1*ebfedea0SLionel Sambuc /* $NetBSD: acache.c,v 1.1.1.1 2011/04/13 18:15:31 elric Exp $ */ 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc /* 4*ebfedea0SLionel Sambuc * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 5*ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden). 6*ebfedea0SLionel Sambuc * All rights reserved. 7*ebfedea0SLionel Sambuc * 8*ebfedea0SLionel Sambuc * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 9*ebfedea0SLionel Sambuc * 10*ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without 11*ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions 12*ebfedea0SLionel Sambuc * are met: 13*ebfedea0SLionel Sambuc * 14*ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright 15*ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer. 16*ebfedea0SLionel Sambuc * 17*ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright 18*ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the 19*ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution. 20*ebfedea0SLionel Sambuc * 21*ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors 22*ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software 23*ebfedea0SLionel Sambuc * without specific prior written permission. 24*ebfedea0SLionel Sambuc * 25*ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 26*ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27*ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28*ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 29*ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30*ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31*ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32*ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33*ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34*ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35*ebfedea0SLionel Sambuc * SUCH DAMAGE. 36*ebfedea0SLionel Sambuc */ 37*ebfedea0SLionel Sambuc 38*ebfedea0SLionel Sambuc #include "krb5_locl.h" 39*ebfedea0SLionel Sambuc #include <krb5/krb5_ccapi.h> 40*ebfedea0SLionel Sambuc #ifdef HAVE_DLFCN_H 41*ebfedea0SLionel Sambuc #include <dlfcn.h> 42*ebfedea0SLionel Sambuc #endif 43*ebfedea0SLionel Sambuc 44*ebfedea0SLionel Sambuc #ifndef KCM_IS_API_CACHE 45*ebfedea0SLionel Sambuc 46*ebfedea0SLionel Sambuc static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; 47*ebfedea0SLionel Sambuc static cc_initialize_func init_func; 48*ebfedea0SLionel Sambuc static void (KRB5_CALLCONV *set_target_uid)(uid_t); 49*ebfedea0SLionel Sambuc static void (KRB5_CALLCONV *clear_target)(void); 50*ebfedea0SLionel Sambuc 51*ebfedea0SLionel Sambuc #ifdef HAVE_DLOPEN 52*ebfedea0SLionel Sambuc static void *cc_handle; 53*ebfedea0SLionel Sambuc #endif 54*ebfedea0SLionel Sambuc 55*ebfedea0SLionel Sambuc typedef struct krb5_acc { 56*ebfedea0SLionel Sambuc char *cache_name; 57*ebfedea0SLionel Sambuc cc_context_t context; 58*ebfedea0SLionel Sambuc cc_ccache_t ccache; 59*ebfedea0SLionel Sambuc } krb5_acc; 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV acc_close(krb5_context, krb5_ccache); 62*ebfedea0SLionel Sambuc 63*ebfedea0SLionel Sambuc #define ACACHE(X) ((krb5_acc *)(X)->data.data) 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel Sambuc static const struct { 66*ebfedea0SLionel Sambuc cc_int32 error; 67*ebfedea0SLionel Sambuc krb5_error_code ret; 68*ebfedea0SLionel Sambuc } cc_errors[] = { 69*ebfedea0SLionel Sambuc { ccErrBadName, KRB5_CC_BADNAME }, 70*ebfedea0SLionel Sambuc { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND }, 71*ebfedea0SLionel Sambuc { ccErrCCacheNotFound, KRB5_FCC_NOFILE }, 72*ebfedea0SLionel Sambuc { ccErrContextNotFound, KRB5_CC_NOTFOUND }, 73*ebfedea0SLionel Sambuc { ccIteratorEnd, KRB5_CC_END }, 74*ebfedea0SLionel Sambuc { ccErrNoMem, KRB5_CC_NOMEM }, 75*ebfedea0SLionel Sambuc { ccErrServerUnavailable, KRB5_CC_NOSUPP }, 76*ebfedea0SLionel Sambuc { ccErrInvalidCCache, KRB5_CC_BADNAME }, 77*ebfedea0SLionel Sambuc { ccNoError, 0 } 78*ebfedea0SLionel Sambuc }; 79*ebfedea0SLionel Sambuc 80*ebfedea0SLionel Sambuc static krb5_error_code 81*ebfedea0SLionel Sambuc translate_cc_error(krb5_context context, cc_int32 error) 82*ebfedea0SLionel Sambuc { 83*ebfedea0SLionel Sambuc int i; 84*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 85*ebfedea0SLionel Sambuc for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++) 86*ebfedea0SLionel Sambuc if (cc_errors[i].error == error) 87*ebfedea0SLionel Sambuc return cc_errors[i].ret; 88*ebfedea0SLionel Sambuc return KRB5_FCC_INTERNAL; 89*ebfedea0SLionel Sambuc } 90*ebfedea0SLionel Sambuc 91*ebfedea0SLionel Sambuc static krb5_error_code 92*ebfedea0SLionel Sambuc init_ccapi(krb5_context context) 93*ebfedea0SLionel Sambuc { 94*ebfedea0SLionel Sambuc const char *lib = NULL; 95*ebfedea0SLionel Sambuc 96*ebfedea0SLionel Sambuc HEIMDAL_MUTEX_lock(&acc_mutex); 97*ebfedea0SLionel Sambuc if (init_func) { 98*ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&acc_mutex); 99*ebfedea0SLionel Sambuc if (context) 100*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 101*ebfedea0SLionel Sambuc return 0; 102*ebfedea0SLionel Sambuc } 103*ebfedea0SLionel Sambuc 104*ebfedea0SLionel Sambuc if (context) 105*ebfedea0SLionel Sambuc lib = krb5_config_get_string(context, NULL, 106*ebfedea0SLionel Sambuc "libdefaults", "ccapi_library", 107*ebfedea0SLionel Sambuc NULL); 108*ebfedea0SLionel Sambuc if (lib == NULL) { 109*ebfedea0SLionel Sambuc #ifdef __APPLE__ 110*ebfedea0SLionel Sambuc lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos"; 111*ebfedea0SLionel Sambuc #elif defined(KRB5_USE_PATH_TOKENS) && defined(_WIN32) 112*ebfedea0SLionel Sambuc lib = "%{LIBDIR}/libkrb5_cc.dll"; 113*ebfedea0SLionel Sambuc #else 114*ebfedea0SLionel Sambuc lib = "/usr/lib/libkrb5_cc.so"; 115*ebfedea0SLionel Sambuc #endif 116*ebfedea0SLionel Sambuc } 117*ebfedea0SLionel Sambuc 118*ebfedea0SLionel Sambuc #ifdef HAVE_DLOPEN 119*ebfedea0SLionel Sambuc 120*ebfedea0SLionel Sambuc #ifndef RTLD_LAZY 121*ebfedea0SLionel Sambuc #define RTLD_LAZY 0 122*ebfedea0SLionel Sambuc #endif 123*ebfedea0SLionel Sambuc #ifndef RTLD_LOCAL 124*ebfedea0SLionel Sambuc #define RTLD_LOCAL 0 125*ebfedea0SLionel Sambuc #endif 126*ebfedea0SLionel Sambuc 127*ebfedea0SLionel Sambuc #ifdef KRB5_USE_PATH_TOKENS 128*ebfedea0SLionel Sambuc { 129*ebfedea0SLionel Sambuc char * explib = NULL; 130*ebfedea0SLionel Sambuc if (_krb5_expand_path_tokens(context, lib, &explib) == 0) { 131*ebfedea0SLionel Sambuc cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL); 132*ebfedea0SLionel Sambuc free(explib); 133*ebfedea0SLionel Sambuc } 134*ebfedea0SLionel Sambuc } 135*ebfedea0SLionel Sambuc #else 136*ebfedea0SLionel