %s", ""), path, strerror(ret));
292 if (!S_ISDIR(sb.st_mode)) {
293 krb5_set_error_message(context, KRB5_CC_BADNAME,
294 N_("DIR directory %s is not a directory", ""), path);
295 return KRB5_CC_BADNAME;
302 dcc_release(krb5_context context, krb5_dcache *dc)
305 krb5_cc_close(context, dc->fcache);
309 memset(dc, 0, sizeof(*dc));
313 static krb5_error_code
314 get_default_dir(krb5_context context, char **res)
319 if ((ret = dcc_get_default_name(context, &s)))
321 if (strncmp(s, "DIR:", sizeof("DIR:") - 1) != 0) {
324 } else if ((*res = strdup(s + sizeof("DIR:") - 1)) == NULL) {
325 ret = krb5_enomem(context);
331 static krb5_error_code KRB5_CALLCONV
332 dcc_resolve_2(krb5_context context,
338 krb5_dcache *dc = NULL;
339 char *filename = NULL;
345 * Here `res' has the directory name (or, if NULL, refers to the
346 * default DIR cccol), and `sub' has the "subsidiary" name, to which
347 * we'll prefix "tkt." (though we will insist only on "tkt" later).
349 if ((dc = calloc(1, sizeof(*dc))) == NULL ||
350 asprintf(&dc->sub, "tkt.%s", sub) == -1 || dc->sub == NULL) {
352 return krb5_enomem(context);
354 if (res && res[0] && (dc->dir = strdup(res)) == NULL) {
357 return krb5_enomem(context);
358 } else if ((!res || !res[0]) && (ret = get_default_dir(context, &dc->dir))) {
365 int is_drive_letter_colon = 0;
368 * Here `res' has whatever string followed "DIR:", and we need to parse
369 * it into `dc->dir' and `dc->sub'.
371 * Conventions we support for DIR cache naming:
373 * - DIR:path:NAME ---> FILE:path/tktNAME
374 * - DIR::path/tktNAME ---> FILE:path/tktNAME
375 * - DIR::NAME ---> FILE:${default_DIR_cccol_path}/tktNAME
376 * \-> FILE:/tmp/krb5cc_${uid}_dir/tktNAME
377 * - DIR:path ---> FILE:path/$(cat primary) or FILE:path/tkt
381 if (*res == '\0' || (res[0] == ':' && res[1] == '\0')) {
383 krb5_set_error_message(context, KRB5_CC_FORMAT,
384 N_("\"DIR:\" is not a valid ccache name", ""));
385 return KRB5_CC_FORMAT;
389 has_pathsep = strchr(res, '\\') != NULL;
391 has_pathsep |= strchr(res, '/') != NULL;
393 if ((dc = calloc(1, sizeof(*dc))) == NULL)
394 return krb5_enomem(context);
396 p = strrchr(res, ':');
398 is_drive_letter_colon =
399 p && ((res[0] == ':' && res[1] != ':' && p - res == 2) ||
400 (res[0] != ':' && p - res == 1));
403 if (res[0] != ':' && p && !is_drive_letter_colon) {
405 if ((dc->dir = strndup(res, (p - res))) == NULL ||
406 asprintf(&dc->sub, "tkt.%s", p + 1) < 0 || dc->sub == NULL) {
407 dcc_release(context, dc);
408 return krb5_enomem(context);
410 } else if (res[0] == ':' && has_pathsep) {
413 /* DIR::path/tktNAME (the "tkt" must be there; we'll check) */
414 if ((dc->dir = strdup(&res[1])) == NULL) {
415 dcc_release(context, dc);
416 return krb5_enomem(context);
419 q = strrchr(dc->dir, '\\');
420 if (q == NULL || ((p = strrchr(dc->dir, '/')) && q < p))
422 q = strrchr(dc->dir, '/');
424 if ((dc->sub = strdup(q)) == NULL) {
425 dcc_release(context, dc);
426 return krb5_enomem(context);
428 } else if (res[0] == ':') {
429 /* DIR::NAME -- no path component separators in NAME */
430 if ((ret = get_default_dir(context, &dc->dir))) {
431 dcc_release(context, dc);
434 if (asprintf(&dc->sub, "tkt.%s", res + 1) < 0 || dc->sub == NULL) {
435 dcc_release(context, dc);
436 return krb5_enomem(context);
440 if ((dc->dir = strdup(res)) == NULL) {
441 dcc_release(context, dc);
442 return krb5_enomem(context);
445 if ((ret = get_default_cache(context, dc, NULL, &dc->sub))) {
446 dcc_release(context, dc);
452 /* Strip off extra slashes on the end */
453 for (len = strlen(dc->dir);
454 len && ISPATHSEP(dc->dir[len - 1]);
456 dc->dir[len - 1] = '\0';
458 /* If we got here then `dc->dir' and `dc->sub' must both be set */
460 if ((ret = verify_directory(context, dc->dir))) {
461 dcc_release(context, dc);
464 if (!is_filename_cacheish(dc->sub)) {
465 krb5_set_error_message(context, KRB5_CC_FORMAT,
466 N_("Name %s is not a cache "
