1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/rcache/rc_io.c */
4 * This file of the Kerberos V5 software is derived from public-domain code
5 * contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
10 * I/O functions for the replay cache default implementation.
14 # define PATH_SEPARATOR "\\"
16 # define PATH_SEPARATOR "/"
19 #define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */
25 #include <stdio.h> /* for P_tmpdir */
34 #ifdef HAVE_NETINET_IN_H
35 #if !defined(_WINSOCKAPI_)
36 #include <netinet/in.h>
39 #error find some way to use net-byte-order file version numbers.
42 #define UNIQUE getpid() /* hopefully unique number */
44 #define GETDIR (dir = getdir(), dirlen = strlen(dir) + sizeof(PATH_SEPARATOR) - 1)
51 if (!(dir = getenv("KRB5RCACHEDIR"))) {
53 if (!(dir = getenv("TEMP")))
54 if (!(dir = getenv("TMP")))
57 if (!(dir = getenv("TMPDIR"))) {
70 * Called from krb5_rc_io_creat(); calls mkstemp() and does some
71 * sanity checking on the file modes in case some broken mkstemp()
72 * implementation creates the file with overly permissive modes. To
73 * avoid race conditions, do not fchmod() a file for which mkstemp set
76 static krb5_error_code
77 krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff *d, char *dir)
79 krb5_error_code retval = 0;
83 memset(&stbuf, 0, sizeof(stbuf));
85 if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX",
86 dir, PATH_SEPARATOR) < 0) {
88 return KRB5_RC_IO_MALLOC;
90 d->fd = mkstemp(d->fn);
93 * This return value is deliberate because d->fd == -1 causes
94 * caller to go into errno interpretation code.
100 * Be paranoid and check that mkstemp made the file accessible
103 retval = fstat(d->fd, &stbuf);
105 krb5_set_error_message(context, retval,
106 _("Cannot fstat replay cache file %s: %s"),
107 d->fn, strerror(errno));
108 return KRB5_RC_IO_UNKNOWN;
110 if (stbuf.st_mode & 077) {
111 krb5_set_error_message(context, retval,
112 _("Insecure mkstemp() file mode for replay "
113 "cache file %s; try running this program "
114 "with umask 077 "), d->fn);
115 return KRB5_RC_IO_UNKNOWN;
122 static krb5_error_code rc_map_errno (int) __attribute__((cold));
125 static krb5_error_code
126 rc_map_errno (krb5_context context, int e, const char *fn,
127 const char *operation)
135 return KRB5_RC_IO_SPACE;
138 return KRB5_RC_IO_IO;
144 krb5_set_error_message(context, KRB5_RC_IO_PERM,
145 _("Cannot %s replay cache file %s: %s"),
146 operation, fn, strerror(e));
147 return KRB5_RC_IO_PERM;
150 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
151 _("Cannot %s replay cache: %s"),
152 operation, strerror(e));
153 return KRB5_RC_IO_UNKNOWN;
159 krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
161 krb5_int16 rc_vno = htons(KRB5_RC_VNO);
162 krb5_error_code retval = 0;
163 int do_not_unlink = 0;
169 if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
170 return KRB5_RC_IO_MALLOC;
172 d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
175 retval = krb5_rc_io_mkstemp(context, d, dir);
178 if (d->fd != -1 && fn) {
179 *fn = strdup(d->fn + dirlen);
182 return KRB5_RC_IO_MALLOC;
187 retval = rc_map_errno(context, errno, d->fn, "create");
188 if (retval == KRB5_RC_IO_PERM)
192 set_cloexec_fd(d->fd);
193 retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno,
198 retval = krb5_rc_io_sync(context, d);
204 (void) unlink(d->fn);
215 static krb5_error_code
216 krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
220 krb5_error_code retval = 0;
221 int do_not_unlink = 1;
223 struct stat sb1, sb2;
230 if (!(d->fn = strdup(full_pathname)))
231 return KRB5_RC_IO_MALLOC;
233 if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0)
234 return KRB5_RC_IO_MALLOC;
238 d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
240 retval = rc_map_errno(context, errno, d->fn, "open");
245 retval = lstat(d->fn, &sb1);
247 retval = rc_map_errno(context, errno, d->fn, "lstat");
250 d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
252 retval = rc_map_errno(context, errno, d->fn, "open");
255 retval = fstat(d->fd, &sb2);
257 retval = rc_map_errno(context, errno, d->fn, "fstat");
260 /* check if someone was playing with symlinks */
261 if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
262 || (sb1.st_mode & S_IFMT) != S_IFREG)
264 retval = KRB5_RC_IO_PERM;
265 krb5_set_error_message(context, retval,
266 "rcache not a file %s", d->fn);
269 /* check that non other can read/write/execute the file */
270 if (sb1.st_mode & 077) {
271 krb5_set_error_message(context, retval,
272 _("Insecure file mode for replay cache file "
274 return KRB5_RC_IO_UNKNOWN;
277 if (sb1.st_uid != geteuid()) {
278 retval = KRB5_RC_IO_PERM;
279 krb5_set_error_message(context, retval, _("rcache not owned by %d"),
284 set_cloexec_fd(d->fd);
287 retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno,
292 if (ntohs(rc_vno) != KRB5_RC_VNO)
293 retval = KRB5_RCACHE_BADVNO;
298 (void) unlink(d->fn);
308 krb5_rc_io_open(krb5_context context, krb5_rc_iostuff *d, char *fn)
310 return krb5_rc_io_open_internal(context, d, fn, NULL);
314 krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1,
315 krb5_rc_iostuff *old)
317 #if defined(_WIN32) || defined(__CYGWIN__)
321 krb5_error_code retval = 0;
323 * Initial work around provided by Tom Sanfilippo to work around
324 * poor Windows emulation of POSIX functions. Rename and dup has
325 * different semantics!
