ff00015effc72ccbbe56d71bcb58ba6bf1a2781bMark Phalan * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Copyright 1990,1991,1992,1993,1994,2000,2004 Massachusetts Institute of Technology.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * All Rights Reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Original stdio support copyright 1995 by Cygnus Support.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Export of this software from the United States of America may
505d05c73a6e56769f263d4803b22eddd168ee24gtb * require a specific license from the United States Government.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * It is the responsibility of any person or organization contemplating
505d05c73a6e56769f263d4803b22eddd168ee24gtb * export to obtain such a license before exporting.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * distribute this software and its documentation for any purpose and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * without fee is hereby granted, provided that the above copyright
505d05c73a6e56769f263d4803b22eddd168ee24gtb * notice appear in all copies and that both that copyright notice and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * this permission notice appear in supporting documentation, and that
505d05c73a6e56769f263d4803b22eddd168ee24gtb * the name of M.I.T. not be used in advertising or publicity pertaining
505d05c73a6e56769f263d4803b22eddd168ee24gtb * to distribution of the software without specific, written prior
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission. Furthermore if you modify this software you must label
505d05c73a6e56769f263d4803b22eddd168ee24gtb * your software as modified software and not distribute it in such a
505d05c73a6e56769f263d4803b22eddd168ee24gtb * fashion that it might be confused with the original M.I.T. software.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * M.I.T. makes no representations about the suitability of
505d05c73a6e56769f263d4803b22eddd168ee24gtb * this software for any purpose. It is provided "as is" without express
505d05c73a6e56769f263d4803b22eddd168ee24gtb * or implied warranty.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * implementation of file-based credentials cache
505d05c73a6e56769f263d4803b22eddd168ee24gtbIf OPENCLOSE is defined, each of the functions opens and closes the
505d05c73a6e56769f263d4803b22eddd168ee24gtbfile whenever it needs to access it. Otherwise, the file is opened
505d05c73a6e56769f263d4803b22eddd168ee24gtbonce in initialize and closed once is close.
505d05c73a6e56769f263d4803b22eddd168ee24gtbThis library depends on UNIX-like file descriptors, and UNIX-like
505d05c73a6e56769f263d4803b22eddd168ee24gtbbehavior from the functions: open, close, read, write, lseek.
505d05c73a6e56769f263d4803b22eddd168ee24gtbThe quasi-BNF grammar for a credentials cache:
505d05c73a6e56769f263d4803b22eddd168ee24gtb principal list-of-credentials
505d05c73a6e56769f263d4803b22eddd168ee24gtbcredential ::=
505d05c73a6e56769f263d4803b22eddd168ee24gtb client (principal)
505d05c73a6e56769f263d4803b22eddd168ee24gtb server (principal)
505d05c73a6e56769f263d4803b22eddd168ee24gtb keyblock (keyblock)
505d05c73a6e56769f263d4803b22eddd168ee24gtb times (ticket_times)
505d05c73a6e56769f263d4803b22eddd168ee24gtb is_skey (boolean)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ticket_flags (flags)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ticket (data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb second_ticket (data)
505d05c73a6e56769f263d4803b22eddd168ee24gtbprincipal ::=
505d05c73a6e56769f263d4803b22eddd168ee24gtb number of components (int32)
505d05c73a6e56769f263d4803b22eddd168ee24gtb component 1 (data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb component 2 (data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb length (int32)
505d05c73a6e56769f263d4803b22eddd168ee24gtb string of length bytes
505d05c73a6e56769f263d4803b22eddd168ee24gtb Make sure that each time a function returns KRB5_NOMEM, everything
505d05c73a6e56769f263d4803b22eddd168ee24gtb allocated earlier in the function and stack tree is freed.
505d05c73a6e56769f263d4803b22eddd168ee24gtb File locking
505d05c73a6e56769f263d4803b22eddd168ee24gtb Use pread/pwrite if available, so multiple threads can read
505d05c73a6e56769f263d4803b22eddd168ee24gtb simultaneously. (That may require reader/writer locks.)
505d05c73a6e56769f263d4803b22eddd168ee24gtb fcc_nseq.c and fcc_read don't check return values a lot.
