2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: cache.c,v 1.71 2005/06/16 20:19:57 lha Exp $");
39 * Add a new ccache type with operations `ops', overwriting any
40 * existing one if `override'.
41 * Return an error code or 0.
44 krb5_error_code KRB5_LIB_FUNCTION
45 krb5_cc_register(krb5_context context,
46 const krb5_cc_ops *ops,
47 krb5_boolean override)
51 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
52 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
54 krb5_set_error_string(context,
55 "ccache type %s already exists",
57 return KRB5_CC_TYPE_EXISTS;
62 if(i == context->num_cc_ops) {
63 krb5_cc_ops *o = realloc(context->cc_ops,
64 (context->num_cc_ops + 1) *
65 sizeof(*context->cc_ops));
67 krb5_set_error_string(context, "malloc: out of memory");
70 context->num_cc_ops++;
72 memset(context->cc_ops + i, 0,
73 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
75 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
80 * Allocate memory for a new ccache in `id' with operations `ops'
81 * and name `residual'.
82 * Return 0 or an error code.
85 static krb5_error_code
86 allocate_ccache (krb5_context context,
87 const krb5_cc_ops *ops,
94 p = malloc(sizeof(*p));
96 krb5_set_error_string(context, "malloc: out of memory");
101 ret = p->ops->resolve(context, id, residual);
108 * Find and allocate a ccache in `id' from the specification in `residual'.
109 * If the ccache name doesn't contain any colon, interpret it as a file name.
110 * Return 0 or an error code.
113 krb5_error_code KRB5_LIB_FUNCTION
114 krb5_cc_resolve(krb5_context context,
120 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
121 size_t prefix_len = strlen(context->cc_ops[i].prefix);
123 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
124 && name[prefix_len] == ':') {
125 return allocate_ccache (context, &context->cc_ops[i],
126 name + prefix_len + 1,
130 if (strchr (name, ':') == NULL)
131 return allocate_ccache (context, &krb5_fcc_ops, name, id);
133 krb5_set_error_string(context, "unknown ccache type %s", name);
134 return KRB5_CC_UNKNOWN_TYPE;
139 * Generate a new ccache of type `ops' in `id'.
140 * Return 0 or an error code.
143 krb5_error_code KRB5_LIB_FUNCTION
144 krb5_cc_gen_new(krb5_context context,
145 const krb5_cc_ops *ops,
150 p = malloc (sizeof(*p));
152 krb5_set_error_string(context, "malloc: out of memory");
153 return KRB5_CC_NOMEM;
157 return p->ops->gen_new(context, id);
161 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
162 * the library chooses the default credential cache type. The supplied
163 * `hint' (that can be NULL) is a string that the credential cache
164 * type can use to base the name of the credential on, this is to make
165 * its easier for the user to differentiate the credentials.
167 * Returns 0 or an error code.
170 krb5_error_code KRB5_LIB_FUNCTION
171 krb5_cc_new_unique(krb5_context context, const char *type,
172 const char *hint, krb5_ccache *id)
174 const krb5_cc_ops *ops;
179 ops = krb5_cc_get_prefix_ops(context, type);
181 krb5_set_error_string(context, "Credential cache type %s is unknown",
183 return KRB5_CC_UNKNOWN_TYPE;
186 return krb5_cc_gen_new(context, ops, id);
190 * Return the name of the ccache `id'
193 const char* KRB5_LIB_FUNCTION
194 krb5_cc_get_name(krb5_context context,
197 return id->ops->get_name(context, id);
201 * Return the type of the ccache `id'.
204 const char* KRB5_LIB_FUNCTION
205 krb5_cc_get_type(krb5_context context,
208 return id->ops->prefix;
212 * Return krb5_cc_ops of a the ccache `id'.