Sambuc cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL); 137*ebfedea0SLionel Sambuc #endif 138*ebfedea0SLionel Sambuc 139*ebfedea0SLionel Sambuc if (cc_handle == NULL) { 140*ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&acc_mutex); 141*ebfedea0SLionel Sambuc if (context) 142*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOSUPP, 143*ebfedea0SLionel Sambuc N_("Failed to load API cache module %s", "file"), 144*ebfedea0SLionel Sambuc lib); 145*ebfedea0SLionel Sambuc return KRB5_CC_NOSUPP; 146*ebfedea0SLionel Sambuc } 147*ebfedea0SLionel Sambuc 148*ebfedea0SLionel Sambuc init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); 149*ebfedea0SLionel Sambuc set_target_uid = (void (KRB5_CALLCONV *)(uid_t)) 150*ebfedea0SLionel Sambuc dlsym(cc_handle, "krb5_ipc_client_set_target_uid"); 151*ebfedea0SLionel Sambuc clear_target = (void (KRB5_CALLCONV *)(void)) 152*ebfedea0SLionel Sambuc dlsym(cc_handle, "krb5_ipc_client_clear_target"); 153*ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&acc_mutex); 154*ebfedea0SLionel Sambuc if (init_func == NULL) { 155*ebfedea0SLionel Sambuc if (context) 156*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOSUPP, 157*ebfedea0SLionel Sambuc N_("Failed to find cc_initialize" 158*ebfedea0SLionel Sambuc "in %s: %s", "file, error"), lib, dlerror()); 159*ebfedea0SLionel Sambuc dlclose(cc_handle); 160*ebfedea0SLionel Sambuc return KRB5_CC_NOSUPP; 161*ebfedea0SLionel Sambuc } 162*ebfedea0SLionel Sambuc 163*ebfedea0SLionel Sambuc return 0; 164*ebfedea0SLionel Sambuc #else 165*ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&acc_mutex); 166*ebfedea0SLionel Sambuc if (context) 167*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOSUPP, 168*ebfedea0SLionel Sambuc N_("no support for shared object", "")); 169*ebfedea0SLionel Sambuc return KRB5_CC_NOSUPP; 170*ebfedea0SLionel Sambuc #endif 171*ebfedea0SLionel Sambuc } 172*ebfedea0SLionel Sambuc 173*ebfedea0SLionel Sambuc void 174*ebfedea0SLionel Sambuc _heim_krb5_ipc_client_set_target_uid(uid_t uid) 175*ebfedea0SLionel Sambuc { 176*ebfedea0SLionel Sambuc init_ccapi(NULL); 177*ebfedea0SLionel Sambuc if (set_target_uid != NULL) 178*ebfedea0SLionel Sambuc (*set_target_uid)(uid); 179*ebfedea0SLionel Sambuc } 180*ebfedea0SLionel Sambuc 181*ebfedea0SLionel Sambuc void 182*ebfedea0SLionel Sambuc _heim_krb5_ipc_client_clear_target(void) 183*ebfedea0SLionel Sambuc { 184*ebfedea0SLionel Sambuc init_ccapi(NULL); 185*ebfedea0SLionel Sambuc if (clear_target != NULL) 186*ebfedea0SLionel Sambuc (*clear_target)(); 187*ebfedea0SLionel Sambuc } 188*ebfedea0SLionel Sambuc 189*ebfedea0SLionel Sambuc static krb5_error_code 190*ebfedea0SLionel Sambuc make_cred_from_ccred(krb5_context context, 191*ebfedea0SLionel Sambuc const cc_credentials_v5_t *incred, 192*ebfedea0SLionel Sambuc krb5_creds *cred) 193*ebfedea0SLionel Sambuc { 194*ebfedea0SLionel Sambuc krb5_error_code ret; 195*ebfedea0SLionel Sambuc unsigned int i; 196*ebfedea0SLionel Sambuc 197*ebfedea0SLionel Sambuc memset(cred, 0, sizeof(*cred)); 198*ebfedea0SLionel Sambuc 199*ebfedea0SLionel Sambuc ret = krb5_parse_name(context, incred->client, &cred->client); 200*ebfedea0SLionel Sambuc if (ret) 201*ebfedea0SLionel Sambuc goto fail; 202*ebfedea0SLionel Sambuc 203*ebfedea0SLionel Sambuc ret = krb5_parse_name(context, incred->server, &cred->server); 204*ebfedea0SLionel Sambuc if (ret) 205*ebfedea0SLionel Sambuc goto fail; 206*ebfedea0SLionel Sambuc 207*ebfedea0SLionel Sambuc cred->session.keytype = incred->keyblock.type; 208*ebfedea0SLionel Sambuc cred->session.keyvalue.length = incred->keyblock.length; 209*ebfedea0SLionel Sambuc cred->session.keyvalue.data = malloc(incred->keyblock.length); 210*ebfedea0SLionel Sambuc if (cred->session.keyvalue.data == NULL) 211*ebfedea0SLionel Sambuc goto nomem; 212*ebfedea0SLionel Sambuc memcpy(cred->session.keyvalue.data, incred->keyblock.data, 213*ebfedea0SLionel Sambuc incred->keyblock.length); 214*ebfedea0SLionel Sambuc 215*ebfedea0SLionel Sambuc cred->times.authtime = incred->authtime; 216*ebfedea0SLionel Sambuc cred->times.starttime = incred->starttime; 217*ebfedea0SLionel Sambuc cred->times.endtime = incred->endtime; 218*ebfedea0SLionel Sambuc cred->times.renew_till = incred->renew_till; 219*ebfedea0SLionel Sambuc 220*ebfedea0SLionel Sambuc ret = krb5_data_copy(&cred->ticket, 221*ebfedea0SLionel Sambuc incred->ticket.data, 222*ebfedea0SLionel Sambuc incred->ticket.length); 223*ebfedea0SLionel Sambuc if (ret) 224*ebfedea0SLionel Sambuc goto nomem; 225*ebfedea0SLionel Sambuc 226*ebfedea0SLionel Sambuc ret = krb5_data_copy(&cred->second_ticket, 227*ebfedea0SLionel Sambuc incred->second_ticket.data, 228*ebfedea0SLionel Sambuc incred->second_ticket.length); 229*ebfedea0SLionel Sambuc if (ret) 230*ebfedea0SLionel Sambuc goto nomem; 231*ebfedea0SLionel Sambuc 232*ebfedea0SLionel Sambuc cred->authdata.val = NULL; 233*ebfedea0SLionel Sambuc cred->authdata.len = 0; 234*ebfedea0SLionel Sambuc 235*ebfedea0SLionel Sambuc cred->addresses.val = NULL; 236*ebfedea0SLionel Sambuc cred->addresses.len = 0; 237*ebfedea0SLionel Sambuc 238*ebfedea0SLionel Sambuc for (i = 0; incred->authdata && incred->authdata[i]; i++) 239*ebfedea0SLionel Sambuc ; 240*ebfedea0SLionel Sambuc 241*ebfedea0SLionel Sambuc if (i) { 242*ebfedea0SLionel Sambuc cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0])); 243*ebfedea0SLionel Sambuc if (cred->authdata.val == NULL) 244*ebfedea0SLionel Sambuc goto nomem; 245*ebfedea0SLionel Sambuc cred->authdata.len = i; 246*ebfedea0SLionel Sambuc for (i = 0; i < cred->authdata.len; i++) { 247*ebfedea0SLionel Sambuc cred->authdata.val[i].ad_type = incred->authdata[i]->type; 248*ebfedea0SLionel Sambuc ret = krb5_data_copy(&cred->authdata.val[i].ad_data, 249*ebfedea0SLionel Sambuc incred->authdata[i]->data, 250*ebfedea0SLionel Sambuc incred->authdata[i]->length); 251*ebfedea0SLionel Sambuc if (ret) 252*ebfedea0SLionel Sambuc goto nomem; 253*ebfedea0SLionel Sambuc } 254*ebfedea0SLionel Sambuc } 255*ebfedea0SLionel Sambuc 256*ebfedea0SLionel Sambuc for (i = 0; incred->addresses && incred->addresses[i]; i++) 257*ebfedea0SLionel Sambuc ; 258*ebfedea0SLionel Sambuc 259*ebfedea0SLionel Sambuc if (i) { 260*ebfedea0SLionel Sambuc cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0])); 261*ebfedea0SLionel Sambuc if (cred->addresses.val == NULL) 262*ebfedea0SLionel Sambuc goto nomem; 263*ebfedea0SLionel Sambuc cred->addresses.len = i; 264*ebfedea0SLionel Sambuc 265*ebfedea0SLionel Sambuc for (i = 0; i < cred->addresses.len; i++) { 266*ebfedea0SLionel Sambuc cred->addresses.val[i].addr_type = incred->addresses[i]->type; 267*ebfedea0SLionel Sambuc ret = krb5_data_copy(&cred->addresses.val[i].address, 268*ebfedea0SLionel Sambuc incred->addresses[i]->data, 269*ebfedea0SLionel Sambuc incred->addresses[i]->length); 270*ebfedea0SLionel Sambuc if (ret) 271*ebfedea0SLionel Sambuc goto nomem; 272*ebfedea0SLionel Sambuc } 273*ebfedea0SLionel Sambuc } 274*ebfedea0SLionel Sambuc 275*ebfedea0SLionel Sambuc cred->flags.i = 0; 276*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE) 277*ebfedea0SLionel Sambuc cred->flags.b.forwardable = 1; 278*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED) 279*ebfedea0SLionel Sambuc cred->flags.b.forwarded = 1; 280*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE) 281*ebfedea0SLionel Sambuc cred->flags.b.proxiable = 1; 282*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY) 283*ebfedea0SLionel Sambuc cred->flags.b.proxy = 1; 284*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE) 285*ebfedea0SLionel Sambuc cred->flags.b.may_postdate = 1; 286*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED) 287*ebfedea0SLionel Sambuc cred->flags.b.postdated = 1; 288*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID) 289*ebfedea0SLionel Sambuc cred->flags.b.invalid = 1; 290*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE) 291*ebfedea0SLionel Sambuc cred->flags.b.renewable = 1; 292*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL) 293*ebfedea0SLionel Sambuc cred->flags.b.initial = 1; 294*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH) 295*ebfedea0SLionel Sambuc cred->flags.b.pre_authent = 1; 296*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH) 297*ebfedea0SLionel Sambuc cred->flags.b.hw_authent = 1; 298*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED) 299*ebfedea0SLionel Sambuc cred->flags.b.transited_policy_checked = 1; 300*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE) 301*ebfedea0SLionel Sambuc cred->flags.b.ok_as_delegate = 1; 302*ebfedea0SLionel Sambuc if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS) 303*ebfedea0SLionel Sambuc cred->flags.b.anonymous = 1; 304*ebfedea0SLionel Sambuc 305*ebfedea0SLionel Sambuc return 0; 306*ebfedea0SLionel Sambuc 307*ebfedea0SLionel Sambuc nomem: 308*ebfedea0SLionel Sambuc ret = ENOMEM; 309*ebfedea0SLionel Sambuc krb5_set_error_message(context, ret, N_("malloc: out of memory", "malloc")); 310*ebfedea0SLionel Sambuc 311*ebfedea0SLionel Sambuc fail: 312*ebfedea0SLionel Sambuc krb5_free_cred_contents(context, cred); 313*ebfedea0SLionel Sambuc return ret; 314*ebfedea0SLionel Sambuc } 315*ebfedea0SLionel Sambuc 316*ebfedea0SLionel Sambuc static void 317*ebfedea0SLionel Sambuc free_ccred(cc_credentials_v5_t *cred) 318*ebfedea0SLionel Sambuc { 319*ebfedea0SLionel Sambuc int i; 320*ebfedea0SLionel Sambuc 321*ebfedea0SLionel Sambuc if (cred->addresses) { 322*ebfedea0SLionel Sambuc for (i = 0; cred->addresses[i] != 0; i++) { 323*ebfedea0SLionel Sambuc if (cred->addresses[i]->data) 324*ebfedea0SLionel Sambuc free(cred->addresses[i]->data); 325*ebfedea0SLionel Sambuc free(cred->addresses[i]); 326*ebfedea0SLionel Sambuc } 327*ebfedea0SLionel Sambuc free(cred->addresses); 328*ebfedea0SLionel Sambuc } 329*ebfedea0SLionel Sambuc if (cred->server) 330*ebfedea0SLionel Sambuc free(cred->server); 331*ebfedea0SLionel Sambuc if (cred->client) 332*ebfedea0SLionel Sambuc free(cred->client); 333*ebfedea0SLionel Sambuc memset(cred, 0, sizeof(*cred)); 334*ebfedea0SLionel Sambuc } 335*ebfedea0SLionel Sambuc 336*ebfedea0SLionel Sambuc static krb5_error_code 337*ebfedea0SLionel Sambuc make_ccred_from_cred(krb5_context context, 338*ebfedea0SLionel Sambuc const krb5_creds *incred, 339*ebfedea0SLionel Sambuc cc_credentials_v5_t *cred) 340*ebfedea0SLionel Sambuc { 341*ebfedea0SLionel Sambuc krb5_error_code ret; 342*ebfedea0SLionel Sambuc int i; 343*ebfedea0SLionel Sambuc 344*ebfedea0SLionel Sambuc memset(cred, 0, sizeof(*cred)); 345*ebfedea0SLionel Sambuc 346*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, incred->client, &cred->client); 347*ebfedea0SLionel Sambuc if (ret) 348*ebfedea0SLionel Sambuc goto fail; 349*ebfedea0SLionel Sambuc 350*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, incred->server, &cred->server); 351*ebfedea0SLionel Sambuc if (ret) 352*ebfedea0SLionel Sambuc goto fail; 353*ebfedea0SLionel Sambuc 354*ebfedea0SLionel Sambuc cred->keyblock.type = incred->session.keytype; 355*ebfedea0SLionel Sambuc cred->keyblock.length = incred->session.keyvalue.length; 356*ebfedea0SLionel Sambuc cred->keyblock.data = incred->session.keyvalue.data; 357*ebfedea0SLionel Sambuc 358*ebfedea0SLionel Sambuc cred->authtime = incred->times.authtime; 359*ebfedea0SLionel Sambuc cred->starttime = incred->times.starttime; 360*ebfedea0SLionel Sambuc cred->endtime = incred->times.endtime; 361*ebfedea0SLionel Sambuc cred->renew_till = incred->times.renew_till; 362*ebfedea0SLionel Sambuc 363*ebfedea0SLionel Sambuc cred->ticket.length = incred->ticket.length; 364*ebfedea0SLionel Sambuc cred->ticket.data = incred->ticket.data; 365*ebfedea0SLionel Sambuc 366*ebfedea0SLionel Sambuc cred->second_ticket.length = incred->second_ticket.length; 367*ebfedea0SLionel Sambuc cred->second_ticket.data = incred->second_ticket.data; 368*ebfedea0SLionel Sambuc 369*ebfedea0SLionel Sambuc /* XXX this one should also be filled in */ 370*ebfedea0SLionel Sambuc cred->authdata = NULL; 371*ebfedea0SLionel Sambuc 372*ebfedea0SLionel Sambuc cred->addresses = calloc(incred->addresses.len + 1, 373*ebfedea0SLionel Sambuc sizeof(cred->addresses[0])); 374*ebfedea0SLionel Sambuc if (cred->addresses == NULL) { 375*ebfedea0SLionel Sambuc 376*ebfedea0SLionel Sambuc ret = ENOMEM; 377*ebfedea0SLionel Sambuc goto fail; 378*ebfedea0SLionel Sambuc } 379*ebfedea0SLionel Sambuc 380*ebfedea0SLionel Sambuc for (i = 0; i < incred->addresses.len; i++) { 381*ebfedea0SLionel Sambuc cc_data *addr; 382*ebfedea0SLionel Sambuc addr = malloc(sizeof(*addr)); 383*ebfedea0SLionel Sambuc if (addr == NULL) { 384*ebfedea0SLionel Sambuc ret = ENOMEM; 385*ebfedea0SLionel Sambuc goto fail; 386*ebfedea0SLionel Sambuc } 387*ebfedea0SLionel Sambuc addr->type = incred->addresses.val[i].addr_type; 388*ebfedea0SLionel Sambuc addr->length = incred->addresses.val[i].address.length; 389*ebfedea0SLionel Sambuc addr->data = malloc(addr->length); 390*ebfedea0SLionel Sambuc if (addr->data == NULL) { 391*ebfedea0SLionel Sambuc free(addr); 392*ebfedea0SLionel Sambuc ret = ENOMEM; 393*ebfedea0SLionel Sambuc goto fail; 394*ebfedea0SLionel Sambuc } 395*ebfedea0SLionel Sambuc memcpy(addr->data, incred->addresses.val[i].address.data, 396*ebfedea0SLionel Sambuc addr->length); 397*ebfedea0SLionel Sambuc cred->addresses[i] = addr; 398*ebfedea0SLionel