search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add roken/rename.c to fix non-standard rename()
[heimdal.git] / lib / krb5 / acache.c
blob6c6f2fe93c81891fc7d2ff14067cef54889fc9e6
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37 #include <krb5_ccapi.h>
38 #ifdef HAVE_DLFCN_H
39 #include <dlfcn.h>
40 #endif
41
42 #ifndef KCM_IS_API_CACHE
43
44 static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
45 static cc_initialize_func init_func;
46 static void (KRB5_CALLCONV *set_target_uid)(uid_t);
47 static void (KRB5_CALLCONV *clear_target)(void);
48
49 #ifdef HAVE_DLOPEN
50 static void *cc_handle;
51 #endif
52
53 typedef struct krb5_acc {
54 char *cache_name;
55 cc_context_t context;
56 cc_ccache_t ccache;
57 } krb5_acc;
58
59 static krb5_error_code KRB5_CALLCONV acc_close(krb5_context, krb5_ccache);
60
61 #define ACACHE(X) ((krb5_acc *)(X)->data.data)
62
63 static const struct {
64 cc_int32 error;
65 krb5_error_code ret;
66 } cc_errors[] = {
67 { ccErrBadName, KRB5_CC_BADNAME },
68 { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND },
69 { ccErrCCacheNotFound, KRB5_FCC_NOFILE },
70 { ccErrContextNotFound, KRB5_CC_NOTFOUND },
71 { ccIteratorEnd, KRB5_CC_END },
72 { ccErrNoMem, KRB5_CC_NOMEM },
73 { ccErrServerUnavailable, KRB5_CC_NOSUPP },
74 { ccErrInvalidCCache, KRB5_CC_BADNAME },
75 { ccNoError, 0 }
76 };
77
78 static krb5_error_code
79 translate_cc_error(krb5_context context, cc_int32 error)
80 {
81 int i;
82 krb5_clear_error_message(context);
83 for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
84 if (cc_errors[i].error == error)
85 return cc_errors[i].ret;
86 return KRB5_FCC_INTERNAL;
87 }
88
89 static krb5_error_code
90 init_ccapi(krb5_context context)
91 {
92 const char *lib = NULL;
93
94 HEIMDAL_MUTEX_lock(&acc_mutex);
95 if (init_func) {
96 HEIMDAL_MUTEX_unlock(&acc_mutex);
97 if (context)
98 krb5_clear_error_message(context);
99 return 0;
100 }
101
102 if (context)
103 lib = krb5_config_get_string(context, NULL,
104 "libdefaults", "ccapi_library",
105 NULL);
106 if (lib == NULL) {
107 #ifdef __APPLE__
108 lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
109 #elif defined(KRB5_USE_PATH_TOKENS) && defined(_WIN32)
110 lib = "%{LIBDIR}/libkrb5_cc.dll";
111 #else
112 lib = "/usr/lib/libkrb5_cc.so";
113 #endif
114 }
115
116 #ifdef HAVE_DLOPEN
117
118 #ifndef RTLD_LAZY
119 #define RTLD_LAZY 0
120 #endif
121 #ifndef RTLD_LOCAL
122 #define RTLD_LOCAL 0
123 #endif
124
125 #ifdef KRB5_USE_PATH_TOKENS
126 {
127 char * explib = NULL;
128 if (_krb5_expand_path_tokens(context, lib, &explib) == 0) {
129 cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL);
130 free(explib);
131 }
132 }
133 #else
134 cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
135 #endif
136
137 if (cc_handle == NULL) {
138 HEIMDAL_MUTEX_unlock(&acc_mutex);
139 if (context)
140 krb5_set_error_message(context, KRB5_CC_NOSUPP,
141 N_("Failed to load API cache module %s", "file"),
142 lib);
143 return KRB5_CC_NOSUPP;
144 }
145
146 init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
147 set_target_uid = (void (KRB5_CALLCONV *)(uid_t))
148 dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
149 clear_target = (void (KRB5_CALLCONV *)(void))
150 dlsym(cc_handle, "krb5_ipc_client_clear_target");
151 HEIMDAL_MUTEX_unlock(&acc_mutex);
152 if (init_func == NULL) {
153 if (context)
154 krb5_set_error_message(context, KRB5_CC_NOSUPP,
