search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kafs: Fix a warning
[heimdal.git] / lib / krb5 / scache.c
blob6aae8884abc9903a302f548ec397ae0c3559d4d5
1 /*
2 * Copyright (c) 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #ifdef HAVE_SCC
37
38 #include <sqlite3.h>
39
40 typedef struct krb5_scache {
41 char *name;
42 char *file;
43 char *sub;
44 sqlite3 *db;
45
46 sqlite_uint64 cid;
47
48 sqlite3_stmt *icred;
49 sqlite3_stmt *dcred;
50 sqlite3_stmt *iprincipal;
51
52 sqlite3_stmt *icache;
53 sqlite3_stmt *ucachen;
54 sqlite3_stmt *ucachep;
55 sqlite3_stmt *dcache;
56 sqlite3_stmt *scache;
57 sqlite3_stmt *scache_name;
58 sqlite3_stmt *umaster;
59
60 } krb5_scache;
61
62 #define SCACHE(X) ((krb5_scache *)(X)->data.data)
63
64 /*
65 * Because we can't control what permissions SQLite3 (if not in-tree) will use,
66 * and we're a library and can't set the umask. We can't even determine the
67 * current umask in a thread-safe way (not easily), and we can't tell if some
68 * other thread might change it. So what we'll do is put the SQLite3-based
69 * ccache file in its own directory so we can create that directory with
70 * mkdir(2) and the correct permissions.
71 */
72
73 #define SCACHE_DEF_NAME "Default-cache"
74 #define KRB5_SCACHE_DIR "%{TEMP}/krb5scc_%{uid}"
75 #define KRB5_SCACHE_DB KRB5_SCACHE_DIR "scc"
76 #define KRB5_SCACHE_NAME "SCC:" KRB5_SCACHE_DB ":" SCACHE_DEF_NAME
77
78 #define SCACHE_INVALID_CID ((sqlite_uint64)-1)
79
80 /*
81 *
82 */
83
84 #define SQL_CMASTER "" \
85 "CREATE TABLE master (" \
86 "oid INTEGER PRIMARY KEY," \
87 "version INTEGER NOT NULL," \
88 "defaultcache TEXT NOT NULL" \
89 ")"
90
91 #define SQL_SETUP_MASTER \
92 "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")"
93 #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2"
94
95 #define SQL_CCACHE "" \
96 "CREATE TABLE caches (" \
97 "oid INTEGER PRIMARY KEY," \
98 "principal TEXT," \
99 "name TEXT NOT NULL" \
100 ")"
101
102 #define SQL_TCACHE "" \
103 "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \
104 "FOR EACH ROW BEGIN " \
105 "DELETE FROM credentials WHERE cid=old.oid;" \
106 "END"
107
108 #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
109 #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?"
110 #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
111 #define SQL_DCACHE "DELETE FROM caches WHERE OID=?"
112 #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
113 #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=? OR " \
114 "(PRINCIPAL IS NOT NULL AND PRINCIPAL=?)"
115
116 #define SQL_CCREDS "" \
117 "CREATE TABLE credentials (" \
118 "oid INTEGER PRIMARY KEY," \
119 "cid INTEGER NOT NULL," \
120 "kvno INTEGER NOT NULL," \
121 "etype INTEGER NOT NULL," \
122 "created_at INTEGER NOT NULL," \
123 "cred BLOB NOT NULL" \
124 ")"
125
126 #define SQL_TCRED "" \
127 "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \
128 "FOR EACH ROW BEGIN " \
129 "DELETE FROM principals WHERE credential_id=old.oid;" \
130 "END"
131
132 #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)"
133 #define SQL_DCRED "DELETE FROM credentials WHERE cid=?"
134
135 #define SQL_CPRINCIPALS "" \
136 "CREATE TABLE principals (" \
137 "oid INTEGER PRIMARY KEY," \
138 "principal TEXT NOT NULL," \
139 "type INTEGER NOT NULL," \
140 "credential_id INTEGER NOT NULL" \
141 ")"
142
143 #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
144
145 /*
146 * sqlite destructors
147 */
148
149 static void
150 free_data(void *data)
151 {
152 free(data);
153 }
154
155 static void
156 free_krb5(void *str)
157 {
158 krb5_xfree(str);
159 }
160
161 static void
162 scc_free(krb5_scache *s)
163 {
164 if (!s)
165 return;
166 if (s->file)
167 free(s->file);
168 if (s->sub)
169 free(s->sub);
170 if (s->name)
171 free(s->name);
172
173 if (s->icred)
174 sqlite3_finalize(s->icred);
175 if (s->dcred)
176 sqlite3_finalize(s->dcred);
177 if (s->iprincipal)
178 sqlite3_finalize(s->iprincipal);
179 if (s->icache)
180 sqlite3_finalize(s->icache);
181 if (s->ucachen)
182 sqlite3_finalize(s->ucachen);
183 if (s->ucachep)
184 sqlite3_finalize(s->ucachep);
185 if (s->dcache)
186 sqlite3_finalize(s->dcache);
187 if (s->scache)
188 sqlite3_finalize(s->scache);
189 if (s->scache_name)
190 sqlite3_finalize(s->scache_name);
191 if (s->umaster)
192 sqlite3_finalize(s->umaster);
193
194 if (s->db)
195 sqlite3_close(s->db);
196 free(s);
197 }
198
199 #ifdef TRACEME
200 static void
201 trace(void* ptr, const char * str)
202 {
203 printf("SQL: %s\n", str);
204 }
205 #endif
206
207 static krb5_error_code
208 prepare_stmt(krb5_context context, sqlite3 *db,
209 sqlite3_stmt **stmt, const char *str)
210 {
211 int ret;
212
213 ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
214 if (ret != SQLITE_OK) {
215 krb5_set_error_message(context, ENOENT,
216 N_("Failed to prepare stmt %s: %s", ""),
217 str, sqlite3_errmsg(db));
218 return ENOENT;
219 }
220 return 0;
221 }
222
223 static krb5_error_code
224 exec_stmt(krb5_context context, sqlite3 *db, const char *str,
225 krb5_error_code code)
226 {
227 int ret;
228
229 ret = sqlite3_exec(db, str, NULL, NULL, NULL);
230 if (ret != SQLITE_OK && code) {
231 krb5_set_error_message(context, code,
