1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/ccache/ccfns.c - Dispatch methods for credentials cache code.*/
3 /*
4 * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 #include "k5-int.h"
28 #include "cc-int.h"
29 #include "../krb/int-proto.h"
30
31 const char * KRB5_CALLCONV
krb5_cc_get_name(krb5_context context,krb5_ccache cache)32 krb5_cc_get_name(krb5_context context, krb5_ccache cache)
33 {
34 return cache->ops->get_name(context, cache);
35 }
36
37 krb5_error_code KRB5_CALLCONV
krb5_cc_get_full_name(krb5_context context,krb5_ccache cache,char ** fullname_out)38 krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
39 char **fullname_out)
40 {
41 char *name;
42
43 *fullname_out = NULL;
44 if (asprintf(&name, "%s:%s", cache->ops->prefix,
45 cache->ops->get_name(context, cache)) < 0)
46 return ENOMEM;
47 *fullname_out = name;
48 return 0;
49 }
50
51 krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new(krb5_context context,krb5_ccache * cache)52 krb5_cc_gen_new(krb5_context context, krb5_ccache *cache)
53 {
54 TRACE_CC_GEN_NEW(context, cache);
55 return (*cache)->ops->gen_new(context, cache);
56 }
57
58 krb5_error_code KRB5_CALLCONV
krb5_cc_initialize(krb5_context context,krb5_ccache cache,krb5_principal principal)59 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
60 krb5_principal principal)
61 {
62 TRACE_CC_INIT(context, cache, principal);
63 return cache->ops->init(context, cache, principal);
64 }
65
66 krb5_error_code KRB5_CALLCONV
krb5_cc_destroy(krb5_context context,krb5_ccache cache)67 krb5_cc_destroy(krb5_context context, krb5_ccache cache)
68 {
69 TRACE_CC_DESTROY(context, cache);
70 return cache->ops->destroy(context, cache);
71 }
72
73 krb5_error_code KRB5_CALLCONV
krb5_cc_close(krb5_context context,krb5_ccache cache)74 krb5_cc_close(krb5_context context, krb5_ccache cache)
75 {
76 return cache->ops->close(context, cache);
77 }
78
79 krb5_error_code KRB5_CALLCONV
krb5_cc_store_cred(krb5_context context,krb5_ccache cache,krb5_creds * creds)80 krb5_cc_store_cred(krb5_context context, krb5_ccache cache,
81 krb5_creds *creds)
82 {
83 TRACE_CC_STORE(context, cache, creds);
84 return cache->ops->store(context, cache, creds);
85 }
86
87 krb5_error_code KRB5_CALLCONV
krb5_cc_retrieve_cred(krb5_context context,krb5_ccache cache,krb5_flags flags,krb5_creds * mcreds,krb5_creds * creds)88 krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache,
89 krb5_flags flags, krb5_creds *mcreds,
90 krb5_creds *creds)
91 {
92 krb5_error_code ret;
93 krb5_data tmprealm;
94
95 ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
96 TRACE_CC_RETRIEVE(context, cache, mcreds, ret);
97 if (ret != KRB5_CC_NOTFOUND)
98 return ret;
99 if (!krb5_is_referral_realm(&mcreds->server->realm))
100 return ret;
101
102 /*
103 * Retry using client's realm if service has referral realm.
104 */
105 tmprealm = mcreds->server->realm;
106 mcreds->server->realm = mcreds->client->realm;
107 ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
108 TRACE_CC_RETRIEVE_REF(context, cache, mcreds, ret);
109 mcreds->server->realm = tmprealm;
110 return ret;
111 }
112
113 krb5_error_code KRB5_CALLCONV
krb5_cc_get_principal(krb5_context context,krb5_ccache cache,krb5_principal * principal)114 krb5_cc_get_principal(krb5_context context, krb5_ccache cache,
115 krb5_principal *principal)
116 {
117 return cache->ops->get_princ(context, cache, principal);
118 }
119
120 krb5_error_code KRB5_CALLCONV
krb5_cc_start_seq_get(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor)121 krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache,
122 krb5_cc_cursor *cursor)
123 {
124 return cache->ops->get_first(context, cache, cursor);
125 }
126
127 krb5_error_code KRB5_CALLCONV
krb5_cc_next_cred(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor,krb5_creds * creds)128 krb5_cc_next_cred(krb5_context context, krb5_ccache cache,
129 krb5_cc_cursor *cursor, krb5_creds *creds)
130 {
131 return cache->ops->get_next(context, cache, cursor, creds);
132 }
133
134 krb5_error_code KRB5_CALLCONV
krb5_cc_end_seq_get(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor)135 krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache,
136 krb5_cc_cursor *cursor)
137 {
138 return cache->ops->end_get(context, cache, cursor);
139 }
140
141 krb5_error_code KRB5_CALLCONV
krb5_cc_remove_cred(krb5_context context,krb5_ccache cache,krb5_flags flags,krb5_creds * creds)142 krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
143 krb5_creds *creds)
144 {
145 TRACE_CC_REMOVE(context, cache, creds);
146 return cache->ops->remove_cred(context, cache, flags, creds);
147 }
148
149 krb5_error_code KRB5_CALLCONV
