crypto/dist/heimdal/lib/krb5/replay.c

   1 /*
   2  * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5_locl.h"
  35 #include <vis.h>
  36
  37 __RCSID("$Heimdal: replay.c 17047 2006-04-10 17:13:49Z lha $"
  38         "$NetBSD$");
  39
  40 struct krb5_rcache_data {
  41     char *name;
  42 };
  43
  44 krb5_error_code KRB5_LIB_FUNCTION
  45 krb5_rc_resolve(krb5_context context,
  46                 krb5_rcache id,
  47                 const char *name)
  48 {
  49     id->name = strdup(name);
  50     if(id->name == NULL) {
  51         krb5_set_error_string (context, "malloc: out of memory");
  52         return KRB5_RC_MALLOC;
  53     }
  54     return 0;
  55 }
  56
  57 krb5_error_code KRB5_LIB_FUNCTION
  58 krb5_rc_resolve_type(krb5_context context,
  59                      krb5_rcache *id,
  60                      const char *type)
  61 {
  62     *id = NULL;
  63     if(strcmp(type, "FILE")) {
  64         krb5_set_error_string (context, "replay cache type %s not supported",
  65                                type);
  66         return KRB5_RC_TYPE_NOTFOUND;
  67     }
  68     *id = calloc(1, sizeof(**id));
  69     if(*id == NULL) {
  70         krb5_set_error_string (context, "malloc: out of memory");
  71         return KRB5_RC_MALLOC;
  72     }
  73     return 0;
  74 }
  75
  76 krb5_error_code KRB5_LIB_FUNCTION
  77 krb5_rc_resolve_full(krb5_context context,
  78                      krb5_rcache *id,
  79                      const char *string_name)
  80 {
  81     krb5_error_code ret;
  82
  83     *id = NULL;
  84
  85     if(strncmp(string_name, "FILE:", 5)) {
  86         krb5_set_error_string (context, "replay cache type %s not supported",
  87                                string_name);
  88         return KRB5_RC_TYPE_NOTFOUND;
  89     }
  90     ret = krb5_rc_resolve_type(context, id, "FILE");
  91     if(ret)
  92         return ret;
  93     ret = krb5_rc_resolve(context, *id, string_name + 5);
  94     if (ret) {
  95         krb5_rc_close(context, *id);
  96         *id = NULL;
  97     }
  98     return ret;
  99 }
 100
 101 const char* KRB5_LIB_FUNCTION
 102 krb5_rc_default_name(krb5_context context)
 103 {
 104     return "FILE:/var/run/default_rcache";
 105 }
 106
 107 const char* KRB5_LIB_FUNCTION
 108 krb5_rc_default_type(krb5_context context)
 109 {
 110     return "FILE";
 111 }
 112
 113 krb5_error_code KRB5_LIB_FUNCTION
 114 krb5_rc_default(krb5_context context,
 115                 krb5_rcache *id)
 116 {
 117     return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
 118 }
 119
 120 struct rc_entry{
 121     time_t stamp;
 122     unsigned char data[16];
 123 };
 124
 125 krb5_error_code KRB5_LIB_FUNCTION
 126 krb5_rc_initialize(krb5_context context,
 127                    krb5_rcache id,
 128                    krb5_deltat auth_lifespan)
 129 {
 130     FILE *f = fopen(id->name, "w");
 131     struct rc_entry tmp;
 132     int ret;
 133
 134     if(f == NULL) {
 135         ret = errno;
 136         krb5_set_error_string (context, "open(%s): %s", id->name,
 137                                strerror(ret));
 138         return ret;
 139     }
 140     tmp.stamp = auth_lifespan;
 141     fwrite(&tmp, 1, sizeof(tmp), f);
 142     fclose(f);
 143     return 0;
 144 }
 145
 146 krb5_error_code KRB5_LIB_FUNCTION
 147 krb5_rc_recover(krb5_context context,
 148                 krb5_rcache id)
 149 {
 150     return 0;
 151 }
 152
 153 krb5_error_code KRB5_LIB_FUNCTION
 154 krb5_rc_destroy(krb5_context context,
 155                 krb5_rcache id)
 156 {
 157     int ret;
 158
 159     if(remove(id->name) < 0) {
 160         ret = errno;
 161         krb5_set_error_string (context, "remove(%s): %s", id->name,
 162                                strerror(ret));
 163         return ret;
 164     }
 165     return krb5_rc_close(context, id);
 166 }
 167
 168 krb5_error_code KRB5_LIB_FUNCTION
 169 krb5_rc_close(krb5_context context,
 170               krb5_rcache id)
 171 {
 172     free(id->name);
 173     free(id);
 174     return 0;
 175 }
 176
 177 static void