Sambuc } 399*ebfedea0SLionel Sambuc cred->addresses[i] = NULL; 400*ebfedea0SLionel Sambuc 401*ebfedea0SLionel Sambuc cred->ticket_flags = 0; 402*ebfedea0SLionel Sambuc if (incred->flags.b.forwardable) 403*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE; 404*ebfedea0SLionel Sambuc if (incred->flags.b.forwarded) 405*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED; 406*ebfedea0SLionel Sambuc if (incred->flags.b.proxiable) 407*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE; 408*ebfedea0SLionel Sambuc if (incred->flags.b.proxy) 409*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY; 410*ebfedea0SLionel Sambuc if (incred->flags.b.may_postdate) 411*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE; 412*ebfedea0SLionel Sambuc if (incred->flags.b.postdated) 413*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED; 414*ebfedea0SLionel Sambuc if (incred->flags.b.invalid) 415*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID; 416*ebfedea0SLionel Sambuc if (incred->flags.b.renewable) 417*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE; 418*ebfedea0SLionel Sambuc if (incred->flags.b.initial) 419*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL; 420*ebfedea0SLionel Sambuc if (incred->flags.b.pre_authent) 421*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH; 422*ebfedea0SLionel Sambuc if (incred->flags.b.hw_authent) 423*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH; 424*ebfedea0SLionel Sambuc if (incred->flags.b.transited_policy_checked) 425*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED; 426*ebfedea0SLionel Sambuc if (incred->flags.b.ok_as_delegate) 427*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE; 428*ebfedea0SLionel Sambuc if (incred->flags.b.anonymous) 429*ebfedea0SLionel Sambuc cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS; 430*ebfedea0SLionel Sambuc 431*ebfedea0SLionel Sambuc return 0; 432*ebfedea0SLionel Sambuc 433*ebfedea0SLionel Sambuc fail: 434*ebfedea0SLionel Sambuc free_ccred(cred); 435*ebfedea0SLionel Sambuc 436*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 437*ebfedea0SLionel Sambuc return ret; 438*ebfedea0SLionel Sambuc } 439*ebfedea0SLionel Sambuc 440*ebfedea0SLionel Sambuc static cc_int32 441*ebfedea0SLionel Sambuc get_cc_name(krb5_acc *a) 442*ebfedea0SLionel Sambuc { 443*ebfedea0SLionel Sambuc cc_string_t name; 444*ebfedea0SLionel Sambuc cc_int32 error; 445*ebfedea0SLionel Sambuc 446*ebfedea0SLionel Sambuc error = (*a->ccache->func->get_name)(a->ccache, &name); 447*ebfedea0SLionel Sambuc if (error) 448*ebfedea0SLionel Sambuc return error; 449*ebfedea0SLionel Sambuc 450*ebfedea0SLionel Sambuc a->cache_name = strdup(name->data); 451*ebfedea0SLionel Sambuc (*name->func->release)(name); 452*ebfedea0SLionel Sambuc if (a->cache_name == NULL) 453*ebfedea0SLionel Sambuc return ccErrNoMem; 454*ebfedea0SLionel Sambuc return ccNoError; 455*ebfedea0SLionel Sambuc } 456*ebfedea0SLionel Sambuc 457*ebfedea0SLionel Sambuc 458*ebfedea0SLionel Sambuc static const char* KRB5_CALLCONV 459*ebfedea0SLionel Sambuc acc_get_name(krb5_context context, 460*ebfedea0SLionel Sambuc krb5_ccache id) 461*ebfedea0SLionel Sambuc { 462*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 463*ebfedea0SLionel Sambuc int32_t error; 464*ebfedea0SLionel Sambuc 465*ebfedea0SLionel Sambuc if (a->cache_name == NULL) { 466*ebfedea0SLionel Sambuc krb5_error_code ret; 467*ebfedea0SLionel Sambuc krb5_principal principal; 468*ebfedea0SLionel Sambuc char *name; 469*ebfedea0SLionel Sambuc 470*ebfedea0SLionel Sambuc ret = _krb5_get_default_principal_local(context, &principal); 471*ebfedea0SLionel Sambuc if (ret) 472*ebfedea0SLionel Sambuc return NULL; 473*ebfedea0SLionel Sambuc 474*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, principal, &name); 475*ebfedea0SLionel Sambuc krb5_free_principal(context, principal); 476*ebfedea0SLionel Sambuc if (ret) 477*ebfedea0SLionel Sambuc return NULL; 478*ebfedea0SLionel Sambuc 479*ebfedea0SLionel Sambuc error = (*a->context->func->create_new_ccache)(a->context, 480*ebfedea0SLionel Sambuc cc_credentials_v5, 481*ebfedea0SLionel Sambuc name, 482*ebfedea0SLionel Sambuc &a->ccache); 483*ebfedea0SLionel Sambuc krb5_xfree(name); 484*ebfedea0SLionel Sambuc if (error) 485*ebfedea0SLionel Sambuc return NULL; 486*ebfedea0SLionel Sambuc 487*ebfedea0SLionel Sambuc error = get_cc_name(a); 488*ebfedea0SLionel Sambuc if (error) 489*ebfedea0SLionel Sambuc return NULL; 490*ebfedea0SLionel Sambuc } 491*ebfedea0SLionel Sambuc 492*ebfedea0SLionel Sambuc return a->cache_name; 493*ebfedea0SLionel Sambuc } 494*ebfedea0SLionel Sambuc 495*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 496*ebfedea0SLionel Sambuc acc_alloc(krb5_context context, krb5_ccache *id) 497*ebfedea0SLionel Sambuc { 498*ebfedea0SLionel Sambuc krb5_error_code ret; 499*ebfedea0SLionel Sambuc cc_int32 error; 500*ebfedea0SLionel Sambuc krb5_acc *a; 501*ebfedea0SLionel Sambuc 502*ebfedea0SLionel Sambuc ret = init_ccapi(context); 503*ebfedea0SLionel Sambuc if (ret) 504*ebfedea0SLionel Sambuc return ret; 505*ebfedea0SLionel Sambuc 506*ebfedea0SLionel Sambuc ret = krb5_data_alloc(&(*id)->data, sizeof(*a)); 507*ebfedea0SLionel Sambuc if (ret) { 508*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 509*ebfedea0SLionel Sambuc return ret; 510*ebfedea0SLionel Sambuc } 511*ebfedea0SLionel Sambuc 512*ebfedea0SLionel Sambuc a = ACACHE(*id); 513*ebfedea0SLionel Sambuc 514*ebfedea0SLionel Sambuc error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL); 515*ebfedea0SLionel Sambuc if (error) { 516*ebfedea0SLionel Sambuc krb5_data_free(&(*id)->data); 517*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 518*ebfedea0SLionel Sambuc } 519*ebfedea0SLionel Sambuc 520*ebfedea0SLionel Sambuc a->cache_name = NULL; 521*ebfedea0SLionel Sambuc 522*ebfedea0SLionel Sambuc return 0; 523*ebfedea0SLionel Sambuc } 524*ebfedea0SLionel Sambuc 525*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 526*ebfedea0SLionel Sambuc acc_resolve(krb5_context context, krb5_ccache *id, const char *res) 527*ebfedea0SLionel Sambuc { 528*ebfedea0SLionel Sambuc krb5_error_code ret; 529*ebfedea0SLionel Sambuc cc_int32 error; 530*ebfedea0SLionel Sambuc krb5_acc *a; 531*ebfedea0SLionel Sambuc 532*ebfedea0SLionel Sambuc ret = acc_alloc(context, id); 533*ebfedea0SLionel Sambuc if (ret) 534*ebfedea0SLionel Sambuc return ret; 535*ebfedea0SLionel Sambuc 536*ebfedea0SLionel Sambuc a = ACACHE(*id); 537*ebfedea0SLionel Sambuc 538*ebfedea0SLionel Sambuc error = (*a->context->func->open_ccache)(a->context, res, &a->ccache); 539*ebfedea0SLionel Sambuc if (error == ccNoError) { 540*ebfedea0SLionel Sambuc cc_time_t