155 N_("Failed to find cc_initialize"
156 "in %s: %s", "file, error"), lib, dlerror());
157 dlclose(cc_handle);
158 return KRB5_CC_NOSUPP;
159 }
160
161 return 0;
162 #else
163 HEIMDAL_MUTEX_unlock(&acc_mutex);
164 if (context)
165 krb5_set_error_message(context, KRB5_CC_NOSUPP,
166 N_("no support for shared object", ""));
167 return KRB5_CC_NOSUPP;
168 #endif
169 }
170
171 void
172 _heim_krb5_ipc_client_set_target_uid(uid_t uid)
173 {
174 init_ccapi(NULL);
175 (*set_target_uid)(uid);
176 }
177
178 void
179 _heim_krb5_ipc_client_clear_target(void)
180 {
181 init_ccapi(NULL);
182 (*clear_target)();
183 }
184
185 static krb5_error_code
186 make_cred_from_ccred(krb5_context context,
187 const cc_credentials_v5_t *incred,
188 krb5_creds *cred)
189 {
190 krb5_error_code ret;
191 unsigned int i;
192
193 memset(cred, 0, sizeof(*cred));
194
195 ret = krb5_parse_name(context, incred->client, &cred->client);
196 if (ret)
197 goto fail;
198
199 ret = krb5_parse_name(context, incred->server, &cred->server);
200 if (ret)
201 goto fail;
202
203 cred->session.keytype = incred->keyblock.type;
204 cred->session.keyvalue.length = incred->keyblock.length;
205 cred->session.keyvalue.data = malloc(incred->keyblock.length);
206 if (cred->session.keyvalue.data == NULL)
207 goto nomem;
208 memcpy(cred->session.keyvalue.data, incred->keyblock.data,
209 incred->keyblock.length);
210
211 cred->times.authtime = incred->authtime;
212 cred->times.starttime = incred->starttime;
213 cred->times.endtime = incred->endtime;
214 cred->times.renew_till = incred->renew_till;
215
216 ret = krb5_data_copy(&cred->ticket,
217 incred->ticket.data,
218 incred->ticket.length);
219 if (ret)
220 goto nomem;
221
222 ret = krb5_data_copy(&cred->second_ticket,
223 incred->second_ticket.data,
224 incred->second_ticket.length);
225 if (ret)
226 goto nomem;
227
228 cred->authdata.val = NULL;
229 cred->authdata.len = 0;
230
231 cred->addresses.val = NULL;
232 cred->addresses.len = 0;
233
234 for (i = 0; incred->authdata && incred->authdata[i]; i++)
235 ;
236
237 if (i) {
238 cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0]));
239 if (cred->authdata.val == NULL)
240 goto nomem;
241 cred->authdata.len = i;
242 for (i = 0; i < cred->authdata.len; i++) {
243 cred->authdata.val[i].ad_type = incred->authdata[i]->type;
244 ret = krb5_data_copy(&cred->authdata.val[i].ad_data,
245 incred->authdata[i]->data,
246 incred->authdata[i]->length);
247 if (ret)
248 goto nomem;
249 }
250 }
251
252 for (i = 0; incred->addresses && incred->addresses[i]; i++)
253 ;
254
255 if (i) {
256 cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0]));
257 if (cred->addresses.val == NULL)
258 goto nomem;
259 cred->addresses.len = i;
260
261 for (i = 0; i < cred->addresses.len; i++) {
262 cred->addresses.val[i].addr_type = incred->addresses[i]->type;
263 ret = krb5_data_copy(&cred->addresses.val[i].address,
264 incred->addresses[i]->data,
265 incred->addresses[i]->length);
266 if (ret)
267 goto nomem;
268 }
269 }
270
271 cred->flags.i = 0;
272 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
273 cred->flags.b.forwardable = 1;
274 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
275 cred->flags.b.forwarded = 1;
276 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
277 cred->flags.b.proxiable = 1;
278 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
279 cred->flags.b.proxy = 1;
280 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
