Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsg upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 17:47:29 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 17:47:29 +0000
commit: 4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree: 8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/lib/krb5/replay.c
parent: Initial commit. (diff)
download: samba-upstream.tar.xz
samba-upstream.zip
1 files changed, 328 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/replay.c b/third_party/heimdal/lib/krb5/replay.c
new file mode 100644
index 0000000..2fec8af
--- /dev/null
+++ b/third_party/heimdal/lib/krb5/replay.c
@@ -0,0 +1,328 @@
+/*
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <vis.h>
+
+struct krb5_rcache_data {
+    char *name;
+};
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_resolve(krb5_context context,
+		krb5_rcache id,
+		const char *name)
+{
+    id->name = strdup(name);
+    if(id->name == NULL) {
+	krb5_set_error_message(context, KRB5_RC_MALLOC,
+			       N_("malloc: out of memory", ""));
+	return KRB5_RC_MALLOC;
+    }
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_resolve_type(krb5_context context,
+		     krb5_rcache *id,
+		     const char *type)
+{
+    *id = NULL;
+    if (strcmp(type, "FILE") != 0) {
+	krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
+				N_("replay cache type %s not supported", ""),
+				type);
+	return KRB5_RC_TYPE_NOTFOUND;
+    }
+    *id = calloc(1, sizeof(**id));
+    if(*id == NULL) {
+	krb5_set_error_message(context, KRB5_RC_MALLOC,
+			       N_("malloc: out of memory", ""));
+	return KRB5_RC_MALLOC;
+    }
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_resolve_full(krb5_context context,
+		     krb5_rcache *id,
+		     const char *string_name)
+{
+    krb5_error_code ret;
+
+    *id = NULL;
+
+    if (strncmp(string_name, "FILE:", 5) != 0) {
+	krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
+			       N_("replay cache type %s not supported", ""),
+			       string_name);
+	return KRB5_RC_TYPE_NOTFOUND;
+    }
+    ret = krb5_rc_resolve_type(context, id, "FILE");
+    if(ret)
+	return ret;
+    ret = krb5_rc_resolve(context, *id, string_name + 5);
+    if (ret) {
+	krb5_rc_close(context, *id);
+	*id = NULL;
+    }
+    return ret;
+}
+
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_rc_default_name(krb5_context context)
+{
+    return "FILE:/var/run/default_rcache";
+}
+
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_rc_default_type(krb5_context context)
+{
+    return "FILE";
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_default(krb5_context context,
+		krb5_rcache *id)
+{
+    return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
+}
+
+struct rc_entry{
+    time_t stamp;
+    unsigned char data[16];
+};
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_initialize(krb5_context context,
+		   krb5_rcache id,
+		   krb5_deltat auth_lifespan)
+{
+    FILE *f = fopen(id->name, "w");
+    struct rc_entry tmp;
+    int ret;
+
+    if(f == NULL) {
+	char buf[128];
+	ret = errno;
+	rk_strerror_r(ret, buf, sizeof(buf));
+	krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
+	return ret;
+    }
+    memset(&tmp, 0, sizeof(tmp));
+    tmp.stamp = auth_lifespan;
+    fwrite(&tmp, 1, sizeof(tmp), f);
+    fclose(f);
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_recover(krb5_context context,
+		krb5_rcache id)
+{
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_destroy(krb5_context context,
+		krb5_rcache id)
+{
+    int ret;
+
+    if(remove(id->name) < 0) {
+	char buf[128];
+	ret = errno;
+	rk_strerror_r(ret, buf, sizeof(buf));
+	krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
+	return ret;
+    }
+    return krb5_rc_close(context, id);
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_close(krb5_context context,
+	      krb5_rcache id)
+{
+    free(id->name);
+    free(id);
+    return 0;
+}
+
+static void
