search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix make dist missing files (#228)
[heimdal.git] / lib / krb5 / scache.c
blob61a9b4fa14450224d0adc9bc100590705c250801
1 /*
2 * Copyright (c) 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #ifdef HAVE_SCC
37
38 #include <sqlite3.h>
39
40 typedef struct krb5_scache {
41 char *name;
42 char *file;
43 sqlite3 *db;
44
45 sqlite_uint64 cid;
46
47 sqlite3_stmt *icred;
48 sqlite3_stmt *dcred;
49 sqlite3_stmt *iprincipal;
50
51 sqlite3_stmt *icache;
52 sqlite3_stmt *ucachen;
53 sqlite3_stmt *ucachep;
54 sqlite3_stmt *dcache;
55 sqlite3_stmt *scache;
56 sqlite3_stmt *scache_name;
57 sqlite3_stmt *umaster;
58
59 } krb5_scache;
60
61 #define SCACHE(X) ((krb5_scache *)(X)->data.data)
62
63 #define SCACHE_DEF_NAME "Default-cache"
64 #ifdef KRB5_USE_PATH_TOKENS
65 #define KRB5_SCACHE_DB "%{TEMP}/krb5scc_%{uid}"
66 #else
67 #define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}"
68 #endif
69 #define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB
70
71 #define SCACHE_INVALID_CID ((sqlite_uint64)-1)
72
73 /*
74 *
75 */
76
77 #define SQL_CMASTER "" \
78 "CREATE TABLE master (" \
79 "oid INTEGER PRIMARY KEY," \
80 "version INTEGER NOT NULL," \
81 "defaultcache TEXT NOT NULL" \
82 ")"
83
84 #define SQL_SETUP_MASTER \
85 "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")"
86 #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2"
87
88 #define SQL_CCACHE "" \
89 "CREATE TABLE caches (" \
90 "oid INTEGER PRIMARY KEY," \
91 "principal TEXT," \
92 "name TEXT NOT NULL" \
93 ")"
94
95 #define SQL_TCACHE "" \
96 "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \
97 "FOR EACH ROW BEGIN " \
98 "DELETE FROM credentials WHERE cid=old.oid;" \
99 "END"
100
101 #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
102 #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?"
103 #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
104 #define SQL_DCACHE "DELETE FROM caches WHERE OID=?"
105 #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
106 #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?"
107
108 #define SQL_CCREDS "" \
109 "CREATE TABLE credentials (" \
110 "oid INTEGER PRIMARY KEY," \
111 "cid INTEGER NOT NULL," \
112 "kvno INTEGER NOT NULL," \
113 "etype INTEGER NOT NULL," \
114 "created_at INTEGER NOT NULL," \
115 "cred BLOB NOT NULL" \
116 ")"
117
118 #define SQL_TCRED "" \
119 "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \
120 "FOR EACH ROW BEGIN " \
121 "DELETE FROM principals WHERE credential_id=old.oid;" \
122 "END"
123
124 #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)"
125 #define SQL_DCRED "DELETE FROM credentials WHERE cid=?"
126
127 #define SQL_CPRINCIPALS "" \
128 "CREATE TABLE principals (" \
129 "oid INTEGER PRIMARY KEY," \
130 "principal TEXT NOT NULL," \
131 "type INTEGER NOT NULL," \
132 "credential_id INTEGER NOT NULL" \
133 ")"
134
135 #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
136
137 /*
138 * sqlite destructors
139 */
140
141 static void
142 free_data(void *data)
143 {
144 free(data);
145 }
146
147 static void
148 free_krb5(void *str)
149 {
150 krb5_xfree(str);
151 }
152
153 static void
154 scc_free(krb5_scache *s)
155 {
156 if (s->file)
157 free(s->file);
158 if (s->name)
159 free(s->name);
160
161 if (s->icred)
162 sqlite3_finalize(s->icred);
163 if (s->dcred)
164 sqlite3_finalize(s->dcred);
165 if (s->iprincipal)
166 sqlite3_finalize(s->iprincipal);
167 if (s->icache)
168 sqlite3_finalize(s->icache);
169 if (s->ucachen)
170 sqlite3_finalize(s->ucachen);
171 if (s->ucachep)
172 sqlite3_finalize(s->ucachep);
173 if (s->dcache)
174 sqlite3_finalize(s->dcache);
175 if (s->scache)
176 sqlite3_finalize(s->scache);
177 if (s->scache_name)
178 sqlite3_finalize(s->scache_name);
179 if (s->umaster)
180 sqlite3_finalize(s->umaster);
181
182 if (s->db)
183 sqlite3_close(s->db);
184 free(s);
185 }
186
187 #ifdef TRACEME
188 static void
189 trace(void* ptr, const char * str)
190 {
191 printf("SQL: %s\n", str);
192 }
193 #endif
194
195 static krb5_error_code
196 prepare_stmt(krb5_context context, sqlite3 *db,
197 sqlite3_stmt **stmt, const char *str)
198 {
199 int ret;
200
