summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/krb5/fcache.c
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/krb5/fcache.c')
-rw-r--r--third_party/heimdal/lib/krb5/fcache.c1693
1 files changed, 1693 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/fcache.c b/third_party/heimdal/lib/krb5/fcache.c
new file mode 100644
index 0000000..30dff35
--- /dev/null
+++ b/third_party/heimdal/lib/krb5/fcache.c
@@ -0,0 +1,1693 @@
+/*
+ * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+typedef struct krb5_fcache{
+ char *filename;
+ char *res;
+ char *sub;
+ char *tmpfn;
+ int version;
+}krb5_fcache;
+
+struct fcc_cursor {
+ int fd;
+ off_t cred_start;
+ off_t cred_end;
+ krb5_storage *sp;
+};
+
+#define KRB5_FCC_FVNO_1 1
+#define KRB5_FCC_FVNO_2 2
+#define KRB5_FCC_FVNO_3 3
+#define KRB5_FCC_FVNO_4 4
+
+#define FCC_TAG_DELTATIME 1
+
+#define FCACHE(X) ((krb5_fcache*)(X)->data.data)
+
+#define FILENAME(X) (FCACHE(X)->filename)
+#define TMPFILENAME(X) (FCACHE(X)->tmpfn)
+#define RESFILENAME(X) (FCACHE(X)->res)
+#define SUBFILENAME(X) (FCACHE(X)->sub)
+
+#define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_name_2(krb5_context context,
+ krb5_ccache id,
+ const char **name,
+ const char **colname,
+ const char **sub)
+{
+ if (FCACHE(id) == NULL)
+ return KRB5_CC_NOTFOUND;
+
+ if (name)
+ *name = FILENAME(id);
+ if (colname)
+ *colname = FILENAME(id);
+ if (sub)
+ *sub = NULL;
+ return 0;
+}
+
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+_krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
+ const char *filename)
+{
+ int ret;
+#ifdef HAVE_FCNTL
+ struct flock l;
+
+ l.l_start = 0;
+ l.l_len = 0;
+ l.l_type = exclusive ? F_WRLCK : F_RDLCK;
+ l.l_whence = SEEK_SET;
+ ret = fcntl(fd, F_SETLKW, &l);
+#else
+ ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
+#endif
+ if(ret < 0)
+ ret = errno;
+ if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
+ ret = EAGAIN;
+
+ switch (ret) {
+ case 0:
+ break;
+ case EINVAL: /* filesystem doesn't support locking, let the user have it */
+ ret = 0;
+ break;
+ case EAGAIN:
+ krb5_set_error_message(context, ret,
+ N_("timed out locking cache file %s", "file"),
+ filename);
+ break;
+ default: {
+ char buf[128];
+ rk_strerror_r(ret, buf, sizeof(buf));
+ krb5_set_error_message(context, ret,
+ N_("error locking cache file %s: %s",
+ "file, error"), filename, buf);
+ break;
+ }
+ }
+ return ret;
+}
+
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+_krb5_xunlock(krb5_context context, int fd)
+{
+ int ret;
+#ifdef HAVE_FCNTL
+ struct flock l;
+ l.l_start = 0;
+ l.l_len = 0;
+ l.l_type = F_UNLCK;
+ l.l_whence = SEEK_SET;
+ ret = fcntl(fd, F_SETLKW, &l);
+#else
+ ret = flock(fd, LOCK_UN);
+#endif
+ if (ret < 0)
+ ret = errno;
+ switch (ret) {
+ case 0:
+ break;
+ case EINVAL: /* filesystem doesn't support locking, let the user have it */
+ ret = 0;
+ break;
+ default: {
+ char buf[128];
+ rk_strerror_r(ret, buf, sizeof(buf));
+ krb5_set_error_message(context, ret,
+ N_("Failed to unlock file: %s", ""), buf);
+ break;
+ }
+ }
+ return ret;
+}
+
+static krb5_error_code
+write_storage(krb5_context context, krb5_storage *sp, int fd)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ ssize_t sret;
+
+ ret = krb5_storage_to_data(sp, &data);
+ if (ret) {
+ krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
+ return ret;
+ }
+ sret = write(fd, data.data, data.length);
+ ret = (sret != (ssize_t)data.length);
+ krb5_data_free(&data);
+ if (ret) {
+ ret = errno;
+ krb5_set_error_message(context, ret,
+ N_("Failed to write FILE credential data", ""));
+ return ret;
+ }
+ return 0;
+}
+
+
+static krb5_error_code KRB5_CALLCONV
+fcc_lock(krb5_context context, krb5_ccache id,
+ int fd, krb5_boolean exclusive)
+{
+ krb5_error_code ret;
+ const char *name;
+
+ if (exclusive == FALSE)
+ return 0;
+ ret = fcc_get_name_2(context, id, &name, NULL, NULL);
+ if (ret == 0)
+ ret = _krb5_xlock(context, fd, exclusive, name);
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_default_name(krb5_context, char **);
+
+/*
+ * This is the character used to separate the residual from the subsidiary name
+ * when both are given. It's tempting to use ':' just as we do in the ccache
+ * names, but we can't on Windows.
