krb5_error_code KRB5_CALLCONV krb5_stdccv3_switch_to (krb5_context context, krb5_ccache id) { krb5_error_code retval; stdccCacheDataPtr ccapi_data = id->data; int err; retval = stdccv3_setup(context, ccapi_data); if (retval) return cc_err_xlate(retval); err = cc_ccache_set_default(ccapi_data->NamedCache); return cc_err_xlate(err); }
/* * destroy * * - free our storage and the cache */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy (krb5_context context, krb5_ccache id) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { if (ccapi_data) { if (ccapi_data->cache_name) { free(ccapi_data->cache_name); } if (ccapi_data->NamedCache) { /* destroy the named cache */ err = cc_ccache_destroy(ccapi_data->NamedCache); if (err == ccErrCCacheNotFound) { err = 0; /* ccache maybe already destroyed */ } cache_changed(); } free(ccapi_data); id->data = NULL; } free(id); } return cc_err_xlate(err); }
/* * store * * store some credentials in our cache */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_union *cred_union = NULL; if (!err) { err = stdccv3_setup (context, ccapi_data); } if (!err) { /* copy the fields from the almost identical structures */ err = copy_krb5_creds_to_cc_cred_union (context, creds, &cred_union); } if (!err) { err = cc_ccache_store_credentials (ccapi_data->NamedCache, cred_union); } if (!err) { cache_changed(); } if (cred_union) { cred_union_release (cred_union); } return cc_err_xlate (err); }
/* * close * * - free our pointers to the NC */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_close(krb5_context context, krb5_ccache id) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; if (!err) { err = stdccv3_setup (context, NULL); } if (!err) { if (ccapi_data) { if (ccapi_data->cache_name) { free (ccapi_data->cache_name); } if (ccapi_data->NamedCache) { err = cc_ccache_release (ccapi_data->NamedCache); } free (ccapi_data); id->data = NULL; } free (id); } return cc_err_xlate(err); }
/* get_principal * * - return the principal associated with the named cache */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal (krb5_context context, krb5_ccache id , krb5_principal *princ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_string_t name = NULL; if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_get_principal (ccapi_data->NamedCache, cc_credentials_v5, &name); } if (!err) { err = krb5_parse_name (context, name->data, princ); } if (name) { cc_string_release (name); } return cc_err_xlate (err); }
/* * remove * * - remove the specified credentials from the NC */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove (krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *in_creds) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = NULL; int found = 0; if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache, &iterator); } /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */ while (!err && !found) { cc_credentials_t credentials = NULL; err = cc_credentials_iterator_next (iterator, &credentials); if (!err && (credentials->data->version == cc_credentials_v5)) { krb5_creds creds; err = copy_cc_cred_union_to_krb5_creds(context, credentials->data, &creds); if (!err) { found = krb5int_cc_creds_match_request(context, whichfields, in_creds, &creds); krb5_free_cred_contents (context, &creds); } if (!err && found) { err = cc_ccache_remove_credentials (ccapi_data->NamedCache, credentials); } } if (credentials) { cc_credentials_release (credentials); } } if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; } if (iterator) { err = cc_credentials_iterator_release(iterator); } if (!err) { cache_changed (); } return cc_err_xlate (err); }
/* * store * * store some credentials in our cache */ krb5_error_code KRB5_CALLCONV krb5_stdcc_store (krb5_context context, krb5_ccache id, krb5_creds *creds ) { krb5_error_code retval; stdccCacheDataPtr ccapi_data = id->data; cred_union *cu = NULL; int err; if ((retval = stdcc_setup(context, ccapi_data))) return retval; /* copy the fields from the almost identical structures */ dupK5toCC(context, creds, &cu); /* * finally store the credential * store will copy (that is duplicate) everything */ err = cc_store(gCntrlBlock, ((stdccCacheDataPtr)(id->data))->NamedCache, *cu); if (err != CC_NOERROR) return cc_err_xlate(err); /* free the cred union using our local version of cc_free_creds() since we allocated it locally */ err = krb5int_free_cc_cred_union(&cu); cache_changed(); return err; }