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* How long to block if flock fails with EAGAIN */
505d05c73a6e56769f263d4803b22eddd168ee24gtb#if !defined(_WIN32)
505d05c73a6e56769f263d4803b22eddd168ee24gtb# error find some way to use net-byte-order file version numbers.
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * FCC version 2 contains type information for principals. FCC
505d05c73a6e56769f263d4803b22eddd168ee24gtb * version 1 does not.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * FCC version 3 contains keyblock encryption type information, and is
505d05c73a6e56769f263d4803b22eddd168ee24gtb * architecture independent. Previous versions are not.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The code will accept version 1, 2, and 3 ccaches, and depending
505d05c73a6e56769f263d4803b22eddd168ee24gtb * what KRB5_FCC_DEFAULT_FVNO is set to, it will create version 1, 2,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * or 3 FCC caches.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The default credentials cache should be type 3 for now (see
32885d593baf8bac788fa78885893a51b3ad0f28gtb#define FCC_OPEN_AND_ERASE_NOUNLINK 255 /* Solaris Kerberos */
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* Credential file header tags.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The header tags are constructed as:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ui_2 tag
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ui_2 len
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_octet data[len]
505d05c73a6e56769f263d4803b22eddd168ee24gtb * This format allows for older versions of the fcc processing code to skip
505d05c73a6e56769f263d4803b22eddd168ee24gtb * past unrecognized tag formats.
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* macros to make checking flags easier */
505d05c73a6e56769f263d4803b22eddd168ee24gtb#define OPENCLOSE(id) (((krb5_fcc_data *)id->data)->flags & KRB5_TC_OPENCLOSE)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Lock this one before reading or modifying the data stored here
505d05c73a6e56769f263d4803b22eddd168ee24gtb that can be changed. (Filename is fixed after
505d05c73a6e56769f263d4803b22eddd168ee24gtb initialization.) */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Buffer data on reading, for performance.
505d05c73a6e56769f263d4803b22eddd168ee24gtb We used to have a stdio option, but we get more precise control
505d05c73a6e56769f263d4803b22eddd168ee24gtb by using the POSIX I/O functions. */
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* If we read some extra data in advance, and then want to know or
505d05c73a6e56769f263d4803b22eddd168ee24gtb use our "current" position, we need to back up a little. */
505d05c73a6e56769f263d4803b22eddd168ee24gtbk5_mutex_t krb5int_cc_file_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* An off_t can be arbitrarily complex */
505d05c73a6e56769f263d4803b22eddd168ee24gtb k5_assert_locked(&((krb5_fcc_data *)(ID)->data)->lock); \
505d05c73a6e56769f263d4803b22eddd168ee24gtb maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE); \
505d05c73a6e56769f263d4803b22eddd168ee24gtb k5_mutex_unlock(&((krb5_fcc_data *)(ID)->data)->lock); \
505d05c73a6e56769f263d4803b22eddd168ee24gtb (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } }
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Reads len bytes from the cache id, storing them in buf.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Must be called with mutex locked.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_END - there were not len bytes available
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors (read)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len);
505d05c73a6e56769f263d4803b22eddd168ee24gtb while (len > 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Fill buffer from current file position. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Don't do arithmetic on void pointers. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * FOR ALL OF THE FOLLOWING FUNCTIONS:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is open and set to read at the appropriate place in the file
505d05c73a6e56769f263d4803b22eddd168ee24gtb * mutex is locked
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Fills in the second argument with data of the appropriate type from
505d05c73a6e56769f263d4803b22eddd168ee24gtb * the file. In some cases, the functions have to allocate space for
505d05c73a6e56769f263d4803b22eddd168ee24gtb * variable length fields; therefore, krb5_destroy_<type> must be
505d05c73a6e56769f263d4803b22eddd168ee24gtb * called for each filled in structure.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors (read errors)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Read principal type */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Read the number of components */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * DCE includes the principal's realm in the count; the new format
505d05c73a6e56769f263d4803b22eddd168ee24gtb * does not.
