search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
catch error from vasprintf
[heimdal.git] / lib / krb5 / scache.c
blob8ff8d0ad5f70b015c340578a2e8315ed21e83e5f
1 /*
2 * Copyright (c) 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #include <sqlite3.h>
37
38 typedef struct krb5_scache {
39 char *name;
40 char *file;
41 sqlite3 *db;
42
43 sqlite_uint64 cid;
44
45 sqlite3_stmt *icred;
46 sqlite3_stmt *dcred;
47 sqlite3_stmt *iprincipal;
48
49 sqlite3_stmt *icache;
50 sqlite3_stmt *ucachen;
51 sqlite3_stmt *ucachep;
52 sqlite3_stmt *dcache;
53 sqlite3_stmt *scache;
54 sqlite3_stmt *scache_name;
55 sqlite3_stmt *umaster;
56
57 } krb5_scache;
58
59 #define SCACHE(X) ((krb5_scache *)(X)->data.data)
60
61 #define SCACHE_DEF_NAME "Default-cache"
62 #define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}"
63 #define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB
64
65 #define SCACHE_INVALID_CID ((sqlite_uint64)-1)
66
67 /*
68 *
69 */
70
71 #define SQL_CMASTER "" \
72 "CREATE TABLE master (" \
73 "oid INTEGER PRIMARY KEY," \
74 "version INTEGER NOT NULL," \
75 "defaultcache TEXT NOT NULL" \
76 ")"
77
78 #define SQL_SETUP_MASTER \
79 "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")"
80 #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2"
81
82 #define SQL_CCACHE "" \
83 "CREATE TABLE caches (" \
84 "oid INTEGER PRIMARY KEY," \
85 "principal TEXT," \
86 "name TEXT NOT NULL" \
87 ")"
88
89 #define SQL_TCACHE "" \
90 "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \
91 "FOR EACH ROW BEGIN " \
92 "DELETE FROM credentials WHERE cid=old.oid;" \
93 "END"
94
95 #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
96 #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?"
97 #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
98 #define SQL_DCACHE "DELETE FROM caches WHERE OID=?"
99 #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
100 #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?"
101
102 #define SQL_CCREDS "" \
103 "CREATE TABLE credentials (" \
104 "oid INTEGER PRIMARY KEY," \
105 "cid INTEGER NOT NULL," \
106 "kvno INTEGER NOT NULL," \
107 "etype INTEGER NOT NULL," \
108 "created_at INTEGER NOT NULL," \
109 "cred BLOB NOT NULL" \
110 ")"
111
112 #define SQL_TCRED "" \
113 "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \
114 "FOR EACH ROW BEGIN " \
115 "DELETE FROM principals WHERE credential_id=old.oid;" \
116 "END"
117
118 #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)"
119 #define SQL_DCRED "DELETE FROM credentials WHERE cid=?"
120
121 #define SQL_CPRINCIPALS "" \
122 "CREATE TABLE principals (" \
123 "oid INTEGER PRIMARY KEY," \
124 "principal TEXT NOT NULL," \
125 "type INTEGER NOT NULL," \
126 "credential_id INTEGER NOT NULL" \
127 ")"
128
129 #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
130
131 /*
132 * sqlite destructors
133 */
134
135 static void
136 free_data(void *data)
137 {
138 free(data);
139 }
140
141 static void
142 free_krb5(void *str)
143 {
144 krb5_xfree(str);
145 }
146
147 static void
148 scc_free(krb5_scache *s)
149 {
150 if (s->file)
151 free(s->file);
152 if (s->name)
153 free(s->name);
154
155 if (s->icred)
156 sqlite3_finalize(s->icred);
157 if (s->dcred)
158 sqlite3_finalize(s->dcred);
159 if (s->iprincipal)
160 sqlite3_finalize(s->iprincipal);
161 if (s->icache)
162 sqlite3_finalize(s->icache);
163 if (s->ucachen)
164 sqlite3_finalize(s->ucachen);
165 if (s->ucachep)
166 sqlite3_finalize(s->ucachep);
167 if (s->dcache)
168 sqlite3_finalize(s->dcache);
169 if (s->scache)
170 sqlite3_finalize(s->scache);
171 if (s->scache_name)
172 sqlite3_finalize(s->scache_name);
173 if (s->umaster)
174 sqlite3_finalize(s->umaster);
175
176 if (s->db)
177 sqlite3_close(s->db);
178 free(s);
179 }
180
181 #ifdef TRACEME
182 static void
183 trace(void* ptr, const char * str)
184 {
185 printf("SQL: %s\n", str);
186 }
187 #endif
188
189 static krb5_error_code
190 prepare_stmt(krb5_context context, sqlite3 *db,
191 sqlite3_stmt **stmt, const char *str)
192 {
193 int ret;
194
195 ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
196 if (ret != SQLITE_OK) {
197 krb5_set_error_message(context, ENOENT,
