search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This commit was manufactured by cvs2svn to create tag 'heimdal-0-7'.
[heimdal.git] / lib / krb5 / cache.c
blobda5cf7b120e84d873bd0e3bc60447a7050bb3f2e
1 /*
2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 RCSID("$Id$");
37
38 /*
39 * Add a new ccache type with operations `ops', overwriting any
40 * existing one if `override'.
41 * Return an error code or 0.
42 */
43
44 krb5_error_code KRB5_LIB_FUNCTION
45 krb5_cc_register(krb5_context context,
46 const krb5_cc_ops *ops,
47 krb5_boolean override)
48 {
49 int i;
50
51 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
52 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
53 if(!override) {
54 krb5_set_error_string(context,
55 "ccache type %s already exists",
56 ops->prefix);
57 return KRB5_CC_TYPE_EXISTS;
58 }
59 break;
60 }
61 }
62 if(i == context->num_cc_ops) {
63 krb5_cc_ops *o = realloc(context->cc_ops,
64 (context->num_cc_ops + 1) *
65 sizeof(*context->cc_ops));
66 if(o == NULL) {
67 krb5_set_error_string(context, "malloc: out of memory");
68 return KRB5_CC_NOMEM;
69 }
70 context->num_cc_ops++;
71 context->cc_ops = o;
72 memset(context->cc_ops + i, 0,
73 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
74 }
75 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
76 return 0;
77 }
78
79 /*
80 * Allocate memory for a new ccache in `id' with operations `ops'
81 * and name `residual'.
82 * Return 0 or an error code.
83 */
84
85 static krb5_error_code
86 allocate_ccache (krb5_context context,
87 const krb5_cc_ops *ops,
88 const char *residual,
89 krb5_ccache *id)
90 {
91 krb5_error_code ret;
92 krb5_ccache p;
93
94 p = malloc(sizeof(*p));
95 if(p == NULL) {
96 krb5_set_error_string(context, "malloc: out of memory");
97 return KRB5_CC_NOMEM;
98 }
99 p->ops = ops;
100 *id = p;
101 ret = p->ops->resolve(context, id, residual);
102 if(ret)
103 free(p);
104 return ret;
105 }
106
107 /*
108 * Find and allocate a ccache in `id' from the specification in `residual'.
109 * If the ccache name doesn't contain any colon, interpret it as a file name.
110 * Return 0 or an error code.
111 */
112
113 krb5_error_code KRB5_LIB_FUNCTION
114 krb5_cc_resolve(krb5_context context,
115 const char *name,
116 krb5_ccache *id)
117 {
118 int i;
119
120 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
121 size_t prefix_len = strlen(context->cc_ops[i].prefix);
122
123 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
124 && name[prefix_len] == ':') {
125 return allocate_ccache (context, &context->cc_ops[i],
126 name + prefix_len + 1,
127 id);
128 }
129 }
130 if (strchr (name, ':') == NULL)
131 return allocate_ccache (context, &krb5_fcc_ops, name, id);
132 else {
133 krb5_set_error_string(context, "unknown ccache type %s", name);
134 return KRB5_CC_UNKNOWN_TYPE;
135 }
136 }
137
138 /*
139 * Generate a new ccache of type `ops' in `id'.
140 * Return 0 or an error code.
141 */
142
143 krb5_error_code KRB5_LIB_FUNCTION
144 krb5_cc_gen_new(krb5_context context,
145 const krb5_cc_ops *ops,
146 krb5_ccache *id)
147 {
148 krb5_ccache p;
149
150 p = malloc (sizeof(*p));
151 if (p == NULL) {
152 krb5_set_error_string(context, "malloc: out of memory");
153 return KRB5_CC_NOMEM;
154 }
155 p->ops = ops;
156 *id = p;
157 return p->ops->gen_new(context, id);
158 }
159
160 /*
161 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
162 * the library chooses the default credential cache type. The supplied
163 * `hint' (that can be NULL) is a string that the credential cache
164 * type can use to base the name of the credential on, this is to make
165 * its easier for the user to differentiate the credentials.
166 *
167 * Returns 0 or an error code.
