search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / kcm / protocol.c
blobe360f49d615e6e5f010673ec67230a052ff0adbf
1 /*
2 * Copyright (c) 2005, PADL Software Pty Ltd.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * 3. Neither the name of PADL Software nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include "kcm_locl.h"
34
35 __RCSID("$Heimdal: protocol.c 22112 2007-12-03 19:34:33Z lha $"
36 "$NetBSD$");
37
38 static krb5_error_code
39 kcm_op_noop(krb5_context context,
40 kcm_client *client,
41 kcm_operation opcode,
42 krb5_storage *request,
43 krb5_storage *response)
44 {
45 KCM_LOG_REQUEST(context, client, opcode);
46
47 return 0;
48 }
49
50 /*
51 * Request:
52 * NameZ
53 * Response:
54 * NameZ
55 *
56 */
57 static krb5_error_code
58 kcm_op_get_name(krb5_context context,
59 kcm_client *client,
60 kcm_operation opcode,
61 krb5_storage *request,
62 krb5_storage *response)
63
64 {
65 krb5_error_code ret;
66 char *name = NULL;
67 kcm_ccache ccache;
68
69 ret = krb5_ret_stringz(request, &name);
70 if (ret)
71 return ret;
72
73 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
74
75 ret = kcm_ccache_resolve_client(context, client, opcode,
76 name, &ccache);
77 if (ret) {
78 free(name);
79 return ret;
80 }
81
82 ret = krb5_store_stringz(response, ccache->name);
83 if (ret) {
84 kcm_release_ccache(context, &ccache);
85 free(name);
86 return ret;
87 }
88
89 free(name);
90 kcm_release_ccache(context, &ccache);
91 return 0;
92 }
93
94 /*
95 * Request:
96 *
97 * Response:
98 * NameZ
99 */
100 static krb5_error_code
101 kcm_op_gen_new(krb5_context context,
102 kcm_client *client,
103 kcm_operation opcode,
104 krb5_storage *request,
105 krb5_storage *response)
106 {
107 krb5_error_code ret;
108 char *name;
109
110 KCM_LOG_REQUEST(context, client, opcode);
111
112 name = kcm_ccache_nextid(client->pid, client->uid, client->gid);
113 if (name == NULL) {
114 return KRB5_CC_NOMEM;
115 }
116
117 ret = krb5_store_stringz(response, name);
118 free(name);
119
120 return ret;
121 }
122
123 /*
124 * Request:
125 * NameZ
126 * Principal
127 *
128 * Response:
129 *
130 */
131 static krb5_error_code
132 kcm_op_initialize(krb5_context context,
133 kcm_client *client,
134 kcm_operation opcode,
135 krb5_storage *request,
136 krb5_storage *response)
137 {
138 kcm_ccache ccache;
139 krb5_principal principal;
140 krb5_error_code ret;
141 char *name;
142 #if 0
143 kcm_event event;
144 #endif
145
146 KCM_LOG_REQUEST(context, client, opcode);
147
148 ret = krb5_ret_stringz(request, &name);
149 if (ret)
150 return ret;
151
152 ret = krb5_ret_principal(request, &principal);
153 if (ret) {
154 free(name);
155 return ret;
156 }
157
158 ret = kcm_ccache_new_client(context, client, name, &ccache);
159 if (ret) {
160 free(name);
161 krb5_free_principal(context, principal);
162 return ret;
163 }
164
165 ccache->client = principal;
166
167 free(name);
168
169 #if 0
170 /*
171 * Create a new credentials cache. To mitigate DoS attacks we will
172 * expire it in 30 minutes unless it has some credentials added
173 * to it
174 */
175
176 event.fire_time = 30 * 60;
177 event.expire_time = 0;
178 event.backoff_time = 0;
179 event.action = KCM_EVENT_DESTROY_EMPTY_CACHE;
180 event.ccache = ccache;
181
182 ret = kcm_enqueue_event_relative(context, &event);
183 #endif
184
185 kcm_release_ccache(context, &ccache);
186
187 return ret;
188 }
189
190 /*
191 * Request:
192 * NameZ
193 *
194 * Response:
195 *
196 */
197 static krb5_error_code
198 kcm_op_destroy(krb5_context context,
199 kcm_client *client,
200 kcm_operation opcode,
201 krb5_storage *request,
202 krb5_storage *response)
203 {
204 krb5_error_code ret;
205 char *name;
206
207 ret = krb5_ret_stringz(request, &name);
208 if (ret)
209 return ret;
210