198 N_("Failed to prepare stmt %s: %s", ""),
199 str, sqlite3_errmsg(db));
200 return ENOENT;
201 }
202 return 0;
203 }
204
205 static krb5_error_code
206 exec_stmt(krb5_context context, sqlite3 *db, const char *str,
207 krb5_error_code code)
208 {
209 int ret;
210
211 ret = sqlite3_exec(db, str, NULL, NULL, NULL);
212 if (ret != SQLITE_OK && code) {
213 krb5_set_error_message(context, code,
214 N_("scache execute %s: %s", ""), str,
215 sqlite3_errmsg(db));
216 return code;
217 }
218 return 0;
219 }
220
221 static krb5_error_code
222 default_db(krb5_context context, sqlite3 **db)
223 {
224 char *name;
225 int ret;
226
227 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name);
228 if (ret)
229 return ret;
230
231 ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL);
232 free(name);
233 if (ret != SQLITE_OK) {
234 krb5_clear_error_message(context);
235 return ENOENT;
236 }
237
238 #ifdef TRACEME
239 sqlite3_trace(*db, trace, NULL);
240 #endif
241
242 return 0;
243 }
244
245 static krb5_error_code
246 get_def_name(krb5_context context, char **str)
247 {
248 krb5_error_code ret;
249 sqlite3_stmt *stmt;
250 const char *name;
251 sqlite3 *db;
252
253 ret = default_db(context, &db);
254 if (ret)
255 return ret;
256
257 ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master");
258 if (ret) {
259 sqlite3_close(db);
260 return ret;
261 }
262
263 ret = sqlite3_step(stmt);
264 if (ret != SQLITE_ROW)
265 goto out;
266
267 if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT)
268 goto out;
269
270 name = (const char *)sqlite3_column_text(stmt, 0);
271 if (name == NULL)
272 goto out;
273
274 *str = strdup(name);
275 if (*str == NULL)
276 goto out;
277
278 sqlite3_finalize(stmt);
279 sqlite3_close(db);
280 return 0;
281 out:
282 sqlite3_finalize(stmt);
283 sqlite3_close(db);
284 krb5_clear_error_message(context);
285 return ENOENT;
286 }
287
288
289
290 static krb5_scache *
291 scc_alloc(krb5_context context, const char *name)
292 {
293 krb5_scache *s;
294
295 ALLOC(s, 1);
296 if(s == NULL)
297 return NULL;
298
299 s->cid = SCACHE_INVALID_CID;
300
301 if (name) {
302 char *file;
303
304 if (*name == '\0') {
305 krb5_error_code ret;
306 ret = get_def_name(context, &s->name);
307 if (ret)
308 s->name = strdup(SCACHE_DEF_NAME);
309 } else
310 s->name = strdup(name);
311
312 file = strrchr(s->name, ':');
313 if (file) {
314 *file++ = '\0';
315 s->file = strdup(file);
316 } else {
317 _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
318 }
319 } else {
320 _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
321 asprintf(&s->name, "unique-%p", s);
322 }
323 if (s->file == NULL || s->name == NULL) {
324 scc_free(s);
325 return NULL;
326 }
327
328 return s;
329 }
330
331 static krb5_error_code
332 open_database(krb5_context context, krb5_scache *s, int flags)
333 {
334 int ret;
335
336 ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
337 if (ret) {
338 if (s->db) {
339 krb5_set_error_message(context, ENOENT,
340 N_("Error opening scache file %s: %s", ""),
341 s->file, sqlite3_errmsg(s->db));
342 sqlite3_close(s->db);
343 s->db = NULL;
344 } else
345 krb5_set_error_message(context, ENOENT,
346 N_("malloc: out of memory", ""));
347 return ENOENT;
348 }
349 return 0;
350 }
351
352 static krb5_error_code
353 create_cache(krb5_context context, krb5_scache *s)
354 {
355 int ret;
356
357 sqlite3_bind_text(s->icache, 1, s->name, -1, NULL);
358 do {
359 ret = sqlite3_step(s->icache);
360 } while (ret == SQLITE_ROW);
361 if (ret != SQLITE_DONE) {
362 krb5_set_error_message(context, KRB5_CC_IO,
363 N_("Failed to add scache: %d", ""), ret);
364 return KRB5_CC_IO;
365 }
366 sqlite3_reset(s->icache);
367
368 s->cid = sqlite3_last_insert_rowid(s->db);
369
370 return 0;
371 }
372
373 static krb5_error_code
374 make_database(krb5_context context, krb5_scache *s)
375 {
376 int created_file = 0;
377 int ret;
378
379 if (s->db)
380 return 0;
381
382 ret = open_database(context, s, 0);
383 if (ret) {
384 mode_t oldumask = umask(077);
385 ret = open_database(context, s, SQLITE_OPEN_CREATE);
386 umask(oldumask);
387 if (ret) goto out;
388
389 created_file = 1;
390
