krb5_utils.c revision 7cc8729dec26c1fd5b06323237acc9ba2bdaaa17
/*
SSSD
Kerberos 5 Backend Module -- Utilities
Authors:
Sumit Bose <sbose@redhat.com>
Copyright (C) 2009 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <string.h>
#include <stdlib.h>
#include <libgen.h>
#include "providers/krb5/krb5_utils.h"
#include "providers/krb5/krb5_auth.h"
#include "src/util/find_uid.h"
bool case_sensitive, bool *private_path)
{
char *copy;
char *p;
char *n;
char *dummy;
char *name;
const char *cache_dir_tmpl;
*private_path = false;
return NULL;
}
goto done;
}
goto done;
}
p = copy;
*n = '\0';
n++;
if ( *n == '\0' ) {
goto done;
}
switch( *n ) {
case 'u':
"because user name is empty.\n"));
goto done;
}
if (!name) {
("sss_get_cased_name failed\n"));
goto done;
}
name);
if (!file_mode) *private_path = true;
break;
case 'U':
"because uid is invalid.\n"));
goto done;
}
if (!file_mode) *private_path = true;
break;
case 'p':
"because upn is empty.\n"));
goto done;
}
if (!file_mode) *private_path = true;
break;
case '%':
break;
case 'r':
goto done;
}
break;
case 'h':
"because the path is not available.\n"));
goto done;
}
if (!file_mode) *private_path = true;
break;
case 'd':
if (file_mode) {
if (cache_dir_tmpl == NULL) {
goto done;
}
false, case_sensitive,
"template failed.\n"));
goto done;
}
} else {
goto done;
}
break;
case 'P':
if (!file_mode) {
goto done;
}
"because PID is not available.\n"));
goto done;
}
break;
default:
goto done;
}
goto done;
}
p = n + 1;
}
goto done;
}
done:
return res;
}
{
if (private_path) {
"directory belonging to root or to [%d][%d].\n",
return EINVAL;
}
"the owner.\n"));
return EINVAL;
}
} else {
"others.\n"));
return EINVAL;
}
}
} else {
"directory.\n"));
return EINVAL;
}
"others.\n"));
return EINVAL;
}
}
return EOK;
}
struct string_list {
struct string_list *next;
struct string_list *prev;
char *s;
};
struct stat *parent_stat,
struct string_list **missing_parents)
{
char *end;
struct string_list *li;
("[%s] is not a directory.\n", dirname));
return EINVAL;
}
return EOK;
} else {
return ret;
}
}
("talloc_zero failed.\n"));
return ENOMEM;
}
("talloc_strdup failed.\n"));
return ENOMEM;
}
("talloc_strdup failed.\n"));
return ENOMEM;
}
/* We'll remove all trailing slashes from the back so that
do {
("Cannot find parent directory of [%s], / is not allowed.\n",
dirname));
goto done;
}
*end = '\0';
done:
return ret;
}
static errno_t
{
0, 0, NULL, 0);
if (ret == 0) {
("Illegal pattern in ccache directory name [%s].\n", filename));
return EINVAL;
} else if (ret == PCRE_ERROR_NOMATCH) {
("Ccache directory name [%s] does not contain "
"illegal patterns.\n", filename));
return EOK;
}
return EFAULT;
}
{
struct stat parent_stat;
("talloc_new failed.\n"));
return ENOMEM;
}
if (*dirname != '/') {
("Only absolute paths are allowed, not [%s] .\n", dirname));
goto done;
}
if (illegal_re != NULL) {
goto done;
}
}
("find_ccdir_parent_data failed.\n"));
goto done;
}
("check_parent_stat failed for %s directory [%s].\n",
goto done;
}
("Creating directory [%s].\n", li->s));
} else {
if (private_path &&
new_dir_mode = 0700;
} else {
new_dir_mode = 0755;
}
}
goto done;
}
if (private_path &&
goto done;
}
}
}
done:
return ret;
}
{
char *server_name;
const char *realm_name;
int realm_length;
if (kerr != 0) {
goto done;
}
if (kerr != 0) {
goto done;
}
if (server_name == NULL) {
goto done;
}
if (kerr != 0) {
goto done;
}
if (kerr != 0) {
goto done;
}
if (kerr != 0) {
goto done;
}
if (kerr != 0) {
goto done;
