2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* ticket caching code */
12 #include <afsconfig.h>
13 #include <afs/param.h>
19 #include <afs/pthread_glock.h>
22 #ifdef HAVE_SYS_FILE_H
27 #include "afsincludes.h"
31 #include <sys/lockf.h>
40 #ifdef HAVE_CRT_EXTERNS_H
41 #include <crt_externs.h>
46 #include <afs/venus.h>
47 #include <afs/afsutil.h>
50 #include <afs/sys_prototypes.h>
53 #if defined(AFS_LINUX26_ENV)
54 #include <sys/syscall.h>
55 #if defined(SYS_keyctl)
56 /* Open code this value to avoid a dependency on keyutils */
57 #define KEYCTL_SESSION_TO_PARENT 18
64 #ifdef AFS_KERBEROS_ENV
65 #include "cellconfig.h"
66 static char lcell[MAXCELLCHARS];
68 #define TKT_ROOT "/tmp/tkt"
73 /* Definitions for ticket file utilities */
77 /* Error codes returned by ticket file utilities */
78 #define NO_TKT_FIL 76 /* No ticket file found */
79 #define TKT_FIL_ACC 77 /* Couldn't access tkt file */
80 #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
81 #define TKT_FIL_FMT 79 /* Bad ticket file format */
82 #define TKT_FIL_INI 80 /* afs_tf_init not called first */
84 /* Values returned by get_credentials */
85 #define RET_TKFIL 21 /* Can't read ticket file */
91 #if defined(AFS_AIX_ENV) || defined(AFS_SUN5_ENV)
92 static struct flock fileWlock = { F_WRLCK, 0, 0, 0, 0, 0 };
93 static struct flock fileRlock = { F_RDLCK, 0, 0, 0, 0, 0 };
94 static struct flock fileUlock = { F_UNLCK, 0, 0, 0, 0, 0 };
97 static struct flock fileWlock = { F_WRLCK, 0, 0, 0, 0 };
98 static struct flock fileRlock = { F_RDLCK, 0, 0, 0, 0 };
99 static struct flock fileUlock = { F_UNLCK, 0, 0, 0, 0 };
106 /* the following routines aren't static anymore on behalf of the kerberos IV
107 * compatibility library built in subtree krb.
109 int afs_tf_init(char *, int);
110 int afs_tf_get_pname(char *);
111 int afs_tf_get_pinst(char *);
112 int afs_tf_get_cred(struct ktc_principal *, struct ktc_token *);
113 int afs_tf_save_cred(struct ktc_principal *, struct ktc_token *,
114 struct ktc_principal *);
115 int afs_tf_close(void);
116 int afs_tf_create(char *, char *);
117 int afs_tf_dest_tkt(void);
118 static void ktc_LocalCell(void);
119 #endif /* AFS_KERBEROS_ENV */
122 #define PIOCTL(A,B,C,D) (errno = (call_syscall(AFSCALL_PIOCTL,A,B,C,D)), errno?-1:0)
124 #define PIOCTL pioctl
127 #if !defined(UKERNEL)
128 /* this is a structure used to communicate with the afs cache mgr, but is
129 * otherwise irrelevant */
131 afs_int32 AuthHandle;
132 char HandShakeKey[8];
134 afs_int32 BeginTimestamp;
135 afs_int32 EndTimestamp;
137 #endif /* !defined(UKERNEL) */
139 #define MAXLOCALTOKENS 4
143 struct ktc_principal server;
144 struct ktc_principal client;
145 struct ktc_token token;
146 } local_tokens[MAXLOCALTOKENS];
149 GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
150 int atokenLen, struct ktc_principal *alicnet, afs_int32 *aviceid);
153 #define MAXPIOCTLTOKENLEN \
154 (3*sizeof(afs_int32)+MAXKTCTICKETLEN+sizeof(struct ClearToken)+MAXKTCREALMLEN)
157 SetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
158 struct ktc_principal *aclient, afs_int32 flags)
160 struct ViceIoctl iob;
161 char tbuffer[MAXPIOCTLTOKENLEN];
163 struct ClearToken ct;
167 if (strcmp(aserver->name, "afs") != 0) {
170 for (i = 0; i < MAXLOCALTOKENS; i++)
171 if (local_tokens[i].valid) {
172 if ((strcmp(local_tokens[i].server.name, aserver->name) == 0)
175 (local_tokens[i].server.instance,
176 aserver->instance) == 0)
177 && (strcmp(local_tokens[i].server.cell, aserver->cell) ==
179 found = i; /* replace existing entry */
182 /* valid, but no match */
185 found = i; /* remember this empty slot */
188 memcpy(&local_tokens[found].token, atoken, sizeof(struct ktc_token));
189 local_tokens[found].server = *aserver;
190 local_tokens[found].client = *aclient;
191 local_tokens[found].valid = 1;
194 tp = tbuffer; /* start copying here */
195 if ((atoken->ticketLen < MINKTCTICKETLEN)
196 || (atoken->ticketLen > MAXKTCTICKETLEN))
198 memcpy(tp, &atoken->ticketLen, sizeof(afs_int32)); /* copy in ticket length */
199 tp += sizeof(afs_int32);
200 memcpy(tp, atoken->ticket, atoken->ticketLen); /* copy in ticket */
201 tp += atoken->ticketLen;
202 /* next, copy in the "clear token", describing who we are */
203 ct.AuthHandle = atoken->kvno; /* hide auth handle here */
204 memcpy(ct.HandShakeKey, &atoken->sessionKey, 8);
206 ct.BeginTimestamp = atoken->startTime;
207 ct.EndTimestamp = atoken->endTime;
208 if (ct.BeginTimestamp == 0)
209 ct.BeginTimestamp = 1;
211 if ((strlen(aclient->name) > strlen("AFS ID "))
212 && (aclient->instance[0] == 0)) {
214 afs_int32 viceId = 0;
215 char *cp = aclient->name + strlen("AFS ID ");
222 viceId = viceId * 10 + (int)(*cp - '0');
227 ct.ViceId = viceId * sign; /* OK to let any value here? */
228 if (((ct.EndTimestamp - ct.BeginTimestamp) & 1) == 0)
229 ct.BeginTimestamp++; /* force lifetime to be odd */
232 ct.ViceId = getuid(); /* wrong, but works in primary cell */
233 if (((ct.EndTimestamp - ct.BeginTimestamp) & 1) == 1)
234 ct.BeginTimestamp++; /* force lifetime to be even */
239 * Information needed by the user space cache manager
241 get_user_struct()->u_expiration = ct.EndTimestamp;
242 get_user_struct()->u_viceid = ct.ViceId;
245 temp = sizeof(struct ClearToken);
246 memcpy(tp, &temp, sizeof(afs_int32));
247 tp += sizeof(afs_int32);
248 memcpy(tp, &ct, sizeof(struct ClearToken));
249 tp += sizeof(struct ClearToken);
251 /* next copy in primary flag */
255 * The following means that setpag will happen inside afs just before
256 * the authentication to prevent the setpag/klog race condition.
