search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / cache.c
blob5b5554ff2208470e4a6b57eb32bc92a0fbaaa567
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 __RCSID("$Heimdal: cache.c 22127 2007-12-04 00:54:37Z lha $"
37 "$NetBSD$");
38
39 /**
40 * Add a new ccache type with operations `ops', overwriting any
41 * existing one if `override'.
42 *
43 * @param context a Keberos context
44 * @param ops type of plugin symbol
45 * @param override flag to select if the registration is to overide
46 * an existing ops with the same name.
47 *
48 * @return Return an error code or 0.
49 *
50 * @ingroup krb5_ccache
51 */
52
53 krb5_error_code KRB5_LIB_FUNCTION
54 krb5_cc_register(krb5_context context,
55 const krb5_cc_ops *ops,
56 krb5_boolean override)
57 {
58 int i;
59
60 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
61 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
62 if(!override) {
63 krb5_set_error_string(context,
64 "ccache type %s already exists",
65 ops->prefix);
66 return KRB5_CC_TYPE_EXISTS;
67 }
68 break;
69 }
70 }
71 if(i == context->num_cc_ops) {
72 krb5_cc_ops *o = realloc(context->cc_ops,
73 (context->num_cc_ops + 1) *
74 sizeof(*context->cc_ops));
75 if(o == NULL) {
76 krb5_set_error_string(context, "malloc: out of memory");
77 return KRB5_CC_NOMEM;
78 }
79 context->num_cc_ops++;
80 context->cc_ops = o;
81 memset(context->cc_ops + i, 0,
82 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
83 }
84 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
85 return 0;
86 }
87
88 /*
89 * Allocate the memory for a `id' and the that function table to
90 * `ops'. Returns 0 or and error code.
91 */
92
93 krb5_error_code
94 _krb5_cc_allocate(krb5_context context,
95 const krb5_cc_ops *ops,
96 krb5_ccache *id)
97 {
98 krb5_ccache p;
99
100 p = malloc (sizeof(*p));
101 if(p == NULL) {
102 krb5_set_error_string(context, "malloc: out of memory");
103 return KRB5_CC_NOMEM;
104 }
105 p->ops = ops;
106 *id = p;
107
108 return 0;
109 }
110
111 /*
112 * Allocate memory for a new ccache in `id' with operations `ops'
113 * and name `residual'. Return 0 or an error code.
114 */
115
116 static krb5_error_code
117 allocate_ccache (krb5_context context,
118 const krb5_cc_ops *ops,
119 const char *residual,
120 krb5_ccache *id)
121 {
122 krb5_error_code ret;
123
124 ret = _krb5_cc_allocate(context, ops, id);
125 if (ret)
126 return ret;
127 ret = (*id)->ops->resolve(context, id, residual);
128 if(ret)
129 free(*id);
130 return ret;
131 }
132
133 /**
134 * Find and allocate a ccache in `id' from the specification in `residual'.
135 * If the ccache name doesn't contain any colon, interpret it as a file name.
136 *
137 * @param context a Keberos context.
138 * @param name string name of a credential cache.
139 * @param id return pointer to a found credential cache.
140 *
141 * @return Return 0 or an error code. In case of an error, id is set
142 * to NULL.
143 *
144 * @ingroup krb5_ccache
145 */
146
147
148 krb5_error_code KRB5_LIB_FUNCTION
149 krb5_cc_resolve(krb5_context context,
150 const char *name,
151 krb5_ccache *id)
152 {
153 int i;
154
155 *id = NULL;
156
157 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
158 size_t prefix_len = strlen(context->cc_ops[i].prefix);
159
160 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
161 && name[prefix_len] == ':') {
162 return allocate_ccache (context, &context->cc_ops[i],
163 name + prefix_len + 1,
164 id);
165 }
166 }
167 if (strchr (name, ':') == NULL)
168 return allocate_ccache (context, &krb5_fcc_ops, name, id);
169 else {
170 krb5_set_error_string(context, "unknown ccache type %s", name);
171 return KRB5_CC_UNKNOWN_TYPE;
172 }
173 }
174
175 /**
176 * Generate a new ccache of type `ops' in `id'.