467 "(doesn't start with tkt)", ""), dc->sub);
468 dcc_release(context, dc);
469 return KRB5_CC_FORMAT;
471 if (asprintf(&dc->name, ":%s/%s", dc->dir, dc->sub) == -1 ||
473 asprintf(&filename, "FILE%s", dc->name) == -1 || filename == NULL) {
474 dcc_release(context, dc);
475 return krb5_enomem(context);
478 ret = krb5_cc_resolve(context, filename, &dc->fcache);
481 dcc_release(context, dc);
485 dc->default_candidate = 1;
486 (*id)->data.data = dc;
487 (*id)->data.length = sizeof(*dc);
491 static krb5_error_code KRB5_CALLCONV
492 dcc_gen_new(krb5_context context, krb5_ccache *id)
495 char *def_dir = NULL;
499 ret = get_default_dir(context, &def_dir);
501 ret = verify_directory(context, def_dir);
503 (asprintf(&name, "DIR::%s/tktXXXXXX", def_dir) == -1 || name == NULL))
504 ret = krb5_enomem(context);
505 if (ret == 0 && (fd = mkstemp(name + sizeof("DIR::") - 1)) == -1)
508 ret = dcc_resolve_2(context, id, name + sizeof("DIR:") - 1, NULL);
517 static krb5_error_code KRB5_CALLCONV
518 dcc_initialize(krb5_context context,
520 krb5_principal primary_principal)
522 krb5_dcache *dc = DCACHE(id);
523 return krb5_cc_initialize(context, D2FCACHE(dc), primary_principal);
526 static krb5_error_code KRB5_CALLCONV
527 dcc_close(krb5_context context,
530 krb5_dcache *dc = DCACHE(id);
531 krb5_principal p = NULL;
533 char *primary = NULL;
536 * If there's no default cache, but we're closing one, and the one we're
537 * closing has been initialized, then make it the default. This makes the
538 * first cache created the default.
540 * FIXME We should check if `D2FCACHE(dc)' has live credentials.
542 if (dc->default_candidate && D2FCACHE(dc) &&
543 krb5_cc_get_principal(context, D2FCACHE(dc), &p) == 0 &&
544 (primary = primary_create(dc)) &&
545 (stat(primary, &st) == -1 || !S_ISREG(st.st_mode) || st.st_size == 0))
546 dcc_set_default(context, id);
547 krb5_free_principal(context, p);
549 dcc_release(context, DCACHE(id));
553 static krb5_error_code KRB5_CALLCONV
554 dcc_destroy(krb5_context context,
557 krb5_dcache *dc = DCACHE(id);
558 krb5_ccache fcache = D2FCACHE(dc);
560 return krb5_cc_destroy(context, fcache);
563 static krb5_error_code KRB5_CALLCONV
564 dcc_store_cred(krb5_context context,
568 krb5_dcache *dc = DCACHE(id);
569 return krb5_cc_store_cred(context, D2FCACHE(dc), creds);
572 static krb5_error_code KRB5_CALLCONV
573 dcc_get_principal(krb5_context context,
575 krb5_principal *principal)
577 krb5_dcache *dc = DCACHE(id);
578 return krb5_cc_get_principal(context, D2FCACHE(dc), principal);
581 static krb5_error_code KRB5_CALLCONV
582 dcc_get_first (krb5_context context,
584 krb5_cc_cursor *cursor)
586 krb5_dcache *dc = DCACHE(id);
587 return krb5_cc_start_seq_get(context, D2FCACHE(dc), cursor);
590 static krb5_error_code KRB5_CALLCONV
591 dcc_get_next (krb5_context context,
593 krb5_cc_cursor *cursor,
596 krb5_dcache *dc = DCACHE(id);
597 return krb5_cc_next_cred(context, D2FCACHE(dc), cursor, creds);
600 static krb5_error_code KRB5_CALLCONV
601 dcc_end_get (krb5_context context,
603 krb5_cc_cursor *cursor)
605 krb5_dcache *dc = DCACHE(id);
606 return krb5_cc_end_seq_get(context, D2FCACHE(dc), cursor);
609 static krb5_error_code KRB5_CALLCONV
610 dcc_remove_cred(krb5_context context,
615 krb5_dcache *dc = DCACHE(id);
616 return krb5_cc_remove_cred(context, D2FCACHE(dc), which, cred);
619 static krb5_error_code KRB5_CALLCONV
620 dcc_set_flags(krb5_context context,
624 krb5_dcache *dc = DCACHE(id);
625 return krb5_cc_set_flags(context, D2FCACHE(dc), flags);
628 static int KRB5_CALLCONV
629 dcc_get_version(krb5_context context,
632 krb5_dcache *dc = DCACHE(id);
633 return krb5_cc_get_version(context, D2FCACHE(dc));
640 unsigned int first:1;
643 static krb5_error_code KRB5_CALLCONV
644 dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
646 struct dcache_iter *iter = NULL;
647 const char *name = krb5_cc_default_name(context);
653 if (strncmp(name, "DIR:", sizeof("DIR:") - 1) != 0) {