258 * The following means that setpag will affect the parent process as
259 * well as the current process.
261 if (flags & AFS_SETTOK_SETPAG)
264 memcpy(tp, &temp, sizeof(afs_int32));
265 tp += sizeof(afs_int32);
267 /* finally copy in the cell name */
268 temp = strlen(aserver->cell);
269 if (temp >= MAXKTCREALMLEN)
271 strcpy(tp, aserver->cell);
274 /* now setup for the pioctl */
276 iob.in_size = tp - tbuffer;
278 iob.out_size = sizeof(tbuffer);
280 #if defined(NO_AFS_CLIENT)
284 if ((tkfile = getenv("TKTFILE"))
287 open(tkfile, O_WRONLY | O_APPEND | O_TRUNC | O_CREAT,
289 printf("Writing ticket to: %s\n", tkfile);
290 code = (write(fd, iob.in, iob.in_size) != iob.in_size);
293 code = KTC_PIOCTLFAIL;
295 #else /* NO_AFS_CLIENT */
296 code = PIOCTL(0, VIOCSETTOK, &iob, 0);
297 #endif /* NO_AFS_CLIENT */
299 return KTC_PIOCTLFAIL;
304 ktc_SetTokenEx(struct ktc_setTokenData *token) {
305 struct ViceIoctl iob;
309 xdrlen_create(&xdrs);
310 if (!xdr_ktc_setTokenData(&xdrs, token))
312 iob.in_size = xdr_getpos(&xdrs);
315 iob.in = malloc(iob.in_size);
319 xdrmem_create(&xdrs, iob.in, iob.in_size, XDR_ENCODE);
320 if (!xdr_ktc_setTokenData(&xdrs, token))
327 code = PIOCTL(0, VIOC_SETTOK2, &iob, 0);
331 /* If we can't use the new pioctl, then fallback to using the old
332 * one, with just the rxkad portion of the token we're being asked to
335 if (code == -1 && errno == EINVAL) {
336 struct ktc_principal server, client;
337 struct ktc_token *rxkadToken;
340 /* With the growth of ticket sizes, a ktc_token is now 12k. Don't
341 * allocate it on the stack! */
342 rxkadToken = malloc(sizeof(*rxkadToken));
343 if (rxkadToken == NULL)
346 code = token_extractRxkad(token, rxkadToken, &flags, &client);
352 memset(&server, 0, sizeof(server));
353 strcpy(server.name, "afs");
354 if (strlcpy(server.cell, token->cell, sizeof(server.cell))
355 >= sizeof(server.cell)) {
359 code = ktc_SetToken(&server, rxkadToken, &client, flags);
365 return KTC_PIOCTLFAIL;
366 #if defined(AFS_LINUX26_ENV) && defined(SYS_keyctl)
369 * If we're using keyring based PAGs and the SESSION_TO_PARENT keyctl
370 * is available, use it to copy the session keyring to the parent process
372 if (token->flags & AFS_SETTOK_SETPAG)
373 syscall(SYS_keyctl, KEYCTL_SESSION_TO_PARENT);
380 ktc_SetToken(struct ktc_principal *aserver,
381 struct ktc_token *atoken,
382 struct ktc_principal *aclient,
388 #ifdef AFS_KERBEROS_ENV
392 if ( /*!strcmp(aclient->cell, lcell) && this would only store local creds */
393 (strcmp(aserver->name, "AuthServer")
394 || strcmp(aserver->instance, "Admin"))) {
395 if (strcmp(aserver->name, "krbtgt") == 0) {
396 static char lrealm[MAXKTCREALMLEN];
399 ucstring(lrealm, lcell, MAXKTCREALMLEN);
400 if (strcmp(aserver->instance, lrealm) == 0) {
401 afs_tf_create(aclient->name, aclient->instance);
405 code = afs_tf_init(ktc_tkt_string(), W_TKT_FIL);
406 if (code == NO_TKT_FIL) {
407 (void)afs_tf_create(aclient->name, aclient->instance);
408 code = afs_tf_init(ktc_tkt_string(), W_TKT_FIL);
412 afs_tf_save_cred(aserver, atoken, aclient);
418 #endif /* NO_AFS_CLIENT */
422 #ifndef NO_AFS_CLIENT
423 code = SetToken(aserver, atoken, aclient, flags);
428 else if (code == KTC_PIOCTLFAIL)
436 return KTC_PIOCTLFAIL;
438 #endif /* NO_AFS_CLIENT */
444 * Get a token, given the cell that we need to get information for
447 * The name of the cell we're getting the token for - if NULL, we'll
448 * get information for the primary cell
451 ktc_GetTokenEx(char *cellName, struct ktc_setTokenData **tokenSet) {
452 struct ViceIoctl iob;
453 char tbuffer[MAXPIOCTLTOKENLEN];
460 /* If we have a cellName, write it out here */
462 memcpy(tp, cellName, strlen(cellName) +1);
463 tp += strlen(cellName)+1;
467 iob.in_size = tp - tbuffer;
469 iob.out_size = sizeof(tbuffer);
471 code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
473 /* If we can't use the new pioctl, the fall back to the old one. We then
474 * need to convert the rxkad token we get back into the new format
476 if (code == -1 && errno == EINVAL) {
477 struct ktc_principal server;
478 struct ktc_tokenUnion token;
479 struct ktc_token *ktcToken; /* too huge for the stack */
482 memset(&server, 0, sizeof(server));
483 ktcToken = malloc(sizeof(struct ktc_token));
484 if (ktcToken == NULL)
486 memset(ktcToken, 0, sizeof(struct ktc_token));
488 strcpy(server.name, "afs");
490 if (cellName != NULL)
