cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek KCM Server - ccache storage in sssd-secrets
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek Copyright (C) Red Hat, 2016
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek This program is free software; you can redistribute it and/or modify
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek it under the terms of the GNU General Public License as published by
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek the Free Software Foundation; either version 3 of the License, or
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek (at your option) any later version.
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek This program is distributed in the hope that it will be useful,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek GNU General Public License for more details.
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek You should have received a copy of the GNU General Public License
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek#define SSSD_SECRETS_SOCKET VARDIR"/run/secrets.socket"
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek#endif /* SSSD_SECRETS_SOCKET */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek#endif /* SEC_TIMEOUT */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* Just to keep the name of the ccache readable */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* Compat definition of json_array_foreach for older systems */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek idx < json_array_size(array) && (value = json_array_get(array, idx)); \
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic const char *find_by_name(const char **sec_key_list,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char *name)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (int i = 0; sec_key_list[i]; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek if (sec_key_match_name(sec_key_list[i], name)) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic const char *find_by_uuid(const char **sec_key_list,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (int i = 0; sec_key_list[i]; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek if (sec_key_match_uuid(sec_key_list[i], uuid)) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Content-type: application/octet-stream",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "HTTP request returned %d\n", http_code);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * Helper request to list all UUID+name pairs
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_list_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_list_parse(struct sss_iobuf *outbuf,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char ***_list,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *sec_list_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct sec_list_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Listing all ccaches in the secrets store\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek container_url = sec_container_url_create(state, client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = tcurl_http_send(state, ev, secdb->tctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_list_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_list_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_list_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, &outbuf);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "list HTTP request failed [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Nothing to list\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* If no ccaches are found, return an empty list */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek state->sec_key_list = talloc_zero_array(state, const char *, 1);
e588e24c900e3f587f52533db12b87451b789a33Fabiano Fidêncio DEBUG(SSSDBG_TRACE_INTERNAL, "Found %zu items\n", state->sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_list_parse(struct sss_iobuf *outbuf,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char ***_list,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "No data in output buffer?\n");
a40c6b4280f319efb935a9c9d3b83486a0f4d2d3Fabiano Fidêncio sec_http_list_len = sss_iobuf_get_len(outbuf);
a40c6b4280f319efb935a9c9d3b83486a0f4d2d3Fabiano Fidêncio root = json_loadb((const char *) sec_http_list,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Failed to parse JSON payload on line %d: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "list reply is not an object.\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek list = talloc_zero_array(mem_ctx, const char *, list_len + 1);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek list[idx] = talloc_strdup(list, json_string_value(element));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_list_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_list_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek *_sec_key_list = talloc_steal(mem_ctx, state->sec_key_list);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * Helper request to get a ccache by key
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *sec_get_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct sec_get_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Retrieving ccache %s\n", sec_key);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek cc_url = sec_cc_url_create(state, state->client, state->sec_key);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_get_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_get_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, &outbuf);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "GET HTTP request failed [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "GET operation returned HTTP error %d\n", http_code);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek sec_value = (const char *) sss_iobuf_get_data(outbuf);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "No data in output buffer\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot convert JSON keyval to ccache blob [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_get_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_get_state *state = tevent_req_data(req, struct sec_get_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * Helper request to get a ccache name or ID
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_ccache_list_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_ccache_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *sec_get_ccache_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char *name,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct sec_get_ccache_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Expected one of name, uuid to be set\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, ev, secdb, client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_get_ccache_list_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_ccache_list_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_get_ccache_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_list_recv(subreq, state, &sec_key_list, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot list keys [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek state->sec_key = find_by_name(sec_key_list, state->name);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek state->sec_key = find_by_uuid(sec_key_list, state->uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot find item in the ccache list\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Don't error out, just return an empty list */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_get_ccache_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_get_ccache_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_get_ccache_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot resolve key to ccache [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_get_ccache_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_get_ccache_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * The actual sssd-secrets back end
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_init(struct kcm_ccdb *db)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_FATAL_FAILURE, "Cannot initialize tcurl\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* We just need the random numbers to generate pseudo-random ccache names
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * and avoid conflicts */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * Helper request to get a ccache by key
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_patch_del_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_patch_put_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *sec_patch_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct sec_patch_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_patch_del_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_patch_del_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_patch_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot delete key [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Key %s does not exist, moving on\n", state->sec_key_url);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Adding new payload\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, sec_patch_put_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void sec_patch_put_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct sec_patch_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot put new value [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to add the payload\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "payload created\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t sec_patch_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* The operations between the KCM and sssd-secrets */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_nextid_generate(struct tevent_req *req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_nextid_list_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* Generate a unique ID */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* GET the name from secrets, if doesn't exist, OK, if exists, try again */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_nextid_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_nextid_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_nextid_generate(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_nextid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Failed to find a random ccache in %d tries\n", state->numtry);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek state->nextid_name = talloc_asprintf(state, "%"SPRIuid":%u",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, state->ev, state->secdb, state->client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_nextid_list_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_nextid_list_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_nextid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_list_recv(subreq, state, &sec_key_list, &sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot list keys [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (i = 0; i < sec_key_list_len; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek if (sec_key_match_name(sec_key_list[i], state->nextid_name) == true) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Failed to find a random key, trying again..