391 ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO);
392 if (ret) goto out;
393 ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO);
394 if (ret) goto out;
395 ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO);
396 if (ret) goto out;
397 ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO);
398 if (ret) goto out;
399 ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO);
400 if (ret) goto out;
401
402 ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO);
403 if (ret) goto out;
404 ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO);
405 if (ret) goto out;
406 }
407
408 #ifdef TRACEME
409 sqlite3_trace(s->db, trace, NULL);
410 #endif
411
412 ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED);
413 if (ret) goto out;
414 ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED);
415 if (ret) goto out;
416 ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL);
417 if (ret) goto out;
418 ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE);
419 if (ret) goto out;
420 ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME);
421 if (ret) goto out;
422 ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL);
423 if (ret) goto out;
424 ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE);
425 if (ret) goto out;
426 ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE);
427 if (ret) goto out;
428 ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME);
429 if (ret) goto out;
430 ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER);
431 if (ret) goto out;
432
433 return 0;
434
435 out:
436 if (s->db)
437 sqlite3_close(s->db);
438 if (created_file)
439 unlink(s->file);
440
441 return ret;
442 }
443
444 static krb5_error_code
445 bind_principal(krb5_context context,
446 sqlite3 *db,
447 sqlite3_stmt *stmt,
448 int col,
449 krb5_const_principal principal)
450 {
451 krb5_error_code ret;
452 char *str;
453
454 ret = krb5_unparse_name(context, principal, &str);
455 if (ret)
456 return ret;
457
458 ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5);
459 if (ret != SQLITE_OK) {
460 krb5_xfree(str);
461 krb5_set_error_message(context, ENOMEM,
462 N_("scache bind principal: %s", ""),
463 sqlite3_errmsg(db));
464 return ENOMEM;
465 }
466 return 0;
467 }
468
469 /*
470 *
471 */
472
473 static const char*
474 scc_get_name(krb5_context context,
475 krb5_ccache id)
476 {
477 return SCACHE(id)->name;
478 }
479
480 static krb5_error_code
481 scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
482 {
483 krb5_scache *s;
484 int ret;
485
486 s = scc_alloc(context, res);
487 if (s == NULL) {
488 krb5_set_error_message(context, KRB5_CC_NOMEM,
489 N_("malloc: out of memory", ""));
490 return KRB5_CC_NOMEM;
491 }
492
493 ret = make_database(context, s);
494 if (ret) {
495 scc_free(s);
496 return ret;
497 }
498
499 ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
500 if (ret != SQLITE_OK) {
501 krb5_set_error_message(context, ENOMEM,
502 "bind name: %s", sqlite3_errmsg(s->db));
503 scc_free(s);
504 return ENOMEM;
505 }
506
507 if (sqlite3_step(s->scache_name) == SQLITE_ROW) {
508
509 if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
510 sqlite3_reset(s->scache_name);
511 krb5_set_error_message(context, KRB5_CC_END,
512 N_("Cache name of wrong type "
513 "for scache %ld", ""),
514 (unsigned long)s->name);
515 scc_free(s);
516 return KRB5_CC_END;
517 }
518
519 s->cid = sqlite3_column_int(s->scache_name, 0);
520 } else {
521 s->cid = SCACHE_INVALID_CID;
522 }
523 sqlite3_reset(s->scache_name);
524
525 (*id)->data.data = s;
526 (*id)->data.length = sizeof(*s);
527
528 return 0;
529 }
530
531 static krb5_error_code
532 scc_gen_new(krb5_context context, krb5_ccache *id)
533 {
534 krb5_scache *s;
535
536 s = scc_alloc(context, NULL);
537
538 if (s == NULL) {
539 krb5_set_error_message(context, KRB5_CC_NOMEM,
540 N_("malloc: out of memory", ""));
541 return KRB5_CC_NOMEM;
542 }
543
544 (*id)->data.data = s;
545 (*id)->data.length = sizeof(*s);
546
547 return 0;
548 }
549
550 static krb5_error_code
551 scc_initialize(krb5_context context,
552 krb5_ccache id,
553 krb5_principal primary_principal)
554 {
555 krb5_scache *s = SCACHE(id);
556 krb5_error_code ret;
557
