search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / kcm / cache.c
blob92d1af26753038be2eb93b15813d91db850f99e5
1 /*
2 * Copyright (c) 2005, PADL Software Pty Ltd.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * 3. Neither the name of PADL Software nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include "kcm_locl.h"
34
35 __RCSID("$Heimdal: cache.c 14566 2005-02-06 01:22:49Z lukeh $"
36 "$NetBSD$");
37
38 static HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER;
39 static kcm_ccache_data *ccache_head = NULL;
40 static unsigned int ccache_nextid = 0;
41
42 char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid)
43 {
44 unsigned n;
45 char *name;
46
47 HEIMDAL_MUTEX_lock(&ccache_mutex);
48 n = ++ccache_nextid;
49 HEIMDAL_MUTEX_unlock(&ccache_mutex);
50
51 asprintf(&name, "%d:%u", uid, n);
52
53 return name;
54 }
55
56 static krb5_error_code
57 kcm_ccache_resolve_internal(krb5_context context,
58 const char *name,
59 kcm_ccache *ccache)
60 {
61 kcm_ccache p;
62 krb5_error_code ret;
63
64 *ccache = NULL;
65
66 ret = KRB5_FCC_NOFILE;
67
68 HEIMDAL_MUTEX_lock(&ccache_mutex);
69
70 for (p = ccache_head; p != NULL; p = p->next) {
71 if ((p->flags & KCM_FLAGS_VALID) == 0)
72 continue;
73 if (strcmp(p->name, name) == 0) {
74 ret = 0;
75 break;
76 }
77 }
78
79 if (ret == 0) {
80 kcm_retain_ccache(context, p);
81 *ccache = p;
82 }
83
84 HEIMDAL_MUTEX_unlock(&ccache_mutex);
85
86 return ret;
87 }
88
89 krb5_error_code kcm_debug_ccache(krb5_context context)
90 {
91 kcm_ccache p;
92
93 for (p = ccache_head; p != NULL; p = p->next) {
94 char *cpn = NULL, *spn = NULL;
95 int ncreds = 0;
96 struct kcm_creds *k;
97
98 if ((p->flags & KCM_FLAGS_VALID) == 0) {
99 kcm_log(7, "cache %08x: empty slot");
100 continue;
101 }
102
103 KCM_ASSERT_VALID(p);
104
105 for (k = p->creds; k != NULL; k = k->next)
106 ncreds++;
107
108 if (p->client != NULL)
109 krb5_unparse_name(context, p->client, &cpn);
110 if (p->server != NULL)
111 krb5_unparse_name(context, p->server, &spn);
112
113 kcm_log(7, "cache %08x: name %s refcnt %d flags %04x mode %04o "
114 "uid %d gid %d client %s server %s ncreds %d",
115 p, p->name, p->refcnt, p->flags, p->mode, p->uid, p->gid,
116 (cpn == NULL) ? "<none>" : cpn,
117 (spn == NULL) ? "<none>" : spn,
118 ncreds);
119
120 if (cpn != NULL)
121 free(cpn);
122 if (spn != NULL)
123 free(spn);
124 }
125
126 return 0;
127 }
128
129 static krb5_error_code
130 kcm_ccache_destroy_internal(krb5_context context, const char *name)
131 {
132 kcm_ccache *p;
133 krb5_error_code ret;
134
135 ret = KRB5_FCC_NOFILE;
136
137 HEIMDAL_MUTEX_lock(&ccache_mutex);
138 for (p = &ccache_head; *p != NULL; p = &(*p)->next) {
139 if (((*p)->flags & KCM_FLAGS_VALID) == 0)
140 continue;
141 if (strcmp((*p)->name, name) == 0) {
142 ret = 0;
143 break;
144 }
145 }
146
147 if (ret)
148 goto out;
149
150 kcm_release_ccache(context, p);
151
152 out:
153 HEIMDAL_MUTEX_unlock(&ccache_mutex);
154
155 return ret;
156 }
157
158 static krb5_error_code
159 kcm_ccache_alloc(krb5_context context,
160 const char *name,
161 kcm_ccache *ccache)
162 {
163 kcm_ccache slot = NULL, p;
164 krb5_error_code ret;
165 int new_slot = 0;
166
167 *ccache = NULL;
168
169 /* First, check for duplicates */
