From 803a7c3db6ecd845aa7c5e065e6e325cc6206b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 3 Oct 2003 12:03:03 +0000 Subject: [PATCH] (_krb5_krb_dest_tkt): unlink v4 token (get_krb4_cc_name): move out from _krb5_krb_tf_setup (_krb5_krb_tf_setup): adapt to allocated filename instead of static filename git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12958 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/convert_creds.c | 84 ++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 16 deletions(-) diff --git a/lib/krb5/convert_creds.c b/lib/krb5/convert_creds.c index 9de3a0888..cf9fbdf99 100644 --- a/lib/krb5/convert_creds.c +++ b/lib/krb5/convert_creds.c @@ -98,6 +98,34 @@ _krb5_krb_life_to_time(int start, int life_) return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; } +/* + * Get the name of the krb4 credentials cache, will use `tkfile' as + * the name if that is passed in. `cc' must be free()ed by caller, + */ + +static krb5_error_code +get_krb4_cc_name(const char *tkfile, char **cc) +{ + + *cc = NULL; + if(tkfile == NULL) { + char *path; + if(!issuid()) { + path = getenv("KRBTKFILE"); + if (path) + *cc = strdup(path); + } + if(*cc == NULL) + if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) + return errno; + } else { + *cc = strdup(tkfile); + if (*cc == NULL) + return ENOMEM; + } + return 0; +} + /* * Write a Kerberos 4 ticket file */ @@ -105,35 +133,27 @@ _krb5_krb_life_to_time(int start, int life_) #define KRB5_TF_LCK_RETRY_COUNT 50 #define KRB5_TF_LCK_RETRY 1 -#ifndef TKT_ROOT -#define TKT_ROOT "/tmp/tkt" -#endif - static krb5_error_code write_v4_cc(krb5_context context, const char *tkfile, krb5_storage *sp, int append) { - char static_path[1024], *path = NULL; krb5_error_code ret; struct stat sb; krb5_data data; + char *path; int fd, i; - if (tkfile == NULL) { - if (!issuid()) - path = getenv("KRBTKFILE"); - if (path == NULL) { - snprintf(static_path, sizeof(static_path), - "%s%u", TKT_ROOT, (unsigned)getuid()); - path = static_path; - } - } else { - strlcpy(static_path, tkfile, sizeof(static_path)); - path = static_path; + ret = get_krb4_cc_name(tkfile, &path); + if (ret) { + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed getting " + "the krb4 credentials cache name"); + return ret; } fd = open(path, O_WRONLY|O_CREAT, 0600); if (fd < 0) { + free(path); krb5_set_error_string(context, "krb5_krb_tf_setup: error opening file %s", path); @@ -141,6 +161,7 @@ write_v4_cc(krb5_context context, const char *tkfile, } if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { + free(path); close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: tktfile %s is not a file", @@ -155,6 +176,7 @@ write_v4_cc(krb5_context context, const char *tkfile, break; } if (i == KRB5_TF_LCK_RETRY_COUNT) { + free(path); close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to lock %s", @@ -166,6 +188,7 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = ftruncate(fd, 0); if (ret < 0) { flock(fd, LOCK_UN); + free(path); close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to truncate %s", @@ -176,6 +199,8 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = lseek(fd, 0L, SEEK_END); if (ret < 0) { ret = errno; + flock(fd, LOCK_UN); + free(path); close(fd); return ret; } @@ -189,6 +214,7 @@ write_v4_cc(krb5_context context, const char *tkfile, krb5_free_data_contents(context, &data); flock(fd, LOCK_UN); + free(path); close(fd); return 0; @@ -265,6 +291,32 @@ _krb5_krb_tf_setup(krb5_context context, return ret; } +krb5_error_code +_krb5_krb_dest_tkt(krb5_context context, const char *tkfile) +{ + krb5_error_code ret; + char *path; + + ret = get_krb4_cc_name(tkfile, &path); + if (ret) { + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed getting " + "the krb4 credentials cache name"); + return ret; + } + + if (unlink(path) < 0) { + ret = errno; + krb5_set_error_string(context, + "krb5_krb_dest_tkt failed removing the cache " + "with error %s", strerror(ret)); + } + free(path); + + return ret; +} + + /* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. * This is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is