1 1.1 elric /* $NetBSD: kcm.c,v 1.3 2019/12/15 22:50:50 christos Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1 elric * Copyright (c) 2005, PADL Software Pty Ltd. 5 1.1 elric * All rights reserved. 6 1.1 elric * 7 1.1 elric * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 8 1.1 elric * 9 1.1 elric * Redistribution and use in source and binary forms, with or without 10 1.1 elric * modification, are permitted provided that the following conditions 11 1.1 elric * are met: 12 1.1 elric * 13 1.1 elric * 1. Redistributions of source code must retain the above copyright 14 1.1 elric * notice, this list of conditions and the following disclaimer. 15 1.1 elric * 16 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 17 1.1 elric * notice, this list of conditions and the following disclaimer in the 18 1.1 elric * documentation and/or other materials provided with the distribution. 19 1.1 elric * 20 1.1 elric * 3. Neither the name of PADL Software nor the names of its contributors 21 1.1 elric * may be used to endorse or promote products derived from this software 22 1.1 elric * without specific prior written permission. 23 1.1 elric * 24 1.1 elric * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND 25 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE 28 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 1.1 elric * SUCH DAMAGE. 35 1.1 elric */ 36 1.1 elric 37 1.1 elric #include "krb5_locl.h" 38 1.1 elric 39 1.1 elric #ifdef HAVE_KCM 40 1.1 elric /* 41 1.1 elric * Client library for Kerberos Credentials Manager (KCM) daemon 42 1.1 elric */ 43 1.1 elric 44 1.1 elric #include <krb5/kcm.h> 45 1.1 elric #include <heim-ipc.h> 46 1.1 elric 47 1.1 elric static krb5_error_code 48 1.1 elric kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat); 49 1.1 elric 50 1.1 elric static const char *kcm_ipc_name = "ANY:org.h5l.kcm"; 51 1.1 elric 52 1.1 elric typedef struct krb5_kcmcache { 53 1.1 elric char *name; 54 1.1 elric } krb5_kcmcache; 55 1.1 elric 56 1.1 elric typedef struct krb5_kcm_cursor { 57 1.1 elric unsigned long offset; 58 1.1 elric unsigned long length; 59 1.1 elric kcmuuid_t *uuids; 60 1.1 elric } *krb5_kcm_cursor; 61 1.1 elric 62 1.1 elric 63 1.1 elric #define KCMCACHE(X) ((krb5_kcmcache *)(X)->data.data) 64 1.1 elric #define CACHENAME(X) (KCMCACHE(X)->name) 65 1.1 elric #define KCMCURSOR(C) ((krb5_kcm_cursor)(C)) 66 1.1 elric 67 1.1 elric static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER; 68 1.1 elric static heim_ipc kcm_ipc = NULL; 69 1.1 elric 70 1.1 elric static krb5_error_code 71 1.1 elric kcm_send_request(krb5_context context, 72 1.1 elric krb5_storage *request, 73 1.1 elric krb5_data *response_data) 74 1.1 elric { 75 1.1 elric krb5_error_code ret = 0; 76 1.1 elric krb5_data request_data; 77 1.1 elric 78 1.1 elric HEIMDAL_MUTEX_lock(&kcm_mutex); 79 1.1 elric if (kcm_ipc == NULL) 80 1.1 elric ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); 81 1.1 elric HEIMDAL_MUTEX_unlock(&kcm_mutex); 82 1.1 elric if (ret) 83 1.1 elric return KRB5_CC_NOSUPP; 84 1.1 elric 85 1.1 elric ret = krb5_storage_to_data(request, &request_data); 86 1.1 elric if (ret) { 87 1.1 elric krb5_clear_error_message(context); 88 1.1 elric return KRB5_CC_NOMEM; 89 1.1 elric } 90 1.1 elric 91 1.1 elric ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL); 92 1.1 elric krb5_data_free(&request_data); 93 1.1 elric 94 1.1 elric if (ret) { 95 1.1 elric krb5_clear_error_message(context); 96 1.1 elric ret = KRB5_CC_NOSUPP; 97 1.1 elric } 98 1.1 elric 99 1.1 elric return ret; 100 1.1 elric } 101 1.1 elric 102 1.1 elric KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 103 1.1 elric krb5_kcm_storage_request(krb5_context context, 104 1.1 elric uint16_t opcode, 105 1.1 elric krb5_storage **storage_p) 106 1.1 elric { 107 1.1 elric krb5_storage *sp; 108 1.1 elric krb5_error_code ret; 109 1.1 elric 110 1.1 elric *storage_p = NULL; 111 1.1 elric 112 1.1 elric sp = krb5_storage_emem(); 113 1.1 elric if (sp == NULL) { 114 1.1 elric krb5_set_error_message(context, KRB5_CC_NOMEM, N_("malloc: out of memory", "")); 115 1.1 elric return KRB5_CC_NOMEM; 116 1.1 elric } 117 1.1 elric 118 1.1 elric /* Send MAJOR | VERSION | OPCODE */ 119 1.1 elric ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR); 120 1.1 elric if (ret) 121 1.1 elric goto fail; 122 1.1 elric ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR); 123 1.1 elric if (ret) 124 1.1 elric goto fail; 125 1.1 elric ret = krb5_store_int16(sp, opcode); 126 1.1 elric if (ret) 127 1.1 elric goto fail; 128 1.1 elric 129 1.1 elric *storage_p = sp; 130 1.1 elric fail: 131 1.1 elric if (ret) { 132 1.1 elric krb5_set_error_message(context, ret, 133 1.1 elric N_("Failed to encode KCM request", "")); 134 1.1 elric krb5_storage_free(sp); 135 1.1 elric } 136 1.1 elric 137 1.1 elric return ret; 138 1.1 elric } 139 1.1 elric 140 1.1 elric static krb5_error_code 141 1.1 elric kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) 142 1.1 elric { 143 1.1 elric krb5_kcmcache *k; 144 1.1 elric 145 1.1 elric k = malloc(sizeof(*k)); 146 1.1 elric if (k == NULL) { 147 1.1 elric krb5_set_error_message(context, KRB5_CC_NOMEM, 