1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/rcache/rc_io.c */
4 * This file of the Kerberos V5 software is derived from public-domain code
5 * contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
10 * I/O functions for the replay cache default implementation.
14 # define PATH_SEPARATOR "\\"
16 # define PATH_SEPARATOR "/"
19 #define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */
25 #include <stdio.h> /* for P_tmpdir */
34 #ifdef HAVE_NETINET_IN_H
35 #if !defined(_WINSOCKAPI_)
36 #include <netinet/in.h>
39 #error find some way to use net-byte-order file version numbers.
42 #define UNIQUE getpid() /* hopefully unique number */
44 #define GETDIR (dir = getdir(), dirlen = strlen(dir) + sizeof(PATH_SEPARATOR) - 1)
51 if (!(dir = getenv("KRB5RCACHEDIR"))) {
53 if (!(dir = getenv("TEMP")))
54 if (!(dir = getenv("TMP")))
57 if (!(dir = getenv("TMPDIR"))) {
70 * Called from krb5_rc_io_creat(); calls mkstemp() and does some
71 * sanity checking on the file modes in case some broken mkstemp()
72 * implementation creates the file with overly permissive modes. To
73 * avoid race conditions, do not fchmod() a file for which mkstemp set
76 static krb5_error_code
77 krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff *d, char *dir)
79 krb5_error_code retval = 0;
83 memset(&stbuf, 0, sizeof(stbuf));
85 if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX",
86 dir, PATH_SEPARATOR) < 0) {
88 return KRB5_RC_IO_MALLOC;
90 d->fd = mkstemp(d->fn);
93 * This return value is deliberate because d->fd == -1 causes
94 * caller to go into errno interpretation code.
100 * Be paranoid and check that mkstemp made the file accessible
103 retval = fstat(d->fd, &stbuf);
105 k5_setmsg(context, retval,
106 _("Cannot fstat replay cache file %s: %s"),
107 d->fn, strerror(errno));
108 return KRB5_RC_IO_UNKNOWN;
110 if (stbuf.st_mode & 077) {
111 k5_setmsg(context, retval,
112 _("Insecure mkstemp() file mode for replay cache file %s; "
113 "try running this program with umask 077"), d->fn);
114 return KRB5_RC_IO_UNKNOWN;
121 static krb5_error_code rc_map_errno (int) __attribute__((cold));
124 static krb5_error_code
125 rc_map_errno (krb5_context context, int e, const char *fn,
126 const char *operation)
134 return KRB5_RC_IO_SPACE;
137 return KRB5_RC_IO_IO;
143 k5_setmsg(context, KRB5_RC_IO_PERM,
144 _("Cannot %s replay cache file %s: %s"),
145 operation, fn, strerror(e));
146 return KRB5_RC_IO_PERM;
149 k5_setmsg(context, KRB5_RC_IO_UNKNOWN, _("Cannot %s replay cache: %s"),
150 operation, strerror(e));
151 return KRB5_RC_IO_UNKNOWN;
157 krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
159 krb5_int16 rc_vno = htons(KRB5_RC_VNO);
160 krb5_error_code retval = 0;
161 int flags, do_not_unlink = 0;
167 if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
168 return KRB5_RC_IO_MALLOC;
171 if (unlink(d->fn) == -1 && errno != ENOENT)
173 flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY;
174 d->fd = THREEPARAMOPEN(d->fn, flags, 0600);
175 } while (d->fd == -1 && errno == EEXIST);
177 retval = krb5_rc_io_mkstemp(context, d, dir);
180 if (d->fd != -1 && fn) {
181 *fn = strdup(d->fn + dirlen);
184 return KRB5_RC_IO_MALLOC;
189 retval = rc_map_errno(context, errno, d->fn, "create");
190 if (retval == KRB5_RC_IO_PERM)
194 set_cloexec_fd(d->fd);
195 retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno,
200 retval = krb5_rc_io_sync(context, d);
206 (void) unlink(d->fn);
217 static krb5_error_code
218 krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
222 krb5_error_code retval = 0;
223 int do_not_unlink = 1;
225 struct stat sb1, sb2;
231 if (!(d->fn = strdup(full_pathname)))
232 return KRB5_RC_IO_MALLOC;
234 if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0)
235 return KRB5_RC_IO_MALLOC;
239 d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
241 retval = rc_map_errno(context, errno, d->fn, "open");
246 retval = lstat(d->fn, &sb1);
248 retval = rc_map_errno(context, errno, d->fn, "lstat");
251 d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
253 retval = rc_map_errno(context, errno, d->fn, "open");
256 retval = fstat(d->fd, &sb2);
258 retval = rc_map_errno(context, errno, d->fn, "fstat");
261 /* check if someone was playing with symlinks */
262 if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
263 || (sb1.st_mode & S_IFMT) != S_IFREG)
265 retval = KRB5_RC_IO_PERM;
266 k5_setmsg(context, retval, "rcache not a file %s", d->fn);
269 /* check that non other can read/write/execute the file */
270 if (sb1.st_mode & 077) {
271 k5_setmsg(context, retval,
272 _("Insecure file mode for replay cache file %s"), d->fn);
273 return KRB5_RC_IO_UNKNOWN;
276 if (sb1.st_uid != geteuid()) {
277 retval = KRB5_RC_IO_PERM;
278 k5_setmsg(context, retval, _("rcache not owned by %d"),
283 set_cloexec_fd(d->fd);
286 retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno,
291 if (ntohs(rc_vno) != KRB5_RC_VNO)
292 retval = KRB5_RCACHE_BADVNO;
297 (void) unlink(d->fn);
307 krb5_rc_io_open(krb5_context context, krb5_rc_iostuff *d, char *fn)
309 return krb5_rc_io_open_internal(context, d, fn, NULL);
313 krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1,
314 krb5_rc_iostuff *old)
316 #if defined(_WIN32) || defined(__CYGWIN__)
320 krb5_error_code retval = 0;
322 * Initial work around provided by Tom Sanfilippo to work around
323 * poor Windows emulation of POSIX functions. Rename and dup has
324 * different semantics!