/* * next cred * * - get the next credential in the cache as part of an iterator call * - this maps to call to cc_seq_fetch_creds */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_t credentials = NULL; cc_credentials_iterator_t iterator = *cursor; if (!iterator) { err = KRB5_CC_END; } if (!err) { err = stdccv3_setup (context, ccapi_data); } /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */ while (!err) { err = cc_credentials_iterator_next (iterator, &credentials); if (!err && (credentials->data->version == cc_credentials_v5)) { copy_cc_cred_union_to_krb5_creds(context, credentials->data, creds); break; } } if (credentials) { cc_credentials_release (credentials); } if (err == ccIteratorEnd) { cc_credentials_iterator_release (iterator); *cursor = 0; } return cc_err_xlate (err); }
/* * resolve * * create a new cache with the name stored in residual */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = NULL; krb5_ccache ccache = NULL; char *name = NULL; if (id == NULL) { err = KRB5_CC_NOMEM; } if (!err) { err = stdccv3_setup (context, NULL); } if (!err) { ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); if (!ccapi_data) { err = KRB5_CC_NOMEM; } } if (!err) { ccache = (krb5_ccache ) malloc (sizeof (*ccache)); if (!ccache) { err = KRB5_CC_NOMEM; } } if (!err) { name = malloc (strlen(residual) + 1); if (!name) { err = KRB5_CC_NOMEM; } } if (!err) { err = cc_context_open_ccache (gCntrlBlock, residual, &ccapi_data->NamedCache); if (err == ccErrCCacheNotFound) { ccapi_data->NamedCache = NULL; err = 0; /* ccache just doesn't exist yet */ } } if (!err) { strcpy(name, residual); ccapi_data->cache_name = name; name = NULL; /* take ownership */ ccache->ops = &krb5_cc_stdcc_ops; ccache->data = ccapi_data; ccapi_data = NULL; /* take ownership */ *id = ccache; ccache = NULL; /* take ownership */ } if (ccache) { free (ccache); } if (ccapi_data) { free (ccapi_data); } if (name) { free (name); } return cc_err_xlate (err); }
/* * initialize * * initialize the cache, check to see if one already exists for this * principal if not set our principal to this principal. This * searching enables ticket sharing */ krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize (krb5_context context, krb5_ccache id, krb5_principal princ) { stdccCacheDataPtr ccapi_data = NULL; int err; char *cName = NULL; krb5_error_code retval; if ((retval = stdcc_setup(context, NULL))) return retval; /* test id for null */ if (id == NULL) return KRB5_CC_NOMEM; if ((retval = krb5_unparse_name(context, princ, &cName))) return retval; ccapi_data = id->data; if (ccapi_data->NamedCache) cc_close(gCntrlBlock, &ccapi_data->NamedCache); err = cc_create(gCntrlBlock, ccapi_data->cache_name, cName, CC_CRED_V5, 0L, &ccapi_data->NamedCache); if (err != CC_NOERROR) { krb5_free_unparsed_name(context, cName); return cc_err_xlate(err); } #if 0 /* * Some implementations don't set the principal name * correctly, so we force set it to the correct value. */ err = cc_set_principal(gCntrlBlock, ccapi_data->NamedCache, CC_CRED_V5, cName); #endif krb5_free_unparsed_name(context, cName); cache_changed(); return cc_err_xlate(err); }
/* * get_flags * * - currently a NOP since we don't store any flags in the NC */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags (krb5_context context, krb5_ccache id, krb5_flags *flags) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; err = stdccv3_setup (context, ccapi_data); return cc_err_xlate (err); }
/* * -- generate_new -------------------------------- * * create a new cache with a unique name, corresponds to creating a * named cache iniitialize the API here if we have to. */ krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new (krb5_context context, krb5_ccache *id ) { krb5_ccache newCache = NULL; krb5_error_code retval; stdccCacheDataPtr ccapi_data = NULL; char *name = NULL; cc_time_t change_time; int err; if ((retval = stdcc_setup(context, NULL))) return retval; retval = KRB5_CC_NOMEM; if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) goto errout; if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) goto errout; if (!(name = malloc(256))) goto errout; /* create a unique name */ cc_get_change_time(gCntrlBlock, &change_time); snprintf(name, 256, "gen_new_cache%d", change_time); /* create the new cache */ err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L, &ccapi_data->NamedCache); if (err != CC_NOERROR) { retval = cc_err_xlate(err); goto errout; } /* setup some fields */ newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data->cache_name = name; /* return a pointer to the new cache */ *id = newCache; return 0; errout: if (newCache) free(newCache); if (ccapi_data) free(ccapi_data); if (name) free(name); return retval; }