148 1.1 elric N_("malloc: out of memory", "")); 149 1.1 elric return KRB5_CC_NOMEM; 150 1.1 elric } 151 1.1 elric 152 1.1 elric if (name != NULL) { 153 1.1 elric k->name = strdup(name); 154 1.1 elric if (k->name == NULL) { 155 1.1 elric free(k); 156 1.1 elric krb5_set_error_message(context, KRB5_CC_NOMEM, 157 1.1 elric N_("malloc: out of memory", "")); 158 1.1 elric return KRB5_CC_NOMEM; 159 1.1 elric } 160 1.1 elric } else 161 1.1 elric k->name = NULL; 162 1.2 christos 163 1.1 elric (*id)->data.data = k; 164 1.1 elric (*id)->data.length = sizeof(*k); 165 1.1 elric 166 1.1 elric return 0; 167 1.1 elric } 168 1.1 elric 169 1.1 elric KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 170 1.1 elric krb5_kcm_call(krb5_context context, 171 1.1 elric krb5_storage *request, 172 1.1 elric krb5_storage **response_p, 173 1.1 elric krb5_data *response_data_p) 174 1.1 elric { 175 1.1 elric krb5_data response_data; 176 1.1 elric krb5_error_code ret; 177 1.1 elric int32_t status; 178 1.1 elric krb5_storage *response; 179 1.1 elric 180 1.1 elric if (response_p != NULL) 181 1.1 elric *response_p = NULL; 182 1.1 elric 183 1.1 elric krb5_data_zero(&response_data); 184 1.1 elric 185 1.1 elric ret = kcm_send_request(context, request, &response_data); 186 1.1 elric if (ret) 187 1.1 elric return ret; 188 1.1 elric 189 1.1 elric response = krb5_storage_from_data(&response_data); 190 1.1 elric if (response == NULL) { 191 1.1 elric krb5_data_free(&response_data); 192 1.1 elric return KRB5_CC_IO; 193 1.1 elric } 194 1.1 elric 195 1.1 elric ret = krb5_ret_int32(response, &status); 196 1.1 elric if (ret) { 197 1.1 elric krb5_storage_free(response); 198 1.1 elric krb5_data_free(&response_data); 199 1.1 elric return KRB5_CC_FORMAT; 200 1.1 elric } 201 1.1 elric 202 1.1 elric if (status) { 203 1.1 elric krb5_storage_free(response); 204 1.1 elric krb5_data_free(&response_data); 205 1.1 elric return status; 206 1.1 elric } 207 1.1 elric 208 1.1 elric if (response_p != NULL) { 209 1.1 elric *response_data_p = response_data; 210 1.1 elric *response_p = response; 211 1.1 elric 212 1.1 elric return 0; 213 1.1 elric } 214 1.1 elric 215 1.1 elric krb5_storage_free(response); 216 1.1 elric krb5_data_free(&response_data); 217 1.1 elric 218 1.1 elric return 0; 219 1.1 elric } 220 1.1 elric 221 1.1 elric static void 222 1.1 elric kcm_free(krb5_context context, krb5_ccache *id) 223 1.1 elric { 224 1.1 elric krb5_kcmcache *k = KCMCACHE(*id); 225 1.1 elric 226 1.1 elric if (k != NULL) { 227 1.1 elric if (k->name != NULL) 228 1.1 elric free(k->name); 229 1.3 christos memset_s(k, sizeof(*k), 0, sizeof(*k)); 230 1.1 elric krb5_data_free(&(*id)->data); 231 1.1 elric } 232 1.1 elric } 233 1.1 elric 234 1.1 elric static const char * 235 1.1 elric kcm_get_name(krb5_context context, 236 1.1 elric krb5_ccache id) 237 1.1 elric { 238 1.1 elric return CACHENAME(id); 239 1.1 elric } 240 1.1 elric 241 1.1 elric static krb5_error_code 242 1.1 elric kcm_resolve(krb5_context context, krb5_ccache *id, const char *res) 243 1.1 elric { 244 1.1 elric return kcm_alloc(context, res, id); 245 1.1 elric } 246 1.1 elric 247 1.1 elric /* 248 1.1 elric * Request: 249 1.1 elric * 250 1.1 elric * Response: 251 1.1 elric * NameZ 252 1.1 elric */ 253 1.1 elric static krb5_error_code 254 1.1 elric kcm_gen_new(krb5_context context, krb5_ccache *id) 255 1.1 elric { 256 1.1 elric krb5_kcmcache *k; 257 1.1 elric krb5_error_code ret; 258 1.1 elric krb5_storage *request, *response; 259 1.1 elric krb5_data response_data; 260 1.1 elric 261 1.1 elric ret = kcm_alloc(context, NULL, id); 262 1.1 elric if (ret) 263 1.1 elric return ret; 264 1.1 elric 265 1.1 elric k = KCMCACHE(*id); 266 1.1 elric 267 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request); 268 1.1 elric if (ret) { 269 1.1 elric kcm_free(context, id); 270 1.1 elric return ret; 271 1.1 elric } 272 1.1 elric 273 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 274 1.1 elric if (ret) { 275 1.1 elric krb5_storage_free(request); 276 1.1 elric kcm_free(context, id); 277 1.1 elric return ret; 278 1.1 elric } 279 1.1 elric 280 1.1 elric ret = krb5_ret_stringz(response, &k->name); 281 1.1 elric if (ret) 282 1.1 elric ret = KRB5_CC_IO; 283 1.1 elric 284 1.1 elric krb5_storage_free(request); 285 1.1 elric krb5_storage_free(response); 286 1.1 elric krb5_data_free(&response_data); 287 1.1 elric 288 1.1 elric if (ret) 289 1.1 elric kcm_free(context, id); 290 1.1 elric 291 1.1 elric return ret; 292 1.1 elric } 293 1.1 elric 294 1.1 elric /* 295 1.1 elric * Request: 296 1.1 elric * NameZ 297 1.1 elric * Principal 298 1.1 elric * 299 1.1 elric * Response: 300 1.1 elric * 301 1.1 elric */ 302 1.1 elric static krb5_error_code 303 1.1 elric kcm_initialize(krb5_context context, 304 1.1 elric krb5_ccache id, 305 1.1 elric krb5_principal primary_principal) 306 1.1 elric { 307 1.1 elric krb5_error_code ret; 308 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 309 1.1 elric krb5_storage *request; 310 1.1 elric 311 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request); 312 1.1 elric if (ret) 313 1.1 elric return ret; 314 1.1 elric 315 1.1 elric ret = krb5_store_stringz(request, k->name); 316 1.1 elric if (ret) { 317 1.1 elric krb5_storage_free(request); 318 1.1 elric return ret; 319 1.1 elric } 320 1.1 elric 321 1.1 elric ret = krb5_store_principal(request, primary_principal); 322 1.1 elric if (ret) { 323 1.1 elric krb5_storage_free(request); 324 1.1 elric return ret; 325 1.1 elric } 326 1.1 elric 327 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 328 1.1 elric 329 1.1 elric krb5_storage_free(request); 330 1.1 elric 331 1.1 elric if (context->kdc_sec_offset) 332 1.1 elric kcm_set_kdc_offset(context, id, context->kdc_sec_offset); 333 1.1 elric 334 1.1 elric return ret; 335 1.1 elric } 336 1.1 elric 337 1.1 elric static krb5_error_code 338 1.1 elric kcm_close(krb5_context context, 339 1.1 elric krb5_ccache id) 340 1.1 elric { 341 1.1 elric kcm_free(context, &id); 342 1.1 elric return 0; 343 1.1 elric } 344 1.1 elric 345 1.1 elric /* 346 1.1 elric * Request: 347 1.1 elric * NameZ 348 1.1 elric * 349 1.1 elric * Response: 350 1.1 elric * 351 1.1 elric */ 352 1.1 elric static krb5_error_code 353 1.1 elric kcm_destroy(krb5_context context, 354 1.1 elric krb5_ccache id) 355 1.1 elric { 356 1.1 elric krb5_error_code ret; 357 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 358 1.1 elric krb5_storage *request; 359 1.1 elric 360 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request); 361 1.1 elric if (ret) 362 1.1 elric return ret; 363 1.1 elric 364 1.1 elric ret = krb5_store_stringz(request, k->name); 365 1.1 elric if (ret) { 366 1.1 elric krb5_storage_free(request); 367 1.1 elric return ret; 368 1.1 elric } 369 1.1 elric 370 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 371 1.1 elric 372 1.1 elric krb5_storage_free(request); 373 1.1 elric return ret; 374 1.1 elric } 375 1.1 elric 376 1.1 elric /* 377 1.1 elric * Request: 378 1.1 elric * NameZ 379 1.1 elric * Creds 380 1.1 elric * 381 1.1 elric * Response: 382 1.1 elric * 383 1.1 elric */ 384 1.1 elric static krb5_error_code 385 1.1 elric kcm_store_cred(krb5_context context, 386 1.1 elric krb5_ccache id, 387 1.1 elric krb5_creds *creds) 388 1.1 elric { 389 1.1 elric krb5_error_code ret; 390 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 391 1.1 elric krb5_storage *request; 392 1.1 elric 393 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request); 394 1.1 elric if (ret) 395 1.1 elric return ret; 396 1.1 elric 397 1.1 elric ret = krb5_store_stringz(request, k->name); 398 1.1 elric if (ret) { 399 1.1 elric krb5_storage_free(request); 400 1.1 elric return ret; 401 1.1 elric } 402 1.1 elric 403 1.1 elric ret = krb5_store_creds(request, creds); 404 1.1 elric if (ret) { 405 1.1 elric krb5_storage_free(request); 406 1.1 elric return ret; 407 1.1 elric } 408 1.1 elric 409 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 410 1.1 elric 411 1.1 elric krb5_storage_free(request); 412 1.1 elric return ret; 413 1.1 elric } 414 1.1 elric 415 1.1 elric #if 0 416 1.1 elric /* 417 1.1 elric * Request: 418 1.1 elric * NameZ 419 1.1 elric * WhichFields 420 1.1 elric * MatchCreds 421 1.1 elric * 422 1.1 elric * Response: 423 1.1 elric * Creds 424 1.1 elric * 425 1.1 elric */ 426 1.1 elric static krb5_error_code 427 1.1 elric kcm_retrieve(krb5_context context, 428 1.1 elric krb5_ccache id, 429 1.1 elric krb5_flags which, 430 1.1 elric const krb5_creds *mcred, 431 1.1 elric krb5_creds *creds) 432 1.1 elric { 433 1.1 elric krb5_error_code ret; 434 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 435 1.1 elric krb5_storage *request, *response; 436 1.1 elric krb5_data response_data; 437 1.1 elric 438 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); 439 1.1 elric if (ret) 440 1.1 elric return ret; 441 1.1 elric 442 1.1 elric ret = krb5_store_stringz(request, k->name); 443 1.1 elric if (ret) { 444 1.1 elric krb5_storage_free(request); 445 1.1 elric return ret; 446 1.1 elric } 447 1.1 elric 448 1.1 elric ret = krb5_store_int32(request, which); 449 1.1 elric if (ret) { 450 1.1 elric krb5_storage_free(request); 451 1.1 elric return ret; 452 1.1 elric } 453 1.1 elric 454 1.1 elric ret = krb5_store_creds_tag(request, rk_UNCONST(mcred)); 455 1.1 elric if (ret) { 456 1.1 elric krb5_storage_free(request); 457 1.1 elric return ret; 458 1.1 elric } 459 1.1 elric 460 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 461 1.1 elric if (ret) { 462 1.1 elric krb5_storage_free(request); 463 1.1 elric return ret; 464 1.1 elric } 465 1.1 elric 466 1.1 elric ret = krb5_ret_creds(response, creds); 467 1.1 elric if (ret) 468 1.1 elric ret = KRB5_CC_IO; 469 1.1 elric 470 1.1 elric krb5_storage_free(request); 471 1.1 elric krb5_storage_free(response); 472 1.1 elric krb5_data_free(&response_data); 473 1.1 elric 474 1.1 elric return ret; 475 1.1 elric } 476 1.1 elric #endif 477 1.1 elric 478 1.1 elric /* 479 1.1 elric * Request: 480 1.1 elric * NameZ 481 1.1 elric * 482 1.1 elric * Response: 483 1.1 elric * Principal 484 1.1 elric */ 485 1.1 elric static krb5_error_code 486 1.1 elric kcm_get_principal(krb5_context context, 487 1.1 elric krb5_ccache id, 488 1.1 elric krb5_principal *principal) 489 1.1 elric { 490 1.1 elric krb5_error_code ret; 491 