|
1 # |
|
2 # This patch allows for backwards compatability with the rcache interface. |
|
3 # Solaris currently supports the deprecated interface for specifying the rcache |
|
4 # file; KRB5RCNAME. Which is defined as: |
|
5 # |
|
6 # KRB5RCNAME=[FILE|MEMORY|NONE]:<rcache name> |
|
7 # with: FILE:/var/krb5/rcache/<service_name>_<euid> as the default setting. |
|
8 # This patch keeps this interface as well as preserve the existing interface |
|
9 # with MIT through various environment variables: |
|
10 # KRB5RCACHETYPE=[dfl|none] |
|
11 # KRB5RCACHENAME=<rcache name> |
|
12 # KRB5RCACHEDIR=<rcache directory> |
|
13 # where the default configuration, dfl:/var/tmp/<service name>_<euid>, |
|
14 # is transformed to dfl:/var/krb5/rcache/<service_name>_<euid> in Solaris |
|
15 # where dfl is a file based replay cache |
|
16 # |
|
17 # The following CRs are fixed with this patch, in sequence: |
|
18 # |
|
19 # 15299709 SUNBT6355096-SOLARIS_11 rcache name value is now expected to be... |
|
20 # 15184486 SUNBT4950986 caching behavior of the Kerberos 5 replay cache is... |
|
21 # 15291109 SUNBT6334655-SOLARIS_11 with <rc type>=MEMORY as said in... |
|
22 # 15299707 SUNBT6355094-SOLARIS_11 Some parts of the krb mem rcache should... |
|
23 # 15731568 SUNBT7071883 mech_krb5.so.1`krb5_rc_dfl_close_no_free+0x21... |
|
24 # |
|
25 # Note: An MIT ticket will subsequently be filed, but the solution may differ |
|
26 # from what we currently offer in Solaris, because they may not want a memory |
|
27 # replay cache, because of the known limitations of this type of cache and may |
|
28 # integrate features that don't require replay caches in the the future. |
|
29 # Patch source: in-house |
|
30 # |
|
31 diff -pur old/src/lib/krb5/krb/srv_rcache.c new/src/lib/krb5/krb/srv_rcache.c |
|
32 --- old/src/lib/krb5/krb/srv_rcache.c 2015-04-09 18:09:27.385483632 -0600 |
|
33 +++ new/src/lib/krb5/krb/srv_rcache.c 2015-04-15 23:30:38.449049210 -0600 |
|
34 @@ -39,6 +39,7 @@ krb5_get_server_rcache(krb5_context cont |
|
35 krb5_error_code retval; |
|
36 unsigned int i; |
|
37 struct k5buf buf = EMPTY_K5BUF; |
|
38 + char *def_env; |
|
39 #ifdef HAVE_GETEUID |
|
40 unsigned long uid = geteuid(); |
|
41 #endif |
|
42 @@ -49,19 +50,30 @@ krb5_get_server_rcache(krb5_context cont |
|
43 cachetype = krb5_rc_default_type(context); |
|
44 |
|
45 k5_buf_init_dynamic(&buf); |
|
46 - k5_buf_add(&buf, cachetype); |
|
47 - k5_buf_add(&buf, ":"); |
|
48 - for (i = 0; i < piece->length; i++) { |
|
49 - if (piece->data[i] == '-') |
|
50 - k5_buf_add(&buf, "--"); |
|
51 - else if (!isvalidrcname((int) piece->data[i])) |
|
52 - k5_buf_add_fmt(&buf, "-%03o", piece->data[i]); |
|
53 + if ((def_env = krb5_rc_default_name(context)) != 0) { |