211 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
212
213 ret = kcm_ccache_destroy_client(context, client, name);
214
215 free(name);
216
217 return ret;
218 }
219
220 /*
221 * Request:
222 * NameZ
223 * Creds
224 *
225 * Response:
226 *
227 */
228 static krb5_error_code
229 kcm_op_store(krb5_context context,
230 kcm_client *client,
231 kcm_operation opcode,
232 krb5_storage *request,
233 krb5_storage *response)
234 {
235 krb5_creds creds;
236 krb5_error_code ret;
237 kcm_ccache ccache;
238 char *name;
239
240 ret = krb5_ret_stringz(request, &name);
241 if (ret)
242 return ret;
243
244 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
245
246 ret = krb5_ret_creds(request, &creds);
247 if (ret) {
248 free(name);
249 return ret;
250 }
251
252 ret = kcm_ccache_resolve_client(context, client, opcode,
253 name, &ccache);
254 if (ret) {
255 free(name);
256 krb5_free_cred_contents(context, &creds);
257 return ret;
258 }
259
260 ret = kcm_ccache_store_cred(context, ccache, &creds, 0);
261 if (ret) {
262 free(name);
263 krb5_free_cred_contents(context, &creds);
264 kcm_release_ccache(context, &ccache);
265 return ret;
266 }
267
268 kcm_ccache_enqueue_default(context, ccache, &creds);
269
270 free(name);
271 kcm_release_ccache(context, &ccache);
272
273 return 0;
274 }
275
276 /*
277 * Request:
278 * NameZ
279 * WhichFields
280 * MatchCreds
281 *
282 * Response:
283 * Creds
284 *
285 */
286 static krb5_error_code
287 kcm_op_retrieve(krb5_context context,
288 kcm_client *client,
289 kcm_operation opcode,
290 krb5_storage *request,
291 krb5_storage *response)
292 {
293 uint32_t flags;
294 krb5_creds mcreds;
295 krb5_error_code ret;
296 kcm_ccache ccache;
297 char *name;
298 krb5_creds *credp;
299 int free_creds = 0;
300
301 ret = krb5_ret_stringz(request, &name);
302 if (ret)
303 return ret;
304
305 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
306
307 ret = krb5_ret_uint32(request, &flags);
308 if (ret) {
309 free(name);
310 return ret;
311 }
312
313 ret = krb5_ret_creds_tag(request, &mcreds);
314 if (ret) {
315 free(name);
316 return ret;
317 }
318
319 if (disallow_getting_krbtgt &&
320 mcreds.server->name.name_string.len == 2 &&
321 strcmp(mcreds.server->name.name_string.val[0], KRB5_TGS_NAME) == 0)
322 {
323 free(name);
324 krb5_free_cred_contents(context, &mcreds);
325 return KRB5_FCC_PERM;
326 }
327
328 ret = kcm_ccache_resolve_client(context, client, opcode,
329 name, &ccache);
330 if (ret) {
331 free(name);
332 krb5_free_cred_contents(context, &mcreds);
333 return ret;
334 }
335
336 ret = kcm_ccache_retrieve_cred(context, ccache, flags,
337 &mcreds, &credp);
338 if (ret && ((flags & KRB5_GC_CACHED) == 0)) {
339 krb5_ccache_data ccdata;
340
341 /* try and acquire */
342 HEIMDAL_MUTEX_lock(&ccache->mutex);
343
344 /* Fake up an internal ccache */
345 kcm_internal_ccache(context, ccache, &ccdata);
346
347 /* glue cc layer will store creds */
348 ret = krb5_get_credentials(context, 0, &ccdata, &mcreds, &credp);
349 if (ret == 0)
350 free_creds = 1;
351
352 HEIMDAL_MUTEX_unlock(&ccache->mutex);
353 }
354
355 if (ret == 0) {
356 ret = krb5_store_creds(response, credp);
357 }
358
359 free(name);
360 krb5_free_cred_contents(context, &mcreds);
361 kcm_release_ccache(context, &ccache);
362
363 if (free_creds)
364 krb5_free_cred_contents(context, credp);
365
366 return ret;
367 }
368
369 /*
370 * Request:
371 * NameZ
372 *
373 * Response:
374 * Principal
375 */
376 static krb5_error_code
377 kcm_op_get_principal(krb5_context context,
378 kcm_client *client,
379 kcm_operation opcode,
380 krb5_storage *request,
381 krb5_storage *response)
382 {
383 krb5_error_code ret;
384 kcm_ccache ccache;
385 char *name;
386
387 ret = krb5_ret_stringz(request, &name);
388 if (ret)
389 return ret;
390