177 *
178 * @return Return 0 or an error code.
179 *
180 * @ingroup krb5_ccache
181 */
182
183
184 krb5_error_code KRB5_LIB_FUNCTION
185 krb5_cc_gen_new(krb5_context context,
186 const krb5_cc_ops *ops,
187 krb5_ccache *id)
188 {
189 return krb5_cc_new_unique(context, ops->prefix, NULL, id);
190 }
191
192 /**
193 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
194 * the library chooses the default credential cache type. The supplied
195 * `hint' (that can be NULL) is a string that the credential cache
196 * type can use to base the name of the credential on, this is to make
197 * it easier for the user to differentiate the credentials.
198 *
199 * @return Returns 0 or an error code.
200 *
201 * @ingroup krb5_ccache
202 */
203
204 krb5_error_code KRB5_LIB_FUNCTION
205 krb5_cc_new_unique(krb5_context context, const char *type,
206 const char *hint, krb5_ccache *id)
207 {
208 const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
209 krb5_error_code ret;
210
211 if (type) {
212 ops = krb5_cc_get_prefix_ops(context, type);
213 if (ops == NULL) {
214 krb5_set_error_string(context,
215 "Credential cache type %s is unknown", type);
216 return KRB5_CC_UNKNOWN_TYPE;
217 }
218 }
219
220 ret = _krb5_cc_allocate(context, ops, id);
221 if (ret)
222 return ret;
223 return (*id)->ops->gen_new(context, id);
224 }
225
226 /**
227 * Return the name of the ccache `id'
228 *
229 * @ingroup krb5_ccache
230 */
231
232
233 const char* KRB5_LIB_FUNCTION
234 krb5_cc_get_name(krb5_context context,
235 krb5_ccache id)
236 {
237 return id->ops->get_name(context, id);
238 }
239
240 /**
241 * Return the type of the ccache `id'.
242 *
243 * @ingroup krb5_ccache
244 */
245
246
247 const char* KRB5_LIB_FUNCTION
248 krb5_cc_get_type(krb5_context context,
249 krb5_ccache id)
250 {
251 return id->ops->prefix;
252 }
253
254 /**
255 * Return the complete resolvable name the ccache `id' in `str´.
256 * `str` should be freed with free(3).
257 * Returns 0 or an error (and then *str is set to NULL).
258 *
259 * @ingroup krb5_ccache
260 */
261
262
263 krb5_error_code KRB5_LIB_FUNCTION
264 krb5_cc_get_full_name(krb5_context context,
265 krb5_ccache id,
266 char **str)
267 {
268 const char *type, *name;
269
270 *str = NULL;
271
272 type = krb5_cc_get_type(context, id);
273 if (type == NULL) {
274 krb5_set_error_string(context, "cache have no name of type");
275 return KRB5_CC_UNKNOWN_TYPE;
276 }
277
278 name = krb5_cc_get_name(context, id);
279 if (name == NULL) {
280 krb5_set_error_string(context, "cache of type %s have no name", type);
281 return KRB5_CC_BADNAME;
282 }
283
284 if (asprintf(str, "%s:%s", type, name) == -1) {
285 krb5_set_error_string(context, "malloc - out of memory");
286 *str = NULL;
287 return ENOMEM;
288 }
289 return 0;
290 }
291
292 /**
293 * Return krb5_cc_ops of a the ccache `id'.