+ */
+#define FILESUBSEP "+"
+#define FILESUBSEPCHR ((FILESUBSEP)[0])
+
+static krb5_error_code KRB5_CALLCONV
+fcc_resolve_2(krb5_context context,
+ krb5_ccache *id,
+ const char *res,
+ const char *sub)
+{
+ krb5_fcache *f;
+ char *freeme = NULL;
+
+ if (res == NULL && sub == NULL)
+ return krb5_einval(context, 3);
+ if (res == NULL) {
+ krb5_error_code ret;
+
+ if ((ret = fcc_get_default_name(context, &freeme)))
+ return ret;
+ res = freeme + sizeof("FILE:") - 1;
+ } else if (!sub && (sub = strchr(res, FILESUBSEPCHR))) {
+ if (sub[1] == '\0') {
+ sub = NULL;
+ } else {
+ /* `res' has a subsidiary component, so split on it */
+ if ((freeme = strndup(res, sub - res)) == NULL)
+ return krb5_enomem(context);
+ res = freeme;
+ sub++;
+ }
+ }
+
+ if ((f = calloc(1, sizeof(*f))) == NULL ||
+ (f->res = strdup(res)) == NULL ||
+ (f->sub = sub ? strdup(sub) : NULL) == (sub ? NULL : "") ||
+ asprintf(&f->filename, "%s%s%s",
+ res, sub ? FILESUBSEP : "", sub ? sub : "") == -1 ||
+ f->filename == NULL) {
+ if (f) {
+ free(f->filename);
+ free(f->res);
+ free(f->sub);
+ }
+ free(f);
+ free(freeme);
+ return krb5_enomem(context);
+ }
+ f->tmpfn = NULL;
+ f->version = 0;
+ (*id)->data.data = f;
+ (*id)->data.length = sizeof(*f);
+
+ free(freeme);
+ return 0;
+}
+
+/*
+ * Try to scrub the contents of `filename' safely.
+ */
+
+static int
+scrub_file (int fd)
+{
+ off_t pos;
+ char buf[128];
+
+ pos = lseek(fd, 0, SEEK_END);
+ if (pos < 0)
+ return errno;
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return errno;
+ memset(buf, 0, sizeof(buf));
+ while(pos > 0) {
+ ssize_t tmp;
+ size_t wr = sizeof(buf);
+ if (wr > pos)
+ wr = (size_t)pos;
+ tmp = write(fd, buf, wr);
+
+ if (tmp < 0)
+ return errno;
+ pos -= tmp;
+ }
+#ifdef _MSC_VER
+ _commit (fd);
+#else
+ fsync (fd);
+#endif
+ return 0;
+}
+
+/*
+ * Erase `filename' if it exists, trying to remove the contents if
+ * it's `safe'. We always try to remove the file, it it exists. It's
+ * only overwritten if it's a regular file (not a symlink and not a
+ * hardlink)
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_erase_file(krb5_context context, const char *filename)
+{
+ int fd;
+ struct stat sb1, sb2;
+ int ret;
+
+ ret = lstat (filename, &sb1);
+ if (ret < 0) {
+ if(errno == ENOENT)
+ return 0;
+ else
+ return errno;
+ }
+
+ fd = open(filename, O_RDWR | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
+ if(fd < 0) {
+ if(errno == ENOENT)
+ return 0;
+ else
+ return errno;
+ }
+ rk_cloexec(fd);
+ ret = _krb5_xlock(context, fd, 1, filename);
+ if (ret) {
+ close(fd);
+ return ret;
+ }
+ if (unlink(filename) < 0) {
+ ret = errno;
+ close (fd);
+ krb5_set_error_message(context, errno,
+ N_("krb5_cc_destroy: unlinking \"%s\": %s", ""),
+ filename, strerror(ret));
+ return ret;
+ }
+ ret = fstat(fd, &sb2);
+ if (ret < 0) {
+ ret = errno;
+ close (fd);
+ return ret;
+ }
+
+ /* check if someone was playing with symlinks */
+
+ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+ close(fd);
+ return EPERM;
+ }
+
+ /* there are still hard links to this file */
+
+ if (sb2.st_nlink != 0) {
+ close(fd);
+ return 0;
+ }
+
+ ret = scrub_file(fd);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_gen_new(krb5_context context, krb5_ccache *id)
+{
+ char *file = NULL, *exp_file = NULL;
+ krb5_error_code ret;
+ krb5_fcache *f;
+ int fd;
+
+ f = calloc(1, sizeof(*f));
+ if(f == NULL) {
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
+ return KRB5_CC_NOMEM;
+ }
+ f->tmpfn = NULL;
+ /*
+ * XXX We should asprintf(&file, "%s:XXXXXX", KRB5_DEFAULT_CCNAME_FILE)
+ * instead so that new unique FILE ccaches can be found in the user's
+ * default collection.
+ * */
+ ret = asprintf(&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
+ if(ret < 0 || file == NULL) {
+ free(f);
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
+ return KRB5_CC_NOMEM;
+ }
+ ret = _krb5_expand_path_tokens(context, file, 1, &exp_file);
+ free(file);
+ if (ret) {
+ free(f);
+ return ret;
+ }
+
+ file = exp_file;
+
+ fd = mkostemp(exp_file, O_CLOEXEC);
+ if(fd < 0) {
+ ret = (krb5_error_code)errno;
+ krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file);
+ free(f);
+ free(exp_file);
+ return ret;
+ }
+ close(fd);
+ f->filename = exp_file;
+ f->res = strdup(exp_file); /* XXX See above commentary about collection */
+ f->sub = NULL;
+ f->version = 0;
+ (*id)->data.data = f;
+ (*id)->data.length = sizeof(*f);
+ return 0;
+}
+
+static void
+storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
+{
+ int flags = 0;
+ switch(vno) {
+ case KRB5_FCC_FVNO_1:
+ flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
+ flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
+ flags |= KRB5_STORAGE_HOST_BYTEORDER;
+ break;
+ case KRB5_FCC_FVNO_2:
+ flags |= KRB5_STORAGE_HOST_BYTEORDER;
+ break;
+ case KRB5_FCC_FVNO_3:
+ flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
+ break;
+ case KRB5_FCC_FVNO_4:
+ break;
+ default:
+ krb5_abortx(context,
+ "storage_set_flags called with bad vno (%x)", vno);
+ }
+ krb5_storage_set_flags(sp, flags);
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_open(krb5_context context,
+ krb5_ccache id,
+ const char *operation,
+ int *fd_ret,
+ int flags,
+ mode_t mode)
+{
+ krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
+ (flags | O_RDWR) == flags);
+ krb5_error_code ret;
+ const char *filename;
+ struct stat sb1, sb2;
+#ifndef _WIN32
+ struct stat sb3;
+ size_t tries = 3;
+#endif
+ int strict_checking;
+ int fd;
+
+ flags |= O_BINARY | O_CLOEXEC | O_NOFOLLOW;
+
+ *fd_ret = -1;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if ((flags & O_EXCL)) {
+ /*
+ * FIXME Instead of mkostemp()... we could instead try to use a .new
+ * file... with care. Or the O_TMPFILE / linkat() extensions. We need
+ * a roken / heimbase abstraction for that.