232 N_("scache execute %s: %s", ""), str,
233 sqlite3_errmsg(db));
234 return code;
235 }
236 return 0;
237 }
238
239 /* See block comment at the top of this file */
240 static krb5_error_code
241 make_dir(krb5_context context, const char *name)
242 {
243 krb5_error_code ret = 0;
244 char *s, *p;
245
246 /* We really need a dirname() in roken; lib/krb5/fcache.c has one */
247 if ((s = strdup(name)) == NULL)
248 return krb5_enomem(context);
249 for (p = s + strlen(s); p > s; p--) {
250 #ifdef WIN32
251 if (*p != '/' && *p != '\\')
252 continue;
253 #else
254 if (*p != '/')
255 continue;
256 #endif
257 *p = '\0';
258 break;
259 }
260
261 /* If p == s then DB in current directory -- nothing we can do */
262 if (p > s && mkdir(s, 0700) == -1)
263 ret = errno;
264 free(s);
265
266 /* If we created it, we're good, else there's nothing we can do */
267 if (ret == EEXIST)
268 return 0;
269 if (ret)
270 krb5_set_error_message(context, ret,
271 N_("Error making directory for scache file %s", ""),
272 name);
273 return ret;
274 }
275
276 static krb5_error_code
277 default_db(krb5_context context, const char *name, sqlite3 **db, char **file)
278 {
279 krb5_error_code ret = 0;
280 char *s = NULL;
281 char *f = NULL;
282
283 if (file)
284 *file = NULL;
285
286 if (name == NULL) {
287 if ((name = krb5_cc_default_name(context))) {
288 if (strncmp(name, "SCC:", sizeof("SCC:") - 1) == 0)
289 name += sizeof("SCC:") - 1;
290 }
291 if (name == NULL) {
292 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s);
293 if (ret)
294 return ret;
295 name = s;
296 }
297 }
298
299 if (strncmp(name, "SCC:", sizeof("SCC:") - 1) == 0)
300 name += sizeof("SCC:") - 1;
301
302 if ((f = strdup(name)) == NULL) {
303 free(s);
304 return krb5_enomem(context);
305 }
306 free(s);
307
308 /* Strip off any residue from default name */
309 #ifdef WIN32
310 if (f[0] && f[1] == ':' && (s = strrchr(f, ':')) != &f[1])
311 *s = '\0';
312 #else
313 if ((s = strrchr(f, ':')))
314 *s = '\0';
315 #endif
316
317 ret = make_dir(context, f);
318 if (ret == 0) {
319 int sret;
320
321 sret = sqlite3_open_v2(f, db, SQLITE_OPEN_READWRITE, NULL);
322 if (sret != SQLITE_OK) {
323 if (*db) {
324 krb5_set_error_message(context, ENOENT,
325 N_("Error opening scache file %s: %s (%d)", ""),
326 f, sqlite3_errmsg(*db), sret);
327 sqlite3_close(*db);
328 *db = NULL;
329 } else
330 krb5_set_error_message(context, ENOENT,
331 N_("Error opening scache file %s: %s (%d)", ""),
332 f, sqlite3_errstr(sret), sret);
333 free(f);
334 return ENOENT;
335 }
336 }
337
338 #ifndef WIN32
339 /*
340 * Just in case we're using an out-of-tree SQLite3. See block comment at
341 * the top of this file, near KRB5_SCACHE_DIR's definition.
342 */
343 (void) chmod(f, 0600);
344 #endif
345
346 if (file)
347 *file = f;
348 else
349 free(f);
350
351 #ifdef TRACEME
352 sqlite3_trace(*db, trace, NULL);
353 #endif
354
355 return ret;
356 }
357
358 static krb5_error_code
359 get_def_name(krb5_context context, char *filein, char **str, char **file)
360 {
361 krb5_error_code ret;
362 sqlite3_stmt *stmt;
363 const char *name;
364 sqlite3 *db;
365
366 ret = default_db(context, filein, &db, file);
367 if (ret)
368 return ret;
369
370 ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master");
371 if (ret) {
372 sqlite3_close(db);
373 return ret;
374 }
375
376 ret = sqlite3_step(stmt);
377 if (ret != SQLITE_ROW)
378 goto out;
379
380 if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT)
381 goto out;
382
383 name = (const char *)sqlite3_column_text(stmt, 0);
384 if (name == NULL)
385 goto out;
386
387 *str = strdup(name);
388 if (*str == NULL)
389 goto out;
390
391 sqlite3_finalize(stmt);
392 sqlite3_close(db);
393 return 0;
394 out:
395 sqlite3_finalize(stmt);
396 sqlite3_close(db);
397 krb5_clear_error_message(context);
398 return ENOENT;
399 }
400
401
402
403 static krb5_scache * KRB5_CALLCONV
404 scc_alloc(krb5_context context,
405 const char *name,
406 const char *sub,
407 int new_unique)
408 {
409 krb5_error_code ret = 0;
410 krb5_scache *s;
411 char *freeme = NULL;
412 char *subsidiary;
413
414 ALLOC(s, 1);
415 if(s == NULL)
416 return NULL;
417
418 s->cid = SCACHE_INVALID_CID;
419
420 if (name && *name && sub && *sub) {
421 if ((s->sub = strdup(sub)) == NULL ||
422 (s->file = strdup(name)) == NULL) {
423 free(s->file);
424 free(s);
425 (void) krb5_enomem(context);
426 return NULL;
427 }
428 } else {
429 s->sub = NULL;
430 s->file = NULL;
431 s->name = NULL;
432
433 if (name == NULL)
434 name = krb5_cc_default_name(context);
435 if (name == NULL) {
436 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB,
437 &freeme);
438 if (ret) {
439 free(s);
440 return NULL;
441 }
442 name = freeme;
443 }
444
445 if (strncmp(name, "SCC:", sizeof("SCC:") - 1) == 0)
446 name += sizeof("SCC:") - 1;
447
448 if ((s->file = strdup(name)) == NULL) {
449 (void) krb5_enomem(context);
450 scc_free(s);
451 free(freeme);
452 return NULL;
453 }
454
455 if ((subsidiary = strrchr(s->file, ':'))) {
456 #ifdef WIN32
457 if (subsidiary == s->file + 1)
458 subsidiary = NULL;
459 else
460 #endif
461 *(subsidiary++) = '\0';
462 }
463
464 if (new_unique) {
465 ret = asprintf(&s->sub, "unique-%p", s) < 0 || s->sub == NULL ?