558 ret = make_database(context, s);
559 if (ret)
560 return ret;
561
562 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
563 if (ret) return ret;
564
565 if (s->cid == SCACHE_INVALID_CID) {
566 ret = create_cache(context, s);
567 if (ret)
568 goto rollback;
569 } else {
570 sqlite3_bind_int(s->dcred, 1, s->cid);
571 do {
572 ret = sqlite3_step(s->dcred);
573 } while (ret == SQLITE_ROW);
574 sqlite3_reset(s->dcred);
575 if (ret != SQLITE_DONE) {
576 ret = KRB5_CC_IO;
577 krb5_set_error_message(context, ret,
578 N_("Failed to delete old "
579 "credentials: %s", ""),
580 sqlite3_errmsg(s->db));
581 goto rollback;
582 }
583 }
584
585 ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal);
586 if (ret)
587 goto rollback;
588 sqlite3_bind_int(s->ucachep, 2, s->cid);
589
590 do {
591 ret = sqlite3_step(s->ucachep);
592 } while (ret == SQLITE_ROW);
593 sqlite3_reset(s->ucachep);
594 if (ret != SQLITE_DONE) {
595 ret = KRB5_CC_IO;
596 krb5_set_error_message(context, ret,
597 N_("Failed to bind principal to cache %s", ""),
598 sqlite3_errmsg(s->db));
599 goto rollback;
600 }
601
602 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
603 if (ret) return ret;
604
605 return 0;
606
607 rollback:
608 exec_stmt(context, s->db, "ROLLBACK", 0);
609
610 return ret;
611
612 }
613
614 static krb5_error_code
615 scc_close(krb5_context context,
616 krb5_ccache id)
617 {
618 scc_free(SCACHE(id));
619 return 0;
620 }
621
622 static krb5_error_code
623 scc_destroy(krb5_context context,
624 krb5_ccache id)
625 {
626 krb5_scache *s = SCACHE(id);
627 int ret;
628
629 if (s->cid == SCACHE_INVALID_CID)
630 return 0;
631
632 sqlite3_bind_int(s->dcache, 1, s->cid);
633 do {
634 ret = sqlite3_step(s->dcache);
635 } while (ret == SQLITE_ROW);
636 sqlite3_reset(s->dcache);
637 if (ret != SQLITE_DONE) {
638 krb5_set_error_message(context, KRB5_CC_IO,
639 N_("Failed to destroy cache %s: %s", ""),
640 s->name, sqlite3_errmsg(s->db));
641 return KRB5_CC_IO;
642 }
643 return 0;
644 }
645
646 static krb5_error_code
647 encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
648 {
649 krb5_error_code ret;
650 krb5_storage *sp;
651
652 sp = krb5_storage_emem();
653 if (sp == NULL) {
654 krb5_set_error_message(context, ENOMEM,
655 N_("malloc: out of memory", ""));
656 return ENOMEM;
657 }
658
659 ret = krb5_store_creds(sp, creds);
660 if (ret) {
661 krb5_set_error_message(context, ret,
662 N_("Failed to store credential in scache", ""));
663 krb5_storage_free(sp);
664 return ret;
665 }
666
667 ret = krb5_storage_to_data(sp, data);
668 krb5_storage_free(sp);
669 if (ret)
670 krb5_set_error_message(context, ret,
671 N_("Failed to encode credential in scache", ""));
672 return ret;
673 }
674
675 static krb5_error_code
676 decode_creds(krb5_context context, const void *data, size_t length,
677 krb5_creds *creds)
678 {
679 krb5_error_code ret;
680 krb5_storage *sp;
681
682 sp = krb5_storage_from_readonly_mem(data, length);
683 if (sp == NULL) {
684 krb5_set_error_message(context, ENOMEM,
685 N_("malloc: out of memory", ""));
686 return ENOMEM;
687 }
688
689 ret = krb5_ret_creds(sp, creds);
690 krb5_storage_free(sp);
691 if (ret) {
692 krb5_set_error_message(context, ret,
693 N_("Failed to read credential in scache", ""));
694 return ret;
695 }
696 return 0;
697 }
698
699
700 static krb5_error_code
701 scc_store_cred(krb5_context context,
702 krb5_ccache id,
703 krb5_creds *creds)
704 {
705 sqlite_uint64 credid;
706 krb5_scache *s = SCACHE(id);
707 krb5_error_code ret;
708 krb5_data data;
709
710 ret = make_database(context, s);
711 if (ret)
712 return ret;
713
714 ret = encode_creds(context, creds, &data);
715 if (ret)
716 return ret;
717
718 sqlite3_bind_int(s->icred, 1, s->cid);
719 {
720 krb5_enctype etype = 0;
721 int kvno = 0;
722 Ticket t;
723 size_t len;
724
725 ret = decode_Ticket(creds->ticket.data,
726 creds->ticket.length, &t, &len);
727 if (ret == 0) {
728 if(t.enc_part.kvno)
729 kvno = *t.enc_part.kvno;
730
731 etype = t.enc_part.etype;
732
733 free_Ticket(&t);
734 }
735
736 sqlite3_bind_int(s->icred, 2, kvno);
737 sqlite3_bind_int(s->icred, 3, etype);
738
739 }
740