491 strcpy(server.cell, cellName);
493 code = GetToken(&server, ktcToken, sizeof(struct ktc_token),
494 NULL /*client*/, &viceid);
496 *tokenSet = token_buildTokenJar(cellName);
497 token.at_type = AFSTOKEN_UNION_KAD;
498 token.ktc_tokenUnion_u.at_kad.rk_kvno = ktcToken->kvno;
499 memcpy(token.ktc_tokenUnion_u.at_kad.rk_key,
500 ktcToken->sessionKey.data, 8);
502 token.ktc_tokenUnion_u.at_kad.rk_begintime = ktcToken->startTime;
503 token.ktc_tokenUnion_u.at_kad.rk_endtime = ktcToken->endTime;
504 token.ktc_tokenUnion_u.at_kad.rk_ticket.rk_ticket_len
505 = ktcToken->ticketLen;
506 token.ktc_tokenUnion_u.at_kad.rk_ticket.rk_ticket_val
508 token.ktc_tokenUnion_u.at_kad.rk_viceid = viceid;
510 token_addToken(*tokenSet, &token);
512 memset(ktcToken, 0, sizeof(struct ktc_token));
518 return KTC_PIOCTLFAIL;
520 *tokenSet = malloc(sizeof(struct ktc_setTokenData));
521 if (*tokenSet == NULL)
523 memset(*tokenSet, 0, sizeof(struct ktc_setTokenData));
525 xdrmem_create(&xdrs, iob.out, iob.out_size, XDR_DECODE);
526 if (!xdr_ktc_setTokenData(&xdrs, *tokenSet)) {
536 /* get token, given server we need and token buffer. aclient will eventually
537 * be set to our identity to the server.
540 ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
541 int atokenLen, struct ktc_principal *aclient)
543 return GetToken(aserver, atoken, atokenLen, aclient, NULL);
547 GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
548 int atokenLen, struct ktc_principal *aclient, afs_int32 *aviceid)
550 struct ViceIoctl iob;
551 char tbuffer[MAXPIOCTLTOKENLEN];
554 char *stp, *cellp; /* secret token ptr */
555 struct ClearToken ct;
558 int maxLen; /* biggest ticket we can copy */
559 int tktLen; /* server ticket length */
560 #ifdef AFS_KERBEROS_ENV
569 #ifdef AFS_KERBEROS_ENV
573 #ifndef NO_AFS_CLIENT
574 if (strcmp(aserver->name, "afs") != 0)
575 #endif /* NO_AFS_CLIENT */
578 /* try the local tokens */
579 for (i = 0; i < MAXLOCALTOKENS; i++)
580 if (local_tokens[i].valid
581 && (strcmp(local_tokens[i].server.name, aserver->name) == 0)
582 && (strcmp(local_tokens[i].server.instance, aserver->instance)
584 && (strcmp(local_tokens[i].server.cell, aserver->cell) == 0)) {
585 memcpy(atoken, &local_tokens[i].token,
586 min(atokenLen, sizeof(struct ktc_token)));
588 *aclient = local_tokens[i].client;
592 #ifdef AFS_KERBEROS_ENV
593 if (!afs_tf_init(ktc_tkt_string(), R_TKT_FIL)) {
595 if (!afs_tf_get_pname(aclient->name)
596 && !afs_tf_get_pinst(aclient->instance))
599 char tmpstring[MAXHOSTCHARS];
600 afs_tf_get_pname(tmpstring);
601 afs_tf_get_pinst(tmpstring);
606 struct ktc_principal cprincipal;
607 struct ktc_token ctoken;
609 while (!afs_tf_get_cred(&cprincipal, &ctoken)) {
610 if (strcmp(cprincipal.name, aserver->name) == 0
611 && strcmp(cprincipal.instance, aserver->instance) == 0
612 && strcmp(cprincipal.cell, aserver->cell) == 0) {
615 strcpy(aclient->cell, lcell);
616 memcpy(atoken, &ctoken,
617 min(atokenLen, sizeof(struct ktc_token)));
630 #ifndef NO_AFS_CLIENT
631 for (index = 0; index < 200; index++) { /* sanity check in case pioctl fails */
632 iob.in = (char *)&index;
633 iob.in_size = sizeof(afs_int32);
635 iob.out_size = sizeof(tbuffer);
637 code = PIOCTL(0, VIOCGETTOK, &iob, 0);
640 /* failed to retrieve specified token */
641 if (code < 0 && errno == EDOM) {
646 /* token retrieved; parse buffer */
649 /* get ticket length */
650 memcpy(&temp, tp, sizeof(afs_int32));
652 tp += sizeof(afs_int32);
654 /* remember where ticket is and skip over it */
658 /* get size of clear token and verify */
659 memcpy(&temp, tp, sizeof(afs_int32));
660 if (temp != sizeof(struct ClearToken)) {
664 tp += sizeof(afs_int32);
666 /* copy clear token */
667 memcpy(&ct, tp, temp);
670 /* skip over primary flag */
671 tp += sizeof(afs_int32);
673 /* remember where cell name is */
676 if ((strcmp(cellp, aserver->cell) == 0)
677 #ifdef AFS_KERBEROS_ENV
678 || (*aserver->cell == '\0' && strcmp(cellp, lcell) == 0)
681 /* got token for cell; check that it will fit */
683 atokenLen - sizeof(struct ktc_token) + MAXKTCTICKETLEN;
684 if (tktLen < 0 || tktLen > maxLen) {
689 /* set return values */
690 memcpy(atoken->ticket, stp, tktLen);
691 atoken->startTime = ct.BeginTimestamp;
692 atoken->endTime = ct.EndTimestamp;
693 if (ct.AuthHandle == -1) {
696 atoken->kvno = ct.AuthHandle;
697 memcpy(&atoken->sessionKey, ct.HandShakeKey,
698 sizeof(struct ktc_encryptionKey));