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 492 1.1 elric krb5_storage *request, *response; 493 1.1 elric krb5_data response_data; 494 1.1 elric 495 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); 496 1.1 elric if (ret) 497 1.1 elric return ret; 498 1.1 elric 499 1.1 elric ret = krb5_store_stringz(request, k->name); 500 1.1 elric if (ret) { 501 1.1 elric krb5_storage_free(request); 502 1.1 elric return ret; 503 1.1 elric } 504 1.1 elric 505 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 506 1.1 elric if (ret) { 507 1.1 elric krb5_storage_free(request); 508 1.1 elric return ret; 509 1.1 elric } 510 1.1 elric 511 1.1 elric ret = krb5_ret_principal(response, principal); 512 1.1 elric if (ret) 513 1.1 elric ret = KRB5_CC_IO; 514 1.1 elric 515 1.1 elric krb5_storage_free(request); 516 1.1 elric krb5_storage_free(response); 517 1.1 elric krb5_data_free(&response_data); 518 1.1 elric 519 1.1 elric return ret; 520 1.1 elric } 521 1.1 elric 522 1.1 elric /* 523 1.1 elric * Request: 524 1.1 elric * NameZ 525 1.1 elric * 526 1.1 elric * Response: 527 1.1 elric * Cursor 528 1.1 elric * 529 1.1 elric */ 530 1.1 elric static krb5_error_code 531 1.1 elric kcm_get_first (krb5_context context, 532 1.1 elric krb5_ccache id, 533 1.1 elric krb5_cc_cursor *cursor) 534 1.1 elric { 535 1.1 elric krb5_error_code ret; 536 1.1 elric krb5_kcm_cursor c; 537 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 538 1.1 elric krb5_storage *request, *response; 539 1.1 elric krb5_data response_data; 540 1.1 elric 541 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request); 542 1.1 elric if (ret) 543 1.1 elric return ret; 544 1.1 elric 545 1.1 elric ret = krb5_store_stringz(request, k->name); 546 1.1 elric if (ret) { 547 1.1 elric krb5_storage_free(request); 548 1.1 elric return ret; 549 1.1 elric } 550 1.1 elric 551 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 552 1.1 elric krb5_storage_free(request); 553 1.1 elric if (ret) 554 1.1 elric return ret; 555 1.1 elric 556 1.1 elric c = calloc(1, sizeof(*c)); 557 1.1 elric if (c == NULL) { 558 1.2 christos ret = krb5_enomem(context); 559 1.1 elric return ret; 560 1.1 elric } 561 1.1 elric 562 1.1 elric while (1) { 563 1.1 elric ssize_t sret; 564 1.1 elric kcmuuid_t uuid; 565 1.1 elric void *ptr; 566 1.1 elric 567 1.1 elric sret = krb5_storage_read(response, &uuid, sizeof(uuid)); 568 1.1 elric if (sret == 0) { 569 1.1 elric ret = 0; 570 1.1 elric break; 571 1.1 elric } else if (sret != sizeof(uuid)) { 572 1.1 elric ret = EINVAL; 573 1.1 elric break; 574 1.1 elric } 575 1.1 elric 576 1.1 elric ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); 577 1.1 elric if (ptr == NULL) { 578 1.1 elric free(c->uuids); 579 1.1 elric free(c); 580 1.2 christos return krb5_enomem(context); 581 1.1 elric } 582 1.1 elric c->uuids = ptr; 583 1.1 elric 584 1.1 elric memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); 585 1.1 elric c->length += 1; 586 1.1 elric } 587 1.1 elric 588 1.1 elric krb5_storage_free(response); 589 1.1 elric krb5_data_free(&response_data); 590 1.1 elric 591 1.1 elric if (ret) { 592 1.1 elric free(c->uuids); 593 1.1 elric free(c); 594 1.1 elric return ret; 595 1.1 elric } 596 1.1 elric 597 1.1 elric *cursor = c; 598 1.1 elric 599 1.1 elric return 0; 600 1.1 elric } 601 1.1 elric 602 1.1 elric /* 603 1.1 elric * Request: 604 1.1 elric * NameZ 605 1.1 elric * Cursor 606 1.1 elric * 607 1.1 elric * Response: 608 1.1 elric * Creds 609 1.1 elric */ 610 1.1 elric static krb5_error_code 611 1.1 elric kcm_get_next (krb5_context context, 612 1.1 elric krb5_ccache id, 613 1.1 elric krb5_cc_cursor *cursor, 614 1.1 elric krb5_creds *creds) 615 1.1 elric { 616 1.1 elric krb5_error_code ret; 617 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 618 1.1 elric krb5_kcm_cursor c = KCMCURSOR(*cursor); 619 1.1 elric krb5_storage *request, *response; 620 1.1 elric krb5_data response_data; 621 1.1 elric ssize_t sret; 622 1.1 elric 623 1.1 elric again: 624 1.1 elric 625 1.1 elric if (c->offset >= c->length) 626 1.1 elric return KRB5_CC_END; 627 1.1 elric 628 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); 629 1.1 elric if (ret) 630 1.1 elric return ret; 631 1.1 elric 632 1.1 elric ret = krb5_store_stringz(request, k->name); 633 1.1 elric if (ret) { 634 1.1 elric krb5_storage_free(request); 635 1.1 elric return ret; 636 1.1 elric } 637 1.1 elric 638 1.2 christos sret = krb5_storage_write(request, 639 1.1 elric &c->uuids[c->offset], 640 1.1 elric sizeof(c->uuids[c->offset])); 641 1.1 elric c->offset++; 642 1.1 elric if (sret != sizeof(c->uuids[c->offset])) { 643 1.1 elric krb5_storage_free(request); 644 1.1 elric krb5_clear_error_message(context); 645 1.1 elric return ENOMEM; 646 1.1 elric } 647 1.1 elric 648 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 649 1.1 elric krb5_storage_free(request); 650 1.1 elric if (ret == KRB5_CC_END) { 651 1.1 elric goto again; 652 1.1 elric } 653 1.1 elric 654 1.1 elric ret = krb5_ret_creds(response, creds); 655 1.1 elric if (ret) 656 1.1 elric ret = KRB5_CC_IO; 657 1.1 elric 658 1.1 elric krb5_storage_free(response); 659 1.1 elric krb5_data_free(&response_data); 660 1.1 