201 ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
202 if (ret != SQLITE_OK) {
203 krb5_set_error_message(context, ENOENT,
204 N_("Failed to prepare stmt %s: %s", ""),
205 str, sqlite3_errmsg(db));
206 return ENOENT;
207 }
208 return 0;
209 }
210
211 static krb5_error_code
212 exec_stmt(krb5_context context, sqlite3 *db, const char *str,
213 krb5_error_code code)
214 {
215 int ret;
216
217 ret = sqlite3_exec(db, str, NULL, NULL, NULL);
218 if (ret != SQLITE_OK && code) {
219 krb5_set_error_message(context, code,
220 N_("scache execute %s: %s", ""), str,
221 sqlite3_errmsg(db));
222 return code;
223 }
224 return 0;
225 }
226
227 static krb5_error_code
228 default_db(krb5_context context, sqlite3 **db)
229 {
230 char *name;
231 int ret;
232
233 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name);
234 if (ret)
235 return ret;
236
237 ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL);
238 free(name);
239 if (ret != SQLITE_OK) {
240 krb5_clear_error_message(context);
241 return ENOENT;
242 }
243
244 #ifdef TRACEME
245 sqlite3_trace(*db, trace, NULL);
246 #endif
247
248 return 0;
249 }
250
251 static krb5_error_code
252 get_def_name(krb5_context context, char **str)
253 {
254 krb5_error_code ret;
255 sqlite3_stmt *stmt;
256 const char *name;
257 sqlite3 *db;
258
259 ret = default_db(context, &db);
260 if (ret)
261 return ret;
262
263 ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master");
264 if (ret) {
265 sqlite3_close(db);
266 return ret;
267 }
268
269 ret = sqlite3_step(stmt);
270 if (ret != SQLITE_ROW)
271 goto out;
272
273 if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT)
274 goto out;
275
276 name = (const char *)sqlite3_column_text(stmt, 0);
277 if (name == NULL)
278 goto out;
279
280 *str = strdup(name);
281 if (*str == NULL)
282 goto out;
283
284 sqlite3_finalize(stmt);
285 sqlite3_close(db);
286 return 0;
287 out:
288 sqlite3_finalize(stmt);
289 sqlite3_close(db);
290 krb5_clear_error_message(context);
291 return ENOENT;
292 }
293
294
295
296 static krb5_scache * KRB5_CALLCONV
297 scc_alloc(krb5_context context, const char *name)
298 {
299 krb5_error_code ret;
300 krb5_scache *s;
301
302 ALLOC(s, 1);
303 if(s == NULL)
304 return NULL;
305
306 s->cid = SCACHE_INVALID_CID;
307
308 if (name) {
309 char *file;
310
311 if (*name == '\0') {
312 ret = get_def_name(context, &s->name);
313 if (ret)
314 s->name = strdup(SCACHE_DEF_NAME);
315 } else
316 s->name = strdup(name);
317
318 file = strrchr(s->name, ':');
319 if (file) {
320 *file++ = '\0';
321 s->file = strdup(file);
322 ret = 0;
323 } else {
324 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
325 }
326 } else {
327 _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
328 ret = asprintf(&s->name, "unique-%p", s);
329 }
330 if (ret < 0 || s->file == NULL || s->name == NULL) {
331 scc_free(s);
332 return NULL;
333 }
334
335 return s;
336 }
337
338 static krb5_error_code
339 open_database(krb5_context context, krb5_scache *s, int flags)
340 {
341 int ret;
342
343 ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
344 if (ret) {
345 if (s->db) {
346 krb5_set_error_message(context, ENOENT,
347 N_("Error opening scache file %s: %s", ""),
348 s->file, sqlite3_errmsg(s->db));
349 sqlite3_close(s->db);
350 s->db = NULL;
351 } else
352 krb5_set_error_message(context, ENOENT,
353 N_("malloc: out of memory", ""));
354 return ENOENT;
355 }
356 return 0;
357 }
358
359 static krb5_error_code
360 create_cache(krb5_context context, krb5_scache *s)
361 {
362 int ret;
363
364 sqlite3_bind_text(s->icache, 1, s->name, -1, NULL);
365 do {
366 ret = sqlite3_step(s->icache);
367 } while (ret == SQLITE_ROW);
368 if (ret != SQLITE_DONE) {
369 krb5_set_error_message(context, KRB5_CC_IO,
370 N_("Failed to add scache: %d", ""), ret);
371 return KRB5_CC_IO;
372 }
373 sqlite3_reset(s->icache);
374
375 s->cid = sqlite3_last_insert_rowid(s->db);
376
377 return 0;
378 }
379
380 static krb5_error_code
381 make_database(krb5_context context, krb5_scache *s)
382 {
383 int created_file = 0;
384 int ret;
385
386 if (s->db)
387 return 0;
388
389 ret = open_database(context, s, 0);
390 if (ret) {
391 mode_t oldumask = umask(077);