505d05c73a6e56769f263d4803b22eddd168ee24gtb tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data));
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_data(context, id, krb5_princ_realm(context, tmpprinc));
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i < length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i));
505d05c73a6e56769f263d4803b22eddd168ee24gtb while(--i >= 0)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Read the number of components */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Make *addrs able to hold length pointers to krb5_address structs
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Add one extra for a null-terminated list
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i < length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
ff00015effc72ccbbe56d71bcb58ba6bf1a2781bMark Phalan /* Solaris Kerberos */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* This works because the old etype is the same as the new enctype. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* keyblock->enctype = ui2; */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Overflow check. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos */
ebd1706e95186ddae1d4c0d63c47544cf33832eegtb keyblock->contents = calloc(keyblock->length, sizeof(krb5_octet));
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtb data->data[data->length] = 0; /* Null terminate, just in case.... */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
505d05c73a6e56769f263d4803b22eddd168ee24gtb if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Length field is "unsigned int", which may be smaller than 32
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read(context, id, addr->contents, addr->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_int32(krb5_context context, krb5_ccache id, krb5_int32 *i)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 *i)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_octet(krb5_context context, krb5_ccache id, krb5_octet *i)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Read the number of components */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Make *a able to hold length pointers to krb5_authdata structs
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Add one extra for a null-terminated list
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (*a == NULL)
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i < length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
505d05c73a6e56769f263d4803b22eddd168ee24gtb if ((*a)[i] == NULL) {
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
505d05c73a6e56769f263d4803b22eddd168ee24gtb if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Value could have gotten truncated if int is smaller than 32
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (a->length == 0 )
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read(context, id, a->contents, a->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is open
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Writes len bytes from buf into the file cred cache id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * FOR ALL OF THE FOLLOWING FUNCTIONS:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * ((krb5_fcc_data *) id->data)->file is open and at the right position.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * mutex is locked
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Stores an encoded version of the second argument in the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cache file.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * DCE-compatible format means that the length count
505d05c73a6e56769f263d4803b22eddd168ee24gtb * includes the realm. (It also doesn't include the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * principal type information.)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_data(context, id, krb5_princ_realm(context, princ));
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i < length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Count the number of components */
505d05c73a6e56769f263d4803b22eddd168ee24gtb while (*temp++)
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i < length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_ui_4(context, id, keyblock->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) addr->contents, addr->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_data(krb5_context context, krb5_ccache id, krb5_data *data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, data->data, data->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_int32(krb5_context context, krb5_ccache id, krb5_int32 i)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2));
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times));
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_int32(context, id, t->authtime);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_int32(context, id, t->starttime);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_int32(context, id, t->renew_till);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a)
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (a != NULL) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (i=0; i<length; i++) {
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store_authdatum (krb5_context context, krb5_ccache id, krb5_authdata *a)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_fcc_write(context, id, (krb5_pointer) a->contents, a->length);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_close_file (krb5_context context, krb5_fcc_data *data)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Solaris Kerberos */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_open_nounlink(char *filename, int open_flag, int *ret_fd, int *new)
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Solaris Kerberos
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If we are opening in NOUNLINK mode, we have to check that the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * existing file, if any, is not a symlink. If it is, we try to
505d05c73a6e56769f263d4803b22eddd168ee24gtb * delete and re-create it.
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
505d05c73a6e56769f263d4803b22eddd168ee24gtb syslog(LOG_WARNING, "%s is not a plain file!", filename);
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
1f03f0496b37f42bc76df041144b1cf7e47fcda4Peter Shoults fd = THREEPARAMOPEN(filename, open_flag | O_NONBLOCK | O_NOFOLLOW, 0600);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* If the file got created after the open we must retry */
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (0);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * We failed since the file existed with wrong permissions.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Let's try to unlink it and if that succeeds retry.
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (0);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* If we still don't have a valid fd, we stop trying */
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Solaris Kerberos
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If the file was not created now with a O_CREAT | O_EXCL open,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * we have opened an existing file. We should check if the file
505d05c73a6e56769f263d4803b22eddd168ee24gtb * owner is us, if not, unlink and retry. If unlink fails we log
505d05c73a6e56769f263d4803b22eddd168ee24gtb * the error and return.
