search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
use DES_set_key_unchecked().
[heimdal.git] / lib / krb5 / cache.c
blob60a5aa64035244ac9aa17c51caff21c6518cf98f
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 RCSID("$Id$");
37
38 /**
39 * Add a new ccache type with operations `ops', overwriting any
40 * existing one if `override'.
41 *
42 * @param context a Keberos context
43 * @param ops type of plugin symbol
44 * @param override flag to select if the registration is to overide
45 * an existing ops with the same name.
46 *
47 * @return Return an error code or 0.
48 *
49 * @ingroup krb5_ccache
50 */
51
52 krb5_error_code KRB5_LIB_FUNCTION
53 krb5_cc_register(krb5_context context,
54 const krb5_cc_ops *ops,
55 krb5_boolean override)
56 {
57 int i;
58
59 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
60 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
61 if(!override) {
62 krb5_set_error_string(context,
63 "ccache type %s already exists",
64 ops->prefix);
65 return KRB5_CC_TYPE_EXISTS;
66 }
67 break;
68 }
69 }
70 if(i == context->num_cc_ops) {
71 krb5_cc_ops *o = realloc(context->cc_ops,
72 (context->num_cc_ops + 1) *
73 sizeof(*context->cc_ops));
74 if(o == NULL) {
75 krb5_set_error_string(context, "malloc: out of memory");
76 return KRB5_CC_NOMEM;
77 }
78 context->num_cc_ops++;
79 context->cc_ops = o;
80 memset(context->cc_ops + i, 0,
81 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
82 }
83 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
84 return 0;
85 }
86
87 /*
88 * Allocate the memory for a `id' and the that function table to
89 * `ops'. Returns 0 or and error code.
90 */
91
92 krb5_error_code
93 _krb5_cc_allocate(krb5_context context,
94 const krb5_cc_ops *ops,
95 krb5_ccache *id)
96 {
97 krb5_ccache p;
98
99 p = malloc (sizeof(*p));
100 if(p == NULL) {
101 krb5_set_error_string(context, "malloc: out of memory");
102 return KRB5_CC_NOMEM;
103 }
104 p->ops = ops;
105 *id = p;
106
107 return 0;
108 }
109
110 /*
111 * Allocate memory for a new ccache in `id' with operations `ops'
112 * and name `residual'. Return 0 or an error code.
113 */
114
115 static krb5_error_code
116 allocate_ccache (krb5_context context,
117 const krb5_cc_ops *ops,
118 const char *residual,
119 krb5_ccache *id)
120 {
121 krb5_error_code ret;
122
123 ret = _krb5_cc_allocate(context, ops, id);
124 if (ret)
125 return ret;
126 ret = (*id)->ops->resolve(context, id, residual);
127 if(ret)
128 free(*id);
129 return ret;
130 }
131
132 /**
133 * Find and allocate a ccache in `id' from the specification in `residual'.
134 * If the ccache name doesn't contain any colon, interpret it as a file name.
135 *
136 * @param context a Keberos context.
137 * @param name string name of a credential cache.
138 * @param id return pointer to a found credential cache.
139 *
140 * @return Return 0 or an error code. In case of an error, id is set
141 * to NULL.
142 *
143 * @ingroup krb5_ccache
144 */
145
146
147 krb5_error_code KRB5_LIB_FUNCTION
148 krb5_cc_resolve(krb5_context context,
149 const char *name,
150 krb5_ccache *id)
151 {
152 int i;
153
154 *id = NULL;
155
156 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
157 size_t prefix_len = strlen(context->cc_ops[i].prefix);
158
159 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
160 && name[prefix_len] == ':') {
161 return allocate_ccache (context, &context->cc_ops[i],
162 name + prefix_len + 1,
163 id);
164 }
165 }
166 if (strchr (name, ':') == NULL)
167 return allocate_ccache (context, &krb5_fcc_ops, name, id);
168 else {
169 krb5_set_error_string(context, "unknown ccache type %s", name);
170 return KRB5_CC_UNKNOWN_TYPE;
171 }
172 }
173
174 /**
175 * Generate a new ccache of type `ops' in `id'.
176 *
177 * @return Return 0 or an error code.
