static krb5_error_code kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_error_code ret; krb5_kcmcache *oldk = KCMCACHE(from); krb5_kcmcache *newk = KCMCACHE(to); krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); if (ret) return ret; ret = krb5_store_stringz(request, oldk->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_stringz(request, newk->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
static krb5_error_code kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) { krb5_kcmcache *k = KCMCACHE(id); krb5_error_code ret; krb5_storage *request, *response; krb5_data response_data; int32_t offset; ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret) return ret; ret = krb5_ret_int32(response, &offset); krb5_storage_free(response); krb5_data_free(&response_data); if (ret) return ret; *kdc_offset = offset; return 0; }
static krb5_error_code kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) { krb5_kcmcache *k = KCMCACHE(id); krb5_error_code ret; krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, (uint32_t)kdc_offset); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * * Response: * NameZ */ static krb5_error_code kcm_gen_new(krb5_context context, krb5_ccache *id) { uuid_string_t uuidstr; krb5_error_code ret; krb5_kcmcache *k; uuid_t uuid; ret = kcm_alloc(context, NULL, id); if (ret) return ret; k = KCMCACHE(*id); uuid_generate_random(uuid); uuid_unparse(uuid, uuidstr); k->name = strdup(uuidstr); if (k->name == NULL) ret = ENOMEM; if (ret) kcm_free(context, id); return ret; }
/* * Request: * NameZ * Principal * * Response: * */ static krb5_error_code kcm_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_principal(request, primary_principal); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); if (context->kdc_sec_offset) kcm_set_kdc_offset(context, id, context->kdc_sec_offset); return ret; }
/* * Request: * NameZ * Creds * * Response: * */ static krb5_error_code kcm_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_creds(request, creds); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * Mode * * Response: * */ krb5_error_code _krb5_kcm_chmod(krb5_context context, krb5_ccache id, u_int16_t mode) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = kcm_storage_request(context, KCM_OP_CHMOD, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int16(request, mode); if (ret) { krb5_storage_free(request); return ret; } ret = kcm_call(context, k, request, NULL, NULL); krb5_storage_free(request); return ret; }
static krb5_error_code kcm_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, flags); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
static krb5_error_code kcm_get_uuid(krb5_context context, krb5_ccache id, krb5_uuid uuid) { krb5_storage *request, *response; krb5_kcmcache *k = KCMCACHE(id); krb5_data response_data; krb5_error_code ret; ssize_t sret; ret = krb5_kcm_storage_request(context, KCM_OP_GET_UUID, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret) return ret; sret = krb5_storage_read(response, uuid, sizeof(krb5_uuid)); krb5_storage_free(response); if (sret != sizeof(krb5_uuid)) return KRB5_CC_IO; return 0; }
/* * Request: * NameZ * * Request: * NameZ * ClientPrincipal * ServerPrincipalPresent * ServerPrincipal OPTIONAL * Password * * Repsonse: * */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_initial_ticket(krb5_context context, krb5_ccache id, krb5_principal client, krb5_principal server, const char *password) { krb5_kcmcache *k = KCMCACHE(id); krb5_error_code ret; krb5_storage *request; if (id->ops != &krb5_kcm_ops && id->ops != &krb5_akcm_ops) { krb5_set_error_message(context, EINVAL, "Cache is not a KCM cache"); return EINVAL; } ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_principal(request, client); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int8(request, (server == NULL) ? 0 : 1); if (ret) { krb5_storage_free(request); return ret; } if (server != NULL) { ret = krb5_store_principal(request, server); if (ret) { krb5_storage_free(request); return ret; } } ret = krb5_store_stringz(request, password); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * Cursor * * Response: * Creds */ static krb5_error_code kcm_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_kcm_cursor c = KCMCURSOR(*cursor); krb5_storage *request, *response; krb5_data response_data; ssize_t sret; again: if (c->offset >= c->length) return KRB5_CC_END; ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } sret = krb5_storage_write(request, &c->uuids[c->offset], sizeof(c->uuids[c->offset])); c->offset++; if (sret != sizeof(c->uuids[c->offset])) { krb5_storage_free(request); krb5_clear_error_message(context); return ENOMEM; } ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret == KRB5_CC_END) { goto again; } else if (ret) return ret; ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
static void kcm_free(krb5_context context, krb5_ccache *id) { krb5_kcmcache *k = KCMCACHE(*id); if (k != NULL) { if (k->name != NULL) free(k->name); memset(k, 0, sizeof(*k)); krb5_data_free(&(*id)->data); } }
static krb5_error_code kcmss_destroy(krb5_context context, krb5_ccache id) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = kcm_ccache_destroy(context, CACHENAME(id)); return ret; }
static krb5_error_code kcmss_get_first (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); *cursor = c->creds; return (*cursor == NULL) ? KRB5_CC_END : 0; }