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Check if this is the same file we lstat'd earlier */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (lres.st_dev != fres.st_dev || lres.st_ino != fres.st_ino) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb syslog(LOG_ERR, "%s changed between stat and open!", filename);
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (-1);
24da5b34f49324ed742a340010ed5bd3d4e06625rie * Solaris Kerberos
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Check if the cc filename uid matches owner of file.
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Expects cc file to be in the form of /tmp/krb5cc_<uid>,
32885d593baf8bac788fa78885893a51b3ad0f28gtb * else skip this check.
32885d593baf8bac788fa78885893a51b3ad0f28gtb if (strncmp(filename, "/tmp/krb5cc_", strlen("/tmp/krb5cc_")) == 0) {
32885d593baf8bac788fa78885893a51b3ad0f28gtb char *s = NULL;
32885d593baf8bac788fa78885893a51b3ad0f28gtb /* make sure we have some non-null char after '_' */
32885d593baf8bac788fa78885893a51b3ad0f28gtb /* make sure the uid part is all digits */
32885d593baf8bac788fa78885893a51b3ad0f28gtb for (s = uidstr; *s; s++)
32885d593baf8bac788fa78885893a51b3ad0f28gtb "%s owned by %d instead of %d",
32885d593baf8bac788fa78885893a51b3ad0f28gtb return (-1);
32885d593baf8bac788fa78885893a51b3ad0f28gtb return (0);
505d05c73a6e56769f263d4803b22eddd168ee24gtb return (0);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode)
505d05c73a6e56769f263d4803b22eddd168ee24gtb krb5_os_context os_ctx = (krb5_os_context)context->os_context;
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Don't know what state it's in; shut down and start anew. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos */
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Solaris Kerberos
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If we are opening in NOUNLINK mode, check whether we are opening a
505d05c73a6e56769f263d4803b22eddd168ee24gtb * symlink or a file owned by some other user and take preventive action.
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_open_nounlink(data->filename, open_flag,
1f03f0496b37f42bc76df041144b1cf7e47fcda4Peter Shoults f = THREEPARAMOPEN (data->filename, open_flag | O_BINARY | O_NOFOLLOW,
32885d593baf8bac788fa78885893a51b3ad0f28gtb /* Solaris Kerberos wait some time before retrying */
505d05c73a6e56769f263d4803b22eddd168ee24gtb syslog(LOG_ERR, "Failed to lock %s [%m]", data->filename);
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (mode == FCC_OPEN_AND_ERASE || mode == FCC_OPEN_AND_ERASE_NOUNLINK) {
32885d593baf8bac788fa78885893a51b3ad0f28gtb * Solaris Kerberos
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If this file was not created, we have to flush existing data.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * This will happen only if we are doing an ERASE_NOUNLINK open.
505d05c73a6e56769f263d4803b22eddd168ee24gtb syslog(LOG_ERR, "ftruncate failed for %s [%m]", data->filename);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* write the version number */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) !=
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) :
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* V4 of the credentials cache format allows for header tags */
505d05c73a6e56769f263d4803b22eddd168ee24gtb fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32));
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Write header length */
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Write time offset tag */
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* verify a valid version number is there */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) ||
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) ||
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb (void) close(f);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_skip_header(krb5_context context, krb5_ccache id)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_skip_principal(krb5_context context, krb5_ccache id)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Creates/refreshes the file cred cache id. If the cache exists, its
505d05c73a6e56769f263d4803b22eddd168ee24gtb * contents are destroyed.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = k5_mutex_lock(&((krb5_fcc_data *) id->data)->lock);
32885d593baf8bac788fa78885893a51b3ad0f28gtb MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE_NOUNLINK); /* Solaris Kerberos */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * SUN14resync
505d05c73a6e56769f263d4803b22eddd168ee24gtb * This is not needed and can cause problems with ktkt_warnd(1M)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * because it does tricks with getuid and if we enable this fchmod
505d05c73a6e56769f263d4803b22eddd168ee24gtb * we get EPERM [file_owner] failures on fchmod.
505d05c73a6e56769f263d4803b22eddd168ee24gtb reti = fchmod(((krb5_fcc_data *) id->data)->file, S_IREAD | S_IWRITE);
505d05c73a6e56769f263d4803b22eddd168ee24gtb reti = chmod(((krb5_fcc_data *) id->data)->filename, S_IREAD | S_IWRITE);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Drop the ref count; if it hits zero, remove the entry from the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * fcc_set list and free it.