281 cred->flags.b.may_postdate = 1;
282 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
283 cred->flags.b.postdated = 1;
284 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
285 cred->flags.b.invalid = 1;
286 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
287 cred->flags.b.renewable = 1;
288 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
289 cred->flags.b.initial = 1;
290 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
291 cred->flags.b.pre_authent = 1;
292 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
293 cred->flags.b.hw_authent = 1;
294 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
295 cred->flags.b.transited_policy_checked = 1;
296 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
297 cred->flags.b.ok_as_delegate = 1;
298 if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
299 cred->flags.b.anonymous = 1;
300
301 return 0;
302
303 nomem:
304 ret = ENOMEM;
305 krb5_set_error_message(context, ret, N_("malloc: out of memory", "malloc"));
306
307 fail:
308 krb5_free_cred_contents(context, cred);
309 return ret;
310 }
311
312 static void
313 free_ccred(cc_credentials_v5_t *cred)
314 {
315 int i;
316
317 if (cred->addresses) {
318 for (i = 0; cred->addresses[i] != 0; i++) {
319 if (cred->addresses[i]->data)
320 free(cred->addresses[i]->data);
321 free(cred->addresses[i]);
322 }
323 free(cred->addresses);
324 }
325 if (cred->server)
326 free(cred->server);
327 if (cred->client)
328 free(cred->client);
329 memset(cred, 0, sizeof(*cred));
330 }
331
332 static krb5_error_code
333 make_ccred_from_cred(krb5_context context,
334 const krb5_creds *incred,
335 cc_credentials_v5_t *cred)
336 {
337 krb5_error_code ret;
338 int i;
339
340 memset(cred, 0, sizeof(*cred));
341
342 ret = krb5_unparse_name(context, incred->client, &cred->client);
343 if (ret)
344 goto fail;
345
346 ret = krb5_unparse_name(context, incred->server, &cred->server);
347 if (ret)
348 goto fail;
349
350 cred->keyblock.type = incred->session.keytype;
351 cred->keyblock.length = incred->session.keyvalue.length;
352 cred->keyblock.data = incred->session.keyvalue.data;
353
354 cred->authtime = incred->times.authtime;
355 cred->starttime = incred->times.starttime;
356 cred->endtime = incred->times.endtime;
357 cred->renew_till = incred->times.renew_till;
358
359 cred->ticket.length = incred->ticket.length;
360 cred->ticket.data = incred->ticket.data;
361
362 cred->second_ticket.length = incred->second_ticket.length;
363 cred->second_ticket.data = incred->second_ticket.data;
364
365 /* XXX this one should also be filled in */
366 cred->authdata = NULL;
367
368 cred->addresses = calloc(incred->addresses.len + 1,
369 sizeof(cred->addresses[0]));
370 if (cred->addresses == NULL) {
371
372 ret = ENOMEM;
373 goto fail;
374 }
375
376 for (i = 0; i < incred->addresses.len; i++) {
377 cc_data *addr;
378 addr = malloc(sizeof(*addr));
379 if (addr == NULL) {
380 ret = ENOMEM;
381 goto fail;
382 }
383 addr->type = incred->addresses.val[i].addr_type;
384 addr->length = incred->addresses.val[i].address.length;
385 addr->data = malloc(addr->length);
386 if (addr->data == NULL) {
387 free(addr);
388 ret = ENOMEM;
389 goto fail;
390 }
391 memcpy(addr->data, incred->addresses.val[i].address.data,
392 addr->length);
393 cred->addresses[i] = addr;
394 }
395 cred->addresses[i] = NULL;
396
397 cred->ticket_flags = 0;
398 if (incred->flags.b.forwardable)