+ */
+ if (TMPFILENAME(id))
+ (void) unlink(TMPFILENAME(id));
+ free(TMPFILENAME(id));
+ TMPFILENAME(id) = NULL;
+ if (asprintf(&TMPFILENAME(id), "%s-XXXXXX", FILENAME(id)) < 0 ||
+ TMPFILENAME(id) == NULL)
+ return krb5_enomem(context);
+ if ((fd = mkostemp(TMPFILENAME(id), O_CLOEXEC)) == -1) {
+ krb5_set_error_message(context, ret = errno,
+ N_("Could not make temp ccache FILE:%s", ""),
+ TMPFILENAME(id));
+ free(TMPFILENAME(id));
+ TMPFILENAME(id) = NULL;
+ return ret;
+ }
+ goto out;
+ }
+
+ filename = TMPFILENAME(id) ? TMPFILENAME(id) : FILENAME(id);
+ strict_checking = (flags & O_CREAT) == 0 &&
+ (context->flags & KRB5_CTX_F_FCACHE_STRICT_CHECKING) != 0;
+
+#ifndef WIN32
+again:
+#endif
+ memset(&sb1, 0, sizeof(sb1));
+ ret = lstat(filename, &sb1);
+ if (ret == 0) {
+ if (!S_ISREG(sb1.st_mode)) {
+ krb5_set_error_message(context, EPERM,
+ N_("Refuses to open symlinks for caches FILE:%s", ""), filename);
+ return EPERM;
+ }
+ } else if (errno != ENOENT || !(flags & O_CREAT)) {
+ krb5_set_error_message(context, errno, N_("%s lstat(%s)", "file, error"),
+ operation, filename);
+ return errno;
+ }
+
+ fd = open(filename, flags, mode);
+ if(fd < 0) {
+ char buf[128];
+ ret = errno;
+ rk_strerror_r(ret, buf, sizeof(buf));
+ krb5_set_error_message(context, ret, N_("%s open(%s): %s", "file, error"),
+ operation, filename, buf);
+ return ret;
+ }
+ rk_cloexec(fd);
+
+ ret = fstat(fd, &sb2);
+ if (ret < 0) {
+ krb5_clear_error_message(context);
+ close(fd);
+ return errno;
+ }
+
+ if (!S_ISREG(sb2.st_mode)) {
+ krb5_set_error_message(context, EPERM, N_("Refuses to open non files caches: FILE:%s", ""), filename);
+ close(fd);
+ return EPERM;
+ }
+
+#ifndef _WIN32
+ if (sb1.st_dev && sb1.st_ino &&
+ (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)) {
+ /*
+ * Perhaps we raced with a rename(). To complain about
+ * symlinks in that case would cause unnecessary concern, so
+ * we check for that possibility and loop. This has no
+ * TOCTOU problems because we redo the open(). We could also
+ * not do any of this checking if O_NOFOLLOW != 0...
+ */
+ close(fd);
+ ret = lstat(filename, &sb3);
+ if (ret || sb1.st_dev != sb2.st_dev ||
+ sb3.st_dev != sb2.st_dev || sb3.st_ino != sb2.st_ino) {
+ krb5_set_error_message(context, EPERM, N_("Refuses to open possible symlink for caches: FILE:%s", ""), filename);
+ return EPERM;
+ }
+ if (--tries == 0) {
+ krb5_set_error_message(context, EPERM, N_("Raced too many times with renames of FILE:%s", ""), filename);
+ return EPERM;
+ }
+ goto again;
+ }
+#endif
+
+ /*
+ * /tmp (or wherever default ccaches go) might not be on its own
+ * filesystem, or on a filesystem different /etc, say, and even if
+ * it were, suppose a user hard-links another's ccache to her
+ * default ccache, then runs a set-uid program that will user her
+ * default ccache (even if it ignores KRB5CCNAME)...
+ *
+ * Default ccache locations should really be on per-user non-tmp
+ * locations on tmpfs "run" directories. But we don't know here
+ * that this is the case. Thus: no hard-links, no symlinks.
+ */
+ if (sb2.st_nlink != 1) {
+ krb5_set_error_message(context, EPERM, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename);
+ close(fd);
+ return EPERM;
+ }
+
+ if (strict_checking) {
+#ifndef _WIN32
+ /*
+ * XXX WIN32: Needs to have ACL checking code!
+ * st_mode comes out as 100666, and st_uid is no use.
+ */
+ /*
+ * XXX Should probably add options to improve control over this
+ * check. We might want strict checking of everything except
+ * this.
+ */
+ if (sb2.st_uid != geteuid()) {
+ krb5_set_error_message(context, EPERM, N_("Refuses to open cache files not own by myself FILE:%s (owned by %d)", ""), filename, (int)sb2.st_uid);
+ close(fd);
+ return EPERM;
+ }
+ if ((sb2.st_mode & 077) != 0) {
+ krb5_set_error_message(context, EPERM,
+ N_("Refuses to open group/other readable files FILE:%s", ""), filename);
+ close(fd);
+ return EPERM;
+ }
+#endif
+ }
+
+out:
+ if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
+ close(fd);
+ return ret;
+ }
+ *fd_ret = fd;
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_fcache *f = FCACHE(id);
+ int ret = 0;
+ int fd;
+
+ if (f == NULL)
+ return krb5_einval(context, 2);
+
+ /*
+ * fcc_open() will notice the O_EXCL and will make a temporary file that
+ * will later be renamed into place.
