xref: /freebsd/crypto/heimdal/lib/krb5/replay.c (revision 02e9120893770924227138ba49df1edb3896112a)
1 /*
2  * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 #include <vis.h>
36 
37 struct krb5_rcache_data {
38     char *name;
39 };
40 
41 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
42 krb5_rc_resolve(krb5_context context,
43 		krb5_rcache id,
44 		const char *name)
45 {
46     id->name = strdup(name);
47     if(id->name == NULL) {
48 	krb5_set_error_message(context, KRB5_RC_MALLOC,
49 			       N_("malloc: out of memory", ""));
50 	return KRB5_RC_MALLOC;
51     }
52     return 0;
53 }
54 
55 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
56 krb5_rc_resolve_type(krb5_context context,
57 		     krb5_rcache *id,
58 		     const char *type)
59 {
60     *id = NULL;
61     if(strcmp(type, "FILE")) {
62 	krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
63 				N_("replay cache type %s not supported", ""),
64 				type);
65 	return KRB5_RC_TYPE_NOTFOUND;
66     }
67     *id = calloc(1, sizeof(**id));
68     if(*id == NULL) {
69 	krb5_set_error_message(context, KRB5_RC_MALLOC,
70 			       N_("malloc: out of memory", ""));
71 	return KRB5_RC_MALLOC;
72     }
73     return 0;
74 }
75 
76 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
77 krb5_rc_resolve_full(krb5_context context,
78 		     krb5_rcache *id,
79 		     const char *string_name)
80 {
81     krb5_error_code ret;
82 
83     *id = NULL;
84 
85     if(strncmp(string_name, "FILE:", 5)) {
86 	krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
87 			       N_("replay cache type %s not supported", ""),
88 			       string_name);
89 	return KRB5_RC_TYPE_NOTFOUND;
90     }
91     ret = krb5_rc_resolve_type(context, id, "FILE");
92     if(ret)
93 	return ret;
94     ret = krb5_rc_resolve(context, *id, string_name + 5);
95     if (ret) {
96 	krb5_rc_close(context, *id);
97 	*id = NULL;
98     }
99     return ret;
100 }
101 
102 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
103 krb5_rc_default_name(krb5_context context)
104 {
105     return "FILE:/var/run/default_rcache";
106 }
107 
108 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
109 krb5_rc_default_type(krb5_context context)
110 {
111     return "FILE";
112 }
113 
114 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
115 krb5_rc_default(krb5_context context,
116 		krb5_rcache *id)
117 {
118     return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
119 }
120 
121 struct rc_entry{
122     time_t stamp;
123     unsigned char data[16];
124 };
125 
126 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
127 krb5_rc_initialize(krb5_context context,
128 		   krb5_rcache id,
129 		   krb5_deltat auth_lifespan)
130 {
131     FILE *f = fopen(id->name, "w");
132     struct rc_entry tmp;
133     int ret;
134 
135     if(f == NULL) {
136 	char buf[128];
137 	ret = errno;
138 	rk_strerror_r(ret, buf, sizeof(buf));
139 	krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
140 	return ret;
141     }
142     tmp.stamp = auth_lifespan;
143     fwrite(&tmp, 1, sizeof(tmp), f);
144     fclose(f);
145     return 0;
146 }
147 
148 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
149 krb5_rc_recover(krb5_context context,
150 		krb5_rcache id)
151 {
152     return 0;
153 }
154 
155 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
156 krb5_rc_destroy(krb5_context context,
157 		krb5_rcache id)
158 {
159     int ret;
160 
161     if(remove(id->name) < 0) {
162 	char buf[128];
163 	ret = errno;
164 	rk_strerror_r(ret, buf, sizeof(buf));
165 	krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
166 	return ret;
167     }
168     return krb5_rc_close(context, id);
169 }
170 
171 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
172 krb5_rc_close(krb5_context context,
173 	      krb5_rcache id)
174 {
175     free(id->name);
176     free(id);
177     return 0;
178 }
179 
180 static void
181 checksum_authenticator(Authenticator *auth, void *data)
182 {
183     EVP_MD_CTX *m = EVP_MD_CTX_create();
184     unsigned i;
185 