399 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
400 if (incred->flags.b.forwarded)
401 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
402 if (incred->flags.b.proxiable)
403 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
404 if (incred->flags.b.proxy)
405 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
406 if (incred->flags.b.may_postdate)
407 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
408 if (incred->flags.b.postdated)
409 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
410 if (incred->flags.b.invalid)
411 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
412 if (incred->flags.b.renewable)
413 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
414 if (incred->flags.b.initial)
415 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
416 if (incred->flags.b.pre_authent)
417 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
418 if (incred->flags.b.hw_authent)
419 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
420 if (incred->flags.b.transited_policy_checked)
421 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
422 if (incred->flags.b.ok_as_delegate)
423 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
424 if (incred->flags.b.anonymous)
425 cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
426
427 return 0;
428
429 fail:
430 free_ccred(cred);
431
432 krb5_clear_error_message(context);
433 return ret;
434 }
435
436 static cc_int32
437 get_cc_name(krb5_acc *a)
438 {
439 cc_string_t name;
440 cc_int32 error;
441
442 error = (*a->ccache->func->get_name)(a->ccache, &name);
443 if (error)
444 return error;
445
446 a->cache_name = strdup(name->data);
447 (*name->func->release)(name);
448 if (a->cache_name == NULL)
449 return ccErrNoMem;
450 return ccNoError;
451 }
452
453
454 static const char* KRB5_CALLCONV
455 acc_get_name(krb5_context context,
456 krb5_ccache id)
457 {
458 krb5_acc *a = ACACHE(id);
459 int32_t error;
460
461 if (a->cache_name == NULL) {
462 krb5_error_code ret;
463 krb5_principal principal;
464 char *name;
465
466 ret = _krb5_get_default_principal_local(context, &principal);
467 if (ret)
468 return NULL;
469
470 ret = krb5_unparse_name(context, principal, &name);
471 krb5_free_principal(context, principal);
472 if (ret)
473 return NULL;
474
475 error = (*a->context->func->create_new_ccache)(a->context,
476 cc_credentials_v5,
477 name,
478 &a->ccache);
479 krb5_xfree(name);
480 if (error)
481 return NULL;
482
483 error = get_cc_name(a);
484 if (error)
485 return NULL;
486 }
487
488 return a->cache_name;
489 }
490
491 static krb5_error_code KRB5_CALLCONV
492 acc_alloc(krb5_context context, krb5_ccache *id)
493 {
494 krb5_error_code ret;
495 cc_int32 error;
496 krb5_acc *a;
497
498 ret = init_ccapi(context);
499 if (ret)
500 return ret;
501
502 ret = krb5_data_alloc(&(*id)->data, sizeof(*a));
503 if (ret) {
504 krb5_clear_error_message(context);
505 return ret;
506 }
507
508 a = ACACHE(*id);
509
510 error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
511 if (error) {
512 krb5_data_free(&(*id)->data);
513 return translate_cc_error(context, error);
514 }
515
516 a->cache_name = NULL;
517
518 return 0;
519 }
520
521 static krb5_error_code KRB5_CALLCONV
522 acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
523 {
524 krb5_error_code ret;
525 cc_int32 error;
526 krb5_acc *a;
527
528 ret = acc_alloc(context, id);
529 if (ret)
530 return ret;
531
532 a = ACACHE(*id);
