Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / replay.c
blob6723dba1d7f2df8bd17ef6ea1c621b4737ae1c04
1 /*
2 * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "krb5_locl.h"
35 #include <vis.h>
37 __RCSID("$Heimdal: replay.c 17047 2006-04-10 17:13:49Z lha $"
38 "$NetBSD$");
40 struct krb5_rcache_data {
41 char *name;
44 krb5_error_code KRB5_LIB_FUNCTION
45 krb5_rc_resolve(krb5_context context,
46 krb5_rcache id,
47 const char *name)
49 id->name = strdup(name);
50 if(id->name == NULL) {
51 krb5_set_error_string (context, "malloc: out of memory");
52 return KRB5_RC_MALLOC;
54 return 0;
57 krb5_error_code KRB5_LIB_FUNCTION
58 krb5_rc_resolve_type(krb5_context context,
59 krb5_rcache *id,
60 const char *type)
62 *id = NULL;
63 if(strcmp(type, "FILE")) {
64 krb5_set_error_string (context, "replay cache type %s not supported",
65 type);
66 return KRB5_RC_TYPE_NOTFOUND;
68 *id = calloc(1, sizeof(**id));
69 if(*id == NULL) {
70 krb5_set_error_string (context, "malloc: out of memory");
71 return KRB5_RC_MALLOC;
73 return 0;
76 krb5_error_code KRB5_LIB_FUNCTION
77 krb5_rc_resolve_full(krb5_context context,
78 krb5_rcache *id,
79 const char *string_name)
81 krb5_error_code ret;
83 *id = NULL;
85 if(strncmp(string_name, "FILE:", 5)) {
86 krb5_set_error_string (context, "replay cache type %s not supported",
87 string_name);
88 return KRB5_RC_TYPE_NOTFOUND;
90 ret = krb5_rc_resolve_type(context, id, "FILE");
91 if(ret)
92 return ret;
93 ret = krb5_rc_resolve(context, *id, string_name + 5);
94 if (ret) {
95 krb5_rc_close(context, *id);
96 *id = NULL;
98 return ret;
101 const char* KRB5_LIB_FUNCTION
102 krb5_rc_default_name(krb5_context context)
104 return "FILE:/var/run/default_rcache";
107 const char* KRB5_LIB_FUNCTION
108 krb5_rc_default_type(krb5_context context)
110 return "FILE";
113 krb5_error_code KRB5_LIB_FUNCTION
114 krb5_rc_default(krb5_context context,
115 krb5_rcache *id)
117 return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
120 struct rc_entry{
121 time_t stamp;
122 unsigned char data[16];
125 krb5_error_code KRB5_LIB_FUNCTION
126 krb5_rc_initialize(krb5_context context,
127 krb5_rcache id,
128 krb5_deltat auth_lifespan)
130 FILE *f = fopen(id->name, "w");
131 struct rc_entry tmp;
132 int ret;
134 if(f == NULL) {
135 ret = errno;
136 krb5_set_error_string (context, "open(%s): %s", id->name,
137 strerror(ret));
138 return ret;
140 tmp.stamp = auth_lifespan;
141 fwrite(&tmp, 1, sizeof(tmp), f);
142 fclose(f);
143 return 0;
146 krb5_error_code KRB5_LIB_FUNCTION
147 krb5_rc_recover(krb5_context context,
148 krb5_rcache id)
150 return 0;
153 krb5_error_code KRB5_LIB_FUNCTION
154 krb5_rc_destroy(krb5_context context,
155 krb5_rcache id)
157 int ret;
159 if(remove(id->name) < 0) {
160 ret = errno;
161 krb5_set_error_string (context, "remove(%s): %s", id->name,
162 strerror(ret));
163 return ret;
165 return krb5_rc_close(context, id);
168 krb5_error_code KRB5_LIB_FUNCTION
169 krb5_rc_close(krb5_context context,
170 krb5_rcache id)
172 free(id->name);
173 free(id);
174 return 0;
177 static void