466 krb5_enomem(context) : 0;
467 } else if (subsidiary == NULL || *subsidiary == '\0') {
468 ret = get_def_name(context, s->file, &s->sub, NULL);
469 if (ret) {
470 if ((s->sub = strdup(SCACHE_DEF_NAME)) == NULL)
471 ret = krb5_enomem(context);
472 else
473 ret = 0;
474 }
475 } else if ((s->sub = strdup(subsidiary)) == NULL) {
476 ret = krb5_enomem(context);
477 }
478 }
479
480 if (ret == 0 && s->file && s->sub &&
481 (asprintf(&s->name, "%s:%s", s->file, s->sub) < 0 || s->name == NULL))
482 ret = krb5_enomem(context);
483 if (ret || s->file == NULL || s->sub == NULL || s->name == NULL) {
484 scc_free(s);
485 free(freeme);
486 return NULL;
487 }
488 return s;
489 }
490
491 static krb5_error_code
492 open_database(krb5_context context, krb5_scache *s, int flags)
493 {
494 krb5_error_code ret;
495 struct stat st;
496 int sret;
497
498
499 if (!(flags & SQLITE_OPEN_CREATE) && stat(s->file, &st) == 0 &&
500 st.st_size == 0)
501 return ENOENT;
502
503 ret = make_dir(context, s->file);
504 if (ret)
505 return ret;
506 sret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
507 if (sret != SQLITE_OK) {
508 if (s->db) {
509 krb5_set_error_message(context, ENOENT,
510 N_("Error opening scache file %s: %s (%d)", ""),
511 s->file, sqlite3_errmsg(s->db), sret);
512 sqlite3_close(s->db);
513 s->db = NULL;
514 } else
515 krb5_set_error_message(context, ENOENT,
516 N_("Error opening scache file %s: %s (%d)", ""),
517 s->file, sqlite3_errstr(sret), sret);
518 return ENOENT;
519 }
520 return 0;
521 }
522
523 static krb5_error_code
524 create_cache(krb5_context context, krb5_scache *s)
525 {
526 int ret;
527
528 sqlite3_bind_text(s->icache, 1, s->sub, -1, NULL);
529 do {
530 ret = sqlite3_step(s->icache);
531 } while (ret == SQLITE_ROW);
532 if (ret != SQLITE_DONE) {
533 krb5_set_error_message(context, KRB5_CC_IO,
534 N_("Failed to add scache: %d", ""), ret);
535 return KRB5_CC_IO;
536 }
537 sqlite3_reset(s->icache);
538
539 s->cid = sqlite3_last_insert_rowid(s->db);
540
541 return 0;
542 }
543
544 static krb5_error_code
545 make_database(krb5_context context, krb5_scache *s)
546 {
547 int created_file = 0;
548 int ret;
549
550 if (s->db)
551 return 0;
552
553 ret = open_database(context, s, 0);
554 if (ret) {
555 ret = open_database(context, s, SQLITE_OPEN_CREATE);
556 if (ret) goto out;
557
558 created_file = 1;
559
560 ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO);
561 if (ret) goto out;
562 ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO);
563 if (ret) goto out;
564 ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO);
565 if (ret) goto out;
566 ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO);
567 if (ret) goto out;
568 ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO);
569 if (ret) goto out;
570
571 ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO);
572 if (ret) goto out;
573 ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO);
574 if (ret) goto out;
575 }
576
577 #ifdef TRACEME
578 sqlite3_trace(s->db, trace, NULL);
579 #endif
580
581 ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED);
582 if (ret) goto out;
583 ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED);
584 if (ret) goto out;
585 ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL);
586 if (ret) goto out;
587 ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE);
588 if (ret) goto out;
589 ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME);
590 if (ret) goto out;
591 ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL);
592 if (ret) goto out;
593 ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE);
594 if (ret) goto out;
595 ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE);
596 if (ret) goto out;
597 ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME);
598 if (ret) goto out;
599 ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER);
600 if (ret) goto out;
601
602 #ifndef WIN32
603 /*
604 * Just in case we're using an out-of-tree SQLite3. See block comment at
605 * the top of this file, near KRB5_SCACHE_DIR's definition.