392 ret = open_database(context, s, SQLITE_OPEN_CREATE);
393 umask(oldumask);
394 if (ret) goto out;
395
396 created_file = 1;
397
398 ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO);
399 if (ret) goto out;
400 ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO);
401 if (ret) goto out;
402 ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO);
403 if (ret) goto out;
404 ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO);
405 if (ret) goto out;
406 ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO);
407 if (ret) goto out;
408
409 ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO);
410 if (ret) goto out;
411 ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO);
412 if (ret) goto out;
413 }
414
415 #ifdef TRACEME
416 sqlite3_trace(s->db, trace, NULL);
417 #endif
418
419 ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED);
420 if (ret) goto out;
421 ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED);
422 if (ret) goto out;
423 ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL);
424 if (ret) goto out;
425 ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE);
426 if (ret) goto out;
427 ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME);
428 if (ret) goto out;
429 ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL);
430 if (ret) goto out;
431 ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE);
432 if (ret) goto out;
433 ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE);
434 if (ret) goto out;
435 ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME);
436 if (ret) goto out;
437 ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER);
438 if (ret) goto out;
439
440 return 0;
441
442 out:
443 if (s->db)
444 sqlite3_close(s->db);
445 if (created_file)
446 unlink(s->file);
447
448 return ret;
449 }
450
451 static krb5_error_code
452 bind_principal(krb5_context context,
453 sqlite3 *db,
454 sqlite3_stmt *stmt,
455 int col,
456 krb5_const_principal principal)
457 {
458 krb5_error_code ret;
459 char *str;
460
461 ret = krb5_unparse_name(context, principal, &str);
462 if (ret)
463 return ret;
464
465 ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5);
466 if (ret != SQLITE_OK) {
467 krb5_xfree(str);
468 krb5_set_error_message(context, ENOMEM,
469 N_("scache bind principal: %s", ""),
470 sqlite3_errmsg(db));
471 return ENOMEM;
472 }
473 return 0;
474 }
475
476 /*
477 *
478 */
479
480 static const char* KRB5_CALLCONV
481 scc_get_name(krb5_context context,
482 krb5_ccache id)
483 {
484 return SCACHE(id)->name;
485 }
486
487 static krb5_error_code KRB5_CALLCONV
488 scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
489 {
490 krb5_scache *s;
491 int ret;
492
493 s = scc_alloc(context, res);
494 if (s == NULL) {
495 krb5_set_error_message(context, KRB5_CC_NOMEM,
496 N_("malloc: out of memory", ""));
497 return KRB5_CC_NOMEM;
498 }
499
500 ret = make_database(context, s);
501 if (ret) {
502 scc_free(s);
503 return ret;
504 }
505
506 ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
507 if (ret != SQLITE_OK) {
508 krb5_set_error_message(context, ENOMEM,
509 "bind name: %s", sqlite3_errmsg(s->db));
510 scc_free(s);
511 return ENOMEM;
512 }
513
514 if (sqlite3_step(s->scache_name) == SQLITE_ROW) {
515
516 if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
517 sqlite3_reset(s->scache_name);
518 krb5_set_error_message(context, KRB5_CC_END,
519 N_("Cache name of wrong type "
520 "for scache %s", ""),
521 s->name);
522 scc_free(s);
523 return KRB5_CC_END;
524 }
525
526 s->cid = sqlite3_column_int(s->scache_name, 0);
527 } else {
528 s->cid = SCACHE_INVALID_CID;
529 }
530 sqlite3_reset(s->scache_name);
531
532 (*id)->data.data = s;
533 (*id)->data.length = sizeof(*s);
534
535 return 0;
536 }
537
538 static krb5_error_code KRB5_CALLCONV
539 scc_gen_new(krb5_context context, krb5_ccache *id)
540 {
541 krb5_scache *s;
542
543 s = scc_alloc(context, NULL);
544
545 if (s == NULL) {
546 krb5_set_error_message(context, KRB5_CC_NOMEM,
547 N_("malloc: out of memory", ""));
548 return KRB5_CC_NOMEM;
549 }
550
551 (*id)->data.data = s;
552 (*id)->data.length = sizeof(*s);
553
554 return 0;
555 }
556
557 static krb5_error_code KRB5_CALLCONV