offset; 541*ebfedea0SLionel Sambuc error = get_cc_name(a); 542*ebfedea0SLionel Sambuc if (error != ccNoError) { 543*ebfedea0SLionel Sambuc acc_close(context, *id); 544*ebfedea0SLionel Sambuc *id = NULL; 545*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 546*ebfedea0SLionel Sambuc } 547*ebfedea0SLionel Sambuc 548*ebfedea0SLionel Sambuc error = (*a->ccache->func->get_kdc_time_offset)(a->ccache, 549*ebfedea0SLionel Sambuc cc_credentials_v5, 550*ebfedea0SLionel Sambuc &offset); 551*ebfedea0SLionel Sambuc if (error == 0) 552*ebfedea0SLionel Sambuc context->kdc_sec_offset = offset; 553*ebfedea0SLionel Sambuc 554*ebfedea0SLionel Sambuc } else if (error == ccErrCCacheNotFound) { 555*ebfedea0SLionel Sambuc a->ccache = NULL; 556*ebfedea0SLionel Sambuc a->cache_name = NULL; 557*ebfedea0SLionel Sambuc } else { 558*ebfedea0SLionel Sambuc *id = NULL; 559*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 560*ebfedea0SLionel Sambuc } 561*ebfedea0SLionel Sambuc 562*ebfedea0SLionel Sambuc return 0; 563*ebfedea0SLionel Sambuc } 564*ebfedea0SLionel Sambuc 565*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 566*ebfedea0SLionel Sambuc acc_gen_new(krb5_context context, krb5_ccache *id) 567*ebfedea0SLionel Sambuc { 568*ebfedea0SLionel Sambuc krb5_error_code ret; 569*ebfedea0SLionel Sambuc krb5_acc *a; 570*ebfedea0SLionel Sambuc 571*ebfedea0SLionel Sambuc ret = acc_alloc(context, id); 572*ebfedea0SLionel Sambuc if (ret) 573*ebfedea0SLionel Sambuc return ret; 574*ebfedea0SLionel Sambuc 575*ebfedea0SLionel Sambuc a = ACACHE(*id); 576*ebfedea0SLionel Sambuc 577*ebfedea0SLionel Sambuc a->ccache = NULL; 578*ebfedea0SLionel Sambuc a->cache_name = NULL; 579*ebfedea0SLionel Sambuc 580*ebfedea0SLionel Sambuc return 0; 581*ebfedea0SLionel Sambuc } 582*ebfedea0SLionel Sambuc 583*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 584*ebfedea0SLionel Sambuc acc_initialize(krb5_context context, 585*ebfedea0SLionel Sambuc krb5_ccache id, 586*ebfedea0SLionel Sambuc krb5_principal primary_principal) 587*ebfedea0SLionel Sambuc { 588*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 589*ebfedea0SLionel Sambuc krb5_error_code ret; 590*ebfedea0SLionel Sambuc int32_t error; 591*ebfedea0SLionel Sambuc char *name; 592*ebfedea0SLionel Sambuc 593*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, primary_principal, &name); 594*ebfedea0SLionel Sambuc if (ret) 595*ebfedea0SLionel Sambuc return ret; 596*ebfedea0SLionel Sambuc 597*ebfedea0SLionel Sambuc if (a->cache_name == NULL) { 598*ebfedea0SLionel Sambuc error = (*a->context->func->create_new_ccache)(a->context, 599*ebfedea0SLionel Sambuc cc_credentials_v5, 600*ebfedea0SLionel Sambuc name, 601*ebfedea0SLionel Sambuc &a->ccache); 602*ebfedea0SLionel Sambuc free(name); 603*ebfedea0SLionel Sambuc if (error == ccNoError) 604*ebfedea0SLionel Sambuc error = get_cc_name(a); 605*ebfedea0SLionel Sambuc } else { 606*ebfedea0SLionel Sambuc cc_credentials_iterator_t iter; 607*ebfedea0SLionel Sambuc cc_credentials_t ccred; 608*ebfedea0SLionel Sambuc 609*ebfedea0SLionel Sambuc error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); 610*ebfedea0SLionel Sambuc if (error) { 611*ebfedea0SLionel Sambuc free(name); 612*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 613*ebfedea0SLionel Sambuc } 614*ebfedea0SLionel Sambuc 615*ebfedea0SLionel Sambuc while (1) { 616*ebfedea0SLionel Sambuc error = (*iter->func->next)(iter, &ccred); 617*ebfedea0SLionel Sambuc if (error) 618*ebfedea0SLionel Sambuc break; 619*ebfedea0SLionel Sambuc (*a->ccache->func->remove_credentials)(a->ccache, ccred); 620*ebfedea0SLionel Sambuc (*ccred->func->release)(ccred); 621*ebfedea0SLionel Sambuc } 622*ebfedea0SLionel Sambuc (*iter->func->release)(iter); 623*ebfedea0SLionel Sambuc 624*ebfedea0SLionel Sambuc error = (*a->ccache->func->set_principal)(a->ccache, 625*ebfedea0SLionel Sambuc cc_credentials_v5, 626*ebfedea0SLionel Sambuc name); 627*ebfedea0SLionel Sambuc } 628*ebfedea0SLionel Sambuc 629*ebfedea0SLionel Sambuc if (error == 0 && context->kdc_sec_offset) 630*ebfedea0SLionel Sambuc error = (*a->ccache->func->set_kdc_time_offset)(a->ccache, 631*ebfedea0SLionel Sambuc cc_credentials_v5, 632*ebfedea0SLionel Sambuc context->kdc_sec_offset); 633*ebfedea0SLionel Sambuc 634*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 635*ebfedea0SLionel Sambuc } 636*ebfedea0SLionel Sambuc 637*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 638*ebfedea0SLionel Sambuc acc_close(krb5_context context, 639*ebfedea0SLionel Sambuc krb5_ccache id) 640*ebfedea0SLionel Sambuc { 641*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 642*ebfedea0SLionel Sambuc 643*ebfedea0SLionel Sambuc if (a->ccache) { 644*ebfedea0SLionel Sambuc (*a->ccache->func->release)(a->ccache); 645*ebfedea0SLionel Sambuc a->ccache = NULL; 646*ebfedea0SLionel Sambuc } 647*ebfedea0SLionel Sambuc if (a->cache_name) { 648*ebfedea0SLionel Sambuc free(a->cache_name); 649*ebfedea0SLionel Sambuc a->cache_name = NULL; 650*ebfedea0SLionel Sambuc } 651*ebfedea0SLionel Sambuc if (a->context) { 652*ebfedea0SLionel Sambuc (*a->context->func->release)(a->context); 653*ebfedea0SLionel Sambuc a->context = NULL; 654*ebfedea0SLionel Sambuc } 655*ebfedea0SLionel Sambuc krb5_data_free(&id->data); 656*ebfedea0SLionel Sambuc return 0; 657*ebfedea0SLionel Sambuc } 658*ebfedea0SLionel Sambuc 659*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 660*ebfedea0SLionel Sambuc acc_destroy(krb5_context context, 661*ebfedea0SLionel Sambuc krb5_ccache id) 662*ebfedea0SLionel Sambuc { 663*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 664*ebfedea0SLionel Sambuc cc_int32 error = 0; 665*ebfedea0SLionel Sambuc 666*ebfedea0SLionel Sambuc if (a->ccache) { 667*ebfedea0SLionel Sambuc error = (*a->ccache->func->destroy)(a->ccache); 668*ebfedea0SLionel Sambuc a->ccache = NULL; 669*ebfedea0SLionel Sambuc } 670*ebfedea0SLionel Sambuc if (a->context) { 671*ebfedea0SLionel Sambuc error = (a->context->func->release)(a->context); 672*ebfedea0SLionel Sambuc a->context = NULL; 673*ebfedea0SLionel Sambuc } 674*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 675*ebfedea0SLionel Sambuc } 676*ebfedea0SLionel Sambuc 677*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 678*ebfedea0SLionel Sambuc acc_store_cred(krb5_context context, 679*ebfedea0SLionel Sambuc krb5_ccache id, 680*ebfedea0SLionel Sambuc krb5_creds *creds) 681*ebfedea0SLionel Sambuc { 682*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 683*ebfedea0SLionel Sambuc cc_credentials_union cred; 684*ebfedea0SLionel Sambuc cc_credentials_v5_t v5cred; 685*ebfedea0SLionel Sambuc krb5_error_code ret; 686*ebfedea0SLionel Sambuc cc_int32 