178 *
179 * @ingroup krb5_ccache
180 */
181
182
183 krb5_error_code KRB5_LIB_FUNCTION
184 krb5_cc_gen_new(krb5_context context,
185 const krb5_cc_ops *ops,
186 krb5_ccache *id)
187 {
188 return krb5_cc_new_unique(context, ops->prefix, NULL, id);
189 }
190
191 /**
192 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
193 * the library chooses the default credential cache type. The supplied
194 * `hint' (that can be NULL) is a string that the credential cache
195 * type can use to base the name of the credential on, this is to make
196 * it easier for the user to differentiate the credentials.
197 *
198 * @return Returns 0 or an error code.
199 *
200 * @ingroup krb5_ccache
201 */
202
203 krb5_error_code KRB5_LIB_FUNCTION
204 krb5_cc_new_unique(krb5_context context, const char *type,
205 const char *hint, krb5_ccache *id)
206 {
207 const krb5_cc_ops *ops;
208 krb5_error_code ret;
209
210 ops = krb5_cc_get_prefix_ops(context, type);
211 if (ops == NULL) {
212 krb5_set_error_string(context,
213 "Credential cache type %s is unknown", type);
214 return KRB5_CC_UNKNOWN_TYPE;
215 }
216
217 ret = _krb5_cc_allocate(context, ops, id);
218 if (ret)
219 return ret;
220 return (*id)->ops->gen_new(context, id);
221 }
222
223 /**
224 * Return the name of the ccache `id'
225 *
226 * @ingroup krb5_ccache
227 */
228
229
230 const char* KRB5_LIB_FUNCTION
231 krb5_cc_get_name(krb5_context context,
232 krb5_ccache id)
233 {
234 return id->ops->get_name(context, id);
235 }
236
237 /**
238 * Return the type of the ccache `id'.
239 *
240 * @ingroup krb5_ccache
241 */
242
243
244 const char* KRB5_LIB_FUNCTION
245 krb5_cc_get_type(krb5_context context,
246 krb5_ccache id)
247 {
248 return id->ops->prefix;
249 }
250
251 /**
252 * Return the complete resolvable name the ccache `id' in `str´.
253 * `str` should be freed with free(3).
254 * Returns 0 or an error (and then *str is set to NULL).
255 *
256 * @ingroup krb5_ccache
257 */
258
259
260 krb5_error_code KRB5_LIB_FUNCTION
261 krb5_cc_get_full_name(krb5_context context,
262 krb5_ccache id,
263 char **str)
264 {
265 const char *type, *name;
266
267 *str = NULL;
268
269 type = krb5_cc_get_type(context, id);
270 if (type == NULL) {
271 krb5_set_error_string(context, "cache have no name of type");
272 return KRB5_CC_UNKNOWN_TYPE;
273 }
274
275 name = krb5_cc_get_name(context, id);
276 if (name == NULL) {
277 krb5_set_error_string(context, "cache of type %s have no name", type);
278 return KRB5_CC_BADNAME;
279 }
280
281 if (asprintf(str, "%s:%s", type, name) == -1) {
282 krb5_set_error_string(context, "malloc - out of memory");
283 *str = NULL;
284 return ENOMEM;
285 }
286 return 0;
287 }
288
289 /**
290 * Return krb5_cc_ops of a the ccache `id'.