699 atoken->ticketLen = tktLen;
701 if (aclient || aviceid) {
703 strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
704 aclient->instance[0] = 0;
707 if ((atoken->kvno == 999) || /* old style bcrypt ticket */
708 (ct.BeginTimestamp && /* new w/ prserver lookup */
709 (((ct.EndTimestamp - ct.BeginTimestamp) & 1) == 1))) {
711 sprintf(aclient->name, "AFS ID %d", ct.ViceId);
714 *aviceid = ct.ViceId;
716 } else if (aclient) {
717 sprintf(aclient->name, "Unix UID %d", ct.ViceId);
725 #endif /* NO_AFS_CLIENT */
728 if ((code < 0) && (errno == EINVAL))
730 return KTC_PIOCTLFAIL; /* probable cause */
734 * Forget tokens for this server and the calling user.
735 * NOT IMPLEMENTED YET!
737 #ifndef NO_AFS_CLIENT
739 ktc_ForgetToken(struct ktc_principal *aserver)
744 rc = ktc_ForgetAllTokens(); /* bogus, but better */
748 #endif /* NO_AFS_CLIENT */
751 * An iterator which can list all cells with tokens in the cache
753 * This function may be used to list the names of all cells for which
754 * tokens exist in the current cache. The first time that it is called,
755 * prevIndex should be set to 0. On all subsequent calls, prevIndex
756 * should be set to the value returned in newIndex by the last call
757 * to the function. Note that there is no guarantee that the index value
758 * is monotonically increasing.
761 * The index returned by the last call, or 0 if this is the first
762 * call in an iteration
764 * A pointer to an int which, upon return, will hold the next value
767 * A pointer to a char * which, upon return, will hold a cellname.
768 * This must be freed by the caller using free()
772 ktc_ListTokensEx(int prevIndex, int *newIndex, char **cellName) {
773 struct ViceIoctl iob;
774 char tbuffer[MAXPIOCTLTOKENLEN];
777 struct ktc_setTokenData tokenSet;
780 memset(&tokenSet, 0, sizeof(tokenSet));
783 *newIndex = prevIndex;
787 while (index<100) { /* Safety, incase of pioctl failure */
788 memset(tbuffer, 0, sizeof(tbuffer));
790 memcpy(tbuffer, &index, sizeof(afs_int32));
791 iob.in_size = sizeof(afs_int32);
793 iob.out_size = sizeof(tbuffer);
795 code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
797 if (code == -1 && errno == EDOM)
798 return KTC_NOENT; /* no more tokens to be found */
800 /* Can't use new pioctl, so must use old one */
801 if (code == -1 && errno == EINVAL) {
802 struct ktc_principal server;
804 code = ktc_ListTokens(index, newIndex, &server);
806 *cellName = strdup(server.cell);
811 /* Got a token from the pioctl. Now we throw it away,
812 * so we can return just a cellname. This is rather wasteful,
813 * but it's what the old API does. Ho hum. */
815 xdrmem_create(&xdrs, iob.out, iob.out_size, XDR_DECODE);
816 if (!xdr_ktc_setTokenData(&xdrs, &tokenSet)) {
821 *cellName = strdup(tokenSet.cell);
822 xdr_free((xdrproc_t)xdr_ktc_setTokenData, &tokenSet);
823 *newIndex = index + 1;
828 return KTC_PIOCTLFAIL;
831 /* ktc_ListTokens - list all tokens. start aprevIndex at 0, it returns the
832 * next rock in (*aindex). (*aserver) is set to the relevant ticket on
836 ktc_ListTokens(int aprevIndex,
838 struct ktc_principal *aserver)
840 struct ViceIoctl iob;
841 char tbuffer[MAXPIOCTLTOKENLEN];
844 afs_int32 temp, index;
846 memset(tbuffer, 0, sizeof(tbuffer));
854 #endif /* NO_AFS_CLIENT */
855 #ifdef AFS_KERBEROS_ENV
858 struct ktc_principal cprincipal;
859 struct ktc_token ctoken;
861 if (afs_tf_init(ktc_tkt_string(), R_TKT_FIL)
862 || afs_tf_get_pname(tbuffer) || afs_tf_get_pinst(tbuffer)) {
868 for (i = 214; i < index; i++) {
869 if (afs_tf_get_cred(&cprincipal, &ctoken)) {
877 if (afs_tf_get_cred(&cprincipal, &ctoken)) {
884 #ifndef NO_AFS_CLIENT
885 if (!strcmp(cprincipal.name, "afs") && cprincipal.instance[0] == 0) {
888 #endif /* NO_AFS_CLIENT */
890 for (i = 0; i < MAXLOCALTOKENS; i++) {
891 if (!strcmp(cprincipal.name, local_tokens[i].server.name)
892 && !strcmp(cprincipal.instance,
893 local_tokens[i].server.instance)
894 && !strcmp(cprincipal.cell, local_tokens[i].server.cell)) {
899 *aserver = cprincipal;
907 #ifndef NO_AFS_CLIENT
908 if (index >= 123) { /* special hack for returning TCS */
909 while (index - 123 < MAXLOCALTOKENS) {
910 if (local_tokens[index - 123].valid) {
911 *aserver = local_tokens[index - 123].server;
919 #ifdef AFS_KERBEROS_ENV
920 return ktc_ListTokens(214, aindex, aserver);
926 /* get tokens from the kernel */
927 while (index < 200) { /* sanity check in case pioctl fails */