294 *
295 * @ingroup krb5_ccache
296 */
297
298
299 const krb5_cc_ops *
300 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
301 {
302 return id->ops;
303 }
304
305 /*
306 * Expand variables in `str' into `res'
307 */
308
309 krb5_error_code
310 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
311 {
312 size_t tlen, len = 0;
313 char *tmp, *tmp2, *append;
314
315 *res = NULL;
316
317 while (str && *str) {
318 tmp = strstr(str, "%{");
319 if (tmp && tmp != str) {
320 append = malloc((tmp - str) + 1);
321 if (append) {
322 memcpy(append, str, tmp - str);
323 append[tmp - str] = '\0';
324 }
325 str = tmp;
326 } else if (tmp) {
327 tmp2 = strchr(tmp, '}');
328 if (tmp2 == NULL) {
329 free(*res);
330 *res = NULL;
331 krb5_set_error_string(context, "variable missing }");
332 return KRB5_CONFIG_BADFORMAT;
333 }
334 if (strncasecmp(tmp, "%{uid}", 6) == 0)
335 asprintf(&append, "%u", (unsigned)getuid());
336 else if (strncasecmp(tmp, "%{null}", 7) == 0)
337 append = strdup("");
338 else {
339 free(*res);
340 *res = NULL;
341 krb5_set_error_string(context,
342 "expand default cache unknown "
343 "variable \"%.*s\"",
344 (int)(tmp2 - tmp) - 2, tmp + 2);
345 return KRB5_CONFIG_BADFORMAT;
346 }
347 str = tmp2 + 1;
348 } else {
349 append = strdup(str);
350 str = NULL;
351 }
352 if (append == NULL) {
353 free(*res);
354 *res = NULL;
355 krb5_set_error_string(context, "malloc - out of memory");
356 return ENOMEM;
357 }
358
359 tlen = strlen(append);
360 tmp = realloc(*res, len + tlen + 1);
361 if (tmp == NULL) {
362 free(append);
363 free(*res);
364 *res = NULL;
365 krb5_set_error_string(context, "malloc - out of memory");
366 return ENOMEM;
367 }
368 *res = tmp;
369 memcpy(*res + len, append, tlen + 1);
370 len = len + tlen;
371 free(append);
372 }
373 return 0;
374 }
375
376 /*
377 * Return non-zero if envirnoment that will determine default krb5cc
378 * name has changed.
379 */
380
381 static int
382 environment_changed(krb5_context context)
383 {
384 const char *e;
385
386 /* if the cc name was set, don't change it */
387 if (context->default_cc_name_set)
388 return 0;
389
390 if(issuid())
391 return 0;
392
393 e = getenv("KRB5CCNAME");
394 if (e == NULL) {
395 if (context->default_cc_name_env) {
396 free(context->default_cc_name_env);
397 context->default_cc_name_env = NULL;
398 return 1;
399 }
400 } else {
401 if (context->default_cc_name_env == NULL)
402 return 1;
403 if (strcmp(e, context->default_cc_name_env) != 0)
404 return 1;
405 }
406 return 0;
407 }
408
409 /**
410 * Set the default cc name for `context' to `name'.
411 *
412 * @ingroup krb5_ccache
413 */
414
415
416 krb5_error_code KRB5_LIB_FUNCTION
417 krb5_cc_set_default_name(krb5_context context, const char *name)
418 {
419 krb5_error_code ret = 0;
420 char *p;
421
422 if (name == NULL) {
423 const char *e = NULL;
424
425 if(!issuid()) {
426 e = getenv("KRB5CCNAME");
427 if (e) {
428 p = strdup(e);
429 if (context->default_cc_name_env)
430 free(context->default_cc_name_env);
431 context->default_cc_name_env = strdup(e);
432 }
433 }
434 if (e == NULL) {
435 e = krb5_config_get_string(context, NULL, "libdefaults",
436 "default_cc_name", NULL);
437 if (e) {
438 ret = _krb5_expand_default_cc_name(context, e, &p);
439 if (ret)
440 return ret;
441 }
442 if (e == NULL) {
443 const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
444 ret = (*ops->default_name)(context, &p);
445 if (ret)
446 return ret;
447 }
448 }
449 context->default_cc_name_set = 0;
450 } else {
451 p = strdup(name);
452 context->default_cc_name_set = 1;
453 }
454
455 if (p == NULL) {
456 krb5_set_error_string(context, "malloc - out of memory");
457 return ENOMEM;
458 }
459
460 if (context->default_cc_name)
461 free(context->default_cc_name);
462
463 context->default_cc_name = p;
464
465 return ret;
466 }
467
468 /**
469 * Return a pointer to a context static string containing the default
470 * ccache name.
471 *
472 * @return String to the default credential cache name.
473 *
474 * @ingroup krb5_ccache
475 */
476
477
478 const char* KRB5_LIB_FUNCTION
479 krb5_cc_default_name(krb5_context context)
480 {
481 if (context->default_cc_name == NULL || environment_changed(context))
482 krb5_cc_set_default_name(context, NULL);
483
484 return context->default_cc_name;
485 }
486
487 /**
488 * Open the default ccache in `id'.