291 *
292 * @ingroup krb5_ccache
293 */
294
295
296 const krb5_cc_ops *
297 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
298 {
299 return id->ops;
300 }
301
302 /*
303 * Expand variables in `str' into `res'
304 */
305
306 krb5_error_code
307 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
308 {
309 size_t tlen, len = 0;
310 char *tmp, *tmp2, *append;
311
312 *res = NULL;
313
314 while (str && *str) {
315 tmp = strstr(str, "%{");
316 if (tmp && tmp != str) {
317 append = malloc((tmp - str) + 1);
318 if (append) {
319 memcpy(append, str, tmp - str);
320 append[tmp - str] = '\0';
321 }
322 str = tmp;
323 } else if (tmp) {
324 tmp2 = strchr(tmp, '}');
325 if (tmp2 == NULL) {
326 free(*res);
327 *res = NULL;
328 krb5_set_error_string(context, "variable missing }");
329 return KRB5_CONFIG_BADFORMAT;
330 }
331 if (strncasecmp(tmp, "%{uid}", 6) == 0)
332 asprintf(&append, "%u", (unsigned)getuid());
333 else if (strncasecmp(tmp, "%{null}", 7) == 0)
334 append = strdup("");
335 else {
336 free(*res);
337 *res = NULL;
338 krb5_set_error_string(context,
339 "expand default cache unknown "
340 "variable \"%.*s\"",
341 (int)(tmp2 - tmp) - 2, tmp + 2);
342 return KRB5_CONFIG_BADFORMAT;
343 }
344 str = tmp2 + 1;
345 } else {
346 append = strdup(str);
347 str = NULL;
348 }
349 if (append == NULL) {
350 free(*res);
351 *res = NULL;
352 krb5_set_error_string(context, "malloc - out of memory");
353 return ENOMEM;
354 }
355
356 tlen = strlen(append);
357 tmp = realloc(*res, len + tlen + 1);
358 if (tmp == NULL) {
359 free(append);
360 free(*res);
361 *res = NULL;
362 krb5_set_error_string(context, "malloc - out of memory");
363 return ENOMEM;
364 }
365 *res = tmp;
366 memcpy(*res + len, append, tlen + 1);
367 len = len + tlen;
368 free(append);
369 }
370 return 0;
371 }
372
373 /*
374 * Return non-zero if envirnoment that will determine default krb5cc
375 * name has changed.
376 */
377
378 static int
379 environment_changed(krb5_context context)
380 {
381 const char *e;
382
383 /* if the cc name was set, don't change it */
384 if (context->default_cc_name_set)
385 return 0;
386
387 if(issuid())
388 return 0;
389
390 e = getenv("KRB5CCNAME");
391 if (e == NULL) {
392 if (context->default_cc_name_env) {
393 free(context->default_cc_name_env);
394 context->default_cc_name_env = NULL;
395 return 1;
396 }
397 } else {
398 if (context->default_cc_name_env == NULL)
399 return 1;
400 if (strcmp(e, context->default_cc_name_env) != 0)
401 return 1;
402 }
403 return 0;
404 }
405
406 /**
407 * Switch the default default credential cache for a specific
408 * credcache type (and name for some implementations).
409 *
410 * @return Returns 0 or an error code.
411 *
412 * @ingroup krb5_ccache
413 */
414
415 krb5_error_code
416 krb5_cc_switch(krb5_context context, krb5_ccache id)
417 {
418
419 if (id->ops->set_default == NULL)
420 return 0;
421
422 return (*id->ops->set_default)(context, id);
423 }
424
425 /**
426 * Set the default cc name for `context' to `name'.
427 *
428 * @ingroup krb5_ccache
429 */
430
431 krb5_error_code KRB5_LIB_FUNCTION
432 krb5_cc_set_default_name(krb5_context context, const char *name)
433 {
434 krb5_error_code ret = 0;
435 char *p;
436
437 if (name == NULL) {
438 const char *e = NULL;
439
440 if(!issuid()) {
441 e = getenv("KRB5CCNAME");
442 if (e) {
443 p = strdup(e);
444 if (context->default_cc_name_env)
445 free(context->default_cc_name_env);
446 context->default_cc_name_env = strdup(e);
447 }
448 }
449 if (e == NULL) {
450 e = krb5_config_get_string(context, NULL, "libdefaults",
451 "default_cc_name", NULL);
452 if (e) {
453 ret = _krb5_expand_default_cc_name(context, e, &p);
454 if (ret)
455 return ret;
456 }
457 if (e == NULL) {
458 const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
459 ret = (*ops->get_default_name)(context, &p);
460 if (ret)
461 return ret;
462 }
463 }
464 context->default_cc_name_set = 0;
465 } else {
466 p = strdup(name);
467 context->default_cc_name_set = 1;
468 }
469
470 if (p == NULL) {
471 krb5_set_error_string(context, "malloc - out of memory");
472 return ENOMEM;
473 }
474
475 if (context->default_cc_name)
476 free(context->default_cc_name);
477
478 context->default_cc_name = p;
479
480 return ret;
481 }
482
483 /**
484 * Return a pointer to a context static string containing the default
485 * ccache name.
486 *
487 * @return String to the default credential cache name.