606 */
607 (void) chmod(s->file, 0600);
608 #endif
609
610 return 0;
611
612 out:
613 if (s->db)
614 sqlite3_close(s->db);
615 if (created_file)
616 unlink(s->file);
617
618 return ret;
619 }
620
621 static krb5_error_code
622 bind_principal(krb5_context context,
623 sqlite3 *db,
624 sqlite3_stmt *stmt,
625 int col,
626 krb5_const_principal principal)
627 {
628 krb5_error_code ret;
629 char *str;
630
631 ret = krb5_unparse_name(context, principal, &str);
632 if (ret)
633 return ret;
634
635 ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5);
636 if (ret != SQLITE_OK) {
637 krb5_xfree(str);
638 krb5_set_error_message(context, ENOMEM,
639 N_("scache bind principal: %s", ""),
640 sqlite3_errmsg(db));
641 return ENOMEM;
642 }
643 return 0;
644 }
645
646 /*
647 *
648 */
649
650 static krb5_error_code KRB5_CALLCONV
651 scc_get_name_2(krb5_context context,
652 krb5_ccache id,
653 const char **name,
654 const char **file,
655 const char **sub)
656 {
657 if (name)
658 *name = SCACHE(id)->name;
659 if (file)
660 *file = SCACHE(id)->file;
661 if (sub)
662 *sub = SCACHE(id)->sub;
663 return 0;
664 }
665
666 static krb5_error_code KRB5_CALLCONV
667 scc_resolve_2(krb5_context context,
668 krb5_ccache *id,
669 const char *res,
670 const char *sub)
671 {
672 krb5_error_code ret;
673 krb5_scache *s;
674
675 s = scc_alloc(context, res, sub, 0);
676 if (s == NULL) {
677 krb5_set_error_message(context, KRB5_CC_NOMEM,
678 N_("malloc: out of memory", ""));
679 return KRB5_CC_NOMEM;
680 }
681
682 ret = make_database(context, s);
683 if (ret) {
684 scc_free(s);
685 return ret;
686 }
687
688 ret = sqlite3_bind_text(s->scache_name, 1, s->sub, -1, NULL);
689 if (ret != SQLITE_OK) {
690 krb5_set_error_message(context, ENOMEM,
691 "bind principal: %s", sqlite3_errmsg(s->db));
692 scc_free(s);
693 return ENOMEM;
694 }
695
696 if (sqlite3_step(s->scache_name) == SQLITE_ROW) {
697
698 if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
699 sqlite3_reset(s->scache_name);
700 krb5_set_error_message(context, KRB5_CC_END,
701 N_("Cache name of wrong type "
702 "for scache %s", ""),
703 s->name);
704 scc_free(s);
705 return KRB5_CC_END;
706 }
707
708 s->cid = sqlite3_column_int(s->scache_name, 0);
709 } else {
710 s->cid = SCACHE_INVALID_CID;
711 }
712 sqlite3_reset(s->scache_name);
713
714 (*id)->data.data = s;
715 (*id)->data.length = sizeof(*s);
716
717 return 0;
718 }
719
720 static krb5_error_code KRB5_CALLCONV
721 scc_gen_new(krb5_context context, krb5_ccache *id)
722 {
723 krb5_scache *s;
724
725 s = scc_alloc(context, NULL, NULL, 1);
726
727 if (s == NULL) {
728 krb5_set_error_message(context, KRB5_CC_NOMEM,
729 N_("malloc: out of memory", ""));
730 return KRB5_CC_NOMEM;
731 }
732
733 (*id)->data.data = s;
734 (*id)->data.length = sizeof(*s);
735
736 return 0;
737 }
738
739 static krb5_error_code KRB5_CALLCONV
740 scc_initialize(krb5_context context,
741 krb5_ccache id,
742 krb5_principal principal)
743 {
744 krb5_scache *s = SCACHE(id);
745 krb5_error_code ret;
746
747 ret = make_database(context, s);
748 if (ret)
749 return ret;
750
751 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
752 if (ret) return ret;
753
754 if (s->cid == SCACHE_INVALID_CID) {
755 ret = create_cache(context, s);
756 if (ret)
757 goto rollback;
758 } else {
759 sqlite3_bind_int(s->dcred, 1, s->cid);
760 do {
761 ret = sqlite3_step(s->dcred);
762 } while (ret == SQLITE_ROW);
763 sqlite3_reset(s->dcred);
764 if (ret != SQLITE_DONE) {
765 ret = KRB5_CC_IO;
766 krb5_set_error_message(context, ret,
767 N_("Failed to delete old "
768 "credentials: %s", ""),
769 sqlite3_errmsg(s->db));
770 goto rollback;
771 }
772 }
773
774 ret = bind_principal(context, s->db, s->ucachep, 1, principal);
775 if (ret)
776 goto rollback;
777 sqlite3_bind_int(s->ucachep, 2, s->cid);
778
779 do {
780 ret = sqlite3_step(s->ucachep);
781 } while (ret == SQLITE_ROW);
782 sqlite3_reset(s->ucachep);
783 if (ret != SQLITE_DONE) {
784 ret = KRB5_CC_IO;
785 krb5_set_error_message(context, ret,
786 N_("Failed to bind principal to cache %s", ""),
787 sqlite3_errmsg(s->db));
788 goto rollback;
789 }
790
791 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
792 if (ret) return ret;
793
794 return 0;
795
796 rollback:
797 exec_stmt(context, s->db, "ROLLBACK", 0);
798
799 return ret;
800
801 }
802
803 static krb5_error_code KRB5_CALLCONV
804 scc_close(krb5_context context,
805 krb5_ccache id)
806 {
807 scc_free(SCACHE(id));
808 return 0;
809 }
810
811 static krb5_error_code KRB5_CALLCONV
812 scc_destroy(krb5_context context,
813 krb5_ccache id)
814 {
815 krb5_scache *s = SCACHE(id);
816 int ret;
817
818 if (s->cid == SCACHE_INVALID_CID)
819 return 0;
820
821 sqlite3_bind_int(s->dcache, 1, s->cid);