533
534 error = (*a->context->func->open_ccache)(a->context, res, &a->ccache);
535 if (error == ccNoError) {
536 cc_time_t offset;
537 error = get_cc_name(a);
538 if (error != ccNoError) {
539 acc_close(context, *id);
540 *id = NULL;
541 return translate_cc_error(context, error);
542 }
543
544 error = (*a->ccache->func->get_kdc_time_offset)(a->ccache,
545 cc_credentials_v5,
546 &offset);
547 if (error == 0)
548 context->kdc_sec_offset = offset;
549
550 } else if (error == ccErrCCacheNotFound) {
551 a->ccache = NULL;
552 a->cache_name = NULL;
553 } else {
554 *id = NULL;
555 return translate_cc_error(context, error);
556 }
557
558 return 0;
559 }
560
561 static krb5_error_code KRB5_CALLCONV
562 acc_gen_new(krb5_context context, krb5_ccache *id)
563 {
564 krb5_error_code ret;
565 krb5_acc *a;
566
567 ret = acc_alloc(context, id);
568 if (ret)
569 return ret;
570
571 a = ACACHE(*id);
572
573 a->ccache = NULL;
574 a->cache_name = NULL;
575
576 return 0;
577 }
578
579 static krb5_error_code KRB5_CALLCONV
580 acc_initialize(krb5_context context,
581 krb5_ccache id,
582 krb5_principal primary_principal)
583 {
584 krb5_acc *a = ACACHE(id);
585 krb5_error_code ret;
586 int32_t error;
587 char *name;
588
589 ret = krb5_unparse_name(context, primary_principal, &name);
590 if (ret)
591 return ret;
592
593 if (a->cache_name == NULL) {
594 error = (*a->context->func->create_new_ccache)(a->context,
595 cc_credentials_v5,
596 name,
597 &a->ccache);
598 free(name);
599 if (error == ccNoError)
600 error = get_cc_name(a);
601 } else {
602 cc_credentials_iterator_t iter;
603 cc_credentials_t ccred;
604
605 error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
606 if (error) {
607 free(name);
608 return translate_cc_error(context, error);
609 }
610
611 while (1) {
612 error = (*iter->func->next)(iter, &ccred);
613 if (error)
614 break;
615 (*a->ccache->func->remove_credentials)(a->ccache, ccred);
616 (*ccred->func->release)(ccred);
617 }
618 (*iter->func->release)(iter);
619
620 error = (*a->ccache->func->set_principal)(a->ccache,
621 cc_credentials_v5,
622 name);
623 }
624
625 if (error == 0 && context->kdc_sec_offset)
626 error = (*a->ccache->func->set_kdc_time_offset)(a->ccache,
627 cc_credentials_v5,
628 context->kdc_sec_offset);
629
630 return translate_cc_error(context, error);
631 }
632
633 static krb5_error_code KRB5_CALLCONV
634 acc_close(krb5_context context,
635 krb5_ccache id)
636 {
637 krb5_acc *a = ACACHE(id);
638
639 if (a->ccache) {
640 (*a->ccache->func->release)(a->ccache);
641 a->ccache = NULL;
642 }
643 if (a->cache_name) {
644 free(a->cache_name);
645 a->cache_name = NULL;
646 }
647 if (a->context) {
648 (*a->context->func->release)(a->context);
649 a->context = NULL;
650 }
651 krb5_data_free(&id->data);
652 return 0;
653 }
654
655 static krb5_error_code KRB5_CALLCONV
656 acc_destroy(krb5_context context,
657 krb5_ccache id)
658 {
659 krb5_acc *a = ACACHE(id);
660 cc_int32 error = 0;
661
662 if (a->ccache) {
663 error = (*a->ccache->func->destroy)(a->ccache);
664 a->ccache = NULL;
665 }
666 if (a->context) {
667 error = (a->context->func->release)(a->context);
668 a->context = NULL;
669 }
670 return translate_cc_error(context, error);
671 }
672
673 static krb5_error_code KRB5_CALLCONV
674 acc_store_cred(krb5_context context,
675 krb5_ccache id,
676 krb5_creds *creds)
677 {
678 krb5_acc *a = ACACHE(id);
679 cc_credentials_union cred;