391 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
392
393 ret = kcm_ccache_resolve_client(context, client, opcode,
394 name, &ccache);
395 if (ret) {
396 free(name);
397 return ret;
398 }
399
400 if (ccache->client == NULL)
401 ret = KRB5_CC_NOTFOUND;
402 else
403 ret = krb5_store_principal(response, ccache->client);
404
405 free(name);
406 kcm_release_ccache(context, &ccache);
407
408 return 0;
409 }
410
411 /*
412 * Request:
413 * NameZ
414 *
415 * Response:
416 * Cursor
417 *
418 */
419 static krb5_error_code
420 kcm_op_get_first(krb5_context context,
421 kcm_client *client,
422 kcm_operation opcode,
423 krb5_storage *request,
424 krb5_storage *response)
425 {
426 krb5_error_code ret;
427 kcm_ccache ccache;
428 uint32_t cursor;
429 char *name;
430
431 ret = krb5_ret_stringz(request, &name);
432 if (ret)
433 return ret;
434
435 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
436
437 ret = kcm_ccache_resolve_client(context, client, opcode,
438 name, &ccache);
439 if (ret) {
440 free(name);
441 return ret;
442 }
443
444 ret = kcm_cursor_new(context, client->pid, ccache, &cursor);
445 if (ret) {
446 kcm_release_ccache(context, &ccache);
447 free(name);
448 return ret;
449 }
450
451 ret = krb5_store_int32(response, cursor);
452
453 free(name);
454 kcm_release_ccache(context, &ccache);
455
456 return ret;
457 }
458
459 /*
460 * Request:
461 * NameZ
462 * Cursor
463 *
464 * Response:
465 * Creds
466 */
467 static krb5_error_code
468 kcm_op_get_next(krb5_context context,
469 kcm_client *client,
470 kcm_operation opcode,
471 krb5_storage *request,
472 krb5_storage *response)
473 {
474 krb5_error_code ret;
475 kcm_ccache ccache;
476 char *name;
477 uint32_t cursor;
478 kcm_cursor *c;
479
480 ret = krb5_ret_stringz(request, &name);
481 if (ret)
482 return ret;
483
484 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
485
486 ret = krb5_ret_uint32(request, &cursor);
487 if (ret) {
488 free(name);
489 return ret;
490 }
491
492 ret = kcm_ccache_resolve_client(context, client, opcode,
493 name, &ccache);
494 if (ret) {
495 free(name);
496 return ret;
497 }
498
499 ret = kcm_cursor_find(context, client->pid, ccache, cursor, &c);
500 if (ret) {
501 kcm_release_ccache(context, &ccache);
502 free(name);
503 return ret;
504 }
505
506 HEIMDAL_MUTEX_lock(&ccache->mutex);
507 if (c->credp == NULL) {
508 ret = KRB5_CC_END;
509 } else {
510 ret = krb5_store_creds(response, &c->credp->cred);
511 c->credp = c->credp->next;
512 }
513 HEIMDAL_MUTEX_unlock(&ccache->mutex);
514
515 free(name);
516 kcm_release_ccache(context, &ccache);
517
518 return ret;
519 }
520
521 /*
522 * Request:
523 * NameZ
524 * Cursor
525 *
526 * Response:
527 *
528 */
529 static krb5_error_code
530 kcm_op_end_get(krb5_context context,
531 kcm_client *client,
532 kcm_operation opcode,
533 krb5_storage *request,
534 krb5_storage *response)
535 {
536 krb5_error_code ret;
537 kcm_ccache ccache;
538 uint32_t cursor;
539 char *name;
540
541 ret = krb5_ret_stringz(request, &name);
542 if (ret)
543 return ret;
544
545 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
546
547 ret = krb5_ret_uint32(request, &cursor);
548 if (ret) {
549 free(name);
550 return ret;
551 }
552
553 ret = kcm_ccache_resolve_client(context, client, opcode,
554 name, &ccache);
555 if (ret) {
556 free(name);
557 return ret;
558 }
559
560 ret = kcm_cursor_delete(context, client->pid, ccache, cursor);
561
562 free(name);
563 kcm_release_ccache(context, &ccache);
564
565 return ret;
566 }
567
568 /*
569 * Request:
570 * NameZ
571 * WhichFields
572 * MatchCreds
573 *
574 * Response:
575 *
576 */
577 static krb5_error_code
578 kcm_op_remove_cred(krb5_context context,
579 kcm_client *client,
580 kcm_operation opcode,
581 krb5_storage *request,
582 krb5_storage *response)
