search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r13121: Tag 4.0.0TP1
[Samba.git] / source / heimdal / lib / krb5 / cache.c
blobefb2ad1374da9be147f9916aebe37e544e42f969
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $");
37
38 /*
39 * Add a new ccache type with operations `ops', overwriting any
40 * existing one if `override'.
41 * Return an error code or 0.
42 */
43
44 krb5_error_code KRB5_LIB_FUNCTION
45 krb5_cc_register(krb5_context context,
46 const krb5_cc_ops *ops,
47 krb5_boolean override)
48 {
49 int i;
50
51 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
52 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
53 if(!override) {
54 krb5_set_error_string(context,
55 "ccache type %s already exists",
56 ops->prefix);
57 return KRB5_CC_TYPE_EXISTS;
58 }
59 break;
60 }
61 }
62 if(i == context->num_cc_ops) {
63 krb5_cc_ops *o = realloc(context->cc_ops,
64 (context->num_cc_ops + 1) *
65 sizeof(*context->cc_ops));
66 if(o == NULL) {
67 krb5_set_error_string(context, "malloc: out of memory");
68 return KRB5_CC_NOMEM;
69 }
70 context->num_cc_ops++;
71 context->cc_ops = o;
72 memset(context->cc_ops + i, 0,
73 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
74 }
75 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
76 return 0;
77 }
78
79 /*
80 * Allocate the memory for a `id' and the that function table to
81 * `ops'. Returns 0 or and error code.
82 */
83
84 krb5_error_code
85 _krb5_cc_allocate(krb5_context context,
86 const krb5_cc_ops *ops,
87 krb5_ccache *id)
88 {
89 krb5_ccache p;
90
91 p = malloc (sizeof(*p));
92 if(p == NULL) {
93 krb5_set_error_string(context, "malloc: out of memory");
94 return KRB5_CC_NOMEM;
95 }
96 p->ops = ops;
97 *id = p;
98
99 return 0;
100 }
101
102 /*
103 * Allocate memory for a new ccache in `id' with operations `ops'
104 * and name `residual'.
105 * Return 0 or an error code.
106 */
107
108 static krb5_error_code
109 allocate_ccache (krb5_context context,
110 const krb5_cc_ops *ops,
111 const char *residual,
112 krb5_ccache *id)
113 {
114 krb5_error_code ret;
115
116 ret = _krb5_cc_allocate(context, ops, id);
117 if (ret)
118 return ret;
119 ret = (*id)->ops->resolve(context, id, residual);
120 if(ret)
121 free(*id);
122 return ret;
123 }
124
125 /*
126 * Find and allocate a ccache in `id' from the specification in `residual'.
127 * If the ccache name doesn't contain any colon, interpret it as a file name.
128 * Return 0 or an error code.
129 */
130
131 krb5_error_code KRB5_LIB_FUNCTION
132 krb5_cc_resolve(krb5_context context,
133 const char *name,
134 krb5_ccache *id)
135 {
136 int i;
137
138 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
139 size_t prefix_len = strlen(context->cc_ops[i].prefix);
140
141 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
142 && name[prefix_len] == ':') {
143 return allocate_ccache (context, &context->cc_ops[i],
144 name + prefix_len + 1,
145 id);
146 }
147 }
148 if (strchr (name, ':') == NULL)
149 return allocate_ccache (context, &krb5_fcc_ops, name, id);
150 else {
151 krb5_set_error_string(context, "unknown ccache type %s", name);
152 return KRB5_CC_UNKNOWN_TYPE;
153 }
154 }
155
156 /*
157 * Generate a new ccache of type `ops' in `id'.
158 * Return 0 or an error code.
159 */
160
161 krb5_error_code KRB5_LIB_FUNCTION
162 krb5_cc_gen_new(krb5_context context,
163 const krb5_cc_ops *ops,
164 krb5_ccache *id)
165 {
166 krb5_error_code ret;
167
168 ret = _krb5_cc_allocate(context, ops, id);
169 if (ret)
170 return ret;
171 return (*id)->ops->gen_new(context, id);
172 }
173
174 /*
175 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
176 * the library chooses the default credential cache type. The supplied
177 * `hint' (that can be NULL) is a string that the credential cache
178 * type can use to base the name of the credential on, this is to make
179 * its easier for the user to differentiate the credentials.