+ */
+ ret = fcc_open(context, id, "initialize", &fd, O_RDWR | O_CREAT | O_EXCL, 0600);
+ if(ret)
+ return ret;
+ {
+ krb5_storage *sp;
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return krb5_enomem(context);
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ if(context->fcache_vno != 0)
+ f->version = context->fcache_vno;
+ else
+ f->version = KRB5_FCC_FVNO_4;
+ if (ret == 0)
+ ret = krb5_store_int8(sp, 5);
+ if (ret == 0)
+ ret = krb5_store_int8(sp, f->version);
+ storage_set_flags(context, sp, f->version);
+ if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
+ /* V4 stuff */
+ if (context->kdc_sec_offset) {
+ if (ret == 0)
+ ret = krb5_store_int16 (sp, 12); /* length */
+ if (ret == 0)
+ ret = krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
+ if (ret == 0)
+ ret = krb5_store_int16 (sp, 8); /* length of data */
+ if (ret == 0)
+ ret = krb5_store_int32 (sp, context->kdc_sec_offset);
+ if (ret == 0)
+ ret = krb5_store_int32 (sp, context->kdc_usec_offset);
+ } else {
+ if (ret == 0)
+ ret = krb5_store_int16 (sp, 0);
+ }
+ }
+ if (ret == 0)
+ ret = krb5_store_principal(sp, primary_principal);
+
+ if (ret == 0)
+ ret = write_storage(context, sp, fd);
+
+ krb5_storage_free(sp);
+ }
+ if (close(fd) < 0)
+ if (ret == 0) {
+ char buf[128];
+ ret = errno;
+ rk_strerror_r(ret, buf, sizeof(buf));
+ krb5_set_error_message(context, ret, N_("close %s: %s", ""),
+ FILENAME(id), buf);
+ }
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_close(krb5_context context,
+ krb5_ccache id)
+{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (TMPFILENAME(id))
+ (void) unlink(TMPFILENAME(id));
+ free(TMPFILENAME(id));
+ free(RESFILENAME(id));
+ free(SUBFILENAME(id));
+ free(FILENAME(id));
+ krb5_data_free(&id->data);
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (TMPFILENAME(id))
+ (void) _krb5_erase_file(context, TMPFILENAME(id));
+ return _krb5_erase_file(context, FILENAME(id));
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ int ret;
+ int fd;
+
+ ret = fcc_open(context, id, "store", &fd, O_WRONLY | O_APPEND, 0);
+ if(ret)
+ return ret;
+ {
+ krb5_storage *sp;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return krb5_enomem(context);
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ storage_set_flags(context, sp, FCACHE(id)->version);
+ ret = krb5_store_creds(sp, creds);
+ if (ret == 0)
+ ret = write_storage(context, sp, fd);
+ krb5_storage_free(sp);
+ }
+ if (close(fd) < 0) {
+ if (ret == 0) {
+ char buf[128];
+ ret = errno;
+ rk_strerror_r(ret, buf, sizeof(buf));
+ krb5_set_error_message(context, ret, N_("close %s: %s", ""),
+ FILENAME(id), buf);
+ }
+ }
+ if (ret == 0 && TMPFILENAME(id) &&
+ !krb5_is_config_principal(context, creds->server)) {
+
+ /*
+ * Portability note: there's no need to have WIN32 or other code here
+ * for odd rename cases because rk_rename() is meant to handle that.
+ */
+ ret = rk_rename(TMPFILENAME(id), FILENAME(id));
+ if (ret == 0) {
+ free(TMPFILENAME(id));
+ TMPFILENAME(id) = NULL;
+ } else {
+ ret = errno;
+ }
+ }
+ return ret;
+}
+
+static krb5_error_code
+init_fcc(krb5_context context,
+ krb5_ccache id,
+ const char *operation,
+ krb5_storage **ret_sp,
+ int *ret_fd,
+ krb5_deltat *kdc_offset)
+{
+ int fd;
+ int8_t pvno, tag;
+ krb5_storage *sp;
+ krb5_error_code ret;
+
+ *ret_fd = -1;
+ *ret_sp = NULL;
+ if (kdc_offset)
+ *kdc_offset = 0;
+
+ ret = fcc_open(context, id, operation, &fd, O_RDONLY, 0);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_stdio_from_fd(fd, "r");
+ if(sp == NULL) {
+ krb5_clear_error_message(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ ret = krb5_ret_int8(sp, &pvno);
+ if (ret != 0) {
+ if(ret == KRB5_CC_END) {
+ ret = ENOENT;
+ krb5_set_error_message(context, ret,
+ N_("Empty credential cache file: %s", ""),
+ FILENAME(id));
+ } else
+ krb5_set_error_message(context, ret, N_("Error reading pvno "
+ "in cache file: %s", ""),
+ FILENAME(id));
+ goto out;
+ }
+ if (pvno != 5) {
+ ret = KRB5_CCACHE_BADVNO;
+ krb5_set_error_message(context, ret, N_("Bad version number in credential "
+ "cache file: %s", ""),
+ FILENAME(id));
+ goto out;
+ }
+ ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
+ if (ret != 0) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret, "Error reading tag in "
+ "cache file: %s", FILENAME(id));
+ goto out;
+ }
+ FCACHE(id)->version = tag;
+ storage_set_flags(context, sp, FCACHE(id)->version);
+ switch (tag) {
+ case KRB5_FCC_FVNO_4: {
+ int16_t length;
+
+ ret = krb5_ret_int16 (sp, &length);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret,
+ N_("Error reading tag length in "
+ "cache file: %s", ""), FILENAME(id));
+ goto out;
+ }
+ while(length > 0) {
+ int16_t dtag, data_len;
+ int i;
+ int8_t dummy;
+
+ ret = krb5_ret_int16 (sp, &dtag);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret, N_("Error reading dtag in "
+ "cache file: %s", ""),
+ FILENAME(id));
+ goto out;
+ }
+ ret = krb5_ret_int16 (sp, &data_len);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret,
+ N_("Error reading dlength "
+ "in cache file: %s",""),
+ FILENAME(id));
+ goto out;
+ }
+ switch (dtag) {