583 {
584 uint32_t whichfields;
585 krb5_creds mcreds;
586 krb5_error_code ret;
587 kcm_ccache ccache;
588 char *name;
589
590 ret = krb5_ret_stringz(request, &name);
591 if (ret)
592 return ret;
593
594 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
595
596 ret = krb5_ret_uint32(request, &whichfields);
597 if (ret) {
598 free(name);
599 return ret;
600 }
601
602 ret = krb5_ret_creds_tag(request, &mcreds);
603 if (ret) {
604 free(name);
605 return ret;
606 }
607
608 ret = kcm_ccache_resolve_client(context, client, opcode,
609 name, &ccache);
610 if (ret) {
611 free(name);
612 krb5_free_cred_contents(context, &mcreds);
613 return ret;
614 }
615
616 ret = kcm_ccache_remove_cred(context, ccache, whichfields, &mcreds);
617
618 /* XXX need to remove any events that match */
619
620 free(name);
621 krb5_free_cred_contents(context, &mcreds);
622 kcm_release_ccache(context, &ccache);
623
624 return ret;
625 }
626
627 /*
628 * Request:
629 * NameZ
630 * Flags
631 *
632 * Response:
633 *
634 */
635 static krb5_error_code
636 kcm_op_set_flags(krb5_context context,
637 kcm_client *client,
638 kcm_operation opcode,
639 krb5_storage *request,
640 krb5_storage *response)
641 {
642 uint32_t flags;
643 krb5_error_code ret;
644 kcm_ccache ccache;
645 char *name;
646
647 ret = krb5_ret_stringz(request, &name);
648 if (ret)
649 return ret;
650
651 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
652
653 ret = krb5_ret_uint32(request, &flags);
654 if (ret) {
655 free(name);
656 return ret;
657 }
658
659 ret = kcm_ccache_resolve_client(context, client, opcode,
660 name, &ccache);
661 if (ret) {
662 free(name);
663 return ret;
664 }
665
666 /* we don't really support any flags yet */
667 free(name);
668 kcm_release_ccache(context, &ccache);
669
670 return 0;
671 }
672
673 /*
674 * Request:
675 * NameZ
676 * UID
677 * GID
678 *
679 * Response:
680 *
681 */
682 static krb5_error_code
683 kcm_op_chown(krb5_context context,
684 kcm_client *client,
685 kcm_operation opcode,
686 krb5_storage *request,
687 krb5_storage *response)
688 {
689 uint32_t uid;
690 uint32_t gid;
691 krb5_error_code ret;
692 kcm_ccache ccache;
693 char *name;
694
695 ret = krb5_ret_stringz(request, &name);
696 if (ret)
697 return ret;
698
699 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
700
701 ret = krb5_ret_uint32(request, &uid);
702 if (ret) {
703 free(name);
704 return ret;
705 }
706
707 ret = krb5_ret_uint32(request, &gid);
708 if (ret) {
709 free(name);
710 return ret;
711 }
712
713 ret = kcm_ccache_resolve_client(context, client, opcode,
714 name, &ccache);
715 if (ret) {
716 free(name);
717 return ret;
718 }
719
720 ret = kcm_chown(context, client, ccache, uid, gid);
721
722 free(name);
723 kcm_release_ccache(context, &ccache);
724
725 return ret;
726 }
727
728 /*
729 * Request:
730 * NameZ
731 * Mode
732 *
733 * Response:
734 *
735 */
736 static krb5_error_code
737 kcm_op_chmod(krb5_context context,
738 kcm_client *client,
739 kcm_operation opcode,
740 krb5_storage *request,
741 krb5_storage *response)
742 {
743 uint16_t mode;
744 krb5_error_code ret;
745 kcm_ccache ccache;
746 char *name;
747
748 ret = krb5_ret_stringz(request, &name);
749 if (ret)
750 return ret;
751
752 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
753
754 ret = krb5_ret_uint16(request, &mode);
755 if (ret) {
756 free(name);
757 return ret;
758 }
759
760 ret = kcm_ccache_resolve_client(context, client, opcode,
761 name, &ccache);
762 if (ret) {
763 free(name);
764 return ret;
765 }
766
767 ret = kcm_chmod(context, client, ccache, mode);
768
769 free(name);
770 kcm_release_ccache(context, &ccache);
771
772 return ret;
773 }
774
775 /*
776 * Protocol extensions for moving ticket acquisition responsibility
777 * from client to KCM follow.