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code dereference(krb5_context context, krb5_fcc_data *data)
505d05c73a6e56769f263d4803b22eddd168ee24gtb for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Closes the file cache, invalidates the id, and frees any resources
505d05c73a6e56769f263d4803b22eddd168ee24gtb * associated with the cache.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Destroys the contents of id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (ret < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* "disgusting bit of UNIX trivia" - that's how the writers of NFS describe
505d05c73a6e56769f263d4803b22eddd168ee24gtb** the ability of UNIX to still write to a file which has been unlinked.
505d05c73a6e56769f263d4803b22eddd168ee24gtb** Naturally, the PC can't do this. As a result, we have to delete the file
505d05c73a6e56769f263d4803b22eddd168ee24gtb** after we wipe it clean but that throws off all the error handling code.
505d05c73a6e56769f263d4803b22eddd168ee24gtb** So we have do the work ourselves.
505d05c73a6e56769f263d4803b22eddd168ee24gtb while (size > 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb wlen = (int) ((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (i < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Don't jump to cleanup--we still want to delete the file. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (ret < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb#else /* MSDOS_FILESYSTEM */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (ret < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (ret < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* XXX This may not be legal XXX */
505d05c73a6e56769f263d4803b22eddd168ee24gtb#endif /* MSDOS_FILESYSTEM */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * residual is a legal path name, and a null-terminated string
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * creates a file-based cred cache that will reside in the file
505d05c73a6e56769f263d4803b22eddd168ee24gtb * residual. The cache is not opened, but the filename is reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * A filled in krb5_ccache structure "id".
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM - there was insufficient memory to allocate the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ccache. id is undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* data->version,mode filled in for real later */
505d05c73a6e56769f263d4803b22eddd168ee24gtb lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* other routines will get errors on open, and callers must expect them,
505d05c73a6e56769f263d4803b22eddd168ee24gtb if cache is non-existent/unusable */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Prepares for a sequential search of the credentials cache.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns and krb5_cc_cursor to be used with krb5_fcc_next_cred and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_fcc_end_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If the cache is modified between the time of this call and the time
505d05c73a6e56769f263d4803b22eddd168ee24gtb * of the final krb5_fcc_end_seq_get, the results are undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_start_seq_get(krb5_context context, krb5_ccache id,
505d05c73a6e56769f263d4803b22eddd168ee24gtb fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor));
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Make sure we start reading right after the primary principal */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos - fix mem leak */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos - fix mem leak */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor is a krb5_cc_cursor originally obtained from
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_fcc_start_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifes:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor, creds
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Fills in creds with the "next" credentals structure from the cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id. The actual order the creds are returned in is arbitrary.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Space is allocated for the variable length fields in the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * credentials structure, so the object returned must be passed to
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_destroy_credential.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The cursor is updated for the next call to krb5_fcc_next_cred.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_principal(context, id, &creds->client);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_principal(context, id, &creds->server);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_addrs(context, id, &creds->addresses);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_authdata(context, id, &creds->authdata);
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = krb5_fcc_read_data(context, id, &creds->second_ticket);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor is a krb5_cc_cursor originally obtained from
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_fcc_start_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id, cursor
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Finishes sequential processing of the file credentials ccache id,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * and invalidates the cursor (it must never be used after this call).
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* ARGSUSED */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* We don't do anything with the file cache itself, so
505d05c73a6e56769f263d4803b22eddd168ee24gtb no need to lock anything. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* don't close; it may be left open by the caller,
505d05c73a6e56769f263d4803b22eddd168ee24gtb and if not, fcc_start_seq_get and/or fcc_next_cred will do the
505d05c73a6e56769f263d4803b22eddd168ee24gtb MAYBE_CLOSE.
505d05c73a6e56769f263d4803b22eddd168ee24gtb MAYBE_CLOSE(context, id, kret); */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Creates a new file cred cache whose name is guaranteed to be
505d05c73a6e56769f263d4803b22eddd168ee24gtb * unique. The name begins with the string TKT_ROOT (from fcc.h).