+checksum_authenticator(Authenticator *auth, void *data)
+{
+    EVP_MD_CTX *m = EVP_MD_CTX_create();
+    unsigned i;
+
+    EVP_DigestInit_ex(m, EVP_md5(), NULL);
+
+    EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm));
+    for(i = 0; i < auth->cname.name_string.len; i++)
+	EVP_DigestUpdate(m, auth->cname.name_string.val[i],
+		   strlen(auth->cname.name_string.val[i]));
+    EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime));
+    EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec));
+
+    EVP_DigestFinal_ex(m, data, NULL);
+    EVP_MD_CTX_destroy(m);
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_store(krb5_context context,
+	      krb5_rcache id,
+	      krb5_donot_replay *rep)
+{
+    struct rc_entry ent, tmp;
+    time_t t;
+    FILE *f;
+    int ret;
+    size_t count;
+
+    ent.stamp = time(NULL);
+    checksum_authenticator(rep, ent.data);
+    f = fopen(id->name, "r");
+    if(f == NULL) {
+	char buf[128];
+	ret = errno;
+	rk_strerror_r(ret, buf, sizeof(buf));
+	krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
+	return ret;
+    }
+    rk_cloexec_file(f);
+    count = fread(&tmp, sizeof(ent), 1, f);
+    if (count != 1) {
+	fclose(f);
+	return KRB5_RC_IO_UNKNOWN;
+    }
+    t = ent.stamp - tmp.stamp;
+    while(fread(&tmp, sizeof(ent), 1, f)){
+	if(tmp.stamp < t)
+	    continue;
+	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
+	    fclose(f);
+	    krb5_clear_error_message (context);
+	    return KRB5_RC_REPLAY;
+	}
+    }
+    if(ferror(f)){
+	char buf[128];
+	ret = errno;
+	fclose(f);
+	rk_strerror_r(ret, buf, sizeof(buf));
+	krb5_set_error_message(context, ret, "%s: %s",
+			       id->name, buf);
+	return ret;
+    }
+    fclose(f);
+    f = fopen(id->name, "a");
+    if(f == NULL) {
+	char buf[128];
+	rk_strerror_r(errno, buf, sizeof(buf));
+	krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
+			       "open(%s): %s", id->name, buf);
+	return KRB5_RC_IO_UNKNOWN;
+    }
+    fwrite(&ent, 1, sizeof(ent), f);
+    fclose(f);
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_expunge(krb5_context context,
+		krb5_rcache id)
+{
+    return 0;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rc_get_lifespan(krb5_context context,
+		     krb5_rcache id,
+		     krb5_deltat *auth_lifespan)
+{
+    FILE *f = fopen(id->name, "r");
+    int r;
+    struct rc_entry ent;
+    r = fread(&ent, sizeof(ent), 1, f);
+    fclose(f);
+    if(r){
+	*auth_lifespan = ent.stamp;
+	return 0;
+    }
+    krb5_clear_error_message (context);
+    return KRB5_RC_IO_UNKNOWN;
+}
+
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_rc_get_name(krb5_context context,
+		 krb5_rcache id)
+{
+    return id->name;
+}
+
+KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
+krb5_rc_get_type(krb5_context context,
+		 krb5_rcache id)
+{
+    return "FILE";
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_get_server_rcache(krb5_context context,
+		       const krb5_data *piece,
+		       krb5_rcache *id)
+{
+    krb5_rcache rcache;
+    krb5_error_code ret;
+
+    char *tmp = malloc(4 * piece->length + 1);
+    char *name;
+
+    if (tmp == NULL)
+	return krb5_enomem(context);
+    strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
+#ifdef HAVE_GETEUID
+    ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
+#else
+    ret = asprintf(&name, "FILE:rc_%s", tmp);
+#endif
+    free(tmp);
+    if (ret < 0 || name == NULL)
+	return krb5_enomem(context);
+
+    ret = krb5_rc_resolve_full(context, &rcache, name);
+    free(name);
+    if(ret)
+	return ret;
+    *id = rcache;
+    return ret;
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 17:47:29 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 17:47:29 +0000
commit	4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree	8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/lib/krb5/replay.c
parent	Initial commit. (diff)
download	samba-upstream.tar.xz samba-upstream.zip