elric 661 1.1 elric return ret; 662 1.1 elric } 663 1.1 elric 664 1.1 elric /* 665 1.1 elric * Request: 666 1.1 elric * NameZ 667 1.1 elric * Cursor 668 1.1 elric * 669 1.1 elric * Response: 670 1.1 elric * 671 1.1 elric */ 672 1.1 elric static krb5_error_code 673 1.1 elric kcm_end_get (krb5_context context, 674 1.1 elric krb5_ccache id, 675 1.1 elric krb5_cc_cursor *cursor) 676 1.1 elric { 677 1.1 elric krb5_kcm_cursor c = KCMCURSOR(*cursor); 678 1.1 elric 679 1.1 elric free(c->uuids); 680 1.1 elric free(c); 681 1.1 elric 682 1.1 elric *cursor = NULL; 683 1.1 elric 684 1.1 elric return 0; 685 1.1 elric } 686 1.1 elric 687 1.1 elric /* 688 1.1 elric * Request: 689 1.1 elric * NameZ 690 1.1 elric * WhichFields 691 1.1 elric * MatchCreds 692 1.1 elric * 693 1.1 elric * Response: 694 1.1 elric * 695 1.1 elric */ 696 1.1 elric static krb5_error_code 697 1.1 elric kcm_remove_cred(krb5_context context, 698 1.1 elric krb5_ccache id, 699 1.1 elric krb5_flags which, 700 1.1 elric krb5_creds *cred) 701 1.1 elric { 702 1.1 elric krb5_error_code ret; 703 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 704 1.1 elric krb5_storage *request; 705 1.1 elric 706 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); 707 1.1 elric if (ret) 708 1.1 elric return ret; 709 1.1 elric 710 1.1 elric ret = krb5_store_stringz(request, k->name); 711 1.1 elric if (ret) { 712 1.1 elric krb5_storage_free(request); 713 1.1 elric return ret; 714 1.1 elric } 715 1.1 elric 716 1.1 elric ret = krb5_store_int32(request, which); 717 1.1 elric if (ret) { 718 1.1 elric krb5_storage_free(request); 719 1.1 elric return ret; 720 1.1 elric } 721 1.1 elric 722 1.1 elric ret = krb5_store_creds_tag(request, cred); 723 1.1 elric if (ret) { 724 1.1 elric krb5_storage_free(request); 725 1.1 elric return ret; 726 1.1 elric } 727 1.1 elric 728 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 729 1.1 elric 730 1.1 elric krb5_storage_free(request); 731 1.1 elric return ret; 732 1.1 elric } 733 1.1 elric 734 1.1 elric static krb5_error_code 735 1.1 elric kcm_set_flags(krb5_context context, 736 1.1 elric krb5_ccache id, 737 1.1 elric krb5_flags flags) 738 1.1 elric { 739 1.1 elric krb5_error_code ret; 740 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 741 1.1 elric krb5_storage *request; 742 1.1 elric 743 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); 744 1.1 elric if (ret) 745 1.1 elric return ret; 746 1.1 elric 747 1.1 elric ret = krb5_store_stringz(request, k->name); 748 1.1 elric if (ret) { 749 1.1 elric krb5_storage_free(request); 750 1.1 elric return ret; 751 1.1 elric } 752 1.1 elric 753 1.1 elric ret = krb5_store_int32(request, flags); 754 1.1 elric if (ret) { 755 1.1 elric krb5_storage_free(request); 756 1.1 elric return ret; 757 1.1 elric } 758 1.1 elric 759 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 760 1.1 elric 761 1.1 elric krb5_storage_free(request); 762 1.1 elric return ret; 763 1.1 elric } 764 1.1 elric 765 1.1 elric static int 766 1.1 elric kcm_get_version(krb5_context context, 767 1.1 elric krb5_ccache id) 768 1.1 elric { 769 1.1 elric return 0; 770 1.1 elric } 771 1.1 elric 772 1.1 elric /* 773 1.1 elric * Send nothing 774 1.1 elric * get back list of uuids 775 1.1 elric */ 776 1.1 elric 777 1.1 elric static krb5_error_code 778 1.1 elric kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 779 1.1 elric { 780 1.1 elric krb5_error_code ret; 781 1.1 elric krb5_kcm_cursor c; 782 1.1 elric krb5_storage *request, *response; 783 1.1 elric krb5_data response_data; 784 1.1 elric 785 1.1 elric *cursor = NULL; 786 1.1 elric 787 1.1 elric c = calloc(1, sizeof(*c)); 788 1.1 elric if (c == NULL) { 789 1.2 christos ret = krb5_enomem(context); 790 1.1 elric goto out; 791 1.1 elric } 792 1.1 elric 793 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request); 794 1.1 elric if (ret) 795 1.1 elric goto out; 796 1.1 elric 797 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 798 1.1 elric krb5_storage_free(request); 799 1.1 elric if (ret) 800 1.1 elric goto out; 801 1.1 elric 802 1.1 elric while (1) { 803 1.1 elric ssize_t sret; 804 1.1 elric kcmuuid_t uuid; 805 1.1 elric void *ptr; 806 1.1 elric 807 1.1 elric sret = krb5_storage_read(response, &uuid, sizeof(uuid)); 808 1.1 elric if (sret == 0) { 809 1.1 elric ret = 0; 810 1.1 elric break; 811 1.1 elric } else if (sret != sizeof(uuid)) { 812 1.1 elric ret = EINVAL; 813 1.1 elric goto out; 814 1.1 elric } 815 1.1 elric 816 1.1 elric ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); 817 1.1 elric if (ptr == NULL) { 818 1.2 christos ret = krb5_enomem(context); 819 1.1 elric goto out; 820 1.1 elric } 821 1.1 elric c->uuids = ptr; 822 1.1 elric 823 1.1 elric memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); 824 1.1 elric c->length += 1; 825 1.1 elric } 826 1.1 elric 827 1.1 elric krb5_storage_free(response); 828 1.1 elric krb5_data_free(&response_data); 829 1.1 elric 830 1.1 elric out: 831 1.1 elric if (ret && c) { 832 1.1 elric free(c->uuids); 833 1.1 elric free(c); 834 1.2 christos } else 835 1.1 elric *cursor = c; 836 1.1 elric 837 1.1 elric return ret; 838 1.1 elric } 839 1.1 elric 840 1.1 elric /* 841 1.1 elric * Send uuid 842 1.1 elric * Recv cache name 843 1.1 elric */ 844 1.1 elric 845 1.1 elric static krb5_error_code 846 1.1 elric kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id) 847 1.1 elric { 848 1.1 elric krb5_error_code ret; 849 1.1 elric krb5_kcm_cursor c = KCMCURSOR(cursor); 850 1.1 elric krb5_storage *request, *response; 851 1.1 elric krb5_data response_data; 852 1.1 elric ssize_t sret; 853 1.1 elric char *name; 854 1.1 elric 855 1.1 elric *id = NULL; 856 1.1 elric 857 1.1 elric again: 858 1.1 elric 859 1.1 elric if (c->offset >= c->length) 860 1.1 elric return KRB5_CC_END; 861 1.1 elric 862 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request); 863 1.1 elric if (ret) 864 1.1 elric return ret; 865 1.1 elric 866 1.2 christos sret = krb5_storage_write(request, 867 1.1 elric &c->uuids[c->offset], 868 1.1 elric sizeof(c->uuids[c->offset])); 869 1.1 elric c->offset++; 870 1.1 elric if (sret != sizeof(c->uuids[c->offset])) { 871 1.1 elric krb5_storage_free(request); 872 1.1 elric krb5_clear_error_message(context); 873 1.1 elric return ENOMEM; 874 1.1 elric } 875 1.1 elric 876 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 877 1.1 elric krb5_storage_free(request); 878 1.1 elric if (ret == KRB5_CC_END) 879 1.1 elric goto again; 880 1.1 elric 881 1.1 elric ret = krb5_ret_stringz(response, &name); 882 1.1 elric krb5_storage_free(response); 883 1.1 elric krb5_data_free(&response_data); 884 1.1 elric 885 1.1 elric if (ret == 0) { 886 1.1 elric ret = _krb5_cc_allocate(context, ops, id); 887 1.1 elric if (ret == 0) 888 1.1 elric ret = kcm_alloc(context, name, id); 889 1.1 elric krb5_xfree(name); 890 1.1 elric } 891 1.1 elric 892 1.1 elric return ret; 893 1.1 elric } 894 1.1 elric 895 1.1 elric static krb5_error_code 896 1.1 elric kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 897 1.1 elric { 898 1.1 elric #ifndef KCM_IS_API_CACHE 899 1.1 elric return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id); 900 1.1 elric #else 901 1.1 elric return KRB5_CC_END; 902 1.1 elric #endif 903 1.1 elric } 904 1.1 elric 905 1.1 elric static krb5_error_code 906 1.1 elric kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 907 1.1 elric { 908 1.1 elric return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id); 909 1.1 elric } 910 1.1 elric 911 1.1 elric 912 1.1 elric static krb5_error_code 913 1.1 elric kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 914 1.1 elric { 915 1.1 elric krb5_kcm_cursor c = KCMCURSOR(cursor); 916 1.1 elric 917 1.1 elric free(c->uuids); 918 1.1 elric free(c); 919 1.1 elric return 0; 920 1.1 elric } 921 1.1 elric 922 1.1 elric 923 1.1 elric static krb5_error_code 924 1.1 elric kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) 925 1.1 elric { 926 1.1 elric krb5_error_code ret; 927 1.1 elric krb5_kcmcache *oldk = KCMCACHE(from); 928 1.1 elric krb5_kcmcache *newk = KCMCACHE(to); 929 1.1 elric krb5_storage *request; 930 1.1 elric 931 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); 932 1.1 elric if (ret) 933 1.1 elric return ret; 934 1.1 elric 935 1.1 elric ret = krb5_store_stringz(request, oldk->name); 936 1.1 elric if (ret) { 937 1.1 elric krb5_storage_free(request); 938 1.1 elric return ret; 939 1.1 elric } 940 1.1 elric 941 1.1 elric ret = krb5_store_stringz(request, newk->name); 942 1.1 elric if (ret) { 943 1.1 elric krb5_storage_free(request); 944 1.1 elric return ret; 945 1.1 elric } 946 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 947 1.1 elric 948 1.1 elric krb5_storage_free(request); 949 1.1 elric return ret; 950 1.1 elric } 951 1.1 elric 952 1.1 elric static krb5_error_code 953 1.2 christos kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, 954 1.1 elric const char *defstr, char **str) 955 1.1 elric { 956 1.1 elric krb5_error_code ret; 957 1.1 elric krb5_storage *request, *response; 958 1.1 elric krb5_data response_data; 959 1.1 elric char *name; 960 1.2 christos int aret; 961 1.2 christos 962 1.1 elric *str = NULL; 963 1.1 elric 964 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request); 965 1.1 elric if (ret) 966 1.1 elric return ret; 967 1.1 elric 968 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 969 1.1 elric krb5_storage_free(request); 970 1.1 elric if (ret) 971 1.1 elric return _krb5_expand_default_cc_name(context, defstr, str); 972 1.1 elric 973 1.1 elric ret = krb5_ret_stringz(response, &name); 974 1.1 elric krb5_storage_free(response); 975 1.1 elric krb5_data_free(&response_data); 976 1.1 elric if (ret) 977 1.1 elric return ret; 978 1.1 elric 979 1.2 christos aret = asprintf(str, "%s:%s", ops->prefix, name); 980 1.1 elric free(name); 981 1.2 christos if (aret == -1 || str == NULL) 982 1.1 elric return ENOMEM; 983 1.1 elric 984 1.1 elric return 0; 985 1.1 elric } 986 1.1 elric 987 1.1 elric static krb5_error_code 988 1.1 elric kcm_get_default_name_api(krb5_context context, char **str) 989 1.1 elric { 990 1.1 elric return kcm_get_default_name(context, &krb5_akcm_ops, 991 1.1 elric KRB5_DEFAULT_CCNAME_KCM_API, str); 992 1.1 elric } 993 1.1 elric 994 1.1 elric static krb5_error_code 995 1.1 elric kcm_get_default_name_kcm(krb5_context