/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/krb5/ccache/cccursor.c
*
* Copyright 2006, 2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* cursor for sequential traversal of ccaches
*/
#include "cc-int.h"
#include <assert.h>
#define CCCURSOR_CONTEXT 1
#define CCCURSOR_ENV 2
#define CCCURSOR_OS 3
#define CCCURSOR_PERTYPE 4
#define NFULLNAMES 3
/* Prefix and residual parts of a full ccache name. */
struct cc_fullname {
char *pfx;
char *res;
};
struct _krb5_cccol_cursor {
int pos;
krb5_cc_typecursor typecursor;
const krb5_cc_ops *ops;
krb5_cc_ptcursor ptcursor;
int cur_fullname;
struct cc_fullname fullnames[NFULLNAMES]; /* previously seen ccaches */
};
/* typedef of krb5_cccol_cursor is in krb5.h */
static int cccol_already(krb5_context, krb5_cccol_cursor, krb5_ccache *);
static int cccol_cmpname(const char *, const char *, struct cc_fullname *);
static krb5_error_code
cccol_do_resolve(krb5_context, krb5_cccol_cursor, const char *, krb5_ccache *);
static krb5_error_code
cccol_pertype_next(krb5_context, krb5_cccol_cursor, krb5_ccache *);
krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_new(krb5_context context,
krb5_cccol_cursor *cursor)
{
krb5_error_code ret = 0;
krb5_cccol_cursor n = NULL;
int i;
*cursor = NULL;
n = malloc(sizeof(*n));
if (n == NULL)
return ENOMEM;
n->pos = CCCURSOR_CONTEXT;
n->typecursor = NULL;
n->ptcursor = NULL;
n->ops = NULL;
for (i = 0; i < NFULLNAMES; i++) {
n->fullnames[i].pfx = n->fullnames[i].res = NULL;
}
n->cur_fullname = 0;
ret = krb5int_cc_typecursor_new(context, &n->typecursor);
if (ret)
goto errout;
do {
/* Find first backend with ptcursor functionality. */
ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops);
if (ret || n->ops == NULL)
goto errout;
} while (n->ops->ptcursor_new == NULL);
ret = n->ops->ptcursor_new(context, &n->ptcursor);
if (ret)
goto errout;
errout:
if (ret) {
krb5_cccol_cursor_free(context, &n);
}
*cursor = n;
return ret;
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_next(krb5_context context,
krb5_cccol_cursor cursor,
krb5_ccache *ccache)
{
krb5_error_code ret = 0;
char *name;
krb5_os_context os_ctx = NULL;
*ccache = NULL;
/* Solaris Kerberos */
os_ctx = &context->os_context;
switch (cursor->pos) {
case CCCURSOR_CONTEXT:
name = os_ctx->default_ccname;
if (name != NULL) {
cursor->pos = CCCURSOR_ENV;
ret = cccol_do_resolve(context, cursor, name, ccache);
if (ret)
goto errout;
if (*ccache != NULL)
break;
}
/* fall through */
case CCCURSOR_ENV:
name = getenv(KRB5_ENV_CCNAME);
if (name != NULL) {
cursor->pos = CCCURSOR_OS;
ret = cccol_do_resolve(context, cursor, name, ccache);
if (ret)
goto errout;
if (*ccache != NULL)
break;
}
/* fall through */
case CCCURSOR_OS:
ret = krb5int_cc_os_default_name(context, &name);
if (ret) goto errout;
if (name != NULL) {
cursor->pos = CCCURSOR_PERTYPE;
ret = cccol_do_resolve(context, cursor, name, ccache);
free(name);
if (ret)
goto errout;
if (*ccache != NULL)
break;
}
/* fall through */
case CCCURSOR_PERTYPE:
cursor->pos = CCCURSOR_PERTYPE;
do {
ret = cccol_pertype_next(context, cursor, ccache);
if (ret)
goto errout;
} while (cccol_already(context, cursor, ccache));
break;
}
errout:
return ret;
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_free(krb5_context context,
krb5_cccol_cursor *cursor)
{
krb5_cccol_cursor c = *cursor;
int i;
if (c == NULL)
return 0;
for (i = 0; i < NFULLNAMES; i++) {
if (c->fullnames[i].pfx != NULL)
free(c->fullnames[i].pfx);
if (c->fullnames[i].res != NULL)
free(c->fullnames[i].res);
}
if (c->ptcursor != NULL)