558 scc_initialize(krb5_context context,
559 krb5_ccache id,
560 krb5_principal primary_principal)
561 {
562 krb5_scache *s = SCACHE(id);
563 krb5_error_code ret;
564
565 ret = make_database(context, s);
566 if (ret)
567 return ret;
568
569 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
570 if (ret) return ret;
571
572 if (s->cid == SCACHE_INVALID_CID) {
573 ret = create_cache(context, s);
574 if (ret)
575 goto rollback;
576 } else {
577 sqlite3_bind_int(s->dcred, 1, s->cid);
578 do {
579 ret = sqlite3_step(s->dcred);
580 } while (ret == SQLITE_ROW);
581 sqlite3_reset(s->dcred);
582 if (ret != SQLITE_DONE) {
583 ret = KRB5_CC_IO;
584 krb5_set_error_message(context, ret,
585 N_("Failed to delete old "
586 "credentials: %s", ""),
587 sqlite3_errmsg(s->db));
588 goto rollback;
589 }
590 }
591
592 ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal);
593 if (ret)
594 goto rollback;
595 sqlite3_bind_int(s->ucachep, 2, s->cid);
596
597 do {
598 ret = sqlite3_step(s->ucachep);
599 } while (ret == SQLITE_ROW);
600 sqlite3_reset(s->ucachep);
601 if (ret != SQLITE_DONE) {
602 ret = KRB5_CC_IO;
603 krb5_set_error_message(context, ret,
604 N_("Failed to bind principal to cache %s", ""),
605 sqlite3_errmsg(s->db));
606 goto rollback;
607 }
608
609 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
610 if (ret) return ret;
611
612 return 0;
613
614 rollback:
615 exec_stmt(context, s->db, "ROLLBACK", 0);
616
617 return ret;
618
619 }
620
621 static krb5_error_code KRB5_CALLCONV
622 scc_close(krb5_context context,
623 krb5_ccache id)
624 {
625 scc_free(SCACHE(id));
626 return 0;
627 }
628
629 static krb5_error_code KRB5_CALLCONV
630 scc_destroy(krb5_context context,
631 krb5_ccache id)
632 {
633 krb5_scache *s = SCACHE(id);
634 int ret;
635
636 if (s->cid == SCACHE_INVALID_CID)
637 return 0;
638
639 sqlite3_bind_int(s->dcache, 1, s->cid);
640 do {
641 ret = sqlite3_step(s->dcache);
642 } while (ret == SQLITE_ROW);
643 sqlite3_reset(s->dcache);
644 if (ret != SQLITE_DONE) {
645 krb5_set_error_message(context, KRB5_CC_IO,
646 N_("Failed to destroy cache %s: %s", ""),
647 s->name, sqlite3_errmsg(s->db));
648 return KRB5_CC_IO;
649 }
650 return 0;
651 }
652
653 static krb5_error_code
654 encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
655 {
656 krb5_error_code ret;
657 krb5_storage *sp;
658
659 krb5_data_zero(data);
660 sp = krb5_storage_emem();
661 if (sp == NULL)
662 return krb5_enomem(context);
663
664 ret = krb5_store_creds(sp, creds);
665 if (ret) {
666 krb5_set_error_message(context, ret,
667 N_("Failed to store credential in scache", ""));
668 krb5_storage_free(sp);
669 return ret;
670 }
671
672 ret = krb5_storage_to_data(sp, data);
673 krb5_storage_free(sp);
674 if (ret)
675 krb5_set_error_message(context, ret,
676 N_("Failed to encode credential in scache", ""));
677 return ret;
678 }
679
680 static krb5_error_code
681 decode_creds(krb5_context context, const void *data, size_t length,
682 krb5_creds *creds)
683 {
684 krb5_error_code ret;
685 krb5_storage *sp;
686
687 sp = krb5_storage_from_readonly_mem(data, length);
688 if (sp == NULL)
689 return krb5_enomem(context);
690
691 ret = krb5_ret_creds(sp, creds);
692 krb5_storage_free(sp);
693 if (ret) {
694 krb5_set_error_message(context, ret,
695 N_("Failed to read credential in scache", ""));
696 return ret;
697 }
698 return 0;
699 }
700
701
702 static krb5_error_code KRB5_CALLCONV
703 scc_store_cred(krb5_context context,
704 krb5_ccache id,
705 krb5_creds *creds)
706 {
707 sqlite_uint64 credid;
708 krb5_scache *s = SCACHE(id);
709 krb5_error_code ret;
710 krb5_data data;
711
712 ret = make_database(context, s);
713 if (ret)
714 return ret;
715
716 ret = encode_creds(context, creds, &data);
717 if (ret)
718 return ret;
719
720 sqlite3_bind_int(s->icred, 1, s->cid);
721 {
722 krb5_enctype etype = 0;
723 int kvno = 0;
724 Ticket t;
725 size_t len;
726
727 ret = decode_Ticket(creds->ticket.data,
728 creds->ticket.length, &t, &len);
729 if (ret == 0) {
730 if(t.enc_part.kvno)
731 kvno = *t.enc_part.kvno;
732
733 etype = t.enc_part.etype;
734
735 free_Ticket(&t);
736 }
737
738 sqlite3_bind_int(s->icred, 2, kvno);