180 *
181 * Returns 0 or an error code.
182 */
183
184 krb5_error_code KRB5_LIB_FUNCTION
185 krb5_cc_new_unique(krb5_context context, const char *type,
186 const char *hint, krb5_ccache *id)
187 {
188 const krb5_cc_ops *ops;
189
190 if (type == NULL)
191 type = "FILE";
192
193 ops = krb5_cc_get_prefix_ops(context, type);
194 if (ops == NULL) {
195 krb5_set_error_string(context, "Credential cache type %s is unknown",
196 type);
197 return KRB5_CC_UNKNOWN_TYPE;
198 }
199
200 return krb5_cc_gen_new(context, ops, id);
201 }
202
203 /*
204 * Return the name of the ccache `id'
205 */
206
207 const char* KRB5_LIB_FUNCTION
208 krb5_cc_get_name(krb5_context context,
209 krb5_ccache id)
210 {
211 return id->ops->get_name(context, id);
212 }
213
214 /*
215 * Return the type of the ccache `id'.
216 */
217
218 const char* KRB5_LIB_FUNCTION
219 krb5_cc_get_type(krb5_context context,
220 krb5_ccache id)
221 {
222 return id->ops->prefix;
223 }
224
225 /*
226 * Return the complete resolvable name the ccache `id' in `str´.
227 * `str` should be freed with free(3).
228 * Returns 0 or an error (and then *str is set to NULL).
229 */
230
231 krb5_error_code KRB5_LIB_FUNCTION
232 krb5_cc_get_full_name(krb5_context context,
233 krb5_ccache id,
234 char **str)
235 {
236 const char *type, *name;
237
238 *str = NULL;
239
240 type = krb5_cc_get_type(context, id);
241 if (type == NULL) {
242 krb5_set_error_string(context, "cache have no name of type");
243 return KRB5_CC_UNKNOWN_TYPE;
244 }
245
246 name = krb5_cc_get_name(context, id);
247 if (name == NULL) {
248 krb5_set_error_string(context, "cache of type %s have no name", type);
249 return KRB5_CC_BADNAME;
250 }
251
252 if (asprintf(str, "%s:%s", type, name) == -1) {
253 krb5_set_error_string(context, "malloc - out of memory");
254 *str = NULL;
255 return ENOMEM;
256 }
257 return 0;
258 }
259
260 /*
261 * Return krb5_cc_ops of a the ccache `id'.
262 */
263
264 const krb5_cc_ops *
265 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
266 {
267 return id->ops;
268 }
269
270 /*
271 * Expand variables in `str' into `res'
272 */
273
274 krb5_error_code
275 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
276 {
277 size_t tlen, len = 0;
278 char *tmp, *tmp2, *append;
279
280 *res = NULL;
281
282 while (str && *str) {
283 tmp = strstr(str, "%{");
284 if (tmp && tmp != str) {
285 append = malloc((tmp - str) + 1);
286 if (append) {
287 memcpy(append, str, tmp - str);
288 append[tmp - str] = '\0';
289 }
290 str = tmp;
291 } else if (tmp) {
292 tmp2 = strchr(tmp, '}');
293 if (tmp2 == NULL) {
294 free(*res);
295 *res = NULL;
296 krb5_set_error_string(context, "variable missing }");
297 return KRB5_CONFIG_BADFORMAT;
298 }
299 if (strncasecmp(tmp, "%{uid}", 6) == 0)
300 asprintf(&append, "%u", (unsigned)getuid());
301 else if (strncasecmp(tmp, "%{null}", 7) == 0)
302 append = strdup("");
303 else {
304 free(*res);
305 *res = NULL;
306 krb5_set_error_string(context,
307 "expand default cache unknown "
308 "variable \"%.*s\"",
309 (int)(tmp2 - tmp) - 2, tmp + 2);
310 return KRB5_CONFIG_BADFORMAT;
311 }
312 str = tmp2 + 1;
313 } else {
314 append = strdup(str);
315 str = NULL;
316 }
317 if (append == NULL) {
318 free(*res);
319 res = NULL;
320 krb5_set_error_string(context, "malloc - out of memory");
321 return ENOMEM;
322 }
323
324 tlen = strlen(append);
325 tmp = realloc(*res, len + tlen + 1);
326 if (tmp == NULL) {
327 free(*res);
328 *res = NULL;
329 krb5_set_error_string(context, "malloc - out of memory");
330 return ENOMEM;
331 }
332 *res = tmp;
333 memcpy(*res + len, append, tlen + 1);
334 len = len + tlen;
335 free(append);
336 }
337 return 0;
338 }
339
340 /*
341 * Set the default cc name for `context' to `name'.
