search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / kcm / events.c
blob520f00b4c22f6ddfe05464578288095d14cd9ae4
1 /*
2 * Copyright (c) 2005, PADL Software Pty Ltd.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * 3. Neither the name of PADL Software nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include "kcm_locl.h"
34
35 __RCSID("$Heimdal: events.c 15294 2005-05-30 01:43:23Z lukeh $"
36 "$NetBSD$");
37
38 /* thread-safe in case we multi-thread later */
39 static HEIMDAL_MUTEX events_mutex = HEIMDAL_MUTEX_INITIALIZER;
40 static kcm_event *events_head = NULL;
41 static time_t last_run = 0;
42
43 static char *action_strings[] = {
44 "NONE", "ACQUIRE_CREDS", "RENEW_CREDS",
45 "DESTROY_CREDS", "DESTROY_EMPTY_CACHE" };
46
47 krb5_error_code
48 kcm_enqueue_event(krb5_context context,
49 kcm_event *event)
50 {
51 krb5_error_code ret;
52
53 if (event->action == KCM_EVENT_NONE) {
54 return 0;
55 }
56
57 HEIMDAL_MUTEX_lock(&events_mutex);
58 ret = kcm_enqueue_event_internal(context, event);
59 HEIMDAL_MUTEX_unlock(&events_mutex);
60
61 return ret;
62 }
63
64 static void
65 print_times(time_t time, char buf[64])
66 {
67 if (time)
68 strftime(buf, 64, "%m-%dT%H:%M", gmtime(&time));
69 else
70 strlcpy(buf, "never", 64);
71 }
72
73 static void
74 log_event(kcm_event *event, char *msg)
75 {
76 char fire_time[64], expire_time[64];
77
78 print_times(event->fire_time, fire_time);
79 print_times(event->expire_time, expire_time);
80
81 kcm_log(7, "%s event %08x: fire_time %s fire_count %d expire_time %s "
82 "backoff_time %d action %s cache %s",
83 msg, event, fire_time, event->fire_count, expire_time,
84 event->backoff_time, action_strings[event->action],
85 event->ccache->name);
86 }
87
88 krb5_error_code
89 kcm_enqueue_event_internal(krb5_context context,
90 kcm_event *event)
91 {
92 kcm_event **e;
93
94 if (event->action == KCM_EVENT_NONE)
95 return 0;
96
97 for (e = &events_head; *e != NULL; e = &(*e)->next)
98 ;
99
100 *e = (kcm_event *)malloc(sizeof(kcm_event));
101 if (*e == NULL) {
102 return KRB5_CC_NOMEM;
103 }
104
105 (*e)->valid = 1;
106 (*e)->fire_time = event->fire_time;
107 (*e)->fire_count = 0;
108 (*e)->expire_time = event->expire_time;
109 (*e)->backoff_time = event->backoff_time;
110
111 (*e)->action = event->action;
112
113 kcm_retain_ccache(context, event->ccache);
114 (*e)->ccache = event->ccache;
115 (*e)->next = NULL;
116
117 log_event(*e, "enqueuing");
118
119 return 0;
120 }
121
122 /*
123 * Dump events list on SIGUSR2
124 */
125 krb5_error_code
126 kcm_debug_events(krb5_context context)
127 {
128 kcm_event *e;
129
130 for (e = events_head; e != NULL; e = e->next)
131 log_event(e, "debug");
132
133 return 0;
134 }
135
136 krb5_error_code
137 kcm_enqueue_event_relative(krb5_context context,
138 kcm_event *event)
139 {
140 krb5_error_code ret;
141 kcm_event e;
142
143 e = *event;
144 e.backoff_time = e.fire_time;
145 e.fire_time += time(NULL);
146
147 ret = kcm_enqueue_event(context, &e);
148
149 return ret;
150 }
151
152 static krb5_error_code
153 kcm_remove_event_internal(krb5_context context,
154 kcm_event **e)
155 {
156 kcm_event *next;
157
158 next = (*e)->next;
159
160 (*e)->valid = 0;
161 (*e)->fire_time = 0;
162 (*e)->fire_count = 0;
163 (*e)->expire_time = 0;
164 (*e)->backoff_time = 0;
165 kcm_release_ccache(context, &(*e)->ccache);
166 (*e)->next = NULL;
167 free(*e);
