static krb5_error_code
kcm_op_get_default_cache(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
struct kcm_default_cache *c;
krb5_error_code ret;
const char *name = NULL;
char *n = NULL;
KCM_LOG_REQUEST(context, client, opcode);
for (c = default_caches; c != NULL; c = c->next) {
if (kcm_is_same_session(client, c->uid, c->session)) {
name = c->name;
break;
}
}
if (name == NULL)
name = n = kcm_ccache_first_name(client);
if (name == NULL) {
asprintf(&n, "%d", (int)client->uid);
name = n;
}
if (name == NULL)
return ENOMEM;
ret = krb5_store_stringz(response, name);
if (n)
free(n);
return ret;
}
static krb5_error_code
kcm_op_get_cache_by_uuid(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_error_code ret;
kcmuuid_t uuid;
ssize_t sret;
kcm_ccache cache;
KCM_LOG_REQUEST(context, client, opcode);
sret = krb5_storage_read(request, &uuid, sizeof(uuid));
if (sret != sizeof(uuid)) {
krb5_clear_error_message(context);
return KRB5_CC_IO;
}
ret = kcm_ccache_resolve_by_uuid(context, uuid, &cache);
if (ret)
return ret;
ret = kcm_access(context, client, opcode, cache);
if (ret)
ret = KRB5_FCC_NOFILE;
if (ret == 0)
ret = krb5_store_stringz(response, cache->name);
kcm_release_ccache(context, cache);
return ret;
}
/*
* Request:
* NameZ
* Principal
*
* Response:
*
*/
static krb5_error_code
kcm_op_initialize(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
kcm_ccache ccache;
krb5_principal principal;
krb5_error_code ret;
char *name;
#if 0
kcm_event event;
#endif
KCM_LOG_REQUEST(context, client, opcode);
ret = krb5_ret_stringz(request, &name);
if (ret)
return ret;
ret = krb5_ret_principal(request, &principal);
if (ret) {
free(name);
return ret;
}
ret = kcm_ccache_new_client(context, client, name, &ccache);
if (ret) {
free(name);
krb5_free_principal(context, principal);
return ret;
}
ccache->client = principal;
free(name);
#if 0
/*
* Create a new credentials cache. To mitigate DoS attacks we will
* expire it in 30 minutes unless it has some credentials added
* to it
*/
event.fire_time = 30 * 60;
event.expire_time = 0;
event.backoff_time = 0;
event.action = KCM_EVENT_DESTROY_EMPTY_CACHE;
event.ccache = ccache;
ret = kcm_enqueue_event_relative(context, &event);
#endif
kcm_release_ccache(context, ccache);
return ret;
}
static krb5_error_code
kcm_op_noop(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
KCM_LOG_REQUEST(context, client, opcode);
return 0;
}
static krb5_error_code
kcm_op_get_cache_uuid_list(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
KCM_LOG_REQUEST(context, client, opcode);
return kcm_ccache_get_uuids(context, client, opcode, response);
}
/*
* Request:
*
* Response:
* NameZ
*/
static krb5_error_code
kcm_op_gen_new(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_error_code ret;
char *name;
KCM_LOG_REQUEST(context, client, opcode);
name = kcm_ccache_nextid(client->pid, client->uid, client->gid);
if (name == NULL) {
return KRB5_CC_NOMEM;
}
ret = krb5_store_stringz(response, name);
free(name);
return ret;
}