178 checksum_authenticator(Authenticator *auth, void *data)
180 MD5_CTX md5;
181 int i;
183 MD5_Init (&md5);
184 MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
185 for(i = 0; i < auth->cname.name_string.len; i++)
186 MD5_Update(&md5, auth->cname.name_string.val[i],
187 strlen(auth->cname.name_string.val[i]));
188 MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
189 MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
190 MD5_Final (data, &md5);
193 krb5_error_code KRB5_LIB_FUNCTION
194 krb5_rc_store(krb5_context context,
195 krb5_rcache id,
196 krb5_donot_replay *rep)
198 struct rc_entry ent, tmp;
199 time_t t;
200 FILE *f;
201 int ret;
203 ent.stamp = time(NULL);
204 checksum_authenticator(rep, ent.data);
205 f = fopen(id->name, "r");
206 if(f == NULL) {
207 ret = errno;
208 krb5_set_error_string (context, "open(%s): %s", id->name,
209 strerror(ret));
210 return ret;
212 fread(&tmp, sizeof(ent), 1, f);
213 t = ent.stamp - tmp.stamp;
214 while(fread(&tmp, sizeof(ent), 1, f)){
215 if(tmp.stamp < t)
216 continue;
217 if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
218 fclose(f);
219 krb5_clear_error_string (context);
220 return KRB5_RC_REPLAY;
223 if(ferror(f)){
224 ret = errno;
225 fclose(f);
226 krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
227 return ret;
229 fclose(f);
230 f = fopen(id->name, "a");
231 if(f == NULL) {
232 krb5_set_error_string (context, "open(%s): %s", id->name,
233 strerror(errno));
234 return KRB5_RC_IO_UNKNOWN;
236 fwrite(&ent, 1, sizeof(ent), f);
237 fclose(f);
238 return 0;
241 krb5_error_code KRB5_LIB_FUNCTION
242 krb5_rc_expunge(krb5_context context,
243 krb5_rcache id)
245 return 0;
248 krb5_error_code KRB5_LIB_FUNCTION
249 krb5_rc_get_lifespan(krb5_context context,
250 krb5_rcache id,
251 krb5_deltat *auth_lifespan)
253 FILE *f = fopen(id->name, "r");
254 int r;
255 struct rc_entry ent;
256 r = fread(&ent, sizeof(ent), 1, f);
257 fclose(f);
258 if(r){
259 *auth_lifespan = ent.stamp;
260 return 0;
262 krb5_clear_error_string (context);
263 return KRB5_RC_IO_UNKNOWN;
266 const char* KRB5_LIB_FUNCTION
267 krb5_rc_get_name(krb5_context context,
268 krb5_rcache id)
270 return id->name;
273 const char* KRB5_LIB_FUNCTION
274 krb5_rc_get_type(krb5_context context,
275 krb5_rcache id)
277 return "FILE";
280 krb5_error_code KRB5_LIB_FUNCTION
281 krb5_get_server_rcache(krb5_context context,
282 const krb5_data *piece,
283 krb5_rcache *id)
285 krb5_rcache rcache;
286 krb5_error_code ret;
288 char *tmp = malloc(4 * piece->length + 1);
289 char *name;
291 if(tmp == NULL) {
292 krb5_set_error_string (context, "malloc: out of memory");
293 return ENOMEM;
295 strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
296 #ifdef HAVE_GETEUID
297 asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
298 #else
299 asprintf(&name, "FILE:rc_%s", tmp);
300 #endif
301 free(tmp);
302 if(name == NULL) {
303 krb5_set_error_string (context, "malloc: out of memory");
304 return ENOMEM;
307 ret = krb5_rc_resolve_full(context, &rcache, name);
308 free(name);
309 if(ret)
310 return ret;
311 *id = rcache;
312 return ret;