1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/ccache/ccfns.c - Dispatch methods for credentials cache code.*/
3 /*
4 * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 #include "k5-int.h"
28 #include "cc-int.h"
29 #include "../krb/int-proto.h"
30
31 const char * KRB5_CALLCONV
krb5_cc_get_name(krb5_context context,krb5_ccache cache)32 krb5_cc_get_name(krb5_context context, krb5_ccache cache)
33 {
34 return cache->ops->get_name(context, cache);
35 }
36
37 krb5_error_code KRB5_CALLCONV
krb5_cc_get_full_name(krb5_context context,krb5_ccache cache,char ** fullname_out)38 krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
39 char **fullname_out)
40 {
41 char *name;
42
43 *fullname_out = NULL;
44 if (asprintf(&name, "%s:%s", cache->ops->prefix,
45 cache->ops->get_name(context, cache)) < 0)
46 return ENOMEM;
47 *fullname_out = name;
48 return 0;
49 }
50
51 krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new(krb5_context context,krb5_ccache * cache)52 krb5_cc_gen_new(krb5_context context, krb5_ccache *cache)
53 {
54 TRACE_CC_GEN_NEW(context, cache);
55 return (*cache)->ops->gen_new(context, cache);
56 }
57
58 krb5_error_code KRB5_CALLCONV
krb5_cc_initialize(krb5_context context,krb5_ccache cache,krb5_principal principal)59 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
60 krb5_principal principal)
61 {
62 TRACE_CC_INIT(context, cache, principal);
63 return cache->ops->init(context, cache, principal);
64 }
65
66 krb5_error_code KRB5_CALLCONV
krb5_cc_destroy(krb5_context context,krb5_ccache cache)67 krb5_cc_destroy(krb5_context context, krb5_ccache cache)
68 {
69 TRACE_CC_DESTROY(context, cache);
70 return cache->ops->destroy(context, cache);
71 }
72
73 krb5_error_code KRB5_CALLCONV
krb5_cc_close(krb5_context context,krb5_ccache cache)74 krb5_cc_close(krb5_context context, krb5_ccache cache)
75 {
76 return cache->ops->close(context, cache);
77 }
78
79 krb5_error_code KRB5_CALLCONV
krb5_cc_store_cred(krb5_context context,krb5_ccache cache,krb5_creds * creds)80 krb5_cc_store_cred(krb5_context context, krb5_ccache cache,
81 krb5_creds *creds)
82 {
83 TRACE_CC_STORE(context, cache, creds);
84 return cache->ops->store(context, cache, creds);
85 }
86
87 krb5_error_code KRB5_CALLCONV
krb5_cc_retrieve_cred(krb5_context context,krb5_ccache cache,krb5_flags flags,krb5_creds * mcreds,krb5_creds * creds)88 krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache,
89 krb5_flags flags, krb5_creds *mcreds,
90 krb5_creds *creds)
91 {
92 krb5_error_code ret;
93 krb5_data tmprealm;
94
95 ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
96 TRACE_CC_RETRIEVE(context, cache, mcreds, ret);
97 if (ret != KRB5_CC_NOTFOUND)
98 return ret;
99 if (mcreds->client == NULL || mcreds->server == NULL ||
100 !krb5_is_referral_realm(&mcreds->server->realm))
101 return ret;
102
103 /*
104 * Retry using client's realm if service has referral realm.
