/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_kcm_cursor c = KCMCURSOR(*cursor);
krb5_storage *request, *response;
krb5_data response_data;
ssize_t sret;
again:
if (c->offset >= c->length)
return KRB5_CC_END;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
sret = krb5_storage_write(request,
&c->uuids[c->offset],
sizeof(c->uuids[c->offset]));
c->offset++;
if (sret != sizeof(c->uuids[c->offset])) {
krb5_storage_free(request);
krb5_clear_error_message(context);
return ENOMEM;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret == KRB5_CC_END) {
goto again;
} else if (ret)
return ret;
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
/*
* Request:
* NameZ
* WhichFields
* MatchCreds
*
* Response:
* Creds
*
*/
static krb5_error_code
kcm_retrieve(krb5_context context,
krb5_ccache id,
krb5_flags which,
const krb5_creds *mcred,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, which);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
/*
* Request:
* NameZ
* Creds
*
* Response:
*
*/
static krb5_error_code
kcm_op_store(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_creds creds;
krb5_error_code ret;
kcm_ccache ccache;
char *name;
ret = krb5_ret_stringz(request, &name);
if (ret)
return ret;
KCM_LOG_REQUEST_NAME(context, client, opcode, name);
ret = krb5_ret_creds(request, &creds);
if (ret) {
free(name);
return ret;
}
ret = kcm_ccache_resolve_client(context, client, opcode,
name, &ccache);
if (ret) {
free(name);
krb5_free_cred_contents(context, &creds);
return ret;
}
ret = kcm_ccache_store_cred(context, ccache, &creds, 0);
if (ret) {
free(name);
krb5_free_cred_contents(context, &creds);
kcm_release_ccache(context, ccache);
return ret;
}
kcm_ccache_enqueue_default(context, ccache, &creds);
free(name);
kcm_release_ccache(context, ccache);
return 0;
}
static krb5_error_code
fcc_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
return ret;
ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
if (ret)
krb5_clear_error_message(context);
fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
static krb5_error_code
decode_creds(krb5_context context, const void *data, size_t length,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_from_readonly_mem(data, length);
if (sp == NULL)
return krb5_enomem(context);
ret = krb5_ret_creds(sp, creds);
krb5_storage_free(sp);
if (ret) {
krb5_set_error_message(context, ret,
N_("Failed to read credential in scache", ""));
return ret;
}
return 0;
}
static krb5_error_code KRB5_CALLCONV
xcc_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
struct xcc_cursor *c = *cursor;
krb5_error_code ret;
krb5_storage *sp;
HeimCredRef cred;
CFDataRef data;
if (c->array == NULL)
return KRB5_CC_END;
next:
if (c->offset >= CFArrayGetCount(c->array))
return KRB5_CC_END;
cred = (HeimCredRef)CFArrayGetValueAtIndex(c->array, c->offset++);
if (cred == NULL)
return KRB5_CC_END;
data = HeimCredCopyAttribute(cred, kHEIMAttrData);
if (data == NULL) {
goto next;
}
sp = krb5_storage_from_readonly_mem(CFDataGetBytePtr(data), CFDataGetLength(data));
if (sp == NULL) {
CFRELEASE_NULL(data);
return KRB5_CC_END;
}
ret = krb5_ret_creds(sp, creds);
krb5_storage_free(sp);
CFRELEASE_NULL(data);
return ret;
}
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_import_cred(OM_uint32 * minor_status,
gss_buffer_t cred_token,
gss_cred_id_t * cred_handle)
{
krb5_context context;
krb5_error_code ret;
gsskrb5_cred handle;
krb5_ccache id;
krb5_storage *sp;
char *str;
uint32_t type;
int flags = 0;
*cred_handle = GSS_C_NO_CREDENTIAL;
GSSAPI_KRB5_INIT (&context);
sp = krb5_storage_from_mem(cred_token->value, cred_token->length);
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ret = krb5_ret_uint32(sp, &type);
if (ret) {
krb5_storage_free(sp);
*minor_status = ret;
return GSS_S_FAILURE;
}
switch (type) {
case 0: {
krb5_creds creds;
ret = krb5_ret_creds(sp, &creds);
krb5_storage_free(sp);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_cc_new_unique(context, "API", NULL, &id);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_cc_initialize(context, id, creds.client);
if (ret) {
krb5_cc_destroy(context, id);
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_cc_store_cred(context, id, &creds);
krb5_free_cred_contents(context, &creds);
if (ret) {
krb5_cc_destroy(context, id);
*minor_status = ret;
return GSS_S_FAILURE;
}
flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
break;
}
case 1:
ret = krb5_ret_string(sp, &str);
krb5_storage_free(sp);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_cc_resolve(context, str, &id);
krb5_xfree(str);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
break;
default:
krb5_storage_free(sp);
*minor_status = 0;
return GSS_S_NO_CRED;
}
handle = calloc(1, sizeof(*handle));
if (handle == NULL) {
krb5_cc_close(context, id);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
handle->usage = GSS_C_INITIATE;
krb5_cc_get_principal(context, id, &handle->principal);
handle->ccache = id;
handle->cred_flags = flags;
if (handle->principal)
__gsskrb5_ccache_lifetime(minor_status, context,
id, handle->principal,
&handle->endtime);
*cred_handle = (gss_cred_id_t)handle;
return GSS_S_COMPLETE;
}