|
54 + /* |
|
55 + * We expect to have the fully qualified rcache name (<type>:<name>), |
|
56 + * so we populate the default type here if the type is missing. |
|
57 + */ |
|
58 + if (strchr(def_env, ':') == NULL) |
|
59 + k5_buf_add_fmt(&buf, "%s:%s", cachetype, def_env); |
|
60 else |
|
61 - k5_buf_add_len(&buf, &piece->data[i], 1); |
|
62 - } |
|
63 + k5_buf_add(&buf, def_env); |
|
64 + } else { |
|
65 + k5_buf_add(&buf, cachetype); |
|
66 + k5_buf_add(&buf, ":"); |
|
67 + for (i = 0; i < piece->length; i++) { |
|
68 + if (piece->data[i] == '-') |
|
69 + k5_buf_add(&buf, "--"); |
|
70 + else if (!isvalidrcname((int) piece->data[i])) |
|
71 + k5_buf_add_fmt(&buf, "-%03o", piece->data[i]); |
|
72 + else |
|
73 + k5_buf_add_len(&buf, &piece->data[i], 1); |
|
74 + } |
|
75 #ifdef HAVE_GETEUID |
|
76 k5_buf_add_fmt(&buf, "_%lu", uid); |
|
77 #endif |
|
78 + } |
|
79 |
|
80 if (k5_buf_status(&buf) != 0) |
|
81 return ENOMEM; |
|
82 diff -pur old/src/lib/krb5/rcache/Makefile.in new/src/lib/krb5/rcache/Makefile.in |
|
83 --- old/src/lib/krb5/rcache/Makefile.in 2015-04-09 18:09:27.382173687 -0600 |
|
84 +++ new/src/lib/krb5/rcache/Makefile.in 2015-04-09 18:04:39.621940187 -0600 |
|
85 @@ -13,7 +13,8 @@ STLIBOBJS = \ |
|
86 rc_none.o \ |
|
87 rc_conv.o \ |
|
88 ser_rc.o \ |
|
89 - rcfns.o |
|
90 + rcfns.o \ |
|
91 + rc_mem.o |
|
92 |
|
93 OBJS= \ |
|
94 $(OUTPRE)rc_base.$(OBJEXT) \ |
|
95 @@ -23,7 +24,8 @@ OBJS= \ |
|
96 $(OUTPRE)rc_none.$(OBJEXT) \ |
|
97 $(OUTPRE)rc_conv.$(OBJEXT) \ |
|
98 $(OUTPRE)ser_rc.$(OBJEXT) \ |
|
99 - $(OUTPRE)rcfns.$(OBJEXT) |
|
100 + $(OUTPRE)rcfns.$(OBJEXT) \ |
|
101 + $(OUTPRE)rc_mem.$(OBJEXT) |
|
102 |
|
103 SRCS= \ |
|
104 $(srcdir)/rc_base.c \ |
|
105 @@ -34,7 +36,8 @@ SRCS= \ |
|
106 $(srcdir)/rc_conv.c \ |
|
107 $(srcdir)/ser_rc.c \ |
|
108 $(srcdir)/rcfns.c \ |
|
109 - $(srcdir)/t_replay.c |
|
110 + $(srcdir)/t_replay.c \ |
|
111 + $(srcdir)/rc_mem.c |
|
112 |
|
113 ##DOS##LIBOBJS = $(OBJS) |
|
114 |
|
115 diff -pur old/src/lib/krb5/rcache/rc_base.c new/src/lib/krb5/rcache/rc_base.c |
|
116 --- old/src/lib/krb5/rcache/rc_base.c 2015-04-09 18:09:27.381750522 -0600 |
|
117 +++ new/src/lib/krb5/rcache/rc_base.c 2015-04-16 16:29:05.785483477 -0600 |
|
118 @@ -13,19 +13,35 @@ |
|
119 #include "rc_base.h" |
|
120 #include "rc-int.h" |
|
121 #include "k5-thread.h" |
|
122 +#include "rc_mem.h" |
|
123 |
|
124 struct krb5_rc_typelist { |
|
125 const krb5_rc_ops *ops; |
|
126 struct krb5_rc_typelist *next; |
|
127 }; |
|
128 static struct krb5_rc_typelist none = { &krb5_rc_none_ops, 0 }; |
|
129 -static struct krb5_rc_typelist krb5_rc_typelist_dfl = { &krb5_rc_dfl_ops, &none }; |
|
130 +static struct krb5_rc_typelist mem = { &krb5_rc_mem_ops, &none }; |
