1 1.1 elric /* $NetBSD: scache.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1 elric * Copyright (c) 2008 Kungliga Tekniska Hgskolan 5 1.1 elric * (Royal Institute of Technology, Stockholm, Sweden). 6 1.1 elric * All rights reserved. 7 1.1 elric * 8 1.1 elric * Redistribution and use in source and binary forms, with or without 9 1.1 elric * modification, are permitted provided that the following conditions 10 1.1 elric * are met: 11 1.1 elric * 12 1.1 elric * 1. Redistributions of source code must retain the above copyright 13 1.1 elric * notice, this list of conditions and the following disclaimer. 14 1.1 elric * 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * 3. Neither the name of the Institute nor the names of its contributors 20 1.1 elric * may be used to endorse or promote products derived from this software 21 1.1 elric * without specific prior written permission. 22 1.1 elric * 23 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 elric * SUCH DAMAGE. 34 1.1 elric */ 35 1.1 elric 36 1.1 elric #include "krb5_locl.h" 37 1.1 elric 38 1.1 elric #ifdef HAVE_SCC 39 1.1 elric 40 1.1 elric #include <sqlite3.h> 41 1.1 elric 42 1.1 elric typedef struct krb5_scache { 43 1.1 elric char *name; 44 1.1 elric char *file; 45 1.1 elric sqlite3 *db; 46 1.1 elric 47 1.1 elric sqlite_uint64 cid; 48 1.1 elric 49 1.1 elric sqlite3_stmt *icred; 50 1.1 elric sqlite3_stmt *dcred; 51 1.1 elric sqlite3_stmt *iprincipal; 52 1.1 elric 53 1.1 elric sqlite3_stmt *icache; 54 1.1 elric sqlite3_stmt *ucachen; 55 1.1 elric sqlite3_stmt *ucachep; 56 1.1 elric sqlite3_stmt *dcache; 57 1.1 elric sqlite3_stmt *scache; 58 1.1 elric sqlite3_stmt *scache_name; 59 1.1 elric sqlite3_stmt *umaster; 60 1.1 elric 61 1.1 elric } krb5_scache; 62 1.1 elric 63 1.1 elric #define SCACHE(X) ((krb5_scache *)(X)->data.data) 64 1.1 elric 65 1.1 elric #define SCACHE_DEF_NAME "Default-cache" 66 1.1 elric #ifdef KRB5_USE_PATH_TOKENS 67 1.1 elric #define KRB5_SCACHE_DB "%{TEMP}/krb5scc_%{uid}" 68 1.1 elric #else 69 1.1 elric #define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}" 70 1.1 elric #endif 71 1.1 elric #define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB 72 1.1 elric 73 1.1 elric #define SCACHE_INVALID_CID ((sqlite_uint64)-1) 74 1.1 elric 75 1.1 elric /* 76 1.1 elric * 77 1.1 elric */ 78 1.1 elric 79 1.1 elric #define SQL_CMASTER "" \ 80 1.1 elric "CREATE TABLE master (" \ 81 1.1 elric "oid INTEGER PRIMARY KEY," \ 82 1.1 elric "version INTEGER NOT NULL," \ 83 1.1 elric "defaultcache TEXT NOT NULL" \ 84 1.1 elric ")" 85 1.1 elric 86 1.1 elric #define SQL_SETUP_MASTER \ 87 1.1 elric "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")" 88 1.1 elric #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2" 89 1.1 elric 90 1.1 elric #define SQL_CCACHE "" \ 91 1.1 elric "CREATE TABLE caches (" \ 92 1.1 elric "oid INTEGER PRIMARY KEY," \ 93 1.1 elric "principal TEXT," \ 94 1.1 elric "name TEXT NOT NULL" \ 95 1.1 elric ")" 96 1.1 elric 97 1.1 elric #define SQL_TCACHE "" \ 98 1.1 elric "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \ 99 1.1 elric "FOR EACH ROW BEGIN " \ 100 1.1 elric "DELETE FROM credentials WHERE cid=old.oid;" \ 101 1.1 elric "END" 102 1.1 elric 103 1.1 elric #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)" 104 1.1 elric #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?" 105 1.1 elric #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?" 106 1.1 elric #define SQL_DCACHE "DELETE FROM caches WHERE OID=?" 107 1.1 elric #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?" 108 1.1 elric #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?" 109 1.1 elric 110 1.1 elric #define SQL_CCREDS "" \ 111 1.1 elric "CREATE TABLE credentials (" \ 112 1.1 elric "oid INTEGER PRIMARY KEY," \ 113 1.1 elric "cid INTEGER NOT NULL," \ 114 1.1 elric "kvno INTEGER NOT NULL," \ 115 1.1 elric "etype INTEGER NOT NULL," \ 116 1.1 elric "created_at INTEGER NOT NULL," \ 117 1.1 elric "cred BLOB NOT NULL" \ 118 1.1 elric ")" 119 1.1 elric 120 1.1 elric #define SQL_TCRED "" \ 121 1.1 elric "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \ 122 1.1 elric "FOR EACH ROW BEGIN " \ 123 1.1 elric "DELETE FROM principals WHERE credential_id=old.oid;" \ 124 1.1 elric "END" 125 1.1 elric 126 1.1 elric #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)" 127 1.1 elric #define SQL_DCRED "DELETE FROM credentials WHERE cid=?" 128 1.1 elric 129 1.1 elric #define SQL_CPRINCIPALS "" \ 130 1.1 elric "CREATE TABLE principals (" \ 131 1.1 elric "oid INTEGER PRIMARY KEY," \ 132 1.1 elric "principal TEXT NOT NULL," \ 133 1.1 elric "type INTEGER NOT NULL," \ 134 1.1 elric "credential_id INTEGER NOT NULL" \ 135 1.1 elric ")" 136 1.1 elric 137 1.1 elric #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)" 138 1.1 elric 139 1.1 elric /* 140 1.1 elric * sqlite destructors 141 1.1 elric */ 142 1.1 elric 143 1.1 elric static void 144 1.1 elric free_data(void *data) 145 1.1 elric { 146 1.1 elric free(data); 147 1.1 elric } 148 1.1 elric 149 1.1 elric static void 150 1.1 elric free_krb5(void *str) 151 1.1 elric { 152 1.1 elric krb5_xfree(str); 153 1.1 elric } 154 1.1 elric 155 1.1 elric static void 156 1.1 elric scc_free(krb5_scache *s) 157 1.1 elric { 158 1.1 elric if (s->file) 159 1.1 elric free(s->file); 160 1.1 elric if (s->name) 161 1.1 elric free(s->name); 162 1.1 elric 163 1.1 elric if (s->icred) 164 1.1 elric sqlite3_finalize(s->icred); 165 1.1 elric if (s->dcred) 166 1.1 elric sqlite3_finalize(s->dcred); 167 1.1 elric if (s->iprincipal) 168 1.1 elric sqlite3_finalize(s->iprincipal); 169 1.1 elric if (s->icache) 170 1.1 elric sqlite3_finalize(s->icache); 171 1.1 elric if (s->ucachen) 172 1.1 elric sqlite3_finalize(s->ucachen); 173 1.1 elric if (s->ucachep) 174 1.1 elric sqlite3_finalize(s->ucachep); 175 1.1 elric if (s->dcache) 176 1.1 elric sqlite3_finalize(s->dcache); 177 1.1 elric if (s->scache) 178 1.1 elric sqlite3_finalize(s->scache); 179 1.1 elric if (s->scache_name) 180 1.1 elric sqlite3_finalize(s->scache_name); 181 1.1 