741 sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data);
742 sqlite3_bind_int(s->icred, 5, time(NULL));
743
744 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
745 if (ret) return ret;
746
747 do {
748 ret = sqlite3_step(s->icred);
749 } while (ret == SQLITE_ROW);
750 sqlite3_reset(s->icred);
751 if (ret != SQLITE_DONE) {
752 ret = KRB5_CC_IO;
753 krb5_set_error_message(context, ret,
754 N_("Failed to add credential: %s", ""),
755 sqlite3_errmsg(s->db));
756 goto rollback;
757 }
758
759 credid = sqlite3_last_insert_rowid(s->db);
760
761 {
762 bind_principal(context, s->db, s->iprincipal, 1, creds->server);
763 sqlite3_bind_int(s->iprincipal, 2, 1);
764 sqlite3_bind_int(s->iprincipal, 3, credid);
765
766 do {
767 ret = sqlite3_step(s->iprincipal);
768 } while (ret == SQLITE_ROW);
769 sqlite3_reset(s->iprincipal);
770 if (ret != SQLITE_DONE) {
771 ret = KRB5_CC_IO;
772 krb5_set_error_message(context, ret,
773 N_("Failed to add principal: %s", ""),
774 sqlite3_errmsg(s->db));
775 goto rollback;
776 }
777 }
778
779 {
780 bind_principal(context, s->db, s->iprincipal, 1, creds->client);
781 sqlite3_bind_int(s->iprincipal, 2, 0);
782 sqlite3_bind_int(s->iprincipal, 3, credid);
783
784 do {
785 ret = sqlite3_step(s->iprincipal);
786 } while (ret == SQLITE_ROW);
787 sqlite3_reset(s->iprincipal);
788 if (ret != SQLITE_DONE) {
789 ret = KRB5_CC_IO;
790 krb5_set_error_message(context, ret,
791 N_("Failed to add principal: %s", ""),
792 sqlite3_errmsg(s->db));
793 goto rollback;
794 }
795 }
796
797 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
798 if (ret) return ret;
799
800 return 0;
801
802 rollback:
803 exec_stmt(context, s->db, "ROLLBACK", 0);
804
805 return ret;
806 }
807
808 static krb5_error_code
809 scc_get_principal(krb5_context context,
810 krb5_ccache id,
811 krb5_principal *principal)
812 {
813 krb5_scache *s = SCACHE(id);
814 krb5_error_code ret;
815 const char *str;
816
817 *principal = NULL;
818
819 ret = make_database(context, s);
820 if (ret)
821 return ret;
822
823 sqlite3_bind_int(s->scache, 1, s->cid);
824
825 if (sqlite3_step(s->scache) != SQLITE_ROW) {
826 sqlite3_reset(s->scache);
827 krb5_set_error_message(context, KRB5_CC_END,
828 N_("No principal for cache SCC:%s:%s", ""),
829 s->name, s->file);
830 return KRB5_CC_END;
831 }
832
833 if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
834 sqlite3_reset(s->scache);
835 krb5_set_error_message(context, KRB5_CC_END,
836 N_("Principal data of wrong type "
837 "for SCC:%s:%s", ""),
838 s->name, s->file);
839 return KRB5_CC_END;
840 }
841
842 str = (const char *)sqlite3_column_text(s->scache, 0);
843 if (str == NULL) {
844 sqlite3_reset(s->scache);
845 krb5_set_error_message(context, KRB5_CC_END,
846 N_("Principal not set for SCC:%s:%s", ""),
847 s->name, s->file);
848 return KRB5_CC_END;
849 }
850
851 ret = krb5_parse_name(context, str, principal);
852
853 sqlite3_reset(s->scache);
854
855 return ret;
856 }
857
858 struct cred_ctx {
859 char *drop;
860 sqlite3_stmt *stmt;
861 sqlite3_stmt *credstmt;
862 };
863
864 static krb5_error_code
865 scc_get_first (krb5_context context,
866 krb5_ccache id,
867 krb5_cc_cursor *cursor)
868 {
869 krb5_scache *s = SCACHE(id);
870 krb5_error_code ret;
871 struct cred_ctx *ctx;
872 char *str, *name;
873
874 *cursor = NULL;
875
876 ctx = calloc(1, sizeof(*ctx));
877 if (ctx == NULL) {
878 krb5_set_error_message(context, ENOMEM,
879 N_("malloc: out of memory", ""));
880 return ENOMEM;
881 }
882
883 ret = make_database(context, s);
884 if (ret) {
885 free(ctx);
886 return ret;
887 }
888
889 if (s->cid == SCACHE_INVALID_CID) {
890 krb5_set_error_message(context, KRB5_CC_END,
891 N_("Iterating a invalid scache %s", ""),
892 s->name);
893 free(ctx);
894 return KRB5_CC_END;
895 }
896
897 asprintf(&name, "credIteration%luPid%d",
898 (unsigned long)ctx, (int)getpid());
899 if (name == NULL) {
900 krb5_set_error_message(context, ENOMEM,
901 N_("malloc: out of memory", ""));
902 free(ctx);
903 return ENOMEM;
904 }
905
906 asprintf(&ctx->drop, "DROP TABLE %s", name);
907 if (ctx->drop == NULL) {
908 krb5_set_error_message(context, ENOMEM,
909 N_("malloc: out of memory", ""));
910 free(name);