|
131 +static struct krb5_rc_typelist |
|
132 + krb5_rc_typelist_dfl = { &krb5_rc_dfl_ops, &mem }; |
|
133 static struct krb5_rc_typelist *typehead = &krb5_rc_typelist_dfl; |
|
134 static k5_mutex_t rc_typelist_lock = K5_MUTEX_PARTIAL_INITIALIZER; |
|
135 |
|
136 +struct authlist |
|
137 +{ |
|
138 + krb5_donot_replay rep; |
|
139 + struct authlist *na; |
|
140 + struct authlist *nh; |
|
141 +}; |
|
142 + |
|
143 int |
|
144 krb5int_rc_finish_init(void) |
|
145 { |
|
146 + int retval; |
|
147 + |
|
148 + retval = k5_mutex_finish_init(&grcache.lock); |
|
149 + if (retval) |
|
150 + return (retval); |
|
151 + |
|
152 return k5_mutex_finish_init(&rc_typelist_lock); |
|
153 } |
|
154 |
|
155 @@ -33,6 +49,28 @@ void |
|
156 krb5int_rc_terminate(void) |
|
157 { |
|
158 struct krb5_rc_typelist *t, *t_next; |
|
159 + struct mem_data *tgr = (struct mem_data *)grcache.data; |
|
160 + struct authlist *q, *qt; |
|
161 + int i; |
|
162 + |
|
163 + k5_mutex_destroy(&grcache.lock); |
|
164 + |
|
165 + if (tgr != NULL) { |
|
166 + if (tgr->name) |
|
167 + free(tgr->name); |
|
168 + for (i = 0; i < tgr->hsize; i++) { |
|
169 + for (q = tgr->h[i]; q; q = qt) { |
|
170 + qt = q->nh; |
|
171 + free(q->rep.server); |
|
172 + free(q->rep.client); |
|
173 + free(q); |
|
174 + } |
|
175 + if (tgr->h) |
|
176 + free(tgr->h); |
|
177 + free(tgr); |
|
178 + } |
|
179 + } |
|
180 + |
|
181 k5_mutex_destroy(&rc_typelist_lock); |
|
182 for (t = typehead; t != &krb5_rc_typelist_dfl; t = t_next) { |
|
183 t_next = t->next; |
|
184 @@ -106,21 +144,38 @@ char * krb5_rc_get_type(krb5_context con |
|
185 char * |
|
186 krb5_rc_default_type(krb5_context context) |
|
187 { |
|
188 - char *s; |
|
189 + char *s, *residual; |
|
190 + unsigned int diff; |
|
191 + |
|
192 if ((s = getenv("KRB5RCACHETYPE"))) |
|
193 return s; |
|
194 - else |
|
195 - return "dfl"; |
|
196 + else if ((s = getenv("KRB5RCNAME")) && (residual = strchr(s, ':'))) { |
|
197 + diff = (residual - s) + 1; |
|
198 + if (strncmp(s, "FILE:", diff) == 0) |
|
199 + return "dfl"; |
|
200 + else if (strncmp(s, "NONE:", diff) == 0) |
|
201 + return "none"; |
|
202 + else if (strncmp(s, "MEMORY:", diff) == 0) |
|
203 + return "MEMORY"; |
|
204 + } |
|
205 + |
|
206 + return "dfl"; |
|
207 } |
|
208 |
|
209 char * |
|
210 krb5_rc_default_name(krb5_context context) |
|
211 { |
|
212 - char *s; |
|
213 + char *s, *residual; |
|
214 + |
|
215 if ((s = getenv("KRB5RCACHENAME"))) |
|
216 return s; |
|
217 - else |
|
218 - return (char *) 0; |
|
219 + else if ((s = getenv("KRB5RCNAME"))) { |
|
220 + if (residual = strchr(s, ':')) |
|
221 + return (residual + 1); |
|
222 + else |
|
223 + return s; |
|
224 + } else |
|