\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Try again */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Generated new ccache name %u\n", state->nextid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_nextid_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek unsigned int *_nextid)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_nextid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* IN: HTTP PUT $base/default -d 'uuid' */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* We chose only UUID here to avoid issues later with renaming */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_set_default_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_set_default_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_set_default_state *state = NULL;
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_set_default_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Setting the default ccache to %s\n", uuid_str);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_patch_send(state, ev, secdb, client, url, uuid_iobuf);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_set_default_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_set_default_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "sec_patch request failed [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Set the default ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_set_default_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* IN: HTTP GET $base/default */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* OUT: uuid */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_get_default_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_get_default_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_get_default_state *state = NULL;
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_get_default_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Getting the default ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = tcurl_http_send(state, ev, secdb->tctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_get_default_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_get_default_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_get_default_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, &outbuf);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Communication with the secrets responder failed [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Return a NULL uuid */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Unexpected UUID size %zu\n", uuid_size);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek uuid_parse((const char *) sss_iobuf_get_data(outbuf), state->uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Got the default ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_get_default_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_get_default_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP GET $base/ccache/ */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* OUT: a list of <uuid:name, uuid:name> */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_list_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_list_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_list_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Listing all ccaches\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, ev, secdb, client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_list_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_list_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_list_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_list_recv(subreq, state, &sec_key_list, &sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Communication with the secrets responder failed [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Found %zu ccaches\n", sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek state->uuid_list = talloc_array(state, uuid_t, sec_key_list_len + 1);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (size_t i = 0; i < sec_key_list_len; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Sentinel */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek uuid_clear(state->uuid_list[sec_key_list_len]);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Listing all caches done\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_list_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_list_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek *_uuid_list = talloc_steal(mem_ctx, state->uuid_list);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP GET $base/ccache/ */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* OUT: a list of <uuid:name, uuid:name> */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* for each item in list, compare with the uuid: portion */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP GET $base/ccache/uuid:name */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* return result */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_getbyuuid_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_getbyuuid_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_getbyuuid_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Getting ccache by UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_get_ccache_send(state, ev, secdb, client, NULL, uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_getbyuuid_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_getbyuuid_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_getbyuuid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_get_ccache_recv(subreq, state, &state->cc);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot retrieve the ccache [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Got ccache by UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_getbyuuid_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_getbyuuid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP GET $base/ccache/ */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* OUT: a list of <uuid:name, uuid:name> */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* for each item in list, compare with the :name portion */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP GET $base/ccache/uuid:name */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* return result */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_getbyname_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_getbyname_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char *name)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_getbyname_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Getting ccache by name\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_get_ccache_send(state, ev, secdb, client, name, null_uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_getbyname_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_getbyname_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_getbyname_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_get_ccache_recv(subreq, state, &state->cc);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot retrieve the ccache [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Got ccache by UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_getbyname_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_getbyname_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_name_by_uuid_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstruct tevent_req *ccdb_sec_name_by_uuid_send(TALLOC_CTX *sec_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_name_by_uuid_state *state = NULL;
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(sec_ctx, &state, struct ccdb_sec_name_by_uuid_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Translating UUID to name\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, state->ev, state->secdb, state->client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_name_by_uuid_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_name_by_uuid_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_name_by_uuid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_list_recv(subreq, state, &sec_key_list, &sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (i = 0; i < sec_key_list_len; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek if (sec_key_match_uuid(sec_key_list[i], state->uuid) == true) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Match, copy name */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Malformed key, cannot get name\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Got ccache by UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "No such UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekerrno_t ccdb_sec_name_by_uuid_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char **_name)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_name_by_uuid_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_uuid_by_name_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstruct tevent_req *ccdb_sec_uuid_by_name_send(TALLOC_CTX *sec_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek const char *name)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_uuid_by_name_state *state = NULL;