489 *
490 * @return Return 0 or an error code.
491 *
492 * @ingroup krb5_ccache
493 */
494
495
496 krb5_error_code KRB5_LIB_FUNCTION
497 krb5_cc_default(krb5_context context,
498 krb5_ccache *id)
499 {
500 const char *p = krb5_cc_default_name(context);
501
502 if (p == NULL) {
503 krb5_set_error_string(context, "malloc - out of memory");
504 return ENOMEM;
505 }
506 return krb5_cc_resolve(context, p, id);
507 }
508
509 /**
510 * Create a new ccache in `id' for `primary_principal'.
511 *
512 * @return Return 0 or an error code.
513 *
514 * @ingroup krb5_ccache
515 */
516
517
518 krb5_error_code KRB5_LIB_FUNCTION
519 krb5_cc_initialize(krb5_context context,
520 krb5_ccache id,
521 krb5_principal primary_principal)
522 {
523 return (*id->ops->init)(context, id, primary_principal);
524 }
525
526
527 /**
528 * Remove the ccache `id'.
529 *
530 * @return Return 0 or an error code.
531 *
532 * @ingroup krb5_ccache
533 */
534
535
536 krb5_error_code KRB5_LIB_FUNCTION
537 krb5_cc_destroy(krb5_context context,
538 krb5_ccache id)
539 {
540 krb5_error_code ret;
541
542 ret = (*id->ops->destroy)(context, id);
543 krb5_cc_close (context, id);
544 return ret;
545 }
546
547 /**
548 * Stop using the ccache `id' and free the related resources.
549 *
550 * @return Return 0 or an error code.
551 *
552 * @ingroup krb5_ccache
553 */
554
555
556 krb5_error_code KRB5_LIB_FUNCTION
557 krb5_cc_close(krb5_context context,
558 krb5_ccache id)
559 {
560 krb5_error_code ret;
561 ret = (*id->ops->close)(context, id);
562 free(id);
563 return ret;
564 }
565
566 /**
567 * Store `creds' in the ccache `id'.
568 *
569 * @return Return 0 or an error code.
570 *
571 * @ingroup krb5_ccache
572 */
573
574
575 krb5_error_code KRB5_LIB_FUNCTION
576 krb5_cc_store_cred(krb5_context context,
577 krb5_ccache id,
578 krb5_creds *creds)
579 {
580 return (*id->ops->store)(context, id, creds);
581 }
582
583 /**
584 * Retrieve the credential identified by `mcreds' (and `whichfields')
585 * from `id' in `creds'. 'creds' must be free by the caller using
586 * krb5_free_cred_contents.
587 *
588 * @return Return 0 or an error code.
589 *
590 * @ingroup krb5_ccache
591 */
592
593
594 krb5_error_code KRB5_LIB_FUNCTION
595 krb5_cc_retrieve_cred(krb5_context context,
596 krb5_ccache id,
597 krb5_flags whichfields,
598 const krb5_creds *mcreds,
599 krb5_creds *creds)
600 {
601 krb5_error_code ret;
602 krb5_cc_cursor cursor;
603
604 if (id->ops->retrieve != NULL) {
605 return (*id->ops->retrieve)(context, id, whichfields,
606 mcreds, creds);
607 }
608
609 ret = krb5_cc_start_seq_get(context, id, &cursor);
610 if (ret)
611 return ret;
612 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
613 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
614 ret = 0;
615 break;
616 }
617 krb5_free_cred_contents (context, creds);
618 }
619 krb5_cc_end_seq_get(context, id, &cursor);
620 return ret;
621 }
622
623 /**
624 * Return the principal of `id' in `principal'.
625 *
626 * @return Return 0 or an error code.
627 *
628 * @ingroup krb5_ccache
629 */
630
631
632 krb5_error_code KRB5_LIB_FUNCTION
633 krb5_cc_get_principal(krb5_context context,
634 krb5_ccache id,
635 krb5_principal *principal)
636 {
637 return (*id->ops->get_princ)(context, id, principal);
638 }
639
640 /**
641 * Start iterating over `id', `cursor' is initialized to the
642 * beginning.