170 HEIMDAL_MUTEX_lock(&ccache_mutex);
171 ret = 0;
172 for (p = ccache_head; p != NULL; p = p->next) {
173 if (p->flags & KCM_FLAGS_VALID) {
174 if (strcmp(p->name, name) == 0) {
175 ret = KRB5_CC_WRITE;
176 break;
177 }
178 } else if (slot == NULL)
179 slot = p;
180 }
181
182 if (ret)
183 goto out;
184
185 /*
186 * Then try and find an empty slot
187 * XXX we need to recycle slots for this to actually do anything
188 */
189 if (slot == NULL) {
190 for (; p != NULL; p = p->next) {
191 if ((p->flags & KCM_FLAGS_VALID) == 0) {
192 slot = p;
193 break;
194 }
195 }
196
197 if (slot == NULL) {
198 slot = (kcm_ccache_data *)malloc(sizeof(*slot));
199 if (slot == NULL) {
200 ret = KRB5_CC_NOMEM;
201 goto out;
202 }
203 slot->next = ccache_head;
204 HEIMDAL_MUTEX_init(&slot->mutex);
205 new_slot = 1;
206 }
207 }
208
209 slot->name = strdup(name);
210 if (slot->name == NULL) {
211 ret = KRB5_CC_NOMEM;
212 goto out;
213 }
214
215 slot->refcnt = 1;
216 slot->flags = KCM_FLAGS_VALID;
217 slot->mode = S_IRUSR | S_IWUSR;
218 slot->uid = -1;
219 slot->gid = -1;
220 slot->client = NULL;
221 slot->server = NULL;
222 slot->creds = NULL;
223 slot->n_cursor = 0;
224 slot->cursors = NULL;
225 slot->key.keytab = NULL;
226 slot->tkt_life = 0;
227 slot->renew_life = 0;
228
229 if (new_slot)
230 ccache_head = slot;
231
232 *ccache = slot;
233
234 HEIMDAL_MUTEX_unlock(&ccache_mutex);
235 return 0;
236
237 out:
238 HEIMDAL_MUTEX_unlock(&ccache_mutex);
239 if (new_slot && slot != NULL) {
240 HEIMDAL_MUTEX_destroy(&slot->mutex);
241 free(slot);
242 }
243 return ret;
244 }
245
246 krb5_error_code
247 kcm_ccache_remove_creds_internal(krb5_context context,
248 kcm_ccache ccache)
249 {
250 struct kcm_creds *k;
251 struct kcm_cursor *c;
252
253 k = ccache->creds;
254 while (k != NULL) {
255 struct kcm_creds *old;
256
257 krb5_free_cred_contents(context, &k->cred);
258 old = k;
259 k = k->next;
260 free(old);
261 }
262 ccache->creds = NULL;
263
264 /* remove anything that would have pointed into the creds too */
265
266 ccache->n_cursor = 0;
267
268 c = ccache->cursors;
269 while (c != NULL) {
270 struct kcm_cursor *old;
271
272 old = c;
273 c = c->next;
274 free(old);
275 }
276 ccache->cursors = NULL;
277
278 return 0;
279 }
280
281 krb5_error_code
282 kcm_ccache_remove_creds(krb5_context context,
283 kcm_ccache ccache)
284 {
285 krb5_error_code ret;
286
287 KCM_ASSERT_VALID(ccache);
288
289 HEIMDAL_MUTEX_lock(&ccache->mutex);
290 ret = kcm_ccache_remove_creds_internal(context, ccache);
291 HEIMDAL_MUTEX_unlock(&ccache->mutex);
292
293 return ret;
294 }
295
296 krb5_error_code
297 kcm_zero_ccache_data_internal(krb5_context context,
298 kcm_ccache_data *cache)
299 {
300 if (cache->client != NULL) {
301 krb5_free_principal(context, cache->client);
302 cache->client = NULL;
303 }
304
305 if (cache->server != NULL) {
306 krb5_free_principal(context, cache->server);
307 cache->server = NULL;
308 }
309
310 kcm_ccache_remove_creds_internal(context, cache);
311
312 return 0;
313 }
314
315 krb5_error_code
316 kcm_zero_ccache_data(krb5_context context,
317 kcm_ccache cache)
318 {
319 krb5_error_code ret;
320
321 KCM_ASSERT_VALID(cache);
322
323 HEIMDAL_MUTEX_lock(&cache->mutex);
324 ret = kcm_zero_ccache_data_internal(context, cache);
