static krb5_error_code fkt_start_seq_get_int(krb5_context context, krb5_keytab id, int flags, int exclusive, krb5_kt_cursor *c) { int8_t pvno, tag; krb5_error_code ret; struct fkt_data *d = id->data; c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; krb5_set_error_message(context, ret, N_("keytab %s open failed: %s", ""), d->filename, strerror(ret)); return ret; } rk_cloexec(c->fd); ret = _krb5_xlock(context, c->fd, exclusive, d->filename); if (ret) { close(c->fd); return ret; } c->sp = krb5_storage_from_fd(c->fd); if (c->sp == NULL) { _krb5_xunlock(context, c->fd); close(c->fd); return krb5_enomem(context); } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); ret = krb5_ret_int8(c->sp, &pvno); if(ret) { krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); krb5_clear_error_message(context); return ret; } if(pvno != 5) { krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); krb5_clear_error_message (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8(c->sp, &tag); if (ret) { krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); krb5_clear_error_message(context); return ret; } id->version = tag; storage_set_flags(context, c->sp, id->version); return 0; }
static krb5_error_code fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { krb5_fcache *f = FCACHE(id); int ret = 0; int fd; char *filename = f->filename; unlink (filename); ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { krb5_storage *sp; sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); if(context->fcache_vno != 0) f->version = context->fcache_vno; else f->version = KRB5_FCC_FVNO_4; ret |= krb5_store_int8(sp, 5); ret |= krb5_store_int8(sp, f->version); storage_set_flags(context, sp, f->version); if(f->version == KRB5_FCC_FVNO_4 && ret == 0) { /* V4 stuff */ if (context->kdc_sec_offset) { ret |= krb5_store_int16 (sp, 12); /* length */ ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */ ret |= krb5_store_int16 (sp, 8); /* length of data */ ret |= krb5_store_int32 (sp, context->kdc_sec_offset); ret |= krb5_store_int32 (sp, context->kdc_usec_offset); } else { ret |= krb5_store_int16 (sp, 0); } } ret |= krb5_store_principal(sp, primary_principal); ret |= write_storage(context, sp, fd); krb5_storage_free(sp); } fcc_unlock(context, fd); if (close(fd) < 0) if (ret == 0) { ret = errno; krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), strerror(ret)); } return ret; }
static krb5_error_code fcc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) { int ret; int fd; ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; { krb5_storage *sp; sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); storage_set_flags(context, sp, FCACHE(id)->version); if (!krb5_config_get_bool_default(context, NULL, TRUE, "libdefaults", "fcc-mit-ticketflags", NULL)) krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER); ret = krb5_store_creds(sp, creds); if (ret == 0) ret = write_storage(context, sp, fd); krb5_storage_free(sp); } fcc_unlock(context, fd); if (close(fd) < 0) { if (ret == 0) { ret = errno; krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), strerror(ret)); } } return ret; }
static krb5_error_code init_fcc (krb5_context context, krb5_ccache id, krb5_storage **ret_sp, int *ret_fd) { int fd; int8_t pvno, tag; krb5_storage *sp; krb5_error_code ret; ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; sp = krb5_storage_from_fd(fd); if(sp == NULL) { krb5_clear_error_message(context); ret = ENOMEM; goto out; } krb5_storage_set_eof_code(sp, KRB5_CC_END); ret = krb5_ret_int8(sp, &pvno); if(ret != 0) { if(ret == KRB5_CC_END) { ret = ENOENT; krb5_set_error_message(context, ret, N_("Empty credential cache file: %s", ""), FILENAME(id)); } else krb5_set_error_message(context, ret, N_("Error reading pvno " "in cache file: %s", ""), FILENAME(id)); goto out; } if(pvno != 5) { ret = KRB5_CCACHE_BADVNO; krb5_set_error_message(context, ret, N_("Bad version number in credential " "cache file: %s", ""), FILENAME(id)); goto out; } ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */ if(ret != 0) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, "Error reading tag in " "cache file: %s", FILENAME(id)); goto out; } FCACHE(id)->version = tag; storage_set_flags(context, sp, FCACHE(id)->version); switch (tag) { case KRB5_FCC_FVNO_4: { int16_t length; ret = krb5_ret_int16 (sp, &length); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading tag length in " "cache file: %s", ""), FILENAME(id)); goto out; } while(length > 0) { int16_t dtag, data_len; int i; int8_t dummy; ret = krb5_ret_int16 (sp, &dtag); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading dtag in " "cache file: %s", ""), FILENAME(id)); goto out; } ret = krb5_ret_int16 (sp, &data_len); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading dlength " "in cache file: %s",""), FILENAME(id)); goto out; } switch (dtag) { case FCC_TAG_DELTATIME : ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading kdc_sec in " "cache file: %s", ""), FILENAME(id)); goto out; } ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading kdc_usec in " "cache file: %s", ""), FILENAME(id)); goto out; } break; default : for (i = 0; i < data_len; ++i) { ret = krb5_ret_int8 (sp, &dummy); if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, N_("Error reading unknown " "tag in cache file: %s", ""), FILENAME(id)); goto out; } } break; } length -= 4 + data_len; } break; } case KRB5_FCC_FVNO_3: case KRB5_FCC_FVNO_2: case KRB5_FCC_FVNO_1: break; default : ret = KRB5_CCACHE_BADVNO; krb5_set_error_message(context, ret, N_("Unknown version number (%d) in " "credential cache file: %s", ""), (int)tag, FILENAME(id)); goto out; } *ret_sp = sp; *ret_fd = fd; return 0; out: if(sp != NULL) krb5_storage_free(sp); fcc_unlock(context, fd); close(fd); return ret; }