186     EVP_DigestInit_ex(m, EVP_md5(), NULL);
187 
188     EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm));
189     for(i = 0; i < auth->cname.name_string.len; i++)
190 	EVP_DigestUpdate(m, auth->cname.name_string.val[i],
191 		   strlen(auth->cname.name_string.val[i]));
192     EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime));
193     EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec));
194 
195     EVP_DigestFinal_ex(m, data, NULL);
196     EVP_MD_CTX_destroy(m);
197 }
198 
199 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
200 krb5_rc_store(krb5_context context,
201 	      krb5_rcache id,
202 	      krb5_donot_replay *rep)
203 {
204     struct rc_entry ent, tmp;
205     time_t t;
206     FILE *f;
207     int ret;
208 
209     ent.stamp = time(NULL);
210     checksum_authenticator(rep, ent.data);
211     f = fopen(id->name, "r");
212     if(f == NULL) {
213 	char buf[128];
214 	ret = errno;
215 	rk_strerror_r(ret, buf, sizeof(buf));
216 	krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
217 	return ret;
218     }
219     rk_cloexec_file(f);
220     fread(&tmp, sizeof(ent), 1, f);
221     t = ent.stamp - tmp.stamp;
222     while(fread(&tmp, sizeof(ent), 1, f)){
223 	if(tmp.stamp < t)
224 	    continue;
225 	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
226 	    fclose(f);
227 	    krb5_clear_error_message (context);
228 	    return KRB5_RC_REPLAY;
229 	}
230     }
231     if(ferror(f)){
232 	char buf[128];
233 	ret = errno;
234 	fclose(f);
235 	rk_strerror_r(ret, buf, sizeof(buf));
236 	krb5_set_error_message(context, ret, "%s: %s",
237 			       id->name, buf);
238 	return ret;
239     }
240     fclose(f);
241     f = fopen(id->name, "a");
242     if(f == NULL) {
243 	char buf[128];
244 	rk_strerror_r(errno, buf, sizeof(buf));
245 	krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
246 			       "open(%s): %s", id->name, buf);
247 	return KRB5_RC_IO_UNKNOWN;
248     }
249     fwrite(&ent, 1, sizeof(ent), f);
250     fclose(f);
251     return 0;
252 }
253 
254 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
255 krb5_rc_expunge(krb5_context context,
256 		krb5_rcache id)
257 {
258     return 0;
259 }
260 
261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
262 krb5_rc_get_lifespan(krb5_context context,
263 		     krb5_rcache id,
264 		     krb5_deltat *auth_lifespan)
265 {
266     FILE *f = fopen(id->name, "r");
267     int r;
268     struct rc_entry ent;
269     r = fread(&ent, sizeof(ent), 1, f);
270     fclose(f);
271     if(r){
272 	*auth_lifespan = ent.stamp;
273 	return 0;
274     }
275     krb5_clear_error_message (context);
276     return KRB5_RC_IO_UNKNOWN;
277 }
278 
279 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
280 krb5_rc_get_name(krb5_context context,
281 		 krb5_rcache id)
282 {
283     return id->name;
284 }
285 
286 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
287 krb5_rc_get_type(krb5_context context,
288 		 krb5_rcache id)
289 {
290     return "FILE";
291 }
292 
293 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
294 krb5_get_server_rcache(krb5_context context,
295 		       const krb5_data *piece,
296 		       krb5_rcache *id)
297 {
298     krb5_rcache rcache;
299     krb5_error_code ret;
300 
301     char *tmp = malloc(4 * piece->length + 1);
302     char *name;
303 
304     if(tmp == NULL) {
305 	krb5_set_error_message(context, ENOMEM,
306 			       N_("malloc: out of memory", ""));
307 	return ENOMEM;
308     }
309     strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
310 #ifdef HAVE_GETEUID
311     ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
312 #else
313     ret = asprintf(&name, "FILE:rc_%s", tmp);
314 #endif
315     free(tmp);
316     if(ret < 0 || name == NULL) {
317 	krb5_set_error_message(context, ENOMEM,
318 			       N_("malloc: out of memory", ""));
319 	return ENOMEM;
320     }
321 
322     ret = krb5_rc_resolve_full(context, &rcache, name);
323     free(name);
324     if(ret)
325 	return ret;
326     *id = rcache;
327     return ret;
328 }
329