911 free(ctx);
912 return ENOMEM;
913 }
914
915 asprintf(&str, "CREATE TEMPORARY TABLE %s "
916 "AS SELECT oid,created_at FROM credentials WHERE cid = %lu",
917 name, (unsigned long)s->cid);
918
919 ret = exec_stmt(context, s->db, str, KRB5_CC_IO);
920 free(str);
921 if (ret) {
922 free(ctx->drop);
923 free(name);
924 free(ctx);
925 return ret;
926 }
927
928 asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name);
929 if (str == NULL) {
930 exec_stmt(context, s->db, ctx->drop, 0);
931 free(ctx->drop);
932 free(name);
933 free(ctx);
934 return ret;
935 }
936
937 ret = prepare_stmt(context, s->db, &ctx->stmt, str);
938 free(str);
939 free(name);
940 if (ret) {
941 exec_stmt(context, s->db, ctx->drop, 0);
942 free(ctx->drop);
943 free(ctx);
944 return ret;
945 }
946
947 ret = prepare_stmt(context, s->db, &ctx->credstmt,
948 "SELECT cred FROM credentials WHERE oid = ?");
949 if (ret) {
950 sqlite3_finalize(ctx->stmt);
951 exec_stmt(context, s->db, ctx->drop, 0);
952 free(ctx->drop);
953 free(ctx);
954 return ret;
955 }
956
957 *cursor = ctx;
958
959 return 0;
960 }
961
962 static krb5_error_code
963 scc_get_next (krb5_context context,
964 krb5_ccache id,
965 krb5_cc_cursor *cursor,
966 krb5_creds *creds)
967 {
968 struct cred_ctx *ctx = *cursor;
969 krb5_scache *s = SCACHE(id);
970 krb5_error_code ret;
971 sqlite_uint64 oid;
972 const void *data = NULL;
973 size_t len = 0;
974
975 next:
976 ret = sqlite3_step(ctx->stmt);
977 if (ret == SQLITE_DONE) {
978 krb5_clear_error_message(context);
979 return KRB5_CC_END;
980 } else if (ret != SQLITE_ROW) {
981 krb5_set_error_message(context, KRB5_CC_IO,
982 N_("scache Database failed: %s", ""),
983 sqlite3_errmsg(s->db));
984 return KRB5_CC_IO;
985 }
986
987 oid = sqlite3_column_int64(ctx->stmt, 0);
988
989 /* read cred from credentials table */
990
991 sqlite3_bind_int(ctx->credstmt, 1, oid);
992
993 ret = sqlite3_step(ctx->credstmt);
994 if (ret != SQLITE_ROW) {
995 sqlite3_reset(ctx->credstmt);
996 goto next;
997 }
998
999 if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
1000 krb5_set_error_message(context, KRB5_CC_END,
1001 N_("credential of wrong type for SCC:%s:%s", ""),
1002 s->name, s->file);
1003 sqlite3_reset(ctx->credstmt);
1004 return KRB5_CC_END;
1005 }
1006
1007 data = sqlite3_column_blob(ctx->credstmt, 0);
1008 len = sqlite3_column_bytes(ctx->credstmt, 0);
1009
1010 ret = decode_creds(context, data, len, creds);
1011 sqlite3_reset(ctx->credstmt);
1012 return ret;
1013 }
1014
1015 static krb5_error_code
1016 scc_end_get (krb5_context context,
1017 krb5_ccache id,
1018 krb5_cc_cursor *cursor)
1019 {
1020 struct cred_ctx *ctx = *cursor;
1021 krb5_scache *s = SCACHE(id);
1022
1023 sqlite3_finalize(ctx->stmt);
1024 sqlite3_finalize(ctx->credstmt);
1025
1026 exec_stmt(context, s->db, ctx->drop, 0);
1027
1028 free(ctx->drop);
1029 free(ctx);
1030
1031 return 0;
1032 }
1033
1034 static krb5_error_code
1035 scc_remove_cred(krb5_context context,
1036 krb5_ccache id,
1037 krb5_flags which,
1038 krb5_creds *mcreds)
1039 {
1040 krb5_scache *s = SCACHE(id);
1041 krb5_error_code ret;
1042 sqlite3_stmt *stmt;
1043 sqlite_uint64 credid = 0;
1044 const void *data = NULL;
1045 size_t len = 0;
1046
1047 ret = make_database(context, s);
1048 if (ret)
1049 return ret;
1050
1051 ret = prepare_stmt(context, s->db, &stmt,
1052 "SELECT cred,oid FROM credentials "
1053 "WHERE cid = ?");
1054 if (ret)
1055 return ret;
1056
1057 sqlite3_bind_int(stmt, 1, s->cid);
1058
1059 /* find credential... */
1060 while (1) {
1061 krb5_creds creds;
1062
1063 ret = sqlite3_step(stmt);
1064 if (ret == SQLITE_DONE) {
1065 ret = 0;
1066 break;
1067 } else if (ret != SQLITE_ROW) {
1068 ret = KRB5_CC_IO;
1069 krb5_set_error_message(context, ret,
1070 N_("scache Database failed: %s", ""),
1071 sqlite3_errmsg(s->db));
1072 break;
1073 }
1074
1075 if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
1076 ret = KRB5_CC_END;
1077 krb5_set_error_message(context, ret,
1078 N_("Credential of wrong type "
1079 "for SCC:%s:%s", ""),
1080 s->name, s->file);
1081 break;
1082 }
1083
1084 data = sqlite3_column_blob(stmt, 0);
1085 len = sqlite3_column_bytes(stmt, 0);