elric if (s->umaster) 182 1.1 elric sqlite3_finalize(s->umaster); 183 1.1 elric 184 1.1 elric if (s->db) 185 1.1 elric sqlite3_close(s->db); 186 1.1 elric free(s); 187 1.1 elric } 188 1.1 elric 189 1.1 elric #ifdef TRACEME 190 1.1 elric static void 191 1.1 elric trace(void* ptr, const char * str) 192 1.1 elric { 193 1.1 elric printf("SQL: %s\n", str); 194 1.1 elric } 195 1.1 elric #endif 196 1.1 elric 197 1.1 elric static krb5_error_code 198 1.1 elric prepare_stmt(krb5_context context, sqlite3 *db, 199 1.1 elric sqlite3_stmt **stmt, const char *str) 200 1.1 elric { 201 1.1 elric int ret; 202 1.1 elric 203 1.1 elric ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL); 204 1.1 elric if (ret != SQLITE_OK) { 205 1.1 elric krb5_set_error_message(context, ENOENT, 206 1.1 elric N_("Failed to prepare stmt %s: %s", ""), 207 1.1 elric str, sqlite3_errmsg(db)); 208 1.1 elric return ENOENT; 209 1.1 elric } 210 1.1 elric return 0; 211 1.1 elric } 212 1.1 elric 213 1.1 elric static krb5_error_code 214 1.1 elric exec_stmt(krb5_context context, sqlite3 *db, const char *str, 215 1.1 elric krb5_error_code code) 216 1.1 elric { 217 1.1 elric int ret; 218 1.1 elric 219 1.1 elric ret = sqlite3_exec(db, str, NULL, NULL, NULL); 220 1.1 elric if (ret != SQLITE_OK && code) { 221 1.1 elric krb5_set_error_message(context, code, 222 1.1 elric N_("scache execute %s: %s", ""), str, 223 1.1 elric sqlite3_errmsg(db)); 224 1.1 elric return code; 225 1.1 elric } 226 1.1 elric return 0; 227 1.1 elric } 228 1.1 elric 229 1.1 elric static krb5_error_code 230 1.1 elric default_db(krb5_context context, sqlite3 **db) 231 1.1 elric { 232 1.1 elric char *name; 233 1.1 elric int ret; 234 1.1 elric 235 1.1 elric ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name); 236 1.1 elric if (ret) 237 1.1 elric return ret; 238 1.1 elric 239 1.1 elric ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL); 240 1.1 elric free(name); 241 1.1 elric if (ret != SQLITE_OK) { 242 1.1 elric krb5_clear_error_message(context); 243 1.1 elric return ENOENT; 244 1.1 elric } 245 1.2 christos 246 1.1 elric #ifdef TRACEME 247 1.1 elric sqlite3_trace(*db, trace, NULL); 248 1.1 elric #endif 249 1.1 elric 250 1.1 elric return 0; 251 1.1 elric } 252 1.1 elric 253 1.1 elric static krb5_error_code 254 1.1 elric get_def_name(krb5_context context, char **str) 255 1.1 elric { 256 1.1 elric krb5_error_code ret; 257 1.1 elric sqlite3_stmt *stmt; 258 1.1 elric const char *name; 259 1.1 elric sqlite3 *db; 260 1.1 elric 261 1.1 elric ret = default_db(context, &db); 262 1.1 elric if (ret) 263 1.1 elric return ret; 264 1.1 elric 265 1.1 elric ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master"); 266 1.1 elric if (ret) { 267 1.1 elric sqlite3_close(db); 268 1.1 elric return ret; 269 1.1 elric } 270 1.1 elric 271 1.1 elric ret = sqlite3_step(stmt); 272 1.1 elric if (ret != SQLITE_ROW) 273 1.1 elric goto out; 274 1.1 elric 275 1.1 elric if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT) 276 1.1 elric goto out; 277 1.1 elric 278 1.1 elric name = (const char *)sqlite3_column_text(stmt, 0); 279 1.1 elric if (name == NULL) 280 1.1 elric goto out; 281 1.1 elric 282 1.1 elric *str = strdup(name); 283 1.1 elric if (*str == NULL) 284 1.1 elric goto out; 285 1.1 elric 286 1.1 elric sqlite3_finalize(stmt); 287 1.1 elric sqlite3_close(db); 288 1.1 elric return 0; 289 1.1 elric out: 290 1.1 elric sqlite3_finalize(stmt); 291 1.1 elric sqlite3_close(db); 292 1.1 elric krb5_clear_error_message(context); 293 1.1 elric return ENOENT; 294 1.1 elric } 295 1.1 elric 296 1.1 elric 297 1.1 elric 298 1.1 elric static krb5_scache * KRB5_CALLCONV 299 1.1 elric scc_alloc(krb5_context context, const char *name) 300 1.1 elric { 301 1.1 elric krb5_error_code ret; 302 1.1 elric krb5_scache *s; 303 1.1 elric 304 1.1 elric ALLOC(s, 1); 305 1.1 elric if(s == NULL) 306 1.1 elric return NULL; 307 1.1 elric 308 1.1 elric s->cid = SCACHE_INVALID_CID; 309 1.1 elric 310 1.1 elric if (name) { 311 1.1 elric char *file; 312 1.1 elric 313 1.1 elric if (*name == '\0') { 314 1.1 elric ret = get_def_name(context, &s->name); 315 1.1 elric if (ret) 316 1.1 elric s->name = strdup(SCACHE_DEF_NAME); 317 1.1 elric } else 318 1.1 elric s->name = strdup(name); 319 1.1 elric 320 1.1 elric file = strrchr(s->name, ':'); 321 1.1 elric if (file) { 322 1.1 elric *file++ = '\0'; 323 1.1 elric s->file = strdup(file); 324 1.1 elric ret = 0; 325 1.1 elric } else { 326 1.1 elric ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file); 327 1.1 elric } 328 1.1 elric } else { 329 1.1 elric _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file); 330 1.1 elric ret = asprintf(&s->name, "unique-%p", s); 331 1.1 elric } 332 1.1 elric if (ret < 0 || s->file == NULL || s->name == NULL) { 333 1.1 elric scc_free(s); 334 1.1 elric return NULL; 335 1.1 elric } 336 1.1 elric 337 1.1 elric return s; 338 1.1 elric } 339 1.1 elric 340 1.1 elric static krb5_error_code 341 1.1 elric open_database(krb5_context context, krb5_scache *s, int flags) 342 1.1 elric { 343 1.1 elric int ret; 344 1.1 elric 345 1.1 elric ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL); 346 1.1 elric if (ret) { 347 1.1 elric if (s->db) { 348 1.1 elric krb5_set_error_message(context, ENOENT, 349 1.1 elric N_("Error opening scache file %s: %s", ""), 350 1.1 elric s->file, sqlite3_errmsg(s->db)); 351 1.1 elric sqlite3_close(s->db); 352 1.1 elric s->db = NULL; 353 1.1 elric } else 354 1.1 elric krb5_set_error_message(context, ENOENT, 355 1.1 elric N_("malloc: out of memory", "")); 356 1.1 elric return ENOENT; 357 1.1 elric } 358 1.1 elric return 0; 359 1.1 elric } 360 1.1 elric 361 1.1 elric static krb5_error_code 362 1.1 elric create_cache(krb5_context context, krb5_scache *s) 363 1.1 elric { 364 1.1 elric int ret; 365 1.1 elric 366 1.1 elric sqlite3_bind_text(s->icache, 1, s->name, -1, NULL); 367 1.1 elric do { 368 1.1 elric ret = sqlite3_step(s->icache); 369 1.1 elric } while (ret == SQLITE_ROW); 370 1.1 elric if (ret != SQLITE_DONE) { 371 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 