krb5_cc_set_flags(krb5_context context,krb5_ccache cache,krb5_flags flags)150 krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
151 {
152 return cache->ops->set_flags(context, cache, flags);
153 }
154
155 krb5_error_code KRB5_CALLCONV
krb5_cc_get_flags(krb5_context context,krb5_ccache cache,krb5_flags * flags)156 krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags)
157 {
158 return cache->ops->get_flags(context, cache, flags);
159 }
160
161 const char * KRB5_CALLCONV
krb5_cc_get_type(krb5_context context,krb5_ccache cache)162 krb5_cc_get_type(krb5_context context, krb5_ccache cache)
163 {
164 return cache->ops->prefix;
165 }
166
167 krb5_error_code
k5_cc_lock(krb5_context context,krb5_ccache ccache)168 k5_cc_lock(krb5_context context, krb5_ccache ccache)
169 {
170 return ccache->ops->lock(context, ccache);
171 }
172
173 krb5_error_code
k5_cc_unlock(krb5_context context,krb5_ccache ccache)174 k5_cc_unlock(krb5_context context, krb5_ccache ccache)
175 {
176 return ccache->ops->unlock(context, ccache);
177 }
178
179 static const char conf_realm[] = "X-CACHECONF:";
180 static const char conf_name[] = "krb5_ccache_conf_data";
181
182 krb5_error_code
k5_build_conf_principals(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * name,krb5_creds * cred)183 k5_build_conf_principals(krb5_context context, krb5_ccache id,
184 krb5_const_principal principal,
185 const char *name, krb5_creds *cred)
186 {
187 krb5_principal client;
188 krb5_error_code ret;
189 char *pname = NULL;
190
191 memset(cred, 0, sizeof(*cred));
192
193 ret = krb5_cc_get_principal(context, id, &client);
194 if (ret)
195 return ret;
196
197 if (principal) {
198 ret = krb5_unparse_name(context, principal, &pname);
199 if (ret)
200 return ret;
201 }
202
203 ret = krb5_build_principal(context, &cred->server,
204 sizeof(conf_realm) - 1, conf_realm,
205 conf_name, name, pname, (char *)NULL);
206 krb5_free_unparsed_name(context, pname);
207 if (ret) {
208 krb5_free_principal(context, client);
209 return ret;
210 }
211 ret = krb5_copy_principal(context, client, &cred->client);
212 krb5_free_principal(context, client);
213 return ret;
214 }
215
216 krb5_boolean KRB5_CALLCONV
krb5_is_config_principal(krb5_context context,krb5_const_principal principal)217 krb5_is_config_principal(krb5_context context,
218 krb5_const_principal principal)
219 {
220 const krb5_data *realm = &principal->realm;
221
222 if (realm->length != sizeof(conf_realm) - 1 ||
223 memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0)
224 return FALSE;
225
226 if (principal->length == 0 ||
227 principal->data[0].length != (sizeof(conf_name) - 1) ||
228 memcmp(principal->data[0].data, conf_name, sizeof(conf_name) - 1) != 0)
229 return FALSE;
230
231 return TRUE;
232 }
233
234 krb5_error_code KRB5_CALLCONV
krb5_cc_set_config(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * key,krb5_data * data)235 krb5_cc_set_config(krb5_context context, krb5_ccache id,
236 krb5_const_principal principal,
237 const char *key, krb5_data *data)
238 {
239 krb5_error_code ret;
240 krb5_creds cred;
241 memset(&cred, 0, sizeof(cred));
242
243 TRACE_CC_SET_CONFIG(context, id, principal, key, data);
244
245 ret = k5_build_conf_principals(context, id, principal, key, &cred);
246 if (ret)
247 goto out;
248
249 if (data == NULL) {
250 ret = krb5_cc_remove_cred(context, id, 0, &cred);
251 } else {
252 ret = krb5int_copy_data_contents(context, data, &cred.ticket);
253 if (ret)
254 goto out;
255 ret = krb5_cc_store_cred(context, id, &cred);
256 }
257 out:
258 krb5_free_cred_contents(context, &cred);
259 return ret;
260 }
261
262 krb5_error_code KRB5_CALLCONV
krb5_cc_get_config(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * key,krb5_data * data)263 krb5_cc_get_config(krb5_context context, krb5_ccache id,
264 krb5_const_principal principal,
265 const char *key, krb5_data *data)
266 {
267 krb5_creds mcred, cred;
268 krb5_error_code ret;
269
270 memset(&cred, 0, sizeof(cred));
271 memset(data, 0, sizeof(*data));
272
273 ret = k5_build_conf_principals(context, id, principal, key, &mcred);
274 if (ret)
275 goto out;
276
277 ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
278 if (ret)
279 goto out;
280
281 ret = krb5int_copy_data_contents(context, &cred.ticket, data);
282 if (ret)
283 goto out;
284
285 TRACE_CC_GET_CONFIG(context, id, principal, key, data);
286
287 out:
288 krb5_free_cred_contents(context, &cred);
289 krb5_free_cred_contents(context, &mcred);
290 return ret;
291 }
292
293 krb5_error_code KRB5_CALLCONV
krb5_cc_switch(krb5_context context,krb5_ccache cache)294 krb5_cc_switch(krb5_context context, krb5_ccache cache)
295 {
296 if (cache->ops->switch_to == NULL)
297 return 0;
298 return cache->ops->switch_to(context, cache);
299 }
300