326 * Additional fixes and explanation provided by dalmeida@mit.edu:
328 * First, we save the offset of "old". Then, we close and remove
329 * the "new" file so we can do the rename. We also close "old" to
330 * make sure the rename succeeds (though that might not be
331 * necessary on some systems).
333 * Next, we do the rename. If all goes well, we seek the "new"
334 * file to the position "old" was at.
338 * Since "old" is now gone, we mourn its disappearance, but we
339 * cannot emulate that Unix behavior... THIS BEHAVIOR IS
340 * DIFFERENT FROM UNIX. However, it is ok because this function
341 * gets called such that "old" gets closed right afterwards.
343 offset = lseek(old->fd, 0, SEEK_CUR);
357 if (rename(old_fn, new_fn) == -1) { /* MUST be atomic! */
358 retval = KRB5_RC_IO_UNKNOWN;
362 retval = krb5_rc_io_open_internal(context, new1, 0, new_fn);
366 if (lseek(new1->fd, offset, SEEK_SET) == -1) {
367 retval = KRB5_RC_IO_UNKNOWN;
377 if (rename(old->fn, new1->fn) == -1) /* MUST be atomic! */
378 return KRB5_RC_IO_UNKNOWN;
380 new1->fn = NULL; /* avoid clobbering */
381 (void) krb5_rc_io_close(context, new1);
383 new1->fd = dup(old->fd);
384 set_cloexec_fd(new1->fd);
390 krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
393 if (write(d->fd, (char *) buf, num) == -1)
401 k5_setmsg(context, KRB5_RC_IO_SPACE,
402 _("Can't write to replay cache: %s"), strerror(errno));
403 return KRB5_RC_IO_SPACE;
405 k5_setmsg(context, KRB5_RC_IO_IO,
406 _("Can't write to replay cache: %s"), strerror(errno));
407 return KRB5_RC_IO_IO;
410 k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
411 _("Can't write to replay cache: %s"), strerror(errno));
412 return KRB5_RC_IO_UNKNOWN;
418 krb5_rc_io_sync(krb5_context context, krb5_rc_iostuff *d)
422 #define fsync _commit
425 if (fsync(d->fd) == -1) {
428 case EBADF: return KRB5_RC_IO_UNKNOWN;
429 case EIO: return KRB5_RC_IO_IO;
431 k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
432 _("Cannot sync replay cache file: %s"), strerror(errno));
433 return KRB5_RC_IO_UNKNOWN;
440 krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
444 if ((count = read(d->fd, (char *) buf, num)) == -1)
447 case EIO: return KRB5_RC_IO_IO;
450 k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
451 _("Can't read from replay cache: %s"), strerror(errno));
452 return KRB5_RC_IO_UNKNOWN;
454 if (count < 0 || (unsigned int)count != num)
455 return KRB5_RC_IO_EOF;
460 krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d)
467 if (close(d->fd) == -1) /* can't happen */
468 return KRB5_RC_IO_UNKNOWN;
475 krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d)
477 if (unlink(d->fn) == -1)
481 k5_setmsg(context, KRB5_RC_IO_IO,
482 _("Can't destroy replay cache: %s"), strerror(errno));
483 return KRB5_RC_IO_IO;
487 k5_setmsg(context, KRB5_RC_IO_PERM,
488 _("Can't destroy replay cache: %s"), strerror(errno));
489 return KRB5_RC_IO_PERM;
492 k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
493 _("Can't destroy replay cache: %s"), strerror(errno));
494 return KRB5_RC_IO_UNKNOWN;
500 krb5_rc_io_mark(krb5_context context, krb5_rc_iostuff *d)
502 d->mark = lseek(d->fd, (off_t) 0, SEEK_CUR); /* can't fail */
507 krb5_rc_io_unmark(krb5_context context, krb5_rc_iostuff *d)
509 (void) lseek(d->fd, d->mark, SEEK_SET); /* if it fails, tough luck */
514 krb5_rc_io_size(krb5_context context, krb5_rc_iostuff *d)
518 if (fstat(d->fd, &statb) == 0)
519 return statb.st_size;