#include "krb5_locl.h"
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops,
krb5_boolean override)
{
int i;
for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) {
if(strcmp(context->cc_ops[i]->prefix, ops->prefix) == 0) {
if(!override) {
krb5_set_error_message(context,
KRB5_CC_TYPE_EXISTS,
N_("cache type %s already exists", "type"),
ops->prefix);
return KRB5_CC_TYPE_EXISTS;
}
break;
}
}
if(i == context->num_cc_ops) {
const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops),
(context->num_cc_ops + 1) *
sizeof(context->cc_ops[0]));
if(o == NULL) {
krb5_set_error_message(context, KRB5_CC_NOMEM,
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
context->cc_ops = o;
context->cc_ops[context->num_cc_ops] = NULL;
context->num_cc_ops++;
}
context->cc_ops[i] = ops;
return 0;
}
krb5_error_code
_krb5_cc_allocate(krb5_context context,
const krb5_cc_ops *ops,
krb5_ccache *id)
{
krb5_ccache p;
p = malloc (sizeof(*p));
if(p == NULL) {
krb5_set_error_message(context, KRB5_CC_NOMEM,
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
p->ops = ops;
*id = p;
return 0;
}
static krb5_error_code
allocate_ccache (krb5_context context,
const krb5_cc_ops *ops,
const char *residual,
krb5_ccache *id)
{
krb5_error_code ret;
#ifdef KRB5_USE_PATH_TOKENS
char * exp_residual = NULL;
ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
if (ret)
return ret;
residual = exp_residual;
#endif
ret = _krb5_cc_allocate(context, ops, id);
if (ret) {
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret;
}
ret = (*id)->ops->resolve(context, id, residual);
if(ret) {
free(*id);
*id = NULL;
}
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret;
}
static int
is_possible_path_name(const char * name)
{
const char * colon;
if ((colon = strchr(name, ':')) == NULL)
return TRUE;
#ifdef _WIN32
if (colon == name + 1 &&
strchr(colon + 1, ':') == NULL)
return TRUE;
#endif
return FALSE;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_resolve(krb5_context context,
const char *name,
krb5_ccache *id)
{
int i;
*id = NULL;
for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) {
size_t prefix_len = strlen(context->cc_ops[i]->prefix);
if(strncmp(context->cc_ops[i]->prefix, name, prefix_len) == 0
&& name[prefix_len] == ':') {
return allocate_ccache (context, context->cc_ops[i],
name + prefix_len + 1,
id);
}
}
if (is_possible_path_name(name))
return allocate_ccache (context, &krb5_fcc_ops, name, id);
else {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
N_("unknown ccache type %s", "name"), name);
return KRB5_CC_UNKNOWN_TYPE;
}
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id)
{
const krb5_cc_ops *ops;
krb5_error_code ret;
ops = krb5_cc_get_prefix_ops(context, type);
if (ops == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"Credential cache type %s is unknown", type);
return KRB5_CC_UNKNOWN_TYPE;
}
ret = _krb5_cc_allocate(context, ops, id);
if (ret)
return ret;
ret = (*id)->ops->gen_new(context, id);
if (ret) {
free(*id);
*id = NULL;
}
return ret;
}
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_name(krb5_context context,
krb5_ccache id)
{
return id->ops->get_name(context, id);
}
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_type(krb5_context context,
krb5_ccache id)
{
return id->ops->prefix;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_full_name(krb5_context context,
krb5_ccache id,
char **str)
{
const char *type, *name;
*str = NULL;
type = krb5_cc_get_type(context, id);
if (type == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"cache have no name of type");
return KRB5_CC_UNKNOWN_TYPE;
}
name = krb5_cc_get_name(context, id);
if (name == NULL) {
krb5_set_error_message(context, KRB5_CC_BADNAME,
"cache of type %s have no name", type);
return KRB5_CC_BADNAME;
}
if (asprintf(str, "%s:%s", type, name) == -1) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
*str = NULL;
return ENOMEM;
}
return 0;
}
KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_ops(krb5_context context, krb5_ccache id)