488 *
489 * @ingroup krb5_ccache
490 */
491
492
493 const char* KRB5_LIB_FUNCTION
494 krb5_cc_default_name(krb5_context context)
495 {
496 if (context->default_cc_name == NULL || environment_changed(context))
497 krb5_cc_set_default_name(context, NULL);
498
499 return context->default_cc_name;
500 }
501
502 /**
503 * Open the default ccache in `id'.
504 *
505 * @return Return 0 or an error code.
506 *
507 * @ingroup krb5_ccache
508 */
509
510
511 krb5_error_code KRB5_LIB_FUNCTION
512 krb5_cc_default(krb5_context context,
513 krb5_ccache *id)
514 {
515 const char *p = krb5_cc_default_name(context);
516
517 if (p == NULL) {
518 krb5_set_error_string(context, "malloc - out of memory");
519 return ENOMEM;
520 }
521 return krb5_cc_resolve(context, p, id);
522 }
523
524 /**
525 * Create a new ccache in `id' for `primary_principal'.
526 *
527 * @return Return 0 or an error code.
528 *
529 * @ingroup krb5_ccache
530 */
531
532
533 krb5_error_code KRB5_LIB_FUNCTION
534 krb5_cc_initialize(krb5_context context,
535 krb5_ccache id,
536 krb5_principal primary_principal)
537 {
538 return (*id->ops->init)(context, id, primary_principal);
539 }
540
541
542 /**
543 * Remove the ccache `id'.
544 *
545 * @return Return 0 or an error code.
546 *
547 * @ingroup krb5_ccache
548 */
549
550
551 krb5_error_code KRB5_LIB_FUNCTION
552 krb5_cc_destroy(krb5_context context,
553 krb5_ccache id)
554 {
555 krb5_error_code ret;
556
557 ret = (*id->ops->destroy)(context, id);
558 krb5_cc_close (context, id);
559 return ret;
560 }
561
562 /**
563 * Stop using the ccache `id' and free the related resources.
564 *
565 * @return Return 0 or an error code.
566 *
567 * @ingroup krb5_ccache
568 */
569
570
571 krb5_error_code KRB5_LIB_FUNCTION
572 krb5_cc_close(krb5_context context,
573 krb5_ccache id)
574 {
575 krb5_error_code ret;
576 ret = (*id->ops->close)(context, id);
577 free(id);
578 return ret;
579 }
580
581 /**
582 * Store `creds' in the ccache `id'.
583 *
584 * @return Return 0 or an error code.
585 *
586 * @ingroup krb5_ccache
587 */
588
589
590 krb5_error_code KRB5_LIB_FUNCTION
591 krb5_cc_store_cred(krb5_context context,
592 krb5_ccache id,
593 krb5_creds *creds)
594 {
595 return (*id->ops->store)(context, id, creds);
596 }
597
598 /**
599 * Retrieve the credential identified by `mcreds' (and `whichfields')
600 * from `id' in `creds'. 'creds' must be free by the caller using
601 * krb5_free_cred_contents.
602 *
603 * @return Return 0 or an error code.
604 *
605 * @ingroup krb5_ccache
606 */
607
608
609 krb5_error_code KRB5_LIB_FUNCTION
610 krb5_cc_retrieve_cred(krb5_context context,
611 krb5_ccache id,
612 krb5_flags whichfields,
613 const krb5_creds *mcreds,
614 krb5_creds *creds)
615 {
616 krb5_error_code ret;
617 krb5_cc_cursor cursor;
618
619 if (id->ops->retrieve != NULL) {
620 return (*id->ops->retrieve)(context, id, whichfields,
621 mcreds, creds);
622 }
623
624 ret = krb5_cc_start_seq_get(context, id, &cursor);
625 if (ret)
626 return ret;
627 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
628 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
629 ret = 0;
630 break;
631 }
632 krb5_free_cred_contents (context, creds);
633 }
634 krb5_cc_end_seq_get(context, id, &cursor);
635 return ret;
636 }
637
638 /**
639 * Return the principal of `id' in `principal'.
640 *
641 * @return Return 0 or an error code.