+ case FCC_TAG_DELTATIME : {
+ int32_t offset;
+
+ ret = krb5_ret_int32 (sp, &offset);
+ ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret,
+ N_("Error reading kdc_sec in "
+ "cache file: %s", ""),
+ FILENAME(id));
+ goto out;
+ }
+ context->kdc_sec_offset = offset;
+ if (kdc_offset)
+ *kdc_offset = offset;
+ break;
+ }
+ default :
+ for (i = 0; i < data_len; ++i) {
+ ret = krb5_ret_int8 (sp, &dummy);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_message(context, ret,
+ N_("Error reading unknown "
+ "tag in cache file: %s", ""),
+ FILENAME(id));
+ goto out;
+ }
+ }
+ break;
+ }
+ length -= 4 + data_len;
+ }
+ break;
+ }
+ case KRB5_FCC_FVNO_3:
+ case KRB5_FCC_FVNO_2:
+ case KRB5_FCC_FVNO_1:
+ break;
+ default :
+ ret = KRB5_CCACHE_BADVNO;
+ krb5_set_error_message(context, ret,
+ N_("Unknown version number (%d) in "
+ "credential cache file: %s", ""),
+ (int)tag, FILENAME(id));
+ goto out;
+ }
+ *ret_sp = sp;
+ *ret_fd = fd;
+
+ return 0;
+ out:
+ if(sp != NULL)
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ int fd;
+ krb5_storage *sp;
+
+ ret = init_fcc (context, id, "get-principal", &sp, &fd, NULL);
+ if (ret)
+ return ret;
+ ret = krb5_ret_principal(sp, principal);
+ if (ret)
+ krb5_clear_error_message(context);
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_end_get(krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_first(krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_principal principal;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ *cursor = calloc(1, sizeof(struct fcc_cursor));
+ if (*cursor == NULL) {
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+
+ ret = init_fcc(context, id, "get-first", &FCC_CURSOR(*cursor)->sp,
+ &FCC_CURSOR(*cursor)->fd, NULL);
+ if (ret) {
+ free(*cursor);
+ *cursor = NULL;
+ return ret;
+ }
+ ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
+ if(ret) {
+ krb5_clear_error_message(context);
+ fcc_end_get(context, id, cursor);
+ return ret;
+ }
+ krb5_free_principal (context, principal);
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (FCC_CURSOR(*cursor) == NULL)
+ return krb5_einval(context, 3);
+
+ FCC_CURSOR(*cursor)->cred_start =
+ krb5_storage_seek(FCC_CURSOR(*cursor)->sp, 0, SEEK_CUR);
+
+ ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
+ if (ret)
+ krb5_clear_error_message(context);
+
+ FCC_CURSOR(*cursor)->cred_end =
+ krb5_storage_seek(FCC_CURSOR(*cursor)->sp, 0, SEEK_CUR);
+
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ if (FCC_CURSOR(*cursor) == NULL)
+ return krb5_einval(context, 3);
+
+ krb5_storage_free(FCC_CURSOR(*cursor)->sp);
+ close (FCC_CURSOR(*cursor)->fd);
+ free(*cursor);
+ *cursor = NULL;
+ return 0;
+}
+
+static void KRB5_CALLCONV
+cred_delete(krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *cred)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ krb5_data orig_cred_data;
+ unsigned char *cred_data_in_file = NULL;
+ off_t new_cred_sz;
+ struct stat sb1, sb2;
+ int fd = -1;
+ ssize_t bytes;
+ krb5_const_realm srealm = krb5_principal_get_realm(context, cred->server);
+
+ /* This is best-effort code; if we lose track of errors here it's OK */
+
+ heim_assert(FCC_CURSOR(*cursor)->cred_start < FCC_CURSOR(*cursor)->cred_end,
+ "fcache internal error");
+
+ krb5_data_zero(&orig_cred_data);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return;
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ storage_set_flags(context, sp, FCACHE(id)->version);
+
+ /* Get a copy of what the cred should look like in the file; see below */
+ ret = krb5_store_creds(sp, cred);
+ if (ret)
+ goto out;
+
+ ret = krb5_storage_to_data(sp, &orig_cred_data);
+ if (ret)
+ goto out;
+ krb5_storage_free(sp);
+
+ cred_data_in_file = malloc(orig_cred_data.length);
+ if (cred_data_in_file == NULL)
+ goto out;
+
+ /*
+ * Mark the cred expired; krb5_cc_retrieve_cred() callers should use
+ * KRB5_TC_MATCH_TIMES, so this should be good enough...
+ */
+ cred->times.endtime = 0;
+
+ /* ...except for config creds because we don't check their endtimes */
+ if (srealm && strcmp(srealm, "X-CACHECONF:") == 0) {
+ ret = krb5_principal_set_realm(context, cred->server, "X-RMED-CONF:");
+ if (ret)
+ goto out;
+ }
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ goto out;
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ storage_set_flags(context, sp, FCACHE(id)->version);
+
+ ret = krb5_store_creds(sp, cred);
+
+ /* The new cred must be the same size as the old cred */
+ new_cred_sz = krb5_storage_seek(sp, 0, SEEK_END);
+ if (new_cred_sz != orig_cred_data.length || new_cred_sz !=
+ (FCC_CURSOR(*cursor)->cred_end - FCC_CURSOR(*cursor)->cred_start)) {
+ /* XXX This really can't happen. Assert like above? */
+ krb5_set_error_message(context, EINVAL,
+ N_("Credential deletion failed on ccache "
+ "FILE:%s: new credential size did not "
+ "match old credential size", ""),
+ FILENAME(id));
+ goto out;
+ }
+
+ ret = fcc_open(context, id, "remove_cred", &fd, O_RDWR, 0);
+ if (ret)
+ goto out;
+
+ /*
+ * Check that we're updating the same file where we got the
+ * cred's offset, else we'd be corrupting a new ccache.
