oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_krb5_krb_dest_tkt): unlink v4 token

Browse Source 
(get_krb4_cc_name): move out from _krb5_krb_tf_setup
(_krb5_krb_tf_setup): adapt to allocated filename instead of static filename


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12958 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-10-03 12:03:03 +00:00
parent cbb6dc1b85
commit 803a7c3db6
1 changed files with 68 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
lib/krb5/convert_creds.c
View File

@@ -98,6 +98,34 @@ _krb5_krb_life_to_time(int start, int life_)
return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
} }
/*
* Get the name of the krb4 credentials cache, will use `tkfile' as
* the name if that is passed in. `cc' must be free()ed by caller,
*/
static krb5_error_code
get_krb4_cc_name(const char *tkfile, char **cc)
{
*cc = NULL;
if(tkfile == NULL) {
char *path;
if(!issuid()) {
path = getenv("KRBTKFILE");
if (path)
*cc = strdup(path);
}
if(*cc == NULL)
if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
return errno;
} else {
*cc = strdup(tkfile);
if (*cc == NULL)
return ENOMEM;
}
return 0;
}
/* /*
* Write a Kerberos 4 ticket file * Write a Kerberos 4 ticket file
*/ */
@@ -105,35 +133,27 @@ _krb5_krb_life_to_time(int start, int life_)
#define KRB5_TF_LCK_RETRY_COUNT 50 #define KRB5_TF_LCK_RETRY_COUNT 50
#define KRB5_TF_LCK_RETRY 1 #define KRB5_TF_LCK_RETRY 1
#ifndef TKT_ROOT
#define TKT_ROOT "/tmp/tkt"
#endif
static krb5_error_code static krb5_error_code
write_v4_cc(krb5_context context, const char *tkfile, write_v4_cc(krb5_context context, const char *tkfile,
krb5_storage *sp, int append) krb5_storage *sp, int append)
{ {
char static_path[1024], *path = NULL;
krb5_error_code ret; krb5_error_code ret;
struct stat sb; struct stat sb;
krb5_data data; krb5_data data;
char *path;
int fd, i; int fd, i;
if (tkfile == NULL) { ret = get_krb4_cc_name(tkfile, &path);
if (!issuid()) if (ret) {
path = getenv("KRBTKFILE"); krb5_set_error_string(context,
if (path == NULL) { "krb5_krb_tf_setup: failed getting "
snprintf(static_path, sizeof(static_path), "the krb4 credentials cache name");
"%s%u", TKT_ROOT, (unsigned)getuid()); return ret;
path = static_path;
}
} else {
strlcpy(static_path, tkfile, sizeof(static_path));
path = static_path;
} }
fd = open(path, O_WRONLY|O_CREAT, 0600); fd = open(path, O_WRONLY|O_CREAT, 0600);
if (fd < 0) { if (fd < 0) {
free(path);
krb5_set_error_string(context, krb5_set_error_string(context,
"krb5_krb_tf_setup: error opening file %s", "krb5_krb_tf_setup: error opening file %s",
path); path);
@@ -141,6 +161,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
} }
if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
free(path);
close(fd); close(fd);
krb5_set_error_string(context, krb5_set_error_string(context,
"krb5_krb_tf_setup: tktfile %s is not a file", "krb5_krb_tf_setup: tktfile %s is not a file",
@@ -155,6 +176,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
break; break;
} }
if (i == KRB5_TF_LCK_RETRY_COUNT) { if (i == KRB5_TF_LCK_RETRY_COUNT) {
free(path);
close(fd); close(fd);
krb5_set_error_string(context, krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to lock %s", "krb5_krb_tf_setup: failed to lock %s",
@@ -166,6 +188,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
ret = ftruncate(fd, 0); ret = ftruncate(fd, 0);
if (ret < 0) { if (ret < 0) {
flock(fd, LOCK_UN); flock(fd, LOCK_UN);
free(path);
close(fd); close(fd);
krb5_set_error_string(context, krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to truncate %s", "krb5_krb_tf_setup: failed to truncate %s",
@@ -176,6 +199,8 @@ write_v4_cc(krb5_context context, const char *tkfile,
ret = lseek(fd, 0L, SEEK_END); ret = lseek(fd, 0L, SEEK_END);
if (ret < 0) { if (ret < 0) {
ret = errno; ret = errno;
flock(fd, LOCK_UN);
free(path);
close(fd); close(fd);
return ret; return ret;
} }
@@ -189,6 +214,7 @@ write_v4_cc(krb5_context context, const char *tkfile,
krb5_free_data_contents(context, &data); krb5_free_data_contents(context, &data);
flock(fd, LOCK_UN); flock(fd, LOCK_UN);
free(path);
close(fd); close(fd);
return 0; return 0;
@@ -265,6 +291,32 @@ _krb5_krb_tf_setup(krb5_context context,
return ret; return ret;
} }
krb5_error_code
_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
{
krb5_error_code ret;
char *path;
ret = get_krb4_cc_name(tkfile, &path);
if (ret) {
krb5_set_error_string(context,
"krb5_krb_tf_setup: failed getting "
"the krb4 credentials cache name");
return ret;
}
if (unlink(path) < 0) {
ret = errno;
krb5_set_error_string(context,
"krb5_krb_dest_tkt failed removing the cache "
"with error %s", strerror(ret));
}
free(path);
return ret;
}
/* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. /* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'.
* This is done by sending them to the 524 function in the KDC. If * This is done by sending them to the 524 function in the KDC. If
* `in_cred' doesn't contain a DES session key, then a new one is * `in_cred' doesn't contain a DES session key, then a new one is