642 *
643 * @ingroup krb5_ccache
644 */
645
646
647 krb5_error_code KRB5_LIB_FUNCTION
648 krb5_cc_get_principal(krb5_context context,
649 krb5_ccache id,
650 krb5_principal *principal)
651 {
652 return (*id->ops->get_princ)(context, id, principal);
653 }
654
655 /**
656 * Start iterating over `id', `cursor' is initialized to the
657 * beginning.
658 *
659 * @return Return 0 or an error code.
660 *
661 * @ingroup krb5_ccache
662 */
663
664
665 krb5_error_code KRB5_LIB_FUNCTION
666 krb5_cc_start_seq_get (krb5_context context,
667 const krb5_ccache id,
668 krb5_cc_cursor *cursor)
669 {
670 return (*id->ops->get_first)(context, id, cursor);
671 }
672
673 /**
674 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
675 * and advance `cursor'.
676 *
677 * @return Return 0 or an error code.
678 *
679 * @ingroup krb5_ccache
680 */
681
682
683 krb5_error_code KRB5_LIB_FUNCTION
684 krb5_cc_next_cred (krb5_context context,
685 const krb5_ccache id,
686 krb5_cc_cursor *cursor,
687 krb5_creds *creds)
688 {
689 return (*id->ops->get_next)(context, id, cursor, creds);
690 }
691
692 /**
693 * Like krb5_cc_next_cred, but allow for selective retrieval
694 *
695 * @ingroup krb5_ccache
696 */
697
698
699 krb5_error_code KRB5_LIB_FUNCTION
700 krb5_cc_next_cred_match(krb5_context context,
701 const krb5_ccache id,
702 krb5_cc_cursor * cursor,
703 krb5_creds * creds,
704 krb5_flags whichfields,
705 const krb5_creds * mcreds)
706 {
707 krb5_error_code ret;
708 while (1) {
709 ret = krb5_cc_next_cred(context, id, cursor, creds);
710 if (ret)
711 return ret;
712 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
713 return 0;
714 krb5_free_cred_contents(context, creds);
715 }
716 }
717
718 /**
719 * Destroy the cursor `cursor'.
720 *
721 * @ingroup krb5_ccache
722 */
723
724
725 krb5_error_code KRB5_LIB_FUNCTION
726 krb5_cc_end_seq_get (krb5_context context,
727 const krb5_ccache id,
728 krb5_cc_cursor *cursor)
729 {
730 return (*id->ops->end_get)(context, id, cursor);
731 }
732
733 /**
734 * Remove the credential identified by `cred', `which' from `id'.
735 *
736 * @ingroup krb5_ccache
737 */
738
739
740 krb5_error_code KRB5_LIB_FUNCTION
741 krb5_cc_remove_cred(krb5_context context,
742 krb5_ccache id,
743 krb5_flags which,
744 krb5_creds *cred)
745 {
746 if(id->ops->remove_cred == NULL) {
747 krb5_set_error_string(context,
748 "ccache %s does not support remove_cred",
749 id->ops->prefix);
750 return EACCES; /* XXX */
751 }
752 return (*id->ops->remove_cred)(context, id, which, cred);
753 }
754
755 /**
756 * Set the flags of `id' to `flags'.
757 *
758 * @ingroup krb5_ccache
759 */
760
761
762 krb5_error_code KRB5_LIB_FUNCTION
763 krb5_cc_set_flags(krb5_context context,
764 krb5_ccache id,
765 krb5_flags flags)
766 {
767 return (*id->ops->set_flags)(context, id, flags);
768 }
769
770 /**
771 * Copy the contents of `from' to `to'.
772 *
773 * @ingroup krb5_ccache
774 */
775
776
777 krb5_error_code KRB5_LIB_FUNCTION
778 krb5_cc_copy_cache_match(krb5_context context,
779 const krb5_ccache from,
780 krb5_ccache to,
781 krb5_flags whichfields,
782 const krb5_creds * mcreds,
783 unsigned int *matched)
784 {
785 krb5_error_code ret;
786 krb5_cc_cursor cursor;
787 krb5_creds cred;
788 krb5_principal princ;
789
790 ret = krb5_cc_get_principal(context, from, &princ);
791 if (ret)
792 return ret;
793 ret = krb5_cc_initialize(context, to, princ);
794 if (ret) {
795 krb5_free_principal(context, princ);
796 return ret;
797 }
798 ret = krb5_cc_start_seq_get(context, from, &cursor);
799 if (ret) {
800 krb5_free_principal(context, princ);
801 return ret;
802 }
803 if (matched)
804 *matched = 0;
805 while (ret == 0 &&
806 krb5_cc_next_cred_match(context, from, &cursor, &cred,
807 whichfields, mcreds) == 0) {
808 if (matched)
809 (*matched)++;
810 ret = krb5_cc_store_cred(context, to, &cred);
811 krb5_free_cred_contents(context, &cred);
812 }
813 krb5_cc_end_seq_get(context, from, &cursor);
814 krb5_free_principal(context, princ);
815 return ret;
816 }
817
818 /**
819 * Just like krb5_cc_copy_cache_match, but copy everything.
