159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Use is subject to license terms.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Copyright 1990,1991,2000,2004 by the Massachusetts Institute of Technology.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * All Rights Reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Export of this software from the United States of America may
505d05c73a6e56769f263d4803b22eddd168ee24gtb * require a specific license from the United States Government.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * It is the responsibility of any person or organization contemplating
505d05c73a6e56769f263d4803b22eddd168ee24gtb * export to obtain such a license before exporting.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * distribute this software and its documentation for any purpose and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * without fee is hereby granted, provided that the above copyright
505d05c73a6e56769f263d4803b22eddd168ee24gtb * notice appear in all copies and that both that copyright notice and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * this permission notice appear in supporting documentation, and that
505d05c73a6e56769f263d4803b22eddd168ee24gtb * the name of M.I.T. not be used in advertising or publicity pertaining
505d05c73a6e56769f263d4803b22eddd168ee24gtb * to distribution of the software without specific, written prior
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission. Furthermore if you modify this software you must label
505d05c73a6e56769f263d4803b22eddd168ee24gtb * your software as modified software and not distribute it in such a
505d05c73a6e56769f263d4803b22eddd168ee24gtb * fashion that it might be confused with the original M.I.T. software.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * M.I.T. makes no representations about the suitability of
505d05c73a6e56769f263d4803b22eddd168ee24gtb * this software for any purpose. It is provided "as is" without express
505d05c73a6e56769f263d4803b22eddd168ee24gtb * or implied warranty.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * implementation of memory-based credentials cache
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id , krb5_principal *princ );
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache *id , const char *residual );
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get
505d05c73a6e56769f263d4803b22eddd168ee24gtb (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanstatic krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_new(
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanstatic krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_next(
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanstatic krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free(
505d05c73a6e56769f263d4803b22eddd168ee24gtbk5_mutex_t krb5int_mcc_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Creates/refreshes the file cred cache id. If the cache exists, its
505d05c73a6e56769f263d4803b22eddd168ee24gtb * contents are destroyed.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic void krb5_mcc_free (krb5_context context, krb5_ccache id);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Closes the file cache, invalidates the id, and frees any resources
505d05c73a6e56769f263d4803b22eddd168ee24gtb * associated with the cache.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Destroys the contents of id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * residual is a legal path name, and a null-terminated string
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * creates a file-based cred cache that will reside in the file
505d05c73a6e56769f263d4803b22eddd168ee24gtb * residual. The cache is not opened, but the filename is reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * A filled in krb5_ccache structure "id".
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM - there was insufficient memory to allocate the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ccache. id is undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * permission errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbstatic krb5_error_code new_mcc_data (const char *, krb5_mcc_data **);
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
505d05c73a6e56769f263d4803b22eddd168ee24gtb lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos - fix mem leak */
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Prepares for a sequential search of the credentials cache.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns a krb5_cc_cursor to be used with krb5_mcc_next_cred and
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_mcc_end_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * If the cache is modified between the time of this call and the time
505d05c73a6e56769f263d4803b22eddd168ee24gtb * of the final krb5_mcc_end_seq_get, the results are undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_start_seq_get(krb5_context context, krb5_ccache id,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor is a krb5_cc_cursor originally obtained from
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_mcc_start_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifes:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor, creds
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Fills in creds with the "next" credentals structure from the cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id. The actual order the creds are returned in is arbitrary.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Space is allocated for the variable length fields in the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * credentials structure, so the object returned must be passed to
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_destroy_credential.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The cursor is updated for the next call to krb5_mcc_next_cred.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Once the node in the linked list is created, it's never
505d05c73a6e56769f263d4803b22eddd168ee24gtb modified, so we don't need to worry about locking here. (Note
505d05c73a6e56769f263d4803b22eddd168ee24gtb that we don't support _remove_cred.) */
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_principal(context, mcursor->creds->client, &creds->client);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_principal(context, mcursor->creds->server,
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_keyblock_contents(context, &mcursor->creds->keyblock,
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_addresses(context, mcursor->creds->addresses,
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_data(context, &mcursor->creds->ticket, &scratch);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_data(context, &mcursor->creds->second_ticket, &scratch);
505d05c73a6e56769f263d4803b22eddd168ee24gtb retval = krb5_copy_authdata(context, mcursor->creds->authdata,
505d05c73a6e56769f263d4803b22eddd168ee24gtb memset(creds->ticket.data,0, (unsigned) creds->ticket.length);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * cursor is a krb5_cc_cursor originally obtained from
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_mcc_start_seq_get.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id, cursor
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Finishes sequential processing of the file credentials ccache id,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * and invalidates the cursor (it must never be used after this call).