739 sqlite3_bind_int(s->icred, 3, etype);
740
741 }
742
743 sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data);
744 sqlite3_bind_int(s->icred, 5, time(NULL));
745
746 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
747 if (ret) return ret;
748
749 do {
750 ret = sqlite3_step(s->icred);
751 } while (ret == SQLITE_ROW);
752 sqlite3_reset(s->icred);
753 if (ret != SQLITE_DONE) {
754 ret = KRB5_CC_IO;
755 krb5_set_error_message(context, ret,
756 N_("Failed to add credential: %s", ""),
757 sqlite3_errmsg(s->db));
758 goto rollback;
759 }
760
761 credid = sqlite3_last_insert_rowid(s->db);
762
763 {
764 bind_principal(context, s->db, s->iprincipal, 1, creds->server);
765 sqlite3_bind_int(s->iprincipal, 2, 1);
766 sqlite3_bind_int(s->iprincipal, 3, credid);
767
768 do {
769 ret = sqlite3_step(s->iprincipal);
770 } while (ret == SQLITE_ROW);
771 sqlite3_reset(s->iprincipal);
772 if (ret != SQLITE_DONE) {
773 ret = KRB5_CC_IO;
774 krb5_set_error_message(context, ret,
775 N_("Failed to add principal: %s", ""),
776 sqlite3_errmsg(s->db));
777 goto rollback;
778 }
779 }
780
781 {
782 bind_principal(context, s->db, s->iprincipal, 1, creds->client);
783 sqlite3_bind_int(s->iprincipal, 2, 0);
784 sqlite3_bind_int(s->iprincipal, 3, credid);
785
786 do {
787 ret = sqlite3_step(s->iprincipal);
788 } while (ret == SQLITE_ROW);
789 sqlite3_reset(s->iprincipal);
790 if (ret != SQLITE_DONE) {
791 ret = KRB5_CC_IO;
792 krb5_set_error_message(context, ret,
793 N_("Failed to add principal: %s", ""),
794 sqlite3_errmsg(s->db));
795 goto rollback;
796 }
797 }
798
799 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
800 if (ret) return ret;
801
802 return 0;
803
804 rollback:
805 exec_stmt(context, s->db, "ROLLBACK", 0);
806
807 return ret;
808 }
809
810 static krb5_error_code KRB5_CALLCONV
811 scc_get_principal(krb5_context context,
812 krb5_ccache id,
813 krb5_principal *principal)
814 {
815 krb5_scache *s = SCACHE(id);
816 krb5_error_code ret;
817 const char *str;
818
819 *principal = NULL;
820
821 ret = make_database(context, s);
822 if (ret)
823 return ret;
824
825 sqlite3_bind_int(s->scache, 1, s->cid);
826
827 if (sqlite3_step(s->scache) != SQLITE_ROW) {
828 sqlite3_reset(s->scache);
829 krb5_set_error_message(context, KRB5_CC_END,
830 N_("No principal for cache SCC:%s:%s", ""),
831 s->name, s->file);
832 return KRB5_CC_END;
833 }
834
835 if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
836 sqlite3_reset(s->scache);
837 krb5_set_error_message(context, KRB5_CC_END,
838 N_("Principal data of wrong type "
839 "for SCC:%s:%s", ""),
840 s->name, s->file);
841 return KRB5_CC_END;
842 }
843
844 str = (const char *)sqlite3_column_text(s->scache, 0);
845 if (str == NULL) {
846 sqlite3_reset(s->scache);
847 krb5_set_error_message(context, KRB5_CC_END,
848 N_("Principal not set for SCC:%s:%s", ""),
849 s->name, s->file);
850 return KRB5_CC_END;
851 }
852
853 ret = krb5_parse_name(context, str, principal);
854
855 sqlite3_reset(s->scache);
856
857 return ret;
858 }
859
860 struct cred_ctx {
861 char *drop;
862 sqlite3_stmt *stmt;
863 sqlite3_stmt *credstmt;
864 };
865
866 static krb5_error_code KRB5_CALLCONV
867 scc_get_first (krb5_context context,
868 krb5_ccache id,
869 krb5_cc_cursor *cursor)
870 {
871 krb5_scache *s = SCACHE(id);
872 krb5_error_code ret;
873 struct cred_ctx *ctx;
874 char *str = NULL, *name = NULL;
875
876 *cursor = NULL;
877
878 ctx = calloc(1, sizeof(*ctx));
879 if (ctx == NULL)
880 return krb5_enomem(context);
881
882 ret = make_database(context, s);
883 if (ret) {
884 free(ctx);
885 return ret;
886 }
887
888 if (s->cid == SCACHE_INVALID_CID) {
889 krb5_set_error_message(context, KRB5_CC_END,
890 N_("Iterating a invalid scache %s", ""),
891 s->name);
892 free(ctx);
893 return KRB5_CC_END;
894 }
895
896 ret = asprintf(&name, "credIteration%pPid%d",
897 ctx, (int)getpid());
898 if (ret < 0 || name == NULL) {
899 free(ctx);
900 return krb5_enomem(context);
901 }
902
903 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
904 if (ret < 0 || ctx->drop == NULL) {
905 free(name);
906 free(ctx);
907 return krb5_enomem(context);
908 }
909
910 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s "