928 iob.in = (char *)&index;
929 iob.in_size = sizeof(afs_int32);
931 iob.out_size = sizeof(tbuffer);
932 code = PIOCTL(0, VIOCGETTOK, &iob, 0);
933 if (code < 0 && errno == EDOM) {
936 rc = ktc_ListTokens(123, aindex, aserver);
945 break; /* got a ticket */
946 /* otherwise we should skip this ticket slot */
953 return KTC_PIOCTLFAIL;
959 /* next iterator determined by earlier loop */
962 memcpy(&temp, tp, sizeof(afs_int32)); /* get size of secret token */
963 tp += sizeof(afs_int32);
964 tp += temp; /* skip ticket for now */
965 memcpy(&temp, tp, sizeof(afs_int32)); /* get size of clear token */
966 if (temp != sizeof(struct ClearToken)) {
970 tp += sizeof(afs_int32); /* skip length */
971 tp += temp; /* skip clear token itself */
972 tp += sizeof(afs_int32); /* skip primary flag */
973 /* tp now points to the cell name */
974 strlcpy(aserver->cell, tp, sizeof(aserver->cell));
975 aserver->instance[0] = 0;
976 strcpy(aserver->name, "afs");
977 #endif /* NO_AFS_CLIENT */
985 struct ViceIoctl iob;
989 for (i = 0; i < MAXLOCALTOKENS; i++)
990 local_tokens[i].valid = 0;
996 #ifndef NO_AFS_CLIENT
997 code = PIOCTL(0, VIOCUNPAG, &iob, 0);
999 return KTC_PIOCTLFAIL;
1000 #endif /* NO_AFS_CLIENT */
1005 ktc_ForgetAllTokens(void)
1010 #ifdef AFS_KERBEROS_ENV
1011 (void)afs_tf_dest_tkt();
1014 ocode = ForgetAll();
1018 else if (ocode == KTC_PIOCTLFAIL)
1020 UNLOCK_GLOBAL_MUTEX;
1021 if (ocode == EINVAL)
1022 return KTC_NOPIOCTL;
1023 return KTC_PIOCTLFAIL;
1025 UNLOCK_GLOBAL_MUTEX;
1029 /* ktc_OldPioctl - returns a boolean true if the kernel supports only the old
1030 * pioctl interface for delivering AFS tickets to the cache manager. */
1042 struct ViceIoctl iob;
1045 /* now setup for the pioctl */
1048 iob.out = (caddr_t) &pag;
1049 iob.out_size = sizeof(afs_uint32);
1051 code = PIOCTL(0, VIOC_GETPAG, &iob, 0);
1053 #if defined(AFS_AIX52_ENV)
1054 code = getpagvalue("afs");
1055 if (code < 0 && errno == EINVAL)
1058 #elif defined(AFS_AIX51_ENV)
1061 gid_t groups[NGROUPS_MAX];
1063 afs_uint32 h, l, ret;
1065 #ifdef AFS_PAG_ONEGROUP_ENV
1069 ngroups = getgroups(sizeof groups / sizeof groups[0], groups);
1071 #ifdef AFS_PAG_ONEGROUP_ENV
1072 /* Check for one-group PAGs. */
1073 for (i = 0; i < ngroups; i++) {
1074 if (((groups[i] >> 24) & 0xff) == 'A') {
1083 g0 = groups[0] & 0xffff;
1084 g1 = groups[1] & 0xffff;
1087 if (g0 < 0xc000 && g1 < 0xc000) {
1088 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
1090 h = (g1 >> 14) + h + h + h;
1091 ret = ((h << 28) | l);
1092 /* Additional testing */
1093 if (((ret >> 24) & 0xff) == 'A')
1105 #ifdef AFS_KERBEROS_ENV
1107 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
1109 * For copying and distribution information, please see the file
1110 * <mit-copyright.h>.
1114 #include <sys/file.h>
1119 #define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
1120 * retry if ticket file is
1124 * fd must be initialized to something that won't ever occur as a real
1125 * file descriptor. Since open(2) returns only non-negative numbers as
1126 * valid file descriptors, and afs_tf_init always stuffs the return value
1127 * from open in here even if it is an error flag, we must
1128 * a. Initialize fd to a negative number, to indicate that it is
1129 * not initially valid.
1130 * b. When checking for a valid fd, assume that negative values
1131 * are invalid (ie. when deciding whether afs_tf_init has been
1133 * c. In tf_close, be sure it gets reinitialized to a negative
1137 static int curpos; /* Position in tfbfr */
1138 static int lastpos; /* End of tfbfr */
1139 static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
1141 static int tf_gets(char *, int);
1142 static int tf_read(char *, int);
1145 * This file contains routines for manipulating the ticket cache file.
1147 * The ticket file is in the following format:
1149 * principal's name (null-terminated string)
1150 * principal's instance (null-terminated string)
1157 * Where "CREDENTIAL_x" consists of the following fixed-length
1158 * fields from the CREDENTIALS structure (see "krb.h"):
1160 * char service[MAXKTCNAMELEN]
1161 * char instance[MAXKTCNAMELEN]
1162 * char realm[REALM_SZ]
1166 * KTEXT_ST ticket_st
1167 * afs_int32 issue_date
1169 * Short description of routines:
1171 * afs_tf_init() opens the ticket file and locks it.
1173 * afs_tf_get_pname() returns the principal's name.