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* ARGSUSED */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* Utility routine: Creates the back-end data for a memory cache, and
505d05c73a6e56769f263d4803b22eddd168ee24gtb threads it into the global linked list.
505d05c73a6e56769f263d4803b22eddd168ee24gtb Call with the global list lock held. */
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Set up the filename */
505d05c73a6e56769f263d4803b22eddd168ee24gtb if (n == NULL) {
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanstatic krb5_error_code random_string (krb5_context, char *, unsigned int);
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Creates a new file cred cache whose name is guaranteed to be
505d05c73a6e56769f263d4803b22eddd168ee24gtb * unique. The name begins with the string TKT_ROOT (from mcc.h).
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The cache is not opened, but the new filename is reserved.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The filled in krb5_ccache id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM - there was insufficient memory to allocate the
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_ccache. id is undefined.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors (from open)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_generate_new (krb5_context context, krb5_ccache *id)
505d05c73a6e56769f263d4803b22eddd168ee24gtb /* Allocate memory */
505d05c73a6e56769f263d4803b22eddd168ee24gtb lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Check for uniqueness with mutex locked to avoid race conditions */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan random_string (context, uniquename, sizeof (uniquename));
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan break; /* got a match, loop again */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan if (!ptr) break; /* got to the end without finding a match */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Utility routine: Creates a random memory ccache name.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * This algorithm was selected because it creates readable
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * random ccache names in a fixed size buffer. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanrandom_string (krb5_context context, char *string, unsigned int length)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan err = krb5_c_random_make_octets (context, &data);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan unsigned int i;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan for (i = 0; i < bytecount; i++) {
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan string [i] = charlist[bytes[i] % (sizeof (charlist) - 1)];
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is a file credential cache
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Returns:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * The name of the file cred cache id.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id, princ
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Retrieves the primary principal from id, as set with
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_mcc_initialize. The principal is returned is allocated
505d05c73a6e56769f263d4803b22eddd168ee24gtb * storage that must be freed by the caller via krb5_free_principal.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * system errors
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOMEM
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
505d05c73a6e56769f263d4803b22eddd168ee24gtb return krb5_cc_retrieve_cred_default (context, id, whichfields,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Non-functional stub implementation for krb5_mcc_remove
505d05c73a6e56769f263d4803b22eddd168ee24gtb * KRB5_CC_NOSUPP - not implemented
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Requires:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * id is a cred cache returned by krb5_mcc_resolve or
505d05c73a6e56769f263d4803b22eddd168ee24gtb * krb5_mcc_generate_new, but has not been opened by krb5_mcc_initialize.
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Modifies:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Effects:
505d05c73a6e56769f263d4803b22eddd168ee24gtb * Sets the operational flags of id to flags.
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_mcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
505d05c73a6e56769f263d4803b22eddd168ee24gtb/* store: Save away creds in the ccache. */
505d05c73a6e56769f263d4803b22eddd168ee24gtbkrb5_mcc_store(krb5_context ctx, krb5_ccache id, krb5_creds *creds)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan /* Solaris Kerberos - fix mem leaks */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan n = malloc(sizeof(*n));
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan cdata = malloc(sizeof(struct krb5_mcc_ptcursor_data));