325 HEIMDAL_MUTEX_unlock(&cache->mutex);
326
327 return ret;
328 }
329
330 static krb5_error_code
331 kcm_free_ccache_data_internal(krb5_context context,
332 kcm_ccache_data *cache)
333 {
334 KCM_ASSERT_VALID(cache);
335
336 if (cache->name != NULL) {
337 free(cache->name);
338 cache->name = NULL;
339 }
340
341 if (cache->flags & KCM_FLAGS_USE_KEYTAB) {
342 krb5_kt_close(context, cache->key.keytab);
343 cache->key.keytab = NULL;
344 } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) {
345 krb5_free_keyblock_contents(context, &cache->key.keyblock);
346 krb5_keyblock_zero(&cache->key.keyblock);
347 }
348
349 cache->flags = 0;
350 cache->mode = 0;
351 cache->uid = -1;
352 cache->gid = -1;
353
354 kcm_zero_ccache_data_internal(context, cache);
355
356 cache->tkt_life = 0;
357 cache->renew_life = 0;
358
359 cache->next = NULL;
360 cache->refcnt = 0;
361
362 HEIMDAL_MUTEX_unlock(&cache->mutex);
363 HEIMDAL_MUTEX_destroy(&cache->mutex);
364
365 return 0;
366 }
367
368 krb5_error_code
369 kcm_retain_ccache(krb5_context context,
370 kcm_ccache ccache)
371 {
372 KCM_ASSERT_VALID(ccache);
373
374 HEIMDAL_MUTEX_lock(&ccache->mutex);
375 ccache->refcnt++;
376 HEIMDAL_MUTEX_unlock(&ccache->mutex);
377
378 return 0;
379 }
380
381 krb5_error_code
382 kcm_release_ccache(krb5_context context,
383 kcm_ccache *ccache)
384 {
385 kcm_ccache c = *ccache;
386 krb5_error_code ret = 0;
387
388 KCM_ASSERT_VALID(c);
389
390 HEIMDAL_MUTEX_lock(&c->mutex);
391 if (c->refcnt == 1) {
392 ret = kcm_free_ccache_data_internal(context, c);
393 if (ret == 0)
394 free(c);
395 } else {
396 c->refcnt--;
397 HEIMDAL_MUTEX_unlock(&c->mutex);
398 }
399
400 *ccache = NULL;
401
402 return ret;
403 }
404
405 krb5_error_code
406 kcm_ccache_gen_new(krb5_context context,
407 pid_t pid,
408 uid_t uid,
409 gid_t gid,
410 kcm_ccache *ccache)
411 {
412 krb5_error_code ret;
413 char *name;
414
415 name = kcm_ccache_nextid(pid, uid, gid);
416 if (name == NULL) {
417 return KRB5_CC_NOMEM;
418 }
419
420 ret = kcm_ccache_new(context, name, ccache);
421
422 free(name);
423 return ret;
424 }
425
426 krb5_error_code
427 kcm_ccache_new(krb5_context context,
428 const char *name,
429 kcm_ccache *ccache)
430 {
431 krb5_error_code ret;
432
433 ret = kcm_ccache_alloc(context, name, ccache);
434 if (ret == 0) {
435 /*
436 * one reference is held by the linked list,
437 * one by the caller
438 */
439 kcm_retain_ccache(context, *ccache);
440 }
441
442 return ret;
443 }
444
445 krb5_error_code
446 kcm_ccache_resolve(krb5_context context,
447 const char *name,
448 kcm_ccache *ccache)
449 {
450 krb5_error_code ret;
451
452 ret = kcm_ccache_resolve_internal(context, name, ccache);
453
454 return ret;
455 }
456
457 krb5_error_code
458 kcm_ccache_destroy(krb5_context context,
459 const char *name)
460 {
461 krb5_error_code ret;
462
463 ret = kcm_ccache_destroy_internal(context, name);
464
465 return ret;
466 }
467
468 krb5_error_code
469 kcm_ccache_destroy_if_empty(krb5_context context,
470 kcm_ccache ccache)
471 {
472 krb5_error_code ret;
473
474 KCM_ASSERT_VALID(ccache);
475
476 if (ccache->creds == NULL) {
477 ret = kcm_ccache_destroy_internal(context, ccache->name);
478 } else
479 ret = 0;
480
481 return ret;
482 }
483
484 krb5_error_code
485 kcm_ccache_store_cred(krb5_context context,