error; 687*ebfedea0SLionel Sambuc 688*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 689*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 690*ebfedea0SLionel Sambuc N_("No API credential found", "")); 691*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 692*ebfedea0SLionel Sambuc } 693*ebfedea0SLionel Sambuc 694*ebfedea0SLionel Sambuc cred.version = cc_credentials_v5; 695*ebfedea0SLionel Sambuc cred.credentials.credentials_v5 = &v5cred; 696*ebfedea0SLionel Sambuc 697*ebfedea0SLionel Sambuc ret = make_ccred_from_cred(context, 698*ebfedea0SLionel Sambuc creds, 699*ebfedea0SLionel Sambuc &v5cred); 700*ebfedea0SLionel Sambuc if (ret) 701*ebfedea0SLionel Sambuc return ret; 702*ebfedea0SLionel Sambuc 703*ebfedea0SLionel Sambuc error = (*a->ccache->func->store_credentials)(a->ccache, &cred); 704*ebfedea0SLionel Sambuc if (error) 705*ebfedea0SLionel Sambuc ret = translate_cc_error(context, error); 706*ebfedea0SLionel Sambuc 707*ebfedea0SLionel Sambuc free_ccred(&v5cred); 708*ebfedea0SLionel Sambuc 709*ebfedea0SLionel Sambuc return ret; 710*ebfedea0SLionel Sambuc } 711*ebfedea0SLionel Sambuc 712*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 713*ebfedea0SLionel Sambuc acc_get_principal(krb5_context context, 714*ebfedea0SLionel Sambuc krb5_ccache id, 715*ebfedea0SLionel Sambuc krb5_principal *principal) 716*ebfedea0SLionel Sambuc { 717*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 718*ebfedea0SLionel Sambuc krb5_error_code ret; 719*ebfedea0SLionel Sambuc int32_t error; 720*ebfedea0SLionel Sambuc cc_string_t name; 721*ebfedea0SLionel Sambuc 722*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 723*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 724*ebfedea0SLionel Sambuc N_("No API credential found", "")); 725*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 726*ebfedea0SLionel Sambuc } 727*ebfedea0SLionel Sambuc 728*ebfedea0SLionel Sambuc error = (*a->ccache->func->get_principal)(a->ccache, 729*ebfedea0SLionel Sambuc cc_credentials_v5, 730*ebfedea0SLionel Sambuc &name); 731*ebfedea0SLionel Sambuc if (error) 732*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 733*ebfedea0SLionel Sambuc 734*ebfedea0SLionel Sambuc ret = krb5_parse_name(context, name->data, principal); 735*ebfedea0SLionel Sambuc 736*ebfedea0SLionel Sambuc (*name->func->release)(name); 737*ebfedea0SLionel Sambuc return ret; 738*ebfedea0SLionel Sambuc } 739*ebfedea0SLionel Sambuc 740*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 741*ebfedea0SLionel Sambuc acc_get_first (krb5_context context, 742*ebfedea0SLionel Sambuc krb5_ccache id, 743*ebfedea0SLionel Sambuc krb5_cc_cursor *cursor) 744*ebfedea0SLionel Sambuc { 745*ebfedea0SLionel Sambuc cc_credentials_iterator_t iter; 746*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 747*ebfedea0SLionel Sambuc int32_t error; 748*ebfedea0SLionel Sambuc 749*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 750*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 751*ebfedea0SLionel Sambuc N_("No API credential found", "")); 752*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 753*ebfedea0SLionel Sambuc } 754*ebfedea0SLionel Sambuc 755*ebfedea0SLionel Sambuc error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); 756*ebfedea0SLionel Sambuc if (error) { 757*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 758*ebfedea0SLionel Sambuc return ENOENT; 759*ebfedea0SLionel Sambuc } 760*ebfedea0SLionel Sambuc *cursor = iter; 761*ebfedea0SLionel Sambuc return 0; 762*ebfedea0SLionel Sambuc } 763*ebfedea0SLionel Sambuc 764*ebfedea0SLionel Sambuc 765*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 766*ebfedea0SLionel Sambuc acc_get_next (krb5_context context, 767*ebfedea0SLionel Sambuc krb5_ccache id, 768*ebfedea0SLionel Sambuc krb5_cc_cursor *cursor, 769*ebfedea0SLionel Sambuc krb5_creds *creds) 770*ebfedea0SLionel Sambuc { 771*ebfedea0SLionel Sambuc cc_credentials_iterator_t iter = *cursor; 772*ebfedea0SLionel Sambuc cc_credentials_t cred; 773*ebfedea0SLionel Sambuc krb5_error_code ret; 774*ebfedea0SLionel Sambuc int32_t error; 775*ebfedea0SLionel Sambuc 776*ebfedea0SLionel Sambuc while (1) { 777*ebfedea0SLionel Sambuc error = (*iter->func->next)(iter, &cred); 778*ebfedea0SLionel Sambuc if (error) 779*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 780*ebfedea0SLionel Sambuc if (cred->data->version == cc_credentials_v5) 781*ebfedea0SLionel Sambuc break; 782*ebfedea0SLionel Sambuc (*cred->func->release)(cred); 783*ebfedea0SLionel Sambuc } 784*ebfedea0SLionel Sambuc 785*ebfedea0SLionel Sambuc ret = make_cred_from_ccred(context, 786*ebfedea0SLionel Sambuc cred->data->credentials.credentials_v5, 787*ebfedea0SLionel Sambuc creds); 788*ebfedea0SLionel Sambuc (*cred->func->release)(cred); 789*ebfedea0SLionel Sambuc return ret; 790*ebfedea0SLionel Sambuc } 791*ebfedea0SLionel Sambuc 792*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 793*ebfedea0SLionel Sambuc acc_end_get (krb5_context context, 794*ebfedea0SLionel Sambuc krb5_ccache id, 795*ebfedea0SLionel Sambuc krb5_cc_cursor *cursor) 796*ebfedea0SLionel Sambuc { 797*ebfedea0SLionel Sambuc cc_credentials_iterator_t iter = *cursor; 798*ebfedea0SLionel Sambuc (*iter->func->release)(iter); 799*ebfedea0SLionel Sambuc return 0; 800*ebfedea0SLionel Sambuc } 801*ebfedea0SLionel Sambuc 802*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 803*ebfedea0SLionel Sambuc acc_remove_cred(krb5_context context, 804*ebfedea0SLionel Sambuc krb5_ccache id, 805*ebfedea0SLionel Sambuc krb5_flags which, 806*ebfedea0SLionel Sambuc krb5_creds *cred) 807*ebfedea0SLionel Sambuc { 808*ebfedea0SLionel Sambuc cc_credentials_iterator_t iter; 809*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 810*ebfedea0SLionel Sambuc cc_credentials_t ccred; 811*ebfedea0SLionel Sambuc krb5_error_code ret; 812*ebfedea0SLionel Sambuc cc_int32 error; 813*ebfedea0SLionel Sambuc char *client, *server; 814*ebfedea0SLionel Sambuc 815*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 816*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 817*ebfedea0SLionel Sambuc N_("No API credential found", "")); 818*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 819*ebfedea0SLionel Sambuc } 820*ebfedea0SLionel Sambuc 821*ebfedea0SLionel Sambuc if (cred->client) { 822*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, cred->client, &client); 823*ebfedea0SLionel Sambuc if (ret) 824*ebfedea0SLionel Sambuc return ret; 825*ebfedea0SLionel Sambuc } else 826*ebfedea0SLionel Sambuc client = NULL; 827*ebfedea0SLionel Sambuc 828*ebfedea0SLionel Sambuc ret = krb5_unparse_name(context, cred->server, &server); 829*ebfedea0SLionel Sambuc if (ret) { 830*ebfedea0SLionel Sambuc free(client); 831*ebfedea0SLionel Sambuc return ret; 832*ebfedea0SLionel Sambuc } 833*ebfedea0SLionel Sambuc 834*ebfedea0SLionel Sambuc error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); 835*ebfedea0SLionel Sambuc if (error) { 836*ebfedea0SLionel Sambuc free(server); 837*ebfedea0SLionel Sambuc free(client); 838*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 839*ebfedea0SLionel Sambuc } 840*ebfedea0SLionel Sambuc 841*ebfedea0SLionel Sambuc ret = KRB5_CC_NOTFOUND; 842*ebfedea0SLionel Sambuc while (1) { 843*ebfedea0SLionel Sambuc cc_credentials_v5_t *v5cred; 844*ebfedea0SLionel Sambuc 845*ebfedea0SLionel Sambuc error = (*iter->func->next)(iter, &ccred); 846*ebfedea0SLionel Sambuc if (error) 847*ebfedea0SLionel Sambuc break; 848*ebfedea0SLionel Sambuc 849*ebfedea0SLionel Sambuc if (ccred->data->version != cc_credentials_v5) 850*ebfedea0SLionel Sambuc goto next; 851*ebfedea0SLionel Sambuc 852*ebfedea0SLionel Sambuc v5cred = ccred->data->credentials.credentials_v5; 853*ebfedea0SLionel Sambuc 854*ebfedea0SLionel Sambuc if (client && strcmp(v5cred->client, client) != 0) 855*ebfedea0SLionel Sambuc goto next; 856*ebfedea0SLionel Sambuc 857*ebfedea0SLionel Sambuc if (strcmp(v5cred->server, server) != 0) 858*ebfedea0SLionel Sambuc goto next; 859*ebfedea0SLionel Sambuc 860*ebfedea0SLionel Sambuc (*a->ccache->func->remove_credentials)(a->ccache, ccred); 861*ebfedea0SLionel Sambuc ret = 0; 862*ebfedea0SLionel Sambuc next: 863*ebfedea0SLionel Sambuc (*ccred->func->release)(ccred); 864*ebfedea0SLionel Sambuc } 865*ebfedea0SLionel Sambuc 866*ebfedea0SLionel Sambuc (*iter->func->release)(iter); 867*ebfedea0SLionel Sambuc 868*ebfedea0SLionel Sambuc if (ret) 869*ebfedea0SLionel Sambuc krb5_set_error_message(context, ret, 870*ebfedea0SLionel Sambuc N_("Can't find credential %s in cache", 871*ebfedea0SLionel Sambuc "principal"), server); 872*ebfedea0SLionel Sambuc free(server); 873*ebfedea0SLionel Sambuc free(client); 874*ebfedea0SLionel Sambuc 875*ebfedea0SLionel Sambuc return ret; 876*ebfedea0SLionel Sambuc } 877*ebfedea0SLionel Sambuc 878*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 879*ebfedea0SLionel Sambuc acc_set_flags(krb5_context context, 880*ebfedea0SLionel Sambuc krb5_ccache id, 881*ebfedea0SLionel Sambuc krb5_flags flags) 882*ebfedea0SLionel Sambuc { 883*ebfedea0SLionel Sambuc return 0; 884*ebfedea0SLionel Sambuc } 885*ebfedea0SLionel Sambuc 886*ebfedea0SLionel Sambuc static int KRB5_CALLCONV 887*ebfedea0SLionel Sambuc acc_get_version(krb5_context context, 888*ebfedea0SLionel Sambuc krb5_ccache id) 889*ebfedea0SLionel Sambuc { 890*ebfedea0SLionel Sambuc return 0; 891*ebfedea0SLionel Sambuc } 892*ebfedea0SLionel Sambuc 893*ebfedea0SLionel Sambuc struct cache_iter { 894*ebfedea0SLionel Sambuc cc_context_t context; 895*ebfedea0SLionel Sambuc cc_ccache_iterator_t iter; 896*ebfedea0SLionel Sambuc }; 897*ebfedea0SLionel Sambuc 898*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 899*ebfedea0SLionel Sambuc acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) 900*ebfedea0SLionel Sambuc { 901*ebfedea0SLionel Sambuc struct cache_iter *iter; 902*ebfedea0SLionel Sambuc krb5_error_code ret; 903*ebfedea0SLionel Sambuc cc_int32 error; 904*ebfedea0SLionel Sambuc 905*ebfedea0SLionel Sambuc ret = init_ccapi(context); 906*ebfedea0SLionel Sambuc if (ret) 907*ebfedea0SLionel Sambuc return ret; 908*ebfedea0SLionel Sambuc 909*ebfedea0SLionel Sambuc iter = calloc(1, sizeof(*iter)); 910*ebfedea0SLionel Sambuc if (iter == NULL) { 911*ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); 912*ebfedea0SLionel Sambuc return ENOMEM; 913*ebfedea0SLionel Sambuc } 914*ebfedea0SLionel Sambuc 915*ebfedea0SLionel Sambuc error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL); 916*ebfedea0SLionel Sambuc if (error) { 917*ebfedea0SLionel Sambuc free(iter); 918*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 919*ebfedea0SLionel Sambuc } 920*ebfedea0SLionel Sambuc 921*ebfedea0SLionel Sambuc error = (*iter->context->func->new_ccache_iterator)(iter->context, 922*ebfedea0SLionel Sambuc &iter->iter); 923*ebfedea0SLionel Sambuc if (error) { 924*ebfedea0SLionel Sambuc free(iter); 925*ebfedea0SLionel Sambuc krb5_clear_error_message(context); 926*ebfedea0SLionel Sambuc return ENOENT; 927*ebfedea0SLionel Sambuc } 928*ebfedea0SLionel Sambuc *cursor = iter; 929*ebfedea0SLionel Sambuc return 0; 930*ebfedea0SLionel Sambuc } 931*ebfedea0SLionel Sambuc 932*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 933*ebfedea0SLionel Sambuc acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) 934*ebfedea0SLionel Sambuc { 935*ebfedea0SLionel Sambuc struct cache_iter *iter = cursor; 936*ebfedea0SLionel Sambuc cc_ccache_t cache; 937*ebfedea0SLionel Sambuc krb5_acc *a; 938*ebfedea0SLionel Sambuc krb5_error_code ret; 939*ebfedea0SLionel Sambuc int32_t error; 940*ebfedea0SLionel Sambuc 941*ebfedea0SLionel Sambuc error = (*iter->iter->func->next)(iter->iter, &cache); 942*ebfedea0SLionel Sambuc if (error) 943*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 944*ebfedea0SLionel Sambuc 945*ebfedea0SLionel Sambuc ret = _krb5_cc_allocate(context, &krb5_acc_ops, id); 946*ebfedea0SLionel Sambuc if (ret) { 947*ebfedea0SLionel Sambuc (*cache->func->release)(cache); 948*ebfedea0SLionel Sambuc return ret; 949*ebfedea0SLionel Sambuc } 950*ebfedea0SLionel Sambuc 951*ebfedea0SLionel Sambuc ret = acc_alloc(context, id); 952*ebfedea0SLionel Sambuc if (ret) { 953*ebfedea0SLionel Sambuc (*cache->func->release)(cache); 954*ebfedea0SLionel Sambuc free(*id); 955*ebfedea0SLionel Sambuc return ret; 956*ebfedea0SLionel Sambuc } 957*ebfedea0SLionel Sambuc 958*ebfedea0SLionel Sambuc a = ACACHE(*id); 959*ebfedea0SLionel Sambuc a->ccache = cache; 960*ebfedea0SLionel Sambuc 961*ebfedea0SLionel Sambuc error = get_cc_name(a); 962*ebfedea0SLionel Sambuc if (error) { 963*ebfedea0SLionel Sambuc acc_close(context, *id); 964*ebfedea0SLionel Sambuc *id = NULL; 965*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 966*ebfedea0SLionel Sambuc } 967*ebfedea0SLionel Sambuc return 0; 968*ebfedea0SLionel Sambuc } 969*ebfedea0SLionel Sambuc 970*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 971*ebfedea0SLionel Sambuc acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) 972*ebfedea0SLionel Sambuc { 973*ebfedea0SLionel Sambuc struct cache_iter *iter = cursor; 974*ebfedea0SLionel Sambuc 975*ebfedea0SLionel Sambuc (*iter->iter->func->release)(iter->iter); 976*ebfedea0SLionel Sambuc iter->iter = NULL; 977*ebfedea0SLionel Sambuc (*iter->context->func->release)(iter->context); 978*ebfedea0SLionel Sambuc iter->context = NULL; 979*ebfedea0SLionel