1175 * afs_tf_get_pinst() returns the principal's instance (may be null).
1177 * afs_tf_get_cred() returns the next CREDENTIALS record.
1179 * afs_tf_save_cred() appends a new CREDENTIAL record to the ticket file.
1181 * afs_tf_close() closes the ticket file and releases the lock.
1183 * tf_gets() returns the next null-terminated string. It's an internal
1184 * routine used by afs_tf_get_pname(), afs_tf_get_pinst(), and
1185 * afs_tf_get_cred().
1187 * tf_read() reads a given number of bytes. It's an internal routine
1188 * used by afs_tf_get_cred().
1192 * afs_tf_init() should be called before the other ticket file routines.
1193 * It takes the name of the ticket file to use, "tf_name", and a
1194 * read/write flag "rw" as arguments.
1196 * It tries to open the ticket file, checks the mode, and if everything
1197 * is okay, locks the file. If it's opened for reading, the lock is
1198 * shared. If it's opened for writing, the lock is exclusive.
1200 * Returns 0 if all went well, otherwise one of the following:
1202 * NO_TKT_FIL - file wasn't there
1203 * TKT_FIL_ACC - file was in wrong mode, etc.
1204 * TKT_FIL_LCK - couldn't lock the file, even after a retry
1208 afs_tf_init(char *tf_name, int rw)
1212 struct stat stat_buf;
1224 if (lstat(tf_name, &stat_buf) < 0)
1232 if ((stat_buf.st_uid != me && me != 0)
1233 || ((stat_buf.st_mode & S_IFMT) != S_IFREG))
1237 * If "wflag" is set, open the ticket file in append-writeonly mode
1238 * and lock the ticket file in exclusive mode. If unable to lock
1239 * the file, sleep and try again. If we fail again, return with the
1240 * proper error message.
1243 curpos = sizeof(tfbfr);
1246 fd = open(tf_name, O_RDWR, 0600);
1250 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1251 if (fcntl(fd, F_SETLK, &fileWlock) == -1) {
1252 sleep(TF_LCK_RETRY);
1253 if (fcntl(fd, F_SETLK, &fileWlock) == -1) {
1255 if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
1256 sleep(TF_LCK_RETRY);
1257 if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
1267 * Otherwise "wflag" is not set and the ticket file should be opened
1268 * for read-only operations and locked for shared access.
1271 fd = open(tf_name, O_RDONLY, 0600);
1275 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1276 if (fcntl(fd, F_SETLK, &fileRlock) == -1) {
1277 sleep(TF_LCK_RETRY);
1278 if (fcntl(fd, F_SETLK, &fileRlock) == -1) {
1280 if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
1281 sleep(TF_LCK_RETRY);
1282 if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
1293 * afs_tf_get_pname() reads the principal's name from the ticket file. It
1294 * should only be called after afs_tf_init() has been called. The
1295 * principal's name is filled into the "p" parameter. If all goes well,
1296 * 0 is returned. If afs_tf_init() wasn't called, TKT_FIL_INI is
1297 * returned. If the name was null, or EOF was encountered, or the name
1298 * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned.
1302 afs_tf_get_pname(char *p)
1307 if (tf_gets(p, MAXKTCNAMELEN) < 2) /* can't be just a null */
1313 * afs_tf_get_pinst() reads the principal's instance from a ticket file.
1314 * It should only be called after afs_tf_init() and afs_tf_get_pname() have
1315 * been called. The instance is filled into the "inst" parameter. If all
1316 * goes well, 0 is returned. If afs_tf_init() wasn't called,
1317 * TKT_FIL_INI is returned. If EOF was encountered, or the instance
1318 * was longer than MAXKTCNAMELEN, TKT_FIL_FMT is returned. Note that the
1319 * instance may be null.
1323 afs_tf_get_pinst(char *inst)
1328 if (tf_gets(inst, MAXKTCNAMELEN) < 1)
1334 * afs_tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
1335 * in the given structure "c". It should only be called after afs_tf_init(),
1336 * afs_tf_get_pname(), and afs_tf_get_pinst() have been called. If all goes
1337 * well, 0 is returned. Possible error codes are:
1339 * TKT_FIL_INI - afs_tf_init wasn't called first
1340 * TKT_FIL_FMT - bad format
1341 * EOF - end of file encountered
1345 afs_tf_get_cred(struct ktc_principal *principal, struct ktc_token *token)
1349 long mit_compat; /* MIT Kerberos 5 with Krb4 uses a "long" for issue_date */
1354 if ((k_errno = tf_gets(principal->name, MAXKTCNAMELEN)) < 2)
1357 case 1: /* can't be just a null */
1362 if ((k_errno = tf_gets(principal->instance, MAXKTCNAMELEN)) < 1)
1369 if ((k_errno = tf_gets(principal->cell, MAXKTCREALMLEN)) < 2)
1372 case 1: /* can't be just a null */
1377 lcstring(principal->cell, principal->cell, MAXKTCREALMLEN);
1378 if (tf_read((char *)&(token->sessionKey), 8) < 1
1379 || tf_read((char *)&(lifetime), sizeof(lifetime)) < 1
1380 || tf_read((char *)&(kvno), sizeof(kvno)) < 1
1381 || tf_read((char *)&(token->ticketLen), sizeof(token->ticketLen))
1383 /* don't try to read a silly amount into ticket->dat */
1384 token->ticketLen > MAXKTCTICKETLEN
1385 || tf_read((char *)(token->ticket), token->ticketLen) < 1
1386 || tf_read((char *)&mit_compat, sizeof(mit_compat)) < 1) {
1389 token->startTime = mit_compat;
1390 token->endTime = life_to_time(token->startTime, lifetime);
1396 * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
1397 * not a valid file descriptor, it just returns. It also clears the
1398 * buffer used to read tickets.
1400 * The return value is not defined.