216 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
222 * Expand variables in `str' into `res'
226 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
228 size_t tlen, len = 0;
229 char *tmp, *tmp2, *append;
233 while (str && *str) {
234 tmp = strstr(str, "%{");
235 if (tmp && tmp != str) {
236 append = malloc((tmp - str) + 1);
238 memcpy(append, str, tmp - str);
239 append[tmp - str] = '\0';
243 tmp2 = strchr(tmp, '}');
247 krb5_set_error_string(context, "variable missing }");
248 return KRB5_CONFIG_BADFORMAT;
250 if (strncasecmp(tmp, "%{uid}", 6) == 0)
251 asprintf(&append, "%u", (unsigned)getuid());
252 else if (strncasecmp(tmp, "%{null}", 7) == 0)
257 krb5_set_error_string(context,
258 "expand default cache unknown "
260 (int)(tmp2 - tmp) - 2, tmp + 2);
261 return KRB5_CONFIG_BADFORMAT;
265 append = strdup(str);
268 if (append == NULL) {
271 krb5_set_error_string(context, "malloc - out of memory");
275 tlen = strlen(append);
276 tmp = realloc(*res, len + tlen + 1);
280 krb5_set_error_string(context, "malloc - out of memory");
284 memcpy(*res + len, append, tlen + 1);
292 * Set the default cc name for `context' to `name'.
295 krb5_error_code KRB5_LIB_FUNCTION
296 krb5_cc_set_default_name(krb5_context context, const char *name)
298 krb5_error_code ret = 0;
302 const char *e = NULL;
305 e = getenv("KRB5CCNAME");
310 e = krb5_config_get_string(context, NULL, "libdefaults",
311 "default_cc_name", NULL);
313 ret = _krb5_expand_default_cc_name(context, e, &p);
319 asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid());
324 krb5_set_error_string(context, "malloc - out of memory");
328 if (context->default_cc_name)
329 free(context->default_cc_name);
331 context->default_cc_name = p;
337 * Return a pointer to a context static string containing the default
341 const char* KRB5_LIB_FUNCTION
342 krb5_cc_default_name(krb5_context context)
344 if (context->default_cc_name == NULL)
345 krb5_cc_set_default_name(context, NULL);
347 return context->default_cc_name;
351 * Open the default ccache in `id'.
352 * Return 0 or an error code.
355 krb5_error_code KRB5_LIB_FUNCTION
356 krb5_cc_default(krb5_context context,
359 const char *p = krb5_cc_default_name(context);
362 krb5_set_error_string(context, "malloc - out of memory");
365 return krb5_cc_resolve(context, p, id);
369 * Create a new ccache in `id' for `primary_principal'.
370 * Return 0 or an error code.
373 krb5_error_code KRB5_LIB_FUNCTION
374 krb5_cc_initialize(krb5_context context,
376 krb5_principal primary_principal)
378 return id->ops->init(context, id, primary_principal);
383 * Remove the ccache `id'.
384 * Return 0 or an error code.
387 krb5_error_code KRB5_LIB_FUNCTION
388 krb5_cc_destroy(krb5_context context,
393 ret = id->ops->destroy(context, id);
394 krb5_cc_close (context, id);
399 * Stop using the ccache `id' and free the related resources.
400 * Return 0 or an error code.
403 krb5_error_code KRB5_LIB_FUNCTION
404 krb5_cc_close(krb5_context context,
408 ret = id->ops->close(context, id);
414 * Store `creds' in the ccache `id'.
415 * Return 0 or an error code.
418 krb5_error_code KRB5_LIB_FUNCTION
419 krb5_cc_store_cred(krb5_context context,
423 return id->ops->store(context, id, creds);
427 * Retrieve the credential identified by `mcreds' (and `whichfields')
428 * from `id' in `creds'.
429 * Return 0 or an error code.
432 krb5_error_code KRB5_LIB_FUNCTION
433 krb5_cc_retrieve_cred(krb5_context context,
435 krb5_flags whichfields,
436 const krb5_creds *mcreds,
440 krb5_cc_cursor cursor;
442 if (id->ops->retrieve != NULL) {
443 return id->ops->retrieve(context, id, whichfields,
447 krb5_cc_start_seq_get(context, id, &cursor);
448 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
449 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
453 krb5_free_cred_contents (context, creds);
455 krb5_cc_end_seq_get(context, id, &cursor);
460 * Return the principal of `id' in `principal'.
461 * Return 0 or an error code.