643 *
644 * @return Return 0 or an error code.
645 *
646 * @ingroup krb5_ccache
647 */
648
649
650 krb5_error_code KRB5_LIB_FUNCTION
651 krb5_cc_start_seq_get (krb5_context context,
652 const krb5_ccache id,
653 krb5_cc_cursor *cursor)
654 {
655 return (*id->ops->get_first)(context, id, cursor);
656 }
657
658 /**
659 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
660 * and advance `cursor'.
661 *
662 * @return Return 0 or an error code.
663 *
664 * @ingroup krb5_ccache
665 */
666
667
668 krb5_error_code KRB5_LIB_FUNCTION
669 krb5_cc_next_cred (krb5_context context,
670 const krb5_ccache id,
671 krb5_cc_cursor *cursor,
672 krb5_creds *creds)
673 {
674 return (*id->ops->get_next)(context, id, cursor, creds);
675 }
676
677 /**
678 * Like krb5_cc_next_cred, but allow for selective retrieval
679 *
680 * @ingroup krb5_ccache
681 */
682
683
684 krb5_error_code KRB5_LIB_FUNCTION
685 krb5_cc_next_cred_match(krb5_context context,
686 const krb5_ccache id,
687 krb5_cc_cursor * cursor,
688 krb5_creds * creds,
689 krb5_flags whichfields,
690 const krb5_creds * mcreds)
691 {
692 krb5_error_code ret;
693 while (1) {
694 ret = krb5_cc_next_cred(context, id, cursor, creds);
695 if (ret)
696 return ret;
697 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
698 return 0;
699 krb5_free_cred_contents(context, creds);
700 }
701 }
702
703 /**
704 * Destroy the cursor `cursor'.
705 *
706 * @ingroup krb5_ccache
707 */
708
709
710 krb5_error_code KRB5_LIB_FUNCTION
711 krb5_cc_end_seq_get (krb5_context context,
712 const krb5_ccache id,
713 krb5_cc_cursor *cursor)
714 {
715 return (*id->ops->end_get)(context, id, cursor);
716 }
717
718 /**
719 * Remove the credential identified by `cred', `which' from `id'.
720 *
721 * @ingroup krb5_ccache
722 */
723
724
725 krb5_error_code KRB5_LIB_FUNCTION
726 krb5_cc_remove_cred(krb5_context context,
727 krb5_ccache id,
728 krb5_flags which,
729 krb5_creds *cred)
730 {
731 if(id->ops->remove_cred == NULL) {
732 krb5_set_error_string(context,
733 "ccache %s does not support remove_cred",
734 id->ops->prefix);
735 return EACCES; /* XXX */
736 }
737 return (*id->ops->remove_cred)(context, id, which, cred);
738 }
739
740 /**
741 * Set the flags of `id' to `flags'.
742 *
743 * @ingroup krb5_ccache
744 */
745
746
747 krb5_error_code KRB5_LIB_FUNCTION
748 krb5_cc_set_flags(krb5_context context,
749 krb5_ccache id,
750 krb5_flags flags)
751 {
752 return (*id->ops->set_flags)(context, id, flags);
753 }
754
755 /**
756 * Copy the contents of `from' to `to'.
757 *
758 * @ingroup krb5_ccache
759 */
760
761
762 krb5_error_code KRB5_LIB_FUNCTION
763 krb5_cc_copy_cache_match(krb5_context context,
764 const krb5_ccache from,
765 krb5_ccache to,
766 krb5_flags whichfields,
767 const krb5_creds * mcreds,
768 unsigned int *matched)
769 {
770 krb5_error_code ret;
771 krb5_cc_cursor cursor;
772 krb5_creds cred;
773 krb5_principal princ;
774
775 ret = krb5_cc_get_principal(context, from, &princ);
776 if (ret)
777 return ret;
778 ret = krb5_cc_initialize(context, to, princ);
779 if (ret) {
780 krb5_free_principal(context, princ);
781 return ret;
782 }
783 ret = krb5_cc_start_seq_get(context, from, &cursor);
784 if (ret) {
785 krb5_free_principal(context, princ);
786 return ret;
787 }
788 if (matched)
789 *matched = 0;
790 while (ret == 0 &&
791 krb5_cc_next_cred_match(context, from, &cursor, &cred,
792 whichfields, mcreds) == 0) {
793 if (matched)
794 (*matched)++;
795 ret = krb5_cc_store_cred(context, to, &cred);
796 krb5_free_cred_contents(context, &cred);
797 }
798 krb5_cc_end_seq_get(context, from, &cursor);
799 krb5_free_principal(context, princ);
800 return ret;
801 }
802
803 /**
804 * Just like krb5_cc_copy_cache_match, but copy everything.