}
kerr = 0;
done:
}
if (client_princ != NULL) {
}
if (server_princ != NULL) {
}
}
if (kerr != 0) {
return EIO;
}
return EOK;
}
static errno_t
{
char *dirname;
char *end;
goto done;
}
/* We'll remove all trailing slashes from the back so that
do {
"/ is not allowed.\n", dirname));
goto done;
}
*end = '\0';
done:
return ret;
}
/*======== ccache back end utilities ========*/
struct sss_krb5_cc_be *
{
struct sss_krb5_cc_be *be;
switch (type) {
case SSS_KRB5_TYPE_FILE:
break;
case SSS_KRB5_TYPE_DIR:
break;
case SSS_KRB5_TYPE_UNKNOWN:
break;
}
return be;
}
struct sss_krb5_cc_be *
get_cc_be_ops_ccache(const char *ccache)
{
enum sss_krb5_cc_type type;
return get_cc_be_ops(type);
}
/*======== Operations on the FILE: back end ========*/
{
const char *filename;
return EINVAL;
}
}
static errno_t
{
int ret;
bool active;
*result = false;
return EINVAL;
}
return ret;
("Cache file [%s] exists, but is owned by [%d] instead of "
return EINVAL;
}
switch (type) {
case SSS_KRB5_TYPE_DIR:
break;
case SSS_KRB5_TYPE_FILE:
break;
default:
return EINVAL;
}
if (ret == 0) {
("Cache file [%s] exists, but is not the expected type\n",
ccname));
return EINVAL;
}
}
return ret;
}
if (!active) {
} else {
("User [%d] is still active, reusing ccache [%s].\n",
*result = true;
}
return EOK;
}
{
bool active;
bool valid;
const char *filename;
if (!filename) {
return EINVAL;
}
if (filename[0] != '/') {
return EINVAL;
}
return ret;
}
if (kerr != 0) {
return EIO;
}
if (kerr != 0) {
return EIO;
}
("Could not check if ccache contains a valid principal\n"));
return EIO;
}
return EOK;
}
const char *
const char *princ)
{
}
cc_file_remove(const char *location)
{
const char *filename;
if (!filename) {
return EINVAL;
}
if (filename[0] != '/') {
("Ccache file name [%s] is not an absolute path.\n", filename));
return EINVAL;
}
errno = 0;
return ret;
}
return EOK;
}
struct sss_krb5_cc_be file_cc = {
.create = cc_file_create,
.remove = cc_file_remove,
};
/*======== Operations on the DIR: back end ========*/
{
const char *dirname;
return EINVAL;
}
}
static krb5_error_code
{
if (krberr != 0) {
return krberr;
}
if (krberr != 0) {
return krberr;
}
return krberr;
}
{
bool active = false;
bool valid = false;
enum sss_krb5_cc_type type;
const char *filename;
const char *dir;
char *tmp;
if (type != SSS_KRB5_TYPE_DIR) {
return EINVAL;
}
if (!filename) {
("Existing ccname does not contain path into the collection"));
return EINVAL;
}
if (filename[0] != '/') {
("Only absolute path names are allowed.\n"));
return EINVAL;
}
if (!dir) {
("Cannot base get directory of %s\n", location));
return EINVAL;
}
return ret;
}
if (krberr) {
return EIO;
}
/* KRB5_FCC_NOFILE would be returned if the directory components
* of the DIR cache do not exist, which is the case in /run
* after a reboot
*/
("ccache %s is missing or empty\n", location));
valid = false;
goto done;
} else if (krberr != 0) {
goto done;
}
("Could not check if ccache contains a valid principal\n"));
goto done;
}
done:
return ret;
}
const char *
const char *princ)
{
char *name;
const char *ccname;
if (!ccname) {
location));
return NULL;
}
/* ccname already points to a subsidiary cache */
}
if (krberr) {
return NULL;
}
if (krberr) {
return NULL;
}
if (krberr) {
return NULL;
}
}
cc_dir_remove(const char *location)
{
const char *subsidiary;
return EINVAL;
}
if (!subsidiary) {
location));
return EINVAL;
}
return cc_file_remove(subsidiary);
}
struct sss_krb5_cc_be dir_cc = {
.create = cc_dir_create,
};