486 kcm_ccache ccache,
487 krb5_creds *creds,
488 int copy)
489 {
490 krb5_error_code ret;
491 krb5_creds *tmp;
492
493 KCM_ASSERT_VALID(ccache);
494
495 HEIMDAL_MUTEX_lock(&ccache->mutex);
496 ret = kcm_ccache_store_cred_internal(context, ccache, creds, copy, &tmp);
497 HEIMDAL_MUTEX_unlock(&ccache->mutex);
498
499 return ret;
500 }
501
502 krb5_error_code
503 kcm_ccache_store_cred_internal(krb5_context context,
504 kcm_ccache ccache,
505 krb5_creds *creds,
506 int copy,
507 krb5_creds **credp)
508 {
509 struct kcm_creds **c;
510 krb5_error_code ret;
511
512 for (c = &ccache->creds; *c != NULL; c = &(*c)->next)
513 ;
514
515 *c = (struct kcm_creds *)malloc(sizeof(struct kcm_creds));
516 if (*c == NULL) {
517 return KRB5_CC_NOMEM;
518 }
519
520 *credp = &(*c)->cred;
521
522 if (copy) {
523 ret = krb5_copy_creds_contents(context, creds, *credp);
524 if (ret) {
525 free(*c);
526 *c = NULL;
527 }
528 } else {
529 **credp = *creds;
530 ret = 0;
531 }
532
533 (*c)->next = NULL;
534
535 return ret;
536 }
537
538 static void
539 remove_cred(krb5_context context,
540 struct kcm_creds **c)
541 {
542 struct kcm_creds *cred;
543
544 cred = *c;
545
546 *c = cred->next;
547
548 krb5_free_cred_contents(context, &cred->cred);
549 free(cred);
550 }
551
552 krb5_error_code
553 kcm_ccache_remove_cred_internal(krb5_context context,
554 kcm_ccache ccache,
555 krb5_flags whichfields,
556 const krb5_creds *mcreds)
557 {
558 krb5_error_code ret;
559 struct kcm_creds **c;
560
561 ret = KRB5_CC_NOTFOUND;
562
563 for (c = &ccache->creds; *c != NULL; c = &(*c)->next) {
564 if (krb5_compare_creds(context, whichfields, mcreds, &(*c)->cred)) {
565 remove_cred(context, c);
566 ret = 0;
567 }
568 }
569
570 return ret;
571 }
572
573 krb5_error_code
574 kcm_ccache_remove_cred(krb5_context context,
575 kcm_ccache ccache,
576 krb5_flags whichfields,
577 const krb5_creds *mcreds)
578 {
579 krb5_error_code ret;
580
581 KCM_ASSERT_VALID(ccache);
582
583 HEIMDAL_MUTEX_lock(&ccache->mutex);
584 ret = kcm_ccache_remove_cred_internal(context, ccache, whichfields, mcreds);
585 HEIMDAL_MUTEX_unlock(&ccache->mutex);
586
587 return ret;
588 }
589
590 krb5_error_code
591 kcm_ccache_retrieve_cred_internal(krb5_context context,
592 kcm_ccache ccache,
593 krb5_flags whichfields,
594 const krb5_creds *mcreds,
595 krb5_creds **creds)
596 {
597 krb5_boolean match;
598 struct kcm_creds *c;
599 krb5_error_code ret;
600
601 memset(creds, 0, sizeof(*creds));
602
603 ret = KRB5_CC_END;
604
605 match = FALSE;
606 for (c = ccache->creds; c != NULL; c = c->next) {
607 match = krb5_compare_creds(context, whichfields, mcreds, &c->cred);
608 if (match)
609 break;
610 }
611
612 if (match) {
613 ret = 0;
614 *creds = &c->cred;
615 }
616
617 return ret;
618 }
619
620 krb5_error_code
621 kcm_ccache_retrieve_cred(krb5_context context,
622 kcm_ccache ccache,
623 krb5_flags whichfields,
624 const krb5_creds *mcreds,
625 krb5_creds **credp)
626 {
627 krb5_error_code ret;
628
629 KCM_ASSERT_VALID(ccache);
630
631 HEIMDAL_MUTEX_lock(&ccache->mutex);
632 ret = kcm_ccache_retrieve_cred_internal(context, ccache,
633 whichfields, mcreds, credp);
634 HEIMDAL_MUTEX_unlock(&ccache->mutex);
635
636 return ret;
637 }
NetBSD on the FriendlyARM MINI2440