static krb5_error_code KRB5_CALLCONV fkt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { int ret; int fd; krb5_storage *sp; struct fkt_data *d = id->data; krb5_data keytab; int32_t len; fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, N_("open(%s): %s", ""), d->filename, strerror(ret)); return ret; } rk_cloexec(fd); ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); return ret; } sp = krb5_storage_from_fd(fd); krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = fkt_setup_keytab(context, id, sp); if(ret) { goto out; } storage_set_flags(context, sp, id->version); } else { int8_t pvno, tag; rk_cloexec(fd); ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); return ret; } sp = krb5_storage_from_fd(fd); krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = krb5_ret_int8(sp, &pvno); if(ret) { /* we probably have a zero byte file, so try to set it up properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { krb5_set_error_message(context, ret, N_("%s: keytab is corrupted: %s", ""), d->filename, strerror(ret)); goto out; } storage_set_flags(context, sp, id->version); } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; krb5_set_error_message(context, ret, N_("Bad version in keytab %s", ""), d->filename); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { krb5_set_error_message(context, ret, N_("failed reading tag from " "keytab %s", ""), d->filename); goto out; } id->version = tag; storage_set_flags(context, sp, id->version); } } { krb5_storage *emem; emem = krb5_storage_emem(); if(emem == NULL) { ret = krb5_enomem(context); goto out; } ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { krb5_set_error_message(context, ret, N_("Failed storing principal " "in keytab %s", ""), d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int32 (emem, entry->timestamp); if(ret) { krb5_set_error_message(context, ret, N_("Failed storing timpstamp " "in keytab %s", ""), d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int8 (emem, entry->vno % 256); if(ret) { krb5_set_error_message(context, ret, N_("Failed storing kvno " "in keytab %s", ""), d->filename); krb5_storage_free(emem); goto out; } ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; } if ((d->flags & KRB5_KT_FL_JAVA) == 0) { ret = krb5_store_int32 (emem, entry->vno); if (ret) { krb5_set_error_message(context, ret, N_("Failed storing extended kvno " "in keytab %s", ""), d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_uint32 (emem, entry->flags); if (ret) { krb5_set_error_message(context, ret, N_("Failed storing extended kvno " "in keytab %s", ""), d->filename); krb5_storage_free(emem); goto out; } } ret = krb5_storage_to_data(emem, &keytab); krb5_storage_free(emem); if(ret) { krb5_set_error_message(context, ret, N_("Failed converting keytab entry " "to memory block for keytab %s", ""), d->filename); goto out; } } while(1) { ret = krb5_ret_int32(sp, &len); if(ret == KRB5_KT_END) { len = keytab.length; break; } if(len < 0) { len = -len; if(len >= (int)keytab.length) { krb5_storage_seek(sp, -4, SEEK_CUR); break; } } krb5_storage_seek(sp, len, SEEK_CUR); } ret = krb5_store_int32(sp, len); if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) { ret = errno; krb5_set_error_message(context, ret, N_("Failed writing keytab block " "in keytab %s: %s", ""), d->filename, strerror(ret)); } memset(keytab.data, 0, keytab.length); krb5_data_free(&keytab); out: krb5_storage_free(sp); _krb5_xunlock(context, fd); close(fd); return ret; }
static krb5_error_code fkt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { int ret; int fd; krb5_storage *sp; struct fkt_data *d = id->data; krb5_data keytab; int32_t len; fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); if (fd < 0) { ret = errno; krb5_set_error_string(context, "open(%s): %s", d->filename, strerror(ret)); return ret; } ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); return ret; } sp = krb5_storage_from_fd(fd); krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = fkt_setup_keytab(context, id, sp); if(ret) { goto out; } storage_set_flags(context, sp, id->version); } else { int8_t pvno, tag; ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); return ret; } sp = krb5_storage_from_fd(fd); krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = krb5_ret_int8(sp, &pvno); if(ret) { /* we probably have a zero byte file, so try to set it up properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { krb5_set_error_string(context, "%s: keytab is corrupted: %s", d->filename, strerror(ret)); goto out; } storage_set_flags(context, sp, id->version); } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; krb5_set_error_string(context, "%s: %s", d->filename, strerror(ret)); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { krb5_set_error_string(context, "%s: reading tag: %s", d->filename, strerror(ret)); goto out; } id->version = tag; storage_set_flags(context, sp, id->version); } } { krb5_storage *emem; emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; krb5_set_error_string (context, "malloc: out of memory"); goto out; } ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { krb5_storage_free(emem); goto out; } ret = krb5_store_int32 (emem, entry->timestamp); if(ret) { krb5_storage_free(emem); goto out; } ret = krb5_store_int8 (emem, entry->vno % 256); if(ret) { krb5_storage_free(emem); goto out; } ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; } if ((d->flags & KRB5_KT_FL_JAVA) == 0) { ret = krb5_store_int32 (emem, entry->vno); if (ret) { krb5_storage_free(emem); goto out; } } ret = krb5_storage_to_data(emem, &keytab); krb5_storage_free(emem); if(ret) goto out; } while(1) { ret = krb5_ret_int32(sp, &len); if(ret == KRB5_KT_END) { len = keytab.length; break; } if(len < 0) { len = -len; if(len >= keytab.length) { krb5_storage_seek(sp, -4, SEEK_CUR); break; } } krb5_storage_seek(sp, len, SEEK_CUR); } ret = krb5_store_int32(sp, len); if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) ret = errno; memset(keytab.data, 0, keytab.length); krb5_data_free(&keytab); out: krb5_storage_free(sp); _krb5_xunlock(context, fd); close(fd); return ret; }