168 */
169
170 krb5_error_code KRB5_LIB_FUNCTION
171 krb5_cc_new_unique(krb5_context context, const char *type,
172 const char *hint, krb5_ccache *id)
173 {
174 const krb5_cc_ops *ops;
175
176 if (type == NULL)
177 type = "FILE";
178
179 ops = krb5_cc_get_prefix_ops(context, type);
180 if (ops == NULL) {
181 krb5_set_error_string(context, "Credential cache type %s is unknown",
182 type);
183 return KRB5_CC_UNKNOWN_TYPE;
184 }
185
186 return krb5_cc_gen_new(context, ops, id);
187 }
188
189 /*
190 * Return the name of the ccache `id'
191 */
192
193 const char* KRB5_LIB_FUNCTION
194 krb5_cc_get_name(krb5_context context,
195 krb5_ccache id)
196 {
197 return id->ops->get_name(context, id);
198 }
199
200 /*
201 * Return the type of the ccache `id'.
202 */
203
204 const char* KRB5_LIB_FUNCTION
205 krb5_cc_get_type(krb5_context context,
206 krb5_ccache id)
207 {
208 return id->ops->prefix;
209 }
210
211 /*
212 * Return krb5_cc_ops of a the ccache `id'.
213 */
214
215 const krb5_cc_ops *
216 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
217 {
218 return id->ops;
219 }
220
221 /*
222 * Expand variables in `str' into `res'
223 */
224
225 krb5_error_code
226 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
227 {
228 size_t tlen, len = 0;
229 char *tmp, *tmp2, *append;
230
231 *res = NULL;
232
233 while (str && *str) {
234 tmp = strstr(str, "%{");
235 if (tmp && tmp != str) {
236 append = malloc((tmp - str) + 1);
237 if (append) {
238 memcpy(append, str, tmp - str);
239 append[tmp - str] = '\0';
240 }
241 str = tmp;
242 } else if (tmp) {
243 tmp2 = strchr(tmp, '}');
244 if (tmp2 == NULL) {
245 free(*res);
246 *res = NULL;
247 krb5_set_error_string(context, "variable missing }");
248 return KRB5_CONFIG_BADFORMAT;
249 }
250 if (strncasecmp(tmp, "%{uid}", 6) == 0)
251 asprintf(&append, "%u", (unsigned)getuid());
252 else if (strncasecmp(tmp, "%{null}", 7) == 0)
253 append = strdup("");
254 else {
255 free(*res);
256 *res = NULL;
257 krb5_set_error_string(context,
258 "expand default cache unknown "
259 "variable \"%.*s\"",
260 (int)(tmp2 - tmp) - 2, tmp + 2);
261 return KRB5_CONFIG_BADFORMAT;
262 }
263 if (append == NULL) {
264 free(*res);
265 res = NULL;
266 krb5_set_error_string(context, "malloc - out of memory");
267 return ENOMEM;
268 }
269 str = tmp2 + 1;
270 } else {
271 append = (char *)str;
272 str = NULL;
273 }
274
275 tlen = strlen(append);
276 tmp = realloc(*res, len + tlen + 1);
277 if (tmp == NULL) {
278 free(*res);
279 *res = NULL;
280 krb5_set_error_string(context, "malloc - out of memory");
281 return ENOMEM;
282 }
283 *res = tmp;
284 memcpy(*res + len, append, tlen + 1);
285 len = len + tlen;
286 if (str)
287 free(append);
288 }
289 return 0;
290 }
291
292 /*
293 * Set the default cc name for `context' to `name'.
294 */
295
296 krb5_error_code KRB5_LIB_FUNCTION
297 krb5_cc_set_default_name(krb5_context context, const char *name)
298 {
299 krb5_error_code ret = 0;
300 char *p;
301
302 if (name == NULL) {
303 const char *e = NULL;
304
305 if(!issuid()) {
306 e = getenv("KRB5CCNAME");
307 if (e)
308 p = strdup(e);
309 }
310 if (e == NULL) {
311 e = krb5_config_get_string(context, NULL, "libdefaults",
312 "default_cc_name", NULL);
313 if (e) {
314 ret = _krb5_expand_default_cc_name(context, e, &p);
315 if (ret)
316 return ret;
317 }
318 }
319 if (e == NULL)
320 asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid());
321 } else
322 p = strdup(name);
323
324 if (p == NULL) {
325 krb5_set_error_string(context, "malloc - out of memory");
326 return ENOMEM;
327 }
328
329 if (context->default_cc_name)
330 free(context->default_cc_name);
331
332 context->default_cc_name = p;
333
334 return ret;
335 }
336
337 /*
338 * Return a pointer to a context static string containing the default
339 * ccache name.
340 */
341
342 const char* KRB5_LIB_FUNCTION
343 krb5_cc_default_name(krb5_context context)
344 {
345 if (context->default_cc_name == NULL)
346 krb5_cc_set_default_name(context, NULL);
347
348 return context->default_cc_name;
349 }
350
351 /*
352 * Open the default ccache in `id'.