/* * resolve * * create a new cache with the name stored in residual */ krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve (krb5_context context, krb5_ccache *id , const char *residual ) { krb5_ccache newCache = NULL; stdccCacheDataPtr ccapi_data = NULL; int err; krb5_error_code retval; char *cName = NULL; if ((retval = stdcc_setup(context, NULL))) return retval; retval = KRB5_CC_NOMEM; if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) goto errout; if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) goto errout; if (!(cName = malloc(strlen(residual)+1))) goto errout; newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data->cache_name = cName; strcpy(cName, residual); err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L, &ccapi_data->NamedCache); if (err != CC_NOERROR) { ccapi_data->NamedCache = NULL; if (err != CC_NO_EXIST) { retval = cc_err_xlate(err); goto errout; } } /* return new cache structure */ *id = newCache; return 0; errout: if (newCache) free(newCache); if (ccapi_data) free(ccapi_data); if (cName) free(cName); return retval; }
krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock (krb5_context context) { krb5_error_code err = 0; if (!err && !gCntrlBlock) { err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL); } if (!err) { err = cc_context_unlock(gCntrlBlock); } return cc_err_xlate(err); }
static krb5_error_code stdcc_setup(krb5_context context, stdccCacheDataPtr ccapi_data) { int err; /* make sure the API has been intialized */ if (gCntrlBlock == NULL) { #ifdef CC_API_VER2 err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL); #else err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL); #endif if (err != CC_NOERROR) return cc_err_xlate(err); } /* * No ccapi_data structure, so we don't need to make sure the * ccache exists. */ if (!ccapi_data) return 0; /* * The ccache already exists */ if (ccapi_data->NamedCache) return 0; err = cc_open(gCntrlBlock, ccapi_data->cache_name, CC_CRED_V5, 0L, &ccapi_data->NamedCache); if (err == CC_NOTFOUND) err = CC_NO_EXIST; if (err == CC_NOERROR) return 0; ccapi_data->NamedCache = NULL; return cc_err_xlate(err); }
krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock (krb5_context context, krb5_ccache id) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_unlock(ccapi_data->NamedCache); } return cc_err_xlate(err); }
/* * initialize * * initialize the cache, check to see if one already exists for this * principal if not set our principal to this principal. This * searching enables ticket sharing */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize (krb5_context context, krb5_ccache id, krb5_principal princ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; char *name = NULL; cc_ccache_t ccache = NULL; if (id == NULL) { err = KRB5_CC_NOMEM; } if (!err) { err = stdccv3_setup (context, NULL); } if (!err) { err = krb5_unparse_name(context, princ, &name); } if (!err) { err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, cc_credentials_v5, name, &ccache); } if (!err) { err = stdccv3_set_timeoffset (context, ccache); } if (!err) { if (ccapi_data->NamedCache) { err = cc_ccache_release (ccapi_data->NamedCache); } ccapi_data->NamedCache = ccache; ccache = NULL; /* take ownership */ cache_changed (); } if (ccache) { cc_ccache_release (ccache); } if (name ) { krb5_free_unparsed_name(context, name); } return cc_err_xlate(err); }
/* * end seq * * just free up the storage assoicated with the cursor (if we can) */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = *cursor; if (!iterator) { return 0; } if (!err) { err = stdccv3_setup (context, ccapi_data); } if (!err) { err = cc_credentials_iterator_release(iterator); } return cc_err_xlate(err); }
/* * next cred * * - get the next credential in the cache as part of an iterator call * - this maps to call to cc_seq_fetch_creds */ krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code retval; stdccCacheDataPtr ccapi_data = id->data; int err; cred_union *credU = NULL; ccache_cit *iterator; if ((retval = stdcc_setup(context, ccapi_data))) return retval; #ifdef CC_API_VER2 iterator = *cursor; if (iterator == 0) return KRB5_CC_END; err = cc_seq_fetch_creds_next(gCntrlBlock, &credU, iterator); if (err == CC_END) { cc_seq_fetch_creds_end(gCntrlBlock, &iterator); *cursor = 0; } #else err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache, &credU, (ccache_cit **)cursor); #endif if (err != CC_NOERROR) return cc_err_xlate(err); /* copy data (with translation) */ dupCCtoK5(context, credU->cred.pV5Cred, creds); /* free our version of the cred - okay to use cc_free_creds() here because we got it from the CCache library */ cc_free_creds(gCntrlBlock, &credU); return 0; }
krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp *change_time) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_time_t ccapi_change_time = 0; *change_time = 0; if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_get_change_time (ccapi_data->NamedCache, &ccapi_change_time); } if (!err) { *change_time = ccapi_change_time; } return cc_err_xlate (err); }