168
169 *e = next;
170
171 return 0;
172 }
173
174 static int
175 is_primary_credential_p(krb5_context context,
176 kcm_ccache ccache,
177 krb5_creds *newcred)
178 {
179 krb5_flags whichfields;
180
181 if (ccache->client == NULL)
182 return 0;
183
184 if (newcred->client == NULL ||
185 !krb5_principal_compare(context, ccache->client, newcred->client))
186 return 0;
187
188 /* XXX just checks whether it's the first credential in the cache */
189 if (ccache->creds == NULL)
190 return 0;
191
192 whichfields = KRB5_TC_MATCH_KEYTYPE | KRB5_TC_MATCH_FLAGS_EXACT |
193 KRB5_TC_MATCH_TIMES_EXACT | KRB5_TC_MATCH_AUTHDATA |
194 KRB5_TC_MATCH_2ND_TKT | KRB5_TC_MATCH_IS_SKEY;
195
196 return krb5_compare_creds(context, whichfields, newcred, &ccache->creds->cred);
197 }
198
199 /*
200 * Setup default events for a new credential
201 */
202 static krb5_error_code
203 kcm_ccache_make_default_event(krb5_context context,
204 kcm_event *event,
205 krb5_creds *newcred)
206 {
207 krb5_error_code ret = 0;
208 kcm_ccache ccache = event->ccache;
209
210 event->fire_time = 0;
211 event->expire_time = 0;
212 event->backoff_time = KCM_EVENT_DEFAULT_BACKOFF_TIME;
213
214 if (newcred == NULL) {
215 /* no creds, must be acquire creds request */
216 if ((ccache->flags & KCM_MASK_KEY_PRESENT) == 0) {
217 kcm_log(0, "Cannot acquire credentials without a key");
218 return KRB5_FCC_INTERNAL;
219 }
220
221 event->fire_time = time(NULL); /* right away */
222 event->action = KCM_EVENT_ACQUIRE_CREDS;
223 } else if (is_primary_credential_p(context, ccache, newcred)) {
224 if (newcred->flags.b.renewable) {
225 event->action = KCM_EVENT_RENEW_CREDS;
226 ccache->flags |= KCM_FLAGS_RENEWABLE;
227 } else {
228 if (ccache->flags & KCM_MASK_KEY_PRESENT)
229 event->action = KCM_EVENT_ACQUIRE_CREDS;
230 else
231 event->action = KCM_EVENT_NONE;
232 ccache->flags &= ~(KCM_FLAGS_RENEWABLE);
233 }
234 /* requeue with some slop factor */
235 event->fire_time = newcred->times.endtime - KCM_EVENT_QUEUE_INTERVAL;
236 } else {
237 event->action = KCM_EVENT_NONE;
238 }
239
240 return ret;
241 }
242
243 krb5_error_code
244 kcm_ccache_enqueue_default(krb5_context context,
245 kcm_ccache ccache,
246 krb5_creds *newcred)
247 {
248 kcm_event event;
249 krb5_error_code ret;
250
251 memset(&event, 0, sizeof(event));
252 event.ccache = ccache;
253
254 ret = kcm_ccache_make_default_event(context, &event, newcred);
255 if (ret)
256 return ret;
257
258 ret = kcm_enqueue_event_internal(context, &event);
259 if (ret)
260 return ret;
261
262 return 0;
263 }
264
265 krb5_error_code
266 kcm_remove_event(krb5_context context,
267 kcm_event *event)
268 {
269 krb5_error_code ret;
270 kcm_event **e;
271 int found = 0;
272
273 log_event(event, "removing");
274
275 HEIMDAL_MUTEX_lock(&events_mutex);
276 for (e = &events_head; *e != NULL; e = &(*e)->next) {
277 if (event == *e) {
278 *e = event->next;
279 found++;
280 break;
281 }
282 }
283
284 if (!found) {
285 ret = KRB5_CC_NOTFOUND;
286 goto out;
287 }
288
289 ret = kcm_remove_event_internal(context, &event);
290
291 out:
292 HEIMDAL_MUTEX_unlock(&events_mutex);
293
294 return ret;
295 }
296
297 krb5_error_code
298 kcm_cleanup_events(krb5_context context,
299 kcm_ccache ccache)
300 {
301 kcm_event **e;
302
303 KCM_ASSERT_VALID(ccache);
304
305 HEIMDAL_MUTEX_lock(&events_mutex);
306
307 for (e = &events_head; *e != NULL; e = &(*e)->next) {