822 do {
823 ret = sqlite3_step(s->dcache);
824 } while (ret == SQLITE_ROW);
825 sqlite3_reset(s->dcache);
826 if (ret != SQLITE_DONE) {
827 krb5_set_error_message(context, KRB5_CC_IO,
828 N_("Failed to destroy cache %s: %s", ""),
829 s->name, sqlite3_errmsg(s->db));
830 return KRB5_CC_IO;
831 }
832 return 0;
833 }
834
835 static krb5_error_code
836 encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
837 {
838 krb5_error_code ret;
839 krb5_storage *sp;
840
841 krb5_data_zero(data);
842 sp = krb5_storage_emem();
843 if (sp == NULL)
844 return krb5_enomem(context);
845
846 ret = krb5_store_creds(sp, creds);
847 if (ret) {
848 krb5_set_error_message(context, ret,
849 N_("Failed to store credential in scache", ""));
850 krb5_storage_free(sp);
851 return ret;
852 }
853
854 ret = krb5_storage_to_data(sp, data);
855 krb5_storage_free(sp);
856 if (ret)
857 krb5_set_error_message(context, ret,
858 N_("Failed to encode credential in scache", ""));
859 return ret;
860 }
861
862 static krb5_error_code
863 decode_creds(krb5_context context, const void *data, size_t length,
864 krb5_creds *creds)
865 {
866 krb5_error_code ret;
867 krb5_storage *sp;
868
869 sp = krb5_storage_from_readonly_mem(data, length);
870 if (sp == NULL)
871 return krb5_enomem(context);
872
873 ret = krb5_ret_creds(sp, creds);
874 krb5_storage_free(sp);
875 if (ret) {
876 krb5_set_error_message(context, ret,
877 N_("Failed to read credential in scache", ""));
878 return ret;
879 }
880 return 0;
881 }
882
883
884 static krb5_error_code KRB5_CALLCONV
885 scc_store_cred(krb5_context context,
886 krb5_ccache id,
887 krb5_creds *creds)
888 {
889 sqlite_uint64 credid;
890 krb5_scache *s = SCACHE(id);
891 krb5_error_code ret;
892 krb5_data data;
893
894 ret = make_database(context, s);
895 if (ret)
896 return ret;
897
898 ret = encode_creds(context, creds, &data);
899 if (ret)
900 return ret;
901
902 sqlite3_bind_int(s->icred, 1, s->cid);
903 {
904 krb5_enctype etype = 0;
905 int kvno = 0;
906 Ticket t;
907 size_t len;
908
909 ret = decode_Ticket(creds->ticket.data,
910 creds->ticket.length, &t, &len);
911 if (ret == 0) {
912 if(t.enc_part.kvno)
913 kvno = *t.enc_part.kvno;
914
915 etype = t.enc_part.etype;
916
917 free_Ticket(&t);
918 }
919
920 sqlite3_bind_int(s->icred, 2, kvno);
921 sqlite3_bind_int(s->icred, 3, etype);
922
923 }
924
925 sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data);
926 sqlite3_bind_int(s->icred, 5, time(NULL));
927
928 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
929 if (ret) return ret;
930
931 do {
932 ret = sqlite3_step(s->icred);
933 } while (ret == SQLITE_ROW);
934 sqlite3_reset(s->icred);
935 if (ret != SQLITE_DONE) {
936 ret = KRB5_CC_IO;
937 krb5_set_error_message(context, ret,
938 N_("Failed to add credential: %s", ""),
939 sqlite3_errmsg(s->db));
940 goto rollback;
941 }
942
943 credid = sqlite3_last_insert_rowid(s->db);
944
945 {
946 bind_principal(context, s->db, s->iprincipal, 1, creds->server);
947 sqlite3_bind_int(s->iprincipal, 2, 1);
948 sqlite3_bind_int(s->iprincipal, 3, credid);
949
950 do {
951 ret = sqlite3_step(s->iprincipal);
952 } while (ret == SQLITE_ROW);
953 sqlite3_reset(s->iprincipal);
954 if (ret != SQLITE_DONE) {
955 ret = KRB5_CC_IO;
956 krb5_set_error_message(context, ret,
957 N_("Failed to add principal: %s", ""),
958 sqlite3_errmsg(s->db));
959 goto rollback;
960 }
961 }
962
963 {
964 bind_principal(context, s->db, s->iprincipal, 1, creds->client);
965 sqlite3_bind_int(s->iprincipal, 2, 0);
966 sqlite3_bind_int(s->iprincipal, 3, credid);
967
968 do {
969 ret = sqlite3_step(s->iprincipal);
970 } while (ret == SQLITE_ROW);
971 sqlite3_reset(s->iprincipal);
972 if (ret != SQLITE_DONE) {
973 ret = KRB5_CC_IO;
974 krb5_set_error_message(context, ret,
975 N_("Failed to add principal: %s", ""),
976 sqlite3_errmsg(s->db));
977 goto rollback;
978 }
979 }
980
981 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
982 if (ret) return ret;
983
984 return 0;
985
986 rollback:
987 exec_stmt(context, s->db, "ROLLBACK", 0);
988
989 return ret;
990 }
991
992 static krb5_error_code KRB5_CALLCONV
993 scc_get_principal(krb5_context context,
994 krb5_ccache id,
995 krb5_principal *principal)
996 {
997 krb5_scache *s = SCACHE(id);
998 krb5_error_code ret;
999 const char *str;
1000
1001 *principal = NULL;
1002
1003 ret = make_database(context, s);
1004 if (ret)
1005 return ret;
1006
1007 sqlite3_bind_int(s->scache, 1, s->cid);
1008
1009 if (sqlite3_step(s->scache) != SQLITE_ROW) {
1010 sqlite3_reset(s->scache);
1011 krb5_set_error_message(context, KRB5_CC_END,
1012 N_("No principal for cache SCC:%s", ""),
1013 s->name);
1014 return KRB5_CC_END;
1015 }
1016
1017 if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
