Back to index...

	/*
	* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/


	package sun.security.krb5.internal.rcache;

	import java.io.*;
	import java.nio.BufferUnderflowException;
	import java.nio.ByteBuffer;
	import java.nio.ByteOrder;
	import java.nio.channels.SeekableByteChannel;
	import java.nio.file.Files;
	import java.nio.file.Path;
	import java.nio.file.StandardCopyOption;
	import java.nio.file.StandardOpenOption;
	import java.nio.file.attribute.PosixFilePermission;
	import java.security.AccessController;
	import java.util.*;

	import sun.security.action.GetPropertyAction;
	import sun.security.krb5.internal.KerberosTime;
	import sun.security.krb5.internal.Krb5;
	import sun.security.krb5.internal.KrbApErrException;
	import sun.security.krb5.internal.ReplayCache;


	/**
	* A dfl file is used to sustores AuthTime entries when the system property
	* sun.security.krb5.rcache is set to
	*
	* dfl(\|:path/\|:path/name\|:name)
	*
	* The file will be path/name. If path is not given, it will be
	*
	* System.getProperty("java.io.tmpdir")
	*
	* If name is not given, it will be
	*
	* service_euid
	*
	* Java does not have a method to get euid, so uid is used instead. This
	* should normally to be since a Java program is seldom used as a setuid app.
	*
	* The file has a header:
	*
	* i16 0x0501 (KRB5_RC_VNO) in network order
	* i32 number of seconds for lifespan (in native order, same below)
	*
	* followed by cache entries concatenated, which can be encoded in
	* 2 styles:
	*
	* The traditional style is:
	*
	* LC of client principal
	* LC of server principal
	* i32 cusec of Authenticator
	* i32 ctime of Authenticator
	*
	* The new style has a hash:
	*
	* LC of ""
	* LC of "HASH:%s %lu:%s %lu:%s" of (hash, clientlen, client, serverlen,
	* server) where msghash is 32 char (lower case) text mode md5sum
	* of the ciphertext of authenticator.
	* i32 cusec of Authenticator
	* i32 ctime of Authenticator
	*
	* where LC of a string means
	*
	* i32 strlen(string) + 1
	* octets of string, with the \0x00 ending
	*
	* The old style block is always created by MIT krb5 used even if a new style
	* is available, which means there can be 2 entries for a single Authenticator.
	* Java also does this way.
	*
	* See src/lib/krb5/rcache/rc_io.c and src/lib/krb5/rcache/rc_dfl.c.
	*/
	public class DflCache extends ReplayCache {

	private static final int KRB5_RV_VNO = 0x501;
	private static final int EXCESSREPS = 30; // if missed-hit>this, recreate

	private final String source;

	private static int uid;
	static {
	try {
	// Available on Solaris, Linux and Mac. Otherwise, no _euid suffix
	Class<?> clazz = Class.forName("com.sun.security.auth.module.UnixSystem");
	uid = (int)(long)(Long)
	clazz.getMethod("getUid").invoke(clazz.newInstance());
	} catch (Exception e) {
	uid = -1;
	}
	}

	public DflCache (String source) {
	this.source = source;
	}

	private static String defaultPath() {
	return AccessController.doPrivileged(
	new GetPropertyAction("java.io.tmpdir"));
	}

	private static String defaultFile(String server) {
	// service/host@REALM -> service
	int slash = server.indexOf('/');
	if (slash == -1) {
	// A normal principal? say, dummy@REALM
	slash = server.indexOf('@');
	}
	if (slash != -1) {
	// Should not happen, but be careful
	server= server.substring(0, slash);
	}
	if (uid != -1) {
	server += "_" + uid;
	}
	return server;
	}

	private static Path getFileName(String source, String server) {
	String path, file;
	if (source.equals("dfl")) {
	path = defaultPath();
	file = defaultFile(server);
	} else if (source.startsWith("dfl:")) {
	source = source.substring(4);
	int pos = source.lastIndexOf('/');
	int pos1 = source.lastIndexOf('\\');
	if (pos1 > pos) pos = pos1;
	if (pos == -1) {
	// Only file name
	path = defaultPath();
	file = source;
	} else if (new File(source).isDirectory()) {
	// Only path
	path = source;
	file = defaultFile(server);
	} else {
	// Full pathname
	path = null;
	file = source;
	}
	} else {
	throw new IllegalArgumentException();
	}
	return new File(path, file).toPath();
	}

	@Override
	public void checkAndStore(KerberosTime currTime, AuthTimeWithHash time)
	throws KrbApErrException {
	try {
	checkAndStore0(currTime, time);
	} catch (IOException ioe) {
	KrbApErrException ke = new KrbApErrException(Krb5.KRB_ERR_GENERIC);
	ke.initCause(ioe);
	throw ke;
	}
	}

	private synchronized void checkAndStore0(KerberosTime currTime, AuthTimeWithHash time)
	throws IOException, KrbApErrException {
	Path p = getFileName(source, time.server);
	int missed = 0;
	try (Storage s = new Storage()) {
	try {
	missed = s.loadAndCheck(p, time, currTime);
	} catch (IOException ioe) {
	// Non-existing or invalid file
	Storage.create(p);
	missed = s.loadAndCheck(p, time, currTime);
	}
	s.append(time);
	}
	if (missed > EXCESSREPS) {
	Storage.expunge(p, currTime);
	}
	}