372 1.1 elric N_("Failed to add scache: %d", ""), ret); 373 1.1 elric return KRB5_CC_IO; 374 1.1 elric } 375 1.1 elric sqlite3_reset(s->icache); 376 1.1 elric 377 1.1 elric s->cid = sqlite3_last_insert_rowid(s->db); 378 1.1 elric 379 1.1 elric return 0; 380 1.1 elric } 381 1.1 elric 382 1.1 elric static krb5_error_code 383 1.1 elric make_database(krb5_context context, krb5_scache *s) 384 1.1 elric { 385 1.1 elric int created_file = 0; 386 1.1 elric int ret; 387 1.1 elric 388 1.1 elric if (s->db) 389 1.1 elric return 0; 390 1.1 elric 391 1.1 elric ret = open_database(context, s, 0); 392 1.1 elric if (ret) { 393 1.1 elric mode_t oldumask = umask(077); 394 1.1 elric ret = open_database(context, s, SQLITE_OPEN_CREATE); 395 1.1 elric umask(oldumask); 396 1.1 elric if (ret) goto out; 397 1.1 elric 398 1.1 elric created_file = 1; 399 1.1 elric 400 1.1 elric ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO); 401 1.1 elric if (ret) goto out; 402 1.1 elric ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO); 403 1.1 elric if (ret) goto out; 404 1.1 elric ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO); 405 1.1 elric if (ret) goto out; 406 1.1 elric ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO); 407 1.1 elric if (ret) goto out; 408 1.1 elric ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO); 409 1.1 elric if (ret) goto out; 410 1.1 elric 411 1.1 elric ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO); 412 1.1 elric if (ret) goto out; 413 1.1 elric ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO); 414 1.1 elric if (ret) goto out; 415 1.1 elric } 416 1.1 elric 417 1.1 elric #ifdef TRACEME 418 1.1 elric sqlite3_trace(s->db, trace, NULL); 419 1.1 elric #endif 420 1.1 elric 421 1.1 elric ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED); 422 1.1 elric if (ret) goto out; 423 1.1 elric ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED); 424 1.1 elric if (ret) goto out; 425 1.1 elric ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL); 426 1.1 elric if (ret) goto out; 427 1.1 elric ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE); 428 1.1 elric if (ret) goto out; 429 1.1 elric ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME); 430 1.1 elric if (ret) goto out; 431 1.1 elric ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL); 432 1.1 elric if (ret) goto out; 433 1.1 elric ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE); 434 1.1 elric if (ret) goto out; 435 1.1 elric ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE); 436 1.1 elric if (ret) goto out; 437 1.1 elric ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME); 438 1.1 elric if (ret) goto out; 439 1.1 elric ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER); 440 1.1 elric if (ret) goto out; 441 1.1 elric 442 1.1 elric return 0; 443 1.1 elric 444 1.1 elric out: 445 1.1 elric if (s->db) 446 1.1 elric sqlite3_close(s->db); 447 1.1 elric if (created_file) 448 1.1 elric unlink(s->file); 449 1.1 elric 450 1.1 elric return ret; 451 1.1 elric } 452 1.1 elric 453 1.1 elric static krb5_error_code 454 1.1 elric bind_principal(krb5_context context, 455 1.1 elric sqlite3 *db, 456 1.1 elric sqlite3_stmt *stmt, 457 1.1 elric int col, 458 1.1 elric krb5_const_principal principal) 459 1.1 elric { 460 1.1 elric krb5_error_code ret; 461 1.1 elric char *str; 462 1.1 elric 463 1.1 elric ret = krb5_unparse_name(context, principal, &str); 464 1.1 elric if (ret) 465 1.1 elric return ret; 466 1.1 elric 467 1.1 elric ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5); 468 1.1 elric if (ret != SQLITE_OK) { 469 1.1 elric krb5_xfree(str); 470 1.1 elric krb5_set_error_message(context, ENOMEM, 471 1.1 elric N_("scache bind principal: %s", ""), 472 1.1 elric sqlite3_errmsg(db)); 473 1.1 elric return ENOMEM; 474 1.1 elric } 475 1.1 elric return 0; 476 1.1 elric } 477 1.1 elric 478 1.1 elric /* 479 1.1 elric * 480 1.1 elric */ 481 1.1 elric 482 1.1 elric static const char* KRB5_CALLCONV 483 1.1 elric scc_get_name(krb5_context context, 484 1.1 elric krb5_ccache id) 485 1.1 elric { 486 1.1 elric return SCACHE(id)->name; 487 1.1 elric } 488 1.1 elric 489 1.1 elric static krb5_error_code KRB5_CALLCONV 490 1.1 elric scc_resolve(krb5_context context, krb5_ccache *id, const char *res) 491 1.1 elric { 492 1.1 elric krb5_scache *s; 493 1.1 elric int ret; 494 1.1 elric 495 1.1 elric s = scc_alloc(context, res); 496 1.1 elric if (s == NULL) { 497 1.1 elric krb5_set_error_message(context, KRB5_CC_NOMEM, 498 1.1 elric N_("malloc: out of memory", "")); 499 1.1 elric return KRB5_CC_NOMEM; 500 1.1 elric } 501 1.1 elric 502 1.1 elric ret = make_database(context, s); 503 1.1 elric if (ret) { 504 1.1 elric scc_free(s); 505 1.1 elric return ret; 506 1.1 elric } 507 1.1 elric 508 1.1 elric ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL); 509 1.1 elric if (ret != SQLITE_OK) { 510 1.1 elric krb5_set_error_message(context, ENOMEM, 511 1.1 elric "bind name: %s", sqlite3_errmsg(s->db)); 512 1.1 elric scc_free(s); 513 1.1 elric return ENOMEM; 514 1.1 elric } 515 1.1 elric 516 1.1 elric if (sqlite3_step(s->scache_name) == SQLITE_ROW) { 517 1.1 elric 518 1.1 elric if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) { 519 1.1 elric sqlite3_reset(s->scache_name); 520 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 521 1.1 elric N_("Cache name of wrong type " 522 1.2 christos "for scache %s", ""), 523 1.2 christos s->name); 524 1.1 elric scc_free(s); 525 1.1 elric return KRB5_CC_END; 526 1.1 elric } 527 1.1 elric 528 1.1 elric s->cid = sqlite3_column_int(s->scache_name, 0); 529 1.1 elric } else { 530 1.1 elric s->cid = SCACHE_INVALID_CID; 531 1.1 elric } 532 1.1 elric sqlite3_reset(s->scache_name); 533 1.1 elric 534 1.1 elric (*id)->data.data = s; 535 1.1 elric (*id)->data.length = sizeof(*s); 536 1.1 elric 537 1.1 elric return 0; 538 1.1 elric } 539 1.1 elric 540 1.1 elric static krb5_error_code KRB5_CALLCONV 541 1.1 elric scc_gen_new(krb5_context context, krb5_ccache *id) 542 1.1 elric { 543 1.1 elric krb5_scache *s; 544 1.1 elric 545 1.1 elric s = scc_alloc(context, NULL); 546 1.1 elric 547 1.1 elric if (s == NULL) { 548 1.1 elric krb5_set_error_message(context, KRB5_CC_NOMEM, 549 1.1 elric N_("malloc: out of memory", "")); 550 1.1 elric return KRB5_CC_NOMEM; 551 1.1 elric } 552 1.1 elric 553 1.1 elric (*id)->data.data = s; 554 1.1 elric (*id)->data.length = sizeof(*s); 555 1.1 elric 556 1.1 elric return 0; 557 1.1 elric } 558 1.1 elric 559 1.1 elric static krb5_error_code KRB5_CALLCONV 560 1.1 elric scc_initialize(krb5_context context, 561 1.1 elric krb5_ccache id, 562 1.1 elric krb5_principal primary_principal) 563 1.1 elric { 564 1.1 elric krb5_scache *s = SCACHE(id); 565 1.1 elric krb5_error_code ret; 566 1.1 elric 567 1.1 elric ret = make_database(context, s); 568 1.1 elric if (ret) 569 1.1 elric return ret; 570 1.1 elric 571 1.1 elric ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); 572 1.1 elric if (ret) return ret; 573 1.1 elric 574 1.1 elric if (s->cid == SCACHE_INVALID_CID) { 575 1.1 elric ret = create_cache(context, s); 576 1.1 elric if (ret) 577 1.1 elric goto rollback; 578 1.1 elric } else { 579 1.1 elric sqlite3_bind_int(s->dcred, 1, s->cid); 580 1.1 elric do { 581 1.1 elric ret = sqlite3_step(s->dcred); 582 1.1 elric } while (ret == SQLITE_ROW); 583 1.1 elric sqlite3_reset(s->dcred); 584 1.1 elric if (ret != SQLITE_DONE) { 585 1.1 elric ret = KRB5_CC_IO; 586 1.1 elric krb5_set_error_message(context, ret, 587 1.1 elric N_("Failed to delete old " 588 1.1 elric "credentials: %s", ""), 589 1.1 elric sqlite3_errmsg(s->db)); 590 1.1 elric goto rollback; 591 1.1 elric } 592 1.1 elric } 593 1.1 elric 594 1.1 elric ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal); 595 1.1 elric if (ret) 596 1.1 elric goto rollback; 597 1.1 elric sqlite3_bind_int(s->ucachep, 2, s->cid); 598 1.1 elric 599 1.1 elric do { 600 1.1 elric ret = sqlite3_step(s->ucachep); 601 1.1 elric } while (ret == SQLITE_ROW); 602 1.1 elric sqlite3_reset(s->ucachep); 603 1.1 elric if (ret != SQLITE_DONE) { 604 1.1 elric ret = KRB5_CC_IO; 605 1.1 elric krb5_set_error_message(context, ret, 606 1.1 elric N_("Failed to bind principal to cache %s", ""), 607 1.1 elric sqlite3_errmsg(s->db)); 608 1.1 elric goto rollback; 609 1.1 elric } 610 1.1 elric 611 1.1 elric ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO); 612 1.1 elric if (ret) return ret; 613 1.1 elric 614 1.1 elric return 0; 615 1.1 elric 616 1.1 elric rollback: 617 1.1 elric exec_stmt(context, s->db, "ROLLBACK", 0); 618 1.1 elric 619 1.1 elric return ret; 620 1.1 elric 621 1.1 elric } 622 1.1 elric 623 1.1 elric static krb5_error_code KRB5_CALLCONV 624 1.1 elric scc_close(krb5_context context, 625 1.1 elric krb5_ccache id) 626 1.1 elric { 627 1.1 elric scc_free(SCACHE(id)); 628 1.1 elric return 0; 629 1.1 elric } 630 1.1 elric 631 1.1 elric static krb5_error_code KRB5_CALLCONV 632 1.1 elric scc_destroy(krb5_context context, 633 1.1 elric krb5_ccache id) 634 1.1 elric { 635 1.1 elric krb5_scache *s = SCACHE(id); 636 1.1 elric int ret; 637 1.1 elric 638 1.1 elric if (s->cid == SCACHE_INVALID_CID) 639 1.1 elric return 0; 640 1.1 elric 641 1.1 elric sqlite3_bind_int(s->dcache, 1, s->cid); 642 1.1 elric do { 643 1.1 elric ret = sqlite3_step(s->dcache); 644 1.1 elric } while (ret == SQLITE_ROW); 645 1.1 elric sqlite3_reset(s->dcache); 646 1.1 elric if (ret != SQLITE_DONE) { 647 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 648 1.1 elric N_("Failed to destroy cache %s: %s", ""), 649 1.1 elric s->name, sqlite3_errmsg(s->db)); 650 1.1 elric return KRB5_CC_IO; 651 1.1 elric } 652 1.1 elric return 0; 653 1.1 elric } 654 1.1 elric 655 1.1 elric static krb5_error_code 656 1.1 elric encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data) 657 1.1 elric { 658 1.1 elric krb5_error_code ret; 659 1.1 elric krb5_storage *sp; 660 1.1 elric 661 1.2 christos krb5_data_zero(data); 662 1.1 elric sp = krb5_storage_emem(); 663 1.2 christos if (sp == NULL) 664 1.2 christos return krb5_enomem(context); 665 1.1 elric 666 1.1 elric ret = krb5_store_creds(sp, creds); 667 1.1 elric if (ret) { 668 1.1 elric krb5_set_error_message(context, ret, 669 1.1 elric N_("Failed to store credential in scache", "")); 670 1.1 elric krb5_storage_free(sp); 671 1.1 elric return ret; 672 1.1 elric } 673 1.1 elric 674 1.1 elric ret = krb5_storage_to_data(sp, data); 675 1.1 elric krb5_storage_free(sp); 676 1.1 elric if (ret) 677 1.1 elric krb5_set_error_message(context, ret, 678 1.1 elric N_("Failed to encode credential in scache", "")); 679 1.1 elric return ret; 680 1.1 elric } 681 1.1 elric 682 1.1 elric static krb5_error_code 683 1.1 elric decode_creds(krb5_context context, const void *data, size_t length, 684 1.1 elric krb5_creds *creds) 685 1.1 elric { 686 1.1 elric krb5_error_code ret; 687 1.1 elric krb5_storage *sp; 688 1.1 elric 689 1.1 elric sp = krb5_storage_from_readonly_mem(data, length); 690 1.2 christos if (sp == NULL) 691 1.2 christos return krb5_enomem(context); 692 1.1 elric 693 1.1 elric ret = krb5_ret_creds(sp, creds); 694 1.1 elric krb5_storage_free(sp); 695 1.1 elric if (ret) { 696 1.1 elric krb5_set_error_message(context, ret, 697 1.1 elric N_("Failed to read credential in scache", "")); 698 1.1 elric return ret; 699 1.1 elric } 700 1.1 elric return 0; 701 1.1 elric } 702 1.1 elric 703 1.1 elric 704 1.1 elric static krb5_error_code KRB5_CALLCONV 705 1.1 elric scc_store_cred(krb5_context context, 706 1.1 elric krb5_ccache id, 707 1.1 elric krb5_creds *creds) 708 1.1 elric { 709 1.1 elric sqlite_uint64 credid; 710 1.1 elric krb5_scache *s = SCACHE(id); 711 1.1 elric krb5_error_code ret; 712 1.1 elric krb5_data data; 713 1.1 elric 714 1.1 elric ret = make_database(context, s); 715 1.1 elric if (ret) 716 1.1 elric return ret; 717 1.1 elric 718 1.1 elric ret = encode_creds(context, creds, &data); 719 1.1 elric if (ret) 720 1.1 elric return ret; 721 1.1 elric 722 1.1 elric sqlite3_bind_int(s->icred, 1, s->cid); 723 1.1 elric { 724 1.1 elric krb5_enctype etype = 0; 725 1.1 elric int kvno = 0; 726 1.1 elric