{
return id->ops;
}
krb5_error_code
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
{
return _krb5_expand_path_tokens(context, str, res);
}
static int
environment_changed(krb5_context context)
{
const char *e;
if (context->default_cc_name_set)
return 0;
if (context->default_cc_name &&
(strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
strncmp(context->default_cc_name, "API:", 4) == 0 ||
strncmp(context->default_cc_name, "KCC:", 4) == 0))
return 1;
if(issuid())
return 0;
e = getenv("KRB5CCNAME");
if (e == NULL) {
if (context->default_cc_name_env) {
free(context->default_cc_name_env);
context->default_cc_name_env = NULL;
return 1;
}
} else {
if (context->default_cc_name_env == NULL)
return 1;
if (strcmp(e, context->default_cc_name_env) != 0)
return 1;
}
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
#ifdef _WIN32
_krb5_set_default_cc_name_to_registry(context, id);
#endif
if (id->ops->set_default == NULL)
return 0;
return (*id->ops->set_default)(context, id);
}
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_cc_support_switch(krb5_context context, const char *type)
{
const krb5_cc_ops *ops;
ops = krb5_cc_get_prefix_ops(context, type);
if (ops && ops->set_default)
return 1;
return FALSE;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_default_name(krb5_context context, const char *name)
{
krb5_error_code ret = 0;
char *p = NULL, *exp_p = NULL;
if (name == NULL) {
const char *e = NULL;
if(!issuid()) {
e = getenv("KRB5CCPRINCIPAL");
if (e) {
krb5_principal client;
krb5_ccache id;
ret = krb5_parse_name(context, e, &client);
if (ret)
return ret;
ret = krb5_cc_cache_match(context, client, &id);
if (ret == 0) {
krb5_cc_get_full_name(context, id, &p);
krb5_cc_close(context, id);
}
}
if (p == NULL) {
e = getenv("KRB5CCNAME");
if (e)
p = strdup(e);
}
if (p) {
if (context->default_cc_name_env)
free(context->default_cc_name_env);
context->default_cc_name_env = strdup(p);
}
}
#ifdef _WIN32
if (e == NULL) {
e = p = _krb5_get_default_cc_name_from_registry(context);
}
#endif
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_name", NULL);
if (e) {
ret = _krb5_expand_default_cc_name(context, e, &p);
if (ret)
return ret;
}
if (e == NULL) {
const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_type", NULL);
if (e) {
ops = krb5_cc_get_prefix_ops(context, e);
if (ops == NULL) {
krb5_set_error_message(context,
KRB5_CC_UNKNOWN_TYPE,
"Credential cache type %s "
"is unknown", e);
return KRB5_CC_UNKNOWN_TYPE;
}
}
ret = (*ops->get_default_name)(context, &p);
if (ret)
return ret;
}
}
context->default_cc_name_set = 0;
} else {
p = strdup(name);
context->default_cc_name_set = 1;
}
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
ret = _krb5_expand_path_tokens(context, p, &exp_p);
free(p);
if (ret)
return ret;
if (context->default_cc_name)
free(context->default_cc_name);
context->default_cc_name = exp_p;
return 0;
}
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_default_name(krb5_context context)
{
if (context->default_cc_name == NULL || environment_changed(context))
krb5_cc_set_default_name(context, NULL);
return context->default_cc_name;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_default(krb5_context context,
krb5_ccache *id)
{
const char *p = krb5_cc_default_name(context);
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
return krb5_cc_resolve(context, p, id);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
return (*id->ops->init)(context, id, primary_principal);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_destroy(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
ret = (*id->ops->destroy)(context, id);
krb5_cc_close (context, id);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_close(krb5_context context,
krb5_ccache id)
{
krb5_error_code ret;
ret = (*id->ops->close)(context, id);
free(id);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
return (*id->ops->store)(context, id, creds);
}
static krb5_error_code