+ */
+ if (fstat(FCC_CURSOR(*cursor)->fd, &sb1) == -1 ||
+ fstat(fd, &sb2) == -1)
+ goto out;
+ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
+ goto out;
+
+ /*
+ * Make sure what we overwrite is what we expected.
+ *
+ * FIXME: We *really* need the ccache v4 tag for ccache ID. This
+ * check that we're only overwriting something that looks exactly
+ * like what we want to is probably good enough in practice, but
+ * it's not guaranteed to work.
+ */
+ if (lseek(fd, FCC_CURSOR(*cursor)->cred_start, SEEK_SET) == (off_t)-1)
+ goto out;
+ bytes = read(fd, cred_data_in_file, orig_cred_data.length);
+ if (bytes != orig_cred_data.length)
+ goto out;
+ if (memcmp(orig_cred_data.data, cred_data_in_file, bytes) != 0)
+ goto out;
+ if (lseek(fd, FCC_CURSOR(*cursor)->cred_start, SEEK_SET) == (off_t)-1)
+ goto out;
+ ret = write_storage(context, sp, fd);
+out:
+ if (fd > -1) {
+ if (close(fd) < 0 && ret == 0) {
+ krb5_set_error_message(context, errno, N_("close %s", ""),
+ FILENAME(id));
+ }
+ }
+ krb5_data_free(&orig_cred_data);
+ free(cred_data_in_file);
+ krb5_storage_free(sp);
+ return;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *mcred)
+{
+ krb5_error_code ret, ret2;
+ krb5_cc_cursor cursor;
+ krb5_creds found_cred;
+
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ ret = krb5_cc_start_seq_get(context, id, &cursor);
+ if (ret)
+ return ret;
+ while ((ret = krb5_cc_next_cred(context, id, &cursor, &found_cred)) == 0) {
+ if (!krb5_compare_creds(context, which, mcred, &found_cred)) {
+ krb5_free_cred_contents(context, &found_cred);
+ continue;
+ }
+ cred_delete(context, id, &cursor, &found_cred);
+ krb5_free_cred_contents(context, &found_cred);
+ }
+ ret2 = krb5_cc_end_seq_get(context, id, &cursor);
+ if (ret2) /* not expected to fail */
+ return ret2;
+ if (ret == KRB5_CC_END)
+ return 0;
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ if (FCACHE(id) == NULL)
+ return krb5_einval(context, 2);
+
+ return 0; /* XXX */
+}
+
+static int KRB5_CALLCONV
+fcc_get_version(krb5_context context,
+ krb5_ccache id)
+{
+ if (FCACHE(id) == NULL)
+ return -1;
+
+ return FCACHE(id)->version;
+}
+
+static const char *
+my_basename(const char *fn)
+{
+ const char *base, *p;
+
+ if (strncmp(fn, "FILE:", sizeof("FILE:") - 1) == 0)
+ fn += sizeof("FILE:") - 1;
+ for (p = base = fn; *p; p++) {
+#ifdef WIN32
+ if (*p == '/' || *p == '\\')
+ base = p + 1;
+#else
+ if (*p == '/')
+ base = p + 1;
+#endif
+ }
+ return base;
+}
+
+/* We could use an rk_dirname()... */
+static char *
+my_dirname(const char *fn)
+{
+ size_t len, i;
+ char *dname;
+
+ if (strncmp(fn, "FILE:", sizeof("FILE:") - 1) == 0)
+ fn += sizeof("FILE:") - 1;
+
+ if ((dname = strdup(fn)) == NULL)
+ return NULL;
+ len = strlen(dname);
+ for (i = 0; i < len; i++) {
+#ifdef WIN32
+ if (dname[len - i] == '\\' ||
+ dname[len - i] == '/') {
+ dname[len - i] = '\0';
+ break;
+ }
+#else
+ if (dname[len - i] == '/') {
+ dname[len - i] = '\0';
+ break;
+ }
+#endif
+ }
+ if (i < len)
+ return dname;
+ free(dname);
+ return strdup(".");
+}
+
+/*
+ * This checks that a directory entry matches a required basename and has a
+ * non-empty subsidiary component.
+ */
+static int
+matchbase(const char *fn, const char *base, size_t baselen)
+{
+ return strncmp(fn, base, baselen) == 0 &&
+ (fn[baselen] == FILESUBSEPCHR && fn[baselen + 1] != '\0');
+}
+
+/*
+ * Check if `def_locs' contains `name' (which must be the default ccache name),
+ * in which case the caller may look for subsidiaries of all of `def_locs'.
+ *
+ * This is needed because the collection iterators don't take a base location
+ * as an argument, so we can only search default locations, but only if the
+ * current default ccache name is indeed a default (as opposed to from
+ * KRB5CCNAME being set in the environment pointing to a non-default name).
+ */
+static krb5_error_code
+is_default_collection(krb5_context context, const char *name,
+ const char * const *def_locs, int *res)
+{
+ krb5_error_code ret;
+ const char *def_loc[2] = { KRB5_DEFAULT_CCNAME_FILE, NULL };
+ const char *sep;
+ size_t namelen;
+ size_t i;
+
+ *res = 0;
+ if (name == NULL) {
+ *res = 1;
+ return 0;
+ }
+ if ((sep = strchr(name, FILESUBSEPCHR)))
+ namelen = (size_t)(sep - name);
+ else
+ namelen = strlen(name);
+ if (def_locs == NULL)
+ def_locs = def_loc;
+ for (i = 0; !(*res) && def_locs[i]; i++) {
+ char *e = NULL;
+
+ if ((ret = _krb5_expand_default_cc_name(context, def_locs[i], &e)))
+ return ret;
+ *res = strncmp(e, name, namelen) == 0 &&
+ (sep == NULL || e[namelen] == FILESUBSEPCHR || e[namelen] == '\0');
+ free(e);
+ }
+ return 0;
+}
+
+/*
+ * Collection iterator cursor.
