xref: /freebsd/crypto/heimdal/lib/krb5/scache.c (revision 6a068746777241722b2b32c5d0bc443a2a64d80b)
1 /*
2  * Copyright (c) 2008 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 #ifdef HAVE_SCC
37 
38 #include <sqlite3.h>
39 
40 typedef struct krb5_scache {
41     char *name;
42     char *file;
43     sqlite3 *db;
44 
45     sqlite_uint64 cid;
46 
47     sqlite3_stmt *icred;
48     sqlite3_stmt *dcred;
49     sqlite3_stmt *iprincipal;
50 
51     sqlite3_stmt *icache;
52     sqlite3_stmt *ucachen;
53     sqlite3_stmt *ucachep;
54     sqlite3_stmt *dcache;
55     sqlite3_stmt *scache;
56     sqlite3_stmt *scache_name;
57     sqlite3_stmt *umaster;
58 
59 } krb5_scache;
60 
61 #define	SCACHE(X)	((krb5_scache *)(X)->data.data)
62 
63 #define SCACHE_DEF_NAME		"Default-cache"
64 #ifdef KRB5_USE_PATH_TOKENS
65 #define KRB5_SCACHE_DB	"%{TEMP}/krb5scc_%{uid}"
66 #else
67 #define KRB5_SCACHE_DB	"/tmp/krb5scc_%{uid}"
68 #endif
69 #define KRB5_SCACHE_NAME	"SCC:"  SCACHE_DEF_NAME ":" KRB5_SCACHE_DB
70 
71 #define SCACHE_INVALID_CID	((sqlite_uint64)-1)
72 
73 /*
74  *
75  */
76 
77 #define SQL_CMASTER ""				\
78 	"CREATE TABLE master ("			\
79         "oid INTEGER PRIMARY KEY,"		\
80 	"version INTEGER NOT NULL,"		\
81 	"defaultcache TEXT NOT NULL"		\
82 	")"
83 
84 #define SQL_SETUP_MASTER \
85 	"INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")"
86 #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2"
87 
88 #define SQL_CCACHE ""				\
89 	"CREATE TABLE caches ("			\
90         "oid INTEGER PRIMARY KEY,"		\
91 	"principal TEXT,"			\
92 	"name TEXT NOT NULL"			\
93 	")"
94 
95 #define SQL_TCACHE ""						\
96 	"CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches "	\
97 	"FOR EACH ROW BEGIN "					\
98 	"DELETE FROM credentials WHERE cid=old.oid;"		\
99 	"END"
100 
101 #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
102 #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?"
103 #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
104 #define SQL_DCACHE "DELETE FROM caches WHERE OID=?"
105 #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
106 #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?"
107 
108 #define SQL_CCREDS ""				\
109 	"CREATE TABLE credentials ("		\
110         "oid INTEGER PRIMARY KEY,"		\
111 	"cid INTEGER NOT NULL,"			\
112 	"kvno INTEGER NOT NULL,"		\
113 	"etype INTEGER NOT NULL,"		\
114         "created_at INTEGER NOT NULL,"		\
115 	"cred BLOB NOT NULL"			\
116 	")"
117 
118 #define SQL_TCRED ""							\
119 	"CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials "	\
120 	"FOR EACH ROW BEGIN "						\
121 	"DELETE FROM principals WHERE credential_id=old.oid;"		\
122 	"END"
123 
124 #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)"
125 #define SQL_DCRED "DELETE FROM credentials WHERE cid=?"
126 
127 #define SQL_CPRINCIPALS ""			\
128 	"CREATE TABLE principals ("		\
129         "oid INTEGER PRIMARY KEY,"		\
130 	"principal TEXT NOT NULL,"		\
131 	"type INTEGER NOT NULL,"		\
132 	"credential_id INTEGER NOT NULL"	\
133 	")"
134 
135 #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
136 
137 /*
138  * sqlite destructors
139  */
140 
141 static void
free_data(void * data)142 free_data(void *data)
143 {
144     free(data);
145 }
146 
147 static void
free_krb5(void * str)148 free_krb5(void *str)
149 {
150     krb5_xfree(str);
151 }
152 
153 static void
scc_free(krb5_scache * s)154 scc_free(krb5_scache *s)
155 {
156     if (s->file)
157 	free(s->file);
158     if (s->name)
159 	free(s->name);
160 
161     if (s->icred)
162 	sqlite3_finalize(s->icred);
163     if (s->dcred)
164 	sqlite3_finalize(s->dcred);
165     if (s->iprincipal)
166 	sqlite3_finalize(s->iprincipal);
167     if (s->icache)
168 	sqlite3_finalize(s->icache);
169     if (s->ucachen)
170 	sqlite3_finalize(s->ucachen);
171     if (s->ucachep)
172 	sqlite3_finalize(s->ucachep);
173     if (s->dcache)
174 	sqlite3_finalize(s->dcache);
175     if (s->scache)
176 	sqlite3_finalize(s->scache);
177     if (s->scache_name)
178 	sqlite3_finalize(s->scache_name);
179     if (s->umaster)
180 	sqlite3_finalize(s->umaster);
181 
182     if (s->db)
183 	sqlite3_close(s->db);
184     free(s);
185 }
186 
187 #ifdef TRACEME
188 static void
trace(void * ptr,const char * str)189 trace(void* ptr, const char * str)
190 {
191     printf("SQL: %s\n", str);
192 }
193 #endif
194 
195 static krb5_error_code
prepare_stmt(krb5_context context,sqlite3 * db,sqlite3_stmt ** stmt,const char * str)196 prepare_stmt(krb5_context context, sqlite3 *db,
197 	     sqlite3_stmt **stmt, const char *str)
198 {
199     int ret;
200 
201     ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
202     if (ret != SQLITE_OK) {
203 	krb5_set_error_message(context, ENOENT,
204 			       N_("Failed to prepare stmt %s: %s", ""),
205 			       str, sqlite3_errmsg(db));
206 	return ENOENT;
207     }
208     return 0;
209 }
210 
211 static krb5_error_code
exec_stmt(krb5_context context,sqlite3 * db,const char * str,krb5_error_code code)212 exec_stmt(krb5_context context, sqlite3 *db, const char *str,