retrieve_cred(krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
const krb5_creds *mcreds,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_cc_cursor cursor;
ret = krb5_cc_start_seq_get(context, id, &cursor);
if (ret)
return ret;
while ((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0) {
if (krb5_compare_creds(context, whichfields, mcreds, creds)) {
ret = 0;
break;
}
krb5_free_cred_contents(context, creds);
}
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_retrieve_cred(krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
const krb5_creds *mcreds,
krb5_creds *creds)
{
krb5_error_code ret;
if (id->ops->retrieve != NULL) {
ret = id->ops->retrieve(context, id, whichfields, mcreds, creds);
} else {
ret = retrieve_cred(context, id, whichfields, mcreds, creds);
if ((ret == KRB5_CC_END) && (whichfields & KRB5_TC_MATCH_REFERRAL))
ret = retrieve_cred(context, id,
whichfields | KRB5_TC_DONT_MATCH_REALM,
mcreds, creds);
}
if (ret == KRB5_CC_END) {
char *fn = NULL, *name = NULL;
ret = KRB5_CC_NOTFOUND;
krb5_cc_get_full_name(context, id, &fn);
krb5_unparse_name(context, mcreds->server, &name);
krb5_set_error_message(context, ret, "Did not find credential for %s in cache %s",
name ? name : "server",
fn ? fn : "unknown");
free(fn);
free(name);
}
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
{
return (*id->ops->get_princ)(context, id, principal);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_start_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
{
return (*id->ops->get_first)(context, id, cursor);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_next_cred (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
return (*id->ops->get_next)(context, id, cursor, creds);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_end_seq_get (krb5_context context,
const krb5_ccache id,
krb5_cc_cursor *cursor)
{
return (*id->ops->end_get)(context, id, cursor);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
krb5_creds *cred)
{
if(id->ops->remove_cred == NULL) {
krb5_set_error_message(context,
EACCES,
"ccache %s does not support remove_cred",
id->ops->prefix);
return EACCES;
}
return (*id->ops->remove_cred)(context, id, which, cred);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
{
return (*id->ops->set_flags)(context, id, flags);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_flags(krb5_context context,
krb5_ccache id,
krb5_flags *flags)
{
*flags = 0;
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_match_f(krb5_context context,
const krb5_ccache from,
krb5_ccache to,
krb5_boolean (*match)(krb5_context, void *, const krb5_creds *),
void *matchctx,
unsigned int *matched)
{
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds cred;
krb5_principal princ;
if (matched)
*matched = 0;
ret = krb5_cc_get_principal(context, from, &princ);
if (ret)
return ret;
ret = krb5_cc_initialize(context, to, princ);
if (ret) {
krb5_free_principal(context, princ);
return ret;
}
ret = krb5_cc_start_seq_get(context, from, &cursor);
if (ret) {
krb5_free_principal(context, princ);
return ret;
}
while ((ret = krb5_cc_next_cred(context, from, &cursor, &cred)) == 0) {
if (match == NULL || (*match)(context, matchctx, &cred) == 0) {
if (matched)
(*matched)++;
ret = krb5_cc_store_cred(context, to, &cred);
if (ret)
break;
}
krb5_free_cred_contents(context, &cred);
}
krb5_cc_end_seq_get(context, from, &cursor);
krb5_free_principal(context, princ);
if (ret == KRB5_CC_END)
ret = 0;
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from,
krb5_ccache to)
{
return krb5_cc_copy_match_f(context, from, to, NULL, NULL, NULL);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_version(krb5_context context,
const krb5_ccache id)
{
if(id->ops->get_version)
return (*id->ops->get_version)(context, id);
else
return 0;
}
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_cc_clear_mcred(krb5_creds *mcred)
{
memset(mcred, 0, sizeof(*mcred));
}
KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
{
char *p, *p1;
int i;
if (prefix == NULL)