105 */
106 tmprealm = mcreds->server->realm;
107 mcreds->server->realm = mcreds->client->realm;
108 ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
109 TRACE_CC_RETRIEVE_REF(context, cache, mcreds, ret);
110 mcreds->server->realm = tmprealm;
111 return ret;
112 }
113
114 krb5_error_code KRB5_CALLCONV
krb5_cc_get_principal(krb5_context context,krb5_ccache cache,krb5_principal * principal)115 krb5_cc_get_principal(krb5_context context, krb5_ccache cache,
116 krb5_principal *principal)
117 {
118 return cache->ops->get_princ(context, cache, principal);
119 }
120
121 krb5_error_code KRB5_CALLCONV
krb5_cc_start_seq_get(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor)122 krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache,
123 krb5_cc_cursor *cursor)
124 {
125 return cache->ops->get_first(context, cache, cursor);
126 }
127
128 krb5_error_code KRB5_CALLCONV
krb5_cc_next_cred(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor,krb5_creds * creds)129 krb5_cc_next_cred(krb5_context context, krb5_ccache cache,
130 krb5_cc_cursor *cursor, krb5_creds *creds)
131 {
132 return cache->ops->get_next(context, cache, cursor, creds);
133 }
134
135 krb5_error_code KRB5_CALLCONV
krb5_cc_end_seq_get(krb5_context context,krb5_ccache cache,krb5_cc_cursor * cursor)136 krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache,
137 krb5_cc_cursor *cursor)
138 {
139 return cache->ops->end_get(context, cache, cursor);
140 }
141
142 krb5_error_code KRB5_CALLCONV
krb5_cc_remove_cred(krb5_context context,krb5_ccache cache,krb5_flags flags,krb5_creds * creds)143 krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
144 krb5_creds *creds)
145 {
146 TRACE_CC_REMOVE(context, cache, creds);
147 return cache->ops->remove_cred(context, cache, flags, creds);
148 }
149
150 krb5_error_code KRB5_CALLCONV
krb5_cc_set_flags(krb5_context context,krb5_ccache cache,krb5_flags flags)151 krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
152 {
153 return cache->ops->set_flags(context, cache, flags);
154 }
155
156 krb5_error_code KRB5_CALLCONV
krb5_cc_get_flags(krb5_context context,krb5_ccache cache,krb5_flags * flags)157 krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags)
158 {
159 return cache->ops->get_flags(context, cache, flags);
160 }
161
162 const char * KRB5_CALLCONV
krb5_cc_get_type(krb5_context context,krb5_ccache cache)163 krb5_cc_get_type(krb5_context context, krb5_ccache cache)
164 {
165 return cache->ops->prefix;
166 }
167
168 krb5_error_code
k5_cc_lock(krb5_context context,krb5_ccache ccache)169 k5_cc_lock(krb5_context context, krb5_ccache ccache)
170 {
171 return ccache->ops->lock(context, ccache);
172 }
173
174 krb5_error_code
k5_cc_unlock(krb5_context context,krb5_ccache ccache)175 k5_cc_unlock(krb5_context context, krb5_ccache ccache)
176 {
177 return ccache->ops->unlock(context, ccache);
178 }
179
180 static const char conf_realm[] = "X-CACHECONF:";
181 static const char conf_name[] = "krb5_ccache_conf_data";
182
183 krb5_error_code
k5_build_conf_principals(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * name,krb5_creds * cred)184 k5_build_conf_principals(krb5_context context, krb5_ccache id,
185 krb5_const_principal principal,
186 const char *name, krb5_creds *cred)
187 {
188 krb5_principal client;
189 krb5_error_code ret;
190 char *pname = NULL;
191
192 memset(cred, 0, sizeof(*cred));
193
194 ret = krb5_cc_get_principal(context, id, &client);
195 if (ret)
196 return ret;
197
198 if (principal) {
199 ret = krb5_unparse_name(context, principal, &pname);
200 if (ret)
201 return ret;
202 }
203
204 ret = krb5_build_principal(context, &cred->server,