213 	  krb5_error_code code)
214 {
215     int ret;
216 
217     ret = sqlite3_exec(db, str, NULL, NULL, NULL);
218     if (ret != SQLITE_OK && code) {
219 	krb5_set_error_message(context, code,
220 			       N_("scache execute %s: %s", ""), str,
221 			       sqlite3_errmsg(db));
222 	return code;
223     }
224     return 0;
225 }
226 
227 static krb5_error_code
default_db(krb5_context context,sqlite3 ** db)228 default_db(krb5_context context, sqlite3 **db)
229 {
230     char *name;
231     int ret;
232 
233     ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name);
234     if (ret)
235 	return ret;
236 
237     ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL);
238     free(name);
239     if (ret != SQLITE_OK) {
240 	krb5_clear_error_message(context);
241 	return ENOENT;
242     }
243 
244 #ifdef TRACEME
245     sqlite3_trace(*db, trace, NULL);
246 #endif
247 
248     return 0;
249 }
250 
251 static krb5_error_code
get_def_name(krb5_context context,char ** str)252 get_def_name(krb5_context context, char **str)
253 {
254     krb5_error_code ret;
255     sqlite3_stmt *stmt;
256     const char *name;
257     sqlite3 *db;
258 
259     ret = default_db(context, &db);
260     if (ret)
261 	return ret;
262 
263     ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master");
264     if (ret) {
265 	sqlite3_close(db);
266 	return ret;
267     }
268 
269     ret = sqlite3_step(stmt);
270     if (ret != SQLITE_ROW)
271 	goto out;
272 
273     if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT)
274 	goto out;
275 
276     name = (const char *)sqlite3_column_text(stmt, 0);
277     if (name == NULL)
278 	goto out;
279 
280     *str = strdup(name);
281     if (*str == NULL)
282 	goto out;
283 
284     sqlite3_finalize(stmt);
285     sqlite3_close(db);
286     return 0;
287 out:
288     sqlite3_finalize(stmt);
289     sqlite3_close(db);
290     krb5_clear_error_message(context);
291     return ENOENT;
292 }
293 
294 
295 
296 static krb5_scache * KRB5_CALLCONV
scc_alloc(krb5_context context,const char * name)297 scc_alloc(krb5_context context, const char *name)
298 {
299     krb5_error_code ret;
300     krb5_scache *s;
301 
302     ALLOC(s, 1);
303     if(s == NULL)
304 	return NULL;
305 
306     s->cid = SCACHE_INVALID_CID;
307 
308     if (name) {
309 	char *file;
310 
311 	if (*name == '\0') {
312 	    krb5_error_code ret;
313 	    ret = get_def_name(context, &s->name);
314 	    if (ret)
315 		s->name = strdup(SCACHE_DEF_NAME);
316 	} else
317 	    s->name = strdup(name);
318 
319 	file = strrchr(s->name, ':');
320 	if (file) {
321 	    *file++ = '\0';
322 	    s->file = strdup(file);
323 	    ret = 0;
324 	} else {
325 	    ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
326 	}
327     } else {
328 	_krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
329 	ret = asprintf(&s->name, "unique-%p", s);
330     }
331     if (ret < 0 || s->file == NULL || s->name == NULL) {
332 	scc_free(s);
333 	return NULL;
334     }
335 
336     return s;
337 }
338 
339 static krb5_error_code
open_database(krb5_context context,krb5_scache * s,int flags)340 open_database(krb5_context context, krb5_scache *s, int flags)
341 {
342     int ret;
343 
344     ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
345     if (ret) {
346 	if (s->db) {
347 	    krb5_set_error_message(context, ENOENT,
348 				   N_("Error opening scache file %s: %s", ""),
349 				   s->file, sqlite3_errmsg(s->db));
350 	    sqlite3_close(s->db);
351 	    s->db = NULL;
352 	} else
353 	    krb5_set_error_message(context, ENOENT,
354 				   N_("malloc: out of memory", ""));
355 	return ENOENT;
356     }
357     return 0;
358 }
359 
360 static krb5_error_code
create_cache(krb5_context context,krb5_scache * s)361 create_cache(krb5_context context, krb5_scache *s)
362 {
363     int ret;
364 
365     sqlite3_bind_text(s->icache, 1, s->name, -1, NULL);
366     do {
367 	ret = sqlite3_step(s->icache);
368     } while (ret == SQLITE_ROW);
369     if (ret != SQLITE_DONE) {
370 	krb5_set_error_message(context, KRB5_CC_IO,
371 			       N_("Failed to add scache: %d", ""), ret);
372 	return KRB5_CC_IO;
373     }
374     sqlite3_reset(s->icache);
375 
376     s->cid = sqlite3_last_insert_rowid(s->db);
377 
378     return 0;
379 }
380 
381 static krb5_error_code
make_database(krb5_context context,krb5_scache * s)382 make_database(krb5_context context, krb5_scache *s)
383 {
384     int created_file = 0;
385     int ret;
386 
387     if (s->db)
388 	return 0;
389 
390     ret = open_database(context, s, 0);
391     if (ret) {
392 	mode_t oldumask = umask(077);
393 	ret = open_database(context, s, SQLITE_OPEN_CREATE);
394 	umask(oldumask);
395 	if (ret) goto out;
396 
397 	created_file = 1;
398 
399 	ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO);
400 	if (ret) goto out;
401 	ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO);
402 	if (ret) goto out;