805 *
806 * @ingroup krb5_ccache
807 */
808
809
810 krb5_error_code KRB5_LIB_FUNCTION
811 krb5_cc_copy_cache(krb5_context context,
812 const krb5_ccache from,
813 krb5_ccache to)
814 {
815 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
816 }
817
818 /**
819 * Return the version of `id'.
820 *
821 * @ingroup krb5_ccache
822 */
823
824
825 krb5_error_code KRB5_LIB_FUNCTION
826 krb5_cc_get_version(krb5_context context,
827 const krb5_ccache id)
828 {
829 if(id->ops->get_version)
830 return (*id->ops->get_version)(context, id);
831 else
832 return 0;
833 }
834
835 /**
836 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
837 *
838 * @ingroup krb5_ccache
839 */
840
841
842 void KRB5_LIB_FUNCTION
843 krb5_cc_clear_mcred(krb5_creds *mcred)
844 {
845 memset(mcred, 0, sizeof(*mcred));
846 }
847
848 /**
849 * Get the cc ops that is registered in `context' to handle the
850 * `prefix'. `prefix' can be a complete credential cache name or a
851 * prefix, the function will only use part up to the first colon (:)
852 * if there is one.
853 * Returns NULL if ops not found.
854 *
855 * @ingroup krb5_ccache
856 */
857
858
859 const krb5_cc_ops *
860 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
861 {
862 char *p, *p1;
863 int i;
864
865 if (prefix[0] == '/')
866 return &krb5_fcc_ops;
867
868 p = strdup(prefix);
869 if (p == NULL) {
870 krb5_set_error_string(context, "malloc - out of memory");
871 return NULL;
872 }
873 p1 = strchr(p, ':');
874 if (p1)
875 *p1 = '\0';
876
877 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
878 if(strcmp(context->cc_ops[i].prefix, p) == 0) {
879 free(p);
880 return &context->cc_ops[i];
881 }
882 }
883 free(p);
884 return NULL;
885 }
886
887 struct krb5_cc_cache_cursor_data {
888 const krb5_cc_ops *ops;
889 krb5_cc_cursor cursor;
890 };
891
892 /**
893 * Start iterating over all caches of `type'. If `type' is NULL, the
894 * default type is * used. `cursor' is initialized to the beginning.
895 *
896 * @return Return 0 or an error code.
897 *
898 * @ingroup krb5_ccache
899 */
900
901
902 krb5_error_code KRB5_LIB_FUNCTION
903 krb5_cc_cache_get_first (krb5_context context,
904 const char *type,
905 krb5_cc_cache_cursor *cursor)
906 {
907 const krb5_cc_ops *ops;
908 krb5_error_code ret;
909
910 if (type == NULL)
911 type = krb5_cc_default_name(context);
912
913 ops = krb5_cc_get_prefix_ops(context, type);
914 if (ops == NULL) {
915 krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
916 "trying to iterate the credential caches", type);
917 return KRB5_CC_UNKNOWN_TYPE;
918 }
919
920 if (ops->get_cache_first == NULL) {
921 krb5_set_error_string(context, "Credential cache type %s doesn't support "
922 "iterations over caches", ops->prefix);
923 return KRB5_CC_NOSUPP;
924 }
925
926 *cursor = calloc(1, sizeof(**cursor));
927 if (*cursor == NULL) {
928 krb5_set_error_string(context, "malloc - out of memory");
929 return ENOMEM;
930 }
931
932 (*cursor)->ops = ops;
933
934 ret = ops->get_cache_first(context, &(*cursor)->cursor);
935 if (ret) {
936 free(*cursor);
937 *cursor = NULL;
938 }
939 return ret;
940 }
941
942 /**
943 * Retrieve the next cache pointed to by (`cursor') in `id'
944 * and advance `cursor'.