return KRB5_DEFAULT_CCTYPE;
if (prefix[0] == '/')
return &krb5_fcc_ops;
p = strdup(prefix);
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return NULL;
}
p1 = strchr(p, ':');
if (p1)
*p1 = '\0';
for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) {
if(strcmp(context->cc_ops[i]->prefix, p) == 0) {
free(p);
return context->cc_ops[i];
}
}
free(p);
return NULL;
}
struct krb5_cc_cache_cursor_data {
const krb5_cc_ops *ops;
krb5_cc_cursor cursor;
};
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_get_first (krb5_context context,
const char *type,
krb5_cc_cache_cursor *cursor)
{
const krb5_cc_ops *ops;
krb5_error_code ret;
if (type == NULL)
type = krb5_cc_default_name(context);
ops = krb5_cc_get_prefix_ops(context, type);
if (ops == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"Unknown type \"%s\" when iterating "
"trying to iterate the credential caches", type);
return KRB5_CC_UNKNOWN_TYPE;
}
if (ops->get_cache_first == NULL) {
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Credential cache type %s doesn't support "
"iterations over caches", "type"),
ops->prefix);
return KRB5_CC_NOSUPP;
}
*cursor = calloc(1, sizeof(**cursor));
if (*cursor == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
(*cursor)->ops = ops;
ret = ops->get_cache_first(context, &(*cursor)->cursor);
if (ret) {
free(*cursor);
*cursor = NULL;
}
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_next (krb5_context context,
krb5_cc_cache_cursor cursor,
krb5_ccache *id)
{
return cursor->ops->get_cache_next(context, cursor->cursor, id);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_end_seq_get (krb5_context context,
krb5_cc_cache_cursor cursor)
{
krb5_error_code ret;
ret = cursor->ops->end_cache_get(context, cursor->cursor);
cursor->ops = NULL;
free(cursor);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_match (krb5_context context,
krb5_principal client,
krb5_ccache *id)
{
krb5_cccol_cursor cursor;
krb5_error_code ret;
krb5_ccache cache = NULL;
*id = NULL;
ret = krb5_cccol_cursor_new (context, &cursor);
if (ret)
return ret;
while (krb5_cccol_cursor_next (context, cursor, &cache) == 0 && cache != NULL) {
krb5_principal principal;
ret = krb5_cc_get_principal(context, cache, &principal);
if (ret == 0) {
krb5_boolean match;
match = krb5_principal_compare(context, principal, client);
krb5_free_principal(context, principal);
if (match)
break;
}
krb5_cc_close(context, cache);
cache = NULL;
}
krb5_cccol_cursor_free(context, &cursor);
if (cache == NULL) {
char *str;
krb5_unparse_name(context, client, &str);
krb5_set_error_message(context, KRB5_CC_NOTFOUND,
N_("Principal %s not found in any "
"credential cache", ""),
str ? str : "<out of memory>");
if (str)
free(str);
return KRB5_CC_NOTFOUND;
}
*id = cache;
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_error_code ret;
if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Moving credentials between diffrent "
"types not yet supported", ""));
return KRB5_CC_NOSUPP;
}
ret = (*to->ops->move)(context, from, to);
if (ret == 0) {
memset(from, 0, sizeof(*from));
free(from);
}
return ret;
}
#define KRB5_CONF_NAME "krb5_ccache_conf_data"
#define KRB5_REALM_NAME "X-CACHECONF:"
static krb5_error_code
build_conf_principals(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_creds *cred)
{
krb5_principal client;
krb5_error_code ret;
char *pname = NULL;
memset(cred, 0, sizeof(*cred));
ret = krb5_cc_get_principal(context, id, &client);
if (ret)
return ret;
if (principal) {
ret = krb5_unparse_name(context, principal, &pname);
if (ret)
return ret;
}
ret = krb5_make_principal(context, &cred->server,
KRB5_REALM_NAME,
KRB5_CONF_NAME, name, pname, NULL);
free(pname);
if (ret) {
krb5_free_principal(context, client);
return ret;
}
ret = krb5_copy_principal(context, client, &cred->client);
krb5_free_principal(context, client);
return ret;
}
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_config_principal(krb5_context context,
krb5_const_principal principal)
{