403 	ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO);
404 	if (ret) goto out;
405 	ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO);
406 	if (ret) goto out;
407 	ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO);
408 	if (ret) goto out;
409 
410 	ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO);
411 	if (ret) goto out;
412 	ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO);
413 	if (ret) goto out;
414     }
415 
416 #ifdef TRACEME
417     sqlite3_trace(s->db, trace, NULL);
418 #endif
419 
420     ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED);
421     if (ret) goto out;
422     ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED);
423     if (ret) goto out;
424     ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL);
425     if (ret) goto out;
426     ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE);
427     if (ret) goto out;
428     ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME);
429     if (ret) goto out;
430     ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL);
431     if (ret) goto out;
432     ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE);
433     if (ret) goto out;
434     ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE);
435     if (ret) goto out;
436     ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME);
437     if (ret) goto out;
438     ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER);
439     if (ret) goto out;
440 
441     return 0;
442 
443 out:
444     if (s->db)
445 	sqlite3_close(s->db);
446     if (created_file)
447 	unlink(s->file);
448 
449     return ret;
450 }
451 
452 static krb5_error_code
bind_principal(krb5_context context,sqlite3 * db,sqlite3_stmt * stmt,int col,krb5_const_principal principal)453 bind_principal(krb5_context context,
454 	       sqlite3 *db,
455 	       sqlite3_stmt *stmt,
456 	       int col,
457 	       krb5_const_principal principal)
458 {
459     krb5_error_code ret;
460     char *str;
461 
462     ret = krb5_unparse_name(context, principal, &str);
463     if (ret)
464 	return ret;
465 
466     ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5);
467     if (ret != SQLITE_OK) {
468 	krb5_xfree(str);
469 	krb5_set_error_message(context, ENOMEM,
470 			       N_("scache bind principal: %s", ""),
471 			       sqlite3_errmsg(db));
472 	return ENOMEM;
473     }
474     return 0;
475 }
476 
477 /*
478  *
479  */
480 
481 static const char* KRB5_CALLCONV
scc_get_name(krb5_context context,krb5_ccache id)482 scc_get_name(krb5_context context,
483 	     krb5_ccache id)
484 {
485     return SCACHE(id)->name;
486 }
487 
488 static krb5_error_code KRB5_CALLCONV
scc_resolve(krb5_context context,krb5_ccache * id,const char * res)489 scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
490 {
491     krb5_scache *s;
492     int ret;
493 
494     s = scc_alloc(context, res);
495     if (s == NULL) {
496 	krb5_set_error_message(context, KRB5_CC_NOMEM,
497 			       N_("malloc: out of memory", ""));
498 	return KRB5_CC_NOMEM;
499     }
500 
501     ret = make_database(context, s);
502     if (ret) {
503 	scc_free(s);
504 	return ret;
505     }
506 
507     ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
508     if (ret != SQLITE_OK) {
509 	krb5_set_error_message(context, ENOMEM,
510 			       "bind name: %s", sqlite3_errmsg(s->db));
511 	scc_free(s);
512 	return ENOMEM;
513     }
514 
515     if (sqlite3_step(s->scache_name) == SQLITE_ROW) {
516 
517 	if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
518 	    sqlite3_reset(s->scache_name);
519 	    krb5_set_error_message(context, KRB5_CC_END,
520 				   N_("Cache name of wrong type "
521 				      "for scache %s", ""),
522 				   s->name);
523 	    scc_free(s);
524 	    return KRB5_CC_END;
525 	}
526 
527 	s->cid = sqlite3_column_int(s->scache_name, 0);
528     } else {
529 	s->cid = SCACHE_INVALID_CID;
530     }
531     sqlite3_reset(s->scache_name);
532 
533     (*id)->data.data = s;
534     (*id)->data.length = sizeof(*s);
535 
536     return 0;
537 }
538 
539 static krb5_error_code KRB5_CALLCONV
scc_gen_new(krb5_context context,krb5_ccache * id)540 scc_gen_new(krb5_context context, krb5_ccache *id)
541 {
542     krb5_scache *s;
543 
544     s = scc_alloc(context, NULL);
545 
546     if (s == NULL) {
547 	krb5_set_error_message(context, KRB5_CC_NOMEM,
548 			       N_("malloc: out of memory", ""));
549 	return KRB5_CC_NOMEM;
550     }
551 
552     (*id)->data.data = s;
553     (*id)->data.length = sizeof(*s);
554 
555     return 0;
556 }
557 
558 static krb5_error_code KRB5_CALLCONV
scc_initialize(krb5_context context,krb5_ccache id,krb5_principal primary_principal)559 scc_initialize(krb5_context context,
560 	       krb5_ccache id,
561 	       krb5_principal primary_principal)
562 {
563     krb5_scache *s = SCACHE(id);
564     krb5_error_code ret;
565 
566     ret = make_database(context, s);
567     if (ret)
568 	return ret;
569 
570     ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