	private static class Storage implements Closeable {
	// Static methods
	@SuppressWarnings("try")
	private static void create(Path p) throws IOException {
	try (SeekableByteChannel newChan = createNoClose(p)) {
	// Do nothing, wait for close
	}
	makeMine(p);
	}

	private static void makeMine(Path p) throws IOException {
	// chmod to owner-rw only, otherwise MIT krb5 rejects
	try {
	Set<PosixFilePermission> attrs = new HashSet<>();
	attrs.add(PosixFilePermission.OWNER_READ);
	attrs.add(PosixFilePermission.OWNER_WRITE);
	Files.setPosixFilePermissions(p, attrs);
	} catch (UnsupportedOperationException uoe) {
	// No POSIX permission. That's OK.
	}
	}

	private static SeekableByteChannel createNoClose(Path p)
	throws IOException {
	SeekableByteChannel newChan = Files.newByteChannel(
	p, StandardOpenOption.CREATE,
	StandardOpenOption.TRUNCATE_EXISTING,
	StandardOpenOption.WRITE);
	ByteBuffer buffer = ByteBuffer.allocate(6);
	buffer.putShort((short)KRB5_RV_VNO);
	buffer.order(ByteOrder.nativeOrder());
	buffer.putInt(KerberosTime.getDefaultSkew());
	buffer.flip();
	newChan.write(buffer);
	return newChan;
	}

	private static void expunge(Path p, KerberosTime currTime)
	throws IOException {
	Path p2 = Files.createTempFile(p.getParent(), "rcache", null);
	try (SeekableByteChannel oldChan = Files.newByteChannel(p);
	SeekableByteChannel newChan = createNoClose(p2)) {
	long timeLimit = currTime.getSeconds() - readHeader(oldChan);
	while (true) {
	try {
	AuthTime at = AuthTime.readFrom(oldChan);
	if (at.ctime > timeLimit) {
	ByteBuffer bb = ByteBuffer.wrap(at.encode(true));
	newChan.write(bb);
	}
	} catch (BufferUnderflowException e) {
	break;
	}
	}
	}
	makeMine(p2);
	Files.move(p2, p,
	StandardCopyOption.REPLACE_EXISTING,
	StandardCopyOption.ATOMIC_MOVE);
	}

	// Instance methods
	SeekableByteChannel chan;
	private int loadAndCheck(Path p, AuthTimeWithHash time,
	KerberosTime currTime)
	throws IOException, KrbApErrException {
	int missed = 0;
	if (Files.isSymbolicLink(p)) {
	throw new IOException("Symlink not accepted");
	}
	try {
	Set<PosixFilePermission> perms =
	Files.getPosixFilePermissions(p);
	if (uid != -1 &&
	(Integer)Files.getAttribute(p, "unix:uid") != uid) {
	throw new IOException("Not mine");
	}
	if (perms.contains(PosixFilePermission.GROUP_READ) \|\|
	perms.contains(PosixFilePermission.GROUP_WRITE) \|\|
	perms.contains(PosixFilePermission.GROUP_EXECUTE) \|\|
	perms.contains(PosixFilePermission.OTHERS_READ) \|\|
	perms.contains(PosixFilePermission.OTHERS_WRITE) \|\|
	perms.contains(PosixFilePermission.OTHERS_EXECUTE)) {
	throw new IOException("Accessible by someone else");
	}
	} catch (UnsupportedOperationException uoe) {
	// No POSIX permissions? Ignore it.
	}
	chan = Files.newByteChannel(p, StandardOpenOption.WRITE,
	StandardOpenOption.READ);

	long timeLimit = currTime.getSeconds() - readHeader(chan);

	long pos = 0;
	boolean seeNewButNotSame = false;
	while (true) {
	try {
	pos = chan.position();
	AuthTime a = AuthTime.readFrom(chan);
	if (a instanceof AuthTimeWithHash) {
	if (time.equals(a)) {
	// Exact match, must be a replay
	throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
	} else if (time.isSameIgnoresHash(a)) {
	// Two different authenticators in the same second.
	// Remember it
	seeNewButNotSame = true;
	}
	} else {
	if (time.isSameIgnoresHash(a)) {
	// Two authenticators in the same second. Considered
	// same if we haven't seen a new style version of it
	if (!seeNewButNotSame) {
	throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
	}
	}
	}
	if (a.ctime < timeLimit) {
	missed++;
	} else {
	missed--;
	}
	} catch (BufferUnderflowException e) {
	// Half-written file?
	chan.position(pos);
	break;
	}
	}
	return missed;
	}

	private static int readHeader(SeekableByteChannel chan)
	throws IOException {
	ByteBuffer bb = ByteBuffer.allocate(6);
	chan.read(bb);
	if (bb.getShort(0) != KRB5_RV_VNO) {
	throw new IOException("Not correct rcache version");
	}
	bb.order(ByteOrder.nativeOrder());
	return bb.getInt(2);
	}

	private void append(AuthTimeWithHash at) throws IOException {
	// Write an entry with hash, to be followed by one without it,
	// for the benefit of old implementations.
	ByteBuffer bb;
	bb = ByteBuffer.wrap(at.encode(true));
	chan.write(bb);
	bb = ByteBuffer.wrap(at.encode(false));
	chan.write(bb);
	}

	@Override
	public void close() throws IOException {
	if (chan != null) chan.close();
	chan = null;
	}
	}
	}

Back to index...