if (strcmp(principal->realm, KRB5_REALM_NAME) != 0)
return FALSE;
if (principal->name.name_string.len == 0 ||
strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0)
return FALSE;
return TRUE;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
{
krb5_error_code ret;
krb5_creds cred;
ret = build_conf_principals(context, id, principal, name, &cred);
if (ret)
goto out;
ret = krb5_cc_remove_cred(context, id, 0, &cred);
if (ret && ret != KRB5_CC_NOTFOUND)
goto out;
if (data) {
cred.times.authtime = time(NULL);
cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
ret = krb5_data_copy(&cred.ticket, data->data, data->length);
if (ret)
goto out;
ret = krb5_cc_store_cred(context, id, &cred);
}
out:
krb5_free_cred_contents (context, &cred);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
{
krb5_creds mcred, cred;
krb5_error_code ret;
memset(&cred, 0, sizeof(cred));
krb5_data_zero(data);
ret = build_conf_principals(context, id, principal, name, &mcred);
if (ret)
goto out;
ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
if (ret)
goto out;
ret = krb5_data_copy(data, cred.ticket.data, cred.ticket.length);
out:
krb5_free_cred_contents (context, &cred);
krb5_free_cred_contents (context, &mcred);
return ret;
}
struct krb5_cccol_cursor_data {
int idx;
krb5_cc_cache_cursor cursor;
char *env_cache;
};
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
{
*cursor = calloc(1, sizeof(**cursor));
if (*cursor == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
(*cursor)->idx = -1;
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache)
{
krb5_error_code ret;
*cache = NULL;
if (cursor->idx == -1) {
char *env = getenv("KRB5CCNAME");
cursor->idx++;
if (env != NULL) {
ret = krb5_cc_resolve(context, env, cache);
if (ret == 0) {
krb5_cc_get_full_name(context, *cache, &cursor->env_cache);
return 0;
}
}
}
while (cursor->idx < context->num_cc_ops) {
if (cursor->cursor == NULL) {
ret = krb5_cc_cache_get_first (context,
context->cc_ops[cursor->idx]->prefix,
&cursor->cursor);
if (ret) {
cursor->idx++;
continue;
}
}
ret = krb5_cc_cache_next(context, cursor->cursor, cache);
if (ret == 0) {
if (cursor->env_cache) {
char *full_name = NULL;
if (krb5_cc_get_full_name(context, *cache, &full_name) == 0) {
if (strcmp(cursor->env_cache, full_name) == 0) {
free(full_name);
continue;
}
free(full_name);
}
}
break;
}
krb5_cc_cache_end_seq_get(context, cursor->cursor);
cursor->cursor = NULL;
if (ret != KRB5_CC_END)
break;
cursor->idx++;
}
if (cursor->idx >= context->num_cc_ops) {
krb5_set_error_message(context, KRB5_CC_END,
N_("Reached end of credential caches", ""));
return KRB5_CC_END;
}
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
{
krb5_cccol_cursor c = *cursor;
*cursor = NULL;
if (c) {
if (c->cursor)
krb5_cc_cache_end_seq_get(context, c->cursor);
if (c->env_cache)
free(c->env_cache);
free(c);
}
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context,
krb5_ccache id,
krb5_timestamp *mtime)
{
*mtime = 0;
return (*id->ops->lastchange)(context, id, mtime);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_last_change_time(krb5_context context,
const char *type,
krb5_timestamp *mtime)
{
krb5_cccol_cursor cursor;
krb5_error_code ret;
krb5_ccache id;
krb5_timestamp t = 0;
*mtime = 0;
ret = krb5_cccol_cursor_new (context, &cursor);
if (ret)
return ret;
while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
if (type && strcmp(krb5_cc_get_type(context, id), type) != 0)
continue;
ret = krb5_cc_last_change_time(context, id, &t);
krb5_cc_close(context, id);
if (ret)
continue;
if (t > *mtime)
*mtime = t;
}
krb5_cccol_cursor_free(context, &cursor);
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_friendly_name(krb5_context context,
krb5_ccache id,
char **name)
{
krb5_error_code ret;
krb5_data data;
ret = krb5_cc_get_config(context, id, NULL, "FriendlyName", &data);
if (ret) {
krb5_principal principal;
ret = krb5_cc_get_principal(context, id, &principal);
if (ret)
return ret;
ret = krb5_unparse_name(context, principal, name);