571     if (ret) return ret;
572 
573     if (s->cid == SCACHE_INVALID_CID) {
574 	ret = create_cache(context, s);
575 	if (ret)
576 	    goto rollback;
577     } else {
578 	sqlite3_bind_int(s->dcred, 1, s->cid);
579 	do {
580 	    ret = sqlite3_step(s->dcred);
581 	} while (ret == SQLITE_ROW);
582 	sqlite3_reset(s->dcred);
583 	if (ret != SQLITE_DONE) {
584 	    ret = KRB5_CC_IO;
585 	    krb5_set_error_message(context, ret,
586 				   N_("Failed to delete old "
587 				      "credentials: %s", ""),
588 				   sqlite3_errmsg(s->db));
589 	    goto rollback;
590 	}
591     }
592 
593     ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal);
594     if (ret)
595 	goto rollback;
596     sqlite3_bind_int(s->ucachep, 2, s->cid);
597 
598     do {
599 	ret = sqlite3_step(s->ucachep);
600     } while (ret == SQLITE_ROW);
601     sqlite3_reset(s->ucachep);
602     if (ret != SQLITE_DONE) {
603 	ret = KRB5_CC_IO;
604 	krb5_set_error_message(context, ret,
605 			       N_("Failed to bind principal to cache %s", ""),
606 			       sqlite3_errmsg(s->db));
607 	goto rollback;
608     }
609 
610     ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
611     if (ret) return ret;
612 
613     return 0;
614 
615 rollback:
616     exec_stmt(context, s->db, "ROLLBACK", 0);
617 
618     return ret;
619 
620 }
621 
622 static krb5_error_code KRB5_CALLCONV
scc_close(krb5_context context,krb5_ccache id)623 scc_close(krb5_context context,
624 	  krb5_ccache id)
625 {
626     scc_free(SCACHE(id));
627     return 0;
628 }
629 
630 static krb5_error_code KRB5_CALLCONV
scc_destroy(krb5_context context,krb5_ccache id)631 scc_destroy(krb5_context context,
632 	    krb5_ccache id)
633 {
634     krb5_scache *s = SCACHE(id);
635     int ret;
636 
637     if (s->cid == SCACHE_INVALID_CID)
638 	return 0;
639 
640     sqlite3_bind_int(s->dcache, 1, s->cid);
641     do {
642 	ret = sqlite3_step(s->dcache);
643     } while (ret == SQLITE_ROW);
644     sqlite3_reset(s->dcache);
645     if (ret != SQLITE_DONE) {
646 	krb5_set_error_message(context, KRB5_CC_IO,
647 			       N_("Failed to destroy cache %s: %s", ""),
648 			       s->name, sqlite3_errmsg(s->db));
649 	return KRB5_CC_IO;
650     }
651     return 0;
652 }
653 
654 static krb5_error_code
encode_creds(krb5_context context,krb5_creds * creds,krb5_data * data)655 encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
656 {
657     krb5_error_code ret;
658     krb5_storage *sp;
659 
660     sp = krb5_storage_emem();
661     if (sp == NULL) {
662 	krb5_set_error_message(context, ENOMEM,
663 			       N_("malloc: out of memory", ""));
664 	return ENOMEM;
665     }
666 
667     ret = krb5_store_creds(sp, creds);
668     if (ret) {
669 	krb5_set_error_message(context, ret,
670 			       N_("Failed to store credential in scache", ""));
671 	krb5_storage_free(sp);
672 	return ret;
673     }
674 
675     ret = krb5_storage_to_data(sp, data);
676     krb5_storage_free(sp);
677     if (ret)
678 	krb5_set_error_message(context, ret,
679 			       N_("Failed to encode credential in scache", ""));
680     return ret;
681 }
682 
683 static krb5_error_code
decode_creds(krb5_context context,const void * data,size_t length,krb5_creds * creds)684 decode_creds(krb5_context context, const void *data, size_t length,
685 	     krb5_creds *creds)
686 {
687     krb5_error_code ret;
688     krb5_storage *sp;
689 
690     sp = krb5_storage_from_readonly_mem(data, length);
691     if (sp == NULL) {
692 	krb5_set_error_message(context, ENOMEM,
693 			       N_("malloc: out of memory", ""));
694 	return ENOMEM;
695     }
696 
697     ret = krb5_ret_creds(sp, creds);
698     krb5_storage_free(sp);
699     if (ret) {
700 	krb5_set_error_message(context, ret,
701 			       N_("Failed to read credential in scache", ""));
702 	return ret;
703     }
704     return 0;
705 }
706 
707 
708 static krb5_error_code KRB5_CALLCONV
scc_store_cred(krb5_context context,krb5_ccache id,krb5_creds * creds)709 scc_store_cred(krb5_context context,
710 	       krb5_ccache id,
711 	       krb5_creds *creds)
712 {
713     sqlite_uint64 credid;
714     krb5_scache *s = SCACHE(id);
715     krb5_error_code ret;
716     krb5_data data;
717 
718     ret = make_database(context, s);
719     if (ret)
720 	return ret;
721 
722     ret = encode_creds(context, creds, &data);
723     if (ret)
724 	return ret;
725 
726     sqlite3_bind_int(s->icred, 1, s->cid);
727     {
728 	krb5_enctype etype = 0;
729 	int kvno = 0;
730 	Ticket t;
731 	size_t len;
732 
733 	ret = decode_Ticket(creds->ticket.data,
734 			    creds->ticket.length, &t, &len);
735 	if (ret == 0) {
736 	    if(t.enc_part.kvno)
737 		kvno = *t.enc_part.kvno;
738 
739 	    etype = t.enc_part.etype;
740 
741 	    free_Ticket(&t);
742 	}
743 
744 	sqlite3_bind_int(s->icred, 2, kvno);
745 	sqlite3_bind_int(s->icred, 3, etype);
746 
747     }
748 
749     sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data);
750     sqlite3_bind_int(s->icred, 5, time(NULL));
751 