1407 #if defined(AFS_AIX_ENV) || defined(AFS_HPUX_ENV) || defined(AFS_SUN5_ENV)
1408 (void)fcntl(fd, F_SETLK, &fileUlock);
1410 (void)flock(fd, LOCK_UN);
1413 fd = -1; /* see declaration of fd above */
1415 memset(tfbfr, 0, sizeof(tfbfr));
1420 * tf_gets() is an internal routine. It takes a string "s" and a count
1421 * "n", and reads from the file until either it has read "n" characters,
1422 * or until it reads a null byte. When finished, what has been read exists
1425 * Possible return values are:
1427 * n the number of bytes read (including null terminator)
1428 * when all goes well
1430 * 0 end of file or read error
1432 * TOO_BIG if "count" characters are read and no null is
1433 * encountered. This is an indication that the ticket
1434 * file is seriously ill.
1438 tf_gets(char *s, int n)
1445 for (count = n - 1; count > 0; --count) {
1446 if (curpos >= sizeof(tfbfr)) {
1447 lastpos = read(fd, tfbfr, sizeof(tfbfr));
1450 if (curpos == lastpos) {
1453 *s = tfbfr[curpos++];
1461 * tf_read() is an internal routine. It takes a string "s" and a count
1462 * "n", and reads from the file until "n" bytes have been read. When
1463 * finished, what has been read exists in "s".
1465 * Possible return values are:
1467 * n the number of bytes read when all goes well
1469 * 0 on end of file or read error
1473 tf_read(char *s, int n)
1477 for (count = n; count > 0; --count) {
1478 if (curpos >= sizeof(tfbfr)) {
1479 lastpos = read(fd, tfbfr, sizeof(tfbfr));
1482 if (curpos == lastpos) {
1485 *s++ = tfbfr[curpos++];
1491 * afs_tf_save_cred() appends an incoming ticket to the end of the ticket
1492 * file. You must call afs_tf_init() before calling afs_tf_save_cred().
1494 * The "service", "instance", and "realm" arguments specify the
1495 * server's name; "aticket" contains the credential.
1497 * Returns 0 if all goes well, TKT_FIL_INI if afs_tf_init() wasn't
1498 * called previously, and KFAILURE for anything else that went wrong.
1502 afs_tf_save_cred(struct ktc_principal *aserver,
1503 struct ktc_token *atoken,
1504 struct ktc_principal *aclient)
1506 char realm[MAXKTCREALMLEN + 1];
1507 char junk[MAXKTCNAMELEN];
1508 struct ktc_principal principal;
1509 struct ktc_token token;
1513 int count; /* count for write */
1514 long mit_compat; /* MIT Kerberos 5 with Krb4 uses a "long" for issue_date */
1516 if (fd < 0) { /* fd is ticket file as set by afs_tf_init */
1520 ucstring(realm, aserver->cell, MAXKTCREALMLEN);
1521 realm[MAXKTCREALMLEN] = '\0';
1523 /* Look for a duplicate ticket */
1524 (void)lseek(fd, (off_t) 0L, 0);
1525 curpos = sizeof(tfbfr);
1527 if (afs_tf_get_pname(junk) || strcmp(junk, aclient->name)
1528 || afs_tf_get_pinst(junk) || strcmp(junk, aclient->instance))
1532 start = lseek(fd, (off_t) 0L, 1) - lastpos + curpos;
1533 status = afs_tf_get_cred(&principal, &token);
1534 } while (status == 0
1535 && (strcmp(aserver->name, principal.name) != 0
1536 || strcmp(aserver->instance, principal.instance) != 0
1537 || strcmp(aserver->cell, principal.cell) != 0));
1540 * Two tickets for the same user authenticating to the same service
1541 * should be the same length, but we check here just to make sure.
1543 if (status == 0 && token.ticketLen != atoken->ticketLen)
1545 if (status && status != EOF)
1548 /* Position over the credential we just matched (or the EOF) */
1549 lseek(fd, start, 0);
1550 curpos = lastpos = sizeof(tfbfr);
1552 /* Write the ticket and associated data */
1554 count = strlen(aserver->name) + 1;
1555 if (write(fd, aserver->name, count) != count)
1558 count = strlen(aserver->instance) + 1;
1559 if (write(fd, aserver->instance, count) != count)
1562 count = strlen(realm) + 1;
1563 if (write(fd, realm, count) != count)
1566 if (write(fd, (char *)&atoken->sessionKey, 8) != 8)
1569 lifetime = time_to_life(atoken->startTime, atoken->endTime);
1570 if (write(fd, (char *)&lifetime, sizeof(int)) != sizeof(int))
1573 kvno = atoken->kvno;
1574 if (write(fd, (char *)&kvno, sizeof(int)) != sizeof(int))
1577 if (write(fd, (char *)&(atoken->ticketLen), sizeof(int)) != sizeof(int))
1580 count = atoken->ticketLen;
1581 if (write(fd, atoken->ticket, count) != count)
1584 mit_compat = atoken->startTime;
1585 if (write(fd, (char *)&mit_compat, sizeof(mit_compat))
1586 != sizeof(mit_compat))
1589 /* Actually, we should check each write for success */
1596 * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
1599 * For copying and distribution information, please see the file
1600 * <mit-copyright.h>.
1604 * This routine is used to generate the name of the file that holds
1605 * the user's cache of server tickets and associated session keys.
1607 * If it is set, krb_ticket_string contains the ticket file name.
1608 * Otherwise, the filename is constructed as follows:
1610 * If it is set, the environment variable "KRBTKFILE" will be used as
1611 * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
1612 * the user's uid are concatenated to produce the ticket file name
1613 * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
1614 * file name is returned.