krb5_free_principal(context, principal);
} else {
ret = asprintf(name, "%.*s", (int)data.length, (char *)data.data);
krb5_data_free(&data);
if (ret <= 0) {
ret = ENOMEM;
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
} else
ret = 0;
}
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_friendly_name(krb5_context context,
krb5_ccache id,
const char *name)
{
krb5_data data;
data.data = rk_UNCONST(name);
data.length = strlen(name);
return krb5_cc_set_config(context, id, NULL, "FriendlyName", &data);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
{
krb5_cc_cursor cursor;
krb5_error_code ret;
krb5_creds cred;
time_t now, endtime = 0;
*t = 0;
now = time(NULL);
ret = krb5_cc_start_seq_get(context, id, &cursor);
if (ret)
return ret;
while ((ret = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) {
if (krb5_principal_is_root_krbtgt(context, cred.client)) {
if (now < cred.times.endtime)
endtime = cred.times.endtime;
krb5_free_cred_contents(context, &cred);
break;
}
if ((endtime == 0 || cred.times.endtime < endtime) && now < cred.times.endtime)
endtime = cred.times.endtime;
krb5_free_cred_contents(context, &cred);
}
if (endtime) {
*t = endtime - now;
ret = 0;
}
krb5_cc_end_seq_get(context, id, &cursor);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
{
if (id->ops->set_kdc_offset == NULL) {
context->kdc_sec_offset = offset;
context->kdc_usec_offset = 0;
return 0;
}
return (*id->ops->set_kdc_offset)(context, id, offset);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
{
if (id->ops->get_kdc_offset == NULL) {
*offset = context->kdc_sec_offset;
return 0;
}
return (*id->ops->get_kdc_offset)(context, id, offset);
}
krb5_error_code
krb5_cc_hold(krb5_context context, krb5_ccache id)
{
if (id->ops->hold == 0)
return 0;
return id->ops->hold(context, id);
}
krb5_error_code
krb5_cc_unhold(krb5_context context, krb5_ccache id)
{
if (id->ops->unhold == 0)
return 0;
return id->ops->unhold(context, id);
}
krb5_error_code
krb5_cc_get_uuid(krb5_context context, krb5_ccache id, krb5_uuid uuid)
{
if (id->ops->get_uuid == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"Credential cache type %s doesn't support uuid",
id->ops->prefix);
return KRB5_CC_UNKNOWN_TYPE;
}
return id->ops->get_uuid(context, id, uuid);
}
krb5_error_code
krb5_cc_resolve_by_uuid(krb5_context context, const char *type,
krb5_ccache *id, krb5_uuid uuid)
{
const krb5_cc_ops *ops;
krb5_error_code ret;
if (type) {
ops = krb5_cc_get_prefix_ops(context, type);
if (ops == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"Credential cache type %s is unknown", type);
return KRB5_CC_UNKNOWN_TYPE;
}
} else {
ops = KRB5_DEFAULT_CCTYPE;
}
if (ops->resolve_by_uuid == NULL) {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
"Credential cache type %s doesn't support uuid",
ops->prefix);
return KRB5_CC_UNKNOWN_TYPE;
}
ret = _krb5_cc_allocate(context, ops, id);
if (ret)
return ret;
ret = (*id)->ops->resolve_by_uuid(context, *id, uuid);
if (ret) {
free(*id);
*id = NULL;
}
return ret;
}
#ifdef _WIN32
#define REGPATH_MIT_KRB5 "SOFTWARE\\MIT\\Kerberos5"
char *
_krb5_get_default_cc_name_from_registry(krb5_context context)
{
HKEY hk_k5 = 0;
LONG code;
char * ccname = NULL;
code = RegOpenKeyEx(HKEY_CURRENT_USER,
REGPATH_MIT_KRB5,
0, KEY_READ, &hk_k5);
if (code != ERROR_SUCCESS)
return NULL;
ccname = _krb5_parse_reg_value_as_string(context, hk_k5, "ccname",
REG_NONE, 0);
RegCloseKey(hk_k5);
return ccname;
}
int
_krb5_set_default_cc_name_to_registry(krb5_context context, krb5_ccache id)
{
HKEY hk_k5 = 0;
LONG code;
int ret = -1;
char * ccname = NULL;
code = RegOpenKeyEx(HKEY_CURRENT_USER,
REGPATH_MIT_KRB5,
0, KEY_READ|KEY_WRITE, &hk_k5);
if (code != ERROR_SUCCESS)
return -1;
ret = asprintf(&ccname, "%s:%s", krb5_cc_get_type(context, id), krb5_cc_get_name(context, id));
if (ret < 0)
goto cleanup;
ret = _krb5_store_string_to_reg_value(context, hk_k5, "ccname",
REG_SZ, ccname, -1, 0);
cleanup:
if (ccname)
free(ccname);
RegCloseKey(hk_k5);
return ret;
}
#endif