342 */
343
344 krb5_error_code KRB5_LIB_FUNCTION
345 krb5_cc_set_default_name(krb5_context context, const char *name)
346 {
347 krb5_error_code ret = 0;
348 char *p;
349
350 if (name == NULL) {
351 const char *e = NULL;
352
353 if(!issuid()) {
354 e = getenv("KRB5CCNAME");
355 if (e)
356 p = strdup(e);
357 }
358 if (e == NULL) {
359 e = krb5_config_get_string(context, NULL, "libdefaults",
360 "default_cc_name", NULL);
361 if (e == NULL)
362 e = KRB5_DEFAULT_CCNAME;
363 ret = _krb5_expand_default_cc_name(context, e, &p);
364 if (ret)
365 return ret;
366 }
367 } else
368 p = strdup(name);
369
370 if (p == NULL) {
371 krb5_set_error_string(context, "malloc - out of memory");
372 return ENOMEM;
373 }
374
375 if (context->default_cc_name)
376 free(context->default_cc_name);
377
378 context->default_cc_name = p;
379
380 return ret;
381 }
382
383 /*
384 * Return a pointer to a context static string containing the default
385 * ccache name.
386 */
387
388 const char* KRB5_LIB_FUNCTION
389 krb5_cc_default_name(krb5_context context)
390 {
391 if (context->default_cc_name == NULL)
392 krb5_cc_set_default_name(context, NULL);
393
394 return context->default_cc_name;
395 }
396
397 /*
398 * Open the default ccache in `id'.
399 * Return 0 or an error code.
400 */
401
402 krb5_error_code KRB5_LIB_FUNCTION
403 krb5_cc_default(krb5_context context,
404 krb5_ccache *id)
405 {
406 const char *p = krb5_cc_default_name(context);
407
408 if (p == NULL) {
409 krb5_set_error_string(context, "malloc - out of memory");
410 return ENOMEM;
411 }
412 return krb5_cc_resolve(context, p, id);
413 }
414
415 /*
416 * Create a new ccache in `id' for `primary_principal'.
417 * Return 0 or an error code.
418 */
419
420 krb5_error_code KRB5_LIB_FUNCTION
421 krb5_cc_initialize(krb5_context context,
422 krb5_ccache id,
423 krb5_principal primary_principal)
424 {
425 return id->ops->init(context, id, primary_principal);
426 }
427
428
429 /*
430 * Remove the ccache `id'.
431 * Return 0 or an error code.
432 */
433
434 krb5_error_code KRB5_LIB_FUNCTION
435 krb5_cc_destroy(krb5_context context,
436 krb5_ccache id)
437 {
438 krb5_error_code ret;
439
440 ret = id->ops->destroy(context, id);
441 krb5_cc_close (context, id);
442 return ret;
443 }
444
445 /*
446 * Stop using the ccache `id' and free the related resources.
447 * Return 0 or an error code.
448 */
449
450 krb5_error_code KRB5_LIB_FUNCTION
451 krb5_cc_close(krb5_context context,
452 krb5_ccache id)
453 {
454 krb5_error_code ret;
455 ret = id->ops->close(context, id);
456 free(id);
457 return ret;
458 }
459
460 /*
461 * Store `creds' in the ccache `id'.