context, char **str) 996 1.1 elric { 997 1.1 elric return kcm_get_default_name(context, &krb5_kcm_ops, 998 1.1 elric KRB5_DEFAULT_CCNAME_KCM_KCM, str); 999 1.1 elric } 1000 1.1 elric 1001 1.1 elric static krb5_error_code 1002 1.1 elric kcm_set_default(krb5_context context, krb5_ccache id) 1003 1.1 elric { 1004 1.1 elric krb5_error_code ret; 1005 1.1 elric krb5_storage *request; 1006 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 1007 1.1 elric 1008 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request); 1009 1.1 elric if (ret) 1010 1.1 elric return ret; 1011 1.1 elric 1012 1.1 elric ret = krb5_store_stringz(request, k->name); 1013 1.1 elric if (ret) { 1014 1.1 elric krb5_storage_free(request); 1015 1.1 elric return ret; 1016 1.1 elric } 1017 1.1 elric 1018 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 1019 1.1 elric krb5_storage_free(request); 1020 1.1 elric 1021 1.1 elric return ret; 1022 1.1 elric } 1023 1.1 elric 1024 1.1 elric static krb5_error_code 1025 1.1 elric kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) 1026 1.1 elric { 1027 1.1 elric *mtime = time(NULL); 1028 1.1 elric return 0; 1029 1.1 elric } 1030 1.1 elric 1031 1.1 elric static krb5_error_code 1032 1.1 elric kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) 1033 1.1 elric { 1034 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 1035 1.1 elric krb5_error_code ret; 1036 1.1 elric krb5_storage *request; 1037 1.2 christos 1038 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request); 1039 1.1 elric if (ret) 1040 1.1 elric return ret; 1041 1.1 elric 1042 1.1 elric ret = krb5_store_stringz(request, k->name); 1043 1.1 elric if (ret) { 1044 1.1 elric krb5_storage_free(request); 1045 1.1 elric return ret; 1046 1.1 elric } 1047 1.1 elric ret = krb5_store_int32(request, kdc_offset); 1048 1.1 elric if (ret) { 1049 1.1 elric krb5_storage_free(request); 1050 1.1 elric return ret; 1051 1.1 elric } 1052 1.1 elric 1053 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 1054 1.1 elric krb5_storage_free(request); 1055 1.1 elric 1056 1.1 elric return ret; 1057 1.1 elric } 1058 1.1 elric 1059 1.1 elric static krb5_error_code 1060 1.1 elric kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) 1061 1.1 elric { 1062 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 1063 1.1 elric krb5_error_code ret; 1064 1.1 elric krb5_storage *request, *response; 1065 1.1 elric krb5_data response_data; 1066 1.1 elric int32_t offset; 1067 1.2 christos 1068 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request); 1069 1.1 elric if (ret) 1070 1.1 elric return ret; 1071 1.1 elric 1072 1.1 elric ret = krb5_store_stringz(request, k->name); 1073 1.1 elric if (ret) { 1074 1.1 elric krb5_storage_free(request); 1075 1.1 elric return ret; 1076 1.1 elric } 1077 1.1 elric 1078 1.1 elric ret = krb5_kcm_call(context, request, &response, &response_data); 1079 1.1 elric krb5_storage_free(request); 1080 1.1 elric if (ret) 1081 1.1 elric return ret; 1082 1.1 elric 1083 1.1 elric ret = krb5_ret_int32(response, &offset); 1084 1.1 elric krb5_storage_free(response); 1085 1.1 elric krb5_data_free(&response_data); 1086 1.1 elric if (ret) 1087 1.1 elric return ret; 1088 1.1 elric 1089 1.1 elric *kdc_offset = offset; 1090 1.1 elric 1091 1.1 elric return 0; 1092 1.1 elric } 1093 1.1 elric 1094 1.1 elric /** 1095 1.1 elric * Variable containing the KCM based credential cache implemention. 1096 1.1 elric * 1097 1.1 elric * @ingroup krb5_ccache 1098 1.1 elric */ 1099 1.1 elric 1100 1.1 elric KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { 1101 1.1 elric KRB5_CC_OPS_VERSION, 1102 1.1 elric "KCM", 1103 1.1 elric kcm_get_name, 1104 1.1 elric kcm_resolve, 1105 1.1 elric kcm_gen_new, 1106 1.1 elric kcm_initialize, 1107 1.1 elric kcm_destroy, 1108 1.1 elric kcm_close, 1109 1.1 elric kcm_store_cred, 1110 1.1 elric NULL /* kcm_retrieve */, 1111 1.1 elric kcm_get_principal, 1112 1.1 elric kcm_get_first, 1113 1.1 elric kcm_get_next, 1114 1.1 elric kcm_end_get, 1115 1.1 elric kcm_remove_cred, 1116 1.1 elric kcm_set_flags, 1117 1.1 elric kcm_get_version, 1118 1.1 elric kcm_get_cache_first, 1119 1.1 elric kcm_get_cache_next_kcm, 1120 1.1 elric kcm_end_cache_get, 1121 1.1 elric kcm_move, 1122 1.1 elric kcm_get_default_name_kcm, 1123 1.1 elric kcm_set_default, 1124 1.1 elric kcm_lastchange, 1125 1.1 elric kcm_set_kdc_offset, 1126 1.1 elric kcm_get_kdc_offset 1127 1.1 elric }; 1128 1.1 elric 1129 1.1 elric KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = { 1130 1.1 elric KRB5_CC_OPS_VERSION, 1131 1.1 elric "API", 1132 1.1 elric kcm_get_name, 1133 1.1 elric kcm_resolve, 1134 1.1 elric kcm_gen_new, 1135 1.1 elric kcm_initialize, 1136 1.1 elric kcm_destroy, 1137 1.1 elric kcm_close, 1138 1.1 elric kcm_store_cred, 1139 1.1 elric NULL /* kcm_retrieve */, 1140 1.1 elric kcm_get_principal, 1141 1.1 elric kcm_get_first, 1142 1.1 elric kcm_get_next, 1143 1.1 elric kcm_end_get, 1144 1.1 elric kcm_remove_cred, 1145 1.1 elric kcm_set_flags, 1146 1.1 elric kcm_get_version, 1147 1.1 elric kcm_get_cache_first, 1148 1.1 elric kcm_get_cache_next_api, 1149 1.1 elric kcm_end_cache_get, 1150 1.1 elric kcm_move, 