1086
1087 ret = decode_creds(context, data, len, &creds);
1088 if (ret)
1089 break;
1090
1091 ret = krb5_compare_creds(context, which, mcreds, &creds);
1092 krb5_free_cred_contents(context, &creds);
1093 if (ret) {
1094 credid = sqlite3_column_int64(stmt, 1);
1095 ret = 0;
1096 break;
1097 }
1098 }
1099
1100 sqlite3_finalize(stmt);
1101
1102 if (id) {
1103 ret = prepare_stmt(context, s->db, &stmt,
1104 "DELETE FROM credentials WHERE oid=?");
1105 if (ret)
1106 return ret;
1107 sqlite3_bind_int(stmt, 1, credid);
1108
1109 do {
1110 ret = sqlite3_step(stmt);
1111 } while (ret == SQLITE_ROW);
1112 sqlite3_finalize(stmt);
1113 if (ret != SQLITE_DONE) {
1114 ret = KRB5_CC_IO;
1115 krb5_set_error_message(context, ret,
1116 N_("failed to delete scache credental", ""));
1117 } else
1118 ret = 0;
1119 }
1120
1121 return ret;
1122 }
1123
1124 static krb5_error_code
1125 scc_set_flags(krb5_context context,
1126 krb5_ccache id,
1127 krb5_flags flags)
1128 {
1129 return 0; /* XXX */
1130 }
1131
1132 struct cache_iter {
1133 char *drop;
1134 sqlite3 *db;
1135 sqlite3_stmt *stmt;
1136 };
1137
1138 static krb5_error_code
1139 scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
1140 {
1141 struct cache_iter *ctx;
1142 krb5_error_code ret;
1143 char *name, *str;
1144
1145 *cursor = NULL;
1146
1147 ctx = calloc(1, sizeof(*ctx));
1148 if (ctx == NULL) {
1149 krb5_set_error_message(context, ENOMEM,
1150 N_("malloc: out of memory", ""));
1151 return ENOMEM;
1152 }
1153
1154 ret = default_db(context, &ctx->db);
1155 if (ctx->db == NULL) {
1156 free(ctx);
1157 return ret;
1158 }
1159
1160 asprintf(&name, "cacheIteration%luPid%d",
1161 (unsigned long)ctx, (int)getpid());
1162 if (name == NULL) {
1163 krb5_set_error_message(context, ENOMEM,
1164 N_("malloc: out of memory", ""));
1165 sqlite3_close(ctx->db);
1166 free(ctx);
1167 return ENOMEM;
1168 }
1169
1170 asprintf(&ctx->drop, "DROP TABLE %s", name);
1171 if (ctx->drop == NULL) {
1172 krb5_set_error_message(context, ENOMEM,
1173 N_("malloc: out of memory", ""));
1174 sqlite3_close(ctx->db);
1175 free(name);
1176 free(ctx);
1177 return ENOMEM;
1178 }
1179
1180 asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches",
1181 name);
1182 if (str == NULL) {
1183 krb5_set_error_message(context, ENOMEM,
1184 N_("malloc: out of memory", ""));
1185 sqlite3_close(ctx->db);
1186 free(name);
1187 free(ctx->drop);
1188 free(ctx);
1189 return ENOMEM;
1190 }
1191
1192 ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO);
1193 free(str);
1194 if (ret) {
1195 sqlite3_close(ctx->db);
1196 free(name);
1197 free(ctx->drop);
1198 free(ctx);
1199 return ret;
1200 }
1201
1202 asprintf(&str, "SELECT name FROM %s", name);
1203 free(name);
1204 if (str == NULL) {
1205 exec_stmt(context, ctx->db, ctx->drop, 0);
1206 sqlite3_close(ctx->db);
1207 free(name);
1208 free(ctx->drop);
1209 free(ctx);
1210 return ENOMEM;
1211 }
1212
1213 ret = prepare_stmt(context, ctx->db, &ctx->stmt, str);
1214 free(str);
1215 if (ret) {
1216 exec_stmt(context, ctx->db, ctx->drop, 0);
1217 sqlite3_close(ctx->db);
1218 free(ctx->drop);
1219 free(ctx);
1220 return ret;
1221 }
1222
1223 *cursor = ctx;
1224
1225 return 0;
1226 }
1227
1228 static krb5_error_code
1229 scc_get_cache_next(krb5_context context,
1230 krb5_cc_cursor cursor,
1231 krb5_ccache *id)
1232 {
1233 struct cache_iter *ctx = cursor;
1234 krb5_error_code ret;
1235 const char *name;
1236
1237 again:
1238 ret = sqlite3_step(ctx->stmt);
1239 if (ret == SQLITE_DONE) {
1240 krb5_clear_error_message(context);
1241 return KRB5_CC_END;
1242 } else if (ret != SQLITE_ROW) {
1243 krb5_set_error_message(context, KRB5_CC_IO,
1244 N_("Database failed: %s", ""),
1245 sqlite3_errmsg(ctx->db));
1246 return KRB5_CC_IO;
1247 }
1248
1249 if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT)
1250 goto again;
1251
1252 name = (const char *)sqlite3_column_text(ctx->stmt, 0);
1253 if (name == NULL)
1254 goto again;
1255
1256 ret = _krb5_cc_allocate(context, &krb5_scc_ops, id);
1257 if (ret)
1258 return ret;
1259
1260 return scc_resolve(context, id, name);
1261 }
1262
1263 static krb5_error_code
1264 scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
