static krb5_error_code kcm_op_get_default_cache(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { struct kcm_default_cache *c; krb5_error_code ret; const char *name = NULL; char *n = NULL; KCM_LOG_REQUEST(context, client, opcode); for (c = default_caches; c != NULL; c = c->next) { if (kcm_is_same_session(client, c->uid, c->session)) { name = c->name; break; } } if (name == NULL) name = n = kcm_ccache_first_name(client); if (name == NULL) { asprintf(&n, "%d", (int)client->uid); name = n; } if (name == NULL) return ENOMEM; ret = krb5_store_stringz(response, name); if (n) free(n); return ret; }
static krb5_error_code kcm_op_get_cache_by_uuid(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { krb5_error_code ret; kcmuuid_t uuid; ssize_t sret; kcm_ccache cache; KCM_LOG_REQUEST(context, client, opcode); sret = krb5_storage_read(request, &uuid, sizeof(uuid)); if (sret != sizeof(uuid)) { krb5_clear_error_message(context); return KRB5_CC_IO; } ret = kcm_ccache_resolve_by_uuid(context, uuid, &cache); if (ret) return ret; ret = kcm_access(context, client, opcode, cache); if (ret) ret = KRB5_FCC_NOFILE; if (ret == 0) ret = krb5_store_stringz(response, cache->name); kcm_release_ccache(context, cache); return ret; }
/* * Request: * NameZ * Principal * * Response: * */ static krb5_error_code kcm_op_initialize(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { kcm_ccache ccache; krb5_principal principal; krb5_error_code ret; char *name; #if 0 kcm_event event; #endif KCM_LOG_REQUEST(context, client, opcode); ret = krb5_ret_stringz(request, &name); if (ret) return ret; ret = krb5_ret_principal(request, &principal); if (ret) { free(name); return ret; } ret = kcm_ccache_new_client(context, client, name, &ccache); if (ret) { free(name); krb5_free_principal(context, principal); return ret; } ccache->client = principal; free(name); #if 0 /* * Create a new credentials cache. To mitigate DoS attacks we will * expire it in 30 minutes unless it has some credentials added * to it */ event.fire_time = 30 * 60; event.expire_time = 0; event.backoff_time = 0; event.action = KCM_EVENT_DESTROY_EMPTY_CACHE; event.ccache = ccache; ret = kcm_enqueue_event_relative(context, &event); #endif kcm_release_ccache(context, ccache); return ret; }
static krb5_error_code kcm_op_noop(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { KCM_LOG_REQUEST(context, client, opcode); return 0; }
static krb5_error_code kcm_op_get_cache_uuid_list(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { KCM_LOG_REQUEST(context, client, opcode); return kcm_ccache_get_uuids(context, client, opcode, response); }
/* * Request: * * Response: * NameZ */ static krb5_error_code kcm_op_gen_new(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { krb5_error_code ret; char *name; KCM_LOG_REQUEST(context, client, opcode); name = kcm_ccache_nextid(client->pid, client->uid, client->gid); if (name == NULL) { return KRB5_CC_NOMEM; } ret = krb5_store_stringz(response, name); free(name); return ret; }