911 "AS SELECT oid,created_at FROM credentials WHERE cid = %lu",
912 name, (unsigned long)s->cid);
913 if (ret < 0 || str == NULL) {
914 free(ctx->drop);
915 free(name);
916 free(ctx);
917 return krb5_enomem(context);
918 }
919
920 ret = exec_stmt(context, s->db, str, KRB5_CC_IO);
921 free(str);
922 str = NULL;
923 if (ret) {
924 free(ctx->drop);
925 free(name);
926 free(ctx);
927 return ret;
928 }
929
930 ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name);
931 if (ret < 0 || str == NULL) {
932 exec_stmt(context, s->db, ctx->drop, 0);
933 free(ctx->drop);
934 free(name);
935 free(ctx);
936 return ret;
937 }
938
939 ret = prepare_stmt(context, s->db, &ctx->stmt, str);
940 free(str);
941 str = NULL;
942 free(name);
943 if (ret) {
944 exec_stmt(context, s->db, ctx->drop, 0);
945 free(ctx->drop);
946 free(ctx);
947 return ret;
948 }
949
950 ret = prepare_stmt(context, s->db, &ctx->credstmt,
951 "SELECT cred FROM credentials WHERE oid = ?");
952 if (ret) {
953 sqlite3_finalize(ctx->stmt);
954 exec_stmt(context, s->db, ctx->drop, 0);
955 free(ctx->drop);
956 free(ctx);
957 return ret;
958 }
959
960 *cursor = ctx;
961
962 return 0;
963 }
964
965 static krb5_error_code KRB5_CALLCONV
966 scc_get_next (krb5_context context,
967 krb5_ccache id,
968 krb5_cc_cursor *cursor,
969 krb5_creds *creds)
970 {
971 struct cred_ctx *ctx = *cursor;
972 krb5_scache *s = SCACHE(id);
973 krb5_error_code ret;
974 sqlite_uint64 oid;
975 const void *data = NULL;
976 size_t len = 0;
977
978 next:
979 ret = sqlite3_step(ctx->stmt);
980 if (ret == SQLITE_DONE) {
981 krb5_clear_error_message(context);
982 return KRB5_CC_END;
983 } else if (ret != SQLITE_ROW) {
984 krb5_set_error_message(context, KRB5_CC_IO,
985 N_("scache Database failed: %s", ""),
986 sqlite3_errmsg(s->db));
987 return KRB5_CC_IO;
988 }
989
990 oid = sqlite3_column_int64(ctx->stmt, 0);
991
992 /* read cred from credentials table */
993
994 sqlite3_bind_int(ctx->credstmt, 1, oid);
995
996 ret = sqlite3_step(ctx->credstmt);
997 if (ret != SQLITE_ROW) {
998 sqlite3_reset(ctx->credstmt);
999 goto next;
1000 }
1001
1002 if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
1003 krb5_set_error_message(context, KRB5_CC_END,
1004 N_("credential of wrong type for SCC:%s:%s", ""),
1005 s->name, s->file);
1006 sqlite3_reset(ctx->credstmt);
1007 return KRB5_CC_END;
1008 }
1009
1010 data = sqlite3_column_blob(ctx->credstmt, 0);
1011 len = sqlite3_column_bytes(ctx->credstmt, 0);
1012
1013 ret = decode_creds(context, data, len, creds);
1014 sqlite3_reset(ctx->credstmt);
1015 return ret;
1016 }
1017
1018 static krb5_error_code KRB5_CALLCONV
1019 scc_end_get (krb5_context context,
1020 krb5_ccache id,
1021 krb5_cc_cursor *cursor)
1022 {
1023 struct cred_ctx *ctx = *cursor;
1024 krb5_scache *s = SCACHE(id);
1025
1026 sqlite3_finalize(ctx->stmt);
1027 sqlite3_finalize(ctx->credstmt);
1028
1029 exec_stmt(context, s->db, ctx->drop, 0);
1030
1031 free(ctx->drop);
1032 free(ctx);
1033
1034 return 0;
1035 }
1036
1037 static krb5_error_code KRB5_CALLCONV
1038 scc_remove_cred(krb5_context context,
1039 krb5_ccache id,
1040 krb5_flags which,
1041 krb5_creds *mcreds)
1042 {
1043 krb5_scache *s = SCACHE(id);
1044 krb5_error_code ret;
1045 sqlite3_stmt *stmt;
1046 sqlite_uint64 credid = 0;
1047 const void *data = NULL;
1048 size_t len = 0;
1049
1050 ret = make_database(context, s);
1051 if (ret)
1052 return ret;
1053
1054 ret = prepare_stmt(context, s->db, &stmt,
1055 "SELECT cred,oid FROM credentials "
1056 "WHERE cid = ?");
1057 if (ret)
1058 return ret;
1059
1060 sqlite3_bind_int(stmt, 1, s->cid);
1061
1062 /* find credential... */
1063 while (1) {
1064 krb5_creds creds;
1065
1066 ret = sqlite3_step(stmt);
1067 if (ret == SQLITE_DONE) {
1068 ret = 0;
1069 break;
1070 } else if (ret != SQLITE_ROW) {
1071 ret = KRB5_CC_IO;
1072 krb5_set_error_message(context, ret,
1073 N_("scache Database failed: %s", ""),
1074 sqlite3_errmsg(s->db));
1075 break;
1076 }
1077
1078 if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
1079 ret = KRB5_CC_END;
1080 krb5_set_error_message(context, ret,
1081 N_("Credential of wrong type "
1082 "for SCC:%s:%s", ""),
1083 s->name, s->file);