+ *
+ * There may be an array of locations, and for each location we'll try
+ * resolving it, as well as doing a readdir() of the dirname of it and output
+ * all ccache names in that directory that begin with the current location and
+ * end in "+${subsidiary}".
+ */
+struct fcache_iter {
+ const char *curr_location;
+ char *def_ccname; /* The default ccname */
+ char **locations; /* All the other places we'll look for a ccache */
+ char *dname; /* dirname() of curr_location */
+ DIR *d;
+ struct dirent *dentry;
+ int location; /* Index of `locations' */
+ unsigned int first:1;
+ unsigned int dead:1;
+};
+
+/* Initiate FILE collection iteration */
+static krb5_error_code KRB5_CALLCONV
+fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ struct fcache_iter *iter = NULL;
+ krb5_error_code ret;
+ const char *def_ccname = NULL;
+ char **def_locs = NULL;
+ int is_def_coll = 0;
+
+ if (krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults",
+ "enable_file_cache_iteration", NULL)) {
+ def_ccname = krb5_cc_default_name(context);
+ def_locs = krb5_config_get_strings(context, NULL, "libdefaults",
+ "default_file_cache_collections",
+ NULL);
+ }
+
+ /*
+ * Note: do not allow krb5_cc_default_name() to recurse via
+ * krb5_cc_cache_match().
+ * Note that context->default_cc_name will be NULL even though
+ * KRB5CCNAME is set in the environment if neither krb5_cc_default_name()
+ * nor krb5_cc_set_default_name() have been called.
+ */
+
+ /*
+ * Figure out if the current default ccache name is a really a default one
+ * so we know whether to search any other default FILE collection
+ * locations.
+ */
+ if ((ret = is_default_collection(context, def_ccname,
+ (const char **)def_locs,
+ &is_def_coll)))
+ goto out;
+
+ /* Setup the cursor */
+ if ((iter = calloc(1, sizeof(*iter))) == NULL ||
+ (def_ccname && (iter->def_ccname = strdup(def_ccname)) == NULL)) {
+ ret = krb5_enomem(context);
+ goto out;
+ }
+
+ if (is_def_coll) {
+ /* Since def_ccname is in the `def_locs', we'll include those */
+ iter->locations = def_locs;
+ free(iter->def_ccname);
+ iter->def_ccname = NULL;
+ def_locs = NULL;
+ } else {
+ /* Since def_ccname is NOT in the `def_locs', we'll exclude those */
+ iter->locations = NULL;
+ }
+ iter->curr_location = NULL;
+ iter->location = -1; /* Pre-incremented */
+ iter->first = 1;
+ iter->dname = NULL;
+ iter->d = NULL;
+ *cursor = iter;
+ iter = NULL;
+ ret = 0;
+
+out:
+ krb5_config_free_strings(def_locs);
+ free(iter);
+ return ret;
+}
+
+/* Pick the next location as the `iter->curr_location' */
+static krb5_error_code
+next_location(krb5_context context, struct fcache_iter *iter)
+{
+ if (iter->first && iter->def_ccname) {
+ iter->curr_location = iter->def_ccname;
+ iter->first = 0;
+ return 0;
+ }
+ iter->first = 0;
+
+ if (iter->d)
+ closedir(iter->d);
+ iter->d = NULL;
+ iter->curr_location = NULL;
+ if (iter->locations &&
+ (iter->curr_location = iter->locations[++(iter->location)]))
+ return 0;
+
+ iter->dead = 1; /* Do not run off the end of iter->locations */
+ return KRB5_CC_END;
+}
+
+/* Output the next match for `iter->curr_location' from readdir() */
+static krb5_error_code
+next_dir_match(krb5_context context, struct fcache_iter *iter, char **fn)
+{
+ struct stat st;
+ const char *base = my_basename(iter->curr_location);
+ size_t baselen = strlen(base);
+ char *s;
+
+ *fn = NULL;
+ if (iter->d == NULL)
+ return 0;
+ for (iter->dentry = readdir(iter->d);
+ iter->dentry;
+ iter->dentry = readdir(iter->d)) {
+ if (!matchbase(iter->dentry->d_name, base, baselen))
+ continue;
+ if (asprintf(&s, "FILE:%s/%s", iter->dname, iter->dentry->d_name) == -1 ||
+ s == NULL)
+ return krb5_enomem(context);
+ if (stat(s + sizeof("FILE:") - 1, &st) == 0 && S_ISREG(st.st_mode)) {
+ *fn = s;
+ return 0;
+ }
+ free(s);
+ }
+ iter->curr_location = NULL;
+ closedir(iter->d);
+ iter->d = NULL;
+ return 0;
+}
+
+/* See if the given `ccname' is a FILE ccache we can resolve */
+static krb5_error_code
+try1(krb5_context context, const char *ccname, krb5_ccache *id)
+{
+ krb5_error_code ret;
+ krb5_ccache cc;
+
+ ret = krb5_cc_resolve(context, ccname, &cc);
+ if (ret == ENOMEM)
+ return ret;
+ if (ret == 0) {
+ if (strcmp(krb5_cc_get_type(context, cc), "FILE") == 0) {
+ *id = cc;
+ cc = NULL;
+ }
+ krb5_cc_close(context, cc);
+ }
+ return 0;
+}
+
+/* Output the next FILE ccache in the FILE ccache collection */
+static krb5_error_code KRB5_CALLCONV
+fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ struct fcache_iter *iter = cursor;
+ krb5_error_code ret;
+ char *name = NULL;
+
+ *id = NULL;
+ if (iter == NULL)
+ return krb5_einval(context, 2);
+