464 krb5_error_code KRB5_LIB_FUNCTION
465 krb5_cc_get_principal(krb5_context context,
467 krb5_principal *principal)
469 return id->ops->get_princ(context, id, principal);
473 * Start iterating over `id', `cursor' is initialized to the
475 * Return 0 or an error code.
478 krb5_error_code KRB5_LIB_FUNCTION
479 krb5_cc_start_seq_get (krb5_context context,
480 const krb5_ccache id,
481 krb5_cc_cursor *cursor)
483 return id->ops->get_first(context, id, cursor);
487 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
488 * and advance `cursor'.
489 * Return 0 or an error code.
492 krb5_error_code KRB5_LIB_FUNCTION
493 krb5_cc_next_cred (krb5_context context,
494 const krb5_ccache id,
495 krb5_cc_cursor *cursor,
498 return id->ops->get_next(context, id, cursor, creds);
501 /* like krb5_cc_next_cred, but allow for selective retrieval */
503 krb5_error_code KRB5_LIB_FUNCTION
504 krb5_cc_next_cred_match(krb5_context context,
505 const krb5_ccache id,
506 krb5_cc_cursor * cursor,
508 krb5_flags whichfields,
509 const krb5_creds * mcreds)
513 ret = krb5_cc_next_cred(context, id, cursor, creds);
516 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
518 krb5_free_cred_contents(context, creds);
523 * Destroy the cursor `cursor'.
526 krb5_error_code KRB5_LIB_FUNCTION
527 krb5_cc_end_seq_get (krb5_context context,
528 const krb5_ccache id,
529 krb5_cc_cursor *cursor)
531 return id->ops->end_get(context, id, cursor);
535 * Remove the credential identified by `cred', `which' from `id'.
538 krb5_error_code KRB5_LIB_FUNCTION
539 krb5_cc_remove_cred(krb5_context context,
544 if(id->ops->remove_cred == NULL) {
545 krb5_set_error_string(context,
546 "ccache %s does not support remove_cred",
548 return EACCES; /* XXX */
550 return (*id->ops->remove_cred)(context, id, which, cred);
554 * Set the flags of `id' to `flags'.
557 krb5_error_code KRB5_LIB_FUNCTION
558 krb5_cc_set_flags(krb5_context context,
562 return id->ops->set_flags(context, id, flags);
566 * Copy the contents of `from' to `to'.
569 krb5_error_code KRB5_LIB_FUNCTION
570 krb5_cc_copy_cache_match(krb5_context context,
571 const krb5_ccache from,
573 krb5_flags whichfields,
574 const krb5_creds * mcreds,
575 unsigned int *matched)
578 krb5_cc_cursor cursor;
580 krb5_principal princ;
582 ret = krb5_cc_get_principal(context, from, &princ);
585 ret = krb5_cc_initialize(context, to, princ);
587 krb5_free_principal(context, princ);
590 ret = krb5_cc_start_seq_get(context, from, &cursor);
592 krb5_free_principal(context, princ);
598 krb5_cc_next_cred_match(context, from, &cursor, &cred,
599 whichfields, mcreds) == 0) {
602 ret = krb5_cc_store_cred(context, to, &cred);
603 krb5_free_cred_contents(context, &cred);
605 krb5_cc_end_seq_get(context, from, &cursor);
606 krb5_free_principal(context, princ);
610 krb5_error_code KRB5_LIB_FUNCTION
611 krb5_cc_copy_cache(krb5_context context,
612 const krb5_ccache from,
615 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
619 * Return the version of `id'.
622 krb5_error_code KRB5_LIB_FUNCTION
623 krb5_cc_get_version(krb5_context context,
624 const krb5_ccache id)
626 if(id->ops->get_version)
627 return id->ops->get_version(context, id);
633 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
636 void KRB5_LIB_FUNCTION
637 krb5_cc_clear_mcred(krb5_creds *mcred)
639 memset(mcred, 0, sizeof(*mcred));
643 * Get the cc ops that is registered in `context' to handle the
644 * `prefix'. Returns NULL if ops not found.
648 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
652 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
653 if(strcmp(context->cc_ops[i].prefix, prefix) == 0)
654 return &context->cc_ops[i];