752     ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
753     if (ret) return ret;
754 
755     do {
756 	ret = sqlite3_step(s->icred);
757     } while (ret == SQLITE_ROW);
758     sqlite3_reset(s->icred);
759     if (ret != SQLITE_DONE) {
760 	ret = KRB5_CC_IO;
761 	krb5_set_error_message(context, ret,
762 			       N_("Failed to add credential: %s", ""),
763 			       sqlite3_errmsg(s->db));
764 	goto rollback;
765     }
766 
767     credid = sqlite3_last_insert_rowid(s->db);
768 
769     {
770 	bind_principal(context, s->db, s->iprincipal, 1, creds->server);
771 	sqlite3_bind_int(s->iprincipal, 2, 1);
772 	sqlite3_bind_int(s->iprincipal, 3, credid);
773 
774 	do {
775 	    ret = sqlite3_step(s->iprincipal);
776 	} while (ret == SQLITE_ROW);
777 	sqlite3_reset(s->iprincipal);
778 	if (ret != SQLITE_DONE) {
779 	    ret = KRB5_CC_IO;
780 	    krb5_set_error_message(context, ret,
781 				   N_("Failed to add principal: %s", ""),
782 				   sqlite3_errmsg(s->db));
783 	    goto rollback;
784 	}
785     }
786 
787     {
788 	bind_principal(context, s->db, s->iprincipal, 1, creds->client);
789 	sqlite3_bind_int(s->iprincipal, 2, 0);
790 	sqlite3_bind_int(s->iprincipal, 3, credid);
791 
792 	do {
793 	    ret = sqlite3_step(s->iprincipal);
794 	} while (ret == SQLITE_ROW);
795 	sqlite3_reset(s->iprincipal);
796 	if (ret != SQLITE_DONE) {
797 	    ret = KRB5_CC_IO;
798 	    krb5_set_error_message(context, ret,
799 				   N_("Failed to add principal: %s", ""),
800 				   sqlite3_errmsg(s->db));
801 	    goto rollback;
802 	}
803     }
804 
805     ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
806     if (ret) return ret;
807 
808     return 0;
809 
810 rollback:
811     exec_stmt(context, s->db, "ROLLBACK", 0);
812 
813     return ret;
814 }
815 
816 static krb5_error_code KRB5_CALLCONV
scc_get_principal(krb5_context context,krb5_ccache id,krb5_principal * principal)817 scc_get_principal(krb5_context context,
818 		  krb5_ccache id,
819 		  krb5_principal *principal)
820 {
821     krb5_scache *s = SCACHE(id);
822     krb5_error_code ret;
823     const char *str;
824 
825     *principal = NULL;
826 
827     ret = make_database(context, s);
828     if (ret)
829 	return ret;
830 
831     sqlite3_bind_int(s->scache, 1, s->cid);
832 
833     if (sqlite3_step(s->scache) != SQLITE_ROW) {
834 	sqlite3_reset(s->scache);
835 	krb5_set_error_message(context, KRB5_CC_END,
836 			       N_("No principal for cache SCC:%s:%s", ""),
837 			       s->name, s->file);
838 	return KRB5_CC_END;
839     }
840 
841     if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
842 	sqlite3_reset(s->scache);
843 	krb5_set_error_message(context, KRB5_CC_END,
844 			       N_("Principal data of wrong type "
845 				  "for SCC:%s:%s", ""),
846 			       s->name, s->file);
847 	return KRB5_CC_END;
848     }
849 
850     str = (const char *)sqlite3_column_text(s->scache, 0);
851     if (str == NULL) {
852 	sqlite3_reset(s->scache);
853 	krb5_set_error_message(context, KRB5_CC_END,
854 			       N_("Principal not set for SCC:%s:%s", ""),
855 			       s->name, s->file);
856 	return KRB5_CC_END;
857     }
858 
859     ret = krb5_parse_name(context, str, principal);
860 
861     sqlite3_reset(s->scache);
862 
863     return ret;
864 }
865 
866 struct cred_ctx {
867     char *drop;
868     sqlite3_stmt *stmt;
869     sqlite3_stmt *credstmt;
870 };
871 
872 static krb5_error_code KRB5_CALLCONV
scc_get_first(krb5_context context,krb5_ccache id,krb5_cc_cursor * cursor)873 scc_get_first (krb5_context context,
874 	       krb5_ccache id,
875 	       krb5_cc_cursor *cursor)
876 {
877     krb5_scache *s = SCACHE(id);
878     krb5_error_code ret;
879     struct cred_ctx *ctx;
880     char *str = NULL, *name = NULL;
881 
882     *cursor = NULL;
883 
884     ctx = calloc(1, sizeof(*ctx));
885     if (ctx == NULL) {
886 	krb5_set_error_message(context, ENOMEM,
887 			       N_("malloc: out of memory", ""));
888 	return ENOMEM;
889     }
890 
891     ret = make_database(context, s);
892     if (ret) {
893 	free(ctx);
894 	return ret;
895     }
896 
897     if (s->cid == SCACHE_INVALID_CID) {
898 	krb5_set_error_message(context, KRB5_CC_END,
899 			       N_("Iterating a invalid scache %s", ""),
900 			       s->name);
901 	free(ctx);
902 	return KRB5_CC_END;
903     }
904 
905     ret = asprintf(&name, "credIteration%pPid%d",
906                    ctx, (int)getpid());
907     if (ret < 0 || name == NULL) {
908 	krb5_set_error_message(context, ENOMEM,
909 			       N_("malloc: out of memory", ""));
910 	free(ctx);
911 	return ENOMEM;
912     }
913 
914     ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
915     if (ret < 0 || ctx->drop == NULL) {
916 	krb5_set_error_message(context, ENOMEM,
917 			       N_("malloc: out of memory", ""));
918 	free(name);
919 	free(ctx);
920 	return ENOMEM;
921     }
922 
923     ret = asprintf(&str, "CREATE TEMPORARY TABLE %s "
924 	     "AS SELECT oid,created_at FROM credentials WHERE cid = %lu",