778 */
779
780 /*
781 * Request:
782 * NameZ
783 * ServerPrincipalPresent
784 * ServerPrincipal OPTIONAL
785 * Key
786 *
787 * Repsonse:
788 *
789 */
790 static krb5_error_code
791 kcm_op_get_initial_ticket(krb5_context context,
792 kcm_client *client,
793 kcm_operation opcode,
794 krb5_storage *request,
795 krb5_storage *response)
796 {
797 krb5_error_code ret;
798 kcm_ccache ccache;
799 char *name;
800 int8_t not_tgt = 0;
801 krb5_principal server = NULL;
802 krb5_keyblock key;
803
804 krb5_keyblock_zero(&key);
805
806 ret = krb5_ret_stringz(request, &name);
807 if (ret)
808 return ret;
809
810 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
811
812 ret = krb5_ret_int8(request, &not_tgt);
813 if (ret) {
814 free(name);
815 return ret;
816 }
817
818 if (not_tgt) {
819 ret = krb5_ret_principal(request, &server);
820 if (ret) {
821 free(name);
822 return ret;
823 }
824 }
825
826 ret = krb5_ret_keyblock(request, &key);
827 if (ret) {
828 free(name);
829 if (server != NULL)
830 krb5_free_principal(context, server);
831 return ret;
832 }
833
834 ret = kcm_ccache_resolve_client(context, client, opcode,
835 name, &ccache);
836 if (ret == 0) {
837 HEIMDAL_MUTEX_lock(&ccache->mutex);
838
839 if (ccache->server != NULL) {
840 krb5_free_principal(context, ccache->server);
841 ccache->server = NULL;
842 }
843
844 krb5_free_keyblock(context, &ccache->key.keyblock);
845
846 ccache->server = server;
847 ccache->key.keyblock = key;
848 ccache->flags |= KCM_FLAGS_USE_CACHED_KEY;
849
850 ret = kcm_ccache_enqueue_default(context, ccache, NULL);
851 if (ret) {
852 ccache->server = NULL;
853 krb5_keyblock_zero(&ccache->key.keyblock);
854 ccache->flags &= ~(KCM_FLAGS_USE_CACHED_KEY);
855 }
856
857 HEIMDAL_MUTEX_unlock(&ccache->mutex);
858 }
859
860 free(name);
861
862 if (ret != 0) {
863 krb5_free_principal(context, server);
864 krb5_free_keyblock(context, &key);
865 }
866
867 kcm_release_ccache(context, &ccache);
868
869 return ret;
870 }
871
872 /*
873 * Request:
874 * NameZ
875 * ServerPrincipal
876 * KDCFlags
877 * EncryptionType
878 *
879 * Repsonse:
880 *
881 */
882 static krb5_error_code
883 kcm_op_get_ticket(krb5_context context,
884 kcm_client *client,
885 kcm_operation opcode,
886 krb5_storage *request,
887 krb5_storage *response)
888 {
889 krb5_error_code ret;
890 kcm_ccache ccache;
891 char *name;
892 krb5_principal server = NULL;
893 krb5_ccache_data ccdata;
894 krb5_creds in, *out;
895 krb5_kdc_flags flags;
896
897 memset(&in, 0, sizeof(in));
898
899 ret = krb5_ret_stringz(request, &name);
900 if (ret)
901 return ret;
902
903 KCM_LOG_REQUEST_NAME(context, client, opcode, name);
904
905 ret = krb5_ret_uint32(request, &flags.i);
906 if (ret) {
907 free(name);
908 return ret;
909 }
910
911 ret = krb5_ret_int32(request, &in.session.keytype);
912 if (ret) {
913 free(name);
914 return ret;
915 }
916
917 ret = krb5_ret_principal(request, &server);
918 if (ret) {
919 free(name);
920 return ret;
921 }
922
923 ret = kcm_ccache_resolve_client(context, client, opcode,
924 name, &ccache);
925 if (ret) {
926 krb5_free_principal(context, server);