Ticket t; 727 1.1 elric size_t len; 728 1.1 elric 729 1.1 elric ret = decode_Ticket(creds->ticket.data, 730 1.1 elric creds->ticket.length, &t, &len); 731 1.1 elric if (ret == 0) { 732 1.1 elric if(t.enc_part.kvno) 733 1.1 elric kvno = *t.enc_part.kvno; 734 1.1 elric 735 1.1 elric etype = t.enc_part.etype; 736 1.1 elric 737 1.1 elric free_Ticket(&t); 738 1.1 elric } 739 1.1 elric 740 1.1 elric sqlite3_bind_int(s->icred, 2, kvno); 741 1.1 elric sqlite3_bind_int(s->icred, 3, etype); 742 1.1 elric 743 1.1 elric } 744 1.1 elric 745 1.1 elric sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data); 746 1.1 elric sqlite3_bind_int(s->icred, 5, time(NULL)); 747 1.1 elric 748 1.1 elric ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); 749 1.1 elric if (ret) return ret; 750 1.1 elric 751 1.1 elric do { 752 1.1 elric ret = sqlite3_step(s->icred); 753 1.1 elric } while (ret == SQLITE_ROW); 754 1.1 elric sqlite3_reset(s->icred); 755 1.1 elric if (ret != SQLITE_DONE) { 756 1.1 elric ret = KRB5_CC_IO; 757 1.1 elric krb5_set_error_message(context, ret, 758 1.1 elric N_("Failed to add credential: %s", ""), 759 1.1 elric sqlite3_errmsg(s->db)); 760 1.1 elric goto rollback; 761 1.1 elric } 762 1.1 elric 763 1.1 elric credid = sqlite3_last_insert_rowid(s->db); 764 1.1 elric 765 1.1 elric { 766 1.1 elric bind_principal(context, s->db, s->iprincipal, 1, creds->server); 767 1.1 elric sqlite3_bind_int(s->iprincipal, 2, 1); 768 1.1 elric sqlite3_bind_int(s->iprincipal, 3, credid); 769 1.2 christos 770 1.1 elric do { 771 1.1 elric ret = sqlite3_step(s->iprincipal); 772 1.1 elric } while (ret == SQLITE_ROW); 773 1.1 elric sqlite3_reset(s->iprincipal); 774 1.1 elric if (ret != SQLITE_DONE) { 775 1.1 elric ret = KRB5_CC_IO; 776 1.1 elric krb5_set_error_message(context, ret, 777 1.1 elric N_("Failed to add principal: %s", ""), 778 1.1 elric sqlite3_errmsg(s->db)); 779 1.1 elric goto rollback; 780 1.1 elric } 781 1.1 elric } 782 1.1 elric 783 1.1 elric { 784 1.1 elric bind_principal(context, s->db, s->iprincipal, 1, creds->client); 785 1.1 elric sqlite3_bind_int(s->iprincipal, 2, 0); 786 1.1 elric sqlite3_bind_int(s->iprincipal, 3, credid); 787 1.2 christos 788 1.1 elric do { 789 1.1 elric ret = sqlite3_step(s->iprincipal); 790 1.1 elric } while (ret == SQLITE_ROW); 791 1.1 elric sqlite3_reset(s->iprincipal); 792 1.1 elric if (ret != SQLITE_DONE) { 793 1.1 elric ret = KRB5_CC_IO; 794 1.1 elric krb5_set_error_message(context, ret, 795 1.1 elric N_("Failed to add principal: %s", ""), 796 1.1 elric sqlite3_errmsg(s->db)); 797 1.1 elric goto rollback; 798 1.1 elric } 799 1.1 elric } 800 1.1 elric 801 1.1 elric ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO); 802 1.1 elric if (ret) return ret; 803 1.1 elric 804 1.1 elric return 0; 805 1.1 elric 806 1.1 elric rollback: 807 1.1 elric exec_stmt(context, s->db, "ROLLBACK", 0); 808 1.1 elric 809 1.1 elric return ret; 810 1.1 elric } 811 1.1 elric 812 1.1 elric static krb5_error_code KRB5_CALLCONV 813 1.1 elric scc_get_principal(krb5_context context, 814 1.1 elric krb5_ccache id, 815 1.1 elric krb5_principal *principal) 816 1.1 elric { 817 1.1 elric krb5_scache *s = SCACHE(id); 818 1.1 elric krb5_error_code ret; 819 1.1 elric const char *str; 820 1.1 elric 821 1.1 elric *principal = NULL; 822 1.1 elric 823 1.1 elric ret = make_database(context, s); 824 1.1 elric if (ret) 825 1.1 elric return ret; 826 1.1 elric 827 1.1 elric sqlite3_bind_int(s->scache, 1, s->cid); 828 1.1 elric 829 1.1 elric if (sqlite3_step(s->scache) != SQLITE_ROW) { 830 1.1 elric sqlite3_reset(s->scache); 831 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 832 1.1 elric N_("No principal for cache SCC:%s:%s", ""), 833 1.1 elric s->name, s->file); 834 1.1 elric return KRB5_CC_END; 835 1.1 elric } 836 1.2 christos 837 1.1 elric if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) { 838 1.1 elric sqlite3_reset(s->scache); 839 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 840 1.1 elric N_("Principal data of wrong type " 841 1.1 elric "for SCC:%s:%s", ""), 842 1.1 elric s->name, s->file); 843 1.1 elric return KRB5_CC_END; 844 1.1 elric } 845 1.1 elric 846 1.1 elric str = (const char *)sqlite3_column_text(s->scache, 0); 847 1.1 elric if (str == NULL) { 848 1.1 elric sqlite3_reset(s->scache); 849 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 850 1.1 elric N_("Principal not set for SCC:%s:%s", ""), 851 1.1 elric s->name, s->file); 852 1.1 elric return KRB5_CC_END; 853 1.1 elric } 854 1.1 elric 855 1.1 elric ret = krb5_parse_name(context, str, principal); 856 1.1 elric 857 1.1 elric sqlite3_reset(s->scache); 858 1.1 elric 859 1.1 elric return ret; 860 1.1 elric } 861 1.1 elric 862 1.1 elric struct cred_ctx { 863 1.1 elric char *drop; 864 1.1 elric sqlite3_stmt *stmt; 865 1.1 elric sqlite3_stmt *credstmt; 866 1.1 elric }; 867 1.1 elric 868 1.1 elric static krb5_error_code KRB5_CALLCONV 869 1.1 elric scc_get_first (krb5_context context, 870 1.1 elric krb5_ccache id, 871 1.1 elric krb5_cc_cursor *cursor) 872 1.1 elric { 873 1.1 elric krb5_scache *s = SCACHE(id); 874 1.1 elric krb5_error_code ret; 875 1.1 elric struct cred_ctx *ctx; 876 1.1 elric char *str = NULL, *name = NULL; 877 1.1 elric 878 1.1 elric *cursor = NULL; 879 1.1 elric 880 1.1 elric ctx = calloc(1, sizeof(*ctx)); 881 1.2 christos if (ctx == NULL) 882 1.2 christos return krb5_enomem(context); 883 1.1 elric 884 1.1 elric ret = make_database(context, s); 885 1.1 elric if (ret) { 886 1.1 elric free(ctx); 887 1.1 elric return ret; 888 1.1 elric } 889 1.1 elric 890 1.1 elric if (s->cid == SCACHE_INVALID_CID) { 891 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 892 1.1 elric N_("Iterating a invalid scache %s", ""), 893 1.1 elric s->name); 894 1.1 elric free(ctx); 895 1.1 elric return KRB5_CC_END; 896 1.1 elric } 897 1.1 elric 898 1.2 christos ret = asprintf(&name, "credIteration%pPid%d", 899 1.2 christos ctx, (int)getpid()); 900 1.1 elric if (ret < 0 || name == NULL) { 901 1.1 elric free(ctx); 902 1.2 christos return krb5_enomem(context); 903 1.1 