925 	     name, (unsigned long)s->cid);
926     if (ret < 0 || str == NULL) {
927 	free(ctx->drop);
928 	free(name);
929 	free(ctx);
930 	return ENOMEM;
931     }
932 
933     ret = exec_stmt(context, s->db, str, KRB5_CC_IO);
934     free(str);
935     str = NULL;
936     if (ret) {
937 	free(ctx->drop);
938 	free(name);
939 	free(ctx);
940 	return ret;
941     }
942 
943     ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name);
944     if (ret < 0 || str == NULL) {
945 	exec_stmt(context, s->db, ctx->drop, 0);
946 	free(ctx->drop);
947 	free(name);
948 	free(ctx);
949 	return ret;
950     }
951 
952     ret = prepare_stmt(context, s->db, &ctx->stmt, str);
953     free(str);
954     str = NULL;
955     free(name);
956     if (ret) {
957 	exec_stmt(context, s->db, ctx->drop, 0);
958 	free(ctx->drop);
959 	free(ctx);
960 	return ret;
961     }
962 
963     ret = prepare_stmt(context, s->db, &ctx->credstmt,
964 		       "SELECT cred FROM credentials WHERE oid = ?");
965     if (ret) {
966 	sqlite3_finalize(ctx->stmt);
967 	exec_stmt(context, s->db, ctx->drop, 0);
968 	free(ctx->drop);
969 	free(ctx);
970 	return ret;
971     }
972 
973     *cursor = ctx;
974 
975     return 0;
976 }
977 
978 static krb5_error_code KRB5_CALLCONV
scc_get_next(krb5_context context,krb5_ccache id,krb5_cc_cursor * cursor,krb5_creds * creds)979 scc_get_next (krb5_context context,
980 	      krb5_ccache id,
981 	      krb5_cc_cursor *cursor,
982 	      krb5_creds *creds)
983 {
984     struct cred_ctx *ctx = *cursor;
985     krb5_scache *s = SCACHE(id);
986     krb5_error_code ret;
987     sqlite_uint64 oid;
988     const void *data = NULL;
989     size_t len = 0;
990 
991 next:
992     ret = sqlite3_step(ctx->stmt);
993     if (ret == SQLITE_DONE) {
994 	krb5_clear_error_message(context);
995         return KRB5_CC_END;
996     } else if (ret != SQLITE_ROW) {
997 	krb5_set_error_message(context, KRB5_CC_IO,
998 			       N_("scache Database failed: %s", ""),
999 			       sqlite3_errmsg(s->db));
1000         return KRB5_CC_IO;
1001     }
1002 
1003     oid = sqlite3_column_int64(ctx->stmt, 0);
1004 
1005     /* read cred from credentials table */
1006 
1007     sqlite3_bind_int(ctx->credstmt, 1, oid);
1008 
1009     ret = sqlite3_step(ctx->credstmt);
1010     if (ret != SQLITE_ROW) {
1011 	sqlite3_reset(ctx->credstmt);
1012 	goto next;
1013     }
1014 
1015     if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
1016 	krb5_set_error_message(context, KRB5_CC_END,
1017 			       N_("credential of wrong type for SCC:%s:%s", ""),
1018 			       s->name, s->file);
1019 	sqlite3_reset(ctx->credstmt);
1020 	return KRB5_CC_END;
1021     }
1022 
1023     data = sqlite3_column_blob(ctx->credstmt, 0);
1024     len = sqlite3_column_bytes(ctx->credstmt, 0);
1025 
1026     ret = decode_creds(context, data, len, creds);
1027     sqlite3_reset(ctx->credstmt);
1028     return ret;
1029 }
1030 
1031 static krb5_error_code KRB5_CALLCONV
scc_end_get(krb5_context context,krb5_ccache id,krb5_cc_cursor * cursor)1032 scc_end_get (krb5_context context,
1033 	     krb5_ccache id,
1034 	     krb5_cc_cursor *cursor)
1035 {
1036     struct cred_ctx *ctx = *cursor;
1037     krb5_scache *s = SCACHE(id);
1038 
1039     sqlite3_finalize(ctx->stmt);
1040     sqlite3_finalize(ctx->credstmt);
1041 
1042     exec_stmt(context, s->db, ctx->drop, 0);
1043 
1044     free(ctx->drop);
1045     free(ctx);
1046 
1047     return 0;
1048 }
1049 
1050 static krb5_error_code KRB5_CALLCONV
scc_remove_cred(krb5_context context,krb5_ccache id,krb5_flags which,krb5_creds * mcreds)1051 scc_remove_cred(krb5_context context,
1052 		 krb5_ccache id,
1053 		 krb5_flags which,
1054 		 krb5_creds *mcreds)
1055 {
1056     krb5_scache *s = SCACHE(id);
1057     krb5_error_code ret;
1058     sqlite3_stmt *stmt;
1059     sqlite_uint64 credid = 0;
1060     const void *data = NULL;
1061     size_t len = 0;
1062 
1063     ret = make_database(context, s);
1064     if (ret)
1065 	return ret;
1066 
1067     ret = prepare_stmt(context, s->db, &stmt,
1068 		       "SELECT cred,oid FROM credentials "
1069 		       "WHERE cid = ?");
1070     if (ret)
1071 	return ret;
1072 
1073     sqlite3_bind_int(stmt, 1, s->cid);
1074 
1075     /* find credential... */
1076     while (1) {
1077 	krb5_creds creds;
1078 
1079 	ret = sqlite3_step(stmt);
1080 	if (ret == SQLITE_DONE) {
1081 	    ret = 0;
1082 	    break;
1083 	} else if (ret != SQLITE_ROW) {
1084 	    ret = KRB5_CC_IO;
1085 	    krb5_set_error_message(context, ret,
1086 				   N_("scache Database failed: %s", ""),
1087 				   sqlite3_errmsg(s->db));
1088 	    break;
1089 	}
1090 
1091 	if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
1092 	    ret = KRB5_CC_END;
1093 	    krb5_set_error_message(context, ret,
1094 				   N_("Credential of wrong type "
1095 				      "for SCC:%s:%s", ""),
1096 				   s->name, s->file);
1097 	    break;
1098 	}
1099 
1100 	data = sqlite3_column_blob(stmt, 0);
1101 	len = sqlite3_column_bytes(stmt, 0);