462 * Return 0 or an error code.
463 */
464
465 krb5_error_code KRB5_LIB_FUNCTION
466 krb5_cc_store_cred(krb5_context context,
467 krb5_ccache id,
468 krb5_creds *creds)
469 {
470 return id->ops->store(context, id, creds);
471 }
472
473 /*
474 * Retrieve the credential identified by `mcreds' (and `whichfields')
475 * from `id' in `creds'.
476 * Return 0 or an error code.
477 */
478
479 krb5_error_code KRB5_LIB_FUNCTION
480 krb5_cc_retrieve_cred(krb5_context context,
481 krb5_ccache id,
482 krb5_flags whichfields,
483 const krb5_creds *mcreds,
484 krb5_creds *creds)
485 {
486 krb5_error_code ret;
487 krb5_cc_cursor cursor;
488
489 if (id->ops->retrieve != NULL) {
490 return id->ops->retrieve(context, id, whichfields,
491 mcreds, creds);
492 }
493
494 krb5_cc_start_seq_get(context, id, &cursor);
495 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
496 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
497 ret = 0;
498 break;
499 }
500 krb5_free_cred_contents (context, creds);
501 }
502 krb5_cc_end_seq_get(context, id, &cursor);
503 return ret;
504 }
505
506 /*
507 * Return the principal of `id' in `principal'.
508 * Return 0 or an error code.
509 */
510
511 krb5_error_code KRB5_LIB_FUNCTION
512 krb5_cc_get_principal(krb5_context context,
513 krb5_ccache id,
514 krb5_principal *principal)
515 {
516 return id->ops->get_princ(context, id, principal);
517 }
518
519 /*
520 * Start iterating over `id', `cursor' is initialized to the
521 * beginning.
522 * Return 0 or an error code.
523 */
524
525 krb5_error_code KRB5_LIB_FUNCTION
526 krb5_cc_start_seq_get (krb5_context context,
527 const krb5_ccache id,
528 krb5_cc_cursor *cursor)
529 {
530 return id->ops->get_first(context, id, cursor);
531 }
532
533 /*
534 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
535 * and advance `cursor'.
536 * Return 0 or an error code.
537 */
538
539 krb5_error_code KRB5_LIB_FUNCTION
540 krb5_cc_next_cred (krb5_context context,
541 const krb5_ccache id,
542 krb5_cc_cursor *cursor,
543 krb5_creds *creds)
544 {
545 return id->ops->get_next(context, id, cursor, creds);
546 }
547
548 /* like krb5_cc_next_cred, but allow for selective retrieval */
549
550 krb5_error_code KRB5_LIB_FUNCTION
551 krb5_cc_next_cred_match(krb5_context context,
552 const krb5_ccache id,
553 krb5_cc_cursor * cursor,
554 krb5_creds * creds,
555 krb5_flags whichfields,
556 const krb5_creds * mcreds)
557 {
558 krb5_error_code ret;
559 while (1) {
560 ret = krb5_cc_next_cred(context, id, cursor, creds);
561 if (ret)
562 return ret;
563 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
564 return 0;
565 krb5_free_cred_contents(context, creds);
566 }
567 }
568
569 /*
570 * Destroy the cursor `cursor'.
571 */
572
573 krb5_error_code KRB5_LIB_FUNCTION
574 krb5_cc_end_seq_get (krb5_context context,
575 const krb5_ccache id,
576 krb5_cc_cursor *cursor)
577 {
578 return id->ops->end_get(context, id, cursor);
579 }
580
581 /*
582 * Remove the credential identified by `cred', `which' from `id'.