elric } 904 1.1 elric 905 1.1 elric ret = asprintf(&ctx->drop, "DROP TABLE %s", name); 906 1.1 elric if (ret < 0 || ctx->drop == NULL) { 907 1.1 elric free(name); 908 1.1 elric free(ctx); 909 1.2 christos return krb5_enomem(context); 910 1.1 elric } 911 1.1 elric 912 1.1 elric ret = asprintf(&str, "CREATE TEMPORARY TABLE %s " 913 1.1 elric "AS SELECT oid,created_at FROM credentials WHERE cid = %lu", 914 1.1 elric name, (unsigned long)s->cid); 915 1.1 elric if (ret < 0 || str == NULL) { 916 1.1 elric free(ctx->drop); 917 1.1 elric free(name); 918 1.1 elric free(ctx); 919 1.2 christos return krb5_enomem(context); 920 1.1 elric } 921 1.1 elric 922 1.1 elric ret = exec_stmt(context, s->db, str, KRB5_CC_IO); 923 1.1 elric free(str); 924 1.1 elric str = NULL; 925 1.1 elric if (ret) { 926 1.1 elric free(ctx->drop); 927 1.1 elric free(name); 928 1.1 elric free(ctx); 929 1.1 elric return ret; 930 1.1 elric } 931 1.1 elric 932 1.1 elric ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name); 933 1.1 elric if (ret < 0 || str == NULL) { 934 1.1 elric exec_stmt(context, s->db, ctx->drop, 0); 935 1.1 elric free(ctx->drop); 936 1.1 elric free(name); 937 1.1 elric free(ctx); 938 1.1 elric return ret; 939 1.1 elric } 940 1.1 elric 941 1.1 elric ret = prepare_stmt(context, s->db, &ctx->stmt, str); 942 1.1 elric free(str); 943 1.1 elric str = NULL; 944 1.1 elric free(name); 945 1.1 elric if (ret) { 946 1.1 elric exec_stmt(context, s->db, ctx->drop, 0); 947 1.1 elric free(ctx->drop); 948 1.1 elric free(ctx); 949 1.1 elric return ret; 950 1.1 elric } 951 1.1 elric 952 1.1 elric ret = prepare_stmt(context, s->db, &ctx->credstmt, 953 1.1 elric "SELECT cred FROM credentials WHERE oid = ?"); 954 1.1 elric if (ret) { 955 1.1 elric sqlite3_finalize(ctx->stmt); 956 1.1 elric exec_stmt(context, s->db, ctx->drop, 0); 957 1.1 elric free(ctx->drop); 958 1.1 elric free(ctx); 959 1.1 elric return ret; 960 1.1 elric } 961 1.1 elric 962 1.1 elric *cursor = ctx; 963 1.1 elric 964 1.1 elric return 0; 965 1.1 elric } 966 1.1 elric 967 1.1 elric static krb5_error_code KRB5_CALLCONV 968 1.1 elric scc_get_next (krb5_context context, 969 1.1 elric krb5_ccache id, 970 1.1 elric krb5_cc_cursor *cursor, 971 1.1 elric krb5_creds *creds) 972 1.1 elric { 973 1.1 elric struct cred_ctx *ctx = *cursor; 974 1.1 elric krb5_scache *s = SCACHE(id); 975 1.1 elric krb5_error_code ret; 976 1.1 elric sqlite_uint64 oid; 977 1.1 elric const void *data = NULL; 978 1.1 elric size_t len = 0; 979 1.1 elric 980 1.1 elric next: 981 1.1 elric ret = sqlite3_step(ctx->stmt); 982 1.1 elric if (ret == SQLITE_DONE) { 983 1.1 elric krb5_clear_error_message(context); 984 1.1 elric return KRB5_CC_END; 985 1.1 elric } else if (ret != SQLITE_ROW) { 986 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 987 1.1 elric N_("scache Database failed: %s", ""), 988 1.1 elric sqlite3_errmsg(s->db)); 989 1.1 elric return KRB5_CC_IO; 990 1.1 elric } 991 1.1 elric 992 1.1 elric oid = sqlite3_column_int64(ctx->stmt, 0); 993 1.1 elric 994 1.1 elric /* read cred from credentials table */ 995 1.1 elric 996 1.1 elric sqlite3_bind_int(ctx->credstmt, 1, oid); 997 1.1 elric 998 1.1 elric ret = sqlite3_step(ctx->credstmt); 999 1.1 elric if (ret != SQLITE_ROW) { 1000 1.1 elric sqlite3_reset(ctx->credstmt); 1001 1.1 elric goto next; 1002 1.1 elric } 1003 1.1 elric 1004 1.1 elric if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) { 1005 1.1 elric krb5_set_error_message(context, KRB5_CC_END, 1006 1.1 elric N_("credential of wrong type for SCC:%s:%s", ""), 1007 1.1 elric s->name, s->file); 1008 1.1 elric sqlite3_reset(ctx->credstmt); 1009 1.1 elric return KRB5_CC_END; 1010 1.1 elric } 1011 1.1 elric 1012 1.1 elric data = sqlite3_column_blob(ctx->credstmt, 0); 1013 1.1 elric len = sqlite3_column_bytes(ctx->credstmt, 0); 1014 1.1 elric 1015 1.1 elric ret = decode_creds(context, data, len, creds); 1016 1.1 elric sqlite3_reset(ctx->credstmt); 1017 1.1 elric return ret; 1018 1.1 elric } 1019 1.1 elric 1020 1.1 elric static krb5_error_code KRB5_CALLCONV 1021 1.1 elric scc_end_get (krb5_context context, 1022 1.1 elric krb5_ccache id, 1023 1.1 elric krb5_cc_cursor *cursor) 1024 1.1 elric { 1025 1.1 elric struct cred_ctx *ctx = *cursor; 1026 1.1 elric krb5_scache *s = SCACHE(id); 1027 1.1 elric 1028 1.1 elric sqlite3_finalize(ctx->stmt); 1029 1.1 elric sqlite3_finalize(ctx->credstmt); 1030 1.1 elric 1031 1.1 elric exec_stmt(context, s->db, ctx->drop, 0); 1032 1.1 elric 1033 1.1 elric free(ctx->drop); 1034 1.1 elric free(ctx); 1035 1.1 elric 1036 1.1 elric return 0; 1037 1.1 elric } 1038 1.1 elric 1039 1.1 elric static krb5_error_code KRB5_CALLCONV 1040 1.1 elric scc_remove_cred(krb5_context context, 1041 1.1 elric krb5_ccache id, 1042 1.1 elric krb5_flags which, 1043 1.1 elric krb5_creds *mcreds) 1044 1.1 elric { 1045 1.1 elric krb5_scache *s = SCACHE(id); 1046 1.1 elric krb5_error_code ret; 1047 1.1 elric sqlite3_stmt *stmt; 1048 1.1 elric sqlite_uint64 credid = 0; 1049 1.1 elric const void *data = NULL; 1050 1.1 elric size_t len = 0; 1051 1.1 elric 1052 1.1 elric ret = make_database(context, s); 1053 1.1 elric if (ret) 1054 1.1 elric return ret; 1055 1.1 elric 1056 1.1 elric ret = prepare_stmt(context, s->db, &stmt, 1057 1.1 elric "SELECT cred,oid FROM credentials " 1058 1.1 elric "WHERE cid = ?"); 1059 1.1 elric if (ret) 1060 1.1 elric return ret; 1061 1.1 elric 1062 1.1 elric sqlite3_bind_int(stmt, 1, s->cid); 1063 1.1 elric 1064 1.1 elric /* find credential... */ 1065 1.1 elric while (1) { 1066 1.1 elric krb5_creds creds; 1067 1.1 elric 1068 1.1 elric ret = sqlite3_step(stmt); 1069 1.1 elric if (ret == SQLITE_DONE) { 1070 1.1 elric ret = 0; 1071 1.1 elric break; 1072 1.1 elric } else if (ret != SQLITE_ROW) { 1073 1.1 elric ret = KRB5_CC_IO; 1074 1.1 elric krb5_set_error_message(context, ret, 1075 1.1 elric N_("scache Database failed: %s", ""), 1076 1.1 elric sqlite3_errmsg(s->db)); 1077 1.1 elric break; 1078 1.1 elric } 1079 1.1 elric 1080 1.1 elric if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) { 1081 