820 *
821 * @ingroup krb5_ccache
822 */
823
824
825 krb5_error_code KRB5_LIB_FUNCTION
826 krb5_cc_copy_cache(krb5_context context,
827 const krb5_ccache from,
828 krb5_ccache to)
829 {
830 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
831 }
832
833 /**
834 * Return the version of `id'.
835 *
836 * @ingroup krb5_ccache
837 */
838
839
840 krb5_error_code KRB5_LIB_FUNCTION
841 krb5_cc_get_version(krb5_context context,
842 const krb5_ccache id)
843 {
844 if(id->ops->get_version)
845 return (*id->ops->get_version)(context, id);
846 else
847 return 0;
848 }
849
850 /**
851 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
852 *
853 * @ingroup krb5_ccache
854 */
855
856
857 void KRB5_LIB_FUNCTION
858 krb5_cc_clear_mcred(krb5_creds *mcred)
859 {
860 memset(mcred, 0, sizeof(*mcred));
861 }
862
863 /**
864 * Get the cc ops that is registered in `context' to handle the
865 * prefix. prefix can be a complete credential cache name or a
866 * prefix, the function will only use part up to the first colon (:)
867 * if there is one. If prefix the argument is NULL, the default ccache
868 * implemtation is returned.
869
870 * @return Returns NULL if ops not found.
871 *
872 * @ingroup krb5_ccache
873 */
874
875
876 const krb5_cc_ops *
877 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
878 {
879 char *p, *p1;
880 int i;
881
882 if (prefix == NULL)
883 return KRB5_DEFAULT_CCTYPE;
884 if (prefix[0] == '/')
885 return &krb5_fcc_ops;
886
887 p = strdup(prefix);
888 if (p == NULL) {
889 krb5_set_error_string(context, "malloc - out of memory");
890 return NULL;
891 }
892 p1 = strchr(p, ':');
893 if (p1)
894 *p1 = '\0';
895
896 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
897 if(strcmp(context->cc_ops[i].prefix, p) == 0) {
898 free(p);
899 return &context->cc_ops[i];
900 }
901 }
902 free(p);
903 return NULL;
904 }
905
906 struct krb5_cc_cache_cursor_data {
907 const krb5_cc_ops *ops;
908 krb5_cc_cursor cursor;
909 };
910
911 /**
912 * Start iterating over all caches of `type'. If `type' is NULL, the
913 * default type is * used. `cursor' is initialized to the beginning.
914 *
915 * @return Return 0 or an error code.
916 *
917 * @ingroup krb5_ccache
918 */
919
920
921 krb5_error_code KRB5_LIB_FUNCTION
922 krb5_cc_cache_get_first (krb5_context context,
923 const char *type,
924 krb5_cc_cache_cursor *cursor)
925 {
926 const krb5_cc_ops *ops;
927 krb5_error_code ret;
928
929 if (type == NULL)
930 type = krb5_cc_default_name(context);
931
932 ops = krb5_cc_get_prefix_ops(context, type);
933 if (ops == NULL) {
934 krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
935 "trying to iterate the credential caches", type);
936 return KRB5_CC_UNKNOWN_TYPE;
937 }
938
939 if (ops->get_cache_first == NULL) {
940 krb5_set_error_string(context, "Credential cache type %s doesn't support "
941 "iterations over caches", ops->prefix);
942 return KRB5_CC_NOSUPP;
943 }
944
945 *cursor = calloc(1, sizeof(**cursor));
946 if (*cursor == NULL) {
947 krb5_set_error_string(context, "malloc - out of memory");
948 return ENOMEM;
949 }
950
951 (*cursor)->ops = ops;
952
953 ret = ops->get_cache_first(context, &(*cursor)->cursor);
954 if (ret) {
955 free(*cursor);
956 *cursor = NULL;
957 }
958 return ret;
959 }
960
961 /**
962 * Retrieve the next cache pointed to by (`cursor') in `id'
963 * and advance `cursor'.