1018 sqlite3_reset(s->scache);
1019 krb5_set_error_message(context, KRB5_CC_END,
1020 N_("Principal data of wrong type "
1021 "for SCC:%s", ""),
1022 s->name);
1023 return KRB5_CC_END;
1024 }
1025
1026 str = (const char *)sqlite3_column_text(s->scache, 0);
1027 if (str == NULL) {
1028 sqlite3_reset(s->scache);
1029 krb5_set_error_message(context, KRB5_CC_END,
1030 N_("Principal not set for SCC:%s", ""),
1031 s->name);
1032 return KRB5_CC_END;
1033 }
1034
1035 ret = krb5_parse_name(context, str, principal);
1036
1037 sqlite3_reset(s->scache);
1038
1039 return ret;
1040 }
1041
1042 struct cred_ctx {
1043 char *drop;
1044 sqlite3_stmt *stmt;
1045 sqlite3_stmt *credstmt;
1046 };
1047
1048 static krb5_error_code KRB5_CALLCONV
1049 scc_get_first (krb5_context context,
1050 krb5_ccache id,
1051 krb5_cc_cursor *cursor)
1052 {
1053 krb5_scache *s = SCACHE(id);
1054 krb5_error_code ret;
1055 struct cred_ctx *ctx;
1056 char *str = NULL, *name = NULL;
1057
1058 *cursor = NULL;
1059
1060 ctx = calloc(1, sizeof(*ctx));
1061 if (ctx == NULL)
1062 return krb5_enomem(context);
1063
1064 ret = make_database(context, s);
1065 if (ret) {
1066 free(ctx);
1067 return ret;
1068 }
1069
1070 if (s->cid == SCACHE_INVALID_CID) {
1071 krb5_set_error_message(context, KRB5_CC_END,
1072 N_("Iterating a invalid scache %s", ""),
1073 s->name);
1074 free(ctx);
1075 return KRB5_CC_END;
1076 }
1077
1078 ret = asprintf(&name, "credIteration%pPid%d",
1079 ctx, (int)getpid());
1080 if (ret < 0 || name == NULL) {
1081 free(ctx);
1082 return krb5_enomem(context);
1083 }
1084
1085 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
1086 if (ret < 0 || ctx->drop == NULL) {
1087 free(name);
1088 free(ctx);
1089 return krb5_enomem(context);
1090 }
1091
1092 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s "
1093 "AS SELECT oid,created_at FROM credentials WHERE cid = %lu",
1094 name, (unsigned long)s->cid);
1095 if (ret < 0 || str == NULL) {
1096 free(ctx->drop);
1097 free(name);
1098 free(ctx);
1099 return krb5_enomem(context);
1100 }
1101
1102 ret = exec_stmt(context, s->db, str, KRB5_CC_IO);
1103 free(str);
1104 str = NULL;
1105 if (ret) {
1106 free(ctx->drop);
1107 free(name);
1108 free(ctx);
1109 return ret;
1110 }
1111
1112 ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name);
1113 if (ret < 0 || str == NULL) {
1114 exec_stmt(context, s->db, ctx->drop, 0);
1115 free(ctx->drop);
1116 free(name);
1117 free(ctx);
1118 return ret;
1119 }
1120
1121 ret = prepare_stmt(context, s->db, &ctx->stmt, str);
1122 free(str);
1123 str = NULL;
1124 free(name);
1125 if (ret) {
1126 exec_stmt(context, s->db, ctx->drop, 0);
1127 free(ctx->drop);
1128 free(ctx);
1129 return ret;
1130 }
1131
1132 ret = prepare_stmt(context, s->db, &ctx->credstmt,
1133 "SELECT cred FROM credentials WHERE oid = ?");
1134 if (ret) {
1135 sqlite3_finalize(ctx->stmt);
1136 exec_stmt(context, s->db, ctx->drop, 0);
1137 free(ctx->drop);
1138 free(ctx);
1139 return ret;
1140 }
1141
1142 *cursor = ctx;
1143
1144 return 0;
1145 }
1146
1147 static krb5_error_code KRB5_CALLCONV
1148 scc_get_next (krb5_context context,
1149 krb5_ccache id,
1150 krb5_cc_cursor *cursor,
1151 krb5_creds *creds)
1152 {
1153 struct cred_ctx *ctx = *cursor;
1154 krb5_scache *s = SCACHE(id);
1155 krb5_error_code ret;
1156 sqlite_uint64 oid;
1157 const void *data = NULL;
1158 size_t len = 0;
1159
1160 next:
1161 ret = sqlite3_step(ctx->stmt);
1162 if (ret == SQLITE_DONE) {
1163 krb5_clear_error_message(context);
1164 return KRB5_CC_END;
1165 } else if (ret != SQLITE_ROW) {
1166 krb5_set_error_message(context, KRB5_CC_IO,
1167 N_("scache Database failed: %s", ""),
1168 sqlite3_errmsg(s->db));
1169 return KRB5_CC_IO;
1170 }
1171
1172 oid = sqlite3_column_int64(ctx->stmt, 0);
1173
1174 /* read cred from credentials table */
1175
1176 sqlite3_bind_int(ctx->credstmt, 1, oid);
1177
1178 ret = sqlite3_step(ctx->credstmt);
1179 if (ret != SQLITE_ROW) {
1180 sqlite3_reset(ctx->credstmt);
1181 goto next;
1182 }
1183
1184 if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
1185 krb5_set_error_message(context, KRB5_CC_END,
1186 N_("credential of wrong type for SCC:%s", ""),
1187 s->name);
1188 sqlite3_reset(ctx->credstmt);
1189 return KRB5_CC_END;
1190 }
1191
1192 data = sqlite3_column_blob(ctx->credstmt, 0);
1193 len = sqlite3_column_bytes(ctx->credstmt, 0);
1194
1195 ret = decode_creds(context, data, len, creds);
1196 sqlite3_reset(ctx->credstmt);
1197 return ret;
1198 }
1199
1200 static krb5_error_code KRB5_CALLCONV
1201 scc_end_get (krb5_context context,
1202 krb5_ccache id,
1203 krb5_cc_cursor *cursor)
1204 {
1205 struct cred_ctx *ctx = *cursor;
1206 krb5_scache *s = SCACHE(id);
1207