1.1 elric ret = KRB5_CC_END; 1082 1.1 elric krb5_set_error_message(context, ret, 1083 1.1 elric N_("Credential of wrong type " 1084 1.1 elric "for SCC:%s:%s", ""), 1085 1.1 elric s->name, s->file); 1086 1.1 elric break; 1087 1.1 elric } 1088 1.1 elric 1089 1.1 elric data = sqlite3_column_blob(stmt, 0); 1090 1.1 elric len = sqlite3_column_bytes(stmt, 0); 1091 1.1 elric 1092 1.1 elric ret = decode_creds(context, data, len, &creds); 1093 1.1 elric if (ret) 1094 1.1 elric break; 1095 1.2 christos 1096 1.1 elric ret = krb5_compare_creds(context, which, mcreds, &creds); 1097 1.1 elric krb5_free_cred_contents(context, &creds); 1098 1.1 elric if (ret) { 1099 1.1 elric credid = sqlite3_column_int64(stmt, 1); 1100 1.1 elric ret = 0; 1101 1.1 elric break; 1102 1.1 elric } 1103 1.1 elric } 1104 1.1 elric 1105 1.1 elric sqlite3_finalize(stmt); 1106 1.1 elric 1107 1.1 elric if (id) { 1108 1.1 elric ret = prepare_stmt(context, s->db, &stmt, 1109 1.1 elric "DELETE FROM credentials WHERE oid=?"); 1110 1.1 elric if (ret) 1111 1.1 elric return ret; 1112 1.1 elric sqlite3_bind_int(stmt, 1, credid); 1113 1.1 elric 1114 1.1 elric do { 1115 1.1 elric ret = sqlite3_step(stmt); 1116 1.1 elric } while (ret == SQLITE_ROW); 1117 1.1 elric sqlite3_finalize(stmt); 1118 1.1 elric if (ret != SQLITE_DONE) { 1119 1.1 elric ret = KRB5_CC_IO; 1120 1.1 elric krb5_set_error_message(context, ret, 1121 1.1 elric N_("failed to delete scache credental", "")); 1122 1.1 elric } else 1123 1.1 elric ret = 0; 1124 1.1 elric } 1125 1.1 elric 1126 1.1 elric return ret; 1127 1.1 elric } 1128 1.1 elric 1129 1.1 elric static krb5_error_code KRB5_CALLCONV 1130 1.1 elric scc_set_flags(krb5_context context, 1131 1.1 elric krb5_ccache id, 1132 1.1 elric krb5_flags flags) 1133 1.1 elric { 1134 1.1 elric return 0; /* XXX */ 1135 1.1 elric } 1136 1.2 christos 1137 1.1 elric struct cache_iter { 1138 1.1 elric char *drop; 1139 1.1 elric sqlite3 *db; 1140 1.1 elric sqlite3_stmt *stmt; 1141 1.1 elric }; 1142 1.1 elric 1143 1.1 elric static krb5_error_code KRB5_CALLCONV 1144 1.1 elric scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 1145 1.1 elric { 1146 1.1 elric struct cache_iter *ctx; 1147 1.1 elric krb5_error_code ret; 1148 1.1 elric char *name = NULL, *str = NULL; 1149 1.1 elric 1150 1.1 elric *cursor = NULL; 1151 1.1 elric 1152 1.1 elric ctx = calloc(1, sizeof(*ctx)); 1153 1.2 christos if (ctx == NULL) 1154 1.2 christos return krb5_enomem(context); 1155 1.1 elric 1156 1.1 elric ret = default_db(context, &ctx->db); 1157 1.1 elric if (ctx->db == NULL) { 1158 1.1 elric free(ctx); 1159 1.1 elric return ret; 1160 1.1 elric } 1161 1.1 elric 1162 1.2 christos ret = asprintf(&name, "cacheIteration%pPid%d", 1163 1.2 christos ctx, (int)getpid()); 1164 1.1 elric if (ret < 0 || name == NULL) { 1165 1.1 elric sqlite3_close(ctx->db); 1166 1.1 elric free(ctx); 1167 1.2 christos return krb5_enomem(context); 1168 1.1 elric } 1169 1.1 elric 1170 1.1 elric ret = asprintf(&ctx->drop, "DROP TABLE %s", name); 1171 1.1 elric if (ret < 0 || ctx->drop == NULL) { 1172 1.1 elric sqlite3_close(ctx->db); 1173 1.1 elric free(name); 1174 1.1 elric free(ctx); 1175 1.2 christos return krb5_enomem(context); 1176 1.1 elric } 1177 1.1 elric 1178 1.1 elric ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches", 1179 1.1 elric name); 1180 1.1 elric if (ret < 0 || str == NULL) { 1181 1.1 elric sqlite3_close(ctx->db); 1182 1.1 elric free(name); 1183 1.1 elric free(ctx->drop); 1184 1.1 elric free(ctx); 1185 1.2 christos return krb5_enomem(context); 1186 1.1 elric } 1187 1.1 elric 1188 1.1 elric ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO); 1189 1.1 elric free(str); 1190 1.1 elric str = NULL; 1191 1.1 elric if (ret) { 1192 1.1 elric sqlite3_close(ctx->db); 1193 1.1 elric free(name); 1194 1.1 elric free(ctx->drop); 1195 1.1 elric free(ctx); 1196 1.1 elric return ret; 1197 1.1 elric } 1198 1.1 elric 1199 1.1 elric ret = asprintf(&str, "SELECT name FROM %s", name); 1200 1.1 elric if (ret < 0 || str == NULL) { 1201 1.1 elric exec_stmt(context, ctx->db, ctx->drop, 0); 1202 1.1 elric sqlite3_close(ctx->db); 1203 1.1 elric free(name); 1204 1.1 elric free(ctx->drop); 1205 1.1 elric free(ctx); 1206 1.2 christos return krb5_enomem(context); 1207 1.1 elric } 1208 1.2 christos free(name); 1209 1.1 elric 1210 1.1 elric ret = prepare_stmt(context, ctx->db, &ctx->stmt, str); 1211 1.1 elric free(str); 1212 1.1 elric if (ret) { 1213 1.1 elric exec_stmt(context, ctx->db, ctx->drop, 0); 1214 1.1 elric sqlite3_close(ctx->db); 1215 1.1 elric free(ctx->drop); 1216 1.1 elric free(ctx); 1217 1.1 elric return ret; 1218 1.1 elric } 1219 1.1 elric 1220 1.1 elric *cursor = ctx; 1221 1.1 elric 1222 1.1 elric return 0; 1223 1.1 elric } 1224 1.1 elric 1225 1.1 elric static krb5_error_code KRB5_CALLCONV 1226 1.1 elric scc_get_cache_next(krb5_context context, 1227 1.1 elric krb5_cc_cursor cursor, 1228 1.1 elric krb5_ccache *id) 1229 1.1 elric { 1230 1.1 elric struct cache_iter *ctx = cursor; 1231 1.1 elric krb5_error_code ret; 1232 1.1 elric const char *name; 1233 1.1 elric 1234 1.1 elric again: 1235 1.1 elric ret = sqlite3_step(ctx->stmt); 1236 1.1 elric if (ret == SQLITE_DONE) { 1237 1.1 elric krb5_clear_error_message(context); 1238 1.1 elric return KRB5_CC_END; 1239 1.1 elric } else if (ret != SQLITE_ROW) { 1240 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1241 1.1 elric N_("Database failed: %s", ""), 1242 1.1 elric sqlite3_errmsg(ctx->db)); 1243 1.1 elric return KRB5_CC_IO; 1244 1.1 elric } 1245 1.1 elric 1246 1.1 elric if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT) 1247 1.1 elric goto again; 1248 1.1 elric 1249 1.1 elric name = (const char *)sqlite3_column_text(ctx->stmt, 0); 1250 1.1 elric if (name == NULL) 1251 1.1 elric goto again; 1252 1.1 elric 1253 1.1 elric ret = _krb5_cc_allocate(context, &krb5_scc_ops, id); 1254 1.1 elric if (ret) 1255 1.1 elric return ret; 1256 1.1 elric 1257 1.1 elric return scc_resolve(context, id, name); 1258 1.1 elric } 1259 1.1 elric 1260 1.1 elric static krb5_error_code