205 sizeof(conf_realm) - 1, conf_realm,
206 conf_name, name, pname, (char *)NULL);
207 krb5_free_unparsed_name(context, pname);
208 if (ret) {
209 krb5_free_principal(context, client);
210 return ret;
211 }
212 ret = krb5_copy_principal(context, client, &cred->client);
213 krb5_free_principal(context, client);
214 return ret;
215 }
216
217 krb5_boolean KRB5_CALLCONV
krb5_is_config_principal(krb5_context context,krb5_const_principal principal)218 krb5_is_config_principal(krb5_context context,
219 krb5_const_principal principal)
220 {
221 const krb5_data *realm = &principal->realm;
222
223 if (realm->length != sizeof(conf_realm) - 1 ||
224 memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0)
225 return FALSE;
226
227 if (principal->length == 0 ||
228 principal->data[0].length != (sizeof(conf_name) - 1) ||
229 memcmp(principal->data[0].data, conf_name, sizeof(conf_name) - 1) != 0)
230 return FALSE;
231
232 return TRUE;
233 }
234
235 krb5_error_code KRB5_CALLCONV
krb5_cc_set_config(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * key,krb5_data * data)236 krb5_cc_set_config(krb5_context context, krb5_ccache id,
237 krb5_const_principal principal,
238 const char *key, krb5_data *data)
239 {
240 krb5_error_code ret;
241 krb5_creds cred;
242 memset(&cred, 0, sizeof(cred));
243
244 TRACE_CC_SET_CONFIG(context, id, principal, key, data);
245
246 ret = k5_build_conf_principals(context, id, principal, key, &cred);
247 if (ret)
248 goto out;
249
250 if (data == NULL) {
251 ret = krb5_cc_remove_cred(context, id, 0, &cred);
252 } else {
253 ret = krb5int_copy_data_contents(context, data, &cred.ticket);
254 if (ret)
255 goto out;
256 ret = krb5_cc_store_cred(context, id, &cred);
257 }
258 out:
259 krb5_free_cred_contents(context, &cred);
260 return ret;
261 }
262
263 krb5_error_code KRB5_CALLCONV
krb5_cc_get_config(krb5_context context,krb5_ccache id,krb5_const_principal principal,const char * key,krb5_data * data)264 krb5_cc_get_config(krb5_context context, krb5_ccache id,
265 krb5_const_principal principal,
266 const char *key, krb5_data *data)
267 {
268 krb5_creds mcred, cred;
269 krb5_error_code ret;
270
271 memset(&cred, 0, sizeof(cred));
272 memset(data, 0, sizeof(*data));
273
274 ret = k5_build_conf_principals(context, id, principal, key, &mcred);
275 if (ret)
276 goto out;
277
278 ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
279 if (ret)
280 goto out;
281
282 ret = krb5int_copy_data_contents(context, &cred.ticket, data);
283 if (ret)
284 goto out;
285
286 TRACE_CC_GET_CONFIG(context, id, principal, key, data);
287
288 out:
289 krb5_free_cred_contents(context, &cred);
290 krb5_free_cred_contents(context, &mcred);
291 return ret;
292 }
293
294 krb5_error_code KRB5_CALLCONV
krb5_cc_switch(krb5_context context,krb5_ccache cache)295 krb5_cc_switch(krb5_context context, krb5_ccache cache)
296 {
297 if (cache->ops->switch_to == NULL)
298 return 0;
299 return cache->ops->switch_to(context, cache);
300 }
301
302 krb5_error_code
k5_cc_store_primary_cred(krb5_context context,krb5_ccache cache,krb5_creds * creds)303 k5_cc_store_primary_cred(krb5_context context, krb5_ccache cache,
304 krb5_creds *creds)
305 {
306 krb5_error_code ret;
307
308 /* Write a start realm if we're writing a TGT and the client realm isn't
309 * the same as the TGS realm. */
310 if (IS_TGS_PRINC(creds->server) &&
311 !data_eq(creds->client->realm, creds->server->data[1])) {
312 ret = krb5_cc_set_config(context, cache, NULL,
313 KRB5_CC_CONF_START_REALM,
314 &creds->server->data[1]);
315 if (ret)
316 return ret;
317 }
318
319 return krb5_cc_store_cred(context, cache, creds);
320 }
321