1102 
1103 	ret = decode_creds(context, data, len, &creds);
1104 	if (ret)
1105 	    break;
1106 
1107 	ret = krb5_compare_creds(context, which, mcreds, &creds);
1108 	krb5_free_cred_contents(context, &creds);
1109 	if (ret) {
1110 	    credid = sqlite3_column_int64(stmt, 1);
1111 	    ret = 0;
1112 	    break;
1113 	}
1114     }
1115 
1116     sqlite3_finalize(stmt);
1117 
1118     if (id) {
1119 	ret = prepare_stmt(context, s->db, &stmt,
1120 			   "DELETE FROM credentials WHERE oid=?");
1121 	if (ret)
1122 	    return ret;
1123 	sqlite3_bind_int(stmt, 1, credid);
1124 
1125 	do {
1126 	    ret = sqlite3_step(stmt);
1127 	} while (ret == SQLITE_ROW);
1128 	sqlite3_finalize(stmt);
1129 	if (ret != SQLITE_DONE) {
1130 	    ret = KRB5_CC_IO;
1131 	    krb5_set_error_message(context, ret,
1132 				   N_("failed to delete scache credental", ""));
1133 	} else
1134 	    ret = 0;
1135     }
1136 
1137     return ret;
1138 }
1139 
1140 static krb5_error_code KRB5_CALLCONV
scc_set_flags(krb5_context context,krb5_ccache id,krb5_flags flags)1141 scc_set_flags(krb5_context context,
1142 	      krb5_ccache id,
1143 	      krb5_flags flags)
1144 {
1145     return 0; /* XXX */
1146 }
1147 
1148 struct cache_iter {
1149     char *drop;
1150     sqlite3 *db;
1151     sqlite3_stmt *stmt;
1152 };
1153 
1154 static krb5_error_code KRB5_CALLCONV
scc_get_cache_first(krb5_context context,krb5_cc_cursor * cursor)1155 scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
1156 {
1157     struct cache_iter *ctx;
1158     krb5_error_code ret;
1159     char *name = NULL, *str = NULL;
1160 
1161     *cursor = NULL;
1162 
1163     ctx = calloc(1, sizeof(*ctx));
1164     if (ctx == NULL) {
1165 	krb5_set_error_message(context, ENOMEM,
1166 			       N_("malloc: out of memory", ""));
1167 	return ENOMEM;
1168     }
1169 
1170     ret = default_db(context, &ctx->db);
1171     if (ctx->db == NULL) {
1172 	free(ctx);
1173 	return ret;
1174     }
1175 
1176     ret = asprintf(&name, "cacheIteration%pPid%d",
1177                    ctx, (int)getpid());
1178     if (ret < 0 || name == NULL) {
1179 	krb5_set_error_message(context, ENOMEM,
1180 			       N_("malloc: out of memory", ""));
1181 	sqlite3_close(ctx->db);
1182 	free(ctx);
1183 	return ENOMEM;
1184     }
1185 
1186     ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
1187     if (ret < 0 || ctx->drop == NULL) {
1188 	krb5_set_error_message(context, ENOMEM,
1189 			       N_("malloc: out of memory", ""));
1190 	sqlite3_close(ctx->db);
1191 	free(name);
1192 	free(ctx);
1193 	return ENOMEM;
1194     }
1195 
1196     ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches",
1197 	     name);
1198     if (ret < 0 || str == NULL) {
1199 	krb5_set_error_message(context, ENOMEM,
1200 			       N_("malloc: out of memory", ""));
1201 	sqlite3_close(ctx->db);
1202 	free(name);
1203 	free(ctx->drop);
1204 	free(ctx);
1205 	return ENOMEM;
1206     }
1207 
1208     ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO);
1209     free(str);
1210     str = NULL;
1211     if (ret) {
1212 	sqlite3_close(ctx->db);
1213 	free(name);
1214 	free(ctx->drop);
1215 	free(ctx);
1216 	return ret;
1217     }
1218 
1219     ret = asprintf(&str, "SELECT name FROM %s", name);
1220     free(name);
1221     if (ret < 0 || str == NULL) {
1222 	exec_stmt(context, ctx->db, ctx->drop, 0);
1223 	sqlite3_close(ctx->db);
1224 	free(name);
1225 	free(ctx->drop);
1226 	free(ctx);
1227 	return ENOMEM;
1228     }
1229 
1230     ret = prepare_stmt(context, ctx->db, &ctx->stmt, str);
1231     free(str);
1232     if (ret) {
1233 	exec_stmt(context, ctx->db, ctx->drop, 0);
1234 	sqlite3_close(ctx->db);
1235 	free(ctx->drop);
1236 	free(ctx);
1237 	return ret;
1238     }
1239 
1240     *cursor = ctx;
1241 
1242     return 0;
1243 }
1244 
1245 static krb5_error_code KRB5_CALLCONV
scc_get_cache_next(krb5_context context,krb5_cc_cursor cursor,krb5_ccache * id)1246 scc_get_cache_next(krb5_context context,
1247 		   krb5_cc_cursor cursor,
1248 		   krb5_ccache *id)
1249 {
1250     struct cache_iter *ctx = cursor;
1251     krb5_error_code ret;
1252     const char *name;
1253 
1254 again:
1255     ret = sqlite3_step(ctx->stmt);
1256     if (ret == SQLITE_DONE) {
1257 	krb5_clear_error_message(context);
1258         return KRB5_CC_END;
1259     } else if (ret != SQLITE_ROW) {
1260 	krb5_set_error_message(context, KRB5_CC_IO,
1261 			       N_("Database failed: %s", ""),
1262 			       sqlite3_errmsg(ctx->db));
1263         return KRB5_CC_IO;
1264     }
1265 
1266     if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT)
1267 	goto again;
1268 
1269     name = (const char *)sqlite3_column_text(ctx->stmt, 0);
1270     if (name == NULL)
1271 	goto again;
1272 
1273     ret = _krb5_cc_allocate(context, &krb5_scc_ops, id);
1274     if (ret)
1275 	return ret;
1276 
1277     return scc_resolve(context, id, name);
1278 }
1279 
1280 static krb5_error_code KRB5_CALLCONV