 178 checksum_authenticator(Authenticator *auth, void *data)
 179 {
 180     MD5_CTX md5;
 181     int i;
 182
 183     MD5_Init (&md5);
 184     MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
 185     for(i = 0; i < auth->cname.name_string.len; i++)
 186         MD5_Update(&md5, auth->cname.name_string.val[i],
 187                    strlen(auth->cname.name_string.val[i]));
 188     MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
 189     MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
 190     MD5_Final (data, &md5);
 191 }
 192
 193 krb5_error_code KRB5_LIB_FUNCTION
 194 krb5_rc_store(krb5_context context,
 195               krb5_rcache id,
 196               krb5_donot_replay *rep)
 197 {
 198     struct rc_entry ent, tmp;
 199     time_t t;
 200     FILE *f;
 201     int ret;
 202
 203     ent.stamp = time(NULL);
 204     checksum_authenticator(rep, ent.data);
 205     f = fopen(id->name, "r");
 206     if(f == NULL) {
 207         ret = errno;
 208         krb5_set_error_string (context, "open(%s): %s", id->name,
 209                                strerror(ret));
 210         return ret;
 211     }
 212     fread(&tmp, sizeof(ent), 1, f);
 213     t = ent.stamp - tmp.stamp;
 214     while(fread(&tmp, sizeof(ent), 1, f)){
 215         if(tmp.stamp < t)
 216             continue;
 217         if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
 218             fclose(f);
 219             krb5_clear_error_string (context);
 220             return KRB5_RC_REPLAY;
 221         }
 222     }
 223     if(ferror(f)){
 224         ret = errno;
 225         fclose(f);
 226         krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
 227         return ret;
 228     }
 229     fclose(f);
 230     f = fopen(id->name, "a");
 231     if(f == NULL) {
 232         krb5_set_error_string (context, "open(%s): %s", id->name,
 233                                strerror(errno));
 234         return KRB5_RC_IO_UNKNOWN;
 235     }
 236     fwrite(&ent, 1, sizeof(ent), f);
 237     fclose(f);
 238     return 0;
 239 }
 240
 241 krb5_error_code KRB5_LIB_FUNCTION
 242 krb5_rc_expunge(krb5_context context,
 243                 krb5_rcache id)
 244 {
 245     return 0;
 246 }
 247
 248 krb5_error_code KRB5_LIB_FUNCTION
 249 krb5_rc_get_lifespan(krb5_context context,
 250                      krb5_rcache id,
 251                      krb5_deltat *auth_lifespan)
 252 {
 253     FILE *f = fopen(id->name, "r");
 254     int r;
 255     struct rc_entry ent;
 256     r = fread(&ent, sizeof(ent), 1, f);
 257     fclose(f);
 258     if(r){
 259         *auth_lifespan = ent.stamp;
 260         return 0;
 261     }
 262     krb5_clear_error_string (context);
 263     return KRB5_RC_IO_UNKNOWN;
 264 }
 265
 266 const char* KRB5_LIB_FUNCTION
 267 krb5_rc_get_name(krb5_context context,
 268                  krb5_rcache id)
 269 {
 270     return id->name;
 271 }
 272
 273 const char* KRB5_LIB_FUNCTION
 274 krb5_rc_get_type(krb5_context context,
 275                  krb5_rcache id)
 276 {
 277     return "FILE";
 278 }
 279
 280 krb5_error_code KRB5_LIB_FUNCTION
 281 krb5_get_server_rcache(krb5_context context,
 282                        const krb5_data *piece,
 283                        krb5_rcache *id)
 284 {
 285     krb5_rcache rcache;
 286     krb5_error_code ret;
 287
 288     char *tmp = malloc(4 * piece->length + 1);
 289     char *name;
 290
 291     if(tmp == NULL) {
 292         krb5_set_error_string (context, "malloc: out of memory");
 293         return ENOMEM;
 294     }
 295     strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
 296 #ifdef HAVE_GETEUID
 297     asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
 298 #else
 299     asprintf(&name, "FILE:rc_%s", tmp);
 300 #endif
 301     free(tmp);
 302     if(name == NULL) {
 303         krb5_set_error_string (context, "malloc: out of memory");
 304         return ENOMEM;
 305     }
 306
 307     ret = krb5_rc_resolve_full(context, &rcache, name);
 308     free(name);
 309     if(ret)
 310         return ret;
 311     *id = rcache;
 312     return ret;
 313 }