225 + return (char *) 0; |
|
226 } |
|
227 |
|
228 krb5_error_code |
|
229 diff -pur old/src/lib/krb5/rcache/rc_dfl.c new/src/lib/krb5/rcache/rc_dfl.c |
|
230 --- old/src/lib/krb5/rcache/rc_dfl.c 2015-04-09 18:09:27.382459743 -0600 |
|
231 +++ new/src/lib/krb5/rcache/rc_dfl.c 2015-04-09 21:01:56.063638506 -0600 |
|
232 @@ -249,6 +249,9 @@ krb5_rc_dfl_close_no_free(krb5_context c |
|
233 struct dfl_data *t = (struct dfl_data *)id->data; |
|
234 struct authlist *q; |
|
235 |
|
236 + if (id->data == NULL) |
|
237 + return 0; |
|
238 + |
|
239 free(t->h); |
|
240 if (t->name) |
|
241 free(t->name); |
|
242 @@ -265,6 +268,7 @@ krb5_rc_dfl_close_no_free(krb5_context c |
|
243 (void) krb5_rc_io_close(context, &t->d); |
|
244 #endif |
|
245 free(t); |
|
246 + id->data = NULL; |
|
247 return 0; |
|
248 } |
|
249 |
|
250 @@ -329,6 +333,7 @@ cleanup: |
|
251 if (t->h) |
|
252 free(t->h); |
|
253 free(t); |
|
254 + id->data = NULL; |
|
255 } |
|
256 return retval; |
|
257 } |
|
258 diff -pur old/src/lib/krb5/rcache/rc_io.c new/src/lib/krb5/rcache/rc_io.c |
|
259 --- old/src/lib/krb5/rcache/rc_io.c 2015-04-09 18:09:27.382337387 -0600 |
|
260 +++ new/src/lib/krb5/rcache/rc_io.c 2015-04-15 02:51:37.858253777 -0600 |
|
261 @@ -56,7 +56,10 @@ getdir(void) |
|
262 #else |
|
263 if (!(dir = getenv("TMPDIR"))) { |
|
264 #ifdef RCTMPDIR |
|
265 - dir = RCTMPDIR; |
|
266 + if (geteuid() == 0) |
|
267 + dir = RCTMPDIR "/root"; |
|
268 + else |
|
269 + dir = RCTMPDIR; |
|
270 #else |
|
271 dir = "/tmp"; |
|
272 #endif |
|
273 @@ -164,6 +167,8 @@ krb5_rc_io_creat(krb5_context context, k |
|
274 |
|
275 GETDIR; |
|
276 if (fn && *fn) { |
|
277 + if (strncmp(*fn, PATH_SEPARATOR, sizeof(PATH_SEPARATOR) - 1) == 0) |
|
278 + dir = ""; |
|
279 if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0) |
|
280 return KRB5_RC_IO_MALLOC; |
|
281 d->fd = -1; |
|
282 @@ -227,6 +232,8 @@ krb5_rc_io_open_internal(krb5_context co |
|
283 char *dir; |
|
284 |
|
285 dir = getdir(); |
|
286 + if (fn && (strncmp(fn, PATH_SEPARATOR, sizeof(PATH_SEPARATOR) - 1) == 0)) |
|
287 + dir = ""; |
|
288 if (full_pathname) { |
|
289 if (!(d->fn = strdup(full_pathname))) |
|
290 return KRB5_RC_IO_MALLOC; |
|
291 diff -pur old/src/lib/krb5/rcache/rc-int.h new/src/lib/krb5/rcache/rc-int.h |
|
292 --- old/src/lib/krb5/rcache/rc-int.h 2015-04-09 18:09:27.381858138 -0600 |
|
293 +++ new/src/lib/krb5/rcache/rc-int.h 2015-04-09 18:04:39.622200717 -0600 |
|
294 @@ -87,5 +87,6 @@ krb5_error_code krb5_rc_register_type(kr |
|
295 |
|
296 extern const krb5_rc_ops krb5_rc_dfl_ops; |
|
297 extern const krb5_rc_ops krb5_rc_none_ops; |
|
298 +extern const krb5_rc_ops krb5_rc_mem_ops; |
|
299 |
|
300 #endif /* __KRB5_RCACHE_INT_H__ */ |