From d7831abd058ce1c15bfacb1a8346f1c4b3155488 Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Fri, 9 Feb 1996 00:47:05 +0000 Subject: [PATCH] * fcc.h fcc_gprin.c fcc_maybe.c fcc_skip.c fcc_sseq.c Store the time offset from the os_context in the credentials cache. When applications open the credentials cache, they will set the os_context time offset if kdc_timesync is set and the os_context time offset has not yet been set. Note: The time offset is stored during krb5_cc_initialize, so the os_context should be set prior to this operation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7461 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/file/fcc.h | 10 ++ src/lib/krb5/ccache/file/fcc_gprin.c | 9 +- src/lib/krb5/ccache/file/fcc_maybe.c | 151 ++++++++++++++++++++------- src/lib/krb5/ccache/file/fcc_skip.c | 20 +++- src/lib/krb5/ccache/file/fcc_sseq.c | 12 ++- 5 files changed, 154 insertions(+), 48 deletions(-) diff --git a/src/lib/krb5/ccache/file/fcc.h b/src/lib/krb5/ccache/file/fcc.h index bd3f8c368..e17d437ab 100644 --- a/src/lib/krb5/ccache/file/fcc.h +++ b/src/lib/krb5/ccache/file/fcc.h @@ -61,6 +61,16 @@ #define FCC_OPEN_RDWR 2 #define FCC_OPEN_RDONLY 3 +/* Credential file header tags. + * The header tags are constructed as: + * krb5_ui_2 tag + * krb5_ui_2 len + * krb5_octet data[len] + * This format allows for older versions of the fcc processing code to skip + * past unrecognized tag formats. + */ +#define FCC_TAG_DELTATIME 1 + #ifndef TKT_ROOT #ifdef MSDOS_FILESYSTEM #define TKT_ROOT "\\tkt" diff --git a/src/lib/krb5/ccache/file/fcc_gprin.c b/src/lib/krb5/ccache/file/fcc_gprin.c index fbd35ff85..97369db01 100644 --- a/src/lib/krb5/ccache/file/fcc_gprin.c +++ b/src/lib/krb5/ccache/file/fcc_gprin.c @@ -47,13 +47,16 @@ krb5_fcc_get_principal(context, id, princ) krb5_principal *princ; { krb5_error_code kret = KRB5_OK; + krb5_fcc_data *data = (krb5_fcc_data *)id->data; MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); - /* make sure we're beyond the vno */ - lseek(((krb5_fcc_data *) id->data)->fd, sizeof(krb5_int16), SEEK_SET); - + + /* make sure we're beyond the header */ + kret = krb5_fcc_skip_header(context, id); + if (kret) goto done; kret = krb5_fcc_read_principal(context, id, princ); +done: MAYBE_CLOSE(context, id, kret); return kret; } diff --git a/src/lib/krb5/ccache/file/fcc_maybe.c b/src/lib/krb5/ccache/file/fcc_maybe.c index 2b4961e95..5ce020d17 100644 --- a/src/lib/krb5/ccache/file/fcc_maybe.c +++ b/src/lib/krb5/ccache/file/fcc_maybe.c @@ -208,12 +208,16 @@ krb5_fcc_close_file (context, id) krb5_error_code krb5_fcc_open_file (context, id, mode) - krb5_context context; + krb5_context context; krb5_ccache id; int mode; { + krb5_os_context os_ctx = (krb5_os_context)context->os_context; krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_ui_2 fcc_fvno; + krb5_ui_2 fcc_flen; + krb5_ui_2 fcc_tag; + krb5_ui_2 fcc_taglen; int fd; int open_flag; krb5_error_code retval = 0; @@ -261,43 +265,114 @@ krb5_fcc_open_file (context, id, mode) (void) close(fd); return (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; } - } else { - /* verify a valid version number is there */ - if (read(fd, (char *)&fcc_fvno, sizeof(fcc_fvno)) != - sizeof(fcc_fvno)) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CC_FORMAT; + + data->fd = fd; + + if (data->version == KRB5_FCC_FVNO_4) { + /* V4 of the credentials cache format allows for header tags */ + + fcc_flen = (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32)); + + /* Write header length */ + retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen); + if (retval) goto done; + + /* Write time offset tag */ + fcc_tag = FCC_TAG_DELTATIME; + fcc_taglen = 2*sizeof(krb5_int32); + + retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_tag); + if (retval) goto done; + retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_taglen); + if (retval) goto done; + retval = krb5_fcc_store_int32(context, id, os_ctx->time_offset); + if (retval) goto done; + retval = krb5_fcc_store_int32(context, id, os_ctx->usec_offset); + if (retval) goto done; } - if ((fcc_fvno != htons(KRB5_FCC_FVNO_4)) && - (fcc_fvno != htons(KRB5_FCC_FVNO_3)) && - (fcc_fvno != htons(KRB5_FCC_FVNO_2)) && - (fcc_fvno != htons(KRB5_FCC_FVNO_1))) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CCACHE_BADVNO; + goto done; + } + + /* verify a valid version number is there */ + if (read(fd, (char *)&fcc_fvno, sizeof(fcc_fvno)) != + sizeof(fcc_fvno)) { + (void) fcc_lock_file(data, fd, UNLOCK_IT); + (void) close(fd); + return KRB5_CC_FORMAT; + } + if ((fcc_fvno != htons(KRB5_FCC_FVNO_4)) && + (fcc_fvno != htons(KRB5_FCC_FVNO_3)) && + (fcc_fvno != htons(KRB5_FCC_FVNO_2)) && + (fcc_fvno != htons(KRB5_FCC_FVNO_1))) + { + retval = KRB5_CCACHE_BADVNO; + goto done; + } + + data->version = ntohs(fcc_fvno); + data->fd = fd; + + if (data->version == KRB5_FCC_FVNO_4) { + char buf[1024]; + + if (krb5_fcc_read_ui_2(context, id, &fcc_flen) || + (fcc_flen > sizeof(buf))) + { + retval = KRB5_CC_FORMAT; + goto done; } - if (fcc_fvno == htons(KRB5_FCC_FVNO_4)) { - krb5_ui_2 fcc_flen; - char buf[1024]; - - if (read(fd, (char *)&fcc_flen, sizeof(fcc_flen)) - != sizeof(fcc_flen)) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CC_FORMAT; - } - /* Skip past the header info for now */ - if ((fcc_flen = htons(fcc_flen)) != 0) { - if ((krb5_ui_2) read(fd, buf, fcc_flen) != fcc_flen) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CC_FORMAT; - } - } - } - data->version = ntohs(fcc_fvno); - } - data->fd = fd; - return 0; + + while (fcc_flen) { + if ((fcc_flen < (2 * sizeof(krb5_ui_2))) || + krb5_fcc_read_ui_2(context, id, &fcc_tag) || + krb5_fcc_read_ui_2(context, id, &fcc_taglen) || + (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2)))) + { + retval = KRB5_CC_FORMAT; + goto done; + } + + switch (fcc_tag) { + case FCC_TAG_DELTATIME: + if (fcc_taglen != 2*sizeof(krb5_int32)) { + retval = KRB5_CC_FORMAT; + goto done; + } + if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) || + (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) + { + if (krb5_fcc_read(context, id, buf, fcc_taglen)) { + retval = KRB5_CC_FORMAT; + goto done; + } + break; + } + if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) || + krb5_fcc_read_int32(context, id, &os_ctx->usec_offset)) + { + retval = KRB5_CC_FORMAT; + goto done; + } + os_ctx->os_flags = + ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | + KRB5_OS_TOFFSET_VALID); + break; + default: + if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) { + retval = KRB5_CC_FORMAT; + goto done; + } + break; + } + fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen); + } + } + +done: + if (retval) { + data->fd = -1; + (void) fcc_lock_file(data, fd, UNLOCK_IT); + (void) close(fd); + } + return retval; } diff --git a/src/lib/krb5/ccache/file/fcc_skip.c b/src/lib/krb5/ccache/file/fcc_skip.c index 15aa43bd2..c54cfe389 100644 --- a/src/lib/krb5/ccache/file/fcc_skip.c +++ b/src/lib/krb5/ccache/file/fcc_skip.c @@ -28,6 +28,24 @@ #include "fcc.h" +krb5_error_code +krb5_fcc_skip_header(context, id) + krb5_context context; + krb5_ccache id; +{ + krb5_fcc_data *data = (krb5_fcc_data *)id->data; + krb5_error_code kret; + krb5_ui_2 fcc_flen; + + lseek(data->fd, sizeof(krb5_ui_2), SEEK_SET); + if (data->version == KRB5_FCC_FVNO_4) { + kret = krb5_fcc_read_ui_2(context, id, &fcc_flen); + if (kret) return kret; + } + lseek(data->fd, fcc_flen, SEEK_CUR); + return KRB5_OK; +} + krb5_error_code krb5_fcc_skip_principal(context, id) krb5_context context; @@ -43,5 +61,3 @@ krb5_fcc_skip_principal(context, id) krb5_free_principal(context, princ); return KRB5_OK; } - - diff --git a/src/lib/krb5/ccache/file/fcc_sseq.c b/src/lib/krb5/ccache/file/fcc_sseq.c index c2d1645c1..dac38941c 100644 --- a/src/lib/krb5/ccache/file/fcc_sseq.c +++ b/src/lib/krb5/ccache/file/fcc_sseq.c @@ -48,6 +48,7 @@ krb5_fcc_start_seq_get(context, id, cursor) { krb5_fcc_cursor *fcursor; krb5_error_code kret = KRB5_OK; + krb5_fcc_data *data = (krb5_fcc_data *)id->data; fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor)); if (fcursor == NULL) @@ -59,16 +60,17 @@ krb5_fcc_start_seq_get(context, id, cursor) return kret; } } - else - /* seek after the version number */ - lseek(((krb5_fcc_data *) id->data)->fd, sizeof(krb5_int16), SEEK_SET); /* Make sure we start reading right after the primary principal */ + kret = krb5_fcc_skip_header(context, id); + if (kret) goto done; + kret = krb5_fcc_skip_principal(context, id); + if (kret) goto done; - krb5_fcc_skip_principal(context, id); - fcursor->pos = lseek(((krb5_fcc_data *) id->data)->fd, 0, SEEK_CUR); + fcursor->pos = lseek(data->fd, 0, SEEK_CUR); *cursor = (krb5_cc_cursor) fcursor; +done: MAYBE_CLOSE(context, id, kret); return kret; } -- 2.26.2