1617 static char krb_ticket_string[4096] = "";
1620 ktc_tkt_string(void)
1622 return ktc_tkt_string_uid(getuid());
1626 ktc_tkt_string_uid(afs_uint32 uid)
1631 if (!*krb_ticket_string) {
1632 if ((env = getenv("KRBTKFILE"))) {
1633 (void)strncpy(krb_ticket_string, env,
1634 sizeof(krb_ticket_string) - 1);
1635 krb_ticket_string[sizeof(krb_ticket_string) - 1] = '\0';
1637 /* 32 bits of signed integer will always fit in 11 characters
1638 * (including the sign), so no need to worry about overflow */
1639 (void)sprintf(krb_ticket_string, "%s%d", TKT_ROOT, uid);
1642 UNLOCK_GLOBAL_MUTEX;
1643 return krb_ticket_string;
1647 * This routine is used to set the name of the file that holds the user's
1648 * cache of server tickets and associated session keys.
1650 * The value passed in is copied into local storage.
1652 * NOTE: This routine should be called during initialization, before other
1653 * Kerberos routines are called; otherwise tkt_string() above may be called
1654 * and return an undesired ticket file name until this routine is called.
1658 ktc_set_tkt_string(char * val)
1662 (void)strncpy(krb_ticket_string, val, sizeof(krb_ticket_string) - 1);
1663 krb_ticket_string[sizeof(krb_ticket_string) - 1] = '\0';
1664 UNLOCK_GLOBAL_MUTEX;
1669 * tf_create() is used to initialize the ticket store. It creates the
1670 * file to contain the tickets and writes the given user's name "pname"
1671 * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
1672 * success, or KFAILURE if something goes wrong.
1676 afs_tf_create(char *pname, char *pinst)
1681 char *file = ktc_tkt_string();
1690 if (lstat(file, &sbuf) == 0) {
1691 if ((sbuf.st_uid != me && me != 0)
1692 || ((sbuf.st_mode & S_IFMT) != S_IFREG) || sbuf.st_mode & 077) {
1695 /* file already exists, and permissions appear ok, so nuke it */
1696 if ((fd = open(file, O_RDWR, 0)) < 0)
1697 goto out; /* can't zero it, but we can still try truncating it */
1699 memset(zerobuf, 0, sizeof(zerobuf));
1701 for (i = 0; i < sbuf.st_size; i += sizeof(zerobuf))
1702 if (write(fd, zerobuf, sizeof(zerobuf)) != sizeof(zerobuf)) {
1713 /* arrange so the file is owned by the ruid
1714 * (swap real & effective uid if necessary).
1715 * This isn't a security problem, since the ticket file, if it already
1716 * exists, has the right uid (== ruid) and mode. */
1718 if (setreuid(metoo, me) < 0) {
1722 tktfile = creat(file, 0600);
1724 if (setreuid(me, metoo) < 0) {
1725 /* can't switch??? fail! */
1732 count = strlen(pname) + 1;
1733 if (write(tktfile, pname, count) != count) {
1734 (void)close(tktfile);
1737 count = strlen(pinst) + 1;
1738 if (write(tktfile, pinst, count) != count) {
1739 (void)close(tktfile);
1742 (void)close(tktfile);
1747 * dest_tkt() is used to destroy the ticket store upon logout.
1748 * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
1749 * Otherwise the function returns 0 on success, KFAILURE on
1754 afs_tf_dest_tkt(void)
1756 char *file = ktc_tkt_string();
1762 if (lstat(file, &statb) < 0)
1765 if (!(statb.st_mode & S_IFREG))
1768 if ((fd = open(file, O_RDWR, 0)) < 0)
1771 memset(buf, 0, BUFSIZ);
1773 for (i = 0; i < statb.st_size; i += BUFSIZ)
1774 if (write(fd, buf, BUFSIZ) != BUFSIZ) {
1786 if (errno == ENOENT)
1788 else if (errno != 0)
1796 #if !defined(AFS_DARWIN100_ENV) || defined(HAVE_CRT_EXTERNS_H)
1797 # if defined(AFS_DARWIN100_ENV)
1798 # define environ (*_NSGetEnviron())
1800 extern char **environ;
1805 char fname[256], *prefix = "/ticket/";
1806 char fname5[256], *prefix5 = "FILE:/ticket/krb5cc_";
1808 char **newenv, **senv, **denv;
1811 if (stat("/ticket", &sbuf) == -1) {
1812 prefix = "/tmp/tkt";
1813 prefix5 = "FILE:/tmp/krb5cc_";
1816 pag = ktc_curpag() & 0xffffffff;
1818 sprintf(fname, "%s%d", prefix, getuid());
1819 sprintf(fname5, "%s%d", prefix5, getuid());
1821 sprintf(fname, "%sp%lu", prefix, afs_printable_uint32_lu(pag));
1822 sprintf(fname5, "%sp%lud", prefix5, afs_printable_uint32_lu(pag));
1824 ktc_set_tkt_string(fname);
1826 for (senv = environ, numenv = 0; *senv; senv++)
1828 newenv = malloc((numenv + 2) * sizeof(char *));
1830 for (senv = environ, denv = newenv; *senv; senv++) {
1831 if (strncmp(*senv, "KRBTKFILE=", 10) != 0 &&
1832 strncmp(*senv, "KRB5CCNAME=", 11) != 0)
1836 *denv = malloc(10+11 + strlen(fname) + strlen(fname5) + 2);
1837 strcpy(*denv, "KRBTKFILE=");
1838 strcat(*denv, fname);
1839 *(denv+1) = *denv + strlen(*denv) + 1;
1841 strcpy(*denv, "KRB5CCNAME=");
1842 strcat(*denv, fname5);
1845 UNLOCK_GLOBAL_MUTEX;
1851 * BLETCH! We have to invoke the entire afsconf package just to
1852 * find out what the local cell is.
1858 struct afsconf_dir *conf;
1860 if ((conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))
1861 || (conf = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH))) {
1862 code = afsconf_GetLocalCell(conf, lcell, sizeof(lcell));
1863 afsconf_Close(conf);
1865 if (!conf || code) {
1866 printf("** Can't determine local cell name!\n");