1084 break;
1085 }
1086
1087 data = sqlite3_column_blob(stmt, 0);
1088 len = sqlite3_column_bytes(stmt, 0);
1089
1090 ret = decode_creds(context, data, len, &creds);
1091 if (ret)
1092 break;
1093
1094 ret = krb5_compare_creds(context, which, mcreds, &creds);
1095 krb5_free_cred_contents(context, &creds);
1096 if (ret) {
1097 credid = sqlite3_column_int64(stmt, 1);
1098 ret = 0;
1099 break;
1100 }
1101 }
1102
1103 sqlite3_finalize(stmt);
1104
1105 if (id) {
1106 ret = prepare_stmt(context, s->db, &stmt,
1107 "DELETE FROM credentials WHERE oid=?");
1108 if (ret)
1109 return ret;
1110 sqlite3_bind_int(stmt, 1, credid);
1111
1112 do {
1113 ret = sqlite3_step(stmt);
1114 } while (ret == SQLITE_ROW);
1115 sqlite3_finalize(stmt);
1116 if (ret != SQLITE_DONE) {
1117 ret = KRB5_CC_IO;
1118 krb5_set_error_message(context, ret,
1119 N_("failed to delete scache credental", ""));
1120 } else
1121 ret = 0;
1122 }
1123
1124 return ret;
1125 }
1126
1127 static krb5_error_code KRB5_CALLCONV
1128 scc_set_flags(krb5_context context,
1129 krb5_ccache id,
1130 krb5_flags flags)
1131 {
1132 return 0; /* XXX */
1133 }
1134
1135 struct cache_iter {
1136 char *drop;
1137 sqlite3 *db;
1138 sqlite3_stmt *stmt;
1139 };
1140
1141 static krb5_error_code KRB5_CALLCONV
1142 scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
1143 {
1144 struct cache_iter *ctx;
1145 krb5_error_code ret;
1146 char *name = NULL, *str = NULL;
1147
1148 *cursor = NULL;
1149
1150 ctx = calloc(1, sizeof(*ctx));
1151 if (ctx == NULL)
1152 return krb5_enomem(context);
1153
1154 ret = default_db(context, &ctx->db);
1155 if (ctx->db == NULL) {
1156 free(ctx);
1157 return ret;
1158 }
1159
1160 ret = asprintf(&name, "cacheIteration%pPid%d",
1161 ctx, (int)getpid());
1162 if (ret < 0 || name == NULL) {
1163 sqlite3_close(ctx->db);
1164 free(ctx);
1165 return krb5_enomem(context);
1166 }
1167
1168 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
1169 if (ret < 0 || ctx->drop == NULL) {
1170 sqlite3_close(ctx->db);
1171 free(name);
1172 free(ctx);
1173 return krb5_enomem(context);
1174 }
1175
1176 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches",
1177 name);
1178 if (ret < 0 || str == NULL) {
1179 sqlite3_close(ctx->db);
1180 free(name);
1181 free(ctx->drop);
1182 free(ctx);
1183 return krb5_enomem(context);
1184 }
1185
1186 ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO);
1187 free(str);
1188 str = NULL;
1189 if (ret) {
1190 sqlite3_close(ctx->db);
1191 free(name);
1192 free(ctx->drop);
1193 free(ctx);
1194 return ret;
1195 }
1196
1197 ret = asprintf(&str, "SELECT name FROM %s", name);
1198 if (ret < 0 || str == NULL) {
1199 exec_stmt(context, ctx->db, ctx->drop, 0);
1200 sqlite3_close(ctx->db);
1201 free(name);
1202 free(ctx->drop);
1203 free(ctx);
1204 return krb5_enomem(context);
1205 }
1206 free(name);
1207
1208 ret = prepare_stmt(context, ctx->db, &ctx->stmt, str);
1209 free(str);
1210 if (ret) {
1211 exec_stmt(context, ctx->db, ctx->drop, 0);
1212 sqlite3_close(ctx->db);
1213 free(ctx->drop);
1214 free(ctx);
1215 return ret;
1216 }
1217
1218 *cursor = ctx;
1219
1220 return 0;
1221 }
1222
1223 static krb5_error_code KRB5_CALLCONV
1224 scc_get_cache_next(krb5_context context,
1225 krb5_cc_cursor cursor,
1226 krb5_ccache *id)
1227 {
1228 struct cache_iter *ctx = cursor;
1229 krb5_error_code ret;
1230 const char *name;
1231
1232 again:
1233 ret = sqlite3_step(ctx->stmt);
1234 if (ret == SQLITE_DONE) {
1235 krb5_clear_error_message(context);
1236 return KRB5_CC_END;
1237 } else if (ret != SQLITE_ROW) {
1238 krb5_set_error_message(context, KRB5_CC_IO,
1239 N_("Database failed: %s", ""),
1240 sqlite3_errmsg(ctx->db));
1241 return KRB5_CC_IO;
1242 }
1243
1244 if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT)
1245 goto again;
1246
1247 name = (const char *)sqlite3_column_text(ctx->stmt, 0);
1248 if (name == NULL)
1249 goto again;
1250
1251 ret = _krb5_cc_allocate(context, &krb5_scc_ops, id);
1252 if (ret)
1253 return ret;
1254
1255 return scc_resolve(context, id, name);
1256 }
1257
1258 static krb5_error_code KRB5_CALLCONV
1259 scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
1260 {