327 * Additional fixes and explanation provided by dalmeida@mit.edu:
329 * First, we save the offset of "old". Then, we close and remove
330 * the "new" file so we can do the rename. We also close "old" to
331 * make sure the rename succeeds (though that might not be
332 * necessary on some systems).
334 * Next, we do the rename. If all goes well, we seek the "new"
335 * file to the position "old" was at.
339 * Since "old" is now gone, we mourn its disappearance, but we
340 * cannot emulate that Unix behavior... THIS BEHAVIOR IS
341 * DIFFERENT FROM UNIX. However, it is ok because this function
342 * gets called such that "old" gets closed right afterwards.
344 offset = lseek(old->fd, 0, SEEK_CUR);
358 if (rename(old_fn, new_fn) == -1) { /* MUST be atomic! */
359 retval = KRB5_RC_IO_UNKNOWN;
363 retval = krb5_rc_io_open_internal(context, new1, 0, new_fn);
367 if (lseek(new1->fd, offset, SEEK_SET) == -1) {
368 retval = KRB5_RC_IO_UNKNOWN;
378 if (rename(old->fn, new1->fn) == -1) /* MUST be atomic! */
379 return KRB5_RC_IO_UNKNOWN;
381 new1->fn = NULL; /* avoid clobbering */
382 (void) krb5_rc_io_close(context, new1);
384 new1->fd = dup(old->fd);
385 set_cloexec_fd(new1->fd);
391 krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
394 if (write(d->fd, (char *) buf, num) == -1)
402 krb5_set_error_message (context, KRB5_RC_IO_SPACE,
403 _("Can't write to replay cache: %s"),
405 return KRB5_RC_IO_SPACE;
407 krb5_set_error_message (context, KRB5_RC_IO_IO,
408 _("Can't write to replay cache: %s"),
410 return KRB5_RC_IO_IO;
413 krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN,
414 _("Can't write to replay cache: %s"),
416 return KRB5_RC_IO_UNKNOWN;
422 krb5_rc_io_sync(krb5_context context, krb5_rc_iostuff *d)
426 #define fsync _commit
429 if (fsync(d->fd) == -1) {
432 case EBADF: return KRB5_RC_IO_UNKNOWN;
433 case EIO: return KRB5_RC_IO_IO;
435 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
436 _("Cannot sync replay cache file: %s"),
438 return KRB5_RC_IO_UNKNOWN;
445 krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
449 if ((count = read(d->fd, (char *) buf, num)) == -1)
452 case EIO: return KRB5_RC_IO_IO;
455 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
456 _("Can't read from replay cache: %s"),
458 return KRB5_RC_IO_UNKNOWN;
460 if (count < 0 || (unsigned int)count != num)
461 return KRB5_RC_IO_EOF;
466 krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d)
473 if (close(d->fd) == -1) /* can't happen */
474 return KRB5_RC_IO_UNKNOWN;
481 krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d)
483 if (unlink(d->fn) == -1)
487 krb5_set_error_message(context, KRB5_RC_IO_IO,
488 _("Can't destroy replay cache: %s"),
490 return KRB5_RC_IO_IO;
494 krb5_set_error_message(context, KRB5_RC_IO_PERM,
495 _("Can't destroy replay cache: %s"),
497 return KRB5_RC_IO_PERM;
500 krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
501 _("Can't destroy replay cache: %s"),
503 return KRB5_RC_IO_UNKNOWN;
509 krb5_rc_io_mark(krb5_context context, krb5_rc_iostuff *d)
511 d->mark = lseek(d->fd, (off_t) 0, SEEK_CUR); /* can't fail */
516 krb5_rc_io_unmark(krb5_context context, krb5_rc_iostuff *d)
518 (void) lseek(d->fd, d->mark, SEEK_SET); /* if it fails, tough luck */
523 krb5_rc_io_size(krb5_context context, krb5_rc_iostuff *d)
527 if (fstat(d->fd, &statb) == 0)
528 return statb.st_size;