1208 sqlite3_finalize(ctx->stmt);
1209 sqlite3_finalize(ctx->credstmt);
1210
1211 exec_stmt(context, s->db, ctx->drop, 0);
1212
1213 free(ctx->drop);
1214 free(ctx);
1215
1216 return 0;
1217 }
1218
1219 static krb5_error_code KRB5_CALLCONV
1220 scc_remove_cred(krb5_context context,
1221 krb5_ccache id,
1222 krb5_flags which,
1223 krb5_creds *mcreds)
1224 {
1225 krb5_scache *s = SCACHE(id);
1226 krb5_error_code ret;
1227 sqlite3_stmt *stmt;
1228 sqlite_uint64 credid = 0;
1229 const void *data = NULL;
1230 size_t len = 0;
1231
1232 ret = make_database(context, s);
1233 if (ret)
1234 return ret;
1235
1236 ret = prepare_stmt(context, s->db, &stmt,
1237 "SELECT cred,oid FROM credentials "
1238 "WHERE cid = ?");
1239 if (ret)
1240 return ret;
1241
1242 sqlite3_bind_int(stmt, 1, s->cid);
1243
1244 /* find credential... */
1245 while (1) {
1246 krb5_creds creds;
1247
1248 ret = sqlite3_step(stmt);
1249 if (ret == SQLITE_DONE) {
1250 ret = 0;
1251 break;
1252 } else if (ret != SQLITE_ROW) {
1253 ret = KRB5_CC_IO;
1254 krb5_set_error_message(context, ret,
1255 N_("scache Database failed: %s", ""),
1256 sqlite3_errmsg(s->db));
1257 break;
1258 }
1259
1260 if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
1261 ret = KRB5_CC_END;
1262 krb5_set_error_message(context, ret,
1263 N_("Credential of wrong type "
1264 "for SCC:%s", ""),
1265 s->name);
1266 break;
1267 }
1268
1269 data = sqlite3_column_blob(stmt, 0);
1270 len = sqlite3_column_bytes(stmt, 0);
1271
1272 ret = decode_creds(context, data, len, &creds);
1273 if (ret)
1274 break;
1275
1276 ret = krb5_compare_creds(context, which, mcreds, &creds);
1277 krb5_free_cred_contents(context, &creds);
1278 if (ret) {
1279 credid = sqlite3_column_int64(stmt, 1);
1280 ret = 0;
1281 break;
1282 }
1283 }
1284
1285 sqlite3_finalize(stmt);
1286
1287 if (id) {
1288 ret = prepare_stmt(context, s->db, &stmt,
1289 "DELETE FROM credentials WHERE oid=?");
1290 if (ret)
1291 return ret;
1292 sqlite3_bind_int(stmt, 1, credid);
1293
1294 do {
1295 ret = sqlite3_step(stmt);
1296 } while (ret == SQLITE_ROW);
1297 sqlite3_finalize(stmt);
1298 if (ret != SQLITE_DONE) {
1299 ret = KRB5_CC_IO;
1300 krb5_set_error_message(context, ret,
1301 N_("failed to delete scache credental", ""));
1302 } else
1303 ret = 0;
1304 }
1305
1306 return ret;
1307 }
1308
1309 static krb5_error_code KRB5_CALLCONV
1310 scc_set_flags(krb5_context context,
1311 krb5_ccache id,
1312 krb5_flags flags)
1313 {
1314 return 0; /* XXX */
1315 }
1316
1317 struct cache_iter {
1318 char *drop;
1319 char *file;
1320 sqlite3 *db;
1321 sqlite3_stmt *stmt;
1322 };
1323
1324 static krb5_error_code KRB5_CALLCONV
1325 scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
1326 {
1327 struct cache_iter *ctx;
1328 krb5_error_code ret;
1329 char *name = NULL, *str = NULL;
1330
1331 *cursor = NULL;
1332
1333 ctx = calloc(1, sizeof(*ctx));
1334 if (ctx == NULL)
1335 return krb5_enomem(context);
1336
1337 ret = default_db(context, NULL, &ctx->db, &ctx->file);
1338 if (ret) {
1339 free(ctx);
1340 return ret;
1341 }
1342
1343 ret = asprintf(&name, "cacheIteration%pPid%d",
1344 ctx, (int)getpid());
1345 if (ret < 0 || name == NULL) {
1346 sqlite3_close(ctx->db);
1347 free(ctx);
1348 return krb5_enomem(context);
1349 }
1350
1351 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
1352 if (ret < 0 || ctx->drop == NULL) {
1353 sqlite3_close(ctx->db);
1354 free(name);
1355 free(ctx);
1356 return krb5_enomem(context);
1357 }
1358
1359 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches",
1360 name);
1361 if (ret < 0 || str == NULL) {
1362 sqlite3_close(ctx->db);
1363 free(name);
1364 free(ctx->drop);
1365 free(ctx);
1366 return krb5_enomem(context);
1367 }
1368
1369 ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO);
1370 free(str);
1371 str = NULL;
1372 if (ret) {
1373 sqlite3_close(ctx->db);
1374 free(name);
1375 free(ctx->drop);
1376 free(ctx);
1377 return ret;
1378 }
1379
1380 ret = asprintf(&str, "SELECT name FROM %s", name);
1381 if (ret < 0 || str == NULL) {
1382 exec_stmt(context, ctx->db, ctx->drop, 0);
1383 sqlite3_close(ctx->db);
1384 free(name);
1385 free(ctx->drop);
1386 free(ctx);
1387 return krb5_enomem(context);
1388 }
1389 free(name);
1390
1391 ret = prepare_stmt(context, ctx->db, &ctx->stmt, str);
1392 free(str);
1393 if (ret) {
1394 exec_stmt(context, ctx->db, ctx->drop, 0);
1395 sqlite3_close(ctx->db);
1396 free(ctx->drop);
1397 free(ctx);
1398 return ret;
1399 }
1400
1401 *cursor = ctx;
1402
1403 return 0;
1404 }
1405
1406 static krb5_error_code KRB5_CALLCONV
1407 scc_get_cache_next(krb5_context context,
1408 krb5_cc_cursor cursor,
1409 krb5_ccache *id)
1410 {
1411 struct cache_iter *ctx = cursor;
1412 krb5_error_code ret;