680 cc_credentials_v5_t v5cred;
681 krb5_error_code ret;
682 cc_int32 error;
683
684 if (a->ccache == NULL) {
685 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
686 N_("No API credential found", ""));
687 return KRB5_CC_NOTFOUND;
688 }
689
690 cred.version = cc_credentials_v5;
691 cred.credentials.credentials_v5 = &v5cred;
692
693 ret = make_ccred_from_cred(context,
694 creds,
695 &v5cred);
696 if (ret)
697 return ret;
698
699 error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
700 if (error)
701 ret = translate_cc_error(context, error);
702
703 free_ccred(&v5cred);
704
705 return ret;
706 }
707
708 static krb5_error_code KRB5_CALLCONV
709 acc_get_principal(krb5_context context,
710 krb5_ccache id,
711 krb5_principal *principal)
712 {
713 krb5_acc *a = ACACHE(id);
714 krb5_error_code ret;
715 int32_t error;
716 cc_string_t name;
717
718 if (a->ccache == NULL) {
719 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
720 N_("No API credential found", ""));
721 return KRB5_CC_NOTFOUND;
722 }
723
724 error = (*a->ccache->func->get_principal)(a->ccache,
725 cc_credentials_v5,
726 &name);
727 if (error)
728 return translate_cc_error(context, error);
729
730 ret = krb5_parse_name(context, name->data, principal);
731
732 (*name->func->release)(name);
733 return ret;
734 }
735
736 static krb5_error_code KRB5_CALLCONV
737 acc_get_first (krb5_context context,
738 krb5_ccache id,
739 krb5_cc_cursor *cursor)
740 {
741 cc_credentials_iterator_t iter;
742 krb5_acc *a = ACACHE(id);
743 int32_t error;
744
745 if (a->ccache == NULL) {
746 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
747 N_("No API credential found", ""));
748 return KRB5_CC_NOTFOUND;
749 }
750
751 error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
752 if (error) {
753 krb5_clear_error_message(context);
754 return ENOENT;
755 }
756 *cursor = iter;
757 return 0;
758 }
759
760
761 static krb5_error_code KRB5_CALLCONV
762 acc_get_next (krb5_context context,
763 krb5_ccache id,
764 krb5_cc_cursor *cursor,
765 krb5_creds *creds)
766 {
767 cc_credentials_iterator_t iter = *cursor;
768 cc_credentials_t cred;
769 krb5_error_code ret;
770 int32_t error;
771
772 while (1) {
773 error = (*iter->func->next)(iter, &cred);
774 if (error)
775 return translate_cc_error(context, error);
776 if (cred->data->version == cc_credentials_v5)
777 break;
778 (*cred->func->release)(cred);
779 }
780
781 ret = make_cred_from_ccred(context,
782 cred->data->credentials.credentials_v5,
783 creds);
784 (*cred->func->release)(cred);
785 return ret;
786 }
787
788 static krb5_error_code KRB5_CALLCONV
789 acc_end_get (krb5_context context,
790 krb5_ccache id,
791 krb5_cc_cursor *cursor)
792 {
793 cc_credentials_iterator_t iter = *cursor;
794 (*iter->func->release)(iter);
795 return 0;
796 }
797
798 static krb5_error_code KRB5_CALLCONV
799 acc_remove_cred(krb5_context context,
800 krb5_ccache id,
801 krb5_flags which,
802 krb5_creds *cred)
803 {
804 cc_credentials_iterator_t iter;
805 krb5_acc *a = ACACHE(id);
806 cc_credentials_t ccred;
807 krb5_error_code ret;
808 cc_int32 error;
809 char *client, *server;
810
811 if (a->ccache == NULL) {
812 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
813 N_("No API credential found", ""));
814 return KRB5_CC_NOTFOUND;
815 }
816
817 if (cred->client) {
818 ret = krb5_unparse_name(context, cred->client, &client);
819 if (ret)
820 return ret;
821 } else
822 client = NULL;