964 *
965 * @return Return 0 or an error code.
966 *
967 * @ingroup krb5_ccache
968 */
969
970
971 krb5_error_code KRB5_LIB_FUNCTION
972 krb5_cc_cache_next (krb5_context context,
973 krb5_cc_cache_cursor cursor,
974 krb5_ccache *id)
975 {
976 return cursor->ops->get_cache_next(context, cursor->cursor, id);
977 }
978
979 /**
980 * Destroy the cursor `cursor'.
981 *
982 * @return Return 0 or an error code.
983 *
984 * @ingroup krb5_ccache
985 */
986
987
988 krb5_error_code KRB5_LIB_FUNCTION
989 krb5_cc_cache_end_seq_get (krb5_context context,
990 krb5_cc_cache_cursor cursor)
991 {
992 krb5_error_code ret;
993 ret = cursor->ops->end_cache_get(context, cursor->cursor);
994 cursor->ops = NULL;
995 free(cursor);
996 return ret;
997 }
998
999 /**
1000 * Search for a matching credential cache of type `type' that have the
1001 * `principal' as the default principal. If NULL is used for `type',
1002 * the default type is used. On success, `id' needs to be freed with
1003 * krb5_cc_close or krb5_cc_destroy.
1004 *
1005 * @return On failure, error code is returned and `id' is set to NULL.
1006 *
1007 * @ingroup krb5_ccache
1008 */
1009
1010
1011 krb5_error_code KRB5_LIB_FUNCTION
1012 krb5_cc_cache_match (krb5_context context,
1013 krb5_principal client,
1014 const char *type,
1015 krb5_ccache *id)
1016 {
1017 krb5_cc_cache_cursor cursor;
1018 krb5_error_code ret;
1019 krb5_ccache cache = NULL;
1020
1021 *id = NULL;
1022
1023 ret = krb5_cc_cache_get_first (context, type, &cursor);
1024 if (ret)
1025 return ret;
1026
1027 while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
1028 krb5_principal principal;
1029
1030 ret = krb5_cc_get_principal(context, cache, &principal);
1031 if (ret == 0) {
1032 krb5_boolean match;
1033
1034 match = krb5_principal_compare(context, principal, client);
1035 krb5_free_principal(context, principal);
1036 if (match)
1037 break;
1038 }
1039
1040 krb5_cc_close(context, cache);
1041 cache = NULL;
1042 }
1043
1044 krb5_cc_cache_end_seq_get(context, cursor);
1045
1046 if (cache == NULL) {
1047 char *str;
1048
1049 krb5_unparse_name(context, client, &str);
1050
1051 krb5_set_error_string(context, "Principal %s not found in a "
1052 "credential cache", str ? str : "<out of memory>");
1053 if (str)
1054 free(str);
1055 return KRB5_CC_NOTFOUND;
1056 }
1057 *id = cache;
1058
1059 return 0;
1060 }
1061
1062 /**
1063 * Move the content from one credential cache to another. The
1064 * operation is an atomic switch.
1065 *
1066 * @param context a Keberos context
1067 * @param from the credential cache to move the content from
1068 * @param to the credential cache to move the content to
1069
1070 * @return On sucess, from is freed. On failure, error code is
1071 * returned and from and to are both still allocated.
1072 *
1073 * @ingroup krb5_ccache
1074 */
1075
1076 krb5_error_code
1077 krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1078 {
1079 krb5_error_code ret;
1080
1081 if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
1082 krb5_set_error_string(context, "Moving credentials between diffrent "
1083 "types not yet supported");
1084 return KRB5_CC_NOSUPP;
1085 }
1086
1087 ret = (*to->ops->move)(context, from, to);
1088 if (ret == 0) {
1089 memset(from, 0, sizeof(*from));
1090 free(from);
1091 }
1092 return ret;
1093 }
Heimdal