654 krb5_set_error_message(context, KRB5_CC_FORMAT,
655 N_("Can't list DIR caches unless its the default type", ""));
656 return KRB5_CC_FORMAT;
659 if ((iter = calloc(1, sizeof(*iter))) == NULL ||
660 (iter->dc = calloc(1, sizeof(iter->dc[0]))) == NULL ||
661 (iter->dc->dir = strdup(name + sizeof("DIR:") - 1)) == NULL) {
665 return krb5_enomem(context);
668 p = strrchr(iter->dc->dir, ':');
670 if (p == iter->dc->dir + 1)
676 /* Strip off extra slashes on the end */
677 for (len = strlen(iter->dc->dir);
678 len && ISPATHSEP(iter->dc->dir[len - 1]);
679 len -= len ? 1 : 0) {
680 iter->dc->dir[len - 1] = '\0';
683 if ((iter->d = opendir(iter->dc->dir)) == NULL) {
687 krb5_set_error_message(context, KRB5_CC_FORMAT,
688 N_("Can't open DIR %s: %s", ""),
689 iter->dc->dir, strerror(errno));
690 return KRB5_CC_FORMAT;
697 static krb5_error_code KRB5_CALLCONV
698 dcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
700 struct dcache_iter *iter = cursor;
703 struct dirent *dentry;
708 return krb5_einval(context, 2);
710 /* Emit primary subsidiary first */
712 (ret = get_default_cache(context, iter->dc, NULL, &iter->primary)) == 0 &&
713 is_filename_cacheish(iter->primary)) {
716 if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, iter->primary) > -1 && p != NULL &&
717 stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode))
718 ret = krb5_cc_resolve(context, p, id);
720 return krb5_enomem(context);
728 for (dentry = readdir(iter->d); dentry; dentry = readdir(iter->d)) {
729 if (!is_filename_cacheish(dentry->d_name) ||
730 (iter->primary && strcmp(dentry->d_name, iter->primary) == 0))
734 if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, dentry->d_name) > -1 &&
736 stat(p + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode))
737 ret = krb5_cc_resolve(context, p, id);
740 return krb5_enomem(context);
747 static krb5_error_code KRB5_CALLCONV
748 dcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
750 struct dcache_iter *iter = cursor;
753 return krb5_einval(context, 2);
755 (void) closedir(iter->d);
763 static krb5_error_code KRB5_CALLCONV
764 dcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
766 krb5_dcache *dcfrom = DCACHE(from);
767 krb5_dcache *dcto = DCACHE(to);
769 dcfrom->default_candidate = 0;
770 dcto->default_candidate = 1;
771 return krb5_cc_move(context, D2FCACHE(dcfrom), D2FCACHE(dcto));
774 static krb5_error_code KRB5_CALLCONV
775 dcc_get_default_name(krb5_context context, char **str)
777 const char *def_cc_colname =
778 krb5_config_get_string_default(context, NULL, KRB5_DEFAULT_CCNAME_DIR,
779 "libdefaults", "default_cc_collection",
782 /* [libdefaults] default_cc_collection is for testing */
783 if (strncmp(def_cc_colname, "DIR:", sizeof("DIR:") - 1) != 0)
784 def_cc_colname = KRB5_DEFAULT_CCNAME_DIR;
785 return _krb5_expand_default_cc_name(context, def_cc_colname, str);
788 static krb5_error_code KRB5_CALLCONV
789 dcc_set_default(krb5_context context, krb5_ccache id)
791 krb5_dcache *dc = DCACHE(id);
795 return set_default_cache(context, dc, dc->sub);
798 static krb5_error_code KRB5_CALLCONV
799 dcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
801 krb5_dcache *dc = DCACHE(id);
802 return krb5_cc_last_change_time(context, D2FCACHE(dc), mtime);
805 static krb5_error_code KRB5_CALLCONV
806 dcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
808 krb5_dcache *dc = DCACHE(id);
809 return krb5_cc_set_kdc_offset(context, D2FCACHE(dc), kdc_offset);
812 static krb5_error_code KRB5_CALLCONV
813 dcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
815 krb5_dcache *dc = DCACHE(id);
816 return krb5_cc_get_kdc_offset(context, D2FCACHE(dc), kdc_offset);
821 * Variable containing the DIR based credential cache implemention.
823 * @ingroup krb5_ccache
826 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops = {
827 KRB5_CC_OPS_VERSION_5,
836 NULL, /* dcc_retrieve */
848 dcc_get_default_name,