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(sec_ctx, &state, struct ccdb_sec_uuid_by_name_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Translating name to UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, state->ev, state->secdb, state->client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_uuid_by_name_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_uuid_by_name_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_uuid_by_name_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_list_recv(subreq, state, &sec_key_list, &sec_key_list_len);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek for (i = 0; i < sec_key_list_len; i++) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek if (sec_key_match_name(sec_key_list[i], state->name) == true) {
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Match, copy UUID */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sec_key_get_uuid(sec_key_list[i], state->uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Malformed key, cannot get UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Got ccache by name\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "No such name\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekerrno_t ccdb_sec_uuid_by_name_recv(struct tevent_req *req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_uuid_by_name_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP POST $base to create the container */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP PUT $base to create the container. Since PUT errors out on duplicates, at least
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * we fail consistently here and don't overwrite the ccache on concurrent requests
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_container_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_ccache_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_create_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_create_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Creating ccache storage for %s\n", cc->name);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Do the encoding asap so that if we fail, we don't even attempt any
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = kcm_ccache_to_sec_input(state, cc, client, &state->key_url, &state->ccache_payload);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot convert cache %s to JSON [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek container_url = sec_container_url_create(state, client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Creating the ccache container\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = tcurl_http_send(state, ev, secdb->tctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_container_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_container_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_create_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Communication with the secrets responder failed [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek /* Conflict is not an error as multiple ccaches are under the same
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek * container */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Container already exists, ignoring\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to create the ccache container\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "ccache container created\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "creating empty ccache payload\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_ccache_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_ccache_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_create_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Communication with the secrets responder failed [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to add the payload\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "payload created\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_create_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_mod_cred_get_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_mod_cred_patch_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_mod_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_mod_cred_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Modifying ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_get_ccache_send(state, ev, secdb, client, NULL, uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, *ccdb_sec_mod_cred_get_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_mod_cred_get_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_mod_cred_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot retrieve the ccache [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "No such ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = kcm_ccache_to_sec_input(state, cc, state->client, &url, &payload);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Failed to marshall modified ccache to payload [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_mod_cred_patch_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_mod_cred_patch_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "sec_patch request failed [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "ccache modified\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_mod_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_store_cred_get_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_store_cred_patch_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP DEL/PUT $base/ccache/uuid:name */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_store_cred_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_store_cred_state *state = NULL;
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_store_cred_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Storing creds in ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_get_ccache_send(state, ev, secdb, client, NULL, uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, *ccdb_sec_store_cred_get_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_store_cred_get_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_store_cred_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = kcm_cc_store_cred_blob(cc, state->cred_blob);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot store credentials to ccache [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = kcm_ccache_to_sec_input(state, cc, state->client, &url, &payload);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Failed to marshall modified ccache to payload [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_store_cred_patch_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_store_cred_patch_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "sec_patch request failed [%d]: %s\n", ret, sss_strerror(ret));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "ccache creds stored\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_store_cred_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek/* HTTP DELETE $base/ccache/uuid:name */
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_list_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_cc_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_container_done(struct tevent_req *subreq);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic struct tevent_req *ccdb_sec_delete_send(TALLOC_CTX *mem_ctx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec *secdb = talloc_get_type(db->db_handle, struct ccdb_sec);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek req = tevent_req_create(mem_ctx, &state, struct ccdb_sec_delete_state);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Deleting ccache\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek subreq = sec_list_send(state, ev, secdb, client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_delete_list_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_list_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_delete_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "No ccaches to delete\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek sec_key = find_by_uuid(sec_key_list, state->uuid);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Cannot find ccache by UUID\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek cc_url = sec_cc_url_create(state, state->client, sec_key);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_delete_cc_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_cc_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_delete_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot delete ccache [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "There are other ccaches, done\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Removing ccache container\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek container_url = sec_container_url_create(state, state->client);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek tevent_req_set_callback(subreq, ccdb_sec_delete_container_done, req);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic void ccdb_sec_delete_container_done(struct tevent_req *subreq)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek struct ccdb_sec_delete_state *state = tevent_req_data(req,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = tcurl_http_recv(state, subreq, &http_code, NULL);
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek "Cannot delete ccache container [%d]: %s\n",
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "Removed ccache container\n");
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozekstatic errno_t ccdb_sec_delete_recv(struct tevent_req *req)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek .name_by_uuid_send = ccdb_sec_name_by_uuid_send,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek .name_by_uuid_recv = ccdb_sec_name_by_uuid_recv,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek .uuid_by_name_send = ccdb_sec_uuid_by_name_send,