823
824 ret = krb5_unparse_name(context, cred->server, &server);
825 if (ret) {
826 free(client);
827 return ret;
828 }
829
830 error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
831 if (error) {
832 free(server);
833 free(client);
834 return translate_cc_error(context, error);
835 }
836
837 ret = KRB5_CC_NOTFOUND;
838 while (1) {
839 cc_credentials_v5_t *v5cred;
840
841 error = (*iter->func->next)(iter, &ccred);
842 if (error)
843 break;
844
845 if (ccred->data->version != cc_credentials_v5)
846 goto next;
847
848 v5cred = ccred->data->credentials.credentials_v5;
849
850 if (client && strcmp(v5cred->client, client) != 0)
851 goto next;
852
853 if (strcmp(v5cred->server, server) != 0)
854 goto next;
855
856 (*a->ccache->func->remove_credentials)(a->ccache, ccred);
857 ret = 0;
858 next:
859 (*ccred->func->release)(ccred);
860 }
861
862 (*iter->func->release)(iter);
863
864 if (ret)
865 krb5_set_error_message(context, ret,
866 N_("Can't find credential %s in cache",
867 "principal"), server);
868 free(server);
869 free(client);
870
871 return ret;
872 }
873
874 static krb5_error_code KRB5_CALLCONV
875 acc_set_flags(krb5_context context,
876 krb5_ccache id,
877 krb5_flags flags)
878 {
879 return 0;
880 }
881
882 static int KRB5_CALLCONV
883 acc_get_version(krb5_context context,
884 krb5_ccache id)
885 {
886 return 0;
887 }
888
889 struct cache_iter {
890 cc_context_t context;
891 cc_ccache_iterator_t iter;
892 };
893
894 static krb5_error_code KRB5_CALLCONV
895 acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
896 {
897 struct cache_iter *iter;
898 krb5_error_code ret;
899 cc_int32 error;
900
901 ret = init_ccapi(context);
902 if (ret)
903 return ret;
904
905 iter = calloc(1, sizeof(*iter));
906 if (iter == NULL) {
907 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
908 return ENOMEM;
909 }
910
911 error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL);
912 if (error) {
913 free(iter);
914 return translate_cc_error(context, error);
915 }
916
917 error = (*iter->context->func->new_ccache_iterator)(iter->context,
918 &iter->iter);
919 if (error) {
920 free(iter);
921 krb5_clear_error_message(context);
922 return ENOENT;
923 }
924 *cursor = iter;
925 return 0;
926 }
927
928 static krb5_error_code KRB5_CALLCONV
929 acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
930 {
931 struct cache_iter *iter = cursor;
932 cc_ccache_t cache;
933 krb5_acc *a;
934 krb5_error_code ret;
935 int32_t error;
936
937 error = (*iter->iter->func->next)(iter->iter, &cache);
938 if (error)
939 return translate_cc_error(context, error);
940
941 ret = _krb5_cc_allocate(context, &krb5_acc_ops, id);
942 if (ret) {
943 (*cache->func->release)(cache);
944 return ret;
945 }
946
947 ret = acc_alloc(context, id);
948 if (ret) {
949 (*cache->func->release)(cache);
950 free(*id);
951 return ret;
952 }
953
954 a = ACACHE(*id);
955 a->ccache = cache;
956
957 error = get_cc_name(a);
958 if (error) {
959 acc_close(context, *id);
960 *id = NULL;
961 return translate_cc_error(context, error);
962 }
963 return 0;
964 }
965
966 static krb5_error_code KRB5_CALLCONV
967 acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
968 {
969 struct cache_iter *iter = cursor;
970
971 (*iter->iter->func->release)(iter->iter);
972 iter->iter = NULL;
973 (*iter->context->func->release)(iter->context);
974 iter->context = NULL;
975 free(iter);
976 return 0;
977 }
978