static krb5_error_code kcmss_close(krb5_context context, krb5_ccache id) { kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); id->data.data = NULL; id->data.length = 0; return 0; }
/* * Request: * NameZ * WhichFields * MatchCreds * * Response: * Creds * */ static krb5_error_code kcm_retrieve(krb5_context context, krb5_ccache id, krb5_flags which, const krb5_creds *mcred, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, which); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_creds_tag(request, rk_UNCONST(mcred)); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
static krb5_error_code kcmss_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = kcm_ccache_store_cred_internal(context, c, creds, NULL, 1); return ret; }
static krb5_error_code kcmss_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = kcm_ccache_remove_cred_internal(context, c, which, cred); return ret; }
static krb5_error_code kcmss_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = krb5_copy_principal(context, c->client, principal); return ret; }
/* * Request: * * Response: * */ krb5_error_code _krb5_kcm_noop(krb5_context context, krb5_ccache id) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = kcm_storage_request(context, KCM_OP_NOOP, &request); if (ret) return ret; ret = kcm_call(context, k, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * * Response: * Cursor * */ static krb5_error_code kcm_get_first (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; u_int32_t tmp; ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = kcm_call(context, k, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_ret_int32(response, &tmp); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); if (ret) return ret; *cursor = malloc(sizeof(tmp)); if (*cursor == NULL) return KRB5_CC_NOMEM; KCMCURSOR(*cursor) = tmp; return 0; }
/* * Request: * NameZ * ServerPrincipalPresent * ServerPrincipal OPTIONAL * Key * * Repsonse: * */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_initial_ticket(krb5_context context, krb5_ccache id, krb5_principal server, krb5_keyblock *key) { krb5_kcmcache *k = KCMCACHE(id); krb5_error_code ret; krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int8(request, (server == NULL) ? 0 : 1); if (ret) { krb5_storage_free(request); return ret; } if (server != NULL) { ret = krb5_store_principal(request, server); if (ret) { krb5_storage_free(request); return ret; } } ret = krb5_store_keyblock(request, *key); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * KDCFlags * EncryptionType * ServerPrincipal * * Repsonse: * */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_ticket(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, krb5_enctype enctype, krb5_principal server) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, flags.i); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, enctype); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_principal(request, server); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * Cursor * * Response: * Creds */ static krb5_error_code kcm_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, KCMCURSOR(*cursor)); if (ret) { krb5_storage_free(request); return ret; } ret = kcm_call(context, k, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
static krb5_error_code kcmss_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = kcm_zero_ccache_data_internal(context, c); if (ret) return ret; ret = krb5_copy_principal(context, primary_principal, &c->client); return ret; }
/* * Request: * * Response: * NameZ */ static krb5_error_code kcm_gen_new(krb5_context context, krb5_ccache *id) { krb5_kcmcache *k; krb5_error_code ret; krb5_storage *request, *response; krb5_data response_data; ret = kcm_alloc(context, NULL, id); if (ret) return ret; k = KCMCACHE(*id); ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request); if (ret) { kcm_free(context, id); return ret; } ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); kcm_free(context, id); return ret; } ret = krb5_ret_stringz(response, &k->name); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); if (ret) kcm_free(context, id); return ret; }
static krb5_error_code kcm_unhold(krb5_context context, krb5_ccache id) { krb5_storage *request; krb5_kcmcache *k = KCMCACHE(id); krb5_error_code ret; ret = krb5_kcm_storage_request(context, KCM_OP_RELEASE_KCRED, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
static krb5_error_code kcm_set_default(krb5_context context, krb5_ccache id) { krb5_error_code ret; krb5_storage *request; krb5_kcmcache *k = KCMCACHE(id); ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; }
/* * Request: * NameZ * Cursor * * Response: * */ static krb5_error_code kcm_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; ret = kcm_storage_request(context, KCM_OP_END_GET, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, KCMCURSOR(*cursor)); if (ret) { krb5_storage_free(request); return ret; } ret = kcm_call(context, k, request, NULL, NULL); if (ret) { krb5_storage_free(request); return ret; } krb5_storage_free(request); KCMCURSOR(*cursor) = 0; free(*cursor); *cursor = NULL; return ret; }
static krb5_error_code kcmss_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; kcm_ccache c = KCMCACHE(id); KCM_ASSERT_VALID(c); ret = krb5_copy_creds_contents(context, &((struct kcm_creds *)cursor)->cred, creds); if (ret) return ret; *cursor = ((struct kcm_creds *)cursor)->next; if (*cursor == 0) ret = KRB5_CC_END; return ret; }