+ /* Do not run off the end of iter->locations */
+ if (iter->dead)
+ return KRB5_CC_END;
+
+ if (!iter->curr_location) {
+ /* Next base location */
+ if ((ret = next_location(context, iter)))
+ return ret;
+ /* Output the current base location */
+ if ((ret = try1(context, iter->curr_location, id)) || *id)
+ return ret;
+ }
+
+ /* Look for subsidiaries of iter->curr_location */
+ if (!iter->d) {
+ free(iter->dname);
+ if ((iter->dname = my_dirname(iter->curr_location)) == NULL)
+ return krb5_enomem(context);
+ if ((iter->d = opendir(iter->dname)) == NULL) {
+ /* Dirname ENOENT -> next location */
+ if ((ret = next_location(context, iter)))
+ return ret;
+ /* Tail-recurse */
+ return fcc_get_cache_next(context, cursor, id);
+ }
+ }
+ for (ret = next_dir_match(context, iter, &name);
+ ret == 0 && name != NULL;
+ ret = next_dir_match(context, iter, &name)) {
+ if ((ret = try1(context, name, id)) || *id) {
+ free(name);
+ return ret;
+ }
+ free(name);
+ }
+
+ /* Directory listing exhausted -> go to next location, tail-recurse */
+ if ((ret = next_location(context, iter)))
+ return ret;
+ return fcc_get_cache_next(context, cursor, id);
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ struct fcache_iter *iter = cursor;
+
+ if (iter == NULL)
+ return krb5_einval(context, 2);
+
+ krb5_config_free_strings(iter->locations);
+ if (iter->d)
+ closedir(iter->d);
+ free(iter->def_ccname);
+ free(iter->dname);
+ free(iter);
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_error_code ret = 0;
+ krb5_fcache *f = FCACHE(from);
+ krb5_fcache *t = FCACHE(to);
+
+ if (f->tmpfn) {
+ /*
+ * If `from' has a temp file and we haven't renamed it into place yet,
+ * then we should rename TMPFILENAME(from) to FILENAME(to).
+ *
+ * This can only happen if we're moving a ccache where only cc config
+ * entries, or no entries, have been written. That's not likely.
+ */
+ if (rk_rename(f->tmpfn, t->filename)) {
+ ret = errno;
+ } else {
+ free(f->tmpfn);
+ f->tmpfn = NULL;
+ }
+ } else if (rk_rename(f->filename, t->filename)) {
+ ret = errno;
+ }
+ /*
+ * We need only close from -- we can't destroy it since the rename
+ * succeeded, which "destroyed" it at its old name.
+ */
+ if (ret == 0)
+ krb5_cc_close(context, from);
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_default_name(krb5_context context, char **str)
+{
+ return _krb5_expand_default_cc_name(context,
+ KRB5_DEFAULT_CCNAME_FILE,
+ str);
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_set_default_cache(krb5_context context, krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_ccache dest;
+ char *s = NULL;
+
+ if (SUBFILENAME(id) == NULL)
+ return 0; /* Already a primary */
+ if (asprintf(&s, "FILE:%s", RESFILENAME(id)) == -1 || s == NULL)
+ return krb5_enomem(context);
+
+ /*
+ * We can't hard-link, since we refuse to open ccaches with st_nlink > 1,
+ * and we can't rename() the ccache because the old name should remain
+ * available. Ergo, we copy the ccache.
+ */
+ ret = krb5_cc_resolve(context, s, &dest);
+ if (ret == 0)
+ ret = krb5_cc_copy_cache(context, id, dest);
+ free(s);
+ if (ret)
+ krb5_set_error_message(context, ret,
+ N_("Failed to copy subsidiary cache file %s to "
+ "default %s", ""), FILENAME(id),
+ RESFILENAME(id));
+ return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
+{
+ krb5_error_code ret;
+ struct stat sb;
+ int fd;
+
+ ret = fcc_open(context, id, "lastchange", &fd, O_RDONLY, 0);
+ if(ret)
+ return ret;
+ ret = fstat(fd, &sb);
+ close(fd);
+ if (ret) {
+ ret = errno;
+ krb5_set_error_message(context, ret, N_("Failed to stat cache file", ""));
+ return ret;
+ }
+ *mtime = sb.st_mtime;
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
+{
+ return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
+{
+ krb5_error_code ret;
+ krb5_storage *sp = NULL;
+ int fd;
+ ret = init_fcc(context, id, "get-kdc-offset", &sp, &fd, kdc_offset);
+ if (sp)
+ krb5_storage_free(sp);
+ close(fd);
+
+ return ret;
+}
+
+
+/**
+ * Variable containing the FILE based credential cache implemention.
+ *
+ * @ingroup krb5_ccache
+ */
+
+KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
+ KRB5_CC_OPS_VERSION_5,
+ "FILE",
+ NULL,
+ NULL,
+ fcc_gen_new,
+ fcc_initialize,
+ fcc_destroy,
+ fcc_close,
+ fcc_store_cred,
+ NULL, /* fcc_retrieve */
+ fcc_get_principal,
+ fcc_get_first,
+ fcc_get_next,
+ fcc_end_get,
+ fcc_remove_cred,
+ fcc_set_flags,
+ fcc_get_version,
+ fcc_get_cache_first,
+ fcc_get_cache_next,
+ fcc_end_cache_get,
+ fcc_move,
+ fcc_get_default_name,
+ fcc_set_default_cache,
+ fcc_lastchange,
+ fcc_set_kdc_offset,
+ fcc_get_kdc_offset,
+ fcc_get_name_2,
+ fcc_resolve_2
+};