1151 1.1 elric kcm_get_default_name_api, 1152 1.1 elric kcm_set_default, 1153 1.2 christos kcm_lastchange, 1154 1.2 christos NULL, 1155 1.2 christos NULL 1156 1.1 elric }; 1157 1.1 elric 1158 1.1 elric 1159 1.2 christos KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 1160 1.1 elric _krb5_kcm_is_running(krb5_context context) 1161 1.1 elric { 1162 1.1 elric krb5_error_code ret; 1163 1.1 elric krb5_ccache_data ccdata; 1164 1.1 elric krb5_ccache id = &ccdata; 1165 1.1 elric krb5_boolean running; 1166 1.1 elric 1167 1.1 elric ret = kcm_alloc(context, NULL, &id); 1168 1.1 elric if (ret) 1169 1.1 elric return 0; 1170 1.1 elric 1171 1.1 elric running = (_krb5_kcm_noop(context, id) == 0); 1172 1.1 elric 1173 1.1 elric kcm_free(context, &id); 1174 1.1 elric 1175 1.1 elric return running; 1176 1.1 elric } 1177 1.1 elric 1178 1.1 elric /* 1179 1.1 elric * Request: 1180 1.1 elric * 1181 1.1 elric * Response: 1182 1.1 elric * 1183 1.1 elric */ 1184 1.2 christos KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1185 1.1 elric _krb5_kcm_noop(krb5_context context, 1186 1.1 elric krb5_ccache id) 1187 1.1 elric { 1188 1.1 elric krb5_error_code ret; 1189 1.1 elric krb5_storage *request; 1190 1.1 elric 1191 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request); 1192 1.1 elric if (ret) 1193 1.1 elric return ret; 1194 1.1 elric 1195 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 1196 1.1 elric 1197 1.1 elric krb5_storage_free(request); 1198 1.1 elric return ret; 1199 1.1 elric } 1200 1.1 elric 1201 1.1 elric 1202 1.1 elric /* 1203 1.1 elric * Request: 1204 1.1 elric * NameZ 1205 1.1 elric * ServerPrincipalPresent 1206 1.1 elric * ServerPrincipal OPTIONAL 1207 1.1 elric * Key 1208 1.1 elric * 1209 1.1 elric * Repsonse: 1210 1.1 elric * 1211 1.1 elric */ 1212 1.2 christos KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1213 1.1 elric _krb5_kcm_get_initial_ticket(krb5_context context, 1214 1.1 elric krb5_ccache id, 1215 1.1 elric krb5_principal server, 1216 1.1 elric krb5_keyblock *key) 1217 1.1 elric { 1218 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 1219 1.1 elric krb5_error_code ret; 1220 1.1 elric krb5_storage *request; 1221 1.1 elric 1222 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); 1223 1.1 elric if (ret) 1224 1.1 elric return ret; 1225 1.1 elric 1226 1.1 elric ret = krb5_store_stringz(request, k->name); 1227 1.1 elric if (ret) { 1228 1.1 elric krb5_storage_free(request); 1229 1.1 elric return ret; 1230 1.1 elric } 1231 1.1 elric 1232 1.1 elric ret = krb5_store_int8(request, (server == NULL) ? 0 : 1); 1233 1.1 elric if (ret) { 1234 1.1 elric krb5_storage_free(request); 1235 1.1 elric return ret; 1236 1.1 elric } 1237 1.1 elric 1238 1.1 elric if (server != NULL) { 1239 1.1 elric ret = krb5_store_principal(request, server); 1240 1.1 elric if (ret) { 1241 1.1 elric krb5_storage_free(request); 1242 1.1 elric return ret; 1243 1.1 elric } 1244 1.1 elric } 1245 1.1 elric 1246 1.1 elric ret = krb5_store_keyblock(request, *key); 1247 1.1 elric if (ret) { 1248 1.1 elric krb5_storage_free(request); 1249 1.1 elric return ret; 1250 1.1 elric } 1251 1.1 elric 1252 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 1253 1.1 elric 1254 1.1 elric krb5_storage_free(request); 1255 1.1 elric return ret; 1256 1.1 elric } 1257 1.1 elric 1258 1.1 elric 1259 1.1 elric /* 1260 1.1 elric * Request: 1261 1.1 elric * NameZ 1262 1.1 elric * KDCFlags 1263 1.1 elric * EncryptionType 1264 1.1 elric * ServerPrincipal 1265 1.1 elric * 1266 1.1 elric * Repsonse: 1267 1.1 elric * 1268 1.1 elric */ 1269 1.2 christos KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1270 1.1 elric _krb5_kcm_get_ticket(krb5_context context, 1271 1.1 elric krb5_ccache id, 1272 1.1 elric krb5_kdc_flags flags, 1273 1.1 elric krb5_enctype enctype, 1274 1.1 elric krb5_principal server) 1275 1.1 elric { 1276 1.1 elric krb5_error_code ret; 1277 1.1 elric krb5_kcmcache *k = KCMCACHE(id); 1278 1.1 elric krb5_storage *request; 1279 1.1 elric 1280 1.1 elric ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request); 1281 1.1 elric if (ret) 1282 1.1 elric return ret; 1283 1.1 elric 1284 1.1 elric ret = krb5_store_stringz(request, k->name); 1285 1.1 elric if (ret) { 1286 1.1 elric krb5_storage_free(request); 1287 1.1 elric return ret; 1288 1.1 elric } 1289 1.1 elric 1290 1.1 elric ret = krb5_store_int32(request, flags.i); 1291 1.1 elric if (ret) { 1292 1.1 elric krb5_storage_free(request); 1293 1.1 elric return ret; 1294 1.1 elric } 1295 1.1 elric 1296 1.1 elric ret = krb5_store_int32(request, enctype); 1297 1.1 elric if (ret) { 1298 1.1 elric krb5_storage_free(request); 1299 1.1 elric return ret; 1300 1.1 elric } 1301 1.1 elric 1302 1.1 elric ret = krb5_store_principal(request, server); 1303 1.1 elric if (ret) { 1304 1.1 elric krb5_storage_free(request); 1305 1.1 elric return ret; 1306 1.1 elric } 1307 1.1 elric 1308 1.1 elric ret = krb5_kcm_call(context, request, NULL, NULL); 1309 1.1 elric 1310 1.1 elric krb5_storage_free(request); 1311 1.1 elric return ret; 1312 1.1 elric } 1313 1.1 elric 1314 1.1 elric #endif /* HAVE_KCM */ 1315
Indexes created Tue Mar 17 00:23:13 UTC 2026