Sambuc free(iter); 980*ebfedea0SLionel Sambuc return 0; 981*ebfedea0SLionel Sambuc } 982*ebfedea0SLionel Sambuc 983*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 984*ebfedea0SLionel Sambuc acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) 985*ebfedea0SLionel Sambuc { 986*ebfedea0SLionel Sambuc krb5_acc *afrom = ACACHE(from); 987*ebfedea0SLionel Sambuc krb5_acc *ato = ACACHE(to); 988*ebfedea0SLionel Sambuc int32_t error; 989*ebfedea0SLionel Sambuc 990*ebfedea0SLionel Sambuc if (ato->ccache == NULL) { 991*ebfedea0SLionel Sambuc cc_string_t name; 992*ebfedea0SLionel Sambuc 993*ebfedea0SLionel Sambuc error = (*afrom->ccache->func->get_principal)(afrom->ccache, 994*ebfedea0SLionel Sambuc cc_credentials_v5, 995*ebfedea0SLionel Sambuc &name); 996*ebfedea0SLionel Sambuc if (error) 997*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 998*ebfedea0SLionel Sambuc 999*ebfedea0SLionel Sambuc error = (*ato->context->func->create_new_ccache)(ato->context, 1000*ebfedea0SLionel Sambuc cc_credentials_v5, 1001*ebfedea0SLionel Sambuc name->data, 1002*ebfedea0SLionel Sambuc &ato->ccache); 1003*ebfedea0SLionel Sambuc (*name->func->release)(name); 1004*ebfedea0SLionel Sambuc if (error) 1005*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1006*ebfedea0SLionel Sambuc } 1007*ebfedea0SLionel Sambuc 1008*ebfedea0SLionel Sambuc error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache); 1009*ebfedea0SLionel Sambuc 1010*ebfedea0SLionel Sambuc acc_destroy(context, from); 1011*ebfedea0SLionel Sambuc 1012*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1013*ebfedea0SLionel Sambuc } 1014*ebfedea0SLionel Sambuc 1015*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 1016*ebfedea0SLionel Sambuc acc_get_default_name(krb5_context context, char **str) 1017*ebfedea0SLionel Sambuc { 1018*ebfedea0SLionel Sambuc krb5_error_code ret; 1019*ebfedea0SLionel Sambuc cc_context_t cc; 1020*ebfedea0SLionel Sambuc cc_string_t name; 1021*ebfedea0SLionel Sambuc int32_t error; 1022*ebfedea0SLionel Sambuc 1023*ebfedea0SLionel Sambuc ret = init_ccapi(context); 1024*ebfedea0SLionel Sambuc if (ret) 1025*ebfedea0SLionel Sambuc return ret; 1026*ebfedea0SLionel Sambuc 1027*ebfedea0SLionel Sambuc error = (*init_func)(&cc, ccapi_version_3, NULL, NULL); 1028*ebfedea0SLionel Sambuc if (error) 1029*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1030*ebfedea0SLionel Sambuc 1031*ebfedea0SLionel Sambuc error = (*cc->func->get_default_ccache_name)(cc, &name); 1032*ebfedea0SLionel Sambuc if (error) { 1033*ebfedea0SLionel Sambuc (*cc->func->release)(cc); 1034*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1035*ebfedea0SLionel Sambuc } 1036*ebfedea0SLionel Sambuc 1037*ebfedea0SLionel Sambuc error = asprintf(str, "API:%s", name->data); 1038*ebfedea0SLionel Sambuc (*name->func->release)(name); 1039*ebfedea0SLionel Sambuc (*cc->func->release)(cc); 1040*ebfedea0SLionel Sambuc 1041*ebfedea0SLionel Sambuc if (error < 0 || *str == NULL) { 1042*ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 1043*ebfedea0SLionel Sambuc return ENOMEM; 1044*ebfedea0SLionel Sambuc } 1045*ebfedea0SLionel Sambuc return 0; 1046*ebfedea0SLionel Sambuc } 1047*ebfedea0SLionel Sambuc 1048*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 1049*ebfedea0SLionel Sambuc acc_set_default(krb5_context context, krb5_ccache id) 1050*ebfedea0SLionel Sambuc { 1051*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 1052*ebfedea0SLionel Sambuc cc_int32 error; 1053*ebfedea0SLionel Sambuc 1054*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 1055*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 1056*ebfedea0SLionel Sambuc N_("No API credential found", "")); 1057*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 1058*ebfedea0SLionel Sambuc } 1059*ebfedea0SLionel Sambuc 1060*ebfedea0SLionel Sambuc error = (*a->ccache->func->set_default)(a->ccache); 1061*ebfedea0SLionel Sambuc if (error) 1062*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1063*ebfedea0SLionel Sambuc 1064*ebfedea0SLionel Sambuc return 0; 1065*ebfedea0SLionel Sambuc } 1066*ebfedea0SLionel Sambuc 1067*ebfedea0SLionel Sambuc static krb5_error_code KRB5_CALLCONV 1068*ebfedea0SLionel Sambuc acc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) 1069*ebfedea0SLionel Sambuc { 1070*ebfedea0SLionel Sambuc krb5_acc *a = ACACHE(id); 1071*ebfedea0SLionel Sambuc cc_int32 error; 1072*ebfedea0SLionel Sambuc cc_time_t t; 1073*ebfedea0SLionel Sambuc 1074*ebfedea0SLionel Sambuc if (a->ccache == NULL) { 1075*ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOTFOUND, 1076*ebfedea0SLionel Sambuc N_("No API credential found", "")); 1077*ebfedea0SLionel Sambuc return KRB5_CC_NOTFOUND; 1078*ebfedea0SLionel Sambuc } 1079*ebfedea0SLionel Sambuc 1080*ebfedea0SLionel Sambuc error = (*a->ccache->func->get_change_time)(a->ccache, &t); 1081*ebfedea0SLionel Sambuc if (error) 1082*ebfedea0SLionel Sambuc return translate_cc_error(context, error); 1083*ebfedea0SLionel Sambuc 1084*ebfedea0SLionel Sambuc *mtime = t; 1085*ebfedea0SLionel Sambuc 1086*ebfedea0SLionel Sambuc return 0; 1087*ebfedea0SLionel Sambuc } 1088*ebfedea0SLionel Sambuc 1089*ebfedea0SLionel Sambuc /** 1090*ebfedea0SLionel Sambuc * Variable containing the API based credential cache implemention. 1091*ebfedea0SLionel Sambuc * 1092*ebfedea0SLionel Sambuc * @ingroup krb5_ccache 1093*ebfedea0SLionel Sambuc */ 1094*ebfedea0SLionel Sambuc 1095*ebfedea0SLionel Sambuc KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { 1096*ebfedea0SLionel Sambuc KRB5_CC_OPS_VERSION, 1097*ebfedea0SLionel Sambuc "API", 1098*ebfedea0SLionel Sambuc acc_get_name, 1099*ebfedea0SLionel Sambuc acc_resolve, 1100*ebfedea0SLionel Sambuc acc_gen_new, 1101*ebfedea0SLionel Sambuc acc_initialize, 1102*ebfedea0SLionel Sambuc acc_destroy, 1103*ebfedea0SLionel Sambuc acc_close, 1104*ebfedea0SLionel Sambuc acc_store_cred, 1105*ebfedea0SLionel Sambuc NULL, /* acc_retrieve */ 1106*ebfedea0SLionel Sambuc acc_get_principal, 1107*ebfedea0SLionel Sambuc acc_get_first, 1108*ebfedea0SLionel Sambuc acc_get_next, 1109*ebfedea0SLionel Sambuc acc_end_get, 1110*ebfedea0SLionel Sambuc acc_remove_cred, 1111*ebfedea0SLionel Sambuc acc_set_flags, 1112*ebfedea0SLionel Sambuc acc_get_version, 1113*ebfedea0SLionel Sambuc acc_get_cache_first, 1114*ebfedea0SLionel Sambuc acc_get_cache_next, 1115*ebfedea0SLionel Sambuc acc_end_cache_get, 1116*ebfedea0SLionel Sambuc acc_move, 1117*ebfedea0SLionel Sambuc acc_get_default_name, 1118*ebfedea0SLionel Sambuc acc_set_default, 1119*ebfedea0SLionel Sambuc acc_lastchange 1120*ebfedea0SLionel Sambuc }; 1121*ebfedea0SLionel Sambuc 1122*ebfedea0SLionel Sambuc #endif 1123