583 */
584
585 krb5_error_code KRB5_LIB_FUNCTION
586 krb5_cc_remove_cred(krb5_context context,
587 krb5_ccache id,
588 krb5_flags which,
589 krb5_creds *cred)
590 {
591 if(id->ops->remove_cred == NULL) {
592 krb5_set_error_string(context,
593 "ccache %s does not support remove_cred",
594 id->ops->prefix);
595 return EACCES; /* XXX */
596 }
597 return (*id->ops->remove_cred)(context, id, which, cred);
598 }
599
600 /*
601 * Set the flags of `id' to `flags'.
602 */
603
604 krb5_error_code KRB5_LIB_FUNCTION
605 krb5_cc_set_flags(krb5_context context,
606 krb5_ccache id,
607 krb5_flags flags)
608 {
609 return id->ops->set_flags(context, id, flags);
610 }
611
612 /*
613 * Copy the contents of `from' to `to'.
614 */
615
616 krb5_error_code KRB5_LIB_FUNCTION
617 krb5_cc_copy_cache_match(krb5_context context,
618 const krb5_ccache from,
619 krb5_ccache to,
620 krb5_flags whichfields,
621 const krb5_creds * mcreds,
622 unsigned int *matched)
623 {
624 krb5_error_code ret;
625 krb5_cc_cursor cursor;
626 krb5_creds cred;
627 krb5_principal princ;
628
629 ret = krb5_cc_get_principal(context, from, &princ);
630 if (ret)
631 return ret;
632 ret = krb5_cc_initialize(context, to, princ);
633 if (ret) {
634 krb5_free_principal(context, princ);
635 return ret;
636 }
637 ret = krb5_cc_start_seq_get(context, from, &cursor);
638 if (ret) {
639 krb5_free_principal(context, princ);
640 return ret;
641 }
642 if (matched)
643 *matched = 0;
644 while (ret == 0 &&
645 krb5_cc_next_cred_match(context, from, &cursor, &cred,
646 whichfields, mcreds) == 0) {
647 if (matched)
648 (*matched)++;
649 ret = krb5_cc_store_cred(context, to, &cred);
650 krb5_free_cred_contents(context, &cred);
651 }
652 krb5_cc_end_seq_get(context, from, &cursor);
653 krb5_free_principal(context, princ);
654 return ret;
655 }
656
657 krb5_error_code KRB5_LIB_FUNCTION
658 krb5_cc_copy_cache(krb5_context context,
659 const krb5_ccache from,
660 krb5_ccache to)
661 {
662 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
663 }
664
665 /*
666 * Return the version of `id'.
667 */
668
669 krb5_error_code KRB5_LIB_FUNCTION
670 krb5_cc_get_version(krb5_context context,
671 const krb5_ccache id)
672 {
673 if(id->ops->get_version)
674 return id->ops->get_version(context, id);
675 else
676 return 0;
677 }
678
679 /*
680 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
681 */
682
683 void KRB5_LIB_FUNCTION
684 krb5_cc_clear_mcred(krb5_creds *mcred)
685 {
686 memset(mcred, 0, sizeof(*mcred));
687 }
688
689 /*
690 * Get the cc ops that is registered in `context' to handle the
691 * `prefix'. `prefix' can be a complete credential cache name or a
692 * prefix, the function will only use part up to the first colon (:)
693 * if there is one. Returns NULL if ops not found.
694 */
695
696 const krb5_cc_ops *
697 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
698 {
699 char *p, *p1;
700 int i;
701
702 if (prefix[0] == '/')
703 return &krb5_fcc_ops;
704
705 p = strdup(prefix);
706 if (p == NULL) {
707 krb5_set_error_string(context, "malloc - out of memory");
708 return NULL;
709 }
710 p1 = strchr(p, ':');
711 if (p1)
712 *p1 = '\0';
713
714 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
715 if(strcmp(context->cc_ops[i].prefix, p) == 0) {
716 free(p);
717 return &context->cc_ops[i];
718 }
719 }
720 free(p);
721 return NULL;
722 }
723
724 struct krb5_cc_cache_cursor_data {
725 const krb5_cc_ops *ops;
726 krb5_cc_cursor cursor;
727 };
728
729 /*
730 * Start iterating over all caches of `type'. If `type' is NULL, the
731 * default type is * used. `cursor' is initialized to the beginning.