1413 const char *name;
1414
1415 again:
1416 ret = sqlite3_step(ctx->stmt);
1417 if (ret == SQLITE_DONE) {
1418 krb5_clear_error_message(context);
1419 return KRB5_CC_END;
1420 } else if (ret != SQLITE_ROW) {
1421 krb5_set_error_message(context, KRB5_CC_IO,
1422 N_("Database failed: %s", ""),
1423 sqlite3_errmsg(ctx->db));
1424 return KRB5_CC_IO;
1425 }
1426
1427 if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT)
1428 goto again;
1429
1430 name = (const char *)sqlite3_column_text(ctx->stmt, 0);
1431 if (name == NULL)
1432 goto again;
1433
1434 ret = _krb5_cc_allocate(context, &krb5_scc_ops, id);
1435 if (ret == 0)
1436 ret = scc_resolve_2(context, id, ctx->file, name);
1437 if (ret) {
1438 free(*id);
1439 *id = NULL;
1440 }
1441 return ret;
1442 }
1443
1444 static krb5_error_code KRB5_CALLCONV
1445 scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
1446 {
1447 struct cache_iter *ctx = cursor;
1448
1449 exec_stmt(context, ctx->db, ctx->drop, 0);
1450 sqlite3_finalize(ctx->stmt);
1451 sqlite3_close(ctx->db);
1452 free(ctx->file);
1453 free(ctx->drop);
1454 free(ctx);
1455 return 0;
1456 }
1457
1458 static krb5_error_code KRB5_CALLCONV
1459 scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1460 {
1461 krb5_scache *sfrom = SCACHE(from);
1462 krb5_scache *sto = SCACHE(to);
1463 krb5_error_code ret;
1464
1465 if (strcmp(sfrom->file, sto->file) != 0) {
1466 /* Let upstairs handle the move */
1467 return EXDEV;
1468 }
1469
1470 ret = make_database(context, sfrom);
1471 if (ret)
1472 return ret;
1473
1474 ret = exec_stmt(context, sfrom->db,
1475 "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
1476 if (ret) return ret;
1477
1478 if (sto->cid != SCACHE_INVALID_CID) {
1479 /* drop old cache entry */
1480
1481 sqlite3_bind_int(sfrom->dcache, 1, sto->cid);
1482 do {
1483 ret = sqlite3_step(sfrom->dcache);
1484 } while (ret == SQLITE_ROW);
1485 sqlite3_reset(sfrom->dcache);
1486 if (ret != SQLITE_DONE) {
1487 krb5_set_error_message(context, KRB5_CC_IO,
1488 N_("Failed to delete old cache: %d", ""),
1489 (int)ret);
1490 goto rollback;
1491 }
1492 }
1493
1494 sqlite3_bind_text(sfrom->ucachen, 1, sto->sub, -1, NULL);
1495 sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid);
1496
1497 do {
1498 ret = sqlite3_step(sfrom->ucachen);
1499 } while (ret == SQLITE_ROW);
1500 sqlite3_reset(sfrom->ucachen);
1501 if (ret != SQLITE_DONE) {
1502 krb5_set_error_message(context, KRB5_CC_IO,
1503 N_("Failed to update new cache: %d", ""),
1504 (int)ret);
1505 goto rollback;
1506 }
1507
1508 sto->cid = sfrom->cid;
1509
1510 ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO);
1511 if (ret) return ret;
1512
1513 krb5_cc_close(context, from);
1514 return 0;
1515
1516 rollback:
1517 exec_stmt(context, sfrom->db, "ROLLBACK", 0);
1518 return KRB5_CC_IO;
1519 }
1520
1521 static krb5_error_code KRB5_CALLCONV
1522 scc_get_default_name(krb5_context context, char **str)
1523 {
1524 *str = NULL;
1525 return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str);
1526 }
1527
1528 static krb5_error_code KRB5_CALLCONV
1529 scc_set_default(krb5_context context, krb5_ccache id)
1530 {
1531 krb5_scache *s = SCACHE(id);
1532 krb5_error_code ret;
1533
1534 if (s->cid == SCACHE_INVALID_CID) {
1535 krb5_set_error_message(context, KRB5_CC_IO,
1536 N_("Trying to set a invalid cache "
1537 "as default %s", ""),
1538 s->name);
1539 return KRB5_CC_IO;
1540 }
1541
1542 ret = sqlite3_bind_text(s->umaster, 1, s->sub, -1, NULL);
1543 if (ret) {
1544 sqlite3_reset(s->umaster);
1545 krb5_set_error_message(context, KRB5_CC_IO,
1546 N_("Failed to set name of default cache", ""));
1547 return KRB5_CC_IO;
1548 }
1549
1550 do {
1551 ret = sqlite3_step(s->umaster);
1552 } while (ret == SQLITE_ROW);
1553 sqlite3_reset(s->umaster);
1554 if (ret != SQLITE_DONE) {
1555 krb5_set_error_message(context, KRB5_CC_IO,
1556 N_("Failed to update default cache", ""));
1557 return KRB5_CC_IO;
1558 }
1559
1560 return 0;
1561 }
1562
1563 /**
1564 * Variable containing the SCC based credential cache implemention.
1565 *
1566 * @ingroup krb5_ccache
1567 */
1568
1569 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = {
1570 KRB5_CC_OPS_VERSION_5,
1571 "SCC",
1572 NULL,
1573 NULL,
1574 scc_gen_new,
1575 scc_initialize,
1576 scc_destroy,
1577 scc_close,
1578 scc_store_cred,
1579 NULL, /* scc_retrieve */
1580 scc_get_principal,
1581 scc_get_first,
1582 scc_get_next,
1583 scc_end_get,
1584 scc_remove_cred,
1585 scc_set_flags,
1586 NULL,
1587 scc_get_cache_first,
1588 scc_get_cache_next,
1589 scc_end_cache_get,
1590 scc_move,
1591 scc_get_default_name,
1592 scc_set_default,
1593 NULL,
1594 NULL,
1595 NULL,
1596 scc_get_name_2,
1597 scc_resolve_2
1598 };
1599
1600 #endif
Heimdal