c->ops->ptcursor_free(context, &c->ptcursor);
if (c->typecursor != NULL)
krb5int_cc_typecursor_free(context, &c->typecursor);
free(c);
*cursor = NULL;
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_last_change_time(krb5_context context,
krb5_timestamp *change_time)
{
krb5_error_code ret = 0;
krb5_cccol_cursor c = NULL;
krb5_ccache ccache = NULL;
krb5_timestamp last_time = 0;
krb5_timestamp max_change_time = 0;
*change_time = 0;
ret = krb5_cccol_cursor_new(context, &c);
while (!ret) {
ret = krb5_cccol_cursor_next(context, c, &ccache);
if (ccache) {
ret = krb5_cc_last_change_time(context, ccache, &last_time);
if (!ret && last_time > max_change_time) {
max_change_time = last_time;
}
ret = 0;
}
else {
break;
}
}
*change_time = max_change_time;
return ret;
}
/*
* krb5_cccol_lock and krb5_cccol_unlock are defined in ccbase.c
*/
/*
* Determine if a ccache from a per-type cursor was already one of the
* higher-priority defaults.
*/
static int
cccol_already(krb5_context context,
krb5_cccol_cursor c,
krb5_ccache *ccache)
{
const char *name = NULL, *prefix = NULL;
int i;
if (*ccache == NULL)
return 0;
name = krb5_cc_get_name(context, *ccache);
if (name == NULL)
return 0;
prefix = krb5_cc_get_type(context, *ccache);
assert(c->cur_fullname < NFULLNAMES);
for (i = 0; i < c->cur_fullname; i++) {
if (cccol_cmpname(prefix, name, &c->fullnames[i])) {
krb5_cc_close(context, *ccache);
*ccache = NULL;
return 1;
}
}
return 0;
}
/*
* Compare {prefix, name} against a cc_fullname.
*/
static int
cccol_cmpname(const char *prefix,
const char *name,
struct cc_fullname *fullname)
{
if (fullname->pfx == NULL || fullname->res == NULL)
return 0;
if (strcmp(prefix, fullname->pfx))
return 0;
if (strcmp(name, fullname->res))
return 0;
return 1;
}
/*
* Resolve one of the high-precedence ccaches, and cache its full name
* {prefix, residual} for exclusion when doing per-type ccache
* iteration. Also check to see if we've already seen the ccache
* name we're given.
*/
static krb5_error_code
cccol_do_resolve(krb5_context context,
krb5_cccol_cursor cursor,
const char *name,
krb5_ccache *ccache)
{
krb5_error_code ret = 0;
struct cc_fullname *fullname;
assert(cursor->cur_fullname < NFULLNAMES);
ret = krb5_cc_resolve(context, name, ccache);
if (ret)
return ret;
if (cccol_already(context, cursor, ccache))
return 0;
fullname = &cursor->fullnames[cursor->cur_fullname];
fullname->pfx = strdup(krb5_cc_get_type(context, *ccache));
fullname->res = strdup(krb5_cc_get_name(context, *ccache));
cursor->cur_fullname++;
return ret;
}
/*
* Find next ccache in current backend, iterating through backends if
* ccache list of the current backend is exhausted.
*/
static krb5_error_code
cccol_pertype_next(krb5_context context,
krb5_cccol_cursor cursor,
krb5_ccache *ccache)
{
krb5_error_code ret = 0;
*ccache = NULL;
/* Are we out of backends? */
if (cursor->ops == NULL)
return 0;
/*
* Loop in case there are multiple backends with empty ccache
* lists.
*/
while (*ccache == NULL) {
ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, ccache);
if (ret)
goto errout;
if (*ccache != NULL)
return 0;
ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor);
if (ret)
goto errout;
do {
/* Find first backend with ptcursor functionality. */
ret = krb5int_cc_typecursor_next(context, cursor->typecursor,
&cursor->ops);
if (ret)
goto errout;
if (cursor->ops == NULL)
return 0;
} while (cursor->ops->ptcursor_new == NULL);
ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor);
if (ret)
goto errout;
}
errout:
return ret;
}