732 * Return 0 or an error code.
733 */
734
735 krb5_error_code KRB5_LIB_FUNCTION
736 krb5_cc_cache_get_first (krb5_context context,
737 const char *type,
738 krb5_cc_cache_cursor *cursor)
739 {
740 const krb5_cc_ops *ops;
741 krb5_error_code ret;
742
743 if (type == NULL)
744 type = krb5_cc_default_name(context);
745
746 ops = krb5_cc_get_prefix_ops(context, type);
747 if (ops == NULL) {
748 krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
749 "trying to iterate the credential caches", type);
750 return KRB5_CC_UNKNOWN_TYPE;
751 }
752
753 if (ops->get_cache_first == NULL) {
754 krb5_set_error_string(context, "Credential cache type %s doesn't support "
755 "iterations over caches", ops->prefix);
756 return KRB5_CC_NOSUPP;
757 }
758
759 *cursor = calloc(1, sizeof(**cursor));
760 if (*cursor == NULL) {
761 krb5_set_error_string(context, "malloc - out of memory");
762 return ENOMEM;
763 }
764
765 (*cursor)->ops = ops;
766
767 ret = ops->get_cache_first(context, &(*cursor)->cursor);
768 if (ret) {
769 free(*cursor);
770 *cursor = NULL;
771 }
772 return ret;
773 }
774
775 /*
776 * Retrieve the next cache pointed to by (`cursor') in `id'
777 * and advance `cursor'.
778 * Return 0 or an error code.
779 */
780
781 krb5_error_code KRB5_LIB_FUNCTION
782 krb5_cc_cache_next (krb5_context context,
783 krb5_cc_cache_cursor cursor,
784 krb5_ccache *id)
785 {
786 return cursor->ops->get_cache_next(context, cursor->cursor, id);
787 }
788
789 /*
790 * Destroy the cursor `cursor'.
791 */
792
793 krb5_error_code KRB5_LIB_FUNCTION
794 krb5_cc_cache_end_seq_get (krb5_context context,
795 krb5_cc_cache_cursor cursor)
796 {
797 krb5_error_code ret;
798 ret = cursor->ops->end_cache_get(context, cursor->cursor);
799 cursor->ops = NULL;
800 free(cursor);
801 return ret;
802 }
803
804 /*
805 * Search for a matching credential cache of type `type' that have the
806 * `principal' as the default principal. If NULL is used for `type',
807 * the default type is used. On success, `id' needs to be freed with
808 * krb5_cc_close or krb5_cc_destroy. On failure, error code is
809 * returned and `id' is set to NULL.
810 */
811
812 krb5_error_code KRB5_LIB_FUNCTION
813 krb5_cc_cache_match (krb5_context context,
814 krb5_principal client,
815 const char *type,
816 krb5_ccache *id)
817 {
818 krb5_cc_cache_cursor cursor;
819 krb5_error_code ret;
820 krb5_ccache cache = NULL;
821
822 *id = NULL;
823
824 ret = krb5_cc_cache_get_first (context, type, &cursor);
825 if (ret)
826 return ret;
827
828 while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
829 krb5_principal principal;
830
831 ret = krb5_cc_get_principal(context, cache, &principal);
832 if (ret == 0) {
833 krb5_boolean match;
834
835 match = krb5_principal_compare(context, principal, client);
836 krb5_free_principal(context, principal);
837 if (match)
838 break;
839 }
840
841 krb5_cc_close(context, cache);
842 cache = NULL;
843 }
844
845 krb5_cc_cache_end_seq_get(context, cursor);
846
847 if (cache == NULL) {
848 char *str;
849
850 krb5_unparse_name(context, client, &str);
851
852 krb5_set_error_string(context, "Principal %s not found in a "
853 "credential cache", str ? str : "<out of memory>");
854 if (str)
855 free(str);
856 return KRB5_CC_NOTFOUND;
857 }
858 *id = cache;
859
860 return 0;
861 }
862
Samba GIT mirror