scc_end_cache_get(krb5_context context,krb5_cc_cursor cursor)1281 scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
1282 {
1283     struct cache_iter *ctx = cursor;
1284 
1285     exec_stmt(context, ctx->db, ctx->drop, 0);
1286     sqlite3_finalize(ctx->stmt);
1287     sqlite3_close(ctx->db);
1288     free(ctx->drop);
1289     free(ctx);
1290     return 0;
1291 }
1292 
1293 static krb5_error_code KRB5_CALLCONV
scc_move(krb5_context context,krb5_ccache from,krb5_ccache to)1294 scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1295 {
1296     krb5_scache *sfrom = SCACHE(from);
1297     krb5_scache *sto = SCACHE(to);
1298     krb5_error_code ret;
1299 
1300     if (strcmp(sfrom->file, sto->file) != 0) {
1301 	krb5_set_error_message(context, KRB5_CC_BADNAME,
1302 			       N_("Can't handle cross database "
1303 				  "credential move: %s -> %s", ""),
1304 			       sfrom->file, sto->file);
1305 	return KRB5_CC_BADNAME;
1306     }
1307 
1308     ret = make_database(context, sfrom);
1309     if (ret)
1310 	return ret;
1311 
1312     ret = exec_stmt(context, sfrom->db,
1313 		    "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
1314     if (ret) return ret;
1315 
1316     if (sto->cid != SCACHE_INVALID_CID) {
1317 	/* drop old cache entry */
1318 
1319 	sqlite3_bind_int(sfrom->dcache, 1, sto->cid);
1320 	do {
1321 	    ret = sqlite3_step(sfrom->dcache);
1322 	} while (ret == SQLITE_ROW);
1323 	sqlite3_reset(sfrom->dcache);
1324 	if (ret != SQLITE_DONE) {
1325 	    krb5_set_error_message(context, KRB5_CC_IO,
1326 				   N_("Failed to delete old cache: %d", ""),
1327 				   (int)ret);
1328 	    goto rollback;
1329 	}
1330     }
1331 
1332     sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL);
1333     sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid);
1334 
1335     do {
1336 	ret = sqlite3_step(sfrom->ucachen);
1337     } while (ret == SQLITE_ROW);
1338     sqlite3_reset(sfrom->ucachen);
1339     if (ret != SQLITE_DONE) {
1340 	krb5_set_error_message(context, KRB5_CC_IO,
1341 			       N_("Failed to update new cache: %d", ""),
1342 			       (int)ret);
1343 	goto rollback;
1344     }
1345 
1346     sto->cid = sfrom->cid;
1347 
1348     ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO);
1349     if (ret) return ret;
1350 
1351     scc_free(sfrom);
1352 
1353     return 0;
1354 
1355 rollback:
1356     exec_stmt(context, sfrom->db, "ROLLBACK", 0);
1357     scc_free(sfrom);
1358 
1359     return KRB5_CC_IO;
1360 }
1361 
1362 static krb5_error_code KRB5_CALLCONV
scc_get_default_name(krb5_context context,char ** str)1363 scc_get_default_name(krb5_context context, char **str)
1364 {
1365     krb5_error_code ret;
1366     char *name;
1367 
1368     *str = NULL;
1369 
1370     ret = get_def_name(context, &name);
1371     if (ret)
1372 	return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str);
1373 
1374     ret = asprintf(str, "SCC:%s", name);
1375     free(name);
1376     if (ret < 0 || *str == NULL) {
1377 	krb5_set_error_message(context, ENOMEM,
1378 			       N_("malloc: out of memory", ""));
1379 	return ENOMEM;
1380     }
1381     return 0;
1382 }
1383 
1384 static krb5_error_code KRB5_CALLCONV
scc_set_default(krb5_context context,krb5_ccache id)1385 scc_set_default(krb5_context context, krb5_ccache id)
1386 {
1387     krb5_scache *s = SCACHE(id);
1388     krb5_error_code ret;
1389 
1390     if (s->cid == SCACHE_INVALID_CID) {
1391 	krb5_set_error_message(context, KRB5_CC_IO,
1392 			       N_("Trying to set a invalid cache "
1393 				  "as default %s", ""),
1394 			       s->name);
1395 	return KRB5_CC_IO;
1396     }
1397 
1398     ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
1399     if (ret) {
1400 	sqlite3_reset(s->umaster);
1401 	krb5_set_error_message(context, KRB5_CC_IO,
1402 			       N_("Failed to set name of default cache", ""));
1403 	return KRB5_CC_IO;
1404     }
1405 
1406     do {
1407 	ret = sqlite3_step(s->umaster);
1408     } while (ret == SQLITE_ROW);
1409     sqlite3_reset(s->umaster);
1410     if (ret != SQLITE_DONE) {
1411 	krb5_set_error_message(context, KRB5_CC_IO,
1412 			       N_("Failed to update default cache", ""));
1413 	return KRB5_CC_IO;
1414     }
1415 
1416     return 0;
1417 }
1418 
1419 /**
1420  * Variable containing the SCC based credential cache implemention.
1421  *
1422  * @ingroup krb5_ccache
1423  */
1424 
1425 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = {
1426     KRB5_CC_OPS_VERSION,
1427     "SCC",
1428     scc_get_name,
1429     scc_resolve,
1430     scc_gen_new,
1431     scc_initialize,
1432     scc_destroy,
1433     scc_close,
1434     scc_store_cred,
1435     NULL, /* scc_retrieve */
1436     scc_get_principal,
1437     scc_get_first,
1438     scc_get_next,
1439     scc_end_get,
1440     scc_remove_cred,
1441     scc_set_flags,
1442     NULL,
1443     scc_get_cache_first,
1444     scc_get_cache_next,
1445     scc_end_cache_get,
1446     scc_move,
1447     scc_get_default_name,
1448     scc_set_default
1449 };
1450 
1451 #endif
1452