3 * Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
17 * 3. The name "Carnegie Mellon University" must not be used to
18 * endorse or promote products derived from this software without
19 * prior written permission. For permission or any other legal
20 * details, please contact
21 * Office of Technology Transfer
22 * Carnegie Mellon University
24 * Pittsburgh, PA 15213-3890
25 * (412) 268-4387, fax: (412) 268-7395
26 * tech-transfer@andrew.cmu.edu
28 * 4. Redistributions of any form whatsoever must retain the following
30 * "This product includes software developed by Computing Services
31 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
33 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
34 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
35 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
36 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
37 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
38 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
39 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43 * Dec 4, 2002 by Dave Eckhardt <davide+receptionist@cs.cmu.edu>
44 * $Id: krbtf.c,v 1.2 2005/02/14 05:18:36 shadow Exp $
45 * This is inspired by code which was identical in both
46 * auth_krb4.c and auth_krb5.c. This code is shared
47 * between the two implementations, contains protection
48 * against a race condition, and, when possible, uses
49 * Heimdal krb5's memory-only credential caches to avoid
54 #ident "$Id: krbtf.c,v 1.2 2005/02/14 05:18:36 shadow Exp $"
57 /* PUBLIC DEPENDENCIES */
62 #ifdef SASLAUTHD_THREADED /* is this really used??? */
64 #endif /* SASLAUTHD_THREADED */
66 #include "mechanisms.h"
68 #include <sys/types.h>
74 #include <auth_krb4.h>
76 #endif /* WANT_KRBTF */
79 #include <auth_krb5.h>
81 #endif /* WANT_KRBTF */
85 /* PRIVATE DEPENDENCIES */
89 static char tf_dir[] = PATH_SASLAUTHD_RUNDIR "/.tf";
90 static char *tfn_cookie = 0;
91 static int tfn_cookie_len = 0;
92 static char pidstring[80];
93 int pidstring_len = 0;
94 /* END PRIVATE DEPENDENCIES */
96 #endif /* WANT_KRBTF */
98 /* FUNCTION: krbtf_init */
101 * Initialize the Kerberos IV/V ticket-file/credential-cache common code
103 * When possible, use Heimdal krb5's memory-only credential caches--
104 * this saves a whole bunch of useless disk i/o's to create and destroy
105 * a file which we don't want anybody to see anyway.
107 * If not, this function will create a private directory for ticket
108 * files and cache getpid() for later use. Therefore, we must be
109 * called AFTER main() does whatever fork()ing it wants.
113 int /* R: -1 on failure, else 0 */
116 void /* no parameters */
122 int rc; /* return code holder */
123 struct stat sb; /* stat() work area */
125 authmech_t *authmech;
128 for (authmech = mechanisms; authmech->name != NULL; authmech++ ) {
129 if (authmech->initialize != auth_krb5_init) continue;
130 /* This execution is using krb5 */
131 /* Both MIT krb5 and Heimdal support MEMORY: ccaches */
132 tfn_cookie = "MEMORY:0";
133 tfn_cookie_len = strlen(tfn_cookie);
136 #endif /* AUTH_KRB5 */
138 if (((rc = mkdir(tf_dir, 0700)) == 0) || (errno == EEXIST)) {
139 if ((rc = lstat(tf_dir, &sb)) == 0) {
140 if (sb.st_mode & S_IFLNK) {
141 syslog(LOG_ERR, "krbtf_init: %s is a symbolic link", tf_dir);
148 syslog(LOG_ERR, "krbtf_init %s: %m", tf_dir);
152 /* cache getpid() for use in filenames */
153 if ((pidstring_len = snprintf(pidstring, sizeof (pidstring), "%d", getpid())) >= sizeof (pidstring)) {
154 syslog(LOG_ERR, "krbtf_init pidstring too long(!?)");
159 #else /* WANT_KRBTF */
160 syslog(LOG_ERR, "krbtf_init: not compiled!");
162 #endif /* WANT_KRBTF */
165 /* END FUNCTION: krbtf_init */
167 /* FUNCTION: krbtf_name */
170 * Spit a ticket-file/credentical-cache name into caller's array.
172 * If we can, emit the magic cookie for a memory-only krb5 ccname
175 int /* R: -1 on failure, else 0 */
178 char *tfname, /* O: where caller wants name */
179 int len /* I: available length */
184 if (tfn_cookie_len) {
185 if (tfn_cookie_len + 1 > len) {
186 syslog(LOG_ERR, "krbtf_name: cookie name (%s) too long", tfn_cookie);
189 strcpy(tfname, tfn_cookie);
191 int dir_len = sizeof (tf_dir) - 1; /* don't count the null */
192 int want_len = dir_len + 1 + pidstring_len + 1;
194 if (want_len > len) {
195 syslog(LOG_ERR, "krbtf_name: need room for %d bytes, got %d", want_len, len);
199 strcpy(tfname, tf_dir);
200 tfname += dir_len; len -= dir_len;
202 *tfname++ = '/'; len--;
204 strcpy(tfname, pidstring);
206 #ifdef SASLAUTHD_THREADED /* is this really used??? */
207 tfname += pidstring_len;
208 len -= pidstring_len;
210 if (snprintf(tfname, len, "_%d", pthread_self() >= len)) {
211 syslog(LOG_ERR, "krbtf_name: no room for thread id");
214 #endif /* SASLAUTHD_THREADED */
218 #else /* WANT_KRBTF */
219 syslog(LOG_ERR, "krbtf_name: not compiled!");
221 #endif /* WANT_KRBTF */
223 /* END FUNCTION: krbtf_name */
225 /* END MODULE: krbtf */