1261 struct cache_iter *ctx = cursor;
1262
1263 exec_stmt(context, ctx->db, ctx->drop, 0);
1264 sqlite3_finalize(ctx->stmt);
1265 sqlite3_close(ctx->db);
1266 free(ctx->drop);
1267 free(ctx);
1268 return 0;
1269 }
1270
1271 static krb5_error_code KRB5_CALLCONV
1272 scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1273 {
1274 krb5_scache *sfrom = SCACHE(from);
1275 krb5_scache *sto = SCACHE(to);
1276 krb5_error_code ret;
1277
1278 if (strcmp(sfrom->file, sto->file) != 0) {
1279 krb5_set_error_message(context, KRB5_CC_BADNAME,
1280 N_("Can't handle cross database "
1281 "credential move: %s -> %s", ""),
1282 sfrom->file, sto->file);
1283 return KRB5_CC_BADNAME;
1284 }
1285
1286 ret = make_database(context, sfrom);
1287 if (ret)
1288 return ret;
1289
1290 ret = exec_stmt(context, sfrom->db,
1291 "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
1292 if (ret) return ret;
1293
1294 if (sto->cid != SCACHE_INVALID_CID) {
1295 /* drop old cache entry */
1296
1297 sqlite3_bind_int(sfrom->dcache, 1, sto->cid);
1298 do {
1299 ret = sqlite3_step(sfrom->dcache);
1300 } while (ret == SQLITE_ROW);
1301 sqlite3_reset(sfrom->dcache);
1302 if (ret != SQLITE_DONE) {
1303 krb5_set_error_message(context, KRB5_CC_IO,
1304 N_("Failed to delete old cache: %d", ""),
1305 (int)ret);
1306 goto rollback;
1307 }
1308 }
1309
1310 sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL);
1311 sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid);
1312
1313 do {
1314 ret = sqlite3_step(sfrom->ucachen);
1315 } while (ret == SQLITE_ROW);
1316 sqlite3_reset(sfrom->ucachen);
1317 if (ret != SQLITE_DONE) {
1318 krb5_set_error_message(context, KRB5_CC_IO,
1319 N_("Failed to update new cache: %d", ""),
1320 (int)ret);
1321 goto rollback;
1322 }
1323
1324 sto->cid = sfrom->cid;
1325
1326 ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO);
1327 if (ret) return ret;
1328
1329 scc_free(sfrom);
1330
1331 return 0;
1332
1333 rollback:
1334 exec_stmt(context, sfrom->db, "ROLLBACK", 0);
1335 scc_free(sfrom);
1336
1337 return KRB5_CC_IO;
1338 }
1339
1340 static krb5_error_code KRB5_CALLCONV
1341 scc_get_default_name(krb5_context context, char **str)
1342 {
1343 krb5_error_code ret;
1344 char *name;
1345
1346 *str = NULL;
1347
1348 ret = get_def_name(context, &name);
1349 if (ret)
1350 return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str);
1351
1352 ret = asprintf(str, "SCC:%s", name);
1353 free(name);
1354 if (ret < 0 || *str == NULL)
1355 return krb5_enomem(context);
1356 return 0;
1357 }
1358
1359 static krb5_error_code KRB5_CALLCONV
1360 scc_set_default(krb5_context context, krb5_ccache id)
1361 {
1362 krb5_scache *s = SCACHE(id);
1363 krb5_error_code ret;
1364
1365 if (s->cid == SCACHE_INVALID_CID) {
1366 krb5_set_error_message(context, KRB5_CC_IO,
1367 N_("Trying to set a invalid cache "
1368 "as default %s", ""),
1369 s->name);
1370 return KRB5_CC_IO;
1371 }
1372
1373 ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
1374 if (ret) {
1375 sqlite3_reset(s->umaster);
1376 krb5_set_error_message(context, KRB5_CC_IO,
1377 N_("Failed to set name of default cache", ""));
1378 return KRB5_CC_IO;
1379 }
1380
1381 do {
1382 ret = sqlite3_step(s->umaster);
1383 } while (ret == SQLITE_ROW);
1384 sqlite3_reset(s->umaster);
1385 if (ret != SQLITE_DONE) {
1386 krb5_set_error_message(context, KRB5_CC_IO,
1387 N_("Failed to update default cache", ""));
1388 return KRB5_CC_IO;
1389 }
1390
1391 return 0;
1392 }
1393
1394 /**
1395 * Variable containing the SCC based credential cache implemention.
1396 *
1397 * @ingroup krb5_ccache
1398 */
1399
1400 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = {
1401 KRB5_CC_OPS_VERSION,
1402 "SCC",
1403 scc_get_name,
1404 scc_resolve,
1405 scc_gen_new,
1406 scc_initialize,
1407 scc_destroy,
1408 scc_close,
1409 scc_store_cred,
1410 NULL, /* scc_retrieve */
1411 scc_get_principal,
1412 scc_get_first,
1413 scc_get_next,
1414 scc_end_get,
1415 scc_remove_cred,
1416 scc_set_flags,
1417 NULL,
1418 scc_get_cache_first,
1419 scc_get_cache_next,
1420 scc_end_cache_get,
1421 scc_move,
1422 scc_get_default_name,
1423 scc_set_default,
1424 NULL,
1425 NULL,
1426 NULL
1427 };
1428
1429 #endif
Heimdal