1265 {
1266 struct cache_iter *ctx = cursor;
1267
1268 exec_stmt(context, ctx->db, ctx->drop, 0);
1269 sqlite3_finalize(ctx->stmt);
1270 sqlite3_close(ctx->db);
1271 free(ctx->drop);
1272 free(ctx);
1273 return 0;
1274 }
1275
1276 static krb5_error_code
1277 scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1278 {
1279 krb5_scache *sfrom = SCACHE(from);
1280 krb5_scache *sto = SCACHE(to);
1281 krb5_error_code ret;
1282
1283 if (strcmp(sfrom->file, sto->file) != 0) {
1284 krb5_set_error_message(context, KRB5_CC_BADNAME,
1285 N_("Can't handle cross database "
1286 "credential move: %s -> %s", ""),
1287 sfrom->file, sto->file);
1288 return KRB5_CC_BADNAME;
1289 }
1290
1291 ret = make_database(context, sfrom);
1292 if (ret)
1293 return ret;
1294
1295 ret = exec_stmt(context, sfrom->db,
1296 "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
1297 if (ret) return ret;
1298
1299 if (sto->cid != SCACHE_INVALID_CID) {
1300 /* drop old cache entry */
1301
1302 sqlite3_bind_int(sfrom->dcache, 1, sto->cid);
1303 do {
1304 ret = sqlite3_step(sfrom->dcache);
1305 } while (ret == SQLITE_ROW);
1306 sqlite3_reset(sfrom->dcache);
1307 if (ret != SQLITE_DONE) {
1308 krb5_set_error_message(context, KRB5_CC_IO,
1309 N_("Failed to delete old cache: %d", ""),
1310 (int)ret);
1311 goto rollback;
1312 }
1313 }
1314
1315 sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL);
1316 sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid);
1317
1318 do {
1319 ret = sqlite3_step(sfrom->ucachen);
1320 } while (ret == SQLITE_ROW);
1321 sqlite3_reset(sfrom->ucachen);
1322 if (ret != SQLITE_DONE) {
1323 krb5_set_error_message(context, KRB5_CC_IO,
1324 N_("Failed to update new cache: %d", ""),
1325 (int)ret);
1326 goto rollback;
1327 }
1328
1329 sto->cid = sfrom->cid;
1330
1331 ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO);
1332 if (ret) return ret;
1333
1334 scc_free(sfrom);
1335
1336 return 0;
1337
1338 rollback:
1339 exec_stmt(context, sfrom->db, "ROLLBACK", 0);
1340 scc_free(sfrom);
1341
1342 return KRB5_CC_IO;
1343 }
1344
1345 static krb5_error_code
1346 scc_get_default_name(krb5_context context, char **str)
1347 {
1348 krb5_error_code ret;
1349 char *name;
1350
1351 ret = get_def_name(context, &name);
1352 if (ret)
1353 return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str);
1354
1355 asprintf(str, "SCC:%s", name);
1356 free(name);
1357 if (*str == NULL) {
1358 krb5_set_error_message(context, ENOMEM,
1359 N_("malloc: out of memory", ""));
1360 return ENOMEM;
1361 }
1362 return 0;
1363 }
1364
1365 static krb5_error_code
1366 scc_set_default(krb5_context context, krb5_ccache id)
1367 {
1368 krb5_scache *s = SCACHE(id);
1369 krb5_error_code ret;
1370
1371 if (s->cid == SCACHE_INVALID_CID) {
1372 krb5_set_error_message(context, KRB5_CC_IO,
1373 N_("Trying to set a invalid cache "
1374 "as default %s", ""),
1375 s->name);
1376 return KRB5_CC_IO;
1377 }
1378
1379 ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
1380 if (ret) {
1381 sqlite3_reset(s->umaster);
1382 krb5_set_error_message(context, KRB5_CC_IO,
1383 N_("Failed to set name of default cache", ""));
1384 return KRB5_CC_IO;
1385 }
1386
1387 do {
1388 ret = sqlite3_step(s->umaster);
1389 } while (ret == SQLITE_ROW);
1390 sqlite3_reset(s->umaster);
1391 if (ret != SQLITE_DONE) {
1392 krb5_set_error_message(context, KRB5_CC_IO,
1393 N_("Failed to update default cache", ""));
1394 return KRB5_CC_IO;
1395 }
1396
1397 return 0;
1398 }
1399
1400 /**
1401 * Variable containing the SCC based credential cache implemention.
1402 *
1403 * @ingroup krb5_ccache
1404 */
1405
1406 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = {
1407 KRB5_CC_OPS_VERSION,
1408 "SCC",
1409 scc_get_name,
1410 scc_resolve,
1411 scc_gen_new,
1412 scc_initialize,
1413 scc_destroy,
1414 scc_close,
1415 scc_store_cred,
1416 NULL, /* scc_retrieve */
1417 scc_get_principal,
1418 scc_get_first,
1419 scc_get_next,
1420 scc_end_get,
1421 scc_remove_cred,
1422 scc_set_flags,
1423 NULL,
1424 scc_get_cache_first,
1425 scc_get_cache_next,
1426 scc_end_cache_get,
1427 scc_move,
1428 scc_get_default_name,
1429 scc_set_default
1430 };
Heimdal