308 if ((*e)->valid && (*e)->ccache == ccache) {
309 kcm_remove_event_internal(context, e);
310 }
311 if (*e == NULL)
312 break;
313 }
314
315 HEIMDAL_MUTEX_unlock(&events_mutex);
316
317 return 0;
318 }
319
320 static krb5_error_code
321 kcm_fire_event(krb5_context context,
322 kcm_event **e)
323 {
324 kcm_event *event;
325 krb5_error_code ret;
326 krb5_creds *credp = NULL;
327 int oneshot = 1;
328
329 event = *e;
330
331 switch (event->action) {
332 case KCM_EVENT_ACQUIRE_CREDS:
333 ret = kcm_ccache_acquire(context, event->ccache, &credp);
334 oneshot = 0;
335 break;
336 case KCM_EVENT_RENEW_CREDS:
337 ret = kcm_ccache_refresh(context, event->ccache, &credp);
338 if (ret == KRB5KRB_AP_ERR_TKT_EXPIRED) {
339 ret = kcm_ccache_acquire(context, event->ccache, &credp);
340 }
341 oneshot = 0;
342 break;
343 case KCM_EVENT_DESTROY_CREDS:
344 ret = kcm_ccache_destroy(context, event->ccache->name);
345 break;
346 case KCM_EVENT_DESTROY_EMPTY_CACHE:
347 ret = kcm_ccache_destroy_if_empty(context, event->ccache);
348 break;
349 default:
350 ret = KRB5_FCC_INTERNAL;
351 break;
352 }
353
354 event->fire_count++;
355
356 if (ret) {
357 /* Reschedule failed event for another time */
358 event->fire_time += event->backoff_time;
359 if (event->backoff_time < KCM_EVENT_MAX_BACKOFF_TIME)
360 event->backoff_time *= 2;
361
362 /* Remove it if it would never get executed */
363 if (event->expire_time &&
364 event->fire_time > event->expire_time)
365 kcm_remove_event_internal(context, e);
366 } else {
367 if (!oneshot) {
368 char *cpn;
369
370 if (krb5_unparse_name(context, event->ccache->client,
371 &cpn))
372 cpn = NULL;
373
374 kcm_log(0, "%s credentials in cache %s for principal %s",
375 (event->action == KCM_EVENT_ACQUIRE_CREDS) ?
376 "Acquired" : "Renewed",
377 event->ccache->name,
378 (cpn != NULL) ? cpn : "<none>");
379
380 if (cpn != NULL)
381 free(cpn);
382
383 /* Succeeded, but possibly replaced with another event */
384 ret = kcm_ccache_make_default_event(context, event, credp);
385 if (ret || event->action == KCM_EVENT_NONE)
386 oneshot = 1;
387 else
388 log_event(event, "requeuing");
389 }
390 if (oneshot)
391 kcm_remove_event_internal(context, e);
392 }
393
394 return ret;
395 }
396
397 krb5_error_code
398 kcm_run_events(krb5_context context,
399 time_t now)
400 {
401 krb5_error_code ret;
402 kcm_event **e;
403
404 HEIMDAL_MUTEX_lock(&events_mutex);
405
406 /* Only run event queue every N seconds */
407 if (now < last_run + KCM_EVENT_QUEUE_INTERVAL) {
408 HEIMDAL_MUTEX_unlock(&events_mutex);
409 return 0;
410 }
411
412 /* go through events list, fire and expire */
413 for (e = &events_head; *e != NULL; e = &(*e)->next) {
414 if ((*e)->valid == 0)
415 continue;
416
417 if (now >= (*e)->fire_time) {
418 ret = kcm_fire_event(context, e);
419 if (ret) {
420 kcm_log(1, "Could not fire event for cache %s: %s",
421 (*e)->ccache->name, krb5_get_err_text(context, ret));
422 }
423 } else if ((*e)->expire_time && now >= (*e)->expire_time) {
424 ret = kcm_remove_event_internal(context, e);
425 if (ret) {
426 kcm_log(1, "Could not expire event for cache %s: %s",
427 (*e)->ccache->name, krb5_get_err_text(context, ret));
428 }
429 }
430
431 if (*e == NULL)
432 break;
433 }
434
435 last_run = now;
436
437 HEIMDAL_MUTEX_unlock(&events_mutex);
438
439 return 0;
440 }
441
NetBSD on the FriendlyARM MINI2440