static krb5_error_code
kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_error_code ret;
krb5_kcmcache *oldk = KCMCACHE(from);
krb5_kcmcache *newk = KCMCACHE(to);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, oldk->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_stringz(request, newk->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
int32_t offset;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
ret = krb5_ret_int32(response, &offset);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
return ret;
*kdc_offset = offset;
return 0;
}
static krb5_error_code
kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, (uint32_t)kdc_offset);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
*
* Response:
* NameZ
*/
static krb5_error_code
kcm_gen_new(krb5_context context, krb5_ccache *id)
{
uuid_string_t uuidstr;
krb5_error_code ret;
krb5_kcmcache *k;
uuid_t uuid;
ret = kcm_alloc(context, NULL, id);
if (ret)
return ret;
k = KCMCACHE(*id);
uuid_generate_random(uuid);
uuid_unparse(uuid, uuidstr);
k->name = strdup(uuidstr);
if (k->name == NULL)
ret = ENOMEM;
if (ret)
kcm_free(context, id);
return ret;
}
/*
* Request:
* NameZ
* Principal
*
* Response:
*
*/
static krb5_error_code
kcm_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, primary_principal);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
if (context->kdc_sec_offset)
kcm_set_kdc_offset(context, id, context->kdc_sec_offset);
return ret;
}
/*
* Request:
* NameZ
* Creds
*
* Response:
*
*/
static krb5_error_code
kcm_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_creds(request, creds);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Mode
*
* Response:
*
*/
krb5_error_code
_krb5_kcm_chmod(krb5_context context,
krb5_ccache id,
u_int16_t mode)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int16(request, mode);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, flags);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_get_uuid(krb5_context context, krb5_ccache id, krb5_uuid uuid)
{
krb5_storage *request, *response;
krb5_kcmcache *k = KCMCACHE(id);
krb5_data response_data;
krb5_error_code ret;
ssize_t sret;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_UUID, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
sret = krb5_storage_read(response, uuid, sizeof(krb5_uuid));
krb5_storage_free(response);
if (sret != sizeof(krb5_uuid))
return KRB5_CC_IO;
return 0;
}
/*
* Request:
* NameZ
*
* Request:
* NameZ
* ClientPrincipal
* ServerPrincipalPresent
* ServerPrincipal OPTIONAL
* Password
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal client,
krb5_principal server,
const char *password)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
if (id->ops != &krb5_kcm_ops && id->ops != &krb5_akcm_ops) {
krb5_set_error_message(context, EINVAL, "Cache is not a KCM cache");
return EINVAL;
}
ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, client);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
if (ret) {
krb5_storage_free(request);
return ret;
}
if (server != NULL) {
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
}
ret = krb5_store_stringz(request, password);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_kcm_cursor c = KCMCURSOR(*cursor);
krb5_storage *request, *response;
krb5_data response_data;
ssize_t sret;
again:
if (c->offset >= c->length)
return KRB5_CC_END;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
sret = krb5_storage_write(request,
&c->uuids[c->offset],
sizeof(c->uuids[c->offset]));
c->offset++;
if (sret != sizeof(c->uuids[c->offset])) {
krb5_storage_free(request);
krb5_clear_error_message(context);
return ENOMEM;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret == KRB5_CC_END) {
goto again;
} else if (ret)
return ret;
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
static void
kcm_free(krb5_context context, krb5_ccache *id)
{
krb5_kcmcache *k = KCMCACHE(*id);
if (k != NULL) {
if (k->name != NULL)
free(k->name);
memset(k, 0, sizeof(*k));
krb5_data_free(&(*id)->data);
}
}
static krb5_error_code
kcmss_destroy(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = kcm_ccache_destroy(context, CACHENAME(id));
return ret;
}
static krb5_error_code
kcmss_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
*cursor = c->creds;
return (*cursor == NULL) ? KRB5_CC_END : 0;
}
static krb5_error_code
kcmss_close(krb5_context context,
krb5_ccache id)
{
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
id->data.data = NULL;
id->data.length = 0;
return 0;
}
/*
* Request:
* NameZ
* WhichFields
* MatchCreds
*
* Response:
* Creds
*
*/
static krb5_error_code
kcm_retrieve(krb5_context context,
krb5_ccache id,
krb5_flags which,
const krb5_creds *mcred,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, which);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
static krb5_error_code
kcmss_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = kcm_ccache_store_cred_internal(context, c, creds, NULL, 1);
return ret;
}
static krb5_error_code
kcmss_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
krb5_creds *cred)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = kcm_ccache_remove_cred_internal(context, c, which, cred);
return ret;
}
static krb5_error_code
kcmss_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = krb5_copy_principal(context, c->client,
principal);
return ret;
}
/*
* Request:
*
* Response:
*
*/
krb5_error_code
_krb5_kcm_noop(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
if (ret)
return ret;
ret = kcm_call(context, k, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
*
* Response:
* Cursor
*
*/
static krb5_error_code
kcm_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
u_int32_t tmp;
ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_int32(response, &tmp);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
return ret;
*cursor = malloc(sizeof(tmp));
if (*cursor == NULL)
return KRB5_CC_NOMEM;
KCMCURSOR(*cursor) = tmp;
return 0;
}
/*
* Request:
* NameZ
* ServerPrincipalPresent
* ServerPrincipal OPTIONAL
* Key
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal server,
krb5_keyblock *key)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
if (ret) {
krb5_storage_free(request);
return ret;
}
if (server != NULL) {
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
}
ret = krb5_store_keyblock(request, *key);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* KDCFlags
* EncryptionType
* ServerPrincipal
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_ticket(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
krb5_enctype enctype,
krb5_principal server)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, flags.i);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, enctype);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
static krb5_error_code
kcmss_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = kcm_zero_ccache_data_internal(context, c);
if (ret)
return ret;
ret = krb5_copy_principal(context, primary_principal,
&c->client);
return ret;
}
/*
* Request:
*
* Response:
* NameZ
*/
static krb5_error_code
kcm_gen_new(krb5_context context, krb5_ccache *id)
{
krb5_kcmcache *k;
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_alloc(context, NULL, id);
if (ret)
return ret;
k = KCMCACHE(*id);
ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
if (ret) {
kcm_free(context, id);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
kcm_free(context, id);
return ret;
}
ret = krb5_ret_stringz(response, &k->name);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
kcm_free(context, id);
return ret;
}
static krb5_error_code
kcm_unhold(krb5_context context, krb5_ccache id)
{
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
ret = krb5_kcm_storage_request(context, KCM_OP_RELEASE_KCRED, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_set_default(krb5_context context, krb5_ccache id)
{
krb5_error_code ret;
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
*
*/
static krb5_error_code
kcm_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, NULL, NULL);
if (ret) {
krb5_storage_free(request);
return ret;
}
krb5_storage_free(request);
KCMCURSOR(*cursor) = 0;
free(*cursor);
*cursor = NULL;
return ret;
}
static krb5_error_code
kcmss_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
kcm_ccache c = KCMCACHE(id);
KCM_ASSERT_VALID(c);
ret = krb5_copy_creds_contents(context,
&((struct kcm_creds *)cursor)->cred,
creds);
if (ret)
return ret;
*cursor = ((struct kcm_creds *)cursor)->next;
if (*cursor == 0)
ret = KRB5_CC_END;
return ret;
}