KRB5_CALLCONV 1261 1.1 elric scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 1262 1.1 elric { 1263 1.1 elric struct cache_iter *ctx = cursor; 1264 1.1 elric 1265 1.1 elric exec_stmt(context, ctx->db, ctx->drop, 0); 1266 1.1 elric sqlite3_finalize(ctx->stmt); 1267 1.1 elric sqlite3_close(ctx->db); 1268 1.1 elric free(ctx->drop); 1269 1.1 elric free(ctx); 1270 1.1 elric return 0; 1271 1.1 elric } 1272 1.1 elric 1273 1.1 elric static krb5_error_code KRB5_CALLCONV 1274 1.1 elric scc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 1275 1.1 elric { 1276 1.1 elric krb5_scache *sfrom = SCACHE(from); 1277 1.1 elric krb5_scache *sto = SCACHE(to); 1278 1.1 elric krb5_error_code ret; 1279 1.1 elric 1280 1.1 elric if (strcmp(sfrom->file, sto->file) != 0) { 1281 1.1 elric krb5_set_error_message(context, KRB5_CC_BADNAME, 1282 1.1 elric N_("Can't handle cross database " 1283 1.1 elric "credential move: %s -> %s", ""), 1284 1.1 elric sfrom->file, sto->file); 1285 1.1 elric return KRB5_CC_BADNAME; 1286 1.1 elric } 1287 1.1 elric 1288 1.1 elric ret = make_database(context, sfrom); 1289 1.1 elric if (ret) 1290 1.1 elric return ret; 1291 1.1 elric 1292 1.1 elric ret = exec_stmt(context, sfrom->db, 1293 1.1 elric "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); 1294 1.1 elric if (ret) return ret; 1295 1.1 elric 1296 1.1 elric if (sto->cid != SCACHE_INVALID_CID) { 1297 1.1 elric /* drop old cache entry */ 1298 1.2 christos 1299 1.1 elric sqlite3_bind_int(sfrom->dcache, 1, sto->cid); 1300 1.1 elric do { 1301 1.1 elric ret = sqlite3_step(sfrom->dcache); 1302 1.1 elric } while (ret == SQLITE_ROW); 1303 1.1 elric sqlite3_reset(sfrom->dcache); 1304 1.1 elric if (ret != SQLITE_DONE) { 1305 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1306 1.1 elric N_("Failed to delete old cache: %d", ""), 1307 1.1 elric (int)ret); 1308 1.1 elric goto rollback; 1309 1.1 elric } 1310 1.1 elric } 1311 1.1 elric 1312 1.1 elric sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL); 1313 1.1 elric sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid); 1314 1.1 elric 1315 1.1 elric do { 1316 1.1 elric ret = sqlite3_step(sfrom->ucachen); 1317 1.1 elric } while (ret == SQLITE_ROW); 1318 1.1 elric sqlite3_reset(sfrom->ucachen); 1319 1.1 elric if (ret != SQLITE_DONE) { 1320 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1321 1.1 elric N_("Failed to update new cache: %d", ""), 1322 1.1 elric (int)ret); 1323 1.1 elric goto rollback; 1324 1.1 elric } 1325 1.1 elric 1326 1.1 elric sto->cid = sfrom->cid; 1327 1.1 elric 1328 1.1 elric ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO); 1329 1.1 elric if (ret) return ret; 1330 1.1 elric 1331 1.1 elric scc_free(sfrom); 1332 1.1 elric 1333 1.1 elric return 0; 1334 1.1 elric 1335 1.1 elric rollback: 1336 1.1 elric exec_stmt(context, sfrom->db, "ROLLBACK", 0); 1337 1.1 elric scc_free(sfrom); 1338 1.1 elric 1339 1.1 elric return KRB5_CC_IO; 1340 1.1 elric } 1341 1.1 elric 1342 1.1 elric static krb5_error_code KRB5_CALLCONV 1343 1.1 elric scc_get_default_name(krb5_context context, char **str) 1344 1.1 elric { 1345 1.1 elric krb5_error_code ret; 1346 1.1 elric char *name; 1347 1.1 elric 1348 1.1 elric *str = NULL; 1349 1.1 elric 1350 1.1 elric ret = get_def_name(context, &name); 1351 1.1 elric if (ret) 1352 1.1 elric return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str); 1353 1.1 elric 1354 1.1 elric ret = asprintf(str, "SCC:%s", name); 1355 1.1 elric free(name); 1356 1.2 christos if (ret < 0 || *str == NULL) 1357 1.2 christos return krb5_enomem(context); 1358 1.1 elric return 0; 1359 1.1 elric } 1360 1.1 elric 1361 1.1 elric static krb5_error_code KRB5_CALLCONV 1362 1.1 elric scc_set_default(krb5_context context, krb5_ccache id) 1363 1.1 elric { 1364 1.1 elric krb5_scache *s = SCACHE(id); 1365 1.1 elric krb5_error_code ret; 1366 1.1 elric 1367 1.1 elric if (s->cid == SCACHE_INVALID_CID) { 1368 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1369 1.1 elric N_("Trying to set a invalid cache " 1370 1.1 elric "as default %s", ""), 1371 1.1 elric s->name); 1372 1.1 elric return KRB5_CC_IO; 1373 1.1 elric } 1374 1.1 elric 1375 1.1 elric ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL); 1376 1.1 elric if (ret) { 1377 1.1 elric sqlite3_reset(s->umaster); 1378 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1379 1.1 elric N_("Failed to set name of default cache", "")); 1380 1.1 elric return KRB5_CC_IO; 1381 1.1 elric } 1382 1.1 elric 1383 1.1 elric do { 1384 1.1 elric ret = sqlite3_step(s->umaster); 1385 1.1 elric } while (ret == SQLITE_ROW); 1386 1.1 elric sqlite3_reset(s->umaster); 1387 1.1 elric if (ret != SQLITE_DONE) { 1388 1.1 elric krb5_set_error_message(context, KRB5_CC_IO, 1389 1.1 elric N_("Failed to update default cache", "")); 1390 1.1 elric return KRB5_CC_IO; 1391 1.1 elric } 1392 1.1 elric 1393 1.1 elric return 0; 1394 1.1 elric } 1395 1.1 elric 1396 1.1 elric /** 1397 1.1 elric * Variable containing the SCC based credential cache implemention. 1398 1.1 elric * 1399 1.1 elric * @ingroup krb5_ccache 1400 1.1 elric */ 1401 1.1 elric 1402 1.1 elric KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = { 1403 1.1 elric KRB5_CC_OPS_VERSION, 1404 1.1 elric "SCC", 1405 1.1 elric scc_get_name, 1406 1.1 elric scc_resolve, 1407 1.1 elric scc_gen_new, 1408 1.1 elric scc_initialize, 1409 1.1 elric scc_destroy, 1410 1.1 elric scc_close, 1411 1.1 elric scc_store_cred, 1412 1.1 elric NULL, /* scc_retrieve */ 1413 1.1 elric scc_get_principal, 1414 1.1 elric scc_get_first, 1415 1.1 elric scc_get_next, 1416 1.1 elric scc_end_get, 1417 1.1 elric scc_remove_cred, 1418 1.1 elric scc_set_flags, 1419 1.1 elric NULL, 1420 1.1 elric scc_get_cache_first, 1421 1.1 elric scc_get_cache_next, 1422 1.1 elric scc_end_cache_get, 1423 1.1 elric scc_move, 1424 1.1 elric scc_get_default_name, 1425 1.2 christos scc_set_default, 1426 1.2 christos NULL, 1427 1.2 christos NULL, 1428 1.2 christos NULL 1429 1.1 elric }; 1430 1.1 elric 1431 1.1 elric #endif 1432
Indexes created Sat Feb 28 05:31:39 UTC 2026