353 * Return 0 or an error code.
354 */
355
356 krb5_error_code KRB5_LIB_FUNCTION
357 krb5_cc_default(krb5_context context,
358 krb5_ccache *id)
359 {
360 const char *p = krb5_cc_default_name(context);
361
362 if (p == NULL) {
363 krb5_set_error_string(context, "malloc - out of memory");
364 return ENOMEM;
365 }
366 return krb5_cc_resolve(context, p, id);
367 }
368
369 /*
370 * Create a new ccache in `id' for `primary_principal'.
371 * Return 0 or an error code.
372 */
373
374 krb5_error_code KRB5_LIB_FUNCTION
375 krb5_cc_initialize(krb5_context context,
376 krb5_ccache id,
377 krb5_principal primary_principal)
378 {
379 return id->ops->init(context, id, primary_principal);
380 }
381
382
383 /*
384 * Remove the ccache `id'.
385 * Return 0 or an error code.
386 */
387
388 krb5_error_code KRB5_LIB_FUNCTION
389 krb5_cc_destroy(krb5_context context,
390 krb5_ccache id)
391 {
392 krb5_error_code ret;
393
394 ret = id->ops->destroy(context, id);
395 krb5_cc_close (context, id);
396 return ret;
397 }
398
399 /*
400 * Stop using the ccache `id' and free the related resources.
401 * Return 0 or an error code.
402 */
403
404 krb5_error_code KRB5_LIB_FUNCTION
405 krb5_cc_close(krb5_context context,
406 krb5_ccache id)
407 {
408 krb5_error_code ret;
409 ret = id->ops->close(context, id);
410 free(id);
411 return ret;
412 }
413
414 /*
415 * Store `creds' in the ccache `id'.
416 * Return 0 or an error code.
417 */
418
419 krb5_error_code KRB5_LIB_FUNCTION
420 krb5_cc_store_cred(krb5_context context,
421 krb5_ccache id,
422 krb5_creds *creds)
423 {
424 return id->ops->store(context, id, creds);
425 }
426
427 /*
428 * Retrieve the credential identified by `mcreds' (and `whichfields')
429 * from `id' in `creds'.
430 * Return 0 or an error code.
431 */
432
433 krb5_error_code KRB5_LIB_FUNCTION
434 krb5_cc_retrieve_cred(krb5_context context,
435 krb5_ccache id,
436 krb5_flags whichfields,
437 const krb5_creds *mcreds,
438 krb5_creds *creds)
439 {
440 krb5_error_code ret;
441 krb5_cc_cursor cursor;
442
443 if (id->ops->retrieve != NULL) {
444 return id->ops->retrieve(context, id, whichfields,
445 mcreds, creds);
446 }
447
448 krb5_cc_start_seq_get(context, id, &cursor);
449 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
450 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
451 ret = 0;
452 break;
453 }
454 krb5_free_cred_contents (context, creds);
455 }
456 krb5_cc_end_seq_get(context, id, &cursor);
457 return ret;
458 }
459
460 /*
461 * Return the principal of `id' in `principal'.
462 * Return 0 or an error code.
463 */
464
465 krb5_error_code KRB5_LIB_FUNCTION
466 krb5_cc_get_principal(krb5_context context,
467 krb5_ccache id,
468 krb5_principal *principal)
469 {
470 return id->ops->get_princ(context, id, principal);
471 }
472
473 /*
474 * Start iterating over `id', `cursor' is initialized to the
475 * beginning.
476 * Return 0 or an error code.
477 */
478
479 krb5_error_code KRB5_LIB_FUNCTION
480 krb5_cc_start_seq_get (krb5_context context,
481 const krb5_ccache id,
482 krb5_cc_cursor *cursor)
483 {
484 return id->ops->get_first(context, id, cursor);
485 }
486
487 /*
488 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
489 * and advance `cursor'.
490 * Return 0 or an error code.