979 static krb5_error_code KRB5_CALLCONV
980 acc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
981 {
982 krb5_acc *afrom = ACACHE(from);
983 krb5_acc *ato = ACACHE(to);
984 int32_t error;
985
986 if (ato->ccache == NULL) {
987 cc_string_t name;
988
989 error = (*afrom->ccache->func->get_principal)(afrom->ccache,
990 cc_credentials_v5,
991 &name);
992 if (error)
993 return translate_cc_error(context, error);
994
995 error = (*ato->context->func->create_new_ccache)(ato->context,
996 cc_credentials_v5,
997 name->data,
998 &ato->ccache);
999 (*name->func->release)(name);
1000 if (error)
1001 return translate_cc_error(context, error);
1002 }
1003
1004 error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache);
1005
1006 acc_destroy(context, from);
1007
1008 return translate_cc_error(context, error);
1009 }
1010
1011 static krb5_error_code KRB5_CALLCONV
1012 acc_get_default_name(krb5_context context, char **str)
1013 {
1014 krb5_error_code ret;
1015 cc_context_t cc;
1016 cc_string_t name;
1017 int32_t error;
1018
1019 ret = init_ccapi(context);
1020 if (ret)
1021 return ret;
1022
1023 error = (*init_func)(&cc, ccapi_version_3, NULL, NULL);
1024 if (error)
1025 return translate_cc_error(context, error);
1026
1027 error = (*cc->func->get_default_ccache_name)(cc, &name);
1028 if (error) {
1029 (*cc->func->release)(cc);
1030 return translate_cc_error(context, error);
1031 }
1032
1033 error = asprintf(str, "API:%s", name->data);
1034 (*name->func->release)(name);
1035 (*cc->func->release)(cc);
1036
1037 if (error < 0 || *str == NULL) {
1038 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
1039 return ENOMEM;
1040 }
1041 return 0;
1042 }
1043
1044 static krb5_error_code KRB5_CALLCONV
1045 acc_set_default(krb5_context context, krb5_ccache id)
1046 {
1047 krb5_acc *a = ACACHE(id);
1048 cc_int32 error;
1049
1050 if (a->ccache == NULL) {
1051 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
1052 N_("No API credential found", ""));
1053 return KRB5_CC_NOTFOUND;
1054 }
1055
1056 error = (*a->ccache->func->set_default)(a->ccache);
1057 if (error)
1058 return translate_cc_error(context, error);
1059
1060 return 0;
1061 }
1062
1063 static krb5_error_code KRB5_CALLCONV
1064 acc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
1065 {
1066 krb5_acc *a = ACACHE(id);
1067 cc_int32 error;
1068 cc_time_t t;
1069
1070 if (a->ccache == NULL) {
1071 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
1072 N_("No API credential found", ""));
1073 return KRB5_CC_NOTFOUND;
1074 }
1075
1076 error = (*a->ccache->func->get_change_time)(a->ccache, &t);
1077 if (error)
1078 return translate_cc_error(context, error);
1079
1080 *mtime = t;
1081
1082 return 0;
1083 }
1084
1085 /**
1086 * Variable containing the API based credential cache implemention.
1087 *
1088 * @ingroup krb5_ccache
1089 */
1090
1091 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
1092 KRB5_CC_OPS_VERSION,
1093 "API",
1094 acc_get_name,
1095 acc_resolve,
1096 acc_gen_new,
1097 acc_initialize,
1098 acc_destroy,
1099 acc_close,
1100 acc_store_cred,
1101 NULL, /* acc_retrieve */
1102 acc_get_principal,
1103 acc_get_first,
1104 acc_get_next,
1105 acc_end_get,
1106 acc_remove_cred,
1107 acc_set_flags,
1108 acc_get_version,
1109 acc_get_cache_first,
1110 acc_get_cache_next,
1111 acc_end_cache_get,
1112 acc_move,
1113 acc_get_default_name,
1114 acc_set_default,
1115 acc_lastchange
1116 };
1117
1118 #endif
Heimdal