/* * Request: * NameZ * Cursor * * Response: * Creds */ static krb5_error_code kcm_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_kcm_cursor c = KCMCURSOR(*cursor); krb5_storage *request, *response; krb5_data response_data; ssize_t sret; again: if (c->offset >= c->length) return KRB5_CC_END; ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } sret = krb5_storage_write(request, &c->uuids[c->offset], sizeof(c->uuids[c->offset])); c->offset++; if (sret != sizeof(c->uuids[c->offset])) { krb5_storage_free(request); krb5_clear_error_message(context); return ENOMEM; } ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); if (ret == KRB5_CC_END) { goto again; } else if (ret) return ret; ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
/* * Request: * NameZ * WhichFields * MatchCreds * * Response: * Creds * */ static krb5_error_code kcm_retrieve(krb5_context context, krb5_ccache id, krb5_flags which, const krb5_creds *mcred, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, which); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_creds_tag(request, rk_UNCONST(mcred)); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
/* * Request: * NameZ * Creds * * Response: * */ static krb5_error_code kcm_op_store(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { krb5_creds creds; krb5_error_code ret; kcm_ccache ccache; char *name; ret = krb5_ret_stringz(request, &name); if (ret) return ret; KCM_LOG_REQUEST_NAME(context, client, opcode, name); ret = krb5_ret_creds(request, &creds); if (ret) { free(name); return ret; } ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); if (ret) { free(name); krb5_free_cred_contents(context, &creds); return ret; } ret = kcm_ccache_store_cred(context, ccache, &creds, 0); if (ret) { free(name); krb5_free_cred_contents(context, &creds); kcm_release_ccache(context, ccache); return ret; } kcm_ccache_enqueue_default(context, ccache, &creds); free(name); kcm_release_ccache(context, ccache); return 0; }
static krb5_error_code fcc_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0) return ret; ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds); if (ret) krb5_clear_error_message(context); fcc_unlock(context, FCC_CURSOR(*cursor)->fd); return ret; }
/* * Request: * NameZ * Cursor * * Response: * Creds */ static krb5_error_code kcm_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request); if (ret) return ret; ret = krb5_store_stringz(request, k->name); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_store_int32(request, KCMCURSOR(*cursor)); if (ret) { krb5_storage_free(request); return ret; } ret = kcm_call(context, k, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; } ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); return ret; }
static krb5_error_code decode_creds(krb5_context context, const void *data, size_t length, krb5_creds *creds) { krb5_error_code ret; krb5_storage *sp; sp = krb5_storage_from_readonly_mem(data, length); if (sp == NULL) return krb5_enomem(context); ret = krb5_ret_creds(sp, creds); krb5_storage_free(sp); if (ret) { krb5_set_error_message(context, ret, N_("Failed to read credential in scache", "")); return ret; } return 0; }
static krb5_error_code KRB5_CALLCONV xcc_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { struct xcc_cursor *c = *cursor; krb5_error_code ret; krb5_storage *sp; HeimCredRef cred; CFDataRef data; if (c->array == NULL) return KRB5_CC_END; next: if (c->offset >= CFArrayGetCount(c->array)) return KRB5_CC_END; cred = (HeimCredRef)CFArrayGetValueAtIndex(c->array, c->offset++); if (cred == NULL) return KRB5_CC_END; data = HeimCredCopyAttribute(cred, kHEIMAttrData); if (data == NULL) { goto next; } sp = krb5_storage_from_readonly_mem(CFDataGetBytePtr(data), CFDataGetLength(data)); if (sp == NULL) { CFRELEASE_NULL(data); return KRB5_CC_END; } ret = krb5_ret_creds(sp, creds); krb5_storage_free(sp); CFRELEASE_NULL(data); return ret; }
OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_cred(OM_uint32 * minor_status, gss_buffer_t cred_token, gss_cred_id_t * cred_handle) { krb5_context context; krb5_error_code ret; gsskrb5_cred handle; krb5_ccache id; krb5_storage *sp; char *str; uint32_t type; int flags = 0; *cred_handle = GSS_C_NO_CREDENTIAL; GSSAPI_KRB5_INIT (&context); sp = krb5_storage_from_mem(cred_token->value, cred_token->length); if (sp == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } ret = krb5_ret_uint32(sp, &type); if (ret) { krb5_storage_free(sp); *minor_status = ret; return GSS_S_FAILURE; } switch (type) { case 0: { krb5_creds creds; ret = krb5_ret_creds(sp, &creds); krb5_storage_free(sp); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } ret = krb5_cc_new_unique(context, "API", NULL, &id); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } ret = krb5_cc_initialize(context, id, creds.client); if (ret) { krb5_cc_destroy(context, id); *minor_status = ret; return GSS_S_FAILURE; } ret = krb5_cc_store_cred(context, id, &creds); krb5_free_cred_contents(context, &creds); if (ret) { krb5_cc_destroy(context, id); *minor_status = ret; return GSS_S_FAILURE; } flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; break; } case 1: ret = krb5_ret_string(sp, &str); krb5_storage_free(sp); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } ret = krb5_cc_resolve(context, str, &id); krb5_xfree(str); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } break; default: krb5_storage_free(sp); *minor_status = 0; return GSS_S_NO_CRED; } handle = calloc(1, sizeof(*handle)); if (handle == NULL) { krb5_cc_close(context, id); *minor_status = ENOMEM; return GSS_S_FAILURE; } handle->usage = GSS_C_INITIATE; krb5_cc_get_principal(context, id, &handle->principal); handle->ccache = id; handle->cred_flags = flags; if (handle->principal) __gsskrb5_ccache_lifetime(minor_status, context, id, handle->principal, &handle->endtime); *cred_handle = (gss_cred_id_t)handle; return GSS_S_COMPLETE; }