491 */
492
493 krb5_error_code KRB5_LIB_FUNCTION
494 krb5_cc_next_cred (krb5_context context,
495 const krb5_ccache id,
496 krb5_cc_cursor *cursor,
497 krb5_creds *creds)
498 {
499 return id->ops->get_next(context, id, cursor, creds);
500 }
501
502 /* like krb5_cc_next_cred, but allow for selective retrieval */
503
504 krb5_error_code KRB5_LIB_FUNCTION
505 krb5_cc_next_cred_match(krb5_context context,
506 const krb5_ccache id,
507 krb5_cc_cursor * cursor,
508 krb5_creds * creds,
509 krb5_flags whichfields,
510 const krb5_creds * mcreds)
511 {
512 krb5_error_code ret;
513 while (1) {
514 ret = krb5_cc_next_cred(context, id, cursor, creds);
515 if (ret)
516 return ret;
517 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
518 return 0;
519 krb5_free_cred_contents(context, creds);
520 }
521 }
522
523 /*
524 * Destroy the cursor `cursor'.
525 */
526
527 krb5_error_code KRB5_LIB_FUNCTION
528 krb5_cc_end_seq_get (krb5_context context,
529 const krb5_ccache id,
530 krb5_cc_cursor *cursor)
531 {
532 return id->ops->end_get(context, id, cursor);
533 }
534
535 /*
536 * Remove the credential identified by `cred', `which' from `id'.
537 */
538
539 krb5_error_code KRB5_LIB_FUNCTION
540 krb5_cc_remove_cred(krb5_context context,
541 krb5_ccache id,
542 krb5_flags which,
543 krb5_creds *cred)
544 {
545 if(id->ops->remove_cred == NULL) {
546 krb5_set_error_string(context,
547 "ccache %s does not support remove_cred",
548 id->ops->prefix);
549 return EACCES; /* XXX */
550 }
551 return (*id->ops->remove_cred)(context, id, which, cred);
552 }
553
554 /*
555 * Set the flags of `id' to `flags'.
556 */
557
558 krb5_error_code KRB5_LIB_FUNCTION
559 krb5_cc_set_flags(krb5_context context,
560 krb5_ccache id,
561 krb5_flags flags)
562 {
563 return id->ops->set_flags(context, id, flags);
564 }
565
566 /*
567 * Copy the contents of `from' to `to'.
568 */
569
570 krb5_error_code KRB5_LIB_FUNCTION
571 krb5_cc_copy_cache_match(krb5_context context,
572 const krb5_ccache from,
573 krb5_ccache to,
574 krb5_flags whichfields,
575 const krb5_creds * mcreds,
576 unsigned int *matched)
577 {
578 krb5_error_code ret;
579 krb5_cc_cursor cursor;
580 krb5_creds cred;
581 krb5_principal princ;
582
583 ret = krb5_cc_get_principal(context, from, &princ);
584 if (ret)
585 return ret;
586 ret = krb5_cc_initialize(context, to, princ);
587 if (ret) {
588 krb5_free_principal(context, princ);
589 return ret;
590 }
591 ret = krb5_cc_start_seq_get(context, from, &cursor);
592 if (ret) {
593 krb5_free_principal(context, princ);
594 return ret;
595 }
596 if (matched)
597 *matched = 0;
598 while (ret == 0 &&
599 krb5_cc_next_cred_match(context, from, &cursor, &cred,
600 whichfields, mcreds) == 0) {
601 if (matched)
602 (*matched)++;
603 ret = krb5_cc_store_cred(context, to, &cred);
604 krb5_free_cred_contents(context, &cred);
605 }
606 krb5_cc_end_seq_get(context, from, &cursor);
607 krb5_free_principal(context, princ);
608 return ret;
609 }
610
611 krb5_error_code KRB5_LIB_FUNCTION
612 krb5_cc_copy_cache(krb5_context context,
613 const krb5_ccache from,
614 krb5_ccache to)
615 {
616 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
617 }
618
619 /*
620 * Return the version of `id'.
621 */
622
623 krb5_error_code KRB5_LIB_FUNCTION
624 krb5_cc_get_version(krb5_context context,
625 const krb5_ccache id)
626 {
627 if(id->ops->get_version)
628 return id->ops->get_version(context, id);
629 else
630 return 0;
631 }
632
633 /*
634 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
635 */
636
637 void KRB5_LIB_FUNCTION
638 krb5_cc_clear_mcred(krb5_creds *mcred)
639 {
640 memset(mcred, 0, sizeof(*mcred));
641 }
642
643 /*
644 * Get the cc ops that is registered in `context' to handle the
645 * `prefix'. Returns NULL if ops not found.
646 */
647
648 const krb5_cc_ops *
649 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
650 {
651 int i;
652
653 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
654 if(strcmp(context->cc_ops[i].prefix, prefix) == 0)
655 return &context->cc_ops[i];
656 }
657 return NULL;
658 }
Heimdal