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The cache is not opened, but the new filename is reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The filled in krb5_ccache id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM - there was insufficient memory to allocate the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ccache. id is undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors (from open)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
505d05c73a6e56769f263d4803b22eddd168ee24gtb char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan krb5_int16 fcc_fvno = htons(context->fcc_default_format);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Set master lock */
505d05c73a6e56769f263d4803b22eddd168ee24gtb#else /*HAVE_MKSTEMP*/
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Make sure the file name is reserved */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan ret = THREEPARAMOPEN(scratch, O_CREAT | O_EXCL | O_WRONLY | O_BINARY, 0);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Allocate memory */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan data = (krb5_pointer) malloc(sizeof(krb5_fcc_data));
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The file is initially closed at the end of this call...
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* data->version,mode filled in for real later */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Ignore user's umask, set mode = 0600 */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan != sizeof(fcc_fvno)) {
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* For version 4 we save a length for the rest of the header */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan != sizeof(fcc_flen)) {
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* default to open/close on every trn - otherwise destroy
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan will get as to state confused */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is a file credential cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The name of the file cred cache id.
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic const char * KRB5_CALLCONV
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id, princ
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Retrieves the primary principal from id, as set with
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_fcc_initialize. The principal is returned is allocated
505d05c73a6e56769f263d4803b22eddd168ee24gtb * storage that must be freed by the caller via krb5_free_principal.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtb kret = k5_mutex_lock(&((krb5_fcc_data *) id->data)->lock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* make sure we're beyond the header */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_cc_retrieve_cred_default (context, id, whichfields,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * the file cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * stores creds in the file cred cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb * storage failure errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = k5_mutex_lock(&((krb5_fcc_data *) id->data)->lock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Make sure we are writing to the end of the file */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Make sure we are writing to the end of the file */
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END);
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (ret < 0) {
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_principal(context, id, creds->client);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_principal(context, id, creds->server);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_int32(context, id, creds->ticket_flags);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_addrs(context, id, creds->addresses);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_authdata(context, id, creds->authdata);
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = krb5_fcc_store_data(context, id, &creds->second_ticket);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Non-functional stub implementation for krb5_fcc_remove
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOSUPP - not implemented
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is a cred cache returned by krb5_fcc_resolve or
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Sets the operational flags of id to flags.
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
505d05c73a6e56769f263d4803b22eddd168ee24gtb ret = k5_mutex_lock(&((krb5_fcc_data *) id->data)->lock);
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* XXX This should check for illegal combinations, if any.. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* asking to turn on OPENCLOSE mode */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* XXX Is this test necessary? */
505d05c73a6e56769f263d4803b22eddd168ee24gtb (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data));
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* asking to turn off OPENCLOSE mode, meaning it must be
505d05c73a6e56769f263d4803b22eddd168ee24gtb left open. We open if it's not yet open */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * id is a cred cache returned by krb5_fcc_resolve or
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * id (mutex only; temporary)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Returns the operational flags of id.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan ret = k5_mutex_lock(&((krb5_fcc_data *) id->data)->lock);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan k5_mutex_unlock(&((krb5_fcc_data *) id->data)->lock);
5e01956f3000408c2a2c5a08c8d0acf2c2a9d8eeGlenn Barry "Credentials cache I/O operation failed (%s)"),
505d05c73a6e56769f263d4803b22eddd168ee24gtb#if defined(_WIN32)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_change_cache should be called after the cache changes.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * A notification message is is posted out to all top level
505d05c73a6e56769f263d4803b22eddd168ee24gtb * windows so that they may recheck the cache based on the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * changes made. We register a unique message type with which
505d05c73a6e56769f263d4803b22eddd168ee24gtb * we'll communicate to all other processes.
505d05c73a6e56769f263d4803b22eddd168ee24gtb PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0);
505d05c73a6e56769f263d4803b22eddd168ee24gtb#else /* _WIN32 */
505d05c73a6e56769f263d4803b22eddd168ee24gtbunsigned int
505d05c73a6e56769f263d4803b22eddd168ee24gtb#endif /* _WIN32 */