927 free(name);
928 return ret;
929 }
930
931 HEIMDAL_MUTEX_lock(&ccache->mutex);
932
933 /* Fake up an internal ccache */
934 kcm_internal_ccache(context, ccache, &ccdata);
935
936 in.client = ccache->client;
937 in.server = server;
938 in.times.endtime = 0;
939
940 /* glue cc layer will store creds */
941 ret = krb5_get_credentials_with_flags(context, 0, flags,
942 &ccdata, &in, &out);
943
944 HEIMDAL_MUTEX_unlock(&ccache->mutex);
945
946 if (ret == 0)
947 krb5_free_cred_contents(context, out);
948
949 free(name);
950
951 return ret;
952 }
953
954 static struct kcm_op kcm_ops[] = {
955 { "NOOP", kcm_op_noop },
956 { "GET_NAME", kcm_op_get_name },
957 { "RESOLVE", kcm_op_noop },
958 { "GEN_NEW", kcm_op_gen_new },
959 { "INITIALIZE", kcm_op_initialize },
960 { "DESTROY", kcm_op_destroy },
961 { "STORE", kcm_op_store },
962 { "RETRIEVE", kcm_op_retrieve },
963 { "GET_PRINCIPAL", kcm_op_get_principal },
964 { "GET_FIRST", kcm_op_get_first },
965 { "GET_NEXT", kcm_op_get_next },
966 { "END_GET", kcm_op_end_get },
967 { "REMOVE_CRED", kcm_op_remove_cred },
968 { "SET_FLAGS", kcm_op_set_flags },
969 { "CHOWN", kcm_op_chown },
970 { "CHMOD", kcm_op_chmod },
971 { "GET_INITIAL_TICKET", kcm_op_get_initial_ticket },
972 { "GET_TICKET", kcm_op_get_ticket }
973 };
974
975
976 const char *kcm_op2string(kcm_operation opcode)
977 {
978 if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0]))
979 return "Unknown operation";
980
981 return kcm_ops[opcode].name;
982 }
983
984 krb5_error_code
985 kcm_dispatch(krb5_context context,
986 kcm_client *client,
987 krb5_data *req_data,
988 krb5_data *resp_data)
989 {
990 krb5_error_code ret;
991 kcm_method method;
992 krb5_storage *req_sp = NULL;
993 krb5_storage *resp_sp = NULL;
994 uint16_t opcode;
995
996 resp_sp = krb5_storage_emem();
997 if (resp_sp == NULL) {
998 return ENOMEM;
999 }
1000
1001 if (client->pid == -1) {
1002 kcm_log(0, "Client had invalid process number");
1003 ret = KRB5_FCC_INTERNAL;
1004 goto out;
1005 }
1006
1007 req_sp = krb5_storage_from_data(req_data);
1008 if (req_sp == NULL) {
1009 kcm_log(0, "Process %d: failed to initialize storage from data",
1010 client->pid);
1011 ret = KRB5_CC_IO;
1012 goto out;
1013 }
1014
1015 ret = krb5_ret_uint16(req_sp, &opcode);
1016 if (ret) {
1017 kcm_log(0, "Process %d: didn't send a message", client->pid);
1018 goto out;
1019 }
1020
1021 if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0])) {
1022 kcm_log(0, "Process %d: invalid operation code %d",
1023 client->pid, opcode);
1024 ret = KRB5_FCC_INTERNAL;
1025 goto out;
1026 }
1027 method = kcm_ops[opcode].method;
1028
1029 /* seek past place for status code */
1030 krb5_storage_seek(resp_sp, 4, SEEK_SET);
1031
1032 ret = (*method)(context, client, opcode, req_sp, resp_sp);
1033
1034 out:
1035 if (req_sp != NULL) {
1036 krb5_storage_free(req_sp);
1037 }
1038
1039 krb5_storage_seek(resp_sp, 0, SEEK_SET);
1040 krb5_store_int32(resp_sp, ret);
1041
1042 ret = krb5_storage_to_data(resp_sp, resp_data);
1043 krb5_storage_free(resp_sp);
1044
1045 return ret;
1046 }
1047
NetBSD on the FriendlyARM MINI2440