/* * start_seq_get * * begin an iterator call to get all of the credentials in the cache */ krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get (krb5_context context, krb5_ccache id , krb5_cc_cursor *cursor ) { stdccCacheDataPtr ccapi_data = id->data; krb5_error_code retval; int err; ccache_cit *iterator; if ((retval = stdcc_setup(context, ccapi_data))) return retval; #ifdef CC_API_VER2 err = cc_seq_fetch_creds_begin(gCntrlBlock, ccapi_data->NamedCache, &iterator); if (err != CC_NOERROR) return cc_err_xlate(err); *cursor = iterator; #else /* all we have to do is initialize the cursor */ *cursor = NULL; #endif return 0; }
krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) { krb5_error_code err = 0; krb5_cc_ptcursor ptcursor = NULL; cc_ccache_iterator_t iterator = NULL; ptcursor = malloc(sizeof(*ptcursor)); if (ptcursor == NULL) { err = ccErrNoMem; } else { memset(ptcursor, 0, sizeof(*ptcursor)); } if (!err) { err = stdccv3_setup(context, NULL); } if (!err) { ptcursor->ops = &krb5_cc_stdcc_ops; err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator); } if (!err) { ptcursor->data = iterator; } if (err) { if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); } // krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us } *cursor = ptcursor; return cc_err_xlate(err); }
/* * start_seq_get * * begin an iterator call to get all of the credentials in the cache */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = NULL; if (!err) { err = stdccv3_setup (context, ccapi_data); } if (!err) { err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache, &iterator); } if (!err) { *cursor = iterator; } return cc_err_xlate (err); }
krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_next( krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache) { krb5_error_code err = 0; cc_ccache_iterator_t iterator = NULL; krb5_ccache newCache = NULL; stdccCacheDataPtr ccapi_data = NULL; cc_ccache_t ccCache = NULL; cc_string_t ccstring = NULL; char *name = NULL; if (!cursor || !cursor->data) { err = ccErrInvalidContext; } *ccache = NULL; if (!err) { newCache = (krb5_ccache) malloc (sizeof (*newCache)); if (!newCache) { err = ccErrNoMem; } } if (!err) { ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); if (!ccapi_data) { err = ccErrNoMem; } } if (!err) { iterator = cursor->data; err = cc_ccache_iterator_next(iterator, &ccCache); } if (!err) { err = cc_ccache_get_name (ccCache, &ccstring); } if (!err) { name = strdup (ccstring->data); if (!name) { err = ccErrNoMem; } } if (!err) { ccapi_data->cache_name = name; name = NULL; /* take ownership */ ccapi_data->NamedCache = ccCache; ccCache = NULL; /* take ownership */ newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data = NULL; /* take ownership */ /* return a pointer to the new cache */ *ccache = newCache; newCache = NULL; } if (name) { free (name); } if (ccstring) { cc_string_release (ccstring); } if (ccCache) { cc_ccache_release (ccCache); } if (ccapi_data) { free (ccapi_data); } if (newCache) { free (newCache); } if (err == ccIteratorEnd) { err = ccNoError; } return cc_err_xlate(err); }
/* * -- generate_new -------------------------------- * * create a new cache with a unique name, corresponds to creating a * named cache initialize the API here if we have to. */ krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) { krb5_error_code err = 0; krb5_ccache newCache = NULL; stdccCacheDataPtr ccapi_data = NULL; cc_ccache_t ccache = NULL; cc_string_t ccstring = NULL; char *name = NULL; if (!err) { err = stdccv3_setup(context, NULL); } if (!err) { newCache = (krb5_ccache) malloc (sizeof (*newCache)); if (!newCache) { err = KRB5_CC_NOMEM; } } if (!err) { ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); if (!ccapi_data) { err = KRB5_CC_NOMEM; } } if (!err) { err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "", &ccache); } if (!err) { err = stdccv3_set_timeoffset (context, ccache); } if (!err) { err = cc_ccache_get_name (ccache, &ccstring); } if (!err) { name = strdup (ccstring->data); if (!name) { err = KRB5_CC_NOMEM; } } if (!err) { ccapi_data->cache_name = name; name = NULL; /* take ownership */ ccapi_data->NamedCache = ccache; ccache = NULL; /* take ownership */ newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data = NULL; /* take ownership */ /* return a pointer to the new cache */ *id = newCache; newCache = NULL; } if (ccstring) { cc_string_release (ccstring); } if (name) { free (name); } if (ccache) { cc_ccache_release (ccache); } if (ccapi_data) { free (ccapi_data); } if (newCache) { free (newCache); } return cc_err_xlate (err); }