945 *
946 * @return Return 0 or an error code.
947 *
948 * @ingroup krb5_ccache
949 */
950
951
952 krb5_error_code KRB5_LIB_FUNCTION
953 krb5_cc_cache_next (krb5_context context,
954 krb5_cc_cache_cursor cursor,
955 krb5_ccache *id)
956 {
957 return cursor->ops->get_cache_next(context, cursor->cursor, id);
958 }
959
960 /**
961 * Destroy the cursor `cursor'.
962 *
963 * @return Return 0 or an error code.
964 *
965 * @ingroup krb5_ccache
966 */
967
968
969 krb5_error_code KRB5_LIB_FUNCTION
970 krb5_cc_cache_end_seq_get (krb5_context context,
971 krb5_cc_cache_cursor cursor)
972 {
973 krb5_error_code ret;
974 ret = cursor->ops->end_cache_get(context, cursor->cursor);
975 cursor->ops = NULL;
976 free(cursor);
977 return ret;
978 }
979
980 /**
981 * Search for a matching credential cache of type `type' that have the
982 * `principal' as the default principal. If NULL is used for `type',
983 * the default type is used. On success, `id' needs to be freed with
984 * krb5_cc_close or krb5_cc_destroy.
985 *
986 * @return On failure, error code is returned and `id' is set to NULL.
987 *
988 * @ingroup krb5_ccache
989 */
990
991
992 krb5_error_code KRB5_LIB_FUNCTION
993 krb5_cc_cache_match (krb5_context context,
994 krb5_principal client,
995 const char *type,
996 krb5_ccache *id)
997 {
998 krb5_cc_cache_cursor cursor;
999 krb5_error_code ret;
1000 krb5_ccache cache = NULL;
1001
1002 *id = NULL;
1003
1004 ret = krb5_cc_cache_get_first (context, type, &cursor);
1005 if (ret)
1006 return ret;
1007
1008 while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
1009 krb5_principal principal;
1010
1011 ret = krb5_cc_get_principal(context, cache, &principal);
1012 if (ret == 0) {
1013 krb5_boolean match;
1014
1015 match = krb5_principal_compare(context, principal, client);
1016 krb5_free_principal(context, principal);
1017 if (match)
1018 break;
1019 }
1020
1021 krb5_cc_close(context, cache);
1022 cache = NULL;
1023 }
1024
1025 krb5_cc_cache_end_seq_get(context, cursor);
1026
1027 if (cache == NULL) {
1028 char *str;
1029
1030 krb5_unparse_name(context, client, &str);
1031
1032 krb5_set_error_string(context, "Principal %s not found in a "
1033 "credential cache", str ? str : "<out of memory>");
1034 if (str)
1035 free(str);
1036 return KRB5_CC_NOTFOUND;
1037 }
1038 *id = cache;
1039
1040 return 0;
1041 }
1042
1043 /**
1044 * Move the content from one credential cache to another. The
1045 * operation is an atomic switch.
1046 *
1047 * @param context a Keberos context
1048 * @param from the credential cache to move the content from
1049 * @param to the credential cache to move the content to
1050
1051 * @return On sucess, from is freed. On failure, error code is
1052 * returned and from and to are both still allocated.
1053 *
1054 * @ingroup krb5_ccache
1055 */
1056
1057 krb5_error_code
1058 krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1059 {
1060 krb5_error_code ret;
1061
1062 if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
1063 krb5_set_error_string(context, "Moving credentials between diffrent "
1064 "types not yet supported");
1065 return KRB5_CC_NOSUPP;
1066 }
1067
1068 ret = (*to->ops->move)(context, from, to);
1069 if (ret == 0) {
1070 memset(from, 0, sizeof(*from));
1071 free(from);
1072 }
1073 return ret;
1074 }
NetBSD on the FriendlyARM MINI2440